From 364fe00b17ddfeb9f2bdf16298eda84866d58d27 Mon Sep 17 00:00:00 2001 From: Christian Marangi Date: Wed, 27 Sep 2023 19:09:56 +0200 Subject: [PATCH 01/28] atftp: bump to release 0.8.0 Bump to release 0.8.0. Autorecong is now needed to correctly compile the package. Signed-off-by: Christian Marangi --- net/atftp/Makefile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/net/atftp/Makefile b/net/atftp/Makefile index 9478f0697..bee43615f 100644 --- a/net/atftp/Makefile +++ b/net/atftp/Makefile @@ -7,12 +7,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=atftp -PKG_VERSION:=0.7.5 +PKG_VERSION:=0.8.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=@SF/$(PKG_NAME) -PKG_HASH:=93c87a4fb18218414e008e01c995dadd231ba4c752d0f894b34416d1e6d3038a +PKG_HASH:=df2aa089c7670f9eab40e5598e5d2cb6a582dc5182926ea50b4d690e4e37f316 PKG_MAINTAINER:=Daniel Danzberger PKG_LICENSE:=GPL-2.0-or-later @@ -21,6 +21,8 @@ PKG_LICENSE_FILES:=LICENSE PKG_INSTALL:=1 PKG_BUILD_PARALLEL:=1 +PKG_FIXUP:=autoreconf + include $(INCLUDE_DIR)/package.mk define Package/atftp/Default From f81a1a1212c17f460721fe6f4d4497e66ee418c6 Mon Sep 17 00:00:00 2001 From: Christian Marangi Date: Wed, 27 Sep 2023 19:10:39 +0200 Subject: [PATCH 02/28] atftp: move to PCRE2 Move atftp to PCRE2 as PCRE is flagged as EOL and won't receive security updates anymore. Signed-off-by: Christian Marangi --- net/atftp/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/atftp/Makefile b/net/atftp/Makefile index bee43615f..cabdd3efd 100644 --- a/net/atftp/Makefile +++ b/net/atftp/Makefile @@ -40,7 +40,7 @@ endef define Package/atftpd $(call Package/atftp/Default) - DEPENDS:=+libpcre +libpthread + DEPENDS:=+libpcre2 +libpthread TITLE+= server endef From ed6729c251407bbe8a5eedb8a692b40afcb2b782 Mon Sep 17 00:00:00 2001 From: Stan Grishin Date: Thu, 28 Sep 2023 21:30:55 +0000 Subject: [PATCH 03/28] adblock-fast: better error reporting when nothing to do * also nicer file type output in high verbosity Signed-off-by: Stan Grishin --- net/adblock-fast/Makefile | 2 +- .../files/etc/init.d/adblock-fast | 51 +++++++++++-------- 2 files changed, 30 insertions(+), 23 deletions(-) diff --git a/net/adblock-fast/Makefile b/net/adblock-fast/Makefile index 72a3324ac..23ec3acad 100644 --- a/net/adblock-fast/Makefile +++ b/net/adblock-fast/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=adblock-fast PKG_VERSION:=1.0.0 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_MAINTAINER:=Stan Grishin PKG_LICENSE:=GPL-3.0-or-later diff --git a/net/adblock-fast/files/etc/init.d/adblock-fast b/net/adblock-fast/files/etc/init.d/adblock-fast index 6d0cade3f..b0ce90503 100755 --- a/net/adblock-fast/files/etc/init.d/adblock-fast +++ b/net/adblock-fast/files/etc/init.d/adblock-fast @@ -152,6 +152,7 @@ get_text() { errorNoSSLSupport) r="no HTTPS/SSL support on device";; errorCreatingDirectory) r="failed to create output/cache/gzip file directory";; errorDetectingFileType) r="failed to detect format";; + errorNothingToDo) r="no blocked list URLs nor blocked-domains enabled";; statusNoInstall) r="$serviceName is not installed or not found";; statusStopped) r="Stopped";; @@ -273,11 +274,11 @@ append_url() { local file="$1" if [ "$(head -1 "$file")" = '[Adblock Plus]' ] || \ grep -q '^||' "$file"; then - echo 'adBlockPlus' + echo 'adblockplus' elif grep -q '^server=' "$file"; then - echo 'dnsmasqFile' + echo 'dnsmasq' elif grep -q '^local=' "$file"; then - echo 'dnsmasq2File' + echo 'dnsmasq2' elif grep -q '^0.0.0.0' "$file" || grep -q '^127.0.0.1' "$file"; then echo 'hosts' elif [ -n "$(sed "$domainsFilter" "$file" | head -1)" ]; then @@ -287,11 +288,11 @@ append_url() { # detect_file_type() { # local file="$1" # if [ -n "$(sed "$adBlockPlusFilter" "$file" | head -1)" ]; then -# echo 'adBlockPlus' +# echo 'adblockplus' # elif [ -n "$(sed "$dnsmasqFileFilter" "$file" | head -1)" ]; then -# echo 'dnsmasqFile' +# echo 'dnsmasq' # elif [ -n "$(sed "$dnsmasq2FileFilter" "$file" | head -1)" ]; then -# echo 'dnsmasq2File' +# echo 'dnsmasq2' # elif [ -n "$(sed "$hostsFilter" "$file" | head -1)" ]; then # echo 'hosts' # elif [ -n "$(sed "$domainsFilter" "$file" | head -1)" ]; then @@ -864,9 +865,9 @@ process_file_url() { fi format="$(detect_file_type "$R_TMP")" case "$format" in - adBlockPlus) filter="$adBlockPlusFilter";; - dnsmasqFile) filter="$dnsmasqFileFilter";; - dnsmasq2File) filter="$dnsmasq2FileFilter";; + adblockplus) filter="$adBlockPlusFilter";; + dnsmasq) filter="$dnsmasqFileFilter";; + dnsmasq2) filter="$dnsmasq2FileFilter";; domains) filter="$domainsFilter";; hosts) filter="$hostsFilter";; *) @@ -1389,21 +1390,27 @@ adb_start() { fi fi if [ "$action" = 'download' ]; then - if [ -s "$outputFile" ] || cache 'test' || cache 'test_gzip'; then - output 0 "Force-reloading $serviceName... " - output 3 "Force-reloading $serviceName...\\n" - json set status "statusForceReloading" + if [ -z "$blocked_url" ] && [ -z "$blocked_domain" ]; then + json set status "statusFail" + json add error "errorNothingToDo" + output "${_ERROR_}: $(get_text 'errorNothingToDo')!\\n" else - output 0 "Starting $serviceName... " - output 3 "Starting $serviceName...\\n" - json set status "statusStarting" + if [ -s "$outputFile" ] || cache 'test' || cache 'test_gzip'; then + output 0 "Force-reloading $serviceName... " + output 3 "Force-reloading $serviceName...\\n" + json set status "statusForceReloading" + else + output 0 "Starting $serviceName... " + output 3 "Starting $serviceName...\\n" + json set status "statusStarting" + fi + if [ "$dns" = 'dnsmasq.conf' ] && [ -n "$dnsmasq_config_file_url" ]; then + download_dnsmasq_file + else + download_lists + fi + dns 'on_start' fi - if [ "$dns" = 'dnsmasq.conf' ] && [ -n "$dnsmasq_config_file_url" ]; then - download_dnsmasq_file - else - download_lists - fi - dns 'on_start' fi if [ "$action" = 'restart' ]; then output 0 "Restarting $serviceName... " From daf29ecbb2e17adce7ba9c25759b60c9afff9c01 Mon Sep 17 00:00:00 2001 From: Christian Marangi Date: Sat, 30 Sep 2023 16:09:18 +0200 Subject: [PATCH 04/28] net-snmp: move to PCRE2 library Add upstream patch adding support for pcre2 and update dependency to require libpcre2 instead of libpcre. --with-pcre2-8 is now needed to exclude support for pcre and only require pcre2 as net-snmp still use and try to use pcre by default. Signed-off-by: Christian Marangi --- net/net-snmp/Makefile | 5 +- .../patches/200-add-pcre2-support.patch | 407 ++++++++++++++++++ net/net-snmp/patches/201-Run-autoreconf.patch | 185 ++++++++ .../patches/202-Improve-pcre2-support.patch | 152 +++++++ 4 files changed, 747 insertions(+), 2 deletions(-) create mode 100644 net/net-snmp/patches/200-add-pcre2-support.patch create mode 100644 net/net-snmp/patches/201-Run-autoreconf.patch create mode 100644 net/net-snmp/patches/202-Improve-pcre2-support.patch diff --git a/net/net-snmp/Makefile b/net/net-snmp/Makefile index b700e4761..46aa5e273 100644 --- a/net/net-snmp/Makefile +++ b/net/net-snmp/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=net-snmp PKG_VERSION:=5.9.1 -PKG_RELEASE:=5 +PKG_RELEASE:=6 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=@SF/net-snmp @@ -41,7 +41,7 @@ define Package/libnetsnmp $(call Package/net-snmp/Default) SECTION:=libs CATEGORY:=Libraries - DEPENDS:=+libnl-tiny +libpci +libpcre + DEPENDS:=+libnl-tiny +libpci +libpcre2 TITLE:=Open source SNMP implementation (libraries) endef @@ -208,6 +208,7 @@ CONFIGURE_ARGS += \ --without-mysql \ --without-rpm \ --without-zlib \ + --with-pcre2-8 \ --with-nl \ $(call autoconf_bool,CONFIG_IPV6,ipv6) \ --disable-perl-cc-checks \ diff --git a/net/net-snmp/patches/200-add-pcre2-support.patch b/net/net-snmp/patches/200-add-pcre2-support.patch new file mode 100644 index 000000000..410064710 --- /dev/null +++ b/net/net-snmp/patches/200-add-pcre2-support.patch @@ -0,0 +1,407 @@ +From d3e95c87b32397815f6d5bcfc844259f2552697a Mon Sep 17 00:00:00 2001 +From: gagan sidhu +Date: Sun, 21 May 2023 15:47:36 -0600 +Subject: [PATCH] add pcre2 support + +--- + agent/mibgroup/host/data_access/swrun.c | 29 ++++++++++-- + agent/mibgroup/if-mib/data_access/interface.c | 47 ++++++++++++++++--- + agent/mibgroup/struct.h | 2 +- + agent/mibgroup/ucd-snmp/proc.c | 32 +++++++++---- + agent/mibgroup/ucd-snmp/proc.h | 2 +- + configure.d/config_os_libs1 | 27 +++++++++++ + configure.d/config_project_with_enable | 4 ++ + include/net-snmp/data_access/interface.h | 9 +++- + include/net-snmp/data_access/swrun.h | 2 +- + include/net-snmp/types.h | 2 +- + 10 files changed, 132 insertions(+), 24 deletions(-) + +--- a/agent/mibgroup/host/data_access/swrun.c ++++ b/agent/mibgroup/host/data_access/swrun.c +@@ -17,7 +17,10 @@ + #include "swrun.h" + #include "swrun_private.h" + +-#if HAVE_PCRE_H ++#if defined(HAVE_PCRE2_H) ++#define PCRE2_CODE_UNIT_WIDTH 8 ++#include ++#elif defined(HAVE_PCRE_H) + #include + #endif + +@@ -100,32 +103,52 @@ swrun_max_processes( void ) + #endif /* NETSNMP_FEATURE_REMOVE_SWRUN_MAX_PROCESSES */ + + #ifndef NETSNMP_FEATURE_REMOVE_SWRUN_COUNT_PROCESSES_BY_REGEX +-#if HAVE_PCRE_H ++#if defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H) + int + swrun_count_processes_by_regex( char *name, netsnmp_regex_ptr regexp ) + { + netsnmp_swrun_entry *entry; + netsnmp_iterator *it; + int i = 0; ++#ifdef HAVE_PCRE2_H ++ pcre2_match_data *ndx_match; ++ int *found_ndx; ++ ndx_match = pcre2_match_data_create(30, NULL); ++ found_ndx = pcre2_get_ovector_pointer(ndx_match); ++#elif HAVE_PCRE_H + int found_ndx[30]; ++#endif + int found; + char fullCommand[64 + 128 + 128 + 3]; + + netsnmp_cache_check_and_reload(swrun_cache); + if ( !swrun_container || !name || !regexp.regex_ptr ) ++#ifdef HAVE_PCRE2_H ++ { ++ pcre2_match_data_free(ndx_match); ++ return 0; ++ } ++#else + return 0; /* or -1 */ ++#endif + + it = CONTAINER_ITERATOR( swrun_container ); + while ((entry = (netsnmp_swrun_entry*)ITERATOR_NEXT( it )) != NULL) { + /* need to assemble full command back so regexps can get full picture */ + sprintf(fullCommand, "%s %s", entry->hrSWRunPath, entry->hrSWRunParameters); ++#ifdef HAVE_PCRE2_H ++ found = pcre2_match(regexp.regex_ptr, fullCommand, strlen(fullCommand), 0, 0, ndx_match, NULL); ++#elif HAVE_PCRE_H + found = pcre_exec(regexp.regex_ptr, NULL, fullCommand, strlen(fullCommand), 0, 0, found_ndx, 30); ++#endif + if (found > 0) { + i++; + } + } + ITERATOR_RELEASE( it ); +- ++#ifdef HAVE_PCRE2_H ++ pcre2_match_data_free(ndx_match); ++#endif + return i; + } + #endif /* HAVE_PCRE_H */ +--- a/agent/mibgroup/if-mib/data_access/interface.c ++++ b/agent/mibgroup/if-mib/data_access/interface.c +@@ -16,7 +16,11 @@ + #include "if-mib/ifTable/ifTable.h" + #include "if-mib/data_access/interface.h" + #include "interface_private.h" +-#if HAVE_PCRE_H ++ ++#if defined(HAVE_PCRE2_H) ++#define PCRE2_CODE_UNIT_WIDTH 8 ++#include ++#elif defined(HAVE_PCRE_H) + #include + #elif HAVE_REGEX_H + #include +@@ -840,7 +844,13 @@ int netsnmp_access_interface_max_reached + int netsnmp_access_interface_include(const char *name) + { + netsnmp_include_if_list *if_ptr; +-#if HAVE_PCRE_H ++#if defined(HAVE_PCRE2_H) ++ //pcre_exec->pcre2_match ++ //ovector->pcre2_match_data ++ pcre2_match_data *ndx_match; ++ ndx_match = pcre2_match_data_create(3, NULL); ++ int *found_ndx = pcre2_get_ovector_pointer(ndx_match); ++#elif defined(HAVE_PCRE_H) + int found_ndx[3]; + #endif + +@@ -856,7 +866,13 @@ int netsnmp_access_interface_include(con + + + for (if_ptr = include_list; if_ptr; if_ptr = if_ptr->next) { +-#if HAVE_PCRE_H ++#if defined(HAVE_PCRE2_H) ++ if (pcre2_match(if_ptr->regex_ptr, name, strlen(name), 0, 0, ++ ndx_match, NULL) >= 0) { ++ pcre2_match_data_free(ndx_match); ++ return TRUE; ++ } ++#elif defined(HAVE_PCRE_H) + if (pcre_exec(if_ptr->regex_ptr, NULL, name, strlen(name), 0, 0, + found_ndx, 3) >= 0) + return TRUE; +@@ -869,6 +885,9 @@ int netsnmp_access_interface_include(con + #endif + } + ++#if defined(HAVE_PCRE2_H) ++ pcre2_match_data_free(ndx_match); ++#endif + return FALSE; + } + +@@ -980,7 +999,13 @@ _parse_include_if_config(const char *tok + { + netsnmp_include_if_list *if_ptr, *if_new; + char *name, *st; +-#if HAVE_PCRE_H ++#if defined(HAVE_PCRE2_H) ++ //we can only get the message upon calling pcre2_error_message. ++ // so an additional variable is required. ++ int pcre2_err_code; ++ unsigned char pcre2_error[128]; ++ int pcre2_error_offset; ++#elif defined(HAVE_PCRE_H) + const char *pcre_error; + int pcre_error_offset; + #elif HAVE_REGEX_H +@@ -1012,7 +1037,15 @@ _parse_include_if_config(const char *tok + config_perror("Out of memory"); + goto err; + } +-#if HAVE_PCRE_H ++#if defined(HAVE_PCRE2_H) ++ if_new->regex_ptr = pcre2_compile(if_new->name, PCRE2_ZERO_TERMINATED, 0, ++ &pcre2_err_code, &pcre2_error_offset, NULL); ++ if (!if_new->regex_ptr) { ++ pcre2_get_error_message(pcre2_err_code, pcre2_error, 128); ++ config_perror(pcre2_error); ++ goto err; ++ } ++#elif defined(HAVE_PCRE_H) + if_new->regex_ptr = pcre_compile(if_new->name, 0, &pcre_error, + &pcre_error_offset, NULL); + if (!if_new->regex_ptr) { +@@ -1048,7 +1081,7 @@ _parse_include_if_config(const char *tok + + err: + if (if_new) { +-#if defined(HAVE_PCRE_H) || defined(HAVE_REGEX_H) ++#if defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H) || defined(HAVE_REGEX_H) + free(if_new->regex_ptr); + #endif + free(if_new->name); +@@ -1063,7 +1096,7 @@ _free_include_if_config(void) + + while (if_ptr) { + if_next = if_ptr->next; +-#if HAVE_PCRE_H ++#if defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H) + free(if_ptr->regex_ptr); + #elif HAVE_REGEX_H + regfree(if_ptr->regex_ptr); +--- a/agent/mibgroup/struct.h ++++ b/agent/mibgroup/struct.h +@@ -30,7 +30,7 @@ struct extensible { + + struct myproc { + char name[STRMAX]; +-#if HAVE_PCRE_H ++#if defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H) + netsnmp_regex_ptr regexp; + #endif + char fixcmd[STRMAX]; +--- a/agent/mibgroup/ucd-snmp/proc.c ++++ b/agent/mibgroup/ucd-snmp/proc.c +@@ -39,7 +39,10 @@ + # include + # endif + #endif +-#if HAVE_PCRE_H ++#ifdef HAVE_PCRE2_H ++#define PCRE2_CODE_UNIT_WIDTH 8 ++#include ++#elif HAVE_PCRE_H + #include + #endif + +@@ -108,7 +111,7 @@ init_proc(void) + REGISTER_MIB("ucd-snmp/proc", extensible_proc_variables, variable2, + proc_variables_oid); + +-#ifdef HAVE_PCRE_H ++#if defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H) + #define proc_parse_usage "process-name [max-num] [min-num] [regexp]" + #else + #define proc_parse_usage "process-name [max-num] [min-num]" +@@ -134,7 +137,7 @@ proc_free_config(void) + for (ptmp = procwatch; ptmp != NULL;) { + ptmp2 = ptmp; + ptmp = ptmp->next; +-#if HAVE_PCRE_H ++#if defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H) + free(ptmp2->regexp.regex_ptr); + #endif + free(ptmp2); +@@ -208,7 +211,7 @@ proc_parse_config(const char *token, cha + if (*procp == NULL) + return; /* memory alloc error */ + numprocs++; +-#if HAVE_PCRE_H ++#if defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H) + (*procp)->regexp.regex_ptr = NULL; + #endif + /* +@@ -220,18 +223,31 @@ proc_parse_config(const char *token, cha + cptr = skip_not_white(cptr); + if ((cptr = skip_white(cptr))) { + (*procp)->min = atoi(cptr); +-#if HAVE_PCRE_H ++#if defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H) + cptr = skip_not_white(cptr); + if ((cptr = skip_white(cptr))) { ++ DEBUGMSGTL(("ucd-snmp/regexp_proc", "Loading regex %s\n", cptr)); ++#ifdef HAVE_PCRE2_H ++ unsigned char pcre2_error_msg[128]; ++ int pcre2_err_code; ++ int pcre2_error_offset; ++ ++ (*procp)->regexp.regex_ptr = ++ pcre2_compile(cptr, PCRE2_ZERO_TERMINATED, 0, &pcre2_err_code, &pcre2_error_offset, NULL); ++ pcre2_get_error_message(pcre2_err_code, pcre2_error_msg, 128); ++ if ((*procp)->regexp.regex_ptr == NULL) { ++ config_perror(pcre2_error_msg); ++ } ++#elif HAVE_PCRE_H + const char *pcre_error; + int pcre_error_offset; + +- DEBUGMSGTL(("ucd-snmp/regexp_proc", "Loading regex %s\n", cptr)); + (*procp)->regexp.regex_ptr = + pcre_compile(cptr, 0, &pcre_error, &pcre_error_offset, NULL); + if ((*procp)->regexp.regex_ptr == NULL) { + config_perror(pcre_error); + } ++#endif + } + #endif + } else +@@ -390,7 +406,7 @@ sh_count_myprocs(struct myproc *proc) + if (proc == NULL) + return 0; + +-#if defined(USING_HOST_DATA_ACCESS_SWRUN_MODULE) && defined(HAVE_PCRE_H) ++#if defined(USING_HOST_DATA_ACCESS_SWRUN_MODULE) && (defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H)) + if (proc->regexp.regex_ptr != NULL) + return sh_count_procs_by_regex(proc->name, proc->regexp); + #endif +@@ -406,7 +422,7 @@ sh_count_procs(char *procname) + return swrun_count_processes_by_name( procname ); + } + +-#if HAVE_PCRE_H ++#if defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H) + netsnmp_feature_require(swrun_count_processes_by_regex); + int + sh_count_procs_by_regex(char *procname, netsnmp_regex_ptr regexp) +--- a/agent/mibgroup/ucd-snmp/proc.h ++++ b/agent/mibgroup/ucd-snmp/proc.h +@@ -12,7 +12,7 @@ config_require(util_funcs) + extern WriteMethod fixProcError; + int sh_count_myprocs(struct myproc *); + int sh_count_procs(char *); +-#ifdef HAVE_PCRE_H ++#if defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H) + int sh_count_procs_by_regex(char *, netsnmp_regex_ptr); + #endif + +--- a/configure.d/config_os_libs1 ++++ b/configure.d/config_os_libs1 +@@ -97,6 +97,32 @@ LIBS="$netsnmp_save_LIBS" + # + # regex in process table + # ++if test "x$with_pcre2" != "xno"; then ++ AC_CHECK_HEADER([pcre2.h], [ ++ AC_DEFINE([HAVE_PCRE2_H], [1], [Define to 1 if you have .]) ++ pcre2_h=yes ++ ], ++ [pcre2_h=no], [#define PCRE2_CODE_UNIT_WIDTH 8] ++ ) ++fi ++if test "x$pcre2header_h" = "xno" -o "x$pcre2_h" = "xno" ; then ++ if test "x$with_pcre2" = "xyes" ; then ++ AC_MSG_ERROR([Could not find the pcre2 header file needed and was specifically asked to use pcre2 support]) ++ else ++ with_pcre2=no ++ fi ++fi ++ ++if test "x$with_pcre2" != "xno"; then ++ NETSNMP_SEARCH_LIBS([pcre2_match_8], [pcre2-8], [ ++ LMIBLIBS="$LMIBLIBS -lpcre2-8" ++ ],,, LAGENTLIBS) ++ AC_SUBST(LAGENTLIBS) ++ AC_SUBST(LMIBLIBS) ++fi ++ ++if test "x$with_pcre2" != "xyes"; then ++ + if test "x$with_pcre" != "xno"; then + AC_CHECK_HEADER([pcre.h], [ + AC_DEFINE([HAVE_PCRE_H], [1], [Define to 1 if you have .]) +@@ -121,3 +147,4 @@ NETSNMP_SEARCH_LIBS([pcre_exec], [pcre], + ],,, LAGENTLIBS) + AC_SUBST(LAGENTLIBS) + AC_SUBST(LMIBLIBS) ++fi +--- a/configure.d/config_project_with_enable ++++ b/configure.d/config_project_with_enable +@@ -160,6 +160,10 @@ NETSNMP_ARG_WITH(rpm, + management system when building the host MIB + module.]) + ++NETSNMP_ARG_WITH(pcre2-8, ++[ --without-pcre2 Don't include pcre2 process searching ++ support in the agent.], ++ with_pcre2="$withval", with_pcre2="maybe") + + NETSNMP_ARG_WITH(pcre, + [ --without-pcre Don't include pcre process searching +--- a/include/net-snmp/data_access/interface.h ++++ b/include/net-snmp/data_access/interface.h +@@ -10,7 +10,10 @@ + extern "C" { + #endif + +-#if HAVE_PCRE_H ++#if defined(HAVE_PCRE2_H) ++#define PCRE2_CODE_UNIT_WIDTH 8 ++#include ++#elif defined(HAVE_PCRE_H) + #include + #elif HAVE_REGEX_H + #include +@@ -211,7 +214,9 @@ typedef struct _conf_if_list { + typedef netsnmp_conf_if_list conf_if_list; /* backwards compat */ + + typedef struct _include_if_list { +-#if HAVE_PCRE_H ++#if defined(HAVE_PCRE2_H) ++ pcre2_code *regex_ptr; ++#elif defined(HAVE_PCRE_H) + pcre *regex_ptr; + #elif HAVE_REGEX_H + regex_t *regex_ptr; +--- a/include/net-snmp/data_access/swrun.h ++++ b/include/net-snmp/data_access/swrun.h +@@ -90,7 +90,7 @@ extern "C" { + int swrun_count_processes_by_name( char *name ); + + #if !defined(NETSNMP_FEATURE_REMOVE_SWRUN_COUNT_PROCESSES_BY_REGEX) \ +- && defined(HAVE_PCRE_H) ++ && (defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H)) + int swrun_count_processes_by_regex(char *name, netsnmp_regex_ptr regexp); + #endif + +--- a/include/net-snmp/types.h ++++ b/include/net-snmp/types.h +@@ -63,7 +63,7 @@ typedef long ssize_t; + typedef unsigned long int nfds_t; + #endif + +-#ifdef HAVE_PCRE_H ++#if defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H) + /* + * Abstract the pcre typedef such that not all *.c files have to include + * . diff --git a/net/net-snmp/patches/201-Run-autoreconf.patch b/net/net-snmp/patches/201-Run-autoreconf.patch new file mode 100644 index 000000000..b71b499cb --- /dev/null +++ b/net/net-snmp/patches/201-Run-autoreconf.patch @@ -0,0 +1,185 @@ +From 48b313ca34dbdf303fb232191d4f74e1d0fc9f06 Mon Sep 17 00:00:00 2001 +From: Bart Van Assche +Date: Sun, 21 May 2023 16:20:15 -0700 +Subject: [PATCH] Run autoreconf + +--- + configure | 126 ++++++++++++++++++++++++++ + include/net-snmp/net-snmp-config.h.in | 3 + + 2 files changed, 129 insertions(+) + +--- a/configure ++++ b/configure +@@ -898,6 +898,8 @@ with_dnssec + enable_dnssec + with_rpm + enable_rpm ++with_pcre2_8 ++enable_pcre2_8 + with_pcre + enable_pcre + with_install_prefix +@@ -1810,6 +1812,8 @@ Compiler Options: + --without-rpm Don't include support for the RPM package + management system when building the host MIB + module. ++ --without-pcre2 Don't include pcre2 process searching ++ support in the agent. + --without-pcre Don't include pcre process searching + support in the agent. + --with-install-prefix=PATH Just for installing, prefix all +@@ -4907,6 +4911,21 @@ fi + + + ++# Check whether --with-pcre2-8 was given. ++if test ${with_pcre2_8+y} ++then : ++ withval=$with_pcre2_8; with_pcre2="$withval" ++else $as_nop ++ with_pcre2="maybe" ++fi ++ ++ # Check whether --enable-pcre2-8 was given. ++if test ${enable_pcre2_8+y} ++then : ++ enableval=$enable_pcre2_8; as_fn_error $? "Invalid option. Use --with-pcre2-8/--without-pcre2-8 instead" "$LINENO" 5 ++fi ++ ++ + + # Check whether --with-pcre was given. + if test "${with_pcre+set}" = set; then : +@@ -22321,6 +22340,112 @@ LIBS="$netsnmp_save_LIBS" + # + # regex in process table + # ++if test "x$with_pcre2" != "xno"; then ++ ac_fn_c_check_header_compile "$LINENO" "pcre2.h" "ac_cv_header_pcre2_h" "#define PCRE2_CODE_UNIT_WIDTH 8 ++ ++" ++if test "x$ac_cv_header_pcre2_h" = xyes ++then : ++ ++ ++printf "%s\n" "#define HAVE_PCRE2_H 1" >>confdefs.h ++ ++ pcre2_h=yes ++ ++else $as_nop ++ pcre2_h=no ++fi ++ ++fi ++if test "x$pcre2header_h" = "xno" -o "x$pcre2_h" = "xno" ; then ++ if test "x$with_pcre2" = "xyes" ; then ++ as_fn_error $? "Could not find the pcre2 header file needed and was specifically asked to use pcre2 support" "$LINENO" 5 ++ else ++ with_pcre2=no ++ fi ++fi ++ ++if test "x$with_pcre2" != "xno"; then ++ ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing pcre2_match_8" >&5 ++printf %s "checking for library containing pcre2_match_8... " >&6; } ++if test ${netsnmp_cv_func_pcre2_match_8_LAGENTLIBS+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop ++ netsnmp_func_search_save_LIBS="$LIBS" ++ netsnmp_target_val="$LAGENTLIBS" ++ netsnmp_temp_LIBS="${netsnmp_target_val} ${LIBS}" ++ netsnmp_result=no ++ LIBS="${netsnmp_temp_LIBS}" ++ cat confdefs.h - <<_ACEOF >conftest.$ac_ext ++/* end confdefs.h. */ ++ ++/* Override any GCC internal prototype to avoid an error. ++ Use char because int might match the return type of a GCC ++ builtin and then its argument prototype would still apply. */ ++char pcre2_match_8 (); ++int ++main (void) ++{ ++return pcre2_match_8 (); ++ ; ++ return 0; ++} ++_ACEOF ++if ac_fn_c_try_link "$LINENO" ++then : ++ netsnmp_result="none required" ++else $as_nop ++ for netsnmp_cur_lib in pcre2-8 ; do ++ LIBS="-l${netsnmp_cur_lib} ${netsnmp_temp_LIBS}" ++ cat confdefs.h - <<_ACEOF >conftest.$ac_ext ++/* end confdefs.h. */ ++ ++/* Override any GCC internal prototype to avoid an error. ++ Use char because int might match the return type of a GCC ++ builtin and then its argument prototype would still apply. */ ++char pcre2_match_8 (); ++int ++main (void) ++{ ++return pcre2_match_8 (); ++ ; ++ return 0; ++} ++_ACEOF ++if ac_fn_c_try_link "$LINENO" ++then : ++ netsnmp_result=-l${netsnmp_cur_lib} ++ break ++fi ++rm -f core conftest.err conftest.$ac_objext conftest.beam \ ++ conftest$ac_exeext conftest.$ac_ext ++ done ++fi ++rm -f core conftest.err conftest.$ac_objext conftest.beam \ ++ conftest$ac_exeext conftest.$ac_ext ++ LIBS="${netsnmp_func_search_save_LIBS}" ++ netsnmp_cv_func_pcre2_match_8_LAGENTLIBS="${netsnmp_result}" ++fi ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $netsnmp_cv_func_pcre2_match_8_LAGENTLIBS" >&5 ++printf "%s\n" "$netsnmp_cv_func_pcre2_match_8_LAGENTLIBS" >&6; } ++ if test "${netsnmp_cv_func_pcre2_match_8_LAGENTLIBS}" != "no" ; then ++ if test "${netsnmp_cv_func_pcre2_match_8_LAGENTLIBS}" != "none required" ; then ++ LAGENTLIBS="${netsnmp_result} ${netsnmp_target_val}" ++ fi ++ ++ LMIBLIBS="$LMIBLIBS -lpcre2-8" ++ ++ ++ fi ++ ++ ++ ++fi ++ ++if test "x$with_pcre2" != "xyes"; then ++ + if test "x$with_pcre" != "xno"; then + ac_fn_c_check_header_mongrel "$LINENO" "pcre.h" "ac_cv_header_pcre_h" "$ac_includes_default" + if test "x$ac_cv_header_pcre_h" = xyes; then : +@@ -25886,6 +26011,7 @@ done + + + fi ++fi + + + +--- a/include/net-snmp/net-snmp-config.h.in ++++ b/include/net-snmp/net-snmp-config.h.in +@@ -722,6 +722,9 @@ + /* Define to 1 if you have the header file. */ + #undef HAVE_PCI_PCI_H + ++/* Define to 1 if you have . */ ++#undef HAVE_PCRE2_H ++ + /* Define to 1 if you have . */ + #undef HAVE_PCRE_H + diff --git a/net/net-snmp/patches/202-Improve-pcre2-support.patch b/net/net-snmp/patches/202-Improve-pcre2-support.patch new file mode 100644 index 000000000..4bd80603b --- /dev/null +++ b/net/net-snmp/patches/202-Improve-pcre2-support.patch @@ -0,0 +1,152 @@ +From 346b6f8959513320e5b674fd670c49ba2cd43af5 Mon Sep 17 00:00:00 2001 +From: Bart Van Assche +Date: Sun, 21 May 2023 16:18:56 -0700 +Subject: [PATCH] Improve pcre2 support + +Fix compiler warnings. Convert C++ comments to C comments. Make sure that +declarations occur before statements. +--- + agent/mibgroup/host/data_access/swrun.c | 17 ++++------ + agent/mibgroup/if-mib/data_access/interface.c | 32 ++++++++++--------- + agent/mibgroup/ucd-snmp/proc.c | 13 +++++--- + 3 files changed, 31 insertions(+), 31 deletions(-) + +--- a/agent/mibgroup/host/data_access/swrun.c ++++ b/agent/mibgroup/host/data_access/swrun.c +@@ -111,10 +111,7 @@ swrun_count_processes_by_regex( char *na + netsnmp_iterator *it; + int i = 0; + #ifdef HAVE_PCRE2_H +- pcre2_match_data *ndx_match; +- int *found_ndx; +- ndx_match = pcre2_match_data_create(30, NULL); +- found_ndx = pcre2_get_ovector_pointer(ndx_match); ++ pcre2_match_data *ndx_match = pcre2_match_data_create(30, NULL); + #elif HAVE_PCRE_H + int found_ndx[30]; + #endif +@@ -122,22 +119,20 @@ swrun_count_processes_by_regex( char *na + char fullCommand[64 + 128 + 128 + 3]; + + netsnmp_cache_check_and_reload(swrun_cache); +- if ( !swrun_container || !name || !regexp.regex_ptr ) ++ if ( !swrun_container || !name || !regexp.regex_ptr ) { + #ifdef HAVE_PCRE2_H +- { + pcre2_match_data_free(ndx_match); +- return 0; +- } +-#else +- return 0; /* or -1 */ + #endif ++ return 0; /* or -1 */ ++ } + + it = CONTAINER_ITERATOR( swrun_container ); + while ((entry = (netsnmp_swrun_entry*)ITERATOR_NEXT( it )) != NULL) { + /* need to assemble full command back so regexps can get full picture */ + sprintf(fullCommand, "%s %s", entry->hrSWRunPath, entry->hrSWRunParameters); + #ifdef HAVE_PCRE2_H +- found = pcre2_match(regexp.regex_ptr, fullCommand, strlen(fullCommand), 0, 0, ndx_match, NULL); ++ found = pcre2_match(regexp.regex_ptr, (unsigned char *)fullCommand, ++ strlen(fullCommand), 0, 0, ndx_match, NULL); + #elif HAVE_PCRE_H + found = pcre_exec(regexp.regex_ptr, NULL, fullCommand, strlen(fullCommand), 0, 0, found_ndx, 30); + #endif +--- a/agent/mibgroup/if-mib/data_access/interface.c ++++ b/agent/mibgroup/if-mib/data_access/interface.c +@@ -844,12 +844,8 @@ int netsnmp_access_interface_max_reached + int netsnmp_access_interface_include(const char *name) + { + netsnmp_include_if_list *if_ptr; +-#if defined(HAVE_PCRE2_H) +- //pcre_exec->pcre2_match +- //ovector->pcre2_match_data +- pcre2_match_data *ndx_match; +- ndx_match = pcre2_match_data_create(3, NULL); +- int *found_ndx = pcre2_get_ovector_pointer(ndx_match); ++#if defined(HAVE_PCRE2_H) ++ pcre2_match_data *ndx_match = pcre2_match_data_create(3, NULL); + #elif defined(HAVE_PCRE_H) + int found_ndx[3]; + #endif +@@ -867,8 +863,8 @@ int netsnmp_access_interface_include(con + + for (if_ptr = include_list; if_ptr; if_ptr = if_ptr->next) { + #if defined(HAVE_PCRE2_H) +- if (pcre2_match(if_ptr->regex_ptr, name, strlen(name), 0, 0, +- ndx_match, NULL) >= 0) { ++ if (pcre2_match(if_ptr->regex_ptr, (const unsigned char *)name, ++ strlen(name), 0, 0, ndx_match, NULL) >= 0) { + pcre2_match_data_free(ndx_match); + return TRUE; + } +@@ -1000,11 +996,13 @@ _parse_include_if_config(const char *tok + netsnmp_include_if_list *if_ptr, *if_new; + char *name, *st; + #if defined(HAVE_PCRE2_H) +- //we can only get the message upon calling pcre2_error_message. +- // so an additional variable is required. ++ /* ++ * We can only get the message upon calling pcre2_error_message. ++ * so an additional variable is required. ++ */ + int pcre2_err_code; +- unsigned char pcre2_error[128]; +- int pcre2_error_offset; ++ char pcre2_error[128]; ++ size_t pcre2_error_offset; + #elif defined(HAVE_PCRE_H) + const char *pcre_error; + int pcre_error_offset; +@@ -1038,10 +1036,14 @@ _parse_include_if_config(const char *tok + goto err; + } + #if defined(HAVE_PCRE2_H) +- if_new->regex_ptr = pcre2_compile(if_new->name, PCRE2_ZERO_TERMINATED, 0, +- &pcre2_err_code, &pcre2_error_offset, NULL); ++ if_new->regex_ptr = pcre2_compile((const unsigned char *)if_new->name, ++ PCRE2_ZERO_TERMINATED, 0, ++ &pcre2_err_code, &pcre2_error_offset, ++ NULL); + if (!if_new->regex_ptr) { +- pcre2_get_error_message(pcre2_err_code, pcre2_error, 128); ++ pcre2_get_error_message(pcre2_err_code, ++ (unsigned char *)pcre2_error, ++ sizeof(pcre2_error)); + config_perror(pcre2_error); + goto err; + } +--- a/agent/mibgroup/ucd-snmp/proc.c ++++ b/agent/mibgroup/ucd-snmp/proc.c +@@ -226,15 +226,17 @@ proc_parse_config(const char *token, cha + #if defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H) + cptr = skip_not_white(cptr); + if ((cptr = skip_white(cptr))) { +- DEBUGMSGTL(("ucd-snmp/regexp_proc", "Loading regex %s\n", cptr)); + #ifdef HAVE_PCRE2_H +- unsigned char pcre2_error_msg[128]; ++ char pcre2_error_msg[128]; + int pcre2_err_code; +- int pcre2_error_offset; ++ size_t pcre2_error_offset; + ++ DEBUGMSGTL(("ucd-snmp/regexp_proc", "Loading regex %s\n", cptr)); + (*procp)->regexp.regex_ptr = +- pcre2_compile(cptr, PCRE2_ZERO_TERMINATED, 0, &pcre2_err_code, &pcre2_error_offset, NULL); +- pcre2_get_error_message(pcre2_err_code, pcre2_error_msg, 128); ++ pcre2_compile((const unsigned char *)cptr, PCRE2_ZERO_TERMINATED, 0, &pcre2_err_code, &pcre2_error_offset, NULL); ++ pcre2_get_error_message(pcre2_err_code, ++ (unsigned char *)pcre2_error_msg, ++ sizeof(pcre2_error_msg)); + if ((*procp)->regexp.regex_ptr == NULL) { + config_perror(pcre2_error_msg); + } +@@ -242,6 +244,7 @@ proc_parse_config(const char *token, cha + const char *pcre_error; + int pcre_error_offset; + ++ DEBUGMSGTL(("ucd-snmp/regexp_proc", "Loading regex %s\n", cptr)); + (*procp)->regexp.regex_ptr = + pcre_compile(cptr, 0, &pcre_error, &pcre_error_offset, NULL); + if ((*procp)->regexp.regex_ptr == NULL) { From 41922f33b5f2cbc58e504469cdcd14ffa33ee5f3 Mon Sep 17 00:00:00 2001 From: Christian Marangi Date: Sun, 1 Oct 2023 00:43:21 +0200 Subject: [PATCH 05/28] aircrack-ng: bump to release 1.7 Bump aircrack-ng to release 1.7 Changelog from [1] Airdecap-ng: Endianness fixes Airdecap-ng: Output PCAP as little endian Airodump-ng: Fixed blank encryption field when APs have TKIP (and/or CCMP) with WPA2 Airodump-ng: Updated encryption filter (-t/--encrypt) for WPA3 and OWE Airodump-ng: Fixed out-of-order timestamp captures Airodump-ng: Ignore NULL PMKID Airodump-ng: Fixed dropping management frames with zeroed timestamp Airodump-ng: Fixed sorting where sometimes it started with a different field Airodump-ng: Allow setting colors only in AP selection mode Airodump-ng: Fix crash on 4K Linux console Airodump-ng: Fixed issue where existing clients not linked to an AP become hidden when hitting 'o' Airodump-ng: Allow use of WiFi 6E 6GHz frequencies Airodump-ng: Look for oui.txt in /usr/share/hwdata Airgraph-ng: Fixed graphviz package conflict Airgraph-ng: Fixed downloading OUI with python3 Airgraph-ng: Ensure support/ directory is created when installing Aircrack-ng: Fixed static compilation Aircrack-ng: Fix handshake replay counter logic Aircrack-ng: Handle timeout when parsing EAPOL Aircrack-ng: Fixed WEP display Aircrack-ng: Fixed spurious EXIT messages Aircrack-ng: Improved handshake selection by fixing EAPOL timing and clearing state Aircrack-ng: Ignore NULL PMKID Aircrack-ng: Added Apple M1 detection Aireplay-ng: In test mode, detect tampering of sequence number by firmware/driver Aireplay-ng: Fixed incorrectly rewritten loops affecting fragmentation attack, and in some cases, SKA fake auth Aireplay-ng: Fixed a bunch of instances where packets had their duration updated instead of the sequence number Airmon-ng: Fix avahi killing Airmon-ng: rewrite service stopping entirely Airmon-ng: Codestyle fixes and code cleanup Airmon-ng: Added a few Raspberry Pi hardware revisions Airmon-ng: Fixes for 8812au driver Airmon-ng: Fix iwlwifi firmware formatting Airmon-ng: Remove broken KVM detection Airmon-ng: Show regdomain in verbose mode Airmon-ng: Updated Raspberry Pi hardware revisions Airmon-ng: Document frequency usage Airmon-ng: Add a sleep to help predictable names due to udev sometimes renaming interface Airmon-ng: Added warning for broken radiotap headers in kernel 5.15 to 5.15.4 Airmon-ng: shellcheck fixes Airmon-ng: support systemctl as some systems don't support 'service' anymore Airmon-ng: Fixes for pciutils 3.8, backward compatible Airbase-ng: use enum for frame type/subtype Airbase-ng: remove a few IE in association responses Besside-ng: Support and detect all channels in 5GHz in Auto-Channel mode OSdep: Search additional IE for channel information OSdep: Android macro fixes Patches: Add missing patches that were on https://patches.aircrack-ng.org but not in repo Patches: Updated freeradius-wpe patch for v3.2.0 Patches: Updated hostapd-wpe patch for v2.10 Patches: Added docker containers to test WPE patches Autotools: make dist now creates VERSION file Autotools: Added maintainer mode Autotools: Initial support for Link Time Optimization (LTO) builds Integration tests: Added a new test, and improved some existing ones Airgraph-ng: switch airodump-join to Python 3 Manpages: Fixes (typos, tools name, etc.) and improvements README: Updated dependencies and their installation on various distros in README.md and INSTALLING README: Fixed typos and spelling in README.md and INSTALLING Packages: Packages on PackageCloud now support any distro using .deb and .rpm, however, it requires reinstalling repo (BREAKING CHANGE) General: Fix compilation with LibreSSL 3.5 General: Fix issues reported by Infer General: Updated buildbots General: Add Linux uclibc support General: Compilation fixes on macOS with the Apple M1 CPU General: Removed TravisCI and AppVeyor General: Use Github Actions for CI (Linux, Win, macOS, code style, and PVS-Studio) General: Added vscode devcontainer and documentation General: Fix warnings from PVS-Studio and build with pedantic (See PR2174) General: Shell script fixes thanks to shellcheck General: Fixes for GCC 10 and 11 General: Fixed cross-compilation General: Code refactoring, deduplication, cleanup, and misc code improvements General: Coverity Scan fixes, which includes memory leaks, race conditions, division by 0, and other issues General: PVS Studio improvements,fixes and updates General: Code formatting/style fixes General: Various fixes and improvements (code, CI, integration tests, coverity) General: Update bug reporting template and update the process [1] https://aircrack-ng.blogspot.com/2022/05/aircrack-ng-17.html Signed-off-by: Christian Marangi --- net/aircrack-ng/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/aircrack-ng/Makefile b/net/aircrack-ng/Makefile index 1323a0e6b..34ec2055e 100644 --- a/net/aircrack-ng/Makefile +++ b/net/aircrack-ng/Makefile @@ -8,15 +8,15 @@ include $(TOPDIR)/rules.mk PKG_NAME:=aircrack-ng -PKG_VERSION:=1.6 -PKG_RELEASE:=3 +PKG_VERSION:=1.7 +PKG_RELEASE:=1 PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=LICENSE PKG_CPE_ID:=cpe:/a:aircrack-ng:aircrack-ng PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://download.aircrack-ng.org/ -PKG_HASH:=4f0bfd486efc6ea7229f7fbc54340ff8b2094a0d73e9f617e0a39f878999a247 +PKG_HASH:=05a704e3c8f7792a17315080a21214a4448fd2452c1b0dd5226a3a55f90b58c3 PKG_BUILD_PARALLEL:=1 PKG_INSTALL:=1 From cb1f7c7ee4e5e0978a3004a94af8016c85791eed Mon Sep 17 00:00:00 2001 From: Christian Marangi Date: Sun, 1 Oct 2023 00:45:06 +0200 Subject: [PATCH 06/28] aircrack-ng: backport patch and move package to pcre2 Backport patch merged upstream for PCRE2 support and move package to pcre2. Also add an additional patch pending to fix linking both pcre and pcre2 if autotools detect both library. (aircrack-ng prefer pcre2 in presence of both) Signed-off-by: Christian Marangi --- net/aircrack-ng/Makefile | 2 +- ...100-01-autotools-add-PCRE2-detection.patch | 94 ++++++++++ ...100-02-airodump-ng-add-PCRE2-support.patch | 142 +++++++++++++++ .../100-03-besside-ng-add-PCRE2-support.patch | 146 ++++++++++++++++ ...4-makefile-add-PCRE2-to-linker-flags.patch | 29 +++ ...ump_write-remove-unused-PCRE-include.patch | 21 +++ ...pat-pcre-add-compat-type-PCRE-header.patch | 114 ++++++++++++ ...0-08-airodump-ng-utilize-compat-pcre.patch | 146 ++++++++++++++++ ...00-09-besside-ng-utilize-compat-pcre.patch | 165 ++++++++++++++++++ ...-PCRE2_CFLAGS-to-airodump-and-bessid.patch | 29 +++ ...-PCRE2-to-libaccrypto-and-libaircrac.patch | 37 ++++ ...icate-if-PCRE-or-PCRE2-is-being-used.patch | 132 ++++++++++++++ ...PCRE-CFLAGS-LIBS-with-both-PCRE-and-.patch | 39 +++++ 13 files changed, 1095 insertions(+), 1 deletion(-) create mode 100644 net/aircrack-ng/patches/100-01-autotools-add-PCRE2-detection.patch create mode 100644 net/aircrack-ng/patches/100-02-airodump-ng-add-PCRE2-support.patch create mode 100644 net/aircrack-ng/patches/100-03-besside-ng-add-PCRE2-support.patch create mode 100644 net/aircrack-ng/patches/100-04-makefile-add-PCRE2-to-linker-flags.patch create mode 100644 net/aircrack-ng/patches/100-05-airodump-ng-dump_write-remove-unused-PCRE-include.patch create mode 100644 net/aircrack-ng/patches/100-07-compat-pcre-add-compat-type-PCRE-header.patch create mode 100644 net/aircrack-ng/patches/100-08-airodump-ng-utilize-compat-pcre.patch create mode 100644 net/aircrack-ng/patches/100-09-besside-ng-utilize-compat-pcre.patch create mode 100644 net/aircrack-ng/patches/101-02-src-makefile-add-PCRE2_CFLAGS-to-airodump-and-bessid.patch create mode 100644 net/aircrack-ng/patches/101-03-lib-makefile-add-PCRE2-to-libaccrypto-and-libaircrac.patch create mode 100644 net/aircrack-ng/patches/102-autotools-indicate-if-PCRE-or-PCRE2-is-being-used.patch create mode 100644 net/aircrack-ng/patches/103-autotools-reset-PCRE-CFLAGS-LIBS-with-both-PCRE-and-.patch diff --git a/net/aircrack-ng/Makefile b/net/aircrack-ng/Makefile index 34ec2055e..70a13a0d4 100644 --- a/net/aircrack-ng/Makefile +++ b/net/aircrack-ng/Makefile @@ -40,7 +40,7 @@ include $(INCLUDE_DIR)/package.mk define Package/aircrack-ng SECTION:=net CATEGORY:=Network - DEPENDS:=+AIRCRACK_NG_HWLOC:libhwloc +libpcap +libpcre +libpthread +libstdcpp + DEPENDS:=+AIRCRACK_NG_HWLOC:libhwloc +libpcap +libpcre2 +libpthread +libstdcpp DEPENDS += +AIRCRACK_NG_OPENSSL:libopenssl DEPENDS += +AIRCRACK_NG_GCRYPT:libgcrypt DEPENDS += +AIRCRACK_NG_SQLITE3:libsqlite3 diff --git a/net/aircrack-ng/patches/100-01-autotools-add-PCRE2-detection.patch b/net/aircrack-ng/patches/100-01-autotools-add-PCRE2-detection.patch new file mode 100644 index 000000000..95079ef7f --- /dev/null +++ b/net/aircrack-ng/patches/100-01-autotools-add-PCRE2-detection.patch @@ -0,0 +1,94 @@ +From 6b05dc10cdcf45d50bc8f9dd74667a3ff399a059 Mon Sep 17 00:00:00 2001 +From: Andras Gemes +Date: Fri, 20 Jan 2023 14:52:12 +0100 +Subject: [PATCH 1/9] autotools: add PCRE2 detection + +--- + build/m4/aircrack_ng_pcre2.m4 | 61 +++++++++++++++++++++++++++++++++++ + configure.ac | 2 ++ + 2 files changed, 63 insertions(+) + create mode 100644 build/m4/aircrack_ng_pcre2.m4 + +--- /dev/null ++++ b/build/m4/aircrack_ng_pcre2.m4 +@@ -0,0 +1,61 @@ ++dnl Aircrack-ng ++dnl ++dnl Copyright (C) 2023 Andras Gemes ++dnl ++dnl Autotool support was written by: Joseph Benden ++dnl ++dnl This program is free software; you can redistribute it and/or modify ++dnl it under the terms of the GNU General Public License as published by ++dnl the Free Software Foundation; either version 2 of the License, or ++dnl (at your option) any later version. ++dnl ++dnl This program is distributed in the hope that it will be useful, ++dnl but WITHOUT ANY WARRANTY; without even the implied warranty of ++dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++dnl GNU General Public License for more details. ++dnl ++dnl You should have received a copy of the GNU General Public License ++dnl along with this program; if not, write to the Free Software ++dnl Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA ++dnl ++dnl In addition, as a special exception, the copyright holders give ++dnl permission to link the code of portions of this program with the ++dnl OpenSSL library under certain conditions as described in each ++dnl individual source file, and distribute linked combinations ++dnl including the two. ++dnl ++dnl You must obey the GNU General Public License in all respects ++dnl for all of the code used other than OpenSSL. ++dnl ++dnl If you modify file(s) with this exception, you may extend this ++dnl exception to your dnl version of the file(s), but you are not obligated ++dnl to do so. ++dnl ++dnl If you dnl do not wish to do so, delete this exception statement from your ++dnl version. ++dnl ++dnl If you delete this exception statement from all source files in the ++dnl program, then also delete it here. ++ ++AC_DEFUN([AIRCRACK_NG_PCRE2], [ ++AC_ARG_ENABLE(static-pcre2, ++ AS_HELP_STRING([--enable-static-pcre2], ++ [Enable statically linked PCRE2 libpcre2-8.]), ++ [static_pcre2=$enableval], [static_pcre2=no]) ++ ++if test "x$static_pcre2" != "xno"; then ++ AC_REQUIRE([AX_EXT_HAVE_STATIC_LIB_DETECT]) ++ AX_EXT_HAVE_STATIC_LIB(PCRE2, ${DEFAULT_STATIC_LIB_SEARCH_PATHS}, pcre2 libpcre2-8, pcre2_version) ++ if test "x$PCRE2_FOUND" = xyes; then ++ HAVE_PCRE2=yes ++ else ++ HAVE_PCRE2=no ++ fi ++else ++ PKG_CHECK_MODULES(PCRE2, libpcre2-8, HAVE_PCRE2=yes, HAVE_PCRE2=no) ++fi ++ ++AS_IF([test "x$HAVE_PCRE2" = "xyes"], [ ++ AC_DEFINE([HAVE_PCRE2], [1], [Define this if you have libpcre2-8 on your system]) ++]) ++]) +\ No newline at end of file +--- a/configure.ac ++++ b/configure.ac +@@ -144,6 +144,7 @@ AIRCRACK_NG_EXT_SCRIPTS + AIRCRACK_NG_HWLOC + AIRCRACK_NG_PCAP + AIRCRACK_NG_PCRE ++AIRCRACK_NG_PCRE2 + AIRCRACK_NG_RFKILL + AIRCRACK_NG_SQLITE + AIRCRACK_NG_ZLIB +@@ -320,6 +321,7 @@ ${PACKAGE} ${VERSION} + Jemalloc: ${JEMALLOC} + Pcap: ${PCAP_FOUND} + Pcre: ${HAVE_PCRE} ++ Pcre2: ${HAVE_PCRE2} + Sqlite: ${HAVE_SQLITE3} + Tcmalloc: ${TCMALLOC} + Zlib: ${HAVE_ZLIB} diff --git a/net/aircrack-ng/patches/100-02-airodump-ng-add-PCRE2-support.patch b/net/aircrack-ng/patches/100-02-airodump-ng-add-PCRE2-support.patch new file mode 100644 index 000000000..63210b681 --- /dev/null +++ b/net/aircrack-ng/patches/100-02-airodump-ng-add-PCRE2-support.patch @@ -0,0 +1,142 @@ +From 37bc38a1749f61f3e54dbebca7b33df844b6de82 Mon Sep 17 00:00:00 2001 +From: Andras Gemes +Date: Fri, 20 Jan 2023 14:53:59 +0100 +Subject: [PATCH 2/9] airodump-ng: add PCRE2 support + +--- + src/airodump-ng/airodump-ng.c | 75 +++++++++++++++++++++++++++++++---- + 1 file changed, 67 insertions(+), 8 deletions(-) + +--- a/src/airodump-ng/airodump-ng.c ++++ b/src/airodump-ng/airodump-ng.c +@@ -68,7 +68,10 @@ + + #include + +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++#define PCRE2_CODE_UNIT_WIDTH 8 ++#include ++#elif defined HAVE_PCRE + #include + #endif + +@@ -150,7 +153,10 @@ static struct local_options + unsigned char prev_bssid[6]; + char ** f_essid; + int f_essid_count; +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++ pcre2_code * f_essid_regex; ++ pcre2_match_data * f_essid_match_data; ++#elif defined HAVE_PCRE + pcre * f_essid_regex; + #endif + char * dump_prefix; +@@ -784,7 +790,7 @@ static const char usage[] = + " --netmask : Filter APs by mask\n" + " --bssid : Filter APs by BSSID\n" + " --essid : Filter APs by ESSID\n" +-#ifdef HAVE_PCRE ++#if defined HAVE_PCRE2 || defined HAVE_PCRE + " --essid-regex : Filter APs by ESSID using a regular\n" + " expression\n" + #endif +@@ -857,7 +863,22 @@ int is_filtered_essid(const uint8_t * es + ret = 1; + } + +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++ if (lopt.f_essid_regex) ++ { ++ lopt.f_essid_match_data ++ = pcre2_match_data_create_from_pattern(lopt.f_essid_regex, NULL); ++ ++ return pcre2_match(lopt.f_essid_regex, ++ (PCRE2_SPTR) essid, ++ (int) strnlen((char *) essid, ESSID_LENGTH), ++ 0, ++ 0, ++ lopt.f_essid_match_data, ++ 0) ++ < 0; ++ } ++#elif defined HAVE_PCRE + if (lopt.f_essid_regex) + { + return pcre_exec(lopt.f_essid_regex, +@@ -5782,7 +5803,10 @@ int main(int argc, char * argv[]) + int wi_read_failed = 0; + int n = 0; + int output_format_first_time = 1; +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++ int pcreerror; ++ PCRE2_SIZE pcreerroffset; ++#elif defined HAVE_PCRE + const char * pcreerror; + int pcreerroffset; + #endif +@@ -5938,7 +5962,9 @@ int main(int argc, char * argv[]) + #ifdef CONFIG_LIBNL + lopt.htval = CHANNEL_NO_HT; + #endif +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++ lopt.f_essid_regex = NULL; ++#elif defined HAVE_PCRE + lopt.f_essid_regex = NULL; + #endif + +@@ -6359,7 +6385,34 @@ int main(int argc, char * argv[]) + + case 'R': + +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++ if (lopt.f_essid_regex != NULL) ++ { ++ printf("Error: ESSID regular expression already given. " ++ "Aborting\n"); ++ exit(EXIT_FAILURE); ++ } ++ ++ lopt.f_essid_regex = pcre2_compile((PCRE2_SPTR) optarg, ++ PCRE2_ZERO_TERMINATED, ++ 0, ++ &pcreerror, ++ &pcreerroffset, ++ NULL); ++ ++ if (lopt.f_essid_regex == NULL) ++ { ++ PCRE2_UCHAR pcreerrbuffer[256]; ++ pcre2_get_error_message( ++ pcreerror, pcreerrbuffer, sizeof(pcreerrbuffer)); ++ ++ printf("Error: regular expression compilation failed at " ++ "offset %lu: %s; aborting\n", ++ pcreerroffset, ++ pcreerrbuffer); ++ exit(EXIT_FAILURE); ++ } ++#elif defined HAVE_PCRE + if (lopt.f_essid_regex != NULL) + { + printf("Error: ESSID regular expression already given. " +@@ -7297,7 +7350,13 @@ int main(int argc, char * argv[]) + + if (lopt.keyout) free(lopt.keyout); + +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++ if (lopt.f_essid_regex) ++ { ++ pcre2_match_data_free(lopt.f_essid_match_data); ++ pcre2_code_free(lopt.f_essid_regex); ++ } ++#elif defined HAVE_PCRE + if (lopt.f_essid_regex) pcre_free(lopt.f_essid_regex); + #endif + diff --git a/net/aircrack-ng/patches/100-03-besside-ng-add-PCRE2-support.patch b/net/aircrack-ng/patches/100-03-besside-ng-add-PCRE2-support.patch new file mode 100644 index 000000000..810007eaa --- /dev/null +++ b/net/aircrack-ng/patches/100-03-besside-ng-add-PCRE2-support.patch @@ -0,0 +1,146 @@ +From dbc80d96cfba2dab959ab20bf76f8dd4f517bd29 Mon Sep 17 00:00:00 2001 +From: Andras Gemes +Date: Fri, 20 Jan 2023 14:55:18 +0100 +Subject: [PATCH 3/9] besside-ng: add PCRE2 support + +--- + src/besside-ng/besside-ng.c | 86 ++++++++++++++++++++++++++++++++++--- + 1 file changed, 79 insertions(+), 7 deletions(-) + +--- a/src/besside-ng/besside-ng.c ++++ b/src/besside-ng/besside-ng.c +@@ -57,7 +57,10 @@ + #include + #include + +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++#define PCRE2_CODE_UNIT_WIDTH 8 ++#include ++#elif defined HAVE_PCRE + #include + #endif + +@@ -155,7 +158,10 @@ static struct conf + int cf_do_wep; + int cf_do_wpa; + char * cf_wpa_server; +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++ pcre2_code * cf_essid_regex; ++ pcre2_match_data * cf_essid_match_data; ++#elif defined HAVE_PCRE + pcre * cf_essid_regex; + #endif + } _conf; +@@ -1116,7 +1122,31 @@ static void attack_ping(void * a) + timer_in(100 * 1000, attack_ping, n); + } + +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++static int is_filtered_essid(char * essid) ++{ ++ REQUIRE(essid != NULL); ++ ++ int ret = 0; ++ ++ if (_conf.cf_essid_regex) ++ { ++ _conf.cf_essid_match_data ++ = pcre2_match_data_create_from_pattern(_conf.cf_essid_regex, NULL); ++ ++ return pcre2_match(_conf.cf_essid_regex, ++ (PCRE2_SPTR) essid, ++ (int) strnlen((char *) essid, MAX_IE_ELEMENT_SIZE), ++ 0, ++ 0, ++ _conf.cf_essid_match_data, ++ 0) ++ < 0; ++ } ++ ++ return (ret); ++} ++#elif defined HAVE_PCRE + static int is_filtered_essid(char * essid) + { + REQUIRE(essid != NULL); +@@ -1148,7 +1178,12 @@ static int should_attack(struct network + if (_conf.cf_bssid && memcmp(_conf.cf_bssid, n->n_bssid, 6) != 0) + return (0); + +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++ if (is_filtered_essid(n->n_ssid)) ++ { ++ return (0); ++ } ++#elif defined HAVE_PCRE + if (is_filtered_essid(n->n_ssid)) + { + return (0); +@@ -3007,7 +3042,13 @@ static void cleanup(int UNUSED(x)) + + print_work(); + +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++ if (_conf.cf_essid_regex) ++ { ++ pcre2_match_data_free(_conf.cf_essid_match_data); ++ pcre2_code_free(_conf.cf_essid_regex); ++ } ++#elif defined HAVE_PCRE + if (_conf.cf_essid_regex) pcre_free(_conf.cf_essid_regex); + #endif + +@@ -3295,7 +3336,10 @@ static void usage(char * prog) + int main(int argc, char * argv[]) + { + int ch, temp; +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++ int pcreerror; ++ PCRE2_SIZE pcreerroffset; ++#elif defined HAVE_PCRE + const char * pcreerror; + int pcreerroffset; + #endif +@@ -3349,7 +3393,35 @@ int main(int argc, char * argv[]) + break; + + case 'R': +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++ if (_conf.cf_essid_regex != NULL) ++ { ++ printf("Error: ESSID regular expression already given. " ++ "Aborting\n"); ++ exit(EXIT_FAILURE); ++ } ++ ++ _conf.cf_essid_regex = pcre2_compile((PCRE2_SPTR) optarg, ++ PCRE2_ZERO_TERMINATED, ++ 0, ++ &pcreerror, ++ &pcreerroffset, ++ NULL); ++ ++ if (_conf.cf_essid_regex == NULL) ++ { ++ PCRE2_UCHAR pcreerrbuffer[256]; ++ pcre2_get_error_message( ++ pcreerror, pcreerrbuffer, sizeof(pcreerrbuffer)); ++ ++ printf("Error: regular expression compilation failed at " ++ "offset %lu: %s; aborting\n", ++ pcreerroffset, ++ pcreerrbuffer); ++ exit(EXIT_FAILURE); ++ } ++ break; ++#elif defined HAVE_PCRE + if (_conf.cf_essid_regex != NULL) + { + printf("Error: ESSID regular expression already given. " diff --git a/net/aircrack-ng/patches/100-04-makefile-add-PCRE2-to-linker-flags.patch b/net/aircrack-ng/patches/100-04-makefile-add-PCRE2-to-linker-flags.patch new file mode 100644 index 000000000..be5b886c5 --- /dev/null +++ b/net/aircrack-ng/patches/100-04-makefile-add-PCRE2-to-linker-flags.patch @@ -0,0 +1,29 @@ +From ca05a44c449be3c433ea67c04f11d544ab62395f Mon Sep 17 00:00:00 2001 +From: Andras Gemes +Date: Fri, 20 Jan 2023 14:57:16 +0100 +Subject: [PATCH 4/9] makefile: add PCRE2 to linker flags + +--- + src/Makefile.inc | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/src/Makefile.inc ++++ b/src/Makefile.inc +@@ -130,7 +130,7 @@ aireplay_ng_LDADD = $(COMMON_LDADD) $(L + airodump_ng_SOURCES = $(SRC_ADU) $(SRC_DWRITE) + airodump_ng_CFLAGS = $(COMMON_CFLAGS) $(PCRE_CFLAGS) $(LIBNL_CFLAGS) + airodump_ng_CPPFLAGS = $(AM_CPPFLAGS) -I$(abs_srcdir)/src/airodump-ng +-airodump_ng_LDADD = $(COMMON_LDADD) $(PCRE_LIBS) $(LIBAIRCRACK_OSDEP_LIBS) $(LIBACCRYPTO_LIBS) $(LIBAIRCRACK_CE_WEP_LIBS) $(AIRPCAP_LIBS) $(LIBAIRCRACK_LIBS) $(CRYPTO_LIBS) ++airodump_ng_LDADD = $(COMMON_LDADD) $(PCRE_LIBS) $(PCRE2_LIBS) $(LIBAIRCRACK_OSDEP_LIBS) $(LIBACCRYPTO_LIBS) $(LIBAIRCRACK_CE_WEP_LIBS) $(AIRPCAP_LIBS) $(LIBAIRCRACK_LIBS) $(CRYPTO_LIBS) + + airserv_ng_SOURCES = $(SRC_AS) + airserv_ng_CFLAGS = $(COMMON_CFLAGS) $(LIBNL_CFLAGS) +@@ -164,7 +164,7 @@ buddy_ng_LDADD = $(COMMON_LDADD) $(LIBA + + besside_ng_SOURCES = $(SRC_BS) + besside_ng_CFLAGS = $(COMMON_CFLAGS) $(PCRE_CFLAGS) $(LIBNL_CFLAGS) +-besside_ng_LDADD = $(COMMON_LDADD) $(PCRE_LIBS) $(LIBAIRCRACK_OSDEP_LIBS) $(LIBACCRYPTO_LIBS) $(LIBPTW_LIBS) $(AIRPCAP_LIBS) $(LIBAIRCRACK_LIBS) $(CRYPTO_LIBS) ++besside_ng_LDADD = $(COMMON_LDADD) $(PCRE_LIBS) $(PCRE2_LIBS) $(LIBAIRCRACK_OSDEP_LIBS) $(LIBACCRYPTO_LIBS) $(LIBPTW_LIBS) $(AIRPCAP_LIBS) $(LIBAIRCRACK_LIBS) $(CRYPTO_LIBS) + + besside_ng_crawler_SOURCES = $(SRC_BC) + besside_ng_crawler_CFLAGS = $(COMMON_CFLAGS) $(PCAP_CFLAGS) diff --git a/net/aircrack-ng/patches/100-05-airodump-ng-dump_write-remove-unused-PCRE-include.patch b/net/aircrack-ng/patches/100-05-airodump-ng-dump_write-remove-unused-PCRE-include.patch new file mode 100644 index 000000000..6b64fb63e --- /dev/null +++ b/net/aircrack-ng/patches/100-05-airodump-ng-dump_write-remove-unused-PCRE-include.patch @@ -0,0 +1,21 @@ +From fa532b05d48e856c774837b83a3323dafcc8c33e Mon Sep 17 00:00:00 2001 +From: Andras Gemes +Date: Fri, 20 Jan 2023 14:58:35 +0100 +Subject: [PATCH 5/9] airodump-ng/dump_write: remove unused PCRE include + +--- + src/airodump-ng/dump_write.c | 3 --- + 1 file changed, 3 deletions(-) + +--- a/src/airodump-ng/dump_write.c ++++ b/src/airodump-ng/dump_write.c +@@ -45,9 +45,6 @@ + #include // ftruncate + #include // ftruncate + #include +-#ifdef HAVE_PCRE +-#include +-#endif + + #include "aircrack-ng/defs.h" + #include "airodump-ng.h" diff --git a/net/aircrack-ng/patches/100-07-compat-pcre-add-compat-type-PCRE-header.patch b/net/aircrack-ng/patches/100-07-compat-pcre-add-compat-type-PCRE-header.patch new file mode 100644 index 000000000..51df8ea2b --- /dev/null +++ b/net/aircrack-ng/patches/100-07-compat-pcre-add-compat-type-PCRE-header.patch @@ -0,0 +1,114 @@ +From bac9b5fed2bb29e13326c90d7c12a6936fe9f04b Mon Sep 17 00:00:00 2001 +From: Andras Gemes +Date: Sat, 21 Jan 2023 19:29:58 +0100 +Subject: [PATCH 7/9] compat-pcre: add compat-type PCRE header + +--- + include/Makefile.inc | 1 + + include/aircrack-ng/pcre/compat-pcre.h | 90 ++++++++++++++++++++++++++ + 2 files changed, 91 insertions(+) + create mode 100644 include/aircrack-ng/pcre/compat-pcre.h + +--- a/include/Makefile.inc ++++ b/include/Makefile.inc +@@ -71,6 +71,7 @@ nobase_aircrack_HEADERS = %D%/aircrack- + %D%/aircrack-ng/osdep/network.h \ + %D%/aircrack-ng/osdep/osdep.h \ + %D%/aircrack-ng/osdep/packed.h \ ++ %D%/aircrack-ng/pcre/compat-pcre.h \ + %D%/aircrack-ng/ptw/aircrack-ptw-lib.h \ + %D%/aircrack-ng/support/common.h \ + %D%/aircrack-ng/support/communications.h \ +--- /dev/null ++++ b/include/aircrack-ng/pcre/compat-pcre.h +@@ -0,0 +1,90 @@ ++/* ++* Copyright (C) 2023 Andras Gemes ++* ++* This program is free software; you can redistribute it and/or modify ++* it under the terms of the GNU General Public License as published by ++* the Free Software Foundation; either version 2 of the License, or ++* (at your option) any later version. ++* ++* This program is distributed in the hope that it will be useful, ++* but WITHOUT ANY WARRANTY; without even the implied warranty of ++* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++* GNU General Public License for more details. ++* ++* You should have received a copy of the GNU General Public License ++* along with this program; if not, write to the Free Software ++* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA ++* ++* ++* In addition, as a special exception, the copyright holders give ++* permission to link the code of portions of this program with the ++* OpenSSL library under certain conditions as described in each ++* individual source file, and distribute linked combinations ++* including the two. ++* You must obey the GNU General Public License in all respects ++* for all of the code used other than OpenSSL. * If you modify ++* file(s) with this exception, you may extend this exception to your ++* version of the file(s), but you are not obligated to do so. * If you ++* do not wish to do so, delete this exception statement from your ++* version. * If you delete this exception statement from all source ++* files in the program, then also delete it here. ++*/ ++ ++#ifndef AIRCRACK_NG_COMPAT_PCRE_H ++#define AIRCRACK_NG_COMPAT_PCRE_H ++ ++#ifdef HAVE_PCRE2 ++#define PCRE2_CODE_UNIT_WIDTH 8 ++#include ++#elif defined HAVE_PCRE ++#include ++#endif ++ ++#ifdef HAVE_PCRE2 ++#define COMPAT_PCRE_COMPILE(pattern, pcreerror, pcreerroffset) \ ++ pcre2_compile((PCRE2_SPTR) (pattern), \ ++ PCRE2_ZERO_TERMINATED, \ ++ 0, \ ++ (pcreerror), \ ++ (pcreerroffset), \ ++ NULL) ++#elif defined HAVE_PCRE ++#define COMPAT_PCRE_COMPILE(pattern, pcreerror, pcreerroffset) \ ++ pcre_compile((pattern), 0, (pcreerror), (pcreerroffset), NULL) ++#endif ++ ++#ifdef HAVE_PCRE2 ++#define COMPAT_PCRE_MATCH(regex, essid, length, match_data) \ ++ pcre2_match((regex), \ ++ (PCRE2_SPTR) (essid), \ ++ (int) strnlen((char *) (essid), (length)), \ ++ 0, \ ++ 0, \ ++ (match_data), \ ++ 0) ++#elif defined HAVE_PCRE ++#define COMPAT_PCRE_MATCH(regex, essid, length, match_data) \ ++ pcre_exec((regex), \ ++ NULL, \ ++ (char *) (essid), \ ++ strnlen((char *) (essid), (length)), \ ++ 0, \ ++ 0, \ ++ NULL, \ ++ 0) ++#endif ++ ++#ifdef HAVE_PCRE2 ++#define COMPAT_PCRE_PRINT_ERROR(pcreerroffset, pcreerr) \ ++ printf("Error: regular expression compilation failed at " \ ++ "offset %zu: %s; aborting\n", \ ++ (pcreerroffset), \ ++ (pcreerr)) ++#elif defined HAVE_PCRE ++#define COMPAT_PCRE_PRINT_ERROR(pcreerroffset, pcreerrorbuf) \ ++ printf("Error: regular expression compilation failed at " \ ++ "offset %d: %s; aborting\n", \ ++ (pcreerroffset), \ ++ (pcreerrorbuf)) ++#endif ++#endif //AIRCRACK_NG_COMPAT_PCRE_H diff --git a/net/aircrack-ng/patches/100-08-airodump-ng-utilize-compat-pcre.patch b/net/aircrack-ng/patches/100-08-airodump-ng-utilize-compat-pcre.patch new file mode 100644 index 000000000..732c6a1dc --- /dev/null +++ b/net/aircrack-ng/patches/100-08-airodump-ng-utilize-compat-pcre.patch @@ -0,0 +1,146 @@ +From e7ace80dbcfd2feecbbc6263ce59ce20acdafca0 Mon Sep 17 00:00:00 2001 +From: Andras Gemes +Date: Sat, 21 Jan 2023 19:31:07 +0100 +Subject: [PATCH 8/9] airodump-ng: utilize compat-pcre + +--- + src/airodump-ng/airodump-ng.c | 80 +++++++++-------------------------- + 1 file changed, 19 insertions(+), 61 deletions(-) + +--- a/src/airodump-ng/airodump-ng.c ++++ b/src/airodump-ng/airodump-ng.c +@@ -68,13 +68,7 @@ + + #include + +-#ifdef HAVE_PCRE2 +-#define PCRE2_CODE_UNIT_WIDTH 8 +-#include +-#elif defined HAVE_PCRE +-#include +-#endif +- ++#include "aircrack-ng/pcre/compat-pcre.h" + #include "aircrack-ng/defs.h" + #include "aircrack-ng/version.h" + #include "aircrack-ng/support/pcap_local.h" +@@ -863,33 +857,22 @@ int is_filtered_essid(const uint8_t * es + ret = 1; + } + +-#ifdef HAVE_PCRE2 ++#if defined HAVE_PCRE2 || defined HAVE_PCRE + if (lopt.f_essid_regex) + { ++#ifdef HAVE_PCRE2 + lopt.f_essid_match_data + = pcre2_match_data_create_from_pattern(lopt.f_essid_regex, NULL); + +- return pcre2_match(lopt.f_essid_regex, +- (PCRE2_SPTR) essid, +- (int) strnlen((char *) essid, ESSID_LENGTH), +- 0, +- 0, +- lopt.f_essid_match_data, +- 0) ++ return COMPAT_PCRE_MATCH(lopt.f_essid_regex, ++ essid, ++ ESSID_LENGTH, ++ lopt.f_essid_match_data) + < 0; +- } + #elif defined HAVE_PCRE +- if (lopt.f_essid_regex) +- { +- return pcre_exec(lopt.f_essid_regex, +- NULL, +- (char *) essid, +- (int) strnlen((char *) essid, ESSID_LENGTH), +- 0, +- 0, +- NULL, +- 0) ++ return COMPAT_PCRE_MATCH(lopt.f_essid_regex, essid, ESSID_LENGTH, NULL) + < 0; ++#endif + } + #endif + +@@ -5805,6 +5788,7 @@ int main(int argc, char * argv[]) + int output_format_first_time = 1; + #ifdef HAVE_PCRE2 + int pcreerror; ++ PCRE2_UCHAR pcreerrorbuf[256]; + PCRE2_SIZE pcreerroffset; + #elif defined HAVE_PCRE + const char * pcreerror; +@@ -5962,9 +5946,7 @@ int main(int argc, char * argv[]) + #ifdef CONFIG_LIBNL + lopt.htval = CHANNEL_NO_HT; + #endif +-#ifdef HAVE_PCRE2 +- lopt.f_essid_regex = NULL; +-#elif defined HAVE_PCRE ++#if defined HAVE_PCRE2 || defined HAVE_PCRE + lopt.f_essid_regex = NULL; + #endif + +@@ -6385,7 +6367,7 @@ int main(int argc, char * argv[]) + + case 'R': + +-#ifdef HAVE_PCRE2 ++#if defined HAVE_PCRE2 || defined HAVE_PCRE + if (lopt.f_essid_regex != NULL) + { + printf("Error: ESSID regular expression already given. " +@@ -6393,42 +6375,18 @@ int main(int argc, char * argv[]) + exit(EXIT_FAILURE); + } + +- lopt.f_essid_regex = pcre2_compile((PCRE2_SPTR) optarg, +- PCRE2_ZERO_TERMINATED, +- 0, +- &pcreerror, +- &pcreerroffset, +- NULL); ++ lopt.f_essid_regex ++ = COMPAT_PCRE_COMPILE(optarg, &pcreerror, &pcreerroffset); + + if (lopt.f_essid_regex == NULL) + { +- PCRE2_UCHAR pcreerrbuffer[256]; ++#ifdef HAVE_PCRE2 + pcre2_get_error_message( +- pcreerror, pcreerrbuffer, sizeof(pcreerrbuffer)); +- +- printf("Error: regular expression compilation failed at " +- "offset %lu: %s; aborting\n", +- pcreerroffset, +- pcreerrbuffer); +- exit(EXIT_FAILURE); +- } ++ pcreerror, pcreerrorbuf, sizeof(pcreerrorbuf)); ++ COMPAT_PCRE_PRINT_ERROR(pcreerroffset, pcreerrorbuf); + #elif defined HAVE_PCRE +- if (lopt.f_essid_regex != NULL) +- { +- printf("Error: ESSID regular expression already given. " +- "Aborting\n"); +- exit(EXIT_FAILURE); +- } +- +- lopt.f_essid_regex +- = pcre_compile(optarg, 0, &pcreerror, &pcreerroffset, NULL); +- +- if (lopt.f_essid_regex == NULL) +- { +- printf("Error: regular expression compilation failed at " +- "offset %d: %s; aborting\n", +- pcreerroffset, +- pcreerror); ++ COMPAT_PCRE_PRINT_ERROR(pcreerroffset, pcreerror); ++#endif + exit(EXIT_FAILURE); + } + #else diff --git a/net/aircrack-ng/patches/100-09-besside-ng-utilize-compat-pcre.patch b/net/aircrack-ng/patches/100-09-besside-ng-utilize-compat-pcre.patch new file mode 100644 index 000000000..532521e37 --- /dev/null +++ b/net/aircrack-ng/patches/100-09-besside-ng-utilize-compat-pcre.patch @@ -0,0 +1,165 @@ +From d7eb251f945524b419e8c90dd54c640d9922e5d5 Mon Sep 17 00:00:00 2001 +From: Andras Gemes +Date: Sat, 21 Jan 2023 19:31:31 +0100 +Subject: [PATCH 9/9] besside-ng: utilize compat-pcre + +--- + src/besside-ng/besside-ng.c | 94 ++++++++----------------------------- + 1 file changed, 20 insertions(+), 74 deletions(-) + +--- a/src/besside-ng/besside-ng.c ++++ b/src/besside-ng/besside-ng.c +@@ -57,13 +57,7 @@ + #include + #include + +-#ifdef HAVE_PCRE2 +-#define PCRE2_CODE_UNIT_WIDTH 8 +-#include +-#elif defined HAVE_PCRE +-#include +-#endif +- ++#include "aircrack-ng/pcre/compat-pcre.h" + #include "aircrack-ng/defs.h" + #include "aircrack-ng/aircrack-ng.h" + #include "aircrack-ng/version.h" +@@ -1122,7 +1116,7 @@ static void attack_ping(void * a) + timer_in(100 * 1000, attack_ping, n); + } + +-#ifdef HAVE_PCRE2 ++#if defined HAVE_PCRE2 || defined HAVE_PCRE + static int is_filtered_essid(char * essid) + { + REQUIRE(essid != NULL); +@@ -1131,39 +1125,20 @@ static int is_filtered_essid(char * essi + + if (_conf.cf_essid_regex) + { ++#ifdef HAVE_PCRE2 + _conf.cf_essid_match_data + = pcre2_match_data_create_from_pattern(_conf.cf_essid_regex, NULL); + +- return pcre2_match(_conf.cf_essid_regex, +- (PCRE2_SPTR) essid, +- (int) strnlen((char *) essid, MAX_IE_ELEMENT_SIZE), +- 0, +- 0, +- _conf.cf_essid_match_data, +- 0) ++ return COMPAT_PCRE_MATCH(_conf.cf_essid_regex, ++ essid, ++ MAX_IE_ELEMENT_SIZE, ++ _conf.cf_essid_match_data) + < 0; +- } +- +- return (ret); +-} + #elif defined HAVE_PCRE +-static int is_filtered_essid(char * essid) +-{ +- REQUIRE(essid != NULL); +- +- int ret = 0; +- +- if (_conf.cf_essid_regex) +- { +- return pcre_exec(_conf.cf_essid_regex, +- NULL, +- (char *) essid, +- strnlen((char *) essid, MAX_IE_ELEMENT_SIZE), +- 0, +- 0, +- NULL, +- 0) ++ return COMPAT_PCRE_MATCH( ++ _conf.cf_essid_regex, essid, MAX_IE_ELEMENT_SIZE, NULL) + < 0; ++#endif + } + + return (ret); +@@ -1178,12 +1153,7 @@ static int should_attack(struct network + if (_conf.cf_bssid && memcmp(_conf.cf_bssid, n->n_bssid, 6) != 0) + return (0); + +-#ifdef HAVE_PCRE2 +- if (is_filtered_essid(n->n_ssid)) +- { +- return (0); +- } +-#elif defined HAVE_PCRE ++#if defined HAVE_PCRE2 || defined HAVE_PCRE + if (is_filtered_essid(n->n_ssid)) + { + return (0); +@@ -3338,6 +3308,7 @@ int main(int argc, char * argv[]) + int ch, temp; + #ifdef HAVE_PCRE2 + int pcreerror; ++ PCRE2_UCHAR pcreerrorbuf[256]; + PCRE2_SIZE pcreerroffset; + #elif defined HAVE_PCRE + const char * pcreerror; +@@ -3393,7 +3364,7 @@ int main(int argc, char * argv[]) + break; + + case 'R': +-#ifdef HAVE_PCRE2 ++#if defined HAVE_PCRE2 || defined HAVE_PCRE + if (_conf.cf_essid_regex != NULL) + { + printf("Error: ESSID regular expression already given. " +@@ -3401,43 +3372,18 @@ int main(int argc, char * argv[]) + exit(EXIT_FAILURE); + } + +- _conf.cf_essid_regex = pcre2_compile((PCRE2_SPTR) optarg, +- PCRE2_ZERO_TERMINATED, +- 0, +- &pcreerror, +- &pcreerroffset, +- NULL); ++ _conf.cf_essid_regex ++ = COMPAT_PCRE_COMPILE(optarg, &pcreerror, &pcreerroffset); + + if (_conf.cf_essid_regex == NULL) + { +- PCRE2_UCHAR pcreerrbuffer[256]; ++#ifdef HAVE_PCRE2 + pcre2_get_error_message( +- pcreerror, pcreerrbuffer, sizeof(pcreerrbuffer)); +- +- printf("Error: regular expression compilation failed at " +- "offset %lu: %s; aborting\n", +- pcreerroffset, +- pcreerrbuffer); +- exit(EXIT_FAILURE); +- } +- break; ++ pcreerror, pcreerrorbuf, sizeof(pcreerrorbuf)); ++ COMPAT_PCRE_PRINT_ERROR(pcreerroffset, pcreerrorbuf); + #elif defined HAVE_PCRE +- if (_conf.cf_essid_regex != NULL) +- { +- printf("Error: ESSID regular expression already given. " +- "Aborting\n"); +- exit(EXIT_FAILURE); +- } +- +- _conf.cf_essid_regex +- = pcre_compile(optarg, 0, &pcreerror, &pcreerroffset, NULL); +- +- if (_conf.cf_essid_regex == NULL) +- { +- printf("Error: regular expression compilation failed at " +- "offset %d: %s; aborting\n", +- pcreerroffset, +- pcreerror); ++ COMPAT_PCRE_PRINT_ERROR(pcreerroffset, pcreerror); ++#endif + exit(EXIT_FAILURE); + } + break; diff --git a/net/aircrack-ng/patches/101-02-src-makefile-add-PCRE2_CFLAGS-to-airodump-and-bessid.patch b/net/aircrack-ng/patches/101-02-src-makefile-add-PCRE2_CFLAGS-to-airodump-and-bessid.patch new file mode 100644 index 000000000..c6338f562 --- /dev/null +++ b/net/aircrack-ng/patches/101-02-src-makefile-add-PCRE2_CFLAGS-to-airodump-and-bessid.patch @@ -0,0 +1,29 @@ +From 8c6a4f171b7d97a294590fab9dc2069b149b9b36 Mon Sep 17 00:00:00 2001 +From: Andras Gemes +Date: Mon, 23 Jan 2023 10:42:39 +0100 +Subject: [PATCH 2/6] src/makefile: add PCRE2_CFLAGS to airodump and besside + +--- + src/Makefile.inc | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/src/Makefile.inc ++++ b/src/Makefile.inc +@@ -128,7 +128,7 @@ aireplay_ng_CFLAGS = $(COMMON_CFLAGS) $( + aireplay_ng_LDADD = $(COMMON_LDADD) $(LIBAIRCRACK_OSDEP_LIBS) $(LIBACCRYPTO_LIBS) $(AIRPCAP_LIBS) $(LIBAIRCRACK_LIBS) $(CRYPTO_LIBS) + + airodump_ng_SOURCES = $(SRC_ADU) $(SRC_DWRITE) +-airodump_ng_CFLAGS = $(COMMON_CFLAGS) $(PCRE_CFLAGS) $(LIBNL_CFLAGS) ++airodump_ng_CFLAGS = $(COMMON_CFLAGS) $(PCRE_CFLAGS) $(PCRE2_CFLAGS) $(LIBNL_CFLAGS) + airodump_ng_CPPFLAGS = $(AM_CPPFLAGS) -I$(abs_srcdir)/src/airodump-ng + airodump_ng_LDADD = $(COMMON_LDADD) $(PCRE_LIBS) $(PCRE2_LIBS) $(LIBAIRCRACK_OSDEP_LIBS) $(LIBACCRYPTO_LIBS) $(LIBAIRCRACK_CE_WEP_LIBS) $(AIRPCAP_LIBS) $(LIBAIRCRACK_LIBS) $(CRYPTO_LIBS) + +@@ -163,7 +163,7 @@ buddy_ng_CPPFLAGS = $(AM_CPPFLAGS) -I$(a + buddy_ng_LDADD = $(COMMON_LDADD) $(LIBAIRCRACK_LIBS) $(CRYPTO_LIBS) + + besside_ng_SOURCES = $(SRC_BS) +-besside_ng_CFLAGS = $(COMMON_CFLAGS) $(PCRE_CFLAGS) $(LIBNL_CFLAGS) ++besside_ng_CFLAGS = $(COMMON_CFLAGS) $(PCRE_CFLAGS) $(PCRE2_CFLAGS) $(LIBNL_CFLAGS) + besside_ng_LDADD = $(COMMON_LDADD) $(PCRE_LIBS) $(PCRE2_LIBS) $(LIBAIRCRACK_OSDEP_LIBS) $(LIBACCRYPTO_LIBS) $(LIBPTW_LIBS) $(AIRPCAP_LIBS) $(LIBAIRCRACK_LIBS) $(CRYPTO_LIBS) + + besside_ng_crawler_SOURCES = $(SRC_BC) diff --git a/net/aircrack-ng/patches/101-03-lib-makefile-add-PCRE2-to-libaccrypto-and-libaircrac.patch b/net/aircrack-ng/patches/101-03-lib-makefile-add-PCRE2-to-libaccrypto-and-libaircrac.patch new file mode 100644 index 000000000..803b18843 --- /dev/null +++ b/net/aircrack-ng/patches/101-03-lib-makefile-add-PCRE2-to-libaccrypto-and-libaircrac.patch @@ -0,0 +1,37 @@ +From 0be8f0d7d8e4a09ea5687bcec6690876b4161a0e Mon Sep 17 00:00:00 2001 +From: Andras Gemes +Date: Mon, 23 Jan 2023 10:46:26 +0100 +Subject: [PATCH 3/6] lib/makefile: add PCRE2 to libaccrypto and libaircrack + +--- + lib/Makefile.inc | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/lib/Makefile.inc ++++ b/lib/Makefile.inc +@@ -65,8 +65,8 @@ SRC_CRYPTO += %D%/crypto/sha1-git.c + endif + + libaccrypto_la_SOURCES = $(SRC_CRYPTO) +-libaccrypto_la_CFLAGS = $(COMMON_CFLAGS) $(PCRE_CFLAGS) +-libaccrypto_la_LIBADD = $(PCRE_LIBS) $(LIBAIRCRACK_OSDEP_LIBS) $(CRYPTO_LDFLAGS) $(CRYPTO_LIBS) ++libaccrypto_la_CFLAGS = $(COMMON_CFLAGS) $(PCRE_CFLAGS) $(PCRE2_CFLAGS) ++libaccrypto_la_LIBADD = $(PCRE_LIBS) $(PCRE2_LIBS) $(LIBAIRCRACK_OSDEP_LIBS) $(CRYPTO_LDFLAGS) $(CRYPTO_LIBS) + + libcowpatty_la_SOURCES = $(SRC_COW) + libcowpatty_la_CFLAGS = $(COMMON_CFLAGS) $(LIBCOW_CFLAGS) +@@ -121,12 +121,12 @@ SRC_LIBAC += %D%/libac/support/strlcpy.c + endif + + libaircrack_la_SOURCES = $(SRC_LIBAC) $(TRAMPOLINE) $(CPUSET) +-libaircrack_la_CFLAGS = $(COMMON_CFLAGS) $(PCRE_CFLAGS) \ ++libaircrack_la_CFLAGS = $(COMMON_CFLAGS) $(PCRE_CFLAGS) $(PCRE2_CFLAGS) \ + "-DLIBAIRCRACK_CE_WPA_PATH=\"$(LIBAIRCRACK_CE_WPA_PATH)\"" \ + "-DABS_TOP_SRCDIR=\"$(abs_top_srcdir)\"" \ + "-DABS_TOP_BUILDDIR=\"$(abs_top_builddir)\"" \ + "-DLIBDIR=\"$(libdir)\"" +-libaircrack_la_LIBADD = $(COMMON_LDADD) $(LIBAIRCRACK_OSDEP_LIBS) $(PCRE_LIBS) $(CRYPTO_LDFLAGS) $(CRYPTO_LIBS) ++libaircrack_la_LIBADD = $(COMMON_LDADD) $(LIBAIRCRACK_OSDEP_LIBS) $(PCRE_LIBS) $(PCRE2_LIBS) $(CRYPTO_LDFLAGS) $(CRYPTO_LIBS) + + if CYGWIN + libaircrack_la_LIBADD += -lshlwapi diff --git a/net/aircrack-ng/patches/102-autotools-indicate-if-PCRE-or-PCRE2-is-being-used.patch b/net/aircrack-ng/patches/102-autotools-indicate-if-PCRE-or-PCRE2-is-being-used.patch new file mode 100644 index 000000000..8dc2ce4d8 --- /dev/null +++ b/net/aircrack-ng/patches/102-autotools-indicate-if-PCRE-or-PCRE2-is-being-used.patch @@ -0,0 +1,132 @@ +From b381ef3f6b6cc83a4aa016f4c0aebb58fcffcf3f Mon Sep 17 00:00:00 2001 +From: Andras Gemes +Date: Mon, 23 Jan 2023 16:58:38 +0100 +Subject: [PATCH] autotools: indicate if PCRE or PCRE2 is being used + +--- + build/m4/aircrack_ng_pcre.m4 | 28 ++++++++++++++-- + build/m4/aircrack_ng_pcre2.m4 | 61 ----------------------------------- + configure.ac | 3 +- + 3 files changed, 26 insertions(+), 66 deletions(-) + delete mode 100644 build/m4/aircrack_ng_pcre2.m4 + +--- a/build/m4/aircrack_ng_pcre.m4 ++++ b/build/m4/aircrack_ng_pcre.m4 +@@ -55,7 +55,29 @@ else + PKG_CHECK_MODULES(PCRE, libpcre, HAVE_PCRE=yes, HAVE_PCRE=no) + fi + +-AS_IF([test "x$HAVE_PCRE" = "xyes"], [ ++AC_ARG_ENABLE(static-pcre2, ++ AS_HELP_STRING([--enable-static-pcre2], ++ [Enable statically linked PCRE2 libpcre2-8.]), ++ [static_pcre2=$enableval], [static_pcre2=no]) ++ ++if test "x$static_pcre2" != "xno"; then ++ AC_REQUIRE([AX_EXT_HAVE_STATIC_LIB_DETECT]) ++ AX_EXT_HAVE_STATIC_LIB(PCRE2, ${DEFAULT_STATIC_LIB_SEARCH_PATHS}, pcre2 libpcre2-8, pcre2_version) ++ if test "x$PCRE2_FOUND" = xyes; then ++ HAVE_PCRE2=yes ++ else ++ HAVE_PCRE2=no ++ fi ++else ++ PKG_CHECK_MODULES(PCRE2, libpcre2-8, HAVE_PCRE2=yes, HAVE_PCRE2=no) ++fi ++ ++if test "x$HAVE_PCRE" = "xyes" && test "x$HAVE_PCRE2" = "xyes"; then ++ AC_DEFINE([HAVE_PCRE2], [1], [Define this if you have libpcre2-8 on your system]) ++ PCRE2_NOTE="(Pcre and Pcre2 found, using Pcre2)" ++elif test "x$HAVE_PCRE" = "xyes"; then + AC_DEFINE([HAVE_PCRE], [1], [Define this if you have libpcre on your system]) +-]) +-]) ++elif test "x$HAVE_PCRE2" = "xyes"; then ++ AC_DEFINE([HAVE_PCRE2], [1], [Define this if you have libpcre2-8 on your system]) ++fi ++]) +\ No newline at end of file +--- a/build/m4/aircrack_ng_pcre2.m4 ++++ /dev/null +@@ -1,61 +0,0 @@ +-dnl Aircrack-ng +-dnl +-dnl Copyright (C) 2023 Andras Gemes +-dnl +-dnl Autotool support was written by: Joseph Benden +-dnl +-dnl This program is free software; you can redistribute it and/or modify +-dnl it under the terms of the GNU General Public License as published by +-dnl the Free Software Foundation; either version 2 of the License, or +-dnl (at your option) any later version. +-dnl +-dnl This program is distributed in the hope that it will be useful, +-dnl but WITHOUT ANY WARRANTY; without even the implied warranty of +-dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-dnl GNU General Public License for more details. +-dnl +-dnl You should have received a copy of the GNU General Public License +-dnl along with this program; if not, write to the Free Software +-dnl Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA +-dnl +-dnl In addition, as a special exception, the copyright holders give +-dnl permission to link the code of portions of this program with the +-dnl OpenSSL library under certain conditions as described in each +-dnl individual source file, and distribute linked combinations +-dnl including the two. +-dnl +-dnl You must obey the GNU General Public License in all respects +-dnl for all of the code used other than OpenSSL. +-dnl +-dnl If you modify file(s) with this exception, you may extend this +-dnl exception to your dnl version of the file(s), but you are not obligated +-dnl to do so. +-dnl +-dnl If you dnl do not wish to do so, delete this exception statement from your +-dnl version. +-dnl +-dnl If you delete this exception statement from all source files in the +-dnl program, then also delete it here. +- +-AC_DEFUN([AIRCRACK_NG_PCRE2], [ +-AC_ARG_ENABLE(static-pcre2, +- AS_HELP_STRING([--enable-static-pcre2], +- [Enable statically linked PCRE2 libpcre2-8.]), +- [static_pcre2=$enableval], [static_pcre2=no]) +- +-if test "x$static_pcre2" != "xno"; then +- AC_REQUIRE([AX_EXT_HAVE_STATIC_LIB_DETECT]) +- AX_EXT_HAVE_STATIC_LIB(PCRE2, ${DEFAULT_STATIC_LIB_SEARCH_PATHS}, pcre2 libpcre2-8, pcre2_version) +- if test "x$PCRE2_FOUND" = xyes; then +- HAVE_PCRE2=yes +- else +- HAVE_PCRE2=no +- fi +-else +- PKG_CHECK_MODULES(PCRE2, libpcre2-8, HAVE_PCRE2=yes, HAVE_PCRE2=no) +-fi +- +-AS_IF([test "x$HAVE_PCRE2" = "xyes"], [ +- AC_DEFINE([HAVE_PCRE2], [1], [Define this if you have libpcre2-8 on your system]) +-]) +-]) +\ No newline at end of file +--- a/configure.ac ++++ b/configure.ac +@@ -144,7 +144,6 @@ AIRCRACK_NG_EXT_SCRIPTS + AIRCRACK_NG_HWLOC + AIRCRACK_NG_PCAP + AIRCRACK_NG_PCRE +-AIRCRACK_NG_PCRE2 + AIRCRACK_NG_RFKILL + AIRCRACK_NG_SQLITE + AIRCRACK_NG_ZLIB +@@ -321,7 +320,7 @@ ${PACKAGE} ${VERSION} + Jemalloc: ${JEMALLOC} + Pcap: ${PCAP_FOUND} + Pcre: ${HAVE_PCRE} +- Pcre2: ${HAVE_PCRE2} ++ Pcre2: ${HAVE_PCRE2} ${PCRE2_NOTE} + Sqlite: ${HAVE_SQLITE3} + Tcmalloc: ${TCMALLOC} + Zlib: ${HAVE_ZLIB} diff --git a/net/aircrack-ng/patches/103-autotools-reset-PCRE-CFLAGS-LIBS-with-both-PCRE-and-.patch b/net/aircrack-ng/patches/103-autotools-reset-PCRE-CFLAGS-LIBS-with-both-PCRE-and-.patch new file mode 100644 index 000000000..677cb321d --- /dev/null +++ b/net/aircrack-ng/patches/103-autotools-reset-PCRE-CFLAGS-LIBS-with-both-PCRE-and-.patch @@ -0,0 +1,39 @@ +From b8d0b8cb6caa6940443b3e6ca32efc78d0c9d00e Mon Sep 17 00:00:00 2001 +From: Christian Marangi +Date: Sun, 1 Oct 2023 00:32:16 +0200 +Subject: [PATCH] autotools: reset PCRE CFLAGS/LIBS with both PCRE and PCRE2 + present + +Commit b381ef3f6b6c ("autotools: indicate if PCRE or PCRE2 is being +used") fixed a case where both pcre and pcre2 library are detected and +put a preference on using pcre2. + +Although the commit fix this corner case, there is still a latent +problem with trying to link/include both library. This is caused by the +fact that in the Makefile.inc for src and lib, we include both +PCRE_CFLAGS and PCRE2_CFLAGS and PCRE_LIBS and PCRE2_LIBS for each +tool/lib. + +To handle this and not bloat the Makefile with additional condition, +simply reset the PCRE_CFLAGS and PCRE_LIBS in case where we detect both +library and we prefer to use pcre2. + +Fixes: b381ef3f6b6c ("autotools: indicate if PCRE or PCRE2 is being used") +Signed-off-by: Christian Marangi +--- + build/m4/aircrack_ng_pcre.m4 | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/build/m4/aircrack_ng_pcre.m4 ++++ b/build/m4/aircrack_ng_pcre.m4 +@@ -75,6 +75,10 @@ fi + if test "x$HAVE_PCRE" = "xyes" && test "x$HAVE_PCRE2" = "xyes"; then + AC_DEFINE([HAVE_PCRE2], [1], [Define this if you have libpcre2-8 on your system]) + PCRE2_NOTE="(Pcre and Pcre2 found, using Pcre2)" ++ # Reset PCRE cflags and libs variables as we include both PCRE and PCRE2 in Makefile.inc ++ # and would result in trying to link/include both library. ++ PCRE_CFLAGS="" ++ PCRE_LIBS="" + elif test "x$HAVE_PCRE" = "xyes"; then + AC_DEFINE([HAVE_PCRE], [1], [Define this if you have libpcre on your system]) + elif test "x$HAVE_PCRE2" = "xyes"; then From db85d9ead6c3258757e199ad1fbd5bd20c9aac5f Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Sun, 1 Oct 2023 18:28:53 +0100 Subject: [PATCH 07/28] exim: apply hotfix for some ZDI reported vulnerabilities Apply preliminary hotfix for some (three?) of the 0-day vulnerabilities reported by ZDI. Signed-off-by: Daniel Golle --- mail/exim/Makefile | 2 +- .../000-preliminary-fixes-for-ZDI-vulns.patch | 185 ++++++++++++++++++ 2 files changed, 186 insertions(+), 1 deletion(-) create mode 100644 mail/exim/patches/000-preliminary-fixes-for-ZDI-vulns.patch diff --git a/mail/exim/Makefile b/mail/exim/Makefile index 8abf0337f..22a6a18df 100644 --- a/mail/exim/Makefile +++ b/mail/exim/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=exim PKG_VERSION:=4.96 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://ftp.exim.org/pub/exim/exim4/ diff --git a/mail/exim/patches/000-preliminary-fixes-for-ZDI-vulns.patch b/mail/exim/patches/000-preliminary-fixes-for-ZDI-vulns.patch new file mode 100644 index 000000000..fee68a241 --- /dev/null +++ b/mail/exim/patches/000-preliminary-fixes-for-ZDI-vulns.patch @@ -0,0 +1,185 @@ +From florz@florz.de Sun Oct 1 10:33:31 2023 +Received: from [10.0.0.9] (helo=cumin.exim.org) + by mailman with esmtp (Exim 4.94.2) + (envelope-from ) + id 1qmspP-003gpc-28 + for exim-dev@lists.exim.org; Sun, 01 Oct 2023 09:33:31 +0000 +Authentication-Results: exim.org; + iprev=pass (rain.florz.de) smtp.remote-ip=2a07:12c0:1c00:40::1; + dmarc=none header.from=florz.de; + arc=none +Received: from rain.florz.de ([2a07:12c0:1c00:40::1]:36467) + by cumin.exim.org with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384 + (Exim 4.94.2-31-503e55a2c) + (envelope-from ) + id 1qmspN-00EIpR-5w + for exim-dev@lists.exim.org; Sun, 01 Oct 2023 09:33:30 +0000 +Received: from [2a07:12c0:1c00:43::121] (port=60772 helo=florz.florz.de) + by rain.florz.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) + (Exim 4.92) + (envelope-from ) + id 1qmspL-0007Zj-F8 + for exim-dev@lists.exim.org; Sun, 01 Oct 2023 11:33:27 +0200 +Received: from florz by florz.florz.de with local (Exim 4.92) + (envelope-from ) + id 1qmspK-0001ZU-Sl + for exim-dev@lists.exim.org; Sun, 01 Oct 2023 11:33:26 +0200 +Date: Sun, 1 Oct 2023 11:33:26 +0200 +From: Florian Zumbiehl +To: exim-dev@lists.exim.org +Message-ID: <20231001093326.GS3837@florz.florz.de> +MIME-Version: 1.0 +Content-Type: text/plain; charset=us-ascii +Content-Disposition: inline +User-Agent: Mutt/1.10.1 (2018-07-13) +X-Spam-Score: 0.0 (/) +Message-ID-Hash: D3TCMSGJTLM76H6APEQXZEYOLYJKKCNZ +X-Message-ID-Hash: D3TCMSGJTLM76H6APEQXZEYOLYJKKCNZ +X-MailFrom: florz@florz.de +X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-exim-dev.lists.exim.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header +X-Mailman-Version: 3.3.3 +Precedence: list +Subject: [exim-dev] Hotfix for some of the ZDI vulnerabilities +List-Id: Exim MTA development list +List-Help: +List-Owner: +List-Post: +List-Subscribe: +List-Unsubscribe: +Message: 1 +Status: RO +Content-Length: 5347 + +Hi, + +below you find a patch that fixes some (probably three?) of what I guess are +the vulnerabilities reported by ZDI. + +Please note that the patch is only mildly tested, it is developed based on +the git master branch, but can be applied to older versions with minor +massaging. If you go back far enough, proxy.c was part of smtp_in.c, but if +you adjust for that, the patch can be made to apply there, too. + +Obviously, I have no idea whether this actually addresses what ZDI has +reported, but if not, these probably should be fixed, too, and if so, given +the fact that I managed to rather easily find these vulnerabilities based +on the information that's publicly available, I don't think there is much +point to trying to keep this secret any longer--if anything, it's +counterproductive. + +Also mind you that this is a hot fix, it's neither elegant, nor does it do +any useful error reporting, the goal was simply to prevent out of bounds +accesses. + +Florian + +--- + +--- a/src/auths/external.c ++++ b/src/auths/external.c +@@ -100,6 +100,9 @@ if (expand_nmax == 0) /* skip if rxd da + if ((rc = auth_prompt(CUS"")) != OK) + return rc; + ++if (expand_nmax != 1) ++ return FAIL; ++ + if (ob->server_param2) + { + uschar * s = expand_string(ob->server_param2); +--- a/src/auths/spa.c ++++ b/src/auths/spa.c +@@ -165,12 +165,18 @@ if (auth_get_no64_data(&data, msgbuf) != + return FAIL; + + /* dump client response */ +-if (spa_base64_to_bits(CS &response, sizeof(response), CCS data) < 0) ++int l = spa_base64_to_bits(CS &response, sizeof(response), CCS data); ++if (l < 0) + { + DEBUG(D_auth) debug_printf("auth_spa_server(): bad base64 data in " + "response: %s\n", data); + return FAIL; + } ++if(l < (char *)&response.buffer - (char *)&response)return FAIL; ++unsigned long o = IVAL(&response.uUser.offset, 0); ++if((l < o) || (l - o < SVAL(&response.uUser.len, 0)))return FAIL; ++o = IVAL(&response.ntResponse.offset, 0); ++if((l < o) || (l - o < 24))return FAIL; + + /*************************************************************** + PH 07-Aug-2003: The original code here was this: +@@ -345,7 +351,10 @@ if (!smtp_read_response(sx, US buffer, b + + /* convert the challenge into the challenge struct */ + DSPA("\n\n%s authenticator: challenge (%s)\n\n", ablock->name, buffer + 4); +-spa_base64_to_bits(CS (&challenge), sizeof(challenge), CCS (buffer + 4)); ++int l = spa_base64_to_bits(CS (&challenge), sizeof(challenge), CCS (buffer + 4)); ++if((l < 0) || (l < (char *)&challenge.buffer - (char *)&challenge))return FAIL; ++unsigned long o = IVAL(&challenge.uDomain.offset, 0); ++if((l < o) || (l - o < SVAL(&challenge.uDomain.len, 0)))return FAIL; + + spa_build_auth_response(&challenge, &response, CS username, CS password); + spa_bits_to_base64(US msgbuf, US &response, spa_request_length(&response)); +--- a/src/smtp_in.c ++++ b/src/smtp_in.c +@@ -1172,6 +1172,8 @@ while (capacity > 0) + do { ret = read(fd, to, 1); } while (ret == -1 && errno == EINTR && !had_command_timeout); + if (ret == -1) + return -1; ++ if (!ret) ++ break; + have++; + if (last) + return have; +@@ -1320,6 +1322,8 @@ if ((ret == PROXY_INITIAL_READ) && (memc + goto proxyfail; + } + ++ if (ret < 16) ++ goto proxyfail; + /* The v2 header will always be 16 bytes per the spec. */ + size = 16 + ntohs(hdr.v2.len); + DEBUG(D_receive) debug_printf("Detected PROXYv2 header, size %d (limit %d)\n", +@@ -1340,7 +1344,7 @@ if ((ret == PROXY_INITIAL_READ) && (memc + { + retmore = read(fd, (uschar*)&hdr + ret, size-ret); + } while (retmore == -1 && errno == EINTR && !had_command_timeout); +- if (retmore == -1) ++ if (retmore < 1) + goto proxyfail; + ret += retmore; + DEBUG(D_receive) debug_printf("PROXYv2: have %d/%d required octets\n", ret, size); +@@ -1362,6 +1366,8 @@ if (ret >= 16 && memcmp(&hdr.v2, v2sig, + switch (hdr.v2.fam) + { + case 0x11: /* TCPv4 address type */ ++ if (ret < 28) ++ goto proxyfail; + iptype = US"IPv4"; + tmpaddr.sin_addr.s_addr = hdr.v2.addr.ip4.src_addr; + inet_ntop(AF_INET, &tmpaddr.sin_addr, CS &tmpip, sizeof(tmpip)); +@@ -1388,6 +1394,8 @@ if (ret >= 16 && memcmp(&hdr.v2, v2sig, + proxy_external_port = tmpport; + goto done; + case 0x21: /* TCPv6 address type */ ++ if (ret < 52) ++ goto proxyfail; + iptype = US"IPv6"; + memmove(tmpaddr6.sin6_addr.s6_addr, hdr.v2.addr.ip6.src_addr, 16); + inet_ntop(AF_INET6, &tmpaddr6.sin6_addr, CS &tmpip6, sizeof(tmpip6)); +@@ -1446,10 +1454,13 @@ else if (ret >= 8 && memcmp(hdr.v1.line, + goto proxyfail; + ret += r2; + ++ if(ret > 107) ++ goto proxyfail; ++ hdr.v1.line[ret] = 0; + p = string_copy(hdr.v1.line); + end = memchr(p, '\r', ret - 1); + +- if (!end || (end == (uschar*)&hdr + ret) || end[1] != '\n') ++ if (!end || end[1] != '\n') + { + DEBUG(D_receive) debug_printf("Partial or invalid PROXY header\n"); + goto proxyfail; From bb3af8acb92e396f181d3f435dd2ca8ac1c9ec30 Mon Sep 17 00:00:00 2001 From: Oskari Rauta Date: Sun, 1 Oct 2023 19:18:02 +0300 Subject: [PATCH 08/28] crun: update to 1.9.2 changelog 1.9.2: - cgroup: reset the inherited cpu affinity after moving to cgroup. Old kernels do that automatically, but new kernels remember the affinity that was set before the cgroup move, so we need to reset it in order to honor the cpuset configuration. changelog 1.9.1: - utils: ignore ENOTSUP when chmod a symlink. It fixes a problem on Linux 6.6 that always refuses chmod on a symlink. - build: fix build on CentOS 7 - linux: add new fallback when mount fails with EBUSY, so that there is not an additional tmpfs mount if not needed. - utils: improve error message when a directory cannot be created as a component of the path is already existing as a non directory. Signed-off-by: Oskari Rauta --- utils/crun/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/crun/Makefile b/utils/crun/Makefile index 6a29b1799..332c7844a 100644 --- a/utils/crun/Makefile +++ b/utils/crun/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=crun -PKG_VERSION:=1.9 +PKG_VERSION:=1.9.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/containers/crun/tar.gz/$(PKG_VERSION)? -PKG_HASH:=dfe15045953f6876fde273518ac2cafbabda7c0eebd3dcdba34c4e5dc8b46661 +PKG_HASH:=a5ed2984a9ebb3e0e5cba0781832f03931423097a56f48a948ab034b46726aef PKG_BUILD_DEPENDS:=argp-standalone PKG_BUILD_PARALLEL:=1 From 73c053c00fffc2a49a3bc6e4f3ffc16974d6a339 Mon Sep 17 00:00:00 2001 From: Oskari Rauta Date: Sun, 1 Oct 2023 19:57:18 +0300 Subject: [PATCH 09/28] podman: update to 4.7.0 A lot of changes. Changelog available at https://github.com/containers/podman/releases/tag/v4.7.0 Signed-off-by: Oskari Rauta --- utils/podman/Makefile | 6 +++--- utils/podman/patches/010-do-not-build-docs.patch | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/utils/podman/Makefile b/utils/podman/Makefile index 9b957ff67..11afb8765 100644 --- a/utils/podman/Makefile +++ b/utils/podman/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=podman -PKG_VERSION:=4.6.2 -PKG_RELEASE:=2 +PKG_VERSION:=4.7.0 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/containers/podman/archive/v$(PKG_VERSION) -PKG_HASH:=2d8e04f0c3819c3f0ed1ca5d01da87e6d911571b96ae690448f7f75df41f2ad1 +PKG_HASH:=8fbeab8a821c59ac10ade87c9597d7bb13be4f7868b438278a9f6a17c50bf20d PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE diff --git a/utils/podman/patches/010-do-not-build-docs.patch b/utils/podman/patches/010-do-not-build-docs.patch index a56e35384..c64c4bd07 100644 --- a/utils/podman/patches/010-do-not-build-docs.patch +++ b/utils/podman/patches/010-do-not-build-docs.patch @@ -1,6 +1,6 @@ --- a/Makefile +++ b/Makefile -@@ -211,7 +211,7 @@ GV_SHA=407efb5dcdb0f4445935f7360535800b6 +@@ -219,7 +219,7 @@ GV_SHA=db608827124caa71ba411cec8ea959bb9 default: all .PHONY: all @@ -9,7 +9,7 @@ .PHONY: binaries ifeq ($(shell uname -s),FreeBSD) -@@ -798,7 +798,7 @@ rpm-install: package ## Install rpm pac +@@ -804,7 +804,7 @@ rpm-install: package ## Install rpm pac /usr/bin/podman info # will catch a broken conmon .PHONY: install From 6c8d81e603f9fe6729ed39703ab5ace1b5b6f6fc Mon Sep 17 00:00:00 2001 From: Fabian Lipken Date: Fri, 29 Sep 2023 10:39:43 +0200 Subject: [PATCH 10/28] irssi: update to 1.4.4 update to 1.4.4 switch to meson remove obsolete patch Signed-off-by: Fabian Lipken --- net/irssi/Makefile | 21 +++++++++--------- ...SSL-when-1.1-with-deprecated-APIs-di.patch | 22 ------------------- 2 files changed, 10 insertions(+), 33 deletions(-) delete mode 100644 net/irssi/patches/010-Fix-finding-OpenSSL-when-1.1-with-deprecated-APIs-di.patch diff --git a/net/irssi/Makefile b/net/irssi/Makefile index c5d2cb2e5..85a136bf0 100644 --- a/net/irssi/Makefile +++ b/net/irssi/Makefile @@ -8,23 +8,22 @@ include $(TOPDIR)/rules.mk PKG_NAME:=irssi -PKG_VERSION:=1.2.3 -PKG_RELEASE:=2 +PKG_VERSION:=1.4.4 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://github.com/irssi/irssi/releases/download/$(PKG_VERSION)/ -PKG_HASH:=a647bfefed14d2221fa77b6edac594934dc672c4a560417b1abcbbc6b88d769f +PKG_HASH:=fefe9ec8c7b1475449945c934a2360ab12693454892be47a6d288c63eb107ead PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=COPYING PKG_CPE_ID:=cpe:/a:irssi:irssi -PKG_FIXUP:=autoreconf -PKG_BUILD_PARALLEL:=1 PKG_INSTALL:=1 include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/nls.mk +include $(INCLUDE_DIR)/meson.mk define Package/irssi SUBMENU:=Instant Messaging @@ -42,12 +41,12 @@ endef TARGET_LDFLAGS += -Wl,--gc-sections -CONFIGURE_ARGS += \ - --disable-glibtest \ - --with-textui \ - --without-bot \ - --without-perl \ - --without-proxy +MESON_ARGS += \ + -Dwithout-textui=no \ + -Dwith-bot=no \ + -Dwith-otr=no \ + -Dwith-perl=no \ + -Dwith-proxy=no \ define Build/InstallDev $(INSTALL_DIR) $(1)/usr/include/irssi diff --git a/net/irssi/patches/010-Fix-finding-OpenSSL-when-1.1-with-deprecated-APIs-di.patch b/net/irssi/patches/010-Fix-finding-OpenSSL-when-1.1-with-deprecated-APIs-di.patch deleted file mode 100644 index 095c82c92..000000000 --- a/net/irssi/patches/010-Fix-finding-OpenSSL-when-1.1-with-deprecated-APIs-di.patch +++ /dev/null @@ -1,22 +0,0 @@ -From cff1385b398b59c74c535d6c0cd9deec561101fd Mon Sep 17 00:00:00 2001 -From: Rosen Penev -Date: Fri, 15 Feb 2019 15:02:34 -0800 -Subject: [PATCH] Fix finding OpenSSL when 1.1 with deprecated APIs disabled - -SSL_library_init is a deprecated function. OPENSSL_init_ssl is not in 1.0.2. -SSL_CTX_new is in both. ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/configure.ac -+++ b/configure.ac -@@ -328,7 +328,7 @@ PKG_CHECK_MODULES([OPENSSL], [openssl], - CFLAGS="$CFLAGS $OPENSSL_CFLAGS" - LIBS="$LIBS $OPENSSL_LIBS" - ], [ -- AC_CHECK_LIB([ssl], [SSL_library_init], [ -+ AC_CHECK_LIB([ssl], [SSL_CTX_new], [ - LIBS="$LIBS -lssl -lcrypto" - ], [ - AC_MSG_ERROR([The OpenSSL library was not found]) From ed8ffc06b3fa157dd055c6e1de84454c6f246de2 Mon Sep 17 00:00:00 2001 From: Jianhui Zhao Date: Sun, 1 Oct 2023 17:32:09 +0800 Subject: [PATCH 11/28] lua-eco: update to 3.0.0 Signed-off-by: Jianhui Zhao --- lang/lua-eco/Makefile | 119 +++++++++++++++++------------------------- 1 file changed, 48 insertions(+), 71 deletions(-) diff --git a/lang/lua-eco/Makefile b/lang/lua-eco/Makefile index e4f3ab188..4649474af 100644 --- a/lang/lua-eco/Makefile +++ b/lang/lua-eco/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lua-eco -PKG_VERSION:=2.5.1 +PKG_VERSION:=3.0.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL=https://github.com/zhaojh329/lua-eco/releases/download/v$(PKG_VERSION) -PKG_HASH:=436c09dd7dbc88ab651ae7696f2102b5635628ab420cc550bc237ecb04cade5d +PKG_HASH:=530b179af2283b7a1983643794f3b6de936317fe3c23a9dca4f7828dec6f7e46 PKG_MAINTAINER:=Jianhui Zhao PKG_LICENSE:=MIT @@ -26,7 +26,7 @@ define Package/lua-eco CATEGORY:=Languages SUBMENU:=Lua URL:=https://github.com/zhaojh329/lua-eco - DEPENDS:=+libev +liblua +luabitop + DEPENDS:=+libev +liblua5.3 endef define Package/lua-eco/description @@ -45,22 +45,19 @@ define Package/lua-eco/Module endef Package/lua-eco-log=$(call Package/lua-eco/Module,log utils) -Package/lua-eco-sys=$(call Package/lua-eco/Module,system utils) -Package/lua-eco-file=$(call Package/lua-eco/Module,file utils) Package/lua-eco-base64=$(call Package/lua-eco/Module,base64) Package/lua-eco-sha1=$(call Package/lua-eco/Module,sha1) Package/lua-eco-md5=$(call Package/lua-eco/Module,md5) -Package/lua-eco-socket=$(call Package/lua-eco/Module,socket,+lua-eco-file +lua-eco-sys) +Package/lua-eco-socket=$(call Package/lua-eco/Module,socket) Package/lua-eco-dns=$(call Package/lua-eco/Module,dns,+lua-eco-socket) Package/lua-eco-ssl=$(call Package/lua-eco/Module,ssl,\ +LUA_ECO_OPENSSL:libopenssl +LUA_ECO_WOLFSSL:libwolfssl \ +LUA_ECO_MBEDTLS:libmbedtls +LUA_ECO_MBEDTLS:zlib +lua-eco-socket) Package/lua-eco-ubus=$(call Package/lua-eco/Module,ubus,+libubus) -Package/lua-eco-http=$(call Package/lua-eco/Module,http/https,+lua-eco-dns +lua-eco-ssl +lua-eco-log) -Package/lua-eco-mqtt=$(call Package/lua-eco/Module,mqtt,+lua-eco-socket +lua-eco-dns +lua-mosquitto) +Package/lua-eco-http=$(call Package/lua-eco/Module,http/https,+lua-eco-dns +lua-eco-ssl +lua-eco-base64 +lua-eco-log) +Package/lua-eco-mqtt=$(call Package/lua-eco/Module,mqtt,+lua-eco-socket +lua-eco-dns +libmosquitto-ssl) Package/lua-eco-websocket=$(call Package/lua-eco/Module,websocket,+lua-eco-http +lua-eco-base64 +lua-eco-sha1) Package/lua-eco-termios=$(call Package/lua-eco/Module,termios) -Package/lua-eco-struct=$(call Package/lua-eco/Module,struct pack) Package/lua-eco-netlink=$(call Package/lua-eco/Module,netlink,+lua-eco-socket) Package/lua-eco-ip=$(call Package/lua-eco/Module,ip utils,+lua-eco-netlink) Package/lua-eco-nl80211=$(call Package/lua-eco/Module,nl80211,+lua-eco-netlink) @@ -82,7 +79,6 @@ define Package/lua-eco-ssl/config endef CMAKE_OPTIONS += \ - -DPLATFORM="openwrt" \ -DECO_UBUS_SUPPORT=O$(if $(CONFIG_PACKAGE_lua-eco-ubus),N,FF) \ -DECO_SSL_SUPPORT=O$(if $(CONFIG_PACKAGE_lua-eco-ssl),N,FF) @@ -97,116 +93,97 @@ ifneq ($(CONFIG_PACKAGE_lua-eco-ssl),) endif define Package/lua-eco/install - $(INSTALL_DIR) $(1)/usr/bin $(1)/usr/lib/lua/eco/core $(1)/usr/lib/lua/eco/encoding - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/eco $(1)/usr/bin - $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/encoding/hex.lua $(1)/usr/lib/lua/eco/encoding - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/{time,bufio}.so $(1)/usr/lib/lua/eco/core - $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/{time,bufio,bit,sync}.lua $(1)/usr/lib/lua/eco - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/binary.so $(1)/usr/lib/lua/eco + $(INSTALL_DIR) $(1)/usr/bin $(1)/usr/local/lib/lua/5.3/eco/core $(1)/usr/local/lib/lua/5.3/eco/encoding + $(INSTALL_BIN) $(PKG_BUILD_DIR)/eco $(1)/usr/bin + $(INSTALL_DATA) $(PKG_BUILD_DIR)/hex.lua $(1)/usr/local/lib/lua/5.3/eco/encoding + $(INSTALL_BIN) $(PKG_BUILD_DIR)/{time,bufio,sys,file}.so $(1)/usr/local/lib/lua/5.3/eco/core + $(INSTALL_DATA) $(PKG_BUILD_DIR)/{time,bufio,sys,file,sync}.lua $(1)/usr/local/lib/lua/5.3/eco endef define Package/lua-eco-log/install - $(INSTALL_DIR) $(1)/usr/lib/lua/eco - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/log.so $(1)/usr/lib/lua/eco -endef - -define Package/lua-eco-sys/install - $(INSTALL_DIR) $(1)/usr/lib/lua/eco/core - $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/sys.lua $(1)/usr/lib/lua/eco - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/sys.so $(1)/usr/lib/lua/eco/core -endef - -define Package/lua-eco-file/install - $(INSTALL_DIR) $(1)/usr/lib/lua/eco/core - $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/file.lua $(1)/usr/lib/lua/eco - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/file.so $(1)/usr/lib/lua/eco/core + $(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco + $(INSTALL_BIN) $(PKG_BUILD_DIR)/log.so $(1)/usr/local/lib/lua/5.3/eco endef define Package/lua-eco-base64/install - $(INSTALL_DIR) $(1)/usr/lib/lua/eco/encoding - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/encoding/base64.so $(1)/usr/lib/lua/eco/encoding + $(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco/encoding + $(INSTALL_BIN) $(PKG_BUILD_DIR)/base64.so $(1)/usr/local/lib/lua/5.3/eco/encoding endef define Package/lua-eco-sha1/install - $(INSTALL_DIR) $(1)/usr/lib/lua/eco/crypto - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/crypto/sha1.so $(1)/usr/lib/lua/eco/crypto + $(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco/hash + $(INSTALL_BIN) $(PKG_BUILD_DIR)/sha1.so $(1)/usr/local/lib/lua/5.3/eco/hash endef define Package/lua-eco-md5/install - $(INSTALL_DIR) $(1)/usr/lib/lua/eco/crypto - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/crypto/md5.so $(1)/usr/lib/lua/eco/crypto + $(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco/hash + $(INSTALL_BIN) $(PKG_BUILD_DIR)/md5.so $(1)/usr/local/lib/lua/5.3/eco/hash endef define Package/lua-eco-socket/install - $(INSTALL_DIR) $(1)/usr/lib/lua/eco/core - $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/socket.lua $(1)/usr/lib/lua/eco - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/socket.so $(1)/usr/lib/lua/eco/core + $(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco/core + $(INSTALL_DATA) $(PKG_BUILD_DIR)/socket.lua $(1)/usr/local/lib/lua/5.3/eco + $(INSTALL_BIN) $(PKG_BUILD_DIR)/socket.so $(1)/usr/local/lib/lua/5.3/eco/core endef define Package/lua-eco-dns/install - $(INSTALL_DIR) $(1)/usr/lib/lua/eco - $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/dns.lua $(1)/usr/lib/lua/eco + $(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco + $(INSTALL_DATA) $(PKG_BUILD_DIR)/dns.lua $(1)/usr/local/lib/lua/5.3/eco endef define Package/lua-eco-ssl/install - $(INSTALL_DIR) $(1)/usr/lib/lua/eco/core - $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/ssl.lua $(1)/usr/lib/lua/eco - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/ssl.so $(1)/usr/lib/lua/eco/core + $(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco/core + $(INSTALL_DATA) $(PKG_BUILD_DIR)/ssl.lua $(1)/usr/local/lib/lua/5.3/eco + $(INSTALL_BIN) $(PKG_BUILD_DIR)/ssl.so $(1)/usr/local/lib/lua/5.3/eco/core endef define Package/lua-eco-ubus/install - $(INSTALL_DIR) $(1)/usr/lib/lua/eco/core - $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/ubus.lua $(1)/usr/lib/lua/eco - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/ubus.so $(1)/usr/lib/lua/eco/core + $(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco/core + $(INSTALL_DATA) $(PKG_BUILD_DIR)/ubus.lua $(1)/usr/local/lib/lua/5.3/eco + $(INSTALL_BIN) $(PKG_BUILD_DIR)/ubus.so $(1)/usr/local/lib/lua/5.3/eco/core endef define Package/lua-eco-http/install - $(INSTALL_DIR) $(1)/usr/lib/lua/eco - $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/{url,http}.lua $(1)/usr/lib/lua/eco + $(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco/http + $(INSTALL_DATA) $(PKG_BUILD_DIR)/http/*.lua $(1)/usr/local/lib/lua/5.3/eco/http endef define Package/lua-eco-mqtt/install - $(INSTALL_DIR) $(1)/usr/lib/lua/eco - $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/mqtt.lua $(1)/usr/lib/lua/eco + $(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco/core + $(INSTALL_DATA) $(PKG_BUILD_DIR)/mqtt.lua $(1)/usr/local/lib/lua/5.3/eco + $(INSTALL_BIN) $(PKG_BUILD_DIR)/mqtt.so $(1)/usr/local/lib/lua/5.3/eco/core endef define Package/lua-eco-websocket/install - $(INSTALL_DIR) $(1)/usr/lib/lua/eco - $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/websocket.lua $(1)/usr/lib/lua/eco + $(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco + $(INSTALL_DATA) $(PKG_BUILD_DIR)/websocket.lua $(1)/usr/local/lib/lua/5.3/eco endef define Package/lua-eco-termios/install - $(INSTALL_DIR) $(1)/usr/lib/lua/eco - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/termios.so $(1)/usr/lib/lua/eco -endef - -define Package/lua-eco-struct/install - $(INSTALL_DIR) $(1)/usr/lib/lua/eco - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/struct.so $(1)/usr/lib/lua/eco + $(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco + $(INSTALL_BIN) $(PKG_BUILD_DIR)/termios.so $(1)/usr/local/lib/lua/5.3/eco endef define Package/lua-eco-netlink/install - $(INSTALL_DIR) $(1)/usr/lib/lua/eco/core - $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/{nl,genl}.lua $(1)/usr/lib/lua/eco - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/{nl,genl}.so $(1)/usr/lib/lua/eco/core - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/rtnl.so $(1)/usr/lib/lua/eco + $(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco/core + $(INSTALL_DATA) $(PKG_BUILD_DIR)/{nl,genl}.lua $(1)/usr/local/lib/lua/5.3/eco + $(INSTALL_BIN) $(PKG_BUILD_DIR)/{nl,genl}.so $(1)/usr/local/lib/lua/5.3/eco/core + $(INSTALL_BIN) $(PKG_BUILD_DIR)/rtnl.so $(1)/usr/local/lib/lua/5.3/eco endef define Package/lua-eco-ip/install - $(INSTALL_DIR) $(1)/usr/lib/lua/eco - $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/ip.lua $(1)/usr/lib/lua/eco + $(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco + $(INSTALL_DATA) $(PKG_BUILD_DIR)/ip.lua $(1)/usr/local/lib/lua/5.3/eco endef define Package/lua-eco-nl80211/install - $(INSTALL_DIR) $(1)/usr/lib/lua/eco/core - $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/nl80211.lua $(1)/usr/lib/lua/eco - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/nl80211.so $(1)/usr/lib/lua/eco/core + $(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco/core + $(INSTALL_DATA) $(PKG_BUILD_DIR)/nl80211.lua $(1)/usr/local/lib/lua/5.3/eco + $(INSTALL_BIN) $(PKG_BUILD_DIR)/nl80211.so $(1)/usr/local/lib/lua/5.3/eco/core endef $(eval $(call BuildPackage,lua-eco)) $(eval $(call BuildPackage,lua-eco-log)) -$(eval $(call BuildPackage,lua-eco-sys)) -$(eval $(call BuildPackage,lua-eco-file)) $(eval $(call BuildPackage,lua-eco-base64)) $(eval $(call BuildPackage,lua-eco-sha1)) $(eval $(call BuildPackage,lua-eco-md5)) From 1efe76cee40e86153a6369628ab9dd34253369de Mon Sep 17 00:00:00 2001 From: Oskari Rauta Date: Sun, 1 Oct 2023 19:40:03 +0300 Subject: [PATCH 12/28] netbird: update to 0.23.6 A lot of changes since previous packaged openwrt version of netbird, changes available at: https://github.com/netbirdio/netbird/releases Signed-off-by: Oskari Rauta --- net/netbird/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netbird/Makefile b/net/netbird/Makefile index d5c5ab722..637df8ded 100644 --- a/net/netbird/Makefile +++ b/net/netbird/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=netbird -PKG_VERSION:=0.21.7 +PKG_VERSION:=0.23.6 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/netbirdio/netbird/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=f2a18a6b9e6af15c182fd023cc47aecb2062d3da586820746f4987856d20f0ac +PKG_HASH:=cb29e237652634f3a2a5774fdc239f615d46cf9339811c707744d1e03797126d PKG_MAINTAINER:=Oskari Rauta PKG_LICENSE:=BSD-3-Clause From 4371aa8f9300116fdfe007840e5e48c174772340 Mon Sep 17 00:00:00 2001 From: Oskari Rauta Date: Sun, 1 Oct 2023 19:31:33 +0300 Subject: [PATCH 13/28] aardvark-dns: update to 1.8.0 changes: - dependency updates Signed-off-by: Oskari Rauta --- net/aardvark-dns/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/aardvark-dns/Makefile b/net/aardvark-dns/Makefile index e8c60ae97..6131a4a07 100644 --- a/net/aardvark-dns/Makefile +++ b/net/aardvark-dns/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=aardvark-dns -PKG_VERSION:=1.7.0 +PKG_VERSION:=1.8.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/containers/aardvark-dns/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=6ee7dfa8bab8040b917959a2f57f25496ad036a2d933c6225114e2c1e68bab0b +PKG_HASH:=c9b818110e3d5d45f8bdb3c9ccc48c994aedb0b19fefcc7577fc1ef7ed294343 PKG_MAINTAINER:=Oskari Rauta PKG_LICENSE:=Apache-2.0 From b788f77db48d6d20f925daa762a70fe5c40dc54a Mon Sep 17 00:00:00 2001 From: Oskari Rauta Date: Sun, 1 Oct 2023 19:27:49 +0300 Subject: [PATCH 14/28] netavark: update to 1.8.0 changelog: - iptables: improve error when ip6?tables commands are missing - docs: Convert markdown with go-md2man instead of mandown - iptables: drop invalid packages - bump rust edition to 2021 - Add ACCEPT rules in firewall for bridge network with internal dns - Add vrf support for bridges Signed-off-by: Oskari Rauta --- net/netavark/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netavark/Makefile b/net/netavark/Makefile index 9a6cb1629..d6d976fc2 100644 --- a/net/netavark/Makefile +++ b/net/netavark/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=netavark -PKG_VERSION:=1.7.0 +PKG_VERSION:=1.8.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/containers/netavark/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=b0ed7d80fd96ef2af88e7a001d91024919125e5842d9772de94648044630e116 +PKG_HASH:=b1422ef6927458e9f80f7d322b751e29ab5d04d8ed6cb065baa82fa4291af10f PKG_MAINTAINER:=Oskari Rauta PKG_LICENSE:=Apache-2.0 From bb278a015c6b76ca2c9fdf6663dbd7428777915e Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Fri, 29 Sep 2023 10:11:05 +0800 Subject: [PATCH 15/28] python-pyopenssl: Update to 23.2.0 Signed-off-by: Jeffery To --- lang/python/python-pyopenssl/Makefile | 10 +++++----- lang/python/python-pyopenssl/test.sh | 5 +++++ 2 files changed, 10 insertions(+), 5 deletions(-) create mode 100644 lang/python/python-pyopenssl/test.sh diff --git a/lang/python/python-pyopenssl/Makefile b/lang/python/python-pyopenssl/Makefile index 686ce91a9..383d48d6b 100644 --- a/lang/python/python-pyopenssl/Makefile +++ b/lang/python/python-pyopenssl/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2015-2018 OpenWrt.org +# Copyright (C) 2015-2016, 2018-2021, 2023 Jeffery To # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-pyopenssl -PKG_VERSION:=21.0.0 +PKG_VERSION:=23.2.0 PKG_RELEASE:=1 PYPI_NAME:=pyOpenSSL -PKG_HASH:=5e2d8c5e46d0d865ae933bef5230090bdaf5506281e9eec60fa250ee80600cb3 +PKG_HASH:=276f931f55a452e7dea69c7173e984eb2a4407ce413c918aa34b55f82f9b8bac PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE @@ -31,8 +31,8 @@ define Package/python3-pyopenssl URL:=https://pyopenssl.org/ DEPENDS:= \ +python3-light \ - +python3-cryptography \ - +python3-six + +python3-openssl \ + +python3-cryptography endef define Package/python3-pyopenssl/description diff --git a/lang/python/python-pyopenssl/test.sh b/lang/python/python-pyopenssl/test.sh new file mode 100644 index 000000000..141dedd4d --- /dev/null +++ b/lang/python/python-pyopenssl/test.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +[ "$1" = python3-pyopenssl ] || exit 0 + +python3 -m OpenSSL.debug From 6b3da46777bb5d029a4933481ee5939efa7c7109 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Fri, 29 Sep 2023 10:42:55 +0800 Subject: [PATCH 16/28] python-bcrypt: Update to 4.0.1, add myself as maintainer Signed-off-by: Jeffery To --- lang/python/python-bcrypt/Makefile | 12 +++++++----- lang/python/python-bcrypt/test.sh | 11 +++++++++++ 2 files changed, 18 insertions(+), 5 deletions(-) create mode 100644 lang/python/python-bcrypt/test.sh diff --git a/lang/python/python-bcrypt/Makefile b/lang/python/python-bcrypt/Makefile index b3855a473..267f59f34 100644 --- a/lang/python/python-bcrypt/Makefile +++ b/lang/python/python-bcrypt/Makefile @@ -6,16 +6,17 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-bcrypt -PKG_VERSION:=3.2.2 +PKG_VERSION:=4.0.1 PKG_RELEASE:=1 PYPI_NAME:=bcrypt -PKG_HASH:=433c410c2177057705da2a9f2cd01dd157493b2a7ac14c8593a16b3dab6b6bfb +PKG_HASH:=27d375903ac8261cfe4047f6709d16f7d18d39b1ec92aaf72af989552a650ebd PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE +PKG_MAINTAINER:=Jeffery To -PKG_BUILD_DEPENDS:=libffi/host python-cffi/host # cffi>=1.1 +PKG_BUILD_DEPENDS:=python-setuptools-rust/host include ../pypi.mk include $(INCLUDE_DIR)/package.mk @@ -27,11 +28,12 @@ define Package/python3-bcrypt SUBMENU:=Python TITLE:=Modern password hashing URL:=https://github.com/pyca/bcrypt/ - DEPENDS:=+python3-light +python3-cffi + DEPENDS:=+python3-light $(RUST_ARCH_DEPENDS) endef define Package/python3-bcrypt/description - Good password hashing for your software and your servers. +Acceptable password hashing for your software and your servers (but you +should really use argon2id or scrypt) endef $(eval $(call Py3Package,python3-bcrypt)) diff --git a/lang/python/python-bcrypt/test.sh b/lang/python/python-bcrypt/test.sh new file mode 100644 index 000000000..9443614f4 --- /dev/null +++ b/lang/python/python-bcrypt/test.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +[ "$1" = python3-bcrypt ] || exit 0 + +python3 - << EOF +import sys +import bcrypt +password = b"super secret password" +hashed = bcrypt.hashpw(password, bcrypt.gensalt()) +sys.exit(0 if bcrypt.checkpw(password, hashed) else 1) +EOF From f3b8e569a5a619d87da873c3f9f657f77b1656c7 Mon Sep 17 00:00:00 2001 From: Stan Grishin Date: Sun, 1 Oct 2023 23:52:15 +0000 Subject: [PATCH 17/28] adblock-fast: update to 1.0.0-5 * improve processing of dnsmasq config files * do not run sed/show error if allow_filter is empty Signed-off-by: Stan Grishin --- net/adblock-fast/Makefile | 2 +- .../files/etc/init.d/adblock-fast | 29 ++++++++++++------- 2 files changed, 19 insertions(+), 12 deletions(-) diff --git a/net/adblock-fast/Makefile b/net/adblock-fast/Makefile index 23ec3acad..bd7ad9845 100644 --- a/net/adblock-fast/Makefile +++ b/net/adblock-fast/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=adblock-fast PKG_VERSION:=1.0.0 -PKG_RELEASE:=4 +PKG_RELEASE:=5 PKG_MAINTAINER:=Stan Grishin PKG_LICENSE:=GPL-3.0-or-later diff --git a/net/adblock-fast/files/etc/init.d/adblock-fast b/net/adblock-fast/files/etc/init.d/adblock-fast index b0ce90503..f885bd105 100755 --- a/net/adblock-fast/files/etc/init.d/adblock-fast +++ b/net/adblock-fast/files/etc/init.d/adblock-fast @@ -64,8 +64,9 @@ readonly sharedMemoryError="/dev/shm/$packageName-error" readonly hostsFilter='/localhost/d;/^#/d;/^[^0-9]/d;s/^0\.0\.0\.0.//;s/^127\.0\.0\.1.//;s/[[:space:]]*#.*$//;s/[[:cntrl:]]$//;s/[[:space:]]//g;/[`~!@#\$%\^&\*()=+;:"'\'',<>?/\|[{}]/d;/]/d;/\./!d;/^$/d;/[^[:alnum:]_.-]/d;' readonly domainsFilter='/^#/d;s/[[:space:]]*#.*$//;s/[[:space:]]*$//;s/[[:cntrl:]]$//;/[[:space:]]/d;/[`~!@#\$%\^&\*()=+;:"'\'',<>?/\|[{}]/d;/]/d;/\./!d;/^$/d;/[^[:alnum:]_.-]/d;' readonly adBlockPlusFilter='/^#/d;/^!/d;s/[[:space:]]*#.*$//;s/^||//;s/\^$//;s/[[:space:]]*$//;s/[[:cntrl:]]$//;/[[:space:]]/d;/[`~!@#\$%\^&\*()=+;:"'\'',<>?/\|[{}]/d;/]/d;/\./!d;/^$/d;/[^[:alnum:]_.-]/d;' -readonly dnsmasqFileFilter='\|^server=/[[:alnum:]_.-].*/|!d' -readonly dnsmasq2FileFilter='\|^local=/[[:alnum:]_.-].*/|!d' +readonly dnsmasqFileFilter='\|^server=/[[:alnum:]_.-].*/|!d;s|server=/||;s|/.*$||' +readonly dnsmasq2FileFilter='\|^local=/[[:alnum:]_.-].*/|!d;s|local=/||;s|/.*$||' +readonly dnsmasq3FileFilter='\|^address=/[[:alnum:]_.-].*/|!d;s|address=/||;s|/.*$||' readonly _OK_='\033[0;32m\xe2\x9c\x93\033[0m' readonly _FAIL_='\033[0;31m\xe2\x9c\x97\033[0m' readonly __OK__='\033[0;32m[\xe2\x9c\x93]\033[0m' @@ -279,6 +280,8 @@ append_url() { echo 'dnsmasq' elif grep -q '^local=' "$file"; then echo 'dnsmasq2' + elif grep -q '^address=' "$file"; then + echo 'dnsmasq3' elif grep -q '^0.0.0.0' "$file" || grep -q '^127.0.0.1' "$file"; then echo 'hosts' elif [ -n "$(sed "$domainsFilter" "$file" | head -1)" ]; then @@ -868,6 +871,7 @@ process_file_url() { adblockplus) filter="$adBlockPlusFilter";; dnsmasq) filter="$dnsmasqFileFilter";; dnsmasq2) filter="$dnsmasq2FileFilter";; + dnsmasq3) filter="$dnsmasq3FileFilter";; domains) filter="$domainsFilter";; hosts) filter="$hostsFilter";; *) @@ -878,7 +882,9 @@ process_file_url() { return 0 ;; esac - sed -i "$filter" "$R_TMP" + if [ -n "$filter" ] && [ "$action" != 'file' ]; then + sed -i "$filter" "$R_TMP" + fi if [ ! -s "$R_TMP" ]; then output 1 "$_FAIL_" output 2 "[DL] $type $label ($format) $__FAIL__\\n" @@ -1038,15 +1044,16 @@ $(cat $A_TMP)" mv "$A_TMP" "$B_TMP" fi - output 2 'Allowing domains ' - json set message "$(get_text "statusProcessing"): allowing domains" - if sed -i -E "$allow_filter" "$B_TMP"; then - output_ok - else - output_failn - json add error "errorAllowListProcessing" + if [ -n "$allow_filter" ]; then + output 2 'Allowing domains ' + json set message "$(get_text "statusProcessing"): allowing domains" + if sed -i -E "$allow_filter" "$B_TMP"; then + output_ok + else + output_failn + json add error "errorAllowListProcessing" + fi fi - output 2 'Formatting merged file ' json set message "$(get_text "statusProcessing"): formatting merged file" if [ -z "$outputFilterIPv6" ]; then From 06504d9dd29016361e5d4265cf0069092ac5274f Mon Sep 17 00:00:00 2001 From: Fabian Lipken Date: Tue, 3 Oct 2023 11:46:08 +0200 Subject: [PATCH 18/28] irssi: update to 1.4.5 Signed-off-by: Fabian Lipken --- net/irssi/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/irssi/Makefile b/net/irssi/Makefile index 85a136bf0..6047ec480 100644 --- a/net/irssi/Makefile +++ b/net/irssi/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=irssi -PKG_VERSION:=1.4.4 +PKG_VERSION:=1.4.5 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://github.com/irssi/irssi/releases/download/$(PKG_VERSION)/ -PKG_HASH:=fefe9ec8c7b1475449945c934a2360ab12693454892be47a6d288c63eb107ead +PKG_HASH:=72a951cb0ad622785a8962801f005a3a412736c7e7e3ce152f176287c52fe062 PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=COPYING From 9c2bf859005ada11c17835f74826b356cdb0fb7b Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Fri, 29 Sep 2023 17:40:29 +0200 Subject: [PATCH 19/28] prometheus-node-exporter-lua: drop bmx6 package In the OpenWrt routing feed, package bmx6 and luci-app-bmx6 were removed because the LuCI app was vulnerable to several CVEs, as found by dependabot. It has been reporting it for a few months and has even created an issue. These two packages are not maintained in OpenWrt as well in upstream. Users should switch to the bmx7 package. Fixes: 9fb9d9343ea27d6dbb5008ece10c0c843dd2c781 ("bmx6: drop package") in the routing feed Signed-off-by: Josef Schlehofer --- utils/prometheus-node-exporter-lua/Makefile | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/utils/prometheus-node-exporter-lua/Makefile b/utils/prometheus-node-exporter-lua/Makefile index 29a313bdb..a69f5320d 100644 --- a/utils/prometheus-node-exporter-lua/Makefile +++ b/utils/prometheus-node-exporter-lua/Makefile @@ -59,17 +59,6 @@ endef # Additional optional exporters: -define Package/prometheus-node-exporter-lua-bmx6 - $(call Package/prometheus-node-exporter-lua/Default) - TITLE+= (bmx6 links collector) - DEPENDS:=prometheus-node-exporter-lua bmx6 +lua-cjson +bmx6-json -endef - -define Package/prometheus-node-exporter-lua-bmx6/install - $(INSTALL_DIR) $(1)/usr/lib/lua/prometheus-collectors - $(INSTALL_BIN) ./files/usr/lib/lua/prometheus-collectors/bmx6.lua $(1)/usr/lib/lua/prometheus-collectors/ -endef - define Package/prometheus-node-exporter-lua-bmx7 $(call Package/prometheus-node-exporter-lua/Default) TITLE+= (bmx7 links collector) @@ -236,7 +225,6 @@ define Package/prometheus-node-exporter-lua-realtek-poe/install endef $(eval $(call BuildPackage,prometheus-node-exporter-lua)) -$(eval $(call BuildPackage,prometheus-node-exporter-lua-bmx6)) $(eval $(call BuildPackage,prometheus-node-exporter-lua-bmx7)) $(eval $(call BuildPackage,prometheus-node-exporter-lua-dawn)) $(eval $(call BuildPackage,prometheus-node-exporter-lua-hostapd_stations)) From b46ff1fd8a877afc0f36cf7df5b9aae9d15fdb95 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Mon, 2 Oct 2023 21:30:26 +0800 Subject: [PATCH 20/28] yq: Update to 4.35.2 Signed-off-by: Tianling Shen --- utils/yq/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/yq/Makefile b/utils/yq/Makefile index 600581050..6400b4807 100644 --- a/utils/yq/Makefile +++ b/utils/yq/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=yq -PKG_VERSION:=4.35.1 +PKG_VERSION:=4.35.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/mikefarah/yq/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=b3e079169529ec6b42925d0802c22d86f1ef6e1458dce67eae5a1d6db56cb8c3 +PKG_HASH:=8b17d710c56f764e9beff06d7a7b1c77d87c4ba4219ce4ce67e7ee29670f4f13 PKG_MAINTAINER:=Tianling Shen PKG_LICENSE:=MIT From dd5af62695e2c0fcf421adfffbea92f37d1a652d Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Tue, 3 Oct 2023 22:26:02 +0800 Subject: [PATCH 21/28] python-cffi: Update to 1.16.0 This includes a patch to unpin the version of setuptools required for build; the required version is newer than the version bundled with Python 3.11. This patch should not be necessary when Python 3.12 is available. Signed-off-by: Jeffery To --- lang/python/python-cffi/Makefile | 5 +++-- .../python-cffi/patches/001-unpin-setuptools.patch | 10 ++++++++++ lang/python/python-cffi/test.sh | 8 ++++++++ 3 files changed, 21 insertions(+), 2 deletions(-) create mode 100644 lang/python/python-cffi/patches/001-unpin-setuptools.patch create mode 100644 lang/python/python-cffi/test.sh diff --git a/lang/python/python-cffi/Makefile b/lang/python/python-cffi/Makefile index b14ef8099..74020d159 100644 --- a/lang/python/python-cffi/Makefile +++ b/lang/python/python-cffi/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-cffi -PKG_VERSION:=1.15.1 +PKG_VERSION:=1.16.0 PKG_RELEASE:=1 PYPI_NAME:=cffi -PKG_HASH:=d400bfb9a37b1351253cb402671cea7e89bdecc294e8016a707f6d1d8ac934f9 +PKG_HASH:=bcb3ef43e58665bbda2fb198698fcae6776483e0c4a631aa5647806c25e02cc0 PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE @@ -40,6 +40,7 @@ define Package/python3-cffi DEPENDS:= \ +libffi \ +python3-light \ + +python3-ctypes \ +python3-pycparser endef diff --git a/lang/python/python-cffi/patches/001-unpin-setuptools.patch b/lang/python/python-cffi/patches/001-unpin-setuptools.patch new file mode 100644 index 000000000..bf2774f54 --- /dev/null +++ b/lang/python/python-cffi/patches/001-unpin-setuptools.patch @@ -0,0 +1,10 @@ +--- a/pyproject.toml ++++ b/pyproject.toml +@@ -2,6 +2,6 @@ + requires = [ + # first version that supports Python 3.12; older versions may work + # with previous Python versions, but are not tested +- "setuptools >= 66.1" ++ "setuptools" + ] + build-backend = "setuptools.build_meta" diff --git a/lang/python/python-cffi/test.sh b/lang/python/python-cffi/test.sh new file mode 100644 index 000000000..48ea3adb7 --- /dev/null +++ b/lang/python/python-cffi/test.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +[ "$1" = python3-cffi ] || exit 0 + +python3 - << EOF +from cffi import FFI +ffibuilder = FFI() +EOF From 85540346fef07abf5df1a2d3558b341e7afb60d8 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Tue, 3 Oct 2023 22:54:02 +0800 Subject: [PATCH 22/28] python-charset-normalizer: Update to 3.3.0 Signed-off-by: Jeffery To --- lang/python/python-charset-normalizer/Makefile | 4 ++-- lang/python/python-charset-normalizer/test.sh | 12 ++++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) create mode 100644 lang/python/python-charset-normalizer/test.sh diff --git a/lang/python/python-charset-normalizer/Makefile b/lang/python/python-charset-normalizer/Makefile index 7a2e4ee07..6e88357d2 100644 --- a/lang/python/python-charset-normalizer/Makefile +++ b/lang/python/python-charset-normalizer/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-charset-normalizer -PKG_VERSION:=3.2.0 +PKG_VERSION:=3.3.0 PKG_RELEASE:=1 PYPI_NAME:=charset-normalizer -PKG_HASH:=3bb3d25a8e6c0aedd251753a79ae98a093c7e7b471faa3aa9a93a81431987ace +PKG_HASH:=63563193aec44bce707e0c5ca64ff69fa72ed7cf34ce6e11d5127555756fd2f6 PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE diff --git a/lang/python/python-charset-normalizer/test.sh b/lang/python/python-charset-normalizer/test.sh new file mode 100644 index 000000000..b1b2f7996 --- /dev/null +++ b/lang/python/python-charset-normalizer/test.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +[ "$1" = python3-charset-normalizer ] || exit 0 + +python3 - << EOF +import sys +from charset_normalizer import from_bytes +s = 'Bсеки човек има право на образование.' +byte_str = s.encode('cp1251') +result = from_bytes(byte_str).best() +sys.exit(0 if str(result) == s else 1) +EOF From 00cad2980cc7707f662acb1fa2a51c4e4fc331d9 Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Tue, 3 Oct 2023 21:30:15 +0200 Subject: [PATCH 23/28] banip: release 0.9.1-1 * drop packets silently on input and forwardwan chains or actively reject the traffic, set 'ban_blocktype' accordingly * optimized banIP boot/reload handling * removed pppoe quirk in device detection * small fixes and optimizations Signed-off-by: Dirk Brenken --- net/banip/Makefile | 2 +- net/banip/files/README.md | 6 +- net/banip/files/banip-functions.sh | 141 ++++++++++++++++++----------- net/banip/files/banip-service.sh | 9 +- net/banip/files/banip.init | 18 ++-- net/banip/files/banip.tpl | 4 +- 6 files changed, 110 insertions(+), 70 deletions(-) diff --git a/net/banip/Makefile b/net/banip/Makefile index fbcfd9791..0c9f4460f 100644 --- a/net/banip/Makefile +++ b/net/banip/Makefile @@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=banip -PKG_VERSION:=0.9.0 +PKG_VERSION:=0.9.1 PKG_RELEASE:=1 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/banip/files/README.md b/net/banip/files/README.md index 0ab0aac28..d65e6e391 100644 --- a/net/banip/files/README.md +++ b/net/banip/files/README.md @@ -162,9 +162,8 @@ Available commands: | ban_dev | list | - / autodetect | wan device(s), e.g. 'eth2' | | ban_vlanallow | list | - | always allow certain VLAN forwards, e.g. br-lan.20 | | ban_vlanblock | list | - | always block certain VLAN forwards, e.g. br-lan.10 | -| ban_trigger | list | - | logical startup trigger interface(s), e.g. 'wan' | -| ban_triggerdelay | option | 10 | trigger timeout before banIP processing begins | -| ban_triggeraction | option | start | trigger action on ifup events, e.g. start, restart or reload | +| ban_trigger | list | - | logical reload trigger interface(s), e.g. 'wan' | +| ban_triggerdelay | option | 10 | trigger timeout during interface reload and boot | | ban_deduplicate | option | 1 | deduplicate IP addresses across all active Sets | | ban_splitsize | option | 0 | split ext. Sets after every n lines/members (saves RAM) | | ban_cores | option | - / autodetect | limit the cpu cores used by banIP (saves RAM) | @@ -176,6 +175,7 @@ Available commands: | ban_asn | list | - | ASNs for the 'asn' feed, e.g.'32934' | | ban_country | list | - | country iso codes for the 'country' feed, e.g. 'ru' | | ban_blockpolicy | option | - | limit the default block policy to a certain chain, e.g. 'input', 'forwardwan' or 'forwardlan' | +| ban_blocktype | option | drop | 'drop' packets silently on input and forwardwan chains or actively 'reject' the traffic | | ban_blockinput | list | - | limit a feed to the wan-input chain, e.g. 'country' | | ban_blockforwardwan | list | - | limit a feed to the wan-forward chain, e.g. 'debl' | | ban_blockforwardlan | list | - | limit a feed to the lan-forward chain, e.g. 'doh' | diff --git a/net/banip/files/banip-functions.sh b/net/banip/files/banip-functions.sh index 545753635..c0c4ea959 100644 --- a/net/banip/files/banip-functions.sh +++ b/net/banip/files/banip-functions.sh @@ -65,6 +65,7 @@ ban_splitsize="0" ban_autodetect="1" ban_feed="" ban_blockpolicy="" +ban_blocktype="drop" ban_blockinput="" ban_blockforwardwan="" ban_blockforwardlan="" @@ -86,7 +87,6 @@ ban_cores="" ban_memory="" ban_packages="" ban_trigger="" -ban_triggerdelay="10" ban_resolver="" ban_enabled="0" ban_debug="0" @@ -283,8 +283,6 @@ f_conf() { } } config_load banip - - [ "${ban_action}" = "boot" ] && [ -z "${ban_trigger}" ] && sleep ${ban_triggerdelay} } # get nft/monitor actuals @@ -421,15 +419,10 @@ f_getdev() { network_flush_cache for iface in ${ban_ifv4} ${ban_ifv6}; do network_get_device dev "${iface}" - if [ -n "${dev}" ]; then - if printf "%s" "${dev}" | "${ban_grepcmd}" -qE "pppoe|6in4"; then - dev="${iface}" - fi - if ! printf " %s " "${ban_dev}" | "${ban_grepcmd}" -q " ${dev} "; then - ban_dev="${ban_dev}${dev} " - uci_add_list banip global ban_dev "${dev}" - f_log "info" "add device '${dev}' to config" - fi + if [ -n "${dev}" ] && ! printf " %s " "${ban_dev}" | "${ban_grepcmd}" -q " ${dev} "; then + ban_dev="${ban_dev}${dev} " + uci_add_list banip global ban_dev "${dev}" + f_log "info" "add device '${dev}' to config" fi done cnt="$((cnt + 1))" @@ -495,13 +488,15 @@ f_getuplink() { f_getfeed() { json_init if [ -s "${ban_customfeedfile}" ]; then - if ! json_load_file "${ban_customfeedfile}" >/dev/null 2>&1; then + if json_load_file "${ban_customfeedfile}" >/dev/null 2>&1; then + return + else f_log "info" "can't load banIP custom feed file" - if ! json_load_file "${ban_feedfile}" >/dev/null 2>&1; then - f_log "err" "can't load banIP feed file" - fi fi - elif ! json_load_file "${ban_feedfile}" >/dev/null 2>&1; then + fi + if [ -s "${ban_feedfile}" ] && json_load_file "${ban_feedfile}" >/dev/null 2>&1; then + return + else f_log "err" "can't load banIP feed file" fi } @@ -526,9 +521,9 @@ f_etag() { etag_id="$(printf "%s" "${http_head}" | "${ban_awkcmd}" 'tolower($0)~/^[[:space:]]*etag: /{gsub("\"","");printf "%s",$2}')" etag_rc="${?}" - if [ "${http_code}" = "404" ] || { [ "${etag_rc}" = "0" ] && [ -n "${etag_id}" ] && "${ban_grepcmd}" -q "^${feed}${feed_suffix}.*${etag_id}\$" "${ban_backupdir}/banIP.etag"; }; then + if [ "${http_code}" = "404" ] || { [ "${etag_rc}" = "0" ] && [ -n "${etag_id}" ] && "${ban_grepcmd}" -q "^${feed}${feed_suffix}[[:space:]]\+${etag_id}\$" "${ban_backupdir}/banIP.etag"; }; then out_rc="0" - elif [ "${etag_rc}" = "0" ] && [ -n "${etag_id}" ] && ! "${ban_grepcmd}" -q "^${feed}${feed_suffix}.*${etag_id}\$" "${ban_backupdir}/banIP.etag"; then + elif [ "${etag_rc}" = "0" ] && [ -n "${etag_id}" ] && ! "${ban_grepcmd}" -q "^${feed}${feed_suffix}[[:space:]]\+${etag_id}\$" "${ban_backupdir}/banIP.etag"; then "${ban_sedcmd}" -i "/^${feed}${feed_suffix}/d" "${ban_backupdir}/banIP.etag" printf "%-20s%s\n" "${feed}${feed_suffix}" "${etag_id}" >>"${ban_backupdir}/banIP.etag" out_rc="2" @@ -559,6 +554,12 @@ f_nftinit() { printf "%s\n" "add chain inet banIP wan-input { type filter hook input priority ${ban_nftpriority}; policy accept; }" printf "%s\n" "add chain inet banIP wan-forward { type filter hook forward priority ${ban_nftpriority}; policy accept; }" printf "%s\n" "add chain inet banIP lan-forward { type filter hook forward priority ${ban_nftpriority}; policy accept; }" + printf "%s\n" "add chain inet banIP reject-chain" + + # default reject rules + # + printf "%s\n" "add rule inet banIP reject-chain meta l4proto tcp reject with tcp reset" + printf "%s\n" "add rule inet banIP reject-chain reject" # default wan-input rules # @@ -581,7 +582,7 @@ f_nftinit() { printf "%s\n" "add rule inet banIP lan-forward ct state established,related counter accept" printf "%s\n" "add rule inet banIP lan-forward oifname != { ${wan_dev} } counter accept" [ -n "${vlan_allow}" ] && printf "%s\n" "add rule inet banIP lan-forward iifname { ${vlan_allow} } counter accept" - [ -n "${vlan_block}" ] && printf "%s\n" "add rule inet banIP lan-forward iifname { ${vlan_block} } counter reject" + [ -n "${vlan_block}" ] && printf "%s\n" "add rule inet banIP lan-forward iifname { ${vlan_block} } counter goto reject-chain" } >"${file}" # load initial banIP table within nft (atomic load) @@ -609,9 +610,9 @@ f_down() { tmp_nft="${ban_tmpfile}.${feed}.nft" tmp_allow="${ban_tmpfile}.${feed%v*}" - [ "${ban_loginput}" = "1" ] && log_input="log level ${ban_nftloglevel} prefix \"banIP/inp-wan/drp/${feed}: \"" - [ "${ban_logforwardwan}" = "1" ] && log_forwardwan="log level ${ban_nftloglevel} prefix \"banIP/fwd-wan/drp/${feed}: \"" - [ "${ban_logforwardlan}" = "1" ] && log_forwardlan="log level ${ban_nftloglevel} prefix \"banIP/fwd-lan/rej/${feed}: \"" + [ "${ban_loginput}" = "1" ] && log_input="log level ${ban_nftloglevel} prefix \"banIP/inp-wan/${ban_blocktype}/${feed}: \"" + [ "${ban_logforwardwan}" = "1" ] && log_forwardwan="log level ${ban_nftloglevel} prefix \"banIP/fwd-wan/${ban_blocktype}/${feed}: \"" + [ "${ban_logforwardlan}" = "1" ] && log_forwardlan="log level ${ban_nftloglevel} prefix \"banIP/fwd-lan/reject/${feed}: \"" # set feed block direction # @@ -724,21 +725,29 @@ f_down() { printf "%s\n" "add set inet banIP ${feed} { type ipv4_addr; flags interval; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }" if [ -z "${feed_direction##*input*}" ]; then if [ "${ban_allowlistonly}" = "1" ]; then - printf "%s\n" "add rule inet banIP wan-input ip saddr != @${feed} ${log_input} counter drop" + if [ "${ban_blocktype}" = "reject" ]; then + printf "%s\n" "add rule inet banIP wan-input ip saddr != @${feed} ${log_input} counter goto reject-chain" + else + printf "%s\n" "add rule inet banIP wan-input ip saddr != @${feed} ${log_input} counter drop" + fi else printf "%s\n" "add rule inet banIP wan-input ip saddr @${feed} counter accept" fi fi if [ -z "${feed_direction##*forwardwan*}" ]; then if [ "${ban_allowlistonly}" = "1" ]; then - printf "%s\n" "add rule inet banIP wan-forward ip saddr != @${feed} ${log_forwardwan} counter drop" + if [ "${ban_blocktype}" = "reject" ]; then + printf "%s\n" "add rule inet banIP wan-forward ip saddr != @${feed} ${log_forwardwan} counter goto reject-chain" + else + printf "%s\n" "add rule inet banIP wan-forward ip saddr != @${feed} ${log_forwardwan} counter drop" + fi else printf "%s\n" "add rule inet banIP wan-forward ip saddr @${feed} counter accept" fi fi if [ -z "${feed_direction##*forwardlan*}" ]; then if [ "${ban_allowlistonly}" = "1" ]; then - printf "%s\n" "add rule inet banIP lan-forward ip daddr != @${feed} ${log_forwardlan} counter reject with icmp type admin-prohibited" + printf "%s\n" "add rule inet banIP lan-forward ip daddr != @${feed} ${log_forwardlan} counter goto reject-chain" else printf "%s\n" "add rule inet banIP lan-forward ip daddr @${feed} counter accept" fi @@ -749,21 +758,29 @@ f_down() { printf "%s\n" "add set inet banIP ${feed} { type ipv6_addr; flags interval; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }" if [ -z "${feed_direction##*input*}" ]; then if [ "${ban_allowlistonly}" = "1" ]; then - printf "%s\n" "add rule inet banIP wan-input ip6 saddr != @${feed} ${log_input} counter drop" + if [ "${ban_blocktype}" = "reject" ]; then + printf "%s\n" "add rule inet banIP wan-input ip6 saddr != @${feed} ${log_input} counter goto reject-chain" + else + printf "%s\n" "add rule inet banIP wan-input ip6 saddr != @${feed} ${log_input} counter drop" + fi else printf "%s\n" "add rule inet banIP wan-input ip6 saddr @${feed} counter accept" fi fi if [ -z "${feed_direction##*forwardwan*}" ]; then if [ "${ban_allowlistonly}" = "1" ]; then - printf "%s\n" "add rule inet banIP wan-forward ip6 saddr != @${feed} ${log_forwardwan} counter drop" + if [ "${ban_blocktype}" = "reject" ]; then + printf "%s\n" "add rule inet banIP wan-forward ip6 saddr != @${feed} ${log_forwardwan} counter goto reject-chain" + else + printf "%s\n" "add rule inet banIP wan-forward ip6 saddr != @${feed} ${log_forwardwan} counter drop" + fi else printf "%s\n" "add rule inet banIP wan-forward ip6 saddr @${feed} counter accept" fi fi if [ -z "${feed_direction##*forwardlan*}" ]; then if [ "${ban_allowlistonly}" = "1" ]; then - printf "%s\n" "add rule inet banIP lan-forward ip6 daddr != @${feed} ${log_forwardlan} counter reject with icmpv6 type admin-prohibited" + printf "%s\n" "add rule inet banIP lan-forward ip6 daddr != @${feed} ${log_forwardlan} counter goto reject-chain" else printf "%s\n" "add rule inet banIP lan-forward ip6 daddr @${feed} counter accept" fi @@ -778,11 +795,11 @@ f_down() { if [ "${proto}" = "4MAC" ]; then "${ban_awkcmd}" '/^([0-9A-f]{2}:){5}[0-9A-f]{2}(\/([0-9]|[1-3][0-9]|4[0-8]))?([[:space:]]+([0-9]{1,3}\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\/(1?[0-9]|2?[0-9]|3?[0-2]))?[[:space:]]*$|[[:space:]]+$|$)/{if(!$2)$2="0.0.0.0/0";if(!seen[$1]++)printf "%s . %s, ",tolower($1),$2}' "${ban_blocklist}" >"${tmp_file}" printf "%s\n" "add set inet banIP ${feed} { type ether_addr . ipv4_addr; flags interval; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }" - [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ether saddr . ip saddr @${feed} counter reject" + [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ether saddr . ip saddr @${feed} counter goto reject-chain" elif [ "${proto}" = "6MAC" ]; then "${ban_awkcmd}" '/^([0-9A-f]{2}:){5}[0-9A-f]{2}(\/([0-9]|[1-3][0-9]|4[0-8]))?([[:space:]]+([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\/(1?[0-2][0-8]|[0-9][0-9]))?[[:space:]]*$|[[:space:]]+$|$)/{if(!$2)$2="::/0";if(!seen[$1]++)printf "%s . %s, ",tolower($1),$2}' "${ban_blocklist}" >"${tmp_file}" printf "%s\n" "add set inet banIP ${feed} { type ether_addr . ipv6_addr; flags interval; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }" - [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ether saddr . ip6 saddr @${feed} counter reject" + [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ether saddr . ip6 saddr @${feed} counter goto reject-chain" elif [ "${proto}" = "4" ]; then if [ "${ban_deduplicate}" = "1" ]; then "${ban_awkcmd}" '/^(([0-9]{1,3}\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]].*|$)/{printf "%s,\n",$1}' "${ban_blocklist}" >"${tmp_raw}" @@ -794,9 +811,14 @@ f_down() { fi "${ban_awkcmd}" '{ORS=" ";print}' "${tmp_split}" 2>/dev/null >"${tmp_file}" printf "%s\n" "add set inet banIP ${feed} { type ipv4_addr; flags interval, timeout; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }" - [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip saddr @${feed} ${log_input} counter drop" - [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip saddr @${feed} ${log_forwardwan} counter drop" - [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip daddr @${feed} ${log_forwardlan} counter reject with icmp type admin-prohibited" + if [ "${ban_blocktype}" = "reject" ]; then + [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip saddr @${feed} ${log_input} counter goto reject-chain" + [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip saddr @${feed} ${log_forwardwan} counter goto reject-chain" + else + [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip saddr @${feed} ${log_input} counter drop" + [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip saddr @${feed} ${log_forwardwan} counter drop" + fi + [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip daddr @${feed} ${log_forwardlan} counter goto reject-chain" elif [ "${proto}" = "6" ]; then if [ "${ban_deduplicate}" = "1" ]; then "${ban_awkcmd}" '!/^([0-9A-f]{2}:){5}[0-9A-f]{2}.*/{printf "%s\n",$1}' "${ban_blocklist}" | @@ -810,9 +832,14 @@ f_down() { fi "${ban_awkcmd}" '{ORS=" ";print}' "${tmp_split}" 2>/dev/null >"${tmp_file}" printf "%s\n" "add set inet banIP ${feed} { type ipv6_addr; flags interval, timeout; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }" - [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip6 saddr @${feed} ${log_input} counter drop" - [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip6 saddr @${feed} ${log_forwardwan} counter drop" - [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip6 daddr @${feed} ${log_forwardlan} counter reject with icmpv6 type admin-prohibited" + if [ "${ban_blocktype}" = "reject" ]; then + [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip6 saddr @${feed} ${log_input} counter goto reject-chain" + [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip6 saddr @${feed} ${log_forwardwan} counter goto reject-chain" + else + [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip6 saddr @${feed} ${log_input} counter drop" + [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip6 saddr @${feed} ${log_forwardwan} counter drop" + fi + [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip6 daddr @${feed} ${log_forwardlan} counter goto reject-chain" fi } >"${tmp_nft}" feed_rc="0" @@ -907,9 +934,14 @@ f_down() { # input and forward rules # - [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip saddr @${feed} ${log_input} counter drop" - [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip saddr @${feed} ${log_forwardwan} counter drop" - [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip daddr @${feed} ${log_forwardlan} counter reject with icmp type admin-prohibited" + if [ "${ban_blocktype}" = "reject" ]; then + [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip saddr @${feed} ${log_input} counter goto reject-chain" + [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip saddr @${feed} ${log_forwardwan} counter goto reject-chain" + else + [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip saddr @${feed} ${log_input} counter drop" + [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip saddr @${feed} ${log_forwardwan} counter drop" + fi + [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip daddr @${feed} ${log_forwardlan} counter goto reject-chain" } >"${tmp_nft}" elif [ "${feed_rc}" = "0" ] && [ "${proto}" = "6" ]; then { @@ -921,9 +953,14 @@ f_down() { # input and forward rules # - [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip6 saddr @${feed} ${log_input} counter drop" - [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip6 saddr @${feed} ${log_forwardwan} counter drop" - [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip6 daddr @${feed} ${log_forwardlan} counter reject with icmpv6 type admin-prohibited" + if [ "${ban_blocktype}" = "reject" ]; then + [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip6 saddr @${feed} ${log_input} counter goto reject-chain" + [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip6 saddr @${feed} ${log_forwardwan} counter goto reject-chain" + else + [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip6 saddr @${feed} ${log_input} counter drop" + [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip6 saddr @${feed} ${log_forwardwan} counter drop" + fi + [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip6 daddr @${feed} ${log_forwardlan} counter goto reject-chain" } >"${tmp_nft}" fi fi @@ -1035,18 +1072,18 @@ f_rmset() { # generate status information # f_genstatus() { - local object duration item table_sets cnt_elements="0" custom_feed="0" split="0" status="${1}" + local object end_time duration table_sets cnt_elements="0" custom_feed="0" split="0" status="${1}" [ -z "${ban_dev}" ] && f_conf if [ "${status}" = "active" ]; then - if [ -n "${ban_starttime}" ]; then - ban_endtime="$(date "+%s")" - duration="$(((ban_endtime - ban_starttime) / 60))m $(((ban_endtime - ban_starttime) % 60))s" + if [ -n "${ban_starttime}" ] && [ "${ban_action}" != "boot" ]; then + end_time="$(date "+%s")" + duration="$(((end_time - ban_starttime) / 60))m $(((end_time - ban_starttime) % 60))s" fi table_sets="$("${ban_nftcmd}" -tj list ruleset 2>/dev/null | "${ban_jsoncmd}" -qe '@.nftables[@.set.table="banIP"].set.name')" if [ "${ban_reportelements}" = "1" ]; then - for item in ${table_sets}; do - cnt_elements="$((cnt_elements + $("${ban_nftcmd}" -j list set inet banIP "${item}" 2>/dev/null | "${ban_jsoncmd}" -qe '@.nftables[*].set.elem[*]' | wc -l 2>/dev/null)))" + for object in ${table_sets}; do + cnt_elements="$((cnt_elements + $("${ban_nftcmd}" -j list set inet banIP "${object}" 2>/dev/null | "${ban_jsoncmd}" -qe '@.nftables[*].set.elem[*]' | wc -l 2>/dev/null)))" done fi runtime="action: ${ban_action:-"-"}, fetch: ${ban_fetchcmd##*/}, duration: ${duration:-"-"}, date: $(date "+%Y-%m-%d %H:%M:%S")" @@ -1437,13 +1474,11 @@ f_monitor() { local nft_expiry line proto ip log_raw log_count rdap_log rdap_rc rdap_elements rdap_info if [ -x "${ban_logreadcmd}" ] && [ -n "${ban_logterm%%??}" ] && [ "${ban_loglimit}" != "0" ]; then - f_log "info" "start detached banIP log service" [ -n "${ban_nftexpiry}" ] && nft_expiry="timeout $(printf "%s" "${ban_nftexpiry}" | "${ban_grepcmd}" -oE "([0-9]+[d|h|m|s])+$")" - "${ban_logreadcmd}" -fe "${ban_logterm%%??}" 2>/dev/null | while read -r line; do - : >"{ban_rdapfile}" + : >"${ban_rdapfile}" proto="" ip="$(printf "%s" "${line}" | "${ban_awkcmd}" 'BEGIN{RS="(([0-9]{1,3}\\.){3}[0-9]{1,3})+"}{if(!seen[RT]++)printf "%s ",RT}')" ip="$(f_trim "${ip}")" @@ -1455,7 +1490,7 @@ f_monitor() { ip="${ip##* }" [ -n "${ip}" ] && proto="v6" fi - if [ -n "${proto}" ] && ! "${ban_nftcmd}" get element inet banIP blocklist"${proto}" "{ ${ip} }" >/dev/null 2>&1; then + if [ -n "${proto}" ] && ! "${ban_nftcmd}" get element inet banIP blocklist"${proto}" "{ ${ip} }" >/dev/null 2>&1 && ! "${ban_grepcmd}" -q "^${ip}" "${ban_allowlist}"; then f_log "info" "suspicious IP '${ip}'" log_raw="$("${ban_logreadcmd}" -l "${ban_loglimit}" 2>/dev/null)" log_count="$(printf "%s\n" "${log_raw}" | "${ban_grepcmd}" -c "suspicious IP '${ip}'")" diff --git a/net/banip/files/banip-service.sh b/net/banip/files/banip-service.sh index 47abf43ca..67b45bff5 100755 --- a/net/banip/files/banip-service.sh +++ b/net/banip/files/banip-service.sh @@ -13,6 +13,7 @@ ban_funlib="/usr/lib/banip-functions.sh" # load config and set banIP environment # +[ "${ban_action}" = "boot" ] && sleep "$(uci_get banip global ban_triggerdelay "10")" f_conf f_log "info" "start banIP processing (${ban_action})" f_log "debug" "f_system ::: system: ${ban_sysver:-"n/a"}, version: ${ban_ver:-"n/a"}, memory: ${ban_memory:-"0"}, cpu_cores: ${ban_cores}" @@ -56,7 +57,11 @@ fi # handle downloads # f_log "info" "start banIP download processes" -[ "${ban_allowlistonly}" = "1" ] && ban_feed="" || f_getfeed +if [ "${ban_allowlistonly}" = "1" ]; then + ban_feed="" +else + f_getfeed +fi [ "${ban_deduplicate}" = "1" ] && printf "\n" >"${ban_tmpfile}.deduplicate" cnt="1" @@ -146,7 +151,7 @@ wait # if [ "${ban_mailnotification}" = "1" ] && [ -n "${ban_mailreceiver}" ] && [ -x "${ban_mailcmd}" ]; then ( - sleep ${ban_triggerdelay} + sleep 5 f_mail ) & fi diff --git a/net/banip/files/banip.init b/net/banip/files/banip.init index db584e2e2..a934b4a91 100755 --- a/net/banip/files/banip.init +++ b/net/banip/files/banip.init @@ -6,7 +6,7 @@ # (s)hellcheck exceptions # shellcheck disable=all -START=30 +START=95 USE_PROCD=1 extra_command "report" "[text|json|mail] Print banIP related Set statistics" @@ -22,8 +22,8 @@ ban_lock="/var/run/banip.lock" [ "${action}" = "boot" ] && "${ban_init}" running && exit 0 { [ "${action}" = "stop" ] || [ "${action}" = "report" ] || [ "${action}" = "search" ] || [ "${action}" = "survey" ] || [ "${action}" = "lookup" ]; } && ! "${ban_init}" running && exit 0 -[ -d "${ban_lock}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "lookup" ]; } && exit 1 -[ ! -d "${ban_lock}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "lookup" ]; } && mkdir -p "${ban_lock}" +[ -d "${ban_lock}" ] && { [ "${action}" = "boot" ] || [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "lookup" ]; } && exit 1 +[ ! -d "${ban_lock}" ] && { [ "${action}" = "boot" ] || [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "lookup" ]; } && mkdir -p "${ban_lock}" boot() { : >"${ban_pidfile}" @@ -32,7 +32,6 @@ boot() { start_service() { if "${ban_init}" enabled; then - [ "${action}" = "boot" ] && [ -n "$(uci_get banip global ban_trigger)" ] && return 0 [ -z "$(command -v "f_system")" ] && . "${ban_funlib}" f_rmpid procd_open_instance "banip-service" @@ -108,15 +107,16 @@ lookup() { } service_triggers() { - local iface trigger trigger_action delay + local iface trigger delay - trigger="$(uci_get banip global ban_trigger)" - trigger_action="$(uci_get banip global ban_triggeraction "start")" delay="$(uci_get banip global ban_triggerdelay "10")" - PROCD_RELOAD_DELAY=$((delay * 1000)) + trigger="$(uci_get banip global ban_trigger)" + PROCD_RELOAD_DELAY="$((delay * 1000))" for iface in ${trigger}; do - procd_add_interface_trigger "interface.*.up" "${iface}" "${ban_init}" "${trigger_action}" + procd_add_interface_trigger "interface.*.up" "${iface}" "${ban_init}" reload done + + PROCD_RELOAD_DELAY="$((2 * 1000))" procd_add_reload_trigger "banip" } diff --git a/net/banip/files/banip.tpl b/net/banip/files/banip.tpl index df5c7e8a1..18b06faf8 100644 --- a/net/banip/files/banip.tpl +++ b/net/banip/files/banip.tpl @@ -6,9 +6,9 @@ # local banip_info report_info log_info system_info mail_text -banip_info="$(/etc/init.d/banip status 2>/dev/null | awk '{NR=1;max=140;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{print substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')" +banip_info="$(/etc/init.d/banip status 2>/dev/null | awk '{NR=1;max=160;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{print substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')" report_info="$(cat ${ban_reportdir}/ban_report.txt 2>/dev/null)" -log_info="$("${ban_logreadcmd}" -l 100 -e "banIP/" 2>/dev/null | awk '{NR=1;max=140;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{print substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')" +log_info="$("${ban_logreadcmd}" -l 100 -e "banIP/" 2>/dev/null | awk '{NR=1;max=160;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{print substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')" system_info="$( strings /etc/banner 2>/dev/null ubus call system board | awk 'BEGIN{FS="[{}\"]"}{if($2=="kernel"||$2=="hostname"||$2=="system"||$2=="model"||$2=="description")printf " + %-12s: %s\n",$2,$4}' From 78bcdd0fd1291a1a02e0d73e43c28e04f36d507d Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Tue, 3 Oct 2023 22:59:58 +0800 Subject: [PATCH 24/28] python-packaging: Update to 23.2 Signed-off-by: Jeffery To --- lang/python/python-packaging/Makefile | 6 +++--- lang/python/python-packaging/test.sh | 11 +++++++++++ 2 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 lang/python/python-packaging/test.sh diff --git a/lang/python/python-packaging/Makefile b/lang/python/python-packaging/Makefile index cb4e0d039..1bec008be 100644 --- a/lang/python/python-packaging/Makefile +++ b/lang/python/python-packaging/Makefile @@ -7,11 +7,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-packaging -PKG_VERSION:=23.1 +PKG_VERSION:=23.2 PKG_RELEASE:=1 PYPI_NAME:=packaging -PKG_HASH:=a392980d2b6cffa644431898be54b0045151319d1e7ec34f0cfed48767dd334f +PKG_HASH:=048fb0e9405036518eaaf48a55953c750c11e1a1b68e0dd1a9d62ed0c092cfc5 PKG_MAINTAINER:=Jan Pavlinec , Jeffery To PKG_LICENSE:=Apache-2.0 BSD-2-Clause @@ -32,7 +32,7 @@ define Package/python3-packaging SUBMENU:=Python TITLE:=Core utilities for Python packages URL:=https://github.com/pypa/packaging - DEPENDS:=+python3-light +python3-logging +python3-urllib + DEPENDS:=+python3-light +python3-email +python3-logging +python3-urllib endef define Package/python3-packaging/description diff --git a/lang/python/python-packaging/test.sh b/lang/python/python-packaging/test.sh new file mode 100644 index 000000000..4fc13bae8 --- /dev/null +++ b/lang/python/python-packaging/test.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +[ "$1" = python3-packaging ] || exit 0 + +python3 - << EOF +import sys +from packaging.version import Version, parse +v1 = parse("1.0a5") +v2 = Version("1.0") +sys.exit(0 if v1 < v2 else 1) +EOF From 63993c5af9ff3dacd88e3b45ba6cde88a9cc1854 Mon Sep 17 00:00:00 2001 From: John Audia Date: Sun, 1 Oct 2023 10:30:44 -0400 Subject: [PATCH 25/28] ncdu: update to 1.19 Upstream bump Build system: x86_64 Build-tested: x86/64/AMD Cezanne Run-tested: x86/64/AMD Cezanne Signed-off-by: John Audia --- utils/ncdu/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/ncdu/Makefile b/utils/ncdu/Makefile index 539288671..5281742c1 100644 --- a/utils/ncdu/Makefile +++ b/utils/ncdu/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ncdu -PKG_VERSION:=1.18.1 +PKG_VERSION:=1.19 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://dev.yorhel.nl/download -PKG_HASH:=7c0fa1eb29d85aaed4ba174164bdbb8f011b5c390d017c57d668fc7231332405 +PKG_HASH:=30363019180cde0752c7fb006c12e154920412f4e1b5dc3090654698496bb17d PKG_MAINTAINER:=Charles E. Lehner PKG_LICENSE:=MIT From 2a4d2e8c9d950de947d45b39391f316f3a352e37 Mon Sep 17 00:00:00 2001 From: Amnon Paz Date: Tue, 26 Sep 2023 23:01:39 +0300 Subject: [PATCH 26/28] lua-openssl: Update to version 0.8.5-1 Signed-off-by: Amnon Paz --- lang/lua-openssl/Makefile | 4 ++-- lang/lua-openssl/patches/010-no-luajit.patch | 12 ++++++++---- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/lang/lua-openssl/Makefile b/lang/lua-openssl/Makefile index 29f70453d..9595478f6 100644 --- a/lang/lua-openssl/Makefile +++ b/lang/lua-openssl/Makefile @@ -12,8 +12,8 @@ PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/zhaozg/lua-openssl.git -PKG_SOURCE_VERSION:=0.8.2-1 -PKG_MIRROR_HASH:=3a7c8fcd76389970671bc8d07fe7a06225e537850b1ad209dda436fb3b5ea0cb +PKG_SOURCE_VERSION:=0.8.5-1 +PKG_MIRROR_HASH:=d2875aa9b87a80c71d57e2b29c8e882b41aa81f995043e0fbae9a642250ab1c7 PKG_MAINTAINER:=Amnon Paz PKG_LICENSE:=MIT diff --git a/lang/lua-openssl/patches/010-no-luajit.patch b/lang/lua-openssl/patches/010-no-luajit.patch index 502e2ca25..4530cde4e 100644 --- a/lang/lua-openssl/patches/010-no-luajit.patch +++ b/lang/lua-openssl/patches/010-no-luajit.patch @@ -1,10 +1,14 @@ --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -8,7 +8,6 @@ option(BUILD_SHARED_LUA_OPENSSL "Shared +@@ -8,10 +8,7 @@ option(BUILD_SHARED_LUA_OPENSSL "Shared include(GNUInstallDirs) -find_package(LuaJIT) - if(NOT LUAJIT_FOUND) - find_package(Lua REQUIRED) - endif() +-if(NOT LUAJIT_FOUND) +- find_package(Lua REQUIRED) +-endif() ++find_package(Lua REQUIRED) + find_package(OpenSSL REQUIRED) + + set(CMAKE_THREAD_PREFER_PTHREAD TRUE) From 62f01d7b36ca621f3b9e2e01c78a64e897dbf4e8 Mon Sep 17 00:00:00 2001 From: Jan Kratochvil Date: Tue, 3 Oct 2023 12:46:43 +0800 Subject: [PATCH 27/28] ffmpeg: Add avi muxer Otherwise one cannot produce *.avi containers needed for some H.264 camera codecs. Signed-off-by: Jan Kratochvil --- multimedia/ffmpeg/Config.in | 3 +++ multimedia/ffmpeg/Makefile | 1 + 2 files changed, 4 insertions(+) diff --git a/multimedia/ffmpeg/Config.in b/multimedia/ffmpeg/Config.in index 93cdd67cd..574ba2783 100644 --- a/multimedia/ffmpeg/Config.in +++ b/multimedia/ffmpeg/Config.in @@ -303,6 +303,9 @@ comment "Muxers" config FFMPEG_CUSTOM_MUXER_ac3 bool "AC3" +config FFMPEG_CUSTOM_MUXER_avi + bool "AVI" + config FFMPEG_CUSTOM_MUXER_h264 bool "H.264 Raw Video" depends on FFMPEG_CUSTOM_PATENTED diff --git a/multimedia/ffmpeg/Makefile b/multimedia/ffmpeg/Makefile index cd9c2fff5..af45a494e 100644 --- a/multimedia/ffmpeg/Makefile +++ b/multimedia/ffmpeg/Makefile @@ -69,6 +69,7 @@ FFMPEG_CUSTOM_DECODERS:= \ FFMPEG_CUSTOM_MUXERS:= \ ac3 \ + avi \ ffm \ h264 \ hevc \ From 2227198d74d3fe1e8ae547a632305b2f6e7434f9 Mon Sep 17 00:00:00 2001 From: Jan Kratochvil Date: Wed, 4 Oct 2023 10:13:20 +0800 Subject: [PATCH 28/28] ffmpeg: bump PKG_RELEASE Suggested by @neheb. Signed-off-by: Jan Kratochvil --- multimedia/ffmpeg/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/multimedia/ffmpeg/Makefile b/multimedia/ffmpeg/Makefile index af45a494e..cd0d383f2 100644 --- a/multimedia/ffmpeg/Makefile +++ b/multimedia/ffmpeg/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ffmpeg PKG_VERSION:=5.1.3 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://ffmpeg.org/releases/