Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'openwrt:master' into master

Browse source
This commit is contained in:
Hayzam Sherif 2023-04-08 11:30:38 +05:30 committed by GitHub
commit 0d1bd4ff77
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
37 changed files with 225 additions and 959 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lang/python/pillow/Makefile
View file

@ -7,11 +7,11 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=pillow
PKG_VERSION:=9.4.0
PKG_VERSION:=9.5.0
PKG_RELEASE:=1
PYPI_NAME:=Pillow
PKG_HASH:=a1c2d7780448eb93fbcc3789bf3916aa5720d942e37945f4056680317f1cd23e
PKG_HASH:=bf548479d336726d7a0eceb6e767e179fbde37833ae42794602631a070d630f1
PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
PKG_LICENSE:=HPND

4
lang/python/python-pytz/Makefile
View file

@ -8,11 +8,11 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=python-pytz
PKG_VERSION:=2022.7.1
PKG_VERSION:=2023.3
PKG_RELEASE:=1
PYPI_NAME:=pytz
PKG_HASH:=01a0681c4b9684a28304615eba55d1ab31ae00bf68ec157ec3708a8182dbbcd0
PKG_HASH:=1d8ce29db189191fb55338ee6d0387d82ab59f3d00eac103412d64e0ebd0c588
PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
PKG_LICENSE:=MIT

13
libs/afalg_engine/Config.in
View file

@ -9,19 +9,6 @@ if PACKAGE_libopenssl-afalg_sync
This increases memory usage, and has problems when process fork
with open digest contexts (openssh will not work because of it).
config AFALG_FALLBACK
bool "Enable software fallback feature"
default y
help
Use software to fulfill small requests. Using AF_ALG adds latency,
which makes it slow to perform small requests. Enabling this
option overcomes this problem, at the cost of increased memory
and CPU usage. This is a new, experimental feature; if you
encounter any problem, this is the first option to disable.
The fallback will fail if you enable this engine alongside
devcrypto, so you'll not be able to install both at the same
time if this option is enabled.
config AFALG_UPDATE_CTR_IV
bool "Don't rely on kernel to update CTR IV"
default y

7
libs/afalg_engine/Makefile
View file

@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=afalg_engine
PKG_VERSION:=1.2.0-beta.1
PKG_RELEASE:=$(AUTORELEASE)
PKG_RELEASE:=5
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/cotequeiroz/afalg_engine/archive/v$(PKG_VERSION)
@ -25,7 +25,7 @@ PKG_CONFIG_DEPENDS:= \
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk
include $(INCLUDE_DIR)/openssl-engine.mk
include $(INCLUDE_DIR)/openssl-module.mk
$(eval $(call Package/openssl/add-engine,afalg,libopenssl-afalg_sync))
define Package/libopenssl-afalg_sync
@ -33,7 +33,7 @@ define Package/libopenssl-afalg_sync
TITLE:=AF_ALG engine using sync crypto API
URL:=https://github.com/cotequeiroz/afalg_engine
DEPENDS += @!OPENSSL_ENGINE_BUILTIN_AFALG +kmod-crypto-user
CONFLICTS:=libopenssl-afalg $(if $(CONFIG_AFALG_FALLBACK),libopenssl-devcrypto)
CONFLICTS:=libopenssl-afalg
MENU:=1
endef
@ -54,7 +54,6 @@ endef
CMAKE_OPTIONS += \
-DOPENSSL_ENGINES_DIR=/usr/lib/$(ENGINES_DIR) \
-DDIGESTS=$(if $(CONFIG_AFALG_DIGESTS),ON,OFF) \
-DFALLBACK=$(if $(CONFIG_AFALG_FALLBACK),ON,OFF) \
-DUPDATE_CTR_IV=$(if $(CONFIG_AFALG_UPDATE_CTR_IV),ON,OFF) \
-DUSE_ZERO_COPY=$(if $(CONFIG_AFALG_ZERO_COPY),ON,OFF)

2
libs/afalg_engine/files/afalg.cnf
View file

@ -1,4 +1,4 @@
[afalg]
[afalg_sect]
# Leave this alone and configure algorithms with CIPERS/DIGESTS below
default_algorithms = ALL

19
libs/gost_engine/Makefile
View file

@ -1,19 +1,12 @@
include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/openssl-engine.mk
include $(INCLUDE_DIR)/openssl-module.mk
PKG_NAME:=gost_engine
ifeq ($(ENGINES_DIR),engines-1.1)
PKG_VERSION:=1.1.0.3
PKG_HASH:=fff725052e82c9adb5b738729b30141f61ac91fa457a4f4b5de18b8b24092f75
PKG_LICENSE:=OpenSSL
PATCH_DIR=./patches-1.1
else
PKG_VERSION:=3.0.1
PKG_HASH:=bfeac85883724cfbe0ecc6d942ac0524b908143e019ab3d3b6abe47a3466a628
PKG_LICENSE:=Apache-2.0
PATCH_DIR=./patches-3
endif
PKG_RELEASE:=7
PKG_VERSION:=3.0.1
PKG_HASH:=bfeac85883724cfbe0ecc6d942ac0524b908143e019ab3d3b6abe47a3466a628
PKG_LICENSE:=Apache-2.0
PATCH_DIR=./patches-3
PKG_RELEASE:=8
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/gost-engine/engine/archive/v$(PKG_VERSION)

2
libs/gost_engine/files/gost.cnf
View file

@ -1,4 +1,4 @@
[gost]
[gost_sect]
default_algorithms = ALL
# CRYPT_PARAMS: OID of default GOST 28147-89 parameters It allows the
# user to choose between different parameter sets of symmetric cipher

7
libs/openblas/Makefile
View file

@ -5,12 +5,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=OpenBLAS
PKG_VERSION:=0.3.21
PKG_RELEASE:=2
PKG_VERSION:=0.3.23
PKG_RELEASE:=1
PKG_SOURCE:=OpenBLAS-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/xianyi/OpenBLAS/releases/download/v$(PKG_VERSION)/
PKG_HASH:=f36ba3d7a60e7c8bcc54cd9aaa9b1223dd42eaf02c811791c37e8ca707c241ca
PKG_HASH:=5d9491d07168a5d00116cdc068a40022c3455bf9293c7cb86a65b1054d7e5114
PKG_LICENSE:=BSD 3-Clause
PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
@ -27,6 +27,7 @@ define Package/openblas
DEPENDS:= \
@!arc \
@!powerpc \
@!SOFT_FLOAT \
+INSTALL_GFORTRAN:libgfortran
endef

4
net/banip/Makefile
View file

@ -7,8 +7,8 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=banip
PKG_VERSION:=0.8.2
PKG_RELEASE:=6
PKG_VERSION:=0.8.3
PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>

32
net/banip/files/README.md
View file

@ -75,7 +75,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre
* Provides a set search engine for certain IPs
* Feed parsing by fast & flexible regex rulesets
* Minimal status & error logging to syslog, enable debug logging to receive more output
* Procd based init system support (start/stop/restart/reload/status/report/search/survey)
* Procd based init system support (start/stop/restart/reload/status/report/search/survey/lookup)
* Procd network interface trigger support
* Ability to add new banIP feeds on your own
@ -114,6 +114,7 @@ Available commands:
report [text|json|mail] Print banIP related set statistics
search [<IPv4 address>|<IPv6 address>] Check if an element exists in a banIP set
survey [<set name>] List all elements of a given banIP set
lookup Lookup the IPs of domain names in the local lists and update them
running Check if service is running
status Service status
trace Start with syscall trace
@ -226,18 +227,16 @@ Available commands:
~# /etc/init.d/banip status
::: banIP runtime information
+ status : active (nft: ✔, monitor: ✔)
+ version : 0.8.2-2
+ element_count : 211397
+ active_feeds : allowlistvMAC, allowlistv4, allowlistv6, adawayv4, adawayv6, adguardv4, adguardtrackersv4, adguardv6, adguardtrackersv
6, antipopadsv4, antipopadsv6, cinsscorev4, countryv6, countryv4, deblv4, deblv6, dohv4, dohv6, firehol1v4, oisdsmallv
6, oisdsmallv4, stevenblackv6, stevenblackv4, webclientv4, blocklistvMAC, blocklistv4, blocklistv6
+ active_devices : eth2 ::: wan, wan6
+ active_subnets : 91.64.148.211/24, 2b02:710c:0:80:e442:4b0c:637d:1d33/128
+ version : 0.8.3-1
+ element_count : 281161
+ active_feeds : allowlistvMAC, allowlistv6, allowlistv4, adawayv4, adguardtrackersv4, adawayv6, adguardv6, adguardv4, adguardtrackersv6, antipopadsv6, antipopadsv4, cinsscorev4, deblv4, countryv6, countryv4, deblv6, dohv4, dohv6, iblockadsv4, firehol1v4, oisdbigv4, yoyov6, threatviewv4, yoyov4, oisdbigv6, blocklistvMAC, blocklistv4, blocklistv6
+ active_devices : br-wan ::: wan, wan6
+ active_subnets : 91.64.169.252/24, 2a02:710c:0:60:958b:3bd0:9e14:abb/128
+ nft_info : priority: -200, policy: memory, loglevel: warn, expiry: -
+ run_info : base: /mnt/data/banIP, backup: /mnt/data/banIP/backup, report: /mnt/data/banIP/report, feed: /etc/banip/banip.feeds
+ run_flags : auto: ✔, proto (4/6): ✔/✔, log (wan-inp/wan-fwd/lan-fwd): ✔/✔/✔, dedup: ✔, split: ✘, allowed only: ✘
+ last_run : action: restart, duration: 0m 55s, date: 2023-03-10 19:33:08
+ system_info : cores: 2, memory: 1830, device: Turris Omnia, OpenWrt SNAPSHOT r22248-bf055fcdca
+ last_run : action: reload, duration: 1m 0s, date: 2023-04-06 12:34:10
+ system_info : cores: 4, memory: 1822, device: Bananapi BPI-R3, OpenWrt SNAPSHOT r22498-75f7e2d10b
```
**banIP search information**
@ -288,15 +287,22 @@ list ban_logterm 'SecurityEvent=\"InvalidAccountID\".*RemoteAddress='
**allow-/blocklist handling**
banIP supports local allow and block lists (IPv4, IPv6, CIDR notation or domain names), located in /etc/banip/banip.allowlist and /etc/banip/banip.blocklist.
Unsuccessful login attempts or suspicious requests will be tracked and added to the local blocklist (see the 'ban\_autoblocklist' option). The blocklist behaviour can be further tweaked with the 'ban\_nftexpiry' option.
Furthermore the uplink subnet will be added to local allowlist (see 'ban\_autowallowlist' option).
Both lists also accept domain names as input to allow IP filtering based on these names. The corresponding IPs (IPv4 & IPv6) will be extracted in a detached background process and added to the sets.
Furthermore the uplink subnet will be added to local allowlist (see 'ban\_autoallowlist' option).
Both lists also accept domain names as input to allow IP filtering based on these names. The corresponding IPs (IPv4 & IPv6) will be extracted and added to the sets. You can also start the domain lookup separately via /etc/init.d/banip lookup at any time.
**allowlist-only mode**
banIP supports an "allowlist only" mode. This option restricts the internet access from/to a small number of secure websites/IPs, and block access from/to the rest of the internet. All IPs and Domains which are _not_ listed in the allowlist are blocked.
**redirect Asterisk security logs to lodg/logread**
**redirect Asterisk security logs to lodg/logread**
banIP only supports logfile scanning via logread, so to monitor attacks on Asterisk, its security log must be available via logread. To do this, edit '/etc/asterisk/logger.conf' and add the line 'syslog.local0 = security', then run 'asterisk -rx reload logger' to update the running Asterisk configuration.
**send status E-Mails and update the banIP lists via cron job**
For a regular, automatic status mailing and update of the used lists on a daily basis set up a cron job, e.g.
```
55 03 * * * /etc/init.d/banip report mail
00 04 * * * /etc/init.d/banip reload
```
**tweaks for low memory systems**
nftables supports the atomic loading of rules/sets/members, which is cool but unfortunately is also very memory intensive. To reduce the memory pressure on low memory systems (i.e. those with 256-512Mb RAM), you should optimize your configuration with the following options:

58
net/banip/files/banip-functions.sh
View file

@ -78,6 +78,7 @@ ban_debug="0"
f_system() {
local cpu core
[ -z "${ban_dev}" ] && ban_cores="$(uci_get banip global ban_cores)"
ban_memory="$("${ban_awkcmd}" '/^MemAvailable/{printf "%s",int($2/1000)}' "/proc/meminfo" 2>/dev/null)"
ban_ver="$(${ban_ubuscmd} -S call rpc-sys packagelist '{ "all": true }' 2>/dev/null | jsonfilter -ql1 -e '@.packages.banip')"
ban_sysver="$(${ban_ubuscmd} -S call system board 2>/dev/null | jsonfilter -ql1 -e '@.model' -e '@.release.description' |
@ -426,7 +427,7 @@ f_getsub() {
f_getelements() {
local file="${1}"
[ -s "${file}" ] && printf "%s" "elements={ $(cat "${file}") };"
[ -s "${file}" ] && printf "%s" "elements={ $(cat "${file}" 2>/dev/null) };"
}
# build initial nft file with base table, chains and rules
@ -975,8 +976,6 @@ f_getstatus() {
done
json_select ".."
fi
value="$(printf "%s" "${value}" |
awk '{NR=1;max=118;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{printf"%-24s%s\n","",substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')"
printf " + %-17s : %s\n" "${key}" "${value:-"-"}"
done
else
@ -987,7 +986,7 @@ f_getstatus() {
# domain lookup
#
f_lookup() {
local cnt list domain lookup ip start_time end_time duration cnt_domain="0" cnt_ip="0" feed="${1}"
local cnt list domain lookup ip elementsv4 elementsv6 start_time end_time duration cnt_domain="0" cnt_ip="0" feed="${1}"
start_time="$(date "+%s")"
if [ "${feed}" = "allowlist" ]; then
@ -1004,32 +1003,36 @@ f_lookup() {
else
if { [ "${feed}" = "allowlist" ] && ! "${ban_grepcmd}" -q "^${ip}" "${ban_allowlist}"; } ||
{ [ "${feed}" = "blocklist" ] && ! "${ban_grepcmd}" -q "^${ip}" "${ban_blocklist}"; }; then
cnt_ip="$((cnt_ip + 1))"
if [ "${ip##*:}" = "${ip}" ]; then
if ! "${ban_nftcmd}" add element inet banIP "${feed}v4" "{ ${ip} }" >/dev/null 2>&1; then
f_log "info" "failed to add IP '${ip}' (${domain}) to ${feed}v4 set"
continue
fi
elementsv4="${elementsv4} ${ip},"
else
if ! "${ban_nftcmd}" add element inet banIP "${feed}v6" "{ ${ip} }" >/dev/null 2>&1; then
f_log "info" "failed to add IP '${ip}' (${domain}) to ${feed}v6 set"
continue
fi
elementsv6="${elementsv6} ${ip},"
fi
if [ "${feed}" = "allowlist" ] && [ "${ban_autoallowlist}" = "1" ]; then
printf "%-42s%s\n" "${ip}" "# '${domain}' added on $(date "+%Y-%m-%d %H:%M:%S")" >>"${ban_allowlist}"
elif [ "${feed}" = "blocklist" ] && [ "${ban_autoblocklist}" = "1" ]; then
printf "%-42s%s\n" "${ip}" "# '${domain}' added on $(date "+%Y-%m-%d %H:%M:%S")" >>"${ban_blocklist}"
fi
cnt_ip="$((cnt_ip + 1))"
fi
fi
done
cnt_domain="$((cnt_domain + 1))"
done
if [ -n "${elementsv4}" ]; then
if ! "${ban_nftcmd}" add element inet banIP "${feed}v4" "{ ${elementsv4} }" >/dev/null 2>&1; then
f_log "info" "failed to add lookup file to ${feed}v4 set"
fi
fi
if [ -n "${elementsv6}" ]; then
if ! "${ban_nftcmd}" add element inet banIP "${feed}v6" "{ ${elementsv6} }" >/dev/null 2>&1; then
f_log "info" "failed to add lookup file to ${feed}v6 set"
fi
fi
end_time="$(date "+%s")"
duration="$(((end_time - start_time) / 60))m $(((end_time - start_time) % 60))s"
f_log "debug" "f_lookup ::: name: ${feed}, cnt_domain: ${cnt_domain}, cnt_ip: ${cnt_ip}, duration: ${duration}"
f_log "info" "Lookup summary for the local ${feed}: Domains processed: ${cnt_domain}, IPs added: ${cnt_ip}, Duration: ${duration}"
}
# table statistics
@ -1198,7 +1201,7 @@ f_report() {
# set search
#
f_search() {
local table_sets ip proto run_search search="${1}"
local set table_sets ip proto run_search hold cnt search="${1}"
if [ -n "${search}" ]; then
ip="$(printf "%s" "${search}" | "${ban_awkcmd}" 'BEGIN{RS="(([0-9]{1,3}\\.){3}[0-9]{1,3})+"}{printf "%s",RT}')"
@ -1215,14 +1218,15 @@ f_search() {
return
fi
printf "%s\n%s\n%s\n" ":::" "::: banIP Search" ":::"
printf "%s\n" " Looking for IP '${ip}' on $(date "+%Y-%m-%d %H:%M:%S")"
printf "%s\n" " ---"
printf " %s\n" "Looking for IP '${ip}' on $(date "+%Y-%m-%d %H:%M:%S")"
printf " %s\n" "---"
cnt="1"
run_search="/var/run/banIP.search"
for set in ${table_sets}; do
[ -f "${run_search}" ] && break
(
if "${ban_nftcmd}" get element inet banIP "${set}" "{ ${ip} }" >/dev/null 2>&1; then
printf "%s\n" " IP found in Set '${set}'"
printf " %s\n" "IP found in Set '${set}'"
: >"${run_search}"
fi
) &
@ -1231,11 +1235,8 @@ f_search() {
cnt="$((cnt + 1))"
done
wait
if [ ! -f "${run_search}" ]; then
printf "%s\n" " IP not found"
else
rm -f "${run_search}"
fi
[ ! -f "${run_search}" ] && printf " %s\n" "IP not found"
rm -f "${run_search}"
}
# set survey
@ -1243,16 +1244,15 @@ f_search() {
f_survey() {
local set_elements set="${1}"
[ -n "${set}" ] && set_elements="$("${ban_nftcmd}" -j list set inet banIP "${set}" 2>/dev/null | jsonfilter -qe '@.nftables[*].set.elem[*]')"
if [ -z "${set}" ] || [ -z "${set_elements}" ]; then
if [ -z "${set}" ]; then
printf "%s\n%s\n%s\n" ":::" "::: no valid survey input" ":::"
return
fi
[ -n "${set}" ] && set_elements="$("${ban_nftcmd}" -j list set inet banIP "${set}" 2>/dev/null | jsonfilter -qe '@.nftables[*].set.elem[*]')"
printf "%s\n%s\n%s\n" ":::" "::: banIP Survey" ":::"
printf "%s\n" " List the elements of Set '${set}' on $(date "+%Y-%m-%d %H:%M:%S")"
printf "%s\n" " ---"
printf "%s\n" "${set_elements}"
printf " %s\n" "List the elements of Set '${set}' on $(date "+%Y-%m-%d %H:%M:%S")"
printf " %s\n" "---"
[ -n "${set_elements}" ] && printf "%s\n" "${set_elements}" || printf " %s\n" "empty set"
}
# send status mails

26
net/banip/files/banip-service.sh
View file

@ -124,21 +124,25 @@ for feed in allowlist ${ban_feed} blocklist; do
fi
done
wait
# start background domain lookup
#
f_log "info" "start detached banIP domain lookup"
(f_lookup "allowlist") &
hold="$((cnt % ban_cores))"
[ "${hold}" = "0" ] && wait
(f_lookup "blocklist") &
# end processing
#
f_rmset
f_rmdir "${ban_tmpdir}"
f_genstatus "active"
f_log "info" "finished banIP download processes"
# start domain lookup
#
f_log "info" "start banIP domain lookup"
cnt="1"
for list in allowlist blocklist; do
(f_lookup "${list}") &
hold="$((cnt % ban_cores))"
[ "${hold}" = "0" ] && wait
cnt="$((cnt + 1))"
done
wait
# end processing
#
if [ "${ban_mailnotification}" = "1" ] && [ -n "${ban_mailreceiver}" ] && [ -x "${ban_mailcmd}" ]; then
(
sleep ${ban_triggerdelay}

29
net/banip/files/banip.init
View file

@ -12,6 +12,7 @@ USE_PROCD=1
extra_command "report" "[text|json|mail] Print banIP related set statistics"
extra_command "search" "[<IPv4 address>|<IPv6 address>] Check if an element exists in a banIP set"
extra_command "survey" "[<set name>] List all elements of a given banIP set"
extra_command "lookup" "Lookup the IPs of domain names in the local lists and update them"
ban_init="/etc/init.d/banip"
ban_service="/usr/bin/banip-service.sh"
@ -20,10 +21,10 @@ ban_pidfile="/var/run/banip.pid"
ban_lock="/var/run/banip.lock"
[ "${action}" = "boot" ] && /etc/init.d/banip running && exit 0
[ "${action}" = "stop" ] && ! /etc/init.d/banip running && exit 0
[ ! -r "${ban_funlib}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "stop" ] || [ "${action}" = "report" ] || [ "${action}" = "search" ] || [ "${action}" = "survey" ] || [ "${action}" = "status" ]; } && exit 1
[ -d "${ban_lock}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ]; } && exit 1
[ ! -d "${ban_lock}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ]; } && mkdir -p "${ban_lock}"
{ [ "${action}" = "stop" ] || [ "${action}" = "lookup" ]; } && ! /etc/init.d/banip running && exit 0
[ ! -r "${ban_funlib}" ] && [ "${action}" != "boot" ] && exit 1
[ -d "${ban_lock}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "lookup" ]; } && exit 1
[ ! -d "${ban_lock}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "lookup" ]; } && mkdir -p "${ban_lock}"
boot() {
: >"${ban_pidfile}"
@ -61,7 +62,7 @@ stop_service() {
"${ban_nftcmd}" delete table inet banIP >/dev/null 2>&1
f_genstatus "stopped"
f_rmpid
rm -rf "${ban_lock}"
[ "${action}" = "stop" ] && rm -rf "${ban_lock}"
}
restart() {
@ -74,10 +75,8 @@ status() {
}
status_service() {
local actual="${1}"
[ -z "$(command -v "f_system")" ] && . "${ban_funlib}"
[ -n "${actual}" ] && f_actual || f_getstatus
f_getstatus
}
report() {
@ -95,6 +94,20 @@ survey() {
f_survey "${1}"
}
lookup() {
local list hold cnt="1"
[ -z "$(command -v "f_system")" ] && . "${ban_funlib}"
for list in allowlist blocklist; do
(f_lookup "${list}") &
hold="$((cnt % ban_cores))"
[ "${hold}" = "0" ] && wait
cnt="$((cnt + 1))"
done
wait
rm -rf "${ban_lock}"
}
service_triggers() {
local iface trigger trigger_action delay

14
net/banip/files/banip.tpl
View file

@ -6,7 +6,7 @@
#
local banip_info report_info log_info system_info mail_text
banip_info="$(/etc/init.d/banip status 2>/dev/null)"
banip_info="$(/etc/init.d/banip status 2>/dev/null | awk '{NR=1;max=140;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{print substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')"
report_info="$(cat ${ban_reportdir}/ban_report.txt 2>/dev/null)"
log_info="$("${ban_logreadcmd}" -l 100 -e "banIP/" 2>/dev/null | awk '{NR=1;max=140;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{print substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')"
system_info="$(
@ -14,11 +14,17 @@ system_info="$(
ubus call system board | awk 'BEGIN{FS="[{}\"]"}{if($2=="kernel"||$2=="hostname"||$2=="system"||$2=="model"||$2=="description")printf " + %-12s: %s\n",$2,$4}'
)"
# mail body
# content header
#
mail_text="$(printf "%s\n" "<html><body><pre style='display:block;font-family:monospace;font-size:1rem;padding:20;background-color:#f3eee5;white-space:pre'>")"
# content body
#
mail_text="$(printf "%s\n" "${mail_text}\n<strong>++\n++ System Information ++\n++</strong>\n${system_info:-"-"}")"
mail_text="$(printf "%s\n" "${mail_text}\n\n<strong>++\n++ banIP Status ++\n++</strong>\n${banip_info:-"-"}")"
mail_text="$(printf "%s\n" "${mail_text}\n\n<strong>++\n++ banIP Report ++\n++</strong>\n${report_info:-"-"}")"
mail_text="$(printf "%s\n" "${mail_text}\n\n<strong>++\n++ Logfile Information ++\n++</strong>\n${log_info}")"
[ -n "${report_info}" ] && mail_text="$(printf "%s\n" "${mail_text}\n\n<strong>++\n++ banIP Report ++\n++</strong>\n${report_info}")"
[ -n "${log_info}" ] && mail_text="$(printf "%s\n" "${mail_text}\n\n<strong>++\n++ Logfile Information ++\n++</strong>\n${log_info}")"
# content footer
#
mail_text="$(printf "%s\n" "${mail_text}</pre></body></html>")"

4
net/dnsproxy/Makefile
View file

@ -5,12 +5,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=dnsproxy
PKG_VERSION:=0.48.2
PKG_VERSION:=0.48.3
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/AdguardTeam/dnsproxy/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=fd385b3414e616aef5d96b7b007d5fc4fd21b73d6bc097811508e9ddb9b3f4cb
PKG_HASH:=bc5f5e6d812293c13b7b6d42eae72a82231d9f332af1d2947c37dbdbf663abf3
PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
PKG_LICENSE:=Apache-2.0

33
net/isc-dhcp/Makefile
View file

@ -9,8 +9,8 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=isc-dhcp
UPSTREAM_NAME:=dhcp
PKG_VERSION:=4.4.3
PKG_RELEASE:=7
PKG_VERSION:=4.4.3-P1
PKG_RELEASE:=1
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE
@ -21,7 +21,7 @@ PKG_SOURCE:=$(UPSTREAM_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=ftp://ftp.isc.org/isc/dhcp/$(PKG_VERSION) \
http://ftp.funet.fi/pub/mirrors/ftp.isc.org/isc/dhcp/$(PKG_VERSION) \
http://ftp.iij.ad.jp/pub/network/isc/dhcp/$(PKG_VERSION)
PKG_HASH:=0e3ec6b4c2a05ec0148874bcd999a66d05518378d77421f607fb0bc9d0135818
PKG_HASH:=0ac416bb55997ca8632174fd10737fd61cdb8dba2752160a335775bc21dc73c7
PKG_FIXUP:=autoreconf
PKG_BUILD_PARALLEL:=1
@ -132,18 +132,10 @@ $(call Package/isc-dhcp-server/description)
This package is compiled with IPv4 and IPv6 support.
endef
define Package/isc-dhcp-dyndns-ipv4
define Package/isc-dhcp-dyndns
$(call Package/isc-dhcp/Default)
TITLE+= server dynamic DNS dependencies (meta)
DEPENDS+=isc-dhcp-server-ipv4 +bind-server +bind-client
VARIANT:=ipv4
endef
define Package/isc-dhcp-dyndns-ipv6
$(call Package/isc-dhcp/Default)
TITLE+= server dynamic DNS dependencies (meta)
DEPENDS+=isc-dhcp-server-ipv6 +bind-server +bind-client
VARIANT:=ipv6
DEPENDS+=@(PACKAGE_isc-dhcp-server-ipv4||PACKAGE_isc-dhcp-server-ipv6) +bind-server +bind-client
endef
define Package/isc-dhcp-dyndns/description
@ -151,16 +143,6 @@ define Package/isc-dhcp-dyndns/description
Bootstrap Protocol (BOOTP).
endef
define Package/isc-dhcp-dyndns-ipv4/description
$(call Package/isc-dhcp-dyndns/description)
This package is compiled with IPv4 support only.
endef
define Package/isc-dhcp-dyndns-ipv6/description
$(call Package/isc-dhcp-dyndns/description)
This package is compiled with IPv4 and IPv6 support.
endef
define Package/isc-dhcp-omshell-ipv4
$(call Package/isc-dhcp/Default)
DEPENDS:= +isc-dhcp-server-ipv4
@ -257,7 +239,7 @@ define Package/isc-dhcp-server-ipv6/conffiles
/etc/dhcpd6.conf
endef
define Package/isc-dhcp-dyndns-$(BUILD_VARIANT)/install
define Package/isc-dhcp-dyndns/install
:
endef
@ -285,11 +267,10 @@ endef
$(eval $(call BuildPackage,isc-dhcp-relay-ipv4))
$(eval $(call BuildPackage,isc-dhcp-server-ipv4))
$(eval $(call BuildPackage,isc-dhcp-dyndns-ipv4))
$(eval $(call BuildPackage,isc-dhcp-dyndns))
$(eval $(call BuildPackage,isc-dhcp-client-ipv4))
$(eval $(call BuildPackage,isc-dhcp-omshell-ipv4))
$(eval $(call BuildPackage,isc-dhcp-relay-ipv6))
$(eval $(call BuildPackage,isc-dhcp-server-ipv6))
$(eval $(call BuildPackage,isc-dhcp-dyndns-ipv6))
$(eval $(call BuildPackage,isc-dhcp-client-ipv6))
$(eval $(call BuildPackage,isc-dhcp-omshell-ipv6))

11
net/strongswan/Makefile
View file

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=strongswan
PKG_VERSION:=5.9.10
PKG_RELEASE:=2
PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/
@ -130,7 +130,16 @@ define Package/strongswan
$(call Package/strongswan/Default)
MENU:=1
DEPENDS:= +libpthread +ip \
+kmod-crypto-aead \
+kmod-crypto-authenc \
+kmod-crypto-cbc \
+kmod-lib-zlib-inflate \
+kmod-lib-zlib-deflate \
+kmod-crypto-des \
+kmod-crypto-echainiv \
+kmod-crypto-hmac \
+kmod-crypto-md5 \
+kmod-crypto-sha1 \
+kmod-ipsec +kmod-ipsec4 +IPV6:kmod-ipsec6
endef

4
net/tinyproxy/Makefile
View file

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=tinyproxy
PKG_VERSION:=1.10.0
PKG_VERSION:=1.11.1
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/tinyproxy/tinyproxy/releases/download/$(PKG_VERSION)
PKG_HASH:=59be87689c415ba0d9c9bc6babbdd3df3b372d60b21e526b118d722dbc995682
PKG_HASH:=d66388448215d0aeb90d0afdd58ed00386fb81abc23ebac9d80e194fceb40f7c
PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
PKG_LICENSE:=GPL-2.0-or-later

7
net/tinyproxy/files/tinyproxy.config
View file

@ -63,6 +63,13 @@ option DefaultErrorFile "/usr/share/tinyproxy/default.html"
#
option StatFile "/usr/share/tinyproxy/stats.html"
#
# BasicAuth: Tinyproxy server operators may want to not run an "open" proxy
# for the whole world, but rather limit usage to a smaller goup
# of users. They then put the line.
#
#option BasicAuth "username password"
#
# Where to log the information. Either LogFile or Syslog should be set,
# but not both.

10
net/tinyproxy/files/tinyproxy.init
View file

@ -55,6 +55,14 @@ proxy_string() {
}
}
proxy_m_string() {
local SECTION=$1
local OPTION=$2
config_get _value "$SECTION" "$OPTION"
[ -n "$_value" ] && echo "${ALIAS:-${OPTION}} ""$_value"
}
proxy_flag() {
local SECTION=$1
local OPTION=$2
@ -108,6 +116,8 @@ start_proxy() {
proxy_string "$1" StatFile
proxy_string "$1" LogFile
proxy_m_string "$1" BasicAuth
proxy_flag "$1" Syslog
proxy_atom "$1" LogLevel

48
net/tinyproxy/patches/120-fix_INET6.patch
View file

@ -1,16 +1,15 @@
--- a/src/sock.c
+++ b/src/sock.c
@@ -39,8 +39,7 @@
* returned if the bind succeeded. Otherwise, -1 is returned
@@ -63,7 +63,7 @@ static const char * family_string (int a
* to indicate an error.
*/
-static int
static int
-bind_socket (int sockfd, const char *addr, int family)
+static int bind_socket (int sockfd, const char *addr)
+bind_socket (int sockfd, const char *addr)
{
struct addrinfo hints, *res, *ressave;
@@ -48,7 +47,7 @@ bind_socket (int sockfd, const char *add
int n;
@@ -72,14 +72,14 @@ bind_socket (int sockfd, const char *add
assert (addr != NULL && strlen (addr) != 0);
memset (&hints, 0, sizeof (struct addrinfo));
@ -18,8 +17,33 @@
+ hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
/* The local port it not important */
@@ -112,14 +111,12 @@ int opensock (const char *host, int port
/* The local port is not important */
n = getaddrinfo (addr, NULL, &hints, &res);
if (n != 0) {
log_message (LOG_INFO,
- "bind_socket: getaddrinfo failed for %s: %s (af: %s)", addr, get_gai_error (n), family_string(family));
+ "bind_socket: getaddrinfo failed for %s: %s", addr, get_gai_error (n));
return -1;
}
@@ -102,14 +102,14 @@ bind_socket (int sockfd, const char *add
* Try binding the given socket to supplied addresses, stopping when one succeeds.
*/
static int
-bind_socket_list (int sockfd, sblist *addresses, int family)
+bind_socket_list (int sockfd, sblist *addresses)
{
size_t nb_addresses = sblist_getsize(addresses);
size_t i;
for (i = 0; i < nb_addresses; i++) {
const char *address = *(const char **)sblist_get(addresses, i);
- if (bind_socket(sockfd, address, family) >= 0) {
+ if (bind_socket(sockfd, address) >= 0) {
log_message(LOG_INFO, "Bound to %s", address);
return 0;
}
@@ -170,14 +170,12 @@ int opensock (const char *host, int port
/* Bind to the specified address */
if (bind_to) {
@ -29,10 +53,10 @@
close (sockfd);
continue; /* can't bind, so try again */
}
} else if (config.bind_address) {
- if (bind_socket (sockfd, config.bind_address,
- res->ai_family) < 0) {
+ if (bind_socket (sockfd, config.bind_address) < 0) {
} else if (config->bind_addrs) {
- if (bind_socket_list (sockfd, config->bind_addrs,
- res->ai_family) < 0) {
+ if (bind_socket_list (sockfd, config->bind_addrs) < 0) {
close (sockfd);
continue; /* can't bind, so try again */
}

4
utils/coreutils/Makefile
View file

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=coreutils
PKG_VERSION:=9.1
PKG_VERSION:=9.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@GNU/coreutils
PKG_HASH:=61a1f410d78ba7e7f37a5a4f50e6d1320aca33375484a3255eddf17a38580423
PKG_HASH:=6885ff47b9cdb211de47d368c17853f406daaf98b148aaecdf10de29cc04b0b3
PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
PKG_LICENSE:=GPL-3.0-or-later

30
utils/coreutils/patches/001-no_docs_man_tests.patch
View file

@ -9,7 +9,7 @@
EXTRA_DIST = \
.mailmap \
@@ -210,6 +210,3 @@ AM_CPPFLAGS = -Ilib -I$(top_srcdir)/lib
@@ -211,6 +211,3 @@ AM_CPPFLAGS = -Ilib -I$(top_srcdir)/lib
include $(top_srcdir)/lib/local.mk
include $(top_srcdir)/src/local.mk
@ -18,7 +18,7 @@
-include $(top_srcdir)/tests/local.mk
--- a/Makefile.in
+++ b/Makefile.in
@@ -4115,11 +4115,7 @@ RECURSIVE_TARGETS = all-recursive check-
@@ -4145,11 +4145,7 @@ RECURSIVE_TARGETS = all-recursive check-
install-ps-recursive install-recursive installcheck-recursive \
installdirs-recursive pdf-recursive ps-recursive \
tags-recursive uninstall-recursive
@ -31,7 +31,7 @@
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
@@ -4369,10 +4365,10 @@ am__DIST_COMMON = $(doc_coreutils_TEXINF
@@ -4399,10 +4395,10 @@ am__DIST_COMMON = $(doc_coreutils_TEXINF
$(top_srcdir)/build-aux/missing \
$(top_srcdir)/build-aux/test-driver \
$(top_srcdir)/build-aux/texinfo.tex \
@ -46,25 +46,25 @@
$(top_srcdir)/tests/local.mk ABOUT-NLS AUTHORS COPYING \
ChangeLog INSTALL NEWS README THANKS TODO build-aux/compile \
build-aux/config.guess build-aux/config.rpath \
@@ -4479,7 +4475,7 @@ EOVERFLOW_VALUE = @EOVERFLOW_VALUE@
ERRNO_H = @ERRNO_H@
@@ -4516,7 +4512,7 @@ ERROR_H = @ERROR_H@
ETAGS = @ETAGS@
EUIDACCESS_LIBGEN = @EUIDACCESS_LIBGEN@
EXEEXT = @EXEEXT@
-EXTRA_MANS = @EXTRA_MANS@
+EXTRA_MANS =
FDATASYNC_LIB = @FDATASYNC_LIB@
FILE_HAS_ACL_LIB = @FILE_HAS_ACL_LIB@
FLOAT_H = @FLOAT_H@
FNMATCH_H = @FNMATCH_H@
GETADDRINFO_LIB = @GETADDRINFO_LIB@
@@ -6057,7 +6053,7 @@ libexecdir = @libexecdir@
lispdir = @lispdir@
localedir = @localedir@
@@ -6171,7 +6167,7 @@ localedir_c_make = @localedir_c_make@
localstatedir = @localstatedir@
localstatedir_c = @localstatedir_c@
localstatedir_c_make = @localstatedir_c_make@
-man1_MANS = @man1_MANS@
+man1_MANS =
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
@@ -6080,7 +6076,7 @@ top_build_prefix = @top_build_prefix@
mandir_c = @mandir_c@
mandir_c_make = @mandir_c_make@
@@ -6220,7 +6216,7 @@ top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
ALL_RECURSIVE_TARGETS = distcheck-hook check-root
@ -73,7 +73,7 @@
#if GNU_MAKE
# [nicer features that work only with GNU Make]
@@ -8272,7 +8268,7 @@ all: $(BUILT_SOURCES)
@@ -8425,7 +8421,7 @@ all: $(BUILT_SOURCES)
.SUFFIXES: .1 .c .dvi .log .o .obj .pl .pl$(EXEEXT) .ps .sh .sh$(EXEEXT) .trs .x .xpl .xpl$(EXEEXT) .y
am--refresh: Makefile
@:
@ -82,7 +82,7 @@
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
@@ -8294,7 +8290,7 @@ Makefile: $(srcdir)/Makefile.in $(top_bu
@@ -8447,7 +8443,7 @@ Makefile: $(srcdir)/Makefile.in $(top_bu
echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles)'; \
cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles);; \
esac;

6
utils/fio/Makefile
View file

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fio
PKG_VERSION:=3.29
PKG_RELEASE:=$(AUTORELEASE)
PKG_VERSION:=3.34
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=http://brick.kernel.dk/snaps
PKG_HASH:=acffb407d14e973321ada4cf234b2840a94fff7989350cfe62142daba79e6786
PKG_HASH:=a5a28f19c701d4c8e04924bec1b85f6ac8c67fc8fe75968a5d6990e0b656a7a7
PKG_MAINTAINER:=
PKG_LICENSE:=GPL-2.0-or-later

6
utils/lxc/Makefile
View file

@ -9,12 +9,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=lxc
PKG_VERSION:=5.0.1
PKG_RELEASE:=4
PKG_VERSION:=5.0.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://linuxcontainers.org/downloads/lxc/
PKG_HASH:=d8195423bb1e206f8521d24b6cde4789f043960c7cf065990a9cf741dcfd4222
PKG_HASH:=bea08d2e49efcee34fa58acd2bc95c0adc64d291c07f4cfaf4ac1d8ac5a36f45
PKG_MAINTAINER:=Marko Ratkaj <markoratkaj@gmail.com>
PKG_LICENSE:=LGPL-2.1-or-later BSD-2-Clause GPL-2.0

173
utils/lxc/patches/001-build-detect-where-struct-mount_attr-is-declared.patch
View file

@ -1,173 +0,0 @@
From c1115e1503bf955c97f4cf3b925a6a9f619764c3 Mon Sep 17 00:00:00 2001
From: Christian Brauner <brauner@kernel.org>
Date: Tue, 9 Aug 2022 16:14:25 +0200
Subject: build: detect where struct mount_attr is declared
Fixes: #4176
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
---
meson.build | 30 ++++++++++++++++++++++++++++--
src/lxc/conf.c | 6 +++---
src/lxc/conf.h | 2 +-
src/lxc/mount_utils.c | 6 +++---
src/lxc/syscall_wrappers.h | 12 ++++++++++--
5 files changed, 45 insertions(+), 11 deletions(-)
--- a/meson.build
+++ b/meson.build
@@ -589,7 +589,6 @@ decl_headers = '''
foreach decl: [
'__aligned_u64',
'struct clone_args',
- 'struct mount_attr',
'struct open_how',
'struct rtnl_link_stats64',
]
@@ -609,7 +608,6 @@ foreach tuple: [
['struct seccomp_notif_sizes'],
['struct clone_args'],
['__aligned_u64'],
- ['struct mount_attr'],
['struct open_how'],
['struct rtnl_link_stats64'],
]
@@ -629,6 +627,34 @@ foreach tuple: [
endif
endforeach
+## Types.
+decl_headers = '''
+#include <sys/mount.h>
+'''
+
+# We get -1 if the size cannot be determined
+if cc.sizeof('struct mount_attr', prefix: decl_headers, args: '-D_GNU_SOURCE') > 0
+ srcconf.set10('HAVE_' + 'struct mount_attr'.underscorify().to_upper(), true)
+ found_types += 'struct mount_attr (sys/mount.h)'
+else
+ srcconf.set10('HAVE_' + 'struct mount_attr'.underscorify().to_upper(), false)
+ missing_types += 'struct mount_attr (sys/mount.h)'
+endif
+
+## Types.
+decl_headers = '''
+#include <linux/mount.h>
+'''
+
+# We get -1 if the size cannot be determined
+if cc.sizeof('struct mount_attr', prefix: decl_headers, args: '-D_GNU_SOURCE') > 0
+ srcconf.set10('HAVE_UAPI_' + 'struct mount_attr'.underscorify().to_upper(), true)
+ found_types += 'struct mount_attr (linux/mount.h)'
+else
+ srcconf.set10('HAVE_UAPI_' + 'struct mount_attr'.underscorify().to_upper(), false)
+ missing_types += 'struct mount_attr (linux/mount.h)'
+endif
+
## Headers.
foreach ident: [
['bpf', '''#include <sys/syscall.h>
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2885,7 +2885,7 @@ static int __lxc_idmapped_mounts_child(s
struct lxc_mount_options opts = {};
int dfd_from;
const char *source_relative, *target_relative;
- struct lxc_mount_attr attr = {};
+ struct mount_attr attr = {};
ret = parse_lxc_mount_attrs(&opts, mntent.mnt_opts);
if (ret < 0)
@@ -3005,7 +3005,7 @@ static int __lxc_idmapped_mounts_child(s
/* Set propagation mount options. */
if (opts.attr.propagation) {
- attr = (struct lxc_mount_attr) {
+ attr = (struct mount_attr) {
.propagation = opts.attr.propagation,
};
@@ -4109,7 +4109,7 @@ int lxc_idmapped_mounts_parent(struct lx
for (;;) {
__do_close int fd_from = -EBADF, fd_userns = -EBADF;
- struct lxc_mount_attr attr = {};
+ struct mount_attr attr = {};
struct lxc_mount_options opts = {};
ssize_t ret;
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -223,7 +223,7 @@ struct lxc_mount_options {
unsigned long mnt_flags;
unsigned long prop_flags;
char *data;
- struct lxc_mount_attr attr;
+ struct mount_attr attr;
char *raw_options;
};
--- a/src/lxc/mount_utils.c
+++ b/src/lxc/mount_utils.c
@@ -31,7 +31,7 @@ lxc_log_define(mount_utils, lxc);
* setting in @attr_set, but must also specify MOUNT_ATTR__ATIME in the
* @attr_clr field.
*/
-static inline void set_atime(struct lxc_mount_attr *attr)
+static inline void set_atime(struct mount_attr *attr)
{
switch (attr->attr_set & MOUNT_ATTR__ATIME) {
case MOUNT_ATTR_RELATIME:
@@ -272,7 +272,7 @@ int create_detached_idmapped_mount(const
{
__do_close int fd_tree_from = -EBADF;
unsigned int open_tree_flags = OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC;
- struct lxc_mount_attr attr = {
+ struct mount_attr attr = {
.attr_set = MOUNT_ATTR_IDMAP | attr_set,
.attr_clr = attr_clr,
.userns_fd = userns_fd,
@@ -335,7 +335,7 @@ int __fd_bind_mount(int dfd_from, const
__u64 attr_clr, __u64 propagation, int userns_fd,
bool recursive)
{
- struct lxc_mount_attr attr = {
+ struct mount_attr attr = {
.attr_set = attr_set,
.attr_clr = attr_clr,
.propagation = propagation,
--- a/src/lxc/syscall_wrappers.h
+++ b/src/lxc/syscall_wrappers.h
@@ -18,6 +18,12 @@
#include "macro.h"
#include "syscall_numbers.h"
+#if HAVE_STRUCT_MOUNT_ATTR
+#include <sys/mount.h>
+#elif HAVE_UAPI_STRUCT_MOUNT_ATTR
+#include <linux/mount.h>
+#endif
+
#ifdef HAVE_LINUX_MEMFD_H
#include <linux/memfd.h>
#endif
@@ -210,16 +216,18 @@ extern int fsmount(int fs_fd, unsigned i
/*
* mount_setattr()
*/
-struct lxc_mount_attr {
+#if !HAVE_STRUCT_MOUNT_ATTR && !HAVE_UAPI_STRUCT_MOUNT_ATTR
+struct mount_attr {
__u64 attr_set;
__u64 attr_clr;
__u64 propagation;
__u64 userns_fd;
};
+#endif
#if !HAVE_MOUNT_SETATTR
static inline int mount_setattr(int dfd, const char *path, unsigned int flags,
- struct lxc_mount_attr *attr, size_t size)
+ struct mount_attr *attr, size_t size)
{
return syscall(__NR_mount_setattr, dfd, path, flags, attr, size);
}

47
utils/lxc/patches/002-build-detect-sys-pidfd.h-availability.patch
View file

@ -1,47 +0,0 @@
From ef1e0607b82e27350c2d677d649c6a0a9693fd40 Mon Sep 17 00:00:00 2001
From: Christian Brauner <brauner@kernel.org>
Date: Tue, 9 Aug 2022 16:27:40 +0200
Subject: build: detect sys/pidfd.h availability
Fixes: #4176
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
---
meson.build | 1 +
src/lxc/process_utils.h | 6 ++++++
2 files changed, 7 insertions(+)
--- a/meson.build
+++ b/meson.build
@@ -734,6 +734,7 @@ foreach tuple: [
['sys/resource.h'],
['sys/memfd.h'],
['sys/personality.h'],
+ ['sys/pidfd.h'],
['sys/signalfd.h'],
['sys/timerfd.h'],
['pty.h'],
--- a/src/lxc/process_utils.h
+++ b/src/lxc/process_utils.h
@@ -15,6 +15,10 @@
#include <sys/syscall.h>
#include <unistd.h>
+#if HAVE_SYS_PIDFD_H
+#include <sys/pidfd.h>
+#endif
+
#include "compiler.h"
#include "syscall_numbers.h"
@@ -136,9 +140,11 @@
#endif
/* waitid */
+#if !HAVE_SYS_PIDFD_H
#ifndef P_PIDFD
#define P_PIDFD 3
#endif
+#endif
#ifndef CLONE_ARGS_SIZE_VER0
#define CLONE_ARGS_SIZE_VER0 64 /* sizeof first published struct */

143
utils/lxc/patches/003-build-check-for-FS_CONFIG_-header-symbol-in-sys-moun.patch
View file

@ -1,143 +0,0 @@
From cbabe8abf11e7e7fb49c123bae31efdd9bc8f1e8 Mon Sep 17 00:00:00 2001
From: Christian Brauner <brauner@kernel.org>
Date: Tue, 9 Aug 2022 17:19:40 +0200
Subject: build: check for FS_CONFIG_* header symbol in sys/mount.h
Fixes: #4176
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
---
meson.build | 59 +++++++++++++++++++++++++++++++++++++++++--
src/lxc/mount_utils.h | 16 ++++++++++++
2 files changed, 73 insertions(+), 2 deletions(-)
--- a/meson.build
+++ b/meson.build
@@ -638,8 +638,7 @@ if cc.sizeof('struct mount_attr', prefix
found_types += 'struct mount_attr (sys/mount.h)'
else
srcconf.set10('HAVE_' + 'struct mount_attr'.underscorify().to_upper(), false)
- missing_types += 'struct mount_attr (sys/mount.h)'
-endif
+ missing_types += 'struct mount_attr (sys/mount.h)' endif
## Types.
decl_headers = '''
@@ -655,6 +654,62 @@ else
missing_types += 'struct mount_attr (linux/mount.h)'
endif
+if cc.has_header_symbol('sys/mount.h', 'FSCONFIG_SET_FLAG')
+ srcconf.set10('HAVE_' + 'FSCONFIG_SET_FLAG'.underscorify().to_upper(), true)
+ found_types += 'FSCONFIG_SET_FLAG'
+else
+ srcconf.set10('HAVE_' + 'FSCONFIG_SET_FLAG'.underscorify().to_upper(), false)
+ missing_types += 'FSCONFIG_SET_FLAG'
+endif
+
+if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_STRING')
+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_STRING'.underscorify().to_upper(), true)
+ found_types += 'FS_CONFIG_SET_STRING'
+else
+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_STRING'.underscorify().to_upper(), false)
+ missing_types += 'FS_CONFIG_SET_STRING'
+endif
+
+if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_BINARY')
+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_BINARY'.underscorify().to_upper(), true)
+ found_types += 'FS_CONFIG_SET_BINARY'
+else
+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_BINARY'.underscorify().to_upper(), false)
+ missing_types += 'FS_CONFIG_SET_BINARY'
+endif
+
+if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_PATH_EMPTY')
+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_EMPTY'.underscorify().to_upper(), true)
+ found_types += 'FS_CONFIG_SET_PATH_EMPTY'
+else
+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_EMPTY'.underscorify().to_upper(), false)
+ missing_types += 'FS_CONFIG_SET_PATH_EMPTY'
+endif
+
+if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_PATH_FD')
+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_FD'.underscorify().to_upper(), true)
+ found_types += 'FS_CONFIG_SET_PATH_FD'
+else
+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_FD'.underscorify().to_upper(), false)
+ missing_types += 'FS_CONFIG_SET_PATH_FD'
+endif
+
+if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_CMD_CREATE')
+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_CREATE'.underscorify().to_upper(), true)
+ found_types += 'FS_CONFIG_SET_CMD_CREATE'
+else
+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_CREATE'.underscorify().to_upper(), false)
+ missing_types += 'FS_CONFIG_SET_CMD_CREATE'
+endif
+
+if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_CMD_RECONFIGURE')
+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_RECONFIGURE'.underscorify().to_upper(), true)
+ found_types += 'FS_CONFIG_SET_CMD_RECONFIGURE'
+else
+ srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_RECONFIGURE'.underscorify().to_upper(), false)
+ missing_types += 'FS_CONFIG_SET_CMD_RECONFIGURE'
+endif
+
## Headers.
foreach ident: [
['bpf', '''#include <sys/syscall.h>
--- a/src/lxc/mount_utils.h
+++ b/src/lxc/mount_utils.h
@@ -82,37 +82,53 @@ struct lxc_rootfs;
#endif
/* fsconfig() commands */
+#if !HAVE_FSCONFIG_SET_FLAG
#ifndef FSCONFIG_SET_FLAG
#define FSCONFIG_SET_FLAG 0 /* Set parameter, supplying no value */
#endif
+#endif
+#if !HAVE_FSCONFIG_SET_STRING
#ifndef FSCONFIG_SET_STRING
#define FSCONFIG_SET_STRING 1 /* Set parameter, supplying a string value */
#endif
+#endif
+#if !HAVE_FSCONFIG_SET_BINARY
#ifndef FSCONFIG_SET_BINARY
#define FSCONFIG_SET_BINARY 2 /* Set parameter, supplying a binary blob value */
#endif
+#endif
+#if !HAVE_FSCONFIG_SET_PATH
#ifndef FSCONFIG_SET_PATH
#define FSCONFIG_SET_PATH 3 /* Set parameter, supplying an object by path */
#endif
+#endif
+#if !HAVE_FSCONFIG_SET_PATH_EMPTY
#ifndef FSCONFIG_SET_PATH_EMPTY
#define FSCONFIG_SET_PATH_EMPTY 4 /* Set parameter, supplying an object by (empty) path */
#endif
+#endif
+#if !HAVE_FSCONFIG_SET_FD
#ifndef FSCONFIG_SET_FD
#define FSCONFIG_SET_FD 5 /* Set parameter, supplying an object by fd */
#endif
+#endif
+#if !HAVE_FSCONFIG_CMD_CREATE
#ifndef FSCONFIG_CMD_CREATE
#define FSCONFIG_CMD_CREATE 6 /* Invoke superblock creation */
#endif
+#endif
+#if !FSCONFIG_CMD_RECONFIGURE
#ifndef FSCONFIG_CMD_RECONFIGURE
#define FSCONFIG_CMD_RECONFIGURE 7 /* Invoke superblock reconfiguration */
#endif
+#endif
/* fsmount() flags */
#ifndef FSMOUNT_CLOEXEC

197
utils/lxc/patches/011-tree-wide-wipe-direct-or-indirect-linux-mount.h-incl.patch
View file

@ -1,197 +0,0 @@
From 4771699fd97b1e9ee7dc4f7cfe01c8ddd698f682 Mon Sep 17 00:00:00 2001
From: Christian Brauner <brauner@kernel.org>
Date: Wed, 10 Aug 2022 11:42:52 +0200
Subject: tree-wide: wipe direct or indirect linux/mount.h inclusion
It is incompatible with sys/mount.h and causes massive headaches.
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
---
meson.build | 44 +++++++++++++-------------------------
src/lxc/macro.h | 13 +++++++++++
src/lxc/mount_utils.h | 2 +-
src/lxc/syscall_wrappers.h | 9 ++------
src/lxc/utils.c | 2 --
5 files changed, 31 insertions(+), 39 deletions(-)
--- a/meson.build
+++ b/meson.build
@@ -627,7 +627,6 @@ foreach tuple: [
endif
endforeach
-## Types.
decl_headers = '''
#include <sys/mount.h>
'''
@@ -640,74 +639,61 @@ else
srcconf.set10('HAVE_' + 'struct mount_attr'.underscorify().to_upper(), false)
missing_types += 'struct mount_attr (sys/mount.h)' endif
-## Types.
-decl_headers = '''
-#include <linux/mount.h>
-'''
-
-# We get -1 if the size cannot be determined
-if cc.sizeof('struct mount_attr', prefix: decl_headers, args: '-D_GNU_SOURCE') > 0
- srcconf.set10('HAVE_UAPI_' + 'struct mount_attr'.underscorify().to_upper(), true)
- found_types += 'struct mount_attr (linux/mount.h)'
-else
- srcconf.set10('HAVE_UAPI_' + 'struct mount_attr'.underscorify().to_upper(), false)
- missing_types += 'struct mount_attr (linux/mount.h)'
-endif
-
+## Check if sys/mount.h defines the fsconfig commands
if cc.has_header_symbol('sys/mount.h', 'FSCONFIG_SET_FLAG')
srcconf.set10('HAVE_' + 'FSCONFIG_SET_FLAG'.underscorify().to_upper(), true)
- found_types += 'FSCONFIG_SET_FLAG'
+ found_types += 'FSCONFIG_SET_FLAG (sys/mount.h)'
else
srcconf.set10('HAVE_' + 'FSCONFIG_SET_FLAG'.underscorify().to_upper(), false)
- missing_types += 'FSCONFIG_SET_FLAG'
+ missing_types += 'FSCONFIG_SET_FLAG (sys/mount.h)'
endif
if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_STRING')
srcconf.set10('HAVE_' + 'FS_CONFIG_SET_STRING'.underscorify().to_upper(), true)
- found_types += 'FS_CONFIG_SET_STRING'
+ found_types += 'FS_CONFIG_SET_STRING (sys/mount.h)'
else
srcconf.set10('HAVE_' + 'FS_CONFIG_SET_STRING'.underscorify().to_upper(), false)
- missing_types += 'FS_CONFIG_SET_STRING'
+ missing_types += 'FS_CONFIG_SET_STRING (sys/mount.h)'
endif
if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_BINARY')
srcconf.set10('HAVE_' + 'FS_CONFIG_SET_BINARY'.underscorify().to_upper(), true)
- found_types += 'FS_CONFIG_SET_BINARY'
+ found_types += 'FS_CONFIG_SET_BINARY (sys/mount.h)'
else
srcconf.set10('HAVE_' + 'FS_CONFIG_SET_BINARY'.underscorify().to_upper(), false)
- missing_types += 'FS_CONFIG_SET_BINARY'
+ missing_types += 'FS_CONFIG_SET_BINARY (sys/mount.h)'
endif
if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_PATH_EMPTY')
srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_EMPTY'.underscorify().to_upper(), true)
- found_types += 'FS_CONFIG_SET_PATH_EMPTY'
+ found_types += 'FS_CONFIG_SET_PATH_EMPTY (sys/mount.h)'
else
srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_EMPTY'.underscorify().to_upper(), false)
- missing_types += 'FS_CONFIG_SET_PATH_EMPTY'
+ missing_types += 'FS_CONFIG_SET_PATH_EMPTY (sys/mount.h)'
endif
if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_PATH_FD')
srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_FD'.underscorify().to_upper(), true)
- found_types += 'FS_CONFIG_SET_PATH_FD'
+ found_types += 'FS_CONFIG_SET_PATH_FD (sys/mount.h)'
else
srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_FD'.underscorify().to_upper(), false)
- missing_types += 'FS_CONFIG_SET_PATH_FD'
+ missing_types += 'FS_CONFIG_SET_PATH_FD (sys/mount.h)'
endif
if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_CMD_CREATE')
srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_CREATE'.underscorify().to_upper(), true)
- found_types += 'FS_CONFIG_SET_CMD_CREATE'
+ found_types += 'FS_CONFIG_SET_CMD_CREAT (sys/mount.h)'
else
srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_CREATE'.underscorify().to_upper(), false)
- missing_types += 'FS_CONFIG_SET_CMD_CREATE'
+ missing_types += 'FS_CONFIG_SET_CMD_CREATE (sys/mount.h)'
endif
if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_CMD_RECONFIGURE')
srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_RECONFIGURE'.underscorify().to_upper(), true)
- found_types += 'FS_CONFIG_SET_CMD_RECONFIGURE'
+ found_types += 'FS_CONFIG_SET_CMD_RECONFIGURE (sys/mount.h)'
else
srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_RECONFIGURE'.underscorify().to_upper(), false)
- missing_types += 'FS_CONFIG_SET_CMD_RECONFIGURE'
+ missing_types += 'FS_CONFIG_SET_CMD_RECONFIGURE (sys/mount.h)'
endif
## Headers.
--- a/src/lxc/macro.h
+++ b/src/lxc/macro.h
@@ -8,6 +8,7 @@
#include <asm/types.h>
#include <limits.h>
#include <linux/if_link.h>
+#include <linux/ioctl.h>
#include <linux/loop.h>
#include <linux/netlink.h>
#include <linux/rtnetlink.h>
@@ -812,4 +813,16 @@ static inline bool is_set(__u32 bit, __u
#define BIT(nr) (1UL << (nr))
+#ifndef FS_IOC_GETFLAGS
+#define FS_IOC_GETFLAGS _IOR('f', 1, long)
+#endif
+
+#ifndef FS_IOC_SETFLAGS
+#define FS_IOC_SETFLAGS _IOW('f', 2, long)
+#endif
+
+#ifndef FS_IMMUTABLE_FL
+#define FS_IMMUTABLE_FL 0x00000010 /* Immutable file */
+#endif
+
#endif /* __LXC_MACRO_H */
--- a/src/lxc/mount_utils.h
+++ b/src/lxc/mount_utils.h
@@ -124,7 +124,7 @@ struct lxc_rootfs;
#endif
#endif
-#if !FSCONFIG_CMD_RECONFIGURE
+#if !HAVE_FSCONFIG_CMD_RECONFIGURE
#ifndef FSCONFIG_CMD_RECONFIGURE
#define FSCONFIG_CMD_RECONFIGURE 7 /* Invoke superblock reconfiguration */
#endif
--- a/src/lxc/syscall_wrappers.h
+++ b/src/lxc/syscall_wrappers.h
@@ -10,6 +10,7 @@
#include <linux/keyctl.h>
#include <sched.h>
#include <stdint.h>
+#include <sys/mount.h>
#include <sys/prctl.h>
#include <sys/syscall.h>
#include <sys/types.h>
@@ -18,12 +19,6 @@
#include "macro.h"
#include "syscall_numbers.h"
-#if HAVE_STRUCT_MOUNT_ATTR
-#include <sys/mount.h>
-#elif HAVE_UAPI_STRUCT_MOUNT_ATTR
-#include <linux/mount.h>
-#endif
-
#ifdef HAVE_LINUX_MEMFD_H
#include <linux/memfd.h>
#endif
@@ -216,7 +211,7 @@ extern int fsmount(int fs_fd, unsigned i
/*
* mount_setattr()
*/
-#if !HAVE_STRUCT_MOUNT_ATTR && !HAVE_UAPI_STRUCT_MOUNT_ATTR
+#if !HAVE_STRUCT_MOUNT_ATTR
struct mount_attr {
__u64 attr_set;
__u64 attr_clr;
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -19,8 +19,6 @@
#include <string.h>
#include <sys/mman.h>
#include <sys/mount.h>
-/* Needs to be after sys/mount.h header */
-#include <linux/fs.h>
#include <sys/param.h>
#include <sys/prctl.h>
#include <sys/stat.h>

99
utils/lxc/patches/012-tree-wide-use-struct-clone_args-directly.patch
View file

@ -1,99 +0,0 @@
From 63468abd3287ebd5cc4ed9205334217031049fb4 Mon Sep 17 00:00:00 2001
From: Christian Brauner <brauner@kernel.org>
Date: Wed, 10 Aug 2022 12:03:54 +0200
Subject: tree-wide: use struct clone_args directly
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
---
meson.build | 1 -
src/lxc/process_utils.c | 2 +-
src/lxc/process_utils.h | 7 ++++---
src/lxc/start.c | 2 +-
src/lxc/start.h | 1 -
src/tests/reboot.c | 2 --
6 files changed, 6 insertions(+), 9 deletions(-)
--- a/meson.build
+++ b/meson.build
@@ -582,7 +582,6 @@ decl_headers = '''
#include <linux/fs.h>
#include <linux/if_link.h>
#include <linux/openat2.h>
-#include <linux/sched.h>
#include <linux/types.h>
'''
--- a/src/lxc/process_utils.c
+++ b/src/lxc/process_utils.c
@@ -90,7 +90,7 @@ __returns_twice pid_t lxc_raw_legacy_clo
__returns_twice pid_t lxc_raw_clone(unsigned long flags, int *pidfd)
{
pid_t pid;
- struct lxc_clone_args args = {
+ struct clone_args args = {
.flags = flags,
.pidfd = ptr_to_u64(pidfd),
};
--- a/src/lxc/process_utils.h
+++ b/src/lxc/process_utils.h
@@ -5,7 +5,6 @@
#include "config.h"
-#include <linux/sched.h>
#include <sched.h>
#include <signal.h>
#include <stdbool.h>
@@ -165,7 +164,8 @@
#define u64_to_ptr(x) ((void *)(uintptr_t)x)
#endif
-struct lxc_clone_args {
+#if !HAVE_STRUCT_CLONE_ARGS
+struct clone_args {
__aligned_u64 flags;
__aligned_u64 pidfd;
__aligned_u64 child_tid;
@@ -178,8 +178,9 @@ struct lxc_clone_args {
__aligned_u64 set_tid_size;
__aligned_u64 cgroup;
};
+#endif
-__returns_twice static inline pid_t lxc_clone3(struct lxc_clone_args *args, size_t size)
+__returns_twice static inline pid_t lxc_clone3(struct clone_args *args, size_t size)
{
return syscall(__NR_clone3, args, size);
}
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1673,7 +1673,7 @@ static int lxc_spawn(struct lxc_handler
} else {
int cgroup_fd = -EBADF;
- struct lxc_clone_args clone_args = {
+ struct clone_args clone_args = {
.flags = handler->clone_flags,
.pidfd = ptr_to_u64(&handler->pidfd),
.exit_signal = SIGCHLD,
--- a/src/lxc/start.h
+++ b/src/lxc/start.h
@@ -5,7 +5,6 @@
#include "config.h"
-#include <linux/sched.h>
#include <sched.h>
#include <signal.h>
#include <stdbool.h>
--- a/src/tests/reboot.c
+++ b/src/tests/reboot.c
@@ -32,8 +32,6 @@
#include "namespace.h"
-#include <sched.h>
-#include <linux/sched.h>
#include <linux/reboot.h>
int clone(int (*fn)(void *), void *child_stack, int flags, void *arg, ...);

112
utils/lxc/patches/013-tree-wide-use-struct-open_how-directly.patch
View file

@ -1,112 +0,0 @@
From 133aa416ca2a5996090ec0e697e253646364d274 Mon Sep 17 00:00:00 2001
From: Christian Brauner <brauner@kernel.org>
Date: Wed, 10 Aug 2022 12:18:49 +0200
Subject: tree-wide: use struct open_how directly
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
---
meson.build | 2 --
src/lxc/file_utils.c | 2 +-
src/lxc/mount_utils.c | 8 ++++----
src/lxc/syscall_wrappers.h | 6 ++++--
src/lxc/utils.c | 2 +-
5 files changed, 10 insertions(+), 10 deletions(-)
--- a/meson.build
+++ b/meson.build
@@ -579,9 +579,7 @@ decl_headers = '''
#include <uchar.h>
#include <sys/mount.h>
#include <sys/stat.h>
-#include <linux/fs.h>
#include <linux/if_link.h>
-#include <linux/openat2.h>
#include <linux/types.h>
'''
--- a/src/lxc/file_utils.c
+++ b/src/lxc/file_utils.c
@@ -652,7 +652,7 @@ int open_at(int dfd, const char *path, u
unsigned int resolve_flags, mode_t mode)
{
__do_close int fd = -EBADF;
- struct lxc_open_how how = {
+ struct open_how how = {
.flags = o_flags,
.mode = mode,
.resolve = resolve_flags,
--- a/src/lxc/mount_utils.c
+++ b/src/lxc/mount_utils.c
@@ -186,7 +186,7 @@ int fs_prepare(const char *fs_name,
int fd_from;
if (!is_empty_string(path_from)) {
- struct lxc_open_how how = {
+ struct open_how how = {
.flags = o_flags_from,
.resolve = resolve_flags_from,
};
@@ -237,7 +237,7 @@ int fs_attach(int fd_fs,
int fd_to, ret;
if (!is_empty_string(path_to)) {
- struct lxc_open_how how = {
+ struct open_how how = {
.flags = o_flags_to,
.resolve = resolve_flags_to,
};
@@ -308,7 +308,7 @@ int move_detached_mount(int dfd_from, in
int fd_to, ret;
if (!is_empty_string(path_to)) {
- struct lxc_open_how how = {
+ struct open_how how = {
.flags = o_flags_to,
.resolve = resolve_flags_to,
};
@@ -348,7 +348,7 @@ int __fd_bind_mount(int dfd_from, const
set_atime(&attr);
if (!is_empty_string(path_from)) {
- struct lxc_open_how how = {
+ struct open_how how = {
.flags = o_flags_from,
.resolve = resolve_flags_from,
};
--- a/src/lxc/syscall_wrappers.h
+++ b/src/lxc/syscall_wrappers.h
@@ -240,11 +240,13 @@ static inline int mount_setattr(int dfd,
* @mode: O_CREAT/O_TMPFILE file mode.
* @resolve: RESOLVE_* flags.
*/
-struct lxc_open_how {
+#if !HAVE_STRUCT_OPEN_HOW
+struct open_how {
__u64 flags;
__u64 mode;
__u64 resolve;
};
+#endif
/* how->resolve flags for openat2(2). */
#ifndef RESOLVE_NO_XDEV
@@ -296,7 +298,7 @@ struct lxc_open_how {
#define PROTECT_OPEN_RW (O_CLOEXEC | O_NOCTTY | O_RDWR | O_NOFOLLOW)
#if !HAVE_OPENAT2
-static inline int openat2(int dfd, const char *filename, struct lxc_open_how *how, size_t size)
+static inline int openat2(int dfd, const char *filename, struct open_how *how, size_t size)
{
return syscall(__NR_openat2, dfd, filename, how, size);
}
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -1095,7 +1095,7 @@ int __safe_mount_beneath_at(int beneath_
unsigned int flags, const void *data)
{
__do_close int source_fd = -EBADF, target_fd = -EBADF;
- struct lxc_open_how how = {
+ struct open_how how = {
.flags = PROTECT_OPATH_DIRECTORY,
.resolve = PROTECT_LOOKUP_BENEATH_WITH_MAGICLINKS,
};

4
utils/nano/Makefile
View file

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=nano
PKG_VERSION:=7.2
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@GNU/nano
@ -138,7 +138,7 @@ endef
define Package/nano-full/install
$(call Package/nano/install,$1)
$(INSTALL_DIR) $(1)/etc $(1)/usr/share/nano
$(INSTALL_CONF) ./files/nanorc $(1)/etc/nanorc
$(INSTALL_DATA) ./files/nanorc $(1)/etc/nanorc
$(INSTALL_DATA) ./files/uci.nanorc $(1)/usr/share/nano
$(CP) $(PKG_INSTALL_DIR)/usr/share/nano/* $(1)/usr/share/nano
endef

9
utils/squashfs-tools/Makefile
View file

@ -8,8 +8,8 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=squashfs-tools
PKG_VERSION:=4.5.1
PKG_RELEASE:=$(AUTORELEASE)
PKG_VERSION:=4.6.1
PKG_RELEASE:=1
PKG_LICENSE:=GPL-2.0-only
PKG_LICENSE_FILES:=COPYING
@ -18,7 +18,7 @@ PKG_CPE_ID:=cpe:/a:phillip_lougher:squashfs
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/plougher/squashfs-tools/tar.gz/${PKG_VERSION}?
PKG_HASH:=277b6e7f75a4a57f72191295ae62766a10d627a4f5e5f19eadfbc861378deea7
PKG_HASH:=94201754b36121a9f022a190c75f718441df15402df32c2b520ca331a107511c
PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
@ -52,9 +52,6 @@ endef
Build/Configure:=
MAKE_FLAGS += \
XATTR_SUPPORT=
ifneq ($(CONFIG_SQUASHFS_TOOLS_XZ_SUPPORT),)
MAKE_FLAGS += XZ_SUPPORT=1
endif

4
utils/stress-ng/Makefile
View file

@ -6,12 +6,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=stress-ng
PKG_VERSION:=0.15.03
PKG_VERSION:=0.15.06
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/ColinIanKing/stress-ng/tar.gz/refs/tags/V$(PKG_VERSION)?
PKG_HASH:=7cceca64da37fd3c8db7167ed386fd7d3e1d9d6891a1f6227911ab8d4b17379c
PKG_HASH:=c38cefcf0a83f6c65aed7c36e57a9a1ee8373418ef71cf089a75b0661dcd4623
PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
PKG_LICENSE:=GPL-2.0-only

2
utils/stress-ng/patches/001-disable-gpu-stressor.patch
View file

@ -1,6 +1,6 @@
--- a/Makefile.config
+++ b/Makefile.config
@@ -272,7 +272,7 @@ LD_GOLD:
@@ -264,7 +264,7 @@ clean:
libraries: \
configdir \
LIB_AIO LIB_APPARMOR LIB_BSD LIB_CRYPT LIB_DL \

2
utils/stress-ng/patches/002-disable-xxhash.patch
View file

@ -1,6 +1,6 @@
--- a/Makefile.config
+++ b/Makefile.config
@@ -274,7 +274,7 @@ libraries: \
@@ -266,7 +266,7 @@ libraries: \
LIB_AIO LIB_APPARMOR LIB_BSD LIB_CRYPT LIB_DL \
LIB_IPSEC_MB LIB_JPEG \
LIB_JUDY LIB_KMOD LIB_MD LIB_PTHREAD LIB_PTHREAD_SPINLOCK \

8
utils/zoneinfo/Makefile
View file

@ -1,5 +1,5 @@
#
# Copyright (C) 2007-2022 OpenWrt.org
# Copyright (C) 2007-2023 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
@ -9,7 +9,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=zoneinfo
PKG_VERSION:=2022g
PKG_VERSION:=2023c
PKG_RELEASE:=1
#As i couldn't find real license used "Public Domain"
@ -19,14 +19,14 @@ PKG_LICENSE:=Public Domain
PKG_SOURCE:=tzdata$(PKG_VERSION).tar.gz
PKG_SOURCE_CODE:=tzcode$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.iana.org/time-zones/repository/releases
PKG_HASH:=4491db8281ae94a84d939e427bdd83dc389f26764d27d9a5c52d782c16764478
PKG_HASH:=3f510b5d1b4ae9bb38e485aa302a776b317fb3637bdb6404c4adf7b6cadd965c
include $(INCLUDE_DIR)/package.mk
define Download/tzcode
FILE=$(PKG_SOURCE_CODE)
URL=$(PKG_SOURCE_URL)
HASH:=9610bb0b9656ff404c361a41f3286da53064b5469d84f00c9cb2314c8614da74
HASH:=46d17f2bb19ad73290f03a203006152e0fa0d7b11e5b71467c4a823811b214e7
endef
$(eval $(call Download,tzcode))