diff --git a/lang/python/pillow/Makefile b/lang/python/pillow/Makefile index 157575cca..bcf793697 100644 --- a/lang/python/pillow/Makefile +++ b/lang/python/pillow/Makefile @@ -7,11 +7,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=pillow -PKG_VERSION:=9.4.0 +PKG_VERSION:=9.5.0 PKG_RELEASE:=1 PYPI_NAME:=Pillow -PKG_HASH:=a1c2d7780448eb93fbcc3789bf3916aa5720d942e37945f4056680317f1cd23e +PKG_HASH:=bf548479d336726d7a0eceb6e767e179fbde37833ae42794602631a070d630f1 PKG_MAINTAINER:=Alexandru Ardelean PKG_LICENSE:=HPND diff --git a/lang/python/python-pytz/Makefile b/lang/python/python-pytz/Makefile index a39428a8e..62c1b3a2c 100644 --- a/lang/python/python-pytz/Makefile +++ b/lang/python/python-pytz/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-pytz -PKG_VERSION:=2022.7.1 +PKG_VERSION:=2023.3 PKG_RELEASE:=1 PYPI_NAME:=pytz -PKG_HASH:=01a0681c4b9684a28304615eba55d1ab31ae00bf68ec157ec3708a8182dbbcd0 +PKG_HASH:=1d8ce29db189191fb55338ee6d0387d82ab59f3d00eac103412d64e0ebd0c588 PKG_MAINTAINER:=Alexandru Ardelean PKG_LICENSE:=MIT diff --git a/libs/afalg_engine/Config.in b/libs/afalg_engine/Config.in index ed67f5203..a81a892e9 100644 --- a/libs/afalg_engine/Config.in +++ b/libs/afalg_engine/Config.in @@ -9,19 +9,6 @@ if PACKAGE_libopenssl-afalg_sync This increases memory usage, and has problems when process fork with open digest contexts (openssh will not work because of it). - config AFALG_FALLBACK - bool "Enable software fallback feature" - default y - help - Use software to fulfill small requests. Using AF_ALG adds latency, - which makes it slow to perform small requests. Enabling this - option overcomes this problem, at the cost of increased memory - and CPU usage. This is a new, experimental feature; if you - encounter any problem, this is the first option to disable. - The fallback will fail if you enable this engine alongside - devcrypto, so you'll not be able to install both at the same - time if this option is enabled. - config AFALG_UPDATE_CTR_IV bool "Don't rely on kernel to update CTR IV" default y diff --git a/libs/afalg_engine/Makefile b/libs/afalg_engine/Makefile index 2dc5af7a1..a227c079f 100644 --- a/libs/afalg_engine/Makefile +++ b/libs/afalg_engine/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=afalg_engine PKG_VERSION:=1.2.0-beta.1 -PKG_RELEASE:=$(AUTORELEASE) +PKG_RELEASE:=5 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/cotequeiroz/afalg_engine/archive/v$(PKG_VERSION) @@ -25,7 +25,7 @@ PKG_CONFIG_DEPENDS:= \ include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/cmake.mk -include $(INCLUDE_DIR)/openssl-engine.mk +include $(INCLUDE_DIR)/openssl-module.mk $(eval $(call Package/openssl/add-engine,afalg,libopenssl-afalg_sync)) define Package/libopenssl-afalg_sync @@ -33,7 +33,7 @@ define Package/libopenssl-afalg_sync TITLE:=AF_ALG engine using sync crypto API URL:=https://github.com/cotequeiroz/afalg_engine DEPENDS += @!OPENSSL_ENGINE_BUILTIN_AFALG +kmod-crypto-user - CONFLICTS:=libopenssl-afalg $(if $(CONFIG_AFALG_FALLBACK),libopenssl-devcrypto) + CONFLICTS:=libopenssl-afalg MENU:=1 endef @@ -54,7 +54,6 @@ endef CMAKE_OPTIONS += \ -DOPENSSL_ENGINES_DIR=/usr/lib/$(ENGINES_DIR) \ -DDIGESTS=$(if $(CONFIG_AFALG_DIGESTS),ON,OFF) \ - -DFALLBACK=$(if $(CONFIG_AFALG_FALLBACK),ON,OFF) \ -DUPDATE_CTR_IV=$(if $(CONFIG_AFALG_UPDATE_CTR_IV),ON,OFF) \ -DUSE_ZERO_COPY=$(if $(CONFIG_AFALG_ZERO_COPY),ON,OFF) diff --git a/libs/afalg_engine/files/afalg.cnf b/libs/afalg_engine/files/afalg.cnf index f17338b88..82f0cfadf 100644 --- a/libs/afalg_engine/files/afalg.cnf +++ b/libs/afalg_engine/files/afalg.cnf @@ -1,4 +1,4 @@ -[afalg] +[afalg_sect] # Leave this alone and configure algorithms with CIPERS/DIGESTS below default_algorithms = ALL diff --git a/libs/gost_engine/Makefile b/libs/gost_engine/Makefile index 94f6c990e..d15a36f39 100644 --- a/libs/gost_engine/Makefile +++ b/libs/gost_engine/Makefile @@ -1,19 +1,12 @@ include $(TOPDIR)/rules.mk -include $(INCLUDE_DIR)/openssl-engine.mk +include $(INCLUDE_DIR)/openssl-module.mk PKG_NAME:=gost_engine -ifeq ($(ENGINES_DIR),engines-1.1) - PKG_VERSION:=1.1.0.3 - PKG_HASH:=fff725052e82c9adb5b738729b30141f61ac91fa457a4f4b5de18b8b24092f75 - PKG_LICENSE:=OpenSSL - PATCH_DIR=./patches-1.1 -else - PKG_VERSION:=3.0.1 - PKG_HASH:=bfeac85883724cfbe0ecc6d942ac0524b908143e019ab3d3b6abe47a3466a628 - PKG_LICENSE:=Apache-2.0 - PATCH_DIR=./patches-3 -endif -PKG_RELEASE:=7 +PKG_VERSION:=3.0.1 +PKG_HASH:=bfeac85883724cfbe0ecc6d942ac0524b908143e019ab3d3b6abe47a3466a628 +PKG_LICENSE:=Apache-2.0 +PATCH_DIR=./patches-3 +PKG_RELEASE:=8 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/gost-engine/engine/archive/v$(PKG_VERSION) diff --git a/libs/gost_engine/files/gost.cnf b/libs/gost_engine/files/gost.cnf index 84a707c93..8980c5289 100644 --- a/libs/gost_engine/files/gost.cnf +++ b/libs/gost_engine/files/gost.cnf @@ -1,4 +1,4 @@ -[gost] +[gost_sect] default_algorithms = ALL # CRYPT_PARAMS: OID of default GOST 28147-89 parameters It allows the # user to choose between different parameter sets of symmetric cipher diff --git a/libs/openblas/Makefile b/libs/openblas/Makefile index 83d7d7099..389478858 100644 --- a/libs/openblas/Makefile +++ b/libs/openblas/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=OpenBLAS -PKG_VERSION:=0.3.21 -PKG_RELEASE:=2 +PKG_VERSION:=0.3.23 +PKG_RELEASE:=1 PKG_SOURCE:=OpenBLAS-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/xianyi/OpenBLAS/releases/download/v$(PKG_VERSION)/ -PKG_HASH:=f36ba3d7a60e7c8bcc54cd9aaa9b1223dd42eaf02c811791c37e8ca707c241ca +PKG_HASH:=5d9491d07168a5d00116cdc068a40022c3455bf9293c7cb86a65b1054d7e5114 PKG_LICENSE:=BSD 3-Clause PKG_MAINTAINER:=Alexandru Ardelean @@ -27,6 +27,7 @@ define Package/openblas DEPENDS:= \ @!arc \ @!powerpc \ + @!SOFT_FLOAT \ +INSTALL_GFORTRAN:libgfortran endef diff --git a/net/banip/Makefile b/net/banip/Makefile index 65fa9e270..d2e54a2ad 100644 --- a/net/banip/Makefile +++ b/net/banip/Makefile @@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=banip -PKG_VERSION:=0.8.2 -PKG_RELEASE:=6 +PKG_VERSION:=0.8.3 +PKG_RELEASE:=1 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/banip/files/README.md b/net/banip/files/README.md index f4502816b..f4116889b 100644 --- a/net/banip/files/README.md +++ b/net/banip/files/README.md @@ -75,7 +75,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre * Provides a set search engine for certain IPs * Feed parsing by fast & flexible regex rulesets * Minimal status & error logging to syslog, enable debug logging to receive more output -* Procd based init system support (start/stop/restart/reload/status/report/search/survey) +* Procd based init system support (start/stop/restart/reload/status/report/search/survey/lookup) * Procd network interface trigger support * Ability to add new banIP feeds on your own @@ -114,6 +114,7 @@ Available commands: report [text|json|mail] Print banIP related set statistics search [|] Check if an element exists in a banIP set survey [] List all elements of a given banIP set + lookup Lookup the IPs of domain names in the local lists and update them running Check if service is running status Service status trace Start with syscall trace @@ -226,18 +227,16 @@ Available commands: ~# /etc/init.d/banip status ::: banIP runtime information + status : active (nft: ✔, monitor: ✔) - + version : 0.8.2-2 - + element_count : 211397 - + active_feeds : allowlistvMAC, allowlistv4, allowlistv6, adawayv4, adawayv6, adguardv4, adguardtrackersv4, adguardv6, adguardtrackersv - 6, antipopadsv4, antipopadsv6, cinsscorev4, countryv6, countryv4, deblv4, deblv6, dohv4, dohv6, firehol1v4, oisdsmallv - 6, oisdsmallv4, stevenblackv6, stevenblackv4, webclientv4, blocklistvMAC, blocklistv4, blocklistv6 - + active_devices : eth2 ::: wan, wan6 - + active_subnets : 91.64.148.211/24, 2b02:710c:0:80:e442:4b0c:637d:1d33/128 + + version : 0.8.3-1 + + element_count : 281161 + + active_feeds : allowlistvMAC, allowlistv6, allowlistv4, adawayv4, adguardtrackersv4, adawayv6, adguardv6, adguardv4, adguardtrackersv6, antipopadsv6, antipopadsv4, cinsscorev4, deblv4, countryv6, countryv4, deblv6, dohv4, dohv6, iblockadsv4, firehol1v4, oisdbigv4, yoyov6, threatviewv4, yoyov4, oisdbigv6, blocklistvMAC, blocklistv4, blocklistv6 + + active_devices : br-wan ::: wan, wan6 + + active_subnets : 91.64.169.252/24, 2a02:710c:0:60:958b:3bd0:9e14:abb/128 + nft_info : priority: -200, policy: memory, loglevel: warn, expiry: - + run_info : base: /mnt/data/banIP, backup: /mnt/data/banIP/backup, report: /mnt/data/banIP/report, feed: /etc/banip/banip.feeds + run_flags : auto: ✔, proto (4/6): ✔/✔, log (wan-inp/wan-fwd/lan-fwd): ✔/✔/✔, dedup: ✔, split: ✘, allowed only: ✘ - + last_run : action: restart, duration: 0m 55s, date: 2023-03-10 19:33:08 - + system_info : cores: 2, memory: 1830, device: Turris Omnia, OpenWrt SNAPSHOT r22248-bf055fcdca + + last_run : action: reload, duration: 1m 0s, date: 2023-04-06 12:34:10 + + system_info : cores: 4, memory: 1822, device: Bananapi BPI-R3, OpenWrt SNAPSHOT r22498-75f7e2d10b ``` **banIP search information** @@ -288,15 +287,22 @@ list ban_logterm 'SecurityEvent=\"InvalidAccountID\".*RemoteAddress=' **allow-/blocklist handling** banIP supports local allow and block lists (IPv4, IPv6, CIDR notation or domain names), located in /etc/banip/banip.allowlist and /etc/banip/banip.blocklist. Unsuccessful login attempts or suspicious requests will be tracked and added to the local blocklist (see the 'ban\_autoblocklist' option). The blocklist behaviour can be further tweaked with the 'ban\_nftexpiry' option. -Furthermore the uplink subnet will be added to local allowlist (see 'ban\_autowallowlist' option). -Both lists also accept domain names as input to allow IP filtering based on these names. The corresponding IPs (IPv4 & IPv6) will be extracted in a detached background process and added to the sets. +Furthermore the uplink subnet will be added to local allowlist (see 'ban\_autoallowlist' option). +Both lists also accept domain names as input to allow IP filtering based on these names. The corresponding IPs (IPv4 & IPv6) will be extracted and added to the sets. You can also start the domain lookup separately via /etc/init.d/banip lookup at any time. **allowlist-only mode** banIP supports an "allowlist only" mode. This option restricts the internet access from/to a small number of secure websites/IPs, and block access from/to the rest of the internet. All IPs and Domains which are _not_ listed in the allowlist are blocked. -**redirect Asterisk security logs to lodg/logread** +**redirect Asterisk security logs to lodg/logread** banIP only supports logfile scanning via logread, so to monitor attacks on Asterisk, its security log must be available via logread. To do this, edit '/etc/asterisk/logger.conf' and add the line 'syslog.local0 = security', then run 'asterisk -rx reload logger' to update the running Asterisk configuration. +**send status E-Mails and update the banIP lists via cron job** +For a regular, automatic status mailing and update of the used lists on a daily basis set up a cron job, e.g. +``` +55 03 * * * /etc/init.d/banip report mail +00 04 * * * /etc/init.d/banip reload +``` + **tweaks for low memory systems** nftables supports the atomic loading of rules/sets/members, which is cool but unfortunately is also very memory intensive. To reduce the memory pressure on low memory systems (i.e. those with 256-512Mb RAM), you should optimize your configuration with the following options: diff --git a/net/banip/files/banip-functions.sh b/net/banip/files/banip-functions.sh index a5049aa8b..991d1147e 100644 --- a/net/banip/files/banip-functions.sh +++ b/net/banip/files/banip-functions.sh @@ -78,6 +78,7 @@ ban_debug="0" f_system() { local cpu core + [ -z "${ban_dev}" ] && ban_cores="$(uci_get banip global ban_cores)" ban_memory="$("${ban_awkcmd}" '/^MemAvailable/{printf "%s",int($2/1000)}' "/proc/meminfo" 2>/dev/null)" ban_ver="$(${ban_ubuscmd} -S call rpc-sys packagelist '{ "all": true }' 2>/dev/null | jsonfilter -ql1 -e '@.packages.banip')" ban_sysver="$(${ban_ubuscmd} -S call system board 2>/dev/null | jsonfilter -ql1 -e '@.model' -e '@.release.description' | @@ -426,7 +427,7 @@ f_getsub() { f_getelements() { local file="${1}" - [ -s "${file}" ] && printf "%s" "elements={ $(cat "${file}") };" + [ -s "${file}" ] && printf "%s" "elements={ $(cat "${file}" 2>/dev/null) };" } # build initial nft file with base table, chains and rules @@ -975,8 +976,6 @@ f_getstatus() { done json_select ".." fi - value="$(printf "%s" "${value}" | - awk '{NR=1;max=118;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{printf"%-24s%s\n","",substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')" printf " + %-17s : %s\n" "${key}" "${value:-"-"}" done else @@ -987,7 +986,7 @@ f_getstatus() { # domain lookup # f_lookup() { - local cnt list domain lookup ip start_time end_time duration cnt_domain="0" cnt_ip="0" feed="${1}" + local cnt list domain lookup ip elementsv4 elementsv6 start_time end_time duration cnt_domain="0" cnt_ip="0" feed="${1}" start_time="$(date "+%s")" if [ "${feed}" = "allowlist" ]; then @@ -1004,32 +1003,36 @@ f_lookup() { else if { [ "${feed}" = "allowlist" ] && ! "${ban_grepcmd}" -q "^${ip}" "${ban_allowlist}"; } || { [ "${feed}" = "blocklist" ] && ! "${ban_grepcmd}" -q "^${ip}" "${ban_blocklist}"; }; then - cnt_ip="$((cnt_ip + 1))" if [ "${ip##*:}" = "${ip}" ]; then - if ! "${ban_nftcmd}" add element inet banIP "${feed}v4" "{ ${ip} }" >/dev/null 2>&1; then - f_log "info" "failed to add IP '${ip}' (${domain}) to ${feed}v4 set" - continue - fi + elementsv4="${elementsv4} ${ip}," else - if ! "${ban_nftcmd}" add element inet banIP "${feed}v6" "{ ${ip} }" >/dev/null 2>&1; then - f_log "info" "failed to add IP '${ip}' (${domain}) to ${feed}v6 set" - continue - fi + elementsv6="${elementsv6} ${ip}," fi if [ "${feed}" = "allowlist" ] && [ "${ban_autoallowlist}" = "1" ]; then printf "%-42s%s\n" "${ip}" "# '${domain}' added on $(date "+%Y-%m-%d %H:%M:%S")" >>"${ban_allowlist}" elif [ "${feed}" = "blocklist" ] && [ "${ban_autoblocklist}" = "1" ]; then printf "%-42s%s\n" "${ip}" "# '${domain}' added on $(date "+%Y-%m-%d %H:%M:%S")" >>"${ban_blocklist}" fi + cnt_ip="$((cnt_ip + 1))" fi fi done cnt_domain="$((cnt_domain + 1))" done + if [ -n "${elementsv4}" ]; then + if ! "${ban_nftcmd}" add element inet banIP "${feed}v4" "{ ${elementsv4} }" >/dev/null 2>&1; then + f_log "info" "failed to add lookup file to ${feed}v4 set" + fi + fi + if [ -n "${elementsv6}" ]; then + if ! "${ban_nftcmd}" add element inet banIP "${feed}v6" "{ ${elementsv6} }" >/dev/null 2>&1; then + f_log "info" "failed to add lookup file to ${feed}v6 set" + fi + fi end_time="$(date "+%s")" duration="$(((end_time - start_time) / 60))m $(((end_time - start_time) % 60))s" - f_log "debug" "f_lookup ::: name: ${feed}, cnt_domain: ${cnt_domain}, cnt_ip: ${cnt_ip}, duration: ${duration}" + f_log "info" "Lookup summary for the local ${feed}: Domains processed: ${cnt_domain}, IPs added: ${cnt_ip}, Duration: ${duration}" } # table statistics @@ -1198,7 +1201,7 @@ f_report() { # set search # f_search() { - local table_sets ip proto run_search search="${1}" + local set table_sets ip proto run_search hold cnt search="${1}" if [ -n "${search}" ]; then ip="$(printf "%s" "${search}" | "${ban_awkcmd}" 'BEGIN{RS="(([0-9]{1,3}\\.){3}[0-9]{1,3})+"}{printf "%s",RT}')" @@ -1215,14 +1218,15 @@ f_search() { return fi printf "%s\n%s\n%s\n" ":::" "::: banIP Search" ":::" - printf "%s\n" " Looking for IP '${ip}' on $(date "+%Y-%m-%d %H:%M:%S")" - printf "%s\n" " ---" + printf " %s\n" "Looking for IP '${ip}' on $(date "+%Y-%m-%d %H:%M:%S")" + printf " %s\n" "---" cnt="1" run_search="/var/run/banIP.search" for set in ${table_sets}; do + [ -f "${run_search}" ] && break ( if "${ban_nftcmd}" get element inet banIP "${set}" "{ ${ip} }" >/dev/null 2>&1; then - printf "%s\n" " IP found in Set '${set}'" + printf " %s\n" "IP found in Set '${set}'" : >"${run_search}" fi ) & @@ -1231,11 +1235,8 @@ f_search() { cnt="$((cnt + 1))" done wait - if [ ! -f "${run_search}" ]; then - printf "%s\n" " IP not found" - else - rm -f "${run_search}" - fi + [ ! -f "${run_search}" ] && printf " %s\n" "IP not found" + rm -f "${run_search}" } # set survey @@ -1243,16 +1244,15 @@ f_search() { f_survey() { local set_elements set="${1}" - [ -n "${set}" ] && set_elements="$("${ban_nftcmd}" -j list set inet banIP "${set}" 2>/dev/null | jsonfilter -qe '@.nftables[*].set.elem[*]')" - - if [ -z "${set}" ] || [ -z "${set_elements}" ]; then + if [ -z "${set}" ]; then printf "%s\n%s\n%s\n" ":::" "::: no valid survey input" ":::" return fi + [ -n "${set}" ] && set_elements="$("${ban_nftcmd}" -j list set inet banIP "${set}" 2>/dev/null | jsonfilter -qe '@.nftables[*].set.elem[*]')" printf "%s\n%s\n%s\n" ":::" "::: banIP Survey" ":::" - printf "%s\n" " List the elements of Set '${set}' on $(date "+%Y-%m-%d %H:%M:%S")" - printf "%s\n" " ---" - printf "%s\n" "${set_elements}" + printf " %s\n" "List the elements of Set '${set}' on $(date "+%Y-%m-%d %H:%M:%S")" + printf " %s\n" "---" + [ -n "${set_elements}" ] && printf "%s\n" "${set_elements}" || printf " %s\n" "empty set" } # send status mails diff --git a/net/banip/files/banip-service.sh b/net/banip/files/banip-service.sh index e753a8810..10f0b9747 100755 --- a/net/banip/files/banip-service.sh +++ b/net/banip/files/banip-service.sh @@ -124,21 +124,25 @@ for feed in allowlist ${ban_feed} blocklist; do fi done wait - -# start background domain lookup -# -f_log "info" "start detached banIP domain lookup" -(f_lookup "allowlist") & -hold="$((cnt % ban_cores))" -[ "${hold}" = "0" ] && wait -(f_lookup "blocklist") & - -# end processing -# f_rmset f_rmdir "${ban_tmpdir}" f_genstatus "active" f_log "info" "finished banIP download processes" + +# start domain lookup +# +f_log "info" "start banIP domain lookup" +cnt="1" +for list in allowlist blocklist; do + (f_lookup "${list}") & + hold="$((cnt % ban_cores))" + [ "${hold}" = "0" ] && wait + cnt="$((cnt + 1))" +done +wait + +# end processing +# if [ "${ban_mailnotification}" = "1" ] && [ -n "${ban_mailreceiver}" ] && [ -x "${ban_mailcmd}" ]; then ( sleep ${ban_triggerdelay} diff --git a/net/banip/files/banip.init b/net/banip/files/banip.init index d8faafdaa..6822a1bcb 100755 --- a/net/banip/files/banip.init +++ b/net/banip/files/banip.init @@ -12,6 +12,7 @@ USE_PROCD=1 extra_command "report" "[text|json|mail] Print banIP related set statistics" extra_command "search" "[|] Check if an element exists in a banIP set" extra_command "survey" "[] List all elements of a given banIP set" +extra_command "lookup" "Lookup the IPs of domain names in the local lists and update them" ban_init="/etc/init.d/banip" ban_service="/usr/bin/banip-service.sh" @@ -20,10 +21,10 @@ ban_pidfile="/var/run/banip.pid" ban_lock="/var/run/banip.lock" [ "${action}" = "boot" ] && /etc/init.d/banip running && exit 0 -[ "${action}" = "stop" ] && ! /etc/init.d/banip running && exit 0 -[ ! -r "${ban_funlib}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "stop" ] || [ "${action}" = "report" ] || [ "${action}" = "search" ] || [ "${action}" = "survey" ] || [ "${action}" = "status" ]; } && exit 1 -[ -d "${ban_lock}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ]; } && exit 1 -[ ! -d "${ban_lock}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ]; } && mkdir -p "${ban_lock}" +{ [ "${action}" = "stop" ] || [ "${action}" = "lookup" ]; } && ! /etc/init.d/banip running && exit 0 +[ ! -r "${ban_funlib}" ] && [ "${action}" != "boot" ] && exit 1 +[ -d "${ban_lock}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "lookup" ]; } && exit 1 +[ ! -d "${ban_lock}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "lookup" ]; } && mkdir -p "${ban_lock}" boot() { : >"${ban_pidfile}" @@ -61,7 +62,7 @@ stop_service() { "${ban_nftcmd}" delete table inet banIP >/dev/null 2>&1 f_genstatus "stopped" f_rmpid - rm -rf "${ban_lock}" + [ "${action}" = "stop" ] && rm -rf "${ban_lock}" } restart() { @@ -74,10 +75,8 @@ status() { } status_service() { - local actual="${1}" - [ -z "$(command -v "f_system")" ] && . "${ban_funlib}" - [ -n "${actual}" ] && f_actual || f_getstatus + f_getstatus } report() { @@ -95,6 +94,20 @@ survey() { f_survey "${1}" } +lookup() { + local list hold cnt="1" + + [ -z "$(command -v "f_system")" ] && . "${ban_funlib}" + for list in allowlist blocklist; do + (f_lookup "${list}") & + hold="$((cnt % ban_cores))" + [ "${hold}" = "0" ] && wait + cnt="$((cnt + 1))" + done + wait + rm -rf "${ban_lock}" +} + service_triggers() { local iface trigger trigger_action delay diff --git a/net/banip/files/banip.tpl b/net/banip/files/banip.tpl index 0474eb344..f6bd5214c 100644 --- a/net/banip/files/banip.tpl +++ b/net/banip/files/banip.tpl @@ -6,7 +6,7 @@ # local banip_info report_info log_info system_info mail_text -banip_info="$(/etc/init.d/banip status 2>/dev/null)" +banip_info="$(/etc/init.d/banip status 2>/dev/null | awk '{NR=1;max=140;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{print substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')" report_info="$(cat ${ban_reportdir}/ban_report.txt 2>/dev/null)" log_info="$("${ban_logreadcmd}" -l 100 -e "banIP/" 2>/dev/null | awk '{NR=1;max=140;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{print substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')" system_info="$( @@ -14,11 +14,17 @@ system_info="$( ubus call system board | awk 'BEGIN{FS="[{}\"]"}{if($2=="kernel"||$2=="hostname"||$2=="system"||$2=="model"||$2=="description")printf " + %-12s: %s\n",$2,$4}' )" -# mail body +# content header # mail_text="$(printf "%s\n" "
")"
+
+# content body
+#
 mail_text="$(printf "%s\n" "${mail_text}\n++\n++ System Information ++\n++\n${system_info:-"-"}")"
 mail_text="$(printf "%s\n" "${mail_text}\n\n++\n++ banIP Status ++\n++\n${banip_info:-"-"}")"
-mail_text="$(printf "%s\n" "${mail_text}\n\n++\n++ banIP Report ++\n++\n${report_info:-"-"}")"
-mail_text="$(printf "%s\n" "${mail_text}\n\n++\n++ Logfile Information ++\n++\n${log_info}")"
+[ -n "${report_info}" ] && mail_text="$(printf "%s\n" "${mail_text}\n\n++\n++ banIP Report ++\n++\n${report_info}")"
+[ -n "${log_info}" ] && mail_text="$(printf "%s\n" "${mail_text}\n\n++\n++ Logfile Information ++\n++\n${log_info}")"
+
+# content footer
+#
 mail_text="$(printf "%s\n" "${mail_text}
")" diff --git a/net/dnsproxy/Makefile b/net/dnsproxy/Makefile index 3ff8f834a..2e5724ed9 100644 --- a/net/dnsproxy/Makefile +++ b/net/dnsproxy/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsproxy -PKG_VERSION:=0.48.2 +PKG_VERSION:=0.48.3 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/AdguardTeam/dnsproxy/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=fd385b3414e616aef5d96b7b007d5fc4fd21b73d6bc097811508e9ddb9b3f4cb +PKG_HASH:=bc5f5e6d812293c13b7b6d42eae72a82231d9f332af1d2947c37dbdbf663abf3 PKG_MAINTAINER:=Tianling Shen PKG_LICENSE:=Apache-2.0 diff --git a/net/isc-dhcp/Makefile b/net/isc-dhcp/Makefile index e13c8c8a0..b326d48a0 100644 --- a/net/isc-dhcp/Makefile +++ b/net/isc-dhcp/Makefile @@ -9,8 +9,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=isc-dhcp UPSTREAM_NAME:=dhcp -PKG_VERSION:=4.4.3 -PKG_RELEASE:=7 +PKG_VERSION:=4.4.3-P1 +PKG_RELEASE:=1 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE @@ -21,7 +21,7 @@ PKG_SOURCE:=$(UPSTREAM_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=ftp://ftp.isc.org/isc/dhcp/$(PKG_VERSION) \ http://ftp.funet.fi/pub/mirrors/ftp.isc.org/isc/dhcp/$(PKG_VERSION) \ http://ftp.iij.ad.jp/pub/network/isc/dhcp/$(PKG_VERSION) -PKG_HASH:=0e3ec6b4c2a05ec0148874bcd999a66d05518378d77421f607fb0bc9d0135818 +PKG_HASH:=0ac416bb55997ca8632174fd10737fd61cdb8dba2752160a335775bc21dc73c7 PKG_FIXUP:=autoreconf PKG_BUILD_PARALLEL:=1 @@ -132,18 +132,10 @@ $(call Package/isc-dhcp-server/description) This package is compiled with IPv4 and IPv6 support. endef -define Package/isc-dhcp-dyndns-ipv4 +define Package/isc-dhcp-dyndns $(call Package/isc-dhcp/Default) TITLE+= server dynamic DNS dependencies (meta) - DEPENDS+=isc-dhcp-server-ipv4 +bind-server +bind-client - VARIANT:=ipv4 -endef - -define Package/isc-dhcp-dyndns-ipv6 - $(call Package/isc-dhcp/Default) - TITLE+= server dynamic DNS dependencies (meta) - DEPENDS+=isc-dhcp-server-ipv6 +bind-server +bind-client - VARIANT:=ipv6 + DEPENDS+=@(PACKAGE_isc-dhcp-server-ipv4||PACKAGE_isc-dhcp-server-ipv6) +bind-server +bind-client endef define Package/isc-dhcp-dyndns/description @@ -151,16 +143,6 @@ define Package/isc-dhcp-dyndns/description Bootstrap Protocol (BOOTP). endef -define Package/isc-dhcp-dyndns-ipv4/description -$(call Package/isc-dhcp-dyndns/description) - This package is compiled with IPv4 support only. -endef - -define Package/isc-dhcp-dyndns-ipv6/description -$(call Package/isc-dhcp-dyndns/description) - This package is compiled with IPv4 and IPv6 support. -endef - define Package/isc-dhcp-omshell-ipv4 $(call Package/isc-dhcp/Default) DEPENDS:= +isc-dhcp-server-ipv4 @@ -257,7 +239,7 @@ define Package/isc-dhcp-server-ipv6/conffiles /etc/dhcpd6.conf endef -define Package/isc-dhcp-dyndns-$(BUILD_VARIANT)/install +define Package/isc-dhcp-dyndns/install : endef @@ -285,11 +267,10 @@ endef $(eval $(call BuildPackage,isc-dhcp-relay-ipv4)) $(eval $(call BuildPackage,isc-dhcp-server-ipv4)) -$(eval $(call BuildPackage,isc-dhcp-dyndns-ipv4)) +$(eval $(call BuildPackage,isc-dhcp-dyndns)) $(eval $(call BuildPackage,isc-dhcp-client-ipv4)) $(eval $(call BuildPackage,isc-dhcp-omshell-ipv4)) $(eval $(call BuildPackage,isc-dhcp-relay-ipv6)) $(eval $(call BuildPackage,isc-dhcp-server-ipv6)) -$(eval $(call BuildPackage,isc-dhcp-dyndns-ipv6)) $(eval $(call BuildPackage,isc-dhcp-client-ipv6)) $(eval $(call BuildPackage,isc-dhcp-omshell-ipv6)) diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile index 3bac8210c..7f0e0c960 100644 --- a/net/strongswan/Makefile +++ b/net/strongswan/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=strongswan PKG_VERSION:=5.9.10 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/ @@ -130,7 +130,16 @@ define Package/strongswan $(call Package/strongswan/Default) MENU:=1 DEPENDS:= +libpthread +ip \ + +kmod-crypto-aead \ +kmod-crypto-authenc \ + +kmod-crypto-cbc \ + +kmod-lib-zlib-inflate \ + +kmod-lib-zlib-deflate \ + +kmod-crypto-des \ + +kmod-crypto-echainiv \ + +kmod-crypto-hmac \ + +kmod-crypto-md5 \ + +kmod-crypto-sha1 \ +kmod-ipsec +kmod-ipsec4 +IPV6:kmod-ipsec6 endef diff --git a/net/tinyproxy/Makefile b/net/tinyproxy/Makefile index 89a4bd0c9..b1ac9cf19 100644 --- a/net/tinyproxy/Makefile +++ b/net/tinyproxy/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tinyproxy -PKG_VERSION:=1.10.0 +PKG_VERSION:=1.11.1 PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://github.com/tinyproxy/tinyproxy/releases/download/$(PKG_VERSION) -PKG_HASH:=59be87689c415ba0d9c9bc6babbdd3df3b372d60b21e526b118d722dbc995682 +PKG_HASH:=d66388448215d0aeb90d0afdd58ed00386fb81abc23ebac9d80e194fceb40f7c PKG_MAINTAINER:=Jo-Philipp Wich PKG_LICENSE:=GPL-2.0-or-later diff --git a/net/tinyproxy/files/tinyproxy.config b/net/tinyproxy/files/tinyproxy.config index ac7b46ff0..e62ce1cf0 100644 --- a/net/tinyproxy/files/tinyproxy.config +++ b/net/tinyproxy/files/tinyproxy.config @@ -63,6 +63,13 @@ option DefaultErrorFile "/usr/share/tinyproxy/default.html" # option StatFile "/usr/share/tinyproxy/stats.html" +# +# BasicAuth: Tinyproxy server operators may want to not run an "open" proxy +# for the whole world, but rather limit usage to a smaller goup +# of users. They then put the line. +# +#option BasicAuth "username password" + # # Where to log the information. Either LogFile or Syslog should be set, # but not both. diff --git a/net/tinyproxy/files/tinyproxy.init b/net/tinyproxy/files/tinyproxy.init index 1feac669c..4afdae6aa 100644 --- a/net/tinyproxy/files/tinyproxy.init +++ b/net/tinyproxy/files/tinyproxy.init @@ -55,6 +55,14 @@ proxy_string() { } } +proxy_m_string() { + local SECTION=$1 + local OPTION=$2 + + config_get _value "$SECTION" "$OPTION" + [ -n "$_value" ] && echo "${ALIAS:-${OPTION}} ""$_value" +} + proxy_flag() { local SECTION=$1 local OPTION=$2 @@ -108,6 +116,8 @@ start_proxy() { proxy_string "$1" StatFile proxy_string "$1" LogFile + proxy_m_string "$1" BasicAuth + proxy_flag "$1" Syslog proxy_atom "$1" LogLevel diff --git a/net/tinyproxy/patches/120-fix_INET6.patch b/net/tinyproxy/patches/120-fix_INET6.patch index 3911c18f0..6281a4223 100644 --- a/net/tinyproxy/patches/120-fix_INET6.patch +++ b/net/tinyproxy/patches/120-fix_INET6.patch @@ -1,16 +1,15 @@ --- a/src/sock.c +++ b/src/sock.c -@@ -39,8 +39,7 @@ - * returned if the bind succeeded. Otherwise, -1 is returned +@@ -63,7 +63,7 @@ static const char * family_string (int a * to indicate an error. */ --static int + static int -bind_socket (int sockfd, const char *addr, int family) -+static int bind_socket (int sockfd, const char *addr) ++bind_socket (int sockfd, const char *addr) { struct addrinfo hints, *res, *ressave; - -@@ -48,7 +47,7 @@ bind_socket (int sockfd, const char *add + int n; +@@ -72,14 +72,14 @@ bind_socket (int sockfd, const char *add assert (addr != NULL && strlen (addr) != 0); memset (&hints, 0, sizeof (struct addrinfo)); @@ -18,8 +17,33 @@ + hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_STREAM; - /* The local port it not important */ -@@ -112,14 +111,12 @@ int opensock (const char *host, int port + /* The local port is not important */ + n = getaddrinfo (addr, NULL, &hints, &res); + if (n != 0) { + log_message (LOG_INFO, +- "bind_socket: getaddrinfo failed for %s: %s (af: %s)", addr, get_gai_error (n), family_string(family)); ++ "bind_socket: getaddrinfo failed for %s: %s", addr, get_gai_error (n)); + return -1; + } + +@@ -102,14 +102,14 @@ bind_socket (int sockfd, const char *add + * Try binding the given socket to supplied addresses, stopping when one succeeds. + */ + static int +-bind_socket_list (int sockfd, sblist *addresses, int family) ++bind_socket_list (int sockfd, sblist *addresses) + { + size_t nb_addresses = sblist_getsize(addresses); + size_t i; + + for (i = 0; i < nb_addresses; i++) { + const char *address = *(const char **)sblist_get(addresses, i); +- if (bind_socket(sockfd, address, family) >= 0) { ++ if (bind_socket(sockfd, address) >= 0) { + log_message(LOG_INFO, "Bound to %s", address); + return 0; + } +@@ -170,14 +170,12 @@ int opensock (const char *host, int port /* Bind to the specified address */ if (bind_to) { @@ -29,10 +53,10 @@ close (sockfd); continue; /* can't bind, so try again */ } - } else if (config.bind_address) { -- if (bind_socket (sockfd, config.bind_address, -- res->ai_family) < 0) { -+ if (bind_socket (sockfd, config.bind_address) < 0) { + } else if (config->bind_addrs) { +- if (bind_socket_list (sockfd, config->bind_addrs, +- res->ai_family) < 0) { ++ if (bind_socket_list (sockfd, config->bind_addrs) < 0) { close (sockfd); continue; /* can't bind, so try again */ } diff --git a/utils/coreutils/Makefile b/utils/coreutils/Makefile index d1af3ce96..dd1afd792 100644 --- a/utils/coreutils/Makefile +++ b/utils/coreutils/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=coreutils -PKG_VERSION:=9.1 +PKG_VERSION:=9.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@GNU/coreutils -PKG_HASH:=61a1f410d78ba7e7f37a5a4f50e6d1320aca33375484a3255eddf17a38580423 +PKG_HASH:=6885ff47b9cdb211de47d368c17853f406daaf98b148aaecdf10de29cc04b0b3 PKG_MAINTAINER:=Jo-Philipp Wich PKG_LICENSE:=GPL-3.0-or-later diff --git a/utils/coreutils/patches/001-no_docs_man_tests.patch b/utils/coreutils/patches/001-no_docs_man_tests.patch index e4feaf5cd..3c5bf2ec3 100644 --- a/utils/coreutils/patches/001-no_docs_man_tests.patch +++ b/utils/coreutils/patches/001-no_docs_man_tests.patch @@ -9,7 +9,7 @@ EXTRA_DIST = \ .mailmap \ -@@ -210,6 +210,3 @@ AM_CPPFLAGS = -Ilib -I$(top_srcdir)/lib +@@ -211,6 +211,3 @@ AM_CPPFLAGS = -Ilib -I$(top_srcdir)/lib include $(top_srcdir)/lib/local.mk include $(top_srcdir)/src/local.mk @@ -18,7 +18,7 @@ -include $(top_srcdir)/tests/local.mk --- a/Makefile.in +++ b/Makefile.in -@@ -4115,11 +4115,7 @@ RECURSIVE_TARGETS = all-recursive check- +@@ -4145,11 +4145,7 @@ RECURSIVE_TARGETS = all-recursive check- install-ps-recursive install-recursive installcheck-recursive \ installdirs-recursive pdf-recursive ps-recursive \ tags-recursive uninstall-recursive @@ -31,7 +31,7 @@ am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ -@@ -4369,10 +4365,10 @@ am__DIST_COMMON = $(doc_coreutils_TEXINF +@@ -4399,10 +4395,10 @@ am__DIST_COMMON = $(doc_coreutils_TEXINF $(top_srcdir)/build-aux/missing \ $(top_srcdir)/build-aux/test-driver \ $(top_srcdir)/build-aux/texinfo.tex \ @@ -46,25 +46,25 @@ $(top_srcdir)/tests/local.mk ABOUT-NLS AUTHORS COPYING \ ChangeLog INSTALL NEWS README THANKS TODO build-aux/compile \ build-aux/config.guess build-aux/config.rpath \ -@@ -4479,7 +4475,7 @@ EOVERFLOW_VALUE = @EOVERFLOW_VALUE@ - ERRNO_H = @ERRNO_H@ +@@ -4516,7 +4512,7 @@ ERROR_H = @ERROR_H@ ETAGS = @ETAGS@ + EUIDACCESS_LIBGEN = @EUIDACCESS_LIBGEN@ EXEEXT = @EXEEXT@ -EXTRA_MANS = @EXTRA_MANS@ +EXTRA_MANS = + FDATASYNC_LIB = @FDATASYNC_LIB@ + FILE_HAS_ACL_LIB = @FILE_HAS_ACL_LIB@ FLOAT_H = @FLOAT_H@ - FNMATCH_H = @FNMATCH_H@ - GETADDRINFO_LIB = @GETADDRINFO_LIB@ -@@ -6057,7 +6053,7 @@ libexecdir = @libexecdir@ - lispdir = @lispdir@ - localedir = @localedir@ +@@ -6171,7 +6167,7 @@ localedir_c_make = @localedir_c_make@ localstatedir = @localstatedir@ + localstatedir_c = @localstatedir_c@ + localstatedir_c_make = @localstatedir_c_make@ -man1_MANS = @man1_MANS@ +man1_MANS = mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -6080,7 +6076,7 @@ top_build_prefix = @top_build_prefix@ + mandir_c = @mandir_c@ + mandir_c_make = @mandir_c_make@ +@@ -6220,7 +6216,7 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ ALL_RECURSIVE_TARGETS = distcheck-hook check-root @@ -73,7 +73,7 @@ #if GNU_MAKE # [nicer features that work only with GNU Make] -@@ -8272,7 +8268,7 @@ all: $(BUILT_SOURCES) +@@ -8425,7 +8421,7 @@ all: $(BUILT_SOURCES) .SUFFIXES: .1 .c .dvi .log .o .obj .pl .pl$(EXEEXT) .ps .sh .sh$(EXEEXT) .trs .x .xpl .xpl$(EXEEXT) .y am--refresh: Makefile @: @@ -82,7 +82,7 @@ @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ -@@ -8294,7 +8290,7 @@ Makefile: $(srcdir)/Makefile.in $(top_bu +@@ -8447,7 +8443,7 @@ Makefile: $(srcdir)/Makefile.in $(top_bu echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles)'; \ cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles);; \ esac; diff --git a/utils/fio/Makefile b/utils/fio/Makefile index 622bfe49f..2569762c6 100644 --- a/utils/fio/Makefile +++ b/utils/fio/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fio -PKG_VERSION:=3.29 -PKG_RELEASE:=$(AUTORELEASE) +PKG_VERSION:=3.34 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=http://brick.kernel.dk/snaps -PKG_HASH:=acffb407d14e973321ada4cf234b2840a94fff7989350cfe62142daba79e6786 +PKG_HASH:=a5a28f19c701d4c8e04924bec1b85f6ac8c67fc8fe75968a5d6990e0b656a7a7 PKG_MAINTAINER:= PKG_LICENSE:=GPL-2.0-or-later diff --git a/utils/lxc/Makefile b/utils/lxc/Makefile index feafd092e..94b606afc 100644 --- a/utils/lxc/Makefile +++ b/utils/lxc/Makefile @@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lxc -PKG_VERSION:=5.0.1 -PKG_RELEASE:=4 +PKG_VERSION:=5.0.2 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://linuxcontainers.org/downloads/lxc/ -PKG_HASH:=d8195423bb1e206f8521d24b6cde4789f043960c7cf065990a9cf741dcfd4222 +PKG_HASH:=bea08d2e49efcee34fa58acd2bc95c0adc64d291c07f4cfaf4ac1d8ac5a36f45 PKG_MAINTAINER:=Marko Ratkaj PKG_LICENSE:=LGPL-2.1-or-later BSD-2-Clause GPL-2.0 diff --git a/utils/lxc/patches/001-build-detect-where-struct-mount_attr-is-declared.patch b/utils/lxc/patches/001-build-detect-where-struct-mount_attr-is-declared.patch deleted file mode 100644 index 89b52fc22..000000000 --- a/utils/lxc/patches/001-build-detect-where-struct-mount_attr-is-declared.patch +++ /dev/null @@ -1,173 +0,0 @@ -From c1115e1503bf955c97f4cf3b925a6a9f619764c3 Mon Sep 17 00:00:00 2001 -From: Christian Brauner -Date: Tue, 9 Aug 2022 16:14:25 +0200 -Subject: build: detect where struct mount_attr is declared - -Fixes: #4176 -Signed-off-by: Christian Brauner (Microsoft) ---- - meson.build | 30 ++++++++++++++++++++++++++++-- - src/lxc/conf.c | 6 +++--- - src/lxc/conf.h | 2 +- - src/lxc/mount_utils.c | 6 +++--- - src/lxc/syscall_wrappers.h | 12 ++++++++++-- - 5 files changed, 45 insertions(+), 11 deletions(-) - ---- a/meson.build -+++ b/meson.build -@@ -589,7 +589,6 @@ decl_headers = ''' - foreach decl: [ - '__aligned_u64', - 'struct clone_args', -- 'struct mount_attr', - 'struct open_how', - 'struct rtnl_link_stats64', - ] -@@ -609,7 +608,6 @@ foreach tuple: [ - ['struct seccomp_notif_sizes'], - ['struct clone_args'], - ['__aligned_u64'], -- ['struct mount_attr'], - ['struct open_how'], - ['struct rtnl_link_stats64'], - ] -@@ -629,6 +627,34 @@ foreach tuple: [ - endif - endforeach - -+## Types. -+decl_headers = ''' -+#include -+''' -+ -+# We get -1 if the size cannot be determined -+if cc.sizeof('struct mount_attr', prefix: decl_headers, args: '-D_GNU_SOURCE') > 0 -+ srcconf.set10('HAVE_' + 'struct mount_attr'.underscorify().to_upper(), true) -+ found_types += 'struct mount_attr (sys/mount.h)' -+else -+ srcconf.set10('HAVE_' + 'struct mount_attr'.underscorify().to_upper(), false) -+ missing_types += 'struct mount_attr (sys/mount.h)' -+endif -+ -+## Types. -+decl_headers = ''' -+#include -+''' -+ -+# We get -1 if the size cannot be determined -+if cc.sizeof('struct mount_attr', prefix: decl_headers, args: '-D_GNU_SOURCE') > 0 -+ srcconf.set10('HAVE_UAPI_' + 'struct mount_attr'.underscorify().to_upper(), true) -+ found_types += 'struct mount_attr (linux/mount.h)' -+else -+ srcconf.set10('HAVE_UAPI_' + 'struct mount_attr'.underscorify().to_upper(), false) -+ missing_types += 'struct mount_attr (linux/mount.h)' -+endif -+ - ## Headers. - foreach ident: [ - ['bpf', '''#include ---- a/src/lxc/conf.c -+++ b/src/lxc/conf.c -@@ -2885,7 +2885,7 @@ static int __lxc_idmapped_mounts_child(s - struct lxc_mount_options opts = {}; - int dfd_from; - const char *source_relative, *target_relative; -- struct lxc_mount_attr attr = {}; -+ struct mount_attr attr = {}; - - ret = parse_lxc_mount_attrs(&opts, mntent.mnt_opts); - if (ret < 0) -@@ -3005,7 +3005,7 @@ static int __lxc_idmapped_mounts_child(s - - /* Set propagation mount options. */ - if (opts.attr.propagation) { -- attr = (struct lxc_mount_attr) { -+ attr = (struct mount_attr) { - .propagation = opts.attr.propagation, - }; - -@@ -4109,7 +4109,7 @@ int lxc_idmapped_mounts_parent(struct lx - - for (;;) { - __do_close int fd_from = -EBADF, fd_userns = -EBADF; -- struct lxc_mount_attr attr = {}; -+ struct mount_attr attr = {}; - struct lxc_mount_options opts = {}; - ssize_t ret; - ---- a/src/lxc/conf.h -+++ b/src/lxc/conf.h -@@ -223,7 +223,7 @@ struct lxc_mount_options { - unsigned long mnt_flags; - unsigned long prop_flags; - char *data; -- struct lxc_mount_attr attr; -+ struct mount_attr attr; - char *raw_options; - }; - ---- a/src/lxc/mount_utils.c -+++ b/src/lxc/mount_utils.c -@@ -31,7 +31,7 @@ lxc_log_define(mount_utils, lxc); - * setting in @attr_set, but must also specify MOUNT_ATTR__ATIME in the - * @attr_clr field. - */ --static inline void set_atime(struct lxc_mount_attr *attr) -+static inline void set_atime(struct mount_attr *attr) - { - switch (attr->attr_set & MOUNT_ATTR__ATIME) { - case MOUNT_ATTR_RELATIME: -@@ -272,7 +272,7 @@ int create_detached_idmapped_mount(const - { - __do_close int fd_tree_from = -EBADF; - unsigned int open_tree_flags = OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC; -- struct lxc_mount_attr attr = { -+ struct mount_attr attr = { - .attr_set = MOUNT_ATTR_IDMAP | attr_set, - .attr_clr = attr_clr, - .userns_fd = userns_fd, -@@ -335,7 +335,7 @@ int __fd_bind_mount(int dfd_from, const - __u64 attr_clr, __u64 propagation, int userns_fd, - bool recursive) - { -- struct lxc_mount_attr attr = { -+ struct mount_attr attr = { - .attr_set = attr_set, - .attr_clr = attr_clr, - .propagation = propagation, ---- a/src/lxc/syscall_wrappers.h -+++ b/src/lxc/syscall_wrappers.h -@@ -18,6 +18,12 @@ - #include "macro.h" - #include "syscall_numbers.h" - -+#if HAVE_STRUCT_MOUNT_ATTR -+#include -+#elif HAVE_UAPI_STRUCT_MOUNT_ATTR -+#include -+#endif -+ - #ifdef HAVE_LINUX_MEMFD_H - #include - #endif -@@ -210,16 +216,18 @@ extern int fsmount(int fs_fd, unsigned i - /* - * mount_setattr() - */ --struct lxc_mount_attr { -+#if !HAVE_STRUCT_MOUNT_ATTR && !HAVE_UAPI_STRUCT_MOUNT_ATTR -+struct mount_attr { - __u64 attr_set; - __u64 attr_clr; - __u64 propagation; - __u64 userns_fd; - }; -+#endif - - #if !HAVE_MOUNT_SETATTR - static inline int mount_setattr(int dfd, const char *path, unsigned int flags, -- struct lxc_mount_attr *attr, size_t size) -+ struct mount_attr *attr, size_t size) - { - return syscall(__NR_mount_setattr, dfd, path, flags, attr, size); - } diff --git a/utils/lxc/patches/002-build-detect-sys-pidfd.h-availability.patch b/utils/lxc/patches/002-build-detect-sys-pidfd.h-availability.patch deleted file mode 100644 index 677c08fc2..000000000 --- a/utils/lxc/patches/002-build-detect-sys-pidfd.h-availability.patch +++ /dev/null @@ -1,47 +0,0 @@ -From ef1e0607b82e27350c2d677d649c6a0a9693fd40 Mon Sep 17 00:00:00 2001 -From: Christian Brauner -Date: Tue, 9 Aug 2022 16:27:40 +0200 -Subject: build: detect sys/pidfd.h availability - -Fixes: #4176 -Signed-off-by: Christian Brauner (Microsoft) ---- - meson.build | 1 + - src/lxc/process_utils.h | 6 ++++++ - 2 files changed, 7 insertions(+) - ---- a/meson.build -+++ b/meson.build -@@ -734,6 +734,7 @@ foreach tuple: [ - ['sys/resource.h'], - ['sys/memfd.h'], - ['sys/personality.h'], -+ ['sys/pidfd.h'], - ['sys/signalfd.h'], - ['sys/timerfd.h'], - ['pty.h'], ---- a/src/lxc/process_utils.h -+++ b/src/lxc/process_utils.h -@@ -15,6 +15,10 @@ - #include - #include - -+#if HAVE_SYS_PIDFD_H -+#include -+#endif -+ - #include "compiler.h" - #include "syscall_numbers.h" - -@@ -136,9 +140,11 @@ - #endif - - /* waitid */ -+#if !HAVE_SYS_PIDFD_H - #ifndef P_PIDFD - #define P_PIDFD 3 - #endif -+#endif - - #ifndef CLONE_ARGS_SIZE_VER0 - #define CLONE_ARGS_SIZE_VER0 64 /* sizeof first published struct */ diff --git a/utils/lxc/patches/003-build-check-for-FS_CONFIG_-header-symbol-in-sys-moun.patch b/utils/lxc/patches/003-build-check-for-FS_CONFIG_-header-symbol-in-sys-moun.patch deleted file mode 100644 index 20d406949..000000000 --- a/utils/lxc/patches/003-build-check-for-FS_CONFIG_-header-symbol-in-sys-moun.patch +++ /dev/null @@ -1,143 +0,0 @@ -From cbabe8abf11e7e7fb49c123bae31efdd9bc8f1e8 Mon Sep 17 00:00:00 2001 -From: Christian Brauner -Date: Tue, 9 Aug 2022 17:19:40 +0200 -Subject: build: check for FS_CONFIG_* header symbol in sys/mount.h - -Fixes: #4176 -Signed-off-by: Christian Brauner (Microsoft) ---- - meson.build | 59 +++++++++++++++++++++++++++++++++++++++++-- - src/lxc/mount_utils.h | 16 ++++++++++++ - 2 files changed, 73 insertions(+), 2 deletions(-) - ---- a/meson.build -+++ b/meson.build -@@ -638,8 +638,7 @@ if cc.sizeof('struct mount_attr', prefix - found_types += 'struct mount_attr (sys/mount.h)' - else - srcconf.set10('HAVE_' + 'struct mount_attr'.underscorify().to_upper(), false) -- missing_types += 'struct mount_attr (sys/mount.h)' --endif -+ missing_types += 'struct mount_attr (sys/mount.h)' endif - - ## Types. - decl_headers = ''' -@@ -655,6 +654,62 @@ else - missing_types += 'struct mount_attr (linux/mount.h)' - endif - -+if cc.has_header_symbol('sys/mount.h', 'FSCONFIG_SET_FLAG') -+ srcconf.set10('HAVE_' + 'FSCONFIG_SET_FLAG'.underscorify().to_upper(), true) -+ found_types += 'FSCONFIG_SET_FLAG' -+else -+ srcconf.set10('HAVE_' + 'FSCONFIG_SET_FLAG'.underscorify().to_upper(), false) -+ missing_types += 'FSCONFIG_SET_FLAG' -+endif -+ -+if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_STRING') -+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_STRING'.underscorify().to_upper(), true) -+ found_types += 'FS_CONFIG_SET_STRING' -+else -+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_STRING'.underscorify().to_upper(), false) -+ missing_types += 'FS_CONFIG_SET_STRING' -+endif -+ -+if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_BINARY') -+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_BINARY'.underscorify().to_upper(), true) -+ found_types += 'FS_CONFIG_SET_BINARY' -+else -+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_BINARY'.underscorify().to_upper(), false) -+ missing_types += 'FS_CONFIG_SET_BINARY' -+endif -+ -+if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_PATH_EMPTY') -+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_EMPTY'.underscorify().to_upper(), true) -+ found_types += 'FS_CONFIG_SET_PATH_EMPTY' -+else -+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_EMPTY'.underscorify().to_upper(), false) -+ missing_types += 'FS_CONFIG_SET_PATH_EMPTY' -+endif -+ -+if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_PATH_FD') -+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_FD'.underscorify().to_upper(), true) -+ found_types += 'FS_CONFIG_SET_PATH_FD' -+else -+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_FD'.underscorify().to_upper(), false) -+ missing_types += 'FS_CONFIG_SET_PATH_FD' -+endif -+ -+if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_CMD_CREATE') -+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_CREATE'.underscorify().to_upper(), true) -+ found_types += 'FS_CONFIG_SET_CMD_CREATE' -+else -+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_CREATE'.underscorify().to_upper(), false) -+ missing_types += 'FS_CONFIG_SET_CMD_CREATE' -+endif -+ -+if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_CMD_RECONFIGURE') -+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_RECONFIGURE'.underscorify().to_upper(), true) -+ found_types += 'FS_CONFIG_SET_CMD_RECONFIGURE' -+else -+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_RECONFIGURE'.underscorify().to_upper(), false) -+ missing_types += 'FS_CONFIG_SET_CMD_RECONFIGURE' -+endif -+ - ## Headers. - foreach ident: [ - ['bpf', '''#include ---- a/src/lxc/mount_utils.h -+++ b/src/lxc/mount_utils.h -@@ -82,37 +82,53 @@ struct lxc_rootfs; - #endif - - /* fsconfig() commands */ -+#if !HAVE_FSCONFIG_SET_FLAG - #ifndef FSCONFIG_SET_FLAG - #define FSCONFIG_SET_FLAG 0 /* Set parameter, supplying no value */ - #endif -+#endif - -+#if !HAVE_FSCONFIG_SET_STRING - #ifndef FSCONFIG_SET_STRING - #define FSCONFIG_SET_STRING 1 /* Set parameter, supplying a string value */ - #endif -+#endif - -+#if !HAVE_FSCONFIG_SET_BINARY - #ifndef FSCONFIG_SET_BINARY - #define FSCONFIG_SET_BINARY 2 /* Set parameter, supplying a binary blob value */ - #endif -+#endif - -+#if !HAVE_FSCONFIG_SET_PATH - #ifndef FSCONFIG_SET_PATH - #define FSCONFIG_SET_PATH 3 /* Set parameter, supplying an object by path */ - #endif -+#endif - -+#if !HAVE_FSCONFIG_SET_PATH_EMPTY - #ifndef FSCONFIG_SET_PATH_EMPTY - #define FSCONFIG_SET_PATH_EMPTY 4 /* Set parameter, supplying an object by (empty) path */ - #endif -+#endif - -+#if !HAVE_FSCONFIG_SET_FD - #ifndef FSCONFIG_SET_FD - #define FSCONFIG_SET_FD 5 /* Set parameter, supplying an object by fd */ - #endif -+#endif - -+#if !HAVE_FSCONFIG_CMD_CREATE - #ifndef FSCONFIG_CMD_CREATE - #define FSCONFIG_CMD_CREATE 6 /* Invoke superblock creation */ - #endif -+#endif - -+#if !FSCONFIG_CMD_RECONFIGURE - #ifndef FSCONFIG_CMD_RECONFIGURE - #define FSCONFIG_CMD_RECONFIGURE 7 /* Invoke superblock reconfiguration */ - #endif -+#endif - - /* fsmount() flags */ - #ifndef FSMOUNT_CLOEXEC diff --git a/utils/lxc/patches/011-tree-wide-wipe-direct-or-indirect-linux-mount.h-incl.patch b/utils/lxc/patches/011-tree-wide-wipe-direct-or-indirect-linux-mount.h-incl.patch deleted file mode 100644 index eb190018b..000000000 --- a/utils/lxc/patches/011-tree-wide-wipe-direct-or-indirect-linux-mount.h-incl.patch +++ /dev/null @@ -1,197 +0,0 @@ -From 4771699fd97b1e9ee7dc4f7cfe01c8ddd698f682 Mon Sep 17 00:00:00 2001 -From: Christian Brauner -Date: Wed, 10 Aug 2022 11:42:52 +0200 -Subject: tree-wide: wipe direct or indirect linux/mount.h inclusion - -It is incompatible with sys/mount.h and causes massive headaches. - -Signed-off-by: Christian Brauner (Microsoft) ---- - meson.build | 44 +++++++++++++------------------------- - src/lxc/macro.h | 13 +++++++++++ - src/lxc/mount_utils.h | 2 +- - src/lxc/syscall_wrappers.h | 9 ++------ - src/lxc/utils.c | 2 -- - 5 files changed, 31 insertions(+), 39 deletions(-) - ---- a/meson.build -+++ b/meson.build -@@ -627,7 +627,6 @@ foreach tuple: [ - endif - endforeach - --## Types. - decl_headers = ''' - #include - ''' -@@ -640,74 +639,61 @@ else - srcconf.set10('HAVE_' + 'struct mount_attr'.underscorify().to_upper(), false) - missing_types += 'struct mount_attr (sys/mount.h)' endif - --## Types. --decl_headers = ''' --#include --''' -- --# We get -1 if the size cannot be determined --if cc.sizeof('struct mount_attr', prefix: decl_headers, args: '-D_GNU_SOURCE') > 0 -- srcconf.set10('HAVE_UAPI_' + 'struct mount_attr'.underscorify().to_upper(), true) -- found_types += 'struct mount_attr (linux/mount.h)' --else -- srcconf.set10('HAVE_UAPI_' + 'struct mount_attr'.underscorify().to_upper(), false) -- missing_types += 'struct mount_attr (linux/mount.h)' --endif -- -+## Check if sys/mount.h defines the fsconfig commands - if cc.has_header_symbol('sys/mount.h', 'FSCONFIG_SET_FLAG') - srcconf.set10('HAVE_' + 'FSCONFIG_SET_FLAG'.underscorify().to_upper(), true) -- found_types += 'FSCONFIG_SET_FLAG' -+ found_types += 'FSCONFIG_SET_FLAG (sys/mount.h)' - else - srcconf.set10('HAVE_' + 'FSCONFIG_SET_FLAG'.underscorify().to_upper(), false) -- missing_types += 'FSCONFIG_SET_FLAG' -+ missing_types += 'FSCONFIG_SET_FLAG (sys/mount.h)' - endif - - if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_STRING') - srcconf.set10('HAVE_' + 'FS_CONFIG_SET_STRING'.underscorify().to_upper(), true) -- found_types += 'FS_CONFIG_SET_STRING' -+ found_types += 'FS_CONFIG_SET_STRING (sys/mount.h)' - else - srcconf.set10('HAVE_' + 'FS_CONFIG_SET_STRING'.underscorify().to_upper(), false) -- missing_types += 'FS_CONFIG_SET_STRING' -+ missing_types += 'FS_CONFIG_SET_STRING (sys/mount.h)' - endif - - if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_BINARY') - srcconf.set10('HAVE_' + 'FS_CONFIG_SET_BINARY'.underscorify().to_upper(), true) -- found_types += 'FS_CONFIG_SET_BINARY' -+ found_types += 'FS_CONFIG_SET_BINARY (sys/mount.h)' - else - srcconf.set10('HAVE_' + 'FS_CONFIG_SET_BINARY'.underscorify().to_upper(), false) -- missing_types += 'FS_CONFIG_SET_BINARY' -+ missing_types += 'FS_CONFIG_SET_BINARY (sys/mount.h)' - endif - - if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_PATH_EMPTY') - srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_EMPTY'.underscorify().to_upper(), true) -- found_types += 'FS_CONFIG_SET_PATH_EMPTY' -+ found_types += 'FS_CONFIG_SET_PATH_EMPTY (sys/mount.h)' - else - srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_EMPTY'.underscorify().to_upper(), false) -- missing_types += 'FS_CONFIG_SET_PATH_EMPTY' -+ missing_types += 'FS_CONFIG_SET_PATH_EMPTY (sys/mount.h)' - endif - - if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_PATH_FD') - srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_FD'.underscorify().to_upper(), true) -- found_types += 'FS_CONFIG_SET_PATH_FD' -+ found_types += 'FS_CONFIG_SET_PATH_FD (sys/mount.h)' - else - srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_FD'.underscorify().to_upper(), false) -- missing_types += 'FS_CONFIG_SET_PATH_FD' -+ missing_types += 'FS_CONFIG_SET_PATH_FD (sys/mount.h)' - endif - - if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_CMD_CREATE') - srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_CREATE'.underscorify().to_upper(), true) -- found_types += 'FS_CONFIG_SET_CMD_CREATE' -+ found_types += 'FS_CONFIG_SET_CMD_CREAT (sys/mount.h)' - else - srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_CREATE'.underscorify().to_upper(), false) -- missing_types += 'FS_CONFIG_SET_CMD_CREATE' -+ missing_types += 'FS_CONFIG_SET_CMD_CREATE (sys/mount.h)' - endif - - if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_CMD_RECONFIGURE') - srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_RECONFIGURE'.underscorify().to_upper(), true) -- found_types += 'FS_CONFIG_SET_CMD_RECONFIGURE' -+ found_types += 'FS_CONFIG_SET_CMD_RECONFIGURE (sys/mount.h)' - else - srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_RECONFIGURE'.underscorify().to_upper(), false) -- missing_types += 'FS_CONFIG_SET_CMD_RECONFIGURE' -+ missing_types += 'FS_CONFIG_SET_CMD_RECONFIGURE (sys/mount.h)' - endif - - ## Headers. ---- a/src/lxc/macro.h -+++ b/src/lxc/macro.h -@@ -8,6 +8,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -812,4 +813,16 @@ static inline bool is_set(__u32 bit, __u - - #define BIT(nr) (1UL << (nr)) - -+#ifndef FS_IOC_GETFLAGS -+#define FS_IOC_GETFLAGS _IOR('f', 1, long) -+#endif -+ -+#ifndef FS_IOC_SETFLAGS -+#define FS_IOC_SETFLAGS _IOW('f', 2, long) -+#endif -+ -+#ifndef FS_IMMUTABLE_FL -+#define FS_IMMUTABLE_FL 0x00000010 /* Immutable file */ -+#endif -+ - #endif /* __LXC_MACRO_H */ ---- a/src/lxc/mount_utils.h -+++ b/src/lxc/mount_utils.h -@@ -124,7 +124,7 @@ struct lxc_rootfs; - #endif - #endif - --#if !FSCONFIG_CMD_RECONFIGURE -+#if !HAVE_FSCONFIG_CMD_RECONFIGURE - #ifndef FSCONFIG_CMD_RECONFIGURE - #define FSCONFIG_CMD_RECONFIGURE 7 /* Invoke superblock reconfiguration */ - #endif ---- a/src/lxc/syscall_wrappers.h -+++ b/src/lxc/syscall_wrappers.h -@@ -10,6 +10,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -18,12 +19,6 @@ - #include "macro.h" - #include "syscall_numbers.h" - --#if HAVE_STRUCT_MOUNT_ATTR --#include --#elif HAVE_UAPI_STRUCT_MOUNT_ATTR --#include --#endif -- - #ifdef HAVE_LINUX_MEMFD_H - #include - #endif -@@ -216,7 +211,7 @@ extern int fsmount(int fs_fd, unsigned i - /* - * mount_setattr() - */ --#if !HAVE_STRUCT_MOUNT_ATTR && !HAVE_UAPI_STRUCT_MOUNT_ATTR -+#if !HAVE_STRUCT_MOUNT_ATTR - struct mount_attr { - __u64 attr_set; - __u64 attr_clr; ---- a/src/lxc/utils.c -+++ b/src/lxc/utils.c -@@ -19,8 +19,6 @@ - #include - #include - #include --/* Needs to be after sys/mount.h header */ --#include - #include - #include - #include diff --git a/utils/lxc/patches/012-tree-wide-use-struct-clone_args-directly.patch b/utils/lxc/patches/012-tree-wide-use-struct-clone_args-directly.patch deleted file mode 100644 index 7ab536e9b..000000000 --- a/utils/lxc/patches/012-tree-wide-use-struct-clone_args-directly.patch +++ /dev/null @@ -1,99 +0,0 @@ -From 63468abd3287ebd5cc4ed9205334217031049fb4 Mon Sep 17 00:00:00 2001 -From: Christian Brauner -Date: Wed, 10 Aug 2022 12:03:54 +0200 -Subject: tree-wide: use struct clone_args directly - -Signed-off-by: Christian Brauner (Microsoft) ---- - meson.build | 1 - - src/lxc/process_utils.c | 2 +- - src/lxc/process_utils.h | 7 ++++--- - src/lxc/start.c | 2 +- - src/lxc/start.h | 1 - - src/tests/reboot.c | 2 -- - 6 files changed, 6 insertions(+), 9 deletions(-) - ---- a/meson.build -+++ b/meson.build -@@ -582,7 +582,6 @@ decl_headers = ''' - #include - #include - #include --#include - #include - ''' - ---- a/src/lxc/process_utils.c -+++ b/src/lxc/process_utils.c -@@ -90,7 +90,7 @@ __returns_twice pid_t lxc_raw_legacy_clo - __returns_twice pid_t lxc_raw_clone(unsigned long flags, int *pidfd) - { - pid_t pid; -- struct lxc_clone_args args = { -+ struct clone_args args = { - .flags = flags, - .pidfd = ptr_to_u64(pidfd), - }; ---- a/src/lxc/process_utils.h -+++ b/src/lxc/process_utils.h -@@ -5,7 +5,6 @@ - - #include "config.h" - --#include - #include - #include - #include -@@ -165,7 +164,8 @@ - #define u64_to_ptr(x) ((void *)(uintptr_t)x) - #endif - --struct lxc_clone_args { -+#if !HAVE_STRUCT_CLONE_ARGS -+struct clone_args { - __aligned_u64 flags; - __aligned_u64 pidfd; - __aligned_u64 child_tid; -@@ -178,8 +178,9 @@ struct lxc_clone_args { - __aligned_u64 set_tid_size; - __aligned_u64 cgroup; - }; -+#endif - --__returns_twice static inline pid_t lxc_clone3(struct lxc_clone_args *args, size_t size) -+__returns_twice static inline pid_t lxc_clone3(struct clone_args *args, size_t size) - { - return syscall(__NR_clone3, args, size); - } ---- a/src/lxc/start.c -+++ b/src/lxc/start.c -@@ -1673,7 +1673,7 @@ static int lxc_spawn(struct lxc_handler - } else { - int cgroup_fd = -EBADF; - -- struct lxc_clone_args clone_args = { -+ struct clone_args clone_args = { - .flags = handler->clone_flags, - .pidfd = ptr_to_u64(&handler->pidfd), - .exit_signal = SIGCHLD, ---- a/src/lxc/start.h -+++ b/src/lxc/start.h -@@ -5,7 +5,6 @@ - - #include "config.h" - --#include - #include - #include - #include ---- a/src/tests/reboot.c -+++ b/src/tests/reboot.c -@@ -32,8 +32,6 @@ - - #include "namespace.h" - --#include --#include - #include - - int clone(int (*fn)(void *), void *child_stack, int flags, void *arg, ...); diff --git a/utils/lxc/patches/013-tree-wide-use-struct-open_how-directly.patch b/utils/lxc/patches/013-tree-wide-use-struct-open_how-directly.patch deleted file mode 100644 index cbcd08140..000000000 --- a/utils/lxc/patches/013-tree-wide-use-struct-open_how-directly.patch +++ /dev/null @@ -1,112 +0,0 @@ -From 133aa416ca2a5996090ec0e697e253646364d274 Mon Sep 17 00:00:00 2001 -From: Christian Brauner -Date: Wed, 10 Aug 2022 12:18:49 +0200 -Subject: tree-wide: use struct open_how directly - -Signed-off-by: Christian Brauner (Microsoft) ---- - meson.build | 2 -- - src/lxc/file_utils.c | 2 +- - src/lxc/mount_utils.c | 8 ++++---- - src/lxc/syscall_wrappers.h | 6 ++++-- - src/lxc/utils.c | 2 +- - 5 files changed, 10 insertions(+), 10 deletions(-) - ---- a/meson.build -+++ b/meson.build -@@ -579,9 +579,7 @@ decl_headers = ''' - #include - #include - #include --#include - #include --#include - #include - ''' - ---- a/src/lxc/file_utils.c -+++ b/src/lxc/file_utils.c -@@ -652,7 +652,7 @@ int open_at(int dfd, const char *path, u - unsigned int resolve_flags, mode_t mode) - { - __do_close int fd = -EBADF; -- struct lxc_open_how how = { -+ struct open_how how = { - .flags = o_flags, - .mode = mode, - .resolve = resolve_flags, ---- a/src/lxc/mount_utils.c -+++ b/src/lxc/mount_utils.c -@@ -186,7 +186,7 @@ int fs_prepare(const char *fs_name, - int fd_from; - - if (!is_empty_string(path_from)) { -- struct lxc_open_how how = { -+ struct open_how how = { - .flags = o_flags_from, - .resolve = resolve_flags_from, - }; -@@ -237,7 +237,7 @@ int fs_attach(int fd_fs, - int fd_to, ret; - - if (!is_empty_string(path_to)) { -- struct lxc_open_how how = { -+ struct open_how how = { - .flags = o_flags_to, - .resolve = resolve_flags_to, - }; -@@ -308,7 +308,7 @@ int move_detached_mount(int dfd_from, in - int fd_to, ret; - - if (!is_empty_string(path_to)) { -- struct lxc_open_how how = { -+ struct open_how how = { - .flags = o_flags_to, - .resolve = resolve_flags_to, - }; -@@ -348,7 +348,7 @@ int __fd_bind_mount(int dfd_from, const - set_atime(&attr); - - if (!is_empty_string(path_from)) { -- struct lxc_open_how how = { -+ struct open_how how = { - .flags = o_flags_from, - .resolve = resolve_flags_from, - }; ---- a/src/lxc/syscall_wrappers.h -+++ b/src/lxc/syscall_wrappers.h -@@ -240,11 +240,13 @@ static inline int mount_setattr(int dfd, - * @mode: O_CREAT/O_TMPFILE file mode. - * @resolve: RESOLVE_* flags. - */ --struct lxc_open_how { -+#if !HAVE_STRUCT_OPEN_HOW -+struct open_how { - __u64 flags; - __u64 mode; - __u64 resolve; - }; -+#endif - - /* how->resolve flags for openat2(2). */ - #ifndef RESOLVE_NO_XDEV -@@ -296,7 +298,7 @@ struct lxc_open_how { - #define PROTECT_OPEN_RW (O_CLOEXEC | O_NOCTTY | O_RDWR | O_NOFOLLOW) - - #if !HAVE_OPENAT2 --static inline int openat2(int dfd, const char *filename, struct lxc_open_how *how, size_t size) -+static inline int openat2(int dfd, const char *filename, struct open_how *how, size_t size) - { - return syscall(__NR_openat2, dfd, filename, how, size); - } ---- a/src/lxc/utils.c -+++ b/src/lxc/utils.c -@@ -1095,7 +1095,7 @@ int __safe_mount_beneath_at(int beneath_ - unsigned int flags, const void *data) - { - __do_close int source_fd = -EBADF, target_fd = -EBADF; -- struct lxc_open_how how = { -+ struct open_how how = { - .flags = PROTECT_OPATH_DIRECTORY, - .resolve = PROTECT_LOOKUP_BENEATH_WITH_MAGICLINKS, - }; diff --git a/utils/nano/Makefile b/utils/nano/Makefile index 2db13c583..e68b28950 100644 --- a/utils/nano/Makefile +++ b/utils/nano/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nano PKG_VERSION:=7.2 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@GNU/nano @@ -138,7 +138,7 @@ endef define Package/nano-full/install $(call Package/nano/install,$1) $(INSTALL_DIR) $(1)/etc $(1)/usr/share/nano - $(INSTALL_CONF) ./files/nanorc $(1)/etc/nanorc + $(INSTALL_DATA) ./files/nanorc $(1)/etc/nanorc $(INSTALL_DATA) ./files/uci.nanorc $(1)/usr/share/nano $(CP) $(PKG_INSTALL_DIR)/usr/share/nano/* $(1)/usr/share/nano endef diff --git a/utils/squashfs-tools/Makefile b/utils/squashfs-tools/Makefile index 1964aa3a7..04628bc35 100644 --- a/utils/squashfs-tools/Makefile +++ b/utils/squashfs-tools/Makefile @@ -8,8 +8,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=squashfs-tools -PKG_VERSION:=4.5.1 -PKG_RELEASE:=$(AUTORELEASE) +PKG_VERSION:=4.6.1 +PKG_RELEASE:=1 PKG_LICENSE:=GPL-2.0-only PKG_LICENSE_FILES:=COPYING @@ -18,7 +18,7 @@ PKG_CPE_ID:=cpe:/a:phillip_lougher:squashfs PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/plougher/squashfs-tools/tar.gz/${PKG_VERSION}? -PKG_HASH:=277b6e7f75a4a57f72191295ae62766a10d627a4f5e5f19eadfbc861378deea7 +PKG_HASH:=94201754b36121a9f022a190c75f718441df15402df32c2b520ca331a107511c PKG_BUILD_PARALLEL:=1 include $(INCLUDE_DIR)/package.mk @@ -52,9 +52,6 @@ endef Build/Configure:= -MAKE_FLAGS += \ - XATTR_SUPPORT= - ifneq ($(CONFIG_SQUASHFS_TOOLS_XZ_SUPPORT),) MAKE_FLAGS += XZ_SUPPORT=1 endif diff --git a/utils/stress-ng/Makefile b/utils/stress-ng/Makefile index 97e86c846..248468a86 100644 --- a/utils/stress-ng/Makefile +++ b/utils/stress-ng/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=stress-ng -PKG_VERSION:=0.15.03 +PKG_VERSION:=0.15.06 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/ColinIanKing/stress-ng/tar.gz/refs/tags/V$(PKG_VERSION)? -PKG_HASH:=7cceca64da37fd3c8db7167ed386fd7d3e1d9d6891a1f6227911ab8d4b17379c +PKG_HASH:=c38cefcf0a83f6c65aed7c36e57a9a1ee8373418ef71cf089a75b0661dcd4623 PKG_MAINTAINER:=Alexandru Ardelean PKG_LICENSE:=GPL-2.0-only diff --git a/utils/stress-ng/patches/001-disable-gpu-stressor.patch b/utils/stress-ng/patches/001-disable-gpu-stressor.patch index af1882901..4fc4941e0 100644 --- a/utils/stress-ng/patches/001-disable-gpu-stressor.patch +++ b/utils/stress-ng/patches/001-disable-gpu-stressor.patch @@ -1,6 +1,6 @@ --- a/Makefile.config +++ b/Makefile.config -@@ -272,7 +272,7 @@ LD_GOLD: +@@ -264,7 +264,7 @@ clean: libraries: \ configdir \ LIB_AIO LIB_APPARMOR LIB_BSD LIB_CRYPT LIB_DL \ diff --git a/utils/stress-ng/patches/002-disable-xxhash.patch b/utils/stress-ng/patches/002-disable-xxhash.patch index 5c01764cd..d24e6f062 100644 --- a/utils/stress-ng/patches/002-disable-xxhash.patch +++ b/utils/stress-ng/patches/002-disable-xxhash.patch @@ -1,6 +1,6 @@ --- a/Makefile.config +++ b/Makefile.config -@@ -274,7 +274,7 @@ libraries: \ +@@ -266,7 +266,7 @@ libraries: \ LIB_AIO LIB_APPARMOR LIB_BSD LIB_CRYPT LIB_DL \ LIB_IPSEC_MB LIB_JPEG \ LIB_JUDY LIB_KMOD LIB_MD LIB_PTHREAD LIB_PTHREAD_SPINLOCK \ diff --git a/utils/zoneinfo/Makefile b/utils/zoneinfo/Makefile index 251a1cd08..7608fcef6 100644 --- a/utils/zoneinfo/Makefile +++ b/utils/zoneinfo/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2007-2022 OpenWrt.org +# Copyright (C) 2007-2023 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=zoneinfo -PKG_VERSION:=2022g +PKG_VERSION:=2023c PKG_RELEASE:=1 #As i couldn't find real license used "Public Domain" @@ -19,14 +19,14 @@ PKG_LICENSE:=Public Domain PKG_SOURCE:=tzdata$(PKG_VERSION).tar.gz PKG_SOURCE_CODE:=tzcode$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.iana.org/time-zones/repository/releases -PKG_HASH:=4491db8281ae94a84d939e427bdd83dc389f26764d27d9a5c52d782c16764478 +PKG_HASH:=3f510b5d1b4ae9bb38e485aa302a776b317fb3637bdb6404c4adf7b6cadd965c include $(INCLUDE_DIR)/package.mk define Download/tzcode FILE=$(PKG_SOURCE_CODE) URL=$(PKG_SOURCE_URL) - HASH:=9610bb0b9656ff404c361a41f3286da53064b5469d84f00c9cb2314c8614da74 + HASH:=46d17f2bb19ad73290f03a203006152e0fa0d7b11e5b71467c4a823811b214e7 endef $(eval $(call Download,tzcode))