From 1db2070f0092ea4675e04913e97f76a3fb1e6691 Mon Sep 17 00:00:00 2001 From: Michael Heimpold Date: Wed, 14 Jun 2023 08:43:04 +0200 Subject: [PATCH 01/90] php8: update to 8.2.7 Signed-off-by: Michael Heimpold --- lang/php8/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/php8/Makefile b/lang/php8/Makefile index fbe33886c..7c01b6c72 100644 --- a/lang/php8/Makefile +++ b/lang/php8/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=php -PKG_VERSION:=8.2.6 +PKG_VERSION:=8.2.7 PKG_RELEASE:=1 PKG_MAINTAINER:=Michael Heimpold @@ -16,7 +16,7 @@ PKG_CPE_ID:=cpe:/a:php:php PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://www.php.net/distributions/ -PKG_HASH:=10b796f0ed45574229851212b30a596a76e70ae365322bcaaaf9c00fa7d58cca +PKG_HASH:=4b9fb3dcd7184fe7582d7e44544ec7c5153852a2528de3b6754791258ffbdfa0 PKG_BUILD_PARALLEL:=1 PKG_BUILD_FLAGS:=no-mips16 From 4a5dc03ddb8fb19c02ee698a4614e40faa25741e Mon Sep 17 00:00:00 2001 From: "W. Michael Petullo" Date: Wed, 14 Jun 2023 19:18:40 -0500 Subject: [PATCH 02/90] krb5: update to 1.21 Signed-off-by: W. Michael Petullo --- net/krb5/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/krb5/Makefile b/net/krb5/Makefile index e02337b50..c3d0e5fd6 100644 --- a/net/krb5/Makefile +++ b/net/krb5/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=krb5 -PKG_VERSION:=1.20.1 +PKG_VERSION:=1.21 PKG_RELEASE:=1 PKG_MAINTAINER:=W. Michael Petullo @@ -18,8 +18,8 @@ PKG_LICENSE_FILES:=NOTICE PKG_CPE_ID:=cpe:/a:mit:kerberos PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=https://web.mit.edu/kerberos/dist/krb5/1.20 -PKG_HASH:=704aed49b19eb5a7178b34b2873620ec299db08752d6a8574f95d41879ab8851 +PKG_SOURCE_URL:=https://web.mit.edu/kerberos/dist/krb5/1.21 +PKG_HASH:=69f8aaff85484832df67a4bbacd99b9259bd95aab8c651fbbe65cdc9620ea93b PKG_BUILD_PARALLEL:=1 PKG_INSTALL:=1 From 660556f5bf34266f8556fd3fd3b5c25231610a26 Mon Sep 17 00:00:00 2001 From: Hirokazu MORIKAWA Date: Thu, 15 Jun 2023 10:30:22 +0900 Subject: [PATCH 03/90] icu: bump to 73.2 ICU 73.2 updates to CLDR 43.1 locale data. These are maintenance releases for ICU 73 and CLDR 43, with limited sets of bug fixes and no API or structural changes. Signed-off-by: Hirokazu MORIKAWA --- libs/icu/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libs/icu/Makefile b/libs/icu/Makefile index cc6b86fc3..310dc354c 100644 --- a/libs/icu/Makefile +++ b/libs/icu/Makefile @@ -9,13 +9,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=icu4c MAJOR_VERSION:=73 -MINOR_VERSION:=1 +MINOR_VERSION:=2 PKG_VERSION:=$(MAJOR_VERSION).$(MINOR_VERSION) PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(MAJOR_VERSION)_$(MINOR_VERSION)-src.tgz PKG_SOURCE_URL:=https://github.com/unicode-org/icu/releases/download/release-$(MAJOR_VERSION)-$(MINOR_VERSION) -PKG_HASH:=a457431de164b4aa7eca00ed134d00dfbf88a77c6986a10ae7774fc076bb8c45 +PKG_HASH:=818a80712ed3caacd9b652305e01afc7fa167e6f2e94996da44b90c2ab604ce1 PKG_LICENSE:=ICU PKG_LICENSE_FILES:=LICENSE From e66fead6d479b5870280918ea42160c7dd0fc532 Mon Sep 17 00:00:00 2001 From: Florian Eckert Date: Thu, 15 Jun 2023 14:31:51 +0200 Subject: [PATCH 04/90] modemmanager: do not cache virtual device events On small systems with many virtual devices, the modem manager sometimes could not start because it took too long until all devices for the modem were recognised. This is because all system events that are stored in the file events.cache have to be processed. To speed up the processing, all devices under /sys/devices/virtual are now filtered out so that they do not have to be processed. Signed-off-by: Florian Eckert --- net/modemmanager/Makefile | 2 +- net/modemmanager/files/modemmanager.common | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/net/modemmanager/Makefile b/net/modemmanager/Makefile index a79f65f67..b6063fb85 100644 --- a/net/modemmanager/Makefile +++ b/net/modemmanager/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=modemmanager PKG_SOURCE_VERSION:=1.20.6 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://gitlab.freedesktop.org/mobile-broadband/ModemManager.git diff --git a/net/modemmanager/files/modemmanager.common b/net/modemmanager/files/modemmanager.common index 6367eb32b..a931717fd 100644 --- a/net/modemmanager/files/modemmanager.common +++ b/net/modemmanager/files/modemmanager.common @@ -273,6 +273,14 @@ mm_report_event() { local subsystem="$3" local sysfspath="$4" + # Do not save virtual devices + local virtual + virtual="$(echo "$sysfspath" | cut -d'/' -f4)" + [ "$virtual" = "virtual" ] && { + mm_log "debug" "sysfspath is a virtual device ($sysfspath)" + return + } + # Track/untrack events in cache case "${action}" in "add") From fd63e400ba1c2cf7242517ebb5675bfdcd22fc3f Mon Sep 17 00:00:00 2001 From: Florian Eckert Date: Thu, 15 Jun 2023 15:38:34 +0200 Subject: [PATCH 05/90] modemmanager: if an alias name is used do not check sysfs path If an alias name is used for the modem, then a check if the device exists in sysfs does not work. To fix this remove the check if the sysfs device exists. The protocoll handler already checks if the modem is responsible for this device on the next line. Signed-off-by: Florian Eckert --- net/modemmanager/Makefile | 2 +- net/modemmanager/files/modemmanager.proto | 5 ----- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/net/modemmanager/Makefile b/net/modemmanager/Makefile index b6063fb85..3c021b44d 100644 --- a/net/modemmanager/Makefile +++ b/net/modemmanager/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=modemmanager PKG_SOURCE_VERSION:=1.20.6 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://gitlab.freedesktop.org/mobile-broadband/ModemManager.git diff --git a/net/modemmanager/files/modemmanager.proto b/net/modemmanager/files/modemmanager.proto index e6ec9e203..2a61f5178 100755 --- a/net/modemmanager/files/modemmanager.proto +++ b/net/modemmanager/files/modemmanager.proto @@ -368,11 +368,6 @@ proto_modemmanager_setup() { proto_set_available "${interface}" 0 return 1 } - [ -e "${device}" ] || { - echo "Device not found in sysfs" - proto_set_available "${interface}" 0 - return 1 - } # validate that ModemManager is handling the modem at the sysfs path modemstatus=$(mmcli --modem="${device}" --output-keyvalue) From 7f8aea6d8682ff3b9a322c588726d150d7317c8f Mon Sep 17 00:00:00 2001 From: Philip Prindeville Date: Thu, 15 Jun 2023 12:48:00 -0600 Subject: [PATCH 06/90] strongswan: make parsing more consistent Signed-off-by: Philip Prindeville --- net/strongswan/Makefile | 2 +- net/strongswan/files/swanctl.init | 167 ++++++++++++++++-------------- 2 files changed, 88 insertions(+), 81 deletions(-) diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile index b05b42501..3fcc9f309 100644 --- a/net/strongswan/Makefile +++ b/net/strongswan/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=strongswan PKG_VERSION:=5.9.10 -PKG_RELEASE:=5 +PKG_RELEASE:=6 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/ diff --git a/net/strongswan/files/swanctl.init b/net/strongswan/files/swanctl.init index e05c7228d..dcc065d2e 100644 --- a/net/strongswan/files/swanctl.init +++ b/net/strongswan/files/swanctl.init @@ -154,14 +154,16 @@ is_aead() { return 1 } -add_esp_proposal() { +config_esp_proposal() { + local conf="$1" + local encryption_algorithm local hash_algorithm local dh_group - config_get encryption_algorithm "$1" encryption_algorithm - config_get hash_algorithm "$1" hash_algorithm - config_get dh_group "$1" dh_group + config_get encryption_algorithm "$conf" encryption_algorithm + config_get hash_algorithm "$conf" hash_algorithm + config_get dh_group "$conf" dh_group # check for AEAD and clobber hash_algorithm if set if is_aead "$encryption_algorithm" && [ -n "$hash_algorithm" ]; then @@ -173,27 +175,29 @@ add_esp_proposal() { crypto="${crypto:+${crypto},}${encryption_algorithm}${hash_algorithm:+-${hash_algorithm}}${dh_group:+-${dh_group}}" } -parse_esp_proposal() { +iter_esp_proposal() { local conf="$1" local var="$2" local crypto="" - config_list_foreach "$conf" crypto_proposal add_esp_proposal + config_list_foreach "$conf" crypto_proposal config_esp_proposal export -n "$var=$crypto" } -add_ike_proposal() { +config_ike_proposal() { + local conf="$1" + local encryption_algorithm local hash_algorithm local dh_group local prf_algorithm - config_get encryption_algorithm "$1" encryption_algorithm - config_get hash_algorithm "$1" hash_algorithm - config_get dh_group "$1" dh_group - config_get prf_algorithm "$1" prf_algorithm + config_get encryption_algorithm "$conf" encryption_algorithm + config_get hash_algorithm "$conf" hash_algorithm + config_get dh_group "$conf" dh_group + config_get prf_algorithm "$conf" prf_algorithm # check for AEAD and clobber hash_algorithm if set if is_aead "$encryption_algorithm" && [ -n "$hash_algorithm" ]; then @@ -205,20 +209,20 @@ add_ike_proposal() { crypto="${crypto:+${crypto},}${encryption_algorithm}${hash_algorithm:+-${hash_algorithm}}${prf_algorithm:+-${prf_algorithm}}${dh_group:+-${dh_group}}" } -parse_ike_proposal() { +iter_ike_proposal() { local conf="$1" local var="$2" local crypto="" - config_list_foreach "$conf" crypto_proposal add_ike_proposal + config_list_foreach "$conf" crypto_proposal config_ike_proposal export -n "$var=$crypto" } config_child() { # Generic ipsec conn section shared by tunnel and transport - local config_name="$1" + local conf="$1" local mode="$2" local hw_offload @@ -241,29 +245,29 @@ config_child() { local rekeypackets local lifepackets - config_get startaction "$1" startaction "route" - config_get local_nat "$1" local_nat "" - config_get updown "$1" updown "" - config_get firewall "$1" firewall "" - config_get lifetime "$1" lifetime "" - config_get dpdaction "$1" dpdaction "none" - config_get closeaction "$1" closeaction "none" - config_get if_id "$1" if_id "" - config_get rekeytime "$1" rekeytime "" - config_get_bool ipcomp "$1" ipcomp 0 - config_get interface "$1" interface "" - config_get hw_offload "$1" hw_offload "" - config_get priority "$1" priority "" - config_get rekeybytes "$1" rekeybytes "" - config_get lifebytes "$1" lifebytes "" - config_get rekeypackets "$1" rekeypackets "" - config_get lifepackets "$1" lifepackets "" + config_get startaction "$conf" startaction "route" + config_get local_nat "$conf" local_nat "" + config_get updown "$conf" updown "" + config_get firewall "$conf" firewall "" + config_get lifetime "$conf" lifetime "" + config_get dpdaction "$conf" dpdaction "none" + config_get closeaction "$conf" closeaction "none" + config_get if_id "$conf" if_id "" + config_get rekeytime "$conf" rekeytime "" + config_get_bool ipcomp "$conf" ipcomp 0 + config_get interface "$conf" interface "" + config_get hw_offload "$conf" hw_offload "" + config_get priority "$conf" priority "" + config_get rekeybytes "$conf" rekeybytes "" + config_get lifebytes "$conf" lifebytes "" + config_get rekeypackets "$conf" rekeypackets "" + config_get lifepackets "$conf" lifepackets "" - config_list_foreach "$1" local_subnet append_var local_subnet "," - config_list_foreach "$1" remote_subnet append_var remote_subnet "," + config_list_foreach "$conf" local_subnet append_var local_subnet "," + config_list_foreach "$conf" remote_subnet append_var remote_subnet "," local esp_proposal - parse_esp_proposal "$1" esp_proposal + iter_esp_proposal "$conf" esp_proposal # translate from ipsec to swanctl case "$startaction" in @@ -329,7 +333,7 @@ config_child() { [ -n "$local_nat" ] && local_subnet="$local_nat" - swanctl_xappend3 "$config_name {" + swanctl_xappend3 "$conf {" [ -n "$local_subnet" ] && swanctl_xappend4 "local_ts = $local_subnet" [ -n "$remote_subnet" ] && swanctl_xappend4 "remote_ts = $remote_subnet" @@ -380,6 +384,7 @@ config_transport() { config_pool() { local conf="$1" + local addrs local dns local nbns @@ -390,15 +395,15 @@ config_pool() { local split_include local split_exclude - config_get addrs "$1" addrs - config_list_foreach "$1" dns append_var dns "," - config_list_foreach "$1" nbns append_var nbns "," - config_list_foreach "$1" dhcp append_var dhcp "," - config_list_foreach "$1" netmask append_var netmask "," - config_list_foreach "$1" server append_var server "," - config_list_foreach "$1" subnet append_var subnet "," - config_list_foreach "$1" split_include append_var split_include "," - config_list_foreach "$1" split_exclude append_var split_exclude "," + config_get addrs "$conf" addrs + config_list_foreach "$conf" dns append_var dns "," + config_list_foreach "$conf" nbns append_var nbns "," + config_list_foreach "$conf" dhcp append_var dhcp "," + config_list_foreach "$conf" netmask append_var netmask "," + config_list_foreach "$conf" server append_var server "," + config_list_foreach "$conf" subnet append_var subnet "," + config_list_foreach "$conf" split_include append_var split_include "," + config_list_foreach "$conf" split_exclude append_var split_exclude "," swanctl_xappend1 "$conf {" [ -n "$addrs" ] && swanctl_xappend2 "addrs = $addrs" @@ -413,8 +418,8 @@ config_pool() { swanctl_xappend1 "}" } -config_connection() { - local config_name="$1" +config_remote() { + local conf="$1" local enabled local gateway @@ -436,30 +441,30 @@ config_connection() { local remote_ca_certs local pools - config_get_bool enabled "$1" enabled 0 + config_get_bool enabled "$conf" enabled 0 [ $enabled -eq 0 ] && return - config_get gateway "$1" gateway - config_get pre_shared_key "$1" pre_shared_key - config_get auth_method "$1" authentication_method - config_get local_identifier "$1" local_identifier "" - config_get remote_identifier "$1" remote_identifier "" - config_get local_ip "$1" local_ip "%any" - config_get keyingtries "$1" keyingtries "3" - config_get dpddelay "$1" dpddelay "30s" - config_get inactivity "$1" inactivity - config_get keyexchange "$1" keyexchange "ikev2" - config_get fragmentation "$1" fragmentation "yes" - config_get_bool mobike "$1" mobike 1 - config_get local_cert "$1" local_cert "" - config_get local_key "$1" local_key "" - config_get ca_cert "$1" ca_cert "" - config_get rekeytime "$1" rekeytime - config_get overtime "$1" overtime + config_get gateway "$conf" gateway + config_get pre_shared_key "$conf" pre_shared_key + config_get auth_method "$conf" authentication_method + config_get local_identifier "$conf" local_identifier "" + config_get remote_identifier "$conf" remote_identifier "" + config_get local_ip "$conf" local_ip "%any" + config_get keyingtries "$conf" keyingtries "3" + config_get dpddelay "$conf" dpddelay "30s" + config_get inactivity "$conf" inactivity + config_get keyexchange "$conf" keyexchange "ikev2" + config_get fragmentation "$conf" fragmentation "yes" + config_get_bool mobike "$conf" mobike 1 + config_get local_cert "$conf" local_cert "" + config_get local_key "$conf" local_key "" + config_get ca_cert "$conf" ca_cert "" + config_get rekeytime "$conf" rekeytime + config_get overtime "$conf" overtime - config_list_foreach "$1" local_sourceip append_var local_sourceip "," - config_list_foreach "$1" remote_ca_certs append_var remote_ca_certs "," - config_list_foreach "$1" pools append_var pools "," + config_list_foreach "$conf" local_sourceip append_var local_sourceip "," + config_list_foreach "$conf" remote_ca_certs append_var remote_ca_certs "," + config_list_foreach "$conf" pools append_var pools "," case "$fragmentation" in 0) @@ -485,7 +490,7 @@ config_connection() { fi local ike_proposal - parse_ike_proposal "$1" ike_proposal + iter_ike_proposal "$conf" ike_proposal [ -n "$firewall" ] && fatal "Firewall not supported" @@ -505,9 +510,9 @@ config_connection() { fi fi - swanctl_xappend0 "# config for $config_name" + swanctl_xappend0 "# config for $conf" swanctl_xappend0 "connections {" - swanctl_xappend1 "$config_name {" + swanctl_xappend1 "$conf {" swanctl_xappend2 "local_addrs = $local_ip" swanctl_xappend2 "remote_addrs = $remote_gateway" @@ -531,9 +536,9 @@ config_connection() { swanctl_xappend2 "children {" - config_list_foreach "$1" tunnel config_tunnel + config_list_foreach "$conf" tunnel config_tunnel - config_list_foreach "$1" transport config_transport + config_list_foreach "$conf" transport config_transport swanctl_xappend2 "}" @@ -573,7 +578,7 @@ config_connection() { if [ -n "$ca_cert" ]; then swanctl_xappend0 "authorities {" - swanctl_xappend1 "$config_name {" + swanctl_xappend1 "$conf {" swanctl_xappend2 "cacert = $ca_cert" swanctl_xappend1 "}" swanctl_xappend0 "}" @@ -583,7 +588,7 @@ config_connection() { swanctl_xappend0 "" swanctl_xappend0 "secrets {" - swanctl_xappend1 "ike-$config_name {" + swanctl_xappend1 "ike-$conf {" swanctl_xappend2 "secret = $pre_shared_key" if [ -n "$local_identifier" ]; then swanctl_xappend2 "id1 = $local_identifier" @@ -598,7 +603,7 @@ config_connection() { fi swanctl_xappend0 "pools {" - config_list_foreach "$1" pools config_pool + config_list_foreach "$conf" pools config_pool swanctl_xappend0 "}" swanctl_xappend0 "" @@ -609,18 +614,20 @@ do_preamble() { } config_ipsec() { + local conf="$1" + local rtinstall_enabled local routing_table local routing_table_id local interface local interface_list - config_get debug "$1" debug 0 - config_get_bool rtinstall_enabled "$1" rtinstall_enabled 1 + config_get debug "$conf" debug 0 + config_get_bool rtinstall_enabled "$conf" rtinstall_enabled 1 [ $rtinstall_enabled -eq 1 ] && install_routes=yes || install_routes=no # prepare extra charon config option ignore_routing_tables - for routing_table in $(config_get "$1" "ignore_routing_tables"); do + for routing_table in $(config_get "$conf" "ignore_routing_tables"); do if [ "$routing_table" -ge 0 ] 2>/dev/null; then routing_table_id=$routing_table else @@ -630,7 +637,7 @@ config_ipsec() { [ -n "$routing_table_id" ] && append routing_tables_ignored "$routing_table_id" done - config_list_foreach "$1" interface append_var interface_list + config_list_foreach "$conf" interface append_var interface_list if [ -z "$interface_list" ]; then WAIT_FOR_INTF=0 @@ -673,7 +680,7 @@ prepare_env() { config_load ipsec config_foreach config_ipsec ipsec - config_foreach config_connection remote + config_foreach config_remote remote do_postamble } From 21538459c2fb00339d718037aac6d5605328b139 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Sun, 11 Jun 2023 13:26:27 +0800 Subject: [PATCH 07/90] collectd: change references from armvirt to armsr armvirt target has been renamed to armsr (Arm SystemReady) [1], so the dependency need to be changed as well. 1. https://github.com/openwrt/openwrt/commit/40b02a230167626def69389452f19b7109aaeac1 Signed-off-by: Tianling Shen --- utils/collectd/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/collectd/Makefile b/utils/collectd/Makefile index f6d28ee85..63f1b6280 100644 --- a/utils/collectd/Makefile +++ b/utils/collectd/Makefile @@ -459,7 +459,7 @@ $(eval $(call BuildPlugin,chrony,chrony status input,chrony,)) $(eval $(call BuildPlugin,conntrack,connection tracking table size input,conntrack,)) $(eval $(call BuildPlugin,contextswitch,context switch input,contextswitch,)) $(eval $(call BuildPlugin,cpu,CPU input,cpu,)) -$(eval $(call BuildPlugin,cpufreq,CPU Freq input,cpufreq,@(TARGET_x86||TARGET_x86_64||TARGET_mvebu||TARGET_ipq806x||TARGET_armvirt||TARGET_ipq40xx||TARGET_bcm27xx_bcm2709||TARGET_rockchip||TARGET_mediatek||TARGET_ipq807x))) # Only enable on targets with CPUs supporting frequency scaling +$(eval $(call BuildPlugin,cpufreq,CPU Freq input,cpufreq,@(TARGET_x86||TARGET_x86_64||TARGET_mvebu||TARGET_ipq806x||TARGET_armsr||TARGET_ipq40xx||TARGET_bcm27xx_bcm2709||TARGET_rockchip||TARGET_mediatek||TARGET_ipq807x))) # Only enable on targets with CPUs supporting frequency scaling $(eval $(call BuildPlugin,csv,CSV output,csv,)) $(eval $(call BuildPlugin,curl,cURL input,curl,+PACKAGE_collectd-mod-curl:libcurl)) #$(eval $(call BuildPlugin,dbi,relational database input,dbi,+PACKAGE_collectd-mod-dbi:libdbi)) From e007556915a8528986539e6c1c9a40d938c757cb Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Sun, 11 Jun 2023 13:26:34 +0800 Subject: [PATCH 08/90] qemu: change references from armvirt to armsr armvirt target has been renamed to armsr (Arm SystemReady) [1], so the dependency need to be changed as well. https://github.com/openwrt/openwrt/commit/40b02a230167626def69389452f19b7109aaeac1 Signed-off-by: Tianling Shen --- utils/qemu/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/qemu/Makefile b/utils/qemu/Makefile index 509b03f38..bee745052 100644 --- a/utils/qemu/Makefile +++ b/utils/qemu/Makefile @@ -28,7 +28,7 @@ PKG_BUILD_DEPENDS+=spice-protocol include $(INCLUDE_DIR)/nls.mk include $(INCLUDE_DIR)/package.mk -QEMU_DEPS_IN_GUEST := @(TARGET_x86_64||TARGET_armvirt||TARGET_malta) +QEMU_DEPS_IN_GUEST := @(TARGET_x86_64||TARGET_armsr||TARGET_malta) QEMU_DEPS_IN_HOST := @(TARGET_x86_64||TARGET_sunxi) QEMU_DEPS_IN_HOST += +libstdcpp QEMU_DEPS_IN_HOST += $(ICONV_DEPENDS) From bf88b371c5be3513b26592d6056a7de0419b0d87 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Sun, 11 Jun 2023 13:28:03 +0800 Subject: [PATCH 09/90] CI: update build architectures - armvirt target has been renamed to armsr (Arm SystemReady) [1]. - armsr-armv8 has been switched to aarch64_generic architecture [2]. 1. https://github.com/openwrt/openwrt/commit/40b02a230167626def69389452f19b7109aaeac1 2. https://github.com/openwrt/openwrt/commit/e0f06ddc23b2503a1791ae7e97b02e2647e8a70d Signed-off-by: Tianling Shen --- .github/workflows/multi-arch-test-build.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/multi-arch-test-build.yml b/.github/workflows/multi-arch-test-build.yml index c1d2df73f..57182b96b 100644 --- a/.github/workflows/multi-arch-test-build.yml +++ b/.github/workflows/multi-arch-test-build.yml @@ -15,12 +15,12 @@ jobs: fail-fast: false matrix: include: - - arch: aarch64_cortex-a53 - target: mvebu-cortexa53 + - arch: aarch64_generic + target: armsr-armv8 runtime_test: true - arch: arm_cortex-a15_neon-vfpv4 - target: armvirt-32 + target: armsr-armv7 runtime_test: true - arch: arm_cortex-a9_vfpv3-d16 From 73ee68a5970d1618cdb580001969d13a82e1e76d Mon Sep 17 00:00:00 2001 From: Vladimir Ermakov Date: Mon, 12 Jun 2023 14:56:58 +0200 Subject: [PATCH 10/90] qemu: update to 8.0.2 Update version and refresh patches. Signed-off-by: Vladimir Ermakov --- utils/qemu/Makefile | 4 ++-- .../patches/0001-configure-allow-disable-fortify_source.patch | 2 +- utils/qemu/patches/0010-no-tests.patch | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/utils/qemu/Makefile b/utils/qemu/Makefile index bee745052..ba6da4e1c 100644 --- a/utils/qemu/Makefile +++ b/utils/qemu/Makefile @@ -9,10 +9,10 @@ include $(TOPDIR)/rules.mk PKG_NAME:=qemu -PKG_VERSION:=8.0.0 +PKG_VERSION:=8.0.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_HASH:=bb60f0341531181d6cc3969dd19a013d0427a87f918193970d9adb91131e56d0 +PKG_HASH:=f060abd435fbe6794125e2c398568ffc3cfa540042596907a8b18edca34cf6a5 PKG_SOURCE_URL:=http://download.qemu.org/ PKG_LICENSE:=GPL-2.0-only PKG_LICENSE_FILES:=LICENSE tcg/LICENSE diff --git a/utils/qemu/patches/0001-configure-allow-disable-fortify_source.patch b/utils/qemu/patches/0001-configure-allow-disable-fortify_source.patch index 42d41305e..434b3d15a 100644 --- a/utils/qemu/patches/0001-configure-allow-disable-fortify_source.patch +++ b/utils/qemu/patches/0001-configure-allow-disable-fortify_source.patch @@ -11,7 +11,7 @@ OpenWrt base build system decide flavor of fortify_source to use --- a/configure +++ b/configure -@@ -895,6 +895,8 @@ for opt do +@@ -896,6 +896,8 @@ for opt do ;; --disable-vfio-user-server) vfio_user_server="disabled" ;; diff --git a/utils/qemu/patches/0010-no-tests.patch b/utils/qemu/patches/0010-no-tests.patch index c5e99a1bf..9c36a3914 100644 --- a/utils/qemu/patches/0010-no-tests.patch +++ b/utils/qemu/patches/0010-no-tests.patch @@ -1,6 +1,6 @@ --- a/meson.build +++ b/meson.build -@@ -3191,10 +3191,6 @@ subdir('common-user') +@@ -3192,10 +3192,6 @@ subdir('common-user') subdir('bsd-user') subdir('linux-user') @@ -11,7 +11,7 @@ # accel modules tcg_real_module_ss = ss.source_set() tcg_real_module_ss.add_all(when: 'CONFIG_TCG_MODULAR', if_true: tcg_module_ss) -@@ -3682,10 +3678,6 @@ subdir('scripts') +@@ -3687,10 +3683,6 @@ subdir('scripts') subdir('tools') subdir('pc-bios') subdir('docs') From 085dc8d965a4baa06e60845e98fa7e23869ad213 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Mon, 12 Jun 2023 11:28:52 -0300 Subject: [PATCH 11/90] gost_engine: disable tests, reset patches dir Tests are breaking compilation for mipsel targets because of the removal of the sysmips call. Let's just not build them. While at it, remove patches from 1.1 version and move the current ones to the default 'patches' directory. Signed-off-by: Eneas U de Queiroz --- libs/gost_engine/Makefile | 3 +- .../patches-1.1/010-openssl-deprecated.patch | 11 -- .../020-cmake-allow-cross-compile.patch | 0 .../030-dont-build-provider.patch | 0 .../patches/040-dont-build-tests.patch | 131 ++++++++++++++++++ 5 files changed, 132 insertions(+), 13 deletions(-) delete mode 100644 libs/gost_engine/patches-1.1/010-openssl-deprecated.patch rename libs/gost_engine/{patches-3 => patches}/020-cmake-allow-cross-compile.patch (100%) rename libs/gost_engine/{patches-3 => patches}/030-dont-build-provider.patch (100%) create mode 100644 libs/gost_engine/patches/040-dont-build-tests.patch diff --git a/libs/gost_engine/Makefile b/libs/gost_engine/Makefile index d15a36f39..dd13d4219 100644 --- a/libs/gost_engine/Makefile +++ b/libs/gost_engine/Makefile @@ -5,8 +5,7 @@ PKG_NAME:=gost_engine PKG_VERSION:=3.0.1 PKG_HASH:=bfeac85883724cfbe0ecc6d942ac0524b908143e019ab3d3b6abe47a3466a628 PKG_LICENSE:=Apache-2.0 -PATCH_DIR=./patches-3 -PKG_RELEASE:=8 +PKG_RELEASE:=9 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/gost-engine/engine/archive/v$(PKG_VERSION) diff --git a/libs/gost_engine/patches-1.1/010-openssl-deprecated.patch b/libs/gost_engine/patches-1.1/010-openssl-deprecated.patch deleted file mode 100644 index c28748a91..000000000 --- a/libs/gost_engine/patches-1.1/010-openssl-deprecated.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/gost_pmeth.c -+++ b/gost_pmeth.c -@@ -608,7 +608,7 @@ static int pkey_gost_mac_ctrl_str(EVP_PK - if (strcmp(type, hexkey_ctrl_string) == 0) { - long keylen; - int ret; -- unsigned char *keybuf = string_to_hex(value, &keylen); -+ unsigned char *keybuf = OPENSSL_hexstr2buf(value, &keylen); - if (!keybuf || keylen != 32) { - GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR, - GOST_R_INVALID_MAC_KEY_LENGTH); diff --git a/libs/gost_engine/patches-3/020-cmake-allow-cross-compile.patch b/libs/gost_engine/patches/020-cmake-allow-cross-compile.patch similarity index 100% rename from libs/gost_engine/patches-3/020-cmake-allow-cross-compile.patch rename to libs/gost_engine/patches/020-cmake-allow-cross-compile.patch diff --git a/libs/gost_engine/patches-3/030-dont-build-provider.patch b/libs/gost_engine/patches/030-dont-build-provider.patch similarity index 100% rename from libs/gost_engine/patches-3/030-dont-build-provider.patch rename to libs/gost_engine/patches/030-dont-build-provider.patch diff --git a/libs/gost_engine/patches/040-dont-build-tests.patch b/libs/gost_engine/patches/040-dont-build-tests.patch new file mode 100644 index 000000000..13caf6388 --- /dev/null +++ b/libs/gost_engine/patches/040-dont-build-tests.patch @@ -0,0 +1,131 @@ +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -213,128 +213,6 @@ set(GOST_PROV_SOURCE_FILES + gost_prov_mac.c + ) + +-set(TEST_ENVIRONMENT_COMMON +- CMAKE_CURRENT_SOURCE_DIR=${CMAKE_CURRENT_SOURCE_DIR} +- PERL5LIB=${CMAKE_CURRENT_SOURCE_DIR}/test +- OPENSSL_PROGRAM=${OPENSSL_PROGRAM} +- OPENSSL_CRYPTO_LIBRARY=${OPENSSL_CRYPTO_LIBRARY} +- ) +- +-set(TEST_ENVIRONMENT_ENGINE +- ${TEST_ENVIRONMENT_COMMON} +- OPENSSL_ENGINES=${CMAKE_RUNTIME_OUTPUT_DIRECTORY} +- OPENSSL_CONF=${CMAKE_CURRENT_SOURCE_DIR}/test/engine.cnf +- ) +- +-set(TEST_ENVIRONMENT_PROVIDER +- ${TEST_ENVIRONMENT_COMMON} +- OPENSSL_MODULES=${CMAKE_RUNTIME_OUTPUT_DIRECTORY} +- OPENSSL_CONF=${CMAKE_CURRENT_SOURCE_DIR}/test/provider.cnf +- ) +- +-add_executable(test_digest test_digest.c) +-target_link_libraries(test_digest OpenSSL::Crypto) +-add_test(NAME digest-with-engine COMMAND test_digest) +-set_tests_properties(digest-with-engine +- PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_ENGINE}") +-add_test(NAME digest-with-provider COMMAND test_digest) +-set_tests_properties(digest-with-provider +- PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_PROVIDER}") +- +-add_executable(test_ciphers test_ciphers.c) +-target_link_libraries(test_ciphers OpenSSL::Crypto) +-add_test(NAME ciphers-with-engine COMMAND test_ciphers) +-set_tests_properties(ciphers-with-engine +- PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_ENGINE}") +-add_test(NAME ciphers-with-provider COMMAND test_ciphers) +-set_tests_properties(ciphers-with-provider +- PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_PROVIDER}") +- +-# test_curves is an internals testing program, it doesn't need a test env +-add_executable(test_curves test_curves.c) +-target_link_libraries(test_curves gost_core gost_err) +-add_test(NAME curves COMMAND test_curves) +- +-add_executable(test_params test_params.c) +-target_link_libraries(test_params OpenSSL::Crypto) +-add_test(NAME parameters-with-engine COMMAND test_params) +-set_tests_properties(parameters-with-engine +- PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_ENGINE}") +- +-add_executable(test_derive test_derive.c) +-target_link_libraries(test_derive OpenSSL::Crypto) +-add_test(NAME derive-with-engine COMMAND test_derive) +-set_tests_properties(derive-with-engine +- PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_ENGINE}") +- +-add_executable(test_sign test_sign.c) +-target_link_libraries(test_sign OpenSSL::Crypto) +-add_test(NAME sign/verify-with-engine COMMAND test_sign) +-set_tests_properties(sign/verify-with-engine +- PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_ENGINE}") +- +-add_executable(test_tls test_tls.c) +-target_link_libraries(test_tls OpenSSL::SSL) +-add_test(NAME TLS-with-engine COMMAND test_tls) +-set_tests_properties(TLS-with-engine +- PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_ENGINE}") +- +-add_executable(test_context test_context.c) +-target_link_libraries(test_context OpenSSL::Crypto) +-add_test(NAME context-with-engine COMMAND test_context) +-set_tests_properties(context-with-engine +- PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_ENGINE}") +-add_test(NAME context-with-provider COMMAND test_context) +-set_tests_properties(context-with-provider +- PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_PROVIDER}") +- +-# test_keyexpimp is an internals testing program, it doesn't need a test env +-add_executable(test_keyexpimp test_keyexpimp.c) +-#target_compile_definitions(test_keyexpimp PUBLIC -DOPENSSL_LOAD_CONF) +-target_link_libraries(test_keyexpimp gost_core gost_err) +-add_test(NAME keyexpimp COMMAND test_keyexpimp) +- +-# test_gost89 is an internals testing program, it doesn't need a test env +-add_executable(test_gost89 test_gost89.c) +-target_link_libraries(test_gost89 gost_core gost_err) +-add_test(NAME gost89 COMMAND test_gost89) +- +-if(NOT SKIP_PERL_TESTS) +- execute_process(COMMAND perl -MTest2::V0 -e "" +- ERROR_QUIET RESULT_VARIABLE MISSING_TEST2_V0) +- find_program(HAVE_PROVE NAMES prove) +- if(NOT MISSING_TEST2_V0 AND HAVE_PROVE) +- add_test(NAME engine +- COMMAND prove --merge -PWrapOpenSSL ${CMAKE_CURRENT_SOURCE_DIR}/test :: engine) +- set_tests_properties(engine PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_ENGINE}") +- add_test(NAME provider +- COMMAND prove --merge -PWrapOpenSSL ${CMAKE_CURRENT_SOURCE_DIR}/test :: provider) +- set_tests_properties(provider PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_PROVIDER}") +- else() +- message(STATUS "No Test2::V0 perl module (engine and provider tests skipped)") +- endif() +-endif() +- +-if(NOT MSVC) +- add_executable(sign benchmark/sign.c) +- target_link_libraries(sign gost_core gost_err ${CLOCK_GETTIME_LIB}) +-endif() +- +-# All that may need to load just built engine will have path to it defined. +-set(BINARY_TESTS_TARGETS +- test_digest +- test_ciphers +- test_curves +- test_params +- test_derive +- test_sign +- test_context +- test_keyexpimp +- test_gost89 +- test_tls +- ) +-set_property(TARGET ${BINARY_TESTS_TARGETS} APPEND PROPERTY COMPILE_DEFINITIONS ENGINE_DIR="${OUTPUT_DIRECTORY}") +- + add_library(gost_core STATIC ${GOST_LIB_SOURCE_FILES}) + set_target_properties(gost_core PROPERTIES POSITION_INDEPENDENT_CODE ON) + target_link_libraries(gost_core PRIVATE OpenSSL::Crypto) From 90fca4694b27203629820579030eb0dae8d3f516 Mon Sep 17 00:00:00 2001 From: Oskari Rauta Date: Sun, 11 Jun 2023 14:13:30 +0300 Subject: [PATCH 12/90] fatresize: bump release use newer git commit, fixes problem with manually specified sizes. Signed-off-by: Oskari Rauta --- utils/fatresize/Makefile | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/utils/fatresize/Makefile b/utils/fatresize/Makefile index ce91f1444..d385584e3 100644 --- a/utils/fatresize/Makefile +++ b/utils/fatresize/Makefile @@ -1,14 +1,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fatresize -PKG_VERSION:=1.1.0 PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/ya-mouse/fatresize.git -PKG_SOURCE_DATE:=2021-11-24 -PKG_SOURCE_VERSION:=316981e43b14f42a9aa7b461c97e1f61f6f2390b -PKG_MIRROR_HASH:=5a7eabaf5896a92c72b9bdf1cacc5aa1bd19335d8c617c8c9bd0f02699b91548 +PKG_SOURCE_DATE:=2023-06-11 +PKG_SOURCE_VERSION:=ab78c48fe46d0eb29fcdfa3c6586ade223218433 +PKG_MIRROR_HASH:=a74ffa8c2327993d0c1d033229ef768dc69bacad8530ffc4b840017e8f436d22 PKG_FIXUP:=autoreconf PKG_BUILD_PARALLEL:=1 From 89123b308f98de6e6e77a1bf21586c8fafc83413 Mon Sep 17 00:00:00 2001 From: Robert Marko Date: Sat, 17 Jun 2023 08:47:39 +0200 Subject: [PATCH 13/90] mhz: add new package mhz is a tool for mathematically calculating the current CPU frequency, it has proven to be a really good help while developing CPU frequency scaling solutions as it allows to independently prove that scaling actually works. Now that the author has added a license we can package it for the all to use. Signed-off-by: Robert Marko --- utils/mhz/Makefile | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 utils/mhz/Makefile diff --git a/utils/mhz/Makefile b/utils/mhz/Makefile new file mode 100644 index 000000000..fa8108917 --- /dev/null +++ b/utils/mhz/Makefile @@ -0,0 +1,33 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=mhz +PKG_RELEASE:=1 + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL=https://github.com/wtarreau/mhz.git +PKG_SOURCE_DATE:=2023-06-17 +PKG_SOURCE_VERSION:=11aac2399780a1f7ea9f007b14af0464797d5cf1 +PKG_MIRROR_HASH:=b3ea0c9e6f111755c4207addef0ea210ace86bc6910c959c6fc489026897676f + +PKG_MAINTAINER:=Robert Marko +PKG_LICENSE:=MIT +PKG_LICENSE_FILES:=LICENSE + +include $(INCLUDE_DIR)/package.mk + +define Package/mhz + SECTION:=utils + CATEGORY:=Utilities + TITLE:=CPU frequency measurement utility +endef + +define Package/mhz/description + Tool to mathematically calculate the current CPU frequency. +endef + +define Package/mhz/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/mhz $(1)/usr/sbin/mhz +endef + +$(eval $(call BuildPackage,mhz)) From b0f8ca045da65147731c56dfa3e5eb1f70e70f7f Mon Sep 17 00:00:00 2001 From: Hannu Nyman Date: Sat, 17 Jun 2023 18:58:13 +0300 Subject: [PATCH 14/90] collectd: handle renaming ipq807x as qualcommax The 'ipq807x' target was renamed to be 'qualcommax' (and ipq807x was set as subtarget). Adjust plugin target dependencies to this renaming. Signed-off-by: Hannu Nyman --- utils/collectd/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/collectd/Makefile b/utils/collectd/Makefile index 63f1b6280..1c8a04bc0 100644 --- a/utils/collectd/Makefile +++ b/utils/collectd/Makefile @@ -459,7 +459,7 @@ $(eval $(call BuildPlugin,chrony,chrony status input,chrony,)) $(eval $(call BuildPlugin,conntrack,connection tracking table size input,conntrack,)) $(eval $(call BuildPlugin,contextswitch,context switch input,contextswitch,)) $(eval $(call BuildPlugin,cpu,CPU input,cpu,)) -$(eval $(call BuildPlugin,cpufreq,CPU Freq input,cpufreq,@(TARGET_x86||TARGET_x86_64||TARGET_mvebu||TARGET_ipq806x||TARGET_armsr||TARGET_ipq40xx||TARGET_bcm27xx_bcm2709||TARGET_rockchip||TARGET_mediatek||TARGET_ipq807x))) # Only enable on targets with CPUs supporting frequency scaling +$(eval $(call BuildPlugin,cpufreq,CPU Freq input,cpufreq,@(TARGET_x86||TARGET_x86_64||TARGET_mvebu||TARGET_ipq806x||TARGET_armsr||TARGET_ipq40xx||TARGET_bcm27xx_bcm2709||TARGET_rockchip||TARGET_mediatek||TARGET_qualcommax))) # Only enable on targets with CPUs supporting frequency scaling $(eval $(call BuildPlugin,csv,CSV output,csv,)) $(eval $(call BuildPlugin,curl,cURL input,curl,+PACKAGE_collectd-mod-curl:libcurl)) #$(eval $(call BuildPlugin,dbi,relational database input,dbi,+PACKAGE_collectd-mod-dbi:libdbi)) From ce0749a477d64b23fc77e6bd24d18903263ac4c6 Mon Sep 17 00:00:00 2001 From: Facundo Acevedo Date: Fri, 9 Jun 2023 20:47:59 -0300 Subject: [PATCH 15/90] arp-whisper: Add new package arp-whisper listens to ARP requests on a network interface and responds to them based on a list of IP-MAC address mappings defined in a configuration file Signed-off-by: Facundo Acevedo --- utils/arp-whisper/Makefile | 53 +++++++++++++++++++ utils/arp-whisper/files/arp-whisper.init | 14 +++++ .../files/etc/arp-whisper/arp-whisper | 8 +++ 3 files changed, 75 insertions(+) create mode 100644 utils/arp-whisper/Makefile create mode 100644 utils/arp-whisper/files/arp-whisper.init create mode 100644 utils/arp-whisper/files/etc/arp-whisper/arp-whisper diff --git a/utils/arp-whisper/Makefile b/utils/arp-whisper/Makefile new file mode 100644 index 000000000..23461f998 --- /dev/null +++ b/utils/arp-whisper/Makefile @@ -0,0 +1,53 @@ +# SPDX-License-Identifier: GPL-3.0-only +# +# Copyright (C) 2023 Facundo Acevedo + +include $(TOPDIR)/rules.mk + +PKG_NAME:=arp-whisper +PKG_VERSION:=0.1.2 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://codeload.github.com/FacundoAcevedo/arp-whisper/tar.gz/v$(PKG_VERSION)? +PKG_HASH:=13b393c64505d62b5abf7ace244eed0ce62f4b1562a688ddb5651bd42cc7c305 + +PKG_MAINTAINER:=Facundo Acevedo +PKG_LICENSE:=GPL-3.0-or-later +PKG_LICENSE_FILES:=LICENCE + +PKG_BUILD_DEPENDS:=rust/host + +include $(INCLUDE_DIR)/package.mk +include ../../lang/rust/rust-package.mk + +define Package/arp-whisper + SECTION:=utils + CATEGORY:=Utilities + TITLE:=ARP responses based on MAC-IP pairs + DEPENDS:=$(RUST_ARCH_DEPENDS) + URL:=https://github.com/FacundoAcevedo/arp-whisper +endef + +define Package/arp-whisper/description + arp-whisper listens to ARP requests on a network interface and responds + to them based on a list of IP-MAC address mappings defined in a + configuration file. +endef + +define Package/arp-whisper/conffiles +/etc/arp-whisper/arp-whisper +endef + +define Package/arp-whisper/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/bin/arp-whisper $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/etc + $(INSTALL_DIR) $(1)/etc/arp-whisper + $(INSTALL_CONF) ./files/etc/arp-whisper/arp-whisper $(1)/etc/arp-whisper + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/arp-whisper.init $(1)/etc/init.d/arp-whisper +endef + +$(eval $(call RustBinPackage,arp-whisper)) +$(eval $(call BuildPackage,arp-whisper)) diff --git a/utils/arp-whisper/files/arp-whisper.init b/utils/arp-whisper/files/arp-whisper.init new file mode 100644 index 000000000..f5a29773d --- /dev/null +++ b/utils/arp-whisper/files/arp-whisper.init @@ -0,0 +1,14 @@ +#!/bin/sh /etc/rc.common + +START=60 +USE_PROCD=1 +PROG=/usr/sbin/arp-whisper +CONF_FILE=/etc/arp-whisper/arp-whisper + +start_service() { + procd_open_instance + procd_set_param command "$PROG" "$CONF_FILE" + procd_set_param stdout 1 + procd_set_param stderr 1 + procd_close_instance +} diff --git a/utils/arp-whisper/files/etc/arp-whisper/arp-whisper b/utils/arp-whisper/files/etc/arp-whisper/arp-whisper new file mode 100644 index 000000000..d2d8de71f --- /dev/null +++ b/utils/arp-whisper/files/etc/arp-whisper/arp-whisper @@ -0,0 +1,8 @@ +logging_level = "info" +[Network] +interface = br-lan + +[Hosts] +; ip = mac_address +; 192.168.1.2 = aa:bb:cc:dd:ee:ff +; 192.168.1.3 = 00:11:22:33:44:55 From e257404154a78a45bba3919a3b1bf3c2b9b1aa72 Mon Sep 17 00:00:00 2001 From: Hirokazu MORIKAWA Date: Sat, 17 Jun 2023 09:52:25 +0900 Subject: [PATCH 16/90] libuv: bump to 1.45.0 1.45.0 * linux: introduce io_uring support * src: add new metrics APIs * unix,win: give thread pool threads an 8 MB stack * win,unix: change execution order of timers 1.44.2 * loop: better align order-of-events behavior between platforms * zos: fix fs event not fired if the watched file is moved/removed/recreated * win: Fix pipe resource leak if closed during connect (and other bugs) * zos: don't error when killing a zombie process * macos: avoid posix_spawnp() cwd bug * kqueue: skip EVFILT_PROC events when invalidating events for an fd. Signed-off-by: Hirokazu MORIKAWA --- libs/libuv/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libs/libuv/Makefile b/libs/libuv/Makefile index 37738c6fd..5b4bface1 100644 --- a/libs/libuv/Makefile +++ b/libs/libuv/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libuv -PKG_VERSION:=1.44.1 +PKG_VERSION:=1.45.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://dist.libuv.org/dist/v$(PKG_VERSION)/ -PKG_HASH:=9d37b63430fe3b92a9386b949bebd8f0b4784a39a16964c82c9566247a76f64a +PKG_HASH:=f5b07f65a1e8166e47983a7ed1f42fae0bee08f7458142170c37332fc676a748 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-v$(PKG_VERSION) PKG_MAINTAINER:=Marko Ratkaj From 194cf52a82df2bdf98d52687762287ae689b6fc6 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Mon, 19 Jun 2023 14:44:12 +0800 Subject: [PATCH 17/90] cloudflared: Update to 2023.6.0 Signed-off-by: Tianling Shen --- net/cloudflared/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/cloudflared/Makefile b/net/cloudflared/Makefile index 88f6c5a94..1e5462cda 100644 --- a/net/cloudflared/Makefile +++ b/net/cloudflared/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=cloudflared -PKG_VERSION:=2023.5.1 +PKG_VERSION:=2023.6.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/cloudflare/cloudflared/tar.gz/$(PKG_VERSION)? -PKG_HASH:=ee2c2a4b0c290c39475f79ab74972dfbce817df8e5090813cad0e58f33836194 +PKG_HASH:=8be9ab929fa5bbc021041e4fe33e2f91b4fe16d9c8354bfc19b1ad3fedb39b51 PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE From 6938f58a4528c6b3d314808fd2ec6da2a2dff77c Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Fri, 9 Jun 2023 17:54:20 +0800 Subject: [PATCH 18/90] setools: Update to 4.4.2, reorganize package * Add separate packages for each tool (setools-*) and a package for the Python bindings (python3-setools) * Update the setools package as a meta-package that installs all tools, keeping it functionally the same as the current setools package * Remove gui tool (apol) and Python binding (setoolsgui) * Simplify 030-remove-host-paths.patch (libraries installed by Build/InstallDev are placed in $(STAGING_DIR)/usr/lib only) * Update package titles, descriptions, license, and dependencies Signed-off-by: Jeffery To --- utils/setools/Makefile | 95 ++++++++++++++++--- utils/setools/patches/010-no-gui.patch | 16 ++++ .../patches/030-remove-host-paths.patch | 5 +- 3 files changed, 102 insertions(+), 14 deletions(-) create mode 100644 utils/setools/patches/010-no-gui.patch diff --git a/utils/setools/Makefile b/utils/setools/Makefile index 2e6d3f915..2bb4c7ff4 100644 --- a/utils/setools/Makefile +++ b/utils/setools/Makefile @@ -6,36 +6,109 @@ include $(TOPDIR)/rules.mk PKG_NAME:=setools -PKG_VERSION:=4.4.0 -PKG_RELEASE:=2 +PKG_VERSION:=4.4.2 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://github.com/SELinuxProject/setools/releases/download/$(PKG_VERSION) -PKG_HASH:=f3786677e40b7f16a226f48f233dcf835e700739614a7dbed2ff61cc9607814e -PKG_BUILD_DIR:=$(BUILD_DIR)/setools +PKG_HASH:=f23e3c8635aa289096ca0218ca6f4568a4346e088bc46f374cb0917b7fb66f05 PKG_BUILD_DEPENDS:=python-cython/host # Cython>=0.27 PKG_MAINTAINER:=W. Michael Petullo -PKG_LICENSE:=GPL-2.0-or-later LGPL-2.1-or-later +PKG_LICENSE:=GPL-2.0-only LGPL-2.1-only PKG_LICENSE_FILES:=COPYING COPYING.GPL COPYING.LGPL PKG_CPE_ID:=cpe:/a:selinuxproject:setools include $(INCLUDE_DIR)/package.mk include ../../lang/python/python3-package.mk -define Package/setools +TAR_OPTIONS+= --strip-components 1 +TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS) + +define Package/setools/Default SECTION:=utils CATEGORY:=Utilities - DEPENDS:=+python3 +python3-pkg-resources +python3-networkx +libselinux +libsepol - TITLE:=Policy analysis tools for SELinux + TITLE:=SELinux policy analysis tool URL:=http://selinuxproject.org/page/Main_Page + DEPENDS:=+python3-light +python3-logging +python3-setools +endef + +define Package/setools/Default/description +SETools is a collection of tools and libraries designed to facilitate +SELinux policy analysis. +endef + +define Package/python3-setools + SECTION:=lang + CATEGORY:=Languages + SUBMENU:=Python + TITLE:=SETools Python bindings + URL:=http://selinuxproject.org/page/Main_Page + DEPENDS:=+python3-light +python3-logging +python3-pkg-resources +libselinux +libsepol +endef + +define Package/python3-setools/description +$(call Package/setools/Default/description) + +This contains the SETools Python binding. +endef + +Py3Package/python3-setools/install:=: + +define Package/setools +$(call Package/setools/Default) + TITLE+= meta-package + DEPENDS:= \ + setools-sechecker \ + setools-sediff \ + setools-sedta \ + setools-seinfo \ + setools-seinfoflow \ + setools-sesearch endef define Package/setools/description - SETools is a collection of tools and libraries designed to facilitate - SELinux policy analysis. +$(call Package/setools/Default/description) + +This is a meta-package that installs all of the SETools tools. endef -$(eval $(call Py3Package,setools)) +Package/setools/install:=: + +define BuildUtil + define Package/setools-$(1) + $(call Package/setools/Default) + TITLE+= $(1) + DEPENDS+= $(2) + endef + + define Package/setools-$(1)/description +$(call Package/setools/Default/description) + +This contains the $(1) tool. + endef + + define Py3Package/setools-$(1)/install + $$(INSTALL_DIR) $$(1)/usr/bin + $$(INSTALL_BIN) $$(PKG_INSTALL_DIR)/usr/bin/$(1) $$(1)/usr/bin/ + endef + + Py3Package/setools-$(1)/filespec:= + + $$(eval $$(call Py3Package,setools-$(1))) + $$(eval $$(call BuildPackage,setools-$(1))) +endef + +$(eval $(call Py3Package,python3-setools)) +$(eval $(call BuildPackage,python3-setools)) +$(eval $(call BuildPackage,python3-setools-src)) + $(eval $(call BuildPackage,setools)) + +$(eval $(call BuildUtil,sechecker)) +$(eval $(call BuildUtil,sediff)) +$(eval $(call BuildUtil,sedta,+python3-networkx)) +$(eval $(call BuildUtil,seinfo)) +$(eval $(call BuildUtil,seinfoflow,+python3-networkx)) +$(eval $(call BuildUtil,sesearch)) diff --git a/utils/setools/patches/010-no-gui.patch b/utils/setools/patches/010-no-gui.patch new file mode 100644 index 000000000..54f03c316 --- /dev/null +++ b/utils/setools/patches/010-no-gui.patch @@ -0,0 +1,16 @@ +--- a/setup.py ++++ b/setup.py +@@ -139,10 +139,10 @@ setup(name='setools', + author_email='pebenito@ieee.org', + url='https://github.com/SELinuxProject/setools', + cmdclass={'build_qhc': QtHelpCommand, 'clean': CleanCommand}, +- packages=['setools', 'setools.checker', 'setools.diff', 'setoolsgui', 'setoolsgui.apol'], +- scripts=['apol', 'sediff', 'seinfo', 'seinfoflow', 'sesearch', 'sedta', 'sechecker'], ++ packages=['setools', 'setools.checker', 'setools.diff'], ++ scripts=['sediff', 'seinfo', 'seinfoflow', 'sesearch', 'sedta', 'sechecker'], + data_files=installed_data, +- package_data={'': ['*.ui', '*.qhc', '*.qch'], 'setools': ['perm_map', ++ package_data={'setools': ['perm_map', + 'policyrep.pyi', + 'py.typed']}, + ext_modules=cythonize(ext_py_mods, include_path=['setools/policyrep'], diff --git a/utils/setools/patches/030-remove-host-paths.patch b/utils/setools/patches/030-remove-host-paths.patch index 94553004d..bec9be9d6 100644 --- a/utils/setools/patches/030-remove-host-paths.patch +++ b/utils/setools/patches/030-remove-host-paths.patch @@ -1,12 +1,11 @@ --- a/setup.py +++ b/setup.py -@@ -79,7 +79,8 @@ class QtHelpCommand(Command): +@@ -79,7 +79,7 @@ class QtHelpCommand(Command): # Library linkage -lib_dirs = ['.', '/usr/lib64', '/usr/lib', '/usr/local/lib'] -+owrt_staging_dir = os.environ["STAGING_DIR"] -+lib_dirs = ['.', owrt_staging_dir + '/usr/lib64', owrt_staging_dir + '/usr/lib', owrt_staging_dir + '/usr/local/lib' ] ++lib_dirs = ['.', os.environ["STAGING_DIR"] + '/usr/lib'] include_dirs = [] with suppress(KeyError): From a205483547ca835d98d5da1284e8a77c88eb5f97 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Thu, 8 Jun 2023 15:34:09 +0800 Subject: [PATCH 19/90] python3-libselinux: Update to 3.5, rename source/target package * Rename: * Source package from python3-libselinux to python-selinux * Target package from python3-libselinux to python3-selinux * Update dependents with new target package name * Remove patches: * 010-setup-py-custom-cc.patch: LDSHARED is already set as part of $(PYTHON3_VARS) * 020-Make-use-of-variables-when-defining-libdir-and-inclu.patch: This package doesn't install the libselinux.pc file * Update package title and dependencies * Remove Build/InstallDev (files not used by any other package) * Use Py3Package to build Python bytecode and source packages Signed-off-by: Jeffery To --- .../Makefile | 59 ++++++++----------- .../patches/010-setup-py-custom-cc.patch | 11 ---- ...ables-when-defining-libdir-and-inclu.patch | 21 ------- utils/selinux-python/Makefile | 4 +- 4 files changed, 28 insertions(+), 67 deletions(-) rename lang/python/{python3-libselinux => python-selinux}/Makefile (58%) delete mode 100644 lang/python/python3-libselinux/patches/010-setup-py-custom-cc.patch delete mode 100644 lang/python/python3-libselinux/patches/020-Make-use-of-variables-when-defining-libdir-and-inclu.patch diff --git a/lang/python/python3-libselinux/Makefile b/lang/python/python-selinux/Makefile similarity index 58% rename from lang/python/python3-libselinux/Makefile rename to lang/python/python-selinux/Makefile index f56483b44..5736ef09a 100644 --- a/lang/python/python3-libselinux/Makefile +++ b/lang/python/python-selinux/Makefile @@ -5,38 +5,38 @@ include $(TOPDIR)/rules.mk -SRC_NAME:=libselinux -PKG_NAME:=python3-$(SRC_NAME) -PKG_VERSION:=3.3 -PKG_RELEASE:=3 +PKG_NAME:=python-selinux +PKG_VERSION:=3.5 +PKG_RELEASE:=1 -PKG_BUILD_DIR:=$(BUILD_DIR)/python-libselinux/$(SRC_NAME)-$(PKG_VERSION) +SRC_NAME:=libselinux PKG_SOURCE:=$(SRC_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION) -PKG_HASH:=acfdee27633d2496508c28727c3d41d3748076f66d42fccde2e6b9f3463a7057 -PKG_BUILD_DEPENDS:=swig/host +PKG_HASH:=9a3a3705ac13a2ccca2de6d652b6356fead10f36fb33115c185c5ccdf29eec19 +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/$(SRC_NAME)-$(PKG_VERSION) PKG_MAINTAINER:=Thomas Petazzoni PKG_LICENSE:=libselinux-1.0 PKG_LICENSE_FILES:=LICENSE PKG_CPE_ID:=cpe:/a:selinuxproject:libselinux + +PKG_BUILD_DEPENDS:=swig/host +PKG_BUILD_PARALLEL:=1 PYTHON3_PKG_BUILD:=0 -PKG_INSTALL:=1 -MAKE_PATH:=src include $(INCLUDE_DIR)/package.mk include ../python3-package.mk -define Package/python3-libselinux - TITLE:=Python bindings for the runtime SELinux library +define Package/python3-selinux SUBMENU:=Python SECTION:=lang CATEGORY:=Languages - DEPENDS:=+libpcre +musl-fts +python3 +libselinux + TITLE:=SELinux runtime library bindings + DEPENDS:=+python3-light +libselinux URL:=http://selinuxproject.org/page/Main_Page endef -define Package/python3-libselinux/description +define Package/python3-selinux/description libselinux is the runtime SELinux library that provides interfaces (e.g. library functions for the SELinux kernel APIs like getcon(), other support functions like @@ -48,34 +48,27 @@ define Package/python3-libselinux/description This package provides the Python bindings for libselinux. endef +MAKE_VARS += \ + $(PYTHON3_VARS) \ + $(HOST_PYTHON3_PIP_VARS) \ + PYTHON_SETUP_ARGS=--no-compile + +MAKE_FLAGS += \ + SHLIBDIR=/usr/lib + ifneq ($(CONFIG_USE_MUSL),) + MAKE_FLAGS += FTS_LDLIBS=-lfts TARGET_CFLAGS += -D_LARGEFILE64_SOURCE endif -MAKE_FLAGS += \ - FTS_LDLIBS=-lfts \ - SHLIBDIR=/usr/lib \ - PYTHON=$(PYTHON3) \ - PYINC="-I $(PYTHON3_INC_DIR)" \ - PYLIBS="-lpython$(PYTHON3_VERSION)" \ - $(PYTHON3_VARS) - define Build/Compile - $(call Build/Compile/Default,swigify pywrap) + $(call Build/Compile/Default,pywrap) endef define Build/Install $(call Build/Install/Default,install-pywrap) endef -define Build/InstallDev - $(INSTALL_DIR) $(1)$(PYTHON3_PKG_DIR) - $(CP) $(PKG_INSTALL_DIR)$(PYTHON3_PKG_DIR)/* $(1)$(PYTHON3_PKG_DIR) -endef - -define Package/python3-libselinux/install - $(INSTALL_DIR) $(1)$(PYTHON3_PKG_DIR) - $(CP) $(PKG_INSTALL_DIR)$(PYTHON3_PKG_DIR)/* $(1)$(PYTHON3_PKG_DIR) -endef - -$(eval $(call BuildPackage,python3-libselinux)) +$(eval $(call Py3Package,python3-selinux)) +$(eval $(call BuildPackage,python3-selinux)) +$(eval $(call BuildPackage,python3-selinux-src)) diff --git a/lang/python/python3-libselinux/patches/010-setup-py-custom-cc.patch b/lang/python/python3-libselinux/patches/010-setup-py-custom-cc.patch deleted file mode 100644 index 8fe816588..000000000 --- a/lang/python/python3-libselinux/patches/010-setup-py-custom-cc.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/src/Makefile -+++ b/src/Makefile -@@ -139,7 +139,7 @@ SWIGRUBY = swig -Wall -ruby -o $(SWIGRUB - all: $(LIBA) $(LIBSO) $(LIBPC) - - pywrap: all selinuxswig_python_exception.i -- CFLAGS="$(CFLAGS) $(SWIG_CFLAGS)" $(PYTHON) setup.py build_ext -+ LDSHARED="$(CC) -shared" CFLAGS="$(CFLAGS) $(SWIG_CFLAGS)" $(PYTHON) setup.py build_ext - - rubywrap: all $(SWIGRUBYSO) - diff --git a/lang/python/python3-libselinux/patches/020-Make-use-of-variables-when-defining-libdir-and-inclu.patch b/lang/python/python3-libselinux/patches/020-Make-use-of-variables-when-defining-libdir-and-inclu.patch deleted file mode 100644 index c900ff143..000000000 --- a/lang/python/python3-libselinux/patches/020-Make-use-of-variables-when-defining-libdir-and-inclu.patch +++ /dev/null @@ -1,21 +0,0 @@ -Pkg-config definitions commonly make use of ${exec_prefix} and ${prefix} -when defining libdir and includedir, respectively. OpenWrt, for example, -relies on this when it adjusts things for cross compiling. - -Signed-off-by: W. Michael Petullo ---- - src/libselinux.pc.in | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/src/libselinux.pc.in -+++ b/src/libselinux.pc.in -@@ -1,7 +1,7 @@ - prefix=@prefix@ - exec_prefix=${prefix} --libdir=@libdir@ --includedir=@includedir@ -+libdir=${exec_prefix}/lib -+includedir=${prefix}/include - - Name: libselinux - Description: SELinux utility library diff --git a/utils/selinux-python/Makefile b/utils/selinux-python/Makefile index ffaa99c7f..af025c7b0 100644 --- a/utils/selinux-python/Makefile +++ b/utils/selinux-python/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=selinux-python PKG_VERSION:=3.2 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION) @@ -28,7 +28,7 @@ include ../../lang/python/python3-package.mk define Package/selinux-python/Default SECTION:=utils - DEPENDS:=+python3 +python3-libselinux + DEPENDS:=+python3 +python3-selinux CATEGORY:=Utilities URL:=http://selinuxproject.org/page/Main_Page endef From 23ff8177f030610f40300519cd888dbfd47f3e3a Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Thu, 8 Jun 2023 16:45:07 +0800 Subject: [PATCH 20/90] python3-libsemanage: Update to 3.5, rename source/target package * Rename: * Source package from python3-libsemanage to python-semanage * Target package from python3-libsemanage to python3-semanage * Update dependents with new target package name * Update package title, license files, and dependencies * Remove Build/InstallDev (files not used by any other package) * Use Py3Package to build Python bytecode and source packages Signed-off-by: Jeffery To --- .../Makefile | 52 +++++++------------ utils/selinux-python/Makefile | 4 +- 2 files changed, 21 insertions(+), 35 deletions(-) rename lang/python/{python3-libsemanage => python-semanage}/Makefile (56%) diff --git a/lang/python/python3-libsemanage/Makefile b/lang/python/python-semanage/Makefile similarity index 56% rename from lang/python/python3-libsemanage/Makefile rename to lang/python/python-semanage/Makefile index c1a825767..33e148cf2 100644 --- a/lang/python/python3-libsemanage/Makefile +++ b/lang/python/python-semanage/Makefile @@ -5,38 +5,38 @@ include $(TOPDIR)/rules.mk -SRC_NAME:=libsemanage -PKG_NAME:=python3-$(SRC_NAME) -PKG_VERSION:=3.2 +PKG_NAME:=python-semanage +PKG_VERSION:=3.5 PKG_RELEASE:=1 -PKG_BUILD_DIR:=$(BUILD_DIR)/python-libsemanage/$(SRC_NAME)-$(PKG_VERSION) +SRC_NAME:=libsemanage PKG_SOURCE:=$(SRC_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION) -PKG_HASH:=d722a55ca4fe2d4e2b30527720db657e6238b28079e69e2e4affeb8e733ee511 -PKG_BUILD_DEPENDS:=swig/host +PKG_HASH:=f53534e50247538280ed0d76c6ce81d8fb3939bd64cadb89da10dba42e40dd9c +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/$(SRC_NAME)-$(PKG_VERSION) PKG_MAINTAINER:=Thomas Petazzoni PKG_LICENSE:=LGPL-2.1-or-later -PKG_LICENSE_FILES:=COPYING +PKG_LICENSE_FILES:=LICENSE PKG_CPE_ID:=cpe:/a:selinuxproject:libsemanage + +PKG_BUILD_DEPENDS:=swig/host +PKG_BUILD_PARALLEL:=1 PYTHON3_PKG_BUILD:=0 -PKG_INSTALL:=1 -MAKE_PATH:=src include $(INCLUDE_DIR)/package.mk include ../python3-package.mk -define Package/python3-libsemanage - TITLE:=Python bindings for the SELinux policy management library +define Package/python3-semanage SUBMENU:=Python SECTION:=lang CATEGORY:=Languages - DEPENDS:=+python3 +libsemanage + TITLE:=SELinux policy management library bindings + DEPENDS:=+python3-light +libsemanage URL:=http://selinuxproject.org/page/Main_Page endef -define Package/python3-libsemanage/description +define Package/python3-semanage/description libsemanage is the policy management library. It uses libsepol for binary policy manipulation and libselinux for interacting with the SELinux system. It also exec's helper @@ -46,33 +46,19 @@ define Package/python3-libsemanage/description change at least for the bootstrapping case (for rpm). This package provides the Python bindings for libsemanage. -endef #' +endef -MAKE_FLAGS += \ - PYTHON=$(PYTHON3) \ - PYINC="-I $(PYTHON3_INC_DIR)" \ - PYLIBS="-lpython$(PYTHON3_VERSION)" \ +MAKE_VARS += \ $(PYTHON3_VARS) define Build/Compile - $(call Build/Compile/Default,swigify pywrap) + $(call Build/Compile/Default,pywrap) endef define Build/Install $(call Build/Install/Default,install-pywrap) endef -define Build/Configure -endef - -define Build/InstallDev - $(INSTALL_DIR) $(1)$(PYTHON3_PKG_DIR) - $(CP) $(PKG_INSTALL_DIR)$(PYTHON3_PKG_DIR)/* $(1)$(PYTHON3_PKG_DIR) -endef - -define Package/python3-libsemanage/install - $(INSTALL_DIR) $(1)$(PYTHON3_PKG_DIR) - $(CP) $(PKG_INSTALL_DIR)$(PYTHON3_PKG_DIR)/* $(1)$(PYTHON3_PKG_DIR) -endef - -$(eval $(call BuildPackage,python3-libsemanage)) +$(eval $(call Py3Package,python3-semanage)) +$(eval $(call BuildPackage,python3-semanage)) +$(eval $(call BuildPackage,python3-semanage-src)) diff --git a/utils/selinux-python/Makefile b/utils/selinux-python/Makefile index af025c7b0..ed51bc7f3 100644 --- a/utils/selinux-python/Makefile +++ b/utils/selinux-python/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=selinux-python PKG_VERSION:=3.2 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION) @@ -93,7 +93,7 @@ endef define Package/selinux-semanage $(call Package/selinux-python/Default) TITLE:=selinux-semanage - DEPENDS+=+python3-sepolicy +python3-libsemanage +setools + DEPENDS+=+python3-sepolicy +python3-semanage +setools endef define Package/selinux-semanage/description From 03225ca7b0755eb342191f7bff8871a8ddfddb1c Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Fri, 9 Jun 2023 13:16:13 +0800 Subject: [PATCH 21/90] selinux-python: Order package sections alphabetically Signed-off-by: Jeffery To --- utils/selinux-python/Makefile | 96 +++++++++++++++++------------------ 1 file changed, 48 insertions(+), 48 deletions(-) diff --git a/utils/selinux-python/Makefile b/utils/selinux-python/Makefile index ed51bc7f3..e6f3f12c0 100644 --- a/utils/selinux-python/Makefile +++ b/utils/selinux-python/Makefile @@ -47,6 +47,52 @@ define Build/Compile $(call Build/Compile/Default,all) endef +# +# python3-sepolgen +# + +define Package/python3-sepolgen +$(call Package/selinux-python/Default) + SUBMENU:=Python + SECTION:=lang + CATEGORY:=Languages + TITLE:=python3-sepolgen +endef + +define Package/python3-sepolgen/description +$(call Package/selinux-python/Default/description) + This package contains the sepolgen Python library. +endef + +define Package/python3-sepolgen/install + $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/sepolgen DESTDIR=$(1) install + $(INSTALL_DIR) $(1)/usr/share/sepolgen/ + $(INSTALL_DATA) $(1)/var/lib/sepolgen/perm_map $(1)/usr/share/sepolgen/perm_map + $(RM) -rf $(1)/var +endef + +# +# python3-sepolicy +# + +define Package/python3-sepolicy +$(call Package/selinux-python/Default) + SUBMENU:=Python + SECTION:=lang + CATEGORY:=Languages + TITLE:=python3-sepolicy +endef + +define Package/python3-sepolicy/description +$(call Package/selinux-python/Default/description) + This package contains the sepolicy Python library. +endef + +define Package/python3-sepolicy/install + $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/sepolicy DESTDIR=$(1) install + rm -rf $(1)/usr/share +endef + # # selinux-audit2allow # @@ -106,54 +152,8 @@ define Package/selinux-semanage/install rm -rf $(1)/usr/share endef -# -# python3-sepolgen -# - -define Package/python3-sepolgen -$(call Package/selinux-python/Default) - SUBMENU:=Python - SECTION:=lang - CATEGORY:=Languages - TITLE:=python3-sepolgen -endef - -define Package/python3-sepolgen/description -$(call Package/selinux-python/Default/description) - This package contains the sepolgen Python library. -endef - -define Package/python3-sepolgen/install - $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/sepolgen DESTDIR=$(1) install - $(INSTALL_DIR) $(1)/usr/share/sepolgen/ - $(INSTALL_DATA) $(1)/var/lib/sepolgen/perm_map $(1)/usr/share/sepolgen/perm_map - $(RM) -rf $(1)/var -endef - -# -# python3-sepolicy -# - -define Package/python3-sepolicy -$(call Package/selinux-python/Default) - SUBMENU:=Python - SECTION:=lang - CATEGORY:=Languages - TITLE:=python3-sepolicy -endef - -define Package/python3-sepolicy/description -$(call Package/selinux-python/Default/description) - This package contains the sepolicy Python library. -endef - -define Package/python3-sepolicy/install - $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/sepolicy DESTDIR=$(1) install - rm -rf $(1)/usr/share -endef - +$(eval $(call BuildPackage,python3-sepolgen)) +$(eval $(call BuildPackage,python3-sepolicy)) $(eval $(call BuildPackage,selinux-audit2allow)) $(eval $(call BuildPackage,selinux-chcat)) $(eval $(call BuildPackage,selinux-semanage)) -$(eval $(call BuildPackage,python3-sepolgen)) -$(eval $(call BuildPackage,python3-sepolicy)) From 61e79aad69015d71286d7b47f6bcccee20baf796 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Fri, 9 Jun 2023 13:28:11 +0800 Subject: [PATCH 22/90] selinux-python: Add default sections for Python and util packages This also moves the python3-selinux dependency from the default section into each util package. Signed-off-by: Jeffery To --- utils/selinux-python/Makefile | 39 +++++++++++++++++++++-------------- 1 file changed, 23 insertions(+), 16 deletions(-) diff --git a/utils/selinux-python/Makefile b/utils/selinux-python/Makefile index e6f3f12c0..20d6b1106 100644 --- a/utils/selinux-python/Makefile +++ b/utils/selinux-python/Makefile @@ -27,10 +27,22 @@ include ../../lang/python/python3-package.mk # define Package/selinux-python/Default - SECTION:=utils - DEPENDS:=+python3 +python3-selinux - CATEGORY:=Utilities URL:=http://selinuxproject.org/page/Main_Page + DEPENDS:=+python3 +endef + +define Package/selinux-python/Default/python +$(call Package/selinux-python/Default) + SUBMENU:=Python + SECTION:=lang + CATEGORY:=Languages + DEPENDS:= +endef + +define Package/selinux-python/Default/util +$(call Package/selinux-python/Default) + SECTION:=utils + CATEGORY:=Utilities endef define Package/selinux-python/Default/description @@ -52,10 +64,7 @@ endef # define Package/python3-sepolgen -$(call Package/selinux-python/Default) - SUBMENU:=Python - SECTION:=lang - CATEGORY:=Languages +$(call Package/selinux-python/Default/python) TITLE:=python3-sepolgen endef @@ -76,10 +85,7 @@ endef # define Package/python3-sepolicy -$(call Package/selinux-python/Default) - SUBMENU:=Python - SECTION:=lang - CATEGORY:=Languages +$(call Package/selinux-python/Default/python) TITLE:=python3-sepolicy endef @@ -98,9 +104,9 @@ endef # define Package/selinux-audit2allow -$(call Package/selinux-python/Default) +$(call Package/selinux-python/Default/util) TITLE:=selinux-audit2allow - DEPENDS+=+python3-sepolgen +libselinux +libsepol + DEPENDS+= +python3-selinux +python3-sepolgen +libselinux +libsepol endef define Package/selinux-audit2allow/description @@ -118,8 +124,9 @@ endef # define Package/selinux-chcat -$(call Package/selinux-python/Default) +$(call Package/selinux-python/Default/util) TITLE:=selinux-chcat + DEPENDS+= +python3-selinux endef define Package/selinux-chcat/description @@ -137,9 +144,9 @@ endef # define Package/selinux-semanage -$(call Package/selinux-python/Default) +$(call Package/selinux-python/Default/util) TITLE:=selinux-semanage - DEPENDS+=+python3-sepolicy +python3-semanage +setools + DEPENDS+= +python3-selinux +python3-sepolicy +python3-semanage +setools endef define Package/selinux-semanage/description From 0e652e244928afd3ac9490589542de0263b89e44 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Mon, 12 Jun 2023 08:31:25 -0300 Subject: [PATCH 23/90] alpine: disable parallel build Parallel build does not work because it may reach a point where OSTYPE might be needed before it is actually built. They appear to run parallel to each other: echo slx > OSTYPE [...] cat: OSTYPE: No such file or directory sh: line 1: test: too many arguments cat: OSTYPE: No such file or directory Already built for -- you must do "make clean" first make[6]: *** [Makefile:706: rebuild] Error 1 make[6]: *** Waiting for unfinished jobs.... Signed-off-by: Eneas U de Queiroz --- mail/alpine/Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/mail/alpine/Makefile b/mail/alpine/Makefile index b11d4aa30..83969b8cc 100644 --- a/mail/alpine/Makefile +++ b/mail/alpine/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=alpine PKG_VERSION:=2.25 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://alpineapp.email/alpine/release/src/Old @@ -20,7 +20,6 @@ PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE PKG_INSTALL:=1 -PKG_BUILD_PARALLEL:=1 include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/nls.mk From f9be61715fe30b5ee55b98fba7495fd678eb564a Mon Sep 17 00:00:00 2001 From: Philip Prindeville Date: Sat, 17 Jun 2023 20:09:48 -0600 Subject: [PATCH 24/90] isc-dhcp: force sending unrequested parameters Signed-off-by: Philip Prindeville --- net/isc-dhcp/Makefile | 2 +- net/isc-dhcp/files/dhcpd.init | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/net/isc-dhcp/Makefile b/net/isc-dhcp/Makefile index b326d48a0..981063dae 100644 --- a/net/isc-dhcp/Makefile +++ b/net/isc-dhcp/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=isc-dhcp UPSTREAM_NAME:=dhcp PKG_VERSION:=4.4.3-P1 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE diff --git a/net/isc-dhcp/files/dhcpd.init b/net/isc-dhcp/files/dhcpd.init index 7eb3dc3af..8aa30cd27 100755 --- a/net/isc-dhcp/files/dhcpd.init +++ b/net/isc-dhcp/files/dhcpd.init @@ -274,6 +274,7 @@ static_srvhosts() { static_host_add() { local cfg="$1" local broadcast hostid macn macs mac name ip ips revip leasetime + local force_send extra_options option config_get macs "$cfg" "mac" [ -n "$macs" ] || return 0 @@ -296,6 +297,23 @@ static_host_add() { hex_to_hostid hostid "$hostid" || return 1 fi + config_get force_send "$cfg" "force_send" + extra_options= + local _IFS="$IFS" IFS=',' + for option in $force_send; do + case "$option" in + hostname) + extra_options="$extra_options${extra_options:+ }0c" ;; + domain-name) + extra_options="$extra_options${extra_options:+ }0f" ;; + fqdn) + extra_options="$extra_options${extra_options:+ }51" ;; + *) + echo "unknown option: $option" >&2 ;; + esac + done + IFS="$_IFS" + macn=0 for mac in $macs; do macn=$(( macn + 1 )) @@ -328,6 +346,9 @@ static_host_add() { fi config_list_foreach "$cfg" "routes" append_routes config_list_foreach "$cfg" "dhcp_option" append_dhcp_options + if [ -n "$extra_options" ]; then + echo -e " if exists dhcp-parameter-request-list {\n option dhcp-parameter-request-list = concat(option dhcp-parameter-request-list, $extra_options);\n }" + fi echo "}" done From fc4cd3aee5b212e6c82e1ee1a33736675ccf9afa Mon Sep 17 00:00:00 2001 From: Philip Prindeville Date: Mon, 19 Jun 2023 19:29:17 -0600 Subject: [PATCH 25/90] isc-dhcp: don't require subnet pools Signed-off-by: Philip Prindeville --- net/isc-dhcp/Makefile | 2 +- net/isc-dhcp/files/dhcpd.init | 13 +++++++++---- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/net/isc-dhcp/Makefile b/net/isc-dhcp/Makefile index 981063dae..d35609e38 100644 --- a/net/isc-dhcp/Makefile +++ b/net/isc-dhcp/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=isc-dhcp UPSTREAM_NAME:=dhcp PKG_VERSION:=4.4.3-P1 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE diff --git a/net/isc-dhcp/files/dhcpd.init b/net/isc-dhcp/files/dhcpd.init index 8aa30cd27..fd036c6ea 100755 --- a/net/isc-dhcp/files/dhcpd.init +++ b/net/isc-dhcp/files/dhcpd.init @@ -369,7 +369,9 @@ gen_dhcp_subnet() { local cfg="$1" echo "subnet $NETWORK netmask $NETMASK {" - echo " range $START $END;" + if [ -n "$START" ] && [ -n "$END" ]; then + echo " range $START $END;" + fi echo " option subnet-mask $netmask;" if [ "$BROADCAST" != "0.0.0.0" ] ; then echo " option broadcast-address $BROADCAST;" @@ -408,10 +410,13 @@ dhcpd_add() { [ -n "$net" ] || return 0 config_get start "$cfg" "start" - [ -n "$start" ] || return 0 - config_get limit "$cfg" "limit" - [ -n "$limit" ] || return 0 + + case "$start:$limit" in + ":*"|"*:") + echo "dhcpd: start/limit must be used together in $cfg" >&2 + return 0 + esac network_get_subnet subnet "$net" || return 0 network_get_device ifname "$net" || return 0 From a31640ac7cfab78c75808e22fc7fc2da48bd8e7f Mon Sep 17 00:00:00 2001 From: Stan Grishin Date: Tue, 20 Jun 2023 02:02:45 +0000 Subject: [PATCH 26/90] https-dns-proxy: update to 2023-05-25-2 bugfix: proper mdns object creation bugfix: prevent fw errors by allowing custom interfaces in config Signed-off-by: Stan Grishin --- net/https-dns-proxy/Makefile | 2 +- .../files/https-dns-proxy.init | 65 ++++++++++--------- 2 files changed, 37 insertions(+), 30 deletions(-) diff --git a/net/https-dns-proxy/Makefile b/net/https-dns-proxy/Makefile index af172e4af..ce7d70eeb 100644 --- a/net/https-dns-proxy/Makefile +++ b/net/https-dns-proxy/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=https-dns-proxy PKG_VERSION:=2023-05-25 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/aarond10/https_dns_proxy/ diff --git a/net/https-dns-proxy/files/https-dns-proxy.init b/net/https-dns-proxy/files/https-dns-proxy.init index 1495592e0..d63dad9c5 100755 --- a/net/https-dns-proxy/files/https-dns-proxy.init +++ b/net/https-dns-proxy/files/https-dns-proxy.init @@ -133,7 +133,7 @@ boot() { } start_instance() { - local cfg="$1" param listen_addr listen_port ipv6_resolvers_only p url + local cfg="$1" param listen_addr listen_port ipv6_resolvers_only p url iface config_get url "$cfg" 'resolver_url' config_get_bool ipv6_resolvers_only "$cfg" 'use_ipv6_resolvers_only' '0' @@ -158,32 +158,36 @@ start_instance() { procd_set_param stdout 1 procd_set_param respawn procd_open_data - procd_add_mdns_service "$packageName" 'udp' "$port" "DNS over HTTPS proxy" + json_add_object mdns + procd_add_mdns_service "$packageName" 'udp' "$port" "DNS over HTTPS proxy" + json_close_object json_add_string url "$url" if [ "$force_dns" -ne 0 ]; then json_add_array firewall - for p in $force_dns_port; do - if netstat -tuln | grep 'LISTEN' | grep ":${p}" >/dev/null 2>&1 || [ "$p" = '53' ]; then - json_add_object '' - json_add_string type redirect - json_add_string target DNAT - json_add_string src lan - json_add_string proto 'tcp udp' - json_add_string src_dport "$p" - json_add_string dest_port "$p" - json_add_string family any - json_add_boolean reflection 0 - json_close_object - else - json_add_object '' - json_add_string type rule - json_add_string src lan - json_add_string dest '*' - json_add_string proto 'tcp udp' - json_add_string dest_port "$p" - json_add_string target REJECT - json_close_object - fi + for iface in $procd_fw_src_interfaces; do + for p in $force_dns_port; do + if netstat -tuln | grep 'LISTEN' | grep ":${p}" >/dev/null 2>&1 || [ "$p" = '53' ]; then + json_add_object '' + json_add_string type redirect + json_add_string target DNAT + json_add_string src "$iface" + json_add_string proto 'tcp udp' + json_add_string src_dport "$p" + json_add_string dest_port "$p" + json_add_string family any + json_add_boolean reflection 0 + json_close_object + else + json_add_object '' + json_add_string type rule + json_add_string src "$iface" + json_add_string dest '*' + json_add_string proto 'tcp udp' + json_add_string dest_port "$p" + json_add_string target REJECT + json_close_object + fi + done done json_close_array fi @@ -216,14 +220,17 @@ start_instance() { start_service() { local canaryDomains canary_domains_icloud canary_domains_mozilla local dnsmasq_config_update force_dns force_dns_port + local procd_fw_src_interfaces + local port=5053 output "Starting $serviceName " config_load "$packageName" - config_get dnsmasq_config_update 'config' 'dnsmasq_config_update' '*' - config_get_bool canary_domains_icloud 'config' 'canary_domains_icloud' '1' - config_get_bool canary_domains_mozilla 'config' 'canary_domains_mozilla' '1' - config_get_bool force_dns 'config' 'force_dns' '1' - config_get force_dns_port 'config' 'force_dns_port' '53 853' + config_get_bool canary_domains_icloud 'config' 'canary_domains_icloud' '1' + config_get_bool canary_domains_mozilla 'config' 'canary_domains_mozilla' '1' + config_get_bool force_dns 'config' 'force_dns' '1' + config_get dnsmasq_config_update 'config' 'dnsmasq_config_update' '*' + config_get force_dns_port 'config' 'force_dns_port' '53 853' + config_get procd_fw_src_interfaces 'config' 'procd_fw_src_interfaces' 'lan' if [ "$canary_domains_icloud" -ne 0 ]; then canaryDomains="${canaryDomains:+$canaryDomains }${canaryDomainsiCloud}" fi From 6bd71dac0cb7711777feaf04d1156d2e0eb9e1bd Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Fri, 9 Jun 2023 12:41:13 +0800 Subject: [PATCH 27/90] selinux-python: Update to 3.5, reorganize package * Added packages: * python3-seobject Contains the seobject.py library file which was previously included in selinux-semanage * selinux-sepolicy Contains the sepolicy and sepolgen tools which were previously included in python3-sepolicy * selinux-sepolgen-ifgen Contains the sepolgen-ifgen tool which was previously included in selinux-audit2allow * selinux-python A meta-package to install all tools * Change the python3-sepolgen data_dir from /usr/share/sepolgen to /etc/sepolgen (updated 0001-sepolgen-adjust-data_dir.patch), and add the directory to conffiles By default, the sepolgen-ifgen tool writes to a file named "interface_info" in the data directory, to be read by the audit2allow tool. The header comment in the perm_map file also suggests that the file is customizable. The best place for these files would be in /var/lib, but /etc is more appropriate than /usr. * Remove gui files from python3-sepolicy (0003-sepolicy-no-gui.patch) * Fix ModuleNotFoundError raised by sepolicy (0004-sepolicy-fix-get_os_version-except.patch) Patch has been submitted upstream: https://lore.kernel.org/selinux/20230619063217.3165462-1-jeffery.to@gmail.com/ * Update package titles, descriptions, and dependencies * Use Py3Package to build Python bytecode and source packages Signed-off-by: Jeffery To --- utils/selinux-python/Makefile | 201 ++++++++++++++---- .../0001-sepolgen-adjust-data_dir.patch | 4 +- .../patches/0003-sepolicy-no-gui.patch | 23 ++ ...4-sepolicy-fix-get_os_version-except.patch | 39 ++++ .../patches/0005-no-translations.patch | 8 + 5 files changed, 235 insertions(+), 40 deletions(-) create mode 100644 utils/selinux-python/patches/0003-sepolicy-no-gui.patch create mode 100644 utils/selinux-python/patches/0004-sepolicy-fix-get_os_version-except.patch create mode 100644 utils/selinux-python/patches/0005-no-translations.patch diff --git a/utils/selinux-python/Makefile b/utils/selinux-python/Makefile index 20d6b1106..ababbae95 100644 --- a/utils/selinux-python/Makefile +++ b/utils/selinux-python/Makefile @@ -6,18 +6,20 @@ include $(TOPDIR)/rules.mk PKG_NAME:=selinux-python -PKG_VERSION:=3.2 -PKG_RELEASE:=3 +PKG_VERSION:=3.5 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION) -PKG_HASH:=770855ea8120ef23007fdb9db94b1ed6e8cd77917b584ed8877bbee9c16e74fb +PKG_HASH:=8245bb4dae59333461f19ca0c79a829081f07972fa5e3ad4c2b2b917dd71d96b PKG_MAINTAINER:=Thomas Petazzoni PKG_LICENSE:=GPL-2.0-only -PKG_LICENSE_FILES:=COPYING -PYTHON3_PKG_BUILD:=0 +PKG_LICENSE_FILES:=LICENSE + +PKG_BUILD_PARALLEL:=1 PKG_INSTALL:=1 +PYTHON3_PKG_BUILD:=0 include $(INCLUDE_DIR)/package.mk include ../../lang/python/python3-package.mk @@ -28,7 +30,7 @@ include ../../lang/python/python3-package.mk define Package/selinux-python/Default URL:=http://selinuxproject.org/page/Main_Page - DEPENDS:=+python3 + DEPENDS:=+python3-light endef define Package/selinux-python/Default/python @@ -36,48 +38,78 @@ $(call Package/selinux-python/Default) SUBMENU:=Python SECTION:=lang CATEGORY:=Languages - DEPENDS:= endef define Package/selinux-python/Default/util $(call Package/selinux-python/Default) SECTION:=utils CATEGORY:=Utilities + TITLE:=SELinux management utility endef define Package/selinux-python/Default/description - A set of SELinux tools written in python that help with - managing a system with SELinux enabled. +A set of SELinux tools written in Python that help with managing a +system with SELinux enabled. endef MAKE_VARS = \ - PYTHON=$(HOST_PYTHON3_BIN) \ - PYTHONLIBDIR=$(PYTHON3_PKG_DIR) \ - $(PYTHON3_VARS) + $(PYTHON3_VARS) \ + $(HOST_PYTHON3_PIP_VARS) \ + PYTHON_SETUP_ARGS=--no-compile define Build/Compile $(call Build/Compile/Default,all) endef +# +# python3-seobject +# + +define Package/python3-seobject +$(call Package/selinux-python/Default/python) + TITLE:=SELinux seobject library + DEPENDS+= +python3-selinux +python3-semanage +python3-sepolicy +python3-setools +endef + +define Package/python3-seobject/description +$(call Package/selinux-python/Default/description) + +This package contains the seobject library. +endef + +define Py3Package/python3-seobject/filespec ++|$(PYTHON3_PKG_DIR)/seobject.py +endef + +Py3Package/python3-seobject/install:=: + # # python3-sepolgen # define Package/python3-sepolgen $(call Package/selinux-python/Default/python) - TITLE:=python3-sepolgen + TITLE:=SELinux policy generation library + DEPENDS+= +python3-selinux endef define Package/python3-sepolgen/description $(call Package/selinux-python/Default/description) - This package contains the sepolgen Python library. + +This package contains the SELinux policy generation Python library. endef -define Package/python3-sepolgen/install - $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/sepolgen DESTDIR=$(1) install - $(INSTALL_DIR) $(1)/usr/share/sepolgen/ - $(INSTALL_DATA) $(1)/var/lib/sepolgen/perm_map $(1)/usr/share/sepolgen/perm_map - $(RM) -rf $(1)/var +define Package/python3-sepolgen/conffiles +/etc/sepolgen/ +endef + +define Py3Package/python3-sepolgen/filespec ++|$(PYTHON3_PKG_DIR)/sepolgen +endef + +define Py3Package/python3-sepolgen/install + $(INSTALL_DIR) $(1)/etc/sepolgen + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/var/lib/sepolgen/perm_map $(1)/etc/sepolgen/ endef # @@ -86,37 +118,45 @@ endef define Package/python3-sepolicy $(call Package/selinux-python/Default/python) - TITLE:=python3-sepolicy + TITLE:=SELinux Policy Analyses binding + DEPENDS+= +python3-selinux +python3-sepolgen +python3-xml +python3-setools endef define Package/python3-sepolicy/description $(call Package/selinux-python/Default/description) - This package contains the sepolicy Python library. + +This package contains a Python binding for SELinux Policy Analyses. endef -define Package/python3-sepolicy/install - $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/sepolicy DESTDIR=$(1) install - rm -rf $(1)/usr/share +define Py3Package/python3-sepolicy/filespec ++|$(PYTHON3_PKG_DIR)/sepolicy +-|$(PYTHON3_PKG_DIR)/sepolicy/gui.py +-|$(PYTHON3_PKG_DIR)/sepolicy/sedbus.py ++|$(PYTHON3_PKG_DIR)/sepolicy-$(PKG_VERSION).dist-info endef +Py3Package/python3-sepolicy/install:=: + # # selinux-audit2allow # define Package/selinux-audit2allow $(call Package/selinux-python/Default/util) - TITLE:=selinux-audit2allow - DEPENDS+= +python3-selinux +python3-sepolgen +libselinux +libsepol + TITLE+= audit2allow + DEPENDS+= +python3-selinux +python3-sepolgen endef define Package/selinux-audit2allow/description $(call Package/selinux-python/Default/description) - This package contains the audit2allow and audit2why tools. + +This package contains the audit2allow and audit2why tools. endef define Package/selinux-audit2allow/install - $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/audit2allow DESTDIR=$(1) install - rm -rf $(1)/usr/share/man + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/audit2allow $(1)/usr/bin/ + $(LN) audit2allow $(1)/usr/bin/audit2why endef # @@ -125,42 +165,125 @@ endef define Package/selinux-chcat $(call Package/selinux-python/Default/util) - TITLE:=selinux-chcat - DEPENDS+= +python3-selinux + TITLE+= chcat + DEPENDS+= +python3-selinux +python3-seobject +selinux-semanage endef define Package/selinux-chcat/description $(call Package/selinux-python/Default/description) - This package contains the chcat tool. + +This package contains the chcat tool. endef define Package/selinux-chcat/install - $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/chcat DESTDIR=$(1) install - rm -rf $(1)/usr/share + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/chcat $(1)/usr/bin/ endef +# +# selinux-python +# + +define Package/selinux-python +$(call Package/selinux-python/Default/util) + TITLE+= meta-package + DEPENDS:= \ + +selinux-audit2allow \ + +selinux-chcat \ + +selinux-semanage \ + +selinux-sepolgen-ifgen \ + +selinux-sepolicy +endef + +define Package/selinux-python/description +$(call Package/selinux-python/Default/description) + +This is a meta-package that installs all of the SELinux management +utilities. +endef + +Package/selinux-python/install:=: + # # selinux-semanage # define Package/selinux-semanage $(call Package/selinux-python/Default/util) - TITLE:=selinux-semanage - DEPENDS+= +python3-selinux +python3-sepolicy +python3-semanage +setools + TITLE+= semanage + DEPENDS+= +python3-seobject endef define Package/selinux-semanage/description $(call Package/selinux-python/Default/description) - This package contains the semanage tool. + +This package contains the semanage tool. endef define Package/selinux-semanage/install - $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/semanage DESTDIR=$(1) install - rm -rf $(1)/usr/share + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/semanage $(1)/usr/sbin/ endef +# +# selinux-sepolgen-ifgen +# + +define Package/selinux-sepolgen-ifgen +$(call Package/selinux-python/Default/util) + TITLE+= sepolgen-ifgen + DEPENDS+= +python3-selinux +python3-sepolgen +libselinux +endef + +define Package/selinux-sepolgen-iften/description +$(call Package/selinux-python/Default/description) + +This package contains the sepolgen-ifgen tool. +endef + +define Package/selinux-sepolgen-ifgen/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sepolgen-ifgen $(1)/usr/bin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sepolgen-ifgen-attr-helper $(1)/usr/bin/ +endef + +# +# selinux-sepolicy +# + +define Package/selinux-sepolicy +$(call Package/selinux-python/Default/util) + TITLE+= sepolicy + DEPENDS+= +python3-multiprocessing +python3-selinux +python3-sepolicy +endef + +define Package/selinux-sepolicy/description +$(call Package/selinux-python/Default/description) + +This package contains the sepolicy and sepolgen tools. +endef + +define Package/selinux-sepolicy/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sepolicy $(1)/usr/bin/ + $(LN) sepolicy $(1)/usr/bin/sepolgen +endef + +$(eval $(call Py3Package,python3-seobject)) +$(eval $(call Py3Package,python3-sepolgen)) +$(eval $(call Py3Package,python3-sepolicy)) + +$(eval $(call BuildPackage,python3-seobject)) $(eval $(call BuildPackage,python3-sepolgen)) $(eval $(call BuildPackage,python3-sepolicy)) + +$(eval $(call BuildPackage,python3-seobject-src)) +$(eval $(call BuildPackage,python3-sepolgen-src)) +$(eval $(call BuildPackage,python3-sepolicy-src)) + $(eval $(call BuildPackage,selinux-audit2allow)) $(eval $(call BuildPackage,selinux-chcat)) +$(eval $(call BuildPackage,selinux-python)) $(eval $(call BuildPackage,selinux-semanage)) +$(eval $(call BuildPackage,selinux-sepolgen-ifgen)) +$(eval $(call BuildPackage,selinux-sepolicy)) diff --git a/utils/selinux-python/patches/0001-sepolgen-adjust-data_dir.patch b/utils/selinux-python/patches/0001-sepolgen-adjust-data_dir.patch index 2589f2f99..5b866f199 100644 --- a/utils/selinux-python/patches/0001-sepolgen-adjust-data_dir.patch +++ b/utils/selinux-python/patches/0001-sepolgen-adjust-data_dir.patch @@ -4,6 +4,8 @@ Date: Wed, 2 Oct 2019 12:04:24 +0200 Subject: [PATCH] sepolgen: adjust data_dir() Signed-off-by: Thomas Petazzoni +(changed data_dir prefix from /usr/share to /etc) +Signed-off-by: Jeffery To --- sepolgen/src/sepolgen/defaults.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) @@ -15,7 +17,7 @@ Signed-off-by: Thomas Petazzoni def data_dir(): - return "/var/lib/sepolgen" -+ return "/usr/share/sepolgen" ++ return "/etc/sepolgen" def perm_map(): return data_dir() + "/perm_map" diff --git a/utils/selinux-python/patches/0003-sepolicy-no-gui.patch b/utils/selinux-python/patches/0003-sepolicy-no-gui.patch new file mode 100644 index 000000000..a822d4c5f --- /dev/null +++ b/utils/selinux-python/patches/0003-sepolicy-no-gui.patch @@ -0,0 +1,23 @@ +--- a/sepolicy/sepolicy.py ++++ b/sepolicy/sepolicy.py +@@ -685,7 +685,6 @@ if __name__ == '__main__': + gen_booleans_args(subparsers) + gen_communicate_args(subparsers) + gen_generate_args(subparsers) +- gen_gui_args(subparsers) + gen_interface_args(subparsers) + gen_manpage_args(subparsers) + gen_network_args(subparsers) +--- a/sepolicy/setup.py ++++ b/sepolicy/setup.py +@@ -13,10 +13,5 @@ setup( + packages=[ + "sepolicy", + "sepolicy.templates", +- "sepolicy.help" + ], +- package_data={ +- 'sepolicy': ['*.glade'], +- 'sepolicy.help': ['*.txt', '*.png'] +- } + ) diff --git a/utils/selinux-python/patches/0004-sepolicy-fix-get_os_version-except.patch b/utils/selinux-python/patches/0004-sepolicy-fix-get_os_version-except.patch new file mode 100644 index 000000000..f035846d5 --- /dev/null +++ b/utils/selinux-python/patches/0004-sepolicy-fix-get_os_version-except.patch @@ -0,0 +1,39 @@ +commit 80ba6c49dec9c2c48775e70a4d4564ba5e59eea1 +Author: Jeffery To +Date: Mon Jun 19 14:15:45 2023 +0800 + + python/sepolicy: Fix get_os_version except clause + + This adds more exceptions to be handled by the except clause in + `get_os_version()`: + + * If the `distro` package is not installed, then `import distro` raises + a `ModuleNotFoundError` exception. + + * The distro documentation[1] lists `OSError` and `UnicodeError` as + exceptions that can be raised. + + * Older versions of distro (<= 1.6.0) may also raise + `subprocessCalledProcessError`[2]. + + [1]: https://github.com/python-distro/distro/blob/v1.8.0/src/distro/distro.py#L749-L753 + [2]: https://github.com/python-distro/distro/blob/v1.6.0/distro.py#L726-L728 + + Signed-off-by: Jeffery To + +--- a/sepolicy/sepolicy/__init__.py ++++ b/sepolicy/sepolicy/__init__.py +@@ -1240,11 +1240,12 @@ def boolean_desc(boolean): + + + def get_os_version(): ++ import subprocess + system_release = "" + try: + import distro + system_release = distro.name(pretty=True) +- except IOError: ++ except (ModuleNotFoundError, OSError, IOError, UnicodeError, subprocess.CalledProcessError): + system_release = "Misc" + + return system_release diff --git a/utils/selinux-python/patches/0005-no-translations.patch b/utils/selinux-python/patches/0005-no-translations.patch new file mode 100644 index 000000000..9b1cb8cfe --- /dev/null +++ b/utils/selinux-python/patches/0005-no-translations.patch @@ -0,0 +1,8 @@ +--- a/Makefile ++++ b/Makefile +@@ -1,4 +1,4 @@ +-SUBDIRS = sepolicy audit2allow semanage sepolgen chcat po ++SUBDIRS = sepolicy audit2allow semanage sepolgen chcat + + all install relabel clean indent test: + @for subdir in $(SUBDIRS); do \ From aa4085a13f224e8bf5917aace318ae21b49adf2a Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Fri, 9 Jun 2023 20:27:58 +0800 Subject: [PATCH 28/90] semodule-utils: Update to 3.5, reorganize package * Add separate packages for each tool (semodule-*) * Update the semodule-utils package as a meta-package that installs all tools, keeping it functionally the same as the current semodule-utils package * Remove host build (not used by any other package) * Update package titles, descriptions, and license files Signed-off-by: Jeffery To --- utils/semodule-utils/Makefile | 64 +++++++++++++++++++++++++---------- 1 file changed, 47 insertions(+), 17 deletions(-) diff --git a/utils/semodule-utils/Makefile b/utils/semodule-utils/Makefile index 99ccf4d51..bfd94baac 100644 --- a/utils/semodule-utils/Makefile +++ b/utils/semodule-utils/Makefile @@ -6,46 +6,76 @@ include $(TOPDIR)/rules.mk PKG_NAME:=semodule-utils -PKG_VERSION:=3.3 +PKG_VERSION:=3.5 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION) -PKG_HASH:=3098ec5e5f04a1dbbf4aa569b63a4570750a9fe0d4da14ce45954aa300a17063 +PKG_HASH:=c9a550a737051ebaf2c102f665c7ec2f85e7232870980aa0067998459b414283 PKG_MAINTAINER:=W. Michael Petullo PKG_LICENSE:=GPL-2.0-only -PKG_LICENSE_FILES:=COPYING +PKG_LICENSE_FILES:=LICENSE PKG_INSTALL:=1 PKG_BUILD_PARALLEL:=1 -HOST_BUILD_DEPENDS:=libsemanage/host include $(INCLUDE_DIR)/package.mk -include $(INCLUDE_DIR)/host-build.mk -define Package/semodule-utils +define Package/semodule-utils/Default SECTION:=utils CATEGORY:=Utilities DEPENDS:=+libsepol - TITLE:=SELinux policy utilities for dealing with modules + TITLE:=SELinux policy module utility URL:=http://selinuxproject.org/page/Main_Page endef +define Package/semodule-utils/Default/description +semodule-utils is a collection of utilities for dealing with policy +modules. +endef + +define Package/semodule-utils +$(call Package/semodule-utils/Default) + TITLE+= meta-package + DEPENDS:= \ + semodule-expand \ + semodule-link \ + semodule-package \ + semodule-unpackage +endef + define Package/semodule-utils/description - Semodule-utils is a collection of utilities for dealing with - policy modules. +$(call Package/semodule-utils/Default/description) + +This is a meta-package that installs all of the semodule-utils tools. endef -HOST_MAKE_FLAGS += \ - PREFIX=$(STAGING_DIR_HOSTPKG) \ - SBINDIR=$(STAGING_DIR_HOSTPKG)/sbin \ - ETCDIR=$(STAGING_DIR_HOSTPKG)/etc +Package/semodule-utils/install:=: -define Package/semodule-utils/install - $(INSTALL_DIR) $(1)/usr/bin - $(CP) $(PKG_INSTALL_DIR)/usr/bin/* $(1)/usr/bin/ +define BuildUtil + define Package/semodule-$(1) + $(call Package/semodule-utils/Default) + TITLE+= semodule_$(1) + endef + + define Package/semodule-$(1)/description +$(call Package/semodule-utils/Default/description) + +This contains the semodule_$(1) tool. + endef + + define Package/semodule-$(1)/install + $$(INSTALL_DIR) $$(1)/usr/bin + $$(INSTALL_BIN) $$(PKG_INSTALL_DIR)/usr/bin/semodule_$(1) $$(1)/usr/bin/ + endef + + $$(eval $$(call BuildPackage,semodule-$(1))) endef -$(eval $(call HostBuild)) $(eval $(call BuildPackage,semodule-utils)) + +$(eval $(call BuildUtil,expand)) +$(eval $(call BuildUtil,link)) +$(eval $(call BuildUtil,package)) +$(eval $(call BuildUtil,unpackage)) From c912e2bcedfcfb50c1ee02d0fa120f0b0025ac2c Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Tue, 20 Jun 2023 13:11:04 +0800 Subject: [PATCH 29/90] xray-core: update to 1.8.3 Signed-off-by: Tianling Shen --- net/xray-core/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/xray-core/Makefile b/net/xray-core/Makefile index 45a114120..a34aa0f1c 100644 --- a/net/xray-core/Makefile +++ b/net/xray-core/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=xray-core -PKG_VERSION:=1.8.1 +PKG_VERSION:=1.8.3 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/XTLS/Xray-core/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=477ad92b80700b4742e59ad7848ca4726201841a57339e4c1bf9012e395622e2 +PKG_HASH:=bdfa65c15cd25f931745d9c70c753503db5d119ff11960ca7b3a2e19c4b0a8d1 PKG_MAINTAINER:=Tianling Shen PKG_LICENSE:=MPL-2.0 From e4a22284cb5ddbcaccdea1ad850a573f9d783026 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Tue, 20 Jun 2023 13:11:16 +0800 Subject: [PATCH 30/90] v2ray-geodata: Update to latest version Signed-off-by: Tianling Shen --- net/v2ray-geodata/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/v2ray-geodata/Makefile b/net/v2ray-geodata/Makefile index 7e83c3663..1224c037c 100644 --- a/net/v2ray-geodata/Makefile +++ b/net/v2ray-geodata/Makefile @@ -12,22 +12,22 @@ PKG_MAINTAINER:=Tianling Shen include $(INCLUDE_DIR)/package.mk -GEOIP_VER:=202306010100 +GEOIP_VER:=202306150049 GEOIP_FILE:=geoip.dat.$(GEOIP_VER) define Download/geoip URL:=https://github.com/v2fly/geoip/releases/download/$(GEOIP_VER)/ URL_FILE:=geoip.dat FILE:=$(GEOIP_FILE) - HASH:=033864e77e40f8b9c1a5254bf85881515c51340d3d11e142a4e01594eb151914 + HASH:=811085edc67057690c783e735182db32e5a4b446ee5f6d70ef9e12960ce910da endef -GEOSITE_VER:=20230601044045 +GEOSITE_VER:=20230620033122 GEOSITE_FILE:=dlc.dat.$(GEOSITE_VER) define Download/geosite URL:=https://github.com/v2fly/domain-list-community/releases/download/$(GEOSITE_VER)/ URL_FILE:=dlc.dat FILE:=$(GEOSITE_FILE) - HASH:=d20bcd23c185dd3102a2106ad5370bc615cfb33d9a818daaadefe7a2068fb9ef + HASH:=caecb282d72bf6bfc7977257cadd436e59cb7eea8f6aabb0eae656ae4bf57d76 endef define Package/v2ray-geodata/template From 00a93081120fe752bbe276b3b289112ce48436a8 Mon Sep 17 00:00:00 2001 From: Scott K Logan Date: Tue, 23 May 2023 13:14:13 -0700 Subject: [PATCH 31/90] openelp: Add new package OpenELP is an open source EchoLink proxy for Linux and Windows. It aims to be efficient and maintain a small footprint, while still implementing all of the features present in the official EchoLink proxy. Signed-off-by: Scott K Logan --- net/openelp/Makefile | 73 ++++++++++++++++++++++++++++++++++ net/openelp/files/openelp.init | 30 ++++++++++++++ net/openelp/test.sh | 7 ++++ 3 files changed, 110 insertions(+) create mode 100644 net/openelp/Makefile create mode 100755 net/openelp/files/openelp.init create mode 100644 net/openelp/test.sh diff --git a/net/openelp/Makefile b/net/openelp/Makefile new file mode 100644 index 000000000..e2822df9d --- /dev/null +++ b/net/openelp/Makefile @@ -0,0 +1,73 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=openelp +PKG_VERSION:=0.9.2 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://codeload.github.com/cottsay/openelp/tar.gz/v$(PKG_VERSION)? +PKG_HASH:=1427a2fe6f22856a66b9c687d7f14b7915abeeed64951ae596084f9366ec4256 + +PKG_MAINTAINER:=Scott K Logan +PKG_LICENSE:=BSD-3-Clause +PKG_LICENSE_FILES:=LICENSE + +CMAKE_INSTALL:=1 + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/cmake.mk + +define Package/libopenelp + SECTION:=libs + CATEGORY:=Libraries + TITLE:=Open Source EchoLink Proxy Library + URL:=https://github.com/cottsay/openelp + DEPENDS:=+libpcre2 + ABI_VERSION:=0 +endef + +define Package/openelp + SECTION:=net + CATEGORY:=Network + TITLE:=Open Source EchoLink Proxy + URL:=https://github.com/cottsay/openelp + DEPENDS:=+libopenelp +endef + +define Package/libopenelp/description + Library backing OpenELP - an open source EchoLink proxy. +endef + +define Package/openelp/description + OpenELP is an open source EchoLink proxy for Linux and Windows. It aims + to be efficient and maintain a small footprint, while still implementing + all of the features present in the official EchoLink proxy. + + OpenELP also has the ability to bind to multiple network interfaces + which are routed to unique external IP addresses, and therefore is + capable of accepting connections from multiple clients simultaneously. +endef + +CMAKE_OPTIONS += \ + -DSYSCONF_INSTALL_DIR=/etc + +define Package/openelp/conffiles +/etc/ELProxy.conf +endef + +define Package/libopenelp/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libopenelp.so.* $(1)/usr/lib/ +endef + +define Package/openelp/install + $(INSTALL_DIR) $(1)/etc + $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/ELProxy.conf $(1)/etc/ + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openelpd $(1)/usr/bin/ + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/openelp.init $(1)/etc/init.d/openelp +endef + +$(eval $(call BuildPackage,libopenelp)) +$(eval $(call BuildPackage,openelp)) diff --git a/net/openelp/files/openelp.init b/net/openelp/files/openelp.init new file mode 100755 index 000000000..a6640eb5c --- /dev/null +++ b/net/openelp/files/openelp.init @@ -0,0 +1,30 @@ +#!/bin/sh /etc/rc.common + +START=90 +STOP=10 + +USE_PROCD=1 + +NAME="openelp" +PROG="/usr/bin/openelpd" +CONFFILE="/etc/ELProxy.conf" + +extra_command "close" "Close the proxy to new connections" +extra_command "version" "Show version information" + +start_service() { + procd_open_instance + procd_set_param command "$PROG" + procd_append_param command -F -q -S "$CONFFILE" + procd_set_param stderr 1 + procd_set_param file "$CONFFILE" + procd_close_instance +} + +close() { + procd_send_signal openelp '*' USR1 +} + +version() { + "$PROG" -V +} diff --git a/net/openelp/test.sh b/net/openelp/test.sh new file mode 100644 index 000000000..fe9d27eeb --- /dev/null +++ b/net/openelp/test.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +case "$1" in + "openelp") + openelpd -V | grep "$2" + ;; +esac From 9536d28384d0d924e8b03ce42dbc2d61ce4174d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nuno=20Gon=C3=A7alves?= Date: Sun, 28 May 2023 22:06:35 +0100 Subject: [PATCH 32/90] gl-mifi-mcu: make compatible with newer kernel (fix #21198) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Nuno Gonçalves --- utils/gl-mifi-mcu/Makefile | 2 +- utils/gl-mifi-mcu/src/module.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/utils/gl-mifi-mcu/Makefile b/utils/gl-mifi-mcu/Makefile index 08183d91e..dd47e2d55 100755 --- a/utils/gl-mifi-mcu/Makefile +++ b/utils/gl-mifi-mcu/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=gl-mifi-mcu -PKG_VERSION:=1 +PKG_VERSION:=2 PKG_RELEASE:=1 PKG_MAINTAINER:=Nuno Goncalves diff --git a/utils/gl-mifi-mcu/src/module.c b/utils/gl-mifi-mcu/src/module.c index 98fc7fab8..b73016ee8 100755 --- a/utils/gl-mifi-mcu/src/module.c +++ b/utils/gl-mifi-mcu/src/module.c @@ -54,13 +54,13 @@ static const struct file_operations hello_proc_ops = { }; #endif -static irq_handler_t handle_rx_start(unsigned int irq, void* device, struct pt_regs* registers) +static irqreturn_t handle_rx_start(int irq, void* device) { if (rx_bit_index == -1) { hrtimer_start(&timer_rx, ktime_set(0, period / 2), HRTIMER_MODE_REL); } - return (irq_handler_t) IRQ_HANDLED; + return IRQ_HANDLED; } static enum hrtimer_restart handle_tx(struct hrtimer* timer) @@ -178,7 +178,7 @@ static int __init gl_mifi_mcu_init(void) success &= request_irq( gpio_to_irq(gpio_rx), - (irq_handler_t) handle_rx_start, + handle_rx_start, IRQF_TRIGGER_FALLING, "gl_mifi_mcu_irq_handler", NULL) == 0; From 5cf30460555ba0687bbd61769c30edfb43e39949 Mon Sep 17 00:00:00 2001 From: Quintin Hill Date: Tue, 20 Jun 2023 22:39:58 +0100 Subject: [PATCH 33/90] python-ble2mqtt: fix installation of python program This was broken when the init script was added in 408502ee0. Signed-off-by: Quintin Hill --- lang/python/python-ble2mqtt/Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lang/python/python-ble2mqtt/Makefile b/lang/python/python-ble2mqtt/Makefile index 851684688..8e78d36ee 100644 --- a/lang/python/python-ble2mqtt/Makefile +++ b/lang/python/python-ble2mqtt/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-ble2mqtt PKG_VERSION:=0.1.7 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PYPI_NAME:=ble2mqtt PKG_HASH:=c57d6823f1133ce0b5e0e3d9f7d2b3fd58d2ad64c0cc86cb3fa180b178999fa6 @@ -38,6 +38,8 @@ endef define Py3Package/python3-ble2mqtt/install $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_BIN) ./files/ble2mqtt.init $(1)/etc/init.d/ble2mqtt + $(INSTALL_DIR) $(1)/usr/bin + $(CP) $(PKG_INSTALL_DIR)/usr/bin/* $(1)/usr/bin/ endef $(eval $(call Py3Package,python3-ble2mqtt)) From 286d1d11ae451e9e90897aacd7ae20ec76e2cab5 Mon Sep 17 00:00:00 2001 From: Hirokazu MORIKAWA Date: Wed, 21 Jun 2023 11:27:48 +0900 Subject: [PATCH 34/90] node: June 20 2023 Security Releases Update to v18.16.1 The following CVEs are fixed in this release: * CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High) * CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium) * CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium) * CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium) * CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium) * OpenSSL Security Releases (Depends on shared library provided by OpenWrt) * OpenSSL security advisory 28th March. * OpenSSL security advisory 20th April. * OpenSSL security advisory 30th May * c-ares vulnerabilities: (Depends on shared library provided by OpenWrt) * GHSA-9g78-jv2r-p7vc * GHSA-8r8p-23f3-64c2 * GHSA-54xr-f67r-4pc4 * GHSA-x6mf-cxr9-8q6v Signed-off-by: Hirokazu MORIKAWA --- lang/node/Makefile | 4 ++-- lang/node/patches/003-path.patch | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lang/node/Makefile b/lang/node/Makefile index a0cf9f928..f924d1c78 100644 --- a/lang/node/Makefile +++ b/lang/node/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=node -PKG_VERSION:=v18.16.0 +PKG_VERSION:=v18.16.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://nodejs.org/dist/$(PKG_VERSION) -PKG_HASH:=33d81a233e235a509adda4a4f2209008d04591979de6b3f0f67c1c906093f118 +PKG_HASH:=e8404f8c8d89fdfdf7e95bbbc6066bd0e571acba58f54492599b615fbeefe272 PKG_MAINTAINER:=Hirokazu MORIKAWA , Adrian Panella PKG_LICENSE:=MIT diff --git a/lang/node/patches/003-path.patch b/lang/node/patches/003-path.patch index a1103be0d..8e390d88c 100644 --- a/lang/node/patches/003-path.patch +++ b/lang/node/patches/003-path.patch @@ -1,6 +1,6 @@ --- a/lib/internal/modules/cjs/loader.js +++ b/lib/internal/modules/cjs/loader.js -@@ -1389,7 +1389,8 @@ Module._initPaths = function() { +@@ -1391,7 +1391,8 @@ Module._initPaths = function() { path.resolve(process.execPath, '..') : path.resolve(process.execPath, '..', '..'); From e95955f40b3731fa8df8bcc9b8b81218baa2b449 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nuno=20Gon=C3=A7alves?= Date: Tue, 20 Jun 2023 17:49:40 +0100 Subject: [PATCH 35/90] gl-mifi-mcu: remove package as it is device specific and I can't test it anymore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Nuno Gonçalves --- utils/gl-mifi-mcu/Makefile | 36 ------ utils/gl-mifi-mcu/src/Makefile | 4 - utils/gl-mifi-mcu/src/module.c | 210 --------------------------------- 3 files changed, 250 deletions(-) delete mode 100755 utils/gl-mifi-mcu/Makefile delete mode 100755 utils/gl-mifi-mcu/src/Makefile delete mode 100755 utils/gl-mifi-mcu/src/module.c diff --git a/utils/gl-mifi-mcu/Makefile b/utils/gl-mifi-mcu/Makefile deleted file mode 100755 index dd47e2d55..000000000 --- a/utils/gl-mifi-mcu/Makefile +++ /dev/null @@ -1,36 +0,0 @@ -include $(TOPDIR)/rules.mk -include $(INCLUDE_DIR)/kernel.mk - -PKG_NAME:=gl-mifi-mcu -PKG_VERSION:=2 -PKG_RELEASE:=1 - -PKG_MAINTAINER:=Nuno Goncalves -PKG_LICENSE:=GPL-3.0-or-later - -include $(INCLUDE_DIR)/package.mk - -define KernelPackage/gl-mifi-mcu - SUBMENU:=Hardware Monitoring Support - TITLE:=GL.iNet GL-MiFI Power monitoring support - AUTOLOAD:=$(call AutoLoad,60,gl-mifi-mcu) - FILES:=$(PKG_BUILD_DIR)/gl-mifi-mcu.ko -endef - -define KernelPackage/gl-mifi-mcu/description - Interfaces with GL-MiFI Power monitoring MCU with a soft UART - and provides Battery SOC, Temperature and charging data at - /proc/gl_mifi_mcu. - This feature is supported from GL-MiFi PCB revision v2.6.2. - The content of /proc/gl_mifi_mcu is JSON as received from the - UART and will frequenty contain corrupted data due to soft UART - unreliability. User application must validate the data. -endef - -define Build/Compile - $(KERNEL_MAKE) \ - M="$(PKG_BUILD_DIR)" \ - modules -endef - -$(eval $(call KernelPackage,gl-mifi-mcu)) diff --git a/utils/gl-mifi-mcu/src/Makefile b/utils/gl-mifi-mcu/src/Makefile deleted file mode 100755 index bce424b1b..000000000 --- a/utils/gl-mifi-mcu/src/Makefile +++ /dev/null @@ -1,4 +0,0 @@ -obj-m += gl-mifi-mcu.o - -gl-mifi-mcu-objs := module.o - diff --git a/utils/gl-mifi-mcu/src/module.c b/utils/gl-mifi-mcu/src/module.c deleted file mode 100755 index b73016ee8..000000000 --- a/utils/gl-mifi-mcu/src/module.c +++ /dev/null @@ -1,210 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include - -MODULE_LICENSE("GPL"); -MODULE_AUTHOR("Nuno Goncalves"); -MODULE_DESCRIPTION("GL-MiFi power monitoring MCU interface"); -MODULE_VERSION("0.1"); - -static int gpio_tx = 19; -static int gpio_rx = 8; -static int baudrate = 1200; -static int query_interval_sec = 4; - -static struct hrtimer timer_tx; -static struct hrtimer timer_rx; -static ktime_t period; -static int rx_bit_index = -1; - -static unsigned read_buf_ready = 0; -static unsigned read_buf_size = 0; -static char read_buf[2][64] = {{0},{0}}; - -static int proc_show(struct seq_file *m, void *v) -{ - seq_printf(m, "%s\n", read_buf[read_buf_ready]); - return 0; -} - -static int proc_open(struct inode *inode, struct file *file) -{ - return single_open(file, proc_show, NULL); -} - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,6,0) -static const struct proc_ops hello_proc_ops = { - .proc_open = proc_open, - .proc_read = seq_read, - .proc_lseek = seq_lseek, - .proc_release = single_release, -}; -#else -static const struct file_operations hello_proc_ops = { - .owner = THIS_MODULE, - .open = proc_open, - .read = seq_read, - .llseek = seq_lseek, - .release = single_release, -}; -#endif - -static irqreturn_t handle_rx_start(int irq, void* device) -{ - if (rx_bit_index == -1) - { - hrtimer_start(&timer_rx, ktime_set(0, period / 2), HRTIMER_MODE_REL); - } - return IRQ_HANDLED; -} - -static enum hrtimer_restart handle_tx(struct hrtimer* timer) -{ - ktime_t current_time = ktime_get(); - const unsigned char character = 'g'; - static int bit_index = -1; - - // Start bit. - if (bit_index == -1) - { - gpio_set_value(gpio_tx, 0); - bit_index++; - } - - // Data bits. - else if (0 <= bit_index && bit_index < 8) - { - gpio_set_value(gpio_tx, 1 & (character >> bit_index)); - bit_index++; - } - - // Stop bit. - else if (bit_index == 8) - { - gpio_set_value(gpio_tx, 1); - bit_index = -1; - } - - hrtimer_forward(&timer_tx, current_time, bit_index == 8 - ? ktime_set(query_interval_sec, 0) //wait for next query cycle - : period); //wait for next bit period - - return HRTIMER_RESTART; -} - -void receive_character(unsigned char character) -{ - if(character == '{') - read_buf_size = 0; - - if(read_buf_size < (sizeof(read_buf[0])-1) || character == '}') - { - read_buf[!read_buf_ready][read_buf_size++] = character; - if(character == '}') - { - read_buf[!read_buf_ready][read_buf_size] = '\0'; - read_buf_ready = !read_buf_ready; - read_buf_size = 0; - } - } -} - -static enum hrtimer_restart handle_rx(struct hrtimer* timer) -{ - ktime_t current_time = ktime_get(); - static unsigned int character = 0; - int bit_value = gpio_get_value(gpio_rx); - enum hrtimer_restart result = HRTIMER_NORESTART; - bool must_restart_timer = false; - - // Start bit. - if (rx_bit_index == -1) - { - rx_bit_index++; - character = 0; - must_restart_timer = true; - } - - // Data bits. - else if (0 <= rx_bit_index && rx_bit_index < 8) - { - if (bit_value == 0) - { - character &= 0xfeff; - } - else - { - character |= 0x0100; - } - - rx_bit_index++; - character >>= 1; - must_restart_timer = true; - } - - // Stop bit. - else if (rx_bit_index == 8) - { - receive_character(character); - rx_bit_index = -1; - } - - // Restarts the RX timer. - if (must_restart_timer) - { - hrtimer_forward(&timer_rx, current_time, period); - result = HRTIMER_RESTART; - } - - return result; -} - -static int __init gl_mifi_mcu_init(void) -{ - bool success = true; - - proc_create("gl_mifi_mcu", 0, NULL, &hello_proc_ops); - - success &= gpio_request(gpio_tx, "soft_uart_tx") == 0; - success &= gpio_direction_output(gpio_tx, 1) == 0; - success &= gpio_request(gpio_rx, "soft_uart_rx") == 0; - success &= gpio_direction_input(gpio_rx) == 0; - success &= gpio_set_debounce(gpio_rx, 1000/baudrate/2); - - success &= request_irq( - gpio_to_irq(gpio_rx), - handle_rx_start, - IRQF_TRIGGER_FALLING, - "gl_mifi_mcu_irq_handler", - NULL) == 0; - - hrtimer_init(&timer_tx, CLOCK_MONOTONIC, HRTIMER_MODE_REL); - timer_tx.function = &handle_tx; - hrtimer_init(&timer_rx, CLOCK_MONOTONIC, HRTIMER_MODE_REL); - timer_rx.function = &handle_rx; - period = ktime_set(0, 1000000000/baudrate); - hrtimer_start(&timer_tx, period, HRTIMER_MODE_REL); - - return success; -} - -static void __exit gl_mifi_mcu_exit(void) -{ - disable_irq(gpio_to_irq(gpio_rx)); - hrtimer_cancel(&timer_tx); - hrtimer_cancel(&timer_rx); - free_irq(gpio_to_irq(gpio_rx), NULL); - gpio_set_value(gpio_tx, 0); - gpio_free(gpio_tx); - gpio_free(gpio_rx); - remove_proc_entry("gl_mifi_mcu", NULL); -} - -module_init(gl_mifi_mcu_init); -module_exit(gl_mifi_mcu_exit); - From b9bd6cdb0dcd85b30999b162a06a10c5229908e7 Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Wed, 21 Jun 2023 10:53:19 +0200 Subject: [PATCH 36/90] banip: release 0.8.8-1 * Support MAC-/IPv4/IPv6 ranges in CIDR notation * Support concatenation of local MAC addresses with IPv4/IPv6 addresses, e.g. to enforce dhcp assignments (see readme) * small fixes & cosmetics * update readme Signed-off-by: Dirk Brenken --- net/banip/Makefile | 2 +- net/banip/files/README.md | 105 ++++++++++++++++------------- net/banip/files/banip-functions.sh | 53 +++++++++------ net/banip/files/banip-service.sh | 14 ++-- 4 files changed, 97 insertions(+), 77 deletions(-) diff --git a/net/banip/Makefile b/net/banip/Makefile index 7ca6d9de3..2aa306ed4 100644 --- a/net/banip/Makefile +++ b/net/banip/Makefile @@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=banip -PKG_VERSION:=0.8.7 +PKG_VERSION:=0.8.8 PKG_RELEASE:=1 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/banip/files/README.md b/net/banip/files/README.md index c30b7865f..88e437437 100644 --- a/net/banip/files/README.md +++ b/net/banip/files/README.md @@ -61,12 +61,14 @@ IP address blocking is commonly used to protect against brute force attacks, pre * Full IPv4 and IPv6 support * Supports nft atomic Set loading * Supports blocking by ASN numbers and by iso country codes -* Supports local allow- and blocklist (IPv4, IPv6, CIDR notation or domain names) +* Supports local allow- and blocklist with MAC/IPv4/IPv6 addresses or domain names +* Supports concatenation of local MAC addresses with IPv4/IPv6 addresses, e.g. to enforce dhcp assignments +* All local input types support ranges in CIDR notation * Auto-add the uplink subnet or uplink IP to the local allowlist -* Provides a small background log monitor to ban unsuccessful login attempts in real-time +* Provides a small background log monitor to ban unsuccessful login attempts in real-time (like fail2ban, crowdsec etc.) * Auto-add unsuccessful LuCI, nginx, Asterisk or ssh login attempts to the local blocklist * Auto-add entire subnets to the blocklist Sets based on an additional RDAP request with the monitored suspicious IP -* Fast feed processing as they are handled in parallel as background jobs +* Fast feed processing as they are handled in parallel as background jobs (on capable multi-core hardware) * Per feed it can be defined whether the wan-input chain, the wan-forward chain or the lan-forward chain should be blocked (default: all chains) * Automatic blocklist backup & restore, the backups will be used in case of download errors or during startup * Automatically selects one of the following download utilities with ssl support: aria2c, curl, uclient-fetch or full wget @@ -188,62 +190,54 @@ Available commands: ::: ::: banIP Set Statistics ::: - Timestamp: 2023-02-25 08:35:37 + Timestamp: 2023-06-21 07:03:23 ------------------------------ - auto-added to allowlist: 0 - auto-added to blocklist: 4 + auto-added to allowlist today: 0 + auto-added to blocklist today: 0 Set | Elements | WAN-Input (packets) | WAN-Forward (packets) | LAN-Forward (packets) ---------------------+--------------+-----------------------+-----------------------+------------------------ - allowlistvMAC | 0 | - | - | OK: 0 - allowlistv4 | 15 | OK: 0 | OK: 0 | OK: 0 + allowlistv4MAC | 0 | - | - | OK: 0 + allowlistv6MAC | 0 | - | - | OK: 0 + allowlistv4 | 1 | OK: 0 | OK: 0 | OK: 0 allowlistv6 | 1 | OK: 0 | OK: 0 | OK: 0 - torv4 | 800 | OK: 0 | OK: 0 | OK: 0 - torv6 | 432 | OK: 0 | OK: 0 | OK: 0 - countryv6 | 34282 | OK: 0 | OK: 1 | - - countryv4 | 35508 | OK: 1872 | OK: 0 | - - dohv6 | 343 | - | - | OK: 0 - dohv4 | 540 | - | - | OK: 3 - firehol1v4 | 1670 | OK: 296 | OK: 0 | OK: 16 - deblv4 | 12402 | OK: 4 | OK: 0 | OK: 0 - deblv6 | 41 | OK: 0 | OK: 0 | OK: 0 - adguardv6 | 12742 | - | - | OK: 161 - adguardv4 | 23183 | - | - | OK: 212 - adguardtrackersv6 | 169 | - | - | OK: 0 - adguardtrackersv4 | 633 | - | - | OK: 0 - adawayv6 | 2737 | - | - | OK: 15 - adawayv4 | 6542 | - | - | OK: 137 - oisdsmallv6 | 10569 | - | - | OK: 0 - oisdsmallv4 | 18800 | - | - | OK: 74 - stevenblackv6 | 11901 | - | - | OK: 4 - stevenblackv4 | 16776 | - | - | OK: 139 - yoyov6 | 215 | - | - | OK: 0 - yoyov4 | 309 | - | - | OK: 0 - antipopadsv4 | 1872 | - | - | OK: 0 - urlhausv4 | 7431 | OK: 0 | OK: 0 | OK: 0 - antipopadsv6 | 2081 | - | - | OK: 2 - blocklistvMAC | 0 | - | - | OK: 0 - blocklistv4 | 1174 | OK: 1 | OK: 0 | OK: 0 - blocklistv6 | 40 | OK: 0 | OK: 0 | OK: 0 + cinsscorev4 | 13115 | OK: 142 | OK: 0 | - + deblv4 | 8076 | OK: 5 | OK: 0 | OK: 0 + countryv6 | 37313 | OK: 0 | OK: 1 | - + countryv4 | 36155 | OK: 33 | OK: 0 | - + deblv6 | 15 | OK: 0 | OK: 0 | OK: 0 + dropv6 | 35 | OK: 0 | OK: 0 | OK: 0 + dropv4 | 620 | OK: 0 | OK: 0 | OK: 0 + dohv6 | 598 | - | - | OK: 0 + dohv4 | 902 | - | - | OK: 0 + edropv4 | 247 | OK: 0 | OK: 0 | OK: 0 + threatviewv4 | 571 | OK: 0 | OK: 0 | OK: 0 + firehol1v4 | 877 | OK: 8 | OK: 0 | OK: 0 + ipthreatv4 | 5751 | OK: 0 | OK: 0 | OK: 0 + urlvirv4 | 169 | OK: 0 | OK: 0 | OK: 0 + blocklistv4MAC | 0 | - | - | OK: 0 + blocklistv6MAC | 0 | - | - | OK: 0 + blocklistv4 | 3 | OK: 0 | OK: 0 | OK: 0 + blocklistv6 | 0 | OK: 0 | OK: 0 | OK: 0 ---------------------+--------------+-----------------------+-----------------------+------------------------ - 30 | 203208 | 12 (2173) | 12 (1) | 28 (763) + 22 | 104449 | 16 (188) | 16 (1) | 19 (0) ``` **banIP runtime information** ``` -~# /etc/init.d/banip status +root@blackhole:~# /etc/init.d/banip status ::: banIP runtime information + status : active (nft: ✔, monitor: ✔) - + version : 0.8.6-2 - + element_count : 172309 - + active_feeds : allowlistvMAC, allowlistv6, allowlistv4, adawayv4, adguardtrackersv4, adawayv6, adguardv6, adguardv4, urlvirv4, adguardtrackersv6, oisdbigv6, oisdbigv4, blocklistvMAC, blocklistv4, blocklistv6 + + version : 0.8.8-1 + + element_count : 104449 + + active_feeds : allowlistv4MAC, allowlistv6MAC, allowlistv4, allowlistv6, cinsscorev4, deblv4, countryv6, countryv4, deblv6, dropv6, dropv4, dohv6, dohv4, edropv4, threatviewv4, firehol1v4, ipthreatv4, urlvirv4, blocklistv4MAC, blocklistv6MAC, blocklistv4, blocklistv6 + active_devices : br-wan ::: wan, wan6 - + active_uplink : 91.64.173.145, 2a12:610c:0:80:848b:3ad0:4e05:abb + + active_uplink : 91.63.198.120, 2a12:810c:0:80:a20d:52c3:5cf:f4f + nft_info : priority: -200, policy: performance, loglevel: warn, expiry: - + run_info : base: /mnt/data/banIP, backup: /mnt/data/banIP/backup, report: /mnt/data/banIP/report, custom feed: ✘ + run_flags : auto: ✔, proto (4/6): ✔/✔, log (wan-inp/wan-fwd/lan-fwd): ✔/✔/✔, dedup: ✔, split: ✘, allowed only: ✘ - + last_run : action: restart, duration: 0m 22s, date: 2023-05-15 22:39:15 - + system_info : cores: 4, memory: 1798, device: Bananapi BPI-R3, OpenWrt SNAPSHOT r22784-1645c34d56 + + last_run : action: restart, duration: 0m 19s, date: 2023-06-21 06:45:52 + + system_info : cores: 4, memory: 1634, device: Bananapi BPI-R3, OpenWrt SNAPSHOT r23398-c4be106f4d ``` **banIP search information** @@ -292,14 +286,35 @@ list ban_logterm 'SecurityEvent=\"InvalidAccountID\".*RemoteAddress=' ``` **allow-/blocklist handling** -banIP supports local allow and block lists (IPv4, IPv6, CIDR notation or domain names), located in /etc/banip/banip.allowlist and /etc/banip/banip.blocklist. +banIP supports local allow and block lists, MAC/IPv4/IPv6 addresses (incl. ranges in CIDR notation) or domain names. These files are located in /etc/banip/banip.allowlist and /etc/banip/banip.blocklist. Unsuccessful login attempts or suspicious requests will be tracked and added to the local blocklist (see the 'ban_autoblocklist' option). The blocklist behaviour can be further tweaked with the 'ban_nftexpiry' option. Depending on the options 'ban_autoallowlist' and 'ban_autoallowuplink' the uplink subnet or the uplink IP will be added automatically to local allowlist. Furthermore, you can reference external Allowlist URLs with additional IPv4 and IPv6 feeds (see 'ban_allowurl'). Both local lists also accept domain names as input to allow IP filtering based on these names. The corresponding IPs (IPv4 & IPv6) will be extracted and added to the Sets. You can also start the domain lookup separately via /etc/init.d/banip lookup at any time. +**MAC/IP-binding** +banIP supports concatenation of local MAC addresses with IPv4/IPv6 addresses, e.g. to enforce dhcp assignments. Following notations in the local allow and block lists are allowed: +``` +MAC-address only: +C8:C2:9B:F7:80:12 => this will be populated to the v4MAC- and v6MAC-Sets with the IP-wildcards 0.0.0.0/0 and ::/0 + +MAC-address with IPv4 concatenation: +C8:C2:9B:F7:80:12 192.168.1.10 => this will be populated only to v4MAC-Set with the certain IP, no entry in the v6MAC-Set + +MAC-address with IPv6 concatenation: +C8:C2:9B:F7:80:12 2a02:810c:0:80:a10e:62c3:5af:f3f => this will be populated only to v6MAC-Set with the certain IP, no entry in the v4MAC-Set + +MAC-address with IPv4 and IPv6 concatenation: +C8:C2:9B:F7:80:12 192.168.1.10 => this will be populated to v4MAC-Set with the certain IP +C8:C2:9B:F7:80:12 2a02:810c:0:80:a10e:62c3:5af:f3f => this will be populated to v6MAC-Set with the certain IP + +MAC-address with IPv4 and IPv6 wildcard concatenation: +C8:C2:9B:F7:80:12 192.168.1.10 => this will be populated to v4MAC-Set with the certain IP +C8:C2:9B:F7:80:12 => this will be populated to v6MAC-Set with the IP-wildcard ::/0 +``` + **allowlist-only mode** -banIP supports an "allowlist only" mode. This option restricts the internet access from/to a small number of secure websites/IPs, and block access from/to the rest of the internet. All IPs and Domains which are _not_ listed in the allowlist are blocked. +banIP supports an "allowlist only" mode. This option restricts the internet access from/to a small number of secure MACs, IPs or domains, and block access from/to the rest of the internet. All IPs and Domains which are _not_ listed in the allowlist are blocked. **redirect Asterisk security logs to lodg/logread** banIP only supports logfile scanning via logread, so to monitor attacks on Asterisk, its security log must be available via logread. To do this, edit '/etc/asterisk/logger.conf' and add the line 'syslog.local0 = security', then run 'asterisk -rx reload logger' to update the running Asterisk configuration. diff --git a/net/banip/files/banip-functions.sh b/net/banip/files/banip-functions.sh index 9731c7164..92d8e5a2a 100644 --- a/net/banip/files/banip-functions.sh +++ b/net/banip/files/banip-functions.sh @@ -23,9 +23,6 @@ ban_rtfile="/var/run/banip_runtime.json" ban_rdapfile="/var/run/banip_rdap.json" ban_rdapurl="https://rdap.db.ripe.net/ip/" ban_lock="/var/run/banip.lock" -ban_fetchcmd="" -ban_fetchparm="" -ban_rdapparm="" ban_logreadcmd="$(command -v logread)" ban_logcmd="$(command -v logger)" ban_ubuscmd="$(command -v ubus)" @@ -77,8 +74,11 @@ ban_ifv4="" ban_ifv6="" ban_dev="" ban_uplink="" +ban_fetchcmd="" +ban_fetchparm="" ban_fetchinsecure="" ban_fetchretry="5" +ban_rdapparm="" ban_cores="" ban_memory="" ban_packages="" @@ -189,6 +189,7 @@ f_rmpid() { for pid in ${pids}; do kill -INT "${pid}" >/dev/null 2>&1 done + : >"${ban_rdapfile}" : >"${ban_pidfile}" } @@ -282,7 +283,7 @@ f_conf() { f_actual() { local nft monitor - if "${ban_nftcmd}" -t list set inet banIP allowlistvMAC >/dev/null 2>&1; then + if "${ban_nftcmd}" -t list set inet banIP allowlistv4MAC >/dev/null 2>&1; then nft="$(f_char "1")" else nft="$(f_char "0")" @@ -510,7 +511,7 @@ f_nftinit() { # nft header (tables and chains) # printf "%s\n\n" "#!/usr/sbin/nft -f" - if "${ban_nftcmd}" -t list set inet banIP allowlistvMAC >/dev/null 2>&1; then + if "${ban_nftcmd}" -t list set inet banIP allowlistv4MAC >/dev/null 2>&1; then printf "%s\n" "delete table inet banIP" fi printf "%s\n" "add table inet banIP" @@ -644,12 +645,16 @@ f_down() { { printf "%s\n\n" "#!/usr/sbin/nft -f" [ -s "${tmp_flush}" ] && "${ban_catcmd}" "${tmp_flush}" - if [ "${proto}" = "MAC" ]; then - "${ban_awkcmd}" '/^([0-9A-f]{2}:){5}[0-9A-f]{2}([[:space:]]|$)/{printf "%s, ",tolower($1)}' "${tmp_allow}" >"${tmp_file}" - printf "%s\n" "add set inet banIP ${feed} { type ether_addr; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }" - [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ether saddr @${feed} counter accept" + if [ "${proto}" = "4MAC" ]; then + "${ban_awkcmd}" '/^([0-9A-f]{2}:){5}[0-9A-f]{2}(\/([0-9]|[1-3][0-9]|4[0-8]))?([[:space:]]+([0-9]{1,3}\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\/(1?[0-9]|2?[0-9]|3?[0-2]))?[[:space:]]*$|[[:space:]]+$|$)/{if(!$2)$2="0.0.0.0/0";if(!seen[$1]++)printf "%s . %s, ",tolower($1),$2}' "${tmp_allow}" >"${tmp_file}" + printf "%s\n" "add set inet banIP ${feed} { type ether_addr . ipv4_addr; flags interval; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }" + [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ether saddr . ip saddr @${feed} counter accept" + elif [ "${proto}" = "6MAC" ]; then + "${ban_awkcmd}" '/^([0-9A-f]{2}:){5}[0-9A-f]{2}(\/([0-9]|[1-3][0-9]|4[0-8]))?([[:space:]]+([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\/(1?[0-2][0-8]|[0-9][0-9]))?[[:space:]]*$|[[:space:]]+$|$)/{if(!$2)$2="::/0";if(!seen[$1]++)printf "%s . %s, ",tolower($1),$2}' "${tmp_allow}" >"${tmp_file}" + printf "%s\n" "add set inet banIP ${feed} { type ether_addr . ipv6_addr; flags interval; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }" + [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ether saddr . ip6 saddr @${feed} counter accept" elif [ "${proto}" = "4" ]; then - "${ban_awkcmd}" '/^(([0-9]{1,3}\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{printf "%s, ",$1}' "${tmp_allow}" >"${tmp_file}" + "${ban_awkcmd}" '/^(([0-9]{1,3}\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]].*|$)/{printf "%s, ",$1}' "${tmp_allow}" >"${tmp_file}" printf "%s\n" "add set inet banIP ${feed} { type ipv4_addr; flags interval; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }" if [ -z "${feed_direction##*input*}" ]; then if [ "${ban_allowlistonly}" = "1" ]; then @@ -673,8 +678,8 @@ f_down() { fi fi elif [ "${proto}" = "6" ]; then - "${ban_awkcmd}" '!/^([0-9A-f]{2}:){5}[0-9A-f]{2}([[:space:]]|$)/{printf "%s\n",$1}' "${tmp_allow}" | - "${ban_awkcmd}" '/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{printf "%s, ",tolower($1)}' >"${tmp_file}" + "${ban_awkcmd}" '!/^([0-9A-f]{2}:){5}[0-9A-f]{2}.*/{printf "%s\n",$1}' "${tmp_allow}" | + "${ban_awkcmd}" '/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]].*|$)/{printf "%s, ",tolower($1)}' >"${tmp_file}" printf "%s\n" "add set inet banIP ${feed} { type ipv6_addr; flags interval; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }" if [ -z "${feed_direction##*input*}" ]; then if [ "${ban_allowlistonly}" = "1" ]; then @@ -704,18 +709,22 @@ f_down() { { printf "%s\n\n" "#!/usr/sbin/nft -f" [ -s "${tmp_flush}" ] && "${ban_catcmd}" "${tmp_flush}" - if [ "${proto}" = "MAC" ]; then - "${ban_awkcmd}" '/^([0-9A-f]{2}:){5}[0-9A-f]{2}([[:space:]]|$)/{printf "%s, ",tolower($1)}' "${ban_blocklist}" >"${tmp_file}" - printf "%s\n" "add set inet banIP ${feed} { type ether_addr; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }" - [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ether saddr @${feed} ${log_forwardlan} counter reject" + if [ "${proto}" = "4MAC" ]; then + "${ban_awkcmd}" '/^([0-9A-f]{2}:){5}[0-9A-f]{2}(\/([0-9]|[1-3][0-9]|4[0-8]))?([[:space:]]+([0-9]{1,3}\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\/(1?[0-9]|2?[0-9]|3?[0-2]))?[[:space:]]*$|[[:space:]]+$|$)/{if(!$2)$2="0.0.0.0/0";if(!seen[$1]++)printf "%s . %s, ",tolower($1),$2}' "${ban_blocklist}" >"${tmp_file}" + printf "%s\n" "add set inet banIP ${feed} { type ether_addr . ipv4_addr; flags interval; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }" + [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ether saddr . ip saddr @${feed} counter reject" + elif [ "${proto}" = "6MAC" ]; then + "${ban_awkcmd}" '/^([0-9A-f]{2}:){5}[0-9A-f]{2}(\/([0-9]|[1-3][0-9]|4[0-8]))?([[:space:]]+([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\/(1?[0-2][0-8]|[0-9][0-9]))?[[:space:]]*$|[[:space:]]+$|$)/{if(!$2)$2="::/0";if(!seen[$1]++)printf "%s . %s, ",tolower($1),$2}' "${ban_blocklist}" >"${tmp_file}" + printf "%s\n" "add set inet banIP ${feed} { type ether_addr . ipv6_addr; flags interval; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }" + [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ether saddr . ip6 saddr @${feed} counter reject" elif [ "${proto}" = "4" ]; then if [ "${ban_deduplicate}" = "1" ]; then - "${ban_awkcmd}" '/^(([0-9]{1,3}\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{printf "%s,\n",$1}' "${ban_blocklist}" >"${tmp_raw}" + "${ban_awkcmd}" '/^(([0-9]{1,3}\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]].*|$)/{printf "%s,\n",$1}' "${ban_blocklist}" >"${tmp_raw}" "${ban_awkcmd}" 'NR==FNR{member[$0];next}!($0 in member)' "${ban_tmpfile}.deduplicate" "${tmp_raw}" 2>/dev/null >"${tmp_split}" "${ban_awkcmd}" 'BEGIN{FS="[ ,]"}NR==FNR{member[$1];next}!($1 in member)' "${ban_tmpfile}.deduplicate" "${ban_blocklist}" 2>/dev/null >"${tmp_raw}" "${ban_catcmd}" "${tmp_raw}" 2>/dev/null >"${ban_blocklist}" else - "${ban_awkcmd}" '/^(([0-9]{1,3}\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{printf "%s,\n",$1}' "${ban_blocklist}" >"${tmp_split}" + "${ban_awkcmd}" '/^(([0-9]{1,3}\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]].*|$)/{printf "%s,\n",$1}' "${ban_blocklist}" >"${tmp_split}" fi "${ban_awkcmd}" '{ORS=" ";print}' "${tmp_split}" 2>/dev/null >"${tmp_file}" printf "%s\n" "add set inet banIP ${feed} { type ipv4_addr; flags interval, timeout; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }" @@ -724,14 +733,14 @@ f_down() { [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip daddr @${feed} ${log_forwardlan} counter reject with icmp type admin-prohibited" elif [ "${proto}" = "6" ]; then if [ "${ban_deduplicate}" = "1" ]; then - "${ban_awkcmd}" '!/^([0-9A-f]{2}:){5}[0-9A-f]{2}([[:space:]]|$)/{printf "%s\n",$1}' "${ban_blocklist}" | - "${ban_awkcmd}" '/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{printf "%s,\n",tolower($1)}' >"${tmp_raw}" + "${ban_awkcmd}" '!/^([0-9A-f]{2}:){5}[0-9A-f]{2}.*/{printf "%s\n",$1}' "${ban_blocklist}" | + "${ban_awkcmd}" '/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]].*|$)/{printf "%s,\n",tolower($1)}' >"${tmp_raw}" "${ban_awkcmd}" 'NR==FNR{member[$0];next}!($0 in member)' "${ban_tmpfile}.deduplicate" "${tmp_raw}" 2>/dev/null >"${tmp_split}" "${ban_awkcmd}" 'BEGIN{FS="[ ,]"}NR==FNR{member[$1];next}!($1 in member)' "${ban_tmpfile}.deduplicate" "${ban_blocklist}" 2>/dev/null >"${tmp_raw}" "${ban_catcmd}" "${tmp_raw}" 2>/dev/null >"${ban_blocklist}" else - "${ban_awkcmd}" '!/^([0-9A-f]{2}:){5}[0-9A-f]{2}([[:space:]]|$)/{printf "%s\n",$1}' "${ban_blocklist}" | - "${ban_awkcmd}" '/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{printf "%s,\n",tolower($1)}' >"${tmp_split}" + "${ban_awkcmd}" '!/^([0-9A-f]{2}:){5}[0-9A-f]{2}.*/{printf "%s\n",$1}' "${ban_blocklist}" | + "${ban_awkcmd}" '/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]].*|$)/{printf "%s,\n",tolower($1)}' >"${tmp_split}" fi "${ban_awkcmd}" '{ORS=" ";print}' "${tmp_split}" 2>/dev/null >"${tmp_file}" printf "%s\n" "add set inet banIP ${feed} { type ipv6_addr; flags interval, timeout; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }" diff --git a/net/banip/files/banip-service.sh b/net/banip/files/banip-service.sh index 3f43ef34c..1170c8b1d 100755 --- a/net/banip/files/banip-service.sh +++ b/net/banip/files/banip-service.sh @@ -45,7 +45,7 @@ fi # init nft namespace # -if [ "${ban_action}" != "reload" ] || ! "${ban_nftcmd}" -t list set inet banIP allowlistvMAC >/dev/null 2>&1; then +if [ "${ban_action}" != "reload" ] || ! "${ban_nftcmd}" -t list set inet banIP allowlistv4MAC >/dev/null 2>&1; then if f_nftinit "${ban_tmpfile}".init.nft; then f_log "info" "initialize nft namespace" else @@ -56,22 +56,18 @@ fi # handle downloads # f_log "info" "start banIP download processes" -if [ "${ban_allowlistonly}" = "1" ]; then - ban_feed="" -else - f_getfeed - [ "${ban_deduplicate}" = "1" ] && printf "\n" >"${ban_tmpfile}.deduplicate" -fi +[ "${ban_allowlistonly}" = "1" ] && ban_feed="" || f_getfeed +[ "${ban_deduplicate}" = "1" ] && printf "\n" >"${ban_tmpfile}.deduplicate" cnt="1" for feed in allowlist ${ban_feed} blocklist; do # local feeds # if [ "${feed}" = "allowlist" ] || [ "${feed}" = "blocklist" ]; then - for proto in MAC 4 6; do + for proto in 4MAC 6MAC 4 6; do [ "${feed}" = "blocklist" ] && wait (f_down "${feed}" "${proto}") & - [ "${feed}" = "blocklist" ] || { [ "${feed}" = "allowlist" ] && [ "${proto}" = "MAC" ]; } && wait + [ "${feed}" = "blocklist" ] || { [ "${feed}" = "allowlist" ] && { [ "${proto}" = "4MAC" ] || [ "${proto}" = "6MAC" ]; }; } && wait hold="$((cnt % ban_cores))" [ "${hold}" = "0" ] && wait cnt="$((cnt + 1))" From 4f608bb99852c96772dee55f0cb2ddbc17f2fd76 Mon Sep 17 00:00:00 2001 From: "W. Michael Petullo" Date: Tue, 20 Jun 2023 08:53:34 -0500 Subject: [PATCH 37/90] shared-mime-info: update to 2.2 Signed-off-by: W. Michael Petullo --- utils/shared-mime-info/Makefile | 6 +- .../patches/001-no-xmllint.patch | 11 +++ .../001-shared-mime-info-2.1-fix-build.patch | 75 ------------------- .../002-shared-mime-info-2.1-no-xmlto.patch | 33 -------- 4 files changed, 15 insertions(+), 110 deletions(-) create mode 100644 utils/shared-mime-info/patches/001-no-xmllint.patch delete mode 100644 utils/shared-mime-info/patches/001-shared-mime-info-2.1-fix-build.patch delete mode 100644 utils/shared-mime-info/patches/002-shared-mime-info-2.1-no-xmlto.patch diff --git a/utils/shared-mime-info/Makefile b/utils/shared-mime-info/Makefile index 919962511..b1b7a8a91 100644 --- a/utils/shared-mime-info/Makefile +++ b/utils/shared-mime-info/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=shared-mime-info -PKG_VERSION:=2.1 +PKG_VERSION:=2.2 PKG_RELEASE:=2 PKG_MAINTAINER:=W. Michael Petullo @@ -16,7 +16,9 @@ PKG_LICENSE_FILES:=COPYING PKG_SOURCE:=shared-mime-info-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://gitlab.freedesktop.org/xdg/$(PKG_NAME)/-/archive/$(PKG_VERSION) -PKG_HASH:=37df6475da31a8b5fc63a54ba0770a3eefa0a708b778cb6366dccee96393cb60 +PKG_HASH:=418c480019d9865f67f922dfb88de00e9f38bf971205d55cdffab50432919e61 + +PKG_BUILD_DEPENDS:=gettext-full/host include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/nls.mk diff --git a/utils/shared-mime-info/patches/001-no-xmllint.patch b/utils/shared-mime-info/patches/001-no-xmllint.patch new file mode 100644 index 000000000..f5200bab8 --- /dev/null +++ b/utils/shared-mime-info/patches/001-no-xmllint.patch @@ -0,0 +1,11 @@ +--- a/meson.build ++++ b/meson.build +@@ -20,7 +20,7 @@ config.set_quoted('VERSION', meson.proje + ############################################################################### + # Find tools + +-xmllint = find_program('xmllint') ++xmllint = find_program('xmllint', required: false) + xmlto = find_program('xmlto', required: false) + + ############################################################################### diff --git a/utils/shared-mime-info/patches/001-shared-mime-info-2.1-fix-build.patch b/utils/shared-mime-info/patches/001-shared-mime-info-2.1-fix-build.patch deleted file mode 100644 index 38479a3a5..000000000 --- a/utils/shared-mime-info/patches/001-shared-mime-info-2.1-fix-build.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 5a406b06792e26a83c7346b3c2443c0bd8d4cdb2 Mon Sep 17 00:00:00 2001 -From: Eli Schwartz -Date: Mon, 8 Nov 2021 18:22:47 -0500 -Subject: [PATCH] migrate from custom itstool to builtin msgfmt for creating - translated XML - -gettext upstream has supported this for a very long time (since 0.19.7 -via commit b3c2a5a242c36fbbaa0c5b17f975d6c638598a23, released in 2015), -and itstool is (mostly) a legacy of the time before gettext had proper -support for these sorts of use cases. - -This is similar to the state of intltool, which is described at -https://wiki.gnome.org/MigratingFromIntltoolToGettext - -During the port from autotools to meson, the legacy use of itstool was -faithfully translated to meson in the only way possible: by jumping -through hoops to run ninja inside ninja in order to generate the .mo -files for itstool, because meson's i18n module used a flawed design and -there was no "real" target to create those files, only a .PHONY -run_target which other rules cannot depend on. - -Although meson 0.60.0 added support for real targets for the built .mo -files, this changed the rules for output filenames, breaking the script. - -But msgfmt does not care, and anyways comes with builtin meson functions -for convenient use with XML files. So let's take this opportunity to -drop legacy dependencies and use the modern, builtin tooling, which -fixes this bug as a side effect. - -Fixes #170 ---- - .gitlab-ci.yml | 2 -- - README.md | 2 +- - data/freedesktop_generate.sh | 12 ------------ - data/meson.build | 16 +++++----------- - meson.build | 1 - - 5 files changed, 6 insertions(+), 27 deletions(-) - delete mode 100755 data/freedesktop_generate.sh - ---- a/data/meson.build -+++ b/data/meson.build -@@ -1,18 +1,12 @@ - - install_man('update-mime-database.1') - --freedesktop_org_xml = custom_target('freedesktop.org.xml', -- input : files( -- 'freedesktop.org.xml.in', -- 'its/shared-mime-info.its', -- 'its/shared-mime-info.loc', -- ), -+freedesktop_org_xml = i18n.merge_file( -+ input: 'freedesktop.org.xml.in', - output: 'freedesktop.org.xml', -- command: [ -- find_program('freedesktop_generate.sh'), -- meson.source_root(), -- meson.build_root() -- ], -+ data_dirs: '.', -+ po_dir: '../po', -+ type: 'xml', - install: true, - install_dir: get_option('datadir') / 'mime' / 'packages', - ) ---- a/meson.build -+++ b/meson.build -@@ -20,7 +20,6 @@ config.set_quoted('VERSION', meson.proje - ############################################################################### - # Find tools - --itstool = find_program('itstool') - xmllint = find_program('xmllint') - xmlto = find_program('xmlto') - diff --git a/utils/shared-mime-info/patches/002-shared-mime-info-2.1-no-xmlto.patch b/utils/shared-mime-info/patches/002-shared-mime-info-2.1-no-xmlto.patch deleted file mode 100644 index 59e6f037a..000000000 --- a/utils/shared-mime-info/patches/002-shared-mime-info-2.1-no-xmlto.patch +++ /dev/null @@ -1,33 +0,0 @@ ---- a/data/meson.build -+++ b/data/meson.build -@@ -15,15 +15,3 @@ install_data( - [ 'its/shared-mime-info.loc', 'its/shared-mime-info.its', ], - install_dir : get_option('datadir') / 'gettext/its' - ) -- --custom_target('shared-mime-info-spec-html', -- input : 'shared-mime-info-spec.xml', -- output: 'shared-mime-info-spec-html', -- command: [ -- xmlto, -- '-o', '@OUTPUT@', -- 'html-nochunks', -- '@INPUT@', -- ], -- build_by_default: true, --) ---- a/meson.build -+++ b/meson.build -@@ -18,12 +18,6 @@ config.set_quoted('PACKAGE', meson.proje - config.set_quoted('VERSION', meson.project_version()) - - ############################################################################### --# Find tools -- --xmllint = find_program('xmllint') --xmlto = find_program('xmlto') -- --############################################################################### - # Find xdgmime - - xdgmime = get_option('xdgmime-path') / 'src' From 1aa41e92ac8733be9a25b77eddea7cdac3bedc34 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Wed, 21 Jun 2023 20:47:19 +0800 Subject: [PATCH 38/90] cloudflared: Update to 2023.6.1 Signed-off-by: Tianling Shen --- net/cloudflared/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/cloudflared/Makefile b/net/cloudflared/Makefile index 1e5462cda..bb4106927 100644 --- a/net/cloudflared/Makefile +++ b/net/cloudflared/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=cloudflared -PKG_VERSION:=2023.6.0 +PKG_VERSION:=2023.6.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/cloudflare/cloudflared/tar.gz/$(PKG_VERSION)? -PKG_HASH:=8be9ab929fa5bbc021041e4fe33e2f91b4fe16d9c8354bfc19b1ad3fedb39b51 +PKG_HASH:=7f7509bb364f107541dc810410b763721c39cdfab85799080ccae96d1c4a9cff PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE From 4c4d3b900197785292ef92055effcccd7f3b805b Mon Sep 17 00:00:00 2001 From: Hirokazu MORIKAWA Date: Thu, 15 Jun 2023 15:49:25 +0900 Subject: [PATCH 39/90] c-ares: bump to 1.19.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is a security and bugfix release. Security o CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service o CVE-2023-31147. Moderate. Insufficient randomness in generation of DNS
query IDs o CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton() o CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross
compilation Fixing libcares.pc The pkg-config file libcares.pc in version 1.19.1 has been changed to be unsuitable for OpenWrt and causes build errors with Openwrt packages that use libcares. For this reason, libcares.pc was replaced. Signed-off-by: Hirokazu MORIKAWA --- libs/c-ares/Makefile | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/libs/c-ares/Makefile b/libs/c-ares/Makefile index 4c13927b2..9f5a9424b 100644 --- a/libs/c-ares/Makefile +++ b/libs/c-ares/Makefile @@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=c-ares -PKG_VERSION:=1.18.1 +PKG_VERSION:=1.19.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://c-ares.org/download -PKG_HASH:=1a7d52a8a84a9fbffb1be9133c0f6e17217d91ea5a6fa61f6b4729cda78ebbcf +PKG_HASH:=321700399b72ed0e037d0074c629e7741f6b2ec2dda92956abe3e9671d3e268e PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE.md @@ -48,6 +48,13 @@ CMAKE_OPTIONS += \ -DCARES_BUILD_TESTS=OFF \ -DCARES_BUILD_TOOLS=OFF +define Build/InstallDev + $(call Build/InstallDev/cmake,$(1)) + $(SED) 's,/usr/bin,$$$${prefix}/lib,g' $(1)/usr/lib/pkgconfig/libcares.pc + $(SED) 's,/usr/include,$$$${prefix}/include,g' $(1)/usr/lib/pkgconfig/libcares.pc + $(SED) 's,/usr/lib,$$$${prefix}/lib,g' $(1)/usr/lib/pkgconfig/libcares.pc +endef + define Package/libcares/install $(INSTALL_DIR) $(1)/usr/lib $(CP) $(PKG_INSTALL_DIR)/usr/lib/libcares.so.* $(1)/usr/lib/ From dedf51702e098d042f5392de4d640b0d72825676 Mon Sep 17 00:00:00 2001 From: Marius Dinu Date: Mon, 12 Jun 2023 10:47:03 +0300 Subject: [PATCH 40/90] tvheadend: update to 2023-06-05 Update to git master 2023-06-05 and removed unneeded compatibility patch. Signed-off-by: Marius Dinu --- multimedia/tvheadend/Makefile | 11 +++++------ multimedia/tvheadend/patches/040-fortify.patch | 9 --------- .../tvheadend/patches/050-iconv-test-continue.patch | 2 +- 3 files changed, 6 insertions(+), 16 deletions(-) delete mode 100644 multimedia/tvheadend/patches/040-fortify.patch diff --git a/multimedia/tvheadend/Makefile b/multimedia/tvheadend/Makefile index 1af5b6dd2..8032c41d4 100644 --- a/multimedia/tvheadend/Makefile +++ b/multimedia/tvheadend/Makefile @@ -1,21 +1,20 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tvheadend -PKG_VERSION:=2022-11-20 -PKG_RELEASE:=3 +PKG_VERSION:=2023-06-05 +PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/tvheadend/tvheadend.git -PKG_MIRROR_HASH:=9c1bb3eea3f3539454d17e4c6aabc774a104a772aa34ed39f248521cf6488ce5 -PKG_SOURCE_VERSION:=0ff96106aa2e0f9a384c3a2662ca005797a6b399 -PKG_SOURCE_DATE:=2022-11-20 +PKG_MIRROR_HASH:=921506f54a93fa78ba17578a0ef127f4eebd4df0691aef5905cd1eb2eae52bef +PKG_SOURCE_VERSION:=003fd92707531bdf7ad1753ab028db8748ac5ab8 +PKG_SOURCE_DATE:=2023-06-05 PKG_LICENSE:=GPL-3.0 PKG_LICENSE_FILES:=LICENSE.md PKG_BUILD_PARALLEL:=1 PKG_FIXUP:=autoreconf - PKG_BUILD_FLAGS:=no-mips16 include $(INCLUDE_DIR)/package.mk diff --git a/multimedia/tvheadend/patches/040-fortify.patch b/multimedia/tvheadend/patches/040-fortify.patch deleted file mode 100644 index 429791ad1..000000000 --- a/multimedia/tvheadend/patches/040-fortify.patch +++ /dev/null @@ -1,9 +0,0 @@ ---- a/src/intlconv.c -+++ b/src/intlconv.c -@@ -1,3 +1,6 @@ -+#ifndef _GNU_SOURCE -+#define _GNU_SOURCE -+#endif - #include - #include "tvheadend.h" - #include "intlconv.h" diff --git a/multimedia/tvheadend/patches/050-iconv-test-continue.patch b/multimedia/tvheadend/patches/050-iconv-test-continue.patch index 2e46b5113..bdfc4359c 100644 --- a/multimedia/tvheadend/patches/050-iconv-test-continue.patch +++ b/multimedia/tvheadend/patches/050-iconv-test-continue.patch @@ -1,6 +1,6 @@ --- a/src/intlconv.c +++ b/src/intlconv.c -@@ -36,9 +36,8 @@ intlconv_test( void ) +@@ -37,9 +37,8 @@ intlconv_test( void ) (strcmp(s, "ZlutouckyKun") && strcmp(s, "Zlutouck'yKun") && strcmp(s, "?lu?ou?k?K??"))) { From fb68d07bfae3d38691c87179e216207e4323a52b Mon Sep 17 00:00:00 2001 From: Marius Dinu Date: Fri, 16 Jun 2023 15:59:44 +0300 Subject: [PATCH 41/90] tvheadend: add dependency on gettext (host) Gettext is a prerequisite to build OpenWrt according to: https://openwrt.org/docs/guide-developer/toolchain/install-buildsystem but github automated tests fail without this explicit dependency: 2023-06-19T08:02:45.1940511Z checking for py module gzip ... ok 2023-06-19T08:02:45.1968662Z checking for /builder/staging_dir/host/bin/pkg-config ...ok 2023-06-19T08:02:45.1998491Z ERROR: no gettext binaries found 2023-06-19T08:02:45.1999746Z checking for xgettext ... fail 2023-06-19T08:02:45.2008403Z make[2]: *** [Makefile:263: /builder/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/tvheadend-2023-06-05/.configured_a17fb5ef857664f03cd0ce37cc5ea591] Error 1 Signed-off-by: Marius Dinu --- multimedia/tvheadend/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/multimedia/tvheadend/Makefile b/multimedia/tvheadend/Makefile index 8032c41d4..f33b66662 100644 --- a/multimedia/tvheadend/Makefile +++ b/multimedia/tvheadend/Makefile @@ -16,6 +16,7 @@ PKG_LICENSE_FILES:=LICENSE.md PKG_BUILD_PARALLEL:=1 PKG_FIXUP:=autoreconf PKG_BUILD_FLAGS:=no-mips16 +PKG_BUILD_DEPENDS:=gettext-full/host include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/nls.mk From be829c1486c5fca7dc1cd31813b12b946564f074 Mon Sep 17 00:00:00 2001 From: Wojciech Dubowik Date: Thu, 15 Jun 2023 16:08:16 +0200 Subject: [PATCH 42/90] linuxptp: Update to 4.0 Major changes since version 3.1.1: * Officially supports the 2019 version of IEEE 1588 * Improved unicast messaging * Enhanced G.8275.2 profile * More flexible Pulse Per Second (PPS) handling * Virtual clock support * Power profile support * VLAN over bond support. * Parallel Redundancy Protocol (PRP) trailer handling. * Non-privileged read-only monitoring port. * New statistics reporting. [V2] * reset package release * adapt license name to the new format Signed-off-by: Wojciech Dubowik --- net/linuxptp/Makefile | 8 ++++---- net/linuxptp/patches/010-64bit.patch | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/net/linuxptp/Makefile b/net/linuxptp/Makefile index 762d5db6d..ca1732c25 100644 --- a/net/linuxptp/Makefile +++ b/net/linuxptp/Makefile @@ -8,15 +8,15 @@ include $(TOPDIR)/rules.mk PKG_NAME:=linuxptp -PKG_VERSION:=3.1.1 -PKG_RELEASE:=2 +PKG_VERSION:=4.0 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tgz PKG_SOURCE_URL:=@SF/$(PKG_NAME)/v$(PKG_VERSION) -PKG_HASH:=94d6855f9b7f2d8e9b0ca6d384e3fae6226ce6fc012dbad02608bdef3be1c0d9 +PKG_HASH:=d27d5ef296bb3d285e22e69f75ae023b4b42a2f4655130d6d390d8afcbc3d933 PKG_MAINTAINER:=Wojciech Dubowik -PKG_LICENSE:=GPL-2.0 +PKG_LICENSE:=GPL-2.0-only PKG_LICENSE_FILES:=COPYING include $(INCLUDE_DIR)/package.mk diff --git a/net/linuxptp/patches/010-64bit.patch b/net/linuxptp/patches/010-64bit.patch index 043c35e59..3529978dd 100644 --- a/net/linuxptp/patches/010-64bit.patch +++ b/net/linuxptp/patches/010-64bit.patch @@ -1,5 +1,5 @@ ---- a/ts2phc_slave.c -+++ b/ts2phc_slave.c +--- a/ts2phc_pps_sink.c ++++ b/ts2phc_pps_sink.c @@ -4,6 +4,9 @@ * @note Copyright (C) 2019 Balint Ferencz * @note SPDX-License-Identifier: GPL-2.0+ From 23a9cd519ca6f5a0e0a23518d4cb1470720f3438 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Wed, 14 Jun 2023 15:18:29 +0200 Subject: [PATCH 43/90] h2o: Build libh2o-evloop without yaml support The only package using this library, dnsdist, does not require it so let's save space and PSS memory. Signed-off-by: Remi Gacogne --- libs/h2o/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libs/h2o/Makefile b/libs/h2o/Makefile index e7529d1e2..30241356f 100644 --- a/libs/h2o/Makefile +++ b/libs/h2o/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=h2o PKG_VERSION:=2.2.6 -PKG_RELEASE:=13 +PKG_RELEASE:=14 PKG_SOURCE_URL:=https://codeload.github.com/h2o/h2o/tar.gz/v${PKG_VERSION}? PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz @@ -26,7 +26,7 @@ define Package/libh2o-evloop CATEGORY:=Libraries TITLE:=H2O Library compiled with its own event loop URL:=https://h2o.examp1e.net/ - DEPENDS:=+libopenssl +zlib +libyaml + DEPENDS:=+libopenssl +zlib endef define Package/libh2o From 1246b81bc28bf47467424d27ce1b9fd176d38106 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Wed, 14 Jun 2023 15:19:58 +0200 Subject: [PATCH 44/90] h2o: Do not initialize the mime types map at startup The map takes a fair amount of memory and the only consumer of this library, dnsdist, does not need it. Signed-off-by: Remi Gacogne --- libs/h2o/patches/700-no-mime-map.patch | 73 ++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 libs/h2o/patches/700-no-mime-map.patch diff --git a/libs/h2o/patches/700-no-mime-map.patch b/libs/h2o/patches/700-no-mime-map.patch new file mode 100644 index 000000000..7fccfa6fb --- /dev/null +++ b/libs/h2o/patches/700-no-mime-map.patch @@ -0,0 +1,73 @@ +--- a/lib/core/config.c ++++ b/lib/core/config.c +@@ -1,3 +1,4 @@ ++ + /* + * Copyright (c) 2014-2016 DeNA Co., Ltd. + * +@@ -37,7 +38,9 @@ static h2o_hostconf_t *create_hostconf(h + hostconf->http2.push_preload = 1; /* enabled by default */ + h2o_config_init_pathconf(&hostconf->fallback_path, globalconf, NULL, globalconf->mimemap); + hostconf->mimemap = globalconf->mimemap; +- h2o_mem_addref_shared(hostconf->mimemap); ++ if (hostconf->mimemap) { ++ h2o_mem_addref_shared(hostconf->mimemap); ++ } + return hostconf; + } + +@@ -54,7 +57,9 @@ static void destroy_hostconf(h2o_hostcon + } + free(hostconf->paths.entries); + h2o_config_dispose_pathconf(&hostconf->fallback_path); +- h2o_mem_release_shared(hostconf->mimemap); ++ if (hostconf->mimemap) { ++ h2o_mem_release_shared(hostconf->mimemap); ++ } + + free(hostconf); + } +@@ -136,8 +141,10 @@ void h2o_config_init_pathconf(h2o_pathco + h2o_chunked_register(pathconf); + if (path != NULL) + pathconf->path = h2o_strdup(NULL, path, SIZE_MAX); +- h2o_mem_addref_shared(mimemap); +- pathconf->mimemap = mimemap; ++ if (mimemap) { ++ h2o_mem_addref_shared(mimemap); ++ pathconf->mimemap = mimemap; ++ } + pathconf->error_log.emit_request_errors = 1; + } + +@@ -190,7 +197,7 @@ void h2o_config_init(h2o_globalconf_t *c + config->http2.latency_optimization.max_additional_delay = 10; + config->http2.latency_optimization.max_cwnd = 65535; + config->http2.callbacks = H2O_HTTP2_CALLBACKS; +- config->mimemap = h2o_mimemap_create(); ++ // config->mimemap = h2o_mimemap_create(); + + h2o_configurator__init_core(config); + } +@@ -279,7 +286,9 @@ void h2o_config_dispose(h2o_globalconf_t + } + free(config->hosts); + +- h2o_mem_release_shared(config->mimemap); ++ if (config->mimemap) { ++ h2o_mem_release_shared(config->mimemap); ++ } + h2o_configurator__dispose_configurators(config); + } + +--- a/lib/core/request.c ++++ b/lib/core/request.c +@@ -486,7 +486,7 @@ void h2o_req_fill_mime_attributes(h2o_re + ssize_t content_type_index; + h2o_mimemap_type_t *mime; + +- if (req->res.mime_attr != NULL) ++ if (req->res.mime_attr != NULL || req->pathconf->mimemap == NULL) + return; + + if ((content_type_index = h2o_find_header(&req->res.headers, H2O_TOKEN_CONTENT_TYPE, -1)) != -1 && From b53a83815f7a496e60b1e4d4347b1bebf4913207 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Wed, 14 Jun 2023 15:22:03 +0200 Subject: [PATCH 45/90] h2o: Reduce the size of the default HTTP2 buffer The initial value takes 80kB of memory for each HTTP/2 connection which is a lot on small devices. Using 8kB instead saves a fair amount of memory without sacrificing performance. Signed-off-by: Remi Gacogne --- libs/h2o/patches/800-smaller-write-buffer.patch | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 libs/h2o/patches/800-smaller-write-buffer.patch diff --git a/libs/h2o/patches/800-smaller-write-buffer.patch b/libs/h2o/patches/800-smaller-write-buffer.patch new file mode 100644 index 000000000..5527ad57d --- /dev/null +++ b/libs/h2o/patches/800-smaller-write-buffer.patch @@ -0,0 +1,11 @@ +--- a/include/h2o/http2_internal.h ++++ b/include/h2o/http2_internal.h +@@ -33,7 +33,7 @@ + typedef struct st_h2o_http2_conn_t h2o_http2_conn_t; + typedef struct st_h2o_http2_stream_t h2o_http2_stream_t; + +-#define H2O_HTTP2_DEFAULT_OUTBUF_SIZE 81920 /* the target size of each write call; connection flow control window + alpha */ ++#define H2O_HTTP2_DEFAULT_OUTBUF_SIZE 8192 /* the target size of each write call; connection flow control window + alpha */ + #define H2O_HTTP2_DEFAULT_OUTBUF_SOFT_MAX_SIZE 524288 /* 512KB; stops reading if size exceeds this value */ + + /* hpack */ From 27b4291bd474f1517fc1a00ee7b8e7e69ded8a55 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Mon, 19 Jun 2023 17:25:04 +0800 Subject: [PATCH 46/90] gitlab-runner: Update to 16.0.2 * Added test.sh script * Fixed build with riscv64 * Passed package version via go ldflags * Refreshed patches * Removed useless test binaries from package Signed-off-by: Tianling Shen --- devel/gitlab-runner/Makefile | 15 ++++++++++++--- devel/gitlab-runner/patches/010-test.patch | 2 +- devel/gitlab-runner/test.sh | 3 +++ 3 files changed, 16 insertions(+), 4 deletions(-) create mode 100644 devel/gitlab-runner/test.sh diff --git a/devel/gitlab-runner/Makefile b/devel/gitlab-runner/Makefile index 575db4707..801119e07 100644 --- a/devel/gitlab-runner/Makefile +++ b/devel/gitlab-runner/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=gitlab-runner -PKG_VERSION:=14.3.2 -PKG_RELEASE:=2 +PKG_VERSION:=16.0.2 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://gitlab.com/gitlab-org/gitlab-runner/-/archive/v$(PKG_VERSION) -PKG_HASH:=f67aeae05349f5c612ea5d8772407237caf4da586c0365e3c7edceec6b853d8c +PKG_HASH:=f874b9babe21ae04007abfc901e9ad4c0c1ec22095d4de3e22e176914683cb5d PKG_MAINTAINER:=Jan Pavlinec PKG_LICENSE:=MIT @@ -23,7 +23,9 @@ PKG_BUILD_DIR:=$(BUILD_DIR)/gitlab-runner-v$(PKG_VERSION) PKG_BUILD_DEPENDS:=golang/host PKG_BUILD_PARALLEL:=1 PKG_BUILD_FLAGS:=no-mips16 + GO_PKG:=gitlab.com/gitlab-org/gitlab-runner +GO_PKG_LDFLAGS_X:=$(GO_PKG)/common.VERSION=$(PKG_VERSION) include $(INCLUDE_DIR)/package.mk include ../../lang/golang/golang-package.mk @@ -41,5 +43,12 @@ define Package/gitlab-runner/description GitLab CI/CD to run jobs in a pipeline. endef +define Package/gitlab-runner/install + $(call GoPackage/Package/Install/Bin,$(PKG_INSTALL_DIR)) + $(INSTALL_DIR) $(1)/usr/bin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/gitlab-runner $(1)/usr/bin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/gitlab-runner-helper $(1)/usr/bin/ +endef + $(eval $(call GoBinPackage,gitlab-runner)) $(eval $(call BuildPackage,gitlab-runner)) diff --git a/devel/gitlab-runner/patches/010-test.patch b/devel/gitlab-runner/patches/010-test.patch index 5bf5dfbe8..f66940508 100644 --- a/devel/gitlab-runner/patches/010-test.patch +++ b/devel/gitlab-runner/patches/010-test.patch @@ -1,6 +1,6 @@ --- a/common/buildtest/masking.go +++ b/common/buildtest/masking.go -@@ -45,7 +45,7 @@ func RunBuildWithMasking(t *testing.T, c +@@ -55,7 +55,7 @@ func RunBuildWithMasking(t *testing.T, c buf.Finish() diff --git a/devel/gitlab-runner/test.sh b/devel/gitlab-runner/test.sh new file mode 100644 index 000000000..151714709 --- /dev/null +++ b/devel/gitlab-runner/test.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +gitlab-runner --version | grep "$PKG_VERSION" From ca01c1bf59140e7bee13a4da8c91c759f9eec069 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Tue, 13 Jun 2023 17:48:27 +0200 Subject: [PATCH 47/90] dnsdist: Split in two packages `dnsdist` and `dnsdist-full` `dnsdist-full` has all optional features enabled, but is a big package in term of both flash and memory footprint. `dnsdist` only keeps the features that make the most sense on embeded devices, but can also be customised to match the user's needs, up to the point where it matches `dnsdist-full`. Signed-off-by: Remi Gacogne --- net/dnsdist/Makefile | 351 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 277 insertions(+), 74 deletions(-) diff --git a/net/dnsdist/Makefile b/net/dnsdist/Makefile index 33ff21eea..b060105f6 100644 --- a/net/dnsdist/Makefile +++ b/net/dnsdist/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsdist PKG_VERSION:=1.8.0 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://downloads.powerdns.com/releases/ @@ -16,7 +16,6 @@ PKG_CPE_ID:=cpe:/a:powerdns:dnsdist PKG_INSTALL:=1 PKG_BUILD_PARALLEL:=1 -PKG_ASLR_PIE:=0 PKG_BUILD_DEPENDS:=boost PKG_CONFIG_DEPENDS:= \ @@ -25,6 +24,35 @@ PKG_CONFIG_DEPENDS:= \ include $(INCLUDE_DIR)/package.mk +define Package/dnsdist/Default + SECTION:=net + CATEGORY:=Network + SUBMENU:=IP Addresses and Names + TITLE:=dnsdist DNS-, DOS- and abuse-aware loadbalancer $(2) + USERID:=dnsdist:dnsdist + DEPENDS:= \ + +ca-bundle \ + +libatomic \ + +libcap \ + +libstdcpp \ + +luajit + URL:=https://dnsdist.org/ + VARIANT:=$(1) + PROVIDES:=dnsdist +endef + +define Package/dnsdist/description/Default + dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life + is to route traffic to the best server, delivering top performance to legitimate + users while shunting or blocking abusive traffic. +endef + +define Package/dnsdist/conffiles/Default +/etc/dnsdist.conf +/etc/config/dnsdist +/etc/init.d/dnsdist +endef + define Package/dnsdist/config menu "Configuration" depends on PACKAGE_dnsdist @@ -34,12 +62,12 @@ menu "Configuration" prompt "Selected SSL library" default DNSDIST_OPENSSL - config DNSDIST_OPENSSL - bool "OpenSSL" - config DNSDIST_GNUTLS bool "GnuTLS" + config DNSDIST_OPENSSL + bool "OpenSSL" + config DNSDIST_NOSSL bool "No SSL support" @@ -57,6 +85,7 @@ menu "Configuration" default y config DNSDIST_DNS_OVER_HTTPS_OUTGOING + depends on DNSDIST_OPENSSL depends on !DNSDIST_NOSSL bool "Outgoing DNS over HTTPS Support" help @@ -70,93 +99,168 @@ menu "Configuration" "Enabled DNS over TLS Support for dnsdist" default y - config DNSDIST_NET_SNMP - bool "Net-SNMP support" + config DNSDIST_CARBON + bool "CARBON support" help - "Enable Net-SNMP support for dnsdist" - default y + "Enable Carbon (Graphite) support for dnsdist" + default n - config DNSDIST_RE2 - bool "RE2 support" + config DNSDIST_LMDB + bool "LMDB support" help - "Enable RE2 support for dnsdist" - default y + "Enable LMDB support for dnsdist" + default n + + config DNSDIST_COMPLETION + bool "Console completion support" + help + "Enable console completion for dnsdist" + default n + + config DNSDIST_DEBUG_SYMBOLS + bool "Debug symbols" + help + "Enable debug symbols in the dnsdist binary" + default n + + config DNSDIST_DELAY_PIPE + bool "Delay action support" + help + "Enable delay action support for dnsdist" + default n + + config DNSDIST_DYNBLOCKS + bool "Dynamic blocks support" + help + "Enable dynamic blocks support for dnsdist" + default n config DNSDIST_DNSTAP bool "DNSTAP support" help "Enable DNSTAP support for dnsdist" + default n + + config DNSDIST_EBPF + bool "eBPF support" + help + "Enable eBPF support for dnsdist" + default n + + config DNSDIST_ECS_ACTIONS + bool "ECS actions" + help + "Enable actions that control EDNS Client Subnet support for dnsdist" + default n + + config DNSDIST_HASHED + bool "Hashed credentials" + help + "Enable credentials hashing support for dnsdist" + default n + + config DNSDIST_IPCIPHER + bool "IP cipher support" + help + "Enable IP cipher support for dnsdist" + default n + + config DNSDIST_LIBEDIT + bool "Build with libedit" + help + "Build with libedit - for completion, history and line editing" + default n + + config DNSDIST_LMDB + bool "LMDB support" + help + "Enable LMDB support for dnsdist" + default n + + config DNSDIST_LUA_ADVANCED + bool "Lua advanced bindings" + help + "Enable Lua bindings for queries and responses manipulation in dnsdist" + default n + + config DNSDIST_MAC + bool "MAC address support" + help + "Enable MAC address in ring buffers support for dnsdist" default y + config DNSDIST_NET_SNMP + bool "Net-SNMP support" + help + "Enable Net-SNMP support for dnsdist" + default n + + config DNSDIST_OCSP_STAPLING + bool "OCSP Stapling support" + help + "Enable OCSP Stapling support for dnsdist" + default n + + config DNSDIST_PIE + bool "Position Independent Executable" + help + "Build dnsdist as a Position-Independent executable. This is required to benefit from ASLR, but significantly increases the required disk space and memory usage" + default n + + config DNSDIST_PROTOBUF + bool "Protobuf support" + help + "Enable exporting queries and responses over Protocol Buffer for dnsdist" + default n + + config DNSDIST_PROMETHEUS + bool "Prometheus support" + help + "Enable Prometheus support for dnsdist" + default n + + config DNSDIST_RE2 + bool "RE2 support" + help + "Enable RE2 support for dnsdist" + default n + + config DNSDIST_RULES_ALTER + bool "Rules altering queries" + help + "Enable rules altering queries for dnsdist" + default n + + config DNSDIST_SECPOLL + bool "Security polling" + help + "Enable security polling support for dnsdist" + default n + config DNSDIST_SODIUM bool "Build with libsodium" help "Build with libsodium - for encrypted console connections, and DNSCrypt" - default y + default n + + config DNSDIST_TOP_N + bool "Top N bindings" + help + "Enable bindings to get the top N queries and responses in dnsdist" + default n + + config DNSDIST_WEB + bool "Internal web server" + help + "Enable support for the internal web server in dnsdist" + default n + endmenu endef -define Package/dnsdist - SECTION:=net - CATEGORY:=Network - SUBMENU:=IP Addresses and Names - TITLE:=dnsdist DNS-, DOS- and abuse-aware loadbalancer - DEPENDS:= \ - +DNSDIST_DNS_OVER_HTTPS:libh2o-evloop \ - +DNSDIST_DNS_OVER_HTTPS_OUTGOING:libnghttp2 \ - +DNSDIST_GNUTLS:libgnutls \ - +DNSDIST_OPENSSL:libopenssl \ - +DNSDIST_NET_SNMP:libnetsnmp \ - +DNSDIST_RE2:re2 \ - +DNSDIST_DNSTAP:libfstrm \ - +DNSDIST_SODIUM:libsodium \ - +libatomic \ - +libcap \ - +libedit \ - +libstdcpp \ - +lmdb \ - +luajit \ - +tinycdb - URL:=https://dnsdist.org/ -endef - -define Package/dnsdist/description - dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life - is to route traffic to the best server, delivering top performance to legitimate - users while shunting or blocking abusive traffic. -endef - -define Package/dnsdist/conffiles -/etc/dnsdist.conf -/etc/config/dnsdist -/etc/init.d/dnsdist -endef - -# not everything groks --disable-nls -DISABLE_NLS:= - -# OpenWRT's setting of CXX destroys dnsdist's -std=c++17 -# --with-re2 compensates for that because it compensates for a bug in re2.pc that also destroys it -# so this addition is for the --without-re2 case -# -# none of this is pretty -TARGET_CXX+=-std=c++17 - -CONFIGURE_ARGS+= \ - --with-pic \ - --with-lua=luajit \ - $(if $(CONFIG_DNSDIST_SODIUM),--enable-dnscrypt --with-libsodium,--disable-dnscrypt --without-libsodium) \ - $(if $(CONFIG_DNSDIST_DNSTAP),--enable-dnstap=yes,--enable-dnstap=no) \ - $(if $(CONFIG_DNSDIST_RE2),--with,--without)-re2 \ - $(if $(CONFIG_DNSDIST_NET_SNMP),--with,--without)-net-snmp \ - $(if $(CONFIG_DNSDIST_GNUTLS),--with,--without)-gnutls \ - $(if $(CONFIG_DNSDIST_OPENSSL),--with,--without)-libssl \ - $(if $(CONFIG_DNSDIST_DNS_OVER_TLS),--enable-dns-over-tls,) \ - $(if $(CONFIG_DNSDIST_DNS_OVER_HTTPS),--enable-dns-over-https,) \ - $(if $(CONFIG_DNSDIST_DNS_OVER_HTTPS_OUTGOING),--with,--without)-nghttp2 - -define Package/dnsdist/install +define Package/dnsdist/install/Default $(INSTALL_DIR) $(1)/etc + $(INSTALL_DIR) $(1)/etc/dnsdist.conf.d $(INSTALL_CONF) ./files/dnsdist.conf $(1)/etc/dnsdist.conf $(INSTALL_DIR) $(1)/etc/config $(INSTALL_CONF) ./files/dnsdist.config $(1)/etc/config/dnsdist @@ -166,4 +270,103 @@ define Package/dnsdist/install $(INSTALL_BIN) $(PKG_BUILD_DIR)/dnsdist $(1)/usr/bin/ endef +define Package/dnsdist + $(call Package/dnsdist/Default,mini,- minimal version with a restricted feature set) + DEPENDS+= \ + +DNSDIST_LIBEDIT:libedit \ + +DNSDIST_DNSTAP:libfstrm \ + +DNSDIST_GNUTLS:libgnutls \ + +DNSDIST_DNS_OVER_HTTPS:libh2o-evloop \ + +DNSDIST_NET_SNMP:libnetsnmp \ + +DNSDIST_DNS_OVER_HTTPS_OUTGOING:libnghttp2 \ + +DNSDIST_OPENSSL:libopenssl \ + +DNSDIST_SODIUM:libsodium \ + +DNSDIST_LMDB:lmdb \ + +DNSDIST_CDB:tinycdb \ + +DNSDIST_RE2:re2 +endef + +Package/dnsdist/description=$(call Package/dnsdist/description/Default) +Package/dnsdist/conffiles=$(call Package/dnsdist/conffiles/Default) +Package/dnsdist/install=$(call Package/dnsdist/install/Default,$1) + +define Package/dnsdist-full + $(call Package/dnsdist/Default,full,- full version with all the features built in) + DEPENDS+= \ + +libedit \ + +libfstrm \ + +libgnutls \ + +libh2o-evloop \ + +libnetsnmp \ + +libnghttp2 \ + +libopenssl \ + +libsodium \ + +lmdb \ + +tinycdb \ + +re2 +endef +Package/dnsdist-full/description=$(call Package/dnsdist/description/Default) +Package/dnsdist-full/conffiles=$(call Package/dnsdist/conffiles/Default) +Package/dnsdist-full/install=$(call Package/dnsdist/install/Default,$1) + +# not everything groks --disable-nls +DISABLE_NLS:= + +# disable PIE for this package, see CONFIG_DNSDIST_PIE +PKG_ASLR_PIE:=0 + +ifneq ($(CONFIG_DNSDIST_DEBUG_SYMBOLS),) + RSTRIP:=: + STRIP:=: +endif + +IsEnabled = $(or $(filter full,$(BUILD_VARIANT)),$(CONFIG_$(1))) + +# OpenWRT's setting of CXX destroys dnsdist's -std=c++17 +# --with-re2 compensates for that because it compensates for a bug in re2.pc that also destroys it +# so this addition is for the --without-re2 case +# +# none of this is pretty +TARGET_CXX+=-std=c++17 +TARGET_CFLAGS+=-Os -fvisibility=hidden -flto -fno-ipa-cp -DNDEBUG +TARGET_CXXFLAGS+=-Os -fvisibility=hidden -flto -fno-ipa-cp -DNDEBUG \ + -DDISABLE_DEPRECATED_DYNBLOCK -DDISABLE_RECVMMSG -DDISABLE_NPN -DDISABLE_FALSE_SHARING_PADDING -DUSE_SINGLE_ACCEPTOR_THREAD -DOPENSSL_NO_ENGINE -DDISABLE_OPENSSL_ERROR_STRINGS \ + $(if $(call IsEnabled,DNSDIST_CARBON),,-DDISABLE_CARBON) \ + $(if $(call IsEnabled,DNSDIST_COMPLETION),,-DDISABLE_COMPLETION) \ + $(if $(call IsEnabled,DNSDIST_DEBUG_SYMBOLS),-g3,) \ + $(if $(call IsEnabled,DNSDIST_DELAY_PIPE),,-DDISABLE_DELAY_PIPE) \ + $(if $(call IsEnabled,DNSDIST_DYNBLOCKS),,-DDISABLE_DYNBLOCKS) \ + $(if $(call IsEnabled,DNSDIST_ECS_ACTIONS),,-DDISABLE_ECS_ACTIONS) \ + $(if $(call IsEnabled,DNSDIST_HASHED),,-DDISABLE_HASHED_CREDENTIALS) \ + $(if $(call IsEnabled,DNSDIST_LUA_ADVANCED),,-DDISABLE_NON_FFI_DQ_BINDINGS -DDISABLE_POLICIES_BINDINGS -DDISABLE_DOWNSTREAM_BINDINGS -DDISABLE_DNSHEADER_BINDINGS -DDISABLE_COMBO_ADDR_BINDINGS -DDISABLE_QPS_LIMITER_BINDINGS -DDISABLE_PACKETCACHE_BINDINGS -DDISABLE_CLIENT_STATE_BINDINGS -DDISABLE_DNSPACKET_BINDINGS -DDISABLE_LUA_BINDINGS_RINGS) \ + $(if $(call IsEnabled,DNSDIST_MAC),-DDNSDIST_RINGS_WITH_MACADDRESS,) \ + $(if $(call IsEnabled,DNSDIST_OCSP_STAPLING),,-DDISABLE_OCSP_STAPLING) \ + $(if $(call IsEnabled,DNSDIST_PROTOBUF),,-DDISABLE_PROTOBUF) \ + $(if $(call IsEnabled,DNSDIST_PROMETHEUS),,-DDISABLE_PROMETHEUS) \ + $(if $(call IsEnabled,DNSDIST_RULES_ALTER),,-DDISABLE_RULES_ALTERING_QUERIES) \ + $(if $(call IsEnabled,DNSDIST_SECPOLL),,-DDISABLE_SECPOLL) \ + $(if $(call IsEnabled,DNSDIST_TOP_N),,-DDISABLE_TOP_N_BINDINGS) \ + $(if $(call IsEnabled,DNSDIST_WEB),,-DDISABLE_WEB_CONFIG -DDISABLE_BUILTIN_HTML -DDISABLE_LUA_WEB_HANDLERS) + +CONFIGURE_ARGS+= \ + --with-pic \ + --with-lua=luajit \ + --with-libcap \ + $(if $(call IsEnabled,DNSDIST_PIE),,--disable-hardening) \ + $(if $(call IsEnabled,DNSDIST_SODIUM),--enable-dnscrypt --with-libsodium,--disable-dnscrypt --without-libsodium) \ + $(if $(call IsEnabled,DNSDIST_DNSTAP),--enable-dnstap=yes,--enable-dnstap=no) \ + $(if $(call IsEnabled,DNSDIST_RE2),--with,--without)-re2 \ + $(if $(call IsEnabled,DNSDIST_NET_SNMP),--with,--without)-net-snmp \ + $(if $(call IsEnabled,DNSDIST_GNUTLS),--with,--without)-gnutls \ + $(if $(call IsEnabled,DNSDIST_OPENSSL),--with,--without)-libssl \ + $(if $(call IsEnabled,DNSDIST_DNS_OVER_TLS),--enable-dns-over-tls,) \ + $(if $(call IsEnabled,DNSDIST_CDB),--with,--without)-cdb \ + $(if $(call IsEnabled,DNSDIST_LMDB),--with,--without)-lmdb \ + $(if $(call IsEnabled,DNSDIST_LIBEDIT),--with,--without)-libedit \ + $(if $(call IsEnabled,DNSDIST_IPCIPHER),--enable,--disable)-ipcipher \ + $(if $(call IsEnabled,DNSDIST_EBPF),--with,--without)-ebpf \ + $(if $(call IsEnabled,DNSDIST_DNS_OVER_HTTPS),--enable-dns-over-https,) \ + $(if $(call IsEnabled,DNSDIST_DNS_OVER_HTTPS_OUTGOING),--with,--without)-nghttp2 + $(eval $(call BuildPackage,dnsdist)) +$(eval $(call BuildPackage,dnsdist-full)) From 2b19da613f135181ed620128afa46bf74d212d4f Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Mon, 19 Jun 2023 09:48:08 +0200 Subject: [PATCH 48/90] dnsdist: Move the configuration to Config.in Signed-off-by: Remi Gacogne --- net/dnsdist/Config.in | 202 +++++++++++++++++++++++++++++++++++++++++ net/dnsdist/Makefile | 203 +----------------------------------------- 2 files changed, 203 insertions(+), 202 deletions(-) create mode 100644 net/dnsdist/Config.in diff --git a/net/dnsdist/Config.in b/net/dnsdist/Config.in new file mode 100644 index 000000000..7eaec7ae9 --- /dev/null +++ b/net/dnsdist/Config.in @@ -0,0 +1,202 @@ +menu "Configuration" + depends on PACKAGE_dnsdist + + comment "SSL Support" + choice + prompt "Selected SSL library" + default DNSDIST_OPENSSL + + config DNSDIST_GNUTLS + bool "GnuTLS" + + config DNSDIST_OPENSSL + bool "OpenSSL" + + config DNSDIST_NOSSL + bool "No SSL support" + + endchoice + + comment "DNS over HTTPS/TLS Support" + depends on !DNSDIST_NOSSL + + config DNSDIST_DNS_OVER_HTTPS + depends on DNSDIST_OPENSSL + depends on !DNSDIST_NOSSL + bool "DNS over HTTPS Support" + help + "Enables DNS over HTTPS Support for dnsdist" + default y + + config DNSDIST_DNS_OVER_HTTPS_OUTGOING + depends on DNSDIST_OPENSSL + depends on !DNSDIST_NOSSL + bool "Outgoing DNS over HTTPS Support" + help + "Enables Outgoing DNS over HTTPS Support for dnsdist" + default y + + config DNSDIST_DNS_OVER_TLS + depends on !DNSDIST_NOSSL + bool "DNS over TLS Support" + help + "Enabled DNS over TLS Support for dnsdist" + default y + + config DNSDIST_CARBON + bool "CARBON support" + help + "Enable Carbon (Graphite) support for dnsdist" + default n + + config DNSDIST_LMDB + bool "LMDB support" + help + "Enable LMDB support for dnsdist" + default n + + config DNSDIST_COMPLETION + bool "Console completion support" + help + "Enable console completion for dnsdist" + default n + + config DNSDIST_DEBUG_SYMBOLS + bool "Debug symbols" + help + "Enable debug symbols in the dnsdist binary" + default n + + config DNSDIST_DELAY_PIPE + bool "Delay action support" + help + "Enable delay action support for dnsdist" + default n + + config DNSDIST_DYNBLOCKS + bool "Dynamic blocks support" + help + "Enable dynamic blocks support for dnsdist" + default n + + config DNSDIST_DNSTAP + bool "DNSTAP support" + help + "Enable DNSTAP support for dnsdist" + default n + + config DNSDIST_EBPF + bool "eBPF support" + help + "Enable eBPF support for dnsdist" + default n + + config DNSDIST_ECS_ACTIONS + bool "ECS actions" + help + "Enable actions that control EDNS Client Subnet support for dnsdist" + default n + + config DNSDIST_HASHED + bool "Hashed credentials" + help + "Enable credentials hashing support for dnsdist" + default n + + config DNSDIST_IPCIPHER + bool "IP cipher support" + help + "Enable IP cipher support for dnsdist" + default n + + config DNSDIST_LIBEDIT + bool "Build with libedit" + help + "Build with libedit - for completion, history and line editing" + default n + + config DNSDIST_LMDB + bool "LMDB support" + help + "Enable LMDB support for dnsdist" + default n + + config DNSDIST_LUA_ADVANCED + bool "Lua advanced bindings" + help + "Enable Lua bindings for queries and responses manipulation in dnsdist" + default n + + config DNSDIST_MAC + bool "MAC address support" + help + "Enable MAC address in ring buffers support for dnsdist" + default y + + config DNSDIST_NET_SNMP + bool "Net-SNMP support" + help + "Enable Net-SNMP support for dnsdist" + default n + + config DNSDIST_OCSP_STAPLING + bool "OCSP Stapling support" + help + "Enable OCSP Stapling support for dnsdist" + default n + + config DNSDIST_PIE + bool "Position Independent Executable" + help + "Build dnsdist as a Position-Independent executable. This is required to benefit from ASLR, but significantly increases the required disk space and memory usage" + default n + + config DNSDIST_PROTOBUF + bool "Protobuf support" + help + "Enable exporting queries and responses over Protocol Buffer for dnsdist" + default n + + config DNSDIST_PROMETHEUS + bool "Prometheus support" + help + "Enable Prometheus support for dnsdist" + default n + + config DNSDIST_RE2 + bool "RE2 support" + help + "Enable RE2 support for dnsdist" + default n + + config DNSDIST_RULES_ALTER + bool "Rules altering queries" + help + "Enable rules altering queries for dnsdist" + default n + + config DNSDIST_SECPOLL + bool "Security polling" + help + "Enable security polling support for dnsdist" + default n + + config DNSDIST_SODIUM + bool "Build with libsodium" + help + "Build with libsodium - for encrypted console connections, and DNSCrypt" + default n + + config DNSDIST_TOP_N + bool "Top N bindings" + help + "Enable bindings to get the top N queries and responses in dnsdist" + default n + + config DNSDIST_WEB + bool "Internal web server" + help + "Enable support for the internal web server in dnsdist" + default n + +endmenu diff --git a/net/dnsdist/Makefile b/net/dnsdist/Makefile index b060105f6..52d1373e9 100644 --- a/net/dnsdist/Makefile +++ b/net/dnsdist/Makefile @@ -54,208 +54,7 @@ define Package/dnsdist/conffiles/Default endef define Package/dnsdist/config -menu "Configuration" - depends on PACKAGE_dnsdist - - comment "SSL Support" - choice - prompt "Selected SSL library" - default DNSDIST_OPENSSL - - config DNSDIST_GNUTLS - bool "GnuTLS" - - config DNSDIST_OPENSSL - bool "OpenSSL" - - config DNSDIST_NOSSL - bool "No SSL support" - - endchoice - - comment "DNS over HTTPS/TLS Support" - depends on !DNSDIST_NOSSL - - config DNSDIST_DNS_OVER_HTTPS - depends on DNSDIST_OPENSSL - depends on !DNSDIST_NOSSL - bool "DNS over HTTPS Support" - help - "Enables DNS over HTTPS Support for dnsdist" - default y - - config DNSDIST_DNS_OVER_HTTPS_OUTGOING - depends on DNSDIST_OPENSSL - depends on !DNSDIST_NOSSL - bool "Outgoing DNS over HTTPS Support" - help - "Enables Outgoing DNS over HTTPS Support for dnsdist" - default y - - config DNSDIST_DNS_OVER_TLS - depends on !DNSDIST_NOSSL - bool "DNS over TLS Support" - help - "Enabled DNS over TLS Support for dnsdist" - default y - - config DNSDIST_CARBON - bool "CARBON support" - help - "Enable Carbon (Graphite) support for dnsdist" - default n - - config DNSDIST_LMDB - bool "LMDB support" - help - "Enable LMDB support for dnsdist" - default n - - config DNSDIST_COMPLETION - bool "Console completion support" - help - "Enable console completion for dnsdist" - default n - - config DNSDIST_DEBUG_SYMBOLS - bool "Debug symbols" - help - "Enable debug symbols in the dnsdist binary" - default n - - config DNSDIST_DELAY_PIPE - bool "Delay action support" - help - "Enable delay action support for dnsdist" - default n - - config DNSDIST_DYNBLOCKS - bool "Dynamic blocks support" - help - "Enable dynamic blocks support for dnsdist" - default n - - config DNSDIST_DNSTAP - bool "DNSTAP support" - help - "Enable DNSTAP support for dnsdist" - default n - - config DNSDIST_EBPF - bool "eBPF support" - help - "Enable eBPF support for dnsdist" - default n - - config DNSDIST_ECS_ACTIONS - bool "ECS actions" - help - "Enable actions that control EDNS Client Subnet support for dnsdist" - default n - - config DNSDIST_HASHED - bool "Hashed credentials" - help - "Enable credentials hashing support for dnsdist" - default n - - config DNSDIST_IPCIPHER - bool "IP cipher support" - help - "Enable IP cipher support for dnsdist" - default n - - config DNSDIST_LIBEDIT - bool "Build with libedit" - help - "Build with libedit - for completion, history and line editing" - default n - - config DNSDIST_LMDB - bool "LMDB support" - help - "Enable LMDB support for dnsdist" - default n - - config DNSDIST_LUA_ADVANCED - bool "Lua advanced bindings" - help - "Enable Lua bindings for queries and responses manipulation in dnsdist" - default n - - config DNSDIST_MAC - bool "MAC address support" - help - "Enable MAC address in ring buffers support for dnsdist" - default y - - config DNSDIST_NET_SNMP - bool "Net-SNMP support" - help - "Enable Net-SNMP support for dnsdist" - default n - - config DNSDIST_OCSP_STAPLING - bool "OCSP Stapling support" - help - "Enable OCSP Stapling support for dnsdist" - default n - - config DNSDIST_PIE - bool "Position Independent Executable" - help - "Build dnsdist as a Position-Independent executable. This is required to benefit from ASLR, but significantly increases the required disk space and memory usage" - default n - - config DNSDIST_PROTOBUF - bool "Protobuf support" - help - "Enable exporting queries and responses over Protocol Buffer for dnsdist" - default n - - config DNSDIST_PROMETHEUS - bool "Prometheus support" - help - "Enable Prometheus support for dnsdist" - default n - - config DNSDIST_RE2 - bool "RE2 support" - help - "Enable RE2 support for dnsdist" - default n - - config DNSDIST_RULES_ALTER - bool "Rules altering queries" - help - "Enable rules altering queries for dnsdist" - default n - - config DNSDIST_SECPOLL - bool "Security polling" - help - "Enable security polling support for dnsdist" - default n - - config DNSDIST_SODIUM - bool "Build with libsodium" - help - "Build with libsodium - for encrypted console connections, and DNSCrypt" - default n - - config DNSDIST_TOP_N - bool "Top N bindings" - help - "Enable bindings to get the top N queries and responses in dnsdist" - default n - - config DNSDIST_WEB - bool "Internal web server" - help - "Enable support for the internal web server in dnsdist" - default n - -endmenu + source "$(SOURCE)/Config.in" endef define Package/dnsdist/install/Default From a9cda9150232c4907607a3f19ad1d0833541bc89 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Thu, 22 Jun 2023 14:27:18 +0800 Subject: [PATCH 49/90] vsftpd: fix compilation with musl 1.2.4 musl 1.2.4 deprecated legacy "LFS64" ("large file support") interfaces so just having _GNU_SOURCE defined is not enough anymore. Manually pass -D_LARGEFILE64_SOURCE to allow to keep using LFS64 definitions. Signed-off-by: Tianling Shen --- net/vsftpd/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/vsftpd/Makefile b/net/vsftpd/Makefile index ad74c7f92..52853052f 100644 --- a/net/vsftpd/Makefile +++ b/net/vsftpd/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=vsftpd PKG_VERSION:=3.0.5 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://security.appspot.com/downloads/ @@ -52,6 +52,7 @@ Package/vsftpd-tls/conffiles=$(Package/vsftpd/conffiles) ifneq ($(CONFIG_USE_MUSL),) NLSSTRING:=-lcrypt + TARGET_CFLAGS += -D_LARGEFILE64_SOURCE else ifneq ($(CONFIG_USE_GLIBC),) NLSSTRING:=-lcrypt else From 3e454f418da95e4dff75ac2ff995f204dfe3dc2c Mon Sep 17 00:00:00 2001 From: Huangbin Zhan Date: Wed, 14 Jun 2023 12:19:28 +0800 Subject: [PATCH 50/90] haproxy: update to v2.8.0 - New major LTS release (https://www.mail-archive.com/haproxy@formilux.org/msg43600.html) Signed-off-by: Huangbin Zhan --- net/haproxy/Makefile | 6 +++--- net/haproxy/get-latest-patches.sh | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile index 70b776f6a..a1f858c4c 100644 --- a/net/haproxy/Makefile +++ b/net/haproxy/Makefile @@ -10,12 +10,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=haproxy -PKG_VERSION:=2.6.13 +PKG_VERSION:=2.8.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=https://www.haproxy.org/download/2.6/src -PKG_HASH:=d69ff5233dbca657132ef280d111222ec1e33f5be1c1937d4e9ff516f63f5243 +PKG_SOURCE_URL:=https://www.haproxy.org/download/2.8/src +PKG_HASH:=61cdafb5db7e9174d0757b8e4bcde938352306fb7cc8ff2b5f55c26dd48a6cf7 PKG_MAINTAINER:=Thomas Heil , \ Christian Lachner diff --git a/net/haproxy/get-latest-patches.sh b/net/haproxy/get-latest-patches.sh index 2e312cc0a..6b60869c0 100755 --- a/net/haproxy/get-latest-patches.sh +++ b/net/haproxy/get-latest-patches.sh @@ -1,7 +1,7 @@ #!/bin/sh -CLONEURL=https://git.haproxy.org/git/haproxy-2.6.git -BASE_TAG=v2.6.13 +CLONEURL=https://git.haproxy.org/git/haproxy-2.8.git +BASE_TAG=v2.8.0 TMP_REPODIR=tmprepo PATCHESDIR=patches From c3084be415f5c701a319342c85ca626996b5b463 Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Sat, 24 Jun 2023 13:09:40 +0200 Subject: [PATCH 51/90] banip: update 0.8.8-2 * process local lists in strict sequential order to prevent possible race conditions * support ranges in the IP search, too * fix some minor search issues Signed-off-by: Dirk Brenken --- net/banip/Makefile | 2 +- net/banip/files/banip-functions.sh | 11 ++++------- net/banip/files/banip-service.sh | 11 +++-------- 3 files changed, 8 insertions(+), 16 deletions(-) diff --git a/net/banip/Makefile b/net/banip/Makefile index 2aa306ed4..95dc36641 100644 --- a/net/banip/Makefile +++ b/net/banip/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=banip PKG_VERSION:=0.8.8 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/banip/files/banip-functions.sh b/net/banip/files/banip-functions.sh index 92d8e5a2a..a04265f65 100644 --- a/net/banip/files/banip-functions.sh +++ b/net/banip/files/banip-functions.sh @@ -1309,10 +1309,10 @@ f_search() { local item table_sets ip proto hold cnt result_flag="/var/run/banIP.search" input="${1}" if [ -n "${input}" ]; then - ip="$(printf "%s" "${input}" | "${ban_awkcmd}" 'BEGIN{RS="(([0-9]{1,3}\\.){3}[0-9]{1,3})+"}{printf "%s",RT}')" + ip="$(printf "%s" "${input}" | "${ban_awkcmd}" 'BEGIN{RS="(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\/(1?[0-9]|2?[0-9]|3?[0-2]))?[[:space:]]*$)"}{printf "%s",RT}')" [ -n "${ip}" ] && proto="v4" if [ -z "${proto}" ]; then - ip="$(printf "%s" "${input}" | "${ban_awkcmd}" 'BEGIN{RS="([A-Fa-f0-9]{1,4}::?){3,7}[A-Fa-f0-9]{1,4}"}{printf "%s",RT}')" + ip="$(printf "%s" "${input}" | "${ban_awkcmd}" 'BEGIN{RS="(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]].*|$)"}{printf "%s",RT}')" [ -n "${ip}" ] && proto="v6" fi fi @@ -1327,10 +1327,7 @@ f_search() { printf " %s\n" "---" cnt="1" for item in ${table_sets}; do - if [ -f "${result_flag}" ]; then - rm -f "${result_flag}" - return - fi + [ -f "${result_flag}" ] && break ( if "${ban_nftcmd}" get element inet banIP "${item}" "{ ${ip} }" >/dev/null 2>&1; then printf " %s\n" "IP found in Set '${item}'" @@ -1342,7 +1339,7 @@ f_search() { cnt="$((cnt + 1))" done wait - printf " %s\n" "IP not found" + [ -f "${result_flag}" ] && rm -f "${result_flag}" || printf " %s\n" "IP not found" } # Set survey diff --git a/net/banip/files/banip-service.sh b/net/banip/files/banip-service.sh index 1170c8b1d..47abf43ca 100755 --- a/net/banip/files/banip-service.sh +++ b/net/banip/files/banip-service.sh @@ -61,22 +61,17 @@ f_log "info" "start banIP download processes" cnt="1" for feed in allowlist ${ban_feed} blocklist; do - # local feeds + # local feeds (sequential processing) # if [ "${feed}" = "allowlist" ] || [ "${feed}" = "blocklist" ]; then for proto in 4MAC 6MAC 4 6; do [ "${feed}" = "blocklist" ] && wait - (f_down "${feed}" "${proto}") & - [ "${feed}" = "blocklist" ] || { [ "${feed}" = "allowlist" ] && { [ "${proto}" = "4MAC" ] || [ "${proto}" = "6MAC" ]; }; } && wait - hold="$((cnt % ban_cores))" - [ "${hold}" = "0" ] && wait - cnt="$((cnt + 1))" + f_down "${feed}" "${proto}" done - wait continue fi - # external feeds + # external feeds (parallel processing on multicore hardware) # if ! json_select "${feed}" >/dev/null 2>&1; then f_log "info" "remove unknown feed '${feed}'" From 19e926bc91336cf21b2f30c7b63ae9da12403c30 Mon Sep 17 00:00:00 2001 From: John Thomson Date: Sat, 22 Oct 2022 19:04:38 +1000 Subject: [PATCH 52/90] xr_usb_serial_common: bump to 2023-03-31 Fix 6.1 kernel compile git log --oneline ecc6eb.. -- xr_usb_serial_common-1a/ 90ad530166f0 Support Linux 6.1 af618e2eded6 #45 Fix some warnings Signed-off-by: John Thomson --- libs/xr_usb_serial_common/Makefile | 6 +-- ...-compilation-warning-unused-function.patch | 42 ------------------- 2 files changed, 3 insertions(+), 45 deletions(-) delete mode 100644 libs/xr_usb_serial_common/patches/100-fix-compilation-warning-unused-function.patch diff --git a/libs/xr_usb_serial_common/Makefile b/libs/xr_usb_serial_common/Makefile index b8e7ee62f..24ebf2603 100644 --- a/libs/xr_usb_serial_common/Makefile +++ b/libs/xr_usb_serial_common/Makefile @@ -2,13 +2,13 @@ include $(TOPDIR)/rules.mk include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=usb-serial-xr_usb_serial_common -PKG_SOURCE_DATE:=2022-03-30 -PKG_SOURCE_VERSION:=ecc6ebe0141b97942d774e6c6be37a330cc11a74 +PKG_SOURCE_DATE:=2023-03-21 +PKG_SOURCE_VERSION:=90ad530166f096347a5a57b6f9eb21c422a40fd9 PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/kasbert/epsolar-tracer -PKG_MIRROR_HASH:=487c4259211411d3c435284016f90c6770539c0a6f904f3327f18381a33c23e3 +PKG_MIRROR_HASH:=0cea56120542d3d546028d17389a3419ca930448005a9208728c40583ccf027d PKG_MAINTAINER:=Daniel Golle PKG_LICENSE:=GPL-2.0-or-later diff --git a/libs/xr_usb_serial_common/patches/100-fix-compilation-warning-unused-function.patch b/libs/xr_usb_serial_common/patches/100-fix-compilation-warning-unused-function.patch deleted file mode 100644 index 4e92f7a1d..000000000 --- a/libs/xr_usb_serial_common/patches/100-fix-compilation-warning-unused-function.patch +++ /dev/null @@ -1,42 +0,0 @@ ---- a/xr_usb_serial_common-1a/xr_usb_serial_common.c -+++ b/xr_usb_serial_common-1a/xr_usb_serial_common.c -@@ -258,7 +258,9 @@ static void xr_usb_serial_ctrl_irq(struct urb *urb) - { - struct xr_usb_serial *xr_usb_serial = urb->context; - struct usb_cdc_notification *dr = urb->transfer_buffer; -+#if LINUX_VERSION_CODE <= KERNEL_VERSION(3, 9, 0) - struct tty_struct *tty; -+#endif - unsigned char *data; - int newctrl; - int retval; -@@ -390,7 +392,9 @@ static int xr_usb_serial_submit_read_urbs(struct xr_usb_serial *xr_usb_serial, g - } - static void xr_usb_serial_process_read_urb(struct xr_usb_serial *xr_usb_serial, struct urb *urb) - { -+#if LINUX_VERSION_CODE <= KERNEL_VERSION(3, 9, 0) - struct tty_struct *tty; -+#endif - if (!urb->actual_length) - return; - #if LINUX_VERSION_CODE > KERNEL_VERSION(3, 9, 0) -@@ -465,7 +469,9 @@ static void xr_usb_serial_write_bulk(struct urb *urb) - static void xr_usb_serial_softint(struct work_struct *work) - { - struct xr_usb_serial *xr_usb_serial = container_of(work, struct xr_usb_serial, work); -+#if LINUX_VERSION_CODE <= KERNEL_VERSION(3, 9, 0) - struct tty_struct *tty; -+#endif - - dev_vdbg(&xr_usb_serial->data->dev, "%s\n", __func__); - #if LINUX_VERSION_CODE > KERNEL_VERSION(3, 9, 0) -@@ -1631,7 +1637,9 @@ err_out: - static int xr_usb_serial_reset_resume(struct usb_interface *intf) - { - struct xr_usb_serial *xr_usb_serial = usb_get_intfdata(intf); -+#if LINUX_VERSION_CODE <= KERNEL_VERSION(3, 9, 0) - struct tty_struct *tty; -+#endif - if (tty_port_initialized(&xr_usb_serial->port)){ - #if LINUX_VERSION_CODE > KERNEL_VERSION(3, 9, 0) - tty_port_tty_hangup(&xr_usb_serial->port, false); From 534bd518f3fff6c31656a1edcd7e10922f3e06e5 Mon Sep 17 00:00:00 2001 From: John Thomson Date: Fri, 21 Oct 2022 14:01:24 +1000 Subject: [PATCH 53/90] libpfring: update to 8.4.0 Release notes: https://github.com/ntop/PF_RING/releases/tag/8.4.0 Signed-off-by: John Thomson --- libs/libpfring/Makefile | 4 +- .../patches/0001-fix-cross-compiling.patch | 6 +- ...002-implement-probabilistic-sampling.patch | 89 +++++++++++++++++++ .../patches/100-fix-compilation-warning.patch | 21 +---- 4 files changed, 95 insertions(+), 25 deletions(-) create mode 100644 libs/libpfring/patches/002-implement-probabilistic-sampling.patch diff --git a/libs/libpfring/Makefile b/libs/libpfring/Makefile index f02e3ed48..0ef774b79 100644 --- a/libs/libpfring/Makefile +++ b/libs/libpfring/Makefile @@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=libpfring -PKG_VERSION:=8.0.0 +PKG_VERSION:=8.4.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/ntop/PF_RING/tar.gz/$(PKG_VERSION)? -PKG_HASH:=8e733899b736fe2536ef785b2b7d719abe652297fe7fe3a03fc495a87a9b6e82 +PKG_HASH:=2756a45ab250da11850160beb62aa879075aedfb49bf8f323b404f02b0c36670 PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/PF_RING-$(PKG_VERSION) PKG_MAINTAINER:=Banglang Huang diff --git a/libs/libpfring/patches/0001-fix-cross-compiling.patch b/libs/libpfring/patches/0001-fix-cross-compiling.patch index 9b52fbe9f..021162bbb 100644 --- a/libs/libpfring/patches/0001-fix-cross-compiling.patch +++ b/libs/libpfring/patches/0001-fix-cross-compiling.patch @@ -1,6 +1,6 @@ --- a/userland/configure +++ b/userland/configure -@@ -3875,12 +3875,6 @@ $as_echo "no" >&6; } +@@ -3868,12 +3868,6 @@ $as_echo "no" >&6; } if test "$IS_FREEBSD" != "1" && test "$cross_compiling" != "yes" ; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking if r/w locks are supported" >&5 $as_echo_n "checking if r/w locks are supported... " >&6; } @@ -13,7 +13,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -@@ -3893,7 +3887,7 @@ else +@@ -3886,7 +3880,7 @@ else _ACEOF @@ -22,7 +22,7 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } cat >>confdefs.h <<_ACEOF -@@ -3907,7 +3901,6 @@ $as_echo "no" >&6; } +@@ -3900,7 +3894,6 @@ $as_echo "no" >&6; } fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext diff --git a/libs/libpfring/patches/002-implement-probabilistic-sampling.patch b/libs/libpfring/patches/002-implement-probabilistic-sampling.patch new file mode 100644 index 000000000..d7b3e8339 --- /dev/null +++ b/libs/libpfring/patches/002-implement-probabilistic-sampling.patch @@ -0,0 +1,89 @@ +From 405caa1424358032574230ec5479e64834869298 Mon Sep 17 00:00:00 2001 +From: Alfredo Cardigliano +Date: Thu, 13 Apr 2023 13:03:28 +0200 +Subject: [PATCH] Implement probabilistic sampling + +--- + kernel/linux/pf_ring.h | 4 +++- + kernel/pf_ring.c | 34 ++++++++++++++++++++++++---------- + 2 files changed, 27 insertions(+), 11 deletions(-) + +--- a/kernel/linux/pf_ring.h ++++ b/kernel/linux/pf_ring.h +@@ -1310,7 +1310,9 @@ struct pf_ring_socket { + u_char *ring_slots; /* Points to ring_memory+sizeof(FlowSlotInfo) */ + + /* Packet Sampling */ +- u_int32_t pktToSample, sample_rate; ++ u_int32_t sample_rate; ++ u_int32_t pkts_to_sample; ++ u_int32_t sample_rnd_shift; + + /* Virtual Filtering Device */ + virtual_filtering_device_element *v_filtering_dev; +--- a/kernel/pf_ring.c ++++ b/kernel/pf_ring.c +@@ -3695,6 +3695,26 @@ int bpf_filter_skb(struct sk_buff *skb, + + /* ********************************** */ + ++int sample_packet(struct pf_ring_socket *pfr) { ++ if(pfr->pkts_to_sample <= 1) { ++ u_int32_t rnd = 0; ++ ++ get_random_bytes(&rnd, sizeof(u_int32_t)); ++ rnd = rnd % pfr->sample_rate; ++ ++ pfr->pkts_to_sample = pfr->sample_rate - pfr->sample_rnd_shift + rnd; ++ ++ pfr->sample_rnd_shift = rnd; ++ ++ return 1; /* Pass packet */ ++ } else { ++ pfr->pkts_to_sample--; ++ return 0; /* Discard packet */ ++ } ++} ++ ++/* ********************************** */ ++ + u_int32_t default_rehash_rss_func(struct sk_buff *skb, struct pfring_pkthdr *hdr) + { + return hash_pkt_header(hdr, 0); +@@ -3805,12 +3825,9 @@ static int add_skb_to_ring(struct sk_buf + if(pfr->sample_rate > 1) { + spin_lock_bh(&pfr->ring_index_lock); + +- if(pfr->pktToSample <= 1) { +- pfr->pktToSample = pfr->sample_rate; +- } else { ++ if(!sample_packet(pfr)) { ++ /* Discard packet */ + pfr->slots_info->tot_pkts++; +- pfr->pktToSample--; +- + spin_unlock_bh(&pfr->ring_index_lock); + atomic_dec(&pfr->num_ring_users); + return(-1); +@@ -4161,11 +4178,8 @@ int pf_ring_skb_ring_handler(struct sk_b + + if(pfr->sample_rate > 1) { + spin_lock_bh(&pfr->ring_index_lock); +- if(pfr->pktToSample <= 1) { +- pfr->pktToSample = pfr->sample_rate; +- } else { ++ if (!sample_packet(pfr)) { + pfr->slots_info->tot_pkts++; +- pfr->pktToSample--; + rc = 0; + } + spin_unlock_bh(&pfr->ring_index_lock); +@@ -7957,7 +7971,7 @@ static int ring_getsockopt(struct socket + if(copy_to_user(optval, lowest_if_mac, ETH_ALEN)) + return(-EFAULT); + } else { +- char *dev_addr = pfr->ring_dev->dev->dev_addr; ++ const char *dev_addr = pfr->ring_dev->dev->dev_addr; + + if (dev_addr == NULL) /* e.g. 'any' device */ + dev_addr = empty_mac; diff --git a/libs/libpfring/patches/100-fix-compilation-warning.patch b/libs/libpfring/patches/100-fix-compilation-warning.patch index 18c72e734..97115b176 100644 --- a/libs/libpfring/patches/100-fix-compilation-warning.patch +++ b/libs/libpfring/patches/100-fix-compilation-warning.patch @@ -1,6 +1,6 @@ --- a/kernel/pf_ring.c +++ b/kernel/pf_ring.c -@@ -3940,7 +3940,7 @@ static int hash_pkt_cluster(ring_cluster_element *cluster_ptr, +@@ -3902,7 +3902,7 @@ static int hash_pkt_cluster(ring_cluster break; } /* else, fall through, because it's like 2-tuple for non-TCP packets */ @@ -9,22 +9,3 @@ case cluster_per_flow_2_tuple: case cluster_per_inner_flow_2_tuple: flags |= mask_2_tuple; -@@ -5485,8 +5485,7 @@ static int ring_release(struct socket *sock) - remove_cluster_referee(pfr); - - if((pfr->zc_device_entry != NULL) -- && pfr->zc_device_entry->zc_dev.dev -- && pfr->zc_device_entry->zc_dev.dev->name) { -+ && pfr->zc_device_entry->zc_dev.dev) { - pfring_release_zc_dev(pfr); - } - -@@ -5617,8 +5616,6 @@ static int ring_bind(struct socket *sock, struct sockaddr *sa, int addr_len) - return(-EINVAL); - if(sa->sa_family != PF_RING) - return(-EINVAL); -- if(sa->sa_data == NULL) -- return(-EINVAL); - - memcpy(name, sa->sa_data, sizeof(sa->sa_data)); - From 9ac79ad46966908d2ceb64c0e0d8a0bff435767a Mon Sep 17 00:00:00 2001 From: Noah Meyerhans Date: Sun, 25 Jun 2023 20:02:35 -0700 Subject: [PATCH 54/90] bind: bump to 9.18.16 Fixes CVEs: - CVE-2023-2828: The overmem cleaning process has been improved, to prevent the cache from significantly exceeding the configured max-cache-size limit. - CVE-2023-2911: A query that prioritizes stale data over lookup triggers a fetch to refresh the stale data in cache. If the fetch is aborted for exceeding the recursion quota, it was possible for named to enter an infinite callback loop and crash due to stack overflow. The complete list of changes is available in the upstream release notes at https://ftp.isc.org/isc/bind9/cur/9.18/doc/arm/html/notes.html#notes-for-bind-9-18-16 Signed-off-by: Noah Meyerhans --- net/bind/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/bind/Makefile b/net/bind/Makefile index f98a4fd2c..ff397921d 100644 --- a/net/bind/Makefile +++ b/net/bind/Makefile @@ -9,8 +9,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=bind -PKG_VERSION:=9.18.11 -PKG_RELEASE:=3 +PKG_VERSION:=9.18.16 +PKG_RELEASE:=1 USERID:=bind=57:bind=57 PKG_MAINTAINER:=Noah Meyerhans @@ -22,7 +22,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:= \ https://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) \ https://ftp.isc.org/isc/bind9/$(PKG_VERSION) -PKG_HASH:=8ff3352812230cbcbda42df87cad961f94163d3da457c5e4bef8057fd5df2158 +PKG_HASH:=c88234fe07ee75c3c8a9e59152fee64b714643de8e22cf98da3db4d0b57e0775 PKG_FIXUP:=autoreconf PKG_REMOVE_FILES:=aclocal.m4 libtool.m4 From 9517ef080a88812b96ef55e55ddc83ada0a6a829 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20H=C3=A1k?= Date: Mon, 26 Jun 2023 13:07:06 +0200 Subject: [PATCH 55/90] knot: update to version 3.2.8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Hák --- net/knot/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/knot/Makefile b/net/knot/Makefile index c9797cc16..3ed0c35bf 100644 --- a/net/knot/Makefile +++ b/net/knot/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=knot -PKG_VERSION:=3.2.7 +PKG_VERSION:=3.2.8 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://secure.nic.cz/files/knot-dns/ -PKG_HASH:=d3b7872ac8aa80f7f54ddb1bb3b1e2f90ec55f7270a2c4a9338eab42b7d2767b +PKG_HASH:=ef419a428f327def77780bc90eda763b51e6121fe548543da84b9eb96a261a6e PKG_MAINTAINER:=Daniel Salzman PKG_LICENSE:=GPL-3.0 LGPL-2.0 0BSD BSD-3-Clause OLDAP-2.8 From b5dbf77501b4b4921ebd4d6abc6389875b64d3fa Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Mon, 26 Jun 2023 14:28:51 +0800 Subject: [PATCH 56/90] python-packages: Take over maintainership from Daniel Golle This was requested in https://github.com/openwrt/packages/pull/21227#issuecomment-1567676980. Signed-off-by: Jeffery To --- lang/python/click/Makefile | 2 +- lang/python/itsdangerous/Makefile | 2 +- lang/python/pyodbc/Makefile | 2 +- lang/python/python-gnupg/Makefile | 2 +- lang/python/python-libmodbus/Makefile | 2 +- lang/python/python-markupsafe/Makefile | 2 +- lang/python/python-werkzeug/Makefile | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/lang/python/click/Makefile b/lang/python/click/Makefile index 7babd28b3..39bf92981 100644 --- a/lang/python/click/Makefile +++ b/lang/python/click/Makefile @@ -11,7 +11,7 @@ PKG_RELEASE:=1 PYPI_NAME:=click PKG_HASH:=7682dc8afb30297001674575ea00d1814d808d6a36af415a82bd481d37ba7b8e -PKG_MAINTAINER:=Daniel Golle +PKG_MAINTAINER:=Jeffery To PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE diff --git a/lang/python/itsdangerous/Makefile b/lang/python/itsdangerous/Makefile index 6a364eb80..f6408bf0d 100644 --- a/lang/python/itsdangerous/Makefile +++ b/lang/python/itsdangerous/Makefile @@ -11,7 +11,7 @@ PKG_RELEASE:=1 PYPI_NAME:=$(PKG_NAME) PKG_HASH:=5dbbc68b317e5e42f327f9021763545dc3fc3bfe22e6deb96aaf1fc38874156a -PKG_MAINTAINER:=Daniel Golle +PKG_MAINTAINER:=Jeffery To PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE diff --git a/lang/python/pyodbc/Makefile b/lang/python/pyodbc/Makefile index 33b32f094..4f10f91ec 100644 --- a/lang/python/pyodbc/Makefile +++ b/lang/python/pyodbc/Makefile @@ -13,7 +13,7 @@ PKG_HASH:=e528bb70dd6d6299ee429868925df0866e3e919c772b9eff79c8e17920d8f116 PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE.txt -PKG_MAINTAINER:=Daniel Golle +PKG_MAINTAINER:=Jeffery To PKG_BUILD_DEPENDS:=unixodbc/host diff --git a/lang/python/python-gnupg/Makefile b/lang/python/python-gnupg/Makefile index c04a5de74..cd85b0337 100644 --- a/lang/python/python-gnupg/Makefile +++ b/lang/python/python-gnupg/Makefile @@ -13,7 +13,7 @@ PKG_HASH:=2061f56b1942c29b92727bf9aecbd3cea3893acc9cccbdc7eb4604285efe4ac7 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE.txt -PKG_MAINTAINER:=Daniel Golle +PKG_MAINTAINER:=Jeffery To PKG_CPE_ID:=cpe:/a:python:python-gnupg include ../pypi.mk diff --git a/lang/python/python-libmodbus/Makefile b/lang/python/python-libmodbus/Makefile index 8f582e6c5..3306f4d90 100644 --- a/lang/python/python-libmodbus/Makefile +++ b/lang/python/python-libmodbus/Makefile @@ -6,7 +6,7 @@ PKG_VERSION:=0.5.0 PKG_RELEASE:=2 PKG_LICENSE:=BSD-3-Clause -PKG_MAINTAINER:=Daniel Golle +PKG_MAINTAINER:=Jeffery To PYPI_NAME:=pylibmodbus PKG_HASH:=80f837304ffa8476145ea643f6b98aa94b205013a96f1e5173d7bdc776426aee diff --git a/lang/python/python-markupsafe/Makefile b/lang/python/python-markupsafe/Makefile index 5b495d79d..9d7ca894d 100644 --- a/lang/python/python-markupsafe/Makefile +++ b/lang/python/python-markupsafe/Makefile @@ -11,7 +11,7 @@ PKG_RELEASE:=1 PYPI_NAME:=MarkupSafe PKG_HASH:=abcabc8c2b26036d62d4c746381a6f7cf60aafcc653198ad678306986b09450d -PKG_MAINTAINER:=Daniel Golle +PKG_MAINTAINER:=Jeffery To PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE.rst diff --git a/lang/python/python-werkzeug/Makefile b/lang/python/python-werkzeug/Makefile index 082b3bb73..23473164d 100644 --- a/lang/python/python-werkzeug/Makefile +++ b/lang/python/python-werkzeug/Makefile @@ -11,7 +11,7 @@ PKG_RELEASE:=1 PYPI_NAME:=Werkzeug PKG_HASH:=1d5a58e0377d1fe39d061a5de4469e414e78ccb1e1e59c0f5ad6fa1c36c52b76 -PKG_MAINTAINER:=Daniel Golle +PKG_MAINTAINER:=Jeffery To PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE.rst From c698a615f934e27c5c73d39b9ac22a7dcf05851f Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Mon, 26 Jun 2023 14:06:46 +0800 Subject: [PATCH 57/90] python-setuptools: Update to 68.0.0 Signed-off-by: Jeffery To --- lang/python/python-setuptools/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/python/python-setuptools/Makefile b/lang/python/python-setuptools/Makefile index fa6ec74e9..aafc5d762 100644 --- a/lang/python/python-setuptools/Makefile +++ b/lang/python/python-setuptools/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-setuptools -PKG_VERSION:=67.8.0 +PKG_VERSION:=68.0.0 PKG_RELEASE:=1 PYPI_NAME:=setuptools -PKG_HASH:=62642358adc77ffa87233bc4d2354c4b2682d214048f500964dbe760ccedf102 +PKG_HASH:=baf1fdb41c6da4cd2eae722e135500da913332ab3f2f5c7d33af9b492acb5235 PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE From 5ae750da100efdd631ec1b217dac69ce313c9442 Mon Sep 17 00:00:00 2001 From: Christian Marangi Date: Thu, 29 Jun 2023 18:24:53 +0200 Subject: [PATCH 58/90] netsniff-ng: backport patch fixing wrong args handling with musl Backport a patch from upstream fixing wrong args handling with musl. Before this patch non args must be passed at the end of the command due to a musl limitation. Signed-off-by: Christian Marangi --- net/netsniff-ng/Makefile | 2 +- ...hn-use-getopt_long-instead-of-getopt.patch | 57 +++++++++++++++++++ 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 net/netsniff-ng/patches/0004-mausezahn-use-getopt_long-instead-of-getopt.patch diff --git a/net/netsniff-ng/Makefile b/net/netsniff-ng/Makefile index aa6dfc420..60f228043 100644 --- a/net/netsniff-ng/Makefile +++ b/net/netsniff-ng/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=netsniff-ng PKG_VERSION:=0.6.8 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/netsniff-ng/netsniff-ng/tar.gz/v$(PKG_VERSION)? diff --git a/net/netsniff-ng/patches/0004-mausezahn-use-getopt_long-instead-of-getopt.patch b/net/netsniff-ng/patches/0004-mausezahn-use-getopt_long-instead-of-getopt.patch new file mode 100644 index 000000000..528d201b2 --- /dev/null +++ b/net/netsniff-ng/patches/0004-mausezahn-use-getopt_long-instead-of-getopt.patch @@ -0,0 +1,57 @@ +From 519aae7b91454e45b0528809e94c5008cdf0c060 Mon Sep 17 00:00:00 2001 +From: Zahari Doychev +Date: Thu, 8 Dec 2022 17:40:17 +0100 +Subject: [PATCH] mausezahn: use getopt_long instead of getopt + +The musl getopt stops processing the options at the first non-option +argument comapared to the glibc variant. Using getopt_long fixes this +problem. + +Signed-off-by: Zahari Doychev +--- + staging/mausezahn.c | 13 ++++++------- + 1 file changed, 6 insertions(+), 7 deletions(-) + +--- a/staging/mausezahn.c ++++ b/staging/mausezahn.c +@@ -23,7 +23,8 @@ + #include + #include + #include +- ++#include ++ + #include "mz.h" + #include "cli.h" + #include "mops.h" +@@ -447,9 +448,7 @@ int getopts (int argc, char *argv[]) + char unit; + + opterr = 1; // let getopt print error message if necessary +- +- +- while ((c = getopt(argc, argv, short_options)) != -1) ++ while ((c = getopt_long(argc, argv, short_options, NULL, NULL)) != -1) { + switch (c) { + case '4': + tx.eth_type = 0x0800; +@@ -646,7 +645,7 @@ int getopts (int argc, char *argv[]) + fprintf (stderr," mz/getopts: Could not handle arguments properly!\n"); + return 1; + } +- ++ } + // ******************************************** + // Handle additional arguments + // ******************************************** +@@ -660,8 +659,8 @@ int getopts (int argc, char *argv[]) + "-- Verbose mode --\n" + "\n"); + } +- +- if (argc<2) { ++ ++ if (optind+2 < argc) { + help(); + } + From 9f2d3c5bf855773d5e5756652b640e2c0565d1a9 Mon Sep 17 00:00:00 2001 From: John Audia Date: Wed, 28 Jun 2023 12:30:13 -0400 Subject: [PATCH 59/90] libdaq3: update to 3.0.11 Upstream bump Signed-off-by: John Audia --- libs/libdaq3/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libs/libdaq3/Makefile b/libs/libdaq3/Makefile index a97eb7755..59caff951 100644 --- a/libs/libdaq3/Makefile +++ b/libs/libdaq3/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libdaq3 -PKG_VERSION:=3.0.11 +PKG_VERSION:=3.0.12 PKG_RELEASE:=1 PKG_MAINTAINER:=W. Michael Petullo @@ -17,7 +17,7 @@ PKG_LICENSE:=GPL-2.0-only PKG_SOURCE:=libdaq-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/snort3/libdaq/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=c9b691e113960cc19c4df6e93eacbdb45c96491da9c81471f3e419b91c04579a +PKG_HASH:=dedfdb88de151d61009bdb365322853687b1add4adec248952d2a93b70f584af PKG_BUILD_DIR:=$(BUILD_DIR)/libdaq-$(PKG_VERSION) PKG_FIXUP:=autoreconf From df0313880ed49b72bb15a0cd3736559de89377fb Mon Sep 17 00:00:00 2001 From: John Audia Date: Tue, 27 Jun 2023 08:22:04 -0400 Subject: [PATCH 60/90] snort3: update to 3.1.64.0 Upstream bump Signed-off-by: John Audia --- net/snort3/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/snort3/Makefile b/net/snort3/Makefile index 1645f6c00..bd888ec47 100644 --- a/net/snort3/Makefile +++ b/net/snort3/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=snort3 -PKG_VERSION:=3.1.63.0 +PKG_VERSION:=3.1.64.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/snort3/snort3/archive/refs/tags/ -PKG_HASH:=7ca415ac8098cd5ee001dc751966d4a6028961ca9cfc788447b7ea7048f53f85 +PKG_HASH:=57be62557178526059ded86d0bebf8a57aa4a46db9390a48ae030b6e45f1dc61 PKG_MAINTAINER:=W. Michael Petullo PKG_LICENSE:=GPL-2.0-only From 778ce3c9776b54fb83cfaea50f793c2c7031c32a Mon Sep 17 00:00:00 2001 From: John Thomson Date: Fri, 21 Oct 2022 13:49:42 +1000 Subject: [PATCH 61/90] coova-chilli: fix kernel >= 5.17 compile Signed-off-by: John Thomson --- net/coova-chilli/Makefile | 2 +- net/coova-chilli/patches/011-kernel517.patch | 34 ++++++++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 net/coova-chilli/patches/011-kernel517.patch diff --git a/net/coova-chilli/Makefile b/net/coova-chilli/Makefile index b96fccbc1..97d2acf38 100644 --- a/net/coova-chilli/Makefile +++ b/net/coova-chilli/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=coova-chilli PKG_VERSION:=1.6 -PKG_RELEASE:=9.1 +PKG_RELEASE:=10 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/coova/coova-chilli/tar.gz/$(PKG_VERSION)? diff --git a/net/coova-chilli/patches/011-kernel517.patch b/net/coova-chilli/patches/011-kernel517.patch new file mode 100644 index 000000000..e66a7c147 --- /dev/null +++ b/net/coova-chilli/patches/011-kernel517.patch @@ -0,0 +1,34 @@ +From: John Thomson +Date: 21 Oct 2022 13:00:00 +1000 +Subject: [PATCH] xt_coova: fix kernel>=5.17 + +Linux kernel 5.17 removed PDE_DATA, and replaced it with pde_data [0] + +[0]: https://github.com/torvalds/linux/commit/359745d78351c6f5442435f81549f0207ece28aa + +Signed-off-by: John Thomson + +--- a/src/linux/xt_coova.c ++++ b/src/linux/xt_coova.c +@@ -470,7 +470,9 @@ static int coova_seq_open(struct inode * + if (st == NULL) + return -ENOMEM; + +-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,10,0) ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,17,0) ++ st->table = pde_data(inode); ++#elif LINUX_VERSION_CODE >= KERNEL_VERSION(3,10,0) + st->table = PDE_DATA(inode); + #else + st->table = pde->data; +@@ -482,7 +484,9 @@ static ssize_t + coova_mt_proc_write(struct file *file, const char __user *input, + size_t size, loff_t *loff) + { +-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,10,0) ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,17,0) ++ struct coova_table *t = pde_data(file_inode(file)); ++#elif LINUX_VERSION_CODE >= KERNEL_VERSION(3,10,0) + struct coova_table *t = PDE_DATA(file_inode(file)); + #else + const struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode); From acc915083d44386cb4890818ddacd8221573b7b0 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Thu, 29 Jun 2023 02:41:39 +0800 Subject: [PATCH 62/90] python-werkzeug: Update to 2.3.6 Signed-off-by: Jeffery To --- lang/python/python-werkzeug/Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lang/python/python-werkzeug/Makefile b/lang/python/python-werkzeug/Makefile index 23473164d..08c67d772 100644 --- a/lang/python/python-werkzeug/Makefile +++ b/lang/python/python-werkzeug/Makefile @@ -5,15 +5,16 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-werkzeug -PKG_VERSION:=2.3.4 +PKG_VERSION:=2.3.6 PKG_RELEASE:=1 PYPI_NAME:=Werkzeug -PKG_HASH:=1d5a58e0377d1fe39d061a5de4469e414e78ccb1e1e59c0f5ad6fa1c36c52b76 +PKG_HASH:=98c774df2f91b05550078891dee5f0eb0cb797a522c757a2452b9cee5b202330 PKG_MAINTAINER:=Jeffery To PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE.rst +PKG_CPE_ID:=cpe:/a:palletsprojects:werkzeug include ../pypi.mk include $(INCLUDE_DIR)/package.mk From 67af34188da75c737556fd439ab1a1a8c7d954a7 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Thu, 29 Jun 2023 00:22:11 +0800 Subject: [PATCH 63/90] python-gnupg: Update to 0.5.0 This also removes the dependency on gnupg as there are two packages for gpg, gnupg and gnupg2; this library should work with either one. Signed-off-by: Jeffery To --- lang/python/python-gnupg/Makefile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lang/python/python-gnupg/Makefile b/lang/python/python-gnupg/Makefile index cd85b0337..898a4048f 100644 --- a/lang/python/python-gnupg/Makefile +++ b/lang/python/python-gnupg/Makefile @@ -5,11 +5,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-gnupg -PKG_VERSION:=0.4.7 +PKG_VERSION:=0.5.0 PKG_RELEASE:=1 -PYPI_NAME:=$(PKG_NAME) -PKG_HASH:=2061f56b1942c29b92727bf9aecbd3cea3893acc9cccbdc7eb4604285efe4ac7 +PYPI_NAME:=python-gnupg +PKG_HASH:=70758e387fc0e0c4badbcb394f61acbe68b34970a8fed7e0f7c89469fe17912a PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE.txt @@ -25,8 +25,8 @@ define Package/python3-gnupg CATEGORY:=Languages SUBMENU:=Python TITLE:=A wrapper for GnuPG - URL:=https://docs.red-dove.com/python-gnupg/ - DEPENDS:=+gnupg +python3-light +python3-logging + URL:=https://github.com/vsajip/python-gnupg + DEPENDS:=+python3-light +python3-logging endef define Package/python3-gnupg/description From 77b4067754569c0094ad41e60137117ff9a71bf8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20H=C3=B6gberg?= Date: Sun, 11 Jun 2023 23:55:23 +0200 Subject: [PATCH 64/90] minidlna: update to 1.3.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes CVE-2023-33476: ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the length of the allocated buffer, resulting in out-of-bounds read/write. Signed-off-by: Robert Högberg --- multimedia/minidlna/Makefile | 4 ++-- ...030-mark_all_instances_of_magic_container_s_as_const.patch | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/multimedia/minidlna/Makefile b/multimedia/minidlna/Makefile index d5343edbd..8d5d51a9d 100644 --- a/multimedia/minidlna/Makefile +++ b/multimedia/minidlna/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=minidlna -PKG_VERSION:=1.3.2 +PKG_VERSION:=1.3.3 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=@SF/minidlna -PKG_HASH:=222ce45a1a60c3ce3de17527955d38e5ff7a4592d61db39577e6bf88e0ae1cb0 +PKG_HASH:=39026c6d4a139b9180192d1c37225aa3376fdf4f1a74d7debbdbb693d996afa4 PKG_MAINTAINER:= PKG_LICENSE:=GPL-2.0-or-later BSD-3-Clause diff --git a/multimedia/minidlna/patches/030-mark_all_instances_of_magic_container_s_as_const.patch b/multimedia/minidlna/patches/030-mark_all_instances_of_magic_container_s_as_const.patch index 84a818835..92c521f64 100644 --- a/multimedia/minidlna/patches/030-mark_all_instances_of_magic_container_s_as_const.patch +++ b/multimedia/minidlna/patches/030-mark_all_instances_of_magic_container_s_as_const.patch @@ -105,7 +105,7 @@ Subject: [PATCH] Mark all instances of magic_container_s as const { int ret; -@@ -1301,7 +1301,7 @@ BrowseContentDirectory(struct upnphttp * +@@ -1305,7 +1305,7 @@ BrowseContentDirectory(struct upnphttp * "" "<DIDL-Lite" CONTENT_DIRECTORY_SCHEMAS; @@ -114,7 +114,7 @@ Subject: [PATCH] Mark all instances of magic_container_s as const char *zErrMsg = NULL; char *sql, *ptr; struct Response args; -@@ -1823,7 +1823,7 @@ SearchContentDirectory(struct upnphttp * +@@ -1828,7 +1828,7 @@ SearchContentDirectory(struct upnphttp * "" "<DIDL-Lite" CONTENT_DIRECTORY_SCHEMAS; From e1fa285f325543cc96dcfe2beb17fe83cc1a76e3 Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Fri, 30 Jun 2023 07:28:16 +0200 Subject: [PATCH 65/90] adblock: update to 4.1.5-8 * adapt adguard_tracking source changes Signed-off-by: Dirk Brenken --- net/adblock/Makefile | 2 +- net/adblock/files/README.md | 2 +- net/adblock/files/adblock.sources | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/net/adblock/Makefile b/net/adblock/Makefile index 6eda908a4..0e11de105 100644 --- a/net/adblock/Makefile +++ b/net/adblock/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=adblock PKG_VERSION:=4.1.5 -PKG_RELEASE:=7 +PKG_RELEASE:=8 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/adblock/files/README.md b/net/adblock/files/README.md index 95cbfeedc..463965b0f 100644 --- a/net/adblock/files/README.md +++ b/net/adblock/files/README.md @@ -12,7 +12,7 @@ A lot of people already use adblocker plugins within their desktop browsers, but | :------------------ | :-----: | :--- | :--------------- | :-------------------------------------------------------------------------------- | | adaway | x | S | mobile | [Link](https://github.com/AdAway/adaway.github.io) | | adguard | x | L | general | [Link](https://adguard.com) | -| adguard_tracking | | S | tracking | [Link](https://github.com/AdguardTeam/cname-trackers) | +| adguard_tracking | | L | tracking | [Link](https://github.com/AdguardTeam/cname-trackers) | | android_tracking | | S | tracking | [Link](https://github.com/Perflyst/PiHoleBlocklist) | | andryou | | L | compilation | [Link](https://gitlab.com/andryou/block/-/blob/master/readme.md) | | anti_ad | | L | compilation | [Link](https://github.com/privacy-protection-tools/anti-AD/blob/master/README.md) | diff --git a/net/adblock/files/adblock.sources b/net/adblock/files/adblock.sources index 85af8602b..b7f8f8b11 100644 --- a/net/adblock/files/adblock.sources +++ b/net/adblock/files/adblock.sources @@ -14,9 +14,9 @@ "descurl": "https://adguard.com" }, "adguard_tracking": { - "url": "https://raw.githubusercontent.com/AdguardTeam/cname-trackers/master/combined_disguised_trackers_justdomains.txt", + "url": "https://raw.githubusercontent.com/AdguardTeam/cname-trackers/master/data/combined_disguised_trackers_justdomains.txt", "rule": "/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}", - "size": "S", + "size": "L", "focus": "tracking", "descurl": "https://github.com/AdguardTeam/cname-trackers" }, From dbf468f93880a8211e2a625e0a964ff7f76ce35a Mon Sep 17 00:00:00 2001 From: "W. Michael Petullo" Date: Sun, 25 Jun 2023 15:36:28 -0500 Subject: [PATCH 66/90] vala: patch to circumvent apparent pkgconf bug There is an apparent bug in pkgconf 1.9 that broke building the OpenWrt Vala package. This adds a patch to circumvent the bug. For the related discussion, see: https://github.com/openwrt/packages/issues/21359 The pkgconf bug appears similar to the one discussed here: https://github.com/pkgconf/pkgconf/issues/268 Signed-off-by: W. Michael Petullo --- .../001-circumvent-glib-pkgconf-bug.patch | 73 +++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 lang/vala/patches/001-circumvent-glib-pkgconf-bug.patch diff --git a/lang/vala/patches/001-circumvent-glib-pkgconf-bug.patch b/lang/vala/patches/001-circumvent-glib-pkgconf-bug.patch new file mode 100644 index 000000000..fb6099235 --- /dev/null +++ b/lang/vala/patches/001-circumvent-glib-pkgconf-bug.patch @@ -0,0 +1,73 @@ +This patch circumvents an apparent bug in pkgconf 1.9 that prevents +building the OpenWrt Vala package. For a discussion of this, see: + +https://github.com/openwrt/packages/issues/21359 + +The pkgconf bug seems similar to the one discussed here: + +https://github.com/pkgconf/pkgconf/issues/268 + +--- a/configure ++++ b/configure +@@ -13598,11 +13598,11 @@ if test -n "$GLIB_CFLAGS"; then + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"glib-2.0 >= \$GLIB_REQUIRED gobject-2.0 >= \$GLIB_REQUIRED\""; } >&5 +- ($PKG_CONFIG --exists --print-errors "glib-2.0 >= $GLIB_REQUIRED gobject-2.0 >= $GLIB_REQUIRED") 2>&5 ++ ($PKG_CONFIG --exists --print-errors "gobject-2.0 >= $GLIB_REQUIRED glib-2.0 >= $GLIB_REQUIRED") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then +- pkg_cv_GLIB_CFLAGS=`$PKG_CONFIG --cflags "glib-2.0 >= $GLIB_REQUIRED gobject-2.0 >= $GLIB_REQUIRED" 2>/dev/null` ++ pkg_cv_GLIB_CFLAGS=`$PKG_CONFIG --cflags "gobject-2.0 >= $GLIB_REQUIRED glib-2.0 >= $GLIB_REQUIRED" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes + else + pkg_failed=yes +@@ -13615,11 +13615,11 @@ if test -n "$GLIB_LIBS"; then + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"glib-2.0 >= \$GLIB_REQUIRED gobject-2.0 >= \$GLIB_REQUIRED\""; } >&5 +- ($PKG_CONFIG --exists --print-errors "glib-2.0 >= $GLIB_REQUIRED gobject-2.0 >= $GLIB_REQUIRED") 2>&5 ++ ($PKG_CONFIG --exists --print-errors "gobject-2.0 >= $GLIB_REQUIRED glib-2.0 >= $GLIB_REQUIRED") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then +- pkg_cv_GLIB_LIBS=`$PKG_CONFIG --libs "glib-2.0 >= $GLIB_REQUIRED gobject-2.0 >= $GLIB_REQUIRED" 2>/dev/null` ++ pkg_cv_GLIB_LIBS=`$PKG_CONFIG --libs "gobject-2.0 >= $GLIB_REQUIRED glib-2.0 >= $GLIB_REQUIRED" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes + else + pkg_failed=yes +@@ -13640,9 +13640,9 @@ else + _pkg_short_errors_supported=no + fi + if test $_pkg_short_errors_supported = yes; then +- GLIB_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "glib-2.0 >= $GLIB_REQUIRED gobject-2.0 >= $GLIB_REQUIRED" 2>&1` ++ GLIB_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "gobject-2.0 >= $GLIB_REQUIRED glib-2.0 >= $GLIB_REQUIRED" 2>&1` + else +- GLIB_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "glib-2.0 >= $GLIB_REQUIRED gobject-2.0 >= $GLIB_REQUIRED" 2>&1` ++ GLIB_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "gobject-2.0 >= $GLIB_REQUIRED glib-2.0 >= $GLIB_REQUIRED" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$GLIB_PKG_ERRORS" >&5 +--- a/gobject-introspection/Makefile.in ++++ b/gobject-introspection/Makefile.in +@@ -383,8 +383,8 @@ libgidl_la_SOURCES = \ + $(NULL) + + libgidl_la_LIBADD = \ +- $(GLIB_LIBS) \ + $(GMODULE_LIBS) \ ++ $(GLIB_LIBS) \ + $(NULL) + + BUILT_SOURCES = scannerparser.h +@@ -400,8 +400,8 @@ gen_introspect_SOURCES = \ + $(NULL) + + gen_introspect_LDADD = \ +- $(GLIB_LIBS) \ + $(GMODULE_LIBS) \ ++ $(GLIB_LIBS) \ + libgidl.la \ + $(NULL) + From 8617973c90645ca3fa652c6fc76fe8b51986c428 Mon Sep 17 00:00:00 2001 From: "W. Michael Petullo" Date: Wed, 28 Jun 2023 08:09:55 -0500 Subject: [PATCH 67/90] vala: add self as maintainer of unmaintained package Signed-off-by: W. Michael Petullo --- lang/vala/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lang/vala/Makefile b/lang/vala/Makefile index c61c86c24..577bc588e 100644 --- a/lang/vala/Makefile +++ b/lang/vala/Makefile @@ -15,7 +15,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@GNOME/vala/$(basename $(PKG_VERSION)) PKG_HASH:=e1066221bf7b89cb1fa7327a3888645cb33b604de3bf45aa81132fd040b699bf -PKG_MAINTAINER:= +PKG_MAINTAINER:=W. Michael Petullo PKG_LICENSE:=LGPL-2.1-or-later PKG_LICENSE_FILES:=COPYING From 08158d2718c9776a6ccb9412e65b1ffff5b94758 Mon Sep 17 00:00:00 2001 From: Philip Prindeville Date: Tue, 27 Jun 2023 15:56:03 -0600 Subject: [PATCH 68/90] strongswan: Update to 5.9.11 Signed-off-by: Philip Prindeville --- net/strongswan/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile index 3fcc9f309..c106257bf 100644 --- a/net/strongswan/Makefile +++ b/net/strongswan/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=strongswan -PKG_VERSION:=5.9.10 -PKG_RELEASE:=6 +PKG_VERSION:=5.9.11 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/ -PKG_HASH:=3b72789e243c9fa6f0a01ccaf4f83766eba96a5e5b1e071d36e997572cf34654 +PKG_HASH:=ddf53f1f26ad26979d5f55e8da95bd389552f5de3682e35593f9a70b2584ed2d PKG_LICENSE:=GPL-2.0-or-later PKG_MAINTAINER:=Philip Prindeville , Noel Kuntze PKG_CPE_ID:=cpe:/a:strongswan:strongswan From 185630ba45b841fdf64e4f278d6252fec57b87c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20H=C3=B6gberg?= Date: Wed, 28 Jun 2023 19:23:39 +0200 Subject: [PATCH 69/90] inadyn: update to 2.11.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Robert Högberg --- net/inadyn/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/inadyn/Makefile b/net/inadyn/Makefile index f6f6421ec..9cba4adcc 100644 --- a/net/inadyn/Makefile +++ b/net/inadyn/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=inadyn -PKG_VERSION:=2.9.1 +PKG_VERSION:=2.11.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://github.com/troglobit/inadyn/releases/download/v$(PKG_VERSION) -PKG_HASH:=0094d20cfcd431674b8d658e93169c7589bf8f2b351b2860818a1ca05f0218c5 +PKG_HASH:=9c8b2a425acb9681564e9fc25a319f2109c7d2ebe1ffe99b06d4a722efb6ecba PKG_MAINTAINER:= PKG_LICENSE:=GPL-2.0-or-later From 40b9f05a5818e3793271902771a8a6b9d93f8075 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Thu, 29 Jun 2023 01:22:03 +0800 Subject: [PATCH 70/90] python-libmodbus: Update to 0.6.2 This also adds a source package (python3-libmodbus-src). Signed-off-by: Jeffery To --- lang/python/python-libmodbus/Makefile | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/lang/python/python-libmodbus/Makefile b/lang/python/python-libmodbus/Makefile index 3306f4d90..79de68987 100644 --- a/lang/python/python-libmodbus/Makefile +++ b/lang/python/python-libmodbus/Makefile @@ -2,14 +2,15 @@ include $(TOPDIR)/rules.mk include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=python-libmodbus -PKG_VERSION:=0.5.0 -PKG_RELEASE:=2 - -PKG_LICENSE:=BSD-3-Clause -PKG_MAINTAINER:=Jeffery To +PKG_VERSION:=0.6.2 +PKG_RELEASE:=1 PYPI_NAME:=pylibmodbus -PKG_HASH:=80f837304ffa8476145ea643f6b98aa94b205013a96f1e5173d7bdc776426aee +PKG_HASH:=7989af81f57cc7593c86b2d74201978e931bc80f6bbe62564273477fc7059c20 + +PKG_LICENSE:=BSD-3-Clause +PKG_LICENSE_FILES:=LICENSE +PKG_MAINTAINER:=Jeffery To include ../pypi.mk include $(INCLUDE_DIR)/package.mk @@ -19,8 +20,8 @@ define Package/python3-libmodbus SUBMENU:=Python SECTION:=lang CATEGORY:=Languages - TITLE:=pylibmodbus - URL:=https://pypi.org/project/pylibmodbus + TITLE:=Wrapper for libmodbus + URL:=https://github.com/stephane/pylibmodbus DEPENDS:=+libmodbus \ +python3-light \ +python3-cffi @@ -32,3 +33,4 @@ endef $(eval $(call Py3Package,python3-libmodbus)) $(eval $(call BuildPackage,python3-libmodbus)) +$(eval $(call BuildPackage,python3-libmodbus-src)) From e1ef13a30c8e5bc687e917edce75f75c60e56a86 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Mon, 26 Jun 2023 13:59:56 +0800 Subject: [PATCH 71/90] python-service-identity: Update to 23.1.0 This adds new build dependencies as the package switched to pyproject.toml-based builds. Signed-off-by: Jeffery To --- lang/python/python-service-identity/Makefile | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/lang/python/python-service-identity/Makefile b/lang/python/python-service-identity/Makefile index 8e1c1475c..eb51e3a40 100644 --- a/lang/python/python-service-identity/Makefile +++ b/lang/python/python-service-identity/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2016-2018 OpenWrt.org +# Copyright (C) 2015, 2018-2020, 2023 Jeffery To # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -8,16 +8,19 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-service-identity -PKG_VERSION:=18.1.0 -PKG_RELEASE:=2 +PKG_VERSION:=23.1.0 +PKG_RELEASE:=1 -PYPI_NAME:=service_identity -PKG_HASH:=0858a54aabc5b459d1aafa8a518ed2081a285087f349fe3e55197989232e2e2d +PYPI_NAME:=service-identity +PYPI_SOURCE_NAME:=service_identity +PKG_HASH:=ecb33cd96307755041e978ab14f8b14e13b40f1fbd525a4dc78f46d2b986431d PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE PKG_MAINTAINER:=Jeffery To +PKG_BUILD_DEPENDS:=python-hatchling/host python-hatch-vcs/host python-hatch-fancy-pypi-readme/host + include ../pypi.mk include $(INCLUDE_DIR)/package.mk include ../python3-package.mk From ff51716aaae66c3e307b07f019f17aee3e455d03 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Thu, 29 Jun 2023 01:54:50 +0800 Subject: [PATCH 72/90] python-markupsafe: Update to 2.1.3, add host build The host build will be used for mako (to be added later). Signed-off-by: Jeffery To --- lang/python/python-markupsafe/Makefile | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/lang/python/python-markupsafe/Makefile b/lang/python/python-markupsafe/Makefile index 9d7ca894d..63e5309d5 100644 --- a/lang/python/python-markupsafe/Makefile +++ b/lang/python/python-markupsafe/Makefile @@ -5,19 +5,23 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-markupsafe -PKG_VERSION:=2.1.2 +PKG_VERSION:=2.1.3 PKG_RELEASE:=1 PYPI_NAME:=MarkupSafe -PKG_HASH:=abcabc8c2b26036d62d4c746381a6f7cf60aafcc653198ad678306986b09450d +PKG_HASH:=af598ed32d6ae86f1b747b82783958b1a4ab8f617b06fe68795c7f026abbdcad PKG_MAINTAINER:=Jeffery To PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE.rst +HOST_BUILD_DEPENDS:=python3/host python-build/host python-installer/host python-wheel/host + include ../pypi.mk include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/host-build.mk include ../python3-package.mk +include ../python3-host-build.mk define Package/python3-markupsafe SECTION:=lang @@ -39,3 +43,4 @@ endef $(eval $(call Py3Package,python3-markupsafe)) $(eval $(call BuildPackage,python3-markupsafe)) $(eval $(call BuildPackage,python3-markupsafe-src)) +$(eval $(call HostBuild)) From 35b668b6ca432425e3b10b080f43344c15903380 Mon Sep 17 00:00:00 2001 From: Salem Huang Date: Mon, 26 Jun 2023 00:43:29 +0800 Subject: [PATCH 73/90] netbird: update to 0.21.7 1. Release notes: https://github.com/netbirdio/netbird/releases/tag/v0.21.2 https://github.com/netbirdio/netbird/releases/tag/v0.21.3 https://github.com/netbirdio/netbird/releases/tag/v0.21.4 https://github.com/netbirdio/netbird/releases/tag/v0.21.5 https://github.com/netbirdio/netbird/releases/tag/v0.21.6 https://github.com/netbirdio/netbird/releases/tag/v0.21.7 2. Update GO_PKG_LDFLAGS, because of https://github.com/netbirdio/netbird/commit/292ee260ad564d1e65199b1cb3430b0cd7ba9646 3. Define the configuration file. Signed-off-by: Salem Huang --- net/netbird/Makefile | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/net/netbird/Makefile b/net/netbird/Makefile index 30d6e1386..d5c5ab722 100644 --- a/net/netbird/Makefile +++ b/net/netbird/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=netbird -PKG_VERSION:=0.21.1 +PKG_VERSION:=0.21.7 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/netbirdio/netbird/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=e305bd2f49565e365a5022f0f0e9e9cabf273718fe2aec5f2380ef9a4d528b6e +PKG_HASH:=f2a18a6b9e6af15c182fd023cc47aecb2062d3da586820746f4987856d20f0ac PKG_MAINTAINER:=Oskari Rauta PKG_LICENSE:=BSD-3-Clause @@ -18,7 +18,7 @@ PKG_BUILD_FLAGS:=no-mips16 GO_PKG:=github.com/netbirdio/netbird GO_PKG_BUILD_PKG:=$(GO_PKG)/client -GO_PKG_LDFLAGS_X:=$(GO_PKG)/client/system.version=$(PKG_VERSION) +GO_PKG_LDFLAGS_X:=$(GO_PKG)/version.version=$(PKG_VERSION) include $(INCLUDE_DIR)/package.mk include ../../lang/golang/golang-package.mk @@ -40,6 +40,10 @@ define Package/netbird/description gateways, and so forth. endef +define Package/netbird/conffiles +/etc/netbird/config.json +endef + define Package/netbird/install $(call GoPackage/Package/Install/Bin,$(PKG_INSTALL_DIR)) $(INSTALL_DIR) $(1)/usr/bin $(1)/etc/init.d From ae3629f56abd46f2925aaf35cac786a1941ac5d6 Mon Sep 17 00:00:00 2001 From: Van Waholtz Date: Sat, 1 Jul 2023 17:24:49 +0800 Subject: [PATCH 74/90] sing-box: update to 1.3.0 Signed-off-by: Van Waholtz --- net/sing-box/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/sing-box/Makefile b/net/sing-box/Makefile index 2db8c7887..cbd4b4ac6 100644 --- a/net/sing-box/Makefile +++ b/net/sing-box/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=sing-box -PKG_VERSION:=1.2.6 +PKG_VERSION:=1.3.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/SagerNet/sing-box/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=8f7adf55ed9afe6ec0dd8b04ed64dd3a6243578ee779f909dfb3778fa2dbda10 +PKG_HASH:=e89ffdadf11d4b34d12b2c0659efea0f0786b2396ea4638c61a06e7772783ca5 PKG_LICENSE:=GPL-3.0-or-later PKG_LICENSE_FILES:=LICENSE From f6190a379bf1a9be9e9f5d6dc66f1357a2666ebd Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Mon, 26 Jun 2023 13:38:11 +0800 Subject: [PATCH 75/90] python-pluggy: Update to 1.2.0 Signed-off-by: Jeffery To --- lang/python/python-pluggy/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/python/python-pluggy/Makefile b/lang/python/python-pluggy/Makefile index d035c9abe..8fcc74dc9 100644 --- a/lang/python/python-pluggy/Makefile +++ b/lang/python/python-pluggy/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-pluggy -PKG_VERSION:=1.0.0 +PKG_VERSION:=1.2.0 PKG_RELEASE:=1 PYPI_NAME:=pluggy -PKG_HASH:=4224373bacce55f955a878bf9cfa763c1e360858e330072059e10bad68531159 +PKG_HASH:=d12f0c4b579b15f5e054301bb226ee85eeeba08ffec228092f8defbaa3a4c4b3 PKG_MAINTAINER:=Jan Pavlinec , Jeffery To PKG_LICENSE:=MIT From 2ec3b9f09596224c7bfc2d656a26eea02d3052a4 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Mon, 26 Jun 2023 13:00:05 +0800 Subject: [PATCH 76/90] python-hatchling: Update to 1.18.0 Signed-off-by: Jeffery To --- lang/python/python-hatchling/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/python/python-hatchling/Makefile b/lang/python/python-hatchling/Makefile index e7765d86a..b44b7774b 100644 --- a/lang/python/python-hatchling/Makefile +++ b/lang/python/python-hatchling/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-hatchling -PKG_VERSION:=1.17.1 +PKG_VERSION:=1.18.0 PKG_RELEASE:=1 PYPI_NAME:=hatchling -PKG_HASH:=76dee5108f929b7eb9102df0a1bf88fa3247d68a44ff1f395e1cf32eaab0c6fa +PKG_HASH:=50e99c3110ce0afc3f7bdbadff1c71c17758e476731c27607940cfa6686489ca PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE.txt From 9ce1067a5f9656e81ecd7274c34528e17e046d43 Mon Sep 17 00:00:00 2001 From: "W. Michael Petullo" Date: Fri, 30 Jun 2023 13:21:51 -0500 Subject: [PATCH 77/90] grilo: update to 0.3.16 Signed-off-by: W. Michael Petullo --- multimedia/grilo/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/multimedia/grilo/Makefile b/multimedia/grilo/Makefile index ea5850109..088835074 100644 --- a/multimedia/grilo/Makefile +++ b/multimedia/grilo/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=grilo -PKG_VERSION:=0.3.14 +PKG_VERSION:=0.3.16 PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@GNOME/grilo/0.3/ -PKG_HASH:=0369d0b00bb0f59ba5f7aea8cfc665f38df14a5b4182d28c7c1e2cd15b518743 +PKG_HASH:=884580e8c5ece280df23aa63ff5234b7d48988a404df7d6bfccd1e77b473bd96 PKG_MAINTAINER:=W. Michael Petullo PKG_LICENSE:=LGPL-2.1-or-later @@ -28,7 +28,7 @@ define Package/grilo CATEGORY:=Multimedia TITLE:=grilo URL:=https://wiki.gnome.org/Projects/Grilo - DEPENDS:=+glib2 +libsoup +libxml2 + DEPENDS:=+glib2 +libsoup3 +libxml2 endef define Package/grilo/decription From ec4370cda518cb53ea3c074feea70326407c0e4d Mon Sep 17 00:00:00 2001 From: "W. Michael Petullo" Date: Fri, 30 Jun 2023 13:22:07 -0500 Subject: [PATCH 78/90] grilo-plugins: update to 0.3.16 This drops the opensubtitles plugin, because it is not yet compatible with libsoup3. Signed-off-by: W. Michael Petullo --- multimedia/grilo-plugins/Makefile | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/multimedia/grilo-plugins/Makefile b/multimedia/grilo-plugins/Makefile index 8b69e6b5a..616f34643 100644 --- a/multimedia/grilo-plugins/Makefile +++ b/multimedia/grilo-plugins/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=grilo-plugins -PKG_VERSION:=0.3.14 +PKG_VERSION:=0.3.16 PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@GNOME/grilo-plugins/0.3/ -PKG_HASH:=686844b34ec73b24931ff6cc4f6033f0072947a6db60acdc7fb3eaf157a581c8 +PKG_HASH:=fe6f4dbe586c6b8ba2406394e202f22d009d642a96eb3a54f32f6a21d084cdcb PKG_MAINTAINER:=W. Michael Petullo PKG_LICENSE:=LGPL-2.1-or-later @@ -55,7 +55,6 @@ MESON_ARGS += \ -Denable-lua-factory=no \ -Denable-magnatune=$(if $(CONFIG_PACKAGE_grilo-plugins-magnatune),yes,no) \ -Denable-metadata-store=$(if $(CONFIG_PACKAGE_grilo-plugins-metadata-store),yes,no) \ - -Denable-opensubtitles=$(if $(CONFIG_PACKAGE_grilo-plugins-opensubtitles),yes,no) \ -Denable-optical-media=no \ -Denable-podcasts=no \ -Denable-raitv=$(if $(CONFIG_PACKAGE_grilo-plugins-raitv),yes,no) \ @@ -99,7 +98,6 @@ $(eval $(call BuildPlugin,dmap,DAAP and DPAP sharing,daap dpap,libdmapsharing,30 $(eval $(call BuildPlugin,gravatar,Gravatar provider,gravatar,,30)) $(eval $(call BuildPlugin,magnatune,Magnatune sharing,magnatune,,30)) $(eval $(call BuildPlugin,metadata-store,Metadata Store,metadatastore,,30)) -$(eval $(call BuildPlugin,opensubtitles,Open subtitles provider,opensubtitles,,30)) $(eval $(call BuildPlugin,raitv,Rai.tv sharing,raitv,,30)) $(eval $(call BuildPlugin,shoutcast,SHOUTcast sharing,shoutcast,,30)) $(eval $(call BuildPlugin,tmdb,TMDb,tmdb,+json-glib,30)) From 6a897e22b0cd6d06fe99f9e651b6dc4347eb8caf Mon Sep 17 00:00:00 2001 From: Oskari Rauta Date: Sun, 28 May 2023 09:33:08 +0300 Subject: [PATCH 79/90] libwebsockets: Fix -Werror=enum-int-mismatch in lws_tls_server_abort_connection() with gcc 13 libwebsockets fails with -Werror=enum-int-mismatch with both SSL variants. These 2 patches work out that issue. Problem is mentioned as a issue in openwrt/packages#20949 and instead of overriding issue with appropriate CFLAGS, this approach was suggested for me as it's been made as a PR (for openssl) at warmcat/libwebsockets#2824 Second patch for mbedtls, was made by me using same approach as was used of openssl. Eventually these propably will be merged into libwebsockets mainstream. Signed-off-by: Oskari Rauta --- libs/libwebsockets/Makefile | 2 +- .../010-fix-enum-int-mismatch-openssl.patch | 26 +++++++++++++++++++ .../011-fix-enum-int-mismatch-mbedtls.patch | 14 ++++++++++ 3 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 libs/libwebsockets/patches/010-fix-enum-int-mismatch-openssl.patch create mode 100644 libs/libwebsockets/patches/011-fix-enum-int-mismatch-mbedtls.patch diff --git a/libs/libwebsockets/Makefile b/libs/libwebsockets/Makefile index c71510b01..34e7abd3d 100644 --- a/libs/libwebsockets/Makefile +++ b/libs/libwebsockets/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libwebsockets PKG_VERSION:=4.3.2 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) diff --git a/libs/libwebsockets/patches/010-fix-enum-int-mismatch-openssl.patch b/libs/libwebsockets/patches/010-fix-enum-int-mismatch-openssl.patch new file mode 100644 index 000000000..5f2ee86e0 --- /dev/null +++ b/libs/libwebsockets/patches/010-fix-enum-int-mismatch-openssl.patch @@ -0,0 +1,26 @@ +From 722e44cb5b74cae206f47a6dc0d985eba8ed1b2e Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Thu, 26 Jan 2023 17:17:49 -0800 +Subject: [PATCH] Fix -Werror=enum-int-mismatch in + lws_tls_server_abort_connection() + +GCC 13 is findinf this function signature mismatch. + +../git/lib/tls/openssl/openssl-server.c:713:1: error: conflicting types for 'lws_tls_server_abort_connection' due to enum/integer mismatch; have 'int(struct lws *)' [-Werror=enum-int-mismatch] + +Signed-off-by: Khem Raj +--- + lib/tls/openssl/openssl-server.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/lib/tls/openssl/openssl-server.c ++++ b/lib/tls/openssl/openssl-server.c +@@ -709,7 +709,7 @@ lws_tls_server_new_nonblocking(struct lw + return 0; + } + +-int ++enum lws_ssl_capable_status + lws_tls_server_abort_connection(struct lws *wsi) + { + if (wsi->tls.use_ssl) diff --git a/libs/libwebsockets/patches/011-fix-enum-int-mismatch-mbedtls.patch b/libs/libwebsockets/patches/011-fix-enum-int-mismatch-mbedtls.patch new file mode 100644 index 000000000..ce4d44a37 --- /dev/null +++ b/libs/libwebsockets/patches/011-fix-enum-int-mismatch-mbedtls.patch @@ -0,0 +1,14 @@ +--- a/lib/tls/mbedtls/mbedtls-server.c ++++ b/lib/tls/mbedtls/mbedtls-server.c +@@ -264,11 +264,7 @@ lws_tls_server_new_nonblocking(struct lw + return 0; + } + +-#if defined(LWS_AMAZON_RTOS) + enum lws_ssl_capable_status +-#else +-int +-#endif + lws_tls_server_abort_connection(struct lws *wsi) + { + if (wsi->tls.use_ssl) From 429f76316e32b37fe1520cde478d65c8b7768622 Mon Sep 17 00:00:00 2001 From: Javier Marcet Date: Sat, 1 Jul 2023 20:20:05 +0200 Subject: [PATCH 80/90] python-stem: update to v1.8.2 Signed-off-by: Javier Marcet --- lang/python/python-stem/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lang/python/python-stem/Makefile b/lang/python/python-stem/Makefile index 03ef35633..a8701fd01 100644 --- a/lang/python/python-stem/Makefile +++ b/lang/python/python-stem/Makefile @@ -1,11 +1,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-stem -PKG_VERSION:=1.8.1 -PKG_RELEASE:=2 +PKG_VERSION:=1.8.2 +PKG_RELEASE:=1 PYPI_NAME:=stem -PKG_HASH:=81d43a7c668ba9d7bc1103b2e7a911e9d148294b373d27a59ae8da79ef7a3e2f +PKG_HASH:=83fb19ffd4c9f82207c006051480389f80af221a7e4783000aedec4e384eb582 PKG_MAINTAINER:=Javier Marcet PKG_LICENSE:=LGPL-3.0-only From db1c50e1ca4173d6c2c18cc447b23994dc01ba0f Mon Sep 17 00:00:00 2001 From: Javier Marcet Date: Sat, 1 Jul 2023 20:43:28 +0200 Subject: [PATCH 81/90] python-websocket-client: update to 1.6.1 - 1.6.1 - Fix Dispatcher keyboard interrupt. Should solve reconnect loop with rel - 1.6.0 - Fix teardown issue when ping thread is not properly ended - Fix double ping wait time on first ping - Minor typehints improvements - 1.5.3 - Add logic to avoid error in the case where content-length header does not exist, bug introduced in 1.5.2 - Fix wsdump.py script typing, bug introduced in 1.5.2 - 1.5.2 - Add typehints - Fix pytype errors - Fix args passed to logging function - Standardize PEP 3101 formatting - Add more verbose exception for unsuccessful handshake Signed-off-by: Javier Marcet --- lang/python/python-websocket-client/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/python/python-websocket-client/Makefile b/lang/python/python-websocket-client/Makefile index 473065474..f84bd1844 100644 --- a/lang/python/python-websocket-client/Makefile +++ b/lang/python/python-websocket-client/Makefile @@ -1,11 +1,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-websocket-client -PKG_VERSION:=1.5.1 +PKG_VERSION:=1.6.1 PKG_RELEASE:=1 PYPI_NAME:=websocket-client -PKG_HASH:=3f09e6d8230892547132177f575a4e3e73cfdf06526e20cc02aa1c3b47184d40 +PKG_HASH:=c951af98631d24f8df89ab1019fc365f2227c0892f12fd150e935607c79dd0dd PKG_MAINTAINER:=Javier Marcet PKG_LICENSE:=Apache-2.0 From 2abb84d156cf34a2c8e324771a0e770bfed59fcd Mon Sep 17 00:00:00 2001 From: Javier Marcet Date: Fri, 30 Jun 2023 05:18:51 +0200 Subject: [PATCH 82/90] docker-compose: Update to version 2.19.1 Signed-off-by: Javier Marcet --- utils/docker-compose/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/docker-compose/Makefile b/utils/docker-compose/Makefile index fa7d7838e..f5383c7ac 100644 --- a/utils/docker-compose/Makefile +++ b/utils/docker-compose/Makefile @@ -1,14 +1,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=compose -PKG_VERSION:=2.18.1 +PKG_VERSION:=2.19.1 PKG_RELEASE:=1 PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE PKG_SOURCE:=v$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/docker/compose/tar.gz/v${PKG_VERSION}? -PKG_HASH:=192c47c177d9bfd8492ed0c49214af0c740586da6db0b7e9c9a07da37c9dc722 +PKG_HASH:=869d4ffd3f6b6835dcbb5cd627e98a9d2f1d30a9ae2c8e712275db9aa3e6e97d PKG_MAINTAINER:=Javier Marcet From 9c57448314e9e10efe908deb0963c7ad9f50498d Mon Sep 17 00:00:00 2001 From: Philip Prindeville Date: Sun, 2 Jul 2023 20:54:15 -0600 Subject: [PATCH 83/90] acpica-unix: Update to 20230628 Signed-off-by: Philip Prindeville --- utils/acpica-unix/Makefile | 4 ++-- .../0004-need-stdint.h-for-uintptr_t.patch | 13 ------------- .../0005-pragma-dangling-pointer-CurrentSp.patch | 16 ---------------- 3 files changed, 2 insertions(+), 31 deletions(-) delete mode 100644 utils/acpica-unix/patches/0004-need-stdint.h-for-uintptr_t.patch delete mode 100644 utils/acpica-unix/patches/0005-pragma-dangling-pointer-CurrentSp.patch diff --git a/utils/acpica-unix/Makefile b/utils/acpica-unix/Makefile index fd5a11ce3..b1471c7c0 100644 --- a/utils/acpica-unix/Makefile +++ b/utils/acpica-unix/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=acpica-unix -PKG_VERSION:=20230331 +PKG_VERSION:=20230628 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_CAT:=gzip -dc PKG_SOURCE_URL:=https://acpica.org/sites/$(patsubst %-unix,%,$(PKG_NAME))/files/ -PKG_HASH:=0c5d695d605aaa61709f3c63f57a1a99b8902291723998446b0813b57ac310e2 +PKG_HASH:=86876a745e3d224dcfd222ed3de465b47559e85811df2db9820ef09a9dff5cce PKG_MAINTAINER:=Philip Prindeville PKG_LICENSE:=GPL-2.0 diff --git a/utils/acpica-unix/patches/0004-need-stdint.h-for-uintptr_t.patch b/utils/acpica-unix/patches/0004-need-stdint.h-for-uintptr_t.patch deleted file mode 100644 index c137560e3..000000000 --- a/utils/acpica-unix/patches/0004-need-stdint.h-for-uintptr_t.patch +++ /dev/null @@ -1,13 +0,0 @@ -We use the type uintptr_t but we don't directly include the header -file from which it comes. - ---- a/source/include/platform/aclinux.h -+++ b/source/include/platform/aclinux.h -@@ -312,6 +312,7 @@ - #ifdef ACPI_USE_STANDARD_HEADERS - #include - #include -+#include - - #define ACPI_OFFSET(d, f) offsetof(d, f) - #endif diff --git a/utils/acpica-unix/patches/0005-pragma-dangling-pointer-CurrentSp.patch b/utils/acpica-unix/patches/0005-pragma-dangling-pointer-CurrentSp.patch deleted file mode 100644 index cd903238f..000000000 --- a/utils/acpica-unix/patches/0005-pragma-dangling-pointer-CurrentSp.patch +++ /dev/null @@ -1,16 +0,0 @@ -Storing the address of an ephemeral variable into a persistent pointer -is flagged by GCC 12 as a dangling-pointer error. - ---- a/source/components/utilities/utdebug.c -+++ b/source/components/utilities/utdebug.c -@@ -185,7 +185,10 @@ AcpiUtInitStackPtrTrace ( - ACPI_SIZE CurrentSp; - - -+#pragma GCC diagnostic push -+#pragma GCC diagnostic ignored "-Wdangling-pointer=" - AcpiGbl_EntryStackPointer = &CurrentSp; -+#pragma GCC diagnostic pop - } - - From 9cf533dffe8363349530e808a2dedf5d7ee4685f Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Mon, 3 Jul 2023 22:05:28 +0800 Subject: [PATCH 84/90] dnsproxy: Update to 0.51.0 Signed-off-by: Tianling Shen --- net/dnsproxy/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/dnsproxy/Makefile b/net/dnsproxy/Makefile index 754da1d68..5832087cf 100644 --- a/net/dnsproxy/Makefile +++ b/net/dnsproxy/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsproxy -PKG_VERSION:=0.50.2 +PKG_VERSION:=0.51.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/AdguardTeam/dnsproxy/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=f65764a196508bc134e05cdb9d282b790641dfe0e8e8aa99b01544317f791487 +PKG_HASH:=230f13bcfe48a650c0ffd0574092fd956f5fb6351c622ae869d2bd0058a539b4 PKG_MAINTAINER:=Tianling Shen PKG_LICENSE:=Apache-2.0 From 8f04b59b191718abbd770040a3e965de97bf4f13 Mon Sep 17 00:00:00 2001 From: Javier Marcet Date: Sat, 1 Jul 2023 20:51:17 +0200 Subject: [PATCH 85/90] python-dotenv: update to v1.0.0 - 1.0.0: - What's Changed: - Handle situations where the cwd does not exist. - Add python-decouple as a related project - Drop support for python 3.7, add python 3.12-dev - 0.21.1: - Added: - Use Python 3.11 non-beta in CI - Modernize variables code - Modernize main.py and parser.py code - Improve conciseness of cli.py and init.py - Improve error message for get and list commands when env file can't be opened - Updated Licence to align with BSD OSI template Signed-off-by: Javier Marcet --- lang/python/python-dotenv/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/python/python-dotenv/Makefile b/lang/python/python-dotenv/Makefile index e8ef61b1b..d24138dc0 100644 --- a/lang/python/python-dotenv/Makefile +++ b/lang/python/python-dotenv/Makefile @@ -1,11 +1,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-dotenv -PKG_VERSION:=0.21.0 +PKG_VERSION:=1.0.0 PKG_RELEASE:=1 PYPI_NAME:=python-dotenv -PKG_HASH:=b77d08274639e3d34145dfa6c7008e66df0f04b7be7a75fd0d5292c191d79045 +PKG_HASH:=a8df96034aae6d2d50a4ebe8216326c61c3eb64836776504fcca410e5937a3ba PKG_MAINTAINER:=Javier Marcet PKG_LICENSE:=BSD-3-Clause From 207d01c3a918bf6452c5962660a605bb0d8b8d6b Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Mon, 3 Jul 2023 14:41:18 +0800 Subject: [PATCH 86/90] python-typing-extensions: Update to 4.7.1 Signed-off-by: Jeffery To --- lang/python/python-typing-extensions/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/python/python-typing-extensions/Makefile b/lang/python/python-typing-extensions/Makefile index 7ba2f612f..a317eb55c 100644 --- a/lang/python/python-typing-extensions/Makefile +++ b/lang/python/python-typing-extensions/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-typing-extensions -PKG_VERSION:=4.6.3 +PKG_VERSION:=4.7.1 PKG_RELEASE:=1 PYPI_NAME:=typing-extensions PYPI_SOURCE_NAME:=typing_extensions -PKG_HASH:=d91d5919357fe7f681a9f2b5b4cb2a5f1ef0a1e9f59c4d8ff0d3491e05c0ffd5 +PKG_HASH:=b75ddc264f0ba5615db7ba217daeb99701ad295353c45f9e95963337ceeeffb2 PKG_MAINTAINER:=Jan Pavlinec , Jeffery To PKG_LICENSE:=Python-2.0.1 0BSD From 952844c976bae289c603f9c93662a08f6ff49290 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Tue, 4 Jul 2023 16:04:54 +0800 Subject: [PATCH 87/90] rclone: Update to 1.63.0 While at it fixed a typo error of license files variable. Signed-off-by: Tianling Shen --- net/rclone/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/rclone/Makefile b/net/rclone/Makefile index 731a0582e..cd5e4d02c 100644 --- a/net/rclone/Makefile +++ b/net/rclone/Makefile @@ -6,15 +6,15 @@ include $(TOPDIR)/rules.mk PKG_NAME:=rclone -PKG_VERSION:=1.62.2 +PKG_VERSION:=1.63.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/rclone/rclone/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=6741c81ae5b5cb48a04055f280f6e220ed4b35d26fe43f59510d0f7740044748 +PKG_HASH:=755af528052f946e8d41a3e96e5dbf8f03ecfe398f9d0fdeb7ca1a59208a75db PKG_LICENSE:=MIT -PKG_LICENSE_FILE:=LICENSE +PKG_LICENSE_FILES:=LICENSE PKG_MAINTAINER:=Elon Huang \ Tianling Shen From ac470379c0be864051eb2e355d39319da38ef748 Mon Sep 17 00:00:00 2001 From: Christian Lachner Date: Tue, 4 Jul 2023 08:09:39 +0200 Subject: [PATCH 88/90] haproxy: update to v2.8.1 - Update haproxy PKG_VERSION and PKG_HASH - See changes: http://git.haproxy.org/?p=haproxy-2.8.git;a=shortlog Signed-off-by: Christian Lachner --- net/haproxy/Makefile | 4 ++-- net/haproxy/get-latest-patches.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile index a1f858c4c..217684d71 100644 --- a/net/haproxy/Makefile +++ b/net/haproxy/Makefile @@ -10,12 +10,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=haproxy -PKG_VERSION:=2.8.0 +PKG_VERSION:=2.8.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://www.haproxy.org/download/2.8/src -PKG_HASH:=61cdafb5db7e9174d0757b8e4bcde938352306fb7cc8ff2b5f55c26dd48a6cf7 +PKG_HASH:=485552fcd9d5d5f41aad046f131fc0a7e849bef25a349a040750af0c6fc56807 PKG_MAINTAINER:=Thomas Heil , \ Christian Lachner diff --git a/net/haproxy/get-latest-patches.sh b/net/haproxy/get-latest-patches.sh index 6b60869c0..e36680e64 100755 --- a/net/haproxy/get-latest-patches.sh +++ b/net/haproxy/get-latest-patches.sh @@ -1,7 +1,7 @@ #!/bin/sh CLONEURL=https://git.haproxy.org/git/haproxy-2.8.git -BASE_TAG=v2.8.0 +BASE_TAG=v2.8.1 TMP_REPODIR=tmprepo PATCHESDIR=patches From 47665d7ac05a8b03f5ce5001aad4db0b88f53272 Mon Sep 17 00:00:00 2001 From: Javier Marcet Date: Sun, 21 May 2023 15:08:03 +0200 Subject: [PATCH 89/90] python-docker: Update to 6.1.2 Signed-off-by: Javier Marcet --- lang/python/python-docker/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lang/python/python-docker/Makefile b/lang/python/python-docker/Makefile index de278aac6..b270e693a 100644 --- a/lang/python/python-docker/Makefile +++ b/lang/python/python-docker/Makefile @@ -1,11 +1,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-docker -PKG_VERSION:=6.0.1 -PKG_RELEASE:=3 +PKG_VERSION:=6.1.2 +PKG_RELEASE:=1 PYPI_NAME:=docker -PKG_HASH:=896c4282e5c7af5c45e8b683b0b0c33932974fe6e50fc6906a0a83616ab3da97 +PKG_HASH:=dcc088adc2ec4e7cfc594e275d8bd2c9738c56c808de97476939ef67db5af8c2 PKG_MAINTAINER:=Javier Marcet PKG_LICENSE:=Apache-2.0 From c045680a62477c63a5151495cd580fba132d1fe0 Mon Sep 17 00:00:00 2001 From: Javier Marcet Date: Sat, 1 Jul 2023 20:55:30 +0200 Subject: [PATCH 90/90] python-docker: Update to 6.1.3 Signed-off-by: Javier Marcet --- lang/python/python-docker/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/python/python-docker/Makefile b/lang/python/python-docker/Makefile index b270e693a..1ce4defb1 100644 --- a/lang/python/python-docker/Makefile +++ b/lang/python/python-docker/Makefile @@ -1,11 +1,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-docker -PKG_VERSION:=6.1.2 +PKG_VERSION:=6.1.3 PKG_RELEASE:=1 PYPI_NAME:=docker -PKG_HASH:=dcc088adc2ec4e7cfc594e275d8bd2c9738c56c808de97476939ef67db5af8c2 +PKG_HASH:=aa6d17830045ba5ef0168d5eaa34d37beeb113948c413affe1d5991fc11f9a20 PKG_MAINTAINER:=Javier Marcet PKG_LICENSE:=Apache-2.0