From 0bc25077b37d74065fd107dc9f85fbb11ccba56b Mon Sep 17 00:00:00 2001
From: Josef Schlehofer <pepe.schlehofer@gmail.com>
Date: Fri, 22 Apr 2022 17:19:51 +0200
Subject: [PATCH] Revert "miniupnpd: bump to latest git source"

This was reverted because the commit does more things than just "bump to
latest git source". Also, it was not properly reviewed/tested.

See: https://github.com/openwrt/packages/pull/18133#issuecomment-1106346788

This reverts commit b3b911e99238282a768bce962bc2a271f84229ac.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
---
 net/miniupnpd/Makefile                        | 18 +++----------
 net/miniupnpd/files/miniupnpd.hotplug         |  5 ++--
 net/miniupnpd/files/miniupnpd.init            | 26 +++++--------------
 ...pd-configure-don-t-hardcode-iptables.patch | 25 ++++++++++++++++++
 ...-change-default-chain-rule-to-accept.patch | 13 ----------
 5 files changed, 38 insertions(+), 49 deletions(-)
 create mode 100644 net/miniupnpd/patches/100-miniupnpd-configure-don-t-hardcode-iptables.patch
 delete mode 100644 net/miniupnpd/patches/201-change-default-chain-rule-to-accept.patch

diff --git a/net/miniupnpd/Makefile b/net/miniupnpd/Makefile
index 45950ccc9d..2a1372755e 100644
--- a/net/miniupnpd/Makefile
+++ b/net/miniupnpd/Makefile
@@ -8,15 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=miniupnpd
-PKG_VERSION:=2.3.0
+PKG_VERSION:=2.2.3
 PKG_RELEASE:=$(AUTORELEASE)
 
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://github.com/miniupnp/miniupnp.git
-PKG_SOURCE_DATE:=2022-03-20
-PKG_SOURCE_VERSION:=fda61180e07abd222623e54b9239557bbffbc21d
-PKG_MIRROR_HASH:=f81a5b920f1bddb5673a2455461d4dca20d17138f5488713c5a759f2a64e9f18
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)/miniupnpd
+PKG_SOURCE_URL:=https://miniupnp.tuxfamily.org/files
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_HASH:=f89c310ce9575183af3fec61af65e548f85114133df8caaaa9e204c13b7a9da5
 
 PKG_MAINTAINER:=
 PKG_LICENSE:=BSD-3-Clause
@@ -29,9 +26,6 @@ PKG_BUILD_PARALLEL:=1
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/version.mk
 
-TAR_OPTIONS+= --strip-components 1
-TAR_CMD=$(HOST_TAR) -C $(1)/.. $(TAR_OPTIONS)
-
 define Package/miniupnpd/Default
   SECTION:=net
   CATEGORY:=Network
@@ -115,10 +109,6 @@ endef
 
 define Package/miniupnpd-nftables/install
 	$(call Package/miniupnpd/install/Default,$1)
-	$(INSTALL_DIR) $(1)/usr/share/miniupnpd
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/etc/miniupnpd/miniupnpd_functions.sh $(1)/usr/share/miniupnpd/miniupnpd_functions.sh
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/etc/miniupnpd/nft_init.sh $(1)/usr/share/miniupnpd/nft_init.sh
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/etc/miniupnpd/nft_removeall.sh $(1)/usr/share/miniupnpd/nft_removeall.sh
 endef
 
 $(eval $(call BuildPackage,miniupnpd-iptables))
diff --git a/net/miniupnpd/files/miniupnpd.hotplug b/net/miniupnpd/files/miniupnpd.hotplug
index 607a32bdc6..63d6114b6c 100644
--- a/net/miniupnpd/files/miniupnpd.hotplug
+++ b/net/miniupnpd/files/miniupnpd.hotplug
@@ -13,7 +13,6 @@ tmpconf="/var/etc/miniupnpd.conf"
 external_iface=$(uci -q get upnpd.config.external_iface)
 external_iface6=$(uci -q get upnpd.config.external_iface6)
 external_zone=$(uci -q get upnpd.config.external_zone)
-[ -x "$(command -v nft)" ] && FW="fw4" || FW="fw3"
 
 . /lib/functions/network.sh
 
@@ -21,7 +20,7 @@ if [ -n "$external_iface" ] ; then
 	network_get_device ifname "$external_iface"
 else
 	if [ -n "$external_zone" ] ; then
-		ifname=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
+		ifname=$(fw3 -q zone "$external_zone" 2>/dev/null | head -1)
 	else
 		network_find_wan external_iface && \
 			network_get_device ifname "$external_iface"
@@ -31,7 +30,7 @@ if [ -n "$external_iface6" ] ; then
 	network_get_device ifname6 "$external_iface6"
 else
 	if [ -n "$external_zone" ] ; then
-		ifname6=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
+		ifname6=$(fw3 -q zone "$external_zone" 2>/dev/null | head -1)
 	else
 		network_find_wan6 external_iface6 && \
 			network_get_device ifname6 "$external_iface6"
diff --git a/net/miniupnpd/files/miniupnpd.init b/net/miniupnpd/files/miniupnpd.init
index 1b0466672b..cc13e04407 100644
--- a/net/miniupnpd/files/miniupnpd.init
+++ b/net/miniupnpd/files/miniupnpd.init
@@ -5,8 +5,6 @@ START=94
 STOP=15
 USE_PROCD=1
 PROG=/usr/sbin/miniupnpd
-NFT_SCRIPTS_DIR=/usr/share/miniupnpd
-[ -x "$(command -v nft)" ] && FW="fw4" || FW="fw3"
 
 upnpd_get_port_range() {
 	local var="$1"; shift
@@ -100,7 +98,7 @@ upnpd() {
 		network_get_device ifname "$external_iface"
 	else
 		if [ -n "$external_zone" ] ; then
-			ifname=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
+			ifname=$(fw3 -q zone "$external_zone" 2>/dev/null | head -1)
 		else
 			network_find_wan external_iface && \
 				network_get_device ifname "$external_iface"
@@ -110,7 +108,7 @@ upnpd() {
 		network_get_device ifname6 "$external_iface6"
 	else
 		if [ -n "$external_zone" ] ; then
-			ifname6=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
+			ifname6=$(fw3 -q zone "$external_zone" 2>/dev/null | head -1)
 		else
 			network_find_wan6 external_iface6 && \
 				network_get_device ifname6 "$external_iface6"
@@ -178,12 +176,7 @@ upnpd() {
 
 	if [ -n "$ifname" ]; then
 		# start firewall
-		if [ "Z$FW" = "Zfw4" ]; then
-			$NFT_SCRIPTS_DIR/nft_init.sh 2>/dev/null
-			fw4 reload
-		else
-			iptables -L MINIUPNPD >/dev/null 2>&1 || fw3 reload
-		fi
+		iptables -L MINIUPNPD >/dev/null 2>&1 || fw3 reload
 	else
 		logger -t "upnp daemon" "external interface not found, not starting"
 	fi
@@ -196,16 +189,11 @@ upnpd() {
 }
 
 stop_service() {
-	if [ "Z$FW" = "Zfw4" ]; then
-		$NFT_SCRIPTS_DIR/nft_removeall.sh 2>/dev/null
-		fw4 reload
-	else
-		iptables -t nat -F MINIUPNPD 2>/dev/null
-		iptables -t nat -F MINIUPNPD-POSTROUTING 2>/dev/null
-		iptables -t filter -F MINIUPNPD 2>/dev/null
+	iptables -t nat -F MINIUPNPD 2>/dev/null
+	iptables -t nat -F MINIUPNPD-POSTROUTING 2>/dev/null
+	iptables -t filter -F MINIUPNPD 2>/dev/null
 
-		[ -x /usr/sbin/ip6tables ] && ip6tables -t filter -F MINIUPNPD 2>/dev/null
-	fi
+	[ -x /usr/sbin/ip6tables ] && ip6tables -t filter -F MINIUPNPD 2>/dev/null
 }
 
 start_service() {
diff --git a/net/miniupnpd/patches/100-miniupnpd-configure-don-t-hardcode-iptables.patch b/net/miniupnpd/patches/100-miniupnpd-configure-don-t-hardcode-iptables.patch
new file mode 100644
index 0000000000..c6f24b282c
--- /dev/null
+++ b/net/miniupnpd/patches/100-miniupnpd-configure-don-t-hardcode-iptables.patch
@@ -0,0 +1,25 @@
+From 51a422407b22f0cb7188ea4bfb3867b2bbfcfe68 Mon Sep 17 00:00:00 2001
+From: Stijn Tintel <stijn@linux-ipv6.be>
+Date: Sun, 7 Nov 2021 20:24:29 +0200
+Subject: [PATCH] miniupnpd/configure: don't hardcode iptables
+
+The OpenWrt Makefile that builds miniupnpd passes the firewall argument
+to the configure script, so this is not needed and it is blocking us
+from using nftables instead, which will be the default backend for
+firewall4 to be used in the next OpenWrt stable release.
+
+Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
+---
+ configure | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/configure
++++ b/configure
+@@ -387,7 +387,6 @@ case $OS_NAME in
+ 	OpenWRT)
+ 		OS_URL=http://www.openwrt.org/
+ 		echo "#define USE_IFACEWATCHER 1" >> ${CONFIGFILE}
+-		FW=iptables
+ 		;;
+ 	OpenEmbedded)
+ 		OS_URL=http://www.openembedded.org/
diff --git a/net/miniupnpd/patches/201-change-default-chain-rule-to-accept.patch b/net/miniupnpd/patches/201-change-default-chain-rule-to-accept.patch
deleted file mode 100644
index 2ca00a778c..0000000000
--- a/net/miniupnpd/patches/201-change-default-chain-rule-to-accept.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- a/netfilter_nft/scripts/nft_init.sh
-+++ b/netfilter_nft/scripts/nft_init.sh
-@@ -19,8 +19,8 @@ echo "Creating nftables structure"
- cat > /tmp/miniupnpd.nft <<EOF
- table inet $TABLE {
-     chain forward {
--        type filter hook forward priority 0;
--        policy drop;
-+        type filter hook forward priority -25;
-+        policy accept;
- 
-         # miniupnpd
-         jump $CHAIN
-- 
2.30.2