include $(TOPDIR)/rules.mk
PKG_NAME:=xmlrpc-c
-PKG_REV:=2640
-PKG_VERSION:=1.39.0
+PKG_VERSION:=1.39.12
PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://svn.code.sf.net/p/xmlrpc-c/code/advanced
-PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=$(PKG_REV)
-PKG_SOURCE_PROTO:=svn
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tgz
+PKG_SOURCE_URL:=@SF/xmlrpc-c/Xmlrpc-c%20Super%20Stable/$(PKG_VERSION)
+PKG_HASH:=d830f3264a832dfe09f629cc64036acfd08121692526d0fabe090f7ff881ce08
PKG_MAINTAINER:=Ted Hess <thess@kitschensync.net>
PKG_LICENSE:=VARIOUS
PKG_NAME:=acme
PKG_SOURCE_VERSION:=7b40cbe8c1a52041351524bcde4b37665a7cdf79
-PKG_VERSION:=1.5
+PKG_VERSION:=1.6
PKG_RELEASE:=1
PKG_LICENSE:=GPLv3
endef
define Package/acme/install
+ $(INSTALL_DIR) $(1)/etc/acme
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/acme.config $(1)/etc/config/acme
$(INSTALL_DIR) $(1)/etc/init.d
st = s:option(Value, "state_dir", translate("State directory"),
translate("Where certs and other state files are kept."))
st.rmempty = false
-st.datatype = "string"
+st.datatype = "directory"
ae = s:option(Value, "account_email", translate("Account email"),
translate("Email address to associate with account key."))
ae.rmempty = false
+ae.datatype = "minlength(1)"
d = s:option(Flag, "debug", translate("Enable debug logging"))
d.rmempty = false
"(only select this for one certificate)."))
u.rmempty = false
+wr = cs:option(Value, "webroot", translate("Webroot directory"),
+ translate("Webserver root directory. Set this to the webserver " ..
+ "document root to run Acme in webroot mode. The web " ..
+ "server must be accessible from the internet on port 80."))
+wr.rmempty = false
+
dom = cs:option(DynamicList, "domains", translate("Domain names"),
translate("Domain names to include in the certificate. " ..
"The first name will be the subject name, subsequent names will be alt names. " ..
config cert 'example'
option enabled 0
- option use_staging 0
+ option use_staging 1
option keylength 2048
option update_uhttpd 1
+ option webroot ""
list domains example.org
/etc/init.d/cron start
}
-debug()
+log()
{
- [ "$DEBUG" -eq "1" ] && echo "$@" >&2
+ logger -t acme -s -p daemon.info "$@"
}
-pre_checks()
+err()
{
- echo "Running pre checks."
- check_cron
-
- [ -d "$STATE_DIR" ] || mkdir -p "$STATE_DIR"
-
- if [ -e /etc/init.d/uhttpd ]; then
+ logger -t acme -s -p daemon.err "$@"
+}
- UHTTPD_LISTEN_HTTP=$(uci get uhttpd.main.listen_http)
+debug()
+{
+ [ "$DEBUG" -eq "1" ] && logger -t acme -s -p daemon.debug "$@"
+}
- uci set uhttpd.main.listen_http=''
- uci commit uhttpd
- /etc/init.d/uhttpd reload || return 1
- fi
+get_listeners()
+{
+ netstat -nptl 2>/dev/null | awk 'match($4, /:80$/){split($7, parts, "/"); print parts[2];}' | uniq | tr "\n" " "
+}
- iptables -I input_rule -p tcp --dport 80 -j ACCEPT || return 1
- ip6tables -I input_rule -p tcp --dport 80 -j ACCEPT || return 1
+pre_checks()
+{
+ main_domain="$1"
+
+ log "Running pre checks for $main_domain."
+
+ listeners="$(get_listeners)"
+ debug "port80 listens: $listeners"
+
+ case "$listeners" in
+ "uhttpd")
+ debug "Found uhttpd listening on port 80; trying to disable."
+
+ UHTTPD_LISTEN_HTTP=$(uci get uhttpd.main.listen_http)
+
+ if [ -z "$UHTTPD_LISTEN_HTTP" ]; then
+ err "$main_domain: Unable to find uhttpd listen config."
+ err "Manually disable uhttpd or set webroot to continue."
+ return 1
+ fi
+
+ uci set uhttpd.main.listen_http=''
+ uci commit uhttpd || return 1
+ if ! /etc/init.d/uhttpd reload ; then
+ uci set uhttpd.main.listen_http="$UHTTPD_LISTEN_HTTP"
+ uci commit uhttpd
+ return 1
+ fi
+ ;;
+ "")
+ debug "Nothing listening on port 80."
+ ;;
+ *)
+ err "$main_domain: Cannot run in standalone mode; another daemon is listening on port 80."
+ err "Disable other daemon or set webroot to continue."
+ return 1
+ ;;
+ esac
+
+ iptables -I input_rule -p tcp --dport 80 -j ACCEPT -m comment --comment "ACME" || return 1
+ ip6tables -I input_rule -p tcp --dport 80 -j ACCEPT -m comment --comment "ACME" || return 1
debug "v4 input_rule: $(iptables -nvL input_rule)"
debug "v6 input_rule: $(ip6tables -nvL input_rule)"
- debug "port80 listens: $(netstat -ntpl | grep :80)"
return 0
}
post_checks()
{
- echo "Running post checks (cleanup)."
- iptables -D input_rule -p tcp --dport 80 -j ACCEPT
- ip6tables -D input_rule -p tcp --dport 80 -j ACCEPT
+ log "Running post checks (cleanup)."
+ # The comment ensures we only touch our own rules. If no rules exist, that
+ # is fine, so hide any errors
+ iptables -D input_rule -p tcp --dport 80 -j ACCEPT -m comment --comment "ACME" 2>/dev/null
+ ip6tables -D input_rule -p tcp --dport 80 -j ACCEPT -m comment --comment "ACME" 2>/dev/null
- if [ -e /etc/init.d/uhttpd ]; then
+ if [ -e /etc/init.d/uhttpd ] && [ -n "$UHTTPD_LISTEN_HTTP" ]; then
uci set uhttpd.main.listen_http="$UHTTPD_LISTEN_HTTP"
uci commit uhttpd
/etc/init.d/uhttpd reload
+ UHTTPD_LISTEN_HTTP=
fi
}
local main_domain
local moved_staging=0
local failed_dir
+ local webroot
config_get_bool enabled "$section" enabled 0
config_get_bool use_staging "$section" use_staging
config_get_bool update_uhttpd "$section" update_uhttpd
config_get domains "$section" domains
config_get keylength "$section" keylength
+ config_get webroot "$section" webroot
[ "$enabled" -eq "1" ] || return
set -- $domains
main_domain=$1
+ [ -n "$webroot" ] || pre_checks "$main_domain" || return 1
+
+ log "Running ACME for $main_domain"
+
if [ -e "$STATE_DIR/$main_domain" ]; then
if [ "$use_staging" -eq "0" ] && is_staging "$main_domain"; then
- echo "Found previous cert issued using staging server. Moving it out of the way."
+ log "Found previous cert issued using staging server. Moving it out of the way."
mv "$STATE_DIR/$main_domain" "$STATE_DIR/$main_domain.staging"
moved_staging=1
else
- echo "Found previous cert config. Issuing renew."
+ log "Found previous cert config. Issuing renew."
$ACME --home "$STATE_DIR" --renew -d "$main_domain" $acme_args || return 1
return 0
fi
acme_args="$acme_args $(for d in $domains; do echo -n "-d $d "; done)"
- acme_args="$acme_args --standalone"
acme_args="$acme_args --keylength $keylength"
[ -n "$ACCOUNT_EMAIL" ] && acme_args="$acme_args --accountemail $ACCOUNT_EMAIL"
[ "$use_staging" -eq "1" ] && acme_args="$acme_args --staging"
+ if [ -z "$webroot" ]; then
+ log "Using standalone mode"
+ acme_args="$acme_args --standalone"
+ else
+ if [ ! -d "$webroot" ]; then
+ err "$main_domain: Webroot dir '$webroot' does not exist!"
+ return 1
+ fi
+ log "Using webroot dir: $webroot"
+ acme_args="$acme_args --webroot \"$webroot\""
+ fi
+
if ! $ACME --home "$STATE_DIR" --issue $acme_args; then
failed_dir="$STATE_DIR/${main_domain}.failed-$(date +%s)"
- echo "Issuing cert for $main_domain failed. Moving state to $failed_dir" >&2
+ err "Issuing cert for $main_domain failed. Moving state to $failed_dir"
[ -d "$STATE_DIR/$main_domain" ] && mv "$STATE_DIR/$main_domain" "$failed_dir"
if [ "$moved_staging" -eq "1" ]; then
- echo "Restoring staging certificate" >&2
+ err "Restoring staging certificate"
mv "$STATE_DIR/${main_domain}.staging" "$STATE_DIR/${main_domain}"
fi
return 1
# commit and reload is in post_checks
fi
+ post_checks
}
load_vars()
DEBUG=$(config_get "$section" debug)
}
-if [ -n "$CHECK_CRON" ]; then
- check_cron
- exit 0
-fi
+check_cron
+[ -n "$CHECK_CRON" ] && exit 0
config_load acme
config_foreach load_vars acme
-pre_checks || exit 1
+if [ -z "$STATE_DIR" ] || [ -z "$ACCOUNT_EMAIL" ]; then
+ err "state_dir and account_email must be set"
+ exit 1
+fi
+
+[ -d "$STATE_DIR" ] || mkdir -p "$STATE_DIR"
+
trap err_out HUP TERM
trap int_out INT
config_foreach issue_cert cert
-post_checks
exit 0
include $(TOPDIR)/rules.mk
PKG_NAME:=adblock
-PKG_VERSION:=2.6.0
-PKG_RELEASE:=2
+PKG_VERSION:=2.6.1
+PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0+
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
* simple but yet powerful adblock engine: adblock does not use error prone external iptables rulesets, http pixel server instances and things like that
* automatically selects dnsmasq or unbound as dns backend
* automatically selects uclient-fetch or wget as download utility (other tools like curl or aria2c are supported as well)
+* support http only mode (without installed ssl library) for all non-SSL blocklist sources
* automatically supports a wide range of router modes, even AP modes are supported
* full IPv4 and IPv6 support
* supports tld compression (top level domain compression), this feature removes thousands of needless host entries from the block lists and lowers the memory footprint for the dns backends
* suspend & resume adblock actions temporarily without block list reloading
* runtime information available via LuCI & via 'status' init command
* query function to quickly identify blocked (sub-)domains, e.g. for whitelisting
+* optional: force dns requests to local resolver
+* optional: force overall sort / duplicate removal for low memory devices (handle with care!)
* optional: automatic block list backup & restore, backups will be (de-)compressed and restored on the fly in case of any runtime error
* optional: add new adblock sources on your own via uci config
* a usual setup with an enabled dns backend at minimum - dump AP modes without a working dns backend are _not_ supported
* a download utility:
* to support all blocklist sources a full version (with ssl support) of 'wget', 'uclient-fetch' with one of the 'libustream-*' ssl libraries, 'aria2c' or 'curl' is required
- * for limited devices with real memory constraints, adblock provides also a plain http option and supports wget-nossl and uclient-fetch (wihout libustream-ssl), too
+ * for limited devices with real memory constraints, adblock provides also a plain http option and supports wget-nossl and uclient-fetch (without libustream-ssl), too
* for more configuration options see examples below
## LEDE trunk Installation & Usage
* **restrict procd interface trigger:** restrict the procd interface trigger to a (list of) certain interface(s) (default: wan). To disable it at all, remove all entries
* **suspend & resume adblocking:** to quickly switch the adblock service 'on' or 'off', simply use _/etc/init.d/adblock [suspend|resume]_
* **domain query:** to query the active block lists for a specific domain, please run _/etc/init.d/adblock query `<DOMAIN>`_ (see example below)
-* **divert dns requests:** to force dns requests to your local dns resolver add an appropriate firewall rule (see example below)
* **add new list sources:** you could add new block list sources on your own via uci config, all you need is a source url and an awk one-liner (see example below)
* **disable active dns probing in windows 10:** to prevent a yellow exclamation mark on your internet connection icon (which wrongly means connected, but no internet), please change the following registry key/value from "1" to "0" _HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet\EnableActiveProbing_
* adb\_iface => set the procd interface trigger to a (list of) lan / wan interface(s) (default: 'wan')
* adb\_fetch => full path to a different download utility, see example below (default: not set, use wget)
* adb\_fetchparm => options for the download utility, see example below (default: not set, use wget options)
- * adb\_triggerdelay => additional trigger delay in seconds before adblock processing starts (default: '1')
+ * adb\_triggerdelay => additional trigger delay in seconds before adblock processing starts (default: '2')
+ * adb\_forcedns => force dns requests to local resolver (default: '0', disabled)
+ * adb\_forcesrt => force overall sort on low memory devices with less than 64 MB RAM (default: '0', disabled)
## Examples
**change default dns backend to 'unbound':**
In the example above whitelist "www.doubleclick.net" to free the submitted domain.
</code></pre>
-**divert dns requests to local dns resolver in /etc/config/firewall:**
-<pre><code>
-config redirect
- option name 'Divert DNS'
- option src 'lan'
- option proto 'tcp udp'
- option src_dport '53'
- option dest_port '53'
- option target 'DNAT'
-</code></pre>
-
**add a new block list source:**
<pre><code>
1. the easy way ...
config adblock 'global'
option adb_enabled '1'
option adb_debug '0'
+ option adb_forcesrt '0'
+ option adb_forcedns '0'
option adb_iface 'wan'
option adb_triggerdelay '2'
option adb_whitelist '/etc/adblock/adblock.whitelist'
#
LC_ALL=C
PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-adb_ver="2.6.0-2"
+adb_ver="2.6.1"
adb_sysver="$(ubus -S call system board | jsonfilter -e '@.release.description')"
adb_enabled=1
adb_debug=0
+adb_forcesrt=0
+adb_forcedns=0
adb_backup=0
adb_backupdir="/mnt"
adb_whitelist="/etc/adblock/adblock.whitelist"
#
config_load adblock
config_foreach parse_config source
+
+ # force dns to local resolver
+ #
+ if [ ${adb_forcedns} -eq 1 ] && [ -z "$(uci -q get firewall.adblock_dns)" ]
+ then
+ uci -q set firewall.adblock_dns="redirect"
+ uci -q set firewall.adblock_dns.src="lan"
+ uci -q set firewall.adblock_dns.proto="tcp udp"
+ uci -q set firewall.adblock_dns.src_dport="53"
+ uci -q set firewall.adblock_dns.dest_port="53"
+ uci -q set firewall.adblock_dns.target="DNAT"
+ elif [ ${adb_forcedns} -eq 0 ] && [ -n "$(uci -q get firewall.adblock_dns)" ]
+ then
+ uci -q delete firewall.adblock_dns
+ fi
+ if [ -n "$(uci -q changes firewall)" ]
+ then
+ uci -q commit firewall
+ /etc/init.d/firewall reload >/dev/null 2>&1
+ fi
}
# f_envcheck: check/set environment prerequisites
# download block list
#
- f_log "debug" "name: ${src_name}, enabled: ${enabled}, backup: ${adb_backup}, dns: ${adb_dns}, fetch: ${adb_fetchinfo}, memory: ${mem_total}"
+ f_log "debug" "name: ${src_name}, enabled: ${enabled}, backup: ${adb_backup}, dns: ${adb_dns}, fetch: ${adb_fetchinfo}, memory: ${mem_total}, force srt/dns: ${adb_forcesrt}/${adb_forcedns}"
if [ "${src_name}" = "blacklist" ]
then
cat "${url}" 2>/dev/null > "${adb_tmpload}"
#
for src_name in $(ls -dASr "${adb_tmpdir}/${adb_dnsprefix}"* 2>/dev/null)
do
- if [ ${mem_total} -ge 64000 ]
+ if [ ${mem_total} -ge 64000 ] || [ ${adb_forcesrt} -eq 1 ]
then
if [ -s "${adb_tmpdir}/blocklist.overall" ]
then
PKG_NAME:=freeradius3
PKG_VERSION:=release_3_0_11
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/FreeRADIUS/freeradius-server/archive
/etc/freeradius3/mods-available/eap
/etc/freeradius3/mods-enabled/eap
/etc/freeradius3/policy.d/eap
+/etc/freeradius3/sites-enabled/inner-tunnel
+/etc/freeradius3/sites-available/inner-tunnel
endef
define Package/freeradius3-mod-eap-gtc
TITLE:=EAP/PEAP module
endef
-define Package/freeradius3-mod-eap-peap/conffiles
-/etc/freeradius3/sites-available/inner-tunnel
-/etc/freeradius3/sites-enabled/inner-tunnel
-endef
-
define Package/freeradius3-mod-eap-tls
$(call Package/freeradius3/Default)
DEPENDS:=freeradius3-mod-eap @FREERADIUS3_OPENSSL
TITLE:=EAP/TTLS module
endef
-define Package/freeradius3-mod-eap-ttls/conffiles
-/etc/freeradius3/sites-available/inner-tunnel
-/etc/freeradius3/sites-enabled/inner-tunnel
-endef
-
define Package/freeradius3-mod-exec
$(call Package/freeradius3/Default)
DEPENDS:=freeradius3
--- /dev/null
+--- a/raddb/certs/ca.cnf
++++ b/raddb/certs/ca.cnf
+@@ -14,7 +14,7 @@ private_key = $dir/ca.key
+ RANDFILE = $dir/.rand
+ name_opt = ca_default
+ cert_opt = ca_default
+-default_days = 60
++default_days = 365
+ default_crl_days = 30
+ default_md = sha256
+ preserve = no
+--- a/raddb/certs/client.cnf
++++ b/raddb/certs/client.cnf
+@@ -14,7 +14,7 @@ private_key = $dir/ca.key
+ RANDFILE = $dir/.rand
+ name_opt = ca_default
+ cert_opt = ca_default
+-default_days = 60
++default_days = 365
+ default_crl_days = 30
+ default_md = sha256
+ preserve = no
+--- a/raddb/certs/server.cnf
++++ b/raddb/certs/server.cnf
+@@ -14,7 +14,7 @@ private_key = $dir/ca.key
+ RANDFILE = $dir/.rand
+ name_opt = ca_default
+ cert_opt = ca_default
+-default_days = 60
++default_days = 365
+ default_crl_days = 30
+ default_md = sha256
+ preserve = no
include $(TOPDIR)/rules.mk
PKG_NAME:=gnunet
-PKG_SOURCE_VERSION:=f7ef810b99d2c47d5a07739ecb0be1667f32567f
-PKG_MIRROR_HASH:=1f1fbccff28240ca8c1980b3f7c95ee413a2978f6a245838d7acaae19db3f586
+PKG_SOURCE_VERSION:=1c2ab4aa3b9b563ad2098984b5751e67d3267778
+PKG_MIRROR_HASH:=cb0286944b78616e381b049de678a3475b0a496055f40f8af5eea367c4d9c0c6
-PKG_VERSION:=0.10.2-git-20170313-$(PKG_SOURCE_VERSION)
+PKG_VERSION:=0.10.2-git-20170419-$(PKG_SOURCE_VERSION)
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_NAME:=ocserv
PKG_VERSION:=0.11.7
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_USE_MIPS16:=0
PKG_BUILD_DIR :=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
endef
define Package/ocserv/description
- OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be
+ OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be
a secure, small, fast and configurable VPN server. It implements the
OpenConnect SSL VPN protocol, and has also (currently experimental)
compatibility with clients using the AnyConnect SSL VPN protocol. The
OpenConnect VPN protocol uses the standard IETF security protocols such
- as TLS 1.2, and Datagram TLS to provide the secure VPN service.
+ as TLS 1.2, and Datagram TLS to provide the secure VPN service.
endef
EXTRA_CPPFLAGS+=-I$(STAGING_DIR)/usr/include/readline/
START=50
USE_PROCD=1
+. $IPKG_INSTROOT/lib/functions/network.sh
+
setup_config() {
config_get port $1 port "4443"
config_get max_clients $1 max_clients "8"
uci set dhcp.lan.start=100
uci set dhcp.lan.limit=91
fi
- ip=$(uci get network.lan.ipaddr)
+ network_get_ipaddr ip lan
ipaddr="$(echo $ip|cut -d . -f1,2,3).192"
netmask="255.255.255.192"
- uci set ocserv.config.ipaddr="$ipaddr"
- uci set ocserv.config.netmask="$netmask"
- uci commit
fi
if test -z "$ip6addr";then
- ip6addr=$(uci get network.lan.ip6addr 2>/dev/null)
- test -n "$ip6addr" && uci set ocserv.config.ip6addr="$ip6addr"
- uci commit
+ network_get_ipaddr6 ip6addr lan
+ # Append ipv6 prefix
+ test -n "$ip6addr" && ip6addr="$ip6addr/96"
fi
ping_leases=1
- test -n "$ipaddr" && sysctl -w "net.ipv4.conf.$(uci get network.lan.ifname).proxy_arp"=1 >/dev/null
- test -n "$ip6addr" && sysctl -w "net.ipv6.conf.$(uci get network.lan.ifname).proxy_ndp"=1 >/dev/null
+ local ifname
+ network_get_device ifname lan
+ if test -n "ifname";then
+ test -n "$ipaddr" && sysctl -w "net.ipv4.conf.$ifname.proxy_arp"=1 >/dev/null
+ test -n "$ip6addr" && sysctl -w "net.ipv6.conf.$ifname.proxy_ndp"=1 >/dev/null
+ fi
else
- test "$ipaddr" = "" && ipaddr="192.168.100.0"
- test "$netmask" = "" && ipaddr="255.255.255.0"
+ test -z "$ipaddr" && ipaddr="192.168.100.0"
+ test -z "$netmask" && netmask="255.255.255.0"
fi
enable_default_domain="#"
[ -f /etc/config/ocserv-dir/ca-key.pem ] && mv /etc/config/ocserv-dir/ca-key.pem /etc/ocserv/ca-key.pem
[ -f /etc/config/ocserv-dir/ca.pem ] && mv /etc/config/ocserv-dir/ca.pem /etc/ocserv/ca.pem
[ -f /etc/config/ocserv-dir/server-key.pem ] && mv /etc/config/ocserv-dir/server-key.pem /etc/ocserv/server-key.pem
- [ -f /etc/config/ocserv-dir/server-cert.pem ] && mv /etc/config/ocserv-dir/server-cert.pem /etc/ocserv/server-cert.pem
+ [ -f /etc/config/ocserv-dir/server-cert.pem ] && mv /etc/config/ocserv-dir/server-cert.pem /etc/ocserv/server-cert.pem
[ -d /etc/config/ocserv-dir ] && rmdir /etc/config/ocserv-dir
[ ! -f /etc/ocserv/ca-key.pem ] && [ -x /usr/bin/certtool ] && {
include $(TOPDIR)/rules.mk
PKG_NAME:=strongswan
-PKG_VERSION:=5.5.1
-PKG_RELEASE:=2
+PKG_VERSION:=5.5.2
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_HASH:=da976fca836f05fc7b7a38baab299745f960cb7640319969d239d8aa4ace9f6a
PKG_SOURCE_URL:=http://download.strongswan.org/ http://download2.strongswan.org/
-PKG_MD5SUM:=4eba9474f7dc6c8c8d7037261358e68d
PKG_LICENSE:=GPL-2.0+
PKG_MAINTAINER:=Stijn Tintel <stijn@linux-ipv6.be>
#include <linux/netlink.h>
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
-@@ -15,6 +15,8 @@
- * for more details.
+@@ -38,6 +38,8 @@
+ * THE SOFTWARE.
*/
+#include "musl.h"
--- a/src/ipsec/_ipsec.in
+++ b/src/ipsec/_ipsec.in
-@@ -259,7 +259,7 @@ stop)
+@@ -257,7 +257,7 @@ stop)
loop=110
while [ $loop -gt 0 ] ; do
kill -0 $spid 2>/dev/null || break
ARG_ENABL_SET([gcrypt], [enables the libgcrypt plugin.])
ARG_DISBL_SET([gmp], [disable GNU MP (libgmp) based crypto implementation plugin.])
+ARG_DISBL_SET([gmpdh], [disable GNU MP (libgmp) based static-linked crypto DH minimal implementation plugin.])
+ ARG_DISBL_SET([curve25519], [disable Curve25519 Diffie-Hellman plugin.])
ARG_DISBL_SET([hmac], [disable HMAC crypto implementation plugin.])
ARG_ENABL_SET([md4], [enable MD4 software implementation plugin.])
- ARG_DISBL_SET([md5], [disable MD5 software implementation plugin.])
-@@ -1347,6 +1348,7 @@ ADD_PLUGIN([gcrypt], [s ch
+@@ -1362,6 +1363,7 @@ ADD_PLUGIN([gcrypt], [s ch
ADD_PLUGIN([af-alg], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
ADD_PLUGIN([fips-prf], [s charon nm cmd])
ADD_PLUGIN([gmp], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
+ADD_PLUGIN([gmpdh], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
+ ADD_PLUGIN([curve25519], [s charon scripts nm cmd])
ADD_PLUGIN([agent], [s charon nm cmd])
ADD_PLUGIN([keychain], [s charon cmd])
- ADD_PLUGIN([chapoly], [s charon scripts nm cmd])
-@@ -1480,6 +1482,7 @@ AM_CONDITIONAL(USE_SHA2, test x$sha2 = x
- AM_CONDITIONAL(USE_SHA3, test x$sha3 = xtrue)
+@@ -1498,6 +1500,7 @@ AM_CONDITIONAL(USE_SHA3, test x$sha3 = x
+ AM_CONDITIONAL(USE_MGF1, test x$mgf1 = xtrue)
AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue)
AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue)
+AM_CONDITIONAL(USE_GMPDH, test x$gmpdh = xtrue)
+ AM_CONDITIONAL(USE_CURVE25519, test x$curve25519 = xtrue)
AM_CONDITIONAL(USE_RDRAND, test x$rdrand = xtrue)
AM_CONDITIONAL(USE_AESNI, test x$aesni = xtrue)
- AM_CONDITIONAL(USE_RANDOM, test x$random = xtrue)
-@@ -1733,6 +1736,7 @@ AC_CONFIG_FILES([
- src/libstrongswan/plugins/sha3/Makefile
+@@ -1756,6 +1759,7 @@ AC_CONFIG_FILES([
+ src/libstrongswan/plugins/mgf1/Makefile
src/libstrongswan/plugins/fips_prf/Makefile
src/libstrongswan/plugins/gmp/Makefile
+ src/libstrongswan/plugins/gmpdh/Makefile
+ src/libstrongswan/plugins/curve25519/Makefile
src/libstrongswan/plugins/rdrand/Makefile
src/libstrongswan/plugins/aesni/Makefile
- src/libstrongswan/plugins/random/Makefile
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
-@@ -307,6 +307,13 @@ if MONOLITHIC
+@@ -313,6 +313,13 @@ if MONOLITHIC
endif
endif
+endif
+endif
+
- if USE_RDRAND
- SUBDIRS += plugins/rdrand
+ if USE_CURVE25519
+ SUBDIRS += plugins/curve25519
if MONOLITHIC
--- /dev/null
+++ b/src/libstrongswan/plugins/gmpdh/Makefile.am
include $(TOPDIR)/rules.mk
PKG_NAME:=unbound
-PKG_VERSION:=1.6.1
-PKG_RELEASE:=6
+PKG_VERSION:=1.6.2
+PKG_RELEASE:=1
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.unbound.net/downloads
-PKG_HASH:=42df63f743c0fe8424aeafcf003ad4b880b46c14149d696057313f5c1ef51400
+PKG_HASH:=1a323d72c32180b7141c9e6ebf199fc68a0208dfebad4640cd2c4c27235e3b9c
PKG_BUILD_DEPENDS:=libexpat
PKG_BUILD_PARALLEL:=1
-#
-# Example configuration file.
-#
--# See unbound.conf(5) man page, version 1.6.1.
+-# See unbound.conf(5) man page, version 1.6.2.
-#
-# this is a comment.
+##############################################################################
PKG_NAME:=wifischedule
PKG_VERSION:=1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_LICENSE:=PRPL
PKG_MAINTAINER:=Nils Koenig <openwrt@newk.it>
TITLE:=Turns WiFi on and off according to a schedule
SECTION:=net
CATEGORY:=Network
+ PKGARCH:=all
endef
define Package/wifischedule/description
/etc/config/wifi_schedule
endef
+define Build/Prepare
+endef
+
+define Build/Configure
+endef
+
define Build/Compile
endef