Commit 41ca549f authored by Natanael Copa's avatar Natanael Copa Committed by Ariadne Conill
Browse files

community/miniupnpd: upgrade to 2.2.2 and refactor

- remove the sed stuff
- pass configure opts instead of sed config.h
- don't leak aports' git ref into miniupnpd binary
- add missing test scripts
- refactor init.d script
- generate uuid from post-install
- improve error message when external/internal interface is missing
parent d2012a47
# Contributor: Carlo Landmeter <clandmeter@alpinelinux.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=miniupnpd
pkgver=2.1
pkgrel=2
pkgver=2.2.2
pkgrel=0
pkgdesc="Lightweight UPnP IGD daemon"
url="http://miniupnp.free.fr"
arch="all"
license="BSD-3-Clause"
makedepends="bsd-compat-headers iptables-dev libnfnetlink-dev"
install="$pkgname.post-install"
depends="uuidgen"
makedepends="bsd-compat-headers iptables-dev libnfnetlink-dev openssl-dev"
checkdepends="util-linux-dev"
subpackages="$pkgname-doc $pkgname-openrc"
subpackages="$pkgname-doc $pkgname-openrc
$pkgname-iptables:_fwscripts:noarch
$pkgname-ip6tables:_fwscripts:noarch
"
source="http://miniupnp.free.fr/files/miniupnpd-$pkgver.tar.gz
makefile-glibc.patch
missing-test-scripts.patch
improve-error-message.patch
$pkgname.initd
$pkgname.confd
build-with-linux-kernel-5.0.patch
makefile-check.patch
"
prepare() {
default_prepare
mv Makefile.linux Makefile
sed -i \
-e "s#^CFLAGS = .*-D#CPPFLAGS += -I/usr/include -D#" \
-e '/^CFLAGS :=/s/CFLAGS/CPPFLAGS/g' \
-e "s/CFLAGS += -ansi/#CFLAGS += -ansi/g" \
-e "s/LIBS = -liptc/LIBS = -lip4tc/g" \
-e 's/genuuid||//' \
-e "s/--mode=/-m /g" \
Makefile
sed -i \
-e 's/\(strncpy(\([->a-z.]\+\), "[a-zA-Z]\+", \)IPT_FUNCTION_MAXNAMELEN);/\1sizeof(\2));/' \
netfilter/iptcrdr.c
make config.h
sed -i \
-e 's/\/\*#define ENABLE_LEASEFILE\*\//#define ENABLE_LEASEFILE/g' \
-e 's/\/\*#define ENABLE_IPV6\*\//#define ENABLE_IPV6/g' \
-e 's/\/\*#define IGD_V2\*\//#define IGD_V2/g' \
config.h
}
build() {
make
./configure \
--vendorcfg \
--leasefile \
--ipv6 \
--igd2
make ISGITREPO=""
}
check() {
make check
make check ISGITREPO=""
}
package() {
make PREFIX="$pkgdir/" install
make PREFIX="$pkgdir/" ISGITREPO="" install
install -m755 -D "$srcdir"/$pkgname.initd \
"$pkgdir"/etc/init.d/$pkgname
install -m644 -D "$srcdir"/$pkgname.confd \
"$pkgdir"/etc/conf.d/$pkgname
}
sha512sums="c737faad21bfba1f59346cbe0082d24827f36c0422cfaa5e71180aa9f61e784eb19ea9d6abf2d005f92d4cde106eac8c66ecc88b30421de710f3c129ac15f4ae miniupnpd-2.1.tar.gz
e00fcd1e55620929617d2c4958294461894b10f3d08dcaa4d66fe5c51cf4b2a634dbf8b27d63943a8fdc9fa0e75c169ba615cb30957f16443540ba26d4570750 miniupnpd.initd
81aa2dac0643bbd1331549427c438900319adce91928b6bad6f7d470492f6f48e04e4d1af89f961db53fc132a7ff89ea52625441f051afd5a1b48680917f4ff7 miniupnpd.confd
57319ba5c5bf4be2f7394e047d28f10aec9d49bb474e92ce5ce1d14807de5535e8842d5055f00c0a713082e012a5c26ba5484195c3ff2fe0bca3ccf49e3e33df build-with-linux-kernel-5.0.patch
678024e641483824505dd1a916a48c8392a96317a2eb60c59b2e1fbb436f1a134d8ba50fa974f6072facb4894adffaa52f8400db5c8356f18a40074719eee3c0 makefile-check.patch"
_fwscripts() {
depends=
local _tables=${subpkgname#$pkgname-}
pkgdesc="$_tables scripts for $pkgname"
install_if="$pkgname=$pkgver-r$pkgrel $_tables"
amove /etc/miniupnpd/${_tables}_init.sh \
/etc/miniupnpd/${_tables}_removeall.sh
}
sha512sums="
3cc11ad901e93a9879fe07e35a20f8977df466bb402e0270e46d1dbd0b5dc3b5dc22303467d5022103952d7dd789ac590c17d0fa81fc7ec42676b66223d37ee4 miniupnpd-2.2.2.tar.gz
b8363f4f2dd810a9bdb270c42313be97b9b354d9ee8c7cab94d5ca4dabf5c11c26948031d165688c2d69d8c74d3b20f9c4c3410ae0fad35fa66b32842635312e makefile-glibc.patch
3c1b39d41519126303af97c87240da13c2994d5368f3112d369f9b44c5fde0dfe16f02156e02e8581193e59f14da05f111d314df791ad3d89af9ae98fa876bb7 missing-test-scripts.patch
b9816fd3a974c99a8a8717778c6ca1a748849a1d2dadf5378ca7ca725d893a45c147f2fec759a311ee66f04085c33d7341a9575c23616848bcd3080230023659 improve-error-message.patch
3619d66b5d27369e9ae368f189fc4f4e25a803b460a954f47fd749195755bda8e828fbaa4e04ffc980aa72078f790d41a313c2ab7d0de7d4c284251a577b7a90 miniupnpd.initd
"
diff --git a/netfilter/iptcrdr.c b/netfilter/iptcrdr.c
index 48c6dbb..676d154 100644
--- a/netfilter/iptcrdr.c
+++ b/netfilter/iptcrdr.c
@@ -1116,9 +1116,13 @@ addnatrule(int proto, unsigned short eport,
} else {
match = get_udp_match(eport, 0);
}
- e->nfcache = NFC_IP_DST_PT;
+#ifdef NFC_UNKNOWN
+ e->nfcache = NFC_UNKNOWN;
+#endif
target = get_dnat_target(iaddr, iport);
- e->nfcache |= NFC_UNKNOWN;
+#ifdef NFC_IP_DST_PT
+ e->nfcache |= NFC_IP_DST_PT;
+#endif
tmp = realloc(e, sizeof(struct ipt_entry)
+ match->u.match_size
+ target->u.target_size);
@@ -1186,9 +1190,13 @@ addmasqueraderule(int proto,
} else {
match = get_udp_match(0, iport);
}
- e->nfcache = NFC_IP_DST_PT;
- target = get_masquerade_target(eport);
+#ifdef NFC_UNKNOWN
e->nfcache |= NFC_UNKNOWN;
+#endif
+ target = get_masquerade_target(eport);
+#ifdef NFC_IP_DST_PT
+ e->nfcache |= NFC_IP_DST_PT;
+#endif
tmp = realloc(e, sizeof(struct ipt_entry)
+ match->u.match_size
+ target->u.target_size);
@@ -1266,9 +1274,16 @@ addpeernatrule(int proto,
} else {
match = get_udp_match(rport, iport);
}
- e->nfcache = NFC_IP_DST_PT | NFC_IP_SRC_PT;
- target = get_snat_target(eaddr, eport);
+#ifdef NFC_UNKNOWN
e->nfcache |= NFC_UNKNOWN;
+#endif
+ target = get_snat_target(eaddr, eport);
+#ifdef NFC_IP_DST_PT
+ e->nfcache |= NFC_IP_DST_PT;
+#endif
+#ifdef NFC_IP_SRC_PT
+ e->nfcache |= NFC_IP_SRC_PT;
+#endif
tmp = realloc(e, sizeof(struct ipt_entry)
+ match->u.match_size
+ target->u.target_size);
@@ -1337,9 +1352,16 @@ addpeerdscprule(int proto, unsigned char dscp,
} else {
match = get_udp_match(rport, iport);
}
- e->nfcache = NFC_IP_DST_PT | NFC_IP_SRC_PT;
- target = get_dscp_target(dscp);
+#ifdef NFC_UNKNOWN
e->nfcache |= NFC_UNKNOWN;
+#endif
+ target = get_dscp_target(dscp);
+#ifdef NFC_IP_DST_PT
+ e->nfcache |= NFC_IP_DST_PT;
+#endif
+#ifdef NFC_IP_SRC_PT
+ e->nfcache |= NFC_IP_SRC_PT;
+#endif
tmp = realloc(e, sizeof(struct ipt_entry)
+ match->u.match_size
+ target->u.target_size);
@@ -1420,11 +1442,15 @@ add_filter_rule(int proto, const char * rhost,
} else {
match = get_udp_match(iport,0);
}
- e->nfcache = NFC_IP_DST_PT;
e->ip.dst.s_addr = inet_addr(iaddr);
e->ip.dmsk.s_addr = INADDR_NONE;
- target = get_accept_target();
+#ifdef NFC_UNKNOWN
e->nfcache |= NFC_UNKNOWN;
+#endif
+ target = get_accept_target();
+#ifdef NFC_IP_DST_PT
+ e->nfcache |= NFC_IP_DST_PT;
+#endif
tmp = realloc(e, sizeof(struct ipt_entry)
+ match->u.match_size
+ target->u.target_size);
Upstream: https://github.com/miniupnp/miniupnp/pull/554
diff --git a/miniupnpd.c b/miniupnpd.c
index c24ee3b..529da66 100644
--- a/miniupnpd.c
+++ b/miniupnpd.c
@@ -1760,6 +1760,10 @@ init(int argc, char * * argv, struct runtime_vars * v)
}
if(!ext_if_name || !lan_addrs.lh_first) {
/* bad configuration */
+ if(!ext_if_name)
+ fprintf(stderr, "Error: Option -i missing and ext_ifname is not set in config file\n");
+ if (!lan_addrs.lh_first)
+ fprintf(stderr, "Error: Option -a missing and listening_ip is not set in config file\n");
goto print_usage;
}
diff --git a/Makefile b/Makefile
index fa86bd1..8a78ce8 100644
--- a/Makefile
+++ b/Makefile
@@ -206,12 +206,10 @@ genuuid:
check: validateupnppermissions validategetifaddr validatessdppktgen
-validateupnppermissions: testupnppermissions testupnppermissions.sh
- $(SH) ./testupnppermissions.sh
+validateupnppermissions: testupnppermissions
touch $@
-validategetifaddr: testgetifaddr testgetifaddr.sh
- ./testgetifaddr.sh
+validategetifaddr: testgetifaddr
touch $@
validatessdppktgen: testssdppktgen
diff --git a/Makefile.linux b/Makefile.linux
index e4063ac..6bb1eb6 100644
--- a/Makefile.linux
+++ b/Makefile.linux
@@ -216,12 +216,10 @@ endif
check: validateupnppermissions validategetifaddr validatessdppktgen
-validateupnppermissions: testupnppermissions testupnppermissions.sh
- ./testupnppermissions.sh
+validateupnppermissions: testupnppermissions
touch $@
-validategetifaddr: testgetifaddr testgetifaddr.sh
- ./testgetifaddr.sh
+validategetifaddr: testgetifaddr
touch $@
validatessdppktgen: testssdppktgen
Upstream: https://github.com/miniupnp/miniupnp/pull/553
diff --git a/Makefile.linux b/Makefile.linux
index 8f16886..fc85d50 100644
--- a/Makefile.linux
+++ b/Makefile.linux
@@ -95,6 +95,7 @@ $(info please install uuid-dev package / libuuid)
endif # ($(TEST),1)
endif # ($(TARGET_OPENWRT,)
+ifneq ($(shell --ldd --version | grep GLIBC),)
GLIBC_VERSION := $(shell ldd --version | head -n 1 | sed 's/^.* //')
GLIBC_VERSION_MAJOR = $(shell echo $(GLIBC_VERSION) | cut -f 1 -d . )
GLIBC_VERSION_MINOR = $(shell echo $(GLIBC_VERSION) | cut -f 2 -d . )
@@ -102,6 +103,7 @@ GLIBC_VERSION_MINOR = $(shell echo $(GLIBC_VERSION) | cut -f 2 -d . )
LDLIBS += $(shell if [ $(GLIBC_VERSION_MAJOR) -lt 2 ] \
|| [ \( $(GLIBC_VERSION_MAJOR) -eq 2 \) -a \( $(GLIBC_VERSION_MINOR) -lt 17 \) ] ; \
then echo "-lrt" ; fi )
+endif
TESTUPNPDESCGENOBJS = testupnpdescgen.o upnpdescgen.o
ARGS='-f /etc/miniupnpd/miniupnpd.conf'
#!/sbin/openrc-run
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-misc/miniupnpd/files/miniupnpd-init.d,v 1.3 2011/10/17 12:03:01 gurligebis Exp $
command="/usr/sbin/miniupnpd"
: ${command_args:="${ARGS:--f /etc/miniupnpd/miniupnpd.conf}"}
: ${pidfile:=/var/run/miniupnpd.pid}
depend() {
need net iptables
use minissdpd
need net
use iptables ip6tables minissdpd
}
run_scripts() {
local ret=0 suffix="$1"
if [ -x /etc/miniupnpd/iptables_"$suffix" ]; then
/etc/miniupnpd/iptables_"$suffix" || ret=$?
fi
if [ -x /etc/miniupnpd/ip6tables_"$suffix" ]; then
/etc/miniupnpd/ip6tables_"$suffix" || ret=$?
fi
return $ret
}
start() {
ebegin "Starting miniupnpd"
/etc/miniupnpd/iptables_init.sh
start-stop-daemon --start --pidfile /var/run/miniupnpd.pid --exec /usr/sbin/miniupnpd -- ${ARGS}
eend $?
start_pre() {
run_scripts init.sh
}
stop() {
ebegin "Stopping miniupnpd"
start-stop-daemon --stop --pidfile /var/run/miniupnpd.pid
eend $?
/etc/miniupnpd/iptables_removeall.sh
stop_post() {
run_scripts removeall.sh
}
#!/bin/sh
conf=/etc/miniupnpd/miniupnpd.conf
# generate uuid
if grep -q 'uuid=00000000-0000-0000-0000-000000000000' "$conf"; then
echo "Generating uuid for $conf"
sed -i -e "s/uuid=.*/uuid=$(uuidgen)/" "$conf"
fi
Those test scripts are in git but not in the release tarball.
https://github.com/miniupnp/miniupnp/tree/master/miniupnpd
diff --git a/testgetifaddr.sh b/testgetifaddr.sh
new file mode 100644
index 0000000..7ad56d9
--- /dev/null
+++ b/testgetifaddr.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+# $Id: testgetifaddr.sh,v 1.2 2015/09/22 14:48:09 nanard Exp $
+
+OS=`uname -s`
+case $OS in
+ *BSD | Darwin | SunOS)
+ NS="`which netstat`" || exit 1
+ IFCONFIG="`which ifconfig`" || exit 1
+ EXTIF="`$NS -r -f inet | grep 'default' | awk '{ print $NF }' `" || exit 1
+ EXTIP="`$IFCONFIG $EXTIF | awk '/inet / { print $2 }' `"
+ ;;
+ *)
+ IP="`which ip`" || exit 1
+ EXTIF="`LC_ALL=C $IP -4 route | grep 'default' | sed -e 's/.*dev[[:space:]]*//' -e 's/[[:space:]].*//'`" || exit 1
+ EXTIP="`LC_ALL=C $IP -4 addr show $EXTIF | awk '/inet/ { print $2 }' | cut -d "/" -f 1`"
+ ;;
+esac
+
+#echo "Interface : $EXTIF IP address : $EXTIP"
+RES=`./testgetifaddr $EXTIF | head -n1 | sed 's/Interface .* has IP address \(.*\)\./\1/'` || exit 1
+
+
+if [ "$RES" = "$EXTIP" ] ; then
+ echo "testgetifaddr test OK"
+ exit 0
+else
+ echo "testgetifaddr test FAILED : $EXTIP != $RES"
+ exit 1
+fi
diff --git a/testupnppermissions.sh b/testupnppermissions.sh
new file mode 100644
index 0000000..b7bee35
--- /dev/null
+++ b/testupnppermissions.sh
@@ -0,0 +1,56 @@
+#!/bin/sh
+# $Id: testupnppermissions.sh,v 1.2 2015/09/22 15:12:14 nanard Exp $
+
+RULE_1="allow 1-20000 11.12.13.14/22 1234"
+RULEA_1="allow 1-20000 0b0c0d0e/fffffc00 1234-1234"
+RULEB_1="allow 1-20000 11.12.13.14/255.255.252.0 1234-1234"
+RULE_2="deny 55 21.22.23.24/17 555-559"
+RULEA_2="deny 55-55 15161718/ffff8000 555-559"
+RULEB_2="deny 55-55 21.22.23.24/255.255.128.0 555-559"
+
+i=1
+s=1
+./testupnppermissions "$RULE_1" "$RULE_2" | while read l;
+do
+ if [ -z "$l" ]; then i=$(($i+1)); s=1; else
+ #echo "$i $s : checking '$l'"
+ case $s in
+ 1)
+ val=$(eval echo "\${RULE_$i}")
+ if [ "$i '$val'" != "$l" ] ; then
+ exit $s
+ fi;;
+ 2)
+ val=$(eval echo "\${RULEA_$i}")
+ if [ "Permission read successfully" = "$l" ] ; then
+ s=$(($s+1))
+ elif [ "perm rule added : $val" != "$l" ] ; then
+ exit $s
+ fi;;
+ 3)
+ if [ "Permission read successfully" != "$l" ] ; then
+ exit $s
+ fi;;
+ 4)
+ val=$(eval echo "\${RULEB_$i}")
+ if [ "$val" != "$l" ] ; then
+ exit $s
+ fi;;
+ *)
+ echo "$i $s : $l"
+ exit $s
+ ;;
+ esac
+ s=$(($s+1))
+ fi
+done
+
+# retrieve return status from subshell
+r=$?
+
+if [ $r -eq 0 ] ; then
+ echo "testupnppermissions tests OK"
+else
+ echo "testupnppermissions tests FAILED"
+fi
+exit $r
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment