include $(TOPDIR)/rules.mk
PKG_NAME:=python-docker
-PKG_VERSION:=4.4.2
+PKG_VERSION:=4.4.3
PKG_RELEASE:=1
PYPI_NAME:=docker
-PKG_HASH:=67f33d4cf95182db631a17eef7d666d2c91f624c1d3fbc4df6009cb2f2a4c604
+PKG_HASH:=de5753b7f6486dd541a98393e423e387579b8974a5068748b83f852cc76a89d6
PKG_MAINTAINER:=Javier Marcet <javier@marcet.info>
PKG_LICENSE:=Apache-2.0
setup.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/setup.py b/setup.py
-index 7ba4b2a25f..f265384236 100755
--- a/setup.py
+++ b/setup.py
-@@ -43,7 +43,7 @@ def run_tests(self):
-
+@@ -43,7 +43,7 @@ packages = ['requests']
+
requires = [
'chardet>=3.0.2,<5',
- 'idna>=2.5,<3',
+ 'idna>=2.5,<4',
'urllib3>=1.21.1,<1.27',
'certifi>=2017.4.17'
-
-
-From d3e00a4958af046879f24de365d5589d861ea6ef Mon Sep 17 00:00:00 2001
-From: Naor Livne <naorlivne@gmail.com>
-Date: Tue, 5 Jan 2021 16:31:15 +0200
-Subject: [PATCH 2/2] Update setup.py
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Co-authored-by: Mickaël Schoentgen <contact@tiger-222.fr>
----
- setup.py | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/setup.py b/setup.py
-index f265384236..5ce59e621d 100755
---- a/setup.py
-+++ b/setup.py
-@@ -43,7 +43,8 @@ def run_tests(self):
-
- requires = [
- 'chardet>=3.0.2,<5',
-- 'idna>=2.5,<4',
-+ 'idna>=2.5,<3 ; python_version < "3"',
-+ 'idna>=2.5,<4 ; python_version >= "3"',
- 'urllib3>=1.21.1,<1.27',
- 'certifi>=2017.4.17'
+
--- /dev/null
+From d3e00a4958af046879f24de365d5589d861ea6ef Mon Sep 17 00:00:00 2001
+From: Naor Livne <naorlivne@gmail.com>
+Date: Tue, 5 Jan 2021 16:31:15 +0200
+Subject: [PATCH 2/2] Update setup.py
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Co-authored-by: Mickaël Schoentgen <contact@tiger-222.fr>
+---
+ setup.py | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/setup.py
++++ b/setup.py
+@@ -43,7 +43,8 @@ packages = ['requests']
+
+ requires = [
+ 'chardet>=3.0.2,<5',
+- 'idna>=2.5,<4',
++ 'idna>=2.5,<3 ; python_version < "3"',
++ 'idna>=2.5,<4 ; python_version >= "3"',
+ 'urllib3>=1.21.1,<1.27',
+ 'certifi>=2017.4.17'
+
include ../python3-version.mk
PKG_NAME:=python3
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_VERSION:=$(PYTHON3_VERSION).$(PYTHON3_VERSION_MICRO)
PKG_SOURCE:=Python-$(PKG_VERSION).tar.xz
ifeq ($(HOST_OS),Darwin)
HOST_CONFIGURE_VARS += \
ac_cv_header_libintl_h=no
+HOST_MAKE_VARS += \
+ USE_PYTHON_CONFIG_PY=1
endif
HOST_CONFIGURE_ARGS+= \
endef
define Host/Compile
- +$(HOST_MAKE_VARS) $(MAKE) $(HOST_JOBS) -C $(HOST_BUILD_DIR) python
- +$(HOST_MAKE_VARS) $(MAKE) $(HOST_JOBS) -C $(HOST_BUILD_DIR) sharedmods
+ $(call Host/Compile/Default,python)
+ $(call Host/Compile/Default,sharedmods)
endef
define Host/Install
$(HOST_PYTHON3_PKG_DIR)/.pip-patched* \
$(HOST_PYTHON3_PKG_DIR)/.pip_installed_*
)
- $(MAKE) -C $(HOST_BUILD_DIR) install
+ $(call Host/Install/Default)
$(if $(wildcard $(HOST_PYTHON3_PKG_DIR)/.setuptools_installed_$(PYTHON3_SETUPTOOLS_VERSION)-$(PYTHON3_SETUPTOOLS_PKG_RELEASE)),,
$(call HostPatchDir,$(HOST_PYTHON3_PKG_DIR),./patches-setuptools,)
touch $(HOST_PYTHON3_PKG_DIR)/.setuptools_installed_$(PYTHON3_SETUPTOOLS_VERSION)-$(PYTHON3_SETUPTOOLS_PKG_RELEASE)
--- /dev/null
+--- a/Makefile.pre.in
++++ b/Makefile.pre.in
+@@ -1586,7 +1586,7 @@ python-config: $(srcdir)/Misc/python-con
+ @ # On Darwin, always use the python version of the script, the shell
+ @ # version doesn't use the compiler customizations that are provided
+ @ # in python (_osx_support.py).
+- @if test `uname -s` = Darwin; then \
++ @if test "$(USE_PYTHON_CONFIG_PY)" = 1; then \
+ cp python-config.py python-config; \
+ fi
+
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=gost_engine
+PKG_VERSION:=1.1.0.3
+PKG_RELEASE:=$(AUTORELEASE)
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://github.com/gost-engine/engine/archive/v$(PKG_VERSION)
+PKG_HASH:=fff725052e82c9adb5b738729b30141f61ac91fa457a4f4b5de18b8b24092f75
+
+PKG_MAINTAINER:=Artur Petrov <github@phpchain.ru>
+PKG_LICENSE:=OpenSSL
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+
+PKG_UNPACK:=$(HOST_TAR) -C "$(PKG_BUILD_DIR)" --strip-components=1 -xzf "$(DL_DIR)/$(PKG_SOURCE)"
+PKG_INSTALL:=
+
+ENGINES_DIR:=engines-1.1
+
+define Package/gost_engine/Default
+ TITLE:=GOST engine for OpenSSL
+ URL:=http://www.openssl.org/
+ SECTION:=libs
+ CATEGORY:=Libraries
+endef
+
+define Package/gost_engine/Default/description
+Russian GOST crypto algorithms for OpenSSL.
+endef
+
+define Package/libopenssl-gost_engine
+ $(call Package/gost_engine/Default)
+ SUBMENU:=SSL
+ TITLE+= (library)
+ URL:=https://github.com/gost-engine/engine/
+ DEPENDS:=libopenssl @OPENSSL_ENGINE @OPENSSL_WITH_GOST +libopenssl-conf
+endef
+
+define Package/libopenssl-gost_engine/description
+$(call Package/gost_engine/Default/description)
+This package contains the GOST engine library.
+
+Support ciphers:
+GOST2012-GOST8912-GOST8912
+GOST2001-GOST89-GOST89
+endef
+
+define Package/gost_engine-util
+ $(call Package/gost_engine/Default)
+ SECTION:=utils
+ CATEGORY:=Utilities
+ DEPENDS:=libopenssl-gost_engine
+ TITLE+= (utilities)
+endef
+
+define Package/gost_engine-util/description
+$(call Package/gost_engine/Default/description)
+This package contains the GOST engine command-line utilities gostsum and gost12sum.
+endef
+
+CMAKE_OPTIONS += -DOPENSSL_ENGINES_DIR=/usr/lib/$(ENGINES_DIR)
+
+define Package/libopenssl-gost_engine/install
+ $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/bin/gost.so \
+ $(1)/usr/lib/$(ENGINES_DIR)/
+endef
+
+define Package/gost_engine-util/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/{gost12sum,gostsum} \
+ $(1)/usr/bin/
+endef
+
+
+$(eval $(call BuildPackage,libopenssl-gost_engine))
+$(eval $(call BuildPackage,gost_engine-util))
PKG_NAME:=libnetfilter_queue
PKG_VERSION:=1.0.5
-PKG_RELEASE:=1
+PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://www.netfilter.org/projects/libnetfilter_queue/files
PKG_HASH:=f9ff3c11305d6e03d81405957bdc11aea18e0d315c3e3f48da53a24ba251b9f5
+PKG_FIXUP:=autoreconf
PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=COPYING
--- /dev/null
+From 662c8f44d53492d2e0ebd430dadef12d580ec330 Mon Sep 17 00:00:00 2001
+From: Etan Kissling <etan_kissling@apple.com>
+Date: Tue, 19 Jan 2021 16:05:39 +0100
+Subject: [PATCH] src: add pkt_buff function for ICMP
+
+Add support for processing ICMP packets using pkt_buff, similar to
+existing library support for TCP and UDP.
+
+Signed-off-by: Etan Kissling <etan_kissling@apple.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ include/libnetfilter_queue/Makefile.am | 1 +
+ .../libnetfilter_queue_icmp.h | 8 ++++
+ src/Makefile.am | 1 +
+ src/extra/icmp.c | 48 +++++++++++++++++++
+ 4 files changed, 58 insertions(+)
+ create mode 100644 include/libnetfilter_queue/libnetfilter_queue_icmp.h
+ create mode 100644 src/extra/icmp.c
+
+--- a/include/libnetfilter_queue/Makefile.am
++++ b/include/libnetfilter_queue/Makefile.am
+@@ -1,5 +1,6 @@
+ pkginclude_HEADERS = libnetfilter_queue.h \
+ linux_nfnetlink_queue.h \
++ libnetfilter_queue_icmp.h \
+ libnetfilter_queue_ipv4.h \
+ libnetfilter_queue_ipv6.h \
+ libnetfilter_queue_tcp.h \
+--- /dev/null
++++ b/include/libnetfilter_queue/libnetfilter_queue_icmp.h
+@@ -0,0 +1,8 @@
++#ifndef _LIBNFQUEUE_ICMP_H_
++#define _LIBNFQUEUE_ICMP_H_
++
++struct pkt_buff;
++
++struct icmphdr *nfq_icmp_get_hdr(struct pkt_buff *pktb);
++
++#endif
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -31,6 +31,7 @@ libnetfilter_queue_la_LDFLAGS = -Wc,-nos
+ libnetfilter_queue_la_SOURCES = libnetfilter_queue.c \
+ nlmsg.c \
+ extra/checksum.c \
++ extra/icmp.c \
+ extra/ipv6.c \
+ extra/tcp.c \
+ extra/ipv4.c \
+--- /dev/null
++++ b/src/extra/icmp.c
+@@ -0,0 +1,48 @@
++/*
++ * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or
++ * (at your option) any later version.
++ *
++ * This code has been sponsored by Vyatta Inc. <http://www.vyatta.com>
++ */
++
++#include <stdio.h>
++#define _GNU_SOURCE
++#include <netinet/ip_icmp.h>
++
++#include <libnetfilter_queue/libnetfilter_queue_icmp.h>
++
++#include "internal.h"
++
++/**
++ * \defgroup icmp ICMP helper functions
++ * @{
++ */
++
++/**
++ * nfq_icmp_get_hdr - get the ICMP header.
++ * \param pktb: pointer to user-space network packet buffer
++ * \returns validated pointer to the ICMP header or NULL if the ICMP header was
++ * not set or if a minimal length check fails.
++ * \note You have to call nfq_ip_set_transport_header() or
++ * nfq_ip6_set_transport_header() first to set the ICMP header.
++ */
++EXPORT_SYMBOL
++struct icmphdr *nfq_icmp_get_hdr(struct pkt_buff *pktb)
++{
++ if (pktb->transport_header == NULL)
++ return NULL;
++
++ /* No room for the ICMP header. */
++ if (pktb_tail(pktb) - pktb->transport_header < sizeof(struct icmphdr))
++ return NULL;
++
++ return (struct icmphdr *)pktb->transport_header;
++}
++
++/**
++ * @}
++ */
--- /dev/null
+From 51f25df304aeaa6c1b02ef7456a61278ee70c102 Mon Sep 17 00:00:00 2001
+From: Etan Kissling <etan_kissling@apple.com>
+Date: Tue, 9 Feb 2021 23:51:33 +0100
+Subject: [PATCH] src: fix IPv6 header handling
+
+This corrects issues in IPv6 header handling that sometimes resulted
+in an endless loop.
+
+Signed-off-by: Etan Kissling <etan_kissling@apple.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ src/extra/ipv6.c | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+--- a/src/extra/ipv6.c
++++ b/src/extra/ipv6.c
+@@ -67,10 +67,19 @@ int nfq_ip6_set_transport_header(struct
+ uint8_t nexthdr = ip6h->ip6_nxt;
+ uint8_t *cur = (uint8_t *)ip6h + sizeof(struct ip6_hdr);
+
+- while (nexthdr != target) {
++ while (nexthdr == IPPROTO_HOPOPTS ||
++ nexthdr == IPPROTO_ROUTING ||
++ nexthdr == IPPROTO_FRAGMENT ||
++ nexthdr == IPPROTO_AH ||
++ nexthdr == IPPROTO_NONE ||
++ nexthdr == IPPROTO_DSTOPTS) {
+ struct ip6_ext *ip6_ext;
+ uint32_t hdrlen;
+
++ /* Extension header was requested, we're done. */
++ if (nexthdr == target)
++ break;
++
+ /* No more extensions, we're done. */
+ if (nexthdr == IPPROTO_NONE) {
+ cur = NULL;
+@@ -107,11 +116,13 @@ int nfq_ip6_set_transport_header(struct
+ } else if (nexthdr == IPPROTO_AH)
+ hdrlen = (ip6_ext->ip6e_len + 2) << 2;
+ else
+- hdrlen = ip6_ext->ip6e_len;
++ hdrlen = (ip6_ext->ip6e_len + 1) << 3;
+
+ nexthdr = ip6_ext->ip6e_nxt;
+ cur += hdrlen;
+ }
++ if (nexthdr != target)
++ cur = NULL;
+ pktb->transport_header = cur;
+ return cur ? 1 : 0;
+ }
include $(TOPDIR)/rules.mk
PKG_NAME:=libuhttpd
-PKG_VERSION:=3.8.0
+PKG_VERSION:=3.9.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL=https://github.com/zhaojh329/libuhttpd/releases/download/v$(PKG_VERSION)
-PKG_HASH:=cdf97020be8ef73e74f12e0703e0f871ebd26c641ce2cb31f67c90a79483c372
+PKG_HASH:=9939cd5f9aaad2c118bc04417fb2d21994fb1cdca7fff475a0930a1374635af0
PKG_MAINTAINER:=Jianhui Zhao <zhaojh329@gmail.com>
PKG_LICENSE:=MIT
PKG_NAME:=zeromq
PKG_VERSION:=4.3.4
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/zeromq/libzmq/releases/download/v$(PKG_VERSION)
PROVIDES:=libzmq
endef
+define Package/libzmq/default-config
+config LIBZMQ_$(2)_WITH_OPENPGM
+ depends on PACKAGE_libzmq-$(1)
+ bool "enable openpgm support for libzmq-$(1)"
+ default n
+endef
+
define Package/libzmq-nc
$(call Package/libzmq/default)
VARIANT:=nc
+ DEPENDS+=+LIBZMQ_NC_WITH_OPENPGM:openpgm
endef
define Package/libzmq-curve
$(call Package/libzmq/default)
VARIANT:=curve
TITLE+= (CurveZMQ)
- DEPENDS+=+libsodium
+ DEPENDS+=+libsodium +LIBZMQ_CURVE_WITH_OPENPGM:openpgm
endef
define Package/libzmq-nc/description
Includes CurveZMQ security by libsodium.
endef
+define Package/libzmq-nc/config
+ $(call Package/libzmq/default-config,nc,NC)
+endef
+
+define Package/libzmq-curve/config
+ $(call Package/libzmq/default-config,curve,CURVE)
+endef
+
CMAKE_OPTIONS += \
-DA2X_EXECUTABLE=OFF \
-DASCIIDOC_EXECUTABLE=OFF \
-DENABLE_EVENTFD=ON \
-DPOLLER=epoll \
-DRT_LIBRARY=OFF \
- -DWITH_OPENPGM=OFF \
-DZMQ_BUILD_TESTS=OFF \
-DWITH_LIBBSD=O$(if $(CONFIG_USE_GLIBC),N,FF)
CMAKE_OPTIONS += -DWITH_LIBSODIUM=OFF
endif
+ifeq ($(CONFIG_LIBZMQ_NC_WITH_OPENPGM),y)
+ CMAKE_OPTIONS += -DWITH_OPENPGM=ON
+else ifeq ($(CONFIG_LIBZMQ_CURVE_WITH_OPENPGM),y)
+ CMAKE_OPTIONS += -DWITH_OPENPGM=ON
+else
+ CMAKE_OPTIONS += -DWITH_OPENPGM=OFF
+endif
+
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/zmq.h $(1)/usr/include
--- /dev/null
+From 68546793d3ead9fef78f4b6670b4bee92ae99bc8 Mon Sep 17 00:00:00 2001
+From: Ye Holmes <yeholmes@outlook.com>
+Date: Wed, 17 Feb 2021 19:26:52 +0800
+Subject: [PATCH] fix-openpgm-linking-for-zeromq
+
+---
+ CMakeLists.txt | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -793,7 +793,7 @@ else()
+ # message(FATAL_ERROR "WITH_OPENPGM not implemented")
+
+ if(NOT OPENPGM_PKGCONFIG_NAME)
+- set(OPENPGM_PKGCONFIG_NAME "openpgm-5.2")
++ set(OPENPGM_PKGCONFIG_NAME "openpgm-5.3")
+ endif()
+
+ set(OPENPGM_PKGCONFIG_NAME
+@@ -804,6 +804,8 @@ else()
+
+ if(OPENPGM_FOUND)
+ message(STATUS ${OPENPGM_PKGCONFIG_NAME}" found")
++ find_library(OPENPGM_LIBRARIES NAMES libpgm pgm)
++ set(pkg_config_libs_private "${pkg_config_libs_private} -lpgm")
+ set(pkg_config_names_private "${pkg_config_names_private} ${OPENPGM_PKGCONFIG_NAME}")
+ else()
+ message(
+@@ -1447,6 +1449,10 @@ if(BUILD_SHARED)
+ endif()
+ endif()
+
++ if(OPENPGM_FOUND)
++ target_link_libraries(libzmq ${OPENPGM_LIBRARIES})
++ endif()
++
+ if(HAVE_WS2_32)
+ target_link_libraries(libzmq ws2_32)
+ elseif(HAVE_WS2)
include $(TOPDIR)/rules.mk
PKG_NAME:=banip
-PKG_VERSION:=0.7.1
-PKG_RELEASE:=2
+PKG_VERSION:=0.7.2
+PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
## Main Features
* Support of the following fully pre-configured domain blocklist sources (free for private usage, for commercial use please check their individual licenses)
-| Source | Focus | Information |
-| :------------------ | :--------------------------: | :-------------------------------------------------------------------------------- |
-| asn | ASN block | [Link](https://asn.ipinfo.app) |
-| bogon | Bogon prefixes | [Link](https://team-cymru.com) |
-| country | Country blocks | [Link](https://www.ipdeny.com/ipblocks) |
-| darklist | Attacker IP blacklist | [Link](https://darklist.de) |
-| debl | Fail2ban IP blacklist | [Link](https://www.blocklist.de) |
-| doh | Public DoH-Provider | [Link](https://github.com/dibdot/DoH-IP-blocklists) |
-| drop | Spamhaus drop compilation | [Link](https://www.spamhaus.org) |
-| dshield | Dshield IP blocklist | [Link](https://www.dshield.org) |
-| edrop | Spamhaus edrop compilation | [Link](https://www.spamhaus.org) |
-| feodo | Feodo Tracker | [Link](https://feodotracker.abuse.ch) |
-| firehol1 | Firehol Level 1 compilation | [Link](https://iplists.firehol.org/?ipset=firehol_level1) |
-| firehol2 | Firehol Level 2 compilation | [Link](https://iplists.firehol.org/?ipset=firehol_level2) |
-| firehol3 | Firehol Level 3 compilation | [Link](https://iplists.firehol.org/?ipset=firehol_level3) |
-| firehol4 | Firehol Level 4 compilation | [Link](https://iplists.firehol.org/?ipset=firehol_level4) |
-| iblockads | Advertising blocklist | [Link](https://www.iblocklist.com) |
-| iblockspy | Malicious spyware blocklist | [Link](https://www.iblocklist.com) |
-| myip | Myip Live IP blacklist | [Link](https://myip.ms) |
-| nixspam | iX spam protection | [Link](http://www.nixspam.org) |
-| proxy | Firehol list of open proxies | [Link](https://iplists.firehol.org/?ipset=proxylists) |
-| ssbl | SSL botnet IP blacklist | [Link](https://sslbl.abuse.ch) |
-| threat | Emerging Threats | [Link](https://rules.emergingthreats.net) |
-| tor | Tor exit nodes | [Link](https://fissionrelays.net/lists) |
-| uceprotect1 | Spam protection level 1 | [Link](http://www.uceprotect.net/en/index.php) |
-| uceprotect2 | Spam protection level 2 | [Link](http://www.uceprotect.net/en/index.php) |
-| voip | VoIP fraud blocklist | [Link](http://www.voipbl.org) |
-| yoyo | Ad protection blacklist | [Link](https://pgl.yoyo.org/adservers/) |
+| Source | Focus | Information |
+| :------------------ | :----------------------------: | :-------------------------------------------------------------------------------- |
+| asn | ASN block | [Link](https://asn.ipinfo.app) |
+| bogon | Bogon prefixes | [Link](https://team-cymru.com) |
+| country | Country blocks | [Link](https://www.ipdeny.com/ipblocks) |
+| darklist | blocks suspicious attacker IPs | [Link](https://darklist.de) |
+| debl | Fail2ban IP blacklist | [Link](https://www.blocklist.de) |
+| doh | Public DoH-Provider | [Link](https://github.com/dibdot/DoH-IP-blocklists) |
+| drop | Spamhaus drop compilation | [Link](https://www.spamhaus.org) |
+| dshield | Dshield IP blocklist | [Link](https://www.dshield.org) |
+| edrop | Spamhaus edrop compilation | [Link](https://www.spamhaus.org) |
+| feodo | Feodo Tracker | [Link](https://feodotracker.abuse.ch) |
+| firehol1 | Firehol Level 1 compilation | [Link](https://iplists.firehol.org/?ipset=firehol_level1) |
+| firehol2 | Firehol Level 2 compilation | [Link](https://iplists.firehol.org/?ipset=firehol_level2) |
+| firehol3 | Firehol Level 3 compilation | [Link](https://iplists.firehol.org/?ipset=firehol_level3) |
+| firehol4 | Firehol Level 4 compilation | [Link](https://iplists.firehol.org/?ipset=firehol_level4) |
+| greensnow | blocks suspicious server IPs | [Link](https://greensnow.co) |
+| iblockads | Advertising blocklist | [Link](https://www.iblocklist.com) |
+| iblockspy | Malicious spyware blocklist | [Link](https://www.iblocklist.com) |
+| myip | Myip Live IP blacklist | [Link](https://myip.ms) |
+| nixspam | iX spam protection | [Link](http://www.nixspam.org) |
+| proxy | Firehol list of open proxies | [Link](https://iplists.firehol.org/?ipset=proxylists) |
+| ssbl | SSL botnet IP blacklist | [Link](https://sslbl.abuse.ch) |
+| threat | Emerging Threats | [Link](https://rules.emergingthreats.net) |
+| tor | Tor exit nodes | [Link](https://fissionrelays.net/lists) |
+| uceprotect1 | Spam protection level 1 | [Link](http://www.uceprotect.net/en/index.php) |
+| uceprotect2 | Spam protection level 2 | [Link](http://www.uceprotect.net/en/index.php) |
+| voip | VoIP fraud blocklist | [Link](http://www.voipbl.org) |
+| yoyo | Ad protection blacklist | [Link](https://pgl.yoyo.org/adservers/) |
* zero-conf like automatic installation & setup, usually no manual changes needed
* automatically selects one of the following download utilities: aria2c, curl, uclient-fetch, wget
| ban_maclist_timeout | option | - | individual maclist IPSet timeout |
| ban_whitelist_timeout | option | - | individual whitelist IPSet timeout |
| ban_blacklist_timeout | option | - | individual blacklist IPSet timeout |
+| ban_logterms | list | dropbear, sshd, luci, nginx | limit the log monitor to certain log terms |
+| ban_loglimit | option | 100 | parse only the last stated number of log entries for suspicious events |
+| ban_ssh_logcount | option | 3 | number of the failed ssh login repetitions of the same ip in the log before banning |
+| ban_luci_logcount | option | 3 | number of the failed luci login repetitions of the same ip in the log before banning |
+| ban_nginx_logcount | option | 5 | number of the failed nginx requests of the same ip in the log before banning |
## Examples
**list/edit banIP sources:**
fi
if [ -n "${iface}" ]
then
-
procd_add_interface_trigger "interface.*.up" "${iface}" "${ban_init}" "start"
fi
procd_add_reload_trigger "banip"
if [ -x "${ban_logread}" ]
then
f_log "info" "log/banIP service started"
- "${ban_logread}" -f | { grep -q "${ban_search}"; [ "${?}" = "0" ] && /etc/init.d/banip refresh; }
+ "${ban_logread}" -f | { grep -qE "${ban_search}"; [ "${?}" = "0" ] && { /etc/init.d/banip refresh; exit 0; }; }
else
f_log "err" "can't start log/banIP service"
fi
export LC_ALL=C
export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
set -o pipefail
-ban_ver="0.7.1"
+ban_ver="0.7.2"
ban_enabled="0"
ban_mail_enabled="0"
ban_proto4_enabled="0"
ban_autowhitelist="1"
ban_logterms=""
ban_loglimit="100"
+ban_ssh_logcount="3"
+ban_luci_logcount="3"
+ban_nginx_logcount="5"
ban_mailactions=""
ban_search=""
ban_devs=""
ban_ipt6_restorecmd="$(command -v ip6tables-restore)"
ban_ipset_cmd="$(command -v ipset)"
ban_logger_cmd="$(command -v logger)"
+ban_logread="$(command -v logread)"
ban_allsources=""
ban_sources=""
ban_asns=""
#
if [ "${ban_enabled}" = "0" ]
then
- f_bgsrv "stop"
f_ipset "destroy"
f_jsnup "disabled"
f_rmbckp
f_rmtmp
+ f_bgsrv "stop"
f_log "info" "banIP is currently disabled, please set the config option 'ban_enabled' to '1' to use this service"
exit 0
fi
ban_target_dst="${ban_logchain_dst}"
fi
ban_localsources="${ban_localsources:-"maclist whitelist blacklist"}"
- ban_logterms="${ban_logterms:-"dropbear sshd luci"}"
+ ban_logterms="${ban_logterms:-"dropbear sshd luci nginx"}"
f_log "debug" "f_conf ::: ifaces: ${ban_ifaces:-"-"}, chain: ${ban_chain}, set_type: ${ban_global_settype}, log_chains (src/dst): ${ban_logchain_src}/${ban_logchain_dst}, targets (src/dst): ${ban_target_src}/${ban_target_dst}"
f_log "debug" "f_conf ::: lan_inputs (4/6): ${ban_lan_inputchains_4}/${ban_lan_inputchains_6}, lan_forwards (4/6): ${ban_lan_forwardchains_4}/${ban_lan_forwardchains_6}, wan_inputs (4/6): ${ban_wan_inputchains_4}/${ban_wan_inputchains_6}, wan_forwards (4/6): ${ban_wan_forwardchains_4}/${ban_wan_forwardchains_6}"
f_log "debug" "f_conf ::: local_sources: ${ban_localsources:-"-"}, extra_sources: ${ban_extrasources:-"-"}, log_terms: ${ban_logterms:-"-"}, log_prefixes (src/dst): ${ban_logprefix_src}/${ban_logprefix_dst}, log_options (src/dst): ${ban_logopts_src}/${ban_logopts_dst}"
{
local bg_pid action="${1}"
- bg_pid="$(pgrep -f "^/bin/sh ${ban_logservice}|logread -f|^grep -q Exit|^grep -q error|^grep -q luci" | awk '{ORS=" "; print $1}')"
- if [ -z "${bg_pid}" ] && [ "${action}" = "start" ] && [ -x "${ban_logservice}" ] && [ "${ban_monitor_enabled}" = "1" ]
+ bg_pid="$(pgrep -f "^/bin/sh ${ban_logservice}|${ban_logread}|^grep -qE Exit before auth|^grep -qE error: maximum|^grep -qE luci: failed|^grep -qE nginx" | awk '{ORS=" "; print $1}')"
+ if [ "${action}" = "start" ] && [ -x "${ban_logservice}" ] && [ "${ban_monitor_enabled}" = "1" ]
then
+ if [ -n "${bg_pid}" ]
+ then
+ kill -HUP "${bg_pid}" 2>/dev/null
+ fi
if [ -n "$(printf "%s\n" "${ban_logterms}" | grep -F "dropbear")" ]
then
- ban_search="Exit before auth from\|"
+ ban_search="Exit before auth from|"
fi
if [ -n "$(printf "%s\n" "${ban_logterms}" | grep -F "sshd")" ]
then
- ban_search="${ban_search}error: maximum authentication attempts exceeded\|sshd.*Connection closed by.*\[preauth\]\|"
+ ban_search="${ban_search}error: maximum authentication attempts exceeded|sshd.*Connection closed by.*\[preauth\]|"
fi
if [ -n "$(printf "%s\n" "${ban_logterms}" | grep -F "luci")" ]
then
- ban_search="${ban_search}luci: failed login"
+ ban_search="${ban_search}luci: failed login|"
+ fi
+ if [ -n "$(printf "%s\n" "${ban_logterms}" | grep -F "nginx")" ]
+ then
+ ban_search="${ban_search}nginx\[[0-9]+\]:.*\[error\].*open().*client: [[:alnum:].:]+"
fi
( "${ban_logservice}" "${ban_ver}" "${ban_search}" & )
- elif [ -n "${bg_pid}" ] && [ "${action}" = "stop" ]
+ elif [ "${action}" = "stop" ] && [ -n "${bg_pid}" ]
then
kill -HUP "${bg_pid}" 2>/dev/null
fi
#
f_main()
{
- local src_name src_url_4 src_rule_4 src_url_6 src_rule_6 src_comp src_rc src_ts log_raw log_merge hold err_file cnt_file cnt=0
+ local src_name src_url_4 src_rule_4 src_url_6 src_rule_6 src_comp src_rc src_ts log_raw log_merge log_ips log_count hold err_file cnt_file cnt=0
# prepare logfile excerpts (dropbear, sshd, luci)
#
if [ "${ban_autoblacklist}" = "1" ] || [ "${ban_monitor_enabled}" = "1" ]
then
- log_raw="$(logread -l "${ban_loglimit}")"
+ log_raw="$(${ban_logread} -l "${ban_loglimit}")"
if [ -n "$(printf "%s\n" "${ban_logterms}" | grep -F "dropbear")" ]
then
- log_merge="$(printf "%s\n" "${log_raw}" | grep "Exit before auth from" | awk 'match($0,/<[0-9A-f:\.]+:/){printf "%s\n",substr($0,RSTART+1,RLENGTH-2)}')"
+ log_ips="$(printf "%s\n" "${log_raw}" | grep -E "Exit before auth from" | \
+ awk 'match($0,/<[0-9A-f:\.]+:/){printf "%s\n",substr($0,RSTART+1,RLENGTH-2)}' | awk '!seen[$NF]++' | awk '{ORS=" ";print $NF}')"
+ for ip in ${log_ips}
+ do
+ log_count="$(printf "%s\n" "${log_raw}" | grep -cE "Exit before auth from <${ip}")"
+ if [ "${log_count}" -ge "${ban_ssh_logcount}" ]
+ then
+ log_merge="${log_merge} ${ip}"
+ fi
+ done
fi
if [ -n "$(printf "%s\n" "${ban_logterms}" | grep -F "sshd")" ]
then
- log_merge="${log_merge} $(printf "%s\n" "${log_raw}" | grep "error: maximum authentication attempts exceeded\|sshd.*Connection closed by.*\[preauth\]" | awk 'match($0,/[0-9A-f:\.]+ port/){printf "%s\n",substr($0,RSTART,RLENGTH-5)}')"
+ log_ips="$(printf "%s\n" "${log_raw}" | grep -E "error: maximum authentication attempts exceeded|sshd.*Connection closed by.*\[preauth\]" | \
+ awk 'match($0,/[0-9A-f:\.]+ port/){printf "%s\n",substr($0,RSTART,RLENGTH-5)}' | awk '!seen[$NF]++' | awk '{ORS=" ";print $NF}')"
+ for ip in ${log_ips}
+ do
+ log_count="$(printf "%s\n" "${log_raw}" | grep -cE "error: maximum authentication attempts exceeded.*${ip}|sshd.*Connection closed by.*${ip}.*\[preauth\]")"
+ if [ "${log_count}" -ge "${ban_ssh_logcount}" ]
+ then
+ log_merge="${log_merge} ${ip}"
+ fi
+ done
fi
if [ -n "$(printf "%s\n" "${ban_logterms}" | grep -F "luci")" ]
then
- log_merge="${log_merge} $(printf "%s\n" "${log_raw}" | grep "luci: failed login on " | awk 'match($0,/[0-9A-f:\.]+$/){printf "%s\n",substr($0,RSTART,RLENGTH)}')"
+ log_ips="$(printf "%s\n" "${log_raw}" | grep -E "luci: failed login on " | \
+ awk 'match($0,/[0-9A-f:\.]+$/){printf "%s\n",substr($0,RSTART,RLENGTH)}' | awk '!seen[$NF]++' | awk '{ORS=" ";print $NF}')"
+ for ip in ${log_ips}
+ do
+ log_count="$(printf "%s\n" "${log_raw}" | grep -cE "luci: failed login on .*from ${ip}")"
+ if [ "${log_count}" -ge "${ban_luci_logcount}" ]
+ then
+ log_merge="${log_merge} ${ip}"
+ fi
+ done
+ fi
+ if [ -n "$(printf "%s\n" "${ban_logterms}" | grep -F "nginx")" ]
+ then
+ log_ips="$(printf "%s\n" "${log_raw}" | grep -oE "nginx\[[0-9]+\]:.*\[error\].*open().*client: [[:alnum:].:]+" | \
+ awk '!seen[$NF]++' | awk '{ORS=" ";print $NF}')"
+ for ip in ${log_ips}
+ do
+ log_count="$(printf "%s\n" "${log_raw}" | grep -cE "nginx\[[0-9]+\]:.*\[error\].*open().*client: ${ip}")"
+ if [ "${log_count}" -ge "${ban_nginx_logcount}" ]
+ then
+ log_merge="${log_merge} ${ip}"
+ fi
+ done
fi
- log_merge="$(printf "%s" "${log_merge}" | awk '{ORS=" ";print $0}')"
fi
# prepare new black- and whitelist entries
fi
done
f_log "info" "${ban_setcnt} IPSets with overall ${ban_cnt} IPs/Prefixes loaded successfully (${ban_sysver})"
- f_bgsrv "start"
f_jsnup
f_rmtmp
+ f_bgsrv "start"
}
# query ipsets for certain IP
f_load
case "${ban_action}" in
"stop")
- f_bgsrv "stop"
f_ipset "destroy"
f_jsnup "stopped"
f_rmbckp
+ f_bgsrv "stop"
;;
"restart")
- f_bgsrv "stop"
f_ipset "destroy"
f_rmbckp
f_env
"suspend")
if [ "${ban_status}" = "enabled" ]
then
- f_bgsrv "stop"
f_jsnup "running"
f_ipset "suspend"
f_jsnup "paused"
+ f_bgsrv "stop"
fi
f_rmtmp
;;
"resume")
if [ "${ban_status}" = "paused" ]
then
- f_bgsrv "stop"
f_env
f_main
else
fi
;;
"start"|"reload"|"refresh")
- f_bgsrv "stop"
f_env
f_main
;;
"darklist": {
"url_4": "https://darklist.de/raw.php",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add darklist_4 \"$1}",
- "focus": "Attacker IP blacklist",
+ "focus": "Blocks suspicious attacker IPs",
"descurl": "https://darklist.de"
},
"debl": {
"focus": "Firehol Level 4 compilation",
"descurl": "https://iplists.firehol.org/?ipset=firehol_level4"
},
+ "greensnow": {
+ "url_4": "https://blocklist.greensnow.co/greensnow.txt",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add greensnow_4 \"$1}",
+ "focus": "Blocks suspicious server IPs",
+ "descurl": "https://greensnow.co"
+ },
"iblockads": {
"url_4": "https://list.iblocklist.com/?list=dgxtneitpuvgqqcpfulq&fileformat=cidr&archiveformat=gz",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add iblockads_4 \"$1}",
include $(TOPDIR)/rules.mk
PKG_NAME:=bind
-PKG_VERSION:=9.17.9
+PKG_VERSION:=9.17.10
PKG_RELEASE:=1
USERID:=bind=57:bind=57
PKG_SOURCE_URL:= \
https://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) \
https://ftp.isc.org/isc/bind9/$(PKG_VERSION)
-PKG_HASH:=075de055d1c3d8fede6a93cc890203670948e0f13310a21d4980cb5e378f7306
+PKG_HASH:=26a90d28ad694029e480fadcdf60b6219e8128a02d3dd594f6c1a83d002890fd
PKG_FIXUP:=autoreconf
PKG_REMOVE_FILES:=aclocal.m4 libtool.m4
PKG_USE_MIPS16:=0
PKG_BUILD_PARALLEL:=1
+PKG_BUILD_DEPENDS:=nghttp2
+
PKG_CONFIG_DEPENDS := \
CONFIG_BIND_LIBJSON \
CONFIG_BIND_LIBXML2
define Package/bind-libs
SECTION:=libs
CATEGORY:=Libraries
- DEPENDS:=+libopenssl +zlib +libpthread +libatomic +libuv \
- +BIND_LIBXML2:libxml2 +BIND_LIBJSON:libjson-c
+ DEPENDS:=+libopenssl \
+ +zlib \
+ +libpthread \
+ +libatomic \
+ +libuv \
+ +libnghttp2 \
+ +BIND_LIBXML2:libxml2 \
+ +BIND_LIBJSON:libjson-c
TITLE:=bind shared libraries
URL:=https://www.isc.org/software/bind
endef
#
-# Copyright (C) 2020 CZ.NIC, z. s. p. o. (https://www.nic.cz/)
+# Copyright (C) 2020-2021 CZ.NIC, z. s. p. o. (https://www.nic.cz/)
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=dnstap
-PKG_VERSION:=0.3.0
+PKG_VERSION:=0.4.0
PKG_RELEASE:=1
PKG_SOURCE:=golang-dnstap-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/dnstap/golang-dnstap/archive/v$(PKG_VERSION)/
-PKG_HASH:=8ccdb881cb225459c6607830f9d7761821255a81406ee4141fc61d5f4f8d4cb1
+PKG_HASH:=bf59ae30d81dd022b81d946254e2818b397011aec1e0a5bea0c0df9abe1f1f83
PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec@nic.cz>
PKG_LICENSE:=Apache-2.0
PKG_NAME:=https-dns-proxy
PKG_VERSION:=2021-01-17
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/aarond10/https_dns_proxy
$(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/init.d ${1}/etc/config
$(INSTALL_BIN) $(PKG_BUILD_DIR)/https_dns_proxy $(1)/usr/sbin/https-dns-proxy
$(INSTALL_BIN) ./files/https-dns-proxy.init $(1)/etc/init.d/https-dns-proxy
- sed -i "s|^\(PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" $(1)/etc/init.d/https-dns-proxy
+ $(SED) "s|^\(PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" $(1)/etc/init.d/https-dns-proxy
$(INSTALL_CONF) ./files/https-dns-proxy.config $(1)/etc/config/https-dns-proxy
endef
config main 'config'
option update_dnsmasq_config '*'
+ option force_dns '1'
config https-dns-proxy
- option bootstrap_dns '8.8.8.8,8.8.4.4'
- option resolver_url 'https://dns.google/dns-query'
+ option bootstrap_dns '1.1.1.1,1.0.0.1'
+ option resolver_url 'https://cloudflare-dns.com/dns-query'
option listen_addr '127.0.0.1'
- option listen_port '5053'
+ option listen_port '5054'
option user 'nobody'
option group 'nogroup'
config https-dns-proxy
- option bootstrap_dns '1.1.1.1,1.0.0.1'
- option resolver_url 'https://cloudflare-dns.com/dns-query'
+ option bootstrap_dns '8.8.8.8,8.8.4.4'
+ option resolver_url 'https://dns.google/dns-query'
option listen_addr '127.0.0.1'
- option listen_port '5054'
+ option listen_port '5053'
option user 'nobody'
option group 'nogroup'
readonly PROG=/usr/sbin/https-dns-proxy
dnsmasqConfig=''
+forceDNS='1'
version() { echo "$PKG_VERSION"; }
p="$((p+1))"
}
+is_force_dns_active() { iptables-save | grep -q -w -- '--dport 53'; }
+
start_service() {
local p=5053
config_load 'https-dns-proxy'
config_get dnsmasqConfig 'config' 'update_dnsmasq_config' '*'
+ config_get_bool forceDNS 'config' 'force_dns' '1'
dhcp_backup 'create'
config_load 'https-dns-proxy'
config_foreach start_instance 'https-dns-proxy'
+ if [ "$forceDNS" -ne 0 ]; then
+ procd_open_instance 'main'
+ procd_set_param command /bin/true
+ procd_set_param stdout 1
+ procd_set_param stderr 1
+ procd_open_data
+ json_add_array firewall
+ json_add_object ''
+ json_add_string type redirect
+ json_add_string name https_dns_proxy_dns_redirect
+ json_add_string target DNAT
+ json_add_string src lan
+ json_add_string proto tcpudp
+ json_add_string src_dport 53
+ json_add_string dest_port 53
+ json_add_string reflection 0
+ json_close_object
+ json_close_array
+ procd_close_data
+ procd_close_instance
+ fi
if [ -n "$(uci -q changes dhcp)" ]; then
uci -q commit dhcp
[ -x /etc/init.d/dnsmasq ] && /etc/init.d/dnsmasq restart >/dev/null 2>&1
procd_add_config_trigger "config.change" "https-dns-proxy" /etc/init.d/https-dns-proxy reload
}
+service_started() { procd_set_config_changed firewall; }
+service_stopped() { procd_set_config_changed firewall; }
+
dnsmasq_add_doh_server() {
local cfg="$1" address="$2" port="$3"
case $address in
include $(TOPDIR)/rules.mk
PKG_NAME:=owipcalc
-PKG_RELEASE:=6
+PKG_RELEASE:=7
+
+PKG_MAINTAINER:=Nick Hainke <vincent@systemli.org>
PKG_LICENSE:=Apache-2.0
include $(INCLUDE_DIR)/package.mk
SECTION:=utils
CATEGORY:=Utilities
TITLE:=Simple IPv4/IPv6 address calculator
- MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
DEPENDS:=+libowipcalc
endef
PKG_NAME:=pingcheck
PKG_VERSION:=2020-02-12
-PKG_RELEASE:=1
+PKG_RELEASE:=2
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_MIRROR_HASH:=3890cd39add7e523ab7418faf6a7ae1a1f71d2739982e6e09aa33cc6defac8be
-PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_URL:=https://github.com/br101/pingcheck
PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/br101/pingcheck
PKG_SOURCE_VERSION:=520718f9377eab49888a3e38ece59f9ad94d978e
+PKG_MIRROR_HASH:=3890cd39add7e523ab7418faf6a7ae1a1f71d2739982e6e09aa33cc6defac8be
PKG_MAINTAINER:=Bruno Randolf <br1@einfach.org>
PKG_LICENSE:=GPL-2.0-or-later
include $(TOPDIR)/rules.mk
PKG_NAME:=tor
-PKG_VERSION:=0.4.4.6
+PKG_VERSION:=0.4.5.6
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://dist.torproject.org/ \
https://archive.torproject.org/tor-package-archive
-PKG_HASH:=5f154c155803adf5c89e87cab53017b6908c5ebe50c65839e8cf4fbd2abe1fdc
+PKG_HASH:=22cba3794fedd5fa87afc1e512c6ce2c21bc20b4e1c6f8079d832dc1e545e733
PKG_MAINTAINER:=Hauke Mehrtens <hauke@hauke-m.de> \
Peter Wagner <tripolar@gmx.at>
PKG_LICENSE_FILES:=LICENSE
include $(TOPDIR)/rules.mk
PKG_NAME:=bcm27xx-eeprom
-PKG_VERSION:=fd2ea72b2677504f41298c9137647aa057f67f47
+PKG_VERSION:=3129546271da09dde04da5c9715db909b8e1e417
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/raspberrypi/rpi-eeprom/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=3a4e1db25db8188535ad0ad12a6e40e2ff927b20cd21b1b5ff783c2fde966308
+PKG_HASH:=8ae34dd286d777484e670284883c91831ca8bdd15cc90a069009fdf1016de40b
PKG_LICENSE:=BSD-3-Clause Custom
PKG_LICENSE_FILES:=LICENSE
define Package/bcm27xx-eeprom
SECTION:=utils
CATEGORY:=Utilities
- DEPENDS:=bcm27xx-userland +blkid +pciutils +python3-light
+ DEPENDS:=bcm27xx-userland +blkid +coreutils +coreutils-od +pciutils +python3-light
TITLE:=BCM27xx EEPROM tools
endef
--- a/rpi-eeprom-update
+++ b/rpi-eeprom-update
-@@ -24,14 +24,14 @@ else
+@@ -24,13 +24,13 @@ else
fi
- # May be used to select beta or stable releases instead of the default critical updates.
--FIRMWARE_RELEASE_STATUS=${FIRMWARE_RELEASE_STATUS:-critical}
+ # Selects the release sub-directory
+-FIRMWARE_RELEASE_STATUS=${FIRMWARE_RELEASE_STATUS:-default}
+FIRMWARE_RELEASE_STATUS=${FIRMWARE_RELEASE_STATUS:-stable}
FIRMWARE_IMAGE_DIR=${FIRMWARE_IMAGE_DIR:-${FIRMWARE_ROOT}/${FIRMWARE_RELEASE_STATUS}}
-FIRMWARE_BACKUP_DIR=${FIRMWARE_BACKUP_DIR:-/var/lib/raspberrypi/bootloader/backup}
+FIRMWARE_BACKUP_DIR=${FIRMWARE_BACKUP_DIR:-${FIRMWARE_ROOT}/backup}
ENABLE_VL805_UPDATES=${ENABLE_VL805_UPDATES:-1}
- USE_FLASHROM=${USE_FLASHROM:-0}
RECOVERY_BIN=${RECOVERY_BIN:-${FIRMWARE_ROOT}/${FIRMWARE_RELEASE_STATUS}/recovery.bin}
BOOTFS=${BOOTFS:-/boot}
-VCMAILBOX=${VCMAILBOX:-/opt/vc/bin/vcmailbox}
+VCMAILBOX=${VCMAILBOX:-/usr/bin/vcmailbox}
+ CM4_ENABLE_RPI_EEPROM_UPDATE=${CM4_ENABLE_RPI_EEPROM_UPDATE:-0}
+ RPI_EEPROM_UPDATE_CONFIG_TOOL="${RPI_EEPROM_UPDATE_CONFIG_TOOL:-raspi-config}"
- EXIT_SUCCESS=0
- EXIT_UPDATE_REQUIRED=1
--- a/rpi-eeprom-update-default
+++ b/rpi-eeprom-update-default
@@ -1,8 +1,9 @@
BOOTFS=/boot
USE_FLASHROM=0
EEPROM_CONFIG_HOOK=
-+VCMAILBOX=/usr/bin/vcmailbox
++VCMAILBOX=/usr/bin/vcmailbo
--- a/rpi-eeprom-config
+++ b/rpi-eeprom-config
@@ -1,4 +1,4 @@
--#!/usr/bin/python
-+#!/usr/bin/python3
+-#!/usr/bin/env python
++#!/usr/bin/env python3
- # rpi-eeprom-config
- # Utility for reading and writing the configuration file in the
+ """
+ rpi-eeprom-config
fi
LOCAL_MODE=0
-@@ -346,7 +346,7 @@ The system should then boot normally.
+@@ -386,7 +386,7 @@ The system should then boot normally.
If /boot does not correspond to the boot partition and this
is not a NOOBS system, then the mount point for BOOTFS should be defined
A backup of the current EEPROM config file is written to ${FIRMWARE_BACKUP_DIR}
before applying the update.
-@@ -368,7 +368,7 @@ Options:
+@@ -415,7 +415,7 @@ Options:
-u Install the specified VL805 (USB EEPROM) image file.
Environment:
--- /dev/null
+From 8376ac74390af0ad736c88615e128b82a75eebc0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=C3=81lvaro=20Fern=C3=A1ndez=20Rojas?= <noltari@gmail.com>
+Date: Fri, 19 Feb 2021 10:54:23 +0100
+Subject: [PATCH] rpi-eeprom-update: chmod silent (-f) is not supported
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
+---
+ rpi-eeprom-update | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/rpi-eeprom-update
++++ b/rpi-eeprom-update
+@@ -212,7 +212,7 @@ applyRecoveryUpdate()
+ || die "Failed to copy ${TMP_EEPROM_IMAGE} to ${BOOTFS}"
+
+ # For NFS mounts ensure that the files are readable to the TFTP user
+- chmod -f go+r "${BOOTFS}/pieeprom.upd" "${BOOTFS}/pieeprom.sig" \
++ chmod go+r "${BOOTFS}/pieeprom.upd" "${BOOTFS}/pieeprom.sig" \
+ || die "Failed to set permissions on eeprom update files"
+ fi
+
+@@ -224,7 +224,7 @@ applyRecoveryUpdate()
+ || die "Failed to copy ${VL805_UPDATE_IMAGE} to ${BOOTFS}/vl805.bin"
+
+ # For NFS mounts ensure that the files are readable to the TFTP user
+- chmod -f go+r "${BOOTFS}/vl805.bin" "${BOOTFS}/vl805.sig" \
++ chmod go+r "${BOOTFS}/vl805.bin" "${BOOTFS}/vl805.sig" \
+ || die "Failed to set permissions on eeprom update files"
+ fi
+
include $(TOPDIR)/rules.mk
PKG_NAME:=docker-compose
-PKG_VERSION:=1.28.2
+PKG_VERSION:=1.28.4
PKG_RELEASE:=1
PYPI_NAME:=docker-compose
-PKG_HASH:=2f148b590414915d029dad7551f4cdf0b03a774dc9baa674480217236d260cc1
+PKG_HASH:=681aca74e70e238ae43c810a62f471b645942f0ce97b6a0ca375fcb64f3aca85
PKG_MAINTAINER:=Javier Marcet <javier@marcet.info>
PKG_LICENSE:=Apache-2.0
PKG_NAME:=reptyr
PKG_VERSION:=0.8.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/nelhage/reptyr/archive/
CATEGORY:=Utilities
TITLE:=Tool for reparenting running programs
URL:=https://github.com/nelhage/reptyr
- DEPENDS:=@!(arc||mips)
+ DEPENDS:=@!(arc||mips||mipsel)
endef
define Package/reptyr/description
PKG_NAME:=rng-tools
PKG_VERSION:=6.10
-PKG_RELEASE:=1
+PKG_RELEASE:=3
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/nhorman/rng-tools
#!/bin/sh /etc/rc.common
# Copyright (C) 2011-2014 OpenWrt.org
-START=25
+START=00
USE_PROCD=1
PROG=/sbin/rngd
include $(TOPDIR)/rules.mk
PKG_NAME:=rtty
-PKG_VERSION:=7.3.2
+PKG_VERSION:=7.4.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL=https://github.com/zhaojh329/rtty/releases/download/v$(PKG_VERSION)
-PKG_HASH:=4c60eacd7a653988a1907284de2ecf360c74f55ef9e21c40b9ebd87af6570908
+PKG_HASH:=9bc5d30dfa9bd664a62711b6229f47505b83adb364907f24e3a404aad52a4802
CMAKE_INSTALL:=1
PKG_LICENSE:=MIT