Merge branch 'master' into epel7
This commit is contained in:
commit
4e807cc425
1
.gitignore
vendored
1
.gitignore
vendored
@ -15,3 +15,4 @@
|
|||||||
/python-cjdns-0.1.tar.gz
|
/python-cjdns-0.1.tar.gz
|
||||||
/cjdns-v20.5.tar.gz
|
/cjdns-v20.5.tar.gz
|
||||||
/cjdns-v20.6.tar.gz
|
/cjdns-v20.6.tar.gz
|
||||||
|
/cjdns-v20.7.tar.gz
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
diff -up ./test/Main_fuzz_test.c.fuzz ./test/Main_fuzz_test.c
|
diff -up ./test/Main_fuzz_test.c.fuzz ./test/Main_fuzz_test.c
|
||||||
--- ./test/Main_fuzz_test.c.fuzz 2019-05-08 19:31:34.995364838 -0400
|
--- ./test/Main_fuzz_test.c.fuzz 2020-04-09 14:01:51.000000000 -0400
|
||||||
+++ ./test/Main_fuzz_test.c 2019-05-08 19:31:51.955608910 -0400
|
+++ ./test/Main_fuzz_test.c 2020-04-14 17:17:24.101260879 -0400
|
||||||
@@ -59,8 +59,8 @@ static Iface_DEFUN incomingTun(struct Me
|
@@ -60,8 +60,8 @@ static Iface_DEFUN incomingTun(struct Me
|
||||||
static void notLinkedYet(struct Context* ctx)
|
static void notLinkedYet(struct Context* ctx)
|
||||||
{
|
{
|
||||||
uint64_t now = Time_currentTimeMilliseconds(ctx->base);
|
uint64_t now = Time_currentTimeMilliseconds(ctx->base);
|
||||||
@ -12,3 +12,35 @@ diff -up ./test/Main_fuzz_test.c.fuzz ./test/Main_fuzz_test.c
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
diff -up ./util/test/Seccomp_test.c.fuzz ./util/test/Seccomp_test.c
|
||||||
|
--- ./util/test/Seccomp_test.c.fuzz 2020-04-15 20:21:02.563170274 -0400
|
||||||
|
+++ ./util/test/Seccomp_test.c 2020-04-15 22:32:21.633653339 -0400
|
||||||
|
@@ -61,6 +61,10 @@ static void timeout(void* vNULL)
|
||||||
|
{
|
||||||
|
Assert_true(!"timed out");
|
||||||
|
}
|
||||||
|
+static void timeout2(void* vNULL)
|
||||||
|
+{
|
||||||
|
+ Assert_true(!"time out 2");
|
||||||
|
+}
|
||||||
|
|
||||||
|
static int child(char* pipeName, struct Allocator* alloc, struct Log* logger)
|
||||||
|
{
|
||||||
|
@@ -70,7 +74,7 @@ static int child(char* pipeName, struct
|
||||||
|
pipe->logger = logger;
|
||||||
|
pipe->userData = alloc;
|
||||||
|
|
||||||
|
- Timeout_setTimeout(timeout, eb, 2000, eb, alloc);
|
||||||
|
+ Timeout_setTimeout(timeout, eb, 8000, eb, alloc);
|
||||||
|
EventBase_beginLoop(eb);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
@@ -120,7 +124,7 @@ int main(int argc, char** argv)
|
||||||
|
|
||||||
|
Assert_true(!Process_spawn(path, args, eb, alloc, NULL));
|
||||||
|
|
||||||
|
- Timeout_setTimeout(timeout, NULL, 2000, eb, alloc);
|
||||||
|
+ Timeout_setTimeout(timeout2, NULL, 160000, eb, alloc);
|
||||||
|
|
||||||
|
EventBase_beginLoop(eb);
|
||||||
|
return 0;
|
||||||
|
@ -1,16 +1,16 @@
|
|||||||
diff -up ./client/cjdroute2.c.genconf ./client/cjdroute2.c
|
diff -up ./client/cjdroute2.c.genconf ./client/cjdroute2.c
|
||||||
--- ./client/cjdroute2.c.genconf 2019-05-02 04:02:32.000000000 -0400
|
--- ./client/cjdroute2.c.genconf 2020-06-23 08:37:44.000000000 -0400
|
||||||
+++ ./client/cjdroute2.c 2019-05-08 12:14:53.146838389 -0400
|
+++ ./client/cjdroute2.c 2020-07-01 13:48:09.041257042 -0400
|
||||||
@@ -336,7 +336,7 @@ static int genconf(struct Random* rand,
|
@@ -359,7 +359,7 @@ static int genconf(struct Allocator* all
|
||||||
" // and ETHInterface will be unable to hot-add new interfaces\n"
|
if (Defined(android) || Defined(darwin)) {
|
||||||
" // Use { \"setuser\": 0 } to disable.\n"
|
printf(" { \"setuser\": 0 },\n");
|
||||||
" // Default: enabled with keepNetAdmin\n"
|
} else {
|
||||||
- " { \"setuser\": \"nobody\", \"keepNetAdmin\": 1 },\n"
|
- printf(" { \"setuser\": \"nobody\", \"keepNetAdmin\": 1 },\n");
|
||||||
+ " { \"setuser\": \"cjdns\", \"keepNetAdmin\": 1 },\n"
|
+ printf(" { \"setuser\": \"cjdns\", \"keepNetAdmin\": 1 },\n");
|
||||||
"\n"
|
}
|
||||||
|
printf("\n"
|
||||||
" // Chroot changes the filesystem root directory which cjdns sees, blocking it\n"
|
" // Chroot changes the filesystem root directory which cjdns sees, blocking it\n"
|
||||||
" // from accessing files outside of the chroot sandbox, if the user does not\n"
|
@@ -372,7 +372,7 @@ static int genconf(struct Allocator* all
|
||||||
@@ -348,7 +348,7 @@ static int genconf(struct Random* rand,
|
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
printf(" // Default: enabled (using \"/var/run\")\n"
|
printf(" // Default: enabled (using \"/var/run\")\n"
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
diff -up ./contrib/selinux/cjdns.te.selinux ./contrib/selinux/cjdns.te
|
diff -up ./contrib/selinux/cjdns.te.selinux ./contrib/selinux/cjdns.te
|
||||||
--- ./contrib/selinux/cjdns.te.selinux 2019-05-02 04:02:32.000000000 -0400
|
--- ./contrib/selinux/cjdns.te.selinux 2020-06-23 08:37:44.000000000 -0400
|
||||||
+++ ./contrib/selinux/cjdns.te 2019-08-15 22:23:18.807845457 -0400
|
+++ ./contrib/selinux/cjdns.te 2020-07-01 19:34:24.473531348 -0400
|
||||||
@@ -7,8 +7,9 @@ require {
|
@@ -7,8 +7,9 @@ require {
|
||||||
type port_t;
|
type port_t;
|
||||||
type unreserved_port_t;
|
type unreserved_port_t;
|
||||||
@ -12,7 +12,7 @@ diff -up ./contrib/selinux/cjdns.te.selinux ./contrib/selinux/cjdns.te
|
|||||||
}
|
}
|
||||||
|
|
||||||
type cjdns_t;
|
type cjdns_t;
|
||||||
@@ -17,24 +18,26 @@ init_daemon_domain(cjdns_t,cjdns_exec_t)
|
@@ -17,27 +18,29 @@ init_daemon_domain(cjdns_t,cjdns_exec_t)
|
||||||
|
|
||||||
#============= cjdns_t ==============
|
#============= cjdns_t ==============
|
||||||
# Let master process run further restricted subprocess
|
# Let master process run further restricted subprocess
|
||||||
@ -44,4 +44,8 @@ diff -up ./contrib/selinux/cjdns.te.selinux ./contrib/selinux/cjdns.te
|
|||||||
-
|
-
|
||||||
# management API
|
# management API
|
||||||
allow cjdns_t self:unix_stream_socket connectto;
|
allow cjdns_t self:unix_stream_socket connectto;
|
||||||
allow cjdns_t tmp_t:sock_file { write create unlink };
|
-allow cjdns_t tmp_t:sock_file { write create unlink };
|
||||||
|
+allow cjdns_t tmp_t:sock_file { write create unlink getattr };
|
||||||
|
allow cjdns_t tmp_t:dir { write remove_name add_name };
|
||||||
|
allow cjdns_t urandom_device_t:chr_file { read open };
|
||||||
|
|
||||||
|
48
cjdns.spec
48
cjdns.spec
@ -14,7 +14,11 @@
|
|||||||
%bcond_with libsodium
|
%bcond_with libsodium
|
||||||
# Option to disable SECCOMP: confusing backward logic
|
# Option to disable SECCOMP: confusing backward logic
|
||||||
# Needed to run on openvz and other container systems
|
# Needed to run on openvz and other container systems
|
||||||
|
%ifarch armv7hl
|
||||||
|
%bcond_with seccomp
|
||||||
|
%else
|
||||||
%bcond_without seccomp
|
%bcond_without seccomp
|
||||||
|
%endif
|
||||||
# Option to use system libuv instead of bundled libuv-0.11.19
|
# Option to use system libuv instead of bundled libuv-0.11.19
|
||||||
%bcond_with libuv
|
%bcond_with libuv
|
||||||
# When with_python3 is set, this replaces tools in bin and libexec
|
# When with_python3 is set, this replaces tools in bin and libexec
|
||||||
@ -69,7 +73,7 @@
|
|||||||
%global makeman marked-man
|
%global makeman marked-man
|
||||||
%else
|
%else
|
||||||
%global use_marked 0
|
%global use_marked 0
|
||||||
%global makeman ../../ronn
|
%global makeman pandoc -s -tman
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
# FIXME: Needs dependencies and install www dir someplace reasonable.
|
# FIXME: Needs dependencies and install www dir someplace reasonable.
|
||||||
@ -83,7 +87,7 @@
|
|||||||
|
|
||||||
Name: cjdns
|
Name: cjdns
|
||||||
# major version is cjdns protocol version:
|
# major version is cjdns protocol version:
|
||||||
Version: 20.6
|
Version: 20.7
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: The privacy-friendly network without borders
|
Summary: The privacy-friendly network without borders
|
||||||
# cjdns is all GPLv3 except libuv which is MIT and BSD and ISC
|
# cjdns is all GPLv3 except libuv which is MIT and BSD and ISC
|
||||||
@ -114,10 +118,6 @@ Patch1: cjdns.el6.patch
|
|||||||
#
|
#
|
||||||
# https://lwn.net/Articles/451985/
|
# https://lwn.net/Articles/451985/
|
||||||
#
|
#
|
||||||
# On the 2.6.32 kernel used by EL6, the above causes setuid() to fail.
|
|
||||||
# This patch sets RLIMIT_NPROC to { 1, 1 } instead, which prevents
|
|
||||||
# fork(), but not exec, and calls setgroups() before setuid().
|
|
||||||
Patch2: cjdns.nprocs.patch
|
|
||||||
# Change defaults generated by cjdroute --genconf
|
# Change defaults generated by cjdroute --genconf
|
||||||
Patch4: cjdns.genconf.patch
|
Patch4: cjdns.genconf.patch
|
||||||
# Patch contributed init scripts to put cjdroute in /usr/sbin and
|
# Patch contributed init scripts to put cjdroute in /usr/sbin and
|
||||||
@ -128,7 +128,7 @@ Patch6: cjdns.dyn.patch
|
|||||||
# Patch to use _LINUX_CAPABILITY_3 (cjdns < 18)
|
# Patch to use _LINUX_CAPABILITY_3 (cjdns < 18)
|
||||||
#Patch7: cjdns.cap3.patch
|
#Patch7: cjdns.cap3.patch
|
||||||
# Patch some source files to ignore selected warnings that break gcc6 builds
|
# Patch some source files to ignore selected warnings that break gcc6 builds
|
||||||
Patch8: cjdns.warnings.patch
|
#Patch8: cjdns.warnings.patch
|
||||||
# Man pages
|
# Man pages
|
||||||
Patch9: cjdns.man.patch
|
Patch9: cjdns.man.patch
|
||||||
# Patch some bugs in nodejs tools
|
# Patch some bugs in nodejs tools
|
||||||
@ -152,18 +152,16 @@ Patch12: cjdns.sign.patch
|
|||||||
#Patch17: cjdns.s390x.patch
|
#Patch17: cjdns.s390x.patch
|
||||||
# patch build to use system libuv
|
# patch build to use system libuv
|
||||||
Patch18: cjdns.libuv.patch
|
Patch18: cjdns.libuv.patch
|
||||||
Patch19: cjdns.fuzz.patch
|
#Patch19: cjdns.fuzz.patch
|
||||||
# patch to use /proc/sys/kernel/random/uuid instead of sysctl before 20.4
|
# patch to use /proc/sys/kernel/random/uuid instead of sysctl before 20.4
|
||||||
Patch20: cjdns.sysctl.patch
|
Patch20: cjdns.sysctl.patch
|
||||||
# Patch ronn to stop using deprecated util.puts and util.debug
|
|
||||||
Patch21: cjdns.puts.patch
|
|
||||||
# gcc-10 no longer allows duplicate globals
|
# gcc-10 no longer allows duplicate globals
|
||||||
Patch22: cjdns.gcc10.patch
|
Patch22: cjdns.gcc10.patch
|
||||||
|
|
||||||
%if %{use_marked}
|
%if %{use_marked}
|
||||||
BuildRequires: nodejs, nodejs-marked
|
BuildRequires: nodejs, nodejs-marked
|
||||||
%else
|
%else
|
||||||
BuildRequires: nodejs, nodejs-ronn
|
BuildRequires: nodejs, pandoc
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if 0%{?rhel} == 6
|
%if 0%{?rhel} == 6
|
||||||
@ -205,6 +203,8 @@ Provides: bundled(nacl) = 20110221
|
|||||||
%endif
|
%endif
|
||||||
# build system requires nodejs, unfortunately
|
# build system requires nodejs, unfortunately
|
||||||
ExclusiveArch: %{nodejs_arches}
|
ExclusiveArch: %{nodejs_arches}
|
||||||
|
# Seccomp_test is too slow on koji for this arch
|
||||||
|
#ExcludeArch: armv7hl
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Cjdns implements an encrypted IPv6 network using public-key cryptography for
|
Cjdns implements an encrypted IPv6 network using public-key cryptography for
|
||||||
@ -296,7 +296,6 @@ Python peer graph tools for cjdns.
|
|||||||
%patch1 -b .el6
|
%patch1 -b .el6
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%patch2 -b .nprocs
|
|
||||||
%patch4 -b .genconf
|
%patch4 -b .genconf
|
||||||
%patch5 -b .sbin
|
%patch5 -b .sbin
|
||||||
|
|
||||||
@ -330,7 +329,7 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if !0%{?rhel} || 0%{?rhel} > 6
|
%if !0%{?rhel} || 0%{?rhel} > 6
|
||||||
%patch8 -b .warnings
|
#patch8 -b .warnings
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%patch9 -b .man
|
%patch9 -b .man
|
||||||
@ -344,13 +343,13 @@ fi
|
|||||||
rm -rf node_build/dependencies/libuv
|
rm -rf node_build/dependencies/libuv
|
||||||
%else
|
%else
|
||||||
rm -rf node_build/dependencies/libuv/build/gyp # use system gyp
|
rm -rf node_build/dependencies/libuv/build/gyp # use system gyp
|
||||||
%ifarch s390x
|
%ifarch armv7hl
|
||||||
sed -i -e '/optimizeLevel:/ s/-O0/-O3/' node_build/make.js
|
sed -i -e '/optimizeLevel:/ s/-O0/-O3/' node_build/make.js
|
||||||
%else
|
%else
|
||||||
sed -i -e '/optimizeLevel:/ s/-O0/-O3/' node_build/make.js
|
sed -i -e '/optimizeLevel:/ s/-O0/-O3/' node_build/make.js
|
||||||
%endif
|
%endif
|
||||||
%endif
|
%endif
|
||||||
%patch19 -p1 -b .fuzz
|
#patch19 -p1 -b .fuzz
|
||||||
#patch20 -p1 -b .sysctl
|
#patch20 -p1 -b .sysctl
|
||||||
#patch22 -b .gcc10
|
#patch22 -b .gcc10
|
||||||
|
|
||||||
@ -407,9 +406,9 @@ rm node_build/dependencies/cnacl/node_build/plans/*_AVX_plan.json
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if !%{use_marked}
|
%if !%{use_marked}
|
||||||
cp -r /usr/lib/node_modules/ronn node_modules
|
for i in contrib/doc/*.md; do
|
||||||
%patch21 -p1 -b .puts
|
sed -i -e'1,1 s/^/% /' -e'1,1 s/--/|/' -e'2,2d' $i
|
||||||
ln -s node_modules/ronn/bin/ronn.js ronn
|
done
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
# remove hidden files from node_modules/nthen
|
# remove hidden files from node_modules/nthen
|
||||||
@ -491,8 +490,6 @@ install -p publictoip6 privatetopublic mkpasswd makekeys randombytes sybilsim \
|
|||||||
%{buildroot}%{_libexecdir}/cjdns
|
%{buildroot}%{_libexecdir}/cjdns
|
||||||
rm -f node_modules/nthen/.npmignore
|
rm -f node_modules/nthen/.npmignore
|
||||||
cp -pr tools node_modules %{buildroot}%{_libexecdir}/cjdns
|
cp -pr tools node_modules %{buildroot}%{_libexecdir}/cjdns
|
||||||
# but not local copy of ronn
|
|
||||||
rm -rf %{buildroot}%{_libexecdir}/cjdns/node_modules/ronn
|
|
||||||
|
|
||||||
%if %{with_admin}
|
%if %{with_admin}
|
||||||
rm -f contrib/nodejs/admin/.gitignore
|
rm -f contrib/nodejs/admin/.gitignore
|
||||||
@ -770,6 +767,17 @@ fi
|
|||||||
%{_bindir}/graphStats
|
%{_bindir}/graphStats
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jul 1 2020 Stuart Gathman <stuart@gathman.org> - 20.7-1
|
||||||
|
- New upstream release
|
||||||
|
- Use pandoc for manpages
|
||||||
|
|
||||||
|
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 20.6-3
|
||||||
|
- Rebuilt for Python 3.9
|
||||||
|
- disable patch for nodejs-ronn, now included in Fedora
|
||||||
|
|
||||||
|
* Wed Apr 29 2020 Stuart Gathman <stuart@gathman.org> - 20.6-2
|
||||||
|
- Disable SECCOMP by default for armv7hl instead of excluding arch
|
||||||
|
|
||||||
* Mon Mar 16 2020 Stuart Gathman <stuart@gathman.org> - 20.6-1
|
* Mon Mar 16 2020 Stuart Gathman <stuart@gathman.org> - 20.6-1
|
||||||
- New upstream release
|
- New upstream release
|
||||||
|
|
||||||
|
1
sources
1
sources
@ -2,3 +2,4 @@ SHA512 (cjdns-v20.4.tar.gz) = 5a6bd36b2edd07fa883efa4b14dd8a7ba0189bf43404e27ab6
|
|||||||
SHA512 (python-cjdns-0.1.tar.gz) = f3b7c9afe6bc2f8b0b872cc7fbe9e997657ecf1cbb1f7e8e417099f1265541af919e965be2508a8613f3a2223020ac077473fe48c78f9553dda1a927364bb256
|
SHA512 (python-cjdns-0.1.tar.gz) = f3b7c9afe6bc2f8b0b872cc7fbe9e997657ecf1cbb1f7e8e417099f1265541af919e965be2508a8613f3a2223020ac077473fe48c78f9553dda1a927364bb256
|
||||||
SHA512 (cjdns-v20.5.tar.gz) = 36ae20182b9e9601ae64630cb0fa96caccbe5279be48520ea8b457a15437da5c9b48a5ae5588bd76ef819efe696b5a582a906a50e4dbe7760bb96fa7d1d63ea3
|
SHA512 (cjdns-v20.5.tar.gz) = 36ae20182b9e9601ae64630cb0fa96caccbe5279be48520ea8b457a15437da5c9b48a5ae5588bd76ef819efe696b5a582a906a50e4dbe7760bb96fa7d1d63ea3
|
||||||
SHA512 (cjdns-v20.6.tar.gz) = 34057583f2215899b96f95cc60ba0532aff12834ad2c4b432a6752c811f60ed3d6d33ec82e039b159f090558020faf69c71b373ac33ca9e41b186be0b87c3332
|
SHA512 (cjdns-v20.6.tar.gz) = 34057583f2215899b96f95cc60ba0532aff12834ad2c4b432a6752c811f60ed3d6d33ec82e039b159f090558020faf69c71b373ac33ca9e41b186be0b87c3332
|
||||||
|
SHA512 (cjdns-v20.7.tar.gz) = db103e70e3d9f5e4958dcbeed51df358450f9489b6573f9b9eddc1839ee2051fe5180eede894b465e92915fabcb4cb64ce08a41c06450f14de75943879633f25
|
||||||
|
Loading…
Reference in New Issue
Block a user