--- /dev/null
+# Copyright (C) 2018 OpenWrt
+#
+# Ideas used from the backuppc packaging in Debian GNU/Linux
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=backuppc
+PKG_VERSION:=3.3.2
+PKG_RELEASE:=1
+
+PKG_SOURCE:=BackupPC-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=@SF/backuppc
+PKG_HASH:=fbade2c8d8039297e826a75d2c39d5ac9a6f66e0c84c0cf8c4cef0bcf64d2152
+PKG_BUILD_DIR:=$(BUILD_DIR)/BackupPC-$(PKG_VERSION)
+
+PKG_MAINTAINER:=Carsten Wolff <carsten@wolffcarsten.de>
+PKG_LICENSE:=GPL-2.0-or-later
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/backuppc
+ SECTION:=admin
+ CATEGORY:=Administration
+ TITLE:=high-performance, enterprise-grade system for backing up PCs
+ URL:=https://sourceforge.net/projects/backuppc/
+ DEPENDS:=+perl +perl-www +perl-cgi +perlbase-digest +perlbase-compress +perlbase-archive +perlbase-data +perlbase-storable +perlbase-getopt +perl-file-rsyncp +openssh-client +tar +bzip2 +samba36-client +rsync +iputils-ping
+endef
+
+define Package/backuppc/description
+ BackupPC is a disk based backup system featuring a clever pooling scheme and
+ compression to minimize disk storage and disk I/O. It can use SMB, rsync or tar
+ to access the clients without any additional client software and offers a
+ powerful http/cgi user interface.
+endef
+
+define Build/Configure
+ true
+endef
+
+define Build/Compile
+ $(TARGET_CC) $(TARGET_CFLAGS) $(TARGET_CPPFLAGS) $(TARGET_LDFLAGS) -Wall -o $(PKG_BUILD_DIR)/BackupPC_Admin ./files/setuidwrapper.c
+endef
+
+define Package/backuppc/install
+ $(INSTALL_DIR) $(strip $(1))/etc/init.d
+ $(INSTALL_BIN) ./files/backuppc.init $(strip $(1))/etc/init.d/backuppc
+ cd $(PKG_BUILD_DIR) && ./configure.pl --batch --html-dir-url=/backuppc/ \
+ --html-dir=/www/backuppc/ --cgi-dir=/www/cgi-bin/ --no-fhs --uid-ignore \
+ --dest-dir=$(strip $(1)) --install-dir /usr/share/backuppc \
+ --hostname=XXXXXX --data-dir=/data/backuppc --log-dir=/data/backuppc/log \
+ --bin-path perl=/usr/bin/perl --bin-path tar=/bin/tar \
+ --bin-path smbclient=/usr/sbin/smbclient --bin-path nmblookup=/usr/sbin/nmblookup \
+ --bin-path rsync=/usr/bin/rsync --bin-path ping=/usr/bin/ping --bin-path df=/bin/df \
+ --bin-path ssh=/usr/bin/ssh --bin-path gzip=/bin/gzip \
+ --bin-path sendmail=/usr/sbin/sendmail --bin-path bzip2=/usr/bin/bzip2
+ $(INSTALL_DIR) $(strip $(1))/usr/share/backuppc/conf
+ chmod 755 $(strip $(1))/data
+ mv $(strip $(1))/data/backuppc/conf/config.pl $(strip $(1))/usr/share/backuppc/conf/config.pl
+ patch --no-backup-if-mismatch $(strip $(1))/usr/share/backuppc/conf/config.pl ./files/fixup-config-pl.patch
+ mv $(strip $(1))/www/cgi-bin/BackupPC_Admin $(strip $(1))/usr/share/backuppc/bin/BackupPC_Admin_real
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/BackupPC_Admin $(strip $(1))/www/cgi-bin/BackupPC_Admin
+ $(INSTALL_DIR) $(strip $(1))/lib/upgrade/keep.d
+ $(INSTALL_DATA) files/backuppc.upgrade $(strip $(1))/lib/upgrade/keep.d/backuppc
+endef
+
+$(eval $(call BuildPackage,backuppc))
--- /dev/null
+#!/bin/sh /etc/rc.common
+
+. /lib/functions.sh
+
+START=95
+STOP=10
+
+USE_PROCD=1
+BACKUPPC_BIN="/usr/share/backuppc/bin/BackupPC"
+BACKUPPC_USER=backuppc
+
+# it would be better if it was possible to do this at install time, but we
+# can't, because in case of an openwrt image bundled with backuppc, all
+# ownerships other than root are lost.
+preconfigure() {
+ # create backuppc group and user if needed
+ if ! group_exists backuppc; then
+ group_add backuppc 864
+ fi
+ if ! user_exists backuppc; then
+ user_add backuppc 864 864 "BackupPC user" /data/backuppc /bin/sh
+ fi
+ # install default config if none exists, yet
+ if [ ! -e /data/backuppc/conf/config.pl ]; then
+ cp /usr/share/backuppc/conf/config.pl /data/backuppc/conf/config.pl
+ fi
+ # ensure proper ownerships and rights
+ chown backuppc:backuppc /data/backuppc /data/backuppc/* \
+ /www/cgi-bin/BackupPC_Admin
+ chmod 750 /data/backuppc /data/backuppc/*
+ chmod 755 /usr/share/backuppc/bin/BackupPC_Admin_real
+ # The CGI needs to be world-executable, because uhttpd-cgi.c:386 checks
+ # for exactly that. We don't want that, but can't avoid it, currently.
+ chmod 6751 /www/cgi-bin/BackupPC_Admin
+ chown -R :backuppc /data/backuppc/conf
+ chmod 2770 /data/backuppc/conf
+ # protect webinterface with a random password by default
+ if [ -x /usr/sbin/uhttpd ] && ! grep -q backuppc /etc/httpd.conf >/dev/null 2>&1; then
+ PASS=$(perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..8)')
+ PASSHASH=$(/usr/sbin/uhttpd -m "${PASS}")
+ echo "/cgi-bin/BackupPC_Admin:backuppc:${PASSHASH}" >> /etc/httpd.conf
+ uci set uhttpd.main.config=/etc/httpd.conf
+ /etc/init.d/uhttpd restart
+ # inform user
+ echo
+ echo "To protect access to the backuppc web interface, HTTP basic authentication in"
+ echo "uhttpd for http://$(/sbin/uci get "system.@system[0].hostname")/cgi-bin/BackupPC_Admin has been configured:"
+ echo "user: backuppc"
+ echo "pass: ${PASS}"
+ echo
+ echo "It is also recommended to follow the steps in"
+ echo "https://wiki.openwrt.org/doc/uci/uhttpd#securing_uhttpd"
+ echo "to secure access to uhttpd."
+ fi
+}
+
+start_service() {
+ # don't run preconfigure steps if called during image build
+ if [ -z "${IPKG_INSTROOT}" ]; then
+ preconfigure
+ fi
+ procd_open_instance
+ procd_set_param user $BACKUPPC_USER
+ procd_set_param reload_signal 1
+ procd_set_param command $BACKUPPC_BIN
+}
--- /dev/null
+/etc/httpd.conf
+/data/backuppc/conf/
--- /dev/null
+--- config.pl 2018-03-11 09:30:28.000000000 +0100
++++ config.pl.new 2018-04-05 08:40:29.180000000 +0200
+@@ -41,7 +41,10 @@
+ #
+ # Host name on which the BackupPC server is running.
+ #
+-$Conf{ServerHost} = 'XXXXXX';
++$ENV{'PATH'} = '/bin:/usr/bin';
++delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
++$Conf{ServerHost} = $ENV{'HOSTNAME'};
++chomp($Conf{ServerHost});
+
+ #
+ # TCP port number on which the BackupPC server listens for and accepts
+@@ -223,7 +226,7 @@
+ #
+ # Full path to various commands for archiving
+ #
+-$Conf{SplitPath} = '/usr/bin/split';
++$Conf{SplitPath} = '/usr/bin/split' if ( -x '/usr/bin/split' );
+ $Conf{ParPath} = '';
+ $Conf{CatPath} = '/bin/cat';
+ $Conf{GzipPath} = '/bin/gzip';
+@@ -1572,7 +1575,7 @@
+ # Full path for ssh. Security caution: normal users should not
+ # allowed to write to this file or directory.
+ #
+-$Conf{SshPath} = '/usr/bin/ssh';
++$Conf{SshPath} = '/usr/bin/ssh' if ( -x '/usr/bin/ssh' );
+
+ #
+ # Full path for nmblookup. Security caution: normal users should not
+@@ -1874,7 +1877,7 @@
+ # Full path to the sendmail command. Security caution: normal users
+ # should not allowed to write to this file or directory.
+ #
+-$Conf{SendmailPath} = '/usr/sbin/sendmail';
++$Conf{SendmailPath} = '/usr/sbin/sendmail' if ( -x '/usr/sbin/sendmail' );
+
+ #
+ # Minimum period between consecutive emails to a single user.
+@@ -2028,13 +2031,13 @@
+ # $Conf{CgiAdminUsers} = 'craig celia';
+ # --> administrative users are only craig and celia'.
+ #
+-$Conf{CgiAdminUserGroup} = '';
+-$Conf{CgiAdminUsers} = '';
++$Conf{CgiAdminUserGroup} = 'backuppc';
++$Conf{CgiAdminUsers} = 'backuppc';
+
+ #
+ # URL of the BackupPC_Admin CGI script. Used for email messages.
+ #
+-$Conf{CgiURL} = 'http://XXXXXX/cgi-bin//BackupPC_Admin';
++$Conf{CgiURL} = 'http://' . $Conf{ServerHost} . '/cgi-bin//BackupPC_Admin';
+
+ #
+ # Language to use. See lib/BackupPC/Lang for the list of supported
+@@ -2076,7 +2079,7 @@
+ # dates (MM/DD), a value of 2 uses full YYYY-MM-DD format, and zero
+ # for international dates (DD/MM).
+ #
+-$Conf{CgiDateFormatMMDD} = 1;
++$Conf{CgiDateFormatMMDD} = 2;
+
+ #
+ # If set, the complete list of hosts appears in the left navigation
--- /dev/null
+#include <unistd.h>
+
+int main(int argc, char* argv[])
+{
+ execv("/usr/share/backuppc/bin/BackupPC_Admin_real", argv);
+ return 0;
+}
+
--- /dev/null
+--- a/bin/BackupPC_archive 2017-01-26 02:31:24.000000000 +0100
++++ b/bin/BackupPC_archive 2018-04-05 21:11:14.428000000 +0200
+@@ -299,7 +299,7 @@
+ if ( $NeedPostCmd ) {
+ UserCommandRun("ArchivePostUserCmd");
+ if ( $? && $Conf{UserCmdCheckStatus} ) {
+- $stat{hostError} = "RestorePreUserCmd returned error status $?";
++ $stat{hostError} = "ArchivePostUserCmd returned error status $?";
+ $stat{xferOK} = 0;
+ }
+ }
+--- a/bin/BackupPC_dump 2017-01-26 02:31:24.000000000 +0100
++++ b/bin/BackupPC_dump 2018-04-05 21:12:23.640000000 +0200
+@@ -1067,7 +1067,7 @@
+ # Send ALRMs to BackupPC_tarExtract if we are using it
+ #
+ if ( $tarPid > 0 ) {
+- kill($bpc->sigName2num("ARLM"), $tarPid);
++ kill($bpc->sigName2num("ALRM"), $tarPid);
+ }
+
+ #
+--- a/configure.pl 2017-01-26 02:31:24.000000000 +0100
++++ b/configure.pl 2018-04-05 21:39:24.668000000 +0200
+@@ -333,7 +333,10 @@
+ $Conf{BackupPCUser} || "backuppc",
+ "backuppc-user");
+ if ( $opts{"set-perms"} ) {
+- ($name, $passwd, $Uid, $Gid) = getpwnam($Conf{BackupPCUser});
++ #($name, $passwd, $Uid, $Gid) = getpwnam($Conf{BackupPCUser});
++ $name = 'backuppc';
++ $Uid=`id -u`;
++ $Gid=`id -g`;
+ last if ( $name ne "" );
+ print <<EOF;
+
+@@ -800,6 +803,7 @@
+ #
+ # Figure out sensible arguments for the ping command
+ #
++$Conf{PingArgs} = '-c 1 $host';
+ if ( defined($Conf{PingArgs}) ) {
+ $Conf{PingCmd} = '$pingPath ' . $Conf{PingArgs};
+ } elsif ( !defined($Conf{PingCmd}) ) {
+--- a/lib/BackupPC/CGI/View.pm 2017-01-26 02:31:24.000000000 +0100
++++ b/lib/BackupPC/CGI/View.pm 2018-04-05 21:46:22.664000000 +0200
+@@ -46,7 +46,7 @@
+ my $compress = 0;
+ my $fh;
+ my $host = $In{host};
+- my $num = $In{num};
++ my $num = ${EscHTML($In{num})};
+ my $type = $In{type};
+ my $linkHosts = 0;
+ my($file, $comment);
+@@ -136,6 +136,10 @@
+ }
+ $s =~ s/[\n\r]+//g;
+ if ( $s =~ /smb: \\>/
++ || $s =~ /^tar:\d+\s/
++ || $s =~ /^ NTLMSSP_/
++ || $s =~ /^GENSEC backend /
++ || $s =~ /^doing parameter /
+ || $s =~ /^\s*(\d+) \(\s*\d+\.\d kb\/s\) (.*)$/
+ || $s =~ /^tar: dumped \d+ files/
+ || $s =~ /^\s*added interface/i
+--- a/lib/BackupPC/Lib.pm 2017-01-26 02:31:24.000000000 +0100
++++ b/lib/BackupPC/Lib.pm 2018-04-05 21:48:38.048000000 +0200
+@@ -512,7 +512,8 @@
+ }
+ if ( $IODirentOk ) {
+ @entries = sort({ $a->{inode} <=> $b->{inode} } readdirent($fh));
+- map { $_->{type} = 0 + $_->{type} } @entries; # make type numeric
++ #map { $_->{type} = 0 + $_->{type} } @entries; # make type numeric
++ map { $_->{type} = 0 + $_->{type}; $_->{type} = undef if ($_->{type} eq BPC_DT_UNKNOWN); } @entries; # make type numeric, unset unknown types
+ } else {
+ @entries = map { { name => $_} } readdir($fh);
+ }
+--- a/lib/BackupPC/Xfer/Smb.pm 2017-01-26 02:31:24.000000000 +0100
++++ b/lib/BackupPC/Xfer/Smb.pm 2018-04-05 21:57:16.616000000 +0200
+@@ -219,7 +219,7 @@
+ #
+ # MAKSYM 14082016: The next regex will never match on Samba-4.3, as
+ # smbclient doesn't produce output required; keeping it for older Sambas
+- if ( /^\s*(-?\d+) \(\s*\d+[.,]\d kb\/s\) (.*)$/ ) {
++ if ( /^\s*(-?\d+) \(\s*\d+[.,]\d kb\/s\) (.*)$/ || /^tar:(\d+)\s+\+\+\+ (.*)$/ ) {
+ my $sambaFileSize = $1;
+ my $pcFileName = $2;
+ (my $fileName = $pcFileName) =~ s/\\/\//g;
+@@ -281,6 +281,9 @@
+ } elsif ( /smb: \\>/
+ || /^\s*tar:\d+/ # MAKSYM 14082016: ignoring 2 more Samba-4.3 specific lines
+ || /^\s*WARNING:/i
++ || /^ NTLMSSP_/
++ || /^GENSEC backend /
++ || /^doing parameter /
+ || /^\s*added interface/i
+ || /^\s*tarmode is now/i
+ || /^\s*Total bytes written/i
include $(TOPDIR)/rules.mk
PKG_NAME:=syslog-ng
-PKG_VERSION:=3.22.1
+PKG_VERSION:=3.23.1
PKG_RELEASE:=1
PKG_MAINTAINER:=Josef Schlehofer <josef.schlehofer@nic.cz>
-PKG_LICENSE:=LGPL-2.1+
-PKG_LICENSE_FILES:=COPYING
+PKG_LICENSE:=LGPL-2.1-or-later GPL-2.0-or-later
+PKG_LICENSE_FILES:=COPYING LGPL.txt GPL.txt
PKG_CPE_ID:=cpe:/a:balabit:syslog-ng
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/balabit/syslog-ng/releases/download/$(PKG_NAME)-$(PKG_VERSION)/
-PKG_HASH:=0656443776fa554320cb81bbebeac72bdf871298dd2ebef7413c393aec4d74c8
+PKG_HASH:=fb36cfc1982831f74143b77a924ee79714745b5e2b3ff59d086d09a77d0acd38
PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
define Package/syslog-ng
SECTION:=admin
CATEGORY:=Administration
- DEPENDS:=+libpcre +glib2 +libopenssl +libpthread +librt +zlib +libdbi +libjson-c +libcurl +libuuid
TITLE:=A powerful syslog daemon
URL:=https://www.syslog-ng.com/products/open-source-log-management/
+ DEPENDS:=+libpcre +glib2 +libopenssl +libpthread +librt +zlib +libdbi +libjson-c +libcurl +libuuid
endef
define Package/syslog-ng/description
# More details about these settings can be found here:
# https://www.syslog-ng.com/technical-documents/list/syslog-ng-open-source-edition
-@version: 3.22
+@version: 3.23
@include "scl.conf"
@include "/etc/syslog-ng.d/" # Put any customization files in this directory
--- /dev/null
+From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Fri, 6 Apr 2018 19:36:15 +0200
+Subject: Invoke ed directly instead of using the shell
+
+* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
+command to avoid quoting vulnerabilities.
+---
+ src/pch.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/src/pch.c b/src/pch.c
+index 4fd5a05..16e001a 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname,
+ *outname_needs_removal = true;
+ copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+ }
+- sprintf (buf, "%s %s%s", editor_program,
+- verbosity == VERBOSE ? "" : "- ",
+- outname);
+ fflush (stdout);
+
+ pid = fork();
+@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname,
+ else if (pid == 0)
+ {
+ dup2 (tmpfd, 0);
+- execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
++ assert (outname[0] != '!' && outname[0] != '-');
++ execlp (editor_program, editor_program, "-", outname, (char *) NULL);
+ _exit (2);
+ }
+ else
+--
+cgit v1.0-41-gc330
+
+++ /dev/null
-From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001
-From: Andreas Gruenbacher <agruen@gnu.org>
-Date: Fri, 6 Apr 2018 19:36:15 +0200
-Subject: Invoke ed directly instead of using the shell
-
-* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
-command to avoid quoting vulnerabilities.
----
- src/pch.c | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/src/pch.c b/src/pch.c
-index 4fd5a05..16e001a 100644
---- a/src/pch.c
-+++ b/src/pch.c
-@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname,
- *outname_needs_removal = true;
- copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
- }
-- sprintf (buf, "%s %s%s", editor_program,
-- verbosity == VERBOSE ? "" : "- ",
-- outname);
- fflush (stdout);
-
- pid = fork();
-@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname,
- else if (pid == 0)
- {
- dup2 (tmpfd, 0);
-- execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
-+ assert (outname[0] != '!' && outname[0] != '-');
-+ execlp (editor_program, editor_program, "-", outname, (char *) NULL);
- _exit (2);
- }
- else
---
-cgit v1.0-41-gc330
-
TITLE:=ExFAT Kernel driver
FILES:=$(PKG_BUILD_DIR)/exfat.ko
AUTOLOAD:=$(call AutoLoad,30,exfat,1)
- DEPENDS:=+kmod-nls-base @BUILD_PATENTED
+ DEPENDS:=+kmod-nls-base
endef
define KernelPackage/fs-exfat/description
PKG_NAME:=jamvm
PKG_VERSION:=2.0.0
-PKG_RELEASE:=2
-PKG_LICENSE:=GPL-2.0+
-PKG_MAINTAINER:=Dana H. Myers <k6jq@comcast.net>
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/$(PKG_NAME)
PKG_HASH:=76428e96df0ae9dd964c7a7c74c1e9a837e2f312c39e9a357fa8178f7eff80da
-PKG_USE_MIPS16:=0
+PKG_MAINTAINER:=Dana H. Myers <k6jq@comcast.net>
+PKG_LICENSE:=GPL-2.0-or-later
+PKG_LICENSE_FILES:=COPYING
PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
+PKG_USE_MIPS16:=0
include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/host-build.mk
define Package/jamvm
SUBMENU:=Java
SECTION:=lang
CATEGORY:=Languages
TITLE:=A compact Java Virtual Machine
- URL:=http://sourceforge.net/projects/jamvm
- DEPENDS:=+zlib +libpthread +librt +classpath \
- @(i386||i686||x86_64||arm||armeb||mips||mipsel||powerpc||powerpc64) +CONFIG_powerpc64:libffi
+ URL:=http://jamvm.sourceforge.net/
+ DEPENDS:=+zlib +libpthread +librt +CONFIG_powerpc64:libffi @!arc
endef
define Package/jamvm/description
endef
$(eval $(call BuildPackage,jamvm))
+$(eval $(call HostBuild))
--- /dev/null
+--- a/src/os/linux/os.c
++++ b/src/os/linux/os.c
+@@ -26,6 +26,9 @@
+ #include <sys/sysinfo.h>
+
+ #define __USE_GNU
++#ifndef _GNU_SOURCE
++#define _GNU_SOURCE
++#endif
+ #include <dlfcn.h>
+ #include <pthread.h>
+
--- /dev/null
+# Copyright (C) 2018 OpenWrt
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=perl-file-rsyncp
+PKG_VERSION:=0.74
+PKG_RELEASE:=1
+
+PKG_SOURCE:=File-RsyncP-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=http://search.cpan.org/CPAN/authors/id/C/CB/CBARRATT/
+PKG_HASH:=ba4df5f9b0db6c9d86a6c5cf9861cf00d17b18e77cfa028e7a9157c0015a5aa3
+PKG_BUILD_DIR:=$(BUILD_DIR)/perl/File-RsyncP-$(PKG_VERSION)
+
+PKG_MAINTAINER:=Carsten Wolff <carsten@wolffcarsten.de>
+PKG_LICENSE:=GPL-2.0-or-later
+PKG_LICENSE_FILES:=LICENSE README
+
+include $(INCLUDE_DIR)/package.mk
+include ../perl/perlmod.mk
+
+define Package/perl-file-rsyncp
+ SUBMENU:=Perl
+ SECTION:=lang
+ CATEGORY:=Languages
+ TITLE:=Perl Rsync client
+ URL:=http://search.cpan.org/~cbarratt/File-RsyncP/
+ DEPENDS:=perl +perlbase-autoloader +perlbase-socket +perlbase-getopt +perlbase-data +perlbase-config +perlbase-encode +perlbase-fcntl +perlbase-file
+endef
+
+define Build/Configure
+ $(call perlmod/Configure,,)
+ $(call perlmod/Configure,,,$(PKG_BUILD_DIR)/Digest)
+ $(call perlmod/Configure,,,$(PKG_BUILD_DIR)/FileList)
+ $(call Build/Configure/Default,,rsync_cv_HAVE_LONGLONG=yes,FileList)
+endef
+
+define Build/Compile
+ PERL5LIB=$(PERL_LIB) $(MAKE) -C $(PKG_BUILD_DIR)/Digest
+ PERL5LIB=$(PERL_LIB) $(MAKE) -C $(PKG_BUILD_DIR)/FileList
+ PERL5LIB=$(PERL_LIB) $(MAKE) -C $(PKG_BUILD_DIR)
+endef
+
+define Package/perl-file-rsyncp/install
+ $(INSTALL_DIR) $(strip $(1))$(PERL_SITELIB)/File/RsyncP
+ $(INSTALL_DIR) $(strip $(1))$(PERL_SITELIB)/auto/File/RsyncP/Digest
+ $(INSTALL_DIR) $(strip $(1))$(PERL_SITELIB)/auto/File/RsyncP/FileList
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/lib/File/RsyncP.pm $(strip $(1))$(PERL_SITELIB)/File
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/lib/File/RsyncP/FileIO.pm $(strip $(1))$(PERL_SITELIB)/File/RsyncP
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/Digest/Digest.pm $(strip $(1))$(PERL_SITELIB)/File/RsyncP
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/FileList/FileList.pm $(strip $(1))$(PERL_SITELIB)/File/RsyncP
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/Digest/blib/lib/auto/File/RsyncP/Digest/autosplit.ix $(strip $(1))$(PERL_SITELIB)/auto/File/RsyncP/Digest
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/Digest/blib/arch/auto/File/RsyncP/Digest/Digest.so $(strip $(1))$(PERL_SITELIB)/auto/File/RsyncP/Digest
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/FileList/blib/lib/auto/File/RsyncP/FileList/autosplit.ix $(strip $(1))$(PERL_SITELIB)/auto/File/RsyncP/FileList
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/FileList/blib/arch/auto/File/RsyncP/FileList/FileList.so $(strip $(1))$(PERL_SITELIB)/auto/File/RsyncP/FileList
+endef
+
+$(eval $(call BuildPackage,perl-file-rsyncp))
--- /dev/null
+--- a/Makefile.PL 2010-07-25 22:50:02.000000000 +0200
++++ b/Makefile.PL 2018-03-27 15:46:16.724000000 +0200
+@@ -8,7 +8,7 @@
+ Getopt::Long => 2.24, # need OO interface
+ },
+ 'PMLIBDIRS' => ['lib'],
+- 'DIR' => ['Digest', 'FileList'],
++ 'DIR' => [],
+ ($] >= 5.005 ? ## Add these new keywords supported since 5.005
+ (ABSTRACT_FROM => 'lib/File/RsyncP.pm', # retrieve abstract from module
+ AUTHOR => 'Craig Barratt <cbarratt@users.sourceforge.net>')
include $(TOPDIR)/rules.mk
PKG_NAME:=python-pyasn1
-PKG_VERSION:=0.4.6
+PKG_VERSION:=0.4.7
PKG_RELEASE:=1
PKG_SOURCE:=pyasn1-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://files.pythonhosted.org/packages/source/p/pyasn1
-PKG_HASH:=b773d5c9196ffbc3a1e13bdf909d446cad80a039aa3340bcad72f395b76ebc86
+PKG_HASH:=a9495356ca1d66ed197a0f72b41eb1823cf7ea8b5bd07191673e8147aecf8604
PKG_LICENSE:=BSD-2-Clause
PKG_LICENSE_FILES:=LICENSE.txt
include $(TOPDIR)/rules.mk
PKG_NAME:=python-slugify
-PKG_VERSION:=3.0.2
+PKG_VERSION:=3.0.3
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://files.pythonhosted.org/packages/source/p/python-slugify/
-PKG_HASH:=57163ffb345c7e26063435a27add1feae67fa821f1ef4b2f292c25847575d758
+PKG_HASH:=a9f468227cb11e20e251670d78e1b5f6b0b15dd37bbd5c9814a25a904e44ff66
PKG_MAINTAINER:=Josef Schlehofer <josef.schlehofer@nic.cz>
PKG_LICENSE:=MIT
SUBMENU:=Python
TITLE:=Slugify application that handles Unicode
URL:=https://github.com/un33k/python-slugify
- DEPENDS+= \
- +python3-light \
- +python3-codecs \
- +python3-setuptools \
- +python3-text-unidecode
+ DEPENDS:= \
+ +python3-light \
+ +python3-codecs \
+ +python3-setuptools \
+ +python3-text-unidecode
VARIANT:=python3
endef
define Package/python3-slugify/description
-A Python slugify application that handles unicode.
+ A Python slugify application that handles unicode.
endef
$(eval $(call Py3Package,python3-slugify))
include $(TOPDIR)/rules.mk
-PKG_NAME:=PyYAML
-PKG_VERSION:=5.1.1
+PKG_NAME:=python-yaml
+PKG_VERSION:=5.1.2
PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE:=PyYAML-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://files.pythonhosted.org/packages/source/P/PyYAML
-PKG_HASH:=b4bb4d3f5e232425e25dda21c070ce05168a786ac9eda43768ab7f3ac2770955
+PKG_HASH:=01adf0b6c6f61bd11af6e10ca52b7d4057dd0be0343eb9283c878cf3af56aee4
PKG_MAINTAINER:=Josef Schlehofer <josef.schlehofer@nic.cz>
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
PKG_CPE_ID:=cpe:/a:pyyaml_project:pyyaml
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(BUILD_VARIANT)-$(PKG_NAME)-$(PKG_VERSION)
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(BUILD_VARIANT)-PyYAML-$(PKG_VERSION)
include $(INCLUDE_DIR)/package.mk
include ../python-package.mk
PKG_NAME:=classpath
PKG_VERSION:=0.99
-PKG_RELEASE:=2
-PKG_LICENSE:=GPL-2.0
-PKG_MAINTAINER:=Dana H. Myers <k6jq@comcast.net>
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@GNU/classpath
PKG_HASH:=f929297f8ae9b613a1a167e231566861893260651d913ad9b6c11933895fecc8
-PKG_FIXUP:=autoreconf
+PKG_MAINTAINER:=Dana H. Myers <k6jq@comcast.net>
+PKG_LICENSE:=GPL-2.0-or-later
+PKG_LICENSE_FILES:=COPYING
+
PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
+PKG_BUILD_DEPENDS:=jamvm/host
include $(INCLUDE_DIR)/package.mk
SECTION:=libs
CATEGORY:=Libraries
TITLE:=GNU Classpath
- URL:=http://www.gnu.org/software/classpath/
+ URL:=https://www.gnu.org/software/classpath/
DEPENDS:=+alsa-lib +libgmp +libmagic
endef
SECTION:=libs
CATEGORY:=Libraries
TITLE:=GNU Classpath tools
- URL:=http://www.gnu.org/software/classpath/
+ URL:=https://www.gnu.org/software/classpath/
endef
define Download/antlr
- URL:=http://www.antlr.org/download
+ URL:=https://www.antlr.org/download
FILE:=antlr-3.4-complete.jar
HASH:=9d3e866b610460664522520f73b81777b5626fb0a282a5952b9800b751550bf7
endef
PKG_NAME:=keyutils
PKG_VERSION:=1.6
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://people.redhat.com/dhowells/keyutils/
PKG_HASH:=d3aef20cec0005c0fa6b4be40079885567473185b1a57b629b030e67942c7115
+PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
+
include $(INCLUDE_DIR)/package.mk
define Package/libkeyutils
CATEGORY:=Libraries
TITLE:=Key utilities library
URL:=https://people.redhat.com/dhowells/keyutils/
+ LICENSE:=LGPL-2.1-or-later
+ LICENSE_FILES:=LICENSE.LGPL
+ ABI_VERSION:=1
endef
define Package/keyctl
SUBMENU:=Encryption
TITLE:=keyctl
DEPENDS:=+libkeyutils
+ LICENSE:=GPL-2.0-or-later
+ LICENSE_FILES:=LICENSE.GPL
endef
define Package/keyutils/description
Key utilities
endef
-define Build/Install
- make -C $(PKG_BUILD_DIR) DESTDIR=$(PKG_INSTALL_DIR) LIBDIR=/usr/lib install
-endef
+MAKE_FLAGS += \
+ BINDIR=/usr/bin \
+ LIBDIR=/usr/lib \
+ SBINDIR=/usr/sbin \
+ CFLAGS="$(TARGET_CFLAGS) $(FPIC)"
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
$(INSTALL_DIR) $(1)/usr/lib/
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libkeyutils.{a,so*} $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libkeyutils.a $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libkeyutils.so.$(ABI_VERSION)* $(1)/usr/lib/
endef
define Package/libkeyutils/install
$(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libkeyutils.so* $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libkeyutils.so.$(ABI_VERSION)* $(1)/usr/lib/
endef
define Package/keyctl/install
- $(INSTALL_DIR) $(1)/bin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/bin/keyctl $(1)/bin
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/keyctl $(1)/usr/bin
endef
$(eval $(call BuildPackage,libkeyutils))
include $(TOPDIR)/rules.mk
PKG_NAME:=libev
-PKG_VERSION:=4.25
+PKG_VERSION:=4.27
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://dist.schmorp.de/libev/Attic/
-PKG_HASH:=78757e1c27778d2f3795251d9fe09715d51ce0422416da4abb34af3929c02589
+PKG_HASH:=2d5526fc8da4f072dd5c73e18fbb1666f5ef8ed78b73bba12e195cfdd810344e
PKG_LICENSE:=BSD-2-Clause
PKG_MAINTAINER:=Karl Palsson <karlp@tweak.net.au>
include $(TOPDIR)/rules.mk
PKG_NAME:=libfmt
-PKG_VERSION:=5.3.0
+PKG_VERSION:=6.0.0
PKG_RELEASE:=1
PKG_SOURCE_NAME:=fmt
PKG_SOURCE:=$(PKG_SOURCE_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/fmtlib/$(PKG_SOURCE_NAME)/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=defa24a9af4c622a7134076602070b45721a43c51598c8456ec6f2c4dbb51c89
+PKG_HASH:=f1907a58d5e86e6c382e51441d92ad9e23aea63827ba47fd647eacc0d3a16c78
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_SOURCE_NAME)-$(PKG_VERSION)
PKG_MAINTAINER:=Othmar Truniger <github@truniger.ch>
-PKG_LICENSE:=BSD-2-Clause
+PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE.rst
CMAKE_INSTALL:=1
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libfmt.so* $(1)/usr/lib/
endef
-define Build/InstallDev
- $(INSTALL_DIR) $(1)/usr/include/fmt
- $(CP) $(PKG_INSTALL_DIR)/usr/include/fmt/*.h $(1)/usr/include/fmt/
-
- $(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libfmt.so* $(1)/usr/lib/
-
- $(INSTALL_DIR) $(1)/usr/lib/cmake
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/cmake/* $(1)/usr/lib/cmake/
-endef
-
$(eval $(call BuildPackage,libfmt))
PKG_NAME:=libredblack
PKG_VERSION:=1.3
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/libredblack
PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=COPYING
-PKG_BUILD_PARALLEL:=1
+PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/host-build.mk
endef
CONFIGURE_ARGS += --without-rbgen
+CONFIGURE_VARS += lt_cv_prog_cc_pic=$(FPIC)
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/lib
define Package/libredblack/install
$(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libredblack.{so*,a,la} $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libredblack.so* $(1)/usr/lib/
$(INSTALL_DIR) $(1)/usr/include
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/include/redblack.h $(1)/usr/include
PKG_NAME:=libssh2
PKG_VERSION:=1.9.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.libssh2.org/download
PKG_HASH:=d5fb8bd563305fd1074dda90bd053fb2d29fc4bce048d182f96eaa466dfadafd
-PKG_FIXUP:=autoreconf
-
-PKG_INSTALL:=1
-
-PKG_LICENSE:=BSD
+PKG_MAINTAINER:=Jiri Slachta <jiri@slachta.eu>
+PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=COPYING
PKG_CPE_ID:=cpe:/a:libssh2:libssh2
+CMAKE_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
+
PKG_CONFIG_DEPENDS:= \
CONFIG_LIBSSH2_MBEDTLS \
CONFIG_LIBSSH2_OPENSSL
TITLE:=SSH2 library
URL:=https://www.libssh2.org/
DEPENDS:=+LIBSSH2_MBEDTLS:libmbedtls +LIBSSH2_OPENSSL:libopenssl +zlib
- MAINTAINER:=Jiri Slachta <jiri@slachta.eu>
+ ABI_VERSION:=1
endef
define Package/libssh2/description
CMAKE_OPTIONS += \
-DBUILD_SHARED_LIBS=ON \
+ -DBUILD_TESTING=OFF \
-DENABLE_ZLIB_COMPRESSION=ON \
-DCLEAR_MEMORY=ON
CMAKE_OPTIONS += -DCRYPTO_BACKEND=mbedTLS
endif
-define Build/InstallDev
- $(INSTALL_DIR) $(1)/usr/include
- $(INSTALL_DIR) $(1)/usr/lib
- $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
- $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/include/*.h $(1)/usr/include/
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libssh2.so* $(1)/usr/lib/
- $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libssh2.pc $(1)/usr/lib/pkgconfig/
-endef
-
define Package/libssh2/install
$(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libssh2.so* $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libssh2.so.$(ABI_VERSION)* $(1)/usr/lib/
endef
$(eval $(call BuildPackage,libssh2))
#
-# Copyright (C) 2014-2017 OpenWrt.org
+# Copyright (C) 2018 Jianhui Zhao
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=libuhttpd
-PKG_VERSION:=2.2.2
-PKG_RELEASE:=2
+PKG_VERSION:=3.0.1
+PKG_RELEASE:=1
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=v$(PKG_VERSION)
-PKG_SOURCE_URL=https://github.com/zhaojh329/libuhttpd.git
-PKG_MIRROR_HASH:=98f217238160489468fafe8c643b7f96f168c80000ee07d3ca808d54f4c6a608
-CMAKE_INSTALL:=1
-
-PKG_BUILD_DIR=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_SOURCE_SUBDIR)
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL=https://github.com/zhaojh329/libuhttpd/releases/download/v$(PKG_VERSION)
+PKG_HASH:=07cc357a94e29c5a04eea46331352c869beed01d7fd6cc23972e878a5c4b023c
-PKG_LICENSE:=LGPL-2.1
+PKG_MAINTAINER:=Jianhui Zhao <jianhuizhao329@gmail.com>
+PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
-PKG_MAINTAINER:=Jianhui Zhao <jianhuizhao329@gmail.com>
+PKG_BUILD_PARALLEL:=1
+CMAKE_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk
-define Package/libuhttpd/default
+define Package/libuhttpd/Default
SECTION:=libs
CATEGORY:=Libraries
SUBMENU:=Networking
- TITLE:=libuhttpd
- DEPENDS:=+libubox +liblua
-endef
-
-define Package/libuhttpd-nossl
- $(Package/libuhttpd/default)
- TITLE += (NO SSL)
- VARIANT:=nossl
- CONFLICTS:=libuhttpd-openssl libuhttpd-wolfssl libuhttpd-mbedtls
-endef
-
-define Package/libuhttpd-openssl
- $(Package/libuhttpd/default)
- TITLE += (openssl)
- DEPENDS += +libustream-openssl
- VARIANT:=openssl
- CONFLICTS:=libuhttpd-wolfssl libuhttpd-mbedtls
+ TITLE:=A lightweight HTTP server library based on libev
+ URL:=https://github.com/zhaojh329/libuhttpd
+ DEPENDS:=+libev $(2)
+ VARIANT:=$(1)
+ PROVIDES:=libuhttpd
endef
-define Package/libuhttpd-wolfssl
- $(Package/libuhttpd/default)
- TITLE += (wolfssl)
- DEPENDS += +libustream-wolfssl
- VARIANT:=wolfssl
- CONFLICTS:=libuhttpd-mbedtls
-endef
-
-define Package/libuhttpd-mbedtls
- $(Package/libuhttpd/default)
- TITLE += (mbedtls)
- DEPENDS += +libustream-mbedtls
- VARIANT:=mbedtls
-endef
-
-ifeq ($(BUILD_VARIANT),nossl)
- CMAKE_OPTIONS += -DUHTTPD_SSL_SUPPORT=off
+Package/libuhttpd-openssl=$(call Package/libuhttpd/Default,openssl,+PACKAGE_libuhttpd-openssl:libopenssl)
+Package/libuhttpd-wolfssl=$(call Package/libuhttpd/Default,wolfssl,+PACKAGE_libuhttpd-wolfssl:libwolfssl)
+Package/libuhttpd-mbedtls=$(call Package/libuhttpd/Default,mbedtls,+PACKAGE_libuhttpd-mbedtls:libmbedtls)
+Package/libuhttpd-nossl=$(call Package/libuhttpd/Default,nossl)
+
+ifeq ($(BUILD_VARIANT),openssl)
+ CMAKE_OPTIONS += -DUHTTPD_USE_OPENSSL=ON
+else ifeq ($(BUILD_VARIANT),wolfssl)
+ CMAKE_OPTIONS += -DUHTTPD_USE_WOLFSSL=ON
+else ifeq ($(BUILD_VARIANT),mbedtls)
+ CMAKE_OPTIONS += -DUHTTPD_USE_MBEDTLS=ON
+else
+ CMAKE_OPTIONS += -DUHTTPD_SSL_SUPPORT=OFF
endif
-define Package/libuhttpd/default/install
- $(INSTALL_DIR) $(1)/usr/lib/ $(1)/usr/lib/lua/
+define Package/libuhttpd-$(BUILD_VARIANT)/install
+ $(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libuhttpd.so* $(1)/usr/lib/
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/lua/uhttpd.so* $(1)/usr/lib/lua/
endef
-Package/libuhttpd-nossl/install = $(Package/libuhttpd/default/install)
-Package/libuhttpd-openssl/install = $(Package/libuhttpd/default/install)
-Package/libuhttpd-wolfssl/install = $(Package/libuhttpd/default/install)
-Package/libuhttpd-mbedtls/install = $(Package/libuhttpd/default/install)
-
-$(eval $(call BuildPackage,libuhttpd-nossl))
+$(eval $(call BuildPackage,libuhttpd-openssl))
$(eval $(call BuildPackage,libuhttpd-mbedtls))
$(eval $(call BuildPackage,libuhttpd-wolfssl))
-$(eval $(call BuildPackage,libuhttpd-openssl))
+$(eval $(call BuildPackage,libuhttpd-nossl))
+++ /dev/null
-Index: libuhttpd-2.1.0/src/CMakeLists.txt
-===================================================================
---- libuhttpd-2.1.0.orig/src/CMakeLists.txt
-+++ libuhttpd-2.1.0/src/CMakeLists.txt
-@@ -8,7 +8,7 @@ set(UHTTPD_VERSION_PATCH 0)
-
- # Check the third party Libraries
- find_package(Libubox REQUIRED)
--find_package(Lua)
-+find_package(Lua51)
-
- include_directories(${CMAKE_CURRENT_BINARY_DIR} ${LIBUBOX_INCLUDE_DIR})
-
-@@ -20,9 +20,9 @@ option(UHTTPD_SSL_SUPPORT "SSL support"
-
-
- set(LUA_SUPPORT_DEFAULT "ON")
--if (NOT LUA_FOUND)
-+if (NOT LUA51_FOUND)
- set(LUA_SUPPORT_DEFAULT "OFF")
--endif (NOT LUA_FOUND)
-+endif (NOT LUA51_FOUND)
-
- set(UHTTPD_LUA_SUPPORT_CONFIG 1)
- option(UHTTPD_LUA_SUPPORT "LUA support" ${LUA_SUPPORT_DEFAULT})
-@@ -34,9 +34,9 @@ else ()
- endif ()
-
- if (UHTTPD_LUA_SUPPORT)
-- if (NOT LUA_FOUND)
-+ if (NOT LUA51_FOUND)
- message(FATAL_ERROR "Lua was not found on your system")
-- endif (NOT LUA_FOUND)
-+ endif (NOT LUA51_FOUND)
-
- include_directories(${LUA_INCLUDE_DIR})
- list(APPEND EXTRA_LIBS ${LUA_LIBRARY})
include $(TOPDIR)/rules.mk
PKG_NAME:=mxml
-PKG_VERSION:=2.12
+PKG_VERSION:=3.1
PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://github.com/michaelrsweet/mxml.git
-PKG_SOURCE_VERSION:=3aaa12c7d709d05286255d191998f29105dd407a
-PKG_MIRROR_HASH:=fccb77d4c9f6139db9937483596068f40112424ef261025227cda258a5561002
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://github.com/michaelrsweet/$(PKG_NAME)/releases/download/v$(PKG_VERSION)/
+PKG_HASH:=1ac8d252f62f9dc2b2004518c70d2da313bdfcd92b8350e215f46064a34b52fc
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
PKG_FIXUP:=autoreconf
include $(TOPDIR)/rules.mk
PKG_NAME:=nspr
-PKG_VERSION:=4.21
+PKG_VERSION:=4.22
PKG_RELEASE:=1
PKG_MAINTAINER:=Lucian Cristian <lucian.cristian@gmail.com>
PKG_LICENCE:=MPL-2.0
PKG_SOURCE_URL:= \
https://download.cdn.mozilla.net/pub/$(PKG_NAME)/releases/v$(PKG_VERSION)/src/ \
https://archive.mozilla.org/pub/$(PKG_NAME)/releases/v$(PKG_VERSION)/src/
-PKG_HASH:=15ea32c7b100217b6e3193bc03e77f485d9bf7504051443ba9ce86d1c17c6b5a
+PKG_HASH:=c9e4b6cc24856ec93202fe13704b38b38ba219f0f2aeac93090ce2b6c696d430
PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
index e737791..b578476 100644
--- a/nspr/lib/ds/Makefile.in
+++ b/nspr/lib/ds/Makefile.in
-@@ -114,13 +114,7 @@ GARBAGE += $(TINC)
+@@ -110,13 +110,7 @@ GARBAGE += $(TINC)
$(TINC):
@$(MAKE_OBJDIR)
index e8a6d9f..978ed28 100644
--- a/nspr/lib/libc/src/Makefile.in
+++ b/nspr/lib/libc/src/Makefile.in
-@@ -116,13 +116,7 @@ GARBAGE += $(TINC)
+@@ -112,13 +112,7 @@ GARBAGE += $(TINC)
$(TINC):
@$(MAKE_OBJDIR)
index aeb2944..f318097 100644
--- a/nspr/lib/prstreams/Makefile.in
+++ b/nspr/lib/prstreams/Makefile.in
-@@ -116,13 +116,7 @@ endif
+@@ -110,13 +110,7 @@ endif
$(TINC):
@$(MAKE_OBJDIR)
index 19c5a69..b4ac31c 100644
--- a/nspr/pr/src/Makefile.in
+++ b/nspr/pr/src/Makefile.in
-@@ -326,13 +326,7 @@ GARBAGE += $(TINC)
+@@ -310,13 +310,7 @@ GARBAGE += $(TINC)
$(TINC):
@$(MAKE_OBJDIR)
+++ /dev/null
-From 6cb5b0be8837222a1e01745f2cf57cd0e593186d Mon Sep 17 00:00:00 2001
-From: Antoine Tenart <antoine.tenart@free-electrons.com>
-Date: Mon, 23 Oct 2017 10:28:20 +0200
-Subject: [PATCH] Add ARC support
-
-[Alexey: Rebased on top of other patches like RiscV, NIOS2 etc].
-
-Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
-Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
-
-Upstream-Status: Submitted [ https://bugzilla.mozilla.org/show_bug.cgi?id=1492378 ]
----
- pr/include/md/_linux.cfg | 45 ++++++++++++++++++++++++++++++++++++++++
- pr/include/md/_linux.h | 2 ++
- 2 files changed, 47 insertions(+)
-
-diff --git a/pr/include/md/_linux.cfg b/pr/include/md/_linux.cfg
-index fec8525378dc..5f4fa0eac783 100644
---- a/nspr/pr/include/md/_linux.cfg
-+++ b/nspr/pr/include/md/_linux.cfg
-@@ -1157,6 +1157,51 @@
- #define PR_BYTES_PER_WORD_LOG2 3
- #define PR_BYTES_PER_DWORD_LOG2 3
-
-+#elif defined(__arc__)
-+
-+#define IS_LITTLE_ENDIAN 1
-+#undef IS_BIG_ENDIAN
-+
-+#define PR_BYTES_PER_BYTE 1
-+#define PR_BYTES_PER_SHORT 2
-+#define PR_BYTES_PER_INT 4
-+#define PR_BYTES_PER_INT64 8
-+#define PR_BYTES_PER_LONG 4
-+#define PR_BYTES_PER_FLOAT 4
-+#define PR_BYTES_PER_DOUBLE 8
-+#define PR_BYTES_PER_WORD 4
-+#define PR_BYTES_PER_DWORD 8
-+
-+#define PR_BITS_PER_BYTE 8
-+#define PR_BITS_PER_SHORT 16
-+#define PR_BITS_PER_INT 32
-+#define PR_BITS_PER_INT64 64
-+#define PR_BITS_PER_LONG 32
-+#define PR_BITS_PER_FLOAT 32
-+#define PR_BITS_PER_DOUBLE 64
-+#define PR_BITS_PER_WORD 32
-+
-+#define PR_BITS_PER_BYTE_LOG2 3
-+#define PR_BITS_PER_SHORT_LOG2 4
-+#define PR_BITS_PER_INT_LOG2 5
-+#define PR_BITS_PER_INT64_LOG2 6
-+#define PR_BITS_PER_LONG_LOG2 5
-+#define PR_BITS_PER_FLOAT_LOG2 5
-+#define PR_BITS_PER_DOUBLE_LOG2 6
-+#define PR_BITS_PER_WORD_LOG2 5
-+
-+#define PR_ALIGN_OF_SHORT 2
-+#define PR_ALIGN_OF_INT 4
-+#define PR_ALIGN_OF_LONG 4
-+#define PR_ALIGN_OF_INT64 4
-+#define PR_ALIGN_OF_FLOAT 4
-+#define PR_ALIGN_OF_DOUBLE 4
-+#define PR_ALIGN_OF_POINTER 4
-+#define PR_ALIGN_OF_WORD 4
-+
-+#define PR_BYTES_PER_WORD_LOG2 2
-+#define PR_BYTES_PER_DWORD_LOG2 3
-+
- #else
-
- #error "Unknown CPU architecture"
-diff --git a/pr/include/md/_linux.h b/pr/include/md/_linux.h
-index 8e04fad479a1..628b1217e9c8 100644
---- a/nspr/pr/include/md/_linux.h
-+++ b/nspr/pr/include/md/_linux.h
-@@ -63,6 +63,8 @@
- #define _PR_SI_ARCHITECTURE "riscv32"
- #elif defined(__riscv) && (__riscv_xlen == 64)
- #define _PR_SI_ARCHITECTURE "riscv64"
-+#elif defined(__arc__)
-+#define _PR_SI_ARCHITECTURE "arc"
- #else
- #error "Unknown CPU architecture"
- #endif
---
-2.17.1
-
--- /dev/null
+--- a/nspr/config/config.mk 2017-10-31 13:13:22.692343122 +0200
++++ b/nspr/config/config.mk 2017-10-31 13:13:58.758016378 +0200
+@@ -126,6 +126,9 @@
+
+ ifeq ($(USE_IPV6),1)
+ DEFINES += -D_PR_INET6
++ifeq ($(MUSL),1)
++CFLAGS += -D_PR_POLL_AVAILABLE -D_PR_HAVE_OFF64_T -D_PR_INET6 -D_PR_HAVE_INET_NTOP -D_PR_HAVE_GETHOSTBYNAME2 -D_PR_HAVE_GETADDRINFO -D_PR_INET6_PROBE
++endif
+ endif
+
+ ifeq ($(MOZ_UNICODE),1)
+--- a/nspr/config/Makefile.in 2019-03-31 13:44:56.919871810 +0300
++++ b/nspr/config/Makefile.in 2019-03-31 13:45:21.560545948 +0300
+@@ -30,7 +30,7 @@
+
+ # This version hasn't been ported for us; the one in mozilla/config has
+ ifneq ($(OS_ARCH),OS2)
+-CSRCS += nsinstall.c
++#CSRCS += nsinstall.c
+
+ PLSRCS = nfspwd.pl
+ endif
+++ /dev/null
---- a/nspr/config/config.mk 2017-10-31 13:13:22.692343122 +0200
-+++ b/nspr/config/config.mk 2017-10-31 13:13:58.758016378 +0200
-@@ -126,6 +126,9 @@
-
- ifeq ($(USE_IPV6),1)
- DEFINES += -D_PR_INET6
-+ifeq ($(MUSL),1)
-+CFLAGS += -D_PR_POLL_AVAILABLE -D_PR_HAVE_OFF64_T -D_PR_INET6 -D_PR_HAVE_INET_NTOP -D_PR_HAVE_GETHOSTBYNAME2 -D_PR_HAVE_GETADDRINFO -D_PR_INET6_PROBE
-+endif
- endif
-
- ifeq ($(MOZ_UNICODE),1)
---- a/nspr/config/Makefile.in 2019-03-31 13:44:56.919871810 +0300
-+++ b/nspr/config/Makefile.in 2019-03-31 13:45:21.560545948 +0300
-@@ -30,7 +30,7 @@
-
- # This version hasn't been ported for us; the one in mozilla/config has
- ifneq ($(OS_ARCH),OS2)
--CSRCS += nsinstall.c
-+#CSRCS += nsinstall.c
-
- PLSRCS = nfspwd.pl
- endif
include $(TOPDIR)/rules.mk
PKG_NAME:=opencv
-PKG_VERSION:=3.1.0
-PKG_RELEASE:=3
+PKG_VERSION:=4.1.1
+PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip
-PKG_SOURCE_URL:=http://sourceforge.net/projects/opencvlibrary/files/opencv-unix/$(PKG_VERSION)/
-PKG_HASH:=1f6990249fdb82804fff40e96fa6d99949023ab0e3277eae4bd459b374e622a4
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/opencv/opencv
+PKG_SOURCE_VERSION:=$(PKG_VERSION)
+PKG_MIRROR_HASH:=c8587820421d2f22acdafe4712d068ae490897dc445bdb4aa128ecaa8e65d3a1
+PKG_MAINTAINER:=
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE
+CMAKE_INSTALL:=1
+CMAKE_BINARY_SUBDIR:=build
+PKG_BUILD_PARALLEL:=1
+PKG_USE_MIPS16:=0
+
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk
SECTION:=libs
CATEGORY:=Libraries
TITLE:=OpenCV
- URL:=http://opencv.org/
- MAINTAINER:=WRTnode Team <pub@wrtnode.com>
- DEPENDS:=+libpthread +librt +libstdcpp +zlib +libjpeg
+ URL:=https://opencv.org/
+ DEPENDS:=+libpthread +librt +libatomic +libstdcpp +zlib +libjpeg
endef
-PKG_INSTALL:=1
-
-CMAKE_OPTIONS += -DBUILD_opencv_gpu:BOOL=OFF \
+CMAKE_OPTIONS += \
+ -DBUILD_opencv_gpu:BOOL=OFF \
-DWITH_1394:BOOL=OFF -DBUILD_opencv_stitching:BOOL=OFF \
-DBUILD_opencv_superres:BOOL=OFF -DBUILD_opencv_ts:BOOL=OFF \
-DBUILD_opencv_highgui:BOOL=OFF \
-DCMAKE_VERBOSE:BOOL=OFF \
-DENABLE_PRECOMPILED_HEADERS=OFF
-define Build/InstallDev
- $(INSTALL_DIR) $(1)/usr/include
- $(CP) $(PKG_INSTALL_DIR)/usr/include/opencv $(1)/usr/include/
- $(CP) $(PKG_INSTALL_DIR)/usr/include/opencv2 $(1)/usr/include/
- $(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libopencv* $(1)/usr/lib/
- $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/opencv.pc $(1)/usr/lib/pkgconfig/
-endef
+TARGET_LDFLAGS += -latomic
define Package/opencv/install
$(INSTALL_DIR) $(1)/usr/lib
+++ /dev/null
---- a/3rdparty/ippicv/downloader.cmake
-+++ b/3rdparty/ippicv/downloader.cmake
-@@ -64,7 +64,7 @@ function(_icv_downloader)
- if(DEFINED ENV{OPENCV_ICV_URL})
- set(OPENCV_ICV_URL $ENV{OPENCV_ICV_URL})
- else()
-- set(OPENCV_ICV_URL "https://raw.githubusercontent.com/Itseez/opencv_3rdparty/${IPPICV_BINARIES_COMMIT}/ippicv")
-+ set(OPENCV_ICV_URL "https://raw.githubusercontent.com/opencv/opencv_3rdparty/${IPPICV_BINARIES_COMMIT}/ippicv")
- endif()
- endif()
-
--- /dev/null
+--- a/modules/gapi/include/opencv2/gapi/core.hpp
++++ b/modules/gapi/include/opencv2/gapi/core.hpp
+@@ -392,8 +392,8 @@ namespace core {
+ {
+ GAPI_Assert(fx != 0. && fy != 0.);
+ return in.withSize
+- (Size(static_cast<int>(std::round(in.size.width * fx)),
+- static_cast<int>(std::round(in.size.height * fy))));
++ (Size(static_cast<int>(round(in.size.width * fx)),
++ static_cast<int>(round(in.size.height * fy))));
+ }
+ }
+ };
+--- a/modules/gapi/include/opencv2/gapi/own/saturate.hpp
++++ b/modules/gapi/include/opencv2/gapi/own/saturate.hpp
+@@ -81,8 +81,8 @@ static inline DST saturate(SRC x, R round)
+ // explicit suffix 'd' for double type
+ inline double ceild(double x) { return std::ceil(x); }
+ inline double floord(double x) { return std::floor(x); }
+-inline double roundd(double x) { return std::round(x); }
+-inline double rintd(double x) { return std::rint(x); }
++inline double roundd(double x) { return round(x); }
++inline double rintd(double x) { return rint(x); }
+
+ } //namespace own
+ } //namespace gapi
+--- a/modules/gapi/src/backends/fluid/gfluidcore.cpp
++++ b/modules/gapi/src/backends/fluid/gfluidcore.cpp
+@@ -389,7 +389,7 @@ static void run_arithm_s1(uchar out[], const float in[], int width, const float
+ cv::util::suppress_unused_warning(v_op);
+ for (; w < width; w++)
+ {
+- out[w] = saturate<uchar>(s_op(in[w], scalar[0]), std::roundf);
++ out[w] = saturate<uchar>(s_op(in[w], scalar[0]), roundf);
+ }
+ }
+
+@@ -1954,7 +1954,7 @@ GAPI_FLUID_KERNEL(GFluidCartToPolar, cv::gapi::core::GCartToPolar, false)
+ {
+ float x = in1[l];
+ float y = in2[l];
+- float magnitude = std::hypot(y, x);
++ float magnitude = hypot(y, x);
+ float angle_rad = std::atan2(y, x);
+ float angle = angleInDegrees?
+ angle_rad * static_cast<float>(180 / CV_PI):
--- /dev/null
+--- a/3rdparty/libjasper/jas_stream.c
++++ b/3rdparty/libjasper/jas_stream.c
+@@ -86,6 +86,10 @@
+ #include <io.h>
+ #endif
+
++#ifndef L_tmpnam
++#define L_tmpnam 20
++#endif
++
+ #include "jasper/jas_types.h"
+ #include "jasper/jas_stream.h"
+ #include "jasper/jas_malloc.h"
CATEGORY:=Libraries
TITLE:=RX/TX Support for Java serial communications
URL:=http://rxtx.qbang.org/wiki/index.php/Main_Page
- DEPENDS:=+libpthread
+ DEPENDS:=+libpthread +classpath
endef
define Package/rxtx/description
include $(TOPDIR)/rules.mk
PKG_NAME:=xmlrpc-c
-PKG_VERSION:=1.43.08
+PKG_VERSION:=1.51.03
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tgz
PKG_SOURCE_URL:=@SF/xmlrpc-c/Xmlrpc-c%20Super%20Stable/$(PKG_VERSION)
-PKG_HASH:=c9f5b584a42493877ae0f09ed680d94e035ab389e8fa1873b1ec42118d5cfca3
+PKG_HASH:=82f9a4f6dee03f6a58921d75a65949dd4f0036a4c268bce6a4343338932ec065
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
PKG_MAINTAINER:=Ted Hess <thess@kitschensync.net>
PKG_LICENSE:=VARIOUS
PKG_LICENSE_FILES:=doc/COPYING
-PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
-PKG_BUILD_PARALLEL:=0
-
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
+++ /dev/null
---- a/config.mk.in
-+++ b/config.mk.in
-@@ -176,7 +176,7 @@ ifeq ($(patsubst linux-gnu%,linux-gnu,$(
- shlibfn = $(1:%=%.$(SHLIB_SUFFIX).$(MAJ).$(MIN))
- shliblefn = $(1:%=%.$(SHLIB_SUFFIX))
- # SHLIB_CLIB = -lc
-- LDFLAGS_SHLIB = -shared -Wl,-soname,$(SONAME) $(SHLIB_CLIB)
-+ LDFLAGS_SHLIB = -shared -Wl,-soname,$(SONAME) $(SHLIB_CLIB) $(LDFLAGS)
- CFLAGS_SHLIB=-fPIC
- endif
-
+++ /dev/null
---- a/configure.in
-+++ b/configure.in
-@@ -223,9 +223,7 @@ dnl Checks for programs.
- dnl =======================================================================
-
- AC_PROG_CC
--if test x"$enable_cplusplus" != xno; then
-- AC_PROG_CXX
--fi
-+AC_PROG_CXX
-
-
- dnl =======================================================================
--- /dev/null
+--- a/lib/libutil/sleep.c
++++ b/lib/libutil/sleep.c
+@@ -8,7 +8,7 @@
+ # include <windows.h>
+ # include <process.h>
+ #else
+-# include <unistd.h>
++# include <time.h>
+ #endif
+
+
+@@ -18,6 +18,7 @@ xmlrpc_millisecond_sleep(unsigned int const milliseconds) {
+ #if MSVCRT
+ SleepEx(milliseconds, true);
+ #else
+- usleep(milliseconds * 1000);
++ const struct timespec req = {0, milliseconds * 1000 * 1000};
++ nanosleep(&req, NULL);
+ #endif
+ }
PKG_NAME:=msmtp-scripts
PKG_VERSION:=1.2.4
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://launchpad.net/$(PKG_NAME)/1.2/$(PKG_VERSION)/+download
and postsuper symlinks to wrappers that configure
msmtpq-ng for use as the system mail transport
agent via the sendmail command.
+
+**NB**: In order for msmtpq-ng-mta aka sendmail to
+send mail for non-root users (not just queue it
+after failing), the user must have permissions to
+access /etc/msmtprc -- package msmtp sets msmtprc
+to rw only by root by default as a security measure
+(it _can_ contain information like passwords with
+which to send mail through your email server).
+
+There are a couple of choices. One is to leave
+the default permissions (in which cases the mail
+will queue and fail to send until the mailq -q
+runner which runs in a root crontab sends the mail).
+Another is to give any non-root daemon users (or
+any other users) group access (i.e. create a
+group for all the users who should be able to
+send mail, add the users to it, and give the
+group read-only permissions on the msmtrpc).
+A final option (which is only resonable if you
+have no secrets in msmtprc because you are
+sending unauthenticated mail to a server that
+accepts mail directly for the intended user --
+usually that means a self-hosted system mail
+server, rather than trying to send mail to
+public servers (which don't typically accept
+mail from normal user IP addresses, even if
+you ISP doesn't block the traffic) is to
+make msmtprc world readable.
+
+The first option is probably the best choice
+for most users, as it just means a 15
+minute delay in the mail getting off the
+system, and doesn't involve special permissions
+for non-root daemons or users.
endef
define Package/msmtpq-ng-mta-smtpd
$(INSTALL_DATA) ./files/msmtpq-ng.rc $(1)/etc/msmtpq-ng.rc
$(INSTALL_DIR) $(1)/usr/bin
$(CP) $(PKG_BUILD_DIR)/src/usr/bin/msmtpq-ng $(1)/usr/bin/
+ $(SED) "s,nc -vz,printf \"HEAD / HTTP/1.1\\\\r\\\\nHost: \$$$${EMAIL_CONN_TEST_SITE}\\\\r\\\\n\\\\r\\\\n\"|nc," $(1)/usr/bin/msmtpq-ng
$(CP) $(PKG_BUILD_DIR)/src/usr/bin/msmtpq-ng-queue $(1)/usr/bin/
endef
START=90
boot() {
- [ ! -d /var/spool/msmtp ] && {
+ if [ ! -d /var/spool/msmtp ]; then
mkdir -m1777 -p /var/spool/msmtp
- }
+ else
+ chmod 1777 /var/spool/msmtp
+ fi
- [ ! -d /var/lock/msmtp ] && {
+ if [ ! -d /var/lock/msmtp ]; then
mkdir -m1777 -p /var/lock/msmtp
- }
+ else
+ chmod 1777 /var/spool/msmtp
+ fi
}
#MSMTPQ_NG=msmtpq-ng
#MSMTPQ_NG_QUEUE=msmtpq-ng-queue
#MSMTP_CONF=/etc/msmtprc
-#EMAIL_CONN_TEST=p
-EMAIL_CONN_TEST_PING=openwrt.org
+EMAIL_CONN_TEST=n
+#EMAIL_CONN_TEST_PING=openwrt.org
#EMAIL_CONN_TEST_IP=8.8.8.8
-#EMAIL_CONN_TEST_SITE=www.debian.org
+EMAIL_CONN_TEST_SITE=openwrt.org
#MSMTP_HOLD_SMTP_MAIL=true
#MSMTP_HOLD_CLI_MAIL=false
#LOG=~/log/.msmtp.queue.log
#MAXLOGLEVEL=7
#MSMTP_LOCK_DIR=~/.msmtp.lock
-EMAIL_CONN_TEST=p
-EMAIL_CONN_TEST_PING=openwrt.org
+EMAIL_CONN_TEST=n
+#EMAIL_CONN_TEST_PING=openwrt.org
#EMAIL_CONN_TEST_IP=8.8.8.8
-#EMAIL_CONN_TEST_SITE=www.debian.org
+EMAIL_CONN_TEST_SITE=openwrt.org
#MSMTP_UMASK=077
#MSMTP_LOG_UMASK=077
#MSMTP_QUEUE_QUIET=false
include $(TOPDIR)/rules.mk
PKG_NAME:=v4l2rtspserver
-PKG_VERSION:=0.1.6
+PKG_VERSION:=0.1.8
PKG_RELEASE:=1
#cannot use codeload as this uses submodules
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/mpromonet/v4l2rtspserver
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
-PKG_MIRROR_HASH:=9e076d2ecac08d5cbd0af7cfaa355e077e03fe35be73259ae7f520e2ef4243f8
+PKG_MIRROR_HASH:=2df448435fa169b1611e619496ec529baa4caa59627a8a508fb6db59c31e42be
-LIVE555_VERSION:=2019.02.03
-LIVE555_HASH:=1c938d91553eff224c7a860f8f38b3256028704b474a3fc6bcf2eddc42268710
+LIVE555_VERSION:=2019.08.28
+LIVE555_HASH:=a3dcd157865186cf883c3a80b4bb09637e91fff96b234b2c780a7f7dcc7a35dc
LIVE555_FILE:=live.$(LIVE555_VERSION).tar.gz
PKG_MAINTAINER:=Roger Dammit <rogerdammit@gmail.com>
HASH:=$(LIVE555_HASH)
endef
-TARGET_CFLAGS += -flto
-TARGET_CXXFLAGS += -fno-rtti
-TARGET_LDFLAGS += -Wl,--gc-sections
+TARGET_CFLAGS += -ffunction-sections -fdata-sections -flto
+TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed
-CMAKE_OPTIONS += -DALSA=OFF -DLIVE555CFLAGS="-DSOCKLEN_T=socklen_t -D_LARGEFILE_SOURCE=1 -D_FILE_OFFSET_BITS=64 -DLOCALE_NOT_USED -DNO_SSTREAM=1 -DALLOW_RTSP_SERVER_PORT_REUSE=1"
+CMAKE_OPTIONS += -DALSA=OFF -DLIVE555CFLAGS="$(TARGET_CFLAGS) -DSOCKLEN_T=socklen_t -D_LARGEFILE_SOURCE=1 -D_FILE_OFFSET_BITS=64 -DLOCALE_NOT_USED -DNO_SSTREAM=1 -DALLOW_RTSP_SERVER_PORT_REUSE=1"
-
-define Build/Prepare
+define Build/Prepare
$(Build/Prepare/Default)
# download live555
$(TAR) -xf $(DL_DIR)/$(LIVE555_FILE) --strip=1 -C $(PKG_BUILD_DIR)/live
endef
-
define Package/v4l2rtspserver/install
$(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/v4l2rtspserver-$(PKG_VERSION) $(1)/usr/bin/
- mv $(1)/usr/bin/v4l2rtspserver-$(PKG_VERSION) $(1)/usr/bin/v4l2rtspserver
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/v4l2rtspserver $(1)/usr/bin/
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) files/v4l2rtspserver.init $(1)/etc/init.d/v4l2rtspserver
include $(TOPDIR)/rules.mk
PKG_NAME:=youtube-dl
-PKG_VERSION:=2019.8.13
+PKG_VERSION:=2019.9.1
PKG_RELEASE:=1
PKG_SOURCE:=youtube_dl-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://files.pythonhosted.org/packages/source/y/youtube_dl/
-PKG_HASH:=ff65a10f81b64d8e0d1872a89bee0d075370ba6e4c658193e56e6f93e5ca46ba
+PKG_HASH:=cf543d2379af92709f7345ec0e53894c93ab6ab8ae54ed211d4a11b3e6d03460
PKG_BUILD_DIR:=$(BUILD_DIR)/youtube_dl-$(PKG_VERSION)
PKG_MAINTAINER:=Adrian Panella <ianchi74@outlook.com>, Josef Schlehofer <pepe.schlehofer@gmail.com>
include $(TOPDIR)/rules.mk
PKG_NAME:=adblock
-PKG_VERSION:=3.8.3
+PKG_VERSION:=3.8.4
PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0+
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
if [ -r "/lib/functions.sh" ]
then
. "/lib/functions.sh"
- adb_basever="$(uci_get adblock global adb_basever)"
adb_debug="$(uci_get adblock extra adb_debug "0")"
adb_msender="$(uci_get adblock extra adb_msender "no-reply@adblock")"
adb_mreceiver="$(uci_get adblock extra adb_mreceiver)"
adb_mtopic="$(uci_get adblock extra adb_mtopic "adblock notification")"
adb_mprofile="$(uci_get adblock extra adb_mprofile "adb_notify")"
fi
+adb_ver="${1}"
adb_mail="$(command -v msmtp)"
adb_rc=1
#
if [ -z "${adb_mreceiver}" ]
then
- logger -p "err" -t "adblock-${adb_basever} [${$}]" "please set the mail receiver with the 'adb_mreceiver' option"
+ logger -p "err" -t "adblock-${adb_ver}[${$}]" "please set the mail receiver with the 'adb_mreceiver' option"
exit ${adb_rc}
fi
adb_mhead="From: ${adb_msender}\\nTo: ${adb_mreceiver}\\nSubject: ${adb_mtopic}\\nReply-to: ${adb_msender}\\nMime-Version: 1.0\\nContent-Type: text/html\\nContent-Disposition: inline\\n\\n"
then
printf "%b" "${adb_mhead}${adb_mtext}" 2>/dev/null | "${adb_mail}" ${debug} -a "${adb_mprofile}" "${adb_mreceiver}" >/dev/null 2>&1
adb_rc=${?}
- logger -p "info" -t "adblock-${adb_basever} [${$}]" "mail sent to '${adb_mreceiver}' with rc '${adb_rc}'"
+ logger -p "info" -t "adblock-${adb_ver}[${$}]" "mail sent to '${adb_mreceiver}' with rc '${adb_rc}'"
else
- logger -p "err" -t "adblock-${adb_basever} [${$}]" "msmtp mail daemon not found"
+ logger -p "err" -t "adblock-${adb_ver}[${$}]" "msmtp mail daemon not found"
fi
exit ${adb_rc}
if [ -r "/lib/functions.sh" ]
then
. "/lib/functions.sh"
- adb_basever="$(uci_get adblock global adb_basever)"
adb_dns="$(uci_get adblock global adb_dns)"
fi
+adb_ver="${1}"
adb_ubus="$(command -v ubus)"
if [ -x "${adb_ubus}" ] && [ -n "${adb_dns}" ]
then
- logger -p "info" -t "adblock-${adb_basever} [${$}]" "ubus/adblock service started"
+ logger -p "info" -t "adblock-${adb_ver}[${$}]" "ubus/adblock service started"
"${adb_ubus}" -S -M r -m invoke monitor | \
{ grep -qE "\"method\":\"(set|signal)\",\"data\":\{\"name\":\"${adb_dns}\""; [ $? -eq 0 ] && /etc/init.d/adblock start; }
else
- logger -p "err" -t "adblock-${adb_basever} [${$}]" "can't start ubus/adblock service"
+ logger -p "err" -t "adblock-${adb_ver}[${$}]" "can't start ubus/adblock service"
fi
#
LC_ALL=C
PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-adb_ver="3.8.3"
+adb_ver="3.8.4"
adb_basever=""
adb_enabled=0
adb_debug=0
# get system information
#
- adb_sysver="$(ubus -S call system board 2>/dev/null | jsonfilter -e '@.model' -e '@.release.description' | awk '{ORS="\n";printf"%s, ",$0}')"
+ adb_sysver="$(ubus -S call system board 2>/dev/null | jsonfilter -e '@.model' -e '@.release.description' | \
+ awk 'BEGIN{ORS=", "}{print $0}' | awk '{print substr($0,1,length($0)-2)}')"
# parse 'global' and 'extra' section by callback
#
if [ "${adb_mail}" -eq 1 ] && [ -x "${adb_mailservice}" ] && \
{ [ "${status}" = "error" ] || { [ "${status}" = "enabled" ] && [ "${adb_cnt}" -le "${adb_mcnt}" ]; } }
then
- ("${adb_mailservice}" >/dev/null 2>&1)&
+ ("${adb_mailservice}" "${adb_ver}" >/dev/null 2>&1)&
bg_pid="${!}"
fi
f_log "debug" "f_jsnup ::: status: ${status:-"-"}, cnt: ${adb_cnt}, mail: ${adb_mail}, mail_service: ${adb_mailservice}, mail_cnt: ${adb_mcnt}, mail_pid: ${bg_pid:-"-"}"
if [ -z "${bg_pid}" ] && [ "${status}" = "start" ] \
&& [ -x "${adb_ubusservice}" ] && [ "${adb_dnsfilereset}" = "true" ]
then
- ( "${adb_ubusservice}" &)
+ ( "${adb_ubusservice}" "${adb_ver}" &)
elif [ -n "${bg_pid}" ] && [ "${status}" = "stop" ]
then
kill -HUP "${bg_pid}" 2>/dev/null
PKG_NAME:=apinger
PKG_SOURCE_DATE:=2015-04-09
-PKG_SOURCE_VERSION:=78eb328721ba1a10571c19df95acd
+PKG_SOURCE_VERSION:=78eb328721ba1a10571c19df95acddcb5f0c17c8
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
include $(TOPDIR)/rules.mk
PKG_NAME:=atftp
-PKG_VERSION:=0.7.1
-PKG_RELEASE:=5
-PKG_MAINTAINER:=Daniel Danzberger <daniel@dd-wrt.com>
-PKG_LICENSE:=GPL-2.0
+PKG_VERSION:=0.7.2
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/$(PKG_NAME)
-PKG_HASH:=ae4c6f09cadb8d2150c3ce32d88f19036a54e8211f22d723e97864bb5e18f92d
+PKG_HASH:=1ad080674e9f974217b3a703e7356c6c8446dc5e7b2014d0d06e1bfaa11b5041
+
+PKG_MAINTAINER:=Daniel Danzberger <daniel@dd-wrt.com>
+PKG_LICENSE:=GPL-2.0-or-later
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
endef
CONFIGURE_ARGS += \
+ --disable-debug \
--disable-libwrap
define Package/atftp/install
- $(INSTALL_DIR) $(1)/usr/sbin
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/atftp $(1)/usr/sbin/
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/atftp $(1)/usr/bin/
endef
define Package/atftpd/install
$(INSTALL_DIR) $(1)/etc
$(INSTALL_DIR) $(1)/usr/sbin
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/atftpd $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)//usr/sbin/atftpd $(1)/usr/sbin/
endef
$(eval $(call BuildPackage,atftp))
include $(TOPDIR)/rules.mk
PKG_NAME:=cgi-io
-PKG_RELEASE:=6
+PKG_RELEASE:=7
PKG_LICENSE:=GPL-2.0+
return (found >= n_fields);
}
+static char *
+canonicalize_path(const char *path, size_t len)
+{
+ char *canonpath, *cp;
+ const char *p, *e;
+
+ if (path == NULL || *path == '\0')
+ return NULL;
+
+ canonpath = datadup(path, len);
+
+ if (canonpath == NULL)
+ return NULL;
+
+ /* normalize */
+ for (cp = canonpath, p = path, e = path + len; p < e; ) {
+ if (*p != '/')
+ goto next;
+
+ /* skip repeating / */
+ if ((p + 1 < e) && (p[1] == '/')) {
+ p++;
+ continue;
+ }
+
+ /* /./ or /../ */
+ if ((p + 1 < e) && (p[1] == '.')) {
+ /* skip /./ */
+ if ((p + 2 >= e) || (p[2] == '/')) {
+ p += 2;
+ continue;
+ }
+
+ /* collapse /x/../ */
+ if ((p + 2 < e) && (p[2] == '.') && ((p + 3 >= e) || (p[3] == '/'))) {
+ while ((cp > canonpath) && (*--cp != '/'))
+ ;
+
+ p += 3;
+ continue;
+ }
+ }
+
+next:
+ *cp++ = *p++;
+ }
+
+ /* remove trailing slash if not root / */
+ if ((cp > canonpath + 1) && (cp[-1] == '/'))
+ cp--;
+ else if (cp == canonpath)
+ *cp++ = '/';
+
+ *cp = '\0';
+
+ return canonpath;
+}
+
static int
response(bool success, const char *message)
{
if (!st.filename)
return response(false, "File data without name");
+ if (!session_access(st.sessionid, st.filename, "write"))
+ return response(false, "Access to path denied by ACL");
+
st.tempfd = mkstemp(tmpname);
if (st.tempfd < 0)
break;
case PART_FILENAME:
- st.filename = datadup(data, len);
+ st.filename = canonicalize_path(data, len);
break;
case PART_FILEMODE:
include $(TOPDIR)/rules.mk
PKG_NAME:=haproxy
-PKG_VERSION:=2.0.3
-PKG_RELEASE:=2
+PKG_VERSION:=2.0.5
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.haproxy.org/download/2.0/src
-PKG_HASH:=aac1ff3e5079997985b6560f46bf265447d0cd841f11c4d77f15942c9fe4b770
+PKG_HASH:=3f2e0d40af66dd6df1dc2f6055d3de106ba62836d77b4c2e497a82a4bdbc5422
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>, \
#!/bin/sh
CLONEURL=https://git.haproxy.org/git/haproxy-2.0.git
-BASE_TAG=v2.0.3
+BASE_TAG=v2.0.5
TMP_REPODIR=tmprepo
PATCHESDIR=patches
+++ /dev/null
-commit 937604b4cfccddd607b8d4883815c4e3f9ab70d0
-Author: Willy Tarreau <w@1wt.eu>
-Date: Wed Jul 24 16:45:02 2019 +0200
-
- BUG/MEDIUM: protocols: add a global lock for the init/deinit stuff
-
- Dragan Dosen found that the listeners lock is not sufficient to protect
- the listeners list when proxies are stopping because the listeners are
- also unlinked from the protocol list, and under certain situations like
- bombing with soft-stop signals or shutting down many frontends in parallel
- from multiple CLI connections, it could be possible to provoke multiple
- instances of delete_listener() to be called in parallel for different
- listeners, thus corrupting the protocol lists.
-
- Such operations are pretty rare, they are performed once per proxy upon
- startup and once per proxy on shut down. Thus there is no point trying
- to optimize anything and we can use a global lock to protect the protocol
- lists during these manipulations.
-
- This fix (or a variant) will have to be backported as far as 1.8.
-
- (cherry picked from commit daacf3664506d56a1f3b050ccba504886a18b12a)
- Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
-
-diff --git a/include/proto/protocol.h b/include/proto/protocol.h
-index 7bbebb8e..f25f77f0 100644
---- a/include/proto/protocol.h
-+++ b/include/proto/protocol.h
-@@ -23,9 +23,11 @@
- #define _PROTO_PROTOCOL_H
-
- #include <sys/socket.h>
-+#include <common/hathreads.h>
- #include <types/protocol.h>
-
- extern struct protocol *__protocol_by_family[AF_CUST_MAX];
-+__decl_hathreads(extern HA_SPINLOCK_T proto_lock);
-
- /* Registers the protocol <proto> */
- void protocol_register(struct protocol *proto);
-diff --git a/include/types/protocol.h b/include/types/protocol.h
-index 1d3404b9..f38baeb9 100644
---- a/include/types/protocol.h
-+++ b/include/types/protocol.h
-@@ -80,9 +80,9 @@ struct protocol {
- int (*pause)(struct listener *l); /* temporarily pause this listener for a soft restart */
- void (*add)(struct listener *l, int port); /* add a listener for this protocol and port */
-
-- struct list listeners; /* list of listeners using this protocol */
-- int nb_listeners; /* number of listeners */
-- struct list list; /* list of registered protocols */
-+ struct list listeners; /* list of listeners using this protocol (under proto_lock) */
-+ int nb_listeners; /* number of listeners (under proto_lock) */
-+ struct list list; /* list of registered protocols (under proto_lock) */
- };
-
- #define CONNECT_HAS_DATA 0x00000001 /* There's data available to be sent */
-diff --git a/src/listener.c b/src/listener.c
-index 40a774ed..b5fe2ac2 100644
---- a/src/listener.c
-+++ b/src/listener.c
-@@ -433,6 +433,9 @@ static void limit_listener(struct listener *l, struct list *list)
- * used as a protocol's generic enable_all() primitive, for use after the
- * fork(). It puts the listeners into LI_READY or LI_FULL states depending on
- * their number of connections. It always returns ERR_NONE.
-+ *
-+ * Must be called with proto_lock held.
-+ *
- */
- int enable_all_listeners(struct protocol *proto)
- {
-@@ -447,6 +450,9 @@ int enable_all_listeners(struct protocol *proto)
- * the polling lists when they are in the LI_READY or LI_FULL states. It is
- * intended to be used as a protocol's generic disable_all() primitive. It puts
- * the listeners into LI_LISTEN, and always returns ERR_NONE.
-+ *
-+ * Must be called with proto_lock held.
-+ *
- */
- int disable_all_listeners(struct protocol *proto)
- {
-@@ -516,6 +522,9 @@ void unbind_listener_no_close(struct listener *listener)
- /* This function closes all listening sockets bound to the protocol <proto>,
- * and the listeners end in LI_ASSIGNED state if they were higher. It does not
- * detach them from the protocol. It always returns ERR_NONE.
-+ *
-+ * Must be called with proto_lock held.
-+ *
- */
- int unbind_all_listeners(struct protocol *proto)
- {
-@@ -580,14 +589,19 @@ int create_listeners(struct bind_conf *bc, const struct sockaddr_storage *ss,
- * number of listeners is updated, as well as the global number of listeners
- * and jobs. Note that the listener must have previously been unbound. This
- * is the generic function to use to remove a listener.
-+ *
-+ * Will grab the proto_lock.
-+ *
- */
- void delete_listener(struct listener *listener)
- {
- HA_SPIN_LOCK(LISTENER_LOCK, &listener->lock);
- if (listener->state == LI_ASSIGNED) {
- listener->state = LI_INIT;
-+ HA_SPIN_LOCK(PROTO_LOCK, &proto_lock);
- LIST_DEL(&listener->proto_list);
- listener->proto->nb_listeners--;
-+ HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock);
- _HA_ATOMIC_SUB(&jobs, 1);
- _HA_ATOMIC_SUB(&listeners, 1);
- }
-diff --git a/src/proto_sockpair.c b/src/proto_sockpair.c
-index a4faa370..e7dd670d 100644
---- a/src/proto_sockpair.c
-+++ b/src/proto_sockpair.c
-@@ -80,6 +80,9 @@ INITCALL1(STG_REGISTER, protocol_register, &proto_sockpair);
- /* Add <listener> to the list of sockpair listeners (port is ignored). The
- * listener's state is automatically updated from LI_INIT to LI_ASSIGNED.
- * The number of listeners for the protocol is updated.
-+ *
-+ * Must be called with proto_lock held.
-+ *
- */
- static void sockpair_add_listener(struct listener *listener, int port)
- {
-@@ -97,6 +100,8 @@ static void sockpair_add_listener(struct listener *listener, int port)
- * loose them across the fork(). A call to uxst_enable_listeners() is needed
- * to complete initialization.
- *
-+ * Must be called with proto_lock held.
-+ *
- * The return value is composed from ERR_NONE, ERR_RETRYABLE and ERR_FATAL.
- */
- static int sockpair_bind_listeners(struct protocol *proto, char *errmsg, int errlen)
-diff --git a/src/proto_tcp.c b/src/proto_tcp.c
-index 64ffb83c..bcbe27a7 100644
---- a/src/proto_tcp.c
-+++ b/src/proto_tcp.c
-@@ -1103,6 +1103,9 @@ int tcp_bind_listener(struct listener *listener, char *errmsg, int errlen)
- * The sockets will be registered but not added to any fd_set, in order not to
- * loose them across the fork(). A call to enable_all_listeners() is needed
- * to complete initialization. The return value is composed from ERR_*.
-+ *
-+ * Must be called with proto_lock held.
-+ *
- */
- static int tcp_bind_listeners(struct protocol *proto, char *errmsg, int errlen)
- {
-@@ -1121,6 +1124,9 @@ static int tcp_bind_listeners(struct protocol *proto, char *errmsg, int errlen)
- /* Add <listener> to the list of tcpv4 listeners, on port <port>. The
- * listener's state is automatically updated from LI_INIT to LI_ASSIGNED.
- * The number of listeners for the protocol is updated.
-+ *
-+ * Must be called with proto_lock held.
-+ *
- */
- static void tcpv4_add_listener(struct listener *listener, int port)
- {
-@@ -1136,6 +1142,9 @@ static void tcpv4_add_listener(struct listener *listener, int port)
- /* Add <listener> to the list of tcpv6 listeners, on port <port>. The
- * listener's state is automatically updated from LI_INIT to LI_ASSIGNED.
- * The number of listeners for the protocol is updated.
-+ *
-+ * Must be called with proto_lock held.
-+ *
- */
- static void tcpv6_add_listener(struct listener *listener, int port)
- {
-diff --git a/src/proto_uxst.c b/src/proto_uxst.c
-index 66093af6..7263240f 100644
---- a/src/proto_uxst.c
-+++ b/src/proto_uxst.c
-@@ -379,6 +379,9 @@ static int uxst_unbind_listener(struct listener *listener)
- /* Add <listener> to the list of unix stream listeners (port is ignored). The
- * listener's state is automatically updated from LI_INIT to LI_ASSIGNED.
- * The number of listeners for the protocol is updated.
-+ *
-+ * Must be called with proto_lock held.
-+ *
- */
- static void uxst_add_listener(struct listener *listener, int port)
- {
-@@ -594,6 +597,8 @@ static int uxst_connect_server(struct connection *conn, int flags)
- * loose them across the fork(). A call to uxst_enable_listeners() is needed
- * to complete initialization.
- *
-+ * Must be called with proto_lock held.
-+ *
- * The return value is composed from ERR_NONE, ERR_RETRYABLE and ERR_FATAL.
- */
- static int uxst_bind_listeners(struct protocol *proto, char *errmsg, int errlen)
-@@ -613,6 +618,9 @@ static int uxst_bind_listeners(struct protocol *proto, char *errmsg, int errlen)
- /* This function stops all listening UNIX sockets bound to the protocol
- * <proto>. It does not detaches them from the protocol.
- * It always returns ERR_NONE.
-+ *
-+ * Must be called with proto_lock held.
-+ *
- */
- static int uxst_unbind_listeners(struct protocol *proto)
- {
-diff --git a/src/protocol.c b/src/protocol.c
-index 96e01c82..ac45cf2e 100644
---- a/src/protocol.c
-+++ b/src/protocol.c
-@@ -18,18 +18,26 @@
- #include <common/mini-clist.h>
- #include <common/standard.h>
-
--#include <types/protocol.h>
-+#include <proto/protocol.h>
-
- /* List head of all registered protocols */
- static struct list protocols = LIST_HEAD_INIT(protocols);
- struct protocol *__protocol_by_family[AF_CUST_MAX] = { };
-
-+/* This is the global spinlock we may need to register/unregister listeners or
-+ * protocols. Its main purpose is in fact to serialize the rare stop/deinit()
-+ * phases.
-+ */
-+__decl_spinlock(proto_lock);
-+
- /* Registers the protocol <proto> */
- void protocol_register(struct protocol *proto)
- {
-+ HA_SPIN_LOCK(PROTO_LOCK, &proto_lock);
- LIST_ADDQ(&protocols, &proto->list);
- if (proto->sock_domain >= 0 && proto->sock_domain < AF_CUST_MAX)
- __protocol_by_family[proto->sock_domain] = proto;
-+ HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock);
- }
-
- /* Unregisters the protocol <proto>. Note that all listeners must have
-@@ -37,8 +45,10 @@ void protocol_register(struct protocol *proto)
- */
- void protocol_unregister(struct protocol *proto)
- {
-+ HA_SPIN_LOCK(PROTO_LOCK, &proto_lock);
- LIST_DEL(&proto->list);
- LIST_INIT(&proto->list);
-+ HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock);
- }
-
- /* binds all listeners of all registered protocols. Returns a composition
-@@ -50,6 +60,7 @@ int protocol_bind_all(char *errmsg, int errlen)
- int err;
-
- err = 0;
-+ HA_SPIN_LOCK(PROTO_LOCK, &proto_lock);
- list_for_each_entry(proto, &protocols, list) {
- if (proto->bind_all) {
- err |= proto->bind_all(proto, errmsg, errlen);
-@@ -57,6 +68,7 @@ int protocol_bind_all(char *errmsg, int errlen)
- break;
- }
- }
-+ HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock);
- return err;
- }
-
-@@ -71,11 +83,13 @@ int protocol_unbind_all(void)
- int err;
-
- err = 0;
-+ HA_SPIN_LOCK(PROTO_LOCK, &proto_lock);
- list_for_each_entry(proto, &protocols, list) {
- if (proto->unbind_all) {
- err |= proto->unbind_all(proto);
- }
- }
-+ HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock);
- return err;
- }
-
-@@ -89,11 +103,13 @@ int protocol_enable_all(void)
- int err;
-
- err = 0;
-+ HA_SPIN_LOCK(PROTO_LOCK, &proto_lock);
- list_for_each_entry(proto, &protocols, list) {
- if (proto->enable_all) {
- err |= proto->enable_all(proto);
- }
- }
-+ HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock);
- return err;
- }
-
-@@ -107,11 +123,13 @@ int protocol_disable_all(void)
- int err;
-
- err = 0;
-+ HA_SPIN_LOCK(PROTO_LOCK, &proto_lock);
- list_for_each_entry(proto, &protocols, list) {
- if (proto->disable_all) {
- err |= proto->disable_all(proto);
- }
- }
-+ HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock);
- return err;
- }
-
--- /dev/null
+commit 3a761682a65e7e7f7baf172f58b15e567a685387
+Author: Willy Tarreau <w@1wt.eu>
+Date: Wed Aug 21 14:12:19 2019 +0200
+
+ MINOR: debug: indicate the applet name when the task is task_run_applet()
+
+ This allows to figure what applet is currently being executed (and likely
+ hung).
+
+ (cherry picked from commit a512b02f67a30ab5519d04f8c8b1263415321c85)
+ [wt: backported to improve troubleshooting when the watchdog fires]
+ Signed-off-by: Willy Tarreau <w@1wt.eu>
+
+diff --git a/src/debug.c b/src/debug.c
+index 3077e97c..36cc9e71 100644
+--- a/src/debug.c
++++ b/src/debug.c
+@@ -90,6 +90,7 @@ void ha_thread_dump(struct buffer *buf, int thr, int calling_tid)
+ void ha_task_dump(struct buffer *buf, const struct task *task, const char *pfx)
+ {
+ const struct stream *s = NULL;
++ const struct appctx __maybe_unused *appctx = NULL;
+
+ if (!task) {
+ chunk_appendf(buf, "0\n");
+@@ -110,7 +111,7 @@ void ha_task_dump(struct buffer *buf, const struct task *task, const char *pfx)
+ task->call_date ? " ns ago" : "");
+
+ chunk_appendf(buf, "%s"
+- " fct=%p (%s) ctx=%p\n",
++ " fct=%p (%s) ctx=%p",
+ pfx,
+ task->process,
+ task->process == process_stream ? "process_stream" :
+@@ -119,6 +120,11 @@ void ha_task_dump(struct buffer *buf, const struct task *task, const char *pfx)
+ "?",
+ task->context);
+
++ if (task->process == task_run_applet && (appctx = task->context))
++ chunk_appendf(buf, "(%s)\n", appctx->applet->name);
++ else
++ chunk_appendf(buf, "\n");
++
+ if (task->process == process_stream && task->context)
+ s = (struct stream *)task->context;
+ else if (task->process == task_run_applet && task->context)
+++ /dev/null
-commit 6d79cedaaa4a16b2f42d2bf2bc25772a51354e91
-Author: Willy Tarreau <w@1wt.eu>
-Date: Wed Jul 24 17:42:44 2019 +0200
-
- BUG/MINOR: proxy: always lock stop_proxy()
-
- There is one unprotected call to stop_proxy() from the manage_proxy()
- task, so there is a single caller by definition, but there is also
- another such call from the CLI's "shutdown frontend" parser. This
- one does it under the proxy's lock but the first one doesn't use it.
- Thus it is theorically possible to corrupt the list of listeners in a
- proxy by issuing "shutdown frontend" and SIGUSR1 exactly at the same
- time. While it sounds particularly contrived or stupid, it could
- possibly happen with automated tools that would send actions via
- various channels. This could cause the process to loop forever or
- to crash and thus stop faster than expected.
-
- This might be backported as far as 1.8.
-
- (cherry picked from commit 3de3cd4d9761324b31d23eb2c4a9434ed33801b8)
- Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
-
-diff --git a/src/proxy.c b/src/proxy.c
-index f669ebf1..ae761ead 100644
---- a/src/proxy.c
-+++ b/src/proxy.c
-@@ -1258,13 +1258,16 @@ void zombify_proxy(struct proxy *p)
- * to be called when going down in order to release the ports so that another
- * process may bind to them. It must also be called on disabled proxies at the
- * end of start-up. If all listeners are closed, the proxy is set to the
-- * PR_STSTOPPED state.
-+ * PR_STSTOPPED state. The function takes the proxy's lock so it's safe to
-+ * call from multiple places.
- */
- void stop_proxy(struct proxy *p)
- {
- struct listener *l;
- int nostop = 0;
-
-+ HA_SPIN_LOCK(PROXY_LOCK, &p->lock);
-+
- list_for_each_entry(l, &p->conf.listeners, by_fe) {
- if (l->options & LI_O_NOSTOP) {
- HA_ATOMIC_ADD(&unstoppable_jobs, 1);
-@@ -1278,6 +1281,8 @@ void stop_proxy(struct proxy *p)
- }
- if (!nostop)
- p->state = PR_STSTOPPED;
-+
-+ HA_SPIN_UNLOCK(PROXY_LOCK, &p->lock);
- }
-
- /* This function resumes listening on the specified proxy. It scans all of its
-@@ -2110,10 +2115,7 @@ static int cli_parse_shutdown_frontend(char **args, char *payload, struct appctx
- send_log(px, LOG_WARNING, "Proxy %s stopped (FE: %lld conns, BE: %lld conns).\n",
- px->id, px->fe_counters.cum_conn, px->be_counters.cum_conn);
-
-- HA_SPIN_LOCK(PROXY_LOCK, &px->lock);
- stop_proxy(px);
-- HA_SPIN_UNLOCK(PROXY_LOCK, &px->lock);
--
- return 1;
- }
-
--- /dev/null
+commit fe575b5ca645d6751fba56efa907952eda200b09
+Author: Willy Tarreau <w@1wt.eu>
+Date: Wed Aug 21 13:17:37 2019 +0200
+
+ MINOR: tools: add append_prefixed_str()
+
+ This is somewhat related to indent_msg() except that this one places a
+ known prefix at the beginning of each line, allows to replace the EOL
+ character, and not to insert a prefix on the first line if not desired.
+ It works with a normal output buffer/chunk so it doesn't need to allocate
+ anything nor to modify the input string. It is suitable for use in multi-
+ line backtraces.
+
+ (cherry picked from commit a2c9911ace8537e0a350daf8d981170a001b6c7a)
+ [wt: backported to improve troubleshooting when the watchdog fires]
+ Signed-off-by: Willy Tarreau <w@1wt.eu>
+
+diff --git a/include/common/standard.h b/include/common/standard.h
+index 0f4b1870..cdefc9f5 100644
+--- a/include/common/standard.h
++++ b/include/common/standard.h
+@@ -1238,6 +1238,7 @@ char *memprintf(char **out, const char *format, ...)
+ * free(err);
+ */
+ char *indent_msg(char **out, int level);
++int append_prefixed_str(struct buffer *out, const char *in, const char *pfx, char eol, int first);
+
+ /* removes environment variable <name> from the environment as found in
+ * environ. This is only provided as an alternative for systems without
+diff --git a/src/standard.c b/src/standard.c
+index 2f205f74..717c14a9 100644
+--- a/src/standard.c
++++ b/src/standard.c
+@@ -3709,6 +3709,41 @@ char *indent_msg(char **out, int level)
+ return ret;
+ }
+
++/* makes a copy of message <in> into <out>, with each line prefixed with <pfx>
++ * and end of lines replaced with <eol> if not 0. The first line to indent has
++ * to be indicated in <first> (starts at zero), so that it is possible to skip
++ * indenting the first line if it has to be appended after an existing message.
++ * Empty strings are never indented, and NULL strings are considered empty both
++ * for <in> and <pfx>. It returns non-zero if an EOL was appended as the last
++ * character, non-zero otherwise.
++ */
++int append_prefixed_str(struct buffer *out, const char *in, const char *pfx, char eol, int first)
++{
++ int bol, lf;
++ int pfxlen = pfx ? strlen(pfx) : 0;
++
++ if (!in)
++ return 0;
++
++ bol = 1;
++ lf = 0;
++ while (*in) {
++ if (bol && pfxlen) {
++ if (first > 0)
++ first--;
++ else
++ b_putblk(out, pfx, pfxlen);
++ bol = 0;
++ }
++
++ lf = (*in == '\n');
++ bol |= lf;
++ b_putchr(out, (lf && eol) ? eol : *in);
++ in++;
++ }
++ return lf;
++}
++
+ /* removes environment variable <name> from the environment as found in
+ * environ. This is only provided as an alternative for systems without
+ * unsetenv() (old Solaris and AIX versions). THIS IS NOT THREAD SAFE.
+++ /dev/null
-commit a4ca26661f95a60974fb13a78b1a0c89f9c09ea9
-Author: Willy Tarreau <w@1wt.eu>
-Date: Thu Jul 25 07:53:56 2019 +0200
-
- BUILD: threads: add the definition of PROTO_LOCK
-
- This one was added by commit daacf3664 ("BUG/MEDIUM: protocols: add a
- global lock for the init/deinit stuff") but I forgot to add it to the
- include file, breaking DEBUG_THREAD.
-
- (cherry picked from commit d6e0c03384cab2c72fb6ab841420045108ea4e6f)
- Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
-
-diff --git a/include/common/hathreads.h b/include/common/hathreads.h
-index a7c8dc93..b05215bd 100644
---- a/include/common/hathreads.h
-+++ b/include/common/hathreads.h
-@@ -562,6 +562,7 @@ enum lock_label {
- AUTH_LOCK,
- LOGSRV_LOCK,
- DICT_LOCK,
-+ PROTO_LOCK,
- OTHER_LOCK,
- LOCK_LABELS
- };
-@@ -679,6 +680,7 @@ static inline const char *lock_label(enum lock_label label)
- case AUTH_LOCK: return "AUTH";
- case LOGSRV_LOCK: return "LOGSRV";
- case DICT_LOCK: return "DICT";
-+ case PROTO_LOCK: return "PROTO";
- case OTHER_LOCK: return "OTHER";
- case LOCK_LABELS: break; /* keep compiler happy */
- };
--- /dev/null
+commit 83a5ff403a2cd625832f01032c0feb8bf9c2a89e
+Author: Willy Tarreau <w@1wt.eu>
+Date: Wed Aug 21 14:14:50 2019 +0200
+
+ MINOR: lua: export applet and task handlers
+
+ The current functions are seen outside from the debugging code and are
+ convenient to export so that we can improve the thread dump output :
+
+ void hlua_applet_tcp_fct(struct appctx *ctx);
+ void hlua_applet_http_fct(struct appctx *ctx);
+ struct task *hlua_process_task(struct task *task, void *context, unsigned short state);
+
+ Of course they are only available when USE_LUA is defined.
+
+ (cherry picked from commit 60409db0b1743d670e54244425f6e08c389b7dde)
+ [wt: backported to improve troubleshooting when the watchdog fires;
+ while in 2.0 we also have hlua_applet_htx_fct(), it's not
+ visible outside hlua_applet_http_fct() so we don't care]
+ Signed-off-by: Willy Tarreau <w@1wt.eu>
+
+diff --git a/include/proto/hlua.h b/include/proto/hlua.h
+index 7ad5a99e..32468b77 100644
+--- a/include/proto/hlua.h
++++ b/include/proto/hlua.h
+@@ -27,6 +27,9 @@
+ void hlua_ctx_destroy(struct hlua *lua);
+ void hlua_init();
+ int hlua_post_init();
++void hlua_applet_tcp_fct(struct appctx *ctx);
++void hlua_applet_http_fct(struct appctx *ctx);
++struct task *hlua_process_task(struct task *task, void *context, unsigned short state);
+
+ #else /* USE_LUA */
+
+diff --git a/src/hlua.c b/src/hlua.c
+index d2708f87..813aa724 100644
+--- a/src/hlua.c
++++ b/src/hlua.c
+@@ -6237,7 +6237,7 @@ __LJMP static int hlua_set_nice(lua_State *L)
+ * Task wrapper are longjmp safe because the only one Lua code
+ * executed is the safe hlua_ctx_resume();
+ */
+-static struct task *hlua_process_task(struct task *task, void *context, unsigned short state)
++struct task *hlua_process_task(struct task *task, void *context, unsigned short state)
+ {
+ struct hlua *hlua = context;
+ enum hlua_exec status;
+@@ -7045,7 +7045,7 @@ static int hlua_applet_tcp_init(struct appctx *ctx, struct proxy *px, struct str
+ return 1;
+ }
+
+-static void hlua_applet_tcp_fct(struct appctx *ctx)
++void hlua_applet_tcp_fct(struct appctx *ctx)
+ {
+ struct stream_interface *si = ctx->owner;
+ struct stream *strm = si_strm(si);
+@@ -7417,7 +7417,7 @@ static void hlua_applet_htx_fct(struct appctx *ctx)
+ goto done;
+ }
+
+-static void hlua_applet_http_fct(struct appctx *ctx)
++void hlua_applet_http_fct(struct appctx *ctx)
+ {
+ struct stream_interface *si = ctx->owner;
+ struct stream *strm = si_strm(si);
+++ /dev/null
-commit 974c6916ba2f7efc83193bb8c04e95294ca21112
-Author: Christopher Faulet <cfaulet@haproxy.com>
-Date: Fri Jul 26 13:52:13 2019 +0200
-
- BUG/MEDIUM: lb-chash: Fix the realloc() when the number of nodes is increased
-
- When the number of nodes is increased because the server weight is changed, the
- nodes array must be realloc. But its new size is not correctly set. Only the
- total number of nodes is used to set the new size. But it must also depends on
- the size of a node. It must be the total nomber of nodes times the size of a
- node.
-
- This issue was reported on Github (#189).
-
- This patch must be backported to all versions since the 1.6.
-
- (cherry picked from commit 366ad86af72c455cc958943913cb2de20eefee71)
- Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
-
-diff --git a/src/lb_chash.c b/src/lb_chash.c
-index a35351e9..0bf4e81a 100644
---- a/src/lb_chash.c
-+++ b/src/lb_chash.c
-@@ -84,7 +84,7 @@ static inline void chash_queue_dequeue_srv(struct server *s)
- * increased the weight beyond the original weight
- */
- if (s->lb_nodes_tot < s->next_eweight) {
-- struct tree_occ *new_nodes = realloc(s->lb_nodes, s->next_eweight);
-+ struct tree_occ *new_nodes = realloc(s->lb_nodes, s->next_eweight * sizeof(*new_nodes));
-
- if (new_nodes) {
- unsigned int j;
--- /dev/null
+commit 4856b36cba80a259a78645753520323caca78d0f
+Author: Willy Tarreau <w@1wt.eu>
+Date: Wed Aug 21 14:16:02 2019 +0200
+
+ MEDIUM: debug: make the thread dump code show Lua backtraces
+
+ When we dump a thread's state (show thread, panic) we don't know if
+ anything is happening in Lua, which can be problematic especially when
+ calling external functions. With this patch, the thread dump code can
+ now detect if we're running in a global Lua task (hlua_process_task),
+ or in a TCP or HTTP Lua service (task_run_applet and applet.fct ==
+ hlua_applet_tcp_fct or http_applet_http_fct), or a fetch/converter
+ from an analyser (s->hlua != NULL). In such situations, it's able to
+ append a formatted Lua backtrace of the Lua execution path with
+ function names, file names and line numbers.
+
+ Note that a shorter alternative could be to call "luaL_where(hlua->T,0)"
+ which only prints the current location, but it's not necessarily sufficient
+ for complex code.
+
+ (cherry picked from commit 78a7cb648ca33823c06430cedc6859ea7e7cd5df)
+ [wt: backported to improve troubleshooting when the watchdog fires]
+ Signed-off-by: Willy Tarreau <w@1wt.eu>
+
+diff --git a/src/debug.c b/src/debug.c
+index 36cc9e71..79bea884 100644
+--- a/src/debug.c
++++ b/src/debug.c
+@@ -26,6 +26,7 @@
+
+ #include <proto/cli.h>
+ #include <proto/fd.h>
++#include <proto/hlua.h>
+ #include <proto/stream_interface.h>
+ #include <proto/task.h>
+
+@@ -91,6 +92,7 @@ void ha_task_dump(struct buffer *buf, const struct task *task, const char *pfx)
+ {
+ const struct stream *s = NULL;
+ const struct appctx __maybe_unused *appctx = NULL;
++ struct hlua __maybe_unused *hlua = NULL;
+
+ if (!task) {
+ chunk_appendf(buf, "0\n");
+@@ -117,6 +119,9 @@ void ha_task_dump(struct buffer *buf, const struct task *task, const char *pfx)
+ task->process == process_stream ? "process_stream" :
+ task->process == task_run_applet ? "task_run_applet" :
+ task->process == si_cs_io_cb ? "si_cs_io_cb" :
++#ifdef USE_LUA
++ task->process == hlua_process_task ? "hlua_process_task" :
++#endif
+ "?",
+ task->context);
+
+@@ -134,6 +139,30 @@ void ha_task_dump(struct buffer *buf, const struct task *task, const char *pfx)
+
+ if (s)
+ stream_dump(buf, s, pfx, '\n');
++
++#ifdef USE_LUA
++ hlua = NULL;
++ if (s && (hlua = s->hlua)) {
++ chunk_appendf(buf, "%sCurrent executing Lua from a stream analyser -- ", pfx);
++ }
++ else if (task->process == hlua_process_task && (hlua = task->context)) {
++ chunk_appendf(buf, "%sCurrent executing a Lua task -- ", pfx);
++ }
++ else if (task->process == task_run_applet && (appctx = task->context) &&
++ (appctx->applet->fct == hlua_applet_tcp_fct && (hlua = appctx->ctx.hlua_apptcp.hlua))) {
++ chunk_appendf(buf, "%sCurrent executing a Lua TCP service -- ", pfx);
++ }
++ else if (task->process == task_run_applet && (appctx = task->context) &&
++ (appctx->applet->fct == hlua_applet_http_fct && (hlua = appctx->ctx.hlua_apphttp.hlua))) {
++ chunk_appendf(buf, "%sCurrent executing a Lua HTTP service -- ", pfx);
++ }
++
++ if (hlua) {
++ luaL_traceback(hlua->T, hlua->T, NULL, 0);
++ if (!append_prefixed_str(buf, lua_tostring(hlua->T, -1), pfx, '\n', 1))
++ b_putchr(buf, '\n');
++ }
++#endif
+ }
+
+ /* This function dumps all profiling settings. It returns 0 if the output
--- /dev/null
+commit 9a408abbb8559df5718bc696bd9c3934c6500d63
+Author: Willy Tarreau <w@1wt.eu>
+Date: Fri Aug 23 08:11:36 2019 +0200
+
+ BUG/MEDIUM: mux-h1: do not truncate trailing 0CRLF on buffer boundary
+
+ The H1 message parser calls the various message block parsers with an
+ offset indicating where in the buffer to start from, and only consumes
+ the data at the end of the parsing. The headers and trailers parsers
+ have a condition detecting if a headers or trailers block is too large
+ to fit into the buffer. This is detected by an incomplete block while
+ the buffer is full. Unfortunately it doesn't take into account the fact
+ that the block may be parsed after other blocks that are still present
+ in the buffer, resulting in aborting some transfers early as reported
+ in issue #231. This typically happens if a trailers block is incomplete
+ at the end of a buffer full of data, which typically happens with data
+ sizes multiple of the buffer size minus less than the trailers block
+ size. It also happens with the CRLF that follows the 0-sized chunk of
+ any transfer-encoded contents is itself on such a boundary since this
+ CRLF is technically part of the trailers block. This can be reproduced
+ by asking a server to retrieve exactly 31532 or 31533 bytes of static
+ data using chunked encoding with curl, which reports:
+
+ transfer closed with outstanding read data remaining
+
+ This issue was revealed in 2.0 and does not affect 1.9 because in 1.9
+ the trailers block was processed at once as part of the data block
+ processing, and would simply give up and wait for the rest of the data
+ to arrive.
+
+ It's interesting to note that the headers block parsing is also affected
+ by this issue but in practice it has a much more limited impact since a
+ headers block is normally only parsed at the beginning of a buffer. The
+ only case where it seems to matter is when dealing with a response buffer
+ full of 100-continue header blocks followed by a regular header block,
+ which will then be rejected for the same reason.
+
+ This fix must be backported to 2.0 and partially to 1.9 (the headers
+ block part).
+
+ (cherry picked from commit 347f464d4e5a8a2bf3acd2411a6c8228e605e7f6)
+ Signed-off-by: Willy Tarreau <w@1wt.eu>
+
+diff --git a/src/mux_h1.c b/src/mux_h1.c
+index fa694c41..01f225a2 100644
+--- a/src/mux_h1.c
++++ b/src/mux_h1.c
+@@ -995,10 +995,11 @@ static size_t h1_process_headers(struct h1s *h1s, struct h1m *h1m, struct htx *h
+ ret = h1_headers_to_hdr_list(b_peek(buf, *ofs), b_tail(buf),
+ hdrs, sizeof(hdrs)/sizeof(hdrs[0]), h1m, &h1sl);
+ if (ret <= 0) {
+- /* Incomplete or invalid message. If the buffer is full, it's an
+- * error because headers are too large to be handled by the
+- * parser. */
+- if (ret < 0 || (!ret && !buf_room_for_htx_data(buf)))
++ /* Incomplete or invalid message. If the input buffer only
++ * contains headers and is full, which is detected by it being
++ * full and the offset to be zero, it's an error because
++ * headers are too large to be handled by the parser. */
++ if (ret < 0 || (!ret && !*ofs && !buf_room_for_htx_data(buf)))
+ goto error;
+ goto end;
+ }
+@@ -1339,10 +1340,11 @@ static size_t h1_process_trailers(struct h1s *h1s, struct h1m *h1m, struct htx *
+ ret = h1_headers_to_hdr_list(b_peek(buf, *ofs), b_tail(buf),
+ hdrs, sizeof(hdrs)/sizeof(hdrs[0]), &tlr_h1m, NULL);
+ if (ret <= 0) {
+- /* Incomplete or invalid trailers. If the buffer is full, it's
+- * an error because traliers are too large to be handled by the
+- * parser. */
+- if (ret < 0 || (!ret && !buf_room_for_htx_data(buf)))
++ /* Incomplete or invalid trailers. If the input buffer only
++ * contains trailers and is full, which is detected by it being
++ * full and the offset to be zero, it's an error because
++ * trailers are too large to be handled by the parser. */
++ if (ret < 0 || (!ret && !*ofs && !buf_room_for_htx_data(buf)))
+ goto error;
+ goto end;
+ }
+++ /dev/null
-commit 21a796cb83c29ee276feb04649a1b18214bbdee0
-Author: Olivier Houchard <ohouchard@haproxy.com>
-Date: Fri Jul 26 14:54:34 2019 +0200
-
- BUG/MEDIUM: streams: Don't switch the SI to SI_ST_DIS if we have data to send.
-
- In sess_established(), don't immediately switch the backend stream_interface
- to SI_ST_DIS if we only got a SHUTR. We may still have something to send,
- ie if the request is a POST, and we should be switched to SI_ST8DIS later
- when the shutw will happen.
-
- This should be backported to 2.0 and 1.9.
-
- (cherry picked from commit 7859526fd6ce7ea33e20b7e532b21aa2465cb11d)
- Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
-
-diff --git a/src/stream.c b/src/stream.c
-index a5c5f45c..64875c80 100644
---- a/src/stream.c
-+++ b/src/stream.c
-@@ -954,8 +954,9 @@ static void sess_establish(struct stream *s)
- si_chk_rcv(si);
- }
- req->wex = TICK_ETERNITY;
-- /* If we managed to get the whole response, switch to SI_ST_DIS now. */
-- if (rep->flags & CF_SHUTR)
-+ /* If we managed to get the whole response, and we don't have anything
-+ * left to send, or can't, switch to SI_ST_DIS now. */
-+ if (rep->flags & (CF_SHUTR | CF_SHUTW))
- si->state = SI_ST_DIS;
- }
-
--- /dev/null
+commit 620381599324e15403002270637a3b677c3fe7e5
+Author: Willy Tarreau <w@1wt.eu>
+Date: Fri Aug 23 09:29:29 2019 +0200
+
+ BUG/MEDIUM: mux-h1: do not report errors on transfers ending on buffer full
+
+ If a receipt ends with the HTX buffer full and everything is completed except
+ appending the HTX EOM block, we end up detecting an error because the H1
+ parser did not switch to H1_MSG_DONE yet while all conditions for an end of
+ stream and end of buffer are met. This can be detected by retrieving 31532
+ or 31533 chunk-encoded bytes over H1 and seeing haproxy log "SD--" at the
+ end of a successful transfer.
+
+ Ideally the EOM part should be totally independent on the H1 message state
+ since the block was really parsed and finished. So we should switch to a
+ last state requiring to send only EOM. However this needs a few risky
+ changes. This patch aims for simplicity and backport safety, thus it only
+ adds a flag to the H1 stream indicating that an EOM is still needed, and
+ excludes this condition from the ones used to detect end of processing. A
+ cleaner approach needs to be studied, either by adding a state before DONE
+ or by setting DONE once the various blocks are parsed and before trying to
+ send EOM.
+
+ This fix must be backported to 2.0. The issue does not seem to affect 1.9
+ though it is not yet known why, probably that it is related to the different
+ encoding of trailers which always leaves a bit of room to let EOM be stored.
+
+ (cherry picked from commit 0bb5a5c4b5ad375b1254c2e8bec2dd5ea85d6ebb)
+ Signed-off-by: Willy Tarreau <w@1wt.eu>
+
+diff --git a/src/mux_h1.c b/src/mux_h1.c
+index 01f225a2..b9a37ce5 100644
+--- a/src/mux_h1.c
++++ b/src/mux_h1.c
+@@ -67,7 +67,8 @@
+ #define H1S_F_BUF_FLUSH 0x00000100 /* Flush input buffer and don't read more data */
+ #define H1S_F_SPLICED_DATA 0x00000200 /* Set when the kernel splicing is in used */
+ #define H1S_F_HAVE_I_TLR 0x00000800 /* Set during input process to know the trailers were processed */
+-/* 0x00001000 .. 0x00002000 unused */
++#define H1S_F_APPEND_EOM 0x00001000 /* Send EOM to the HTX buffer */
++/* 0x00002000 .. 0x00002000 unused */
+ #define H1S_F_HAVE_O_CONN 0x00004000 /* Set during output process to know connection mode was processed */
+
+ /* H1 connection descriptor */
+@@ -954,9 +955,12 @@ static size_t h1_eval_htx_res_size(struct h1m *h1m, union h1_sl *h1sl, struct ht
+ */
+ static size_t h1_process_eom(struct h1s *h1s, struct h1m *h1m, struct htx *htx, size_t max)
+ {
+- if (max < sizeof(struct htx_blk) + 1 || !htx_add_endof(htx, HTX_BLK_EOM))
++ if (max < sizeof(struct htx_blk) + 1 || !htx_add_endof(htx, HTX_BLK_EOM)) {
++ h1s->flags |= H1S_F_APPEND_EOM;
+ return 0;
++ }
+
++ h1s->flags &= ~H1S_F_APPEND_EOM;
+ h1m->state = H1_MSG_DONE;
+ h1s->cs->flags |= CS_FL_EOI;
+ return (sizeof(struct htx_blk) + 1);
+@@ -1472,7 +1476,8 @@ static size_t h1_process_input(struct h1c *h1c, struct buffer *buf, size_t count
+ else if (h1s_data_pending(h1s) && !htx_is_empty(htx))
+ h1s->cs->flags |= CS_FL_RCV_MORE | CS_FL_WANT_ROOM;
+
+- if ((h1s->flags & H1S_F_REOS) && (!h1s_data_pending(h1s) || htx_is_empty(htx))) {
++ if (((h1s->flags & (H1S_F_REOS|H1S_F_APPEND_EOM)) == H1S_F_REOS) &&
++ (!h1s_data_pending(h1s) || htx_is_empty(htx))) {
+ h1s->cs->flags |= CS_FL_EOS;
+ if (h1m->state > H1_MSG_LAST_LF && h1m->state < H1_MSG_DONE)
+ h1s->cs->flags |= CS_FL_ERROR;
+++ /dev/null
-commit 487b38e86c08431bc5f48aac72c8d753ee23cb03
-Author: Willy Tarreau <w@1wt.eu>
-Date: Fri Jul 26 15:10:39 2019 +0200
-
- BUG/MINOR: log: make sure writev() is not interrupted on a file output
-
- Since 1.9 we support sending logs to various non-blocking outputs like
- stdou/stderr or flies, by using writev() which guarantees that it only
- returns after having written everything or nothing. However the syscall
- may be interrupted while doing so, and this is visible when writing to
- a tty during debug sessions, as some logs occasionally appear interleaved
- if an xterm or SSH connection is not very fast. Performance here is not a
- critical concern, log correctness is. Let's simply take the logger's lock
- around the writev() call to prevent multiple senders from stepping onto
- each other's toes.
-
- This may be backported to 2.0 and 1.9.
-
- (cherry picked from commit 9fbcb7e2e9c32659ab11927394fec2e160be2d0b)
- Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
-
-diff --git a/src/log.c b/src/log.c
-index ef999d13..99f185e4 100644
---- a/src/log.c
-+++ b/src/log.c
-@@ -1672,8 +1672,15 @@ send:
- iovec[7].iov_len = 1;
-
- if (logsrv->addr.ss_family == AF_UNSPEC) {
-- /* the target is a direct file descriptor */
-+ /* the target is a direct file descriptor. While writev() guarantees
-+ * to write everything, it doesn't guarantee that it will not be
-+ * interrupted while doing so. This occasionally results in interleaved
-+ * messages when the output is a tty, hence the lock. There's no real
-+ * performance concern here for such type of output.
-+ */
-+ HA_SPIN_LOCK(LOGSRV_LOCK, &logsrv->lock);
- sent = writev(*plogfd, iovec, 8);
-+ HA_SPIN_UNLOCK(LOGSRV_LOCK, &logsrv->lock);
- }
- else {
- msghdr.msg_name = (struct sockaddr *)&logsrv->addr;
--- /dev/null
+commit 7c80af0fb53f2a1d93a597f7d97cc67996e36be2
+Author: n9@users.noreply.github.com <n9@users.noreply.github.com>
+Date: Fri Aug 23 11:21:05 2019 +0200
+
+ DOC: fixed typo in management.txt
+
+ replaced fot -> for
+ added two periods
+
+ (cherry picked from commit 25a1c8e4539c12c19a3fe04aabe563cdac5e36db)
+ Signed-off-by: Willy Tarreau <w@1wt.eu>
+
+diff --git a/doc/management.txt b/doc/management.txt
+index 616a040b..ad6011e5 100644
+--- a/doc/management.txt
++++ b/doc/management.txt
+@@ -1549,8 +1549,8 @@ enable agent <backend>/<server>
+ level "admin".
+
+ enable dynamic-cookie backend <backend>
+- Enable the generation of dynamic cookies fot the backend <backend>
+- A secret key must also be provided
++ Enable the generation of dynamic cookies for the backend <backend>.
++ A secret key must also be provided.
+
+ enable frontend <frontend>
+ Resume a frontend which was temporarily stopped. It is possible that some of
+++ /dev/null
-commit 8de6badd32fb584d60733a6236113edba00f8701
-Author: Willy Tarreau <w@1wt.eu>
-Date: Fri Jul 26 15:21:54 2019 +0200
-
- DOC: improve the wording in CONTRIBUTING about how to document a bug fix
-
- Insufficiently described bug fixes are still too frequent. It's a real
- pain to create each new maintenance release, as 3/4 of the time is spent
- trying to guess what problem a patch fixes, which is already important
- in order to decide whether to pick the fix or not, but is even more
- capital in order to write understandable release notes.
-
- Christopher rightfully demands that a patch tagged "BUG" MUST ABSOLUTELY
- describe the problem and why this problem is a bug. Describing the fix
- is one thing but if the bug is unknown, why would there be a fix ? How
- can a stable maintainer be convinced to take a fix if its author didn't
- care about checking whether it was a real bug ? This patch tries to
- explain a bit better what really needs to appear in the commit message
- and how to describe a bug.
-
- To be backported to all relevant stable versions.
-
- (cherry picked from commit 41f638c1eb8167bb473a6c8811d7fd70d7c06e07)
- Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
-
-diff --git a/CONTRIBUTING b/CONTRIBUTING
-index 0fcd921e..201e122d 100644
---- a/CONTRIBUTING
-+++ b/CONTRIBUTING
-@@ -454,7 +454,18 @@ do not think about them anymore after a few patches.
-
- 11) Real commit messages please!
-
-- Please properly format your commit messages. To get an idea, just run
-+ The commit message is how you're trying to convince a maintainer to adopt
-+ your work and maintain it as long as possible. A dirty commit message almost
-+ always comes with dirty code. Too short a commit message indicates that too
-+ short an analysis was done and that side effects are extremely likely to be
-+ encountered. It's the maintainer's job to decide to accept this work in its
-+ current form or not, with the known constraints. Some patches which rework
-+ architectural parts or fix sensitive bugs come with 20-30 lines of design
-+ explanations, limitations, hypothesis or even doubts, and despite this it
-+ happens when reading them 6 months later while trying to identify a bug that
-+ developers still miss some information about corner cases.
-+
-+ So please properly format your commit messages. To get an idea, just run
- "git log" on the file you've just modified. Patches always have the format
- of an e-mail made of a subject, a description and the actual patch. If you
- are sending a patch as an e-mail formatted this way, it can quickly be
-@@ -506,9 +517,17 @@ do not think about them anymore after a few patches.
-
- But in any case, it is important that there is a clean description of what
- the patch does, the motivation for what it does, why it's the best way to do
-- it, its impacts, and what it does not yet cover. Also, in HAProxy, like many
-- projects which take a great care of maintaining stable branches, patches are
-- reviewed later so that some of them can be backported to stable releases.
-+ it, its impacts, and what it does not yet cover. And this is particularly
-+ important for bugs. A patch tagged "BUG" must absolutely explain what the
-+ problem is, why it is considered as a bug. Anybody, even non-developers,
-+ should be able to tell whether or not a patch is likely to address an issue
-+ they are facing. Indicating what the code will do after the fix doesn't help
-+ if it does not say what problem is encountered without the patch. Note that
-+ in some cases the bug is purely theorical and observed by reading the code.
-+ In this case it's perfectly fine to provide an estimate about possible
-+ effects. Also, in HAProxy, like many projects which take a great care of
-+ maintaining stable branches, patches are reviewed later so that some of them
-+ can be backported to stable releases.
-
- While reviewing hundreds of patches can seem cumbersome, with a proper
- formatting of the subject line it actually becomes very easy. For example,
-@@ -630,13 +649,23 @@ patch types include :
-
- - BUG fix for a bug. The severity of the bug should also be indicated
- when known. Similarly, if a backport is needed to older versions,
-- it should be indicated on the last line of the commit message. If
-- the bug has been identified as a regression brought by a specific
-- patch or version, this indication will be appreciated too. New
-- maintenance releases are generally emitted when a few of these
-- patches are merged. If the bug is a vulnerability for which a CVE
-- identifier was assigned before you publish the fix, you can mention
-- it in the commit message, it will help distro maintainers.
-+ it should be indicated on the last line of the commit message. The
-+ commit message MUST ABSOLUTELY describe the problem and its impact
-+ to non-developers. Any user must be able to guess if this patch is
-+ likely to fix a problem they are facing. Even if the bug was
-+ discovered by accident while reading the code or running an
-+ automated tool, it is mandatory to try to estimate what potential
-+ issue it might cause and under what circumstances. There may even
-+ be security implications sometimes so a minimum analysis is really
-+ required. Also please think about stable maintainers who have to
-+ build the release notes, they need to have enough input about the
-+ bug's impact to explain it. If the bug has been identified as a
-+ regression brought by a specific patch or version, this indication
-+ will be appreciated too. New maintenance releases are generally
-+ emitted when a few of these patches are merged. If the bug is a
-+ vulnerability for which a CVE identifier was assigned before you
-+ publish the fix, you can mention it in the commit message, it will
-+ help distro maintainers.
-
- - CLEANUP code cleanup, silence of warnings, etc... theoretically no impact.
- These patches will rarely be seen in stable branches, though they
+++ /dev/null
-commit 72c692701ab4197f1f8ec7594b7e8ef5082b9d9e
-Author: Christopher Faulet <cfaulet@haproxy.com>
-Date: Fri Jul 26 16:40:24 2019 +0200
-
- BUG/MINOR: hlua/htx: Reset channels analyzers when txn:done() is called
-
- For HTX streams, when txn:done() is called, the work is delegated to the
- function http_reply_and_close(). But it is not enough. The channel's analyzers
- must also be reset. Otherwise, some analyzers may still be called while
- processing should be aborted.
-
- For instance, if the function is called from an http-request rules on the
- frontend, request analyzers on the backend side are still called. So we may try
- to add an header to the request, while this one was already reset.
-
- This patch must be backported to 2.0 and 1.9.
-
- (cherry picked from commit fe6a71b8e08234dbe03fbd2fa3017590681479df)
- Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
-
-diff --git a/src/hlua.c b/src/hlua.c
-index 23d2aa04..f9d1d699 100644
---- a/src/hlua.c
-+++ b/src/hlua.c
-@@ -5996,8 +5996,12 @@ __LJMP static int hlua_txn_done(lua_State *L)
- ic = &htxn->s->req;
- oc = &htxn->s->res;
-
-- if (IS_HTX_STRM(htxn->s))
-- htx_reply_and_close(htxn->s, 0, NULL);
-+ if (IS_HTX_STRM(htxn->s)) {
-+ htxn->s->txn->status = 0;
-+ http_reply_and_close(htxn->s, 0, NULL);
-+ ic->analysers &= AN_REQ_FLT_END;
-+ oc->analysers &= AN_RES_FLT_END;
-+ }
- else {
- if (htxn->s->txn) {
- /* HTTP mode, let's stay in sync with the stream */
-@@ -6031,6 +6035,9 @@ __LJMP static int hlua_txn_done(lua_State *L)
- ic->analysers = 0;
- }
-
-+ if (!(htxn->s->flags & SF_ERR_MASK)) // this is not really an error but it is
-+ htxn->s->flags |= SF_ERR_LOCAL; // to mark that it comes from the proxy
-+
- hlua->flags |= HLUA_STOP;
- WILL_LJMP(hlua_done(L));
- return 0;
--- /dev/null
+commit f259fcc00a04e633a7a64f894a719f78f3644867
+Author: Willy Tarreau <w@1wt.eu>
+Date: Mon Aug 26 10:37:39 2019 +0200
+
+ BUG/MINOR: mworker: disable SIGPROF on re-exec
+
+ If haproxy is built with profiling enabled with -pg, it is possible to
+ see the master quit during a reload while it's re-executing itself with
+ error code 155 (signal 27) saying "Profile timer expired)". This happens
+ if the SIGPROF signal is delivered during the execve() call while the
+ handler was already unregistered. The issue itself is not directly inside
+ haproxy but it's easy to address. This patch disables this signal before
+ calling execvp() during a master reload. A simple test for this consists
+ in running this little script with haproxy started in master-worker mode :
+
+ $ while usleep 50000; do killall -USR2 haproxy; done
+
+ This fix should be backported to all versions using the master-worker
+ model.
+
+ (cherry picked from commit e0d86e2c1caaaa2141118e3309d479de5f67e855)
+ Signed-off-by: Willy Tarreau <w@1wt.eu>
+
+diff --git a/src/haproxy.c b/src/haproxy.c
+index f6f00fc1..c93b0d13 100644
+--- a/src/haproxy.c
++++ b/src/haproxy.c
+@@ -695,6 +695,7 @@ void mworker_reload()
+ }
+
+ ha_warning("Reexecuting Master process\n");
++ signal(SIGPROF, SIG_IGN);
+ execvp(next_argv[0], next_argv);
+
+ ha_warning("Failed to reexecute the master process [%d]: %s\n", pid, strerror(errno));
+++ /dev/null
-commit dc2ee27c7a1908ca3157a10ad131f13644bcaea3
-Author: Christopher Faulet <cfaulet@haproxy.com>
-Date: Fri Jul 26 16:17:01 2019 +0200
-
- BUG/MEDIUM: hlua: Check the calling direction in lua functions of the HTTP class
-
- It is invalid to manipulate responses from http-request rules or to manipulate
- requests from http-response rules. When http-request rules are evaluated, the
- connection to server is not yet established, so there is no response at all. And
- when http-response rules are evaluated, the request has already been sent to the
- server.
-
- Now, the calling direction is checked. So functions "txn.http:req_*" can now
- only be called from http-request rules and the functions "txn.http:res_*" can
- only be called from http-response rules.
-
- This issue was reported on Github (#190).
-
- This patch must be backported to all versions since the 1.6.
-
- (cherry picked from commit 84a6d5bc217a418db8efc4e76a0a32860db2c608)
- Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
-
-diff --git a/src/hlua.c b/src/hlua.c
-index f9d1d699..21351cd6 100644
---- a/src/hlua.c
-+++ b/src/hlua.c
-@@ -5346,6 +5346,9 @@ __LJMP static int hlua_http_req_get_headers(lua_State *L)
- MAY_LJMP(check_args(L, 1, "req_get_headers"));
- htxn = MAY_LJMP(hlua_checkhttp(L, 1));
-
-+ if (htxn->dir != SMP_OPT_DIR_REQ)
-+ WILL_LJMP(lua_error(L));
-+
- return hlua_http_get_headers(L, htxn, &htxn->s->txn->req);
- }
-
-@@ -5356,6 +5359,9 @@ __LJMP static int hlua_http_res_get_headers(lua_State *L)
- MAY_LJMP(check_args(L, 1, "res_get_headers"));
- htxn = MAY_LJMP(hlua_checkhttp(L, 1));
-
-+ if (htxn->dir != SMP_OPT_DIR_RES)
-+ WILL_LJMP(lua_error(L));
-+
- return hlua_http_get_headers(L, htxn, &htxn->s->txn->rsp);
- }
-
-@@ -5393,6 +5399,9 @@ __LJMP static int hlua_http_req_rep_hdr(lua_State *L)
- MAY_LJMP(check_args(L, 4, "req_rep_hdr"));
- htxn = MAY_LJMP(hlua_checkhttp(L, 1));
-
-+ if (htxn->dir != SMP_OPT_DIR_REQ)
-+ WILL_LJMP(lua_error(L));
-+
- return MAY_LJMP(hlua_http_rep_hdr(L, htxn, &htxn->s->txn->req, ACT_HTTP_REPLACE_HDR));
- }
-
-@@ -5403,6 +5412,9 @@ __LJMP static int hlua_http_res_rep_hdr(lua_State *L)
- MAY_LJMP(check_args(L, 4, "res_rep_hdr"));
- htxn = MAY_LJMP(hlua_checkhttp(L, 1));
-
-+ if (htxn->dir != SMP_OPT_DIR_RES)
-+ WILL_LJMP(lua_error(L));
-+
- return MAY_LJMP(hlua_http_rep_hdr(L, htxn, &htxn->s->txn->rsp, ACT_HTTP_REPLACE_HDR));
- }
-
-@@ -5413,6 +5425,9 @@ __LJMP static int hlua_http_req_rep_val(lua_State *L)
- MAY_LJMP(check_args(L, 4, "req_rep_hdr"));
- htxn = MAY_LJMP(hlua_checkhttp(L, 1));
-
-+ if (htxn->dir != SMP_OPT_DIR_REQ)
-+ WILL_LJMP(lua_error(L));
-+
- return MAY_LJMP(hlua_http_rep_hdr(L, htxn, &htxn->s->txn->req, ACT_HTTP_REPLACE_VAL));
- }
-
-@@ -5423,6 +5438,9 @@ __LJMP static int hlua_http_res_rep_val(lua_State *L)
- MAY_LJMP(check_args(L, 4, "res_rep_val"));
- htxn = MAY_LJMP(hlua_checkhttp(L, 1));
-
-+ if (htxn->dir != SMP_OPT_DIR_RES)
-+ WILL_LJMP(lua_error(L));
-+
- return MAY_LJMP(hlua_http_rep_hdr(L, htxn, &htxn->s->txn->rsp, ACT_HTTP_REPLACE_VAL));
- }
-
-@@ -5462,6 +5480,9 @@ __LJMP static int hlua_http_req_del_hdr(lua_State *L)
- MAY_LJMP(check_args(L, 2, "req_del_hdr"));
- htxn = MAY_LJMP(hlua_checkhttp(L, 1));
-
-+ if (htxn->dir != SMP_OPT_DIR_REQ)
-+ WILL_LJMP(lua_error(L));
-+
- return hlua_http_del_hdr(L, htxn, &htxn->s->txn->req);
- }
-
-@@ -5469,9 +5490,12 @@ __LJMP static int hlua_http_res_del_hdr(lua_State *L)
- {
- struct hlua_txn *htxn;
-
-- MAY_LJMP(check_args(L, 2, "req_del_hdr"));
-+ MAY_LJMP(check_args(L, 2, "res_del_hdr"));
- htxn = MAY_LJMP(hlua_checkhttp(L, 1));
-
-+ if (htxn->dir != SMP_OPT_DIR_RES)
-+ WILL_LJMP(lua_error(L));
-+
- return hlua_http_del_hdr(L, htxn, &htxn->s->txn->rsp);
- }
-
-@@ -5523,6 +5547,9 @@ __LJMP static int hlua_http_req_add_hdr(lua_State *L)
- MAY_LJMP(check_args(L, 3, "req_add_hdr"));
- htxn = MAY_LJMP(hlua_checkhttp(L, 1));
-
-+ if (htxn->dir != SMP_OPT_DIR_REQ)
-+ WILL_LJMP(lua_error(L));
-+
- return hlua_http_add_hdr(L, htxn, &htxn->s->txn->req);
- }
-
-@@ -5533,6 +5560,9 @@ __LJMP static int hlua_http_res_add_hdr(lua_State *L)
- MAY_LJMP(check_args(L, 3, "res_add_hdr"));
- htxn = MAY_LJMP(hlua_checkhttp(L, 1));
-
-+ if (htxn->dir != SMP_OPT_DIR_RES)
-+ WILL_LJMP(lua_error(L));
-+
- return hlua_http_add_hdr(L, htxn, &htxn->s->txn->rsp);
- }
-
-@@ -5543,6 +5573,9 @@ static int hlua_http_req_set_hdr(lua_State *L)
- MAY_LJMP(check_args(L, 3, "req_set_hdr"));
- htxn = MAY_LJMP(hlua_checkhttp(L, 1));
-
-+ if (htxn->dir != SMP_OPT_DIR_REQ)
-+ WILL_LJMP(lua_error(L));
-+
- hlua_http_del_hdr(L, htxn, &htxn->s->txn->req);
- return hlua_http_add_hdr(L, htxn, &htxn->s->txn->req);
- }
-@@ -5554,6 +5587,9 @@ static int hlua_http_res_set_hdr(lua_State *L)
- MAY_LJMP(check_args(L, 3, "res_set_hdr"));
- htxn = MAY_LJMP(hlua_checkhttp(L, 1));
-
-+ if (htxn->dir != SMP_OPT_DIR_RES)
-+ WILL_LJMP(lua_error(L));
-+
- hlua_http_del_hdr(L, htxn, &htxn->s->txn->rsp);
- return hlua_http_add_hdr(L, htxn, &htxn->s->txn->rsp);
- }
-@@ -5565,6 +5601,9 @@ static int hlua_http_req_set_meth(lua_State *L)
- size_t name_len;
- const char *name = MAY_LJMP(luaL_checklstring(L, 2, &name_len));
-
-+ if (htxn->dir != SMP_OPT_DIR_REQ)
-+ WILL_LJMP(lua_error(L));
-+
- lua_pushboolean(L, http_replace_req_line(0, name, name_len, htxn->p, htxn->s) != -1);
- return 1;
- }
-@@ -5576,6 +5615,9 @@ static int hlua_http_req_set_path(lua_State *L)
- size_t name_len;
- const char *name = MAY_LJMP(luaL_checklstring(L, 2, &name_len));
-
-+ if (htxn->dir != SMP_OPT_DIR_REQ)
-+ WILL_LJMP(lua_error(L));
-+
- lua_pushboolean(L, http_replace_req_line(1, name, name_len, htxn->p, htxn->s) != -1);
- return 1;
- }
-@@ -5587,6 +5629,9 @@ static int hlua_http_req_set_query(lua_State *L)
- size_t name_len;
- const char *name = MAY_LJMP(luaL_checklstring(L, 2, &name_len));
-
-+ if (htxn->dir != SMP_OPT_DIR_REQ)
-+ WILL_LJMP(lua_error(L));
-+
- /* Check length. */
- if (name_len > trash.size - 1) {
- lua_pushboolean(L, 0);
-@@ -5611,6 +5656,9 @@ static int hlua_http_req_set_uri(lua_State *L)
- size_t name_len;
- const char *name = MAY_LJMP(luaL_checklstring(L, 2, &name_len));
-
-+ if (htxn->dir != SMP_OPT_DIR_REQ)
-+ WILL_LJMP(lua_error(L));
-+
- lua_pushboolean(L, http_replace_req_line(3, name, name_len, htxn->p, htxn->s) != -1);
- return 1;
- }
-@@ -5622,6 +5670,9 @@ static int hlua_http_res_set_status(lua_State *L)
- unsigned int code = MAY_LJMP(luaL_checkinteger(L, 2));
- const char *reason = MAY_LJMP(luaL_optlstring(L, 3, NULL, NULL));
-
-+ if (htxn->dir != SMP_OPT_DIR_RES)
-+ WILL_LJMP(lua_error(L));
-+
- http_set_status(code, reason, htxn->s);
- return 0;
- }
--- /dev/null
+commit b10c8d7641cc8ceae6fba4506b7f987d66109bd9
+Author: Willy Tarreau <w@1wt.eu>
+Date: Mon Aug 26 10:55:52 2019 +0200
+
+ BUG/MEDIUM: listener/threads: fix an AB/BA locking issue in delete_listener()
+
+ The delete_listener() function takes the listener's lock before taking
+ the proto_lock, which is contrary to what other functions do, possibly
+ causing an AB/BA deadlock. In practice the two only places where both
+ are taken are during protocol_enable_all() and delete_listener(), the
+ former being used during startup and the latter during stop. In practice
+ during reload floods, it is technically possible for a thread to be
+ initializing the listeners while another one is stopping. While this
+ is too hard to trigger on 2.0 and above due to the synchronization of
+ all threads during startup, it's reasonably easy to do in 1.9 by having
+ hundreds of listeners, starting 64 threads and flooding them with reloads
+ like this :
+
+ $ while usleep 50000; do killall -USR2 haproxy; done
+
+ Usually in less than a minute, all threads will be deadlocked. The fix
+ consists in always taking the proto_lock before the listener lock. It
+ seems to be the only place where these two locks were reversed. This
+ fix needs to be backported to 2.0, 1.9, and 1.8.
+
+ (cherry picked from commit 6ee9f8df3bfbb811526cff3313da5758b1277bc6)
+ Signed-off-by: Willy Tarreau <w@1wt.eu>
+
+diff --git a/src/listener.c b/src/listener.c
+index b5fe2ac2..54c09960 100644
+--- a/src/listener.c
++++ b/src/listener.c
+@@ -595,17 +595,17 @@ int create_listeners(struct bind_conf *bc, const struct sockaddr_storage *ss,
+ */
+ void delete_listener(struct listener *listener)
+ {
++ HA_SPIN_LOCK(PROTO_LOCK, &proto_lock);
+ HA_SPIN_LOCK(LISTENER_LOCK, &listener->lock);
+ if (listener->state == LI_ASSIGNED) {
+ listener->state = LI_INIT;
+- HA_SPIN_LOCK(PROTO_LOCK, &proto_lock);
+ LIST_DEL(&listener->proto_list);
+ listener->proto->nb_listeners--;
+- HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock);
+ _HA_ATOMIC_SUB(&jobs, 1);
+ _HA_ATOMIC_SUB(&listeners, 1);
+ }
+ HA_SPIN_UNLOCK(LISTENER_LOCK, &listener->lock);
++ HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock);
+ }
+
+ /* Returns a suitable value for a listener's backlog. It uses the listener's,
--- /dev/null
+commit 4db294bc0b7988607f2dfdb9d57974b2ba47cbc3
+Author: Jerome Magnin <jmagnin@haproxy.com>
+Date: Mon Aug 26 11:44:21 2019 +0200
+
+ BUG/MEDIUM: url32 does not take the path part into account in the returned hash.
+
+ The url32 sample fetch does not take the path part of the URL into
+ account. This is because in smp_fetch_url32() we erroneously modify
+ path.len and path.ptr before testing their value and building the
+ path based part of the hash.
+
+ This fixes issue #235
+
+ This must be backported as far as 1.9, when HTX was introduced.
+
+ (cherry picked from commit 2dd26ca9ff8e642611b8b012d6aee45ea45196bc)
+ [wt: adjusted context, we still have legacy in 2.0]
+ Signed-off-by: Willy Tarreau <w@1wt.eu>
+
+diff --git a/src/http_fetch.c b/src/http_fetch.c
+index e372a122..6448bde9 100644
+--- a/src/http_fetch.c
++++ b/src/http_fetch.c
+@@ -2735,10 +2735,6 @@ static int smp_fetch_url32(const struct arg *args, struct sample *smp, const cha
+ /* now retrieve the path */
+ sl = http_get_stline(htx);
+ path = http_get_path(htx_sl_req_uri(sl));
+- while (path.len > 0 && *(path.ptr) != '?') {
+- path.ptr++;
+- path.len--;
+- }
+ if (path.len && *(path.ptr) == '/') {
+ while (path.len--)
+ hash = *(path.ptr++) + (hash << 6) + (hash << 16) - hash;
+++ /dev/null
-commit b22f6501bc9838061472128360e0e55d08cb0bd9
-Author: Christopher Faulet <cfaulet@haproxy.com>
-Date: Fri Jul 26 14:54:52 2019 +0200
-
- MINOR: hlua: Don't set request analyzers on response channel for lua actions
-
- Setting some requests analyzers on the response channel was an old trick to be
- sure to re-evaluate the request's analyers after the response's ones have been
- called. It is no more necessary. In fact, this trick was removed in the version
- 1.8 and backported up to the version 1.6.
-
- This patch must be backported to all versions since 1.6 to ease the backports of
- fixes on the lua code.
-
- (cherry picked from commit 51fa358432247fe5d7259d9d8a0e08d49d429c73)
- Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
-
-diff --git a/src/hlua.c b/src/hlua.c
-index 21351cd6..36454cdc 100644
---- a/src/hlua.c
-+++ b/src/hlua.c
-@@ -6873,11 +6873,8 @@ static enum act_return hlua_action(struct act_rule *rule, struct proxy *px,
- * is detected on a response channel. This is useful
- * only for actions targeted on the requests.
- */
-- if (HLUA_IS_WAKERESWR(s->hlua)) {
-+ if (HLUA_IS_WAKERESWR(s->hlua))
- s->res.flags |= CF_WAKE_WRITE;
-- if ((analyzer & (AN_REQ_INSPECT_FE|AN_REQ_HTTP_PROCESS_FE)))
-- s->res.analysers |= analyzer;
-- }
- if (HLUA_IS_WAKEREQWR(s->hlua))
- s->req.flags |= CF_WAKE_WRITE;
- /* We can quit the function without consistency check
+++ /dev/null
-commit ff96b8bd3f85155f65b2b9c9f046fe3e40f630a4
-Author: Christopher Faulet <cfaulet@haproxy.com>
-Date: Fri Jul 26 15:09:53 2019 +0200
-
- MINOR: hlua: Add a flag on the lua txn to know in which context it can be used
-
- When a lua action or a lua sample fetch is called, a lua transaction is
- created. It is an entry in the stack containing the class TXN. Thanks to it, we
- can know the direction (request or response) of the call. But, for some
- functions, it is also necessary to know if the buffer is "HTTP ready" for the
- given direction. "HTTP ready" means there is a valid HTTP message in the
- channel's buffer. So, when a lua action or a lua sample fetch is called, the
- flag HLUA_TXN_HTTP_RDY is set if it is appropriate.
-
- (cherry picked from commit bfab2dddad3ded87617d1e2db54761943d1eb32d)
- Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
-
-diff --git a/include/types/hlua.h b/include/types/hlua.h
-index 70c76852..2f4e38be 100644
---- a/include/types/hlua.h
-+++ b/include/types/hlua.h
-@@ -43,7 +43,8 @@ struct stream;
- #define HLUA_F_AS_STRING 0x01
- #define HLUA_F_MAY_USE_HTTP 0x02
-
--#define HLUA_TXN_NOTERM 0x00000001
-+#define HLUA_TXN_NOTERM 0x00000001
-+#define HLUA_TXN_HTTP_RDY 0x00000002 /* Set if the txn is HTTP ready for the defined direction */
-
- #define HLUA_CONCAT_BLOCSZ 2048
-
-diff --git a/src/hlua.c b/src/hlua.c
-index 36454cdc..d37e3c61 100644
---- a/src/hlua.c
-+++ b/src/hlua.c
-@@ -6494,6 +6494,7 @@ static int hlua_sample_fetch_wrapper(const struct arg *arg_p, struct sample *smp
- struct stream *stream = smp->strm;
- const char *error;
- const struct buffer msg = { };
-+ unsigned int hflags = HLUA_TXN_NOTERM;
-
- if (!stream)
- return 0;
-@@ -6517,6 +6518,13 @@ static int hlua_sample_fetch_wrapper(const struct arg *arg_p, struct sample *smp
-
- consistency_set(stream, smp->opt, &stream->hlua->cons);
-
-+ if (stream->be->mode == PR_MODE_HTTP) {
-+ if ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ)
-+ hflags |= ((stream->txn->req.msg_state < HTTP_MSG_BODY) ? 0 : HLUA_TXN_HTTP_RDY);
-+ else
-+ hflags |= ((stream->txn->rsp.msg_state < HTTP_MSG_BODY) ? 0 : HLUA_TXN_HTTP_RDY);
-+ }
-+
- /* If it is the first run, initialize the data for the call. */
- if (!HLUA_IS_RUNNING(stream->hlua)) {
-
-@@ -6541,8 +6549,7 @@ static int hlua_sample_fetch_wrapper(const struct arg *arg_p, struct sample *smp
- lua_rawgeti(stream->hlua->T, LUA_REGISTRYINDEX, fcn->function_ref);
-
- /* push arguments in the stack. */
-- if (!hlua_txn_new(stream->hlua->T, stream, smp->px, smp->opt & SMP_OPT_DIR,
-- HLUA_TXN_NOTERM)) {
-+ if (!hlua_txn_new(stream->hlua->T, stream, smp->px, smp->opt & SMP_OPT_DIR, hflags)) {
- SEND_ERR(smp->px, "Lua sample-fetch '%s': full stack.\n", fcn->name);
- RESET_SAFE_LJMP(stream->hlua->T);
- return 0;
-@@ -6759,16 +6766,16 @@ static enum act_return hlua_action(struct act_rule *rule, struct proxy *px,
- struct session *sess, struct stream *s, int flags)
- {
- char **arg;
-- unsigned int analyzer;
-+ unsigned int hflags = 0;
- int dir;
- const char *error;
- const struct buffer msg = { };
-
- switch (rule->from) {
-- case ACT_F_TCP_REQ_CNT: analyzer = AN_REQ_INSPECT_FE ; dir = SMP_OPT_DIR_REQ; break;
-- case ACT_F_TCP_RES_CNT: analyzer = AN_RES_INSPECT ; dir = SMP_OPT_DIR_RES; break;
-- case ACT_F_HTTP_REQ: analyzer = AN_REQ_HTTP_PROCESS_FE; dir = SMP_OPT_DIR_REQ; break;
-- case ACT_F_HTTP_RES: analyzer = AN_RES_HTTP_PROCESS_BE; dir = SMP_OPT_DIR_RES; break;
-+ case ACT_F_TCP_REQ_CNT: ; dir = SMP_OPT_DIR_REQ; break;
-+ case ACT_F_TCP_RES_CNT: ; dir = SMP_OPT_DIR_RES; break;
-+ case ACT_F_HTTP_REQ: hflags = HLUA_TXN_HTTP_RDY ; dir = SMP_OPT_DIR_REQ; break;
-+ case ACT_F_HTTP_RES: hflags = HLUA_TXN_HTTP_RDY ; dir = SMP_OPT_DIR_RES; break;
- default:
- SEND_ERR(px, "Lua: internal error while execute action.\n");
- return ACT_RET_CONT;
-@@ -6821,7 +6828,7 @@ static enum act_return hlua_action(struct act_rule *rule, struct proxy *px,
- lua_rawgeti(s->hlua->T, LUA_REGISTRYINDEX, rule->arg.hlua_rule->fcn.function_ref);
-
- /* Create and and push object stream in the stack. */
-- if (!hlua_txn_new(s->hlua->T, s, px, dir, 0)) {
-+ if (!hlua_txn_new(s->hlua->T, s, px, dir, hflags)) {
- SEND_ERR(px, "Lua function '%s': full stack.\n",
- rule->arg.hlua_rule->fcn.name);
- RESET_SAFE_LJMP(s->hlua->T);
-@@ -6864,9 +6871,9 @@ static enum act_return hlua_action(struct act_rule *rule, struct proxy *px,
- case HLUA_E_AGAIN:
- /* Set timeout in the required channel. */
- if (s->hlua->wake_time != TICK_ETERNITY) {
-- if (analyzer & (AN_REQ_INSPECT_FE|AN_REQ_HTTP_PROCESS_FE))
-+ if (dir & SMP_OPT_DIR_REQ)
- s->req.analyse_exp = s->hlua->wake_time;
-- else if (analyzer & (AN_RES_INSPECT|AN_RES_HTTP_PROCESS_BE))
-+ else
- s->res.analyse_exp = s->hlua->wake_time;
- }
- /* Some actions can be wake up when a "write" event
--- /dev/null
+--- a/Makefile
++++ b/Makefile
+@@ -327,6 +327,15 @@ ifeq ($(TARGET),linux-glibc)
+ USE_GETADDRINFO)
+ endif
+
++# For linux >= 2.6.28 and uclibc
++ifeq ($(TARGET),linux-uclibc)
++ set_target_defaults = $(call default_opts, \
++ USE_POLL USE_TPROXY USE_DL USE_RT USE_NETFILTER \
++ USE_CPU_AFFINITY USE_THREAD USE_EPOLL USE_FUTEX USE_LINUX_TPROXY \
++ USE_ACCEPT4 USE_LINUX_SPLICE USE_PRCTL USE_THREAD_DUMP USE_NS USE_TFO \
++ USE_GETADDRINFO)
++endif
++
+ # Solaris 8 and above
+ ifeq ($(TARGET),solaris)
+ # We also enable getaddrinfo() which works since solaris 8.
+++ /dev/null
-commit 2351ca211d655c1be9ef6d62880899102134266d
-Author: Christopher Faulet <cfaulet@haproxy.com>
-Date: Fri Jul 26 16:31:34 2019 +0200
-
- BUG/MINOR: hlua: Only execute functions of HTTP class if the txn is HTTP ready
-
- The flag HLUA_TXN_HTTP_RDY was added in the previous commit to know when a
- function is called for a channel with a valid HTTP message or not. Of course it
- also depends on the calling direction. In this commit, we allow the execution of
- functions of the HTTP class only if this flag is set.
-
- Nobody seems to use them from an unsupported context (for instance, trying to
- set an HTTP header from a tcp-request rule). But it remains a bug leading to
- undefined behaviors or crashes.
-
- This patch may be backported to all versions since the 1.6. It depends on the
- commits "MINOR: hlua: Add a flag on the lua txn to know in which context it can
- be used" and "MINOR: hlua: Don't set request analyzers on response channel for
- lua actions".
-
- (cherry picked from commit 301eff8e215d5dc7130e1ebacd7cf8da09a4f643)
- Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
-
-diff --git a/src/hlua.c b/src/hlua.c
-index d37e3c61..4d92fa44 100644
---- a/src/hlua.c
-+++ b/src/hlua.c
-@@ -5346,7 +5346,7 @@ __LJMP static int hlua_http_req_get_headers(lua_State *L)
- MAY_LJMP(check_args(L, 1, "req_get_headers"));
- htxn = MAY_LJMP(hlua_checkhttp(L, 1));
-
-- if (htxn->dir != SMP_OPT_DIR_REQ)
-+ if (htxn->dir != SMP_OPT_DIR_REQ || !(htxn->flags & HLUA_TXN_HTTP_RDY))
- WILL_LJMP(lua_error(L));
-
- return hlua_http_get_headers(L, htxn, &htxn->s->txn->req);
-@@ -5359,7 +5359,7 @@ __LJMP static int hlua_http_res_get_headers(lua_State *L)
- MAY_LJMP(check_args(L, 1, "res_get_headers"));
- htxn = MAY_LJMP(hlua_checkhttp(L, 1));
-
-- if (htxn->dir != SMP_OPT_DIR_RES)
-+ if (htxn->dir != SMP_OPT_DIR_RES || !(htxn->flags & HLUA_TXN_HTTP_RDY))
- WILL_LJMP(lua_error(L));
-
- return hlua_http_get_headers(L, htxn, &htxn->s->txn->rsp);
-@@ -5399,7 +5399,7 @@ __LJMP static int hlua_http_req_rep_hdr(lua_State *L)
- MAY_LJMP(check_args(L, 4, "req_rep_hdr"));
- htxn = MAY_LJMP(hlua_checkhttp(L, 1));
-
-- if (htxn->dir != SMP_OPT_DIR_REQ)
-+ if (htxn->dir != SMP_OPT_DIR_REQ || !(htxn->flags & HLUA_TXN_HTTP_RDY))
- WILL_LJMP(lua_error(L));
-
- return MAY_LJMP(hlua_http_rep_hdr(L, htxn, &htxn->s->txn->req, ACT_HTTP_REPLACE_HDR));
-@@ -5412,7 +5412,7 @@ __LJMP static int hlua_http_res_rep_hdr(lua_State *L)
- MAY_LJMP(check_args(L, 4, "res_rep_hdr"));
- htxn = MAY_LJMP(hlua_checkhttp(L, 1));
-
-- if (htxn->dir != SMP_OPT_DIR_RES)
-+ if (htxn->dir != SMP_OPT_DIR_RES || !(htxn->flags & HLUA_TXN_HTTP_RDY))
- WILL_LJMP(lua_error(L));
-
- return MAY_LJMP(hlua_http_rep_hdr(L, htxn, &htxn->s->txn->rsp, ACT_HTTP_REPLACE_HDR));
-@@ -5425,7 +5425,7 @@ __LJMP static int hlua_http_req_rep_val(lua_State *L)
- MAY_LJMP(check_args(L, 4, "req_rep_hdr"));
- htxn = MAY_LJMP(hlua_checkhttp(L, 1));
-
-- if (htxn->dir != SMP_OPT_DIR_REQ)
-+ if (htxn->dir != SMP_OPT_DIR_REQ || !(htxn->flags & HLUA_TXN_HTTP_RDY))
- WILL_LJMP(lua_error(L));
-
- return MAY_LJMP(hlua_http_rep_hdr(L, htxn, &htxn->s->txn->req, ACT_HTTP_REPLACE_VAL));
-@@ -5438,7 +5438,7 @@ __LJMP static int hlua_http_res_rep_val(lua_State *L)
- MAY_LJMP(check_args(L, 4, "res_rep_val"));
- htxn = MAY_LJMP(hlua_checkhttp(L, 1));
-
-- if (htxn->dir != SMP_OPT_DIR_RES)
-+ if (htxn->dir != SMP_OPT_DIR_RES || !(htxn->flags & HLUA_TXN_HTTP_RDY))
- WILL_LJMP(lua_error(L));
-
- return MAY_LJMP(hlua_http_rep_hdr(L, htxn, &htxn->s->txn->rsp, ACT_HTTP_REPLACE_VAL));
-@@ -5480,7 +5480,7 @@ __LJMP static int hlua_http_req_del_hdr(lua_State *L)
- MAY_LJMP(check_args(L, 2, "req_del_hdr"));
- htxn = MAY_LJMP(hlua_checkhttp(L, 1));
-
-- if (htxn->dir != SMP_OPT_DIR_REQ)
-+ if (htxn->dir != SMP_OPT_DIR_REQ || !(htxn->flags & HLUA_TXN_HTTP_RDY))
- WILL_LJMP(lua_error(L));
-
- return hlua_http_del_hdr(L, htxn, &htxn->s->txn->req);
-@@ -5493,7 +5493,7 @@ __LJMP static int hlua_http_res_del_hdr(lua_State *L)
- MAY_LJMP(check_args(L, 2, "res_del_hdr"));
- htxn = MAY_LJMP(hlua_checkhttp(L, 1));
-
-- if (htxn->dir != SMP_OPT_DIR_RES)
-+ if (htxn->dir != SMP_OPT_DIR_RES || !(htxn->flags & HLUA_TXN_HTTP_RDY))
- WILL_LJMP(lua_error(L));
-
- return hlua_http_del_hdr(L, htxn, &htxn->s->txn->rsp);
-@@ -5547,7 +5547,7 @@ __LJMP static int hlua_http_req_add_hdr(lua_State *L)
- MAY_LJMP(check_args(L, 3, "req_add_hdr"));
- htxn = MAY_LJMP(hlua_checkhttp(L, 1));
-
-- if (htxn->dir != SMP_OPT_DIR_REQ)
-+ if (htxn->dir != SMP_OPT_DIR_REQ || !(htxn->flags & HLUA_TXN_HTTP_RDY))
- WILL_LJMP(lua_error(L));
-
- return hlua_http_add_hdr(L, htxn, &htxn->s->txn->req);
-@@ -5560,7 +5560,7 @@ __LJMP static int hlua_http_res_add_hdr(lua_State *L)
- MAY_LJMP(check_args(L, 3, "res_add_hdr"));
- htxn = MAY_LJMP(hlua_checkhttp(L, 1));
-
-- if (htxn->dir != SMP_OPT_DIR_RES)
-+ if (htxn->dir != SMP_OPT_DIR_RES || !(htxn->flags & HLUA_TXN_HTTP_RDY))
- WILL_LJMP(lua_error(L));
-
- return hlua_http_add_hdr(L, htxn, &htxn->s->txn->rsp);
-@@ -5573,7 +5573,7 @@ static int hlua_http_req_set_hdr(lua_State *L)
- MAY_LJMP(check_args(L, 3, "req_set_hdr"));
- htxn = MAY_LJMP(hlua_checkhttp(L, 1));
-
-- if (htxn->dir != SMP_OPT_DIR_REQ)
-+ if (htxn->dir != SMP_OPT_DIR_REQ || !(htxn->flags & HLUA_TXN_HTTP_RDY))
- WILL_LJMP(lua_error(L));
-
- hlua_http_del_hdr(L, htxn, &htxn->s->txn->req);
-@@ -5587,7 +5587,7 @@ static int hlua_http_res_set_hdr(lua_State *L)
- MAY_LJMP(check_args(L, 3, "res_set_hdr"));
- htxn = MAY_LJMP(hlua_checkhttp(L, 1));
-
-- if (htxn->dir != SMP_OPT_DIR_RES)
-+ if (htxn->dir != SMP_OPT_DIR_RES || !(htxn->flags & HLUA_TXN_HTTP_RDY))
- WILL_LJMP(lua_error(L));
-
- hlua_http_del_hdr(L, htxn, &htxn->s->txn->rsp);
-@@ -5601,7 +5601,7 @@ static int hlua_http_req_set_meth(lua_State *L)
- size_t name_len;
- const char *name = MAY_LJMP(luaL_checklstring(L, 2, &name_len));
-
-- if (htxn->dir != SMP_OPT_DIR_REQ)
-+ if (htxn->dir != SMP_OPT_DIR_REQ || !(htxn->flags & HLUA_TXN_HTTP_RDY))
- WILL_LJMP(lua_error(L));
-
- lua_pushboolean(L, http_replace_req_line(0, name, name_len, htxn->p, htxn->s) != -1);
-@@ -5615,7 +5615,7 @@ static int hlua_http_req_set_path(lua_State *L)
- size_t name_len;
- const char *name = MAY_LJMP(luaL_checklstring(L, 2, &name_len));
-
-- if (htxn->dir != SMP_OPT_DIR_REQ)
-+ if (htxn->dir != SMP_OPT_DIR_REQ || !(htxn->flags & HLUA_TXN_HTTP_RDY))
- WILL_LJMP(lua_error(L));
-
- lua_pushboolean(L, http_replace_req_line(1, name, name_len, htxn->p, htxn->s) != -1);
-@@ -5629,7 +5629,7 @@ static int hlua_http_req_set_query(lua_State *L)
- size_t name_len;
- const char *name = MAY_LJMP(luaL_checklstring(L, 2, &name_len));
-
-- if (htxn->dir != SMP_OPT_DIR_REQ)
-+ if (htxn->dir != SMP_OPT_DIR_REQ || !(htxn->flags & HLUA_TXN_HTTP_RDY))
- WILL_LJMP(lua_error(L));
-
- /* Check length. */
-@@ -5656,7 +5656,7 @@ static int hlua_http_req_set_uri(lua_State *L)
- size_t name_len;
- const char *name = MAY_LJMP(luaL_checklstring(L, 2, &name_len));
-
-- if (htxn->dir != SMP_OPT_DIR_REQ)
-+ if (htxn->dir != SMP_OPT_DIR_REQ || !(htxn->flags & HLUA_TXN_HTTP_RDY))
- WILL_LJMP(lua_error(L));
-
- lua_pushboolean(L, http_replace_req_line(3, name, name_len, htxn->p, htxn->s) != -1);
-@@ -5670,7 +5670,7 @@ static int hlua_http_res_set_status(lua_State *L)
- unsigned int code = MAY_LJMP(luaL_checkinteger(L, 2));
- const char *reason = MAY_LJMP(luaL_optlstring(L, 3, NULL, NULL));
-
-- if (htxn->dir != SMP_OPT_DIR_RES)
-+ if (htxn->dir != SMP_OPT_DIR_RES || !(htxn->flags & HLUA_TXN_HTTP_RDY))
- WILL_LJMP(lua_error(L));
-
- http_set_status(code, reason, htxn->s);
--- /dev/null
+--- a/include/common/openssl-compat.h
++++ b/include/common/openssl-compat.h
+@@ -217,7 +217,8 @@ static inline int EVP_PKEY_base_id(EVP_PKEY *pkey)
+ #define TLSEXT_signature_ecdsa 3
+ #endif
+
+-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || (LIBRESSL_VERSION_NUMBER < 0x20700000L)
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || \
++ (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x20700000L))
+ #define X509_getm_notBefore X509_get_notBefore
+ #define X509_getm_notAfter X509_get_notAfter
+ #endif
+++ /dev/null
-commit 3cd7a1ea5110fc6a92627aaad06553a49723ac92
-Author: Christopher Faulet <cfaulet@haproxy.com>
-Date: Mon Jul 29 10:50:28 2019 +0200
-
- BUG/MINOR: htx: Fix free space addresses calculation during a block expansion
-
- When the payload of a block is shrinked or enlarged, addresses of the free
- spaces must be updated. There are many possible cases. One of them is
- buggy. When there is only one block in the HTX message and its payload is just
- before the tail room and it needs to be moved in the head room to be enlarged,
- addresses are not correctly updated. This bug may be hit by the compression
- filter.
-
- This patch must be backported to 2.0.
-
- (cherry picked from commit 61ed7797f6440ee1102576365553650b1982a233)
- Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
-
-diff --git a/src/htx.c b/src/htx.c
-index c29a66d7..cd21050c 100644
---- a/src/htx.c
-+++ b/src/htx.c
-@@ -252,11 +252,13 @@ static int htx_prepare_blk_expansion(struct htx *htx, struct htx_blk *blk, int32
- ret = 1;
- }
- else if ((sz + delta) < headroom) {
-+ uint32_t oldaddr = blk->addr;
-+
- /* Move the block's payload into the headroom */
- blk->addr = htx->head_addr;
- htx->tail_addr -= sz;
- htx->head_addr += sz + delta;
-- if (blk->addr == htx->end_addr) {
-+ if (oldaddr == htx->end_addr) {
- if (htx->end_addr == htx->tail_addr) {
- htx->tail_addr = htx->head_addr;
- htx->head_addr = htx->end_addr = 0;
+++ /dev/null
-commit 0ff395c154ad827c0c30eefc9371ba7f7c171027
-Author: Willy Tarreau <w@1wt.eu>
-Date: Tue Jul 30 11:59:34 2019 +0200
-
- BUG/MAJOR: queue/threads: avoid an AB/BA locking issue in process_srv_queue()
-
- A problem involving server slowstart was reported by @max2k1 in issue #197.
- The problem is that pendconn_grab_from_px() takes the proxy lock while
- already under the server's lock while process_srv_queue() first takes the
- proxy's lock then the server's lock.
-
- While the latter seems more natural, it is fundamentally incompatible with
- mayn other operations performed on servers, namely state change propagation,
- where the proxy is only known after the server and cannot be locked around
- the servers. Howwever reversing the lock in process_srv_queue() is trivial
- and only the few functions related to dynamic cookies need to be adjusted
- for this so that the proxy's lock is taken for each server operation. This
- is possible because the proxy's server list is built once at boot time and
- remains stable. So this is what this patch does.
-
- The comments in the proxy and server structs were updated to mention this
- rule that the server's lock may not be taken under the proxy's lock but
- may enclose it.
-
- Another approach could consist in using a second lock for the proxy's queue
- which would be different from the regular proxy's lock, but given that the
- operations above are rare and operate on small servers list, there is no
- reason for overdesigning a solution.
-
- This fix was successfully tested with 10000 servers in a backend where
- adjusting the dyncookies in loops over the CLI didn't have a measurable
- impact on the traffic.
-
- The only workaround without the fix is to disable any occurrence of
- "slowstart" on server lines, or to disable threads using "nbthread 1".
-
- This must be backported as far as 1.8.
-
- (cherry picked from commit 5e83d996cf965ee5ac625f702a446f4d8c80a220)
- Signed-off-by: Willy Tarreau <w@1wt.eu>
-
-diff --git a/include/types/proxy.h b/include/types/proxy.h
-index ca24dbfe..2518f88d 100644
---- a/include/types/proxy.h
-+++ b/include/types/proxy.h
-@@ -487,7 +487,7 @@ struct proxy {
- * name is used
- */
- struct list filter_configs; /* list of the filters that are declared on this proxy */
-- __decl_hathreads(HA_SPINLOCK_T lock);
-+ __decl_hathreads(HA_SPINLOCK_T lock); /* may be taken under the server's lock */
- };
-
- struct switching_rule {
-diff --git a/include/types/server.h b/include/types/server.h
-index 4a077268..e0534162 100644
---- a/include/types/server.h
-+++ b/include/types/server.h
-@@ -319,7 +319,7 @@ struct server {
- } ssl_ctx;
- #endif
- struct dns_srvrq *srvrq; /* Pointer representing the DNS SRV requeest, if any */
-- __decl_hathreads(HA_SPINLOCK_T lock);
-+ __decl_hathreads(HA_SPINLOCK_T lock); /* may enclose the proxy's lock, must not be taken under */
- struct {
- const char *file; /* file where the section appears */
- struct eb32_node id; /* place in the tree of used IDs */
-diff --git a/src/proxy.c b/src/proxy.c
-index ae761ead..a537e0b1 100644
---- a/src/proxy.c
-+++ b/src/proxy.c
-@@ -1940,9 +1940,12 @@ static int cli_parse_enable_dyncookie_backend(char **args, char *payload, struct
- if (!px)
- return 1;
-
-+ /* Note: this lock is to make sure this doesn't change while another
-+ * thread is in srv_set_dyncookie().
-+ */
- HA_SPIN_LOCK(PROXY_LOCK, &px->lock);
--
- px->ck_opts |= PR_CK_DYNAMIC;
-+ HA_SPIN_UNLOCK(PROXY_LOCK, &px->lock);
-
- for (s = px->srv; s != NULL; s = s->next) {
- HA_SPIN_LOCK(SERVER_LOCK, &s->lock);
-@@ -1950,8 +1953,6 @@ static int cli_parse_enable_dyncookie_backend(char **args, char *payload, struct
- HA_SPIN_UNLOCK(SERVER_LOCK, &s->lock);
- }
-
-- HA_SPIN_UNLOCK(PROXY_LOCK, &px->lock);
--
- return 1;
- }
-
-@@ -1971,9 +1972,12 @@ static int cli_parse_disable_dyncookie_backend(char **args, char *payload, struc
- if (!px)
- return 1;
-
-+ /* Note: this lock is to make sure this doesn't change while another
-+ * thread is in srv_set_dyncookie().
-+ */
- HA_SPIN_LOCK(PROXY_LOCK, &px->lock);
--
- px->ck_opts &= ~PR_CK_DYNAMIC;
-+ HA_SPIN_UNLOCK(PROXY_LOCK, &px->lock);
-
- for (s = px->srv; s != NULL; s = s->next) {
- HA_SPIN_LOCK(SERVER_LOCK, &s->lock);
-@@ -1984,8 +1988,6 @@ static int cli_parse_disable_dyncookie_backend(char **args, char *payload, struc
- HA_SPIN_UNLOCK(SERVER_LOCK, &s->lock);
- }
-
-- HA_SPIN_UNLOCK(PROXY_LOCK, &px->lock);
--
- return 1;
- }
-
-@@ -2021,10 +2023,13 @@ static int cli_parse_set_dyncookie_key_backend(char **args, char *payload, struc
- return 1;
- }
-
-+ /* Note: this lock is to make sure this doesn't change while another
-+ * thread is in srv_set_dyncookie().
-+ */
- HA_SPIN_LOCK(PROXY_LOCK, &px->lock);
--
- free(px->dyncookie_key);
- px->dyncookie_key = newkey;
-+ HA_SPIN_UNLOCK(PROXY_LOCK, &px->lock);
-
- for (s = px->srv; s != NULL; s = s->next) {
- HA_SPIN_LOCK(SERVER_LOCK, &s->lock);
-@@ -2032,8 +2037,6 @@ static int cli_parse_set_dyncookie_key_backend(char **args, char *payload, struc
- HA_SPIN_UNLOCK(SERVER_LOCK, &s->lock);
- }
-
-- HA_SPIN_UNLOCK(PROXY_LOCK, &px->lock);
--
- return 1;
- }
-
-diff --git a/src/queue.c b/src/queue.c
-index f4a94530..6aa54170 100644
---- a/src/queue.c
-+++ b/src/queue.c
-@@ -312,16 +312,16 @@ void process_srv_queue(struct server *s)
- struct proxy *p = s->proxy;
- int maxconn;
-
-- HA_SPIN_LOCK(PROXY_LOCK, &p->lock);
- HA_SPIN_LOCK(SERVER_LOCK, &s->lock);
-+ HA_SPIN_LOCK(PROXY_LOCK, &p->lock);
- maxconn = srv_dynamic_maxconn(s);
- while (s->served < maxconn) {
- int ret = pendconn_process_next_strm(s, p);
- if (!ret)
- break;
- }
-- HA_SPIN_UNLOCK(SERVER_LOCK, &s->lock);
- HA_SPIN_UNLOCK(PROXY_LOCK, &p->lock);
-+ HA_SPIN_UNLOCK(SERVER_LOCK, &s->lock);
- }
-
- /* Adds the stream <strm> to the pending connection queue of server <strm>->srv
-@@ -424,7 +424,8 @@ int pendconn_redistribute(struct server *s)
- /* Check for pending connections at the backend, and assign some of them to
- * the server coming up. The server's weight is checked before being assigned
- * connections it may not be able to handle. The total number of transferred
-- * connections is returned.
-+ * connections is returned. It must be called with the server lock held, and
-+ * will take the proxy's lock.
- */
- int pendconn_grab_from_px(struct server *s)
- {
-diff --git a/src/server.c b/src/server.c
-index a96f1ef6..236d6bae 100644
---- a/src/server.c
-+++ b/src/server.c
-@@ -125,7 +125,7 @@ static inline void srv_check_for_dup_dyncookie(struct server *s)
- }
-
- /*
-- * Must be called with the server lock held.
-+ * Must be called with the server lock held, and will grab the proxy lock.
- */
- void srv_set_dyncookie(struct server *s)
- {
-@@ -137,15 +137,17 @@ void srv_set_dyncookie(struct server *s)
- int addr_len;
- int port;
-
-+ HA_SPIN_LOCK(PROXY_LOCK, &p->lock);
-+
- if ((s->flags & SRV_F_COOKIESET) ||
- !(s->proxy->ck_opts & PR_CK_DYNAMIC) ||
- s->proxy->dyncookie_key == NULL)
-- return;
-+ goto out;
- key_len = strlen(p->dyncookie_key);
-
- if (s->addr.ss_family != AF_INET &&
- s->addr.ss_family != AF_INET6)
-- return;
-+ goto out;
- /*
- * Buffer to calculate the cookie value.
- * The buffer contains the secret key + the server IP address
-@@ -174,7 +176,7 @@ void srv_set_dyncookie(struct server *s)
- hash_value = XXH64(tmpbuf, buffer_len, 0);
- memprintf(&s->cookie, "%016llx", hash_value);
- if (!s->cookie)
-- return;
-+ goto out;
- s->cklen = 16;
-
- /* Don't bother checking if the dyncookie is duplicated if
-@@ -183,6 +185,8 @@ void srv_set_dyncookie(struct server *s)
- */
- if (!(s->next_admin & SRV_ADMF_FMAINT))
- srv_check_for_dup_dyncookie(s);
-+ out:
-+ HA_SPIN_UNLOCK(PROXY_LOCK, &p->lock);
- }
-
- /*
+++ /dev/null
-commit da767eaaf6128eccd349a54ec6eac2a68dcacacb
-Author: Willy Tarreau <w@1wt.eu>
-Date: Wed Jul 31 19:15:45 2019 +0200
-
- BUG/MINOR: debug: fix a small race in the thread dumping code
-
- If a thread dump is requested from a signal handler, it may interrupt
- a thread already waiting for a dump to complete, and may see the
- threads_to_dump variable go to zero while others are waiting, steal
- the lock and prevent other threads from ever completing. This tends
- to happen when dumping many threads upon a watchdog timeout, to threads
- waiting for their turn.
-
- Instead now we proceed in two steps :
- 1) the last dumped thread sets all bits again
- 2) all threads only wait for their own bit to appear, then clear it
- and quit
-
- This way there's no risk that a bit performs a double flip in the same
- loop and threads cannot get stuck here anymore.
-
- This should be backported to 2.0 as it clarifies stack traces.
-
- (cherry picked from commit c07736209db764fb2aef6f18ed3687a504c35771)
- Signed-off-by: Willy Tarreau <w@1wt.eu>
-
-diff --git a/src/debug.c b/src/debug.c
-index 059bc6b9..07624ca5 100644
---- a/src/debug.c
-+++ b/src/debug.c
-@@ -440,8 +440,8 @@ void debug_handler(int sig, siginfo_t *si, void *arg)
- * 1- wait for our turn, i.e. when all lower bits are gone.
- * 2- perform the action if our bit is set
- * 3- remove our bit to let the next one go, unless we're
-- * the last one and have to put them all but ours
-- * 4- wait for zero and clear our bit if it's set
-+ * the last one and have to put them all as a signal
-+ * 4- wait out bit to re-appear, then clear it and quit.
- */
-
- /* wait for all previous threads to finish first */
-@@ -454,7 +454,7 @@ void debug_handler(int sig, siginfo_t *si, void *arg)
- ha_thread_dump(thread_dump_buffer, tid, thread_dump_tid);
- if ((threads_to_dump & all_threads_mask) == tid_bit) {
- /* last one */
-- HA_ATOMIC_STORE(&threads_to_dump, all_threads_mask & ~tid_bit);
-+ HA_ATOMIC_STORE(&threads_to_dump, all_threads_mask);
- thread_dump_buffer = NULL;
- }
- else
-@@ -462,14 +462,13 @@ void debug_handler(int sig, siginfo_t *si, void *arg)
- }
-
- /* now wait for all others to finish dumping. The last one will set all
-- * bits again to broadcast the leaving condition.
-+ * bits again to broadcast the leaving condition so we'll see ourselves
-+ * present again. This way the threads_to_dump variable never passes to
-+ * zero until all visitors have stopped waiting.
- */
-- while (threads_to_dump & all_threads_mask) {
-- if (threads_to_dump & tid_bit)
-- HA_ATOMIC_AND(&threads_to_dump, ~tid_bit);
-- else
-- ha_thread_relax();
-- }
-+ while (!(threads_to_dump & tid_bit))
-+ ha_thread_relax();
-+ HA_ATOMIC_AND(&threads_to_dump, ~tid_bit);
-
- /* mark the current thread as stuck to detect it upon next invocation
- * if it didn't move.
+++ /dev/null
-commit 445b2b7c52a13678241a190c4ff52e77a09ef0a6
-Author: Willy Tarreau <w@1wt.eu>
-Date: Wed Jul 31 19:20:39 2019 +0200
-
- MINOR: wdt: also consider that waiting in the thread dumper is normal
-
- It happens that upon looping threads the watchdog fires, starts a dump,
- and other threads expire their budget while waiting for the other threads
- to get dumped and trigger a watchdog event again, adding some confusion
- to the traces. With this patch the situation becomes clearer as we export
- the list of threads being dumped so that the watchdog can check it before
- deciding to trigger. This way such threads in queue for being dumped are
- not attempted to be reported in turn.
-
- This should be backported to 2.0 as it helps understand stack traces.
-
- (cherry picked from commit a37cb1880c81b1f038e575d88ba7210aea0b7b8f)
- Signed-off-by: Willy Tarreau <w@1wt.eu>
-
-diff --git a/include/common/debug.h b/include/common/debug.h
-index 333203dd..f43258e9 100644
---- a/include/common/debug.h
-+++ b/include/common/debug.h
-@@ -70,6 +70,7 @@
-
- struct task;
- struct buffer;
-+extern volatile unsigned long threads_to_dump;
- void ha_task_dump(struct buffer *buf, const struct task *task, const char *pfx);
- void ha_thread_dump(struct buffer *buf, int thr, int calling_tid);
- void ha_thread_dump_all_to_trash();
-diff --git a/src/debug.c b/src/debug.c
-index 07624ca5..3077e97c 100644
---- a/src/debug.c
-+++ b/src/debug.c
-@@ -29,6 +29,11 @@
- #include <proto/stream_interface.h>
- #include <proto/task.h>
-
-+/* mask of threads still having to dump, used to respect ordering. Only used
-+ * when USE_THREAD_DUMP is set.
-+ */
-+volatile unsigned long threads_to_dump = 0;
-+
- /* Dumps to the buffer some known information for the desired thread, and
- * optionally extra info for the current thread. The dump will be appended to
- * the buffer, so the caller is responsible for preliminary initializing it.
-@@ -405,9 +410,6 @@ void ha_thread_dump_all_to_trash()
- */
- #define DEBUGSIG SIGURG
-
--/* mask of threads still having to dump, used to respect ordering */
--static volatile unsigned long threads_to_dump;
--
- /* ID of the thread requesting the dump */
- static unsigned int thread_dump_tid;
-
-diff --git a/src/wdt.c b/src/wdt.c
-index 19d36c34..aa89fd44 100644
---- a/src/wdt.c
-+++ b/src/wdt.c
-@@ -75,7 +75,7 @@ void wdt_handler(int sig, siginfo_t *si, void *arg)
- if (n - p < 1000000000UL)
- goto update_and_leave;
-
-- if ((threads_harmless_mask|sleeping_thread_mask) & (1UL << thr)) {
-+ if ((threads_harmless_mask|sleeping_thread_mask|threads_to_dump) & (1UL << thr)) {
- /* This thread is currently doing exactly nothing
- * waiting in the poll loop (unlikely but possible),
- * waiting for all other threads to join the rendez-vous
+++ /dev/null
-commit 0fc2d46fabb2b9317daf7030162e828c7e1684d5
-Author: Christopher Faulet <cfaulet@haproxy.com>
-Date: Thu Aug 1 10:09:29 2019 +0200
-
- BUG/MEDIUM: lb-chash: Ensure the tree integrity when server weight is increased
-
- When the server weight is increased in consistant hash, extra nodes have to be
- allocated. So a realloc() is performed on the nodes array of the server. the
- previous commit 962ea7732 ("BUG/MEDIUM: lb-chash: Remove all server's entries
- before realloc() to re-insert them after") have fixed the size used during the
- realloc() to avoid segfaults. But another bug remains. After the realloc(), the
- memory area allocated for the nodes array may change, invalidating all node
- addresses in the chash tree.
-
- So, to fix the bug, we must remove all server's entries from the chash tree
- before the realloc to insert all of them after, old nodes and new ones. The
- insert will be automatically handled by the loop at the end of the function
- chash_queue_dequeue_srv().
-
- Note that if the call to realloc() failed, no new entries will be created for
- the server, so the effective server weight will be unchanged.
-
- This issue was reported on Github (#189).
-
- This patch must be backported to all versions since the 1.6.
-
- (cherry picked from commit 0a52c17f819a5b0a17718b605bdd990b9e2b58e6)
- Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
-
-diff --git a/src/lb_chash.c b/src/lb_chash.c
-index 0bf4e81a..23448df8 100644
---- a/src/lb_chash.c
-+++ b/src/lb_chash.c
-@@ -84,8 +84,13 @@ static inline void chash_queue_dequeue_srv(struct server *s)
- * increased the weight beyond the original weight
- */
- if (s->lb_nodes_tot < s->next_eweight) {
-- struct tree_occ *new_nodes = realloc(s->lb_nodes, s->next_eweight * sizeof(*new_nodes));
-+ struct tree_occ *new_nodes;
-
-+ /* First we need to remove all server's entries from its tree
-+ * because the realloc will change all nodes pointers */
-+ chash_dequeue_srv(s);
-+
-+ new_nodes = realloc(s->lb_nodes, s->next_eweight * sizeof(*new_nodes));
- if (new_nodes) {
- unsigned int j;
-
-@@ -494,7 +499,6 @@ void chash_init_server_tree(struct proxy *p)
- srv->lb_nodes_tot = srv->uweight * BE_WEIGHT_SCALE;
- srv->lb_nodes_now = 0;
- srv->lb_nodes = calloc(srv->lb_nodes_tot, sizeof(struct tree_occ));
--
- for (node = 0; node < srv->lb_nodes_tot; node++) {
- srv->lb_nodes[node].server = srv;
- srv->lb_nodes[node].node.key = full_hash(srv->puid * SRV_EWGHT_RANGE + node);
+++ /dev/null
-commit c0968f59b723dfa9effa63ac28b59642b11c6b8b
-Author: Richard Russo <russor@whatsapp.com>
-Date: Wed Jul 31 11:45:56 2019 -0700
-
- BUG/MAJOR: http/sample: use a static buffer for raw -> htx conversion
-
- Multiple calls to smp_fetch_fhdr use the header context to keep track of
- header parsing position; however, when using header sampling on a raw
- connection, the raw buffer is converted into an HTX structure each time, and
- this was done in the trash areas; so the block reference would be invalid on
- subsequent calls.
-
- This patch must be backported to 2.0 and 1.9.
-
- (cherry picked from commit 458eafb36df88932a02d1ce7ca31832abf11b8b3)
- Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
-
-diff --git a/src/http_fetch.c b/src/http_fetch.c
-index 67ea2094..e372a122 100644
---- a/src/http_fetch.c
-+++ b/src/http_fetch.c
-@@ -46,10 +46,40 @@
- /* this struct is used between calls to smp_fetch_hdr() or smp_fetch_cookie() */
- static THREAD_LOCAL struct hdr_ctx static_hdr_ctx;
- static THREAD_LOCAL struct http_hdr_ctx static_http_hdr_ctx;
-+/* this is used to convert raw connection buffers to htx */
-+static THREAD_LOCAL struct buffer static_raw_htx_chunk;
-+static THREAD_LOCAL char *static_raw_htx_buf;
-
- #define SMP_REQ_CHN(smp) (smp->strm ? &smp->strm->req : NULL)
- #define SMP_RES_CHN(smp) (smp->strm ? &smp->strm->res : NULL)
-
-+/* This function returns the static htx chunk, where raw connections get
-+ * converted to HTX as needed for samplxsing.
-+ */
-+struct buffer *get_raw_htx_chunk(void)
-+{
-+ chunk_reset(&static_raw_htx_chunk);
-+ return &static_raw_htx_chunk;
-+}
-+
-+static int alloc_raw_htx_chunk_per_thread()
-+{
-+ static_raw_htx_buf = malloc(global.tune.bufsize);
-+ if (!static_raw_htx_buf)
-+ return 0;
-+ chunk_init(&static_raw_htx_chunk, static_raw_htx_buf, global.tune.bufsize);
-+ return 1;
-+}
-+
-+static void free_raw_htx_chunk_per_thread()
-+{
-+ free(static_raw_htx_buf);
-+ static_raw_htx_buf = NULL;
-+}
-+
-+REGISTER_PER_THREAD_ALLOC(alloc_raw_htx_chunk_per_thread);
-+REGISTER_PER_THREAD_FREE(free_raw_htx_chunk_per_thread);
-+
- /*
- * Returns the data from Authorization header. Function may be called more
- * than once so data is stored in txn->auth_data. When no header is found
-@@ -265,7 +295,7 @@ struct htx *smp_prefetch_htx(struct sample *smp, struct channel *chn, int vol)
- else if (h1m.flags & H1_MF_CLEN)
- flags |= HTX_SL_F_CLEN;
-
-- htx = htx_from_buf(get_trash_chunk());
-+ htx = htx_from_buf(get_raw_htx_chunk());
- sl = htx_add_stline(htx, HTX_BLK_REQ_SL, flags, h1sl.rq.m, h1sl.rq.u, h1sl.rq.v);
- if (!sl || !htx_add_all_headers(htx, hdrs))
- return NULL;
+++ /dev/null
-commit 7343c710152c586a232a194ef37a56af636d6a56
-Author: Willy Tarreau <w@1wt.eu>
-Date: Thu Aug 1 18:51:38 2019 +0200
-
- BUG/MINOR: stream-int: also update analysers timeouts on activity
-
- Between 1.6 and 1.7, some parts of the stream forwarding process were
- moved into lower layers and the stream-interface had to keep the
- stream's task up to date regarding the timeouts. The analyser timeouts
- were not updated there as it was believed this was not needed during
- forwarding, but actually there is a case for this which is "option
- contstats" which periodically triggers the analyser timeout, and this
- change broke the option in case of sustained traffic (if there is some
- I/O activity during the same millisecond as the timeout expires, then
- the update will be missed).
-
- This patch simply brings back the analyser expiration updates from
- process_stream() to stream_int_notify().
-
- It may be backported as far as 1.7, taking care to adjust the fields
- names if needed.
-
- (cherry picked from commit 45bcb37f0f8fa1e16dd9358a59dc280a38834dcd)
- Signed-off-by: Willy Tarreau <w@1wt.eu>
-
-diff --git a/src/stream_interface.c b/src/stream_interface.c
-index 9b9a8e9f..7d89cc90 100644
---- a/src/stream_interface.c
-+++ b/src/stream_interface.c
-@@ -558,6 +558,16 @@ static void stream_int_notify(struct stream_interface *si)
- task->expire = tick_first((tick_is_expired(task->expire, now_ms) ? 0 : task->expire),
- tick_first(tick_first(ic->rex, ic->wex),
- tick_first(oc->rex, oc->wex)));
-+
-+ task->expire = tick_first(task->expire, ic->analyse_exp);
-+ task->expire = tick_first(task->expire, oc->analyse_exp);
-+
-+ if (si->exp)
-+ task->expire = tick_first(task->expire, si->exp);
-+
-+ if (sio->exp)
-+ task->expire = tick_first(task->expire, sio->exp);
-+
- task_queue(task);
- }
- if (ic->flags & CF_READ_ACTIVITY)
+++ /dev/null
-commit a8fcdacb8cc0dddec72b1ddc4d9afc92d3684acd
-Author: Willy Tarreau <w@1wt.eu>
-Date: Fri Aug 2 07:48:47 2019 +0200
-
- BUG/MEDIUM: mux-h2: unbreak receipt of large DATA frames
-
- Recent optimization in commit 4d7a88482 ("MEDIUM: mux-h2: don't try to
- read more than needed") broke the receipt of large DATA frames because
- it would unconditionally subscribe if there was some room left, thus
- preventing any new rx from being done since subscription may only be
- done once the end was reached, as indicated by ret == 0.
-
- However, fixing this uncovered that in HTX mode previous versions might
- occasionally be affected as well, when an available frame is the same
- size as the maximum data that may fit into an HTX buffer, we may end
- up reading that whole frame and still subscribe since it's still allowed
- to receive, thus causing issues to read the next frame.
-
- This patch will only work for 2.1-dev but a minor adaptation will be
- needed for earlier versions (down to 1.9, where subscribe() was added).
-
- (cherry picked from commit 9bc1c95855b9c6300de5ecf3720cbe4b2558c5a1)
- Signed-off-by: Willy Tarreau <w@1wt.eu>
-
-diff --git a/src/mux_h2.c b/src/mux_h2.c
-index 5bb85181..d605fe94 100644
---- a/src/mux_h2.c
-+++ b/src/mux_h2.c
-@@ -2766,7 +2766,7 @@ static int h2_recv(struct h2c *h2c)
- ret = 0;
- } while (ret > 0);
-
-- if (h2_recv_allowed(h2c) && (b_data(buf) < buf->size))
-+ if (max && !ret && h2_recv_allowed(h2c))
- conn->xprt->subscribe(conn, conn->xprt_ctx, SUB_RETRY_RECV, &h2c->wait_event);
-
- if (!b_data(buf)) {
+++ /dev/null
-commit 5a9c875f0f1ee83bd5889dd1ad53e9da43e6c34e
-Author: Willy Tarreau <w@1wt.eu>
-Date: Fri Aug 2 07:52:08 2019 +0200
-
- BUG/MEDIUM: mux-h2: split the stream's and connection's window sizes
-
- The SETTINGS frame parser updates all streams' window for each
- INITIAL_WINDOW_SIZE setting received on the connection (like h2spec
- does in test 6.5.3), which can start to be expensive if repeated when
- there are many streams (up to 100 by default). A quick test shows that
- it's possible to parse only 35000 settings per second on a 3 GHz core
- for 100 streams, which is rather small.
-
- Given that window sizes are relative and may be negative, there's no
- point in pre-initializing them for each stream and update them from
- the settings. Instead, let's make them relative to the connection's
- initial window size so that any change immediately affects all streams.
- The only thing that remains needed is to wake up the streams that were
- unblocked by the update, which is now done once at the end of
- h2_process_demux() instead of once per setting. This now results in
- 5.7 million settings being processed per second, which is way better.
-
- In order to keep the change small, the h2s' mws field was renamed to
- "sws" for "stream window size", and an h2s_mws() function was added
- to add it to the connection's initial window setting and determine the
- window size to use when muxing. The h2c_update_all_ws() function was
- renamed to h2c_unblock_sfctl() since it's now only used to unblock
- previously blocked streams.
-
- This needs to be backported to all versions till 1.8.
-
- (cherry picked from commit 1d4a0f88100daeb17dd0c9470c659b1ec288bc07)
- [wt: context adjustment, port to legacy parts]
- Signed-off-by: Willy Tarreau <w@1wt.eu>
-
-diff --git a/src/mux_h2.c b/src/mux_h2.c
-index d605fe94..f90e9435 100644
---- a/src/mux_h2.c
-+++ b/src/mux_h2.c
-@@ -208,7 +208,7 @@ struct h2s {
- struct eb32_node by_id; /* place in h2c's streams_by_id */
- int32_t id; /* stream ID */
- uint32_t flags; /* H2_SF_* */
-- int mws; /* mux window size for this stream */
-+ int sws; /* stream window size, to be added to the mux's initial window size */
- enum h2_err errcode; /* H2 err code (H2_ERR_*) */
- enum h2_ss st;
- uint16_t status; /* HTTP response status */
-@@ -707,6 +707,14 @@ static inline __maybe_unused int h2s_id(const struct h2s *h2s)
- return h2s ? h2s->id : 0;
- }
-
-+/* returns the sum of the stream's own window size and the mux's initial
-+ * window, which together form the stream's effective window size.
-+ */
-+static inline int h2s_mws(const struct h2s *h2s)
-+{
-+ return h2s->sws + h2s->h2c->miw;
-+}
-+
- /* returns true of the mux is currently busy as seen from stream <h2s> */
- static inline __maybe_unused int h2c_mux_busy(const struct h2c *h2c, const struct h2s *h2s)
- {
-@@ -945,7 +953,7 @@ static struct h2s *h2s_new(struct h2c *h2c, int id)
- LIST_INIT(&h2s->sending_list);
- h2s->h2c = h2c;
- h2s->cs = NULL;
-- h2s->mws = h2c->miw;
-+ h2s->sws = 0;
- h2s->flags = H2_SF_NONE;
- h2s->errcode = H2_ERR_NO_ERROR;
- h2s->st = H2_SS_IDLE;
-@@ -1543,30 +1551,23 @@ static void h2_wake_some_streams(struct h2c *h2c, int last)
- }
- }
-
--/* Increase all streams' outgoing window size by the difference passed in
-- * argument. This is needed upon receipt of the settings frame if the initial
-- * window size is different. The difference may be negative and the resulting
-- * window size as well, for the time it takes to receive some window updates.
-+/* Wake up all blocked streams whose window size has become positive after the
-+ * mux's initial window was adjusted. This should be done after having processed
-+ * SETTINGS frames which have updated the mux's initial window size.
- */
--static void h2c_update_all_ws(struct h2c *h2c, int diff)
-+static void h2c_unblock_sfctl(struct h2c *h2c)
- {
- struct h2s *h2s;
- struct eb32_node *node;
-
-- if (!diff)
-- return;
--
- node = eb32_first(&h2c->streams_by_id);
- while (node) {
- h2s = container_of(node, struct h2s, by_id);
-- h2s->mws += diff;
--
-- if (h2s->mws > 0 && (h2s->flags & H2_SF_BLK_SFCTL)) {
-+ if (h2s->flags & H2_SF_BLK_SFCTL && h2s_mws(h2s) > 0) {
- h2s->flags &= ~H2_SF_BLK_SFCTL;
- if (h2s->send_wait && !LIST_ADDED(&h2s->list))
- LIST_ADDQ(&h2c->send_list, &h2s->list);
- }
--
- node = eb32_next(node);
- }
- }
-@@ -1607,7 +1608,6 @@ static int h2c_handle_settings(struct h2c *h2c)
- error = H2_ERR_FLOW_CONTROL_ERROR;
- goto fail;
- }
-- h2c_update_all_ws(h2c, arg - h2c->miw);
- h2c->miw = arg;
- break;
- case H2_SETTINGS_MAX_FRAME_SIZE:
-@@ -1869,13 +1869,13 @@ static int h2c_handle_window_update(struct h2c *h2c, struct h2s *h2s)
- goto strm_err;
- }
-
-- if (h2s->mws >= 0 && h2s->mws + inc < 0) {
-+ if (h2s_mws(h2s) >= 0 && h2s_mws(h2s) + inc < 0) {
- error = H2_ERR_FLOW_CONTROL_ERROR;
- goto strm_err;
- }
-
-- h2s->mws += inc;
-- if (h2s->mws > 0 && (h2s->flags & H2_SF_BLK_SFCTL)) {
-+ h2s->sws += inc;
-+ if (h2s_mws(h2s) > 0 && (h2s->flags & H2_SF_BLK_SFCTL)) {
- h2s->flags &= ~H2_SF_BLK_SFCTL;
- if (h2s->send_wait && !LIST_ADDED(&h2s->list))
- LIST_ADDQ(&h2c->send_list, &h2s->list);
-@@ -2237,6 +2237,7 @@ static void h2_process_demux(struct h2c *h2c)
- struct h2s *h2s = NULL, *tmp_h2s;
- struct h2_fh hdr;
- unsigned int padlen = 0;
-+ int32_t old_iw = h2c->miw;
-
- if (h2c->st0 >= H2_CS_ERROR)
- return;
-@@ -2625,6 +2626,9 @@ static void h2_process_demux(struct h2c *h2c)
- h2s_notify_recv(h2s);
- }
-
-+ if (old_iw != h2c->miw)
-+ h2c_unblock_sfctl(h2c);
-+
- h2c_restart_reading(h2c, 0);
- }
-
-@@ -4259,8 +4263,8 @@ static size_t h2s_frt_make_resp_data(struct h2s *h2s, const struct buffer *buf,
- if (size > max)
- size = max;
-
-- if (size > h2s->mws)
-- size = h2s->mws;
-+ if (size > h2s_mws(h2s))
-+ size = h2s_mws(h2s);
-
- if (size <= 0) {
- h2s->flags |= H2_SF_BLK_SFCTL;
-@@ -4362,7 +4366,7 @@ static size_t h2s_frt_make_resp_data(struct h2s *h2s, const struct buffer *buf,
- ofs += size;
- total += size;
- h1m->curr_len -= size;
-- h2s->mws -= size;
-+ h2s->sws -= size;
- h2c->mws -= size;
-
- if (size && !h1m->curr_len && (h1m->flags & H1_MF_CHNK)) {
-@@ -4390,7 +4394,7 @@ static size_t h2s_frt_make_resp_data(struct h2s *h2s, const struct buffer *buf,
- }
-
- end:
-- trace("[%d] sent simple H2 DATA response (sid=%d) = %d bytes out (%u in, st=%s, ep=%u, es=%s, h2cws=%d h2sws=%d) data=%u", h2c->st0, h2s->id, size+9, (unsigned int)total, h1m_state_str(h1m->state), h1m->err_pos, h1m_state_str(h1m->err_state), h2c->mws, h2s->mws, (unsigned int)b_data(buf));
-+ trace("[%d] sent simple H2 DATA response (sid=%d) = %d bytes out (%u in, st=%s, ep=%u, es=%s, h2cws=%d h2sws=%d) data=%u", h2c->st0, h2s->id, size+9, (unsigned int)total, h1m_state_str(h1m->state), h1m->err_pos, h1m_state_str(h1m->err_state), h2c->mws, h2s_mws(h2s), (unsigned int)b_data(buf));
- return total;
- }
-
-@@ -4937,7 +4941,7 @@ static size_t h2s_htx_frt_make_resp_data(struct h2s *h2s, struct buffer *buf, si
- */
- if (unlikely(fsize == count &&
- htx->used == 1 && type == HTX_BLK_DATA &&
-- fsize <= h2s->mws && fsize <= h2c->mws && fsize <= h2c->mfs)) {
-+ fsize <= h2s_mws(h2s) && fsize <= h2c->mws && fsize <= h2c->mfs)) {
- void *old_area = mbuf->area;
-
- if (b_data(mbuf)) {
-@@ -4972,7 +4976,7 @@ static size_t h2s_htx_frt_make_resp_data(struct h2s *h2s, struct buffer *buf, si
- h2_set_frame_size(outbuf.area, fsize);
-
- /* update windows */
-- h2s->mws -= fsize;
-+ h2s->sws -= fsize;
- h2c->mws -= fsize;
-
- /* and exchange with our old area */
-@@ -5024,7 +5028,7 @@ static size_t h2s_htx_frt_make_resp_data(struct h2s *h2s, struct buffer *buf, si
- if (!fsize)
- goto send_empty;
-
-- if (h2s->mws <= 0) {
-+ if (h2s_mws(h2s) <= 0) {
- h2s->flags |= H2_SF_BLK_SFCTL;
- if (LIST_ADDED(&h2s->list))
- LIST_DEL_INIT(&h2s->list);
-@@ -5034,8 +5038,8 @@ static size_t h2s_htx_frt_make_resp_data(struct h2s *h2s, struct buffer *buf, si
- if (fsize > count)
- fsize = count;
-
-- if (fsize > h2s->mws)
-- fsize = h2s->mws; // >0
-+ if (fsize > h2s_mws(h2s))
-+ fsize = h2s_mws(h2s); // >0
-
- if (h2c->mfs && fsize > h2c->mfs)
- fsize = h2c->mfs; // >0
-@@ -5071,7 +5075,7 @@ static size_t h2s_htx_frt_make_resp_data(struct h2s *h2s, struct buffer *buf, si
-
- /* now let's copy this this into the output buffer */
- memcpy(outbuf.area + 9, htx_get_blk_ptr(htx, blk), fsize);
-- h2s->mws -= fsize;
-+ h2s->sws -= fsize;
- h2c->mws -= fsize;
- count -= fsize;
-
+++ /dev/null
---- a/Makefile
-+++ b/Makefile
-@@ -327,6 +327,15 @@ ifeq ($(TARGET),linux-glibc)
- USE_GETADDRINFO)
- endif
-
-+# For linux >= 2.6.28 and uclibc
-+ifeq ($(TARGET),linux-uclibc)
-+ set_target_defaults = $(call default_opts, \
-+ USE_POLL USE_TPROXY USE_DL USE_RT USE_NETFILTER \
-+ USE_CPU_AFFINITY USE_THREAD USE_EPOLL USE_FUTEX USE_LINUX_TPROXY \
-+ USE_ACCEPT4 USE_LINUX_SPLICE USE_PRCTL USE_THREAD_DUMP USE_NS USE_TFO \
-+ USE_GETADDRINFO)
-+endif
-+
- # Solaris 8 and above
- ifeq ($(TARGET),solaris)
- # We also enable getaddrinfo() which works since solaris 8.
+++ /dev/null
---- a/include/common/openssl-compat.h
-+++ b/include/common/openssl-compat.h
-@@ -217,7 +217,8 @@ static inline int EVP_PKEY_base_id(EVP_PKEY *pkey)
- #define TLSEXT_signature_ecdsa 3
- #endif
-
--#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || (LIBRESSL_VERSION_NUMBER < 0x20700000L)
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || \
-+ (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x20700000L))
- #define X509_getm_notBefore X509_get_notBefore
- #define X509_getm_notAfter X509_get_notAfter
- #endif
include $(TOPDIR)/rules.mk
PKG_NAME:=hcxdumptool
-PKG_VERSION:=5.1.7
+PKG_VERSION:=5.2.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/zerbea/hcxdumptool/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=6ac996a506cb312a5f1c5987f30a4a80c793993908750f69f2df51056f961269
+PKG_HASH:=9da9c8c20b93f6a0a262436a862e376bd3cfd05fb879efcf480ad962a14496c7
PKG_MAINTAINER:=Andreas Nilsen <adde88@gmail.com>
PKG_LICENSE:=MIT
endef
define Package/hcxdumptool/install
- $(INSTALL_DIR) $(1)/sbin
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxdumptool $(1)/sbin/
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxdumptool $(1)/usr/sbin/
endef
$(eval $(call BuildPackage,hcxdumptool))
include $(TOPDIR)/rules.mk
PKG_NAME:=hcxtools
-PKG_VERSION:=5.1.6
+PKG_VERSION:=5.2.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/zerbea/hcxtools/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=19d2800c6f9339dd552ebc3e7195860f208a9856340b4db1aeaeb4a234557ca6
+PKG_HASH:=1e8120c5451a38645ade0be4255d3c7f4a837b7611b44d4a5a066e563ad8a112
PKG_MAINTAINER:=Andreas Nilsen <adde88@gmail.com>
PKG_LICENSE:=MIT
endef
define Package/hcxtools/install
- $(INSTALL_DIR) $(1)/sbin
+ $(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_DIR) $(1)/etc
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlanwkp2hcx $(1)/sbin/
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlanpmk2hcx $(1)/sbin/
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlanhcxmnc $(1)/sbin/
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlanhcx2essid $(1)/sbin/
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlanjohn2hcx $(1)/sbin/
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxpcaptool $(1)/sbin/
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlanhcx2john $(1)/sbin/
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxpsktool $(1)/sbin/
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlancow2hcxpmk $(1)/sbin/
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlanhcxinfo $(1)/sbin/
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxhash2cap $(1)/sbin/
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxhashcattool $(1)/sbin/
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlanhashhcx $(1)/sbin/
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlancap2wpasec $(1)/sbin/
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlanhc2hcx $(1)/sbin/
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxwltool $(1)/sbin/
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/whoismac $(1)/sbin/
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlancap2wpasec $(1)/sbin/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlanwkp2hcx $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlanpmk2hcx $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlanhcxmnc $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlanhcx2essid $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlanjohn2hcx $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxpcaptool $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlanhcx2john $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxpsktool $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlancow2hcxpmk $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlanhcxinfo $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxhash2cap $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxhashcattool $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlanhashhcx $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlancap2wpasec $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlanhc2hcx $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxwltool $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/whoismac $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlancap2wpasec $(1)/usr/sbin/
endef
$(eval $(call BuildPackage,hcxtools))
+++ /dev/null
-#
-# Copyright (C) 2006-2015 OpenWrt.org
-# 2014 Noah Meyerhans <frodo@morgul.net>
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-include $(INCLUDE_DIR)/kernel.mk
-
-PKG_NAME:=ipsec-tools
-PKG_VERSION:=0.8.2
-PKG_RELEASE:=9
-PKG_MAINTAINER:=Noah Meyerhans <frodo@morgul.net>, \
- Vitaly Protsko <villy@sft.ru>
-PKG_LICENSE := BSD-3-Clause
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_SOURCE_URL:=@SF/ipsec-tools
-PKG_HASH:=8eb6b38716e2f3a8a72f1f549c9444c2bc28d52c9536792690564c74fe722f2d
-
-PKG_BUILD_PARALLEL:=1
-PKG_INSTALL:=1
-
-PKG_FIXUP:=autoreconf
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/ipsec-tools
- SECTION:=net
- CATEGORY:=Network
- SUBMENU:=VPN
- DEPENDS:=+libopenssl +kmod-ipsec
- TITLE:=IPsec management tools
- URL:=http://ipsec-tools.sourceforge.net/
- MAINTAINER:=Noah Meyerhans <frodo@morgul.net>
-endef
-
-CONFIGURE_ARGS += \
- --enable-shared \
- --enable-static \
- --with-kernel-headers="$(LINUX_DIR)/include" \
- --without-readline \
- --with-openssl="$(STAGING_DIR)/usr" \
- --without-libradius \
- --without-libpam \
- --enable-dpd \
- --enable-hybrid \
- --enable-security-context=no \
- --enable-natt \
- --enable-adminport \
- --enable-frag \
- $(call autoconf_bool,CONFIG_IPV6,ipv6)
-
-# override CFLAGS holding "-Werror" that break builds on compile warnings
-MAKE_FLAGS+=\
- CFLAGS="$(TARGET_CFLAGS) $(EXTRA_CFLAGS) $(TARGET_CPPFLAGS) $(EXTRA_CPPFLAGS)"
-
-define Build/Prepare
- $(call Build/Prepare/Default)
- chmod -R u+w $(PKG_BUILD_DIR)
-endef
-
-define Build/Configure
- (cd $(PKG_BUILD_DIR); touch \
- configure.ac \
- aclocal.m4 \
- Makefile.in \
- config.h.in \
- configure \
- );
- $(call Build/Configure/Default)
-ifndef CONFIG_SHADOW_PASSWORDS
- echo "#undef HAVE_SHADOW_H" >> $(PKG_BUILD_DIR)/config.h
-endif
-endef
-
-define Package/ipsec-tools/install
- $(INSTALL_DIR) $(1)/etc/racoon
- $(INSTALL_CONF) ./files/functions.sh $(1)/etc/racoon/
- $(INSTALL_BIN) ./files/p1client-up $(1)/etc/racoon/
- $(INSTALL_BIN) ./files/p1client-down $(1)/etc/racoon/
- $(INSTALL_BIN) ./files/vpnctl $(1)/etc/racoon/
- $(INSTALL_DIR) $(1)/etc/init.d
- $(INSTALL_BIN) ./files/racoon.init $(1)/etc/init.d/racoon
- $(INSTALL_DIR) $(1)/etc/config
- $(INSTALL_CONF) ./files/racoon $(1)/etc/config/
- $(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libipsec.so.* $(1)/usr/lib/
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libracoon.so.* $(1)/usr/lib/
- $(INSTALL_DIR) $(1)/usr/sbin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/plainrsa-gen $(1)/usr/sbin/
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/racoon $(1)/usr/sbin/
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/racoonctl $(1)/usr/sbin/
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/setkey $(1)/usr/sbin/
-endef
-
-define Package/ipsec-tools/conffiles
-/etc/config/racoon
-endef
-
-$(eval $(call BuildPackage,ipsec-tools))
+++ /dev/null
-#!/bin/sh
-#
-# Copyright (C) 2015 Vitaly Protsko <villy@sft.ru>
-
-errno=0
-
-get_fieldval() {
- local __data="$3"
- local __rest
-
- test -z "$1" && return
-
- while true ; do
- __rest=${__data#* }
- test "$__rest" = "$__data" && break
-
- if [ "${__data/ *}" = "$2" ]; then
- eval "$1=${__rest/ *}"
- break
- fi
-
- __data="$__rest"
- done
-}
-
-manage_fw() {
- local cmd=/usr/sbin/iptables
- local mode
- local item
-
- if [ -z "$4" ]; then
- $log "Bad usage of manage_fw"
- errno=3; return 3
- fi
-
- case "$1" in
- add|up|1) mode=A ;;
- del|down|0) mode=D ;;
- *) return 3 ;;
- esac
-
- for item in $4 ; do
- $cmd -$mode forwarding_$2_rule -s $item -j ACCEPT
- $cmd -$mode output_$3_rule -d $item -j ACCEPT
- $cmd -$mode forwarding_$3_rule -d $item -j ACCEPT
- $cmd -t nat -$mode postrouting_$3_rule -d $item -j ACCEPT
- done
-}
-
-manage_sa() {
- local spdcmd
- local rtcmd
- local gate
- local litem
- local ritem
-
- if [ -z "$4" ]; then
- $log "Bad usage of manage_sa"
- errno=3; return 3
- fi
-
- case "$1" in
- add|up|1) spdcmd=add; rtcmd=add ;;
- del|down|0) spdcmd=delete; rtcmd=del ;;
- *) errno=3; return 3 ;;
- esac
-
- get_fieldval gate src "$(/usr/sbin/ip route get $4)"
- if [ -z "$gate" ]; then
- $log "Can not find outbound IP for $4"
- errno=3; return 3
- fi
-
-
- for litem in $2 ; do
- for ritem in $3 ; do
- echo "
-spd$spdcmd $litem $ritem any -P out ipsec esp/tunnel/$gate-$4/require;
-spd$spdcmd $ritem $litem any -P in ipsec esp/tunnel/$4-$gate/require;
-" | /usr/sbin/setkey -c 1>&2
- done
- done
-
- test -n "$5" && gate=$5
-
- for ritem in $3 ; do
- (sleep 3; /usr/sbin/ip route $rtcmd $ritem via $gate) &
- done
-}
-
-manage_nonesa() {
- local spdcmd
- local item
- local cout cin
-
- if [ -z "$4" ]; then
- $log "Bad usage of manage_nonesa"
- errno=3; return 3
- fi
-
- case "$1" in
- add|up|1) spdcmd=add ;;
- del|down|0) spdcmd=delete ;;
- *) errno=3; return 3 ;;
- esac
-
- case "$2" in
- local|remote) ;;
- *) errno=3; return 3 ;;
- esac
-
- for item in $3 ; do
- if [ "$2" = "local" ]; then
- cout="$4 $item"
- cin="$item $4"
- else
- cout="$item $4"
- cin="$4 $item"
- fi
- echo "
-spd$spdcmd $cout any -P out none;
-spd$spdcmd $cin any -P in none;
-" | /usr/sbin/setkey -c 1>&2
- done
-}
-
-. /lib/functions/network.sh
-
-get_zoneiflist() {
- local item
- local data
- local addr
-
- item=0
- data=$(uci get firewall.@zone[0].name)
- while [ -n "$data" ]; do
- test "$data" = "$1" && break
- let "item=$item+1"
- data=$(uci get firewall.@zone[$item].name)
- done
-
- if [ -z "$data" ]; then
- errno=1
- return $errno
- fi
- data=$(uci get firewall.@zone[$item].network)
-
- echo "$data"
-}
-
-get_zoneiplist() {
- local item
- local addr
- local data
- local result
-
- data=$(get_zoneiflist $1)
- test $? -gt 0 -o $errno -gt 0 -o -z "$data" && return $errno
-
- for item in $data ; do
- if network_is_up $item ; then
- network_get_ipaddrs addr $item
- test $? -eq 0 && result="$result $addr"
- fi
- done
-
- result=$(echo $result)
- echo "$result"
-}
-
-
-# EOF /etc/racoon/functions.sh
+++ /dev/null
-#!/bin/sh
-#
-
-log="logger -t p1client-down[$$]"
-
-. /lib/functions.sh
-. /etc/racoon/functions.sh
-
-if [ -z "$SPLIT_INCLUDE_CIDR" ]; then
- $log "Connection without server-pushed routing is not supported"
- exit 1
-fi
-
-$log "Shutting down tunnel to server $REMOTE_ADDR"
-$log "Closing tunnel(-s) to $SPLIT_INCLUDE_CIDR through $INTERNAL_ADDR4"
-
-config_load racoon
-config_get confIntZone racoon int_zone lan
-config_get confExtZone racoon ext_zone wan
-
-manage_fw del $confIntZone $confExtZone "$INTERNAL_ADDR4 $SPLIT_INCLUDE_CIDR"
-
-data=$(get_zoneiflist $confIntZone)
-if [ -n "$data" ]; then
- for item in $data ; do
- network_get_subnet locnet $item
- if [ -n "$locnet" ]; then
- manage_sa del "$locnet" "$SPLIT_INCLUDE_CIDR" $REMOTE_ADDR $INTERNAL_ADDR4
- else
- $log "Can not find subnet on interface $item"
- fi
- done
-else
- $log "Can not find subnets in zone $confIntZone"
-fi
-
-get_fieldval data dev "$(/usr/sbin/ip route get $REMOTE_ADDR)"
-ip address del $INTERNAL_ADDR4/32 dev $data
-
-
-# EOF /etc/racoon/p1client-down
+++ /dev/null
-#!/bin/sh
-#
-
-log="logger -t p1client-up[$$]"
-
-. /lib/functions.sh
-. /etc/racoon/functions.sh
-
-if [ -z "$SPLIT_INCLUDE_CIDR" ]; then
- $log "Connection without server-pushed routing is not supported"
- exit 1
-fi
-
-$log "Setting up tunnel to server $REMOTE_ADDR"
-$log "Making tunnel(-s) to $SPLIT_INCLUDE_CIDR through $INTERNAL_ADDR4"
-
-get_fieldval data dev "$(/usr/sbin/ip route get $REMOTE_ADDR)"
-ip address add $INTERNAL_ADDR4/32 dev $data
-
-config_load racoon
-config_get confIntZone racoon int_zone lan
-config_get confExtZone racoon ext_zone wan
-
-data=$(get_zoneiflist $confIntZone)
-if [ -n "$data" ]; then
- for item in $data ; do
- network_get_subnet locnet $item
- if [ -n "$locnet" ]; then
- manage_sa add "$locnet" "$SPLIT_INCLUDE_CIDR" $REMOTE_ADDR $INTERNAL_ADDR4
- else
- $log "Can not find subnet on interface $item"
- fi
- done
-else
- $log "Can not find interfaces in zone $confIntZone"
-fi
-
-manage_fw add $confIntZone $confExtZone "$INTERNAL_ADDR4 $SPLIT_INCLUDE_CIDR"
-
-
-# EOF /etc/racoon/p1client-up
+++ /dev/null
-#/etc/config/racoon
-#
-# Copyright 2015 Vitaly Protsko <villy@sft.ru>
-
-# * WARNING: this is "not working" example
-# * Defaults are commented out
-# * Resuting config will appear in /var/racoon/
-
-config racoon
-# option debug 0
-# option ext_zone 'wan'
-# option int_zone 'lan'
-# option port 500
-# option natt_port 4500
-# following 4 or 6, no default
-# option ipversion 4
-
-config p1_proposal 'example_prop1'
-# option lifetime 28800
- option enc_alg 'aes'
- option hash_alg 'sha1'
- option auth_method 'rsasig'
- option dh_group 2
-
-config p1_proposal 'example_anon'
-# option lifetime 28800
- option enc_alg 'aes'
- option hash_alg 'sha1'
- option auth_method 'xauth_rsa_server'
- option dh_group 2
-
-config p1_proposal 'example_xauth'
-# option lifetime 28800
- option enc_alg 'aes'
- option hash_alg 'sha1'
- option auth_method 'xauth_rsa_client'
- option dh_group 2
-
-config p2_proposal 'example_prop2'
- option pfs_group 2
- option enc_alg 'aes'
- option auth_alg 'hmac_sha1'
-
-config p2_proposal 'example_in2'
- option pfs_group 2
-# option lifetime 14400
- option enc_alg 'aes'
- option auth_alg 'hmac_sha1'
-
-config sainfo 'office'
- option p2_proposal 'example_prop2'
- option local_net '192.168.8.0/24'
- option remote_net '192.168.1.0/24'
-# you can exclude some local or remote
-# addresses from SA rules
- list local_exclude '192.168.8.0/30'
- list remote_exclude '192.168.1.128/29'
-
-config sainfo 'welcome'
- option p2_proposal 'example_in2'
- option local_net '192.168.8.0/24'
- option remote_net '192.168.10.0/24'
- option dns4 '192.168.8.1'
- option defdomain 'myhome.local'
-
-config sainfo 'client'
- option p2_proposal 'std_p2'
-
-config tunnel 'Office'
- option enabled 1
-# initial_contact
-# option init 1
- option remote 'vpn.example.tld'
- option exchange_mode 'main'
- option certificate 'example_cert'
-# option peer_id_type 'asn1dn'
-# option prop_check 'obey'
-# option verify_id 1
-# option weak_p1check 1
-# option dpd_delay ''
- list p1_proposal 'example_prop1'
- list sainfo 'office'
-
-# WARNING: Only ONE tunnel with remote anonymous
-# can be configured and it can have only
-# ONE sainfo. Otherwise resulting racoon
-# configuration will be unusable
-config tunnel 'Incoming'
- option enabled 1
- option remote 'anonymous'
- option pre_shared_key 'testitnow'
- option exchange_mode 'aggressive,main'
- option my_id_type 'fqdn'
- option my_id 'myserver.homeip.net'
- list p1_proposal 'example_anon'
- list sainfo 'welcome'
-
-config tunnel 'Client'
- option enabled 1
- option remote 'vpn.example.tld'
- option username 'testuser'
- option password 'testW0rD'
-# option mode_cfg 1
- list p1_proposal 'example_xauth'
- list sainfo 'client'
-
-# Insert corresponding data in PEM format as one line
-config 'certificate' 'example_cert'
- option 'key' '-----BEGIN PRIVATE KEY----- ~ -----END PRIVATE KEY-----'
- option 'crt' '-----BEGIN CERTIFICATE----- ~ -----END CERTIFICATE-----'
-
-config 'certificate' 'example_ca_cert'
- option 'crt' '-----BEGIN CERTIFICATE----- ~ -----END CERTIFICATE-----'
+++ /dev/null
-#!/bin/sh /etc/rc.common
-#
-# Copyright (C) 2015 Vitaly Protsko <villy@sft.ru>
-
-#set -vx
-
-USE_PROCD=1
-
-START=60
-STOP=40
-
-let connWait=2/2
-confDir=/var/racoon
-confExtZone=
-confIntZone=
-confPort=
-confNATPort=
-confIPMode=
-
-confPh1ID=0
-
-log="logger -t init.d/racoon[$$] "
-
-. /etc/racoon/functions.sh
-
-setup_load() {
- config_get confExtZone "$1" ext_zone wan
- config_get confIntZone "$1" int_zone lan
- config_get confPort "$1" port 500
- config_get confNATPort "$1" natt_port 4500
- config_get confIPMode "$1" ipversion ""
-
- case X$confIPMode in
- X4|X6) ;;
- *) unset confIPMode ;;
- esac
-}
-
-write_header() {
- echo "
-# autogenerated, don't edit, look at /etc/config/racoon
-#
-path certificate \"$confDir/cert\";
-path script \"/etc/racoon\";
-path pre_shared_key \"$confDir/psk.txt\";
-path pidfile \"$confDir/racoon.pid\";
-padding { maximum_length 20; randomize off; strict_check off; exclusive_tail off; }
-timer { counter 5; interval 20 sec; persend 1; phase1 30 sec; phase2 15 sec; }
-"
-}
-
-setup_conf() {
- local conf=$confDir/racoon.conf
- local peerconf=$confDir/peers.txt
- local pskconf=$confDir/psk.txt
- local item
- local data
-
- data="$(get_zoneiplist $confExtZone)"
- if [ "X$data" = X ]; then
- $log "No IP addresses found for zone $confExtZone, exitng"
- errno=2; return 2
- fi
-
- write_header > $conf
- echo -n > $peerconf
- echo -n > $pskconf
- chmod 0600 $conf $peerconf $pskconf
-
- echo "listen {" >> $conf
- for item in $data ; do
- echo " isakmp $item [$confPort]; isakmp_natt $item [$confNATPort];" >> $conf
- done
- echo "}" >> $conf
-
- config_get_bool item "$1" debug 0
- data=warning
- test $item -ne 0 && data=debug
- echo "log $data;" >> $conf
-
- setup_fw add
-}
-
-setup_p1() {
- local conf=$confDir/racoon.conf
- local data
-
- echo " proposal {" >> $conf
- config_get data "$1" lifetime 28800
- echo " lifetime time $data sec;" >> $conf
-
- config_get data "$1" enc_alg
- test -n "$data" && echo " encryption_algorithm $data;" >> $conf
-
- config_get data "$1" hash_alg
- test -n "$data" && echo " hash_algorithm $data;" >> $conf
-
- config_get data "$1" auth_method
- test -n "$data" && echo " authentication_method $data;" >> $conf
-
- config_get data "$1" dh_group 2
- echo -e " dh_group $data;\n }" >> $conf
-}
-
-setup_fw() {
- local cmd=/usr/sbin/iptables
- local mode
-
- case "$1" in
- add|up|1) mode=A ;;
- del|down|0) mode=D ;;
- *) return 3 ;;
- esac
-
- $cmd -$mode input_${confExtZone}_rule -p AH -j ACCEPT
- $cmd -$mode input_${confExtZone}_rule -p ESP -j ACCEPT
- $cmd -$mode input_${confExtZone}_rule -p UDP --dport $confPort -j ACCEPT
- $cmd -$mode input_${confExtZone}_rule -p UDP --dport $confNATPort -j ACCEPT
-}
-
-setup_sa() {
- local conf=$confDir/racoon.conf
- local remote="${2/ *}"
- local client="${2#* }"
- local locnet
- local remnet
- local p2
- local data
-
- test "$2" = "$client" && unset client
-
- if [ -z "$client" ]; then
- config_get locnet "$1" local_net
- config_get remnet "$1" remote_net
- if [ -z "$locnet" ] || [ -z "$remnet" ]; then
- $log "Remote and local networks for $1 must be configured ($2)"
- errno=4; return 4
- fi
-
- if [ "$remote" = "anonymous" ]; then
- echo "sainfo anonymous {" >> $conf
- else
- echo "sainfo address $locnet any address $remnet any {" >> $conf
- fi
- else
- echo "sainfo anonymous {" >> $conf
- fi
-
- config_get p2 "$1" p2_proposal
- if [ -z "$p2" ]; then
- $log "Phase2 proposal must be configured in $1 sainfo"
- errno=5; return 5
- fi
-
- echo " remoteid $confPh1ID;" >> $conf
-
- config_get data "$p2" pfs_group
- test -n "$data" && echo " pfs_group $data;" >> $conf
- config_get data "$p2" lifetime 14400
- test -n "$data" && echo " lifetime time $data sec;" >> $conf
- config_get data "$p2" enc_alg
- test -n "$data" && echo " encryption_algorithm $data;" >> $conf
- config_get data "$p2" auth_alg
- test -n "$data" && echo " authentication_algorithm $data;" >> $conf
-
- echo -e " compression_algorithm deflate;\n}" >> $conf
-
- if [ "$remote" = "anonymous" ]; then
- echo -e "mode_cfg {\n auth_source system;\n conf_source local;" >> $conf
-
- config_get data "$1" dns4
- test -n "$data" && echo " dns4 $data;" >> $conf
- config_get data "$1" defdomain
- test -n "$data" && echo " default_domain \"$data\";" >> $conf
-
- data=${remnet%/*}
- let "data=${data##*.}+1"
- echo " network4 ${remnet%.*}.$data;" >> $conf
-
- let "data=255<<(24-${remnet#*/}+8)&255"
- echo " netmask4 255.255.255.$data;" >> $conf
-
- echo -e " split_network include $locnet;\n}" >> $conf
-
- elif [ -z "$client" ]; then
- config_list_foreach "$1" remote_exclude manage_nonesa add remote "$locnet"
- config_list_foreach "$1" local_exclude manage_nonesa add local "$remnet"
- manage_sa add "$locnet" "$remnet" $remote
- test $? -gt 0 -o $errno -gt 0 && return $errno
-
- manage_fw add $confIntZone $confExtZone "$remnet"
- fi
-}
-
-setup_tunnel() {
- local conf=$confDir/racoon.conf
- local peerconf=$confDir/peers.txt
- local data
- local remote
- local xauth
-
- config_get_bool data "$1" enabled 0
- test "$data" = "0" && return 0
-
- config_get remote "$1" remote
- if [ "$remote" = "anonymous" ]; then
- echo -e "remote anonymous {\n generate_policy on;" >> $conf
- else
- data=$(nslookup "$remote" | awk 'NR == 5 {print $3}')
- test -n "$data" && remote="$data"
- echo -e "remote \"$1\" {\n remote_address $remote;" >> $conf
- echo "$data" >> $peerconf
- fi
-
- config_get data "$1" pre_shared_key ""
- if [ -n "$data" ]; then
- if [ "$remote" != "anonymous" ]; then
- echo "$remote $data" >> $confDir/psk.txt
- else
- echo "* $data" >> $confDir/psk.txt
- fi
- fi
-
- let confPh1ID=$confPh1ID+1
- echo " ph1id $confPh1ID;" >> $conf
-
- config_get xauth "$1" username ""
-
- config_get data "$1" certificate ""
- if [ -n "$data" ]; then
- echo -en " verify_cert on;\n my_identifier asn1dn;\n certificate_type x509 " >> $conf
- echo -en "\"$data.crt\" \"$data.key\";\n send_cr off;\n peers_identifier " >> $conf
- else
- config_get data "$1" my_id_type ""
- if [ -n "$data" ]; then
- echo -n " my_identifier $data" >> $conf
- config_get data "$1" my_id ""
- if [ -n "$data" ]; then
- echo " \"$data\";" >> $conf
- elif [ -n "$xauth" ]; then
- echo " \"$xauth\";" >> $conf
- else
- echo ";" >> $conf
- fi
- elif [ -n "$xauth" ]; then
- echo " my_identifier user_fqdn \"$xauth\";" >> $conf
- fi
- echo -n " peers_identifier " >> $conf
- fi
-
- if [ "$remote" = "anonymous" ]; then
- echo "user_fqdn;" >> $conf
- else
- config_get data "$1" peer_id_type "asn1dn"
- echo -n "$data" >> $conf
-
- config_get data "$1" peer_id ""
- test -n "$data" && echo -n " \"$data\"" >> $conf
-
- echo ";" >> $conf
- fi
-
- if [ -n "$xauth" ]; then
- config_get data "$1" password
- if [ -z "$data" ]; then
- $log "Password must be given in $1 tunnel"
- errno=7; return 7
- fi
- echo "$xauth $data" >> $confDir/psk.txt
-
- echo " xauth_login \"$xauth\";" >> $conf
- echo -e " script \"p1client-up\" phase1_up;\n script \"p1client-down\" phase1_down;" >> $conf
- fi
-
- config_get data "$1" exchange_mode
- if [ -z "$data" ]; then
- data=main
- test -n "$xauth" && data="${data},aggressive"
- fi
- echo -e " exchange_mode $data;\n nat_traversal on;\n support_proxy on;" >> $conf
-
- config_get data "$1" prop_check "obey"
- test -n "$data" && echo " proposal_check $data;" >> $conf
-
- config_get_bool data "$1" weak_p1check 1
- if [ $data -eq 0 ]; then data=off; else data=on; fi
- echo " weak_phase1_check $data;" >> $conf
-
- config_get_bool data "$1" verify_id 1
- if [ $data -eq 0 ]; then data=off; else data=on; fi
- echo " verify_identifier $data;" >> $conf
-
- config_get data "$1" dpd_delay ""
- test -n "$data" && echo " dpd_delay $data;" >> $conf
-
- unset data
- test -n "$xauth" && data="on"
- config_get data "$1" mode_cfg "$data"
- test -n "$data" && echo " mode_cfg $data;" >> $conf
-
- config_get_bool data "$1" init 0
- if [ $data -eq 0 ]; then data=off; else data=on; fi
- echo " initial_contact $data;" >> $conf
-
-
- config_list_foreach "$1" p1_proposal setup_p1
- echo "}" >> $conf
-
- config_list_foreach "$1" sainfo setup_sa "$remote $xauth"
-}
-
-setup_cert() {
- local item
- local data
-
- for item in key crt ; do
- config_get data "$1" $item ""
- test -z "$data" && continue
-
- echo "$data" |\
- sed 's/-\+[A-Z ]\+-\+/\n&\n/g' | sed 's/.\{50,50\}/&\n/g' | sed '/^$/d'\
- > $confDir/cert/$1.$item
-
- chmod 600 $confDir/cert/$1.$item
- done
-
- if [ -s $confDir/cert/$1.crt ]; then
- data=$(openssl x509 -noout -hash -in $confDir/cert/$1.crt)
- ln -sf $confDir/cert/$1.crt $confDir/cert/$data.0
- fi
-}
-
-destroy_sa() {
- local locnet
- local remnet
-
- config_get locnet "$1" local_net
- config_get remnet "$1" remote_net
- if [ -z "$locnet" ] || [ -z "$remnet" ]; then
- $log "Remote and local networks for $1 must be configured"
- errno=4; return 4
- fi
-
- config_list_foreach "$1" remote_exclude manage_nonesa del remote "$locnet"
- config_list_foreach "$1" local_exclude manage_nonesa del local "$remnet"
- manage_sa del "$locnet" "$remnet" $2
- manage_fw del $confIntZone $confExtZone "$remnet"
-}
-
-destroy_tunnel() {
- local data
-
- config_get_bool data "$1" enabled 0
- test "$data" = "0" && return 0
-
- config_get remote "$1" remote
- data=$(nslookup "$remote" | awk 'NR == 5 {print $3}')
- test -n "$data" && remote="$data"
-
- config_get data "$1" username ""
- if [ -z "$data" ]; then
- config_list_foreach "$1" sainfo destroy_sa $remote
- fi
-}
-
-destroy_conf() {
- setup_fw del
-}
-
-check_software() {
- local item
-
- for item in /usr/sbin/setkey /usr/bin/openssl /usr/sbin/ip ; do
- if [ ! -x $item ]; then
- $log "Needed program $item not found, exiting"
- errno=9; return 9
- fi
- done
-}
-
-cleanup_conf() {
- config_load racoon
- config_foreach setup_load racoon
- config_foreach destroy_conf racoon
- config_foreach destroy_tunnel tunnel
-
- /usr/sbin/setkey -P -F
- /usr/sbin/setkey -F
-}
-
-check_dir() {
- local item
-
- for item in $confDir $confDir/cert ; do
- if [ ! -d $item ]; then
- mkdir -m 0700 -p $item
- fi
- done
-}
-
-wait4wanzone() {
- local item=$connWait
- local data
-
- data="$(get_zoneiplist $confExtZone)"
- while [ $item -gt 0 ]; do
- test -n "$data" && break
- sleep 2
- let "item=$item-1"
- data="$(get_zoneiplist $confExtZone)"
- done
-
- test -z "$data" && return 10
-}
-
-start_service() {
- check_software
- test $? -gt 0 -o $errno -gt 0 && exit $errno
-
- check_dir
-
- config_load racoon
- config_foreach setup_load racoon
-
- config_foreach wait4wanzone racoon
- if [ $? -gt 0 ] || [ $errno -gt 0 ]; then
- $log "No active interfaces in $confExtZone zone found, exiting"
- exit $errno
- fi
-
- config_foreach setup_conf racoon
- test $? -gt 0 -o $errno -gt 0 && exit $errno
-
- config_foreach setup_tunnel tunnel
- test $? -gt 0 -o $errno -gt 0 && exit $errno
-
- config_foreach setup_cert certificate
-
- procd_open_instance
- procd_set_param command /usr/sbin/racoon
- test -n "$confIPMode" && procd_append_param command -$confIPMode
- procd_append_param command -F -f $confDir/racoon.conf
- procd_set_param file $confDir/racoon.conf
- procd_close_instance
-
- if [ -x /etc/racoon/vpnctl ]; then
- let connWait=$connWait*2+2
- ( sleep $connWait; /etc/racoon/vpnctl up ) &
- fi
-}
-
-service_triggers() {
- local item
- local data
-
- procd_add_reload_trigger "racoon" "network"
-
- config_load racoon
- config_foreach setup_load racoon
-
- data=$(get_zoneiflist $confExtZone)
- if [ $? -gt 0 ] || [ $errno -gt 0 ] || [ -z "$data" ]; then
- $log "Can not find interfaces for $confExtZone zone"
- else
- for item in $data ; do
- procd_add_reload_interface_trigger $item
- done
- fi
-}
-
-stop_service() {
- cleanup_conf
- procd_kill racoon
-}
-
-trap "cleanup_conf" 1 2 3 4 5 6 7 8 9 10
-
-
-# EOF /etc/init.d/racoon
+++ /dev/null
-#!/bin/sh
-#
-
-case X$1 in
- Xup|X1|Xstart) connMode=vpn-connect ;;
- Xdown|X0|Xstop) connMode=vpn-disconnect ;;
- *)
- echo "Usage: $0: up|1|start || down|0|stop"
- exit 1 ;;
-esac
-
-if [ -s /var/racoon/peers.txt ]; then
- (while read ipa ; do
- racoonctl $connMode $ipa
- done) < /var/racoon/peers.txt
-fi
-
-
-# EOF /usr/bin/vpnctl
+++ /dev/null
---- a/src/racoon/oakley.c
-+++ b/src/racoon/oakley.c
-@@ -2424,8 +2424,21 @@ oakley_skeyid(iph1)
- plog(LLV_ERROR, LOCATION, iph1->remote,
- "couldn't find the pskey for %s.\n",
- saddrwop2str(iph1->remote));
-+ }
-+ }
-+ if (iph1->authstr == NULL) {
-+ /*
-+ * If we could not locate a psk above try and locate
-+ * the default psk, ie, "*".
-+ */
-+ iph1->authstr = privsep_getpsk("*", 1);
-+ if (iph1->authstr == NULL) {
-+ plog(LLV_ERROR, LOCATION, iph1->remote,
-+ "couldn't find the the default pskey either.\n");
- goto end;
- }
-+ plog(LLV_NOTIFY, LOCATION, iph1->remote,
-+ "Using default PSK.\n");
- }
- plog(LLV_DEBUG, LOCATION, NULL, "the psk found.\n");
- /* should be secret PSK */
+++ /dev/null
---- a/src/racoon/cftoken.l
-+++ b/src/racoon/cftoken.l
-@@ -104,6 +104,8 @@ static struct include_stack {
- static int incstackp = 0;
-
- static int yy_first_time = 1;
-+
-+int yywrap(void) { return 1; }
- %}
-
- /* common seciton */
---- a/src/setkey/token.l
-+++ b/src/setkey/token.l
-@@ -86,6 +86,8 @@
- #if defined(SADB_X_EALG_AES) && ! defined(SADB_X_EALG_AESCBC)
- #define SADB_X_EALG_AESCBC SADB_X_EALG_AES
- #endif
-+
-+int yywrap(void) { return 1; }
- %}
-
- /* common section */
+++ /dev/null
---- a/src/racoon/isakmp_cfg.c
-+++ b/src/racoon/isakmp_cfg.c
-@@ -38,7 +38,7 @@
- #include <sys/socket.h>
- #include <sys/queue.h>
-
--#include <utmpx.h>
-+#include <utmp.h>
- #if defined(__APPLE__) && defined(__MACH__)
- #include <util.h>
- #endif
-@@ -1664,7 +1664,8 @@ isakmp_cfg_accounting_system(port, raddr
- int inout;
- {
- int error = 0;
-- struct utmpx ut;
-+ struct utmp ut;
-+ char term[UT_LINESIZE];
- char addr[NI_MAXHOST];
-
- if (usr == NULL || usr[0]=='\0') {
-@@ -1673,34 +1674,37 @@ isakmp_cfg_accounting_system(port, raddr
- return -1;
- }
-
-- memset(&ut, 0, sizeof ut);
-- gettimeofday((struct timeval *)&ut.ut_tv, NULL);
-- snprintf(ut.ut_id, sizeof ut.ut_id, TERMSPEC, port);
-+ sprintf(term, TERMSPEC, port);
-
- switch (inout) {
- case ISAKMP_CFG_LOGIN:
-- ut.ut_type = USER_PROCESS;
-- strncpy(ut.ut_user, usr, sizeof ut.ut_user);
-+ strncpy(ut.ut_name, usr, UT_NAMESIZE);
-+ ut.ut_name[UT_NAMESIZE - 1] = '\0';
-+
-+ strncpy(ut.ut_line, term, UT_LINESIZE);
-+ ut.ut_line[UT_LINESIZE - 1] = '\0';
-
- GETNAMEINFO_NULL(raddr, addr);
-- strncpy(ut.ut_host, addr, sizeof ut.ut_host);
-+ strncpy(ut.ut_host, addr, UT_HOSTSIZE);
-+ ut.ut_host[UT_HOSTSIZE - 1] = '\0';
-+
-+ ut.ut_time = time(NULL);
-
- plog(LLV_INFO, LOCATION, NULL,
- "Accounting : '%s' logging on '%s' from %s.\n",
-- ut.ut_user, ut.ut_id, addr);
--
-- pututxline(&ut);
-+ ut.ut_name, ut.ut_line, ut.ut_host);
-
-+ login(&ut);
-+
- break;
- case ISAKMP_CFG_LOGOUT:
-- ut.ut_type = DEAD_PROCESS;
-
- plog(LLV_INFO, LOCATION, NULL,
- "Accounting : '%s' unlogging from '%s'.\n",
-- usr, ut.ut_id);
--
-- pututxline(&ut);
-+ usr, term);
-
-+ logout(term);
-+
- break;
- default:
- plog(LLV_ERROR, LOCATION, NULL, "Unepected inout\n");
+++ /dev/null
---- a/src/racoon/ipsec_doi.c
-+++ b/src/racoon/ipsec_doi.c
-@@ -3581,8 +3581,8 @@ ipsecdoi_checkid1(iph1)
- iph1->approval->authmethod == OAKLEY_ATTR_AUTH_METHOD_PSKEY) {
- if (id_b->type != IPSECDOI_ID_IPV4_ADDR
- && id_b->type != IPSECDOI_ID_IPV6_ADDR) {
-- plog(LLV_ERROR, LOCATION, NULL,
-- "Expecting IP address type in main mode, "
-+ plog(LLV_WARNING, LOCATION, NULL,
-+ "Expecting IP address type in main mode (RFC2409) , "
- "but %s.\n", s_ipsecdoi_ident(id_b->type));
- return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
- }
+++ /dev/null
---- a/src/racoon/isakmp.c
-+++ b/src/racoon/isakmp.c
-@@ -31,6 +31,8 @@
- * SUCH DAMAGE.
- */
-
-+#define __packed __attribute__((__packed__))
-+
- #include "config.h"
-
- #include <sys/types.h>
+++ /dev/null
---- a/configure.ac
-+++ b/configure.ac
-@@ -74,9 +74,10 @@ case "$host_os" in
- [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ])
-
- AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, ,
-- [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h,
-- KERNEL_INCLUDE=/usr/src/linux/include ,
-- [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] )
-+ [ AC_CHECK_HEADER($KERNEL_INCLUDE/uapi/linux/pfkeyv2.h, ,
-+ [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h,
-+ KERNEL_INCLUDE=/usr/src/linux/include ,
-+ [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] ) ] )
- AC_SUBST(KERNEL_INCLUDE)
- # We need the configure script to run with correct kernel headers.
- # However we don't want to point to kernel source tree in compile time,
-@@ -643,7 +644,14 @@ AC_EGREP_CPP(yes,
- #ifdef SADB_X_EXT_NAT_T_TYPE
- yes
- #endif
--], [kernel_natt="yes"])
-+], [kernel_natt="yes"], [
-+ AC_EGREP_CPP(yes,
-+ [#include <uapi/linux/pfkeyv2.h>
-+ #ifdef SADB_X_EXT_NAT_T_TYPE
-+ yes
-+ #endif
-+ ], [kernel_natt="yes"])
-+])
- ;;
- freebsd*|netbsd*)
- # NetBSD case
---- a/src/include-glibc/Makefile.am
-+++ b/src/include-glibc/Makefile.am
-@@ -1,14 +1,7 @@
--
--.includes: ${top_builddir}/config.status
-- ln -snf $(KERNEL_INCLUDE)/linux
-- touch .includes
--
--all: .includes
--
- EXTRA_DIST = \
- glibc-bugs.h \
- net/pfkeyv2.h \
- netinet/ipsec.h \
- sys/queue.h
-
--DISTCLEANFILES = .includes linux
-+DISTCLEANFILES = linux
+++ /dev/null
---- a/configure.ac
-+++ b/configure.ac
-@@ -732,7 +732,8 @@ case $host in
- ],
- [AC_MSG_RESULT(yes)
- AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])],
-- [AC_MSG_RESULT(no)])
-+ [AC_MSG_RESULT(forced)
-+ AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])])
- ;;
- *)
- AC_MSG_RESULT(no)
+++ /dev/null
-Fix null dereference in racoon/gssapi.c (CVE-2015-4047)
-
---- a/src/racoon/gssapi.c
-+++ b/src/racoon/gssapi.c
-@@ -192,6 +192,11 @@ gssapi_init(struct ph1handle *iph1)
- gss_name_t princ, canon_princ;
- OM_uint32 maj_stat, min_stat;
-
-+ if (iph1->rmconf == NULL) {
-+ plog(LLV_ERROR, LOCATION, NULL, "no remote config\n");
-+ return -1;
-+ }
-+
- gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state));
- if (gps == NULL) {
- plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n");
+++ /dev/null
---- a/src/racoon/grabmyaddr.c
-+++ b/src/racoon/grabmyaddr.c
-@@ -47,7 +47,6 @@
- #include <net/route.h>
- #include <net/if.h>
- #include <net/if_dl.h>
--#include <sys/sysctl.h>
- #define USE_ROUTE
- #endif
-
---- a/src/racoon/pfkey.c
-+++ b/src/racoon/pfkey.c
-@@ -59,7 +59,6 @@
- #include <sys/param.h>
- #include <sys/socket.h>
- #include <sys/queue.h>
--#include <sys/sysctl.h>
-
- #include <net/route.h>
- #include <net/pfkeyv2.h>
---- a/src/setkey/setkey.c
-+++ b/src/setkey/setkey.c
-@@ -40,7 +40,6 @@
- #include <sys/socket.h>
- #include <sys/time.h>
- #include <sys/stat.h>
--#include <sys/sysctl.h>
- #include <err.h>
- #include <netinet/in.h>
- #include <net/pfkeyv2.h>
---- a/src/libipsec/ipsec_strerror.h
-+++ b/src/libipsec/ipsec_strerror.h
-@@ -34,6 +34,8 @@
- #ifndef _IPSEC_STRERROR_H
- #define _IPSEC_STRERROR_H
-
-+#include <sys/cdefs.h>
-+
- extern int __ipsec_errcode;
- extern void __ipsec_set_strerror __P((const char *));
-
---- a/src/libipsec/libpfkey.h
-+++ b/src/libipsec/libpfkey.h
-@@ -34,6 +34,8 @@
- #ifndef _LIBPFKEY_H
- #define _LIBPFKEY_H
-
-+#include <sys/cdefs.h>
-+
- #ifndef KAME_LIBPFKEY_H
- #define KAME_LIBPFKEY_H
-
---- a/src/racoon/backupsa.c
-+++ b/src/racoon/backupsa.c
-@@ -276,9 +276,9 @@ do { \
- GETNEXTNUM(sa_args.a_keylen, strtoul);
- GETNEXTNUM(sa_args.flags, strtoul);
- GETNEXTNUM(sa_args.l_alloc, strtoul);
-- GETNEXTNUM(sa_args.l_bytes, strtouq);
-- GETNEXTNUM(sa_args.l_addtime, strtouq);
-- GETNEXTNUM(sa_args.l_usetime, strtouq);
-+ GETNEXTNUM(sa_args.l_bytes, strtoull);
-+ GETNEXTNUM(sa_args.l_addtime, strtoull);
-+ GETNEXTNUM(sa_args.l_usetime, strtoull);
- GETNEXTNUM(sa_args.seq, strtoul);
-
- #undef GETNEXTNUM
---- a/src/racoon/cftoken.l
-+++ b/src/racoon/cftoken.l
-@@ -77,6 +77,10 @@
-
- #include "cfparse.h"
-
-+#ifndef GLOB_TILDE
-+#define GLOB_TILDE 0
-+#endif
-+
- int yyerrorcount = 0;
-
- #if defined(YIPS_DEBUG)
---- a/src/racoon/logger.h
-+++ b/src/racoon/logger.h
-@@ -34,6 +34,8 @@
- #ifndef _LOGGER_H
- #define _LOGGER_H
-
-+#include <sys/cdefs.h>
-+
- struct log {
- int head;
- int siz;
---- a/src/racoon/misc.h
-+++ b/src/racoon/misc.h
-@@ -34,6 +34,8 @@
- #ifndef _MISC_H
- #define _MISC_H
-
-+#include <sys/cdefs.h>
-+
- #define BIT2STR(b) bit2str(b, sizeof(b)<<3)
-
- #ifdef HAVE_FUNC_MACRO
---- a/src/racoon/missing/crypto/sha2/sha2.h
-+++ b/src/racoon/missing/crypto/sha2/sha2.h
-@@ -40,6 +40,8 @@
- #ifndef __SHA2_H__
- #define __SHA2_H__
-
-+#include <sys/cdefs.h>
-+
- #ifdef __cplusplus
- extern "C" {
- #endif
---- a/src/racoon/netdb_dnssec.h
-+++ b/src/racoon/netdb_dnssec.h
-@@ -34,6 +34,8 @@
- #ifndef _NETDB_DNSSEC_H
- #define _NETDB_DNSSEC_H
-
-+#include <sys/cdefs.h>
-+
- #ifndef T_CERT
- #define T_CERT 37 /* defined by RFC2538 section 2 */
- #endif
---- a/src/racoon/plog.h
-+++ b/src/racoon/plog.h
-@@ -34,6 +34,8 @@
- #ifndef _PLOG_H
- #define _PLOG_H
-
-+#include <sys/cdefs.h>
-+
- #ifdef HAVE_STDARG_H
- #include <stdarg.h>
- #else
---- a/src/racoon/str2val.h
-+++ b/src/racoon/str2val.h
-@@ -34,6 +34,8 @@
- #ifndef _STR2VAL_H
- #define _STR2VAL_H
-
-+#include <sys/cdefs.h>
-+
- extern caddr_t val2str __P((const char *, size_t));
- extern char *str2val __P((const char *, int, size_t *));
-
---- a/src/racoon/vmbuf.h
-+++ b/src/racoon/vmbuf.h
-@@ -34,6 +34,8 @@
- #ifndef _VMBUF_H
- #define _VMBUF_H
-
-+#include <sys/cdefs.h>
-+
- /*
- * bp v
- * v v
---- a/src/setkey/extern.h
-+++ b/src/setkey/extern.h
-@@ -1,6 +1,6 @@
- /* $NetBSD: extern.h,v 1.5 2009/03/06 11:45:03 tteras Exp $ */
-
--
-+#include <sys/cdefs.h>
-
- void parse_init __P((void));
- int parse __P((FILE **));
---- a/src/racoon/isakmp_cfg.c
-+++ b/src/racoon/isakmp_cfg.c
-@@ -1694,8 +1694,6 @@ isakmp_cfg_accounting_system(port, raddr
- "Accounting : '%s' logging on '%s' from %s.\n",
- ut.ut_name, ut.ut_line, ut.ut_host);
-
-- login(&ut);
--
- break;
- case ISAKMP_CFG_LOGOUT:
-
-@@ -1703,8 +1701,6 @@ isakmp_cfg_accounting_system(port, raddr
- "Accounting : '%s' unlogging from '%s'.\n",
- usr, term);
-
-- logout(term);
--
- break;
- default:
- plog(LLV_ERROR, LOCATION, NULL, "Unepected inout\n");
+++ /dev/null
-Description: Fix remotely exploitable DoS. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10396
-Source: vendor; https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51682
-Bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867986
-
-Index: ipsec-tools-0.8.2/src/racoon/isakmp_frag.c
-===================================================================
---- ipsec-tools-0.8.2.orig/src/racoon/isakmp_frag.c
-+++ ipsec-tools-0.8.2/src/racoon/isakmp_frag.c
-@@ -1,4 +1,4 @@
--/* $NetBSD: isakmp_frag.c,v 1.5 2009/04/22 11:24:20 tteras Exp $ */
-+/* $NetBSD: isakmp_frag.c,v 1.5.36.1 2017/04/21 16:50:42 bouyer Exp $ */
-
- /* Id: isakmp_frag.c,v 1.4 2004/11/13 17:31:36 manubsd Exp */
-
-@@ -173,6 +173,43 @@ vendorid_frag_cap(gen)
- return ntohl(hp[MD5_DIGEST_LENGTH / sizeof(*hp)]);
- }
-
-+static int
-+isakmp_frag_insert(struct ph1handle *iph1, struct isakmp_frag_item *item)
-+{
-+ struct isakmp_frag_item *pitem = NULL;
-+ struct isakmp_frag_item *citem = iph1->frag_chain;
-+
-+ /* no frag yet, just insert at beginning of list */
-+ if (iph1->frag_chain == NULL) {
-+ iph1->frag_chain = item;
-+ return 0;
-+ }
-+
-+ do {
-+ /* duplicate fragment number, abort (CVE-2016-10396) */
-+ if (citem->frag_num == item->frag_num)
-+ return -1;
-+
-+ /* need to insert before current item */
-+ if (citem->frag_num > item->frag_num) {
-+ if (pitem != NULL)
-+ pitem->frag_next = item;
-+ else
-+ /* insert at the beginning of the list */
-+ iph1->frag_chain = item;
-+ item->frag_next = citem;
-+ return 0;
-+ }
-+
-+ pitem = citem;
-+ citem = citem->frag_next;
-+ } while (citem != NULL);
-+
-+ /* we reached the end of the list, insert */
-+ pitem->frag_next = item;
-+ return 0;
-+}
-+
- int
- isakmp_frag_extract(iph1, msg)
- struct ph1handle *iph1;
-@@ -224,39 +261,43 @@ isakmp_frag_extract(iph1, msg)
- item->frag_next = NULL;
- item->frag_packet = buf;
-
-- /* Look for the last frag while inserting the new item in the chain */
-- if (item->frag_last)
-- last_frag = item->frag_num;
-+ /* Check for the last frag before inserting the new item in the chain */
-+ if (item->frag_last) {
-+ /* if we have the last fragment, indices must match */
-+ if (iph1->frag_last_index != 0 &&
-+ item->frag_last != iph1->frag_last_index) {
-+ plog(LLV_ERROR, LOCATION, NULL,
-+ "Repeated last fragment index mismatch\n");
-+ racoon_free(item);
-+ vfree(buf);
-+ return -1;
-+ }
-
-- if (iph1->frag_chain == NULL) {
-- iph1->frag_chain = item;
-- } else {
-- struct isakmp_frag_item *current;
-+ last_frag = iph1->frag_last_index = item->frag_num;
-+ }
-
-- current = iph1->frag_chain;
-- while (current->frag_next) {
-- if (current->frag_last)
-- last_frag = item->frag_num;
-- current = current->frag_next;
-- }
-- current->frag_next = item;
-+ /* insert fragment into chain */
-+ if (isakmp_frag_insert(iph1, item) == -1) {
-+ plog(LLV_ERROR, LOCATION, NULL,
-+ "Repeated fragment index mismatch\n");
-+ racoon_free(item);
-+ vfree(buf);
-+ return -1;
- }
-
-- /* If we saw the last frag, check if the chain is complete */
-+ /* If we saw the last frag, check if the chain is complete
-+ * we have a sorted list now, so just walk through */
- if (last_frag != 0) {
-+ item = iph1->frag_chain;
- for (i = 1; i <= last_frag; i++) {
-- item = iph1->frag_chain;
-- do {
-- if (item->frag_num == i)
-- break;
-- item = item->frag_next;
-- } while (item != NULL);
--
-+ if (item->frag_num != i)
-+ break;
-+ item = item->frag_next;
- if (item == NULL) /* Not found */
- break;
- }
-
-- if (item != NULL) /* It is complete */
-+ if (i > last_frag) /* It is complete */
- return 1;
- }
-
-@@ -291,15 +332,9 @@ isakmp_frag_reassembly(iph1)
- }
- data = buf->v;
-
-+ item = iph1->frag_chain;
- for (i = 1; i <= frag_count; i++) {
-- item = iph1->frag_chain;
-- do {
-- if (item->frag_num == i)
-- break;
-- item = item->frag_next;
-- } while (item != NULL);
--
-- if (item == NULL) {
-+ if (item->frag_num != i) {
- plog(LLV_ERROR, LOCATION, NULL,
- "Missing fragment #%d\n", i);
- vfree(buf);
-@@ -308,6 +343,7 @@ isakmp_frag_reassembly(iph1)
- }
- memcpy(data, item->frag_packet->v, item->frag_packet->l);
- data += item->frag_packet->l;
-+ item = item->frag_next;
- }
-
- out:
-Index: ipsec-tools-0.8.2/src/racoon/isakmp_inf.c
-===================================================================
---- ipsec-tools-0.8.2.orig/src/racoon/isakmp_inf.c
-+++ ipsec-tools-0.8.2/src/racoon/isakmp_inf.c
-@@ -720,6 +720,7 @@ isakmp_info_send_nx(isakmp, remote, loca
- #endif
- #ifdef ENABLE_FRAG
- iph1->frag = 0;
-+ iph1->frag_last_index = 0;
- iph1->frag_chain = NULL;
- #endif
-
-Index: ipsec-tools-0.8.2/src/racoon/isakmp.c
-===================================================================
---- ipsec-tools-0.8.2.orig/src/racoon/isakmp.c
-+++ ipsec-tools-0.8.2/src/racoon/isakmp.c
-@@ -1071,6 +1071,7 @@ isakmp_ph1begin_i(rmconf, remote, local)
- iph1->frag = 1;
- else
- iph1->frag = 0;
-+ iph1->frag_last_index = 0;
- iph1->frag_chain = NULL;
- #endif
- iph1->approval = NULL;
-@@ -1175,6 +1176,7 @@ isakmp_ph1begin_r(msg, remote, local, et
- #endif
- #ifdef ENABLE_FRAG
- iph1->frag = 0;
-+ iph1->frag_last_index = 0;
- iph1->frag_chain = NULL;
- #endif
- iph1->approval = NULL;
-Index: ipsec-tools-0.8.2/src/racoon/handler.h
-===================================================================
---- ipsec-tools-0.8.2.orig/src/racoon/handler.h
-+++ ipsec-tools-0.8.2/src/racoon/handler.h
-@@ -1,4 +1,4 @@
--/* $NetBSD: handler.h,v 1.25 2010/11/17 10:40:41 tteras Exp $ */
-+/* $NetBSD: handler.h,v 1.26 2017/01/24 19:23:56 christos Exp $ */
-
- /* Id: handler.h,v 1.19 2006/02/25 08:25:12 manubsd Exp */
-
-@@ -141,6 +141,7 @@ struct ph1handle {
- #endif
- #ifdef ENABLE_FRAG
- int frag; /* IKE phase 1 fragmentation */
-+ int frag_last_index;
- struct isakmp_frag_item *frag_chain; /* Received fragments */
- #endif
-
+++ /dev/null
---- a/src/racoon/isakmp_xauth.c
-+++ b/src/racoon/isakmp_xauth.c
-@@ -376,6 +376,7 @@ xauth_reply(iph1, port, id, res)
- struct ph1handle *iph1;
- int port;
- int id;
-+ int res;
- {
- struct xauth_state *xst = &iph1->mode_cfg->xauth;
- char *usr = xst->authdata.generic.usr;
-
+++ /dev/null
-From 071fec7181255b9234add44865a435dfdefee520 Mon Sep 17 00:00:00 2001
-In-Reply-To: <20180528120513.560-1-cote2004-github@yahoo.com>
-References: <20180528120513.560-1-cote2004-github@yahoo.com>
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Wed, 30 May 2018 15:42:20 -0300
-Subject: [PATCH v2 1/1] ipsec-tools: add openssl 1.1 support
-To: equeiroz@troianet.com.br
-
-This patch updates the calls to openssl 1.1 API, and adds a
-compatibility layer so it compiles with (at least) openssl 1.0.2, I
-haven't tested it with lower versions, but all that's needed is to edit
-the openssl_compat.* files and add the missing functions there--they're
-usually trivial.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
----
- src/racoon/Makefile.am | 10 +--
- src/racoon/algorithm.c | 6 +-
- src/racoon/cfparse.y | 2 +-
- src/racoon/crypto_openssl.c | 197 +++++++++++++++++++++-------------------
- src/racoon/crypto_openssl.h | 2 +-
- src/racoon/eaytest.c | 7 +-
- src/racoon/ipsec_doi.c | 2 +-
- src/racoon/openssl_compat.c | 213 ++++++++++++++++++++++++++++++++++++++++++++
- src/racoon/openssl_compat.h | 45 ++++++++++
- src/racoon/plainrsa-gen.c | 41 +++++----
- src/racoon/prsa_par.y | 28 ++++--
- src/racoon/rsalist.c | 5 +-
- 12 files changed, 431 insertions(+), 127 deletions(-)
- create mode 100644 src/racoon/openssl_compat.c
- create mode 100644 src/racoon/openssl_compat.h
-
-diff --git a/src/racoon/Makefile.am b/src/racoon/Makefile.am
-index dbaded9..4c585f3 100644
---- a/src/racoon/Makefile.am
-+++ b/src/racoon/Makefile.am
-@@ -4,7 +4,7 @@ sbin_PROGRAMS = racoon racoonctl plainrsa-gen
- noinst_PROGRAMS = eaytest
- include_racoon_HEADERS = racoonctl.h var.h vmbuf.h misc.h gcmalloc.h admin.h \
- schedule.h sockmisc.h isakmp_var.h isakmp.h isakmp_xauth.h \
-- isakmp_cfg.h isakmp_unity.h ipsec_doi.h evt.h
-+ isakmp_cfg.h isakmp_unity.h ipsec_doi.h evt.h openssl_compat.h
- lib_LTLIBRARIES = libracoon.la
-
- adminsockdir=${localstatedir}/racoon
-@@ -32,7 +32,7 @@ racoon_SOURCES = \
- gssapi.c dnssec.c getcertsbyname.c privsep.c \
- pfkey.c admin.c evt.c ipsec_doi.c oakley.c grabmyaddr.c vendorid.c \
- policy.c localconf.c remoteconf.c crypto_openssl.c algorithm.c \
-- proposal.c sainfo.c strnames.c \
-+ openssl_compat.c proposal.c sainfo.c strnames.c \
- plog.c logger.c schedule.c str2val.c \
- safefile.c backupsa.c genlist.c rsalist.c \
- cftoken.l cfparse.y prsa_tok.l prsa_par.y
-@@ -51,12 +51,12 @@ libracoon_la_SOURCES = kmpstat.c vmbuf.c sockmisc.c misc.c
- libracoon_la_CFLAGS = -DNOUSE_PRIVSEP $(AM_CFLAGS)
-
- plainrsa_gen_SOURCES = plainrsa-gen.c plog.c \
-- crypto_openssl.c logger.c
-+ crypto_openssl.c logger.c openssl_compat.c
- EXTRA_plainrsa_gen_SOURCES = $(MISSING_ALGOS)
- plainrsa_gen_LDADD = $(CRYPTOBJS) vmbuf.o misc.o
- plainrsa_gen_DEPENDENCIES = $(CRYPTOBJS) vmbuf.o misc.o
-
--eaytest_SOURCES = eaytest.c plog.c logger.c
-+eaytest_SOURCES = eaytest.c plog.c logger.c openssl_compat.c
- EXTRA_eaytest_SOURCES = missing/crypto/sha2/sha2.c
- eaytest_LDADD = crypto_openssl_test.o vmbuf.o str2val.o misc_noplog.o \
- $(CRYPTOBJS)
-@@ -75,7 +75,7 @@ noinst_HEADERS = \
- debugrm.h isakmp.h misc.h sainfo.h \
- dhgroup.h isakmp_agg.h netdb_dnssec.h schedule.h \
- isakmp_cfg.h isakmp_xauth.h isakmp_unity.h isakmp_frag.h \
-- throttle.h privsep.h \
-+ throttle.h privsep.h openssl_compat.h \
- cfparse_proto.h cftoken_proto.h genlist.h rsalist.h \
- missing/crypto/sha2/sha2.h missing/crypto/rijndael/rijndael_local.h \
- missing/crypto/rijndael/rijndael-api-fst.h \
-diff --git a/src/racoon/algorithm.c b/src/racoon/algorithm.c
-index 3fd50f6..66c874b 100644
---- a/src/racoon/algorithm.c
-+++ b/src/racoon/algorithm.c
-@@ -128,7 +128,7 @@ static struct enc_algorithm oakley_encdef[] = {
- { "aes", algtype_aes, OAKLEY_ATTR_ENC_ALG_AES, 16,
- eay_aes_encrypt, eay_aes_decrypt,
- eay_aes_weakkey, eay_aes_keylen, },
--#ifdef HAVE_OPENSSL_CAMELLIA_H
-+#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA)
- { "camellia", algtype_camellia, OAKLEY_ATTR_ENC_ALG_CAMELLIA, 16,
- eay_camellia_encrypt, eay_camellia_decrypt,
- eay_camellia_weakkey, eay_camellia_keylen, },
-@@ -168,7 +168,7 @@ static struct enc_algorithm ipsec_encdef[] = {
- { "twofish", algtype_twofish, IPSECDOI_ESP_TWOFISH, 16,
- NULL, NULL,
- NULL, eay_twofish_keylen, },
--#ifdef HAVE_OPENSSL_IDEA_H
-+#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA)
- { "3idea", algtype_3idea, IPSECDOI_ESP_3IDEA, 8,
- NULL, NULL,
- NULL, NULL, },
-@@ -179,7 +179,7 @@ static struct enc_algorithm ipsec_encdef[] = {
- { "rc4", algtype_rc4, IPSECDOI_ESP_RC4, 8,
- NULL, NULL,
- NULL, NULL, },
--#ifdef HAVE_OPENSSL_CAMELLIA_H
-+#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA)
- { "camellia", algtype_camellia, IPSECDOI_ESP_CAMELLIA, 16,
- NULL, NULL,
- NULL, eay_camellia_keylen, },
-diff --git a/src/racoon/cfparse.y b/src/racoon/cfparse.y
-index 0d9bd67..8415752 100644
---- a/src/racoon/cfparse.y
-+++ b/src/racoon/cfparse.y
-@@ -2564,7 +2564,7 @@ set_isakmp_proposal(rmconf)
- plog(LLV_DEBUG2, LOCATION, NULL,
- "encklen=%d\n", s->encklen);
-
-- memset(types, 0, ARRAYLEN(types));
-+ memset(types, 0, sizeof types);
- types[algclass_isakmp_enc] = s->algclass[algclass_isakmp_enc];
- types[algclass_isakmp_hash] = s->algclass[algclass_isakmp_hash];
- types[algclass_isakmp_dh] = s->algclass[algclass_isakmp_dh];
-diff --git a/src/racoon/crypto_openssl.c b/src/racoon/crypto_openssl.c
-index 55b076a..8fb358f 100644
---- a/src/racoon/crypto_openssl.c
-+++ b/src/racoon/crypto_openssl.c
-@@ -90,6 +90,7 @@
- #endif
- #endif
- #include "plog.h"
-+#include "openssl_compat.h"
-
- #define USE_NEW_DES_API
-
-@@ -316,9 +317,12 @@ eay_cmp_asn1dn(n1, n2)
- i = idx+1;
- goto end;
- }
-- if ((ea->value->length == 1 && ea->value->data[0] == '*') ||
-- (eb->value->length == 1 && eb->value->data[0] == '*')) {
-- if (OBJ_cmp(ea->object,eb->object)) {
-+ ASN1_STRING *sa = X509_NAME_ENTRY_get_data(ea);
-+ ASN1_STRING *sb = X509_NAME_ENTRY_get_data(eb);
-+ if ((ASN1_STRING_length(sa) == 1 && ASN1_STRING_get0_data(sa)[0] == '*') ||
-+ (ASN1_STRING_length(sb) == 1 && ASN1_STRING_get0_data(sb)[0] == '*')) {
-+ if (OBJ_cmp(X509_NAME_ENTRY_get_object(ea),
-+ X509_NAME_ENTRY_get_object(eb))) {
- i = idx+1;
- goto end;
- }
-@@ -430,7 +434,7 @@ cb_check_cert_local(ok, ctx)
-
- if (!ok) {
- X509_NAME_oneline(
-- X509_get_subject_name(ctx->current_cert),
-+ X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)),
- buf,
- 256);
- /*
-@@ -438,7 +442,8 @@ cb_check_cert_local(ok, ctx)
- * ok if they are self signed. But we should still warn
- * the user.
- */
-- switch (ctx->error) {
-+ int ctx_error = X509_STORE_CTX_get_error(ctx);
-+ switch (ctx_error) {
- case X509_V_ERR_CERT_HAS_EXPIRED:
- case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
- case X509_V_ERR_INVALID_CA:
-@@ -453,9 +458,9 @@ cb_check_cert_local(ok, ctx)
- }
- plog(log_tag, LOCATION, NULL,
- "%s(%d) at depth:%d SubjectName:%s\n",
-- X509_verify_cert_error_string(ctx->error),
-- ctx->error,
-- ctx->error_depth,
-+ X509_verify_cert_error_string(ctx_error),
-+ ctx_error,
-+ X509_STORE_CTX_get_error_depth(ctx),
- buf);
- }
- ERR_clear_error();
-@@ -477,10 +482,11 @@ cb_check_cert_remote(ok, ctx)
-
- if (!ok) {
- X509_NAME_oneline(
-- X509_get_subject_name(ctx->current_cert),
-+ X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)),
- buf,
- 256);
-- switch (ctx->error) {
-+ int ctx_error=X509_STORE_CTX_get_error(ctx);
-+ switch (ctx_error) {
- case X509_V_ERR_UNABLE_TO_GET_CRL:
- ok = 1;
- log_tag = LLV_WARNING;
-@@ -490,9 +496,9 @@ cb_check_cert_remote(ok, ctx)
- }
- plog(log_tag, LOCATION, NULL,
- "%s(%d) at depth:%d SubjectName:%s\n",
-- X509_verify_cert_error_string(ctx->error),
-- ctx->error,
-- ctx->error_depth,
-+ X509_verify_cert_error_string(ctx_error),
-+ ctx_error,
-+ X509_STORE_CTX_get_error_depth(ctx),
- buf);
- }
- ERR_clear_error();
-@@ -516,14 +522,15 @@ eay_get_x509asn1subjectname(cert)
- if (x509 == NULL)
- goto error;
-
-+ X509_NAME *subject_name = X509_get_subject_name(x509);
- /* get the length of the name */
-- len = i2d_X509_NAME(x509->cert_info->subject, NULL);
-+ len = i2d_X509_NAME(subject_name, NULL);
- name = vmalloc(len);
- if (!name)
- goto error;
- /* get the name */
- bp = (unsigned char *) name->v;
-- len = i2d_X509_NAME(x509->cert_info->subject, &bp);
-+ len = i2d_X509_NAME(subject_name, &bp);
-
- X509_free(x509);
-
-@@ -661,15 +668,16 @@ eay_get_x509asn1issuername(cert)
- if (x509 == NULL)
- goto error;
-
-+ X509_NAME *issuer_name = X509_get_issuer_name(x509);
- /* get the length of the name */
-- len = i2d_X509_NAME(x509->cert_info->issuer, NULL);
-+ len = i2d_X509_NAME(issuer_name, NULL);
- name = vmalloc(len);
- if (name == NULL)
- goto error;
-
- /* get the name */
- bp = (unsigned char *) name->v;
-- len = i2d_X509_NAME(x509->cert_info->issuer, &bp);
-+ len = i2d_X509_NAME(issuer_name, &bp);
-
- X509_free(x509);
-
-@@ -850,7 +858,7 @@ eay_check_x509sign(source, sig, cert)
- return -1;
- }
-
-- res = eay_rsa_verify(source, sig, evp->pkey.rsa);
-+ res = eay_rsa_verify(source, sig, EVP_PKEY_get0_RSA(evp));
-
- EVP_PKEY_free(evp);
- X509_free(x509);
-@@ -992,7 +1000,7 @@ eay_get_x509sign(src, privkey)
- if (evp == NULL)
- return NULL;
-
-- sig = eay_rsa_sign(src, evp->pkey.rsa);
-+ sig = eay_rsa_sign(src, EVP_PKEY_get0_RSA(evp));
-
- EVP_PKEY_free(evp);
-
-@@ -1079,7 +1087,11 @@ eay_strerror()
- int line, flags;
- unsigned long es;
-
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ es = 0; /* even when allowed by OPENSSL_API_COMPAT, it is defined as 0 */
-+#else
- es = CRYPTO_thread_id();
-+#endif
-
- while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){
- n = snprintf(ebuf + len, sizeof(ebuf) - len,
-@@ -1100,7 +1112,7 @@ vchar_t *
- evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc)
- {
- vchar_t *res;
-- EVP_CIPHER_CTX ctx;
-+ EVP_CIPHER_CTX *ctx;
-
- if (!e)
- return NULL;
-@@ -1111,7 +1123,7 @@ evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc
- if ((res = vmalloc(data->l)) == NULL)
- return NULL;
-
-- EVP_CIPHER_CTX_init(&ctx);
-+ ctx = EVP_CIPHER_CTX_new();
-
- switch(EVP_CIPHER_nid(e)){
- case NID_bf_cbc:
-@@ -1125,54 +1137,41 @@ evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc
- /* XXX: can we do that also for algos with a fixed key size ?
- */
- /* init context without key/iv
-- */
-- if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc))
-- {
-- OpenSSL_BUG();
-- vfree(res);
-- return NULL;
-- }
-+ */
-+ if (!EVP_CipherInit(ctx, e, NULL, NULL, enc))
-+ goto out;
-
-- /* update key size
-- */
-- if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l))
-- {
-- OpenSSL_BUG();
-- vfree(res);
-- return NULL;
-- }
--
-- /* finalize context init with desired key size
-- */
-- if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v,
-+ /* update key size
-+ */
-+ if (!EVP_CIPHER_CTX_set_key_length(ctx, key->l))
-+ goto out;
-+
-+ /* finalize context init with desired key size
-+ */
-+ if (!EVP_CipherInit(ctx, NULL, (u_char *) key->v,
- (u_char *) iv->v, enc))
-- {
-- OpenSSL_BUG();
-- vfree(res);
-- return NULL;
-- }
-+ goto out;
- break;
- default:
-- if (!EVP_CipherInit(&ctx, e, (u_char *) key->v,
-- (u_char *) iv->v, enc)) {
-- OpenSSL_BUG();
-- vfree(res);
-- return NULL;
-- }
-+ if (!EVP_CipherInit(ctx, e, (u_char *) key->v,
-+ (u_char *) iv->v, enc))
-+ goto out;
- }
-
- /* disable openssl padding */
-- EVP_CIPHER_CTX_set_padding(&ctx, 0);
-+ EVP_CIPHER_CTX_set_padding(ctx, 0);
-
-- if (!EVP_Cipher(&ctx, (u_char *) res->v, (u_char *) data->v, data->l)) {
-- OpenSSL_BUG();
-- vfree(res);
-- return NULL;
-- }
-+ if (!EVP_Cipher(ctx, (u_char *) res->v, (u_char *) data->v, data->l))
-+ goto out;
-
-- EVP_CIPHER_CTX_cleanup(&ctx);
-+ EVP_CIPHER_CTX_free(ctx);
-
- return res;
-+out:
-+ EVP_CIPHER_CTX_free(ctx);
-+ OpenSSL_BUG();
-+ vfree(res);
-+ return NULL;
- }
-
- int
-@@ -1230,7 +1229,7 @@ eay_des_keylen(len)
- return evp_keylen(len, EVP_des_cbc());
- }
-
--#ifdef HAVE_OPENSSL_IDEA_H
-+#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA)
- /*
- * IDEA-CBC
- */
-@@ -1587,7 +1586,7 @@ eay_aes_keylen(len)
- return len;
- }
-
--#if defined(HAVE_OPENSSL_CAMELLIA_H)
-+#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA)
- /*
- * CAMELLIA-CBC
- */
-@@ -1680,9 +1679,9 @@ eay_hmac_init(key, md)
- vchar_t *key;
- const EVP_MD *md;
- {
-- HMAC_CTX *c = racoon_malloc(sizeof(*c));
-+ HMAC_CTX *c = HMAC_CTX_new();
-
-- HMAC_Init(c, key->v, key->l, md);
-+ HMAC_Init_ex(c, key->v, key->l, md, NULL);
-
- return (caddr_t)c;
- }
-@@ -1761,8 +1760,7 @@ eay_hmacsha2_512_final(c)
-
- HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
- res->l = l;
-- HMAC_cleanup((HMAC_CTX *)c);
-- (void)racoon_free(c);
-+ HMAC_CTX_free((HMAC_CTX *)c);
-
- if (SHA512_DIGEST_LENGTH != res->l) {
- plog(LLV_ERROR, LOCATION, NULL,
-@@ -1811,8 +1809,7 @@ eay_hmacsha2_384_final(c)
-
- HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
- res->l = l;
-- HMAC_cleanup((HMAC_CTX *)c);
-- (void)racoon_free(c);
-+ HMAC_CTX_free((HMAC_CTX *)c);
-
- if (SHA384_DIGEST_LENGTH != res->l) {
- plog(LLV_ERROR, LOCATION, NULL,
-@@ -1861,8 +1858,7 @@ eay_hmacsha2_256_final(c)
-
- HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
- res->l = l;
-- HMAC_cleanup((HMAC_CTX *)c);
-- (void)racoon_free(c);
-+ HMAC_CTX_free((HMAC_CTX *)c);
-
- if (SHA256_DIGEST_LENGTH != res->l) {
- plog(LLV_ERROR, LOCATION, NULL,
-@@ -1912,8 +1908,7 @@ eay_hmacsha1_final(c)
-
- HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
- res->l = l;
-- HMAC_cleanup((HMAC_CTX *)c);
-- (void)racoon_free(c);
-+ HMAC_CTX_free((HMAC_CTX *)c);
-
- if (SHA_DIGEST_LENGTH != res->l) {
- plog(LLV_ERROR, LOCATION, NULL,
-@@ -1962,8 +1957,7 @@ eay_hmacmd5_final(c)
-
- HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
- res->l = l;
-- HMAC_cleanup((HMAC_CTX *)c);
-- (void)racoon_free(c);
-+ HMAC_CTX_free((HMAC_CTX *)c);
-
- if (MD5_DIGEST_LENGTH != res->l) {
- plog(LLV_ERROR, LOCATION, NULL,
-@@ -2266,6 +2260,7 @@ eay_dh_generate(prime, g, publen, pub, priv)
- u_int32_t g;
- {
- BIGNUM *p = NULL;
-+ BIGNUM *BNg = NULL;
- DH *dh = NULL;
- int error = -1;
-
-@@ -2276,25 +2271,28 @@ eay_dh_generate(prime, g, publen, pub, priv)
-
- if ((dh = DH_new()) == NULL)
- goto end;
-- dh->p = p;
-- p = NULL; /* p is now part of dh structure */
-- dh->g = NULL;
-- if ((dh->g = BN_new()) == NULL)
-+ if ((BNg = BN_new()) == NULL)
- goto end;
-- if (!BN_set_word(dh->g, g))
-+ if (!BN_set_word(BNg, g))
- goto end;
-+ if (! DH_set0_pqg(dh, p, NULL, BNg))
-+ goto end;
-+ BNg = NULL;
-+ p = NULL; /* p is now part of dh structure */
-
- if (publen != 0)
-- dh->length = publen;
-+ DH_set_length(dh, publen);
-
- /* generate public and private number */
- if (!DH_generate_key(dh))
- goto end;
-
- /* copy results to buffers */
-- if (eay_bn2v(pub, dh->pub_key) < 0)
-+ BIGNUM *pub_key, *priv_key;
-+ DH_get0_key(dh, (const BIGNUM**) &pub_key, (const BIGNUM**) &priv_key);
-+ if (eay_bn2v(pub, pub_key) < 0)
- goto end;
-- if (eay_bn2v(priv, dh->priv_key) < 0) {
-+ if (eay_bn2v(priv, priv_key) < 0) {
- vfree(*pub);
- goto end;
- }
-@@ -2306,6 +2304,8 @@ end:
- DH_free(dh);
- if (p != 0)
- BN_free(p);
-+ if (BNg != 0)
-+ BN_free(BNg);
- return(error);
- }
-
-@@ -2319,6 +2319,10 @@ eay_dh_compute(prime, g, pub, priv, pub2, key)
- int l;
- unsigned char *v = NULL;
- int error = -1;
-+ BIGNUM *p = BN_new();
-+ BIGNUM *BNg = BN_new();
-+ BIGNUM *pub_key = BN_new();
-+ BIGNUM *priv_key = BN_new();
-
- /* make public number to compute */
- if (eay_v2bn(&dh_pub, pub2) < 0)
-@@ -2327,19 +2331,21 @@ eay_dh_compute(prime, g, pub, priv, pub2, key)
- /* make DH structure */
- if ((dh = DH_new()) == NULL)
- goto end;
-- if (eay_v2bn(&dh->p, prime) < 0)
-+ if (p == NULL || BNg == NULL || pub_key == NULL || priv_key == NULL)
- goto end;
-- if (eay_v2bn(&dh->pub_key, pub) < 0)
-+
-+ if (eay_v2bn(&p, prime) < 0)
- goto end;
-- if (eay_v2bn(&dh->priv_key, priv) < 0)
-+ if (eay_v2bn(&pub_key, pub) < 0)
- goto end;
-- dh->length = pub2->l * 8;
--
-- dh->g = NULL;
-- if ((dh->g = BN_new()) == NULL)
-+ if (eay_v2bn(&priv_key, priv) < 0)
- goto end;
-- if (!BN_set_word(dh->g, g))
-+ if (!BN_set_word(BNg, g))
- goto end;
-+ DH_set0_key(dh, pub_key, priv_key);
-+ DH_set_length(dh, pub2->l * 8);
-+ DH_set0_pqg(dh, p, NULL, BNg);
-+ pub_key = priv_key = p = BNg = NULL;
-
- if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL)
- goto end;
-@@ -2350,6 +2356,14 @@ eay_dh_compute(prime, g, pub, priv, pub2, key)
- error = 0;
-
- end:
-+ if (p != NULL)
-+ BN_free(p);
-+ if (BNg != NULL)
-+ BN_free(BNg);
-+ if (pub_key != NULL)
-+ BN_free(pub_key);
-+ if (priv_key != NULL)
-+ BN_free(priv_key);
- if (dh_pub != NULL)
- BN_free(dh_pub);
- if (dh != NULL)
-@@ -2400,12 +2414,14 @@ eay_bn2v(var, bn)
- void
- eay_init()
- {
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- OpenSSL_add_all_algorithms();
- ERR_load_crypto_strings();
- #ifdef HAVE_OPENSSL_ENGINE_H
- ENGINE_load_builtin_engines();
- ENGINE_register_all_complete();
- #endif
-+#endif
- }
-
- vchar_t *
-@@ -2504,8 +2520,7 @@ binbuf_pubkey2rsa(vchar_t *binbuf)
- goto out;
- }
-
-- rsa_pub->n = mod;
-- rsa_pub->e = exp;
-+ RSA_set0_key(rsa_pub, mod, exp, NULL);
-
- out:
- return rsa_pub;
-@@ -2582,5 +2597,5 @@ eay_random()
- const char *
- eay_version()
- {
-- return SSLeay_version(SSLEAY_VERSION);
-+ return OpenSSL_version(OPENSSL_VERSION);
- }
-diff --git a/src/racoon/crypto_openssl.h b/src/racoon/crypto_openssl.h
-index 66fac73..ee5b765 100644
---- a/src/racoon/crypto_openssl.h
-+++ b/src/racoon/crypto_openssl.h
-@@ -124,7 +124,7 @@ extern vchar_t *eay_aes_decrypt __P((vchar_t *, vchar_t *, vchar_t *));
- extern int eay_aes_weakkey __P((vchar_t *));
- extern int eay_aes_keylen __P((int));
-
--#if defined(HAVE_OPENSSL_CAMELLIA_H)
-+#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA)
- /* Camellia */
- extern vchar_t *eay_camellia_encrypt __P((vchar_t *, vchar_t *, vchar_t *));
- extern vchar_t *eay_camellia_decrypt __P((vchar_t *, vchar_t *, vchar_t *));
-diff --git a/src/racoon/eaytest.c b/src/racoon/eaytest.c
-index 1474bdc..ae09db3 100644
---- a/src/racoon/eaytest.c
-+++ b/src/racoon/eaytest.c
-@@ -62,6 +62,7 @@
- #include "dhgroup.h"
- #include "crypto_openssl.h"
- #include "gnuc.h"
-+#include "openssl_compat.h"
-
- #include "package_version.h"
-
-@@ -103,7 +104,7 @@ rsa_verify_with_pubkey(src, sig, pubkey_txt)
- printf ("PEM_read_PUBKEY(): %s\n", eay_strerror());
- return -1;
- }
-- error = eay_check_rsasign(src, sig, evp->pkey.rsa);
-+ error = eay_check_rsasign(src, sig, EVP_PKEY_get0_RSA(evp));
-
- return error;
- }
-@@ -698,7 +699,7 @@ ciphertest(ac, av)
- eay_cast_encrypt, eay_cast_decrypt) < 0)
- return -1;
-
--#ifdef HAVE_OPENSSL_IDEA_H
-+#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA)
- if (ciphertest_1 ("IDEA",
- &data, 8,
- &key, key.l,
-@@ -715,7 +716,7 @@ ciphertest(ac, av)
- eay_rc5_encrypt, eay_rc5_decrypt) < 0)
- return -1;
- #endif
--#if defined(HAVE_OPENSSL_CAMELLIA_H)
-+#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA)
- if (ciphertest_1 ("CAMELLIA",
- &data, 16,
- &key, key.l,
-diff --git a/src/racoon/ipsec_doi.c b/src/racoon/ipsec_doi.c
-index 84a4c71..b52469f 100644
---- a/src/racoon/ipsec_doi.c
-+++ b/src/racoon/ipsec_doi.c
-@@ -715,7 +715,7 @@ out:
- /* key length must not be specified on some algorithms */
- if (keylen) {
- if (sa->enctype == OAKLEY_ATTR_ENC_ALG_DES
--#ifdef HAVE_OPENSSL_IDEA_H
-+#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA)
- || sa->enctype == OAKLEY_ATTR_ENC_ALG_IDEA
- #endif
- || sa->enctype == OAKLEY_ATTR_ENC_ALG_3DES) {
-diff --git a/src/racoon/openssl_compat.c b/src/racoon/openssl_compat.c
-new file mode 100644
-index 0000000..864b5fb
---- /dev/null
-+++ b/src/racoon/openssl_compat.c
-@@ -0,0 +1,213 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#include "openssl_compat.h"
-+
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+
-+#include <string.h>
-+
-+static void *OPENSSL_zalloc(size_t num)
-+{
-+ void *ret = OPENSSL_malloc(num);
-+
-+ if (ret != NULL)
-+ memset(ret, 0, num);
-+ return ret;
-+}
-+
-+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
-+{
-+ /* If the fields n and e in r are NULL, the corresponding input
-+ * parameters MUST be non-NULL for n and e. d may be
-+ * left NULL (in case only the public key is used).
-+ */
-+ if ((r->n == NULL && n == NULL)
-+ || (r->e == NULL && e == NULL))
-+ return 0;
-+
-+ if (n != NULL) {
-+ BN_free(r->n);
-+ r->n = n;
-+ }
-+ if (e != NULL) {
-+ BN_free(r->e);
-+ r->e = e;
-+ }
-+ if (d != NULL) {
-+ BN_free(r->d);
-+ r->d = d;
-+ }
-+
-+ return 1;
-+}
-+
-+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
-+{
-+ /* If the fields p and q in r are NULL, the corresponding input
-+ * parameters MUST be non-NULL.
-+ */
-+ if ((r->p == NULL && p == NULL)
-+ || (r->q == NULL && q == NULL))
-+ return 0;
-+
-+ if (p != NULL) {
-+ BN_free(r->p);
-+ r->p = p;
-+ }
-+ if (q != NULL) {
-+ BN_free(r->q);
-+ r->q = q;
-+ }
-+
-+ return 1;
-+}
-+
-+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
-+{
-+ /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
-+ * parameters MUST be non-NULL.
-+ */
-+ if ((r->dmp1 == NULL && dmp1 == NULL)
-+ || (r->dmq1 == NULL && dmq1 == NULL)
-+ || (r->iqmp == NULL && iqmp == NULL))
-+ return 0;
-+
-+ if (dmp1 != NULL) {
-+ BN_free(r->dmp1);
-+ r->dmp1 = dmp1;
-+ }
-+ if (dmq1 != NULL) {
-+ BN_free(r->dmq1);
-+ r->dmq1 = dmq1;
-+ }
-+ if (iqmp != NULL) {
-+ BN_free(r->iqmp);
-+ r->iqmp = iqmp;
-+ }
-+
-+ return 1;
-+}
-+
-+void RSA_get0_key(const RSA *r,
-+ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
-+{
-+ if (n != NULL)
-+ *n = r->n;
-+ if (e != NULL)
-+ *e = r->e;
-+ if (d != NULL)
-+ *d = r->d;
-+}
-+
-+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
-+{
-+ if (p != NULL)
-+ *p = r->p;
-+ if (q != NULL)
-+ *q = r->q;
-+}
-+
-+void RSA_get0_crt_params(const RSA *r,
-+ const BIGNUM **dmp1, const BIGNUM **dmq1,
-+ const BIGNUM **iqmp)
-+{
-+ if (dmp1 != NULL)
-+ *dmp1 = r->dmp1;
-+ if (dmq1 != NULL)
-+ *dmq1 = r->dmq1;
-+ if (iqmp != NULL)
-+ *iqmp = r->iqmp;
-+}
-+
-+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
-+{
-+ /* If the fields p and g in d are NULL, the corresponding input
-+ * parameters MUST be non-NULL. q may remain NULL.
-+ */
-+ if ((dh->p == NULL && p == NULL)
-+ || (dh->g == NULL && g == NULL))
-+ return 0;
-+
-+ if (p != NULL) {
-+ BN_free(dh->p);
-+ dh->p = p;
-+ }
-+ if (q != NULL) {
-+ BN_free(dh->q);
-+ dh->q = q;
-+ }
-+ if (g != NULL) {
-+ BN_free(dh->g);
-+ dh->g = g;
-+ }
-+
-+ if (q != NULL) {
-+ dh->length = BN_num_bits(q);
-+ }
-+
-+ return 1;
-+}
-+
-+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
-+{
-+ if (pub_key != NULL)
-+ *pub_key = dh->pub_key;
-+ if (priv_key != NULL)
-+ *priv_key = dh->priv_key;
-+}
-+
-+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
-+{
-+ /* If the field pub_key in dh is NULL, the corresponding input
-+ * parameters MUST be non-NULL. The priv_key field may
-+ * be left NULL.
-+ */
-+ if (dh->pub_key == NULL && pub_key == NULL)
-+ return 0;
-+
-+ if (pub_key != NULL) {
-+ BN_free(dh->pub_key);
-+ dh->pub_key = pub_key;
-+ }
-+ if (priv_key != NULL) {
-+ BN_free(dh->priv_key);
-+ dh->priv_key = priv_key;
-+ }
-+
-+ return 1;
-+}
-+
-+int DH_set_length(DH *dh, long length)
-+{
-+ dh->length = length;
-+ return 1;
-+}
-+
-+HMAC_CTX *HMAC_CTX_new(void)
-+{
-+ return OPENSSL_zalloc(sizeof(HMAC_CTX));
-+}
-+
-+void HMAC_CTX_free(HMAC_CTX *ctx)
-+{
-+ HMAC_CTX_cleanup(ctx);
-+ OPENSSL_free(ctx);
-+}
-+
-+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
-+{
-+ if (pkey->type != EVP_PKEY_RSA) {
-+ return NULL;
-+ }
-+ return pkey->pkey.rsa;
-+}
-+
-+
-+#endif /* OPENSSL_VERSION_NUMBER */
-diff --git a/src/racoon/openssl_compat.h b/src/racoon/openssl_compat.h
-new file mode 100644
-index 0000000..9e152c2
---- /dev/null
-+++ b/src/racoon/openssl_compat.h
-@@ -0,0 +1,45 @@
-+#ifndef OPENSSL_COMPAT_H
-+#define OPENSSL_COMPAT_H
-+
-+#include <openssl/opensslv.h>
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+
-+#include <openssl/rsa.h>
-+#include <openssl/dh.h>
-+#include <openssl/evp.h>
-+#include <openssl/hmac.h>
-+
-+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
-+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
-+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
-+void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
-+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
-+void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp);
-+
-+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
-+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
-+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
-+int DH_set_length(DH *dh, long length);
-+
-+HMAC_CTX *HMAC_CTX_new(void);
-+void HMAC_CTX_free(HMAC_CTX* ctx);
-+
-+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
-+
-+#define ASN1_STRING_length(s) s->length
-+#define ASN1_STRING_get0_data(s) s->data
-+
-+#define X509_get_subject_name(x) x->cert_info->subject
-+#define X509_get_issuer_name(x) x->cert_info->issuer
-+#define X509_NAME_ENTRY_get_data(n) n->value
-+#define X509_NAME_ENTRY_get_object(n) n->object
-+#define X509_STORE_CTX_get_current_cert(ctx) ctx->current_cert
-+#define X509_STORE_CTX_get_error(ctx) ctx->error
-+#define X509_STORE_CTX_get_error_depth(ctx) ctx->error_depth
-+
-+#define OPENSSL_VERSION SSLEAY_VERSION
-+#define OpenSSL_version SSLeay_version
-+
-+#endif /* OPENSSL_VERSION_NUMBER */
-+
-+#endif /* OPENSSL_COMPAT_H */
-diff --git a/src/racoon/plainrsa-gen.c b/src/racoon/plainrsa-gen.c
-index cad1861..b949b08 100644
---- a/src/racoon/plainrsa-gen.c
-+++ b/src/racoon/plainrsa-gen.c
-@@ -60,6 +60,7 @@
- #include "vmbuf.h"
- #include "plog.h"
- #include "crypto_openssl.h"
-+#include "openssl_compat.h"
-
- #include "package_version.h"
-
-@@ -90,12 +91,14 @@ mix_b64_pubkey(const RSA *key)
- char *binbuf;
- long binlen, ret;
- vchar_t *res;
--
-- binlen = 1 + BN_num_bytes(key->e) + BN_num_bytes(key->n);
-+ const BIGNUM *e, *n;
-+
-+ RSA_get0_key(key, &n, &e, NULL);
-+ binlen = 1 + BN_num_bytes(e) + BN_num_bytes(n);
- binbuf = malloc(binlen);
- memset(binbuf, 0, binlen);
-- binbuf[0] = BN_bn2bin(key->e, (unsigned char *) &binbuf[1]);
-- ret = BN_bn2bin(key->n, (unsigned char *) (&binbuf[binbuf[0] + 1]));
-+ binbuf[0] = BN_bn2bin(e, (unsigned char *) &binbuf[1]);
-+ ret = BN_bn2bin(n, (unsigned char *) (&binbuf[binbuf[0] + 1]));
- if (1 + binbuf[0] + ret != binlen) {
- plog(LLV_ERROR, LOCATION, NULL,
- "Pubkey generation failed. This is really strange...\n");
-@@ -131,16 +134,20 @@ print_rsa_key(FILE *fp, const RSA *key)
-
- fprintf(fp, "# : PUB 0s%s\n", pubkey64->v);
- fprintf(fp, ": RSA\t{\n");
-- fprintf(fp, "\t# RSA %d bits\n", BN_num_bits(key->n));
-+ const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp;
-+ RSA_get0_key(key, &n, &e, &d);
-+ RSA_get0_factors(key, &p, &q);
-+ RSA_get0_crt_params(key, &dmp1, &dmq1, &iqmp);
-+ fprintf(fp, "\t# RSA %d bits\n", BN_num_bits(n));
- fprintf(fp, "\t# pubkey=0s%s\n", pubkey64->v);
-- fprintf(fp, "\tModulus: 0x%s\n", lowercase(BN_bn2hex(key->n)));
-- fprintf(fp, "\tPublicExponent: 0x%s\n", lowercase(BN_bn2hex(key->e)));
-- fprintf(fp, "\tPrivateExponent: 0x%s\n", lowercase(BN_bn2hex(key->d)));
-- fprintf(fp, "\tPrime1: 0x%s\n", lowercase(BN_bn2hex(key->p)));
-- fprintf(fp, "\tPrime2: 0x%s\n", lowercase(BN_bn2hex(key->q)));
-- fprintf(fp, "\tExponent1: 0x%s\n", lowercase(BN_bn2hex(key->dmp1)));
-- fprintf(fp, "\tExponent2: 0x%s\n", lowercase(BN_bn2hex(key->dmq1)));
-- fprintf(fp, "\tCoefficient: 0x%s\n", lowercase(BN_bn2hex(key->iqmp)));
-+ fprintf(fp, "\tModulus: 0x%s\n", lowercase(BN_bn2hex(n)));
-+ fprintf(fp, "\tPublicExponent: 0x%s\n", lowercase(BN_bn2hex(e)));
-+ fprintf(fp, "\tPrivateExponent: 0x%s\n", lowercase(BN_bn2hex(d)));
-+ fprintf(fp, "\tPrime1: 0x%s\n", lowercase(BN_bn2hex(p)));
-+ fprintf(fp, "\tPrime2: 0x%s\n", lowercase(BN_bn2hex(q)));
-+ fprintf(fp, "\tExponent1: 0x%s\n", lowercase(BN_bn2hex(dmp1)));
-+ fprintf(fp, "\tExponent2: 0x%s\n", lowercase(BN_bn2hex(dmq1)));
-+ fprintf(fp, "\tCoefficient: 0x%s\n", lowercase(BN_bn2hex(iqmp)));
- fprintf(fp, " }\n");
-
- vfree(pubkey64);
-@@ -203,11 +210,13 @@ int
- gen_rsa_key(FILE *fp, size_t bits, unsigned long exp)
- {
- int ret;
-- RSA *key;
-+ RSA *key = RSA_new();
-+ BIGNUM *e = BN_new();
-
-- key = RSA_generate_key(bits, exp, NULL, NULL);
-- if (!key) {
-+ BN_set_word(e, exp);
-+ if (! RSA_generate_key_ex(key, bits, e, NULL)) {
- fprintf(stderr, "RSA_generate_key(): %s\n", eay_strerror());
-+ RSA_free(key);
- return -1;
- }
-
-diff --git a/src/racoon/prsa_par.y b/src/racoon/prsa_par.y
-index 1987e4d..27ce4c6 100644
---- a/src/racoon/prsa_par.y
-+++ b/src/racoon/prsa_par.y
-@@ -68,6 +68,7 @@
- #include "isakmp_var.h"
- #include "handler.h"
- #include "crypto_openssl.h"
-+#include "openssl_compat.h"
- #include "sockmisc.h"
- #include "rsalist.h"
-
-@@ -85,7 +86,18 @@ char *prsa_cur_fname = NULL;
- struct genlist *prsa_cur_list = NULL;
- enum rsa_key_type prsa_cur_type = RSA_TYPE_ANY;
-
--static RSA *rsa_cur;
-+struct my_rsa_st {
-+ BIGNUM *n;
-+ BIGNUM *e;
-+ BIGNUM *d;
-+ BIGNUM *p;
-+ BIGNUM *q;
-+ BIGNUM *dmp1;
-+ BIGNUM *dmq1;
-+ BIGNUM *iqmp;
-+};
-+
-+static struct my_rsa_st *rsa_cur;
-
- void
- prsaerror(const char *s, ...)
-@@ -201,8 +213,12 @@ rsa_statement:
- rsa_cur->iqmp = NULL;
- }
- }
-- $$ = rsa_cur;
-- rsa_cur = RSA_new();
-+ RSA * rsa_tmp = RSA_new();
-+ RSA_set0_key(rsa_tmp, rsa_cur->n, rsa_cur->e, rsa_cur->d);
-+ RSA_set0_factors(rsa_tmp, rsa_cur->p, rsa_cur->q);
-+ RSA_set0_crt_params(rsa_tmp, rsa_cur->dmp1, rsa_cur->dmq1, rsa_cur->iqmp);
-+ $$ = rsa_tmp;
-+ memset(rsa_cur, 0, sizeof(struct my_rsa_st));
- }
- | TAG_PUB BASE64
- {
-@@ -351,10 +367,12 @@ prsa_parse_file(struct genlist *list, char *fname, enum rsa_key_type type)
- prsa_cur_fname = fname;
- prsa_cur_list = list;
- prsa_cur_type = type;
-- rsa_cur = RSA_new();
-+ rsa_cur = malloc(sizeof(struct my_rsa_st));
-+ memset(rsa_cur, 0, sizeof(struct my_rsa_st));
- ret = prsaparse();
- if (rsa_cur) {
-- RSA_free(rsa_cur);
-+ memset(rsa_cur, 0, sizeof(struct my_rsa_st));
-+ free(rsa_cur);
- rsa_cur = NULL;
- }
- fclose (fp);
-diff --git a/src/racoon/rsalist.c b/src/racoon/rsalist.c
-index f152c82..96e8363 100644
---- a/src/racoon/rsalist.c
-+++ b/src/racoon/rsalist.c
-@@ -52,6 +52,7 @@
- #include "genlist.h"
- #include "remoteconf.h"
- #include "crypto_openssl.h"
-+#include "openssl_compat.h"
-
- #ifndef LIST_FIRST
- #define LIST_FIRST(head) ((head)->lh_first)
-@@ -98,7 +99,9 @@ rsa_key_dup(struct rsa_key *key)
- return NULL;
-
- if (key->rsa) {
-- new->rsa = key->rsa->d != NULL ? RSAPrivateKey_dup(key->rsa) : RSAPublicKey_dup(key->rsa);
-+ const BIGNUM *d;
-+ RSA_get0_key(key->rsa, NULL, NULL, &d);
-+ new->rsa = (d != NULL ? RSAPrivateKey_dup(key->rsa) : RSAPublicKey_dup(key->rsa));
- if (new->rsa == NULL)
- goto dup_error;
- }
---
-2.16.1
-
+++ /dev/null
---- a/src/racoon/crypto_openssl.c
-+++ b/src/racoon/crypto_openssl.c
-@@ -1087,7 +1087,7 @@ eay_strerror()
- int line, flags;
- unsigned long es;
-
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
- es = 0; /* even when allowed by OPENSSL_API_COMPAT, it is defined as 0 */
- #else
- es = CRYPTO_thread_id();
---- a/src/racoon/openssl_compat.h
-+++ b/src/racoon/openssl_compat.h
-@@ -5,6 +5,7 @@
- #if OPENSSL_VERSION_NUMBER < 0x10100000L
-
- #include <openssl/rsa.h>
-+#include <openssl/bn.h>
- #include <openssl/dh.h>
- #include <openssl/evp.h>
- #include <openssl/hmac.h>
include $(TOPDIR)/rules.mk
PKG_NAME:=nginx
-PKG_VERSION:=1.16.0
+PKG_VERSION:=1.16.1
PKG_RELEASE:=1
PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://nginx.org/download/
-PKG_HASH:=4fd376bad78797e7f18094a00f0f1088259326436b537eb5af69b01be2ca1345
+PKG_HASH:=f11c2a6dd1d3515736f0324857957db2de98be862461b5a542a3ac6188dbe32b
PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de> \
Ansuel Smith <ansuelsmth@gmail.com>
+++ /dev/null
-#
-# Copyright (C) 2009-2015 OpenWrt.org
-# Copyright (C) 2009 Jakob Pfeiffer
-# Copyright (C) 2014 Artem Makhutov
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=opennhrp
-PKG_VERSION:=0.14.1
-PKG_RELEASE:=2
-PKG_MAINTAINER:=Artem Makhutov <artem@makhutov.org>
-PKG_LICENSE:=MIT License
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_SOURCE_URL:=@SF/opennhrp
-PKG_HASH:=1517d53d688ffc165a1da20c344d96b4c53e60f34bd73c64e60cb67cfca4e9ab
-
-PKG_FIXUP:=autoreconf
-PKG_BUILD_PARALLEL:=1
-PKG_INSTALL:=1
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/opennhrp
- SECTION:=net
- CATEGORY:=Network
- SUBMENU:=VPN
- DEPENDS:=+libcares +ipsec-tools +ip +kmod-gre
- KCONFIG:=CONFIG_ARPD=y
- TITLE:=NBMA Next Hop Resolution Protocol
- URL:=http://opennhrp.sourceforge.net/
-endef
-
-define Package/opennhrp/description
- OpenNHRP implements NBMA Next Hop Resolution Protocol (as defined in RFC 2332).
- It makes it possible to create dynamic multipoint VPN Linux router using NHRP,
- GRE and IPsec. It aims to be Cisco DMVPN compatible.
-endef
-
-define Package/opennhrp/conffiles
-/etc/opennhrp/opennhrp.conf
-endef
-
-define Package/opennhrp/install
- $(INSTALL_DIR) $(1)/usr/sbin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/opennhrp{,ctl} $(1)/usr/sbin/
- $(INSTALL_DIR) $(1)/etc/opennhrp
- $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/opennhrp/opennhrp.conf $(1)/etc/opennhrp/
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/etc/opennhrp/opennhrp-script $(1)/etc/opennhrp/
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/etc/opennhrp/racoon-ph1down.sh $(1)/etc/opennhrp/
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/etc/opennhrp/racoon-ph1dead.sh $(1)/etc/opennhrp/
- $(INSTALL_DIR) $(1)/etc/init.d
- $(INSTALL_BIN) ./files/opennhrp.init $(1)/etc/init.d/opennhrp
-endef
-
-$(eval $(call BuildPackage,opennhrp))
+++ /dev/null
-#!/bin/sh /etc/rc.common
-# Copyright (C) 2009-2011 OpenWrt.org
-# Copyright (C) 2009 Jakob Pfeiffer
-
-START=50
-
-SERVICE_USE_PID=1
-
-start() {
- service_start /usr/sbin/opennhrp -d
-}
-
-stop() {
- service_stop /usr/sbin/opennhrp
-}
+++ /dev/null
---- a/nhrp/opennhrp.c
-+++ b/nhrp/opennhrp.c
-@@ -9,6 +9,7 @@
- #include <ctype.h>
- #include <stdio.h>
- #include <errno.h>
-+#include <fcntl.h>
- #include <malloc.h>
- #include <stddef.h>
- #include <string.h>
---- a/nhrp/nhrp_common.h
-+++ b/nhrp/nhrp_common.h
-@@ -12,6 +12,7 @@
- #include <stdint.h>
- #include <stdlib.h>
- #include <sys/time.h>
-+#include <sys/types.h>
- #include <linux/if_ether.h>
-
- struct nhrp_interface;
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/nccgroup/phantap
-PKG_MIRROR_HASH:=0751687e35c8f4a56e2cbeae7b16a5d9b8f8ec4c58e315ee8675064f5ae2d899
-PKG_SOURCE_DATE:=2019.08.25
-PKG_SOURCE_VERSION:=2ccec016b1a30338fe5764424e1e16534239abb9
+PKG_MIRROR_HASH:=bee0ed1ab620c740764009722d1281778371c48a85697d1189498a269b548fc5
+PKG_SOURCE_DATE:=2019.08.28
+PKG_SOURCE_VERSION:=758fba1b7d48080ad14a1dc0062b86667b298ecb
PKG_MAINTAINER:=Diana Dragusin <diana.dragusin@nccgroup.com>, \
Etienne Champetier <champetier.etienne@gmail.com>
PKG_NAME:=shorewall-core
PKG_MAJOR_MINOR_VERSION:=5.2
PKG_BUGFIX_MAJOR_VERSION:=3
-PKG_BUGFIX_MINOR_VERSION:=.3
+PKG_BUGFIX_MINOR_VERSION:=.4
PKG_VERSION:=$(PKG_MAJOR_MINOR_VERSION).$(PKG_BUGFIX_MAJOR_VERSION)$(PKG_BUGFIX_MINOR_VERSION)
PKG_DIRECTORY:=$(PKG_MAJOR_MINOR_VERSION).$(PKG_BUGFIX_MAJOR_VERSION)
PKG_RELEASE:=1
http://shorewall.de/pub/shorewall/$(PKG_MAJOR_MINOR_VERSION)/shorewall-$(PKG_DIRECTORY)/ \
http://www.shorewall.com.au/$(PKG_MAJOR_MINOR_VERSION)/shorewall-$(PKG_DIRECTORY)/
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_HASH:=e516c56b416181c325dfee68d0bbf38685f89ec0b6bc9c25c6c98ffabbf3e2bd
+PKG_HASH:=8fdc6e326d0c07df2a636634c510630e99f7a3ab70bb60fb735dd92a0d33d500
PKG_MAINTAINER:=Willem van den Akker <wvdakker@wilsoft.nl>
PKG_LICENSE:=GPL-2.0+
PKG_NAME:=shorewall-lite
PKG_MAJOR_MINOR_VERSION:=5.2
PKG_BUGFIX_MAJOR_VERSION:=3
-PKG_BUGFIX_MINOR_VERSION:=.3
+PKG_BUGFIX_MINOR_VERSION:=.4
PKG_VERSION:=$(PKG_MAJOR_MINOR_VERSION).$(PKG_BUGFIX_MAJOR_VERSION)$(PKG_BUGFIX_MINOR_VERSION)
PKG_DIRECTORY:=$(PKG_MAJOR_MINOR_VERSION).$(PKG_BUGFIX_MAJOR_VERSION)
PKG_RELEASE:=1
http://shorewall.de/pub/shorewall/$(PKG_MAJOR_MINOR_VERSION)/shorewall-$(PKG_DIRECTORY)/ \
http://www.shorewall.com.au/$(PKG_MAJOR_MINOR_VERSION)/shorewall-$(PKG_DIRECTORY)/
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_HASH:=3ac7affab434a7bc39d229aeadbefc845d5568d7402ad3546e0c1e429acc2de9
+PKG_HASH:=cf48465402eb5fee0886b7dfc4b0a78ec9c0850e8a2046874dee22154c6ee107
PKG_MAINTAINER:=Willem van den Akker <wvdakker@wilsoft.nl>
PKG_LICENSE:=GPL-2.0+
PKG_NAME:=shorewall
PKG_MAJOR_MINOR_VERSION:=5.2
PKG_BUGFIX_MAJOR_VERSION:=3
-PKG_BUGFIX_MINOR_VERSION:=.3
+PKG_BUGFIX_MINOR_VERSION:=.4
PKG_VERSION:=$(PKG_MAJOR_MINOR_VERSION).$(PKG_BUGFIX_MAJOR_VERSION)$(PKG_BUGFIX_MINOR_VERSION)
PKG_DIRECTORY:=$(PKG_MAJOR_MINOR_VERSION).$(PKG_BUGFIX_MAJOR_VERSION)
PKG_RELEASE:=1
http://shorewall.de/pub/shorewall/$(PKG_MAJOR_MINOR_VERSION)/shorewall-$(PKG_DIRECTORY)/ \
http://www.shorewall.com.au/$(PKG_MAJOR_MINOR_VERSION)/shorewall-$(PKG_DIRECTORY)/
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_HASH:=6bb832d557f9646b62af1b60db6d8b693756403ea5d23c10db96013dd40547cd
+PKG_HASH:=a6e1a1a6b20ea37695fe12d36233dacd461548ac67665664c8de3a99cf7aa23b
PKG_MAINTAINER:=Willem van den Akker <wvdakker@wilsoft.nl>
PKG_LICENSE:=GPL-2.0+
PKG_NAME:=shorewall6-lite
PKG_MAJOR_MINOR_VERSION:=5.2
PKG_BUGFIX_MAJOR_VERSION:=3
-PKG_BUGFIX_MINOR_VERSION:=.3
+PKG_BUGFIX_MINOR_VERSION:=.4
PKG_VERSION:=$(PKG_MAJOR_MINOR_VERSION).$(PKG_BUGFIX_MAJOR_VERSION)$(PKG_BUGFIX_MINOR_VERSION)
PKG_DIRECTORY:=$(PKG_MAJOR_MINOR_VERSION).$(PKG_BUGFIX_MAJOR_VERSION)
PKG_RELEASE:=1
http://shorewall.de/pub/shorewall/$(PKG_MAJOR_MINOR_VERSION)/shorewall-$(PKG_DIRECTORY)/ \
http://www.shorewall.com.au/$(PKG_MAJOR_MINOR_VERSION)/shorewall-$(PKG_DIRECTORY)/
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_HASH:=34c7ddb7f9901f7a74374f17cd1740a4059195a560401a461363e24c7e55b99f
+PKG_HASH:=af1a62397e8232bb4fb6c266a29df0063c339c94772d06a92e086a2e8f1ee70f
PKG_MAINTAINER:=Willem van den Akker <wvdakker@wilsoft.nl>
PKG_LICENSE:=GPL-2.0+
PKG_NAME:=shorewall6
PKG_MAJOR_MINOR_VERSION:=5.2
PKG_BUGFIX_MAJOR_VERSION:=3
-PKG_BUGFIX_MINOR_VERSION:=.3
+PKG_BUGFIX_MINOR_VERSION:=.4
PKG_VERSION:=$(PKG_MAJOR_MINOR_VERSION).$(PKG_BUGFIX_MAJOR_VERSION)$(PKG_BUGFIX_MINOR_VERSION)
PKG_DIRECTORY:=$(PKG_MAJOR_MINOR_VERSION).$(PKG_BUGFIX_MAJOR_VERSION)
PKG_RELEASE:=1
http://shorewall.de/pub/shorewall/$(PKG_MAJOR_MINOR_VERSION)/shorewall-$(PKG_DIRECTORY)/ \
http://www.shorewall.com.au/$(PKG_MAJOR_MINOR_VERSION)/shorewall-$(PKG_DIRECTORY)/
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_HASH:=f620107bd19f8df573ca249720506bcc5fa99db72f191ba04060f2a74c251a56
+PKG_HASH:=c1fc1244bd68710aecd504841965ac7fbbb05fa7fb1b857b1ad43659bd81877b
PKG_MAINTAINER:=Willem van den Akker <wvdakker@wilsoft.nl>
PKG_LICENSE:=GPL-2.0+
include $(TOPDIR)/rules.mk
PKG_NAME:=travelmate
-PKG_VERSION:=1.4.11
+PKG_VERSION:=1.4.12
PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0+
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
* fast uplink connections
* support all kinds of uplinks, incl. hidden and enterprise uplinks
* continuously checks the existing uplink connection (quality), e.g. for conditional uplink (dis-) connections
+* automatically add open uplinks to your wireless config, e.g. hotel captive portals
* captive portal detection with internet online check and a 'heartbeat' function to keep the uplink connection up & running
* captive portal auto-login hook (configured via uci/LuCI), you could reference an external script for captive portal auto-logins (see example below)
* proactively scan and switch to a higher prioritized uplink, despite of an already existing connection
* trm\_debug => enable/disable debug logging (bool/default: '0', disabled)
* trm\_captive => enable/disable the captive portal detection (bool/default: '1', enabled)
* trm\_proactive => enable/disable the proactive uplink switch (bool/default: '1', enabled)
+ * trm\_autoadd => automatically add open uplinks to your wireless config (bool/default: '0', disabled)
* trm\_minquality => minimum signal quality threshold as percent for conditional uplink (dis-) connections (int/default: '35', valid range: 20-80)
* trm\_maxwait => how long (in seconds) should travelmate wait for a successful wlan interface reload action (int/default: '30', valid range: 20-40)
* trm\_maxretry => how many times should travelmate try to connect to an uplink (int/default: '3', valid range: 1-10)
* trm\_triggerdelay => additional trigger delay in seconds before travelmate processing begins (int/default: '2')
## Captive Portal auto-logins
-For automated captive portal logins you could reference external shell scripts. All login scripts should be executable and located in '/etc/travelmate' with the extension '.login'. The provided 'wifionice.login' script example requires curl and automates the login to german ICE hotspots, it also explains the principle approach to extract runtime data like security tokens for a succesful login. Hopefully more scripts for different captive portals will be provided by the community ...
+For automated captive portal logins you could reference external shell scripts. All login scripts should be executable and located in '/etc/travelmate' with the extension '.login'. The provided 'wifionice.login' script example requires curl and automates the login to german ICE hotspots, it also explains the principle approach to extract runtime data like security tokens for a successful login. Hopefully more scripts for different captive portals will be provided by the community ...
-A typical/succesful captive portal login looks like this:
+A typical/successful captive portal login looks like this:
<pre><code>
[...]
Mon Aug 5 10:15:48 2019 user.info travelmate-1.4.10[1481]: travelmate instance started ::: action: start, pid: 1481
option trm_captive '1'
option trm_proactive '1'
option trm_netcheck '0'
+ option trm_autoadd '0'
option trm_iface 'trm_wwan'
option trm_triggerdelay '2'
option trm_debug '0'
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+# (s)hellcheck exceptions
+# shellcheck disable=1091 disable=2039 disable=2143 disable=2181 disable=2188
+
# set initial defaults
#
LC_ALL=C
PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-trm_ver="1.4.11"
-trm_sysver="unknown"
+trm_ver="1.4.12"
trm_enabled=0
trm_debug=0
trm_iface="trm_wwan"
trm_captive=1
trm_proactive=1
trm_netcheck=0
+trm_autoadd=0
trm_captiveurl="http://captive.apple.com"
trm_scanbuffer=1024
trm_minquality=35
#
f_envload()
{
- local IFS sys_call sys_desc sys_model
+ local IFS
# (re-)initialize global list variables
#
# get system information
#
- sys_call="$(ubus -S call system board 2>/dev/null)"
- if [ -n "${sys_call}" ]
- then
- sys_desc="$(printf '%s' "${sys_call}" | jsonfilter -e '@.release.description')"
- sys_model="$(printf '%s' "${sys_call}" | jsonfilter -e '@.model')"
- trm_sysver="${sys_model}, ${sys_desc}"
- fi
+ trm_sysver="$(ubus -S call system board 2>/dev/null | jsonfilter -e '@.model' -e '@.release.description' | \
+ awk 'BEGIN{ORS=", "}{print $0}' | awk '{print substr($0,1,length($0)-2)}')"
# get eap capabilities
#
- trm_eap="$("${trm_wpa}" -veap >/dev/null 2>&1; printf "%u" ${?})"
+ trm_eap="$("${trm_wpa}" -veap >/dev/null 2>&1; printf "%u" "${?}")"
# load config and check 'enabled' option
#
{
local IFS mode network radio disabled eaptype config="${1}" proactive="${2}"
- mode="$(uci_get wireless "${config}" mode)"
- network="$(uci_get wireless "${config}" network)"
- radio="$(uci_get wireless "${config}" device)"
- disabled="$(uci_get wireless "${config}" disabled)"
- eaptype="$(uci_get wireless "${config}" eap_type)"
+ mode="$(uci_get "wireless" "${config}" "mode")"
+ network="$(uci_get "wireless" "${config}" "network")"
+ radio="$(uci_get "wireless" "${config}" "device")"
+ disabled="$(uci_get "wireless" "${config}" "disabled")"
+ eaptype="$(uci_get "wireless" "${config}" "eap_type")"
if [ -n "${config}" ] && [ -n "${radio}" ] && [ -n "${mode}" ] && [ -n "${network}" ]
then
f_log "debug" "f_prep ::: config: ${config}, mode: ${mode}, network: ${network}, radio: ${radio}, trm_radio: ${trm_radio:-"-"}, trm_active_sta: ${trm_active_sta:-"-"}, proactive: ${proactive}, trm_eap: ${trm_eap:-"-"}, disabled: ${disabled}"
}
+# check net status
+#
+f_net()
+{
+ local IFS result
+
+ result="$(${trm_fetch} --timeout=$((trm_maxwait/6)) "${trm_captiveurl}" -O /dev/null 2>&1 | \
+ awk '/^Failed to redirect|^Redirected/{printf "%s" "net cp \047"$NF"\047";exit}/^Download completed/{printf "%s" "net ok";exit}/^Failed|Connection error/{printf "%s" "net nok";exit}')"
+ printf "%s" "${result}"
+ f_log "debug" "f_net ::: fetch: ${trm_fetch}, timeout: $((trm_maxwait/6)), url: ${trm_captiveurl}, result: ${result}"
+}
+
# check interface status
#
f_check()
{
- local IFS ifname radio dev_status config sta_essid sta_bssid result uci_essid uci_bssid login_command bg_pid wait_time mode="${1}" status="${2:-"false"}" cp_domain="${3:-"false"}"
+ local IFS ifname radio dev_status config sta_essid sta_bssid result uci_essid uci_bssid login_command wait_time mode="${1}" status="${2:-"false"}" cp_domain="${3:-"false"}"
if [ "${mode}" != "initial" ] && [ "${status}" = "false" ]
then
ubus call network reload
wait_time=$((trm_maxwait/6))
- sleep ${wait_time}
+ sleep "${wait_time}"
fi
wait_time=1
trm_ifquality="$(${trm_iwinfo} "${ifname}" info 2>/dev/null | awk -F "[ ]" '/Link Quality:/{split($NF,var0,"/");printf "%i\n",(var0[1]*100/var0[2])}')"
if [ "${mode}" = "initial" ] && [ "${trm_captive}" -eq 1 ]
then
- result="$(${trm_fetch} --timeout=$((trm_maxwait/6)) "${trm_captiveurl}" -O /dev/null 2>&1 | \
- awk '/^Failed to redirect|^Redirected/{printf "%s" "net cp \047"$NF"\047";exit}/^Download completed/{printf "%s" "net ok";exit}/^Failed|Connection error/{printf "%s" "net nok";exit}')"
+ result="$(f_net)"
if [ "${cp_domain}" = "true" ]
then
cp_domain="$(printf "%s" "${result}" | awk -F "[\\'| ]" '/^net cp/{printf "%s" $4}')"
uci_essid="$(printf "%s" "${dev_status}" | jsonfilter -l1 -e '@.*.interfaces[@.config.mode="sta"].config.ssid')"
- uci_essid="$(printf "%s" "${uci_essid//[^[:alnum:]_]/_}" | awk '{print tolower($1)}')"
+ uci_essid="${uci_essid//[^[:alnum:]_]/_}"
uci_bssid="$(printf "%s" "${dev_status}" | jsonfilter -l1 -e '@.*.interfaces[@.config.mode="sta"].config.bssid')"
uci_bssid="${uci_bssid//[^[:alnum:]_]/_}"
fi
then
while true
do
- result="$(${trm_fetch} --timeout=$((trm_maxwait/6)) "${trm_captiveurl}" -O /dev/null 2>&1 | \
- awk '/^Failed to redirect|^Redirected/{printf "%s" "net cp \047"$NF"\047";exit}/^Download completed/{printf "%s" "net ok";exit}/^Failed|Connection error/{printf "%s" "net nok";exit}')"
+ result="$(f_net)"
cp_domain="$(printf "%s" "${result}" | awk -F "[\\'| ]" '/^net cp/{printf "%s" $4}')"
uci_essid="$(printf "%s" "${dev_status}" | jsonfilter -l1 -e '@.*.interfaces[@.config.mode="sta"].config.ssid')"
- uci_essid="$(printf "%s" "${uci_essid//[^[:alnum:]_]/_}" | awk '{print tolower($1)}')"
+ uci_essid="${uci_essid//[^[:alnum:]_]/_}"
uci_bssid="$(printf "%s" "${dev_status}" | jsonfilter -l1 -e '@.*.interfaces[@.config.mode="sta"].config.bssid')"
uci_bssid="${uci_bssid//[^[:alnum:]_]/_}"
if [ "${trm_netcheck}" -eq 1 ] && [ "${result}" = "net nok" ]
f_jsnup
break 2
fi
- if [ -z "${cp_domain}" ] || [ -n "$(uci_get dhcp "@dnsmasq[0]" rebind_domain | grep -Fo "${cp_domain}")" ]
+ if [ -z "${cp_domain}" ] || [ -n "$(uci_get "dhcp" "@dnsmasq[0]" "rebind_domain" | grep -Fo "${cp_domain}")" ]
then
break
fi
uci -q add_list dhcp.@dnsmasq[0].rebind_domain="${cp_domain}"
f_log "info" "captive portal domain '${cp_domain}' added to to dhcp rebind whitelist"
- if [ -z "$(uci_get travelmate "${uci_essid}${uci_bssid}")" ]
+ if [ -z "$(uci_get "travelmate" "${uci_essid}${uci_bssid}")" ]
then
uci_add travelmate "login" "${uci_essid}${uci_bssid}"
uci_set travelmate "${uci_essid}${uci_bssid}" "command" "none"
f_log "info" "captive portal login section '${uci_essid}${uci_bssid}' added to travelmate config section"
fi
done
- if [ -n "$(uci -q changes dhcp)" ]
+ if [ -n "$(uci -q changes "dhcp")" ]
then
- uci_commit dhcp
+ uci_commit "dhcp"
/etc/init.d/dnsmasq reload
fi
- if [ -n "$(uci -q changes travelmate)" ]
+ if [ -n "$(uci -q changes "travelmate")" ]
then
- uci_commit travelmate
+ uci_commit "travelmate"
fi
fi
if [ -n "${cp_domain}" ] && [ "${cp_domain}" != "false" ] && [ -n "${uci_essid}" ] && [ "${trm_captive}" -eq 1 ]
then
trm_connection="${result:-"-"}/${trm_ifquality}"
f_jsnup
- login_command="$(uci_get travelmate "${uci_essid}${uci_bssid}" command)"
+ login_command="$(uci_get "travelmate" "${uci_essid}${uci_bssid}" "command")"
if [ -x "${login_command}" ]
then
"${login_command}" >/dev/null 2>&1
f_log "info" "captive portal login '${login_command:0:40}' for '${cp_domain}' has been executed with rc '${rc}'"
if [ "${rc}" -eq 0 ]
then
- result="$(${trm_fetch} --timeout=$((trm_maxwait/6)) "${trm_captiveurl}" -O /dev/null 2>&1 | \
- awk '/^Failed to redirect|^Redirected/{printf "%s" "net cp \047"$NF"\047";exit}/^Download completed/{printf "%s" "net ok";exit}/^Failed|Connection error/{printf "%s" "net nok";exit}')"
+ result="$(f_net)"
fi
fi
fi
config="$(printf "%s" "${dev_status}" | jsonfilter -l1 -e '@.*.interfaces[@.config.mode="sta"].section')"
if [ -n "${config}" ]
then
- sta_iface="$(uci_get wireless "${config}" network)"
- sta_radio="$(uci_get wireless "${config}" device)"
- sta_essid="$(uci_get wireless "${config}" ssid)"
- sta_bssid="$(uci_get wireless "${config}" bssid)"
+ sta_iface="$(uci_get "wireless" "${config}" "network")"
+ sta_radio="$(uci_get "wireless" "${config}" "device")"
+ sta_essid="$(uci_get "wireless" "${config}" "ssid")"
+ sta_bssid="$(uci_get "wireless" "${config}" "bssid")"
fi
fi
#
f_main()
{
- local IFS cnt dev config spec scan_list scan_essid scan_bssid scan_quality faulty_list
+ local IFS cnt dev config spec scan_list scan_essid scan_bssid scan_open scan_quality uci_essid cfg_essid faulty_list
local station_id sta sta_essid sta_bssid sta_radio sta_iface active_essid active_bssid active_radio
f_check "initial" "false" "true"
f_check "dev" "true"
f_log "debug" "f_main ::: active_radio: ${active_radio}, active_essid: \"${active_essid}\", active_bssid: ${active_bssid:-"-"}"
else
- uci_commit wireless
+ uci_commit "wireless"
f_check "dev"
fi
json_get_var faulty_list "faulty_stations"
do
config="${sta%%-*}"
sta_radio="${sta##*-}"
- sta_essid="$(uci_get wireless "${config}" ssid)"
- sta_bssid="$(uci_get wireless "${config}" bssid)"
- sta_iface="$(uci_get wireless "${config}" network)"
+ sta_essid="$(uci_get "wireless" "${config}" "ssid")"
+ sta_bssid="$(uci_get "wireless" "${config}" "bssid")"
+ sta_iface="$(uci_get "wireless" "${config}" "network")"
json_get_var faulty_list "faulty_stations"
if [ -n "$(printf "%s" "${faulty_list}" | grep -Fo "${sta_radio}/${sta_essid}/${sta_bssid}")" ]
then
if [ -z "${scan_list}" ]
then
scan_list="$("${trm_iwinfo}" "${dev}" scan 2>/dev/null | \
- awk 'BEGIN{FS="[ ]"}/Address:/{var1=$NF}/ESSID:/{var2="";for(i=12;i<=NF;i++)if(var2==""){var2=$i}else{var2=var2" "$i};
- gsub(/,/,".",var2)}/Quality:/{split($NF,var0,"/");printf "%i,%s,%s\n",(var0[1]*100/var0[2]),var1,var2}' | \
+ awk 'BEGIN{FS="[[:space:]]"}/Address:/{var1=$NF}/ESSID:/{var2="";for(i=12;i<=NF;i++)if(var2==""){var2=$i}else{var2=var2" "$i};
+ gsub(/,/,".",var2)}/Quality:/{split($NF,var0,"/")}/Encryption:/{if($NF=="none"){var3="+"}else{var3="-"};printf "%i,%s,%s,%s\n",(var0[1]*100/var0[2]),var1,var2,var3}' | \
sort -rn | awk -v buf="${trm_scanbuffer}" 'BEGIN{ORS=","}{print substr($0,1,buf)}')"
f_log "debug" "f_main ::: scan_buffer: ${trm_scanbuffer}, scan_list: ${scan_list}"
if [ -z "${scan_list}" ]
elif [ -z "${scan_essid}" ]
then
scan_essid="${spec}"
+ elif [ -z "${scan_open}" ]
+ then
+ scan_open="${spec}"
fi
- if [ -n "${scan_quality}" ] && [ -n "${scan_bssid}" ] && [ -n "${scan_essid}" ]
+ if [ -n "${scan_quality}" ] && [ -n "${scan_bssid}" ] && [ -n "${scan_essid}" ] && [ -n "${scan_open}" ]
then
if [ "${scan_quality}" -ge "${trm_minquality}" ]
then
if { { [ "${scan_essid}" = "\"${sta_essid//,/.}\"" ] && { [ -z "${sta_bssid}" ] || [ "${scan_bssid}" = "${sta_bssid}" ]; } } || \
{ [ "${scan_bssid}" = "${sta_bssid}" ] && [ "${scan_essid}" = "unknown" ]; } } && [ "${dev}" = "${sta_radio}" ]
then
- f_log "debug" "f_main ::: scan_quality: ${scan_quality}, scan_essid: ${scan_essid}, scan_bssid: ${scan_bssid:-"-"}"
+ f_log "debug" "f_main ::: scan_quality: ${scan_quality}, scan_essid: ${scan_essid}, scan_bssid: ${scan_bssid:-"-"}, scan_open: ${scan_open}"
if [ "${dev}" = "${active_radio}" ]
then
+ uci_set "wireless" "${trm_active_sta}" "disabled" "1"
+ uci_commit "wireless"
+ f_log "debug" "f_main ::: active uplink connection '${active_radio}/${active_essid}/${active_bssid:-"-"}' terminated"
unset trm_connection active_radio active_essid active_bssid
- uci_set wireless "${trm_active_sta}" disabled 1
- uci_commit wireless
fi
# retry loop
#
cnt=1
while [ "${cnt}" -le "${trm_maxretry}" ]
do
- uci_set wireless "${config}" disabled 0
+ uci_set "wireless" "${config}" "disabled" "0"
f_check "sta"
if [ "${trm_ifstatus}" = "true" ]
then
unset IFS scan_list
- uci_commit wireless
+ uci_commit "wireless"
f_log "info" "connected to uplink '${sta_radio}/${sta_essid}/${sta_bssid:-"-"}' (${cnt}/${trm_maxretry}, ${trm_sysver})"
return 0
else
- uci -q revert wireless
+ uci -q revert "wireless"
f_check "rev"
if [ "${cnt}" -eq "${trm_maxretry}" ]
then
cnt=$((cnt+1))
sleep $((trm_maxwait/6))
done
- else
- unset scan_quality scan_bssid scan_essid
- continue
+ elif [ "${trm_autoadd}" -eq 1 ] && [ "${scan_open}" = "+" ] && [ "${scan_essid}" != "unknown" ]
+ then
+ cfg_essid="${scan_essid#*\"}"
+ cfg_essid="${cfg_essid%\"*}"
+ uci_essid="${cfg_essid//[^[:alnum:]_]/_}"
+ if [ -z "$(uci_get "wireless" "trm_${uci_essid}")" ]
+ then
+ uci_add "wireless" "wifi-iface" "trm_${uci_essid}"
+ uci_set "wireless" "trm_${uci_essid}" "mode" "sta"
+ uci_set "wireless" "trm_${uci_essid}" "network" "${trm_iface}"
+ uci_set "wireless" "trm_${uci_essid}" "device" "${sta_radio}"
+ uci_set "wireless" "trm_${uci_essid}" "ssid" "${cfg_essid}"
+ uci_set "wireless" "trm_${uci_essid}" "encryption" "none"
+ uci_set "wireless" "trm_${uci_essid}" "disabled" "1"
+ uci_commit "wireless"
+ f_log "info" "open uplink '${sta_radio}/${cfg_essid}' added to wireless config"
+ fi
fi
+ unset scan_quality scan_bssid scan_essid scan_open
+ continue
else
- unset scan_quality scan_bssid scan_essid
+ unset scan_quality scan_bssid scan_essid scan_open
continue
fi
fi
done
- unset IFS scan_quality scan_bssid scan_essid
+ unset IFS scan_quality scan_bssid scan_essid scan_open
done
unset scan_list
done
include $(TOPDIR)/rules.mk
PKG_NAME:=unbound
-PKG_VERSION:=1.9.2
+PKG_VERSION:=1.9.3
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://nlnetlabs.nl/downloads/unbound
-PKG_HASH:=6f7acec5cf451277fcda31729886ae7dd62537c4f506855603e3aa153fcb6b95
+PKG_HASH:=1b55dd9170e4bfb327fb644de7bbf7f0541701149dff3adf1b63ffa785f16dfa
PKG_MAINTAINER:=Eric Luehrsen <ericluehrsen@gmail.com>
PKG_LICENSE:=BSD-3-Clause
if [ "$UB_N_THREADS" -gt 1 ] \
- && $PROG -h | grep -q "linked libs:.*libevent" ; then
+ && $PROG -V | grep -q "Linked libs:.*libevent" ; then
# heavy variant using "threads" may need substantial resources
echo " num-threads: 2" >> $UB_CORE_CONF
else
PKG_LICENSE_FILES:=LICENSE
PKG_MAINTAINER:=Ansuel Smith <ansuelsmth@gmail.com>
+PKG_BUILD_DEPENDS:=python3/host
+
include $(INCLUDE_DIR)/package.mk
define Package/uwsgi-cgi
endef
MAKE_VARS+=\
- CPP=$(TARGET_CROSS)cpp
+ CPP=$(TARGET_CROSS)cpp \
+ PYTHON=$(STAGING_DIR_HOSTPKG)/bin/python3
define Build/Compile
$(call Build/Compile/Default,PROFILE=cgi)
--- /dev/null
+Index: uwsgi-2.0.18/Makefile
+===================================================================
+--- uwsgi-2.0.18.orig/Makefile
++++ uwsgi-2.0.18/Makefile
+@@ -1,4 +1,4 @@
+-PYTHON := python
++PYTHON ?= python3
+
+ all:
+ $(PYTHON) uwsgiconfig.py --build $(PROFILE)
PKG_NAME:=madplay
PKG_VERSION:=0.15.2b
-PKG_RELEASE:=6
+PKG_RELEASE:=7
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/mad \
ftp://ftp.mars.org/pub/mpeg/
PKG_HASH:=5a79c7516ff7560dffc6a14399a389432bc619c905b13d3b73da22fa65acede0
-PKG_LICENSE:=GPL-2.0+
-PKG_LICENSE_FILES:=COPYING
-PKG_MAINTAINER:=Simon Peter <probono@puredarwin.org>
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_MAINTAINER:=Simon Peter <probono@puredarwin.org>
+PKG_LICENSE:=GPL-2.0-or-later
+PKG_LICENSE_FILES:=COPYING
PKG_FIXUP:=autoreconf
+PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/nls.mk
full support for ID3 tags.
endef
-define Build/Configure
- $(call Build/Configure/Default, \
- --enable-shared \
- --disable-static \
- --disable-debugging \
- --disable-profiling \
- --disable-experimental \
- --without-libiconv-prefix \
- --without-libintl-prefix \
- --without-esd \
- , \
- LIBS="-lz" \
- )
-endef
+CONFIGURE_ARGS += \
+ --enable-shared \
+ --disable-static \
+ --disable-debugging \
+ --disable-profiling \
+ --disable-experimental \
+ --without-libiconv-prefix \
+ --without-libintl-prefix \
+ --without-esd \
+
+CONFIGURE_VARS += \
+ lt_prog_compiler_pic=$(FPIC)
+
+MAKE_FLAGS += CFLAGS="$(TARGET_CFLAGS)"
ifeq ($(BUILD_VARIANT),alsa)
CONFIGURE_ARGS += \
--without-oss \
--with-alsa
-endif
-
-ifeq ($(BUILD_VARIANT),oss)
+else
CONFIGURE_ARGS += \
- --without-alsa
+ --without-alsa \
+ --with-oss
endif
define Package/madplay/install
$(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/madplay $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/madplay $(1)/usr/bin/
endef
define Package/madplay-alsa/install
$(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/madplay $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/madplay $(1)/usr/bin/
endef
$(eval $(call BuildPackage,madplay-alsa))
include $(TOPDIR)/rules.mk
PKG_NAME:=ap51-flash
-PKG_VERSION:=2018.0
+PKG_VERSION:=2019.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/ap51-flash/ap51-flash/releases/download/v$(PKG_VERSION)
-PKG_HASH:=e38e48a12d7c7b8e189f5538b78bbf00548044414d9ededa18ec9a5b5886afaa
+PKG_HASH:=e7992b2151721cc6f5db91f443ad7fc83cb5604c08cd11fca3e78ecd6b538e57
PKG_MAINTAINER:=Russell Senior <russell@personaltelco.net>
-PKG_LICENSE:=GPL-3.0+
-PKG_LICENSE_FILES:=LICENSES/preferred/GPL-3.0
+PKG_LICENSE:=GPL-3.0+ CC0-1.0
+PKG_LICENSE_FILES:=LICENSES/GPL-3.0-or-later.txt LICENSES/CC0-1.0.txt
include $(INCLUDE_DIR)/package.mk
include $(TOPDIR)/rules.mk
-PKG_SOURCE_VERSION:=8bd996400d087028ba56b724abc1f5b378eaa77f
-
PKG_NAME:=crconf
-PKG_VERSION:=pre2-$(PKG_SOURCE_VERSION)
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://git.code.sf.net/p/crconf/code
-PKG_MIRROR_HASH:=f772306c0b005c18f481b73e3be193dba5ebb9f6f3bf20cb3f67c4a80dac0613
+PKG_SOURCE_DATE:=2018-03-02
+PKG_SOURCE_VERSION:=8bd996400d087028ba56b724abc1f5b378eaa77f
+PKG_MIRROR_HASH:=454307cb40a8743b53933cbdd4d9367996ffcf1bd2946413d2862cf050df3bca
PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
+PKG_LICENSE:=GPL-2.0-only
PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
Most interesting stuff you can find on https://wiki.strongswan.org
endef
+MAKE_FLAGS += CFLAGS="$(TARGET_CFLAGS) -I../include"
+
define Package/crconf/install
$(INSTALL_DIR) $(1)/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/sbin/crconf $(1)/sbin
PKG_NAME:=docker-ce
PKG_VERSION:=19.03.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=components/cli/LICENSE components/engine/LICENSE
START=25
start_service() {
+ local nofile=$(cat /proc/sys/fs/nr_open)
+
procd_open_instance
procd_set_param command /usr/bin/dockerd
+ procd_set_param limits nofile="${nofile} ${nofile}"
procd_close_instance
}
include $(TOPDIR)/rules.mk
PKG_NAME:=haveged
-PKG_VERSION:=1.9.4
+PKG_VERSION:=1.9.6
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://codeload.github.com/jirka-h/haveged/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=c4959d3cb1fa6391d16a3aa1ba4d82cd3a0d497206ae4b87d638088c0664e5aa
+PKG_SOURCE_URL:=https://codeload.github.com/jirka-h/haveged/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=4d4c046755476d3734ffb78772c242c25913ff0eb7509c143671dae6ec9d1189
PKG_BUILD_DIR:=$(BUILD_DIR)/haveged-$(PKG_VERSION)
PKG_LICENSE:=GPLv3