Merge branch 'master' into epel7

.gitignore

@@ -15,3 +15,4 @@
 /python-cjdns-0.1.tar.gz
 /cjdns-v20.5.tar.gz
 /cjdns-v20.6.tar.gz
+/cjdns-v20.7.tar.gz

cjdns.fuzz.patch

@@ -1,7 +1,7 @@
 diff -up ./test/Main_fuzz_test.c.fuzz ./test/Main_fuzz_test.c
---- ./test/Main_fuzz_test.c.fuzz	2019-05-08 19:31:34.995364838 -0400
-+++ ./test/Main_fuzz_test.c	2019-05-08 19:31:51.955608910 -0400
-@@ -59,8 +59,8 @@ static Iface_DEFUN incomingTun(struct Me
+--- ./test/Main_fuzz_test.c.fuzz	2020-04-09 14:01:51.000000000 -0400
++++ ./test/Main_fuzz_test.c	2020-04-14 17:17:24.101260879 -0400
+@@ -60,8 +60,8 @@ static Iface_DEFUN incomingTun(struct Me
  static void notLinkedYet(struct Context* ctx)
  {
      uint64_t now = Time_currentTimeMilliseconds(ctx->base);
@@ -12,3 +12,35 @@ diff -up ./test/Main_fuzz_test.c.fuzz ./test/Main_fuzz_test.c
      }
  }
  
+diff -up ./util/test/Seccomp_test.c.fuzz ./util/test/Seccomp_test.c
+--- ./util/test/Seccomp_test.c.fuzz	2020-04-15 20:21:02.563170274 -0400
++++ ./util/test/Seccomp_test.c	2020-04-15 22:32:21.633653339 -0400
+@@ -61,6 +61,10 @@ static void timeout(void* vNULL)
+ {
+     Assert_true(!"timed out");
+ }
++static void timeout2(void* vNULL)
++{
++    Assert_true(!"time out 2");
++}
+ 
+ static int child(char* pipeName, struct Allocator* alloc, struct Log* logger)
+ {
+@@ -70,7 +74,7 @@ static int child(char* pipeName, struct
+     pipe->logger = logger;
+     pipe->userData = alloc;
+ 
+-    Timeout_setTimeout(timeout, eb, 2000, eb, alloc);
++    Timeout_setTimeout(timeout, eb, 8000, eb, alloc);
+     EventBase_beginLoop(eb);
+ 
+     return 0;
+@@ -120,7 +124,7 @@ int main(int argc, char** argv)
+ 
+     Assert_true(!Process_spawn(path, args, eb, alloc, NULL));
+ 
+-    Timeout_setTimeout(timeout, NULL, 2000, eb, alloc);
++    Timeout_setTimeout(timeout2, NULL, 160000, eb, alloc);
+ 
+     EventBase_beginLoop(eb);
+     return 0;

cjdns.genconf.patch

@@ -1,16 +1,16 @@
 diff -up ./client/cjdroute2.c.genconf ./client/cjdroute2.c
---- ./client/cjdroute2.c.genconf	2019-05-02 04:02:32.000000000 -0400
-+++ ./client/cjdroute2.c	2019-05-08 12:14:53.146838389 -0400
-@@ -336,7 +336,7 @@ static int genconf(struct Random* rand,
-            "        // and ETHInterface will be unable to hot-add new interfaces\n"
-            "        // Use { \"setuser\": 0 } to disable.\n"
-            "        // Default: enabled with keepNetAdmin\n"
--           "        { \"setuser\": \"nobody\", \"keepNetAdmin\": 1 },\n"
-+           "        { \"setuser\": \"cjdns\", \"keepNetAdmin\": 1 },\n"
-            "\n"
+--- ./client/cjdroute2.c.genconf	2020-06-23 08:37:44.000000000 -0400
++++ ./client/cjdroute2.c	2020-07-01 13:48:09.041257042 -0400
+@@ -359,7 +359,7 @@ static int genconf(struct Allocator* all
+            if (Defined(android) || Defined(darwin)) {
+     printf("        { \"setuser\": 0 },\n");
+            } else {
+-    printf("        { \"setuser\": \"nobody\", \"keepNetAdmin\": 1 },\n");
++    printf("        { \"setuser\": \"cjdns\", \"keepNetAdmin\": 1 },\n");
+            }
+     printf("\n"
             "        // Chroot changes the filesystem root directory which cjdns sees, blocking it\n"
-            "        // from accessing files outside of the chroot sandbox, if the user does not\n"
-@@ -348,7 +348,7 @@ static int genconf(struct Random* rand,
+@@ -372,7 +372,7 @@ static int genconf(struct Allocator* all
            }
            else {
      printf("        // Default: enabled (using \"/var/run\")\n"

cjdns.selinux.patch

@@ -1,6 +1,6 @@
 diff -up ./contrib/selinux/cjdns.te.selinux ./contrib/selinux/cjdns.te
---- ./contrib/selinux/cjdns.te.selinux	2019-05-02 04:02:32.000000000 -0400
-+++ ./contrib/selinux/cjdns.te	2019-08-15 22:23:18.807845457 -0400
+--- ./contrib/selinux/cjdns.te.selinux	2020-06-23 08:37:44.000000000 -0400
++++ ./contrib/selinux/cjdns.te	2020-07-01 19:34:24.473531348 -0400
 @@ -7,8 +7,9 @@ require {
  	type port_t;
  	type unreserved_port_t;
@@ -12,7 +12,7 @@ diff -up ./contrib/selinux/cjdns.te.selinux ./contrib/selinux/cjdns.te
  }
  
  type cjdns_t;
-@@ -17,24 +18,26 @@ init_daemon_domain(cjdns_t,cjdns_exec_t)
+@@ -17,27 +18,29 @@ init_daemon_domain(cjdns_t,cjdns_exec_t)
  
  #============= cjdns_t ==============
  # Let master process run further restricted subprocess
@@ -44,4 +44,8 @@ diff -up ./contrib/selinux/cjdns.te.selinux ./contrib/selinux/cjdns.te
 -
  # management API
  allow cjdns_t self:unix_stream_socket connectto;
- allow cjdns_t tmp_t:sock_file { write create unlink };
+-allow cjdns_t tmp_t:sock_file { write create unlink };
++allow cjdns_t tmp_t:sock_file { write create unlink getattr };
+ allow cjdns_t tmp_t:dir { write remove_name add_name };
+ allow cjdns_t urandom_device_t:chr_file { read open };
+ 

cjdns.spec

@@ -14,7 +14,11 @@
 %bcond_with libsodium
 # Option to disable SECCOMP: confusing backward logic
 # Needed to run on openvz and other container systems
+%ifarch armv7hl
+%bcond_with seccomp
+%else
 %bcond_without seccomp
+%endif
 # Option to use system libuv instead of bundled libuv-0.11.19
 %bcond_with libuv
 # When with_python3 is set, this replaces tools in bin and libexec
@@ -69,7 +73,7 @@
 %global makeman marked-man
 %else
 %global use_marked 0
-%global makeman ../../ronn
+%global makeman pandoc -s -tman
 %endif
 
 # FIXME: Needs dependencies and install www dir someplace reasonable.
@@ -83,7 +87,7 @@
 
 Name:           cjdns
 # major version is cjdns protocol version:
-Version:        20.6
+Version:        20.7
 Release:        1%{?dist}
 Summary:        The privacy-friendly network without borders
 # cjdns is all GPLv3 except libuv which is MIT and BSD and ISC
@@ -114,10 +118,6 @@ Patch1: cjdns.el6.patch
 #
 # https://lwn.net/Articles/451985/
 # 
-# On the 2.6.32 kernel used by EL6, the above causes setuid() to fail.
-# This patch sets RLIMIT_NPROC to { 1, 1 } instead, which prevents
-# fork(), but not exec, and calls setgroups() before setuid().
-Patch2:  cjdns.nprocs.patch
 # Change defaults generated by cjdroute --genconf
 Patch4:  cjdns.genconf.patch
 # Patch contributed init scripts to put cjdroute in /usr/sbin and
@@ -128,7 +128,7 @@ Patch6:  cjdns.dyn.patch
 # Patch to use _LINUX_CAPABILITY_3 (cjdns < 18)
 #Patch7:  cjdns.cap3.patch
 # Patch some source files to ignore selected warnings that break gcc6 builds
-Patch8:  cjdns.warnings.patch
+#Patch8:  cjdns.warnings.patch
 # Man pages
 Patch9:  cjdns.man.patch
 # Patch some bugs in nodejs tools
@@ -152,18 +152,16 @@ Patch12: cjdns.sign.patch
 #Patch17: cjdns.s390x.patch
 # patch build to use system libuv
 Patch18: cjdns.libuv.patch
-Patch19: cjdns.fuzz.patch
+#Patch19: cjdns.fuzz.patch
 # patch to use /proc/sys/kernel/random/uuid instead of sysctl before 20.4
 Patch20: cjdns.sysctl.patch
-# Patch ronn to stop using deprecated util.puts and util.debug
-Patch21: cjdns.puts.patch
 # gcc-10 no longer allows duplicate globals
 Patch22: cjdns.gcc10.patch
 
 %if %{use_marked}
 BuildRequires:  nodejs, nodejs-marked
 %else
-BuildRequires:  nodejs, nodejs-ronn
+BuildRequires:  nodejs, pandoc
 %endif
 
 %if 0%{?rhel} == 6 
@@ -205,6 +203,8 @@ Provides: bundled(nacl) = 20110221
 %endif
 # build system requires nodejs, unfortunately
 ExclusiveArch: %{nodejs_arches}
+# Seccomp_test is too slow on koji for this arch
+#ExcludeArch: armv7hl
 
 %description
 Cjdns implements an encrypted IPv6 network using public-key cryptography for
@@ -296,7 +296,6 @@ Python peer graph tools for cjdns.
 %patch1 -b .el6
 %endif
 
-%patch2 -b .nprocs
 %patch4 -b .genconf
 %patch5 -b .sbin
 
@@ -330,7 +329,7 @@ fi
 %endif
 
 %if !0%{?rhel} || 0%{?rhel} > 6
-%patch8 -b .warnings
+#patch8 -b .warnings
 %endif
 
 %patch9 -b .man
@@ -344,13 +343,13 @@ fi
 rm -rf node_build/dependencies/libuv
 %else
 rm -rf node_build/dependencies/libuv/build/gyp # use system gyp
-%ifarch s390x
+%ifarch armv7hl
 sed -i -e '/optimizeLevel:/ s/-O0/-O3/' node_build/make.js
 %else
 sed -i -e '/optimizeLevel:/ s/-O0/-O3/' node_build/make.js
 %endif
 %endif
-%patch19 -p1 -b .fuzz
+#patch19 -p1 -b .fuzz
 #patch20 -p1 -b .sysctl
 #patch22 -b .gcc10
 
@@ -407,9 +406,9 @@ rm node_build/dependencies/cnacl/node_build/plans/*_AVX_plan.json
 %endif
 
 %if !%{use_marked}
-cp -r /usr/lib/node_modules/ronn node_modules
-%patch21 -p1 -b .puts
-ln -s node_modules/ronn/bin/ronn.js ronn
+for i in contrib/doc/*.md; do
+  sed -i -e'1,1 s/^/% /' -e'1,1 s/--/|/' -e'2,2d' $i
+done
 %endif
 
 # remove hidden files from node_modules/nthen
@@ -491,8 +490,6 @@ install -p publictoip6 privatetopublic mkpasswd makekeys randombytes sybilsim \
         %{buildroot}%{_libexecdir}/cjdns
 rm -f node_modules/nthen/.npmignore
 cp -pr tools node_modules %{buildroot}%{_libexecdir}/cjdns
-# but not local copy of ronn
-rm -rf %{buildroot}%{_libexecdir}/cjdns/node_modules/ronn
 
 %if %{with_admin}
 rm -f contrib/nodejs/admin/.gitignore
@@ -770,6 +767,17 @@ fi
 %{_bindir}/graphStats
 
 %changelog
+* Wed Jul  1 2020 Stuart Gathman <stuart@gathman.org> - 20.7-1
+- New upstream release
+- Use pandoc for manpages
+
+* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 20.6-3
+- Rebuilt for Python 3.9
+- disable patch for nodejs-ronn, now included in Fedora
+
+* Wed Apr 29 2020 Stuart Gathman <stuart@gathman.org> - 20.6-2
+- Disable SECCOMP by default for armv7hl instead of excluding arch
+
 * Mon Mar 16 2020 Stuart Gathman <stuart@gathman.org> - 20.6-1
 - New upstream release
 

sources

@@ -2,3 +2,4 @@ SHA512 (cjdns-v20.4.tar.gz) = 5a6bd36b2edd07fa883efa4b14dd8a7ba0189bf43404e27ab6
 SHA512 (python-cjdns-0.1.tar.gz) = f3b7c9afe6bc2f8b0b872cc7fbe9e997657ecf1cbb1f7e8e417099f1265541af919e965be2508a8613f3a2223020ac077473fe48c78f9553dda1a927364bb256
 SHA512 (cjdns-v20.5.tar.gz) = 36ae20182b9e9601ae64630cb0fa96caccbe5279be48520ea8b457a15437da5c9b48a5ae5588bd76ef819efe696b5a582a906a50e4dbe7760bb96fa7d1d63ea3
 SHA512 (cjdns-v20.6.tar.gz) = 34057583f2215899b96f95cc60ba0532aff12834ad2c4b432a6752c811f60ed3d6d33ec82e039b159f090558020faf69c71b373ac33ca9e41b186be0b87c3332
+SHA512 (cjdns-v20.7.tar.gz) = db103e70e3d9f5e4958dcbeed51df358450f9489b6573f9b9eddc1839ee2051fe5180eede894b465e92915fabcb4cb64ce08a41c06450f14de75943879633f25