diff --git a/.github/workflows/multi-arch-test-build.yml b/.github/workflows/multi-arch-test-build.yml index 3bee77f21a..e373d0d7c9 100644 --- a/.github/workflows/multi-arch-test-build.yml +++ b/.github/workflows/multi-arch-test-build.yml @@ -102,17 +102,20 @@ jobs: echo "$EOF" >> $GITHUB_ENV - name: Build - uses: immortalwrt/gh-action-sdk@v4 + uses: immortalwrt/gh-action-sdk@v5 env: ARCH: ${{ matrix.arch }}-${{ env.BRANCH }} FEEDNAME: packages_ci INDEX: 1 KEY_BUILD: ${{ env.KEY_BUILD }} + V: s - name: Move created packages to project dir + if: always() run: cp bin/packages/${{ matrix.arch }}/packages_ci/* . || true - name: Store packages + if: always() uses: actions/upload-artifact@v3 with: name: ${{ matrix.arch}}-${{ github.sha}}-packages @@ -122,12 +125,14 @@ jobs: *.ipk - name: Store logs + if: always() uses: actions/upload-artifact@v3 with: name: ${{ matrix.arch}}-${{ github.sha}}-logs path: logs/ - name: Remove logs + if: always() run: sudo rm -rf logs/ || true - name: Check if any packages were built diff --git a/lang/lua-eco/Makefile b/lang/lua-eco/Makefile index 95b9fd38f8..f4b0d4f928 100644 --- a/lang/lua-eco/Makefile +++ b/lang/lua-eco/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lua-eco -PKG_VERSION:=3.0.1 +PKG_VERSION:=3.0.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL=https://github.com/zhaojh329/lua-eco/releases/download/v$(PKG_VERSION) -PKG_HASH:=96f008932e319739df2fe99dc1cba7e9a1a389015a4b96ad0f63d95bb6422b09 +PKG_HASH:=fd99d0671701c0972ef3a9cb84231cd31b6290c447e1d6b91a230c502e441016 PKG_MAINTAINER:=Jianhui Zhao PKG_LICENSE:=MIT diff --git a/lang/python/micropython-lib/Makefile b/lang/python/micropython-lib/Makefile index 095b890104..d6b8664293 100644 --- a/lang/python/micropython-lib/Makefile +++ b/lang/python/micropython-lib/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=micropython-lib -PKG_RELEASE:=2 +PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/micropython/micropython-lib.git -PKG_SOURCE_VERSION:=7128d423c2e7c0309ac17a1e6ba873b909b24fcc -PKG_SOURCE_DATE:=20230522 -PKG_MIRROR_HASH:=1f094aac257d2094ee91b457164f845f6461df1cf1d0ed7ee556c98f273f5afb +PKG_SOURCE_VERSION:=d8e163bb5f3ef45e71e145c27bc4f207beaad70f +PKG_SOURCE_DATE:=20231031 +PKG_MIRROR_HASH:=6abb0a1460984c6fde99986971517121ac0207dabeb43cfb1855f6d7d1fd9ae5 PKG_MAINTAINER:=Jeffery To PKG_LICENSE:=MIT Python-2.0.1 @@ -23,8 +23,8 @@ PKG_LICENSE_FILES:=LICENSE PKG_BUILD_DEPENDS:=python3/host PKG_BUILD_PARALLEL:=1 -# keep in sync with micropython -MP_MPY_FILE_VERSION:=6 +# keep in sync with micropython (MPY_VERSION in py/persistentcode.h) +MICROPYTHON_MPY_VERSION:=6 include $(INCLUDE_DIR)/package.mk @@ -111,7 +111,7 @@ define Build/Compile endef define Package/micropython-lib/install - $(call MicroPythonLib/Install,,$(MP_MPY_FILE_VERSION),$(1)/usr/lib/micropython) + $(call MicroPythonLib/Install,,$(MICROPYTHON_MPY_VERSION),$(1)/usr/lib/micropython) endef define Package/micropython-lib-src/install @@ -119,7 +119,7 @@ define Package/micropython-lib-src/install endef define Package/micropython-lib-unix/install - $(call MicroPythonLib/Install,unix-ffi-index,$(MP_MPY_FILE_VERSION),$(1)/usr/lib/micropython/unix) + $(call MicroPythonLib/Install,unix-ffi-index,$(MICROPYTHON_MPY_VERSION),$(1)/usr/lib/micropython/unix) $(INSTALL_DIR) $(1)/usr/bin $(INSTALL_BIN) ./files/micropython-unix $(1)/usr/bin/ diff --git a/lang/python/micropython-lib/patches/004-unix-ffi-re-convert-to-PCRE2.patch b/lang/python/micropython-lib/patches/004-unix-ffi-re-convert-to-PCRE2.patch deleted file mode 100644 index 6bf539b144..0000000000 --- a/lang/python/micropython-lib/patches/004-unix-ffi-re-convert-to-PCRE2.patch +++ /dev/null @@ -1,148 +0,0 @@ -From 1cbe8c4dd653336c5766dfd75eb379ad37f04249 Mon Sep 17 00:00:00 2001 -From: Christian Marangi -Date: Thu, 28 Sep 2023 20:59:26 +0200 -Subject: [PATCH] unix-ffi: re: convert to PCRE2 - -PCRE is marked as EOL and won't receive any new security update. - -Convert the re module to PCRE2 API to enforce security. -Additional dependency is now needed with uctypes due to changes in how -PCRE2 return the match_data in a pointer and require special handling. - -The converted module is tested with the test_re.py with no regression. - -Signed-off-by: Christian Marangi ---- - unix-ffi/re/re.py | 73 +++++++++++++++++++++++++++++++---------------- - 1 file changed, 48 insertions(+), 25 deletions(-) - ---- a/unix-ffi/re/re.py -+++ b/unix-ffi/re/re.py -@@ -1,36 +1,55 @@ - import sys - import ffilib - import array -+import uctypes - -+pcre2 = ffilib.open("libpcre2-8") - --pcre = ffilib.open("libpcre") -- --# pcre *pcre_compile(const char *pattern, int options, --# const char **errptr, int *erroffset, --# const unsigned char *tableptr); --pcre_compile = pcre.func("p", "pcre_compile", "sipps") -- --# int pcre_exec(const pcre *code, const pcre_extra *extra, --# const char *subject, int length, int startoffset, --# int options, int *ovector, int ovecsize); --pcre_exec = pcre.func("i", "pcre_exec", "PPsiiipi") -- --# int pcre_fullinfo(const pcre *code, const pcre_extra *extra, --# int what, void *where); --pcre_fullinfo = pcre.func("i", "pcre_fullinfo", "PPip") -- -- --IGNORECASE = I = 1 --MULTILINE = M = 2 --DOTALL = S = 4 --VERBOSE = X = 8 --PCRE_ANCHORED = 0x10 -+# pcre2_code *pcre2_compile(PCRE2_SPTR pattern, PCRE2_SIZE length, -+# uint32_t options, int *errorcode, PCRE2_SIZE *erroroffset, -+# pcre2_compile_context *ccontext); -+pcre2_compile = pcre2.func("p", "pcre2_compile_8", "siippp") -+ -+# int pcre2_match(const pcre2_code *code, PCRE2_SPTR subject, -+# PCRE2_SIZE length, PCRE2_SIZE startoffset, uint32_t options, -+# pcre2_match_data *match_data, pcre2_match_context *mcontext); -+pcre2_match = pcre2.func("i", "pcre2_match_8", "Psiiipp") -+ -+# int pcre2_pattern_info(const pcre2_code *code, uint32_t what, -+# void *where); -+pcre2_pattern_info = pcre2.func("i", "pcre2_pattern_info_8", "Pip") -+ -+# PCRE2_SIZE *pcre2_get_ovector_pointer(pcre2_match_data *match_data); -+pcre2_get_ovector_pointer = pcre2.func("p", "pcre2_get_ovector_pointer_8", "p") -+ -+# pcre2_match_data *pcre2_match_data_create_from_pattern(const pcre2_code *code, -+# pcre2_general_context *gcontext); -+pcre2_match_data_create_from_pattern = pcre2.func( -+ "p", "pcre2_match_data_create_from_pattern_8", "Pp" -+) -+ -+# PCRE2_SIZE that is of type size_t. -+# Use ULONG as type to support both 32bit and 64bit. -+PCRE2_SIZE_SIZE = uctypes.sizeof({"field": 0 | uctypes.ULONG}) -+PCRE2_SIZE_TYPE = "L" -+ -+# Real value in pcre2.h is 0xFFFFFFFF for 32bit and -+# 0x0xFFFFFFFFFFFFFFFF for 64bit that is equivalent -+# to -1 -+PCRE2_ZERO_TERMINATED = -1 -+ -+ -+IGNORECASE = I = 0x8 -+MULTILINE = M = 0x400 -+DOTALL = S = 0x20 -+VERBOSE = X = 0x80 -+PCRE2_ANCHORED = 0x80000000 - - # TODO. Note that Python3 has unicode by default - ASCII = A = 0 - UNICODE = U = 0 - --PCRE_INFO_CAPTURECOUNT = 2 -+PCRE2_INFO_CAPTURECOUNT = 0x4 - - - class PCREMatch: -@@ -67,19 +86,23 @@ class PCREPattern: - def search(self, s, pos=0, endpos=-1, _flags=0): - assert endpos == -1, "pos: %d, endpos: %d" % (pos, endpos) - buf = array.array("i", [0]) -- pcre_fullinfo(self.obj, None, PCRE_INFO_CAPTURECOUNT, buf) -+ pcre2_pattern_info(self.obj, PCRE2_INFO_CAPTURECOUNT, buf) - cap_count = buf[0] -- ov = array.array("i", [0, 0, 0] * (cap_count + 1)) -- num = pcre_exec(self.obj, None, s, len(s), pos, _flags, ov, len(ov)) -+ match_data = pcre2_match_data_create_from_pattern(self.obj, None) -+ num = pcre2_match(self.obj, s, len(s), pos, _flags, match_data, None) - if num == -1: - # No match - return None -+ ov_ptr = pcre2_get_ovector_pointer(match_data) -+ # pcre2_get_ovector_pointer return PCRE2_SIZE -+ ov_buf = uctypes.bytearray_at(ov_ptr, PCRE2_SIZE_SIZE * (cap_count + 1) * 2) -+ ov = array.array(PCRE2_SIZE_TYPE, ov_buf) - # We don't care how many matching subexpressions we got, we - # care only about total # of capturing ones (including empty) - return PCREMatch(s, cap_count + 1, ov) - - def match(self, s, pos=0, endpos=-1): -- return self.search(s, pos, endpos, PCRE_ANCHORED) -+ return self.search(s, pos, endpos, PCRE2_ANCHORED) - - def sub(self, repl, s, count=0): - if not callable(repl): -@@ -141,9 +164,9 @@ class PCREPattern: - - - def compile(pattern, flags=0): -- errptr = bytes(4) -+ errcode = bytes(4) - erroffset = bytes(4) -- regex = pcre_compile(pattern, flags, errptr, erroffset, None) -+ regex = pcre2_compile(pattern, PCRE2_ZERO_TERMINATED, flags, errcode, erroffset, None) - assert regex - return PCREPattern(regex) - -@@ -154,7 +177,7 @@ def search(pattern, string, flags=0): - - - def match(pattern, string, flags=0): -- r = compile(pattern, flags | PCRE_ANCHORED) -+ r = compile(pattern, flags | PCRE2_ANCHORED) - return r.search(string) - - diff --git a/libs/libdaq3/Makefile b/libs/libdaq3/Makefile index 59caff9511..f5f91d8d2a 100644 --- a/libs/libdaq3/Makefile +++ b/libs/libdaq3/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libdaq3 -PKG_VERSION:=3.0.12 +PKG_VERSION:=3.0.13 PKG_RELEASE:=1 PKG_MAINTAINER:=W. Michael Petullo @@ -17,7 +17,7 @@ PKG_LICENSE:=GPL-2.0-only PKG_SOURCE:=libdaq-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/snort3/libdaq/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=dedfdb88de151d61009bdb365322853687b1add4adec248952d2a93b70f584af +PKG_HASH:=3a48b934bc45a1fe44b3887185d33a76a042c1d10aa177e3e7c417d83da67213 PKG_BUILD_DIR:=$(BUILD_DIR)/libdaq-$(PKG_VERSION) PKG_FIXUP:=autoreconf diff --git a/net/banip/Makefile b/net/banip/Makefile index 0c9f4460fa..7c559458f2 100644 --- a/net/banip/Makefile +++ b/net/banip/Makefile @@ -5,8 +5,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=banip -PKG_VERSION:=0.9.1 -PKG_RELEASE:=1 +PKG_VERSION:=0.9.2 +PKG_RELEASE:=2 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken @@ -16,7 +16,7 @@ define Package/banip SECTION:=net CATEGORY:=Network TITLE:=banIP blocks IPs via named nftables Sets - DEPENDS:=+jshn +jsonfilter +firewall4 +ca-bundle +logd +rpcd +rpcd-mod-rpcsys + DEPENDS:=+jshn +jsonfilter +firewall4 +ca-bundle +rpcd +rpcd-mod-rpcsys PKGARCH:=all endef diff --git a/net/banip/files/README.md b/net/banip/files/README.md index d65e6e391f..eb5e8cf65c 100644 --- a/net/banip/files/README.md +++ b/net/banip/files/README.md @@ -91,7 +91,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre * Supports allowing / blocking of certain VLAN forwards ## Prerequisites -* **[OpenWrt](https://openwrt.org)**, latest stable release or a snapshot with nft/firewall 4 and logd/logread support +* **[OpenWrt](https://openwrt.org)**, latest stable release or a snapshot with nft/firewall 4 support * A download utility with SSL support: 'aria2c', 'curl', full 'wget' or 'uclient-fetch' with one of the 'libustream-*' SSL libraries, the latter one doesn't provide support for ETag HTTP header * A certificate store like 'ca-bundle', as banIP checks the validity of the SSL certificates of all download sites by default * For E-Mail notifications you need to install and setup the additional 'msmtp' package @@ -134,62 +134,63 @@ Available commands: ## banIP config options -| Option | Type | Default | Description | -| :---------------------- | :----- | :---------------------------- | :----------------------------------------------------------------------------------------------------------- | -| ban_enabled | option | 0 | enable the banIP service | -| ban_nicelimit | option | 0 | ulimit nice level of the banIP service (range 0-19) | -| ban_filelimit | option | 1024 | ulimit max open/number of files (range 1024-4096) | -| ban_loglimit | option | 100 | scan only the last n log entries permanently. A value of '0' disables the monitor | -| ban_logcount | option | 1 | how many times the IP must appear in the log to be considered as suspicious | -| ban_logterm | list | regex | various regex for logfile parsing (default: dropbear, sshd, luci, nginx, asterisk) | -| ban_autodetect | option | 1 | auto-detect wan interfaces, devices and subnets | -| ban_debug | option | 0 | enable banIP related debug logging | -| ban_loginput | option | 1 | log drops in the wan-input chain | -| ban_logforwardwan | option | 1 | log drops in the wan-forward chain | -| ban_logforwardlan | option | 0 | log rejects in the lan-forward chain | -| ban_autoallowlist | option | 1 | add wan IPs/subnets and resolved domains automatically to the local allowlist (not only to the Sets) | -| ban_autoblocklist | option | 1 | add suspicious attacker IPs and resolved domains automatically to the local blocklist (not only to the Sets) | -| ban_autoblocksubnet | option | 0 | add entire subnets to the blocklist Sets based on an additional RDAP request with the suspicious IP | -| ban_autoallowuplink | option | subnet | limit the uplink autoallow function to: 'subnet', 'ip' or 'disable' it at all | -| ban_allowlistonly | option | 0 | restrict the internet access from/to a given number of secure websites/IPs | -| ban_basedir | option | /tmp | base working directory while banIP processing | -| ban_reportdir | option | /tmp/banIP-report | directory where banIP stores the report files | -| ban_backupdir | option | /tmp/banIP-backup | directory where banIP stores the compressed backup files | -| ban_protov4 | option | - / autodetect | enable IPv4 support | -| ban_protov6 | option | - / autodetect | enable IPv4 support | -| ban_ifv4 | list | - / autodetect | logical wan IPv4 interfaces, e.g. 'wan' | -| ban_ifv6 | list | - / autodetect | logical wan IPv6 interfaces, e.g. 'wan6' | -| ban_dev | list | - / autodetect | wan device(s), e.g. 'eth2' | -| ban_vlanallow | list | - | always allow certain VLAN forwards, e.g. br-lan.20 | -| ban_vlanblock | list | - | always block certain VLAN forwards, e.g. br-lan.10 | -| ban_trigger | list | - | logical reload trigger interface(s), e.g. 'wan' | -| ban_triggerdelay | option | 10 | trigger timeout during interface reload and boot | -| ban_deduplicate | option | 1 | deduplicate IP addresses across all active Sets | -| ban_splitsize | option | 0 | split ext. Sets after every n lines/members (saves RAM) | -| ban_cores | option | - / autodetect | limit the cpu cores used by banIP (saves RAM) | -| ban_nftloglevel | option | warn | nft loglevel, values: emerg, alert, crit, err, warn, notice, info, debug | -| ban_nftpriority | option | -200 | nft priority for the banIP table (default is the prerouting table priority) | -| ban_nftpolicy | option | memory | nft policy for banIP-related Sets, values: memory, performance | -| ban_nftexpiry | option | - | expiry time for auto added blocklist members, e.g. '5m', '2h' or '1d' | -| ban_feed | list | - | external download feeds, e.g. 'yoyo', 'doh', 'country' or 'talos' (see feed table) | -| ban_asn | list | - | ASNs for the 'asn' feed, e.g.'32934' | -| ban_country | list | - | country iso codes for the 'country' feed, e.g. 'ru' | -| ban_blockpolicy | option | - | limit the default block policy to a certain chain, e.g. 'input', 'forwardwan' or 'forwardlan' | -| ban_blocktype | option | drop | 'drop' packets silently on input and forwardwan chains or actively 'reject' the traffic | -| ban_blockinput | list | - | limit a feed to the wan-input chain, e.g. 'country' | -| ban_blockforwardwan | list | - | limit a feed to the wan-forward chain, e.g. 'debl' | -| ban_blockforwardlan | list | - | limit a feed to the lan-forward chain, e.g. 'doh' | -| ban_fetchcmd | option | - / autodetect | 'uclient-fetch', 'wget', 'curl' or 'aria2c' | -| ban_fetchparm | option | - / autodetect | set the config options for the selected download utility | -| ban_fetchretry | option | 5 | number of download attempts in case of an error (not supported by uclient-fetch) | -| ban_fetchinsecure | option | 0 | don't check SSL server certificates during download | -| ban_mailreceiver | option | - | receiver address for banIP related notification E-Mails | -| ban_mailsender | option | no-reply@banIP | sender address for banIP related notification E-Mails | -| ban_mailtopic | option | banIP notification | topic for banIP related notification E-Mails | -| ban_mailprofile | option | ban_notify | mail profile used in 'msmtp' for banIP related notification E-Mails | -| ban_mailnotification | option | 0 | receive E-Mail notifications with every banIP run | -| ban_reportelements | option | 1 | count Set elements in the report, disable this option to speed up the report significantly | -| ban_resolver | option | - | external resolver used for DNS lookups | +| Option | Type | Default | Description | +| :---------------------- | :----- | :---------------------------- | :---------------------------------------------------------------------------------------------------------------- | +| ban_enabled | option | 0 | enable the banIP service | +| ban_nicelimit | option | 0 | ulimit nice level of the banIP service (range 0-19) | +| ban_filelimit | option | 1024 | ulimit max open/number of files (range 1024-4096) | +| ban_loglimit | option | 100 | scan only the last n log entries permanently. A value of '0' disables the monitor | +| ban_logcount | option | 1 | how many times the IP must appear in the log to be considered as suspicious | +| ban_logterm | list | regex | various regex for logfile parsing (default: dropbear, sshd, luci, nginx, asterisk) | +| ban_logreadfile | option | /var/log/messages | alternative location for parsing the log file, e.g. via syslog-ng, to deactivate the standard parsing via logread | +| ban_autodetect | option | 1 | auto-detect wan interfaces, devices and subnets | +| ban_debug | option | 0 | enable banIP related debug logging | +| ban_loginput | option | 1 | log drops in the wan-input chain | +| ban_logforwardwan | option | 1 | log drops in the wan-forward chain | +| ban_logforwardlan | option | 0 | log rejects in the lan-forward chain | +| ban_autoallowlist | option | 1 | add wan IPs/subnets and resolved domains automatically to the local allowlist (not only to the Sets) | +| ban_autoblocklist | option | 1 | add suspicious attacker IPs and resolved domains automatically to the local blocklist (not only to the Sets) | +| ban_autoblocksubnet | option | 0 | add entire subnets to the blocklist Sets based on an additional RDAP request with the suspicious IP | +| ban_autoallowuplink | option | subnet | limit the uplink autoallow function to: 'subnet', 'ip' or 'disable' it at all | +| ban_allowlistonly | option | 0 | restrict the internet access from/to a given number of secure websites/IPs | +| ban_basedir | option | /tmp | base working directory while banIP processing | +| ban_reportdir | option | /tmp/banIP-report | directory where banIP stores the report files | +| ban_backupdir | option | /tmp/banIP-backup | directory where banIP stores the compressed backup files | +| ban_protov4 | option | - / autodetect | enable IPv4 support | +| ban_protov6 | option | - / autodetect | enable IPv4 support | +| ban_ifv4 | list | - / autodetect | logical wan IPv4 interfaces, e.g. 'wan' | +| ban_ifv6 | list | - / autodetect | logical wan IPv6 interfaces, e.g. 'wan6' | +| ban_dev | list | - / autodetect | wan device(s), e.g. 'eth2' | +| ban_vlanallow | list | - | always allow certain VLAN forwards, e.g. br-lan.20 | +| ban_vlanblock | list | - | always block certain VLAN forwards, e.g. br-lan.10 | +| ban_trigger | list | - | logical reload trigger interface(s), e.g. 'wan' | +| ban_triggerdelay | option | 10 | trigger timeout during interface reload and boot | +| ban_deduplicate | option | 1 | deduplicate IP addresses across all active Sets | +| ban_splitsize | option | 0 | split ext. Sets after every n lines/members (saves RAM) | +| ban_cores | option | - / autodetect | limit the cpu cores used by banIP (saves RAM) | +| ban_nftloglevel | option | warn | nft loglevel, values: emerg, alert, crit, err, warn, notice, info, debug | +| ban_nftpriority | option | -200 | nft priority for the banIP table (default is the prerouting table priority) | +| ban_nftpolicy | option | memory | nft policy for banIP-related Sets, values: memory, performance | +| ban_nftexpiry | option | - | expiry time for auto added blocklist members, e.g. '5m', '2h' or '1d' | +| ban_feed | list | - | external download feeds, e.g. 'yoyo', 'doh', 'country' or 'talos' (see feed table) | +| ban_asn | list | - | ASNs for the 'asn' feed, e.g.'32934' | +| ban_country | list | - | country iso codes for the 'country' feed, e.g. 'ru' | +| ban_blockpolicy | option | - | limit the default block policy to a certain chain, e.g. 'input', 'forwardwan' or 'forwardlan' | +| ban_blocktype | option | drop | 'drop' packets silently on input and forwardwan chains or actively 'reject' the traffic | +| ban_blockinput | list | - | limit a feed to the wan-input chain, e.g. 'country' | +| ban_blockforwardwan | list | - | limit a feed to the wan-forward chain, e.g. 'debl' | +| ban_blockforwardlan | list | - | limit a feed to the lan-forward chain, e.g. 'doh' | +| ban_fetchcmd | option | - / autodetect | 'uclient-fetch', 'wget', 'curl' or 'aria2c' | +| ban_fetchparm | option | - / autodetect | set the config options for the selected download utility | +| ban_fetchretry | option | 5 | number of download attempts in case of an error (not supported by uclient-fetch) | +| ban_fetchinsecure | option | 0 | don't check SSL server certificates during download | +| ban_mailreceiver | option | - | receiver address for banIP related notification E-Mails | +| ban_mailsender | option | no-reply@banIP | sender address for banIP related notification E-Mails | +| ban_mailtopic | option | banIP notification | topic for banIP related notification E-Mails | +| ban_mailprofile | option | ban_notify | mail profile used in 'msmtp' for banIP related notification E-Mails | +| ban_mailnotification | option | 0 | receive E-Mail notifications with every banIP run | +| ban_reportelements | option | 1 | count Set elements in the report, disable this option to speed up the report significantly | +| ban_resolver | option | - | external resolver used for DNS lookups | ## Examples **banIP report information** diff --git a/net/banip/files/banip-functions.sh b/net/banip/files/banip-functions.sh index c0c4ea9595..db2c15f6bb 100644 --- a/net/banip/files/banip-functions.sh +++ b/net/banip/files/banip-functions.sh @@ -23,7 +23,8 @@ ban_rtfile="/var/run/banip_runtime.json" ban_rdapfile="/var/run/banip_rdap.json" ban_rdapurl="https://rdap.db.ripe.net/ip/" ban_lock="/var/run/banip.lock" -ban_logreadcmd="$(command -v logread)" +ban_logreadfile="/var/log/messages" +ban_logreadcmd="" ban_logcmd="$(command -v logger)" ban_ubuscmd="$(command -v ubus)" ban_nftcmd="$(command -v nft)" @@ -188,7 +189,12 @@ f_rmpid() { local ppid pid pids ppid="$("${ban_catcmd}" "${ban_pidfile}" 2>/dev/null)" - [ -n "${ppid}" ] && pids="$(pgrep -P "${ppid}" 2>/dev/null)" + if [ -n "${ppid}" ]; then + pids="$(pgrep -P "${ppid}" 2>/dev/null)" + for pid in ${pids}; do + pids="${pids} $(pgrep -P "${pid}" 2>/dev/null)" + done + fi for pid in ${pids}; do kill -INT "${pid}" >/dev/null 2>&1 done @@ -283,19 +289,25 @@ f_conf() { } } config_load banip + [ -f "${ban_logreadfile}" ] && ban_logreadcmd="$(command -v tail)" || ban_logreadcmd="$(command -v logread)" } # get nft/monitor actuals # f_actual() { - local nft monitor + local nft monitor ppid pid if "${ban_nftcmd}" -t list set inet banIP allowlistv4MAC >/dev/null 2>&1; then nft="$(f_char "1")" else nft="$(f_char "0")" fi - if pgrep -f "${ban_logreadcmd##*/}" -P "$("${ban_catcmd}" "${ban_pidfile}" 2>/dev/null)" >/dev/null 2>&1; then + + ppid="$("${ban_catcmd}" "${ban_pidfile}" 2>/dev/null)" + if [ -n "${ppid}" ]; then + pid="$(pgrep -oP "${ppid}" 2>/dev/null)" + fi + if pgrep -f "${ban_logreadcmd##*/}" -P "${pid}" >/dev/null 2>&1; then monitor="$(f_char "1")" else monitor="$(f_char "0")" @@ -662,8 +674,8 @@ f_down() { # restore local backups # - if { [ "${ban_action}" != "reload" ] || [ "${feed_url}" = "local" ] || [ -n "${ban_etagparm}" ]; } && [ "${feed%v*}" != "allowlist" ] && [ "${feed%v*}" != "blocklist" ]; then - if [ -n "${ban_etagparm}" ] && [ "${ban_action}" = "reload" ] && [ "${feed_url}" != "local" ]; then + if [ "${feed%v*}" != "blocklist" ]; then + if [ -n "${ban_etagparm}" ] && [ "${ban_action}" = "reload" ] && [ "${feed_url}" != "local" ] && [ "${feed%v*}" != "allowlist" ]; then etag_rc="0" if [ "${feed%v*}" = "country" ]; then for country in ${ban_country}; do @@ -685,16 +697,21 @@ f_down() { fi fi if [ "${etag_rc}" = "0" ] || [ "${ban_action}" != "reload" ] || [ "${feed_url}" = "local" ]; then - f_restore "${feed}" "${feed_url}" "${tmp_load}" "${etag_rc}" + if [ "${feed%v*}" = "allowlist" ] && [ ! -f "${tmp_allow}" ]; then + f_restore "allowlist" "-" "${tmp_allow}" "${etag_rc}" + else + f_restore "${feed}" "${feed_url}" "${tmp_load}" "${etag_rc}" + fi restore_rc="${?}" feed_rc="${restore_rc}" fi fi - # prepare local allowlist + # prepare local/remote allowlist # if [ "${feed%v*}" = "allowlist" ] && [ ! -f "${tmp_allow}" ]; then "${ban_catcmd}" "${ban_allowlist}" 2>/dev/null >"${tmp_allow}" + feed_rc="${?}" for feed_url in ${ban_allowurl}; do feed_log="$("${ban_fetchcmd}" ${ban_fetchparm} "${tmp_load}" "${feed_url}" 2>&1)" feed_rc="${?}" @@ -702,8 +719,15 @@ f_down() { "${ban_catcmd}" "${tmp_load}" 2>/dev/null >>"${tmp_allow}" else f_log "info" "download for feed '${feed%v*}' failed (rc: ${feed_rc:-"-"}/log: ${feed_log})" + break fi done + if [ "${feed_rc}" = "0" ]; then + f_backup "allowlist" "${tmp_allow}" + elif [ -z "${restore_rc}" ] && [ "${feed_rc}" != "0" ]; then + f_restore "allowlist" "-" "${tmp_allow}" "${feed_rc}" + fi + feed_rc="${?}" fi # handle local feeds @@ -968,7 +992,11 @@ f_down() { # load generated nft file in banIP table # if [ "${feed_rc}" = "0" ]; then - cnt_dl="$("${ban_awkcmd}" 'END{printf "%d",NR}' "${tmp_split}" 2>/dev/null)" + if [ "${feed%v*}" = "allowlist" ]; then + cnt_dl="$("${ban_awkcmd}" 'END{printf "%d",NR}' "${tmp_allow}" 2>/dev/null)" + else + cnt_dl="$("${ban_awkcmd}" 'END{printf "%d",NR}' "${tmp_split}" 2>/dev/null)" + fi if [ "${cnt_dl:-"0"}" -gt "0" ] || [ "${feed_url}" = "local" ] || [ "${feed%v*}" = "allowlist" ] || [ "${feed%v*}" = "blocklist" ]; then feed_log="$("${ban_nftcmd}" -f "${tmp_nft}" 2>&1)" feed_rc="${?}" @@ -1086,7 +1114,7 @@ f_genstatus() { cnt_elements="$((cnt_elements + $("${ban_nftcmd}" -j list set inet banIP "${object}" 2>/dev/null | "${ban_jsoncmd}" -qe '@.nftables[*].set.elem[*]' | wc -l 2>/dev/null)))" done fi - runtime="action: ${ban_action:-"-"}, fetch: ${ban_fetchcmd##*/}, duration: ${duration:-"-"}, date: $(date "+%Y-%m-%d %H:%M:%S")" + runtime="action: ${ban_action:-"-"}, log: ${ban_logreadcmd##*/}, fetch: ${ban_fetchcmd##*/}, duration: ${duration:-"-"}, date: $(date "+%Y-%m-%d %H:%M:%S")" fi [ -s "${ban_customfeedfile}" ] && custom_feed="1" [ "${ban_splitsize:-"0"}" -gt "0" ] && split="1" @@ -1471,12 +1499,20 @@ f_mail() { # log monitor # f_monitor() { - local nft_expiry line proto ip log_raw log_count rdap_log rdap_rc rdap_elements rdap_info + local logread_cmd loglimit_cmd nft_expiry line proto ip log_raw log_count rdap_log rdap_rc rdap_elements rdap_info + + if [ -f "${ban_logreadfile}" ]; then + logread_cmd="${ban_logreadcmd} -qf ${ban_logreadfile} 2>/dev/null | ${ban_grepcmd} -e \"${ban_logterm%%??}\" 2>/dev/null" + loglimit_cmd="${ban_logreadcmd} -qn ${ban_loglimit} ${ban_logreadfile} 2>/dev/null" + elif printf "%s" "${ban_packages}" | "${ban_grepcmd}" -q '"logd'; then + logread_cmd="${ban_logreadcmd} -fe \"${ban_logterm%%??}\" 2>/dev/null" + loglimit_cmd="${ban_logreadcmd} -l ${ban_loglimit} 2>/dev/null" + fi - if [ -x "${ban_logreadcmd}" ] && [ -n "${ban_logterm%%??}" ] && [ "${ban_loglimit}" != "0" ]; then - f_log "info" "start detached banIP log service" + if [ -x "${ban_logreadcmd}" ] && [ -n "${logread_cmd}" ] && [ -n "${loglimit_cmd}" ] && [ -n "${ban_logterm%%??}" ] && [ "${ban_loglimit}" != "0" ]; then + f_log "info" "start detached banIP log service (${ban_logreadcmd})" [ -n "${ban_nftexpiry}" ] && nft_expiry="timeout $(printf "%s" "${ban_nftexpiry}" | "${ban_grepcmd}" -oE "([0-9]+[d|h|m|s])+$")" - "${ban_logreadcmd}" -fe "${ban_logterm%%??}" 2>/dev/null | + eval "${logread_cmd}" | while read -r line; do : >"${ban_rdapfile}" proto="" @@ -1492,7 +1528,7 @@ f_monitor() { fi if [ -n "${proto}" ] && ! "${ban_nftcmd}" get element inet banIP blocklist"${proto}" "{ ${ip} }" >/dev/null 2>&1 && ! "${ban_grepcmd}" -q "^${ip}" "${ban_allowlist}"; then f_log "info" "suspicious IP '${ip}'" - log_raw="$("${ban_logreadcmd}" -l "${ban_loglimit}" 2>/dev/null)" + log_raw="$(eval ${loglimit_cmd})" log_count="$(printf "%s\n" "${log_raw}" | "${ban_grepcmd}" -c "suspicious IP '${ip}'")" if [ "${log_count}" -ge "${ban_logcount}" ]; then if [ "${ban_autoblocksubnet}" = "1" ]; then diff --git a/net/croc/Makefile b/net/croc/Makefile index eab3c8e70f..c1c57904f7 100644 --- a/net/croc/Makefile +++ b/net/croc/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=croc -PKG_VERSION:=9.6.5 +PKG_VERSION:=9.6.6 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/schollz/croc/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=2d3ba7bae3c49e3870e2f8523c6be00e92fe6e46828269a8cea34d4034102cad +PKG_HASH:=9dd954e0068df2be416c71161665bfc283f150d30ba0bf96cee723701e93616f PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE diff --git a/net/dnsproxy/Makefile b/net/dnsproxy/Makefile index 04bbd4bec0..10dd9316c9 100644 --- a/net/dnsproxy/Makefile +++ b/net/dnsproxy/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsproxy PKG_VERSION:=0.56.2 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/AdguardTeam/dnsproxy/tar.gz/v$(PKG_VERSION)? @@ -49,6 +49,8 @@ define Package/dnsproxy/install $(INSTALL_CONF) $(CURDIR)/files/dnsproxy.config $(1)/etc/config/dnsproxy $(INSTALL_DIR) $(1)/etc/init.d/ $(INSTALL_BIN) $(CURDIR)/files/dnsproxy.init $(1)/etc/init.d/dnsproxy + $(INSTALL_DIR) $(1)/etc/uci-defaults/ + $(INSTALL_BIN) $(CURDIR)/files/dnsproxy.defaults $(1)/etc/uci-defaults/80-dnsproxy-migration endef define Package/dnsproxy/conffiles diff --git a/net/dnsproxy/files/dnsproxy.config b/net/dnsproxy/files/dnsproxy.config index a9fa020280..90feb94d46 100644 --- a/net/dnsproxy/files/dnsproxy.config +++ b/net/dnsproxy/files/dnsproxy.config @@ -3,13 +3,16 @@ config dnsproxy 'global' option enabled '0' - option listen_addr '127.0.0.1' - option listen_port '5353' + list listen_addr '127.0.0.1' + list listen_addr '::1' + list listen_port '5353' option log_file '' option all_servers '0' option fastest_addr '0' + option http3 '0' option insecure '0' option ipv6_disabled '0' + option timeout '' option max_go_routines '' option rate_limit '' option refuse_any '0' diff --git a/net/dnsproxy/files/dnsproxy.defaults b/net/dnsproxy/files/dnsproxy.defaults new file mode 100644 index 0000000000..7ce089f1a3 --- /dev/null +++ b/net/dnsproxy/files/dnsproxy.defaults @@ -0,0 +1,8 @@ +#!/bin/sh + +[ -s "/etc/config/dnsproxy" ] || exit 0 + +#Migrate options 'listen_addr' 'listen_port' to list type +sed -i -e "s,option listen_addr,list listen_addr,g" \ + -e "s,option listen_port,list listen_port,g" "/etc/config/dnsproxy" +exit 0 diff --git a/net/dnsproxy/files/dnsproxy.init b/net/dnsproxy/files/dnsproxy.init index 1514ee1526..fc04ac9a68 100644 --- a/net/dnsproxy/files/dnsproxy.init +++ b/net/dnsproxy/files/dnsproxy.init @@ -44,6 +44,7 @@ append_param_bool() { load_config_arg() { append_param_bool "$1" "all_servers" append_param_bool "$1" "fastest_addr" + append_param_bool "$1" "http3" append_param_bool "$1" "insecure" append_param_bool "$1" "ipv6_disabled" append_param_bool "$1" "refuse_any" @@ -51,6 +52,18 @@ load_config_arg() { } load_config_list() { + if is_empty "global" "listen_addr"; then + append_param "--listen" "127.0.0.1" + else + config_list_foreach "global" "listen_addr" "append_param '--listen'" + fi + + if is_empty "global" "listen_port"; then + append_param "--port" "5353" + else + config_list_foreach "global" "listen_port" "append_param '--port'" + fi + is_empty "bogus_nxdomain" "ip_addr" || config_list_foreach "bogus_nxdomain" "ip_addr" "append_param '--bogus-nxdomain'" for i in "bootstrap" "fallback" "upstream"; do @@ -59,9 +72,8 @@ load_config_list() { } load_config_param() { - append_param_arg "global" "listen_addr" "--listen" "127.0.0.1" - append_param_arg "global" "listen_port" "--port" "5353" append_param_arg "global" "log_file" "--output" + append_param_arg "global" "timeout" "--timeout" append_param_arg "global" "max_go_routines" "--max-go-routines" append_param_arg "global" "rate_limit" "--ratelimit" append_param_arg "global" "udp_buf_size" "--udp-buf-size" diff --git a/net/gensio/Makefile b/net/gensio/Makefile index b193a04925..6fca78e9c9 100644 --- a/net/gensio/Makefile +++ b/net/gensio/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=gensio -PKG_VERSION:=2.4.2 +PKG_VERSION:=2.7.6 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=@SF/ser2net -PKG_HASH:=2593c1e7beaec3a0a4acbf60f94bbf64b99883d86f172a3b584eba5f67441b4b +PKG_HASH:=7574fb710ddd6580d53ea44af4ddfc57f28dbcdc646d842f7ed8ccc1235fdf89 PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=COPYING @@ -39,15 +39,25 @@ include $(INCLUDE_DIR)/package.mk include ../../lang/python/python3-package.mk CONFIGURE_ARGS += \ + --$(if $(CONFIG_GENSIO_AVAHI),with,without)-avahi \ --$(if $(CONFIG_GENSIO_SSL),with,without)-openssl \ --$(if $(CONFIG_GENSIO_SCTP),with,without)-sctp \ --$(if $(CONFIG_GENSIO_WRAP),with,without)-tcp-wrappers \ --$(if $(CONFIG_GENSIO_PTHREADS),with,without)-pthreads \ --$(if $(CONFIG_GENSIO_GLIB),with,without)-glib \ --$(if $(CONFIG_GENSIO_TCL),with,without)-tcl \ + --without-afskmdm \ + --without-ax25 \ + --without-alsa \ --without-go \ + --without-ipmisol \ + --without-kiss \ --without-openipmi \ + --without-portaudio \ + --without-sound \ --with-cplusplus \ + --with-flock-locking \ + --with-uucp-locking \ --disable-doc CONFIGURE_VARS += \ @@ -161,8 +171,9 @@ endef define Build/InstallDev $(INSTALL_DIR) $(1)/usr/include/gensio/ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/include/gensio/* $(1)/usr/include/gensio/ - $(INSTALL_DIR) $(1)/usr/lib/ + $(INSTALL_DIR) $(1)/usr/lib/gensio $(CP) $(PKG_INSTALL_DIR)/usr/lib/*.{so*,a,la} $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/gensio/* $(1)/usr/lib/gensio/ $(INSTALL_DIR) $(1)/usr/lib/pkgconfig/ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/* $(1)/usr/lib/pkgconfig/ ifneq ($(CONFIG_PACKAGE_python3-gensio),) @@ -173,8 +184,11 @@ endif endef define Package/libgensio/install - $(INSTALL_DIR) $(1)/usr/lib + $(INSTALL_DIR) $(1)/usr/lib/gensio $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgensio.so.* $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgensioosh.so.* $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgensiomdns.so.* $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/gensio/* $(1)/usr/lib/gensio/ ifeq ($(CONFIG_GENSIO_GLIB),y) $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgensioglib.so.* $(1)/usr/lib/ endif @@ -200,7 +214,7 @@ endef define Package/libgensiocpp/install $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgensiocpp.so.* $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgensio*cpp.so.* $(1)/usr/lib/ endef $(eval $(call BuildPackage,libgensio)) diff --git a/net/gensio/patches/100-musl-compat.patch b/net/gensio/patches/100-musl-compat.patch deleted file mode 100644 index da61fe7413..0000000000 --- a/net/gensio/patches/100-musl-compat.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/tools/gensiotool.c -+++ b/tools/gensiotool.c -@@ -44,7 +44,7 @@ - #include - #include - #include --#include -+#include - #include - #endif - diff --git a/net/iperf3/Makefile b/net/iperf3/Makefile index fa41fd5453..2bd9275cb9 100644 --- a/net/iperf3/Makefile +++ b/net/iperf3/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=iperf PKG_VERSION:=3.15 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://downloads.es.net/pub/iperf @@ -46,6 +46,7 @@ $(call Package/iperf3/default) TITLE+= with iperf_auth support VARIANT:=ssl DEPENDS:=+libopenssl + CONFLICTS:=iperf3 endef define Package/libiperf3 diff --git a/net/nmap/Makefile b/net/nmap/Makefile index b84b2ccd84..55c52b9399 100644 --- a/net/nmap/Makefile +++ b/net/nmap/Makefile @@ -14,7 +14,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nmap PKG_VERSION:=7.93 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_MAINTAINER:=Nuno Gonçalves PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 diff --git a/net/nmap/patches/010-Build-based-on-OpenSSL-version.patch b/net/nmap/patches/010-Build-based-on-OpenSSL-version.patch new file mode 100644 index 0000000000..3a615dfb60 --- /dev/null +++ b/net/nmap/patches/010-Build-based-on-OpenSSL-version.patch @@ -0,0 +1,295 @@ +From d6bea8dcdee36a3902cece14097993350306f1b6 Mon Sep 17 00:00:00 2001 +From: dmiller +Date: Tue, 6 Sep 2022 22:39:34 +0000 +Subject: [PATCH] Build based on OpenSSL version, not API level. Fixes #2516 + +--- + ncat/http_digest.c | 2 +- + ncat/ncat_connect.c | 4 ++-- + ncat/ncat_ssl.c | 6 +++--- + ncat/ncat_ssl.h | 12 ------------ + ncat/test/test-wildcard.c | 4 ++-- + nse_openssl.cc | 28 +++++++--------------------- + nse_ssl_cert.cc | 24 ++++++------------------ + nsock/src/nsock_ssl.c | 4 ++-- + nsock/src/nsock_ssl.h | 15 +-------------- + 9 files changed, 24 insertions(+), 75 deletions(-) + +--- a/ncat/http_digest.c ++++ b/ncat/http_digest.c +@@ -133,7 +133,7 @@ int http_digest_init_secret(void) + return 0; + } + +-#if OPENSSL_API_LEVEL < 10100 ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + #define EVP_MD_CTX_new EVP_MD_CTX_create + #define EVP_MD_CTX_free EVP_MD_CTX_destroy + #endif +--- a/ncat/ncat_connect.c ++++ b/ncat/ncat_connect.c +@@ -82,8 +82,8 @@ + #include + + /* Deprecated in OpenSSL 3.0 */ +-#if OPENSSL_API_LEVEL >= 30000 +-#define SSL_get_peer_certificate SSL_get1_peer_certificate ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L ++# define SSL_get_peer_certificate SSL_get1_peer_certificate + #endif + #endif + +--- a/ncat/ncat_ssl.c ++++ b/ncat/ncat_ssl.c +@@ -80,7 +80,7 @@ + #define FUNC_ASN1_STRING_data ASN1_STRING_data + #endif + +-#if OPENSSL_API_LEVEL >= 30000 ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L + #include + /* Deprecated in OpenSSL 3.0 */ + #define SSL_get_peer_certificate SSL_get1_peer_certificate +@@ -117,7 +117,7 @@ SSL_CTX *setup_ssl_listen(void) + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + SSL_load_error_strings(); +-#elif OPENSSL_API_LEVEL >= 30000 ++#elif OPENSSL_VERSION_NUMBER >= 0x30000000L + if (NULL == OSSL_PROVIDER_load(NULL, "legacy")) + { + loguser("OpenSSL legacy provider failed to load.\n"); +@@ -477,7 +477,7 @@ static int ssl_gen_cert(X509 **cert, EVP + const char *commonName = "localhost"; + char dNSName[128]; + int rc; +-#if OPENSSL_API_LEVEL < 30000 ++#if OPENSSL_VERSION_NUMBER < 0x30000000L + int ret = 0; + RSA *rsa = NULL; + BIGNUM *bne = NULL; +--- a/ncat/ncat_ssl.h ++++ b/ncat/ncat_ssl.h +@@ -67,18 +67,6 @@ + #include + #include + +-/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */ +-#ifndef OPENSSL_API_LEVEL +-# if OPENSSL_API_COMPAT < 0x900000L +-# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT) +-# else +-# define OPENSSL_API_LEVEL \ +- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \ +- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \ +- + ((OPENSSL_API_COMPAT >> 12) & 0xFF)) +-# endif +-#endif +- + #define NCAT_CA_CERTS_FILE "ca-bundle.crt" + + enum { +--- a/ncat/test/test-wildcard.c ++++ b/ncat/test/test-wildcard.c +@@ -20,7 +20,7 @@ are rejected. The SSL transactions happe + + #include "ncat_core.h" + #include "ncat_ssl.h" +-#if OPENSSL_API_LEVEL < 30000 ++#if OPENSSL_VERSION_NUMBER < 0x30000000L + #include + #endif + +@@ -294,7 +294,7 @@ stack_err: + static int gen_cert(X509 **cert, EVP_PKEY **key, + const struct lstr commonNames[], const struct lstr dNSNames[]) + { +-#if OPENSSL_API_LEVEL < 30000 ++#if OPENSSL_VERSION_NUMBER < 0x30000000L + int rc, ret=0; + RSA *rsa = NULL; + BIGNUM *bne = NULL; +--- a/nse_openssl.cc ++++ b/nse_openssl.cc +@@ -20,6 +20,9 @@ + #define FUNC_EVP_CIPHER_CTX_init EVP_CIPHER_CTX_reset + #define FUNC_EVP_CIPHER_CTX_cleanup EVP_CIPHER_CTX_reset + #define PASS_EVP_CTX(ctx) (ctx) ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L ++# include ++#endif + #else + #define FUNC_EVP_MD_CTX_init EVP_MD_CTX_init + #define FUNC_EVP_MD_CTX_cleanup EVP_MD_CTX_cleanup +@@ -37,23 +40,6 @@ extern NmapOps o; + + #include "nse_openssl.h" + +-/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */ +-#ifndef OPENSSL_API_LEVEL +-# if OPENSSL_API_COMPAT < 0x900000L +-# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT) +-# else +-# define OPENSSL_API_LEVEL \ +- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \ +- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \ +- + ((OPENSSL_API_COMPAT >> 12) & 0xFF)) +-# endif +-#endif +- +- +-#if OPENSSL_API_LEVEL >= 30000 +-#include +-#endif +- + #define NSE_SSL_LUA_ERR(_L) \ + luaL_error(_L, "OpenSSL error: %s", ERR_error_string(ERR_get_error(), NULL)) + +@@ -184,7 +170,7 @@ static int l_bignum_is_prime( lua_State + bignum_data_t * p = (bignum_data_t *) luaL_checkudata( L, 1, "BIGNUM" ); + BN_CTX * ctx = BN_CTX_new(); + int is_prime = +-#if OPENSSL_API_LEVEL < 30000 ++#if OPENSSL_VERSION_NUMBER < 0x30000000L + BN_is_prime_ex( p->bn, BN_prime_checks, ctx, NULL ); + #else + BN_check_prime( p->bn, ctx, NULL ); +@@ -199,7 +185,7 @@ static int l_bignum_is_safe_prime( lua_S + bignum_data_t * p = (bignum_data_t *) luaL_checkudata( L, 1, "BIGNUM" ); + BN_CTX * ctx = BN_CTX_new(); + int is_prime = +-#if OPENSSL_API_LEVEL < 30000 ++#if OPENSSL_VERSION_NUMBER < 0x30000000L + BN_is_prime_ex( p->bn, BN_prime_checks, ctx, NULL ); + #else + BN_check_prime( p->bn, ctx, NULL ); +@@ -210,7 +196,7 @@ static int l_bignum_is_safe_prime( lua_S + BN_sub_word( n, (BN_ULONG)1 ); + BN_div_word( n, (BN_ULONG)2 ); + is_safe = +-#if OPENSSL_API_LEVEL < 30000 ++#if OPENSSL_VERSION_NUMBER < 0x30000000L + BN_is_prime_ex( n, BN_prime_checks, ctx, NULL ); + #else + BN_check_prime( n, ctx, NULL ); +@@ -582,7 +568,7 @@ LUALIB_API int luaopen_openssl(lua_State + #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined LIBRESSL_VERSION_NUMBER + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); +-#elif OPENSSL_API_LEVEL >= 30000 ++#elif OPENSSL_VERSION_NUMBER >= 0x30000000L + if (NULL == OSSL_PROVIDER_load(NULL, "legacy") && o.debugging > 1) + { + // Legacy provider may not be available. +--- a/nse_ssl_cert.cc ++++ b/nse_ssl_cert.cc +@@ -89,19 +89,7 @@ + #define X509_get0_notAfter X509_get_notAfter + #endif + +-/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */ +-#ifndef OPENSSL_API_LEVEL +-# if OPENSSL_API_COMPAT < 0x900000L +-# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT) +-# else +-# define OPENSSL_API_LEVEL \ +- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \ +- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \ +- + ((OPENSSL_API_COMPAT >> 12) & 0xFF)) +-# endif +-#endif +- +-#if OPENSSL_API_LEVEL >= 30000 ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L + #include + /* Deprecated in OpenSSL 3.0 */ + #define SSL_get_peer_certificate SSL_get1_peer_certificate +@@ -459,7 +447,7 @@ static const char *pkey_type_to_string(i + } + + int lua_push_ecdhparams(lua_State *L, EVP_PKEY *pubkey) { +-#if OPENSSL_API_LEVEL >= 30000 ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L + char tmp[64] = {0}; + size_t len = 0; + /* This structure (ecdhparams.curve_params) comes from tls.lua */ +@@ -634,7 +622,7 @@ static int parse_ssl_cert(lua_State *L, + else + #endif + if (pkey_type == EVP_PKEY_RSA) { +-#if OPENSSL_API_LEVEL < 30000 ++#if OPENSSL_VERSION_NUMBER < 0x30000000L + RSA *rsa = EVP_PKEY_get1_RSA(pubkey); + if (rsa) { + #endif +@@ -643,7 +631,7 @@ static int parse_ssl_cert(lua_State *L, + luaL_getmetatable( L, "BIGNUM" ); + lua_setmetatable( L, -2 ); + #if HAVE_OPAQUE_STRUCTS +-#if OPENSSL_API_LEVEL < 30000 ++#if OPENSSL_VERSION_NUMBER < 0x30000000L + const BIGNUM *n = NULL, *e = NULL; + data->should_free = false; + RSA_get0_key(rsa, &n, &e, NULL); +@@ -663,7 +651,7 @@ static int parse_ssl_cert(lua_State *L, + luaL_getmetatable( L, "BIGNUM" ); + lua_setmetatable( L, -2 ); + #if HAVE_OPAQUE_STRUCTS +-#if OPENSSL_API_LEVEL < 30000 ++#if OPENSSL_VERSION_NUMBER < 0x30000000L + data->should_free = false; + #else + data->should_free = true; +@@ -673,7 +661,7 @@ static int parse_ssl_cert(lua_State *L, + data->bn = rsa->n; + #endif + lua_setfield(L, -2, "modulus"); +-#if OPENSSL_API_LEVEL < 30000 ++#if OPENSSL_VERSION_NUMBER < 0x30000000L + RSA_free(rsa); + } + #endif +--- a/nsock/src/nsock_ssl.c ++++ b/nsock/src/nsock_ssl.c +@@ -64,7 +64,7 @@ + #include "netutils.h" + + #if HAVE_OPENSSL +-#if OPENSSL_API_LEVEL >= 30000 ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L + #include + #endif + +@@ -120,7 +120,7 @@ static SSL_CTX *ssl_init_helper(const SS + SSL_library_init(); + #else + OPENSSL_atexit(nsock_ssl_atexit); +-#if OPENSSL_API_LEVEL >= 30000 ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L + if (NULL == OSSL_PROVIDER_load(NULL, "legacy")) + { + nsock_log_error("OpenSSL legacy provider failed to load.\n"); +--- a/nsock/src/nsock_ssl.h ++++ b/nsock/src/nsock_ssl.h +@@ -69,20 +69,7 @@ + #include + #include + +-/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */ +-#ifndef OPENSSL_API_LEVEL +-# if OPENSSL_API_COMPAT < 0x900000L +-# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT) +-# else +-# define OPENSSL_API_LEVEL \ +- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \ +- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \ +- + ((OPENSSL_API_COMPAT >> 12) & 0xFF)) +-# endif +-#endif +- +- +-#if OPENSSL_API_LEVEL >= 30000 ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L + /* Deprecated in OpenSSL 3.0 */ + #define SSL_get_peer_certificate SSL_get1_peer_certificate + #endif diff --git a/net/pptpd/Makefile b/net/pptpd/Makefile index 6c90f4f492..4892a3e9b0 100644 --- a/net/pptpd/Makefile +++ b/net/pptpd/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=pptpd PKG_VERSION:=1.4.0 -PKG_RELEASE:=5 +PKG_RELEASE:=6 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=@SF/poptop diff --git a/net/pptpd/files/pptpd.init b/net/pptpd/files/pptpd.init index 322eaaf1b5..ae39c0fd57 100644 --- a/net/pptpd/files/pptpd.init +++ b/net/pptpd/files/pptpd.init @@ -18,11 +18,11 @@ validate_login_section() { validate_pptpd_section() { uci_load_validate pptpd service "$1" "$2" \ - 'enabled:uinteger' \ + 'enabled:bool:1' \ 'localip:string' \ 'remoteip:string' \ 'mppe:list(string):required no40 no56 stateless' \ - 'logwtmp:uinteger' + 'logwtmp:bool:0' } setup_login() { diff --git a/net/quassel-irssi/Makefile b/net/quassel-irssi/Makefile index 8b850be05d..7374f69108 100644 --- a/net/quassel-irssi/Makefile +++ b/net/quassel-irssi/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=quassel-irssi PKG_SOURCE_DATE:=2017-11-30 PKG_SOURCE_VERSION:=079be662dde374a383646256108a4974c2bc7796 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_DATE).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/phhusson/quassel-irssi/tar.gz/$(PKG_SOURCE_VERSION)? diff --git a/net/quassel-irssi/patches/100-Fix-compilation-error-with-new-version-of-irssi.patch b/net/quassel-irssi/patches/100-Fix-compilation-error-with-new-version-of-irssi.patch new file mode 100644 index 0000000000..bd12162923 --- /dev/null +++ b/net/quassel-irssi/patches/100-Fix-compilation-error-with-new-version-of-irssi.patch @@ -0,0 +1,48 @@ +From 61aaa345d3924905aa26023b351fb9502a74de63 Mon Sep 17 00:00:00 2001 +From: Christian Marangi +Date: Sun, 5 Nov 2023 20:50:31 +0100 +Subject: [PATCH 2/2] Fix compilation error with new version of irssi + +Fix compilation error with new version of irssi that changed some +functions names. + +Caused by https://github.com/irssi/irssi/pull/1246 + +Signed-off-by: Christian Marangi +--- + core/quassel-net.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +--- a/core/quassel-net.c ++++ b/core/quassel-net.c +@@ -105,8 +105,8 @@ static void sig_connected(Quassel_SERVER + } + + r->readtag = +- g_input_add(net_sendbuffer_handle(r->handle), +- G_INPUT_READ, ++ i_input_add(net_sendbuffer_handle(r->handle), ++ I_INPUT_READ, + (GInputFunction) quassel_parse_incoming, r); + + quassel_init_packet(net_sendbuffer_handle(r->handle), r->ssl); +@@ -166,8 +166,8 @@ static void quassel_net_final_setup(SERV + server->handle->handle = handle; + + server->readtag = +- g_input_add(handle, +- G_INPUT_READ, ++ i_input_add(handle, ++ I_INPUT_READ, + (GInputFunction) quassel_parse_incoming, server); + } + +@@ -185,7 +185,7 @@ static void quassel_net_ssl_callback(SER + if (error & 1) { + if (server->connect_tag != -1) + g_source_remove(server->connect_tag); +- server->connect_tag = g_input_add(handle, error == 1 ? G_INPUT_READ : G_INPUT_WRITE, ++ server->connect_tag = i_input_add(handle, error == 1 ? I_INPUT_READ : I_INPUT_WRITE, + (GInputFunction) + quassel_net_ssl_callback, + server); diff --git a/net/ser2net/Makefile b/net/ser2net/Makefile index d3723073ac..6c6058ed31 100644 --- a/net/ser2net/Makefile +++ b/net/ser2net/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ser2net -PKG_VERSION:=4.3.6 -PKG_RELEASE:=2 +PKG_VERSION:=4.5.0 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=@SF/ser2net -PKG_HASH:=65515c7e9a5289167ae64c4032450904449a87ce20653241022af4f5db2e9510 +PKG_HASH:=6ee1b217aad026948fd17ea00c5ecf6e982de822384c4349118461ad83caa0da PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=COPYING @@ -44,7 +44,7 @@ endef define Package/ser2net/conffiles /etc/config/ser2net -/etc/ser2net.conf +/etc/ser2net.yaml endef define Package/ser2net/install @@ -52,7 +52,7 @@ define Package/ser2net/install $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ser2net $(1)/usr/sbin/ $(INSTALL_DIR) $(1)/etc - $(INSTALL_CONF) ./files/ser2net.conf $(1)/etc/ + $(INSTALL_CONF) ./files/ser2net.yaml $(1)/etc/ $(INSTALL_DIR) $(1)/etc/config $(INSTALL_CONF) ./files/ser2net.config $(1)/etc/config/ser2net diff --git a/net/ser2net/files/ser2net.conf b/net/ser2net/files/ser2net.conf deleted file mode 100644 index 2c9605bb4f..0000000000 --- a/net/ser2net/files/ser2net.conf +++ /dev/null @@ -1,70 +0,0 @@ -# -# This is a minimal example configuration file for ser2net. For a version with -# detailed comments and all possible configuration directives, please visit: -# https://github.com/cminyard/ser2net/blob/master/ser2net.conf -# -# On OpenWrt/LEDE systems, this configuration serves as a base configuration. -# During boot of the system, the UCI configuration file /etc/config/ser2net is -# parsed and converted to additional configuration lines which are _appended_ -# to this file. The ser2net daemon is then started with the combined -# configuration file /tmp/ser2net.conf. -# -# A basic service configuration line has the following format: -# :::: -# network port -# Name or number of the port to accept connections -# from for this device. A port number may be of the form -# [ipv4,|ipv6,][tcp,|udp,][host,]port, such as -# 127.0.0.1,2000 or ipv4,tcp,localhost,2000. If the host is -# specified, it will only bind to the IP address -# specified. Otherwise it will bind to all the ports on the -# machine. If ipv4 or ipv6 is specified, it will only bind -# to that network type. -# -# state -# Either raw or rawlp or telnet or off. off disables -# the port from accepting connections. It can be -# turned on later from the control port. raw enables -# the port and transfers all data as-is between the -# port and the long. rawlp enables the port and -# transfers all input data to device, device is open -# without any termios setting. It allow to use -# /dev/lpX devices and printers connected to them. -# telnet enables the port and runs the telnet proto- -# col on the port to set up telnet parameters. This -# is most useful for using telnet. -# -# timeout -# The time (in seconds) before the port will be dis- -# connected if there is no activity on it. A zero -# value disables this function. -# -# device -# The name of the device to connect to. This -# must be in the form of /dev/. -# -# options -# Sets operational parameters for the serial port. -# For a serial device (not IPMI SOL): -# Options 300, 1200, 2400, 4800, 9600, 19200, 38400, -# 57600, 115200 set the various baud rates. EVEN, -# ODD, NONE (MARK and SPACE if supported) set the parity. -# Note that MARK and SPACE are not available on all systems -# or hardware, if it is not supported then it will be -# silently set to ODD or EVEN parity. -# 1STOPBIT, 2STOPBITS set -# the number of stop bits. 5DATABITS, 6DATABITS, -# 7DATABITS, 8DATABITS set the number of data bits. -# [-]XONXOFF turns on (- off) XON/XOFF support. -# [-]RTSCTS turns on (- off) hardware flow control, -# [-]LOCAL turns off (- on) monitoring of the modem lines, -# and [-]HANGUP_WHEN_DONE turns on (- off) lowering the -# modem control lines when the connection is done. -# [-]NOBREAK disables automatic setting of the break -# setting of the serial port. -# -# The "[-]remctl" option allow remote control (ala RFC -# 2217) of serial-port configuration. -# -# Example: -# 5000:telnet:0:/dev/ttyAPP0:115200 8DATABITS NONE 1STOPBIT -XONXOFF -LOCAL -RTSCTS remctl diff --git a/net/ser2net/files/ser2net.init b/net/ser2net/files/ser2net.init index ca9915b908..5453ca380a 100644 --- a/net/ser2net/files/ser2net.init +++ b/net/ser2net/files/ser2net.init @@ -7,55 +7,71 @@ STOP=10 USE_PROCD=1 PROG=/usr/sbin/ser2net -STATICCFGFILE="/etc/ser2net.conf" -DYNAMICCFGFILE="/tmp/ser2net.conf" +STATICCFGFILE="/etc/ser2net.yaml" +DYNAMICCFGFILE="/tmp/ser2net.yaml" list_cb_append() { local var="$2" local value="$1" - local sep="${3:- }" + local sep="${3:-,}" eval "export ${NO_EXPORT:+-n} -- \"$var=\${$var:+\${$var}\${value:+\$sep}}\$value\"" } -append_bool() { - local var="$1" - local key="$2" - local val="$3" - local uc="$4" - local s="" - - [ "$uc" -eq 1 ] && key=`echo "$key" | tr '[a-z]' '[A-Z]'` - [ "$val" -eq 0 ] && s="-" - - append "$var" "$s$key" -} - ser2net_default() { local cfg="$1" local key val + local baudrate parity databits stopbits + + config_get baudrate "$cfg" speed + if [ -n "$baudrate" ]; then + config_get parity "$cfg" parity + case "$parity" in + [Nn]one) parity=n ;; + [Oo]dd) parity=o ;; + [Ee]ven) parity=e ;; + "") ;; + *) return 1 + esac + + if [ -n "$parity" ]; then + config_get databits "$cfg" databits 8 + [ "$databits" -ge 5 ] && [ "$databits" -le 9 ] || return 1 + + config_get stopbits "$cfg" stopbits 1 + case "$stopbits" in + 1) ;; + 2) ;; + *) return 1 + esac + fi + + echo "default:" + echo " name: speed" + echo " value: $baudrate${parity:+$parity$databits$stopbits}" + fi - for key in speed baudrate databits stopbits parity chardelay_scale chardelay_min; do + for key in chardelay_scale chardelay_min; do config_get val "$cfg" "$key" [ -n "$val" ] || continue - - case "$key" in - baudrate) key="speed" ;; - hangup_when_done) ;; - telnet_brk_on_sync) ;; - deassert_CTS_DCD_DSR_on_connect) ;; - *) key=`echo "$key" | tr '_' '-'` - esac - - echo "DEFAULT:$key:$val" + key=`echo "$key" | tr '_' '-'` + echo "default:" + echo " name: $key" + echo " value: $val" done for key in chardelay deassert_CTS_DCD_DSR_on_connect hangup_when_done kickolduser \ local nobreak remctl rtscts telnet_brk_on_sync xonxoff; do + case "$key" in + remctl) key=rfc2217 ;; + esac config_get_bool val "$cfg" "$key" [ -n "$val" ] || continue + key=`echo "$key" | tr '_' '-'` [ "$val" -eq 0 ] && val="false" || val="true" - echo "DEFAULT:$key:$val" + echo "default:" + echo " name: $key" + echo " value: $val" done echo @@ -70,8 +86,12 @@ ser2net_controlport() { config_get host "$cfg" host config_get port "$cfg" port + [ "$port" -ge 1 ] && [ "$port" -le 65535 ] || return 1 + + echo "admin:" + echo " accepter: tcp,${host:+$host,}$port" - echo -e "CONTROLPORT:${host:+$host,}$port\n" + echo } ser2net_led() { @@ -80,84 +100,114 @@ ser2net_led() { config_get driver "$cfg" driver sysfs config_get device "$cfg" device - config_get state "$cfg" state 1 - config_get duration "$cfg" duration 20 + [ -z "$device" ] && return 1 + config_get duration "$cfg" duration + config_get state "$cfg" state + + echo "led: &$cfg" + echo " driver: $driver" + echo " options:" + echo " device: \"$device\"" + [ -n "$duration" ] && echo " duration: $duration" + [ -n "$state" ] && echo " state: $state" - echo -e "LED:$cfg:$driver:device=$device state=$state duration=$duration\n" + echo } ser2net_proxy() { local cfg="$1" local enabled port protocol timeout device baudrate databits parity stopbits - local led_tx led_rx key boolval options + local key boolval options custom_options + local echo_options=1 config_get_bool enabled "$cfg" enabled 0 - [ "$enabled" -eq 0 ] && return 0 + + config_get device "$cfg" device + [ -z "$device" ] && return 1 config_get port "$cfg" port - [ "$port" -le 0 -o "$port" -gt 65535 ] && return 1 + [ "$port" -ge 1 ] && [ "$port" -le 65535 ] || return 1 config_get protocol "$cfg" protocol case "$protocol" in - raw|rawlp|telnet|off) ;; + raw) + protocol="tcp" + ;; + rawlp) + protocol="tcp" + options="wronly" + ;; + telnet) + protocol="telnet,tcp" + + config_get_bool boolval "$cfg" remctl 0 + [ "$boolval" -eq 1 ] && protocol="telnet(rfc2217),tcp" + ;; + off) + enabled=0 + ;; *) return 1 esac - config_get timeout "$cfg" timeout 0 - config_get device "$cfg" device - [ -z "$device" ] && return 1 - config_get baudrate "$cfg" baudrate - [ -n "$baudrate" ] && append options "$baudrate" + if [ -n "$baudrate" ]; then + config_get parity "$cfg" parity + case "$parity" in + [Nn]one) parity=n ;; + [Oo]dd) parity=o ;; + [Ee]ven) parity=e ;; + "") ;; + *) return 1 + esac - config_get databits "$cfg" databits - if [ -n "$databits" ]; then - [ "$databits" -lt 5 -o "$databits" -gt 8 ] && return 1 - append options "${databits}DATABITS" + if [ -n "$parity" ]; then + config_get databits "$cfg" databits 8 + [ "$databits" -ge 5 ] && [ "$databits" -le 9 ] || return 1 + + config_get stopbits "$cfg" stopbits 1 + case "$stopbits" in + 1) ;; + 2) ;; + *) return 1 + esac + fi fi - config_get parity "$cfg" parity - parity=`echo "$parity" | tr '[a-z]' '[A-Z]'` - case "$parity" in - EVEN|ODD|NONE|MARK|SPACE) append options "$parity" ;; - "") ;; - *) return 1 - esac - - config_get stopbits "$cfg" stopbits - case "$stopbits" in - 1) append options "${stopbits}STOPBIT" ;; - 2) append options "${stopbits}STOPBITS" ;; - "") ;; - *) return 1 - esac - - config_get led_tx "$cfg" led_tx - [ -n "$led_tx" ] && append options "led-tx=$led_tx" - - config_get led_rx "$cfg" led_rx - [ -n "$led_rx" ] && append options "led-rx=$led_rx" + config_get timeout "$cfg" timeout 0 for key in rtscts local xonxoff nobreak hangup_when_done; do config_get_bool boolval "$cfg" "$key" [ -n "$boolval" ] || continue - append_bool options "$key" "$boolval" 1 + key=`echo "$key" | tr '_' '-'` + options="${options:+$options,}$key" + [ "$boolval" -eq 0 ] && options="$options=false" + done + + config_list_foreach "$cfg" options list_cb_append custom_options + + echo "connection: &$cfg" + echo " accepter: $protocol,$port" + echo " timeout: $timeout" + [ "$enabled" -eq 0 ] && echo " enable: off" + echo " connector: serialdev,$device${baudrate:+,$baudrate${parity:+$parity$databits$stopbits}}${options:+,$options}${custom_options:+,$custom_options}" + + for key in led_tx led_rx; do + config_get val "$cfg" "$key" + [ -n "$val" ] || continue + [ "$echo_options" -eq 1 ] && echo " options:" && echo_options=0 + key=`echo "$key" | tr '_' '-'` + echo " $key: *$val" done - for key in chardelay telnet_brk_on_sync kickolduser remctl; do + for key in chardelay telnet_brk_on_sync kickolduser; do config_get_bool boolval "$cfg" "$key" [ -n "$boolval" ] || continue - append_bool options "$key" "$boolval" 0 + [ "$echo_options" -eq 1 ] && echo " options:" && echo_options=0 + key=`echo "$key" | tr '_' '-'` + echo " $key: $boolval" done - config_list_foreach "$cfg" options list_cb_append options - - if [ "`echo "$device" | sed 's/://g'`" != "$device" ]; then - echo "DEVICE:$cfg:$device" - device="$cfg" - fi - - echo -e "$port:$protocol:$timeout:$device:$options\n" + echo } start_service() { @@ -169,15 +219,15 @@ start_service() { [ "$enabled" -gt 0 ] || return 0 cat "$STATICCFGFILE" - 2>/dev/null <<-EOF > "$DYNAMICCFGFILE" - + # # Following part is auto-generated from UCI settings in /etc/config/ser2net # EOF - config_foreach ser2net_controlport controlport >> "$DYNAMICCFGFILE" config_foreach ser2net_default default >> "$DYNAMICCFGFILE" config_foreach ser2net_led led >> "$DYNAMICCFGFILE" + config_foreach ser2net_controlport controlport >> "$DYNAMICCFGFILE" config_foreach ser2net_proxy proxy >> "$DYNAMICCFGFILE" procd_open_instance diff --git a/net/ser2net/files/ser2net.yaml b/net/ser2net/files/ser2net.yaml new file mode 100644 index 0000000000..8a46ef011a --- /dev/null +++ b/net/ser2net/files/ser2net.yaml @@ -0,0 +1,10 @@ +# This is a minimal example configuration file for ser2net. For a version with +# detailed comments and all possible configuration directives, please visit: +# https://github.com/cminyard/ser2net/blob/master/ser2net.yaml +# +# On OpenWrt/LEDE systems, this configuration serves as a base configuration. +# During boot of the system, the UCI configuration file /etc/config/ser2net is +# parsed and converted to additional configuration lines which are _appended_ +# to this file. The ser2net daemon is then started with the combined +# configuration file /tmp/ser2net.yaml. + diff --git a/net/ser2net/patches/001-fix-disabling-pam.patch b/net/ser2net/patches/001-fix-disabling-pam.patch deleted file mode 100644 index 02417d9253..0000000000 --- a/net/ser2net/patches/001-fix-disabling-pam.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/configure.ac -+++ b/configure.ac -@@ -39,7 +39,7 @@ AC_ARG_WITH(pam, - fi, - ) - --if test "use_pam" != "no"; then -+if test "$use_pam" != "no"; then - have_pam=yes - AC_CHECK_HEADER(security/pam_appl.h, [], [have_pam=no]) - if test "$have_pam" = "yes"; then diff --git a/net/snort3/Makefile b/net/snort3/Makefile index 33b879777c..2849135b20 100644 --- a/net/snort3/Makefile +++ b/net/snort3/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=snort3 -PKG_VERSION:=3.1.73.0 +PKG_VERSION:=3.1.74.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/snort3/snort3/archive/refs/tags/ -PKG_HASH:=d04edf07e9b695fb22de73f0987537d35b4c8466119940e39a056d1a13888b27 +PKG_HASH:=4a4529e74bc202303c0330ae8b2317f0bef3ac92ae7216df8cfedfce24ddd129 PKG_MAINTAINER:=W. Michael Petullo PKG_LICENSE:=GPL-2.0-only diff --git a/net/tinc/Makefile b/net/tinc/Makefile index 4f7018c5b2..3cfccd8162 100644 --- a/net/tinc/Makefile +++ b/net/tinc/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tinc PKG_VERSION:=1.1pre18 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://tinc-vpn.org/packages diff --git a/net/tinc/files/tinc.init b/net/tinc/files/tinc.init index 8823b97e74..86c2674723 100644 --- a/net/tinc/files/tinc.init +++ b/net/tinc/files/tinc.init @@ -91,11 +91,16 @@ prepare_host() { HOST_CONF_FILE="$TMP_TINC/$n/hosts/$s" MANDATORY_PARAM_IN_UCI=0 [ ! -f "/etc/tinc/$n/hosts/$s" ] && { - config_get pk "$s" "PublicKey" + config_get pk_i "$s" "PublicKey" + config_get pk_f "$s" "PublicKeyFile" + config_get pked_i "$s" "Ed25519PublicKey" + config_get pked_f "$s" "Ed25519PublicKeyFile" config_get na "$s" "Name" - if [ -n "$pk" -a -n "$na" ] ; then - HOST_CONF_FILE="$TMP_TINC/$n/hosts/$na" - MANDATORY_PARAM_IN_UCI=1 + if [ -n "$na" ] ; then + HOST_CONF_FILE="$TMP_TINC/$n/hosts/$na" + fi + if [ -n "$pk_i$pk_f$pked_i$pked_f" ] ; then + MANDATORY_PARAM_IN_UCI=1 fi } @@ -107,7 +112,7 @@ prepare_host() { [ ! -f "/etc/tinc/$n/hosts/$s" ] && { if [ "$MANDATORY_PARAM_IN_UCI" -eq 1 ] ; then - touch "$HOST_CONF_FILE" ; + touch "$HOST_CONF_FILE" else echo -n "tinc: Warning, public key for $s for network $n " echo -n "missing in /etc/tinc/$n/hosts/$s, " @@ -118,12 +123,25 @@ prepare_host() { # append flags append_conf_bools "$s" "$HOST_CONF_FILE" \ - ClampMSS IndirectData PMTUDiscovery TCPOnly + ClampMSS \ + IndirectData \ + PMTUDiscovery \ + TCPOnly # append params append_conf_params "$s" "$HOST_CONF_FILE" \ - Address Cipher Compression Digest Ed25519PublicKey MACLength Name PMTU \ - Port PublicKey PublicKeyFile Subnet + Address \ + Cipher \ + Compression \ + Digest \ + Ed25519PublicKey \ + Ed25519PublicKeyFile \ + MACLength \ + PMTU \ + Port \ + PublicKey \ + PublicKeyFile \ + Subnet } check_gen_own_key() { @@ -139,9 +157,9 @@ check_gen_own_key() { config_get k "$s" key_size if [ -z "$k" ]; then - $BIN -c "$TMP_TINC/$s" --generate-keys " +comment "//" + +# Declarations +color green "\<(let|const|function|this)\>" + +# Arrow functions +color green "(\<\w+\>|\([[:alnum:][:space:]_,.]*\))[[:space:]]*=>" + +# Flow control and keywords +color brightyellow "\<(while|if|else|elif|switch|case|default|for|in|endif|endfor|endwhile|endfunction)\>" +color brightyellow "\<(export|import|try|catch|delete)\>" + +# Exit points +color magenta "\<(break|continue|return)\>" + +# Numeric literals +color cyan "\<([0-9]+\.[0-9]+([eE][+-]?[0-9]+)?|[0-9]+[eE][+-]?[0-9]+)\>" +color cyan "\<0[xX][[:xdigit:]]+(\.[[:xdigit:]]+)?\>" +color cyan "\<(0[oO][0-7]+|0[bB][01]+|[0-9]+)\>" + +# Special values +color cyan "\<(true|false|null|NaN|Infinity)\>" + +# Strings +color brightmagenta ""([^"\{%#}]|\\.|\{[^"\{%#]|[%#}][^"\}]|[{%#}]\\.)*[{%#}]?"" +color brightmagenta "'([^'\{%#}]|\\.|\{[^'\{%#]|[%#}][^'\}]|[{%#}]\\.)*[{%#}]?'" +color brightmagenta "`([^`\{%#}]|\\.|\{[^`\{%#]|[%#}][^`\}]|[{%#}]\\.)*[{%#}]?`" + +# Template string expressions +color normal start="\$\{" end="}" + +# Comments +color brightblue "(^|[[:blank:]])//.*" +color brightblue start="(^|[[:space:]])/\*" end="\*/" +color brightblue start="\{#" end="#\}" + +# Trailing whitespace. +color ,green "[[:space:]]+$" + +# Text outside template directives +color slate start="[}%#]\}" end="\{[{%#]" +color slate start="^#!" end="\{[{%#]" +color slate "^([^{%#}]|\{[^{%#]|[%#}][^}])+\{[{%#]" + +# Template tags +color white "\{[{%][+-]?|-?[%}]\}" +color brightblue "\{#[+-]?|-?#\}"