projects / feed / packages.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 550fa7c)
knot: disable libcap-ng
authorJosef Schlehofer <pepe.schlehofer@gmail.com>
Fri, 22 May 2020 11:59:39 +0000 (13:59 +0200)
committerJosef Schlehofer <pepe.schlehofer@gmail.com>
Sat, 6 Jun 2020 20:30:32 +0000 (22:30 +0200)
Recently, there was added libcap-ng to OpenWrt packages feed,
which is optional for Knot DNS. It enables POSIX 1003.1e capabilities.
This can restrict root (by default it runs as root) permissions and
might harm and as there isn't systemd on OpenWrt it can interfere.

There is an added patch, which introduced an option to disable libcap-ng.
This will be part of the next release.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 41957d6967046277036eb0ec2914f0aed3ea9f14)

net/knot/Makefile patch | blob | history
net/knot/patches/03-configure-allow-to-manually-disable-POSIX-capabiliti.patch [new file with mode: 0644] patch | blob

diff --git a/net/knot/Makefile b/net/knot/Makefile
index 0b09e34a51dca56ecc757d4384133603d1c944ef..79af85b75cb0a04c7fe3a6748017ccbb33976770 100644 (file)
--- a/net/knot/Makefile
+++ b/net/knot/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=knot
 PKG_VERSION:=2.9.3
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://secure.nic.cz/files/knot-dns/
@@ -149,6 +149,7 @@ export KNOT_VERSION_FORMAT=release
 
 CONFIGURE_ARGS +=                      \
        --enable-recvmmsg=no            \
+       --enable-cap-ng=no              \
        --disable-fastparser            \
        --without-libidn                \
        --with-rundir=/var/run/knot     \
diff --git a/net/knot/patches/03-configure-allow-to-manually-disable-POSIX-capabiliti.patch b/net/knot/patches/03-configure-allow-to-manually-disable-POSIX-capabiliti.patch
new file mode 100644 (file)
index 0000000..047dc12
--- /dev/null
+++ b/net/knot/patches/03-configure-allow-to-manually-disable-POSIX-capabiliti.patch
@@ -0,0 +1,39 @@
+From 442633ae37f8a4e1164a2db3ad6b55bc738ba0b2 Mon Sep 17 00:00:00 2001
+From: Daniel Salzman <daniel.salzman@nic.cz>
+Date: Fri, 22 May 2020 12:50:29 +0200
+Subject: [PATCH] configure: allow to manually disable POSIX capabilities
+
+---
+ configure.ac | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 47772799e..a08ca8532 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -554,7 +554,13 @@ AS_IF([test "$enable_utilities" = "yes"], [
+   ])
+ ]) # Knot DNS utilities dependencies
++AC_ARG_ENABLE([cap-ng],
++    AS_HELP_STRING([--enable-cap-ng=auto|no], [enable POSIX capabilities [default=auto]]),
++    [enable_cap_ng="$enableval"], [enable_cap_ng=auto])
++
+ AS_IF([test "$enable_daemon" = "yes"], [
++
++AS_IF([test "$enable_cap_ng" != "no"],[
+   PKG_CHECK_MODULES([cap_ng], [cap-ng], [enable_cap_ng=yes], [
+     enable_cap_ng=no
+     AC_CHECK_HEADER([cap-ng.h], [
+@@ -570,7 +576,7 @@ AS_IF([test "$enable_daemon" = "yes"], [
+ ], [
+   enable_cap_ng=no
+   cap_ng_LIBS=
+-])
++])])
+ AS_IF([test "$enable_cap_ng" = yes],
+   [AC_DEFINE([ENABLE_CAP_NG], [1], [POSIX capabilities available])]
+-- 
+2.17.1
+
Mirror of packages feed