diff options
Diffstat (limited to 'packages')
| -rw-r--r-- | packages/hostap/Jenkinsfile | 2 | ||||
| -rwxr-xr-x | packages/hostap/build.sh | 9 | ||||
| -rw-r--r-- | packages/hsflowd/Jenkinsfile | 2 | ||||
| -rwxr-xr-x | packages/hsflowd/build.sh | 2 | ||||
| -rwxr-xr-x | packages/linux-kernel/build-accel-ppp.sh | 10 | ||||
| -rw-r--r-- | packages/linux-kernel/patches/accel-ppp/0001-L2TP-Include-Calling-Number-to-Calling-Station-ID-RA.patch | 183 | ||||
| -rw-r--r-- | packages/minisign/.gitignore | 1 | ||||
| -rw-r--r-- | packages/minisign/Jenkinsfile | 31 | ||||
| -rwxr-xr-x | packages/minisign/build-minisign.sh | 33 |
9 files changed, 202 insertions, 71 deletions
diff --git a/packages/hostap/Jenkinsfile b/packages/hostap/Jenkinsfile index 1aeb4521..70c0e71b 100644 --- a/packages/hostap/Jenkinsfile +++ b/packages/hostap/Jenkinsfile @@ -21,7 +21,7 @@ def pkgList = [ ['name': 'wpa', - 'scmCommit': 'debian/2%2.10-10', + 'scmCommit': 'debian/2%2.10-12', 'scmUrl': 'https://salsa.debian.org/debian/wpa', 'buildCmd': '/bin/true'], ['name': 'hostap', diff --git a/packages/hostap/build.sh b/packages/hostap/build.sh index c66bda3d..e69236dd 100755 --- a/packages/hostap/build.sh +++ b/packages/hostap/build.sh @@ -16,9 +16,12 @@ fi echo "I: Copy Debian build instructions" cp -a ${SRC_DEB}/debian ${SRC} -# Preserve Debian's default of allowing TLSv1.0 for compatibility -find ${SRC}/debian/patches -mindepth 1 ! -name allow-tlsv1.patch -delete -echo 'allow-tlsv1.patch' > ${SRC}/debian/patches/series +# Preserve Debian's default of allowing TLSv1.0 and legacy renegotiation for +# compatibility with networks that use legacy crypto +cat > ${SRC}/debian/patches/series << EOF +allow-tlsv1.patch +allow-legacy-renegotiation.patch +EOF # Build Debian package cd ${SRC} diff --git a/packages/hsflowd/Jenkinsfile b/packages/hsflowd/Jenkinsfile index 978e36bb..06bb3c20 100644 --- a/packages/hsflowd/Jenkinsfile +++ b/packages/hsflowd/Jenkinsfile @@ -23,7 +23,7 @@ // and not via a DEB package def pkgList = [ ['name': 'host-sflow', - 'scmCommit': 'v2.0.50-3', + 'scmCommit': 'v2.0.50-4', 'scmUrl': 'https://github.com/sflow/host-sflow.git', 'buildCmd': 'cd ..; ./build.sh'], ] diff --git a/packages/hsflowd/build.sh b/packages/hsflowd/build.sh index 23867f30..0b00c998 100755 --- a/packages/hsflowd/build.sh +++ b/packages/hsflowd/build.sh @@ -17,7 +17,7 @@ sudo apt-get install -y libpcap0.8-dev # Build hsflowd # make deb FEATURES="NFLOG PCAP TCP DOCKER KVM OVS DBUS SYSTEMD DROPMON PSAMPLE DENT CONTAINERD" echo "I: Build VyOS hsflowd Package" -make deb FEATURES="PCAP DROPMON" +make deb FEATURES="PCAP DROPMON DBUS" # hsflowd builds ARM package as aarch64 extension, rename to arm64 for file in *.deb ; do mv $file ${file//aarch64/arm64} || true ; done diff --git a/packages/linux-kernel/build-accel-ppp.sh b/packages/linux-kernel/build-accel-ppp.sh index 01fd7bd8..1685ff8d 100755 --- a/packages/linux-kernel/build-accel-ppp.sh +++ b/packages/linux-kernel/build-accel-ppp.sh @@ -13,6 +13,16 @@ if [ ! -f ${KERNEL_VAR_FILE} ]; then exit 1 fi +PATCH_DIR=${CWD}/patches/accel-ppp +if [ -d $PATCH_DIR ]; then + cd ${ACCEL_SRC} + for patch in $(ls ${PATCH_DIR}) + do + echo "I: Apply patch: ${PATCH_DIR}/${patch}" + patch -p1 < ${PATCH_DIR}/${patch} + done +fi + . ${KERNEL_VAR_FILE} mkdir -p ${ACCEL_SRC}/build cd ${ACCEL_SRC}/build diff --git a/packages/linux-kernel/patches/accel-ppp/0001-L2TP-Include-Calling-Number-to-Calling-Station-ID-RA.patch b/packages/linux-kernel/patches/accel-ppp/0001-L2TP-Include-Calling-Number-to-Calling-Station-ID-RA.patch new file mode 100644 index 00000000..0c3141a0 --- /dev/null +++ b/packages/linux-kernel/patches/accel-ppp/0001-L2TP-Include-Calling-Number-to-Calling-Station-ID-RA.patch @@ -0,0 +1,183 @@ +From 12778d1e9296b6dbf190a80dcf407b24f9821f95 Mon Sep 17 00:00:00 2001 +From: zsdc <taras@vyos.io> +Date: Tue, 4 Apr 2023 11:15:26 +0300 +Subject: [PATCH] L2TP: Include Calling-Number to Calling-Station-ID RADIUS + attribute + +Patch authored by Alexander Serkin from +https://phabricator.accel-ppp.org/T59 +--- + accel-pppd/ctrl/l2tp/l2tp.c | 112 ++++++++++++++++++++++++++++++------ + 1 file changed, 93 insertions(+), 19 deletions(-) + +diff --git a/accel-pppd/ctrl/l2tp/l2tp.c b/accel-pppd/ctrl/l2tp/l2tp.c +index 027d710..c541c60 100644 +--- a/accel-pppd/ctrl/l2tp/l2tp.c ++++ b/accel-pppd/ctrl/l2tp/l2tp.c +@@ -123,6 +123,11 @@ struct l2tp_sess_t + struct l2tp_conn_t *paren_conn; + uint16_t sid; + uint16_t peer_sid; ++/* We will keep l2tp attributes Calling-Number/Called-Number and their length while the session exists */ ++ char *calling_num; ++ int calling_num_len; ++ char *called_num; ++ int called_num_len; + + unsigned int ref_count; + int state1; +@@ -979,6 +984,10 @@ static void __session_destroy(struct l2tp_sess_t *sess) + _free(sess->ctrl.calling_station_id); + if (sess->ctrl.called_station_id) + _free(sess->ctrl.called_station_id); ++ if (sess->calling_num) ++ _free(sess->calling_num); ++ if (sess->called_num) ++ _free(sess->called_num); + + log_session(log_info2, sess, "session destroyed\n"); + +@@ -1771,25 +1780,52 @@ static int l2tp_session_start_data_channel(struct l2tp_sess_t *sess) + sess->ctrl.max_mtu = conf_ppp_max_mtu; + sess->ctrl.mppe = conf_mppe; + +- sess->ctrl.calling_station_id = _malloc(17); +- if (sess->ctrl.calling_station_id == NULL) { +- log_session(log_error, sess, +- "impossible to start data channel:" +- " allocation of calling station ID failed\n"); +- goto err; ++ /* If l2tp calling number avp exists, we use it, otherwise we use lac ip */ ++ if (sess->calling_num != NULL) { ++ sess->ctrl.calling_station_id = _malloc(sess->calling_num_len+1); ++ if (sess->ctrl.calling_station_id == NULL) { ++ log_session(log_error, sess, ++ "impossible to start data channel:" ++ " allocation of calling station ID failed\n"); ++ goto err; ++ }else { ++ strcpy(sess->ctrl.calling_station_id, sess->calling_num); ++ } ++ } else { ++ sess->ctrl.calling_station_id = _malloc(17); ++ if (sess->ctrl.calling_station_id == NULL) { ++ log_session(log_error, sess, ++ "impossible to start data channel:" ++ " allocation of calling station ID failed\n"); ++ goto err; ++ } else { ++ u_inet_ntoa(sess->paren_conn->peer_addr.sin_addr.s_addr, ++ sess->ctrl.calling_station_id); ++ } + } +- u_inet_ntoa(sess->paren_conn->peer_addr.sin_addr.s_addr, +- sess->ctrl.calling_station_id); +- +- sess->ctrl.called_station_id = _malloc(17); +- if (sess->ctrl.called_station_id == NULL) { +- log_session(log_error, sess, +- "impossible to start data channel:" +- " allocation of called station ID failed\n"); +- goto err; ++ /* If l2tp called number avp exists, we use it, otherwise we use my ip */ ++ if (sess->called_num != NULL) { ++ sess->ctrl.called_station_id = _malloc(sess->called_num_len+1); ++ if (sess->ctrl.called_station_id == NULL) { ++ log_session(log_error, sess, ++ "impossible to start data channel:" ++ " allocation of called station ID failed\n"); ++ goto err; ++ } else { ++ strcpy(sess->ctrl.called_station_id, sess->called_num); ++ } ++ } else { ++ sess->ctrl.called_station_id = _malloc(17); ++ if (sess->ctrl.called_station_id == NULL) { ++ log_session(log_error, sess, ++ "impossible to start data channel:" ++ " allocation of called station ID failed\n"); ++ goto err; ++ } else { ++ u_inet_ntoa(sess->paren_conn->host_addr.sin_addr.s_addr, ++ sess->ctrl.called_station_id); ++ } + } +- u_inet_ntoa(sess->paren_conn->host_addr.sin_addr.s_addr, +- sess->ctrl.called_station_id); + + if (conf_ip_pool) { + sess->ppp.ses.ipv4_pool_name = _strdup(conf_ip_pool); +@@ -3295,6 +3331,10 @@ static int l2tp_recv_ICRQ(struct l2tp_conn_t *conn, + uint16_t sid = 0; + uint16_t res = 0; + uint16_t err = 0; ++ uint8_t *calling[254] = {0}; ++ uint8_t *called[254] = {0}; ++ int n = 0; ++ int m = 0; + + if (conn->state != STATE_ESTB && conn->lns_mode) { + log_tunnel(log_warn, conn, "discarding unexpected ICRQ\n"); +@@ -3332,7 +3372,17 @@ static int l2tp_recv_ICRQ(struct l2tp_conn_t *conn, + case Call_Serial_Number: + case Bearer_Type: + case Calling_Number: ++ /* Save Calling-Number L2TP attribute locally */ ++ if (attr->attr->id == Calling_Number) { ++ n = attr->length; ++ memcpy(calling,attr->val.octets,n); ++ } + case Called_Number: ++ /* Save Called-Number L2TP attribute locally */ ++ if (attr->attr->id == Called_Number) { ++ m = attr->length; ++ memcpy(called,attr->val.octets,m); ++ } + case Sub_Address: + case Physical_Channel_ID: + break; +@@ -3371,6 +3421,30 @@ static int l2tp_recv_ICRQ(struct l2tp_conn_t *conn, + sess->peer_sid = peer_sid; + sid = sess->sid; + ++ /* Allocate memory for Calling-Number if exists, and put it to l2tp_sess_t structure */ ++ if (calling != NULL && n > 0) { ++ sess->calling_num = _malloc(n+1); ++ if (sess->calling_num == NULL) { ++ log_tunnel(log_warn, conn, "can't allocate memory for Calling Number attribute. Will use LAC IP instead\n"); ++ }else{ ++ memcpy(sess->calling_num, calling, n); ++ sess->calling_num[n] = '\0'; ++ sess->calling_num_len = n; ++ } ++ } ++ ++ /* Allocate memory for Called-Number if exists, and put it to l2tp_sess_t structure */ ++ if (called != NULL && m > 1) { ++ sess->called_num = _malloc(m+1); ++ if (sess->called_num == NULL) { ++ log_tunnel(log_warn, conn, "can't allocate memory for Called Number attribute. Will use my IP instead\n"); ++ } else { ++ memcpy(sess->called_num, called, m); ++ sess->called_num[m] = '\0'; ++ sess->called_num_len = m; ++ } ++ } ++ + if (unknown_attr) { + log_tunnel(log_error, conn, "impossible to handle ICRQ:" + " unknown mandatory attribute type %i," +@@ -3390,8 +3464,8 @@ static int l2tp_recv_ICRQ(struct l2tp_conn_t *conn, + goto out_reject; + } + +- log_tunnel(log_info1, conn, "new session %hu-%hu created following" +- " reception of ICRQ\n", sid, peer_sid); ++ log_tunnel(log_info1, conn, "new session %hu-%hu with calling num %s len %d, called num %s len %d created following" ++ " reception of ICRQ\n", sid, peer_sid, sess->calling_num, sess->calling_num_len, sess->called_num, sess->called_num_len); + + return 0; + +-- +2.34.1 + diff --git a/packages/minisign/.gitignore b/packages/minisign/.gitignore deleted file mode 100644 index bd3598bf..00000000 --- a/packages/minisign/.gitignore +++ /dev/null @@ -1 +0,0 @@ -minisign/ diff --git a/packages/minisign/Jenkinsfile b/packages/minisign/Jenkinsfile deleted file mode 100644 index bfdff158..00000000 --- a/packages/minisign/Jenkinsfile +++ /dev/null @@ -1,31 +0,0 @@ -// Copyright (C) 2020-2021 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -// NOTE: we can build with -d as the libbpf dependency is installed manually -// and not via a DEB package -def pkgList = [ - ['name': 'minisign', - 'scmCommit': '0.9', - 'scmUrl': 'https://github.com/jedisct1/minisign', - 'buildCmd': 'cd ..; ./build-minisign.sh'], -] -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('minisign', pkgList, null, true, "**/packages/minisign/*") diff --git a/packages/minisign/build-minisign.sh b/packages/minisign/build-minisign.sh deleted file mode 100755 index e6e97ece..00000000 --- a/packages/minisign/build-minisign.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -set -e - -SRC=minisign - -if [ ! -d ${SRC} ]; then - echo "source directory does not exists, please 'git clone'" - exit 1 -fi - -# Build instructions as per https://github.com/jedisct1/minisign/blob/master/README.md -BUILD_DIR="${SRC}/build" -mkdir -p ${BUILD_DIR} -cd ${BUILD_DIR} -cmake .. -make - -# install -mkdir -p usr/bin -cp minisign usr/bin - -fpm --input-type dir --output-type deb --name minisign \ - --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ - --description "A dead simple tool to sign files and verify signatures." \ - --depends libsodium23 --architecture $(dpkg --print-architecture) \ - --version $(git describe --always) --license ISC --deb-compression gz usr - -cp *.deb ${CWD} - -# do not confuse Jenkins by providing multiple minisign deb files -cd ${CWD} -rm -rf ${BUILD_DIR} |