TITLE:=Remote configuration management agent ($(2) variant)
CATEGORY:=Administration
SECTION:=admin
- SUBMENU:=openwisp
+ SUBMENU:=OpenWISP
DEPENDS:=+curl +lua +libuci-lua +luafilesystem $(3)
VARIANT:=$(1)
MAINTAINER:=Federico Capoano <f.capoano@cineca.it>
define Package/zabbix/Default
SECTION:=admin
CATEGORY:=Administration
- SUBMENU:=zabbix
+ SUBMENU:=Zabbix
TITLE:=Zabbix
URL:=https://www.zabbix.com/
USERID:=zabbix=53:zabbix=53
PKG_NAME:=gcc
# PKG_VERSION=7.3.0
PKG_VERSION=7.4.0
-PKG_RELEASE:=4
+PKG_RELEASE:=5
PKG_SOURCE_URL:=@GNU/gcc/gcc-$(PKG_VERSION)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_INSTALL:=1
--disable-libvtv \
--disable-libcilkrts \
--disable-libmudflap \
+ --disable-libmpx \
--disable-multilib \
--disable-libgomp \
--disable-libquadmath \
PKG_NAME:=patch
PKG_VERSION:=2.7.6
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@GNU/patch
--- /dev/null
+From dce4683cbbe107a95f1f0d45fabc304acfb5d71a Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Mon, 15 Jul 2019 16:21:48 +0200
+Subject: Don't follow symlinks unless --follow-symlinks is given
+
+* src/inp.c (plan_a, plan_b), src/util.c (copy_to_fd, copy_file,
+append_to_file): Unless the --follow-symlinks option is given, open files with
+the O_NOFOLLOW flag to avoid following symlinks. So far, we were only doing
+that consistently for input files.
+* src/util.c (create_backup): When creating empty backup files, (re)create them
+with O_CREAT | O_EXCL to avoid following symlinks in that case as well.
+---
+ src/inp.c | 12 ++++++++++--
+ src/util.c | 14 +++++++++++---
+ 2 files changed, 21 insertions(+), 5 deletions(-)
+
+diff --git a/src/inp.c b/src/inp.c
+index 32d0919..22d7473 100644
+--- a/src/inp.c
++++ b/src/inp.c
+@@ -238,8 +238,13 @@ plan_a (char const *filename)
+ {
+ if (S_ISREG (instat.st_mode))
+ {
+- int ifd = safe_open (filename, O_RDONLY|binary_transput, 0);
++ int flags = O_RDONLY | binary_transput;
+ size_t buffered = 0, n;
++ int ifd;
++
++ if (! follow_symlinks)
++ flags |= O_NOFOLLOW;
++ ifd = safe_open (filename, flags, 0);
+ if (ifd < 0)
+ pfatal ("can't open file %s", quotearg (filename));
+
+@@ -340,6 +345,7 @@ plan_a (char const *filename)
+ static void
+ plan_b (char const *filename)
+ {
++ int flags = O_RDONLY | binary_transput;
+ int ifd;
+ FILE *ifp;
+ int c;
+@@ -353,7 +359,9 @@ plan_b (char const *filename)
+
+ if (instat.st_size == 0)
+ filename = NULL_DEVICE;
+- if ((ifd = safe_open (filename, O_RDONLY | binary_transput, 0)) < 0
++ if (! follow_symlinks)
++ flags |= O_NOFOLLOW;
++ if ((ifd = safe_open (filename, flags, 0)) < 0
+ || ! (ifp = fdopen (ifd, binary_transput ? "rb" : "r")))
+ pfatal ("Can't open file %s", quotearg (filename));
+ if (TMPINNAME_needs_removal)
+diff --git a/src/util.c b/src/util.c
+index 1cc08ba..fb38307 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -388,7 +388,7 @@ create_backup (char const *to, const struct stat *to_st, bool leave_original)
+
+ try_makedirs_errno = ENOENT;
+ safe_unlink (bakname);
+- while ((fd = safe_open (bakname, O_CREAT | O_WRONLY | O_TRUNC, 0666)) < 0)
++ while ((fd = safe_open (bakname, O_CREAT | O_EXCL | O_WRONLY | O_TRUNC, 0666)) < 0)
+ {
+ if (errno != try_makedirs_errno)
+ pfatal ("Can't create file %s", quotearg (bakname));
+@@ -579,10 +579,13 @@ create_file (char const *file, int open_flags, mode_t mode,
+ static void
+ copy_to_fd (const char *from, int tofd)
+ {
++ int from_flags = O_RDONLY | O_BINARY;
+ int fromfd;
+ ssize_t i;
+
+- if ((fromfd = safe_open (from, O_RDONLY | O_BINARY, 0)) < 0)
++ if (! follow_symlinks)
++ from_flags |= O_NOFOLLOW;
++ if ((fromfd = safe_open (from, from_flags, 0)) < 0)
+ pfatal ("Can't reopen file %s", quotearg (from));
+ while ((i = read (fromfd, buf, bufsize)) != 0)
+ {
+@@ -625,6 +628,8 @@ copy_file (char const *from, char const *to, struct stat *tost,
+ else
+ {
+ assert (S_ISREG (mode));
++ if (! follow_symlinks)
++ to_flags |= O_NOFOLLOW;
+ tofd = create_file (to, O_WRONLY | O_BINARY | to_flags, mode,
+ to_dir_known_to_exist);
+ copy_to_fd (from, tofd);
+@@ -640,9 +645,12 @@ copy_file (char const *from, char const *to, struct stat *tost,
+ void
+ append_to_file (char const *from, char const *to)
+ {
++ int to_flags = O_WRONLY | O_APPEND | O_BINARY;
+ int tofd;
+
+- if ((tofd = safe_open (to, O_WRONLY | O_BINARY | O_APPEND, 0)) < 0)
++ if (! follow_symlinks)
++ to_flags |= O_NOFOLLOW;
++ if ((tofd = safe_open (to, to_flags, 0)) < 0)
+ pfatal ("Can't reopen file %s", quotearg (to));
+ copy_to_fd (from, tofd);
+ if (close (tofd) != 0)
+--
+cgit v1.0-41-gc330
+
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/cifsd-team/cifsd.git
-PKG_SOURCE_DATE:=2019-07-12
-PKG_SOURCE_VERSION:=f2cfe8cb40493a5f77144543bc486bfdb8aa61e2
-PKG_MIRROR_HASH:=fd6a3bec5953fa30b87a6e12e2c6666844ad66096afa7de421689f5769626a36
+PKG_SOURCE_DATE:=2019-07-17
+PKG_SOURCE_VERSION:=0c3049e84fc7737cedbcef3e1791a570871168cd
+PKG_MIRROR_HASH:=2717cb1e3d28e7ff5ea69c3fa2a6ae182b70bcdf8680a41a0df2b190b072d04b
PKG_MAINTAINER:=Andy Walsh <andy.walsh44+github@gmail.com>
PKG_LICENSE:=GPL-2.0-or-later
PKG_NAME:=luaposix
PKG_VERSION:=v33.2.1
-PKG_RELEASE:=5
+PKG_RELEASE:=6
PKG_SOURCE:=release-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/luaposix/luaposix/archive/
TARGET_CFLAGS += -D_XOPEN_REALTIME=1
endif
-ifneq ($(CONFIG_USE_GLIBC),)
- ifeq ($(CONFIG_EGLIBC_OPTION_EGLIBC_UTMP),)
- TARGET_CFLAGS += -DNO_GETLOGIN
- endif
-endif
-
-
define Package/luaposix/install
$(INSTALL_DIR) $(1)/usr/lib/lua/posix
$(INSTALL_BIN) $(PKG_BUILD_DIR)/ext/posix/.libs/posix.so $(1)/usr/lib/lua
+++ /dev/null
-diff --git a/ext/posix/unistd.c b/ext/posix/unistd.c
-index 9276640..69c8cef 100644
---- a/ext/posix/unistd.c
-+++ b/ext/posix/unistd.c
-@@ -525,6 +525,7 @@ Pgetgroups(lua_State *L)
- #endif
-
-
-+#ifndef NO_GETLOGIN
- /***
- Current logged-in user.
- @treturn[1] string username, if successful
-@@ -537,6 +538,7 @@ Pgetlogin(lua_State *L)
- checknargs(L, 0);
- return pushstringresult(getlogin());
- }
-+#endif
-
-
- /***
-@@ -1044,7 +1046,9 @@ static const luaL_Reg posix_unistd_fns[] =
- LPOSIX_FUNC( Pgetegid ),
- LPOSIX_FUNC( Pgeteuid ),
- LPOSIX_FUNC( Pgetgid ),
-+#ifndef NO_GETLOGIN
- LPOSIX_FUNC( Pgetlogin ),
-+#endif
- LPOSIX_FUNC( Pgetpgrp ),
- LPOSIX_FUNC( Pgetpid ),
- LPOSIX_FUNC( Pgetppid ),
include $(TOPDIR)/rules.mk
PKG_NAME:=luasocket
-PKG_SOURCE_VERSION:=6d5e40c324c84d9c1453ae88e0ad5bdd0a631448
-PKG_VERSION:=3.0-rc1-20130909
-PKG_RELEASE:=5
+PKG_SOURCE_DATE:=2019-04-21
+PKG_SOURCE_VERSION:=733af884f1aa18ff469bf3c4d18810e815853211
+PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_MIRROR_HASH:=d2fa075d8bd026c41e0eb1a634ac2ad8115dee8abb070720e8e91fab51f86ee4
-PKG_SOURCE_URL:=https://github.com/diegonehab/luasocket.git
PKG_SOURCE_PROTO:=git
-PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE_URL:=https://github.com/diegonehab/luasocket
+PKG_MIRROR_HASH:=60aef7544426cae3e6c7560a6e4ad556a04b879ca0ad0311645b2c513c872128
+
+PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
+PKG_LICENSE:=MIT
+PKG_LICENSE_FILES:=LICENSE
include $(INCLUDE_DIR)/package.mk
-define Package/luasocket
+define Package/luasocket/default
SUBMENU:=Lua
SECTION:=lang
CATEGORY:=Languages
+ URL:=http://w3.impa.br/~diego/software/luasocket
+endef
+
+define Package/luasocket
+ $(Package/luasocket/default)
TITLE:=LuaSocket
- URL:=http://luasocket.luaforge.net/
- MAINTAINER:=W. Michael Petullo <mike@flyn.org>
DEPENDS:=+lua
+ VARIANT:=lua-51
+ DEFAULT_VARIANT:=1
+endef
+
+define Package/luasocket5.3
+ $(Package/luasocket/default)
+ TITLE:=LuaSocket 5.3
+ DEPENDS:=+liblua5.3
+ VARIANT:=lua-53
endef
-define Package/luasocket/description
+ifeq ($(BUILD_VARIANT),lua-51)
+ LUA_VERSION=5.1
+endif
+
+ifeq ($(BUILD_VARIANT),lua-53)
+ LUA_VERSION=5.3
+endif
+
+
+define Package/luasocket/default/description
LuaSocket is the most comprehensive networking support
library for the Lua language. It provides easy access to
TCP, UDP, DNS, SMTP, FTP, HTTP, MIME and much more.
endef
+Package/luasocket/description = $(Package/luasocket/default/description)
+Package/luasocket5.3/description = $(Package/luasocket/default/description)
define Build/Configure
endef
LIBDIR="$(TARGET_LDFLAGS)" \
CC="$(TARGET_CC) $(TARGET_CFLAGS) $(TARGET_CPPFLAGS) $(FPIC)" \
LD="$(TARGET_CROSS)ld -shared" \
+ LUAV=$(LUA_VERSION) LUAINC_linux_base=$(STAGING_DIR)/usr/include \
all
endef
-
define Package/luasocket/install
$(INSTALL_DIR) $(1)/usr/lib/lua
$(INSTALL_DATA) $(PKG_BUILD_DIR)/src/{ltn12,mime,socket}.lua $(1)/usr/lib/lua
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/mime.so.1.0.3 $(1)/usr/lib/lua
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/socket.so.3.0-rc1 $(1)/usr/lib/lua
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/mime-1.0.3.so $(1)/usr/lib/lua
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/socket-3.0-rc1.so $(1)/usr/lib/lua
$(INSTALL_DIR) $(1)/usr/lib/lua/mime
- ln -sf ../mime.so.1.0.3 $(1)/usr/lib/lua/mime/core.so
+ ln -sf ../mime-1.0.3.so $(1)/usr/lib/lua/mime/core.so
$(INSTALL_DIR) $(1)/usr/lib/lua/socket
$(INSTALL_DATA) $(PKG_BUILD_DIR)/src/{ftp,http,smtp,tp,url,headers}.lua $(1)/usr/lib/lua/socket
$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/unix.so $(1)/usr/lib/lua/socket
- ln -sf ../socket.so.3.0-rc1 $(1)/usr/lib/lua/socket/core.so
+ ln -sf ../socket-3.0-rc1.so $(1)/usr/lib/lua/socket/core.so
endef
+
+define Package/luasocket5.3/install
+ $(MAKE) -C $(PKG_BUILD_DIR)/src \
+ DESTDIR="$(1)" \
+ LUAV=$(LUA_VERSION) \
+ install
+endef
+
+
$(eval $(call BuildPackage,luasocket))
+$(eval $(call BuildPackage,luasocket5.3))
index 0000000..db231aa
--- /dev/null
+++ b/src/if.c
-@@ -0,0 +1,113 @@
+@@ -0,0 +1,117 @@
+/*
+ * $Id: if.c $
+ *
+{
+ lua_pushstring(L, "iface");
+ lua_newtable(L);
++#if LUA_VERSION_NUM < 503
+ luaL_openlib(L, NULL, func, 0);
++#else
++ luaL_setfuncs(L, func, 0);
++#endif
+ lua_settable(L, -3);
+ return 0;
+}
index e6ee747..85d41a6 100644
--- a/src/luasocket.c
+++ b/src/luasocket.c
-@@ -31,6 +31,7 @@
+@@ -21,6 +21,7 @@
#include "tcp.h"
#include "udp.h"
#include "select.h"
/*-------------------------------------------------------------------------*\
* Internal function prototypes
-@@ -51,6 +52,7 @@ static const luaL_Reg mod[] = {
+@@ -41,6 +42,7 @@ static const luaL_Reg mod[] = {
{"tcp", tcp_open},
{"udp", udp_open},
{"select", select_open},
index 8d3521e..09d4882 100644
--- a/src/makefile
+++ b/src/makefile
-@@ -262,6 +262,7 @@ SOCKET_OBJS= \
- auxiliar.$(O) \
+
+@@ -303,6 +303,7 @@ SOCKET_OBJS= \
+ compat.$(O) \
options.$(O) \
inet.$(O) \
+ if.$(O) \
$(SOCKET) \
except.$(O) \
select.$(O) \
-@@ -387,6 +388,7 @@ auxiliar.$(O): auxiliar.c auxiliar.h
+@@ -440,6 +441,7 @@ auxiliar.$(O): auxiliar.c auxiliar.h
buffer.$(O): buffer.c buffer.h io.h timeout.h
except.$(O): except.c except.h
inet.$(O): inet.c inet.h socket.h io.h timeout.h usocket.h
index 8ac2a14..1c73e6f 100644
--- a/src/options.c
+++ b/src/options.c
-@@ -3,6 +3,9 @@
- * LuaSocket toolkit
- \*=========================================================================*/
- #include <string.h>
+@@ -7,7 +7,10 @@
+ #include "options.h"
+ #include "inet.h"
+ #include <string.h>
+-
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <net/if.h>
-
- #include "lauxlib.h"
-
-@@ -285,6 +288,12 @@ static int opt_ip6_setmembership(lua_State *L, p_socket ps, int level, int name)
++
+ /*=========================================================================*\
+ * Internal functions prototypes
+ \*=========================================================================*/
+@@ -388,6 +391,12 @@ static int opt_ip6_setmembership(lua_Sta
if (!lua_isnil(L, -1)) {
if (lua_isnumber(L, -1)) {
val.ipv6mr_interface = (unsigned int) lua_tonumber(L, -1);
} else
luaL_argerror(L, -1, "number 'interface' field expected");
}
---
+--
1.8.4.rc3
-
--- a/src/makefile
+++ b/src/makefile
-@@ -345,18 +345,18 @@ none:
+@@ -397,18 +398,18 @@ none:
all: $(SOCKET_SO) $(MIME_SO)
$(SOCKET_SO): $(SOCKET_OBJS)
- $(LD) $(SERIAL_OBJS) $(LDFLAGS)$@
+ $(CC) $(SERIAL_OBJS) $(LDFLAGS)$@
- install:
+ install:
$(INSTALL_DIR) $(INSTALL_TOP_LDIR)
--- a/src/makefile
+++ b/src/makefile
-@@ -163,9 +163,8 @@ DEF_linux=-DLUASOCKET_$(DEBUG) -DLUA_$(COMPAT)_MODULE \
- -DLUASOCKET_API='__attribute__((visibility("default")))' \
- -DUNIX_API='__attribute__((visibility("default")))' \
- -DMIME_API='__attribute__((visibility("default")))'
--CFLAGS_linux= -I$(LUAINC) $(DEF) -pedantic -Wall -Wshadow -Wextra \
-- -Wimplicit -O2 -ggdb3 -fpic -fvisibility=hidden
+@@ -174,9 +174,8 @@ SO_linux=so
+ O_linux=o
+ CC_linux=gcc
+ DEF_linux=-DLUASOCKET_$(DEBUG)
+-CFLAGS_linux=$(LUAINC:%=-I%) $(DEF) -Wall -Wshadow -Wextra \
+- -Wimplicit -O2 -ggdb3 -fpic
-LDFLAGS_linux=-O -shared -fpic -o
-+CFLAGS_linux= -I$(LUAINC) $(DEF) -fvisibility=hidden
-+LDFLAGS_linux=-shared -o
++CFLAGS_linux=$(LUAINC:%=-I%) $(DEF) -O2
++LDFLAGS_linux=-O -shared -o
LD_linux=gcc
SOCKET_linux=usocket.o
+++ /dev/null
-if PACKAGE_node-mozilla-iot-gateway
-
- comment "Optional features"
-
- config MOIT_enable-plugin-support
- bool "Enable packages needed for some plugins"
- default y
-
-endif
+++ /dev/null
-#
-# Copyright (C) 2018 Sartura Ltd.
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NPM_NAME:=mozilla-iot-gateway
-PKG_NAME:=node-$(PKG_NPM_NAME)
-PKG_VERSION:=0.8.1
-PKG_RELEASE:=2
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://codeload.github.com/mozilla-iot/gateway/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=f407732b9c1d020aa79e9d0b12f1b97e82691d6f58def2df067f790f4f640e30
-
-PKG_BUILD_DEPENDS:=node/host openzwave
-
-PKG_MAINTAINER:=Marko Ratkaj <marko.ratkaj@sartura.hr>
-PKG_LICENSE:=MPL-2.0
-PKG_LICENSE_FILES:=LICENSE
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/node-mozilla-iot-gateway
- SUBMENU:=Node.js
- SECTION:=lang
- CATEGORY:=Languages
- TITLE:=WebThings Gateway by Mozilla
- URL:=https://iot.mozilla.org/gateway/
- DEPENDS:= +libpthread +node +node-npm +libopenzwave +openzwave-config +python +python3-light +python3-pip +openssl-util
- DEPENDS+= +MOIT_enable-plugin-support:git-http
- MENU:=1
-endef
-
-define Package/node-mozilla-iot-gateway/description
- Build Your Own Web of Things Gateway. The "Web of Things" (WoT) is the
- idea of taking the lessons learned from the World Wide Web and applying
- them to IoT. It's about creating a decentralized Internet of Things by
- giving Things URLs on the web to make them linkable and discoverable,
- and defining a standard data model and APIs to make them interoperable.
-endef
-
-define Package/node-mozilla-iot-gateway/config
- source "$(SOURCE)/Config.in"
-endef
-
-CPU:=$(subst powerpc,ppc,$(subst aarch64,arm64,$(subst x86_64,x64,$(subst i386,ia32,$(ARCH)))))
-
-TARGET_CFLAGS+=$(FPIC)
-
-define Build/Compile
- $(MAKE_VARS) \
- $(MAKE_FLAGS) \
- npm_config_arch=$(CONFIG_ARCH) \
- npm_config_nodedir=$(STAGING_DIR)/usr/ \
- npm_config_cache=$(TMP_DIR)/npm-cache \
- npm_config_tmp=$(TMP_DIR)/npm-tmp \
- PREFIX="$(PKG_INSTALL_DIR)/usr/" \
- $(STAGING_DIR_HOSTPKG)/bin/npm install --build-from-source --target_arch=$(CPU) -g $(DL_DIR)/$(PKG_SOURCE)
-endef
-
-define Package/node-mozilla-iot-gateway/install
- $(INSTALL_DIR) $(1)/opt/mozilla-iot/gateway/
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/node_modules/webthings-gateway/* $(1)/opt/mozilla-iot/gateway
- $(MAKE_VARS) \
- $(MAKE_FLAGS) \
- $(STAGING_DIR_HOSTPKG)/bin/npm --prefix=$(1)/opt/mozilla-iot/gateway install \
- --build-from-source --target_arch=$(CPU) $(1)/opt/mozilla-iot/gateway
- $(INSTALL_DIR) $(1)/etc/init.d
- $(INSTALL_BIN) ./files/mozilla-iot-gateway.init $(1)/etc/init.d/mozilla-iot-gateway
-endef
-
-$(eval $(call BuildPackage,node-mozilla-iot-gateway))
+++ /dev/null
-# Things Gateway by Mozilla
-
-Build Your Own Web of Things Gateway. The "Web of Things" (WoT) is the idea of
-taking the lessons learned from the World Wide Web and applying them to IoT.
-It's about creating a decentralized Internet of Things by giving Things URLs on
-the web to make them linkable and discoverable, and defining a standard data
-model and APIs to make them interoperable.
-
-### Getting Started
-
-These instructions will get you a copy of OpenWrt's build system on your local
-machine for development and testing purposes. To check the prerequisites for
-your system check out this
-[link](https://openwrt.org/docs/guide-developer/build-system/install-buildsystem).
-
-```
-git clone https://github.com/openwrt/openwrt
-cd openwrt
-```
-
-### Configure the build system
-
-We need to configure the build system and select the Things Gateway package.
-This process is no different from selecting other OpenWrt packages. For this
-example we will be using build configuration for Raspberry Pi 2/3.
-
-Update feeds and open menuconfig interface:
-
-```
-make package/symlinks
-make menuconfig
-```
-
-Select your target:
-
-```
-Target System (Broadcom BCM27xx) --->
-Subtarget (BCM2709/BCM2710 32 bit based boards) --->
-Target Profile (Raspberry Pi 2B/3B/3B+/3CM) --->
-```
-
-Things Gateway package is a bit beefy. In order to fit the image, extend the
-filesystem size from 256 to 1024 MB:
-
-```
-Target Images --->
- (1024) Root filesystem partition size (in MB)
-```
-
-Select Things Gateway package:
-
-```
-Languages --->
- Node.js --->
- <*> node-mozilla-iot-gateway
-```
-
-Save and exit.
-
-
-### Building the image
-
-Run the build process and substitute <N> with the number of your CPU cores:
-
-```
-make -j<N>
-```
-
-
-### Flashing on the SD card
-
-Process of flashing the image will depend on which device you have.
-Instructions below are for Raspberry Pi 2/3. For other devices consult OpenWrt
-wiki pages. Be careful to replace the X in the third command with the drive
-letter of your SD card.
-
-```
-cd bin/targets/brcm2708/bcm2709
-gunzip openwrt-brcm2708-bcm2709-rpi-2-ext4-factory.img.gz
-sudo dd if=openwrt-brcm2708-bcm2709-rpi-2-ext4-factory.img of=/dev/sdX conv=fsync
-```
-
-## Running Things Gateway from USB flash drive
-
-In case the device doesn't have enough internal storage space, it is possible
-to run Things Gateway of a USB flash drive. This requires USB flash drive with
-ext4 filesystem plugged in the device.
-
-### Configuration
-
-Do all steps from "Configure the build system" above, and after that change
-node-mozilla-iot-gateway selection from "\*" to "M". This will build the
-package and all of it's dependencies but it will not install Things Gateway.
-
-```
-Languages --->
- Node.js --->
- <M> node-mozilla-iot-gateway
-```
-
-### Prepare the device
-
-We need to auto mount the USB flash drive in order for the gateway to start at
-boot. To do so, open a console on your embedded device and create a /etc/fstab
-file with the following contents. This assumes your USB flash drive is
-/dev/sda1:
-
-```
-/dev/sda1 /opt ext4 rw,relatime,data=ordered 0 1
-/opt/root /root none defaults,bind 0 0
-```
-
-Add "mount -a" to the end of the "boot" function in /etc/init.d/boot
-
-```
-boot() {
- .
- .
- .
- /bin/config_generate
- uci_apply_defaults
-
- # temporary hack until configd exists
- /sbin/reload_config
-
- # Added by us
- mount -a
-}
-```
-
-### Install Things Gateway package
-
-After successfully mounting the USB drive, transfer the .ipk file from your
-local machine to the device and install it. Note that your package version
-might defer. Also note that location of .ipk file depends on the selected
-target, but it will be within ./bin/packages directory. We need to use
-"--force-space" or else opkg might complain about insufficient space.
-
-On your local machine:
-```
-cd bin/packages/arm_cortex-a9_vfpv3/packages/
-scp node-mozilla-iot-gateway_0.6.0-1_arm_cortex-a9_vfpv3.ipk root@192.168.1.1:/tmp
-```
-
-On the device:
-```
-opkg --force-space install /tmp/node-mozilla-iot-gateway_0.6.0-1_arm_cortex-a9_vfpv3.ipk
-```
-
-Things Gateway should now start at every boot.
+++ /dev/null
-#!/bin/sh /etc/rc.common
-
-START=99
-
-USE_PROCD=1
-
-HOME=/root
-MOZIOT_HOME="${HOME}/.mozilla-iot"
-export PATH="/opt/mozilla-iot/gateway/tools:${PATH}"
-
-start_service()
-{
- mkdir -p /usr/etc/
- ln -sf /etc/openzwave /usr/etc/openzwave
-
- procd_open_instance mozilla-iot-gateway
- procd_set_param command /usr/bin/npm start --prefix /opt/mozilla-iot/gateway
- procd_set_param stdout 1
- procd_set_param stderr 1
- procd_close_instance
-}
PKG_NAME:=node
PKG_VERSION:=v8.16.0
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=node-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://nodejs.org/dist/${PKG_VERSION}
PKG_HASH:=3515e8e01568a5dc4dff3d91a76ebc6724f5fa2fbb58b4b0c5da7b178a2f7340
HOST_CONFIGURE_VARS:=
HOST_CONFIGURE_ARGS:= \
- --dest-os=linux \
+ --dest-os=$(if $(findstring Darwin,$(HOST_OS)),mac,linux) \
--without-snapshot \
--prefix=$(STAGING_DIR_HOSTPKG)
--- /dev/null
+--- a/tools/gyp/pylib/gyp/generator/make.py
++++ b/tools/gyp/pylib/gyp/generator/make.py
+@@ -174,7 +174,7 @@
+
+ LINK_COMMANDS_MAC = """\
+ quiet_cmd_alink = LIBTOOL-STATIC $@
+-cmd_alink = rm -f $@ && ./gyp-mac-tool filter-libtool libtool $(GYP_LIBTOOLFLAGS) -static -o $@ $(filter %.o,$^)
++cmd_alink = rm -f $@ && ./gyp-mac-tool filter-libtool /usr/bin/libtool $(GYP_LIBTOOLFLAGS) -static -o $@ $(filter %.o,$^)
+
+ quiet_cmd_link = LINK($(TOOLSET)) $@
+ cmd_link = $(LINK.$(TOOLSET)) $(GYP_LDFLAGS) $(LDFLAGS.$(TOOLSET)) -o "$@" $(LD_INPUTS) $(LIBS)
include $(TOPDIR)/rules.mk
PKG_NAME:=php
-PKG_VERSION:=7.2.19
+PKG_VERSION:=7.2.21
PKG_RELEASE:=1
PKG_MAINTAINER:=Michael Heimpold <mhei@heimpold.de>
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://www.php.net/distributions/
-PKG_HASH:=4ffa2404a88d60e993a9fe69f829ebec3eb1e006de41b6048ce5e91bbeaa9282
+PKG_HASH:=de06aff019d8f5079115795bd7d8eedd4cd03daecb62d58abb18f492dd995c95
PKG_FIXUP:=libtool autoreconf
PKG_BUILD_PARALLEL:=1
PKG_NAME:=MarkupSafe
PKG_VERSION:=1.1.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://files.pythonhosted.org/packages/source/M/MarkupSafe
PKG_HASH:=29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b
-PKG_BUILD_DEPENDS:=python python3
-PKG_LICENSE:=BSD-3-Clause
-PKG_LICENSE_FILES:=LICENSE
+
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILES:=LICENSE.rst
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(BUILD_VARIANT)-$(PKG_NAME)-$(PKG_VERSION)
-PKG_UNPACK=$(HOST_TAR) -C $(PKG_BUILD_DIR) --strip-components=1 -xzf $(DL_DIR)/$(PKG_SOURCE)
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
include $(INCLUDE_DIR)/package.mk
include ../python3-package.mk
SECTION:=lang
CATEGORY:=Languages
SUBMENU:=Python
- URL:=https://github.com/pallets/markupsafe/
- TITLE:=python3-markupsafe
+ TITLE:=MarkupSafe
+ URL:=https://palletsprojects.com/p/markupsafe/
DEPENDS:=+python3-light
VARIANT:=python3
endef
define Package/python3-markupsafe/description
-MarkupSafe implements a XML/HTML/XHTML Markup safe string for Python
+ MarkupSafe implements a text object that escapes characters so it is safe to use in HTML and XML.
endef
$(eval $(call Py3Package,python3-markupsafe))
$(eval $(call BuildPackage,python3-markupsafe))
+$(eval $(call BuildPackage,python3-markupsafe-src))
PKG_NAME:=python-egenix-mx-base
PKG_VERSION:=3.2.9
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE:=egenix-mx-base-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://downloads.egenix.com/python
PKG_BUILD_DIR:=$(BUILD_DIR)/egenix-mx-base-$(PKG_VERSION)
PKG_MAINTAINER:=Dmitry Trefilov <the-alien@live.ru>
-PKG_LICENSE:=eGenix.com
+PKG_LICENSE:=eGenix
PKG_LICENSE_FILES:=LICENSE COPYRIGHT
include $(INCLUDE_DIR)/package.mk
include ../python-package.mk
define Package/python-egenix-mx-base
- SUBMENU:=Python
SECTION:=lang
CATEGORY:=Languages
- DEPENDS:=+python
TITLE:=Egenix mxBase
+ SUBMENU:=Python
URL:=https://www.egenix.com/products/python/mxBase/
+ DEPENDS:=+python-light
+ VARIANT:=python
endef
define Package/python-egenix-mx-base/description
date/time processing and high speed data types.
endef
-define Build/Compile
- $(call Build/Compile/PyMod,,install --prefix="$(PKG_INSTALL_DIR)/usr")
-endef
-
-define PyPackage/python-egenix-mx-base/install
- $(INSTALL_DIR) $(1)$(PYTHON_PKG_DIR)
- $(CP) \
- $(PKG_INSTALL_DIR)$(PYTHON_PKG_DIR)/* \
- $(1)$(PYTHON_PKG_DIR)
-endef
+PYTHON_PKG_SETUP_ARGS:=
$(eval $(call PyPackage,python-egenix-mx-base))
$(eval $(call BuildPackage,python-egenix-mx-base))
+$(eval $(call BuildPackage,python-egenix-mx-base-src))
include $(TOPDIR)/rules.mk
PKG_NAME:=python-pyasn1-modules
-PKG_VERSION:=0.2.5
+PKG_VERSION:=0.2.6
PKG_RELEASE:=1
PKG_SOURCE:=pyasn1-modules-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://files.pythonhosted.org/packages/source/p/pyasn1-modules
-PKG_HASH:=ef721f68f7951fab9b0404d42590f479e30d9005daccb1699b0a51bb4177db96
+PKG_HASH:=43c17a83c155229839cc5c6b868e8d0c6041dba149789b6d6e28801c64821722
PKG_LICENSE:=BSD-2-Clause
PKG_LICENSE_FILES:=LICENSE.txt
include $(TOPDIR)/rules.mk
PKG_NAME:=python-pyasn1
-PKG_VERSION:=0.4.5
+PKG_VERSION:=0.4.6
PKG_RELEASE:=1
PKG_SOURCE:=pyasn1-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://files.pythonhosted.org/packages/source/p/pyasn1
-PKG_HASH:=da2420fe13a9452d8ae97a0e478adde1dee153b11ba832a95b223a2ba01c10f7
+PKG_HASH:=b773d5c9196ffbc3a1e13bdf909d446cad80a039aa3340bcad72f395b76ebc86
PKG_LICENSE:=BSD-2-Clause
PKG_LICENSE_FILES:=LICENSE.txt
PKG_NAME:=python
PKG_VERSION:=$(PYTHON_VERSION).$(PYTHON_VERSION_MICRO)
-PKG_RELEASE:=8
+PKG_RELEASE:=9
PKG_SOURCE:=Python-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://www.python.org/ftp/python/$(PKG_VERSION)
--- /dev/null
+--- a/Modules/posixmodule.c
++++ b/Modules/posixmodule.c
+@@ -3070,7 +3070,7 @@ done:
+ if (arg == Py_None) {
+ /* optional time values not given */
+ Py_BEGIN_ALLOW_THREADS
+- res = utime(path, NULL);
++ res = utimes(path, NULL);
+ Py_END_ALLOW_THREADS
+ }
+ else if (!PyTuple_Check(arg) || PyTuple_Size(arg) != 2) {
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE.md
PKG_VERSION:=0.8.21
-PKG_RELEASE:=3
+PKG_RELEASE:=4
# Use this for official releasees
PKG_HASH:=51892570f18d1667d0da4d0908a091e41b41c20db9835765677109a3d150cd26
#PKG_SOURCE_VERSION:=e97efb29a94f3a49cb952d06552fcf53708ea8c7
#PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
-PKG_BUILD_DEPENDS:=elektra/host swig/host
+HOST_BUILD_DEPENDS:=swig/host
+PKG_BUILD_DEPENDS:=elektra/host lua
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/host-build.mk
CATEGORY:=Libraries
TITLE:=Elektra
URL:=http://www.libelektra.org/
- SUBMENU:=libelektra
+ SUBMENU:=LibElektra
endef
define Package/libelektra/Default-description
define Package/libelektra-lua
$(call Package/libelektra/Default)
TITLE:=Elektra lua plugin
- DEPENDS:=+libelektra-core +lua +libstdcpp
+ DEPENDS:=+libelektra-core +lua5.3 +libstdcpp
endef
define Package/libelektra-lua/description
include $(TOPDIR)/rules.mk
PKG_NAME:=expat
-PKG_VERSION:=2.2.6
+PKG_VERSION:=2.2.7
PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@SF/expat
-PKG_HASH:=17b43c2716d521369f82fc2dc70f359860e90fa440bea65b3b85f0b246ea81f2
-PKG_MAINTAINER:=Steven Barth <cyrus@openwrt.org>, \
- Ted Hess <thess@kitschensync.net>
+PKG_HASH:=30e3f40acf9a8fdbd5c379bdcc8d1178a1d9af306de29fc8ece922bc4c57bef8
+PKG_MAINTAINER:=Ted Hess <thess@kitschensync.net>
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=COPYING
+PKG_CPE_ID:=cpe:/a:libexpat:expat
PKG_FIXUP:=autoreconf
-
PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
include $(TOPDIR)/rules.mk
PKG_NAME:=gnutls
-PKG_VERSION:=3.6.8
-PKG_RELEASE:=2
+PKG_VERSION:=3.6.9
+PKG_RELEASE:=1
PKG_USE_MIPS16:=0
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6
-PKG_HASH:=aa81944e5635de981171772857e72be231a7e0f559ae0292d2737de475383e83
+PKG_HASH:=4331fca55817ecdd74450b908a6c29b4f05bb24dd13144c6284aa34d872e1fcb
#PKG_FIXUP:=autoreconf gettext-version
PKG_MAINTAINER:=Nikos Mavrogiannopoulos <nmav@gnutls.org>
PKG_LICENSE:=LGPLv2.1+
This package contains the GnuTLS shared library, needed by other programs.
endef
-
+# We disable the configuration file (system-priority-file) because
+# the use of configuration increases the non-shared memory used by
+# the library and we don't provide an openwrt-specific configuration
+# anyway.
CONFIGURE_ARGS+= \
--enable-shared \
--enable-static \
--with-default-trust-store-dir=/etc/ssl/certs/ \
--with-included-unistring \
--with-librt-prefix="$(LIBRT_ROOT_DIR)/" \
- --with-pic
+ --with-pic \
+ --with-system-priority-file=""
ifneq ($(CONFIG_GNUTLS_EXT_LIBTASN1),y)
CONFIGURE_ARGS += --with-included-libtasn1
PKG_NAME:=intltool
PKG_VERSION:=0.51.0
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://launchpad.net/intltool/trunk/$(PKG_VERSION)/+download
PKG_HASH:=67c74d94196b153b774ab9f89b2fa6c6ba79352407037c8c14d5aeb334e959cd
PKG_MAINTAINER:=Ted Hess <thess@kitschensync.net>
+
+HOST_BUILD_DEPENDS:=perl/host
PKG_HOST_ONLY:=1
HOST_FIXUP:=autoreconf
include $(INCLUDE_DIR)/host-build.mk
include $(INCLUDE_DIR)/package.mk
+HOST_CONFIGURE_VARS+= \
+ PATH=$(STAGING_DIR_HOSTPKG)/bin:$(STAGING_DIR_HOSTPKG)/usr/bin:$(PATH)
+
define Package/intltool
SECTION:=libs
CATEGORY:=Libraries
include $(TOPDIR)/rules.mk
PKG_NAME:=libarchive
-PKG_VERSION:=3.3.3
-PKG_RELEASE:=3
+PKG_VERSION:=3.4.0
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://www.libarchive.org/downloads
-PKG_HASH:=ba7eb1781c9fbbae178c4c6bad1c6eb08edab9a1496c64833d1715d022b30e2e
+PKG_SOURCE_URL:=https://codeload.github.com/libarchive/libarchive/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=c160d3c45010a51a924208f13f6b7b956dabdf8c5c60195df188a599028caa7c
PKG_MAINTAINER:=Johannes Morgenroth <morgenroth@ibr.cs.tu-bs.de>
PKG_LICENSE:=BSD-2-Clause
include $(INCLUDE_DIR)/package.mk
define Package/libarchive/Default
- SECTION:=libs
- CATEGORY:=Libraries
- DEPENDS:=+zlib +liblzma +libbz2 +libexpat
- TITLE:=Multi-format archive and compression library
- URL:=https://www.libarchive.org/
+ SECTION:=libs
+ CATEGORY:=Libraries
+ DEPENDS:=+zlib +liblzma +libbz2 +libexpat
+ TITLE:=Multi-format archive and compression library
+ URL:=https://www.libarchive.org/
endef
define Package/libarchive
$(call Package/libarchive/Default)
- DEPENDS += +libopenssl
+ DEPENDS += +libopenssl
endef
define Package/libarchive-noopenssl
$(call Package/libarchive/Default)
- TITLE += (without OpenSSL dependency)
- VARIANT:=noopenssl
+ TITLE += (without OpenSSL dependency)
+ VARIANT:=noopenssl
+endef
+
+define Package/bsdtar/Default
+ SECTION:=utils
+ CATEGORY:=Utilities
+ SUBMENU:=Compression
+ TITLE:=tar BSD variant
+ URL:=https://www.libarchive.org/
endef
define Package/bsdtar
- SECTION:=utils
- CATEGORY:=Utilities
- SUBMENU:=Compression
- DEPENDS:=+libarchive-noopenssl
- TITLE:=BSD variant that supports various file compression formats
- URL:=http://www.libarchive.org/
+ $(call Package/bsdtar/Default)
+ DEPENDS:= +libarchive
+endef
+
+define Package/bsdtar-noopenssl
+ $(call Package/bsdtar/Default)
+ TITLE += (without OpenSSL dependency)
+ DEPENDS:= +libarchive-noopenssl
+ VARIANT:=noopenssl
endef
define Package/bsdtar/description
- Reads a variety of formats including tar, pax, zip, xar, lha, ar,
- cab, mtree, rar, warc, 7z and ISO images. Writes tar, pax, zip,
- xar, ar, ISO, mtree and shar archives. Automatically handles
- archives compressed with gzip, bzip2, lzip, xz, lzma or compress.
+ Reads a variety of formats including tar, pax, zip, xar, lha, ar,
+ cab, mtree, rar, warc, 7z and ISO images. Writes tar, pax, zip,
+ xar, ar, ISO, mtree and shar archives. Automatically handles
+ archives compressed with gzip, bzip2, lzip, xz, lzma or compress.
endef
CONFIGURE_ARGS += \
endef
Package/libarchive-noopenssl/install = $(Package/libarchive/install)
+Package/bsdtar-noopenssl/install = $(Package/bsdtar/install)
$(eval $(call BuildPackage,libarchive))
$(eval $(call BuildPackage,libarchive-noopenssl))
$(eval $(call BuildPackage,bsdtar))
+$(eval $(call BuildPackage,bsdtar-noopenssl))
+++ /dev/null
-From 9c84b7426660c09c18cc349f6d70b5f8168b5680 Mon Sep 17 00:00:00 2001
-From: Daniel Axtens <dja@axtens.net>
-Date: Tue, 4 Dec 2018 16:33:42 +1100
-Subject: [PATCH] warc: consume data once read
-
-The warc decoder only used read ahead, it wouldn't actually consume
-data that had previously been printed. This means that if you specify
-an invalid content length, it will just reprint the same data over
-and over and over again until it hits the desired length.
-
-This means that a WARC resource with e.g.
-Content-Length: 666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666665
-but only a few hundred bytes of data, causes a quasi-infinite loop.
-
-Consume data in subsequent calls to _warc_read.
-
-Found with an AFL + afl-rb + qsym setup.
----
- libarchive/archive_read_support_format_warc.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/libarchive/archive_read_support_format_warc.c b/libarchive/archive_read_support_format_warc.c
-index e8753853f..e8fc8428b 100644
---- a/libarchive/archive_read_support_format_warc.c
-+++ b/libarchive/archive_read_support_format_warc.c
-@@ -386,6 +386,11 @@ _warc_read(struct archive_read *a, const void **buf, size_t *bsz, int64_t *off)
- return (ARCHIVE_EOF);
- }
-
-+ if (w->unconsumed) {
-+ __archive_read_consume(a, w->unconsumed);
-+ w->unconsumed = 0U;
-+ }
-+
- rab = __archive_read_ahead(a, 1U, &nrd);
- if (nrd < 0) {
- *bsz = 0U;
+++ /dev/null
-From 15bf44fd2c1ad0e3fd87048b3fcc90c4dcff1175 Mon Sep 17 00:00:00 2001
-From: Daniel Axtens <dja@axtens.net>
-Date: Tue, 4 Dec 2018 14:29:42 +1100
-Subject: [PATCH] Skip 0-length ACL fields
-
-Currently, it is possible to create an archive that crashes bsdtar
-with a malformed ACL:
-
-Program received signal SIGSEGV, Segmentation fault.
-archive_acl_from_text_l (acl=<optimised out>, text=0x7e2e92 "", want_type=<optimised out>, sc=<optimised out>) at libarchive/archive_acl.c:1726
-1726 switch (*s) {
-(gdb) p n
-$1 = 1
-(gdb) p field[n]
-$2 = {start = 0x0, end = 0x0}
-
-Stop this by checking that the length is not zero before beginning
-the switch statement.
-
-I am pretty sure this is the bug mentioned in the qsym paper [1],
-and I was able to replicate it with a qsym + AFL + afl-rb setup.
-
-[1] https://www.usenix.org/conference/usenixsecurity18/presentation/yun
----
- libarchive/archive_acl.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/libarchive/archive_acl.c b/libarchive/archive_acl.c
-index 512beee1f..7beeee86e 100644
---- a/libarchive/archive_acl.c
-+++ b/libarchive/archive_acl.c
-@@ -1723,6 +1723,11 @@ archive_acl_from_text_l(struct archive_acl *acl, const char *text,
- st = field[n].start + 1;
- len = field[n].end - field[n].start;
-
-+ if (len == 0) {
-+ ret = ARCHIVE_WARN;
-+ continue;
-+ }
-+
- switch (*s) {
- case 'u':
- if (len == 1 || (len == 4
+++ /dev/null
-From bfcfe6f04ed20db2504db8a254d1f40a1d84eb28 Mon Sep 17 00:00:00 2001
-From: Daniel Axtens <dja@axtens.net>
-Date: Tue, 4 Dec 2018 00:55:22 +1100
-Subject: [PATCH] rar: file split across multi-part archives must match
-
-Fuzzing uncovered some UAF and memory overrun bugs where a file in a
-single file archive reported that it was split across multiple
-volumes. This was caused by ppmd7 operations calling
-rar_br_fillup. This would invoke rar_read_ahead, which would in some
-situations invoke archive_read_format_rar_read_header. That would
-check the new file name against the old file name, and if they didn't
-match up it would free the ppmd7 buffer and allocate a new
-one. However, because the ppmd7 decoder wasn't actually done with the
-buffer, it would continue to used the freed buffer. Both reads and
-writes to the freed region can be observed.
-
-This is quite tricky to solve: once the buffer has been freed it is
-too late, as the ppmd7 decoder functions almost universally assume
-success - there's no way for ppmd_read to signal error, nor are there
-good ways for functions like Range_Normalise to propagate them. So we
-can't detect after the fact that we're in an invalid state - e.g. by
-checking rar->cursor, we have to prevent ourselves from ever ending up
-there. So, when we are in the dangerous part or rar_read_ahead that
-assumes a valid split, we set a flag force read_header to either go
-down the path for split files or bail. This means that the ppmd7
-decoder keeps a valid buffer and just runs out of data.
-
-Found with a combination of AFL, afl-rb and qsym.
----
- libarchive/archive_read_support_format_rar.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
-index 6f419c270..a8cc5c94d 100644
---- a/libarchive/archive_read_support_format_rar.c
-+++ b/libarchive/archive_read_support_format_rar.c
-@@ -258,6 +258,7 @@ struct rar
- struct data_block_offsets *dbo;
- unsigned int cursor;
- unsigned int nodes;
-+ char filename_must_match;
-
- /* LZSS members */
- struct huffman_code maincode;
-@@ -1560,6 +1561,12 @@ read_header(struct archive_read *a, struct archive_entry *entry,
- }
- return ret;
- }
-+ else if (rar->filename_must_match)
-+ {
-+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
-+ "Mismatch of file parts split across multi-volume archive");
-+ return (ARCHIVE_FATAL);
-+ }
-
- rar->filename_save = (char*)realloc(rar->filename_save,
- filename_size + 1);
-@@ -2933,12 +2940,14 @@ rar_read_ahead(struct archive_read *a, size_t min, ssize_t *avail)
- else if (*avail == 0 && rar->main_flags & MHD_VOLUME &&
- rar->file_flags & FHD_SPLIT_AFTER)
- {
-+ rar->filename_must_match = 1;
- ret = archive_read_format_rar_read_header(a, a->entry);
- if (ret == (ARCHIVE_EOF))
- {
- rar->has_endarc_header = 1;
- ret = archive_read_format_rar_read_header(a, a->entry);
- }
-+ rar->filename_must_match = 0;
- if (ret != (ARCHIVE_OK))
- return NULL;
- return rar_read_ahead(a, min, avail);
+++ /dev/null
-From 021efa522ad729ff0f5806c4ce53e4a6cc1daa31 Mon Sep 17 00:00:00 2001
-From: Daniel Axtens <dja@axtens.net>
-Date: Tue, 20 Nov 2018 17:56:29 +1100
-Subject: [PATCH] Avoid a double-free when a window size of 0 is specified
-
-new_size can be 0 with a malicious or corrupted RAR archive.
-
-realloc(area, 0) is equivalent to free(area), so the region would
-be free()d here and the free()d again in the cleanup function.
-
-Found with a setup running AFL, afl-rb, and qsym.
----
- libarchive/archive_read_support_format_rar.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
-index 234522229..6f419c270 100644
---- a/libarchive/archive_read_support_format_rar.c
-+++ b/libarchive/archive_read_support_format_rar.c
-@@ -2300,6 +2300,11 @@ parse_codes(struct archive_read *a)
- new_size = DICTIONARY_MAX_SIZE;
- else
- new_size = rar_fls((unsigned int)rar->unp_size) << 1;
-+ if (new_size == 0) {
-+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
-+ "Zero window size is invalid.");
-+ return (ARCHIVE_FATAL);
-+ }
- new_window = realloc(rar->lzss.window, new_size);
- if (new_window == NULL) {
- archive_set_error(&a->archive, ENOMEM,
+++ /dev/null
-From 65a23f5dbee4497064e9bb467f81138a62b0dae1 Mon Sep 17 00:00:00 2001
-From: Daniel Axtens <dja@axtens.net>
-Date: Tue, 1 Jan 2019 16:01:40 +1100
-Subject: [PATCH] 7zip: fix crash when parsing certain archives
-
-Fuzzing with CRCs disabled revealed that a call to get_uncompressed_data()
-would sometimes fail to return at least 'minimum' bytes. This can cause
-the crc32() invocation in header_bytes to read off into invalid memory.
-
-A specially crafted archive can use this to cause a crash.
-
-An ASAN trace is below, but ASAN is not required - an uninstrumented
-binary will also crash.
-
-==7719==ERROR: AddressSanitizer: SEGV on unknown address 0x631000040000 (pc 0x7fbdb3b3ec1d bp 0x7ffe77a51310 sp 0x7ffe77a51150 T0)
-==7719==The signal is caused by a READ memory access.
- #0 0x7fbdb3b3ec1c in crc32_z (/lib/x86_64-linux-gnu/libz.so.1+0x2c1c)
- #1 0x84f5eb in header_bytes (/tmp/libarchive/bsdtar+0x84f5eb)
- #2 0x856156 in read_Header (/tmp/libarchive/bsdtar+0x856156)
- #3 0x84e134 in slurp_central_directory (/tmp/libarchive/bsdtar+0x84e134)
- #4 0x849690 in archive_read_format_7zip_read_header (/tmp/libarchive/bsdtar+0x849690)
- #5 0x5713b7 in _archive_read_next_header2 (/tmp/libarchive/bsdtar+0x5713b7)
- #6 0x570e63 in _archive_read_next_header (/tmp/libarchive/bsdtar+0x570e63)
- #7 0x6f08bd in archive_read_next_header (/tmp/libarchive/bsdtar+0x6f08bd)
- #8 0x52373f in read_archive (/tmp/libarchive/bsdtar+0x52373f)
- #9 0x5257be in tar_mode_x (/tmp/libarchive/bsdtar+0x5257be)
- #10 0x51daeb in main (/tmp/libarchive/bsdtar+0x51daeb)
- #11 0x7fbdb27cab96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
- #12 0x41dd09 in _start (/tmp/libarchive/bsdtar+0x41dd09)
-
-This was primarly done with afl and FairFuzz. Some early corpus entries
-may have been generated by qsym.
----
- libarchive/archive_read_support_format_7zip.c | 8 +-------
- 1 file changed, 1 insertion(+), 7 deletions(-)
-
-diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c
-index bccbf8966..b6d1505d3 100644
---- a/libarchive/archive_read_support_format_7zip.c
-+++ b/libarchive/archive_read_support_format_7zip.c
-@@ -2964,13 +2964,7 @@ get_uncompressed_data(struct archive_read *a, const void **buff, size_t size,
- if (zip->codec == _7Z_COPY && zip->codec2 == (unsigned long)-1) {
- /* Copy mode. */
-
-- /*
-- * Note: '1' here is a performance optimization.
-- * Recall that the decompression layer returns a count of
-- * available bytes; asking for more than that forces the
-- * decompressor to combine reads by copying data.
-- */
-- *buff = __archive_read_ahead(a, 1, &bytes_avail);
-+ *buff = __archive_read_ahead(a, minimum, &bytes_avail);
- if (bytes_avail <= 0) {
- archive_set_error(&a->archive,
- ARCHIVE_ERRNO_FILE_FORMAT,
+++ /dev/null
-From 8312eaa576014cd9b965012af51bc1f967b12423 Mon Sep 17 00:00:00 2001
-From: Daniel Axtens <dja@axtens.net>
-Date: Tue, 1 Jan 2019 17:10:49 +1100
-Subject: [PATCH] iso9660: Fail when expected Rockridge extensions is missing
-
-A corrupted or malicious ISO9660 image can cause read_CE() to loop
-forever.
-
-read_CE() calls parse_rockridge(), expecting a Rockridge extension
-to be read. However, parse_rockridge() is structured as a while
-loop starting with a sanity check, and if the sanity check fails
-before the loop has run, the function returns ARCHIVE_OK without
-advancing the position in the file. This causes read_CE() to retry
-indefinitely.
-
-Make parse_rockridge() return ARCHIVE_WARN if it didn't read an
-extension. As someone with no real knowledge of the format, this
-seems more apt than ARCHIVE_FATAL, but both the call-sites escalate
-it to a fatal error immediately anyway.
-
-Found with a combination of AFL, afl-rb (FairFuzz) and qsym.
----
- libarchive/archive_read_support_format_iso9660.c | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/libarchive/archive_read_support_format_iso9660.c b/libarchive/archive_read_support_format_iso9660.c
-index 28acfefbb..bad8f1dfe 100644
---- a/libarchive/archive_read_support_format_iso9660.c
-+++ b/libarchive/archive_read_support_format_iso9660.c
-@@ -2102,6 +2102,7 @@ parse_rockridge(struct archive_read *a, struct file_info *file,
- const unsigned char *p, const unsigned char *end)
- {
- struct iso9660 *iso9660;
-+ int entry_seen = 0;
-
- iso9660 = (struct iso9660 *)(a->format->data);
-
-@@ -2257,8 +2258,16 @@ parse_rockridge(struct archive_read *a, struct file_info *file,
- }
-
- p += p[2];
-+ entry_seen = 1;
-+ }
-+
-+ if (entry_seen)
-+ return (ARCHIVE_OK);
-+ else {
-+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
-+ "Tried to parse Rockridge extensions, but none found");
-+ return (ARCHIVE_WARN);
- }
-- return (ARCHIVE_OK);
- }
-
- static int
PKG_NAME:=glog
PKG_VERSION:=0.4.0
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/google/glog/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=f28359aeba12f30d73d9e4711ef356dc842886968112162bc73002645139c39c
+PKG_MAINTAINER:=Amir Sabbaghi <asaba90@gmail.com>
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=COPYING
PKG_FIXUP:=autoreconf
-
PKG_BUILD_PARALLEL:=1
-PKG_INSTALL:=1
-
-PKG_BUILD_DEPENDS:=libgflags
+CMAKE_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
define Package/glog
SECTION:=libs
CATEGORY:=Libraries
TITLE:=C++ implementation of the Google logging module
- DEPENDS:= +libstdcpp +libpthread +gflags
+ DEPENDS:=+libstdcpp +libpthread +gflags
URL:=https://github.com/google/glog
- MAINTAINER:=Amir Sabbaghi <amir@pichak.co>
endef
define Package/glog/description
module. Documentation for the implementation is in doc/.
endef
-CONFIGURE_VARS+=ac_cv_header_libunwind_h=0
+CMAKE_OPTIONS += \
+ -DBUILD_SHARED_LIBS=ON \
+ -DBUILD_TESTING=OFF \
+ -DUNWIND_LIBRARY=OFF
-TARGET_CXXFLAGS+=-std=c++11
-TARGET_LDFLAGS+=-lpthread
-
-define Build/Configure
- $(call Build/Configure/Default,)
-endef
-
-define Build/InstallDev
- $(INSTALL_DIR) $(1)/usr/include/glog
- $(CP) $(PKG_INSTALL_DIR)/usr/include/glog/*.h $(1)/usr/include/glog
- $(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libglog.{a,so*} $(1)/usr/lib
- $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libglog.pc $(1)/usr/lib/pkgconfig/
-endef
+TARGET_CFLAGS += -ffunction-sections -fdata-sections -flto
+TARGET_CFLAGS += -Wl,--gc-sections
define Package/glog/install
$(INSTALL_DIR) $(1)/usr/lib
--- /dev/null
+From d7b02b6929baf5b21ee6e15a700b4fc82d962e9c Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Thu, 25 Jul 2019 19:14:42 -0700
+Subject: [PATCH] googletest: Switch to nanosleep
+
+usleep is deprecated and optionally not available with uClibc-ng.
+---
+ src/googletest.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/googletest.h b/src/googletest.h
+index 49ddbc0a..39fb29fb 100644
+--- a/src/googletest.h
++++ b/src/googletest.h
+@@ -574,7 +574,8 @@ class Thread {
+
+ static inline void SleepForMilliseconds(int t) {
+ #ifndef OS_WINDOWS
+- usleep(t * 1000);
++ const struct timespec req = {0, t * 1000 * 1000};
++ nanosleep(&req, NULL);
+ #else
+ Sleep(t);
+ #endif
#
-# Copyright (C) 2018 Michael Heimpold <mhei@heimpold.de>
+# Copyright (C) 2018-2019 Michael Heimpold <mhei@heimpold.de>
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=libgpiod
-PKG_VERSION:=1.3
+PKG_VERSION:=1.4
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@KERNEL/software/libs/libgpiod/
-PKG_HASH:=6ec837f23e8f2196e5976dec4ac81403170830075e7f33ede1394eaf67f2e962
+PKG_HASH:=ebde83aaf14be3abd33e7a90faa487a2ee231e242897afe7fdefb765386b3c8b
-PKG_LICENSE:=LGPL-2.1+
+PKG_LICENSE:=LGPL-2.1-or-later
PKG_LICENSE_FILES:=COPYING
PKG_MAINTAINER:=Michael Heimpold <mhei@heimpold.de>
PKG_NAME:=libhttp-parser
PKG_VERSION:=2.9.2
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/nodejs/http-parser/tar.gz/v$(PKG_VERSION)?
(in a web server that is per connection).
endef
-MAKE_FLAGS+=library
+MAKE_FLAGS+=library \
+ PREFIX=/usr
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
- $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/local/include/http_parser.h $(1)/usr/include/
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/include/http_parser.h $(1)/usr/include/
$(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/local/lib/libhttp_parser.so* $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libhttp_parser.so* $(1)/usr/lib/
endef
define Package/libhttp-parser/install
$(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/local/lib/libhttp_parser.so* $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libhttp_parser.so* $(1)/usr/lib/
endef
$(eval $(call BuildPackage,libhttp-parser))
--- /dev/null
+--- a/Makefile
++++ b/Makefile
+@@ -25,11 +25,7 @@
+ SOMAJOR = 2
+ SOMINOR = 9
+ SOREV = 2
+-ifeq (darwin,$(PLATFORM))
+-SOEXT ?= dylib
+-SONAME ?= $(SOLIBNAME).$(SOMAJOR).$(SOMINOR).$(SOEXT)
+-LIBNAME ?= $(SOLIBNAME).$(SOMAJOR).$(SOMINOR).$(SOREV).$(SOEXT)
+-else ifeq (wine,$(PLATFORM))
++ifeq (wine,$(PLATFORM))
+ CC = winegcc
+ BINEXT = .exe.so
+ HELPER = wine
+@@ -65,12 +61,8 @@
+ LIBDIR = $(PREFIX)/lib
+ INCLUDEDIR = $(PREFIX)/include
+
+-ifeq (darwin,$(PLATFORM))
+-LDFLAGS_LIB += -Wl,-install_name,$(LIBDIR)/$(SONAME)
+-else
+ # TODO(bnoordhuis) The native SunOS linker expects -h rather than -soname...
+ LDFLAGS_LIB += -Wl,-soname=$(SONAME)
+-endif
+
+ test: test_g test_fast
+ $(HELPER) ./test_g$(BINEXT)
+@@ -131,14 +123,18 @@
+ ctags $^
+
+ install: library
+- $(INSTALL) -D http_parser.h $(DESTDIR)$(INCLUDEDIR)/http_parser.h
+- $(INSTALL) -D $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(LIBNAME)
++ $(INSTALL) -d $(DESTDIR)$(INCLUDEDIR)
++ $(INSTALL) -d $(DESTDIR)$(LIBDIR)
++ $(INSTALL) http_parser.h $(DESTDIR)$(INCLUDEDIR)/http_parser.h
++ $(INSTALL) $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(LIBNAME)
+ ln -s $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SONAME)
+ ln -s $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SOLIBNAME).$(SOEXT)
+
+ install-strip: library
+- $(INSTALL) -D http_parser.h $(DESTDIR)$(INCLUDEDIR)/http_parser.h
+- $(INSTALL) -D -s $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(LIBNAME)
++ $(INSTALL) -d $(DESTDIR)$(INCLUDEDIR)
++ $(INSTALL) -d $(DESTDIR)$(LIBDIR)
++ $(INSTALL) http_parser.h $(DESTDIR)$(INCLUDEDIR)/http_parser.h
++ $(INSTALL) -s $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(LIBNAME)
+ ln -s $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SONAME)
+ ln -s $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SOLIBNAME).$(SOEXT)
+
include $(TOPDIR)/rules.mk
PKG_NAME:=libredblack
-PKG_VERSION:=0.2.3
-PKG_RELEASE=$(PKG_SOURCE_VERSION)
+PKG_VERSION:=1.3
+PKG_RELEASE:=1
-PKG_LICENSE:=GPL-2.0+
-PKG_MAINTAINER:=Mislav Novakovic <mislav.novakovic@sartura.hr>
-
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=a399310d99b61eec4d3c0677573ab5dddcf9395d
-PKG_MIRROR_HASH:=71b05e70988b97865f734c698dd5564e349680556ccb8634a5bddf344012f22a
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
-PKG_SOURCE_URL:=https://github.com/sysrepo/libredblack.git
-PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION)
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=@SF/libredblack
+PKG_HASH:=a0ecc59b0aae2df01558a6950532c711a782a099277b439a51d270003092f44f
-PKG_BUILD_ROOT:=$(BUILD_DIR)/$(PKG_SOURCE_SUBDIR)
-PKG_BUILD_DIR:=$(PKG_BUILD_ROOT)
+PKG_MAINTAINER:=Mislav Novakovic <mislav.novakovic@sartura.hr>
+PKG_LICENSE:=GPL-2.0-or-later
+PKG_LICENSE_FILES:=COPYING
-PKG_FIXUP:=autoreconf
PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
SECTION:=libs
CATEGORY:=Libraries
TITLE:=RedBlack tree library
- URL:=$(PKG_SOURCE_URL)
+ URL:=http://libredblack.sourceforge.net/
endef
define Package/libredblack/description
RedBlack Balanced Tree Searching and Sorting Library.
endef
+CONFIGURE_ARGS += --without-rbgen
+
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libredblack.{so*,a,la} $(1)/usr/lib/
PKG_NAME:=libsigar
PKG_SOURCE_DATE:=2017-02-21
PKG_SOURCE_VERSION:=a6c61edf8c64e013411e8c9d753165cd03102c6e
-PKG_RELEASE:=1
+PKG_RELEASE:=3
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_DATE).tar.gz
-PKG_SOURCE_URL:=https://codeload.github.com/boundary/sigar/tar.gz/$(PKG_SOURCE_VERSION)?
-PKG_HASH:=5232f0fa994ab60ad4622364fad0297c0054e04f0cfec9c586b14e33bbc387da
-PKG_BUILD_DIR:=$(BUILD_DIR)/sigar-$(PKG_SOURCE_VERSION)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/boundary/sigar
+PKG_MIRROR_HASH:=5f017e10ab1d929c9dfb2937fef16a45962b60958cd1569573d18f00fcea290f
+PKG_MAINTAINER:=Amol Bhave <ambhave@fb.com>
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILE:=LICENSE
TITLE:=System Information Gatherer And Reporter
URL:=https://github.com/boundary/sigar
DEPENDS:=+libtirpc
- MAINTAINER:=Amol Bhave <ambhave@fb.com>
endef
define Package/libsigar/description
--- /dev/null
+--- a/src/sigar_util.c
++++ b/src/sigar_util.c
+@@ -954,14 +954,10 @@ int sigar_file2str(const char *fname, char *buffer, int buflen)
+ #define vsnprintf _vsnprintf
+ #endif
+
+-#ifdef WIN32
+-# define rindex strrchr
+-#endif
+-
+ static int proc_module_get_self(void *data, char *name, int len)
+ {
+ sigar_t *sigar = (sigar_t *)data;
+- char *ptr = rindex(name, '/');
++ char *ptr = strrchr(name, '/');
+
+ if (!ptr) {
+ return SIGAR_OK;
--- /dev/null
+--- a/src/os/linux/linux_sigar.c
++++ b/src/os/linux/linux_sigar.c
+@@ -23,6 +23,7 @@
+ #include <linux/param.h>
+ #include <sys/param.h>
+ #include <sys/stat.h>
++#include <sys/sysmacros.h>
+ #include <sys/times.h>
+ #include <sys/utsname.h>
+ #include <mntent.h>
include $(TOPDIR)/rules.mk
PKG_NAME:=libtasn1
-PKG_VERSION:=4.13
-PKG_RELEASE:=2
+PKG_VERSION:=4.14
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@GNU/$(PKG_NAME)
-PKG_HASH:=7e528e8c317ddd156230c4e31d082cd13e7ddeb7a54824be82632209550c8cca
+PKG_HASH:=9e604ba5c5c8ea403487695c2e407405820d98540d9de884d6e844f9a9c5ba08
PKG_MAINTAINER:=Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
-PKG_LICENSE:=LGPLv2.1+
+PKG_LICENSE:=LGPLv2.1-or-later
PKG_LICENSE_FILES:=COPYING.LIB
#PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
Distinguish Encoding Rules (DER) manipulation.
endef
+TARGET_CFLAGS += -ffunction-sections -fdata-sections
TARGET_LDFLAGS += -Wl,--gc-sections
CONFIGURE_ARGS += \
-#
+#
# Copyright (C) 2006-2018 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
PKG_NAME:=libtirpc
PKG_VERSION:=1.1.4
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_URL:=@SF/libtirpc
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
--- /dev/null
+--- a/src/auth_des.c
++++ b/src/auth_des.c
+@@ -396,7 +396,7 @@ authdes_validate(AUTH *auth, struct opaque_auth *rverf)
+ /*
+ * validate
+ */
+- if (bcmp((char *)&ad->ad_timestamp, (char *)&verf.adv_timestamp,
++ if (memcmp((char *)&ad->ad_timestamp, (char *)&verf.adv_timestamp,
+ sizeof(struct timeval)) != 0) {
+ LIBTIRPC_DEBUG(1, ("authdes_validate: verifier mismatch"));
+ return (FALSE);
+--- a/src/auth_time.c
++++ b/src/auth_time.c
+@@ -104,7 +104,7 @@ static int uaddr_to_sockaddr(uaddr, sin)
+ p_bytes[1] = (unsigned char)a[5] & 0x000000FF;
+
+ sin->sin_family = AF_INET; /* always */
+- bcopy((char *)&p_bytes, (char *)&sin->sin_port, 2);
++ memcpy((char *)&sin->sin_port, (char *)&p_bytes, 2);
+
+ return (0);
+ }
+--- a/src/crypt_client.c
++++ b/src/crypt_client.c
+@@ -75,8 +75,8 @@ _des_crypt_call(buf, len, dparms)
+ des_crypt_1_arg.desbuf.desbuf_val = buf;
+ des_crypt_1_arg.des_dir = dparms->des_dir;
+ des_crypt_1_arg.des_mode = dparms->des_mode;
+- bcopy(dparms->des_ivec, des_crypt_1_arg.des_ivec, 8);
+- bcopy(dparms->des_key, des_crypt_1_arg.des_key, 8);
++ memcpy(des_crypt_1_arg.des_ivec, dparms->des_ivec, 8);
++ memcpy(des_crypt_1_arg.des_key, dparms->des_key, 8);
+
+ result_1 = des_crypt_1(&des_crypt_1_arg, clnt);
+ if (result_1 == (desresp *) NULL) {
+@@ -88,8 +88,8 @@ _des_crypt_call(buf, len, dparms)
+
+ if (result_1->stat == DESERR_NONE ||
+ result_1->stat == DESERR_NOHWDEVICE) {
+- bcopy(result_1->desbuf.desbuf_val, buf, len);
+- bcopy(result_1->des_ivec, dparms->des_ivec, 8);
++ memcpy(buf, result_1->desbuf.desbuf_val, len);
++ memcpy(dparms->des_ivec, result_1->des_ivec, 8);
+ }
+
+ clnt_freeres(clnt, (xdrproc_t)xdr_desresp, result_1);
+--- a/src/svc_auth_des.c
++++ b/src/svc_auth_des.c
+@@ -145,7 +145,7 @@ _svcauth_des(rqst, msg)
+ return (AUTH_BADCRED);
+ }
+ cred->adc_fullname.name = area->area_netname;
+- bcopy((char *)ixdr, cred->adc_fullname.name,
++ memcpy(cred->adc_fullname.name, (char *)ixdr,
+ (u_int)namelen);
+ cred->adc_fullname.name[namelen] = 0;
+ ixdr += (RNDUP(namelen) / BYTES_PER_XDR_UNIT);
+@@ -419,7 +419,7 @@ cache_spot(key, name, timestamp)
+ if (cp->key.key.high == hi &&
+ cp->key.key.low == key->key.low &&
+ cp->rname != NULL &&
+- bcmp(cp->rname, name, strlen(name) + 1) == 0) {
++ memcmp(cp->rname, name, strlen(name) + 1) == 0) {
+ if (BEFORE(timestamp, &cp->laststamp)) {
+ svcauthdes_stats.ncachereplays++;
+ return (-1); /* replay */
PKG_NAME:=libxslt
PKG_VERSION:=1.1.33
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:= \
--- /dev/null
+From c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 27 Apr 2019 11:19:48 +0200
+Subject: [PATCH] Fix uninitialized read of xsl:number token
+
+Found by OSS-Fuzz.
+---
+ libxslt/numbers.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/libxslt/numbers.c b/libxslt/numbers.c
+index 89e1f668..75c31eba 100644
+--- a/libxslt/numbers.c
++++ b/libxslt/numbers.c
+@@ -382,7 +382,10 @@ xsltNumberFormatTokenize(const xmlChar *format,
+ tokens->tokens[tokens->nTokens].token = val - 1;
+ ix += len;
+ val = xmlStringCurrentChar(NULL, format+ix, &len);
+- }
++ } else {
++ tokens->tokens[tokens->nTokens].token = (xmlChar)'0';
++ tokens->tokens[tokens->nTokens].width = 1;
++ }
+ } else if ( (val == (xmlChar)'A') ||
+ (val == (xmlChar)'a') ||
+ (val == (xmlChar)'I') ||
+--
+2.21.0
+
--- /dev/null
+From 6ce8de69330783977dd14f6569419489875fb71b Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Mon, 3 Jun 2019 13:14:45 +0200
+Subject: [PATCH] Fix uninitialized read with UTF-8 grouping chars
+
+The character type in xsltFormatNumberConversion was too narrow and
+an invalid character/length combination could be passed to
+xsltNumberFormatDecimal, resulting in an uninitialized read.
+
+Found by OSS-Fuzz.
+---
+ libxslt/numbers.c | 5 +++--
+ tests/docs/bug-222.xml | 1 +
+ tests/general/bug-222.out | 2 ++
+ tests/general/bug-222.xsl | 6 ++++++
+ 4 files changed, 12 insertions(+), 2 deletions(-)
+ create mode 100644 tests/docs/bug-222.xml
+ create mode 100644 tests/general/bug-222.out
+ create mode 100644 tests/general/bug-222.xsl
+
+diff --git a/libxslt/numbers.c b/libxslt/numbers.c
+index f1ed8846..20b99d5a 100644
+--- a/libxslt/numbers.c
++++ b/libxslt/numbers.c
+@@ -1298,13 +1298,14 @@ OUTPUT_NUMBER:
+ number = floor((scale * number + 0.5)) / scale;
+ if ((self->grouping != NULL) &&
+ (self->grouping[0] != 0)) {
++ int gchar;
+
+ len = xmlStrlen(self->grouping);
+- pchar = xsltGetUTF8Char(self->grouping, &len);
++ gchar = xsltGetUTF8Char(self->grouping, &len);
+ xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0],
+ format_info.integer_digits,
+ format_info.group,
+- pchar, len);
++ gchar, len);
+ } else
+ xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0],
+ format_info.integer_digits,
+diff --git a/tests/docs/bug-222.xml b/tests/docs/bug-222.xml
+new file mode 100644
+index 00000000..69d62f2c
+--- /dev/null
++++ b/tests/docs/bug-222.xml
+@@ -0,0 +1 @@
++<doc/>
+diff --git a/tests/general/bug-222.out b/tests/general/bug-222.out
+new file mode 100644
+index 00000000..e3139698
+--- /dev/null
++++ b/tests/general/bug-222.out
+@@ -0,0 +1,2 @@
++<?xml version="1.0"?>
++1⠢0
+diff --git a/tests/general/bug-222.xsl b/tests/general/bug-222.xsl
+new file mode 100644
+index 00000000..e32dc473
+--- /dev/null
++++ b/tests/general/bug-222.xsl
+@@ -0,0 +1,6 @@
++<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
++ <xsl:decimal-format name="f" grouping-separator="⠢"/>
++ <xsl:template match="/">
++ <xsl:value-of select="format-number(10,'#⠢0','f')"/>
++ </xsl:template>
++</xsl:stylesheet>
+--
+2.21.0
+
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=lmdb
+PKG_VERSION:=0.9.23
+PKG_RELEASE:=1
+
+PKG_SOURCE:=LMDB_$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/LMDB/lmdb/tar.gz/LMDB_$(PKG_VERSION)?
+PKG_HASH:=abf42e91f046787ed642d9eb21812a5c473f3ba5854124484d16eadbe0aa9c81
+PKG_BUILD_DIR:=$(BUILD_DIR)/lmdb-LMDB_$(PKG_VERSION)
+
+PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec@nic.cz>
+PKG_LICENSE:=OLDAP-2.8
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_INSTALL:=1
+
+include $(INCLUDE_DIR)/package.mk
+MAKE_PATH:=libraries/liblmdb
+
+define Package/lmdb/Default
+ SECTION:=libs
+ CATEGORY:=Libraries
+ TITLE:=Lightning Memory-Mapped Database
+ URL:=https://symas.com/lmdb/
+endef
+
+define Package/lmdb
+ $(call Package/lmdb/Default)
+ TITLE+= shared library
+endef
+
+define Package/lmdb/description
+ LMDB is an ultra-fast, ultra-compact key-value
+ embedded data store developed for the OpenLDAP Project.
+endef
+
+define Package/lmdb-utils
+ $(call Package/lmdb/Default)
+ TITLE+= utils
+ MDEPENDS+= lmdb
+endef
+
+define Package/lmdb-utils/description
+ LMDB environment status and copy tool
+endef
+
+define Package/lmdb-test
+ $(call Package/lmdb/Default)
+ TITLE+= test
+ MDEPENDS+= lmdb
+endef
+
+define Package/lmdb-test/description
+ LMDB test application
+endef
+
+define Build/Prepare
+ $(call Build/Prepare/Default)
+ $(SED) 's,%%PKG_VERSION%%,$(PKG_VERSION),g' $(PKG_BUILD_DIR)/liblmdb.pc
+endef
+
+define Build/Compile
+ $(MAKE) -C "$(PKG_BUILD_DIR)/$(MAKE_PATH)/" \
+ CC="$(TARGET_CC)" \
+ CFLAGS+="$(TARGET_CFLAGS)" \
+ LDFLAGS+="$(TARGET_LDFLAGS)" \
+ FPIC="$(FPIC)"
+endef
+
+define Build/InstallDev
+ $(INSTALL_DIR) $(1)/usr/include
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_BUILD_DIR)/$(MAKE_PATH)/lmdb.h $(1)/usr/include
+ $(CP) $(PKG_BUILD_DIR)/$(MAKE_PATH)/liblmdb.{a,so} $(1)/usr/lib
+ $(INSTALL_DIR) $(1)/usr/lib/pkgconfig/
+ $(CP) $(PKG_BUILD_DIR)/liblmdb.pc $(1)/usr/lib/pkgconfig/lmdb.pc
+endef
+
+define Package/lmdb/install
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/local/lib/*.so $(1)/usr/lib
+endef
+
+define Package/lmdb-utils/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/local/bin/mdb_{stat,copy,dump,load} $(1)/usr/bin
+endef
+
+define Package/lmdb-test/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/$(MAKE_PATH)/mtest $(1)/usr/bin
+endef
+
+$(eval $(call BuildPackage,lmdb))
+$(eval $(call BuildPackage,lmdb-utils))
+$(eval $(call BuildPackage,lmdb-test))
--- /dev/null
+--- a/libraries/liblmdb/Makefile
++++ b/libraries/liblmdb/Makefile
+@@ -34,6 +34,7 @@ libdir = $(exec_prefix)/lib
+ includedir = $(prefix)/include
+ datarootdir = $(prefix)/share
+ mandir = $(datarootdir)/man
++FPIC ?= -fPIC
+
+ ########################################################################
+
+@@ -86,10 +87,10 @@ midl.o: midl.c midl.h
+ $(CC) $(CFLAGS) $(CPPFLAGS) -c midl.c
+
+ mdb.lo: mdb.c lmdb.h midl.h
+- $(CC) $(CFLAGS) -fPIC $(CPPFLAGS) -c mdb.c -o $@
++ $(CC) $(CFLAGS) $(FPIC) $(CPPFLAGS) -c mdb.c -o $@
+
+ midl.lo: midl.c midl.h
+- $(CC) $(CFLAGS) -fPIC $(CPPFLAGS) -c midl.c -o $@
++ $(CC) $(CFLAGS) $(FPIC) $(CPPFLAGS) -c midl.c -o $@
+
+ %: %.o
+ $(CC) $(CFLAGS) $(LDFLAGS) $^ $(LDLIBS) -o $@
--- /dev/null
+prefix=/usr
+exec_prefix=/usr
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+
+
+Name: Lightning Memory-Mapped Database
+Description: Lightning Memory-Mapped Database
+Version: %%PKG_VERSION%%
+Requires:
+Libs: -L${libdir} -llmdb
+Cflags: -I${includedir}
PKG_INSTALL:=1
+PKG_CONFIG_DEPENDS := CONFIG_PACKAGE_libpcrecpp
+
include $(INCLUDE_DIR)/uclibc++.mk
include $(INCLUDE_DIR)/package.mk
SECTION:=libs
CATEGORY:=Libraries
URL:=https://www.pcre.org/
- DEPENDS:=$(CXX_DEPENDS)
endef
define Package/libpcre
define Package/libpcrecpp
$(call Package/libpcre/default)
TITLE:=C++ wrapper for Perl Compatible Regular Expression library
- DEPENDS:=+libpcre
+ DEPENDS:=+libpcre $(CXX_DEPENDS)
endef
TARGET_CFLAGS += $(FPIC)
--enable-unicode-properties \
--enable-pcre16 \
--with-match-limit-recursion=16000 \
- --enable-cpp
-
+ $(if $(CONFIG_PACKAGE_libpcrecpp),--enable,--disable)-cpp
MAKE_FLAGS += \
CFLAGS="$(TARGET_CFLAGS)"
DEPENDS:=+libpthread
TITLE:=PostgreSQL client library
URL:=http://www.postgresql.org/
- SUBMENU:=database
+ SUBMENU:=Database
endef
define Package/libpq/description
DEPENDS:=+libncursesw +libpq +libreadline +librt +zlib
TITLE:=Command Line Interface (CLI) to PostgreSQL databases
URL:=http://www.postgresql.org/
- SUBMENU:=database
+ SUBMENU:=Database
endef
define Package/pgsql-cli/description
DEPENDS:=+libncursesw +libpq +libreadline +librt +zlib
TITLE:=Command Line extras for PostgreSQL databases
URL:=http://www.postgresql.org/
- SUBMENU:=database
+ SUBMENU:=Database
endef
define Package/pgsql-cli-extra/description
DEPENDS:=+pgsql-cli
TITLE:=PostgreSQL databases Server
URL:=http://www.postgresql.org/
- SUBMENU:=database
+ SUBMENU:=Database
USERID:=postgres=5432:postgres=5432
endef
--with-libpq=$(STAGING_DIR)/usr
define Package/psqlodbc/Default
- SUBMENU:=database
+ SUBMENU:=Database
URL:=https://odbc.postgresql.org/
SECTION:=libs
CATEGORY:=Libraries
include $(INCLUDE_DIR)/package.mk
define Package/sqlite3/Default
- SUBMENU:=database
+ SUBMENU:=Database
TITLE:=SQLite (v3.x) database engine
URL:=http://www.sqlite.org/
MAINTAINER:=Sebastian Kemper <sebastian_ml@gmx.net>
include $(INCLUDE_DIR)/version.mk
define Package/tdb
- SUBMENU:=database
+ SUBMENU:=Database
SECTION:=libs
CATEGORY:=Libraries
TITLE:=Trivial Database
--includedir=$(STAGING_DIR)/usr/include
define Package/unixodbc/Default
- SUBMENU:=database
+ SUBMENU:=Database
TITLE:=unixODBC
URL:=http://www.unixodbc.org
endef
-#
+#
# Copyright (C) 2014, 2015 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
PKG_NAME:=yajl
PKG_VERSION:=2.1.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/lloyd/yajl
+PKG_SOURCE_VERSION:=$(PKG_VERSION)
+PKG_MIRROR_HASH:=0cd74320be0270a07931e42d2f14f87a8b3fb664ecb5db58b0e838886211ab1f
+
PKG_MAINTAINER:=Charles Southerland <charlie@stuphlabs.com>
PKG_LICENSE:=ISC
PKG_LICENSE_FILES:=COPYING
-PKG_REV:=66cb08ca2ad8581080b626a75dfca266a890afb2
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_MIRROR_HASH:=95bfdb37f864318fc3c2ee736a747d4902d279a88f361770c89e60ff5e1d6f63
-PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=$(PKG_REV)
-PKG_SOURCE_URL:=git://github.com/lloyd/yajl.git
-PKG_SOURCE_PROTO:=git
+PKG_BUILD_PARALLEL:=1
+CMAKE_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk
SECTION:=libs
CATEGORY:=Libraries
TITLE:=Yet Another JSON Library
- URL:=http://lloyd.github.io/yajl
+ URL:=https://lloyd.github.io/yajl
endef
define Package/yajl/description
YAJL was created by Lloyd Hilaiel.
endef
-PKG_INSTALL:=1
-
-CMAKE_OPTIONS += \
- -DCMAKE_BUILD_TYPE:String="Release"
-
-define Build/InstallDev
- $(INSTALL_DIR) $(1)/usr/include
- $(CP) $(PKG_INSTALL_DIR)/usr/include/yajl $(1)/usr/include/
- $(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libyajl.so* $(1)/usr/lib/
-endef
-
define Package/yajl/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libyajl.so* $(1)/usr/lib/
-#
+#
# Copyright (C) 2016 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
include $(TOPDIR)/rules.mk
PKG_NAME:=zeromq
-PKG_VERSION:=4.1.6
+PKG_VERSION:=4.1.7
PKG_RELEASE:=2
-PKG_MAINTAINER:=Dirk Chang <dirk@kooiot.com>
-PKG_LICENSE:=GPL-3.0+
-PKG_LICENSE_FILES:=LICENCE.txt
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/zeromq/zeromq4-1/releases/download/v$(PKG_VERSION)
-PKG_HASH:=02ebf60a43011e770799336365bcbce2eb85569e9b5f52aa0d8cc04672438a0a
-
+PKG_HASH:=31c383cfcd3be1dc8a66e448c403029e793687e70473b89c4cc0bd626e7da299
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_FIXUP:=autoreconf
+PKG_MAINTAINER:=Dirk Chang <dirk@kooiot.com>
+PKG_LICENSE:=GPL-3.0-or-later
+PKG_LICENSE_FILES:=LICENCE.txt
+PKG_CPE_ID:=cpe:/a:zeromq:libzmq
PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
+PKG_REMOVE_FILES:=autogen.sh acinclude.m4 aclocal.m4
-
-include $(INCLUDE_DIR)/uclibc++.mk
include $(INCLUDE_DIR)/package.mk
define Package/libzmq/default
URL:=http://www.zeromq.org/
SECTION:=libs
CATEGORY:=Libraries
- DEPENDS:=+libuuid +libpthread +librt $(CXX_DEPENDS)
+ DEPENDS:=+libuuid +libpthread +librt +libstdcpp
PROVIDES:=libzmq
endef
# add extra configure flags here
CONFIGURE_ARGS += \
--enable-static \
- --enable-shared
+ --enable-shared \
+ --with-pic \
+ --with-relaxed \
+ --without-documentation
ifeq ($(BUILD_VARIANT),curve)
CONFIGURE_ARGS+= --with-libsodium
CONFIGURE_ARGS+= --without-libsodium
endif
+TARGET_CXXFLAGS += -Wno-error=cpp
+
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/zmq.h $(1)/usr/include
+++ /dev/null
---- a/configure.ac
-+++ b/configure.ac
-@@ -150,8 +150,10 @@ case "${host_os}" in
- *linux*)
- # Define on Linux to enable all library features. Define if using a gnu compiler
- if test "x$GXX" = "xyes"; then
-- CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS"
-+ CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS -Wno-long-long"
- fi
-+ libzmq_pedantic="no"
-+ libzmq_werror="no"
- AC_DEFINE(ZMQ_HAVE_LINUX, 1, [Have Linux OS])
- libzmq_on_linux="yes"
-
metadata_t (const dict_t &dict);
virtual ~metadata_t ();
---- a/src/socket_base.cpp
-+++ b/src/socket_base.cpp
-@@ -30,6 +30,7 @@
- #include <new>
- #include <string>
- #include <algorithm>
-+#include <ctype.h>
-
- #include "platform.hpp"
-
--- a/src/stream_engine.cpp
+++ b/src/stream_engine.cpp
@@ -208,7 +208,11 @@ void zmq::stream_engine_t::plug (io_thread_t *io_thread_,
zmq_assert (metadata == NULL);
metadata = new (std::nothrow) metadata_t (properties);
}
-@@ -815,7 +815,11 @@ void zmq::stream_engine_t::mechanism_ready ()
+@@ -824,7 +828,11 @@ void zmq::stream_engine_t::mechanism_ready ()
// If we have a peer_address, add it to metadata
if (!peer_address.empty()) {
--- /dev/null
+--- a/src/signaler.cpp
++++ b/src/signaler.cpp
+@@ -86,7 +86,8 @@ static int sleep_ms (unsigned int ms_)
+ usleep (ms_ * 1000);
+ return 0;
+ #else
+- return usleep (ms_ * 1000);
++ const struct timespec req = {0, (long int)ms_ * 1000 * 1000};
++ return nanosleep (&req, NULL);
+ #endif
+ }
+
+--- a/src/tcp_address.cpp
++++ b/src/tcp_address.cpp
+@@ -29,6 +29,7 @@
+
+ #include <string>
+ #include <sstream>
++#include <ctime>
+
+ #include "tcp_address.hpp"
+ #include "platform.hpp"
+@@ -194,7 +195,8 @@ int zmq::tcp_address_t::resolve_nic_name (const char *nic_, bool ipv6_, bool is_
+ rc = getifaddrs (&ifa);
+ if (rc == 0 || (rc < 0 && errno != ECONNREFUSED))
+ break;
+- usleep ((backoff_msec << i) * 1000);
++ const struct timespec req = {0, (backoff_msec << i) * 1000 * 1000};
++ nanosleep (&req, NULL);
+ }
+ errno_assert (rc == 0);
+ zmq_assert (ifa != NULL);
+--- a/src/zmq.cpp
++++ b/src/zmq.cpp
+@@ -692,7 +692,8 @@ int zmq_poll (zmq_pollitem_t *items_, int nitems_, long timeout_)
+ usleep (timeout_ * 1000);
+ return 0;
+ #else
+- return usleep (timeout_ * 1000);
++ const struct timespec req = {0, timeout_ * 1000 * 1000};
++ return nanosleep (&req, NULL);
+ #endif
+ }
+
+@@ -852,7 +853,8 @@ int zmq_poll (zmq_pollitem_t *items_, int nitems_, long timeout_)
+ Sleep (timeout_ > 0 ? timeout_ : INFINITE);
+ return 0;
+ #else
+- return usleep (timeout_ * 1000);
++ const struct timespec req = {0, timeout_ * 1000 * 1000};
++ return nanosleep (&req, NULL);
+ #endif
+ }
+ zmq::clock_t clock;
include $(TOPDIR)/rules.mk
PKG_NAME:=graphicsmagick
-PKG_VERSION:=1.3.32
+PKG_VERSION:=1.3.33
PKG_RELEASE:=1
PKG_BUILD_DIR:=$(BUILD_DIR)/GraphicsMagick-$(PKG_VERSION)
PKG_SOURCE:=GraphicsMagick-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=@SF/graphicsmagick
-PKG_HASH:=d1f70bc6d41de922199ce6b0a04af7b3492b2fc4a2be6ee24e0af4e15250db0a
+PKG_HASH:=d18aaca2d79a10270d49ad1aaa01dce24752f7548880138d59874a78ac62e11f
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=Copyright.txt
PKG_NAME:=imagemagick
PKG_VERSION:=7.0.8
-PKG_REVISION:=49
+PKG_REVISION:=59
PKG_RELEASE:=1
PKG_MAINTAINER:=Val Kulkov <val.kulkov@gmail.com>
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_REVISION).tar.gz
PKG_SOURCE_URL:=http://github.com/ImageMagick/ImageMagick/archive/$(PKG_VERSION)-$(PKG_REVISION)
-PKG_HASH:=53f7963bbe81520e799e9e178a13757890ed43bc9faf2e86fae1cf58aea28575
+PKG_HASH:=238ee17196fcb80bb58485910aaefc12d48f99e4043c2a28f06ff9588161c4e3
PKG_BUILD_DIR:=$(BUILD_DIR)/ImageMagick-$(PKG_VERSION)-$(PKG_REVISION)
PKG_LICENSE:=Apache-2.0
include $(TOPDIR)/rules.mk
PKG_NAME:=youtube-dl
-PKG_VERSION:=2019.7.16
+PKG_VERSION:=2019.8.2
PKG_RELEASE:=1
PKG_SOURCE:=youtube_dl-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://files.pythonhosted.org/packages/source/y/youtube_dl/
-PKG_HASH:=867651dbfc0cefd19bfa0750ce97c43e8436b2de414675d3211615840d6833ca
+PKG_HASH:=73b8528782f507dc506422557c940842e1e514ffaf0b010d82642cb2ceeefdf7
PKG_BUILD_DIR:=$(BUILD_DIR)/youtube_dl-$(PKG_VERSION)
PKG_MAINTAINER:=Adrian Panella <ianchi74@outlook.com>, Josef Schlehofer <pepe.schlehofer@gmail.com>
DEPENDS += +libnl-core +libnl-genl +zlib
TITLE:=WLAN tools (without airmon-ng) for breaking 802.11 WEP/WPA keys
URL:=https://www.aircrack-ng.org/
- SUBMENU:=wireless
+ SUBMENU:=Wireless
endef
define Package/aircrack-ng/description
DEPENDS:=+wireless-tools +ethtool +procps-ng +CONFIG_PCI_SUPPORT:pciutils +CONFIG_USB_SUPPORT:usbutils
TITLE:=Bash script designed to turn wireless cards into monitor mode.
URL:=http://www.aircrack-ng.org/
- SUBMENU:=wireless
+ SUBMENU:=Wireless
endef
define Package/airmon-ng/description
include $(TOPDIR)/rules.mk
PKG_NAME:=banip
-PKG_VERSION:=0.1.4
+PKG_VERSION:=0.1.5
PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0+
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
* supports blocking by ASN numbers
* supports blocking by iso country codes
* supports local white & blacklist (IPv4, IPv6 & CIDR notation), located by default in /etc/banip/banip.whitelist and /etc/banip/banip.blacklist
-* auto-add unsuccessful ssh login attempts to local blacklist
-* auto-add the uplink subnet to local whitelist
+* auto-add unsuccessful ssh login attempts to local blacklist (see 'ban_autoblacklist' option)
+* auto-add the uplink subnet to local whitelist (see 'ban_autowhitelist' option)
* per source configuration of SRC (incoming) and DST (outgoing)
* integrated IPSet-Lookup
* integrated RIPE-Lookup
* ban\_iface => space separated list of WAN network interface(s)/device(s) used by banIP (default: automatically set by banIP ('ban_automatic'))
* the following options apply to the 'extra' config section:
- * ban\_debug => enable/disable banIP debug output (default: '0', disabled)
+ * ban\_debug => enable/disable banIP debug output (bool/default: '0', disabled)
* ban\_nice => set the nice level of the banIP process and all sub-processes (int/default: '0', standard priority)
* ban\_triggerdelay => additional trigger delay in seconds before banIP processing begins (int/default: '2')
* ban\_backup => create compressed blocklist backups, they will be used in case of download errors or during startup in 'backup mode' (bool/default: '0', disabled)
* ban\_backupboot => do not automatically update blocklists during startup, use their backups instead (bool/default: '0', disabled)
* ban\_maxqueue => size of the download queue to handle downloads & IPSet processing in parallel (int/default: '8')
* ban\_fetchparm => special config options for the download utility (default: not set)
+ * ban\_autoblacklist => store auto-addons temporary in ipset and permanently in local blacklist as well (bool/default: '1', enabled)
+ * ban\_autowhitelist => store auto-addons temporary in ipset and permanently in local whitelist as well (bool/default: '1', enabled)
## Examples
**receive banIP runtime information:**
-# banIP configuration, for further information
-# see 'https://github.com/openwrt/packages/blob/master/net/banip/files/README.md'
config banip 'global'
option ban_enabled '0'
option ban_src_ruletype 'src'
option ban_src_on '0'
-config source 'zeus'
- option ban_src 'https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist'
- option ban_src_desc 'Zeus Tracker by abuse.ch (IPv4)'
- option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3})([[:space:]]|$)/{print \"add zeus \"\$1}'
- option ban_src_settype 'ip'
- option ban_src_ruletype 'src'
- option ban_src_on '0'
-
config source 'sslbl'
option ban_src 'https://sslbl.abuse.ch/blacklist/sslipblacklist.csv'
option ban_src_desc 'SSL Blacklist by abuse.ch (IPv4)'
stop_service()
{
rc_procd "${ban_script}" stop
- rc_procd start_service
}
status()
#
LC_ALL=C
PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-ban_ver="0.1.4"
+ban_ver="0.1.5"
ban_sysver="unknown"
ban_enabled=0
ban_automatic="1"
ban_backupboot=0
ban_backupdir="/mnt"
ban_maxqueue=4
+ban_autoblacklist=1
+ban_autowhitelist=1
ban_fetchutil="uclient-fetch"
ban_ip="$(command -v ip)"
ban_ipt="$(command -v iptables)"
if [ -z "$(grep -F "${ip}" "${src_url}")" ]
then
printf '%s\n' "${ip}" >> "${tmp_load}"
- printf '%s\n' "${ip}" >> "${src_url}"
+ if { [ "${src_name//_*/}" = "blacklist" ] && [ "${ban_autoblacklist}" -eq 1 ]; } || \
+ { [ "${src_name//_*/}" = "whitelist" ] && [ "${ban_autowhitelist}" -eq 1 ]; }
+ then
+ printf '%s\n' "${ip}" >> "${src_url}"
+ fi
fi
done
elif [ -n "${src_cat}" ]
include $(TOPDIR)/rules.mk
PKG_NAME:=cifsd-tools
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/cifsd-team/cifsd-tools.git
PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=COPYING
-PKG_INSTALL:=1
PKG_FIXUP:=autoreconf
-PKG_REMOVE_FILES:=autogen.sh aclocal.m4
+PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
+PKG_REMOVE_FILES:=autogen.sh
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/nls.mk
define Package/cifsd-tools/conffiles
/etc/config/cifsd
-/etc/cifs/smb.conf.template
+/etc/cifs/smb.conf.template
/etc/cifs/smb.conf
/etc/cifs/cifsdpwd.db
-endef
+endef
$(eval $(call BuildPackage,cifsd-tools))
config_get CIFSD_IFACE $1 interface "lan"
# resolve interfaces
- local interfaces=$(
+ local interfaces
+ interfaces=$(
. /lib/functions/network.sh
local net
)
local workgroup description
- local hostname="$(cat /proc/sys/kernel/hostname)"
+ local hostname
+ hostname="$(cat /proc/sys/kernel/hostname)"
config_get workgroup $1 workgroup "WORKGROUP"
config_get description $1 description "Cifsd on OpenWrt"
/etc/cifs/smb.conf.template > /var/etc/cifs/smb.conf
[ -e /etc/cifs/smb.conf ] || ln -nsf /var/etc/cifs/smb.conf /etc/cifs/smb.conf
-
+
if [ ! -L /etc/cifs/smb.conf ]; then
logger -t 'cifsd' "Local custom /etc/cifs/smb.conf file detected, all UCI/Luci config settings are ignored!"
fi
config_get_bool hide_dot_files $1 hide_dot_files 0
config_get veto_files $1 veto_files
- [ -z "$name" -o -z "$path" ] && return
+ [ -z "$name" ] || [ -z "$path" ] && return
- echo -e "\n[$name]\n\tpath = $path" >> /var/etc/cifs/smb.conf
- [ -n "$comment" ] && echo -e "\tcomment = $comment" >> /var/etc/cifs/smb.conf
-
- if [ "$force_root" -eq 1 ]; then
- echo -e "\tforce user = root" >> /var/etc/cifs/smb.conf
- echo -e "\tforce group = root" >> /var/etc/cifs/smb.conf
- else
- [ -n "$users" ] && echo -e "\tvalid users = $users" >> /var/etc/cifs/smb.conf
- fi
+ {
+ printf "\n[%s]\n\tpath = %s\n" "$name" "$path"
+ [ -n "$comment" ] && printf "\tcomment = %s\n" "$comment"
+
+ if [ "$force_root" -eq 1 ]; then
+ printf "\tforce user = %s\n" "root"
+ printf "\tforce group = %s\n" "root"
+ else
+ [ -n "$users" ] && printf "\tvalid users = %s\n" "$users"
+ fi
- [ -n "$create_mask" ] && echo -e "\tcreate mask = $create_mask" >> /var/etc/cifs/smb.conf
- [ -n "$dir_mask" ] && echo -e "\tdirectory mask = $dir_mask" >> /var/etc/cifs/smb.conf
+ [ -n "$create_mask" ] && printf "\tcreate mask = %s\n" "$create_mask"
+ [ -n "$dir_mask" ] && printf "\tdirectory mask = %s\n" "$dir_mask"
- [ -n "$browseable" ] && echo -e "\tbrowseable = $browseable" >> /var/etc/cifs/smb.conf
- [ -n "$read_only" ] && echo -e "\tread only = $read_only" >> /var/etc/cifs/smb.conf
- [ -n "$writeable" ] && echo -e "\twriteable = $writeable" >> /var/etc/cifs/smb.conf
- [ -n "$guest_ok" ] && echo -e "\tguest ok = $guest_ok" >> /var/etc/cifs/smb.conf
+ [ -n "$browseable" ] && printf "\tbrowseable = %s\n" "$browseable"
+ [ -n "$read_only" ] && printf "\tread only = %s\n" "$read_only"
+ [ -n "$writeable" ] && printf "\twriteable = %s\n" "$writeable"
+ [ -n "$guest_ok" ] && printf "\tguest ok = %s\n" "$guest_ok"
- [ -n "$write_list" ] && echo -e "\twrite list = $write_list" >> /var/etc/cifs/smb.conf
- [ -n "$read_list" ] && echo -e "\tread list = $read_list" >> /var/etc/cifs/smb.conf
+ [ -n "$write_list" ] && printf "\twrite list = %s\n" "$write_list"
+ [ -n "$read_list" ] && printf "\tread list = %s\n" "$read_list"
- [ "$hide_dot_files" -eq 1 ] && echo -e "\thide dot files = yes" >> /var/etc/cifs/smb.conf
- [ -n "$veto_files" ] && echo -e "\tveto files = $veto_files" >> /var/etc/cifs/smb.conf
+ [ "$hide_dot_files" -eq 1 ] && printf "\thide dot files = %s\n" "yes"
+ [ -n "$veto_files" ] && printf "\tveto files = %s\n" "$veto_files"
+ } >> /var/etc/cifs/smb.conf
}
init_config()
service_triggers()
{
PROCD_RELOAD_DELAY=2000
-
+
procd_add_reload_trigger "dhcp" "system" "cifsd"
-
+
local i
for i in $CIFSD_IFACE; do
procd_add_reload_interface_trigger $i
start_service()
{
init_config
-
+
if [ ! -e /etc/cifs/smb.conf ]; then
logger -t 'cifsd' "missing config /etc/cifs/smb.conf, needs to-be created manually!"
exit 1
fi
[ -f /tmp/cifsd.lock ] && rm /tmp/cifsd.lock
-
+
# try remove again before start
- if (lsmod | grep cifsd &>/dev/null); then
- rmmod cifsd &>/dev/null
- fi
- modprobe cifsd 2>/dev/null
- if ! (lsmod | grep cifsd &>/dev/null); then
- logger -t 'cifsd' "modprobe of cifsd module failed, cant start cifsd!"
+ [ -e /sys/module/cifsd ] && rmmod cifsd > /dev/null 2>&1
+
+ modprobe cifsd 2> /dev/null
+ if [ ! -e /sys/module/cifsd ]; then
+ logger -t 'cifsd' "modprobe of cifsd module failed, can\'t start cifsd!"
exit 1
fi
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=dnstop
+PKG_RELEASE:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/measurement-factory/dnstop.git
+PKG_SOURCE_DATE:=2018-05-22
+PKG_SOURCE_VERSION:=a5a5d2e2ca9a433bb8f017682ac6f2085741bdf8
+PKG_MIRROR_HASH:=1fe443c6faf1726aeb86a53a3a44efce23cad604304036371e76ff020eb0dac2
+
+PKG_MAINTAINER:=Ken Xu <windedge99@gmail.com>
+PKG_LICENSE:=NLPL
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/dnstop
+ SECTION:=net
+ CATEGORY:=Network
+ DEPENDS:=+libpcap +libncurses
+ TITLE:=stay on top of your dns traffic
+ URL:=http://dns.measurement-factory.com/tools/dnstop/
+endef
+
+define Package/dnstop/description
+ dnstop is a libpcap application (like tcpdump) that displays various tables of DNS traffic on your network
+endef
+
+define Package/dnstop/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/dnstop $(1)/usr/bin/
+endef
+
+$(eval $(call BuildPackage,dnstop))
--- /dev/null
+--- a/dnstop.c
++++ b/dnstop.c
+@@ -71,11 +71,6 @@ static const char *Version = "@VERSION@"
+ #define ETHERTYPE_IPV6 0x86DD
+ #endif
+
+-#if defined(__linux__) || defined(__GLIBC__) || defined(__GNU__)
+-#define uh_dport dest
+-#define uh_sport source
+-#endif
+-
+ typedef struct {
+ inX_addr src;
+ int count;
define Package/dynapoint
SECTION:=net
CATEGORY:=Network
- SUBMENU:=wireless
+ SUBMENU:=Wireless
DEPENDS:=+lua +libubus-lua +libuci-lua +libubox-lua +luci-lib-nixio
TITLE:=Dynamic access point manager
PKGARCH:=all
PKG_NAME:=fastd
PKG_VERSION:=18
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_MAINTAINER:=Matthias Schiffer <mschiffer@universe-factory.net>
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
--- /dev/null
+From 9710132c04cd378bd36f16a2a3d98d9c4c5fdbac Mon Sep 17 00:00:00 2001
+From: David Bauer <mail@david-bauer.net>
+Date: Thu, 25 Jul 2019 18:51:25 +0200
+Subject: [PATCH] resolve: fix segmentation fault with musl >1.1.20
+
+When compiled with musl >1.1.20, fastd will crash in case it can't
+resolve a peers hostname. This is due to a changed implementation of
+freeaddrinfo in musl 1.1.21 onwards.
+
+This segfault is fixed by not calling freeaddrinfo in case the supplied
+pointer is null.
+
+Signed-off-by: David Bauer <mail@david-bauer.net>
+---
+ src/resolve.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/resolve.c b/src/resolve.c
+index 9bdfa1c..bfd2a59 100644
+--- a/src/resolve.c
++++ b/src/resolve.c
+@@ -104,7 +104,9 @@ static void * resolve_peer(void *varg) {
+
+ fastd_async_enqueue(ASYNC_TYPE_RESOLVE_RETURN, ret, sizeof(fastd_async_resolve_return_t) + n_addr*sizeof(fastd_peer_address_t));
+
+- freeaddrinfo(res);
++ if (res)
++ freeaddrinfo(res);
++
+ free(arg->hostname);
+ free(arg);
+
+--
+2.20.1
+
include $(TOPDIR)/rules.mk
PKG_NAME:=frp
-PKG_VERSION:=0.27.0
-PKG_RELEASE:=2
+PKG_VERSION:=0.28.0
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/fatedier/frp/tar.gz/v${PKG_VERSION}?
-PKG_HASH:=5d2efd5d924c7a7f84a9f2838de6ab9b7d5ca070ab243edd404a5ca80237607c
+PKG_HASH:=61afbd0e84fc1ab92eacce5a642e2590d1b8c1a972a78f6499165c1778aa62cf
PKG_MAINTAINER:=Richard Yu <yurichard3839@gmail.com>
PKG_LICENSE:=Apache-2.0
# https://github.com/fatedier/frp#configuration-file-template
# list env 'ENV_NAME=value'
# Config files include in temporary config file.
-# list conf_inc '/etc/frp/frps.d/frpc_full.ini'
+# list conf_inc '/etc/frp/frpc.d/frpc_full.ini'
config conf 'common'
option server_addr 127.0.0.1
include $(TOPDIR)/rules.mk
PKG_NAME:=go-ethereum
-PKG_VERSION:=1.8.27
-PKG_RELEASE:=2
+PKG_VERSION:=1.9.1
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/ethereum/go-ethereum/tar.gz/v${PKG_VERSION}?
-PKG_HASH:=45d264106991d0e2a4c34ac5d6539fc9460c768fc70588ea38a25f467039ece8
+PKG_HASH:=7394ae0eeac4b2aafa4bd56eef18c077088770bbce0962b215607b44369a5430
PKG_MAINTAINER:=Mislav Novakovic <mislav.novakovic@sartura.hr>
-PKG_LICENSE:=GPL-3 LGPL-3
+PKG_LICENSE:=GPL-3-or-later LGPL-3-or-later
PKG_LICENSE_FILES:=COPYING COPYING.LESSER
PKG_BUILD_DEPENDS:=golang/host
+++ /dev/null
-From 39bd2609ca730b3b628003b3f938aed7d49132ab Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?P=C3=A9ter=20Szil=C3=A1gyi?= <peterke@gmail.com>
-Date: Thu, 28 Feb 2019 14:53:44 +0200
-Subject: [PATCH] crypto/bn256/cloudflare: pull in upstream fix for Go 1.12 R18
-
----
- crypto/bn256/cloudflare/mul_arm64.h | 32 ++++++++++++++---------------
- 1 file changed, 16 insertions(+), 16 deletions(-)
-
-diff --git a/crypto/bn256/cloudflare/mul_arm64.h b/crypto/bn256/cloudflare/mul_arm64.h
-index 75d52217311..d405eb8f728 100644
---- a/crypto/bn256/cloudflare/mul_arm64.h
-+++ b/crypto/bn256/cloudflare/mul_arm64.h
-@@ -12,7 +12,7 @@
- UMULH R1, R8, c4 \
- ADCS ZR, c4 \
- \
-- MUL R2, R5, R25 \
-+ MUL R2, R5, R1 \
- UMULH R2, R5, R26 \
- MUL R2, R6, R0 \
- ADDS R0, R26 \
-@@ -24,13 +24,13 @@
- ADCS R0, R29 \
- UMULH R2, R8, c5 \
- ADCS ZR, c5 \
-- ADDS R25, c1 \
-+ ADDS R1, c1 \
- ADCS R26, c2 \
- ADCS R27, c3 \
- ADCS R29, c4 \
- ADCS ZR, c5 \
- \
-- MUL R3, R5, R25 \
-+ MUL R3, R5, R1 \
- UMULH R3, R5, R26 \
- MUL R3, R6, R0 \
- ADDS R0, R26 \
-@@ -42,13 +42,13 @@
- ADCS R0, R29 \
- UMULH R3, R8, c6 \
- ADCS ZR, c6 \
-- ADDS R25, c2 \
-+ ADDS R1, c2 \
- ADCS R26, c3 \
- ADCS R27, c4 \
- ADCS R29, c5 \
- ADCS ZR, c6 \
- \
-- MUL R4, R5, R25 \
-+ MUL R4, R5, R1 \
- UMULH R4, R5, R26 \
- MUL R4, R6, R0 \
- ADDS R0, R26 \
-@@ -60,7 +60,7 @@
- ADCS R0, R29 \
- UMULH R4, R8, c7 \
- ADCS ZR, c7 \
-- ADDS R25, c3 \
-+ ADDS R1, c3 \
- ADCS R26, c4 \
- ADCS R27, c5 \
- ADCS R29, c6 \
-@@ -69,15 +69,15 @@
- #define gfpReduce() \
- \ // m = (T * N') mod R, store m in R1:R2:R3:R4
- MOVD ·np+0(SB), R17 \
-- MOVD ·np+8(SB), R18 \
-+ MOVD ·np+8(SB), R25 \
- MOVD ·np+16(SB), R19 \
- MOVD ·np+24(SB), R20 \
- \
- MUL R9, R17, R1 \
- UMULH R9, R17, R2 \
-- MUL R9, R18, R0 \
-+ MUL R9, R25, R0 \
- ADDS R0, R2 \
-- UMULH R9, R18, R3 \
-+ UMULH R9, R25, R3 \
- MUL R9, R19, R0 \
- ADCS R0, R3 \
- UMULH R9, R19, R4 \
-@@ -86,9 +86,9 @@
- \
- MUL R10, R17, R21 \
- UMULH R10, R17, R22 \
-- MUL R10, R18, R0 \
-+ MUL R10, R25, R0 \
- ADDS R0, R22 \
-- UMULH R10, R18, R23 \
-+ UMULH R10, R25, R23 \
- MUL R10, R19, R0 \
- ADCS R0, R23 \
- ADDS R21, R2 \
-@@ -97,7 +97,7 @@
- \
- MUL R11, R17, R21 \
- UMULH R11, R17, R22 \
-- MUL R11, R18, R0 \
-+ MUL R11, R25, R0 \
- ADDS R0, R22 \
- ADDS R21, R3 \
- ADCS R22, R4 \
-@@ -107,19 +107,19 @@
- \
- \ // m * N
- loadModulus(R5,R6,R7,R8) \
-- mul(R17,R18,R19,R20,R21,R22,R23,R24) \
-+ mul(R17,R25,R19,R20,R21,R22,R23,R24) \
- \
- \ // Add the 512-bit intermediate to m*N
-- MOVD ZR, R25 \
-+ MOVD ZR, R0 \
- ADDS R9, R17 \
-- ADCS R10, R18 \
-+ ADCS R10, R25 \
- ADCS R11, R19 \
- ADCS R12, R20 \
- ADCS R13, R21 \
- ADCS R14, R22 \
- ADCS R15, R23 \
- ADCS R16, R24 \
-- ADCS ZR, R25 \
-+ ADCS ZR, R0 \
- \
- \ // Our output is R21:R22:R23:R24. Reduce mod p if necessary.
- SUBS R5, R21, R10 \
PKG_NAME:=gnunet-secushare
-PKG_SOURCE_VERSION:=81939cb93670efcee8e99884d10d2676b02edba9
-PKG_SOURCE_DATE:=20190228
-PKG_MIRROR_HASH:=64a0fb7ad6a515559360de71df85dde152f55a60585668f15114bc1f55cf2742
-PKG_RELEASE:=3
+PKG_SOURCE_VERSION:=5fc42cc72b97b22a27d8d6622060a429f7fa9098
+PKG_SOURCE_DATE:=20190728
+PKG_MIRROR_HASH:=44106b73d7077ff8123d9972f6a1f746eca7a4d4e47a623d6576db80bdb97bad
+PKG_RELEASE:=1
PKG_SOURCE_URL:=https://gnunet.org/git/gnunet-secushare.git
PKG_SOURCE_PROTO:=git
PKG_LICENSE:=GPL-3.0
PKG_NAME:=gnunet
-PKG_VERSION:=0.11.5
-PKG_RELEASE:=2
+PKG_VERSION:=0.11.6
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@GNU/gnunet
-PKG_HASH:=98e0355ff0627bf88112b3b92a7522e98c0ae6071fc45efda5a33daed28199b3
+PKG_HASH:=f8a07063b1e0890a1386fed2313a967f58f5495c075a25725aba200469c857bf
PKG_LICENSE:=AGPL-3.0
PKG_LICENSE_FILES:=COPYING
CONFLICTS_dhtcache-heap:=gnunet-dhtcache-pgsql gnunet-dhtcache-sqlite
DEPENDS_gns-flat:=+gnunet-gns
-PLUGIN_gns-flat:=namecache_flat namestore_heap
+PLUGIN_gns-flat:=namecache_flat namestore_flat
PLUGIN_peerstore-flat:=peerstore_flat
del gnunet.namestore_heap
set gnunet.namestore_heap=gnunet-config
set gnunet.namestore_heap.FILENAME=/etc/gnunet/namestore.flat
- set gnunet.namestore.DATABASE=heap
+ set gnunet.namestore.DATABASE=flat
del gnunet.namecache_flat
set gnunet.namecache_flat=gnunet-config
set gnunet.namecache_flat.FILENAME=/var/run/gnunet/namecache.flat
PKG_NAME:=haproxy
PKG_VERSION:=2.0.3
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.haproxy.org/download/2.0/src
-#!/bin/bash
+#!/bin/sh
-CLONEURL=http://git.haproxy.org/git/haproxy-2.0.git
+CLONEURL=https://git.haproxy.org/git/haproxy-2.0.git
BASE_TAG=v2.0.3
TMP_REPODIR=tmprepo
PATCHESDIR=patches
i=0
for cid in $(git -C "${TMP_REPODIR}" rev-list ${BASE_TAG}..HEAD | tac); do
filename="$(printf "%03d" $i)-$(git -C "${TMP_REPODIR}" log --format=%s -n 1 $cid | sed -e"s/[()']//g" -e's/[^_a-zA-Z0-9+-]\+/-/g' -e's/-$//').patch"
- printf "Creating ${filename}\n"
- git -C "${TMP_REPODIR}" show $cid > "${PATCHESDIR}/$filename"
+ printf "Creating %s\n" "${filename}"
+ git -C "${TMP_REPODIR}" show "$cid" > "${PATCHESDIR}/$filename"
git add "${PATCHESDIR}/$filename"
- let i++
+ i=$((i+1))
done
rm -rf "${TMP_REPODIR}"
--- /dev/null
+commit 937604b4cfccddd607b8d4883815c4e3f9ab70d0
+Author: Willy Tarreau <w@1wt.eu>
+Date: Wed Jul 24 16:45:02 2019 +0200
+
+ BUG/MEDIUM: protocols: add a global lock for the init/deinit stuff
+
+ Dragan Dosen found that the listeners lock is not sufficient to protect
+ the listeners list when proxies are stopping because the listeners are
+ also unlinked from the protocol list, and under certain situations like
+ bombing with soft-stop signals or shutting down many frontends in parallel
+ from multiple CLI connections, it could be possible to provoke multiple
+ instances of delete_listener() to be called in parallel for different
+ listeners, thus corrupting the protocol lists.
+
+ Such operations are pretty rare, they are performed once per proxy upon
+ startup and once per proxy on shut down. Thus there is no point trying
+ to optimize anything and we can use a global lock to protect the protocol
+ lists during these manipulations.
+
+ This fix (or a variant) will have to be backported as far as 1.8.
+
+ (cherry picked from commit daacf3664506d56a1f3b050ccba504886a18b12a)
+ Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+
+diff --git a/include/proto/protocol.h b/include/proto/protocol.h
+index 7bbebb8e..f25f77f0 100644
+--- a/include/proto/protocol.h
++++ b/include/proto/protocol.h
+@@ -23,9 +23,11 @@
+ #define _PROTO_PROTOCOL_H
+
+ #include <sys/socket.h>
++#include <common/hathreads.h>
+ #include <types/protocol.h>
+
+ extern struct protocol *__protocol_by_family[AF_CUST_MAX];
++__decl_hathreads(extern HA_SPINLOCK_T proto_lock);
+
+ /* Registers the protocol <proto> */
+ void protocol_register(struct protocol *proto);
+diff --git a/include/types/protocol.h b/include/types/protocol.h
+index 1d3404b9..f38baeb9 100644
+--- a/include/types/protocol.h
++++ b/include/types/protocol.h
+@@ -80,9 +80,9 @@ struct protocol {
+ int (*pause)(struct listener *l); /* temporarily pause this listener for a soft restart */
+ void (*add)(struct listener *l, int port); /* add a listener for this protocol and port */
+
+- struct list listeners; /* list of listeners using this protocol */
+- int nb_listeners; /* number of listeners */
+- struct list list; /* list of registered protocols */
++ struct list listeners; /* list of listeners using this protocol (under proto_lock) */
++ int nb_listeners; /* number of listeners (under proto_lock) */
++ struct list list; /* list of registered protocols (under proto_lock) */
+ };
+
+ #define CONNECT_HAS_DATA 0x00000001 /* There's data available to be sent */
+diff --git a/src/listener.c b/src/listener.c
+index 40a774ed..b5fe2ac2 100644
+--- a/src/listener.c
++++ b/src/listener.c
+@@ -433,6 +433,9 @@ static void limit_listener(struct listener *l, struct list *list)
+ * used as a protocol's generic enable_all() primitive, for use after the
+ * fork(). It puts the listeners into LI_READY or LI_FULL states depending on
+ * their number of connections. It always returns ERR_NONE.
++ *
++ * Must be called with proto_lock held.
++ *
+ */
+ int enable_all_listeners(struct protocol *proto)
+ {
+@@ -447,6 +450,9 @@ int enable_all_listeners(struct protocol *proto)
+ * the polling lists when they are in the LI_READY or LI_FULL states. It is
+ * intended to be used as a protocol's generic disable_all() primitive. It puts
+ * the listeners into LI_LISTEN, and always returns ERR_NONE.
++ *
++ * Must be called with proto_lock held.
++ *
+ */
+ int disable_all_listeners(struct protocol *proto)
+ {
+@@ -516,6 +522,9 @@ void unbind_listener_no_close(struct listener *listener)
+ /* This function closes all listening sockets bound to the protocol <proto>,
+ * and the listeners end in LI_ASSIGNED state if they were higher. It does not
+ * detach them from the protocol. It always returns ERR_NONE.
++ *
++ * Must be called with proto_lock held.
++ *
+ */
+ int unbind_all_listeners(struct protocol *proto)
+ {
+@@ -580,14 +589,19 @@ int create_listeners(struct bind_conf *bc, const struct sockaddr_storage *ss,
+ * number of listeners is updated, as well as the global number of listeners
+ * and jobs. Note that the listener must have previously been unbound. This
+ * is the generic function to use to remove a listener.
++ *
++ * Will grab the proto_lock.
++ *
+ */
+ void delete_listener(struct listener *listener)
+ {
+ HA_SPIN_LOCK(LISTENER_LOCK, &listener->lock);
+ if (listener->state == LI_ASSIGNED) {
+ listener->state = LI_INIT;
++ HA_SPIN_LOCK(PROTO_LOCK, &proto_lock);
+ LIST_DEL(&listener->proto_list);
+ listener->proto->nb_listeners--;
++ HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock);
+ _HA_ATOMIC_SUB(&jobs, 1);
+ _HA_ATOMIC_SUB(&listeners, 1);
+ }
+diff --git a/src/proto_sockpair.c b/src/proto_sockpair.c
+index a4faa370..e7dd670d 100644
+--- a/src/proto_sockpair.c
++++ b/src/proto_sockpair.c
+@@ -80,6 +80,9 @@ INITCALL1(STG_REGISTER, protocol_register, &proto_sockpair);
+ /* Add <listener> to the list of sockpair listeners (port is ignored). The
+ * listener's state is automatically updated from LI_INIT to LI_ASSIGNED.
+ * The number of listeners for the protocol is updated.
++ *
++ * Must be called with proto_lock held.
++ *
+ */
+ static void sockpair_add_listener(struct listener *listener, int port)
+ {
+@@ -97,6 +100,8 @@ static void sockpair_add_listener(struct listener *listener, int port)
+ * loose them across the fork(). A call to uxst_enable_listeners() is needed
+ * to complete initialization.
+ *
++ * Must be called with proto_lock held.
++ *
+ * The return value is composed from ERR_NONE, ERR_RETRYABLE and ERR_FATAL.
+ */
+ static int sockpair_bind_listeners(struct protocol *proto, char *errmsg, int errlen)
+diff --git a/src/proto_tcp.c b/src/proto_tcp.c
+index 64ffb83c..bcbe27a7 100644
+--- a/src/proto_tcp.c
++++ b/src/proto_tcp.c
+@@ -1103,6 +1103,9 @@ int tcp_bind_listener(struct listener *listener, char *errmsg, int errlen)
+ * The sockets will be registered but not added to any fd_set, in order not to
+ * loose them across the fork(). A call to enable_all_listeners() is needed
+ * to complete initialization. The return value is composed from ERR_*.
++ *
++ * Must be called with proto_lock held.
++ *
+ */
+ static int tcp_bind_listeners(struct protocol *proto, char *errmsg, int errlen)
+ {
+@@ -1121,6 +1124,9 @@ static int tcp_bind_listeners(struct protocol *proto, char *errmsg, int errlen)
+ /* Add <listener> to the list of tcpv4 listeners, on port <port>. The
+ * listener's state is automatically updated from LI_INIT to LI_ASSIGNED.
+ * The number of listeners for the protocol is updated.
++ *
++ * Must be called with proto_lock held.
++ *
+ */
+ static void tcpv4_add_listener(struct listener *listener, int port)
+ {
+@@ -1136,6 +1142,9 @@ static void tcpv4_add_listener(struct listener *listener, int port)
+ /* Add <listener> to the list of tcpv6 listeners, on port <port>. The
+ * listener's state is automatically updated from LI_INIT to LI_ASSIGNED.
+ * The number of listeners for the protocol is updated.
++ *
++ * Must be called with proto_lock held.
++ *
+ */
+ static void tcpv6_add_listener(struct listener *listener, int port)
+ {
+diff --git a/src/proto_uxst.c b/src/proto_uxst.c
+index 66093af6..7263240f 100644
+--- a/src/proto_uxst.c
++++ b/src/proto_uxst.c
+@@ -379,6 +379,9 @@ static int uxst_unbind_listener(struct listener *listener)
+ /* Add <listener> to the list of unix stream listeners (port is ignored). The
+ * listener's state is automatically updated from LI_INIT to LI_ASSIGNED.
+ * The number of listeners for the protocol is updated.
++ *
++ * Must be called with proto_lock held.
++ *
+ */
+ static void uxst_add_listener(struct listener *listener, int port)
+ {
+@@ -594,6 +597,8 @@ static int uxst_connect_server(struct connection *conn, int flags)
+ * loose them across the fork(). A call to uxst_enable_listeners() is needed
+ * to complete initialization.
+ *
++ * Must be called with proto_lock held.
++ *
+ * The return value is composed from ERR_NONE, ERR_RETRYABLE and ERR_FATAL.
+ */
+ static int uxst_bind_listeners(struct protocol *proto, char *errmsg, int errlen)
+@@ -613,6 +618,9 @@ static int uxst_bind_listeners(struct protocol *proto, char *errmsg, int errlen)
+ /* This function stops all listening UNIX sockets bound to the protocol
+ * <proto>. It does not detaches them from the protocol.
+ * It always returns ERR_NONE.
++ *
++ * Must be called with proto_lock held.
++ *
+ */
+ static int uxst_unbind_listeners(struct protocol *proto)
+ {
+diff --git a/src/protocol.c b/src/protocol.c
+index 96e01c82..ac45cf2e 100644
+--- a/src/protocol.c
++++ b/src/protocol.c
+@@ -18,18 +18,26 @@
+ #include <common/mini-clist.h>
+ #include <common/standard.h>
+
+-#include <types/protocol.h>
++#include <proto/protocol.h>
+
+ /* List head of all registered protocols */
+ static struct list protocols = LIST_HEAD_INIT(protocols);
+ struct protocol *__protocol_by_family[AF_CUST_MAX] = { };
+
++/* This is the global spinlock we may need to register/unregister listeners or
++ * protocols. Its main purpose is in fact to serialize the rare stop/deinit()
++ * phases.
++ */
++__decl_spinlock(proto_lock);
++
+ /* Registers the protocol <proto> */
+ void protocol_register(struct protocol *proto)
+ {
++ HA_SPIN_LOCK(PROTO_LOCK, &proto_lock);
+ LIST_ADDQ(&protocols, &proto->list);
+ if (proto->sock_domain >= 0 && proto->sock_domain < AF_CUST_MAX)
+ __protocol_by_family[proto->sock_domain] = proto;
++ HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock);
+ }
+
+ /* Unregisters the protocol <proto>. Note that all listeners must have
+@@ -37,8 +45,10 @@ void protocol_register(struct protocol *proto)
+ */
+ void protocol_unregister(struct protocol *proto)
+ {
++ HA_SPIN_LOCK(PROTO_LOCK, &proto_lock);
+ LIST_DEL(&proto->list);
+ LIST_INIT(&proto->list);
++ HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock);
+ }
+
+ /* binds all listeners of all registered protocols. Returns a composition
+@@ -50,6 +60,7 @@ int protocol_bind_all(char *errmsg, int errlen)
+ int err;
+
+ err = 0;
++ HA_SPIN_LOCK(PROTO_LOCK, &proto_lock);
+ list_for_each_entry(proto, &protocols, list) {
+ if (proto->bind_all) {
+ err |= proto->bind_all(proto, errmsg, errlen);
+@@ -57,6 +68,7 @@ int protocol_bind_all(char *errmsg, int errlen)
+ break;
+ }
+ }
++ HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock);
+ return err;
+ }
+
+@@ -71,11 +83,13 @@ int protocol_unbind_all(void)
+ int err;
+
+ err = 0;
++ HA_SPIN_LOCK(PROTO_LOCK, &proto_lock);
+ list_for_each_entry(proto, &protocols, list) {
+ if (proto->unbind_all) {
+ err |= proto->unbind_all(proto);
+ }
+ }
++ HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock);
+ return err;
+ }
+
+@@ -89,11 +103,13 @@ int protocol_enable_all(void)
+ int err;
+
+ err = 0;
++ HA_SPIN_LOCK(PROTO_LOCK, &proto_lock);
+ list_for_each_entry(proto, &protocols, list) {
+ if (proto->enable_all) {
+ err |= proto->enable_all(proto);
+ }
+ }
++ HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock);
+ return err;
+ }
+
+@@ -107,11 +123,13 @@ int protocol_disable_all(void)
+ int err;
+
+ err = 0;
++ HA_SPIN_LOCK(PROTO_LOCK, &proto_lock);
+ list_for_each_entry(proto, &protocols, list) {
+ if (proto->disable_all) {
+ err |= proto->disable_all(proto);
+ }
+ }
++ HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock);
+ return err;
+ }
+
+++ /dev/null
---- a/Makefile
-+++ b/Makefile
-@@ -327,6 +327,15 @@ ifeq ($(TARGET),linux-glibc)
- USE_GETADDRINFO)
- endif
-
-+# For linux >= 2.6.28 and uclibc
-+ifeq ($(TARGET),linux-uclibc)
-+ set_target_defaults = $(call default_opts, \
-+ USE_POLL USE_TPROXY USE_DL USE_RT USE_NETFILTER \
-+ USE_CPU_AFFINITY USE_THREAD USE_EPOLL USE_FUTEX USE_LINUX_TPROXY \
-+ USE_ACCEPT4 USE_LINUX_SPLICE USE_PRCTL USE_THREAD_DUMP USE_NS USE_TFO \
-+ USE_GETADDRINFO)
-+endif
-+
- # Solaris 8 and above
- ifeq ($(TARGET),solaris)
- # We also enable getaddrinfo() which works since solaris 8.
--- /dev/null
+commit 6d79cedaaa4a16b2f42d2bf2bc25772a51354e91
+Author: Willy Tarreau <w@1wt.eu>
+Date: Wed Jul 24 17:42:44 2019 +0200
+
+ BUG/MINOR: proxy: always lock stop_proxy()
+
+ There is one unprotected call to stop_proxy() from the manage_proxy()
+ task, so there is a single caller by definition, but there is also
+ another such call from the CLI's "shutdown frontend" parser. This
+ one does it under the proxy's lock but the first one doesn't use it.
+ Thus it is theorically possible to corrupt the list of listeners in a
+ proxy by issuing "shutdown frontend" and SIGUSR1 exactly at the same
+ time. While it sounds particularly contrived or stupid, it could
+ possibly happen with automated tools that would send actions via
+ various channels. This could cause the process to loop forever or
+ to crash and thus stop faster than expected.
+
+ This might be backported as far as 1.8.
+
+ (cherry picked from commit 3de3cd4d9761324b31d23eb2c4a9434ed33801b8)
+ Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+
+diff --git a/src/proxy.c b/src/proxy.c
+index f669ebf1..ae761ead 100644
+--- a/src/proxy.c
++++ b/src/proxy.c
+@@ -1258,13 +1258,16 @@ void zombify_proxy(struct proxy *p)
+ * to be called when going down in order to release the ports so that another
+ * process may bind to them. It must also be called on disabled proxies at the
+ * end of start-up. If all listeners are closed, the proxy is set to the
+- * PR_STSTOPPED state.
++ * PR_STSTOPPED state. The function takes the proxy's lock so it's safe to
++ * call from multiple places.
+ */
+ void stop_proxy(struct proxy *p)
+ {
+ struct listener *l;
+ int nostop = 0;
+
++ HA_SPIN_LOCK(PROXY_LOCK, &p->lock);
++
+ list_for_each_entry(l, &p->conf.listeners, by_fe) {
+ if (l->options & LI_O_NOSTOP) {
+ HA_ATOMIC_ADD(&unstoppable_jobs, 1);
+@@ -1278,6 +1281,8 @@ void stop_proxy(struct proxy *p)
+ }
+ if (!nostop)
+ p->state = PR_STSTOPPED;
++
++ HA_SPIN_UNLOCK(PROXY_LOCK, &p->lock);
+ }
+
+ /* This function resumes listening on the specified proxy. It scans all of its
+@@ -2110,10 +2115,7 @@ static int cli_parse_shutdown_frontend(char **args, char *payload, struct appctx
+ send_log(px, LOG_WARNING, "Proxy %s stopped (FE: %lld conns, BE: %lld conns).\n",
+ px->id, px->fe_counters.cum_conn, px->be_counters.cum_conn);
+
+- HA_SPIN_LOCK(PROXY_LOCK, &px->lock);
+ stop_proxy(px);
+- HA_SPIN_UNLOCK(PROXY_LOCK, &px->lock);
+-
+ return 1;
+ }
+
+++ /dev/null
---- a/include/common/openssl-compat.h
-+++ b/include/common/openssl-compat.h
-@@ -217,7 +217,8 @@ static inline int EVP_PKEY_base_id(EVP_PKEY *pkey)
- #define TLSEXT_signature_ecdsa 3
- #endif
-
--#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || (LIBRESSL_VERSION_NUMBER < 0x20700000L)
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || \
-+ (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x20700000L))
- #define X509_getm_notBefore X509_get_notBefore
- #define X509_getm_notAfter X509_get_notAfter
- #endif
--- /dev/null
+commit a4ca26661f95a60974fb13a78b1a0c89f9c09ea9
+Author: Willy Tarreau <w@1wt.eu>
+Date: Thu Jul 25 07:53:56 2019 +0200
+
+ BUILD: threads: add the definition of PROTO_LOCK
+
+ This one was added by commit daacf3664 ("BUG/MEDIUM: protocols: add a
+ global lock for the init/deinit stuff") but I forgot to add it to the
+ include file, breaking DEBUG_THREAD.
+
+ (cherry picked from commit d6e0c03384cab2c72fb6ab841420045108ea4e6f)
+ Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+
+diff --git a/include/common/hathreads.h b/include/common/hathreads.h
+index a7c8dc93..b05215bd 100644
+--- a/include/common/hathreads.h
++++ b/include/common/hathreads.h
+@@ -562,6 +562,7 @@ enum lock_label {
+ AUTH_LOCK,
+ LOGSRV_LOCK,
+ DICT_LOCK,
++ PROTO_LOCK,
+ OTHER_LOCK,
+ LOCK_LABELS
+ };
+@@ -679,6 +680,7 @@ static inline const char *lock_label(enum lock_label label)
+ case AUTH_LOCK: return "AUTH";
+ case LOGSRV_LOCK: return "LOGSRV";
+ case DICT_LOCK: return "DICT";
++ case PROTO_LOCK: return "PROTO";
+ case OTHER_LOCK: return "OTHER";
+ case LOCK_LABELS: break; /* keep compiler happy */
+ };
--- /dev/null
+commit 974c6916ba2f7efc83193bb8c04e95294ca21112
+Author: Christopher Faulet <cfaulet@haproxy.com>
+Date: Fri Jul 26 13:52:13 2019 +0200
+
+ BUG/MEDIUM: lb-chash: Fix the realloc() when the number of nodes is increased
+
+ When the number of nodes is increased because the server weight is changed, the
+ nodes array must be realloc. But its new size is not correctly set. Only the
+ total number of nodes is used to set the new size. But it must also depends on
+ the size of a node. It must be the total nomber of nodes times the size of a
+ node.
+
+ This issue was reported on Github (#189).
+
+ This patch must be backported to all versions since the 1.6.
+
+ (cherry picked from commit 366ad86af72c455cc958943913cb2de20eefee71)
+ Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+
+diff --git a/src/lb_chash.c b/src/lb_chash.c
+index a35351e9..0bf4e81a 100644
+--- a/src/lb_chash.c
++++ b/src/lb_chash.c
+@@ -84,7 +84,7 @@ static inline void chash_queue_dequeue_srv(struct server *s)
+ * increased the weight beyond the original weight
+ */
+ if (s->lb_nodes_tot < s->next_eweight) {
+- struct tree_occ *new_nodes = realloc(s->lb_nodes, s->next_eweight);
++ struct tree_occ *new_nodes = realloc(s->lb_nodes, s->next_eweight * sizeof(*new_nodes));
+
+ if (new_nodes) {
+ unsigned int j;
--- /dev/null
+commit 21a796cb83c29ee276feb04649a1b18214bbdee0
+Author: Olivier Houchard <ohouchard@haproxy.com>
+Date: Fri Jul 26 14:54:34 2019 +0200
+
+ BUG/MEDIUM: streams: Don't switch the SI to SI_ST_DIS if we have data to send.
+
+ In sess_established(), don't immediately switch the backend stream_interface
+ to SI_ST_DIS if we only got a SHUTR. We may still have something to send,
+ ie if the request is a POST, and we should be switched to SI_ST8DIS later
+ when the shutw will happen.
+
+ This should be backported to 2.0 and 1.9.
+
+ (cherry picked from commit 7859526fd6ce7ea33e20b7e532b21aa2465cb11d)
+ Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+
+diff --git a/src/stream.c b/src/stream.c
+index a5c5f45c..64875c80 100644
+--- a/src/stream.c
++++ b/src/stream.c
+@@ -954,8 +954,9 @@ static void sess_establish(struct stream *s)
+ si_chk_rcv(si);
+ }
+ req->wex = TICK_ETERNITY;
+- /* If we managed to get the whole response, switch to SI_ST_DIS now. */
+- if (rep->flags & CF_SHUTR)
++ /* If we managed to get the whole response, and we don't have anything
++ * left to send, or can't, switch to SI_ST_DIS now. */
++ if (rep->flags & (CF_SHUTR | CF_SHUTW))
+ si->state = SI_ST_DIS;
+ }
+
--- /dev/null
+commit 487b38e86c08431bc5f48aac72c8d753ee23cb03
+Author: Willy Tarreau <w@1wt.eu>
+Date: Fri Jul 26 15:10:39 2019 +0200
+
+ BUG/MINOR: log: make sure writev() is not interrupted on a file output
+
+ Since 1.9 we support sending logs to various non-blocking outputs like
+ stdou/stderr or flies, by using writev() which guarantees that it only
+ returns after having written everything or nothing. However the syscall
+ may be interrupted while doing so, and this is visible when writing to
+ a tty during debug sessions, as some logs occasionally appear interleaved
+ if an xterm or SSH connection is not very fast. Performance here is not a
+ critical concern, log correctness is. Let's simply take the logger's lock
+ around the writev() call to prevent multiple senders from stepping onto
+ each other's toes.
+
+ This may be backported to 2.0 and 1.9.
+
+ (cherry picked from commit 9fbcb7e2e9c32659ab11927394fec2e160be2d0b)
+ Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+
+diff --git a/src/log.c b/src/log.c
+index ef999d13..99f185e4 100644
+--- a/src/log.c
++++ b/src/log.c
+@@ -1672,8 +1672,15 @@ send:
+ iovec[7].iov_len = 1;
+
+ if (logsrv->addr.ss_family == AF_UNSPEC) {
+- /* the target is a direct file descriptor */
++ /* the target is a direct file descriptor. While writev() guarantees
++ * to write everything, it doesn't guarantee that it will not be
++ * interrupted while doing so. This occasionally results in interleaved
++ * messages when the output is a tty, hence the lock. There's no real
++ * performance concern here for such type of output.
++ */
++ HA_SPIN_LOCK(LOGSRV_LOCK, &logsrv->lock);
+ sent = writev(*plogfd, iovec, 8);
++ HA_SPIN_UNLOCK(LOGSRV_LOCK, &logsrv->lock);
+ }
+ else {
+ msghdr.msg_name = (struct sockaddr *)&logsrv->addr;
--- /dev/null
+commit 8de6badd32fb584d60733a6236113edba00f8701
+Author: Willy Tarreau <w@1wt.eu>
+Date: Fri Jul 26 15:21:54 2019 +0200
+
+ DOC: improve the wording in CONTRIBUTING about how to document a bug fix
+
+ Insufficiently described bug fixes are still too frequent. It's a real
+ pain to create each new maintenance release, as 3/4 of the time is spent
+ trying to guess what problem a patch fixes, which is already important
+ in order to decide whether to pick the fix or not, but is even more
+ capital in order to write understandable release notes.
+
+ Christopher rightfully demands that a patch tagged "BUG" MUST ABSOLUTELY
+ describe the problem and why this problem is a bug. Describing the fix
+ is one thing but if the bug is unknown, why would there be a fix ? How
+ can a stable maintainer be convinced to take a fix if its author didn't
+ care about checking whether it was a real bug ? This patch tries to
+ explain a bit better what really needs to appear in the commit message
+ and how to describe a bug.
+
+ To be backported to all relevant stable versions.
+
+ (cherry picked from commit 41f638c1eb8167bb473a6c8811d7fd70d7c06e07)
+ Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+
+diff --git a/CONTRIBUTING b/CONTRIBUTING
+index 0fcd921e..201e122d 100644
+--- a/CONTRIBUTING
++++ b/CONTRIBUTING
+@@ -454,7 +454,18 @@ do not think about them anymore after a few patches.
+
+ 11) Real commit messages please!
+
+- Please properly format your commit messages. To get an idea, just run
++ The commit message is how you're trying to convince a maintainer to adopt
++ your work and maintain it as long as possible. A dirty commit message almost
++ always comes with dirty code. Too short a commit message indicates that too
++ short an analysis was done and that side effects are extremely likely to be
++ encountered. It's the maintainer's job to decide to accept this work in its
++ current form or not, with the known constraints. Some patches which rework
++ architectural parts or fix sensitive bugs come with 20-30 lines of design
++ explanations, limitations, hypothesis or even doubts, and despite this it
++ happens when reading them 6 months later while trying to identify a bug that
++ developers still miss some information about corner cases.
++
++ So please properly format your commit messages. To get an idea, just run
+ "git log" on the file you've just modified. Patches always have the format
+ of an e-mail made of a subject, a description and the actual patch. If you
+ are sending a patch as an e-mail formatted this way, it can quickly be
+@@ -506,9 +517,17 @@ do not think about them anymore after a few patches.
+
+ But in any case, it is important that there is a clean description of what
+ the patch does, the motivation for what it does, why it's the best way to do
+- it, its impacts, and what it does not yet cover. Also, in HAProxy, like many
+- projects which take a great care of maintaining stable branches, patches are
+- reviewed later so that some of them can be backported to stable releases.
++ it, its impacts, and what it does not yet cover. And this is particularly
++ important for bugs. A patch tagged "BUG" must absolutely explain what the
++ problem is, why it is considered as a bug. Anybody, even non-developers,
++ should be able to tell whether or not a patch is likely to address an issue
++ they are facing. Indicating what the code will do after the fix doesn't help
++ if it does not say what problem is encountered without the patch. Note that
++ in some cases the bug is purely theorical and observed by reading the code.
++ In this case it's perfectly fine to provide an estimate about possible
++ effects. Also, in HAProxy, like many projects which take a great care of
++ maintaining stable branches, patches are reviewed later so that some of them
++ can be backported to stable releases.
+
+ While reviewing hundreds of patches can seem cumbersome, with a proper
+ formatting of the subject line it actually becomes very easy. For example,
+@@ -630,13 +649,23 @@ patch types include :
+
+ - BUG fix for a bug. The severity of the bug should also be indicated
+ when known. Similarly, if a backport is needed to older versions,
+- it should be indicated on the last line of the commit message. If
+- the bug has been identified as a regression brought by a specific
+- patch or version, this indication will be appreciated too. New
+- maintenance releases are generally emitted when a few of these
+- patches are merged. If the bug is a vulnerability for which a CVE
+- identifier was assigned before you publish the fix, you can mention
+- it in the commit message, it will help distro maintainers.
++ it should be indicated on the last line of the commit message. The
++ commit message MUST ABSOLUTELY describe the problem and its impact
++ to non-developers. Any user must be able to guess if this patch is
++ likely to fix a problem they are facing. Even if the bug was
++ discovered by accident while reading the code or running an
++ automated tool, it is mandatory to try to estimate what potential
++ issue it might cause and under what circumstances. There may even
++ be security implications sometimes so a minimum analysis is really
++ required. Also please think about stable maintainers who have to
++ build the release notes, they need to have enough input about the
++ bug's impact to explain it. If the bug has been identified as a
++ regression brought by a specific patch or version, this indication
++ will be appreciated too. New maintenance releases are generally
++ emitted when a few of these patches are merged. If the bug is a
++ vulnerability for which a CVE identifier was assigned before you
++ publish the fix, you can mention it in the commit message, it will
++ help distro maintainers.
+
+ - CLEANUP code cleanup, silence of warnings, etc... theoretically no impact.
+ These patches will rarely be seen in stable branches, though they
--- /dev/null
+commit 72c692701ab4197f1f8ec7594b7e8ef5082b9d9e
+Author: Christopher Faulet <cfaulet@haproxy.com>
+Date: Fri Jul 26 16:40:24 2019 +0200
+
+ BUG/MINOR: hlua/htx: Reset channels analyzers when txn:done() is called
+
+ For HTX streams, when txn:done() is called, the work is delegated to the
+ function http_reply_and_close(). But it is not enough. The channel's analyzers
+ must also be reset. Otherwise, some analyzers may still be called while
+ processing should be aborted.
+
+ For instance, if the function is called from an http-request rules on the
+ frontend, request analyzers on the backend side are still called. So we may try
+ to add an header to the request, while this one was already reset.
+
+ This patch must be backported to 2.0 and 1.9.
+
+ (cherry picked from commit fe6a71b8e08234dbe03fbd2fa3017590681479df)
+ Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+
+diff --git a/src/hlua.c b/src/hlua.c
+index 23d2aa04..f9d1d699 100644
+--- a/src/hlua.c
++++ b/src/hlua.c
+@@ -5996,8 +5996,12 @@ __LJMP static int hlua_txn_done(lua_State *L)
+ ic = &htxn->s->req;
+ oc = &htxn->s->res;
+
+- if (IS_HTX_STRM(htxn->s))
+- htx_reply_and_close(htxn->s, 0, NULL);
++ if (IS_HTX_STRM(htxn->s)) {
++ htxn->s->txn->status = 0;
++ http_reply_and_close(htxn->s, 0, NULL);
++ ic->analysers &= AN_REQ_FLT_END;
++ oc->analysers &= AN_RES_FLT_END;
++ }
+ else {
+ if (htxn->s->txn) {
+ /* HTTP mode, let's stay in sync with the stream */
+@@ -6031,6 +6035,9 @@ __LJMP static int hlua_txn_done(lua_State *L)
+ ic->analysers = 0;
+ }
+
++ if (!(htxn->s->flags & SF_ERR_MASK)) // this is not really an error but it is
++ htxn->s->flags |= SF_ERR_LOCAL; // to mark that it comes from the proxy
++
+ hlua->flags |= HLUA_STOP;
+ WILL_LJMP(hlua_done(L));
+ return 0;
--- /dev/null
+commit dc2ee27c7a1908ca3157a10ad131f13644bcaea3
+Author: Christopher Faulet <cfaulet@haproxy.com>
+Date: Fri Jul 26 16:17:01 2019 +0200
+
+ BUG/MEDIUM: hlua: Check the calling direction in lua functions of the HTTP class
+
+ It is invalid to manipulate responses from http-request rules or to manipulate
+ requests from http-response rules. When http-request rules are evaluated, the
+ connection to server is not yet established, so there is no response at all. And
+ when http-response rules are evaluated, the request has already been sent to the
+ server.
+
+ Now, the calling direction is checked. So functions "txn.http:req_*" can now
+ only be called from http-request rules and the functions "txn.http:res_*" can
+ only be called from http-response rules.
+
+ This issue was reported on Github (#190).
+
+ This patch must be backported to all versions since the 1.6.
+
+ (cherry picked from commit 84a6d5bc217a418db8efc4e76a0a32860db2c608)
+ Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+
+diff --git a/src/hlua.c b/src/hlua.c
+index f9d1d699..21351cd6 100644
+--- a/src/hlua.c
++++ b/src/hlua.c
+@@ -5346,6 +5346,9 @@ __LJMP static int hlua_http_req_get_headers(lua_State *L)
+ MAY_LJMP(check_args(L, 1, "req_get_headers"));
+ htxn = MAY_LJMP(hlua_checkhttp(L, 1));
+
++ if (htxn->dir != SMP_OPT_DIR_REQ)
++ WILL_LJMP(lua_error(L));
++
+ return hlua_http_get_headers(L, htxn, &htxn->s->txn->req);
+ }
+
+@@ -5356,6 +5359,9 @@ __LJMP static int hlua_http_res_get_headers(lua_State *L)
+ MAY_LJMP(check_args(L, 1, "res_get_headers"));
+ htxn = MAY_LJMP(hlua_checkhttp(L, 1));
+
++ if (htxn->dir != SMP_OPT_DIR_RES)
++ WILL_LJMP(lua_error(L));
++
+ return hlua_http_get_headers(L, htxn, &htxn->s->txn->rsp);
+ }
+
+@@ -5393,6 +5399,9 @@ __LJMP static int hlua_http_req_rep_hdr(lua_State *L)
+ MAY_LJMP(check_args(L, 4, "req_rep_hdr"));
+ htxn = MAY_LJMP(hlua_checkhttp(L, 1));
+
++ if (htxn->dir != SMP_OPT_DIR_REQ)
++ WILL_LJMP(lua_error(L));
++
+ return MAY_LJMP(hlua_http_rep_hdr(L, htxn, &htxn->s->txn->req, ACT_HTTP_REPLACE_HDR));
+ }
+
+@@ -5403,6 +5412,9 @@ __LJMP static int hlua_http_res_rep_hdr(lua_State *L)
+ MAY_LJMP(check_args(L, 4, "res_rep_hdr"));
+ htxn = MAY_LJMP(hlua_checkhttp(L, 1));
+
++ if (htxn->dir != SMP_OPT_DIR_RES)
++ WILL_LJMP(lua_error(L));
++
+ return MAY_LJMP(hlua_http_rep_hdr(L, htxn, &htxn->s->txn->rsp, ACT_HTTP_REPLACE_HDR));
+ }
+
+@@ -5413,6 +5425,9 @@ __LJMP static int hlua_http_req_rep_val(lua_State *L)
+ MAY_LJMP(check_args(L, 4, "req_rep_hdr"));
+ htxn = MAY_LJMP(hlua_checkhttp(L, 1));
+
++ if (htxn->dir != SMP_OPT_DIR_REQ)
++ WILL_LJMP(lua_error(L));
++
+ return MAY_LJMP(hlua_http_rep_hdr(L, htxn, &htxn->s->txn->req, ACT_HTTP_REPLACE_VAL));
+ }
+
+@@ -5423,6 +5438,9 @@ __LJMP static int hlua_http_res_rep_val(lua_State *L)
+ MAY_LJMP(check_args(L, 4, "res_rep_val"));
+ htxn = MAY_LJMP(hlua_checkhttp(L, 1));
+
++ if (htxn->dir != SMP_OPT_DIR_RES)
++ WILL_LJMP(lua_error(L));
++
+ return MAY_LJMP(hlua_http_rep_hdr(L, htxn, &htxn->s->txn->rsp, ACT_HTTP_REPLACE_VAL));
+ }
+
+@@ -5462,6 +5480,9 @@ __LJMP static int hlua_http_req_del_hdr(lua_State *L)
+ MAY_LJMP(check_args(L, 2, "req_del_hdr"));
+ htxn = MAY_LJMP(hlua_checkhttp(L, 1));
+
++ if (htxn->dir != SMP_OPT_DIR_REQ)
++ WILL_LJMP(lua_error(L));
++
+ return hlua_http_del_hdr(L, htxn, &htxn->s->txn->req);
+ }
+
+@@ -5469,9 +5490,12 @@ __LJMP static int hlua_http_res_del_hdr(lua_State *L)
+ {
+ struct hlua_txn *htxn;
+
+- MAY_LJMP(check_args(L, 2, "req_del_hdr"));
++ MAY_LJMP(check_args(L, 2, "res_del_hdr"));
+ htxn = MAY_LJMP(hlua_checkhttp(L, 1));
+
++ if (htxn->dir != SMP_OPT_DIR_RES)
++ WILL_LJMP(lua_error(L));
++
+ return hlua_http_del_hdr(L, htxn, &htxn->s->txn->rsp);
+ }
+
+@@ -5523,6 +5547,9 @@ __LJMP static int hlua_http_req_add_hdr(lua_State *L)
+ MAY_LJMP(check_args(L, 3, "req_add_hdr"));
+ htxn = MAY_LJMP(hlua_checkhttp(L, 1));
+
++ if (htxn->dir != SMP_OPT_DIR_REQ)
++ WILL_LJMP(lua_error(L));
++
+ return hlua_http_add_hdr(L, htxn, &htxn->s->txn->req);
+ }
+
+@@ -5533,6 +5560,9 @@ __LJMP static int hlua_http_res_add_hdr(lua_State *L)
+ MAY_LJMP(check_args(L, 3, "res_add_hdr"));
+ htxn = MAY_LJMP(hlua_checkhttp(L, 1));
+
++ if (htxn->dir != SMP_OPT_DIR_RES)
++ WILL_LJMP(lua_error(L));
++
+ return hlua_http_add_hdr(L, htxn, &htxn->s->txn->rsp);
+ }
+
+@@ -5543,6 +5573,9 @@ static int hlua_http_req_set_hdr(lua_State *L)
+ MAY_LJMP(check_args(L, 3, "req_set_hdr"));
+ htxn = MAY_LJMP(hlua_checkhttp(L, 1));
+
++ if (htxn->dir != SMP_OPT_DIR_REQ)
++ WILL_LJMP(lua_error(L));
++
+ hlua_http_del_hdr(L, htxn, &htxn->s->txn->req);
+ return hlua_http_add_hdr(L, htxn, &htxn->s->txn->req);
+ }
+@@ -5554,6 +5587,9 @@ static int hlua_http_res_set_hdr(lua_State *L)
+ MAY_LJMP(check_args(L, 3, "res_set_hdr"));
+ htxn = MAY_LJMP(hlua_checkhttp(L, 1));
+
++ if (htxn->dir != SMP_OPT_DIR_RES)
++ WILL_LJMP(lua_error(L));
++
+ hlua_http_del_hdr(L, htxn, &htxn->s->txn->rsp);
+ return hlua_http_add_hdr(L, htxn, &htxn->s->txn->rsp);
+ }
+@@ -5565,6 +5601,9 @@ static int hlua_http_req_set_meth(lua_State *L)
+ size_t name_len;
+ const char *name = MAY_LJMP(luaL_checklstring(L, 2, &name_len));
+
++ if (htxn->dir != SMP_OPT_DIR_REQ)
++ WILL_LJMP(lua_error(L));
++
+ lua_pushboolean(L, http_replace_req_line(0, name, name_len, htxn->p, htxn->s) != -1);
+ return 1;
+ }
+@@ -5576,6 +5615,9 @@ static int hlua_http_req_set_path(lua_State *L)
+ size_t name_len;
+ const char *name = MAY_LJMP(luaL_checklstring(L, 2, &name_len));
+
++ if (htxn->dir != SMP_OPT_DIR_REQ)
++ WILL_LJMP(lua_error(L));
++
+ lua_pushboolean(L, http_replace_req_line(1, name, name_len, htxn->p, htxn->s) != -1);
+ return 1;
+ }
+@@ -5587,6 +5629,9 @@ static int hlua_http_req_set_query(lua_State *L)
+ size_t name_len;
+ const char *name = MAY_LJMP(luaL_checklstring(L, 2, &name_len));
+
++ if (htxn->dir != SMP_OPT_DIR_REQ)
++ WILL_LJMP(lua_error(L));
++
+ /* Check length. */
+ if (name_len > trash.size - 1) {
+ lua_pushboolean(L, 0);
+@@ -5611,6 +5656,9 @@ static int hlua_http_req_set_uri(lua_State *L)
+ size_t name_len;
+ const char *name = MAY_LJMP(luaL_checklstring(L, 2, &name_len));
+
++ if (htxn->dir != SMP_OPT_DIR_REQ)
++ WILL_LJMP(lua_error(L));
++
+ lua_pushboolean(L, http_replace_req_line(3, name, name_len, htxn->p, htxn->s) != -1);
+ return 1;
+ }
+@@ -5622,6 +5670,9 @@ static int hlua_http_res_set_status(lua_State *L)
+ unsigned int code = MAY_LJMP(luaL_checkinteger(L, 2));
+ const char *reason = MAY_LJMP(luaL_optlstring(L, 3, NULL, NULL));
+
++ if (htxn->dir != SMP_OPT_DIR_RES)
++ WILL_LJMP(lua_error(L));
++
+ http_set_status(code, reason, htxn->s);
+ return 0;
+ }
--- /dev/null
+commit b22f6501bc9838061472128360e0e55d08cb0bd9
+Author: Christopher Faulet <cfaulet@haproxy.com>
+Date: Fri Jul 26 14:54:52 2019 +0200
+
+ MINOR: hlua: Don't set request analyzers on response channel for lua actions
+
+ Setting some requests analyzers on the response channel was an old trick to be
+ sure to re-evaluate the request's analyers after the response's ones have been
+ called. It is no more necessary. In fact, this trick was removed in the version
+ 1.8 and backported up to the version 1.6.
+
+ This patch must be backported to all versions since 1.6 to ease the backports of
+ fixes on the lua code.
+
+ (cherry picked from commit 51fa358432247fe5d7259d9d8a0e08d49d429c73)
+ Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+
+diff --git a/src/hlua.c b/src/hlua.c
+index 21351cd6..36454cdc 100644
+--- a/src/hlua.c
++++ b/src/hlua.c
+@@ -6873,11 +6873,8 @@ static enum act_return hlua_action(struct act_rule *rule, struct proxy *px,
+ * is detected on a response channel. This is useful
+ * only for actions targeted on the requests.
+ */
+- if (HLUA_IS_WAKERESWR(s->hlua)) {
++ if (HLUA_IS_WAKERESWR(s->hlua))
+ s->res.flags |= CF_WAKE_WRITE;
+- if ((analyzer & (AN_REQ_INSPECT_FE|AN_REQ_HTTP_PROCESS_FE)))
+- s->res.analysers |= analyzer;
+- }
+ if (HLUA_IS_WAKEREQWR(s->hlua))
+ s->req.flags |= CF_WAKE_WRITE;
+ /* We can quit the function without consistency check
--- /dev/null
+commit ff96b8bd3f85155f65b2b9c9f046fe3e40f630a4
+Author: Christopher Faulet <cfaulet@haproxy.com>
+Date: Fri Jul 26 15:09:53 2019 +0200
+
+ MINOR: hlua: Add a flag on the lua txn to know in which context it can be used
+
+ When a lua action or a lua sample fetch is called, a lua transaction is
+ created. It is an entry in the stack containing the class TXN. Thanks to it, we
+ can know the direction (request or response) of the call. But, for some
+ functions, it is also necessary to know if the buffer is "HTTP ready" for the
+ given direction. "HTTP ready" means there is a valid HTTP message in the
+ channel's buffer. So, when a lua action or a lua sample fetch is called, the
+ flag HLUA_TXN_HTTP_RDY is set if it is appropriate.
+
+ (cherry picked from commit bfab2dddad3ded87617d1e2db54761943d1eb32d)
+ Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+
+diff --git a/include/types/hlua.h b/include/types/hlua.h
+index 70c76852..2f4e38be 100644
+--- a/include/types/hlua.h
++++ b/include/types/hlua.h
+@@ -43,7 +43,8 @@ struct stream;
+ #define HLUA_F_AS_STRING 0x01
+ #define HLUA_F_MAY_USE_HTTP 0x02
+
+-#define HLUA_TXN_NOTERM 0x00000001
++#define HLUA_TXN_NOTERM 0x00000001
++#define HLUA_TXN_HTTP_RDY 0x00000002 /* Set if the txn is HTTP ready for the defined direction */
+
+ #define HLUA_CONCAT_BLOCSZ 2048
+
+diff --git a/src/hlua.c b/src/hlua.c
+index 36454cdc..d37e3c61 100644
+--- a/src/hlua.c
++++ b/src/hlua.c
+@@ -6494,6 +6494,7 @@ static int hlua_sample_fetch_wrapper(const struct arg *arg_p, struct sample *smp
+ struct stream *stream = smp->strm;
+ const char *error;
+ const struct buffer msg = { };
++ unsigned int hflags = HLUA_TXN_NOTERM;
+
+ if (!stream)
+ return 0;
+@@ -6517,6 +6518,13 @@ static int hlua_sample_fetch_wrapper(const struct arg *arg_p, struct sample *smp
+
+ consistency_set(stream, smp->opt, &stream->hlua->cons);
+
++ if (stream->be->mode == PR_MODE_HTTP) {
++ if ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ)
++ hflags |= ((stream->txn->req.msg_state < HTTP_MSG_BODY) ? 0 : HLUA_TXN_HTTP_RDY);
++ else
++ hflags |= ((stream->txn->rsp.msg_state < HTTP_MSG_BODY) ? 0 : HLUA_TXN_HTTP_RDY);
++ }
++
+ /* If it is the first run, initialize the data for the call. */
+ if (!HLUA_IS_RUNNING(stream->hlua)) {
+
+@@ -6541,8 +6549,7 @@ static int hlua_sample_fetch_wrapper(const struct arg *arg_p, struct sample *smp
+ lua_rawgeti(stream->hlua->T, LUA_REGISTRYINDEX, fcn->function_ref);
+
+ /* push arguments in the stack. */
+- if (!hlua_txn_new(stream->hlua->T, stream, smp->px, smp->opt & SMP_OPT_DIR,
+- HLUA_TXN_NOTERM)) {
++ if (!hlua_txn_new(stream->hlua->T, stream, smp->px, smp->opt & SMP_OPT_DIR, hflags)) {
+ SEND_ERR(smp->px, "Lua sample-fetch '%s': full stack.\n", fcn->name);
+ RESET_SAFE_LJMP(stream->hlua->T);
+ return 0;
+@@ -6759,16 +6766,16 @@ static enum act_return hlua_action(struct act_rule *rule, struct proxy *px,
+ struct session *sess, struct stream *s, int flags)
+ {
+ char **arg;
+- unsigned int analyzer;
++ unsigned int hflags = 0;
+ int dir;
+ const char *error;
+ const struct buffer msg = { };
+
+ switch (rule->from) {
+- case ACT_F_TCP_REQ_CNT: analyzer = AN_REQ_INSPECT_FE ; dir = SMP_OPT_DIR_REQ; break;
+- case ACT_F_TCP_RES_CNT: analyzer = AN_RES_INSPECT ; dir = SMP_OPT_DIR_RES; break;
+- case ACT_F_HTTP_REQ: analyzer = AN_REQ_HTTP_PROCESS_FE; dir = SMP_OPT_DIR_REQ; break;
+- case ACT_F_HTTP_RES: analyzer = AN_RES_HTTP_PROCESS_BE; dir = SMP_OPT_DIR_RES; break;
++ case ACT_F_TCP_REQ_CNT: ; dir = SMP_OPT_DIR_REQ; break;
++ case ACT_F_TCP_RES_CNT: ; dir = SMP_OPT_DIR_RES; break;
++ case ACT_F_HTTP_REQ: hflags = HLUA_TXN_HTTP_RDY ; dir = SMP_OPT_DIR_REQ; break;
++ case ACT_F_HTTP_RES: hflags = HLUA_TXN_HTTP_RDY ; dir = SMP_OPT_DIR_RES; break;
+ default:
+ SEND_ERR(px, "Lua: internal error while execute action.\n");
+ return ACT_RET_CONT;
+@@ -6821,7 +6828,7 @@ static enum act_return hlua_action(struct act_rule *rule, struct proxy *px,
+ lua_rawgeti(s->hlua->T, LUA_REGISTRYINDEX, rule->arg.hlua_rule->fcn.function_ref);
+
+ /* Create and and push object stream in the stack. */
+- if (!hlua_txn_new(s->hlua->T, s, px, dir, 0)) {
++ if (!hlua_txn_new(s->hlua->T, s, px, dir, hflags)) {
+ SEND_ERR(px, "Lua function '%s': full stack.\n",
+ rule->arg.hlua_rule->fcn.name);
+ RESET_SAFE_LJMP(s->hlua->T);
+@@ -6864,9 +6871,9 @@ static enum act_return hlua_action(struct act_rule *rule, struct proxy *px,
+ case HLUA_E_AGAIN:
+ /* Set timeout in the required channel. */
+ if (s->hlua->wake_time != TICK_ETERNITY) {
+- if (analyzer & (AN_REQ_INSPECT_FE|AN_REQ_HTTP_PROCESS_FE))
++ if (dir & SMP_OPT_DIR_REQ)
+ s->req.analyse_exp = s->hlua->wake_time;
+- else if (analyzer & (AN_RES_INSPECT|AN_RES_HTTP_PROCESS_BE))
++ else
+ s->res.analyse_exp = s->hlua->wake_time;
+ }
+ /* Some actions can be wake up when a "write" event
--- /dev/null
+commit 2351ca211d655c1be9ef6d62880899102134266d
+Author: Christopher Faulet <cfaulet@haproxy.com>
+Date: Fri Jul 26 16:31:34 2019 +0200
+
+ BUG/MINOR: hlua: Only execute functions of HTTP class if the txn is HTTP ready
+
+ The flag HLUA_TXN_HTTP_RDY was added in the previous commit to know when a
+ function is called for a channel with a valid HTTP message or not. Of course it
+ also depends on the calling direction. In this commit, we allow the execution of
+ functions of the HTTP class only if this flag is set.
+
+ Nobody seems to use them from an unsupported context (for instance, trying to
+ set an HTTP header from a tcp-request rule). But it remains a bug leading to
+ undefined behaviors or crashes.
+
+ This patch may be backported to all versions since the 1.6. It depends on the
+ commits "MINOR: hlua: Add a flag on the lua txn to know in which context it can
+ be used" and "MINOR: hlua: Don't set request analyzers on response channel for
+ lua actions".
+
+ (cherry picked from commit 301eff8e215d5dc7130e1ebacd7cf8da09a4f643)
+ Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+
+diff --git a/src/hlua.c b/src/hlua.c
+index d37e3c61..4d92fa44 100644
+--- a/src/hlua.c
++++ b/src/hlua.c
+@@ -5346,7 +5346,7 @@ __LJMP static int hlua_http_req_get_headers(lua_State *L)
+ MAY_LJMP(check_args(L, 1, "req_get_headers"));
+ htxn = MAY_LJMP(hlua_checkhttp(L, 1));
+
+- if (htxn->dir != SMP_OPT_DIR_REQ)
++ if (htxn->dir != SMP_OPT_DIR_REQ || !(htxn->flags & HLUA_TXN_HTTP_RDY))
+ WILL_LJMP(lua_error(L));
+
+ return hlua_http_get_headers(L, htxn, &htxn->s->txn->req);
+@@ -5359,7 +5359,7 @@ __LJMP static int hlua_http_res_get_headers(lua_State *L)
+ MAY_LJMP(check_args(L, 1, "res_get_headers"));
+ htxn = MAY_LJMP(hlua_checkhttp(L, 1));
+
+- if (htxn->dir != SMP_OPT_DIR_RES)
++ if (htxn->dir != SMP_OPT_DIR_RES || !(htxn->flags & HLUA_TXN_HTTP_RDY))
+ WILL_LJMP(lua_error(L));
+
+ return hlua_http_get_headers(L, htxn, &htxn->s->txn->rsp);
+@@ -5399,7 +5399,7 @@ __LJMP static int hlua_http_req_rep_hdr(lua_State *L)
+ MAY_LJMP(check_args(L, 4, "req_rep_hdr"));
+ htxn = MAY_LJMP(hlua_checkhttp(L, 1));
+
+- if (htxn->dir != SMP_OPT_DIR_REQ)
++ if (htxn->dir != SMP_OPT_DIR_REQ || !(htxn->flags & HLUA_TXN_HTTP_RDY))
+ WILL_LJMP(lua_error(L));
+
+ return MAY_LJMP(hlua_http_rep_hdr(L, htxn, &htxn->s->txn->req, ACT_HTTP_REPLACE_HDR));
+@@ -5412,7 +5412,7 @@ __LJMP static int hlua_http_res_rep_hdr(lua_State *L)
+ MAY_LJMP(check_args(L, 4, "res_rep_hdr"));
+ htxn = MAY_LJMP(hlua_checkhttp(L, 1));
+
+- if (htxn->dir != SMP_OPT_DIR_RES)
++ if (htxn->dir != SMP_OPT_DIR_RES || !(htxn->flags & HLUA_TXN_HTTP_RDY))
+ WILL_LJMP(lua_error(L));
+
+ return MAY_LJMP(hlua_http_rep_hdr(L, htxn, &htxn->s->txn->rsp, ACT_HTTP_REPLACE_HDR));
+@@ -5425,7 +5425,7 @@ __LJMP static int hlua_http_req_rep_val(lua_State *L)
+ MAY_LJMP(check_args(L, 4, "req_rep_hdr"));
+ htxn = MAY_LJMP(hlua_checkhttp(L, 1));
+
+- if (htxn->dir != SMP_OPT_DIR_REQ)
++ if (htxn->dir != SMP_OPT_DIR_REQ || !(htxn->flags & HLUA_TXN_HTTP_RDY))
+ WILL_LJMP(lua_error(L));
+
+ return MAY_LJMP(hlua_http_rep_hdr(L, htxn, &htxn->s->txn->req, ACT_HTTP_REPLACE_VAL));
+@@ -5438,7 +5438,7 @@ __LJMP static int hlua_http_res_rep_val(lua_State *L)
+ MAY_LJMP(check_args(L, 4, "res_rep_val"));
+ htxn = MAY_LJMP(hlua_checkhttp(L, 1));
+
+- if (htxn->dir != SMP_OPT_DIR_RES)
++ if (htxn->dir != SMP_OPT_DIR_RES || !(htxn->flags & HLUA_TXN_HTTP_RDY))
+ WILL_LJMP(lua_error(L));
+
+ return MAY_LJMP(hlua_http_rep_hdr(L, htxn, &htxn->s->txn->rsp, ACT_HTTP_REPLACE_VAL));
+@@ -5480,7 +5480,7 @@ __LJMP static int hlua_http_req_del_hdr(lua_State *L)
+ MAY_LJMP(check_args(L, 2, "req_del_hdr"));
+ htxn = MAY_LJMP(hlua_checkhttp(L, 1));
+
+- if (htxn->dir != SMP_OPT_DIR_REQ)
++ if (htxn->dir != SMP_OPT_DIR_REQ || !(htxn->flags & HLUA_TXN_HTTP_RDY))
+ WILL_LJMP(lua_error(L));
+
+ return hlua_http_del_hdr(L, htxn, &htxn->s->txn->req);
+@@ -5493,7 +5493,7 @@ __LJMP static int hlua_http_res_del_hdr(lua_State *L)
+ MAY_LJMP(check_args(L, 2, "res_del_hdr"));
+ htxn = MAY_LJMP(hlua_checkhttp(L, 1));
+
+- if (htxn->dir != SMP_OPT_DIR_RES)
++ if (htxn->dir != SMP_OPT_DIR_RES || !(htxn->flags & HLUA_TXN_HTTP_RDY))
+ WILL_LJMP(lua_error(L));
+
+ return hlua_http_del_hdr(L, htxn, &htxn->s->txn->rsp);
+@@ -5547,7 +5547,7 @@ __LJMP static int hlua_http_req_add_hdr(lua_State *L)
+ MAY_LJMP(check_args(L, 3, "req_add_hdr"));
+ htxn = MAY_LJMP(hlua_checkhttp(L, 1));
+
+- if (htxn->dir != SMP_OPT_DIR_REQ)
++ if (htxn->dir != SMP_OPT_DIR_REQ || !(htxn->flags & HLUA_TXN_HTTP_RDY))
+ WILL_LJMP(lua_error(L));
+
+ return hlua_http_add_hdr(L, htxn, &htxn->s->txn->req);
+@@ -5560,7 +5560,7 @@ __LJMP static int hlua_http_res_add_hdr(lua_State *L)
+ MAY_LJMP(check_args(L, 3, "res_add_hdr"));
+ htxn = MAY_LJMP(hlua_checkhttp(L, 1));
+
+- if (htxn->dir != SMP_OPT_DIR_RES)
++ if (htxn->dir != SMP_OPT_DIR_RES || !(htxn->flags & HLUA_TXN_HTTP_RDY))
+ WILL_LJMP(lua_error(L));
+
+ return hlua_http_add_hdr(L, htxn, &htxn->s->txn->rsp);
+@@ -5573,7 +5573,7 @@ static int hlua_http_req_set_hdr(lua_State *L)
+ MAY_LJMP(check_args(L, 3, "req_set_hdr"));
+ htxn = MAY_LJMP(hlua_checkhttp(L, 1));
+
+- if (htxn->dir != SMP_OPT_DIR_REQ)
++ if (htxn->dir != SMP_OPT_DIR_REQ || !(htxn->flags & HLUA_TXN_HTTP_RDY))
+ WILL_LJMP(lua_error(L));
+
+ hlua_http_del_hdr(L, htxn, &htxn->s->txn->req);
+@@ -5587,7 +5587,7 @@ static int hlua_http_res_set_hdr(lua_State *L)
+ MAY_LJMP(check_args(L, 3, "res_set_hdr"));
+ htxn = MAY_LJMP(hlua_checkhttp(L, 1));
+
+- if (htxn->dir != SMP_OPT_DIR_RES)
++ if (htxn->dir != SMP_OPT_DIR_RES || !(htxn->flags & HLUA_TXN_HTTP_RDY))
+ WILL_LJMP(lua_error(L));
+
+ hlua_http_del_hdr(L, htxn, &htxn->s->txn->rsp);
+@@ -5601,7 +5601,7 @@ static int hlua_http_req_set_meth(lua_State *L)
+ size_t name_len;
+ const char *name = MAY_LJMP(luaL_checklstring(L, 2, &name_len));
+
+- if (htxn->dir != SMP_OPT_DIR_REQ)
++ if (htxn->dir != SMP_OPT_DIR_REQ || !(htxn->flags & HLUA_TXN_HTTP_RDY))
+ WILL_LJMP(lua_error(L));
+
+ lua_pushboolean(L, http_replace_req_line(0, name, name_len, htxn->p, htxn->s) != -1);
+@@ -5615,7 +5615,7 @@ static int hlua_http_req_set_path(lua_State *L)
+ size_t name_len;
+ const char *name = MAY_LJMP(luaL_checklstring(L, 2, &name_len));
+
+- if (htxn->dir != SMP_OPT_DIR_REQ)
++ if (htxn->dir != SMP_OPT_DIR_REQ || !(htxn->flags & HLUA_TXN_HTTP_RDY))
+ WILL_LJMP(lua_error(L));
+
+ lua_pushboolean(L, http_replace_req_line(1, name, name_len, htxn->p, htxn->s) != -1);
+@@ -5629,7 +5629,7 @@ static int hlua_http_req_set_query(lua_State *L)
+ size_t name_len;
+ const char *name = MAY_LJMP(luaL_checklstring(L, 2, &name_len));
+
+- if (htxn->dir != SMP_OPT_DIR_REQ)
++ if (htxn->dir != SMP_OPT_DIR_REQ || !(htxn->flags & HLUA_TXN_HTTP_RDY))
+ WILL_LJMP(lua_error(L));
+
+ /* Check length. */
+@@ -5656,7 +5656,7 @@ static int hlua_http_req_set_uri(lua_State *L)
+ size_t name_len;
+ const char *name = MAY_LJMP(luaL_checklstring(L, 2, &name_len));
+
+- if (htxn->dir != SMP_OPT_DIR_REQ)
++ if (htxn->dir != SMP_OPT_DIR_REQ || !(htxn->flags & HLUA_TXN_HTTP_RDY))
+ WILL_LJMP(lua_error(L));
+
+ lua_pushboolean(L, http_replace_req_line(3, name, name_len, htxn->p, htxn->s) != -1);
+@@ -5670,7 +5670,7 @@ static int hlua_http_res_set_status(lua_State *L)
+ unsigned int code = MAY_LJMP(luaL_checkinteger(L, 2));
+ const char *reason = MAY_LJMP(luaL_optlstring(L, 3, NULL, NULL));
+
+- if (htxn->dir != SMP_OPT_DIR_RES)
++ if (htxn->dir != SMP_OPT_DIR_RES || !(htxn->flags & HLUA_TXN_HTTP_RDY))
+ WILL_LJMP(lua_error(L));
+
+ http_set_status(code, reason, htxn->s);
--- /dev/null
+commit 3cd7a1ea5110fc6a92627aaad06553a49723ac92
+Author: Christopher Faulet <cfaulet@haproxy.com>
+Date: Mon Jul 29 10:50:28 2019 +0200
+
+ BUG/MINOR: htx: Fix free space addresses calculation during a block expansion
+
+ When the payload of a block is shrinked or enlarged, addresses of the free
+ spaces must be updated. There are many possible cases. One of them is
+ buggy. When there is only one block in the HTX message and its payload is just
+ before the tail room and it needs to be moved in the head room to be enlarged,
+ addresses are not correctly updated. This bug may be hit by the compression
+ filter.
+
+ This patch must be backported to 2.0.
+
+ (cherry picked from commit 61ed7797f6440ee1102576365553650b1982a233)
+ Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+
+diff --git a/src/htx.c b/src/htx.c
+index c29a66d7..cd21050c 100644
+--- a/src/htx.c
++++ b/src/htx.c
+@@ -252,11 +252,13 @@ static int htx_prepare_blk_expansion(struct htx *htx, struct htx_blk *blk, int32
+ ret = 1;
+ }
+ else if ((sz + delta) < headroom) {
++ uint32_t oldaddr = blk->addr;
++
+ /* Move the block's payload into the headroom */
+ blk->addr = htx->head_addr;
+ htx->tail_addr -= sz;
+ htx->head_addr += sz + delta;
+- if (blk->addr == htx->end_addr) {
++ if (oldaddr == htx->end_addr) {
+ if (htx->end_addr == htx->tail_addr) {
+ htx->tail_addr = htx->head_addr;
+ htx->head_addr = htx->end_addr = 0;
--- /dev/null
+commit 0ff395c154ad827c0c30eefc9371ba7f7c171027
+Author: Willy Tarreau <w@1wt.eu>
+Date: Tue Jul 30 11:59:34 2019 +0200
+
+ BUG/MAJOR: queue/threads: avoid an AB/BA locking issue in process_srv_queue()
+
+ A problem involving server slowstart was reported by @max2k1 in issue #197.
+ The problem is that pendconn_grab_from_px() takes the proxy lock while
+ already under the server's lock while process_srv_queue() first takes the
+ proxy's lock then the server's lock.
+
+ While the latter seems more natural, it is fundamentally incompatible with
+ mayn other operations performed on servers, namely state change propagation,
+ where the proxy is only known after the server and cannot be locked around
+ the servers. Howwever reversing the lock in process_srv_queue() is trivial
+ and only the few functions related to dynamic cookies need to be adjusted
+ for this so that the proxy's lock is taken for each server operation. This
+ is possible because the proxy's server list is built once at boot time and
+ remains stable. So this is what this patch does.
+
+ The comments in the proxy and server structs were updated to mention this
+ rule that the server's lock may not be taken under the proxy's lock but
+ may enclose it.
+
+ Another approach could consist in using a second lock for the proxy's queue
+ which would be different from the regular proxy's lock, but given that the
+ operations above are rare and operate on small servers list, there is no
+ reason for overdesigning a solution.
+
+ This fix was successfully tested with 10000 servers in a backend where
+ adjusting the dyncookies in loops over the CLI didn't have a measurable
+ impact on the traffic.
+
+ The only workaround without the fix is to disable any occurrence of
+ "slowstart" on server lines, or to disable threads using "nbthread 1".
+
+ This must be backported as far as 1.8.
+
+ (cherry picked from commit 5e83d996cf965ee5ac625f702a446f4d8c80a220)
+ Signed-off-by: Willy Tarreau <w@1wt.eu>
+
+diff --git a/include/types/proxy.h b/include/types/proxy.h
+index ca24dbfe..2518f88d 100644
+--- a/include/types/proxy.h
++++ b/include/types/proxy.h
+@@ -487,7 +487,7 @@ struct proxy {
+ * name is used
+ */
+ struct list filter_configs; /* list of the filters that are declared on this proxy */
+- __decl_hathreads(HA_SPINLOCK_T lock);
++ __decl_hathreads(HA_SPINLOCK_T lock); /* may be taken under the server's lock */
+ };
+
+ struct switching_rule {
+diff --git a/include/types/server.h b/include/types/server.h
+index 4a077268..e0534162 100644
+--- a/include/types/server.h
++++ b/include/types/server.h
+@@ -319,7 +319,7 @@ struct server {
+ } ssl_ctx;
+ #endif
+ struct dns_srvrq *srvrq; /* Pointer representing the DNS SRV requeest, if any */
+- __decl_hathreads(HA_SPINLOCK_T lock);
++ __decl_hathreads(HA_SPINLOCK_T lock); /* may enclose the proxy's lock, must not be taken under */
+ struct {
+ const char *file; /* file where the section appears */
+ struct eb32_node id; /* place in the tree of used IDs */
+diff --git a/src/proxy.c b/src/proxy.c
+index ae761ead..a537e0b1 100644
+--- a/src/proxy.c
++++ b/src/proxy.c
+@@ -1940,9 +1940,12 @@ static int cli_parse_enable_dyncookie_backend(char **args, char *payload, struct
+ if (!px)
+ return 1;
+
++ /* Note: this lock is to make sure this doesn't change while another
++ * thread is in srv_set_dyncookie().
++ */
+ HA_SPIN_LOCK(PROXY_LOCK, &px->lock);
+-
+ px->ck_opts |= PR_CK_DYNAMIC;
++ HA_SPIN_UNLOCK(PROXY_LOCK, &px->lock);
+
+ for (s = px->srv; s != NULL; s = s->next) {
+ HA_SPIN_LOCK(SERVER_LOCK, &s->lock);
+@@ -1950,8 +1953,6 @@ static int cli_parse_enable_dyncookie_backend(char **args, char *payload, struct
+ HA_SPIN_UNLOCK(SERVER_LOCK, &s->lock);
+ }
+
+- HA_SPIN_UNLOCK(PROXY_LOCK, &px->lock);
+-
+ return 1;
+ }
+
+@@ -1971,9 +1972,12 @@ static int cli_parse_disable_dyncookie_backend(char **args, char *payload, struc
+ if (!px)
+ return 1;
+
++ /* Note: this lock is to make sure this doesn't change while another
++ * thread is in srv_set_dyncookie().
++ */
+ HA_SPIN_LOCK(PROXY_LOCK, &px->lock);
+-
+ px->ck_opts &= ~PR_CK_DYNAMIC;
++ HA_SPIN_UNLOCK(PROXY_LOCK, &px->lock);
+
+ for (s = px->srv; s != NULL; s = s->next) {
+ HA_SPIN_LOCK(SERVER_LOCK, &s->lock);
+@@ -1984,8 +1988,6 @@ static int cli_parse_disable_dyncookie_backend(char **args, char *payload, struc
+ HA_SPIN_UNLOCK(SERVER_LOCK, &s->lock);
+ }
+
+- HA_SPIN_UNLOCK(PROXY_LOCK, &px->lock);
+-
+ return 1;
+ }
+
+@@ -2021,10 +2023,13 @@ static int cli_parse_set_dyncookie_key_backend(char **args, char *payload, struc
+ return 1;
+ }
+
++ /* Note: this lock is to make sure this doesn't change while another
++ * thread is in srv_set_dyncookie().
++ */
+ HA_SPIN_LOCK(PROXY_LOCK, &px->lock);
+-
+ free(px->dyncookie_key);
+ px->dyncookie_key = newkey;
++ HA_SPIN_UNLOCK(PROXY_LOCK, &px->lock);
+
+ for (s = px->srv; s != NULL; s = s->next) {
+ HA_SPIN_LOCK(SERVER_LOCK, &s->lock);
+@@ -2032,8 +2037,6 @@ static int cli_parse_set_dyncookie_key_backend(char **args, char *payload, struc
+ HA_SPIN_UNLOCK(SERVER_LOCK, &s->lock);
+ }
+
+- HA_SPIN_UNLOCK(PROXY_LOCK, &px->lock);
+-
+ return 1;
+ }
+
+diff --git a/src/queue.c b/src/queue.c
+index f4a94530..6aa54170 100644
+--- a/src/queue.c
++++ b/src/queue.c
+@@ -312,16 +312,16 @@ void process_srv_queue(struct server *s)
+ struct proxy *p = s->proxy;
+ int maxconn;
+
+- HA_SPIN_LOCK(PROXY_LOCK, &p->lock);
+ HA_SPIN_LOCK(SERVER_LOCK, &s->lock);
++ HA_SPIN_LOCK(PROXY_LOCK, &p->lock);
+ maxconn = srv_dynamic_maxconn(s);
+ while (s->served < maxconn) {
+ int ret = pendconn_process_next_strm(s, p);
+ if (!ret)
+ break;
+ }
+- HA_SPIN_UNLOCK(SERVER_LOCK, &s->lock);
+ HA_SPIN_UNLOCK(PROXY_LOCK, &p->lock);
++ HA_SPIN_UNLOCK(SERVER_LOCK, &s->lock);
+ }
+
+ /* Adds the stream <strm> to the pending connection queue of server <strm>->srv
+@@ -424,7 +424,8 @@ int pendconn_redistribute(struct server *s)
+ /* Check for pending connections at the backend, and assign some of them to
+ * the server coming up. The server's weight is checked before being assigned
+ * connections it may not be able to handle. The total number of transferred
+- * connections is returned.
++ * connections is returned. It must be called with the server lock held, and
++ * will take the proxy's lock.
+ */
+ int pendconn_grab_from_px(struct server *s)
+ {
+diff --git a/src/server.c b/src/server.c
+index a96f1ef6..236d6bae 100644
+--- a/src/server.c
++++ b/src/server.c
+@@ -125,7 +125,7 @@ static inline void srv_check_for_dup_dyncookie(struct server *s)
+ }
+
+ /*
+- * Must be called with the server lock held.
++ * Must be called with the server lock held, and will grab the proxy lock.
+ */
+ void srv_set_dyncookie(struct server *s)
+ {
+@@ -137,15 +137,17 @@ void srv_set_dyncookie(struct server *s)
+ int addr_len;
+ int port;
+
++ HA_SPIN_LOCK(PROXY_LOCK, &p->lock);
++
+ if ((s->flags & SRV_F_COOKIESET) ||
+ !(s->proxy->ck_opts & PR_CK_DYNAMIC) ||
+ s->proxy->dyncookie_key == NULL)
+- return;
++ goto out;
+ key_len = strlen(p->dyncookie_key);
+
+ if (s->addr.ss_family != AF_INET &&
+ s->addr.ss_family != AF_INET6)
+- return;
++ goto out;
+ /*
+ * Buffer to calculate the cookie value.
+ * The buffer contains the secret key + the server IP address
+@@ -174,7 +176,7 @@ void srv_set_dyncookie(struct server *s)
+ hash_value = XXH64(tmpbuf, buffer_len, 0);
+ memprintf(&s->cookie, "%016llx", hash_value);
+ if (!s->cookie)
+- return;
++ goto out;
+ s->cklen = 16;
+
+ /* Don't bother checking if the dyncookie is duplicated if
+@@ -183,6 +185,8 @@ void srv_set_dyncookie(struct server *s)
+ */
+ if (!(s->next_admin & SRV_ADMF_FMAINT))
+ srv_check_for_dup_dyncookie(s);
++ out:
++ HA_SPIN_UNLOCK(PROXY_LOCK, &p->lock);
+ }
+
+ /*
--- /dev/null
+commit da767eaaf6128eccd349a54ec6eac2a68dcacacb
+Author: Willy Tarreau <w@1wt.eu>
+Date: Wed Jul 31 19:15:45 2019 +0200
+
+ BUG/MINOR: debug: fix a small race in the thread dumping code
+
+ If a thread dump is requested from a signal handler, it may interrupt
+ a thread already waiting for a dump to complete, and may see the
+ threads_to_dump variable go to zero while others are waiting, steal
+ the lock and prevent other threads from ever completing. This tends
+ to happen when dumping many threads upon a watchdog timeout, to threads
+ waiting for their turn.
+
+ Instead now we proceed in two steps :
+ 1) the last dumped thread sets all bits again
+ 2) all threads only wait for their own bit to appear, then clear it
+ and quit
+
+ This way there's no risk that a bit performs a double flip in the same
+ loop and threads cannot get stuck here anymore.
+
+ This should be backported to 2.0 as it clarifies stack traces.
+
+ (cherry picked from commit c07736209db764fb2aef6f18ed3687a504c35771)
+ Signed-off-by: Willy Tarreau <w@1wt.eu>
+
+diff --git a/src/debug.c b/src/debug.c
+index 059bc6b9..07624ca5 100644
+--- a/src/debug.c
++++ b/src/debug.c
+@@ -440,8 +440,8 @@ void debug_handler(int sig, siginfo_t *si, void *arg)
+ * 1- wait for our turn, i.e. when all lower bits are gone.
+ * 2- perform the action if our bit is set
+ * 3- remove our bit to let the next one go, unless we're
+- * the last one and have to put them all but ours
+- * 4- wait for zero and clear our bit if it's set
++ * the last one and have to put them all as a signal
++ * 4- wait out bit to re-appear, then clear it and quit.
+ */
+
+ /* wait for all previous threads to finish first */
+@@ -454,7 +454,7 @@ void debug_handler(int sig, siginfo_t *si, void *arg)
+ ha_thread_dump(thread_dump_buffer, tid, thread_dump_tid);
+ if ((threads_to_dump & all_threads_mask) == tid_bit) {
+ /* last one */
+- HA_ATOMIC_STORE(&threads_to_dump, all_threads_mask & ~tid_bit);
++ HA_ATOMIC_STORE(&threads_to_dump, all_threads_mask);
+ thread_dump_buffer = NULL;
+ }
+ else
+@@ -462,14 +462,13 @@ void debug_handler(int sig, siginfo_t *si, void *arg)
+ }
+
+ /* now wait for all others to finish dumping. The last one will set all
+- * bits again to broadcast the leaving condition.
++ * bits again to broadcast the leaving condition so we'll see ourselves
++ * present again. This way the threads_to_dump variable never passes to
++ * zero until all visitors have stopped waiting.
+ */
+- while (threads_to_dump & all_threads_mask) {
+- if (threads_to_dump & tid_bit)
+- HA_ATOMIC_AND(&threads_to_dump, ~tid_bit);
+- else
+- ha_thread_relax();
+- }
++ while (!(threads_to_dump & tid_bit))
++ ha_thread_relax();
++ HA_ATOMIC_AND(&threads_to_dump, ~tid_bit);
+
+ /* mark the current thread as stuck to detect it upon next invocation
+ * if it didn't move.
--- /dev/null
+commit 445b2b7c52a13678241a190c4ff52e77a09ef0a6
+Author: Willy Tarreau <w@1wt.eu>
+Date: Wed Jul 31 19:20:39 2019 +0200
+
+ MINOR: wdt: also consider that waiting in the thread dumper is normal
+
+ It happens that upon looping threads the watchdog fires, starts a dump,
+ and other threads expire their budget while waiting for the other threads
+ to get dumped and trigger a watchdog event again, adding some confusion
+ to the traces. With this patch the situation becomes clearer as we export
+ the list of threads being dumped so that the watchdog can check it before
+ deciding to trigger. This way such threads in queue for being dumped are
+ not attempted to be reported in turn.
+
+ This should be backported to 2.0 as it helps understand stack traces.
+
+ (cherry picked from commit a37cb1880c81b1f038e575d88ba7210aea0b7b8f)
+ Signed-off-by: Willy Tarreau <w@1wt.eu>
+
+diff --git a/include/common/debug.h b/include/common/debug.h
+index 333203dd..f43258e9 100644
+--- a/include/common/debug.h
++++ b/include/common/debug.h
+@@ -70,6 +70,7 @@
+
+ struct task;
+ struct buffer;
++extern volatile unsigned long threads_to_dump;
+ void ha_task_dump(struct buffer *buf, const struct task *task, const char *pfx);
+ void ha_thread_dump(struct buffer *buf, int thr, int calling_tid);
+ void ha_thread_dump_all_to_trash();
+diff --git a/src/debug.c b/src/debug.c
+index 07624ca5..3077e97c 100644
+--- a/src/debug.c
++++ b/src/debug.c
+@@ -29,6 +29,11 @@
+ #include <proto/stream_interface.h>
+ #include <proto/task.h>
+
++/* mask of threads still having to dump, used to respect ordering. Only used
++ * when USE_THREAD_DUMP is set.
++ */
++volatile unsigned long threads_to_dump = 0;
++
+ /* Dumps to the buffer some known information for the desired thread, and
+ * optionally extra info for the current thread. The dump will be appended to
+ * the buffer, so the caller is responsible for preliminary initializing it.
+@@ -405,9 +410,6 @@ void ha_thread_dump_all_to_trash()
+ */
+ #define DEBUGSIG SIGURG
+
+-/* mask of threads still having to dump, used to respect ordering */
+-static volatile unsigned long threads_to_dump;
+-
+ /* ID of the thread requesting the dump */
+ static unsigned int thread_dump_tid;
+
+diff --git a/src/wdt.c b/src/wdt.c
+index 19d36c34..aa89fd44 100644
+--- a/src/wdt.c
++++ b/src/wdt.c
+@@ -75,7 +75,7 @@ void wdt_handler(int sig, siginfo_t *si, void *arg)
+ if (n - p < 1000000000UL)
+ goto update_and_leave;
+
+- if ((threads_harmless_mask|sleeping_thread_mask) & (1UL << thr)) {
++ if ((threads_harmless_mask|sleeping_thread_mask|threads_to_dump) & (1UL << thr)) {
+ /* This thread is currently doing exactly nothing
+ * waiting in the poll loop (unlikely but possible),
+ * waiting for all other threads to join the rendez-vous
--- /dev/null
+commit 0fc2d46fabb2b9317daf7030162e828c7e1684d5
+Author: Christopher Faulet <cfaulet@haproxy.com>
+Date: Thu Aug 1 10:09:29 2019 +0200
+
+ BUG/MEDIUM: lb-chash: Ensure the tree integrity when server weight is increased
+
+ When the server weight is increased in consistant hash, extra nodes have to be
+ allocated. So a realloc() is performed on the nodes array of the server. the
+ previous commit 962ea7732 ("BUG/MEDIUM: lb-chash: Remove all server's entries
+ before realloc() to re-insert them after") have fixed the size used during the
+ realloc() to avoid segfaults. But another bug remains. After the realloc(), the
+ memory area allocated for the nodes array may change, invalidating all node
+ addresses in the chash tree.
+
+ So, to fix the bug, we must remove all server's entries from the chash tree
+ before the realloc to insert all of them after, old nodes and new ones. The
+ insert will be automatically handled by the loop at the end of the function
+ chash_queue_dequeue_srv().
+
+ Note that if the call to realloc() failed, no new entries will be created for
+ the server, so the effective server weight will be unchanged.
+
+ This issue was reported on Github (#189).
+
+ This patch must be backported to all versions since the 1.6.
+
+ (cherry picked from commit 0a52c17f819a5b0a17718b605bdd990b9e2b58e6)
+ Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+
+diff --git a/src/lb_chash.c b/src/lb_chash.c
+index 0bf4e81a..23448df8 100644
+--- a/src/lb_chash.c
++++ b/src/lb_chash.c
+@@ -84,8 +84,13 @@ static inline void chash_queue_dequeue_srv(struct server *s)
+ * increased the weight beyond the original weight
+ */
+ if (s->lb_nodes_tot < s->next_eweight) {
+- struct tree_occ *new_nodes = realloc(s->lb_nodes, s->next_eweight * sizeof(*new_nodes));
++ struct tree_occ *new_nodes;
+
++ /* First we need to remove all server's entries from its tree
++ * because the realloc will change all nodes pointers */
++ chash_dequeue_srv(s);
++
++ new_nodes = realloc(s->lb_nodes, s->next_eweight * sizeof(*new_nodes));
+ if (new_nodes) {
+ unsigned int j;
+
+@@ -494,7 +499,6 @@ void chash_init_server_tree(struct proxy *p)
+ srv->lb_nodes_tot = srv->uweight * BE_WEIGHT_SCALE;
+ srv->lb_nodes_now = 0;
+ srv->lb_nodes = calloc(srv->lb_nodes_tot, sizeof(struct tree_occ));
+-
+ for (node = 0; node < srv->lb_nodes_tot; node++) {
+ srv->lb_nodes[node].server = srv;
+ srv->lb_nodes[node].node.key = full_hash(srv->puid * SRV_EWGHT_RANGE + node);
--- /dev/null
+commit c0968f59b723dfa9effa63ac28b59642b11c6b8b
+Author: Richard Russo <russor@whatsapp.com>
+Date: Wed Jul 31 11:45:56 2019 -0700
+
+ BUG/MAJOR: http/sample: use a static buffer for raw -> htx conversion
+
+ Multiple calls to smp_fetch_fhdr use the header context to keep track of
+ header parsing position; however, when using header sampling on a raw
+ connection, the raw buffer is converted into an HTX structure each time, and
+ this was done in the trash areas; so the block reference would be invalid on
+ subsequent calls.
+
+ This patch must be backported to 2.0 and 1.9.
+
+ (cherry picked from commit 458eafb36df88932a02d1ce7ca31832abf11b8b3)
+ Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+
+diff --git a/src/http_fetch.c b/src/http_fetch.c
+index 67ea2094..e372a122 100644
+--- a/src/http_fetch.c
++++ b/src/http_fetch.c
+@@ -46,10 +46,40 @@
+ /* this struct is used between calls to smp_fetch_hdr() or smp_fetch_cookie() */
+ static THREAD_LOCAL struct hdr_ctx static_hdr_ctx;
+ static THREAD_LOCAL struct http_hdr_ctx static_http_hdr_ctx;
++/* this is used to convert raw connection buffers to htx */
++static THREAD_LOCAL struct buffer static_raw_htx_chunk;
++static THREAD_LOCAL char *static_raw_htx_buf;
+
+ #define SMP_REQ_CHN(smp) (smp->strm ? &smp->strm->req : NULL)
+ #define SMP_RES_CHN(smp) (smp->strm ? &smp->strm->res : NULL)
+
++/* This function returns the static htx chunk, where raw connections get
++ * converted to HTX as needed for samplxsing.
++ */
++struct buffer *get_raw_htx_chunk(void)
++{
++ chunk_reset(&static_raw_htx_chunk);
++ return &static_raw_htx_chunk;
++}
++
++static int alloc_raw_htx_chunk_per_thread()
++{
++ static_raw_htx_buf = malloc(global.tune.bufsize);
++ if (!static_raw_htx_buf)
++ return 0;
++ chunk_init(&static_raw_htx_chunk, static_raw_htx_buf, global.tune.bufsize);
++ return 1;
++}
++
++static void free_raw_htx_chunk_per_thread()
++{
++ free(static_raw_htx_buf);
++ static_raw_htx_buf = NULL;
++}
++
++REGISTER_PER_THREAD_ALLOC(alloc_raw_htx_chunk_per_thread);
++REGISTER_PER_THREAD_FREE(free_raw_htx_chunk_per_thread);
++
+ /*
+ * Returns the data from Authorization header. Function may be called more
+ * than once so data is stored in txn->auth_data. When no header is found
+@@ -265,7 +295,7 @@ struct htx *smp_prefetch_htx(struct sample *smp, struct channel *chn, int vol)
+ else if (h1m.flags & H1_MF_CLEN)
+ flags |= HTX_SL_F_CLEN;
+
+- htx = htx_from_buf(get_trash_chunk());
++ htx = htx_from_buf(get_raw_htx_chunk());
+ sl = htx_add_stline(htx, HTX_BLK_REQ_SL, flags, h1sl.rq.m, h1sl.rq.u, h1sl.rq.v);
+ if (!sl || !htx_add_all_headers(htx, hdrs))
+ return NULL;
--- /dev/null
+commit 7343c710152c586a232a194ef37a56af636d6a56
+Author: Willy Tarreau <w@1wt.eu>
+Date: Thu Aug 1 18:51:38 2019 +0200
+
+ BUG/MINOR: stream-int: also update analysers timeouts on activity
+
+ Between 1.6 and 1.7, some parts of the stream forwarding process were
+ moved into lower layers and the stream-interface had to keep the
+ stream's task up to date regarding the timeouts. The analyser timeouts
+ were not updated there as it was believed this was not needed during
+ forwarding, but actually there is a case for this which is "option
+ contstats" which periodically triggers the analyser timeout, and this
+ change broke the option in case of sustained traffic (if there is some
+ I/O activity during the same millisecond as the timeout expires, then
+ the update will be missed).
+
+ This patch simply brings back the analyser expiration updates from
+ process_stream() to stream_int_notify().
+
+ It may be backported as far as 1.7, taking care to adjust the fields
+ names if needed.
+
+ (cherry picked from commit 45bcb37f0f8fa1e16dd9358a59dc280a38834dcd)
+ Signed-off-by: Willy Tarreau <w@1wt.eu>
+
+diff --git a/src/stream_interface.c b/src/stream_interface.c
+index 9b9a8e9f..7d89cc90 100644
+--- a/src/stream_interface.c
++++ b/src/stream_interface.c
+@@ -558,6 +558,16 @@ static void stream_int_notify(struct stream_interface *si)
+ task->expire = tick_first((tick_is_expired(task->expire, now_ms) ? 0 : task->expire),
+ tick_first(tick_first(ic->rex, ic->wex),
+ tick_first(oc->rex, oc->wex)));
++
++ task->expire = tick_first(task->expire, ic->analyse_exp);
++ task->expire = tick_first(task->expire, oc->analyse_exp);
++
++ if (si->exp)
++ task->expire = tick_first(task->expire, si->exp);
++
++ if (sio->exp)
++ task->expire = tick_first(task->expire, sio->exp);
++
+ task_queue(task);
+ }
+ if (ic->flags & CF_READ_ACTIVITY)
--- /dev/null
+commit a8fcdacb8cc0dddec72b1ddc4d9afc92d3684acd
+Author: Willy Tarreau <w@1wt.eu>
+Date: Fri Aug 2 07:48:47 2019 +0200
+
+ BUG/MEDIUM: mux-h2: unbreak receipt of large DATA frames
+
+ Recent optimization in commit 4d7a88482 ("MEDIUM: mux-h2: don't try to
+ read more than needed") broke the receipt of large DATA frames because
+ it would unconditionally subscribe if there was some room left, thus
+ preventing any new rx from being done since subscription may only be
+ done once the end was reached, as indicated by ret == 0.
+
+ However, fixing this uncovered that in HTX mode previous versions might
+ occasionally be affected as well, when an available frame is the same
+ size as the maximum data that may fit into an HTX buffer, we may end
+ up reading that whole frame and still subscribe since it's still allowed
+ to receive, thus causing issues to read the next frame.
+
+ This patch will only work for 2.1-dev but a minor adaptation will be
+ needed for earlier versions (down to 1.9, where subscribe() was added).
+
+ (cherry picked from commit 9bc1c95855b9c6300de5ecf3720cbe4b2558c5a1)
+ Signed-off-by: Willy Tarreau <w@1wt.eu>
+
+diff --git a/src/mux_h2.c b/src/mux_h2.c
+index 5bb85181..d605fe94 100644
+--- a/src/mux_h2.c
++++ b/src/mux_h2.c
+@@ -2766,7 +2766,7 @@ static int h2_recv(struct h2c *h2c)
+ ret = 0;
+ } while (ret > 0);
+
+- if (h2_recv_allowed(h2c) && (b_data(buf) < buf->size))
++ if (max && !ret && h2_recv_allowed(h2c))
+ conn->xprt->subscribe(conn, conn->xprt_ctx, SUB_RETRY_RECV, &h2c->wait_event);
+
+ if (!b_data(buf)) {
--- /dev/null
+commit 5a9c875f0f1ee83bd5889dd1ad53e9da43e6c34e
+Author: Willy Tarreau <w@1wt.eu>
+Date: Fri Aug 2 07:52:08 2019 +0200
+
+ BUG/MEDIUM: mux-h2: split the stream's and connection's window sizes
+
+ The SETTINGS frame parser updates all streams' window for each
+ INITIAL_WINDOW_SIZE setting received on the connection (like h2spec
+ does in test 6.5.3), which can start to be expensive if repeated when
+ there are many streams (up to 100 by default). A quick test shows that
+ it's possible to parse only 35000 settings per second on a 3 GHz core
+ for 100 streams, which is rather small.
+
+ Given that window sizes are relative and may be negative, there's no
+ point in pre-initializing them for each stream and update them from
+ the settings. Instead, let's make them relative to the connection's
+ initial window size so that any change immediately affects all streams.
+ The only thing that remains needed is to wake up the streams that were
+ unblocked by the update, which is now done once at the end of
+ h2_process_demux() instead of once per setting. This now results in
+ 5.7 million settings being processed per second, which is way better.
+
+ In order to keep the change small, the h2s' mws field was renamed to
+ "sws" for "stream window size", and an h2s_mws() function was added
+ to add it to the connection's initial window setting and determine the
+ window size to use when muxing. The h2c_update_all_ws() function was
+ renamed to h2c_unblock_sfctl() since it's now only used to unblock
+ previously blocked streams.
+
+ This needs to be backported to all versions till 1.8.
+
+ (cherry picked from commit 1d4a0f88100daeb17dd0c9470c659b1ec288bc07)
+ [wt: context adjustment, port to legacy parts]
+ Signed-off-by: Willy Tarreau <w@1wt.eu>
+
+diff --git a/src/mux_h2.c b/src/mux_h2.c
+index d605fe94..f90e9435 100644
+--- a/src/mux_h2.c
++++ b/src/mux_h2.c
+@@ -208,7 +208,7 @@ struct h2s {
+ struct eb32_node by_id; /* place in h2c's streams_by_id */
+ int32_t id; /* stream ID */
+ uint32_t flags; /* H2_SF_* */
+- int mws; /* mux window size for this stream */
++ int sws; /* stream window size, to be added to the mux's initial window size */
+ enum h2_err errcode; /* H2 err code (H2_ERR_*) */
+ enum h2_ss st;
+ uint16_t status; /* HTTP response status */
+@@ -707,6 +707,14 @@ static inline __maybe_unused int h2s_id(const struct h2s *h2s)
+ return h2s ? h2s->id : 0;
+ }
+
++/* returns the sum of the stream's own window size and the mux's initial
++ * window, which together form the stream's effective window size.
++ */
++static inline int h2s_mws(const struct h2s *h2s)
++{
++ return h2s->sws + h2s->h2c->miw;
++}
++
+ /* returns true of the mux is currently busy as seen from stream <h2s> */
+ static inline __maybe_unused int h2c_mux_busy(const struct h2c *h2c, const struct h2s *h2s)
+ {
+@@ -945,7 +953,7 @@ static struct h2s *h2s_new(struct h2c *h2c, int id)
+ LIST_INIT(&h2s->sending_list);
+ h2s->h2c = h2c;
+ h2s->cs = NULL;
+- h2s->mws = h2c->miw;
++ h2s->sws = 0;
+ h2s->flags = H2_SF_NONE;
+ h2s->errcode = H2_ERR_NO_ERROR;
+ h2s->st = H2_SS_IDLE;
+@@ -1543,30 +1551,23 @@ static void h2_wake_some_streams(struct h2c *h2c, int last)
+ }
+ }
+
+-/* Increase all streams' outgoing window size by the difference passed in
+- * argument. This is needed upon receipt of the settings frame if the initial
+- * window size is different. The difference may be negative and the resulting
+- * window size as well, for the time it takes to receive some window updates.
++/* Wake up all blocked streams whose window size has become positive after the
++ * mux's initial window was adjusted. This should be done after having processed
++ * SETTINGS frames which have updated the mux's initial window size.
+ */
+-static void h2c_update_all_ws(struct h2c *h2c, int diff)
++static void h2c_unblock_sfctl(struct h2c *h2c)
+ {
+ struct h2s *h2s;
+ struct eb32_node *node;
+
+- if (!diff)
+- return;
+-
+ node = eb32_first(&h2c->streams_by_id);
+ while (node) {
+ h2s = container_of(node, struct h2s, by_id);
+- h2s->mws += diff;
+-
+- if (h2s->mws > 0 && (h2s->flags & H2_SF_BLK_SFCTL)) {
++ if (h2s->flags & H2_SF_BLK_SFCTL && h2s_mws(h2s) > 0) {
+ h2s->flags &= ~H2_SF_BLK_SFCTL;
+ if (h2s->send_wait && !LIST_ADDED(&h2s->list))
+ LIST_ADDQ(&h2c->send_list, &h2s->list);
+ }
+-
+ node = eb32_next(node);
+ }
+ }
+@@ -1607,7 +1608,6 @@ static int h2c_handle_settings(struct h2c *h2c)
+ error = H2_ERR_FLOW_CONTROL_ERROR;
+ goto fail;
+ }
+- h2c_update_all_ws(h2c, arg - h2c->miw);
+ h2c->miw = arg;
+ break;
+ case H2_SETTINGS_MAX_FRAME_SIZE:
+@@ -1869,13 +1869,13 @@ static int h2c_handle_window_update(struct h2c *h2c, struct h2s *h2s)
+ goto strm_err;
+ }
+
+- if (h2s->mws >= 0 && h2s->mws + inc < 0) {
++ if (h2s_mws(h2s) >= 0 && h2s_mws(h2s) + inc < 0) {
+ error = H2_ERR_FLOW_CONTROL_ERROR;
+ goto strm_err;
+ }
+
+- h2s->mws += inc;
+- if (h2s->mws > 0 && (h2s->flags & H2_SF_BLK_SFCTL)) {
++ h2s->sws += inc;
++ if (h2s_mws(h2s) > 0 && (h2s->flags & H2_SF_BLK_SFCTL)) {
+ h2s->flags &= ~H2_SF_BLK_SFCTL;
+ if (h2s->send_wait && !LIST_ADDED(&h2s->list))
+ LIST_ADDQ(&h2c->send_list, &h2s->list);
+@@ -2237,6 +2237,7 @@ static void h2_process_demux(struct h2c *h2c)
+ struct h2s *h2s = NULL, *tmp_h2s;
+ struct h2_fh hdr;
+ unsigned int padlen = 0;
++ int32_t old_iw = h2c->miw;
+
+ if (h2c->st0 >= H2_CS_ERROR)
+ return;
+@@ -2625,6 +2626,9 @@ static void h2_process_demux(struct h2c *h2c)
+ h2s_notify_recv(h2s);
+ }
+
++ if (old_iw != h2c->miw)
++ h2c_unblock_sfctl(h2c);
++
+ h2c_restart_reading(h2c, 0);
+ }
+
+@@ -4259,8 +4263,8 @@ static size_t h2s_frt_make_resp_data(struct h2s *h2s, const struct buffer *buf,
+ if (size > max)
+ size = max;
+
+- if (size > h2s->mws)
+- size = h2s->mws;
++ if (size > h2s_mws(h2s))
++ size = h2s_mws(h2s);
+
+ if (size <= 0) {
+ h2s->flags |= H2_SF_BLK_SFCTL;
+@@ -4362,7 +4366,7 @@ static size_t h2s_frt_make_resp_data(struct h2s *h2s, const struct buffer *buf,
+ ofs += size;
+ total += size;
+ h1m->curr_len -= size;
+- h2s->mws -= size;
++ h2s->sws -= size;
+ h2c->mws -= size;
+
+ if (size && !h1m->curr_len && (h1m->flags & H1_MF_CHNK)) {
+@@ -4390,7 +4394,7 @@ static size_t h2s_frt_make_resp_data(struct h2s *h2s, const struct buffer *buf,
+ }
+
+ end:
+- trace("[%d] sent simple H2 DATA response (sid=%d) = %d bytes out (%u in, st=%s, ep=%u, es=%s, h2cws=%d h2sws=%d) data=%u", h2c->st0, h2s->id, size+9, (unsigned int)total, h1m_state_str(h1m->state), h1m->err_pos, h1m_state_str(h1m->err_state), h2c->mws, h2s->mws, (unsigned int)b_data(buf));
++ trace("[%d] sent simple H2 DATA response (sid=%d) = %d bytes out (%u in, st=%s, ep=%u, es=%s, h2cws=%d h2sws=%d) data=%u", h2c->st0, h2s->id, size+9, (unsigned int)total, h1m_state_str(h1m->state), h1m->err_pos, h1m_state_str(h1m->err_state), h2c->mws, h2s_mws(h2s), (unsigned int)b_data(buf));
+ return total;
+ }
+
+@@ -4937,7 +4941,7 @@ static size_t h2s_htx_frt_make_resp_data(struct h2s *h2s, struct buffer *buf, si
+ */
+ if (unlikely(fsize == count &&
+ htx->used == 1 && type == HTX_BLK_DATA &&
+- fsize <= h2s->mws && fsize <= h2c->mws && fsize <= h2c->mfs)) {
++ fsize <= h2s_mws(h2s) && fsize <= h2c->mws && fsize <= h2c->mfs)) {
+ void *old_area = mbuf->area;
+
+ if (b_data(mbuf)) {
+@@ -4972,7 +4976,7 @@ static size_t h2s_htx_frt_make_resp_data(struct h2s *h2s, struct buffer *buf, si
+ h2_set_frame_size(outbuf.area, fsize);
+
+ /* update windows */
+- h2s->mws -= fsize;
++ h2s->sws -= fsize;
+ h2c->mws -= fsize;
+
+ /* and exchange with our old area */
+@@ -5024,7 +5028,7 @@ static size_t h2s_htx_frt_make_resp_data(struct h2s *h2s, struct buffer *buf, si
+ if (!fsize)
+ goto send_empty;
+
+- if (h2s->mws <= 0) {
++ if (h2s_mws(h2s) <= 0) {
+ h2s->flags |= H2_SF_BLK_SFCTL;
+ if (LIST_ADDED(&h2s->list))
+ LIST_DEL_INIT(&h2s->list);
+@@ -5034,8 +5038,8 @@ static size_t h2s_htx_frt_make_resp_data(struct h2s *h2s, struct buffer *buf, si
+ if (fsize > count)
+ fsize = count;
+
+- if (fsize > h2s->mws)
+- fsize = h2s->mws; // >0
++ if (fsize > h2s_mws(h2s))
++ fsize = h2s_mws(h2s); // >0
+
+ if (h2c->mfs && fsize > h2c->mfs)
+ fsize = h2c->mfs; // >0
+@@ -5071,7 +5075,7 @@ static size_t h2s_htx_frt_make_resp_data(struct h2s *h2s, struct buffer *buf, si
+
+ /* now let's copy this this into the output buffer */
+ memcpy(outbuf.area + 9, htx_get_blk_ptr(htx, blk), fsize);
+- h2s->mws -= fsize;
++ h2s->sws -= fsize;
+ h2c->mws -= fsize;
+ count -= fsize;
+
--- /dev/null
+--- a/Makefile
++++ b/Makefile
+@@ -327,6 +327,15 @@ ifeq ($(TARGET),linux-glibc)
+ USE_GETADDRINFO)
+ endif
+
++# For linux >= 2.6.28 and uclibc
++ifeq ($(TARGET),linux-uclibc)
++ set_target_defaults = $(call default_opts, \
++ USE_POLL USE_TPROXY USE_DL USE_RT USE_NETFILTER \
++ USE_CPU_AFFINITY USE_THREAD USE_EPOLL USE_FUTEX USE_LINUX_TPROXY \
++ USE_ACCEPT4 USE_LINUX_SPLICE USE_PRCTL USE_THREAD_DUMP USE_NS USE_TFO \
++ USE_GETADDRINFO)
++endif
++
+ # Solaris 8 and above
+ ifeq ($(TARGET),solaris)
+ # We also enable getaddrinfo() which works since solaris 8.
--- /dev/null
+--- a/include/common/openssl-compat.h
++++ b/include/common/openssl-compat.h
+@@ -217,7 +217,8 @@ static inline int EVP_PKEY_base_id(EVP_PKEY *pkey)
+ #define TLSEXT_signature_ecdsa 3
+ #endif
+
+-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || (LIBRESSL_VERSION_NUMBER < 0x20700000L)
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || \
++ (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x20700000L))
+ #define X509_getm_notBefore X509_get_notBefore
+ #define X509_getm_notAfter X509_get_notAfter
+ #endif
DEPENDS:=+libpcap
TITLE:=hcxdumptool
URL:=https://github.com/ZerBea/hcxdumptool
- SUBMENU:=wireless
+ SUBMENU:=Wireless
endef
define Package/hcxdumptool/description
DEPENDS:=+libpthread +libpcap +zlib +libcurl +libopenssl
TITLE:=hcxtools
URL:=https://github.com/ZerBea/hcxtools
- SUBMENU:=wireless
+ SUBMENU:=Wireless
endef
define Package/hcxtools/description
define Package/horst
SECTION:=net
CATEGORY:=Network
- SUBMENU:=wireless
+ SUBMENU:=Wireless
DEPENDS:=+libncurses +libnl-tiny
MAINTAINER:=Bruno Randolf <br1@einfach.org>
TITLE:=Highly Optimized 802.11 Radio Scanning Tool
include $(TOPDIR)/rules.mk
PKG_NAME:=i2pd
-PKG_VERSION:=2.24.0
+PKG_VERSION:=2.26.0
PKG_RELEASE:=1
PKG_BUILD_PARALLEL:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/PurpleI2P/i2pd/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=809b37100f0f176432b01ab6edee96dc62b0f65d5bf7531e008a87117e742566
+PKG_HASH:=2ae18978c8796bb6b45bc8cfe4e1f25377e0cfc9fcf9f46054b09dc3384eef63
PKG_MAINTAINER:=David Yang <mmyangfl@gmail.com>
PKG_LICENSE:=BSD-3-Clause
-start_service() {
+i2pd_start() {
+ local cfg="$1"
local data_dir
local addressbook_dir
- config_load i2pd
-
- config_get data_dir i2pd data_dir
- config_get addressbook_dir i2pd addressbook_dir
+ config_get data_dir "$cfg" data_dir
+ config_get addressbook_dir "$cfg" addressbook_dir
## Setting up data dir
if [ ! -d "$data_dir" ]; then
procd_set_param pidfile "$PIDFILE"
procd_close_instance
}
+
+
+start_service() {
+ local instance="$1"
+ local instance_found=0
+
+ config_cb() {
+ local type="$1"
+ local name="$2"
+ if [ "$type" = "i2pd" ]; then
+ if [ -n "$instance" ] && [ "$instance" = "$name" ]; then
+ instance_found=1
+ fi
+ fi
+ }
+
+ config_load i2pd
+
+ if [ -n "$instance" ]; then
+ [ "$instance_found" -gt 0 ] || return
+ i2pd_start "$instance"
+ else
+ config_foreach i2pd_start i2pd
+ fi
+}
include $(TOPDIR)/rules.mk
PKG_NAME:=ipvsadm
-PKG_VERSION:=1.29
+PKG_VERSION:=1.30
PKG_MAINTAINER:=Mauro Mozzarelli <mauro@ezplanet.org>, \
Florian Eckert <fe@dev.tdt.de>
-PKG_LICENSE:=GPL-2.0+
+PKG_LICENSE:=GPL-2.0-or-later
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=https://www.kernel.org/pub/linux/utils/kernel/ipvsadm/
-PKG_HASH:=c3de4a21d90a02c621f0c72ee36a7aa27374b6f29fd4178f33fbf71b4c66c149
+PKG_SOURCE_URL:=@KERNEL/linux/utils/kernel/ipvsadm/
+PKG_HASH:=95573d70df473c9f63fc4ac496c044c69e3a6de7ccac119922210c0b44cd7a0c
PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
CATEGORY:=Network
TITLE:=IP Virtual Server Configuration Manager
URL:=http://www.linuxvirtualserver.org
- DEPENDS:= +kmod-nf-ipvs +libnl-tiny +libpopt
+ DEPENDS:= +kmod-nf-ipvs +libnl-genl +libpopt
endef
define Package/ipvsadm/description
network services based on a cluster of two or more nodes.
endef
-TARGET_CFLAGS += \
- -D_GNU_SOURCE \
- -I$(STAGING_DIR)/usr/include/libnl-tiny
-
-define Build/Compile
- CFLAGS="$(TARGET_CFLAGS)" \
- $(MAKE) -C $(PKG_BUILD_DIR) \
- CC="$(TARGET_CC)" \
- LIBS="$(TARGET_LDFLAGS) -lnl-tiny -lpopt"
-endef
-
define Package/ipvsadm/install
$(INSTALL_DIR) $(1)/sbin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/ipvsadm $(1)/sbin/
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=kcptun
+PKG_VERSION:=20190725
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/xtaci/kcptun/tar.gz/v${PKG_VERSION}?
+PKG_HASH:=65c0d0d4f7e3bb3c3b91e23ff2eb6621455d6d376a4f17e6fb2017337ce711c1
+
+PKG_MAINTAINER:=Dengfeng Liu <liudf0716@gmail.com>
+PKG_LICENSE:=MIT
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_BUILD_DEPENDS:=golang/host
+PKG_BUILD_PARALLEL:=1
+PKG_USE_MIPS16:=0
+
+GO_PKG:=github.com/xtaci/kcptun
+
+include $(INCLUDE_DIR)/package.mk
+include ../../lang/golang/golang-package.mk
+
+define Package/kcptun/template
+ SECTION:=net
+ CATEGORY:=Network
+ SUBMENU:=Web Servers/Proxies
+ TITLE:=KCP-based Secure Tunnel
+ URL:=https://github.com/xtaci/kcptun
+ DEPENDS:=$(GO_ARCH_DEPENDS)
+endef
+
+define Package/kcptun-c
+ $(call Package/kcptun/template)
+ TITLE+= (client)
+endef
+
+define Package/kcptun-s
+ $(call Package/kcptun/template)
+ TITLE+= (server)
+endef
+
+define Package/kcptun/description
+ kcptun is a Stable & Secure Tunnel Based On KCP with N:M Multiplexing
+endef
+Package/kcptun-c/description = $(Package/kcptun/description)
+Package/kcptun-s/description = $(Package/kcptun/description)
+
+GO_PKG_LDFLAGS_X:=main.VERSION=$(PKG_VERSION)
+GO_PKG_LDFLAGS:=-s -w
+
+define Package/kcptun/install
+ $(call GoPackage/Package/Install/Bin,$(PKG_INSTALL_DIR))
+
+ $(INSTALL_DIR) $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/$(2) $(1)/usr/bin/$(3)
+ $(INSTALL_DIR) $(1)/etc/config/
+ $(INSTALL_CONF) ./files/$(3).conf $(1)/etc/config/$(3)
+ $(INSTALL_DIR) $(1)/etc/init.d/
+ $(INSTALL_BIN) ./files/$(3).init $(1)/etc/init.d/$(3)
+endef
+
+define Package/kcptun-c/install
+ $(call Package/kcptun/install,$(1),client,kcptun-c)
+endef
+
+define Package/kcptun-s/install
+ $(call Package/kcptun/install,$(1),server,kcptun-s)
+endef
+
+$(eval $(call GoBinPackage,kcptun-c))
+$(eval $(call BuildPackage,kcptun-c))
+$(eval $(call GoBinPackage,kcptun-s))
+$(eval $(call BuildPackage,kcptun-s))
--- /dev/null
+config kcptun
+ option local_port 12948 # this port should be your service port
+ option remote_ip 'your vps ip'
+ option remote_port 29900
+ option mode 'fast'
+ option nocomp 1
+ option sndwnd 128
+ option rcvwnd 512
+ option disabled 1 # set 0 to enable it
--- /dev/null
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2019 Dengfeng Liu
+
+START=99
+
+USE_PROCD=1
+NAME=kcptun-c
+PROG=/usr/bin/${NAME}
+
+validate_section_kcptun()
+{
+ uci_load_validate "${NAME}" kcptun "$1" "$2" \
+ 'local_port:port' \
+ 'remote_ip:string' \
+ 'remote_port:port' \
+ 'mode:string' \
+ 'nocomp:bool' \
+ 'sndwnd:uinteger' \
+ 'rcvwnd:uinteger' \
+ 'disabled:bool'
+}
+
+kcptun_instance()
+{
+ [ "$2" = 0 ] || {
+ echo "validation failed"
+ return 1
+ }
+
+ [ "${disabled}" = "1" ] && return 1
+
+ [ "${local_port}" -gt 0 ] && [ "${local_port}" -lt 65536 ] || return 1
+
+ [ "${remote_port}" -gt 0 ] && [ "${remote_port}" -lt 65536 ] || return 1
+
+ [ -n "${remote_ip}" ] || {
+ return 1
+ }
+
+ procd_open_instance
+ procd_set_param command "${PROG}"
+ procd_append_param command --localaddr ":${local_port}"
+ procd_append_param command --remoteaddr "${remote_ip}:${remote_port}"
+ [ -n "${mode}" ] && procd_append_param command --mode "${mode}"
+ [ "${nocomp}" -eq 1 ] && procd_append_param command --nocomp
+ [ "${sndwnd}" -gt 0 ] && procd_append_param command --sndwnd "${sndwnd}"
+ [ "${rcvwnd}" -gt 0 ] && procd_append_param command --rcvwnd "${rcvwnd}"
+ procd_set_param respawn
+ procd_close_instance
+}
+
+start_service()
+{
+ config_load "${NAME}"
+ config_foreach validate_section_kcptun kcptun kcptun_instance
+}
--- /dev/null
+config kcptun
+ option local_port 29900
+ option target_ip '127.0.0.1'
+ option target_port 12948 # this port should be your service port
+ option mode 'fast'
+ option nocomp 1
+ option sndwnd 1024
+ option rcvwnd 1024
+ option disabled 1 # set 0 to enable it
--- /dev/null
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2019 Dengfeng Liu
+
+START=99
+
+USE_PROCD=1
+NAME=kcptun-s
+PROG=/usr/bin/${NAME}
+
+validate_section_kcptun()
+{
+ uci_load_validate "${NAME}" kcptun "$1" "$2" \
+ 'local_port:port' \
+ 'target_ip:string' \
+ 'target_port:port' \
+ 'mode:string' \
+ 'nocomp:bool' \
+ 'sndwnd:uinteger' \
+ 'rcvwnd:uinteger' \
+ 'disabled:bool'
+}
+
+kcptun_instance()
+{
+ [ "$2" = 0 ] || {
+ echo "validation failed"
+ return 1
+ }
+
+ [ "${disabled}" = "1" ] && return 1
+
+ [ "${local_port}" -gt 0 ] && [ "${local_port}" -lt 65536 ] || return 1
+
+ [ "${target_port}" -gt 0 ] && [ "${target_port}" -lt 65536 ] || return 1
+
+ [ -n "${target_ip}" ] || {
+ return 1
+ }
+
+ procd_open_instance
+ procd_set_param command "${PROG}"
+ procd_append_param command --listen ":${local_port}"
+ procd_append_param command --target "${target_ip}:${target_port}"
+ [ -n "${mode}" ] && procd_append_param command --mode "${mode}"
+ [ "${nocomp}" -eq 1 ] && procd_append_param command --nocomp
+ [ "${sndwnd}" -gt 0 ] && procd_append_param command --sndwnd "${sndwnd}"
+ [ "${rcvwnd}" -gt 0 ] && procd_append_param command --rcvwnd "${rcvwnd}"
+ procd_set_param respawn
+ procd_close_instance
+}
+
+start_service()
+{
+ config_load "${NAME}"
+ config_foreach validate_section_kcptun kcptun kcptun_instance
+}
define Package/kea-admin
$(call Package/kea/Default)
TITLE+= Admin
- DEPENDS:= +kea-libs +python3
+ DEPENDS:= +kea-libs
endef
define Package/kea-ctrl
include $(TOPDIR)/rules.mk
PKG_NAME:=keepalived
-PKG_VERSION:=2.0.16
+PKG_VERSION:=2.0.18
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.keepalived.org/software
-PKG_HASH:=f0c7dc86147a286913c1c2c918f557735016285d25779d4d2fce5732fcb888df
+PKG_HASH:=1423a2b1b8e541211029b9e1e1452e683bbe5f4b0b287eddd609aaf5ff024fd0
PKG_CPE_ID:=cpe:/a:keepalived:keepalived
PKG_LICENSE:=GPL-2.0+
KEEPALIVED_CONF=/tmp/keepalived.conf
-INDENT_1=\\t
-INDENT_2=$INDENT_1$INDENT_1
-INDENT_3=$INDENT_1$INDENT_1$INDENT_1
-INDENT_4=$INDENT_1$INDENT_1$INDENT_1$INDENT_1
+INDENT_1="\t"
+INDENT_2="${INDENT_1}${INDENT_1}"
+INDENT_3="${INDENT_1}${INDENT_1}${INDENT_1}"
+INDENT_4="${INDENT_1}${INDENT_1}${INDENT_1}${INDENT_1}"
config_section_open() {
- local tag=$1
- local name=$2
+ local tag="$1"
+ local name="$2"
- printf "$tag" >> $KEEPALIVED_CONF
- [ -n "$name" ] && printf " $name" >> $KEEPALIVED_CONF
- printf " {\n" >> $KEEPALIVED_CONF
+ printf '%s' "$tag" >> "$KEEPALIVED_CONF"
+ [ -n "$name" ] && printf ' %s' "$name" >> "$KEEPALIVED_CONF"
+ printf ' {\n' >> "$KEEPALIVED_CONF"
}
config_section_close() {
- printf "}\n\n" >> $KEEPALIVED_CONF
+ printf '}\n\n' >> "$KEEPALIVED_CONF"
}
config_foreach_wrapper() {
- local section=$1
- local function=$1
+ local section="$1"
+ local function="$1"
# Convention is that 'function' and 'section' are the same
- config_foreach $function $section
+ config_foreach "$function" "$section"
}
print_elems_indent() {
- local config=$1
+ local config="$1"
shift
- local indent=$1
+ local indent="$1"
shift
+
[ -z "$indent" ] && indent="$INDENT_1"
- for opt in $*; do
- local $opt
+ for opt in "$@"; do
+ local "$opt"
+ local optval
local no_val=0
- if [ ${opt:0:7} == "no_val_" ]; then
- opt=${opt:7}
+ if [ "${opt:0:7}" = "no_val_" ]; then
+ opt="${opt:7}"
no_val=1
fi
- config_get $opt $config $opt
- eval optval=\$$opt
+ config_get "$opt" "$config" "$opt"
+ eval optval=\$"$opt"
[ -z "$optval" ] && continue
- printf "$indent$opt" >> $KEEPALIVED_CONF
- [ "$no_val" == "0" ] && {
- local words=$(echo "$optval" | wc -w)
- if [ $words -gt 1 ]; then
- printf " \"$optval\"" >> $KEEPALIVED_CONF
+ printf '%b%s' "$indent" "$opt" >> "$KEEPALIVED_CONF"
+ [ "$no_val" = "0" ] && {
+ local words=0
+ words="$(echo "$optval" | wc -w)"
+ if [ "$words" -gt 1 ]; then
+ printf ' "%s"' "$optval" >> "$KEEPALIVED_CONF"
else
- printf " $optval" >> $KEEPALIVED_CONF
+ printf ' %s' "$optval" >> "$KEEPALIVED_CONF"
fi
}
- printf "\n" >> $KEEPALIVED_CONF
+ printf '\n' >> "$KEEPALIVED_CONF"
done
unset optval
}
print_list_indent() {
- local lst=$1
- local indent=$2
+ local lst="$1"
+ local indent="$2"
local lst_elems
- [ -z "$indent" ] && indent=$INDENT_1
+ [ -z "$indent" ] && indent="$INDENT_1"
- eval lst_elems=\$$lst
+ eval lst_elems=\$"$lst"
[ -z "$lst_elems" ] && return 0
- printf "$indent$lst {\n" >> $KEEPALIVED_CONF
+ printf '%b%s {\n' "$indent" "$lst" >> "$KEEPALIVED_CONF"
for e in $lst_elems; do
- [ -n "$eval_item_func" ]
- printf "$indent$INDENT_1$e\n" >> $KEEPALIVED_CONF
+ printf '%b%s\n' "${indent}${INDENT_1}" "$e">> "$KEEPALIVED_CONF"
done
- printf "$indent}\n" >> $KEEPALIVED_CONF
+ printf '%b}\n' "$indent" >> "$KEEPALIVED_CONF"
}
print_notify() {
- local type=$1
+ local type="$1"
shift
- local name=$1
+ local name="$1"
shift
- for notify in $*; do
- printf "$INDENT_1$notify" >> $KEEPALIVED_CONF
- notify=$(echo $notify | tr 'a-z' 'A-Z')
- printf " \"/bin/busybox env -i ACTION=$notify TYPE=$type NAME=$name /sbin/hotplug-call keepalived\"\n" >> $KEEPALIVED_CONF
+ for notify in "$@"; do
+ printf '%b%s' "${INDENT_1}" "$notify">> "$KEEPALIVED_CONF"
+ notify="$(echo "$notify" | tr 'a-z' 'A-Z')"
+ printf ' "/bin/busybox env -i ACTION=%s TYPE=%s NAME=%s /sbin/hotplug-call keepalived"\n' "$notify" "$type" "$name" >> "$KEEPALIVED_CONF"
done
}
global_defs() {
local linkbeat_use_polling notification_email
- config_get alt_config_file $1 alt_config_file
+ config_get alt_config_file "$1" alt_config_file
[ -z "$alt_config_file" ] || return 0
- config_get_bool linkbeat_use_polling $1 linkbeat_use_polling 0
- [ $linkbeat_use_polling -gt 0 ] && printf "linkbeat_use_polling\n\n" >> $KEEPALIVED_CONF
+ config_get_bool linkbeat_use_polling "$1" linkbeat_use_polling 0
+ [ "$linkbeat_use_polling" -gt 0 ] && printf 'linkbeat_use_polling\n\n' >> "$KEEPALIVED_CONF"
- config_get notification_email $1 notification_email
+ config_get notification_email "$1" notification_email
print_list_indent notification_email
- print_elems_indent $1 $INDENT_1 \
+ print_elems_indent "$1" "$INDENT_1" \
notification_email_from \
smtp_server \
smtp_connect_timeout \
}
print_ipaddress_indent() {
- local section=$1
- local curr_ipaddr=$2
- local indent=$3
+ local section="$1"
+ local curr_ipaddr="$2"
+ local indent="$3"
local address device scope name
- config_get name $section name
+ config_get name "$section" name
[ "$name" != "$curr_ipaddr" ] && return 0
- config_get address $section address
- config_get device $section device
- config_get scope $section scope
+ config_get address "$section" address
+ config_get device "$section" device
+ config_get scope "$section" scope
# Default indent
- [ -z "$indent" ] && indent=$INDENT_1
+ [ -z "$indent" ] && indent="$INDENT_1"
# If no address exit
[ -z "$address" ] && return 0
if [ -z "$device" ]; then
- printf "$indent$address" >> $KEEPALIVED_CONF
+ printf '%b%s' "$indent" "$address" >> "$KEEPALIVED_CONF"
else
# Add IP address/netmask and device
- printf "$indent$address dev $device" >> $KEEPALIVED_CONF
+ printf '%b%s dev %s' "$indent" "$address" "$device">> "$KEEPALIVED_CONF"
# Add scope
- [ -n "$scope" ] && printf " scope $scope" >> $KEEPALIVED_CONF
+ [ -n "$scope" ] && printf ' scope %s' "$scope" >> "$KEEPALIVED_CONF"
fi
- printf "\n" >> $KEEPALIVED_CONF
+ printf '\n' >> "$KEEPALIVED_CONF"
}
static_ipaddress() {
local address
config_get address "$1" address
for a in $address; do
- config_foreach print_ipaddress_indent ipaddress $a
+ config_foreach print_ipaddress_indent ipaddress "$a"
done
}
print_route_indent() {
- local section=$1
- local curr_route=$2
- local indent=$3
+ local section="$1"
+ local curr_route="$2"
+ local indent="$3"
local name blackhole address src_addr gateway device scope table
- config_get name $section name
+ config_get name "$section" name
[ "$name" != "$curr_route" ] && return 0
- config_get_bool blackhole $section blackhole 0
- config_get address $section address
- config_get src_addr $section src_addr
- config_get gateway $section gateway
- config_get device $section device
- config_get table $section table
+ config_get_bool blackhole "$section" blackhole 0
+ config_get address "$section" address
+ config_get src_addr "$section" src_addr
+ config_get gateway "$section" gateway
+ config_get device "$section" device
+ config_get table "$section" table
# If no address exit
[ -z "$address" ] && return 0
# Default indent
- [ -z "$indent" ] && indent=$INDENT_1
+ [ -z "$indent" ] && indent="$INDENT_1"
- [ $blackhole -gt 0 ] && {
- printf "${indent}blackhole $address\n" >> $KEEPALIVED_CONF
+ [ "$blackhole" -gt 0 ] && {
+ printf '%bblackhole %s\n' "$indent" "$address" >> "$KEEPALIVED_CONF"
return 0
}
# Add src addr or address
if [ -n "$src_addr" ]; then
- printf "${indent}src $src_addr $address" >> $KEEPALIVED_CONF
+ printf '%bsrc %s %s' "$indent" "$src_addr" "$address" >> "$KEEPALIVED_CONF"
else
[ -z "$device" ] && return 0
- printf "$indent$address" >> $KEEPALIVED_CONF
+ printf '%b%s' "$indent" "$address" >> "$KEEPALIVED_CONF"
fi
# Add route/gateway
- [ -n "$gateway" ] && printf " via $gateway" >> $KEEPALIVED_CONF
+ [ -n "$gateway" ] && printf ' via %s' "$gateway" >> "$KEEPALIVED_CONF"
# Add device
- printf " dev $device" >> $KEEPALIVED_CONF
+ printf ' dev %s' "$device" >> "$KEEPALIVED_CONF"
# Add scope
- [ -n "$scope" ] && printf " scope $scope" >> $KEEPALIVED_CONF
+ [ -n "$scope" ] && printf ' scope %s' "$scope" >> "$KEEPALIVED_CONF"
# Add table
- [ -n "$table" ] && printf " table $table" >> $KEEPALIVED_CONF
- printf "\n" >> $KEEPALIVED_CONF
+ [ -n "$table" ] && printf ' table %s' "$table" >> "$KEEPALIVED_CONF"
+ printf '\n' >> "$KEEPALIVED_CONF"
}
print_track_elem_indent() {
- local section=$1
- local curr_track_elem=$2
- local indent=$3
+ local section="$1"
+ local curr_track_elem="$2"
+ local indent="$3"
- local script name value
- config_get name $section name
+ local name value
+ config_get name "$section" name
[ "$name" != "$curr_track_elem" ] && return 0
- config_get value $section value
- config_get weight $section weight
+ config_get value "$section" value
+ config_get weight "$section" weight
[ -z "$value" ] && return 0
- printf "$indent$value" >> $KEEPALIVED_CONF
- [ -n "$weight" ] && printf " weight $weight" >> $KEEPALIVED_CONF
- printf "\n" >> $KEEPALIVED_CONF
+ printf '%b%s' "$indent" "$value" >> "$KEEPALIVED_CONF"
+ [ -n "$weight" ] && printf ' weight %s' "$weight" >> "$KEEPALIVED_CONF"
+ printf '\n' >> "$KEEPALIVED_CONF"
}
static_routes() {
local route
config_get route "$1" route
for r in $route; do
- config_foreach print_route_indent route $r
+ config_foreach print_route_indent route "$r"
done
}
# Count 'vrrp_instance' with the given name ; called by vrrp_instance_check()
vrrp_instance_name_count() {
local name
- config_get name $1 name
- [ "$name" == "$2" ] && count=$((count + 1))
+ config_get name "$1" name
+ [ "$name" = "$2" ] && count="$((count + 1))"
}
# Check if there's a 'vrrp_instance' section with the given name
vrrp_instance_check() {
- local count=0
- local name=$1
- config_foreach vrrp_instance_name_count vrrp_instance $name
+ local count="0"
+ local name="$1"
+ config_foreach vrrp_instance_name_count vrrp_instance "$name"
[ $count -gt 0 ] && return 0 || return 1
}
local valid_group
# No name for group, exit
- config_get name $1 name
+ config_get name "$1" name
[ -z "$name" ] && return 0
# No members for group, exit
- config_get group $1 group
+ config_get group "$1" group
[ -z "$group" ] && return 0
# Check if we have 'vrrp_instance's defined for
# each member and remove names with not vrrp_instance defined
for m in $group; do
- vrrp_instance_check $m && valid_group="$valid_group $m"
+ vrrp_instance_check "$m" && valid_group="$valid_group $m"
done
[ -z "$valid_group" ] && return 0
group="$valid_group"
print_list_indent group
- print_elems_indent $1 $INDENT_1 no_val_smtp_alert no_val_global_tracking
+ print_elems_indent "$1" "$INDENT_1" no_val_smtp_alert no_val_global_tracking
print_notify "GROUP" "$name" notify_backup notify_master \
notify_fault notify
vrrp_instance() {
local name auth_type auth_pass
- config_get name $1 name
+ config_get name "$1" name
[ -z "$name" ] && return 0
config_section_open "vrrp_instance" "$name"
- config_get auth_type $1 auth_type
- config_get auth_pass $1 auth_pass
- [ -n "$auth_type" -a -n "$auth_pass" ] && {
- printf "${INDENT_1}authentication {\n" >> $KEEPALIVED_CONF
- printf "${INDENT_2}auth_type $auth_type\n" >> $KEEPALIVED_CONF
- printf "${INDENT_2}auth_pass $auth_pass\n" >> $KEEPALIVED_CONF
- printf "$INDENT_1}\n" >> $KEEPALIVED_CONF
+ config_get auth_type "$1" auth_type
+ config_get auth_pass "$1" auth_pass
+ [ -n "$auth_type" ] && [ -n "$auth_pass" ] && {
+ printf '%bauthentication {\n' "${INDENT_1}" >> "$KEEPALIVED_CONF"
+ printf '%bauth_type %s\n' "${INDENT_2}" "$auth_type" >> "$KEEPALIVED_CONF"
+ printf '%bauth_pass %s\n' "${INDENT_2}" "$auth_pass" >> "$KEEPALIVED_CONF"
+ printf '%b}\n' "${INDENT_1}" >> "$KEEPALIVED_CONF"
}
- print_elems_indent $1 $INDENT_1 state interface \
+ print_elems_indent "$1" "$INDENT_1" state interface \
mcast_src_ip unicast_src_ip virtual_router_id version priority \
advert_int preempt_delay debug \
lvs_sync_daemon_interface garp_master_delay garp_master_refresh \
# Handle virtual_ipaddress & virtual_ipaddress_excluded lists
for opt in virtual_ipaddress virtual_ipaddress_excluded; do
- config_get $opt $1 $opt
+ config_get "$opt" "$1" "$opt"
eval optval=\$$opt
[ -z "$optval" ] && continue
- printf "$INDENT_1$opt {\n" >> $KEEPALIVED_CONF
+ printf '%b%s {\n' "${INDENT_1}" "$opt" >> "$KEEPALIVED_CONF"
for a in $optval; do
- config_foreach print_ipaddress_indent ipaddress $a $INDENT_2
+ config_foreach print_ipaddress_indent ipaddress "$a" "$INDENT_2"
done
- printf "$INDENT_1}\n" >> $KEEPALIVED_CONF
+ printf '%b}\n' "${INDENT_1}" >> "$KEEPALIVED_CONF"
done
# Handle virtual_routes
for opt in virtual_routes; do
- config_get $opt $1 $opt
+ config_get "$opt" "$1" "$opt"
eval optval=\$$opt
[ -z "$optval" ] && continue
- printf "$INDENT_1$opt {\n" >> $KEEPALIVED_CONF
+ printf '%b%s {\n' "${INDENT_1}" "$opt" >> "$KEEPALIVED_CONF"
for r in $optval; do
- config_foreach print_route_indent route $r $INDENT_2
+ config_foreach print_route_indent route "$r" "$INDENT_2"
done
- printf "$INDENT_1}\n" >> $KEEPALIVED_CONF
+ printf '%b}\n' "${INDENT_1}" >> "$KEEPALIVED_CONF"
done
# Handle track_script lists
for opt in track_script; do
- config_get $opt $1 $opt
+ config_get "$opt" "$1" "$opt"
eval optval=\$$opt
[ -z "$optval" ] && continue
- printf "$INDENT_1$opt {\n" >> $KEEPALIVED_CONF
+ printf '%b%s {\n' "${INDENT_1}" "$opt" >> "$KEEPALIVED_CONF"
for t in $optval; do
- printf "$INDENT_2$optval\n" >> $KEEPALIVED_CONF
+ printf '%b%s\n' "${INDENT_2}" "$optval" >> "$KEEPALIVED_CONF"
done
- printf "$INDENT_1}\n" >> $KEEPALIVED_CONF
+ printf '%b}\n' "${INDENT_1}" >> "$KEEPALIVED_CONF"
done
# Handle track_interface lists
for opt in track_interface; do
- config_get $opt $1 $opt
+ config_get "$opt" "$1" "$opt"
eval optval=\$$opt
[ -z "$optval" ] && continue
- printf "$INDENT_1$opt {\n" >> $KEEPALIVED_CONF
+ printf '%b%s {\n' "${INDENT_1}" "$opt" >> "$KEEPALIVED_CONF"
for t in $optval; do
- config_foreach print_track_elem_indent track_interface $t $INDENT_2
+ config_foreach print_track_elem_indent track_interface "$t" "$INDENT_2"
done
- printf "$INDENT_1}\n" >> $KEEPALIVED_CONF
+ printf '%b}\n' "${INDENT_1}" >> "$KEEPALIVED_CONF"
done
# Handle simple lists of strings (with no spaces in between)
for opt in unicast_peer; do
- config_get $opt $1 $opt
- print_list_indent $opt
+ config_get "$opt" "$1" "$opt"
+ print_list_indent "$opt"
done
unset optval
vrrp_script() {
local name
- config_get name $1 name
+ config_get name "$1" name
[ -z "$name" ] && return 0
config_section_open "vrrp_script" "$name"
- print_elems_indent $1 $INDENT_1 script interval weight fall rise
+ print_elems_indent "$1" "$INDENT_1" script interval weight fall rise
config_section_close
}
local name path digest
- config_get name $1 name
+ config_get name "$1" name
[ "$url" = "$name" ] || return 0
- config_get path $1 path
- config_get digest $1 digest
+ config_get path "$1" path
+ config_get digest "$1" digest
- [ -n "$digest" -a -n "$path" ] && {
- printf "${INDENT_3}url {\n" >> $KEEPALIVED_CONF
- printf "${INDENT_4}path "$path"\n" >> $KEEPALIVED_CONF
- printf "${INDENT_4}digest $digest\n" >> $KEEPALIVED_CONF
- printf "${INDENT_3}}\n" >> $KEEPALIVED_CONF
+ [ -n "$digest" ] && [ -n "$path" ] && {
+ printf '%burl {\n' "${INDENT_3}" >> "$KEEPALIVED_CONF"
+ printf '%bpath %s\n' "${INDENT_4}" "$path" >> "$KEEPALIVED_CONF"
+ printf '%bdigest %s\n' "${INDENT_4}" "$digest" >> "$KEEPALIVED_CONF"
+ printf '%b}\n' "${INDENT_3}" >> "$KEEPALIVED_CONF"
}
}
local enabled name weight ipaddr port check
- config_get_bool enabled $1 enabled 1
+ config_get_bool enabled "$1" enabled 1
[ "$enabled" -eq 1 ] || return 0
- config_get name $1 name
+ config_get name "$1" name
[ "$server" = "$name" ] || return 0
- config_get weight $1 weight
+ config_get weight "$1" weight
[ -n "$weight" ] || return 0
- config_get ipaddr $1 ipaddr
- config_get port $1 port
- config_get check $1 check
+ config_get ipaddr "$1" ipaddr
+ config_get port "$1" port
+ config_get check "$1" check
- [ -n "$ipaddr" -a -n "$port" ] && {
- printf "${INDENT_1}real_server $ipaddr $port {\n" >> $KEEPALIVED_CONF
- printf "${INDENT_2}weight $weight\n" >> $KEEPALIVED_CONF
+ [ -n "$ipaddr" ] && [ -n "$port" ] && {
+ printf '%breal_server %s %d {\n' "${INDENT_1}" "$ipaddr" "$port" >> "$KEEPALIVED_CONF"
+ printf '%bweight %d\n' "${INDENT_2}" "$weight" >> "$KEEPALIVED_CONF"
case "$check" in
TCP_CHECK)
- printf "${INDENT_2}${check} {\n" >> $KEEPALIVED_CONF
- print_elems_indent $1 $INDENT_3 connect_timeout \
+ printf '%b%s {\n' "${INDENT_2}" "$check" >> "$KEEPALIVED_CONF"
+ print_elems_indent "$1" "$INDENT_3" connect_timeout \
connect_port
- printf "${INDENT_2}}\n" >> $KEEPALIVED_CONF
+ printf '%b}\n' "${INDENT_2}" >> "$KEEPALIVED_CONF"
;;
MISC_CHECK)
- printf "${INDENT_2}${check} {\n" >> $KEEPALIVED_CONF
- print_elems_indent $1 $INDENT_3 misc_path
- printf "${INDENT_2}}\n" >> $KEEPALIVED_CONF
+ printf '%b%s {\n' "${INDENT_2}" "$check" >> "$KEEPALIVED_CONF"
+ print_elems_indent "$1" "$INDENT_3" misc_path
+ printf '%b}\n' "${INDENT_2}" >> "$KEEPALIVED_CONF"
;;
HTTP_GET | SSL_GET)
- printf "${INDENT_2}${check} {\n" >> $KEEPALIVED_CONF
- print_elems_indent $1 $INDENT_3 connect_timeout \
+ printf '%b%s {\n' "${INDENT_2}" "$check" >> "$KEEPALIVED_CONF"
+ print_elems_indent "$1" "$INDENT_3" connect_timeout \
connect_port nb_get_retry delay_before_retry
# Handle url list
- config_list_foreach $1 url url_list
- printf "${INDENT_2}}\n" >> $KEEPALIVED_CONF
+ config_list_foreach "$1" url url_list
+ printf '%b}\n' "${INDENT_2}" >> "$KEEPALIVED_CONF"
;;
esac
- printf "${INDENT_1}}\n" >> $KEEPALIVED_CONF
+ printf '%b}\n' "${INDENT_1}" >> "$KEEPALIVED_CONF"
}
}
virtual_server() {
local enabled ipaddr port lb_algo sorry_server_ip sorry_server_port
- config_get_bool enabled $1 enabled 1
+ config_get_bool enabled "$1" enabled 1
[ "$enabled" -eq 1 ] || return 0
- config_get ipaddr $1 ipaddr
+ config_get ipaddr "$1" ipaddr
[ -z "$ipaddr" ] && return 0
- config_get port $1 port
+ config_get port "$1" port
[ -z "$port" ] && return 0
config_section_open "virtual_server" "$ipaddr $port"
- print_elems_indent $1 $INDENT_1 fwmark delay_loop \
+ print_elems_indent "$1" "$INDENT_1" fwmark delay_loop \
lb_kind persistence_timeout persistence_granularity \
virtualhost protocol
- config_get lb_algo $1 lb_algo
+ config_get lb_algo "$1" lb_algo
[ -z "$lb_algo" ] && lb_algo="rr"
- modprobe ip_vs_${lb_algo} 2>&1 1>/dev/null
- printf "${INDENT_1}lb_algo ${lb_algo}\n" >> $KEEPALIVED_CONF
+ modprobe ip_vs_${lb_algo} 1>/dev/null 2>&1
+ printf '%blb_algo %s\n' "${INDENT_1}" "${lb_algo}" >> "$KEEPALIVED_CONF"
- config_get sorry_server_ip $1 sorry_server_ip
- config_get sorry_server_port $1 sorry_server_port
- [ -n "$sorry_server_ip" -a -n "$sorry_server_port" ] && {
- printf "${INDENT_1}sorry_server $sorry_server_ip $sorry_server_port\n" >> $KEEPALIVED_CONF
+ config_get sorry_server_ip "$1" sorry_server_ip
+ config_get sorry_server_port "$1" sorry_server_port
+ [ -n "$sorry_server_ip" ] && [ -n "$sorry_server_port" ] && {
+ printf '%bsorry_server %s %s\n' "${INDENT_1}" "$sorry_server_ip" "$sorry_server_port" >> "$KEEPALIVED_CONF"
}
# Handle real_server list
- config_list_foreach $1 real_server real_server_list
+ config_list_foreach "$1" real_server real_server_list
config_section_close
}
process_config() {
local alt_config_file
- rm -f $KEEPALIVED_CONF
+ rm -f "$KEEPALIVED_CONF"
# First line
- printf "! Configuration file for keepalived (autogenerated via init script)\n" > $KEEPALIVED_CONF
- printf "! Written %s\n\n" "$(date +'%c')" >> $KEEPALIVED_CONF
+ printf '! Configuration file for keepalived (autogenerated via init script)\n' > "$KEEPALIVED_CONF"
+ printf '! Written %s\n\n' "$(date +'%c')" >> "$KEEPALIVED_CONF"
[ -f /etc/config/keepalived ] || return 0
config_load 'keepalived'
# If "alt_config_file" specified, use that instead
[ -n "$alt_config_file" ] && [ -f "$alt_config_file" ] && {
- rm -f $KEEPALIVED_CONF
+ rm -f "$KEEPALIVED_CONF"
# Symlink "alt_config_file" since it's a bit easier and safer
- ln -s $alt_config_file $KEEPALIVED_CONF
+ ln -s "$alt_config_file" "$KEEPALIVED_CONF"
return 0
}
MAINTAINER:=Jean-Michel lacroix <lacroix@lepine-lacroix.info>
DEPENDS:= $(CXX_DEPENDS) +libnl
URL:=http://www.kismetwireless.net/
- SUBMENU:=wireless
+ SUBMENU:=Wireless
endef
define Package/kismet/Default/description
SECTION:=net
CATEGORY:=Network
TITLE:=SCTP user-land
- URL:=http://lksctp.sourceforge.net
+ URL:=https://github.com/sctp/lksctp-tools
endef
define Package/libsctp
include $(TOPDIR)/rules.mk
PKG_NAME:=miniupnpc
-PKG_VERSION:=2.1.20190408
-PKG_RELEASE:=2
+PKG_VERSION:=2.1.20190625
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://miniupnp.tuxfamily.org/files
-PKG_HASH:=a0c46bcf6065d6351a8fa6a0a18dc57d10a16908dbb470908fd2e423511514ec
+PKG_HASH:=8723f5d7fd7970de23635547700878cd29a5c2bb708b5e5475b2d1d2510317fb
PKG_MAINTAINER:=Steven Barth <cyrus@openwrt.org>
PKG_LICENSE:=BSD-3c
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
-@@ -38,12 +38,6 @@ if (CMAKE_SYSTEM_NAME STREQUAL "Darwin")
+@@ -39,12 +39,6 @@ if (CMAKE_SYSTEM_NAME STREQUAL "Darwin")
target_compile_definitions(miniupnpc-private INTERFACE _DARWIN_C_SOURCE)
endif ()
+++ /dev/null
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -66,6 +66,7 @@ set (MINIUPNPC_SOURCES
- connecthostport.c
- portlistingparse.c
- receivedata.c
-+ listdevices.c
- connecthostport.h
- igd_desc_parse.h
- minisoap.h
-@@ -142,6 +143,10 @@ if (UPNPC_BUILD_SHARED)
- add_executable (upnpc-shared upnpc.c)
- target_link_libraries (upnpc-shared PRIVATE libminiupnpc-shared)
- target_include_directories(upnpc-shared PRIVATE ${CMAKE_CURRENT_BINARY_DIR})
-+
-+ add_executable (listdevices listdevices.c)
-+ target_link_libraries (listdevices PRIVATE libminiupnpc-shared)
-+ target_include_directories(listdevices PRIVATE ${CMAKE_CURRENT_BINARY_DIR})
- endif ()
- endif ()
-
CATEGORY:=Network
TITLE:=Netify Agent
URL:=http://www.netify.ai/
- DEPENDS:=+libcurl +libmnl +libnetfilter-conntrack +libjson-c +libpcap +zlib +libpthread
+ DEPENDS:=+libcurl +libmnl +libnetfilter-conntrack +libjson-c +libpcap +zlib +libpthread @!USE_UCLIBC
# Explicitly depend on libstdcpp rather than $(CXX_DEPENDS). At the moment
# std::unordered_map is only available via libstdcpp which is required for
# performance reasons.
ifeq ($(CONFIG_NGINX_HTTP_BROTLI),y)
define Download/nginx-brotli
- VERSION:=e26248ee361c04e25f581b92b85d95681bdffb39
+ VERSION:=dc37f658ccb5a51d090dc09d1a2aca2f24309869
SUBDIR:=nginx-brotli
- FILE:=ngx-brotli-module-$$(VERSION).tar.gz
+ FILE:=ngx-brotli-module-$$(VERSION).tar.xz
URL:=https://github.com/eustas/ngx_brotli.git
- MIRROR_HASH:=76b891ba49f82f0cfbc9cba875646e26ee986b522373e0aa2698a9923a4adcdb
+ MIRROR_HASH:=6bc0c40ff24f6e0ac616dfddc803bdc7fcf54764ba9dc4f9cecb3a68beedcdaf
PROTO:=git
endef
$(eval $(call Download,nginx-brotli))
define Prepare/nginx-brotli
$(eval $(Download/nginx-brotli))
- gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
+ xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
endef
endif
sendfile on;
keepalive_timeout 0;
-
+
client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 1G;
gzip_vary on;
gzip_comp_level 1;
gzip_proxied any;
-
+ gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;
+
root /www;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name localhost;
-
+
location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
}
sendfile on;
keepalive_timeout 0;
-
+
client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 1G;
gzip_vary on;
gzip_comp_level 1;
gzip_proxied any;
-
+ gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;
+
root /www;
-
+
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name localhost;
-
+
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:DHE+AESGCM:DHE:!RSA!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!CAMELLIA:!SEED";
ssl_certificate /etc/nginx/nginx.cer;
ssl_certificate_key /etc/nginx/nginx.key;
-
+
location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
}
include $(TOPDIR)/rules.mk
PKG_NAME:=nsd
-PKG_VERSION:=4.1.13
+PKG_VERSION:=4.2.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://www.nlnetlabs.nl/downloads/nsd
-PKG_HASH:=c45cd4ba2101a027e133b2be44db9378e27602e05f09a5ef25019e1ae45291af
-PKG_FIXUP:=autoreconf
-PKG_INSTALL:=1
-
-PKG_LICENSE:=BSD-3c
-PKG_LICENSE_FILES:=LICENSE
+PKG_SOURCE_URL:=https://www.nlnetlabs.nl/downloads/nsd
+PKG_HASH:=d17c0ea3968cb0eb2be79f2f83eb299b7bfcc554b784007616eed6ece828871f
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
PKG_MAINTAINER:=Vasilis Tsiligiannis <acinonyx@openwrt.gr>
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILES:=LICENSE
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
define Package/nsd/default
TITLE:=NSD Name Server Daemon
- URL:=http://www.nlnetlabs.nl/projects/nsd/
+ URL:=https://www.nlnetlabs.nl/projects/nsd/
SECTION:=net
CATEGORY:=Network
SUBMENU:=IP Addresses and Names
endef
CONFIGURE_ARGS+= \
+ --enable-packed \
+ --enable-recvmmsg \
+ --enable-tcp-fastopen \
--disable-checking \
- --with-libevent=no \
--with-user="network" \
+ --without-libevent \
+ $(if $(CONFIG_IPV6),--with,--without)-ipv6
CONFIGURE_VARS+= \
ac_cv_c_va_list_def=no \
- ac_cv_c_strptime_needs_defs=no \
+ ac_cv_c_strptime_needs_defs=no
ifeq ($(BUILD_VARIANT),ssl)
- CONFIGURE_ARGS += \
- --with-ssl="$(STAGING_DIR)/usr"
-endif
-
-ifeq ($(BUILD_VARIANT),nossl)
- CONFIGURE_ARGS += \
- --without-ssl
+ CONFIGURE_ARGS += --with-ssl="$(STAGING_DIR)/usr"
+else
+ CONFIGURE_ARGS += --without-ssl
endif
define Package/nsd/conffiles
--- /dev/null
+--- a/nsd-control.c
++++ b/nsd-control.c
+@@ -42,6 +42,7 @@
+ */
+
+ #include "config.h"
++#include <stdio.h>
+ #ifdef HAVE_SSL
+
+ #include <sys/types.h>
--- /dev/null
+--- a/tsig.c
++++ b/tsig.c
+@@ -19,6 +19,10 @@
+ #include "query.h"
+ #include "rbtree.h"
+
++#ifndef HAVE_SSL
++#define CRYPTO_memcmp memcmp
++#endif
++
+ static region_type *tsig_region;
+
+ struct tsig_key_table
PKG_NAME:=p910nd
PKG_VERSION:=0.97
-PKG_RELEASE:=7
+PKG_RELEASE:=8
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=@SF/p910nd
SUBMENU:=Printing
TITLE:=A small non-spooling printer server
URL:=http://p910nd.sourceforge.net
+ USERID:=p910nd=393:lp=7
endef
define Package/p910nd/conffiles
$(INSTALL_DATA) ./files/p910nd.config $(1)/etc/config/p910nd
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/p910nd.init $(1)/etc/init.d/p910nd
+ $(INSTALL_DIR) $(1)/etc/hotplug.d/usbmisc
+ $(INSTALL_BIN) ./files/p910nd.hotplug $(1)/etc/hotplug.d/usbmisc/20-p910nd
endef
$(eval $(call BuildPackage,p910nd))
option port 0
option bidirectional 1
option enabled 0
+ # Override running as user p910nd, group lp
+ option runas_root 0
# mDNS support - see Bonjour Printing Specification for details concerning the values
# Be aware that you can only advertise one printer on this host via mDNS
--- /dev/null
+#!/bin/sh
+
+case "$ACTION" in
+ add)
+ [ -n "${DEVNAME}" ] && [ "${DEVNAME##usb/lp*}" = "" ] && {
+ chmod 660 /dev/"$DEVNAME"
+ chgrp lp /dev/"$DEVNAME"
+ }
+ ;;
+ remove)
+ # device is gone
+ ;;
+esac
start_p910nd() {
- local section="$1"
+ local section="$1" runas_root
config_get_bool "enabled" "$section" "enabled" '1'
if [ "$enabled" -gt 0 ]; then
args="-d "
procd_set_param command /usr/sbin/p910nd $args
procd_set_param respawn
+ config_get_bool runas_root "$section" runas_root 0
+ [ "$runas_root" -ne 1 ] && procd_set_param user p910nd
+
config_get_bool "mdns" "$section" "mdns" '0'
config_get mdns_note "$section" mdns_note
config_get mdns_ty "$section" mdns_ty
include $(TOPDIR)/rules.mk
PKG_NAME:=pdns-recursor
-PKG_VERSION:=4.1.14
+PKG_VERSION:=4.2.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://downloads.powerdns.com/releases/
-PKG_HASH:=7fceb8fa3bea693aad49d137c801bb3ecc15525cc5a7dc84380321546e87bf14
+PKG_HASH:=f03c72c1816fdcc645cc539d8c16721d2ec294feac9b5179e78c3db311b7c2c2
PKG_MAINTAINER:=James Taylor <james@jtaylor.id.au>
PKG_LICENCE:=GPL-2.0-only
CONFIGURE_ARGS+= \
--sysconfdir=/etc/powerdns \
- --with-lua \
- --without-luajit \
- --disable-libsodium \
+ --with-lua=lua \
+ --without-libcap \
+ --without-libsodium \
--with-protobuf \
--without-net-snmp \
--disable-silent-rules
# api-key=
#################################
-# api-logfile Location of the server logfile (used by the REST API)
+# auth-zones Zones for which we have authoritative data, comma separated domain=file pairs
#
-# api-logfile=/var/log/pdns.log
+# auth-zones=
#################################
-# api-readonly Disallow data modification through the REST API when set
+# carbon-instance If set overwrites the the instance name default
#
-# api-readonly=no
+# carbon-instance=recursor
#################################
-# auth-zones Zones for which we have authoritative data, comma separated domain=file pairs
+# carbon-interval Number of seconds between carbon (graphite) updates
#
-# auth-zones=
+# carbon-interval=30
#################################
-# carbon-interval Number of seconds between carbon (graphite) updates
+# carbon-namespace If set overwrites the first part of the carbon string
#
-# carbon-interval=30
+# carbon-namespace=pdns
#################################
# carbon-ourname If set, overrides our reported hostname for carbon stats
#################################
# config-dir Location of configuration directory (recursor.conf)
#
-# config-dir=/usr/local/etc
+# config-dir=/etc/powerdns
#################################
# config-name Name of this virtual configuration - will rename the binary image
#
# disable-packetcache=no
-#################################
-# disable-real-memory-usage Disable expensive real-memory-usage metric
-#
-# disable-real-memory-usage=no
-
#################################
# disable-syslog Disable logging to syslog, useful when running inside a supervisor that logs stdout
#
#
# distribution-load-factor=0.0
+#################################
+# distribution-pipe-buffer-size Size in bytes of the internal buffer of the pipe used by the distributor to pass incoming queries to a worker thread
+#
+# distribution-pipe-buffer-size=0
+
+#################################
+# distributor-threads Launch this number of distributor threads, distributing queries to other threads
+#
+# distributor-threads=0
+
#################################
# dnssec DNSSEC mode: off/process-no-validate (default)/process/log-fail/validate
#
#
# dont-query=127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10, 0.0.0.0/8, 192.0.0.0/24, 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24, 240.0.0.0/4, ::/96, ::ffff:0:0/96, 100::/64, 2001:db8::/32
+#################################
+# dont-throttle-names Do not throttle nameservers with this name or suffix
+#
+# dont-throttle-names=
+
+#################################
+# dont-throttle-netmasks Do not throttle nameservers with this IP netmask
+#
+# dont-throttle-netmasks=
+
+#################################
+# ecs-add-for List of client netmasks for which EDNS Client Subnet will be added
+#
+# ecs-add-for=0.0.0.0/0, ::/0, !127.0.0.0/8, !10.0.0.0/8, !100.64.0.0/10, !169.254.0.0/16, !192.168.0.0/16, !172.16.0.0/12, !::1/128, !fc00::/7, !fe80::/10
+
#################################
# ecs-cache-limit-ttl Minimum TTL to cache ECS response
#
#
# ecs-ipv6-cache-bits=56
+#################################
+# ecs-minimum-ttl-override Set under adverse conditions, a minimum TTL for records in ECS-specific answers
+#
+# ecs-minimum-ttl-override=0
+
#################################
# ecs-scope-zero-address Address to send to whitelisted authoritative servers for incoming queries with ECS prefix-length source of 0
#
#################################
# edns-outgoing-bufsize Outgoing EDNS buffer size
#
-# edns-outgoing-bufsize=1680
+# edns-outgoing-bufsize=1232
#################################
# edns-subnet-whitelist List of netmasks and domains that we should enable EDNS subnet for
#
# lua-dns-script=
+#################################
+# lua-maintenance-interval Number of seconds between calls to the lua user defined maintenance() function
+#
+# lua-maintenance-interval=1
+
+#################################
+# max-cache-bogus-ttl maximum number of seconds to keep a Bogus (positive or negative) cached entry in memory
+#
+# max-cache-bogus-ttl=3600
+
#################################
# max-cache-entries If set, maximum number of entries in the main cache
#
#
# processes=1
+#################################
+# protobuf-use-kernel-timestamp Compute the latency of queries in protobuf messages by using the timestamp set by the kernel when the query was received (when available)
+#
+# protobuf-use-kernel-timestamp=
+
+#################################
+# public-suffix-list-file Path to the Public Suffix List file, if any
+#
+# public-suffix-list-file=
+
#################################
# query-local-address Source IP address for sending queries
#
#
# reuseport=no
+#################################
+# rng Specify random number generator to use. Valid values are auto,sodium,openssl,getrandom,arc4random,urandom.
+#
+# rng=auto
+
#################################
# root-nx-trust If set, believe that an NXDOMAIN from the root means the TLD does not exist
#
# server-down-throttle-time=60
#################################
-# server-id Returned when queried for 'id.server' TXT or NSID, defaults to hostname
+# server-id Returned when queried for 'id.server' TXT or NSID, defaults to hostname, set custom or 'disabled'
#
# server-id=
# setuid=
#################################
-# signature-inception-skew Allow the signture inception to be off by this number of seconds
+# signature-inception-skew Allow the signature inception to be off by this number of seconds
#
-# signature-inception-skew=0
+# signature-inception-skew=60
#################################
# single-socket If set, only use a single socket for outgoing queries
#
# statistics-interval=1800
+#################################
+# stats-api-blacklist List of statistics that are disabled when retrieving the complete list of statistics via the API
+#
+# stats-api-blacklist=cache-bytes, packetcache-bytes, special-memory-usage, ecs-v4-response-bits-1, ecs-v4-response-bits-2, ecs-v4-response-bits-3, ecs-v4-response-bits-4, ecs-v4-response-bits-5, ecs-v4-response-bits-6, ecs-v4-response-bits-7, ecs-v4-response-bits-8, ecs-v4-response-bits-9, ecs-v4-response-bits-10, ecs-v4-response-bits-11, ecs-v4-response-bits-12, ecs-v4-response-bits-13, ecs-v4-response-bits-14, ecs-v4-response-bits-15, ecs-v4-response-bits-16, ecs-v4-response-bits-17, ecs-v4-response-bits-18, ecs-v4-response-bits-19, ecs-v4-response-bits-20, ecs-v4-response-bits-21, ecs-v4-response-bits-22, ecs-v4-response-bits-23, ecs-v4-response-bits-24, ecs-v4-response-bits-25, ecs-v4-response-bits-26, ecs-v4-response-bits-27, ecs-v4-response-bits-28, ecs-v4-response-bits-29, ecs-v4-response-bits-30, ecs-v4-response-bits-31, ecs-v4-response-bits-32, ecs-v6-response-bits-1, ecs-v6-response-bits-2, ecs-v6-response-bits-3, ecs-v6-response-bits-4, ecs-v6-response-bits-5, ecs-v6-response-bits-6, ecs-v6-response-bits-7, ecs-v6-response-bits-8, ecs-v6-response-bits-9, ecs-v6-response-bits-10, ecs-v6-response-bits-11, ecs-v6-response-bits-12, ecs-v6-response-bits-13, ecs-v6-response-bits-14, ecs-v6-response-bits-15, ecs-v6-response-bits-16, ecs-v6-response-bits-17, ecs-v6-response-bits-18, ecs-v6-response-bits-19, ecs-v6-response-bits-20, ecs-v6-response-bits-21, ecs-v6-response-bits-22, ecs-v6-response-bits-23, ecs-v6-response-bits-24, ecs-v6-response-bits-25, ecs-v6-response-bits-26, ecs-v6-response-bits-27, ecs-v6-response-bits-28, ecs-v6-response-bits-29, ecs-v6-response-bits-30, ecs-v6-response-bits-31, ecs-v6-response-bits-32, ecs-v6-response-bits-33, ecs-v6-response-bits-34, ecs-v6-response-bits-35, ecs-v6-response-bits-36, ecs-v6-response-bits-37, ecs-v6-response-bits-38, ecs-v6-response-bits-39, ecs-v6-response-bits-40, ecs-v6-response-bits-41, ecs-v6-response-bits-42, ecs-v6-response-bits-43, ecs-v6-response-bits-44, ecs-v6-response-bits-45, ecs-v6-response-bits-46, ecs-v6-response-bits-47, ecs-v6-response-bits-48, ecs-v6-response-bits-49, ecs-v6-response-bits-50, ecs-v6-response-bits-51, ecs-v6-response-bits-52, ecs-v6-response-bits-53, ecs-v6-response-bits-54, ecs-v6-response-bits-55, ecs-v6-response-bits-56, ecs-v6-response-bits-57, ecs-v6-response-bits-58, ecs-v6-response-bits-59, ecs-v6-response-bits-60, ecs-v6-response-bits-61, ecs-v6-response-bits-62, ecs-v6-response-bits-63, ecs-v6-response-bits-64, ecs-v6-response-bits-65, ecs-v6-response-bits-66, ecs-v6-response-bits-67, ecs-v6-response-bits-68, ecs-v6-response-bits-69, ecs-v6-response-bits-70, ecs-v6-response-bits-71, ecs-v6-response-bits-72, ecs-v6-response-bits-73, ecs-v6-response-bits-74, ecs-v6-response-bits-75, ecs-v6-response-bits-76, ecs-v6-response-bits-77, ecs-v6-response-bits-78, ecs-v6-response-bits-79, ecs-v6-response-bits-80, ecs-v6-response-bits-81, ecs-v6-response-bits-82, ecs-v6-response-bits-83, ecs-v6-response-bits-84, ecs-v6-response-bits-85, ecs-v6-response-bits-86, ecs-v6-response-bits-87, ecs-v6-response-bits-88, ecs-v6-response-bits-89, ecs-v6-response-bits-90, ecs-v6-response-bits-91, ecs-v6-response-bits-92, ecs-v6-response-bits-93, ecs-v6-response-bits-94, ecs-v6-response-bits-95, ecs-v6-response-bits-96, ecs-v6-response-bits-97, ecs-v6-response-bits-98, ecs-v6-response-bits-99, ecs-v6-response-bits-100, ecs-v6-response-bits-101, ecs-v6-response-bits-102, ecs-v6-response-bits-103, ecs-v6-response-bits-104, ecs-v6-response-bits-105, ecs-v6-response-bits-106, ecs-v6-response-bits-107, ecs-v6-response-bits-108, ecs-v6-response-bits-109, ecs-v6-response-bits-110, ecs-v6-response-bits-111, ecs-v6-response-bits-112, ecs-v6-response-bits-113, ecs-v6-response-bits-114, ecs-v6-response-bits-115, ecs-v6-response-bits-116, ecs-v6-response-bits-117, ecs-v6-response-bits-118, ecs-v6-response-bits-119, ecs-v6-response-bits-120, ecs-v6-response-bits-121, ecs-v6-response-bits-122, ecs-v6-response-bits-123, ecs-v6-response-bits-124, ecs-v6-response-bits-125, ecs-v6-response-bits-126, ecs-v6-response-bits-127, ecs-v6-response-bits-128
+
+#################################
+# stats-carbon-blacklist List of statistics that are prevented from being exported via Carbon
+#
+# stats-carbon-blacklist=cache-bytes, packetcache-bytes, special-memory-usage, ecs-v4-response-bits-1, ecs-v4-response-bits-2, ecs-v4-response-bits-3, ecs-v4-response-bits-4, ecs-v4-response-bits-5, ecs-v4-response-bits-6, ecs-v4-response-bits-7, ecs-v4-response-bits-8, ecs-v4-response-bits-9, ecs-v4-response-bits-10, ecs-v4-response-bits-11, ecs-v4-response-bits-12, ecs-v4-response-bits-13, ecs-v4-response-bits-14, ecs-v4-response-bits-15, ecs-v4-response-bits-16, ecs-v4-response-bits-17, ecs-v4-response-bits-18, ecs-v4-response-bits-19, ecs-v4-response-bits-20, ecs-v4-response-bits-21, ecs-v4-response-bits-22, ecs-v4-response-bits-23, ecs-v4-response-bits-24, ecs-v4-response-bits-25, ecs-v4-response-bits-26, ecs-v4-response-bits-27, ecs-v4-response-bits-28, ecs-v4-response-bits-29, ecs-v4-response-bits-30, ecs-v4-response-bits-31, ecs-v4-response-bits-32, ecs-v6-response-bits-1, ecs-v6-response-bits-2, ecs-v6-response-bits-3, ecs-v6-response-bits-4, ecs-v6-response-bits-5, ecs-v6-response-bits-6, ecs-v6-response-bits-7, ecs-v6-response-bits-8, ecs-v6-response-bits-9, ecs-v6-response-bits-10, ecs-v6-response-bits-11, ecs-v6-response-bits-12, ecs-v6-response-bits-13, ecs-v6-response-bits-14, ecs-v6-response-bits-15, ecs-v6-response-bits-16, ecs-v6-response-bits-17, ecs-v6-response-bits-18, ecs-v6-response-bits-19, ecs-v6-response-bits-20, ecs-v6-response-bits-21, ecs-v6-response-bits-22, ecs-v6-response-bits-23, ecs-v6-response-bits-24, ecs-v6-response-bits-25, ecs-v6-response-bits-26, ecs-v6-response-bits-27, ecs-v6-response-bits-28, ecs-v6-response-bits-29, ecs-v6-response-bits-30, ecs-v6-response-bits-31, ecs-v6-response-bits-32, ecs-v6-response-bits-33, ecs-v6-response-bits-34, ecs-v6-response-bits-35, ecs-v6-response-bits-36, ecs-v6-response-bits-37, ecs-v6-response-bits-38, ecs-v6-response-bits-39, ecs-v6-response-bits-40, ecs-v6-response-bits-41, ecs-v6-response-bits-42, ecs-v6-response-bits-43, ecs-v6-response-bits-44, ecs-v6-response-bits-45, ecs-v6-response-bits-46, ecs-v6-response-bits-47, ecs-v6-response-bits-48, ecs-v6-response-bits-49, ecs-v6-response-bits-50, ecs-v6-response-bits-51, ecs-v6-response-bits-52, ecs-v6-response-bits-53, ecs-v6-response-bits-54, ecs-v6-response-bits-55, ecs-v6-response-bits-56, ecs-v6-response-bits-57, ecs-v6-response-bits-58, ecs-v6-response-bits-59, ecs-v6-response-bits-60, ecs-v6-response-bits-61, ecs-v6-response-bits-62, ecs-v6-response-bits-63, ecs-v6-response-bits-64, ecs-v6-response-bits-65, ecs-v6-response-bits-66, ecs-v6-response-bits-67, ecs-v6-response-bits-68, ecs-v6-response-bits-69, ecs-v6-response-bits-70, ecs-v6-response-bits-71, ecs-v6-response-bits-72, ecs-v6-response-bits-73, ecs-v6-response-bits-74, ecs-v6-response-bits-75, ecs-v6-response-bits-76, ecs-v6-response-bits-77, ecs-v6-response-bits-78, ecs-v6-response-bits-79, ecs-v6-response-bits-80, ecs-v6-response-bits-81, ecs-v6-response-bits-82, ecs-v6-response-bits-83, ecs-v6-response-bits-84, ecs-v6-response-bits-85, ecs-v6-response-bits-86, ecs-v6-response-bits-87, ecs-v6-response-bits-88, ecs-v6-response-bits-89, ecs-v6-response-bits-90, ecs-v6-response-bits-91, ecs-v6-response-bits-92, ecs-v6-response-bits-93, ecs-v6-response-bits-94, ecs-v6-response-bits-95, ecs-v6-response-bits-96, ecs-v6-response-bits-97, ecs-v6-response-bits-98, ecs-v6-response-bits-99, ecs-v6-response-bits-100, ecs-v6-response-bits-101, ecs-v6-response-bits-102, ecs-v6-response-bits-103, ecs-v6-response-bits-104, ecs-v6-response-bits-105, ecs-v6-response-bits-106, ecs-v6-response-bits-107, ecs-v6-response-bits-108, ecs-v6-response-bits-109, ecs-v6-response-bits-110, ecs-v6-response-bits-111, ecs-v6-response-bits-112, ecs-v6-response-bits-113, ecs-v6-response-bits-114, ecs-v6-response-bits-115, ecs-v6-response-bits-116, ecs-v6-response-bits-117, ecs-v6-response-bits-118, ecs-v6-response-bits-119, ecs-v6-response-bits-120, ecs-v6-response-bits-121, ecs-v6-response-bits-122, ecs-v6-response-bits-123, ecs-v6-response-bits-124, ecs-v6-response-bits-125, ecs-v6-response-bits-126, ecs-v6-response-bits-127, ecs-v6-response-bits-128
+
+#################################
+# stats-rec-control-blacklist List of statistics that are prevented from being exported via rec_control get-all
+#
+# stats-rec-control-blacklist=cache-bytes, packetcache-bytes, special-memory-usage, ecs-v4-response-bits-1, ecs-v4-response-bits-2, ecs-v4-response-bits-3, ecs-v4-response-bits-4, ecs-v4-response-bits-5, ecs-v4-response-bits-6, ecs-v4-response-bits-7, ecs-v4-response-bits-8, ecs-v4-response-bits-9, ecs-v4-response-bits-10, ecs-v4-response-bits-11, ecs-v4-response-bits-12, ecs-v4-response-bits-13, ecs-v4-response-bits-14, ecs-v4-response-bits-15, ecs-v4-response-bits-16, ecs-v4-response-bits-17, ecs-v4-response-bits-18, ecs-v4-response-bits-19, ecs-v4-response-bits-20, ecs-v4-response-bits-21, ecs-v4-response-bits-22, ecs-v4-response-bits-23, ecs-v4-response-bits-24, ecs-v4-response-bits-25, ecs-v4-response-bits-26, ecs-v4-response-bits-27, ecs-v4-response-bits-28, ecs-v4-response-bits-29, ecs-v4-response-bits-30, ecs-v4-response-bits-31, ecs-v4-response-bits-32, ecs-v6-response-bits-1, ecs-v6-response-bits-2, ecs-v6-response-bits-3, ecs-v6-response-bits-4, ecs-v6-response-bits-5, ecs-v6-response-bits-6, ecs-v6-response-bits-7, ecs-v6-response-bits-8, ecs-v6-response-bits-9, ecs-v6-response-bits-10, ecs-v6-response-bits-11, ecs-v6-response-bits-12, ecs-v6-response-bits-13, ecs-v6-response-bits-14, ecs-v6-response-bits-15, ecs-v6-response-bits-16, ecs-v6-response-bits-17, ecs-v6-response-bits-18, ecs-v6-response-bits-19, ecs-v6-response-bits-20, ecs-v6-response-bits-21, ecs-v6-response-bits-22, ecs-v6-response-bits-23, ecs-v6-response-bits-24, ecs-v6-response-bits-25, ecs-v6-response-bits-26, ecs-v6-response-bits-27, ecs-v6-response-bits-28, ecs-v6-response-bits-29, ecs-v6-response-bits-30, ecs-v6-response-bits-31, ecs-v6-response-bits-32, ecs-v6-response-bits-33, ecs-v6-response-bits-34, ecs-v6-response-bits-35, ecs-v6-response-bits-36, ecs-v6-response-bits-37, ecs-v6-response-bits-38, ecs-v6-response-bits-39, ecs-v6-response-bits-40, ecs-v6-response-bits-41, ecs-v6-response-bits-42, ecs-v6-response-bits-43, ecs-v6-response-bits-44, ecs-v6-response-bits-45, ecs-v6-response-bits-46, ecs-v6-response-bits-47, ecs-v6-response-bits-48, ecs-v6-response-bits-49, ecs-v6-response-bits-50, ecs-v6-response-bits-51, ecs-v6-response-bits-52, ecs-v6-response-bits-53, ecs-v6-response-bits-54, ecs-v6-response-bits-55, ecs-v6-response-bits-56, ecs-v6-response-bits-57, ecs-v6-response-bits-58, ecs-v6-response-bits-59, ecs-v6-response-bits-60, ecs-v6-response-bits-61, ecs-v6-response-bits-62, ecs-v6-response-bits-63, ecs-v6-response-bits-64, ecs-v6-response-bits-65, ecs-v6-response-bits-66, ecs-v6-response-bits-67, ecs-v6-response-bits-68, ecs-v6-response-bits-69, ecs-v6-response-bits-70, ecs-v6-response-bits-71, ecs-v6-response-bits-72, ecs-v6-response-bits-73, ecs-v6-response-bits-74, ecs-v6-response-bits-75, ecs-v6-response-bits-76, ecs-v6-response-bits-77, ecs-v6-response-bits-78, ecs-v6-response-bits-79, ecs-v6-response-bits-80, ecs-v6-response-bits-81, ecs-v6-response-bits-82, ecs-v6-response-bits-83, ecs-v6-response-bits-84, ecs-v6-response-bits-85, ecs-v6-response-bits-86, ecs-v6-response-bits-87, ecs-v6-response-bits-88, ecs-v6-response-bits-89, ecs-v6-response-bits-90, ecs-v6-response-bits-91, ecs-v6-response-bits-92, ecs-v6-response-bits-93, ecs-v6-response-bits-94, ecs-v6-response-bits-95, ecs-v6-response-bits-96, ecs-v6-response-bits-97, ecs-v6-response-bits-98, ecs-v6-response-bits-99, ecs-v6-response-bits-100, ecs-v6-response-bits-101, ecs-v6-response-bits-102, ecs-v6-response-bits-103, ecs-v6-response-bits-104, ecs-v6-response-bits-105, ecs-v6-response-bits-106, ecs-v6-response-bits-107, ecs-v6-response-bits-108, ecs-v6-response-bits-109, ecs-v6-response-bits-110, ecs-v6-response-bits-111, ecs-v6-response-bits-112, ecs-v6-response-bits-113, ecs-v6-response-bits-114, ecs-v6-response-bits-115, ecs-v6-response-bits-116, ecs-v6-response-bits-117, ecs-v6-response-bits-118, ecs-v6-response-bits-119, ecs-v6-response-bits-120, ecs-v6-response-bits-121, ecs-v6-response-bits-122, ecs-v6-response-bits-123, ecs-v6-response-bits-124, ecs-v6-response-bits-125, ecs-v6-response-bits-126, ecs-v6-response-bits-127, ecs-v6-response-bits-128
+
#################################
# stats-ringbuffer-entries maximum number of packets to store statistics for
#
# stats-ringbuffer-entries=10000
+#################################
+# stats-snmp-blacklist List of statistics that are prevented from being exported via SNMP
+#
+# stats-snmp-blacklist=cache-bytes, packetcache-bytes, special-memory-usage, ecs-v4-response-bits-1, ecs-v4-response-bits-2, ecs-v4-response-bits-3, ecs-v4-response-bits-4, ecs-v4-response-bits-5, ecs-v4-response-bits-6, ecs-v4-response-bits-7, ecs-v4-response-bits-8, ecs-v4-response-bits-9, ecs-v4-response-bits-10, ecs-v4-response-bits-11, ecs-v4-response-bits-12, ecs-v4-response-bits-13, ecs-v4-response-bits-14, ecs-v4-response-bits-15, ecs-v4-response-bits-16, ecs-v4-response-bits-17, ecs-v4-response-bits-18, ecs-v4-response-bits-19, ecs-v4-response-bits-20, ecs-v4-response-bits-21, ecs-v4-response-bits-22, ecs-v4-response-bits-23, ecs-v4-response-bits-24, ecs-v4-response-bits-25, ecs-v4-response-bits-26, ecs-v4-response-bits-27, ecs-v4-response-bits-28, ecs-v4-response-bits-29, ecs-v4-response-bits-30, ecs-v4-response-bits-31, ecs-v4-response-bits-32, ecs-v6-response-bits-1, ecs-v6-response-bits-2, ecs-v6-response-bits-3, ecs-v6-response-bits-4, ecs-v6-response-bits-5, ecs-v6-response-bits-6, ecs-v6-response-bits-7, ecs-v6-response-bits-8, ecs-v6-response-bits-9, ecs-v6-response-bits-10, ecs-v6-response-bits-11, ecs-v6-response-bits-12, ecs-v6-response-bits-13, ecs-v6-response-bits-14, ecs-v6-response-bits-15, ecs-v6-response-bits-16, ecs-v6-response-bits-17, ecs-v6-response-bits-18, ecs-v6-response-bits-19, ecs-v6-response-bits-20, ecs-v6-response-bits-21, ecs-v6-response-bits-22, ecs-v6-response-bits-23, ecs-v6-response-bits-24, ecs-v6-response-bits-25, ecs-v6-response-bits-26, ecs-v6-response-bits-27, ecs-v6-response-bits-28, ecs-v6-response-bits-29, ecs-v6-response-bits-30, ecs-v6-response-bits-31, ecs-v6-response-bits-32, ecs-v6-response-bits-33, ecs-v6-response-bits-34, ecs-v6-response-bits-35, ecs-v6-response-bits-36, ecs-v6-response-bits-37, ecs-v6-response-bits-38, ecs-v6-response-bits-39, ecs-v6-response-bits-40, ecs-v6-response-bits-41, ecs-v6-response-bits-42, ecs-v6-response-bits-43, ecs-v6-response-bits-44, ecs-v6-response-bits-45, ecs-v6-response-bits-46, ecs-v6-response-bits-47, ecs-v6-response-bits-48, ecs-v6-response-bits-49, ecs-v6-response-bits-50, ecs-v6-response-bits-51, ecs-v6-response-bits-52, ecs-v6-response-bits-53, ecs-v6-response-bits-54, ecs-v6-response-bits-55, ecs-v6-response-bits-56, ecs-v6-response-bits-57, ecs-v6-response-bits-58, ecs-v6-response-bits-59, ecs-v6-response-bits-60, ecs-v6-response-bits-61, ecs-v6-response-bits-62, ecs-v6-response-bits-63, ecs-v6-response-bits-64, ecs-v6-response-bits-65, ecs-v6-response-bits-66, ecs-v6-response-bits-67, ecs-v6-response-bits-68, ecs-v6-response-bits-69, ecs-v6-response-bits-70, ecs-v6-response-bits-71, ecs-v6-response-bits-72, ecs-v6-response-bits-73, ecs-v6-response-bits-74, ecs-v6-response-bits-75, ecs-v6-response-bits-76, ecs-v6-response-bits-77, ecs-v6-response-bits-78, ecs-v6-response-bits-79, ecs-v6-response-bits-80, ecs-v6-response-bits-81, ecs-v6-response-bits-82, ecs-v6-response-bits-83, ecs-v6-response-bits-84, ecs-v6-response-bits-85, ecs-v6-response-bits-86, ecs-v6-response-bits-87, ecs-v6-response-bits-88, ecs-v6-response-bits-89, ecs-v6-response-bits-90, ecs-v6-response-bits-91, ecs-v6-response-bits-92, ecs-v6-response-bits-93, ecs-v6-response-bits-94, ecs-v6-response-bits-95, ecs-v6-response-bits-96, ecs-v6-response-bits-97, ecs-v6-response-bits-98, ecs-v6-response-bits-99, ecs-v6-response-bits-100, ecs-v6-response-bits-101, ecs-v6-response-bits-102, ecs-v6-response-bits-103, ecs-v6-response-bits-104, ecs-v6-response-bits-105, ecs-v6-response-bits-106, ecs-v6-response-bits-107, ecs-v6-response-bits-108, ecs-v6-response-bits-109, ecs-v6-response-bits-110, ecs-v6-response-bits-111, ecs-v6-response-bits-112, ecs-v6-response-bits-113, ecs-v6-response-bits-114, ecs-v6-response-bits-115, ecs-v6-response-bits-116, ecs-v6-response-bits-117, ecs-v6-response-bits-118, ecs-v6-response-bits-119, ecs-v6-response-bits-120, ecs-v6-response-bits-121, ecs-v6-response-bits-122, ecs-v6-response-bits-123, ecs-v6-response-bits-124, ecs-v6-response-bits-125, ecs-v6-response-bits-126, ecs-v6-response-bits-127, ecs-v6-response-bits-128
+
#################################
# tcp-fast-open Enable TCP Fast Open support on the listening sockets, using the supplied numerical value as the queue size
#
#
# trace=off
+#################################
+# udp-source-port-avoid List of comma separated UDP port number to avoid
+#
+# udp-source-port-avoid=11211
+
+#################################
+# udp-source-port-max Maximum UDP port to bind on
+#
+# udp-source-port-max=65535
+
+#################################
+# udp-source-port-min Minimum UDP port to bind on
+#
+# udp-source-port-min=1024
+
#################################
# udp-truncation-threshold Maximum UDP response size before we truncate
#
-# udp-truncation-threshold=1680
+# udp-truncation-threshold=1232
#################################
# use-incoming-edns-subnet Pass along received EDNS Client Subnet information
#################################
# version-string string reported on version.pdns or version.bind
#
-# version-string=PowerDNS Recursor 4.1.13 (built Jun 14 2019 10:58:59 by xreaper@nimbus.for-no-reason.net)
+# version-string=PowerDNS Recursor 4.2.0 (built May 18 2019 15:59:49 by jamestk@zanzabar.cybase.for-no-reason.net)
#################################
# webserver Start a webserver (for REST API)
#
# webserver-allow-from=127.0.0.1,::1
+#################################
+# webserver-loglevel Amount of logging in the webserver (none, normal, detailed)
+#
+# webserver-loglevel=normal
+
#################################
# webserver-password Password required for accessing the webserver
#
# write-pid Write a PID file
#
# write-pid=yes
+
+#################################
+# xpf-allow-from XPF information is only processed from these subnets
+#
+# xpf-allow-from=
+
+#################################
+# xpf-rr-code XPF option code to use
+#
+# xpf-rr-code=0
+
+
+++ /dev/null
---- a/m4/pdns_check_os.m4
-+++ b/m4/pdns_check_os.m4
-@@ -35,16 +35,21 @@
- AM_CONDITIONAL([HAVE_LINUX], [test "x$have_linux" = "xyes"])
- AM_CONDITIONAL([HAVE_SOLARIS], [test "x$have_solaris" = "xyes"])
-
-- case "$host" in
-- mips* | powerpc-* )
-- AC_MSG_CHECKING([whether the linker accepts -latomic])
-- LDFLAGS="-latomic $LDFLAGS"
-- AC_LINK_IFELSE([m4_default([],[AC_LANG_PROGRAM()])],
-- [AC_MSG_RESULT([yes])],
-- [AC_MSG_ERROR([Unable to link against libatomic, cannot continue])]
-- )
-- ;;
-- esac
-+ AC_MSG_CHECKING([whether -latomic is needed for __atomic builtins])
-+ AC_LINK_IFELSE(
-+ [AC_LANG_PROGRAM([[#include <stdint.h>]],
-+ [[uint64_t val = 0; __atomic_add_fetch(&val, 1, __ATOMIC_RELAXED);]]
-+ )],
-+ [AC_MSG_RESULT([no])],
-+ [LIBS="$LIBS -latomic"
-+ AC_LINK_IFELSE(
-+ [AC_LANG_PROGRAM([[#include <stdint.h>]],
-+ [[uint64_t val = 0; __atomic_add_fetch(&val, 1, __ATOMIC_RELAXED);]]
-+ )],
-+ [AC_MSG_RESULT([yes])],
-+ [AC_MSG_FAILURE([libatomic needed, but linking with -latomic failed, cannot continue])]
-+ )]
-+ )
-
- AC_SUBST(THREADFLAGS)
- AC_SUBST([DYNLINKFLAGS], [-export-dynamic])
+++ /dev/null
---- a/build-aux/gen-version
-+++ b/build-aux/gen-version
-@@ -1,39 +1,4 @@
- #!/bin/sh
--VERSION="unknown"
--
--DIRTY=""
--git status | grep -q clean || DIRTY='.dirty'
--
--# Special environment variable to signal that we are building a release, as this
--# has consequences for the version number.
--if [ "${IS_RELEASE}" = "YES" ]; then
-- TAG="$(git describe --tags --exact-match 2> /dev/null | cut -d- -f 2-)"
-- if [ -n "${TAG}" ]; then
-- # We're on a tag
-- echo "${TAG}${DIRTY}" > .version
-- printf "${TAG}${DIRTY}"
-- exit 0
-- fi
-- echo 'This is not a tag, either tag this commit or do not set $IS_RELEASE' >&2
-- exit 1
--fi
--
--#
--# Generate the version number based on the branch
--#
--if [ ! -z "$(git rev-parse --abbrev-ref HEAD 2> /dev/null)" ]; then
-- if $(git rev-parse --abbrev-ref HEAD | grep -q 'rel/'); then
-- REL_TYPE="$(git rev-parse --abbrev-ref HEAD | cut -d/ -f 2 | cut -d- -f 1)"
-- VERSION="$(git describe --match=${REL_TYPE}-* --tags --dirty=.dirty | cut -d- -f 2-)"
-- else
-- GIT_VERSION=$(git show --no-patch --format=format:%h HEAD)
-- BRANCH=".$(git rev-parse --abbrev-ref HEAD | perl -p -e 's/[^[:alnum:]]//g;')"
-- [ "${BRANCH}" = ".master" ] && BRANCH=''
-- VERSION="0.0${BRANCH}.${PDNS_BUILD_NUMBER}g${GIT_VERSION}${DIRTY}"
-- fi
-- echo "$VERSION" > .version
--elif [ -f .version ]; then
-- VERSION="$(cat .version)"
--fi
-+VERSION="$(cat .version)"
-
- printf $VERSION
--- /dev/null
+# Copyright (C) 2019 Diana Dragusin <diana.dragusin@nccgroup.com>
+# Copyright (C) 2019 Etienne Champetier <champetier.etienne@gmail.com>
+#
+# This is free software, licensed under the GNU General Public License v3.
+# See <http://www.gnu.org/licenses/> for more information.
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=phantap
+PKG_RELEASE:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/nccgroup/phantap
+PKG_SOURCE_DATE:=2019.08.04
+PKG_SOURCE_VERSION:=f104742cf489b2b916a2cf9e2ee980259b89efe7
+PKG_MIRROR_HASH:=ebe090dbfeb0ef928b28a15c17290abbcdee043e77f38bd38acaabe38f2b685e
+
+PKG_MAINTAINER:=Diana Dragusin <diana.dragusin@nccgroup.com>, \
+ Etienne Champetier <champetier.etienne@gmail.com>
+PKG_LICENSE:=GPL-3.0-only
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+
+CMAKE_SOURCE_SUBDIR:=src
+
+define Package/phantap/Default
+ SECTION:=net
+ CATEGORY:=Network
+ URL:=https://github.com/nccgroup/phantap
+endef
+
+define Package/phantap
+ $(call Package/phantap/Default)
+ TITLE:=PhanTap
+ PKGARCH:=all
+ DEPENDS:=+ebtables +tcpdump +ip-full +kmod-br-netfilter +kmod-ebtables-ipv4
+endef
+
+define Package/phantap/conffiles
+/etc/config/phantap
+endef
+
+define Package/phantap/description
+ PhanTap or Phantom tap is a small set of scripts that allow you to setup a network tap
+ that automatically impersonate a victim device, allowing you to access internet using
+ the IP & MAC of the victim. To speak to machines in the same L2, see PhanTap learn
+endef
+
+define Package/phantap-learn
+ $(call Package/phantap/Default)
+ TITLE:=PhanTap-learn
+ DEPENDS:=+libpcap +ip-full
+endef
+
+define Package/phantap-learn/description
+ PhanTap learn listens to multicast / broadcast / arp traffic to fill the arp table
+ and add routes to the discovered IPs.
+endef
+
+define Package/phantap/install
+ $(INSTALL_DIR) $(1)/etc/config
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/files/etc/config/phantap $(1)/etc/config/
+ $(INSTALL_DIR) $(1)/etc/hotplug.d/iface
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/files/etc/hotplug.d/iface/00-phantap $(1)/etc/hotplug.d/iface/
+ $(INSTALL_DIR) $(1)/etc/hotplug.d/net
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/files/etc/hotplug.d/net/00-phantap $(1)/etc/hotplug.d/net/
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/files/etc/init.d/phantap $(1)/etc/init.d/
+ $(INSTALL_DIR) $(1)/etc/sysctl.d
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/files/etc/sysctl.d/12-phantap.conf $(1)/etc/sysctl.d/
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/files/usr/bin/phantap $(1)/usr/bin/
+endef
+
+define Package/phantap-learn/install
+ $(INSTALL_DIR) $(1)/etc/hotplug.d/iface
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/files/etc/hotplug.d/iface/00-phantap-learn $(1)/etc/hotplug.d/iface/
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/files/etc/init.d/phantap-learn $(1)/etc/init.d/
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/phantap-learn $(1)/usr/sbin/
+endef
+
+$(eval $(call BuildPackage,phantap))
+$(eval $(call BuildPackage,phantap-learn))
define Package/pixiewps
SECTION:=net
CATEGORY:=Network
- SUBMENU:=wireless
+ SUBMENU:=Wireless
TITLE:=An offline WPS bruteforce utility
URL:=https://github.com/wiire-a/pixiewps
DEPENDS:=+libpthread
define Package/reaver
SECTION:=net
CATEGORY:=Network
- SUBMENU:=wireless
+ SUBMENU:=Wireless
TITLE:=Efficient brute force attack against Wifi Protected Setup
URL:=https://github.com/t6x/reaver-wps-fork-t6x
DEPENDS:=+libpcap
CATEGORY:=Network
TITLE:=PPPoE (PPP over Ethernet)
URL:=http://roaringpenguin.com/products/pppoe
- SUBMENU:=dial-in/up
+ SUBMENU:=Dial-in/up
endef
define Package/rp-pppoe/Default/description
PKG_NAME:=samba
PKG_VERSION:=4.9.11
-PKG_RELEASE:=1
-
-PKG_MAINTAINER:=Andy Walsh <andy.walsh44+github@gmail.com>
-PKG_LICENSE:=GPL-3.0-only
-PKG_LICENSE_FILES:=COPYING
+PKG_RELEASE:=3
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://ftp.heanet.ie/mirrors/ftp.samba.org/stable/ \
https://ftp.gwdg.de/pub/samba/stable/ \
https://ftp.riken.jp/net/samba/samba/stable/ \
http://www.nic.funet.fi/index/samba/pub/samba/stable/ \
http://samba.mirror.bit.nl/samba/ftp/stable/ \
https://download.samba.org/pub/samba/stable/
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_HASH:=bb736624d16f7369e395de2f15fec153b554f76f95864015b4ce1f2ae53e817b
+PKG_MAINTAINER:=Andy Walsh <andy.walsh44+github@gmail.com>
+PKG_LICENSE:=GPL-3.0-only
+PKG_LICENSE_FILES:=COPYING
+
# samba4=(asn1_compile) e2fsprogs=(compile_et) nfs-kernel-server=(rpcgen)
-HOST_BUILD_DEPENDS:=nfs-kernel-server/host e2fsprogs/host
+HOST_BUILD_DEPENDS:=python/host nfs-kernel-server/host e2fsprogs/host
PKG_BUILD_DEPENDS:=samba4/host
PKG_CONFIG_DEPENDS:= \
SECTION:=net
CATEGORY:=Network
TITLE:=Samba $(PKG_VERSION)
- URL:=http://www.samba.org/
+ URL:=https://www.samba.org/
endef
define Package/samba4/Default/description
config_get samba_iface $1 interface "loopback lan"
# resolve interfaces
- local interfaces=$(
+ local interfaces
+ interfaces=$(
. /lib/functions/network.sh
local net
local device
network_is_up $net || continue
network_get_device device "$net"
- echo -n "${device:-$net} "
+ printf "%s " "${device:-$net}"
done
)
local workgroup description charset
# we dont use netbios anymore as default and wsd/avahi is dns based
- local hostname="$(cat /proc/sys/kernel/hostname)"
+ local hostname
+ hostname="$(cat /proc/sys/kernel/hostname)"
config_get workgroup $1 workgroup "WORKGROUP"
config_get description $1 description "Samba on OpenWrt"
- config_get charset $1 charset "UTF-8"
-
- config_get_bool MACOS $1 macos 0
+ config_get charset $1 charset "UTF-8"
+
+ config_get_bool MACOS $1 macos 0
config_get_bool DISABLE_NETBIOS $1 disable_netbios 0
config_get_bool DISABLE_AD_DC $1 disable_ad_dc 0
config_get_bool DISABLE_WINBIND $1 disable_winbind 0
-e "s#|CHARSET|#$charset#g" \
/etc/samba/smb.conf.template > /var/etc/smb.conf
- echo -e "\n######### Dynamic written config options #########\n" >> /var/etc/smb.conf
- if [ "$DISABLE_NETBIOS" -eq 1 ] || [ ! -x /usr/sbin/nmbd ]; then
- echo -e "\tdisable netbios = yes" >> /var/etc/smb.conf
- fi
+ {
+ printf "\n######### Dynamic written config options #########\n"
+ if [ "$DISABLE_NETBIOS" -eq 1 ] || [ ! -x /usr/sbin/nmbd ]; then
+ printf "\tdisable netbios = yes\n"
+ fi
- local homes
- config_get_bool homes $1 homes 0
- [ $homes -gt 0 ] && {
- cat <<EOT >> /var/etc/smb.conf
+ local homes
+ config_get_bool homes $1 homes 0
+ [ $homes -gt 0 ] && {
+ cat <<EOT
[homes]
comment = Home Directories
read only = no
create mask = 0750
EOT
- }
+ }
+ } >> /var/etc/smb.conf
[ -e /etc/samba/smb.conf ] || ln -nsf /var/etc/smb.conf /etc/samba/smb.conf
-
+
if ! [ -L /etc/samba/smb.conf ]; then
logger -t 'samba4-server' "Local custom /etc/samba/smb.conf file detected, all luci/config settings are ignored!"
fi
-
+
}
smb_add_share() {
config_get write_list $1 write_list
config_get read_list $1 read_list
- [ -z "$name" -o -z "$path" ] && return
+ [ -z "$name" ] || [ -z "$path" ] && return
- echo -e "\n[$name]\n\tpath = $path" >> /var/etc/smb.conf
-
- if [ "$force_root" -eq 1 ]; then
- echo -e "\tforce user = root" >> /var/etc/smb.conf
- echo -e "\tforce group = root" >> /var/etc/smb.conf
- else
- [ -n "$users" ] && echo -e "\tvalid users = $users" >> /var/etc/smb.conf
- fi
+ {
+ printf "\n[$name]\n\tpath = %s\n" "$path"
- [ -n "$create_mask" ] && echo -e "\tcreate mask = $create_mask" >> /var/etc/smb.conf
- [ -n "$dir_mask" ] && echo -e "\tdirectory mask = $dir_mask" >> /var/etc/smb.conf
-
- [ -n "$browseable" ] && echo -e "\tbrowseable = $browseable" >> /var/etc/smb.conf
- [ -n "$read_only" ] && echo -e "\tread only = $read_only" >> /var/etc/smb.conf
- [ -n "$writeable" ] && echo -e "\twriteable = $writeable" >> /var/etc/smb.conf
- [ -n "$guest_ok" ] && echo -e "\tguest ok = $guest_ok" >> /var/etc/smb.conf
- [ -n "$guest_only" ] && echo -e "\tguest only = $guest_only" >> /var/etc/smb.conf
- [ -n "$inherit_owner" ] && echo -e "\tinherit owner = $inherit_owner" >> /var/etc/smb.conf
-
- [ -n "$write_list" ] && echo -e "\twrite list = $write_list" >> /var/etc/smb.conf
- [ -n "$read_list" ] && echo -e "\tread list = $read_list" >> /var/etc/smb.conf
-
- if [ "$MACOS" -eq 1 ]; then
- vfs_objects="catia fruit streams_xattr $vfs_objects"
- echo -e "\tfruit:encoding = native" >> /var/etc/smb.conf
- echo -e "\tfruit:metadata = stream" >> /var/etc/smb.conf
- echo -e "\tfruit:veto_appledouble = no" >> /var/etc/smb.conf
- # avoid mixed shares order for aapl
- if [ "$timemachine" -eq 1 ]; then
- echo -e "\tfruit:time machine = yes" >> /var/etc/smb.conf
- [ -n "$timemachine_maxsize" ] && echo -e "\tfruit:time machine max size = ${timemachine_maxsize}G" >> /var/etc/smb.conf
+ if [ "$force_root" -eq 1 ]; then
+ printf "\tforce user = root\n"
+ printf "\tforce group = root\n"
+ else
+ [ -n "$users" ] && printf "\tvalid users = %s\n" "$users"
fi
- fi
-
- [ -n "$vfs_objects" ] && echo -e "\tvfs objects = $vfs_objects" >> /var/etc/smb.conf
+
+ [ -n "$create_mask" ] && printf "\tcreate mask = %s\n" "$create_mask"
+ [ -n "$dir_mask" ] && printf "\tdirectory mask = %s\n" "$dir_mask"
+
+ [ -n "$browseable" ] && printf "\tbrowseable = %s\n" "$browseable"
+ [ -n "$read_only" ] && printf "\tread only = %s\n" "$read_only"
+ [ -n "$writeable" ] && printf "\twriteable = %s\n" "$writeable"
+ [ -n "$guest_ok" ] && printf "\tguest ok = %s\n" "$guest_ok"
+ [ -n "$guest_only" ] && printf "\tguest only = %s\n" "$guest_only"
+ [ -n "$inherit_owner" ] && printf "\tinherit owner = %s\n" "$inherit_owner"
+
+ [ -n "$write_list" ] && printf "\twrite list = %s\n" "$write_list"
+ [ -n "$read_list" ] && printf "\tread list = %s\n" "$read_list"
+
+ if [ "$MACOS" -eq 1 ]; then
+ vfs_objects="catia fruit streams_xattr $vfs_objects"
+ printf "\tfruit:encoding = native\n"
+ printf "\tfruit:metadata = stream\n"
+ printf "\tfruit:veto_appledouble = no\n"
+ # avoid mixed shares order for aapl
+ if [ "$timemachine" -eq 1 ]; then
+ printf "\tfruit:time machine = yes\n"
+ [ -n "$timemachine_maxsize" ] && printf "\tfruit:time machine max size = %sG\n" "${timemachine_maxsize}"
+ fi
+ fi
+
+ [ -n "$vfs_objects" ] && printf "\tvfs objects = %s\n" "$vfs_objects"
+ } >> /var/etc/smb.conf
}
init_config() {
[ -d /var/cache/samba ] || mkdir -p /var/cache/samba
[ -d /var/run/samba ] || mkdir -p /var/run/samba
[ -d /var/log/samba ] || mkdir -p /var/log/samba
- [ -d /var/lock ] && chmod 0755 /var/lock || {
- mkdir -p /var/lock
- chmod 0755 /var/lock
- }
+ [ -d /var/lock ] || mkdir -p /var/lock
+ chmod 0755 /var/lock
config_load samba4
config_foreach smb_header samba
service_triggers() {
PROCD_RELOAD_DELAY=2000
-
+
procd_add_reload_trigger "dhcp" "system" "samba4"
-
+
local i
for i in $samba_iface; do
procd_add_reload_interface_trigger $i
fi
# lower priority using renice (if found)
if [ -x /usr/bin/renice ]; then
- [ -x /usr/sbin/samba ] && renice -n 2 $(pidof samba)
- [ -x /usr/sbin/smbd ] && renice -n 2 $(pidof smbd)
- [ -x /usr/sbin/nmbd ] && renice -n 2 $(pidof nmbd)
- [ -x /usr/sbin/winbindd ] && renice -n 2 $(pidof winbindd)
+ [ -x /usr/sbin/samba ] && renice -n 2 "$(pidof samba)"
+ [ -x /usr/sbin/smbd ] && renice -n 2 "$(pidof smbd)"
+ [ -x /usr/sbin/nmbd ] && renice -n 2 "$(pidof nmbd)"
+ [ -x /usr/sbin/winbindd ] && renice -n 2 "$(pidof winbindd)"
fi
}
PKG_NAME:=socat
PKG_VERSION:=1.7.3.3
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=http://www.dest-unreach.org/socat/download
PKG_HASH:=0dd63ffe498168a4aac41d307594c5076ff307aa0ac04b141f8f1cec6594d04a
PKG_MAINTAINER:=Ted Hess <thess@kitschensync.net>
-PKG_LICENSE:=GPL-2.0 OpenSSL
+PKG_LICENSE:=GPL-2.0-or-later OpenSSL
PKG_LICENSE_FILES:=COPYING COPYING.OpenSSL
PKG_INSTALL:=1
--- /dev/null
+--- a/sycls.c
++++ b/sycls.c
+@@ -1329,6 +1329,7 @@ unsigned int Sleep(unsigned int seconds) {
+ return retval;
+ }
+
++#if 0
+ /* obsolete by POSIX.1-2001 */
+ void Usleep(unsigned long usec) {
+ Debug1("usleep(%lu)", usec);
+@@ -1336,6 +1337,7 @@ void Usleep(unsigned long usec) {
+ Debug("usleep() ->");
+ return;
+ }
++#endif
+
+ #if HAVE_NANOSLEEP
+ unsigned int Nanosleep(const struct timespec *req, struct timespec *rem) {
command line:
uci add_list dhcp.@dnsmasq[-1].server='127.0.0.1#5453'
- uci dhcp.@dnsmasq[-1].noresolv=1
+ uci set dhcp.@dnsmasq[-1].noresolv=1
uci commit && reload_config
The same outcome can be achieved in the LUCI web interface as follows:
include $(TOPDIR)/rules.mk
PKG_NAME:=stunnel
-PKG_VERSION:=5.54
+PKG_VERSION:=5.55
PKG_RELEASE:=1
PKG_LICENSE:=GPL-2.0+
https://www.usenix.org.uk/mirrors/stunnel/archive/$(word 1, $(subst .,$(space),$(PKG_VERSION))).x/
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=5e8588a6c274b46b1d63e1b50f0725f4908dec736f6588eb48d1eb3d20c87902
+PKG_HASH:=90de69f41c58342549e74c82503555a6426961b29af3ed92f878192727074c62
PKG_FIXUP:=autoreconf
PKG_FIXUP:=patch-libtool
print_options() {
local _opt
local _value
- for _opt in $*; do
+ for _opt in "$@"; do
eval "_value=\$$_opt"
[ -z "$_value" ] || echo "$_opt = $_value" >> "$CONF_FILE"
done
local _opt
local _bool
local _value
- for _opt in $*; do
+ for _opt in "$@"; do
eval "_bool=\$$_opt"
[ -z "$_bool" ] || {
_value=no
local _opt
local _values
local _value
- for _opt in $*; do
+ for _opt in "$@"; do
eval "_values=\$$_opt"
for _value in $_values; do
echo "$_opt = $_value" >> "$CONF_FILE"
local _values
local _v
shift
- for _opt in $*; do
+ for _opt in "$@"; do
_value=
eval "_values=\$$_opt"
for _v in $_values; do
local _opt
local _host
local _port
- for _opt in $*; do
+ for _opt in "$@"; do
eval "_host=\${${_opt}_host}"
eval "_port=\${${_opt}_port}"
[ -z "$_host" ] || [ -z "$_port" ] || echo "$_opt = $_host:$_port" >> "$CONF_FILE"
local _host
local _port
local _value
- for _opt in $*; do
+ for _opt in "$@"; do
eval "_host=\${${_opt}_host}"
eval "_port=\${${_opt}_port}"
[ -z "$_port" ] || {
procd_add_reload_trigger stunnel
procd_open_validate
- validate_globals_section
- validate_globals_section_service_options
- validate_service_section
- validate_service_section_service_options
+ validate_globals_section "$@"
+ validate_globals_section_service_options "$@"
+ validate_service_section "$@"
+ validate_service_section_service_options "$@"
procd_close_validate
}
PKG_NAME:=subversion
PKG_RELEASE:=1
-PKG_VERSION:=1.12.0
+PKG_VERSION:=1.12.2
PKG_SOURCE_URL:=@APACHE/subversion
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_HASH:=7fae7c73d8a007c107c0ae5eb372bc0bb013dbfe966fcd5c59cd5a195a5e2edf
+PKG_HASH:=3bd0b5c8e4c5175263dc9a92fd9aef94ce917e80af034f26fe5c45fde7e0f771
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_MAINTAINER:=Val Kulkov <val.kulkov@gmail.com>
tcpreplay tcpreplay-edit tcprewrite
define Package/tcpreplay/default
- SUBMENU:=tcprelay
+ SUBMENU:=Tcpreplay
SECTION:=net
CATEGORY:=Network
URL:=http://tcpreplay.appneta.com/
include $(TOPDIR)/rules.mk
PKG_NAME:=travelmate
-PKG_VERSION:=1.4.9
+PKG_VERSION:=1.4.11
PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0+
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
SECTION:=net
CATEGORY:=Network
TITLE:=A wlan connection manager for travel router
- DEPENDS:=+iwinfo +jshn +jsonfilter +uclient-fetch
+ DEPENDS:=+iwinfo +jshn +jsonfilter +uclient-fetch +dnsmasq
PKGARCH:=all
endef
define Package/travelmate/install
$(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) ./files/travelmate.sh $(1)/usr/bin/
+ $(INSTALL_BIN) ./files/travelmate.sh $(1)/usr/bin
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/travelmate.init $(1)/etc/init.d/travelmate
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/travelmate.conf $(1)/etc/config/travelmate
+
+ $(INSTALL_DIR) $(1)/etc/travelmate
+ $(INSTALL_BIN) ./files/*.login $(1)/etc/travelmate
endef
$(eval $(call BuildPackage,travelmate))
* support all kinds of uplinks, incl. hidden and enterprise uplinks
* continuously checks the existing uplink connection (quality), e.g. for conditional uplink (dis-) connections
* captive portal detection with internet online check and a 'heartbeat' function to keep the uplink connection up & running
+* captive portal auto-login hook (configured via uci/LuCI), you could reference an external script for captive portal auto-logins (see example below)
* proactively scan and switch to a higher prioritized uplink, despite of an already existing connection
* support devices with multiple radios in any order
* procd init and hotplug support
* optional: the LuCI frontend shows the WiFi QR codes from all configured Access Points. It allows you to connect your Android or iOS devices to your router’s WiFi using the QR code
## Prerequisites
-* [OpenWrt](https://openwrt.org), tested with the stable release series (18.06.x) and with the latest OpenWrt snapshot
-* iwinfo for wlan scanning, uclient-fetch for captive portal detection
+* [OpenWrt](https://openwrt.org), tested with the stable release series (19.07.x) and with the latest OpenWrt snapshot
+* iwinfo for wlan scanning, uclient-fetch for captive portal detection, dnsmasq as dns backend
* optional: qrencode 4.x for QR code support
* optional: wpad (the full version, not wpad-mini) to use Enterprise WiFi
+* optional: curl to use external scripts for captive portal auto-logins
## Installation & Usage
* download the package [here](https://downloads.openwrt.org/snapshots/packages/x86_64/packages)
* trm\_maxretry => how many times should travelmate try to connect to an uplink (int/default: '3', valid range: 1-10)
* trm\_timeout => overall retry timeout in seconds (int/default: '60', valid range: 30-300)
* trm\_radio => limit travelmate to a single radio (e.g. 'radio1') or change the overall scanning priority (e.g. 'radio1 radio2 radio0') (default: not set, use all radios 0-n)
- * trm\_iface => main uplink / procd trigger network interface (default: trm_wwan)
+ * trm\_iface => uplink / procd trigger network interface (default: trm_wwan)
* trm\_triggerdelay => additional trigger delay in seconds before travelmate processing begins (int/default: '2')
+## Captive Portal auto-logins
+For automated captive portal logins you could reference external shell scripts. All login scripts should be executable and located in '/etc/travelmate' with the extension '.login'. The provided 'wifionice.login' script example requires curl and automates the login to german ICE hotspots, it also explains the principle approach to extract runtime data like security tokens for a succesful login. Hopefully more scripts for different captive portals will be provided by the community ...
+
+A typical/succesful captive portal login looks like this:
+<pre><code>
+[...]
+Mon Aug 5 10:15:48 2019 user.info travelmate-1.4.10[1481]: travelmate instance started ::: action: start, pid: 1481
+Mon Aug 5 10:16:17 2019 user.info travelmate-1.4.10[1481]: captive portal login '/etc/travelmate/wifionice.login' for 'www.wifionice.de' has been executed with rc '0'
+Mon Aug 5 10:16:23 2019 user.info travelmate-1.4.10[1481]: connected to uplink 'radio1/WIFIonICE/-' (1/5, GL.iNet GL-AR750S, OpenWrt SNAPSHOT r10644-cb49e46a8a)
+[...]
+</code></pre>
+
## Runtime information
**receive travelmate runtime information:**
<pre><code>
~# /etc/init.d/travelmate status
::: travelmate runtime information
- + travelmate_status : connected (net ok/78)
- + travelmate_version : 1.2.3
- + station_id : radio1/blackhole/01:02:03:04:05:06
+ + travelmate_status : connected (net ok/100)
+ + travelmate_version : 1.4.10
+ + station_id : radio1/blackhole/-
+ station_interface : trm_wwan
+ faulty_stations :
- + last_rundate : 07.09.2018 17:22:37
- + system : TP-LINK RE450, OpenWrt SNAPSHOT r8018-42f158314e
+ + last_rundate : 2019.08.03-20:37:19
+ + system : GL.iNet GL-AR750S, OpenWrt SNAPSHOT r10644-cb49e46a8a
</code></pre>
+To debug travelmate runtime problems, please always enable the 'trm\_debug' flag, restart travelmate and scan the system log (_logread -e "travelmate"_)
+
## Manual Setup
**1. configure the travelmate wwan interface in /etc/config/network:**
<pre><code>
#
LC_ALL=C
PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-trm_ver="1.4.9"
+trm_ver="1.4.11"
trm_sysver="unknown"
trm_enabled=0
trm_debug=0
trm_sysver="${sys_model}, ${sys_desc}"
fi
- # get eap capabilities and rebind protection setting
+ # get eap capabilities
#
trm_eap="$("${trm_wpa}" -veap >/dev/null 2>&1; printf "%u" ${?})"
- trm_rebind="$(uci_get dhcp "@dnsmasq[0]" rebind_protection)"
# load config and check 'enabled' option
#
fi
fi
fi
- f_log "debug" "f_prep ::: config: ${config}, mode: ${mode}, network: ${network}, radio: ${radio}, trm_radio: ${trm_radio:-"-"}, trm_active_sta: ${trm_active_sta:-"-"}, proactive: ${proactive}, trm_eap: ${trm_eap:-"-"}, trm_rebind: ${trm_rebind:-"-"}, disabled: ${disabled}"
+ f_log "debug" "f_prep ::: config: ${config}, mode: ${mode}, network: ${network}, radio: ${radio}, trm_radio: ${trm_radio:-"-"}, trm_active_sta: ${trm_active_sta:-"-"}, proactive: ${proactive}, trm_eap: ${trm_eap:-"-"}, disabled: ${disabled}"
}
# check interface status
#
f_check()
{
- local IFS ifname radio dev_status last_status config sta_essid sta_bssid result cp_domain wait mode="${1}" status="${2:-"false"}"
+ local IFS ifname radio dev_status config sta_essid sta_bssid result uci_essid uci_bssid login_command bg_pid wait_time mode="${1}" status="${2:-"false"}" cp_domain="${3:-"false"}"
if [ "${mode}" != "initial" ] && [ "${status}" = "false" ]
then
ubus call network reload
- wait=$((trm_maxwait/6))
- sleep ${wait}
+ wait_time=$((trm_maxwait/6))
+ sleep ${wait_time}
fi
- wait=1
- while [ "${wait}" -le "${trm_maxwait}" ]
+ wait_time=1
+ while [ "${wait_time}" -le "${trm_maxwait}" ]
do
dev_status="$(ubus -S call network.wireless status 2>/dev/null)"
if [ -n "${dev_status}" ]
trm_devlist="$(f_trim "${trm_devlist} ${radio}")"
fi
done
- if [ "${trm_devlist}" = "${trm_radiolist}" ] || [ "${wait}" -eq "${trm_maxwait}" ]
+ if [ "${trm_devlist}" = "${trm_radiolist}" ] || [ "${wait_time}" -eq "${trm_maxwait}" ]
then
ifname="${trm_devlist}"
break
if [ "${mode}" = "initial" ] && [ "${trm_captive}" -eq 1 ]
then
result="$(${trm_fetch} --timeout=$((trm_maxwait/6)) "${trm_captiveurl}" -O /dev/null 2>&1 | \
- awk '/^Failed to redirect|^Redirected/{printf "%s" "net cp \047"$NF"\047";exit}/^Download completed/{printf "%s" "net ok";exit}/^Failed|^Connection error/{printf "%s" "net nok";exit}')"
+ awk '/^Failed to redirect|^Redirected/{printf "%s" "net cp \047"$NF"\047";exit}/^Download completed/{printf "%s" "net ok";exit}/^Failed|Connection error/{printf "%s" "net nok";exit}')"
+ if [ "${cp_domain}" = "true" ]
+ then
+ cp_domain="$(printf "%s" "${result}" | awk -F "[\\'| ]" '/^net cp/{printf "%s" $4}')"
+ uci_essid="$(printf "%s" "${dev_status}" | jsonfilter -l1 -e '@.*.interfaces[@.config.mode="sta"].config.ssid')"
+ uci_essid="$(printf "%s" "${uci_essid//[^[:alnum:]_]/_}" | awk '{print tolower($1)}')"
+ uci_bssid="$(printf "%s" "${dev_status}" | jsonfilter -l1 -e '@.*.interfaces[@.config.mode="sta"].config.bssid')"
+ uci_bssid="${uci_bssid//[^[:alnum:]_]/_}"
+ fi
fi
- if [ "${trm_ifquality}" -ge "${trm_minquality}" ] && [ "${result%/*}" != "net nok" ]
+ if [ "${trm_ifquality}" -ge "${trm_minquality}" ] && [ "${result}" != "net nok" ]
then
trm_ifstatus="$(ubus -S call network.interface dump 2>/dev/null | jsonfilter -l1 -e "@.interface[@.device=\"${ifname}\"].up")"
if [ "${trm_ifstatus}" = "true" ]
then
- if [ "${mode}" = "sta" ] && [ "${trm_captive}" -eq 1 ] && [ "${trm_rebind:-0}" -eq 1 ] && [ -x "/etc/init.d/dnsmasq" ]
+ if [ "${mode}" = "sta" ] && [ "${trm_captive}" -eq 1 ]
then
while true
do
result="$(${trm_fetch} --timeout=$((trm_maxwait/6)) "${trm_captiveurl}" -O /dev/null 2>&1 | \
- awk '/^Failed to redirect|^Redirected/{printf "%s" "net cp \047"$NF"\047";exit}/^Download completed/{printf "%s" "net ok";exit}/^Failed|^Connection error/{printf "%s" "net nok";exit}')"
+ awk '/^Failed to redirect|^Redirected/{printf "%s" "net cp \047"$NF"\047";exit}/^Download completed/{printf "%s" "net ok";exit}/^Failed|Connection error/{printf "%s" "net nok";exit}')"
cp_domain="$(printf "%s" "${result}" | awk -F "[\\'| ]" '/^net cp/{printf "%s" $4}')"
- if [ "${trm_netcheck}" -eq 1 ] && [ "${result%/*}" = "net nok" ]
+ uci_essid="$(printf "%s" "${dev_status}" | jsonfilter -l1 -e '@.*.interfaces[@.config.mode="sta"].config.ssid')"
+ uci_essid="$(printf "%s" "${uci_essid//[^[:alnum:]_]/_}" | awk '{print tolower($1)}')"
+ uci_bssid="$(printf "%s" "${dev_status}" | jsonfilter -l1 -e '@.*.interfaces[@.config.mode="sta"].config.bssid')"
+ uci_bssid="${uci_bssid//[^[:alnum:]_]/_}"
+ if [ "${trm_netcheck}" -eq 1 ] && [ "${result}" = "net nok" ]
then
trm_ifstatus="${status}"
f_jsnup
break
fi
uci -q add_list dhcp.@dnsmasq[0].rebind_domain="${cp_domain}"
- f_log "info" "captive portal domain '${cp_domain}' added to rebind whitelist"
+ f_log "info" "captive portal domain '${cp_domain}' added to to dhcp rebind whitelist"
+ if [ -z "$(uci_get travelmate "${uci_essid}${uci_bssid}")" ]
+ then
+ uci_add travelmate "login" "${uci_essid}${uci_bssid}"
+ uci_set travelmate "${uci_essid}${uci_bssid}" "command" "none"
+ f_log "info" "captive portal login section '${uci_essid}${uci_bssid}' added to travelmate config section"
+ fi
done
if [ -n "$(uci -q changes dhcp)" ]
then
uci_commit dhcp
/etc/init.d/dnsmasq reload
fi
+ if [ -n "$(uci -q changes travelmate)" ]
+ then
+ uci_commit travelmate
+ fi
+ fi
+ if [ -n "${cp_domain}" ] && [ "${cp_domain}" != "false" ] && [ -n "${uci_essid}" ] && [ "${trm_captive}" -eq 1 ]
+ then
+ trm_connection="${result:-"-"}/${trm_ifquality}"
+ f_jsnup
+ login_command="$(uci_get travelmate "${uci_essid}${uci_bssid}" command)"
+ if [ -x "${login_command}" ]
+ then
+ "${login_command}" >/dev/null 2>&1
+ rc=${?}
+ f_log "info" "captive portal login '${login_command:0:40}' for '${cp_domain}' has been executed with rc '${rc}'"
+ if [ "${rc}" -eq 0 ]
+ then
+ result="$(${trm_fetch} --timeout=$((trm_maxwait/6)) "${trm_captiveurl}" -O /dev/null 2>&1 | \
+ awk '/^Failed to redirect|^Redirected/{printf "%s" "net cp \047"$NF"\047";exit}/^Download completed/{printf "%s" "net ok";exit}/^Failed|Connection error/{printf "%s" "net nok";exit}')"
+ fi
+ fi
fi
trm_connection="${result:-"-"}/${trm_ifquality}"
f_jsnup
sta_bssid="$(printf "%s" "${dev_status}" | jsonfilter -l1 -e '@.*.interfaces[@.config.mode="sta"].*.bssid')"
if [ "${trm_ifquality}" -lt "${trm_minquality}" ]
then
+ unset trm_connection
+ trm_ifstatus="${status}"
f_log "info" "uplink '${sta_essid:-"-"}/${sta_bssid:-"-"}' is out of range (${trm_ifquality}/${trm_minquality})"
- elif [ "${trm_netcheck}" -eq 1 ] && [ "${result%/*}" = "net nok" ]
+ elif [ "${trm_netcheck}" -eq 1 ] && [ "${result}" = "net nok" ]
then
+ unset trm_connection
+ trm_ifstatus="${status}"
f_log "info" "uplink '${sta_essid:-"-"}/${sta_bssid:-"-"}' has no internet (${result})"
fi
- unset trm_connection
- trm_ifstatus="${status}"
f_jsnup
break
elif [ "${mode}" = "initial" ]
fi
fi
fi
- wait=$((wait+1))
+ wait_time=$((wait_time+1))
sleep 1
done
- f_log "debug" "f_check::: mode: ${mode}, name: ${ifname:-"-"}, status: ${trm_ifstatus}, connection: ${trm_connection:-"-"}, wait: ${wait}, max_wait: ${trm_maxwait}, min_quality: ${trm_minquality}, captive: ${trm_captive}, netcheck: ${trm_netcheck}"
+ f_log "debug" "f_check::: mode: ${mode}, name: ${ifname:-"-"}, status: ${trm_ifstatus}, connection: ${trm_connection:-"-"}, wait: ${wait_time}, max_wait: ${trm_maxwait}, min_quality: ${trm_minquality}, captive: ${trm_captive}, netcheck: ${trm_netcheck}"
}
# update runtime information
local IFS cnt dev config spec scan_list scan_essid scan_bssid scan_quality faulty_list
local station_id sta sta_essid sta_bssid sta_radio sta_iface active_essid active_bssid active_radio
- f_check "initial"
+ f_check "initial" "false" "true"
f_log "debug" "f_main ::: status: ${trm_ifstatus}, proactive: ${trm_proactive}"
if [ "${trm_ifstatus}" != "true" ] || [ "${trm_proactive}" -eq 1 ]
then
--- /dev/null
+#!/bin/sh
+# captive portal auto-login script for german ICE hotspots
+# written by Dirk Brenken (dev@brenken.org)
+
+# This is free software, licensed under the GNU General Public License v3.
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+domain="www.wifionice.de"
+cmd="$(command -v curl)"
+
+# curl check
+#
+if [ ! -x "${cmd}" ]
+then
+ exit 1
+fi
+
+# initial get request to receive & extract a valid security token
+#
+"${cmd}" "http://${domain}/en/" -s -o /dev/null -c "/tmp/${domain}.cookie"
+if [ -f "/tmp/${domain}.cookie" ]
+then
+ sec_token="$(awk '/csrf/{print $7}' "/tmp/${domain}.cookie")"
+ rm -f "/tmp/${domain}.cookie"
+else
+ exit 2
+fi
+
+# final post request/login with valid session cookie/security token
+#
+if [ -n "${sec_token}" ]
+then
+ "${cmd}" "http://${domain}/en/" -H "Cookie: csrf=${sec_token}" --data "login=true&CSRFToken=${sec_token}&connect="
+else
+ exit 3
+fi
PKG_NAME:=ulogd
PKG_VERSION:=2.0.7
-PKG_RELEASE:=1
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://netfilter.org/projects/ulogd/files/ \
ftp://ftp.netfilter.org/pub/ulogd/
PKG_HASH:=990a05494d9c16029ba0a83f3b7294fc05c756546b8d60d1c1572dc25249a92b
-PKG_LICENSE:=GPL-2.0
+PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
+PKG_LICENSE:=GPL-2.0-only
PKG_LICENSE_FILES:=COPYING
-PKG_MAINTAINER:=Nicolas Thill <nico@openwrt.org>
-PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
+
+PKG_BUILD_DEPENDS:=libnetfilter-acct libnetfilter-conntrack libnetfilter-log
+PKG_CONFIG_DEPENDS:= \
+ CONFIG_PACKAGE_ulogd-mod-dbi \
+ CONFIG_PACKAGE_ulogd-mod-mysql \
+ CONFIG_PACKAGE_ulogd-mod-pgsql \
+ CONFIG_PACKAGE_ulogd-mod-sqlite
include $(INCLUDE_DIR)/package.mk
define Package/ulogd/Default
SECTION:=net
CATEGORY:=Network
- URL:=http://www.netfilter.org/projects/ulogd/index.html
+ URL:=https://www.netfilter.org/projects/ulogd/index.html
endef
define Package/ulogd
TITLE:=Extra plugins
endef
-PKG_BUILD_DEPENDS:=libnetfilter-acct libnetfilter-conntrack libnetfilter-log
-
-PKG_CONFIG_DEPENDS:= \
- CONFIG_PACKAGE_ulogd-mod-dbi \
- CONFIG_PACKAGE_ulogd-mod-mysql \
- CONFIG_PACKAGE_ulogd-mod-pgsql \
- CONFIG_PACKAGE_ulogd-mod-sqlite \
-
-TARGET_CFLAGS += \
- -D_GNU_SOURCE \
-
CONFIGURE_ARGS += \
--enable-nfacct \
--enable-nfct \
- --enable-nflog \
+ --enable-nflog
ifneq ($(DEVELOPER)$(SDK)$(CONFIG_PACKAGE_ulogd-mod-dbi),)
CONFIGURE_ARGS += --with-dbi \
--- /dev/null
+From 9d9ea2cd70a369a7f665a322e6c53631e01a2570 Mon Sep 17 00:00:00 2001
+From: Andreas Jaggi <andreas.jaggi@waterwave.ch>
+Date: Wed, 30 May 2018 22:15:36 +0200
+Subject: ulogd: json: send messages to a remote host / unix socket
+
+Extend the JSON output plugin so that the generated JSON stream can be
+sent to a remote host via TCP/UDP or to a local unix socket.
+
+Signed-off-by: Andreas Jaggi <andreas.jaggi@waterwave.ch>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ output/ulogd_output_JSON.c | 291 +++++++++++++++++++++++++++++++++++++++++----
+ ulogd.conf.in | 11 ++
+ 2 files changed, 281 insertions(+), 21 deletions(-)
+
+diff --git a/output/ulogd_output_JSON.c b/output/ulogd_output_JSON.c
+index 4d8e3e9..6edfa90 100644
+--- a/output/ulogd_output_JSON.c
++++ b/output/ulogd_output_JSON.c
+@@ -20,10 +20,15 @@
+
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <unistd.h>
+ #include <string.h>
+ #include <time.h>
+ #include <errno.h>
+ #include <inttypes.h>
++#include <sys/types.h>
++#include <sys/socket.h>
++#include <sys/un.h>
++#include <netdb.h>
+ #include <ulogd/ulogd.h>
+ #include <ulogd/conffile.h>
+ #include <jansson.h>
+@@ -36,6 +41,10 @@
+ #define ULOGD_JSON_DEFAULT_DEVICE "Netfilter"
+ #endif
+
++#define host_ce(x) (x->ces[JSON_CONF_HOST])
++#define port_ce(x) (x->ces[JSON_CONF_PORT])
++#define mode_ce(x) (x->ces[JSON_CONF_MODE])
++#define file_ce(x) (x->ces[JSON_CONF_FILENAME])
+ #define unlikely(x) __builtin_expect((x),0)
+
+ struct json_priv {
+@@ -44,6 +53,15 @@ struct json_priv {
+ int usec_idx;
+ long cached_gmtoff;
+ char cached_tz[6]; /* eg +0200 */
++ int mode;
++ int sock;
++};
++
++enum json_mode {
++ JSON_MODE_FILE = 0,
++ JSON_MODE_TCP,
++ JSON_MODE_UDP,
++ JSON_MODE_UNIX
+ };
+
+ enum json_conf {
+@@ -53,6 +71,9 @@ enum json_conf {
+ JSON_CONF_EVENTV1,
+ JSON_CONF_DEVICE,
+ JSON_CONF_BOOLEAN_LABEL,
++ JSON_CONF_MODE,
++ JSON_CONF_HOST,
++ JSON_CONF_PORT,
+ JSON_CONF_MAX
+ };
+
+@@ -95,15 +116,167 @@ static struct config_keyset json_kset = {
+ .options = CONFIG_OPT_NONE,
+ .u = { .value = 0 },
+ },
++ [JSON_CONF_MODE] = {
++ .key = "mode",
++ .type = CONFIG_TYPE_STRING,
++ .options = CONFIG_OPT_NONE,
++ .u = { .string = "file" },
++ },
++ [JSON_CONF_HOST] = {
++ .key = "host",
++ .type = CONFIG_TYPE_STRING,
++ .options = CONFIG_OPT_NONE,
++ .u = { .string = "127.0.0.1" },
++ },
++ [JSON_CONF_PORT] = {
++ .key = "port",
++ .type = CONFIG_TYPE_STRING,
++ .options = CONFIG_OPT_NONE,
++ .u = { .string = "12345" },
++ },
+ },
+ };
+
++static void close_socket(struct json_priv *op) {
++ if (op->sock != -1) {
++ close(op->sock);
++ op->sock = -1;
++ }
++}
++
++static int _connect_socket_unix(struct ulogd_pluginstance *pi)
++{
++ struct json_priv *op = (struct json_priv *) &pi->private;
++ struct sockaddr_un u_addr;
++ int sfd;
++
++ close_socket(op);
++
++ ulogd_log(ULOGD_DEBUG, "connecting to unix:%s\n",
++ file_ce(pi->config_kset).u.string);
++
++ sfd = socket(AF_UNIX, SOCK_STREAM, 0);
++ if (sfd == -1) {
++ return -1;
++ }
++ u_addr.sun_family = AF_UNIX;
++ strncpy(u_addr.sun_path, file_ce(pi->config_kset).u.string,
++ sizeof(u_addr.sun_path) - 1);
++ if (connect(sfd, (struct sockaddr *) &u_addr, sizeof(struct sockaddr_un)) == -1) {
++ close(sfd);
++ return -1;
++ }
++
++ op->sock = sfd;
++
++ return 0;
++}
++
++static int _connect_socket_net(struct ulogd_pluginstance *pi)
++{
++ struct json_priv *op = (struct json_priv *) &pi->private;
++ struct addrinfo hints;
++ struct addrinfo *result, *rp;
++ int sfd, s;
++
++ close_socket(op);
++
++ ulogd_log(ULOGD_DEBUG, "connecting to %s:%s\n",
++ host_ce(pi->config_kset).u.string,
++ port_ce(pi->config_kset).u.string);
++
++ memset(&hints, 0, sizeof(struct addrinfo));
++ hints.ai_family = AF_UNSPEC;
++ hints.ai_socktype = op->mode == JSON_MODE_UDP ? SOCK_DGRAM : SOCK_STREAM;
++ hints.ai_protocol = 0;
++ hints.ai_flags = 0;
++
++ s = getaddrinfo(host_ce(pi->config_kset).u.string,
++ port_ce(pi->config_kset).u.string, &hints, &result);
++ if (s != 0) {
++ ulogd_log(ULOGD_ERROR, "getaddrinfo: %s\n", gai_strerror(s));
++ return -1;
++ }
++
++ for (rp = result; rp != NULL; rp = rp->ai_next) {
++ int on = 1;
++
++ sfd = socket(rp->ai_family, rp->ai_socktype,
++ rp->ai_protocol);
++ if (sfd == -1)
++ continue;
++
++ setsockopt(sfd, SOL_SOCKET, SO_REUSEADDR,
++ (char *) &on, sizeof(on));
++
++ if (connect(sfd, rp->ai_addr, rp->ai_addrlen) != -1)
++ break;
++
++ close(sfd);
++ }
++
++ freeaddrinfo(result);
++
++ if (rp == NULL) {
++ return -1;
++ }
++
++ op->sock = sfd;
++
++ return 0;
++}
++
++static int _connect_socket(struct ulogd_pluginstance *pi)
++{
++ struct json_priv *op = (struct json_priv *) &pi->private;
++
++ if (op->mode == JSON_MODE_UNIX)
++ return _connect_socket_unix(pi);
++ else
++ return _connect_socket_net(pi);
++}
++
++static int json_interp_socket(struct ulogd_pluginstance *upi, char *buf, int buflen)
++{
++ struct json_priv *opi = (struct json_priv *) &upi->private;
++ int ret = 0;
++
++ if (opi->sock != -1)
++ ret = send(opi->sock, buf, buflen, MSG_NOSIGNAL);
++ free(buf);
++ if (ret != buflen) {
++ ulogd_log(ULOGD_ERROR, "Failure sending message: %s\n",
++ strerror(errno));
++ if (ret == -1 || opi->sock == -1)
++ return _connect_socket(upi);
++ else
++ return ULOGD_IRET_ERR;
++ }
++
++ return ULOGD_IRET_OK;
++}
++
++static int json_interp_file(struct ulogd_pluginstance *upi, char *buf)
++{
++ struct json_priv *opi = (struct json_priv *) &upi->private;
++
++ fprintf(opi->of, "%s", buf);
++ free(buf);
++
++ if (upi->config_kset->ces[JSON_CONF_SYNC].u.value != 0)
++ fflush(opi->of);
++
++ return ULOGD_IRET_OK;
++}
++
+ #define MAX_LOCAL_TIME_STRING 38
+
+ static int json_interp(struct ulogd_pluginstance *upi)
+ {
+ struct json_priv *opi = (struct json_priv *) &upi->private;
+ unsigned int i;
++ char *buf;
++ int buflen;
+ json_t *msg;
+
+ msg = json_object();
+@@ -218,34 +391,65 @@ static int json_interp(struct ulogd_pluginstance *upi)
+ }
+ }
+
+- json_dumpf(msg, opi->of, 0);
+- fprintf(opi->of, "\n");
+
++ buf = json_dumps(msg, 0);
+ json_decref(msg);
++ if (buf == NULL) {
++ ulogd_log(ULOGD_ERROR, "Could not create message\n");
++ return ULOGD_IRET_ERR;
++ }
++ buflen = strlen(buf);
++ buf = realloc(buf, sizeof(char)*(buflen+2));
++ if (buf == NULL) {
++ ulogd_log(ULOGD_ERROR, "Could not create message\n");
++ return ULOGD_IRET_ERR;
++ }
++ strncat(buf, "\n", 1);
++ buflen++;
+
+- if (upi->config_kset->ces[JSON_CONF_SYNC].u.value != 0)
+- fflush(opi->of);
++ if (opi->mode == JSON_MODE_FILE)
++ return json_interp_file(upi, buf);
++ else
++ return json_interp_socket(upi, buf, buflen);
++}
+
+- return ULOGD_IRET_OK;
++static void reopen_file(struct ulogd_pluginstance *upi)
++{
++ struct json_priv *oi = (struct json_priv *) &upi->private;
++ FILE *old = oi->of;
++
++ ulogd_log(ULOGD_NOTICE, "JSON: reopening logfile\n");
++ oi->of = fopen(upi->config_kset->ces[0].u.string, "a");
++ if (!oi->of) {
++ ulogd_log(ULOGD_ERROR, "can't open JSON "
++ "log file: %s\n",
++ strerror(errno));
++ oi->of = old;
++ } else {
++ fclose(old);
++ }
++}
++
++static void reopen_socket(struct ulogd_pluginstance *upi)
++{
++ ulogd_log(ULOGD_NOTICE, "JSON: reopening socket\n");
++ if (_connect_socket(upi) < 0) {
++ ulogd_log(ULOGD_ERROR, "can't open JSON "
++ "socket: %s\n",
++ strerror(errno));
++ }
+ }
+
+ static void sighup_handler_print(struct ulogd_pluginstance *upi, int signal)
+ {
+ struct json_priv *oi = (struct json_priv *) &upi->private;
+- FILE *old = oi->of;
+
+ switch (signal) {
+ case SIGHUP:
+- ulogd_log(ULOGD_NOTICE, "JSON: reopening logfile\n");
+- oi->of = fopen(upi->config_kset->ces[0].u.string, "a");
+- if (!oi->of) {
+- ulogd_log(ULOGD_ERROR, "can't open JSON "
+- "log file: %s\n",
+- strerror(errno));
+- oi->of = old;
+- } else {
+- fclose(old);
+- }
++ if (oi->mode == JSON_MODE_FILE)
++ reopen_file(upi);
++ else
++ reopen_socket(upi);
+ break;
+ default:
+ break;
+@@ -255,6 +459,8 @@ static void sighup_handler_print(struct ulogd_pluginstance *upi, int signal)
+ static int json_configure(struct ulogd_pluginstance *upi,
+ struct ulogd_pluginstance_stack *stack)
+ {
++ struct json_priv *op = (struct json_priv *) &upi->private;
++ char *mode_str = mode_ce(upi->config_kset).u.string;
+ int ret;
+
+ ret = ulogd_wildcard_inputkeys(upi);
+@@ -265,13 +471,25 @@ static int json_configure(struct ulogd_pluginstance *upi,
+ if (ret < 0)
+ return ret;
+
++ if (!strcasecmp(mode_str, "udp")) {
++ op->mode = JSON_MODE_UDP;
++ } else if (!strcasecmp(mode_str, "tcp")) {
++ op->mode = JSON_MODE_TCP;
++ } else if (!strcasecmp(mode_str, "unix")) {
++ op->mode = JSON_MODE_UNIX;
++ } else if (!strcasecmp(mode_str, "file")) {
++ op->mode = JSON_MODE_FILE;
++ } else {
++ ulogd_log(ULOGD_ERROR, "unknown mode '%s'\n", mode_str);
++ return -EINVAL;
++ }
++
+ return 0;
+ }
+
+-static int json_init(struct ulogd_pluginstance *upi)
++static int json_init_file(struct ulogd_pluginstance *upi)
+ {
+ struct json_priv *op = (struct json_priv *) &upi->private;
+- unsigned int i;
+
+ op->of = fopen(upi->config_kset->ces[0].u.string, "a");
+ if (!op->of) {
+@@ -280,6 +498,27 @@ static int json_init(struct ulogd_pluginstance *upi)
+ return -1;
+ }
+
++ return 0;
++}
++
++static int json_init_socket(struct ulogd_pluginstance *upi)
++{
++ struct json_priv *op = (struct json_priv *) &upi->private;
++
++ if (host_ce(upi->config_kset).u.string == NULL)
++ return -1;
++ if (port_ce(upi->config_kset).u.string == NULL)
++ return -1;
++
++ op->sock = -1;
++ return _connect_socket(upi);
++}
++
++static int json_init(struct ulogd_pluginstance *upi)
++{
++ struct json_priv *op = (struct json_priv *) &upi->private;
++ unsigned int i;
++
+ /* search for time */
+ op->sec_idx = -1;
+ op->usec_idx = -1;
+@@ -293,15 +532,25 @@ static int json_init(struct ulogd_pluginstance *upi)
+
+ *op->cached_tz = '\0';
+
+- return 0;
++ if (op->mode == JSON_MODE_FILE)
++ return json_init_file(upi);
++ else
++ return json_init_socket(upi);
++}
++
++static void close_file(FILE *of) {
++ if (of != stdout)
++ fclose(of);
+ }
+
+ static int json_fini(struct ulogd_pluginstance *pi)
+ {
+ struct json_priv *op = (struct json_priv *) &pi->private;
+
+- if (op->of != stdout)
+- fclose(op->of);
++ if (op->mode == JSON_MODE_FILE)
++ close_file(op->of);
++ else
++ close_socket(op);
+
+ return 0;
+ }
+diff --git a/ulogd.conf.in b/ulogd.conf.in
+index 62222db..99cfc24 100644
+--- a/ulogd.conf.in
++++ b/ulogd.conf.in
+@@ -213,6 +213,17 @@ sync=1
+ # Uncomment the following line to use JSON v1 event format that
+ # can provide better compatility with some JSON file reader.
+ #eventv1=1
++# Uncomment the following lines to send the JSON logs to a remote host via UDP
++#mode="udp"
++#host="192.0.2.10"
++#port="10210"
++# Uncomment the following lines to send the JSON logs to a remote host via TCP
++#mode="tcp"
++#host="192.0.2.10"
++#port="10210"
++# Uncomment the following lines to send the JSON logs to a local unix socket
++#mode="unix"
++#file="/var/run/ulogd.socket"
+
+ [pcap1]
+ #default file is /var/log/ulogd.pcap
+--
+cgit v1.2.1
+
CATEGORY:=Network
TITLE:=N-curses based wireless network devices monitor
DEPENDS:=+libncurses +libpthread +libnl-genl
- SUBMENU:=wireless
+ SUBMENU:=Wireless
URL:=https://github.com/uoaerg/wavemon/releases
endef
include $(INCLUDE_DIR)/package.mk
define Package/wifischedule
- SUBMENU:=wireless
+ SUBMENU:=Wireless
TITLE:=Turns WiFi on and off according to a schedule
SECTION:=net
CATEGORY:=Network
include $(TOPDIR)/rules.mk
PKG_NAME:=zerotier
-PKG_VERSION:=1.2.12
-PKG_RELEASE:=4
+PKG_VERSION:=1.4.0.1
+PKG_RELEASE:=2
-PKG_SOURCE_URL:=https://codeload.github.com/zerotier/ZeroTierOne/tar.gz/$(PKG_VERSION)?
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=212799bfaeb5e7dff20f2cd83f15742c8e13b8e9535606cfb85abcfb5fb6fed4
+PKG_SOURCE_URL:=https://codeload.github.com/zerotier/ZeroTierOne/tar.gz/$(PKG_VERSION)?
+PKG_HASH:=39f5cdbe589ff550dca9d407f579e87b55a750dbb46458914476fa7dbafb8214
PKG_BUILD_DIR:=$(BUILD_DIR)/ZeroTierOne-$(PKG_VERSION)
PKG_MAINTAINER:=Moritz Warning <moritzwarning@web.de>
TARGET_CFLAGS += -ffunction-sections -fdata-sections
TARGET_LDFLAGS += -Wl,--gc-sections
+ifdef CONFIG_USE_UCLIBC
+ TARGET_CFLAGS += -D'valloc(a)=aligned_alloc(getpagesize(),a)'
+endif
+
define Package/zerotier/conffiles
/etc/config/zerotier
endef
-From c578216351a4daa3916265b39b14f7c23ef15c90 Mon Sep 17 00:00:00 2001
+From 14454285d7ef5b9cd134c86059933036c1aa2fef Mon Sep 17 00:00:00 2001
From: Moritz Warning <moritzwarning@web.de>
Date: Mon, 23 Apr 2018 22:12:31 +0200
Subject: [PATCH 1/4] find miniupnpc.h in staging directory
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/make-linux.mk b/make-linux.mk
-index 2e6a8632..0cd955d1 100644
+index b81c7aeb..a547125d 100644
--- a/make-linux.mk
+++ b/make-linux.mk
-@@ -22,8 +22,8 @@ ONE_OBJS+=osdep/LinuxEthernetTap.o
+@@ -29,8 +29,8 @@ TIMESTAMP=$(shell date +"%Y%m%d%H%M")
# otherwise build into binary as done on Mac and Windows.
ONE_OBJS+=osdep/PortMapper.o
override DEFS+=-DZT_USE_MINIUPNPC
override DEFS+=-DZT_USE_SYSTEM_MINIUPNPC
LDLIBS+=-lminiupnpc
--
-2.17.0
+2.22.0
-From 7cfe751128d412a9b780ba5e4cb11908fc71cd3d Mon Sep 17 00:00:00 2001
+From 68fe97ef6b05e3709cd4b67c7681dcfc63bfaf80 Mon Sep 17 00:00:00 2001
From: Moritz Warning <moritzwarning@web.de>
Date: Mon, 30 Apr 2018 16:14:30 +0200
Subject: [PATCH 2/4] remove -pie
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/make-linux.mk b/make-linux.mk
-index 0cd955d1..add1d3ae 100644
+index a547125d..13244741 100644
--- a/make-linux.mk
+++ b/make-linux.mk
-@@ -63,11 +63,11 @@ ifeq ($(ZT_DEBUG),1)
+@@ -77,11 +77,11 @@ ifeq ($(ZT_DEBUG),1)
# C25519 in particular is almost UNUSABLE in -O0 even on a 3ghz box!
node/Salsa20.o node/SHA512.o node/C25519.o node/Poly1305.o: CXXFLAGS=-Wall -O2 -g -pthread $(INCLUDES) $(DEFS)
else
STRIP+=--strip-all
endif
--
-2.17.0
+2.22.0
+From a856855ab97e0775a08e1571a4ad26c264cb13f4 Mon Sep 17 00:00:00 2001
+From: Moritz Warning <moritzwarning@web.de>
+Date: Sun, 4 Aug 2019 03:56:37 +0200
+Subject: [PATCH 3/4] remove arm32 conservative CFLAGS
+
+---
+ make-linux.mk | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/make-linux.mk b/make-linux.mk
+index 13244741..fd164dfa 100644
--- a/make-linux.mk
+++ b/make-linux.mk
-@@ -231,7 +231,7 @@ ifeq ($(ZT_OFFICIAL),1)
+@@ -262,7 +262,7 @@ ifeq ($(ZT_OFFICIAL),1)
endif
# ARM32 hell -- use conservative CFLAGS
ifeq ($(shell if [ -e /usr/bin/dpkg ]; then dpkg --print-architecture; fi),armel)
override CFLAGS+=-march=armv5 -mfloat-abi=soft -msoft-float -mno-unaligned-access -marm
override CXXFLAGS+=-march=armv5 -mfloat-abi=soft -msoft-float -mno-unaligned-access -marm
+--
+2.22.0
+
-From a2cf8bf645d25f18cbc2ed7ad4b9a25725811afd Mon Sep 17 00:00:00 2001
+From 5169e5328525af28f6b7de087ece10a9bc0a2282 Mon Sep 17 00:00:00 2001
From: Moritz Warning <moritzwarning@web.de>
Date: Wed, 2 May 2018 16:06:46 +0200
Subject: [PATCH 4/4] accept external linker flags
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/make-linux.mk b/make-linux.mk
-index 49e14f70..8e766bfb 100644
+index fd164dfa..29ff8813 100644
--- a/make-linux.mk
+++ b/make-linux.mk
-@@ -67,7 +67,7 @@ else
+@@ -81,7 +81,7 @@ else
override CFLAGS+=-Wall -Wno-deprecated -pthread $(INCLUDES) -DNDEBUG $(DEFS)
CXXFLAGS?=-O3 -fstack-protector
override CXXFLAGS+=-Wall -Wno-deprecated -std=c++11 -pthread $(INCLUDES) -DNDEBUG $(DEFS)
STRIP+=--strip-all
endif
--
-2.17.0
+2.22.0
--- /dev/null
+--- a/make-linux.mk
++++ b/make-linux.mk
+@@ -38,7 +38,7 @@ else
+ override DEFS+=-DMINIUPNP_STATICLIB -DMINIUPNPC_SET_SOCKET_TIMEOUT -DMINIUPNPC_GET_SRC_ADDR -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -DOS_STRING=\"Linux\" -DMINIUPNPC_VERSION_STRING=\"2.0\" -DUPNP_VERSION_STRING=\"UPnP/1.1\" -DENABLE_STRNATPMPERR
+ ONE_OBJS+=ext/miniupnpc/connecthostport.o ext/miniupnpc/igd_desc_parse.o ext/miniupnpc/minisoap.o ext/miniupnpc/minissdpc.o ext/miniupnpc/miniupnpc.o ext/miniupnpc/miniwget.o ext/miniupnpc/minixml.o ext/miniupnpc/portlistingparse.o ext/miniupnpc/receivedata.o ext/miniupnpc/upnpcommands.o ext/miniupnpc/upnpdev.o ext/miniupnpc/upnperrors.o ext/miniupnpc/upnpreplyparse.o
+ endif
+-ifeq ($(wildcard /usr/include/natpmp.h),)
++ifeq ($(wildcard $(STAGING_DIR)/usr/include/natpmp.h),)
+ ONE_OBJS+=ext/libnatpmp/natpmp.o ext/libnatpmp/getgateway.o
+ else
+ LDLIBS+=-lnatpmp
include $(TOPDIR)/rules.mk
PKG_NAME:=btrfs-progs
-PKG_VERSION:=5.1.1
+PKG_VERSION:=5.2.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@KERNEL/linux/kernel/people/kdave/btrfs-progs
-PKG_HASH:=9cb91b7de9e10aa6bbf2b003f60bb3f5e5b1984a8008fad7c4b2d3978f5ebe1b
+PKG_HASH:=36ac4a0198ffff79d5800c537ea4b19769a8fd3ad870f75413d25b20e2d83233
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-v$(PKG_VERSION)
PKG_MAINTAINER:=Karel Kočí <karel.koci@nic.cz>
-PKG_LICENSE:=GPL-2.0
+PKG_LICENSE:=GPL-2.0-only
PKG_LICENSE_FILES:=COPYING
PKG_INSTALL:=1
source "$(SOURCE)/Config.in"
endef
-progs = btrfs btrfs-find-root btrfs-image btrfs-map-logical \
- btrfs-select-super btrfstune mkfs.btrfs
+boxprogs = btrfsck mkfs.btrfs btrfs-image btrfstune btrfs-find-root
+progs = btrfs-map-logical btrfs-select-super
TARGET_CFLAGS += -ffunction-sections -fdata-sections
TARGET_LDFLAGS += -Wl,--gc-sections -Wl,--as-needed
CONFIGURE_ARGS += --disable-zstd
endif
+MAKE_INSTALL_FLAGS += BUILD_PROGRAMS=0
+
+Build/Compile=$(call Build/Compile/Default,btrfs.box $(progs))
+
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libbtrfs.so* $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libbtrfsutil.so* $(1)/usr/lib
$(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(addprefix $(PKG_INSTALL_DIR)/usr/bin/, $(progs)) $(1)/usr/bin/
- $(LN) btrfs $(1)/usr/bin/btrfsck
- $(INSTALL_DIR) $(1)/etc/init.d
- $(INSTALL_BIN) ./files/btrfs-scan.init $(1)/etc/init.d/btrfs-scan
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/btrfs.box $(1)/usr/bin/btrfs
+ $(foreach prog,$(boxprogs),$(LN) btrfs $(1)/usr/bin/$(prog);)
+ $(foreach prog,$(progs),$(INSTALL_BIN) $(PKG_BUILD_DIR)/$(prog) $(1)/usr/bin/;)
+ $(INSTALL_DIR) $(1)/lib/preinit
+ $(INSTALL_BIN) ./files/btrfs-scan.init $(1)/lib/preinit/85_btrfs_scan
endef
$(eval $(call BuildPackage,btrfs-progs))
-#!/bin/sh /etc/rc.common
-# Copyright (C) 2014 OpenWrt.org
+#!/bin/sh
-START=19
-
-start() {
- grep -q btrfs /proc/filesystems && /usr/bin/btrfs device scan
+preinit_btrfs_scan() {
+ grep -vq btrfs /proc/filesystems || btrfs device scan
}
+boot_hook_add preinit_main preinit_btrfs_scan
teamspeak2 \
ted \
thermal \
+ threshold \
unixsock \
uptime \
users \
$(eval $(call BuildPlugin,ted,The Energy Detective input,ted,))
$(eval $(call BuildPlugin,tcpconns,TCP connection tracking input,tcpconns,))
$(eval $(call BuildPlugin,thermal,system temperatures input,thermal,))
+$(eval $(call BuildPlugin,threshold,Notifications and thresholds,threshold,))
$(eval $(call BuildPlugin,unixsock,unix socket output,unixsock,))
$(eval $(call BuildPlugin,uptime,uptime status input,uptime,))
$(eval $(call BuildPlugin,users,user logged in status input,users,))
include $(TOPDIR)/rules.mk
PKG_NAME:=dump1090
-PKG_VERSION:=2017-06-01
+PKG_VERSION:=3.7.1
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://github.com/mutability/dump1090.git
-PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=b155fdb458c3241ab375d1f2b12fbb6a9f8a8a3a
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
-PKG_MIRROR_HASH:=bea40197bce22c837273848bc75d273c2688b131c11895685a35ee6c6242843a
-PKG_MAINTAINER:=Álvaro Fernández Rojas <noltari@gmail.com>
+PKG_SOURCE_URL:=https://github.com/flightaware/dump1090
+PKG_SOURCE_VERSION:=v$(PKG_VERSION)
+PKG_MIRROR_HASH:=d7ed250d624eae2eec6c0a2dd410986f42230bf929dab67893ea3bf1cab8a203
-PKG_LICENSE:=GPL-2.0
+PKG_MAINTAINER:=Álvaro Fernández Rojas <noltari@gmail.com>
+PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=COPYING LICENSE
PKG_BUILD_DEPENDS:=libusb
+PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
CATEGORY:=Utilities
TITLE:=Mode S decoder for the Realtek RTL2832U
URL:=https://github.com/mutability/dump1090
- DEPENDS:=+libpthread
endef
define Package/dump1090
$(call Package/dump1090/Default)
TITLE+= (dump1090)
- DEPENDS+= +librtlsdr +uhttpd
+ DEPENDS+=+librtlsdr +uhttpd +libncurses
endef
define Package/view1090
$(call Package/dump1090/Default)
TITLE+= (view1090)
+ DEPENDS+=+libncurses
endef
define Package/dump1090/description
endef
MAKE_FLAGS += \
+ BLADERF=no \
CFLAGS="$(TARGET_CFLAGS)" \
UNAME="Linux"
+TARGET_CFLAGS += -ffunction-sections -fdata-sections -flto
+TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed
+
define Package/dump1090/install
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) files/dump1090.init $(1)/etc/init.d/dump1090
local val
config_get val "$cfg" "$var"
- [ -n "$val" -o -n "$def" ] && procd_append_param command $opt "${val:-$def}"
+ if [ -n "$val" ] || [ -n "$def" ]; then
+ procd_append_param command "$opt" "${val:-$def}"
+ fi
}
append_bool() {
append_arg "$cfg" html_dir "--html-dir"
append_arg "$cfg" write_json "--write-json"
config_get aux "$cfg" "write_json"
- [ -n "$aux" ] && mkdir -p $aux
+ [ -n "$aux" ] && mkdir -p "$aux"
append_arg "$cfg" write_json_every "--write-json-every"
append_arg "$cfg" json_location_accuracy "--json-location-accuracy"
append_bool "$cfg" oversample "--oversample"
-#
+#
# Copyright (C) 2006-2016 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
PKG_NAME:=findutils
PKG_VERSION:=4.6.0
-PKG_RELEASE:=3
-
-PKG_LICENSE:=GPL-3.0+
+PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@GNU/$(PKG_NAME)
PKG_HASH:=ded4c9f73731cd48fec3b6bdaccce896473b6d8e337e9612e16cf1431bb1169d
+
PKG_MAINTAINER:=Daniel Dickinson <cshored@thecshore.com>
+PKG_LICENSE:=GPL-3.0-or-later
+PKG_LICENSE_FILES:=COPYING
PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
--- /dev/null
+--- a/gl/lib/mountlist.c
++++ b/gl/lib/mountlist.c
+@@ -33,6 +33,8 @@
+
+ #include <unistd.h>
+
++#include <sys/sysmacros.h>
++
+ #if HAVE_SYS_PARAM_H
+ # include <sys/param.h>
+ #endif
define Package/fontconfig
SECTION:=xorg-util
CATEGORY:=Xorg
- SUBMENU:=font-utils
+ SUBMENU:=Font-Utils
TITLE:=fontconfig
DEPENDS:=+libpthread +libexpat +libfreetype
URL:=http://fontconfig.org/
PKG_NAME:=gddrescue
PKG_VERSION:=1.23
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).orig.tar.xz
PKG_SOURCE_URL:=http://http.debian.net/debian/pool/main/g/$(PKG_NAME)
CATEGORY:=Utilities
TITLE:=Data recovery tool
URL:=https://www.gnu.org/software/ddrescue/
- DEPENDS:=$(CXX_DEPENDS) @!USE_UCLIBC
+ DEPENDS:=$(CXX_DEPENDS)
endef
define Package/gddrescue/description
--- /dev/null
+--- a/fillbook.cc
++++ b/fillbook.cc
+@@ -31,6 +31,9 @@
+ #include "block.h"
+ #include "mapbook.h"
+
++#ifdef __UCLIBCXX_MAJOR__
++#undef fputc
++#endif
+
+ // Return values: 1 write error, 0 OK.
+ //
+--- a/genbook.cc
++++ b/genbook.cc
+@@ -31,6 +31,9 @@
+ #include "block.h"
+ #include "mapbook.h"
+
++#ifdef __UCLIBCXX_MAJOR__
++#undef fputc
++#endif
+
+ const char * format_time( const long t, const bool low_prec )
+ {
+--- a/loggers.cc
++++ b/loggers.cc
+@@ -25,6 +25,9 @@
+ #include "block.h"
+ #include "loggers.h"
+
++#ifdef __UCLIBCXX_MAJOR__
++#undef fputc
++#endif
+
+ namespace {
+
+--- a/main.cc
++++ b/main.cc
+@@ -46,6 +46,11 @@
+ #include "non_posix.h"
+ #include "rescuebook.h"
+
++#ifdef __UCLIBCXX_MAJOR__
++#undef fgetc
++#undef fputc
++#endif
++
+ #ifndef O_BINARY
+ #define O_BINARY 0
+ #endif
+--- a/main_common.cc
++++ b/main_common.cc
+@@ -15,6 +15,10 @@
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
++#ifdef __UCLIBCXX_MAJOR__
++#undef fputc
++#endif
++
+ int verbosity = 0;
+
+ namespace {
+--- a/mapbook.cc
++++ b/mapbook.cc
+@@ -32,6 +32,10 @@
+ #include "block.h"
+ #include "mapbook.h"
+
++#ifdef __UCLIBCXX_MAJOR__
++#undef fgetc
++#undef fputc
++#endif
+
+ namespace {
+
+--- a/mapfile.cc
++++ b/mapfile.cc
+@@ -29,6 +29,11 @@
+
+ #include "block.h"
+
++#ifdef __UCLIBCXX_MAJOR__
++#undef fgetc
++#undef ferror
++#undef feof
++#endif
+
+ namespace {
+
+--- a/rescuebook.cc
++++ b/rescuebook.cc
+@@ -36,6 +36,9 @@
+ #include "mapbook.h"
+ #include "rescuebook.h"
+
++#ifdef __UCLIBCXX_MAJOR__
++#undef fputc
++#endif
+
+ namespace {
+
include $(TOPDIR)/rules.mk
PKG_NAME:=gpsd
-PKG_VERSION:=3.17
-PKG_RELEASE:=3
+PKG_VERSION:=3.19
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SAVANNAH/$(PKG_NAME)
-PKG_HASH:=68e0dbecfb5831997f8b3d6ba48aed812eb465d8c0089420ab68f9ce4d85e77a
+PKG_HASH:=27dd24d45b2ac69baab7933da2bf6ae5fb0be90130f67e753c110a3477155f39
PKG_MAINTAINER:=Pushpal Sidhu <psidhu.devel@gmail.com>
PKG_LICENSE:=BSD-3-Clause
define Package/gpsd/Default
DEPENDS+= +libusb-1.0
- URL:=http://catb.org/gpsd/
+ URL:=https://gpsd.gitlab.io/gpsd/
endef
define Package/gpsd/Default/description
+++ /dev/null
---- a/driver_ais.c
-+++ b/driver_ais.c
-@@ -24,6 +24,7 @@
-
- /* strlcpy() needs _DARWIN_C_SOURCE */
- #define _DARWIN_C_SOURCE
-+#define _BSD_SOURCE
-
- #include <stdlib.h>
- #include <string.h>
---- a/gpsctl.c
-+++ b/gpsctl.c
-@@ -15,6 +15,7 @@
-
- /* strlcpy() needs _DARWIN_C_SOURCE */
- #define _DARWIN_C_SOURCE
-+#define _BSD_SOURCE
-
- #include <stdio.h>
- #include <stdlib.h>
---- a/gpsd_json.c
-+++ b/gpsd_json.c
-@@ -24,6 +24,7 @@ PERMISSIONS
- #define __DARWIN_C_LEVEL 200112L
- /* strlcpy() needs _DARWIN_C_SOURCE */
- #define _DARWIN_C_SOURCE
-+#define _BSD_SOURCE
-
- #include <stdio.h>
- #include <math.h>
---- a/libgpsd_core.c
-+++ b/libgpsd_core.c
-@@ -20,6 +20,7 @@
-
- /* strlcpy() needs _DARWIN_C_SOURCE */
- #define _DARWIN_C_SOURCE
-+#define _BSD_SOURCE
-
- #include <time.h>
- #include <stdio.h>
include $(TOPDIR)/rules.mk
PKG_NAME:=io
-PKG_RELEASE:=1
+PKG_RELEASE:=2
include $(INCLUDE_DIR)/package.mk
printf("Attempting to map 0x%lx bytes at address 0x%08lx\n",
real_len, real_addr);
- mfd = open("/dev/mem", (memfunc == MEM_READ) ? O_RDONLY : O_RDWR);
+ mfd = open("/dev/mem", (memfunc == MEM_READ) ? (O_RDONLY | O_SYNC) : (O_RDWR | O_SYNC));
if (mfd == -1) {
perror("open /dev/mem");
fprintf(stderr, "Is CONFIG_DEVMEM activated?\n");
include $(TOPDIR)/rules.mk
PKG_NAME:=mariadb
-PKG_VERSION:=10.2.24
-PKG_RELEASE:=2
+PKG_VERSION:=10.2.26
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL := \
https://ftp.yz.yamagata-u.ac.jp/pub/dbms/mariadb/$(PKG_NAME)-$(PKG_VERSION)/source \
https://downloads.mariadb.org/interstitial/$(PKG_NAME)-$(PKG_VERSION)/source
-PKG_HASH:=97f4d924e69f77abb2f650116785c2f5ef356230442534ebcbaadb51d9bb8bc4
+PKG_HASH:=152fe941c4f2a352b2b3a4db1ef64e70235fd9ff055af62ad7bda9f2b2191528
PKG_MAINTAINER:=Sebastian Kemper <sebastian_ml@gmx.net>
PKG_LICENSE:=GPL-2.0 LGPL-2.1
-PKG_LICENSE_FILES:=COPYING libmariadb/COPYING.LIB
+PKG_LICENSE_FILES:=COPYING THIRDPARTY libmariadb/COPYING.LIB
PKG_CPE_ID:=cpe:/a:mariadb:mariadb
auth_ed25519 \
auth_gssapi \
auth_pam \
- client_ed25519 \
disks \
feedback \
file_key_management \
plugin-auth_ed25519 := PLUGIN_AUTH_ED25519
plugin-auth_gssapi := PLUGIN_AUTH_GSSAPI
plugin-auth_pam := PLUGIN_AUTH_PAM
-plugin-client_ed25519 := PLUGIN_CLIENT_ED25519
plugin-disks := PLUGIN_DISKS
plugin-feedback := PLUGIN_FEEDBACK
plugin-file_key_management := PLUGIN_FILE_KEY_MANAGEMENT
SECTION:=utils
CATEGORY:=Utilities
URL:=https://mariadb.org/
- SUBMENU:=database
+ SUBMENU:=Database
endef
define Package/mariadb-client
$(INSTALL_DIR) $(1)$(PLUGIN_DIR)
$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{mariadb,mysqlclient}*.so* $(1)/usr/lib
$(INSTALL_BIN) $(PKG_INSTALL_DIR)$(PLUGIN_DIR)/caching_sha2_password.so $(1)$(PLUGIN_DIR)
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)$(PLUGIN_DIR)/client_ed25519.so $(1)$(PLUGIN_DIR)
$(INSTALL_BIN) $(PKG_INSTALL_DIR)$(PLUGIN_DIR)/dialog.so $(1)$(PLUGIN_DIR)
$(INSTALL_BIN) $(PKG_INSTALL_DIR)$(PLUGIN_DIR)/mysql_clear_password.so $(1)$(PLUGIN_DIR)
$(INSTALL_BIN) $(PKG_INSTALL_DIR)$(PLUGIN_DIR)/sha256_password.so $(1)$(PLUGIN_DIR)
$(eval $(call BuildPlugin,mariadb-server,auth_ed25519,))
$(eval $(call BuildPlugin,mariadb-server,auth_gssapi,+krb5-libs))
$(eval $(call BuildPlugin,mariadb-server,auth_pam,+libpam))
-$(eval $(call BuildPlugin,mariadb-server,client_ed25519,))
$(eval $(call BuildPlugin,mariadb-server,disks,))
$(eval $(call BuildPlugin,mariadb-server,feedback,))
$(eval $(call BuildPlugin,mariadb-server,file_key_management,))
--- a/scripts/mysql_install_db.sh
+++ b/scripts/mysql_install_db.sh
-@@ -403,7 +403,7 @@ fi
+@@ -410,7 +410,7 @@ fi
# Try to determine the hostname
+++ b/include/atomic/gcc_builtins.h
@@ -16,6 +16,7 @@
along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335 USA */
+#if defined (HAVE_GCC_ATOMIC_BUILTINS)
#define make_atomic_add_body(S) \
CheckType(pv)
TYPE *lp = ((TYPBLK*)pv)->Typp;
-- for (register int i = k; i < n; i++) // TODO
+- for (int i = k; i < n; i++) // TODO
- Typp[i] = lp[i];
+ memcpy(Typp + k, lp + k, sizeof(TYPE) * n);
--- a/storage/xtradb/include/ut0ut.h
+++ b/storage/xtradb/include/ut0ut.h
-@@ -85,9 +85,8 @@ private:
+@@ -83,9 +83,8 @@ private:
the YieldProcessor macro defined in WinNT.h. It is a CPU architecture-
independent way by using YieldProcessor. */
# define UT_RELAX_CPU() YieldProcessor()
# else
# define UT_RELAX_CPU() ((void)0) /* avoid warning for an empty statement */
# endif
-@@ -101,9 +100,8 @@ private:
+@@ -99,9 +98,8 @@ private:
#endif
# if defined(HAVE_HMT_PRIORITY_INSTRUCTION)
# define UT_RESUME_PRIORITY_CPU() ((void)0)
--- a/storage/innobase/include/ut0ut.h
+++ b/storage/innobase/include/ut0ut.h
-@@ -71,9 +71,8 @@ typedef time_t ib_time_t;
+@@ -68,9 +68,8 @@ Created 1/20/1994 Heikki Tuuri
the YieldProcessor macro defined in WinNT.h. It is a CPU architecture-
independent way by using YieldProcessor. */
# define UT_RELAX_CPU() YieldProcessor()
#else
# define UT_RELAX_CPU() do { \
volatile int32 volatile_var; \
-@@ -91,9 +90,8 @@ typedef time_t ib_time_t;
+@@ -88,9 +87,8 @@ Created 1/20/1994 Heikki Tuuri
#endif
#if defined(HAVE_HMT_PRIORITY_INSTRUCTION)
--- a/client/mysql.cc
+++ b/client/mysql.cc
-@@ -2577,7 +2577,7 @@ C_MODE_END
+@@ -2578,7 +2578,7 @@ C_MODE_END
if not.
*/
static int fake_magic_space(int, int);
extern "C" char *no_completion(const char*,int)
#elif defined(USE_LIBEDIT_INTERFACE)
-@@ -2659,7 +2659,7 @@ static int not_in_history(const char *li
+@@ -2660,7 +2660,7 @@ static int not_in_history(const char *li
}
static int fake_magic_space(int, int)
#else
static int fake_magic_space(const char *, int)
-@@ -2676,7 +2676,7 @@ static void initialize_readline (char *n
+@@ -2677,7 +2677,7 @@ static void initialize_readline (char *n
rl_readline_name = name;
/* Tell the completer that we want a crack first. */
rl_attempted_completion_function= (rl_completion_func_t*)&new_mysql_completion;
rl_completion_entry_function= (rl_compentry_func_t*)&no_completion;
-@@ -2706,7 +2706,7 @@ static char **new_mysql_completion(const
+@@ -2707,7 +2707,7 @@ static char **new_mysql_completion(const
int end __attribute__((unused)))
{
if (!status.batch && !quick)
PKG_NAME:=mt-st
PKG_VERSION:=1.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
-PKG_SOURCE_SUBDIR:=$(PKG_NAME)
-PKG_SOURCE_VERSION:=$(PKG_VERSION)
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=ftp://ftp.ibiblio.org/pub/Linux/system/backup/
PKG_HASH:=945cb4f3d9957dabe768f5941a9148b746396836c797b25f020c84319ba8170d
+PKG_MAINTAINER:=Giuseppe Magnotta <giuseppe.magnotta@gmail.com>
PKG_LICENSE:=GPL-2.0
include $(INCLUDE_DIR)/package.mk
CATEGORY:=Utilities
TITLE:=Magnetic tape control tools for Linux SCSI tapes
URL:=http://ftp.ibiblio.org/pub/Linux/system/backup/
- MAINTAINER:=Giuseppe Magnotta <giuseppe.magnotta@gmail.com>
endef
define Package/mt-st/description
--- /dev/null
+--- a/mt.c
++++ b/mt.c
+@@ -21,6 +21,7 @@
+ #include <sys/types.h>
+ #include <sys/ioctl.h>
+ #include <sys/stat.h>
++#include <sys/sysmacros.h>
+ #include <sys/utsname.h>
+
+ #include "mtio.h"
PKG_NAME:=prometheus
PKG_VERSION:=2.10.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/prometheus/prometheus/tar.gz/v${PKG_VERSION}?
--- /dev/null
+fsnotify v1.3.1 uses unix.InotifyInit, which does not exist for mips64/mips64el
+v1.4.2 changed to unix.InotifyInit1, which should exist for all Linux systems
+
+--- a/go.mod
++++ b/go.mod
+@@ -95,7 +95,7 @@ require (
+ google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19
+ google.golang.org/grpc v1.19.1
+ gopkg.in/alecthomas/kingpin.v2 v2.2.6
+- gopkg.in/fsnotify/fsnotify.v1 v1.3.1
++ gopkg.in/fsnotify/fsnotify.v1 v1.4.7
+ gopkg.in/inf.v0 v0.9.1 // indirect
+ gopkg.in/yaml.v2 v2.2.2
+ k8s.io/api v0.0.0-20190409021203-6e4e0e4f393b
+--- a/go.sum
++++ b/go.sum
+@@ -416,8 +416,8 @@ gopkg.in/check.v1 v1.0.0-20180628173108-
+ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+ gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
+ gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
+-gopkg.in/fsnotify/fsnotify.v1 v1.3.1 h1:2fkCHbPQZNYRAyRyIV9VX0bpRkxIorlQDiYRmufHnhA=
+-gopkg.in/fsnotify/fsnotify.v1 v1.3.1/go.mod h1:Fyux9zXlo4rWoMSIzpn9fDAYjalPqJ/K1qJ27s+7ltE=
++gopkg.in/fsnotify/fsnotify.v1 v1.4.7 h1:XNNYLJHt73EyYiCZi6+xjupS9CpvmiDgjPTAjrBlQbo=
++gopkg.in/fsnotify/fsnotify.v1 v1.4.7/go.mod h1:Fyux9zXlo4rWoMSIzpn9fDAYjalPqJ/K1qJ27s+7ltE=
+ gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
+ gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+ gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
--- /dev/null
+# Copyright (C) 2017 Yousong Zhou
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=pservice
+PKG_VERSION:=2017-08-29
+PKG_RELEASE=1
+
+PKG_MAINTAINER:=Yousong Zhou <yszhou4tech@gmail.com>
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/pservice
+ SECTION:=utils
+ CATEGORY:=Utilities
+ TITLE:=Wrap commands as procd services
+endef
+
+define Build/Compile
+endef
+
+define Package/pservice/install
+ $(INSTALL_DIR) $(1)/usr/bin $(1)/etc/init.d $(1)/etc/config
+ $(INSTALL_BIN) ./files/pservice.init $(1)/etc/init.d/pservice
+ $(INSTALL_DATA) ./files/pservice.config $(1)/etc/config/pservice
+endef
+
+$(eval $(call BuildPackage,pservice))
--- /dev/null
+# uci
+
+`disabled`, bool, default `0`
+
+`name`, string, name of the service instance
+
+`command`, file, the service instance executable
+
+`args`, list of args
+
+`stderr`, bool, default `0`, log stderr output of the service instance
+
+`stdout`, bool, default `0`, log stdout output of the service instance
+
+`env`, list of environment variable settings of the form `var=val`
+
+`file`, list of file names. Service instances will be restarted if content of
+these files have changed on service reload event.
+
+`respawn_threshold`, uinteger, default `3600`, time in seconds the instances
+have to be in running state to be considered a valid run
+
+`respawn_timeout`, uinteger, default `5`, time in seconds the instance should
+be delayed to start again after the last crash
+
+`respawn_maxfail`, uinteger, default `5`, maximum times the instances can
+crash/fail in a row and procd will not try to bring it up again after this
+limit has been reached
+
+# notes and faq
+
+Initial environment variables presented to service instances may be different
+from what was observed on the interactive terminal. E.g. `HOME=/` may affect
+reading `~/.ssh/known_hosts` of dropbear ssh instance.
+
+ PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/ HOME=/
+
+If `list args xxx` seems to be too long causing pain, consider using `/bin/sh`
+as the `command`. It is also worth noting that uci supports multi-line option
+value.
+
+Child processes will keep running when their parent process was killed. This
+is especially the case and should be taken into account with option `command`
+being `/bin/sh` and it is recommended to use `exec` as the last shell command.
--- /dev/null
+config pservice
+ option disabled 1
+ option name 'demo0'
+ option command /bin/sh
+ option respawn_maxfail 0
+ list args -c
+ list args 'env | logger -t $name; exec sleep $time'
+ list env 'v0=0'
+ list env 'v1=val with space'
+ list env 'name=demo0'
+ list env 'time=1799'
+ list file /tmp/sleep.conf
+
+config pservice
+ option disabled 1
+ option name 8021x
+ option command /usr/sbin/wpa_supplicant
+ option stdout 1
+ list args -i
+ list args eth0.1
+ list args -D
+ list args wired
+ list args -c
+ list args /etc/wpa_supplicant-eth0.1.conf
--- /dev/null
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2017 Yousong Zhou
+
+START=99
+
+USE_PROCD=1
+
+pservice_list_cb() {
+ local val="$1"; shift
+ local param="$1"; shift
+
+ procd_append_param "$param" "$val"
+}
+
+pservice() {
+ local cfg="$1"
+
+ eval "$(validate_pservice_section "$cfg" pservice_validate_mklocal)"
+ validate_pservice_section "$cfg" || return 1
+ [ "$disabled" = 0 ] || return 0
+ [ -x "$command" ] || return 1
+
+ procd_open_instance "$name"
+ procd_set_param command "$command"
+ procd_set_param stderr "$stderr"
+ procd_set_param stdout "$stdout"
+ procd_set_param respawn "$respawn_threshold" "$respawn_timeout" "$respawn_maxfail"
+ [ -z "$args" ] || config_list_foreach "$cfg" args pservice_list_cb command
+ if [ -n "$env" ]; then
+ procd_set_param env
+ config_list_foreach "$cfg" env pservice_list_cb env
+ fi
+ if [ -n "$file" ]; then
+ procd_set_param file
+ config_list_foreach "$cfg" file pservice_list_cb file
+ fi
+ procd_close_instance
+}
+
+start_service() {
+ config_load 'pservice'
+ config_foreach pservice pservice
+}
+
+stop_service() {
+ true
+}
+
+service_triggers() {
+ procd_open_validate
+ validate_pservice_section
+ procd_close_validate
+}
+
+pservice_validate_mklocal() {
+ local tuple opts
+
+ shift 2
+ for tuple in "$@"; do
+ opts="${tuple%%:*} $opts"
+ done
+ [ -z "$opts" ] || echo "local $opts"
+}
+
+pservice_validate() {
+ uci_validate_section pservice "$@"
+}
+
+validate_pservice_section() {
+ local cfg="$1"; shift
+ local func="$1"; shift
+
+ "${func:-pservice_validate}" pservice "$cfg" \
+ "disabled:bool:0" \
+ "name:string" \
+ "env:regex('^[a-zA-Z_][a-zA-Z0-9_]*=.*$')" \
+ "command:file" \
+ "args:list(string)" \
+ "stderr:bool:0" \
+ "stdout:bool:0" \
+ "respawn_threshold:uinteger:3600" \
+ "respawn_timeout:uinteger:5" \
+ "respawn_maxfail:uinteger:5" \
+ "file:string"
+}
include $(TOPDIR)/rules.mk
PKG_NAME:=rng-tools
-PKG_VERSION:=6.6
+PKG_VERSION:=6.7
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://github.com/nhorman/rng-tools.git
-PKG_SOURCE_VERSION:=4ebc21d6f387bb7b4b3f6badc429e27b21c0a6ee
-PKG_MIRROR_HASH:=d942283b7482337d40a4933f7b24a5d1361518dacf9c87928f5ea06d492e95b0
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
-PKG_LICENSE:=GPLv2
+PKG_SOURCE_URL:=https://github.com/nhorman/rng-tools
+PKG_SOURCE_VERSION:=v$(PKG_VERSION)
+PKG_MIRROR_HASH:=05cb68b8600025f362ea0875f5966b60f8195f91ed89b431996a48cd88b1e5b0
+
PKG_MAINTAINER:=Nathaniel Wesley Filardo <nwfilardo@gmail.com>
+PKG_LICENSE:=GPL-2.0-or-later
+PKG_LICENSE_FILES:=COPYING
PKG_FIXUP:=autoreconf
-
-PKG_BUILD_DEPENDS:=USE_UCLIBC:argp-standalone USE_MUSL:argp-standalone
+PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
+PKG_BUILD_DEPENDS:=!USE_GLIBC:argp-standalone
include $(INCLUDE_DIR)/package.mk
endef
define Package/rng-tools/description
-Daemon for adding entropy to kernel entropy pool. By default it uses
-/dev/urandom as the source but the init script can be modified
-to use a hardware source like /dev/hwrng if present
+ Daemon for adding entropy to kernel entropy pool. By default it uses
+ /dev/urandom as the source but the init script can be modified
+ to use a hardware source like /dev/hwrng if present
endef
-ifdef CONFIG_USE_UCLIBC
-CONFIGURE_VARS += \
- LIBS="-largp"
-endif
-
-ifdef CONFIG_USE_MUSL
-CONFIGURE_VARS += \
- LIBS="-largp"
-endif
-
CONFIGURE_ARGS += \
--without-libgcrypt \
- --without-nistbeacon
+ --without-nistbeacon \
+ --without-pkcs11
+
+ifndef CONFIG_USE_GLIBC
+ CONFIGURE_VARS += LIBS="-largp"
+endif
define Build/Prepare
$(call Build/Prepare/Default)
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_BIN) ./files/rngd.uci_defaults $(1)/etc/uci-defaults/rngd
$(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/rngtest $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/rngtest $(1)/usr/bin/
$(INSTALL_DIR) $(1)/sbin
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/rngd $(1)/sbin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/rngd $(1)/sbin/
endef
$(eval $(call BuildPackage,rng-tools))
$(call Package/rrdtool1/Default)
SECTION:=utils
CATEGORY:=Utilities
- SUBMENU:=database
+ SUBMENU:=Database
DEPENDS:=+librrd1
TITLE+= CGI graphing tool
endef
$(call Package/rrdtool1/Default)
SECTION:=utils
CATEGORY:=Utilities
- SUBMENU:=database
+ SUBMENU:=Database
DEPENDS:=+librrd1
TITLE+= management tools
endef
-#
+#
# Copyright (C) 2014-2016 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
include $(TOPDIR)/rules.mk
PKG_NAME:=rtklib
-PKG_VERSION:=2.4.3_b24
-PKG_RELEASE:=$(PKG_SOURCE_VERSION)
+PKG_VERSION:=2.4.3_b32
+PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=git://github.com/tomojitakasu/RTKLIB.git
-PKG_SOURCE_VERSION:=1cec90a9ffa424908ad1a4ca3d52f33f9b94d1f7
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
-PKG_MIRROR_HASH:=edda6c29ba3d2f5401145a1497e88646fa0c13afc31ade7bdd982bd8e8081c6a
-PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_LICENSE:=BSD-2-Clause
+PKG_SOURCE_URL:=https://github.com/tomojitakasu/RTKLIB
+PKG_SOURCE_VERSION:=6e5ddadb737c54d4a43c43feeeb4e244c51b4286
+PKG_MIRROR_HASH:=b6ada49b6667a98e935055e718bf9a5712030cddc1694d1be7c0ab0e98bdc7b8
PKG_MAINTAINER:=Nuno Goncalves <nunojpg@gmail.com>
+PKG_LICENSE:=BSD-2-Clause
+
+PKG_BUILD_PARALLEL:=0
include $(INCLUDE_DIR)/package.mk
--- /dev/null
+--- a/src/stream.c
++++ b/src/stream.c
+@@ -81,6 +81,9 @@
+ #include <netinet/in.h>
+ #include <netinet/tcp.h>
+ #include <arpa/inet.h>
++#ifndef _POSIX_SOURCE
++#define _POSIX_SOURCE
++#endif
+ #include <netdb.h>
+ #endif
+
--- /dev/null
+--- a/app/rnx2rtkp/gcc/makefile
++++ b/app/rnx2rtkp/gcc/makefile
+@@ -2,14 +2,14 @@
+ BINDIR = /usr/local/bin
+ SRC = ../../../src
+
+-#OPTS = -DTRACE -DENAGLO -DENAQZS -DENAGAL -DENACMP -DENAIRN -DNFREQ=3
+-OPTS = -DTRACE -DENAGLO -DENAQZS -DENAGAL -DENACMP -DENAIRN -DNFREQ=3 -DIERS_MODEL
++OPTS = -DTRACE -DENAGLO -DENAQZS -DENAGAL -DENACMP -DENAIRN -DNFREQ=3
++#OPTS = -DTRACE -DENAGLO -DENAQZS -DENAGAL -DENACMP -DENAIRN -DNFREQ=3 -DIERS_MODEL
+ #OPTS = -DENAGLO -DENAQZS -DENAGAL -DENACMP -DNFREQ=2
+
+ # for no lapack
+ CFLAGS = -Wall -O3 -ansi -pedantic -Wno-unused-but-set-variable -I$(SRC) $(OPTS) -g
+-#LDLIBS = -lm -lrt
+-LDLIBS = ../../../lib/iers/gcc/iers.a -lgfortran -lm -lrt
++LDLIBS = -lm -lrt
++#LDLIBS = ../../../lib/iers/gcc/iers.a -lgfortran -lm -lrt
+
+ #CFLAGS = -Wall -O3 -ansi -pedantic -Wno-unused-but-set-variable -I$(SRC) -DLAPACK $(OPTS)
+ #LDLIBS = -lm -lrt -llapack -lblas
include $(TOPDIR)/rules.mk
PKG_NAME:=slide-switch
-PKG_VERSION:=0.9.4
+PKG_VERSION:=0.9.5
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/jefferyto/openwrt-slide-switch.git
-PKG_SOURCE_VERSION:=0.9.4
-PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE:=$(PKG_SOURCE_SUBDIR).tar.xz
-PKG_MIRROR_HASH:=52a93506c994b1babf174aec8ac8aebbf94f27263125d144f6d86db001dd24d6
+PKG_MIRROR_HASH:=ac61aea3ce620364285de5525635999aa8b463c4070da6bce134278ff92a433c
+PKG_SOURCE_VERSION:=$(PKG_VERSION)
PKG_BUILD_PARALLEL:=1
PKG_FIXUP:=autoreconf
PKG_NAME:=tar
PKG_VERSION:=1.32
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@GNU/$(PKG_NAME)
PKG_HASH:=d0d3ae07f103323be809bc3eac0dcc386d52c5262499fe05511ac4788af1fdd8
PKG_MAINTAINER:=Álvaro Fernández Rojas <noltari@gmail.com>
-PKG_LICENSE:=GPL-3.0
+PKG_LICENSE:=GPL-3.0-or-later
PKG_LICENSE_FILES:=COPYING
PKG_CPE_ID:=cpe:/a:gnu:tar
PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
-PKG_BUILD_DEPENDS:=xz
-
include $(INCLUDE_DIR)/package.mk
define Package/tar
default y if USE_FS_ACL_ATTR
default n
- config PACKAGE_TAR_GZIP
- bool "tar: Enable seamless gzip support"
- default y
-
config PACKAGE_TAR_BZIP2
bool "tar: Enable seamless bzip2 support"
default y
+ config PACKAGE_TAR_GZIP
+ bool "tar: Enable seamless gzip support"
+ default y
+
config PACKAGE_TAR_XZ
bool "tar: Enable seamless xz support"
select PACKAGE_xz-utils
select PACKAGE_xz
default y
+
+ config PACKAGE_TAR_ZSTD
+ bool "tar: Enable seamless zstd support"
+ select PACKAGE_libzstd
+ default y
endif
endef
CONFIGURE_ARGS += \
$(if $(CONFIG_PACKAGE_TAR_POSIX_ACL),--with,--without)-posix-acls \
$(if $(CONFIG_PACKAGE_TAR_XATTR),--with,--without)-xattrs \
- $(if $(CONFIG_PACKAGE_TAR_GZIP),--with-gzip=gzip,--without-gzip) \
$(if $(CONFIG_PACKAGE_TAR_BZIP2),--with-bzip2=bzip2,--without-bzip2) \
+ $(if $(CONFIG_PACKAGE_TAR_GZIP),--with-gzip=gzip,--without-gzip) \
$(if $(CONFIG_PACKAGE_TAR_XZ),--with-xz=xz,--without-xz) \
+ $(if $(CONFIG_PACKAGE_TAR_ZSTD),--with-zstd=zstd,--without-zstd) \
--without-compress \
--without-lzip \
--without-lzma \
--without-lzop \
- --without-selinux
+ --without-selinux \
+ --disable-rpath
MAKE_FLAGS += \
CFLAGS="$(TARGET_CFLAGS)" \
PKG_NAME:=xz
PKG_VERSION:=5.2.4
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=@SF/lzmautils
--disable-werror \
--with-pic
+CONFIGURE_VARS += \
+ gl_cv_posix_shell=/bin/sh
+
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(CP) \
$(eval $(call BuildSubPackage,lzmainfo, +liblzma,))
$(eval $(call BuildSubPackage,xz, +liblzma, lzcat lzma unlzma unxz xzcat))
$(eval $(call BuildSubPackage,xzdec, +liblzma,))
-$(eval $(call BuildSubPackage,xzdiff, +bash +xz, lzcmp lzdiff xzcmp))
-$(eval $(call BuildSubPackage,xzgrep, +bash +xz, lzegrep lzfgrep lzgrep xzegrep xzfgrep))
-$(eval $(call BuildSubPackage,xzless, +bash +xz, lzless))
-$(eval $(call BuildSubPackage,xzmore, +bash +xz, lzmore))
+$(eval $(call BuildSubPackage,xzdiff, +xz, lzcmp lzdiff xzcmp))
+$(eval $(call BuildSubPackage,xzgrep, +xz, lzegrep lzfgrep lzgrep xzegrep xzfgrep))
+$(eval $(call BuildSubPackage,xzless, +xz, lzless))
+$(eval $(call BuildSubPackage,xzmore, +xz, lzmore))
include $(TOPDIR)/rules.mk
PKG_NAME:=ykpers
-PKG_VERSION:=1.19.0
+PKG_VERSION:=1.20.0
PKG_RELEASE:=1
-PKG_SOURCE:=ykpers-$(PKG_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://developers.yubico.com/yubikey-personalization/Releases
-PKG_HASH:=2bc8afa16d495a486582bad916d16de1f67c0cce9bb0a35c3123376c2d609480
+PKG_HASH:=0ec84d0ea862f45a7d85a1a3afe5e60b8da42df211bb7d27a50f486e31a79b93
+
PKG_MAINTAINER:=Stuart B. Wilkins <stuwilkins@mac.com>
-PKG_LICENSE_FILES:=COPYING
PKG_LICENSE:=BSD-2-Clause
-
-PKG_BUILD_DIR:=$(BUILD_DIR)/ykpers-$(PKG_VERSION)
-PKG_BUILD_DEPENDS:=libyubikey
+PKG_LICENSE_FILES:=COPYING
include $(INCLUDE_DIR)/package.mk
define Package/ykpers
- SECTION:=utils
+ SECTION:=utils
CATEGORY:=Utilities
TITLE:=The Yuibco personalization package
URL:=https://developers.yubico.com/yubikey-personalization/
endef
define Package/ykpers/description
- The YubiKey Personalization package contains a library and command
+ The YubiKey Personalization package contains a library and command
line tool used to personalize (i.e., set a AES key) YubiKeys.
endef
--enable-shared \
--disable-static
-
define Build/InstallDev
$(INSTALL_DIR) $(STAGING_DIR)/usr/include
$(CP) $(PKG_BUILD_DIR)/ykcore/*.h $(STAGING_DIR)/usr/include
include $(TOPDIR)/rules.mk
PKG_NAME:=zstd
-PKG_VERSION:=1.4.0
-PKG_RELEASE:=4
+PKG_VERSION:=1.4.2
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/facebook/zstd/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=63be339137d2b683c6d19a9e34f4fb684790e864fee13c7dd40e197a64c705c1
+PKG_HASH:=7a6e1dad34054b35e2e847eb3289be8820a5d378228802239852f913c6dcf6a7
PKG_MAINTAINER:=Amol Bhave <ambhave@fb.com>
PKG_LICENSE:=GPL-2.0-or-later
include $(INCLUDE_DIR)/host-build.mk
include $(INCLUDE_DIR)/cmake.mk
-ifeq ($(CONFIG_ZSTD_OPTIMIZE_O3),y)
- TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS))
- TARGET_CFLAGS += -O3
- TARGET_CXXFLAGS := $(filter-out -O%,$(TARGET_CXXFLAGS))
- TARGET_CXXFLAGS += -O3
-endif
-
define Package/zstd/Default
SUBMENU:=Compression
URL:=https://github.com/facebook/zstd
SECTION:=libs
CATEGORY:=Libraries
TITLE:=zstd library.
+ MENU:=1
endef
define Package/libzstd/description
define Package/libzstd/config
config ZSTD_OPTIMIZE_O3
bool "Use all optimizations (-O3)"
+ depends on PACKAGE_libzstd
default y
help
This enables additional optmizations using the -O3 compilation flag.
This package provides the zstd binaries.
endef
+ifeq ($(CONFIG_ZSTD_OPTIMIZE_O3),y)
+TARGET_CFLAGS:= $(filter-out -O%,$(TARGET_CFLAGS)) -O3
+endif
+
+TARGET_CFLAGS += -flto
+TARGET_LDFLAGS += -Wl,--as-needed
+
define Package/libzstd/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libzstd.so* $(1)/usr/lib/
+++ /dev/null
---- a/programs/fileio.c
-+++ b/programs/fileio.c
-@@ -175,7 +175,7 @@ static void clearHandler(void)
-
- #if !defined(BACKTRACE_ENABLE)
- /* automatic detector : backtrace enabled by default on linux+glibc and osx */
--# if (defined(__linux__) && defined(__GLIBC__)) \
-+# if (defined(__linux__) && (defined(__GLIBC__) && !defined(__UCLIBC__))) \
- || (defined(__APPLE__) && defined(__MACH__))
- # define BACKTRACE_ENABLE 1
- # else
--- /dev/null
+From 245a69c0f5784ba89c28301263bcfd5785ebe0ea Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Tue, 30 Jul 2019 17:17:07 -0700
+Subject: [PATCH] zstd: Don't use utime on Linux
+
+utime is deprecated by POSIX 2008 and optionally not available with
+uClibc-ng.
+
+Got rid of a few useless headers in timefn.h.
+
+Signed-off-by: Rosen Penev <rosenp@gmail.com>
+---
+ programs/platform.h | 2 +-
+ programs/timefn.h | 6 ------
+ programs/util.c | 10 ++++++++++
+ programs/util.h | 5 +++--
+ 4 files changed, 14 insertions(+), 9 deletions(-)
+
+diff --git a/programs/platform.h b/programs/platform.h
+index 38ded8727..5934e59cf 100644
+--- a/programs/platform.h
++++ b/programs/platform.h
+@@ -92,7 +92,7 @@ extern "C" {
+
+ # if defined(__linux__) || defined(__linux)
+ # ifndef _POSIX_C_SOURCE
+-# define _POSIX_C_SOURCE 200112L /* feature test macro : https://www.gnu.org/software/libc/manual/html_node/Feature-Test-Macros.html */
++# define _POSIX_C_SOURCE 200809L /* feature test macro : https://www.gnu.org/software/libc/manual/html_node/Feature-Test-Macros.html */
+ # endif
+ # endif
+ # include <unistd.h> /* declares _POSIX_VERSION */
+diff --git a/programs/timefn.h b/programs/timefn.h
+index d1ddd31b1..2db3765b9 100644
+--- a/programs/timefn.h
++++ b/programs/timefn.h
+@@ -19,12 +19,6 @@ extern "C" {
+ /*-****************************************
+ * Dependencies
+ ******************************************/
+-#include <sys/types.h> /* utime */
+-#if defined(_MSC_VER)
+-# include <sys/utime.h> /* utime */
+-#else
+-# include <utime.h> /* utime */
+-#endif
+ #include <time.h> /* clock_t, clock, CLOCKS_PER_SEC */
+
+
+diff --git a/programs/util.c b/programs/util.c
+index fb77d1783..3a2e9e28f 100644
+--- a/programs/util.c
++++ b/programs/util.c
+@@ -54,14 +54,24 @@ int UTIL_getFileStat(const char* infilename, stat_t *statbuf)
+ int UTIL_setFileStat(const char *filename, stat_t *statbuf)
+ {
+ int res = 0;
++#if defined(_WIN32)
+ struct utimbuf timebuf;
++#else
++ struct timespec timebuf[2];
++#endif
+
+ if (!UTIL_isRegularFile(filename))
+ return -1;
+
++#if defined(_WIN32)
+ timebuf.actime = time(NULL);
+ timebuf.modtime = statbuf->st_mtime;
+ res += utime(filename, &timebuf); /* set access and modification times */
++#else
++ timebuf[0].tv_sec = time(NULL);
++ timebuf[1].tv_sec = statbuf->st_mtime;
++ res += utimensat(AT_FDCWD, filename, timebuf, 0); /* set access and modification times */
++#endif
+
+ #if !defined(_WIN32)
+ res += chown(filename, statbuf->st_uid, statbuf->st_gid); /* Copy ownership */
+diff --git a/programs/util.h b/programs/util.h
+index d6e5bb550..71d4c7c77 100644
+--- a/programs/util.h
++++ b/programs/util.h
+@@ -25,12 +25,13 @@ extern "C" {
+ #include <stdio.h> /* fprintf */
+ #include <sys/types.h> /* stat, utime */
+ #include <sys/stat.h> /* stat, chmod */
+-#if defined(_MSC_VER)
++#if defined(_WIN32)
+ # include <sys/utime.h> /* utime */
+ # include <io.h> /* _chmod */
+ #else
++# include <fcntl.h> /* AT_FDCWD */
++# include <sys/stat.h> /* utimensat */
+ # include <unistd.h> /* chown, stat */
+-# include <utime.h> /* utime */
+ #endif
+ #include <time.h> /* clock_t, clock, CLOCKS_PER_SEC, nanosleep */
+ #include "mem.h" /* U32, U64 */