diff --git a/admin/syslog-ng/Makefile b/admin/syslog-ng/Makefile index 9612566fac..829142fbe9 100644 --- a/admin/syslog-ng/Makefile +++ b/admin/syslog-ng/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=syslog-ng -PKG_VERSION:=4.3.1 +PKG_VERSION:=4.4.0 PKG_RELEASE:=1 PKG_MAINTAINER:=Josef Schlehofer @@ -11,7 +11,7 @@ PKG_CPE_ID:=cpe:/a:balabit:syslog-ng PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/syslog-ng/syslog-ng/releases/download/$(PKG_NAME)-$(PKG_VERSION)/ -PKG_HASH:=999dbab62982c3cffba02c0be22c596ee1ce81d6954689dc9b3a6afeb513cce3 +PKG_HASH:=583b147f3ec17fbc2dbbf31aafb1e3966237d7541313de5b41ea885dc16d932e PKG_BUILD_PARALLEL:=1 PKG_INSTALL:=1 diff --git a/admin/syslog-ng/files/syslog-ng.conf b/admin/syslog-ng/files/syslog-ng.conf index d4ce83b54d..92574be61b 100644 --- a/admin/syslog-ng/files/syslog-ng.conf +++ b/admin/syslog-ng/files/syslog-ng.conf @@ -4,7 +4,7 @@ # More details about these settings can be found here: # https://www.syslog-ng.com/technical-documents/list/syslog-ng-open-source-edition -@version: 4.3 +@version: 4.4 @include "scl.conf" options { diff --git a/lang/golang/golang/Makefile b/lang/golang/golang/Makefile index 97ae3a8cdf..4e45434329 100644 --- a/lang/golang/golang/Makefile +++ b/lang/golang/golang/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk GO_VERSION_MAJOR_MINOR:=1.21 -GO_VERSION_PATCH:=1 +GO_VERSION_PATCH:=2 PKG_NAME:=golang PKG_VERSION:=$(GO_VERSION_MAJOR_MINOR)$(if $(GO_VERSION_PATCH),.$(GO_VERSION_PATCH)) @@ -21,7 +21,7 @@ GO_SOURCE_URLS:=https://dl.google.com/go/ \ PKG_SOURCE:=go$(PKG_VERSION).src.tar.gz PKG_SOURCE_URL:=$(GO_SOURCE_URLS) -PKG_HASH:=bfa36bf75e9a1e9cbbdb9abcf9d1707e479bd3a07880a8ae3564caee5711cb99 +PKG_HASH:=45e59de173baec39481854490d665b726cec3e5b159f6b4172e5ec7780b2c201 PKG_MAINTAINER:=Jeffery To PKG_LICENSE:=BSD-3-Clause diff --git a/lang/lua-eco/Makefile b/lang/lua-eco/Makefile index 4649474af9..95b9fd38f8 100644 --- a/lang/lua-eco/Makefile +++ b/lang/lua-eco/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lua-eco -PKG_VERSION:=3.0.0 +PKG_VERSION:=3.0.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL=https://github.com/zhaojh329/lua-eco/releases/download/v$(PKG_VERSION) -PKG_HASH:=530b179af2283b7a1983643794f3b6de936317fe3c23a9dca4f7828dec6f7e46 +PKG_HASH:=96f008932e319739df2fe99dc1cba7e9a1a389015a4b96ad0f63d95bb6422b09 PKG_MAINTAINER:=Jianhui Zhao PKG_LICENSE:=MIT diff --git a/lang/lua-openssl/Makefile b/lang/lua-openssl/Makefile index 29f70453dd..9595478f6c 100644 --- a/lang/lua-openssl/Makefile +++ b/lang/lua-openssl/Makefile @@ -12,8 +12,8 @@ PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/zhaozg/lua-openssl.git -PKG_SOURCE_VERSION:=0.8.2-1 -PKG_MIRROR_HASH:=3a7c8fcd76389970671bc8d07fe7a06225e537850b1ad209dda436fb3b5ea0cb +PKG_SOURCE_VERSION:=0.8.5-1 +PKG_MIRROR_HASH:=d2875aa9b87a80c71d57e2b29c8e882b41aa81f995043e0fbae9a642250ab1c7 PKG_MAINTAINER:=Amnon Paz PKG_LICENSE:=MIT diff --git a/lang/lua-openssl/patches/010-no-luajit.patch b/lang/lua-openssl/patches/010-no-luajit.patch index 502e2ca259..4530cde4e9 100644 --- a/lang/lua-openssl/patches/010-no-luajit.patch +++ b/lang/lua-openssl/patches/010-no-luajit.patch @@ -1,10 +1,14 @@ --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -8,7 +8,6 @@ option(BUILD_SHARED_LUA_OPENSSL "Shared +@@ -8,10 +8,7 @@ option(BUILD_SHARED_LUA_OPENSSL "Shared include(GNUInstallDirs) -find_package(LuaJIT) - if(NOT LUAJIT_FOUND) - find_package(Lua REQUIRED) - endif() +-if(NOT LUAJIT_FOUND) +- find_package(Lua REQUIRED) +-endif() ++find_package(Lua REQUIRED) + find_package(OpenSSL REQUIRED) + + set(CMAKE_THREAD_PREFER_PTHREAD TRUE) diff --git a/lang/php8/Makefile b/lang/php8/Makefile index f1977ee488..56e77c7ca9 100644 --- a/lang/php8/Makefile +++ b/lang/php8/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=php -PKG_VERSION:=8.2.10 +PKG_VERSION:=8.2.11 PKG_RELEASE:=1 PKG_MAINTAINER:=Michael Heimpold @@ -16,7 +16,7 @@ PKG_CPE_ID:=cpe:/a:php:php PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://www.php.net/distributions/ -PKG_HASH:=561dc4acd5386e47f25be76f2c8df6ae854756469159248313bcf276e282fbb3 +PKG_HASH:=29af82e4f7509831490552918aad502697453f0869a579ee1b80b08f9112c5b8 PKG_BUILD_PARALLEL:=1 PKG_BUILD_FLAGS:=no-mips16 diff --git a/lang/php8/patches/0025-php-5.4.9-fixheader.patch b/lang/php8/patches/0025-php-5.4.9-fixheader.patch index 2929c22220..0268f37188 100644 --- a/lang/php8/patches/0025-php-5.4.9-fixheader.patch +++ b/lang/php8/patches/0025-php-5.4.9-fixheader.patch @@ -9,7 +9,7 @@ Make generated php_config.h constant across rebuilds. --- a/configure.ac +++ b/configure.ac -@@ -1455,7 +1455,7 @@ PHP_REMOVE_USR_LIB(LDFLAGS) +@@ -1451,7 +1451,7 @@ PHP_REMOVE_USR_LIB(LDFLAGS) EXTRA_LDFLAGS="$EXTRA_LDFLAGS $PHP_LDFLAGS" EXTRA_LDFLAGS_PROGRAM="$EXTRA_LDFLAGS_PROGRAM $PHP_LDFLAGS" diff --git a/lang/php8/patches/1004-disable-phar-command.patch b/lang/php8/patches/1004-disable-phar-command.patch index f6b3a10e39..2f24f968da 100644 --- a/lang/php8/patches/1004-disable-phar-command.patch +++ b/lang/php8/patches/1004-disable-phar-command.patch @@ -11,7 +11,7 @@ --- a/configure.ac +++ b/configure.ac -@@ -1638,13 +1638,13 @@ CFLAGS_CLEAN="$CFLAGS \$(PROF_FLAGS)" +@@ -1634,13 +1634,13 @@ CFLAGS_CLEAN="$CFLAGS \$(PROF_FLAGS)" CFLAGS="\$(CFLAGS_CLEAN) $standard_libtool_flag" CXXFLAGS="$CXXFLAGS $standard_libtool_flag \$(PROF_FLAGS)" diff --git a/lang/python/pymysql/Config.in b/lang/python/pymysql/Config.in deleted file mode 100644 index 0dfa265b09..0000000000 --- a/lang/python/pymysql/Config.in +++ /dev/null @@ -1,11 +0,0 @@ -menu "Configuration" - depends on PACKAGE_python3-pymysql - -config PYTHON3_PYMYSQL_SHA_PASSWORD_SUPPORT - bool "Enable support for SHA password authentication" - help - To use “sha256_password” or “caching_sha2_password” for authentication - this symbol needs to be enabled, to also install python3-cryptography. - default n - -endmenu diff --git a/lang/python/pymysql/Makefile b/lang/python/pymysql/Makefile index d5187bd57e..025a97adce 100644 --- a/lang/python/pymysql/Makefile +++ b/lang/python/pymysql/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=pymysql PKG_VERSION:=1.1.0 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PYPI_NAME:=PyMySQL PKG_HASH:=4f13a7df8bf36a51e81dd9f3605fede45a4878fe02f9236349fd82a3f0612f96 @@ -24,23 +24,40 @@ include ../pypi.mk include $(INCLUDE_DIR)/package.mk include ../python3-package.mk -define Package/python3-pymysql +define Package/python3-pymysql/Default SUBMENU:=Python SECTION:=lang CATEGORY:=Languages TITLE:=Pure Python MySQL Client URL:=https://pymysql.readthedocs.io/ - DEPENDS:=+python3 +PYTHON3_PYMYSQL_SHA_PASSWORD_SUPPORT:python3-cryptography endef -define Package/python3-pymysql/config - source "$(SOURCE)/Config.in" +define Package/python3-pymysql +$(call Package/python3-pymysql/Default) + DEPENDS:=+python3 endef define Package/python3-pymysql/description This package contains a pure-Python MySQL client library, based on PEP 249. endef +define Package/python3-pymysql-sha-pwd +$(call Package/python3-pymysql/Default) + TITLE+=w/ SHA256 password auth + DEPENDS:=+python3-pymysql $(RUST_ARCH_DEPENDS) +PACKAGE_python3-pymysql-sha-pwd:python3-cryptography +endef + +define Package/python3-pymysql-sha-pwd/description + This is a meta-package installing python3-pymysql and python3-cryptography + packages to be able to use pymysql with “sha256_password” or + “caching_sha2_password” for authentication. +endef + +define Package/python3-pymysql-sha-pwd/install + true +endef + $(eval $(call Py3Package,python3-pymysql)) $(eval $(call BuildPackage,python3-pymysql)) $(eval $(call BuildPackage,python3-pymysql-src)) +$(eval $(call BuildPackage,python3-pymysql-sha-pwd)) diff --git a/lang/python/python-cffi/Makefile b/lang/python/python-cffi/Makefile index b14ef8099e..74020d159c 100644 --- a/lang/python/python-cffi/Makefile +++ b/lang/python/python-cffi/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-cffi -PKG_VERSION:=1.15.1 +PKG_VERSION:=1.16.0 PKG_RELEASE:=1 PYPI_NAME:=cffi -PKG_HASH:=d400bfb9a37b1351253cb402671cea7e89bdecc294e8016a707f6d1d8ac934f9 +PKG_HASH:=bcb3ef43e58665bbda2fb198698fcae6776483e0c4a631aa5647806c25e02cc0 PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE @@ -40,6 +40,7 @@ define Package/python3-cffi DEPENDS:= \ +libffi \ +python3-light \ + +python3-ctypes \ +python3-pycparser endef diff --git a/lang/python/python-cffi/patches/001-unpin-setuptools.patch b/lang/python/python-cffi/patches/001-unpin-setuptools.patch new file mode 100644 index 0000000000..bf2774f543 --- /dev/null +++ b/lang/python/python-cffi/patches/001-unpin-setuptools.patch @@ -0,0 +1,10 @@ +--- a/pyproject.toml ++++ b/pyproject.toml +@@ -2,6 +2,6 @@ + requires = [ + # first version that supports Python 3.12; older versions may work + # with previous Python versions, but are not tested +- "setuptools >= 66.1" ++ "setuptools" + ] + build-backend = "setuptools.build_meta" diff --git a/lang/python/python-cffi/test.sh b/lang/python/python-cffi/test.sh new file mode 100644 index 0000000000..48ea3adb7e --- /dev/null +++ b/lang/python/python-cffi/test.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +[ "$1" = python3-cffi ] || exit 0 + +python3 - << EOF +from cffi import FFI +ffibuilder = FFI() +EOF diff --git a/lang/python/python-charset-normalizer/Makefile b/lang/python/python-charset-normalizer/Makefile index 7a2e4ee076..6e88357d22 100644 --- a/lang/python/python-charset-normalizer/Makefile +++ b/lang/python/python-charset-normalizer/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-charset-normalizer -PKG_VERSION:=3.2.0 +PKG_VERSION:=3.3.0 PKG_RELEASE:=1 PYPI_NAME:=charset-normalizer -PKG_HASH:=3bb3d25a8e6c0aedd251753a79ae98a093c7e7b471faa3aa9a93a81431987ace +PKG_HASH:=63563193aec44bce707e0c5ca64ff69fa72ed7cf34ce6e11d5127555756fd2f6 PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE diff --git a/lang/python/python-charset-normalizer/test.sh b/lang/python/python-charset-normalizer/test.sh new file mode 100644 index 0000000000..b1b2f79968 --- /dev/null +++ b/lang/python/python-charset-normalizer/test.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +[ "$1" = python3-charset-normalizer ] || exit 0 + +python3 - << EOF +import sys +from charset_normalizer import from_bytes +s = 'Bсеки човек има право на образование.' +byte_str = s.encode('cp1251') +result = from_bytes(byte_str).best() +sys.exit(0 if str(result) == s else 1) +EOF diff --git a/lang/python/python-packaging/Makefile b/lang/python/python-packaging/Makefile index cb4e0d039b..1bec008bea 100644 --- a/lang/python/python-packaging/Makefile +++ b/lang/python/python-packaging/Makefile @@ -7,11 +7,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-packaging -PKG_VERSION:=23.1 +PKG_VERSION:=23.2 PKG_RELEASE:=1 PYPI_NAME:=packaging -PKG_HASH:=a392980d2b6cffa644431898be54b0045151319d1e7ec34f0cfed48767dd334f +PKG_HASH:=048fb0e9405036518eaaf48a55953c750c11e1a1b68e0dd1a9d62ed0c092cfc5 PKG_MAINTAINER:=Jan Pavlinec , Jeffery To PKG_LICENSE:=Apache-2.0 BSD-2-Clause @@ -32,7 +32,7 @@ define Package/python3-packaging SUBMENU:=Python TITLE:=Core utilities for Python packages URL:=https://github.com/pypa/packaging - DEPENDS:=+python3-light +python3-logging +python3-urllib + DEPENDS:=+python3-light +python3-email +python3-logging +python3-urllib endef define Package/python3-packaging/description diff --git a/lang/python/python-packaging/test.sh b/lang/python/python-packaging/test.sh new file mode 100644 index 0000000000..4fc13bae84 --- /dev/null +++ b/lang/python/python-packaging/test.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +[ "$1" = python3-packaging ] || exit 0 + +python3 - << EOF +import sys +from packaging.version import Version, parse +v1 = parse("1.0a5") +v2 = Version("1.0") +sys.exit(0 if v1 < v2 else 1) +EOF diff --git a/lang/python/python-twisted/Makefile b/lang/python/python-twisted/Makefile index 1b54cb0c47..5befac2b3e 100644 --- a/lang/python/python-twisted/Makefile +++ b/lang/python/python-twisted/Makefile @@ -9,11 +9,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-twisted -PKG_VERSION:=22.10.0 +PKG_VERSION:=23.8.0 PKG_RELEASE:=1 PYPI_NAME:=Twisted -PKG_HASH:=32acbd40a94f5f46e7b42c109bfae2b302250945561783a8b7a059048f2d4d31 +PYPI_SOURCE_NAME:=twisted +PKG_HASH:=3c73360add17336a622c0d811c2a2ce29866b6e59b1125fd6509b17252098a24 PKG_BUILD_DEPENDS:=libtirpc @@ -22,7 +23,7 @@ PKG_LICENSE_FILES:=LICENSE PKG_MAINTAINER:=Jeffery To PKG_CPE_ID:=cpe:/a:twistedmatrix:twisted -PKG_BUILD_DEPENDS:=python-incremental/host +PKG_BUILD_DEPENDS:=python-hatchling/host python-hatch-fancy-pypi-readme/host python-incremental/host include ../pypi.mk include $(INCLUDE_DIR)/package.mk @@ -45,8 +46,6 @@ define Package/python3-twisted +python3-hyperlink \ +python3-idna \ +python3-incremental \ - +python3-pkg-resources \ - +python3-pyasn1 \ +python3-pyopenssl \ +python3-service-identity \ +python3-typing-extensions \ @@ -55,12 +54,8 @@ endef define Package/python3-twisted/description Twisted is a networking engine written in Python, supporting numerous -protocols. It contains a web server, numerous chat clients, chat servers, -mail servers, and more. -endef - -define Build/Configure - $(SED) 's/^version = attr: twisted.__version__$$$$/version = $(PKG_VERSION)/' $(PKG_BUILD_DIR)/setup.cfg +protocols. It contains a web server, numerous chat clients, chat +servers, mail servers, and more. endef define Py3Package/python3-twisted/filespec diff --git a/lang/python/python-twisted/patches/001-omit-tkconch.patch b/lang/python/python-twisted/patches/001-omit-tkconch.patch index a1a37771b2..bf8873f414 100644 --- a/lang/python/python-twisted/patches/001-omit-tkconch.patch +++ b/lang/python/python-twisted/patches/001-omit-tkconch.patch @@ -1,13 +1,13 @@ ---- a/setup.cfg -+++ b/setup.cfg -@@ -115,7 +115,6 @@ console_scripts = - conch = twisted.conch.scripts.conch:run - mailmail = twisted.mail.scripts.mailmail:run - pyhtmlizer = twisted.scripts.htmlizer:run -- tkconch = twisted.conch.scripts.tkconch:run - trial = twisted.scripts.trial:run - twist = twisted.application.twist._twist:Twist.main - twistd = twisted.scripts.twistd:run +--- a/pyproject.toml ++++ b/pyproject.toml +@@ -150,7 +150,6 @@ ckeygen = "twisted.conch.scripts.ckeygen + conch = "twisted.conch.scripts.conch:run" + mailmail = "twisted.mail.scripts.mailmail:run" + pyhtmlizer = "twisted.scripts.htmlizer:run" +-tkconch = "twisted.conch.scripts.tkconch:run" + trial = "twisted.scripts.trial:run" + twist = "twisted.application.twist._twist:Twist.main" + twistd = "twisted.scripts.twistd:run" --- a/src/twisted/python/twisted-completion.zsh +++ b/src/twisted/python/twisted-completion.zsh @@ -1,4 +1,4 @@ diff --git a/lang/python/python-twisted/patches/002-omit-tests.patch b/lang/python/python-twisted/patches/002-omit-tests.patch index 3ec59fd484..841b5e09e7 100644 --- a/lang/python/python-twisted/patches/002-omit-tests.patch +++ b/lang/python/python-twisted/patches/002-omit-tests.patch @@ -1,20 +1,10 @@ ---- a/setup.cfg -+++ b/setup.cfg -@@ -107,6 +107,9 @@ mypy = +--- a/pyproject.toml ++++ b/pyproject.toml +@@ -194,6 +194,7 @@ exclude = [ + "*.pxi", + "*.pyx", + "build.bat", ++ "test", + ] - [options.packages.find] - where = src -+exclude = -+ *.test -+ *.test.* - - [options.entry_points] - console_scripts = -@@ -126,6 +129,7 @@ console_scripts = - *.pxi - *.pyx - build.bat -+ test/* - - [flake8] - disable-noqa = True + [tool.hatch.build.targets.sdist] diff --git a/lang/python/python-twisted/test.sh b/lang/python/python-twisted/test.sh new file mode 100644 index 0000000000..3b9310791b --- /dev/null +++ b/lang/python/python-twisted/test.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +[ "$1" = python3-twisted ] || exit 0 + +python3 -c 'from twisted.internet import reactor' diff --git a/lang/python/python3/Makefile b/lang/python/python3/Makefile index a54d027040..14915715bc 100644 --- a/lang/python/python3/Makefile +++ b/lang/python/python3/Makefile @@ -358,12 +358,6 @@ endef $(eval $(call HostBuild)) -$(foreach package, $(PYTHON3_PACKAGES), \ - $(eval $(call Py3Package,$(package))) \ - $(eval $(call BuildPackage,$(package))) \ - $(eval $(call BuildPackage,$(package)-src)) \ -) - $(eval $(call BuildPackage,libpython3)) $(eval $(call BuildPackage,python3)) @@ -375,3 +369,9 @@ $(eval $(call BuildPackage,python3-light)) $(eval $(call BuildPackage,python3-base-src)) $(eval $(call BuildPackage,python3-light-src)) + +$(foreach package, $(PYTHON3_PACKAGES), \ + $(eval $(call Py3Package,$(package))) \ + $(eval $(call BuildPackage,$(package))) \ + $(eval $(call BuildPackage,$(package)-src)) \ +) diff --git a/libs/libvpx/Makefile b/libs/libvpx/Makefile index 830f2d7fa9..5c5073ac60 100644 --- a/libs/libvpx/Makefile +++ b/libs/libvpx/Makefile @@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libvpx -PKG_VERSION:=1.12.0 +PKG_VERSION:=1.13.1 PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://chromium.googlesource.com/webm/libvpx -PKG_MIRROR_HASH:=19d9bd55198f063875cc72bdfa5eb9fa7cc1ae8af33979f807d2c82b66349933 +PKG_MIRROR_HASH:=55d6880564e354b2d310047773ac211790421e0f3ea70a9280213f7e27fa5f3a PKG_SOURCE_VERSION:=v$(PKG_VERSION) PKG_MAINTAINER:=Luiz Angelo Daros de Luca diff --git a/mail/exim/Makefile b/mail/exim/Makefile index 22a6a18df5..69d200bf1e 100644 --- a/mail/exim/Makefile +++ b/mail/exim/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=exim -PKG_VERSION:=4.96 -PKG_RELEASE:=2 +PKG_VERSION:=4.96.1 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://ftp.exim.org/pub/exim/exim4/ -PKG_HASH:=299a56927b2eb3477daafd3c5bda02bc67e5c4e5898a7aeaf2740875278cf1a3 +PKG_HASH:=93ac0755c317e1fdbbea8ccb70a868876bdf3148692891c72ad0fe816767033d PKG_MAINTAINER:=Daniel Golle PKG_LICENSE:=GPL-2.0-or-later diff --git a/mail/exim/patches/000-preliminary-fixes-for-ZDI-vulns.patch b/mail/exim/patches/000-preliminary-fixes-for-ZDI-vulns.patch deleted file mode 100644 index fee68a2419..0000000000 --- a/mail/exim/patches/000-preliminary-fixes-for-ZDI-vulns.patch +++ /dev/null @@ -1,185 +0,0 @@ -From florz@florz.de Sun Oct 1 10:33:31 2023 -Received: from [10.0.0.9] (helo=cumin.exim.org) - by mailman with esmtp (Exim 4.94.2) - (envelope-from ) - id 1qmspP-003gpc-28 - for exim-dev@lists.exim.org; Sun, 01 Oct 2023 09:33:31 +0000 -Authentication-Results: exim.org; - iprev=pass (rain.florz.de) smtp.remote-ip=2a07:12c0:1c00:40::1; - dmarc=none header.from=florz.de; - arc=none -Received: from rain.florz.de ([2a07:12c0:1c00:40::1]:36467) - by cumin.exim.org with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384 - (Exim 4.94.2-31-503e55a2c) - (envelope-from ) - id 1qmspN-00EIpR-5w - for exim-dev@lists.exim.org; Sun, 01 Oct 2023 09:33:30 +0000 -Received: from [2a07:12c0:1c00:43::121] (port=60772 helo=florz.florz.de) - by rain.florz.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) - (Exim 4.92) - (envelope-from ) - id 1qmspL-0007Zj-F8 - for exim-dev@lists.exim.org; Sun, 01 Oct 2023 11:33:27 +0200 -Received: from florz by florz.florz.de with local (Exim 4.92) - (envelope-from ) - id 1qmspK-0001ZU-Sl - for exim-dev@lists.exim.org; Sun, 01 Oct 2023 11:33:26 +0200 -Date: Sun, 1 Oct 2023 11:33:26 +0200 -From: Florian Zumbiehl -To: exim-dev@lists.exim.org -Message-ID: <20231001093326.GS3837@florz.florz.de> -MIME-Version: 1.0 -Content-Type: text/plain; charset=us-ascii -Content-Disposition: inline -User-Agent: Mutt/1.10.1 (2018-07-13) -X-Spam-Score: 0.0 (/) -Message-ID-Hash: D3TCMSGJTLM76H6APEQXZEYOLYJKKCNZ -X-Message-ID-Hash: D3TCMSGJTLM76H6APEQXZEYOLYJKKCNZ -X-MailFrom: florz@florz.de -X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-exim-dev.lists.exim.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header -X-Mailman-Version: 3.3.3 -Precedence: list -Subject: [exim-dev] Hotfix for some of the ZDI vulnerabilities -List-Id: Exim MTA development list -List-Help: -List-Owner: -List-Post: -List-Subscribe: -List-Unsubscribe: -Message: 1 -Status: RO -Content-Length: 5347 - -Hi, - -below you find a patch that fixes some (probably three?) of what I guess are -the vulnerabilities reported by ZDI. - -Please note that the patch is only mildly tested, it is developed based on -the git master branch, but can be applied to older versions with minor -massaging. If you go back far enough, proxy.c was part of smtp_in.c, but if -you adjust for that, the patch can be made to apply there, too. - -Obviously, I have no idea whether this actually addresses what ZDI has -reported, but if not, these probably should be fixed, too, and if so, given -the fact that I managed to rather easily find these vulnerabilities based -on the information that's publicly available, I don't think there is much -point to trying to keep this secret any longer--if anything, it's -counterproductive. - -Also mind you that this is a hot fix, it's neither elegant, nor does it do -any useful error reporting, the goal was simply to prevent out of bounds -accesses. - -Florian - ---- - ---- a/src/auths/external.c -+++ b/src/auths/external.c -@@ -100,6 +100,9 @@ if (expand_nmax == 0) /* skip if rxd da - if ((rc = auth_prompt(CUS"")) != OK) - return rc; - -+if (expand_nmax != 1) -+ return FAIL; -+ - if (ob->server_param2) - { - uschar * s = expand_string(ob->server_param2); ---- a/src/auths/spa.c -+++ b/src/auths/spa.c -@@ -165,12 +165,18 @@ if (auth_get_no64_data(&data, msgbuf) != - return FAIL; - - /* dump client response */ --if (spa_base64_to_bits(CS &response, sizeof(response), CCS data) < 0) -+int l = spa_base64_to_bits(CS &response, sizeof(response), CCS data); -+if (l < 0) - { - DEBUG(D_auth) debug_printf("auth_spa_server(): bad base64 data in " - "response: %s\n", data); - return FAIL; - } -+if(l < (char *)&response.buffer - (char *)&response)return FAIL; -+unsigned long o = IVAL(&response.uUser.offset, 0); -+if((l < o) || (l - o < SVAL(&response.uUser.len, 0)))return FAIL; -+o = IVAL(&response.ntResponse.offset, 0); -+if((l < o) || (l - o < 24))return FAIL; - - /*************************************************************** - PH 07-Aug-2003: The original code here was this: -@@ -345,7 +351,10 @@ if (!smtp_read_response(sx, US buffer, b - - /* convert the challenge into the challenge struct */ - DSPA("\n\n%s authenticator: challenge (%s)\n\n", ablock->name, buffer + 4); --spa_base64_to_bits(CS (&challenge), sizeof(challenge), CCS (buffer + 4)); -+int l = spa_base64_to_bits(CS (&challenge), sizeof(challenge), CCS (buffer + 4)); -+if((l < 0) || (l < (char *)&challenge.buffer - (char *)&challenge))return FAIL; -+unsigned long o = IVAL(&challenge.uDomain.offset, 0); -+if((l < o) || (l - o < SVAL(&challenge.uDomain.len, 0)))return FAIL; - - spa_build_auth_response(&challenge, &response, CS username, CS password); - spa_bits_to_base64(US msgbuf, US &response, spa_request_length(&response)); ---- a/src/smtp_in.c -+++ b/src/smtp_in.c -@@ -1172,6 +1172,8 @@ while (capacity > 0) - do { ret = read(fd, to, 1); } while (ret == -1 && errno == EINTR && !had_command_timeout); - if (ret == -1) - return -1; -+ if (!ret) -+ break; - have++; - if (last) - return have; -@@ -1320,6 +1322,8 @@ if ((ret == PROXY_INITIAL_READ) && (memc - goto proxyfail; - } - -+ if (ret < 16) -+ goto proxyfail; - /* The v2 header will always be 16 bytes per the spec. */ - size = 16 + ntohs(hdr.v2.len); - DEBUG(D_receive) debug_printf("Detected PROXYv2 header, size %d (limit %d)\n", -@@ -1340,7 +1344,7 @@ if ((ret == PROXY_INITIAL_READ) && (memc - { - retmore = read(fd, (uschar*)&hdr + ret, size-ret); - } while (retmore == -1 && errno == EINTR && !had_command_timeout); -- if (retmore == -1) -+ if (retmore < 1) - goto proxyfail; - ret += retmore; - DEBUG(D_receive) debug_printf("PROXYv2: have %d/%d required octets\n", ret, size); -@@ -1362,6 +1366,8 @@ if (ret >= 16 && memcmp(&hdr.v2, v2sig, - switch (hdr.v2.fam) - { - case 0x11: /* TCPv4 address type */ -+ if (ret < 28) -+ goto proxyfail; - iptype = US"IPv4"; - tmpaddr.sin_addr.s_addr = hdr.v2.addr.ip4.src_addr; - inet_ntop(AF_INET, &tmpaddr.sin_addr, CS &tmpip, sizeof(tmpip)); -@@ -1388,6 +1394,8 @@ if (ret >= 16 && memcmp(&hdr.v2, v2sig, - proxy_external_port = tmpport; - goto done; - case 0x21: /* TCPv6 address type */ -+ if (ret < 52) -+ goto proxyfail; - iptype = US"IPv6"; - memmove(tmpaddr6.sin6_addr.s6_addr, hdr.v2.addr.ip6.src_addr, 16); - inet_ntop(AF_INET6, &tmpaddr6.sin6_addr, CS &tmpip6, sizeof(tmpip6)); -@@ -1446,10 +1454,13 @@ else if (ret >= 8 && memcmp(hdr.v1.line, - goto proxyfail; - ret += r2; - -+ if(ret > 107) -+ goto proxyfail; -+ hdr.v1.line[ret] = 0; - p = string_copy(hdr.v1.line); - end = memchr(p, '\r', ret - 1); - -- if (!end || (end == (uschar*)&hdr + ret) || end[1] != '\n') -+ if (!end || end[1] != '\n') - { - DEBUG(D_receive) debug_printf("Partial or invalid PROXY header\n"); - goto proxyfail; diff --git a/multimedia/ffmpeg/Config.in b/multimedia/ffmpeg/Config.in index 93cdd67cd2..574ba27830 100644 --- a/multimedia/ffmpeg/Config.in +++ b/multimedia/ffmpeg/Config.in @@ -303,6 +303,9 @@ comment "Muxers" config FFMPEG_CUSTOM_MUXER_ac3 bool "AC3" +config FFMPEG_CUSTOM_MUXER_avi + bool "AVI" + config FFMPEG_CUSTOM_MUXER_h264 bool "H.264 Raw Video" depends on FFMPEG_CUSTOM_PATENTED diff --git a/multimedia/ffmpeg/Makefile b/multimedia/ffmpeg/Makefile index 54916ad542..84b68d2c65 100644 --- a/multimedia/ffmpeg/Makefile +++ b/multimedia/ffmpeg/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ffmpeg PKG_VERSION:=5.1.3 -PKG_RELEASE:=2 +PKG_RELEASE:=4 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://ffmpeg.org/releases/ @@ -69,6 +69,7 @@ FFMPEG_CUSTOM_DECODERS:= \ FFMPEG_CUSTOM_MUXERS:= \ ac3 \ + avi \ ffm \ h264 \ hevc \ @@ -535,6 +536,12 @@ ifeq ($(BUILD_VARIANT),custom) --disable-swresample endif + ifneq ($(CONFIG_PACKAGE_ffmpeg-custom),n) + FFMPEG_CONFIGURE+= \ + --enable-avfilter \ + --enable-ffmpeg + endif + FFMPEG_CONFIGURE+= \ --disable-swscale \ --disable-everything \ @@ -649,6 +656,11 @@ define Build/InstallDev/custom $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{avcodec,avdevice,avformat,avutil}.{a,so*} $(1)/usr/lib/ ifeq ($(CONFIG_FFMPEG_CUSTOM_PROGRAMS),y) $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{avfilter,swresample}.{a,so*} $(1)/usr/lib/ +endif +ifeq ($(BUILD_VARIANT),custom) + ifneq ($(CONFIG_PACKAGE_ffmpeg-custom),n) + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libavfilter.{a,so*} $(1)/usr/lib/ + endif endif $(INSTALL_DIR) $(1)/usr/lib/pkgconfig $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/lib{avcodec,avdevice,avformat,avutil}.pc $(1)/usr/lib/pkgconfig/ @@ -732,6 +744,11 @@ endif ifeq ($(CONFIG_FFMPEG_CUSTOM_PROGRAMS),y) $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{avfilter,swresample}.so.* $(1)/usr/lib/ endif +ifeq ($(BUILD_VARIANT),custom) + ifneq ($(CONFIG_PACKAGE_ffmpeg-custom),n) + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libavfilter.so.* $(1)/usr/lib/ + endif +endif endef # Only ffmpeg with libx264 is GPL (yes libpostproc); all other builds are lgpl (no libpostproc) diff --git a/net/adblock-fast/Makefile b/net/adblock-fast/Makefile index 23ec3acad3..f923a27b47 100644 --- a/net/adblock-fast/Makefile +++ b/net/adblock-fast/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=adblock-fast PKG_VERSION:=1.0.0 -PKG_RELEASE:=4 +PKG_RELEASE:=6 PKG_MAINTAINER:=Stan Grishin PKG_LICENSE:=GPL-3.0-or-later diff --git a/net/adblock-fast/files/etc/init.d/adblock-fast b/net/adblock-fast/files/etc/init.d/adblock-fast index b0ce905033..8229f0845d 100755 --- a/net/adblock-fast/files/etc/init.d/adblock-fast +++ b/net/adblock-fast/files/etc/init.d/adblock-fast @@ -64,8 +64,9 @@ readonly sharedMemoryError="/dev/shm/$packageName-error" readonly hostsFilter='/localhost/d;/^#/d;/^[^0-9]/d;s/^0\.0\.0\.0.//;s/^127\.0\.0\.1.//;s/[[:space:]]*#.*$//;s/[[:cntrl:]]$//;s/[[:space:]]//g;/[`~!@#\$%\^&\*()=+;:"'\'',<>?/\|[{}]/d;/]/d;/\./!d;/^$/d;/[^[:alnum:]_.-]/d;' readonly domainsFilter='/^#/d;s/[[:space:]]*#.*$//;s/[[:space:]]*$//;s/[[:cntrl:]]$//;/[[:space:]]/d;/[`~!@#\$%\^&\*()=+;:"'\'',<>?/\|[{}]/d;/]/d;/\./!d;/^$/d;/[^[:alnum:]_.-]/d;' readonly adBlockPlusFilter='/^#/d;/^!/d;s/[[:space:]]*#.*$//;s/^||//;s/\^$//;s/[[:space:]]*$//;s/[[:cntrl:]]$//;/[[:space:]]/d;/[`~!@#\$%\^&\*()=+;:"'\'',<>?/\|[{}]/d;/]/d;/\./!d;/^$/d;/[^[:alnum:]_.-]/d;' -readonly dnsmasqFileFilter='\|^server=/[[:alnum:]_.-].*/|!d' -readonly dnsmasq2FileFilter='\|^local=/[[:alnum:]_.-].*/|!d' +readonly dnsmasqFileFilter='\|^server=/[[:alnum:]_.-].*/|!d;s|server=/||;s|/.*$||' +readonly dnsmasq2FileFilter='\|^local=/[[:alnum:]_.-].*/|!d;s|local=/||;s|/.*$||' +readonly dnsmasq3FileFilter='\|^address=/[[:alnum:]_.-].*/|!d;s|address=/||;s|/.*$||' readonly _OK_='\033[0;32m\xe2\x9c\x93\033[0m' readonly _FAIL_='\033[0;31m\xe2\x9c\x97\033[0m' readonly __OK__='\033[0;32m[\xe2\x9c\x93]\033[0m' @@ -279,7 +280,9 @@ append_url() { echo 'dnsmasq' elif grep -q '^local=' "$file"; then echo 'dnsmasq2' - elif grep -q '^0.0.0.0' "$file" || grep -q '^127.0.0.1' "$file"; then + elif grep -q '^address=' "$file"; then + echo 'dnsmasq3' + elif grep -q '^0\.0\.0\.0' "$file" || grep -q '^127\.0\.0\.1' "$file"; then echo 'hosts' elif [ -n "$(sed "$domainsFilter" "$file" | head -1)" ]; then echo 'domains' @@ -868,6 +871,7 @@ process_file_url() { adblockplus) filter="$adBlockPlusFilter";; dnsmasq) filter="$dnsmasqFileFilter";; dnsmasq2) filter="$dnsmasq2FileFilter";; + dnsmasq3) filter="$dnsmasq3FileFilter";; domains) filter="$domainsFilter";; hosts) filter="$hostsFilter";; *) @@ -878,7 +882,9 @@ process_file_url() { return 0 ;; esac - sed -i "$filter" "$R_TMP" + if [ -n "$filter" ] && [ "$action" != 'file' ]; then + sed -i "$filter" "$R_TMP" + fi if [ ! -s "$R_TMP" ]; then output 1 "$_FAIL_" output 2 "[DL] $type $label ($format) $__FAIL__\\n" @@ -1038,15 +1044,16 @@ $(cat $A_TMP)" mv "$A_TMP" "$B_TMP" fi - output 2 'Allowing domains ' - json set message "$(get_text "statusProcessing"): allowing domains" - if sed -i -E "$allow_filter" "$B_TMP"; then - output_ok - else - output_failn - json add error "errorAllowListProcessing" + if [ -n "$allow_filter" ]; then + output 2 'Allowing domains ' + json set message "$(get_text "statusProcessing"): allowing domains" + if sed -i -E "$allow_filter" "$B_TMP"; then + output_ok + else + output_failn + json add error "errorAllowListProcessing" + fi fi - output 2 'Formatting merged file ' json set message "$(get_text "statusProcessing"): formatting merged file" if [ -z "$outputFilterIPv6" ]; then @@ -1529,6 +1536,7 @@ adb_start() { json_close_array procd_close_data procd_close_instance + return 0 } adb_status() { @@ -1561,12 +1569,13 @@ adb_status() { n=$((n+1)) done fi + return 0 } # shellcheck disable=SC2120 adb_stop() { local validation_result="$3" - load_environment "$validation_result" 'quiet' || return 1 + load_environment "$validation_result" 'quiet' || return 0 if [ -s "$outputFile" ]; then output "Stopping $serviceName... " cache 'create' @@ -1586,6 +1595,7 @@ adb_stop() { output "${_ERROR_}: $(get_text 'errorStopping')!\\n" fi fi + return 0 } adb_pause() { diff --git a/net/aircrack-ng/Makefile b/net/aircrack-ng/Makefile index 1323a0e6b8..70a13a0d46 100644 --- a/net/aircrack-ng/Makefile +++ b/net/aircrack-ng/Makefile @@ -8,15 +8,15 @@ include $(TOPDIR)/rules.mk PKG_NAME:=aircrack-ng -PKG_VERSION:=1.6 -PKG_RELEASE:=3 +PKG_VERSION:=1.7 +PKG_RELEASE:=1 PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=LICENSE PKG_CPE_ID:=cpe:/a:aircrack-ng:aircrack-ng PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://download.aircrack-ng.org/ -PKG_HASH:=4f0bfd486efc6ea7229f7fbc54340ff8b2094a0d73e9f617e0a39f878999a247 +PKG_HASH:=05a704e3c8f7792a17315080a21214a4448fd2452c1b0dd5226a3a55f90b58c3 PKG_BUILD_PARALLEL:=1 PKG_INSTALL:=1 @@ -40,7 +40,7 @@ include $(INCLUDE_DIR)/package.mk define Package/aircrack-ng SECTION:=net CATEGORY:=Network - DEPENDS:=+AIRCRACK_NG_HWLOC:libhwloc +libpcap +libpcre +libpthread +libstdcpp + DEPENDS:=+AIRCRACK_NG_HWLOC:libhwloc +libpcap +libpcre2 +libpthread +libstdcpp DEPENDS += +AIRCRACK_NG_OPENSSL:libopenssl DEPENDS += +AIRCRACK_NG_GCRYPT:libgcrypt DEPENDS += +AIRCRACK_NG_SQLITE3:libsqlite3 diff --git a/net/aircrack-ng/patches/100-01-autotools-add-PCRE2-detection.patch b/net/aircrack-ng/patches/100-01-autotools-add-PCRE2-detection.patch new file mode 100644 index 0000000000..95079ef7f3 --- /dev/null +++ b/net/aircrack-ng/patches/100-01-autotools-add-PCRE2-detection.patch @@ -0,0 +1,94 @@ +From 6b05dc10cdcf45d50bc8f9dd74667a3ff399a059 Mon Sep 17 00:00:00 2001 +From: Andras Gemes +Date: Fri, 20 Jan 2023 14:52:12 +0100 +Subject: [PATCH 1/9] autotools: add PCRE2 detection + +--- + build/m4/aircrack_ng_pcre2.m4 | 61 +++++++++++++++++++++++++++++++++++ + configure.ac | 2 ++ + 2 files changed, 63 insertions(+) + create mode 100644 build/m4/aircrack_ng_pcre2.m4 + +--- /dev/null ++++ b/build/m4/aircrack_ng_pcre2.m4 +@@ -0,0 +1,61 @@ ++dnl Aircrack-ng ++dnl ++dnl Copyright (C) 2023 Andras Gemes ++dnl ++dnl Autotool support was written by: Joseph Benden ++dnl ++dnl This program is free software; you can redistribute it and/or modify ++dnl it under the terms of the GNU General Public License as published by ++dnl the Free Software Foundation; either version 2 of the License, or ++dnl (at your option) any later version. ++dnl ++dnl This program is distributed in the hope that it will be useful, ++dnl but WITHOUT ANY WARRANTY; without even the implied warranty of ++dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++dnl GNU General Public License for more details. ++dnl ++dnl You should have received a copy of the GNU General Public License ++dnl along with this program; if not, write to the Free Software ++dnl Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA ++dnl ++dnl In addition, as a special exception, the copyright holders give ++dnl permission to link the code of portions of this program with the ++dnl OpenSSL library under certain conditions as described in each ++dnl individual source file, and distribute linked combinations ++dnl including the two. ++dnl ++dnl You must obey the GNU General Public License in all respects ++dnl for all of the code used other than OpenSSL. ++dnl ++dnl If you modify file(s) with this exception, you may extend this ++dnl exception to your dnl version of the file(s), but you are not obligated ++dnl to do so. ++dnl ++dnl If you dnl do not wish to do so, delete this exception statement from your ++dnl version. ++dnl ++dnl If you delete this exception statement from all source files in the ++dnl program, then also delete it here. ++ ++AC_DEFUN([AIRCRACK_NG_PCRE2], [ ++AC_ARG_ENABLE(static-pcre2, ++ AS_HELP_STRING([--enable-static-pcre2], ++ [Enable statically linked PCRE2 libpcre2-8.]), ++ [static_pcre2=$enableval], [static_pcre2=no]) ++ ++if test "x$static_pcre2" != "xno"; then ++ AC_REQUIRE([AX_EXT_HAVE_STATIC_LIB_DETECT]) ++ AX_EXT_HAVE_STATIC_LIB(PCRE2, ${DEFAULT_STATIC_LIB_SEARCH_PATHS}, pcre2 libpcre2-8, pcre2_version) ++ if test "x$PCRE2_FOUND" = xyes; then ++ HAVE_PCRE2=yes ++ else ++ HAVE_PCRE2=no ++ fi ++else ++ PKG_CHECK_MODULES(PCRE2, libpcre2-8, HAVE_PCRE2=yes, HAVE_PCRE2=no) ++fi ++ ++AS_IF([test "x$HAVE_PCRE2" = "xyes"], [ ++ AC_DEFINE([HAVE_PCRE2], [1], [Define this if you have libpcre2-8 on your system]) ++]) ++]) +\ No newline at end of file +--- a/configure.ac ++++ b/configure.ac +@@ -144,6 +144,7 @@ AIRCRACK_NG_EXT_SCRIPTS + AIRCRACK_NG_HWLOC + AIRCRACK_NG_PCAP + AIRCRACK_NG_PCRE ++AIRCRACK_NG_PCRE2 + AIRCRACK_NG_RFKILL + AIRCRACK_NG_SQLITE + AIRCRACK_NG_ZLIB +@@ -320,6 +321,7 @@ ${PACKAGE} ${VERSION} + Jemalloc: ${JEMALLOC} + Pcap: ${PCAP_FOUND} + Pcre: ${HAVE_PCRE} ++ Pcre2: ${HAVE_PCRE2} + Sqlite: ${HAVE_SQLITE3} + Tcmalloc: ${TCMALLOC} + Zlib: ${HAVE_ZLIB} diff --git a/net/aircrack-ng/patches/100-02-airodump-ng-add-PCRE2-support.patch b/net/aircrack-ng/patches/100-02-airodump-ng-add-PCRE2-support.patch new file mode 100644 index 0000000000..63210b681b --- /dev/null +++ b/net/aircrack-ng/patches/100-02-airodump-ng-add-PCRE2-support.patch @@ -0,0 +1,142 @@ +From 37bc38a1749f61f3e54dbebca7b33df844b6de82 Mon Sep 17 00:00:00 2001 +From: Andras Gemes +Date: Fri, 20 Jan 2023 14:53:59 +0100 +Subject: [PATCH 2/9] airodump-ng: add PCRE2 support + +--- + src/airodump-ng/airodump-ng.c | 75 +++++++++++++++++++++++++++++++---- + 1 file changed, 67 insertions(+), 8 deletions(-) + +--- a/src/airodump-ng/airodump-ng.c ++++ b/src/airodump-ng/airodump-ng.c +@@ -68,7 +68,10 @@ + + #include + +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++#define PCRE2_CODE_UNIT_WIDTH 8 ++#include ++#elif defined HAVE_PCRE + #include + #endif + +@@ -150,7 +153,10 @@ static struct local_options + unsigned char prev_bssid[6]; + char ** f_essid; + int f_essid_count; +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++ pcre2_code * f_essid_regex; ++ pcre2_match_data * f_essid_match_data; ++#elif defined HAVE_PCRE + pcre * f_essid_regex; + #endif + char * dump_prefix; +@@ -784,7 +790,7 @@ static const char usage[] = + " --netmask : Filter APs by mask\n" + " --bssid : Filter APs by BSSID\n" + " --essid : Filter APs by ESSID\n" +-#ifdef HAVE_PCRE ++#if defined HAVE_PCRE2 || defined HAVE_PCRE + " --essid-regex : Filter APs by ESSID using a regular\n" + " expression\n" + #endif +@@ -857,7 +863,22 @@ int is_filtered_essid(const uint8_t * es + ret = 1; + } + +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++ if (lopt.f_essid_regex) ++ { ++ lopt.f_essid_match_data ++ = pcre2_match_data_create_from_pattern(lopt.f_essid_regex, NULL); ++ ++ return pcre2_match(lopt.f_essid_regex, ++ (PCRE2_SPTR) essid, ++ (int) strnlen((char *) essid, ESSID_LENGTH), ++ 0, ++ 0, ++ lopt.f_essid_match_data, ++ 0) ++ < 0; ++ } ++#elif defined HAVE_PCRE + if (lopt.f_essid_regex) + { + return pcre_exec(lopt.f_essid_regex, +@@ -5782,7 +5803,10 @@ int main(int argc, char * argv[]) + int wi_read_failed = 0; + int n = 0; + int output_format_first_time = 1; +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++ int pcreerror; ++ PCRE2_SIZE pcreerroffset; ++#elif defined HAVE_PCRE + const char * pcreerror; + int pcreerroffset; + #endif +@@ -5938,7 +5962,9 @@ int main(int argc, char * argv[]) + #ifdef CONFIG_LIBNL + lopt.htval = CHANNEL_NO_HT; + #endif +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++ lopt.f_essid_regex = NULL; ++#elif defined HAVE_PCRE + lopt.f_essid_regex = NULL; + #endif + +@@ -6359,7 +6385,34 @@ int main(int argc, char * argv[]) + + case 'R': + +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++ if (lopt.f_essid_regex != NULL) ++ { ++ printf("Error: ESSID regular expression already given. " ++ "Aborting\n"); ++ exit(EXIT_FAILURE); ++ } ++ ++ lopt.f_essid_regex = pcre2_compile((PCRE2_SPTR) optarg, ++ PCRE2_ZERO_TERMINATED, ++ 0, ++ &pcreerror, ++ &pcreerroffset, ++ NULL); ++ ++ if (lopt.f_essid_regex == NULL) ++ { ++ PCRE2_UCHAR pcreerrbuffer[256]; ++ pcre2_get_error_message( ++ pcreerror, pcreerrbuffer, sizeof(pcreerrbuffer)); ++ ++ printf("Error: regular expression compilation failed at " ++ "offset %lu: %s; aborting\n", ++ pcreerroffset, ++ pcreerrbuffer); ++ exit(EXIT_FAILURE); ++ } ++#elif defined HAVE_PCRE + if (lopt.f_essid_regex != NULL) + { + printf("Error: ESSID regular expression already given. " +@@ -7297,7 +7350,13 @@ int main(int argc, char * argv[]) + + if (lopt.keyout) free(lopt.keyout); + +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++ if (lopt.f_essid_regex) ++ { ++ pcre2_match_data_free(lopt.f_essid_match_data); ++ pcre2_code_free(lopt.f_essid_regex); ++ } ++#elif defined HAVE_PCRE + if (lopt.f_essid_regex) pcre_free(lopt.f_essid_regex); + #endif + diff --git a/net/aircrack-ng/patches/100-03-besside-ng-add-PCRE2-support.patch b/net/aircrack-ng/patches/100-03-besside-ng-add-PCRE2-support.patch new file mode 100644 index 0000000000..810007eaa8 --- /dev/null +++ b/net/aircrack-ng/patches/100-03-besside-ng-add-PCRE2-support.patch @@ -0,0 +1,146 @@ +From dbc80d96cfba2dab959ab20bf76f8dd4f517bd29 Mon Sep 17 00:00:00 2001 +From: Andras Gemes +Date: Fri, 20 Jan 2023 14:55:18 +0100 +Subject: [PATCH 3/9] besside-ng: add PCRE2 support + +--- + src/besside-ng/besside-ng.c | 86 ++++++++++++++++++++++++++++++++++--- + 1 file changed, 79 insertions(+), 7 deletions(-) + +--- a/src/besside-ng/besside-ng.c ++++ b/src/besside-ng/besside-ng.c +@@ -57,7 +57,10 @@ + #include + #include + +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++#define PCRE2_CODE_UNIT_WIDTH 8 ++#include ++#elif defined HAVE_PCRE + #include + #endif + +@@ -155,7 +158,10 @@ static struct conf + int cf_do_wep; + int cf_do_wpa; + char * cf_wpa_server; +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++ pcre2_code * cf_essid_regex; ++ pcre2_match_data * cf_essid_match_data; ++#elif defined HAVE_PCRE + pcre * cf_essid_regex; + #endif + } _conf; +@@ -1116,7 +1122,31 @@ static void attack_ping(void * a) + timer_in(100 * 1000, attack_ping, n); + } + +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++static int is_filtered_essid(char * essid) ++{ ++ REQUIRE(essid != NULL); ++ ++ int ret = 0; ++ ++ if (_conf.cf_essid_regex) ++ { ++ _conf.cf_essid_match_data ++ = pcre2_match_data_create_from_pattern(_conf.cf_essid_regex, NULL); ++ ++ return pcre2_match(_conf.cf_essid_regex, ++ (PCRE2_SPTR) essid, ++ (int) strnlen((char *) essid, MAX_IE_ELEMENT_SIZE), ++ 0, ++ 0, ++ _conf.cf_essid_match_data, ++ 0) ++ < 0; ++ } ++ ++ return (ret); ++} ++#elif defined HAVE_PCRE + static int is_filtered_essid(char * essid) + { + REQUIRE(essid != NULL); +@@ -1148,7 +1178,12 @@ static int should_attack(struct network + if (_conf.cf_bssid && memcmp(_conf.cf_bssid, n->n_bssid, 6) != 0) + return (0); + +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++ if (is_filtered_essid(n->n_ssid)) ++ { ++ return (0); ++ } ++#elif defined HAVE_PCRE + if (is_filtered_essid(n->n_ssid)) + { + return (0); +@@ -3007,7 +3042,13 @@ static void cleanup(int UNUSED(x)) + + print_work(); + +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++ if (_conf.cf_essid_regex) ++ { ++ pcre2_match_data_free(_conf.cf_essid_match_data); ++ pcre2_code_free(_conf.cf_essid_regex); ++ } ++#elif defined HAVE_PCRE + if (_conf.cf_essid_regex) pcre_free(_conf.cf_essid_regex); + #endif + +@@ -3295,7 +3336,10 @@ static void usage(char * prog) + int main(int argc, char * argv[]) + { + int ch, temp; +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++ int pcreerror; ++ PCRE2_SIZE pcreerroffset; ++#elif defined HAVE_PCRE + const char * pcreerror; + int pcreerroffset; + #endif +@@ -3349,7 +3393,35 @@ int main(int argc, char * argv[]) + break; + + case 'R': +-#ifdef HAVE_PCRE ++#ifdef HAVE_PCRE2 ++ if (_conf.cf_essid_regex != NULL) ++ { ++ printf("Error: ESSID regular expression already given. " ++ "Aborting\n"); ++ exit(EXIT_FAILURE); ++ } ++ ++ _conf.cf_essid_regex = pcre2_compile((PCRE2_SPTR) optarg, ++ PCRE2_ZERO_TERMINATED, ++ 0, ++ &pcreerror, ++ &pcreerroffset, ++ NULL); ++ ++ if (_conf.cf_essid_regex == NULL) ++ { ++ PCRE2_UCHAR pcreerrbuffer[256]; ++ pcre2_get_error_message( ++ pcreerror, pcreerrbuffer, sizeof(pcreerrbuffer)); ++ ++ printf("Error: regular expression compilation failed at " ++ "offset %lu: %s; aborting\n", ++ pcreerroffset, ++ pcreerrbuffer); ++ exit(EXIT_FAILURE); ++ } ++ break; ++#elif defined HAVE_PCRE + if (_conf.cf_essid_regex != NULL) + { + printf("Error: ESSID regular expression already given. " diff --git a/net/aircrack-ng/patches/100-04-makefile-add-PCRE2-to-linker-flags.patch b/net/aircrack-ng/patches/100-04-makefile-add-PCRE2-to-linker-flags.patch new file mode 100644 index 0000000000..be5b886c5a --- /dev/null +++ b/net/aircrack-ng/patches/100-04-makefile-add-PCRE2-to-linker-flags.patch @@ -0,0 +1,29 @@ +From ca05a44c449be3c433ea67c04f11d544ab62395f Mon Sep 17 00:00:00 2001 +From: Andras Gemes +Date: Fri, 20 Jan 2023 14:57:16 +0100 +Subject: [PATCH 4/9] makefile: add PCRE2 to linker flags + +--- + src/Makefile.inc | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/src/Makefile.inc ++++ b/src/Makefile.inc +@@ -130,7 +130,7 @@ aireplay_ng_LDADD = $(COMMON_LDADD) $(L + airodump_ng_SOURCES = $(SRC_ADU) $(SRC_DWRITE) + airodump_ng_CFLAGS = $(COMMON_CFLAGS) $(PCRE_CFLAGS) $(LIBNL_CFLAGS) + airodump_ng_CPPFLAGS = $(AM_CPPFLAGS) -I$(abs_srcdir)/src/airodump-ng +-airodump_ng_LDADD = $(COMMON_LDADD) $(PCRE_LIBS) $(LIBAIRCRACK_OSDEP_LIBS) $(LIBACCRYPTO_LIBS) $(LIBAIRCRACK_CE_WEP_LIBS) $(AIRPCAP_LIBS) $(LIBAIRCRACK_LIBS) $(CRYPTO_LIBS) ++airodump_ng_LDADD = $(COMMON_LDADD) $(PCRE_LIBS) $(PCRE2_LIBS) $(LIBAIRCRACK_OSDEP_LIBS) $(LIBACCRYPTO_LIBS) $(LIBAIRCRACK_CE_WEP_LIBS) $(AIRPCAP_LIBS) $(LIBAIRCRACK_LIBS) $(CRYPTO_LIBS) + + airserv_ng_SOURCES = $(SRC_AS) + airserv_ng_CFLAGS = $(COMMON_CFLAGS) $(LIBNL_CFLAGS) +@@ -164,7 +164,7 @@ buddy_ng_LDADD = $(COMMON_LDADD) $(LIBA + + besside_ng_SOURCES = $(SRC_BS) + besside_ng_CFLAGS = $(COMMON_CFLAGS) $(PCRE_CFLAGS) $(LIBNL_CFLAGS) +-besside_ng_LDADD = $(COMMON_LDADD) $(PCRE_LIBS) $(LIBAIRCRACK_OSDEP_LIBS) $(LIBACCRYPTO_LIBS) $(LIBPTW_LIBS) $(AIRPCAP_LIBS) $(LIBAIRCRACK_LIBS) $(CRYPTO_LIBS) ++besside_ng_LDADD = $(COMMON_LDADD) $(PCRE_LIBS) $(PCRE2_LIBS) $(LIBAIRCRACK_OSDEP_LIBS) $(LIBACCRYPTO_LIBS) $(LIBPTW_LIBS) $(AIRPCAP_LIBS) $(LIBAIRCRACK_LIBS) $(CRYPTO_LIBS) + + besside_ng_crawler_SOURCES = $(SRC_BC) + besside_ng_crawler_CFLAGS = $(COMMON_CFLAGS) $(PCAP_CFLAGS) diff --git a/net/aircrack-ng/patches/100-05-airodump-ng-dump_write-remove-unused-PCRE-include.patch b/net/aircrack-ng/patches/100-05-airodump-ng-dump_write-remove-unused-PCRE-include.patch new file mode 100644 index 0000000000..6b64fb63e9 --- /dev/null +++ b/net/aircrack-ng/patches/100-05-airodump-ng-dump_write-remove-unused-PCRE-include.patch @@ -0,0 +1,21 @@ +From fa532b05d48e856c774837b83a3323dafcc8c33e Mon Sep 17 00:00:00 2001 +From: Andras Gemes +Date: Fri, 20 Jan 2023 14:58:35 +0100 +Subject: [PATCH 5/9] airodump-ng/dump_write: remove unused PCRE include + +--- + src/airodump-ng/dump_write.c | 3 --- + 1 file changed, 3 deletions(-) + +--- a/src/airodump-ng/dump_write.c ++++ b/src/airodump-ng/dump_write.c +@@ -45,9 +45,6 @@ + #include // ftruncate + #include // ftruncate + #include +-#ifdef HAVE_PCRE +-#include +-#endif + + #include "aircrack-ng/defs.h" + #include "airodump-ng.h" diff --git a/net/aircrack-ng/patches/100-07-compat-pcre-add-compat-type-PCRE-header.patch b/net/aircrack-ng/patches/100-07-compat-pcre-add-compat-type-PCRE-header.patch new file mode 100644 index 0000000000..51df8ea2b9 --- /dev/null +++ b/net/aircrack-ng/patches/100-07-compat-pcre-add-compat-type-PCRE-header.patch @@ -0,0 +1,114 @@ +From bac9b5fed2bb29e13326c90d7c12a6936fe9f04b Mon Sep 17 00:00:00 2001 +From: Andras Gemes +Date: Sat, 21 Jan 2023 19:29:58 +0100 +Subject: [PATCH 7/9] compat-pcre: add compat-type PCRE header + +--- + include/Makefile.inc | 1 + + include/aircrack-ng/pcre/compat-pcre.h | 90 ++++++++++++++++++++++++++ + 2 files changed, 91 insertions(+) + create mode 100644 include/aircrack-ng/pcre/compat-pcre.h + +--- a/include/Makefile.inc ++++ b/include/Makefile.inc +@@ -71,6 +71,7 @@ nobase_aircrack_HEADERS = %D%/aircrack- + %D%/aircrack-ng/osdep/network.h \ + %D%/aircrack-ng/osdep/osdep.h \ + %D%/aircrack-ng/osdep/packed.h \ ++ %D%/aircrack-ng/pcre/compat-pcre.h \ + %D%/aircrack-ng/ptw/aircrack-ptw-lib.h \ + %D%/aircrack-ng/support/common.h \ + %D%/aircrack-ng/support/communications.h \ +--- /dev/null ++++ b/include/aircrack-ng/pcre/compat-pcre.h +@@ -0,0 +1,90 @@ ++/* ++* Copyright (C) 2023 Andras Gemes ++* ++* This program is free software; you can redistribute it and/or modify ++* it under the terms of the GNU General Public License as published by ++* the Free Software Foundation; either version 2 of the License, or ++* (at your option) any later version. ++* ++* This program is distributed in the hope that it will be useful, ++* but WITHOUT ANY WARRANTY; without even the implied warranty of ++* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++* GNU General Public License for more details. ++* ++* You should have received a copy of the GNU General Public License ++* along with this program; if not, write to the Free Software ++* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA ++* ++* ++* In addition, as a special exception, the copyright holders give ++* permission to link the code of portions of this program with the ++* OpenSSL library under certain conditions as described in each ++* individual source file, and distribute linked combinations ++* including the two. ++* You must obey the GNU General Public License in all respects ++* for all of the code used other than OpenSSL. * If you modify ++* file(s) with this exception, you may extend this exception to your ++* version of the file(s), but you are not obligated to do so. * If you ++* do not wish to do so, delete this exception statement from your ++* version. * If you delete this exception statement from all source ++* files in the program, then also delete it here. ++*/ ++ ++#ifndef AIRCRACK_NG_COMPAT_PCRE_H ++#define AIRCRACK_NG_COMPAT_PCRE_H ++ ++#ifdef HAVE_PCRE2 ++#define PCRE2_CODE_UNIT_WIDTH 8 ++#include ++#elif defined HAVE_PCRE ++#include ++#endif ++ ++#ifdef HAVE_PCRE2 ++#define COMPAT_PCRE_COMPILE(pattern, pcreerror, pcreerroffset) \ ++ pcre2_compile((PCRE2_SPTR) (pattern), \ ++ PCRE2_ZERO_TERMINATED, \ ++ 0, \ ++ (pcreerror), \ ++ (pcreerroffset), \ ++ NULL) ++#elif defined HAVE_PCRE ++#define COMPAT_PCRE_COMPILE(pattern, pcreerror, pcreerroffset) \ ++ pcre_compile((pattern), 0, (pcreerror), (pcreerroffset), NULL) ++#endif ++ ++#ifdef HAVE_PCRE2 ++#define COMPAT_PCRE_MATCH(regex, essid, length, match_data) \ ++ pcre2_match((regex), \ ++ (PCRE2_SPTR) (essid), \ ++ (int) strnlen((char *) (essid), (length)), \ ++ 0, \ ++ 0, \ ++ (match_data), \ ++ 0) ++#elif defined HAVE_PCRE ++#define COMPAT_PCRE_MATCH(regex, essid, length, match_data) \ ++ pcre_exec((regex), \ ++ NULL, \ ++ (char *) (essid), \ ++ strnlen((char *) (essid), (length)), \ ++ 0, \ ++ 0, \ ++ NULL, \ ++ 0) ++#endif ++ ++#ifdef HAVE_PCRE2 ++#define COMPAT_PCRE_PRINT_ERROR(pcreerroffset, pcreerr) \ ++ printf("Error: regular expression compilation failed at " \ ++ "offset %zu: %s; aborting\n", \ ++ (pcreerroffset), \ ++ (pcreerr)) ++#elif defined HAVE_PCRE ++#define COMPAT_PCRE_PRINT_ERROR(pcreerroffset, pcreerrorbuf) \ ++ printf("Error: regular expression compilation failed at " \ ++ "offset %d: %s; aborting\n", \ ++ (pcreerroffset), \ ++ (pcreerrorbuf)) ++#endif ++#endif //AIRCRACK_NG_COMPAT_PCRE_H diff --git a/net/aircrack-ng/patches/100-08-airodump-ng-utilize-compat-pcre.patch b/net/aircrack-ng/patches/100-08-airodump-ng-utilize-compat-pcre.patch new file mode 100644 index 0000000000..732c6a1dc3 --- /dev/null +++ b/net/aircrack-ng/patches/100-08-airodump-ng-utilize-compat-pcre.patch @@ -0,0 +1,146 @@ +From e7ace80dbcfd2feecbbc6263ce59ce20acdafca0 Mon Sep 17 00:00:00 2001 +From: Andras Gemes +Date: Sat, 21 Jan 2023 19:31:07 +0100 +Subject: [PATCH 8/9] airodump-ng: utilize compat-pcre + +--- + src/airodump-ng/airodump-ng.c | 80 +++++++++-------------------------- + 1 file changed, 19 insertions(+), 61 deletions(-) + +--- a/src/airodump-ng/airodump-ng.c ++++ b/src/airodump-ng/airodump-ng.c +@@ -68,13 +68,7 @@ + + #include + +-#ifdef HAVE_PCRE2 +-#define PCRE2_CODE_UNIT_WIDTH 8 +-#include +-#elif defined HAVE_PCRE +-#include +-#endif +- ++#include "aircrack-ng/pcre/compat-pcre.h" + #include "aircrack-ng/defs.h" + #include "aircrack-ng/version.h" + #include "aircrack-ng/support/pcap_local.h" +@@ -863,33 +857,22 @@ int is_filtered_essid(const uint8_t * es + ret = 1; + } + +-#ifdef HAVE_PCRE2 ++#if defined HAVE_PCRE2 || defined HAVE_PCRE + if (lopt.f_essid_regex) + { ++#ifdef HAVE_PCRE2 + lopt.f_essid_match_data + = pcre2_match_data_create_from_pattern(lopt.f_essid_regex, NULL); + +- return pcre2_match(lopt.f_essid_regex, +- (PCRE2_SPTR) essid, +- (int) strnlen((char *) essid, ESSID_LENGTH), +- 0, +- 0, +- lopt.f_essid_match_data, +- 0) ++ return COMPAT_PCRE_MATCH(lopt.f_essid_regex, ++ essid, ++ ESSID_LENGTH, ++ lopt.f_essid_match_data) + < 0; +- } + #elif defined HAVE_PCRE +- if (lopt.f_essid_regex) +- { +- return pcre_exec(lopt.f_essid_regex, +- NULL, +- (char *) essid, +- (int) strnlen((char *) essid, ESSID_LENGTH), +- 0, +- 0, +- NULL, +- 0) ++ return COMPAT_PCRE_MATCH(lopt.f_essid_regex, essid, ESSID_LENGTH, NULL) + < 0; ++#endif + } + #endif + +@@ -5805,6 +5788,7 @@ int main(int argc, char * argv[]) + int output_format_first_time = 1; + #ifdef HAVE_PCRE2 + int pcreerror; ++ PCRE2_UCHAR pcreerrorbuf[256]; + PCRE2_SIZE pcreerroffset; + #elif defined HAVE_PCRE + const char * pcreerror; +@@ -5962,9 +5946,7 @@ int main(int argc, char * argv[]) + #ifdef CONFIG_LIBNL + lopt.htval = CHANNEL_NO_HT; + #endif +-#ifdef HAVE_PCRE2 +- lopt.f_essid_regex = NULL; +-#elif defined HAVE_PCRE ++#if defined HAVE_PCRE2 || defined HAVE_PCRE + lopt.f_essid_regex = NULL; + #endif + +@@ -6385,7 +6367,7 @@ int main(int argc, char * argv[]) + + case 'R': + +-#ifdef HAVE_PCRE2 ++#if defined HAVE_PCRE2 || defined HAVE_PCRE + if (lopt.f_essid_regex != NULL) + { + printf("Error: ESSID regular expression already given. " +@@ -6393,42 +6375,18 @@ int main(int argc, char * argv[]) + exit(EXIT_FAILURE); + } + +- lopt.f_essid_regex = pcre2_compile((PCRE2_SPTR) optarg, +- PCRE2_ZERO_TERMINATED, +- 0, +- &pcreerror, +- &pcreerroffset, +- NULL); ++ lopt.f_essid_regex ++ = COMPAT_PCRE_COMPILE(optarg, &pcreerror, &pcreerroffset); + + if (lopt.f_essid_regex == NULL) + { +- PCRE2_UCHAR pcreerrbuffer[256]; ++#ifdef HAVE_PCRE2 + pcre2_get_error_message( +- pcreerror, pcreerrbuffer, sizeof(pcreerrbuffer)); +- +- printf("Error: regular expression compilation failed at " +- "offset %lu: %s; aborting\n", +- pcreerroffset, +- pcreerrbuffer); +- exit(EXIT_FAILURE); +- } ++ pcreerror, pcreerrorbuf, sizeof(pcreerrorbuf)); ++ COMPAT_PCRE_PRINT_ERROR(pcreerroffset, pcreerrorbuf); + #elif defined HAVE_PCRE +- if (lopt.f_essid_regex != NULL) +- { +- printf("Error: ESSID regular expression already given. " +- "Aborting\n"); +- exit(EXIT_FAILURE); +- } +- +- lopt.f_essid_regex +- = pcre_compile(optarg, 0, &pcreerror, &pcreerroffset, NULL); +- +- if (lopt.f_essid_regex == NULL) +- { +- printf("Error: regular expression compilation failed at " +- "offset %d: %s; aborting\n", +- pcreerroffset, +- pcreerror); ++ COMPAT_PCRE_PRINT_ERROR(pcreerroffset, pcreerror); ++#endif + exit(EXIT_FAILURE); + } + #else diff --git a/net/aircrack-ng/patches/100-09-besside-ng-utilize-compat-pcre.patch b/net/aircrack-ng/patches/100-09-besside-ng-utilize-compat-pcre.patch new file mode 100644 index 0000000000..532521e37f --- /dev/null +++ b/net/aircrack-ng/patches/100-09-besside-ng-utilize-compat-pcre.patch @@ -0,0 +1,165 @@ +From d7eb251f945524b419e8c90dd54c640d9922e5d5 Mon Sep 17 00:00:00 2001 +From: Andras Gemes +Date: Sat, 21 Jan 2023 19:31:31 +0100 +Subject: [PATCH 9/9] besside-ng: utilize compat-pcre + +--- + src/besside-ng/besside-ng.c | 94 ++++++++----------------------------- + 1 file changed, 20 insertions(+), 74 deletions(-) + +--- a/src/besside-ng/besside-ng.c ++++ b/src/besside-ng/besside-ng.c +@@ -57,13 +57,7 @@ + #include + #include + +-#ifdef HAVE_PCRE2 +-#define PCRE2_CODE_UNIT_WIDTH 8 +-#include +-#elif defined HAVE_PCRE +-#include +-#endif +- ++#include "aircrack-ng/pcre/compat-pcre.h" + #include "aircrack-ng/defs.h" + #include "aircrack-ng/aircrack-ng.h" + #include "aircrack-ng/version.h" +@@ -1122,7 +1116,7 @@ static void attack_ping(void * a) + timer_in(100 * 1000, attack_ping, n); + } + +-#ifdef HAVE_PCRE2 ++#if defined HAVE_PCRE2 || defined HAVE_PCRE + static int is_filtered_essid(char * essid) + { + REQUIRE(essid != NULL); +@@ -1131,39 +1125,20 @@ static int is_filtered_essid(char * essi + + if (_conf.cf_essid_regex) + { ++#ifdef HAVE_PCRE2 + _conf.cf_essid_match_data + = pcre2_match_data_create_from_pattern(_conf.cf_essid_regex, NULL); + +- return pcre2_match(_conf.cf_essid_regex, +- (PCRE2_SPTR) essid, +- (int) strnlen((char *) essid, MAX_IE_ELEMENT_SIZE), +- 0, +- 0, +- _conf.cf_essid_match_data, +- 0) ++ return COMPAT_PCRE_MATCH(_conf.cf_essid_regex, ++ essid, ++ MAX_IE_ELEMENT_SIZE, ++ _conf.cf_essid_match_data) + < 0; +- } +- +- return (ret); +-} + #elif defined HAVE_PCRE +-static int is_filtered_essid(char * essid) +-{ +- REQUIRE(essid != NULL); +- +- int ret = 0; +- +- if (_conf.cf_essid_regex) +- { +- return pcre_exec(_conf.cf_essid_regex, +- NULL, +- (char *) essid, +- strnlen((char *) essid, MAX_IE_ELEMENT_SIZE), +- 0, +- 0, +- NULL, +- 0) ++ return COMPAT_PCRE_MATCH( ++ _conf.cf_essid_regex, essid, MAX_IE_ELEMENT_SIZE, NULL) + < 0; ++#endif + } + + return (ret); +@@ -1178,12 +1153,7 @@ static int should_attack(struct network + if (_conf.cf_bssid && memcmp(_conf.cf_bssid, n->n_bssid, 6) != 0) + return (0); + +-#ifdef HAVE_PCRE2 +- if (is_filtered_essid(n->n_ssid)) +- { +- return (0); +- } +-#elif defined HAVE_PCRE ++#if defined HAVE_PCRE2 || defined HAVE_PCRE + if (is_filtered_essid(n->n_ssid)) + { + return (0); +@@ -3338,6 +3308,7 @@ int main(int argc, char * argv[]) + int ch, temp; + #ifdef HAVE_PCRE2 + int pcreerror; ++ PCRE2_UCHAR pcreerrorbuf[256]; + PCRE2_SIZE pcreerroffset; + #elif defined HAVE_PCRE + const char * pcreerror; +@@ -3393,7 +3364,7 @@ int main(int argc, char * argv[]) + break; + + case 'R': +-#ifdef HAVE_PCRE2 ++#if defined HAVE_PCRE2 || defined HAVE_PCRE + if (_conf.cf_essid_regex != NULL) + { + printf("Error: ESSID regular expression already given. " +@@ -3401,43 +3372,18 @@ int main(int argc, char * argv[]) + exit(EXIT_FAILURE); + } + +- _conf.cf_essid_regex = pcre2_compile((PCRE2_SPTR) optarg, +- PCRE2_ZERO_TERMINATED, +- 0, +- &pcreerror, +- &pcreerroffset, +- NULL); ++ _conf.cf_essid_regex ++ = COMPAT_PCRE_COMPILE(optarg, &pcreerror, &pcreerroffset); + + if (_conf.cf_essid_regex == NULL) + { +- PCRE2_UCHAR pcreerrbuffer[256]; ++#ifdef HAVE_PCRE2 + pcre2_get_error_message( +- pcreerror, pcreerrbuffer, sizeof(pcreerrbuffer)); +- +- printf("Error: regular expression compilation failed at " +- "offset %lu: %s; aborting\n", +- pcreerroffset, +- pcreerrbuffer); +- exit(EXIT_FAILURE); +- } +- break; ++ pcreerror, pcreerrorbuf, sizeof(pcreerrorbuf)); ++ COMPAT_PCRE_PRINT_ERROR(pcreerroffset, pcreerrorbuf); + #elif defined HAVE_PCRE +- if (_conf.cf_essid_regex != NULL) +- { +- printf("Error: ESSID regular expression already given. " +- "Aborting\n"); +- exit(EXIT_FAILURE); +- } +- +- _conf.cf_essid_regex +- = pcre_compile(optarg, 0, &pcreerror, &pcreerroffset, NULL); +- +- if (_conf.cf_essid_regex == NULL) +- { +- printf("Error: regular expression compilation failed at " +- "offset %d: %s; aborting\n", +- pcreerroffset, +- pcreerror); ++ COMPAT_PCRE_PRINT_ERROR(pcreerroffset, pcreerror); ++#endif + exit(EXIT_FAILURE); + } + break; diff --git a/net/aircrack-ng/patches/101-02-src-makefile-add-PCRE2_CFLAGS-to-airodump-and-bessid.patch b/net/aircrack-ng/patches/101-02-src-makefile-add-PCRE2_CFLAGS-to-airodump-and-bessid.patch new file mode 100644 index 0000000000..c6338f5627 --- /dev/null +++ b/net/aircrack-ng/patches/101-02-src-makefile-add-PCRE2_CFLAGS-to-airodump-and-bessid.patch @@ -0,0 +1,29 @@ +From 8c6a4f171b7d97a294590fab9dc2069b149b9b36 Mon Sep 17 00:00:00 2001 +From: Andras Gemes +Date: Mon, 23 Jan 2023 10:42:39 +0100 +Subject: [PATCH 2/6] src/makefile: add PCRE2_CFLAGS to airodump and besside + +--- + src/Makefile.inc | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/src/Makefile.inc ++++ b/src/Makefile.inc +@@ -128,7 +128,7 @@ aireplay_ng_CFLAGS = $(COMMON_CFLAGS) $( + aireplay_ng_LDADD = $(COMMON_LDADD) $(LIBAIRCRACK_OSDEP_LIBS) $(LIBACCRYPTO_LIBS) $(AIRPCAP_LIBS) $(LIBAIRCRACK_LIBS) $(CRYPTO_LIBS) + + airodump_ng_SOURCES = $(SRC_ADU) $(SRC_DWRITE) +-airodump_ng_CFLAGS = $(COMMON_CFLAGS) $(PCRE_CFLAGS) $(LIBNL_CFLAGS) ++airodump_ng_CFLAGS = $(COMMON_CFLAGS) $(PCRE_CFLAGS) $(PCRE2_CFLAGS) $(LIBNL_CFLAGS) + airodump_ng_CPPFLAGS = $(AM_CPPFLAGS) -I$(abs_srcdir)/src/airodump-ng + airodump_ng_LDADD = $(COMMON_LDADD) $(PCRE_LIBS) $(PCRE2_LIBS) $(LIBAIRCRACK_OSDEP_LIBS) $(LIBACCRYPTO_LIBS) $(LIBAIRCRACK_CE_WEP_LIBS) $(AIRPCAP_LIBS) $(LIBAIRCRACK_LIBS) $(CRYPTO_LIBS) + +@@ -163,7 +163,7 @@ buddy_ng_CPPFLAGS = $(AM_CPPFLAGS) -I$(a + buddy_ng_LDADD = $(COMMON_LDADD) $(LIBAIRCRACK_LIBS) $(CRYPTO_LIBS) + + besside_ng_SOURCES = $(SRC_BS) +-besside_ng_CFLAGS = $(COMMON_CFLAGS) $(PCRE_CFLAGS) $(LIBNL_CFLAGS) ++besside_ng_CFLAGS = $(COMMON_CFLAGS) $(PCRE_CFLAGS) $(PCRE2_CFLAGS) $(LIBNL_CFLAGS) + besside_ng_LDADD = $(COMMON_LDADD) $(PCRE_LIBS) $(PCRE2_LIBS) $(LIBAIRCRACK_OSDEP_LIBS) $(LIBACCRYPTO_LIBS) $(LIBPTW_LIBS) $(AIRPCAP_LIBS) $(LIBAIRCRACK_LIBS) $(CRYPTO_LIBS) + + besside_ng_crawler_SOURCES = $(SRC_BC) diff --git a/net/aircrack-ng/patches/101-03-lib-makefile-add-PCRE2-to-libaccrypto-and-libaircrac.patch b/net/aircrack-ng/patches/101-03-lib-makefile-add-PCRE2-to-libaccrypto-and-libaircrac.patch new file mode 100644 index 0000000000..803b188435 --- /dev/null +++ b/net/aircrack-ng/patches/101-03-lib-makefile-add-PCRE2-to-libaccrypto-and-libaircrac.patch @@ -0,0 +1,37 @@ +From 0be8f0d7d8e4a09ea5687bcec6690876b4161a0e Mon Sep 17 00:00:00 2001 +From: Andras Gemes +Date: Mon, 23 Jan 2023 10:46:26 +0100 +Subject: [PATCH 3/6] lib/makefile: add PCRE2 to libaccrypto and libaircrack + +--- + lib/Makefile.inc | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/lib/Makefile.inc ++++ b/lib/Makefile.inc +@@ -65,8 +65,8 @@ SRC_CRYPTO += %D%/crypto/sha1-git.c + endif + + libaccrypto_la_SOURCES = $(SRC_CRYPTO) +-libaccrypto_la_CFLAGS = $(COMMON_CFLAGS) $(PCRE_CFLAGS) +-libaccrypto_la_LIBADD = $(PCRE_LIBS) $(LIBAIRCRACK_OSDEP_LIBS) $(CRYPTO_LDFLAGS) $(CRYPTO_LIBS) ++libaccrypto_la_CFLAGS = $(COMMON_CFLAGS) $(PCRE_CFLAGS) $(PCRE2_CFLAGS) ++libaccrypto_la_LIBADD = $(PCRE_LIBS) $(PCRE2_LIBS) $(LIBAIRCRACK_OSDEP_LIBS) $(CRYPTO_LDFLAGS) $(CRYPTO_LIBS) + + libcowpatty_la_SOURCES = $(SRC_COW) + libcowpatty_la_CFLAGS = $(COMMON_CFLAGS) $(LIBCOW_CFLAGS) +@@ -121,12 +121,12 @@ SRC_LIBAC += %D%/libac/support/strlcpy.c + endif + + libaircrack_la_SOURCES = $(SRC_LIBAC) $(TRAMPOLINE) $(CPUSET) +-libaircrack_la_CFLAGS = $(COMMON_CFLAGS) $(PCRE_CFLAGS) \ ++libaircrack_la_CFLAGS = $(COMMON_CFLAGS) $(PCRE_CFLAGS) $(PCRE2_CFLAGS) \ + "-DLIBAIRCRACK_CE_WPA_PATH=\"$(LIBAIRCRACK_CE_WPA_PATH)\"" \ + "-DABS_TOP_SRCDIR=\"$(abs_top_srcdir)\"" \ + "-DABS_TOP_BUILDDIR=\"$(abs_top_builddir)\"" \ + "-DLIBDIR=\"$(libdir)\"" +-libaircrack_la_LIBADD = $(COMMON_LDADD) $(LIBAIRCRACK_OSDEP_LIBS) $(PCRE_LIBS) $(CRYPTO_LDFLAGS) $(CRYPTO_LIBS) ++libaircrack_la_LIBADD = $(COMMON_LDADD) $(LIBAIRCRACK_OSDEP_LIBS) $(PCRE_LIBS) $(PCRE2_LIBS) $(CRYPTO_LDFLAGS) $(CRYPTO_LIBS) + + if CYGWIN + libaircrack_la_LIBADD += -lshlwapi diff --git a/net/aircrack-ng/patches/102-autotools-indicate-if-PCRE-or-PCRE2-is-being-used.patch b/net/aircrack-ng/patches/102-autotools-indicate-if-PCRE-or-PCRE2-is-being-used.patch new file mode 100644 index 0000000000..8dc2ce4d88 --- /dev/null +++ b/net/aircrack-ng/patches/102-autotools-indicate-if-PCRE-or-PCRE2-is-being-used.patch @@ -0,0 +1,132 @@ +From b381ef3f6b6cc83a4aa016f4c0aebb58fcffcf3f Mon Sep 17 00:00:00 2001 +From: Andras Gemes +Date: Mon, 23 Jan 2023 16:58:38 +0100 +Subject: [PATCH] autotools: indicate if PCRE or PCRE2 is being used + +--- + build/m4/aircrack_ng_pcre.m4 | 28 ++++++++++++++-- + build/m4/aircrack_ng_pcre2.m4 | 61 ----------------------------------- + configure.ac | 3 +- + 3 files changed, 26 insertions(+), 66 deletions(-) + delete mode 100644 build/m4/aircrack_ng_pcre2.m4 + +--- a/build/m4/aircrack_ng_pcre.m4 ++++ b/build/m4/aircrack_ng_pcre.m4 +@@ -55,7 +55,29 @@ else + PKG_CHECK_MODULES(PCRE, libpcre, HAVE_PCRE=yes, HAVE_PCRE=no) + fi + +-AS_IF([test "x$HAVE_PCRE" = "xyes"], [ ++AC_ARG_ENABLE(static-pcre2, ++ AS_HELP_STRING([--enable-static-pcre2], ++ [Enable statically linked PCRE2 libpcre2-8.]), ++ [static_pcre2=$enableval], [static_pcre2=no]) ++ ++if test "x$static_pcre2" != "xno"; then ++ AC_REQUIRE([AX_EXT_HAVE_STATIC_LIB_DETECT]) ++ AX_EXT_HAVE_STATIC_LIB(PCRE2, ${DEFAULT_STATIC_LIB_SEARCH_PATHS}, pcre2 libpcre2-8, pcre2_version) ++ if test "x$PCRE2_FOUND" = xyes; then ++ HAVE_PCRE2=yes ++ else ++ HAVE_PCRE2=no ++ fi ++else ++ PKG_CHECK_MODULES(PCRE2, libpcre2-8, HAVE_PCRE2=yes, HAVE_PCRE2=no) ++fi ++ ++if test "x$HAVE_PCRE" = "xyes" && test "x$HAVE_PCRE2" = "xyes"; then ++ AC_DEFINE([HAVE_PCRE2], [1], [Define this if you have libpcre2-8 on your system]) ++ PCRE2_NOTE="(Pcre and Pcre2 found, using Pcre2)" ++elif test "x$HAVE_PCRE" = "xyes"; then + AC_DEFINE([HAVE_PCRE], [1], [Define this if you have libpcre on your system]) +-]) +-]) ++elif test "x$HAVE_PCRE2" = "xyes"; then ++ AC_DEFINE([HAVE_PCRE2], [1], [Define this if you have libpcre2-8 on your system]) ++fi ++]) +\ No newline at end of file +--- a/build/m4/aircrack_ng_pcre2.m4 ++++ /dev/null +@@ -1,61 +0,0 @@ +-dnl Aircrack-ng +-dnl +-dnl Copyright (C) 2023 Andras Gemes +-dnl +-dnl Autotool support was written by: Joseph Benden +-dnl +-dnl This program is free software; you can redistribute it and/or modify +-dnl it under the terms of the GNU General Public License as published by +-dnl the Free Software Foundation; either version 2 of the License, or +-dnl (at your option) any later version. +-dnl +-dnl This program is distributed in the hope that it will be useful, +-dnl but WITHOUT ANY WARRANTY; without even the implied warranty of +-dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-dnl GNU General Public License for more details. +-dnl +-dnl You should have received a copy of the GNU General Public License +-dnl along with this program; if not, write to the Free Software +-dnl Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA +-dnl +-dnl In addition, as a special exception, the copyright holders give +-dnl permission to link the code of portions of this program with the +-dnl OpenSSL library under certain conditions as described in each +-dnl individual source file, and distribute linked combinations +-dnl including the two. +-dnl +-dnl You must obey the GNU General Public License in all respects +-dnl for all of the code used other than OpenSSL. +-dnl +-dnl If you modify file(s) with this exception, you may extend this +-dnl exception to your dnl version of the file(s), but you are not obligated +-dnl to do so. +-dnl +-dnl If you dnl do not wish to do so, delete this exception statement from your +-dnl version. +-dnl +-dnl If you delete this exception statement from all source files in the +-dnl program, then also delete it here. +- +-AC_DEFUN([AIRCRACK_NG_PCRE2], [ +-AC_ARG_ENABLE(static-pcre2, +- AS_HELP_STRING([--enable-static-pcre2], +- [Enable statically linked PCRE2 libpcre2-8.]), +- [static_pcre2=$enableval], [static_pcre2=no]) +- +-if test "x$static_pcre2" != "xno"; then +- AC_REQUIRE([AX_EXT_HAVE_STATIC_LIB_DETECT]) +- AX_EXT_HAVE_STATIC_LIB(PCRE2, ${DEFAULT_STATIC_LIB_SEARCH_PATHS}, pcre2 libpcre2-8, pcre2_version) +- if test "x$PCRE2_FOUND" = xyes; then +- HAVE_PCRE2=yes +- else +- HAVE_PCRE2=no +- fi +-else +- PKG_CHECK_MODULES(PCRE2, libpcre2-8, HAVE_PCRE2=yes, HAVE_PCRE2=no) +-fi +- +-AS_IF([test "x$HAVE_PCRE2" = "xyes"], [ +- AC_DEFINE([HAVE_PCRE2], [1], [Define this if you have libpcre2-8 on your system]) +-]) +-]) +\ No newline at end of file +--- a/configure.ac ++++ b/configure.ac +@@ -144,7 +144,6 @@ AIRCRACK_NG_EXT_SCRIPTS + AIRCRACK_NG_HWLOC + AIRCRACK_NG_PCAP + AIRCRACK_NG_PCRE +-AIRCRACK_NG_PCRE2 + AIRCRACK_NG_RFKILL + AIRCRACK_NG_SQLITE + AIRCRACK_NG_ZLIB +@@ -321,7 +320,7 @@ ${PACKAGE} ${VERSION} + Jemalloc: ${JEMALLOC} + Pcap: ${PCAP_FOUND} + Pcre: ${HAVE_PCRE} +- Pcre2: ${HAVE_PCRE2} ++ Pcre2: ${HAVE_PCRE2} ${PCRE2_NOTE} + Sqlite: ${HAVE_SQLITE3} + Tcmalloc: ${TCMALLOC} + Zlib: ${HAVE_ZLIB} diff --git a/net/aircrack-ng/patches/103-autotools-reset-PCRE-CFLAGS-LIBS-with-both-PCRE-and-.patch b/net/aircrack-ng/patches/103-autotools-reset-PCRE-CFLAGS-LIBS-with-both-PCRE-and-.patch new file mode 100644 index 0000000000..677cb321db --- /dev/null +++ b/net/aircrack-ng/patches/103-autotools-reset-PCRE-CFLAGS-LIBS-with-both-PCRE-and-.patch @@ -0,0 +1,39 @@ +From b8d0b8cb6caa6940443b3e6ca32efc78d0c9d00e Mon Sep 17 00:00:00 2001 +From: Christian Marangi +Date: Sun, 1 Oct 2023 00:32:16 +0200 +Subject: [PATCH] autotools: reset PCRE CFLAGS/LIBS with both PCRE and PCRE2 + present + +Commit b381ef3f6b6c ("autotools: indicate if PCRE or PCRE2 is being +used") fixed a case where both pcre and pcre2 library are detected and +put a preference on using pcre2. + +Although the commit fix this corner case, there is still a latent +problem with trying to link/include both library. This is caused by the +fact that in the Makefile.inc for src and lib, we include both +PCRE_CFLAGS and PCRE2_CFLAGS and PCRE_LIBS and PCRE2_LIBS for each +tool/lib. + +To handle this and not bloat the Makefile with additional condition, +simply reset the PCRE_CFLAGS and PCRE_LIBS in case where we detect both +library and we prefer to use pcre2. + +Fixes: b381ef3f6b6c ("autotools: indicate if PCRE or PCRE2 is being used") +Signed-off-by: Christian Marangi +--- + build/m4/aircrack_ng_pcre.m4 | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/build/m4/aircrack_ng_pcre.m4 ++++ b/build/m4/aircrack_ng_pcre.m4 +@@ -75,6 +75,10 @@ fi + if test "x$HAVE_PCRE" = "xyes" && test "x$HAVE_PCRE2" = "xyes"; then + AC_DEFINE([HAVE_PCRE2], [1], [Define this if you have libpcre2-8 on your system]) + PCRE2_NOTE="(Pcre and Pcre2 found, using Pcre2)" ++ # Reset PCRE cflags and libs variables as we include both PCRE and PCRE2 in Makefile.inc ++ # and would result in trying to link/include both library. ++ PCRE_CFLAGS="" ++ PCRE_LIBS="" + elif test "x$HAVE_PCRE" = "xyes"; then + AC_DEFINE([HAVE_PCRE], [1], [Define this if you have libpcre on your system]) + elif test "x$HAVE_PCRE2" = "xyes"; then diff --git a/net/atftp/Makefile b/net/atftp/Makefile index 9478f06975..cabdd3efd3 100644 --- a/net/atftp/Makefile +++ b/net/atftp/Makefile @@ -7,12 +7,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=atftp -PKG_VERSION:=0.7.5 +PKG_VERSION:=0.8.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=@SF/$(PKG_NAME) -PKG_HASH:=93c87a4fb18218414e008e01c995dadd231ba4c752d0f894b34416d1e6d3038a +PKG_HASH:=df2aa089c7670f9eab40e5598e5d2cb6a582dc5182926ea50b4d690e4e37f316 PKG_MAINTAINER:=Daniel Danzberger PKG_LICENSE:=GPL-2.0-or-later @@ -21,6 +21,8 @@ PKG_LICENSE_FILES:=LICENSE PKG_INSTALL:=1 PKG_BUILD_PARALLEL:=1 +PKG_FIXUP:=autoreconf + include $(INCLUDE_DIR)/package.mk define Package/atftp/Default @@ -38,7 +40,7 @@ endef define Package/atftpd $(call Package/atftp/Default) - DEPENDS:=+libpcre +libpthread + DEPENDS:=+libpcre2 +libpthread TITLE+= server endef diff --git a/net/banip/Makefile b/net/banip/Makefile index fbcfd97912..0c9f4460fa 100644 --- a/net/banip/Makefile +++ b/net/banip/Makefile @@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=banip -PKG_VERSION:=0.9.0 +PKG_VERSION:=0.9.1 PKG_RELEASE:=1 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/banip/files/README.md b/net/banip/files/README.md index 0ab0aac285..d65e6e391f 100644 --- a/net/banip/files/README.md +++ b/net/banip/files/README.md @@ -162,9 +162,8 @@ Available commands: | ban_dev | list | - / autodetect | wan device(s), e.g. 'eth2' | | ban_vlanallow | list | - | always allow certain VLAN forwards, e.g. br-lan.20 | | ban_vlanblock | list | - | always block certain VLAN forwards, e.g. br-lan.10 | -| ban_trigger | list | - | logical startup trigger interface(s), e.g. 'wan' | -| ban_triggerdelay | option | 10 | trigger timeout before banIP processing begins | -| ban_triggeraction | option | start | trigger action on ifup events, e.g. start, restart or reload | +| ban_trigger | list | - | logical reload trigger interface(s), e.g. 'wan' | +| ban_triggerdelay | option | 10 | trigger timeout during interface reload and boot | | ban_deduplicate | option | 1 | deduplicate IP addresses across all active Sets | | ban_splitsize | option | 0 | split ext. Sets after every n lines/members (saves RAM) | | ban_cores | option | - / autodetect | limit the cpu cores used by banIP (saves RAM) | @@ -176,6 +175,7 @@ Available commands: | ban_asn | list | - | ASNs for the 'asn' feed, e.g.'32934' | | ban_country | list | - | country iso codes for the 'country' feed, e.g. 'ru' | | ban_blockpolicy | option | - | limit the default block policy to a certain chain, e.g. 'input', 'forwardwan' or 'forwardlan' | +| ban_blocktype | option | drop | 'drop' packets silently on input and forwardwan chains or actively 'reject' the traffic | | ban_blockinput | list | - | limit a feed to the wan-input chain, e.g. 'country' | | ban_blockforwardwan | list | - | limit a feed to the wan-forward chain, e.g. 'debl' | | ban_blockforwardlan | list | - | limit a feed to the lan-forward chain, e.g. 'doh' | diff --git a/net/banip/files/banip-functions.sh b/net/banip/files/banip-functions.sh index 5457536350..c0c4ea9595 100644 --- a/net/banip/files/banip-functions.sh +++ b/net/banip/files/banip-functions.sh @@ -65,6 +65,7 @@ ban_splitsize="0" ban_autodetect="1" ban_feed="" ban_blockpolicy="" +ban_blocktype="drop" ban_blockinput="" ban_blockforwardwan="" ban_blockforwardlan="" @@ -86,7 +87,6 @@ ban_cores="" ban_memory="" ban_packages="" ban_trigger="" -ban_triggerdelay="10" ban_resolver="" ban_enabled="0" ban_debug="0" @@ -283,8 +283,6 @@ f_conf() { } } config_load banip - - [ "${ban_action}" = "boot" ] && [ -z "${ban_trigger}" ] && sleep ${ban_triggerdelay} } # get nft/monitor actuals @@ -421,15 +419,10 @@ f_getdev() { network_flush_cache for iface in ${ban_ifv4} ${ban_ifv6}; do network_get_device dev "${iface}" - if [ -n "${dev}" ]; then - if printf "%s" "${dev}" | "${ban_grepcmd}" -qE "pppoe|6in4"; then - dev="${iface}" - fi - if ! printf " %s " "${ban_dev}" | "${ban_grepcmd}" -q " ${dev} "; then - ban_dev="${ban_dev}${dev} " - uci_add_list banip global ban_dev "${dev}" - f_log "info" "add device '${dev}' to config" - fi + if [ -n "${dev}" ] && ! printf " %s " "${ban_dev}" | "${ban_grepcmd}" -q " ${dev} "; then + ban_dev="${ban_dev}${dev} " + uci_add_list banip global ban_dev "${dev}" + f_log "info" "add device '${dev}' to config" fi done cnt="$((cnt + 1))" @@ -495,13 +488,15 @@ f_getuplink() { f_getfeed() { json_init if [ -s "${ban_customfeedfile}" ]; then - if ! json_load_file "${ban_customfeedfile}" >/dev/null 2>&1; then + if json_load_file "${ban_customfeedfile}" >/dev/null 2>&1; then + return + else f_log "info" "can't load banIP custom feed file" - if ! json_load_file "${ban_feedfile}" >/dev/null 2>&1; then - f_log "err" "can't load banIP feed file" - fi fi - elif ! json_load_file "${ban_feedfile}" >/dev/null 2>&1; then + fi + if [ -s "${ban_feedfile}" ] && json_load_file "${ban_feedfile}" >/dev/null 2>&1; then + return + else f_log "err" "can't load banIP feed file" fi } @@ -526,9 +521,9 @@ f_etag() { etag_id="$(printf "%s" "${http_head}" | "${ban_awkcmd}" 'tolower($0)~/^[[:space:]]*etag: /{gsub("\"","");printf "%s",$2}')" etag_rc="${?}" - if [ "${http_code}" = "404" ] || { [ "${etag_rc}" = "0" ] && [ -n "${etag_id}" ] && "${ban_grepcmd}" -q "^${feed}${feed_suffix}.*${etag_id}\$" "${ban_backupdir}/banIP.etag"; }; then + if [ "${http_code}" = "404" ] || { [ "${etag_rc}" = "0" ] && [ -n "${etag_id}" ] && "${ban_grepcmd}" -q "^${feed}${feed_suffix}[[:space:]]\+${etag_id}\$" "${ban_backupdir}/banIP.etag"; }; then out_rc="0" - elif [ "${etag_rc}" = "0" ] && [ -n "${etag_id}" ] && ! "${ban_grepcmd}" -q "^${feed}${feed_suffix}.*${etag_id}\$" "${ban_backupdir}/banIP.etag"; then + elif [ "${etag_rc}" = "0" ] && [ -n "${etag_id}" ] && ! "${ban_grepcmd}" -q "^${feed}${feed_suffix}[[:space:]]\+${etag_id}\$" "${ban_backupdir}/banIP.etag"; then "${ban_sedcmd}" -i "/^${feed}${feed_suffix}/d" "${ban_backupdir}/banIP.etag" printf "%-20s%s\n" "${feed}${feed_suffix}" "${etag_id}" >>"${ban_backupdir}/banIP.etag" out_rc="2" @@ -559,6 +554,12 @@ f_nftinit() { printf "%s\n" "add chain inet banIP wan-input { type filter hook input priority ${ban_nftpriority}; policy accept; }" printf "%s\n" "add chain inet banIP wan-forward { type filter hook forward priority ${ban_nftpriority}; policy accept; }" printf "%s\n" "add chain inet banIP lan-forward { type filter hook forward priority ${ban_nftpriority}; policy accept; }" + printf "%s\n" "add chain inet banIP reject-chain" + + # default reject rules + # + printf "%s\n" "add rule inet banIP reject-chain meta l4proto tcp reject with tcp reset" + printf "%s\n" "add rule inet banIP reject-chain reject" # default wan-input rules # @@ -581,7 +582,7 @@ f_nftinit() { printf "%s\n" "add rule inet banIP lan-forward ct state established,related counter accept" printf "%s\n" "add rule inet banIP lan-forward oifname != { ${wan_dev} } counter accept" [ -n "${vlan_allow}" ] && printf "%s\n" "add rule inet banIP lan-forward iifname { ${vlan_allow} } counter accept" - [ -n "${vlan_block}" ] && printf "%s\n" "add rule inet banIP lan-forward iifname { ${vlan_block} } counter reject" + [ -n "${vlan_block}" ] && printf "%s\n" "add rule inet banIP lan-forward iifname { ${vlan_block} } counter goto reject-chain" } >"${file}" # load initial banIP table within nft (atomic load) @@ -609,9 +610,9 @@ f_down() { tmp_nft="${ban_tmpfile}.${feed}.nft" tmp_allow="${ban_tmpfile}.${feed%v*}" - [ "${ban_loginput}" = "1" ] && log_input="log level ${ban_nftloglevel} prefix \"banIP/inp-wan/drp/${feed}: \"" - [ "${ban_logforwardwan}" = "1" ] && log_forwardwan="log level ${ban_nftloglevel} prefix \"banIP/fwd-wan/drp/${feed}: \"" - [ "${ban_logforwardlan}" = "1" ] && log_forwardlan="log level ${ban_nftloglevel} prefix \"banIP/fwd-lan/rej/${feed}: \"" + [ "${ban_loginput}" = "1" ] && log_input="log level ${ban_nftloglevel} prefix \"banIP/inp-wan/${ban_blocktype}/${feed}: \"" + [ "${ban_logforwardwan}" = "1" ] && log_forwardwan="log level ${ban_nftloglevel} prefix \"banIP/fwd-wan/${ban_blocktype}/${feed}: \"" + [ "${ban_logforwardlan}" = "1" ] && log_forwardlan="log level ${ban_nftloglevel} prefix \"banIP/fwd-lan/reject/${feed}: \"" # set feed block direction # @@ -724,21 +725,29 @@ f_down() { printf "%s\n" "add set inet banIP ${feed} { type ipv4_addr; flags interval; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }" if [ -z "${feed_direction##*input*}" ]; then if [ "${ban_allowlistonly}" = "1" ]; then - printf "%s\n" "add rule inet banIP wan-input ip saddr != @${feed} ${log_input} counter drop" + if [ "${ban_blocktype}" = "reject" ]; then + printf "%s\n" "add rule inet banIP wan-input ip saddr != @${feed} ${log_input} counter goto reject-chain" + else + printf "%s\n" "add rule inet banIP wan-input ip saddr != @${feed} ${log_input} counter drop" + fi else printf "%s\n" "add rule inet banIP wan-input ip saddr @${feed} counter accept" fi fi if [ -z "${feed_direction##*forwardwan*}" ]; then if [ "${ban_allowlistonly}" = "1" ]; then - printf "%s\n" "add rule inet banIP wan-forward ip saddr != @${feed} ${log_forwardwan} counter drop" + if [ "${ban_blocktype}" = "reject" ]; then + printf "%s\n" "add rule inet banIP wan-forward ip saddr != @${feed} ${log_forwardwan} counter goto reject-chain" + else + printf "%s\n" "add rule inet banIP wan-forward ip saddr != @${feed} ${log_forwardwan} counter drop" + fi else printf "%s\n" "add rule inet banIP wan-forward ip saddr @${feed} counter accept" fi fi if [ -z "${feed_direction##*forwardlan*}" ]; then if [ "${ban_allowlistonly}" = "1" ]; then - printf "%s\n" "add rule inet banIP lan-forward ip daddr != @${feed} ${log_forwardlan} counter reject with icmp type admin-prohibited" + printf "%s\n" "add rule inet banIP lan-forward ip daddr != @${feed} ${log_forwardlan} counter goto reject-chain" else printf "%s\n" "add rule inet banIP lan-forward ip daddr @${feed} counter accept" fi @@ -749,21 +758,29 @@ f_down() { printf "%s\n" "add set inet banIP ${feed} { type ipv6_addr; flags interval; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }" if [ -z "${feed_direction##*input*}" ]; then if [ "${ban_allowlistonly}" = "1" ]; then - printf "%s\n" "add rule inet banIP wan-input ip6 saddr != @${feed} ${log_input} counter drop" + if [ "${ban_blocktype}" = "reject" ]; then + printf "%s\n" "add rule inet banIP wan-input ip6 saddr != @${feed} ${log_input} counter goto reject-chain" + else + printf "%s\n" "add rule inet banIP wan-input ip6 saddr != @${feed} ${log_input} counter drop" + fi else printf "%s\n" "add rule inet banIP wan-input ip6 saddr @${feed} counter accept" fi fi if [ -z "${feed_direction##*forwardwan*}" ]; then if [ "${ban_allowlistonly}" = "1" ]; then - printf "%s\n" "add rule inet banIP wan-forward ip6 saddr != @${feed} ${log_forwardwan} counter drop" + if [ "${ban_blocktype}" = "reject" ]; then + printf "%s\n" "add rule inet banIP wan-forward ip6 saddr != @${feed} ${log_forwardwan} counter goto reject-chain" + else + printf "%s\n" "add rule inet banIP wan-forward ip6 saddr != @${feed} ${log_forwardwan} counter drop" + fi else printf "%s\n" "add rule inet banIP wan-forward ip6 saddr @${feed} counter accept" fi fi if [ -z "${feed_direction##*forwardlan*}" ]; then if [ "${ban_allowlistonly}" = "1" ]; then - printf "%s\n" "add rule inet banIP lan-forward ip6 daddr != @${feed} ${log_forwardlan} counter reject with icmpv6 type admin-prohibited" + printf "%s\n" "add rule inet banIP lan-forward ip6 daddr != @${feed} ${log_forwardlan} counter goto reject-chain" else printf "%s\n" "add rule inet banIP lan-forward ip6 daddr @${feed} counter accept" fi @@ -778,11 +795,11 @@ f_down() { if [ "${proto}" = "4MAC" ]; then "${ban_awkcmd}" '/^([0-9A-f]{2}:){5}[0-9A-f]{2}(\/([0-9]|[1-3][0-9]|4[0-8]))?([[:space:]]+([0-9]{1,3}\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\/(1?[0-9]|2?[0-9]|3?[0-2]))?[[:space:]]*$|[[:space:]]+$|$)/{if(!$2)$2="0.0.0.0/0";if(!seen[$1]++)printf "%s . %s, ",tolower($1),$2}' "${ban_blocklist}" >"${tmp_file}" printf "%s\n" "add set inet banIP ${feed} { type ether_addr . ipv4_addr; flags interval; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }" - [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ether saddr . ip saddr @${feed} counter reject" + [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ether saddr . ip saddr @${feed} counter goto reject-chain" elif [ "${proto}" = "6MAC" ]; then "${ban_awkcmd}" '/^([0-9A-f]{2}:){5}[0-9A-f]{2}(\/([0-9]|[1-3][0-9]|4[0-8]))?([[:space:]]+([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\/(1?[0-2][0-8]|[0-9][0-9]))?[[:space:]]*$|[[:space:]]+$|$)/{if(!$2)$2="::/0";if(!seen[$1]++)printf "%s . %s, ",tolower($1),$2}' "${ban_blocklist}" >"${tmp_file}" printf "%s\n" "add set inet banIP ${feed} { type ether_addr . ipv6_addr; flags interval; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }" - [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ether saddr . ip6 saddr @${feed} counter reject" + [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ether saddr . ip6 saddr @${feed} counter goto reject-chain" elif [ "${proto}" = "4" ]; then if [ "${ban_deduplicate}" = "1" ]; then "${ban_awkcmd}" '/^(([0-9]{1,3}\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]].*|$)/{printf "%s,\n",$1}' "${ban_blocklist}" >"${tmp_raw}" @@ -794,9 +811,14 @@ f_down() { fi "${ban_awkcmd}" '{ORS=" ";print}' "${tmp_split}" 2>/dev/null >"${tmp_file}" printf "%s\n" "add set inet banIP ${feed} { type ipv4_addr; flags interval, timeout; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }" - [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip saddr @${feed} ${log_input} counter drop" - [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip saddr @${feed} ${log_forwardwan} counter drop" - [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip daddr @${feed} ${log_forwardlan} counter reject with icmp type admin-prohibited" + if [ "${ban_blocktype}" = "reject" ]; then + [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip saddr @${feed} ${log_input} counter goto reject-chain" + [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip saddr @${feed} ${log_forwardwan} counter goto reject-chain" + else + [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip saddr @${feed} ${log_input} counter drop" + [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip saddr @${feed} ${log_forwardwan} counter drop" + fi + [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip daddr @${feed} ${log_forwardlan} counter goto reject-chain" elif [ "${proto}" = "6" ]; then if [ "${ban_deduplicate}" = "1" ]; then "${ban_awkcmd}" '!/^([0-9A-f]{2}:){5}[0-9A-f]{2}.*/{printf "%s\n",$1}' "${ban_blocklist}" | @@ -810,9 +832,14 @@ f_down() { fi "${ban_awkcmd}" '{ORS=" ";print}' "${tmp_split}" 2>/dev/null >"${tmp_file}" printf "%s\n" "add set inet banIP ${feed} { type ipv6_addr; flags interval, timeout; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }" - [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip6 saddr @${feed} ${log_input} counter drop" - [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip6 saddr @${feed} ${log_forwardwan} counter drop" - [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip6 daddr @${feed} ${log_forwardlan} counter reject with icmpv6 type admin-prohibited" + if [ "${ban_blocktype}" = "reject" ]; then + [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip6 saddr @${feed} ${log_input} counter goto reject-chain" + [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip6 saddr @${feed} ${log_forwardwan} counter goto reject-chain" + else + [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip6 saddr @${feed} ${log_input} counter drop" + [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip6 saddr @${feed} ${log_forwardwan} counter drop" + fi + [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip6 daddr @${feed} ${log_forwardlan} counter goto reject-chain" fi } >"${tmp_nft}" feed_rc="0" @@ -907,9 +934,14 @@ f_down() { # input and forward rules # - [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip saddr @${feed} ${log_input} counter drop" - [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip saddr @${feed} ${log_forwardwan} counter drop" - [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip daddr @${feed} ${log_forwardlan} counter reject with icmp type admin-prohibited" + if [ "${ban_blocktype}" = "reject" ]; then + [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip saddr @${feed} ${log_input} counter goto reject-chain" + [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip saddr @${feed} ${log_forwardwan} counter goto reject-chain" + else + [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip saddr @${feed} ${log_input} counter drop" + [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip saddr @${feed} ${log_forwardwan} counter drop" + fi + [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip daddr @${feed} ${log_forwardlan} counter goto reject-chain" } >"${tmp_nft}" elif [ "${feed_rc}" = "0" ] && [ "${proto}" = "6" ]; then { @@ -921,9 +953,14 @@ f_down() { # input and forward rules # - [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip6 saddr @${feed} ${log_input} counter drop" - [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip6 saddr @${feed} ${log_forwardwan} counter drop" - [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip6 daddr @${feed} ${log_forwardlan} counter reject with icmpv6 type admin-prohibited" + if [ "${ban_blocktype}" = "reject" ]; then + [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip6 saddr @${feed} ${log_input} counter goto reject-chain" + [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip6 saddr @${feed} ${log_forwardwan} counter goto reject-chain" + else + [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip6 saddr @${feed} ${log_input} counter drop" + [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip6 saddr @${feed} ${log_forwardwan} counter drop" + fi + [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip6 daddr @${feed} ${log_forwardlan} counter goto reject-chain" } >"${tmp_nft}" fi fi @@ -1035,18 +1072,18 @@ f_rmset() { # generate status information # f_genstatus() { - local object duration item table_sets cnt_elements="0" custom_feed="0" split="0" status="${1}" + local object end_time duration table_sets cnt_elements="0" custom_feed="0" split="0" status="${1}" [ -z "${ban_dev}" ] && f_conf if [ "${status}" = "active" ]; then - if [ -n "${ban_starttime}" ]; then - ban_endtime="$(date "+%s")" - duration="$(((ban_endtime - ban_starttime) / 60))m $(((ban_endtime - ban_starttime) % 60))s" + if [ -n "${ban_starttime}" ] && [ "${ban_action}" != "boot" ]; then + end_time="$(date "+%s")" + duration="$(((end_time - ban_starttime) / 60))m $(((end_time - ban_starttime) % 60))s" fi table_sets="$("${ban_nftcmd}" -tj list ruleset 2>/dev/null | "${ban_jsoncmd}" -qe '@.nftables[@.set.table="banIP"].set.name')" if [ "${ban_reportelements}" = "1" ]; then - for item in ${table_sets}; do - cnt_elements="$((cnt_elements + $("${ban_nftcmd}" -j list set inet banIP "${item}" 2>/dev/null | "${ban_jsoncmd}" -qe '@.nftables[*].set.elem[*]' | wc -l 2>/dev/null)))" + for object in ${table_sets}; do + cnt_elements="$((cnt_elements + $("${ban_nftcmd}" -j list set inet banIP "${object}" 2>/dev/null | "${ban_jsoncmd}" -qe '@.nftables[*].set.elem[*]' | wc -l 2>/dev/null)))" done fi runtime="action: ${ban_action:-"-"}, fetch: ${ban_fetchcmd##*/}, duration: ${duration:-"-"}, date: $(date "+%Y-%m-%d %H:%M:%S")" @@ -1437,13 +1474,11 @@ f_monitor() { local nft_expiry line proto ip log_raw log_count rdap_log rdap_rc rdap_elements rdap_info if [ -x "${ban_logreadcmd}" ] && [ -n "${ban_logterm%%??}" ] && [ "${ban_loglimit}" != "0" ]; then - f_log "info" "start detached banIP log service" [ -n "${ban_nftexpiry}" ] && nft_expiry="timeout $(printf "%s" "${ban_nftexpiry}" | "${ban_grepcmd}" -oE "([0-9]+[d|h|m|s])+$")" - "${ban_logreadcmd}" -fe "${ban_logterm%%??}" 2>/dev/null | while read -r line; do - : >"{ban_rdapfile}" + : >"${ban_rdapfile}" proto="" ip="$(printf "%s" "${line}" | "${ban_awkcmd}" 'BEGIN{RS="(([0-9]{1,3}\\.){3}[0-9]{1,3})+"}{if(!seen[RT]++)printf "%s ",RT}')" ip="$(f_trim "${ip}")" @@ -1455,7 +1490,7 @@ f_monitor() { ip="${ip##* }" [ -n "${ip}" ] && proto="v6" fi - if [ -n "${proto}" ] && ! "${ban_nftcmd}" get element inet banIP blocklist"${proto}" "{ ${ip} }" >/dev/null 2>&1; then + if [ -n "${proto}" ] && ! "${ban_nftcmd}" get element inet banIP blocklist"${proto}" "{ ${ip} }" >/dev/null 2>&1 && ! "${ban_grepcmd}" -q "^${ip}" "${ban_allowlist}"; then f_log "info" "suspicious IP '${ip}'" log_raw="$("${ban_logreadcmd}" -l "${ban_loglimit}" 2>/dev/null)" log_count="$(printf "%s\n" "${log_raw}" | "${ban_grepcmd}" -c "suspicious IP '${ip}'")" diff --git a/net/banip/files/banip-service.sh b/net/banip/files/banip-service.sh index 47abf43cac..67b45bff55 100755 --- a/net/banip/files/banip-service.sh +++ b/net/banip/files/banip-service.sh @@ -13,6 +13,7 @@ ban_funlib="/usr/lib/banip-functions.sh" # load config and set banIP environment # +[ "${ban_action}" = "boot" ] && sleep "$(uci_get banip global ban_triggerdelay "10")" f_conf f_log "info" "start banIP processing (${ban_action})" f_log "debug" "f_system ::: system: ${ban_sysver:-"n/a"}, version: ${ban_ver:-"n/a"}, memory: ${ban_memory:-"0"}, cpu_cores: ${ban_cores}" @@ -56,7 +57,11 @@ fi # handle downloads # f_log "info" "start banIP download processes" -[ "${ban_allowlistonly}" = "1" ] && ban_feed="" || f_getfeed +if [ "${ban_allowlistonly}" = "1" ]; then + ban_feed="" +else + f_getfeed +fi [ "${ban_deduplicate}" = "1" ] && printf "\n" >"${ban_tmpfile}.deduplicate" cnt="1" @@ -146,7 +151,7 @@ wait # if [ "${ban_mailnotification}" = "1" ] && [ -n "${ban_mailreceiver}" ] && [ -x "${ban_mailcmd}" ]; then ( - sleep ${ban_triggerdelay} + sleep 5 f_mail ) & fi diff --git a/net/banip/files/banip.init b/net/banip/files/banip.init index db584e2e27..a934b4a919 100755 --- a/net/banip/files/banip.init +++ b/net/banip/files/banip.init @@ -6,7 +6,7 @@ # (s)hellcheck exceptions # shellcheck disable=all -START=30 +START=95 USE_PROCD=1 extra_command "report" "[text|json|mail] Print banIP related Set statistics" @@ -22,8 +22,8 @@ ban_lock="/var/run/banip.lock" [ "${action}" = "boot" ] && "${ban_init}" running && exit 0 { [ "${action}" = "stop" ] || [ "${action}" = "report" ] || [ "${action}" = "search" ] || [ "${action}" = "survey" ] || [ "${action}" = "lookup" ]; } && ! "${ban_init}" running && exit 0 -[ -d "${ban_lock}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "lookup" ]; } && exit 1 -[ ! -d "${ban_lock}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "lookup" ]; } && mkdir -p "${ban_lock}" +[ -d "${ban_lock}" ] && { [ "${action}" = "boot" ] || [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "lookup" ]; } && exit 1 +[ ! -d "${ban_lock}" ] && { [ "${action}" = "boot" ] || [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "lookup" ]; } && mkdir -p "${ban_lock}" boot() { : >"${ban_pidfile}" @@ -32,7 +32,6 @@ boot() { start_service() { if "${ban_init}" enabled; then - [ "${action}" = "boot" ] && [ -n "$(uci_get banip global ban_trigger)" ] && return 0 [ -z "$(command -v "f_system")" ] && . "${ban_funlib}" f_rmpid procd_open_instance "banip-service" @@ -108,15 +107,16 @@ lookup() { } service_triggers() { - local iface trigger trigger_action delay + local iface trigger delay - trigger="$(uci_get banip global ban_trigger)" - trigger_action="$(uci_get banip global ban_triggeraction "start")" delay="$(uci_get banip global ban_triggerdelay "10")" - PROCD_RELOAD_DELAY=$((delay * 1000)) + trigger="$(uci_get banip global ban_trigger)" + PROCD_RELOAD_DELAY="$((delay * 1000))" for iface in ${trigger}; do - procd_add_interface_trigger "interface.*.up" "${iface}" "${ban_init}" "${trigger_action}" + procd_add_interface_trigger "interface.*.up" "${iface}" "${ban_init}" reload done + + PROCD_RELOAD_DELAY="$((2 * 1000))" procd_add_reload_trigger "banip" } diff --git a/net/banip/files/banip.tpl b/net/banip/files/banip.tpl index df5c7e8a18..18b06faf82 100644 --- a/net/banip/files/banip.tpl +++ b/net/banip/files/banip.tpl @@ -6,9 +6,9 @@ # local banip_info report_info log_info system_info mail_text -banip_info="$(/etc/init.d/banip status 2>/dev/null | awk '{NR=1;max=140;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{print substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')" +banip_info="$(/etc/init.d/banip status 2>/dev/null | awk '{NR=1;max=160;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{print substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')" report_info="$(cat ${ban_reportdir}/ban_report.txt 2>/dev/null)" -log_info="$("${ban_logreadcmd}" -l 100 -e "banIP/" 2>/dev/null | awk '{NR=1;max=140;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{print substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')" +log_info="$("${ban_logreadcmd}" -l 100 -e "banIP/" 2>/dev/null | awk '{NR=1;max=160;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{print substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')" system_info="$( strings /etc/banner 2>/dev/null ubus call system board | awk 'BEGIN{FS="[{}\"]"}{if($2=="kernel"||$2=="hostname"||$2=="system"||$2=="model"||$2=="description")printf " + %-12s: %s\n",$2,$4}' diff --git a/net/cni-protocol/Makefile b/net/cni-protocol/Makefile index dbe1498753..3711452b76 100644 --- a/net/cni-protocol/Makefile +++ b/net/cni-protocol/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=cni-protocol -PKG_VERSION:=20230217 +PKG_VERSION:=20231008 PKG_RELEASE:=1 PKG_MAINTAINER:=Oskari Rauta @@ -16,25 +16,44 @@ define Package/cni-protocol endef define Package/cni-protocol/description - protocol support for cni networks for netifd - makes defining network for podman and other similar - systems using cni networking much easier and simpler. + protocol support for netavark/cni networks for netifd + makes defining networks for podman and other similar + systems easier and simple. - with cni protocol support, on a network, where firewall - and portmapper management is disabled, you may control - firewalling with openwrt's default firewall configuration. + with protocol, a network where firewall and portmapper + management is disabled, control of firewalling, whether + it was exposing ports, and forwarding to them from wan, + or limiting/accepting access to other networks such + as lan can made through openwrt's own firewalling + configuration. - for example, create a container that hosts web content on - port 80 with static ip on your cni network, if your - network is 10.88.0.0/16, use for eg. 10.88.0.101 as - your containers static ip address. Create a zone, cni - to your firewall and add your interface to it. + example configuration could be as following: + - lan network: 10.0.0.0/16 (255.255.0.0) + - container network: 10.129.0.1/24 (255.255.255.0) - Now you can easily set up redirectiong to 10.88.0.101:80 - to expose it's port 80 to wan for serving your website. + Add a network configuration for your container network + using cni protocol. Then create firewall zone for it. - Protocol has one setting: device, on podman this often - is cni-podman0. + You could create a new container/pod with static ip + address 10.129.0.2 (as 10.129.0.1 as container network's + gateway). + + Easily define permissions so that local networks can + connect to cni network, but not the other way around. + Also you want to allow forwarding from/to wan. + + Now, as cni cannot access local dns, make a rule for + your firewall to accept connections from cni network + to port 53 (dns). + + Now all you have to do, is make redirects to your firewall + and point them to 10.129.0.2 and connections from wan are + redirectered to containers/pods. + + Protocol has 2 settings: device and delay. Sometimes polling + interfaces takes some time, and in that case you might want + to add few seconds to delay. Otherwise, it can be excluded + from configuration. endef define Build/Configure diff --git a/net/cni-protocol/files/cni.sh b/net/cni-protocol/files/cni.sh index c0cbc3b723..73a37112dc 100755 --- a/net/cni-protocol/files/cni.sh +++ b/net/cni-protocol/files/cni.sh @@ -9,33 +9,50 @@ proto_cni_init_config() { no_device=0 available=0 - no_proto_task=1 - teardown_on_l3_link_down=1 proto_config_add_string "device:device" + proto_config_add_int "delay" } proto_cni_setup() { - local cfg="$1" - local device ipaddr netmask broadcast route routemask routesrc + local iface="$2" + local device delay + + json_get_vars device delay + + [ -n "$device" ] || { + echo "No cni interface specified" + proto_notify_error "$cfg" NO_DEVICE + proto_set_available "$cfg" 0 + return 1 + } + + [ -n "$delay" ] && sleep "$delay" + + [ -L "/sys/class/net/${iface}" ] || { + echo "The specified interface $iface is not present" + proto_notify_error "$cfg" NO_DEVICE + proto_set_available "$cfg" 0 + return 1 + } - json_get_var device device + local ipaddr netmask broadcast route routemask routesrc - ipaddr=$(ip -4 -o a show "$device" | awk '{ print $4 }' | cut -d '/' -f1) - netmask=$(ip -4 -o a show "$device" | awk '{ print $4 }' | cut -d '/' -f2) - broadcast=$(ip -4 -o a show "$device" | awk '{ print $6 }') - route=$(ip -4 -o r show dev "$device" | awk '{ print $1 }' | cut -d '/' -f1) - routemask=$(ip -4 -o r show dev "$device" | awk '{ print $1 }' | cut -d '/' -f2) - routesrc=$(ip -4 -o r show dev "$device" | awk '{ print $7 }') + ipaddr=$(ip -4 -o a show "$iface" | awk '{ print $4 }' | cut -d '/' -f1) + netmask=$(ip -4 -o a show "$iface" | awk '{ print $4 }' | cut -d '/' -f2) + broadcast=$(ip -4 -o a show "$iface" | awk '{ print $6 }') + route=$(ip -4 -o r show dev "$iface" | awk '{ print $1 }' | cut -d '/' -f1) + routemask=$(ip -4 -o r show dev "$iface" | awk '{ print $1 }' | cut -d '/' -f2) + routesrc=$(ip -4 -o r show dev "$iface" | awk '{ print $7 }') [ -z "$ipaddr" ] && { - echo "cni network $cfg does not have ip address" + echo "interface $iface does not have ip address" proto_notify_error "$cfg" NO_IPADDRESS return 1 } - proto_init_update "$device" 1 + proto_init_update "$iface" 1 [ -n "$ipaddr" ] && proto_add_ipv4_address "$ipaddr" "$netmask" "$broadcast" "" [ -n "$route" ] && proto_add_ipv4_route "$route" "$routemask" "" "$routesrc" "" proto_send_update "$cfg" @@ -43,7 +60,6 @@ proto_cni_setup() { proto_cni_teardown() { local cfg="$1" - #proto_set_available "$cfg" 0 return 0 } diff --git a/net/crowdsec-firewall-bouncer/Makefile b/net/crowdsec-firewall-bouncer/Makefile index 82eb69974f..ee8c732233 100644 --- a/net/crowdsec-firewall-bouncer/Makefile +++ b/net/crowdsec-firewall-bouncer/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=crowdsec-firewall-bouncer -PKG_VERSION:=0.0.27 +PKG_VERSION:=0.0.28 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/crowdsecurity/cs-firewall-bouncer/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=2516e700c88e46e6aa58100ff6f343257cc1befdb555d6ab9e124f217ec46ca0 +PKG_HASH:=1e0f4d3cd8bc73da21eafc9b965fda0c1c1b0a27a2acc038004602797e4fccf0 PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE diff --git a/net/esp2net/Makefile b/net/esp2net/Makefile new file mode 100644 index 0000000000..8e0dcbeac1 --- /dev/null +++ b/net/esp2net/Makefile @@ -0,0 +1,48 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=esp2net +PKG_RELEASE:=1 + +PKG_LICENSE:=GPL-2.0-only +PKG_MAINTAINER:=Nuno Gonçalves + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL=https://github.com/nunojpg/esp2net.git +PKG_SOURCE_DATE:=2023-06-20 +PKG_SOURCE_VERSION:=be514c7a50bd8f3aac146ba267856d66cad1abd9 +PKG_MIRROR_HASH:=bb2d180887c14ee3e6bec51ccaae195274a09e4be108a7e69e2126df5245c0b7 + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/cmake.mk + +define Package/esp2net + SECTION:=net + CATEGORY:=Network + TITLE:=Espressif ESP chip network monitor and flash proxy + DEPENDS:=+libstdcpp +endef + +define Package/esp2net/description + Allows to flash a Espressif chip connected to this device. + The functionality is identical to "esp_rfc2217_server.py" but without Python. + Typically you want also to install one or more USB serial drivers: + * kmod-usb-serial-cp210x + * kmod-usb-serial-ftdi + * kmod-usb-serial-ch341 + * kmod-usb-acm +endef + +define Package/esp2net/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/esp2net $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/esp2net.init $(1)/etc/init.d/esp2net + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) ./files/esp2net.config $(1)/etc/config/esp2net +endef + +define Package/esp2net/conffiles +/etc/config/esp2net +endef + +$(eval $(call BuildPackage,esp2net)) diff --git a/net/esp2net/files/esp2net.config b/net/esp2net/files/esp2net.config new file mode 100644 index 0000000000..1059f2bb1e --- /dev/null +++ b/net/esp2net/files/esp2net.config @@ -0,0 +1,4 @@ +config esp2net + option uart '/dev/ttyUSB0' + option port '5001' + option disabled 1 diff --git a/net/esp2net/files/esp2net.init b/net/esp2net/files/esp2net.init new file mode 100755 index 0000000000..437923f852 --- /dev/null +++ b/net/esp2net/files/esp2net.init @@ -0,0 +1,32 @@ +#!/bin/sh /etc/rc.common + +USE_PROCD=1 + +START=95 +STOP=01 + +CONFIGURATION=esp2net +SECTION=esp2net + +parse_esp2net() +{ + local uart + local port + local disabled + config_get uart "${1}" uart + config_get port "${1}" port + config_get_bool disabled "${1}" disabled 0 + [ "$disabled" -eq 1 ] && return; + procd_open_instance + procd_set_param respawn 3600 5 5 + procd_set_param command /usr/sbin/esp2net "$uart" "$port" + procd_set_param file /etc/config/esp2net + procd_set_param stdout 1 + procd_set_param stderr 1 + procd_close_instance +} + +start_service() { + config_load "${CONFIGURATION}" + config_foreach parse_esp2net "${SECTION}" +} diff --git a/net/irssi/Makefile b/net/irssi/Makefile index 85a136bf0c..6047ec4800 100644 --- a/net/irssi/Makefile +++ b/net/irssi/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=irssi -PKG_VERSION:=1.4.4 +PKG_VERSION:=1.4.5 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://github.com/irssi/irssi/releases/download/$(PKG_VERSION)/ -PKG_HASH:=fefe9ec8c7b1475449945c934a2360ab12693454892be47a6d288c63eb107ead +PKG_HASH:=72a951cb0ad622785a8962801f005a3a412736c7e7e3ce152f176287c52fe062 PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=COPYING diff --git a/net/kea/Makefile b/net/kea/Makefile index 1febb30469..c44c088e80 100644 --- a/net/kea/Makefile +++ b/net/kea/Makefile @@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=kea -PKG_VERSION:=2.2.0 +PKG_VERSION:=2.4.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://ftp.isc.org/isc/kea/$(PKG_VERSION) -PKG_HASH:=da7d90ca62a772602dac6e77e507319038422895ad68eeb142f1487d67d531d2 +PKG_HASH:=3a33cd08dc3319ff544e6bbf2c0429042106f4051ebe115dc1bb2625c95003f7 PKG_MAINTAINER:=BangLang Huang , Rosy Song PKG_LICENSE:=MPL-2.0 diff --git a/net/kea/patches/003-no-test-compile.patch b/net/kea/patches/003-no-test-compile.patch index 709e534c65..d22badf04a 100644 --- a/net/kea/patches/003-no-test-compile.patch +++ b/net/kea/patches/003-no-test-compile.patch @@ -76,8 +76,8 @@ -SUBDIRS = . tests +SUBDIRS = . - PYTHON_PREFIX=@prefix@ - PYTHON_EXEC_PREFIX=@prefix@ + pkgpython_PYTHON = kea_conn.py kea_connector3.py + --- a/src/hooks/dhcp/high_availability/Makefile.am +++ b/src/hooks/dhcp/high_availability/Makefile.am @@ -1,4 +1,4 @@ @@ -89,16 +89,16 @@ --- a/src/hooks/dhcp/lease_cmds/Makefile.am +++ b/src/hooks/dhcp/lease_cmds/Makefile.am @@ -1,4 +1,4 @@ --SUBDIRS = . tests -+SUBDIRS = . +-SUBDIRS = . tests libloadtests ++SUBDIRS = . libloadtests AM_CPPFLAGS = -I$(top_builddir)/src/lib -I$(top_srcdir)/src/lib AM_CPPFLAGS += $(BOOST_INCLUDES) --- a/src/hooks/dhcp/stat_cmds/Makefile.am +++ b/src/hooks/dhcp/stat_cmds/Makefile.am @@ -1,4 +1,4 @@ --SUBDIRS = . tests -+SUBDIRS = . +-SUBDIRS = . tests libloadtests ++SUBDIRS = . libloadtests AM_CPPFLAGS = -I$(top_builddir)/src/lib -I$(top_srcdir)/src/lib AM_CPPFLAGS += $(BOOST_INCLUDES) @@ -134,14 +134,6 @@ AM_CPPFLAGS = -I$(top_srcdir)/src/lib -I$(top_builddir)/src/lib AM_CPPFLAGS += $(BOOST_INCLUDES) ---- a/src/lib/cfgrpt/Makefile.am -+++ b/src/lib/cfgrpt/Makefile.am -@@ -1,4 +1,4 @@ --SUBDIRS = . tests -+SUBDIRS = . - - AM_CPPFLAGS = -I$(top_srcdir)/src/lib -I$(top_builddir)/src/lib - AM_CXXFLAGS = $(KEA_CXXFLAGS) --- a/src/lib/config/Makefile.am +++ b/src/lib/config/Makefile.am @@ -1,4 +1,4 @@ @@ -277,8 +269,8 @@ --- a/src/lib/process/Makefile.am +++ b/src/lib/process/Makefile.am @@ -1,4 +1,4 @@ --SUBDIRS = . testutils tests -+SUBDIRS = . +-SUBDIRS = cfgrpt . testutils tests ++SUBDIRS = cfgrpt . testutils # DATA_DIR is the directory where to put PID files. dhcp_data_dir = @runstatedir@/@PACKAGE@ AM_CPPFLAGS = -I$(top_builddir)/src/lib -I$(top_srcdir)/src/lib @@ -308,3 +300,67 @@ AM_CPPFLAGS = -I$(top_srcdir)/src/lib -I$(top_builddir)/src/lib AM_CPPFLAGS += $(BOOST_INCLUDES) +--- a/src/hooks/dhcp/bootp/Makefile.am ++++ b/src/hooks/dhcp/bootp/Makefile.am +@@ -1,4 +1,4 @@ +-SUBDIRS = . tests libloadtests ++SUBDIRS = . libloadtests + + AM_CPPFLAGS = -I$(top_builddir)/src/lib -I$(top_srcdir)/src/lib + AM_CPPFLAGS += $(BOOST_INCLUDES) +--- a/src/hooks/dhcp/flex_option/Makefile.am ++++ b/src/hooks/dhcp/flex_option/Makefile.am +@@ -1,4 +1,4 @@ +-SUBDIRS = . libloadtests tests ++SUBDIRS = . libloadtests + + AM_CPPFLAGS = -I$(top_builddir)/src/lib -I$(top_srcdir)/src/lib + AM_CPPFLAGS += $(BOOST_INCLUDES) +--- a/src/hooks/dhcp/mysql_cb/Makefile.am ++++ b/src/hooks/dhcp/mysql_cb/Makefile.am +@@ -1,4 +1,4 @@ +-SUBDIRS = . tests libloadtests ++SUBDIRS = . libloadtests + + AM_CPPFLAGS = -I$(top_builddir)/src/lib -I$(top_srcdir)/src/lib + AM_CPPFLAGS += $(BOOST_INCLUDES) $(MYSQL_CPPFLAGS) +--- a/src/hooks/dhcp/pgsql_cb/Makefile.am ++++ b/src/hooks/dhcp/pgsql_cb/Makefile.am +@@ -1,4 +1,4 @@ +-SUBDIRS = . tests libloadtests ++SUBDIRS = . libloadtests + + AM_CPPFLAGS = -I$(top_builddir)/src/lib -I$(top_srcdir)/src/lib + AM_CPPFLAGS += $(BOOST_INCLUDES) $(PGSQL_CPPFLAGS) +--- a/src/hooks/dhcp/run_script/Makefile.am ++++ b/src/hooks/dhcp/run_script/Makefile.am +@@ -1,4 +1,4 @@ +-SUBDIRS = . libloadtests tests ++SUBDIRS = . libloadtests + + AM_CPPFLAGS = -I$(top_builddir)/src/lib -I$(top_srcdir)/src/lib + AM_CPPFLAGS += $(BOOST_INCLUDES) +--- a/src/lib/d2srv/Makefile.am ++++ b/src/lib/d2srv/Makefile.am +@@ -1,4 +1,4 @@ +-SUBDIRS = . testutils tests ++SUBDIRS = . testutils + + AM_CPPFLAGS = -I$(top_srcdir)/src/lib -I$(top_builddir)/src/lib + AM_CPPFLAGS += $(BOOST_INCLUDES) +--- a/src/lib/process/cfgrpt/Makefile.am ++++ b/src/lib/process/cfgrpt/Makefile.am +@@ -1,4 +1,4 @@ +-SUBDIRS = . tests ++SUBDIRS = . + + AM_CPPFLAGS = -I$(top_srcdir)/src/lib -I$(top_builddir)/src/lib + AM_CXXFLAGS = $(KEA_CXXFLAGS) +--- a/src/lib/tcp/Makefile.am ++++ b/src/lib/tcp/Makefile.am +@@ -1,4 +1,4 @@ +-SUBDIRS = . tests ++SUBDIRS = . + + AM_CPPFLAGS = -I$(top_builddir)/src/lib -I$(top_srcdir)/src/lib + AM_CPPFLAGS += $(BOOST_INCLUDES) $(CRYPTO_CFLAGS) $(CRYPTO_INCLUDES) diff --git a/net/keepalived/Makefile b/net/keepalived/Makefile index 217b12c13a..62f4373f72 100644 --- a/net/keepalived/Makefile +++ b/net/keepalived/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=keepalived -PKG_VERSION:=2.2.7 -PKG_RELEASE:=10 +PKG_VERSION:=2.2.8 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://www.keepalived.org/software -PKG_HASH:=c61940d874154a560a54627ecf7ef47adebdf832164368d10bf242a4d9b7d49d +PKG_HASH:=85882eb62974f395d4c631be990a41a839594a7e62fbfebcb5649a937a7a1bb6 PKG_CPE_ID:=cpe:/a:keepalived:keepalived PKG_LICENSE:=GPL-2.0-or-later diff --git a/net/keepalived/files/keepalived.init b/net/keepalived/files/keepalived.init index b13f10c40e..63beb29833 100644 --- a/net/keepalived/files/keepalived.init +++ b/net/keepalived/files/keepalived.init @@ -88,8 +88,11 @@ print_notify() { shift local name="$1" shift + local indent="$1" + shift + for notify in "$@"; do - printf '%b%s' "${INDENT_1}" "$notify">> "$KEEPALIVED_CONF" + printf '%b%s' "${indent}" "$notify">> "$KEEPALIVED_CONF" notify="$(echo "$notify" | tr 'a-z' 'A-Z')" printf ' "/bin/busybox env -i ACTION=%s TYPE=%s NAME=%s /sbin/hotplug-call keepalived"\n' "$notify" "$type" "$name" >> "$KEEPALIVED_CONF" done @@ -320,7 +323,7 @@ vrrp_sync_group() { print_elems_indent "$1" "$INDENT_1" no_val_smtp_alert no_val_global_tracking - print_notify "GROUP" "$name" notify_backup notify_master \ + print_notify "GROUP" "$name" "$INDENT_1" notify_backup notify_master \ notify_fault notify config_section_close @@ -352,7 +355,7 @@ vrrp_instance() { no_val_dont_track_primary no_val_smtp_alert no_val_nopreempt \ no_val_use_vmac - print_notify "INSTANCE" "$name" notify_backup notify_master \ + print_notify "INSTANCE" "$name" "$INDENT_1" notify_backup notify_master \ notify_fault notify_stop # Handle virtual_ipaddress & virtual_ipaddress_excluded lists @@ -501,7 +504,12 @@ real_server() { [ -n "$ipaddr" ] && [ -n "$port" ] && { printf '%breal_server %s %d {\n' "${INDENT_1}" "$ipaddr" "$port" >> "$KEEPALIVED_CONF" printf '%bweight %d\n' "${INDENT_2}" "$weight" >> "$KEEPALIVED_CONF" + print_notify "REAL_SERVER" "$name" "$INDENT_2" notify_up notify_down case "$check" in + PING_CHECK) + printf '%b%s {\n' "${INDENT_2}" "$check" >> "$KEEPALIVED_CONF" + printf '%b}\n' "${INDENT_2}" >> "$KEEPALIVED_CONF" + ;; TCP_CHECK) printf '%b%s {\n' "${INDENT_2}" "$check" >> "$KEEPALIVED_CONF" print_elems_indent "$1" "$INDENT_3" connect_timeout \ diff --git a/net/lighttpd/Makefile b/net/lighttpd/Makefile index cd1950cea2..e04350b7ff 100644 --- a/net/lighttpd/Makefile +++ b/net/lighttpd/Makefile @@ -8,14 +8,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lighttpd -PKG_VERSION:=1.4.71 +PKG_VERSION:=1.4.72 PKG_RELEASE:=1 # release candidate ~rcX testing; remove for release #PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://download.lighttpd.net/lighttpd/releases-1.4.x -PKG_HASH:=b8b6915da20396fdc354df3324d5e440169b2e5ea7859e3a775213841325afac +PKG_HASH:=f7cade4d69b754a0748c01463c33cd8b456ca9cc03bb09e85a71bcbcd54e55ec PKG_MAINTAINER:=W. Michael Petullo PKG_LICENSE:=BSD-3-Clause diff --git a/net/lighttpd/patches/020-meson-mod_webdav_min.patch b/net/lighttpd/patches/020-meson-mod_webdav_min.patch index 774eb60e4c..d165618744 100644 --- a/net/lighttpd/patches/020-meson-mod_webdav_min.patch +++ b/net/lighttpd/patches/020-meson-mod_webdav_min.patch @@ -9,7 +9,7 @@ Subject: [PATCH] [meson] mod_webdav_min w/o deps: xml2 sqlite3 uuid --- a/src/meson.build +++ b/src/meson.build -@@ -876,6 +876,16 @@ if libsasl.found() +@@ -877,6 +877,16 @@ if libsasl.found() ] endif diff --git a/net/nextdns/Makefile b/net/nextdns/Makefile index 7061d39e9f..c2caa7d2bd 100644 --- a/net/nextdns/Makefile +++ b/net/nextdns/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nextdns -PKG_VERSION:=1.40.1 +PKG_VERSION:=1.41.0 PKG_RELEASE:=1 PKG_SOURCE:=nextdns-$(PKG_VERSION).tar.gz PKG_SOURCE_VERSION:=v$(PKG_VERSION) PKG_SOURCE_URL:=https://codeload.github.com/nextdns/nextdns/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=5fec5ed5373d94dcaf8b17ddd78d05ccdfd0faa8b4695d9e926d8e71278ea08e +PKG_HASH:=f13439f3c797769add028bff68974d88452add8b026b6da55fa056020ffbe479 PKG_MAINTAINER:=Olivier Poitrey PKG_LICENSE:=MIT diff --git a/net/openssh/Makefile b/net/openssh/Makefile index c5d9699893..ca9380f0b8 100644 --- a/net/openssh/Makefile +++ b/net/openssh/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssh -PKG_VERSION:=9.4p1 +PKG_VERSION:=9.5p1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ -PKG_HASH:=3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85 +PKG_HASH:=f026e7b79ba7fb540f75182af96dc8a8f1db395f922bbc9f6ca603672686086b PKG_LICENSE:=BSD ISC PKG_LICENSE_FILES:=LICENCE diff --git a/net/sshtunnel/Makefile b/net/sshtunnel/Makefile index 0b816dcd37..0238289931 100644 --- a/net/sshtunnel/Makefile +++ b/net/sshtunnel/Makefile @@ -8,8 +8,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=sshtunnel -PKG_VERSION:=4 -PKG_RELEASE:=5 +PKG_VERSION:=5 +PKG_RELEASE:=1 PKG_LICENSE:=GPL-2.0-or-later PKG_MAINTAINER:=Nuno Goncalves @@ -21,7 +21,7 @@ define Package/sshtunnel CATEGORY:=Network SUBMENU:=SSH TITLE:=Manages local and remote openssh ssh(1) tunnels - DEPENDS:=+openssh-client + DEPENDS:=@(DROPBEAR_DBCLIENT||PACKAGE_openssh-client) PKGARCH:=all endef diff --git a/net/sshtunnel/files/sshtunnel.init b/net/sshtunnel/files/sshtunnel.init index 3db8dbb118..8b8f97f933 100644 --- a/net/sshtunnel/files/sshtunnel.init +++ b/net/sshtunnel/files/sshtunnel.init @@ -47,17 +47,18 @@ validate_server_section() { 'Compression:or("yes", "no")' \ 'CompressionLevel:range(1,9)' \ 'IdentityFile:file' \ - 'LogLevel:or("QUIET", "FATAL", "ERROR", "INFO", "VERBOSE", "DEBUG", "DEBUG1", "DEBUG2", "DEBUG3"):INFO' \ + 'LogLevel:or("QUIET", "FATAL", "ERROR", "INFO", "VERBOSE", "DEBUG", "DEBUG1", "DEBUG2", "DEBUG3")' \ 'ServerAliveCountMax:min(1)' \ 'ServerAliveInterval:min(0)' \ - 'StrictHostKeyChecking:or("yes", "no", "accept-new")' \ + 'StrictHostKeyChecking:or("yes", "no", "accept-new"):accept-new' \ 'TCPKeepAlive:or("yes", "no")' \ 'VerifyHostKeyDNS:or("yes", "no")' } validate_tunnelR_section() { uci_load_validate sshtunnel tunnelR "$1" "$2" \ - 'remoteaddress:or(host, "*"):*' \ + 'enabled:bool:1' \ + 'remoteaddress:or(host, "*")' \ 'remoteport:port' \ 'localaddress:host' \ 'localport:port' @@ -65,20 +66,23 @@ validate_tunnelR_section() { validate_tunnelL_section() { uci_load_validate sshtunnel tunnelL "$1" "$2" \ + 'enabled:bool:1' \ 'remoteaddress:host' \ 'remoteport:port' \ - 'localaddress:or(host, "*"):*' \ + 'localaddress:or(host, "*")' \ 'localport:port' } validate_tunnelD_section() { uci_load_validate sshtunnel tunnelD "$1" "$2" \ - 'localaddress:or(host, "*"):*' \ + 'enabled:bool:1' \ + 'localaddress:or(host, "*")' \ 'localport:port' } validate_tunnelW_section() { uci_load_validate sshtunnel tunnelW "$1" "$2" \ + 'enabled:bool:1' \ 'vpntype:or("ethernet", "point-to-point"):point-to-point' \ 'localdev:or("any", min(0))' \ 'remotedev:or("any", min(0))' @@ -86,6 +90,7 @@ validate_tunnelW_section() { load_tunnelR() { config_get section_server "$1" "server" + [ "$enabled" = 0 ] && return 0 # continue to read next section if this is not for the current server [ "$server" = "$section_server" ] || return 0 @@ -93,7 +98,7 @@ load_tunnelR() { # validate and load this remote tunnel config [ "$2" = 0 ] || { _err "tunnelR $1: validation failed"; return 1; } - [ -n "$remoteport" -a -n "$localport" -a -n "$remoteaddress" ] || { _err "tunnelR $1: missing required options"; return 1; } + [ -n "$remoteport" -a -n "$localport" ] || { _err "tunnelR $1: missing required options"; return 1; } # count nr of valid sections to make sure there are at least one count=$((count+=1)) @@ -104,6 +109,7 @@ load_tunnelR() { load_tunnelL() { config_get section_server "$1" "server" + [ "$enabled" = 0 ] && return 0 # continue to read next section if this is not for the current server [ "$server" = "$section_server" ] || return 0 @@ -111,7 +117,7 @@ load_tunnelL() { # validate and load this remote tunnel config [ "$2" = 0 ] || { _err "tunnelL $1: validation failed"; return 1; } - [ -n "$remoteport" -a -n "$localport" -a -n "$remoteaddress" ] || { _err "tunnelL $1: missing required options"; return 1; } + [ -n "$remoteport" -a -n "$localport" ] || { _err "tunnelL $1: missing required options"; return 1; } # count nr of valid sections to make sure there are at least one count=$((count+=1)) @@ -122,6 +128,7 @@ load_tunnelL() { load_tunnelD() { config_get section_server "$1" "server" + [ "$enabled" = 0 ] && return 0 # continue to read next section if this is not for the current server [ "$server" = "$section_server" ] || return 0 @@ -140,6 +147,7 @@ load_tunnelD() { load_tunnelW() { config_get section_server "$1" "server" + [ "$enabled" = 0 ] && return 0 # continue to read next section if this is not for the current server [ "$server" = "$section_server" ] || return 0 @@ -174,11 +182,19 @@ load_server() { config_foreach validate_tunnelW_section "tunnelW" load_tunnelW [ "$count" -eq 0 ] && { _err "tunnels to $server not started - no tunnels defined"; return 1; } - append_params CheckHostIP Compression CompressionLevel IdentityFile \ + append_params CheckHostIP Compression CompressionLevel \ LogLevel PKCS11Provider ServerAliveCountMax ServerAliveInterval \ StrictHostKeyChecking TCPKeepAlive VerifyHostKeyDNS - ARGS="$ARGS_options -o ExitOnForwardFailure=yes -o BatchMode=yes -nN $ARGS_tunnels -p $port $user@$hostname" + # dropbear doesn't support -o IdentityFile so use -i instead + [ -n "$IdentityFile" ] && ARGS_options="$ARGS_options -i $IdentityFile" + # dbclient doesn't support StrictHostKeyChecking but it has the -y option that works same + [ "$StrictHostKeyChecking" = "accept-new" ] && ARGS_options="$ARGS_options -y" + [ "$StrictHostKeyChecking" = "no" ] && ARGS_options="$ARGS_options -yy" + ARGS="$ARGS_options -o ExitOnForwardFailure=yes -o BatchMode=yes -nN $ARGS_tunnels " + [ -n "$port" ] && ARGS="$ARGS -p $port " + [ -n "$user" ] && ARGS="$ARGS $user@" + ARGS="${ARGS}$hostname" procd_open_instance "$server" procd_set_param command "$PROG" $ARGS diff --git a/net/sshtunnel/files/uci_sshtunnel b/net/sshtunnel/files/uci_sshtunnel index 87ab9eda92..496e470309 100644 --- a/net/sshtunnel/files/uci_sshtunnel +++ b/net/sshtunnel/files/uci_sshtunnel @@ -1,19 +1,17 @@ -# -# Password authentication is not possible, public key authentication must be used. -# Set "option IdentityFile" to the file from which the identity (private key) for RSA or DSA authentication is read. -# The default is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for protocol version 2. -# ssh will also try to load certificate information from the filename obtained by appending -cert.pub to identity filenames. -# +# Password auth is not possible so only Public Key auth must be used. +# Set "option IdentityFile" to the file from which the identity (private key) is read. +# By default the OpenSSH client checks for /root/.ssh/id_rsa, /root/.ssh/id_ed25519 and /root/.ssh/id_ecdsa +# See https://openwrt.org/docs/guide-user/services/ssh/sshtunnel -#config server disney -# option user mourinho -# option hostname server.disney.com +#config server example +# option user root +# option hostname server.example.com # option port 22 -# option retrydelay 1 +# option retrydelay 1 # option CheckHostIP yes # option Compression no # option CompressionLevel 6 -# option IdentityFile ~/.ssh/id_rsa +# option IdentityFile /root/.ssh/id_rsa # option LogLevel INFO # option PKCS11Provider /lib/pteidpkcs11.so # option ServerAliveCountMax 3 @@ -26,7 +24,7 @@ # remoteaddress:remoteport and then forwarded to localaddress:localport # #config tunnelR http -# option server disney +# option server example # option remoteaddress * # option remoteport 9009 # option localaddress 192.168.1.13 @@ -36,17 +34,17 @@ # localaddress:localport and then forwarded to remoteaddress:remoteport # #config tunnelL test -# option server disney +# option server example # option localaddress * # option localport 1022 -# option remoteaddress secretserver.disney.com +# option remoteaddress secretserver.example.com # option remoteport 22 # tunnelD(ynamic) - when the connection will be initiated with the SOCKS4 or SOCKS5 protocol # to the local endpoint at localaddress:localport and then forwarded over the remote host # #config tunnelD proxy -# option server disney +# option server example # option localaddress * # option localport 4055 @@ -56,7 +54,7 @@ # ethernet = TAP # #config tunnelW proxy -# option server disney +# option server example # option vpntype point-to-point|ethernet # option localdev any|0|1|2|... # option remotedev any|0|1|2|... diff --git a/net/tailscale/Makefile b/net/tailscale/Makefile index 64360168a2..d787ee25d6 100644 --- a/net/tailscale/Makefile +++ b/net/tailscale/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tailscale -PKG_VERSION:=1.50.0 +PKG_VERSION:=1.50.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/tailscale/tailscale/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=a7e024577854c07b793c4bbd81a497250e6a1b4536e303351a388810f13b7316 +PKG_HASH:=183a7d559590a759dd77aa9c2b65486ab6e13c26f3c07fad0b536e318ad5e233 PKG_MAINTAINER:=Jan Pavlinec PKG_LICENSE:=BSD-3-Clause diff --git a/net/tor-fw-helper/Makefile b/net/tor-fw-helper/Makefile deleted file mode 100644 index e46159d123..0000000000 --- a/net/tor-fw-helper/Makefile +++ /dev/null @@ -1,78 +0,0 @@ -# -# Copyright (C) 2018 Jeffery To -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=tor-fw-helper -PKG_VERSION:=0.3 -PKG_RELEASE:=2 - -PKG_SOURCE_PROTO:=git -PKG_SOURCE_URL:=https://git.torproject.org/tor-fw-helper.git -PKG_SOURCE_VERSION:=481599ee37dd3135c9e17d1df4810f36b4de4e3d -PKG_SOURCE_DATE:=20150805 -PKG_MIRROR_HASH:=f22d1400bec6b62636bd59cb3a51befc9cddbacccb790a758694c589cb2bc032 - -PKG_LICENSE:=BSD-3-Clause -PKG_LICENSE_FILES:=LICENSE -PKG_MAINTAINER:=Jeffery To - -PKG_BUILD_DEPENDS:=golang/host -PKG_BUILD_PARALLEL:=1 -PKG_BUILD_FLAGS:=no-mips16 - -GO_PKG:=git.torproject.org/tor-fw-helper.git - -include $(INCLUDE_DIR)/package.mk -include ../../lang/golang/golang-package.mk - -define Package/tor-fw-helper/Default - TITLE:=Firewall helper for tor - URL:=https://gitweb.torproject.org/tor-fw-helper.git/ - DEPENDS:=$(GO_ARCH_DEPENDS) -endef - -define Package/tor-fw-helper -$(call Package/tor-fw-helper/Default) - SECTION:=net - CATEGORY:=Network -endef - -define Package/golang-torproject-tor-fw-helper-dev -$(call Package/tor-fw-helper/Default) -$(call GoPackage/GoSubMenu) - TITLE+= (source files) - PKGARCH:=all -endef - -define Package/tor-fw-helper/Default/description -tor-fw-helper is a helper to automatically configuring port forwarding -for tor, using UPnP or NAT-PMP NAT traversal. - -This is a tor-fw-helper rewrite in Go that functions as a drop in -replacement for the original C code. -endef - -define Package/tor-fw-helper/description -$(call Package/tor-fw-helper/Default/description) - -This package contains the main helper program. -endef - -define Package/golang-torproject-tor-fw-helper-dev/description -$(call Package/tor-fw-helper/Default/description) - -This package provides the source files for the helper program. -endef - -GO_PKG_BUILD_VARS += GO111MODULE=auto - -$(eval $(call GoBinPackage,tor-fw-helper)) -$(eval $(call BuildPackage,tor-fw-helper)) - -$(eval $(call GoSrcPackage,golang-torproject-tor-fw-helper-dev)) -$(eval $(call BuildPackage,golang-torproject-tor-fw-helper-dev)) diff --git a/net/v2ray-geodata/Makefile b/net/v2ray-geodata/Makefile index 3ba78affce..f23f84a2b6 100644 --- a/net/v2ray-geodata/Makefile +++ b/net/v2ray-geodata/Makefile @@ -30,6 +30,15 @@ define Download/geosite HASH:=a4397dbc70bebba1d003829ced7c72cdbf2a2c85eee6497229567ac64a8a188c endef +GEOSITE_IRAN_VER:=202309250024 +GEOSITE_IRAN_FILE:=iran.dat.$(GEOSITE_IRAN_VER) +define Download/geosite-ir + URL:=https://github.com/bootmortis/iran-hosted-domains/releases/download/$(GEOSITE_IRAN_VER)/ + URL_FILE:=iran.dat + FILE:=$(GEOSITE_IRAN_FILE) + HASH:=1eccf6e1514ceb338a91da0c938d62a0e0c1e1aee12f8d479fafcdadace5625a +endef + define Package/v2ray-geodata/template SECTION:=net CATEGORY:=Network @@ -52,6 +61,14 @@ define Package/v2ray-geosite LICENSE:=MIT endef +define Package/v2ray-geosite-ir + $(call Package/v2ray-geodata/template) + TITLE:=Iran Geosite List for V2Ray + PROVIDES:=xray-geosite-ir + VERSION:=$(GEOSITE_IRAN_VER)-$(PKG_RELEASE) + LICENSE:=MIT +endef + define Build/Prepare $(call Build/Prepare/Default) ifneq ($(CONFIG_PACKAGE_v2ray-geoip),) @@ -60,6 +77,9 @@ endif ifneq ($(CONFIG_PACKAGE_v2ray-geosite),) $(call Download,geosite) endif +ifneq ($(CONFIG_PACKAGE_v2ray-geosite-ir),) + $(call Download,geosite-ir) +endif endef define Build/Compile @@ -75,5 +95,12 @@ define Package/v2ray-geosite/install $(INSTALL_DATA) $(DL_DIR)/$(GEOSITE_FILE) $(1)/usr/share/v2ray/geosite.dat endef +define Package/v2ray-geosite-ir/install + $(INSTALL_DIR) $(1)/usr/share/v2ray $(1)/usr/share/xray + $(INSTALL_DATA) $(DL_DIR)/$(GEOSITE_IRAN_FILE) $(1)/usr/share/v2ray/iran.dat + $(LN) ../v2ray/iran.dat $(1)/usr/share/xray/iran.dat +endef + $(eval $(call BuildPackage,v2ray-geoip)) $(eval $(call BuildPackage,v2ray-geosite)) +$(eval $(call BuildPackage,v2ray-geosite-ir)) diff --git a/utils/mmc-utils/Makefile b/utils/mmc-utils/Makefile index eeb35777de..4243d08955 100644 --- a/utils/mmc-utils/Makefile +++ b/utils/mmc-utils/Makefile @@ -12,9 +12,9 @@ PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://git.kernel.org/pub/scm/utils/mmc/mmc-utils.git -PKG_SOURCE_DATE:=2023-01-16 -PKG_SOURCE_VERSION:=d4c2910981ff99b983734426dfa99632fb81ac6b -PKG_MIRROR_HASH:=b124409d3482db1e63822a7860b7e4a0dfe6c3545da967283979fe805a287893 +PKG_SOURCE_DATE:=2023-09-26 +PKG_SOURCE_VERSION:=80271e9a6fd0db9cb3a85d024664da886e94315c +PKG_MIRROR_HASH:=317cacbacfbc8a9d4afb978e4c5a601cf489a514604534168971dd20311d9d12 PKG_LICENSE:=GPL-2.0-only PKG_LICENSE_FILES:= @@ -40,7 +40,8 @@ endef define Build/Compile $(MAKE) -C $(PKG_BUILD_DIR) \ - $(TARGET_CONFIGURE_OPTS) CFLAGS="$(TARGET_CFLAGS) -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2" \ + $(TARGET_CONFIGURE_OPTS) CFLAGS="$(TARGET_CFLAGS) -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 \ + -UVERSION -DVERSION=\\\"$(shell echo $(PKG_SOURCE_VERSION) | cut -c -6)\\\"" \ mmc endef diff --git a/utils/mmc-utils/patches/0000-properly-set-fortify-source-in-makefile.patch b/utils/mmc-utils/patches/0000-properly-set-fortify-source-in-makefile.patch index 1a2081335a..de976ca12f 100644 --- a/utils/mmc-utils/patches/0000-properly-set-fortify-source-in-makefile.patch +++ b/utils/mmc-utils/patches/0000-properly-set-fortify-source-in-makefile.patch @@ -1,9 +1,10 @@ --- a/Makefile +++ b/Makefile -@@ -1,5 +1,5 @@ +@@ -1,6 +1,6 @@ CC ?= gcc --AM_CFLAGS = -D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2 -+AM_CFLAGS = -D_FILE_OFFSET_BITS=64 + GIT_VERSION := "$(shell git describe --abbrev=6 --always --tags)" +-AM_CFLAGS = -D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2 \ ++AM_CFLAGS = -D_FILE_OFFSET_BITS=64 \ + -DVERSION=\"$(GIT_VERSION)\" CFLAGS ?= -g -O2 objects = \ - mmc.o \ diff --git a/utils/ncdu/Makefile b/utils/ncdu/Makefile index 539288671f..5281742c1e 100644 --- a/utils/ncdu/Makefile +++ b/utils/ncdu/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ncdu -PKG_VERSION:=1.18.1 +PKG_VERSION:=1.19 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://dev.yorhel.nl/download -PKG_HASH:=7c0fa1eb29d85aaed4ba174164bdbb8f011b5c390d017c57d668fc7231332405 +PKG_HASH:=30363019180cde0752c7fb006c12e154920412f4e1b5dc3090654698496bb17d PKG_MAINTAINER:=Charles E. Lehner PKG_LICENSE:=MIT