From ba879a144db1c8a3ef1d4a0e67981294a0474555 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Thu, 23 Feb 2023 17:27:33 +0100 Subject: [PATCH 01/15] clamav: update to 0.104.4 * remove upstreamed 100-cmake-fix-findcurses.patch Signed-off-by: Michal Vasilek --- net/clamav/Makefile | 6 ++--- .../patches/100-cmake-fix-findcurses.patch | 22 ------------------- 2 files changed, 3 insertions(+), 25 deletions(-) delete mode 100644 net/clamav/patches/100-cmake-fix-findcurses.patch diff --git a/net/clamav/Makefile b/net/clamav/Makefile index de53e6bf3..cf903f4ca 100644 --- a/net/clamav/Makefile +++ b/net/clamav/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=clamav -PKG_VERSION:=0.104.2 -PKG_RELEASE:=$(AUTORELEASE) +PKG_VERSION:=0.104.4 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://www.clamav.net/downloads/production/ -PKG_HASH:=3e45e46d9aaeb3a6956ed30376237ab7c4cd9573bc0f5d6fc15c588d30978d9d +PKG_HASH:=8ac32e910aa744cc7f921c5122ba523ef1ffbbbf94545f94fc4a976b502be74b PKG_MAINTAINER:=Marko Ratkaj \ Lucian Cristian diff --git a/net/clamav/patches/100-cmake-fix-findcurses.patch b/net/clamav/patches/100-cmake-fix-findcurses.patch deleted file mode 100644 index cee304d62..000000000 --- a/net/clamav/patches/100-cmake-fix-findcurses.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 0f03ec698e67ea3c0f21ba021c922146d5ad07b2 Mon Sep 17 00:00:00 2001 -From: Carlos Velasco -Date: Thu, 4 Nov 2021 09:11:06 +0100 -Subject: [PATCH] CMake: Fix FindCurses.cmake try packate ncursesw if ncurses - not found - -Change to pkg_search_module, first try to find ncurses pkg, if not found, then try with ncursesw pkg ---- - cmake/FindCURSES.cmake | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/cmake/FindCURSES.cmake -+++ b/cmake/FindCURSES.cmake -@@ -43,7 +43,7 @@ The following cache variables may also b - - find_package(PkgConfig QUIET) - # First try for NCurses --pkg_check_modules(PC_NCurses QUIET ncurses) -+pkg_search_module (PC_NCurses QUIET ncurses ncursesw) - - find_path(NCURSES_INCLUDE_DIR - NAMES ncurses.h From 0a00f0f2a582bc11979ecef2c60a68584fe4e935 Mon Sep 17 00:00:00 2001 From: Alan Swanson Date: Tue, 28 Feb 2023 09:45:37 +0000 Subject: [PATCH 02/15] sed: remove old libpcre dependency Signed-off-by: Alan Swanson --- utils/sed/Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/utils/sed/Makefile b/utils/sed/Makefile index ed7ba173d..895e0a88d 100644 --- a/utils/sed/Makefile +++ b/utils/sed/Makefile @@ -29,7 +29,6 @@ define Package/sed SECTION:=utils CATEGORY:=Utilities TITLE:=sed stream editor utility - full version - DEPENDS:=+libpcre URL:=https://www.gnu.org/software/sed/ ALTERNATIVES:=300:/bin/sed:/usr/libexec/sed-gnu endef From b52fdec65966ead40aba5c9aefba88386623e614 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Wed, 1 Mar 2023 16:41:48 +0800 Subject: [PATCH 03/15] cloudflared: Update to 2023.2.2 Signed-off-by: Tianling Shen --- net/cloudflared/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/cloudflared/Makefile b/net/cloudflared/Makefile index 9c80f8426..b0e3caeef 100644 --- a/net/cloudflared/Makefile +++ b/net/cloudflared/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=cloudflared -PKG_VERSION:=2023.2.1 +PKG_VERSION:=2023.2.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/cloudflare/cloudflared/tar.gz/$(PKG_VERSION)? -PKG_HASH:=468b0953eca6ab189859073067857062c91ed9adb18e12a43527e0dba3aa6409 +PKG_HASH:=b0abaff125d29c517894f6ea74dcc7044c92500670463595ba9ff4950a1d2fc2 PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE From 3291f1004ca6fdab7cea3c276934caffe998a9e6 Mon Sep 17 00:00:00 2001 From: Jianhui Zhao Date: Mon, 27 Feb 2023 23:02:44 +0800 Subject: [PATCH 04/15] lua-eco: update to 2.0.0 Signed-off-by: Jianhui Zhao --- lang/lua-eco/Makefile | 188 ++++++++++++++++++++++++++---------------- 1 file changed, 115 insertions(+), 73 deletions(-) diff --git a/lang/lua-eco/Makefile b/lang/lua-eco/Makefile index 3aa9aa9dd..c836de92e 100644 --- a/lang/lua-eco/Makefile +++ b/lang/lua-eco/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lua-eco -PKG_VERSION:=1.0.0 -PKG_RELEASE:=4 +PKG_VERSION:=2.0.0 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL=https://github.com/zhaojh329/lua-eco/releases/download/v$(PKG_VERSION) -PKG_HASH:=d9fd04acb4bd64f47a3a3e6a8d30ee1d0860221c5798ca528cf52260470b4155 +PKG_HASH:=df2bed363ac89ce5c776c02baa914fbf4b096e0b87cbf4347d1a48cb4d3b8428 PKG_MAINTAINER:=Jianhui Zhao PKG_LICENSE:=MIT @@ -21,16 +21,19 @@ include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/cmake.mk define Package/lua-eco - TITLE:=A Lua coroutine library + TITLE:=A Lua interpreter with a built-in libev event loop SECTION:=lang CATEGORY:=Languages SUBMENU:=Lua URL:=https://github.com/zhaojh329/lua-eco - DEPENDS:=+libev + DEPENDS:=+libev +liblua endef define Package/lua-eco/description - Lua-eco is a Lua coroutine library which was implemented based on IO event. + Lua-eco is a Lua interpreter with a built-in libev event loop. It makes all Lua code + running in Lua coroutines so code that does I/O can be suspended until data is ready. + This allows you write code as if you're using blocking I/O, while still allowing code + in other coroutines to run when you'd otherwise wait for I/O. It's kind of like Goroutines. endef define Package/lua-eco/Module @@ -42,63 +45,40 @@ define Package/lua-eco/Module DEPENDS:=+lua-eco $2 endef -Package/lua-eco-log=$(call Package/lua-eco/Module,Log utils) -Package/lua-eco-sys=$(call Package/lua-eco/Module,System utils) -Package/lua-eco-dns=$(call Package/lua-eco/Module,DNS) -Package/lua-eco-socket=$(call Package/lua-eco/Module,Socket) -Package/lua-eco-ssl=$(call Package/lua-eco/Module,SSL,\ - @(PACKAGE_libopenssl||PACKAGE_libwolfssl||PACKAGE_libmbedtls) \ - LUA_ECO_OPENSSL:libopenssl LUA_ECO_WOLFSSL:libwolfssl \ - LUA_ECO_MBEDTLS:libmbedtls +LUA_ECO_MBEDTLS:zlib) -Package/lua-eco-iw=$(call Package/lua-eco/Module,IW utils,+libmnl) -Package/lua-eco-ip=$(call Package/lua-eco/Module,IP utils,+libmnl) -Package/lua-eco-file=$(call Package/lua-eco/Module,File utils) -Package/lua-eco-ubus=$(call Package/lua-eco/Module,Ubus,+libubus) +Package/lua-eco-log=$(call Package/lua-eco/Module,log utils) +Package/lua-eco-sys=$(call Package/lua-eco/Module,system utils) +Package/lua-eco-file=$(call Package/lua-eco/Module,file utils) +Package/lua-eco-base64=$(call Package/lua-eco/Module,base64) +Package/lua-eco-sha1=$(call Package/lua-eco/Module,sha1) +Package/lua-eco-socket=$(call Package/lua-eco/Module,socket,+lua-eco-file +lua-eco-sys) +Package/lua-eco-dns=$(call Package/lua-eco/Module,dns,+lua-eco-socket +luabitop) +Package/lua-eco-ssl=$(call Package/lua-eco/Module,ssl,\ + +LUA_ECO_OPENSSL:libopenssl +LUA_ECO_WOLFSSL:libwolfssl \ + +LUA_ECO_MBEDTLS:libmbedtls +LUA_ECO_MBEDTLS:zlib +lua-eco-socket) +Package/lua-eco-ubus=$(call Package/lua-eco/Module,ubus,+libubus) +Package/lua-eco-termios=$(call Package/lua-eco/Module,termios) +Package/lua-eco-http=$(call Package/lua-eco/Module,http/https,+lua-eco-dns +lua-eco-ssl +lua-eco-log) +Package/lua-eco-mqtt=$(call Package/lua-eco/Module,mqtt,+lua-eco-socket +lua-eco-dns +lua-mosquitto) +Package/lua-eco-websocket=$(call Package/lua-eco/Module,websocket,+lua-eco-http +lua-eco-base64 +lua-eco-sha1) define Package/lua-eco-ssl/config - config LUA_ECO_DEFAULT_WOLFSSL - bool - default y if PACKAGE_libopenssl != y && \ - (PACKAGE_libwolfssl >= PACKAGE_libopenssl || \ - PACKAGE_libwolfsslcpu-crypto >= PACKAGE_libopenssl) && \ - (PACKAGE_libwolfssl >= PACKAGE_libmbedtls || \ - PACKAGE_libwolfsslcpu-crypto >= PACKAGE_libmbedtls) + choice + prompt "SSL Library" + default LUA_ECO_WOLFSSL - config LUA_ECO_DEFAULT_OPENSSL - bool - default y if !LUA_ECO_DEFAULT_WOLFSSL && \ - PACKAGE_libopenssl >= PACKAGE_libmbedtls + config LUA_ECO_OPENSSL + bool "OpenSSL" - config LUA_ECO_DEFAULT_MBEDTLS - bool - default y if !LUA_ECO_DEFAULT_WOLFSSL && \ - !LUA_ECO_DEFAULT_OPENSSL + config LUA_ECO_WOLFSSL + bool "wolfSSL" - choice - prompt "SSL Library" - default LUA_ECO_OPENSSL if LUA_ECO_DEFAULT_OPENSSL - default LUA_ECO_WOLFSSL if LUA_ECO_DEFAULT_WOLFSSL - default LUA_ECO_MBEDTLS if LUA_ECO_DEFAULT_MBEDTLS - config LUA_ECO_OPENSSL - bool "OpenSSL" - depends on PACKAGE_libopenssl - config LUA_ECO_WOLFSSL - bool "wolfSSL" - depends on PACKAGE_libwolfssl || PACKAGE_libwolfsslcpu-crypto - config LUA_ECO_MBEDTLS - bool "mbedTLS" - depends on PACKAGE_libmbedtls - endchoice + config LUA_ECO_MBEDTLS + bool "mbedTLS" + endchoice endef CMAKE_OPTIONS += \ - -DECO_LOG_SUPPORT=O$(if $(CONFIG_PACKAGE_lua-eco-log),N,FF) \ - -DECO_SYS_SUPPORT=O$(if $(CONFIG_PACKAGE_lua-eco-sys),N,FF) \ - -DECO_DNS_SUPPORT=O$(if $(CONFIG_PACKAGE_lua-eco-dns),N,FF) \ - -DECO_SOCKET_SUPPORT=O$(if $(CONFIG_PACKAGE_lua-eco-socket),N,FF) \ - -DECO_IW_SUPPORT=O$(if $(CONFIG_PACKAGE_lua-eco-iw),N,FF) \ - -DECO_IP_SUPPORT=O$(if $(CONFIG_PACKAGE_lua-eco-ip),N,FF) \ - -DECO_FILE_SUPPORT=O$(if $(CONFIG_PACKAGE_lua-eco-file),N,FF) \ + -DPLATFORM="openwrt" \ -DECO_UBUS_SUPPORT=O$(if $(CONFIG_PACKAGE_lua-eco-ubus),N,FF) \ -DECO_SSL_SUPPORT=O$(if $(CONFIG_PACKAGE_lua-eco-ssl),N,FF) @@ -113,32 +93,94 @@ ifneq ($(CONFIG_PACKAGE_lua-eco-ssl),) endif define Package/lua-eco/install - $(INSTALL_DIR) $(1)/usr/lib/lua - $(INSTALL_BIN) $(PKG_BUILD_DIR)/eco.so $(1)/usr/lib/lua + $(INSTALL_DIR) $(1)/usr/bin $(1)/usr/lib/lua/eco/core $(1)/usr/lib/lua/eco/encoding + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/eco $(1)/usr/bin + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/encoding/hex.lua $(1)/usr/lib/lua/eco/encoding + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/{time,bufio}.so $(1)/usr/lib/lua/eco/core + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/{time,bufio,bit,sync}.lua $(1)/usr/lib/lua/eco endef -define Package/lua-eco/Module/install +define Package/lua-eco-log/install $(INSTALL_DIR) $(1)/usr/lib/lua/eco - $(INSTALL_BIN) $(PKG_BUILD_DIR)/$2.so $(1)/usr/lib/lua/eco + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/log.so $(1)/usr/lib/lua/eco endef -Package/lua-eco-log/install=$(call Package/lua-eco/Module/install,$1,log) -Package/lua-eco-sys/install=$(call Package/lua-eco/Module/install,$1,sys) -Package/lua-eco-dns/install=$(call Package/lua-eco/Module/install,$1,dns) -Package/lua-eco-socket/install=$(call Package/lua-eco/Module/install,$1,socket) -Package/lua-eco-ssl/install=$(call Package/lua-eco/Module/install,$1,ssl) -Package/lua-eco-iw/install=$(call Package/lua-eco/Module/install,$1,iw) -Package/lua-eco-ip/install=$(call Package/lua-eco/Module/install,$1,ip) -Package/lua-eco-file/install=$(call Package/lua-eco/Module/install,$1,file) -Package/lua-eco-ubus/install=$(call Package/lua-eco/Module/install,$1,ubus) +define Package/lua-eco-sys/install + $(INSTALL_DIR) $(1)/usr/lib/lua/eco/core + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/sys.lua $(1)/usr/lib/lua/eco + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/sys.so $(1)/usr/lib/lua/eco/core +endef + +define Package/lua-eco-file/install + $(INSTALL_DIR) $(1)/usr/lib/lua/eco/core + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/file.lua $(1)/usr/lib/lua/eco + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/file.so $(1)/usr/lib/lua/eco/core +endef + +define Package/lua-eco-base64/install + $(INSTALL_DIR) $(1)/usr/lib/lua/eco/encoding + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/encoding/base64.so $(1)/usr/lib/lua/eco/encoding +endef + +define Package/lua-eco-sha1/install + $(INSTALL_DIR) $(1)/usr/lib/lua/eco/crypto + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/crypto/sha1.so $(1)/usr/lib/lua/eco/crypto +endef + +define Package/lua-eco-socket/install + $(INSTALL_DIR) $(1)/usr/lib/lua/eco/core + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/socket.lua $(1)/usr/lib/lua/eco + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/socket.so $(1)/usr/lib/lua/eco/core +endef + +define Package/lua-eco-dns/install + $(INSTALL_DIR) $(1)/usr/lib/lua/eco + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/dns.lua $(1)/usr/lib/lua/eco +endef + +define Package/lua-eco-ssl/install + $(INSTALL_DIR) $(1)/usr/lib/lua/eco/core + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/ssl.lua $(1)/usr/lib/lua/eco + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/ssl.so $(1)/usr/lib/lua/eco/core +endef + +define Package/lua-eco-ubus/install + $(INSTALL_DIR) $(1)/usr/lib/lua/eco/core + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/ubus.lua $(1)/usr/lib/lua/eco + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/ubus.so $(1)/usr/lib/lua/eco/core +endef + +define Package/lua-eco-http/install + $(INSTALL_DIR) $(1)/usr/lib/lua/eco + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/{url,http}.lua $(1)/usr/lib/lua/eco +endef + +define Package/lua-eco-mqtt/install + $(INSTALL_DIR) $(1)/usr/lib/lua/eco + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/mqtt.lua $(1)/usr/lib/lua/eco +endef + +define Package/lua-eco-websocket/install + $(INSTALL_DIR) $(1)/usr/lib/lua/eco + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/websocket.lua $(1)/usr/lib/lua/eco +endef + +define Package/lua-eco-termios/install + $(INSTALL_DIR) $(1)/usr/lib/lua/eco + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/termios.so $(1)/usr/lib/lua/eco +endef $(eval $(call BuildPackage,lua-eco)) $(eval $(call BuildPackage,lua-eco-log)) $(eval $(call BuildPackage,lua-eco-sys)) -$(eval $(call BuildPackage,lua-eco-dns)) -$(eval $(call BuildPackage,lua-eco-socket)) -$(eval $(call BuildPackage,lua-eco-ssl)) -$(eval $(call BuildPackage,lua-eco-iw)) -$(eval $(call BuildPackage,lua-eco-ip)) $(eval $(call BuildPackage,lua-eco-file)) +$(eval $(call BuildPackage,lua-eco-base64)) +$(eval $(call BuildPackage,lua-eco-sha1)) +$(eval $(call BuildPackage,lua-eco-socket)) +$(eval $(call BuildPackage,lua-eco-dns)) +$(eval $(call BuildPackage,lua-eco-ssl)) $(eval $(call BuildPackage,lua-eco-ubus)) +$(eval $(call BuildPackage,lua-eco-http)) +$(eval $(call BuildPackage,lua-eco-mqtt)) +$(eval $(call BuildPackage,lua-eco-websocket)) +$(eval $(call BuildPackage,lua-eco-termios)) From a1c80c1f3757bc3178866488af2e6e127ae3f1ce Mon Sep 17 00:00:00 2001 From: Oskari Rauta Date: Wed, 22 Feb 2023 16:38:26 +0000 Subject: [PATCH 05/15] nfs-kernel-server: update to v2.6.2 Also added patch that is from alpine's same package to assist building on musl. Hostpkg build on musl also kept failing, so I added few more overrides, which made it work perfectly. Signed-off-by: Oskari Rauta --- net/nfs-kernel-server/Makefile | 9 +- .../patches/110-move-hardcoded-rundir.patch | 2 +- .../patches/130-musl-svcgssd-sysconf.patch | 144 ++++++++++++++++++ .../patches/200-fix-macos-build.patch | 6 +- 4 files changed, 154 insertions(+), 7 deletions(-) create mode 100644 net/nfs-kernel-server/patches/130-musl-svcgssd-sysconf.patch diff --git a/net/nfs-kernel-server/Makefile b/net/nfs-kernel-server/Makefile index 01f19ba03..c7a3a1f57 100644 --- a/net/nfs-kernel-server/Makefile +++ b/net/nfs-kernel-server/Makefile @@ -7,9 +7,9 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nfs-kernel-server -PKG_VERSION:=2.5.4 -PKG_RELEASE:=5 -PKG_HASH:=546ce4b51eeebc66e354b6cc6ca0ce509437efbdef0caaf99389534eef0e598b +PKG_VERSION:=2.6.2 +PKG_RELEASE:=1 +PKG_HASH:=26d46448982252e9e2c8346d10cf13e1143e7089c866f53e25db3359f3e9493c PKG_SOURCE_URL:=@SF/nfs PKG_SOURCE:=nfs-utils-$(PKG_VERSION).tar.xz @@ -150,6 +150,9 @@ HOST_CONFIGURE_VARS += \ ac_cv_header_blkid_blkid_h=yes \ ac_cv_lib_resolv___res_querydomain=yes \ ac_cv_func_prctl=yes \ + ac_cv_sizeof_size_t=0 \ + ac_cv_func_getrpcbynumber=yes \ + ac_cv_func_getrpcbynumber_r=yes \ enable_ipv6=no \ GSSGLUE_CFLAGS=" " \ GSSGLUE_LIBS=" " \ diff --git a/net/nfs-kernel-server/patches/110-move-hardcoded-rundir.patch b/net/nfs-kernel-server/patches/110-move-hardcoded-rundir.patch index d78be6974..fa097fb47 100644 --- a/net/nfs-kernel-server/patches/110-move-hardcoded-rundir.patch +++ b/net/nfs-kernel-server/patches/110-move-hardcoded-rundir.patch @@ -3,7 +3,7 @@ @@ -64,7 +64,7 @@ #define EVENT_BUFSIZE (1024 * EVENT_SIZE) - #define RPCPIPE_DIR "/var/lib/nfs/rpc_pipefs" + #define RPCPIPE_DIR NFS_STATEDIR "/rpc_pipefs" -#define PID_FILE "/run/blkmapd.pid" +#define PID_FILE "/tmp/run/blkmapd.pid" diff --git a/net/nfs-kernel-server/patches/130-musl-svcgssd-sysconf.patch b/net/nfs-kernel-server/patches/130-musl-svcgssd-sysconf.patch new file mode 100644 index 000000000..a498e3908 --- /dev/null +++ b/net/nfs-kernel-server/patches/130-musl-svcgssd-sysconf.patch @@ -0,0 +1,144 @@ +--- a/support/nfsidmap/libnfsidmap.c ++++ b/support/nfsidmap/libnfsidmap.c +@@ -452,11 +452,17 @@ int nfs4_init_name_mapping(char *conffil + + nobody_user = conf_get_str("Mapping", "Nobody-User"); + if (nobody_user) { +- size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX); ++ long scbuflen = sysconf(_SC_GETPW_R_SIZE_MAX); ++ size_t buflen = 1024; /*value on my gentoo glibc system that has _SC_GETPW_R_SIZE_MAX*/ + struct passwd *buf; + struct passwd *pw = NULL; + int err; + ++ /*sysconf can return -1 when _SC_GETPW_R_SIZE_MAX is not defined, like on musl systems, if cast to size_t this will lead ++ to an integer overflow, which leads to a buffer overflow and crashes svcgssd */ ++ if (scbuflen > 0) ++ buflen = (size_t)scbuflen; ++ + buf = malloc(sizeof(*buf) + buflen); + if (buf) { + err = getpwnam_r(nobody_user, buf, ((char *)buf) + sizeof(*buf), buflen, &pw); +@@ -473,11 +479,17 @@ int nfs4_init_name_mapping(char *conffil + + nobody_group = conf_get_str("Mapping", "Nobody-Group"); + if (nobody_group) { +- size_t buflen = sysconf(_SC_GETGR_R_SIZE_MAX); ++ long scbuflen = sysconf(_SC_GETGR_R_SIZE_MAX); ++ size_t buflen = 1024; /*value on my gentoo glibc system that has _SC_GETGR_R_SIZE_MAX*/ + struct group *buf; + struct group *gr = NULL; + int err; + ++ /*sysconf can return -1 when _SC_GETGR_R_SIZE_MAX is not defined, like on musl systems, if cast to size_t this will lead ++ to an integer overflow, which leads to a buffer overflow and crashes svcgssd */ ++ if (scbuflen > 0) ++ buflen = (size_t)scbuflen; ++ + buf = malloc(sizeof(*buf) + buflen); + if (buf) { + err = getgrnam_r(nobody_group, buf, ((char *)buf) + sizeof(*buf), buflen, &gr); +--- a/support/nfsidmap/static.c ++++ b/support/nfsidmap/static.c +@@ -98,10 +98,14 @@ static struct passwd *static_getpwnam(co + { + struct passwd *pw; + struct pwbuf *buf; +- size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX); ++ long scbuflen = sysconf(_SC_GETPW_R_SIZE_MAX); ++ size_t buflen = 1024; + char *localname; + int err; + ++ if (scbuflen > 0) ++ buflen = (size_t)scbuflen; ++ + buf = malloc(sizeof(*buf) + buflen); + if (!buf) { + err = ENOMEM; +@@ -149,10 +153,14 @@ static struct group *static_getgrnam(con + { + struct group *gr; + struct grbuf *buf; +- size_t buflen = sysconf(_SC_GETGR_R_SIZE_MAX); ++ long scbuflen = sysconf(_SC_GETGR_R_SIZE_MAX); ++ size_t buflen = 1024; + char *localgroup; + int err; + ++ if (scbuflen > 0) ++ buflen = (size_t)scbuflen; ++ + buf = malloc(sizeof(*buf) + buflen); + if (!buf) { + err = ENOMEM; +--- a/support/nfsidmap/nss.c ++++ b/support/nfsidmap/nss.c +@@ -91,9 +91,13 @@ static int nss_uid_to_name(uid_t uid, ch + struct passwd *pw = NULL; + struct passwd pwbuf; + char *buf; +- size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX); ++ long scbuflen = sysconf(_SC_GETPW_R_SIZE_MAX); ++ size_t buflen = 1024; + int err = -ENOMEM; + ++ if (scbuflen > 0) ++ buflen = (size_t)scbuflen; ++ + buf = malloc(buflen); + if (!buf) + goto out; +@@ -119,9 +123,13 @@ static int nss_gid_to_name(gid_t gid, ch + struct group *gr = NULL; + struct group grbuf; + char *buf; +- size_t buflen = sysconf(_SC_GETGR_R_SIZE_MAX); ++ long scbuflen = sysconf(_SC_GETGR_R_SIZE_MAX); ++ size_t buflen = 1024; + int err; + ++ if (scbuflen > 0) ++ buflen = (size_t)scbuflen; ++ + if (domain == NULL) + domain = get_default_domain(); + +@@ -192,12 +200,13 @@ static struct passwd *nss_getpwnam(const + { + struct passwd *pw; + struct pwbuf *buf; +- size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX); ++ long scbuflen = sysconf(_SC_GETPW_R_SIZE_MAX); ++ size_t buflen = 1024; + char *localname; + int err = ENOMEM; + +- if (buflen > UINT_MAX) +- goto err; ++ if (scbuflen > 0) ++ buflen = (size_t)scbuflen; + + buf = malloc(sizeof(*buf) + buflen); + if (buf == NULL) +@@ -301,7 +310,8 @@ static int _nss_name_to_gid(char *name, + struct group *gr = NULL; + struct group grbuf; + char *buf, *domain; +- size_t buflen = sysconf(_SC_GETGR_R_SIZE_MAX); ++ long scbuflen = sysconf(_SC_GETGR_R_SIZE_MAX); ++ size_t buflen = 1024; + int err = -EINVAL; + char *localname = NULL; + char *ref_name = NULL; +@@ -327,8 +337,8 @@ static int _nss_name_to_gid(char *name, + } + + err = -ENOMEM; +- if (buflen > UINT_MAX) +- goto out_name; ++ if (scbuflen > 0) ++ buflen = (size_t)scbuflen; + + do { + buf = malloc(buflen); diff --git a/net/nfs-kernel-server/patches/200-fix-macos-build.patch b/net/nfs-kernel-server/patches/200-fix-macos-build.patch index 42ef78351..0509e5128 100644 --- a/net/nfs-kernel-server/patches/200-fix-macos-build.patch +++ b/net/nfs-kernel-server/patches/200-fix-macos-build.patch @@ -2,9 +2,9 @@ fix stat64 issue for modern macos versions (including macos arm64) --- a/tools/rpcgen/rpc_main.c +++ b/tools/rpcgen/rpc_main.c -@@ -62,6 +62,12 @@ - #define EXTEND 1 /* alias for TRUE */ - #define DONT_EXTEND 0 /* alias for FALSE */ +@@ -68,6 +68,12 @@ + # endif + #endif +#ifdef __APPLE__ +# if __DARWIN_ONLY_64_BIT_INO_T From e93a9d006323e86df7322b7423d8bbb93e8a1ce1 Mon Sep 17 00:00:00 2001 From: Vladimir Ermakov Date: Sat, 28 May 2022 18:33:35 +0300 Subject: [PATCH 06/15] qemu: update to 7.2.0 drop disas and bios patches refresh patches qemu: vhost-scsi does not exist, drop unsupported vhost options qemu: disable VDUSE by default qemu: slirp and vnc-png option gone Note: libpng still needed if vnc enabled. Link: https://github.com/openwrt/packages/pull/18623 Signed-off-by: Vladimir Ermakov (squash commits) Signed-off-by: Yousong Zhou --- utils/qemu/Makefile | 22 ++----- ...nfigure-allow-disable-fortify_source.patch | 4 +- ...-guest_agent-no-matter-whether-softm.patch | 25 -------- ...lation-failure-when-isnan-is-a-macro.patch | 64 ------------------- ...ilation-when-AS-is-actually-gcc-driv.patch | 29 --------- ...ate-applets-for-guest-shutdown-modes.patch | 20 +++--- utils/qemu/patches/0010-no-tests.patch | 8 +-- 7 files changed, 21 insertions(+), 151 deletions(-) delete mode 100644 utils/qemu/patches/0003-configure-enable-guest_agent-no-matter-whether-softm.patch delete mode 100644 utils/qemu/patches/0004-disas-fix-compilation-failure-when-isnan-is-a-macro.patch delete mode 100644 utils/qemu/patches/0005-pc-bios-fix-compilation-when-AS-is-actually-gcc-driv.patch diff --git a/utils/qemu/Makefile b/utils/qemu/Makefile index f846141c5..7f97b392c 100644 --- a/utils/qemu/Makefile +++ b/utils/qemu/Makefile @@ -9,10 +9,10 @@ include $(TOPDIR)/rules.mk PKG_NAME:=qemu -PKG_VERSION:=6.2.0 -PKG_RELEASE:=$(AUTORELEASE) +PKG_VERSION:=7.2.0 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_HASH:=68e15d8e45ac56326e0b9a4afa8b49a3dfe8aba3488221d098c84698bca65b45 +PKG_HASH:=5b49ce2687744dad494ae90a898c52204a3406e84d072482a1e1be854eeb2157 PKG_SOURCE_URL:=http://download.qemu.org/ PKG_LICENSE:=GPL-2.0-only PKG_LICENSE_FILES:=LICENSE tcg/LICENSE @@ -192,8 +192,8 @@ define qemu-target URL:=http://www.qemu.org DEPENDS:= +glib2 +libpthread +zlib +libbpf $(QEMU_DEPS_IN_HOST) $(qemu-target-$(1)-deps) \ +QEMU_UI_VNC:qemu-keymaps \ + +QEMU_UI_VNC:libpng \ +QEMU_UI_VNC_JPEG:libjpeg \ - +QEMU_UI_VNC_PNG:libpng \ +QEMU_UI_VNC_SASL:libsasl2 \ +QEMU_UI_SPICE:libspice-server \ +QEMU_DEV_USB:libusb-1.0 \ @@ -246,11 +246,6 @@ config QEMU_UI_VNC_JPEG default n depends on QEMU_UI_VNC -config QEMU_UI_VNC_PNG - bool "QEMU VNC png tight encoding support" - default n - depends on QEMU_UI_VNC - config QEMU_UI_VNC_SASL bool "QEMU VNC SASL auth support" default n @@ -276,7 +271,6 @@ endef PKG_CONFIG_DEPENDS += \ CONFIG_QEMU_UI_VNC \ CONFIG_QEMU_UI_VNC_JPEG \ - CONFIG_QEMU_UI_VNC_PNG \ CONFIG_QEMU_UI_VNC_SASL \ CONFIG_QEMU_UI_SPICE \ CONFIG_QEMU_DEV_USB \ @@ -311,11 +305,8 @@ CONFIGURE_ARGS += \ --enable-vhost-crypto \ --enable-vhost-kernel \ --enable-vhost-net \ - --enable-vhost-scsi \ --enable-vhost-user \ - --enable-vhost-user-fs \ --enable-vhost-user-blk-server \ - --enable-vhost-vsock \ --enable-vhost-vdpa \ # Image formats support @@ -335,7 +326,6 @@ CONFIGURE_ARGS += \ --disable-bsd-user \ --disable-linux-user \ --enable-system \ - --enable-slirp=system \ # accel CONFIGURE_ARGS += \ @@ -356,7 +346,6 @@ CONFIGURE_ARGS += \ --disable-virglrenderer \ --$(if $(CONFIG_QEMU_UI_VNC),enable,disable)-vnc \ --$(if $(CONFIG_QEMU_UI_VNC_JPEG),enable,disable)-vnc-jpeg \ - --$(if $(CONFIG_QEMU_UI_VNC_PNG),enable,disable)-vnc-png \ --$(if $(CONFIG_QEMU_UI_VNC_SASL),enable,disable)-vnc-sasl \ --disable-vte \ --enable-curses \ @@ -405,7 +394,6 @@ CONFIGURE_ARGS += \ --disable-libpmem \ --disable-libssh \ --$(if $(CONFIG_QEMU_DEV_USB),enable,disable)-libusb \ - --disable-libxml2 \ --disable-linux-aio \ --disable-linux-io-uring \ --disable-lzfse \ @@ -436,12 +424,12 @@ CONFIGURE_ARGS += \ --disable-werror \ --disable-xen-pci-passthrough \ --disable-xkbcommon \ - --disable-xfsctl \ --disable-zstd \ --disable-selinux \ --disable-oss \ --disable-alsa \ --disable-pa \ + --disable-vduse-blk-export \ CONFIGURE_ARGS += --target-list='$(foreach target,$(qemu-target-list),$(if $(CONFIG_PACKAGE_qemu-$(target)),$(target)))' CONFIGURE_ARGS += $(if $(CONFIG_PACKAGE_qemu-ga),--enable-guest-agent) diff --git a/utils/qemu/patches/0001-configure-allow-disable-fortify_source.patch b/utils/qemu/patches/0001-configure-allow-disable-fortify_source.patch index 92d5fe79c..e4404a987 100644 --- a/utils/qemu/patches/0001-configure-allow-disable-fortify_source.patch +++ b/utils/qemu/patches/0001-configure-allow-disable-fortify_source.patch @@ -11,12 +11,12 @@ OpenWrt base build system decide flavor of fortify_source to use --- a/configure +++ b/configure -@@ -1194,6 +1194,8 @@ for opt do +@@ -896,6 +896,8 @@ for opt do ;; --enable-jemalloc) meson_option_parse --enable-malloc=jemalloc jemalloc ;; + --disable-fortify-source) fortify_source="no" + ;; # everything else has the same name in configure and meson - --enable-* | --disable-*) meson_option_parse "$opt" "$optarg" + --*) meson_option_parse "$opt" "$optarg" ;; diff --git a/utils/qemu/patches/0003-configure-enable-guest_agent-no-matter-whether-softm.patch b/utils/qemu/patches/0003-configure-enable-guest_agent-no-matter-whether-softm.patch deleted file mode 100644 index 6c8537941..000000000 --- a/utils/qemu/patches/0003-configure-enable-guest_agent-no-matter-whether-softm.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 3f07c9cb96b361f07ce637088f818bbe0edbcde3 Mon Sep 17 00:00:00 2001 -From: Yousong Zhou -Date: Fri, 7 Feb 2020 03:02:44 +0800 -Subject: [PATCH] configure: enable guest_agent no matter whether softmmu is - enabled - -guest_agent as a tool to be run on guest machines does not depend on -whether there is a softmmu is to be built at this configure/make run - -Fixes a512590 ("configure: qemu-ga is only needed with softmmu targets") ---- - configure | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/configure -+++ b/configure -@@ -3331,7 +3331,7 @@ fi - # Probe for guest agent support/options - - if [ "$guest_agent" != "no" ]; then -- if [ "$softmmu" = no -a "$want_tools" = no ] ; then -+ if [ "$guest_agent" = "" -a "$want_tools" = no ] ; then - guest_agent=no - elif [ "$linux" = "yes" -o "$bsd" = "yes" -o "$solaris" = "yes" -o "$mingw32" = "yes" ] ; then - guest_agent=yes diff --git a/utils/qemu/patches/0004-disas-fix-compilation-failure-when-isnan-is-a-macro.patch b/utils/qemu/patches/0004-disas-fix-compilation-failure-when-isnan-is-a-macro.patch deleted file mode 100644 index df79e2417..000000000 --- a/utils/qemu/patches/0004-disas-fix-compilation-failure-when-isnan-is-a-macro.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 26dd9766757895c04b33a89865e3886f18146332 Mon Sep 17 00:00:00 2001 -From: Yousong Zhou -Date: Sat, 24 Feb 2018 13:45:25 +0800 -Subject: [PATCH] disas: fix compilation failure when isnan is a macro - ---- - disas/libvixl/vixl/utils.h | 16 +++++++++++----- - 1 file changed, 11 insertions(+), 5 deletions(-) - ---- a/disas/libvixl/vixl/utils.h -+++ b/disas/libvixl/vixl/utils.h -@@ -118,11 +118,17 @@ double double_pack(uint64_t sign, uint64 - // An fpclassify() function for 16-bit half-precision floats. - int float16classify(float16 value); - -+#ifdef isnan -+#define isnan_ isnan -+#else -+#define isnan_ std::isnan -+#endif -+ - // NaN tests. - inline bool IsSignallingNaN(double num) { - const uint64_t kFP64QuietNaNMask = UINT64_C(0x0008000000000000); - uint64_t raw = double_to_rawbits(num); -- if (std::isnan(num) && ((raw & kFP64QuietNaNMask) == 0)) { -+ if (isnan_(num) && ((raw & kFP64QuietNaNMask) == 0)) { - return true; - } - return false; -@@ -132,7 +138,7 @@ inline bool IsSignallingNaN(double num) - inline bool IsSignallingNaN(float num) { - const uint32_t kFP32QuietNaNMask = 0x00400000; - uint32_t raw = float_to_rawbits(num); -- if (std::isnan(num) && ((raw & kFP32QuietNaNMask) == 0)) { -+ if (isnan_(num) && ((raw & kFP32QuietNaNMask) == 0)) { - return true; - } - return false; -@@ -148,21 +154,21 @@ inline bool IsSignallingNaN(float16 num) - - template - inline bool IsQuietNaN(T num) { -- return std::isnan(num) && !IsSignallingNaN(num); -+ return isnan_(num) && !IsSignallingNaN(num); - } - - - // Convert the NaN in 'num' to a quiet NaN. - inline double ToQuietNaN(double num) { - const uint64_t kFP64QuietNaNMask = UINT64_C(0x0008000000000000); -- VIXL_ASSERT(std::isnan(num)); -+ VIXL_ASSERT(isnan_(num)); - return rawbits_to_double(double_to_rawbits(num) | kFP64QuietNaNMask); - } - - - inline float ToQuietNaN(float num) { - const uint32_t kFP32QuietNaNMask = 0x00400000; -- VIXL_ASSERT(std::isnan(num)); -+ VIXL_ASSERT(isnan_(num)); - return rawbits_to_float(float_to_rawbits(num) | kFP32QuietNaNMask); - } - diff --git a/utils/qemu/patches/0005-pc-bios-fix-compilation-when-AS-is-actually-gcc-driv.patch b/utils/qemu/patches/0005-pc-bios-fix-compilation-when-AS-is-actually-gcc-driv.patch deleted file mode 100644 index 3774be35f..000000000 --- a/utils/qemu/patches/0005-pc-bios-fix-compilation-when-AS-is-actually-gcc-driv.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 905f3b7b6115f303f964b5aa1d3bc9bdae9d5bec Mon Sep 17 00:00:00 2001 -From: Yousong Zhou -Date: Sat, 24 Feb 2018 13:46:31 +0800 -Subject: [PATCH] pc-bios: fix compilation when $(AS) is actually gcc driver - ---- - pc-bios/optionrom/Makefile | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/pc-bios/optionrom/Makefile -+++ b/pc-bios/optionrom/Makefile -@@ -35,7 +35,7 @@ override CFLAGS += -m32 -include $(SRC_D - endif - - Wa = -Wa, --override ASFLAGS += -32 -+override ASFLAGS += $(Wa)-32 - override CFLAGS += $(call cc-option, $(Wa)-32) - - LD_I386_EMULATION ?= elf_i386 -@@ -44,7 +44,7 @@ override LDFLAGS = -m $(LD_I386_EMULATIO - pvh.img: pvh.o pvh_main.o - - %.o: %.S -- $(call quiet-command,$(CPP) $(CPPFLAGS) -c -o - $< | $(AS) $(ASFLAGS) -o $@,"AS","$@") -+ $(call quiet-command,$(CPP) $(CPPFLAGS) -c -o - $< | $(AS) $(ASFLAGS) -o $@ -x assembler -,"AS","$@") - - %.o: %.c - $(call quiet-command,$(CC) $(CPPFLAGS) $(CFLAGS) -c $< -o $@,"CC","$@") diff --git a/utils/qemu/patches/0007-qga-invoke-separate-applets-for-guest-shutdown-modes.patch b/utils/qemu/patches/0007-qga-invoke-separate-applets-for-guest-shutdown-modes.patch index d51abc2d5..2c7e39e12 100644 --- a/utils/qemu/patches/0007-qga-invoke-separate-applets-for-guest-shutdown-modes.patch +++ b/utils/qemu/patches/0007-qga-invoke-separate-applets-for-guest-shutdown-modes.patch @@ -13,7 +13,7 @@ https://gitlab.alpinelinux.org/alpine/aports/commit/76b81b486480fd9c3294cd420bcf --- a/qga/commands-posix.c +++ b/qga/commands-posix.c -@@ -84,6 +84,7 @@ static void ga_wait_child(pid_t pid, int +@@ -74,6 +74,7 @@ static void ga_wait_child(pid_t pid, int void qmp_guest_shutdown(bool has_mode, const char *mode, Error **errp) { const char *shutdown_flag; @@ -21,25 +21,25 @@ https://gitlab.alpinelinux.org/alpine/aports/commit/76b81b486480fd9c3294cd420bcf Error *local_err = NULL; pid_t pid; int status; -@@ -91,10 +92,13 @@ void qmp_guest_shutdown(bool has_mode, c +@@ -95,10 +96,13 @@ void qmp_guest_shutdown(bool has_mode, c slog("guest-shutdown called, mode: %s", mode); if (!has_mode || strcmp(mode, "powerdown") == 0) { - shutdown_flag = "-P"; + shutdown_flag = powerdown_flag; + fallback_cmd = "/sbin/poweroff"; } else if (strcmp(mode, "halt") == 0) { - shutdown_flag = "-H"; + shutdown_flag = halt_flag; + fallback_cmd = "/sbin/halt"; } else if (strcmp(mode, "reboot") == 0) { - shutdown_flag = "-r"; + shutdown_flag = reboot_flag; + fallback_cmd = "/sbin/reboot"; } else { error_setg(errp, "mode is invalid (valid values are: halt|powerdown|reboot"); -@@ -111,6 +115,7 @@ void qmp_guest_shutdown(bool has_mode, c - - execle("/sbin/shutdown", "shutdown", "-h", shutdown_flag, "+0", - "hypervisor initiated shutdown", (char *)NULL, environ); -+ execle(fallback_cmd, fallback_cmd, (char*)NULL, environ); +@@ -123,6 +127,7 @@ void qmp_guest_shutdown(bool has_mode, c + execl("/sbin/shutdown", "shutdown", "-h", shutdown_flag, "+0", + "hypervisor initiated shutdown", (char *)NULL); + #endif ++ execl(fallback_cmd, fallback_cmd, (char*)NULL); _exit(EXIT_FAILURE); } else if (pid < 0) { error_setg_errno(errp, errno, "failed to create child process"); diff --git a/utils/qemu/patches/0010-no-tests.patch b/utils/qemu/patches/0010-no-tests.patch index 40125b411..e8bfe84c6 100644 --- a/utils/qemu/patches/0010-no-tests.patch +++ b/utils/qemu/patches/0010-no-tests.patch @@ -1,8 +1,8 @@ --- a/meson.build +++ b/meson.build -@@ -2619,10 +2619,6 @@ specific_ss.add_all(when: 'CONFIG_BSD_US - linux_user_ss.add(files('thunk.c')) - specific_ss.add_all(when: 'CONFIG_LINUX_USER', if_true: linux_user_ss) +@@ -3142,10 +3142,6 @@ subdir('common-user') + subdir('bsd-user') + subdir('linux-user') -# needed for fuzzing binaries -subdir('tests/qtest/libqos') @@ -11,7 +11,7 @@ # accel modules tcg_real_module_ss = ss.source_set() tcg_real_module_ss.add_all(when: 'CONFIG_TCG_MODULAR', if_true: tcg_module_ss) -@@ -3107,10 +3103,6 @@ subdir('scripts') +@@ -3633,10 +3629,6 @@ subdir('scripts') subdir('tools') subdir('pc-bios') subdir('docs') From c6960a2bdcd44e51e8652843cf26f8436fac2682 Mon Sep 17 00:00:00 2001 From: Glen Huang Date: Tue, 28 Feb 2023 19:19:19 +0800 Subject: [PATCH 07/15] acme: merge cli into init script Signed-off-by: Glen Huang --- net/acme-common/Makefile | 10 +- net/acme-common/files/acme.init | 132 ++++++++++++++++++- net/acme-common/files/acme.sh | 160 ------------------------ net/acme-common/files/acme.uci-defaults | 4 +- net/acme-common/files/functions.sh | 2 +- 5 files changed, 137 insertions(+), 171 deletions(-) delete mode 100644 net/acme-common/files/acme.sh diff --git a/net/acme-common/Makefile b/net/acme-common/Makefile index c8c4a0bb3..49e5f76f7 100644 --- a/net/acme-common/Makefile +++ b/net/acme-common/Makefile @@ -38,8 +38,6 @@ define Package/acme-common/install $(INSTALL_DIR) $(1)/etc/ssl/acme $(INSTALL_DIR) $(1)/etc/config $(INSTALL_CONF) ./files/acme.config $(1)/etc/config/acme - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) ./files/acme.sh $(1)/usr/bin/acme $(INSTALL_DIR) $(1)/usr/lib/acme $(INSTALL_DATA) ./files/functions.sh $(1)/usr/lib/acme $(INSTALL_BIN) ./files/acme-notify.sh $(1)/usr/lib/acme/notify @@ -50,15 +48,15 @@ define Package/acme-common/install $(INSTALL_DIR) $(1)/etc/hotplug.d/acme endef -define Package/acme/postinst +define Package/acme-common/postinst #!/bin/sh -grep -q '/usr/bin/acme' /etc/crontabs/root 2>/dev/null && exit 0 -echo "0 0 * * * /usr/bin/acme get" >> /etc/crontabs/root +grep -q '/etc/init.d/acme' /etc/crontabs/root 2>/dev/null && exit 0 +echo "0 0 * * * /etc/init.d/acme start" >> /etc/crontabs/root endef define Package/acme-common/prerm #!/bin/sh -sed -i '\|/usr/bin/acme|d' /etc/crontabs/root +sed -i '\|/etc/init.d/acme|d' /etc/crontabs/root endef define Build/Configure diff --git a/net/acme-common/files/acme.init b/net/acme-common/files/acme.init index e654054f4..1bca639f4 100644 --- a/net/acme-common/files/acme.init +++ b/net/acme-common/files/acme.init @@ -1,9 +1,137 @@ #!/bin/sh /etc/rc.common -START=80 USE_PROCD=1 +run_dir=/var/run/acme +export CHALLENGE_DIR=$run_dir/challenge +export CERT_DIR=/etc/ssl/acme +NFT_HANDLE= +HOOK=/usr/lib/acme/hook +LOG_TAG=acme + +# shellcheck source=net/acme/files/functions.sh +. /usr/lib/acme/functions.sh + +cleanup() { + log debug "cleaning up" + if [ -e $run_dir/lock ]; then + rm $run_dir/lock + fi + if [ "$NFT_HANDLE" ]; then + # $NFT_HANDLE contains the string 'handle XX' so pass it unquoted to nft + nft delete rule inet fw4 input $NFT_HANDLE + fi +} + +load_options() { + section=$1 + + # compatibility for old option name + config_get_bool staging "$section" use_staging + if [ -z "$staging" ]; then + config_get_bool staging "$section" staging 0 + fi + export staging + config_get calias "$section" calias + export calias + config_get dalias "$section" dalias + export dalias + config_get domains "$section" domains + export domains + export main_domain + main_domain="$(first_arg $domains)" + config_get keylength "$section" keylength ec-256 + export keylength + config_get dns "$section" dns + export dns + config_get acme_server "$section" acme_server + export acme_server + config_get days "$section" days + export days + config_get standalone "$section" standalone 0 + export standalone + config_get dns_wait "$section" dns_wait + export dns_wait + + config_get webroot "$section" webroot + export webroot + if [ "$webroot" ]; then + log warn "Option \"webroot\" is deprecated, please remove it and change your web server's config so it serves ACME challenge requests from $CHALLENGE_DIR." + fi +} + +first_arg() { + echo "$1" +} + +get_cert() { + section=$1 + + config_get_bool enabled "$section" enabled 1 + [ "$enabled" = 1 ] || return + + load_options "$section" + if [ -z "$dns" ] && [ "$standalone" = 0 ]; then + mkdir -p "$CHALLENGE_DIR" + fi + + if [ "$standalone" = 1 ] && [ -z "$NFT_HANDLE" ]; then + if ! NFT_HANDLE=$(nft -a -e insert rule inet fw4 input tcp dport 80 counter accept comment ACME | grep -o 'handle [0-9]\+'); then + return 1 + fi + log debug "added nft rule: $NFT_HANDLE" + fi + + load_credentials() { + eval export "$1" + } + config_list_foreach "$section" credentials load_credentials + + "$HOOK" get +} + +load_globals() { + section=$1 + + config_get account_email "$section" account_email + if [ -z "$account_email" ]; then + log err "account_email option is required" + exit 1 + fi + export account_email + + config_get state_dir "$section" state_dir + if [ "$state_dir" ]; then + log warn "Option \"state_dir\" is deprecated, please remove it. Certificates now exist in $CERT_DIR." + mkdir -p "$state_dir" + else + state_dir=/etc/acme + fi + export state_dir + + config_get debug "$section" debug 0 + export debug + + # only look for the first acme section + return 1 +} + +start_service() { + mkdir -p $run_dir + exec 200>$run_dir/lock + if ! flock -n 200; then + log err "Another ACME instance is already running." + exit 1 + fi + + trap cleanup EXIT + + config_load acme + config_foreach load_globals acme + + config_foreach get_cert cert +} service_triggers() { procd_add_config_trigger config.change acme \ - /usr/bin/acme get + /etc/init.d/acme start } diff --git a/net/acme-common/files/acme.sh b/net/acme-common/files/acme.sh deleted file mode 100644 index defd66005..000000000 --- a/net/acme-common/files/acme.sh +++ /dev/null @@ -1,160 +0,0 @@ -#!/bin/sh -# Wrapper for acme.sh to work on openwrt. -# -# This program is free software; you can redistribute it and/or modify it under -# the terms of the GNU General Public License as published by the Free Software -# Foundation; either version 3 of the License, or (at your option) any later -# version. -# -# Authors: Toke Høiland-Jørgensen - -run_dir=/var/run/acme -export CHALLENGE_DIR=$run_dir/challenge -export CERT_DIR=/etc/ssl/acme -NFT_HANDLE= -HOOK=/usr/lib/acme/hook -LOG_TAG=acme - -# shellcheck source=/dev/null -. /lib/functions.sh -# shellcheck source=net/acme/files/functions.sh -. /usr/lib/acme/functions.sh - -cleanup() { - log debug "cleaning up" - if [ -e $run_dir/lock ]; then - rm $run_dir/lock - fi - if [ "$NFT_HANDLE" ]; then - # $NFT_HANDLE contains the string 'handle XX' so pass it unquoted to nft - nft delete rule inet fw4 input $NFT_HANDLE - fi -} - -load_options() { - section=$1 - - # compatibility for old option name - config_get_bool staging "$section" use_staging - if [ -z "$staging" ]; then - config_get_bool staging "$section" staging 0 - fi - export staging - config_get calias "$section" calias - export calias - config_get dalias "$section" dalias - export dalias - config_get domains "$section" domains - export domains - export main_domain - main_domain="$(first_arg $domains)" - config_get keylength "$section" keylength ec-256 - export keylength - config_get dns "$section" dns - export dns - config_get acme_server "$section" acme_server - export acme_server - config_get days "$section" days - export days - config_get standalone "$section" standalone 0 - export standalone - config_get dns_wait "$section" dns_wait - export dns_wait - - config_get webroot "$section" webroot - export webroot - if [ "$webroot" ]; then - log warn "Option \"webroot\" is deprecated, please remove it and change your web server's config so it serves ACME challenge requests from $CHALLENGE_DIR." - fi -} - -first_arg() { - echo "$1" -} - -get_cert() { - section=$1 - - config_get_bool enabled "$section" enabled 1 - [ "$enabled" = 1 ] || return - - load_options "$section" - if [ -z "$dns" ] && [ "$standalone" = 0 ]; then - mkdir -p "$CHALLENGE_DIR" - fi - - if [ "$standalone" = 1 ] && [ -z "$NFT_HANDLE" ]; then - if ! NFT_HANDLE=$(nft -a -e insert rule inet fw4 input tcp dport 80 counter accept comment ACME | grep -o 'handle [0-9]\+'); then - return 1 - fi - log debug "added nft rule: $NFT_HANDLE" - fi - - load_credentials() { - eval export "$1" - } - config_list_foreach "$section" credentials load_credentials - - "$HOOK" get -} - -load_globals() { - section=$1 - - config_get account_email "$section" account_email - if [ -z "$account_email" ]; then - log err "account_email option is required" - exit 1 - fi - export account_email - - config_get state_dir "$section" state_dir - if [ "$state_dir" ]; then - log warn "Option \"state_dir\" is deprecated, please remove it. Certificates now exist in $CERT_DIR." - mkdir -p "$state_dir" - else - state_dir=/etc/acme - fi - export state_dir - - config_get debug "$section" debug 0 - export debug - - # only look for the first acme section - return 1 -} - -usage() { - cat < [arguments] -Commands: - get issue or renew certificates -EOF - exit 1 -} - -if [ ! -x "$HOOK" ]; then - log err "An ACME client like acme-acmesh or acme-uacme is required, which is not installed." - exit 1 -fi - -case $1 in -get) - mkdir -p $run_dir - exec 200>$run_dir/lock - if ! flock -n 200; then - log err "Another ACME instance is already running." - exit 1 - fi - - trap cleanup EXIT - - config_load acme - config_foreach load_globals acme - - config_foreach get_cert cert - ;; -*) - usage - ;; -esac diff --git a/net/acme-common/files/acme.uci-defaults b/net/acme-common/files/acme.uci-defaults index 0b92c2e26..206f87e23 100644 --- a/net/acme-common/files/acme.uci-defaults +++ b/net/acme-common/files/acme.uci-defaults @@ -1,4 +1,4 @@ #!/bin/sh -grep -q '/usr/bin/acme' /etc/crontabs/root 2>/dev/null && exit 0 -echo "0 0 * * * /usr/bin/acme get" >> /etc/crontabs/root +grep -q '/etc/init.d/acme' /etc/crontabs/root 2>/dev/null && exit 0 +echo "0 0 * * * /etc/init.d/acme start" >>/etc/crontabs/root diff --git a/net/acme-common/files/functions.sh b/net/acme-common/files/functions.sh index 3325a7ea2..5828a6b1f 100644 --- a/net/acme-common/files/functions.sh +++ b/net/acme-common/files/functions.sh @@ -1,7 +1,7 @@ log() { prio="$1" shift - if [ "$prio" != debug ] || [ "$debug" = 0 ]; then + if [ "$prio" != debug ] || [ "$debug" = 1 ]; then logger -t "$LOG_TAG" -s -p "daemon.$prio" -- "$@" fi } From 5a0f41556fdf38abcd8cf7a60dc21c81fa5bc02b Mon Sep 17 00:00:00 2001 From: Philip Prindeville Date: Sun, 26 Feb 2023 17:38:36 -0700 Subject: [PATCH 08/15] isc-dhcp: make indent consistent in config Signed-off-by: Philip Prindeville --- net/isc-dhcp/Makefile | 2 +- net/isc-dhcp/files/dhcpd.init | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/net/isc-dhcp/Makefile b/net/isc-dhcp/Makefile index 2c6dd442b..e13c8c8a0 100644 --- a/net/isc-dhcp/Makefile +++ b/net/isc-dhcp/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=isc-dhcp UPSTREAM_NAME:=dhcp PKG_VERSION:=4.4.3 -PKG_RELEASE:=6 +PKG_RELEASE:=7 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE diff --git a/net/isc-dhcp/files/dhcpd.init b/net/isc-dhcp/files/dhcpd.init index 069cb8b6b..76fa34ae6 100755 --- a/net/isc-dhcp/files/dhcpd.init +++ b/net/isc-dhcp/files/dhcpd.init @@ -512,8 +512,8 @@ update-optimization off; include "$session_key_file"; zone $domain. { - primary 127.0.0.1; - key $session_key_name; + primary 127.0.0.1; + key $session_key_name; } EOF @@ -522,8 +522,8 @@ EOF mynet="$(rev_str "$mynet" ".")" cat < Date: Sun, 26 Feb 2023 17:49:13 -0700 Subject: [PATCH 09/15] isc-dhcp: allow suppression of default gateway Signed-off-by: Philip Prindeville --- net/isc-dhcp/files/dhcpd.init | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/net/isc-dhcp/files/dhcpd.init b/net/isc-dhcp/files/dhcpd.init index 76fa34ae6..7eb3dc3af 100755 --- a/net/isc-dhcp/files/dhcpd.init +++ b/net/isc-dhcp/files/dhcpd.init @@ -364,7 +364,9 @@ gen_dhcp_subnet() { echo " default-lease-time $leasetime;" echo " max-lease-time $leasetime;" fi - echo " option routers $gateway;" + if [ "$defaultroute" -eq 1 ] ; then + echo " option routers $gateway;" + fi echo " option domain-name-servers $DNS;" config_list_foreach "$cfg" "routes" append_routes config_list_foreach "$cfg" "dhcp_option" append_dhcp_options @@ -374,7 +376,7 @@ gen_dhcp_subnet() { dhcpd_add() { local cfg="$1" synthesize="$2" local dhcp6range="::" - local dynamicdhcp end gateway ifname ignore leasetime limit net netmask + local dynamicdhcp defaultroute end gateway ifname ignore leasetime limit net netmask local proto networkid start subnet local IP NETMASK BROADCAST NETWORK PREFIX DNS START END @@ -404,6 +406,8 @@ dhcpd_add() { config_get_bool dynamicdhcp "$cfg" "dynamicdhcp" 1 + config_get_bool defaultroute "$cfg" "default_route" 1 + dhcp_ifs="$dhcp_ifs $ifname" eval "$(ipcalc.sh $subnet $start $limit)" From 8e10f5f9a1e1b0c4b3362b09c8240b6faa989c7c Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Fri, 3 Mar 2023 11:58:33 +0800 Subject: [PATCH 10/15] cloudflared: Update to 2023.3.0 Signed-off-by: Tianling Shen --- net/cloudflared/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/cloudflared/Makefile b/net/cloudflared/Makefile index b0e3caeef..3f573ff23 100644 --- a/net/cloudflared/Makefile +++ b/net/cloudflared/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=cloudflared -PKG_VERSION:=2023.2.2 +PKG_VERSION:=2023.3.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/cloudflare/cloudflared/tar.gz/$(PKG_VERSION)? -PKG_HASH:=b0abaff125d29c517894f6ea74dcc7044c92500670463595ba9ff4950a1d2fc2 +PKG_HASH:=90fad1f6eb59689e06d09837c5ec9a3e7e3d177fea15190027f60c5b9e7950be PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE From 1343bb585607295d2e466dfed0dd596a14570c54 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Fri, 3 Mar 2023 11:58:41 +0800 Subject: [PATCH 11/15] yq: Update to 4.31.2 Signed-off-by: Tianling Shen --- utils/yq/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/yq/Makefile b/utils/yq/Makefile index 51eb69e93..78f71a056 100644 --- a/utils/yq/Makefile +++ b/utils/yq/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=yq -PKG_VERSION:=4.31.1 +PKG_VERSION:=4.31.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/mikefarah/yq/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=6481cd93fe9a773ea20f738a3340c88e691f3d073bc6d2fceee3f5b3867399fc +PKG_HASH:=82d5ef2ab01bc5065e7efe671d92fb82e53f41dc67b04cab6c3b22fd144bd009 PKG_MAINTAINER:=Tianling Shen PKG_LICENSE:=MIT From 40669c4135d829254ba66b0f1a6827f94d229c96 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Fri, 3 Mar 2023 11:52:58 +0800 Subject: [PATCH 12/15] v2raya: drop wrong patches These patches should not be backported to OpenWrt, otherwise tproxy won't work for devices connected to br-lan (bypassed by the fw rules). We have introduced a new compile-time flag for new version (which is not released yet), but it's unnecessray to backport redudant patches as here is still at the old version. Signed-off-by: Tianling Shen --- net/v2raya/Makefile | 2 +- .../010-fixed-for-Docker-Compose.patch | 46 ------------------- net/v2raya/patches/011-cleaned-up.patch | 37 --------------- net/v2raya/patches/012-improved.patch | 38 --------------- ...-interface-ppp-to-avoid-to-break-net.patch | 12 ++--- 5 files changed, 7 insertions(+), 128 deletions(-) delete mode 100644 net/v2raya/patches/010-fixed-for-Docker-Compose.patch delete mode 100644 net/v2raya/patches/011-cleaned-up.patch delete mode 100644 net/v2raya/patches/012-improved.patch diff --git a/net/v2raya/Makefile b/net/v2raya/Makefile index 17ab5e01c..18b81d15c 100644 --- a/net/v2raya/Makefile +++ b/net/v2raya/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=v2rayA PKG_VERSION:=1.5.9.1698.1 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/v2rayA/v2rayA/tar.gz/v$(PKG_VERSION)? diff --git a/net/v2raya/patches/010-fixed-for-Docker-Compose.patch b/net/v2raya/patches/010-fixed-for-Docker-Compose.patch deleted file mode 100644 index 8461660f7..000000000 --- a/net/v2raya/patches/010-fixed-for-Docker-Compose.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 78336e55a31db578c139a5bb472aa0fc219c169d Mon Sep 17 00:00:00 2001 -From: Xiaoxu Guo -Date: Thu, 4 Aug 2022 16:24:04 +0800 -Subject: [PATCH] fixed for Docker Compose - ---- - service/core/iptables/tproxy.go | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - ---- a/core/iptables/tproxy.go -+++ b/core/iptables/tproxy.go -@@ -65,6 +65,7 @@ iptables -w 2 -t mangle -A TP_PRE -p udp - - iptables -w 2 -t mangle -A TP_RULE -j CONNMARK --restore-mark - iptables -w 2 -t mangle -A TP_RULE -m mark --mark 0x40/0xc0 -j RETURN -+iptables -w 2 -t mangle -A TP_RULE -i br+ -j RETURN - iptables -w 2 -t mangle -A TP_RULE -i docker+ -j RETURN - iptables -w 2 -t mangle -A TP_RULE -i veth+ -j RETURN - ` -@@ -123,6 +124,8 @@ ip6tables -w 2 -t mangle -A TP_PRE -p ud - - ip6tables -w 2 -t mangle -A TP_RULE -j CONNMARK --restore-mark - ip6tables -w 2 -t mangle -A TP_RULE -m mark --mark 0x40/0xc0 -j RETURN -+ip6tables -w 2 -t mangle -A TP_RULE -m mark --mark 0x40/0xc0 -j RETURN -+ip6tables -w 2 -t mangle -A TP_RULE -i br+ -j RETURN - ip6tables -w 2 -t mangle -A TP_RULE -i docker+ -j RETURN - ip6tables -w 2 -t mangle -A TP_RULE -i veth+ -j RETURN - ` -@@ -156,7 +159,7 @@ ip6tables -w 2 -t mangle -A TP_MARK -j C - - func (t *tproxy) GetCleanCommands() Setter { - commands := ` --ip rule del fwmark 0x40/0xc0 table 100 -+ip rule del fwmark 0x40/0xc0 table 100 - ip route del local 0.0.0.0/0 dev lo table 100 - - iptables -w 2 -t mangle -F TP_OUT -@@ -172,7 +175,7 @@ iptables -w 2 -t mangle -X TP_MARK - ` - if IsIPv6Supported() { - commands += ` --ip -6 rule del fwmark 0x40/0xc0 table 100 -+ip -6 rule del fwmark 0x40/0xc0 table 100 - ip -6 route del local ::/0 dev lo table 100 - - ip6tables -w 2 -t mangle -F TP_OUT diff --git a/net/v2raya/patches/011-cleaned-up.patch b/net/v2raya/patches/011-cleaned-up.patch deleted file mode 100644 index 74dc502ec..000000000 --- a/net/v2raya/patches/011-cleaned-up.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 0db405f50fd652d494f2066fc5e47c41666c96db Mon Sep 17 00:00:00 2001 -From: Xiaoxu Guo -Date: Thu, 4 Aug 2022 16:32:42 +0800 -Subject: [PATCH] cleaned up - ---- - service/core/iptables/tproxy.go | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - ---- a/core/iptables/tproxy.go -+++ b/core/iptables/tproxy.go -@@ -124,7 +124,6 @@ ip6tables -w 2 -t mangle -A TP_PRE -p ud - - ip6tables -w 2 -t mangle -A TP_RULE -j CONNMARK --restore-mark - ip6tables -w 2 -t mangle -A TP_RULE -m mark --mark 0x40/0xc0 -j RETURN --ip6tables -w 2 -t mangle -A TP_RULE -m mark --mark 0x40/0xc0 -j RETURN - ip6tables -w 2 -t mangle -A TP_RULE -i br+ -j RETURN - ip6tables -w 2 -t mangle -A TP_RULE -i docker+ -j RETURN - ip6tables -w 2 -t mangle -A TP_RULE -i veth+ -j RETURN -@@ -159,7 +158,7 @@ ip6tables -w 2 -t mangle -A TP_MARK -j C - - func (t *tproxy) GetCleanCommands() Setter { - commands := ` --ip rule del fwmark 0x40/0xc0 table 100 -+ip rule del fwmark 0x40/0xc0 table 100 - ip route del local 0.0.0.0/0 dev lo table 100 - - iptables -w 2 -t mangle -F TP_OUT -@@ -175,7 +174,7 @@ iptables -w 2 -t mangle -X TP_MARK - ` - if IsIPv6Supported() { - commands += ` --ip -6 rule del fwmark 0x40/0xc0 table 100 -+ip -6 rule del fwmark 0x40/0xc0 table 100 - ip -6 route del local ::/0 dev lo table 100 - - ip6tables -w 2 -t mangle -F TP_OUT diff --git a/net/v2raya/patches/012-improved.patch b/net/v2raya/patches/012-improved.patch deleted file mode 100644 index 1c755d015..000000000 --- a/net/v2raya/patches/012-improved.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 4a87a6fc9a17939cc0fc54058b2128b1f688045a Mon Sep 17 00:00:00 2001 -From: Xiaoxu Guo -Date: Thu, 4 Aug 2022 22:56:46 +0800 -Subject: [PATCH] improved - ---- - service/core/iptables/tproxy.go | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - ---- a/core/iptables/tproxy.go -+++ b/core/iptables/tproxy.go -@@ -16,7 +16,7 @@ var Tproxy tproxy - func (t *tproxy) AddIPWhitelist(cidr string) { - // avoid duplication - t.RemoveIPWhitelist(cidr) -- pos := 5 -+ pos := 6 - if configure.GetSettingNotNil().AntiPollution != configure.AntipollutionClosed { - pos += 3 - } -@@ -65,7 +65,7 @@ iptables -w 2 -t mangle -A TP_PRE -p udp - - iptables -w 2 -t mangle -A TP_RULE -j CONNMARK --restore-mark - iptables -w 2 -t mangle -A TP_RULE -m mark --mark 0x40/0xc0 -j RETURN --iptables -w 2 -t mangle -A TP_RULE -i br+ -j RETURN -+iptables -w 2 -t mangle -A TP_RULE -i br-+ -j RETURN - iptables -w 2 -t mangle -A TP_RULE -i docker+ -j RETURN - iptables -w 2 -t mangle -A TP_RULE -i veth+ -j RETURN - ` -@@ -124,7 +124,7 @@ ip6tables -w 2 -t mangle -A TP_PRE -p ud - - ip6tables -w 2 -t mangle -A TP_RULE -j CONNMARK --restore-mark - ip6tables -w 2 -t mangle -A TP_RULE -m mark --mark 0x40/0xc0 -j RETURN --ip6tables -w 2 -t mangle -A TP_RULE -i br+ -j RETURN -+ip6tables -w 2 -t mangle -A TP_RULE -i br-+ -j RETURN - ip6tables -w 2 -t mangle -A TP_RULE -i docker+ -j RETURN - ip6tables -w 2 -t mangle -A TP_RULE -i veth+ -j RETURN - ` diff --git a/net/v2raya/patches/013-fix-we-should-skip-interface-ppp-to-avoid-to-break-net.patch b/net/v2raya/patches/013-fix-we-should-skip-interface-ppp-to-avoid-to-break-net.patch index 0ff5f6a54..5de1a86aa 100644 --- a/net/v2raya/patches/013-fix-we-should-skip-interface-ppp-to-avoid-to-break-net.patch +++ b/net/v2raya/patches/013-fix-we-should-skip-interface-ppp-to-avoid-to-break-net.patch @@ -13,13 +13,13 @@ Subject: [PATCH] fix: we should skip interface ppp+ to avoid to break net func (t *tproxy) AddIPWhitelist(cidr string) { // avoid duplication t.RemoveIPWhitelist(cidr) -- pos := 6 -+ pos := 8 +- pos := 5 ++ pos := 7 if configure.GetSettingNotNil().AntiPollution != configure.AntipollutionClosed { pos += 3 } -@@ -68,6 +68,8 @@ iptables -w 2 -t mangle -A TP_RULE -m ma - iptables -w 2 -t mangle -A TP_RULE -i br-+ -j RETURN +@@ -67,6 +67,8 @@ iptables -w 2 -t mangle -A TP_RULE -j CO + iptables -w 2 -t mangle -A TP_RULE -m mark --mark 0x40/0xc0 -j RETURN iptables -w 2 -t mangle -A TP_RULE -i docker+ -j RETURN iptables -w 2 -t mangle -A TP_RULE -i veth+ -j RETURN +iptables -w 2 -t mangle -A TP_RULE -i ppp+ -j RETURN @@ -27,8 +27,8 @@ Subject: [PATCH] fix: we should skip interface ppp+ to avoid to break net ` if configure.GetSettingNotNil().AntiPollution != configure.AntipollutionClosed { commands += ` -@@ -127,6 +129,8 @@ ip6tables -w 2 -t mangle -A TP_RULE -m m - ip6tables -w 2 -t mangle -A TP_RULE -i br-+ -j RETURN +@@ -125,6 +127,8 @@ ip6tables -w 2 -t mangle -A TP_RULE -j C + ip6tables -w 2 -t mangle -A TP_RULE -m mark --mark 0x40/0xc0 -j RETURN ip6tables -w 2 -t mangle -A TP_RULE -i docker+ -j RETURN ip6tables -w 2 -t mangle -A TP_RULE -i veth+ -j RETURN +ip6tables -w 2 -t mangle -A TP_RULE -i ppp+ -j RETURN From e1f03d7ee4493e4541eb3a985faa8bae31c541f2 Mon Sep 17 00:00:00 2001 From: Glen Huang Date: Fri, 3 Mar 2023 11:08:32 +0800 Subject: [PATCH 13/15] acme: fix incompatibilty with image builder Signed-off-by: Glen Huang --- net/acme-common/Makefile | 10 +++++++--- net/acme-common/files/acme.init | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/net/acme-common/Makefile b/net/acme-common/Makefile index 49e5f76f7..841146826 100644 --- a/net/acme-common/Makefile +++ b/net/acme-common/Makefile @@ -50,13 +50,17 @@ endef define Package/acme-common/postinst #!/bin/sh -grep -q '/etc/init.d/acme' /etc/crontabs/root 2>/dev/null && exit 0 -echo "0 0 * * * /etc/init.d/acme start" >> /etc/crontabs/root +if [ -z "$$IPKG_INSTROOT" ]; then + grep -q '/etc/init.d/acme' /etc/crontabs/root 2>/dev/null && exit 0 + echo "0 0 * * * /etc/init.d/acme start" >> /etc/crontabs/root +fi endef define Package/acme-common/prerm #!/bin/sh -sed -i '\|/etc/init.d/acme|d' /etc/crontabs/root +if [ -z "$$IPKG_INSTROOT" ]; then + sed -i '\|/etc/init.d/acme|d' /etc/crontabs/root +fi endef define Build/Configure diff --git a/net/acme-common/files/acme.init b/net/acme-common/files/acme.init index 1bca639f4..a97856496 100644 --- a/net/acme-common/files/acme.init +++ b/net/acme-common/files/acme.init @@ -9,7 +9,7 @@ HOOK=/usr/lib/acme/hook LOG_TAG=acme # shellcheck source=net/acme/files/functions.sh -. /usr/lib/acme/functions.sh +. "$IPKG_INSTROOT/usr/lib/acme/functions.sh" cleanup() { log debug "cleaning up" From 7f2306a8e0491159960763954402ec3dfbdb68bb Mon Sep 17 00:00:00 2001 From: Oskari Rauta Date: Wed, 22 Feb 2023 17:19:19 +0000 Subject: [PATCH 14/15] open-vm-tools: update to 12.1.5 added also --disable-glibc-check to configure args to allow building on hosts that use musl. Signed-off-by: Oskari Rauta --- utils/open-vm-tools/Makefile | 13 ++-- .../open-vm-tools/patches/0002-off64_t.patch | 2 +- .../patches/0015-i386-time.patch | 73 ------------------- .../open-vm-tools/patches/010-warnings.patch | 4 +- 4 files changed, 10 insertions(+), 82 deletions(-) delete mode 100644 utils/open-vm-tools/patches/0015-i386-time.patch diff --git a/utils/open-vm-tools/Makefile b/utils/open-vm-tools/Makefile index 0f4ccc5db..172639304 100644 --- a/utils/open-vm-tools/Makefile +++ b/utils/open-vm-tools/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=open-vm-tools -PKG_VERSION:=12.0.0 -PKG_RELEASE:=$(AUTORELEASE) +PKG_VERSION:=12.1.5 +PKG_RELEASE:=1 -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-19345655.tar.gz +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-20735119.tar.gz PKG_SOURCE_URL:=https://github.com/vmware/open-vm-tools/releases/download/stable-$(PKG_VERSION) -PKG_HASH:=ea370217a213802f91b01231e28298bbe54134822351fb5cc70255d80ba0e775 -PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)-19345655 +PKG_HASH:=72cb68c71c59fd429bcb357926f41f07e21c737a341534b707fc1df010ed4868 +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)-20735119 PKG_LICENSE:=LGPL-2.1-or-later PKG_LICENSE_FILES:=LICENSE @@ -80,7 +80,8 @@ CONFIGURE_ARGS+= \ --without-gtk2 \ --without-gtk3 \ --without-xerces \ - --enable-resolutionkms=no + --enable-resolutionkms=no \ + --disable-glibc-check TARGET_LDFLAGS+=$(if $(ICONV_FULL),-liconv) diff --git a/utils/open-vm-tools/patches/0002-off64_t.patch b/utils/open-vm-tools/patches/0002-off64_t.patch index d4b34ce90..aaf330d5f 100644 --- a/utils/open-vm-tools/patches/0002-off64_t.patch +++ b/utils/open-vm-tools/patches/0002-off64_t.patch @@ -15,7 +15,7 @@ Signed-off-by: Natanael Copa --- a/lib/file/fileIOPosix.c +++ b/lib/file/fileIOPosix.c -@@ -198,7 +198,7 @@ static AlignedPool alignedPool; +@@ -203,7 +203,7 @@ static AlignedPool alignedPool; * are not available in any header file. */ diff --git a/utils/open-vm-tools/patches/0015-i386-time.patch b/utils/open-vm-tools/patches/0015-i386-time.patch deleted file mode 100644 index 30cb63e23..000000000 --- a/utils/open-vm-tools/patches/0015-i386-time.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 3f0580f2546de8be7acf1bc78a55a257bc638ebe Mon Sep 17 00:00:00 2001 -From: Bartosz Brachaczek -Date: Tue, 12 Nov 2019 14:31:08 +0100 -Subject: [PATCH] Make HgfsConvertFromNtTimeNsec aware of 64-bit time_t on i386 - -I verified that this function behaves as expected on x86_64, i386 with -32-bit time_t, and i386 with 64-bit time_t for the following values of -ntTtime: - -UNIX_EPOCH-1, UNIX_EPOCH, UNIX_EPOCH+1, UNIX_S32_MAX-1, UNIX_S32_MAX, -UNIX_S32_MAX+1, UNIX_S32_MAX*2+1 - -I did not verify whether the use of Div643264 is optimal, performance -wise. ---- - lib/hgfs/hgfsUtil.c | 34 +++++++++++++++++-------------- - 1 file changed, 19 insertions(+), 15 deletions(-) - ---- a/lib/hgfs/hgfsUtil.c -+++ b/lib/hgfs/hgfsUtil.c -@@ -110,23 +110,21 @@ HgfsConvertFromNtTimeNsec(struct timespe - uint64 ntTime) // IN: Time in Windows NT format - { - #ifdef __i386__ -- uint32 sec; -- uint32 nsec; -+ uint64 sec64; -+ uint32 sec32, nsec; -+#endif - - ASSERT(unixTime); -- /* We assume that time_t is 32bit */ -- ASSERT_ON_COMPILE(sizeof (unixTime->tv_sec) == 4); - -- /* Cap NT time values that are outside of Unix time's range */ -+ if (sizeof (unixTime->tv_sec) == 4) { -+ /* Cap NT time values that are outside of Unix time's range */ - -- if (ntTime >= UNIX_S32_MAX) { -- unixTime->tv_sec = 0x7FFFFFFF; -- unixTime->tv_nsec = 0; -- return 1; -+ if (ntTime >= UNIX_S32_MAX) { -+ unixTime->tv_sec = 0x7FFFFFFF; -+ unixTime->tv_nsec = 0; -+ return 1; -+ } - } --#else -- ASSERT(unixTime); --#endif - - if (ntTime < UNIX_EPOCH) { - unixTime->tv_sec = 0; -@@ -135,9 +133,15 @@ HgfsConvertFromNtTimeNsec(struct timespe - } - - #ifdef __i386__ -- Div643232(ntTime - UNIX_EPOCH, 10000000, &sec, &nsec); -- unixTime->tv_sec = sec; -- unixTime->tv_nsec = nsec * 100; -+ if (sizeof (unixTime->tv_sec) == 4) { -+ Div643232(ntTime - UNIX_EPOCH, 10000000, &sec32, &nsec); -+ unixTime->tv_sec = sec32; -+ unixTime->tv_nsec = nsec * 100; -+ } else { -+ Div643264(ntTime - UNIX_EPOCH, 10000000, &sec64, &nsec); -+ unixTime->tv_sec = sec64; -+ unixTime->tv_nsec = nsec * 100; -+ } - #else - unixTime->tv_sec = (ntTime - UNIX_EPOCH) / 10000000; - unixTime->tv_nsec = ((ntTime - UNIX_EPOCH) % 10000000) * 100; diff --git a/utils/open-vm-tools/patches/010-warnings.patch b/utils/open-vm-tools/patches/010-warnings.patch index 3b4596410..6681586a9 100644 --- a/utils/open-vm-tools/patches/010-warnings.patch +++ b/utils/open-vm-tools/patches/010-warnings.patch @@ -10,7 +10,7 @@ --- a/lib/file/fileIOPosix.c +++ b/lib/file/fileIOPosix.c -@@ -1741,7 +1741,7 @@ FileIOPreadvInternal( +@@ -1746,7 +1746,7 @@ FileIOPreadvInternal( * the library horizon this can go away. */ /* coverity[func_conv] */ @@ -19,7 +19,7 @@ fret = FileIOPreadvCoalesced(fd, entries, numEntries, offset, totalSize, &bytesRead); break; -@@ -1882,7 +1882,7 @@ FileIOPwritevInternal( +@@ -1887,7 +1887,7 @@ FileIOPwritevInternal( * the library horizon this can go away. */ /* coverity[func_conv] */ From a4d8d2459aa4fc0de453b23c34355311366f8d3b Mon Sep 17 00:00:00 2001 From: Oskari Rauta Date: Thu, 2 Feb 2023 13:06:08 +0000 Subject: [PATCH 15/15] netbird: new package MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Netbird is similar vpn service as tailscale and zerotier. Description: NetBird is an open-source VPN management platform built on top of WireGuard® making it easy to create secure private networks for your organization or home. It requires zero configuration effort leaving behind the hassle of opening ports, complex firewall rules, VPN gateways, and so forth. Signed-off-by: Oskari Rauta --- net/netbird/Makefile | 51 ++++++++++++++++++++++++++++++++++ net/netbird/files/netbird.init | 14 ++++++++++ 2 files changed, 65 insertions(+) create mode 100644 net/netbird/Makefile create mode 100755 net/netbird/files/netbird.init diff --git a/net/netbird/Makefile b/net/netbird/Makefile new file mode 100644 index 000000000..561557203 --- /dev/null +++ b/net/netbird/Makefile @@ -0,0 +1,51 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=netbird +PKG_VERSION:=0.12.0 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://codeload.github.com/netbirdio/netbird/tar.gz/v$(PKG_VERSION)? +PKG_HASH:=c88b65bb9358e5a6f9c34882e77a3414b02d4c5ac13b76fb2e60b952af6a18d7 + +PKG_MAINTAINER:=Oskari Rauta +PKG_LICENSE:=BSD-3-Clause +PKG_LICENSE_FILES:=LICENSE + +PKG_BUILD_DEPENDS:=golang/host +PKG_BUILD_PARALLEL:=1 +PKG_USE_MIPS16:=0 + +GO_PKG:=github.com/netbirdio/netbird +GO_PKG_BUILD_PKG:=$(GO_PKG)/client +GO_PKG_LDFLAGS_X:=$(GO_PKG)/client/system.version=$(PKG_VERSION) + +include $(INCLUDE_DIR)/package.mk +include ../../lang/golang/golang-package.mk + +define Package/netbird + SECTION:=net + CATEGORY:=Network + SUBMENU:=VPN + TITLE:=Connect your devices into a single secure private WireGuard®-based mesh network + URL:=https://netbird.io + DEPENDS:=$(GO_ARCH_DEPENDS) +endef + +define Package/netbird/description + NetBird is an open-source VPN management platform built on top of WireGuard® making it easy to create + secure private networks for your organization or home. + + It requires zero configuration effort leaving behind the hassle of opening ports, complex firewall rules, VPN + gateways, and so forth. +endef + +define Package/netbird/install + $(call GoPackage/Package/Install/Bin,$(PKG_INSTALL_DIR)) + $(INSTALL_DIR) $(1)/usr/bin $(1)/etc/init.d + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/client $(1)/usr/bin/netbird + $(INSTALL_BIN) ./files/netbird.init $(1)/etc/init.d/netbird +endef + +$(eval $(call GoBinPackage,netbird)) +$(eval $(call BuildPackage,netbird)) diff --git a/net/netbird/files/netbird.init b/net/netbird/files/netbird.init new file mode 100755 index 000000000..b7ccd2d4b --- /dev/null +++ b/net/netbird/files/netbird.init @@ -0,0 +1,14 @@ +#!/bin/sh /etc/rc.common + +START=99 +STOP=10 + +USE_PROCD=1 + +start_service() { + procd_open_instance + procd_set_param command /usr/bin/netbird + procd_append_param command service run + procd_set_param pidfile /var/run/netbird.pid + procd_close_instance +}