mirror
/
openwrt-packages
mirror of https://git.openwrt.org/feed/packages.git
1
0
Fork 0
Code Releases Activity

Merge branch 'openwrt:master' into master

This commit is contained in:
Michael Payne 2024-04-30 06:37:07 -05:00 committed by GitHub
parent cc1e3306e8 3fefdbf34b
commit 81550265cb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
47 changed files with 2760 additions and 2998 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
.circleci/Dockerfile
View File

@ -1,93 +0,0 @@
FROM debian:10
# Configuration version history
# v1.0 - Initial version by Etienne Champetier
# v1.0.1 - Run as non-root, add unzip, xz-utils
# v1.0.2 - Add bzr
# v1.0.3 - Verify usign signatures
# v1.0.4 - Add support for Python3
# v1.0.5 - Add 19.07 public keys, verify keys
# v1.0.6 - Add 21.02 public keys, update Debian image to version 10, add rsync
# v1.0.7 - Add 22.03 public keys, 18.06 v2 gpg key, 18.06 usign key
RUN apt update && apt install -y \
build-essential \
bzr \
curl \
jq \
gawk \
gettext \
git \
libncurses5-dev \
libssl-dev \
python \
python3 \
signify-openbsd \
subversion \
rsync \
time \
unzip \
wget \
xz-utils \
zlib1g-dev \
&& rm -rf /var/lib/apt/lists/*
RUN useradd -c "OpenWrt Builder" -m -d /home/build -s /bin/bash build
USER build
ENV HOME /home/build
# OpenWrt Build System (PGP key for unattended snapshot builds)
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/626471F1.asc' | gpg --import \
&& gpg --fingerprint --with-colons '<pgpsign-snapshots@openwrt.org>' | grep '^fpr:::::::::54CC74307A2C6DC9CE618269CD84BCED626471F1:$' \
&& echo '54CC74307A2C6DC9CE618269CD84BCED626471F1:6:' | gpg --import-ownertrust
# OpenWrt Build System (PGP key for 17.01 "Reboot" release builds)
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/D52BBB6B.asc' | gpg --import \
&& gpg --fingerprint --with-colons '<pgpsign-17.01@openwrt.org>' | grep '^fpr:::::::::B09BE781AE8A0CD4702FDCD3833C6010D52BBB6B:$' \
&& echo 'B09BE781AE8A0CD4702FDCD3833C6010D52BBB6B:6:' | gpg --import-ownertrust
# OpenWrt Release Builder (18.06 Signing Key)
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/17E1CE16.asc' | gpg --import \
&& gpg --fingerprint --with-colons '<openwrt-devel@lists.openwrt.org>' | grep '^fpr:::::::::6768C55E79B032D77A28DA5F0F20257417E1CE16:$' \
&& echo '6768C55E79B032D77A28DA5F0F20257417E1CE16:6:' | gpg --import-ownertrust
# OpenWrt Build System (PGP key for 18.06 release builds)
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/15807931.asc' | gpg --import \
&& gpg --fingerprint --with-colons '<pgpsign-18.06@openwrt.org>' | grep '^fpr:::::::::AD0507363D2BCE9C9E36CEC4FBCB78F015807931:$' \
&& echo 'AD0507363D2BCE9C9E36CEC4FBCB78F015807931:6:' | gpg --import-ownertrust
# OpenWrt Build System (PGP key for 19.07 release builds)
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/2074BE7A.asc' | gpg --import \
&& gpg --fingerprint --with-colons '<pgpsign-19.07@openwrt.org>' | grep '^fpr:::::::::D9C6901F45C9B86858687DFF28A39BC32074BE7A:$' \
&& echo 'D9C6901F45C9B86858687DFF28A39BC32074BE7A:6:' | gpg --import-ownertrust
# OpenWrt Build System (PGP key for 21.02 release builds)
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/88CA59E8.asc' | gpg --import \
&& gpg --fingerprint --with-colons '<pgpsign-21.02@openwrt.org>' | grep '^fpr:::::::::667205E379BAF348863A5C6688CA59E88F681580:$' \
&& echo '667205E379BAF348863A5C6688CA59E88F681580:6:' | gpg --import-ownertrust
# OpenWrt Build System (GnuPGP key for 22.03 release builds)
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/CD54E82DADB3684D.asc' | gpg --import \
&& gpg --fingerprint --with-colons '<pgpsign-22.03@openwrt.org>' | grep '^fpr:::::::::BF856781A01293C8409ABE72CD54E82DADB3684D:$' \
&& echo 'BF856781A01293C8409ABE72CD54E82DADB3684D:6:' | gpg --import-ownertrust
# untrusted comment: Public usign key for unattended snapshot builds
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/b5043e70f9a75cde' --create-dirs -o /home/build/usign/b5043e70f9a75cde \
&& echo 'd7ac10f9ed1b38033855f3d27c9327d558444fca804c685b17d9dcfb0648228f */home/build/usign/b5043e70f9a75cde' | sha256sum --check
# untrusted comment: Public usign key for 18.06 release builds
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/1035ac73cc4e59e3' --create-dirs -o /home/build/usign/1035ac73cc4e59e3 \
&& echo '8dc2e7f5c4e634437e6641f4df77a18bf59f0c8e9016c8ba4be5d4a0111e68c2 */home/build/usign/1035ac73cc4e59e3' | sha256sum --check
# untrusted comment: Public usign key for 19.07 release builds
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/f94b9dd6febac963' --create-dirs -o /home/build/usign/f94b9dd6febac963 \
&& echo 'b1d09457cfbc36fccfe18382d65c54a2ade3e7fd3902da490a53aa517b512755 */home/build/usign/f94b9dd6febac963' | sha256sum --check
# untrusted comment: Public usign key for 21.02 release builds
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/2f8b0b98e08306bf' --create-dirs -o /home/build/usign/2f8b0b98e08306bf \
&& echo 'd102bdd75421c62490b97f520f9db06aadb44ad408b244755d26e96ea5cd3b7f */home/build/usign/2f8b0b98e08306bf' | sha256sum --check
# untrusted comment: Public usign key for 22.03 release builds
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/4d017e6f1ed5d616' --create-dirs -o /home/build/usign/4d017e6f1ed5d616 \
&& echo 'f3c5fdf447d7c2743442e68077d60acc7c3e91754849e1f4b6be837b4204b7e2 */home/build/usign/4d017e6f1ed5d616' | sha256sum --check

6
.circleci/README
View File

@ -1,6 +0,0 @@
# Build/update the docker image
docker pull debian:10
docker build --rm -t docker.io/openwrtorg/packages-cci:latest .
docker tag <IMAGE ID> docker.io/openwrtorg/packages-cci:<VERSION-TAG>
docker push docker.io/openwrtorg/packages-cci

182
.circleci/config.yml
View File

@ -1,182 +0,0 @@
version: 2.0
jobs:
build:
docker:
- image: docker.io/openwrtorg/packages-cci:v1.0.7
environment:
- SDK_HOST: "downloads.openwrt.org"
- SDK_PATH: "snapshots/targets/ath79/generic"
- SDK_FILE: "openwrt-sdk-ath79-generic_*.Linux-x86_64.tar.xz"
- BRANCH: "master"
steps:
- checkout:
path: ~/openwrt_packages
- run:
name: Check changes / verify commits
working_directory: ~/openwrt_packages
command: |
cat >> $BASH_ENV <<EOF
echo_red() { printf "\033[1;31m\$*\033[m\n"; }
echo_green() { printf "\033[1;32m\$*\033[m\n"; }
echo_blue() { printf "\033[1;34m\$*\033[m\n"; }
EOF
source $BASH_ENV
RET=0
for commit in $(git rev-list HEAD ^origin/$BRANCH); do
echo_blue "=== Checking commit '$commit'"
if git show --format='%P' -s $commit | grep -qF ' '; then
echo_red "Pull request should not include merge commits"
RET=1
fi
author="$(git show -s --format=%aN $commit)"
if echo $author | grep -q '\S\+\s\+\S\+'; then
echo_green "Author name ($author) seems ok"
else
echo_red "Author name ($author) need to be your real name 'firstname lastname'"
RET=1
fi
subject="$(git show -s --format=%s $commit)"
if echo "$subject" | grep -q -e '^[0-9A-Za-z,+/_-]\+: ' -e '^Revert '; then
echo_green "Commit subject line seems ok ($subject)"
else
echo_red "Commit subject line MUST start with '<package name>: ' ($subject)"
RET=1
fi
body="$(git show -s --format=%b $commit)"
sob="$(git show -s --format='Signed-off-by: %aN <%aE>' $commit)"
if echo "$body" | grep -qF "$sob"; then
echo_green "Signed-off-by match author"
else
echo_red "Signed-off-by is missing or doesn't match author (should be '$sob')"
RET=1
fi
done
exit $RET
- run:
name: Download the SDK
working_directory: ~/sdk
command: |
curl "https://$SDK_HOST/$SDK_PATH/sha256sums" -sS -o sha256sums
curl "https://$SDK_HOST/$SDK_PATH/sha256sums.asc" -fs -o sha256sums.asc || true
curl "https://$SDK_HOST/$SDK_PATH/sha256sums.sig" -fs -o sha256sums.sig || true
if [ ! -f sha256sums.asc ] && [ ! -f sha256sums.sig ]; then
echo_red "Missing sha256sums signature files"
exit 1
fi
[ ! -f sha256sums.asc ] || gpg --with-fingerprint --verify sha256sums.asc sha256sums
if [ -f sha256sums.sig ]; then
VERIFIED=
for KEY in ~/usign/*; do
echo "Trying $KEY..."
if signify-openbsd -V -q -p "$KEY" -x sha256sums.sig -m sha256sums; then
echo "...verified"
VERIFIED=1
break
fi
done
if [ -z "$VERIFIED" ]; then
echo_red "Could not verify usign signature"
exit 1
fi
fi
rsync -av "$SDK_HOST::downloads/$SDK_PATH/$SDK_FILE" .
sha256sum -c --ignore-missing sha256sums
- run:
name: Prepare build_dir
working_directory: ~/build_dir
command: |
tar Jxf ~/sdk/$SDK_FILE --strip=1
touch .config
make prepare-tmpinfo scripts/config/conf
./scripts/config/conf --defconfig=.config Config.in
make prereq
rm .config
cat > feeds.conf <<EOF
src-git base https://github.com/openwrt/openwrt.git;$BRANCH
src-link packages $HOME/openwrt_packages
src-git luci https://github.com/openwrt/luci.git;$BRANCH
EOF
cat feeds.conf
./scripts/feeds update -a > /dev/null
make defconfig > /dev/null
# enable BUILD_LOG
sed -i 's/# CONFIG_BUILD_LOG is not set/CONFIG_BUILD_LOG=y/' .config
- run:
name: Install & download source, check package, compile
working_directory: ~/build_dir
command: |
set +o pipefail
PKGS=$(cd ~/openwrt_packages; git diff --diff-filter=d --name-only "origin/$BRANCH..." | grep 'Makefile$' | grep -Ev '/files/|/src/' | awk -F/ '{ print $(NF-1) }')
if [ -z "$PKGS" ] ; then
echo_blue "WARNING: No new or modified packages found!"
exit 0
fi
echo_blue "=== Found new/modified packages: $PKGS"
for PKG in $PKGS ; do
echo_blue "===+ Install: $PKG"
./scripts/feeds install "$PKG"
echo_blue "===+ Download: $PKG"
make "package/$PKG/download" V=s
echo_blue "===+ Check package: $PKG"
make "package/$PKG/check" V=s 2>&1 | tee logtmp
RET=${PIPESTATUS[0]}
if [ $RET -ne 0 ]; then
echo_red "=> Package check failed: $RET)"
exit $RET
fi
badhash_msg="HASH does not match "
badhash_msg+="|HASH uses deprecated hash,"
badhash_msg+="|HASH is missing,"
if grep -qE "$badhash_msg" logtmp; then
echo_red "=> Package HASH check failed"
exit 1
fi
echo_green "=> Package check OK"
done
make \
-f .config \
-f tmp/.packagedeps \
-f <(echo '$(info $(sort $(package-y) $(package-m)))'; echo -en 'a:\n\t@:') \
| tr ' ' '\n' >enabled-package-subdirs.txt
for PKG in $PKGS ; do
if ! grep -m1 -qE "(^|/)$PKG$" enabled-package-subdirs.txt; then
echo_red "===+ Building: $PKG skipped. It cannot be enabled with $SDK_FILE"
continue
fi
echo_blue "===+ Building: $PKG"
make "package/$PKG/compile" -j3 V=s || {
RET=$?
echo_red "===+ Building: $PKG failed, rebuilding with -j1 for human readable error log"
make "package/$PKG/compile" -j1 V=s; exit $RET
}
done
- store_artifacts:
path: ~/build_dir/logs
- store_artifacts:
path: ~/build_dir/bin
workflows:
version: 2
buildpr:
jobs:
- build:
filters:
branches:
ignore: master

6
admin/syslog-ng/Makefile
View File

@ -1,8 +1,8 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=syslog-ng
PKG_VERSION:=4.6.0
PKG_RELEASE:=2
PKG_VERSION:=4.7.1
PKG_RELEASE:=1
PKG_MAINTAINER:=Josef Schlehofer <pepe.schlehofer@gmail.com>
PKG_LICENSE:=LGPL-2.1-or-later GPL-2.0-or-later
@ -11,7 +11,7 @@ PKG_CPE_ID:=cpe:/a:balabit:syslog-ng
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/syslog-ng/syslog-ng/releases/download/$(PKG_NAME)-$(PKG_VERSION)/
PKG_HASH:=b69e3360dfb96a754a4e1cbead4daef37128b1152a23572356db4ab64a475d4f
PKG_HASH:=5477189a2d12325aa4faebfcf59f5bdd9084234732f0c3ec16dd253847dacf1c
PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1

2
admin/syslog-ng/files/syslog-ng.conf
View File

@ -1,7 +1,7 @@
# Collect all local logs into a single file /var/log/messages.
# See https://www.syslog-ng.com/technical-documents/list/syslog-ng-open-source-edition
@version: 4.6
@version: 4.7
@include "scl.conf"
options {

165
lang/lua5.4/Makefile Normal file
View File

@ -0,0 +1,165 @@
#
# Copyright (C) 2006-2023 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=lua
PKG_VERSION:=5.4.6
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.lua.org/ftp/ \
https://www.tecgraf.puc-rio.br/lua/ftp/
PKG_HASH:=7d5ea1b9cb6aa0b59ca3dde1c6adcb57ef83a1ba8e5432c0ecd06bf439b3ad88
PKG_BUILD_PARALLEL:=1
PKG_MAINTAINER:=Christian Marangi <ansuelsmth@gmail.com>
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=COPYRIGHT
PKG_CPE_ID:=cpe:/a:lua:lua
HOST_PATCH_DIR := ./patches-host
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/host-build.mk
define Package/lua5.4/Default
SUBMENU:=Lua
SECTION:=lang
CATEGORY:=Languages
TITLE:=Lua programming language (version 5.4)
URL:=https://www.lua.org/
endef
define Package/lua5.4/Default/description
Lua is a powerful, efficient, lightweight, embeddable scripting language. It
supports procedural programming, object-oriented programming, functional
programming, data-driven programming, and data description.
endef
define Package/liblua5.4
$(call Package/lua5.4/Default)
SUBMENU:=
SECTION:=libs
CATEGORY:=Libraries
TITLE+= (libraries)
ABI_VERSION:=5.4
endef
define Package/liblua5.4/description
$(call Package/lua5.4/Default/description)
This package contains the Lua shared libraries, needed by other programs.
endef
define Package/lua5.4
$(call Package/lua5.4/Default)
DEPENDS:=+liblua5.4
TITLE+= (interpreter)
endef
define Package/lua5.4/description
$(call Package/lua5.4/Default/description)
This package contains the Lua language interpreter.
endef
define Package/luac5.4
$(call Package/lua5.4/Default)
DEPENDS:=+liblua5.4
TITLE+= (compiler)
endef
define Package/luac5.4/description
$(call Package/lua5.4/Default/description)
This package contains the Lua language compiler.
endef
define Build/Prepare
$(call Build/Prepare/Default)
mv $(PKG_BUILD_DIR)/doc/lua.1 $(PKG_BUILD_DIR)/doc/lua5.4.1
mv $(PKG_BUILD_DIR)/doc/luac.1 $(PKG_BUILD_DIR)/doc/luac5.4.1
endef
TARGET_CFLAGS += -DLUA_USE_LINUX $(FPIC) -std=gnu99
define Build/Compile
$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
CC="$(TARGET_CROSS)gcc" \
AR="$(TARGET_CROSS)ar rcu" \
RANLIB="$(TARGET_CROSS)ranlib" \
INSTALL_ROOT=/usr \
CFLAGS="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" \
PKG_VERSION=$(PKG_VERSION) \
linux
rm -rf $(PKG_INSTALL_DIR)
mkdir -p $(PKG_INSTALL_DIR)
$(MAKE) -C $(PKG_BUILD_DIR) \
INSTALL_TOP="$(PKG_INSTALL_DIR)/usr" \
install
endef
define Host/Prepare
$(call Host/Prepare/Default)
mv $(HOST_BUILD_DIR)/doc/lua.1 $(HOST_BUILD_DIR)/doc/lua5.4.1
mv $(HOST_BUILD_DIR)/doc/luac.1 $(HOST_BUILD_DIR)/doc/luac5.4.1
endef
define Host/Configure
$(SED) 's,"/usr/local/","$(STAGING_DIR_HOSTPKG)/",' $(HOST_BUILD_DIR)/src/luaconf.h
endef
ifeq ($(HOST_OS),Darwin)
LUA_OS:=macosx
else
ifeq ($(HOST_OS),FreeBSD)
LUA_OS:=freebsd
else
LUA_OS:=linux
endif
endif
define Host/Compile
$(MAKE) -C $(HOST_BUILD_DIR) \
CC="$(HOSTCC) $(HOST_FPIC) -std=gnu99" \
$(LUA_OS)
endef
define Host/Install
$(MAKE) -C $(HOST_BUILD_DIR) \
INSTALL_TOP="$(STAGING_DIR_HOSTPKG)" \
install
endef
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include/lua5.4 $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/include/lua5.4/lua{,lib,conf}.h $(1)/usr/include/lua5.4/
$(CP) $(PKG_INSTALL_DIR)/usr/include/lua5.4/lua.hpp $(1)/usr/include/lua5.4/
$(CP) $(PKG_INSTALL_DIR)/usr/include/lua5.4/lauxlib.h $(1)/usr/include/lua5.4/
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/liblua5.4.{a,so*} $(1)/usr/lib/
$(LN) liblua5.4.so.0.0.0 $(1)/usr/lib/liblualib5.4.so
endef
define Package/liblua5.4/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/liblua5.4.so* $(1)/usr/lib/
endef
define Package/lua5.4/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/lua5.4 $(1)/usr/bin/
endef
define Package/luac5.4/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/luac5.4 $(1)/usr/bin/
endef
$(eval $(call BuildPackage,liblua5.4))
$(eval $(call BuildPackage,lua5.4))
$(eval $(call BuildPackage,luac5.4))
$(eval $(call HostBuild))

65
lang/lua5.4/patches-host/001-include-version-number.patch Normal file
View File

@ -0,0 +1,65 @@
From 96576b44a1b368bd6590eb0778ae45cc9ccede3f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
Date: Fri, 21 Jun 2019 14:08:38 +0200
Subject: [PATCH] include version number
Including it allows multiple lua versions to coexist.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
---
--- a/Makefile
+++ b/Makefile
@@ -12,7 +12,7 @@ PLAT= guess
# LUA_ROOT, LUA_LDIR, and LUA_CDIR in luaconf.h.
INSTALL_TOP= /usr/local
INSTALL_BIN= $(INSTALL_TOP)/bin
-INSTALL_INC= $(INSTALL_TOP)/include
+INSTALL_INC= $(INSTALL_TOP)/include/lua$V
INSTALL_LIB= $(INSTALL_TOP)/lib
INSTALL_MAN= $(INSTALL_TOP)/man/man1
INSTALL_LMOD= $(INSTALL_TOP)/share/lua/$V
@@ -39,10 +39,10 @@ RM= rm -f
PLATS= guess aix bsd c89 freebsd generic ios linux linux-readline macosx mingw posix solaris
# What to install.
-TO_BIN= lua luac
+TO_BIN= lua$V luac$V
TO_INC= lua.h luaconf.h lualib.h lauxlib.h lua.hpp
-TO_LIB= liblua.a
-TO_MAN= lua.1 luac.1
+TO_LIB= liblua$V.a
+TO_MAN= lua$V.1 luac$V.1
# Lua version and release.
V= 5.4
@@ -52,7 +52,7 @@ R= $V.6
all: $(PLAT)
$(PLATS) help test clean:
- @cd src && $(MAKE) $@
+ @cd src && $(MAKE) $@ V=$V
install: dummy
cd src && $(MKDIR) $(INSTALL_BIN) $(INSTALL_INC) $(INSTALL_LIB) $(INSTALL_MAN) $(INSTALL_LMOD) $(INSTALL_CMOD)
--- a/src/Makefile
+++ b/src/Makefile
@@ -32,15 +32,15 @@ CMCFLAGS=
PLATS= guess aix bsd c89 freebsd generic ios linux linux-readline macosx mingw posix solaris
-LUA_A= liblua.a
+LUA_A= liblua$V.a
CORE_O= lapi.o lcode.o lctype.o ldebug.o ldo.o ldump.o lfunc.o lgc.o llex.o lmem.o lobject.o lopcodes.o lparser.o lstate.o lstring.o ltable.o ltm.o lundump.o lvm.o lzio.o
LIB_O= lauxlib.o lbaselib.o lcorolib.o ldblib.o liolib.o lmathlib.o loadlib.o loslib.o lstrlib.o ltablib.o lutf8lib.o linit.o
BASE_O= $(CORE_O) $(LIB_O) $(MYOBJS)
-LUA_T= lua
+LUA_T= lua$V
LUA_O= lua.o
-LUAC_T= luac
+LUAC_T= luac$V
LUAC_O= luac.o
ALL_O= $(BASE_O) $(LUA_O) $(LUAC_O)

27
lang/lua5.4/patches-host/100-no_readline.patch Normal file
View File

@ -0,0 +1,27 @@
--- a/src/Makefile
+++ b/src/Makefile
@@ -126,7 +126,7 @@ c89:
@echo ''
FreeBSD NetBSD OpenBSD freebsd:
- $(MAKE) $(ALL) SYSCFLAGS="-DLUA_USE_LINUX -DLUA_USE_READLINE -I/usr/include/edit" SYSLIBS="-Wl,-E -ledit" CC="cc"
+ $(MAKE) $(ALL) SYSCFLAGS="-DLUA_USE_LINUX $(if $(USE_READLINE), -DLUA_USE_READLINE) -I/usr/include/edit" SYSLIBS="-Wl,-E -ledit" CC="cc"
generic: $(ALL)
@@ -136,13 +136,13 @@ ios:
Linux linux: linux-noreadline
linux-noreadline:
- $(MAKE) $(ALL) SYSCFLAGS="-DLUA_USE_LINUX" SYSLIBS="-Wl,-E -ldl"
+ $(MAKE) $(ALL) SYSCFLAGS="-DLUA_USE_LINUX $(if $(USE_READLINE), -DLUA_USE_READLINE)" SYSLIBS="-Wl,-E -ldl $(if $(USE_READLINE), -lreadline)"
linux-readline:
$(MAKE) $(ALL) SYSCFLAGS="-DLUA_USE_LINUX -DLUA_USE_READLINE" SYSLIBS="-Wl,-E -ldl -lreadline"
Darwin macos macosx:
- $(MAKE) $(ALL) SYSCFLAGS="-DLUA_USE_MACOSX -DLUA_USE_READLINE" SYSLIBS="-lreadline"
+ $(MAKE) $(ALL) SYSCFLAGS="-DLUA_USE_MACOSX $(if $(USE_READLINE), -DLUA_USE_READLINE)" SYSLIBS="$(if $(USE_READLINE), -lreadline)"
mingw:
$(MAKE) "LUA_A=lua54.dll" "LUA_T=lua.exe" \

65
lang/lua5.4/patches/001-include-version-number.patch Normal file
View File

@ -0,0 +1,65 @@
From 96576b44a1b368bd6590eb0778ae45cc9ccede3f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
Date: Fri, 21 Jun 2019 14:08:38 +0200
Subject: [PATCH] include version number
Including it allows multiple lua versions to coexist.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
---
--- a/Makefile
+++ b/Makefile
@@ -12,7 +12,7 @@ PLAT= guess
# LUA_ROOT, LUA_LDIR, and LUA_CDIR in luaconf.h.
INSTALL_TOP= /usr/local
INSTALL_BIN= $(INSTALL_TOP)/bin
-INSTALL_INC= $(INSTALL_TOP)/include
+INSTALL_INC= $(INSTALL_TOP)/include/lua$V
INSTALL_LIB= $(INSTALL_TOP)/lib
INSTALL_MAN= $(INSTALL_TOP)/man/man1
INSTALL_LMOD= $(INSTALL_TOP)/share/lua/$V
@@ -39,10 +39,10 @@ RM= rm -f
PLATS= guess aix bsd c89 freebsd generic ios linux linux-readline macosx mingw posix solaris
# What to install.
-TO_BIN= lua luac
+TO_BIN= lua$V luac$V
TO_INC= lua.h luaconf.h lualib.h lauxlib.h lua.hpp
-TO_LIB= liblua.a
-TO_MAN= lua.1 luac.1
+TO_LIB= liblua$V.a
+TO_MAN= lua$V.1 luac$V.1
# Lua version and release.
V= 5.4
@@ -52,7 +52,7 @@ R= $V.6
all: $(PLAT)
$(PLATS) help test clean:
- @cd src && $(MAKE) $@
+ @cd src && $(MAKE) $@ V=$V
install: dummy
cd src && $(MKDIR) $(INSTALL_BIN) $(INSTALL_INC) $(INSTALL_LIB) $(INSTALL_MAN) $(INSTALL_LMOD) $(INSTALL_CMOD)
--- a/src/Makefile
+++ b/src/Makefile
@@ -32,15 +32,15 @@ CMCFLAGS=
PLATS= guess aix bsd c89 freebsd generic ios linux linux-readline macosx mingw posix solaris
-LUA_A= liblua.a
+LUA_A= liblua$V.a
CORE_O= lapi.o lcode.o lctype.o ldebug.o ldo.o ldump.o lfunc.o lgc.o llex.o lmem.o lobject.o lopcodes.o lparser.o lstate.o lstring.o ltable.o ltm.o lundump.o lvm.o lzio.o
LIB_O= lauxlib.o lbaselib.o lcorolib.o ldblib.o liolib.o lmathlib.o loadlib.o loslib.o lstrlib.o ltablib.o lutf8lib.o linit.o
BASE_O= $(CORE_O) $(LIB_O) $(MYOBJS)
-LUA_T= lua
+LUA_T= lua$V
LUA_O= lua.o
-LUAC_T= luac
+LUAC_T= luac$V
LUAC_O= luac.o
ALL_O= $(BASE_O) $(LUA_O) $(LUAC_O)

115
lang/lua5.4/patches/020-shared_liblua.patch Normal file
View File

@ -0,0 +1,115 @@
--- a/Makefile
+++ b/Makefile
@@ -41,7 +41,7 @@ PLATS= guess aix bsd c89 freebsd generic
# What to install.
TO_BIN= lua$V luac$V
TO_INC= lua.h luaconf.h lualib.h lauxlib.h lua.hpp
-TO_LIB= liblua$V.a
+TO_LIB= liblua$V.a liblua$V.so.0.0.0
TO_MAN= lua$V.1 luac$V.1
# Lua version and release.
@@ -59,6 +59,9 @@ install: dummy
cd src && $(INSTALL_EXEC) $(TO_BIN) $(INSTALL_BIN)
cd src && $(INSTALL_DATA) $(TO_INC) $(INSTALL_INC)
cd src && $(INSTALL_DATA) $(TO_LIB) $(INSTALL_LIB)
+ ln -s liblua$V.so.0.0.0 $(INSTALL_LIB)/liblua$V.so.0.0
+ ln -s liblua$V.so.0.0.0 $(INSTALL_LIB)/liblua$V.so.0
+ ln -s liblua$V.so.0.0.0 $(INSTALL_LIB)/liblua$V.so
cd doc && $(INSTALL_DATA) $(TO_MAN) $(INSTALL_MAN)
uninstall:
--- a/src/ldebug.h
+++ b/src/ldebug.h
@@ -36,7 +36,7 @@
#endif
-LUAI_FUNC int luaG_getfuncline (const Proto *f, int pc);
+LUA_API int luaG_getfuncline (const Proto *f, int pc);
LUAI_FUNC const char *luaG_findlocal (lua_State *L, CallInfo *ci, int n,
StkId *pos);
LUAI_FUNC l_noret luaG_typeerror (lua_State *L, const TValue *o,
--- a/src/lstring.h
+++ b/src/lstring.h
@@ -50,7 +50,7 @@ LUAI_FUNC void luaS_init (lua_State *L);
LUAI_FUNC void luaS_remove (lua_State *L, TString *ts);
LUAI_FUNC Udata *luaS_newudata (lua_State *L, size_t s, int nuvalue);
LUAI_FUNC TString *luaS_newlstr (lua_State *L, const char *str, size_t l);
-LUAI_FUNC TString *luaS_new (lua_State *L, const char *str);
+LUA_API TString *luaS_new (lua_State *L, const char *str);
LUAI_FUNC TString *luaS_createlngstrobj (lua_State *L, size_t l);
--- a/src/lundump.h
+++ b/src/lundump.h
@@ -30,7 +30,7 @@
LUAI_FUNC LClosure* luaU_undump (lua_State* L, ZIO* Z, const char* name);
/* dump one chunk; from ldump.c */
-LUAI_FUNC int luaU_dump (lua_State* L, const Proto* f, lua_Writer w,
+LUA_API int luaU_dump (lua_State* L, const Proto* f, lua_Writer w,
void* data, int strip);
#endif
--- a/src/lzio.h
+++ b/src/lzio.h
@@ -44,7 +44,7 @@ typedef struct Mbuffer {
#define luaZ_freebuffer(L, buff) luaZ_resizebuffer(L, buff, 0)
-LUAI_FUNC void luaZ_init (lua_State *L, ZIO *z, lua_Reader reader,
+LUA_API void luaZ_init (lua_State *L, ZIO *z, lua_Reader reader,
void *data);
LUAI_FUNC size_t luaZ_read (ZIO* z, void *b, size_t n); /* read next n bytes */
--- a/src/Makefile
+++ b/src/Makefile
@@ -33,6 +33,7 @@ CMCFLAGS=
PLATS= guess aix bsd c89 freebsd generic ios linux linux-readline macosx mingw posix solaris
LUA_A= liblua$V.a
+LUA_SO= liblua$V.so.0.0.0
CORE_O= lapi.o lcode.o lctype.o ldebug.o ldo.o ldump.o lfunc.o lgc.o llex.o lmem.o lobject.o lopcodes.o lparser.o lstate.o lstring.o ltable.o ltm.o lundump.o lvm.o lzio.o
LIB_O= lauxlib.o lbaselib.o lcorolib.o ldblib.o liolib.o lmathlib.o loadlib.o loslib.o lstrlib.o ltablib.o lutf8lib.o linit.o
BASE_O= $(CORE_O) $(LIB_O) $(MYOBJS)
@@ -44,8 +45,9 @@ LUAC_T= luac$V
LUAC_O= luac.o
ALL_O= $(BASE_O) $(LUA_O) $(LUAC_O)
-ALL_T= $(LUA_A) $(LUA_T) $(LUAC_T)
+ALL_T= $(LUA_A) $(LUA_SO) $(LUA_T) $(LUAC_T)
ALL_A= $(LUA_A)
+ALL_SO= $(LUA_SO)
# Targets start here.
default: $(PLAT)
@@ -56,14 +58,25 @@ o: $(ALL_O)
a: $(ALL_A)
+so: $(ALL_SO)
+
$(LUA_A): $(BASE_O)
$(AR) $@ $(BASE_O)
$(RANLIB) $@
-$(LUA_T): $(LUA_O) $(LUA_A)
- $(CC) -o $@ $(LDFLAGS) $(LUA_O) $(LUA_A) $(LIBS)
+$(LUA_SO): $(CORE_O) $(LIB_O)
+ $(CC) -o $@ -Wl,-Bsymbolic-functions -shared -Wl,-soname="$@" $?
+ ln -fs $@ liblua$V.so.0.0
+ ln -fs $@ liblua$V.so.0
+ ln -fs $@ liblua$V.so
+
+$(LUA_T): $(LUA_O) $(LUA_SO)
+ $(CC) -o $@ -L. -llua$V $(MYLDFLAGS) $(LUA_O) $(LIBS)
+
+$(LUAC_T): $(LUAC_O) $(LUA_SO)
+ $(CC) -o $@ -L. -llua$V $(MYLDFLAGS) $(LUAC_O) $(LIBS)
-$(LUAC_T): $(LUAC_O) $(LUA_A)
+$(LUAC_T)-host: $(LUAC_O) $(LUA_A)
$(CC) -o $@ $(LDFLAGS) $(LUAC_O) $(LUA_A) $(LIBS)
test:

27
lang/lua5.4/patches/100-no_readline.patch Normal file
View File

@ -0,0 +1,27 @@
--- a/src/Makefile
+++ b/src/Makefile
@@ -126,7 +126,7 @@ c89:
@echo ''
FreeBSD NetBSD OpenBSD freebsd:
- $(MAKE) $(ALL) SYSCFLAGS="-DLUA_USE_LINUX -DLUA_USE_READLINE -I/usr/include/edit" SYSLIBS="-Wl,-E -ledit" CC="cc"
+ $(MAKE) $(ALL) SYSCFLAGS="-DLUA_USE_LINUX $(if $(USE_READLINE), -DLUA_USE_READLINE) -I/usr/include/edit" SYSLIBS="-Wl,-E -ledit" CC="cc"
generic: $(ALL)
@@ -136,13 +136,13 @@ ios:
Linux linux: linux-noreadline
linux-noreadline:
- $(MAKE) $(ALL) SYSCFLAGS="-DLUA_USE_LINUX" SYSLIBS="-Wl,-E -ldl"
+ $(MAKE) $(ALL) SYSCFLAGS="-DLUA_USE_LINUX $(if $(USE_READLINE), -DLUA_USE_READLINE)" SYSLIBS="-Wl,-E -ldl $(if $(USE_READLINE), -lreadline)"
linux-readline:
$(MAKE) $(ALL) SYSCFLAGS="-DLUA_USE_LINUX -DLUA_USE_READLINE" SYSLIBS="-Wl,-E -ldl -lreadline"
Darwin macos macosx:
- $(MAKE) $(ALL) SYSCFLAGS="-DLUA_USE_MACOSX -DLUA_USE_READLINE" SYSLIBS="-lreadline"
+ $(MAKE) $(ALL) SYSCFLAGS="-DLUA_USE_MACOSX $(if $(USE_READLINE), -DLUA_USE_READLINE)" SYSLIBS="$(if $(USE_READLINE), -lreadline)"
mingw:
$(MAKE) "LUA_A=lua54.dll" "LUA_T=lua.exe" \

2
net/banip/Makefile
View File

@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=banip
PKG_VERSION:=0.9.5
PKG_RELEASE:=2
PKG_RELEASE:=3
PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>

8
net/banip/files/README.md
View File

@ -15,7 +15,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre
| adguard | adguard IPs | | | x | tcp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
| adguardtrackers | adguardtracker IPs | | | x | tcp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
| antipopads | antipopads IPs | | | x | tcp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
| asn | ASN segments | | | x | tcp: 80, 443 | [Link](https://asn.ipinfo.app) |
| asn | ASN segments | x | x | x | | [Link](https://asn.ipinfo.app) |
| backscatterer | backscatterer IPs | x | x | | | [Link](https://www.uceprotect.net/en/index.php) |
| becyber | malicious attacker IPs | x | x | | | [Link](https://github.com/duggytuxy/malicious_ip_addresses) |
| binarydefense | binary defense banlist | x | x | | | [Link](https://iplists.firehol.org/?ipset=bds_atif) |
@ -114,7 +114,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre
* It's strongly recommended to use the LuCI frontend to easily configure all aspects of banIP, the application is located in LuCI under the 'Services' menu
* If you're using a complex network setup, e.g. special tunnel interfaces, than untick the 'Auto Detection' option under the 'General Settings' tab and set the required options manually
* Start the service with '/etc/init.d/banip start' and check everything is working by running '/etc/init.d/banip status' and also check the 'Firewall Log' and 'Processing Log' tabs
* If you're going to configure banIP via CLI, edit the config file '/etc/config/banip' and enable the service (set ban\_enabled to '1'), then add pre-configured feeds via 'ban\_feed' (see the feed list above) and add/change other options to your needs (see the options reference below)
* If you're going to configure banIP via CLI, edit the config file '/etc/config/banip' and enable the service (set ban\_enabled to '1'), then add pre-configured feeds via 'ban\_feed' (see the feed list above) and add/change other options to your needs, see the options reference table below
## banIP CLI interface
* All important banIP functions are accessible via CLI.
@ -428,12 +428,12 @@ A valid JSON source object contains the following information, e.g.:
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
"descr": "tor exit nodes",
"flag": "tcp 80-89 443"
"flag": "gz tcp 80-88 udp 50000"
},
[...]
```
Add an unique feed name (no spaces, no special chars) and make the required changes: adapt at least the URL, the regex and the description for a new feed.
Please note: the flag field is optional, it's a space separated list of options: supported are 'gz' as an archive format, protocols 'tcp' or 'udp' with port numbers/port ranges for destination port limitations.
Please note: the flag field is optional, it's a space separated list of options: supported are 'gz' as an archive format, protocols 'tcp' or 'udp' with port numbers/port ranges for destination port limitations - multiple definitions are possible.
## Support
Please join the banIP discussion in this [forum thread](https://forum.openwrt.org/t/banip-support-thread/16985) or contact me by mail <dev@brenken.org>

50
net/banip/files/banip-functions.sh
View File

@ -595,24 +595,30 @@ f_etag() {
# build initial nft file with base table, chains and rules
#
f_nftinit() {
local wan_dev vlan_allow vlan_block log_ct log_icmp log_syn log_udp log_tcp feed_log feed_rc allow_proto allow_dport flag file="${1}"
local wan_dev vlan_allow vlan_block log_ct log_icmp log_syn log_udp log_tcp feed_log feed_rc flag tmp_proto tmp_port allow_dport file="${1}"
wan_dev="$(printf "%s" "${ban_dev}" | "${ban_sedcmd}" 's/^/\"/;s/$/\"/;s/ /\", \"/g')"
[ -n "${ban_vlanallow}" ] && vlan_allow="$(printf "%s" "${ban_vlanallow%%?}" | "${ban_sedcmd}" 's/^/\"/;s/$/\"/;s/ /\", \"/g')"
[ -n "${ban_vlanblock}" ] && vlan_block="$(printf "%s" "${ban_vlanblock%%?}" | "${ban_sedcmd}" 's/^/\"/;s/$/\"/;s/ /\", \"/g')"
for flag in ${ban_allowflag}; do
if [ -z "${allow_proto}" ] && { [ "${flag}" = "tcp" ] || [ "${flag}" = "udp" ]; }; then
allow_proto="${flag}"
elif [ -n "${allow_proto}" ] && [ -n "${flag//[![:digit]-]/}" ] && ! printf "%s" "${allow_dport}" | "${ban_grepcmd}" -qw "${flag}"; then
if [ -z "${allow_dport}" ]; then
allow_dport="${flag}"
else
allow_dport="${allow_dport}, ${flag}"
if [ "${flag}" = "tcp" ] || [ "${flag}" = "udp" ]; then
if [ -z "${tmp_proto}" ]; then
tmp_proto="${flag}"
elif ! printf "%s" "${tmp_proto}" | "${ban_grepcmd}" -qw "${flag}"; then
tmp_proto="${tmp_proto}, ${flag}"
fi
elif [ -n "${flag//[![:digit]-]/}" ]; then
if [ -z "${tmp_port}" ]; then
tmp_port="${flag}"
elif ! printf "%s" "${tmp_port}" | "${ban_grepcmd}" -qw "${flag}"; then
tmp_port="${tmp_port}, ${flag}"
fi
fi
done
[ -n "${allow_dport}" ] && allow_dport="${allow_proto} dport { ${allow_dport} }"
if [ -n "${tmp_proto}" ] && [ -n "${tmp_port}" ]; then
allow_dport="meta l4proto { ${tmp_proto} } th dport { ${tmp_port} }"
fi
if [ "${ban_logprerouting}" = "1" ]; then
log_icmp="log level ${ban_nftloglevel} prefix \"banIP/pre-icmp/drop: \""
@ -697,7 +703,7 @@ f_nftinit() {
#
f_down() {
local log_input log_forwardwan log_forwardlan start_ts end_ts tmp_raw tmp_load tmp_file split_file ruleset_raw handle rc etag_rc
local expr cnt_set cnt_dl restore_rc feed_direction feed_rc feed_log feed_comp feed_proto feed_dport feed_target
local expr cnt_set cnt_dl restore_rc feed_direction feed_rc feed_log feed_comp feed_target feed_dport tmp_proto tmp_port flag
local feed="${1}" proto="${2}" feed_url="${3}" feed_rule="${4}" feed_flag="${5}"
start_ts="$(date +%s)"
@ -756,19 +762,25 @@ f_down() {
# prepare feed flags
#
for flag in ${feed_flag}; do
if [ "${flag}" = "gz" ] && ! printf "%s" "${feed_comp}" | "${ban_grepcmd}" -qw "${flag}"; then
if [ "${flag}" = "gz" ]; then
feed_comp="${flag}"
elif [ -z "${feed_proto}" ] && { [ "${flag}" = "tcp" ] || [ "${flag}" = "udp" ]; }; then
feed_proto="${flag}"
elif [ -n "${feed_proto}" ] && [ -n "${flag//[![:digit]-]/}" ] && ! printf "%s" "${feed_dport}" | "${ban_grepcmd}" -qw "${flag}"; then
if [ -z "${feed_dport}" ]; then
feed_dport="${flag}"
else
feed_dport="${feed_dport}, ${flag}"
elif [ "${flag}" = "tcp" ] || [ "${flag}" = "udp" ]; then
if [ -z "${tmp_proto}" ]; then
tmp_proto="${flag}"
elif ! printf "%s" "${tmp_proto}" | "${ban_grepcmd}" -qw "${flag}"; then
tmp_proto="${tmp_proto}, ${flag}"
fi
elif [ -n "${flag//[![:digit]-]/}" ]; then
if [ -z "${tmp_port}" ]; then
tmp_port="${flag}"
elif ! printf "%s" "${tmp_port}" | "${ban_grepcmd}" -qw "${flag}"; then
tmp_port="${tmp_port}, ${flag}"
fi
fi
done
[ -n "${feed_dport}" ] && feed_dport="${feed_proto} dport { ${feed_dport} }"
if [ -n "${tmp_proto}" ] && [ -n "${tmp_port}" ]; then
feed_dport="meta l4proto { ${tmp_proto} } th dport { ${tmp_port} }"
fi
# chain/rule maintenance
#

3
net/banip/files/banip.feeds
View File

@ -36,8 +36,7 @@
"url_6": "https://asn.ipinfo.app/api/text/list/",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
"descr": "ASN IP segments",
"flag": "tcp 80 443"
"descr": "ASN IP segments"
},
"backscatterer":{
"url_4": "http://wget-mirrors.uceprotect.net/rbldnsd-all/ips.backscatterer.org.gz",

4
net/cloudflared/Makefile
View File

@ -5,12 +5,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=cloudflared
PKG_VERSION:=2024.4.0
PKG_VERSION:=2024.4.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/cloudflare/cloudflared/tar.gz/$(PKG_VERSION)?
PKG_HASH:=a68882beb5ec2855a17253a751295c4cc4f8f9ca3b49920ffa7e398995f85055
PKG_HASH:=11bed2bd793cc03775aa6270797ed328434bc982e09fd3597e267590f28d2436
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE

49
net/hev-socks5-server/Makefile Normal file
View File

@ -0,0 +1,49 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=hev-socks5-server
PKG_VERSION:=2.6.5
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/heiher/hev-socks5-server/releases/download/$(PKG_VERSION)
PKG_HASH:=07d3297483cc624464eec424f7dd27f2028f4f56c70c2c9d0b6902e181a32ccb
PKG_MAINTAINER:=Ray Wang <r@hev.cc>
PKG_LICENSE:=GPL-3.0-only
PKG_LICENSE_FILES:=License
PKG_BUILD_FLAGS:=no-mips16
PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
define Package/hev-socks5-server
SECTION:=net
CATEGORY:=Network
TITLE:=A high-performance socks5 server for Unix
URL:=https://github.com/heiher/hev-socks5-server
endef
MAKE_FLAGS += REV_ID="$(PKG_VERSION)"
define Package/hev-socks5-server/conffiles
/etc/config/hev-socks5-server
/etc/hev-socks5-server/
endef
define Package/hev-socks5-server/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/hev-socks5-server $(1)/usr/bin/
$(INSTALL_DIR) $(1)/etc/hev-socks5-server/
$(INSTALL_CONF) $(PKG_BUILD_DIR)/conf/main.yml $(1)/etc/hev-socks5-server/main.yml
$(INSTALL_CONF) $(PKG_BUILD_DIR)/conf/auth.txt $(1)/etc/hev-socks5-server/auth.txt
$(INSTALL_DIR) $(1)/etc/config/
$(INSTALL_CONF) ./files/hev-socks5-server.config $(1)/etc/config/hev-socks5-server
$(INSTALL_DIR) $(1)/etc/init.d/
$(INSTALL_BIN) ./files/hev-socks5-server.init $(1)/etc/init.d/hev-socks5-server
endef
$(eval $(call BuildPackage,hev-socks5-server))

3
net/hev-socks5-server/files/hev-socks5-server.config Normal file
View File

@ -0,0 +1,3 @@
config hev-socks5-server 'config'
option enabled '0'
option conffile '/etc/hev-socks5-server/main.yml'

34
net/hev-socks5-server/files/hev-socks5-server.init Normal file
View File

@ -0,0 +1,34 @@
#!/bin/sh /etc/rc.common
USE_PROCD=1
START=99
CONF="hev-socks5-server"
PROG="/usr/bin/hev-socks5-server"
start_service() {
config_load "$CONF"
local enabled
config_get_bool enabled "config" "enabled" "0"
[ "$enabled" -eq "1" ] || return 1
local conffile
config_get conffile "config" "conffile"
procd_open_instance "$CONF"
procd_set_param command "$PROG" "$conffile"
procd_set_param file "$conffile"
procd_set_param limits core="unlimited"
procd_set_param limits nofile="1000000 1000000"
procd_set_param stdout 1
procd_set_param stderr 1
procd_set_param respawn
procd_close_instance
}
service_triggers() {
procd_add_reload_trigger "$CONF"
}

3
net/hev-socks5-server/test.sh Executable file
View File

@ -0,0 +1,3 @@
#!/bin/sh
"$1" 2>&1 | grep "$2"

39
net/jool/files/readme.md
View File

@ -1,28 +1,35 @@
# [Jool](https://www.jool.mx)
# [Jool](https://nicmx.github.io/Jool/en/index.html)
## Documentation
[See here](https://www.jool.mx/en/documentation.html).
[See here](https://nicmx.github.io/Jool/en/documentation.html).
You might also want to see [contact info](https://www.jool.mx/en/contact.html).
You might also want to see [contact info](https://nicmx.github.io/Jool/en/contact.html).
## Usage
### Start script
This package includes a start script that will:
1. Read the configuration file `/etc/config/jool`
2. Determine what services are active
3. Run jool with procd
For now this means that:
* The services will be disabled by default in the uci config `(/etc/config/jool)`
* The only uci configuration support available for the package is to enable or disable each instance or the entire deamon
* There is no uci support and configuration will be saved at `/etc/jool/*
* Only one instance of jool(nat64) can run with the boot script
* Only one instance of jool(siit) can run with the boot script
* For now there is no way of overriding of the configuration file's paths
1. Read the configuration file `/etc/config/jool`
2. Determine what services are active
3. Run `jool` with procd
The configuration files the startup script useses for each jool instance are:
* jool(nat64): `/etc/jool/jool-nat64.conf.json`
* jool(siit): `/etc/jool/jool-siit.conf.json`
### For now this means that
- The services will be disabled by default in the uci config `(/etc/config/jool)`
- The only uci configuration support available for the package is to enable or disable each instance or the entire deamon
- There is no uci support and configuration will be saved at `/etc/jool/`
- Only one instance of jool(nat64) can run with the boot script
- Only one instance of jool(siit) can run with the boot script
- For now there is no way of overriding of the configuration file's paths
The configuration files the startup script uses for each jool instance are:
- jool(nat64): `/etc/jool/jool-nat64.conf.json`
- jool(siit): `/etc/jool/jool-siit.conf.json`
### OpenWrt tutorial
For a more detailed tutorial refer to this [wiki page](https://openwrt.org/docs/guide-user/network/ipv6/nat64).

6
net/librespeed-go/Makefile
View File

@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=librespeed-go
PKG_VERSION:=1.1.5
PKG_RELEASE:=3
PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/librespeed/speedtest-go/tar.gz/v$(PKG_VERSION)?
@ -39,10 +39,10 @@ define Package/librespeed-go
endef
define Package/librespeed-go/description
No Flash, No Java, No WebSocket, No Bullshit.
This is a very lightweight speed test implemented in JavaScript,
using XMLHttpRequest and Web Workers.
No Flash, No Java, No WebSocket, No Bullshit.
endef
define Package/librespeed-go/conffiles

4
net/nextdns/Makefile
View File

@ -8,13 +8,13 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=nextdns
PKG_VERSION:=1.42.0
PKG_VERSION:=1.43.1
PKG_RELEASE:=1
PKG_SOURCE:=nextdns-$(PKG_VERSION).tar.gz
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
PKG_SOURCE_URL:=https://codeload.github.com/nextdns/nextdns/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=893692bea9015116d6ce610c94dccf744f3aa29aeb716a15cca17dd6e6b837c1
PKG_HASH:=39d6073dc89b2bb91d03c2e9a4b5d6717ed8d6435232c02b18301ea9dfc5a6ad
PKG_MAINTAINER:=Olivier Poitrey <rs@nextdns.io>
PKG_LICENSE:=MIT

13
net/nmap/Makefile
View File

@ -13,13 +13,14 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=nmap
PKG_VERSION:=7.93
PKG_RELEASE:=4
PKG_VERSION:=7.95
PKG_RELEASE:=1
PKG_MAINTAINER:=Nuno Gonçalves <nunojpg@gmail.com>
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://nmap.org/dist/
PKG_HASH:=55bcfe4793e25acc96ba4274d8c4228db550b8e8efd72004b38ec55a2dd16651
PKG_HASH:=e14ab530e47b5afd88f1c8a2bac7f89cd8fe6b478e22d255c5b9bddb7a1c5778
PKG_LICENSE:=NPSL-0.94-or-NPSL-0.95
PKG_LICENSE_FILES:=LICENSE
PKG_CPE_ID:=cpe:/a:nmap:nmap
@ -32,7 +33,7 @@ PYTHON3_PKG_FORCE_DISTUTILS_SETUP:=1
include $(INCLUDE_DIR)/package.mk
include ../../lang/python/python3-package.mk
NMAP_DEPENDS:=+libpcap +libstdcpp +zlib +libpcre
NMAP_DEPENDS:=+libpcap +libstdcpp +zlib +libpcre2
NCAT_DEPENDS:=+libpcap
NPING_DEPENDS:=+libpcap +libpthread +libstdcpp
SSL_DEPENDS:=+libopenssl +ca-certs
@ -60,7 +61,7 @@ endef
define Package/nmap-full
$(call Package/nmap/default)
DEPENDS:=$(NMAP_DEPENDS) $(SSL_DEPENDS) +liblua5.3 +libssh2
DEPENDS:=$(NMAP_DEPENDS) $(SSL_DEPENDS) +liblua5.4 +libssh2
VARIANT:=full
TITLE:=Nmap (with OpenSSL and scripting support)
endef
@ -81,7 +82,7 @@ endef
define Package/ncat-full
$(call Package/nmap/default)
DEPENDS:=$(NCAT_DEPENDS) $(SSL_DEPENDS) +liblua5.3
DEPENDS:=$(NCAT_DEPENDS) $(SSL_DEPENDS) +liblua5.4
VARIANT:=full
TITLE:=Ncat (with OpenSSL and scripting support)
endef

295
net/nmap/patches/010-Build-based-on-OpenSSL-version.patch
View File

@ -1,295 +0,0 @@
From d6bea8dcdee36a3902cece14097993350306f1b6 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Tue, 6 Sep 2022 22:39:34 +0000
Subject: [PATCH] Build based on OpenSSL version, not API level. Fixes #2516
---
ncat/http_digest.c | 2 +-
ncat/ncat_connect.c | 4 ++--
ncat/ncat_ssl.c | 6 +++---
ncat/ncat_ssl.h | 12 ------------
ncat/test/test-wildcard.c | 4 ++--
nse_openssl.cc | 28 +++++++---------------------
nse_ssl_cert.cc | 24 ++++++------------------
nsock/src/nsock_ssl.c | 4 ++--
nsock/src/nsock_ssl.h | 15 +--------------
9 files changed, 24 insertions(+), 75 deletions(-)
--- a/ncat/http_digest.c
+++ b/ncat/http_digest.c
@@ -133,7 +133,7 @@ int http_digest_init_secret(void)
return 0;
}
-#if OPENSSL_API_LEVEL < 10100
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
#define EVP_MD_CTX_new EVP_MD_CTX_create
#define EVP_MD_CTX_free EVP_MD_CTX_destroy
#endif
--- a/ncat/ncat_connect.c
+++ b/ncat/ncat_connect.c
@@ -82,8 +82,8 @@
#include <openssl/err.h>
/* Deprecated in OpenSSL 3.0 */
-#if OPENSSL_API_LEVEL >= 30000
-#define SSL_get_peer_certificate SSL_get1_peer_certificate
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+# define SSL_get_peer_certificate SSL_get1_peer_certificate
#endif
#endif
--- a/ncat/ncat_ssl.c
+++ b/ncat/ncat_ssl.c
@@ -80,7 +80,7 @@
#define FUNC_ASN1_STRING_data ASN1_STRING_data
#endif
-#if OPENSSL_API_LEVEL >= 30000
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#include <openssl/provider.h>
/* Deprecated in OpenSSL 3.0 */
#define SSL_get_peer_certificate SSL_get1_peer_certificate
@@ -117,7 +117,7 @@ SSL_CTX *setup_ssl_listen(void)
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
SSL_load_error_strings();
-#elif OPENSSL_API_LEVEL >= 30000
+#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
if (NULL == OSSL_PROVIDER_load(NULL, "legacy"))
{
loguser("OpenSSL legacy provider failed to load.\n");
@@ -477,7 +477,7 @@ static int ssl_gen_cert(X509 **cert, EVP
const char *commonName = "localhost";
char dNSName[128];
int rc;
-#if OPENSSL_API_LEVEL < 30000
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
int ret = 0;
RSA *rsa = NULL;
BIGNUM *bne = NULL;
--- a/ncat/ncat_ssl.h
+++ b/ncat/ncat_ssl.h
@@ -67,18 +67,6 @@
#include <openssl/ssl.h>
#include <openssl/err.h>
-/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */
-#ifndef OPENSSL_API_LEVEL
-# if OPENSSL_API_COMPAT < 0x900000L
-# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT)
-# else
-# define OPENSSL_API_LEVEL \
- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \
- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \
- + ((OPENSSL_API_COMPAT >> 12) & 0xFF))
-# endif
-#endif
-
#define NCAT_CA_CERTS_FILE "ca-bundle.crt"
enum {
--- a/ncat/test/test-wildcard.c
+++ b/ncat/test/test-wildcard.c
@@ -20,7 +20,7 @@ are rejected. The SSL transactions happe
#include "ncat_core.h"
#include "ncat_ssl.h"
-#if OPENSSL_API_LEVEL < 30000
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
#include <openssl/bn.h>
#endif
@@ -294,7 +294,7 @@ stack_err:
static int gen_cert(X509 **cert, EVP_PKEY **key,
const struct lstr commonNames[], const struct lstr dNSNames[])
{
-#if OPENSSL_API_LEVEL < 30000
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
int rc, ret=0;
RSA *rsa = NULL;
BIGNUM *bne = NULL;
--- a/nse_openssl.cc
+++ b/nse_openssl.cc
@@ -20,6 +20,9 @@
#define FUNC_EVP_CIPHER_CTX_init EVP_CIPHER_CTX_reset
#define FUNC_EVP_CIPHER_CTX_cleanup EVP_CIPHER_CTX_reset
#define PASS_EVP_CTX(ctx) (ctx)
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+# include <openssl/provider.h>
+#endif
#else
#define FUNC_EVP_MD_CTX_init EVP_MD_CTX_init
#define FUNC_EVP_MD_CTX_cleanup EVP_MD_CTX_cleanup
@@ -37,23 +40,6 @@ extern NmapOps o;
#include "nse_openssl.h"
-/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */
-#ifndef OPENSSL_API_LEVEL
-# if OPENSSL_API_COMPAT < 0x900000L
-# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT)
-# else
-# define OPENSSL_API_LEVEL \
- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \
- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \
- + ((OPENSSL_API_COMPAT >> 12) & 0xFF))
-# endif
-#endif
-
-
-#if OPENSSL_API_LEVEL >= 30000
-#include <openssl/provider.h>
-#endif
-
#define NSE_SSL_LUA_ERR(_L) \
luaL_error(_L, "OpenSSL error: %s", ERR_error_string(ERR_get_error(), NULL))
@@ -184,7 +170,7 @@ static int l_bignum_is_prime( lua_State
bignum_data_t * p = (bignum_data_t *) luaL_checkudata( L, 1, "BIGNUM" );
BN_CTX * ctx = BN_CTX_new();
int is_prime =
-#if OPENSSL_API_LEVEL < 30000
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
BN_is_prime_ex( p->bn, BN_prime_checks, ctx, NULL );
#else
BN_check_prime( p->bn, ctx, NULL );
@@ -199,7 +185,7 @@ static int l_bignum_is_safe_prime( lua_S
bignum_data_t * p = (bignum_data_t *) luaL_checkudata( L, 1, "BIGNUM" );
BN_CTX * ctx = BN_CTX_new();
int is_prime =
-#if OPENSSL_API_LEVEL < 30000
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
BN_is_prime_ex( p->bn, BN_prime_checks, ctx, NULL );
#else
BN_check_prime( p->bn, ctx, NULL );
@@ -210,7 +196,7 @@ static int l_bignum_is_safe_prime( lua_S
BN_sub_word( n, (BN_ULONG)1 );
BN_div_word( n, (BN_ULONG)2 );
is_safe =
-#if OPENSSL_API_LEVEL < 30000
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
BN_is_prime_ex( n, BN_prime_checks, ctx, NULL );
#else
BN_check_prime( n, ctx, NULL );
@@ -582,7 +568,7 @@ LUALIB_API int luaopen_openssl(lua_State
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined LIBRESSL_VERSION_NUMBER
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
-#elif OPENSSL_API_LEVEL >= 30000
+#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
if (NULL == OSSL_PROVIDER_load(NULL, "legacy") && o.debugging > 1)
{
// Legacy provider may not be available.
--- a/nse_ssl_cert.cc
+++ b/nse_ssl_cert.cc
@@ -89,19 +89,7 @@
#define X509_get0_notAfter X509_get_notAfter
#endif
-/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */
-#ifndef OPENSSL_API_LEVEL
-# if OPENSSL_API_COMPAT < 0x900000L
-# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT)
-# else
-# define OPENSSL_API_LEVEL \
- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \
- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \
- + ((OPENSSL_API_COMPAT >> 12) & 0xFF))
-# endif
-#endif
-
-#if OPENSSL_API_LEVEL >= 30000
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#include <openssl/core_names.h>
/* Deprecated in OpenSSL 3.0 */
#define SSL_get_peer_certificate SSL_get1_peer_certificate
@@ -459,7 +447,7 @@ static const char *pkey_type_to_string(i
}
int lua_push_ecdhparams(lua_State *L, EVP_PKEY *pubkey) {
-#if OPENSSL_API_LEVEL >= 30000
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
char tmp[64] = {0};
size_t len = 0;
/* This structure (ecdhparams.curve_params) comes from tls.lua */
@@ -634,7 +622,7 @@ static int parse_ssl_cert(lua_State *L,
else
#endif
if (pkey_type == EVP_PKEY_RSA) {
-#if OPENSSL_API_LEVEL < 30000
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
RSA *rsa = EVP_PKEY_get1_RSA(pubkey);
if (rsa) {
#endif
@@ -643,7 +631,7 @@ static int parse_ssl_cert(lua_State *L,
luaL_getmetatable( L, "BIGNUM" );
lua_setmetatable( L, -2 );
#if HAVE_OPAQUE_STRUCTS
-#if OPENSSL_API_LEVEL < 30000
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
const BIGNUM *n = NULL, *e = NULL;
data->should_free = false;
RSA_get0_key(rsa, &n, &e, NULL);
@@ -663,7 +651,7 @@ static int parse_ssl_cert(lua_State *L,
luaL_getmetatable( L, "BIGNUM" );
lua_setmetatable( L, -2 );
#if HAVE_OPAQUE_STRUCTS
-#if OPENSSL_API_LEVEL < 30000
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
data->should_free = false;
#else
data->should_free = true;
@@ -673,7 +661,7 @@ static int parse_ssl_cert(lua_State *L,
data->bn = rsa->n;
#endif
lua_setfield(L, -2, "modulus");
-#if OPENSSL_API_LEVEL < 30000
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
RSA_free(rsa);
}
#endif
--- a/nsock/src/nsock_ssl.c
+++ b/nsock/src/nsock_ssl.c
@@ -64,7 +64,7 @@
#include "netutils.h"
#if HAVE_OPENSSL
-#if OPENSSL_API_LEVEL >= 30000
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#include <openssl/provider.h>
#endif
@@ -120,7 +120,7 @@ static SSL_CTX *ssl_init_helper(const SS
SSL_library_init();
#else
OPENSSL_atexit(nsock_ssl_atexit);
-#if OPENSSL_API_LEVEL >= 30000
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
if (NULL == OSSL_PROVIDER_load(NULL, "legacy"))
{
nsock_log_error("OpenSSL legacy provider failed to load.\n");
--- a/nsock/src/nsock_ssl.h
+++ b/nsock/src/nsock_ssl.h
@@ -69,20 +69,7 @@
#include <openssl/err.h>
#include <openssl/rand.h>
-/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */
-#ifndef OPENSSL_API_LEVEL
-# if OPENSSL_API_COMPAT < 0x900000L
-# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT)
-# else
-# define OPENSSL_API_LEVEL \
- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \
- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \
- + ((OPENSSL_API_COMPAT >> 12) & 0xFF))
-# endif
-#endif
-
-
-#if OPENSSL_API_LEVEL >= 30000
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
/* Deprecated in OpenSSL 3.0 */
#define SSL_get_peer_certificate SSL_get1_peer_certificate
#endif

1734
net/nmap/patches/020-Python3-port-of-ndiff.patch
View File

File diff suppressed because it is too large Load Diff

4
net/nmap/patches/030-ncat-drop-ca-bundle.patch
View File

@ -23,7 +23,7 @@ Also remove references to NCAT_CA_CERTS_FILE and NCAT_CA_CERTS_PATH in order to
ifneq ($(NOLUA),yes)
--- a/ncat/ncat_posix.c
+++ b/ncat/ncat_posix.c
@@ -347,28 +347,17 @@ void set_lf_mode(void)
@@ -357,28 +357,17 @@ void set_lf_mode(void)
#ifdef HAVE_OPENSSL
@ -55,7 +55,7 @@ Also remove references to NCAT_CA_CERTS_FILE and NCAT_CA_CERTS_PATH in order to
#endif
--- a/ncat/ncat_ssl.h
+++ b/ncat/ncat_ssl.h
@@ -67,8 +67,6 @@
@@ -66,8 +66,6 @@
#include <openssl/ssl.h>
#include <openssl/err.h>

67
net/nmap/patches/100-nsock-Fix-compilation-error-with-OPENSSL_NO_DTLS.patch Normal file
View File

@ -0,0 +1,67 @@
From 707812db69cc5fdb8b6b4417d3a6b18405116d9f Mon Sep 17 00:00:00 2001
From: Christian Marangi <ansuelsmth@gmail.com>
Date: Sun, 28 Apr 2024 12:00:02 +0200
Subject: [PATCH] nsock: Fix compilation error with OPENSSL_NO_DTLS
Commit ba26cc78f207 ("Replace check for DTLS_client_method with
OPENSSL_NO_DTLS") made DTLS support depend on the openssl define
directly but leave some use of dtlsctx not guarded by ifdef.
Fix this by adding to the remaining use of dtlsctx ifdef guard and
return fatal print for running function with unsupported OpenSSL
feature.
Fixes: ba26cc78f207 ("Replace check for DTLS_client_method with OPENSSL_NO_DTLS")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
---
nsock/src/nsock_connect.c | 4 ++++
nsock/src/nsock_core.c | 9 ++++++++-
nsock/src/nsock_pool.c | 2 ++
3 files changed, 14 insertions(+), 1 deletion(-)
--- a/nsock/src/nsock_connect.c
+++ b/nsock/src/nsock_connect.c
@@ -472,8 +472,12 @@ nsock_event_id nsock_connect_ssl(nsock_p
if (proto == IPPROTO_UDP)
{
+#ifndef OPENSSL_NO_DTLS
if (!ms->dtlsctx)
nsock_pool_dtls_init(ms, 0);
+#else
+ fatal("%s called with no OpenSSL DTLS support", __func__);
+#endif
}
else
{
--- a/nsock/src/nsock_core.c
+++ b/nsock/src/nsock_core.c
@@ -364,7 +364,14 @@ void handle_connect_result(struct npool
if (nse->type == NSE_TYPE_CONNECT_SSL &&
nse->status == NSE_STATUS_SUCCESS) {
#if HAVE_OPENSSL
- sslctx = iod->lastproto == IPPROTO_UDP ? ms->dtlsctx : ms->sslctx;
+ if (iod->lastproto == IPPROTO_UDP)
+#ifndef OPENSSL_NO_DTLS
+ sslctx = ms->dtlsctx;
+#else
+ fatal("%s called with no OpenSSL DTLS support", __func__);
+#endif
+ else
+ sslctx = ms->sslctx;
assert(sslctx != NULL);
/* Reuse iod->ssl if present. If set, this is the second try at connection
without the SSL_OP_NO_SSLv2 option set. */
--- a/nsock/src/nsock_pool.c
+++ b/nsock/src/nsock_pool.c
@@ -178,8 +178,10 @@ nsock_pool nsock_pool_new(void *userdata
#if HAVE_OPENSSL
nsp->sslctx = NULL;
+#ifndef OPENSSL_NO_DTLS
nsp->dtlsctx = NULL;
#endif
+#endif
nsp->px_chain = NULL;

2
net/p910nd/Makefile
View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=p910nd
PKG_VERSION:=0.97
PKG_RELEASE:=13
PKG_RELEASE:=14
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=@SF/p910nd

3
net/p910nd/files/p910nd.hotplug
View File

@ -281,8 +281,7 @@ get_and_store_printer_info() {
[ "$DEBUG" ] && echo ${MFG:+MFG=$MFG} ${MDL:+MDL=$MDL} ${CMD:+CMD=$CMD} ${CLS:+CLS=$CLS} ${DES:+DES=$DES} ${SN:+SN=$SN}
[ "$DEBUG" ] && echo 'uci set' for UCI_DEV_CFG_NUMBER: $UCI_DEV_CFG_NUMBER
# Take the USB info as fact: set bidir regardless. It seems to be a source of confusion.
eval "$uqsddu_cmd.bidirectional='$BIDIR'"
[ -z "$(eval "$uqgddu_cmd".bidirectional)" ] && eval "$uqsddu_cmd.bidirectional='$BIDIR'"
[ -z "$(eval "$uqgddu_cmd".port)" ] && eval "$uqsddu_cmd.port='0'"
[ -z "$(eval "$uqgddu_cmd".enabled)" ] && eval "$uqsddu_cmd.enabled='1'"
[ -z "$(eval "$uqgddu_cmd".usbvidpid)" ] && [ -n "$THIS_USB_VIDPID" ] && eval "$uqsddu_cmd.usbvidpid='$THIS_USB_VIDPID'"

4
net/sing-box/Makefile
View File

@ -1,12 +1,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=sing-box
PKG_VERSION:=1.8.10
PKG_VERSION:=1.8.12
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/SagerNet/sing-box/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=a959f9a40148ed4166b8161072672f3ce1532957adef7717132c7277bb96dcf6
PKG_HASH:=802eb5e202ac1dd846b1f529b3df9e5d69452182fd5d70f7c8f2a819c9e86162
PKG_LICENSE:=GPL-3.0-or-later
PKG_LICENSE_FILES:=LICENSE

4
net/snort3/Makefile
View File

@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=snort3
PKG_VERSION:=3.1.84.0
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=$(PKG_VERSION)
@ -29,7 +29,7 @@ define Package/snort3
DEPENDS:= \
+(TARGET_x86||TARGET_x86_64):hyperscan-runtime \
+(TARGET_x86||TARGET_x86_64):gperftools-runtime \
+libstdcpp +libdaq3 +libdnet +libopenssl +libpcap +libpcre +libpthread \
+libstdcpp +libdaq3 +libdnet +libopenssl +libpcap +libpcre2 +libpthread \
+libuuid +zlib +libhwloc +libtirpc @HAS_LUAJIT_ARCH +luajit +libatomic \
+kmod-nft-queue +liblzma +ucode +ucode-mod-fs +ucode-mod-uci
TITLE:=Lightweight Network Intrusion Detection System

4
net/snort3/files/snort-mgr
View File

@ -54,7 +54,7 @@ nft_rm_table() {
nft_add_table() {
if [ "$(uci -q get snort.snort.method)" = "nfq" ]; then
local options
local options=''
$VERBOSE && options='-e'
print nftables | nft $options -f $STDIN
$VERBOSE && nft list table inet snort
@ -118,7 +118,7 @@ check() {
fi
if [ "$(uci -q get snort.snort.method)" = "nfq" ]; then
local options
local options=''
local test_nft="${CONF_DIR}/test_conf.nft"
print nftables > "${test_nft}" || die "Errors during generation of nftables config"
$VERBOSE && options='-e'

2052
net/snort3/patches/900-core-convert-project-to-PCRE2.patch Normal file
View File

File diff suppressed because it is too large Load Diff

75
utils/apk/Makefile
View File

@ -1,75 +0,0 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=apk
PKG_VERSION:=2.14.0
PKG_RELEASE:=1
PKG_SOURCE:=apk-tools-v$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://gitlab.alpinelinux.org/alpine/apk-tools/-/archive/v$(PKG_VERSION)
PKG_HASH:=4c6db13039280814a10a3b3d89b29837b59769c69214a1861997e088eac107a5
PKG_BUILD_DIR:=$(BUILD_DIR)/apk-tools-v$(PKG_VERSION)
PKG_MAINTAINER:=Paul Spooren <mail@aparcar.org>
PKG_LICENSE:=GPL-2.0-only
PKG_LICENSE_FILES:=LICENSE
PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
define Package/apk
SECTION:=utils
CATEGORY:=Utilities
TITLE:=apk package manager
DEPENDS:=+zlib +libopenssl @!arc
URL:=$(PKG_SOURCE_URL)
endef
define Package/alpine-keys
SECTION:=utils
CATEGORY:=Utilities
TITLE:=Alpine apk public signing keys
DEPENDS:=apk
endef
define Package/alpine-repositories
SECTION:=utils
CATEGORY:=Utilities
TITLE:=Official Alpine repositories
DEPENDS:=apk
endef
MAKE_FLAGS += LUA=no
define Package/apk/install
$(INSTALL_DIR) $(1)/lib/apk/db
$(INSTALL_DIR) $(1)/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/sbin/apk $(1)/bin/apk
$(INSTALL_DIR) $(1)/usr/lib
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/lib/* $(1)/usr/lib/
$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/apk.pc \
$(1)/usr/lib/pkgconfig/
$(INSTALL_DIR) $(1)/etc/apk/
echo $(ARCH) > $(1)/etc/apk/arch
touch $(1)/etc/apk/world
endef
define Package/alpine-keys/install
$(INSTALL_DIR) $(1)/etc/apk/keys
$(INSTALL_DATA) ./files/alpine-keys/* $(1)/etc/apk/keys
endef
define Package/alpine-repositories/install
$(INSTALL_DIR) $(1)/etc/apk/keys
$(INSTALL_DATA) ./files/alpine-repositories $(1)/etc/apk/repositories
endef
$(eval $(call BuildPackage,apk))
$(eval $(call BuildPackage,alpine-keys))
$(eval $(call BuildPackage,alpine-repositories))

9
utils/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub
View File

@ -1,9 +0,0 @@
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1yHJxQgsHQREclQu4Ohe
qxTxd1tHcNnvnQTu/UrTky8wWvgXT+jpveroeWWnzmsYlDI93eLI2ORakxb3gA2O
Q0Ry4ws8vhaxLQGC74uQR5+/yYrLuTKydFzuPaS1dK19qJPXB8GMdmFOijnXX4SA
jixuHLe1WW7kZVtjL7nufvpXkWBGjsfrvskdNA/5MfxAeBbqPgaq0QMEfxMAn6/R
L5kNepi/Vr4S39Xvf2DzWkTLEK8pcnjNkt9/aafhWqFVW7m3HCAII6h/qlQNQKSo
GuH34Q8GsFG30izUENV9avY7hSLq7nggsvknlNBZtFUcmGoQrtx3FmyYsIC8/R+B
ywIDAQAB
-----END PUBLIC KEY-----

9
utils/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub
View File

@ -1,9 +0,0 @@
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNijDxJ8kloskKQpJdx+
mTMVFFUGDoDCbulnhZMJoKNkSuZOzBoFC94omYPtxnIcBdWBGnrm6ncbKRlR+6oy
DO0W7c44uHKCFGFqBhDasdI4RCYP+fcIX/lyMh6MLbOxqS22TwSLhCVjTyJeeH7K
aA7vqk+QSsF4TGbYzQDDpg7+6aAcNzg6InNePaywA6hbT0JXbxnDWsB+2/LLSF2G
mnhJlJrWB1WGjkz23ONIWk85W4S0XB/ewDefd4Ly/zyIciastA7Zqnh7p3Ody6Q0
sS2MJzo7p3os1smGjUF158s6m/JbVh4DN6YIsxwl2OjDOz9R0OycfJSDaBVIGZzg
cQIDAQAB
-----END PUBLIC KEY-----

9
utils/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub
View File

@ -1,9 +0,0 @@
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlzMkl7b5PBdfMzGdCT0
cGloRr5xGgVmsdq5EtJvFkFAiN8Ac9MCFy/vAFmS8/7ZaGOXoCDWbYVLTLOO2qtX
yHRl+7fJVh2N6qrDDFPmdgCi8NaE+3rITWXGrrQ1spJ0B6HIzTDNEjRKnD4xyg4j
g01FMcJTU6E+V2JBY45CKN9dWr1JDM/nei/Pf0byBJlMp/mSSfjodykmz4Oe13xB
Ca1WTwgFykKYthoLGYrmo+LKIGpMoeEbY1kuUe04UiDe47l6Oggwnl+8XD1MeRWY
sWgj8sF4dTcSfCMavK4zHRFFQbGp/YFJ/Ww6U9lA3Vq0wyEI6MCMQnoSMFwrbgZw
wwIDAQAB
-----END PUBLIC KEY-----

3
utils/apk/files/alpine-repositories
View File

@ -1,3 +0,0 @@
https://dl-cdn.alpinelinux.org/alpine/edge/main
https://dl-cdn.alpinelinux.org/alpine/edge/community

21
utils/apk/patches/0001-remove-doc-generation.patch
View File

@ -1,21 +0,0 @@
From b05a93c48fdbb50f0c464310dc2ce45777d32ea2 Mon Sep 17 00:00:00 2001
From: Paul Spooren <mail@aparcar.org>
Date: Fri, 2 Oct 2020 14:08:52 -1000
Subject: [PATCH] remove doc generation
Signed-off-by: Paul Spooren <mail@aparcar.org>
---
Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/Makefile
+++ b/Makefile
@@ -25,7 +25,7 @@ export DESTDIR SBINDIR LIBDIR CONFDIR MA
##
# Top-level subdirs
-subdirs := libfetch/ src/ doc/
+subdirs := libfetch/ src/
##
# Include all rules and stuff

131
utils/apk/patches/010-openssl-deprecated.patch
View File

@ -1,131 +0,0 @@
From c4c8aa5ba0ec6bf4c6d74c4807b66edfbd91be7c Mon Sep 17 00:00:00 2001
From: Rosen Penev <rosenp@gmail.com>
Date: Mon, 11 Jan 2021 01:51:58 -0800
Subject: [PATCH] fix compilation without deprecated OpenSSL APIs
(De)initialization is deprecated under OpenSSL 1.0 and above.
[TT: Some simplifications, and additional edits.]
Signed-off-by: Rosen Penev <rosenp@gmail.com>
---
libfetch/common.c | 12 ++++--------
src/apk.c | 26 +-------------------------
src/apk_openssl.h | 27 +++++++++++++++++++++++++++
3 files changed, 32 insertions(+), 33 deletions(-)
--- a/libfetch/common.c
+++ b/libfetch/common.c
@@ -583,15 +583,11 @@ static int fetch_ssl_setup_client_certif
int
fetch_ssl(conn_t *conn, const struct url *URL, int verbose)
{
- /* Init the SSL library and context */
- if (!SSL_library_init()){
- fprintf(stderr, "SSL library init failed\n");
- return (-1);
- }
-
- SSL_load_error_strings();
-
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
conn->ssl_meth = SSLv23_client_method();
+#else
+ conn->ssl_meth = TLS_client_method();
+#endif
conn->ssl_ctx = SSL_CTX_new(conn->ssl_meth);
SSL_CTX_set_mode(conn->ssl_ctx, SSL_MODE_AUTO_RETRY);
--- a/src/apk.c
+++ b/src/apk.c
@@ -20,11 +20,6 @@
#include <unistd.h>
#include <sys/stat.h>
-#include <openssl/crypto.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
#include <fetch.h>
#include "apk_defines.h"
@@ -423,25 +418,6 @@ static int parse_options(int argc, char
return 0;
}
-static void fini_openssl(void)
-{
- EVP_cleanup();
-#ifndef OPENSSL_NO_ENGINE
- ENGINE_cleanup();
-#endif
- CRYPTO_cleanup_all_ex_data();
-}
-
-static void init_openssl(void)
-{
- atexit(fini_openssl);
- OpenSSL_add_all_algorithms();
-#ifndef OPENSSL_NO_ENGINE
- ENGINE_load_builtin_engines();
- ENGINE_register_all_complete();
-#endif
-}
-
static void on_sigwinch(int s)
{
apk_reset_screen_width();
@@ -534,7 +510,7 @@ int main(int argc, char **argv)
apk_force |= applet->forced_force;
}
- init_openssl();
+ apk_openssl_init();
setup_automatic_flags();
fetchTimeout = 60;
fetchRedirectMethod = fetch_redirect;
--- a/src/apk_openssl.h
+++ b/src/apk_openssl.h
@@ -11,7 +11,11 @@
#define APK_SSL_COMPAT_H
#include <openssl/opensslv.h>
+#include <openssl/crypto.h>
#include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
#if OPENSSL_VERSION_NUMBER < 0x1010000fL || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
@@ -25,6 +29,29 @@ static inline void EVP_MD_CTX_free(EVP_M
return EVP_MD_CTX_destroy(mdctx);
}
+static inline void apk_openssl_cleanup(void)
+{
+ EVP_cleanup();
+#ifndef OPENSSL_NO_ENGINE
+ ENGINE_cleanup();
+#endif
+ CRYPTO_cleanup_all_ex_data();
+}
+
+static inline void apk_openssl_init(void)
+{
+ atexit(apk_openssl_cleanup);
+ OpenSSL_add_all_algorithms();
+#ifndef OPENSSL_NO_ENGINE
+ ENGINE_load_builtin_engines();
+ ENGINE_register_all_complete();
+#endif
+}
+
+#else
+
+static inline void apk_openssl_init(void) {}
+
#endif
#endif

7
utils/apk/test.sh
View File

@ -1,7 +0,0 @@
#!/bin/sh
case "$1" in
"apk")
apk --version | grep "${2#*v}"
;;
esac

143
utils/audit/Makefile
View File

@ -1,143 +0,0 @@
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=audit
PKG_VERSION:=2.8.5
PKG_RELEASE:=7
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://people.redhat.com/sgrubb/audit
PKG_HASH:=0e5d4103646e00f8d1981e1cd2faea7a2ae28e854c31a803e907a383c5e2ecb7
PKG_MAINTAINER:=Thomas Petazzoni <thomas.petazzoni@bootlin.com>
PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=COPYING
PKG_CPE_ID:=cpe:/a:linux_audit_project:linux_audit
PKG_FIXUP:=autoreconf
PKG_BUILD_DIR=$(BUILD_DIR)/$(PKG_NAME)-packages/$(PKG_NAME)-$(PKG_VERSION)
PKG_BUILD_FLAGS:=no-mips16
include $(INCLUDE_DIR)/package.mk
define Package/audit/Default
TITLE:=Audit Daemon
URL:=http://people.redhat.com/sgrubb/audit/
endef
define Package/audit/Default/description
The audit package contains the user space utilities for
storing and searching the audit records generated by
the audit subsystem in the Linux 2.6 kernel
endef
define Package/libauparse
$(call Package/audit/Default)
SECTION:=libs
CATEGORY:=Libraries
TITLE+= (parsing shared library)
DEPENDS:= +libaudit
endef
define Package/libauparse/description
$(call Package/audit/Default/description)
This package contains the audit parsing shared library.
endef
define Package/audit-utils
$(call Package/audit/Default)
SECTION:=utils
CATEGORY:=Utilities
TITLE+= (utilities)
DEPENDS:= +libaudit +libauparse
endef
define Package/audit-utils/description
$(call Package/audit/Default/description)
This package contains the audit utilities.
endef
define Package/audit
$(call Package/audit/Default)
SECTION:=utils
CATEGORY:=Utilities
TITLE+= (daemon)
DEPENDS:= +libaudit +libauparse +audit-utils +libev
endef
define Package/audit/description
$(call Package/audit/Default/description)
This package contains the audit daemon.
endef
CONFIGURE_VARS += \
LDFLAGS_FOR_BUILD="$(HOST_LDFLAGS)" \
CPPFLAGS_FOR_BUILD="$(HOST_CPPFLAGS)" \
CFLAGS_FOR_BUILD="$(HOST_CFLAGS)" \
CC_FOR_BUILD="$(HOSTCC)"
CONFIGURE_ARGS += \
--without-libcap-ng \
--disable-systemd \
--without-python \
--without-python3 \
--disable-zos-remote
ifeq ($(ARCH),aarch64)
CONFIGURE_ARGS += --with-aarch64
else ifeq ($(ARCH),arm)
CONFIGURE_ARGS += --with-arm
endif
# We can't use the default, as the default passes $(MAKE_ARGS), which
# overrides CC, CFLAGS, etc. and defeats the *_FOR_BUILD definitions
# passed in CONFIGURE_VARS
define Build/Compile
$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/$(MAKE_PATH)
endef
define Build/Install
$(call Build/Install/Default,install)
$(SED) 's%^dispatcher *=.*%dispatcher = /usr/sbin/audispd%' $(PKG_INSTALL_DIR)/etc/audit/auditd.conf
endef
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/*.pc $(1)/usr/lib/pkgconfig/
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/* $(1)/usr/lib/
endef
define Package/libauparse/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libauparse.so.* $(1)/usr/lib/
endef
define Package/audit-utils/install
$(INSTALL_DIR) $(1)/usr/bin
$(CP) $(PKG_INSTALL_DIR)/usr/bin/* $(1)/usr/bin/
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) \
$(PKG_INSTALL_DIR)/usr/sbin/{augenrules,audispd,audisp-remote,auditctl,autrace,aureport,ausearch} \
$(1)/usr/sbin/
endef
define Package/audit/install
$(INSTALL_DIR) $(1)/etc/audit
$(CP) $(PKG_INSTALL_DIR)/etc/audit/* $(1)/etc/audit/
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/audit.init $(1)/etc/init.d/audit
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/auditd $(1)/usr/sbin/
endef
$(eval $(call BuildPackage,libauparse))
$(eval $(call BuildPackage,audit-utils))
$(eval $(call BuildPackage,audit))

16
utils/audit/files/audit.init
View File

@ -1,16 +0,0 @@
#!/bin/sh /etc/rc.common
# Copyright (c) 2014 OpenWrt.org
START=11
USE_PROCD=1
PROG=/usr/sbin/auditd
start_service() {
mkdir -p /var/log/audit
procd_open_instance
procd_set_param command "$PROG" -n
procd_set_param respawn
procd_close_instance
test -f /etc/audit/rules.d/audit.rules && /usr/sbin/auditctl -R /etc/audit/rules.d/audit.rules
}

122
utils/audit/patches/0001-Add-substitue-functions-for-strndupa-rawmemchr.patch
View File

@ -1,122 +0,0 @@
From c39a071e7c021f6ff3554aca2758e97b47a9777c Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Tue, 26 Feb 2019 18:33:33 -0500
Subject: [PATCH] Add substitue functions for strndupa & rawmemchr
(cherry picked from commit d579a08bb1cde71f939c13ac6b2261052ae9f77e)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
auparse/auparse.c | 12 +++++++++++-
auparse/interpret.c | 9 ++++++++-
configure.ac | 14 +++++++++++++-
src/ausearch-lol.c | 12 +++++++++++-
4 files changed, 43 insertions(+), 4 deletions(-)
--- a/auparse/auparse.c
+++ b/auparse/auparse.c
@@ -1,5 +1,5 @@
/* auparse.c --
- * Copyright 2006-08,2012-17 Red Hat Inc., Durham, North Carolina.
+ * Copyright 2006-08,2012-19 Red Hat Inc., Durham, North Carolina.
* All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
@@ -1118,6 +1118,16 @@ static int str2event(char *s, au_event_t
return 0;
}
+#ifndef HAVE_STRNDUPA
+static inline char *strndupa(const char *old, size_t n)
+{
+ size_t len = strnlen(old, n);
+ char *tmp = alloca(len + 1);
+ tmp[len] = 0;
+ return memcpy(tmp, old, len);
+}
+#endif
+
/* Returns 0 on success and 1 on error */
static int extract_timestamp(const char *b, au_event_t *e)
{
--- a/auparse/interpret.c
+++ b/auparse/interpret.c
@@ -853,6 +853,13 @@ err_out:
return print_escaped(id->val);
}
+// rawmemchr is faster. Let's use it if we have it.
+#ifdef HAVE_RAWMEMCHR
+#define STRCHR rawmemchr
+#else
+#define STRCHR strchr
+#endif
+
static const char *print_proctitle(const char *val)
{
char *out = (char *)print_escaped(val);
@@ -863,7 +870,7 @@ static const char *print_proctitle(const
// Proctitle has arguments separated by NUL bytes
// We need to write over the NUL bytes with a space
// so that we can see the arguments
- while ((ptr = rawmemchr(ptr, '\0'))) {
+ while ((ptr = STRCHR(ptr, '\0'))) {
if (ptr >= end)
break;
*ptr = ' ';
--- a/configure.ac
+++ b/configure.ac
@@ -1,7 +1,7 @@
dnl
define([AC_INIT_NOTICE],
[### Generated automatically using autoconf version] AC_ACVERSION [
-### Copyright 2005-18 Steve Grubb <sgrubb@redhat.com>
+### Copyright 2005-19 Steve Grubb <sgrubb@redhat.com>
###
### Permission is hereby granted, free of charge, to any person obtaining a
### copy of this software and associated documentation files (the "Software"),
@@ -72,6 +72,18 @@ dnl; posix_fallocate is used in audisp-r
AC_CHECK_FUNCS([posix_fallocate])
dnl; signalfd is needed for libev
AC_CHECK_FUNC([signalfd], [], [ AC_MSG_ERROR([The signalfd system call is necessary for auditd]) ])
+dnl; check if rawmemchr is available
+AC_CHECK_FUNCS([rawmemchr])
+dnl; check if strndupa is available
+AC_LINK_IFELSE(
+ [AC_LANG_SOURCE(
+ [[
+ #define _GNU_SOURCE
+ #include <string.h>
+ int main() { (void) strndupa("test", 10); return 0; }]])],
+ [AC_DEFINE(HAVE_STRNDUPA, 1, [Let us know if we have it or not])],
+ []
+)
ALLWARNS=""
ALLDEBUG="-g"
--- a/src/ausearch-lol.c
+++ b/src/ausearch-lol.c
@@ -1,6 +1,6 @@
/*
* ausearch-lol.c - linked list of linked lists library
-* Copyright (c) 2008,2010,2014,2016 Red Hat Inc., Durham, North Carolina.
+* Copyright (c) 2008,2010,2014,2016,2019 Red Hat Inc., Durham, North Carolina.
* All Rights Reserved.
*
* This software may be freely redistributed and/or modified under the
@@ -152,6 +152,16 @@ static int compare_event_time(event *e1,
return 0;
}
+#ifndef HAVE_STRNDUPA
+static inline char *strndupa(const char *old, size_t n)
+{
+ size_t len = strnlen(old, n);
+ char *tmp = alloca(len + 1);
+ tmp[len] = 0;
+ return memcpy(tmp, old, len);
+}
+#endif
+
/*
* This function will look at the line and pick out pieces of it.
*/

21
utils/audit/patches/0002-fix-gcc-10.patch
View File

@ -1,21 +0,0 @@
From 017e6c6ab95df55f34e339d2139def83e5dada1f Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Fri, 10 Jan 2020 21:13:50 -0500
Subject: [PATCH 01/30] Header definitions need to be external when building
with -fno-common (which is default in GCC 10) - Tony Jones
---
src/ausearch-common.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/src/ausearch-common.h
+++ b/src/ausearch-common.h
@@ -50,7 +50,7 @@ extern pid_t event_pid;
extern int event_exact_match;
extern uid_t event_uid, event_euid, event_loginuid;
extern const char *event_tuid, *event_teuid, *event_tauid;
-slist *event_node_list;
+extern slist *event_node_list;
extern const char *event_comm;
extern const char *event_filename;
extern const char *event_hostname;

52
utils/audit/patches/0003-Make-IPX-packet-interpretation-dependent-on-th.patch
View File

@ -1,52 +0,0 @@
From 6b09724c69d91668418ddb3af00da6db6755208c Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Thu, 2 Sep 2021 15:01:12 -0400
Subject: [PATCH] Make IPX packet interpretation dependent on the ipx header
file existing
--- a/auparse/interpret.c
+++ b/auparse/interpret.c
@@ -44,8 +44,10 @@
#include <linux/ax25.h>
#include <linux/atm.h>
#include <linux/x25.h>
-#include <linux/if.h> // FIXME: remove when ipx.h is fixed
-#include <linux/ipx.h>
+#ifdef HAVE_IPX_HEADERS
+ #include <linux/if.h> // FIXME: remove when ipx.h is fixed
+ #include <linux/ipx.h>
+#endif
#include <linux/capability.h>
#include <sys/personality.h>
#include <sys/prctl.h>
@@ -1158,6 +1160,7 @@ static const char *print_sockaddr(const
x->sax25_call.ax25_call[6]);
}
break;
+#ifdef HAVE_IPX_HEADERS
case AF_IPX:
{
const struct sockaddr_ipx *ip =
@@ -1167,6 +1170,7 @@ static const char *print_sockaddr(const
str, ip->sipx_port, ip->sipx_network);
}
break;
+#endif
case AF_ATMPVC:
{
const struct sockaddr_atmpvc* at =
--- a/configure.ac
+++ b/configure.ac
@@ -414,6 +414,12 @@ if test x"$LIBWRAP_LIBS" != "x"; then
AC_DEFINE_UNQUOTED(HAVE_LIBWRAP, [], Define if tcp_wrappers support is enabled )
fi
+# linux/ipx.h - deprecated in 2018
+AC_CHECK_HEADER(linux/ipx.h, ipx_headers=yes, ipx_headers=no)
+if test $ipx_headers = yes ; then
+ AC_DEFINE(HAVE_IPX_HEADERS,1,[IPX packet interpretation])
+fi
+
# See if we want to support lower capabilities for plugins
LIBCAP_NG_PATH