diff options
Diffstat (limited to 'package/network')
77 files changed, 655 insertions, 1758 deletions
diff --git a/package/network/config/firewall4/Makefile b/package/network/config/firewall4/Makefile index 365a363303..6aacc05e36 100644 --- a/package/network/config/firewall4/Makefile +++ b/package/network/config/firewall4/Makefile @@ -9,9 +9,9 @@ PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=$(PROJECT_GIT)/project/firewall4.git -PKG_SOURCE_DATE:=2023-11-03 -PKG_SOURCE_VERSION:=698a53354fd280aae097efe08803c0c9a10c14c2 -PKG_MIRROR_HASH:=736b3d03cf0db1170242de20776b0095cc37d260108e4313f84eafb46b1be711 +PKG_SOURCE_DATE:=2024-05-21 +PKG_SOURCE_VERSION:=4c01d1ebf99e8ecfa69758a9b4f450ecef7b93cd +PKG_MIRROR_HASH:=bbc5622bc03e3b43116fcc86e3fa2d2372bfc07b3a00d2b3a6efac4f7454a403 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io> PKG_LICENSE:=ISC diff --git a/package/network/config/ltq-adsl-app/patches/001-stupid_breakage_fix.patch b/package/network/config/ltq-adsl-app/patches/001-stupid_breakage_fix.patch index a868678d1e..ed04b94ba2 100644 --- a/package/network/config/ltq-adsl-app/patches/001-stupid_breakage_fix.patch +++ b/package/network/config/ltq-adsl-app/patches/001-stupid_breakage_fix.patch @@ -1,6 +1,6 @@ ---- a/src/dsl_cpe_cli_access.c 2016-05-27 12:34:43.612485449 -0700 -+++ b/src/dsl_cpe_cli_access.c 2016-05-27 12:45:37.491727862 -0700 -@@ -1142,7 +1142,7 @@ +--- a/src/dsl_cpe_cli_access.c ++++ b/src/dsl_cpe_cli_access.c +@@ -1142,7 +1142,7 @@ DSL_CLI_LOCAL DSL_int_t DSL_CPE_CLI_Auto if ((ret < 0) && (autobootCtrl.accessCtl.nReturn < DSL_SUCCESS)) { @@ -9,7 +9,7 @@ } else { -@@ -1213,7 +1213,7 @@ +@@ -1213,7 +1213,7 @@ DSL_CLI_LOCAL DSL_int_t DSL_CPE_CLI_Auto if ((ret < 0) && (pData.accessCtl.nReturn < DSL_SUCCESS)) { @@ -18,7 +18,7 @@ } else { -@@ -1290,7 +1290,7 @@ +@@ -1290,7 +1290,7 @@ DSL_CLI_LOCAL DSL_int_t DSL_CPE_CLI_Line if ((ret < 0) && (pData.accessCtl.nReturn < DSL_SUCCESS)) { @@ -27,7 +27,7 @@ } else { -@@ -1355,7 +1355,7 @@ +@@ -1355,7 +1355,7 @@ DSL_CLI_LOCAL DSL_int_t DSL_CPE_CLI_Reso pCtx, &resourceUsageStatisticsData); if (ret < 0) { @@ -36,7 +36,7 @@ } else { -@@ -3084,7 +3084,7 @@ +@@ -3084,7 +3084,7 @@ DSL_CLI_LOCAL DSL_int_t DSL_CPE_CLI_G997 if ((ret < 0) && (pData->accessCtl.nReturn < DSL_SUCCESS)) { @@ -45,7 +45,7 @@ } else { -@@ -4654,7 +4654,7 @@ +@@ -4654,7 +4654,7 @@ DSL_CLI_LOCAL DSL_int_t DSL_CPE_CLI_G997 if ((ret < 0) && (pData.accessCtl.nReturn < DSL_SUCCESS)) { @@ -54,7 +54,7 @@ } else { -@@ -5714,7 +5714,7 @@ +@@ -5714,7 +5714,7 @@ DSL_CLI_LOCAL DSL_int_t DSL_CPE_CLI_G997 if ((ret < 0) && (pData.accessCtl.nReturn < DSL_SUCCESS)) { diff --git a/package/network/config/netifd/files/etc/init.d/packet_steering b/package/network/config/netifd/files/etc/init.d/packet_steering index d6f6afc2e1..5266a931ae 100755 --- a/package/network/config/netifd/files/etc/init.d/packet_steering +++ b/package/network/config/netifd/files/etc/init.d/packet_steering @@ -14,10 +14,12 @@ service_triggers() { } reload_service() { - packet_steering="$(uci get "network.@globals[0].packet_steering")" + packet_steering="$(uci -q get "network.@globals[0].packet_steering")" + steering_flows="$(uci -q get "network.@globals[0].steering_flows")" + [ "${steering_flows:-0}" -gt 0 ] && opts="-l $steering_flows" if [ -e "/usr/libexec/platform/packet-steering.sh" ]; then /usr/libexec/platform/packet-steering.sh "$packet_steering" else - /usr/libexec/network/packet-steering.uc "$packet_steering" + /usr/libexec/network/packet-steering.uc $opts "$packet_steering" fi } diff --git a/package/network/config/netifd/files/usr/libexec/network/packet-steering.uc b/package/network/config/netifd/files/usr/libexec/network/packet-steering.uc index 72f96024d8..a578e28879 100755 --- a/package/network/config/netifd/files/usr/libexec/network/packet-steering.uc +++ b/package/network/config/netifd/files/usr/libexec/network/packet-steering.uc @@ -9,8 +9,11 @@ let eth_bias = 2.0; let debug = 0, do_nothing = 0; let disable; let cpus; +let all_cpus; +let local_flows = 0; -for (let arg in ARGV) { +while (length(ARGV) > 0) { + let arg = shift(ARGV); switch (arg) { case "-d": debug++; @@ -21,6 +24,12 @@ for (let arg in ARGV) { case '0': disable = true; break; + case '2': + all_cpus = true; + break; + case '-l': + local_flows = +shift(ARGV); + break; } } @@ -46,9 +55,19 @@ function set_task_cpu(pid, cpu) { system(`taskset -p -c ${cpu} ${pid}`); } +function cpu_mask(cpu) +{ + let mask; + if (cpu < 0) + mask = (1 << length(cpus)) - 1; + else + mask = (1 << int(cpu)); + return sprintf("%x", mask); +} + function set_netdev_cpu(dev, cpu) { let queues = glob(`/sys/class/net/${dev}/queues/rx-*/rps_cpus`); - let val = sprintf("%x", (1 << int(cpu))); + let val = cpu_mask(cpu); if (disable) val = 0; for (let queue in queues) { @@ -57,6 +76,13 @@ function set_netdev_cpu(dev, cpu) { if (!do_nothing) writefile(queue, `${val}`); } + queues = glob(`/sys/class/net/${dev}/queues/rx-*/rps_flow_cnt`); + for (let queue in queues) { + if (debug || do_nothing) + warn(`echo ${local_flows} > ${queue}\n`); + if (!do_nothing) + writefile(queue, `${local_flows}`); + } } function task_device_match(name, device) @@ -173,7 +199,12 @@ function assign_dev_cpu(dev) { } if (length(dev.netdev) > 0) { - let cpu = dev.rx_cpu = get_next_cpu(rx_weight, dev.napi_cpu); + let cpu; + if (all_cpus) + cpu = -1; + else + cpu = get_next_cpu(rx_weight, dev.napi_cpu); + dev.rx_cpu = cpu; for (let netdev in dev.netdev) set_netdev_cpu(netdev, cpu); } diff --git a/package/network/ipv6/thc-ipv6/patches/101-remove-march-native.patch b/package/network/ipv6/thc-ipv6/patches/101-remove-march-native.patch index da6c7caa7c..b397f402b1 100644 --- a/package/network/ipv6/thc-ipv6/patches/101-remove-march-native.patch +++ b/package/network/ipv6/thc-ipv6/patches/101-remove-march-native.patch @@ -1,6 +1,6 @@ --- a/Makefile +++ b/Makefile -@@ -7,7 +7,7 @@ HAVE_SSL=yes +@@ -7,7 +7,7 @@ #CC=gcc #CFLAGS=-g diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in index 7ffe7684d4..0d012b21b0 100644 --- a/package/network/services/dropbear/Config.in +++ b/package/network/services/dropbear/Config.in @@ -186,7 +186,6 @@ config DROPBEAR_MODERN_ONLY and disables: - AES - RSA - - SHA1 Reduces binary size by about 64 kB (MIPS) from default configuration. diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index 2d7ce75b8d..3812602b35 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -8,18 +8,18 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dropbear -PKG_VERSION:=2022.83 +PKG_VERSION:=2024.85 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:= \ https://matt.ucc.asn.au/dropbear/releases/ \ https://dropbear.nl/mirror/releases/ -PKG_HASH:=bc5a121ffbc94b5171ad5ebe01be42746d50aa797c9549a4639894a16749443b +PKG_HASH:=86b036c433a69d89ce51ebae335d65c47738ccf90d13e5eb0fea832e556da502 PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE -PKG_CPE_ID:=cpe:/a:matt_johnston:dropbear_ssh_server +PKG_CPE_ID:=cpe:/a:dropbear_ssh_project:dropbear_ssh PKG_BUILD_PARALLEL:=1 PKG_ASLR_PIE_REGULAR:=1 @@ -57,7 +57,7 @@ define Package/dropbear CATEGORY:=Base system TITLE:=Small SSH2 client/server DEPENDS:= +DROPBEAR_ZLIB:zlib - ALTERNATIVES:= + ALTERNATIVES:=100:/usr/bin/ssh-keygen:/usr/sbin/dropbear $(if $(CONFIG_DROPBEAR_SCP),ALTERNATIVES+= \ 100:/usr/bin/scp:/usr/sbin/dropbear,) $(if $(CONFIG_DROPBEAR_DBCLIENT),ALTERNATIVES+= \ @@ -103,7 +103,7 @@ CONFIGURE_ARGS += \ ############################################################################## # # option,value - add option to localoptions.h -# !!option,value - replace option in sysoptions.h +# !!option,value - replace option in src/sysoptions.h # ############################################################################## @@ -132,7 +132,7 @@ DB_OPT_COMMON = \ ############################################################################## # # option,config,enabled,disabled = add option to localoptions.h -# !!option,config,enabled,disabled = replace option in sysoptions.h +# !!option,config,enabled,disabled = replace option in src/sysoptions.h # # option := (config) ? enabled : disabled # @@ -164,7 +164,7 @@ TARGET_CFLAGS += -DARGTYPE=3 xsedx:=$(shell printf '\027') db_opt_add =echo '\#define $(1) $(2)' >> $(PKG_BUILD_DIR)/localoptions.h -db_opt_replace =$(ESED) '/^\#define $(1) .*$$$$/{h;:a;$$$$!n;/^\#.+$$$$/bb;/^$$$$/bb;H;ba;:b;x;s$(xsedx)^.+$$$$$(xsedx)\#define $(1) $(2)$(xsedx)p;x};p' -n $(PKG_BUILD_DIR)/sysoptions.h +db_opt_replace =$(ESED) '/^\#define $(1) .*$$$$/{h;:a;$$$$!n;/^\#.+$$$$/bb;/^$$$$/bb;H;ba;:b;x;s$(xsedx)^.+$$$$$(xsedx)\#define $(1) $(2)$(xsedx)p;x};p' -n $(PKG_BUILD_DIR)/src/sysoptions.h define Build/Configure/dropbear_headers $(strip $(foreach s,$(DB_OPT_COMMON), \ diff --git a/package/network/services/dropbear/files/dropbear.init b/package/network/services/dropbear/files/dropbear.init index 21570987c4..708fabd326 100755 --- a/package/network/services/dropbear/files/dropbear.init +++ b/package/network/services/dropbear/files/dropbear.init @@ -261,7 +261,7 @@ dropbear_instance() esac local c=0 - # sysoptions.h + # src/sysoptions.h local DROPBEAR_MAX_PORTS=10 local a n if_ipaddrs @@ -341,7 +341,7 @@ dropbear_instance() # ref: validate_section_dropbear() # default receive window size is 24576 (DEFAULT_RECV_WINDOW in default_options.h) - # sysoptions.h + # src/sysoptions.h local MAX_RECV_WINDOW=10485760 if [ "${RecvWindowSize}" -gt ${MAX_RECV_WINDOW} ] ; then # separate logging is required because syslog misses dropbear's message diff --git a/package/network/services/dropbear/patches/001-add-if-DROPBEAR_RSA-guards.patch b/package/network/services/dropbear/patches/001-add-if-DROPBEAR_RSA-guards.patch deleted file mode 100644 index ad1a20c520..0000000000 --- a/package/network/services/dropbear/patches/001-add-if-DROPBEAR_RSA-guards.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 36a03132634a17c667c0fac0a8e1519b3d1b71c6 Mon Sep 17 00:00:00 2001 -From: Matt Johnston <matt@ucc.asn.au> -Date: Mon, 28 Nov 2022 21:12:23 +0800 -Subject: Add #if DROPBEAR_RSA guards - -Fixes building with DROPBEAR_RSA disabled. -Closes #197 ---- - signkey.c | 8 +++++++- - signkey.h | 2 ++ - sysoptions.h | 5 +---- - 3 files changed, 10 insertions(+), 5 deletions(-) - ---- a/signkey.c -+++ b/signkey.c -@@ -120,6 +120,7 @@ enum signkey_type signkey_type_from_name - /* Special case for rsa-sha2-256. This could be generalised if more - signature names are added that aren't 1-1 with public key names */ - const char* signature_name_from_type(enum signature_type type, unsigned int *namelen) { -+#if DROPBEAR_RSA - #if DROPBEAR_RSA_SHA256 - if (type == DROPBEAR_SIGNATURE_RSA_SHA256) { - if (namelen) { -@@ -136,11 +137,13 @@ const char* signature_name_from_type(enu - return SSH_SIGNKEY_RSA; - } - #endif -+#endif /* DROPBEAR_RSA */ - return signkey_name_from_type((enum signkey_type)type, namelen); - } - - /* Returns DROPBEAR_SIGNATURE_NONE if none match */ - enum signature_type signature_type_from_name(const char* name, unsigned int namelen) { -+#if DROPBEAR_RSA - #if DROPBEAR_RSA_SHA256 - if (namelen == strlen(SSH_SIGNATURE_RSA_SHA256) - && memcmp(name, SSH_SIGNATURE_RSA_SHA256, namelen) == 0) { -@@ -153,10 +156,11 @@ enum signature_type signature_type_from_ - return DROPBEAR_SIGNATURE_RSA_SHA1; - } - #endif -+#endif /* DROPBEAR_RSA */ - return (enum signature_type)signkey_type_from_name(name, namelen); - } - --/* Returns the signature type from a key type. Must not be called -+/* Returns the signature type from a key type. Must not be called - with RSA keytype */ - enum signature_type signature_type_from_signkey(enum signkey_type keytype) { - #if DROPBEAR_RSA -@@ -167,6 +171,7 @@ enum signature_type signature_type_from_ - } - - enum signkey_type signkey_type_from_signature(enum signature_type sigtype) { -+#if DROPBEAR_RSA - #if DROPBEAR_RSA_SHA256 - if (sigtype == DROPBEAR_SIGNATURE_RSA_SHA256) { - return DROPBEAR_SIGNKEY_RSA; -@@ -177,6 +182,7 @@ enum signkey_type signkey_type_from_sign - return DROPBEAR_SIGNKEY_RSA; - } - #endif -+#endif /* DROPBEAR_RSA */ - assert((int)sigtype < (int)DROPBEAR_SIGNKEY_NUM_NAMED); - return (enum signkey_type)sigtype; - } ---- a/signkey.h -+++ b/signkey.h -@@ -79,12 +79,14 @@ enum signature_type { - DROPBEAR_SIGNATURE_SK_ED25519 = DROPBEAR_SIGNKEY_SK_ED25519, - #endif - #endif -+#if DROPBEAR_RSA - #if DROPBEAR_RSA_SHA1 - DROPBEAR_SIGNATURE_RSA_SHA1 = 100, /* ssh-rsa signature (sha1) */ - #endif - #if DROPBEAR_RSA_SHA256 - DROPBEAR_SIGNATURE_RSA_SHA256 = 101, /* rsa-sha2-256 signature. has a ssh-rsa key */ - #endif -+#endif /* DROPBEAR_RSA */ - DROPBEAR_SIGNATURE_NONE = DROPBEAR_SIGNKEY_NONE, - }; - ---- a/sysoptions.h -+++ b/sysoptions.h -@@ -137,7 +137,7 @@ - - /* Debian doesn't define this in system headers */ - #if !defined(LTM_DESC) && (DROPBEAR_ECC) --#define LTM_DESC -+#define LTM_DESC - #endif - - #define DROPBEAR_ECC_256 (DROPBEAR_ECC) -@@ -151,9 +151,6 @@ - * signing operations slightly slower. */ - #define DROPBEAR_RSA_BLINDING 1 - --#ifndef DROPBEAR_RSA_SHA1 --#define DROPBEAR_RSA_SHA1 DROPBEAR_RSA --#endif - #ifndef DROPBEAR_RSA_SHA256 - #define DROPBEAR_RSA_SHA256 DROPBEAR_RSA - #endif diff --git a/package/network/services/dropbear/patches/002-fix-y2038-issues.patch b/package/network/services/dropbear/patches/002-fix-y2038-issues.patch deleted file mode 100644 index 0654e3b98b..0000000000 --- a/package/network/services/dropbear/patches/002-fix-y2038-issues.patch +++ /dev/null @@ -1,198 +0,0 @@ -From ec2215726cffb976019d08ebf569edd2229e9dba Mon Sep 17 00:00:00 2001 -From: Matt Johnston <matt@ucc.asn.au> -Date: Thu, 1 Dec 2022 11:34:43 +0800 -Subject: Fix y2038 issues with time_t conversion - -These changes were identified by building with and without --D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64 -on 32-bit arm, logging warnings to files. --Wconversion was added to CFLAGS in both builds. - -Then a "diff -I Wconversion log1 log2" shows new warnings that appear -with the 64-bit time_t. There are a few false positives that have been -fixed for quietness. - -struct logininfo and struct wtmp are still problematic, those will -need to be handled by libc. ---- - common-session.c | 43 +++++++++++++++++++++++++++---------------- - dbutil.c | 2 +- - loginrec.c | 2 ++ - loginrec.h | 4 ++-- - runopts.h | 4 ++-- - svr-auth.c | 2 +- - 6 files changed, 35 insertions(+), 22 deletions(-) - ---- a/common-session.c -+++ b/common-session.c -@@ -519,15 +519,24 @@ static void send_msg_keepalive() { - ses.last_packet_time_idle = old_time_idle; - } - -+/* Returns the difference in seconds, clamped to LONG_MAX */ -+static long elapsed(time_t now, time_t prev) { -+ time_t del = now - prev; -+ if (del > LONG_MAX) { -+ return LONG_MAX; -+ } -+ return (long)del; -+} -+ - /* Check all timeouts which are required. Currently these are the time for - * user authentication, and the automatic rekeying. */ - static void checktimeouts() { - - time_t now; - now = monotonic_now(); -- -+ - if (IS_DROPBEAR_SERVER && ses.connect_time != 0 -- && now - ses.connect_time >= AUTH_TIMEOUT) { -+ && elapsed(now, ses.connect_time) >= AUTH_TIMEOUT) { - dropbear_close("Timeout before auth"); - } - -@@ -537,45 +546,47 @@ static void checktimeouts() { - } - - if (!ses.kexstate.sentkexinit -- && (now - ses.kexstate.lastkextime >= KEX_REKEY_TIMEOUT -+ && (elapsed(now, ses.kexstate.lastkextime) >= KEX_REKEY_TIMEOUT - || ses.kexstate.datarecv+ses.kexstate.datatrans >= KEX_REKEY_DATA)) { - TRACE(("rekeying after timeout or max data reached")) - send_msg_kexinit(); - } -- -+ - if (opts.keepalive_secs > 0 && ses.authstate.authdone) { - /* Avoid sending keepalives prior to auth - those are - not valid pre-auth packet types */ - - /* Send keepalives if we've been idle */ -- if (now - ses.last_packet_time_any_sent >= opts.keepalive_secs) { -+ if (elapsed(now, ses.last_packet_time_any_sent) >= opts.keepalive_secs) { - send_msg_keepalive(); - } - - /* Also send an explicit keepalive message to trigger a response - if the remote end hasn't sent us anything */ -- if (now - ses.last_packet_time_keepalive_recv >= opts.keepalive_secs -- && now - ses.last_packet_time_keepalive_sent >= opts.keepalive_secs) { -+ if (elapsed(now, ses.last_packet_time_keepalive_recv) >= opts.keepalive_secs -+ && elapsed(now, ses.last_packet_time_keepalive_sent) >= opts.keepalive_secs) { - send_msg_keepalive(); - } - -- if (now - ses.last_packet_time_keepalive_recv -+ if (elapsed(now, ses.last_packet_time_keepalive_recv) - >= opts.keepalive_secs * DEFAULT_KEEPALIVE_LIMIT) { - dropbear_exit("Keepalive timeout"); - } - } - -- if (opts.idle_timeout_secs > 0 -- && now - ses.last_packet_time_idle >= opts.idle_timeout_secs) { -+ if (opts.idle_timeout_secs > 0 -+ && elapsed(now, ses.last_packet_time_idle) >= opts.idle_timeout_secs) { - dropbear_close("Idle timeout"); - } - } - --static void update_timeout(long limit, long now, long last_event, long * timeout) { -- TRACE2(("update_timeout limit %ld, now %ld, last %ld, timeout %ld", -- limit, now, last_event, *timeout)) -+static void update_timeout(long limit, time_t now, time_t last_event, long * timeout) { -+ TRACE2(("update_timeout limit %ld, now %llu, last %llu, timeout %ld", -+ limit, -+ (unsigned long long)now, -+ (unsigned long long)last_event, *timeout)) - if (last_event > 0 && limit > 0) { -- *timeout = MIN(*timeout, last_event+limit-now); -+ *timeout = MIN(*timeout, elapsed(now, last_event) + limit); - TRACE2(("new timeout %ld", *timeout)) - } - } -@@ -584,7 +595,7 @@ static long select_timeout() { - /* determine the minimum timeout that might be required, so - as to avoid waking when unneccessary */ - long timeout = KEX_REKEY_TIMEOUT; -- long now = monotonic_now(); -+ time_t now = monotonic_now(); - - if (!ses.kexstate.sentkexinit) { - update_timeout(KEX_REKEY_TIMEOUT, now, ses.kexstate.lastkextime, &timeout); -@@ -596,7 +607,7 @@ static long select_timeout() { - } - - if (ses.authstate.authdone) { -- update_timeout(opts.keepalive_secs, now, -+ update_timeout(opts.keepalive_secs, now, - MAX(ses.last_packet_time_keepalive_recv, ses.last_packet_time_keepalive_sent), - &timeout); - } ---- a/dbutil.c -+++ b/dbutil.c -@@ -724,7 +724,7 @@ void gettime_wrapper(struct timespec *no - /* Fallback for everything else - this will sometimes go backwards */ - gettimeofday(&tv, NULL); - now->tv_sec = tv.tv_sec; -- now->tv_nsec = 1000*tv.tv_usec; -+ now->tv_nsec = 1000*(long)tv.tv_usec; - } - - /* second-resolution monotonic timestamp */ ---- a/loginrec.c -+++ b/loginrec.c -@@ -459,6 +459,7 @@ line_abbrevname(char *dst, const char *s - void - set_utmp_time(struct logininfo *li, struct utmp *ut) - { -+ /* struct utmp in glibc isn't y2038 safe yet */ - # ifdef HAVE_STRUCT_UTMP_UT_TV - ut->ut_tv.tv_sec = li->tv_sec; - ut->ut_tv.tv_usec = li->tv_usec; -@@ -1272,6 +1273,7 @@ lastlog_construct(struct logininfo *li, - (void)line_stripname(last->ll_line, li->line, sizeof(last->ll_line)); - strlcpy(last->ll_host, li->hostname, - MIN_SIZEOF(last->ll_host, li->hostname)); -+ /* struct lastlog in glibc isn't y2038 safe yet */ - last->ll_time = li->tv_sec; - } - ---- a/loginrec.h -+++ b/loginrec.h -@@ -139,8 +139,8 @@ struct logininfo { - /* struct timeval (sys/time.h) isn't always available, if it isn't we'll - * use time_t's value as tv_sec and set tv_usec to 0 - */ -- unsigned int tv_sec; -- unsigned int tv_usec; -+ time_t tv_sec; -+ suseconds_t tv_usec; - union login_netinfo hostaddr; /* caller's host address(es) */ - }; /* struct logininfo */ - ---- a/runopts.h -+++ b/runopts.h -@@ -39,8 +39,8 @@ typedef struct runopts { - int listen_fwd_all; - #endif - unsigned int recv_window; -- time_t keepalive_secs; /* Time between sending keepalives. 0 is off */ -- time_t idle_timeout_secs; /* Exit if no traffic is sent/received in this time */ -+ long keepalive_secs; /* Time between sending keepalives. 0 is off */ -+ long idle_timeout_secs; /* Exit if no traffic is sent/received in this time */ - int usingsyslog; - - #ifndef DISABLE_ZLIB ---- a/svr-auth.c -+++ b/svr-auth.c -@@ -389,7 +389,7 @@ void send_msg_userauth_failure(int parti - Beware of integer overflow if increasing these values */ - const unsigned int mindelay = 250000000; - const unsigned int vardelay = 100000000; -- unsigned int rand_delay; -+ suseconds_t rand_delay; - struct timespec delay; - - gettime_wrapper(&delay); diff --git a/package/network/services/dropbear/patches/003-fix-DROPBEAR_DSS.patch b/package/network/services/dropbear/patches/003-fix-DROPBEAR_DSS.patch deleted file mode 100644 index 6789800e12..0000000000 --- a/package/network/services/dropbear/patches/003-fix-DROPBEAR_DSS.patch +++ /dev/null @@ -1,25 +0,0 @@ -From c043efb47c3173072fa636ca0da0d19875d4511f Mon Sep 17 00:00:00 2001 -From: Matt Johnston <matt@ucc.asn.au> -Date: Tue, 6 Dec 2022 22:34:11 +0800 -Subject: Fix so DROPBEAR_DSS is only forced for fuzzing - -Regression from 787391ea3b5af2acf5e3c83372510f0c79477ad7, -was missing fuzzing conditional ---- - sysoptions.h | 2 ++ - 1 file changed, 2 insertions(+) - ---- a/sysoptions.h -+++ b/sysoptions.h -@@ -380,9 +380,11 @@ - #endif - - /* Fuzzing expects all key types to be enabled */ -+#if DROPBEAR_FUZZ - #if defined(DROPBEAR_DSS) - #undef DROPBEAR_DSS - #endif - #define DROPBEAR_DSS 1 -+#endif - - /* no include guard for this file */ diff --git a/package/network/services/dropbear/patches/004-allow-users-s-own-gid-in-pty-permission-check.patch b/package/network/services/dropbear/patches/004-allow-users-s-own-gid-in-pty-permission-check.patch deleted file mode 100644 index bcb43aed2a..0000000000 --- a/package/network/services/dropbear/patches/004-allow-users-s-own-gid-in-pty-permission-check.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 860721558837441ab45019858e710a2625ffa46e Mon Sep 17 00:00:00 2001 -From: Matt Johnston <matt@ucc.asn.au> -Date: Wed, 7 Dec 2022 13:04:10 +0800 -Subject: Allow users's own gid in pty permission check - -This allows non-root Dropbear to work even without devpts gid=5 mount -option on Linux. ---- - sshpty.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - ---- a/sshpty.c -+++ b/sshpty.c -@@ -380,7 +380,9 @@ pty_setowner(struct passwd *pw, const ch - tty_name, strerror(errno)); - } - -- if (st.st_uid != pw->pw_uid || st.st_gid != gid) { -+ /* Allow either "tty" gid or user's own gid. On Linux with openpty() -+ * this varies depending on the devpts mount options */ -+ if (st.st_uid != pw->pw_uid || !(st.st_gid == gid || st.st_gid == pw->pw_gid)) { - if (chown(tty_name, pw->pw_uid, gid) < 0) { - if (errno == EROFS && - (st.st_uid == pw->pw_uid || st.st_uid == 0)) { diff --git a/package/network/services/dropbear/patches/005-const-parameter-mp_int.patch b/package/network/services/dropbear/patches/005-const-parameter-mp_int.patch deleted file mode 100644 index 0d23c9c416..0000000000 --- a/package/network/services/dropbear/patches/005-const-parameter-mp_int.patch +++ /dev/null @@ -1,123 +0,0 @@ -From 01415ef8269e594a647f67ea0729ca8b590679de Mon Sep 17 00:00:00 2001 -From: Francois Perrad <francois.perrad@gadz.org> -Date: Thu, 22 Dec 2022 10:19:54 +0100 -Subject: const parameter mp_int - ---- - bignum.c | 2 +- - bignum.h | 2 +- - buffer.c | 2 +- - buffer.h | 2 +- - dbrandom.c | 2 +- - dbrandom.h | 2 +- - dbutil.c | 2 +- - dbutil.h | 2 +- - genrsa.c | 4 ++-- - 9 files changed, 10 insertions(+), 10 deletions(-) - ---- a/bignum.c -+++ b/bignum.c -@@ -93,7 +93,7 @@ void bytes_to_mp(mp_int *mp, const unsig - - /* hash the ssh representation of the mp_int mp */ - void hash_process_mp(const struct ltc_hash_descriptor *hash_desc, -- hash_state *hs, mp_int *mp) { -+ hash_state *hs, const mp_int *mp) { - buffer * buf; - - buf = buf_new(512 + 20); /* max buffer is a 4096 bit key, ---- a/bignum.h -+++ b/bignum.h -@@ -33,6 +33,6 @@ void m_mp_alloc_init_multi(mp_int **mp, - void m_mp_free_multi(mp_int **mp, ...) ATTRIB_SENTINEL; - void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len); - void hash_process_mp(const struct ltc_hash_descriptor *hash_desc, -- hash_state *hs, mp_int *mp); -+ hash_state *hs, const mp_int *mp); - - #endif /* DROPBEAR_BIGNUM_H_ */ ---- a/buffer.c -+++ b/buffer.c -@@ -299,7 +299,7 @@ void buf_putbytes(buffer *buf, const uns - - /* for our purposes we only need positive (or 0) numbers, so will - * fail if we get negative numbers */ --void buf_putmpint(buffer* buf, mp_int * mp) { -+void buf_putmpint(buffer* buf, const mp_int * mp) { - size_t written; - unsigned int len, pad = 0; - TRACE2(("enter buf_putmpint")) ---- a/buffer.h -+++ b/buffer.h -@@ -65,7 +65,7 @@ void buf_putint(buffer* buf, unsigned in - void buf_putstring(buffer* buf, const char* str, unsigned int len); - void buf_putbufstring(buffer *buf, const buffer* buf_str); - void buf_putbytes(buffer *buf, const unsigned char *bytes, unsigned int len); --void buf_putmpint(buffer* buf, mp_int * mp); -+void buf_putmpint(buffer* buf, const mp_int * mp); - int buf_getmpint(buffer* buf, mp_int* mp); - unsigned int buf_getint(buffer* buf); - ---- a/dbrandom.c -+++ b/dbrandom.c -@@ -347,7 +347,7 @@ void genrandom(unsigned char* buf, unsig - * rand must be an initialised *mp_int for the result. - * the result rand satisfies: 0 < rand < max - * */ --void gen_random_mpint(mp_int *max, mp_int *rand) { -+void gen_random_mpint(const mp_int *max, mp_int *rand) { - - unsigned char *randbuf = NULL; - unsigned int len = 0; ---- a/dbrandom.h -+++ b/dbrandom.h -@@ -30,6 +30,6 @@ - void seedrandom(void); - void genrandom(unsigned char* buf, unsigned int len); - void addrandom(const unsigned char * buf, unsigned int len); --void gen_random_mpint(mp_int *max, mp_int *rand); -+void gen_random_mpint(const mp_int *max, mp_int *rand); - - #endif /* DROPBEAR_RANDOM_H_ */ ---- a/dbutil.c -+++ b/dbutil.c -@@ -442,7 +442,7 @@ void printhex(const char * label, const - } - } - --void printmpint(const char *label, mp_int *mp) { -+void printmpint(const char *label, const mp_int *mp) { - buffer *buf = buf_new(1000); - buf_putmpint(buf, mp); - fprintf(stderr, "%d bits ", mp_count_bits(mp)); ---- a/dbutil.h -+++ b/dbutil.h -@@ -53,7 +53,7 @@ void dropbear_trace3(const char* format, - void dropbear_trace4(const char* format, ...) ATTRIB_PRINTF(1,2); - void dropbear_trace5(const char* format, ...) ATTRIB_PRINTF(1,2); - void printhex(const char * label, const unsigned char * buf, int len); --void printmpint(const char *label, mp_int *mp); -+void printmpint(const char *label, const mp_int *mp); - void debug_start_net(void); - extern int debug_trace; - #endif ---- a/genrsa.c -+++ b/genrsa.c -@@ -34,7 +34,7 @@ - #if DROPBEAR_RSA - - static void getrsaprime(mp_int* prime, mp_int *primeminus, -- mp_int* rsa_e, unsigned int size_bytes); -+ const mp_int* rsa_e, unsigned int size_bytes); - - /* mostly taken from libtomcrypt's rsa key generation routine */ - dropbear_rsa_key * gen_rsa_priv_key(unsigned int size) { -@@ -89,7 +89,7 @@ dropbear_rsa_key * gen_rsa_priv_key(unsi - - /* return a prime suitable for p or q */ - static void getrsaprime(mp_int* prime, mp_int *primeminus, -- mp_int* rsa_e, unsigned int size_bytes) { -+ const mp_int* rsa_e, unsigned int size_bytes) { - - unsigned char *buf; - int trials; diff --git a/package/network/services/dropbear/patches/006-dropbearkey-add-missing-break-in-switch.patch b/package/network/services/dropbear/patches/006-dropbearkey-add-missing-break-in-switch.patch deleted file mode 100644 index c7011021c1..0000000000 --- a/package/network/services/dropbear/patches/006-dropbearkey-add-missing-break-in-switch.patch +++ /dev/null @@ -1,21 +0,0 @@ -From 39d955c49f31fc155e885447ee2be61c869d8c2d Mon Sep 17 00:00:00 2001 -From: Matt Johnston <matt@ucc.asn.au> -Date: Tue, 3 Jan 2023 22:05:14 +0800 -Subject: Add missing break in switch - -Has no effect on execution, the fallthrough does nothing -Closes #208 ---- - dropbearkey.c | 1 + - 1 file changed, 1 insertion(+) - ---- a/dropbearkey.c -+++ b/dropbearkey.c -@@ -139,6 +139,7 @@ static void check_signkey_bits(enum sign - dropbear_exit("DSS keys have a fixed size of 1024 bits\n"); - exit(EXIT_FAILURE); - } -+ break; - #endif - default: - (void)0; /* quiet, compiler. ecdsa handles checks itself */ diff --git a/package/network/services/dropbear/patches/007-fix-building-only-client-or-server.patch b/package/network/services/dropbear/patches/007-fix-building-only-client-or-server.patch deleted file mode 100644 index 5fcfaad180..0000000000 --- a/package/network/services/dropbear/patches/007-fix-building-only-client-or-server.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 7a53c7f0f4b3eb23e002819553cb45558642c01d Mon Sep 17 00:00:00 2001 -From: Matt Johnston <matt@ucc.asn.au> -Date: Wed, 4 Jan 2023 20:32:23 +0800 -Subject: Fix building only client or server - -Regressed when -Wundef was added - -Fixes #210 ---- - sysoptions.h | 8 ++++++++ - 1 file changed, 8 insertions(+) - ---- a/sysoptions.h -+++ b/sysoptions.h -@@ -10,6 +10,14 @@ - #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION - #define PROGNAME "dropbear" - -+#ifndef DROPBEAR_CLIENT -+#define DROPBEAR_CLIENT 0 -+#endif -+ -+#ifndef DROPBEAR_SERVER -+#define DROPBEAR_SERVER 0 -+#endif -+ - /* Spec recommends after one hour or 1 gigabyte of data. One hour - * is a bit too verbose, so we try 8 hours */ - #ifndef KEX_REKEY_TIMEOUT diff --git a/package/network/services/dropbear/patches/008-disable-rsa-signatures-when-no-rsa-hostkey.patch b/package/network/services/dropbear/patches/008-disable-rsa-signatures-when-no-rsa-hostkey.patch deleted file mode 100644 index 4f675234ff..0000000000 --- a/package/network/services/dropbear/patches/008-disable-rsa-signatures-when-no-rsa-hostkey.patch +++ /dev/null @@ -1,94 +0,0 @@ -From a113381c12a2da3c9b7bd594f47a1b2657bdfdf2 Mon Sep 17 00:00:00 2001 -From: Matt Johnston <matt@ucc.asn.au> -Date: Sun, 12 Feb 2023 22:44:32 +0800 -Subject: Disable rsa signatures when no rsa hostkey - -Otherwise Dropbear will offer RSA as a hostkey signature option, but the -session will exit with an assertion or NULL pointer dereference once -that algorithm is negotiated. - -This likely regressed in 2020.79 when signature vs key type enums were -split, for rsa-sha256. - -Fixes #219 on github ---- - svr-runopts.c | 21 +++++++++++---------- - 1 file changed, 11 insertions(+), 10 deletions(-) - ---- a/svr-runopts.c -+++ b/svr-runopts.c -@@ -505,11 +505,11 @@ static void addportandaddress(const char - svr_opts.portcount++; - } - --static void disablekey(int type) { -+static void disablekey(enum signature_type type) { - int i; - TRACE(("Disabling key type %d", type)) - for (i = 0; sigalgs[i].name != NULL; i++) { -- if (sigalgs[i].val == type) { -+ if ((int)sigalgs[i].val == (int)type) { - sigalgs[i].usable = 0; - break; - } -@@ -624,7 +624,8 @@ void load_all_hostkeys() { - - #if DROPBEAR_RSA - if (!svr_opts.delay_hostkey && !svr_opts.hostkey->rsakey) { -- disablekey(DROPBEAR_SIGNKEY_RSA); -+ disablekey(DROPBEAR_SIGNATURE_RSA_SHA256); -+ disablekey(DROPBEAR_SIGNATURE_RSA_SHA1); - } else { - any_keys = 1; - } -@@ -632,7 +633,7 @@ void load_all_hostkeys() { - - #if DROPBEAR_DSS - if (!svr_opts.delay_hostkey && !svr_opts.hostkey->dsskey) { -- disablekey(DROPBEAR_SIGNKEY_DSS); -+ disablekey(DROPBEAR_SIGNATURE_DSS); - } else { - any_keys = 1; - } -@@ -666,35 +667,35 @@ void load_all_hostkeys() { - #if DROPBEAR_ECC_256 - if (!svr_opts.hostkey->ecckey256 - && (!svr_opts.delay_hostkey || loaded_any_ecdsa || ECDSA_DEFAULT_SIZE != 256 )) { -- disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP256); -+ disablekey(DROPBEAR_SIGNATURE_ECDSA_NISTP256); - } - #endif - #if DROPBEAR_ECC_384 - if (!svr_opts.hostkey->ecckey384 - && (!svr_opts.delay_hostkey || loaded_any_ecdsa || ECDSA_DEFAULT_SIZE != 384 )) { -- disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP384); -+ disablekey(DROPBEAR_SIGNATURE_ECDSA_NISTP384); - } - #endif - #if DROPBEAR_ECC_521 - if (!svr_opts.hostkey->ecckey521 - && (!svr_opts.delay_hostkey || loaded_any_ecdsa || ECDSA_DEFAULT_SIZE != 521 )) { -- disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP521); -+ disablekey(DROPBEAR_SIGNATURE_ECDSA_NISTP521); - } - #endif - #endif /* DROPBEAR_ECDSA */ - - #if DROPBEAR_ED25519 - if (!svr_opts.delay_hostkey && !svr_opts.hostkey->ed25519key) { -- disablekey(DROPBEAR_SIGNKEY_ED25519); -+ disablekey(DROPBEAR_SIGNATURE_ED25519); - } else { - any_keys = 1; - } - #endif - #if DROPBEAR_SK_ECDSA -- disablekey(DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256); -+ disablekey(DROPBEAR_SIGNATURE_SK_ECDSA_NISTP256); - #endif - #if DROPBEAR_SK_ED25519 -- disablekey(DROPBEAR_SIGNKEY_SK_ED25519); -+ disablekey(DROPBEAR_SIGNATURE_SK_ED25519); - #endif - - if (!any_keys) { diff --git a/package/network/services/dropbear/patches/009-use-write-rather-than-fprintf-in-segv-handler.patch b/package/network/services/dropbear/patches/009-use-write-rather-than-fprintf-in-segv-handler.patch deleted file mode 100644 index e1538a4c1f..0000000000 --- a/package/network/services/dropbear/patches/009-use-write-rather-than-fprintf-in-segv-handler.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 3292b8c6f1e5fcc405fa0f7a20e90a60f74037b2 Mon Sep 17 00:00:00 2001 -From: Matt Johnston <matt@ucc.asn.au> -Date: Sun, 12 Feb 2023 23:00:00 +0800 -Subject: Use write() rather than fprintf() in segv handler - -fprintf isn't guaranteed safe (though hasn't had any problems reported). ---- - svr-main.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - ---- a/svr-main.c -+++ b/svr-main.c -@@ -420,8 +420,12 @@ static void sigchld_handler(int UNUSED(u - - /* catch any segvs */ - static void sigsegv_handler(int UNUSED(unused)) { -- fprintf(stderr, "Aiee, segfault! You should probably report " -- "this as a bug to the developer\n"); -+ int i; -+ const char *msg = "Aiee, segfault! You should probably report " -+ "this as a bug to the developer\n"; -+ i = write(STDERR_FILENO, msg, strlen(msg)); -+ /* ignore short writes */ -+ (void)i; - _exit(EXIT_FAILURE); - } - diff --git a/package/network/services/dropbear/patches/010-remove-SO_LINGER.patch b/package/network/services/dropbear/patches/010-remove-SO_LINGER.patch deleted file mode 100644 index 12b1843ee2..0000000000 --- a/package/network/services/dropbear/patches/010-remove-SO_LINGER.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 5040f21cb4ee6ade966e60c6d5a3c270d03de1f1 Mon Sep 17 00:00:00 2001 -From: Matt Johnston <matt@ucc.asn.au> -Date: Mon, 1 May 2023 22:05:43 +0800 -Subject: Remove SO_LINGER - -It could cause channels to take up to 5 seconds to close(), which would block -the entire process. On busy TCP forwarding sessions this would result in -channels seeming stuck and new connections not being accepted. - -We don't need to monitor for flushing failures since we can't report errors, so -SO_LINGER wasn't useful. - -Thanks to GektorUA for reporting and testing - -Fixes #230 ---- - netio.c | 4 ---- - 1 file changed, 4 deletions(-) - ---- a/netio.c -+++ b/netio.c -@@ -472,7 +472,6 @@ int dropbear_listen(const char* address, - struct addrinfo hints, *res = NULL, *res0 = NULL; - int err; - unsigned int nsock; -- struct linger linger; - int val; - int sock; - uint16_t *allocated_lport_p = NULL; -@@ -551,9 +550,6 @@ int dropbear_listen(const char* address, - val = 1; - /* set to reuse, quick timeout */ - setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void*) &val, sizeof(val)); -- linger.l_onoff = 1; -- linger.l_linger = 5; -- setsockopt(sock, SOL_SOCKET, SO_LINGER, (void*)&linger, sizeof(linger)); - - #if defined(IPPROTO_IPV6) && defined(IPV6_V6ONLY) - if (res->ai_family == AF_INET6) { diff --git a/package/network/services/dropbear/patches/011-add-option-to-bind-to-interface.patch b/package/network/services/dropbear/patches/011-add-option-to-bind-to-interface.patch deleted file mode 100644 index d1c1fa4cce..0000000000 --- a/package/network/services/dropbear/patches/011-add-option-to-bind-to-interface.patch +++ /dev/null @@ -1,147 +0,0 @@ -From fb64db9eac3fdc6434f2dc7b5ea407fe5df76e6f Mon Sep 17 00:00:00 2001 -From: Diederik De Coninck <diederik.deconinck_ext@softathome.com> -Date: Tue, 11 Apr 2023 15:38:04 +0200 -Subject: Add option to bind to interface - ---- - netio.c | 13 +++++++++++-- - netio.h | 2 +- - runopts.h | 1 + - svr-main.c | 2 +- - svr-runopts.c | 9 +++++++++ - svr-tcpfwd.c | 1 + - tcp-accept.c | 2 +- - tcpfwd.h | 1 + - 8 files changed, 26 insertions(+), 5 deletions(-) - ---- a/netio.c -+++ b/netio.c -@@ -467,7 +467,7 @@ int get_sock_port(int sock) { - * failure, if errstring wasn't NULL, it'll be a newly malloced error - * string.*/ - int dropbear_listen(const char* address, const char* port, -- int *socks, unsigned int sockcount, char **errstring, int *maxfd) { -+ int *socks, unsigned int sockcount, char **errstring, int *maxfd, const char* interface) { - - struct addrinfo hints, *res = NULL, *res0 = NULL; - int err; -@@ -497,7 +497,11 @@ int dropbear_listen(const char* address, - TRACE(("dropbear_listen: local loopback")) - } else { - if (address[0] == '\0') { -- TRACE(("dropbear_listen: all interfaces")) -+ if (interface) { -+ TRACE(("dropbear_listen: %s", interface)) -+ } else { -+ TRACE(("dropbear_listen: all interfaces")) -+ } - address = NULL; - } - hints.ai_flags = AI_PASSIVE; -@@ -551,6 +555,11 @@ int dropbear_listen(const char* address, - /* set to reuse, quick timeout */ - setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void*) &val, sizeof(val)); - -+ if(interface && setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, interface, strlen(interface)) < 0) { -+ dropbear_log(LOG_WARNING, "Couldn't set SO_BINDTODEVICE"); -+ TRACE(("Failed setsockopt with errno failure, %d %s", errno, strerror(errno))) -+ } -+ - #if defined(IPPROTO_IPV6) && defined(IPV6_V6ONLY) - if (res->ai_family == AF_INET6) { - int on = 1; ---- a/netio.h -+++ b/netio.h -@@ -19,7 +19,7 @@ void get_socket_address(int fd, char **l - void getaddrstring(struct sockaddr_storage* addr, - char **ret_host, char **ret_port, int host_lookup); - int dropbear_listen(const char* address, const char* port, -- int *socks, unsigned int sockcount, char **errstring, int *maxfd); -+ int *socks, unsigned int sockcount, char **errstring, int *maxfd, const char* interface); - - struct dropbear_progress_connection; - ---- a/runopts.h -+++ b/runopts.h -@@ -128,6 +128,7 @@ typedef struct svr_runopts { - char * pidfile; - - char * forced_command; -+ char* interface; - - #if DROPBEAR_PLUGIN - /* malloced */ ---- a/svr-main.c -+++ b/svr-main.c -@@ -488,7 +488,7 @@ static size_t listensockets(int *socks, - - nsock = dropbear_listen(svr_opts.addresses[i], svr_opts.ports[i], &socks[sockpos], - sockcount - sockpos, -- &errstring, maxfd); -+ &errstring, maxfd, svr_opts.interface); - - if (nsock < 0) { - dropbear_log(LOG_WARNING, "Failed listening on '%s': %s", ---- a/svr-runopts.c -+++ b/svr-runopts.c -@@ -98,6 +98,8 @@ static void printhelp(const char * progn - " (default port is %s if none specified)\n" - "-P PidFile Create pid file PidFile\n" - " (default %s)\n" -+ "-l <interface>\n" -+ " interface to bind on\n" - #if INETD_MODE - "-i Start for inetd\n" - #endif -@@ -265,6 +267,9 @@ void svr_getopts(int argc, char ** argv) - case 'P': - next = &svr_opts.pidfile; - break; -+ case 'l': -+ next = &svr_opts.interface; -+ break; - #if DO_MOTD - /* motd is displayed by default, -m turns it off */ - case 'm': -@@ -438,6 +443,10 @@ void svr_getopts(int argc, char ** argv) - dropbear_log(LOG_INFO, "Forced command set to '%s'", svr_opts.forced_command); - } - -+ if (svr_opts.interface) { -+ dropbear_log(LOG_INFO, "Binding to interface '%s'", svr_opts.interface); -+ } -+ - if (reexec_fd_arg) { - if (m_str_to_uint(reexec_fd_arg, &svr_opts.reexec_childpipe) == DROPBEAR_FAILURE - || svr_opts.reexec_childpipe < 0) { ---- a/svr-tcpfwd.c -+++ b/svr-tcpfwd.c -@@ -205,6 +205,7 @@ static int svr_remotetcpreq(int *allocat - tcpinfo->listenport = port; - tcpinfo->chantype = &svr_chan_tcpremote; - tcpinfo->tcp_type = forwarded; -+ tcpinfo->interface = svr_opts.interface; - - tcpinfo->request_listenaddr = request_addr; - if (!opts.listen_fwd_all || (strcmp(request_addr, "localhost") == 0) ) { ---- a/tcp-accept.c -+++ b/tcp-accept.c -@@ -117,7 +117,7 @@ int listen_tcpfwd(struct TCPListener* tc - snprintf(portstring, sizeof(portstring), "%u", tcpinfo->listenport); - - nsocks = dropbear_listen(tcpinfo->listenaddr, portstring, socks, -- DROPBEAR_MAX_SOCKS, &errstring, &ses.maxfd); -+ DROPBEAR_MAX_SOCKS, &errstring, &ses.maxfd, tcpinfo->interface); - if (nsocks < 0) { - dropbear_log(LOG_INFO, "TCP forward failed: %s", errstring); - m_free(errstring); ---- a/tcpfwd.h -+++ b/tcpfwd.h -@@ -42,6 +42,7 @@ struct TCPListener { - unsigned int listenport; - /* The address that the remote host asked to listen on */ - char *request_listenaddr; -+ char* interface; - - const struct ChanType *chantype; - enum {direct, forwarded} tcp_type; diff --git a/package/network/services/dropbear/patches/012-add-ifdef-guards-for-SO_BINDTODEVICE.patch b/package/network/services/dropbear/patches/012-add-ifdef-guards-for-SO_BINDTODEVICE.patch deleted file mode 100644 index 11f902bf90..0000000000 --- a/package/network/services/dropbear/patches/012-add-ifdef-guards-for-SO_BINDTODEVICE.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 031d09b47912b2401f4934667c0b6f857ede61ee Mon Sep 17 00:00:00 2001 -From: Matt Johnston <matt@ucc.asn.au> -Date: Tue, 18 Jul 2023 23:20:16 +0800 -Subject: Add ifdef guards for SO_BINDTODEVICE - ---- - netio.c | 2 ++ - svr-runopts.c | 4 ++++ - 2 files changed, 6 insertions(+) - ---- a/netio.c -+++ b/netio.c -@@ -555,10 +555,12 @@ int dropbear_listen(const char* address, - /* set to reuse, quick timeout */ - setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void*) &val, sizeof(val)); - -+#ifdef SO_BINDTODEVICE - if(interface && setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, interface, strlen(interface)) < 0) { - dropbear_log(LOG_WARNING, "Couldn't set SO_BINDTODEVICE"); - TRACE(("Failed setsockopt with errno failure, %d %s", errno, strerror(errno))) - } -+#endif - - #if defined(IPPROTO_IPV6) && defined(IPV6_V6ONLY) - if (res->ai_family == AF_INET6) { ---- a/svr-runopts.c -+++ b/svr-runopts.c -@@ -98,8 +98,10 @@ static void printhelp(const char * progn - " (default port is %s if none specified)\n" - "-P PidFile Create pid file PidFile\n" - " (default %s)\n" -+#ifdef SO_BINDTODEVICE - "-l <interface>\n" - " interface to bind on\n" -+#endif - #if INETD_MODE - "-i Start for inetd\n" - #endif -@@ -267,9 +269,11 @@ void svr_getopts(int argc, char ** argv) - case 'P': - next = &svr_opts.pidfile; - break; -+#ifdef SO_BINDTODEVICE - case 'l': - next = &svr_opts.interface; - break; -+#endif - #if DO_MOTD - /* motd is displayed by default, -m turns it off */ - case 'm': diff --git a/package/network/services/dropbear/patches/013-make-banner-reading-failure-non-fatal.patch b/package/network/services/dropbear/patches/013-make-banner-reading-failure-non-fatal.patch deleted file mode 100644 index 531215c757..0000000000 --- a/package/network/services/dropbear/patches/013-make-banner-reading-failure-non-fatal.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 62a06cd95f58060a59359f8769c3f35cd680d4fd Mon Sep 17 00:00:00 2001 -From: Matt Johnston <matt@ucc.asn.au> -Date: Sun, 23 Jul 2023 21:01:48 +0800 -Subject: Make banner reading failure non-fatal - ---- - svr-runopts.c | 45 ++++++++++++++++++++++++++++----------------- - 1 file changed, 28 insertions(+), 17 deletions(-) - ---- a/svr-runopts.c -+++ b/svr-runopts.c -@@ -38,6 +38,7 @@ static void printhelp(const char * progn - static void addportandaddress(const char* spec); - static void loadhostkey(const char *keyfile, int fatal_duplicate); - static void addhostkey(const char *keyfile); -+static void load_banner(); - - static void printhelp(const char * progname) { - -@@ -382,23 +383,7 @@ void svr_getopts(int argc, char ** argv) - } - - if (svr_opts.bannerfile) { -- struct stat buf; -- if (stat(svr_opts.bannerfile, &buf) != 0) { -- dropbear_exit("Error opening banner file '%s'", -- svr_opts.bannerfile); -- } -- -- if (buf.st_size > MAX_BANNER_SIZE) { -- dropbear_exit("Banner file too large, max is %d bytes", -- MAX_BANNER_SIZE); -- } -- -- svr_opts.banner = buf_new(buf.st_size); -- if (buf_readfile(svr_opts.banner, svr_opts.bannerfile)!=DROPBEAR_SUCCESS) { -- dropbear_exit("Error reading banner file '%s'", -- svr_opts.bannerfile); -- } -- buf_setpos(svr_opts.banner, 0); -+ load_banner(); - } - - #ifdef HAVE_GETGROUPLIST -@@ -715,3 +700,29 @@ void load_all_hostkeys() { - dropbear_exit("No hostkeys available. 'dropbear -R' may be useful or run dropbearkey."); - } - } -+ -+static void load_banner() { -+ struct stat buf; -+ if (stat(svr_opts.bannerfile, &buf) != 0) { -+ dropbear_log(LOG_WARNING, "Error opening banner file '%s'", -+ svr_opts.bannerfile); -+ return; -+ } -+ -+ if (buf.st_size > MAX_BANNER_SIZE) { -+ dropbear_log(LOG_WARNING, "Banner file too large, max is %d bytes", -+ MAX_BANNER_SIZE); -+ return; -+ } -+ -+ svr_opts.banner = buf_new(buf.st_size); -+ if (buf_readfile(svr_opts.banner, svr_opts.bannerfile) != DROPBEAR_SUCCESS) { -+ dropbear_log(LOG_WARNING, "Error reading banner file '%s'", -+ svr_opts.bannerfile); -+ buf_free(svr_opts.banner); -+ svr_opts.banner = NULL; -+ return; -+ } -+ buf_setpos(svr_opts.banner, 0); -+ -+} diff --git a/package/network/services/dropbear/patches/014-dropbearkey-ignore-unsupported-command-line-option.patch b/package/network/services/dropbear/patches/014-dropbearkey-ignore-unsupported-command-line-option.patch deleted file mode 100644 index ff130f8be0..0000000000 --- a/package/network/services/dropbear/patches/014-dropbearkey-ignore-unsupported-command-line-option.patch +++ /dev/null @@ -1,60 +0,0 @@ -From ec26975d442163b66d1646a48e022bc8c2f1607a Mon Sep 17 00:00:00 2001 -From: Sergey Ponomarev <stokito@gmail.com> -Date: Sun, 27 Aug 2023 00:07:05 +0300 -Subject: dropbearkey.c Ignore unsupported command line options - -To generate non interactively a key with OpenSSH the simplest command is: - -ssh-keygen -t ed25519 -q -N '' -f ~/.ssh/id_ed25519 - -The command has two options -q quiet and -N passphrase which aren't supported by the dropbearkey. - -To improve interoperability add explicit ignoring of the -q and -N with empty passphrase. -Also ignore the -v even if the DEBUG_TRACE is not set. - -Signed-off-by: Sergey Ponomarev <stokito@gmail.com> ---- - dropbearkey.c | 15 +++++++++++++-- - 1 file changed, 13 insertions(+), 2 deletions(-) - ---- a/dropbearkey.c -+++ b/dropbearkey.c -@@ -159,6 +159,7 @@ int main(int argc, char ** argv) { - enum signkey_type keytype = DROPBEAR_SIGNKEY_NONE; - char * typetext = NULL; - char * sizetext = NULL; -+ char * passphrase = NULL; - unsigned int bits = 0, genbits; - int printpub = 0; - -@@ -194,11 +195,16 @@ int main(int argc, char ** argv) { - printhelp(argv[0]); - exit(EXIT_SUCCESS); - break; --#if DEBUG_TRACE - case 'v': -+#if DEBUG_TRACE - debug_trace = DROPBEAR_VERBOSE_LEVEL; -- break; - #endif -+ break; -+ case 'q': -+ break; /* quiet is default */ -+ case 'N': -+ next = &passphrase; -+ break; - default: - fprintf(stderr, "Unknown argument %s\n", argv[i]); - printhelp(argv[0]); -@@ -266,6 +272,11 @@ int main(int argc, char ** argv) { - check_signkey_bits(keytype, bits);; - } - -+ if (passphrase && *passphrase != '\0') { -+ fprintf(stderr, "Only empty passphrase is supported\n"); -+ exit(EXIT_FAILURE); -+ } -+ - genbits = signkey_generate_get_bits(keytype, bits); - fprintf(stderr, "Generating %u bit %s key, this may take a while...\n", genbits, typetext); - if (signkey_generate(keytype, bits, filename, 0) == DROPBEAR_FAILURE) diff --git a/package/network/services/dropbear/patches/015-libtommath-fix-possible-integer-overflow.patch b/package/network/services/dropbear/patches/015-libtommath-fix-possible-integer-overflow.patch deleted file mode 100644 index f39417adb7..0000000000 --- a/package/network/services/dropbear/patches/015-libtommath-fix-possible-integer-overflow.patch +++ /dev/null @@ -1,121 +0,0 @@ -From 3b576d95dcf791d7b945e75f639da8f89c1685a2 Mon Sep 17 00:00:00 2001 -From: czurnieden <czurnieden@gmx.de> -Date: Tue, 9 May 2023 17:17:12 +0200 -Subject: Fix possible integer overflow - ---- - libtommath/bn_mp_2expt.c | 4 ++++ - libtommath/bn_mp_grow.c | 4 ++++ - libtommath/bn_mp_init_size.c | 5 +++++ - libtommath/bn_mp_mul_2d.c | 4 ++++ - libtommath/bn_s_mp_mul_digs.c | 4 ++++ - libtommath/bn_s_mp_mul_digs_fast.c | 4 ++++ - libtommath/bn_s_mp_mul_high_digs.c | 4 ++++ - libtommath/bn_s_mp_mul_high_digs_fast.c | 4 ++++ - 8 files changed, 33 insertions(+) - ---- a/libtommath/bn_mp_2expt.c -+++ b/libtommath/bn_mp_2expt.c -@@ -12,6 +12,10 @@ mp_err mp_2expt(mp_int *a, int b) - { - mp_err err; - -+ if (b < 0) { -+ return MP_VAL; -+ } -+ - /* zero a as per default */ - mp_zero(a); - ---- a/libtommath/bn_mp_grow.c -+++ b/libtommath/bn_mp_grow.c -@@ -9,6 +9,10 @@ mp_err mp_grow(mp_int *a, int size) - int i; - mp_digit *tmp; - -+ if (size < 0) { -+ return MP_VAL; -+ } -+ - /* if the alloc size is smaller alloc more ram */ - if (a->alloc < size) { - /* reallocate the array a->dp ---- a/libtommath/bn_mp_init_size.c -+++ b/libtommath/bn_mp_init_size.c -@@ -6,6 +6,11 @@ - /* init an mp_init for a given size */ - mp_err mp_init_size(mp_int *a, int size) - { -+ -+ if (size < 0) { -+ return MP_VAL; -+ } -+ - size = MP_MAX(MP_MIN_PREC, size); - - /* alloc mem */ ---- a/libtommath/bn_mp_mul_2d.c -+++ b/libtommath/bn_mp_mul_2d.c -@@ -9,6 +9,10 @@ mp_err mp_mul_2d(const mp_int *a, int b, - mp_digit d; - mp_err err; - -+ if (b < 0) { -+ return MP_VAL; -+ } -+ - /* copy */ - if (a != c) { - if ((err = mp_copy(a, c)) != MP_OKAY) { ---- a/libtommath/bn_s_mp_mul_digs.c -+++ b/libtommath/bn_s_mp_mul_digs.c -@@ -16,6 +16,10 @@ mp_err s_mp_mul_digs(const mp_int *a, co - mp_word r; - mp_digit tmpx, *tmpt, *tmpy; - -+ if (digs < 0) { -+ return MP_VAL; -+ } -+ - /* can we use the fast multiplier? */ - if ((digs < MP_WARRAY) && - (MP_MIN(a->used, b->used) < MP_MAXFAST)) { ---- a/libtommath/bn_s_mp_mul_digs_fast.c -+++ b/libtommath/bn_s_mp_mul_digs_fast.c -@@ -26,6 +26,10 @@ mp_err s_mp_mul_digs_fast(const mp_int * - mp_digit W[MP_WARRAY]; - mp_word _W; - -+ if (digs < 0) { -+ return MP_VAL; -+ } -+ - /* grow the destination as required */ - if (c->alloc < digs) { - if ((err = mp_grow(c, digs)) != MP_OKAY) { ---- a/libtommath/bn_s_mp_mul_high_digs.c -+++ b/libtommath/bn_s_mp_mul_high_digs.c -@@ -15,6 +15,10 @@ mp_err s_mp_mul_high_digs(const mp_int * - mp_word r; - mp_digit tmpx, *tmpt, *tmpy; - -+ if (digs < 0) { -+ return MP_VAL; -+ } -+ - /* can we use the fast multiplier? */ - if (MP_HAS(S_MP_MUL_HIGH_DIGS_FAST) - && ((a->used + b->used + 1) < MP_WARRAY) ---- a/libtommath/bn_s_mp_mul_high_digs_fast.c -+++ b/libtommath/bn_s_mp_mul_high_digs_fast.c -@@ -19,6 +19,10 @@ mp_err s_mp_mul_high_digs_fast(const mp_ - mp_digit W[MP_WARRAY]; - mp_word _W; - -+ if (digs < 0) { -+ return MP_VAL; -+ } -+ - /* grow the destination as required */ - pa = a->used + b->used; - if (c->alloc < pa) { diff --git a/package/network/services/dropbear/patches/016-src-svr-tcpfwd-Fix-noremotetcp-behavior.patch b/package/network/services/dropbear/patches/016-src-svr-tcpfwd-Fix-noremotetcp-behavior.patch deleted file mode 100644 index b6933120e6..0000000000 --- a/package/network/services/dropbear/patches/016-src-svr-tcpfwd-Fix-noremotetcp-behavior.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 3cf8344769eda55e26eee53c1898b2c66544f188 Mon Sep 17 00:00:00 2001 -From: Justin Chen <justin.chen@broadcom.com> -Date: Fri, 8 Sep 2023 11:35:18 -0700 -Subject: src: svr-tcpfwd: Fix noremotetcp behavior - -If noremotetcp is set, we should still reply with -send_msg_request_failed. This matches the behavior -of !DROPBEAR_SVR_REMOTETCPFWD. - -We were seeing keepalive packets being ignored when -the "-k" option was used. ---- - svr-tcpfwd.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - ---- a/svr-tcpfwd.c -+++ b/svr-tcpfwd.c -@@ -79,14 +79,14 @@ void recv_msg_global_request_remotetcp() - - TRACE(("enter recv_msg_global_request_remotetcp")) - -+ reqname = buf_getstring(ses.payload, &namelen); -+ wantreply = buf_getbool(ses.payload); -+ - if (svr_opts.noremotetcp || !svr_pubkey_allows_tcpfwd()) { - TRACE(("leave recv_msg_global_request_remotetcp: remote tcp forwarding disabled")) - goto out; - } - -- reqname = buf_getstring(ses.payload, &namelen); -- wantreply = buf_getbool(ses.payload); -- - if (namelen > MAX_NAME_LEN) { - TRACE(("name len is wrong: %d", namelen)) - goto out; diff --git a/package/network/services/dropbear/patches/017-Don-t-try-to-shutdown-a-pty.patch b/package/network/services/dropbear/patches/017-Don-t-try-to-shutdown-a-pty.patch deleted file mode 100644 index 603c61d6fb..0000000000 --- a/package/network/services/dropbear/patches/017-Don-t-try-to-shutdown-a-pty.patch +++ /dev/null @@ -1,32 +0,0 @@ -From e28ba1b9975eab48799aa3ed77d3cd91627d7b27 Mon Sep 17 00:00:00 2001 -From: Matt Johnston <matt@ucc.asn.au> -Date: Sat, 9 Dec 2023 23:10:41 +0800 -Subject: Don't try to shutdown() a pty - -shutdown() of a pty doesn't work (ENOTSOCK), so we should close -it instead. - -This will ensure that PTY controlling terminals are closed when a -session exits, including when multiple sessions run over a single SSH -connection. In the normal case of a single session, the PTY controlling -terminal would be closed when the Dropbear server process exits anyway. - -This possibly fixes #264 on github - -It is possible that there could be subtle changes to PTY flushing -behaviour, though nothing caught by tests at present. ---- - svr-chansession.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/svr-chansession.c -+++ b/svr-chansession.c -@@ -910,7 +910,7 @@ static int ptycommand(struct Channel *ch - channel->readfd = chansess->master; - /* don't need to set stderr here */ - ses.maxfd = MAX(ses.maxfd, chansess->master); -- channel->bidir_fd = 1; -+ channel->bidir_fd = 0; - - setnonblocking(chansess->master); - diff --git a/package/network/services/dropbear/patches/018-dropbearkey-add-alias-to-ssh-keygen.patch b/package/network/services/dropbear/patches/018-dropbearkey-add-alias-to-ssh-keygen.patch deleted file mode 100644 index 9c70c3141c..0000000000 --- a/package/network/services/dropbear/patches/018-dropbearkey-add-alias-to-ssh-keygen.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 806586b585806cbe32013bcd3af3847278972060 Mon Sep 17 00:00:00 2001 -From: Sergey Ponomarev <stokito@gmail.com> -Date: Sun, 10 Dec 2023 10:31:56 +0200 -Subject: dropbearkey: add alias to ssh-keygen - -The dropbearkey is partially compatible with ssh-keygen and can be used as an alias. - -Closes: #263 ---- - dbmulti.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - ---- a/dbmulti.c -+++ b/dbmulti.c -@@ -41,7 +41,8 @@ static int runprog(const char *multipath - } - #endif - #ifdef DBMULTI_dropbearkey -- if (strcmp(progname, "dropbearkey") == 0) { -+ if (strcmp(progname, "dropbearkey") == 0 -+ || strcmp(progname, "ssh-keygen") == 0) { - return dropbearkey_main(argc, argv); - } - #endif -@@ -88,7 +89,7 @@ int main(int argc, char ** argv) { - "'dbclient' or 'ssh' - the Dropbear client\n" - #endif - #ifdef DBMULTI_dropbearkey -- "'dropbearkey' - the key generator\n" -+ "'dropbearkey' or 'ssh-keygen' - the key generator\n" - #endif - #ifdef DBMULTI_dropbearconvert - "'dropbearconvert' - the key converter\n" diff --git a/package/network/services/dropbear/patches/019-Allow-inetd-with-non-syslog.patch b/package/network/services/dropbear/patches/019-Allow-inetd-with-non-syslog.patch deleted file mode 100644 index 3544f2123c..0000000000 --- a/package/network/services/dropbear/patches/019-Allow-inetd-with-non-syslog.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 383cc8c97a9420aad9cf93d88e77ec636b183a9d Mon Sep 17 00:00:00 2001 -From: Matt Johnston <matt@ucc.asn.au> -Date: Mon, 11 Dec 2023 23:18:09 +0800 -Subject: Allow inetd with non-syslog - -An inetd-alike should be able to distinguish stdout and stderr, so -it's a valid configuration. - -Fixes #218 on github ---- - svr-runopts.c | 12 ------------ - 1 file changed, 12 deletions(-) - ---- a/svr-runopts.c -+++ b/svr-runopts.c -@@ -443,18 +443,6 @@ void svr_getopts(int argc, char ** argv) - } - } - --#if INETD_MODE -- if (svr_opts.inetdmode && ( -- opts.usingsyslog == 0 --#if DEBUG_TRACE -- || debug_trace --#endif -- )) { -- /* log output goes to stderr which would get sent over the inetd network socket */ -- dropbear_exit("Dropbear inetd mode is incompatible with debug -v or non-syslog"); -- } --#endif -- - if (svr_opts.multiauthmethod && svr_opts.noauthpass) { - dropbear_exit("-t and -s are incompatible"); - } diff --git a/package/network/services/dropbear/patches/020-Fix-test-for-multiuser-kernels.patch b/package/network/services/dropbear/patches/020-Fix-test-for-multiuser-kernels.patch deleted file mode 100644 index 8d016faa9c..0000000000 --- a/package/network/services/dropbear/patches/020-Fix-test-for-multiuser-kernels.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 9ac650401ffc2fb05c9328d26e76a5e7ae39152a Mon Sep 17 00:00:00 2001 -From: Matt Johnston <matt@ucc.asn.au> -Date: Mon, 11 Dec 2023 23:31:22 +0800 -Subject: Fix test for multiuser kernels - -getuid() succeeds even on non-multiuser kernels. Instead -getgroups() is a valid test. - -Fixes #214 on github ---- - common-session.c | 11 +++++++---- - 1 file changed, 7 insertions(+), 4 deletions(-) - ---- a/common-session.c -+++ b/common-session.c -@@ -71,10 +71,13 @@ void common_session_init(int sock_in, in - #if !DROPBEAR_SVR_MULTIUSER - /* A sanity check to prevent an accidental configuration option - leaving multiuser systems exposed */ -- errno = 0; -- getuid(); -- if (errno != ENOSYS) { -- dropbear_exit("Non-multiuser Dropbear requires a non-multiuser kernel"); -+ { -+ int ret; -+ errno = 0; -+ ret = getgroups(0, NULL); -+ if (!(ret == -1 && errno == ENOSYS)) { -+ dropbear_exit("Non-multiuser Dropbear requires a non-multiuser kernel"); -+ } - } - #endif - diff --git a/package/network/services/dropbear/patches/021-Implement-Strict-KEX-mode.patch b/package/network/services/dropbear/patches/021-Implement-Strict-KEX-mode.patch deleted file mode 100644 index d490d9545a..0000000000 --- a/package/network/services/dropbear/patches/021-Implement-Strict-KEX-mode.patch +++ /dev/null @@ -1,216 +0,0 @@ -From 6e43be5c7b99dbee49dc72b6f989f29fdd7e9356 Mon Sep 17 00:00:00 2001 -From: Matt Johnston <matt@ucc.asn.au> -Date: Mon, 20 Nov 2023 14:02:47 +0800 -Subject: Implement Strict KEX mode - -As specified by OpenSSH with kex-strict-c-v00@openssh.com and -kex-strict-s-v00@openssh.com. ---- - cli-session.c | 11 +++++++++++ - common-algo.c | 6 ++++++ - common-kex.c | 26 +++++++++++++++++++++++++- - kex.h | 3 +++ - process-packet.c | 34 +++++++++++++++++++--------------- - ssh.h | 4 ++++ - svr-session.c | 3 +++ - 7 files changed, 71 insertions(+), 16 deletions(-) - ---- a/cli-session.c -+++ b/cli-session.c -@@ -46,6 +46,7 @@ static void cli_finished(void) ATTRIB_NO - static void recv_msg_service_accept(void); - static void cli_session_cleanup(void); - static void recv_msg_global_request_cli(void); -+static void cli_algos_initialise(void); - - struct clientsession cli_ses; /* GLOBAL */ - -@@ -117,6 +118,7 @@ void cli_session(int sock_in, int sock_o - } - - chaninitialise(cli_chantypes); -+ cli_algos_initialise(); - - /* Set up cli_ses vars */ - cli_session_init(proxy_cmd_pid); -@@ -487,3 +489,12 @@ void cli_dropbear_log(int priority, cons - fflush(stderr); - } - -+static void cli_algos_initialise(void) { -+ algo_type *algo; -+ for (algo = sshkex; algo->name; algo++) { -+ if (strcmp(algo->name, SSH_STRICT_KEX_S) == 0) { -+ algo->usable = 0; -+ } -+ } -+} -+ ---- a/common-algo.c -+++ b/common-algo.c -@@ -308,6 +308,12 @@ algo_type sshkex[] = { - {SSH_EXT_INFO_C, 0, NULL, 1, NULL}, - #endif - #endif -+#if DROPBEAR_CLIENT -+ {SSH_STRICT_KEX_C, 0, NULL, 1, NULL}, -+#endif -+#if DROPBEAR_SERVER -+ {SSH_STRICT_KEX_S, 0, NULL, 1, NULL}, -+#endif - {NULL, 0, NULL, 0, NULL} - }; - ---- a/common-kex.c -+++ b/common-kex.c -@@ -183,6 +183,10 @@ void send_msg_newkeys() { - gen_new_keys(); - switch_keys(); - -+ if (ses.kexstate.strict_kex) { -+ ses.transseq = 0; -+ } -+ - TRACE(("leave send_msg_newkeys")) - } - -@@ -193,7 +197,11 @@ void recv_msg_newkeys() { - - ses.kexstate.recvnewkeys = 1; - switch_keys(); -- -+ -+ if (ses.kexstate.strict_kex) { -+ ses.recvseq = 0; -+ } -+ - TRACE(("leave recv_msg_newkeys")) - } - -@@ -550,6 +558,10 @@ void recv_msg_kexinit() { - - ses.kexstate.recvkexinit = 1; - -+ if (ses.kexstate.strict_kex && !ses.kexstate.donefirstkex && ses.recvseq != 1) { -+ dropbear_exit("First packet wasn't kexinit"); -+ } -+ - TRACE(("leave recv_msg_kexinit")) - } - -@@ -859,6 +871,18 @@ static void read_kex_algos() { - } - #endif - -+ if (!ses.kexstate.donefirstkex) { -+ const char* strict_name; -+ if (IS_DROPBEAR_CLIENT) { -+ strict_name = SSH_STRICT_KEX_S; -+ } else { -+ strict_name = SSH_STRICT_KEX_C; -+ } -+ if (buf_has_algo(ses.payload, strict_name) == DROPBEAR_SUCCESS) { -+ ses.kexstate.strict_kex = 1; -+ } -+ } -+ - algo = buf_match_algo(ses.payload, sshkex, kexguess2, &goodguess); - allgood &= goodguess; - if (algo == NULL || algo->data == NULL) { ---- a/kex.h -+++ b/kex.h -@@ -83,6 +83,9 @@ struct KEXState { - - unsigned our_first_follows_matches : 1; - -+ /* Boolean indicating that strict kex mode is in use */ -+ unsigned int strict_kex; -+ - time_t lastkextime; /* time of the last kex */ - unsigned int datatrans; /* data transmitted since last kex */ - unsigned int datarecv; /* data received since last kex */ ---- a/process-packet.c -+++ b/process-packet.c -@@ -44,6 +44,7 @@ void process_packet() { - - unsigned char type; - unsigned int i; -+ unsigned int first_strict_kex = ses.kexstate.strict_kex && !ses.kexstate.donefirstkex; - time_t now; - - TRACE2(("enter process_packet")) -@@ -54,22 +55,24 @@ void process_packet() { - now = monotonic_now(); - ses.last_packet_time_keepalive_recv = now; - -- /* These packets we can receive at any time */ -- switch(type) { - -- case SSH_MSG_IGNORE: -- goto out; -- case SSH_MSG_DEBUG: -- goto out; -- -- case SSH_MSG_UNIMPLEMENTED: -- /* debugging XXX */ -- TRACE(("SSH_MSG_UNIMPLEMENTED")) -- goto out; -- -- case SSH_MSG_DISCONNECT: -- /* TODO cleanup? */ -- dropbear_close("Disconnect received"); -+ if (type == SSH_MSG_DISCONNECT) { -+ /* Allowed at any time */ -+ dropbear_close("Disconnect received"); -+ } -+ -+ /* These packets may be received at any time, -+ except during first kex with strict kex */ -+ if (!first_strict_kex) { -+ switch(type) { -+ case SSH_MSG_IGNORE: -+ goto out; -+ case SSH_MSG_DEBUG: -+ goto out; -+ case SSH_MSG_UNIMPLEMENTED: -+ TRACE(("SSH_MSG_UNIMPLEMENTED")) -+ goto out; -+ } - } - - /* Ignore these packet types so that keepalives don't interfere with -@@ -98,7 +101,8 @@ void process_packet() { - if (type >= 1 && type <= 49 - && type != SSH_MSG_SERVICE_REQUEST - && type != SSH_MSG_SERVICE_ACCEPT -- && type != SSH_MSG_KEXINIT) -+ && type != SSH_MSG_KEXINIT -+ && !first_strict_kex) - { - TRACE(("unknown allowed packet during kexinit")) - recv_unimplemented(); ---- a/ssh.h -+++ b/ssh.h -@@ -100,6 +100,10 @@ - #define SSH_EXT_INFO_C "ext-info-c" - #define SSH_SERVER_SIG_ALGS "server-sig-algs" - -+/* OpenSSH strict KEX feature */ -+#define SSH_STRICT_KEX_S "kex-strict-s-v00@openssh.com" -+#define SSH_STRICT_KEX_C "kex-strict-c-v00@openssh.com" -+ - /* service types */ - #define SSH_SERVICE_USERAUTH "ssh-userauth" - #define SSH_SERVICE_USERAUTH_LEN 12 ---- a/svr-session.c -+++ b/svr-session.c -@@ -370,6 +370,9 @@ static void svr_algos_initialise(void) { - algo->usable = 0; - } - #endif -+ if (strcmp(algo->name, SSH_STRICT_KEX_C) == 0) { -+ algo->usable = 0; -+ } - } - } - diff --git a/package/network/services/dropbear/patches/100-pubkey_path.patch b/package/network/services/dropbear/patches/100-pubkey_path.patch index b1075f8464..0ecca900b4 100644 --- a/package/network/services/dropbear/patches/100-pubkey_path.patch +++ b/package/network/services/dropbear/patches/100-pubkey_path.patch @@ -1,5 +1,5 @@ ---- a/svr-authpubkey.c -+++ b/svr-authpubkey.c +--- a/src/svr-authpubkey.c ++++ b/src/svr-authpubkey.c @@ -78,6 +78,13 @@ static void send_msg_userauth_pk_ok(cons const unsigned char* keyblob, unsigned int keybloblen); static int checkfileperm(char * filename); diff --git a/package/network/services/dropbear/patches/110-change_user.patch b/package/network/services/dropbear/patches/110-change_user.patch index 04d1df3fde..9cb073cf94 100644 --- a/package/network/services/dropbear/patches/110-change_user.patch +++ b/package/network/services/dropbear/patches/110-change_user.patch @@ -1,6 +1,6 @@ ---- a/svr-chansession.c -+++ b/svr-chansession.c -@@ -985,12 +985,12 @@ static void execchild(const void *user_d +--- a/src/svr-chansession.c ++++ b/src/svr-chansession.c +@@ -987,12 +987,12 @@ static void execchild(const void *user_d /* We can only change uid/gid as root ... */ if (getuid() == 0) { diff --git a/package/network/services/dropbear/patches/130-ssh_ignore_x_args.patch b/package/network/services/dropbear/patches/130-ssh_ignore_x_args.patch index a26f33dfbc..de0e5f2725 100644 --- a/package/network/services/dropbear/patches/130-ssh_ignore_x_args.patch +++ b/package/network/services/dropbear/patches/130-ssh_ignore_x_args.patch @@ -1,6 +1,6 @@ ---- a/cli-runopts.c -+++ b/cli-runopts.c -@@ -329,6 +329,10 @@ void cli_getopts(int argc, char ** argv) +--- a/src/cli-runopts.c ++++ b/src/cli-runopts.c +@@ -340,6 +340,10 @@ void cli_getopts(int argc, char ** argv) case 'z': opts.disable_ip_tos = 1; break; diff --git a/package/network/services/dropbear/patches/140-disable_assert.patch b/package/network/services/dropbear/patches/140-disable_assert.patch index af01573dee..eb590a3895 100644 --- a/package/network/services/dropbear/patches/140-disable_assert.patch +++ b/package/network/services/dropbear/patches/140-disable_assert.patch @@ -1,5 +1,5 @@ ---- a/dbutil.h -+++ b/dbutil.h +--- a/src/dbutil.h ++++ b/src/dbutil.h @@ -80,7 +80,11 @@ int m_snprintf(char *str, size_t size, c #define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} diff --git a/package/network/services/dropbear/patches/160-lto-jobserver.patch b/package/network/services/dropbear/patches/160-lto-jobserver.patch index fd80b986ae..1f3b298f35 100644 --- a/package/network/services/dropbear/patches/160-lto-jobserver.patch +++ b/package/network/services/dropbear/patches/160-lto-jobserver.patch @@ -1,6 +1,6 @@ --- a/Makefile.in +++ b/Makefile.in -@@ -200,17 +200,17 @@ dropbearkey: $(dropbearkeyobjs) +@@ -220,17 +220,17 @@ dropbearkey: $(dropbearkeyobjs) dropbearconvert: $(dropbearconvertobjs) dropbear: $(HEADERS) $(LIBTOM_DEPS) Makefile @@ -22,7 +22,7 @@ # multi-binary compilation. -@@ -221,7 +221,7 @@ ifeq ($(MULTI),1) +@@ -241,7 +241,7 @@ ifeq ($(MULTI),1) endif dropbearmulti$(EXEEXT): $(HEADERS) $(MULTIOBJS) $(LIBTOM_DEPS) Makefile diff --git a/package/network/services/dropbear/patches/600-allow-blank-root-password.patch b/package/network/services/dropbear/patches/600-allow-blank-root-password.patch index 07ae022763..e72458dd6e 100644 --- a/package/network/services/dropbear/patches/600-allow-blank-root-password.patch +++ b/package/network/services/dropbear/patches/600-allow-blank-root-password.patch @@ -1,5 +1,5 @@ ---- a/svr-auth.c -+++ b/svr-auth.c +--- a/src/svr-auth.c ++++ b/src/svr-auth.c @@ -124,7 +124,7 @@ void recv_msg_userauth_request() { AUTH_METHOD_NONE_LEN) == 0) { TRACE(("recv_msg_userauth_request: 'none' request")) diff --git a/package/network/services/dropbear/patches/900-configure-hardening.patch b/package/network/services/dropbear/patches/900-configure-hardening.patch index 5dc84849be..746694f48d 100644 --- a/package/network/services/dropbear/patches/900-configure-hardening.patch +++ b/package/network/services/dropbear/patches/900-configure-hardening.patch @@ -1,6 +1,6 @@ --- a/configure.ac +++ b/configure.ac -@@ -87,54 +87,6 @@ AC_ARG_ENABLE(harden, +@@ -86,54 +86,6 @@ AC_ARG_ENABLE(harden, if test "$hardenbuild" -eq 1; then AC_MSG_NOTICE(Checking for available hardened build flags:) diff --git a/package/network/services/dropbear/patches/901-bundled-libs-cflags.patch b/package/network/services/dropbear/patches/901-bundled-libs-cflags.patch index a9a441ce76..4da01c9edb 100644 --- a/package/network/services/dropbear/patches/901-bundled-libs-cflags.patch +++ b/package/network/services/dropbear/patches/901-bundled-libs-cflags.patch @@ -1,6 +1,6 @@ --- a/configure.ac +++ b/configure.ac -@@ -45,11 +45,8 @@ fi +@@ -44,11 +44,8 @@ fi # LTM_CFLAGS is given to ./configure by the user, # DROPBEAR_LTM_CFLAGS is substituted in the LTM Makefile.in DROPBEAR_LTM_CFLAGS="$LTM_CFLAGS" diff --git a/package/network/services/dropbear/patches/910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch b/package/network/services/dropbear/patches/910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch index 059177a1c5..43dd1426b1 100644 --- a/package/network/services/dropbear/patches/910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch +++ b/package/network/services/dropbear/patches/910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch @@ -19,8 +19,8 @@ Signed-off-by: Petr Å tetiar <ynezz@true.cz> signkey.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) ---- a/signkey.c -+++ b/signkey.c +--- a/src/signkey.c ++++ b/src/signkey.c @@ -652,10 +652,18 @@ int buf_verify(buffer * buf, sign_key *k sigtype = signature_type_from_name(type_name, type_name_len); m_free(type_name); diff --git a/package/network/services/hostapd/patches/052-AP-add-missing-null-pointer-check-in-hostapd_free_ha.patch b/package/network/services/hostapd/patches/052-AP-add-missing-null-pointer-check-in-hostapd_free_ha.patch new file mode 100644 index 0000000000..85d5127f60 --- /dev/null +++ b/package/network/services/hostapd/patches/052-AP-add-missing-null-pointer-check-in-hostapd_free_ha.patch @@ -0,0 +1,20 @@ +From: Felix Fietkau <nbd@nbd.name> +Date: Wed, 1 May 2024 18:55:24 +0200 +Subject: [PATCH] AP: add missing null pointer check in hostapd_free_hapd_data + +When called from wpa_supplicant, iface->interfaces can be NULL + +Signed-off-by: Felix Fietkau <nbd@nbd.name> +--- + +--- a/src/ap/hostapd.c ++++ b/src/ap/hostapd.c +@@ -502,7 +502,7 @@ void hostapd_free_hapd_data(struct hosta + struct hapd_interfaces *ifaces = hapd->iface->interfaces; + size_t i; + +- for (i = 0; i < ifaces->count; i++) { ++ for (i = 0; ifaces && i < ifaces->count; i++) { + struct hostapd_iface *iface = ifaces->iface[i]; + size_t j; + diff --git a/package/network/services/hostapd/patches/110-mbedtls-TLS-crypto-option-initial-port.patch b/package/network/services/hostapd/patches/110-mbedtls-TLS-crypto-option-initial-port.patch index b786d3bccb..b55c0b1f84 100644 --- a/package/network/services/hostapd/patches/110-mbedtls-TLS-crypto-option-initial-port.patch +++ b/package/network/services/hostapd/patches/110-mbedtls-TLS-crypto-option-initial-port.patch @@ -6460,7 +6460,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> +{ + #if !defined(MBEDTLS_USE_PSA_CRYPTO) /* XXX: (not extracted for PSA crypto) */ + #if defined(MBEDTLS_SSL_PROTO_TLS1_3) -+ if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) ++ if (mbedtls_ssl_get_version_number(ssl) == MBEDTLS_SSL_VERSION_TLS1_3) + return 0; /* (calculation not extracted) */ + #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + diff --git a/package/network/services/lldpd/Makefile b/package/network/services/lldpd/Makefile index 5a9a9732d2..f34cd28faa 100644 --- a/package/network/services/lldpd/Makefile +++ b/package/network/services/lldpd/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lldpd PKG_VERSION:=1.0.17 -PKG_RELEASE:=4 +PKG_RELEASE:=5 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/lldpd/lldpd/releases/download/$(PKG_VERSION)/ diff --git a/package/network/services/lldpd/files/lldpd.init b/package/network/services/lldpd/files/lldpd.init index dbe79d2f4a..3922b676b5 100644 --- a/package/network/services/lldpd/files/lldpd.init +++ b/package/network/services/lldpd/files/lldpd.init @@ -114,17 +114,17 @@ write_lldpd_conf() local lldp_mgmt_ip config_get lldp_mgmt_ip 'config' 'lldp_mgmt_ip' - # Configurable capabilities in lldpd >= v1.0.15 + # Configurable capabilities in lldpd >= v1.0.15: defaults to 'unconfigured' i.e. kernel info local lldp_syscapabilities config_get lldp_syscapabilities 'config' 'lldp_syscapabilities' - # Configurable capabilities in lldpd >= v1.0.15 + # Configurable capabilities in lldpd >= v1.0.15: defaults to on in lldpd local lldp_capability_advertisements - config_get_bool lldp_capability_advertisements 'config' 'lldp_capability_advertisements' 0 + config_get_bool lldp_capability_advertisements 'config' 'lldp_capability_advertisements' 1 - # Broadcast management address in lldpd >= 0.7.15 + # Broadcast management address in lldpd >= 0.7.15: defaults to on in lldpd local lldp_mgmt_addr_advertisements - config_get_bool lldp_mgmt_addr_advertisements 'config' 'lldp_mgmt_addr_advertisements' 0 + config_get_bool lldp_mgmt_addr_advertisements 'config' 'lldp_mgmt_addr_advertisements' 1 if [ "$CONFIG_LLDPD_WITH_LLDPMED" = "y" ]; then local lldpmed_fast_start @@ -192,8 +192,10 @@ write_lldpd_conf() [ -n "$lldp_platform" ] && echo "configure system platform" "\"$lldp_platform\"" >> "$LLDPD_CONF" [ -n "$lldp_tx_interval" ] && echo "configure lldp tx-interval $lldp_tx_interval" >> "$LLDPD_CONF" [ "$lldp_tx_hold" -gt 0 ] && echo "configure lldp tx-hold $lldp_tx_hold" >> "$LLDPD_CONF" - [ "$lldp_capability_advertisements" -gt 0 ] && echo "configure lldp capabilities-advertisements" >> "$LLDPD_CONF" - [ "$lldp_mgmt_addr_advertisements" -gt 0 ] && echo "configure lldp management-addresses-advertisements" >> "$LLDPD_CONF" + [ "$lldp_capability_advertisements" -gt 0 ] && echo "configure lldp capabilities-advertisements" >> "$LLDPD_CONF" ||\ + echo "unconfigure lldp capabilities-advertisements" >> "$LLDPD_CONF" + [ "$lldp_mgmt_addr_advertisements" -gt 0 ] && echo "configure lldp management-addresses-advertisements" >> "$LLDPD_CONF" ||\ + echo "unconfigure lldp management-addresses-advertisements" >> "$LLDPD_CONF" # Since lldpd's sysconfdir is /tmp, we'll symlink /etc/lldpd.d to /tmp/$LLDPD_CONFS_DIR [ -e "$LLDPD_CONFS_DIR" ] || ln -s /etc/lldpd.d "$LLDPD_CONFS_DIR" @@ -374,6 +376,8 @@ reload_service() { unconfigure lldp custom-tlv unconfigure lldp capabilities-advertisements unconfigure lldp management-addresses-advertisements + # unconfigures user-configured system capabilities, and instead uses the kernel information: + unconfigure system capabilities enabled unconfigure system interface pattern unconfigure system description unconfigure system hostname diff --git a/package/network/services/odhcpd/Makefile b/package/network/services/odhcpd/Makefile index 55a24a90e5..4092588353 100644 --- a/package/network/services/odhcpd/Makefile +++ b/package/network/services/odhcpd/Makefile @@ -12,9 +12,9 @@ PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=$(PROJECT_GIT)/project/odhcpd.git -PKG_MIRROR_HASH:=08fddf4294929d1713e0c3f7b258f8c7bf4abe731d5f34fceb797faa411f7a58 -PKG_SOURCE_DATE:=2023-10-24 -PKG_SOURCE_VERSION:=d8118f6e76e5519881f9a37137c3a06b3cb60fd2 +PKG_MIRROR_HASH:=f6e1c18551a00e01229fa12caa7b3fe33ad82785150fedcbe615fcc651ba2876 +PKG_SOURCE_DATE:=2024-05-08 +PKG_SOURCE_VERSION:=a29882318a4ccb3ae26f7cc0145e06ad4ead224b PKG_MAINTAINER:=Hans Dedecker <dedeckeh@gmail.com> PKG_LICENSE:=GPL-2.0 diff --git a/package/network/services/ustp/Makefile b/package/network/services/ustp/Makefile index baf45288dd..2d44b7a359 100644 --- a/package/network/services/ustp/Makefile +++ b/package/network/services/ustp/Makefile @@ -12,9 +12,9 @@ PKG_RELEASE:=1 PKG_SOURCE_URL=$(PROJECT_GIT)/project/ustp.git PKG_SOURCE_PROTO:=git -PKG_SOURCE_DATE:=2021-09-21 -PKG_SOURCE_VERSION:=462b3a491347e452c15220861949b1d6371fa59e -PKG_MIRROR_HASH:=c3373b369b127c26d4a79425631cb5db83ef479ab21d164da879b35942539dfb +PKG_SOURCE_DATE:=2023-05-29 +PKG_SOURCE_VERSION:=a85a5bc83bde5b485319ca12b6e32c4b7f0b120f +PKG_MIRROR_HASH:=b907b91989320eb8916e719ced9bdce96b8c5db6abefcee35e25fb112ad5b27f PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name> PKG_LICENSE:=GPL-2.0 diff --git a/package/network/utils/ebtables/Makefile b/package/network/utils/ebtables/Makefile index 32a452b068..1eae868d7a 100644 --- a/package/network/utils/ebtables/Makefile +++ b/package/network/utils/ebtables/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ebtables PKG_SOURCE_DATE:=2018-06-27 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_URL:=https://git.netfilter.org/ebtables PKG_SOURCE_PROTO:=git diff --git a/package/network/utils/ebtables/patches/100-musl_fix.patch b/package/network/utils/ebtables/patches/100-musl_fix.patch deleted file mode 100644 index f393ea7d91..0000000000 --- a/package/network/utils/ebtables/patches/100-musl_fix.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- a/include/ebtables_u.h -+++ b/include/ebtables_u.h -@@ -23,6 +23,7 @@ - - #ifndef EBTABLES_U_H - #define EBTABLES_U_H -+#define _NETINET_IF_ETHER_H - #include <netinet/in.h> - #include <netinet/ether.h> - #include <linux/netfilter_bridge/ebtables.h> diff --git a/package/network/utils/iproute2/Makefile b/package/network/utils/iproute2/Makefile index 2f9d2f2bc9..85d9f437f6 100644 --- a/package/network/utils/iproute2/Makefile +++ b/package/network/utils/iproute2/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=iproute2 -PKG_VERSION:=6.7.0 +PKG_VERSION:=6.9.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@KERNEL/linux/utils/net/iproute2 -PKG_HASH:=ff942dd9828d7d1f867f61fe72ce433078c31e5d8e4a78e20f02cb5892e8841d +PKG_HASH:=2f643d09ea11a4a2a043c92e2b469b5f73228cbf241ae806760296ed0ec413d0 PKG_BUILD_PARALLEL:=1 PKG_BUILD_DEPENDS:=iptables PKG_LICENSE:=GPL-2.0 @@ -77,14 +77,7 @@ $(call Package/iproute2/Default) VARIANT:=tcfull PROVIDES:=tc ALTERNATIVES:=400:/sbin/tc:/usr/libexec/tc-full - DEPENDS:=+kmod-sched-core +(PACKAGE_devlink||PACKAGE_rdma):libmnl +libbpf +libxtables +tc-mod-iptables -endef - -define Package/tc-mod-iptables -$(call Package/iproute2/Default) - TITLE:=Traffic control module - iptables action - VARIANT:=tcfull - DEPENDS:=+libxtables +libbpf + DEPENDS:=+kmod-sched-core +(PACKAGE_devlink||PACKAGE_rdma):libmnl +libbpf +libxtables endef define Package/genl @@ -102,7 +95,7 @@ endef define Package/ss $(call Package/iproute2/Default) TITLE:=Socket statistics utility - DEPENDS:=+libnl-tiny +(PACKAGE_devlink||PACKAGE_rdma):libmnl +kmod-netlink-diag + DEPENDS:=+libnl-tiny +(PACKAGE_devlink||PACKAGE_rdma):libmnl +libbpf +kmod-netlink-diag endef define Package/nstat @@ -232,11 +225,6 @@ define Package/tc-full/install $(INSTALL_BIN) $(PKG_BUILD_DIR)/tc/tc $(1)/usr/libexec/tc-full endef -define Package/tc-mod-iptables/install - $(INSTALL_DIR) $(1)/usr/lib/tc - $(CP) $(PKG_BUILD_DIR)/tc/m_xt.so $(1)/usr/lib/tc -endef - define Package/genl/install $(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_BIN) $(PKG_BUILD_DIR)/genl/genl $(1)/usr/sbin/ @@ -269,9 +257,6 @@ endef $(eval $(call BuildPackage,ip-tiny)) $(eval $(call BuildPackage,ip-full)) -# build tc-mod-iptables before its dependents, to avoid -# spurious rebuilds when building multiple variants. -$(eval $(call BuildPackage,tc-mod-iptables)) $(eval $(call BuildPackage,tc-tiny)) $(eval $(call BuildPackage,tc-bpf)) $(eval $(call BuildPackage,tc-full)) diff --git a/package/network/utils/iproute2/patches/115-add-config-xtlibdir.patch b/package/network/utils/iproute2/patches/115-add-config-xtlibdir.patch index c32863c364..38448e6cd6 100644 --- a/package/network/utils/iproute2/patches/115-add-config-xtlibdir.patch +++ b/package/network/utils/iproute2/patches/115-add-config-xtlibdir.patch @@ -1,6 +1,6 @@ --- a/tc/Makefile +++ b/tc/Makefile -@@ -119,6 +119,9 @@ CFLAGS += -DCONFIG_GACT -DCONFIG_GACT_PR +@@ -107,6 +107,9 @@ CFLAGS += -DCONFIG_GACT -DCONFIG_GACT_PR ifneq ($(IPT_LIB_DIR),) CFLAGS += -DIPT_LIB_DIR=\"$(IPT_LIB_DIR)\" endif diff --git a/package/network/utils/iproute2/patches/130-no_netem_tipc_dcb_man_vdpa.patch b/package/network/utils/iproute2/patches/130-no_netem_tipc_dcb_man_vdpa.patch index 8c70c14489..7f946070f9 100644 --- a/package/network/utils/iproute2/patches/130-no_netem_tipc_dcb_man_vdpa.patch +++ b/package/network/utils/iproute2/patches/130-no_netem_tipc_dcb_man_vdpa.patch @@ -1,6 +1,6 @@ --- a/Makefile +++ b/Makefile -@@ -68,9 +68,9 @@ WFLAGS += -Wmissing-declarations -Wold-s +@@ -69,9 +69,9 @@ WFLAGS += -Wmissing-declarations -Wold-s CFLAGS := $(WFLAGS) $(CCOPTS) -I../include -I../include/uapi $(DEFINES) $(CFLAGS) YACCFLAGS = -d -t -v diff --git a/package/network/utils/iproute2/patches/140-keep_libmnl_optional.patch b/package/network/utils/iproute2/patches/140-keep_libmnl_optional.patch index 0d22875751..ee18f17d54 100644 --- a/package/network/utils/iproute2/patches/140-keep_libmnl_optional.patch +++ b/package/network/utils/iproute2/patches/140-keep_libmnl_optional.patch @@ -1,6 +1,6 @@ --- a/configure +++ b/configure -@@ -391,7 +391,7 @@ check_tirpc() +@@ -362,7 +362,7 @@ check_tirpc() check_mnl() { diff --git a/package/network/utils/iproute2/patches/145-keep_libelf_optional.patch b/package/network/utils/iproute2/patches/145-keep_libelf_optional.patch index bffacddb21..99b9d326fe 100644 --- a/package/network/utils/iproute2/patches/145-keep_libelf_optional.patch +++ b/package/network/utils/iproute2/patches/145-keep_libelf_optional.patch @@ -1,6 +1,6 @@ --- a/configure +++ b/configure -@@ -246,7 +246,7 @@ EOF +@@ -217,7 +217,7 @@ EOF check_elf() { diff --git a/package/network/utils/iproute2/patches/150-keep_libcap_optional.patch b/package/network/utils/iproute2/patches/150-keep_libcap_optional.patch index 570e9c7038..767c968e74 100644 --- a/package/network/utils/iproute2/patches/150-keep_libcap_optional.patch +++ b/package/network/utils/iproute2/patches/150-keep_libcap_optional.patch @@ -1,6 +1,6 @@ --- a/configure +++ b/configure -@@ -449,7 +449,7 @@ EOF +@@ -421,7 +421,7 @@ EOF check_cap() { diff --git a/package/network/utils/iproute2/patches/155-keep_tirpc_optional.patch b/package/network/utils/iproute2/patches/155-keep_tirpc_optional.patch index 4d7fb76308..011dd48f8e 100644 --- a/package/network/utils/iproute2/patches/155-keep_tirpc_optional.patch +++ b/package/network/utils/iproute2/patches/155-keep_tirpc_optional.patch @@ -1,6 +1,6 @@ --- a/configure +++ b/configure -@@ -378,7 +378,7 @@ check_selinux() +@@ -349,7 +349,7 @@ check_selinux() check_tirpc() { diff --git a/package/network/utils/iproute2/patches/170-ip_tiny.patch b/package/network/utils/iproute2/patches/170-ip_tiny.patch index 71081c36bc..149bcd2afc 100644 --- a/package/network/utils/iproute2/patches/170-ip_tiny.patch +++ b/package/network/utils/iproute2/patches/170-ip_tiny.patch @@ -30,15 +30,15 @@ "Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }\n" " ip [ -force ] -batch filename\n" +#ifndef IPROUTE2_TINY - "where OBJECT := { address | addrlabel | amt | fou | help | ila | ioam | l2tp |\n" - " link | macsec | maddress | monitor | mptcp | mroute | mrule |\n" + "where OBJECT := { address | addrlabel | fou | help | ila | ioam | l2tp | link |\n" + " macsec | maddress | monitor | mptcp | mroute | mrule |\n" " neighbor | neighbour | netconf | netns | nexthop | ntable |\n" - " ntbl | route | rule | sr | tap | tcpmetrics |\n" + " ntbl | route | rule | sr | stats | tap | tcpmetrics |\n" " token | tunnel | tuntap | vrf | xfrm }\n" +#else -+ "where OBJECT := { address | link | maddress | monitor |\n" ++ "where OBJECT := { address | help | link | maddress | monitor |\n" + " neighbor | neighbour | netns | route |\n" -+ " rule | token | tunnel }\n" ++ " rule | stats | token | tunnel }\n" +#endif " OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |\n" " -h[uman-readable] | -iec | -j[son] | -p[retty] |\n" diff --git a/package/network/utils/iproute2/patches/175-reduce-dynamic-syms.patch b/package/network/utils/iproute2/patches/175-reduce-dynamic-syms.patch deleted file mode 100644 index aef51395a9..0000000000 --- a/package/network/utils/iproute2/patches/175-reduce-dynamic-syms.patch +++ /dev/null @@ -1,45 +0,0 @@ ---- a/tc/Makefile -+++ b/tc/Makefile -@@ -106,7 +106,7 @@ LDLIBS += -L. -lm - - ifeq ($(SHARED_LIBS),y) - LDLIBS += -ldl --LDFLAGS += -Wl,-export-dynamic -+LDFLAGS += -Wl,--dynamic-list=dynsyms.list - endif - - TCLIB := tc_core.o -@@ -135,7 +135,7 @@ MODDESTDIR := $(DESTDIR)$(LIBDIR)/tc - all: tc $(TCSO) - - tc: $(TCOBJ) $(LIBNETLINK) libtc.a -- $(QUIET_LINK)$(CC) $^ $(LDFLAGS) $(LDLIBS) -o $@ -+ $(QUIET_LINK)$(CC) $(filter-out dynsyms.list, $^) $(LDFLAGS) $(LDLIBS) -o $@ - - libtc.a: $(TCLIB) - $(QUIET_AR)$(AR) rcs $@ $^ -@@ -157,6 +157,7 @@ install: all - clean: - rm -f $(TCOBJ) $(TCLIB) libtc.a tc *.so emp_ematch.tab.h; \ - rm -f emp_ematch.tab.* -+ rm -f dynsyms.list - - m_xt.so: m_xt.c - $(QUIET_CC)$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -shared -fpic -o m_xt.so m_xt.c $$($(PKG_CONFIG) xtables --cflags --libs) -@@ -193,4 +194,16 @@ static-syms.h: $(wildcard *.c) - sed -n '/'$$s'[^ ]* =/{s:.* \([^ ]*'$$s'[^ ]*\) .*:extern char \1[] __attribute__((weak)); if (!strcmp(sym, "\1")) return \1;:;p}' $$files ; \ - done > $@ - -+else -+ -+tc: dynsyms.list -+m_xt.so: dynsyms.list -+dynsyms.list: $(wildcard *.c) -+ files="$(filter-out $(patsubst %.so,%.c,$(TCSO)), $^)" ; \ -+ echo "{" > $@ ; \ -+ for s in `grep -B 3 '\<dlsym' $$files | sed -n '/snprintf/{s:.*"\([^"]*\)".*:\1:;s:%s::;p}'` ; do \ -+ sed -n '/'$$s'[^ ]* =/{s:.* \([^ ]*'$$s'[^ ]*\) .*:\1;:;p}' $$files ; \ -+ done >> $@ ; \ -+ echo "show_stats; print_nl; print_tm; parse_rtattr; parse_rtattr_flags; get_u32; matches; addattr_l; addattr_nest; addattr_nest_end; };" >> $@ -+ - endif diff --git a/package/network/utils/iproute2/patches/190-fix-nls-rpath-link.patch b/package/network/utils/iproute2/patches/190-fix-nls-rpath-link.patch index 765e4ad2e8..545075fd85 100644 --- a/package/network/utils/iproute2/patches/190-fix-nls-rpath-link.patch +++ b/package/network/utils/iproute2/patches/190-fix-nls-rpath-link.patch @@ -1,6 +1,6 @@ --- a/configure +++ b/configure -@@ -270,7 +270,7 @@ int main(int argc, char **argv) { +@@ -241,7 +241,7 @@ int main(int argc, char **argv) { } EOF @@ -9,7 +9,7 @@ local ret=$? rm -f $TMPDIR/libbpf_test.c $TMPDIR/libbpf_test -@@ -288,7 +288,7 @@ int main(int argc, char **argv) { +@@ -259,7 +259,7 @@ int main(int argc, char **argv) { } EOF diff --git a/package/network/utils/iproute2/patches/195-build_variant_ip_tc.patch b/package/network/utils/iproute2/patches/195-build_variant_ip_tc.patch index 8156adbf05..6ecf5568be 100644 --- a/package/network/utils/iproute2/patches/195-build_variant_ip_tc.patch +++ b/package/network/utils/iproute2/patches/195-build_variant_ip_tc.patch @@ -11,7 +11,7 @@ --- a/tc/Makefile +++ b/tc/Makefile -@@ -132,7 +132,7 @@ MODDESTDIR := $(DESTDIR)$(LIBDIR)/tc +@@ -120,7 +120,7 @@ MODDESTDIR := $(DESTDIR)$(LIBDIR)/tc $(QUIET_CC)$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -shared -fpic $< -o $@ @@ -19,4 +19,4 @@ +all: $(findstring tc,$(BUILD_VARIANT)) $(TCSO) tc: $(TCOBJ) $(LIBNETLINK) libtc.a - $(QUIET_LINK)$(CC) $(filter-out dynsyms.list, $^) $(LDFLAGS) $(LDLIBS) -o $@ + $(QUIET_LINK)$(CC) $^ $(LDFLAGS) $(LDLIBS) -o $@ diff --git a/package/network/utils/iproute2/patches/200-drop_libbsd_dependency.patch b/package/network/utils/iproute2/patches/200-drop_libbsd_dependency.patch index 92bf5cb66d..e41be20f10 100644 --- a/package/network/utils/iproute2/patches/200-drop_libbsd_dependency.patch +++ b/package/network/utils/iproute2/patches/200-drop_libbsd_dependency.patch @@ -1,6 +1,6 @@ --- a/configure +++ b/configure -@@ -435,14 +435,8 @@ EOF +@@ -407,14 +407,8 @@ EOF if $CC -I$INCLUDE -o $TMPDIR/strtest $TMPDIR/strtest.c >/dev/null 2>&1; then echo "no" else diff --git a/package/network/utils/iproute2/patches/300-selinux-configurable.patch b/package/network/utils/iproute2/patches/300-selinux-configurable.patch index a611ba75f0..36ecc735a7 100644 --- a/package/network/utils/iproute2/patches/300-selinux-configurable.patch +++ b/package/network/utils/iproute2/patches/300-selinux-configurable.patch @@ -1,6 +1,6 @@ --- a/configure +++ b/configure -@@ -365,7 +365,7 @@ check_libbpf() +@@ -336,7 +336,7 @@ check_libbpf() check_selinux() # SELinux is a compile time option in the ss utility { diff --git a/package/network/utils/iproute2/patches/400-rdma-include-libgen.h-for-basename.patch b/package/network/utils/iproute2/patches/400-rdma-include-libgen.h-for-basename.patch new file mode 100644 index 0000000000..530d2bcffc --- /dev/null +++ b/package/network/utils/iproute2/patches/400-rdma-include-libgen.h-for-basename.patch @@ -0,0 +1,10 @@ +--- a/rdma/rdma.h ++++ b/rdma/rdma.h +@@ -16,6 +16,7 @@ + #include <rdma/rdma_user_cm.h> + #include <time.h> + #include <net/if_arp.h> ++#include <libgen.h> + + #include "list.h" + #include "utils.h" diff --git a/package/network/utils/iproute2/patches/401-bridge-vlan.c-bridge-vlan.c-fix-build-with-gcc-14-on.patch b/package/network/utils/iproute2/patches/401-bridge-vlan.c-bridge-vlan.c-fix-build-with-gcc-14-on.patch new file mode 100644 index 0000000000..a90c9fc80a --- /dev/null +++ b/package/network/utils/iproute2/patches/401-bridge-vlan.c-bridge-vlan.c-fix-build-with-gcc-14-on.patch @@ -0,0 +1,69 @@ +From 53a89bfd86fff1a00cc77cabb8457a03eaa3bc7d Mon Sep 17 00:00:00 2001 +From: Gabi Falk <gabifalk@gmx.com> +Date: Fri, 10 May 2024 14:36:12 +0000 +Subject: [PATCH] bridge/vlan.c: bridge/vlan.c: fix build with gcc 14 on musl + systems + +On glibc based systems the definition of 'struct timeval' is pulled in +with inclusion of <stdlib.h> header, but on musl based systems it +doesn't work this way. Missing definition triggers an +incompatible-pointer-types error with gcc 14 (warning on previous +versions of gcc): + +../include/json_print.h:80:30: warning: 'struct timeval' declared inside parameter list will not be visible outside of this definition or declaration + 80 | _PRINT_FUNC(tv, const struct timeval *) + | ^~~~~~~ +../include/json_print.h:50:37: note: in definition of macro '_PRINT_FUNC' + 50 | type value); \ + | ^~~~ +../include/json_print.h:80:30: warning: 'struct timeval' declared inside parameter list will not be visible outside of this definition or declaration + 80 | _PRINT_FUNC(tv, const struct timeval *) + | ^~~~~~~ +../include/json_print.h:55:45: note: in definition of macro '_PRINT_FUNC' + 55 | type value) \ + | ^~~~ +../include/json_print.h: In function 'print_tv': +../include/json_print.h:58:48: error: passing argument 5 of 'print_color_tv' from incompatible pointer type [-Wincompatible-pointer-types] + 58 | value); \ + | ^~~~~ + | | + | const struct timeval * + +Signed-off-by: Gabi Falk <gabifalk@gmx.com> +Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> +--- + bridge/vlan.c | 1 + + bridge/vni.c | 1 + + vdpa/vdpa.c | 1 + + 3 files changed, 3 insertions(+) + +--- a/bridge/vlan.c ++++ b/bridge/vlan.c +@@ -4,6 +4,7 @@ + #include <unistd.h> + #include <fcntl.h> + #include <sys/socket.h> ++#include <sys/time.h> + #include <net/if.h> + #include <netinet/in.h> + #include <linux/if_bridge.h> +--- a/bridge/vni.c ++++ b/bridge/vni.c +@@ -10,6 +10,7 @@ + #include <string.h> + #include <fcntl.h> + #include <sys/socket.h> ++#include <sys/time.h> + #include <net/if.h> + #include <netinet/in.h> + #include <linux/if_link.h> +--- a/vdpa/vdpa.c ++++ b/vdpa/vdpa.c +@@ -3,6 +3,7 @@ + #include <stdio.h> + #include <getopt.h> + #include <errno.h> ++#include <sys/time.h> + #include <linux/genetlink.h> + #include <linux/if_ether.h> + #include <linux/vdpa.h> diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile index 45a2b49070..d5511f33c1 100644 --- a/package/network/utils/iptables/Makefile +++ b/package/network/utils/iptables/Makefile @@ -23,7 +23,7 @@ PKG_INSTALL:=1 PKG_BUILD_FLAGS:=gc-sections no-lto PKG_BUILD_PARALLEL:=1 PKG_LICENSE:=GPL-2.0 -PKG_CPE_ID:=cpe:/a:netfilter_core_team:iptables +PKG_CPE_ID:=cpe:/a:netfilter:iptables include $(INCLUDE_DIR)/package.mk ifeq ($(DUMP),) diff --git a/package/network/utils/linux-atm/Makefile b/package/network/utils/linux-atm/Makefile index 43f4b6556b..c48309da9c 100644 --- a/package/network/utils/linux-atm/Makefile +++ b/package/network/utils/linux-atm/Makefile @@ -10,7 +10,7 @@ include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=linux-atm PKG_VERSION:=2.5.2 -PKG_RELEASE:=7 +PKG_RELEASE:=8 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=@SF/$(PKG_NAME) diff --git a/package/network/utils/linux-atm/patches/000-debian_16.patch b/package/network/utils/linux-atm/patches/000-debian_2.5.1-5.1.patch index 4abaac07e8..27bf6b1ad1 100644 --- a/package/network/utils/linux-atm/patches/000-debian_16.patch +++ b/package/network/utils/linux-atm/patches/000-debian_2.5.1-5.1.patch @@ -1,3 +1,45 @@ +--- a/src/mpoad/mpcd.8 ++++ b/src/mpoad/mpcd.8 +@@ -28,7 +28,7 @@ mpcd \- ATM MPOA (Multi\-Protocol Over A + .B ]] + .SH DESCRIPTION + MPOA client +-.SM(MPC) is responsible for creating and receiving ++.SM (MPC) is responsible for creating and receiving + internetwork layer shortcuts. Using these shortcuts MPCs forward + unicast internetwork layer packets effectively over ATM without need + for routing protocols. +@@ -43,7 +43,7 @@ accepts shortcuts and packets arriving o + shortcuts is done with the help of + .SM MPOA + server +-.SM(MPS). ++.SM (MPS). + .PP + Just as the Linux + .SM LAN +--- a/src/led/zeppelin.8 ++++ b/src/led/zeppelin.8 +@@ -99,7 +99,7 @@ Ring and ATM parts of the ELAN, so using + recommended. Token Ring support has received less testing than its + Ethernet counterpart. + .SH FILES +-.IP \fI/var/run/lec[interface number].pid\fP ++.IP \fI/var/run/lec[interface\ number].pid\fP + The file containing the process id of zeppelin. + .SH BUGS + John Bonham died 1980 and Led Zeppelin broke. +--- a/src/sigd/atmsigd.conf.4 ++++ b/src/sigd/atmsigd.conf.4 +@@ -125,7 +125,7 @@ a comment. The `#' character cannot be e + .P + If an option is specified in \fBatmsigd.conf\fP and on the command + line, the command line has priority. +-.COMPATIBILITY ++.SH COMPATIBILITY + Certain options used by past versions of \fBatmsigd\fP but no longer documented + on the man page are still recognized and supported, but they also yield a + warning message. Future versions of \fBatmsigd\fP will not recognize those --- a/src/arpd/io.c +++ b/src/arpd/io.c @@ -277,7 +277,8 @@ static void accept_new(void) @@ -226,45 +268,52 @@ if (trans) { /* set send socket buffer if we are transmitting */ ---- a/src/mpoad/mpcd.8 -+++ b/src/mpoad/mpcd.8 -@@ -28,7 +28,7 @@ mpcd \- ATM MPOA (Multi\-Protocol Over A - .B ]] - .SH DESCRIPTION - MPOA client --.SM(MPC) is responsible for creating and receiving -+.SM (MPC) is responsible for creating and receiving - internetwork layer shortcuts. Using these shortcuts MPCs forward - unicast internetwork layer packets effectively over ATM without need - for routing protocols. -@@ -43,7 +43,7 @@ accepts shortcuts and packets arriving o - shortcuts is done with the help of - .SM MPOA - server --.SM(MPS). -+.SM (MPS). - .PP - Just as the Linux - .SM LAN ---- a/src/led/zeppelin.8 -+++ b/src/led/zeppelin.8 -@@ -99,7 +99,7 @@ Ring and ATM parts of the ELAN, so using - recommended. Token Ring support has received less testing than its - Ethernet counterpart. - .SH FILES --.IP \fI/var/run/lec[interface number].pid\fP -+.IP \fI/var/run/lec[interface\ number].pid\fP - The file containing the process id of zeppelin. - .SH BUGS - John Bonham died 1980 and Led Zeppelin broke. ---- a/src/sigd/atmsigd.conf.4 -+++ b/src/sigd/atmsigd.conf.4 -@@ -125,7 +125,7 @@ a comment. The `#' character cannot be e - .P - If an option is specified in \fBatmsigd.conf\fP and on the command - line, the command line has priority. --.COMPATIBILITY -+.SH COMPATIBILITY - Certain options used by past versions of \fBatmsigd\fP but no longer documented - on the man page are still recognized and supported, but they also yield a - warning message. Future versions of \fBatmsigd\fP will not recognize those +@@ -663,7 +664,7 @@ int no_check = 0; + exit(0); + + usage: +- fprintf(stderr, Usage); ++ fprintf(stderr, "%s", Usage); + exit(1); + } + +--- a/src/arpd/arp.c ++++ b/src/arpd/arp.c +@@ -17,6 +17,7 @@ + #include <netinet/in.h> /* for ntohs, etc. */ + #define _LINUX_NETDEVICE_H /* very crude hack for glibc2 */ + #include <linux/types.h> ++#include <linux/if.h> + #include <linux/if_arp.h> + #include <linux/if_ether.h> + #include <atm.h> +--- a/src/arpd/itf.c ++++ b/src/arpd/itf.c +@@ -14,6 +14,7 @@ + #include <sys/socket.h> + #define _LINUX_NETDEVICE_H /* glibc2 */ + #include <linux/types.h> ++#include <linux/if.h> + #include <linux/if_arp.h> + + #include "atmd.h" +--- a/src/maint/atmdump.c ++++ b/src/maint/atmdump.c +@@ -14,6 +14,7 @@ + #include <sys/types.h> + #include <sys/time.h> + #include <sys/socket.h> ++#include <linux/sockios.h> + #include <netinet/in.h> /* for htonl and ntohl */ + #include <atm.h> + +--- a/src/maint/saaldump.c ++++ b/src/maint/saaldump.c +@@ -15,6 +15,7 @@ + #include <sys/time.h> + #include <sys/types.h> + #include <sys/socket.h> ++#include <linux/sockios.h> + #include <atm.h> + + #include "pdu.h" diff --git a/package/network/utils/linux-atm/patches/510-remove-LINUX_NETDEVICE-hack.patch b/package/network/utils/linux-atm/patches/510-remove-LINUX_NETDEVICE-hack.patch index d76ec1eaf4..c16df18aa9 100644 --- a/package/network/utils/linux-atm/patches/510-remove-LINUX_NETDEVICE-hack.patch +++ b/package/network/utils/linux-atm/patches/510-remove-LINUX_NETDEVICE-hack.patch @@ -28,8 +28,8 @@ in Linux 4.20. #include <sys/socket.h> -#define _LINUX_NETDEVICE_H /* glibc2 */ #include <linux/types.h> + #include <linux/if.h> #include <linux/if_arp.h> - --- a/src/arpd/io.c +++ b/src/arpd/io.c @@ -21,7 +21,6 @@ @@ -48,5 +48,5 @@ in Linux 4.20. #include <netinet/in.h> /* for ntohs, etc. */ -#define _LINUX_NETDEVICE_H /* very crude hack for glibc2 */ #include <linux/types.h> + #include <linux/if.h> #include <linux/if_arp.h> - #include <linux/if_ether.h> diff --git a/package/network/utils/linux-atm/patches/600-fix-format-errors.patch b/package/network/utils/linux-atm/patches/600-fix-format-errors.patch deleted file mode 100644 index ef484f2fa3..0000000000 --- a/package/network/utils/linux-atm/patches/600-fix-format-errors.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/src/test/ttcp.c -+++ b/src/test/ttcp.c -@@ -664,7 +664,7 @@ int no_check = 0; - exit(0); - - usage: -- fprintf(stderr, Usage); -+ fprintf(stderr, "%s", Usage); - exit(1); - } - diff --git a/package/network/utils/linux-atm/patches/700-musl-include.patch b/package/network/utils/linux-atm/patches/600-musl-include.patch index 2b2268d8ac..2b2268d8ac 100644 --- a/package/network/utils/linux-atm/patches/700-musl-include.patch +++ b/package/network/utils/linux-atm/patches/600-musl-include.patch diff --git a/package/network/utils/linux-atm/patches/700-fix-gcc14-build.patch b/package/network/utils/linux-atm/patches/700-fix-gcc14-build.patch new file mode 100644 index 0000000000..a19dc6c767 --- /dev/null +++ b/package/network/utils/linux-atm/patches/700-fix-gcc14-build.patch @@ -0,0 +1,82 @@ +--- a/src/arpd/io.c ++++ b/src/arpd/io.c +@@ -615,7 +615,7 @@ int ip_itf_info(int number,uint32_t *ip, + int get_local(int fd,struct sockaddr_atmsvc *addr) + { + int result; +- size_t length; ++ socklen_t length; + + length = sizeof(struct sockaddr_atmsvc); + result = getsockname(fd,(struct sockaddr *) addr,&length); +--- a/src/led/conn.c ++++ b/src/led/conn.c +@@ -405,7 +405,7 @@ Conn_t *accept_conn(Conn_t *conn) + { + Conn_t *new; + struct sockaddr_atmsvc addr; +- size_t len; ++ socklen_t len; + int fd; + char buff[MAX_ATM_ADDR_LEN+1]; + +@@ -538,7 +538,7 @@ static int handle_accept(Conn_t *conn) + */ + static int handle_data(Conn_t *conn) + { +- char buff[MAX_CTRL_FRAME]; ++ unsigned char buff[MAX_CTRL_FRAME]; + int retval; + + retval = recv_frame(conn, buff, sizeof(buff)); +--- a/src/led/frames.c ++++ b/src/led/frames.c +@@ -312,7 +312,7 @@ static void handle_ready_ind(Conn_t *con + * dependant handler functions. + * Returns < 0 for serious error + */ +-int handle_frame(Conn_t *conn, char *buff, int size) ++int handle_frame(Conn_t *conn, unsigned char *buff, int size) + { + struct ctrl_frame *frame; + +--- a/src/led/frames.h ++++ b/src/led/frames.h +@@ -13,7 +13,7 @@ int validate_frame(unsigned char *buff, + void send_ready_ind(Conn_t *conn); + void send_register_req(void); + +-int handle_frame(Conn_t *conn, char *buff, int size); ++int handle_frame(Conn_t *conn, unsigned char *buff, int size); + uint32_t send_flush_req(Conn_t *conn); + + void parse_tlvs(uint16_t opcode, unsigned char *tlvp, int numtlvs, int sizeoftlvs); +--- a/src/led/join.c ++++ b/src/led/join.c +@@ -43,7 +43,7 @@ static int read_join_rsp(char *buff, int + static int parse_join_rsp(unsigned char *buff, int size); + + static int get_bus_addr(struct sockaddr_atmsvc *addr); +-static int read_bus_arp(Conn_t *conn, struct sockaddr_atmsvc *addr, char *buff, int buffsize); ++static int read_bus_arp(Conn_t *conn, struct sockaddr_atmsvc *addr, unsigned char *buff, int buffsize); + + /* + * 5.1, Initial state +@@ -693,7 +693,7 @@ static int get_bus_addr(struct sockaddr_ + fd_set rfds; + struct timeval tv; + int n = 0, retval, timeout; +- char buff[MAX_CTRL_FRAME]; ++ unsigned char buff[MAX_CTRL_FRAME]; + + timeout = 4; /* wait response for 4 seconds */ + lec_params.c7c_current_timeout = 1; +@@ -740,7 +740,7 @@ static int get_bus_addr(struct sockaddr_ + * Tries to read BUS ATM address in *addr + * returns < 0 for error, 0 for not found > 0 for success + */ +-static int read_bus_arp(Conn_t *conn, struct sockaddr_atmsvc *addr, char *buff, int buffsize) ++static int read_bus_arp(Conn_t *conn, struct sockaddr_atmsvc *addr, unsigned char *buff, int buffsize) + { + int frame_size; + struct ctrl_frame *frame; diff --git a/package/network/utils/linux-atm/patches/800-include_sockios.patch b/package/network/utils/linux-atm/patches/800-include_sockios.patch deleted file mode 100644 index edb385ca10..0000000000 --- a/package/network/utils/linux-atm/patches/800-include_sockios.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- a/src/maint/saaldump.c 2020-03-29 22:58:01.089711789 +0200 -+++ b/src/maint/saaldump.c 2020-03-29 22:59:17.564639387 +0200 -@@ -6,6 +6,7 @@ - #include <config.h> - #endif - -+#include <linux/sockios.h> - #include <stdlib.h> - #include <stdarg.h> - #include <stdio.h> ---- a/src/maint/atmdump.c 2020-03-29 22:58:18.573694469 +0200 -+++ b/src/maint/atmdump.c 2020-03-29 22:58:49.956729365 +0200 -@@ -6,6 +6,7 @@ - #include <config.h> - #endif - -+#include <linux/sockios.h> - #include <stdlib.h> - #include <stdio.h> - #include <unistd.h> - diff --git a/package/network/utils/uqmi/Makefile b/package/network/utils/uqmi/Makefile index 90ba080a6f..d4ed1e4494 100644 --- a/package/network/utils/uqmi/Makefile +++ b/package/network/utils/uqmi/Makefile @@ -5,9 +5,9 @@ PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=$(PROJECT_GIT)/project/uqmi.git -PKG_SOURCE_DATE:=2024-01-16 -PKG_SOURCE_VERSION:=c3488b831ce6285c8107704156b9b8ed7d59deb3 -PKG_MIRROR_HASH:=1aa576e46dfb6528ef12f5fd1b626585d565bbcf9119cde302cc34d732c75076 +PKG_SOURCE_DATE:=2024-04-24 +PKG_SOURCE_VERSION:=e7207bec95f02f2f7a98254d642186a082af838d +PKG_MIRROR_HASH:=53e83720472f07cb9bb3e2b68ea6c379fc8c43ed8f93227bcb3d06c94a32a669 PKG_MAINTAINER:=Matti Laakso <malaakso@elisanet.fi> PKG_LICENSE:=GPL-2.0 @@ -34,7 +34,6 @@ endef TARGET_CFLAGS += \ -I$(STAGING_DIR)/usr/include \ - -Wno-error=dangling-pointer \ -Wno-error=maybe-uninitialized CMAKE_OPTIONS += \ @@ -42,7 +41,7 @@ CMAKE_OPTIONS += \ define Package/uqmi/install $(INSTALL_DIR) $(1)/sbin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/uqmi $(1)/sbin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/uqmi/uqmi $(1)/sbin/ $(CP) ./files/* $(1)/ endef diff --git a/package/network/utils/xdp-tools/Makefile b/package/network/utils/xdp-tools/Makefile index dba775e4ea..8a839954e9 100644 --- a/package/network/utils/xdp-tools/Makefile +++ b/package/network/utils/xdp-tools/Makefile @@ -85,8 +85,13 @@ CONFIGURE_VARS += \ CFLAGS="$(TARGET_CFLAGS)" \ LDFLAGS="$(TARGET_LDFLAGS)" \ CLANG="$(CLANG)" \ - BPF_TARGET="$(BPF_TARGET)" \ - LLC="$(LLVM_LLC)" + BPF_TARGET="$(BPF_ARCH)-linux-gnu" \ + LLC="$(LLVM_LLC)" \ + BPF_LDFLAGS="-march=$(BPF_TARGET) -mcpu=v3" + +ifneq ($(findstring s,$(OPENWRT_VERBOSE)),) + MAKE_FLAGS+=V=1 +endif MAKE_VARS += \ PREFIX=/usr \ @@ -94,7 +99,7 @@ MAKE_VARS += \ define Build/Configure $(call Build/Configure/Default) - echo "BPF_CFLAGS += -I$(BPF_HEADERS_DIR)/tools/lib -fno-stack-protector" >> $(PKG_BUILD_DIR)/config.mk + echo "BPF_CFLAGS += $(BPF_CFLAGS) -Wno-error -fno-stack-protector" >> $(PKG_BUILD_DIR)/config.mk endef define Build/InstallDev diff --git a/package/network/utils/xdp-tools/patches/020-libxdp-Use-__noinline__-reserved-attribute-for-XDP-d.patch b/package/network/utils/xdp-tools/patches/020-libxdp-Use-__noinline__-reserved-attribute-for-XDP-d.patch new file mode 100644 index 0000000000..1a157df32c --- /dev/null +++ b/package/network/utils/xdp-tools/patches/020-libxdp-Use-__noinline__-reserved-attribute-for-XDP-d.patch @@ -0,0 +1,49 @@ +From 1f160c287c14b4300c4248752e20da5981c9763e Mon Sep 17 00:00:00 2001 +From: Christian Marangi <ansuelsmth@gmail.com> +Date: Wed, 18 Jan 2023 19:00:54 +0100 +Subject: [PATCH] libxdp: Use __noinline__ reserved attribute for XDP + dispatcher + +The use of noinline is wrong as noline is not a reserved attribute and +with gcc12 this became an error. Use the reserved __noinline__ attribute +to fix compilation error. + +Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> +[a.heider: adapt lib/libxdp/protocol.org too] +Signed-off-by: Andre Heider <a.heider@gmail.com> +--- + lib/libxdp/protocol.org | 2 +- + lib/libxdp/xdp-dispatcher.c.in | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +--- a/lib/libxdp/protocol.org ++++ b/lib/libxdp/protocol.org +@@ -54,7 +54,7 @@ static volatile const struct xdp_dispatc + /* The volatile return value prevents the compiler from assuming it knows the + * return value and optimising based on that. + */ +-__attribute__ ((noinline)) ++__attribute__ ((__noinline__)) + int prog0(struct xdp_md *ctx) { + volatile int ret = XDP_DISPATCHER_RETVAL; + +--- a/lib/libxdp/xdp-dispatcher.c.in ++++ b/lib/libxdp/xdp-dispatcher.c.in +@@ -30,7 +30,7 @@ static volatile const struct xdp_dispatc + * return value and optimising based on that. + */ + forloop(`i', `0', NUM_PROGS, +-`__attribute__ ((noinline)) ++`__attribute__ ((__noinline__)) + int format(`prog%d', i)(struct xdp_md *ctx) { + volatile int ret = XDP_DISPATCHER_RETVAL; + +@@ -40,7 +40,7 @@ int format(`prog%d', i)(struct xdp_md *c + } + ') + +-__attribute__ ((noinline)) ++__attribute__ ((__noinline__)) + int compat_test(struct xdp_md *ctx) { + volatile int ret = XDP_DISPATCHER_RETVAL; + diff --git a/package/network/utils/xdp-tools/patches/021-headers-xdp-drop-vlan_hdr-as-already-defined.patch b/package/network/utils/xdp-tools/patches/021-headers-xdp-drop-vlan_hdr-as-already-defined.patch new file mode 100644 index 0000000000..d508e489ea --- /dev/null +++ b/package/network/utils/xdp-tools/patches/021-headers-xdp-drop-vlan_hdr-as-already-defined.patch @@ -0,0 +1,31 @@ +From bc2a11227b5bed29d33926d5ff7e707228db9e87 Mon Sep 17 00:00:00 2001 +From: Christian Marangi <ansuelsmth@gmail.com> +Date: Wed, 18 Jan 2023 20:07:58 +0100 +Subject: [PATCH] headers: xdp: drop vlan_hdr as already defined + +Drop vlan_hdr as already defined by bpf headers. + +Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> +--- + headers/xdp/parsing_helpers.h | 10 ---------- + 1 file changed, 10 deletions(-) + +--- a/headers/xdp/parsing_helpers.h ++++ b/headers/xdp/parsing_helpers.h +@@ -33,16 +33,6 @@ struct hdr_cursor { + }; + + /* +- * struct vlan_hdr - vlan header +- * @h_vlan_TCI: priority and VLAN ID +- * @h_vlan_encapsulated_proto: packet type ID or len +- */ +-struct vlan_hdr { +- __be16 h_vlan_TCI; +- __be16 h_vlan_encapsulated_proto; +-}; +- +-/* + * Struct icmphdr_common represents the common part of the icmphdr and icmp6hdr + * structures. + */ diff --git a/package/network/utils/xdp-tools/patches/022-xdp-dump-add-missing-perf_event-include-for-bpf-and-.patch b/package/network/utils/xdp-tools/patches/022-xdp-dump-add-missing-perf_event-include-for-bpf-and-.patch new file mode 100644 index 0000000000..edeb403281 --- /dev/null +++ b/package/network/utils/xdp-tools/patches/022-xdp-dump-add-missing-perf_event-include-for-bpf-and-.patch @@ -0,0 +1,34 @@ +From 0388d7447de027e0d2369d6b8a9c58ea0f8f027c Mon Sep 17 00:00:00 2001 +From: Christian Marangi <ansuelsmth@gmail.com> +Date: Wed, 18 Jan 2023 20:37:12 +0100 +Subject: [PATCH] xdp-dump: add missing perf_event include for bpf and xdp + +Add missing perf_event include needed for struct perf_event_header for +bpf and xdp. + +Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> +--- + xdp-dump/xdpdump_bpf.c | 1 + + xdp-dump/xdpdump_xdp.c | 1 + + 2 files changed, 2 insertions(+) + +--- a/xdp-dump/xdpdump_bpf.c ++++ b/xdp-dump/xdpdump_bpf.c +@@ -4,6 +4,7 @@ + * Include files + *****************************************************************************/ + #include <stdbool.h> ++#include <linux/perf_event.h> + #include <linux/bpf.h> + #include <bpf/bpf_helpers.h> + #include <bpf/bpf_trace_helpers.h> +--- a/xdp-dump/xdpdump_xdp.c ++++ b/xdp-dump/xdpdump_xdp.c +@@ -4,6 +4,7 @@ + * Include files + *****************************************************************************/ + #include <stdbool.h> ++#include <linux/perf_event.h> + #include <linux/bpf.h> + #include <bpf/bpf_helpers.h> + #include <bpf/bpf_trace_helpers.h> diff --git a/package/network/utils/xdp-tools/patches/023-libxdp-fix-compilation-on-multiarch-systems.patch b/package/network/utils/xdp-tools/patches/023-libxdp-fix-compilation-on-multiarch-systems.patch new file mode 100644 index 0000000000..cc60ebf611 --- /dev/null +++ b/package/network/utils/xdp-tools/patches/023-libxdp-fix-compilation-on-multiarch-systems.patch @@ -0,0 +1,30 @@ +From cb1ef3322671a67e2050a3eee18b49cdb4ed4bed Mon Sep 17 00:00:00 2001 +From: Andre Heider <a.heider@gmail.com> +Date: Wed, 18 Jan 2023 20:54:41 +0100 +Subject: [PATCH] libxdp: fix compilation on multiarch systems + +Multiarch systems require an additional include path, which is covered +by ARCH_INCLUDES here. Just as lib/util, add it to BPF_CFLAGS. + +Fixes compilation on debian: + +In file included from xdp-dispatcher.c:3: +In file included from ../../headers/linux/bpf.h:11: +/usr/include/linux/types.h:5:10: fatal error: 'asm/types.h' file not found + +Signed-off-by: Andre Heider <a.heider@gmail.com> +--- + lib/libxdp/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/lib/libxdp/Makefile ++++ b/lib/libxdp/Makefile +@@ -30,7 +30,7 @@ PC_FILE := $(OBJDIR)/libxdp.pc + TEMPLATED_SOURCES := xdp-dispatcher.c + + CFLAGS += -I$(HEADER_DIR) +-BPF_CFLAGS += -I$(HEADER_DIR) ++BPF_CFLAGS += -I$(HEADER_DIR) $(ARCH_INCLUDES) + + + ifndef BUILD_STATIC_ONLY diff --git a/package/network/utils/xdp-tools/patches/024-lib-allow-overwriting-W-flags-via-BPF_CFLAGS.patch b/package/network/utils/xdp-tools/patches/024-lib-allow-overwriting-W-flags-via-BPF_CFLAGS.patch new file mode 100644 index 0000000000..16835eae37 --- /dev/null +++ b/package/network/utils/xdp-tools/patches/024-lib-allow-overwriting-W-flags-via-BPF_CFLAGS.patch @@ -0,0 +1,49 @@ +From e2d8eae9477f6ba41ab75ad77202f235e34c04f7 Mon Sep 17 00:00:00 2001 +From: Andre Heider <a.heider@gmail.com> +Date: Wed, 18 Jan 2023 22:30:23 +0100 +Subject: [PATCH] lib: allow overwriting -W* flags via BPF_CFLAGS + +The bpf header file situation is a mess, and the default warning +compiler flags may not be suitable everywhere, especially with -Werror +in the mix. + +Move BPF_CFLAGS further down, so these can be overwritten by builders. + +Signed-off-by: Andre Heider <a.heider@gmail.com> +--- + lib/common.mk | 2 +- + lib/libxdp/Makefile | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/lib/common.mk ++++ b/lib/common.mk +@@ -108,12 +108,12 @@ $(XDP_OBJ): %.o: %.c $(KERN_USER_H) $(EX + $(QUIET_CLANG)$(CLANG) -S \ + -target $(BPF_TARGET) \ + -D __BPF_TRACING__ \ +- $(BPF_CFLAGS) \ + -Wall \ + -Wno-unused-value \ + -Wno-pointer-sign \ + -Wno-compare-distinct-pointer-types \ + -Werror \ ++ $(BPF_CFLAGS) \ + -O2 -emit-llvm -c -g -o ${@:.o=.ll} $< + $(QUIET_LLC)$(LLC) -march=$(BPF_TARGET) -filetype=obj -o $@ ${@:.o=.ll} + +--- a/lib/libxdp/Makefile ++++ b/lib/libxdp/Makefile +@@ -139,12 +139,12 @@ $(XDP_OBJS): %.o: %.c $(BPF_HEADERS) $(L + $(QUIET_CLANG)$(CLANG) -S \ + -target $(BPF_TARGET) \ + -D __BPF_TRACING__ \ +- $(BPF_CFLAGS) \ + -Wall \ + -Wno-unused-value \ + -Wno-pointer-sign \ + -Wno-compare-distinct-pointer-types \ + -Werror \ ++ $(BPF_CFLAGS) \ + -O2 -emit-llvm -c -g -o ${@:.o=.ll} $< + $(QUIET_LLC)$(LLC) -march=$(BPF_TARGET) -filetype=obj -o $@ ${@:.o=.ll} + diff --git a/package/network/utils/xdp-tools/patches/025-Add-BPF_LDFLAGS-to-allow-overwriting-llc-s-march-arg.patch b/package/network/utils/xdp-tools/patches/025-Add-BPF_LDFLAGS-to-allow-overwriting-llc-s-march-arg.patch new file mode 100644 index 0000000000..d375e1db0c --- /dev/null +++ b/package/network/utils/xdp-tools/patches/025-Add-BPF_LDFLAGS-to-allow-overwriting-llc-s-march-arg.patch @@ -0,0 +1,55 @@ +From 7b00d4a90af1d7bff50833ffe1216cf59592353a Mon Sep 17 00:00:00 2001 +From: Andre Heider <a.heider@gmail.com> +Date: Wed, 18 Jan 2023 22:42:28 +0100 +Subject: [PATCH] Add BPF_LDFLAGS to allow overwriting llc's -march argument + +The argument to clang's -target isn't necessarily the same as to +llc's -march. + +Analogue to BPF_CFLAGS, introduce BPF_LDFLAGS to allow e.g.: +BPF_TARGET="mipsel-linux-gnu" BPF_LDFLAGS="-march=bpfel -mcpu=v3" + +Signed-off-by: Andre Heider <a.heider@gmail.com> +--- + configure | 2 ++ + lib/common.mk | 2 +- + lib/libxdp/Makefile | 2 +- + 3 files changed, 4 insertions(+), 2 deletions(-) + +--- a/configure ++++ b/configure +@@ -17,10 +17,12 @@ check_opts() + : ${DYNAMIC_LIBXDP:=0} + : ${MAX_DISPATCHER_ACTIONS:=10} + : ${BPF_TARGET:=bpf} ++ : ${BPF_LDFLAGS:=-march=$(BPF_TARGET)} + echo "PRODUCTION:=${PRODUCTION}" >>$CONFIG + echo "DYNAMIC_LIBXDP:=${DYNAMIC_LIBXDP}" >>$CONFIG + echo "MAX_DISPATCHER_ACTIONS:=${MAX_DISPATCHER_ACTIONS}" >>$CONFIG + echo "BPF_TARGET:=${BPF_TARGET}" >>$CONFIG ++ echo "BPF_LDFLAGS:=${BPF_LDFLAGS}" >>$CONFIG + } + + find_tool() +--- a/lib/common.mk ++++ b/lib/common.mk +@@ -115,7 +115,7 @@ $(XDP_OBJ): %.o: %.c $(KERN_USER_H) $(EX + -Werror \ + $(BPF_CFLAGS) \ + -O2 -emit-llvm -c -g -o ${@:.o=.ll} $< +- $(QUIET_LLC)$(LLC) -march=$(BPF_TARGET) -filetype=obj -o $@ ${@:.o=.ll} ++ $(QUIET_LLC)$(LLC) $(BPF_LDFLAGS) -filetype=obj -o $@ ${@:.o=.ll} + + .PHONY: man + ifeq ($(EMACS),) +--- a/lib/libxdp/Makefile ++++ b/lib/libxdp/Makefile +@@ -146,7 +146,7 @@ $(XDP_OBJS): %.o: %.c $(BPF_HEADERS) $(L + -Werror \ + $(BPF_CFLAGS) \ + -O2 -emit-llvm -c -g -o ${@:.o=.ll} $< +- $(QUIET_LLC)$(LLC) -march=$(BPF_TARGET) -filetype=obj -o $@ ${@:.o=.ll} ++ $(QUIET_LLC)$(LLC) $(BPF_LDFLAGS) -filetype=obj -o $@ ${@:.o=.ll} + + .PHONY: man + ifeq ($(EMACS),) |