From a2e76e49787e97253c02d72d27e3d304d68ff488 Mon Sep 17 00:00:00 2001 From: Michael Heimpold Date: Sat, 3 Jun 2023 17:57:18 +0200 Subject: [PATCH 01/10] php8: fix linking on riscv64 platform The buildbots failed for the mentioned platform with the following error: (I shortened the pathnames and broke long lines a little bit for readability) .../lib/gcc/riscv64-openwrt-linux-musl/12.3.0/../../../../ riscv64-openwrt-linux-musl/bin/ld: Zend/zend_execute_API.o: in function `.L533': zend_execute_API.c:(.text+0x1b1c): undefined reference to `__atomic_exchange_1' .../riscv64-openwrt-linux-musl/bin/ld: Zend/zend_atomic.o: in function `zend_atomic_bool_exchange': zend_atomic.c:(.text+0xc): undefined reference to `__atomic_exchange_1' collect2: error: ld returned 1 exit status make[4]: *** [Makefile:350: sapi/cli/php] Error 1 Inspired by the blog post[1], linking to libatomic explicitly seems to do the trick. [1] A RISC-V gcc pitfall revealed by a glibc update https://blog.jiejiss.com/A-RISC-V-gcc-pitfall-revealed-by-a-glibc-update Signed-off-by: Michael Heimpold --- lang/php8/Makefile | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/lang/php8/Makefile b/lang/php8/Makefile index fbe33886c..1a32d9aa1 100644 --- a/lang/php8/Makefile +++ b/lang/php8/Makefile @@ -94,7 +94,7 @@ endef define Package/php8-cli $(call Package/php8/Default) - DEPENDS+= +PACKAGE_php8-mod-intl:libstdcpp + DEPENDS+= +PACKAGE_php8-mod-intl:libstdcpp +riscv64:libatomic TITLE+= (CLI) endef @@ -105,7 +105,7 @@ endef define Package/php8-cgi $(call Package/php8/Default) - DEPENDS+= +PACKAGE_php8-mod-intl:libstdcpp + DEPENDS+= +PACKAGE_php8-mod-intl:libstdcpp +riscv64:libatomic TITLE+= (CGI & FastCGI) endef @@ -127,7 +127,7 @@ endef define Package/php8-fpm $(call Package/php8/Default) - DEPENDS+= +PACKAGE_php8-mod-intl:libstdcpp + DEPENDS+= +PACKAGE_php8-mod-intl:libstdcpp +riscv64:libatomic TITLE+= (FPM) endef @@ -159,6 +159,7 @@ define Package/apache-mod-php8 CATEGORY:=Network DEPENDS+=PACKAGE_apache-mod-php8:apache \ +PACKAGE_php8-mod-intl:libstdcpp \ + +riscv64:libatomic \ +libpcre2 +zlib TITLE:=PHP8 module for Apache Web Server endef @@ -197,6 +198,9 @@ endif ifeq ($(CONFIG_USE_MUSL),y) TARGET_CFLAGS += -D_LARGEFILE64_SOURCE endif +ifneq ($(findstring riscv64,$(CONFIG_ARCH)),) +TARGET_LDFLAGS += -latomic +endif ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-bcmath),) CONFIGURE_ARGS+= --enable-bcmath=shared @@ -603,6 +607,8 @@ define BuildModule define Package/php8-mod-$(1) $(call Package/php8/Default) + DEPENDS+=+riscv64:libatomic + ifneq ($(3),) DEPENDS+=$(3) endif From b098f2ac40b74117ed596cbecb2ab9abfa4388e1 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Tue, 6 Jun 2023 17:50:18 +0800 Subject: [PATCH 02/10] python3-asgiref: Update to 3.7.2, rename source package This renames the source package to python-asgiref to match other Python packages. This also updates the package title and URL. Signed-off-by: Jeffery To --- .../{python3-asgiref => python-asgiref}/Makefile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) rename lang/python/{python3-asgiref => python-asgiref}/Makefile (75%) diff --git a/lang/python/python3-asgiref/Makefile b/lang/python/python-asgiref/Makefile similarity index 75% rename from lang/python/python3-asgiref/Makefile rename to lang/python/python-asgiref/Makefile index d92ec91b9..4547758d9 100644 --- a/lang/python/python3-asgiref/Makefile +++ b/lang/python/python-asgiref/Makefile @@ -1,11 +1,11 @@ include $(TOPDIR)/rules.mk -PKG_NAME:=asgiref -PKG_VERSION:=3.4.1 -PKG_RELEASE:=2 +PKG_NAME:=python-asgiref +PKG_VERSION:=3.7.2 +PKG_RELEASE:=1 PYPI_NAME:=asgiref -PKG_HASH:=4ef1ab46b484e3c706329cedeff284a5d40824200638503f5768edb6de7d58e9 +PKG_HASH:=9e0ce3aa93a819ba5b45120216b23878cf6e8525eb3848653452b4192b92afed PKG_MAINTAINER:=Peter Stadler PKG_LICENSE:=BSD-3-Clause @@ -19,8 +19,8 @@ define Package/python3-asgiref SUBMENU:=Python SECTION:=lang CATEGORY:=Languages - TITLE:=Standard for Python asynchronous web apps and servers. - URL:=https://asgi.readthedocs.io/en/latest/ + TITLE:=ASGI specs, helper code, and adapters + URL:=https://github.com/django/asgiref/ DEPENDS:=+python3-light +python3-logging +python3-asyncio endef From 1813bf2c6e2f4cbf17af582d1626698fe8da5821 Mon Sep 17 00:00:00 2001 From: "S. Brusch" Date: Wed, 7 Jun 2023 21:10:03 +0200 Subject: [PATCH 03/10] crowdsec: new upstream release version 1.5.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update crowdsec to latest upstream release version 1.5.2 Signed-off-by: S. Brusch Maintainer: Kerma Gérald Run tested: ipq40xx/generic, Fritzbox 4040, Openwrt 22.03.5 Description: update to latest version of upstream --- net/crowdsec/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/crowdsec/Makefile b/net/crowdsec/Makefile index 73258d170..689daa7c1 100644 --- a/net/crowdsec/Makefile +++ b/net/crowdsec/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=crowdsec -PKG_VERSION:=1.5.1 +PKG_VERSION:=1.5.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/crowdsecurity/crowdsec/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=427f11b1a788a482b4fec8d23edd27ef589a58e1ebd0cb15182f105ad26f128b +PKG_HASH:=18de78572600166c3a7636e9cd4ea011d204211638810969d99cb65feb78c231 PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE From 808f67d6152fcac09dcda4d66e2bb285878fb3d4 Mon Sep 17 00:00:00 2001 From: Ivan Pavlov Date: Wed, 7 Jun 2023 20:58:42 +0300 Subject: [PATCH 04/10] openvpn: fix ipchange hotplug event In f8a8b71e26b9bdbf86fbb7d4d1482637af7f3ba4 openvpn introduced new hotplug events. For server config, ipchange hotplug event produces an error. So, make ipchange hotplug event for client only Fixes https://github.com/openwrt/packages/issues/21200 Signed-off-by: Ivan Pavlov --- net/openvpn/Makefile | 2 +- net/openvpn/files/openvpn.init | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/net/openvpn/Makefile b/net/openvpn/Makefile index 213f027fd..ac76841b8 100644 --- a/net/openvpn/Makefile +++ b/net/openvpn/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openvpn PKG_VERSION:=2.5.8 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE_URL:=\ https://build.openvpn.net/downloads/releases/ \ diff --git a/net/openvpn/files/openvpn.init b/net/openvpn/files/openvpn.init index b5f612e46..6eb305135 100644 --- a/net/openvpn/files/openvpn.init +++ b/net/openvpn/files/openvpn.init @@ -140,10 +140,11 @@ openvpn_get_credentials() { openvpn_add_instance() { local name="$1" local dir="$2" - local conf="$3" + local conf=$(basename "$3") local security="$4" local up="$5" local down="$6" + local client=$(grep -qEx "client|tls-client" "$dir/$conf" && echo 1) procd_open_instance "$name" procd_set_param command "$PROG" \ @@ -155,7 +156,7 @@ openvpn_add_instance() { --down "/usr/libexec/openvpn-hotplug down $name" \ --route-up "/usr/libexec/openvpn-hotplug route-up $name" \ --route-pre-down "/usr/libexec/openvpn-hotplug route-pre-down $name" \ - --ipchange "/usr/libexec/openvpn-hotplug ipchange $name" \ + ${client:+--ipchange "/usr/libexec/openvpn-hotplug ipchange $name"} \ ${up:+--setenv user_up "$up"} \ ${down:+--setenv user_down "$down"} \ --script-security "${security:-2}" \ From 779af4d40ccdc0f2a798ee6b6849abb37d202f1b Mon Sep 17 00:00:00 2001 From: Hirokazu MORIKAWA Date: Thu, 8 Jun 2023 14:37:38 +0900 Subject: [PATCH 05/10] avahi: Import patches for security fixes Imported patches included in debian and other package. * 200-Fix-NULL-pointer-crashes-from-175.patch CVE-2021-3502 A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability. * 201-Avoid-infinite-loop-in-avahi-daemon-by-handling-HUP-event.patch CVE-2021-3468 A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered. * 202-avahi_dns_packet_consume_uint32-fix-potential-undefined-b.patch avahi_dns_packet_consume_uint32 left shifts uint8_t values by 8, 16 and 24 bits to combine them into a 32-bit value. This produces an undefined behavior warning with gcc -fsanitize when fed input values of 128 or 255 however in testing no actual unexpected behavior occurs in practice and the 32-bit uint32_t is always correctly produced as the final value is immediately stored into a uint32_t and the compiler appears to handle this "correctly". Cast the intermediate values to uint32_t to prevent this warning and ensure the intended result is explicit. * 203-Do-not-disable-timeout-cleanup-on-watch-cleanup.patch This was causing timeouts to never be removed from the linked list that tracks them, resulting in both memory and CPU usage to grow larger over time. * 204-Emit-error-if-requested-service-is-not-found.patch It currently just crashes instead of replying with error. Check return value and emit error instead of passing NULL pointer to reply. * 205-conf-file-line-lengths.patch Allow avahi-daemon.conf file to have lines longer than 256 characters (new limit 1024). Signed-off-by: Hirokazu MORIKAWA --- libs/avahi/Makefile | 2 +- ...00-Fix-NULL-pointer-crashes-from-175.patch | 136 ++++++++++++++++++ ...n-avahi-daemon-by-handling-HUP-event.patch | 36 +++++ ...ume_uint32-fix-potential-undefined-b.patch | 27 ++++ ...ble-timeout-cleanup-on-watch-cleanup.patch | 22 +++ ...or-if-requested-service-is-not-found.patch | 54 +++++++ .../patches/205-conf-file-line-lengths.patch | 11 ++ 7 files changed, 287 insertions(+), 1 deletion(-) create mode 100644 libs/avahi/patches/200-Fix-NULL-pointer-crashes-from-175.patch create mode 100644 libs/avahi/patches/201-Avoid-infinite-loop-in-avahi-daemon-by-handling-HUP-event.patch create mode 100644 libs/avahi/patches/202-avahi_dns_packet_consume_uint32-fix-potential-undefined-b.patch create mode 100644 libs/avahi/patches/203-Do-not-disable-timeout-cleanup-on-watch-cleanup.patch create mode 100644 libs/avahi/patches/204-Emit-error-if-requested-service-is-not-found.patch create mode 100644 libs/avahi/patches/205-conf-file-line-lengths.patch diff --git a/libs/avahi/Makefile b/libs/avahi/Makefile index e80e91495..1ea497c56 100644 --- a/libs/avahi/Makefile +++ b/libs/avahi/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=avahi PKG_VERSION:=0.8 -PKG_RELEASE:=7 +PKG_RELEASE:=8 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/lathiat/avahi/releases/download/v$(PKG_VERSION) \ diff --git a/libs/avahi/patches/200-Fix-NULL-pointer-crashes-from-175.patch b/libs/avahi/patches/200-Fix-NULL-pointer-crashes-from-175.patch new file mode 100644 index 000000000..fbf8e8ecc --- /dev/null +++ b/libs/avahi/patches/200-Fix-NULL-pointer-crashes-from-175.patch @@ -0,0 +1,136 @@ +From 9d31939e55280a733d930b15ac9e4dda4497680c Mon Sep 17 00:00:00 2001 +From: Tommi Rantala +Date: Mon, 8 Feb 2021 11:04:43 +0200 +Subject: [PATCH] Fix NULL pointer crashes from #175 + +avahi-daemon is crashing when running "ping .local". +The crash is due to failing assertion from NULL pointer. +Add missing NULL pointer checks to fix it. + +Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd + +[Retrieved from: +https://github.com/lathiat/avahi/commit/9d31939e55280a733d930b15ac9e4dda4497680c] +Signed-off-by: Fabrice Fontaine +--- + avahi-core/browse-dns-server.c | 5 ++++- + avahi-core/browse-domain.c | 5 ++++- + avahi-core/browse-service-type.c | 3 +++ + avahi-core/browse-service.c | 3 +++ + avahi-core/browse.c | 3 +++ + avahi-core/resolve-address.c | 5 ++++- + avahi-core/resolve-host-name.c | 5 ++++- + avahi-core/resolve-service.c | 5 ++++- + 8 files changed, 29 insertions(+), 5 deletions(-) + +--- a/avahi-core/browse-dns-server.c ++++ b/avahi-core/browse-dns-server.c +@@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_serv + AvahiSDNSServerBrowser* b; + + b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_dns_server_browser_start(b); + + return b; +-} +\ No newline at end of file ++} +--- a/avahi-core/browse-domain.c ++++ b/avahi-core/browse-domain.c +@@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_brow + AvahiSDomainBrowser *b; + + b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_domain_browser_start(b); + + return b; +-} +\ No newline at end of file ++} +--- a/avahi-core/browse-service-type.c ++++ b/avahi-core/browse-service-type.c +@@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_servic + AvahiSServiceTypeBrowser *b; + + b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_type_browser_start(b); + + return b; +--- a/avahi-core/browse-service.c ++++ b/avahi-core/browse-service.c +@@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_br + AvahiSServiceBrowser *b; + + b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_browser_start(b); + + return b; +--- a/avahi-core/browse.c ++++ b/avahi-core/browse.c +@@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_brow + AvahiSRecordBrowser *b; + + b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_record_browser_start_query(b); + + return b; +--- a/avahi-core/resolve-address.c ++++ b/avahi-core/resolve-address.c +@@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_r + AvahiSAddressResolver *b; + + b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_address_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} +--- a/avahi-core/resolve-host-name.c ++++ b/avahi-core/resolve-host-name.c +@@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_nam + AvahiSHostNameResolver *b; + + b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_host_name_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} +--- a/avahi-core/resolve-service.c ++++ b/avahi-core/resolve-service.c +@@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_r + AvahiSServiceResolver *b; + + b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} diff --git a/libs/avahi/patches/201-Avoid-infinite-loop-in-avahi-daemon-by-handling-HUP-event.patch b/libs/avahi/patches/201-Avoid-infinite-loop-in-avahi-daemon-by-handling-HUP-event.patch new file mode 100644 index 000000000..6a2123f51 --- /dev/null +++ b/libs/avahi/patches/201-Avoid-infinite-loop-in-avahi-daemon-by-handling-HUP-event.patch @@ -0,0 +1,36 @@ +From: Riccardo Schirone +Date: Fri, 26 Mar 2021 11:50:24 +0100 +Subject: Avoid infinite-loop in avahi-daemon by handling HUP event in + client_work + +If a client fills the input buffer, client_work() disables the +AVAHI_WATCH_IN event, thus preventing the function from executing the +`read` syscall the next times it is called. However, if the client then +terminates the connection, the socket file descriptor receives a HUP +event, which is not handled, thus the kernel keeps marking the HUP event +as occurring. While iterating over the file descriptors that triggered +an event, the client file descriptor will keep having the HUP event and +the client_work() function is always called with AVAHI_WATCH_HUP but +without nothing being done, thus entering an infinite loop. + +See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938 + +(cherry picked from commit 447affe29991ee99c6b9732fc5f2c1048a611d3b) +--- + avahi-daemon/simple-protocol.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/avahi-daemon/simple-protocol.c ++++ b/avahi-daemon/simple-protocol.c +@@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watc + } + } + ++ if (events & AVAHI_WATCH_HUP) { ++ client_free(c); ++ return; ++ } ++ + c->server->poll_api->watch_update( + watch, + (c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) | diff --git a/libs/avahi/patches/202-avahi_dns_packet_consume_uint32-fix-potential-undefined-b.patch b/libs/avahi/patches/202-avahi_dns_packet_consume_uint32-fix-potential-undefined-b.patch new file mode 100644 index 000000000..c757d6b78 --- /dev/null +++ b/libs/avahi/patches/202-avahi_dns_packet_consume_uint32-fix-potential-undefined-b.patch @@ -0,0 +1,27 @@ +From: traffic-millions <60914101+traffic-millions@users.noreply.github.com> +Date: Tue, 3 Mar 2020 11:15:48 +0800 +Subject: avahi_dns_packet_consume_uint32: fix potential undefined behavior + +avahi_dns_packet_consume_uint32 left shifts uint8_t values by 8, 16 and 24 bits to combine them into a 32-bit value. This produces an undefined behavior warning with gcc -fsanitize when fed input values of 128 or 255 however in testing no actual unexpected behavior occurs in practice and the 32-bit uint32_t is always correctly produced as the final value is immediately stored into a uint32_t and the compiler appears to handle this "correctly". + +Cast the intermediate values to uint32_t to prevent this warning and ensure the intended result is explicit. + +Closes: #267 +Closes: #268 +Reference: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19304 +Origin: upstream, 0.9, commit:b897ca43ac100d326d118e5877da710eb7f836f9 +--- + avahi-core/dns.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/avahi-core/dns.c ++++ b/avahi-core/dns.c +@@ -455,7 +455,7 @@ int avahi_dns_packet_consume_uint32(Avah + return -1; + + d = (uint8_t*) (AVAHI_DNS_PACKET_DATA(p) + p->rindex); +- *ret_v = (d[0] << 24) | (d[1] << 16) | (d[2] << 8) | d[3]; ++ *ret_v = ((uint32_t)d[0] << 24) | ((uint32_t)d[1] << 16) | ((uint32_t)d[2] << 8) | (uint32_t)d[3]; + p->rindex += sizeof(uint32_t); + + return 0; diff --git a/libs/avahi/patches/203-Do-not-disable-timeout-cleanup-on-watch-cleanup.patch b/libs/avahi/patches/203-Do-not-disable-timeout-cleanup-on-watch-cleanup.patch new file mode 100644 index 000000000..d6d5490ea --- /dev/null +++ b/libs/avahi/patches/203-Do-not-disable-timeout-cleanup-on-watch-cleanup.patch @@ -0,0 +1,22 @@ +From: Gustavo Noronha Silva +Date: Sun, 2 Jan 2022 22:29:04 -0300 +Subject: Do not disable timeout cleanup on watch cleanup + +This was causing timeouts to never be removed from the linked list that +tracks them, resulting in both memory and CPU usage to grow larger over +time. +--- + avahi-common/simple-watch.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/avahi-common/simple-watch.c ++++ b/avahi-common/simple-watch.c +@@ -238,7 +238,7 @@ static void cleanup_watches(AvahiSimpleP + destroy_watch(w); + } + +- s->timeout_req_cleanup = 0; ++ s->watch_req_cleanup = 0; + } + + static AvahiTimeout* timeout_new(const AvahiPoll *api, const struct timeval *tv, AvahiTimeoutCallback callback, void *userdata) { diff --git a/libs/avahi/patches/204-Emit-error-if-requested-service-is-not-found.patch b/libs/avahi/patches/204-Emit-error-if-requested-service-is-not-found.patch new file mode 100644 index 000000000..c4c87b4fd --- /dev/null +++ b/libs/avahi/patches/204-Emit-error-if-requested-service-is-not-found.patch @@ -0,0 +1,54 @@ +From: =?utf-8?b?UGV0ciBNZW7FocOtaw==?= +Date: Thu, 17 Nov 2022 01:51:53 +0100 +Subject: Emit error if requested service is not found + +It currently just crashes instead of replying with error. Check return +value and emit error instead of passing NULL pointer to reply. + +Fixes #375 + +(cherry picked from commit a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f) +--- + avahi-daemon/dbus-protocol.c | 20 ++++++++++++++------ + 1 file changed, 14 insertions(+), 6 deletions(-) + +--- a/avahi-daemon/dbus-protocol.c ++++ b/avahi-daemon/dbus-protocol.c +@@ -375,10 +375,14 @@ static DBusHandlerResult dbus_get_altern + } + + t = avahi_alternative_host_name(n); +- avahi_dbus_respond_string(c, m, t); +- avahi_free(t); +- +- return DBUS_HANDLER_RESULT_HANDLED; ++ if (t) { ++ avahi_dbus_respond_string(c, m, t); ++ avahi_free(t); ++ ++ return DBUS_HANDLER_RESULT_HANDLED; ++ } else { ++ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Hostname not found"); ++ } + } + + static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DBusMessage *m, DBusError *error) { +@@ -389,10 +393,14 @@ static DBusHandlerResult dbus_get_altern + } + + t = avahi_alternative_service_name(n); +- avahi_dbus_respond_string(c, m, t); +- avahi_free(t); +- +- return DBUS_HANDLER_RESULT_HANDLED; ++ if (t) { ++ avahi_dbus_respond_string(c, m, t); ++ avahi_free(t); ++ ++ return DBUS_HANDLER_RESULT_HANDLED; ++ } else { ++ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Service not found"); ++ } + } + + static DBusHandlerResult dbus_create_new_entry_group(DBusConnection *c, DBusMessage *m, DBusError *error) { diff --git a/libs/avahi/patches/205-conf-file-line-lengths.patch b/libs/avahi/patches/205-conf-file-line-lengths.patch new file mode 100644 index 000000000..3ea8a1de1 --- /dev/null +++ b/libs/avahi/patches/205-conf-file-line-lengths.patch @@ -0,0 +1,11 @@ +--- a/avahi-daemon/ini-file-parser.c ++++ b/avahi-daemon/ini-file-parser.c +@@ -50,7 +50,7 @@ AvahiIniFile* avahi_ini_file_load(const + + line = 0; + while (!feof(fo)) { +- char ln[256], *s, *e; ++ char ln[1024], *s, *e; + AvahiIniFilePair *pair; + + if (!(fgets(ln, sizeof(ln), fo))) From f3118b535099220ce7755251c65dd6f0d5f9f43e Mon Sep 17 00:00:00 2001 From: Gerard Ryan Date: Tue, 6 Jun 2023 20:20:40 +1000 Subject: [PATCH 06/10] runc: Update to 1.1.7 for docker 24.0.2 Signed-off-by: Gerard Ryan --- utils/runc/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/runc/Makefile b/utils/runc/Makefile index 442a0900a..669018056 100644 --- a/utils/runc/Makefile +++ b/utils/runc/Makefile @@ -1,14 +1,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=runc -PKG_VERSION:=1.1.4 +PKG_VERSION:=1.1.7 PKG_RELEASE:=2 PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/opencontainers/runc/tar.gz/v${PKG_VERSION}? -PKG_HASH:=4f02077432642eebd768fc857318ae7929290b3a3511eb1be338005e360cfa34 +PKG_HASH:=f1885d6dfa188f8112328ac2355e5d67346174a2e2e795ec514a972bcbfcc2fa PKG_MAINTAINER:=Gerard Ryan From 3513df750d08f3312044d3161492c1e7b3b10295 Mon Sep 17 00:00:00 2001 From: Gerard Ryan Date: Tue, 6 Jun 2023 20:21:22 +1000 Subject: [PATCH 07/10] containerd: Update to 1.7.1 for docker 24.0.2 Signed-off-by: Gerard Ryan --- utils/containerd/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/containerd/Makefile b/utils/containerd/Makefile index bfb07c5a9..78aee46fa 100644 --- a/utils/containerd/Makefile +++ b/utils/containerd/Makefile @@ -1,14 +1,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=containerd -PKG_VERSION:=1.6.16 +PKG_VERSION:=1.7.1 PKG_RELEASE:=1 PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/containerd/containerd/tar.gz/v${PKG_VERSION}? -PKG_HASH:=e0a893cf67df9dfaecbcde2ba4e896efb3a86ffe48dcfe0d2b26f7cf19b5af3a +PKG_HASH:=fd844af82afda7242d8eba5e0086c5a0d54ddc3041c1bbdd4d3c62bfee844e3a PKG_MAINTAINER:=Gerard Ryan From f4e04022b97ed3f4553fc25b8fc470c8f07fc5ec Mon Sep 17 00:00:00 2001 From: Gerard Ryan Date: Tue, 6 Jun 2023 20:22:01 +1000 Subject: [PATCH 08/10] docker: Update to 24.0.2 Signed-off-by: Gerard Ryan --- utils/docker/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/utils/docker/Makefile b/utils/docker/Makefile index e099a5dce..206653731 100644 --- a/utils/docker/Makefile +++ b/utils/docker/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=docker -PKG_VERSION:=23.0.1 +PKG_VERSION:=24.0.2 PKG_RELEASE:=1 PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE @@ -10,8 +10,8 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_GIT_URL:=github.com/docker/cli PKG_GIT_REF:=v$(PKG_VERSION) PKG_SOURCE_URL:=https://codeload.$(PKG_GIT_URL)/tar.gz/$(PKG_GIT_REF)? -PKG_HASH:=37bc1c71a782fc10d35aa6708c1b3c90a71f3947c33665cb0de68df25dc14d94 -PKG_GIT_SHORT_COMMIT:=a5ee5b1 # SHA1 used within the docker executables +PKG_HASH:=632357aa58d7f5e16ce87dbd73641c5f65c25b6501e3917ac4f0ce553a01e0bc +PKG_GIT_SHORT_COMMIT:=cb74dfc # SHA1 used within the docker executables PKG_MAINTAINER:=Gerard Ryan From 9d3c3350a6c3a3774d99529cb6ad813660e3947f Mon Sep 17 00:00:00 2001 From: Gerard Ryan Date: Tue, 6 Jun 2023 20:23:07 +1000 Subject: [PATCH 09/10] dockerd: Update to 24.0.2 Signed-off-by: Gerard Ryan --- utils/dockerd/Makefile | 6 +++--- utils/dockerd/patches/001-libdevmapper_name_fix.patch | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/utils/dockerd/Makefile b/utils/dockerd/Makefile index 80cdf0531..bddf58327 100644 --- a/utils/dockerd/Makefile +++ b/utils/dockerd/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dockerd -PKG_VERSION:=23.0.1 +PKG_VERSION:=24.0.2 PKG_RELEASE:=1 PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE @@ -10,8 +10,8 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_GIT_URL:=github.com/moby/moby PKG_GIT_REF:=v$(PKG_VERSION) PKG_SOURCE_URL:=https://codeload.$(PKG_GIT_URL)/tar.gz/$(PKG_GIT_REF)? -PKG_HASH:=c8e6c0ac5f0c772023e3430f80190e0f86644b6d94cac63118b03561385f7b56 -PKG_GIT_SHORT_COMMIT:=bc3805a # SHA1 used within the docker executables +PKG_HASH:=f4bc7d7cc2ee3671371ae80fd624e61f0598e614b5c235012581f8ec1d593aa0 +PKG_GIT_SHORT_COMMIT:=659604f # SHA1 used within the docker executables PKG_MAINTAINER:=Gerard Ryan diff --git a/utils/dockerd/patches/001-libdevmapper_name_fix.patch b/utils/dockerd/patches/001-libdevmapper_name_fix.patch index ec3fc649f..8070090d4 100644 --- a/utils/dockerd/patches/001-libdevmapper_name_fix.patch +++ b/utils/dockerd/patches/001-libdevmapper_name_fix.patch @@ -1,6 +1,6 @@ --- a/hack/make.sh +++ b/hack/make.sh -@@ -100,7 +100,7 @@ fi +@@ -98,7 +98,7 @@ fi # functionality. We favour libdm_dlsym_deferred_remove over # libdm_no_deferred_remove in dynamic cases because the binary could be shipped # with a newer libdevmapper than the one it was built with. From 1a9f2b66fe5e8f48c37934bfed7e7e3ef36870df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?= Date: Fri, 9 Jun 2023 15:19:55 +0200 Subject: [PATCH 10/10] acme-acmesh: Bump to version 3.0.6 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Important security fix. Signed-off-by: Toke Høiland-Jørgensen --- net/acme-acmesh/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/acme-acmesh/Makefile b/net/acme-acmesh/Makefile index 553d8ddf5..a97326f34 100644 --- a/net/acme-acmesh/Makefile +++ b/net/acme-acmesh/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=acme-acmesh -PKG_VERSION:=3.0.1 -PKG_RELEASE:=11 +PKG_VERSION:=3.0.6 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/acmesh-official/acme.sh/tar.gz/$(PKG_VERSION)? -PKG_HASH:=6212cc0c2bca99a7dd6cbb4236b4c7dd5d1113dab0841e66dae4d307d902a8e6 +PKG_HASH:=4a8e44c27e2a8f01a978e8d15add8e9908b83f9b1555670e49a9b769421f5fa6 PKG_BUILD_DIR:=$(BUILD_DIR)/acme.sh-$(PKG_VERSION) PKG_MAINTAINER:=Toke Høiland-Jørgensen