From 31db968a79babee19f97c20cd4f89b8237300967 Mon Sep 17 00:00:00 2001 From: Philip Prindeville Date: Mon, 27 Mar 2023 00:03:41 -0600 Subject: [PATCH 01/18] isc-dhcp: Fix isc-dhcp-dyndns meta package Signed-off-by: Philip Prindeville --- net/isc-dhcp/Makefile | 29 +++++------------------------ 1 file changed, 5 insertions(+), 24 deletions(-) diff --git a/net/isc-dhcp/Makefile b/net/isc-dhcp/Makefile index e13c8c8a0..ec185e141 100644 --- a/net/isc-dhcp/Makefile +++ b/net/isc-dhcp/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=isc-dhcp UPSTREAM_NAME:=dhcp PKG_VERSION:=4.4.3 -PKG_RELEASE:=7 +PKG_RELEASE:=8 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE @@ -132,18 +132,10 @@ $(call Package/isc-dhcp-server/description) This package is compiled with IPv4 and IPv6 support. endef -define Package/isc-dhcp-dyndns-ipv4 +define Package/isc-dhcp-dyndns $(call Package/isc-dhcp/Default) TITLE+= server dynamic DNS dependencies (meta) - DEPENDS+=isc-dhcp-server-ipv4 +bind-server +bind-client - VARIANT:=ipv4 -endef - -define Package/isc-dhcp-dyndns-ipv6 - $(call Package/isc-dhcp/Default) - TITLE+= server dynamic DNS dependencies (meta) - DEPENDS+=isc-dhcp-server-ipv6 +bind-server +bind-client - VARIANT:=ipv6 + DEPENDS+=@(PACKAGE_isc-dhcp-server-ipv4||PACKAGE_isc-dhcp-server-ipv6) +bind-server +bind-client endef define Package/isc-dhcp-dyndns/description @@ -151,16 +143,6 @@ define Package/isc-dhcp-dyndns/description Bootstrap Protocol (BOOTP). endef -define Package/isc-dhcp-dyndns-ipv4/description -$(call Package/isc-dhcp-dyndns/description) - This package is compiled with IPv4 support only. -endef - -define Package/isc-dhcp-dyndns-ipv6/description -$(call Package/isc-dhcp-dyndns/description) - This package is compiled with IPv4 and IPv6 support. -endef - define Package/isc-dhcp-omshell-ipv4 $(call Package/isc-dhcp/Default) DEPENDS:= +isc-dhcp-server-ipv4 @@ -257,7 +239,7 @@ define Package/isc-dhcp-server-ipv6/conffiles /etc/dhcpd6.conf endef -define Package/isc-dhcp-dyndns-$(BUILD_VARIANT)/install +define Package/isc-dhcp-dyndns/install : endef @@ -285,11 +267,10 @@ endef $(eval $(call BuildPackage,isc-dhcp-relay-ipv4)) $(eval $(call BuildPackage,isc-dhcp-server-ipv4)) -$(eval $(call BuildPackage,isc-dhcp-dyndns-ipv4)) +$(eval $(call BuildPackage,isc-dhcp-dyndns)) $(eval $(call BuildPackage,isc-dhcp-client-ipv4)) $(eval $(call BuildPackage,isc-dhcp-omshell-ipv4)) $(eval $(call BuildPackage,isc-dhcp-relay-ipv6)) $(eval $(call BuildPackage,isc-dhcp-server-ipv6)) -$(eval $(call BuildPackage,isc-dhcp-dyndns-ipv6)) $(eval $(call BuildPackage,isc-dhcp-client-ipv6)) $(eval $(call BuildPackage,isc-dhcp-omshell-ipv6)) From 98e34afbdacb821b099843eacaca9cd498de8364 Mon Sep 17 00:00:00 2001 From: Philip Prindeville Date: Sun, 26 Mar 2023 17:03:14 -0600 Subject: [PATCH 02/18] isc-dhcp: Update to 4.4.3-P1 Signed-off-by: Philip Prindeville --- net/isc-dhcp/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/isc-dhcp/Makefile b/net/isc-dhcp/Makefile index ec185e141..b326d48a0 100644 --- a/net/isc-dhcp/Makefile +++ b/net/isc-dhcp/Makefile @@ -9,8 +9,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=isc-dhcp UPSTREAM_NAME:=dhcp -PKG_VERSION:=4.4.3 -PKG_RELEASE:=8 +PKG_VERSION:=4.4.3-P1 +PKG_RELEASE:=1 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE @@ -21,7 +21,7 @@ PKG_SOURCE:=$(UPSTREAM_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=ftp://ftp.isc.org/isc/dhcp/$(PKG_VERSION) \ http://ftp.funet.fi/pub/mirrors/ftp.isc.org/isc/dhcp/$(PKG_VERSION) \ http://ftp.iij.ad.jp/pub/network/isc/dhcp/$(PKG_VERSION) -PKG_HASH:=0e3ec6b4c2a05ec0148874bcd999a66d05518378d77421f607fb0bc9d0135818 +PKG_HASH:=0ac416bb55997ca8632174fd10737fd61cdb8dba2752160a335775bc21dc73c7 PKG_FIXUP:=autoreconf PKG_BUILD_PARALLEL:=1 From d1b2bb9dcde39be60266fa0aeef8b52abe1ef34e Mon Sep 17 00:00:00 2001 From: Philip Prindeville Date: Sun, 26 Mar 2023 16:54:35 -0600 Subject: [PATCH 03/18] strongswan: Fix CI/CD complaints about kmod dependencies Signed-off-by: Philip Prindeville --- net/strongswan/Makefile | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile index 3bac8210c..7f0e0c960 100644 --- a/net/strongswan/Makefile +++ b/net/strongswan/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=strongswan PKG_VERSION:=5.9.10 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/ @@ -130,7 +130,16 @@ define Package/strongswan $(call Package/strongswan/Default) MENU:=1 DEPENDS:= +libpthread +ip \ + +kmod-crypto-aead \ +kmod-crypto-authenc \ + +kmod-crypto-cbc \ + +kmod-lib-zlib-inflate \ + +kmod-lib-zlib-deflate \ + +kmod-crypto-des \ + +kmod-crypto-echainiv \ + +kmod-crypto-hmac \ + +kmod-crypto-md5 \ + +kmod-crypto-sha1 \ +kmod-ipsec +kmod-ipsec4 +IPV6:kmod-ipsec6 endef From 295244efad1c24d2ab8eb7b6552c32911ba70c0c Mon Sep 17 00:00:00 2001 From: Alexandru Ardelean Date: Thu, 23 Mar 2023 09:59:54 +0200 Subject: [PATCH 04/18] squashfs-tools: bump to version 4.6.1 Also, enable xattr support. Signed-off-by: Alexandru Ardelean --- utils/squashfs-tools/Makefile | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/utils/squashfs-tools/Makefile b/utils/squashfs-tools/Makefile index 1964aa3a7..04628bc35 100644 --- a/utils/squashfs-tools/Makefile +++ b/utils/squashfs-tools/Makefile @@ -8,8 +8,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=squashfs-tools -PKG_VERSION:=4.5.1 -PKG_RELEASE:=$(AUTORELEASE) +PKG_VERSION:=4.6.1 +PKG_RELEASE:=1 PKG_LICENSE:=GPL-2.0-only PKG_LICENSE_FILES:=COPYING @@ -18,7 +18,7 @@ PKG_CPE_ID:=cpe:/a:phillip_lougher:squashfs PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/plougher/squashfs-tools/tar.gz/${PKG_VERSION}? -PKG_HASH:=277b6e7f75a4a57f72191295ae62766a10d627a4f5e5f19eadfbc861378deea7 +PKG_HASH:=94201754b36121a9f022a190c75f718441df15402df32c2b520ca331a107511c PKG_BUILD_PARALLEL:=1 include $(INCLUDE_DIR)/package.mk @@ -52,9 +52,6 @@ endef Build/Configure:= -MAKE_FLAGS += \ - XATTR_SUPPORT= - ifneq ($(CONFIG_SQUASHFS_TOOLS_XZ_SUPPORT),) MAKE_FLAGS += XZ_SUPPORT=1 endif From 0b0232ed66e81e5db521461544b1f22763611d27 Mon Sep 17 00:00:00 2001 From: Alexandru Ardelean Date: Mon, 3 Apr 2023 10:04:04 +0300 Subject: [PATCH 05/18] pillow: bump to version 9.5.0 Signed-off-by: Alexandru Ardelean --- lang/python/pillow/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/python/pillow/Makefile b/lang/python/pillow/Makefile index 157575cca..bcf793697 100644 --- a/lang/python/pillow/Makefile +++ b/lang/python/pillow/Makefile @@ -7,11 +7,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=pillow -PKG_VERSION:=9.4.0 +PKG_VERSION:=9.5.0 PKG_RELEASE:=1 PYPI_NAME:=Pillow -PKG_HASH:=a1c2d7780448eb93fbcc3789bf3916aa5720d942e37945f4056680317f1cd23e +PKG_HASH:=bf548479d336726d7a0eceb6e767e179fbde37833ae42794602631a070d630f1 PKG_MAINTAINER:=Alexandru Ardelean PKG_LICENSE:=HPND From c59cbd13f343009513e36f302eb157b54dd5e034 Mon Sep 17 00:00:00 2001 From: Alexandru Ardelean Date: Mon, 3 Apr 2023 10:05:10 +0300 Subject: [PATCH 06/18] python-pytz: bump to version 2023.3 Signed-off-by: Alexandru Ardelean --- lang/python/python-pytz/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/python/python-pytz/Makefile b/lang/python/python-pytz/Makefile index a39428a8e..62c1b3a2c 100644 --- a/lang/python/python-pytz/Makefile +++ b/lang/python/python-pytz/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-pytz -PKG_VERSION:=2022.7.1 +PKG_VERSION:=2023.3 PKG_RELEASE:=1 PYPI_NAME:=pytz -PKG_HASH:=01a0681c4b9684a28304615eba55d1ab31ae00bf68ec157ec3708a8182dbbcd0 +PKG_HASH:=1d8ce29db189191fb55338ee6d0387d82ab59f3d00eac103412d64e0ebd0c588 PKG_MAINTAINER:=Alexandru Ardelean PKG_LICENSE:=MIT From db077d07edc94ce5c3f73db2faebc9a95654d280 Mon Sep 17 00:00:00 2001 From: Alexandru Ardelean Date: Mon, 3 Apr 2023 09:59:48 +0300 Subject: [PATCH 07/18] stress-ng: bump to version 0.15.06 Signed-off-by: Alexandru Ardelean --- utils/stress-ng/Makefile | 4 ++-- utils/stress-ng/patches/001-disable-gpu-stressor.patch | 2 +- utils/stress-ng/patches/002-disable-xxhash.patch | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/utils/stress-ng/Makefile b/utils/stress-ng/Makefile index 97e86c846..248468a86 100644 --- a/utils/stress-ng/Makefile +++ b/utils/stress-ng/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=stress-ng -PKG_VERSION:=0.15.03 +PKG_VERSION:=0.15.06 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/ColinIanKing/stress-ng/tar.gz/refs/tags/V$(PKG_VERSION)? -PKG_HASH:=7cceca64da37fd3c8db7167ed386fd7d3e1d9d6891a1f6227911ab8d4b17379c +PKG_HASH:=c38cefcf0a83f6c65aed7c36e57a9a1ee8373418ef71cf089a75b0661dcd4623 PKG_MAINTAINER:=Alexandru Ardelean PKG_LICENSE:=GPL-2.0-only diff --git a/utils/stress-ng/patches/001-disable-gpu-stressor.patch b/utils/stress-ng/patches/001-disable-gpu-stressor.patch index af1882901..4fc4941e0 100644 --- a/utils/stress-ng/patches/001-disable-gpu-stressor.patch +++ b/utils/stress-ng/patches/001-disable-gpu-stressor.patch @@ -1,6 +1,6 @@ --- a/Makefile.config +++ b/Makefile.config -@@ -272,7 +272,7 @@ LD_GOLD: +@@ -264,7 +264,7 @@ clean: libraries: \ configdir \ LIB_AIO LIB_APPARMOR LIB_BSD LIB_CRYPT LIB_DL \ diff --git a/utils/stress-ng/patches/002-disable-xxhash.patch b/utils/stress-ng/patches/002-disable-xxhash.patch index 5c01764cd..d24e6f062 100644 --- a/utils/stress-ng/patches/002-disable-xxhash.patch +++ b/utils/stress-ng/patches/002-disable-xxhash.patch @@ -1,6 +1,6 @@ --- a/Makefile.config +++ b/Makefile.config -@@ -274,7 +274,7 @@ libraries: \ +@@ -266,7 +266,7 @@ libraries: \ LIB_AIO LIB_APPARMOR LIB_BSD LIB_CRYPT LIB_DL \ LIB_IPSEC_MB LIB_JPEG \ LIB_JUDY LIB_KMOD LIB_MD LIB_PTHREAD LIB_PTHREAD_SPINLOCK \ From 9df165d8f60cb4b7943074a6f7dcf045572e309d Mon Sep 17 00:00:00 2001 From: Alexandru Ardelean Date: Mon, 3 Apr 2023 10:30:26 +0300 Subject: [PATCH 08/18] openblas: bump to version 0.3.23 Make hard-float a requirement. Signed-off-by: Alexandru Ardelean --- libs/openblas/Makefile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libs/openblas/Makefile b/libs/openblas/Makefile index 83d7d7099..389478858 100644 --- a/libs/openblas/Makefile +++ b/libs/openblas/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=OpenBLAS -PKG_VERSION:=0.3.21 -PKG_RELEASE:=2 +PKG_VERSION:=0.3.23 +PKG_RELEASE:=1 PKG_SOURCE:=OpenBLAS-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/xianyi/OpenBLAS/releases/download/v$(PKG_VERSION)/ -PKG_HASH:=f36ba3d7a60e7c8bcc54cd9aaa9b1223dd42eaf02c811791c37e8ca707c241ca +PKG_HASH:=5d9491d07168a5d00116cdc068a40022c3455bf9293c7cb86a65b1054d7e5114 PKG_LICENSE:=BSD 3-Clause PKG_MAINTAINER:=Alexandru Ardelean @@ -27,6 +27,7 @@ define Package/openblas DEPENDS:= \ @!arc \ @!powerpc \ + @!SOFT_FLOAT \ +INSTALL_GFORTRAN:libgfortran endef From 7b36881347deaceccf50d575daa3547c1f6729fe Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Tue, 21 Mar 2023 19:44:19 -0300 Subject: [PATCH 09/18] afalg_engine: adapt to new engine build config This adapts the package to the new include/openssl-module.mk, and updated runtime configuration. Signed-off-by: Eneas U de Queiroz --- libs/afalg_engine/Config.in | 13 ------------- libs/afalg_engine/Makefile | 7 +++---- libs/afalg_engine/files/afalg.cnf | 2 +- 3 files changed, 4 insertions(+), 18 deletions(-) diff --git a/libs/afalg_engine/Config.in b/libs/afalg_engine/Config.in index ed67f5203..a81a892e9 100644 --- a/libs/afalg_engine/Config.in +++ b/libs/afalg_engine/Config.in @@ -9,19 +9,6 @@ if PACKAGE_libopenssl-afalg_sync This increases memory usage, and has problems when process fork with open digest contexts (openssh will not work because of it). - config AFALG_FALLBACK - bool "Enable software fallback feature" - default y - help - Use software to fulfill small requests. Using AF_ALG adds latency, - which makes it slow to perform small requests. Enabling this - option overcomes this problem, at the cost of increased memory - and CPU usage. This is a new, experimental feature; if you - encounter any problem, this is the first option to disable. - The fallback will fail if you enable this engine alongside - devcrypto, so you'll not be able to install both at the same - time if this option is enabled. - config AFALG_UPDATE_CTR_IV bool "Don't rely on kernel to update CTR IV" default y diff --git a/libs/afalg_engine/Makefile b/libs/afalg_engine/Makefile index 2dc5af7a1..a227c079f 100644 --- a/libs/afalg_engine/Makefile +++ b/libs/afalg_engine/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=afalg_engine PKG_VERSION:=1.2.0-beta.1 -PKG_RELEASE:=$(AUTORELEASE) +PKG_RELEASE:=5 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/cotequeiroz/afalg_engine/archive/v$(PKG_VERSION) @@ -25,7 +25,7 @@ PKG_CONFIG_DEPENDS:= \ include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/cmake.mk -include $(INCLUDE_DIR)/openssl-engine.mk +include $(INCLUDE_DIR)/openssl-module.mk $(eval $(call Package/openssl/add-engine,afalg,libopenssl-afalg_sync)) define Package/libopenssl-afalg_sync @@ -33,7 +33,7 @@ define Package/libopenssl-afalg_sync TITLE:=AF_ALG engine using sync crypto API URL:=https://github.com/cotequeiroz/afalg_engine DEPENDS += @!OPENSSL_ENGINE_BUILTIN_AFALG +kmod-crypto-user - CONFLICTS:=libopenssl-afalg $(if $(CONFIG_AFALG_FALLBACK),libopenssl-devcrypto) + CONFLICTS:=libopenssl-afalg MENU:=1 endef @@ -54,7 +54,6 @@ endef CMAKE_OPTIONS += \ -DOPENSSL_ENGINES_DIR=/usr/lib/$(ENGINES_DIR) \ -DDIGESTS=$(if $(CONFIG_AFALG_DIGESTS),ON,OFF) \ - -DFALLBACK=$(if $(CONFIG_AFALG_FALLBACK),ON,OFF) \ -DUPDATE_CTR_IV=$(if $(CONFIG_AFALG_UPDATE_CTR_IV),ON,OFF) \ -DUSE_ZERO_COPY=$(if $(CONFIG_AFALG_ZERO_COPY),ON,OFF) diff --git a/libs/afalg_engine/files/afalg.cnf b/libs/afalg_engine/files/afalg.cnf index f17338b88..82f0cfadf 100644 --- a/libs/afalg_engine/files/afalg.cnf +++ b/libs/afalg_engine/files/afalg.cnf @@ -1,4 +1,4 @@ -[afalg] +[afalg_sect] # Leave this alone and configure algorithms with CIPERS/DIGESTS below default_algorithms = ALL From 3b2fcd6b2fde4bebf9eb54441c1c8f14b40e26a9 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Tue, 21 Mar 2023 19:44:19 -0300 Subject: [PATCH 10/18] gost_engine: adapt to new engine build config This adapts the package to the new include/openssl-module.mk, and updated runtime configuration. Signed-off-by: Eneas U de Queiroz --- libs/gost_engine/Makefile | 19 ++++++------------- libs/gost_engine/files/gost.cnf | 2 +- 2 files changed, 7 insertions(+), 14 deletions(-) diff --git a/libs/gost_engine/Makefile b/libs/gost_engine/Makefile index 94f6c990e..d15a36f39 100644 --- a/libs/gost_engine/Makefile +++ b/libs/gost_engine/Makefile @@ -1,19 +1,12 @@ include $(TOPDIR)/rules.mk -include $(INCLUDE_DIR)/openssl-engine.mk +include $(INCLUDE_DIR)/openssl-module.mk PKG_NAME:=gost_engine -ifeq ($(ENGINES_DIR),engines-1.1) - PKG_VERSION:=1.1.0.3 - PKG_HASH:=fff725052e82c9adb5b738729b30141f61ac91fa457a4f4b5de18b8b24092f75 - PKG_LICENSE:=OpenSSL - PATCH_DIR=./patches-1.1 -else - PKG_VERSION:=3.0.1 - PKG_HASH:=bfeac85883724cfbe0ecc6d942ac0524b908143e019ab3d3b6abe47a3466a628 - PKG_LICENSE:=Apache-2.0 - PATCH_DIR=./patches-3 -endif -PKG_RELEASE:=7 +PKG_VERSION:=3.0.1 +PKG_HASH:=bfeac85883724cfbe0ecc6d942ac0524b908143e019ab3d3b6abe47a3466a628 +PKG_LICENSE:=Apache-2.0 +PATCH_DIR=./patches-3 +PKG_RELEASE:=8 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/gost-engine/engine/archive/v$(PKG_VERSION) diff --git a/libs/gost_engine/files/gost.cnf b/libs/gost_engine/files/gost.cnf index 84a707c93..8980c5289 100644 --- a/libs/gost_engine/files/gost.cnf +++ b/libs/gost_engine/files/gost.cnf @@ -1,4 +1,4 @@ -[gost] +[gost_sect] default_algorithms = ALL # CRYPT_PARAMS: OID of default GOST 28147-89 parameters It allows the # user to choose between different parameter sets of symmetric cipher From 1ee71d4a1a6321ff8d2c0fccd7e4486998c60d19 Mon Sep 17 00:00:00 2001 From: Georgi Valkov Date: Thu, 23 Mar 2023 19:48:05 +0200 Subject: [PATCH 11/18] coreutils: update to 9.2 Build system: Ubuntu Linux 22.04, macOS 12.6.3 Run-tested: x64, WRT3200ACM, TL-WR1043ND v4 Signed-off-by: Georgi Valkov --- utils/coreutils/Makefile | 4 +-- .../patches/001-no_docs_man_tests.patch | 30 +++++++++---------- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/utils/coreutils/Makefile b/utils/coreutils/Makefile index d1af3ce96..dd1afd792 100644 --- a/utils/coreutils/Makefile +++ b/utils/coreutils/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=coreutils -PKG_VERSION:=9.1 +PKG_VERSION:=9.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@GNU/coreutils -PKG_HASH:=61a1f410d78ba7e7f37a5a4f50e6d1320aca33375484a3255eddf17a38580423 +PKG_HASH:=6885ff47b9cdb211de47d368c17853f406daaf98b148aaecdf10de29cc04b0b3 PKG_MAINTAINER:=Jo-Philipp Wich PKG_LICENSE:=GPL-3.0-or-later diff --git a/utils/coreutils/patches/001-no_docs_man_tests.patch b/utils/coreutils/patches/001-no_docs_man_tests.patch index e4feaf5cd..3c5bf2ec3 100644 --- a/utils/coreutils/patches/001-no_docs_man_tests.patch +++ b/utils/coreutils/patches/001-no_docs_man_tests.patch @@ -9,7 +9,7 @@ EXTRA_DIST = \ .mailmap \ -@@ -210,6 +210,3 @@ AM_CPPFLAGS = -Ilib -I$(top_srcdir)/lib +@@ -211,6 +211,3 @@ AM_CPPFLAGS = -Ilib -I$(top_srcdir)/lib include $(top_srcdir)/lib/local.mk include $(top_srcdir)/src/local.mk @@ -18,7 +18,7 @@ -include $(top_srcdir)/tests/local.mk --- a/Makefile.in +++ b/Makefile.in -@@ -4115,11 +4115,7 @@ RECURSIVE_TARGETS = all-recursive check- +@@ -4145,11 +4145,7 @@ RECURSIVE_TARGETS = all-recursive check- install-ps-recursive install-recursive installcheck-recursive \ installdirs-recursive pdf-recursive ps-recursive \ tags-recursive uninstall-recursive @@ -31,7 +31,7 @@ am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ -@@ -4369,10 +4365,10 @@ am__DIST_COMMON = $(doc_coreutils_TEXINF +@@ -4399,10 +4395,10 @@ am__DIST_COMMON = $(doc_coreutils_TEXINF $(top_srcdir)/build-aux/missing \ $(top_srcdir)/build-aux/test-driver \ $(top_srcdir)/build-aux/texinfo.tex \ @@ -46,25 +46,25 @@ $(top_srcdir)/tests/local.mk ABOUT-NLS AUTHORS COPYING \ ChangeLog INSTALL NEWS README THANKS TODO build-aux/compile \ build-aux/config.guess build-aux/config.rpath \ -@@ -4479,7 +4475,7 @@ EOVERFLOW_VALUE = @EOVERFLOW_VALUE@ - ERRNO_H = @ERRNO_H@ +@@ -4516,7 +4512,7 @@ ERROR_H = @ERROR_H@ ETAGS = @ETAGS@ + EUIDACCESS_LIBGEN = @EUIDACCESS_LIBGEN@ EXEEXT = @EXEEXT@ -EXTRA_MANS = @EXTRA_MANS@ +EXTRA_MANS = + FDATASYNC_LIB = @FDATASYNC_LIB@ + FILE_HAS_ACL_LIB = @FILE_HAS_ACL_LIB@ FLOAT_H = @FLOAT_H@ - FNMATCH_H = @FNMATCH_H@ - GETADDRINFO_LIB = @GETADDRINFO_LIB@ -@@ -6057,7 +6053,7 @@ libexecdir = @libexecdir@ - lispdir = @lispdir@ - localedir = @localedir@ +@@ -6171,7 +6167,7 @@ localedir_c_make = @localedir_c_make@ localstatedir = @localstatedir@ + localstatedir_c = @localstatedir_c@ + localstatedir_c_make = @localstatedir_c_make@ -man1_MANS = @man1_MANS@ +man1_MANS = mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -6080,7 +6076,7 @@ top_build_prefix = @top_build_prefix@ + mandir_c = @mandir_c@ + mandir_c_make = @mandir_c_make@ +@@ -6220,7 +6216,7 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ ALL_RECURSIVE_TARGETS = distcheck-hook check-root @@ -73,7 +73,7 @@ #if GNU_MAKE # [nicer features that work only with GNU Make] -@@ -8272,7 +8268,7 @@ all: $(BUILT_SOURCES) +@@ -8425,7 +8421,7 @@ all: $(BUILT_SOURCES) .SUFFIXES: .1 .c .dvi .log .o .obj .pl .pl$(EXEEXT) .ps .sh .sh$(EXEEXT) .trs .x .xpl .xpl$(EXEEXT) .y am--refresh: Makefile @: @@ -82,7 +82,7 @@ @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ -@@ -8294,7 +8290,7 @@ Makefile: $(srcdir)/Makefile.in $(top_bu +@@ -8447,7 +8443,7 @@ Makefile: $(srcdir)/Makefile.in $(top_bu echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles)'; \ cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles);; \ esac; From 5c32126d39521efca1c3c5b836ca2d42edede6e0 Mon Sep 17 00:00:00 2001 From: Zhang Rui Date: Tue, 28 Mar 2023 16:45:52 +0800 Subject: [PATCH 12/18] tinyproxy: Update to 1.11.1 Signed-off-by: Zhang Rui --- net/tinyproxy/Makefile | 4 +- net/tinyproxy/files/tinyproxy.config | 7 ++++ net/tinyproxy/files/tinyproxy.init | 10 +++++ net/tinyproxy/patches/120-fix_INET6.patch | 48 +++++++++++++++++------ 4 files changed, 55 insertions(+), 14 deletions(-) diff --git a/net/tinyproxy/Makefile b/net/tinyproxy/Makefile index 89a4bd0c9..b1ac9cf19 100644 --- a/net/tinyproxy/Makefile +++ b/net/tinyproxy/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tinyproxy -PKG_VERSION:=1.10.0 +PKG_VERSION:=1.11.1 PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://github.com/tinyproxy/tinyproxy/releases/download/$(PKG_VERSION) -PKG_HASH:=59be87689c415ba0d9c9bc6babbdd3df3b372d60b21e526b118d722dbc995682 +PKG_HASH:=d66388448215d0aeb90d0afdd58ed00386fb81abc23ebac9d80e194fceb40f7c PKG_MAINTAINER:=Jo-Philipp Wich PKG_LICENSE:=GPL-2.0-or-later diff --git a/net/tinyproxy/files/tinyproxy.config b/net/tinyproxy/files/tinyproxy.config index ac7b46ff0..e62ce1cf0 100644 --- a/net/tinyproxy/files/tinyproxy.config +++ b/net/tinyproxy/files/tinyproxy.config @@ -63,6 +63,13 @@ option DefaultErrorFile "/usr/share/tinyproxy/default.html" # option StatFile "/usr/share/tinyproxy/stats.html" +# +# BasicAuth: Tinyproxy server operators may want to not run an "open" proxy +# for the whole world, but rather limit usage to a smaller goup +# of users. They then put the line. +# +#option BasicAuth "username password" + # # Where to log the information. Either LogFile or Syslog should be set, # but not both. diff --git a/net/tinyproxy/files/tinyproxy.init b/net/tinyproxy/files/tinyproxy.init index 1feac669c..4afdae6aa 100644 --- a/net/tinyproxy/files/tinyproxy.init +++ b/net/tinyproxy/files/tinyproxy.init @@ -55,6 +55,14 @@ proxy_string() { } } +proxy_m_string() { + local SECTION=$1 + local OPTION=$2 + + config_get _value "$SECTION" "$OPTION" + [ -n "$_value" ] && echo "${ALIAS:-${OPTION}} ""$_value" +} + proxy_flag() { local SECTION=$1 local OPTION=$2 @@ -108,6 +116,8 @@ start_proxy() { proxy_string "$1" StatFile proxy_string "$1" LogFile + proxy_m_string "$1" BasicAuth + proxy_flag "$1" Syslog proxy_atom "$1" LogLevel diff --git a/net/tinyproxy/patches/120-fix_INET6.patch b/net/tinyproxy/patches/120-fix_INET6.patch index 3911c18f0..6281a4223 100644 --- a/net/tinyproxy/patches/120-fix_INET6.patch +++ b/net/tinyproxy/patches/120-fix_INET6.patch @@ -1,16 +1,15 @@ --- a/src/sock.c +++ b/src/sock.c -@@ -39,8 +39,7 @@ - * returned if the bind succeeded. Otherwise, -1 is returned +@@ -63,7 +63,7 @@ static const char * family_string (int a * to indicate an error. */ --static int + static int -bind_socket (int sockfd, const char *addr, int family) -+static int bind_socket (int sockfd, const char *addr) ++bind_socket (int sockfd, const char *addr) { struct addrinfo hints, *res, *ressave; - -@@ -48,7 +47,7 @@ bind_socket (int sockfd, const char *add + int n; +@@ -72,14 +72,14 @@ bind_socket (int sockfd, const char *add assert (addr != NULL && strlen (addr) != 0); memset (&hints, 0, sizeof (struct addrinfo)); @@ -18,8 +17,33 @@ + hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_STREAM; - /* The local port it not important */ -@@ -112,14 +111,12 @@ int opensock (const char *host, int port + /* The local port is not important */ + n = getaddrinfo (addr, NULL, &hints, &res); + if (n != 0) { + log_message (LOG_INFO, +- "bind_socket: getaddrinfo failed for %s: %s (af: %s)", addr, get_gai_error (n), family_string(family)); ++ "bind_socket: getaddrinfo failed for %s: %s", addr, get_gai_error (n)); + return -1; + } + +@@ -102,14 +102,14 @@ bind_socket (int sockfd, const char *add + * Try binding the given socket to supplied addresses, stopping when one succeeds. + */ + static int +-bind_socket_list (int sockfd, sblist *addresses, int family) ++bind_socket_list (int sockfd, sblist *addresses) + { + size_t nb_addresses = sblist_getsize(addresses); + size_t i; + + for (i = 0; i < nb_addresses; i++) { + const char *address = *(const char **)sblist_get(addresses, i); +- if (bind_socket(sockfd, address, family) >= 0) { ++ if (bind_socket(sockfd, address) >= 0) { + log_message(LOG_INFO, "Bound to %s", address); + return 0; + } +@@ -170,14 +170,12 @@ int opensock (const char *host, int port /* Bind to the specified address */ if (bind_to) { @@ -29,10 +53,10 @@ close (sockfd); continue; /* can't bind, so try again */ } - } else if (config.bind_address) { -- if (bind_socket (sockfd, config.bind_address, -- res->ai_family) < 0) { -+ if (bind_socket (sockfd, config.bind_address) < 0) { + } else if (config->bind_addrs) { +- if (bind_socket_list (sockfd, config->bind_addrs, +- res->ai_family) < 0) { ++ if (bind_socket_list (sockfd, config->bind_addrs) < 0) { close (sockfd); continue; /* can't bind, so try again */ } From 0ff1a8666be7cc3ebde5838c4b166a2438f87567 Mon Sep 17 00:00:00 2001 From: Vladimir Ulrich Date: Mon, 3 Apr 2023 15:59:22 +0300 Subject: [PATCH 13/18] zoneinfo: updated to the latest release Signed-off-by: Vladimir Ulrich --- utils/zoneinfo/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/utils/zoneinfo/Makefile b/utils/zoneinfo/Makefile index 251a1cd08..7608fcef6 100644 --- a/utils/zoneinfo/Makefile +++ b/utils/zoneinfo/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2007-2022 OpenWrt.org +# Copyright (C) 2007-2023 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=zoneinfo -PKG_VERSION:=2022g +PKG_VERSION:=2023c PKG_RELEASE:=1 #As i couldn't find real license used "Public Domain" @@ -19,14 +19,14 @@ PKG_LICENSE:=Public Domain PKG_SOURCE:=tzdata$(PKG_VERSION).tar.gz PKG_SOURCE_CODE:=tzcode$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.iana.org/time-zones/repository/releases -PKG_HASH:=4491db8281ae94a84d939e427bdd83dc389f26764d27d9a5c52d782c16764478 +PKG_HASH:=3f510b5d1b4ae9bb38e485aa302a776b317fb3637bdb6404c4adf7b6cadd965c include $(INCLUDE_DIR)/package.mk define Download/tzcode FILE=$(PKG_SOURCE_CODE) URL=$(PKG_SOURCE_URL) - HASH:=9610bb0b9656ff404c361a41f3286da53064b5469d84f00c9cb2314c8614da74 + HASH:=46d17f2bb19ad73290f03a203006152e0fa0d7b11e5b71467c4a823811b214e7 endef $(eval $(call Download,tzcode)) From 76d02f933f006fb854c03fa1738ed795acc32e50 Mon Sep 17 00:00:00 2001 From: Hannu Nyman Date: Wed, 5 Apr 2023 20:41:25 +0300 Subject: [PATCH 14/18] nano: make nanorc world readable If file /etc/nanorc is readable by everyone, "default" settings are available for users as well without necessarily requiring their own customized .nanorc in their home directory. Or if they want one, but want it to be based on system's default nanorc, they can copy it from /etc - without chmodding file, it is in-accessible for users. Suggested-by: Oskari Rauta [switched approach to use INSTALL_DATA] Signed-off-by: Hannu Nyman --- utils/nano/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/nano/Makefile b/utils/nano/Makefile index 2db13c583..e68b28950 100644 --- a/utils/nano/Makefile +++ b/utils/nano/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nano PKG_VERSION:=7.2 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@GNU/nano @@ -138,7 +138,7 @@ endef define Package/nano-full/install $(call Package/nano/install,$1) $(INSTALL_DIR) $(1)/etc $(1)/usr/share/nano - $(INSTALL_CONF) ./files/nanorc $(1)/etc/nanorc + $(INSTALL_DATA) ./files/nanorc $(1)/etc/nanorc $(INSTALL_DATA) ./files/uci.nanorc $(1)/usr/share/nano $(CP) $(PKG_INSTALL_DIR)/usr/share/nano/* $(1)/usr/share/nano endef From 04d5fa8dfc92047e2875db39ff10256d4b0aed12 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Thu, 6 Apr 2023 18:49:30 +0800 Subject: [PATCH 15/18] dnsproxy: Update to 0.48.3 Signed-off-by: Tianling Shen --- net/dnsproxy/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/dnsproxy/Makefile b/net/dnsproxy/Makefile index 3ff8f834a..2e5724ed9 100644 --- a/net/dnsproxy/Makefile +++ b/net/dnsproxy/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsproxy -PKG_VERSION:=0.48.2 +PKG_VERSION:=0.48.3 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/AdguardTeam/dnsproxy/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=fd385b3414e616aef5d96b7b007d5fc4fd21b73d6bc097811508e9ddb9b3f4cb +PKG_HASH:=bc5f5e6d812293c13b7b6d42eae72a82231d9f332af1d2947c37dbdbf663abf3 PKG_MAINTAINER:=Tianling Shen PKG_LICENSE:=Apache-2.0 From c07fae25e70a159b48154fadcb3fcb3fd4f73ef1 Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Thu, 6 Apr 2023 19:37:28 +0200 Subject: [PATCH 16/18] banip: release 0.8.3-1 * add the new init command 'lookup', to lookup the IPs of domain names in the local lists and update them * significant acceleration of the domain lookup function * multiple small fixes and improvements * readme update * luci update (separate commit) Signed-off-by: Dirk Brenken --- net/banip/Makefile | 4 +-- net/banip/files/README.md | 32 ++++++++++------- net/banip/files/banip-functions.sh | 58 +++++++++++++++--------------- net/banip/files/banip-service.sh | 26 ++++++++------ net/banip/files/banip.init | 29 ++++++++++----- net/banip/files/banip.tpl | 14 +++++--- 6 files changed, 96 insertions(+), 67 deletions(-) diff --git a/net/banip/Makefile b/net/banip/Makefile index 65fa9e270..d2e54a2ad 100644 --- a/net/banip/Makefile +++ b/net/banip/Makefile @@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=banip -PKG_VERSION:=0.8.2 -PKG_RELEASE:=6 +PKG_VERSION:=0.8.3 +PKG_RELEASE:=1 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/banip/files/README.md b/net/banip/files/README.md index f4502816b..f4116889b 100644 --- a/net/banip/files/README.md +++ b/net/banip/files/README.md @@ -75,7 +75,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre * Provides a set search engine for certain IPs * Feed parsing by fast & flexible regex rulesets * Minimal status & error logging to syslog, enable debug logging to receive more output -* Procd based init system support (start/stop/restart/reload/status/report/search/survey) +* Procd based init system support (start/stop/restart/reload/status/report/search/survey/lookup) * Procd network interface trigger support * Ability to add new banIP feeds on your own @@ -114,6 +114,7 @@ Available commands: report [text|json|mail] Print banIP related set statistics search [|] Check if an element exists in a banIP set survey [] List all elements of a given banIP set + lookup Lookup the IPs of domain names in the local lists and update them running Check if service is running status Service status trace Start with syscall trace @@ -226,18 +227,16 @@ Available commands: ~# /etc/init.d/banip status ::: banIP runtime information + status : active (nft: ✔, monitor: ✔) - + version : 0.8.2-2 - + element_count : 211397 - + active_feeds : allowlistvMAC, allowlistv4, allowlistv6, adawayv4, adawayv6, adguardv4, adguardtrackersv4, adguardv6, adguardtrackersv - 6, antipopadsv4, antipopadsv6, cinsscorev4, countryv6, countryv4, deblv4, deblv6, dohv4, dohv6, firehol1v4, oisdsmallv - 6, oisdsmallv4, stevenblackv6, stevenblackv4, webclientv4, blocklistvMAC, blocklistv4, blocklistv6 - + active_devices : eth2 ::: wan, wan6 - + active_subnets : 91.64.148.211/24, 2b02:710c:0:80:e442:4b0c:637d:1d33/128 + + version : 0.8.3-1 + + element_count : 281161 + + active_feeds : allowlistvMAC, allowlistv6, allowlistv4, adawayv4, adguardtrackersv4, adawayv6, adguardv6, adguardv4, adguardtrackersv6, antipopadsv6, antipopadsv4, cinsscorev4, deblv4, countryv6, countryv4, deblv6, dohv4, dohv6, iblockadsv4, firehol1v4, oisdbigv4, yoyov6, threatviewv4, yoyov4, oisdbigv6, blocklistvMAC, blocklistv4, blocklistv6 + + active_devices : br-wan ::: wan, wan6 + + active_subnets : 91.64.169.252/24, 2a02:710c:0:60:958b:3bd0:9e14:abb/128 + nft_info : priority: -200, policy: memory, loglevel: warn, expiry: - + run_info : base: /mnt/data/banIP, backup: /mnt/data/banIP/backup, report: /mnt/data/banIP/report, feed: /etc/banip/banip.feeds + run_flags : auto: ✔, proto (4/6): ✔/✔, log (wan-inp/wan-fwd/lan-fwd): ✔/✔/✔, dedup: ✔, split: ✘, allowed only: ✘ - + last_run : action: restart, duration: 0m 55s, date: 2023-03-10 19:33:08 - + system_info : cores: 2, memory: 1830, device: Turris Omnia, OpenWrt SNAPSHOT r22248-bf055fcdca + + last_run : action: reload, duration: 1m 0s, date: 2023-04-06 12:34:10 + + system_info : cores: 4, memory: 1822, device: Bananapi BPI-R3, OpenWrt SNAPSHOT r22498-75f7e2d10b ``` **banIP search information** @@ -288,15 +287,22 @@ list ban_logterm 'SecurityEvent=\"InvalidAccountID\".*RemoteAddress=' **allow-/blocklist handling** banIP supports local allow and block lists (IPv4, IPv6, CIDR notation or domain names), located in /etc/banip/banip.allowlist and /etc/banip/banip.blocklist. Unsuccessful login attempts or suspicious requests will be tracked and added to the local blocklist (see the 'ban\_autoblocklist' option). The blocklist behaviour can be further tweaked with the 'ban\_nftexpiry' option. -Furthermore the uplink subnet will be added to local allowlist (see 'ban\_autowallowlist' option). -Both lists also accept domain names as input to allow IP filtering based on these names. The corresponding IPs (IPv4 & IPv6) will be extracted in a detached background process and added to the sets. +Furthermore the uplink subnet will be added to local allowlist (see 'ban\_autoallowlist' option). +Both lists also accept domain names as input to allow IP filtering based on these names. The corresponding IPs (IPv4 & IPv6) will be extracted and added to the sets. You can also start the domain lookup separately via /etc/init.d/banip lookup at any time. **allowlist-only mode** banIP supports an "allowlist only" mode. This option restricts the internet access from/to a small number of secure websites/IPs, and block access from/to the rest of the internet. All IPs and Domains which are _not_ listed in the allowlist are blocked. -**redirect Asterisk security logs to lodg/logread** +**redirect Asterisk security logs to lodg/logread** banIP only supports logfile scanning via logread, so to monitor attacks on Asterisk, its security log must be available via logread. To do this, edit '/etc/asterisk/logger.conf' and add the line 'syslog.local0 = security', then run 'asterisk -rx reload logger' to update the running Asterisk configuration. +**send status E-Mails and update the banIP lists via cron job** +For a regular, automatic status mailing and update of the used lists on a daily basis set up a cron job, e.g. +``` +55 03 * * * /etc/init.d/banip report mail +00 04 * * * /etc/init.d/banip reload +``` + **tweaks for low memory systems** nftables supports the atomic loading of rules/sets/members, which is cool but unfortunately is also very memory intensive. To reduce the memory pressure on low memory systems (i.e. those with 256-512Mb RAM), you should optimize your configuration with the following options: diff --git a/net/banip/files/banip-functions.sh b/net/banip/files/banip-functions.sh index a5049aa8b..991d1147e 100644 --- a/net/banip/files/banip-functions.sh +++ b/net/banip/files/banip-functions.sh @@ -78,6 +78,7 @@ ban_debug="0" f_system() { local cpu core + [ -z "${ban_dev}" ] && ban_cores="$(uci_get banip global ban_cores)" ban_memory="$("${ban_awkcmd}" '/^MemAvailable/{printf "%s",int($2/1000)}' "/proc/meminfo" 2>/dev/null)" ban_ver="$(${ban_ubuscmd} -S call rpc-sys packagelist '{ "all": true }' 2>/dev/null | jsonfilter -ql1 -e '@.packages.banip')" ban_sysver="$(${ban_ubuscmd} -S call system board 2>/dev/null | jsonfilter -ql1 -e '@.model' -e '@.release.description' | @@ -426,7 +427,7 @@ f_getsub() { f_getelements() { local file="${1}" - [ -s "${file}" ] && printf "%s" "elements={ $(cat "${file}") };" + [ -s "${file}" ] && printf "%s" "elements={ $(cat "${file}" 2>/dev/null) };" } # build initial nft file with base table, chains and rules @@ -975,8 +976,6 @@ f_getstatus() { done json_select ".." fi - value="$(printf "%s" "${value}" | - awk '{NR=1;max=118;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{printf"%-24s%s\n","",substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')" printf " + %-17s : %s\n" "${key}" "${value:-"-"}" done else @@ -987,7 +986,7 @@ f_getstatus() { # domain lookup # f_lookup() { - local cnt list domain lookup ip start_time end_time duration cnt_domain="0" cnt_ip="0" feed="${1}" + local cnt list domain lookup ip elementsv4 elementsv6 start_time end_time duration cnt_domain="0" cnt_ip="0" feed="${1}" start_time="$(date "+%s")" if [ "${feed}" = "allowlist" ]; then @@ -1004,32 +1003,36 @@ f_lookup() { else if { [ "${feed}" = "allowlist" ] && ! "${ban_grepcmd}" -q "^${ip}" "${ban_allowlist}"; } || { [ "${feed}" = "blocklist" ] && ! "${ban_grepcmd}" -q "^${ip}" "${ban_blocklist}"; }; then - cnt_ip="$((cnt_ip + 1))" if [ "${ip##*:}" = "${ip}" ]; then - if ! "${ban_nftcmd}" add element inet banIP "${feed}v4" "{ ${ip} }" >/dev/null 2>&1; then - f_log "info" "failed to add IP '${ip}' (${domain}) to ${feed}v4 set" - continue - fi + elementsv4="${elementsv4} ${ip}," else - if ! "${ban_nftcmd}" add element inet banIP "${feed}v6" "{ ${ip} }" >/dev/null 2>&1; then - f_log "info" "failed to add IP '${ip}' (${domain}) to ${feed}v6 set" - continue - fi + elementsv6="${elementsv6} ${ip}," fi if [ "${feed}" = "allowlist" ] && [ "${ban_autoallowlist}" = "1" ]; then printf "%-42s%s\n" "${ip}" "# '${domain}' added on $(date "+%Y-%m-%d %H:%M:%S")" >>"${ban_allowlist}" elif [ "${feed}" = "blocklist" ] && [ "${ban_autoblocklist}" = "1" ]; then printf "%-42s%s\n" "${ip}" "# '${domain}' added on $(date "+%Y-%m-%d %H:%M:%S")" >>"${ban_blocklist}" fi + cnt_ip="$((cnt_ip + 1))" fi fi done cnt_domain="$((cnt_domain + 1))" done + if [ -n "${elementsv4}" ]; then + if ! "${ban_nftcmd}" add element inet banIP "${feed}v4" "{ ${elementsv4} }" >/dev/null 2>&1; then + f_log "info" "failed to add lookup file to ${feed}v4 set" + fi + fi + if [ -n "${elementsv6}" ]; then + if ! "${ban_nftcmd}" add element inet banIP "${feed}v6" "{ ${elementsv6} }" >/dev/null 2>&1; then + f_log "info" "failed to add lookup file to ${feed}v6 set" + fi + fi end_time="$(date "+%s")" duration="$(((end_time - start_time) / 60))m $(((end_time - start_time) % 60))s" - f_log "debug" "f_lookup ::: name: ${feed}, cnt_domain: ${cnt_domain}, cnt_ip: ${cnt_ip}, duration: ${duration}" + f_log "info" "Lookup summary for the local ${feed}: Domains processed: ${cnt_domain}, IPs added: ${cnt_ip}, Duration: ${duration}" } # table statistics @@ -1198,7 +1201,7 @@ f_report() { # set search # f_search() { - local table_sets ip proto run_search search="${1}" + local set table_sets ip proto run_search hold cnt search="${1}" if [ -n "${search}" ]; then ip="$(printf "%s" "${search}" | "${ban_awkcmd}" 'BEGIN{RS="(([0-9]{1,3}\\.){3}[0-9]{1,3})+"}{printf "%s",RT}')" @@ -1215,14 +1218,15 @@ f_search() { return fi printf "%s\n%s\n%s\n" ":::" "::: banIP Search" ":::" - printf "%s\n" " Looking for IP '${ip}' on $(date "+%Y-%m-%d %H:%M:%S")" - printf "%s\n" " ---" + printf " %s\n" "Looking for IP '${ip}' on $(date "+%Y-%m-%d %H:%M:%S")" + printf " %s\n" "---" cnt="1" run_search="/var/run/banIP.search" for set in ${table_sets}; do + [ -f "${run_search}" ] && break ( if "${ban_nftcmd}" get element inet banIP "${set}" "{ ${ip} }" >/dev/null 2>&1; then - printf "%s\n" " IP found in Set '${set}'" + printf " %s\n" "IP found in Set '${set}'" : >"${run_search}" fi ) & @@ -1231,11 +1235,8 @@ f_search() { cnt="$((cnt + 1))" done wait - if [ ! -f "${run_search}" ]; then - printf "%s\n" " IP not found" - else - rm -f "${run_search}" - fi + [ ! -f "${run_search}" ] && printf " %s\n" "IP not found" + rm -f "${run_search}" } # set survey @@ -1243,16 +1244,15 @@ f_search() { f_survey() { local set_elements set="${1}" - [ -n "${set}" ] && set_elements="$("${ban_nftcmd}" -j list set inet banIP "${set}" 2>/dev/null | jsonfilter -qe '@.nftables[*].set.elem[*]')" - - if [ -z "${set}" ] || [ -z "${set_elements}" ]; then + if [ -z "${set}" ]; then printf "%s\n%s\n%s\n" ":::" "::: no valid survey input" ":::" return fi + [ -n "${set}" ] && set_elements="$("${ban_nftcmd}" -j list set inet banIP "${set}" 2>/dev/null | jsonfilter -qe '@.nftables[*].set.elem[*]')" printf "%s\n%s\n%s\n" ":::" "::: banIP Survey" ":::" - printf "%s\n" " List the elements of Set '${set}' on $(date "+%Y-%m-%d %H:%M:%S")" - printf "%s\n" " ---" - printf "%s\n" "${set_elements}" + printf " %s\n" "List the elements of Set '${set}' on $(date "+%Y-%m-%d %H:%M:%S")" + printf " %s\n" "---" + [ -n "${set_elements}" ] && printf "%s\n" "${set_elements}" || printf " %s\n" "empty set" } # send status mails diff --git a/net/banip/files/banip-service.sh b/net/banip/files/banip-service.sh index e753a8810..10f0b9747 100755 --- a/net/banip/files/banip-service.sh +++ b/net/banip/files/banip-service.sh @@ -124,21 +124,25 @@ for feed in allowlist ${ban_feed} blocklist; do fi done wait - -# start background domain lookup -# -f_log "info" "start detached banIP domain lookup" -(f_lookup "allowlist") & -hold="$((cnt % ban_cores))" -[ "${hold}" = "0" ] && wait -(f_lookup "blocklist") & - -# end processing -# f_rmset f_rmdir "${ban_tmpdir}" f_genstatus "active" f_log "info" "finished banIP download processes" + +# start domain lookup +# +f_log "info" "start banIP domain lookup" +cnt="1" +for list in allowlist blocklist; do + (f_lookup "${list}") & + hold="$((cnt % ban_cores))" + [ "${hold}" = "0" ] && wait + cnt="$((cnt + 1))" +done +wait + +# end processing +# if [ "${ban_mailnotification}" = "1" ] && [ -n "${ban_mailreceiver}" ] && [ -x "${ban_mailcmd}" ]; then ( sleep ${ban_triggerdelay} diff --git a/net/banip/files/banip.init b/net/banip/files/banip.init index d8faafdaa..6822a1bcb 100755 --- a/net/banip/files/banip.init +++ b/net/banip/files/banip.init @@ -12,6 +12,7 @@ USE_PROCD=1 extra_command "report" "[text|json|mail] Print banIP related set statistics" extra_command "search" "[|] Check if an element exists in a banIP set" extra_command "survey" "[] List all elements of a given banIP set" +extra_command "lookup" "Lookup the IPs of domain names in the local lists and update them" ban_init="/etc/init.d/banip" ban_service="/usr/bin/banip-service.sh" @@ -20,10 +21,10 @@ ban_pidfile="/var/run/banip.pid" ban_lock="/var/run/banip.lock" [ "${action}" = "boot" ] && /etc/init.d/banip running && exit 0 -[ "${action}" = "stop" ] && ! /etc/init.d/banip running && exit 0 -[ ! -r "${ban_funlib}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "stop" ] || [ "${action}" = "report" ] || [ "${action}" = "search" ] || [ "${action}" = "survey" ] || [ "${action}" = "status" ]; } && exit 1 -[ -d "${ban_lock}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ]; } && exit 1 -[ ! -d "${ban_lock}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ]; } && mkdir -p "${ban_lock}" +{ [ "${action}" = "stop" ] || [ "${action}" = "lookup" ]; } && ! /etc/init.d/banip running && exit 0 +[ ! -r "${ban_funlib}" ] && [ "${action}" != "boot" ] && exit 1 +[ -d "${ban_lock}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "lookup" ]; } && exit 1 +[ ! -d "${ban_lock}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "lookup" ]; } && mkdir -p "${ban_lock}" boot() { : >"${ban_pidfile}" @@ -61,7 +62,7 @@ stop_service() { "${ban_nftcmd}" delete table inet banIP >/dev/null 2>&1 f_genstatus "stopped" f_rmpid - rm -rf "${ban_lock}" + [ "${action}" = "stop" ] && rm -rf "${ban_lock}" } restart() { @@ -74,10 +75,8 @@ status() { } status_service() { - local actual="${1}" - [ -z "$(command -v "f_system")" ] && . "${ban_funlib}" - [ -n "${actual}" ] && f_actual || f_getstatus + f_getstatus } report() { @@ -95,6 +94,20 @@ survey() { f_survey "${1}" } +lookup() { + local list hold cnt="1" + + [ -z "$(command -v "f_system")" ] && . "${ban_funlib}" + for list in allowlist blocklist; do + (f_lookup "${list}") & + hold="$((cnt % ban_cores))" + [ "${hold}" = "0" ] && wait + cnt="$((cnt + 1))" + done + wait + rm -rf "${ban_lock}" +} + service_triggers() { local iface trigger trigger_action delay diff --git a/net/banip/files/banip.tpl b/net/banip/files/banip.tpl index 0474eb344..f6bd5214c 100644 --- a/net/banip/files/banip.tpl +++ b/net/banip/files/banip.tpl @@ -6,7 +6,7 @@ # local banip_info report_info log_info system_info mail_text -banip_info="$(/etc/init.d/banip status 2>/dev/null)" +banip_info="$(/etc/init.d/banip status 2>/dev/null | awk '{NR=1;max=140;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{print substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')" report_info="$(cat ${ban_reportdir}/ban_report.txt 2>/dev/null)" log_info="$("${ban_logreadcmd}" -l 100 -e "banIP/" 2>/dev/null | awk '{NR=1;max=140;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{print substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')" system_info="$( @@ -14,11 +14,17 @@ system_info="$( ubus call system board | awk 'BEGIN{FS="[{}\"]"}{if($2=="kernel"||$2=="hostname"||$2=="system"||$2=="model"||$2=="description")printf " + %-12s: %s\n",$2,$4}' )" -# mail body +# content header # mail_text="$(printf "%s\n" "
")"
+
+# content body
+#
 mail_text="$(printf "%s\n" "${mail_text}\n++\n++ System Information ++\n++\n${system_info:-"-"}")"
 mail_text="$(printf "%s\n" "${mail_text}\n\n++\n++ banIP Status ++\n++\n${banip_info:-"-"}")"
-mail_text="$(printf "%s\n" "${mail_text}\n\n++\n++ banIP Report ++\n++\n${report_info:-"-"}")"
-mail_text="$(printf "%s\n" "${mail_text}\n\n++\n++ Logfile Information ++\n++\n${log_info}")"
+[ -n "${report_info}" ] && mail_text="$(printf "%s\n" "${mail_text}\n\n++\n++ banIP Report ++\n++\n${report_info}")"
+[ -n "${log_info}" ] && mail_text="$(printf "%s\n" "${mail_text}\n\n++\n++ Logfile Information ++\n++\n${log_info}")"
+
+# content footer
+#
 mail_text="$(printf "%s\n" "${mail_text}
")" From 11cac71248dea0a188cdc86d7b9ca193d5523da0 Mon Sep 17 00:00:00 2001 From: John Audia Date: Sat, 25 Mar 2023 15:47:26 -0400 Subject: [PATCH 17/18] lxc: update to 5.0.2 Bump to latest upstream release. Removed upstreamed patches: 001-build-detect-where-struct-mount_attr-is-declared.patch[1] 002-build-detect-sys-pidfd.h-availability.patch[2] 003-build-check-for-FS_CONFIG_-header-symbol-in-sys-moun.patch[3] 011-tree-wide-wipe-direct-or-indirect-linux-mount.h-incl.patch[4] 012-tree-wide-use-struct-clone_args-directly.patch[5] 013-tree-wide-use-struct-open_how-directly.patch[6] 1. https://github.com/lxc/lxc/commit/b7b269680f4a773a54b274d7fbd1140fc32e1935 2. https://github.com/lxc/lxc/commit/e510d6bd870c15fc509477343cb1268b9726caa6 3. https://github.com/lxc/lxc/commit/02f4bd00f5b5648b7f71c266d36a961fe54dbfc6 4. https://github.com/lxc/lxc/commit/497479ea3b8d13900a8f9427a5ade8a51facd7ab 5. https://github.com/lxc/lxc/commit/c9bca33263ed82190edc77960cdc19c3088167e6 6. https://github.com/lxc/lxc/commit/d1dfce9c59067aac0a22cdffe8b6d80f6bbdae87 Build system: x86_64 Build-tested: bcm2711/RPi4B Run-tested: bcm2711/RPi4B Signed-off-by: John Audia --- utils/lxc/Makefile | 6 +- ...-where-struct-mount_attr-is-declared.patch | 173 --------------- ...uild-detect-sys-pidfd.h-availability.patch | 47 ----- ...FS_CONFIG_-header-symbol-in-sys-moun.patch | 143 ------------- ...irect-or-indirect-linux-mount.h-incl.patch | 197 ------------------ ...-wide-use-struct-clone_args-directly.patch | 99 --------- ...ee-wide-use-struct-open_how-directly.patch | 112 ---------- 7 files changed, 3 insertions(+), 774 deletions(-) delete mode 100644 utils/lxc/patches/001-build-detect-where-struct-mount_attr-is-declared.patch delete mode 100644 utils/lxc/patches/002-build-detect-sys-pidfd.h-availability.patch delete mode 100644 utils/lxc/patches/003-build-check-for-FS_CONFIG_-header-symbol-in-sys-moun.patch delete mode 100644 utils/lxc/patches/011-tree-wide-wipe-direct-or-indirect-linux-mount.h-incl.patch delete mode 100644 utils/lxc/patches/012-tree-wide-use-struct-clone_args-directly.patch delete mode 100644 utils/lxc/patches/013-tree-wide-use-struct-open_how-directly.patch diff --git a/utils/lxc/Makefile b/utils/lxc/Makefile index feafd092e..94b606afc 100644 --- a/utils/lxc/Makefile +++ b/utils/lxc/Makefile @@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lxc -PKG_VERSION:=5.0.1 -PKG_RELEASE:=4 +PKG_VERSION:=5.0.2 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://linuxcontainers.org/downloads/lxc/ -PKG_HASH:=d8195423bb1e206f8521d24b6cde4789f043960c7cf065990a9cf741dcfd4222 +PKG_HASH:=bea08d2e49efcee34fa58acd2bc95c0adc64d291c07f4cfaf4ac1d8ac5a36f45 PKG_MAINTAINER:=Marko Ratkaj PKG_LICENSE:=LGPL-2.1-or-later BSD-2-Clause GPL-2.0 diff --git a/utils/lxc/patches/001-build-detect-where-struct-mount_attr-is-declared.patch b/utils/lxc/patches/001-build-detect-where-struct-mount_attr-is-declared.patch deleted file mode 100644 index 89b52fc22..000000000 --- a/utils/lxc/patches/001-build-detect-where-struct-mount_attr-is-declared.patch +++ /dev/null @@ -1,173 +0,0 @@ -From c1115e1503bf955c97f4cf3b925a6a9f619764c3 Mon Sep 17 00:00:00 2001 -From: Christian Brauner -Date: Tue, 9 Aug 2022 16:14:25 +0200 -Subject: build: detect where struct mount_attr is declared - -Fixes: #4176 -Signed-off-by: Christian Brauner (Microsoft) ---- - meson.build | 30 ++++++++++++++++++++++++++++-- - src/lxc/conf.c | 6 +++--- - src/lxc/conf.h | 2 +- - src/lxc/mount_utils.c | 6 +++--- - src/lxc/syscall_wrappers.h | 12 ++++++++++-- - 5 files changed, 45 insertions(+), 11 deletions(-) - ---- a/meson.build -+++ b/meson.build -@@ -589,7 +589,6 @@ decl_headers = ''' - foreach decl: [ - '__aligned_u64', - 'struct clone_args', -- 'struct mount_attr', - 'struct open_how', - 'struct rtnl_link_stats64', - ] -@@ -609,7 +608,6 @@ foreach tuple: [ - ['struct seccomp_notif_sizes'], - ['struct clone_args'], - ['__aligned_u64'], -- ['struct mount_attr'], - ['struct open_how'], - ['struct rtnl_link_stats64'], - ] -@@ -629,6 +627,34 @@ foreach tuple: [ - endif - endforeach - -+## Types. -+decl_headers = ''' -+#include -+''' -+ -+# We get -1 if the size cannot be determined -+if cc.sizeof('struct mount_attr', prefix: decl_headers, args: '-D_GNU_SOURCE') > 0 -+ srcconf.set10('HAVE_' + 'struct mount_attr'.underscorify().to_upper(), true) -+ found_types += 'struct mount_attr (sys/mount.h)' -+else -+ srcconf.set10('HAVE_' + 'struct mount_attr'.underscorify().to_upper(), false) -+ missing_types += 'struct mount_attr (sys/mount.h)' -+endif -+ -+## Types. -+decl_headers = ''' -+#include -+''' -+ -+# We get -1 if the size cannot be determined -+if cc.sizeof('struct mount_attr', prefix: decl_headers, args: '-D_GNU_SOURCE') > 0 -+ srcconf.set10('HAVE_UAPI_' + 'struct mount_attr'.underscorify().to_upper(), true) -+ found_types += 'struct mount_attr (linux/mount.h)' -+else -+ srcconf.set10('HAVE_UAPI_' + 'struct mount_attr'.underscorify().to_upper(), false) -+ missing_types += 'struct mount_attr (linux/mount.h)' -+endif -+ - ## Headers. - foreach ident: [ - ['bpf', '''#include ---- a/src/lxc/conf.c -+++ b/src/lxc/conf.c -@@ -2885,7 +2885,7 @@ static int __lxc_idmapped_mounts_child(s - struct lxc_mount_options opts = {}; - int dfd_from; - const char *source_relative, *target_relative; -- struct lxc_mount_attr attr = {}; -+ struct mount_attr attr = {}; - - ret = parse_lxc_mount_attrs(&opts, mntent.mnt_opts); - if (ret < 0) -@@ -3005,7 +3005,7 @@ static int __lxc_idmapped_mounts_child(s - - /* Set propagation mount options. */ - if (opts.attr.propagation) { -- attr = (struct lxc_mount_attr) { -+ attr = (struct mount_attr) { - .propagation = opts.attr.propagation, - }; - -@@ -4109,7 +4109,7 @@ int lxc_idmapped_mounts_parent(struct lx - - for (;;) { - __do_close int fd_from = -EBADF, fd_userns = -EBADF; -- struct lxc_mount_attr attr = {}; -+ struct mount_attr attr = {}; - struct lxc_mount_options opts = {}; - ssize_t ret; - ---- a/src/lxc/conf.h -+++ b/src/lxc/conf.h -@@ -223,7 +223,7 @@ struct lxc_mount_options { - unsigned long mnt_flags; - unsigned long prop_flags; - char *data; -- struct lxc_mount_attr attr; -+ struct mount_attr attr; - char *raw_options; - }; - ---- a/src/lxc/mount_utils.c -+++ b/src/lxc/mount_utils.c -@@ -31,7 +31,7 @@ lxc_log_define(mount_utils, lxc); - * setting in @attr_set, but must also specify MOUNT_ATTR__ATIME in the - * @attr_clr field. - */ --static inline void set_atime(struct lxc_mount_attr *attr) -+static inline void set_atime(struct mount_attr *attr) - { - switch (attr->attr_set & MOUNT_ATTR__ATIME) { - case MOUNT_ATTR_RELATIME: -@@ -272,7 +272,7 @@ int create_detached_idmapped_mount(const - { - __do_close int fd_tree_from = -EBADF; - unsigned int open_tree_flags = OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC; -- struct lxc_mount_attr attr = { -+ struct mount_attr attr = { - .attr_set = MOUNT_ATTR_IDMAP | attr_set, - .attr_clr = attr_clr, - .userns_fd = userns_fd, -@@ -335,7 +335,7 @@ int __fd_bind_mount(int dfd_from, const - __u64 attr_clr, __u64 propagation, int userns_fd, - bool recursive) - { -- struct lxc_mount_attr attr = { -+ struct mount_attr attr = { - .attr_set = attr_set, - .attr_clr = attr_clr, - .propagation = propagation, ---- a/src/lxc/syscall_wrappers.h -+++ b/src/lxc/syscall_wrappers.h -@@ -18,6 +18,12 @@ - #include "macro.h" - #include "syscall_numbers.h" - -+#if HAVE_STRUCT_MOUNT_ATTR -+#include -+#elif HAVE_UAPI_STRUCT_MOUNT_ATTR -+#include -+#endif -+ - #ifdef HAVE_LINUX_MEMFD_H - #include - #endif -@@ -210,16 +216,18 @@ extern int fsmount(int fs_fd, unsigned i - /* - * mount_setattr() - */ --struct lxc_mount_attr { -+#if !HAVE_STRUCT_MOUNT_ATTR && !HAVE_UAPI_STRUCT_MOUNT_ATTR -+struct mount_attr { - __u64 attr_set; - __u64 attr_clr; - __u64 propagation; - __u64 userns_fd; - }; -+#endif - - #if !HAVE_MOUNT_SETATTR - static inline int mount_setattr(int dfd, const char *path, unsigned int flags, -- struct lxc_mount_attr *attr, size_t size) -+ struct mount_attr *attr, size_t size) - { - return syscall(__NR_mount_setattr, dfd, path, flags, attr, size); - } diff --git a/utils/lxc/patches/002-build-detect-sys-pidfd.h-availability.patch b/utils/lxc/patches/002-build-detect-sys-pidfd.h-availability.patch deleted file mode 100644 index 677c08fc2..000000000 --- a/utils/lxc/patches/002-build-detect-sys-pidfd.h-availability.patch +++ /dev/null @@ -1,47 +0,0 @@ -From ef1e0607b82e27350c2d677d649c6a0a9693fd40 Mon Sep 17 00:00:00 2001 -From: Christian Brauner -Date: Tue, 9 Aug 2022 16:27:40 +0200 -Subject: build: detect sys/pidfd.h availability - -Fixes: #4176 -Signed-off-by: Christian Brauner (Microsoft) ---- - meson.build | 1 + - src/lxc/process_utils.h | 6 ++++++ - 2 files changed, 7 insertions(+) - ---- a/meson.build -+++ b/meson.build -@@ -734,6 +734,7 @@ foreach tuple: [ - ['sys/resource.h'], - ['sys/memfd.h'], - ['sys/personality.h'], -+ ['sys/pidfd.h'], - ['sys/signalfd.h'], - ['sys/timerfd.h'], - ['pty.h'], ---- a/src/lxc/process_utils.h -+++ b/src/lxc/process_utils.h -@@ -15,6 +15,10 @@ - #include - #include - -+#if HAVE_SYS_PIDFD_H -+#include -+#endif -+ - #include "compiler.h" - #include "syscall_numbers.h" - -@@ -136,9 +140,11 @@ - #endif - - /* waitid */ -+#if !HAVE_SYS_PIDFD_H - #ifndef P_PIDFD - #define P_PIDFD 3 - #endif -+#endif - - #ifndef CLONE_ARGS_SIZE_VER0 - #define CLONE_ARGS_SIZE_VER0 64 /* sizeof first published struct */ diff --git a/utils/lxc/patches/003-build-check-for-FS_CONFIG_-header-symbol-in-sys-moun.patch b/utils/lxc/patches/003-build-check-for-FS_CONFIG_-header-symbol-in-sys-moun.patch deleted file mode 100644 index 20d406949..000000000 --- a/utils/lxc/patches/003-build-check-for-FS_CONFIG_-header-symbol-in-sys-moun.patch +++ /dev/null @@ -1,143 +0,0 @@ -From cbabe8abf11e7e7fb49c123bae31efdd9bc8f1e8 Mon Sep 17 00:00:00 2001 -From: Christian Brauner -Date: Tue, 9 Aug 2022 17:19:40 +0200 -Subject: build: check for FS_CONFIG_* header symbol in sys/mount.h - -Fixes: #4176 -Signed-off-by: Christian Brauner (Microsoft) ---- - meson.build | 59 +++++++++++++++++++++++++++++++++++++++++-- - src/lxc/mount_utils.h | 16 ++++++++++++ - 2 files changed, 73 insertions(+), 2 deletions(-) - ---- a/meson.build -+++ b/meson.build -@@ -638,8 +638,7 @@ if cc.sizeof('struct mount_attr', prefix - found_types += 'struct mount_attr (sys/mount.h)' - else - srcconf.set10('HAVE_' + 'struct mount_attr'.underscorify().to_upper(), false) -- missing_types += 'struct mount_attr (sys/mount.h)' --endif -+ missing_types += 'struct mount_attr (sys/mount.h)' endif - - ## Types. - decl_headers = ''' -@@ -655,6 +654,62 @@ else - missing_types += 'struct mount_attr (linux/mount.h)' - endif - -+if cc.has_header_symbol('sys/mount.h', 'FSCONFIG_SET_FLAG') -+ srcconf.set10('HAVE_' + 'FSCONFIG_SET_FLAG'.underscorify().to_upper(), true) -+ found_types += 'FSCONFIG_SET_FLAG' -+else -+ srcconf.set10('HAVE_' + 'FSCONFIG_SET_FLAG'.underscorify().to_upper(), false) -+ missing_types += 'FSCONFIG_SET_FLAG' -+endif -+ -+if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_STRING') -+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_STRING'.underscorify().to_upper(), true) -+ found_types += 'FS_CONFIG_SET_STRING' -+else -+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_STRING'.underscorify().to_upper(), false) -+ missing_types += 'FS_CONFIG_SET_STRING' -+endif -+ -+if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_BINARY') -+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_BINARY'.underscorify().to_upper(), true) -+ found_types += 'FS_CONFIG_SET_BINARY' -+else -+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_BINARY'.underscorify().to_upper(), false) -+ missing_types += 'FS_CONFIG_SET_BINARY' -+endif -+ -+if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_PATH_EMPTY') -+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_EMPTY'.underscorify().to_upper(), true) -+ found_types += 'FS_CONFIG_SET_PATH_EMPTY' -+else -+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_EMPTY'.underscorify().to_upper(), false) -+ missing_types += 'FS_CONFIG_SET_PATH_EMPTY' -+endif -+ -+if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_PATH_FD') -+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_FD'.underscorify().to_upper(), true) -+ found_types += 'FS_CONFIG_SET_PATH_FD' -+else -+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_FD'.underscorify().to_upper(), false) -+ missing_types += 'FS_CONFIG_SET_PATH_FD' -+endif -+ -+if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_CMD_CREATE') -+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_CREATE'.underscorify().to_upper(), true) -+ found_types += 'FS_CONFIG_SET_CMD_CREATE' -+else -+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_CREATE'.underscorify().to_upper(), false) -+ missing_types += 'FS_CONFIG_SET_CMD_CREATE' -+endif -+ -+if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_CMD_RECONFIGURE') -+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_RECONFIGURE'.underscorify().to_upper(), true) -+ found_types += 'FS_CONFIG_SET_CMD_RECONFIGURE' -+else -+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_RECONFIGURE'.underscorify().to_upper(), false) -+ missing_types += 'FS_CONFIG_SET_CMD_RECONFIGURE' -+endif -+ - ## Headers. - foreach ident: [ - ['bpf', '''#include ---- a/src/lxc/mount_utils.h -+++ b/src/lxc/mount_utils.h -@@ -82,37 +82,53 @@ struct lxc_rootfs; - #endif - - /* fsconfig() commands */ -+#if !HAVE_FSCONFIG_SET_FLAG - #ifndef FSCONFIG_SET_FLAG - #define FSCONFIG_SET_FLAG 0 /* Set parameter, supplying no value */ - #endif -+#endif - -+#if !HAVE_FSCONFIG_SET_STRING - #ifndef FSCONFIG_SET_STRING - #define FSCONFIG_SET_STRING 1 /* Set parameter, supplying a string value */ - #endif -+#endif - -+#if !HAVE_FSCONFIG_SET_BINARY - #ifndef FSCONFIG_SET_BINARY - #define FSCONFIG_SET_BINARY 2 /* Set parameter, supplying a binary blob value */ - #endif -+#endif - -+#if !HAVE_FSCONFIG_SET_PATH - #ifndef FSCONFIG_SET_PATH - #define FSCONFIG_SET_PATH 3 /* Set parameter, supplying an object by path */ - #endif -+#endif - -+#if !HAVE_FSCONFIG_SET_PATH_EMPTY - #ifndef FSCONFIG_SET_PATH_EMPTY - #define FSCONFIG_SET_PATH_EMPTY 4 /* Set parameter, supplying an object by (empty) path */ - #endif -+#endif - -+#if !HAVE_FSCONFIG_SET_FD - #ifndef FSCONFIG_SET_FD - #define FSCONFIG_SET_FD 5 /* Set parameter, supplying an object by fd */ - #endif -+#endif - -+#if !HAVE_FSCONFIG_CMD_CREATE - #ifndef FSCONFIG_CMD_CREATE - #define FSCONFIG_CMD_CREATE 6 /* Invoke superblock creation */ - #endif -+#endif - -+#if !FSCONFIG_CMD_RECONFIGURE - #ifndef FSCONFIG_CMD_RECONFIGURE - #define FSCONFIG_CMD_RECONFIGURE 7 /* Invoke superblock reconfiguration */ - #endif -+#endif - - /* fsmount() flags */ - #ifndef FSMOUNT_CLOEXEC diff --git a/utils/lxc/patches/011-tree-wide-wipe-direct-or-indirect-linux-mount.h-incl.patch b/utils/lxc/patches/011-tree-wide-wipe-direct-or-indirect-linux-mount.h-incl.patch deleted file mode 100644 index eb190018b..000000000 --- a/utils/lxc/patches/011-tree-wide-wipe-direct-or-indirect-linux-mount.h-incl.patch +++ /dev/null @@ -1,197 +0,0 @@ -From 4771699fd97b1e9ee7dc4f7cfe01c8ddd698f682 Mon Sep 17 00:00:00 2001 -From: Christian Brauner -Date: Wed, 10 Aug 2022 11:42:52 +0200 -Subject: tree-wide: wipe direct or indirect linux/mount.h inclusion - -It is incompatible with sys/mount.h and causes massive headaches. - -Signed-off-by: Christian Brauner (Microsoft) ---- - meson.build | 44 +++++++++++++------------------------- - src/lxc/macro.h | 13 +++++++++++ - src/lxc/mount_utils.h | 2 +- - src/lxc/syscall_wrappers.h | 9 ++------ - src/lxc/utils.c | 2 -- - 5 files changed, 31 insertions(+), 39 deletions(-) - ---- a/meson.build -+++ b/meson.build -@@ -627,7 +627,6 @@ foreach tuple: [ - endif - endforeach - --## Types. - decl_headers = ''' - #include - ''' -@@ -640,74 +639,61 @@ else - srcconf.set10('HAVE_' + 'struct mount_attr'.underscorify().to_upper(), false) - missing_types += 'struct mount_attr (sys/mount.h)' endif - --## Types. --decl_headers = ''' --#include --''' -- --# We get -1 if the size cannot be determined --if cc.sizeof('struct mount_attr', prefix: decl_headers, args: '-D_GNU_SOURCE') > 0 -- srcconf.set10('HAVE_UAPI_' + 'struct mount_attr'.underscorify().to_upper(), true) -- found_types += 'struct mount_attr (linux/mount.h)' --else -- srcconf.set10('HAVE_UAPI_' + 'struct mount_attr'.underscorify().to_upper(), false) -- missing_types += 'struct mount_attr (linux/mount.h)' --endif -- -+## Check if sys/mount.h defines the fsconfig commands - if cc.has_header_symbol('sys/mount.h', 'FSCONFIG_SET_FLAG') - srcconf.set10('HAVE_' + 'FSCONFIG_SET_FLAG'.underscorify().to_upper(), true) -- found_types += 'FSCONFIG_SET_FLAG' -+ found_types += 'FSCONFIG_SET_FLAG (sys/mount.h)' - else - srcconf.set10('HAVE_' + 'FSCONFIG_SET_FLAG'.underscorify().to_upper(), false) -- missing_types += 'FSCONFIG_SET_FLAG' -+ missing_types += 'FSCONFIG_SET_FLAG (sys/mount.h)' - endif - - if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_STRING') - srcconf.set10('HAVE_' + 'FS_CONFIG_SET_STRING'.underscorify().to_upper(), true) -- found_types += 'FS_CONFIG_SET_STRING' -+ found_types += 'FS_CONFIG_SET_STRING (sys/mount.h)' - else - srcconf.set10('HAVE_' + 'FS_CONFIG_SET_STRING'.underscorify().to_upper(), false) -- missing_types += 'FS_CONFIG_SET_STRING' -+ missing_types += 'FS_CONFIG_SET_STRING (sys/mount.h)' - endif - - if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_BINARY') - srcconf.set10('HAVE_' + 'FS_CONFIG_SET_BINARY'.underscorify().to_upper(), true) -- found_types += 'FS_CONFIG_SET_BINARY' -+ found_types += 'FS_CONFIG_SET_BINARY (sys/mount.h)' - else - srcconf.set10('HAVE_' + 'FS_CONFIG_SET_BINARY'.underscorify().to_upper(), false) -- missing_types += 'FS_CONFIG_SET_BINARY' -+ missing_types += 'FS_CONFIG_SET_BINARY (sys/mount.h)' - endif - - if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_PATH_EMPTY') - srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_EMPTY'.underscorify().to_upper(), true) -- found_types += 'FS_CONFIG_SET_PATH_EMPTY' -+ found_types += 'FS_CONFIG_SET_PATH_EMPTY (sys/mount.h)' - else - srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_EMPTY'.underscorify().to_upper(), false) -- missing_types += 'FS_CONFIG_SET_PATH_EMPTY' -+ missing_types += 'FS_CONFIG_SET_PATH_EMPTY (sys/mount.h)' - endif - - if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_PATH_FD') - srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_FD'.underscorify().to_upper(), true) -- found_types += 'FS_CONFIG_SET_PATH_FD' -+ found_types += 'FS_CONFIG_SET_PATH_FD (sys/mount.h)' - else - srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_FD'.underscorify().to_upper(), false) -- missing_types += 'FS_CONFIG_SET_PATH_FD' -+ missing_types += 'FS_CONFIG_SET_PATH_FD (sys/mount.h)' - endif - - if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_CMD_CREATE') - srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_CREATE'.underscorify().to_upper(), true) -- found_types += 'FS_CONFIG_SET_CMD_CREATE' -+ found_types += 'FS_CONFIG_SET_CMD_CREAT (sys/mount.h)' - else - srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_CREATE'.underscorify().to_upper(), false) -- missing_types += 'FS_CONFIG_SET_CMD_CREATE' -+ missing_types += 'FS_CONFIG_SET_CMD_CREATE (sys/mount.h)' - endif - - if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_CMD_RECONFIGURE') - srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_RECONFIGURE'.underscorify().to_upper(), true) -- found_types += 'FS_CONFIG_SET_CMD_RECONFIGURE' -+ found_types += 'FS_CONFIG_SET_CMD_RECONFIGURE (sys/mount.h)' - else - srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_RECONFIGURE'.underscorify().to_upper(), false) -- missing_types += 'FS_CONFIG_SET_CMD_RECONFIGURE' -+ missing_types += 'FS_CONFIG_SET_CMD_RECONFIGURE (sys/mount.h)' - endif - - ## Headers. ---- a/src/lxc/macro.h -+++ b/src/lxc/macro.h -@@ -8,6 +8,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -812,4 +813,16 @@ static inline bool is_set(__u32 bit, __u - - #define BIT(nr) (1UL << (nr)) - -+#ifndef FS_IOC_GETFLAGS -+#define FS_IOC_GETFLAGS _IOR('f', 1, long) -+#endif -+ -+#ifndef FS_IOC_SETFLAGS -+#define FS_IOC_SETFLAGS _IOW('f', 2, long) -+#endif -+ -+#ifndef FS_IMMUTABLE_FL -+#define FS_IMMUTABLE_FL 0x00000010 /* Immutable file */ -+#endif -+ - #endif /* __LXC_MACRO_H */ ---- a/src/lxc/mount_utils.h -+++ b/src/lxc/mount_utils.h -@@ -124,7 +124,7 @@ struct lxc_rootfs; - #endif - #endif - --#if !FSCONFIG_CMD_RECONFIGURE -+#if !HAVE_FSCONFIG_CMD_RECONFIGURE - #ifndef FSCONFIG_CMD_RECONFIGURE - #define FSCONFIG_CMD_RECONFIGURE 7 /* Invoke superblock reconfiguration */ - #endif ---- a/src/lxc/syscall_wrappers.h -+++ b/src/lxc/syscall_wrappers.h -@@ -10,6 +10,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -18,12 +19,6 @@ - #include "macro.h" - #include "syscall_numbers.h" - --#if HAVE_STRUCT_MOUNT_ATTR --#include --#elif HAVE_UAPI_STRUCT_MOUNT_ATTR --#include --#endif -- - #ifdef HAVE_LINUX_MEMFD_H - #include - #endif -@@ -216,7 +211,7 @@ extern int fsmount(int fs_fd, unsigned i - /* - * mount_setattr() - */ --#if !HAVE_STRUCT_MOUNT_ATTR && !HAVE_UAPI_STRUCT_MOUNT_ATTR -+#if !HAVE_STRUCT_MOUNT_ATTR - struct mount_attr { - __u64 attr_set; - __u64 attr_clr; ---- a/src/lxc/utils.c -+++ b/src/lxc/utils.c -@@ -19,8 +19,6 @@ - #include - #include - #include --/* Needs to be after sys/mount.h header */ --#include - #include - #include - #include diff --git a/utils/lxc/patches/012-tree-wide-use-struct-clone_args-directly.patch b/utils/lxc/patches/012-tree-wide-use-struct-clone_args-directly.patch deleted file mode 100644 index 7ab536e9b..000000000 --- a/utils/lxc/patches/012-tree-wide-use-struct-clone_args-directly.patch +++ /dev/null @@ -1,99 +0,0 @@ -From 63468abd3287ebd5cc4ed9205334217031049fb4 Mon Sep 17 00:00:00 2001 -From: Christian Brauner -Date: Wed, 10 Aug 2022 12:03:54 +0200 -Subject: tree-wide: use struct clone_args directly - -Signed-off-by: Christian Brauner (Microsoft) ---- - meson.build | 1 - - src/lxc/process_utils.c | 2 +- - src/lxc/process_utils.h | 7 ++++--- - src/lxc/start.c | 2 +- - src/lxc/start.h | 1 - - src/tests/reboot.c | 2 -- - 6 files changed, 6 insertions(+), 9 deletions(-) - ---- a/meson.build -+++ b/meson.build -@@ -582,7 +582,6 @@ decl_headers = ''' - #include - #include - #include --#include - #include - ''' - ---- a/src/lxc/process_utils.c -+++ b/src/lxc/process_utils.c -@@ -90,7 +90,7 @@ __returns_twice pid_t lxc_raw_legacy_clo - __returns_twice pid_t lxc_raw_clone(unsigned long flags, int *pidfd) - { - pid_t pid; -- struct lxc_clone_args args = { -+ struct clone_args args = { - .flags = flags, - .pidfd = ptr_to_u64(pidfd), - }; ---- a/src/lxc/process_utils.h -+++ b/src/lxc/process_utils.h -@@ -5,7 +5,6 @@ - - #include "config.h" - --#include - #include - #include - #include -@@ -165,7 +164,8 @@ - #define u64_to_ptr(x) ((void *)(uintptr_t)x) - #endif - --struct lxc_clone_args { -+#if !HAVE_STRUCT_CLONE_ARGS -+struct clone_args { - __aligned_u64 flags; - __aligned_u64 pidfd; - __aligned_u64 child_tid; -@@ -178,8 +178,9 @@ struct lxc_clone_args { - __aligned_u64 set_tid_size; - __aligned_u64 cgroup; - }; -+#endif - --__returns_twice static inline pid_t lxc_clone3(struct lxc_clone_args *args, size_t size) -+__returns_twice static inline pid_t lxc_clone3(struct clone_args *args, size_t size) - { - return syscall(__NR_clone3, args, size); - } ---- a/src/lxc/start.c -+++ b/src/lxc/start.c -@@ -1673,7 +1673,7 @@ static int lxc_spawn(struct lxc_handler - } else { - int cgroup_fd = -EBADF; - -- struct lxc_clone_args clone_args = { -+ struct clone_args clone_args = { - .flags = handler->clone_flags, - .pidfd = ptr_to_u64(&handler->pidfd), - .exit_signal = SIGCHLD, ---- a/src/lxc/start.h -+++ b/src/lxc/start.h -@@ -5,7 +5,6 @@ - - #include "config.h" - --#include - #include - #include - #include ---- a/src/tests/reboot.c -+++ b/src/tests/reboot.c -@@ -32,8 +32,6 @@ - - #include "namespace.h" - --#include --#include - #include - - int clone(int (*fn)(void *), void *child_stack, int flags, void *arg, ...); diff --git a/utils/lxc/patches/013-tree-wide-use-struct-open_how-directly.patch b/utils/lxc/patches/013-tree-wide-use-struct-open_how-directly.patch deleted file mode 100644 index cbcd08140..000000000 --- a/utils/lxc/patches/013-tree-wide-use-struct-open_how-directly.patch +++ /dev/null @@ -1,112 +0,0 @@ -From 133aa416ca2a5996090ec0e697e253646364d274 Mon Sep 17 00:00:00 2001 -From: Christian Brauner -Date: Wed, 10 Aug 2022 12:18:49 +0200 -Subject: tree-wide: use struct open_how directly - -Signed-off-by: Christian Brauner (Microsoft) ---- - meson.build | 2 -- - src/lxc/file_utils.c | 2 +- - src/lxc/mount_utils.c | 8 ++++---- - src/lxc/syscall_wrappers.h | 6 ++++-- - src/lxc/utils.c | 2 +- - 5 files changed, 10 insertions(+), 10 deletions(-) - ---- a/meson.build -+++ b/meson.build -@@ -579,9 +579,7 @@ decl_headers = ''' - #include - #include - #include --#include - #include --#include - #include - ''' - ---- a/src/lxc/file_utils.c -+++ b/src/lxc/file_utils.c -@@ -652,7 +652,7 @@ int open_at(int dfd, const char *path, u - unsigned int resolve_flags, mode_t mode) - { - __do_close int fd = -EBADF; -- struct lxc_open_how how = { -+ struct open_how how = { - .flags = o_flags, - .mode = mode, - .resolve = resolve_flags, ---- a/src/lxc/mount_utils.c -+++ b/src/lxc/mount_utils.c -@@ -186,7 +186,7 @@ int fs_prepare(const char *fs_name, - int fd_from; - - if (!is_empty_string(path_from)) { -- struct lxc_open_how how = { -+ struct open_how how = { - .flags = o_flags_from, - .resolve = resolve_flags_from, - }; -@@ -237,7 +237,7 @@ int fs_attach(int fd_fs, - int fd_to, ret; - - if (!is_empty_string(path_to)) { -- struct lxc_open_how how = { -+ struct open_how how = { - .flags = o_flags_to, - .resolve = resolve_flags_to, - }; -@@ -308,7 +308,7 @@ int move_detached_mount(int dfd_from, in - int fd_to, ret; - - if (!is_empty_string(path_to)) { -- struct lxc_open_how how = { -+ struct open_how how = { - .flags = o_flags_to, - .resolve = resolve_flags_to, - }; -@@ -348,7 +348,7 @@ int __fd_bind_mount(int dfd_from, const - set_atime(&attr); - - if (!is_empty_string(path_from)) { -- struct lxc_open_how how = { -+ struct open_how how = { - .flags = o_flags_from, - .resolve = resolve_flags_from, - }; ---- a/src/lxc/syscall_wrappers.h -+++ b/src/lxc/syscall_wrappers.h -@@ -240,11 +240,13 @@ static inline int mount_setattr(int dfd, - * @mode: O_CREAT/O_TMPFILE file mode. - * @resolve: RESOLVE_* flags. - */ --struct lxc_open_how { -+#if !HAVE_STRUCT_OPEN_HOW -+struct open_how { - __u64 flags; - __u64 mode; - __u64 resolve; - }; -+#endif - - /* how->resolve flags for openat2(2). */ - #ifndef RESOLVE_NO_XDEV -@@ -296,7 +298,7 @@ struct lxc_open_how { - #define PROTECT_OPEN_RW (O_CLOEXEC | O_NOCTTY | O_RDWR | O_NOFOLLOW) - - #if !HAVE_OPENAT2 --static inline int openat2(int dfd, const char *filename, struct lxc_open_how *how, size_t size) -+static inline int openat2(int dfd, const char *filename, struct open_how *how, size_t size) - { - return syscall(__NR_openat2, dfd, filename, how, size); - } ---- a/src/lxc/utils.c -+++ b/src/lxc/utils.c -@@ -1095,7 +1095,7 @@ int __safe_mount_beneath_at(int beneath_ - unsigned int flags, const void *data) - { - __do_close int source_fd = -EBADF, target_fd = -EBADF; -- struct lxc_open_how how = { -+ struct open_how how = { - .flags = PROTECT_OPATH_DIRECTORY, - .resolve = PROTECT_LOOKUP_BENEATH_WITH_MAGICLINKS, - }; From e82f9a664b42e4e257d63add9bed2780bf4bacd2 Mon Sep 17 00:00:00 2001 From: Tjeu Kayim Date: Thu, 6 Apr 2023 08:27:13 +0200 Subject: [PATCH 18/18] fio: update to 3.34 Signed-off-by: Tjeu Kayim --- utils/fio/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/utils/fio/Makefile b/utils/fio/Makefile index 622bfe49f..2569762c6 100644 --- a/utils/fio/Makefile +++ b/utils/fio/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fio -PKG_VERSION:=3.29 -PKG_RELEASE:=$(AUTORELEASE) +PKG_VERSION:=3.34 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=http://brick.kernel.dk/snaps -PKG_HASH:=acffb407d14e973321ada4cf234b2840a94fff7989350cfe62142daba79e6786 +PKG_HASH:=a5a28f19c701d4c8e04924bec1b85f6ac8c67fc8fe75968a5d6990e0b656a7a7 PKG_MAINTAINER:= PKG_LICENSE:=GPL-2.0-or-later