From e67eb58312b5b86fc1e10d8b7d1168cd64c16f6d Mon Sep 17 00:00:00 2001 From: Glen Huang Date: Tue, 18 Apr 2023 17:59:46 +0800 Subject: [PATCH 01/15] strongswan: enable nonce unconditionally Without nonce, charon won't start, so it's not an optional plugin. I asked one of the strongSwan maintainers (ecdsa), and he confirmed this: > It definitely has to be enabled unconditionally. The only other > provider for the NONCE_GEN plugin feature is in charon-tkm, so > completely irrelevant on OpenWrt Signed-off-by: Glen Huang --- net/strongswan/Makefile | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile index 7f0e0c960..51ff506fa 100644 --- a/net/strongswan/Makefile +++ b/net/strongswan/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=strongswan PKG_VERSION:=5.9.10 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/ @@ -59,7 +59,6 @@ PKG_MOD_AVAILABLE:= \ ldap \ led \ load-tester \ - nonce \ md4 \ md5 \ mgf1 \ @@ -200,7 +199,6 @@ $(call Package/strongswan/Default) +strongswan-mod-ldap \ +strongswan-mod-led \ +strongswan-mod-load-tester \ - +strongswan-mod-nonce \ +strongswan-mod-md4 \ +strongswan-mod-md5 \ +strongswan-mod-mgf1 \ @@ -272,7 +270,6 @@ $(call Package/strongswan/Default) +strongswan-mod-kernel-netlink \ +strongswan-mod-md5 \ +strongswan-mod-mgf1 \ - +strongswan-mod-nonce \ +strongswan-mod-pem \ +strongswan-mod-pgp \ +strongswan-mod-pkcs1 \ @@ -312,7 +309,6 @@ $(call Package/strongswan/Default) +strongswan-mod-kernel-netlink \ +strongswan-mod-md5 \ +strongswan-mod-mgf1 \ - +strongswan-mod-nonce \ +strongswan-mod-pubkey \ +strongswan-mod-random \ +strongswan-mod-sha1 \ @@ -341,7 +337,6 @@ $(call Package/strongswan/Default) @(PACKAGE_strongswan-mod-kdf||PACKAGE_strongswan-mod-openssl||PACKAGE_strongswan-mod-wolfssl) \ +strongswan-mod-kernel-netlink \ +strongswan-mod-mgf1 \ - +strongswan-mod-nonce \ +strongswan-mod-pubkey \ +strongswan-mod-random \ +strongswan-mod-sha1 \ @@ -470,6 +465,7 @@ CONFIGURE_ARGS+= \ --disable-scripts \ --disable-static \ --disable-fast \ + --enable-nonce \ --enable-mgf1 \ --enable-mediation \ --with-systemdsystemunitdir=no \ @@ -493,8 +489,11 @@ define Package/strongswan/install $(INSTALL_DIR) $(1)/etc $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/strongswan.conf $(1)/etc/ echo -e "\ninclude /var/ipsec/strongswan.conf" >> $(1)/etc/strongswan.conf - $(INSTALL_DIR) $(1)/usr/lib/ipsec + $(INSTALL_DIR) $(1)/etc/strongswan.d/charon + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/strongswan.d/charon/nonce.conf $(1)/etc/strongswan.d/charon/ + $(INSTALL_DIR) $(1)/usr/lib/ipsec/plugins $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libstrongswan.so.* $(1)/usr/lib/ipsec/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-nonce.so $(1)/usr/lib/ipsec/plugins/ endef define Package/strongswan-default/install @@ -700,7 +699,6 @@ $(eval $(call BuildPlugin,kernel-netlink,netlink kernel interface,)) $(eval $(call BuildPlugin,ldap,LDAP,+PACKAGE_strongswan-mod-ldap:libopenldap)) $(eval $(call BuildPlugin,led,LED blink on IKE activity,)) $(eval $(call BuildPlugin,load-tester,load testing,)) -$(eval $(call BuildPlugin,nonce,nonce generation,)) $(eval $(call BuildPlugin,md4,MD4 crypto,)) $(eval $(call BuildPlugin,md5,MD5 crypto,)) $(eval $(call BuildPlugin,mgf1,MGF1 crypto,)) From 04368973239948b1f995fff7d5189ccad90c08b1 Mon Sep 17 00:00:00 2001 From: Glen Huang Date: Tue, 18 Apr 2023 21:11:37 +0800 Subject: [PATCH 02/15] strongswan: add missing PKG_MOD_AVAILABLE Without these charon will warn with messages like: plugin 'kdf': failed to load - kdf_plugin_create not found and no plugin file available plugin 'drbg': failed to load - drbg_plugin_create not found and no plugin file available Signed-off-by: Glen Huang --- net/strongswan/Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile index 51ff506fa..b05b42501 100644 --- a/net/strongswan/Makefile +++ b/net/strongswan/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=strongswan PKG_VERSION:=5.9.10 -PKG_RELEASE:=4 +PKG_RELEASE:=5 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/ @@ -39,6 +39,7 @@ PKG_MOD_AVAILABLE:= \ des \ dhcp \ dnskey \ + drbg \ duplicheck \ eap-identity \ eap-md5 \ @@ -54,6 +55,7 @@ PKG_MOD_AVAILABLE:= \ gmpdh \ ha \ hmac \ + kdf \ kernel-libipsec \ kernel-netlink \ ldap \ From e36a55c9ed293bd608d18918cdda8dceffad9d96 Mon Sep 17 00:00:00 2001 From: Glen Huang Date: Thu, 13 Apr 2023 17:55:02 +0800 Subject: [PATCH 03/15] openssh: preserve authorized_keys The root user is usually the user that clients ssh into with, so in most cases its authorized_keys determines what clients are allowed to ssh into this device. Without preserving this file, they could potentially be locked out after upgrading. Signed-off-by: Glen Huang --- net/openssh/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/openssh/Makefile b/net/openssh/Makefile index 66c32f7ba..06cba0afe 100644 --- a/net/openssh/Makefile +++ b/net/openssh/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssh PKG_VERSION:=9.3p1 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ @@ -105,6 +105,7 @@ define Package/openssh-server/conffiles /etc/ssh/ssh_host_ed25519_key.pub /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub +/root/.ssh/authorized_keys endef define Package/openssh-server-pam From 977d8e5a6fbf5610b19e7452574cbb840b39947d Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Mon, 24 Apr 2023 14:10:19 +0800 Subject: [PATCH 04/15] python-pyasn1: Update to 0.5.0 Signed-off-by: Jeffery To --- lang/python/python-pyasn1/Makefile | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/lang/python/python-pyasn1/Makefile b/lang/python/python-pyasn1/Makefile index 0b7e9ae50..998a06a57 100644 --- a/lang/python/python-pyasn1/Makefile +++ b/lang/python/python-pyasn1/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2015-2018 OpenWrt.org +# Copyright (C) 2015, 2018-2020, 2023 Jeffery To # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -8,14 +8,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-pyasn1 -PKG_VERSION:=0.4.8 -PKG_RELEASE:=2 +PKG_VERSION:=0.5.0 +PKG_RELEASE:=1 PYPI_NAME:=pyasn1 -PKG_HASH:=aef77c9fb94a3ac588e87841208bdec464471d9871bd5050a287cc9a475cd0ba +PKG_HASH:=97b7290ca68e62a832558ec3976f15cbf911bf5d7c7039d8b861c2a0ece69fde PKG_LICENSE:=BSD-2-Clause -PKG_LICENSE_FILES:=LICENSE.txt +PKG_LICENSE_FILES:=LICENSE.rst PKG_MAINTAINER:=Jeffery To include ../pypi.mk @@ -26,9 +26,9 @@ define Package/python3-pyasn1 SECTION:=lang CATEGORY:=Languages SUBMENU:=Python - TITLE:=ASN.1 library for Python - URL:=https://github.com/etingof/pyasn1 - DEPENDS:=+python3-light + TITLE:=ASN.1 types and DER/BER/CER codecs (X.208) + URL:=https://github.com/pyasn1/pyasn1 + DEPENDS:=+python3-light +python3-logging endef define Package/python3-pyasn1/description From 36587eced2530575d493a2561463f232ba8ee795 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Mon, 17 Apr 2023 17:00:16 +0800 Subject: [PATCH 05/15] python-zope-interface: Update to 6.0, refresh patch Signed-off-by: Jeffery To --- lang/python/python-zope-interface/Makefile | 7 ++++--- .../python-zope-interface/patches/001-omit-tests.patch | 4 ++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/lang/python/python-zope-interface/Makefile b/lang/python/python-zope-interface/Makefile index b5b589f7e..d1fb831d0 100644 --- a/lang/python/python-zope-interface/Makefile +++ b/lang/python/python-zope-interface/Makefile @@ -1,5 +1,6 @@ # -# Copyright (C) 2006-2011, 2015-2018 OpenWrt.org +# Copyright (C) 2006-2011 OpenWrt.org +# Copyright (C) 2015-2016, 2018-2021, 2023 Jeffery To # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -8,11 +9,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-zope-interface -PKG_VERSION:=5.4.0 +PKG_VERSION:=6.0 PKG_RELEASE:=1 PYPI_NAME:=zope.interface -PKG_HASH:=5dba5f530fec3f0988d83b78cc591b58c0b6eb8431a85edd1569a0539a8a5a0e +PKG_HASH:=aab584725afd10c710b8f1e6e208dbee2d0ad009f57d674cb9d1b3964037275d PKG_LICENSE:=ZPL-2.1 PKG_LICENSE_FILES:=LICENSE.txt diff --git a/lang/python/python-zope-interface/patches/001-omit-tests.patch b/lang/python/python-zope-interface/patches/001-omit-tests.patch index 40aed6e2b..364ae216f 100644 --- a/lang/python/python-zope-interface/patches/001-omit-tests.patch +++ b/lang/python/python-zope-interface/patches/001-omit-tests.patch @@ -1,6 +1,6 @@ --- a/setup.py +++ b/setup.py -@@ -125,7 +125,7 @@ setup(name='zope.interface', +@@ -124,7 +124,7 @@ setup(name='zope.interface', "Framework :: Zope :: 3", "Topic :: Software Development :: Libraries :: Python Modules", ], @@ -9,7 +9,7 @@ package_dir={'': 'src'}, namespace_packages=["zope"], cmdclass={ -@@ -133,6 +133,7 @@ setup(name='zope.interface', +@@ -132,6 +132,7 @@ setup(name='zope.interface', }, test_suite='zope.interface.tests', include_package_data=True, From 743204ff2dc5f170ea40b13159b9a061112fc363 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Mon, 17 Apr 2023 20:46:40 +0800 Subject: [PATCH 06/15] python-idna: Update to 3.4 Signed-off-by: Jeffery To --- lang/python/python-idna/Makefile | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lang/python/python-idna/Makefile b/lang/python/python-idna/Makefile index 0844a87c1..ee8738a61 100644 --- a/lang/python/python-idna/Makefile +++ b/lang/python/python-idna/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2015-2019 OpenWrt.org +# Copyright (C) 2015-2016, 2018-2020, 2023 Jeffery To # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -8,16 +8,18 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-idna -PKG_VERSION:=3.3 -PKG_RELEASE:=2 +PKG_VERSION:=3.4 +PKG_RELEASE:=1 PYPI_NAME:=idna -PKG_HASH:=9d643ff0a55b762d5cdb124b8eaa99c66322e2157b69160bc32796e824360e6d +PKG_HASH:=814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE.rst PKG_MAINTAINER:=Jeffery To +PKG_BUILD_DEPENDS:=python-flit-core/host + include ../pypi.mk include $(INCLUDE_DIR)/package.mk include ../python3-package.mk From a35431f2bfbb3bc34a8f2ea34b3f2377c19c33c8 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Tue, 18 Apr 2023 17:18:06 +0800 Subject: [PATCH 07/15] python: Update find stdlib script This updates the python3-find-stdlib-depends.sh script for these changes: * The gdbm (dbm.gnu) package was merged into the dbm package in 78f6c2c5ad2fd3de8a33a1cddb02204177cf60ad. * The uuid module was split into a separate package in 4e05541782edeb06b51d691dadf52648df24c940. Signed-off-by: Jeffery To --- lang/python/python3-find-stdlib-depends.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/python/python3-find-stdlib-depends.sh b/lang/python/python3-find-stdlib-depends.sh index d0e983820..c402d2308 100644 --- a/lang/python/python3-find-stdlib-depends.sh +++ b/lang/python/python3-find-stdlib-depends.sh @@ -14,11 +14,10 @@ python3-cgi: cgi python3-cgitb: cgitb python3-codecs: unicodedata python3-ctypes: ctypes -python3-dbm: dbm +python3-dbm: dbm dbm.dumb dbm.gnu dbm.ndbm python3-decimal: decimal python3-distutils: distutils python3-email: email -python3-gdbm: dbm.gnu python3-logging: logging python3-lzma: lzma python3-multiprocessing: multiprocessing @@ -29,6 +28,7 @@ python3-readline: readline python3-sqlite3: sqlite3 python3-unittest: unittest python3-urllib: urllib +python3-uuid: uuid python3-xml: xml xmlrpc " From 39c14b859abc0fdbe9a6bea112e9cc5b0406f753 Mon Sep 17 00:00:00 2001 From: Luiz Angelo Daros de Luca Date: Mon, 24 Apr 2023 17:06:13 -0300 Subject: [PATCH 08/15] ruby: statically link extensions into host ruby Ruby uses extensions (.so files) that might also depend on other libraries. When the linker builds an executable, it will refer to the path it found the library, including those in the stagging dir. However, when it links a shared library (like ruby exts), it will let that dependency to be resolved at runtime. During host and target build, ruby build script runs ruby scripts. When it loads a ext that depends on another library, it will, by default, look for the system libraries to satisfy that, breaking the build when it fails. Setting LD_LIBRARY_PATH to the stagging lib dir is a valid workaround. Ruby can also be built statically linking all exts into ruby executable. That will make the linker point to the stagging library path, fixing the issue. It was used in the past but, at some point, ruby broke it. Now it is working as expected. Closes #20839 While at it, clean up excluded extensions not used by host ruby. Signed-off-by: Luiz Angelo Daros de Luca --- lang/ruby/Makefile | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/lang/ruby/Makefile b/lang/ruby/Makefile index d274e21e6..6e16b86d7 100644 --- a/lang/ruby/Makefile +++ b/lang/ruby/Makefile @@ -39,17 +39,8 @@ HOST_CONFIGURE_ARGS += \ --disable-install-rdoc \ --disable-install-capi \ --without-gmp \ - --with-out-ext=-test-/array/resize,-test-/bignum,-test-/bug-3571,-test-/bug-5832,-test-/bug_reporter,-test-/class,-test-/debug,-test-/dln/empty,-test-/exception,-test-/fatal,-test-/file,-test-/float,-test-/funcall,-test-/gvl/call_without_gvl,-test-/hash,-test-/integer,-test-/iseq_load,-test-/iter,-test-/load/dot.dot,-test-/marshal/compat,-test-/marshal/internal_ivar,-test-/marshal/usr,-test-/memory_status,-test-/method,-test-/notimplement,-test-/num2int,-test-/path_to_class,-test-/popen_deadlock,-test-/postponed_job,-test-/printf,-test-/proc,-test-/rational,-test-/recursion,-test-/st/foreach,-test-/st/numhash,-test-/st/update,-test-/string,-test-/struct,-test-/symbol,-test-/time,-test-/tracepoint,-test-/typeddata,-test-/vm,-test-/wait_for_single_fd,-test-/win32/console,-test-/win32/dln,-test-/win32/fd_setsize,bigdecimal,cgi/escape,continuation,coverage,etc,fcntl,fiddle,io/console,json,json/generator,json/parser,mathn/complex,mathn/rational,nkf,objspace,pty,racc/cparse,rbconfig/sizeof,readline,rubyvm,syslog,win32,win32ole,win32/resolv - -# Does not compile with this. Workaround is --without-gmp -# https://bugs.ruby-lang.org/issues/11940 - #--with-static-linked-ext \ - -# even not used, host build with restricted exts results in gems not being -# compiled for target (probably some cross compiling problem like checking -# host for selecting target features) -# --with-out-ext \ -# --with-ext=thread,stringio \ + --with-static-linked-ext \ + --with-out-ext=-test-/*,bigdecimal,cgi/escape,continuation,coverage,etc,fcntl,fiddle,io/console,json,json/generator,json/parser,mathn/complex,mathn/rational,nkf,objspace,pty,racc/cparse,rbconfig/sizeof,readline,rubyvm,syslog,win32,win32ole,win32/resolv HOST_BUILD_DEPENDS:=yaml/host From 786b3b9e9c55ea12c874ca8f425e97fbe72ada9c Mon Sep 17 00:00:00 2001 From: Luiz Angelo Daros de Luca Date: Tue, 25 Apr 2023 13:48:22 -0300 Subject: [PATCH 09/15] yaml: only build static library Do not build shared libraries to avoid host programs to dynamic link libraries at non-standard paths. Signed-off-by: Luiz Angelo Daros de Luca --- libs/yaml/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libs/yaml/Makefile b/libs/yaml/Makefile index fd2f28a23..bc1da7573 100644 --- a/libs/yaml/Makefile +++ b/libs/yaml/Makefile @@ -36,6 +36,8 @@ endef TARGET_CFLAGS += $(FPIC) +HOST_CONFIGURE_ARGS += --disable-shared + define Build/InstallDev $(INSTALL_DIR) $(1)/usr/include $(CP) $(PKG_INSTALL_DIR)/usr/include/yaml.h $(1)/usr/include/ From 37c6617f76ce114cbd6183c03f279fa164a666f3 Mon Sep 17 00:00:00 2001 From: Nick Hainke Date: Thu, 6 Apr 2023 08:23:52 +0200 Subject: [PATCH 10/15] kmod: update to 30 Release Notes: - https://github.com/kmod-project/kmod/releases/tag/v28 - https://github.com/kmod-project/kmod/releases/tag/v29 - https://github.com/kmod-project/kmod/releases/tag/v30 Signed-off-by: Nick Hainke --- utils/kmod/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/utils/kmod/Makefile b/utils/kmod/Makefile index 916839656..ed9a6a198 100644 --- a/utils/kmod/Makefile +++ b/utils/kmod/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=kmod -PKG_VERSION:=27 -PKG_RELEASE:=2 +PKG_VERSION:=30 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@KERNEL/linux/utils/kernel/kmod -PKG_HASH:=c1d3fbf16ca24b95f334c1de1b46f17bbe5a10b0e81e72668bdc922ebffbbc0c +PKG_HASH:=f897dd72698dc6ac1ef03255cd0a5734ad932318e4adbaebc7338ef2f5202f9f PKG_MAINTAINER:=Jeff Waugh PKG_LICENSE:=LGPL-2.1-or-later From 10424ab9bf45e4a260b24f64d315b1d05d186750 Mon Sep 17 00:00:00 2001 From: Nick Hainke Date: Tue, 25 Apr 2023 23:30:11 +0200 Subject: [PATCH 11/15] gzip: update to 1.12 Release Notes: https://lists.gnu.org/archive/html/info-gnu/2022-04/msg00003.html Fixes: CVE-2022-1271 Signed-off-by: Nick Hainke --- utils/gzip/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/gzip/Makefile b/utils/gzip/Makefile index 0e06ac440..a4ba21282 100644 --- a/utils/gzip/Makefile +++ b/utils/gzip/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=gzip -PKG_VERSION:=1.11 +PKG_VERSION:=1.12 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@GNU/gzip -PKG_HASH:=9b9a95d68fdcb936849a4d6fada8bf8686cddf58b9b26c9c4289ed0c92a77907 +PKG_HASH:=ce5e03e519f637e1f814011ace35c4f87b33c0bbabeec35baf5fbd3479e91956 PKG_LICENSE:=GPL-3.0-or-later PKG_CPE_ID:=cpe:/a:gnu:gzip From bf006f137b6ce643890be1a4c0d34f07ba38b442 Mon Sep 17 00:00:00 2001 From: Nick Hainke Date: Wed, 26 Apr 2023 08:10:38 +0200 Subject: [PATCH 12/15] iperf: update to 2.1.9 Changelog can be found here: https://sourceforge.net/projects/iperf2/files/ Signed-off-by: Nick Hainke --- net/iperf/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/iperf/Makefile b/net/iperf/Makefile index 159e1b1c2..1f17f6b32 100644 --- a/net/iperf/Makefile +++ b/net/iperf/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=iperf -PKG_VERSION:=2.1.8 -PKG_RELEASE:=3 +PKG_VERSION:=2.1.9 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_HASH:=8e2cf2fbc9d0d4d1cf9d109b1e328459f9622993dc9a4c5a7dc8a2088fb7beaf +PKG_HASH:=5c0771aab00ef14520013aef01675977816e23bb8f5d9fde016f90eb2f1be788 PKG_SOURCE_URL:=@SF/iperf2 PKG_MAINTAINER:=Felix Fietkau From 42d340bce0106538888f9e942dc3dd6f7f9e62ff Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Wed, 26 Apr 2023 11:35:19 +0800 Subject: [PATCH 13/15] librespeed-go: update file permissions for ujail This fixes "permission denied" error when access files as a normal user. Reported-by: Anya Lin Signed-off-by: Tianling Shen --- net/librespeed-go/Makefile | 2 +- net/librespeed-go/files/librespeed-go.init | 46 ++++++++++++++-------- 2 files changed, 31 insertions(+), 17 deletions(-) diff --git a/net/librespeed-go/Makefile b/net/librespeed-go/Makefile index 8ff5570a1..ddef5b563 100644 --- a/net/librespeed-go/Makefile +++ b/net/librespeed-go/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=librespeed-go PKG_VERSION:=1.1.5 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/librespeed/speedtest-go/tar.gz/v$(PKG_VERSION)? diff --git a/net/librespeed-go/files/librespeed-go.init b/net/librespeed-go/files/librespeed-go.init index 484a283db..13c333c1a 100644 --- a/net/librespeed-go/files/librespeed-go.init +++ b/net/librespeed-go/files/librespeed-go.init @@ -8,6 +8,31 @@ CONF="librespeed-go" PROG="/usr/bin/librespeed-go" TMPCONF="/var/run/$CONF/settings.json" +mount_jail_file() { + local cfg="$1" + local isdir="${2:-0}" + local rw="${3:-0}" + + local value + config_get value "config" "$cfg" + [ -n "$value" ] || return 1 + + if [ "$isdir" = "1" ]; then + mkdir -p "$value" + chown -R librespeed "$value" + else + mkdir -p "${value%/*}" + touch "$value" + chown librespeed "$value" + fi + + if [ "$rw" = "1" ]; then + procd_add_jail_mount_rw "$value" + else + procd_add_jail_mount "$value" + fi +} + start_service() { config_load "$CONF" @@ -32,14 +57,7 @@ start_service() { } config_load "$CONF" json_dump > "$TMPCONF" - - local database_file - config_get database_file "config" "database_file" - if [ -n "$database_file" ]; then - mkdir -p "${database_file%/*}" - touch "$database_file" - chown librespeed "$database_file" - fi + chown librespeed "$TMPCONF" procd_open_instance "$CONF" procd_set_param command "$PROG" @@ -53,15 +71,11 @@ start_service() { procd_add_jail "$CONF" log procd_add_jail_mount "$TMPCONF" - [ -z "$database_file" ] || procd_add_jail_mount_rw "$database_file" - local assets_path tls_cert_file tls_key_file - config_get assets_path "config" "assets_path" - config_get tls_cert_file "config" "tls_cert_file" - config_get tls_key_file "config" "tls_key_file" - [ -z "$assets_path" ] || procd_add_jail_mount "$assets_path" - [ -z "$tls_cert_file" ] || procd_add_jail_mount "$tls_cert_file" - [ -z "$tls_key_file" ] || procd_add_jail_mount "$tls_key_file" + mount_jail_file "assets_path" "1" + mount_jail_file "database_file" "0" "1" + mount_jail_file "tls_cert_file" + mount_jail_file "tls_key_file" procd_close_instance } From 34842c2233904036511660958fbbb90c2780b236 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Wed, 26 Apr 2023 08:00:10 +0800 Subject: [PATCH 14/15] pcre2: only build static library for host Fix potential linking issue: ``` /mnt/snapshot/staging_dir/hostpkg/bin/swig: error while loading shared libraries: libpcre2-8.so.0: cannot open shared object file: No such file or directory error: command '/mnt/snapshot/staging_dir/hostpkg/bin/swig' failed with exit code 127 ``` Signed-off-by: Tianling Shen --- libs/pcre2/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libs/pcre2/Makefile b/libs/pcre2/Makefile index 8abdd5d71..ca761cc36 100644 --- a/libs/pcre2/Makefile +++ b/libs/pcre2/Makefile @@ -57,7 +57,7 @@ define Package/libpcre2-32 endef CMAKE_HOST_OPTIONS += \ - -DBUILD_SHARED_LIBS=ON \ + -DBUILD_SHARED_LIBS=OFF \ -DPCRE2_BUILD_PCRE2_8=ON \ -DPCRE2_BUILD_PCRE2_16=ON \ -DPCRE2_BUILD_PCRE2_32=ON \ From 1bfd2f7adeaafb317345af41f472564d9ae28a79 Mon Sep 17 00:00:00 2001 From: Nick Hainke Date: Wed, 26 Apr 2023 08:21:25 +0200 Subject: [PATCH 15/15] iperf3: update to 3.13 Release Notes: https://software.es.net/iperf/news.html#iperf-3-13-released Signed-off-by: Nick Hainke --- net/iperf3/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/iperf3/Makefile b/net/iperf3/Makefile index 5f9e96cd1..c7133bd56 100644 --- a/net/iperf3/Makefile +++ b/net/iperf3/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=iperf -PKG_VERSION:=3.12 +PKG_VERSION:=3.13 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://downloads.es.net/pub/iperf -PKG_HASH:=72034ecfb6a7d6d67e384e19fb6efff3236ca4f7ed4c518d7db649c447e1ffd6 +PKG_HASH:=bee427aeb13d6a2ee22073f23261f63712d82befaa83ac8cb4db5da4c2bdc865 PKG_MAINTAINER:=Felix Fietkau PKG_LICENSE:=BSD-3-Clause