[packages/miniupnpd] - updated to 2.0

qboosh qboosh at pld-linux.org
Sun Apr 16 09:07:56 CEST 2017 

commit 1879faeb20492917a4709cae8bd7da0b20878648
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date:   Sun Apr 16 09:08:07 2017 +0200

    - updated to 2.0

 miniupnpd.conf | 93 +++++++++++++++++++++++++++++++++++++++++++++++-----------
 miniupnpd.spec | 44 ++++++++++++++++++---------
 2 files changed, 106 insertions(+), 31 deletions(-)
---
diff --git a/miniupnpd.spec b/miniupnpd.spec
index 1459e3f..d6cf4ad 100644
--- a/miniupnpd.spec
+++ b/miniupnpd.spec
@@ -1,22 +1,29 @@
+# TODO: handle ip*tables_{init,removeall} in PLD init script? (see bundled one)
 Summary:	Small UPnP Daemon
 Summary(pl.UTF-8):	Mały demon UPnP
 Name:		miniupnpd
-Version:	1.7
-Release:	3
+Version:	2.0
+Release:	1
 License:	BSD
 Group:		Networking/Daemons
 Source0:	http://miniupnp.tuxfamily.org/files/%{name}-%{version}.tar.gz
-# Source0-md5:	5af9e8332d34a7b490d0d2ed3e674196
+# Source0-md5:	1c07a215dd9b362e75a9efc05e2fb3b4
 Source1:	%{name}.init
 Source2:	%{name}.sysconfig
 Source3:	%{name}.conf
 URL:		http://miniupnp.tuxfamily.org/
 BuildRequires:	iptables-devel >= 1.4.3
+BuildRequires:	libmnl-devel >= 1.0.3
+BuildRequires:	libnetfilter_conntrack-devel >= 1.0.2
+BuildRequires:	libuuid-devel
+BuildRequires:	openssl-devel
 BuildRequires:	rpmbuild(macros) >= 1.228
 Requires(post):	libuuid
 Requires(post):	sed >= 4.0
 Requires(post,preun):	/sbin/chkconfig
 Requires:	iptables-libs >= 1.4.3
+Requires:	libmnl >= 1.0.3
+Requires:	libnetfilter_conntrack >= 1.0.2
 BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
 %description
@@ -29,19 +36,24 @@ Mały demon UPnP.
 %setup -q
 
 %build
+CPPFLAGS="%{rpmcppflags}" \
+CFLAGS="%{rpmcflags}" \
+LDFLAGS="%{rpmldflags}" \
 %{__make} -f Makefile.linux -j1 \
-	CC="%{__cc}" \
-	CFLAGS="%{rpmcflags} -fno-strict-aliasing -Wall -D_GNU_SOURCE -DIPTABLES_143" \
-	LIBS="-lip4tc -lip6tc"
+	CC="%{__cc}"
 
 %install
 rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{%{_sbindir},%{_mandir}/man1,/etc/rc.d/init.d,/etc/sysconfig,%{_sysconfdir}/%{name}}
-install miniupnpd $RPM_BUILD_ROOT%{_sbindir}
-cp -p miniupnpd.1 $RPM_BUILD_ROOT%{_mandir}/man1
-install %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
-install %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/%{name}
-install %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}
+
+%{__make} -f Makefile.linux install \
+	DESTDIR=$RPM_BUILD_ROOT \
+	STRIP=:
+
+# replace init script and config file by PLD specific ones
+%{__rm} -r $RPM_BUILD_ROOT/etc/init.d
+install -Dp %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
+install -Dp %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/%{name}
+cp -p %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}
 
 %clean
 rm -rf $RPM_BUILD_ROOT
@@ -49,7 +61,7 @@ rm -rf $RPM_BUILD_ROOT
 %post
 if [ ! -f %{_sysconfdir}/miniupnpd/uuid ]; then
 	echo "Generating UPnP uuid..."
-	umask 066
+	umask 077
 	uuidgen > %{_sysconfdir}/miniupnpd/uuid
 fi
 
@@ -78,4 +90,8 @@ fi
 %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name}
 %dir %{_sysconfdir}/%{name}
 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/%{name}.conf
-%{_mandir}/man1/miniupnpd.1*
+%attr(755,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/ip6tables_init.sh
+%attr(755,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/ip6tables_removeall.sh
+%attr(755,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/iptables_init.sh
+%attr(755,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/iptables_removeall.sh
+%{_mandir}/man8/miniupnpd.8*
diff --git a/miniupnpd.conf b/miniupnpd.conf
index 233bf52..2cd7f4e 100644
--- a/miniupnpd.conf
+++ b/miniupnpd.conf
@@ -1,42 +1,101 @@
 # WAN network interface
 ext_ifname=eth0
-# if the WAN interface has several IP addresses, you
+# If the WAN interface has several IP addresses, you
 # can specify the one to use below
 #ext_ip=
 
-# there can be multiple listening ips for receiving SSDP traffic.
-# the 1st IP is also used for UPnP Soap traffic.
-#
+# LAN network interfaces IPs / networks
+# There can be multiple listening IPs for SSDP traffic, in that case
+# use multiple 'listening_ip=...' lines, one for each network interface.
+# It can be IP address or network interface name (ie. "eth0")
+# It is mandatory to use the network interface name in order to enable IPv6
+# HTTP is available on all interfaces.
 listening_ip=0.0.0.0
-port=5555
+# CAUTION: mixing up WAN and LAN interfaces may introduce security risks!
+# Be sure to assign the correct interfaces to LAN and WAN and consider
+# implementing UPnP permission rules at the bottom of this configuration file
 
-# bitrates reported by daemon in bits per second
-bitrate_up=1000000
-bitrate_down=10000000
+# Port for HTTP (descriptions and SOAP) traffic. Set to 0 for autoselect.
+http_port=0
+# Port for HTTPS. Set to 0 for autoselect (default)
+https_port=0
 
-# default presentation url is http address on port 80
+# Path to the UNIX socket used to communicate with MiniSSDPd
+# If running, MiniSSDPd will manage M-SEARCH answering.
+# default is /var/run/minissdpd.sock
+#minissdpdsocket=/var/run/minissdpd.sock
+
+# Enable NAT-PMP support (default is no)
+#enable_natpmp=yes
+
+# Enable UPNP support (default is yes)
+#enable_upnp=no
+
+# PCP
+# Configure the minimum and maximum lifetime of a port mapping in seconds
+# 120s and 86400s (24h) are suggested values from PCP-base
+#min_lifetime=120
+#max_lifetime=86400
+
+# Chain names for netfilter (not used for pf or ipf).
+# default is MINIUPNPD for both
+#upnp_forward_chain=forwardUPnP
+#upnp_nat_chain=UPnP
+#upnp_nat_postrouting_chain=UPnP-Postrouting
+
+# Lease file location
+#lease_file=/var/log/upnp.leases
+
+# Bitrates reported by daemon in bits per second
+# by default miniupnpd tries to get WAN interface speed
+#bitrate_up=1000000
+#bitrate_down=10000000
+
+# Default presentation URL is HTTP address on port 80
+# If set to an empty string, no presentationURL element will appear
+# in the XML description of the device, which prevents MS Windows
+# from displaying an icon in the "Network Connections" panel.
 #presentation_url=http://www.mylan/index.php
 
-# report system uptime instead of daemon uptime
+# Report system uptime instead of daemon uptime
 system_uptime=yes
 
-# notify interval in seconds default is 30 seconds.
+# Notify interval in seconds. default is 30 seconds.
 notify_interval=240
 
-# uuid : generate your own with "make genuuid"
+# Unused rules cleaning.
+# never remove any rule before this threshold for the number
+# of redirections is exceeded. default to 20
+#clean_ruleset_threshold=10
+# Clean process work interval in seconds. default to 0 (disabled).
+# a 600 seconds (10 minutes) interval makes sense
+clean_ruleset_interval=600
+
+# Log packets in pf (default is no)
+#packet_log=no
+
+# UUID, generate your own UUID with "make genuuid"
 uuid=fc4ec57e-b051-11db-88f8-0060085db3f6
 
-# serial and model number the daemon will report to clients
-# in its XML description
+# Daemon's serial and model number when reporting to clients
+# (in XML description)
 serial=12345678
 model_number=1
 
 # UPnP permission rules
-# (allow|deny) (external port range) ip/mask (internal port range)
+# (allow|deny) (external port range) IP/mask (internal port range)
 # A port range is <min port>-<max port> or <port> if there is only
 # one port in the range.
-# ip/mask format must be nn.nn.nn.nn/nn
+# IP/mask format must be nnn.nnn.nnn.nnn/nn
+# It is advised to only allow redirection of port >= 1024
+# and end the rule set with "deny 0-65535 0.0.0.0/0 0-65535"
+# The following default ruleset allows specific LAN side IP addresses
+# to request only ephemeral ports. It is recommended that users
+# modify the IP ranges to match their own internal networks, and
+# also consider implementing network-specific restrictions
+# CAUTION: failure to enforce any rules may permit insecure requests to be made!
 #allow 1024-65535 192.168.0.0/24 1024-65535
 #allow 1024-65535 192.168.1.0/24 1024-65535
+#allow 1024-65535 192.168.0.0/23 22
+#allow 12345 192.168.7.113/32 54321
 deny 0-65535 0.0.0.0/0 0-65535
-
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/miniupnpd.git/commitdiff/1879faeb20492917a4709cae8bd7da0b20878648

More information about the pld-cvs-commit mailing list