include $(TOPDIR)/rules.mk
PKG_NAME:=zabbix
-PKG_VERSION:=6.2.3
-PKG_RELEASE:=3
+PKG_VERSION:=6.4.7
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://cdn.zabbix.com/zabbix/sources/stable/$(basename $(PKG_VERSION))/ \
https://cdn.zabbix.com/zabbix/sources/oldstable/$(basename $(PKG_VERSION))/
-PKG_HASH:=2be7e57fb33a55fee71480598e317ffa6a8ee5a39639a7e1b42b2ea6872107b5
+PKG_HASH:=6b4e81f07de4c82c7994871bea51be4d6427683fa9a7fbe112fd7559b3670e49
PKG_MAINTAINER:=Etienne CHAMPETIER <champetier.etienne@gmail.com>
PKG_LICENSE:=GPL-2.0
TITLE:=Zabbix
URL:=https://www.zabbix.com/
USERID:=zabbix=53:zabbix=53
- DEPENDS+=$(ICONV_DEPENDS) +libpcre +zlib
+ DEPENDS+=$(ICONV_DEPENDS) +libpcre2 +zlib
endef
define Package/zabbix-agentd
+ZABBIX_MYSQL:libmariadbclient \
@(!ZABBIX_SQLITE) \
+libevent2 \
+ +libevent2-pthreads \
+fping
endef
+ZABBIX_MYSQL:libmariadbclient \
+ZABBIX_SQLITE:libsqlite3 \
+libevent2 \
+ +libevent2-pthreads \
+fping
endef
$(if $(CONFIG_ZABBIX_MYSQL),--with-mysql) \
$(if $(CONFIG_ZABBIX_POSTGRESQL),--with-postgresql) \
$(if $(CONFIG_ZABBIX_SQLITE),--with-sqlite3=$(STAGING_DIR)/usr) \
- --with-libevent=$(STAGING_DIR)/usr/include/libevent \
- --with-libpcre=$(STAGING_DIR)/usr/include \
+ --with-libevent=$(STAGING_DIR)/usr/include \
+ --with-libpcre2=$(STAGING_DIR)/usr/include \
--with-zlib=$(STAGING_DIR)/usr/include
ifeq ($(BUILD_VARIANT),openssl)
---- a/src/libs/zbxcommon/str.c
-+++ b/src/libs/zbxcommon/str.c
-@@ -49,7 +49,7 @@ static const char help_message_footer[]
+--- a/src/libs/zbxcommon/misc.c
++++ b/src/libs/zbxcommon/misc.c
+@@ -329,7 +329,7 @@ void zbx_help(void)
void zbx_version(void)
{
printf("%s (Zabbix) %s\n", title_message, ZABBIX_VERSION);
include $(TOPDIR)/rules.mk
PKG_NAME:=node
-PKG_VERSION:=v18.18.2
+PKG_VERSION:=v20.9.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://nodejs.org/dist/$(PKG_VERSION)
-PKG_HASH:=7249e2f0af943ec38599504f4b2a2bd31fb938787291b6ccca6c8badf01e3b56
+PKG_HASH:=a23d96810abf0455426b349d47ce5310f33095b7bc0571b9cc510f481c3a4519
PKG_MAINTAINER:=Hirokazu MORIKAWA <morikw2@gmail.com>, Adrian Panella <ianchi74@outlook.com>
PKG_LICENSE:=MIT
PKG_BUILD_DEPENDS:=python3/host
PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
-PKG_BUILD_FLAGS:=no-mips16
PKG_ASLR_PIE:=0
include $(INCLUDE_DIR)/host-build.mk
SUBMENU:=Node.js
TITLE:=Node.js is a platform built on Chrome's JavaScript runtime
URL:=https://nodejs.org/
- DEPENDS:=@HAS_FPU @(i386||x86_64||arm||aarch64||mipsel) \
- +libstdcpp +libopenssl +zlib +libnghttp2 +libuv \
+ DEPENDS:=@HAS_FPU @(i386||x86_64||arm||aarch64) \
+ +libstdcpp +libopenssl +zlib +libnghttp2 \
+libcares +libatomic +NODEJS_ICU_SYSTEM:icu +NODEJS_ICU_SYSTEM:icu-full-data
endef
Node.js® is a JavaScript runtime built on Chrome's V8 JavaScript engine. Node.js uses
an event-driven, non-blocking I/O model that makes it lightweight and efficient. Node.js'
package ecosystem, npm, is the largest ecosystem of open source libraries in the world.
+
*** The following preparations must be made on the host side. ***
- 1. gcc 8.3 or higher is required.
+ 1. gcc 10.1 or higher is required.
2. To build a 32-bit target, gcc-multilib, g++-multilib are required.
3. Requires libatomic package. (If necessary, install the 32-bit library at the same time.)
ex) sudo apt-get install gcc-multilib g++-multilib
--shared-zlib \
--shared-openssl \
--shared-nghttp2 \
- --shared-libuv \
--shared-cares \
--with-intl=$(if $(CONFIG_NODEJS_ICU_SMALL),small-icu,$(if $(CONFIG_NODEJS_ICU_SYSTEM),system-icu,none)) \
$(if $(findstring +neon",$(CONFIG_CPU_TYPE)),--with-arm-fpu=neon) \
endef
define Host/Install
- $(RM) -rf $(1)/lib/node_modules/npm
+ rm -f $(1)/bin/npm
+ rm -f $(1)/bin/npx
+ rm -rf $(1)/lib/node_modules/npm
+ rm -f $(1)/bin/corepack
+ rm -rf $(1)/lib/node_modules/corepack
$(call Host/Install/Default)
endef
--- a/lib/internal/modules/cjs/loader.js
+++ b/lib/internal/modules/cjs/loader.js
-@@ -1391,7 +1391,8 @@ Module._initPaths = function() {
+@@ -1378,7 +1378,8 @@ Module._initPaths = function() {
path.resolve(process.execPath, '..') :
path.resolve(process.execPath, '..', '..');
result = clock_gettime(CLOCK_MONOTONIC, &ts);
--- a/deps/v8/src/base/platform/platform-posix.cc
+++ b/deps/v8/src/base/platform/platform-posix.cc
-@@ -1066,7 +1066,7 @@ bool Thread::Start() {
+@@ -1147,7 +1147,7 @@ bool Thread::Start() {
#if V8_OS_DARWIN
// Default on Mac OS X is 512kB -- bump up to 1MB
stack_size = 1 * 1024 * 1024;
--- /dev/null
+--- a/deps/uv/uv.gyp
++++ b/deps/uv/uv.gyp
+@@ -155,6 +155,7 @@
+ 'target_name': 'libuv',
+ 'toolsets': ['host', 'target'],
+ 'type': '<(uv_library)',
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ 'include',
+ 'src/',
--- /dev/null
+--- a/deps/zlib/zlib.gyp
++++ b/deps/zlib/zlib.gyp
+@@ -9,6 +9,7 @@
+ 'arm_fpu%': '',
+ 'llvm_version%': '0.0',
+ },
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'conditions': [
+ ['use_system_zlib==0', {
+ 'targets': [
--- /dev/null
+--- a/node.gyp
++++ b/node.gyp
+@@ -1193,6 +1193,7 @@
+ 'dependencies': [
+ 'deps/simdutf/simdutf.gyp:simdutf#host',
+ ],
++ 'libraries!':[ '-licui18n', '-licuuc', '-licudata', '-lcrypto', '-lssl', '-lz', '-lhttp_parser', '-luv', '-lnghttp2', '-lcares' ],
+ 'include_dirs': [
+ 'tools'
+ ],
--- /dev/null
+--- a/tools/icu/icu-generic.gyp
++++ b/tools/icu/icu-generic.gyp
+@@ -106,6 +106,7 @@
+ 'sources': [
+ '<@(icu_src_i18n)'
+ ],
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(icu_path)/source/i18n',
+ ],
+@@ -114,6 +115,7 @@
+ ],
+ 'dependencies': [ 'icuucx', 'icu_implementation', 'icu_uconfig', 'icu_uconfig_target' ],
+ 'direct_dependent_settings': {
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(icu_path)/source/i18n',
+ ],
+@@ -200,6 +202,7 @@
+ # full data - no trim needed
+ 'sources': [ '<(SHARED_INTERMEDIATE_DIR)/icudt<(icu_ver_major)_dat.<(icu_asm_ext)' ],
+ 'dependencies': [ 'genccode#host', 'icupkg#host', 'icu_implementation#host', 'icu_uconfig' ],
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(icu_path)/source/common',
+ ],
+@@ -284,6 +287,7 @@
+ # This file contains the small ICU data
+ 'sources': [ '<(SHARED_INTERMEDIATE_DIR)/icusmdt<(icu_ver_major)_dat.<(icu_asm_ext)' ],
+ # for umachine.h
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(icu_path)/source/common',
+ ],
+@@ -300,6 +304,7 @@
+ 'sources': [
+ '<@(icu_src_stubdata)'
+ ],
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(icu_path)/source/common',
+ ],
+@@ -339,6 +344,7 @@
+ '_XOPEN_SOURCE_EXTENDED=0',
+ ]}],
+ ],
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(icu_path)/source/common',
+ ],
+@@ -348,6 +354,7 @@
+ 'cflags_c': ['-std=c99'],
+ 'export_dependent_settings': [ 'icu_uconfig', 'icu_uconfig_target' ],
+ 'direct_dependent_settings': {
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(icu_path)/source/common',
+ ],
+@@ -378,6 +385,7 @@
+ '<(icu_path)/source/tools/toolutil/dbgutil.cpp',
+ '<(icu_path)/source/tools/toolutil/dbgutil.h',
+ ],
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(icu_path)/source/common',
+ '<(icu_path)/source/i18n',
+@@ -397,6 +405,7 @@
+ }]
+ ],
+ 'direct_dependent_settings': {
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(icu_path)/source/common',
+ '<(icu_path)/source/i18n',
+@@ -418,6 +427,7 @@
+ 'target_name': 'genrb',
+ 'type': 'executable',
+ 'toolsets': [ 'host' ],
++ 'libraries!':[ '-lcrypto', '-lssl', '-lz', '-lhttp_parser', '-luv', '-lnghttp2', '-lcares' ],
+ 'dependencies': [ 'icutools', 'icu_implementation' ],
+ 'sources': [
+ '<@(icu_src_genrb)'
+@@ -440,6 +450,7 @@
+ 'target_name': 'iculslocs',
+ 'toolsets': [ 'host' ],
+ 'type': 'executable',
++ 'libraries!':[ '-lcrypto', '-lssl', '-lz', '-lhttp_parser', '-luv', '-lnghttp2', '-lcares' ],
+ 'dependencies': [ 'icutools' ],
+ 'sources': [
+ 'iculslocs.cc',
+@@ -458,6 +469,7 @@
+ 'target_name': 'icupkg',
+ 'toolsets': [ 'host' ],
+ 'type': 'executable',
++ 'libraries!':[ '-lcrypto', '-lssl', '-lz', '-lhttp_parser', '-luv', '-lnghttp2', '-lcares' ],
+ 'dependencies': [ 'icutools' ],
+ 'sources': [
+ '<@(icu_src_icupkg)',
+@@ -475,6 +487,7 @@
+ 'target_name': 'genccode',
+ 'toolsets': [ 'host' ],
+ 'type': 'executable',
++ 'libraries!':[ '-lcrypto', '-lssl', '-lz', '-lhttp_parser', '-luv', '-lnghttp2', '-lcares' ],
+ 'dependencies': [ 'icutools' ],
+ 'sources': [
+ '<@(icu_src_genccode)',
--- /dev/null
+--- a/tools/v8_gypfiles/v8.gyp
++++ b/tools/v8_gypfiles/v8.gyp
+@@ -73,6 +73,7 @@
+ ],
+ 'hard_dependency': 1,
+ 'direct_dependent_settings': {
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(SHARED_INTERMEDIATE_DIR)',
+ ],
+@@ -194,6 +195,7 @@
+ '<@(torque_outputs_cc)',
+ '<@(torque_outputs_inc)',
+ ],
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(SHARED_INTERMEDIATE_DIR)',
+ ],
+@@ -215,6 +217,7 @@
+ 'sources': [
+ '<(generate_bytecode_builtins_list_output)',
+ ],
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(generate_bytecode_output_root)',
+ '<(SHARED_INTERMEDIATE_DIR)',
+@@ -252,6 +255,7 @@
+ 'sources': [
+ '<(V8_ROOT)/src/init/setup-isolate-full.cc',
+ ],
++ 'include_dirs': [ '<!@(echo "$STAGING_DIR"/usr/../usr/include)' ],
+ }, # v8_init
+ {
+ 'target_name': 'v8_initializers',
+@@ -263,9 +267,11 @@
+ 'v8_shared_internal_headers',
+ 'v8_pch',
+ ],
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(SHARED_INTERMEDIATE_DIR)',
+ '<(generate_bytecode_output_root)',
++ '<!@(echo "$STAGING_DIR"/usr/../usr/include)',
+ ],
+ 'sources': [
+ '<!@pymod_do_main(GN-scraper "<(V8_ROOT)/BUILD.gn" "\\"v8_initializers.*?sources = ")',
+@@ -689,6 +695,7 @@
+ 'toolsets': ['host', 'target'],
+ 'direct_dependent_settings': {
+ 'sources': ['<!@pymod_do_main(GN-scraper "<(V8_ROOT)/BUILD.gn" "v8_compiler_sources = ")'],
++ 'include_dirs': [ '<!@(echo "$STAGING_DIR"/usr/../usr/include)' ],
+ 'conditions': [
+ ['v8_target_arch=="ia32"', {
+ 'sources': [
+@@ -797,6 +804,8 @@
+ 'target_name': 'v8_turboshaft',
+ 'type': 'static_library',
+ 'toolsets': ['host', 'target'],
++ 'libraries!':[ '-lcrypto', '-lssl', '-lz', '-lhttp_parser', '-luv', '-lnghttp2', '-lcares' ],
++ 'include_dirs': [ '<!@(echo "$STAGING_DIR"/usr/../usr/include)' ],
+ 'dependencies': [
+ 'generate_bytecode_builtins_list',
+ 'run_torque',
+@@ -821,6 +830,7 @@
+ 'run_torque',
+ 'v8_maybe_icu',
+ ],
++ 'include_dirs': [ '<!@(echo "$STAGING_DIR"/usr/../usr/include)' ],
+ 'conditions': [
+ ['(is_component_build and not v8_optimized_debug and v8_enable_fast_mksnapshot) or v8_enable_turbofan==0', {
+ 'dependencies': [
+@@ -861,6 +871,7 @@
+ ],
+ 'includes': ['inspector.gypi'],
+ 'direct_dependent_settings': {
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(generate_bytecode_output_root)',
+ '<(SHARED_INTERMEDIATE_DIR)',
+@@ -1474,6 +1485,7 @@
+ }],
+ ],
+ 'direct_dependent_settings': {
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(V8_ROOT)/include',
+ ],
+@@ -1494,6 +1506,7 @@
+ {
+ 'target_name': 'bytecode_builtins_list_generator',
+ 'type': 'executable',
++ 'libraries!':[ '-licui18n', '-licuuc', '-licudata', '-lcrypto', '-lssl', '-lz', '-lhttp_parser', '-luv', '-lnghttp2', '-lcares' ],
+ 'conditions': [
+ ['want_separate_host_toolset', {
+ 'toolsets': ['host'],
+@@ -1522,6 +1535,9 @@
+ {
+ 'target_name': 'mksnapshot',
+ 'type': 'executable',
++ 'libraries!':[ '-lcrypto', '-lssl', '-lz', '-lhttp_parser', '-luv', '-lnghttp2', '-lcares' ],
++ 'library_dirs':[ '../../../../staging_dir/hostpkg/share/icu/current/lib' ],
++ 'include_dirs': [ '<!@(echo "$STAGING_DIR"/usr/../usr/include)' ],
+ 'dependencies': [
+ 'v8_base_without_compiler',
+ 'v8_compiler_for_mksnapshot',
+@@ -1549,6 +1565,7 @@
+ {
+ 'target_name': 'torque',
+ 'type': 'executable',
++ 'libraries!':[ '-licui18n', '-licuuc', '-licudata', '-lcrypto', '-lssl', '-lz', '-lhttp_parser', '-luv', '-lnghttp2', '-lcares' ],
+ 'dependencies': [
+ 'torque_base',
+ # "build/win:default_exe_manifest",
+@@ -1591,6 +1608,7 @@
+ {
+ 'target_name': 'torque-language-server',
+ 'type': 'executable',
++ 'libraries!':[ '-licui18n', '-licuuc', '-licudata', '-lcrypto', '-lssl', '-lz', '-lhttp_parser', '-luv', '-lnghttp2', '-lcares' ],
+ 'conditions': [
+ ['want_separate_host_toolset', {
+ 'toolsets': ['host'],
+@@ -1622,6 +1640,8 @@
+ {
+ 'target_name': 'gen-regexp-special-case',
+ 'type': 'executable',
++ 'libraries!':[ '-lcrypto', '-lssl', '-lz', '-lhttp_parser', '-luv', '-lnghttp2', '-lcares' ],
++ 'library_dirs':[ '../../../../staging_dir/hostpkg/share/icu/current/lib' ],
+ 'dependencies': [
+ 'v8_libbase',
+ # "build/win:default_exe_manifest",
+@@ -1840,6 +1860,7 @@
+ }],
+ ],
+ 'direct_dependent_settings': {
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(V8_ROOT)/include',
+ ],
+@@ -1961,15 +1982,19 @@
+ }],
+ ],
+ 'direct_dependent_settings': {
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(V8_ROOT)/third_party/zlib',
+ '<(V8_ROOT)/third_party/zlib/google',
++ '<!@(echo "$STAGING_DIR"/usr/../usr/include)',
+ ],
+ },
+ 'defines': [ 'ZLIB_IMPLEMENTATION' ],
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(V8_ROOT)/third_party/zlib',
+ '<(V8_ROOT)/third_party/zlib/google',
++ '<!@(echo "$STAGING_DIR"/usr/../usr/include)',
+ ],
+ 'sources': [
+ '<(V8_ROOT)/third_party/zlib/adler32.c',
+++ /dev/null
---- a/tools/icu/icu-generic.gyp
-+++ b/tools/icu/icu-generic.gyp
-@@ -418,6 +418,7 @@
- 'target_name': 'genrb',
- 'type': 'executable',
- 'toolsets': [ 'host' ],
-+ 'libraries!':[ '-lcrypto', '-lssl', '-lz', '-lhttp_parser', '-luv', '-lnghttp2', '-lcares' ],
- 'dependencies': [ 'icutools', 'icu_implementation' ],
- 'sources': [
- '<@(icu_src_genrb)'
-@@ -440,6 +441,7 @@
- 'target_name': 'iculslocs',
- 'toolsets': [ 'host' ],
- 'type': 'executable',
-+ 'libraries!':[ '-lcrypto', '-lssl', '-lz', '-lhttp_parser', '-luv', '-lnghttp2', '-lcares' ],
- 'dependencies': [ 'icutools' ],
- 'sources': [
- 'iculslocs.cc',
-@@ -458,6 +460,7 @@
- 'target_name': 'icupkg',
- 'toolsets': [ 'host' ],
- 'type': 'executable',
-+ 'libraries!':[ '-lcrypto', '-lssl', '-lz', '-lhttp_parser', '-luv', '-lnghttp2', '-lcares' ],
- 'dependencies': [ 'icutools' ],
- 'sources': [
- '<@(icu_src_icupkg)',
-@@ -475,6 +478,7 @@
- 'target_name': 'genccode',
- 'toolsets': [ 'host' ],
- 'type': 'executable',
-+ 'libraries!':[ '-lcrypto', '-lssl', '-lz', '-lhttp_parser', '-luv', '-lnghttp2', '-lcares' ],
- 'dependencies': [ 'icutools' ],
- 'sources': [
- '<@(icu_src_genccode)',
---- a/tools/v8_gypfiles/v8.gyp
-+++ b/tools/v8_gypfiles/v8.gyp
-@@ -1397,6 +1397,7 @@
- {
- 'target_name': 'bytecode_builtins_list_generator',
- 'type': 'executable',
-+ 'libraries!':[ '-licui18n', '-licuuc', '-licudata', '-lcrypto', '-lssl', '-lz', '-lhttp_parser', '-luv', '-lnghttp2', '-lcares' ],
- 'conditions': [
- ['want_separate_host_toolset', {
- 'toolsets': ['host'],
-@@ -1425,6 +1426,8 @@
- {
- 'target_name': 'mksnapshot',
- 'type': 'executable',
-+ 'libraries!':[ '-lcrypto', '-lssl', '-lz', '-lhttp_parser', '-luv', '-lnghttp2', '-lcares' ],
-+ 'library_dirs':[ '../../../../staging_dir/hostpkg/share/icu/current/lib' ],
- 'dependencies': [
- 'v8_base_without_compiler',
- 'v8_compiler_for_mksnapshot',
-@@ -1458,6 +1461,7 @@
- {
- 'target_name': 'torque',
- 'type': 'executable',
-+ 'libraries!':[ '-licui18n', '-licuuc', '-licudata', '-lcrypto', '-lssl', '-lz', '-lhttp_parser', '-luv', '-lnghttp2', '-lcares' ],
- 'dependencies': [
- 'torque_base',
- # "build/win:default_exe_manifest",
-@@ -1500,6 +1504,7 @@
- {
- 'target_name': 'torque-language-server',
- 'type': 'executable',
-+ 'libraries!':[ '-licui18n', '-licuuc', '-licudata', '-lcrypto', '-lssl', '-lz', '-lhttp_parser', '-luv', '-lnghttp2', '-lcares' ],
- 'conditions': [
- ['want_separate_host_toolset', {
- 'toolsets': ['host'],
-@@ -1531,6 +1536,8 @@
- {
- 'target_name': 'gen-regexp-special-case',
- 'type': 'executable',
-+ 'libraries!':[ '-lcrypto', '-lssl', '-lz', '-lhttp_parser', '-luv', '-lnghttp2', '-lcares' ],
-+ 'library_dirs':[ '../../../../staging_dir/hostpkg/share/icu/current/lib' ],
- 'dependencies': [
- 'v8_libbase',
- # "build/win:default_exe_manifest",
+++ /dev/null
---- a/deps/zlib/zlib.gyp
-+++ b/deps/zlib/zlib.gyp
-@@ -9,6 +9,7 @@
- 'arm_fpu%': '',
- 'llvm_version%': '0.0',
- },
-+ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
- 'conditions': [
- ['use_system_zlib==0', {
- 'targets': [
---- a/tools/v8_gypfiles/v8.gyp
-+++ b/tools/v8_gypfiles/v8.gyp
-@@ -60,6 +60,7 @@
- ],
- 'hard_dependency': 1,
- 'direct_dependent_settings': {
-+ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
- 'include_dirs': [
- '<(SHARED_INTERMEDIATE_DIR)',
- ],
-@@ -181,6 +182,7 @@
- '<@(torque_outputs_cc)',
- '<@(torque_outputs_inc)',
- ],
-+ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
- 'include_dirs': [
- '<(SHARED_INTERMEDIATE_DIR)',
- ],
-@@ -202,6 +204,7 @@
- 'sources': [
- '<(generate_bytecode_builtins_list_output)',
- ],
-+ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
- 'include_dirs': [
- '<(generate_bytecode_output_root)',
- '<(SHARED_INTERMEDIATE_DIR)',
-@@ -249,9 +252,11 @@
- 'v8_base_without_compiler',
- 'v8_shared_internal_headers',
- ],
-+ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
- 'include_dirs': [
- '<(SHARED_INTERMEDIATE_DIR)',
- '<(generate_bytecode_output_root)',
-+ '<!@(echo "$STAGING_DIR"/usr/../usr/include)',
- ],
- 'sources': [
- '<!@pymod_do_main(GN-scraper "<(V8_ROOT)/BUILD.gn" "\\"v8_initializers.*?sources = ")',
-@@ -769,6 +774,7 @@
- ],
- 'includes': ['inspector.gypi'],
- 'direct_dependent_settings': {
-+ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
- 'include_dirs': [
- '<(generate_bytecode_output_root)',
- '<(SHARED_INTERMEDIATE_DIR)',
-@@ -1377,6 +1383,7 @@
- }],
- ],
- 'direct_dependent_settings': {
-+ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
- 'include_dirs': [
- '<(V8_ROOT)/include',
- ],
-@@ -1761,6 +1768,7 @@
- }],
- ],
- 'direct_dependent_settings': {
-+ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
- 'include_dirs': [
- '<(V8_ROOT)/include',
- ],
-@@ -1941,15 +1949,19 @@
- }],
- ],
- 'direct_dependent_settings': {
-+ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
- 'include_dirs': [
- '<(V8_ROOT)/third_party/zlib',
- '<(V8_ROOT)/third_party/zlib/google',
-+ '<!@(echo "$STAGING_DIR"/usr/../usr/include)',
- ],
- },
- 'defines': [ 'ZLIB_IMPLEMENTATION' ],
-+ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
- 'include_dirs': [
- '<(V8_ROOT)/third_party/zlib',
- '<(V8_ROOT)/third_party/zlib/google',
-+ '<!@(echo "$STAGING_DIR"/usr/../usr/include)',
- ],
- 'sources': [
- '<(V8_ROOT)/third_party/zlib/adler32.c',
+++ /dev/null
---- a/tools/v8_gypfiles/v8.gyp
-+++ b/tools/v8_gypfiles/v8.gyp
-@@ -242,6 +242,7 @@
- 'sources': [
- '<(V8_ROOT)/src/init/setup-isolate-full.cc',
- ],
-+ 'include_dirs': [ '<!@(echo "$STAGING_DIR"/usr/../usr/include)' ],
- }, # v8_init
- {
- 'target_name': 'v8_initializers',
-@@ -714,6 +715,7 @@
- 'v8_shared_internal_headers',
- ],
- 'sources': ['<@(v8_compiler_sources)'],
-+ 'include_dirs': [ '<!@(echo "$STAGING_DIR"/usr/../usr/include)' ],
- 'conditions': [
- ['OS=="win"', {
- 'msvs_precompiled_header': '<(V8_ROOT)/../../tools/msvs/pch/v8_pch.h',
-@@ -1435,6 +1437,7 @@
- 'type': 'executable',
- 'libraries!':[ '-lcrypto', '-lssl', '-lz', '-lhttp_parser', '-luv', '-lnghttp2', '-lcares' ],
- 'library_dirs':[ '../../../../staging_dir/hostpkg/share/icu/current/lib' ],
-+ 'include_dirs': [ '<!@(echo "$STAGING_DIR"/usr/../usr/include)' ],
- 'dependencies': [
- 'v8_base_without_compiler',
- 'v8_compiler_for_mksnapshot',
+++ /dev/null
---- a/deps/v8/src/compiler/backend/mips/code-generator-mips.cc
-+++ b/deps/v8/src/compiler/backend/mips/code-generator-mips.cc
-@@ -4101,7 +4101,7 @@ void CodeGenerator::AssembleReturn(Instr
- } else if (FLAG_debug_code) {
- __ Assert(eq, AbortReason::kUnexpectedAdditionalPopValue,
- g.ToRegister(additional_pop_count),
-- Operand(static_cast<int64_t>(0)));
-+ Operand(static_cast<int32_t>(0)));
- }
- }
- // Functions with JS linkage have at least one parameter (the receiver).
+++ /dev/null
---- a/tools/icu/icu-generic.gyp
-+++ b/tools/icu/icu-generic.gyp
-@@ -106,6 +106,7 @@
- 'sources': [
- '<@(icu_src_i18n)'
- ],
-+ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
- 'include_dirs': [
- '<(icu_path)/source/i18n',
- ],
-@@ -114,6 +115,7 @@
- ],
- 'dependencies': [ 'icuucx', 'icu_implementation', 'icu_uconfig', 'icu_uconfig_target' ],
- 'direct_dependent_settings': {
-+ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
- 'include_dirs': [
- '<(icu_path)/source/i18n',
- ],
-@@ -200,6 +202,7 @@
- # full data - no trim needed
- 'sources': [ '<(SHARED_INTERMEDIATE_DIR)/icudt<(icu_ver_major)_dat.<(icu_asm_ext)' ],
- 'dependencies': [ 'genccode#host', 'icupkg#host', 'icu_implementation#host', 'icu_uconfig' ],
-+ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
- 'include_dirs': [
- '<(icu_path)/source/common',
- ],
-@@ -284,6 +287,7 @@
- # This file contains the small ICU data
- 'sources': [ '<(SHARED_INTERMEDIATE_DIR)/icusmdt<(icu_ver_major)_dat.<(icu_asm_ext)' ],
- # for umachine.h
-+ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
- 'include_dirs': [
- '<(icu_path)/source/common',
- ],
-@@ -300,6 +304,7 @@
- 'sources': [
- '<@(icu_src_stubdata)'
- ],
-+ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
- 'include_dirs': [
- '<(icu_path)/source/common',
- ],
-@@ -339,6 +344,7 @@
- '_XOPEN_SOURCE_EXTENDED=0',
- ]}],
- ],
-+ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
- 'include_dirs': [
- '<(icu_path)/source/common',
- ],
-@@ -348,6 +354,7 @@
- 'cflags_c': ['-std=c99'],
- 'export_dependent_settings': [ 'icu_uconfig', 'icu_uconfig_target' ],
- 'direct_dependent_settings': {
-+ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
- 'include_dirs': [
- '<(icu_path)/source/common',
- ],
-@@ -378,6 +385,7 @@
- '<(icu_path)/source/tools/toolutil/dbgutil.cpp',
- '<(icu_path)/source/tools/toolutil/dbgutil.h',
- ],
-+ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
- 'include_dirs': [
- '<(icu_path)/source/common',
- '<(icu_path)/source/i18n',
-@@ -397,6 +405,7 @@
- }]
- ],
- 'direct_dependent_settings': {
-+ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
- 'include_dirs': [
- '<(icu_path)/source/common',
- '<(icu_path)/source/i18n',
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the
-@@ -1321,13 +1322,6 @@ function lookupAndConnect(self, options)
+@@ -1330,13 +1331,6 @@ function lookupAndConnect(self, options)
hints: options.hints || 0,
};
--- a/configure.py
+++ b/configure.py
-@@ -1291,7 +1291,6 @@ def configure_node(o):
+@@ -1270,7 +1270,6 @@ def configure_node(o):
# Enable branch protection for arm64
if target_arch == 'arm64':
PECL_NAME:=pecl_http
PECL_LONGNAME:=Extended HTTP Support
-PKG_VERSION:=4.2.3
-PKG_RELEASE:=2
-PKG_HASH:=fa2ab558fc8f0928a10f35c0f566f7c4a1d32e727bd3a96579e4c28482ee9d6a
+PKG_VERSION:=4.2.4
+PKG_RELEASE:=1
+PKG_HASH:=fb1e10c2e5edfb011ff8dc2e473cdbd2bbe0127d1279dfce4d98570555ac6ded
PKG_NAME:=php8-pecl-http
PKG_SOURCE:=$(PECL_NAME)-$(PKG_VERSION).tgz
PECL_NAME:=redis
PECL_LONGNAME:=PHP extension for interfacing with Redis
-PKG_VERSION:=6.0.1
+PKG_VERSION:=6.0.2
PKG_RELEASE:=1
-PKG_HASH:=d39136e0ef9495f8e775ef7349a97658fb41c526d12d8e517f56274f149e1e4e
+PKG_HASH:=01aeccb0e14f897fe56f0509be6e6991ff0ad459f9d34e95e4556d02699b9a03
PKG_NAME:=php8-pecl-redis
PKG_SOURCE:=$(PECL_NAME)-$(PKG_VERSION).tgz
PECL_NAME:=xdebug
PECL_LONGNAME:=Xdebug extension
-PKG_VERSION:=3.2.1
+PKG_VERSION:=3.2.2
PKG_RELEASE:=1
-PKG_HASH:=ef4cb3c228192798874e4530cccceee76840cc80821909740088a1e1a8f00445
+PKG_HASH:=f48777371f90cbb315ea4ea082a1ede6765bcfb35d7d6356ab8f71fd6dfcc157
PKG_NAME:=php8-pecl-xdebug
PKG_SOURCE:=$(PECL_NAME)-$(PKG_VERSION).tgz
PKG_BUILD_PARALLEL:=1
# keep in sync with micropython
-MP_VERSION:=1.20.0
MP_MPY_FILE_VERSION:=6
include $(INCLUDE_DIR)/package.mk
port.
endef
-MP_INSTALLDEV_PATH:=$(STAGING_DIR)/host/lib/micropython-$(MP_VERSION)
+MP_INSTALLDEV_PATH:=$(STAGING_DIR)/host/lib/micropython
define MicroPythonLib/Compile
cd "$(PKG_BUILD_DIR)" && python3 tools/build.py \
+++ /dev/null
-#
-# Copyright (C) 2023 Jeffery To
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=micropython-mpremote
-PKG_VERSION:=1.20.0
-PKG_RELEASE:=1
-
-PYPI_NAME:=mpremote
-PKG_HASH:=5c342762a04791309dd49bce63c70a075aa7c548b1c0076262b96f9ccc398ca2
-
-PKG_LICENSE:=MIT
-PKG_LICENSE_FILES:=LICENSE
-PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
-
-PKG_BUILD_DEPENDS:=python-hatchling/host python-hatch-requirements-txt/host python-hatch-vcs/host
-
-include ../pypi.mk
-include $(INCLUDE_DIR)/package.mk
-include ../python3-package.mk
-
-define Package/micropython-mpremote
- SECTION:=lang
- CATEGORY:=Languages
- SUBMENU:=Python
- TITLE:=Interacting remotely with MicroPython devices
- URL:=https://github.com/micropython/micropython
- DEPENDS:=+python3-light +python3-urllib +python3-pyserial
-endef
-
-define Package/micropython-mpremote/description
-This CLI tool provides an integrated set of utilities to remotely
-interact with and automate a MicroPython device over a serial
-connection.
-endef
-
-$(eval $(call Py3Package,micropython-mpremote))
-$(eval $(call BuildPackage,micropython-mpremote))
-$(eval $(call BuildPackage,micropython-mpremote-src))
+++ /dev/null
---- a/requirements.txt
-+++ b/requirements.txt
-@@ -1,2 +1 @@
- pyserial >= 3.3
--importlib_metadata >= 1.4
include $(TOPDIR)/rules.mk
PKG_NAME:=micropython
-PKG_VERSION:=1.20.0
+PKG_VERSION:=1.21.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/micropython/micropython/releases/download/v$(PKG_VERSION)
-PKG_HASH:=098ef8e40abdc62551b5460d0ffe9489074240c0cb5589ca3c3a425551beb9bf
+PKG_HASH:=abd2152613559d3f44728668346e78be9d93458133a03b700baf222c322fd4d5
PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
PKG_LICENSE:=MIT
This version is built without TLS and mip.
endef
-MAKE_FLAGS += BUILD_VERBOSE=1
+MAKE_FLAGS += BUILD_VERBOSE=1 STRIP=
ifneq ($(CONFIG_DEBUG),)
MAKE_FLAGS += DEBUG=1
endif
ifeq ($(BUILD_VARIANT),nossl)
- MAKE_FLAGS += MICROPY_PY_USSL=0 FROZEN_MANIFEST=variants/standard/manifest-nossl.py
+ MAKE_FLAGS += MICROPY_PY_SSL=0 FROZEN_MANIFEST=variants/standard/manifest-nossl.py
+endif
+
+# Work around "variable might be clobbered" warning leading to build error
+# https://github.com/micropython/micropython/issues/12838
+ifeq ($(ARCH),riscv64)
+ MAKE_FLAGS += CFLAGS_EXTRA=-Wno-error=clobbered
endif
MAKE_PATH = ports/unix
endef
define Build/InstallDev
- $(INSTALL_DIR) $(2)/lib/micropython-$(PKG_VERSION)/mpy-cross
+ $(INSTALL_DIR) $(2)/lib/micropython/mpy-cross
$(CP) \
$(PKG_BUILD_DIR)/mpy-cross/mpy_cross \
- $(2)/lib/micropython-$(PKG_VERSION)/mpy-cross/
+ $(2)/lib/micropython/mpy-cross/
- $(INSTALL_DIR) $(2)/lib/micropython-$(PKG_VERSION)/mpy-cross/build
+ $(INSTALL_DIR) $(2)/lib/micropython/mpy-cross/build
$(INSTALL_BIN) \
$(PKG_BUILD_DIR)/mpy-cross/build/mpy-cross \
- $(2)/lib/micropython-$(PKG_VERSION)/mpy-cross/build/
+ $(2)/lib/micropython/mpy-cross/build/
- $(INSTALL_DIR) $(2)/lib/micropython-$(PKG_VERSION)/tools
+ $(INSTALL_DIR) $(2)/lib/micropython/tools
$(INSTALL_DATA) \
$(PKG_BUILD_DIR)/tools/manifestfile.py \
- $(2)/lib/micropython-$(PKG_VERSION)/tools/
+ $(2)/lib/micropython/tools/
endef
define Package/micropython/Default/install
--- a/ports/unix/Makefile
+++ b/ports/unix/Makefile
-@@ -31,7 +31,7 @@ QSTR_DEFS = qstrdefsport.h
- QSTR_GLOBAL_DEPENDENCIES = $(VARIANT_DIR)/mpconfigvariant.h
+@@ -31,7 +31,7 @@ QSTR_DEFS += qstrdefsport.h
+ QSTR_GLOBAL_DEPENDENCIES += $(VARIANT_DIR)/mpconfigvariant.h
# OS name, for simple autoconfig
-UNAME_S := $(shell uname -s)
--- a/extmod/extmod.mk
+++ b/extmod/extmod.mk
-@@ -131,84 +131,8 @@ SRC_THIRDPARTY_C += $(addprefix $(AXTLS_
+@@ -131,85 +131,8 @@ SRC_THIRDPARTY_C += $(addprefix $(AXTLS_
crypto/sha1.c \
)
else ifeq ($(MICROPY_SSL_MBEDTLS),1)
- md4.c \
- md5.c \
- md.c \
-- md_wrap.c \
- oid.c \
- padlock.c \
- pem.c \
- ssl_cli.c \
- ssl_cookie.c \
- ssl_srv.c \
+- ssl_msg.c \
- ssl_ticket.c \
- ssl_tls.c \
- timing.c \
+- constant_time.c \
- x509.c \
- x509_create.c \
- x509_crl.c \
+++ /dev/null
-From f1c6cb7725960487195daa5c5c196fd8d3563811 Mon Sep 17 00:00:00 2001
-From: Damien George <damien@micropython.org>
-Date: Wed, 3 May 2023 15:23:24 +1000
-Subject: [PATCH] py/stackctrl: Add gcc pragmas to ignore dangling-pointer
- warning.
-
-This warning became apparent in gcc 13.
-
-Signed-off-by: Damien George <damien@micropython.org>
----
- py/stackctrl.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
---- a/py/stackctrl.c
-+++ b/py/stackctrl.c
-@@ -28,8 +28,15 @@
- #include "py/stackctrl.h"
-
- void mp_stack_ctrl_init(void) {
-+ #if __GNUC__ >= 13
-+ #pragma GCC diagnostic push
-+ #pragma GCC diagnostic ignored "-Wdangling-pointer"
-+ #endif
- volatile int stack_dummy;
- MP_STATE_THREAD(stack_top) = (char *)&stack_dummy;
-+ #if __GNUC__ >= 13
-+ #pragma GCC diagnostic pop
-+ #endif
- }
-
- void mp_stack_set_top(void *top) {
-include("$(MPY_DIR)/extmod/uasyncio")
+include("$(MPY_DIR)/extmod/asyncio")
--- /dev/null
+#!/bin/sh
+
+nl="
+"
+
+micropython -c "import sys${nl}print(sys.version)" | grep -F " MicroPython v${PKG_VERSION} "
+++ /dev/null
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=pyodbc
-PKG_VERSION:=4.0.39
-PKG_RELEASE:=1
-
-PYPI_NAME:=$(PKG_NAME)
-PKG_HASH:=e528bb70dd6d6299ee429868925df0866e3e919c772b9eff79c8e17920d8f116
-
-PKG_LICENSE:=MIT
-PKG_LICENSE_FILES:=LICENSE.txt
-PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
-
-PKG_BUILD_DEPENDS:=unixodbc/host
-
-include ../pypi.mk
-include $(INCLUDE_DIR)/package.mk
-include ../python3-package.mk
-
-define Package/python3-pyodbc
- SECTION:=lang
- CATEGORY:=Languages
- SUBMENU:=Python
- TITLE:=python3-pyodbc
- URL:=https://github.com/mkleehammer/pyodbc
- DEPENDS:=+unixodbc +python3-light +libstdcpp
-endef
-
-define Package/python3-pyodbc/description
-DB API Module for ODBC
-
-A Python DB API 2 module for ODBC. This project provides an up-to-date,
-convenient interface to ODBC using native data types like datetime and decimal.
-endef
-
-$(eval $(call Py3Package,python3-pyodbc))
-$(eval $(call BuildPackage,python3-pyodbc))
include $(TOPDIR)/rules.mk
PKG_NAME:=python-charset-normalizer
-PKG_VERSION:=3.3.0
+PKG_VERSION:=3.3.2
PKG_RELEASE:=1
PYPI_NAME:=charset-normalizer
-PKG_HASH:=63563193aec44bce707e0c5ca64ff69fa72ed7cf34ce6e11d5127555756fd2f6
+PKG_HASH:=f30c3cb33b24454a82faecaf01b19c18562b1e89558fb6c56de4d9118a032fd5
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
[ "$1" = python3-charset-normalizer ] || exit 0
-python3 - << EOF
-import sys
+python3 - << 'EOF'
+
from charset_normalizer import from_bytes
s = 'Bсеки човек има право на образование.'
byte_str = s.encode('cp1251')
result = from_bytes(byte_str).best()
-sys.exit(0 if str(result) == s else 1)
+assert str(result) == s
+
EOF
#
-# Copyright (C) 2018 OpenWrt.org
+# Copyright (C) 2018, 2023 Jeffery To
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=python-constantly
-PKG_VERSION:=15.1.0
-PKG_RELEASE:=2
+PKG_VERSION:=23.10.4
+PKG_RELEASE:=1
PYPI_NAME:=constantly
-PKG_HASH:=586372eb92059873e29eba4f9dec8381541b4d3834660707faf8ba59146dfc35
+PKG_HASH:=aa92b70a33e2ac0bb33cd745eb61776594dc48764b06c35e0efd050b7f1c7cbd
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
+PKG_BUILD_DEPENDS:=python-versioneer/host
+
include ../pypi.mk
include $(INCLUDE_DIR)/package.mk
include ../python3-package.mk
--- /dev/null
+--- a/pyproject.toml
++++ b/pyproject.toml
+@@ -1,5 +1,5 @@
+ [build-system]
+-requires = ["setuptools>=68.2", "versioneer[toml]==0.29"]
++requires = ["setuptools", "versioneer[toml]==0.29"]
+ build-backend = "setuptools.build_meta"
+
+ [project]
--- /dev/null
+#!/bin/sh
+
+[ "$1" = python3-constantly ] || exit 0
+
+python3 - << 'EOF'
+
+from constantly import NamedConstant, Names
+class Letters(Names):
+ a = NamedConstant()
+ b = NamedConstant()
+ c = NamedConstant()
+
+assert Letters.lookupByName('a') is Letters.a
+assert Letters.a < Letters.b
+assert Letters.b < Letters.c
+assert Letters.a < Letters.c
+
+from constantly import ValueConstant, Values
+class STATUS(Values):
+ OK = ValueConstant('200')
+ FOUND = ValueConstant('302')
+ NOT_FOUND = ValueConstant('404')
+
+assert STATUS.OK.value == '200'
+assert STATUS.lookupByValue('404') == STATUS.NOT_FOUND
+
+EOF
include $(TOPDIR)/rules.mk
PKG_NAME:=python-cryptography
-PKG_VERSION:=41.0.4
+PKG_VERSION:=41.0.5
PKG_RELEASE:=1
PYPI_NAME:=cryptography
-PKG_HASH:=7febc3094125fc126a7f6fb1f420d0da639f3f32cb15c8ff0dc3997c4549f51a
+PKG_HASH:=392cb88b597247177172e02da6b7a63deeff1937fa6fec3bbf902ebd75d97ec7
PKG_LICENSE:=Apache-2.0 BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE.APACHE LICENSE.BSD
PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
+PKG_CPE_ID:=cpe:/a:cryptography_project:cryptography
PKG_BUILD_DEPENDS:=libffi/host python-cffi/host python-setuptools-rust/host
[ "$1" = python3-cryptography ] || exit 0
-python3 - << EOF
-import sys
+python3 - << 'EOF'
+
from cryptography.fernet import Fernet
key = Fernet.generate_key()
f = Fernet(key)
-token = f.encrypt(b"my deep dark secret")
-sys.exit(0 if f.decrypt(token) == b"my deep dark secret" else 1)
+msg = b"my deep dark secret"
+token = f.encrypt(msg)
+assert f.decrypt(token) == msg
+
EOF
include $(TOPDIR)/rules.mk
PKG_NAME:=python-pip
-PKG_VERSION:=23.2.1
+PKG_VERSION:=23.3.1
PKG_RELEASE:=1
PYPI_NAME:=pip
-PKG_HASH:=fb0bd5435b3200c602b5bf61d2d43c2f13c02e29c1707567ae7fbc514eb9faf2
+PKG_HASH:=1fcaa041308d01f14575f6d0d2ea4b75a3e2871fe4f9c694976f908768e14174
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE.txt
--- a/src/pip/_vendor/pyproject_hooks/_in_process/__init__.py
+++ b/src/pip/_vendor/pyproject_hooks/_in_process/__init__.py
-@@ -11,8 +11,8 @@ try:
+@@ -11,8 +11,14 @@ try:
except AttributeError:
# Python 3.8 compatibility
def _in_proc_script_path():
- return resources.path(__package__, '_in_process.py')
-+ return resources.path(__package__, '_in_process.pyc')
++ filename = '_in_process.pyc'
++ if resources.is_resource(__package__, '_in_process.py'):
++ filename = '_in_process.py'
++ return resources.path(__package__, filename)
else:
def _in_proc_script_path():
++ filename = '_in_process.pyc'
++ if resources.files(__package__).joinpath('_in_process.py').is_file():
++ filename = '_in_process.py'
return resources.as_file(
- resources.files(__package__).joinpath('_in_process.py'))
-+ resources.files(__package__).joinpath('_in_process.pyc'))
++ resources.files(__package__).joinpath(filename))
--- a/src/pip/_internal/build_env.py
+++ b/src/pip/_internal/build_env.py
-@@ -54,7 +54,7 @@ def get_runnable_pip() -> str:
+@@ -54,7 +54,11 @@ def get_runnable_pip() -> str:
# case, we can use that directly.
return str(source)
- return os.fsdecode(source / "__pip-runner__.py")
-+ return os.fsdecode(source / "__pip-runner__.pyc")
++ filename = "__pip-runner__.pyc"
++ py = source / "__pip-runner__.py"
++ if py.is_file():
++ filename = "__pip-runner__.py"
++ return os.fsdecode(source / filename)
def _get_system_sitepackages() -> Set[str]:
--- a/src/pip/_internal/cli/cmdoptions.py
+++ b/src/pip/_internal/cli/cmdoptions.py
-@@ -892,7 +892,7 @@ disable_pip_version_check: Callable[...,
+@@ -895,7 +895,7 @@ disable_pip_version_check: Callable[...,
"--disable-pip-version-check",
dest="disable_pip_version_check",
action="store_true",
--- /dev/null
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=python-pyodbc
+PKG_VERSION:=5.0.1
+PKG_RELEASE:=1
+
+PYPI_NAME:=pyodbc
+PKG_HASH:=03d7d0b04d5a9156099ce8d03e92f3956783746fa9234eb6f5b5cfc12b645011
+
+PKG_LICENSE:=MIT
+PKG_LICENSE_FILES:=LICENSE.txt
+PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
+
+# for odbc_config
+PKG_BUILD_DEPENDS:=unixodbc/host
+
+include ../pypi.mk
+include $(INCLUDE_DIR)/package.mk
+include ../python3-package.mk
+
+define Package/python3-pyodbc
+ SECTION:=lang
+ CATEGORY:=Languages
+ SUBMENU:=Python
+ TITLE:=DB API module for ODBC
+ URL:=https://github.com/mkleehammer/pyodbc
+ DEPENDS:=+python3-light +python3-decimal +python3-uuid +libodbc +libstdcpp
+endef
+
+define Package/python3-pyodbc/description
+pyodbc is an open source Python module that makes accessing ODBC
+databases simple. It implements the DB API 2.0 specification but is
+packed with even more Pythonic convenience.
+endef
+
+$(eval $(call Py3Package,python3-pyodbc))
+$(eval $(call BuildPackage,python3-pyodbc))
+# no src package - the module does not contain any Python code
--- /dev/null
+#!/bin/sh
+
+[ "$1" = python3-pyodbc ] || exit 0
+
+python3 -c 'import pyodbc'
include $(TOPDIR)/rules.mk
PKG_NAME:=python-pyopenssl
-PKG_VERSION:=23.2.0
+PKG_VERSION:=23.3.0
PKG_RELEASE:=1
PYPI_NAME:=pyOpenSSL
-PKG_HASH:=276f931f55a452e7dea69c7173e984eb2a4407ce413c918aa34b55f82f9b8bac
+PKG_HASH:=6b2cba5cc46e822750ec3e5a81ee12819850b11303630d575e98108a079c2b12
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
include $(TOPDIR)/rules.mk
PKG_NAME:=python-setuptools-rust
-PKG_VERSION:=1.7.0
-PKG_RELEASE:=2
+PKG_VERSION:=1.8.1
+PKG_RELEASE:=1
PYPI_NAME:=setuptools-rust
-PKG_HASH:=c7100999948235a38ae7e555fe199aa66c253dc384b125f5d85473bf81eae3a3
+PKG_HASH:=94b1dd5d5308b3138d5b933c3a2b55e6d6927d1a22632e509fcea9ddd0f7e486
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
python-wheel/host \
python-setuptools-scm/host \
python-semantic-version/host \
- python-typing-extensions/host \
rust/host
include ../pypi.mk
+python3-logging \
+python3-semantic-version \
+python3-setuptools \
- +python3-typing-extensions \
+rust
BUILDONLY:=1
endef
+++ /dev/null
-From b10cab4efeb80abb5a236d651c9ff9355e470527 Mon Sep 17 00:00:00 2001
-From: Jeffery To <jeffery.to@gmail.com>
-Date: Mon, 2 Oct 2023 16:13:51 +0800
-Subject: [PATCH] Allow profile to be set by SETUPTOOLS_RUST_CARGO_PROFILE env
- variable
-
-This allows the profile to be set dynamically, without having to edit
-pyproject.toml/setup.py.
----
- setuptools_rust/build.py | 20 ++++++++++++++++----
- 1 file changed, 16 insertions(+), 4 deletions(-)
-
---- a/setuptools_rust/build.py
-+++ b/setuptools_rust/build.py
-@@ -528,10 +528,10 @@ class build_rust(RustCommand):
- if target_triple is not None:
- args.extend(["--target", target_triple])
-
-- if release:
-- profile = ext.get_cargo_profile()
-- if not profile:
-- args.append("--release")
-+ ext_profile = ext.get_cargo_profile()
-+ env_profile = os.getenv("SETUPTOOLS_RUST_CARGO_PROFILE")
-+ if release and not ext_profile and not env_profile:
-+ args.append("--release")
-
- if quiet:
- args.append("-q")
-@@ -552,6 +552,18 @@ class build_rust(RustCommand):
- if ext.args is not None:
- args.extend(ext.args)
-
-+ if env_profile:
-+ if ext_profile:
-+ args = [p for p in args if not p.startswith("--profile=")]
-+ while True:
-+ try:
-+ index = args.index("--profile")
-+ del args[index:index + 2]
-+ except ValueError:
-+ break
-+
-+ args.extend(["--profile", env_profile])
-+
- if ext.cargo_manifest_args is not None:
- args.extend(ext.cargo_manifest_args)
-
include $(TOPDIR)/rules.mk
PKG_NAME:=python-trove-classifiers
-PKG_VERSION:=2023.9.19
+PKG_VERSION:=2023.10.18
PKG_RELEASE:=1
PYPI_NAME:=trove-classifiers
-PKG_HASH:=3e700af445c802f251ce2b741ee78d2e5dfa5ab8115b933b89ca631b414691c9
+PKG_HASH:=2cdfcc7f31f7ffdd57666a9957296089ac72daad4d11ab5005060e5cd7e29939
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
--- /dev/null
+#
+# Copyright (C) 2023 Jeffery To
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=python-versioneer
+PKG_VERSION:=0.29
+PKG_RELEASE:=1
+
+PYPI_NAME:=versioneer
+PKG_HASH:=5ab283b9857211d61b53318b7c792cf68e798e765ee17c27ade9f6c924235731
+
+PKG_LICENSE:=Unlicense
+PKG_LICENSE_FILES:=LICENSE
+PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
+
+PKG_HOST_ONLY:=1
+HOST_BUILD_DEPENDS:=python3/host python-build/host python-installer/host python-wheel/host
+
+include ../pypi.mk
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/host-build.mk
+include ../python3-package.mk
+include ../python3-host-build.mk
+
+define Package/python3-versioneer
+ SECTION:=lang
+ CATEGORY:=Languages
+ SUBMENU:=Python
+ TITLE:=Easy VCS-based management of project version strings
+ URL:=https://github.com/python-versioneer/python-versioneer
+ DEPENDS:=+python3-light
+ BUILDONLY:=1
+endef
+
+define Package/python3-versioneer/description
+This is a tool for managing a recorded version number in
+setuptools-based python projects. The goal is to remove the tedious and
+error-prone "update the embedded version string" step from your release
+process. Making a new release should be as easy as recording a new tag
+in your version-control system, and maybe making new tarballs.
+endef
+
+$(eval $(call Py3Package,python3-versioneer))
+$(eval $(call BuildPackage,python3-versioneer))
+$(eval $(call BuildPackage,python3-versioneer-src))
+$(eval $(call HostBuild))
PYTHON3_VERSION:=$(PYTHON3_VERSION_MAJOR).$(PYTHON3_VERSION_MINOR)
-PYTHON3_SETUPTOOLS_PKG_RELEASE:=1
+PYTHON3_SETUPTOOLS_PKG_RELEASE:=2
PYTHON3_PIP_PKG_RELEASE:=1
PYTHON3_SETUPTOOLS_VERSION:=65.5.0
--- /dev/null
+From e359a7a3c4f9e70360a068bef19c95938fdacede Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+Date: Wed, 23 Dec 2015 11:33:14 +0100
+Subject: [PATCH] Adjust library/header paths for cross-compilation
+
+When cross-compiling third-party extensions, the get_python_inc() or
+get_python_lib() can be called, to return the path to headers or
+libraries. However, they use the sys.prefix of the host Python, which
+returns incorrect paths when cross-compiling (paths pointing to host
+headers and libraries).
+
+In order to fix this, we introduce the _python_sysroot, _python_prefix
+and _python_exec_prefix variables, that allow to override these
+values, and get correct header/library paths when cross-compiling
+third-party Python modules.
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+[adapt for setuptools, rename environment variable, use fixed lib path]
+Signed-off-by: Jeffery To <jeffery.to@gmail.com>
+---
+ Lib/distutils/command/build_ext.py | 5 ++++-
+ Lib/sysconfig.py | 15 +++++++++++----
+ 2 files changed, 15 insertions(+), 5 deletions(-)
+
+--- a/setuptools/_distutils/command/build_ext.py
++++ b/setuptools/_distutils/command/build_ext.py
+@@ -238,7 +238,10 @@ class build_ext(Command):
+ if sysconfig.get_config_var('Py_ENABLE_SHARED'):
+ if not sysconfig.python_build:
+ # building third party extensions
+- self.library_dirs.append(sysconfig.get_config_var('LIBDIR'))
++ libdir = sysconfig.get_config_var('LIBDIR')
++ if 'STAGING_DIR' in os.environ:
++ libdir = os.environ.get('STAGING_DIR') + '/usr/lib'
++ self.library_dirs.append(libdir)
+ else:
+ # building python standard extensions
+ self.library_dirs.append('.')
PKG_NAME:=rust
PKG_VERSION:=1.73.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=rustc-$(PKG_VERSION)-src.tar.gz
PKG_SOURCE_URL:=https://static.rust-lang.org/dist/
PKG_LICENSE_FILES:=LICENSE-APACHE LICENSE-MIT
PKG_HOST_ONLY:=1
+PKG_BUILD_FLAGS:=no-mips16
include $(INCLUDE_DIR)/host-build.mk
include $(INCLUDE_DIR)/package.mk
define Host/Compile
$(RUST_SCCACHE_VARS) \
CARGO_HOME=$(CARGO_HOME) \
+ TARGET_CFLAGS="$(TARGET_CFLAGS)" \
OPENWRT_RUSTC_BOOTSTRAP_CACHE=$(DL_DIR)/rustc \
$(PYTHON) $(HOST_BUILD_DIR)/x.py \
--build-dir $(HOST_BUILD_DIR)/build \
os.makedirs(rustc_cache)
--- a/src/bootstrap/download.rs
+++ b/src/bootstrap/download.rs
-@@ -520,7 +520,10 @@ impl Config {
+@@ -202,7 +202,13 @@ impl Config {
+ Some(other) => panic!("unsupported protocol {other} in {url}"),
+ None => panic!("no protocol in {url}"),
+ }
+- t!(std::fs::rename(&tempfile, dest_path));
++ match std::fs::rename(&tempfile, dest_path) {
++ Ok(v) => v,
++ Err(_) => {
++ t!(std::fs::copy(&tempfile, dest_path));
++ t!(std::fs::remove_file(&tempfile));
++ }
++ }
+ }
+
+ fn download_http_with_retries(&self, tempfile: &Path, url: &str, help_on_error: &str) {
+@@ -520,7 +526,10 @@ impl Config {
key: &str,
destination: &str,
) {
let cache_dir = cache_dst.join(key);
if !cache_dir.exists() {
t!(fs::create_dir_all(&cache_dir));
-@@ -647,7 +650,10 @@ download-rustc = false
+@@ -647,7 +656,10 @@ download-rustc = false
let llvm_assertions = self.llvm_assertions;
let cache_prefix = format!("llvm-{llvm_sha}-{llvm_assertions}");
PKG_NAME:=efivar
PKG_VERSION:=38
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://github.com/rhboot/efivar/releases/download/$(PKG_VERSION)
SECTION:=libs
CATEGORY:=Libraries
TITLE:=Tools and libraries to work with EFI variables
- DEPENDS:=@TARGET_x86_64
+ DEPENDS:=@(TARGET_x86_64||TARGET_armsr_armv8)
URL:=https://github.com/rhboot/efibootmgr
endef
--- /dev/null
+From ca48d3964d26f5e3b38d73655f19b1836b16bd2d Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Tue, 18 Jan 2022 11:53:41 +0100
+Subject: [PATCH] src/Makefile: build util.c separately for makeguids
+
+util.c needs to be built twice when cross-compiling:
+for the build machine to be able to link with
+makeguids which then runs during the same build,
+and then for the actual target.
+
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ src/Makefile | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -28,10 +28,13 @@ EFIVAR_OBJECTS = $(patsubst %.S,%.o,$(pa
+ EFISECDB_SOURCES = efisecdb.c guid-symbols.c secdb-dump.c util.c
+ EFISECDB_OBJECTS = $(patsubst %.S,%.o,$(patsubst %.c,%.o,$(EFISECDB_SOURCES)))
+ GENERATED_SOURCES = include/efivar/efivar-guids.h guid-symbols.c
+-MAKEGUIDS_SOURCES = makeguids.c util.c
++MAKEGUIDS_SOURCES = makeguids.c util-makeguids.c
+ MAKEGUIDS_OBJECTS = $(patsubst %.S,%.o,$(patsubst %.c,%.o,$(MAKEGUIDS_SOURCES)))
+ MAKEGUIDS_OUTPUT = $(GENERATED_SOURCES) guids.lds
+
++util-makeguids.c : util.c
++ cp util.c util-makeguids.c
++
+ ALL_SOURCES=$(LIBEFISEC_SOURCES) $(LIBEFIBOOT_SOURCES) $(LIBEFIVAR_SOURCES) \
+ $(MAKEGUIDS_SOURCES) $(GENERATED_SOURCES) $(EFIVAR_SOURCES) \
+ $(sort $(wildcard include/efivar/*.h))
include $(TOPDIR)/rules.mk
PKG_NAME:=libndpi
-PKG_VERSION:=4.6
+PKG_VERSION:=4.8
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/ntop/nDPI/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=6f307e23ab11b2b9e84a696120810e27a854072576a49783ff84fd37a1d7411b
+PKG_HASH:=8f6235ba672d4ac8e4cbebb5611bc712a74587d9d53a649f483e4bcca5b80e58
PKG_BUILD_DIR:=$(BUILD_DIR)/nDPI-$(PKG_VERSION)
PKG_MAINTAINER:=Banglang Huang <banglang.huang@foxmail.com>, Toni Uhlig <matzeton@googlemail.com>
endif
ifneq ($(CONFIG_LIBNDPI_PCRE),)
-CONFIGURE_ARGS += --with-pcre
+CONFIGURE_ARGS += --with-pcre2
endif
ifneq ($(CONFIG_LIBNDPI_MAXMINDDB),)
CATEGORY:=Libraries
TITLE:=Library for deep-packet inspection
URL:=https://github.com/ntop/nDPI
- DEPENDS:=+LIBNDPI_GCRYPT:libgcrypt +LIBNDPI_PCRE:libpcre +LIBNDPI_MAXMINDDB:libmaxminddb +LIBNDPI_NDPIREADER:libpcap
+ DEPENDS:=+LIBNDPI_GCRYPT:libgcrypt +LIBNDPI_PCRE:libpcre2 +LIBNDPI_MAXMINDDB:libmaxminddb +LIBNDPI_NDPIREADER:libpcap
endef
define Package/libndpi/description
--- /dev/null
+From 8fed2be3d5b83949fabb2bdf39d6de4f24d2e68f Mon Sep 17 00:00:00 2001
+From: Christian Marangi <ansuelsmth@gmail.com>
+Date: Mon, 30 Oct 2023 18:10:51 +0100
+Subject: [PATCH] Move from PCRE to PCRE2
+
+Move from PCRE to PCRE2. PCRE is EOL and won't receive any security
+updates anymore. Convert to PCRE2 by converting any function PCRE2 new
+API.
+
+Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
+---
+ configure.ac | 18 ++++----
+ src/lib/ndpi_utils.c | 46 ++++++++++-----------
+ src/lib/third_party/include/rce_injection.h | 6 +--
+ tests/do.sh.in | 4 +-
+ 4 files changed, 37 insertions(+), 37 deletions(-)
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -359,14 +359,14 @@ AS_IF([test "${with_local_libgcrypt+set}
+ AC_DEFINE_UNQUOTED(USE_HOST_LIBGCRYPT, 1, [Use locally installed libgcrypt instead of builtin gcrypt-light])
+ ])
+
+-dnl> PCRE
+-PCRE_ENABLED=0
+-AC_ARG_WITH(pcre, AS_HELP_STRING([--with-pcre], [Enable nDPI build with libpcre]))
+-if test "${with_pcre+set}" = set; then :
+- AC_CHECK_LIB(pcre, pcre_compile, AC_DEFINE_UNQUOTED(HAVE_PCRE, 1, [libpcre(-dev) is present]))
+- if test "x$ac_cv_lib_pcre_pcre_compile" = xyes; then :
+- ADDITIONAL_LIBS="${ADDITIONAL_LIBS} -lpcre"
+- PCRE_ENABLED=1
++dnl> PCRE2
++PCRE2_ENABLED=0
++AC_ARG_WITH(pcre2, AS_HELP_STRING([--with-pcre2], [Enable nDPI build with libpcre2]))
++if test "${with_pcre2+set}" = set; then :
++ AC_CHECK_LIB(pcre2-8, pcre2_compile_8, AC_DEFINE_UNQUOTED(HAVE_PCRE2, 1, [libpcre2(-dev) is present]))
++ if test "x$ac_cv_lib_pcre2_8_pcre2_compile_8" = xyes; then :
++ ADDITIONAL_LIBS="${ADDITIONAL_LIBS} -lpcre2-8"
++ PCRE2_ENABLED=1
+ fi
+ fi
+
+@@ -420,7 +420,7 @@ AC_SUBST(GPROF_CFLAGS)
+ AC_SUBST(GPROF_LIBS)
+ AC_SUBST(GPROF_ENABLED)
+ AC_SUBST(USE_HOST_LIBGCRYPT)
+-AC_SUBST(PCRE_ENABLED)
++AC_SUBST(PCRE2_ENABLED)
+ AC_SUBST(NBPF_ENABLED)
+ AC_SUBST(HANDLE_TLS_SIGS)
+ AC_SUBST(DISABLE_NPCAP)
+--- a/src/lib/ndpi_utils.c
++++ b/src/lib/ndpi_utils.c
+@@ -62,12 +62,12 @@
+
+ // #define DEBUG_REASSEMBLY
+
+-#ifdef HAVE_PCRE
+-#include <pcre.h>
++#ifdef HAVE_PCRE2
++#define PCRE2_CODE_UNIT_WIDTH 8
++#include <pcre2.h>
+
+-struct pcre_struct {
+- pcre *compiled;
+- pcre_extra *optimized;
++struct pcre2_struct {
++ pcre2_code *compiled;
+ };
+ #endif
+
+@@ -1712,18 +1712,19 @@ static int ndpi_is_xss_injection(char* q
+
+ /* ********************************** */
+
+-#ifdef HAVE_PCRE
++#ifdef HAVE_PCRE2
+
+ static void ndpi_compile_rce_regex() {
+- const char *pcreErrorStr = NULL;
+- int pcreErrorOffset;
++ PCRE2_UCHAR pcreErrorStr[128];
++ PCRE2_SIZE pcreErrorOffset;
++ int pcreErrorCode;
+
+ for(int i = 0; i < N_RCE_REGEX; i++) {
+- comp_rx[i] = (struct pcre_struct*)ndpi_malloc(sizeof(struct pcre_struct));
++ comp_rx[i] = (struct pcre2_struct*)ndpi_malloc(sizeof(struct pcre2_struct));
+
+- comp_rx[i]->compiled = pcre_compile(rce_regex[i], 0, &pcreErrorStr,
++ comp_rx[i]->compiled = pcre2_compile((PCRE2_SPTR)rce_regex[i], PCRE2_ZERO_TERMINATED, 0, &pcreErrorCode,
+ &pcreErrorOffset, NULL);
+-
++ pcre2_get_error_message(pcreErrorCode, pcreErrorStr, 128);
+ if(comp_rx[i]->compiled == NULL) {
+ #ifdef DEBUG
+ NDPI_LOG_ERR(ndpi_str, "ERROR: Could not compile '%s': %s\n", rce_regex[i],
+@@ -1733,17 +1734,16 @@ static void ndpi_compile_rce_regex() {
+ continue;
+ }
+
+- comp_rx[i]->optimized = pcre_study(comp_rx[i]->compiled, 0, &pcreErrorStr);
++ pcreErrorCode = pcre2_jit_compile(comp_rx[i]->compiled, PCRE2_JIT_COMPLETE);
+
+ #ifdef DEBUG
+- if(pcreErrorStr != NULL) {
+- NDPI_LOG_ERR(ndpi_str, "ERROR: Could not study '%s': %s\n", rce_regex[i],
++ if(pcreErrorCode < 0) {
++ pcre2_get_error_message(pcreErrorCode, pcreErrorStr, 128);
++ NDPI_LOG_ERR(ndpi_str, "ERROR: Could not jit compile '%s': %s\n", rce_regex[i],
+ pcreErrorStr);
+ }
+ #endif
+ }
+-
+- ndpi_free((void *)pcreErrorStr);
+ }
+
+ static int ndpi_is_rce_injection(char* query) {
+@@ -1752,17 +1752,17 @@ static int ndpi_is_rce_injection(char* q
+ initialized_comp_rx = 1;
+ }
+
++ pcre2_match_data *pcreMatchData;
+ int pcreExecRet;
+- int subStrVec[30];
+
+ for(int i = 0; i < N_RCE_REGEX; i++) {
+ unsigned int length = strlen(query);
+
+- pcreExecRet = pcre_exec(comp_rx[i]->compiled,
+- comp_rx[i]->optimized,
+- query, length, 0, 0, subStrVec, 30);
+-
+- if(pcreExecRet >= 0) {
++ pcreMatchData = pcre2_match_data_create_from_pattern(comp_rx[i]->compiled, NULL);
++ pcreExecRet = pcre2_match(comp_rx[i]->compiled,
++ (PCRE2_SPTR)query, length, 0, 0, pcreMatchData, NULL);
++ pcre2_match_data_free(pcreMatchData);
++ if(pcreExecRet > 0) {
+ return 1;
+ }
+ #ifdef DEBUG
+@@ -1852,7 +1852,7 @@ ndpi_risk_enum ndpi_validate_url(char *u
+ rc = NDPI_URL_POSSIBLE_XSS;
+ else if(ndpi_is_sql_injection(decoded))
+ rc = NDPI_URL_POSSIBLE_SQL_INJECTION;
+-#ifdef HAVE_PCRE
++#ifdef HAVE_PCRE2
+ else if(ndpi_is_rce_injection(decoded))
+ rc = NDPI_URL_POSSIBLE_RCE_INJECTION;
+ #endif
+--- a/src/lib/third_party/include/rce_injection.h
++++ b/src/lib/third_party/include/rce_injection.h
+@@ -1,4 +1,4 @@
+-#ifdef HAVE_PCRE
++#ifdef HAVE_PCRE2
+
+ #ifndef NDPI_RCE_H
+ #define NDPI_RCE_H
+@@ -8,7 +8,7 @@
+ #define N_RCE_REGEX 7
+
+ /* Compiled regex */
+-static struct pcre_struct *comp_rx[N_RCE_REGEX];
++static struct pcre2_struct *comp_rx[N_RCE_REGEX];
+
+ static unsigned int initialized_comp_rx = 0;
+
+@@ -615,4 +615,4 @@ static const char *pwsh_commands[] = {
+ "-PSConsoleFile"
+ };
+
+-#endif //HAVE_PCRE
+\ No newline at end of file
++#endif //HAVE_PCRE2
+\ No newline at end of file
+--- a/tests/do.sh.in
++++ b/tests/do.sh.in
+@@ -26,7 +26,7 @@ CMD_COLORDIFF="$(which colordiff)"
+
+ EXE_SUFFIX=@EXE_SUFFIX@
+ GPROF_ENABLED=@GPROF_ENABLED@
+-PCRE_ENABLED=@PCRE_ENABLED@
++PCRE2_ENABLED=@PCRE2_ENABLED@
+ PCRE_PCAPS="WebattackRCE.pcap"
+ NBPF_ENABLED=@NBPF_ENABLED@
+ NBPF_PCAPS="h323-overflow.pcap"
+@@ -84,7 +84,7 @@ check_results() {
+ [ $SKIP_PCAP = 1 ] && continue
+ fi
+ SKIP_PCAP=0
+- if [ $PCRE_ENABLED -eq 0 ]; then
++ if [ $PCRE2_ENABLED -eq 0 ]; then
+ for p in $PCRE_PCAPS; do
+ if [ $f = $p ]; then
+ SKIP_PCAP=1
include $(TOPDIR)/rules.mk
PKG_NAME:=newt
-PKG_VERSION:=0.52.23
+PKG_VERSION:=0.52.24
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://releases.pagure.org/newt
-PKG_HASH:=caa372907b14ececfe298f0d512a62f41d33b290610244a58aed07bbc5ada12a
+PKG_HASH:=5ded7e221f85f642521c49b1826c8de19845aa372baf5d630a51774b544fbdbb
PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
PKG_LICENSE:=LGPL-2.0-only
--- /dev/null
+#!/bin/sh
+
+case "$1" in
+
+python3-newt)
+ python3 -c 'import snack'
+ ;;
+
+whiptail)
+ whiptail --version | grep -Fx "whiptail (newt): $PKG_VERSION"
+ ;;
+
+esac
include $(TOPDIR)/rules.mk
PKG_NAME:=ngtcp2
-PKG_VERSION:=1.0.0
+PKG_VERSION:=1.0.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/ngtcp2/ngtcp2/releases/download/v$(PKG_VERSION)/
-PKG_HASH:=a40b18af654baaebee3431af9bb4e347f40080bf1189d658ad53f8e66bf39da3
+PKG_HASH:=df03e7e91110fcbb165ae048fa671f1dd39f77b841df3a14aef076a1c192cc27
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=COPYING
include $(INCLUDE_DIR)/package.mk
CONFIGURE_ARGS += \
- --with-unixodbc=$(STAGING_DIR_HOST)/bin/odbc_config \
+ --with-unixodbc=$(STAGING_DIR)/host/bin/odbc_config \
--with-libpq=$(STAGING_DIR)/usr
define Package/psqlodbc/Default
include $(TOPDIR)/rules.mk
PKG_NAME:=unixodbc
-PKG_VERSION:=2.3.9
-PKG_RELEASE:=2
+PKG_VERSION:=2.3.12
+PKG_RELEASE:=1
PKG_SOURCE:=unixODBC-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.unixodbc.org
-PKG_HASH:=52833eac3d681c8b0c9a5a65f2ebd745b3a964f208fc748f977e44015a31b207
+PKG_HASH:=f210501445ce21bf607ba51ef8c125e10e22dffdffec377646462df5f01915ec
PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>
-PKG_LICENSE:=prog GPL libs LGPL
+PKG_LICENSE:=LGPL-2.1-or-later GPL-2.0-or-later
+PKG_LICENSE_FILES:=COPYING exe/COPYING
PKG_CPE_ID:=cpe:/a:unixodbc:unixodbc
PKG_BUILD_DIR:=$(BUILD_DIR)/unixODBC-$(PKG_VERSION)
-HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/unixODBC-$(PKG_VERSION)
-HOST_BUILD_DEPENDS:=unixodbc
+HOST_BUILD_DIR:=$(BUILD_DIR)/host/unixODBC-$(PKG_VERSION)
+PKG_BUILD_PARALLEL:=1
PKG_FIXUP:=autoreconf
+PKG_INSTALL:=1
+
+HOST_BUILD_DEPENDS:=unixodbc
+HOST_BUILD_PARALLEL:=1
# if your other package depends on unixodbc and needs
# odbc_config, add to your other Makefile
CONFIGURE_ARGS += \
--disable-gui \
--with-pic \
- --enable-drivers \
- --includedir=$(STAGING_DIR)/usr/include
+ --enable-drivers
define Package/unixodbc/Default
SUBMENU:=Database
TITLE:=unixODBC
- URL:=http://www.unixodbc.org
+ URL:=https://www.unixodbc.org
+endef
+
+define Package/unixodbc/Default/description
+unixODBC is an Open Source ODBC sub-system and an ODBC SDK for Linux,
+Mac OSX, and UNIX.
+endef
+
+define Package/libodbc
+$(call Package/unixodbc/Default)
+ TITLE+= Driver Manager library
+ SECTION:=libs
+ CATEGORY:=Libraries
+ DEPENDS:=+libltdl +libpthread
+ ABI_VERSION:=2
+endef
+
+define Package/libodbc/description
+$(call Package/unixodbc/Default/description)
+
+This package provides the unixODBC Driver Manager library.
+endef
+
+define Package/libodbccr
+$(call Package/unixodbc/Default)
+ TITLE+= Cursor library
+ SECTION:=libs
+ CATEGORY:=Libraries
+ DEPENDS:=+libodbc +libltdl +libpthread
+ ABI_VERSION:=2
+endef
+
+define Package/libodbccr/description
+$(call Package/unixodbc/Default/description)
+
+This package provides the unixODBC Cursor library.
+endef
+
+define Package/libodbcinst
+$(call Package/unixodbc/Default)
+ TITLE+= Configuration library
+ SECTION:=libs
+ CATEGORY:=Libraries
+ DEPENDS:=+libltdl +libpthread
+ ABI_VERSION:=2
+endef
+
+define Package/libodbcinst/description
+$(call Package/unixodbc/Default/description)
+
+This package provides the unixODBC Configuration library.
endef
define Package/unixodbc
- $(call Package/unixodbc/Default)
+$(call Package/unixodbc/Default)
TITLE+= (libraries)
SECTION:=libs
CATEGORY:=Libraries
- DEPENDS:=+libltdl +libpthread
+ DEPENDS:=+libodbc +libodbccr +libodbcinst
endef
define Package/unixodbc/description
- unixODBC is an Open Source ODBC sub-system and an ODBC SDK for Linux,
- Mac OSX, and UNIX.
+$(call Package/unixodbc/Default/description)
+
+This package installs the unixODBC Driver Manager, Cursor, and
+Configuration libraries. This package is provided for backwards
+compatibility; these libraries are available in separate packages.
endef
define Package/unixodbc-tools
- $(call Package/unixodbc/Default)
+$(call Package/unixodbc/Default)
SECTION:=utils
CATEGORY:=Utilities
TITLE+= Tools
- DEPENDS:=+unixodbc +libncurses +libreadline
+ DEPENDS:=+libodbc +libodbcinst +libltdl +libreadline
endef
define Package/unixodbc-tools/description
- Command Line Tools to help install a driver and work with SQL.
+$(call Package/unixodbc/Default/description)
+
+This package provides command-line tools to help install a driver and
+work with SQL.
endef
define Package/pgsqlodbc
- $(call Package/unixodbc/Default)
+$(call Package/unixodbc/Default)
SECTION:=libs
CATEGORY:=Libraries
- TITLE:=Postgresql driver for ODBC
- DEPENDS:=+unixodbc +libpq
+ TITLE:=PostgreSQL driver for ODBC
+ DEPENDS:=+libodbc +libpq +libltdl +libpthread
+ ABI_VERSION:=2
endef
define Package/pgsqlodbc/description
- Postgresql driver for ODBC.
-endef
+$(call Package/unixodbc/Default/description)
-define Build/Compile
- $(MAKE) -C $(PKG_BUILD_DIR) \
- DESTDIR="$(PKG_INSTALL_DIR)" \
- $(MAKE_FLAGS) \
- ARCH="$(ARCH)" \
- CC="$(TARGET_CC)"
- $(MAKE) -C $(PKG_BUILD_DIR) \
- DESTDIR="$(PKG_INSTALL_DIR)" \
- $(MAKE_FLAGS) \
- ARCH="$(ARCH)" \
- install -i
+This package provides the PostgreSQL driver for ODBC.
endef
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
- $(CP) $(PKG_INSTALL_DIR)/$(STAGING_DIR)/usr/include/*.h $(1)/usr/include/
+ $(CP) $(PKG_INSTALL_DIR)/usr/include/*.h $(1)/usr/include/
# Save autoconf config.h file for host build
# copy target autoconf config.h and unixodbc_conf.h file for host build
- $(INSTALL_DIR) $(1)/tmp/unixodbc
- $(CP) $(PKG_BUILD_DIR)/config.h $(1)/tmp/unixodbc/
- $(CP) $(PKG_BUILD_DIR)/unixodbc_conf.h $(1)/tmp/unixodbc/
+ $(INSTALL_DIR) $(1)/usr/include/unixodbc
+ $(CP) $(PKG_BUILD_DIR)/config.h $(1)/usr/include/unixodbc/
+ $(CP) $(PKG_BUILD_DIR)/unixodbc_conf.h $(1)/usr/include/unixodbc/
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/* $(1)/usr/lib/
$(INSTALL_DIR) $(1)/etc
$(CP) $(PKG_INSTALL_DIR)/etc/odbc* $(1)/etc/
$(INSTALL_DIR) $(1)/etc/ODBCDataSources
- $(TARGET_CC) $(TARGET_CFLAGS) -E ./files/unixodbc_conf.h | tr '@' '\#' >$(1)/usr/include/unixodbc_conf.h
endef
-define Package/unixodbc/install
+define Package/libodbc/install
$(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libodbc[ci]*so* $(1)/usr/lib/
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libodbc.*so* $(1)/usr/lib/
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnn*so* $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libodbc.so* $(1)/usr/lib/
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/odbc.init $(1)/etc/init.d/odbc
$(LN) /tmp/etc/odbcinst.ini $(1)/etc/odbcinst.ini
endef
+define Package/libodbccr/install
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libodbccr.so* $(1)/usr/lib/
+endef
+
+define Package/libodbcinst/install
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libodbcinst.so* $(1)/usr/lib/
+endef
+
+Package/unixodbc/install:=:
+
define Package/unixodbc-tools/install
$(INSTALL_DIR) $(1)/usr/bin
$(CP) $(PKG_INSTALL_DIR)/usr/bin/{dltest,isql,iusql,odbcinst,slencheck} $(1)/usr/bin/
define Package/pgsqlodbc/install
$(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libodbcpsql*so* $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libodbcpsql.so* $(1)/usr/lib/
$(INSTALL_DIR) $(1)/etc/odbcinst.ini.d/
- echo "[PostgreSQL]" > $(1)/etc/odbcinst.ini.d/pgsqlodbc.ini
- echo "Description = unixODBC PostgreSQL driver" >> $(1)/etc/odbcinst.ini.d/pgsqlodbc.ini
- echo "Driver = /usr/lib/libodbcpsql.so" >> $(1)/etc/odbcinst.ini.d/pgsqlodbc.ini
+ $(INSTALL_DATA) ./files/pgsqlodbc.ini $(1)/etc/odbcinst.ini.d/
endef
define Host/Configure
$(call Host/Configure/Default)
- cp $(STAGING_DIR)/tmp/unixodbc/config.h $(HOST_BUILD_DIR)
- sed -i -e 's!\(LIB_PREFIX \).*$$$$!\1"$(STAGING_DIR)/usr/lib"!' $(HOST_BUILD_DIR)/config.h
- cp $(STAGING_DIR)/tmp/unixodbc/unixodbc_conf.h $(HOST_BUILD_DIR)
+ $(CP) $(STAGING_DIR)/usr/include/unixodbc/config.h $(HOST_BUILD_DIR)
+ $(CP) $(STAGING_DIR)/usr/include/unixodbc/unixodbc_conf.h $(HOST_BUILD_DIR)
+ $(CP) $(STAGING_DIR)/usr/include/unixodbc.h $(HOST_BUILD_DIR)
+ $(SED) 's!^#define INCLUDE_PREFIX ".*"!#define INCLUDE_PREFIX "$(STAGING_DIR)/usr/include"!' \
+ -e 's!^#define LIB_PREFIX ".*"!#define LIB_PREFIX "$(STAGING_DIR)/usr/lib"!' \
+ $(HOST_BUILD_DIR)/config.h \
+ $(HOST_BUILD_DIR)/unixodbc_conf.h
endef
define Host/Compile
- $(MAKE) -C $(HOST_BUILD_DIR)/exe \
- DESTDIR="$(HOST_INSTALL_DIR)" \
- CC="$(HOSTCC)" \
- CFLAGS="$(HOST_CFLAGS) -DUSE_UNIXODBC_CONF_H" \
- LDFLAGS="$(HOST_LDFLAGS)" \
- odbc_config
+ $(call Host/Compile/Default,-C $(HOST_BUILD_DIR)/exe odbc_config)
endef
define Host/Install
- $(INSTALL_DIR) $(STAGING_DIR_HOST)/bin
- $(INSTALL_BIN) $(HOST_BUILD_DIR)/exe/odbc_config $(STAGING_DIR_HOST)/bin
+ $(INSTALL_DIR) $(STAGING_DIR)/host/bin
+ $(INSTALL_BIN) $(HOST_BUILD_DIR)/exe/odbc_config $(STAGING_DIR)/host/bin/
endef
+$(eval $(call BuildPackage,libodbc))
+$(eval $(call BuildPackage,libodbccr))
+$(eval $(call BuildPackage,libodbcinst))
$(eval $(call BuildPackage,unixodbc))
$(eval $(call BuildPackage,unixodbc-tools))
$(eval $(call BuildPackage,pgsqlodbc))
--- /dev/null
+[PostgreSQL]
+Description = unixODBC PostgreSQL driver
+Driver = /usr/lib/libodbcpsql.so
+++ /dev/null
-@ifndef HAVE_UNISTD_H
- @define HAVE_UNISTD_H
-@endif
-@ifndef HAVE_PWD_H
- @define HAVE_PWD_H
-@endif
-@ifndef HAVE_SYS_TYPES_H
- @define HAVE_SYS_TYPES_H
-@endif
-@ifndef HAVE_LONG_LONG
- @define HAVE_LONG_LONG
-@endif
-@ifndef ODBCINT64
- @define ODBCINT64 long
-@endif
-@ifndef UODBCINT64
- @define UODBCINT64 unsigned long
-@endif
-@ifndef SIZEOF_LONG_INT
- @define SIZEOF_LONG_INT __SIZEOF_LONG__
-@endif
-
\ No newline at end of file
+++ /dev/null
---- a/exe/odbc-config.c
-+++ b/exe/odbc-config.c
-@@ -40,6 +40,33 @@
- #include <unistd.h>
- #endif
-
-+#ifdef USE_UNIXODBC_CONF_H
-+
-+#ifdef HAVE_UNISTD_H
-+#undef HAVE_UNISTD_H
-+#endif
-+#ifdef HAVE_PWD_H
-+#undef HAVE_PWD_H
-+#endif
-+#ifdef HAVE_SYS_TYPES_H
-+#undef HAVE_SYS_TYPES_H
-+#endif
-+#ifdef HAVE_LONG_LONG
-+#undef HAVE_LONG_LONG
-+#endif
-+#ifdef ODBCINT64
-+#undef ODBCINT64
-+#endif
-+#ifdef UODBCINT64
-+#undef UODBCINT64
-+#endif
-+#ifdef SIZEOF_LONG_INT
-+#undef SIZEOF_LONG_INT
-+#endif
-+
-+#include <unixodbc_conf.h>
-+#endif
-+
- #include <sql.h>
-
- static void usage( void )
--- /dev/null
+#!/bin/sh
+
+[ "$1" = unixodbc-tools ] || exit 0
+
+isql --version | grep -Fx "unixODBC $PKG_VERSION"
include $(TOPDIR)/rules.mk
PKG_NAME:=fdm
-PKG_VERSION:=2.0
-PKG_RELEASE:=3
+PKG_VERSION:=2.2
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/nicm/fdm/releases/download/$(PKG_VERSION)
-PKG_HASH:=06b28cb6b792570bc61d7e29b13d2af46b92fea77e058b2b17e11e8f7ed0cea4
+PKG_HASH:=53aad117829834e21c1b9bf20496a1aa1c0e0fb98fe7735e1e73314266fb6c16
PKG_MAINTAINER:=Dmitry V. Zimin <pfzim@mail.ru>
PKG_LICENSE:=BSD-2-Clause
TITLE:=fetch mail and deliver
URL:=https://github.com/nicm/fdm
MENU:=1
- DEPENDS:=+tdb +zlib +libopenssl +FDM_WITH_PCRE:libpcre
+ DEPENDS:=+tdb +zlib +libopenssl +FDM_WITH_PCRE:libpcre2
USERID:=_fdm=99:_fdm=99
endef
endef
ifdef CONFIG_FDM_WITH_PCRE
- CONFIGURE_ARGS += --enable-pcre
+ CONFIGURE_ARGS += --enable-pcre2
endif
define Package/fdm/config
+++ /dev/null
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -123,6 +123,3 @@ endif
- if NO_STRTONUM
- nodist_fdm_SOURCES += compat/strtonum.c
- endif
--if NO_B64_NTOP
--nodist_fdm_SOURCES += compat/base64.c
--endif
+++ /dev/null
-From 3aa079c4885d89257c5033b4992011511b603150 Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Tue, 26 Jun 2018 14:14:34 -0700
-Subject: [PATCH] Fix compile with OpenSSL 1.1.0
-
-OpenSSL 1.1.0 deprecared SSL_library_init and SSL_load_error_strings.
-They're part of OPENSSL_init_ssl now.
----
- fdm.c | 2 ++
- 1 file changed, 2 insertions(+)
-
---- a/fdm.c
-+++ b/fdm.c
-@@ -717,8 +717,10 @@ retry:
- }
- conf.lock_file = lock;
-
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- SSL_library_init();
- SSL_load_error_strings();
-+#endif
-
- /* Filter account list. */
- TAILQ_INIT(&actaq);
+++ /dev/null
-From 3232e537ccaba4417b25d9d70264e4a5533042da Mon Sep 17 00:00:00 2001
-From: Nicholas Marriott <nicholas.marriott@gmail.com>
-Date: Mon, 18 Mar 2019 13:04:00 +0000
-Subject: [PATCH] Fix bas64 declarations, from makepost at firemail dot cc.
-
----
- fdm.h | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
---- a/fdm.h
-+++ b/fdm.h
-@@ -20,7 +20,6 @@
- #define FDM_H
-
- #include <sys/param.h>
--#include <sys/cdefs.h>
- #include <sys/stat.h>
-
- #ifdef HAVE_QUEUE_H
-@@ -725,8 +724,8 @@ size_t strlcat(char *, const char *, s
-
- #ifndef HAVE_B64_NTOP
- /* base64.c */
--int b64_ntop(src, srclength, target, targsize);
--int b64_pton(src, target, targsize);
-+int b64_ntop(u_char const *, size_t, char *, size_t);
-+int b64_pton(char const *, u_char *, size_t);
- #endif
-
- /* shm.c */
--- /dev/null
+From f1ec1982725d60045c0d871f3e613f2880046c22 Mon Sep 17 00:00:00 2001
+From: Nicholas Marriott <nicholas.marriott@gmail.com>
+Date: Wed, 1 Feb 2023 15:31:30 +0000
+Subject: [PATCH] Fix bugs in PCRE2 code - don't walk off the end of the match
+ list if NOMATCH is returned, and don't stop on empty matches. From Thomas
+ Hurst.
+
+---
+ pcre.c | 45 ++++++++++++++++++++++++++-------------------
+ 1 file changed, 26 insertions(+), 19 deletions(-)
+
+--- a/pcre.c
++++ b/pcre.c
+@@ -66,7 +66,7 @@ int
+ re_block(struct re *re, const void *buf, size_t len, struct rmlist *rml,
+ char **cause)
+ {
+- int res;
++ int res, ret;
+ pcre2_match_data *pmd;
+ PCRE2_SIZE *ovector;
+ u_int i, j;
+@@ -85,27 +85,34 @@ re_block(struct re *re, const void *buf,
+ }
+
+ pmd = pcre2_match_data_create_from_pattern(re->pcre2, NULL);
+- res = pcre2_match(re->pcre2, buf, len, 0, 0, pmd, NULL);
+- if (res < 0 && res != PCRE2_ERROR_NOMATCH) {
+- xasprintf(cause, "%s: regexec failed", re->str);
+- pcre2_match_data_free(pmd);
+- return (-1);
+- }
++ if (pmd == NULL)
++ fatalx("pcre2_match_data_create_from_pattern failed");
+
+- if (rml != NULL) {
+- ovector = pcre2_get_ovector_pointer(pmd);
+- for (i = 0; i < res; i++) {
+- j = i * 2;
+- if (ovector[j + 1] <= ovector[j])
+- break;
+- rml->list[i].valid = 1;
+- rml->list[i].so = ovector[j];
+- rml->list[i].eo = ovector[j + 1];
++ res = pcre2_match(re->pcre2, buf, len, 0, 0, pmd, NULL);
++ if (res > 0) {
++ if (rml != NULL) {
++ if (res > NPMATCH)
++ res = NPMATCH;
++ ovector = pcre2_get_ovector_pointer(pmd);
++ for (i = 0; i < res; i++) {
++ j = i * 2;
++ if (ovector[j + 1] < ovector[j])
++ break;
++ rml->list[i].valid = 1;
++ rml->list[i].so = ovector[j];
++ rml->list[i].eo = ovector[j + 1];
++ }
++ rml->valid = 1;
+ }
+- rml->valid = 1;
++ ret = 1;
++ } else if (res == PCRE2_ERROR_NOMATCH)
++ ret = 0;
++ else {
++ xasprintf(cause, "%s: regexec failed", re->str);
++ ret = -1;
+ }
+-
+- return (res != PCRE2_ERROR_NOMATCH);
++ pcre2_match_data_free(pmd);
++ return (ret);
+ }
+
+ void
--- /dev/null
+From 028f59bef0ea9435fb8fbe095b2939652ce63479 Mon Sep 17 00:00:00 2001
+From: Nicholas Marriott <nicholas.marriott@gmail.com>
+Date: Mon, 3 Apr 2023 08:54:28 +0100
+Subject: [PATCH] Fix use-after-free, GitHub issue 126.
+
+---
+ connect.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/connect.c
++++ b/connect.c
+@@ -550,8 +550,8 @@ httpproxy(struct server *srv,
+ if (strlen(line) < 12 ||
+ strncmp(line, "HTTP/", 5) != 0 ||
+ strncmp(line + 8, " 200", 4) != 0) {
+- xfree(line);
+ xasprintf(cause, "unexpected data: %s", line);
++ xfree(line);
+ return (-1);
+ }
+ header = 1;
include $(TOPDIR)/rules.mk
PKG_NAME:=postfix
-PKG_VERSION:=3.5.8
-PKG_RELEASE:=3
+PKG_VERSION:=3.8.2
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:= \
https://de.postfix.org/ftpmirror/official/ \
http://ftp.porcupine.org/mirrors/postfix-release/official/
-PKG_HASH:=22582628cf3edc18c5155c9ff44543dd95a9435fb68135d76a99f572cb07456f
+PKG_HASH:=6790903cdbb5e0e47196691eb9a5f2cf8050262def941e039e6d4bf4043a5e30
PKG_MAINTAINER:=Denis Shulyaka <Shulyaka@gmail.com>
PKG_LICENSE:=IPL-1.0
postfix=25:postfix=25 \
postdrop=26:postdrop=26
URL:=http://www.postfix.org/
- DEPENDS:=+POSTFIX_CDB:tinycdb +POSTFIX_TLS:libopenssl +POSTFIX_SASL:libsasl2 +POSTFIX_LDAP:libopenldap +POSTFIX_DB:libdb47 +POSTFIX_SQLITE:libsqlite3 +POSTFIX_MYSQL:libmysqlclient +POSTFIX_PGSQL:libpq +POSTFIX_EAI:icu +POSTFIX_PCRE:libpcre
+ DEPENDS:=+POSTFIX_CDB:tinycdb +POSTFIX_TLS:libopenssl +POSTFIX_SASL:libsasl2 +POSTFIX_LDAP:libopenldap +POSTFIX_DB:libdb47 +POSTFIX_SQLITE:libsqlite3 +POSTFIX_MYSQL:libmysqlclient +POSTFIX_PGSQL:libpq +POSTFIX_EAI:icu +POSTFIX_PCRE:libpcre2
MENU:=1
endef
endif
ifdef CONFIG_POSTFIX_PCRE
- CCARGS+=-DHAS_PCRE -I$(STAGING_DIR)/usr/include/
- AUXLIBS+=-L$(STAGING_DIR)/usr/lib -lpcre
+ CCARGS+=-DHAS_PCRE2 -I$(STAGING_DIR)/usr/include/
+ AUXLIBS+=-L$(STAGING_DIR)/usr/lib -lpcre2-8
else
CCARGS+=-DNO_PCRE
endif
#endif
--- a/src/util/sys_defs.h
+++ b/src/util/sys_defs.h
-@@ -1509,7 +1509,7 @@ extern int setsid(void);
+@@ -1519,7 +1519,7 @@ extern int setsid(void);
#endif
#ifndef HAS_CLOSEFROM
#endif
-@@ -1563,7 +1563,7 @@ typedef int pid_t;
+@@ -1573,7 +1573,7 @@ typedef int pid_t;
/*
* Clang-style attribute tests.
* XXX Without the unconditional test below, gcc 4.6 will barf on ``elif
* defined(__clang__) && __has_attribute(__whatever__)'' with error message
* ``missing binary operator before token "("''.
-@@ -1577,7 +1577,7 @@ typedef int pid_t;
+@@ -1587,7 +1587,7 @@ typedef int pid_t;
* warn for missing initializations and other trouble. However, OPENSTEP4
* gcc 2.7.x cannot handle this so we define this only if NORETURN isn't
* already defined above.
* Data point: gcc 2.7.2 has __attribute__ (Wietse Venema) but gcc 2.6.3 does
* not (Clive Jones). So we'll set the threshold at 2.7.
*/
-@@ -1653,12 +1653,12 @@ typedef int pid_t;
+@@ -1663,12 +1663,12 @@ typedef int pid_t;
* write to output parameters (for example, stat- or scanf-like functions)
* or from functions that have other useful side effects (for example,
* fseek- or rename-like functions).
* XXX Prepending "(void)" won't shut up GCC. Clang behaves as expected.
*/
#if ((__GNUC__ == 3 && __GNUC_MINOR__ >= 4) || __GNUC__ > 3)
-@@ -1747,7 +1747,7 @@ typedef const char *CONST_CHAR_STAR;
+@@ -1749,7 +1749,7 @@ typedef const char *CONST_CHAR_STAR;
* Safety. On some systems, ctype.h misbehaves with non-ASCII or negative
* characters. More importantly, Postfix uses the ISXXX() macros to ensure
* protocol compliance, so we have to rule out non-ASCII characters.
--- a/src/util/dict_db.c
+++ b/src/util/dict_db.c
-@@ -750,8 +750,8 @@ static DICT *dict_db_open(const char *cl
+@@ -751,8 +751,8 @@ static DICT *dict_db_open(const char *cl
msg_fatal("create DB database: %m");
if (db == 0)
msg_panic("db_create null result");
+// if (type == DB_HASH && db->set_h_nelem(db, DICT_DB_NELM) != 0)
+// msg_fatal("set DB hash element count %d: %m", DICT_DB_NELM);
db_base_buf = vstring_alloc(100);
- #if DB_VERSION_MAJOR == 6 || DB_VERSION_MAJOR == 5 || \
+ #if DB_VERSION_MAJOR == 18 || DB_VERSION_MAJOR == 6 || DB_VERSION_MAJOR == 5 || \
(DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR > 0)
--- a/src/util/sys_defs.h
+++ b/src/util/sys_defs.h
-@@ -760,9 +760,8 @@ extern int initgroups(const char *, int)
+@@ -774,9 +774,8 @@ extern int initgroups(const char *, int)
#define INTERNAL_LOCK MYFLOCK_STYLE_FLOCK
#define DEF_MAILBOX_LOCK "fcntl, dotlock" /* RedHat >= 4.x */
#define HAS_FSYNC
--- a/makedefs
+++ b/makedefs
-@@ -215,7 +215,7 @@ error() {
+@@ -233,7 +233,7 @@ ARFL=rv
case $# in
# Officially supported usage.
RELEASE=`(uname -r) 2>/dev/null`
# No ${x%%y} support in Solaris 11 /bin/sh
RELEASE_MAJOR=`expr "$RELEASE" : '\([0-9]*\)'` || exit 1
-@@ -242,6 +242,15 @@ case "$SYSTEM" in
+@@ -247,6 +247,15 @@ case $# in
esac
case "$SYSTEM.$RELEASE" in
--- a/src/posttls-finger/posttls-finger.c
+++ b/src/posttls-finger/posttls-finger.c
-@@ -342,6 +342,7 @@
+@@ -346,6 +346,7 @@
#include <sys/un.h>
#include <netinet/in.h>
#include <arpa/inet.h>
+++ /dev/null
---- a/src/util/sys_defs.h
-+++ b/src/util/sys_defs.h
-@@ -749,7 +749,8 @@ extern int initgroups(const char *, int)
- /*
- * LINUX.
- */
--#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5)
-+#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5) \
-+ || defined(LINUX6)
- #define SUPPORTED
- #define UINT32_TYPE unsigned int
- #define UINT16_TYPE unsigned short
--- a/conf/main.cf
+++ b/conf/main.cf
-@@ -40,43 +40,8 @@ compatibility_level = 2
+@@ -44,43 +44,8 @@ compatibility_level = 3.8
#
#soft_bounce = no
# The default_privs parameter specifies the default rights used by
# the local delivery agent for delivery to external file or command.
# These rights are used in the absence of a recipient user context.
-@@ -632,45 +597,4 @@ debugger_command =
+@@ -641,45 +606,4 @@ debugger_command =
# -dmS $process_name gdb $daemon_directory/$process_name
# $process_id & sleep 1
help
Use internal POSIX Regular Expressions.
Note that not all EPG parsers will work with POSIX RegEx.
- config TVHEADEND_REGEX_PCRE
- bool "PCRE (libpcre)"
- select PACKAGE_libpcre
- help
- Use more advanced Perl-Compatible Regular Expressions, provided by libpcre.
config TVHEADEND_REGEX_PCRE2
bool "PCRE2 (libpcre2)"
select PACKAGE_libpcre2
PKG_NAME:=tvheadend
PKG_VERSION:=2023-06-05
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/tvheadend/tvheadend.git
$(ICONV_DEPENDS) \
+zlib \
+TVHEADEND_AVAHI_SUPPORT:libavahi-client \
- +TVHEADEND_REGEX_PCRE:libpcre \
+TVHEADEND_REGEX_PCRE2:libpcre2 \
+BUILD_PATENTED&&TVHEADEND_CSA:libdvbcsa
CONFIGURE_ARGS += --disable-trace
endif
+CONFIGURE_ARGS += --disable-pcre
ifneq ($(CONFIG_TVHEADEND_REGEX_PCRE2),)
- CONFIGURE_ARGS += --disable-pcre --enable-pcre2
-else
-ifneq ($(CONFIG_TVHEADEND_REGEX_PCRE),)
- CONFIGURE_ARGS += --enable-pcre --disable-pcre2
+ CONFIGURE_ARGS += --enable-pcre2
else
ifneq ($(CONFIG_TVHEADEND_REGEX_POSIX),)
- CONFIGURE_ARGS += --disable-pcre --disable-pcre2
-endif
+ CONFIGURE_ARGS += --disable-pcre2
endif
endif
--with-libpcap-include=$(STAGING_DIR)/usr/include \
--with-libpcap-lib=$(STAGING_DIR)/usr/lib \
--without-opt \
+ --with-libbsd=no \
\
PYTHON=$(PYTHON) \
\
--- /dev/null
+From 0265e79f3c9a27a3ffd186e7d3bcd2f744052605 Mon Sep 17 00:00:00 2001
+From: Christian Marangi <ansuelsmth@gmail.com>
+Date: Sat, 28 Oct 2023 17:30:09 +0200
+Subject: [PATCH] build: add option to disable bsd library inclusion
+
+It might be needed to disable bsd inclusion and fallback to the compat
+functions even if bsd headers are detected.
+
+This is the case when multiple library are cross-compiled and someone
+wants to explicitly compile aircrack-ng without linking to bsd library.
+
+With the current implementation, if a bsd header is detected, the bsd
+library is always linked even if unwanted. Add option to configure this
+with the combo --with-libbsd=yes|no|auto with auto set by default.
+
+Also add an extra featurw with introducing the possibility of requiring
+the bsd library and fail the configure phase.
+
+Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
+---
+ build/m4/aircrack_ng_compat.m4 | 24 +++++++++++++++++++++---
+ 1 file changed, 21 insertions(+), 3 deletions(-)
+
+--- a/build/m4/aircrack_ng_compat.m4
++++ b/build/m4/aircrack_ng_compat.m4
+@@ -38,11 +38,29 @@ dnl If you delete this exception stateme
+ dnl program, then also delete it here.
+
+ AC_DEFUN([AIRCRACK_NG_COMPAT], [
++AC_ARG_WITH(libbsd,
++ [AS_HELP_STRING([--with-libbsd[[=auto|yes|no]]], [use BSD library, [default=auto]])])
++
++case $with_libbsd in
++ yes | "" | auto)
++ AC_CHECK_HEADERS([bsd/string.h], [HAVE_BSD_STRING_H=yes])
++ AC_CHECK_LIB([bsd], [strlcpy], [:])
++ AC_CHECK_FUNCS([strlcpy strlcat], [:])
++ ;;
++esac
+
+-AC_CHECK_HEADERS([bsd/string.h], [HAVE_BSD_STRING_H=yes], [HAVE_BSD_STRING_H=no])
+ AM_CONDITIONAL([HAVE_BSD_STRING_H], [test "$HAVE_BSD_STRING_H" = yes])
+-AC_CHECK_LIB([bsd], [strlcpy], [ LIBS="$LIBS -lbsd" ], [:])
+-AC_CHECK_FUNCS([strlcpy strlcat], [:])
++
++if test $with_libbsd != no
++then
++ if test $ac_cv_lib_bsd_strlcpy = yes
++ then
++ LIBS="$LIBS -lbsd"
++ elif test $with_libbsd = yes
++ then
++ AC_MSG_ERROR([cannot configure required bsd library])
++ fi
++fi
+
+ have_bsd=no
+ if test "$cross_compiling" != yes
--- /dev/null
+From 6317063da827732dbc5cc0dd1650ed016bd2927c Mon Sep 17 00:00:00 2001
+From: Christian Marangi <ansuelsmth@gmail.com>
+Date: Sun, 29 Oct 2023 14:41:18 +0100
+Subject: [PATCH] build: support strlcat/strlcpy from musl or recent glibc
+
+Musl or recent glibc added support for these additional string function,
+strlcat and strlcpy hence the compat function are not needed and the
+builtin version can be used instead.
+
+Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
+---
+ build/m4/aircrack_ng_compat.m4 | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/build/m4/aircrack_ng_compat.m4
++++ b/build/m4/aircrack_ng_compat.m4
+@@ -41,11 +41,12 @@ AC_DEFUN([AIRCRACK_NG_COMPAT], [
+ AC_ARG_WITH(libbsd,
+ [AS_HELP_STRING([--with-libbsd[[=auto|yes|no]]], [use BSD library, [default=auto]])])
+
++AC_CHECK_FUNCS([strlcpy strlcat], [:])
++
+ case $with_libbsd in
+ yes | "" | auto)
+ AC_CHECK_HEADERS([bsd/string.h], [HAVE_BSD_STRING_H=yes])
+ AC_CHECK_LIB([bsd], [strlcpy], [:])
+- AC_CHECK_FUNCS([strlcpy strlcat], [:])
+ ;;
+ esac
+
PKG_NAME:=apinger
PKG_SOURCE_DATE:=2015-04-09
PKG_SOURCE_VERSION:=78eb328721ba1a10571c19df95acddcb5f0c17c8
-PKG_RELEASE:=5
+PKG_RELEASE:=6
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/Jajcus/apinger
config_get_bool rrd "$target" rrd 0
[ -z "$address" ] && return 0
-
- srcip=$(uci_get network "$interface" ipaddr)
- [ -z "$srcip" ] && network_get_ipaddr srcip "$interface"
- srcip="${srcip:-0.0.0.0}"
+ if [ -z $(echo "$address"|sed "/:/d") ]; then
+ srcip=$(uci_get network "$interface" ip6addr)
+ [ -z "$srcip"] && network_get_ipaddr6 srcip "$interface"
+ srcip="${srcip:-::}"
+ else
+ srcip=$(uci_get network "$interface" ipaddr)
+ [ -z "$srcip"] && network_get_ipaddr srcip "$interface"
+ srcip="${srcip:-0.0.0.0}"
+ fi
alarms=${alarm_down:+\"${alarm_down}\"}
alarms=${alarm_delay:+${alarms:+${alarms}, }}${alarm_delay:+\"${alarm_delay}\"}
local percent_low percent_high
config_get percent_low "$alarm" percent_low
- config_get percent_high "$alarm" percent_low
+ config_get percent_high "$alarm" percent_high
if [ -z "$percent_low" ] || [ -z "$percent_high" ]; then
return
local debug status_interval rrd_interval instance
instance=$1
- config_get_bool debug apinger debug 0
- config_get status_interval apinger status_interval 1
- config_get rrd_interval apinger rrd_interval 30
+ config_get_bool debug "$instance" debug 0
+ config_get status_interval "$instance" status_interval 1
+ config_get rrd_interval "$instance" rrd_interval 30
[ "$debug" = "1" ] && debug=on || debug=off
if [ -f "$status_file" ]; then
_IFS="$IFS"
IFS="|"
- while read -r address srcip target received sent timestamp latency loss alarm; do
+ while read -r address srcip target sent received timestamp latency loss alarm; do
json_add_object targets
json_add_string interface "$iface"
json_add_string target "$target"
include $(TOPDIR)/rules.mk
PKG_NAME:=banip
-PKG_VERSION:=0.9.1
+PKG_VERSION:=0.9.2
PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
SECTION:=net
CATEGORY:=Network
TITLE:=banIP blocks IPs via named nftables Sets
- DEPENDS:=+jshn +jsonfilter +firewall4 +ca-bundle +logd +rpcd +rpcd-mod-rpcsys
+ DEPENDS:=+jshn +jsonfilter +firewall4 +ca-bundle +rpcd +rpcd-mod-rpcsys
PKGARCH:=all
endef
* Supports allowing / blocking of certain VLAN forwards
## Prerequisites
-* **[OpenWrt](https://openwrt.org)**, latest stable release or a snapshot with nft/firewall 4 and logd/logread support
+* **[OpenWrt](https://openwrt.org)**, latest stable release or a snapshot with nft/firewall 4 support
* A download utility with SSL support: 'aria2c', 'curl', full 'wget' or 'uclient-fetch' with one of the 'libustream-*' SSL libraries, the latter one doesn't provide support for ETag HTTP header
* A certificate store like 'ca-bundle', as banIP checks the validity of the SSL certificates of all download sites by default
* For E-Mail notifications you need to install and setup the additional 'msmtp' package
## banIP config options
-| Option | Type | Default | Description |
-| :---------------------- | :----- | :---------------------------- | :----------------------------------------------------------------------------------------------------------- |
-| ban_enabled | option | 0 | enable the banIP service |
-| ban_nicelimit | option | 0 | ulimit nice level of the banIP service (range 0-19) |
-| ban_filelimit | option | 1024 | ulimit max open/number of files (range 1024-4096) |
-| ban_loglimit | option | 100 | scan only the last n log entries permanently. A value of '0' disables the monitor |
-| ban_logcount | option | 1 | how many times the IP must appear in the log to be considered as suspicious |
-| ban_logterm | list | regex | various regex for logfile parsing (default: dropbear, sshd, luci, nginx, asterisk) |
-| ban_autodetect | option | 1 | auto-detect wan interfaces, devices and subnets |
-| ban_debug | option | 0 | enable banIP related debug logging |
-| ban_loginput | option | 1 | log drops in the wan-input chain |
-| ban_logforwardwan | option | 1 | log drops in the wan-forward chain |
-| ban_logforwardlan | option | 0 | log rejects in the lan-forward chain |
-| ban_autoallowlist | option | 1 | add wan IPs/subnets and resolved domains automatically to the local allowlist (not only to the Sets) |
-| ban_autoblocklist | option | 1 | add suspicious attacker IPs and resolved domains automatically to the local blocklist (not only to the Sets) |
-| ban_autoblocksubnet | option | 0 | add entire subnets to the blocklist Sets based on an additional RDAP request with the suspicious IP |
-| ban_autoallowuplink | option | subnet | limit the uplink autoallow function to: 'subnet', 'ip' or 'disable' it at all |
-| ban_allowlistonly | option | 0 | restrict the internet access from/to a given number of secure websites/IPs |
-| ban_basedir | option | /tmp | base working directory while banIP processing |
-| ban_reportdir | option | /tmp/banIP-report | directory where banIP stores the report files |
-| ban_backupdir | option | /tmp/banIP-backup | directory where banIP stores the compressed backup files |
-| ban_protov4 | option | - / autodetect | enable IPv4 support |
-| ban_protov6 | option | - / autodetect | enable IPv4 support |
-| ban_ifv4 | list | - / autodetect | logical wan IPv4 interfaces, e.g. 'wan' |
-| ban_ifv6 | list | - / autodetect | logical wan IPv6 interfaces, e.g. 'wan6' |
-| ban_dev | list | - / autodetect | wan device(s), e.g. 'eth2' |
-| ban_vlanallow | list | - | always allow certain VLAN forwards, e.g. br-lan.20 |
-| ban_vlanblock | list | - | always block certain VLAN forwards, e.g. br-lan.10 |
-| ban_trigger | list | - | logical reload trigger interface(s), e.g. 'wan' |
-| ban_triggerdelay | option | 10 | trigger timeout during interface reload and boot |
-| ban_deduplicate | option | 1 | deduplicate IP addresses across all active Sets |
-| ban_splitsize | option | 0 | split ext. Sets after every n lines/members (saves RAM) |
-| ban_cores | option | - / autodetect | limit the cpu cores used by banIP (saves RAM) |
-| ban_nftloglevel | option | warn | nft loglevel, values: emerg, alert, crit, err, warn, notice, info, debug |
-| ban_nftpriority | option | -200 | nft priority for the banIP table (default is the prerouting table priority) |
-| ban_nftpolicy | option | memory | nft policy for banIP-related Sets, values: memory, performance |
-| ban_nftexpiry | option | - | expiry time for auto added blocklist members, e.g. '5m', '2h' or '1d' |
-| ban_feed | list | - | external download feeds, e.g. 'yoyo', 'doh', 'country' or 'talos' (see feed table) |
-| ban_asn | list | - | ASNs for the 'asn' feed, e.g.'32934' |
-| ban_country | list | - | country iso codes for the 'country' feed, e.g. 'ru' |
-| ban_blockpolicy | option | - | limit the default block policy to a certain chain, e.g. 'input', 'forwardwan' or 'forwardlan' |
-| ban_blocktype | option | drop | 'drop' packets silently on input and forwardwan chains or actively 'reject' the traffic |
-| ban_blockinput | list | - | limit a feed to the wan-input chain, e.g. 'country' |
-| ban_blockforwardwan | list | - | limit a feed to the wan-forward chain, e.g. 'debl' |
-| ban_blockforwardlan | list | - | limit a feed to the lan-forward chain, e.g. 'doh' |
-| ban_fetchcmd | option | - / autodetect | 'uclient-fetch', 'wget', 'curl' or 'aria2c' |
-| ban_fetchparm | option | - / autodetect | set the config options for the selected download utility |
-| ban_fetchretry | option | 5 | number of download attempts in case of an error (not supported by uclient-fetch) |
-| ban_fetchinsecure | option | 0 | don't check SSL server certificates during download |
-| ban_mailreceiver | option | - | receiver address for banIP related notification E-Mails |
-| ban_mailsender | option | no-reply@banIP | sender address for banIP related notification E-Mails |
-| ban_mailtopic | option | banIP notification | topic for banIP related notification E-Mails |
-| ban_mailprofile | option | ban_notify | mail profile used in 'msmtp' for banIP related notification E-Mails |
-| ban_mailnotification | option | 0 | receive E-Mail notifications with every banIP run |
-| ban_reportelements | option | 1 | count Set elements in the report, disable this option to speed up the report significantly |
-| ban_resolver | option | - | external resolver used for DNS lookups |
+| Option | Type | Default | Description |
+| :---------------------- | :----- | :---------------------------- | :---------------------------------------------------------------------------------------------------------------- |
+| ban_enabled | option | 0 | enable the banIP service |
+| ban_nicelimit | option | 0 | ulimit nice level of the banIP service (range 0-19) |
+| ban_filelimit | option | 1024 | ulimit max open/number of files (range 1024-4096) |
+| ban_loglimit | option | 100 | scan only the last n log entries permanently. A value of '0' disables the monitor |
+| ban_logcount | option | 1 | how many times the IP must appear in the log to be considered as suspicious |
+| ban_logterm | list | regex | various regex for logfile parsing (default: dropbear, sshd, luci, nginx, asterisk) |
+| ban_logreadfile | option | /var/log/messages | alternative location for parsing the log file, e.g. via syslog-ng, to deactivate the standard parsing via logread |
+| ban_autodetect | option | 1 | auto-detect wan interfaces, devices and subnets |
+| ban_debug | option | 0 | enable banIP related debug logging |
+| ban_loginput | option | 1 | log drops in the wan-input chain |
+| ban_logforwardwan | option | 1 | log drops in the wan-forward chain |
+| ban_logforwardlan | option | 0 | log rejects in the lan-forward chain |
+| ban_autoallowlist | option | 1 | add wan IPs/subnets and resolved domains automatically to the local allowlist (not only to the Sets) |
+| ban_autoblocklist | option | 1 | add suspicious attacker IPs and resolved domains automatically to the local blocklist (not only to the Sets) |
+| ban_autoblocksubnet | option | 0 | add entire subnets to the blocklist Sets based on an additional RDAP request with the suspicious IP |
+| ban_autoallowuplink | option | subnet | limit the uplink autoallow function to: 'subnet', 'ip' or 'disable' it at all |
+| ban_allowlistonly | option | 0 | restrict the internet access from/to a given number of secure websites/IPs |
+| ban_basedir | option | /tmp | base working directory while banIP processing |
+| ban_reportdir | option | /tmp/banIP-report | directory where banIP stores the report files |
+| ban_backupdir | option | /tmp/banIP-backup | directory where banIP stores the compressed backup files |
+| ban_protov4 | option | - / autodetect | enable IPv4 support |
+| ban_protov6 | option | - / autodetect | enable IPv4 support |
+| ban_ifv4 | list | - / autodetect | logical wan IPv4 interfaces, e.g. 'wan' |
+| ban_ifv6 | list | - / autodetect | logical wan IPv6 interfaces, e.g. 'wan6' |
+| ban_dev | list | - / autodetect | wan device(s), e.g. 'eth2' |
+| ban_vlanallow | list | - | always allow certain VLAN forwards, e.g. br-lan.20 |
+| ban_vlanblock | list | - | always block certain VLAN forwards, e.g. br-lan.10 |
+| ban_trigger | list | - | logical reload trigger interface(s), e.g. 'wan' |
+| ban_triggerdelay | option | 10 | trigger timeout during interface reload and boot |
+| ban_deduplicate | option | 1 | deduplicate IP addresses across all active Sets |
+| ban_splitsize | option | 0 | split ext. Sets after every n lines/members (saves RAM) |
+| ban_cores | option | - / autodetect | limit the cpu cores used by banIP (saves RAM) |
+| ban_nftloglevel | option | warn | nft loglevel, values: emerg, alert, crit, err, warn, notice, info, debug |
+| ban_nftpriority | option | -200 | nft priority for the banIP table (default is the prerouting table priority) |
+| ban_nftpolicy | option | memory | nft policy for banIP-related Sets, values: memory, performance |
+| ban_nftexpiry | option | - | expiry time for auto added blocklist members, e.g. '5m', '2h' or '1d' |
+| ban_feed | list | - | external download feeds, e.g. 'yoyo', 'doh', 'country' or 'talos' (see feed table) |
+| ban_asn | list | - | ASNs for the 'asn' feed, e.g.'32934' |
+| ban_country | list | - | country iso codes for the 'country' feed, e.g. 'ru' |
+| ban_blockpolicy | option | - | limit the default block policy to a certain chain, e.g. 'input', 'forwardwan' or 'forwardlan' |
+| ban_blocktype | option | drop | 'drop' packets silently on input and forwardwan chains or actively 'reject' the traffic |
+| ban_blockinput | list | - | limit a feed to the wan-input chain, e.g. 'country' |
+| ban_blockforwardwan | list | - | limit a feed to the wan-forward chain, e.g. 'debl' |
+| ban_blockforwardlan | list | - | limit a feed to the lan-forward chain, e.g. 'doh' |
+| ban_fetchcmd | option | - / autodetect | 'uclient-fetch', 'wget', 'curl' or 'aria2c' |
+| ban_fetchparm | option | - / autodetect | set the config options for the selected download utility |
+| ban_fetchretry | option | 5 | number of download attempts in case of an error (not supported by uclient-fetch) |
+| ban_fetchinsecure | option | 0 | don't check SSL server certificates during download |
+| ban_mailreceiver | option | - | receiver address for banIP related notification E-Mails |
+| ban_mailsender | option | no-reply@banIP | sender address for banIP related notification E-Mails |
+| ban_mailtopic | option | banIP notification | topic for banIP related notification E-Mails |
+| ban_mailprofile | option | ban_notify | mail profile used in 'msmtp' for banIP related notification E-Mails |
+| ban_mailnotification | option | 0 | receive E-Mail notifications with every banIP run |
+| ban_reportelements | option | 1 | count Set elements in the report, disable this option to speed up the report significantly |
+| ban_resolver | option | - | external resolver used for DNS lookups |
## Examples
**banIP report information**
ban_rdapfile="/var/run/banip_rdap.json"
ban_rdapurl="https://rdap.db.ripe.net/ip/"
ban_lock="/var/run/banip.lock"
-ban_logreadcmd="$(command -v logread)"
+ban_logreadfile="/var/log/messages"
+ban_logreadcmd=""
ban_logcmd="$(command -v logger)"
ban_ubuscmd="$(command -v ubus)"
ban_nftcmd="$(command -v nft)"
local ppid pid pids
ppid="$("${ban_catcmd}" "${ban_pidfile}" 2>/dev/null)"
- [ -n "${ppid}" ] && pids="$(pgrep -P "${ppid}" 2>/dev/null)"
+ if [ -n "${ppid}" ]; then
+ pids="$(pgrep -P "${ppid}" 2>/dev/null)"
+ for pid in ${pids}; do
+ pids="${pids} $(pgrep -P "${pid}" 2>/dev/null)"
+ done
+ fi
for pid in ${pids}; do
kill -INT "${pid}" >/dev/null 2>&1
done
}
}
config_load banip
+ [ -f "${ban_logreadfile}" ] && ban_logreadcmd="$(command -v tail)" || ban_logreadcmd="$(command -v logread)"
}
# get nft/monitor actuals
#
f_actual() {
- local nft monitor
+ local nft monitor ppid pid
if "${ban_nftcmd}" -t list set inet banIP allowlistv4MAC >/dev/null 2>&1; then
nft="$(f_char "1")"
else
nft="$(f_char "0")"
fi
- if pgrep -f "${ban_logreadcmd##*/}" -P "$("${ban_catcmd}" "${ban_pidfile}" 2>/dev/null)" >/dev/null 2>&1; then
+
+ ppid="$("${ban_catcmd}" "${ban_pidfile}" 2>/dev/null)"
+ if [ -n "${ppid}" ]; then
+ pid="$(pgrep -oP "${ppid}" 2>/dev/null)"
+ fi
+ if pgrep -f "${ban_logreadcmd##*/}" -P "${pid}" >/dev/null 2>&1; then
monitor="$(f_char "1")"
else
monitor="$(f_char "0")"
# log monitor
#
f_monitor() {
- local nft_expiry line proto ip log_raw log_count rdap_log rdap_rc rdap_elements rdap_info
+ local logread_cmd loglimit_cmd nft_expiry line proto ip log_raw log_count rdap_log rdap_rc rdap_elements rdap_info
+
+ if [ -f "${ban_logreadfile}" ]; then
+ logread_cmd="${ban_logreadcmd} -qf ${ban_logreadfile} 2>/dev/null | ${ban_grepcmd} -e \"${ban_logterm%%??}\" 2>/dev/null"
+ loglimit_cmd="${ban_logreadcmd} -qn ${ban_loglimit} ${ban_logreadfile} 2>/dev/null"
+ elif printf "%s" "${ban_packages}" | "${ban_grepcmd}" -q '"logd'; then
+ logread_cmd="${ban_logreadcmd} -fe \"${ban_logterm%%??}\" 2>/dev/null"
+ loglimit_cmd="${ban_logreadcmd} -l ${ban_loglimit} 2>/dev/null"
+ fi
- if [ -x "${ban_logreadcmd}" ] && [ -n "${ban_logterm%%??}" ] && [ "${ban_loglimit}" != "0" ]; then
- f_log "info" "start detached banIP log service"
+ if [ -x "${ban_logreadcmd}" ] && [ -n "${logread_cmd}" ] && [ -n "${loglimit_cmd}" ] && [ -n "${ban_logterm%%??}" ] && [ "${ban_loglimit}" != "0" ]; then
+ f_log "info" "start detached banIP log service (${ban_logreadcmd})"
[ -n "${ban_nftexpiry}" ] && nft_expiry="timeout $(printf "%s" "${ban_nftexpiry}" | "${ban_grepcmd}" -oE "([0-9]+[d|h|m|s])+$")"
- "${ban_logreadcmd}" -fe "${ban_logterm%%??}" 2>/dev/null |
+ eval "${logread_cmd}" |
while read -r line; do
: >"${ban_rdapfile}"
proto=""
fi
if [ -n "${proto}" ] && ! "${ban_nftcmd}" get element inet banIP blocklist"${proto}" "{ ${ip} }" >/dev/null 2>&1 && ! "${ban_grepcmd}" -q "^${ip}" "${ban_allowlist}"; then
f_log "info" "suspicious IP '${ip}'"
- log_raw="$("${ban_logreadcmd}" -l "${ban_loglimit}" 2>/dev/null)"
+ log_raw="$(eval ${loglimit_cmd})"
log_count="$(printf "%s\n" "${log_raw}" | "${ban_grepcmd}" -c "suspicious IP '${ip}'")"
if [ "${log_count}" -ge "${ban_logcount}" ]; then
if [ "${ban_autoblocksubnet}" = "1" ]; then
PKG_NAME:=crowdsec-firewall-bouncer
PKG_VERSION:=0.0.28
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/crowdsecurity/cs-firewall-bouncer/tar.gz/v$(PKG_VERSION)?
procd_set_param command "$PROG" -c "$VARCONFIG"
procd_set_param stdout 1
procd_set_param stderr 1
+ procd_set_param nice 10
+ if [ -x "/sbin/ujail" ]; then
+ procd_add_jail cs-bouncer log
+ procd_add_jail_mount $VARCONFIG
+ procd_add_jail_mount_rw /var/log/
+ procd_set_param no_new_privs 1
+ fi
procd_close_instance
fi
}
PKG_NAME:=dnsproxy
PKG_VERSION:=0.56.2
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/AdguardTeam/dnsproxy/tar.gz/v$(PKG_VERSION)?
$(INSTALL_CONF) $(CURDIR)/files/dnsproxy.config $(1)/etc/config/dnsproxy
$(INSTALL_DIR) $(1)/etc/init.d/
$(INSTALL_BIN) $(CURDIR)/files/dnsproxy.init $(1)/etc/init.d/dnsproxy
+ $(INSTALL_DIR) $(1)/etc/uci-defaults/
+ $(INSTALL_BIN) $(CURDIR)/files/dnsproxy.defaults $(1)/etc/uci-defaults/80-dnsproxy-migration
endef
define Package/dnsproxy/conffiles
config dnsproxy 'global'
option enabled '0'
- option listen_addr '127.0.0.1'
- option listen_port '5353'
+ list listen_addr '127.0.0.1'
+ list listen_addr '::1'
+ list listen_port '5353'
option log_file ''
option all_servers '0'
option fastest_addr '0'
+ option http3 '0'
option insecure '0'
option ipv6_disabled '0'
+ option timeout ''
option max_go_routines ''
option rate_limit ''
option refuse_any '0'
--- /dev/null
+#!/bin/sh
+
+[ -s "/etc/config/dnsproxy" ] || exit 0
+
+#Migrate options 'listen_addr' 'listen_port' to list type
+sed -i -e "s,option listen_addr,list listen_addr,g" \
+ -e "s,option listen_port,list listen_port,g" "/etc/config/dnsproxy"
+exit 0
load_config_arg() {
append_param_bool "$1" "all_servers"
append_param_bool "$1" "fastest_addr"
+ append_param_bool "$1" "http3"
append_param_bool "$1" "insecure"
append_param_bool "$1" "ipv6_disabled"
append_param_bool "$1" "refuse_any"
}
load_config_list() {
+ if is_empty "global" "listen_addr"; then
+ append_param "--listen" "127.0.0.1"
+ else
+ config_list_foreach "global" "listen_addr" "append_param '--listen'"
+ fi
+
+ if is_empty "global" "listen_port"; then
+ append_param "--port" "5353"
+ else
+ config_list_foreach "global" "listen_port" "append_param '--port'"
+ fi
+
is_empty "bogus_nxdomain" "ip_addr" || config_list_foreach "bogus_nxdomain" "ip_addr" "append_param '--bogus-nxdomain'"
for i in "bootstrap" "fallback" "upstream"; do
}
load_config_param() {
- append_param_arg "global" "listen_addr" "--listen" "127.0.0.1"
- append_param_arg "global" "listen_port" "--port" "5353"
append_param_arg "global" "log_file" "--output"
+ append_param_arg "global" "timeout" "--timeout"
append_param_arg "global" "max_go_routines" "--max-go-routines"
append_param_arg "global" "rate_limit" "--ratelimit"
append_param_arg "global" "udp_buf_size" "--udp-buf-size"
PKG_NAME:=freeradius3
PKG_VERSION:=3.0.26
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=freeradius-server-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://github.com/FreeRADIUS/freeradius-server/releases/download/release_$(subst .,_,$(PKG_VERSION))/
define Package/freeradius3-common
$(call Package/freeradius3/Default)
TITLE:=common files
- DEPENDS:=+USE_GLIBC:libpthread +USE_GLIBC:libbsd +FREERADIUS3_OPENSSL:libopenssl +libcap +libpcap +libncurses +libpcre +libreadline +libtalloc +libatomic
+ DEPENDS:=+USE_GLIBC:libpthread +USE_GLIBC:libbsd +FREERADIUS3_OPENSSL:libopenssl +libcap +libpcap +libncurses +libpcre2 +libreadline +libtalloc +libatomic
endef
define Package/freeradius3-default
PKG_NAME:=haproxy
PKG_VERSION:=2.8.3
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.haproxy.org/download/2.8/src
define Package/haproxy
$(call Package/haproxy/Default)
TITLE+=with SSL support
- DEPENDS+= +libpcre +libltdl +zlib +libpthread +liblua5.3 +libopenssl +libncurses +libreadline +libatomic
+ DEPENDS+= +libpcre2 +libltdl +zlib +libpthread +liblua5.3 +libopenssl +libncurses +libreadline +libatomic
VARIANT:=ssl
endef
$(call Package/haproxy/Default)
TITLE+=without SSL support
VARIANT:=nossl
- DEPENDS+= +libpcre +libltdl +zlib +libpthread +liblua5.3 +libatomic
+ DEPENDS+= +libpcre2 +libltdl +zlib +libpthread +liblua5.3 +libatomic
CONFLICTS:=haproxy
endef
PCREDIR="$(STAGING_DIR)/usr/" \
USE_LUA=1 LUA_LIB_NAME="lua5.3" LUA_INC="$(STAGING_DIR)/usr/include/lua5.3" LUA_LIB="$(STAGING_DIR)/usr/lib" \
SMALL_OPTS="-DBUFSIZE=16384 -DMAXREWRITE=1030 -DSYSTEM_MAXCONN=165530" \
- USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_PTHREAD_PSHARED=1 USE_LIBATOMIC=1 USE_PROMEX=1 \
+ USE_ZLIB=1 USE_PCRE2=1 USE_PCRE2_JIT=1 USE_PTHREAD_PSHARED=1 USE_LIBATOMIC=1 USE_PROMEX=1 \
VERSION="$(PKG_VERSION)" SUBVERS="-$(PKG_RELEASE)" \
VERDATE="$(shell date -d @$(SOURCE_DATE_EPOCH) '+%Y/%m/%d')" IGNOREGIT=1 \
$(ADDON) \
--- /dev/null
+# SPDX-License-Identifier: GPL-2.0-only
+#
+# Copyright (C) 2023 Jonas Jelonek
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=iperf
+PKG_VERSION:=3.15-mt-beta1
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/esnet/iperf/tar.gz/$(PKG_NAME)-$(PKG_VERSION)?
+PKG_HASH:=4d5ad5bef9321adb832581a495c3cb1b5dec9d9678296f90bfc87166bbb7a43b
+
+PKG_MAINTAINER:=Jonas Jelonek <jelonek.jonas@gmail.com>
+PKG_LICENSE:=BSD-3-Clause
+PKG_CPE_ID:=cpe:/a:es:iperf3
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_NAME)-$(PKG_VERSION)
+PKG_BUILD_PARALLEL:=1
+PKG_INSTALL:=1
+
+PKG_FIXUP:=autoreconf
+
+include $(INCLUDE_DIR)/package.mk
+
+DISABLE_NLS:=
+
+define Package/iperf3-mt/default
+ SECTION:=net
+ CATEGORY:=Network
+ TITLE:=iperf3 with multithreading
+ URL:=https://github.com/esnet/iperf
+ CONFLICTS:=iperf3 iperf3-ssl
+endef
+
+define Package/iperf3-mt
+$(call Package/iperf3-mt/default)
+ VARIANT:=nossl
+ DEPENDS:=+libiperf3-mt
+ CONFLICTS+=iperf3-mt-ssl
+endef
+
+define Package/iperf3-mt-ssl
+$(call Package/iperf3-mt/default)
+ TITLE+= and iperf_auth support
+ VARIANT:=ssl
+ DEPENDS:=+libopenssl +libatomic
+endef
+
+define Package/libiperf3-mt
+ SECTION:=libs
+ CATEGORY:=Libraries
+ TITLE:=libiperf3 with multithreading
+ URL:=https://github.com/esnet/iperf
+ CONFLICTS:=libiperf3
+ DEPENDS+=+libatomic
+endef
+
+TARGET_CFLAGS += -D_GNU_SOURCE
+TARGET_LDFLAGS += -latomic
+
+ifeq ($(BUILD_VARIANT),ssl)
+ CONFIGURE_ARGS += --with-openssl="$(STAGING_DIR)/usr" --disable-shared
+else
+ CONFIGURE_ARGS += --without-openssl
+endif
+
+MAKE_FLAGS += noinst_PROGRAMS=
+
+define Package/iperf3-mt/description
+ iPerf3 is a modern alternative for measuring TCP and UDP bandwidth
+ performance, allowing the tuning of various parameters and
+ characteristics.
+ iperf3-mt has experimental multithreading support.
+endef
+
+define Package/libiperf3-mt/description
+ Libiperf is a library providing an API for iperf3 functionality.
+endef
+
+define Build/InstallDev
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libiperf.* $(1)/usr/lib/
+ $(INSTALL_DIR) $(1)/usr/include
+ $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
+endef
+
+define Package/iperf3-mt/install/Default
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/iperf3 $(1)/usr/bin/
+endef
+
+Package/iperf3-mt/install = $(Package/iperf3-mt/install/Default)
+Package/iperf3-mt-ssl/install = $(Package/iperf3-mt/install/Default)
+
+define Package/libiperf3-mt/install
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libiperf.so.* $(1)/usr/lib
+endef
+
+$(eval $(call BuildPackage,iperf3-mt))
+$(eval $(call BuildPackage,iperf3-mt-ssl))
+$(eval $(call BuildPackage,libiperf3-mt))
PKG_NAME:=keepalived
PKG_VERSION:=2.2.8
-PKG_RELEASE:=3
+PKG_RELEASE:=5
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.keepalived.org/software
printf '%benable_script_security\n' "${INDENT_1}" >> "$KEEPALIVED_CONF"
printf '%bprocess_names\n' "${INDENT_1}" >> "$KEEPALIVED_CONF"
+ printf '%bstartup_script "/bin/busybox env -i ACTION=startup /sbin/hotplug-call keepalived"\n' "${INDENT_1}" >> "$KEEPALIVED_CONF"
+ printf '%bstartup_script_timeout 10\n' "${INDENT_1}" >> "$KEEPALIVED_CONF"
+ printf '%bshutdown_script "/bin/busybox env -i ACTION=shutdown /sbin/hotplug-call keepalived"\n' "${INDENT_1}" >> "$KEEPALIVED_CONF"
+ printf '%bshutdown_script_timeout 10\n' "${INDENT_1}" >> "$KEEPALIVED_CONF"
+
config_get notification_email "$1" notification_email
print_list_indent notification_email
garp_master_repeat garp_master_refresh_repeat \
no_val_vmac_xmit_base no_val_native_ipv6 no_val_accept \
no_val_dont_track_primary no_val_smtp_alert no_val_nopreempt \
- no_val_use_vmac
+ no_val_use_vmac no_val_no_accept
print_notify "INSTANCE" "$name" "$INDENT_1" notify_backup notify_master \
notify_fault notify_stop
include $(TOPDIR)/rules.mk
PKG_NAME:=knot
-PKG_VERSION:=3.3.1
+PKG_VERSION:=3.3.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://secure.nic.cz/files/knot-dns/
-PKG_HASH:=f3f4b1d49ec9b81113b14a38354b823bd4a470356ed7e8e555595b6fd1ac80c9
+PKG_HASH:=0d65d4b59f5df69b78c6295ade0a2ea7931831de7ef5eeee3e00f8a20af679e4
PKG_MAINTAINER:=Daniel Salzman <daniel.salzman@nic.cz>
PKG_LICENSE:=GPL-3.0 LGPL-2.0 0BSD BSD-3-Clause OLDAP-2.8
--- /dev/null
+--- a/src/libdnssec/key/key.c
++++ b/src/libdnssec/key/key.c
+@@ -146,10 +146,14 @@ dnssec_key_t *dnssec_key_dup(const dnsse
+
+ gnutls_privkey_type_t type = gnutls_privkey_get_type(key->private_key);
+ if (type == GNUTLS_PRIVKEY_PKCS11) {
++#ifdef ENABLE_PKCS11
+ gnutls_pkcs11_privkey_t tmp;
+ gnutls_privkey_export_pkcs11(key->private_key, &tmp);
+ gnutls_privkey_import_pkcs11(dup->private_key, tmp,
+ GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
++#else
++ assert(0);
++#endif
+ } else {
+ assert(type == GNUTLS_PRIVKEY_X509);
+ gnutls_x509_privkey_t tmp;
PKG_NAME:=libreswan
PKG_VERSION:=4.12
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://download.libreswan.org/
include $(INCLUDE_DIR)/package.mk
-define Package/libreswan/Default
- TITLE:=Libreswan
- URL:=https://libreswan.org/
-endef
-
-define Package/libreswan/Default/description
- Libreswan is a free software implementation of the most widely supported and
- standardized VPN protocol based on ("IPsec") and the Internet Key Exchange
- ("IKE"). These standards are produced and maintained by the Internet
- Engineering Task Force ("IETF").
-endef
-
-define Package/libreswan
-$(call Package/libreswan/Default)
+define Package/libreswan/default
SUBMENU:=VPN
SECTION:=net
CATEGORY:=Network
- DEPENDS:= +IPV6:kmod-ip6-vti +IPV6:kmod-ipsec6 +ip-full +iptables-mod-ipsec \
- +kmod-crypto-aead +kmod-crypto-authenc +kmod-crypto-gcm \
- +kmod-crypto-hash +kmod-crypto-rng +kmod-ip-vti +kmod-ipsec \
- +kmod-ipsec4 +kmod-ipt-ipsec +kmod-xfrm-interface +libevent2 +libevent2-pthreads \
- +libldns +librt +libunbound +nss-utils +nspr +libcap-ng
+ TITLE:=Libreswan
+ URL:=https://libreswan.org/
PROVIDES:=openswan
CONFLICTS:=strongswan
- TITLE+= IPsec Server
+endef
+
+define Package/libreswan
+ $(Package/libreswan/default)
+ DEPENDS:= \
+ +kmod-ip-vti +IPV6:kmod-ip6-vti \
+ +kmod-ipsec +kmod-ipsec4 +IPV6:kmod-ipsec6 \
+ +ip-full +kmod-xfrm-interface \
+ +libevent2 +libevent2-pthreads \
+ +libldns +librt +libunbound +nss-utils +nspr +libcap-ng \
+ +kmod-crypto-acompress \
+ +kmod-crypto-aead \
+ +kmod-crypto-authenc \
+ +kmod-crypto-arc4 \
+ +kmod-crypto-cbc \
+ +kmod-crypto-ccm \
+ +kmod-crypto-chacha20poly1305 \
+ +kmod-crypto-cmac \
+ +kmod-crypto-ctr \
+ +kmod-crypto-cts \
+ +kmod-crypto-des \
+ +kmod-crypto-ecb \
+ +kmod-crypto-ecdh \
+ +kmod-crypto-gcm \
+ +kmod-crypto-ghash \
+ +kmod-crypto-hash \
+ +kmod-crypto-hmac \
+ +kmod-crypto-md4 \
+ +kmod-crypto-md5 \
+ +kmod-crypto-null \
+ +kmod-crypto-pcbc \
+ +kmod-crypto-sha1 \
+ +kmod-crypto-sha256 \
+ +kmod-crypto-sha512 \
+ +kmod-crypto-xcbc \
+ +kmod-crypto-rng
endef
define Package/libreswan/description
-$(call Package/libreswan/Default/description)
- Libreswan is a free software implementation of the most widely supported and
- standardized VPN protocol based on ("IPsec") and the Internet Key Exchange
- ("IKE"). These standards are produced and maintained by the Internet
- Engineering Task Force ("IETF").
+ Libreswan is a free software implementation of the most widely supported and
+ standardized VPN protocol based on ("IPsec") and the Internet Key Exchange
+ ("IKE"). These standards are produced and maintained by the Internet
+ Engineering Task Force ("IETF").
endef
define Package/libreswan/conffiles
/etc/ipsec.d
-/etc/ipsec.conf
-/etc/ipsec.secrets
+/etc/config/libreswan
+/etc/ipsec.user
endef
+
TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed
MAKE_FLAGS+= \
define Package/libreswan/install
$(INSTALL_DIR) \
- $(1)/etc/init.d \
$(1)/etc/ipsec.d/policies \
$(1)/usr/libexec/ipsec \
- $(1)/usr/sbin
+ $(1)/usr/sbin \
+ $(1)/etc/config \
+ $(1)/etc/init.d \
+ $(1)/etc/hotplug.d/libreswan \
+ $(1)/etc/hotplug.d/iface \
+ $(1)/usr/libexec/rpcd \
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec \
$(1)/usr/sbin/ipsec
- $(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec
- $(INSTALL_DATA) ./files/ipsec.conf $(1)/etc/ipsec.conf
- $(INSTALL_DATA) ./files/ipsec.secrets $(1)/etc/ipsec.secrets
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/ipsec.d/policies/* \
$(1)/etc/ipsec.d/policies/
$(CP) $(PKG_INSTALL_DIR)/usr/libexec/ipsec/* \
$(1)/usr/libexec/ipsec/
+
+ $(INSTALL_BIN) ./files/usr/libexec/ipsec/_updown.xfrm $(1)/usr/libexec/ipsec/_updown.xfrm
+ $(INSTALL_BIN) ./files/etc/init.d/ipsec $(1)/etc/init.d/ipsec
+ $(INSTALL_BIN) ./files/usr/libexec/rpcd/libreswan $(1)/usr/libexec/rpcd/libreswan
+ $(INSTALL_DATA) ./files/etc/ipsec.conf $(1)/etc/ipsec.conf
+ $(INSTALL_DATA) ./files/etc/ipsec.secrets $(1)/etc/ipsec.secrets
+ $(INSTALL_DATA) ./files/etc/config/libreswan $(1)/etc/config/libreswan
+ $(INSTALL_DATA) ./files/etc/hotplug.d/libreswan/01-user $(1)/etc/hotplug.d/libreswan/01-user
+ $(INSTALL_DATA) ./files/etc/hotplug.d/libreswan/02-vti $(1)/etc/hotplug.d/libreswan/02-vti
+ $(INSTALL_DATA) ./files/etc/hotplug.d/iface/89-libreswan $(1)/etc/hotplug.d/iface/89-libreswan
+endef
+
+define Package/libreswan-nftables
+ $(Package/libreswan/default)
+ TITLE+= nftables plugin)
+ DEPENDS+=firewall4 +libreswan +kmod-nft-xfrm +nftables \
+ +kmod-nfnetlink-log
+endef
+
+define Package/libreswan-nftables/description
+ Provides Libreswan nftables plugin for adding firewall rules
+endef
+
+define Package/libreswan-nftables/install
+ $(INSTALL_DIR) $(1)/etc/hotplug.d/libreswan \
+ $(1)/usr/share/nftables.d/ruleset-post
+
+ $(CP) ./files/usr/share/nftables.d/* $(1)/usr/share/nftables.d
+ $(CP) ./files/etc/hotplug.d/libreswan/62-nftables $(1)/etc/hotplug.d/libreswan/62-nftables
+ $(LN) /tmp/libreswan/firewall.d/libreswan.rules $(1)/usr/share/nftables.d/ruleset-post/10_libreswan.nft
+endef
+
+define Package/libreswan-iptables
+ $(Package/libreswan/default)
+ TITLE+= iptables plugin)
+ DEPENDS+=firewall +libreswan +iptables-mod-ipsec +kmod-ipt-ipsec \
+ +iptables-zz-legacy +IPV6:ip6tables-zz-legacy \
+ +kmod-ipt-nflog +iptables-mod-nflog
+endef
+
+define Package/libreswan-iptables/description
+ Provides Libreswan iptables plugin for adding firewall rules
+endef
+
+define Package/libreswan-iptables/install
+ $(INSTALL_DIR) $(1)/etc \
+ $(1)/etc/uci-defaults \
+ $(1)/etc/hotplug.d/libreswan
+
+ $(CP) ./files/etc/hotplug.d/libreswan/61-iptables $(1)/etc/hotplug.d/libreswan/61-iptables
+ $(CP) ./files/etc/uci-defaults/091-libreswan $(1)/etc/uci-defaults/091-libreswan
+ $(INSTALL_BIN) ./files/etc/libreswan_firewall.sh $(1)/etc/libreswan_firewall.sh
+endef
+
+define Package/libreswan-iptables/postinst
+#!/bin/sh
+[ -n "$$IPKG_INSTROOT" ] || {
+ /etc/init.d/firewall reload
+}
endef
$(eval $(call BuildPackage,libreswan))
+$(eval $(call BuildPackage,libreswan-nftables))
+$(eval $(call BuildPackage,libreswan-iptables))
--- /dev/null
+config libreswan 'globals'
+ option debug '0' # set debug mode none/all
+ list virtual_private '10.0.0.0/8'
+ list virtual_private '192.168.0.0/16'
+ list virtual_private '172.16.0.0/12'
+ list virtual_private '25.0.0.0/8'
+ list virtual_private '100.64.0.0/10'
+ list virtual_private '!100.64.0.0/24' # the address ranges that may live behind a NAT router through which a client connects
+ # option listen '192.168.2.100' # listening address, if set listen_interface would not be used
+ # option listen_interface 'wan' # listening interface
+ # option uniqueids 'yes' # yes/no
+
+# config crypto_proposal 'p1'
+# list encryption_algorithm '3des' # possible values: 3des, aes, aes_ctr, aes_cbc, aes128, aes192, aes256, camellia_cbc
+# list hash_algorithm 'md5' # possible values: md5, sha1, sha256, sha384, sha512
+# list dh_group 'modp1536' # possible values: modp1536, modp2048, modp3072, modp4096, modp6144, modp8192, dh19, dh20, dh21, dh22, dh31
+
+# config tunnel 'vti2_1_5'
+# option left '192.168.1.1'
+# option left_interface 'wan' # interface ipaddr to be used as left
+# option leftid '@left' # local id
+# option right '192.168.2.201' # remote endpoint public ip
+# option rightid '@62dd3e3f82339b002405245b' # rightid
+# option auto 'start' # what operation, should be done automatically at IPsec startup
+# option authby 'secret' # how the two security gateways should authenticate each other
+# option psk 'AyG9RlTtQJIUxgxG' # preshare key
+# option ikev2 '1' # ike version
+# option ikelifetime '8h'
+# option rekey '1'
+# option rekeymargin '9m'
+# option dpdaction 'restart'
+# option dpddelay '30'
+# option dpdtimeout '150'
+# option interface 'vti2_1_5' # only for route based tunnels
+# list leftsubnets '0.0.0.0/0'
+# list rightsubnets '0.0.0.0/0'
+# option phase2 'esp' # phase2 protocol
+# list ike 'p1' # list of crypto_proposal (phase1 proposals)
+# list phase2ag 'p1' # list of crypto_proposal (phase2 proposals')
+# option nflog '0' # enable nflog
+# option update_peeraddr '1' # auto update vti interface ppeeradd in /etc/config/network
--- /dev/null
+#!/bin/sh
+
+[ "$ACTION" = ifup -o "$ACTION" = ifupdate ] || exit 0
+[ "$ACTION" = ifupdate -a -z "$IFUPDATE_ADDRESSES" -a -z "$IFUPDATE_DATA" ] && exit 0
+
+/etc/init.d/ipsec running || exit 0
+uci show libreswan | grep -i "='$INTERFACE'$" || exit 0
+
+logger -t libreswan "Restart libreswan due to $ACTION of $INTERFACE ($DEVICE)"
+
+/etc/init.d/ipsec restart
--- /dev/null
+#!/bin/sh
+
+# Things that this script gets (from ipsec_pluto(8) man page)
+#
+# PLUTO_VERB
+# specifies the name of the operation to be performed
+# (prepare-host, prepare-client, up-host, up-client,
+# down-host, or down-client). If the address family
+# for security gateway to security gateway
+# communications is IPv6, then a suffix of -v6 is added
+# to the verb.
+#
+# PLUTO_CONNECTION
+# is the name of the connection for which we are
+# routing.
+#
+# PLUTO_CONNECTION_TYPE
+# is type of the connection, "tunnel" or "transport".
+#
+# PLUTO_CONN_POLICY
+# the policy of the connection, as in:
+# RSASIG+ENCRYPT+TUNNEL+PFS+DONTREKEY+OPPORTUNISTIC
+# +failureDROP+lKOD+rKOD
+#
+# CAT=YES|
+# if client address translation inside IPsec stack is enabled
+#
+# PLUTO_NEXT_HOP
+# is the next hop to which packets bound for the peer
+# must be sent.
+#
+# PLUTO_INTERFACE
+# is the name of the real interface used by encrypted traffic and IKE traffic
+#
+# PLUTO_ME
+# is the IP address of our host.
+#
+# PLUTO_MY_ID
+# is our ID.
+#
+# PLUTO_METRIC
+# is the metric to set for the route
+#
+# PLUTO_MTU
+# is the mtu to set for the route
+#
+# PLUTO_ADD_TIME
+# Time the IPsec SA was added to the kernel
+#
+# PLUTO_MOBIKE_EVENT
+# wether the connection is underdoing MOBIKE migration
+#
+# PLUTO_MY_CLIENT
+# is the IP address / count of our client subnet. If
+# the client is just the host, this will be the
+# host's own IP address / mask (where max is 32 for
+# IPv4 and 128 for IPv6).
+#
+# PLUTO_MY_CLIENT_NET
+# is the IP address of our client net. If the client
+# is just the host, this will be the host's own IP
+# address.
+#
+# PLUTO_MY_CLIENT_MASK
+# is the mask for our client net. If the client is
+# just the host, this will be 255.255.255.255.
+#
+# PLUTO_MY_SOURCEIP
+# if non-empty, then the source address for the route will be
+# set to this IP address.
+#
+# PLUTO_MY_PROTOCOL
+# is the protocol for this connection. Useful for
+# firewalling.
+#
+# PLUTO_MY_PORT
+# is the port. Useful for firewalling.
+#
+# PLUTO_PEER
+# is the IP address of our peer.
+#
+# PLUTO_PEER_ID
+# is the ID of our peer.
+#
+# PLUTO_PEER_CLIENT
+# is the IP address / count of the peer's client subnet.
+# If the client is just the peer, this will be
+# the peer's own IP address / mask (where max is 32
+# for IPv4 and 128 for IPv6).
+#
+# PLUTO_PEER_CLIENT_NET
+# is the IP address of the peer's client net. If the
+# client is just the peer, this will be the peer's
+# own IP address.
+#
+# PLUTO_PEER_CLIENT_MASK
+# is the mask for the peer's client net. If the
+# client is just the peer, this will be
+# 255.255.255.255.
+#
+# PLUTO_PEER_PROTOCOL
+# is the protocol set for remote end with port
+# selector.
+#
+# PLUTO_PEER_PORT
+# is the peer's port. Useful for firewalling.
+#
+# PLUTO_PEER_CA
+# is the DN of the peer's CA that signed its certificate
+#
+# PLUTO_CFG_CLIENT=0|1
+# is MODECFG or IKEv2 Config client.
+#
+# PLUTO_CFG_SERVER=0|1
+# is MODECFG or IKEv2 Config server.
+#
+# PLUTO_PEER_DNS_INFO
+# The peer's supplied DNS information (IKEv1 and IKEv2)
+#
+# PLUTO_PEER_DOMAIN_INFO
+# The peer's supplied domain list for local resolving (IKEv2 only)
+#
+# PLUTO_PEER_BANNER
+# is the peer's provided banner
+#
+# PLUTO_NM_CONFIGURED=0|1
+# is NetworkManager used for resolv.conf update
+#
+# PLUTO_CONN_ADDRFAMILY
+# is the family type, "ipv4" or "ipv6"
+#
+# PLUTO_CONN_KIND
+# is the "kind" of connection (CK_PERMANENT, CK_INSTANCE, etc)
+#
+# PLUTO_STACK
+# is the local IPsec kernel stack used, eg XFRM, BSDKAME, NOSTACK
+#
+# PLUTO_IS_PEER_CISCO=0|1
+# remote server type is cisco. Add support for cisco extensions
+# when used with xauth.
+#
+# PLUTO_SA_REQID
+# When using KAME or XFRM, the IPsec SA reqid base value.
+# ESP/AH out is base, ESP/AH in = base + 1
+# IPCOMP is base + 2 plus for inbound + 1
+#
+# PLUTO_XFRMI_FWMARK
+# use outgoing mark
+#
+# PLUTO_SA_TYPE
+# The type of IPsec SA (ESP or AH)
+#
+# PLUTO_USERNAME
+# The username (XAUTH or GSSAPI) that was authenticated (if any)
+# for this SA
+#
+# PLUTO_VIRT_INTERFACE
+# is the name of ipsec interface used by clear traffic in/out
+#
+# INTERFACE_IP
+# The IP to configure / expect on the interface? Currently is never set
+#
+# PLUTO_XFRM_ROUTE
+# if an XFRM (ipsec-device) has been specified, value will be "yes"
+#
+# XAUTH_FAILED
+# If xauthfail=soft this will be set to 1 if XAUTH authentication
+# failed. If xauthfail=hard, the updown scripts never run.
+#
+# CONNMARK
+# If mark= is set on the connection, this variable will be
+# set with the value. It can be used for iptables or VTI.
+#
+# CONNMARK_IN
+# the incoming mark to use
+#
+# CONNMARK_OUT
+# the outgoing mark to use
+#
+# VTI_IFACE=iface
+# Name of VTI interface to create
+#
+# VTI_ROUTING=yes|no
+# Whether or not to perform ip rule and ip route commands
+# covering the IPsec SA address ranges to route those packets
+# into the VTI_IFACE interface. This should be enabled unless
+# the IPsec SA covers 0.0.0.0/0 <-> 0.0.0.0/0
+#
+# VTI_SHARED=yes|no
+# Whether or not more conns (or instances) share a VTI device.
+# If not shared, the VTI device is deleted when tunnel goes down.
+#
+# VTI_IP
+# The IP to configure on the VTI device
+#
+# SPI_IN / SPI_OUT
+# The inbound and outbound SPI's of the connection.
+#
+# PLUTO_INBYTES
+# total bytes received
+#
+# PLUTO_OUTBYTES
+# total bytes sent
+#
+# NFLOG
+# is the nflog group to use
+#
+
+case "${PLUTO_VERB}" in
+ prepare-host|prepare-host-v6) ;;
+ prepare-client|prepare-client-v6) ;;
+ route-host|route-host-v6) ;;
+ unroute-host|unroute-host-v6) ;;
+ route-client|route-client-v6) ;;
+ unroute-client|unroute-client-v6) ;;
+ up-host|up-host-v6) ;;
+ down-host|down-host-v6) ;;
+ up-client|up-client-v6) ;;
+ down-client|down-client-v6) ;;
+esac
--- /dev/null
+#!/bin/sh
+
+[ -e "/etc/ipsec.user" ] && {
+ . /etc/ipsec.user
+}
+
+exit 0
--- /dev/null
+#!/bin/sh
+
+. /lib/functions.sh
+
+[ "${PLUTO_VERB}" != "route-client" ] && [ "${PLUTO_VERB}" != "up-client" ] && exit 0
+
+CONNECTION=${PLUTO_CONNECTION%/*}
+[ -z "$CONNECTION" ] && exit 0
+
+update_peeraddr=$(uci_get libreswan $CONNECTION update_peeraddr)
+[ "$update_peeraddr" != "1" ] && exit 0
+
+interface=$(uci_get libreswan $CONNECTION interface)
+[ -z "$interface" ] && exit 0
+
+proto=$(uci_get network "$interface" proto)
+[ "$proto" != "vti" ] && exit 0
+
+peeraddr=$(uci_get network "$interface" peeraddr)
+[ "$peeraddr" == "$PLUTO_PEER" ] && exit 0
+
+uci_set network "$interface" peeraddr "$PLUTO_PEER"
+uci_commit network
+ifup "$interface"
--- /dev/null
+#!/bin/sh
+
+. /lib/functions.sh
+
+FW4="$(command -v fw4)"
+[ -n "$FW4" ] && exit 0
+
+CONNECTION="${PLUTO_CONNECTION//\//_}"
+[ -z "$CONNECTION" ] && exit 0
+
+IPT_LEGACY="$(command -v iptables-legacy)"
+IPT="$(command -v iptables)"
+BIN="${IPT_LEGACY:-$IPT}"
+[ -z "$BIN" ] && exit 0
+
+LIBRESWAN_INPUT="libreswan_input"
+LIBRESWAN_FORWARD="libreswan_forward"
+LIBRESWAN_OUTPUT="libreswan_output"
+LIBRESWAN_NFLOG_INPUT="libreswan_nflog_input"
+LIBRESWAN_NFLOG_OUTPUT="libreswan_nflog_output"
+LIBRESWAN_POSTROUTING="libreswan_postrouting"
+
+FW_DIR="/tmp/libreswan/firewall.d"
+LIBRESWAN_RULES_FILE="$FW_DIR/libreswan.rules"
+RULES_DIR="$FW_DIR/rules"
+
+IPV4_RULES_FILE="$RULES_DIR/${CONNECTION}-ipv4.rules"
+IPV6_RULES_FILE="$RULES_DIR/${CONNECTION}-ipv6.rules"
+
+reload_firewall() {
+ [ ! -d "$RULES_DIR" ] && return 0
+
+ cat $RULES_DIR/*.rules > "$LIBRESWAN_RULES_FILE" 2>/dev/null
+ /etc/init.d/firewall reload
+}
+
+up_rules() {
+ [ -z "$PLUTO_PEER_CLIENT" ] && return 0
+
+ [ ! -d "$RULES_DIR" ] && mkdir -p "$RULES_DIR"
+ [ "$PLUTO_PEER_CLIENT" = "0.0.0.0/0" ] && [ "$PLUTO_MY_CLIENT" = "0.0.0.0/0" ] && return 0
+
+ cat << EOF > $IPV4_RULES_FILE
+$BIN -t filter -A $LIBRESWAN_INPUT -m policy --dir in --pol ipsec -s $PLUTO_PEER_CLIENT -d $PLUTO_MY_CLIENT -m comment --comment "$PLUTO_CONNECTION" -j ACCEPT
+$BIN -t filter -A $LIBRESWAN_FORWARD -s $PLUTO_PEER_CLIENT -d $PLUTO_MY_CLIENT -m comment --comment "$PLUTO_CONNECTION" -j ACCEPT
+$BIN -t filter -A $LIBRESWAN_OUTPUT -m policy --dir out --pol ipsec -s $PLUTO_MY_CLIENT -d $PLUTO_PEER_CLIENT -m comment --comment "$PLUTO_CONNECTION" -j ACCEPT
+$BIN -t nat -A $LIBRESWAN_POSTROUTING -m policy --dir out --pol ipsec -s $PLUTO_MY_CLIENT -d $PLUTO_PEER_CLIENT -m comment --comment "$PLUTO_CONNECTION" -j ACCEPT
+EOF
+ if [ -n "$NFLOG" ]; then
+ cat << EOF > $IPV4_RULES_FILE
+$BIN -t filter -A $LIBRESWAN_NFLOG_INPUT -m policy --dir in --pol ipsec -s $PLUTO_PEER_CLIENT -d $PLUTO_MY_CLIENT -j NFLOG --nflog-group $NFLOG --nflog-prefix $PLUTO_CONNECTION
+$BIN -t filter -A $LIBRESWAN_NFLOG_OUTPUT -m policy --dir out --pol ipsec -s $PLUTO_MY_CLIENT -d $PLUTO_PEER_CLIENT -j NFLOG --nflog-group $NFLOG --nflog-prefix $PLUTO_CONNECTION
+EOF
+
+ fi
+
+ reload_firewall
+
+ return 0
+}
+
+down_rules() {
+ if [ -f "$IPV4_RULES_FILE" ]; then
+ rm -rf "$IPV4_RULES_FILE"
+ reload_firewall
+ fi
+
+ return 0
+}
+
+case "${PLUTO_VERB}" in
+ up-host|up-client) up_rules ;;
+ down-host|down-client) down_rules ;;
+ up-host-v6|down-host-v6) ;;
+ up-client|down-client-v6) ;;
+esac
--- /dev/null
+#!/bin/sh
+
+. /lib/functions.sh
+
+FW4="$(command -v fw4)"
+[ -z "$FW4" ] && exit 0
+
+CONNECTION="${PLUTO_CONNECTION//\//_}"
+[ -z "$CONNECTION" ] && exit 0
+
+FW_DIR="/tmp/libreswan/firewall.d"
+LIBRESWAN_RULES_FILE="$FW_DIR/libreswan.rules"
+RULES_DIR="$FW_DIR/rules"
+
+IPV4_RULES_FILE="$RULES_DIR/${CONNECTION}-ipv4.rules"
+IPV6_RULES_FILE="$RULES_DIR/${CONNECTION}-ipv6.rules"
+NFLOG_ALL_RULES_FILE="$RULES_DIR/nflog_all.rules"
+
+reload_firewall() {
+ [ ! -d "$RULES_DIR" ] && return 0
+
+ cat $RULES_DIR/*.rules > "$LIBRESWAN_RULES_FILE" 2>/dev/null
+ /etc/init.d/firewall reload
+}
+
+up_rules() {
+ [ -z "$PLUTO_PEER_CLIENT" ] && return 0
+
+ [ ! -d "$RULES_DIR" ] && mkdir -p "$RULES_DIR"
+
+ eval $(ipsec addconn --configsetup)
+
+ if [ -n "$nflog_all" ]; then
+ unset NFLOG
+ if [ ! -f "$NFLOG_ALL_RULES_FILE" ]; then
+ cat << EOF > "$NFLOG_ALL_RULES_FILE"
+table inet fw4 {
+ chain libreswan_nflog_input {
+ meta ipsec exists log prefix "all-ipsec" group ${nflog_all}
+ }
+ chain libreswan_nflog_output {
+ rt ipsec exists log prefix "all-ipsec" group ${nflog_all}
+ }
+}
+EOF
+ fi
+ else
+ [ -f "$NFLOG_ALL_RULES_FILE" ] && rm -f "$NFLOG_ALL_RULES_FILE"
+ fi
+
+ cat << EOF > $IPV4_RULES_FILE
+table inet fw4 {
+ chain libreswan_input {
+ meta ipsec exists ipsec in ip saddr $PLUTO_PEER_CLIENT ip daddr $PLUTO_MY_CLIENT ${NFLOG:+log prefix \"${PLUTO_CONNECTION}\" group ${NFLOG}} accept comment "$PLUTO_CONNECTION"
+ }
+ chain libreswan_forward {
+ meta ipsec exists ipsec in ip saddr $PLUTO_PEER_CLIENT ip daddr $PLUTO_MY_CLIENT accept comment "$PLUTO_CONNECTION"
+ }
+ chain libreswan_output {
+ ipsec out ip saddr $PLUTO_MY_CLIENT ip daddr $PLUTO_PEER_CLIENT ${NFLOG:+log prefix \"${PLUTO_CONNECTION}\" group ${NFLOG}} accept comment "$PLUTO_CONNECTION"
+ }
+ chain libreswan_srcnat {
+ ip saddr $PLUTO_MY_CLIENT ip daddr $PLUTO_PEER_CLIENT accept comment "$PLUTO_CONNECTION"
+ }
+}
+EOF
+
+ reload_firewall
+
+ return 0
+}
+
+down_rules() {
+ if [ -f "$IPV4_RULES_FILE" ]; then
+ rm -rf "$IPV4_RULES_FILE"
+ reload_firewall
+ fi
+
+ return 0
+}
+
+case "${PLUTO_VERB}" in
+ up-host|up-client) up_rules ;;
+ down-host|down-client) down_rules ;;
+ up-host-v6|down-host-v6) ;;
+ up-client|down-client-v6) ;;
+esac
--- /dev/null
+#!/bin/sh /etc/rc.common
+
+. "${IPKG_INSTROOT}/lib/functions/network.sh"
+
+START=90
+STOP=10
+
+USE_PROCD=1
+
+PROG="/usr/libexec/ipsec/pluto"
+IPSEC_BIN="/usr/sbin/ipsec"
+
+IPSEC_DIR="/var/run/ipsec"
+IPSEC_CONF="$IPSEC_DIR/setup.conf"
+IPSEC_CONF_DIR="$IPSEC_DIR/conf.d"
+
+IPSEC_AUTO="${IPSEC_BIN} auto"
+
+extra_command "start_tunnel" "Start ipsec tunnel"
+extra_command "stop_tunnel" "Stop ipsec tunnel"
+extra_command "reload_tunnel" "Reload/restart ipsec tunnel"
+
+set_var() {
+ export "$1=$2"
+}
+
+get_var() {
+ local var
+
+ var=$(eval echo "\"\${${1}}\"")
+ [ "$var" = "1" ] && return 0
+
+ return 1
+}
+
+set_restart_flag() {
+ set_var "RESTART_IPSEC" 1
+}
+
+restart_flag() {
+ get_var RESTART_IPSEC
+}
+
+set_replace_flag() {
+ set_var "REPLACE_${1}" 1
+}
+
+replace_flag() {
+ get_var "REPLACE_${1}"
+}
+
+checkconfig() {
+ ${IPSEC_BIN} addconn --checkconfig || return 1
+ mkdir -p /var/run/pluto
+}
+
+expand_ike() {
+ local id="$1"
+ local encryption_algorithm hash_algorithm dh_group proposal
+
+ config_get encryption_algorithm "${id}" encryption_algorithm
+ config_get hash_algorithm "${id}" hash_algorithm
+ config_get dh_group "${id}" dh_group
+
+ encryption_algorithm="${encryption_algorithm% *}"
+ proposal="${encryption_algorithm:+${encryption_algorithm}${hash_algorithm:+-${hash_algorithm}${dh_group:+;${dh_group%% *}}}}"
+ append ike_proposal "$proposal" ","
+}
+
+expand_phase2alg() {
+ local id="$1"
+ local encryption_algorithm hash_algorithm dh_group
+
+ config_get encryption_algorithm "${id}" encryption_algorithm
+ config_get hash_algorithm "${id}" hash_algorithm
+ config_get dh_group "${id}" dh_group
+
+ phase2alg_proposal="${encryption_algorithm:+${encryption_algorithm// /+}${hash_algorithm:+-${hash_algorithm// /+}${dh_group:+-${dh_group// /+}}}}"
+}
+
+generate_tunnel_config() {
+ local id=$1
+ local config_file="$IPSEC_CONF_DIR/$id.conf"
+ local secret_file="$IPSEC_CONF_DIR/$id.secret"
+ local tmp_config_file="/tmp/$id.conf"
+ local tmp_secret_file="/tmp/$id.secret"
+ local ikey mark_in okey mark_out ifid
+
+ config_get auto "$id" auto
+ config_get left "$id" left
+ config_get left_interface "$id" left_interface
+ [ -n "$left_interface" ] && network_get_ipaddr left "$left_interface"
+ config_get right "$id" right
+ config_get leftid "$id" leftid "$left"
+ config_get rightid "$id" rightid "$right"
+ config_get leftsourceip "$id" leftsourceip
+ config_get rightsourceip "$id" rightsourceip
+ config_get leftsubnets "$id" leftsubnets
+ config_get rightsubnets "$id" rightsubnets
+ config_get_bool ikev2 "$id" ikev2
+ [ "$ikev2" = "1" ] && ikev2=yes || ikev2=no
+ config_get_bool rekey "$id" rekey
+ [ "$rekey" = "1" ] && rekey=yes || rekey=no
+ config_get ikelifetime "$id" ikelifetime
+ config_get rekeymargin "$id" rekeymargin
+ config_get dpdaction "$id" dpdaction
+ config_get dpdtimeout "$id" dpdtimeout
+ config_get dpddelay "$id" dpddelay
+ config_get phase2 "$id" phase2
+ config_get phase2alg "$id" phase2alg
+ config_get nflog "$id" nflog 0
+ [ "$nflog" = "0" ] && unset nflog
+
+ config_list_foreach "$id" ike expand_ike
+ config_list_foreach "$id" phase2alg expand_phase2alg
+
+ config_get authby "$id" authby
+ config_get psk "$id" psk
+
+ if [ -n "$leftsubnets" ]; then
+ [[ "$leftsubnets" =~ 0.0.0.0* ]] && leftsubnets="0.0.0.0/0"
+ leftsubnets="{${leftsubnets// /,}}"
+ fi
+
+ if [ -n "$rightsubnets" ]; then
+ [[ "$rightsubnets" =~ 0.0.0.0* ]] && rightsubnets="0.0.0.0/0"
+ rightsubnets="{${rightsubnets// /,}}"
+ fi
+
+ config_get interface "$id" interface
+
+ cat << EOF > "$tmp_secret_file"
+$leftid $rightid : PSK "$psk"
+EOF
+
+ cat << EOF > "$tmp_config_file"
+conn $id
+ auto=${auto}
+ authby=${authby}
+ ikev2=${ikev2}
+ left=${left%% *}
+ ${leftid:+leftid=${leftid}}
+ ${leftsourceip:+leftsourceip=${leftsourceip}}
+ ${leftsubnets:+leftsubnets=${leftsubnets}}
+ right=${right%% *}
+ ${rightid:+rightid=${rightid}}
+ ${rightsourceip:+rightsourceip=${rightsourceip}}
+ ${rightsubnets:+rightsubnets=${rightsubnets}}
+ ${dpdaction:+dpdaction=${dpdaction}}
+ ${dpdtimeout:+dpdtimeout=${dpdtimeout}}
+ ${dpddelay:+dpddelay=${dpddelay}}
+ ${ikelifetime:+ikelifetime=${ikelifetime}}
+ ${rekey:+rekey=${rekey}}
+ ${rekeymargin:+rekeymargin=${rekeymargin}}
+ ${rekeyfuzz:+rekeyfuzz=${rekeyfuzz}}
+ ${phase2:+phase2=${phase2}}
+ ${ike_proposal:+ike=${ike_proposal}}
+ ${phase2alg_proposal:+phase2alg=${phase2alg_proposal}}
+ ${nflog:+nflog=${nflog}}
+EOF
+
+ if [ -n "$interface" ]; then
+ proto=$(uci_get network "$interface" proto)
+ case "$proto" in
+ vti)
+ ikey=$(uci_get network "$interface" ikey)
+ okey=$(uci_get network "$interface" okey)
+ mark_in=$(printf "0x%x" $ikey)
+ mark_out=$(printf "0x%x" $okey)
+ echo -e "${mark_in:+\tmark-in=${mark_in}}" >> "$tmp_config_file"
+ echo -e "${mark_out:+\tmark-out=${mark_out}}" >> "$tmp_config_file"
+ echo -e "${interface:+\tvti-interface=${interface}}" >> "$tmp_config_file"
+ ;;
+ xfrm)
+ ifid=$(uci_get network "$interface" ifid)
+ echo -e "${ifid:+\tipsec-interface=${ifid}}" >> "$tmp_config_file"
+ ;;
+ esac
+ fi
+
+
+ [ -f "$config_file" ] && {
+ cmp "$config_file" "$tmp_config_file" 2>/dev/null && rm -f "$tmp_config_file"
+ }
+
+ [ -f "$secret_file" ] && {
+ cmp "$secret_file" "$tmp_secret_file" 2>/dev/null && rm -f "$tmp_secret_file"
+ }
+
+ [ -f "$tmp_config_file" ] && mv "$tmp_config_file" "$config_file" && set_replace_flag "$id"
+ [ -f "$tmp_secret_file" ] && mv "$tmp_secret_file" "$secret_file" && set_replace_flag "$id"
+
+ unset ike_proposal phase2alg_proposal
+}
+
+generate_daemon_config() {
+ local tmp_config_file="/tmp/setup.conf"
+
+ config_get_bool debug globals debug 0
+ [ "$debug" = "0" ] && debug=none || debug=all
+ config_get_bool uniqueids globals uniqueids 0
+ [ "$uniqueids" = "0" ] && uniqueids=no || uniqueids=yes
+ config_get listen globals listen
+ config_get listen_interface globals listen_interface
+ [ -n "$listen_interface" ] && network_get_ipaddr listen "$listen_interface"
+ config_get virtual_private globals virtual_private
+ [ -z "$virtual_private" ] && virtual_private='10.0.0.0/8 192.168.0.0/16 172.16.0.0/12 25.0.0.0/8 100.64.0.0/10 !100.64.0.0/24'
+ config_get nflog_all globals nflog_all 0
+ [ "$nflog_all" = "0" ] && unset nflog_all
+
+ [ ! -d $IPSEC_DIR ] && mkdir -p $IPSEC_DIR
+ [ ! -d $IPSEC_CONF_DIR ] && mkdir -p $IPSEC_CONF_DIR
+
+ cat << EOF > "$tmp_config_file"
+config setup
+ ${debug:+plutodebug=${debug}}
+ ${uniqueids:+uniqueids=${uniqueids}}
+ ${listen:+listen=${listen}}
+ ${virtual_private:+virtual-private=%v4:${virtual_private// /,%v4:}}
+ ${nflog_all:+nflog-all=${nflog_all}}
+EOF
+
+ if ! cmp "$IPSEC_CONF" "$tmp_config_file" 2>/dev/null; then
+ mv "$tmp_config_file" "$IPSEC_CONF"
+ set_restart_flag 1
+ else
+ rm -f "$tmp_config_file"
+ fi
+
+ return 0
+}
+
+clean_config() {
+ rm -f $IPSEC_CONF_DIR/*.conf $IPSEC_CONF_DIR/*.secret
+}
+
+config_cb() {
+ local var="CONFIG_${1}_SECTIONS"
+ export $var
+ append "$var" "$2"
+}
+
+generate_config() {
+ config_load libreswan
+ generate_daemon_config
+ config_foreach generate_tunnel_config tunnel
+}
+
+regenerate_config() {
+ clean_config
+ generate_config
+}
+
+active_conns() {
+ local active_conns file _file
+
+ active_conns=$(${IPSEC_BIN} --trafficstatus | awk -F'[":/]' '{print $3}' | sort -u)
+
+ for file in $IPSEC_CONF_DIR/*.conf; do
+ _file="${file##*/}"
+ list_contains active_conns "${_file%%.*}" || append active_conns "${_file%%.*}"
+ done
+
+ echo "$active_conns"
+}
+
+start_service() {
+ generate_config
+ checkconfig || return 1
+
+ ${IPSEC_BIN} _stackmanager start
+
+ procd_open_instance
+ procd_set_param command $PROG --nofork
+ procd_set_param respawn
+ procd_close_instance
+}
+
+stop_service() {
+ ${IPSEC_BIN} whack --shutdown
+ ${IPSEC_BIN} _stackmanager stop
+}
+
+stop_tunnel() {
+ ${IPSEC_AUTO} --delete "$1" > /dev/null 2>&1
+ rm -f ${IPSEC_CONF_DIR}/$1.*
+}
+
+start_tunnel() {
+ generate_tunnel_config "$1"
+ ${IPSEC_AUTO} --add "$1" > /dev/null 2>&1
+ ${IPSEC_AUTO} --rereadsecrets
+ ${IPSEC_AUTO} --up "$1" > /dev/null 2>&1 &
+}
+
+reload_tunnel() {
+ generate_tunnel_config "$1"
+
+ replace_flag "$1" || return 0
+
+ ${IPSEC_AUTO} --rereadsecrets
+ ${IPSEC_AUTO} --replace "$1" > /dev/null 2>&1
+ ${IPSEC_AUTO} --up "$1" > /dev/null 2>&1 &
+}
+
+reload_service() {
+ local active_tunnels uci_tunnels
+ uci_tunnels="$@"
+
+ config_load libreswan
+ generate_daemon_config
+
+ if restart_flag; then
+ restart
+ return 0
+ fi
+
+ [ -z "$uci_tunnels" ] && config_get uci_tunnels tunnel SECTIONS
+
+ active_tunnels="$(active_conns)"
+
+ for tunnel in $active_tunnels; do
+ list_contains uci_tunnels "$tunnel" || stop_tunnel "$tunnel"
+ done
+
+ for tunnel in $uci_tunnels; do
+ if list_contains active_tunnels "$tunnel"; then
+ reload_tunnel "$tunnel"
+ else
+ start_tunnel "$tunnel"
+ fi
+ done
+}
+
+service_triggers() {
+ procd_add_reload_trigger 'libreswan'
+}
--- /dev/null
+include /var/run/ipsec/setup.conf
+include /var/run/ipsec/conf.d/*.conf
+include /etc/ipsec.d/*.conf
--- /dev/null
+include /var/run/ipsec/conf.d/*.secret
+include /etc/ipsec.d/*.secrets
--- /dev/null
+#!/bin/sh
+
+FW4="$(command -v fw4)"
+[ -n "$FW4" ] && exit 0
+
+IPT_LEGACY="$(command -v iptables-legacy)"
+IPT="$(command -v iptables)"
+BIN="${IPT_LEGACY:-$IPT}"
+[ -z "$BIN" ] && exit 0
+
+LIBRESWAN_INPUT="libreswan_input"
+LIBRESWAN_FORWARD="libreswan_forward"
+LIBRESWAN_OUTPUT="libreswan_output"
+LIBRESWAN_NFLOG_INPUT="libreswan_nflog_input"
+LIBRESWAN_NFLOG_OUTPUT="libreswan_nflog_output"
+LIBRESWAN_POSTROUTING="libreswan_postrouting"
+
+FW_DIR="/tmp/libreswan/firewall.d"
+LIBRESWAN_RULES_FILE="$FW_DIR/libreswan.rules"
+
+flush_delete_chain() {
+ [ $# -lt 2 ] && return
+
+ $BIN -t $1 -nL $2 > /dev/null 2>&1 || return
+
+ $BIN -t $1 -F $2
+ $BIN -t $1 -X $2
+}
+
+cleanup_libreswan_rules() {
+ $BIN -t filter -C input_rule -j $LIBRESWAN_INPUT > /dev/null 2>&1
+ [ $? -eq 0 ] && $BIN -t filter -D input_rule -j $LIBRESWAN_INPUT
+
+ $BIN -t filter -C output_rule -j $LIBRESWAN_OUTPUT > /dev/null 2>&1
+ [ $? -eq 0 ] && $BIN -t filter -D output_rule -j $LIBRESWAN_OUTPUT
+
+ $BIN -t filter -C forwarding_rule -j $LIBRESWAN_FORWARD > /dev/null 2>&1
+ [ $? -eq 0 ] && $BIN -t filter -D forwarding_rule -j $LIBRESWAN_FORWARD
+
+ $BIN -t nat -C postrouting_rule -j $LIBRESWAN_POSTROUTING > /dev/null 2>&1
+ [ $? -eq 0 ] && $BIN -t nat -D postrouting_rule -j $LIBRESWAN_POSTROUTING
+
+ flush_delete_chain filter $LIBRESWAN_NFLOG_INPUT
+ flush_delete_chain filter $LIBRESWAN_INPUT
+ flush_delete_chain filter $LIBRESWAN_FORWARD
+ flush_delete_chain filter $LIBRESWAN_NFLOG_OUTPUT
+ flush_delete_chain filter $LIBRESWAN_OUTPUT
+ flush_delete_chain filter $LIBRESWAN_NFLOG_INPUT
+ flush_delete_chain filter $LIBRESWAN_NFLOG_OUTPUT
+ flush_delete_chain nat $LIBRESWAN_POSTROUTING
+}
+
+create_chain_jump() {
+ [ $# -lt 3 ] && return
+
+ local table=$1
+ local chain=$2
+ local base_chain=$3
+
+ $BIN -t $table -N $chain
+ $BIN -t $table -C $base_chain -j $chain
+ [ $? -ne 0 ] && $BIN -t $table -I $base_chain -j $chain
+ $BIN -t $table -F $chain
+}
+
+if ! /etc/init.d/ipsec running; then
+ cleanup_libreswan_rules
+ exit 0
+fi
+
+eval $(ipsec addconn --configsetup)
+
+create_chain_jump filter "$LIBRESWAN_INPUT" "insert_rule"
+create_chain_jump filter "$LIBRESWAN_FORWARD" "forwarding_rule"
+create_chain_jump filter "$LIBRESWAN_OUTPUT" "output_rule"
+
+create_chain_jump filter "$LIBRESWAN_NFLOG_INPUT" "$LIBRESWAN_INPUT"
+create_chain_jump filter "$LIBRESWAN_NFLOG_OUTPUT" "$LIBRESWAN_OUTPUT"
+
+create_chain_jump nat "$LIBRESWAN_POSTROUTING" "postrouting_rule"
+
+[ ! -f $LIBRESWAN_RULES_FILE ] && exit 0
+
+if [ -n "$nflog_all" ]; then
+ sed -i -e '/NFLOG/d' "$LIBRESWAN_RULES_FILE"
+ $BIN -t filter -I $LIBRESWAN_NFLOG_INPUT -m policy --dir in --pol ipsec -j NFLOG --nflog-group ${nflog_all} --nflog-prefix all-ipsec
+ $BIN -t filter -I $LIBRESWAN_NFLOG_OUTPUT -m policy --dir out --pol ipsec -j NFLOG --nflog-group ${nflog_all} --nflog-prefix all-ipsec
+fi
+
+sh $LIBRESWAN_RULES_FILE
--- /dev/null
+#!/bin/sh
+
+. /lib/functions.sh
+
+uci_add firewall include libreswan
+uci_set firewall libreswan path '/etc/libreswan_firewall.sh'
+uci_set firewall libreswan reload 1
+uci_commit firewall
+++ /dev/null
-config setup
- # needed when using PSK only. Not needed for X.509 based servers
- uniqueids=no
- virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v4:!100.64.0.0/24
-
-conn ikev1
- authby=secret
- pfs=no
- auto=add
- rekey=no
- left=%defaultroute
- right=%any
- ikev2=never
- type=transport
- leftprotoport=17/1701
- rightprotoport=17/%any
- dpddelay=15
- dpdtimeout=30
- dpdaction=clear
-
-conn ikev1-nat
- also=ikev1
- rightsubnet=vhost:%priv
-
-# include /etc/ipsec.d/*.conf
+++ /dev/null
-#!/bin/sh /etc/rc.common
-
-START=90
-STOP=10
-
-USE_PROCD=1
-PROG="/usr/libexec/ipsec/pluto"
-IPSEC_SECRETS=/etc/ipsec.secrets
-IPSEC_CONF=/etc/ipsec.conf
-IPSEC_BIN=/usr/sbin/ipsec
-
-checkconfig() {
- ${IPSEC_BIN} addconn --checkconfig || return 1
- mkdir -p /var/run/pluto
-}
-
-start_service() {
- checkconfig || return 1
-
- ipsec _stackmanager start
- # Enable nflog if configured
- ipsec --checknflog > /dev/null
-
- procd_open_instance
- procd_set_param command $PROG --config ${IPSEC_CONF} --nofork --secretsfile ${IPSEC_SECRETS}
- procd_set_param respawn
- procd_close_instance
-}
-
-stop_service() {
- ipsec whack --shutdown
- ipsec _stackmanager stop
- ipsec --stopnflog > /dev/null
-
-}
-
+++ /dev/null
-# Unlike older openswan, this file does NOT contain any X.509 related
-# information such as private key :RSA statements as these now reside
-# in the NSS database. See:
-#
-# https://libreswan.org/wiki/Using_NSS_with_libreswan
-# https://libreswan.org/wiki/Migrating_from_Openswan
-
-# A.B.C.D %any : PSK "SsEeCcRrEeTt"
-: PSK "SsEeCcRrEeTt"
-# include /etc/ipsec.d/*.secrets
--- /dev/null
+#!/bin/sh
+
+/sbin/hotplug-call libreswan
--- /dev/null
+#!/bin/sh
+
+. /lib/functions.sh
+. /usr/share/libubox/jshn.sh
+
+RPC_SCRIPTS=/usr/libexec/libreswan/rpc
+
+[ -d $RPC_SCRIPTS ] && include $RPC_SCRIPTS
+
+IPSEC_TRAFFIC_STATES="/tmp/ipsec_traffic.$$"
+IPSEC_TUNNEL_STATUS="/tmp/ipsec_status.$$"
+
+__function__() {
+ type "$1" > /dev/null 2>&1
+}
+
+foreach_extra() {
+ local file obj
+
+ [ ! -d $RPC_SCRIPTS ] && return
+
+ for file in $RPC_SCRIPTS/*; do
+ obj="${file##*/}"
+ $1 "${obj%%.*}"
+ done
+}
+
+get_index() {
+ [ $# -lt 2 ] && return 1
+
+ local var=$1
+ local str=$2
+ local ele
+ local i=1
+
+ eval "val=\"\${$var}\""
+
+ for ele in ${val}; do
+ if [[ "$ele" = "$str" ]]; then
+ echo "$i"
+ return 0
+ fi
+ i="$((i+1))"
+ done
+
+ return 1
+}
+
+phase1_established() {
+ grep -q "\"${1%/*}\/.*(IKE SA established)\|\"${1%/*}\/.*(established IKE SA)" "$IPSEC_TUNNEL_STATUS"
+}
+
+phase2_established() {
+ grep -q "\"$1\".*(IPsec SA established)\|\"$1\".*(established Child SA)" "$IPSEC_TUNNEL_STATUS"
+}
+
+add_tunnel_object() {
+ local id="$1"
+ local leftsubnets rightsubnets right ctime active_right
+ local phase1=0 phase2=0 add_time inBytes outBytes
+
+ config_get right "$id" right
+ config_get leftsubnets "$id" leftsubnets
+ config_get rightsubnets "$id" rightsubnets
+
+ if [ -z "$right" ] || [ "$right" = "%any" ] || [ "$right" == "0.0.0.0" ]; then
+ active_right=$(awk -F'[: ]' '{ if ( $4 ~ "'"$id/"'") {print $5; exit 0};}' "$IPSEC_TUNNEL_STATUS")
+ fi
+
+ for lsubnet in $leftsubnets; do
+ lidx=$(get_index leftsubnets $lsubnet)
+ for rsubnet in $rightsubnets; do
+ ridx=$(get_index rightsubnets $rsubnet)
+ tid="${id}/${lidx}x${ridx}"
+
+ eval $(awk -F, '{if ($1 ~ "'"$tid"'" ) {printf("%s %s %s", $3, $4, $5)};}' "$IPSEC_TRAFFIC_STATES")
+ json_add_object tunnels
+ json_add_string name "$id"
+ json_add_string right "$right${active_right:+ (${active_right})}"
+ json_add_string leftsubnet "$lsubnet"
+ json_add_string rightsubnet "$rsubnet"
+ json_add_int tx "$outBytes"
+ json_add_int rx "$inBytes"
+
+ phase1_established "$tid" && phase1=1
+ phase2_established "$tid" && phase2=1
+
+ json_add_boolean phase1 "$phase1"
+ json_add_boolean phase2 "$phase2"
+
+ if [ "$phase1" = "1" ] && [ "$phase2" = "1" ]; then
+ ctime="$(date +%s)"
+ json_add_boolean connected 1
+ json_add_int uptime "$((ctime - add_time))"
+ else
+ json_add_boolean connected 0
+ json_add_int uptime 0
+ fi
+
+ json_close_object
+ done
+ done
+}
+
+generate_libreswan_states() {
+ ipsec trafficstatus > "$IPSEC_TRAFFIC_STATES"
+ ipsec status > "$IPSEC_TUNNEL_STATUS"
+}
+
+clean_libreswan_states() {
+ return
+ rm -f "$IPSEC_TRAFFIC_STATES" "$IPSEC_TUNNEL_STATUS"
+}
+
+libreswan_status() {
+ config_load libreswan
+
+ generate_libreswan_states
+
+ json_init
+ json_add_array tunnels
+ config_foreach add_tunnel_object tunnel
+ json_close_array
+ json_dump
+
+ clean_libreswan_states
+}
+
+call_extra() {
+ if __function__ "$1"; then
+ $1
+ else
+ json_init
+ json_add_string error "invalid call $1"
+ json_dump
+ fi
+}
+
+call_method() {
+ case "$1" in
+ status)
+ libreswan_status
+ ;;
+ *)
+ call_extra $1
+ ;;
+ esac
+}
+
+list_extra() {
+ if __function__ "${1}_help"; then
+ ${1}_help
+ else
+ json_add_object "$1"
+ json_close_object
+ fi
+}
+
+list_methods() {
+ local file
+
+ json_init
+
+ json_add_object status
+ json_close_object
+
+ foreach_extra list_extra ${1}
+
+ json_dump
+}
+
+main () {
+ case "$1" in
+ list)
+ list_methods
+ ;;
+ call)
+ call_method $2
+ ;;
+ esac
+}
+
+main "$@"
--- /dev/null
+jump libreswan_forward
--- /dev/null
+jump libreswan_nflog_input
+jump libreswan_input
--- /dev/null
+jump libreswan_nflog_output
+jump libreswan_output
--- /dev/null
+jump libreswan_srcnat
--- /dev/null
+chain libreswan_input {}
+chain libreswan_nflog_input {}
+chain libreswan_forward {}
+chain libreswan_output {}
+chain libreswan_nflog_output {}
+chain libreswan_srcnat {}
include $(TOPDIR)/rules.mk
PKG_NAME:=lighttpd
-PKG_VERSION:=1.4.72
+PKG_VERSION:=1.4.73
PKG_RELEASE:=1
# release candidate ~rcX testing; remove for release
#PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://download.lighttpd.net/lighttpd/releases-1.4.x
-PKG_HASH:=f7cade4d69b754a0748c01463c33cd8b456ca9cc03bb09e85a71bcbcd54e55ec
+PKG_HASH:=818816d0b314b0aa8728a7076513435f6d5eb227f3b61323468e1f10dbe84ca8
-PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
+PKG_MAINTAINER:=Glenn Strauss <gstrauss@gluelogic.com>
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=COPYING
PKG_CPE_ID:=cpe:/a:lighttpd:lighttpd
PKG_NAME:=mDNSResponder
PKG_VERSION:=IETF104
-PKG_RELEASE:=6
+PKG_RELEASE:=5
PKG_SOURCE:=mDNSResponder-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://opensource.apple.com/tarballs/mDNSResponder/IETF/
endef
define Build/InstallDev
- $(INSTALL_DIR) $(1)/usr/include/mdns
- $(CP) $(PKG_INSTALL_DIR)/usr/include/dns_sd.h $(1)/usr/include/mdns
- $(INSTALL_DIR) $(1)/usr/lib/mdns
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libdns_sd.so.1 $(1)/usr/lib/mdns
- $(LN) -s libdns_sd.so.1 $(1)/usr/lib/mdns/libdns_sd.so
+ $(INSTALL_DIR) $(1)/usr/include
+ $(CP) $(PKG_INSTALL_DIR)/usr/include/dns_sd.h $(1)/usr/include/
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libdns_sd.so.1 $(1)/usr/lib/
+ $(LN) -s libdns_sd.so.1 $(1)/usr/lib/libdns_sd.so
endef
define Package/mdns-utils/install
$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/mdnsd.init $(1)/etc/init.d/mdnsd
- $(INSTALL_DIR) $(1)/usr/lib/mdns
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libdns_sd.so.1 $(1)/usr/lib/mdns
- $(LN) -s libdns_sd.so.1 $(1)/usr/lib/mdns/libdns_sd.so
+ $(INSTALL_DIR) $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libdns_sd.so.1 $(1)/usr/lib/
+ $(LN) -s libdns_sd.so.1 $(1)/usr/lib/libdns_sd.so
endef
define Package/mdnsresponder/install
PKG_NAME:=modemmanager
PKG_SOURCE_VERSION:=1.22.0
-PKG_RELEASE:=3
+PKG_RELEASE:=5
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://gitlab.freedesktop.org/mobile-broadband/ModemManager.git
# Cleanup interfaces
mm_cleanup_interfaces() {
- local modemlist modemlength idx modeminfo modemsysfspath
-
- modemlist=$(mmcli --list-modems --output-keyvalue)
- [ -n "${modemlist}" ] || return 0
-
- modemlength=$(modemmanager_get_field "${modemlist}" "modem-list.length")
-
- # do nothing if no modem reported
- [ -n "${modemlength}" ] && [ "${modemlength}" -ge 1 ] && {
- idx=1
- while [ $idx -le "$modemlength" ]; do
- modempath=$(modemmanager_get_field "${modemlist}" "modem-list.value\[$idx\]")
- modeminfo=$(mmcli --modem "${modempath}" --output-keyvalue)
- modemsysfspath=$(modemmanager_get_field "${modeminfo}" "modem.generic.device")
- mm_cleanup_interface_by_sysfspath "${modemsysfspath}"
- idx=$((idx + 1))
- done
- }
+ local sysfs_path status
+
+ # Do nothing if there is no sysfs cache
+ [ -f "${MODEMMANAGER_SYSFS_CACHE}" ] || return
+
+ while IFS= read -r sysfs_cache_line; do
+ sysfs_path=$(echo "${sysfs_cache_line}" | awk '{print $1}')
+ status=$(echo "${sysfs_cache_line}" | awk '{print $2}')
+
+ if [ "${status}" = "processed" ]; then
+ mm_log "debug" "call cleanup for: ${sysfs_path}"
+ mm_cleanup_interface_by_sysfspath "${sysfs_path}"
+ fi
+ done < ${MODEMMANAGER_SYSFS_CACHE}
}
mm_cleanup_interface_by_sysfspath() {
LOG_LEVEL="INFO"
-stop_service() {
- # Load common utils
- . /usr/share/ModemManager/modemmanager.common
- # Set all configured interfaces as unavailable
- mm_cleanup_interfaces
-}
-
start_service() {
# Setup ModemManager service
#
mkdir -p "${MODEMMANAGER_RUNDIR}"
chmod 0755 "${MODEMMANAGER_RUNDIR}"
- mm_cleanup_interfaces
/usr/sbin/ModemManager "$@" 1>/dev/null 2>/dev/null &
CHILD="$!"
mm_report_events_from_cache
wait "$CHILD"
+
+ # Set all configured interfaces as unavailable
+ mm_cleanup_interfaces
}
main "$@"
PKG_NAME:=openthread-br
PKG_SOURCE_DATE:=2023-08-01
PKG_SOURCE_VERSION:=1738d8cd8b42106c2ef1262fbbac2f06beab83ba
-PKG_RELEASE:=2
+PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=https://github.com/openthread/ot-br-posix.git
-DOTBR_SRP_SERVER_AUTO_ENABLE:BOOL=ON \
-DOTBR_TREL:BOOL=ON
-TARGET_CFLAGS += -DOPENTHREAD_POSIX_CONFIG_DAEMON_SOCKET_BASENAME=\\\"/var/run/openthread-%s\\\" \
- -I$(STAGING_DIR)/usr/include/mdns \
- -L$(STAGING_DIR)/usr/lib/mdns
+TARGET_CFLAGS += -DOPENTHREAD_POSIX_CONFIG_DAEMON_SOCKET_BASENAME=\\\"/var/run/openthread-%s\\\"
define Package/luci-app-openthread/install
$(INSTALL_DIR) \
define Package/openthread-br/install
$(INSTALL_DIR) \
+ $(1)/etc/init.d \
$(1)/lib/netifd/proto \
$(1)/usr/sbin \
$(1)/var/lib/thread
src/rest/resource.hpp | 1 +
3 files changed, 57 insertions(+)
+diff --git a/src/rest/openapi.yaml b/src/rest/openapi.yaml
+index 2ba2a4dd56..2edc4af29a 100644
--- a/src/rest/openapi.yaml
+++ b/src/rest/openapi.yaml
@@ -248,6 +248,18 @@ paths:
components:
schemas:
LeaderData:
+diff --git a/src/rest/resource.cpp b/src/rest/resource.cpp
+index a60e9d9483..829835341a 100644
--- a/src/rest/resource.cpp
+++ b/src/rest/resource.cpp
@@ -767,12 +767,47 @@ exit:
case HttpMethod::kGet:
GetDataset(aDatasetType, aRequest, aResponse);
break;
+diff --git a/src/rest/resource.hpp b/src/rest/resource.hpp
+index d79085dbfc..362e501471 100644
--- a/src/rest/resource.hpp
+++ b/src/rest/resource.hpp
@@ -150,6 +150,7 @@ private:
void DeleteOutDatedDiagnostic(void);
void UpdateDiag(std::string aKey, std::vector<otNetworkDiagTlv> &aDiag);
+--
+2.41.0
+
include $(TOPDIR)/rules.mk
PKG_NAME:=privoxy
-PKG_VERSION:=3.0.33
-PKG_RELEASE:=4
+PKG_VERSION:=3.0.34
+PKG_RELEASE:=1
-PKG_SOURCE:=privoxy-$(PKG_VERSION)-stable-src.tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-stable-src.tar.gz
PKG_SOURCE_URL:=@SF/ijbswa
-PKG_HASH:=04b104e70dac61561b9dd110684b250fafc8c13dbe437a60fae18ddd9a881fae
-PKG_BUILD_DIR:=$(BUILD_DIR)/privoxy-$(PKG_VERSION)-stable
+PKG_HASH:=e6ccbca1656f4e616b4657f8514e33a70f6697e9d7294356577839322a3c5d2c
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)-stable
PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
URL:=http://www.privoxy.org/
USERID:=privoxy=8118:privoxy=8118
MENU:=1
- DEPENDS:=+!PRIVOXY_no_pcre:libpcre +!PRIVOXY_no_pthread:libpthread +!PRIVOXY_no_zlib:zlib
+ DEPENDS:=+!PRIVOXY_no_pcre:libpcre2 +!PRIVOXY_no_pthread:libpthread +!PRIVOXY_no_zlib:zlib
endef
# shown in LuCI package description
--- /dev/null
+From 53748ca8ca3c893025be34dd4f104546fcbd0602 Mon Sep 17 00:00:00 2001
+From: Fabian Keil <fk@fabiankeil.de>
+Date: Sat, 17 Jun 2023 13:20:24 +0200
+Subject: [PATCH] Add pcre2 support
+
+This is currently expected to cause crashes on Windows
+when compiled with GUI support.
+
+Closes bug #935.
+Initial patch submitted by: Gagan Sidhu
+---
+ acconfig.h | 6 ++
+ actions.c | 8 +++
+ cgi.c | 9 ++-
+ client-tags.c | 5 ++
+ configure.in | 64 ++++++++++++++++-
+ pcrs.c | 148 +++++++++++++++++++++++++++++----------
+ pcrs.h | 40 +++++++----
+ project.h | 54 +++++++++-----
+ templates/show-status | 5 +-
+ urlmatch.c | 159 ++++++++++++++++++++++++++++++++++++++++++
+ urlmatch.h | 4 ++
+ w32log.c | 3 +
+ 12 files changed, 430 insertions(+), 75 deletions(-)
+
+--- a/acconfig.h
++++ b/acconfig.h
+@@ -225,11 +225,17 @@
+ /* Define if pcre.h must be included as <pcre/pcre.h>
+ */
+ #undef PCRE_H_IN_SUBDIR
++#undef PCRE2_H_IN_SUBDIR
++
++#undef HAVE_PCRE2
++#undef HAVE_PCRE2POSIX
+
+ /* Define if pcreposix.h must be included as <pcre/pcreposix.h>
+ */
+ #undef PCREPOSIX_H_IN_SUBDIR
+
++#undef PCRE2POSIX_H_IN_SUBDIR
++
+ @BOTTOM@
+
+ /*
+--- a/actions.c
++++ b/actions.c
+@@ -828,8 +828,12 @@ int update_action_bits_for_tag(struct cl
+ continue;
+ }
+
++#ifdef HAVE_PCRE2
++ if (pcre2_pattern_matches(b->url->pattern.tag_regex, tag))
++#else
+ /* and check if one of the tag patterns matches the tag, */
+ if (0 == regexec(b->url->pattern.tag_regex, tag, 0, NULL, 0))
++#endif
+ {
+ /* if it does, update the action bit map, */
+ if (merge_current_action(csp->action, b->action))
+@@ -884,7 +888,11 @@ jb_err check_negative_tag_patterns(struc
+ }
+ for (tag = csp->tags->first; NULL != tag; tag = tag->next)
+ {
++#ifdef HAVE_PCRE2
++ if (pcre2_pattern_matches(b->url->pattern.tag_regex, tag->str))
++#else
+ if (0 == regexec(b->url->pattern.tag_regex, tag->str, 0, NULL, 0))
++#endif
+ {
+ /*
+ * The pattern matches at least one tag, thus the action
+--- a/cgi.c
++++ b/cgi.c
+@@ -2023,7 +2023,7 @@ jb_err template_fill(char **template_ptr
+ char buf[BUFFER_SIZE];
+ char *tmp_out_buffer;
+ char *file_buffer;
+- size_t size;
++ size_t buffer_size, new_size;
+ int error;
+ const char *flags;
+
+@@ -2032,7 +2032,7 @@ jb_err template_fill(char **template_ptr
+ assert(exports);
+
+ file_buffer = *template_ptr;
+- size = strlen(file_buffer) + 1;
++ buffer_size = strlen(file_buffer) + 1;
+
+ /*
+ * Assemble pcrs joblist from exports map
+@@ -2082,7 +2082,10 @@ jb_err template_fill(char **template_ptr
+ }
+ else
+ {
+- error = pcrs_execute(job, file_buffer, size, &tmp_out_buffer, &size);
++ error = pcrs_execute(job, file_buffer, buffer_size, &tmp_out_buffer,
++ &new_size);
++
++ buffer_size = new_size;
+
+ pcrs_free_job(job);
+ if (NULL == tmp_out_buffer)
+--- a/client-tags.c
++++ b/client-tags.c
+@@ -43,6 +43,7 @@
+ #include "miscutil.h"
+ #include "errlog.h"
+ #include "parsers.h"
++#include "urlmatch.h"
+
+ struct client_specific_tag
+ {
+@@ -658,7 +659,11 @@ int client_tag_match(const struct patter
+
+ for (tag = tags->first; tag != NULL; tag = tag->next)
+ {
++#ifdef HAVE_PCRE2
++ if (pcre2_pattern_matches(pattern->pattern.tag_regex, tag->str))
++#else
+ if (0 == regexec(pattern->pattern.tag_regex, tag->str, 0, NULL, 0))
++#endif
+ {
+ log_error(LOG_LEVEL_TAGGING, "Client tag '%s' matches.", tag->str);
+ return 1;
+--- a/configure.in
++++ b/configure.in
+@@ -863,12 +863,47 @@ else
+ ])
+ fi
+
++AC_ARG_ENABLE(pcre2,
++[ --disable-pcre2 Don't try to use pcre2 even if it's available],
++[enableval2=$enableval],
++[enableval2=yes])
++if test $enableval2 = yes; then
++ try_pcre2=yes
++else
++ AC_MSG_WARN([Ignoring pcre2 even if it's available])
++ try_pcre2=no
++fi
++
++if test $try_pcre2 != no; then
+ dnl =================================================================
+ dnl Checks for libraries.
+ dnl =================================================================
+ dnl Note: Some systems may have the library but not the system header
+ dnl file, so we must check for both.
+ dnl Also check for correct version
++AC_CHECK_LIB(pcre2-8, pcre2_compile_8, [
++ AC_CHECK_HEADER(pcre2.h, [
++ AC_EGREP_HEADER(pcre2_pattern_info, pcre2.h,[have_pcre2=yes; AC_DEFINE(HAVE_PCRE2)], [AC_MSG_WARN([[pcre2 old version installed]]); have_pcre2=no])
++ ], [
++ AC_CHECK_HEADER(pcre2/pcre2.h, [
++ AC_EGREP_HEADER(pcre2_pattern_info, pcre2/pcre2.h, [have_pcre2=yes; AC_DEFINE(PCRE2_H_IN_SUBDIR)], [AC_MSG_WARN([[pcre2 old version installed]]); have_pcre2=no])
++ ], [have_pcre2=no])
++ ], [#define PCRE2_CODE_UNIT_WIDTH 8])
++], [have_pcre2=no])
++
++AC_CHECK_LIB(pcre2-posix, regcomp, [
++ AC_CHECK_HEADER(pcre2posix.h, [
++ AC_EGREP_HEADER(pcre2_regerror, pcre2posix.h, [have_pcre2posix=yes],[AC_MSG_WARN([[pcre2posix old version installed]]); have_pcre2posix=no])
++ ], [
++ AC_CHECK_HEADER(pcre/pcre2posix.h, [
++ AC_EGREP_HEADER(pcre2_regerror, pcre2/pcre2posix.h, [have_pcre2posix=yes; AC_DEFINE(PCRE2POSIX_H_IN_SUBDIR)],[AC_MSG_WARN([[pcre2posix old version installed]]); have_pcre2posix=no])
++ ], [have_pcre2posix=no])
++ ])
++], [have_pcre2posix=no], -lpcre2-8)
++fi
++
++if test $have_pcre2 = "no"; then
++
+ AC_CHECK_LIB(pcre, pcre_compile, [
+ AC_CHECK_HEADER(pcre.h, [
+ AC_EGREP_HEADER(pcre_fullinfo, pcre.h, [have_pcre=yes], [AC_MSG_WARN([[pcre old version installed]]); have_pcre=no])
+@@ -889,6 +924,7 @@ AC_CHECK_LIB(pcreposix, regcomp, [
+ ])
+ ], [have_pcreposix=no], -lpcre)
+
++fi
+ dnl ================================================================
+ dnl libpcrs is temporarily disabled.
+ dnl
+@@ -1095,6 +1131,31 @@ fi
+ # we don't need pcreposix, then link pcre dynamically; else
+ # build it and link statically
+ #
++
++#check for libpcre2 first. then regular pcre
++
++if test $have_pcre2 = "yes"; then
++ echo "using libpcre2"
++ STATIC_PCRE_ONLY=#
++ LIBS="$LIBS -lpcre2-8 -lpcre2-posix"
++ if test "$use_static_pcre" = "yes"; then
++ pcre_dyn=no
++ AC_DEFINE(PCRE_STATIC,1,[Define to statically link to pcre library on Windows.])
++# see /usr/i686-w64-mingw32/sys-root/mingw/include/pcre.h line 54
++# #if defined(_WIN32) && !defined(PCRE_STATIC)
++# # ifndef PCRE_EXP_DECL
++# # define PCRE_EXP_DECL extern __declspec(dllimport)
++# # endif
++# If you want to statically link a program against a PCRE library in the form of
++# a non-dll .a file, you must define PCRE_STATIC before including pcre.h or
++# pcrecpp.h, otherwise the pcre_malloc() and pcre_free() exported functions will
++# be declared __declspec(dllimport), with unwanted results.
++ else
++ pcre_dyn=yes
++ AC_DEFINE(FEATURE_DYNAMIC_PCRE,1,[Define to dynamically link to pcre.])
++ fi
++else
++
+ if test $have_pcre = "yes"; then
+ echo "using libpcre"
+ STATIC_PCRE_ONLY=#
+@@ -1116,7 +1177,8 @@ if test $have_pcre = "yes"; then
+ AC_DEFINE(FEATURE_DYNAMIC_PCRE,1,[Define to dynamically link to pcre.])
+ fi
+ else
+- AC_MSG_ERROR(pcre library not detected.)
++ AC_MSG_ERROR(Detected neither pcre2 nor pcre library.)
++fi
+ fi
+
+ AC_DEFINE(FEATURE_CONNECTION_KEEP_ALIVE)
+--- a/pcrs.c
++++ b/pcrs.c
+@@ -57,7 +57,7 @@
+ * Internal prototypes
+ */
+
+-static int pcrs_parse_perl_options(const char *optstring, int *flags);
++static int pcrs_parse_perl_options(const char *optstring, unsigned int *flags);
+ static pcrs_substitute *pcrs_compile_replacement(const char *replacement, int trivialflag,
+ int capturecount, int *errptr);
+ static int is_hex_sequence(const char *sequence);
+@@ -83,25 +83,25 @@ const char *pcrs_strerror(const int erro
+ switch (error)
+ {
+ /* Passed-through PCRE error: */
+- case PCRE_ERROR_NOMEMORY: return "(pcre:) No memory";
++ case PCREn(ERROR_NOMEMORY): return "(pcre:) No memory";
+
+ /* Shouldn't happen unless PCRE or PCRS bug, or user messed with compiled job: */
+- case PCRE_ERROR_NULL: return "(pcre:) NULL code or subject or ovector";
+- case PCRE_ERROR_BADOPTION: return "(pcre:) Unrecognized option bit";
+- case PCRE_ERROR_BADMAGIC: return "(pcre:) Bad magic number in code";
++ case PCREn(ERROR_NULL): return "(pcre:) NULL code or subject or ovector";
++ case PCREn(ERROR_BADOPTION): return "(pcre:) Unrecognized option bit";
++ case PCREn(ERROR_BADMAGIC): return "(pcre:) Bad magic number in code";
++#if defined(PCRE_ERROR_UNKNOWN_NODE)
+ case PCRE_ERROR_UNKNOWN_NODE: return "(pcre:) Bad node in pattern";
+-
++#endif
+ /* Can't happen / not passed: */
+- case PCRE_ERROR_NOSUBSTRING: return "(pcre:) Fire in power supply";
+- case PCRE_ERROR_NOMATCH: return "(pcre:) Water in power supply";
++ case PCREn(ERROR_NOSUBSTRING): return "(pcre:) Fire in power supply";
++ case PCREn(ERROR_NOMATCH): return "(pcre:) Water in power supply";
+
+ #ifdef PCRE_ERROR_MATCHLIMIT
+ /*
+ * Only reported by PCRE versions newer than our own.
+ */
+- case PCRE_ERROR_MATCHLIMIT: return "(pcre:) Match limit reached";
++ case PCREn(ERROR_MATCHLIMIT): return "(pcre:) Match limit reached";
+ #endif /* def PCRE_ERROR_MATCHLIMIT */
+-
+ /* PCRS errors: */
+ case PCRS_ERR_NOMEM: return "(pcrs:) No memory";
+ case PCRS_ERR_CMDSYNTAX: return "(pcrs:) Syntax error while parsing command";
+@@ -111,16 +111,14 @@ const char *pcrs_strerror(const int erro
+ case PCRS_WARN_TRUNCATION:
+ return "(pcrs:) At least one variable was too big and has been truncated before compilation";
+
+- /*
+- * XXX: With the exception of PCRE_ERROR_MATCHLIMIT we
+- * only catch PCRE errors that can happen with our internal
+- * version. If Privoxy is linked against a newer
+- * PCRE version all bets are off ...
+- */
+ default:
++#ifdef HAVE_PCRE2
++ pcre2_get_error_message(error, (PCRE2_UCHAR8*)buf, sizeof(buf));
++#else
+ snprintf(buf, sizeof(buf),
+ "Error code %d. For details, check the pcre documentation.",
+ error);
++#endif
+ return buf;
+ }
+ }
+@@ -149,7 +147,7 @@ const char *pcrs_strerror(const int erro
+ * Returns : option integer suitable for pcre
+ *
+ *********************************************************************/
+-static int pcrs_parse_perl_options(const char *optstring, int *flags)
++static int pcrs_parse_perl_options(const char *optstring, unsigned int *flags)
+ {
+ size_t i;
+ int rc = 0;
+@@ -163,13 +161,13 @@ static int pcrs_parse_perl_options(const
+ {
+ case 'e': break; /* ToDo ;-) */
+ case 'g': *flags |= PCRS_GLOBAL; break;
+- case 'i': rc |= PCRE_CASELESS; break;
+- case 'm': rc |= PCRE_MULTILINE; break;
++ case 'i': rc |= PCREn(CASELESS); break;
++ case 'm': rc |= PCREn(MULTILINE); break;
+ case 'o': break;
+- case 's': rc |= PCRE_DOTALL; break;
+- case 'x': rc |= PCRE_EXTENDED; break;
++ case 's': rc |= PCREn(DOTALL); break;
++ case 'x': rc |= PCREn(EXTENDED); break;
+ case 'D': *flags |= PCRS_DYNAMIC; break;
+- case 'U': rc |= PCRE_UNGREEDY; break;
++ case 'U': rc |= PCREn(UNGREEDY); break;
+ case 'T': *flags |= PCRS_TRIVIAL; break;
+ default: break;
+ }
+@@ -471,7 +469,15 @@ pcrs_job *pcrs_free_job(pcrs_job *job)
+ else
+ {
+ next = job->next;
+- if (job->pattern != NULL) free(job->pattern);
++ if (job->pattern != NULL)
++ {
++#ifdef HAVE_PCRE2
++ pcre2_code_free(job->pattern);
++#else
++ free(job->pattern);
++#endif
++ }
++#ifndef HAVE_PCRE2
+ if (job->hints != NULL)
+ {
+ #ifdef PCRE_CONFIG_JIT
+@@ -480,6 +486,7 @@ pcrs_job *pcrs_free_job(pcrs_job *job)
+ free(job->hints);
+ #endif
+ }
++#endif
+ if (job->substitute != NULL)
+ {
+ if (job->substitute->text != NULL) free(job->substitute->text);
+@@ -626,10 +633,14 @@ pcrs_job *pcrs_compile_command(const cha
+ pcrs_job *pcrs_compile(const char *pattern, const char *substitute, const char *options, int *errptr)
+ {
+ pcrs_job *newjob;
+- int flags;
++ unsigned int flags;
+ int capturecount;
+- const char *error;
++#ifdef HAVE_PCRE2
++ int ret;
++#else
+ int pcre_study_options = 0;
++ const char *error;
++#endif
+
+ *errptr = 0;
+
+@@ -661,25 +672,43 @@ pcrs_job *pcrs_compile(const char *patte
+ /*
+ * Compile the pattern
+ */
++#ifdef HAVE_PCRE2
++ PCRE2_SIZE error_offset;
++ newjob->pattern = pcre2_compile((const unsigned char *)pattern,
++ PCRE2_ZERO_TERMINATED, (unsigned)newjob->options, errptr,
++ &error_offset, NULL);
++#else
+ newjob->pattern = pcre_compile(pattern, newjob->options, &error, errptr, NULL);
++#endif
+ if (newjob->pattern == NULL)
+ {
+ pcrs_free_job(newjob);
+ return NULL;
+ }
+
+-
+-#ifdef PCRE_STUDY_JIT_COMPILE
++#if defined(PCRE_STUDY_JIT_COMPILE) || defined(HAVE_PCRE2)
+ #ifdef DISABLE_PCRE_JIT_COMPILATION
+ #warning PCRE_STUDY_JIT_COMPILE is supported but Privoxy has been configured not to use it
+ #else
+ if (!(flags & PCRS_DYNAMIC))
+ {
++#ifdef HAVE_PCRE2
++ /* Try to enable JIT compilation but continue if it's unsupported. */
++ if ((ret = pcre2_jit_compile(newjob->pattern, PCRE2_JIT_COMPLETE)) &&
++ (ret != PCRE2_ERROR_JIT_BADOPTION))
++ {
++ *errptr = ret;
++ pcrs_free_job(newjob);
++ return NULL;
++ }
++#else
+ pcre_study_options = PCRE_STUDY_JIT_COMPILE;
++#endif
+ }
+ #endif
+ #endif
+
++#ifndef HAVE_PCRE2
+ /*
+ * Generate hints. This has little overhead, since the
+ * hints will be NULL for a boring pattern anyway.
+@@ -691,13 +720,17 @@ pcrs_job *pcrs_compile(const char *patte
+ pcrs_free_job(newjob);
+ return NULL;
+ }
+-
++#endif
+
+ /*
+ * Determine the number of capturing subpatterns.
+ * This is needed for handling $+ in the substitute.
+ */
++#ifdef HAVE_PCRE2
++ if (0 > (*errptr = pcre2_pattern_info(newjob->pattern, PCRE2_INFO_CAPTURECOUNT, &capturecount)))
++#else
+ if (0 > (*errptr = pcre_fullinfo(newjob->pattern, newjob->hints, PCRE_INFO_CAPTURECOUNT, &capturecount)))
++#endif
+ {
+ pcrs_free_job(newjob);
+ return NULL;
+@@ -809,14 +842,20 @@ int pcrs_execute_list(pcrs_job *joblist,
+ *********************************************************************/
+ int pcrs_execute(pcrs_job *job, const char *subject, size_t subject_length, char **result, size_t *result_length)
+ {
+- int offsets[3 * PCRS_MAX_SUBMATCHES],
+- offset,
++ int offset,
+ i, k,
+ matches_found,
+ submatches,
+ max_matches = PCRS_MAX_MATCH_INIT;
+ size_t newsize;
++#ifdef HAVE_PCRE2
+ pcrs_match *matches, *dummy;
++ pcre2_match_data *pcre2_matches;
++ size_t *offsets;
++#else
++ pcrs_match *matches, *dummy;
++ int offsets[3 * PCRS_MAX_SUBMATCHES];
++#endif
+ char *result_offset;
+
+ offset = i = 0;
+@@ -830,27 +869,38 @@ int pcrs_execute(pcrs_job *job, const ch
+ return(PCRS_ERR_BADJOB);
+ }
+
++#ifdef HAVE_PCRE2
++ if (NULL == (pcre2_matches = pcre2_match_data_create_from_pattern(job->pattern, NULL)))
++ {
++ return(PCRS_ERR_NOMEM);
++ }
++ offsets = pcre2_get_ovector_pointer(pcre2_matches);
++#endif
+ if (NULL == (matches = (pcrs_match *)malloc((size_t)max_matches * sizeof(pcrs_match))))
+ {
+ return(PCRS_ERR_NOMEM);
+ }
+ memset(matches, '\0', (size_t)max_matches * sizeof(pcrs_match));
+
+-
+ /*
+ * Find the pattern and calculate the space
+ * requirements for the result
+ */
+ newsize = subject_length;
+
++#ifdef HAVE_PCRE2
++ while ((submatches = pcre2_match(job->pattern, (const unsigned char *)subject,
++ subject_length, (size_t)offset, 0, pcre2_matches, NULL)) > 0)
++#else
+ while ((submatches = pcre_exec(job->pattern, job->hints, subject, (int)subject_length, offset, 0, offsets, 3 * PCRS_MAX_SUBMATCHES)) > 0)
++#endif
+ {
+ job->flags |= PCRS_SUCCESS;
+ matches[i].submatches = submatches;
+
+ for (k = 0; k < submatches; k++)
+ {
+- matches[i].submatch_offset[k] = offsets[2 * k];
++ matches[i].submatch_offset[k] = (int)offsets[2 * k];
+
+ /* Note: Non-found optional submatches have length -1-(-1)==0 */
+ matches[i].submatch_length[k] = (size_t)(offsets[2 * k + 1] - offsets[2 * k]);
+@@ -867,7 +917,7 @@ int pcrs_execute(pcrs_job *job, const ch
+ newsize += (size_t)offsets[0] * (size_t)job->substitute->backref_count[PCRS_MAX_SUBMATCHES];
+
+ /* chunk after match */
+- matches[i].submatch_offset[PCRS_MAX_SUBMATCHES + 1] = offsets[1];
++ matches[i].submatch_offset[PCRS_MAX_SUBMATCHES + 1] = (int)offsets[1];
+ matches[i].submatch_length[PCRS_MAX_SUBMATCHES + 1] = subject_length - (size_t)offsets[1] - 1;
+ newsize += (subject_length - (size_t)offsets[1]) * (size_t)job->substitute->backref_count[PCRS_MAX_SUBMATCHES + 1];
+
+@@ -894,12 +944,19 @@ int pcrs_execute(pcrs_job *job, const ch
+ break;
+ /* Go find the next one */
+ else
+- offset = offsets[1];
++ offset = (int)offsets[1];
+ }
+ /* Pass pcre error through if (bad) failure */
++#ifdef HAVE_PCRE2
++ if (submatches < PCRE2_ERROR_NOMATCH)
++#else
+ if (submatches < PCRE_ERROR_NOMATCH)
++#endif
+ {
+ free(matches);
++#ifdef HAVE_PCRE2
++ pcre2_match_data_free(pcre2_matches);
++#endif
+ return submatches;
+ }
+ matches_found = i;
+@@ -909,9 +966,19 @@ int pcrs_execute(pcrs_job *job, const ch
+ * Get memory for the result (must be freed by caller!)
+ * and append terminating null byte.
+ */
+- if ((*result = (char *)malloc(newsize + 1)) == NULL)
++ if ((*result = (char *)malloc(newsize + 1
++#ifdef HAVE_PCRE2
++ /*
++ * Work around to prevent invalid reads in the jit code.
++ */
++ + 16
++#endif
++ )) == NULL)
+ {
+ free(matches);
++#ifdef HAVE_PCRE2
++ pcre2_match_data_free(pcre2_matches);
++#endif
+ return PCRS_ERR_NOMEM;
+ }
+ else
+@@ -964,6 +1031,9 @@ int pcrs_execute(pcrs_job *job, const ch
+ memcpy(result_offset, subject + offset, subject_length - (size_t)offset);
+
+ *result_length = newsize;
++#ifdef HAVE_PCRE2
++ pcre2_match_data_free(pcre2_matches);
++#endif
+ free(matches);
+ return matches_found;
+
+@@ -1101,7 +1171,7 @@ char pcrs_get_delimiter(const char *stri
+ *********************************************************************/
+ char *pcrs_execute_single_command(const char *subject, const char *pcrs_command, int *hits)
+ {
+- size_t size;
++ size_t buffer_size, new_size;
+ char *result = NULL;
+ pcrs_job *job;
+
+@@ -1109,12 +1179,14 @@ char *pcrs_execute_single_command(const
+ assert(pcrs_command);
+
+ *hits = 0;
+- size = strlen(subject);
++ buffer_size = strlen(subject);
+
+ job = pcrs_compile_command(pcrs_command, hits);
+ if (NULL != job)
+ {
+- *hits = pcrs_execute(job, subject, size, &result, &size);
++ *hits = pcrs_execute(job, subject, buffer_size, &result, &new_size);
++ buffer_size = new_size;
++
+ if (*hits < 0)
+ {
+ freez(result);
+--- a/pcrs.h
++++ b/pcrs.h
+@@ -33,9 +33,18 @@
+ *********************************************************************/
+
+
++#ifdef HAVE_PCRE2
++#define PCRE2_CODE_UNIT_WIDTH 8
++#define PCREn(x) PCRE2_ ## x
++#ifndef _PCRE2_H
++#include <pcre2.h>
++#endif
++#else
++#define PCREn(x) PCRE_ ## x
+ #ifndef _PCRE_H
+ #include <pcre.h>
+ #endif
++#endif
+
+ /*
+ * Constants:
+@@ -55,22 +64,23 @@
+ * They are supposed to be handled together with PCRE error
+ * codes and have to start with an offset to prevent overlaps.
+ *
+- * PCRE 6.7 uses error codes from -1 to -21, PCRS error codes
+- * below -100 should be safe for a while.
++ * PCRE 6.7 uses error codes from -1 to -21,
++ * PCRE2 10.42 uses error codes from -66 to 101.
++ * PCRS error codes below -300 should be safe for a while.
+ */
+-#define PCRS_ERR_NOMEM -100 /* Failed to acquire memory. */
+-#define PCRS_ERR_CMDSYNTAX -101 /* Syntax of s///-command */
+-#define PCRS_ERR_STUDY -102 /* pcre error while studying the pattern */
+-#define PCRS_ERR_BADJOB -103 /* NULL job pointer, pattern or substitute */
+-#define PCRS_WARN_BADREF -104 /* Backreference out of range */
+-#define PCRS_WARN_TRUNCATION -105 /* At least one pcrs variable was too big,
++#define PCRS_ERR_NOMEM -300 /* Failed to acquire memory. */
++#define PCRS_ERR_CMDSYNTAX -301 /* Syntax of s///-command */
++#define PCRS_ERR_STUDY -302 /* pcre error while studying the pattern */
++#define PCRS_ERR_BADJOB -303 /* NULL job pointer, pattern or substitute */
++#define PCRS_WARN_BADREF -304 /* Backreference out of range */
++#define PCRS_WARN_TRUNCATION -305 /* At least one pcrs variable was too big,
+ * only the first part was used. */
+
+ /* Flags */
+-#define PCRS_GLOBAL 1 /* Job should be applied globally, as with perl's g option */
+-#define PCRS_TRIVIAL 2 /* Backreferences in the substitute are ignored */
+-#define PCRS_SUCCESS 4 /* Job did previously match */
+-#define PCRS_DYNAMIC 8 /* Job is dynamic (used to disable JIT compilation) */
++#define PCRS_GLOBAL 0x08000000u /* Job should be applied globally, as with perl's g option */
++#define PCRS_TRIVIAL 0x10000000u /* Backreferences in the substitute are ignored */
++#define PCRS_SUCCESS 0x20000000u /* Job did previously match */
++#define PCRS_DYNAMIC 0x40000000u /* Job is dynamic (used to disable JIT compilation) */
+
+
+ /*
+@@ -107,10 +117,14 @@ typedef struct {
+ /* A PCRS job */
+
+ typedef struct PCRS_JOB {
++#ifdef HAVE_PCRE2
++ pcre2_code *pattern;
++#else
+ pcre *pattern; /* The compiled pcre pattern */
+ pcre_extra *hints; /* The pcre hints for the pattern */
++#endif
+ int options; /* The pcre options (numeric) */
+- int flags; /* The pcrs and user flags (see "Flags" above) */
++ unsigned int flags; /* The pcrs and user flags (see "Flags" above) */
+ pcrs_substitute *substitute; /* The compiled pcrs substitute */
+ struct PCRS_JOB *next; /* Pointer for chaining jobs to joblists */
+ } pcrs_job;
+--- a/project.h
++++ b/project.h
+@@ -94,12 +94,38 @@
+ */
+
+ #ifdef STATIC_PCRE
++#ifdef HAVE_PCRE2
++# include "pcre2.h"
++# include "pcre2posix.h"
++#else
+ # include "pcre.h"
++# include "pcreposix.h"
++#endif
+ #else
+-# ifdef PCRE_H_IN_SUBDIR
+-# include <pcre/pcre.h>
++# ifdef HAVE_PCRE2
++# ifdef PCRE2_H_IN_SUBDIR
++# define PCRE2_CODE_UNIT_WIDTH 8
++# include <pcre2/pcre2.h>
++# else
++# define PCRE2_CODE_UNIT_WIDTH 8
++# include <pcre2.h>
++# endif
++# ifdef PCRE2POSIX_H_IN_SUBDIR
++# include <pcre2/pcre2posix.h>
++# else
++# include <pcre2posix.h>
++# endif
+ # else
+-# include <pcre.h>
++# ifdef PCRE_H_IN_SUBDIR
++# include <pcre/pcre.h>
++# else
++# include <pcre.h>
++# endif
++# ifdef PCREPOSIX_H_IN_SUBDIR
++# include <pcre/pcreposix.h>
++# else
++# include <pcreposix.h>
++# endif
+ # endif
+ #endif
+
+@@ -109,16 +135,6 @@
+ # include <pcrs.h>
+ #endif
+
+-#ifdef STATIC_PCRE
+-# include "pcreposix.h"
+-#else
+-# ifdef PCRE_H_IN_SUBDIR
+-# include <pcre/pcreposix.h>
+-# else
+-# include <pcreposix.h>
+-# endif
+-#endif
+-
+ #ifdef _WIN32
+ /*
+ * I don't want to have to #include all this just for the declaration
+@@ -404,10 +420,16 @@ struct http_response
+ enum crunch_reason crunch_reason; /**< Why the response was generated in the first place. */
+ };
+
++#ifdef HAVE_PCRE2
++#define REGEX_TYPE pcre2_code
++#else
++#define REGEX_TYPE regex_t
++#endif
++
+ struct url_spec
+ {
+ #ifdef FEATURE_PCRE_HOST_PATTERNS
+- regex_t *host_regex;/**< Regex for host matching */
++ REGEX_TYPE *host_regex;/**< Regex for host matching */
+ enum host_regex_type { VANILLA_HOST_PATTERN, PCRE_HOST_PATTERN } host_regex_type;
+ #endif /* defined FEATURE_PCRE_HOST_PATTERNS */
+ int dcount; /**< How many parts to this domain? (length of dvec) */
+@@ -417,7 +439,7 @@ struct url_spec
+
+ char *port_list; /**< List of acceptable ports, or NULL to match all ports */
+
+- regex_t *preg; /**< Regex for matching path part */
++ REGEX_TYPE *preg; /**< Regex for matching path part */
+ };
+
+ /**
+@@ -432,7 +454,7 @@ struct pattern_spec
+ union
+ {
+ struct url_spec url_spec;
+- regex_t *tag_regex;
++ REGEX_TYPE *tag_regex;
+ } pattern;
+
+ unsigned int flags; /**< Bitmap with various pattern properties. */
+--- a/templates/show-status
++++ b/templates/show-status
+@@ -298,10 +298,7 @@
+ <tr>
+ <td><code>FEATURE_DYNAMIC_PCRE</code></td>
+ <td>@if-FEATURE_DYNAMIC_PCRE-then@ Yes @else-not-FEATURE_DYNAMIC_PCRE@ No @endif-FEATURE_DYNAMIC_PCRE@</td>
+- <td>Dynamically link to the PCRE library. This is set automatically
+- by <code>./configure</code> if you do not have libpcre installed.
+- Dynamically linking to an external libpcre is recommended as the one that is distributed
+- with Privoxy itself is outdated and lacks various features and bug-fixes you may be interested in.</td>
++ <td>Dynamically link to the PCRE(2) library (recommended).</td>
+ </tr>
+ <tr>
+ <td><code>FEATURE_EXTENDED_STATISTICS</code></td>
+--- a/urlmatch.c
++++ b/urlmatch.c
+@@ -604,6 +604,100 @@ jb_err parse_http_request(const char *re
+ }
+
+
++#ifdef HAVE_PCRE2
++/*********************************************************************
++ *
++ * Function : compile_pattern
++ *
++ * Description : Compiles a host, domain or TAG pattern.
++ *
++ * Parameters :
++ * 1 : pattern = The pattern to compile.
++ * 2 : anchoring = How the regex should be modified
++ * before compilation. Can be either
++ * one of NO_ANCHORING, LEFT_ANCHORED,
++ * RIGHT_ANCHORED or RIGHT_ANCHORED_HOST.
++ * 3 : url = In case of failures, the spec member is
++ * logged and the structure freed.
++ * 4 : regex = Where the compiled regex should be stored.
++ *
++ * Returns : JB_ERR_OK - Success
++ * JB_ERR_PARSE - Cannot parse regex
++ *
++ *********************************************************************/
++static jb_err compile_pattern(const char *pattern, enum regex_anchoring anchoring,
++ struct pattern_spec *url, pcre2_code **regex)
++{
++ int errcode;
++ const char *fmt = NULL;
++ char *rebuf;
++ size_t rebuf_size;
++ PCRE2_SIZE error_offset;
++ int ret;
++
++ assert(pattern);
++
++ if (pattern[0] == '\0')
++ {
++ *regex = NULL;
++ return JB_ERR_OK;
++ }
++
++ switch (anchoring)
++ {
++ case NO_ANCHORING:
++ fmt = "%s";
++ break;
++ case RIGHT_ANCHORED:
++ fmt = "%s$";
++ break;
++ case RIGHT_ANCHORED_HOST:
++ fmt = "%s\\.?$";
++ break;
++ case LEFT_ANCHORED:
++ fmt = "^%s";
++ break;
++ default:
++ log_error(LOG_LEVEL_FATAL,
++ "Invalid anchoring in compile_pattern %d", anchoring);
++ }
++ rebuf_size = strlen(pattern) + strlen(fmt);
++ rebuf = malloc_or_die(rebuf_size);
++
++ snprintf(rebuf, rebuf_size, fmt, pattern);
++
++ *regex = pcre2_compile((const unsigned char *)pattern,
++ PCRE2_ZERO_TERMINATED, PCRE2_CASELESS, &errcode,
++ &error_offset, NULL);
++ if (*regex == NULL)
++ {
++ log_error(LOG_LEVEL_ERROR, "error compiling %s from %s: %s",
++ pattern, url->spec, rebuf);
++ freez(rebuf);
++
++ return JB_ERR_PARSE;
++ }
++
++#ifndef DISABLE_PCRE_JIT_COMPILATION
++ /* Try to enable JIT compilation but continue if it's unsupported. */
++ if ((ret = pcre2_jit_compile(*regex, PCRE2_JIT_COMPLETE)) &&
++ (ret != PCRE2_ERROR_JIT_BADOPTION))
++ {
++ log_error(LOG_LEVEL_ERROR,
++ "Unexpected error enabling JIT compilation for %s from %s: %s",
++ pattern, url->spec, rebuf);
++ freez(rebuf);
++
++ return JB_ERR_PARSE;
++ }
++#endif
++
++ freez(rebuf);
++
++ return JB_ERR_OK;
++
++}
++#else
+ /*********************************************************************
+ *
+ * Function : compile_pattern
+@@ -686,6 +780,7 @@ static jb_err compile_pattern(const char
+ return JB_ERR_OK;
+
+ }
++#endif
+
+
+ /*********************************************************************
+@@ -1051,6 +1146,49 @@ static int simplematch(const char *patte
+ }
+
+
++#ifdef HAVE_PCRE2
++/*********************************************************************
++ *
++ * Function : pcre2_pattern_matches
++ *
++ * Description : Checks if a compiled pcre2 pattern matches a string.
++ *
++ * Parameters :
++ * 1 : pattern = The compiled pattern
++ * 2 : string = The string to check
++ *
++ * Returns : TRUE for yes, FALSE otherwise.
++ *
++ *********************************************************************/
++int pcre2_pattern_matches(const pcre2_code *pattern, const char *string)
++{
++ PCRE2_SIZE offset;
++ int ret;
++ pcre2_match_data *pcre2_matches;
++
++ assert(pattern != NULL);
++ assert(string != NULL);
++
++ offset = 0;
++
++ pcre2_matches = pcre2_match_data_create_from_pattern(pattern, NULL);
++ if (NULL == pcre2_matches)
++ {
++ log_error(LOG_LEVEL_ERROR,
++ "Out of memory while matching pattern against %s", string);
++ return FALSE;
++ }
++
++ ret = pcre2_match(pattern, (const unsigned char *)string, strlen(string),
++ offset, 0, pcre2_matches, NULL);
++
++ pcre2_match_data_free(pcre2_matches);
++
++ return (ret >= 0);
++}
++#endif
++
++
+ /*********************************************************************
+ *
+ * Function : simple_domaincmp
+@@ -1268,8 +1406,12 @@ void free_pattern_spec(struct pattern_sp
+ {
+ if (pattern->pattern.tag_regex)
+ {
++#ifdef HAVE_PCRE2
++ pcre2_code_free(pattern->pattern.tag_regex);
++#else
+ regfree(pattern->pattern.tag_regex);
+ freez(pattern->pattern.tag_regex);
++#endif
+ }
+ return;
+ }
+@@ -1277,8 +1419,12 @@ void free_pattern_spec(struct pattern_sp
+ #ifdef FEATURE_PCRE_HOST_PATTERNS
+ if (pattern->pattern.url_spec.host_regex)
+ {
++#ifdef HAVE_PCRE2
++ pcre2_code_free(pattern->pattern.url_spec.host_regex);
++#else
+ regfree(pattern->pattern.url_spec.host_regex);
+ freez(pattern->pattern.url_spec.host_regex);
++#endif
+ }
+ #endif /* def FEATURE_PCRE_HOST_PATTERNS */
+ freez(pattern->pattern.url_spec.dbuffer);
+@@ -1287,8 +1433,12 @@ void free_pattern_spec(struct pattern_sp
+ freez(pattern->pattern.url_spec.port_list);
+ if (pattern->pattern.url_spec.preg)
+ {
++#ifdef HAVE_PCRE2
++ pcre2_code_free(pattern->pattern.url_spec.preg);
++#else
+ regfree(pattern->pattern.url_spec.preg);
+ freez(pattern->pattern.url_spec.preg);
++#endif
+ }
+ }
+
+@@ -1333,8 +1483,13 @@ static int host_matches(const struct htt
+ if (pattern->pattern.url_spec.host_regex_type == PCRE_HOST_PATTERN)
+ {
+ return ((NULL == pattern->pattern.url_spec.host_regex)
++#ifdef HAVE_PCRE2
++ || pcre2_pattern_matches(pattern->pattern.url_spec.host_regex,
++ http->host));
++#else
+ || (0 == regexec(pattern->pattern.url_spec.host_regex,
+ http->host, 0, NULL, 0)));
++#endif
+ }
+ #endif
+ return ((NULL == pattern->pattern.url_spec.dbuffer) || (0 == domain_match(pattern, http)));
+@@ -1357,7 +1512,11 @@ static int host_matches(const struct htt
+ static int path_matches(const char *path, const struct pattern_spec *pattern)
+ {
+ return ((NULL == pattern->pattern.url_spec.preg)
++#ifdef HAVE_PCRE2
++ || (pcre2_pattern_matches(pattern->pattern.url_spec.preg, path)));
++#else
+ || (0 == regexec(pattern->pattern.url_spec.preg, path, 0, NULL, 0)));
++#endif
+ }
+
+
+--- a/urlmatch.h
++++ b/urlmatch.h
+@@ -50,6 +50,10 @@ extern int url_requires_percent_encoding
+ extern int url_match(const struct pattern_spec *pattern,
+ const struct http_request *http);
+
++#ifdef HAVE_PCRE2
++extern int pcre2_pattern_matches(const pcre2_code *pattern, const char *string);
++#endif
++
+ extern jb_err create_pattern_spec(struct pattern_spec *url, char *buf);
+ extern void free_pattern_spec(struct pattern_spec *url);
+ extern int match_portlist(const char *portlist, int port);
+--- a/w32log.c
++++ b/w32log.c
+@@ -316,6 +316,9 @@ void TermLogWindow(void)
+ void LogCreatePatternMatchingBuffers(void)
+ {
+ int i;
++#ifdef HAVE_PCRE2
++#warning The win32 build of Privoxy is expected to crash when compiled with pcre2 support.
++#endif
+ for (i = 0; patterns_to_highlight[i].str != NULL; i++)
+ {
+ regcomp(&patterns_to_highlight[i].buffer, patterns_to_highlight[i].str, REG_ICASE);
--- /dev/null
+From 662426360b8d10202feabdcd3515d64ea8833798 Mon Sep 17 00:00:00 2001
+From: Fabian Keil <fk@fabiankeil.de>
+Date: Tue, 11 Jul 2023 06:22:16 +0200
+Subject: [PATCH] Add regex_matches() to reduce HAVE_PCRE2 ifdefs
+
+---
+ actions.c | 12 ++----------
+ client-tags.c | 6 +-----
+ urlmatch.c | 39 ++++++++++++++++++++++++++-------------
+ urlmatch.h | 4 +---
+ 4 files changed, 30 insertions(+), 31 deletions(-)
+
+--- a/actions.c
++++ b/actions.c
+@@ -828,12 +828,8 @@ int update_action_bits_for_tag(struct cl
+ continue;
+ }
+
+-#ifdef HAVE_PCRE2
+- if (pcre2_pattern_matches(b->url->pattern.tag_regex, tag))
+-#else
+ /* and check if one of the tag patterns matches the tag, */
+- if (0 == regexec(b->url->pattern.tag_regex, tag, 0, NULL, 0))
+-#endif
++ if (regex_matches(b->url->pattern.tag_regex, tag))
+ {
+ /* if it does, update the action bit map, */
+ if (merge_current_action(csp->action, b->action))
+@@ -888,11 +884,7 @@ jb_err check_negative_tag_patterns(struc
+ }
+ for (tag = csp->tags->first; NULL != tag; tag = tag->next)
+ {
+-#ifdef HAVE_PCRE2
+- if (pcre2_pattern_matches(b->url->pattern.tag_regex, tag->str))
+-#else
+- if (0 == regexec(b->url->pattern.tag_regex, tag->str, 0, NULL, 0))
+-#endif
++ if (regex_matches(b->url->pattern.tag_regex, tag->str))
+ {
+ /*
+ * The pattern matches at least one tag, thus the action
+--- a/client-tags.c
++++ b/client-tags.c
+@@ -659,11 +659,7 @@ int client_tag_match(const struct patter
+
+ for (tag = tags->first; tag != NULL; tag = tag->next)
+ {
+-#ifdef HAVE_PCRE2
+- if (pcre2_pattern_matches(pattern->pattern.tag_regex, tag->str))
+-#else
+- if (0 == regexec(pattern->pattern.tag_regex, tag->str, 0, NULL, 0))
+-#endif
++ if (regex_matches(pattern->pattern.tag_regex, tag->str))
+ {
+ log_error(LOG_LEVEL_TAGGING, "Client tag '%s' matches.", tag->str);
+ return 1;
+--- a/urlmatch.c
++++ b/urlmatch.c
+@@ -1160,7 +1160,7 @@ static int simplematch(const char *patte
+ * Returns : TRUE for yes, FALSE otherwise.
+ *
+ *********************************************************************/
+-int pcre2_pattern_matches(const pcre2_code *pattern, const char *string)
++static int pcre2_pattern_matches(const pcre2_code *pattern, const char *string)
+ {
+ PCRE2_SIZE offset;
+ int ret;
+@@ -1191,6 +1191,29 @@ int pcre2_pattern_matches(const pcre2_co
+
+ /*********************************************************************
+ *
++ * Function : regex_matches
++ *
++ * Description : Checks if a compiled regex pattern matches a string
++ * using either pcre2 or pcre1 code.
++ *
++ * Parameters :
++ * 1 : pattern = The compiled pattern
++ * 2 : string = The string to check
++ *
++ * Returns : TRUE for yes, FALSE otherwise.
++ *
++ *********************************************************************/
++int regex_matches(const REGEX_TYPE *pattern, const char *string)
++{
++#ifdef HAVE_PCRE2
++ return pcre2_pattern_matches(pattern, string);
++#else
++ return (0 == regexec(pattern, string, 0, NULL, 0));
++#endif
++}
++
++/*********************************************************************
++ *
+ * Function : simple_domaincmp
+ *
+ * Description : Domain-wise Compare fqdn's. The comparison is
+@@ -1483,13 +1506,7 @@ static int host_matches(const struct htt
+ if (pattern->pattern.url_spec.host_regex_type == PCRE_HOST_PATTERN)
+ {
+ return ((NULL == pattern->pattern.url_spec.host_regex)
+-#ifdef HAVE_PCRE2
+- || pcre2_pattern_matches(pattern->pattern.url_spec.host_regex,
+- http->host));
+-#else
+- || (0 == regexec(pattern->pattern.url_spec.host_regex,
+- http->host, 0, NULL, 0)));
+-#endif
++ || regex_matches(pattern->pattern.url_spec.host_regex, http->host));
+ }
+ #endif
+ return ((NULL == pattern->pattern.url_spec.dbuffer) || (0 == domain_match(pattern, http)));
+@@ -1512,11 +1529,7 @@ static int host_matches(const struct htt
+ static int path_matches(const char *path, const struct pattern_spec *pattern)
+ {
+ return ((NULL == pattern->pattern.url_spec.preg)
+-#ifdef HAVE_PCRE2
+- || (pcre2_pattern_matches(pattern->pattern.url_spec.preg, path)));
+-#else
+- || (0 == regexec(pattern->pattern.url_spec.preg, path, 0, NULL, 0)));
+-#endif
++ || regex_matches(pattern->pattern.url_spec.preg, path));
+ }
+
+
+--- a/urlmatch.h
++++ b/urlmatch.h
+@@ -50,9 +50,7 @@ extern int url_requires_percent_encoding
+ extern int url_match(const struct pattern_spec *pattern,
+ const struct http_request *http);
+
+-#ifdef HAVE_PCRE2
+-extern int pcre2_pattern_matches(const pcre2_code *pattern, const char *string);
+-#endif
++int regex_matches(const REGEX_TYPE *pattern, const char *string);
+
+ extern jb_err create_pattern_spec(struct pattern_spec *url, char *buf);
+ extern void free_pattern_spec(struct pattern_spec *url);
--- /dev/null
+From 7fb978c74a8a46bd105d9f0ced92a4be0c9647e6 Mon Sep 17 00:00:00 2001
+From: Fabian Keil <fk@fabiankeil.de>
+Date: Sun, 27 Aug 2023 12:13:48 +0200
+Subject: [PATCH] configure: Fix --disable-pcre2
+
+Previously it would result in neither pcre library being detected:
+
+ checking for getnameinfo... (cached) yes
+ configure: WARNING: Ignoring pcre2 even if it's available
+ test: =: unexpected operator
+ Enabling support for client-specific tags.
+ checking for zlibVersion in -lz... (cached) yes
+ Enabling compression support.
+ test: =: unexpected operator
+ test: =: unexpected operator
+ configure: error: Detected neither pcre2 nor pcre library.
+---
+ configure.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/configure.in
++++ b/configure.in
+@@ -872,6 +872,7 @@ if test $enableval2 = yes; then
+ else
+ AC_MSG_WARN([Ignoring pcre2 even if it's available])
+ try_pcre2=no
++ have_pcre2=no
+ fi
+
+ if test $try_pcre2 != no; then
--- /dev/null
+From e73b93ea9ad1f3e980bd78ed3ebf65dedbb598a2 Mon Sep 17 00:00:00 2001
+From: Fabian Keil <fk@fabiankeil.de>
+Date: Sun, 27 Aug 2023 12:26:02 +0200
+Subject: [PATCH] pcre2 compile_pattern(): Actually pass the anchored pattern
+ to pcre2_compile()
+
+Previously the un-anchoring pattern was compiled resulting
+in incorrect matches.
+
+For example requests to:
+
+ https://www.privoxy.org/user-manual/config.html
+
+were redirected because of the default.action section:
+
+ {+redirect{http://config.privoxy.org/}}
+ # Sticky Actions = +redirect{http://config.privoxy.org/}
+ # URL = http://www.privoxy.org/config
+ # Redirected URL = http://www.privoxy.org/config
+ # Redirect Destination = http://config.privoxy.org/
+ .privoxy.org/config
+
+As the path pattern is left-anchored it should not match.
+---
+ urlmatch.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/urlmatch.c
++++ b/urlmatch.c
+@@ -666,7 +666,7 @@ static jb_err compile_pattern(const char
+
+ snprintf(rebuf, rebuf_size, fmt, pattern);
+
+- *regex = pcre2_compile((const unsigned char *)pattern,
++ *regex = pcre2_compile((const unsigned char *)rebuf,
+ PCRE2_ZERO_TERMINATED, PCRE2_CASELESS, &errcode,
+ &error_offset, NULL);
+ if (*regex == NULL)
include $(TOPDIR)/rules.mk
PKG_NAME:=restic-rest-server
-PKG_VERSION:=0.11.0
-PKG_RELEASE:=2
+PKG_VERSION:=0.12.1
+PKG_RELEASE:=1
PKG_BUILD_DIR:=$(BUILD_DIR)/rest-server-$(PKG_VERSION)
PKG_SOURCE:=rest-server-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/restic/rest-server/tar.gz/v${PKG_VERSION}?
-PKG_HASH:=cd9b35ad2224244207a967ebbc78d84f4298d725e95c1fa9341ed95a350ea68f
+PKG_HASH:=cfbeb4a66cac6fc36b1cb11256f06c6e4fcc7a28c2ef590550adf1c199b9aa4b
PKG_LICENSE:=BSD-2-Clause
PKG_LICENSE_FILES:=LICENSE
include $(TOPDIR)/rules.mk
PKG_NAME:=sing-box
-PKG_VERSION:=1.5.4
+PKG_VERSION:=1.6.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/SagerNet/sing-box/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=3238492e21246b56ef80e99f321c26ffaf9ac8877c916dce85273b61031c58b7
+PKG_HASH:=3272c9ac447d009749429f38d76e9879609c0c321442c3235ba806d995c0838a
PKG_LICENSE:=GPL-3.0-or-later
PKG_LICENSE_FILES:=LICENSE
define Package/sing-box/description
Sing-box is a universal proxy platform which supports hysteria, SOCKS, Shadowsocks,
- ShadowsocksR, ShadowTLS, Tor, trojan, VLess, VMess, WireGuard and so on.
+ ShadowTLS, Tor, trojan, VLess, VMess, WireGuard and so on.
endef
define Package/sing-box/config
bool "Build with reality TLS server support, see TLS."
default y
- config SINGBOX_WITH_SHADOWSOCKSR
- bool "Build with ShadowsocksR support"
- help
- It will be marked deprecated in 1.5.0 and removed entirely in 1.6.0.
-
config SINGBOX_WITH_UTLS
bool "Build with uTLS support for TLS outbound"
default y
CONFIG_SINGBOX_WITH_LWIP \
CONFIG_SINGBOX_WITH_QUIC \
CONFIG_SINGBOX_WITH_REALITY_SERVER \
- CONFIG_SINGBOX_WITH_SHADOWSOCKSR \
CONFIG_SINGBOX_WITH_UTLS \
CONFIG_SINGBOX_WITH_V2RAY_API \
CONFIG_SINGBOX_WITH_WIREGUARD
$(if $(CONFIG_SINGBOX_WITH_GVISOR),with_gvisor) \
$(if $(CONFIG_SINGBOX_WITH_LWIP),with_lwip) \
$(if $(CONFIG_SINGBOX_WITH_QUIC),with_quic) \
- $(if $(CONFIG_SINGBOX_WITH_SHADOWSOCKSR),with_shadowsocksr) \
$(if $(CONFIG_SINGBOX_WITH_REALITY_SERVER),with_reality_server) \
$(if $(CONFIG_SINGBOX_WITH_UTLS),with_utls) \
$(if $(CONFIG_SINGBOX_WITH_V2RAY_API),with_v2ray_api) \
include $(TOPDIR)/rules.mk
PKG_NAME:=snort3
-PKG_VERSION:=3.1.71.0
+PKG_VERSION:=3.1.73.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/snort3/snort3/archive/refs/tags/
-PKG_HASH:=b5dd52b46ca2570986d7c12750bbf9db00ee3c294983ce272b3ca321aee8fb73
+PKG_HASH:=d04edf07e9b695fb22de73f0987537d35b4c8466119940e39a056d1a13888b27
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
PKG_LICENSE:=GPL-2.0-only
include $(TOPDIR)/rules.mk
PKG_NAME:=speedtestcpp
-PKG_VERSION:=1.20.2
+PKG_VERSION:=1.20.3
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/oskarirauta/speedtestcpp/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=7d5c85f1d9a46f7d8a3ac4261ef1f92e53c511430bae096f7ec6f12a33d38904
+PKG_HASH:=8154e2161c56c0ac1275e57c34f448aaf98fb49937ff824ce975d95984395025
PKG_MAINTAINER:=Oskari Rauta <oskari.rauta@gmail.com>
PKG_LICENSE:=MIT
PKG_NAME:=strongswan
PKG_VERSION:=5.9.11
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/
dnskey \
drbg \
duplicheck \
+ eap-dynamic \
eap-identity \
eap-md5 \
eap-mschapv2 \
+strongswan-mod-dnskey \
+strongswan-mod-drbg \
+strongswan-mod-duplicheck \
+ +strongswan-mod-eap-dynamic \
+strongswan-mod-eap-identity \
+strongswan-mod-eap-md5 \
+strongswan-mod-eap-mschapv2 \
$(eval $(call BuildPlugin,dnskey,DNS RR key decoding,))
$(eval $(call BuildPlugin,drbg,Deterministic random bit generator,,))
$(eval $(call BuildPlugin,duplicheck,advanced duplicate checking,))
+$(eval $(call BuildPlugin,eap-dynamic,EAP dynamic selector,))
$(eval $(call BuildPlugin,eap-identity,EAP identity helper,))
$(eval $(call BuildPlugin,eap-md5,EAP MD5 (CHAP) EAP auth,))
$(eval $(call BuildPlugin,eap-mschapv2,EAP MS-CHAPv2 EAP auth,+strongswan-mod-md4 +strongswan-mod-des))
include $(TOPDIR)/rules.mk
PKG_NAME:=tor
-PKG_VERSION:=0.4.8.4
-PKG_RELEASE:=2
+PKG_VERSION:=0.4.8.7
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://dist.torproject.org/ \
https://archive.torproject.org/tor-package-archive
-PKG_HASH:=09c1ce74a25fc3b48c81ff146cbd0dd538cbbb8fe4e2964fc2fb2b192f6a1d2b
+PKG_HASH:=b20d2b9c74db28a00c07f090ee5b0241b2b684f3afdecccc6b8008931c557491
PKG_MAINTAINER:=Hauke Mehrtens <hauke@hauke-m.de> \
Peter Wagner <tripolar@gmx.at>
PKG_LICENSE_FILES:=LICENSE
include $(TOPDIR)/rules.mk
PKG_NAME:=wavemon
-PKG_VERSION:=0.9.3
+PKG_VERSION:=0.9.5
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/uoaerg/wavemon/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=ddbeb6ec8ed7d94fa895e5d57ecfe338495df3991f6facc7cf40aa121bf7ff60
+PKG_HASH:=f84c55a40b470f2b98908d20cd0b38ffef6f587daed23b50281c9592df3331c6
PKG_MAINTAINER:=Jonathan McCrohan <jmccrohan@gmail.com>
PKG_LICENSE:=GPL-2.0-or-later
SECTION:=net
CATEGORY:=Network
TITLE:=N-curses based wireless network devices monitor
- DEPENDS:=+libncurses +libpthread +libnl-genl
+ DEPENDS:=+libncurses +libpthread +libnl-genl +libnl-cli
SUBMENU:=Wireless
URL:=https://github.com/uoaerg/wavemon/releases
endef
PKG_NAME:=zerotier
PKG_VERSION:=1.12.2
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/zerotier/ZeroTierOne/tar.gz/$(PKG_VERSION)?
local args=""
if ! section_enabled "$cfg"; then
- echo "disabled in /ect/config/zerotier"
+ echo "disabled in /etc/config/zerotier"
return 1
fi
include $(TOPDIR)/rules.mk
PKG_NAME:=owntone
-PKG_VERSION:=28.5
+PKG_VERSION:=28.8
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/owntone/owntone-server/releases/download/$(PKG_VERSION)/
-PKG_HASH:=c9ee0152dc488f782a25a68e72d24c109882bef3dd2914315fe499c8415fd898
+PKG_HASH:=ebaee52ae617f08c41859522ba0a839d1865dcac7d6c0eb9e3fee81caf8fd47c
PKG_FIXUP:=autoreconf
PKG_BUILD_FLAGS:=no-mips16
TITLE:=iTunes (DAAP) server for Apple Remote and AirPlay
URL:=https://github.com/owntone/owntone-server
DEPENDS:=+libgpg-error +libgcrypt +libgdbm +zlib +libexpat +libunistring \
- +libevent2 +libdaemon +confuse +alsa-lib +libffmpeg-full \
+ +libevent2 +libevent2-pthreads +libdaemon +confuse +alsa-lib +libffmpeg-full \
+mxml +libavahi-client +sqlite3-cli +libplist +libcurl +libjson-c \
+libprotobuf-c +libgnutls +libsodium +libwebsockets +libuuid $(ICONV_DEPENDS)
endef
--disable-install_conf_file \
--disable-install_user \
--with-alsa \
- --without-pulseaudio \
- --without-libevent_pthreads
+ --without-pulseaudio
TARGET_CFLAGS += $(FPIC)
include $(TOPDIR)/rules.mk
PKG_NAME:=pulseaudio
-PKG_VERSION:=14.2
-PKG_RELEASE:=10
+PKG_VERSION:=16.1
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://freedesktop.org/software/pulseaudio/releases
-PKG_HASH:=75d3f7742c1ae449049a4c88900e454b8b350ecaa8c544f3488a2562a9ff66f1
+PKG_HASH:=8eef32ce91d47979f95fd9a935e738cd7eb7463430dabc72863251751e504ae4
PKG_MAINTAINER:=Peter Wagner <tripolar@gmx.at>
PKG_LICENSE:=LGPL-2.1-or-later
define Package/pulseaudio-daemon/Default
SECTION:=sound
CATEGORY:=Sound
- DEPENDS:=+libsndfile +libltdl +libpthread +librt +alsa-lib \
+ DEPENDS:=+libsndfile +libltdl +alsa-lib \
+libopenssl +libcap $(ICONV_DEPENDS) $(INTL_DEPENDS)
TITLE:=Network sound server
URL:=https://www.freedesktop.org/wiki/Software/PulseAudio/
define Package/pulseaudio-daemon-avahi
$(call Package/pulseaudio-daemon/Default)
- DEPENDS+=+dbus +libavahi-client +sbc
+ DEPENDS+=+dbus +libavahi-client +sbc +bluez-daemon
TITLE+= (avahi/bluez)
VARIANT:=avahi
endef
-Dudev=disabled \
-Dx11=disabled \
-Dadrian-aec=true \
- -Dwebrtc-aec=disabled
+ -Dwebrtc-aec=disabled \
+ -Ddoxygen=false
ifeq ($(BUILD_VARIANT),avahi)
MESON_ARGS += \
-Davahi=enabled \
- -Dbluez5=true \
+ -Dbluez5=enabled \
-Ddbus=enabled
endif
ifeq ($(BUILD_VARIANT),noavahi)
MESON_ARGS += \
-Davahi=disabled \
- -Dbluez5=false \
+ -Dbluez5=disabled \
-Ddbus=disabled
endif
$(CP) $(PKG_INSTALL_DIR)/usr/lib/pulseaudio/* $(1)/usr/lib/pulseaudio/
$(INSTALL_DIR) $(1)/usr/lib/pulse-$(PKG_VERSION)/modules
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/pulse-$(PKG_VERSION)/modules/lib*.so $(1)/usr/lib/
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/pulse-$(PKG_VERSION)/modules/module*.so $(1)/usr/lib/pulse-$(PKG_VERSION)/modules/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/pulseaudio/modules/lib*.so $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/pulseaudio/modules/module*.so $(1)/usr/lib/pulseaudio/modules/
endef
define Package/pulseaudio-daemon-avahi/install
+++ /dev/null
---- a/meson.build
-+++ b/meson.build
-@@ -390,12 +390,11 @@ if dl_dep.found()
- endif
-
- have_iconv = false
--if cc.has_function('iconv_open')
-+iconv_dep = cc.find_library('iconv', required : false)
-+have_iconv = iconv_dep.found()
-+if not have_iconv and cc.has_function('iconv_open')
- iconv_dep = dependency('', required : false)
- have_iconv = true
--else
-- iconv_dep = cc.find_library('iconv', required : false)
-- have_iconv = iconv_dep.found()
- endif
- if have_iconv
- cdata.set('HAVE_ICONV', 1)
--- /dev/null
+--- a/meson.build
++++ b/meson.build
+@@ -681,7 +681,7 @@ if get_option('daemon')
+ cdata.set('HAVE_ALSA_UCM', 1)
+ endif
+
+- gio_dep = dependency('gio-2.0', version : '>= 2.26.0')
++ gio_dep = dependency('gio-2.0', version : '>= 2.26.0', required : false)
+ if get_option('gsettings').enabled()
+ assert(gio_dep.found(), 'GSettings support needs glib I/O library (GIO)')
+ cdata.set('HAVE_GSETTINGS', 1)
+++ /dev/null
---- a/meson.build
-+++ b/meson.build
-@@ -698,7 +698,6 @@ check_dep = dependency('check', version
-
- # Subdirs
-
--subdir('doxygen')
- subdir('po')
- if get_option('man')
- subdir('man')
PKG_NAME:=dmidecode
PKG_VERSION:=3.2
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@SAVANNAH/$(PKG_NAME)
define Package/dmidecode
SECTION:=utils
CATEGORY:=Utilities
- DEPENDS:=@(TARGET_x86||TARGET_x86_64)
+ DEPENDS:=@(TARGET_x86||TARGET_x86_64||TARGET_armsr_armv8)
TITLE:=Displays BIOS informations.
URL:=https://www.nongnu.org/dmidecode/
endef
PKG_NAME:=efibootmgr
PKG_VERSION:=18
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/rhboot/efibootmgr.git
SECTION:=utils
CATEGORY:=Utilities
TITLE:=Application to modify the EFI Boot Manager
- DEPENDS:=@TARGET_x86_64 +efivar +libpopt
+ DEPENDS:=@(TARGET_x86_64||TARGET_armsr_armv8) +efivar +libpopt
URL:=https://github.com/rhboot/efibootmgr
endef
--- /dev/null
+#
+# Copyright (C) 2023 Jeffery To
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=mpremote
+PKG_VERSION:=1.21.0
+PKG_RELEASE:=1
+
+PYPI_NAME:=mpremote
+PKG_HASH:=65bc94511f6ff499e901ab59462a5f0744ff7e2cf71d8c75700d14a89c54ed61
+
+PKG_LICENSE:=MIT
+PKG_LICENSE_FILES:=LICENSE
+PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
+
+PKG_BUILD_DEPENDS:=python-hatchling/host python-hatch-requirements-txt/host python-hatch-vcs/host
+
+include ../../lang/python/pypi.mk
+include $(INCLUDE_DIR)/package.mk
+include ../../lang/python/python3-package.mk
+
+define Package/mpremote
+ SECTION:=utils
+ CATEGORY:=Utilities
+ TITLE:=Interacting remotely with MicroPython devices
+ URL:=https://github.com/micropython/micropython
+ DEPENDS:=+python3-light +python3-urllib +python3-pyserial
+endef
+
+define Package/mpremote/description
+This CLI tool provides an integrated set of utilities to remotely
+interact with and automate a MicroPython device over a serial
+connection.
+endef
+
+$(eval $(call Py3Package,mpremote))
+$(eval $(call BuildPackage,mpremote))
+$(eval $(call BuildPackage,mpremote-src))
--- /dev/null
+--- a/requirements.txt
++++ b/requirements.txt
+@@ -1,2 +1 @@
+ pyserial >= 3.3
+-importlib_metadata >= 1.4
--- /dev/null
+#!/bin/sh
+
+[ "$1" = mpremote ] || exit 0
+
+mpremote version | grep -Fx "mpremote $PKG_VERSION"
include $(TOPDIR)/rules.mk
PKG_NAME:=qemu
-PKG_VERSION:=8.0.2
+PKG_VERSION:=8.1.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_HASH:=f060abd435fbe6794125e2c398568ffc3cfa540042596907a8b18edca34cf6a5
+PKG_HASH:=541526a764576eb494d2ff5ec46aeb253e62ea29035d1c23c0a8af4e6cd4f087
PKG_SOURCE_URL:=http://download.qemu.org/
PKG_LICENSE:=GPL-2.0-only
PKG_LICENSE_FILES:=LICENSE tcg/LICENSE
--disable-docs \
--disable-fuse \
--disable-gcrypt \
- --with-git-submodules=ignore \
+ --disable-download \
--disable-glusterfs \
--disable-gnutls \
--disable-guest-agent-msi \
--- a/configure
+++ b/configure
-@@ -896,6 +896,8 @@ for opt do
+@@ -823,6 +823,8 @@ for opt do
;;
- --disable-vfio-user-server) vfio_user_server="disabled"
+ --gdb=*) gdb_bin="$optarg"
;;
+ --disable-fortify-source) fortify_source="no"
+ ;;
#endif /* CONFIG_LINUX */
#include "qemu/osdep.h"
-@@ -29,6 +26,13 @@
- #include <sys/vfs.h>
+@@ -57,6 +54,13 @@ QemuFsType qemu_fd_getfs(int fd)
#endif
+ }
+#ifndef MAP_SYNC
+#define MAP_SYNC 0x0
--- a/meson.build
+++ b/meson.build
-@@ -3192,10 +3192,6 @@ subdir('common-user')
+@@ -3451,10 +3451,6 @@ subdir('common-user')
subdir('bsd-user')
subdir('linux-user')
# accel modules
tcg_real_module_ss = ss.source_set()
tcg_real_module_ss.add_all(when: 'CONFIG_TCG_MODULAR', if_true: tcg_module_ss)
-@@ -3687,10 +3683,6 @@ subdir('scripts')
+@@ -3945,10 +3941,6 @@ subdir('scripts')
subdir('tools')
subdir('pc-bios')
subdir('docs')
include $(TOPDIR)/rules.mk
PKG_NAME:=restic
-PKG_VERSION:=0.15.2
+PKG_VERSION:=0.16.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/restic/restic/tar.gz/v${PKG_VERSION}?
-PKG_HASH:=52aca841486eaf4fe6422b059aa05bbf20db94b957de1d3fca019ed2af8192b7
+PKG_HASH:=88165b5b89b6064df37a9964d660f40ac62db51d6536e459db9aaea6f2b2fc11
PKG_LICENSE:=BSD-2-Clause
PKG_LICENSE_FILES:=LICENSE