on:
pull_request:
- branches:
- - master
jobs:
build:
fail-fast: false
matrix:
arch:
- - arc_arc700
+ - arc_archs
- arm_cortex-a9_vfpv3-d16
- mips_24kc
- powerpc_464fp
- powerpc_8540
runtime_test: [false]
include:
- - arch: aarch64_generic
+ - arch: aarch64_cortex-a53
runtime_test: true
- arch: arm_cortex-a15_neon-vfpv4
runtime_test: true
echo "Building $PACKAGES"
echo "PACKAGES=$PACKAGES" >> $GITHUB_ENV
+ - name: Determine branch name
+ run: |
+ BRANCH="${GITHUB_BASE_REF#refs/heads/}"
+ echo "Building for $BRANCH"
+ echo "BRANCH=$BRANCH" >> $GITHUB_ENV
+
- name: Build
uses: openwrt/gh-action-sdk@v1
env:
- ARCH: ${{ matrix.arch }}
+ ARCH: ${{ matrix.arch }}-${{ env.BRANCH }}
FEEDNAME: packages_ci
- name: Move created packages to project dir
PKG_NAME:=atop
PKG_RELEASE:=1
-PKG_VERSION:=2.5.0
-PKG_LICENSE:=GPL-2.0-or-later
-PKG_SOURCE_URL:=https://www.atoptool.nl/download/
-PKG_HASH:=4b911057ce50463b6e8b3016c5963d48535c0cddeebc6eda817e292b22f93f33
+PKG_VERSION:=2.6.0
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://www.atoptool.nl/download/
+PKG_HASH:=9ec2ca3a571692f7efaa095f99a5106432bcb71cc22cd6c49597ef0481058f72
+
PKG_MAINTAINER:=Toni Uhlig <matzeton@googlemail.com>
+PKG_LICENSE:=GPL-2.0-or-later
+PKG_LICENSE_FILES:=COPYING
include $(INCLUDE_DIR)/package.mk
TITLE:=System and process monitor for Linux
DEPENDS:=+zlib +libncurses
URL:=https://www.atoptool.nl/
- MAINTAINER:=Toni Uhlig <matzeton@googlemail.com>
endef
define Package/atop/description
-diff --git a/Makefile b/Makefile
-index 3bf5929..e065577 100644
--- a/Makefile
+++ b/Makefile
-@@ -32,7 +32,7 @@ VERS = $(shell ./atop -V 2>/dev/null| sed -e 's/^[^ ]* //' -e 's/ .*//')
- all: atop atopsar atopacctd atopconvert
+@@ -33,7 +33,7 @@ VERS = $(shell ./atop -V 2>/dev/null
+ all: atop atopsar atopacctd atopconvert atopcat
atop: atop.o $(ALLMODS) Makefile
-- $(CC) -c version.c
-+ $(CC) $(CFLAGS) -c version.c
- $(CC) atop.o $(ALLMODS) -o atop -lncurses -lz -lm -lrt $(LDFLAGS)
+- $(CC) atop.o $(ALLMODS) -o atop -lncursesw -lz -lm -lrt $(LDFLAGS)
++ $(CC) $(CFLAGS) atop.o $(ALLMODS) -o atop -lncursesw -lz -lm -lrt $(LDFLAGS)
atopsar: atop
-@@ -45,7 +45,7 @@ atopconvert: atopconvert.o
- $(CC) atopconvert.o -o atopconvert -lz $(LDFLAGS)
-
- netlink.o: netlink.c
-- $(CC) -I. -Wall -c netlink.c
-+ $(CC) $(CFLAGS) -I. -Wall -c netlink.c
-
- clean:
- rm -f *.o atop atopacctd atopconvert
+ ln -sf atop atopsar
--- /dev/null
+--- a/photosyst.c
++++ b/photosyst.c
+@@ -149,6 +149,7 @@
+ **
+ */
+
++#include <limits.h>
+ #include <sys/types.h>
+ #include <stdio.h>
+ #include <string.h>
include $(TOPDIR)/rules.mk
PKG_NAME:=htop
-PKG_VERSION:=3.0.3
+PKG_VERSION:=3.0.5
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/htop-dev/htop/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=725103929c925a7252b4dedeb29b3a1da86a2f74e96c50eb9ea6c8fec1942cd2
+PKG_HASH:=4c2629bd50895bd24082ba2f81f8c972348aa2298cc6edc6a21a7fa18b73990c
PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=COPYING
PKG_NAME:=monit
PKG_VERSION:=5.26.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://mmonit.com/monit/dist
PKG_HASH:=87fc4568a3af9a2be89040efb169e3a2e47b262f99e78d5ddde99dd89f02f3c2
+PKG_MAINTAINER:=Etienne CHAMPETIER <champetier.etienne@gmail.com>
PKG_LICENSE:=AGPL-3.0
PKG_LICENSE_FILES:=COPYING
PKG_CPE_ID:=cpe:/a:tildeslash:monit
-PKG_BUILD_PARALLEL:=1
+PKG_FIXUP:=libtool
PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
DEPENDS:= +libpthread +zlib
TITLE:=System services monitoring utility
URL:=https://mmonit.com/monit/
- MAINTAINER:=Etienne CHAMPETIER <champetier.etienne@gmail.com>
endef
define Package/monit/Default/description
include $(TOPDIR)/rules.mk
PKG_NAME:=netdata
-PKG_VERSION:=1.26.0
+PKG_VERSION:=1.28.0
PKG_RELEASE:=1
PKG_MAINTAINER:=Josef Schlehofer <pepe.schlehofer@gmail.com>, Daniel Engberg <daniel.engberg.lists@pyret.net>
PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/netdata/netdata/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=be32d49381da39196574011653ea863f2064a2168bc9b61a1354171b27ce370b
+PKG_HASH:=35f681abddfc307ffa8f026dbded4eadf3752a7cbb3078501a64d4f9b605491e
PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
--- a/web/gui/main.js
+++ b/web/gui/main.js
-@@ -745,11 +745,7 @@ function renderMyNetdataMenu(machinesArr
+@@ -759,11 +759,7 @@ function renderMyNetdataMenu(machinesArr
if (!isSignedIn()) {
if (!NETDATA.registry.isRegistryEnabled()) {
html += (
--- a/collectors/python.d.plugin/Makefile.am
+++ b/collectors/python.d.plugin/Makefile.am
-@@ -142,109 +142,3 @@ dist_third_party_DATA = \
- python_modules/third_party/boinc_client.py \
+@@ -145,109 +145,3 @@ dist_third_party_DATA = \
python_modules/third_party/monotonic.py \
+ python_modules/third_party/filelock.py \
$(NULL)
-
-pythonyaml2dir=$(pythonmodulesdir)/pyyaml2
+++ /dev/null
-From bb405e3c274ca8860c974a720071d346b16c8462 Mon Sep 17 00:00:00 2001
-From: Tomas Kopal <Tomas.Kopal@eccam.com>
-Date: Tue, 6 Oct 2020 13:38:08 +0200
-Subject: [PATCH] Don't check for ebpf dependencies if ebpf is disabled.
-
----
- configure.ac | 56 +++++++++++++++++++++++++++-------------------------
- 1 file changed, 29 insertions(+), 27 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 57f6c0b1cb3a..5f13b4feb0d1 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -989,36 +989,38 @@ AM_CONDITIONAL([ENABLE_PLUGIN_PERF], [test "${enable_plugin_perf}" = "yes"])
- # -----------------------------------------------------------------------------
- # ebpf.plugin
-
--PKG_CHECK_MODULES(
-- [LIBELF],
-- [libelf],
-- [have_libelf=yes],
-- [have_libelf=no]
--)
-+if test "${build_target}" = "linux" -a "${enable_ebpf}" != "no"; then
-+ PKG_CHECK_MODULES(
-+ [LIBELF],
-+ [libelf],
-+ [have_libelf=yes],
-+ [have_libelf=no]
-+ )
-
--AC_CHECK_TYPE(
-- [struct bpf_prog_info],
-- [have_bpf=yes],
-- [have_bpf=no],
-- [#include <linux/bpf.h>]
--)
-+ AC_CHECK_TYPE(
-+ [struct bpf_prog_info],
-+ [have_bpf=yes],
-+ [have_bpf=no],
-+ [#include <linux/bpf.h>]
-+ )
-
--AC_CHECK_FILE(
-- externaldeps/libbpf/libbpf.a,
-- [have_libbpf=yes],
-- [have_libbpf=no]
--)
-+ AC_CHECK_FILE(
-+ externaldeps/libbpf/libbpf.a,
-+ [have_libbpf=yes],
-+ [have_libbpf=no]
-+ )
-
--AC_MSG_CHECKING([if ebpf.plugin should be enabled])
--if test "${build_target}" = "linux" -a \
-- "${enable_ebpf}" != "no" -a \
-- "${have_libelf}" = "yes" -a \
-- "${have_bpf}" = "yes" -a \
-- "${have_libbpf}" = "yes"; then
-- OPTIONAL_BPF_CFLAGS="${LIBELF_CFLAGS} -I externaldeps/libbpf/include"
-- OPTIONAL_BPF_LIBS="externaldeps/libbpf/libbpf.a ${LIBELF_LIBS}"
-- AC_DEFINE([HAVE_LIBBPF], [1], [libbpf usability])
-- enable_ebpf="yes"
-+ AC_MSG_CHECKING([if ebpf.plugin should be enabled])
-+ if test "${have_libelf}" = "yes" -a \
-+ "${have_bpf}" = "yes" -a \
-+ "${have_libbpf}" = "yes"; then
-+ OPTIONAL_BPF_CFLAGS="${LIBELF_CFLAGS} -I externaldeps/libbpf/include"
-+ OPTIONAL_BPF_LIBS="externaldeps/libbpf/libbpf.a ${LIBELF_LIBS}"
-+ AC_DEFINE([HAVE_LIBBPF], [1], [libbpf usability])
-+ enable_ebpf="yes"
-+ else
-+ enable_ebpf="no"
-+ fi
- else
- enable_ebpf="no"
- fi
include $(TOPDIR)/rules.mk
PKG_NAME:=openwisp-config
-PKG_VERSION:=0.4.5
-PKG_RELEASE:=2
+PKG_SOURCE_VERSION:=0.5.0
+PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/openwisp/openwisp-config.git
-PKG_SOURCE_VERSION:=0.4.5
-PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_SOURCE_VERSION)
-PKG_MIRROR_HASH:=017a8ed35ebfda2805426e7da02559d5cc2845ee9ded60fdae8e848d377424fb
-PKG_LICENSE:=GPL-3.0
+PKG_MIRROR_HASH:=337a3a9542a0898da9f951256b0d19b6bc87ced98f4ec6dc9646172b551880ef
+PKG_MAINTAINER:=Federico Capoano <f.capoano@openwisp.io>
+PKG_LICENSE:=GPL3.0-or-later
PKGARCH:=all
include $(INCLUDE_DIR)/package.mk
TITLE:=Remote configuration management agent ($(2) variant)
CATEGORY:=Administration
SECTION:=admin
- SUBMENU:=OpenWISP
- DEPENDS:=+curl +lua +libuci-lua +luafilesystem $(3)
+ SUBMENU:=openwisp
+ DEPENDS:=+curl +lua +libuci-lua +luafilesystem +luci-lib-nixio $(3)
VARIANT:=$(1)
- MAINTAINER:=Federico Capoano <f.capoano@cineca.it>
+ PKGARCH:=all
URL:=http://openwisp.org
endef
Package/openwisp-config-openssl=$(call Package/openwisp-config/default,openssl,OpenSSL,+ca-certificates +libopenssl)
Package/openwisp-config-mbedtls=$(call Package/openwisp-config/default,mbedtls,mbedTLS,+ca-certificates +libmbedtls)
-Package/openwisp-config-cyassl=$(call Package/openwisp-config/default,cyassl,CyaSSL,+ca-certificates +libcyassl)
+Package/openwisp-config-wolfssl=$(call Package/openwisp-config/default,wolfssl,WolfSSL,+ca-certificates +libwolfssl)
Package/openwisp-config-nossl=$(call Package/openwisp-config/default,nossl,No SSL)
define Build/Compile
/etc/config/openwisp
endef
-ifeq ($(BUILD_VARIANT),openssl)
CONFIG_OPENWISP_UCI:=ssl
-endif
-ifeq ($(BUILD_VARIANT),mbedtls)
-CONFIG_OPENWISP_UCI:=ssl
-endif
-ifeq ($(BUILD_VARIANT),cyassl)
-CONFIG_OPENWISP_UCI:=ssl
-endif
+
ifeq ($(BUILD_VARIANT),nossl)
-CONFIG_OPENWISP_UCI:=nossl
+ CONFIG_OPENWISP_UCI:=nossl
endif
-
define Package/openwisp-config-$(BUILD_VARIANT)/install
$(INSTALL_DIR) \
$(1)/usr/sbin \
$(PKG_BUILD_DIR)/openwisp-config/files/lib/openwisp/utils.lua \
$(1)/usr/lib/lua/openwisp/utils.lua
+ $(INSTALL_BIN) \
+ $(PKG_BUILD_DIR)/openwisp-config/files/lib/openwisp/net.lua \
+ $(1)/usr/lib/lua/openwisp/net.lua
+
$(INSTALL_BIN) \
$(PKG_BUILD_DIR)/openwisp-config/files/sbin/openwisp-store-unmanaged.lua \
$(1)/usr/sbin/openwisp-store-unmanaged
$(PKG_BUILD_DIR)/openwisp-config/files/sbin/openwisp-update-config.lua \
$(1)/usr/sbin/openwisp-update-config
+ $(INSTALL_BIN) \
+ $(PKG_BUILD_DIR)/openwisp-config/files/sbin/openwisp-get-address.lua \
+ $(1)/usr/sbin/openwisp-get-address
+
$(CP) $(PKG_BUILD_DIR)/VERSION $(1)/etc/openwisp/
endef
$(eval $(call BuildPackage,openwisp-config-openssl))
$(eval $(call BuildPackage,openwisp-config-mbedtls))
-$(eval $(call BuildPackage,openwisp-config-cyassl))
+$(eval $(call BuildPackage,openwisp-config-wolfssl))
$(eval $(call BuildPackage,openwisp-config-nossl))
include $(TOPDIR)/rules.mk
PKG_NAME:=sudo
-PKG_VERSION:=1.8.31
+PKG_VERSION:=1.9.5p2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.sudo.ws/dist
-PKG_HASH:=7ea8d97a3cee4c844e0887ea7a1bd80eb54cc98fd77966776cb1a80653ad454f
+PKG_HASH:=539e2ef43c8a55026697fb0474ab6a925a11206b5aa58710cb42a0e1c81f0978
+
+PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
-PKG_MAINTAINER:=
PKG_LICENSE:=ISC
PKG_LICENSE_FILES:=doc/LICENSE
PKG_CPE_ID:=cpe:/a:todd_miller:sudo
-PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
-
+PKG_BUILD_PARALLEL:=1
PKG_BUILD_DEPENDS:=sudo/host
include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/host-build.mk
define Package/sudo
SECTION:=admin
/etc/sudoers.d/
endef
-CONFIGURE_ARGS+= \
+CONFIGURE_ARGS += \
--without-pam \
--disable-pam-session \
--with-editor=/bin/vi \
--with-rundir=/var/lib/sudo \
--with-vardir=/var/lib/sudo
-CONFIGURE_VARS+= \
+CONFIGURE_VARS += \
sudo_cv_uid_t_len=10 \
sudo_cv_func_unsetenv_void=no
-include $(INCLUDE_DIR)/host-build.mk
-
define Host/Compile
cd $(HOST_BUILD_DIR)/lib/util; \
$(MAKE) mksiglist; $(MAKE) mksigname
$(CP) $(HOST_BUILD_DIR)/lib/util/mksig{list,name} $(STAGING_DIR_HOSTPKG)/bin/
endef
-$(eval $(call HostBuild))
-
define Package/sudo/install
- $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_DIR) \
+ $(1)/etc/{init.d,sudoers.d} \
+ $(1)/usr/{bin,sbin} \
+ $(1)/usr/lib/sudo
+
$(CP) $(PKG_INSTALL_DIR)/usr/bin/sudo $(1)/usr/bin/
chmod 4755 $(1)/usr/bin/sudo
- $(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/visudo $(1)/usr/sbin/
- $(INSTALL_DIR) $(1)/etc
$(CP) $(PKG_INSTALL_DIR)/etc/sudoers $(1)/etc/
chmod 0440 $(1)/etc/sudoers
- $(INSTALL_DIR) $(1)/etc/sudoers.d
- $(INSTALL_DIR) $(1)/usr/lib/sudo
$(CP) $(PKG_INSTALL_DIR)/usr/lib/sudo/*.so* $(1)/usr/lib/sudo/
- $(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/sudo.init $(1)/etc/init.d/sudo
endef
}
endef
+$(eval $(call HostBuild))
$(eval $(call BuildPackage,sudo))
include $(TOPDIR)/rules.mk
PKG_NAME:=zabbix
-PKG_VERSION:=5.0.1
-PKG_RELEASE:=2
+PKG_VERSION:=5.0.7
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://cdn.zabbix.com/zabbix/sources/stable/5.0/
-PKG_HASH:=20a19e5cf2354ffcbbe24521b04becfc9875e57289c00da71999de60c4a853b6
+PKG_HASH:=d762f8a9aa9e8717d2e85d2a82d27316ea5c2b214eb00aff41b6e9b06107916a
PKG_MAINTAINER:=Etienne CHAMPETIER <champetier.etienne@gmail.com>
PKG_LICENSE:=GPL-2.0
TITLE:=Zabbix
URL:=https://www.zabbix.com/
USERID:=zabbix=53:zabbix=53
- DEPENDS += $(ICONV_DEPENDS) +libpcre +zlib +ZABBIX_GNUTLS:libgnutls +ZABBIX_OPENSSL:libopenssl @!USE_UCLIBC
+ DEPENDS += $(ICONV_DEPENDS) +libpcre +zlib +ZABBIX_GNUTLS:libgnutls +ZABBIX_OPENSSL:libopenssl
endef
define Package/zabbix-agentd
### Option: LogFileSize
# Maximum size of log file in MB.
# 0 - disable automatic log rotation.
-@@ -138,6 +135,7 @@ Server=127.0.0.1
+@@ -136,6 +133,7 @@ Server=127.0.0.1
# Range: 0-100
# Default:
# StartAgents=3
##### Active checks related
-@@ -153,8 +151,6 @@ Server=127.0.0.1
+@@ -151,8 +149,6 @@ Server=127.0.0.1
# Default:
# ServerActive=
### Option: Hostname
# Unique, case sensitive hostname.
# Required for active checks and must match hostname as configured on the server.
-@@ -164,8 +160,6 @@ ServerActive=127.0.0.1
+@@ -162,8 +158,6 @@ ServerActive=127.0.0.1
# Default:
# Hostname=
### Option: HostnameItem
# Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
# Does not support UserParameters or aliases.
-@@ -305,8 +299,8 @@ Hostname=Zabbix server
+@@ -303,8 +297,8 @@ Hostname=Zabbix server
# Include=
# Include=/usr/local/etc/zabbix_agentd.userparams.conf
include $(TOPDIR)/rules.mk
PKG_NAME:=autoconf
-PKG_VERSION:=2.69
-PKG_RELEASE:=3
+PKG_VERSION:=2.70
+PKG_RELEASE:=1
PKG_SOURCE_URL:=@GNU/autoconf
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_HASH:=64ebcec9f8ac5b2487125a86a7760d2591ac9e1d3dbd59489633f9de62a57684
+PKG_HASH:=fa9e227860d9d845c0a07f63b88c8d7a2ae1aa2345fb619384bb8accc19fecc6
+
PKG_MAINTAINER:=Heinrich Schuchardt <xypron.glpk@gmx.de>
PKG_LICENSE:=GPL-3.0-or-later
PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
-CONFIGURE_VARS += M4=m4 EMACS=no
-
define Package/autoconf
SECTION:=devel
CATEGORY:=Development
automatically configure software source code packages.
endef
-define Build/Install
- $(SED) 's/@PERL@/\/usr\/bin\/perl/g' $(PKG_BUILD_DIR)/bin/Makefile.in
- $(call Build/Install/Default)
-endef
+CONFIGURE_VARS += M4=m4 EMACS=no
define Package/autoconf/install
$(INSTALL_DIR) $(1)/usr/bin
PKG_NAME:=diffutils
PKG_VERSION:=3.7
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@GNU/diffutils
TITLE:=diffutils
URL:=http://www.gnu.org/software/diffutils/
ALTERNATIVES:=\
- 200:/usr/bin/cmp:/usr/bin/gnu-cmp \
- 200:/usr/bin/diff:/usr/bin/gnu-diff \
-
+ 200:/usr/bin/cmp:/usr/libexec/cmp-gnu \
+ 200:/usr/bin/diff:/usr/libexec/diff-gnu
endef
define Package/diffutils/description
define Package/diffutils/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/{sdiff,diff3} $(1)/usr/bin/
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/diff $(1)/usr/bin/gnu-diff
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/cmp $(1)/usr/bin/gnu-cmp
+ $(INSTALL_DIR) $(1)/usr/libexec
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/diff $(1)/usr/libexec/diff-gnu
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/cmp $(1)/usr/libexec/cmp-gnu
endef
$(eval $(call BuildPackage,diffutils))
PKG_NAME:=lpc21isp
PKG_VERSION:=197
-PKG_RELEASE:=4
+PKG_RELEASE:=5
PKG_LICENSE:=LGPL-3.0-or-later
PKG_LICENSE_FILES:=README gpl.txt lgpl-3.0.txt
and Analog Devices ADUC70xx.
endef
+TARGET_CFLAGS += $(if $(CONFIG_USE_GLIBC),-lc -lgcc_eh)
+
define Package/lpc21isp/install
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/lpc21isp $(1)/usr/sbin/
PKG_NAME:=m4
PKG_VERSION:=1.4.18
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE_URL:=@GNU/m4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
--- /dev/null
+update for glibc libio.h removal in 2.28+
+
+see
+https://src.fedoraproject.org/rpms/m4/c/814d592134fad36df757f9a61422d164ea2c6c9b?branch=master
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=4af4a4a718]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+--- a/lib/fflush.c
++++ b/lib/fflush.c
+@@ -33,7 +33,7 @@
+ #undef fflush
+
+
+-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+
+ /* Clear the stream's ungetc buffer, preserving the value of ftello (fp). */
+ static void
+@@ -72,7 +72,7 @@ clear_ungetc_buffer (FILE *fp)
+
+ #endif
+
+-#if ! (defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */)
++#if ! (defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */)
+
+ # if (defined __sferror || defined __DragonFly__ || defined __ANDROID__) && defined __SNPT
+ /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Android */
+@@ -148,7 +148,7 @@ rpl_fflush (FILE *stream)
+ if (stream == NULL || ! freading (stream))
+ return fflush (stream);
+
+-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+
+ clear_ungetc_buffer_preserving_position (stream);
+
+--- a/lib/fpending.c
++++ b/lib/fpending.c
+@@ -32,7 +32,7 @@ __fpending (FILE *fp)
+ /* Most systems provide FILE as a struct and the necessary bitmask in
+ <stdio.h>, because they need it for implementing getc() and putc() as
+ fast macros. */
+-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+ return fp->_IO_write_ptr - fp->_IO_write_base;
+ #elif defined __sferror || defined __DragonFly__ || defined __ANDROID__
+ /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Android */
+--- a/lib/fpurge.c
++++ b/lib/fpurge.c
+@@ -62,7 +62,7 @@ fpurge (FILE *fp)
+ /* Most systems provide FILE as a struct and the necessary bitmask in
+ <stdio.h>, because they need it for implementing getc() and putc() as
+ fast macros. */
+-# if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++# if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+ fp->_IO_read_end = fp->_IO_read_ptr;
+ fp->_IO_write_ptr = fp->_IO_write_base;
+ /* Avoid memory leak when there is an active ungetc buffer. */
+--- a/lib/freadahead.c
++++ b/lib/freadahead.c
+@@ -25,7 +25,7 @@
+ size_t
+ freadahead (FILE *fp)
+ {
+-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+ if (fp->_IO_write_ptr > fp->_IO_write_base)
+ return 0;
+ return (fp->_IO_read_end - fp->_IO_read_ptr)
+--- a/lib/freading.c
++++ b/lib/freading.c
+@@ -31,7 +31,7 @@ freading (FILE *fp)
+ /* Most systems provide FILE as a struct and the necessary bitmask in
+ <stdio.h>, because they need it for implementing getc() and putc() as
+ fast macros. */
+-# if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++# if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+ return ((fp->_flags & _IO_NO_WRITES) != 0
+ || ((fp->_flags & (_IO_NO_READS | _IO_CURRENTLY_PUTTING)) == 0
+ && fp->_IO_read_base != NULL));
+--- a/lib/fseeko.c
++++ b/lib/fseeko.c
+@@ -47,7 +47,7 @@ fseeko (FILE *fp, off_t offset, int when
+ #endif
+
+ /* These tests are based on fpurge.c. */
+-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+ if (fp->_IO_read_end == fp->_IO_read_ptr
+ && fp->_IO_write_ptr == fp->_IO_write_base
+ && fp->_IO_save_base == NULL)
+@@ -123,7 +123,7 @@ fseeko (FILE *fp, off_t offset, int when
+ return -1;
+ }
+
+-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+ fp->_flags &= ~_IO_EOF_SEEN;
+ fp->_offset = pos;
+ #elif defined __sferror || defined __DragonFly__ || defined __ANDROID__
+--- a/lib/stdio-impl.h
++++ b/lib/stdio-impl.h
+@@ -18,6 +18,12 @@
+ the same implementation of stdio extension API, except that some fields
+ have different naming conventions, or their access requires some casts. */
+
++/* Glibc 2.28 made _IO_IN_BACKUP private. For now, work around this
++ problem by defining it ourselves. FIXME: Do not rely on glibc
++ internals. */
++#if !defined _IO_IN_BACKUP && defined _IO_EOF_SEEN
++# define _IO_IN_BACKUP 0x100
++#endif
+
+ /* BSD stdio derived implementations. */
+
PKG_NAME:=generate-ipv6-address
PKG_VERSION:=0.1
-PKG_RELEASE:=1
+PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE:=generate-ipv6-address-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.irif.fr/~jch/software/files/
PKG_NAME:=miredo
PKG_VERSION:=1.2.6
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=miredo-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://www.remlab.net/files/miredo/
---- a/libteredo/debug.h 2009-02-28 23:17:14.000000000 +0300
-+++ b/libteredo/debug.h 2019-04-07 01:46:48.235087395 +0300
-@@ -43,8 +43,10 @@
+--- a/libteredo/debug.h
++++ b/libteredo/debug.h
+@@ -43,8 +43,10 @@ static inline void debug (const char *st
# ifdef __linux__
# include <errno.h>
# include <assert.h>
static inline int
d_pthread_mutex_init (pthread_mutex_t *mutex, pthread_mutexattr_t *pattr)
-@@ -57,7 +59,7 @@
+@@ -57,7 +59,7 @@ d_pthread_mutex_init (pthread_mutex_t *m
pthread_mutexattr_init (&attr);
}
---- a/libtun6/tun6.c 2012-09-12 17:03:59.000000000 +0400
-+++ b/libtun6/tun6.c 2019-04-07 02:21:07.439952535 +0300
+--- a/libtun6/tun6.c
++++ b/libtun6/tun6.c
@@ -53,7 +53,7 @@
const char os_driver[] = "Linux";
# define USE_LINUX 1
/*
* <linux/ipv6.h> conflicts with <netinet/in.h> and <arpa/inet.h>,
* so we've got to declare this structure by hand.
-@@ -65,7 +65,7 @@
+@@ -65,7 +65,7 @@ struct in6_ifreq {
};
# include <net/route.h> // struct in6_rtmsg
typedef struct
{
-
---- a/include/gettext.h 2012-09-12 16:57:52.000000000 +0400
-+++ b/include/gettext.h 2019-04-07 01:11:52.492519796 +0300
-@@ -182,7 +182,7 @@
+--- a/include/gettext.h
++++ b/include/gettext.h
+@@ -182,7 +182,7 @@ npgettext_aux (const char *domain,
(((__GNUC__ >= 3 || __GNUG__ >= 2) && !defined(__STRICT_ANSI__)) \
/* || __STDC_VERSION__ >= 199901L */ )
#include <stdlib.h>
#endif
-@@ -206,7 +206,7 @@
+@@ -206,7 +206,7 @@ dcpgettext_expr (const char *domain,
size_t msgctxt_len = strlen (msgctxt) + 1;
size_t msgid_len = strlen (msgid) + 1;
const char *translation;
char msg_ctxt_id[msgctxt_len + msgid_len];
#else
char buf[1024];
-@@ -221,7 +221,7 @@
+@@ -221,7 +221,7 @@ dcpgettext_expr (const char *domain,
msg_ctxt_id[msgctxt_len - 1] = '\004';
memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len);
translation = dcgettext (domain, msg_ctxt_id, category);
if (msg_ctxt_id != buf)
free (msg_ctxt_id);
#endif
-@@ -252,7 +252,7 @@
+@@ -252,7 +252,7 @@ dcnpgettext_expr (const char *domain,
size_t msgctxt_len = strlen (msgctxt) + 1;
size_t msgid_len = strlen (msgid) + 1;
const char *translation;
char msg_ctxt_id[msgctxt_len + msgid_len];
#else
char buf[1024];
-@@ -267,7 +267,7 @@
+@@ -267,7 +267,7 @@ dcnpgettext_expr (const char *domain,
msg_ctxt_id[msgctxt_len - 1] = '\004';
memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len);
translation = dcngettext (domain, msg_ctxt_id, msgid_plural, n, category);
--- /dev/null
+From: Tomasz Buchert <tomasz@debian.org>
+Date: Fri, 6 Feb 2015 11:33:20 +0100
+Subject: Fix reproducibility issues
+
+We replace unreproducible CC macros with
+N/A placeholders. This fixes #776716.
+---
+ src/main.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/src/main.c
++++ b/src/main.c
+@@ -92,10 +92,11 @@ miredo_version (void)
+ #ifndef VERSION
+ # define VERSION "unknown version"
+ #endif
++ const char* UNKNOWN = "N/A";
+ printf (_("Miredo: Teredo IPv6 tunneling software %s (%s)\n"
+ " built %s on %s (%s)\n"),
+- VERSION, PACKAGE_HOST, __DATE__,
+- PACKAGE_BUILD_HOSTNAME, PACKAGE_BUILD);
++ VERSION, UNKNOWN, UNKNOWN,
++ UNKNOWN, UNKNOWN);
+ printf (_("Configured with: %s\n"), PACKAGE_CONFIGURE_INVOCATION);
+ puts (_("Written by Remi Denis-Courmont.\n"));
+
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=antfs
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_URL:=https://github.com/klukonin/antfs.git
PKG_SOURCE_PROTO:=git
--- /dev/null
+diff --git a/file.c b/file.c
+index 105e41c..98d5204 100644
+--- a/file.c
++++ b/file.c
+@@ -625,6 +625,9 @@ static int antfs_readpages(struct file *file, struct address_space *mapping,
+ unsigned page_idx = nr_pages;
+ pgoff_t page_idx_to_init;
+ bool do_init_page = false;
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
++ DEFINE_READAHEAD(rac, file, mapping, 0);
++#endif
+
+ if (page_offs & (buffer_len - 1)) {
+ /* If initialized size is not on buffer boundary, walk
+@@ -660,8 +663,13 @@ static int antfs_readpages(struct file *file, struct address_space *mapping,
+ }
+ }
+
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
++ mpage_readahead(&rac, antfs_get_block);
++ err = 0;
++#else
+ err = mpage_readpages(mapping, pages, nr_pages,
+ antfs_get_block);
++#endif
+ if (!err && do_init_page) {
+ /* Initialize stuff past initialized_size with zero. */
+ page = grab_cache_page(mapping, page_idx_to_init);
+diff --git a/libntfs-3g/misc.c b/libntfs-3g/misc.c
+index b3ec53a..c5a94de 100644
+--- a/libntfs-3g/misc.c
++++ b/libntfs-3g/misc.c
+@@ -38,7 +38,11 @@ void *ntfs_malloc(size_t size)
+ return kmalloc(size, GFP_KERNEL);
+ }
+
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
++ return __vmalloc(size, GFP_KERNEL);
++#else
+ return __vmalloc(size, GFP_KERNEL, PAGE_KERNEL);
++#endif
+ }
+
+ /**
+--
+2.30.0
+
include $(TOPDIR)/rules.mk
PKG_NAME:=ksmbd
-PKG_VERSION:=3.3.1
+PKG_VERSION:=3.3.4
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/cifsd-team/cifsd/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=bfee16468ef8c0ed35c07ed5c507826fdb33d4b934c0ec706ade439711f0985a
+PKG_HASH:=4f8b7610ba084f6813cbb85bb6c07af50ba542e928c370e79022039fa027bc9a
PKG_MAINTAINER:=Andy Walsh <andy.walsh44+github@gmail.com>
PKG_LICENSE:=GPL-2.0-or-later
PKG_NAME:=macremapper
PKG_VERSION:=1.1.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/ewsi/$(PKG_NAME)/tar.gz/v$(PKG_VERSION)?
--- /dev/null
+From 6126f8efebf659708245ba99df6b85d7c1260668 Mon Sep 17 00:00:00 2001
+From: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
+Date: Sun, 31 Jan 2021 20:53:32 -0800
+Subject: [PATCH] mrm_ctlfile.c: compatibility with linux >= 5.6
+
+Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
+---
+ kernelmod/mrm_ctlfile.c | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/kernelmod/mrm_ctlfile.c b/kernelmod/mrm_ctlfile.c
+index 85a8bf9..ca8e7d8 100644
+--- a/kernelmod/mrm_ctlfile.c
++++ b/kernelmod/mrm_ctlfile.c
+@@ -13,6 +13,7 @@
+ #include "./macremapper_ioctl.h"
+ #include "./bufprintf.h"
+
++#include <linux/version.h>
+ #include <linux/proc_fs.h>
+ #include <linux/uaccess.h>
+ #include <linux/mutex.h>
+@@ -80,13 +81,14 @@ mrm_handle_read(struct file *f, char __user *buf, size_t size, loff_t *off) {
+ }
+
+ static long
+-mrm_handle_ioctl(struct file *f, unsigned int type, void __user *param) {
++mrm_handle_ioctl(struct file *f, unsigned int type, unsigned long arg) {
+ union {
+ struct mrm_filter_config filt_conf;
+ struct mrm_remap_entry remap_entry;
+ unsigned count;
+ } u;
+ int rv;
++ void __user *param = (void __user *)arg;
+
+ mutex_lock(&_ctrl_mutex);
+
+@@ -159,6 +161,14 @@ fail_fault:
+ }
+
+
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 6, 0)
++static const struct proc_ops _fops = {
++ .proc_open = mrm_handle_open,
++ .proc_release = mrm_handle_release,
++ .proc_read = mrm_handle_read,
++ .proc_ioctl = mrm_handle_ioctl,
++};
++#else
+ static const struct file_operations _fops = {
+ owner: THIS_MODULE,
+ open: &mrm_handle_open,
+@@ -166,6 +176,7 @@ static const struct file_operations _fops = {
+ read: &mrm_handle_read,
+ unlocked_ioctl: (void*)&mrm_handle_ioctl,
+ };
++#endif
+
+ int mrm_init_ctlfile( void ) {
+ struct proc_dir_entry *pde;
+--
+2.30.0
+
PKG_NAME:=erlang
PKG_VERSION:=23.0
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE:=otp_src_$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:= http://www.erlang.org/download/
HOST_CONFIGURE_ARGS += \
--disable-hipe \
+ --disable-pgo \
--disable-smp-support \
--without-javac
-HOST_CFLAGS += -D_GNU_SOURCE
-
-define Host/Compile
- $(MAKE) -C $(HOST_BUILD_DIR) all
-endef
-
-define Host/Install
- $(MAKE) -C $(HOST_BUILD_DIR) install
-endef
-
-
# Target
CONFIGURE_ARGS += \
include $(TOPDIR)/rules.mk
GO_VERSION_MAJOR_MINOR:=1.15
-GO_VERSION_PATCH:=6
+GO_VERSION_PATCH:=7
PKG_NAME:=golang
PKG_VERSION:=$(GO_VERSION_MAJOR_MINOR)$(if $(GO_VERSION_PATCH),.$(GO_VERSION_PATCH))
PKG_SOURCE:=go$(PKG_VERSION).src.tar.gz
PKG_SOURCE_URL:=$(GO_SOURCE_URLS)
-PKG_HASH:=890bba73c5e2b19ffb1180e385ea225059eb008eb91b694875dd86ea48675817
+PKG_HASH:=8631b3aafd8ecb9244ec2ffb8a2a8b4983cf4ad15572b9801f7c5b167c1a2abc
PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
PKG_LICENSE:=BSD-3-Clause
SECTION:=lang
CATEGORY:=Languages
TITLE:=LuaLanes
- URL:=http://luaforge.net/projects/lanes/
+ URL:=http://lualanes.github.io/lanes/
DEPENDS:=+lua +luac +liblua +libpthread
MAINTAINER:=Vladimir Malyutin <first-leon@yandex.ru>
endef
define Package/lualanes/description
- Lanes is a lightweight, native, lazy evaluating multithreading library for Lua 5.1 and 5.2.
+ Lua Lanes is a Lua extension library providing the possibility to run
+multiple Lua states in parallel. It is intended to be used for optimizing
+performance on multicore CPU's and to study ways to make Lua programs
+naturally parallel to begin with.
+
+Lanes is included into your software by the regular require "lanes" method.
+No C side programming is needed; all APIs are Lua side, and most existing
+extension modules should work seamlessly together with the multiple lanes.
+
+Lanes supports Lua 5.1, 5.2 and 5.3
endef
define Build/Compile
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=lyaml
+PKG_VERSION:=6.2.7
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/gvvaughan/lyaml/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=9bb489cefae48b150d66f6bab4141d8d5831fcb7465bfc52a9845fa01efc63b0
+
+PKG_MAINTAINER:=Mathew McBride <matt@traverse.com.au>
+PKG_LICENSE:=MIT
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_BUILD_DEPENDS:=lua/host luarocks/host
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/lyaml
+ SUBMENU:=Lua
+ SECTION:=lang
+ CATEGORY:=Languages
+ TITLE:=Lua lib-yaml bindings
+ URL:=https://github.com/gvvaughan/lyaml
+ DEPENDS:= +lua +libyaml
+endef
+
+define Package/lyaml/description
+ Lua bindings for libyaml
+endef
+
+TARGET_CFLAGS += \
+ -I$(STAGING_DIR)/usr/include
+
+# Note: the duplicate environment exports are not a typo!
+# First is for luarocks, then the second is for the compilation
+# invoked by luarocks
+# (Same setup as luaposix)
+define Build/Compile
+ cd $(PKG_BUILD_DIR) && \
+ LUA_LIBDIR=$(STAGING_DIR)/usr/lib/lua \
+ LUA_PKGNAME=lua5.1 \
+ CFLAGS="$(TARGET_CFLAGS) $(FPIC)" \
+ LDFLAGS="$(TARGET_LDFLAGS)" \
+ CC="$(TARGET_CC)" LD="$(TARGET_CC)" \
+ luarocks make --pack-binary-rock lyaml-$(PKG_VERSION)-1.rockspec \
+ LUA_LIBDIR=$(STAGING_DIR)/usr/lib/lua \
+ YAML_DIR=$(STAGING_DIR)/usr \
+ LUA_INCDIR=$(STAGING_DIR)/usr/include \
+ LUA_PKGNAME=lua5.1 \
+ CFLAGS="$(TARGET_CFLAGS) $(FPIC)" \
+ LDFLAGS="$(TARGET_LDFLAGS)" \
+ CC="$(TARGET_CC)" LD="$(TARGET_CC)"
+endef
+
+define Package/lyaml/install
+ $(INSTALL_DIR) $(1)/usr/lib/lua/lyaml
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/linux/yaml.so $(1)/usr/lib/lua/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/lib/lyaml/*.lua $(1)/usr/lib/lua/lyaml/
+endef
+
+$(eval $(call BuildPackage,lyaml))
PKG_NPM_NAME:=node-hid
PKG_NAME:=$(PKG_NPM_NAME)
-PKG_VERSION:=1.3.2
+PKG_VERSION:=2.1.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NPM_NAME)-$(PKG_VERSION).tgz
PKG_SOURCE_URL:=https://registry.npmjs.org/$(PKG_NPM_NAME)/-/
-PKG_HASH:=dce3ff3380d2ad66078ba77498e49693582437ba94bb84229f146e893fa4ed9a
+PKG_HASH:=6c1f05935215feed4e8d2f4aecf31abbad8fa783d252b0bd6041ed2f2e96e9ba
PKG_BUILD_DEPENDS:=node/host
PKG_USE_MIPS16:=0
SECTION:=lang
CATEGORY:=Languages
TITLE:=Node.js package to access HID devices
- URL:=https://github.com/node-hid/node-hid
- DEPENDS:=+node +node-npm +libusb-1.0 +hidapi +libudev $(ICONV_DEPENDS)
+ URL:=https://www.npmjs.com/package/node-hid
+ DEPENDS:=+node +node-npm +libusb-1.0 +libudev $(ICONV_DEPENDS)
endef
define Package/node-hid/description
TARGET_LDFLAGS+=$(if $(ICONV_FULL),-liconv)
define Build/Compile
- git init $(PKG_BUILD_DIR)
+ GYP_DEFINES='driver="hidraw"' \
$(MAKE_VARS) \
$(MAKE_FLAGS) \
npm_config_arch=$(NODEJS_CPU) \
define Package/node-hid/install
$(INSTALL_DIR) $(1)/usr/lib/node/$(PKG_NPM_NAME)
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/node_modules/$(PKG_NPM_NAME)/{package.json,*.md} \
- $(1)/usr/lib/node/$(PKG_NPM_NAME)/
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/node_modules/$(PKG_NPM_NAME)/{binding.gyp,*.js} \
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/node_modules/$(PKG_NPM_NAME)/{package.json,*.md,*.js} \
$(1)/usr/lib/node/$(PKG_NPM_NAME)/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/node_modules/$(PKG_NPM_NAME)/{node_modules,src} \
$(1)/usr/lib/node/$(PKG_NPM_NAME)/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/node_modules/$(PKG_NPM_NAME)/build/Release/HID*.node \
$(1)/usr/lib/node/$(PKG_NPM_NAME)/build/Release/
$(INSTALL_DIR) $(1)/usr/bin
- $(LN) ../lib/node/node-hid/src/show-devices.js $(1)/usr/bin/hid-showdevices
+ $(LN) ../lib/node/$(PKG_NPM_NAME)/src/show-devices.js $(1)/usr/bin/hid-showdevices
endef
$(eval $(call BuildPackage,node-hid))
-diff -urN a/hidapi/linux/hid.c b/hidapi/linux/hid.c
---- a/hidapi/linux/hid.c 1985-10-26 17:15:00.000000000 +0900
-+++ b/hidapi/linux/hid.c 2019-12-12 11:15:11.164454207 +0900
+--- a/hidapi/linux/hid.c
++++ b/hidapi/linux/hid.c
@@ -24,6 +24,7 @@
/* C */
#include <stdio.h>
PKG_NPM_NAME:=homebridge
PKG_NAME:=node-$(PKG_NPM_NAME)
-PKG_VERSION:=1.2.3
+PKG_VERSION:=1.2.4
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NPM_NAME)-$(PKG_VERSION).tgz
PKG_SOURCE_URL:=https://registry.npmjs.org/$(PKG_NPM_NAME)/-/
-PKG_HASH:=80f1bbd2021942f4ec47d662f9ec208ca7fb7490d981cdc409f19809604cb592
+PKG_HASH:=f91ab0058707a0498d97d87f45f19682065f80660fac942e0985caf9bb205f2a
PKG_BUILD_DEPENDS:=node/host
PKG_USE_MIPS16:=0
$(CP) $(PKG_INSTALL_DIR)/usr/lib/node_modules/$(PKG_NPM_NAME)/{LICENSE,bin} \
$(1)/usr/lib/node/$(PKG_NPM_NAME)/
$(INSTALL_DIR) $(1)/usr/bin
- $(LN) ../lib/node/homebridge/bin/homebridge $(1)/usr/bin/homebridge
+ $(LN) ../lib/node/$(PKG_NPM_NAME)/bin/homebridge $(1)/usr/bin/homebridge
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/homebridge.init $(1)/etc/init.d/homebridge
endef
--- a/lib/pluginManager.js
+++ b/lib/pluginManager.js
-@@ -324,6 +324,7 @@
+@@ -324,6 +324,7 @@ class PluginManager {
else {
this.searchPaths.add("/usr/local/lib/node_modules");
this.searchPaths.add("/usr/lib/node_modules");
PKG_NPM_NAME:=javascript-obfuscator
PKG_NAME:=node-$(PKG_NPM_NAME)
-PKG_VERSION:=1.9.0
+PKG_VERSION:=2.9.4
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NPM_NAME)-$(PKG_VERSION).tgz
PKG_SOURCE_URL:=https://registry.npmjs.org/$(PKG_NPM_NAME)/-/
-PKG_HASH:=f3e951167cc56c6be2f82fa1c767ee9d28c30d75585c98fb10a57fa73219e8c1
+PKG_HASH:=db443ed7c07a7a111352dac4aa7c6edd7969f97386f37c1cfe884d5a8c5f5408
PKG_BUILD_DEPENDS:=node/host
HOST_BUILD_PARALLEL:=1
PKG_NPM_SCOPE:=serialport
PKG_NPM_NAME:=bindings
PKG_NAME:=node-$(PKG_NPM_SCOPE)-$(PKG_NPM_NAME)
-PKG_VERSION:=9.0.2
+PKG_VERSION:=9.0.4
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NPM_NAME)-$(PKG_VERSION).tgz
PKG_SOURCE_URL:=https://registry.npmjs.org/@$(PKG_NPM_SCOPE)/$(PKG_NPM_NAME)/-/
-PKG_HASH:=03e28d0ef191f3e3f2cf9215c2f2f43106e85638a8d3bd210127781cb73ed50a
+PKG_HASH:=aec200860bd175e4b14b4ab1aa56a5f750172b6c8e20ccb234846206395848d4
PKG_BUILD_DEPENDS:=node/host
PKG_USE_MIPS16:=0
npm_config_prefix=$(PKG_INSTALL_DIR)/usr/ \
npm_config_cache=$(TMP_DIR)/npm-cache-$(TMPNPM) \
npm_config_tmp=$(TMP_DIR)/npm-tmp-$(TMPNPM) \
- npm install -g --build-from-source $(PKG_BUILD_DIR)
+ npm install -g $(PKG_BUILD_DIR)
rm -rf $(TMP_DIR)/npm-tmp-$(TMPNPM)
rm -rf $(TMP_DIR)/npm-cache-$(TMPNPM)
endef
PKG_NPM_NAME:=serialport
PKG_NAME:=node-$(PKG_NPM_NAME)
-PKG_VERSION:=9.0.2
+PKG_VERSION:=9.0.4
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NPM_NAME)-$(PKG_VERSION).tgz
PKG_SOURCE_URL:=https://registry.npmjs.org/$(PKG_NPM_NAME)/-/
-PKG_HASH:=5f4cef3ec85accc8ad3d2ba75654fca4270e4a00d01729c4c4bcb895a3fdb5d6
+PKG_HASH:=e19fe993ad16ae0e03fc42e24cfe4babf8fd90f8358e1885d5e216277dda1086
PKG_BUILD_DEPENDS:=node/host
PKG_USE_MIPS16:=0
npm_config_prefix=$(PKG_INSTALL_DIR)/usr/ \
npm_config_cache=$(TMP_DIR)/npm-cache-$(TMPNPM) \
npm_config_tmp=$(TMP_DIR)/npm-tmp-$(TMPNPM) \
- npm install -g --build-from-source $(PKG_BUILD_DIR)
+ npm install -g $(PKG_BUILD_DIR)
rm -rf $(TMP_DIR)/npm-tmp-$(TMPNPM)
rm -rf $(TMP_DIR)/npm-cache-$(TMPNPM)
endef
--- /dev/null
+--- a/package.json
++++ b/package.json
+@@ -46,7 +46,6 @@
+ ],
+ "dependencies": {
+ "@serialport/binding-mock": "^9.0.2",
+- "@serialport/bindings": "^9.0.4",
+ "@serialport/parser-byte-length": "^9.0.1",
+ "@serialport/parser-cctalk": "^9.0.1",
+ "@serialport/parser-delimiter": "^9.0.1",
+++ /dev/null
---- a/package.json
-+++ b/package.json
-@@ -46,7 +46,6 @@
- ],
- "dependencies": {
- "@serialport/binding-mock": "^9.0.2",
-- "@serialport/bindings": "^9.0.2",
- "@serialport/parser-byte-length": "^9.0.1",
- "@serialport/parser-cctalk": "^9.0.1",
- "@serialport/parser-delimiter": "^9.0.1",
include $(TOPDIR)/rules.mk
PKG_NAME:=node
-PKG_VERSION:=v14.15.1
+PKG_VERSION:=v14.15.4
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://nodejs.org/dist/$(PKG_VERSION)
-PKG_HASH:=0161436846f7578938ad87af197e0cf112452232723227f88d5a0efc34dec1bc
+PKG_HASH:=adb7ecf66c74b52a14a08cc22bb0f9aedc157cac1ac93240f7f455e8c8edec9c
PKG_MAINTAINER:=Hirokazu MORIKAWA <morikw2@gmail.com>, Adrian Panella <ianchi74@outlook.com>
PKG_LICENSE:=MIT
--- a/lib/internal/modules/cjs/loader.js
+++ b/lib/internal/modules/cjs/loader.js
-@@ -1179,7 +1179,8 @@
+@@ -1179,7 +1179,8 @@ Module._initPaths = function() {
path.resolve(process.execPath, '..') :
path.resolve(process.execPath, '..', '..');
-diff -urN a/deps/v8/src/base/platform/condition-variable.cc b/deps/v8/src/base/platform/condition-variable.cc
---- a/deps/v8/src/base/platform/condition-variable.cc 2020-09-30 01:58:13.000000000 +0900
-+++ b/deps/v8/src/base/platform/condition-variable.cc 2020-10-06 09:04:33.341499270 +0900
-@@ -16,7 +16,7 @@
+--- a/deps/v8/src/base/platform/condition-variable.cc
++++ b/deps/v8/src/base/platform/condition-variable.cc
+@@ -16,7 +16,7 @@ namespace base {
ConditionVariable::ConditionVariable() {
#if (V8_OS_FREEBSD || V8_OS_NETBSD || V8_OS_OPENBSD || \
// On Free/Net/OpenBSD and Linux with glibc we can change the time
// source for pthread_cond_timedwait() to use the monotonic clock.
pthread_condattr_t attr;
-@@ -92,7 +92,7 @@
+@@ -92,7 +92,7 @@ bool ConditionVariable::WaitFor(Mutex* m
&native_handle_, &mutex->native_handle(), &ts);
#else
#if (V8_OS_FREEBSD || V8_OS_NETBSD || V8_OS_OPENBSD || \
// On Free/Net/OpenBSD and Linux with glibc we can change the time
// source for pthread_cond_timedwait() to use the monotonic clock.
result = clock_gettime(CLOCK_MONOTONIC, &ts);
-diff -urN a/deps/v8/src/base/platform/platform-posix.cc b/deps/v8/src/base/platform/platform-posix.cc
---- a/deps/v8/src/base/platform/platform-posix.cc 2020-09-30 01:58:13.000000000 +0900
-+++ b/deps/v8/src/base/platform/platform-posix.cc 2020-10-06 09:04:33.341499270 +0900
-@@ -823,7 +823,7 @@
+--- a/deps/v8/src/base/platform/platform-posix.cc
++++ b/deps/v8/src/base/platform/platform-posix.cc
+@@ -823,7 +823,7 @@ bool Thread::Start() {
#if V8_OS_MACOSX
// Default on Mac OS X is 512kB -- bump up to 1MB
stack_size = 1 * 1024 * 1024;
// Default on AIX is 96kB -- bump up to 2MB
stack_size = 2 * 1024 * 1024;
#endif
-diff -urN a/deps/v8/src/codegen/external-reference-table.cc b/deps/v8/src/codegen/external-reference-table.cc
---- a/deps/v8/src/codegen/external-reference-table.cc 2020-09-30 01:58:13.000000000 +0900
-+++ b/deps/v8/src/codegen/external-reference-table.cc 2020-10-06 09:04:33.345499241 +0900
+--- a/deps/v8/src/codegen/external-reference-table.cc
++++ b/deps/v8/src/codegen/external-reference-table.cc
@@ -9,7 +9,7 @@
#include "src/ic/stub-cache.h"
#include "src/logging/counters.h"
--- a/tools/gyp/pylib/gyp/generator/make.py
+++ b/tools/gyp/pylib/gyp/generator/make.py
-@@ -180,7 +180,7 @@
+@@ -180,7 +180,7 @@ cmd_solink_module = $(LINK.$(TOOLSET)) -
LINK_COMMANDS_MAC = """\
quiet_cmd_alink = LIBTOOL-STATIC $@
'dependencies': [ 'icutools' ],
'sources': [
'<@(icu_src_genccode)',
---- a/tools/v8_gypfiles/v8.gyp 2019-06-27 19:12:20.000000000 +0900
-+++ b/tools/v8_gypfiles/v8.gyp 2019-07-01 14:40:48.292020880 +0900
+--- a/tools/v8_gypfiles/v8.gyp
++++ b/tools/v8_gypfiles/v8.gyp
@@ -1310,6 +1310,7 @@
{
'target_name': 'bytecode_builtins_list_generator',
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the
-@@ -1026,13 +1027,6 @@
+@@ -1026,13 +1027,6 @@ function lookupAndConnect(self, options)
hints: options.hints || 0
};
include $(TOPDIR)/rules.mk
PKG_NAME:=perl-html-parser
-PKG_VERSION:=3.72
-PKG_RELEASE:=2
+PKG_VERSION:=3.75
+PKG_RELEASE:=1
-PKG_SOURCE_URL:=http://www.cpan.org/authors/id/G/GA/GAAS/
PKG_SOURCE:=HTML-Parser-$(PKG_VERSION).tar.gz
-PKG_HASH:=ec28c7e1d9e67c45eca197077f7cdc41ead1bb4c538c7f02a3296a4bb92f608b
+PKG_SOURCE_URL:=http://www.cpan.org/authors/id/C/CA/CAPOEIRAB
+PKG_HASH:=ac6b5e25a8df7af54885201e91c45fb9ab6744c08cedc1a38fcc7d95d21193a9
PKG_LICENSE:=GPL-1.0-or-later Artistic-1.0-Perl
PKG_MAINTAINER:=Marcel Denia <naoir@gmx.net>
PKG_CPE_ID:=cpe:/a:derrick_oswald:html-parser
PKG_BUILD_DIR:=$(BUILD_DIR)/perl/HTML-Parser-$(PKG_VERSION)
+HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/perl/HTML-Parser-$(PKG_VERSION)
+HOST_BUILD_DEPENDS:=perl/host
include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/host-build.mk
include ../perl/perlmod.mk
define Package/perl-html-parser
$(call perlmod/Install,$(1),HTML auto/HTML)
endef
+define Host/Configure
+ $(call perlmod/host/Configure,,,)
+endef
+
+define Host/Compile
+ $(call perlmod/host/Compile,,)
+endef
+
+define Host/Install
+ $(call perlmod/host/Install,$(1),)
+endef
$(eval $(call BuildPackage,perl-html-parser))
+$(eval $(call HostBuild))
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=perl-mail-spamassassin
+PKG_RELEASE:=3
+PKG_VERSION:=3.4.4
+PKG_HASH:=8ea27a165b81e3ce8c84ae85c3ecba1f2edfa04ef4a86f07fe28ab612fc8ff60
+
+PKG_SOURCE_NAME:=Mail-SpamAssassin
+PKG_SOURCE_URL:=@APACHE/spamassassin/source
+PKG_SOURCE:=$(PKG_SOURCE_NAME)-$(PKG_VERSION).tar.gz
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_SOURCE_NAME)-$(PKG_VERSION)
+PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
+PKG_LICENSE:=Apache-2.0
+PKG_LICENSE_FILES:=LICENSE
+PKG_CPE_ID:=cpe:/a:apache:spamassassin
+
+PKG_BUILD_DEPENDS:=perl-dbi/host perl-html-parser/host perl-net-dns/host perl-netaddr-ip/host
+PKG_INSTALL:=1
+PKG_SOURCE_VERSION:=$(PKG_VERSION)
+
+include $(INCLUDE_DIR)/package.mk
+include ../perl/perlmod.mk
+
+CONFIGURE_PATH:=spamc
+
+define Package/spamassassin
+ SECTION:=mail
+ CATEGORY:=Mail
+ TITLE:=SpamAssassin
+ URL:=https://spamassassin.apache.org/
+ DEPENDS:=perl +perlbase-autoloader +perlbase-config +perlbase-data +perlbase-digest \
+ +perlbase-encode +perlbase-essential +perlbase-file +perlbase-getopt \
+ +perlbase-hash +perlbase-mime +perlbase-net +perlbase-socket \
+ +perl-dbi +perl-html-parser +perl-net-dns +perl-netaddr-ip
+ VARIANT:=ssl
+endef
+
+define Package/spamc/Default
+ SECTION:=mail
+ CATEGORY:=Mail
+ TITLE:=SpamAssassin client binary
+ URL:=https://spamassassin.apache.org/
+ DEPENDS:=+zlib
+endef
+
+define Package/spamc
+ $(call Package/spamc/Default)
+ VARIANT:=nossl
+endef
+
+define Package/spamc-ssl
+ $(call Package/spamc/Default)
+ TITLE+= (with SSL)
+ DEPENDS+=+libopenssl
+ VARIANT:=ssl
+endef
+
+ifeq ($(BUILD_VARIANT),ssl)
+TARGET_CFLAGS += -DSPAMC_SSL
+CONFIGURE_ARGS += --enable-ssl
+endif
+
+define Package/spamassassin/conffiles
+/etc/mail/spamassassin
+endef
+
+define Build/Configure
+ $(call perlmod/Configure,,)
+ $(call Build/Configure/Default)
+ ( cd "$(PKG_BUILD_DIR)/$(CONFIGURE_PATH)" && ./version.h.pl --with-version=$(PKG_SOURCE_VERSION) )
+endef
+
+define Build/Compile
+ $(call perlmod/Compile,,)
+ $(call Build/Compile/Default,,,spamc)
+endef
+
+define Package/spamassassin/install
+ $(call perlmod/Install,$(1),Mail/SpamAssassin auto/Mail/SpamAssassin)
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sa-awl $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sa-learn $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sa-compile $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/spamassassin $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sa-update $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/spamd $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sa-check_spamd $(1)/usr/bin
+ $(INSTALL_DIR) $(1)/etc/mail/spamassassin
+ $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/mail/spamassassin/* $(1)/etc/mail/spamassassin
+endef
+
+define Package/spamc/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/spamc $(1)/usr/bin
+endef
+
+Package/spamc-ssl/install = $(Package/spamc/install)
+
+$(eval $(call BuildPackage,spamassassin))
+$(eval $(call BuildPackage,spamc))
+$(eval $(call BuildPackage,spamc-ssl))
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=perl-net-dns
+PKG_VERSION:=1.29
+PKG_RELEASE:=1
+
+PKG_SOURCE_NAME:=Net-DNS
+PKG_SOURCE:=$(PKG_SOURCE_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://www.net-dns.org/download
+PKG_HASH:=852d6ee87e8f0d014223026581cbb56924ba8cddd3ceb29c6191dbb6122d43c5
+PKG_BUILD_DIR:=$(BUILD_DIR)/perl/$(PKG_SOURCE_NAME)-$(PKG_VERSION)
+HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/perl/$(PKG_SOURCE_NAME)-$(PKG_VERSION)
+
+PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
+PKG_LICENSE:=MIT
+HOST_BUILD_DEPENDS:=perl/host
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/host-build.mk
+include ../perl/perlmod.mk
+
+define Package/perl-net-dns
+ SUBMENU:=Perl
+ SECTION:=lang
+ CATEGORY:=Languages
+ TITLE:=Net::DNS DNS resolver implemented in Perl
+ URL:=https://www.net-dns.org/
+ DEPENDS:=perl +perlbase-essential +perlbase-io
+endef
+
+define Build/Configure
+ $(call perlmod/Configure,,)
+endef
+
+define Build/Compile
+ $(call perlmod/Compile,,)
+endef
+
+define Package/perl-net-dns/install
+ $(call perlmod/Install,$(1),Net auto/Net)
+endef
+
+define Host/Configure
+ $(call perlmod/host/Configure,,,)
+endef
+
+define Host/Compile
+ $(call perlmod/host/Compile,,)
+endef
+
+define Host/Install
+ $(call perlmod/host/Install,$(1),)
+endef
+
+$(eval $(call BuildPackage,perl-net-dns))
+$(eval $(call HostBuild))
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=perl-netaddr-ip
+PKG_VERSION:=4.079
+PKG_RELEASE:=1
+
+PKG_SOURCE_NAME:=NetAddr-IP
+PKG_SOURCE_URL:=https://www.cpan.org/authors/id/M/MI/MIKER/
+PKG_SOURCE:=$(PKG_SOURCE_NAME)-$(PKG_VERSION).tar.gz
+PKG_HASH:=ec5a82dfb7028bcd28bb3d569f95d87dd4166cc19867f2184ed3a59f6d6ca0e7
+
+PKG_LICENSE:=GPL-2.0-or-later Artistic-1.0-Perl
+PKG_LICENSE_FILES:=Copying
+PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
+
+HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/perl/NetAddr-IP-$(PKG_VERSION)
+HOST_BUILD_DEPENDS:=perl/host
+PKG_BUILD_DIR:=$(BUILD_DIR)/perl/NetAddr-IP-$(PKG_VERSION)
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/host-build.mk
+include ../perl/perlmod.mk
+
+define Package/perl-netaddr-ip
+ SUBMENU:=Perl
+ SECTION:=lang
+ CATEGORY:=Languages
+ TITLE:=NetAddr::IP - Manages IPv4 and IPv6 addresses and subnets
+ URL:=http://search.cpan.org/dist/NetAddr::IP/
+ DEPENDS:=perl +perlbase-essential +perlbase-test
+endef
+
+define Host/Configure
+ $(call perlmod/host/Configure,-noxs,,)
+ $(call Host/Configure/Default,,,Lite/Util)
+endef
+
+define Host/Compile
+ $(call Host/Compile/Default,,,Lite/Util)
+ $(call perlmod/host/Compile,,)
+endef
+
+define Host/Install
+ $(call perlmod/host/Install,$(1),)
+endef
+
+define Build/Configure
+ $(call perlmod/Configure,-noxs,)
+ $(call Build/Configure/Default,,,Lite/Util)
+endef
+
+define Build/Compile
+ $(call Build/Compile/Default,,,Lite/Util)
+ $(call perlmod/Compile,,)
+endef
+
+define Package/perl-netaddr-ip/install
+ $(call perlmod/Install,$(1),NetAddr auto/NetAddr)
+endef
+
+$(eval $(call BuildPackage,perl-netaddr-ip))
+$(eval $(call HostBuild))
--- /dev/null
+#
+# Copyright (C) 2021 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=perl-try-tiny
+PKG_VERSION:=0.30
+PKG_RELEASE:=1
+
+PKG_SOURCE_URL:=https://cpan.metacpan.org/authors/id/E/ET/ETHER/
+PKG_SOURCE:=Try-Tiny-$(PKG_VERSION).tar.gz
+PKG_HASH:=da5bd0d5c903519bbf10bb9ba0cb7bcac0563882bcfe4503aee3fb143eddef6b
+PKG_BUILD_DIR:=$(BUILD_DIR)/perl/Try-Tiny-$(PKG_VERSION)
+
+PKG_MAINTAINER:=Matt Merhar <mattmerhar@protonmail.com>
+PKG_LICENSE:=MIT
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+include $(TOPDIR)/feeds/packages/lang/perl/perlmod.mk
+
+define Package/perl-try-tiny
+ SUBMENU:=Perl
+ SECTION:=lang
+ CATEGORY:=Languages
+ TITLE:=Minimal try/catch with proper preservation of $$$$@
+ URL:=https://metacpan.org/pod/Try::Tiny
+ DEPENDS:=perl +perlbase-essential
+endef
+
+define Build/Configure
+ $(call perlmod/Configure,,)
+endef
+
+define Build/Compile
+ $(call perlmod/Compile,,)
+endef
+
+define Package/perl-try-tiny/install
+ $(call perlmod/Install,$(1),Try auto/Try)
+endef
+
+$(eval $(call BuildPackage,perl-try-tiny))
PKG_NAME:=perl-www
PKG_VERSION:=6.43
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_URL:=https://cpan.metacpan.org/authors/id/O/OA/OALDERS
PKG_SOURCE:=libwww-perl-$(PKG_VERSION).tar.gz
CATEGORY:=Languages
TITLE:=WWW client/server library for Perl (aka LWP)
URL:=https://search.cpan.org/dist/libwww-perl/
- DEPENDS:=perl +perl-encode-locale +perl-file-listing +perl-html-parser +perl-http-cookies +perl-http-daemon +perl-http-date +perl-http-message +perl-http-negotiate +perl-lwp-mediatypes +perl-net-http +perl-uri +perl-www-robotrules +perlbase-base +perlbase-digest +perlbase-encode +perlbase-essential +perlbase-io +perlbase-mime +perlbase-net
+ DEPENDS:=perl +perl-encode-locale +perl-file-listing +perl-html-parser +perl-http-cookies +perl-http-daemon +perl-http-date +perl-http-message +perl-http-negotiate +perl-lwp-mediatypes +perl-net-http +perl-try-tiny +perl-uri +perl-www-robotrules +perlbase-base +perlbase-digest +perlbase-encode +perlbase-essential +perlbase-io +perlbase-mime +perlbase-net
endef
define Build/Configure
include $(INCLUDE_DIR)/nls.mk
include ../php7/pecl.mk
-$(eval $(call PECLPackage,$(PECL_NAME),$(PECL_LONGNAME)))
+$(eval $(call PHP7PECLPackage,$(PECL_NAME),$(PECL_LONGNAME)))
$(eval $(call BuildPackage,$(PKG_NAME)))
--with-http-libidnkit-dir=no \
--with-http-libidnkit2-dir=no
-$(eval $(call PECLPackage,http,$(PECL_LONGNAME),+icu +libcurl +librt +libevent2 +PACKAGE_libidn:libidn +libidn2 +php7-mod-iconv +php7-mod-session +php7-pecl-raphf +php7-pecl-propro,30))
+$(eval $(call PHP7PECLPackage,http,$(PECL_LONGNAME),+icu +libcurl +librt +libevent2 +PACKAGE_libidn:libidn +libidn2 +php7-mod-iconv +php7-mod-session +php7-pecl-raphf +php7-pecl-propro,30))
$(eval $(call BuildPackage,$(PKG_NAME)))
--- /dev/null
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PECL_NAME:=imagick
+PECL_LONGNAME:=Image Processing (ImageMagick binding)
+
+PKG_VERSION:=3.4.4
+PKG_RELEASE:=1
+PKG_HASH:=8dd5aa16465c218651fc8993e1faecd982e6a597870fd4b937e9ece02d567077
+
+PKG_NAME:=php7-pecl-imagick
+PKG_SOURCE:=$(PECL_NAME)-$(PKG_VERSION).tgz
+PKG_SOURCE_URL:=http://pecl.php.net/get/
+
+PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
+
+PKG_LICENSE:=PHP-3.01
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_BUILD_DEPENDS:=php7
+PKG_BUILD_DIR:=$(BUILD_DIR)/pecl-php7/$(PECL_NAME)-$(PKG_VERSION)
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/nls.mk
+include ../php7/pecl.mk
+
+$(eval $(call PHP7PECLPackage,imagick,$(PECL_LONGNAME),+imagemagick,30))
+$(eval $(call BuildPackage,$(PKG_NAME)))
--with-krb5=shared,"$(STAGING_DIR)/usr" \
--with-krb5config=$(STAGING_DIR)/usr/bin/krb5-config
-$(eval $(call PECLPackage,krb5,$(PECL_LONGNAME),+krb5-libs,30))
+$(eval $(call PHP7PECLPackage,krb5,$(PECL_LONGNAME),+krb5-libs,30))
$(eval $(call BuildPackage,$(PKG_NAME)))
CONFIGURE_ARGS+= --with-libevent=shared,"$(STAGING_DIR)/usr"
-$(eval $(call PECLPackage,$(PECL_NAME),$(PECL_LONGNAME),+libevent2 +php7-mod-sockets,25))
+$(eval $(call PHP7PECLPackage,$(PECL_NAME),$(PECL_LONGNAME),+libevent2 +php7-mod-sockets,25))
$(eval $(call BuildPackage,$(PKG_NAME)))
PECL_NAME:=mcrypt
PECL_LONGNAME:=Bindings for the libmcrypt library
-PKG_VERSION:=1.0.3
-PKG_RELEASE:=2
-PKG_HASH:=affd675843a079e9efd49ac2f723286dd5bcb0916315aa53e2ae5edd5eadb034
+PKG_VERSION:=1.0.4
+PKG_RELEASE:=1
+PKG_HASH:=98153e78958d7a48dcd0dcfe1fc3c16ec987121a0cb2d7c273d280ee7e4ea00d
PKG_NAME:=php7-pecl-mcrypt
PKG_SOURCE:=$(PECL_NAME)-$(PKG_VERSION).tgz
CONFIGURE_ARGS+= --with-mcrypt=shared,"$(STAGING_DIR)/usr"
-$(eval $(call PECLPackage,mcrypt,$(PECL_LONGNAME),+libmcrypt +libltdl,30))
+$(eval $(call PHP7PECLPackage,mcrypt,$(PECL_LONGNAME),+libmcrypt +libltdl,30))
$(eval $(call BuildPackage,$(PKG_NAME)))
PKG_BUILD_DIR:=$(BUILD_DIR)/pecl-php7/$(PECL_NAME)-$(PKG_VERSION)
PKG_BUILD_PARALLEL:=1
-#PKG_FIXUP:=autoreconf
-
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/nls.mk
include ../php7/pecl.mk
$(CP) $(PKG_BUILD_DIR)/php_propro_api.h $(STAGING_DIR)/usr/include/php7/ext/$(PECL_NAME)/
endef
-$(eval $(call PECLPackage,$(PECL_NAME),$(PECL_LONGNAME)))
+$(eval $(call PHP7PECLPackage,$(PECL_NAME),$(PECL_LONGNAME)))
$(eval $(call BuildPackage,$(PKG_NAME)))
cp $(PKG_BUILD_DIR)/php_raphf_api.h $(STAGING_DIR)/usr/include/php7/ext/$(PECL_NAME)/
endef
-$(eval $(call PECLPackage,$(PECL_NAME),$(PECL_LONGNAME)))
+$(eval $(call PHP7PECLPackage,$(PECL_NAME),$(PECL_LONGNAME)))
$(eval $(call BuildPackage,$(PKG_NAME)))
PECL_NAME:=redis
PECL_LONGNAME:=PHP extension for interfacing with Redis
-PKG_VERSION:=5.3.1
+PKG_VERSION:=5.3.2
PKG_RELEASE:=1
-PKG_HASH:=7c29e49c5cbc6b54ccccc00b44fac4d3ed9895e5718fcf62a5b06281dda8809d
+PKG_HASH:=f4e92de628abcb917cdc810df045ca3fa0f2af34673eaa2a03350e3c5c5fdab1
PKG_NAME:=php7-pecl-redis
PKG_SOURCE:=$(PECL_NAME)-$(PKG_VERSION).tgz
--disable-redis-lzf \
--disable-redis-msgpack
-$(eval $(call PECLPackage,$(PECL_NAME),$(PECL_LONGNAME),+php7-mod-json +php7-mod-session,25))
+$(eval $(call PHP7PECLPackage,$(PECL_NAME),$(PECL_LONGNAME),+php7-mod-json +php7-mod-session,25))
$(eval $(call BuildPackage,$(PKG_NAME)))
include $(TOPDIR)/rules.mk
PKG_NAME:=php
-PKG_VERSION:=7.4.13
-PKG_RELEASE:=2
+PKG_VERSION:=7.4.14
+PKG_RELEASE:=1
PKG_MAINTAINER:=Michael Heimpold <mhei@heimpold.de>
PKG_LICENSE:=PHP-3.01
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://www.php.net/distributions/
-PKG_HASH:=aead303e3abac23106529560547baebbedba0bb2943b91d5aa08fff1f41680f4
+PKG_HASH:=f9f3c37969fcd9006c1dbb1dd76ab53f28c698a1646fa2dde8547c3f45e02886
PKG_BUILD_PARALLEL:=1
PKG_USE_MIPS16:=0
include $(INCLUDE_DIR)/nls.mk
define Package/php7/Default
- SUBMENU:=PHP
+ SUBMENU:=PHP7
SECTION:=lang
CATEGORY:=Languages
TITLE:=PHP7 Hypertext preprocessor
ifneq ($(SDK)$(CONFIG_PACKAGE_php7-mod-imap),)
CONFIGURE_ARGS+= \
- --with-imap=shared,"$(STAGING_DIR)/usr" \
- --with-kerberos=no \
- --with-imap-ssl="$(STAGING_DIR)/usr"
+ --with-imap=shared,"$(STAGING_DIR)/usr" \
+ --with-kerberos=no \
+ --with-imap-ssl="$(STAGING_DIR)/usr"
else
CONFIGURE_ARGS+= --without-imap
endif
#
define Package/php7-pecl/Default
- SUBMENU:=PHP
+ SUBMENU:=PHP7
SECTION:=lang
CATEGORY:=Languages
URL:=http://pecl.php.net/
define Build/Prepare
$(Build/Prepare/Default)
- ( cd $(PKG_BUILD_DIR); $(STAGING_DIR)/usr/bin/phpize7 )
+ $(if $(QUILT),,( cd $(PKG_BUILD_DIR); $(STAGING_DIR)/usr/bin/phpize7 ))
endef
CONFIGURE_VARS+= \
- ac_cv_c_bigendian_php=$(if $(CONFIG_BIG_ENDIAN),yes,no)
+ ac_cv_c_bigendian_php=$(if $(CONFIG_BIG_ENDIAN),yes,no)
CONFIGURE_ARGS+= \
--with-php-config=$(STAGING_DIR)/usr/bin/php7-config
-define PECLPackage
+define PHP7PECLPackage
define Package/php7-pecl-$(1)
$(call Package/php7-pecl/Default)
--- /dev/null
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=php
+PKG_VERSION:=8.0.2
+PKG_RELEASE:=1
+
+PKG_MAINTAINER:=Michael Heimpold <mhei@heimpold.de>
+PKG_LICENSE:=PHP-3.01
+PKG_LICENSE_FILES:=LICENSE
+PKG_CPE_ID:=cpe:/a:php:php
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_SOURCE_URL:=http://www.php.net/distributions/
+PKG_HASH:=84dd6e36f48c3a71ff5dceba375c1f6b34b71d4fa9e06b720780127176468ccc
+
+PKG_BUILD_PARALLEL:=1
+PKG_USE_MIPS16:=0
+
+PHP8_MODULES= \
+ bcmath \
+ calendar ctype curl \
+ dom \
+ exif \
+ fileinfo filter ftp \
+ gettext gd gmp \
+ iconv imap intl \
+ ldap \
+ mbstring mysqli mysqlnd \
+ opcache openssl \
+ pcntl pdo pdo-mysql pdo-pgsql pdo-sqlite pgsql phar \
+ session shmop simplexml snmp soap sockets sqlite3 sysvmsg sysvsem sysvshm \
+ tokenizer \
+ xml xmlreader xmlwriter \
+ zip
+
+PKG_CONFIG_DEPENDS:= \
+ $(patsubst %,CONFIG_PACKAGE_php8-mod-%,$(PHP8_MODULES)) \
+ CONFIG_PHP8_LIBXML CONFIG_PHP8_SYSTEMTZDATA
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/nls.mk
+
+define Package/php8/Default
+ SUBMENU:=PHP8
+ SECTION:=lang
+ CATEGORY:=Languages
+ TITLE:=PHP8 Hypertext preprocessor
+ URL:=http://www.php.net/
+ DEPENDS:=php8
+endef
+
+define Package/php8/Default/description
+ PHP is a widely-used general-purpose scripting language that is especially
+ suited for Web development and can be embedded into HTML.
+endef
+
+define Package/php8/config
+ config PHP8_LIBXML
+ bool "PHP8 LIBXML support"
+ depends on PACKAGE_php8-cli || PACKAGE_php8-cgi
+
+ config PHP8_SYSTEMTZDATA
+ bool "Use system timezone data instead of php's built-in database"
+ depends on PACKAGE_php8-cli || PACKAGE_php8-cgi
+ default y
+ help
+ Enabling this feature automatically selects the zoneinfo-core package
+ which contains data for UTC timezone. To use other timezones you have
+ to install the corresponding zoneinfo-... package(s).
+endef
+
+define Package/php8
+ $(call Package/php8/Default)
+
+ DEPENDS:=+libpcre2 +zlib \
+ +PHP8_LIBXML:libxml2 \
+ +PHP8_SYSTEMTZDATA:zoneinfo-core
+ CONFLICTS:=php7
+endef
+
+define Package/php8/description
+ $(call Package/php8/Default/description)
+ This package contains only the PHP config file. You must actually choose
+ your PHP flavour (cli, cgi or fastcgi).
+
+ Please note, that installing php5 and php8 in parallel on the same target
+ is not supported in OpenWrt/LEDE.
+endef
+
+define Package/php8-cli
+ $(call Package/php8/Default)
+ DEPENDS+= +PACKAGE_php8-mod-intl:libstdcpp
+ TITLE+= (CLI)
+endef
+
+define Package/php8-cli/description
+ $(call Package/php8/Default/description)
+ This package contains the CLI version of the PHP8 interpreter.
+endef
+
+define Package/php8-cgi
+ $(call Package/php8/Default)
+ DEPENDS+= +PACKAGE_php8-mod-intl:libstdcpp
+ TITLE+= (CGI & FastCGI)
+endef
+
+define Package/php8-cgi/description
+ $(call Package/php8/Default/description)
+ This package contains the CGI version of the PHP8 interpreter.
+endef
+
+define Package/php8-fastcgi
+ $(call Package/php8/Default)
+ DEPENDS+= +php8-cgi
+ TITLE:=FastCGI startup script
+endef
+
+define Package/php8-fastcgi/description
+ As FastCGI support is now a core feature the php8-fastcgi package now depends
+ on the php8-cgi package, containing just the startup script.
+endef
+
+define Package/php8-fpm
+ $(call Package/php8/Default)
+ DEPENDS+= +PACKAGE_php8-mod-intl:libstdcpp
+ TITLE+= (FPM)
+endef
+
+define Package/php8-fpm/description
+ $(call Package/php8/Default/description)
+ This package contains the FastCGI Process Manager of the PHP8 interpreter.
+endef
+
+define Package/php8-mod-intl/config
+ config PHP8_FULLICUDATA
+ bool "Add dependency to full ICU Data"
+ depends on PACKAGE_php8-mod-intl
+ default n
+endef
+
+define Package/php8-mod-intl/description
+ Note that this package depends in ICU library which is built without data
+ by default. This is to satisfy programs build and run dependencies but to
+ keep the installed footprint small on the target system(s).
+ However, the data is required to make the ICU library useful - and thus
+ directly affects PHPs ICU extension, too - so consider to also
+ select/install package 'icu-full-data'.
+endef
+
+# not everything groks --disable-nls
+DISABLE_NLS:=
+
+CONFIGURE_ARGS+= \
+ --enable-cli \
+ --enable-cgi \
+ --enable-fpm \
+ --enable-shared \
+ --disable-static \
+ --with-pic \
+ --disable-rpath \
+ --disable-debug \
+ --disable-phpdbg \
+ --without-pear \
+ \
+ --with-config-file-path=/etc \
+ --with-config-file-scan-dir=/etc/php8 \
+ --disable-short-tags \
+ \
+ --without-valgrind \
+ --with-external-pcre \
+ --with-zlib="$(STAGING_DIR)/usr"
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-bcmath),)
+ CONFIGURE_ARGS+= --enable-bcmath=shared
+else
+ CONFIGURE_ARGS+= --disable-bcmath
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-calendar),)
+ CONFIGURE_ARGS+= --enable-calendar=shared
+else
+ CONFIGURE_ARGS+= --disable-calendar
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-ctype),)
+ CONFIGURE_ARGS+= --enable-ctype=shared
+else
+ CONFIGURE_ARGS+= --disable-ctype
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-curl),)
+ CONFIGURE_ARGS+= --with-curl=shared
+else
+ CONFIGURE_ARGS+= --without-curl
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-dom),)
+ CONFIGURE_ARGS+= --enable-dom=shared
+else
+ CONFIGURE_ARGS+= --disable-dom
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-exif),)
+ CONFIGURE_ARGS+= --enable-exif=shared
+else
+ CONFIGURE_ARGS+= --disable-exif
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-fileinfo),)
+ CONFIGURE_ARGS+= --enable-fileinfo=shared,"$(STAGING_DIR)/usr"
+else
+ CONFIGURE_ARGS+= --disable-fileinfo
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-filter),)
+ CONFIGURE_ARGS+= --enable-filter=shared,"$(STAGING_DIR)/usr"
+else
+ CONFIGURE_ARGS+= --disable-filter
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-ftp),)
+ CONFIGURE_ARGS+= --enable-ftp=shared
+else
+ CONFIGURE_ARGS+= --disable-ftp
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-gd),)
+ CONFIGURE_ARGS+= \
+ --enable-gd=shared,"$(STAGING_DIR)/usr" \
+ --with-external-gd
+else
+ CONFIGURE_ARGS+= --disable-gd
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-gettext),)
+ CONFIGURE_ARGS+= --with-gettext=shared,"$(STAGING_DIR)/usr/lib/libintl-full"
+else
+ CONFIGURE_ARGS+= --without-gettext
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-gmp),)
+ CONFIGURE_ARGS+= --with-gmp=shared,"$(STAGING_DIR)/usr"
+else
+ CONFIGURE_ARGS+= --without-gmp
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-iconv),)
+ CONFIGURE_ARGS+= --with-iconv=shared,"$(ICONV_PREFIX)"
+else
+ CONFIGURE_ARGS+= --without-iconv
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-imap),)
+ CONFIGURE_ARGS+= \
+ --with-imap=shared,"$(STAGING_DIR)/usr" \
+ --with-kerberos=no \
+ --with-imap-ssl="$(STAGING_DIR)/usr"
+else
+ CONFIGURE_ARGS+= --without-imap
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-intl),)
+ CONFIGURE_ARGS+= --enable-intl=shared
+ TARGET_CXXFLAGS+= -std=c++0x
+else
+ CONFIGURE_ARGS+= --disable-intl
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-ldap),)
+ CONFIGURE_ARGS+= \
+ --with-ldap=shared,"$(STAGING_DIR)/usr" \
+ --with-ldap-sasl
+else
+ CONFIGURE_ARGS+= --without-ldap
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-mbstring),)
+ CONFIGURE_ARGS+= \
+ --enable-mbstring=shared \
+ --enable-mbregex
+else
+ CONFIGURE_ARGS+= --disable-mbstring
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-mysqli),)
+ CONFIGURE_ARGS+= --with-mysqli=shared
+else
+ CONFIGURE_ARGS+= --without-mysqli
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-mysqlnd),)
+ CONFIGURE_ARGS+= --enable-mysqlnd=shared
+else
+ CONFIGURE_ARGS+= --disable-mysqlnd
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-opcache),)
+ CONFIGURE_ARGS+= --enable-opcache=shared
+else
+ CONFIGURE_ARGS+= --disable-opcache
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-openssl)$(CONFIG_PACKAGE_php8-mod-ftp)$(CONFIG_PACKAGE_php8-mod-imap)$(CONFIG_PACKAGE_php8-mod-snmp),)
+ CONFIGURE_ARGS+= \
+ --with-openssl=shared \
+ --with-kerberos=no \
+ --with-openssl-dir="$(STAGING_DIR)/usr"
+else
+ CONFIGURE_ARGS+= --without-openssl
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-pcntl),)
+ CONFIGURE_ARGS+= --enable-pcntl=shared
+else
+ CONFIGURE_ARGS+= --disable-pcntl
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-pdo),)
+ CONFIGURE_ARGS+= --enable-pdo=shared
+ ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-pdo-mysql),)
+ CONFIGURE_ARGS+= --with-pdo-mysql=shared
+ else
+ CONFIGURE_ARGS+= --without-pdo-mysql
+ endif
+ ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-pdo-pgsql),)
+ CONFIGURE_ARGS+= --with-pdo-pgsql=shared,"$(STAGING_DIR)/usr"
+ else
+ CONFIGURE_ARGS+= --without-pdo-pgsql
+ endif
+ ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-pdo-sqlite),)
+ CONFIGURE_ARGS+= --with-pdo-sqlite=shared
+ else
+ CONFIGURE_ARGS+= --without-pdo-sqlite
+ endif
+else
+ CONFIGURE_ARGS+= --disable-pdo
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-pgsql),)
+ CONFIGURE_ARGS+= --with-pgsql=shared,"$(STAGING_DIR)/usr"
+else
+ CONFIGURE_ARGS+= --without-pgsql
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-phar),)
+ CONFIGURE_ARGS+= --enable-phar=shared
+else
+ CONFIGURE_ARGS+= --disable-phar
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-session),)
+ CONFIGURE_ARGS+= --enable-session=shared
+else
+ CONFIGURE_ARGS+= --disable-session
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-shmop),)
+ CONFIGURE_ARGS+= --enable-shmop=shared
+else
+ CONFIGURE_ARGS+= --disable-shmop
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-simplexml),)
+ CONFIGURE_ARGS+= --enable-simplexml=shared
+else
+ CONFIGURE_ARGS+= --disable-simplexml
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-snmp),)
+ CONFIGURE_ARGS+= --with-snmp=shared,"$(STAGING_DIR)/usr"
+else
+ CONFIGURE_ARGS+= --without-snmp
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-soap),)
+ CONFIGURE_ARGS+= --enable-soap=shared
+else
+ CONFIGURE_ARGS+= --disable-soap
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-sockets),)
+ CONFIGURE_ARGS+= --enable-sockets=shared
+else
+ CONFIGURE_ARGS+= --disable-sockets
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-sqlite3),)
+ CONFIGURE_ARGS+= --with-sqlite3=shared
+else
+ CONFIGURE_ARGS+= --without-sqlite3
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-sysvmsg),)
+ CONFIGURE_ARGS+= --enable-sysvmsg=shared
+else
+ CONFIGURE_ARGS+= --disable-sysvmsg
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-sysvsem),)
+ CONFIGURE_ARGS+= --enable-sysvsem=shared
+else
+ CONFIGURE_ARGS+= --disable-sysvsem
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-sysvshm),)
+ CONFIGURE_ARGS+= --enable-sysvshm=shared
+else
+ CONFIGURE_ARGS+= --disable-sysvshm
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-tokenizer),)
+ CONFIGURE_ARGS+= --enable-tokenizer=shared
+else
+ CONFIGURE_ARGS+= --disable-tokenizer
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-xml),)
+ CONFIGURE_ARGS+= --enable-xml=shared,"$(STAGING_DIR)/usr"
+ ifneq ($(CONFIG_PHP8_LIBXML),y)
+ CONFIGURE_ARGS+= --with-expat
+ endif
+else
+ CONFIGURE_ARGS+= --disable-xml
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-xmlreader),)
+ CONFIGURE_ARGS+= --enable-xmlreader=shared,"$(STAGING_DIR)/usr"
+else
+ CONFIGURE_ARGS+= --disable-xmlreader
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_php8-mod-xmlwriter),)
+ CONFIGURE_ARGS+= --enable-xmlwriter=shared,"$(STAGING_DIR)/usr"
+else
+ CONFIGURE_ARGS+= --disable-xmlwriter
+endif
+
+ifneq ($(CONFIG_PACKAGE_php8-mod-zip),)
+ CONFIGURE_ARGS+= --with-zip=shared,"$(STAGING_DIR)/usr"
+else
+ CONFIGURE_ARGS+= --without-zip
+endif
+
+ifneq ($(SDK)$(CONFIG_PHP8_LIBXML),)
+ CONFIGURE_ARGS+= --with-libxml
+else
+ CONFIGURE_ARGS+= --without-libxml
+endif
+
+ifneq ($(CONFIG_PHP8_SYSTEMTZDATA),)
+ CONFIGURE_ARGS+= --with-system-tzdata
+else
+ CONFIGURE_ARGS+= --without-system-tzdata
+endif
+
+CONFIGURE_VARS+= \
+ ac_cv_c_bigendian_php=$(if $(CONFIG_BIG_ENDIAN),yes,no) \
+ php_cv_cc_rpath="no" \
+ iconv_impl_name="gnu_libiconv" \
+ ac_cv_php_xml2_config_path="$(STAGING_DIR)/host/bin/xml2-config" \
+ ac_cv_u8t_decompose=yes \
+ ac_cv_have_pcre2_jit=no
+
+MAKE_VARS+= \
+ HOSTCC="$(HOSTCC)"
+
+define Package/php8/conffiles
+/etc/php.ini
+/etc/php8/
+endef
+
+define Package/php8/install
+ $(INSTALL_DIR) $(1)/etc
+ $(INSTALL_DATA) ./files/php.ini $(1)/etc/
+endef
+
+define Package/php8-cli/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(CP) $(PKG_BUILD_DIR)/sapi/cli/php $(1)/usr/bin/php8-cli
+ ln -sf php8-cli $(1)/usr/bin/php-cli
+endef
+
+define Package/php8-cgi/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(CP) $(PKG_BUILD_DIR)/sapi/cgi/php-cgi $(1)/usr/bin/php8-cgi
+ ln -sf php8-cgi $(1)/usr/bin/php-cgi
+ ln -sf php8-cgi $(1)/usr/bin/php8-fcgi
+endef
+
+define Package/php8-fastcgi/install
+ $(INSTALL_DIR) $(1)/etc/config
+ $(INSTALL_DATA) ./files/php8-fastcgi.config $(1)/etc/config/php8-fastcgi
+
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/php8-fastcgi.init $(1)/etc/init.d/php8-fastcgi
+endef
+
+define Package/php8-fastcgi/conffiles
+/etc/config/php8-fastcgi
+endef
+
+define Package/php8-fpm/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/sapi/fpm/php-fpm $(1)/usr/bin/php8-fpm
+
+ $(INSTALL_DIR) $(1)/etc
+ $(INSTALL_DATA) ./files/php8-fpm.conf $(1)/etc/php8-fpm.conf
+
+ $(INSTALL_DIR) $(1)/etc/config
+ $(INSTALL_DATA) ./files/php8-fpm.config $(1)/etc/config/php8-fpm
+
+ $(INSTALL_DIR) $(1)/etc/php8-fpm.d
+ $(INSTALL_DATA) ./files/php8-fpm-www.conf $(1)/etc/php8-fpm.d/www.conf
+
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/php8-fpm.init $(1)/etc/init.d/php8-fpm
+endef
+
+define Package/php8-fpm/conffiles
+/etc/php8-fpm.conf
+/etc/php8-fpm.d/
+/etc/config/php8-fpm
+endef
+
+define Build/Prepare
+ $(call Build/Prepare/Default)
+ ( cd $(PKG_BUILD_DIR); touch configure.ac; ./buildconf --force )
+endef
+
+define Build/InstallDev
+ rm -rf $(PKG_BUILD_DIR)/staging
+ make -C $(PKG_BUILD_DIR) install INSTALL_ROOT=$(PKG_BUILD_DIR)/staging
+ rm -rf $(PKG_BUILD_DIR)/staging/usr/{share,man,sbin}
+ rm -f $(PKG_BUILD_DIR)/staging/usr/bin/{php,php-cgi,php-cli}
+ mv $(PKG_BUILD_DIR)/staging/usr/bin/phpize $(PKG_BUILD_DIR)/staging/usr/bin/phpize8
+ mv $(PKG_BUILD_DIR)/staging/usr/bin/php-config $(PKG_BUILD_DIR)/staging/usr/bin/php8-config
+ mv $(PKG_BUILD_DIR)/staging/usr/include/php $(PKG_BUILD_DIR)/staging/usr/include/php8
+ mv $(PKG_BUILD_DIR)/staging/usr/lib/php $(PKG_BUILD_DIR)/staging/usr/lib/php8
+
+ $(CP) $(PKG_BUILD_DIR)/staging/usr $(STAGING_DIR)/
+
+ sed -i -e "s#prefix='/usr'#prefix='$(STAGING_DIR)/usr'#" $(STAGING_DIR)/usr/bin/phpize8
+ sed -i -e "s#exec_prefix=\"\`eval echo /usr\`\"#exec_prefix='$(STAGING_DIR)/usr'#" $(STAGING_DIR)/usr/bin/phpize8
+ sed -i -e "s#/include\`/php\"#/include\`/php8\"#" $(STAGING_DIR)/usr/bin/phpize8
+ sed -i -e "s#/lib/php\`/build\"#/lib/php8\`/build\"#" $(STAGING_DIR)/usr/bin/phpize8
+
+ sed -i -e "s#prefix=\"/usr\"#prefix=\"$(STAGING_DIR)/usr\"#" $(STAGING_DIR)/usr/bin/php8-config
+ sed -i -e "s#/include/php\"#/include/php8\"#" $(STAGING_DIR)/usr/bin/php8-config
+endef
+
+define BuildModule
+
+ define Package/php8-mod-$(1)
+ $(call Package/php8/Default)
+
+ ifneq ($(3),)
+ DEPENDS+=$(3)
+ endif
+
+ TITLE:=$(2) shared module
+ endef
+
+ define Package/php8-mod-$(1)/install
+ $(INSTALL_DIR) $$(1)/usr/lib/php8
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/modules/$(subst -,_,$(1)).so $$(1)/usr/lib/php8/
+ $(INSTALL_DIR) $$(1)/etc/php8
+ ifeq ($(5),zend)
+ echo "zend_extension=/usr/lib/php8/$(subst -,_,$(1)).so" > $$(1)/etc/php8/$(if $(4),$(4),20)_$(subst -,_,$(1)).ini
+ else
+ echo "extension=$(subst -,_,$(1)).so" > $$(1)/etc/php8/$(if $(4),$(4),20)_$(subst -,_,$(1)).ini
+ endif
+ endef
+
+ $$(eval $$(call BuildPackage,php8-mod-$(1)))
+
+endef
+
+$(eval $(call BuildPackage,php8))
+$(eval $(call BuildPackage,php8-cgi))
+$(eval $(call BuildPackage,php8-cli))
+$(eval $(call BuildPackage,php8-fastcgi))
+$(eval $(call BuildPackage,php8-fpm))
+
+#$(eval $(call BuildModule,NAME,TITLE[,PKG DEPENDS]))
+$(eval $(call BuildModule,bcmath,Bcmath))
+$(eval $(call BuildModule,calendar,Calendar))
+$(eval $(call BuildModule,ctype,Ctype))
+$(eval $(call BuildModule,curl,cURL,+PACKAGE_php8-mod-curl:libcurl))
+$(eval $(call BuildModule,dom,DOM,+@PHP8_LIBXML +PACKAGE_php8-mod-dom:libxml2))
+$(eval $(call BuildModule,exif,EXIF))
+$(eval $(call BuildModule,fileinfo,Fileinfo))
+$(eval $(call BuildModule,filter,Filter))
+$(eval $(call BuildModule,ftp,FTP,+PACKAGE_php8-mod-ftp:libopenssl))
+$(eval $(call BuildModule,gd,GD graphics,+PACKAGE_php8-mod-gd:libgd-full))
+$(eval $(call BuildModule,gettext,Gettext,+PACKAGE_php8-mod-gettext:libintl-full))
+$(eval $(call BuildModule,gmp,GMP,+PACKAGE_php8-mod-gmp:libgmp))
+$(eval $(call BuildModule,iconv,iConv,$(ICONV_DEPENDS)))
+$(eval $(call BuildModule,imap,IMAP,+PACKAGE_php8-mod-imap:libopenssl +PACKAGE_libpam:libpam +PACKAGE_php8-mod-imap:uw-imap))
+$(eval $(call BuildModule,intl,Internationalization Functions,+PACKAGE_php8-mod-intl:icu +PHP8_FULLICUDATA:icu-full-data))
+$(eval $(call BuildModule,ldap,LDAP,+PACKAGE_php8-mod-ldap:libopenldap +PACKAGE_php8-mod-ldap:libsasl2))
+$(eval $(call BuildModule,mbstring,MBString,+PACKAGE_php8-mod-mbstring:oniguruma))
+$(eval $(call BuildModule,mysqli,MySQL Improved Extension,+PACKAGE_php8-mod-mysqli:php8-mod-mysqlnd,30))
+$(eval $(call BuildModule,mysqlnd,MySQL Native Driver,+PACKAGE_php8-mod-openssl:php8-mod-openssl))
+$(eval $(call BuildModule,opcache,OPcache,,,zend))
+$(eval $(call BuildModule,openssl,OpenSSL,+PACKAGE_php8-mod-openssl:libopenssl,15))
+$(eval $(call BuildModule,pcntl,PCNTL))
+$(eval $(call BuildModule,pdo,PHP Data Objects))
+$(eval $(call BuildModule,pdo-mysql,PDO driver for MySQL,+php8-mod-pdo +PACKAGE_php8-mod-pdo-mysql:php8-mod-mysqlnd))
+$(eval $(call BuildModule,pdo-pgsql,PDO driver for PostgreSQL,+php8-mod-pdo +PACKAGE_php8-mod-pdo-pgsql:libpq))
+$(eval $(call BuildModule,pdo-sqlite,PDO driver for SQLite 3.x,+php8-mod-pdo +PACKAGE_php8-mod-pdo-sqlite:libsqlite3 +PACKAGE_php8-mod-pdo-sqlite:librt))
+$(eval $(call BuildModule,pgsql,PostgreSQL,+PACKAGE_php8-mod-pgsql:libpq))
+$(eval $(call BuildModule,phar,Phar Archives))
+$(eval $(call BuildModule,session,Session))
+$(eval $(call BuildModule,shmop,Shared Memory))
+$(eval $(call BuildModule,simplexml,SimpleXML,+@PHP8_LIBXML +PACKAGE_php8-mod-simplexml:libxml2))
+$(eval $(call BuildModule,snmp,SNMP,+PACKAGE_php8-mod-snmp:libnetsnmp +PACKAGE_php8-mod-snmp:libopenssl))
+$(eval $(call BuildModule,soap,SOAP,+@PHP8_LIBXML +PACKAGE_php8-mod-soap:libxml2))
+$(eval $(call BuildModule,sockets,Sockets))
+$(eval $(call BuildModule,sqlite3,SQLite3,+PACKAGE_php8-mod-sqlite3:libsqlite3))
+$(eval $(call BuildModule,sysvmsg,System V messages))
+$(eval $(call BuildModule,sysvsem,System V shared memory))
+$(eval $(call BuildModule,sysvshm,System V semaphore))
+$(eval $(call BuildModule,tokenizer,Tokenizer))
+$(eval $(call BuildModule,xml,XML,+PHP8_LIBXML:libxml2 +!PHP8_LIBXML:libexpat))
+$(eval $(call BuildModule,xmlreader,XMLReader,+@PHP8_LIBXML +PACKAGE_php8-mod-dom:php8-mod-dom +PACKAGE_php8-mod-xmlreader:libxml2))
+$(eval $(call BuildModule,xmlwriter,XMLWriter,+@PHP8_LIBXML +PACKAGE_php8-mod-xmlwriter:libxml2))
+$(eval $(call BuildModule,zip,ZIP,+PACKAGE_php8-mod-zip:libzip))
--- /dev/null
+[PHP]
+zend.ze1_compatibility_mode = Off
+
+; Language Options
+
+engine = On
+;short_open_tag = Off
+precision = 12
+y2k_compliance = On
+output_buffering = Off
+;output_handler =
+zlib.output_compression = Off
+;zlib.output_compression_level = -1
+;zlib.output_handler =
+implicit_flush = Off
+unserialize_callback_func =
+serialize_precision = 100
+
+;open_basedir =
+disable_functions =
+disable_classes =
+
+; Colors for Syntax Highlighting mode. Anything that's acceptable in
+; <span style="color: ???????"> would work.
+;highlight.string = #DD0000
+;highlight.comment = #FF9900
+;highlight.keyword = #007700
+;highlight.bg = #FFFFFF
+;highlight.default = #0000BB
+;highlight.html = #000000
+
+;ignore_user_abort = On
+;realpath_cache_size = 16k
+;realpath_cache_ttl = 120
+
+; Miscellaneous
+
+expose_php = On
+
+; Resource Limits
+
+max_execution_time = 30 ; Maximum execution time of each script, in seconds.
+max_input_time = 60 ; Maximum amount of time each script may spend parsing request data.
+;max_input_nesting_level = 64
+memory_limit = 8M ; Maximum amount of memory a script may consume.
+
+; Error handling and logging
+
+; Error Level Constants:
+; E_ALL - All errors and warnings (includes E_STRICT as of PHP 6.0.0)
+; E_ERROR - fatal run-time errors
+; E_RECOVERABLE_ERROR - almost fatal run-time errors
+; E_WARNING - run-time warnings (non-fatal errors)
+; E_PARSE - compile-time parse errors
+; E_NOTICE - run-time notices (these are warnings which often result
+; from a bug in your code, but it's possible that it was
+; intentional (e.g., using an uninitialized variable and
+; relying on the fact it's automatically initialized to an
+; empty string)
+; E_STRICT - run-time notices, enable to have PHP suggest changes
+; to your code which will ensure the best interoperability
+; and forward compatibility of your code
+; E_CORE_ERROR - fatal errors that occur during PHP's initial startup
+; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's
+; initial startup
+; E_COMPILE_ERROR - fatal compile-time errors
+; E_COMPILE_WARNING - compile-time warnings (non-fatal errors)
+; E_USER_ERROR - user-generated error message
+; E_USER_WARNING - user-generated warning message
+; E_USER_NOTICE - user-generated notice message
+; E_DEPRECATED - warn about code that will not work in future versions
+; of PHP
+; E_USER_DEPRECATED - user-generated deprecation warnings
+;
+; Common Values:
+; E_ALL & ~E_NOTICE (Show all errors, except for notices and coding standards warnings.)
+; E_ALL & ~E_NOTICE | E_STRICT (Show all errors, except for notices)
+; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors)
+; E_ALL | E_STRICT (Show all errors, warnings and notices including coding standards.)
+; Default Value: E_ALL & ~E_NOTICE
+error_reporting = E_ALL & ~E_NOTICE & ~E_STRICT
+
+display_errors = On
+display_startup_errors = Off
+log_errors = Off
+log_errors_max_len = 1024
+ignore_repeated_errors = Off
+ignore_repeated_source = Off
+report_memleaks = On
+;report_zend_debug = 0
+track_errors = Off
+;html_errors = Off
+;docref_root = "/phpmanual/"
+;docref_ext = .html
+;error_prepend_string = "<font color=#ff0000>"
+;error_append_string = "</font>"
+; Log errors to specified file.
+;error_log = /var/log/php_errors.log
+; Log errors to syslog.
+;error_log = syslog
+
+; Data Handling
+
+;arg_separator.output = "&"
+;arg_separator.input = ";&"
+variables_order = "EGPCS"
+request_order = "GP"
+register_globals = Off
+register_long_arrays = Off
+register_argc_argv = On
+auto_globals_jit = On
+post_max_size = 8M
+;magic_quotes_gpc = Off
+magic_quotes_runtime = Off
+magic_quotes_sybase = Off
+auto_prepend_file =
+auto_append_file =
+default_mimetype = "text/html"
+;default_charset = "iso-8859-1"
+;always_populate_raw_post_data = On
+
+; Paths and Directories
+
+; UNIX: "/path1:/path2"
+;include_path = ".:/php/includes"
+doc_root = "/www"
+user_dir =
+extension_dir = "/usr/lib/php8"
+enable_dl = On
+;cgi.force_redirect = 1
+;cgi.nph = 1
+;cgi.redirect_status_env = ;
+cgi.fix_pathinfo=1
+;fastcgi.impersonate = 1;
+;fastcgi.logging = 0
+;cgi.rfc2616_headers = 0
+
+; File Uploads
+
+file_uploads = On
+upload_tmp_dir = "/tmp"
+upload_max_filesize = 2M
+max_file_uploads = 20
+
+; Fopen wrappers
+
+allow_url_fopen = On
+allow_url_include = Off
+;from="john@doe.com"
+;user_agent="PHP"
+default_socket_timeout = 60
+;auto_detect_line_endings = Off
--- /dev/null
+config php8-fastcgi
+ option enabled 1
+ option port '1026'
--- /dev/null
+#!/bin/sh /etc/rc.common
+
+START=50
+
+SERVICE_DAEMONIZE=1
+SERVICE_WRITE_PID=1
+
+start_instance() {
+ local section="$1"
+ local enabled
+ local port
+
+ config_get_bool enabled "$section" 'enabled' 0
+ config_get port "$section" 'port'
+
+ [ $enabled -gt 0 ] || return 1
+
+ PHP_FCGI_CHILDREN='' \
+ service_start /usr/bin/php8-fcgi ${port:+-b $port}
+}
+
+start() {
+ config_load 'php8-fastcgi'
+ config_foreach start_instance 'php8-fastcgi'
+}
+
+stop() {
+ service_stop /usr/bin/php8-fcgi
+}
--- /dev/null
+; Start a new pool named 'www'.
+; the variable $pool can we used in any directive and will be replaced by the
+; pool name ('www' here)
+[www]
+
+; Per pool prefix
+; It only applies on the following directives:
+; - 'slowlog'
+; - 'listen' (unixsocket)
+; - 'chroot'
+; - 'chdir'
+; - 'php_values'
+; - 'php_admin_values'
+; When not set, the global prefix (or /usr) applies instead.
+; Note: This directive can also be relative to the global prefix.
+; Default Value: none
+;prefix = /path/to/pools/$pool
+
+; Unix user/group of processes
+; Note: The user is mandatory. If the group is not set, the default user's group
+; will be used.
+user = nobody
+;group =
+
+; The address on which to accept FastCGI requests.
+; Valid syntaxes are:
+; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on
+; a specific port;
+; 'port' - to listen on a TCP socket to all addresses on a
+; specific port;
+; '/path/to/unix/socket' - to listen on a unix socket.
+; Note: This value is mandatory.
+listen = /var/run/php8-fpm.sock
+
+; Set listen(2) backlog.
+; Default Value: 128 (-1 on FreeBSD and OpenBSD)
+;listen.backlog = 128
+
+; Set permissions for unix socket, if one is used. In Linux, read/write
+; permissions must be set in order to allow connections from a web server. Many
+; BSD-derived systems allow connections regardless of permissions.
+; Default Values: user and group are set as the running user
+; mode is set to 0666
+;listen.owner = www-data
+;listen.group = www-data
+;listen.mode = 0666
+
+; List of ipv4 addresses of FastCGI clients which are allowed to connect.
+; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
+; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
+; must be separated by a comma. If this value is left blank, connections will be
+; accepted from any ip address.
+; Default Value: any
+;listen.allowed_clients = 127.0.0.1
+
+; Specify the nice(2) priority to apply to the pool processes (only if set)
+; The value can vary from -19 (highest priority) to 20 (lower priority)
+; Note: - It will only work if the FPM master process is launched as root
+; - The pool processes will inherit the master process priority
+; unless it specified otherwise
+; Default Value: no set
+; priority = -19
+
+; Choose how the process manager will control the number of child processes.
+; Possible Values:
+; static - a fixed number (pm.max_children) of child processes;
+; dynamic - the number of child processes are set dynamically based on the
+; following directives. With this process management, there will be
+; always at least 1 children.
+; pm.max_children - the maximum number of children that can
+; be alive at the same time.
+; pm.start_servers - the number of children created on startup.
+; pm.min_spare_servers - the minimum number of children in 'idle'
+; state (waiting to process). If the number
+; of 'idle' processes is less than this
+; number then some children will be created.
+; pm.max_spare_servers - the maximum number of children in 'idle'
+; state (waiting to process). If the number
+; of 'idle' processes is greater than this
+; number then some children will be killed.
+; ondemand - no children are created at startup. Children will be forked when
+; new requests will connect. The following parameter are used:
+; pm.max_children - the maximum number of children that
+; can be alive at the same time.
+; pm.process_idle_timeout - The number of seconds after which
+; an idle process will be killed.
+; Note: This value is mandatory.
+pm = dynamic
+
+; The number of child processes to be created when pm is set to 'static' and the
+; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
+; This value sets the limit on the number of simultaneous requests that will be
+; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
+; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
+; CGI. The below defaults are based on a server without much resources. Don't
+; forget to tweak pm.* to fit your needs.
+; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
+; Note: This value is mandatory.
+pm.max_children = 5
+
+; The number of child processes created on startup.
+; Note: Used only when pm is set to 'dynamic'
+; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
+pm.start_servers = 2
+
+; The desired minimum number of idle server processes.
+; Note: Used only when pm is set to 'dynamic'
+; Note: Mandatory when pm is set to 'dynamic'
+pm.min_spare_servers = 1
+
+; The desired maximum number of idle server processes.
+; Note: Used only when pm is set to 'dynamic'
+; Note: Mandatory when pm is set to 'dynamic'
+pm.max_spare_servers = 3
+
+; The number of seconds after which an idle process will be killed.
+; Note: Used only when pm is set to 'ondemand'
+; Default Value: 10s
+;pm.process_idle_timeout = 10s;
+
+; The number of requests each child process should execute before respawning.
+; This can be useful to work around memory leaks in 3rd party libraries. For
+; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
+; Default Value: 0
+;pm.max_requests = 500
+
+; The URI to view the FPM status page. If this value is not set, no URI will be
+; recognized as a status page. It shows the following informations:
+; pool - the name of the pool;
+; process manager - static, dynamic or ondemand;
+; start time - the date and time FPM has started;
+; start since - number of seconds since FPM has started;
+; accepted conn - the number of request accepted by the pool;
+; listen queue - the number of request in the queue of pending
+; connections (see backlog in listen(2));
+; max listen queue - the maximum number of requests in the queue
+; of pending connections since FPM has started;
+; listen queue len - the size of the socket queue of pending connections;
+; idle processes - the number of idle processes;
+; active processes - the number of active processes;
+; total processes - the number of idle + active processes;
+; max active processes - the maximum number of active processes since FPM
+; has started;
+; max children reached - number of times, the process limit has been reached,
+; when pm tries to start more children (works only for
+; pm 'dynamic' and 'ondemand');
+; Value are updated in real time.
+; Example output:
+; pool: www
+; process manager: static
+; start time: 01/Jul/2011:17:53:49 +0200
+; start since: 62636
+; accepted conn: 190460
+; listen queue: 0
+; max listen queue: 1
+; listen queue len: 42
+; idle processes: 4
+; active processes: 11
+; total processes: 15
+; max active processes: 12
+; max children reached: 0
+;
+; By default the status page output is formatted as text/plain. Passing either
+; 'html', 'xml' or 'json' in the query string will return the corresponding
+; output syntax. Example:
+; http://www.foo.bar/status
+; http://www.foo.bar/status?json
+; http://www.foo.bar/status?html
+; http://www.foo.bar/status?xml
+;
+; By default the status page only outputs short status. Passing 'full' in the
+; query string will also return status for each pool process.
+; Example:
+; http://www.foo.bar/status?full
+; http://www.foo.bar/status?json&full
+; http://www.foo.bar/status?html&full
+; http://www.foo.bar/status?xml&full
+; The Full status returns for each process:
+; pid - the PID of the process;
+; state - the state of the process (Idle, Running, ...);
+; start time - the date and time the process has started;
+; start since - the number of seconds since the process has started;
+; requests - the number of requests the process has served;
+; request duration - the duration in µs of the requests;
+; request method - the request method (GET, POST, ...);
+; request URI - the request URI with the query string;
+; content length - the content length of the request (only with POST);
+; user - the user (PHP_AUTH_USER) (or '-' if not set);
+; script - the main script called (or '-' if not set);
+; last request cpu - the %cpu the last request consumed
+; it's always 0 if the process is not in Idle state
+; because CPU calculation is done when the request
+; processing has terminated;
+; last request memory - the max amount of memory the last request consumed
+; it's always 0 if the process is not in Idle state
+; because memory calculation is done when the request
+; processing has terminated;
+; If the process is in Idle state, then informations are related to the
+; last request the process has served. Otherwise informations are related to
+; the current request being served.
+; Example output:
+; ************************
+; pid: 31330
+; state: Running
+; start time: 01/Jul/2011:17:53:49 +0200
+; start since: 63087
+; requests: 12808
+; request duration: 1250261
+; request method: GET
+; request URI: /test_mem.php?N=10000
+; content length: 0
+; user: -
+; script: /home/fat/web/docs/php/test_mem.php
+; last request cpu: 0.00
+; last request memory: 0
+;
+; Note: There is a real-time FPM status monitoring sample web page available
+; It's available in: ${prefix}/share/fpm/status.html
+;
+; Note: The value must start with a leading slash (/). The value can be
+; anything, but it may not be a good idea to use the .php extension or it
+; may conflict with a real PHP file.
+; Default Value: not set
+;pm.status_path = /status
+
+; The ping URI to call the monitoring page of FPM. If this value is not set, no
+; URI will be recognized as a ping page. This could be used to test from outside
+; that FPM is alive and responding, or to
+; - create a graph of FPM availability (rrd or such);
+; - remove a server from a group if it is not responding (load balancing);
+; - trigger alerts for the operating team (24/7).
+; Note: The value must start with a leading slash (/). The value can be
+; anything, but it may not be a good idea to use the .php extension or it
+; may conflict with a real PHP file.
+; Default Value: not set
+;ping.path = /ping
+
+; This directive may be used to customize the response of a ping request. The
+; response is formatted as text/plain with a 200 response code.
+; Default Value: pong
+;ping.response = pong
+
+; The access log file
+; Default: not set
+;access.log = log/$pool.access.log
+
+; The access log format.
+; The following syntax is allowed
+; %%: the '%' character
+; %C: %CPU used by the request
+; it can accept the following format:
+; - %{user}C for user CPU only
+; - %{system}C for system CPU only
+; - %{total}C for user + system CPU (default)
+; %d: time taken to serve the request
+; it can accept the following format:
+; - %{seconds}d (default)
+; - %{miliseconds}d
+; - %{mili}d
+; - %{microseconds}d
+; - %{micro}d
+; %e: an environment variable (same as $_ENV or $_SERVER)
+; it must be associated with embraces to specify the name of the env
+; variable. Some exemples:
+; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
+; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
+; %f: script filename
+; %l: content-length of the request (for POST request only)
+; %m: request method
+; %M: peak of memory allocated by PHP
+; it can accept the following format:
+; - %{bytes}M (default)
+; - %{kilobytes}M
+; - %{kilo}M
+; - %{megabytes}M
+; - %{mega}M
+; %n: pool name
+; %o: ouput header
+; it must be associated with embraces to specify the name of the header:
+; - %{Content-Type}o
+; - %{X-Powered-By}o
+; - %{Transfert-Encoding}o
+; - ....
+; %p: PID of the child that serviced the request
+; %P: PID of the parent of the child that serviced the request
+; %q: the query string
+; %Q: the '?' character if query string exists
+; %r: the request URI (without the query string, see %q and %Q)
+; %R: remote IP address
+; %s: status (response code)
+; %t: server time the request was received
+; it can accept a strftime(3) format:
+; %d/%b/%Y:%H:%M:%S %z (default)
+; %T: time the log has been written (the request has finished)
+; it can accept a strftime(3) format:
+; %d/%b/%Y:%H:%M:%S %z (default)
+; %u: remote user
+;
+; Default: "%R - %u %t \"%m %r\" %s"
+;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
+
+; The log file for slow requests
+; Default Value: not set
+; Note: slowlog is mandatory if request_slowlog_timeout is set
+;slowlog = log/$pool.log.slow
+
+; The timeout for serving a single request after which a PHP backtrace will be
+; dumped to the 'slowlog' file. A value of '0s' means 'off'.
+; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
+; Default Value: 0
+;request_slowlog_timeout = 0
+
+; The timeout for serving a single request after which the worker process will
+; be killed. This option should be used when the 'max_execution_time' ini option
+; does not stop script execution for some reason. A value of '0' means 'off'.
+; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
+; Default Value: 0
+;request_terminate_timeout = 0
+
+; Set open file descriptor rlimit.
+; Default Value: system defined value
+;rlimit_files = 1024
+
+; Set max core size rlimit.
+; Possible Values: 'unlimited' or an integer greater or equal to 0
+; Default Value: system defined value
+;rlimit_core = 0
+
+; Chroot to this directory at the start. This value must be defined as an
+; absolute path. When this value is not set, chroot is not used.
+; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
+; of its subdirectories. If the pool prefix is not set, the global prefix
+; will be used instead.
+; Note: chrooting is a great security feature and should be used whenever
+; possible. However, all PHP paths will be relative to the chroot
+; (error_log, sessions.save_path, ...).
+; Default Value: not set
+;chroot =
+
+; Chdir to this directory at the start.
+; Note: relative path can be used.
+; Default Value: current directory or / when chroot
+chdir = /
+
+; Redirect worker stdout and stderr into main error log. If not set, stdout and
+; stderr will be redirected to /dev/null according to FastCGI specs.
+; Note: on highloaded environement, this can cause some delay in the page
+; process time (several ms).
+; Default Value: no
+;catch_workers_output = yes
+
+; Limits the extensions of the main script FPM will allow to parse. This can
+; prevent configuration mistakes on the web server side. You should only limit
+; FPM to .php extensions to prevent malicious users to use other extensions to
+; exectute php code.
+; Note: set an empty value to allow all extensions.
+; Default Value: .php
+;security.limit_extensions = .php .php3 .php4 .php5
+
+; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
+; the current environment.
+; Default Value: clean env
+;env[HOSTNAME] = $HOSTNAME
+;env[PATH] = /usr/local/bin:/usr/bin:/bin
+;env[TMP] = /tmp
+;env[TMPDIR] = /tmp
+;env[TEMP] = /tmp
+
+; Additional php.ini defines, specific to this pool of workers. These settings
+; overwrite the values previously defined in the php.ini. The directives are the
+; same as the PHP SAPI:
+; php_value/php_flag - you can set classic ini defines which can
+; be overwritten from PHP call 'ini_set'.
+; php_admin_value/php_admin_flag - these directives won't be overwritten by
+; PHP call 'ini_set'
+; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
+
+; Defining 'extension' will load the corresponding shared extension from
+; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
+; overwrite previously defined php.ini values, but will append the new value
+; instead.
+
+; Note: path INI options can be relative and will be expanded with the prefix
+; (pool, global or /usr)
+
+; Default Value: nothing is defined by default except the values in php.ini and
+; specified at startup with the -d argument
+;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
+;php_flag[display_errors] = off
+;php_admin_value[error_log] = /var/log/fpm-php.www.log
+;php_admin_flag[log_errors] = on
+;php_admin_value[memory_limit] = 32M
--- /dev/null
+;;;;;;;;;;;;;;;;;;;;;
+; FPM Configuration ;
+;;;;;;;;;;;;;;;;;;;;;
+
+; All relative paths in this configuration file are relative to PHP's install
+; prefix (/usr). This prefix can be dynamically changed by using the
+; '-p' argument from the command line.
+
+; Include one or more files. If glob(3) exists, it is used to include a bunch of
+; files from a glob(3) pattern. This directive can be used everywhere in the
+; file.
+; Relative path can also be used. They will be prefixed by:
+; - the global prefix if it's been set (-p argument)
+; - /usr otherwise
+;include=/etc/php8/fpm/*.conf
+
+;;;;;;;;;;;;;;;;;;
+; Global Options ;
+;;;;;;;;;;;;;;;;;;
+
+[global]
+; Pid file
+; Note: the default prefix is /var
+; Default Value: none
+pid = /var/run/php8-fpm.pid
+
+; Error log file
+; If it's set to "syslog", log is sent to syslogd instead of being written
+; in a local file.
+; Note: the default prefix is /var
+; Default Value: log/php-fpm.log
+error_log = /var/log/php8-fpm.log
+
+; syslog_facility is used to specify what type of program is logging the
+; message. This lets syslogd specify that messages from different facilities
+; will be handled differently.
+; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
+; Default Value: daemon
+;syslog.facility = daemon
+
+; syslog_ident is prepended to every message. If you have multiple FPM
+; instances running on the same server, you can change the default value
+; which must suit common needs.
+; Default Value: php-fpm
+;syslog.ident = php-fpm
+
+; Log level
+; Possible Values: alert, error, warning, notice, debug
+; Default Value: notice
+;log_level = notice
+
+; If this number of child processes exit with SIGSEGV or SIGBUS within the time
+; interval set by emergency_restart_interval then FPM will restart. A value
+; of '0' means 'Off'.
+; Default Value: 0
+;emergency_restart_threshold = 0
+
+; Interval of time used by emergency_restart_interval to determine when
+; a graceful restart will be initiated. This can be useful to work around
+; accidental corruptions in an accelerator's shared memory.
+; Available Units: s(econds), m(inutes), h(ours), or d(ays)
+; Default Unit: seconds
+; Default Value: 0
+;emergency_restart_interval = 0
+
+; Time limit for child processes to wait for a reaction on signals from master.
+; Available units: s(econds), m(inutes), h(ours), or d(ays)
+; Default Unit: seconds
+; Default Value: 0
+;process_control_timeout = 0
+
+; The maximum number of processes FPM will fork. This has been design to control
+; the global number of processes when using dynamic PM within a lot of pools.
+; Use it with caution.
+; Note: A value of 0 indicates no limit
+; Default Value: 0
+; process.max = 128
+
+; Specify the nice(2) priority to apply to the master process (only if set)
+; The value can vary from -19 (highest priority) to 20 (lower priority)
+; Note: - It will only work if the FPM master process is launched as root
+; - The pool process will inherit the master process priority
+; unless it specified otherwise
+; Default Value: no set
+; process.priority = -19
+
+; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging.
+; Default Value: yes
+;daemonize = yes
+
+; Set open file descriptor rlimit for the master process.
+; Default Value: system defined value
+;rlimit_files = 1024
+
+; Set max core size rlimit for the master process.
+; Possible Values: 'unlimited' or an integer greater or equal to 0
+; Default Value: system defined value
+;rlimit_core = 0
+
+; Specify the event mechanism FPM will use. The following is available:
+; - select (any POSIX os)
+; - poll (any POSIX os)
+; - epoll (linux >= 2.5.44)
+; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0)
+; - /dev/poll (Solaris >= 7)
+; - port (Solaris >= 10)
+; Default Value: not set (auto detection)
+; events.mechanism = epoll
+
+;;;;;;;;;;;;;;;;;;;;
+; Pool Definitions ;
+;;;;;;;;;;;;;;;;;;;;
+
+; Multiple pools of child processes may be started with different listening
+; ports and different management options. The name of the pool will be
+; used in logs and stats. There is no limitation on the number of pools which
+; FPM can handle. Your system will tell you anyway :)
+
+; To configure the pools it is recommended to have one .conf file per
+; pool in the following directory:
+include=/etc/php8-fpm.d/*.conf
--- /dev/null
+config php8-fpm
+ option enabled 1
--- /dev/null
+#!/bin/sh /etc/rc.common
+
+START=50
+
+PROG=/usr/bin/php8-fpm
+CONFIG=/etc/php8-fpm.conf
+
+SERVICE_PID_FILE=/var/run/php8-fpm.pid
+
+start_instance() {
+ local section="$1"
+ local enabled
+
+ config_get_bool enabled "$section" 'enabled' 0
+
+ [ $enabled -gt 0 ] || return 1
+
+ service_start $PROG -y $CONFIG -g $SERVICE_PID_FILE
+}
+
+start() {
+ config_load 'php8-fpm'
+ config_foreach start_instance 'php8-fpm'
+}
+
+stop() {
+ service_stop $PROG
+}
--- /dev/null
+From: Debian PHP Maintainers <team+pkg-php@tracker.debian.org>
+Date: Wed, 7 Oct 2020 10:58:24 +0200
+Subject: Add-support-for-use-of-the-system-timezone-database
+
+# License: MIT
+# http://opensource.org/licenses/MIT
+
+# License: MIT
+# http://opensource.org/licenses/MIT
+
+Add support for use of the system timezone database, rather
+than embedding a copy. Discussed upstream but was not desired.
+
+History:
+r19: adapt for timelib 2020.02 (in 8.0.0beta2)
+r18: adapt for autotool change in 7.3.3RC1
+r17: adapt for timelib 2018.01 (in 7.3.2RC1)
+r16: adapt for timelib 2017.06 (in 7.2.3RC1)
+r15: adapt for timelib 2017.05beta7 (in 7.2.0RC1)
+r14: improve check for valid tz file
+r13: adapt for upstream changes to use PHP allocator
+r12: adapt for upstream changes for new zic
+r11: use canonical names to avoid more case sensitivity issues
+ round lat/long from zone.tab towards zero per builtin db
+r10: make timezone case insensitive
+r9: fix another compile error without --with-system-tzdata configured (Michael Heimpold)
+r8: fix compile error without --with-system-tzdata configured
+r7: improve check for valid timezone id to exclude directories
+r6: fix fd leak in r5, fix country code/BC flag use in
+ timezone_identifiers_list() using system db,
+ fix use of PECL timezonedb to override system db,
+r5: reverts addition of "System/Localtime" fake tzname.
+ updated for 5.3.0, parses zone.tab to pick up mapping between
+ timezone name, country code and long/lat coords
+r4: added "System/Localtime" tzname which uses /etc/localtime
+r3: fix a crash if /usr/share/zoneinfo doesn't exist (Raphael Geissert)
+r2: add filesystem trawl to set up name alias index
+r1: initial revision
+---
+ ext/date/config0.m4 | 13 ++
+ ext/date/lib/parse_tz.c | 535 +++++++++++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 545 insertions(+), 3 deletions(-)
+
+diff --git a/ext/date/config0.m4 b/ext/date/config0.m4
+index 20e4164..a612436 100644
+--- a/ext/date/config0.m4
++++ b/ext/date/config0.m4
+@@ -4,6 +4,19 @@ AC_CHECK_HEADERS([io.h])
+ dnl Check for strtoll, atoll
+ AC_CHECK_FUNCS(strtoll atoll)
+
++PHP_ARG_WITH(system-tzdata, for use of system timezone data,
++[ --with-system-tzdata[=DIR] to specify use of system timezone data],
++no, no)
++
++if test "$PHP_SYSTEM_TZDATA" != "no"; then
++ AC_DEFINE(HAVE_SYSTEM_TZDATA, 1, [Define if system timezone data is used])
++
++ if test "$PHP_SYSTEM_TZDATA" != "yes"; then
++ AC_DEFINE_UNQUOTED(HAVE_SYSTEM_TZDATA_PREFIX, "$PHP_SYSTEM_TZDATA",
++ [Define for location of system timezone data])
++ fi
++fi
++
+ PHP_DATE_CFLAGS="-I@ext_builddir@/lib -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -DHAVE_TIMELIB_CONFIG_H=1"
+ timelib_sources="lib/astro.c lib/dow.c lib/parse_date.c lib/parse_tz.c
+ lib/timelib.c lib/tm2unixtime.c lib/unixtime2tm.c lib/parse_iso_intervals.c lib/interval.c"
+diff --git a/ext/date/lib/parse_tz.c b/ext/date/lib/parse_tz.c
+index 233c55c..4b70178 100644
+--- a/ext/date/lib/parse_tz.c
++++ b/ext/date/lib/parse_tz.c
+@@ -26,8 +26,21 @@
+ #include "timelib.h"
+ #include "timelib_private.h"
+
++#ifdef HAVE_SYSTEM_TZDATA
++#include <sys/mman.h>
++#include <sys/stat.h>
++#include <limits.h>
++#include <fcntl.h>
++#include <unistd.h>
++
++#include "php_scandir.h"
++
++#else
+ #define TIMELIB_SUPPORTS_V2DATA
+ #include "timezonedb.h"
++#endif
++
++#include <ctype.h>
+
+ #if (defined(__APPLE__) || defined(__APPLE_CC__)) && (defined(__BIG_ENDIAN__) || defined(__LITTLE_ENDIAN__))
+ # if defined(__LITTLE_ENDIAN__)
+@@ -94,6 +107,11 @@ static int read_php_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
+ {
+ uint32_t version;
+
++ if (memcmp(*tzf, "TZif", 4) == 0) {
++ *tzf += 20;
++ return 0;
++ }
++
+ /* read ID */
+ version = (*tzf)[3] - '0';
+ *tzf += 4;
+@@ -418,7 +436,429 @@ void timelib_dump_tzinfo(timelib_tzinfo *tz)
+ }
+ }
+
+-static int seek_to_tz_position(const unsigned char **tzf, const char *timezone, const timelib_tzdb *tzdb)
++#ifdef HAVE_SYSTEM_TZDATA
++
++#ifdef HAVE_SYSTEM_TZDATA_PREFIX
++#define ZONEINFO_PREFIX HAVE_SYSTEM_TZDATA_PREFIX
++#else
++#define ZONEINFO_PREFIX "/usr/share/zoneinfo"
++#endif
++
++/* System timezone database pointer. */
++static const timelib_tzdb *timezonedb_system;
++
++/* Hash table entry for the cache of the zone.tab mapping table. */
++struct location_info {
++ char code[2];
++ double latitude, longitude;
++ char name[64];
++ char *comment;
++ struct location_info *next;
++};
++
++/* Cache of zone.tab. */
++static struct location_info **system_location_table;
++
++/* Size of the zone.tab hash table; a random-ish prime big enough to
++ * prevent too many collisions. */
++#define LOCINFO_HASH_SIZE (1021)
++
++/* Compute a case insensitive hash of str */
++static uint32_t tz_hash(const char *str)
++{
++ const unsigned char *p = (const unsigned char *)str;
++ uint32_t hash = 5381;
++ int c;
++
++ while ((c = tolower(*p++)) != '\0') {
++ hash = (hash << 5) ^ hash ^ c;
++ }
++
++ return hash % LOCINFO_HASH_SIZE;
++}
++
++/* Parse an ISO-6709 date as used in zone.tab. Returns end of the
++ * parsed string on success, or NULL on parse error. On success,
++ * writes the parsed number to *result. */
++static char *parse_iso6709(char *p, double *result)
++{
++ double v, sign;
++ char *pend;
++ size_t len;
++
++ if (*p == '+')
++ sign = 1.0;
++ else if (*p == '-')
++ sign = -1.0;
++ else
++ return NULL;
++
++ p++;
++ for (pend = p; *pend >= '0' && *pend <= '9'; pend++)
++ ;;
++
++ /* Annoying encoding used by zone.tab has no decimal point, so use
++ * the length to determine the format:
++ *
++ * 4 = DDMM
++ * 5 = DDDMM
++ * 6 = DDMMSS
++ * 7 = DDDMMSS
++ */
++ len = pend - p;
++ if (len < 4 || len > 7) {
++ return NULL;
++ }
++
++ /* p => [D]DD */
++ v = (p[0] - '0') * 10.0 + (p[1] - '0');
++ p += 2;
++ if (len == 5 || len == 7)
++ v = v * 10.0 + (*p++ - '0');
++ /* p => MM[SS] */
++ v += (10.0 * (p[0] - '0')
++ + p[1] - '0') / 60.0;
++ p += 2;
++ /* p => [SS] */
++ if (len > 5) {
++ v += (10.0 * (p[0] - '0')
++ + p[1] - '0') / 3600.0;
++ p += 2;
++ }
++
++ /* Round to five decimal place, not because it's a good idea,
++ * but, because the builtin data uses rounded data, so, match
++ * that. */
++ *result = trunc(v * sign * 100000.0) / 100000.0;
++
++ return p;
++}
++
++/* This function parses the zone.tab file to build up the mapping of
++ * timezone to country code and geographic location, and returns a
++ * hash table. The hash table is indexed by the function:
++ *
++ * tz_hash(timezone-name)
++ */
++static struct location_info **create_location_table(void)
++{
++ struct location_info **li, *i;
++ char zone_tab[PATH_MAX];
++ char line[512];
++ FILE *fp;
++
++ strncpy(zone_tab, ZONEINFO_PREFIX "/zone.tab", sizeof zone_tab);
++
++ fp = fopen(zone_tab, "r");
++ if (!fp) {
++ return NULL;
++ }
++
++ li = calloc(LOCINFO_HASH_SIZE, sizeof *li);
++
++ while (fgets(line, sizeof line, fp)) {
++ char *p = line, *code, *name, *comment;
++ uint32_t hash;
++ double latitude, longitude;
++
++ while (isspace(*p))
++ p++;
++
++ if (*p == '#' || *p == '\0' || *p == '\n')
++ continue;
++
++ if (!isalpha(p[0]) || !isalpha(p[1]) || p[2] != '\t')
++ continue;
++
++ /* code => AA */
++ code = p;
++ p[2] = 0;
++ p += 3;
++
++ /* coords => [+-][D]DDMM[SS][+-][D]DDMM[SS] */
++ p = parse_iso6709(p, &latitude);
++ if (!p) {
++ continue;
++ }
++ p = parse_iso6709(p, &longitude);
++ if (!p) {
++ continue;
++ }
++
++ if (!p || *p != '\t') {
++ continue;
++ }
++
++ /* name = string */
++ name = ++p;
++ while (*p != '\t' && *p && *p != '\n')
++ p++;
++
++ *p++ = '\0';
++
++ /* comment = string */
++ comment = p;
++ while (*p != '\t' && *p && *p != '\n')
++ p++;
++
++ if (*p == '\n' || *p == '\t')
++ *p = '\0';
++
++ hash = tz_hash(name);
++ i = malloc(sizeof *i);
++ memcpy(i->code, code, 2);
++ strncpy(i->name, name, sizeof i->name);
++ i->comment = strdup(comment);
++ i->longitude = longitude;
++ i->latitude = latitude;
++ i->next = li[hash];
++ li[hash] = i;
++ /* printf("%s [%u, %f, %f]\n", name, hash, latitude, longitude); */
++ }
++
++ fclose(fp);
++
++ return li;
++}
++
++/* Return location info from hash table, using given timezone name.
++ * Returns NULL if the name could not be found. */
++const struct location_info *find_zone_info(struct location_info **li,
++ const char *name)
++{
++ uint32_t hash = tz_hash(name);
++ const struct location_info *l;
++
++ if (!li) {
++ return NULL;
++ }
++
++ for (l = li[hash]; l; l = l->next) {
++ if (timelib_strcasecmp(l->name, name) == 0)
++ return l;
++ }
++
++ return NULL;
++}
++
++/* Filter out some non-tzdata files and the posix/right databases, if
++ * present. */
++static int index_filter(const struct dirent *ent)
++{
++ return strcmp(ent->d_name, ".") != 0
++ && strcmp(ent->d_name, "..") != 0
++ && strcmp(ent->d_name, "posix") != 0
++ && strcmp(ent->d_name, "posixrules") != 0
++ && strcmp(ent->d_name, "right") != 0
++ && strstr(ent->d_name, ".list") == NULL
++ && strstr(ent->d_name, ".tab") == NULL;
++}
++
++static int sysdbcmp(const void *first, const void *second)
++{
++ const timelib_tzdb_index_entry *alpha = first, *beta = second;
++
++ return timelib_strcasecmp(alpha->id, beta->id);
++}
++
++
++/* Create the zone identifier index by trawling the filesystem. */
++static void create_zone_index(timelib_tzdb *db)
++{
++ size_t dirstack_size, dirstack_top;
++ size_t index_size, index_next;
++ timelib_tzdb_index_entry *db_index;
++ char **dirstack;
++
++ /* LIFO stack to hold directory entries to scan; each slot is a
++ * directory name relative to the zoneinfo prefix. */
++ dirstack_size = 32;
++ dirstack = malloc(dirstack_size * sizeof *dirstack);
++ dirstack_top = 1;
++ dirstack[0] = strdup("");
++
++ /* Index array. */
++ index_size = 64;
++ db_index = malloc(index_size * sizeof *db_index);
++ index_next = 0;
++
++ do {
++ struct dirent **ents;
++ char name[PATH_MAX], *top;
++ int count;
++
++ /* Pop the top stack entry, and iterate through its contents. */
++ top = dirstack[--dirstack_top];
++ snprintf(name, sizeof name, ZONEINFO_PREFIX "/%s", top);
++
++ count = php_scandir(name, &ents, index_filter, php_alphasort);
++
++ while (count > 0) {
++ struct stat st;
++ const char *leaf = ents[count - 1]->d_name;
++
++ snprintf(name, sizeof name, ZONEINFO_PREFIX "/%s/%s",
++ top, leaf);
++
++ if (strlen(name) && stat(name, &st) == 0) {
++ /* Name, relative to the zoneinfo prefix. */
++ const char *root = top;
++
++ if (root[0] == '/') root++;
++
++ snprintf(name, sizeof name, "%s%s%s", root,
++ *root ? "/": "", leaf);
++
++ if (S_ISDIR(st.st_mode)) {
++ if (dirstack_top == dirstack_size) {
++ dirstack_size *= 2;
++ dirstack = realloc(dirstack,
++ dirstack_size * sizeof *dirstack);
++ }
++ dirstack[dirstack_top++] = strdup(name);
++ }
++ else {
++ if (index_next == index_size) {
++ index_size *= 2;
++ db_index = realloc(db_index,
++ index_size * sizeof *db_index);
++ }
++
++ db_index[index_next++].id = strdup(name);
++ }
++ }
++
++ free(ents[--count]);
++ }
++
++ if (count != -1) free(ents);
++ free(top);
++ } while (dirstack_top);
++
++ qsort(db_index, index_next, sizeof *db_index, sysdbcmp);
++
++ db->index = db_index;
++ db->index_size = index_next;
++
++ free(dirstack);
++}
++
++#define FAKE_HEADER "1234\0??\1??"
++#define FAKE_UTC_POS (7 - 4)
++
++/* Create a fake data segment for database 'sysdb'. */
++static void fake_data_segment(timelib_tzdb *sysdb,
++ struct location_info **info)
++{
++ size_t n;
++ char *data, *p;
++
++ data = malloc(3 * sysdb->index_size + 7);
++
++ p = mempcpy(data, FAKE_HEADER, sizeof(FAKE_HEADER) - 1);
++
++ for (n = 0; n < sysdb->index_size; n++) {
++ const struct location_info *li;
++ timelib_tzdb_index_entry *ent;
++
++ ent = (timelib_tzdb_index_entry *)&sysdb->index[n];
++
++ /* Lookup the timezone name in the hash table. */
++ if (strcmp(ent->id, "UTC") == 0) {
++ ent->pos = FAKE_UTC_POS;
++ continue;
++ }
++
++ li = find_zone_info(info, ent->id);
++ if (li) {
++ /* If found, append the BC byte and the
++ * country code; set the position for this
++ * section of timezone data. */
++ ent->pos = (p - data) - 4;
++ *p++ = '\1';
++ *p++ = li->code[0];
++ *p++ = li->code[1];
++ }
++ else {
++ /* If not found, the timezone data can
++ * point at the header. */
++ ent->pos = 0;
++ }
++ }
++
++ sysdb->data = (unsigned char *)data;
++}
++
++/* Returns true if the passed-in stat structure describes a
++ * probably-valid timezone file. */
++static int is_valid_tzfile(const struct stat *st, int fd)
++{
++ if (fd) {
++ char buf[20];
++ if (read(fd, buf, 20)!=20) {
++ return 0;
++ }
++ lseek(fd, SEEK_SET, 0);
++ if (memcmp(buf, "TZif", 4)) {
++ return 0;
++ }
++ }
++ return S_ISREG(st->st_mode) && st->st_size > 20;
++}
++
++/* To allow timezone names to be used case-insensitively, find the
++ * canonical name for this timezone, if possible. */
++static const char *canonical_tzname(const char *timezone)
++{
++ if (timezonedb_system) {
++ timelib_tzdb_index_entry *ent, lookup;
++
++ lookup.id = (char *)timezone;
++
++ ent = bsearch(&lookup, timezonedb_system->index,
++ timezonedb_system->index_size, sizeof lookup,
++ sysdbcmp);
++ if (ent) {
++ return ent->id;
++ }
++ }
++
++ return timezone;
++}
++
++/* Return the mmap()ed tzfile if found, else NULL. On success, the
++ * length of the mapped data is placed in *length. */
++static char *map_tzfile(const char *timezone, size_t *length)
++{
++ char fname[PATH_MAX];
++ struct stat st;
++ char *p;
++ int fd;
++
++ if (timezone[0] == '\0' || strstr(timezone, "..") != NULL) {
++ return NULL;
++ }
++
++ snprintf(fname, sizeof fname, ZONEINFO_PREFIX "/%s", canonical_tzname(timezone));
++
++ fd = open(fname, O_RDONLY);
++ if (fd == -1) {
++ return NULL;
++ } else if (fstat(fd, &st) != 0 || !is_valid_tzfile(&st, fd)) {
++ close(fd);
++ return NULL;
++ }
++
++ *length = st.st_size;
++ p = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0);
++ close(fd);
++
++ return p != MAP_FAILED ? p : NULL;
++}
++
++#endif
++
++static int inmem_seek_to_tz_position(const unsigned char **tzf, const char *timezone, const timelib_tzdb *tzdb)
+ {
+ int left = 0, right = tzdb->index_size - 1;
+
+@@ -444,9 +884,48 @@ static int seek_to_tz_position(const unsigned char **tzf, const char *timezone,
+ return 0;
+ }
+
++static int seek_to_tz_position(const unsigned char **tzf, const char *timezone,
++ char **map, size_t *maplen,
++ const timelib_tzdb *tzdb)
++{
++#ifdef HAVE_SYSTEM_TZDATA
++ if (tzdb == timezonedb_system) {
++ char *orig;
++
++ orig = map_tzfile(timezone, maplen);
++ if (orig == NULL) {
++ return 0;
++ }
++
++ (*tzf) = (unsigned char *)orig;
++ *map = orig;
++ return 1;
++ }
++ else
++#endif
++ {
++ return inmem_seek_to_tz_position(tzf, timezone, tzdb);
++ }
++}
++
+ const timelib_tzdb *timelib_builtin_db(void)
+ {
++#ifdef HAVE_SYSTEM_TZDATA
++ if (timezonedb_system == NULL) {
++ timelib_tzdb *tmp = malloc(sizeof *tmp);
++
++ tmp->version = "0.system";
++ tmp->data = NULL;
++ create_zone_index(tmp);
++ system_location_table = create_location_table();
++ fake_data_segment(tmp, system_location_table);
++ timezonedb_system = tmp;
++ }
++
++ return timezonedb_system;
++#else
+ return &timezonedb_builtin;
++#endif
+ }
+
+ const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_tzdb *tzdb, int *count)
+@@ -458,7 +937,30 @@ const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_
+ int timelib_timezone_id_is_valid(const char *timezone, const timelib_tzdb *tzdb)
+ {
+ const unsigned char *tzf;
+- return (seek_to_tz_position(&tzf, timezone, tzdb));
++
++#ifdef HAVE_SYSTEM_TZDATA
++ if (tzdb == timezonedb_system) {
++ char fname[PATH_MAX];
++ struct stat st;
++
++ if (timezone[0] == '\0' || strstr(timezone, "..") != NULL) {
++ return 0;
++ }
++
++ if (system_location_table) {
++ if (find_zone_info(system_location_table, timezone) != NULL) {
++ /* found in cache */
++ return 1;
++ }
++ }
++
++ snprintf(fname, sizeof fname, ZONEINFO_PREFIX "/%s", canonical_tzname(timezone));
++
++ return stat(fname, &st) == 0 && is_valid_tzfile(&st, 0);
++ }
++#endif
++
++ return (inmem_seek_to_tz_position(&tzf, timezone, tzdb));
+ }
+
+ static int skip_64bit_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
+@@ -500,12 +1002,14 @@ static timelib_tzinfo* timelib_tzinfo_ctor(const char *name)
+ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *tzdb, int *error_code)
+ {
+ const unsigned char *tzf;
++ char *memmap = NULL;
++ size_t maplen;
+ timelib_tzinfo *tmp;
+ int version;
+ int transitions_result, types_result;
+ unsigned int type; /* TIMELIB_TZINFO_PHP or TIMELIB_TZINFO_ZONEINFO */
+
+- if (seek_to_tz_position(&tzf, timezone, tzdb)) {
++ if (seek_to_tz_position(&tzf, timezone, &memmap, &maplen, tzdb)) {
+ tmp = timelib_tzinfo_ctor(timezone);
+
+ version = read_preamble(&tzf, tmp, &type);
+@@ -540,11 +1044,36 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t
+ }
+ skip_posix_string(&tzf, tmp);
+
++#ifdef HAVE_SYSTEM_TZDATA
++ if (memmap) {
++ const struct location_info *li;
++
++ /* TZif-style - grok the location info from the system database,
++ * if possible. */
++
++ if ((li = find_zone_info(system_location_table, timezone)) != NULL) {
++ tmp->location.comments = timelib_strdup(li->comment);
++ strncpy(tmp->location.country_code, li->code, 2);
++ tmp->location.longitude = li->longitude;
++ tmp->location.latitude = li->latitude;
++ tmp->bc = 1;
++ }
++ else {
++ set_default_location_and_comments(&tzf, tmp);
++ }
++
++ /* Now done with the mmap segment - discard it. */
++ munmap(memmap, maplen);
++ } else {
++#endif
+ if (type == TIMELIB_TZINFO_PHP) {
+ read_location(&tzf, tmp);
+ } else {
+ set_default_location_and_comments(&tzf, tmp);
+ }
++#ifdef HAVE_SYSTEM_TZDATA
++ }
++#endif
+ } else {
+ *error_code = TIMELIB_ERROR_NO_SUCH_TIMEZONE;
+ tmp = NULL;
--- /dev/null
+From: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
+Date: Sat, 2 May 2015 10:26:56 +0200
+Subject: Use system timezone
+
+Upstream don't want this patch. See
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730771 for a summary.
+
+This delta is recovered from previous versions of the system timezone patch in
+Debian, and appears to have inadvertently been dropped. Author unknown.
+
+To be used in tandem with use_embedded_timezonedb.patch and use_embedded_timezonedb_fixes.patch.
+---
+ ext/date/php_date.c | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+diff --git a/ext/date/php_date.c b/ext/date/php_date.c
+index 8c0f5a6..6b650ac 100644
+--- a/ext/date/php_date.c
++++ b/ext/date/php_date.c
+@@ -538,6 +538,23 @@ static char* guess_timezone(const timelib_tzdb *tzdb)
+ DATEG(timezone_valid) = 1;
+ return DATEG(default_timezone);
+ }
++ /* Try to guess timezone from system information */
++ {
++ struct tm *ta, tmbuf;
++ time_t the_time;
++ char *tzid = NULL;
++
++ the_time = time(NULL);
++ ta = php_localtime_r(&the_time, &tmbuf);
++ if (ta) {
++ tzid = timelib_timezone_id_from_abbr(ta->tm_zone, ta->tm_gmtoff, ta->tm_isdst);
++ }
++ if (! tzid) {
++ tzid = "UTC";
++ }
++
++ return tzid;
++ }
+ /* Fallback to UTC */
+ return "UTC";
+ }
--- /dev/null
+From: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
+Date: Sat, 2 May 2015 10:26:56 +0200
+Subject: php-5.4.9-fixheader
+
+Make generated php_config.h constant across rebuilds.
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index dcfe883..9b94618 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1280,7 +1280,7 @@ PHP_REMOVE_USR_LIB(LDFLAGS)
+ EXTRA_LDFLAGS="$EXTRA_LDFLAGS $PHP_LDFLAGS"
+ EXTRA_LDFLAGS_PROGRAM="$EXTRA_LDFLAGS_PROGRAM $PHP_LDFLAGS"
+
+-UNAME=`uname -a | xargs`
++UNAME=`uname | xargs`
+ PHP_UNAME=${PHP_UNAME:-$UNAME}
+ AC_DEFINE_UNQUOTED(PHP_UNAME,"$PHP_UNAME",[uname -a output])
+ PHP_OS=`uname | xargs`
--- /dev/null
+From: =?utf-8?b?T25kxZllaiBTdXLDvQ==?= <ondrej@sury.org>
+Date: Wed, 29 Jul 2015 14:37:55 +0200
+Subject: Remove W3C validation icon to not expose the reader's IP address to
+ potential tracking.
+
+---
+ sapi/fpm/status.html.in | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/sapi/fpm/status.html.in b/sapi/fpm/status.html.in
+index d3b6d5e..f71d486 100644
+--- a/sapi/fpm/status.html.in
++++ b/sapi/fpm/status.html.in
+@@ -70,11 +70,6 @@
+ <tr class="h"><th>PID↓</th><th>Start Time</th><th>Start Since</th><th>Requests Served</th><th>Request Duration</th><th>Request method</th><th>Request URI</th><th>Content Length</th><th>User</th><th>Script</th><th>Last Request %CPU</th><th>Last Request Memory</th></tr>
+ </table>
+ </div>
+- <p>
+- <a href="http://validator.w3.org/check?uri=referer">
+- <img src="http://www.w3.org/Icons/valid-xhtml10" alt="Valid XHTML 1.0 Transitional" height="31" width="88" />
+- </a>
+- </p>
+ <script type="text/javascript">
+ <!--
+ var xhr_object = null;
--- /dev/null
+From: Thijs Kinkhorst <thijs@debian.org>
+Date: Mon, 2 Dec 2019 22:18:43 +0100
+Subject: Add patch to remove build timestamps from generated binaries.
+
+---
+
+--- a/ext/standard/info.c
++++ b/ext/standard/info.c
+@@ -791,7 +791,6 @@ PHPAPI ZEND_COLD void php_print_info(int flag)
+ php_info_print_box_end();
+ php_info_print_table_start();
+ php_info_print_table_row(2, "System", ZSTR_VAL(php_uname));
+- php_info_print_table_row(2, "Build Date", __DATE__ " " __TIME__);
+ #ifdef PHP_BUILD_SYSTEM
+ php_info_print_table_row(2, "Build System", PHP_BUILD_SYSTEM);
+ #endif
+--- a/sapi/apache2handler/config.m4
++++ b/sapi/apache2handler/config.m4
+@@ -64,18 +64,9 @@ if test "$PHP_APXS2" != "no"; then
+ fi
+
+ APXS_LIBEXECDIR='$(INSTALL_ROOT)'`$APXS -q LIBEXECDIR`
+- if test -z `$APXS -q SYSCONFDIR`; then
+- INSTALL_IT="\$(mkinstalldirs) '$APXS_LIBEXECDIR' && \
+- $APXS -S LIBEXECDIR='$APXS_LIBEXECDIR' \
+- -i -n php"
+- else
+- APXS_SYSCONFDIR='$(INSTALL_ROOT)'`$APXS -q SYSCONFDIR`
+- INSTALL_IT="\$(mkinstalldirs) '$APXS_LIBEXECDIR' && \
+- \$(mkinstalldirs) '$APXS_SYSCONFDIR' && \
+- $APXS -S LIBEXECDIR='$APXS_LIBEXECDIR' \
+- -S SYSCONFDIR='$APXS_SYSCONFDIR' \
+- -i -a -n php"
+- fi
++ INSTALL_IT="\$(mkinstalldirs) '$APXS_LIBEXECDIR' && \
++ $APXS -S LIBEXECDIR='$APXS_LIBEXECDIR' \
++ -i -n php"
+
+ LIBPHP_CFLAGS="-shared"
+ PHP_SUBST(LIBPHP_CFLAGS)
+--- a/sapi/cgi/cgi_main.c
++++ b/sapi/cgi/cgi_main.c
+@@ -2371,9 +2371,9 @@ parent_loop_end:
+ SG(headers_sent) = 1;
+ SG(request_info).no_headers = 1;
+ #if ZEND_DEBUG
+- php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++ php_printf("PHP %s (%s) (DEBUG)\nCopyright (c) The PHP Group\n%s", PHP_VERSION, sapi_module.name, get_zend_version());
+ #else
+- php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++ php_printf("PHP %s (%s)\nCopyright (c) The PHP Group\n%s", PHP_VERSION, sapi_module.name, get_zend_version());
+ #endif
+ php_request_shutdown((void *) 0);
+ fcgi_shutdown();
+--- a/sapi/cli/php_cli.c
++++ b/sapi/cli/php_cli.c
+@@ -633,8 +633,8 @@ static int do_cli(int argc, char **argv) /* {{{ */
+ goto out;
+
+ case 'v': /* show php version & quit */
+- php_printf("PHP %s (%s) (built: %s %s) ( %s)\nCopyright (c) The PHP Group\n%s",
+- PHP_VERSION, cli_sapi_module.name, __DATE__, __TIME__,
++ php_printf("PHP %s (%s) ( %s)\nCopyright (c) The PHP Group\n%s",
++ PHP_VERSION, cli_sapi_module.name,
+ #ifdef ZTS
+ "ZTS "
+ #else
+--- a/sapi/fpm/fpm/fpm_main.c
++++ b/sapi/fpm/fpm/fpm_main.c
+@@ -1694,9 +1694,9 @@ int main(int argc, char *argv[])
+ SG(request_info).no_headers = 1;
+
+ #if ZEND_DEBUG
+- php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++ php_printf("PHP %s (%s) (DEBUG)\nCopyright (c) The PHP Group\n%s", PHP_VERSION, sapi_module.name, get_zend_version());
+ #else
+- php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++ php_printf("PHP %s (%s)\nCopyright (c) The PHP Group\n%s", PHP_VERSION, sapi_module.name, get_zend_version());
+ #endif
+ php_request_shutdown((void *) 0);
+ fcgi_shutdown();
+--- a/sapi/phpdbg/phpdbg.c
++++ b/sapi/phpdbg/phpdbg.c
+@@ -1634,10 +1634,8 @@ phpdbg_main:
+ phpdbg_do_help_cmd(exec);
+ } else if (show_version) {
+ phpdbg_out(
+- "phpdbg %s (built: %s %s)\nPHP %s, Copyright (c) The PHP Group\n%s",
++ "phpdbg %s\nPHP %s, Copyright (c) The PHP Group\n%s",
+ PHPDBG_VERSION,
+- __DATE__,
+- __TIME__,
+ PHP_VERSION,
+ get_zend_version()
+ );
--- /dev/null
+--- a/sapi/litespeed/lsapi_main.c
++++ b/sapi/litespeed/lsapi_main.c
+@@ -1276,9 +1276,9 @@ static int cli_main( int argc, char * ar
+ case 'v':
+ if (php_request_startup() != FAILURE) {
+ #if ZEND_DEBUG
+- php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++ php_printf("PHP %s (%s) (DEBUG)\nCopyright (c) The PHP Group\n%s", PHP_VERSION, sapi_module.name, get_zend_version());
+ #else
+- php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++ php_printf("PHP %s (%s)\nCopyright (c) The PHP Group\n%s", PHP_VERSION, sapi_module.name, get_zend_version());
+ #endif
+ #ifdef PHP_OUTPUT_NEWAPI
+ php_output_end_all();
--- /dev/null
+From dd6ee0fb6715881b204fb4cb124db9134c1a6c7d Mon Sep 17 00:00:00 2001
+From: Michael Heimpold <mhei@heimpold.de>
+Date: Mon, 2 Dec 2019 22:42:28 +0100
+Subject: [PATCH] ext/opcache: fix detection of shm/mmap
+
+The detection of sysvipc and mmap doesn't work well when cross-compiling,
+so I decided to only check for the availability of the functions involved.
+This is not a clean solution, but works for now(tm) :-)
+
+It should be discussed with upstream to find a better solution.
+
+This solves the issue reported at
+https://github.com/openwrt/packages/issues/1010
+and makes opcache usable on OpenWrt.
+
+Signed-off-by: Michael Heimpold <mhei@heimpold.de>
+---
+ ext/opcache/config.m4 | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+--- a/ext/opcache/config.m4
++++ b/ext/opcache/config.m4
+@@ -167,7 +167,10 @@ int main() {
+ }
+ ]])],[dnl
+ AC_DEFINE(HAVE_SHM_IPC, 1, [Define if you have SysV IPC SHM support])
+- have_shm_ipc=yes],[have_shm_ipc=no],[have_shm_ipc=no])
++ have_shm_ipc=yes],[have_shm_ipc=no],[dnl
++ AC_CHECK_FUNC(shmget,[dnl
++ AC_DEFINE(HAVE_SHM_IPC, 1, [Define if you have SysV IPC SHM support])
++ have_shm_ipc=yes],[have_shm_ipc=no])])
+ AC_MSG_RESULT([$have_shm_ipc])
+
+ AC_MSG_CHECKING(for mmap() using MAP_ANON shared memory support)
+@@ -219,7 +222,10 @@ int main() {
+ }
+ ]])],[dnl
+ AC_DEFINE(HAVE_SHM_MMAP_ANON, 1, [Define if you have mmap(MAP_ANON) SHM support])
+- have_shm_mmap_anon=yes],[have_shm_mmap_anon=no],[have_shm_mmap_anon=no])
++ have_shm_mmap_anon=yes],[have_shm_mmap_anon=no],[dnl
++ AC_CHECK_FUNC(mmap,[dnl
++ AC_DEFINE(HAVE_SHM_MMAP_ANON, 1, [Define if you have mmap(MAP_ANON) SHM support])
++ have_shm_mmap_anon=yes],[have_shm_mmap_anon=no])])
+ AC_MSG_RESULT([$have_shm_mmap_anon=yes])
+
+ PHP_CHECK_FUNC_LIB(shm_open, rt, root)
--- /dev/null
+--- a/ext/phar/config.m4
++++ b/ext/phar/config.m4
+@@ -19,7 +19,7 @@ if test "$PHP_PHAR" != "no"; then
+ fi
+ PHP_ADD_EXTENSION_DEP(phar, hash, true)
+ PHP_ADD_EXTENSION_DEP(phar, spl, true)
+- PHP_ADD_MAKEFILE_FRAGMENT
++ #PHP_ADD_MAKEFILE_FRAGMENT
+
+ PHP_INSTALL_HEADERS([ext/phar], [php_phar.h])
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -1417,13 +1417,13 @@ CFLAGS_CLEAN="$CFLAGS \$(PROF_FLAGS)"
+ CFLAGS="\$(CFLAGS_CLEAN) $standard_libtool_flag"
+ CXXFLAGS="$CXXFLAGS $standard_libtool_flag \$(PROF_FLAGS)"
+
+-if test "$PHP_PHAR" != "no" && test "$PHP_CLI" != "no"; then
+- pharcmd=pharcmd
+- pharcmd_install=install-pharcmd
+-else
++#if test "$PHP_PHAR" != "no" && test "$PHP_CLI" != "no"; then
++# pharcmd=pharcmd
++# pharcmd_install=install-pharcmd
++#else
+ pharcmd=
+ pharcmd_install=
+-fi;
++#fi;
+
+ all_targets="$lcov_target \$(OVERALL_TARGET) \$(PHP_MODULES) \$(PHP_ZEND_EX) \$(PHP_BINARIES) $pharcmd"
+ install_targets="$install_sapi $install_modules $install_binaries install-build install-headers install-programs $install_pear $pharcmd_install"
--- /dev/null
+From 73ea1d44c1e6b063bfa02e12919ec8a9de3709d8 Mon Sep 17 00:00:00 2001
+From: Michael Heimpold <mhei@heimpold.de>
+Date: Wed, 3 Feb 2021 22:51:34 +0100
+Subject: [PATCH] Fix opcache jit minilua compiling
+
+Signed-off-by: Michael Heimpold <mhei@heimpold.de>
+---
+ ext/opcache/jit/Makefile.frag | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ext/opcache/jit/Makefile.frag b/ext/opcache/jit/Makefile.frag
+index d4f97de..7421897 100644
+--- a/ext/opcache/jit/Makefile.frag
++++ b/ext/opcache/jit/Makefile.frag
+@@ -1,6 +1,6 @@
+
+ $(builddir)/minilua: $(srcdir)/jit/dynasm/minilua.c
+- $(CC) $(srcdir)/jit/dynasm/minilua.c -lm -o $@
++ $(HOSTCC) $(srcdir)/jit/dynasm/minilua.c -lm -o $@
+
+ $(builddir)/jit/zend_jit_x86.c: $(srcdir)/jit/zend_jit_x86.dasc $(srcdir)/jit/dynasm/*.lua $(builddir)/minilua
+ $(builddir)/minilua $(srcdir)/jit/dynasm/dynasm.lua $(DASM_FLAGS) -o $@ $(srcdir)/jit/zend_jit_x86.dasc
+--
+2.17.1
+
--- /dev/null
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+define Package/php8-pecl/Default
+ SUBMENU:=PHP8
+ SECTION:=lang
+ CATEGORY:=Languages
+ URL:=http://pecl.php.net/
+ DEPENDS:=php8
+endef
+
+define Build/Prepare
+ $(Build/Prepare/Default)
+ ( cd $(PKG_BUILD_DIR); $(STAGING_DIR)/usr/bin/phpize8 )
+endef
+
+CONFIGURE_VARS+= \
+ ac_cv_c_bigendian_php=$(if $(CONFIG_BIG_ENDIAN),yes,no)
+
+CONFIGURE_ARGS+= \
+ --with-php-config=$(STAGING_DIR)/usr/bin/php8-config
+
+define PHP8PECLPackage
+
+ define Package/php8-pecl-$(1)
+ $(call Package/php8-pecl/Default)
+ TITLE:=$(2)
+
+ ifneq ($(3),)
+ DEPENDS+=$(3)
+ endif
+
+ VARIANT:=php8
+ endef
+
+ define Package/php8-pecl-$(1)/install
+ $(INSTALL_DIR) $$(1)/usr/lib/php8
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/modules/$(subst -,_,$(1)).so $$(1)/usr/lib/php8/
+ $(INSTALL_DIR) $$(1)/etc/php8
+ ifeq ($(5),zend)
+ echo "zend_extension=/usr/lib/php8/$(subst -,_,$(1)).so" > $$(1)/etc/php8/$(if $(4),$(4),20)_$(subst -,_,$(1)).ini
+ else
+ echo "extension=$(subst -,_,$(1)).so" > $$(1)/etc/php8/$(if $(4),$(4),20)_$(subst -,_,$(1)).ini
+ endif
+ endef
+
+endef
include $(TOPDIR)/rules.mk
PKG_NAME:=django-restframework
-PKG_VERSION:=3.12.1
+PKG_VERSION:=3.12.2
PKG_RELEASE:=1
PYPI_NAME:=djangorestframework
-PKG_HASH:=d54452aedebb4b650254ca092f9f4f5df947cb1de6ab245d817b08b4f4156249
+PKG_HASH:=0898182b4737a7b584a2c73735d89816343369f259fea932d90dc78e35d8ac33
PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
PKG_LICENSE:=BSD-3-Clause
include $(TOPDIR)/rules.mk
PKG_NAME:=django
-PKG_VERSION:=3.1.4
+PKG_VERSION:=3.1.5
PKG_RELEASE:=1
PYPI_NAME:=Django
-PKG_HASH:=edb10b5c45e7e9c0fb1dc00b76ec7449aca258a39ffd613dbd078c51d19c9f03
+PKG_HASH:=2d78425ba74c7a1a74b196058b261b9733a8570782f4e2828974777ccca7edf7
PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>, Peter Stadler <peter.stadler@student.uibk.ac.at>
PKG_LICENSE:=BSD-3-Clause
include $(TOPDIR)/rules.mk
PKG_NAME:=numpy
-PKG_VERSION:=1.19.4
+PKG_VERSION:=1.20.0
PKG_RELEASE:=1
PYPI_NAME:=$(PKG_NAME)
-PKG_HASH:=141ec3a3300ab89c7f2b0775289954d193cc8edb621ea05f99db9cb181530512
+PKG_HASH:=3d8233c03f116d068d5365fed4477f2947c7229582dad81e5953088989294cec
PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
include $(TOPDIR)/rules.mk
PKG_NAME:=python-openpyxl
-PKG_VERSION:=3.0.5
+PKG_VERSION:=3.0.6
PKG_RELEASE:=1
PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
PKG_LICENSE_FILES:=LICENCE.rst
PYPI_NAME:=openpyxl
-PKG_HASH:=18e11f9a650128a12580a58e3daba14e00a11d9e907c554a17ea016bf1a2c71b
+PKG_HASH:=b229112b46e158b910a5d1b270b212c42773d39cab24e8db527f775b82afc041
include ../pypi.mk
include $(INCLUDE_DIR)/package.mk
include $(TOPDIR)/rules.mk
PKG_NAME:=pillow
-PKG_VERSION:=8.0.1
+PKG_VERSION:=8.1.0
PKG_RELEASE:=1
PYPI_NAME:=Pillow
-PKG_HASH:=11c5c6e9b02c9dac08af04f093eb5a2f84857df70a7d4a6a6ad461aca803fb9e
+PKG_HASH:=887668e792b7edbfb1d3c9d8b5d8c859269a0f0eba4dda562adb95500f60dbba
PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
PKG_LICENSE:=HPND
include $(TOPDIR)/rules.mk
PKG_NAME:=pymysql
-PKG_VERSION:=0.10.1
+PKG_VERSION:=1.0.2
PKG_RELEASE:=1
PYPI_NAME:=PyMySQL
-PKG_HASH:=263040d2779a3b84930f7ac9da5132be0fefcd6f453a885756656103f8ee1fdd
+PKG_HASH:=816927a350f38d56072aeca5dfb10221fe1dc653745853d30a216637f5d7ad36
PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
PKG_LICENSE:=MIT
include $(TOPDIR)/rules.mk
PKG_NAME:=aiohttp
-PKG_VERSION:=3.6.1
-PKG_RELEASE:=2
+PKG_VERSION:=3.7.1
+PKG_RELEASE:=1
PYPI_NAME:=$(PKG_NAME)
-PKG_HASH:=fc55b1fec0e4cc1134ffb09ea3970783ee2906dc5dfd7cd16917913f2cfed65b
+PKG_HASH:=04f9d70f6c4d089be5068d7df6281e638f6820d4f1b1ec3dc012b0b43fa997d2
PKG_MAINTAINER:=Josef Schlehofer <pepe.schlehofer@gmail.com>
PKG_LICENSE:=Apache-2.0
include $(TOPDIR)/rules.mk
PKG_NAME:=python-chardet
-PKG_VERSION:=3.0.4
-PKG_RELEASE:=4
+PKG_VERSION:=4.0.0
+PKG_RELEASE:=1
PKG_LICENSE:=LGPL-2.1
PYPI_NAME:=chardet
-PKG_HASH:=84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae
+PKG_HASH:=0d6f53a15db4120f2b08c94f11e7d93d2c911ee118b6b30a04ec3ee8310179fa
include ../pypi.mk
include $(INCLUDE_DIR)/package.mk
include $(TOPDIR)/rules.mk
PKG_NAME:=python-cryptography
-PKG_VERSION:=3.2.1
+PKG_VERSION:=3.3.1
PKG_RELEASE:=1
PYPI_NAME:=cryptography
-PKG_HASH:=d3d5e10be0cf2a12214ddee45c6bd203dab435e3d83b4560c03066eda600bfe3
+PKG_HASH:=7e177e4bea2de937a584b13645cab32f25e3d96fc0bc4a4cf99c27dc77682be6
PKG_LICENSE:=Apache-2.0 BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE.APACHE LICENSE.BSD
--- /dev/null
+From 7eefc9c72f522e414f953fee2d6ca9242c566107 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Fri, 7 Jun 2019 18:18:46 -0700
+Subject: [PATCH 1/7] Add new ASN1_STRING_get0_data API
+
+Introduced with OpenSSL 1.1
+---
+ src/_cffi_src/openssl/asn1.py | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/src/_cffi_src/openssl/asn1.py
++++ b/src/_cffi_src/openssl/asn1.py
+@@ -45,6 +45,7 @@ void ASN1_OBJECT_free(ASN1_OBJECT *);
+
+ /* ASN1 STRING */
+ unsigned char *ASN1_STRING_data(ASN1_STRING *);
++const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *);
+ int ASN1_STRING_set(ASN1_STRING *, const void *, int);
+
+ /* ASN1 OCTET STRING */
+@@ -105,4 +106,7 @@ ASN1_NULL *ASN1_NULL_new(void);
+ """
+
+ CUSTOMIZATIONS = """
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++#define ASN1_STRING_data ASN1_STRING_get0_data
++#endif
+ """
--- /dev/null
+From 77b25307a743eb52ef5ead24c956e577f5bd025f Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Fri, 7 Jun 2019 20:42:04 -0700
+Subject: [PATCH 2/7] Add compatibility for X509_STORE_set_get_issuer
+
+Deprecated under OpenSSL 1.1.
+---
+ src/_cffi_src/openssl/x509_vfy.py | 8 ++++++++
+ src/cryptography/hazmat/bindings/openssl/_conditional.py | 8 ++++++++
+ 2 files changed, 16 insertions(+)
+
+--- a/src/_cffi_src/openssl/x509_vfy.py
++++ b/src/_cffi_src/openssl/x509_vfy.py
+@@ -22,6 +22,7 @@ TYPES = """
+ static const long Cryptography_HAS_102_VERIFICATION;
+ static const long Cryptography_HAS_110_VERIFICATION_PARAMS;
+ static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER;
++static const long Cryptography_HAS_X509_CB_ISSUER_CHECK;
+
+ typedef ... Cryptography_STACK_OF_ASN1_OBJECT;
+ typedef ... Cryptography_STACK_OF_X509_OBJECT;
+@@ -252,4 +253,11 @@ void (*X509_STORE_set_get_issuer)(X509_S
+ #else
+ static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 1;
+ #endif
++
++#ifndef X509_V_FLAG_CB_ISSUER_CHECK
++static const long Cryptography_HAS_X509_CB_ISSUER_CHECK = 0;
++#define X509_V_FLAG_CB_ISSUER_CHECK 0x0
++#else
++static const long Cryptography_HAS_X509_CB_ISSUER_CHECK = 1;
++#endif
+ """
+--- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
++++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
+@@ -270,6 +270,11 @@ def cryptography_has_get_proto_version()
+ "SSL_get_max_proto_version",
+ ]
+
++def cryptography_has_x509_cb_issuer_check():
++ return [
++ "X509_V_FLAG_CB_ISSUER_CHECK",
++ ]
++
+
+ # This is a mapping of
+ # {condition: function-returning-names-dependent-on-that-condition} so we can
+@@ -319,4 +324,7 @@ CONDITIONAL_NAMES = {
+ "Cryptography_HAS_VERIFIED_CHAIN": cryptography_has_verified_chain,
+ "Cryptography_HAS_SRTP": cryptography_has_srtp,
+ "Cryptography_HAS_GET_PROTO_VERSION": cryptography_has_get_proto_version,
++ "Cryptography_HAS_X509_CB_ISSUER_CHECK": (
++ cryptography_has_x509_cb_issuer_check
++ ),
+ }
--- /dev/null
+From 7a55c37e01114dfd1ae733b099fdee1ba1889449 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Fri, 7 Jun 2019 21:00:46 -0700
+Subject: [PATCH 3/7] Add compatibility for deprecated TLS methods
+
+---
+ src/_cffi_src/openssl/ssl.py | 45 +++++++++++++++++--
+ .../hazmat/bindings/openssl/_conditional.py | 36 +++++++++++++++
+ 2 files changed, 77 insertions(+), 4 deletions(-)
+
+--- a/src/_cffi_src/openssl/ssl.py
++++ b/src/_cffi_src/openssl/ssl.py
+@@ -14,12 +14,14 @@ TYPES = """
+ static const long Cryptography_HAS_SSL_ST;
+ static const long Cryptography_HAS_TLS_ST;
+ static const long Cryptography_HAS_SSL3_METHOD;
+-static const long Cryptography_HAS_TLSv1_1;
+-static const long Cryptography_HAS_TLSv1_2;
++static const long Cryptography_HAS_TLS1_METHOD;
++static const long Cryptography_HAS_TLS1_1_METHOD;
++static const long Cryptography_HAS_TLS1_2_METHOD;
+ static const long Cryptography_HAS_TLSv1_3;
+ static const long Cryptography_HAS_SECURE_RENEGOTIATION;
+ static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS;
+ static const long Cryptography_HAS_DTLS;
++static const long Cryptography_HAS_DTLS1_METHOD;
+ static const long Cryptography_HAS_SIGALGS;
+ static const long Cryptography_HAS_PSK;
+ static const long Cryptography_HAS_VERIFIED_CHAIN;
+@@ -543,8 +545,43 @@ static const long Cryptography_HAS_SSL3_
+
+ static const long Cryptography_HAS_RELEASE_BUFFERS = 1;
+ static const long Cryptography_HAS_OP_NO_COMPRESSION = 1;
+-static const long Cryptography_HAS_TLSv1_1 = 1;
+-static const long Cryptography_HAS_TLSv1_2 = 1;
++
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++static const long Cryptography_HAS_TLS1_METHOD = 0;
++const SSL_METHOD* (*TLSv1_method)(void) = NULL;
++const SSL_METHOD* (*TLSv1_server_method)(void) = NULL;
++const SSL_METHOD* (*TLSv1_client_method)(void) = NULL;
++#else
++static const long Cryptography_HAS_TLS1_METHOD = 1;
++#endif
++
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++static const long Cryptography_HAS_TLS1_1_METHOD = 0;
++const SSL_METHOD* (*TLSv1_1_method)(void) = NULL;
++const SSL_METHOD* (*TLSv1_1_server_method)(void) = NULL;
++const SSL_METHOD* (*TLSv1_1_client_method)(void) = NULL;
++#else
++static const long Cryptography_HAS_TLS1_1_METHOD = 1;
++#endif
++
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++static const long Cryptography_HAS_TLS1_2_METHOD = 0;
++const SSL_METHOD* (*TLSv1_2_method)(void) = NULL;
++const SSL_METHOD* (*TLSv1_2_server_method)(void) = NULL;
++const SSL_METHOD* (*TLSv1_2_client_method)(void) = NULL;
++#else
++static const long Cryptography_HAS_TLS1_2_METHOD = 1;
++#endif
++
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++static const long Cryptography_HAS_DTLS1_METHOD = 0;
++const SSL_METHOD* (*DTLSv1_method)(void) = NULL;
++const SSL_METHOD* (*DTLSv1_server_method)(void) = NULL;
++const SSL_METHOD* (*DTLSv1_client_method)(void) = NULL;
++#else
++static const long Cryptography_HAS_DTLS1_METHOD = 1;
++#endif
++
+ static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1;
+ static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1;
+ static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1;
+--- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
++++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
+@@ -33,6 +33,38 @@ def cryptography_has_ssl3_method():
+ ]
+
+
++def cryptography_has_tls1_method():
++ return [
++ "TLSv1_method",
++ "TLSv1_client_method",
++ "TLSv1_server_method",
++ ]
++
++
++def cryptography_has_tls1_1_method():
++ return [
++ "TLSv1_1_method",
++ "TLSv1_1_client_method",
++ "TLSv1_1_server_method",
++ ]
++
++
++def cryptography_has_tls1_2_method():
++ return [
++ "TLSv1_2_method",
++ "TLSv1_2_client_method",
++ "TLSv1_2_server_method",
++ ]
++
++
++def cryptography_has_dtls1_method():
++ return [
++ "DTLSv1_method",
++ "DTLSv1_client_method",
++ "DTLSv1_server_method",
++ ]
++
++
+ def cryptography_has_102_verification():
+ return [
+ "X509_V_ERR_SUITE_B_INVALID_VERSION",
+@@ -286,6 +318,10 @@ CONDITIONAL_NAMES = {
+ "Cryptography_HAS_RSA_OAEP_MD": cryptography_has_rsa_oaep_md,
+ "Cryptography_HAS_RSA_OAEP_LABEL": cryptography_has_rsa_oaep_label,
+ "Cryptography_HAS_SSL3_METHOD": cryptography_has_ssl3_method,
++ "Cryptography_HAS_TLS1_METHOD": cryptography_has_tls1_method,
++ "Cryptography_HAS_TLS1_1_METHOD": cryptography_has_tls1_1_method,
++ "Cryptography_HAS_TLS1_2_METHOD": cryptography_has_tls1_2_method,
++ "Cryptography_HAS_DTLS1_METHOD": cryptography_has_dtls1_method,
+ "Cryptography_HAS_102_VERIFICATION": cryptography_has_102_verification,
+ "Cryptography_HAS_110_VERIFICATION_PARAMS": (
+ cryptography_has_110_verification_params
--- /dev/null
+From 008e299aaf32af0b93eede649c6942af93b1c11e Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Sat, 15 Jun 2019 17:49:25 -0700
+Subject: [PATCH 4/7] Replace EVP_CIPHER_CTX_cleanup with EVP_CIPHER_CTX_reset
+
+Deprecated in OpenSSL 1.1
+---
+ src/_cffi_src/openssl/evp.py | 6 ++++++
+ src/cryptography/hazmat/backends/openssl/ciphers.py | 2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+--- a/src/_cffi_src/openssl/evp.py
++++ b/src/_cffi_src/openssl/evp.py
+@@ -48,6 +48,7 @@ int EVP_CipherUpdate(EVP_CIPHER_CTX *, u
+ const unsigned char *, int);
+ int EVP_CipherFinal_ex(EVP_CIPHER_CTX *, unsigned char *, int *);
+ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *);
++int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *);
+ EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
+ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *);
+ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *, int);
+@@ -269,4 +270,9 @@ static const long Cryptography_HAS_EVP_D
+ #ifndef EVP_PKEY_POLY1305
+ #define EVP_PKEY_POLY1305 NID_poly1305
+ #endif
++
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++#define EVP_CIPHER_CTX_cleanup EVP_CIPHER_CTX_reset
++#define OpenSSL_add_all_algorithms() do {} while(0)
++#endif
+ """
+--- a/src/cryptography/hazmat/backends/openssl/ciphers.py
++++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
+@@ -199,7 +199,7 @@ class _CipherContext(object):
+ self._backend.openssl_assert(res != 0)
+ self._tag = self._backend._ffi.buffer(tag_buf)[:]
+
+- res = self._backend._lib.EVP_CIPHER_CTX_cleanup(self._ctx)
++ res = self._backend._lib.EVP_CIPHER_CTX_reset(self._ctx)
+ self._backend.openssl_assert(res == 1)
+ return self._backend._ffi.buffer(buf)[: outlen[0]]
+
--- /dev/null
+From 339e0ab364ca931435c0ad134dc6047eb6974540 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Sat, 15 Jun 2019 18:47:46 -0700
+Subject: [PATCH 5/7] Switch get_*Update APIs to get0
+
+Deprecated in 1.1
+---
+ src/_cffi_src/openssl/x509.py | 27 ++++++++++++++++---
+ .../hazmat/backends/openssl/backend.py | 4 +--
+ .../hazmat/backends/openssl/x509.py | 8 +++---
+ 3 files changed, 29 insertions(+), 10 deletions(-)
+
+--- a/src/_cffi_src/openssl/x509.py
++++ b/src/_cffi_src/openssl/x509.py
+@@ -202,8 +202,10 @@ long X509_get_version(X509 *);
+
+ ASN1_TIME *X509_get_notBefore(X509 *);
+ ASN1_TIME *X509_get_notAfter(X509 *);
+-ASN1_TIME *X509_getm_notBefore(X509 *);
+-ASN1_TIME *X509_getm_notAfter(X509 *);
++ASN1_TIME *X509_getm_notBefore(const X509 *);
++ASN1_TIME *X509_getm_notAfter(const X509 *);
++const ASN1_TIME *X509_get0_notBefore(const X509 *);
++const ASN1_TIME *X509_get0_notAfter(const X509 *);
+
+ long X509_REQ_get_version(X509_REQ *);
+ X509_NAME *X509_REQ_get_subject_name(X509_REQ *);
+@@ -235,6 +237,8 @@ X509_CRL *sk_X509_CRL_value(Cryptography
+ long X509_CRL_get_version(X509_CRL *);
+ ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *);
+ ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *);
++const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *);
++const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *);
+ X509_NAME *X509_CRL_get_issuer(X509_CRL *);
+ Cryptography_STACK_OF_X509_REVOKED *X509_CRL_get_REVOKED(X509_CRL *);
+
+@@ -243,8 +247,11 @@ int X509_CRL_set_lastUpdate(X509_CRL *,
+ int X509_CRL_set_nextUpdate(X509_CRL *, ASN1_TIME *);
+ int X509_set_notBefore(X509 *, ASN1_TIME *);
+ int X509_set_notAfter(X509 *, ASN1_TIME *);
+-int X509_set1_notBefore(X509 *, ASN1_TIME *);
+-int X509_set1_notAfter(X509 *, ASN1_TIME *);
++
++int X509_CRL_set1_lastUpdate(X509_CRL *, const ASN1_TIME *);
++int X509_CRL_set1_nextUpdate(X509_CRL *, const ASN1_TIME *);
++int X509_set1_notBefore(X509 *, const ASN1_TIME *);
++int X509_set1_notAfter(X509 *, const ASN1_TIME *);
+
+ EC_KEY *d2i_EC_PUBKEY_bio(BIO *, EC_KEY **);
+ int i2d_EC_PUBKEY_bio(BIO *, EC_KEY *);
+@@ -299,4 +306,16 @@ int i2d_re_X509_CRL_tbs(X509_CRL *crl, u
+ return i2d_X509_CRL_INFO(crl->crl, pp);
+ }
+ #endif
++
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++#define X509_get_notBefore X509_get0_notBefore
++#define X509_get_notAfter X509_get0_notAfter
++#define X509_set_notBefore X509_set1_notBefore
++#define X509_set_notAfter X509_set1_notAfter
++
++#define X509_CRL_get_lastUpdate X509_CRL_get0_lastUpdate
++#define X509_CRL_get_nextUpdate X509_CRL_get0_nextUpdate
++#define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
++#define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
++#endif
+ """
+--- a/src/cryptography/hazmat/backends/openssl/backend.py
++++ b/src/cryptography/hazmat/backends/openssl/backend.py
+@@ -1128,12 +1128,12 @@ class Backend(object):
+
+ # Set the last update time.
+ last_update = self._create_asn1_time(builder._last_update)
+- res = self._lib.X509_CRL_set_lastUpdate(x509_crl, last_update)
++ res = self._lib.X509_CRL_set1_lastUpdate(x509_crl, last_update)
+ self.openssl_assert(res == 1)
+
+ # Set the next update time.
+ next_update = self._create_asn1_time(builder._next_update)
+- res = self._lib.X509_CRL_set_nextUpdate(x509_crl, next_update)
++ res = self._lib.X509_CRL_set1_nextUpdate(x509_crl, next_update)
+ self.openssl_assert(res == 1)
+
+ # Add extensions.
+--- a/src/cryptography/hazmat/backends/openssl/x509.py
++++ b/src/cryptography/hazmat/backends/openssl/x509.py
+@@ -86,12 +86,12 @@ class _Certificate(object):
+
+ @property
+ def not_valid_before(self):
+- asn1_time = self._backend._lib.X509_getm_notBefore(self._x509)
++ asn1_time = self._backend._lib.X509_get0_notBefore(self._x509)
+ return _parse_asn1_time(self._backend, asn1_time)
+
+ @property
+ def not_valid_after(self):
+- asn1_time = self._backend._lib.X509_getm_notAfter(self._x509)
++ asn1_time = self._backend._lib.X509_get0_notAfter(self._x509)
+ return _parse_asn1_time(self._backend, asn1_time)
+
+ @property
+@@ -277,13 +277,13 @@ class _CertificateRevocationList(object)
+
+ @property
+ def next_update(self):
+- nu = self._backend._lib.X509_CRL_get_nextUpdate(self._x509_crl)
++ nu = self._backend._lib.X509_CRL_get0_nextUpdate(self._x509_crl)
+ self._backend.openssl_assert(nu != self._backend._ffi.NULL)
+ return _parse_asn1_time(self._backend, nu)
+
+ @property
+ def last_update(self):
+- lu = self._backend._lib.X509_CRL_get_lastUpdate(self._x509_crl)
++ lu = self._backend._lib.X509_CRL_get0_lastUpdate(self._x509_crl)
+ self._backend.openssl_assert(lu != self._backend._ffi.NULL)
+ return _parse_asn1_time(self._backend, lu)
+
--- /dev/null
+From 98bf3eda9c950158cf6a0a6a698dd365712201b1 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Mon, 25 Nov 2019 12:06:16 -0800
+Subject: [PATCH 6/7] Add X509_STORE_CTX_trusted_stack compatibility macro
+
+Deprecated in 1.1
+
+Signed-off-by: Rosen Penev <rosenp@gmail.com>
+---
+ src/_cffi_src/openssl/x509_vfy.py | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+--- a/src/_cffi_src/openssl/x509_vfy.py
++++ b/src/_cffi_src/openssl/x509_vfy.py
+@@ -157,8 +157,12 @@ int X509_STORE_CTX_init(X509_STORE_CTX *
+ Cryptography_STACK_OF_X509 *);
+ void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *,
+ Cryptography_STACK_OF_X509 *);
++void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *,
++ Cryptography_STACK_OF_X509 *);
+ void X509_STORE_CTX_set_cert(X509_STORE_CTX *, X509 *);
+-void X509_STORE_CTX_set_chain(X509_STORE_CTX *,Cryptography_STACK_OF_X509 *);
++void X509_STORE_CTX_set_chain(X509_STORE_CTX *, Cryptography_STACK_OF_X509 *);
++void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *,
++ Cryptography_STACK_OF_X509 *);
+ X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *);
+ void X509_STORE_CTX_set0_param(X509_STORE_CTX *, X509_VERIFY_PARAM *);
+ int X509_STORE_CTX_set_default(X509_STORE_CTX *, const char *);
+@@ -260,4 +264,10 @@ static const long Cryptography_HAS_X509_
+ #else
+ static const long Cryptography_HAS_X509_CB_ISSUER_CHECK = 1;
+ #endif
++
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++#define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack
++#define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted
++#define X509_STORE_CTX_get_chain X509_STORE_CTX_get1_chain
++#endif
+ """
--- /dev/null
+From e96af1cee523c5551c7fc5f36eba8e271fa51b20 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Thu, 5 Dec 2019 12:52:13 -0800
+Subject: [PATCH 7/7] Add defines for totally deprecated functions
+
+---
+ src/_cffi_src/openssl/conf.py | 4 ++++
+ src/_cffi_src/openssl/crypto.py | 4 ++++
+ src/_cffi_src/openssl/ecdh.py | 3 +++
+ src/_cffi_src/openssl/ssl.py | 5 +++++
+ 4 files changed, 16 insertions(+)
+
+--- a/src/_cffi_src/openssl/conf.py
++++ b/src/_cffi_src/openssl/conf.py
+@@ -18,4 +18,8 @@ void OPENSSL_no_config(void);
+ """
+
+ CUSTOMIZATIONS = """
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++#define OPENSSL_config(x) 0
++#define OPENSSL_no_config() 0
++#endif
+ """
+--- a/src/_cffi_src/openssl/crypto.py
++++ b/src/_cffi_src/openssl/crypto.py
+@@ -114,4 +114,8 @@ void *Cryptography_realloc_wrapper(void
+ void Cryptography_free_wrapper(void *ptr, const char *path, int line) {
+ free(ptr);
+ }
++
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++#define CRYPTO_get_locking_callback() 0
++#endif
+ """
+--- a/src/_cffi_src/openssl/ecdh.py
++++ b/src/_cffi_src/openssl/ecdh.py
+@@ -18,4 +18,7 @@ long SSL_CTX_set_ecdh_auto(SSL_CTX *, in
+ """
+
+ CUSTOMIZATIONS = """
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++#define SSL_CTX_set_ecdh_auto(a, b) ((b) != 0)
++#endif
+ """
+--- a/src/_cffi_src/openssl/ssl.py
++++ b/src/_cffi_src/openssl/ssl.py
+@@ -739,4 +739,9 @@ long (*SSL_get_max_proto_version)(SSL *)
+ #else
+ static const long Cryptography_HAS_GET_PROTO_VERSION = 1;
+ #endif
++
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++#define SSL_library_init() 1
++#define SSL_load_error_strings() 0
++#endif
+ """
+++ /dev/null
-From 1d97b931bf4701fbd3478d2b788ec4310d9eb8e1 Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Fri, 7 Jun 2019 18:18:46 -0700
-Subject: [PATCH] Add new ASN1_STRING_get0_data API
-
-Introduced with OpenSSL 1.1
----
- src/_cffi_src/openssl/asn1.py | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
---- a/src/_cffi_src/openssl/asn1.py
-+++ b/src/_cffi_src/openssl/asn1.py
-@@ -45,6 +45,7 @@ void ASN1_OBJECT_free(ASN1_OBJECT *);
-
- /* ASN1 STRING */
- unsigned char *ASN1_STRING_data(ASN1_STRING *);
-+const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *);
- int ASN1_STRING_set(ASN1_STRING *, const void *, int);
-
- /* ASN1 OCTET STRING */
-@@ -105,4 +106,11 @@ ASN1_NULL *ASN1_NULL_new(void);
- """
-
- CUSTOMIZATIONS = """
-+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
-+#define ASN1_STRING_get0_data ASN1_STRING_data
-+#endif
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+#define ASN1_STRING_data ASN1_STRING_get0_data
-+#endif
- """
+++ /dev/null
-From a30684980e8f1f7472d885487880b405608f4122 Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Fri, 7 Jun 2019 20:42:04 -0700
-Subject: [PATCH] Add compatibility for X509_STORE_set_get_issuer
-
-Deprecated under OpenSSL 1.1.
----
- src/_cffi_src/openssl/x509_vfy.py | 8 ++++++++
- src/cryptography/hazmat/bindings/openssl/_conditional.py | 9 +++++++++
- 2 files changed, 17 insertions(+)
-
---- a/src/_cffi_src/openssl/x509_vfy.py
-+++ b/src/_cffi_src/openssl/x509_vfy.py
-@@ -22,6 +22,7 @@ TYPES = """
- static const long Cryptography_HAS_102_VERIFICATION;
- static const long Cryptography_HAS_110_VERIFICATION_PARAMS;
- static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER;
-+static const long Cryptography_HAS_X509_CB_ISSUER_CHECK;
-
- typedef ... Cryptography_STACK_OF_ASN1_OBJECT;
- typedef ... Cryptography_STACK_OF_X509_OBJECT;
-@@ -274,4 +275,11 @@ void (*X509_STORE_set_get_issuer)(X509_S
- #else
- static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 1;
- #endif
-+
-+#ifndef X509_V_FLAG_CB_ISSUER_CHECK
-+static const long Cryptography_HAS_X509_CB_ISSUER_CHECK = 0;
-+#define X509_V_FLAG_CB_ISSUER_CHECK 0x0
-+#else
-+static const long Cryptography_HAS_X509_CB_ISSUER_CHECK = 1;
-+#endif
- """
---- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
-+++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
-@@ -291,6 +291,12 @@ def cryptography_has_srtp():
- ]
-
-
-+def cryptography_has_x509_cb_issuer_check():
-+ return [
-+ "X509_V_FLAG_CB_ISSUER_CHECK",
-+ ]
-+
-+
- # This is a mapping of
- # {condition: function-returning-names-dependent-on-that-condition} so we can
- # loop over them and delete unsupported names at runtime. It will be removed
-@@ -342,4 +348,7 @@ CONDITIONAL_NAMES = {
- "Cryptography_HAS_ENGINE": cryptography_has_engine,
- "Cryptography_HAS_VERIFIED_CHAIN": cryptography_has_verified_chain,
- "Cryptography_HAS_SRTP": cryptography_has_srtp,
-+ "Cryptography_HAS_X509_CB_ISSUER_CHECK": (
-+ cryptography_has_x509_cb_issuer_check
-+ ),
- }
+++ /dev/null
-From 3f3b85a59d3c2cb021174ad92ad3a43d9eb73e62 Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Fri, 7 Jun 2019 21:00:46 -0700
-Subject: [PATCH] Add compatibility for deprecated TLS methods
-
----
- src/_cffi_src/openssl/ssl.py | 45 +++++++++++++++++--
- .../hazmat/bindings/openssl/_conditional.py | 36 +++++++++++++++
- 2 files changed, 77 insertions(+), 4 deletions(-)
-
---- a/src/_cffi_src/openssl/ssl.py
-+++ b/src/_cffi_src/openssl/ssl.py
-@@ -15,8 +15,9 @@ static const long Cryptography_HAS_SSL_S
- static const long Cryptography_HAS_TLS_ST;
- static const long Cryptography_HAS_SSL2;
- static const long Cryptography_HAS_SSL3_METHOD;
--static const long Cryptography_HAS_TLSv1_1;
--static const long Cryptography_HAS_TLSv1_2;
-+static const long Cryptography_HAS_TLS1_METHOD;
-+static const long Cryptography_HAS_TLS1_1_METHOD;
-+static const long Cryptography_HAS_TLS1_2_METHOD;
- static const long Cryptography_HAS_TLSv1_3;
- static const long Cryptography_HAS_SECURE_RENEGOTIATION;
- static const long Cryptography_HAS_TLSEXT_STATUS_REQ_CB;
-@@ -24,6 +25,7 @@ static const long Cryptography_HAS_STATU
- static const long Cryptography_HAS_TLSEXT_STATUS_REQ_TYPE;
- static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS;
- static const long Cryptography_HAS_DTLS;
-+static const long Cryptography_HAS_DTLS1_METHOD;
- static const long Cryptography_HAS_SIGALGS;
- static const long Cryptography_HAS_PSK;
- static const long Cryptography_HAS_CIPHER_DETAILS;
-@@ -596,8 +598,43 @@ static const long Cryptography_HAS_STATU
- static const long Cryptography_HAS_TLSEXT_STATUS_REQ_TYPE = 1;
- static const long Cryptography_HAS_RELEASE_BUFFERS = 1;
- static const long Cryptography_HAS_OP_NO_COMPRESSION = 1;
--static const long Cryptography_HAS_TLSv1_1 = 1;
--static const long Cryptography_HAS_TLSv1_2 = 1;
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+static const long Cryptography_HAS_TLS1_METHOD = 0;
-+const SSL_METHOD* (*TLSv1_method)(void) = NULL;
-+const SSL_METHOD* (*TLSv1_server_method)(void) = NULL;
-+const SSL_METHOD* (*TLSv1_client_method)(void) = NULL;
-+#else
-+static const long Cryptography_HAS_TLS1_METHOD = 1;
-+#endif
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+static const long Cryptography_HAS_TLS1_1_METHOD = 0;
-+const SSL_METHOD* (*TLSv1_1_method)(void) = NULL;
-+const SSL_METHOD* (*TLSv1_1_server_method)(void) = NULL;
-+const SSL_METHOD* (*TLSv1_1_client_method)(void) = NULL;
-+#else
-+static const long Cryptography_HAS_TLS1_1_METHOD = 1;
-+#endif
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+static const long Cryptography_HAS_TLS1_2_METHOD = 0;
-+const SSL_METHOD* (*TLSv1_2_method)(void) = NULL;
-+const SSL_METHOD* (*TLSv1_2_server_method)(void) = NULL;
-+const SSL_METHOD* (*TLSv1_2_client_method)(void) = NULL;
-+#else
-+static const long Cryptography_HAS_TLS1_2_METHOD = 1;
-+#endif
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+static const long Cryptography_HAS_DTLS1_METHOD = 0;
-+const SSL_METHOD* (*DTLSv1_method)(void) = NULL;
-+const SSL_METHOD* (*DTLSv1_server_method)(void) = NULL;
-+const SSL_METHOD* (*DTLSv1_client_method)(void) = NULL;
-+#else
-+static const long Cryptography_HAS_DTLS1_METHOD = 1;
-+#endif
-+
- static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1;
- static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1;
- static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1;
---- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
-+++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
-@@ -33,6 +33,38 @@ def cryptography_has_ssl3_method():
- ]
-
-
-+def cryptography_has_tls1_method():
-+ return [
-+ "TLSv1_method",
-+ "TLSv1_client_method",
-+ "TLSv1_server_method",
-+ ]
-+
-+
-+def cryptography_has_tls1_1_method():
-+ return [
-+ "TLSv1_1_method",
-+ "TLSv1_1_client_method",
-+ "TLSv1_1_server_method",
-+ ]
-+
-+
-+def cryptography_has_tls1_2_method():
-+ return [
-+ "TLSv1_2_method",
-+ "TLSv1_2_client_method",
-+ "TLSv1_2_server_method",
-+ ]
-+
-+
-+def cryptography_has_dtls1_method():
-+ return [
-+ "DTLSv1_method",
-+ "DTLSv1_client_method",
-+ "DTLSv1_server_method",
-+ ]
-+
-+
- def cryptography_has_102_verification():
- return [
- "X509_V_ERR_SUITE_B_INVALID_VERSION",
-@@ -307,6 +339,10 @@ CONDITIONAL_NAMES = {
- "Cryptography_HAS_RSA_OAEP_MD": cryptography_has_rsa_oaep_md,
- "Cryptography_HAS_RSA_OAEP_LABEL": cryptography_has_rsa_oaep_label,
- "Cryptography_HAS_SSL3_METHOD": cryptography_has_ssl3_method,
-+ "Cryptography_HAS_TLS1_METHOD": cryptography_has_tls1_method,
-+ "Cryptography_HAS_TLS1_1_METHOD": cryptography_has_tls1_1_method,
-+ "Cryptography_HAS_TLS1_2_METHOD": cryptography_has_tls1_2_method,
-+ "Cryptography_HAS_DTLS1_METHOD": cryptography_has_dtls1_method,
- "Cryptography_HAS_102_VERIFICATION": cryptography_has_102_verification,
- "Cryptography_HAS_110_VERIFICATION_PARAMS": (
- cryptography_has_110_verification_params
+++ /dev/null
-From 50c1e937342c8b13c8a80c3bb55ce245aecdcdfe Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Sat, 15 Jun 2019 17:49:25 -0700
-Subject: [PATCH] Replace EVP_CIPHER_CTX_cleanup with EVP_CIPHER_CTX_reset
-
-Deprecated in OpenSSL 1.1
----
- src/_cffi_src/openssl/evp.py | 10 ++++++++++
- src/cryptography/hazmat/backends/openssl/ciphers.py | 2 +-
- 2 files changed, 11 insertions(+), 1 deletion(-)
-
---- a/src/_cffi_src/openssl/evp.py
-+++ b/src/_cffi_src/openssl/evp.py
-@@ -48,6 +48,7 @@ int EVP_CipherUpdate(EVP_CIPHER_CTX *, u
- const unsigned char *, int);
- int EVP_CipherFinal_ex(EVP_CIPHER_CTX *, unsigned char *, int *);
- int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *);
-+int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *);
- EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
- void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *);
- int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *, int);
-@@ -273,4 +274,13 @@ static const long Cryptography_HAS_EVP_D
- #ifndef EVP_PKEY_POLY1305
- #define EVP_PKEY_POLY1305 NID_poly1305
- #endif
-+
-+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
-+#define EVP_CIPHER_CTX_reset EVP_CIPHER_CTX_cleanup
-+#endif
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+#define EVP_CIPHER_CTX_cleanup EVP_CIPHER_CTX_reset
-+#define OpenSSL_add_all_algorithms() do {} while(0)
-+#endif
- """
---- a/src/cryptography/hazmat/backends/openssl/ciphers.py
-+++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
-@@ -199,7 +199,7 @@ class _CipherContext(object):
- self._backend.openssl_assert(res != 0)
- self._tag = self._backend._ffi.buffer(tag_buf)[:]
-
-- res = self._backend._lib.EVP_CIPHER_CTX_cleanup(self._ctx)
-+ res = self._backend._lib.EVP_CIPHER_CTX_reset(self._ctx)
- self._backend.openssl_assert(res == 1)
- return self._backend._ffi.buffer(buf)[: outlen[0]]
-
+++ /dev/null
-From 645c30f76bce250772ce4e0b878e7228bd104277 Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Sat, 15 Jun 2019 18:47:46 -0700
-Subject: [PATCH] Switch get_*Update APIs to get0
-
-Deprecated in 1.1
----
- src/_cffi_src/openssl/x509.py | 34 ++++++++++++++++---
- .../hazmat/backends/openssl/backend.py | 4 +--
- .../hazmat/backends/openssl/x509.py | 8 ++---
- 3 files changed, 36 insertions(+), 10 deletions(-)
-
---- a/src/_cffi_src/openssl/x509.py
-+++ b/src/_cffi_src/openssl/x509.py
-@@ -202,8 +202,10 @@ long X509_get_version(X509 *);
-
- ASN1_TIME *X509_get_notBefore(X509 *);
- ASN1_TIME *X509_get_notAfter(X509 *);
--ASN1_TIME *X509_getm_notBefore(X509 *);
--ASN1_TIME *X509_getm_notAfter(X509 *);
-+ASN1_TIME *X509_getm_notBefore(const X509 *);
-+ASN1_TIME *X509_getm_notAfter(const X509 *);
-+const ASN1_TIME *X509_get0_notBefore(const X509 *);
-+const ASN1_TIME *X509_get0_notAfter(const X509 *);
-
- long X509_REQ_get_version(X509_REQ *);
- X509_NAME *X509_REQ_get_subject_name(X509_REQ *);
-@@ -235,6 +237,8 @@ X509_CRL *sk_X509_CRL_value(Cryptography
- long X509_CRL_get_version(X509_CRL *);
- ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *);
- ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *);
-+const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *);
-+const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *);
- X509_NAME *X509_CRL_get_issuer(X509_CRL *);
- Cryptography_STACK_OF_X509_REVOKED *X509_CRL_get_REVOKED(X509_CRL *);
-
-@@ -243,8 +247,11 @@ int X509_CRL_set_lastUpdate(X509_CRL *,
- int X509_CRL_set_nextUpdate(X509_CRL *, ASN1_TIME *);
- int X509_set_notBefore(X509 *, ASN1_TIME *);
- int X509_set_notAfter(X509 *, ASN1_TIME *);
--int X509_set1_notBefore(X509 *, ASN1_TIME *);
--int X509_set1_notAfter(X509 *, ASN1_TIME *);
-+
-+int X509_CRL_set1_lastUpdate(X509_CRL *, const ASN1_TIME *);
-+int X509_CRL_set1_nextUpdate(X509_CRL *, const ASN1_TIME *);
-+int X509_set1_notBefore(X509 *, const ASN1_TIME *);
-+int X509_set1_notAfter(X509 *, const ASN1_TIME *);
-
- EC_KEY *d2i_EC_PUBKEY_bio(BIO *, EC_KEY **);
- int i2d_EC_PUBKEY_bio(BIO *, EC_KEY *);
-@@ -339,6 +346,25 @@ const ASN1_INTEGER *X509_REVOKED_get0_se
- #define X509_set1_notAfter X509_set_notAfter
- #define X509_getm_notAfter X509_get_notAfter
- #define X509_getm_notBefore X509_get_notBefore
-+#define X509_get0_notAfter X509_get_notAfter
-+#define X509_get0_notBefore X509_get_notBefore
-+
-+#define X509_CRL_set1_lastUpdate X509_CRL_set_lastUpdate
-+#define X509_CRL_set1_nextUpdate X509_CRL_set_nextUpdate
-+#define X509_CRL_get0_lastUpdate X509_CRL_get_lastUpdate
-+#define X509_CRL_get0_nextUpdate X509_CRL_get_nextUpdate
- #endif
- #endif
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+#define X509_set_notBefore X509_set1_notBefore
-+#define X509_set_notAfter X509_set1_notAfter
-+#define X509_get_notAfter X509_get0_notAfter
-+#define X509_get_notBefore X509_get0_notBefore
-+
-+#define X509_CRL_get_lastUpdate X509_CRL_get0_lastUpdate
-+#define X509_CRL_get_nextUpdate X509_CRL_get0_nextUpdate
-+#define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
-+#define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
-+#endif
- """
---- a/src/cryptography/hazmat/backends/openssl/backend.py
-+++ b/src/cryptography/hazmat/backends/openssl/backend.py
-@@ -1127,12 +1127,12 @@ class Backend(object):
-
- # Set the last update time.
- last_update = self._create_asn1_time(builder._last_update)
-- res = self._lib.X509_CRL_set_lastUpdate(x509_crl, last_update)
-+ res = self._lib.X509_CRL_set1_lastUpdate(x509_crl, last_update)
- self.openssl_assert(res == 1)
-
- # Set the next update time.
- next_update = self._create_asn1_time(builder._next_update)
-- res = self._lib.X509_CRL_set_nextUpdate(x509_crl, next_update)
-+ res = self._lib.X509_CRL_set1_nextUpdate(x509_crl, next_update)
- self.openssl_assert(res == 1)
-
- # Add extensions.
---- a/src/cryptography/hazmat/backends/openssl/x509.py
-+++ b/src/cryptography/hazmat/backends/openssl/x509.py
-@@ -86,12 +86,12 @@ class _Certificate(object):
-
- @property
- def not_valid_before(self):
-- asn1_time = self._backend._lib.X509_getm_notBefore(self._x509)
-+ asn1_time = self._backend._lib.X509_get0_notBefore(self._x509)
- return _parse_asn1_time(self._backend, asn1_time)
-
- @property
- def not_valid_after(self):
-- asn1_time = self._backend._lib.X509_getm_notAfter(self._x509)
-+ asn1_time = self._backend._lib.X509_get0_notAfter(self._x509)
- return _parse_asn1_time(self._backend, asn1_time)
-
- @property
-@@ -277,13 +277,13 @@ class _CertificateRevocationList(object)
-
- @property
- def next_update(self):
-- nu = self._backend._lib.X509_CRL_get_nextUpdate(self._x509_crl)
-+ nu = self._backend._lib.X509_CRL_get0_nextUpdate(self._x509_crl)
- self._backend.openssl_assert(nu != self._backend._ffi.NULL)
- return _parse_asn1_time(self._backend, nu)
-
- @property
- def last_update(self):
-- lu = self._backend._lib.X509_CRL_get_lastUpdate(self._x509_crl)
-+ lu = self._backend._lib.X509_CRL_get0_lastUpdate(self._x509_crl)
- self._backend.openssl_assert(lu != self._backend._ffi.NULL)
- return _parse_asn1_time(self._backend, lu)
-
+++ /dev/null
-From 07fb50eecc3a3a50ac543f53f98c285eb1ceeb1e Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Mon, 25 Nov 2019 12:06:16 -0800
-Subject: [PATCH] Add X509_STORE_CTX_trusted_stack compatibility macro
-
-Deprecated in 1.1
-
-Signed-off-by: Rosen Penev <rosenp@gmail.com>
----
- src/_cffi_src/openssl/x509_vfy.py | 17 ++++++++++++++++-
- 1 file changed, 16 insertions(+), 1 deletion(-)
-
---- a/src/_cffi_src/openssl/x509_vfy.py
-+++ b/src/_cffi_src/openssl/x509_vfy.py
-@@ -157,8 +157,12 @@ int X509_STORE_CTX_init(X509_STORE_CTX *
- Cryptography_STACK_OF_X509 *);
- void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *,
- Cryptography_STACK_OF_X509 *);
-+void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *,
-+ Cryptography_STACK_OF_X509 *);
- void X509_STORE_CTX_set_cert(X509_STORE_CTX *, X509 *);
--void X509_STORE_CTX_set_chain(X509_STORE_CTX *,Cryptography_STACK_OF_X509 *);
-+void X509_STORE_CTX_set_chain(X509_STORE_CTX *, Cryptography_STACK_OF_X509 *);
-+void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *,
-+ Cryptography_STACK_OF_X509 *);
- X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *);
- void X509_STORE_CTX_set0_param(X509_STORE_CTX *, X509_VERIFY_PARAM *);
- int X509_STORE_CTX_set_default(X509_STORE_CTX *, const char *);
-@@ -282,4 +286,15 @@ static const long Cryptography_HAS_X509_
- #else
- static const long Cryptography_HAS_X509_CB_ISSUER_CHECK = 1;
- #endif
-+
-+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_IS_LIBRESSL
-+#define X509_STORE_CTX_set0_trusted_stack X509_STORE_CTX_trusted_stack
-+#define X509_STORE_CTX_set0_untrusted X509_STORE_CTX_set_chain
-+#endif
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+#define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack
-+#define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted
-+#define X509_STORE_CTX_get_chain X509_STORE_CTX_get1_chain
-+#endif
- """
+++ /dev/null
-From 93317e7835acf40a9b8b0f7af417240b57ab690a Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Thu, 5 Dec 2019 12:52:13 -0800
-Subject: [PATCH] Add defines for totally deprecated functions
-
----
- src/_cffi_src/openssl/conf.py | 4 ++++
- src/_cffi_src/openssl/crypto.py | 4 ++++
- src/_cffi_src/openssl/ssl.py | 5 +++++
- 3 files changed, 13 insertions(+)
-
---- a/src/_cffi_src/openssl/conf.py
-+++ b/src/_cffi_src/openssl/conf.py
-@@ -18,4 +18,8 @@ void OPENSSL_no_config(void);
- """
-
- CUSTOMIZATIONS = """
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+#define OPENSSL_config(x) 0
-+#define OPENSSL_no_config() 0
-+#endif
- """
---- a/src/_cffi_src/openssl/crypto.py
-+++ b/src/_cffi_src/openssl/crypto.py
-@@ -124,4 +124,8 @@ void *Cryptography_realloc_wrapper(void
- void Cryptography_free_wrapper(void *ptr, const char *path, int line) {
- free(ptr);
- }
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+#define CRYPTO_get_locking_callback() 0
-+#endif
- """
---- a/src/_cffi_src/openssl/ssl.py
-+++ b/src/_cffi_src/openssl/ssl.py
-@@ -792,4 +792,9 @@ int (*SSL_CTX_set_max_early_data)(SSL_CT
- #else
- static const long Cryptography_HAS_TLSv1_3 = 1;
- #endif
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+#define SSL_library_init() 1
-+#define SSL_load_error_strings() 0
-+#endif
- """
include $(TOPDIR)/rules.mk
PKG_NAME:=python-docker
-PKG_VERSION:=4.3.1
+PKG_VERSION:=4.4.1
PKG_RELEASE:=1
PYPI_NAME:=docker
-PKG_HASH:=bad94b8dd001a8a4af19ce4becc17f41b09f228173ffe6a4e0355389eef142f2
+PKG_HASH:=0604a74719d5d2de438753934b755bfcda6f62f49b8e4b30969a4b0a2a8a1220
PKG_MAINTAINER:=Javier Marcet <javier@marcet.info>
PKG_LICENSE:=Apache-2.0
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=python-evdev
-PKG_VERSION:=1.3.0
-PKG_RELEASE:=2
+PKG_VERSION:=1.4.0
+PKG_RELEASE:=1
PKG_LICENSE:=BSD-3-Clause
PKG_MAINTAINER:=Paulo Costa <me@paulo.costa.nom.br>, Alexandru Ardelean <ardeleanalex@gmail.com>
PYPI_NAME:=evdev
-PKG_HASH:=b1c649b4fed7252711011da235782b2c260b32e004058d62473471e5cd30634d
+PKG_HASH:=8782740eb1a86b187334c07feb5127d3faa0b236e113206dfe3ae8f77fb1aaf1
include ../pypi.mk
include $(INCLUDE_DIR)/package.mk
#
-# Copyright (C) 2020 CZ.NIC, z. s. p. o. (https://www.nic.cz/)
+# Copyright (C) 2020-2021 CZ.NIC, z. s. p. o. (https://www.nic.cz/)
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=python-execnet
-PKG_VERSION:=1.7.1
-PKG_RELEASE:=2
+PKG_VERSION:=1.8.0
+PKG_RELEASE:=1
PYPI_NAME:=execnet
-PKG_HASH:=cacb9df31c9680ec5f95553976c4da484d407e85e41c83cb812aa014f0eddc50
+PKG_HASH:=b73c5565e517f24b62dea8a5ceac178c661c4309d3aa0c3e420856c072c411b4
PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec@nic.cz>
PKG_LICENSE:=MIT
#
-# Copyright (C) 2019-2020 CZ.NIC, z. s. p. o. (https://www.nic.cz/)
+# Copyright (C) 2019-2021 CZ.NIC, z. s. p. o. (https://www.nic.cz/)
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=python-flask-seasurf
-PKG_VERSION:=0.2.2
+PKG_VERSION:=0.3.0
PKG_RELEASE:=1
PYPI_NAME:=Flask-SeaSurf
-PKG_HASH:=c57918c17e9afd988bdc30d8dcb7bfb833741dee38b06c1bbd17821d6fa2b6cf
+PKG_HASH:=10d4946fdd9745a8ae0a38a46c48a9add0cca4896333c0893b3133e3852c2e80
PKG_MAINTAINER:=Josef Schlehofer <josef.schlehofer@nic.cz>
PKG_LICENSE:=BSD-3-Clause
include $(TOPDIR)/rules.mk
PKG_NAME:=python-idna
-PKG_VERSION:=2.10
+PKG_VERSION:=3.1
PKG_RELEASE:=1
PYPI_NAME:=idna
-PKG_HASH:=b307872f855b18632ce0c21c5e45be78c0ea7ae4c15c828c20788b26921eb3f6
+PKG_HASH:=c5b02147e01ea9920e6b0a3f1f7bb833612d507592c837a6c49552768f4054e1
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE.rst
include $(TOPDIR)/rules.mk
PKG_NAME:=python-msgpack
-PKG_VERSION:=1.0.0
+PKG_VERSION:=1.0.2
PKG_RELEASE:=1
PYPI_NAME:=msgpack
-PKG_HASH:=9534d5cc480d4aff720233411a1f765be90885750b07df772380b34c10ecb5c0
+PKG_HASH:=fae04496f5bc150eefad4e9571d1a76c55d021325dcd484ce45065ebbdd00984
PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec@nic.cz>
PKG_LICENSE:=Apache-2.0
#
-# Copyright (C) 2020 CZ.NIC, z. s. p. o. (https://www.nic.cz/)
+# Copyright (C) 2020-2021 CZ.NIC, z. s. p. o. (https://www.nic.cz/)
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=python-psutil
-PKG_VERSION:=5.7.3
+PKG_VERSION:=5.8.0
PKG_RELEASE:=1
PYPI_NAME:=psutil
-PKG_HASH:=af73f7bcebdc538eda9cc81d19db1db7bf26f103f91081d780bbacfcb620dee2
+PKG_HASH:=0c9ccb99ab76025f2f0bbecf341d4656e9c1351db8cc8a03ccd62e318ab4b5c6
PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec@nic.cz>
PKG_LICENSE:=BSD 3-Clause
include $(TOPDIR)/rules.mk
PKG_NAME:=python-pyopenssl
-PKG_VERSION:=20.0.0
+PKG_VERSION:=20.0.1
PKG_RELEASE:=1
PYPI_NAME:=pyOpenSSL
-PKG_HASH:=92f08eccbd73701cf744e8ffd6989aa7842d48cbe3fea8a7c031c5647f590ac5
+PKG_HASH:=4c231c759543ba02560fcd2480c48dcec4dae34c9da7d3747c508227e0624b51
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
#
-# Copyright (C) 2020 CZ.NIC, z. s. p. o. (https://www.nic.cz/)
+# Copyright (C) 2020-2021 CZ.NIC, z. s. p. o. (https://www.nic.cz/)
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=python-pytest-xdist
-PKG_VERSION:=2.1.0
+PKG_VERSION:=2.2.0
PKG_RELEASE:=1
PYPI_NAME:=pytest-xdist
-PKG_HASH:=82d938f1a24186520e2d9d3a64ef7d9ac7ecdf1a0659e095d18e596b8cbd0672
+PKG_HASH:=1d8edbb1a45e8e1f8e44b1260583107fc23f8bc8da6d18cb331ff61d41258ecf
PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec@nic.cz>
PKG_LICENSE:=MIT
#
-# Copyright (C) 2020 CZ.NIC, z. s. p. o. (https://www.nic.cz/)
+# Copyright (C) 2020-2021 CZ.NIC, z. s. p. o. (https://www.nic.cz/)
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=python-pytest
-PKG_VERSION:=6.1.2
+PKG_VERSION:=6.2.2
PKG_RELEASE:=1
PYPI_NAME:=pytest
-PKG_HASH:=c0a7e94a8cdbc5422a51ccdad8e6f1024795939cc89159a0ae7f0b316ad3823e
+PKG_HASH:=9d1edf9e7d0b84d72ea3dbcdfd22b35fb543a5e8f2a60092dd578936bf63d7f9
PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec@nic.cz>
PKG_LICENSE:=MIT
include $(TOPDIR)/rules.mk
PKG_NAME:=python-requests
-PKG_VERSION:=2.25.0
-PKG_RELEASE:=1
+PKG_VERSION:=2.25.1
+PKG_RELEASE:=2
PKG_MAINTAINER:=Josef Schlehofer <josef.schlehofer@nic.cz>, Alexandru Ardelean <ardeleanalex@gmail.com>
PKG_LICENSE:=Apache-2.0
PKG_CPE_ID:=cpe:/a:python-requests:requests
PYPI_NAME:=requests
-PKG_HASH:=7f1a0b932f4a60a1a65caa4263921bb7d9ee911957e0ae4a23a6dd08185ad5f8
+PKG_HASH:=27973dd4a904a4f13b263a19c866c13b92a39ed1c964655f025f3f8d3d75b804
include ../pypi.mk
include $(INCLUDE_DIR)/package.mk
--- /dev/null
+From 9484e13c7da927119fe82794bb5571cec144b6d7 Mon Sep 17 00:00:00 2001
+From: Naor Livne <naorlivne@gmail.com>
+Date: Fri, 1 Jan 2021 14:31:14 +0200
+Subject: [PATCH 1/2] bump idna has version 3.0 was released
+
+Fixes issue (https://github.com/psf/requests/issues/5710):
+pkg_resources.ContextualVersionConflict: (idna 3.0 (/usr/lib/python3.9/site-packages), Requirement.parse('idna<3,>=2.5'), {'requests'})
+Origin of this patch:
+https://github.com/psf/requests/pull/5711
+
+---
+ setup.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/setup.py b/setup.py
+index 7ba4b2a25f..f265384236 100755
+--- a/setup.py
++++ b/setup.py
+@@ -43,7 +43,7 @@ def run_tests(self):
+
+ requires = [
+ 'chardet>=3.0.2,<5',
+- 'idna>=2.5,<3',
++ 'idna>=2.5,<4',
+ 'urllib3>=1.21.1,<1.27',
+ 'certifi>=2017.4.17'
+
+
+From d3e00a4958af046879f24de365d5589d861ea6ef Mon Sep 17 00:00:00 2001
+From: Naor Livne <naorlivne@gmail.com>
+Date: Tue, 5 Jan 2021 16:31:15 +0200
+Subject: [PATCH 2/2] Update setup.py
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Co-authored-by: Mickaël Schoentgen <contact@tiger-222.fr>
+---
+ setup.py | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/setup.py b/setup.py
+index f265384236..5ce59e621d 100755
+--- a/setup.py
++++ b/setup.py
+@@ -43,7 +43,8 @@ def run_tests(self):
+
+ requires = [
+ 'chardet>=3.0.2,<5',
+- 'idna>=2.5,<4',
++ 'idna>=2.5,<3 ; python_version < "3"',
++ 'idna>=2.5,<4 ; python_version >= "3"',
+ 'urllib3>=1.21.1,<1.27',
+ 'certifi>=2017.4.17'
include $(TOPDIR)/rules.mk
PKG_NAME:=python-slugify
-PKG_VERSION:=4.0.0
-PKG_RELEASE:=2
+PKG_VERSION:=4.0.1
+PKG_RELEASE:=1
PYPI_NAME:=$(PKG_NAME)
-PKG_HASH:=a8fc3433821140e8f409a9831d13ae5deccd0b033d4744d94b31fea141bdd84c
+PKG_HASH:=69a517766e00c1268e5bbfc0d010a0a8508de0b18d30ad5a1ff357f8ae724270
PKG_MAINTAINER:=Josef Schlehofer <josef.schlehofer@nic.cz>
PKG_LICENSE:=MIT
--- /dev/null
+#
+# Copyright (C) 2018-2020 CZ.NIC, z. s. p. o. (https://www.nic.cz/)
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=python-uci
+PKG_VERSION:=0.8.1
+PKG_RELEASE:=$(AUTORELEASE)
+
+PYPI_NAME:=pyuci
+PKG_HASH:=9287fe41b427dc5c167592d429be48c1e6cfe276225681b1bdefddfe90d7e941
+
+PKG_MAINTAINER:=Josef Schlehofer <josef.schlehofer@nic.cz>
+PKG_LICENSE:=GPL-3.0-or-later
+PKG_LICENSE_FILES:=LICENSE
+
+include ../pypi.mk
+include $(INCLUDE_DIR)/package.mk
+include ../python3-package.mk
+
+define Package/python3-uci
+ SECTION:=lang
+ CATEGORY:=Languages
+ SUBMENU:=Python
+ TITLE:=Python UCI bindings
+ URL:=https://gitlab.nic.cz/turris/pyuci/
+ DEPENDS:=+python3-light +libuci
+endef
+
+define Package/python3-uci/description
+ Python3 bindings for Unified Configuration Interface.
+endef
+
+$(eval $(call Py3Package,python3-uci))
+$(eval $(call BuildPackage,python3-uci))
+$(eval $(call BuildPackage,python3-uci-src))
include $(TOPDIR)/rules.mk
PKG_NAME:=voluptuous-serialize
-PKG_VERSION:=2.3.0
-PKG_RELEASE:=2
+PKG_VERSION:=2.4.0
+PKG_RELEASE:=1
PYPI_NAME:=$(PKG_NAME)
-PKG_HASH:=740cd00ce2ecf0f3345d550163fdd2f20de2e0a60c3c678450e68314c2f592f5
+PKG_HASH:=c6ba17cb0301c18e8b955d89b85fa4aa05c05c80ab1e4873810900f757dceae4
PKG_MAINTAINER:=Josef Schlehofer <josef.schlehofer@nic.cz>
PKG_LICENSE:=Apache-2.0
include $(TOPDIR)/rules.mk
PKG_NAME:=python-voluptuous
-PKG_VERSION:=0.11.7
-PKG_RELEASE:=2
+PKG_VERSION:=0.12.1
+PKG_RELEASE:=1
PYPI_NAME:=voluptuous
-PKG_HASH:=2abc341dbc740c5e2302c7f9b8e2e243194fb4772585b991931cb5b22e9bf456
+PKG_HASH:=663572419281ddfaf4b4197fd4942d181630120fb39b333e3adad70aeb56444b
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=COPYING
# Note: keep in sync with setuptools & pip
PYTHON3_VERSION_MAJOR:=3
PYTHON3_VERSION_MINOR:=9
-PYTHON3_VERSION_MICRO:=0
+PYTHON3_VERSION_MICRO:=1
PYTHON3_VERSION:=$(PYTHON3_VERSION_MAJOR).$(PYTHON3_VERSION_MINOR)
include ../python3-version.mk
PKG_NAME:=python3
-PKG_RELEASE:=2
+PKG_RELEASE:=1
PKG_VERSION:=$(PYTHON3_VERSION).$(PYTHON3_VERSION_MICRO)
PKG_SOURCE:=Python-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://www.python.org/ftp/python/$(PKG_VERSION)
-PKG_HASH:=9c73e63c99855709b9be0b3cc9e5b072cb60f37311e8c4e50f15576a0bf82854
+PKG_HASH:=991c3f8ac97992f3d308fefeb03a64db462574eadbff34ce8bc5bb583d9903ff
PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>, Jeffery To <jeffery.to@gmail.com>
PKG_LICENSE:=Python/2.0
include $(TOPDIR)/rules.mk
PKG_NAME:=boost
-PKG_VERSION:=1.74.0
-PKG_SOURCE_VERSION:=1_74_0
-PKG_RELEASE:=6
+PKG_VERSION:=1.75.0
+PKG_SOURCE_VERSION:=1_75_0
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)_$(PKG_SOURCE_VERSION).tar.bz2
PKG_SOURCE_URL:=@SF/$(PKG_NAME)/$(PKG_NAME)/$(PKG_VERSION) https://dl.bintray.com/boostorg/release/$(PKG_VERSION)/source/
-PKG_HASH:=83bfc1507731a0906e387fc28b7ef5417d591429e51e788417fe9ff025e116b1
+PKG_HASH:=953db31e016db7bb207f11432bef7df100516eeb746843fa0486a222e3fd49cb
PKG_MAINTAINER:=Carlos M. Ferreira <carlosmf.pt@gmail.com>
PKG_LICENSE:=BSL-1.0
endef
define Package/boost/description
-This package provides the Boost v1.74.0 libraries.
+This package provides the Boost v1.75.0 libraries.
Boost is a set of free, peer-reviewed, portable C++ source libraries.
This package provides the following run-time libraries:
- graph
- - graph-parallel
- iostreams
+ - json
- locale
- log
- math
- wave
There are many more header-only libraries supported by Boost.
-See more at http://www.boost.org/doc/libs/1_74_0/
+See more at http://www.boost.org/doc/libs/1_75_0/
endef
PKG_BUILD_DEPENDS:=boost/host
$(eval $(call DefineBoostLibrary,filesystem,system))
$(eval $(call DefineBoostLibrary,graph,regex))
$(eval $(call DefineBoostLibrary,iostreams,,,,zlib liblzma libbz2 libzstd))
+$(eval $(call DefineBoostLibrary,json,container))
$(eval $(call DefineBoostLibrary,locale,system chrono thread,,,icu))
$(eval $(call DefineBoostLibrary,log,system chrono date_time thread filesystem regex))
$(eval $(call DefineBoostLibrary,math))
+++ /dev/null
-From 95d82acc57bb7d8bae431f7a6ce0707aac3ef33f Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Thu, 5 Sep 2019 19:41:13 -0700
-Subject: [PATCH] Use eventfd() function with uClibc
-
-The Boost eventfd code either directly makes the eventfd system call
-using __NR_eventfd (when __GLIBC_MINOR is less than 8), or otherwise
-uses the eventfd() function provided by the C library.
-
-However, since uClibc pretends to be glibc 2.2, the Boost eventfd code
-directly uses the system call. While it works fine on most
-architectures, it doesn't on ARC since __NR_eventfd is not defined on
-this architecture. However, eventfd() is properly implemented.
-
-So, this patch adjusts the logic used by Boost to consider uClibc as a
-C library providing the eventfd() function.
-
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-Signed-off-by: Rosen Penev <rosenp@gmail.com>
----
- a/boost/asio/detail/impl/eventfd_select_interrupter.ipp | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/boost/asio/detail/impl/eventfd_select_interrupter.ipp b/boost/asio/detail/impl/eventfd_select_interrupter.ipp
-index 38d4b2a61..e16cc8b00 100644
---- a/boost/asio/detail/impl/eventfd_select_interrupter.ipp
-+++ b/boost/asio/detail/impl/eventfd_select_interrupter.ipp
-@@ -23,11 +23,11 @@
- #include <sys/stat.h>
- #include <sys/types.h>
- #include <fcntl.h>
--#if __GLIBC__ == 2 && __GLIBC_MINOR__ < 8
-+#if __GLIBC__ == 2 && __GLIBC_MINOR__ < 2
- # include <asm/unistd.h>
--#else // __GLIBC__ == 2 && __GLIBC_MINOR__ < 8
-+#else // __GLIBC__ == 2 && __GLIBC_MINOR__ < 2
- # include <sys/eventfd.h>
--#endif // __GLIBC__ == 2 && __GLIBC_MINOR__ < 8
-+#endif // __GLIBC__ == 2 && __GLIBC_MINOR__ < 2
- #include <boost/asio/detail/cstdint.hpp>
- #include <boost/asio/detail/eventfd_select_interrupter.hpp>
- #include <boost/asio/detail/throw_error.hpp>
-@@ -46,14 +46,14 @@ eventfd_select_interrupter::eventfd_select_interrupter()
-
- void eventfd_select_interrupter::open_descriptors()
- {
--#if __GLIBC__ == 2 && __GLIBC_MINOR__ < 8
-+#if __GLIBC__ == 2 && __GLIBC_MINOR__ < 2
- write_descriptor_ = read_descriptor_ = syscall(__NR_eventfd, 0);
- if (read_descriptor_ != -1)
- {
- ::fcntl(read_descriptor_, F_SETFL, O_NONBLOCK);
- ::fcntl(read_descriptor_, F_SETFD, FD_CLOEXEC);
- }
--#else // __GLIBC__ == 2 && __GLIBC_MINOR__ < 8
-+#else // __GLIBC__ == 2 && __GLIBC_MINOR__ < 2
- # if defined(EFD_CLOEXEC) && defined(EFD_NONBLOCK)
- write_descriptor_ = read_descriptor_ =
- ::eventfd(0, EFD_CLOEXEC | EFD_NONBLOCK);
-@@ -70,7 +70,7 @@ void eventfd_select_interrupter::open_descriptors()
- ::fcntl(read_descriptor_, F_SETFD, FD_CLOEXEC);
- }
- }
--#endif // __GLIBC__ == 2 && __GLIBC_MINOR__ < 8
-+#endif // __GLIBC__ == 2 && __GLIBC_MINOR__ < 2
-
- if (read_descriptor_ == -1)
- {
PKG_NAME:=cJSON
PKG_VERSION:=1.7.14
-PKG_RELEASE:=1
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/DaveGamble/cJSON/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=fb50a663eefdc76bafa80c82bc045af13b1363e8f45cec8b442007aef6a41343
+PKG_MAINTAINER:=Karl Palsson <karlp@etactica.com>
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
PKG_CPE_ID:=cpe:/a:cjson_project:cjson
-CMAKE_INSTALL:=1
PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
CATEGORY:=Libraries
TITLE:=Ultralightweight JSON parser in ANSI C
URL:=https://github.com/DaveGamble/cJSON
- MAINTAINER:=Karl Palsson <karlp@etactica.com>
endef
define Package/cJSON/description
CMAKE_OPTIONS += -DENABLE_CJSON_TEST=OFF
define Build/InstallDev
- $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libcjson.pc $(1)/usr/lib/pkgconfig
- $(INSTALL_DIR) $(1)/usr/include
- $(CP) $(PKG_INSTALL_DIR)/usr/include/cjson/cJSON.h $(1)/usr/include/
+ $(INSTALL_DIR) $(1)/usr/include/cjson
+ $(CP) $(PKG_INSTALL_DIR)/usr/include/cjson/cJSON.h $(1)/usr/include/cjson
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libcjson.so* $(1)/usr/lib/
+ $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libcjson.pc $(1)/usr/lib/pkgconfig
+ $(SED) 's,/usr,$(STAGING_DIR)/usr,g' $(1)/usr/lib/pkgconfig/libcjson.pc
endef
define Package/cJSON/install
#
-# Copyright (C) 2019 CZ.NIC z.s.p.o. (http://www.nic.cz/)
+# Copyright (C) 2019-2021 CZ.NIC z.s.p.o. (http://www.nic.cz/)
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=czmq
-PKG_VERSION:=4.2.0
-PKG_RELEASE:=3
+PKG_VERSION:=4.2.1
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/zeromq/czmq/releases/download/v$(PKG_VERSION)/
-PKG_HASH:=cfab29c2b3cc8a845749758a51e1dd5f5160c1ef57e2a41ea96e4c2dcc8feceb
+PKG_HASH:=5d720a204c2a58645d6f7643af15d563a712dad98c9d32c1ed913377daa6ac39
PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec@nic.cz>
PKG_LICENSE:=MPL-2.0
PKG_NAME:=db47
PKG_VERSION:=$(BASE_VERSION).4.NC
-PKG_RELEASE:=5
+PKG_RELEASE:=6
PKG_BUILD_DIR:=$(BUILD_DIR)/db-$(BASE_VERSION).NC
PKG_SOURCE:=db-$(BASE_VERSION).NC.tar.gz
PKG_LICENSE:=Sleepycat
PKG_LICENSE_FILES:=LICENSE
+PKG_BUILD_DEPENDS:=libxml2
PKG_FIXUP:=autoreconf
PKG_LIBTOOL_PATHS:=. build_unix
PKG_BUILD_PARALLEL:=1
define Package/libdb47
SECTION:=libs
CATEGORY:=Libraries
- DEPENDS:=+libxml2
TITLE:=Berkeley DB library (4.7)
URL:=http://www.oracle.com/us/products/database/berkeley-db
PROVIDES:=libdb47-full
-DKDB_DEFAULT_RESOLVER=resolver_fm_pb_b \
-DKDB_DEFAULT_STORAGE=ini \
-DENABLE_OPTIMIZATIONS=OFF \
- -DPLUGINS="ALL;-multifile;-simpleini;-internalnotification" \
+ -DPLUGINS="ALL;-gpgme;-internalnotification;-multifile;-simpleini" \
-DIconv_INCLUDE_DIR="$(ICONV_PREFIX)/include" \
-DIconv_LIBRARY="$(ICONV_PREFIX)/lib/libiconv.$(if $(CONFIG_BUILD_NLS),so,a)" \
-DBINDINGS="MAINTAINED;-intercept_env;-intercept_fs;-io_uv;-io_ev;-io_glib"
PKG_NAME:=getdns
PKG_VERSION:=1.6.0
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE
--- /dev/null
+--- a/cmake/include/cmakeconfig.h.in
++++ b/cmake/include/cmakeconfig.h.in
+@@ -91,8 +91,8 @@
+ #cmakedefine HAVE_OPENSSL_VERSION 1
+
+ #cmakedefine HAVE_SSL_CTX_DANE_ENABLE 1
+-#cmakedefine HAVE_SSL_CTX_SET_CIPHERSUITS 1
+-#cmakedefine HAVE_SSL_SET_CIPHERSUITS 1
++#cmakedefine HAVE_SSL_CTX_SET_CIPHERSUITES 1
++#cmakedefine HAVE_SSL_SET_CIPHERSUITES 1
+
+ #cmakedefine HAVE_OPENSSL_INIT_CRYPTO 1
+
include $(TOPDIR)/rules.mk
PKG_NAME:=glib2
-PKG_VERSION:=2.66.3
+PKG_VERSION:=2.66.4
PKG_RELEASE:=1
PKG_SOURCE:=glib-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@GNOME/glib/2.66
-PKG_HASH:=79f31365a99cb1cc9db028625635d1438890702acde9e2802eae0acebcf7b5b1
+PKG_HASH:=97df8670e32f9fd4f7392b0980e661dd625012015d58350da1e58e343f4af984
PKG_MAINTAINER:=Peter Wagner <tripolar@gmx.at>
PKG_LICENSE:=LGPL-2.1-or-later
HOST_LDFLAGS += -liconv -Wl,-rpath,$(STAGING_DIR_HOSTPKG)/lib
TARGET_CFLAGS += -ffunction-sections -fdata-sections
-TARGET_LDFLAGS += -Wl,--gc-sections -liconv $(if $(INTL_FULL),-lintl)
+TARGET_LDFLAGS += -Wl,--gc-sections $(if $(INTL_FULL),-lintl)
COMP_ARGS= \
-Ddefault_library=both \
--- a/meson.build
+++ b/meson.build
-@@ -94,7 +94,7 @@ installed_tests_template = files('template.test.in')
+@@ -94,7 +94,7 @@ installed_tests_template = files('templa
installed_tests_template_tap = files('template-tap.test.in')
# Don’t build the tests unless we can run them (either natively, in an exe wrapper, or by installing them for later use)
---- a/glib/valgrind.h 2019-12-12 14:53:26.000200499 +0100
-+++ b/glib/valgrind.h 2019-12-12 14:49:45.056163300 +0100
+--- a/glib/valgrind.h
++++ b/glib/valgrind.h
@@ -158,7 +158,7 @@
# define PLAT_s390x_linux 1
#elif defined(__linux__) && defined(__mips__) && (__mips==64)
--- /dev/null
+--- a/meson.build
++++ b/meson.build
+@@ -923,7 +923,7 @@ if host_system == 'windows' and (cc.get_
+ glib_conf.set('HAVE_C99_SNPRINTF', false)
+ glib_conf.set('HAVE_C99_VSNPRINTF', false)
+ glib_conf.set('HAVE_UNIX98_PRINTF', false)
+-elif not cc_can_run and host_system in ['ios', 'darwin']
++elif true
+ # All these are true when compiling natively on macOS, so we should use good
+ # defaults when building for iOS and tvOS.
+ glib_conf.set('HAVE_C99_SNPRINTF', true)
include $(TOPDIR)/rules.mk
PKG_NAME:=gnutls
-PKG_VERSION:=3.6.15
-PKG_RELEASE:=1
+PKG_VERSION:=3.7.0
+PKG_RELEASE:=2
PKG_USE_MIPS16:=0
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6
-PKG_HASH:=0ea8c3283de8d8335d7ae338ef27c53a916f15f382753b174c18b45ffd481558
-#PKG_FIXUP:=autoreconf gettext-version
+PKG_SOURCE_URL:=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7
+PKG_HASH:=49e2a22691d252c9f24a9829b293a8f359095bc5a818351f05f1c0a5188a1df8
+PKG_FIXUP:=autoreconf gettext-version
PKG_MAINTAINER:=Nikos Mavrogiannopoulos <nmav@gnutls.org>
PKG_LICENSE:=LGPL-2.1-or-later
PKG_CPE_ID:=cpe:/a:gnu:gnutls
CONFIG_GNUTLS_SRP \
CONFIG_GNUTLS_TPM \
CONFIG_LIBNETTLE_MINI \
+ CONFIG_PACKAGE_libgnutls-dane \
include $(INCLUDE_DIR)/package.mk
CATEGORY:=Utilities
SUBMENU:=Encryption
TITLE+= (utilities)
- DEPENDS+= +libgnutls
+ DEPENDS+= +libgnutls +PACKAGE_libgnutls-dane:libgnutls-dane
endef
define Package/gnutls-utils/description
DEPENDS+= +libnettle +!LIBNETTLE_MINI:libgmp +GNUTLS_EXT_LIBTASN1:libtasn1 +GNUTLS_PKCS11:p11-kit +GNUTLS_CRYPTODEV:kmod-cryptodev +libatomic
endef
+define Package/libgnutls-dane
+$(call Package/gnutls/Default)
+ TITLE+= (libgnutls-dane library)
+ DEPENDS:= +libgnutls +libunbound
+endef
+
define Package/libgnutls/description
$(call Package/gnutls/Default/description)
This package contains the GnuTLS shared library, needed by other programs.
--disable-seccomp-tests \
--disable-tests \
--disable-valgrind-tests \
- \
- --disable-libdane \
--disable-ssl2-support \
--disable-ssl3-support \
--enable-local-libopts \
CONFIGURE_ARGS += --enable-cryptodev
endif
+ifeq ($(CONFIG_PACKAGE_libgnutls-dane),)
+CONFIGURE_ARGS += --disable-libdane
+endif
+
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include $(1)/usr/lib/pkgconfig
$(CP) \
- $(PKG_INSTALL_DIR)/usr/lib/libgnutls.so* \
+ $(PKG_INSTALL_DIR)/usr/lib/*.so* \
$(1)/usr/lib/
$(CP) \
$(PKG_INSTALL_DIR)/usr/include/gnutls \
$(1)/usr/include/
$(CP) \
- $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/gnutls.pc \
+ $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/*.pc \
$(1)/usr/lib/pkgconfig/
endef
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libgnutls.so.* $(1)/usr/lib/
endef
+define Package/libgnutls-dane/install
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgnutls-dane.so.* $(1)/usr/lib/
+endef
+
$(eval $(call BuildPackage,certtool))
$(eval $(call BuildPackage,gnutls-utils))
$(eval $(call BuildPackage,libgnutls))
+$(eval $(call BuildPackage,libgnutls-dane))
--- /dev/null
+--- a/m4/stdint.m4
++++ b/m4/stdint.m4
+@@ -15,7 +15,7 @@ AC_DEFUN_ONCE([gl_STDINT_H],
+ AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles
+
+ AC_REQUIRE([gl_LIMITS_H])
+- AC_REQUIRE([gt_TYPE_WINT_T])
++ AC_REQUIRE([gt_TYPE_WINT_T_GNUTLS])
+
+ dnl For backward compatibility. Some packages may still be testing these
+ dnl macros.
+--- a/m4/vasnprintf.m4
++++ b/m4/vasnprintf.m4
+@@ -33,7 +33,7 @@ AC_DEFUN([gl_REPLACE_VASNPRINTF],
+ AC_DEFUN([gl_PREREQ_PRINTF_ARGS],
+ [
+ AC_REQUIRE([gt_TYPE_WCHAR_T])
+- AC_REQUIRE([gt_TYPE_WINT_T])
++ AC_REQUIRE([gt_TYPE_WINT_T_GNUTLS])
+ ])
+
+ # Prerequisites of lib/printf-parse.h, lib/printf-parse.c.
+@@ -41,7 +41,7 @@ AC_DEFUN([gl_PREREQ_PRINTF_PARSE],
+ [
+ AC_REQUIRE([gl_FEATURES_H])
+ AC_REQUIRE([gt_TYPE_WCHAR_T])
+- AC_REQUIRE([gt_TYPE_WINT_T])
++ AC_REQUIRE([gt_TYPE_WINT_T_GNUTLS])
+ AC_REQUIRE([AC_TYPE_SIZE_T])
+ AC_CHECK_TYPE([ptrdiff_t], ,
+ [AC_DEFINE([ptrdiff_t], [long],
+@@ -55,7 +55,7 @@ AC_DEFUN_ONCE([gl_PREREQ_VASNPRINTF],
+ [
+ AC_REQUIRE([AC_FUNC_ALLOCA])
+ AC_REQUIRE([gt_TYPE_WCHAR_T])
+- AC_REQUIRE([gt_TYPE_WINT_T])
++ AC_REQUIRE([gt_TYPE_WINT_T_GNUTLS])
+ AC_CHECK_FUNCS([snprintf strnlen wcslen wcsnlen mbrtowc wcrtomb])
+ dnl Use the _snprintf function only if it is declared (because on NetBSD it
+ dnl is defined as a weak alias of snprintf; we prefer to use the latter).
+--- a/m4/wchar_t.m4
++++ b/m4/wchar_t.m4
+@@ -8,7 +8,7 @@ dnl From Bruno Haible.
+ dnl Test whether <stddef.h> has the 'wchar_t' type.
+ dnl Prerequisite: AC_PROG_CC
+
+-AC_DEFUN([gt_TYPE_WCHAR_T],
++AC_DEFUN([gt_TYPE_WCHAR_T_GNUTLS],
+ [
+ AC_CACHE_CHECK([for wchar_t], [gt_cv_c_wchar_t],
+ [AC_COMPILE_IFELSE(
+--- a/m4/wint_t.m4
++++ b/m4/wint_t.m4
+@@ -9,7 +9,7 @@ dnl Test whether <wchar.h> has the 'wint
+ dnl <wchar.h> or <wctype.h> would, if present, override 'wint_t'.
+ dnl Prerequisite: AC_PROG_CC
+
+-AC_DEFUN([gt_TYPE_WINT_T],
++AC_DEFUN([gt_TYPE_WINT_T_GNUTLS],
+ [
+ AC_CACHE_CHECK([for wint_t], [gt_cv_c_wint_t],
+ [AC_COMPILE_IFELSE(
+--- a/src/gl/m4/gnulib-comp.m4
++++ b/src/gl/m4/gnulib-comp.m4
+@@ -1061,7 +1061,7 @@ changequote([, ])dnl
+ gl_UNISTD_MODULE_INDICATOR([sleep])
+ AC_CHECK_DECLS_ONCE([alarm])
+ AC_REQUIRE([gt_TYPE_WCHAR_T])
+- AC_REQUIRE([gt_TYPE_WINT_T])
++ AC_REQUIRE([gt_TYPE_WINT_T_GNUTLS])
+ gl_FUNC_STRERROR_R
+ if test $HAVE_DECL_STRERROR_R = 0 || test $REPLACE_STRERROR_R = 1; then
+ AC_LIBOBJ([strerror_r])
include $(TOPDIR)/rules.mk
PKG_NAME:=gpgme
-PKG_VERSION:=1.15.0
+PKG_VERSION:=1.15.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://gnupg.org/ftp/gcrypt/$(PKG_NAME)
-PKG_HASH:=0b472bc12c7d455906c8a539ec56da0a6480ef1c3a87aa5b74d7125df68d0e5b
+PKG_HASH:=eebc3c1b27f1c8979896ff361ba9bb4778b508b2496c2fc10e3775a40b1de1ad
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
PKG_LICENSE:=GPL-3.0-or-later
$(INSTALL_DATA) \
$(PKG_INSTALL_DIR)/usr/lib/cmake/Gpgmepp/*.cmake \
$(1)/usr/lib/cmake/Gpgmepp
+
+ $(INSTALL_DIR) $(2)/bin $(1)/usr/bin
+ $(INSTALL_BIN) \
+ $(PKG_INSTALL_DIR)/usr/bin/gpgme-config \
+ $(2)/bin/
+ $(SED) \
+ 's,^\(prefix\|exec_prefix\)=.*,\1=$(STAGING_DIR)/usr,g' \
+ $(2)/bin/gpgme-config
+ $(LN) -sf $(STAGING_DIR)/host/bin/gpgme-config $(1)/usr/bin/gpgme-config
endef
define Package/libgpgme/install
PKG_NAME:=icu4c
MAJOR_VERSION:=68
-MINOR_VERSION:=1
+MINOR_VERSION:=2
PKG_VERSION:=$(MAJOR_VERSION).$(MINOR_VERSION)
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(MAJOR_VERSION)_$(MINOR_VERSION)-src.tgz
PKG_SOURCE_URL:=https://github.com/unicode-org/icu/releases/download/release-$(MAJOR_VERSION)-$(MINOR_VERSION)
-PKG_HASH:=a9f2e3d8b4434b8e53878b4308bd1e6ee51c9c7042e2b1a376abefb6fbb29f2d
+PKG_HASH:=c79193dee3907a2199b8296a93b52c5cb74332c26f3d167269487680d479d625
PKG_LICENSE:=ICU
PKG_LICENSE_FILES:=LICENSE
-diff --git a/Makefile.in b/Makefile.in
-index 9db6c52..6aa2273 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -190,7 +190,6 @@ install-icu: $(INSTALLED_BUILT_FILES)
--- a/runConfigureICU
+++ b/runConfigureICU
-@@ -239,8 +239,8 @@
+@@ -239,8 +239,8 @@ case $platform in
THE_COMP="the GNU C++"
CC=gcc; export CC
CXX=g++; export CXX
source/config/mh-linux | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/config/mh-linux b/config/mh-linux
-index 366f0cc..2689aab 100644
--- a/config/mh-linux
+++ b/config/mh-linux
@@ -23,7 +23,7 @@ LD_RPATH= -Wl,-zorigin,-rpath,'$$'ORIGIN
## Compiler switch to embed a library name
# The initial tab in the next line is to prevent icu-config from reading it.
---
-1.7.10.4
-
};
static const UText emptyText = UTEXT_INITIALIZER;
-@@ -584,7 +584,7 @@ utext_setup(UText *ut, int32_t extraSpace, UErrorCode *status) {
+@@ -584,7 +584,7 @@ utext_setup(UText *ut, int32_t extraSpac
// We need to heap-allocate storage for the new UText
int32_t spaceRequired = sizeof(UText);
if (extraSpace > 0) {
include $(TOPDIR)/rules.mk
PKG_NAME:=keyutils
-PKG_VERSION:=1.6.1
-PKG_RELEASE:=2
+PKG_VERSION:=1.6.3
+PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_SOURCE_URL:=https://people.redhat.com/dhowells/keyutils/
-PKG_HASH:=c8b15722ae51d95b9ad76cc6d49a4c2cc19b0c60f72f61fb9bf43eea7cbd64ce
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/snapshot/
+PKG_HASH:=a61d5706136ae4c05bd48f86186bcfdbd88dd8bd5107e3e195c924cfc1b39bb4
PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
LICENSE_FILES:=LICENSE.GPL
endef
+define Package/keyutils
+ SECTION:=utils
+ CATEGORY:=Utilities
+ SUBMENU:=Encryption
+ TITLE:=keyutils (request-key and key.dns_resolver)
+ DEPENDS:=+libkeyutils
+ LICENSE:=GPL-2.0-or-later
+ LICENSE_FILES:=LICENSE.GPL
+endef
+
define Package/keyutils/description
Key utilities
endef
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libkeyutils.so.$(ABI_VERSION)* $(1)/usr/lib/
endef
+define Package/keyutils/install
+ $(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/keyutils $(1)/etc/request-key.d
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/request-key $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/key.dns_resolver $(1)/usr/sbin/
+ $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/request-key.conf $(1)/etc/
+endef
+
define Package/keyctl/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/keyctl $(1)/usr/bin
endef
$(eval $(call BuildPackage,libkeyutils))
+$(eval $(call BuildPackage,keyutils))
$(eval $(call BuildPackage,keyctl))
--- a/Makefile
+++ b/Makefile
-@@ -108,7 +108,7 @@ all: keyctl request-key key.dns_resolver
+@@ -109,7 +109,7 @@ all: keyctl request-key key.dns_resolver
###############################################################################
#RPATH = -Wl,-rpath,$(LIBDIR)
--- a/key.dns_resolver.c
+++ b/key.dns_resolver.c
-@@ -529,12 +529,12 @@ int main(int argc, char *argv[])
+@@ -717,12 +717,12 @@ int main(int argc, char *argv[])
keyend = buf + ktlen + 1;
/* the actual key description follows the last semicolon */
include $(TOPDIR)/rules.mk
PKG_NAME:=libarchive
-PKG_VERSION:=3.4.3
-PKG_RELEASE:=2
+PKG_VERSION:=3.5.1
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://www.libarchive.org/downloads
-PKG_HASH:=0bfc3fd40491768a88af8d9b86bf04a9e95b6d41a94f9292dbc0ec342288c05f
+PKG_HASH:=0e17d3a8d0b206018693b27f08029b598f6ef03600c2b5d10c94ce58692e299b
PKG_MAINTAINER:=Johannes Morgenroth <morgenroth@ibr.cs.tu-bs.de>
PKG_LICENSE:=BSD-2-Clause
--- /dev/null
+#
+# Copyright (C) 2020 Linos Giannopoulos
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=libcbor
+PKG_VERSION:=0.8.0
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/PJK/libcbor/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=618097166ea4a54499646998ccaa949a5816e6a665cf1d6df383690895217c8b
+
+PKG_LICENSE:=GPL-3.0-or-later
+PKG_LICENSE_FILES:=COPYING
+PKG_MAINTAINER:=Linos Giannopoulos <linosgian00+openwrt@gmail.com>
+
+CMAKE_OPTIONS += \
+ -DBUILD_SHARED_LIBS=ON
+CMAKE_INSTALL:=1
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+
+define Package/libcbor
+ SECTION:=libs
+ CATEGORY:=Libraries
+ TITLE:=libcbor
+ URL:=https://github.com/PJK/libcbor
+ ABI_VERSION:=0
+endef
+
+define Package/libcbor/description
+ libcbor is a C library for parsing and generating CBOR, the general-purpose schema-less binary data format.
+endef
+
+
+define Package/libcbor/install
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libcbor.so.* $(1)/usr/lib/
+endef
+
+$(eval $(call BuildPackage,libcbor))
include $(TOPDIR)/rules.mk
PKG_NAME:=libdaq3
-PKG_VERSION:=3.0.0-beta1
+PKG_VERSION:=3.0.0
PKG_RELEASE:=1
+PKG_SOURCE:=libdaq-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.snort.org/downloads/snortplus/
-PKG_SOURCE:=daq-$(PKG_VERSION).tar.gz
-PKG_HASH:=ef74aa1c30a6ee93eacbe7967d1c85d7df3214cf3783d4eabbb6b64305fd273e
-PKG_BUILD_DIR:=$(BUILD_DIR)/daq-$(PKG_VERSION)
+PKG_HASH:=4de807ab8c622e9ef8e0cfaa8dbd9231ece17d14dc9ebaa63add800475347b99
+PKG_BUILD_DIR:=$(BUILD_DIR)/libdaq-$(PKG_VERSION)
PKG_LICENSE:=GPL-2.0-only
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
+PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
PKG_NAME:=libdnet
PKG_VERSION:=1.14
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/ofalk/libdnet/tar.gz/$(PKG_NAME)-$(PKG_VERSION)?
--without-wpdpack
define Build/InstallDev
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/dnet-config $(1)/usr/bin/
+ $(SED) 's,^\(prefix\|exec_prefix\)=.*,\1=$(STAGING_DIR)/usr,g' $(1)/usr/bin/dnet-config
$(INSTALL_DIR) $(2)/bin
- $(INSTALL_BIN) \
- $(PKG_INSTALL_DIR)/usr/bin/dnet-config \
- $(2)/bin/
- $(SED) \
- 's,^\(prefix\|exec_prefix\)=.*,\1=$(STAGING_DIR)/usr,g' \
- $(2)/bin/dnet-config
+ $(LN) ../../usr/bin/dnet-config $(2)/bin/
$(INSTALL_DIR) $(1)/usr/include
$(INSTALL_DATA)\
include $(TOPDIR)/rules.mk
PKG_NAME:=libevdev
-PKG_VERSION:=1.10.0
+PKG_VERSION:=1.10.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://www.freedesktop.org/software/libevdev/
-PKG_HASH:=3522c26e2c148be0ad68ce26fbced408a4185dea90bfe8079dc82b8ace962d4a
+PKG_HASH:=0330fe8357ece915db9366c1b9a6648941aea6f724b73ad6e71401127aa08932
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
PKG_LICENSE:=MIT
--- /dev/null
+#
+# Copyright (C) 2020 Linos Giannopoulos
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=libfido2
+PKG_VERSION:=1.6.0
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/Yubico/libfido2/tar.gz/$(PKG_VERSION)?
+PKG_HASH:=6aed47aafd22be49c38f9281fb88ccd08c98678d9b8c39cdc87d1bb3ea2c63e4
+
+PKG_FORTIFY_SOURCE:=0
+CMAKE_INSTALL:=1
+
+TARGET_CFLAGS += -Wno-error=overflow -Wno-error=sign-conversion
+
+PKG_MAINTAINER:=Linos Giannopoulos <linosgian00+openwrt@gmail.com>
+PKG_LICENSE:=GPL-3.0-or-later
+PKG_LICENSE_FILES:=COPYING
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+
+define Package/libfido2
+ SECTION:=libs
+ CATEGORY:=Libraries
+ TITLE:=FIDO2 Library
+ URL:=https://github.com/Yubico/libfido2
+ ABI_VERSION:=1
+ DEPENDS += +libcbor +libopenssl +libudev
+endef
+
+define Package/libfido2/description
+ libfido2 provides library functionality and command-line tools to communicate with a FIDO device over USB, and to verify attestation and assertion signatures.
+
+ libfido2 supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2) protocols.
+endef
+
+
+define Package/libfido2/install
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libfido2.so.* $(1)/usr/lib/
+endef
+
+$(eval $(call BuildPackage,libfido2))
PKG_NAME:=libgpg-error
PKG_VERSION:=1.39
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://mirrors.dotsrc.org/gcrypt/libgpg-error \
2 files changed, 24 insertions(+)
create mode 100644 src/syscfg/lock-obj-pub.arc-unknown-linux-gnu.h
-diff --git a/src/Makefile.am b/src/Makefile.am
-index 380ea7c09c04..bd00961c2f27 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -48,6 +48,7 @@ lock_obj_pub = \
syscfg/lock-obj-pub.arm-unknown-linux-androideabi.h \
syscfg/lock-obj-pub.arm-unknown-linux-gnueabi.h \
syscfg/lock-obj-pub.arm-apple-darwin.h \
-diff --git a/src/syscfg/lock-obj-pub.arc-unknown-linux-gnu.h b/src/syscfg/lock-obj-pub.arc-unknown-linux-gnu.h
-new file mode 100644
-index 000000000000..3b1a8fadf8a7
--- /dev/null
+++ b/src/syscfg/lock-obj-pub.arc-unknown-linux-gnu.h
@@ -0,0 +1,23 @@
+## buffer-read-only: t
+## End:
+##
---
-2.17.1
--- /dev/null
+--- a/src/gen-lock-obj.sh
++++ b/src/gen-lock-obj.sh
+@@ -84,17 +84,16 @@ EOF
+ # USE_LONG_DOUBLE_FOR_ALIGNMENT
+ #
+
+-echo -n "#define GPGRT_LOCK_INITIALIZER {$LOCK_ABI_VERSION,{{"
++printf "#define GPGRT_LOCK_INITIALIZER {$LOCK_ABI_VERSION,{{"
+
+ i=0
+ while test "$i" -lt $ac_mtx_size; do
+ if test "$i" -ne 0 -a "$(( $i % 8 ))" -eq 0; then
+- echo ' \'
+- echo -n " "
++ printf " %s\n " "\\"
+ fi
+- echo -n '0'
++ printf '0'
+ if test "$i" -lt $(($ac_mtx_size - 1)); then
+- echo -n ','
++ printf ','
+ fi
+ i=$(( i + 1 ))
+ done
PKG_NAME:=libgphoto2
PKG_VERSION:=2.5.26
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PORT_VERSION:=0.12.0
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
define Package/libgphoto2/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libgphoto2{,_port}.so.* $(1)/usr/lib/
- ln -s $(1)/usr/lib/libgphoto2_port.so.12 $(1)/usr/lib/libgphoto2_port.so.10
+ $(LN) libgphoto2_port.so.12 $(1)/usr/lib/libgphoto2_port.so.10
$(INSTALL_DIR) $(1)/usr/lib/libgphoto2
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libgphoto2/print-camera-list $(1)/usr/lib/libgphoto2/print-camera-list
endef
PKG_NAME:=libimobiledevice
PKG_VERSION:=1.3.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://www.libimobiledevice.org/downloads
--- /dev/null
+From b5d575c118ecfc2afcb12739433e916527182327 Mon Sep 17 00:00:00 2001
+From: Nikias Bassen <nikias@gmx.li>
+Date: Fri, 7 Aug 2020 00:50:46 +0200
+Subject: [PATCH] mobilebackup2: Set DeviceLink version to 400 to support iOS
+ 14b4+
+
+---
+ src/mobilebackup2.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/mobilebackup2.c
++++ b/src/mobilebackup2.c
+@@ -30,7 +30,7 @@
+ #include "device_link_service.h"
+ #include "common/debug.h"
+
+-#define MBACKUP2_VERSION_INT1 300
++#define MBACKUP2_VERSION_INT1 400
+ #define MBACKUP2_VERSION_INT2 0
+
+ #define IS_FLAG_SET(x, y) ((x & y) == y)
--- /dev/null
+From d857a83272d921929ae6ccf1fa70d85768840e84 Mon Sep 17 00:00:00 2001
+From: Nikias Bassen <nikias@gmx.li>
+Date: Mon, 10 Aug 2020 15:39:56 +0200
+Subject: [PATCH] screenshotr: Set DeviceLink version to 400 to support iOS
+ 14b4+
+
+---
+ src/screenshotr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/screenshotr.c
++++ b/src/screenshotr.c
+@@ -30,7 +30,7 @@
+ #include "device_link_service.h"
+ #include "common/debug.h"
+
+-#define SCREENSHOTR_VERSION_INT1 300
++#define SCREENSHOTR_VERSION_INT1 400
+ #define SCREENSHOTR_VERSION_INT2 0
+
+ /**
--- /dev/null
+From 98056a89648f431759c5fa4ed87c6ea6ba0cdd3f Mon Sep 17 00:00:00 2001
+From: Nikias Bassen <nikias@gmx.li>
+Date: Thu, 10 Sep 2020 15:12:21 +0200
+Subject: [PATCH] debugserver: Fix service startup for iOS 14b4+
+
+---
+ include/libimobiledevice/debugserver.h | 1 +
+ include/libimobiledevice/lockdown.h | 1 +
+ src/debugserver.c | 11 +++++++++--
+ src/lockdown.c | 5 ++++-
+ 4 files changed, 15 insertions(+), 3 deletions(-)
+
+--- a/include/libimobiledevice/debugserver.h
++++ b/include/libimobiledevice/debugserver.h
+@@ -31,6 +31,7 @@ extern "C" {
+ #include <libimobiledevice/lockdown.h>
+
+ #define DEBUGSERVER_SERVICE_NAME "com.apple.debugserver"
++#define DEBUGSERVER_SECURE_SERVICE_NAME DEBUGSERVER_SERVICE_NAME ".DVTSecureSocketProxy"
+
+ /** Error Codes */
+ typedef enum {
+--- a/include/libimobiledevice/lockdown.h
++++ b/include/libimobiledevice/lockdown.h
+@@ -96,6 +96,7 @@ typedef struct lockdownd_pair_record *lockdownd_pair_record_t;
+ struct lockdownd_service_descriptor {
+ uint16_t port;
+ uint8_t ssl_enabled;
++ char* identifier;
+ };
+ typedef struct lockdownd_service_descriptor *lockdownd_service_descriptor_t;
+
+--- a/src/debugserver.c
++++ b/src/debugserver.c
+@@ -80,7 +80,10 @@ LIBIMOBILEDEVICE_API debugserver_error_t debugserver_client_new(idevice_t device
+ debug_info("Creating base service client failed. Error: %i", ret);
+ return ret;
+ }
+- service_disable_bypass_ssl(parent, 1);
++
++ if (service->identifier && (strcmp(service->identifier, DEBUGSERVER_SECURE_SERVICE_NAME) != 0)) {
++ service_disable_bypass_ssl(parent, 1);
++ }
+
+ debugserver_client_t client_loc = (debugserver_client_t) malloc(sizeof(struct debugserver_client_private));
+ client_loc->parent = parent;
+@@ -95,7 +98,11 @@ LIBIMOBILEDEVICE_API debugserver_error_t debugserver_client_new(idevice_t device
+ LIBIMOBILEDEVICE_API debugserver_error_t debugserver_client_start_service(idevice_t device, debugserver_client_t * client, const char* label)
+ {
+ debugserver_error_t err = DEBUGSERVER_E_UNKNOWN_ERROR;
+- service_client_factory_start_service(device, DEBUGSERVER_SERVICE_NAME, (void**)client, label, SERVICE_CONSTRUCTOR(debugserver_client_new), &err);
++ service_client_factory_start_service(device, DEBUGSERVER_SECURE_SERVICE_NAME, (void**)client, label, SERVICE_CONSTRUCTOR(debugserver_client_new), &err);
++ if (err != DEBUGSERVER_E_SUCCESS) {
++ err = DEBUGSERVER_E_UNKNOWN_ERROR;
++ service_client_factory_start_service(device, DEBUGSERVER_SERVICE_NAME, (void**)client, label, SERVICE_CONSTRUCTOR(debugserver_client_new), &err);
++ }
+ return err;
+ }
+
+--- a/src/lockdown.c
++++ b/src/lockdown.c
+@@ -1307,6 +1307,7 @@ static lockdownd_error_t lockdownd_do_start_service(lockdownd_client_t client, c
+ *service = (lockdownd_service_descriptor_t)malloc(sizeof(struct lockdownd_service_descriptor));
+ (*service)->port = 0;
+ (*service)->ssl_enabled = 0;
++ (*service)->identifier = strdup(identifier);
+
+ /* read service port number */
+ plist_t node = plist_dict_get_item(dict, "Port");
+@@ -1511,8 +1512,10 @@ LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_data_classes_free(char **classe
+
+ LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_service_descriptor_free(lockdownd_service_descriptor_t service)
+ {
+- if (service)
++ if (service) {
++ free(service->identifier);
+ free(service);
++ }
+
+ return LOCKDOWN_E_SUCCESS;
+ }
include $(TOPDIR)/rules.mk
PKG_NAME:=libinput
-PKG_VERSION:=1.16.3
+PKG_VERSION:=1.16.4
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://www.freedesktop.org/software/libinput
-PKG_HASH:=dc5e1ae51ec1cc635ca96f61118b0f07dfea783cab0747a60f3555068bb077e4
+PKG_HASH:=65923a06d5a8970e4a999c4668797b9b689614b62b1d44432ab1c87b65e39e29
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
PKG_LICENSE:=MIT
#
-# Copyright (C) 2019-2020 CZ.NIC z.s.p.o. (http://www.nic.cz/)
+# Copyright (C) 2019-2021 CZ.NIC z.s.p.o. (http://www.nic.cz/)
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=libmaxminddb
-PKG_VERSION:=1.4.3
+PKG_VERSION:=1.5.0
PKG_RELEASE=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/maxmind/libmaxminddb/releases/download/$(PKG_VERSION)/
-PKG_HASH:=a5fdf6c7b4880fdc7620f8ace5bd5cbe9f65650c9493034b5b9fc7d83551a439
+PKG_HASH:=7c56e791ff2a655215e7ed3864b1ffdd7d34a38835779efed56a42f056bd58aa
PKG_INSTALL:=1
PKG_FIXUP:=autoreconf
include $(TOPDIR)/rules.mk
PKG_NAME:=libmbim
-PKG_VERSION:=1.24.4
+PKG_VERSION:=1.24.6
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://www.freedesktop.org/software/libmbim
-PKG_HASH:=dd488ee6176243a6adb27a5872897336272ea7bea33a3ad501ba268e5a58b285
+PKG_HASH:=760465caaa1ccd699c14290e9791da456d5300dd11ebf4c1486151033e875dfd
PKG_MAINTAINER:=Nicholas Smith <nicholas.smith@telcoantennas.com.au>
include $(TOPDIR)/rules.mk
PKG_NAME:=libnetconf2
-PKG_VERSION:=1.1.26
+PKG_VERSION:=1.1.36
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/CESNET/libnetconf2/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=2ce2b819f3544fd46a3a4c8ba6dd0a3798cab2a63aa347bc1eb5275a2c89b7bd
+PKG_HASH:=17aa551380ffcccc3bfd928edbcc170cbe85b0f336b361d5f03ede8f3e5f6348
PKG_MAINTAINER:=Jakov Smolic <jakov.smolic@sartura.hr>
PKG_LICENSE:=BSD-3-Clause
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index f21fec9..5b912af 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
-@@ -148,7 +148,7 @@ endif()
+@@ -180,7 +180,7 @@ endif()
# dependencies - libssh
if(ENABLE_SSH)
- find_package(LibSSH 0.7.0 REQUIRED)
+ find_package(LibSSH 0.7.1 REQUIRED)
- if(LIBSSH_VERSION VERSION_EQUAL 0.9.3 OR LIBSSH_VERSION VERSION_EQUAL 0.9.4)
+ if(LIBSSH_VERSION VERSION_EQUAL 0.9.x)
message(FATAL_ERROR "LibSSH ${LIBSSH_VERSION} includes regression bugs and libnetconf2 will NOT work properly, try to use another version")
endif()
---
-2.26.2
-
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=libpfring
-PKG_VERSION:=7.6.0
+PKG_VERSION:=7.8.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/ntop/PF_RING/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=8f1eb1c5a823984c0ab9e1f9b00b67755a729c17112f48ed618f7ffd717c52d7
+PKG_HASH:=3c7a563ee3ff58c76525c4f66ef711ecd66b080eadfcef99aa1d08df12f65ec0
PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/PF_RING-$(PKG_VERSION)
PKG_MAINTAINER:=Banglang Huang <banglang.huang@foxmail.com>
--- /dev/null
+--- a/kernel/pf_ring.c
++++ b/kernel/pf_ring.c
+@@ -6806,11 +6806,21 @@ int sk_detach_filter(struct sock *sk)
+ #endif
+
+ /* ************************************* */
++#if(LINUX_VERSION_CODE < KERNEL_VERSION(5,9,0))
++#define copy_from_sockptr copy_from_user
++#define copy_to_sockptr copy_to_user
++#else
++#define copy_to_sockptr(dst,src,size) copy_to_sockptr_offset(dst, 0, src, size)
++#endif
+
+ /* Code taken/inspired from core/sock.c */
+ static int ring_setsockopt(struct socket *sock,
+ int level, int optname,
++#if(LINUX_VERSION_CODE < KERNEL_VERSION(5,9,0))
+ char __user * optval,
++#else
++ sockptr_t optval,
++#endif
+ unsigned
+ int optlen)
+ {
+@@ -6842,7 +6852,7 @@ static int ring_setsockopt(struct socket *sock,
+
+ ret = -EFAULT;
+
+- if(copy_from_user(&fprog, optval, sizeof(fprog)))
++ if(copy_from_sockptr(&fprog, optval, sizeof(fprog)))
+ break;
+
+ if(fprog.len <= 1) { /* empty filter */
+@@ -6888,7 +6898,7 @@ static int ring_setsockopt(struct socket *sock,
+ if(optlen != sizeof(cluster))
+ return(-EINVAL);
+
+- if(copy_from_user(&cluster, optval, sizeof(cluster)))
++ if(copy_from_sockptr(&cluster, optval, sizeof(cluster)))
+ return(-EFAULT);
+
+ write_lock_bh(&pfr->ring_rules_lock);
+@@ -6911,7 +6921,7 @@ static int ring_setsockopt(struct socket *sock,
+ if(optlen != sizeof(channel_id_mask))
+ return(-EINVAL);
+
+- if(copy_from_user(&channel_id_mask, optval, sizeof(channel_id_mask)))
++ if(copy_from_sockptr(&channel_id_mask, optval, sizeof(channel_id_mask)))
+ return(-EFAULT);
+
+ num_channels = 0;
+@@ -6967,7 +6977,7 @@ static int ring_setsockopt(struct socket *sock,
+ if(optlen > sizeof(name) /* Names should not be too long */ )
+ return(-EINVAL);
+
+- if(copy_from_user(&name, optval, optlen))
++ if(copy_from_sockptr(&name, optval, optlen))
+ return(-EFAULT);
+
+ if(pfr->appl_name != NULL)
+@@ -6985,7 +6995,7 @@ static int ring_setsockopt(struct socket *sock,
+ if(optlen != sizeof(direction))
+ return(-EINVAL);
+
+- if(copy_from_user(&direction, optval, sizeof(direction)))
++ if(copy_from_sockptr(&direction, optval, sizeof(direction)))
+ return(-EFAULT);
+
+ pfr->direction = direction;
+@@ -6999,7 +7009,7 @@ static int ring_setsockopt(struct socket *sock,
+ if(optlen != sizeof(sockmode))
+ return(-EINVAL);
+
+- if(copy_from_user(&sockmode, optval, sizeof(sockmode)))
++ if(copy_from_sockptr(&sockmode, optval, sizeof(sockmode)))
+ return(-EFAULT);
+
+ pfr->mode = sockmode;
+@@ -7013,7 +7023,7 @@ static int ring_setsockopt(struct socket *sock,
+ if(optlen != sizeof(rule_inactivity))
+ return(-EINVAL);
+
+- if(copy_from_user(&rule_inactivity, optval, sizeof(rule_inactivity)))
++ if(copy_from_sockptr(&rule_inactivity, optval, sizeof(rule_inactivity)))
+ return(-EFAULT);
+ else {
+ write_lock_bh(&pfr->ring_rules_lock);
+@@ -7027,7 +7037,7 @@ static int ring_setsockopt(struct socket *sock,
+ if(optlen != sizeof(rule_inactivity))
+ return(-EINVAL);
+
+- if(copy_from_user(&rule_inactivity, optval, sizeof(rule_inactivity)))
++ if(copy_from_sockptr(&rule_inactivity, optval, sizeof(rule_inactivity)))
+ return(-EFAULT);
+ else {
+ write_lock_bh(&pfr->ring_rules_lock);
+@@ -7043,7 +7053,7 @@ static int ring_setsockopt(struct socket *sock,
+ else {
+ u_int8_t new_policy;
+
+- if(copy_from_user(&new_policy, optval, optlen))
++ if(copy_from_sockptr(&new_policy, optval, optlen))
+ return(-EFAULT);
+
+ write_lock_bh(&pfr->ring_rules_lock);
+@@ -7075,7 +7085,7 @@ static int ring_setsockopt(struct socket *sock,
+ if(rule == NULL)
+ return(-EFAULT);
+
+- if(copy_from_user(&rule->rule, optval, optlen))
++ if(copy_from_sockptr(&rule->rule, optval, optlen))
+ return(-EFAULT);
+
+ INIT_LIST_HEAD(&rule->list);
+@@ -7099,7 +7109,7 @@ static int ring_setsockopt(struct socket *sock,
+ if(rule == NULL)
+ return(-EFAULT);
+
+- if(copy_from_user(&rule->rule, optval, optlen))
++ if(copy_from_sockptr(&rule->rule, optval, optlen))
+ return(-EFAULT);
+
+ write_lock_bh(&pfr->ring_rules_lock);
+@@ -7123,7 +7133,7 @@ static int ring_setsockopt(struct socket *sock,
+ /* This is a list rule */
+ int rc;
+
+- if(copy_from_user(&rule_id, optval, optlen))
++ if(copy_from_sockptr(&rule_id, optval, optlen))
+ return(-EFAULT);
+
+ write_lock_bh(&pfr->ring_rules_lock);
+@@ -7139,7 +7149,7 @@ static int ring_setsockopt(struct socket *sock,
+ sw_filtering_hash_bucket rule;
+ int rc;
+
+- if(copy_from_user(&rule.rule, optval, optlen))
++ if(copy_from_sockptr(&rule.rule, optval, optlen))
+ return(-EFAULT);
+
+ write_lock_bh(&pfr->ring_rules_lock);
+@@ -7156,7 +7166,7 @@ static int ring_setsockopt(struct socket *sock,
+ if(optlen != sizeof(pfr->sample_rate))
+ return(-EINVAL);
+
+- if(copy_from_user(&pfr->sample_rate, optval, sizeof(pfr->sample_rate)))
++ if(copy_from_sockptr(&pfr->sample_rate, optval, sizeof(pfr->sample_rate)))
+ return(-EFAULT);
+ break;
+
+@@ -7164,7 +7174,7 @@ static int ring_setsockopt(struct socket *sock,
+ if(optlen != sizeof(pfr->filtering_sample_rate))
+ return(-EINVAL);
+
+- if(copy_from_user(&pfr->filtering_sample_rate, optval, sizeof(pfr->filtering_sample_rate)))
++ if(copy_from_sockptr(&pfr->filtering_sample_rate, optval, sizeof(pfr->filtering_sample_rate)))
+ return(-EFAULT);
+
+ pfr->filtering_sampling_size = pfr->filtering_sample_rate;
+@@ -7231,7 +7241,7 @@ static int ring_setsockopt(struct socket *sock,
+ else
+ threshold = min_num_slots;
+
+- if(copy_from_user(&pfr->poll_num_pkts_watermark, optval, optlen))
++ if(copy_from_sockptr(&pfr->poll_num_pkts_watermark, optval, optlen))
+ return(-EFAULT);
+
+ if(pfr->poll_num_pkts_watermark > threshold)
+@@ -7248,7 +7258,7 @@ static int ring_setsockopt(struct socket *sock,
+ if(optlen != sizeof(u_int16_t))
+ return(-EINVAL);
+ else {
+- if(copy_from_user(&pfr->poll_watermark_timeout, optval, optlen))
++ if(copy_from_sockptr(&pfr->poll_watermark_timeout, optval, optlen))
+ return(-EFAULT);
+ debug_printk(2, "--> SO_SET_POLL_WATERMARK_TIMEOUT=%u\n", pfr->poll_watermark_timeout);
+ }
+@@ -7258,7 +7268,7 @@ static int ring_setsockopt(struct socket *sock,
+ if(optlen != sizeof(u_int32_t))
+ return(-EINVAL);
+
+- if(copy_from_user(&pfr->bucket_len, optval, optlen))
++ if(copy_from_sockptr(&pfr->bucket_len, optval, optlen))
+ return(-EFAULT);
+
+ debug_printk(2, "--> SO_RING_BUCKET_LEN=%d\n", pfr->bucket_len);
+@@ -7268,7 +7278,7 @@ static int ring_setsockopt(struct socket *sock,
+ if(optlen != sizeof(zc_dev_mapping))
+ return(-EINVAL);
+
+- if(copy_from_user(&mapping, optval, optlen))
++ if(copy_from_sockptr(&mapping, optval, optlen))
+ return(-EFAULT);
+
+ debug_printk(2, "SO_SELECT_ZC_DEVICE %s\n", mapping.device_name);
+@@ -7278,7 +7288,7 @@ static int ring_setsockopt(struct socket *sock,
+ else
+ ret = pfring_release_zc_dev(pfr);
+
+- if(copy_to_user(optval, &mapping, optlen)) /* returning device_model*/
++ if(copy_to_sockptr(optval, &mapping, optlen)) /* returning device_model*/
+ return(-EFAULT);
+
+ break;
+@@ -7291,7 +7301,7 @@ static int ring_setsockopt(struct socket *sock,
+ if(optlen != sizeof(ring_id))
+ return(-EINVAL);
+
+- if(copy_from_user(&ring_id, optval, sizeof(ring_id)))
++ if(copy_from_sockptr(&ring_id, optval, sizeof(ring_id)))
+ return(-EFAULT);
+
+ write_lock_bh(&pfr->ring_rules_lock);
+@@ -7303,7 +7313,7 @@ static int ring_setsockopt(struct socket *sock,
+ if(optlen != sizeof(hw_filtering_rule))
+ return(-EINVAL);
+
+- if(copy_from_user(&hw_rule, optval, sizeof(hw_rule)))
++ if(copy_from_sockptr(&hw_rule, optval, sizeof(hw_rule)))
+ return(-EFAULT);
+
+ /* Check if a rule with the same id exists */
+@@ -7343,7 +7353,7 @@ static int ring_setsockopt(struct socket *sock,
+ if(optlen != sizeof(u_int16_t))
+ return(-EINVAL);
+
+- if(copy_from_user(&rule_id, optval, sizeof(u_int16_t)))
++ if(copy_from_sockptr(&rule_id, optval, sizeof(u_int16_t)))
+ return(-EFAULT);
+
+ /* Check if the rule we want to remove exists */
+@@ -7381,7 +7391,7 @@ static int ring_setsockopt(struct socket *sock,
+ if(optlen != sizeof(elem))
+ return(-EINVAL);
+
+- if(copy_from_user(&elem, optval, sizeof(elem)))
++ if(copy_from_sockptr(&elem, optval, sizeof(elem)))
+ return(-EFAULT);
+
+ if((pfr->v_filtering_dev = add_virtual_filtering_device(pfr, &elem)) == NULL)
+@@ -7402,14 +7412,14 @@ static int ring_setsockopt(struct socket *sock,
+ if(optlen < sizeof(ccri))
+ return(-EINVAL);
+
+- if(copy_from_user(&ccri, optval, sizeof(ccri)))
++ if(copy_from_sockptr(&ccri, optval, sizeof(ccri)))
+ return(-EFAULT);
+
+ if(create_cluster_referee(pfr, ccri.cluster_id, &ccri.recovered) < 0)
+ return(-EINVAL);
+
+ /* copying back the structure (actually we need ccri.recovered only) */
+- if(copy_to_user(optval, &ccri, sizeof(ccri))) {
++ if(copy_to_sockptr(optval, &ccri, sizeof(ccri))) {
+ remove_cluster_referee(pfr);
+ return(-EFAULT);
+ }
+@@ -7422,7 +7432,7 @@ static int ring_setsockopt(struct socket *sock,
+ {
+ struct public_cluster_object_info pcoi;
+
+- if(copy_from_user(&pcoi, optval, sizeof(pcoi)))
++ if(copy_from_sockptr(&pcoi, optval, sizeof(pcoi)))
+ return(-EFAULT);
+
+ if(publish_cluster_object(pfr, pcoi.cluster_id, pcoi.object_type, pcoi.object_id) < 0)
+@@ -7436,7 +7446,7 @@ static int ring_setsockopt(struct socket *sock,
+ {
+ struct lock_cluster_object_info lcoi;
+
+- if(copy_from_user(&lcoi, optval, sizeof(lcoi)))
++ if(copy_from_sockptr(&lcoi, optval, sizeof(lcoi)))
+ return(-EFAULT);
+
+ if(lock_cluster_object(pfr, lcoi.cluster_id, lcoi.object_type, lcoi.object_id, lcoi.lock_mask) < 0)
+@@ -7450,7 +7460,7 @@ static int ring_setsockopt(struct socket *sock,
+ {
+ struct lock_cluster_object_info lcoi;
+
+- if(copy_from_user(&lcoi, optval, sizeof(lcoi)))
++ if(copy_from_sockptr(&lcoi, optval, sizeof(lcoi)))
+ return(-EFAULT);
+
+ if(unlock_cluster_object(pfr, lcoi.cluster_id, lcoi.object_type, lcoi.object_id, lcoi.lock_mask) < 0)
+@@ -7465,7 +7475,7 @@ static int ring_setsockopt(struct socket *sock,
+ if(optlen > (sizeof(pfr->custom_bound_device_name)-1))
+ optlen = sizeof(pfr->custom_bound_device_name)-1;
+
+- if(copy_from_user(&pfr->custom_bound_device_name, optval, optlen)) {
++ if(copy_from_sockptr(&pfr->custom_bound_device_name, optval, optlen)) {
+ pfr->custom_bound_device_name[0] = '\0';
+ return(-EFAULT);
+ } else
+@@ -7490,7 +7500,7 @@ static int ring_setsockopt(struct socket *sock,
+ if(optlen > (sizeof(pfr->statsString)-1))
+ optlen = sizeof(pfr->statsString)-1;
+
+- if(copy_from_user(&pfr->statsString, optval, optlen)) {
++ if(copy_from_sockptr(&pfr->statsString, optval, optlen)) {
+ pfr->statsString[0] = '\0';
+ return(-EFAULT);
+ }
+@@ -7511,7 +7521,7 @@ static int ring_setsockopt(struct socket *sock,
+ if(optlen != sizeof(u_int32_t))
+ return (-EINVAL);
+
+- if(copy_from_user(&enable_promisc, optval, optlen))
++ if(copy_from_sockptr(&enable_promisc, optval, optlen))
+ return (-EFAULT);
+
+ if(!pfr->ring_dev || pfr->ring_dev == &none_device_element || pfr->ring_dev == &any_device_element) {
+@@ -7537,7 +7547,7 @@ static int ring_setsockopt(struct socket *sock,
+ if(optlen != sizeof(vlan_id))
+ return(-EINVAL);
+
+- if(copy_from_user(&vlan_id, optval, sizeof(vlan_id)))
++ if(copy_from_sockptr(&vlan_id, optval, sizeof(vlan_id)))
+ return(-EFAULT);
+
+ pfr->vlan_id = vlan_id;
PKG_NAME:=libpng
PKG_VERSION:=1.6.37
-PKG_RELEASE:=8
+PKG_RELEASE:=10
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@SF/libpng
CMAKE_OPTIONS += \
-DCMAKE_POSITION_INDEPENDENT_CODE=ON \
- -DPNG_BUILD_ZLIB=ON \
+ -DPNG_BUILD_ZLIB=OFF \
-DPNG_SHARED=ON \
-DPNG_STATIC=ON \
+ -DPNG_EXECUTABLES=OFF \
-DPNG_TESTS=OFF \
-DPNG_FRAMEWORK=OFF \
-DPNG_DEBUG=OFF \
-DPNG_HARDWARE_OPTIMIZATIONS=O$(if $(findstring powerpc,$(CONFIG_ARCH))$(findstring mipsel,$(CONFIG_ARCH)),FF,N) \
-Dld-version-script=OFF
-TARGET_LDFLAGS += -lz
-
define Build/InstallDev
$(call Build/InstallDev/cmake,$(1))
$(SED) 's,^\(prefix\|exec_prefix\)=.*,\1=$(STAGING_DIR)/usr,g' $(1)/usr/bin/libpng{,16}-config
--- /dev/null
+From 28c0f8895e4ac270b56b5c7e8089dd2417bc4e3c Mon Sep 17 00:00:00 2001
+From: Alex Gaynor <alex.gaynor@gmail.com>
+Date: Sun, 20 May 2018 18:46:32 -0400
+Subject: [PATCH] cmake: Add an option to enable/disable building of
+ executables
+
+Add the CMake option PNG_EXECUTABLES (on by default) in order to
+allow or disallow the building of non-essential executable programs
+associated with libpng.
+
+Contributed-by: Alex Gaynor <alex.gaynor@gmail.com>
+Contributed-by: Cosmin Truta <ctruta@gmail.com>
+Signed-off-by: Cosmin Truta <ctruta@gmail.com>
+---
+ CMakeLists.txt | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -53,7 +53,8 @@ endif()
+ # COMMAND LINE OPTIONS
+ option(PNG_SHARED "Build shared lib" ON)
+ option(PNG_STATIC "Build static lib" ON)
+-option(PNG_TESTS "Build libpng tests" ON)
++option(PNG_EXECUTABLES "Build libpng executables" ON)
++option(PNG_TESTS "Build libpng tests" ON)
+
+ # Many more configuration options could be added here
+ option(PNG_FRAMEWORK "Build OS X framework" OFF)
+@@ -747,7 +748,7 @@ if(PNG_TESTS AND PNG_SHARED)
+ png_add_test(NAME pngimage-full COMMAND pngimage OPTIONS --exhaustive --list-combos --log FILES ${PNGSUITE_PNGS})
+ endif()
+
+-if(PNG_SHARED)
++if(PNG_SHARED AND PNG_EXECUTABLES)
+ add_executable(pngfix ${pngfix_sources})
+ target_link_libraries(pngfix png)
+ set(PNG_BIN_TARGETS pngfix)
--- /dev/null
+From 9f734b13f4ea062af98652c4c7678f667d2d85c7 Mon Sep 17 00:00:00 2001
+From: David Callu <callu.david@gmail.com>
+Date: Thu, 4 Jul 2019 15:15:53 +0200
+Subject: [PATCH] cmake: Use the correct ZLIB_* variable names
+
+ZLIB_LIBRARIES and ZLIB_INCLUDE_DIRS are the official cmake variable
+names.
+---
+ CMakeLists.txt | 15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -40,7 +40,7 @@ option(PNG_BUILD_ZLIB "Custom zlib Locat
+
+ if(NOT PNG_BUILD_ZLIB)
+ find_package(ZLIB REQUIRED)
+- include_directories(${ZLIB_INCLUDE_DIR})
++ include_directories(${ZLIB_INCLUDE_DIRS})
+ endif()
+
+ if(UNIX AND NOT APPLE AND NOT BEOS AND NOT HAIKU)
+@@ -523,7 +523,7 @@ if(PNG_DEBUG)
+ endif()
+
+ # NOW BUILD OUR TARGET
+-include_directories(${CMAKE_CURRENT_SOURCE_DIR} ${ZLIB_INCLUDE_DIR})
++include_directories(${CMAKE_CURRENT_SOURCE_DIR} ${ZLIB_INCLUDE_DIRS})
+
+ unset(PNG_LIB_TARGETS)
+
+@@ -537,7 +537,7 @@ if(PNG_SHARED)
+ set_target_properties(png PROPERTIES PREFIX "lib")
+ set_target_properties(png PROPERTIES IMPORT_PREFIX "lib")
+ endif()
+- target_link_libraries(png ${ZLIB_LIBRARY} ${M_LIBRARY})
++ target_link_libraries(png ${ZLIB_LIBRARIES} ${M_LIBRARY})
+
+ if(UNIX AND AWK)
+ if(HAVE_LD_VERSION_SCRIPT)
+@@ -572,7 +572,7 @@ if(PNG_STATIC)
+ # msvc does not append 'lib' - do it here to have consistent name
+ set_target_properties(png_static PROPERTIES PREFIX "lib")
+ endif()
+- target_link_libraries(png_static ${ZLIB_LIBRARY} ${M_LIBRARY})
++ target_link_libraries(png_static ${ZLIB_LIBRARIES} ${M_LIBRARY})
+ endif()
+
+ if(PNG_FRAMEWORK)
+@@ -589,7 +589,7 @@ if(PNG_FRAMEWORK)
+ XCODE_ATTRIBUTE_INSTALL_PATH "@rpath"
+ PUBLIC_HEADER "${libpng_public_hdrs}"
+ OUTPUT_NAME png)
+- target_link_libraries(png_framework ${ZLIB_LIBRARY} ${M_LIBRARY})
++ target_link_libraries(png_framework ${ZLIB_LIBRARIES} ${M_LIBRARY})
+ endif()
+
+ if(NOT PNG_LIB_TARGETS)
+@@ -754,7 +754,7 @@ if(PNG_SHARED AND PNG_EXECUTABLES)
+ set(PNG_BIN_TARGETS pngfix)
+
+ add_executable(png-fix-itxt ${png_fix_itxt_sources})
+- target_link_libraries(png-fix-itxt ${ZLIB_LIBRARY} ${M_LIBRARY})
++ target_link_libraries(png-fix-itxt ${ZLIB_LIBRARIES} ${M_LIBRARY})
+ list(APPEND PNG_BIN_TARGETS png-fix-itxt)
+ endif()
+
--- /dev/null
+From dbe3e0c43e549a1602286144d94b0666549b18e6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
+Date: Mon, 19 Mar 2018 12:41:47 -0300
+Subject: [PATCH] libpng.pc.in: zlib dependency is private
+
+zlib should be injected only when pkgconfig is ran with the --static
+option.
+---
+ libpng.pc.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/libpng.pc.in
++++ b/libpng.pc.in
+@@ -6,7 +6,7 @@ includedir=@includedir@/libpng@PNGLIB_MA
+ Name: libpng
+ Description: Loads and saves PNG files
+ Version: @PNGLIB_VERSION@
+-Requires: zlib
++Requires.private: zlib
+ Libs: -L${libdir} -lpng@PNGLIB_MAJOR@@PNGLIB_MINOR@
+ Libs.private: @LIBS@
+ Cflags: -I${includedir}
set(CMAKE_C_FLAGS @CMAKE_C_FLAGS@)
set(INCDIR "@CMAKE_CURRENT_BINARY_DIR@")
set(PNG_PREFIX "@PNG_PREFIX@")
-@@ -58,7 +59,7 @@ if ("${INPUTEXT}" STREQUAL ".c" AND "${OUTPUTEXT}" STREQUAL ".out")
+@@ -58,7 +59,7 @@ if ("${INPUTEXT}" STREQUAL ".c" AND "${O
set(PNG_PREFIX_DEF "-DPNG_PREFIX=${PNG_PREFIX}")
endif()
--- /dev/null
+menu "Options"
+ depends on PACKAGE_libpqxx
+
+config LIBPQXX_STATIC
+ bool "Build static library"
+ default y
+ help
+ Build static (.a) library
+
+config LIBPQXX_SHARED
+ bool "Build and install shared library"
+ default n
+ help
+ Build and install shared (.so) library
+
+config LIBPQXX_INSTALL_TEST
+ bool "Build and install test suite"
+ default n
+ depends on LIBPQXX_STATIC || LIBPQXX_SHARED
+ help
+ Build and install a test suite against a real server.
+ One can run this suite on a target platform to ensure
+ that the library is built the way it should and operating
+ correctly.
+
+endmenu
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=libpqxx
+PKG_VERSION:=7.3.1
+PKG_RELEASE:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/jtv/libpqxx
+PKG_SOURCE_VERSION:=$(PKG_VERSION)
+PKG_MIRROR_HASH:=6d5b66f01285310a53815963d56f5137be2d05fe426b0e15d73cd8df92b84989
+
+CMAKE_INSTALL:=1
+
+PKG_MAINTAINER:=Igor Bezzubchenko <garikello@gmail.com>
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+
+define Package/libpqxx
+ SECTION:=libs
+ CATEGORY:=Libraries
+ DEPENDS:=+libpq +libstdcpp
+ TITLE:=PostgreSQL client library (C++ interface)
+ URL:=http://pqxx.org/development/libpqxx
+ SUBMENU:=Database
+endef
+
+define Package/libpqxx/config
+ source "$(SOURCE)/Config.in"
+endef
+
+CMAKE_OPTIONS += \
+ -DBUILD_DOC=OFF \
+ -DBUILD_STATIC_LIBS=O$(if $(CONFIG_LIBPQXX_STATIC),N,FF) \
+ -DBUILD_SHARED_LIBS=O$(if $(CONFIG_LIBPQXX_SHARED),N,FF) \
+ $(if $(CONFIG_LIBPQXX_INSTALL_TEST),\
+ -DINSTALL_TEST=ON -DSKIP_BUILD_TEST=OFF, \
+ -DINSTALL_TEST=OFF -DSKIP_BUILD_TEST=ON \
+ )
+
+define Package/libpqxx/install
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(if $(CONFIG_LIBPQXX_SHARED), \
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libpqxx*.so $(1)/usr/lib/)
+ $(if $(CONFIG_LIBPQXX_INSTALL_TEST), \
+ $(CP) $(PKG_INSTALL_DIR)/usr/bin/libpqxx* $(1)/usr/bin/)
+endef
+
+$(eval $(call BuildPackage,libpqxx))
include $(TOPDIR)/rules.mk
PKG_NAME:=libqmi
-PKG_VERSION:=1.26.6
-PKG_RELEASE:=2
+PKG_VERSION:=1.26.8
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://www.freedesktop.org/software/libqmi
-PKG_HASH:=a71963bb1097a42665287e40a9a36f95b8f9d6d6a4b7a5de22d660328af97cb9
+PKG_HASH:=ef76dc95ab0a06321a1bd25e875489cba12c9f6611974ca0135cf067bb20c960
PKG_MAINTAINER:=Nicholas Smith <nicholas.smith@telcoantennas.com.au>
PKG_NAME:=libradiotap
PKG_VERSION:=2020-06-22
-PKG_RELEASE:=1
+PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/radiotap/radiotap-library.git
include $(TOPDIR)/rules.mk
PKG_NAME:=libuhttpd
-PKG_VERSION:=3.4.0
+PKG_VERSION:=3.8.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL=https://github.com/zhaojh329/libuhttpd/releases/download/v$(PKG_VERSION)
-PKG_HASH:=c77a404e2a666dda6c731cee977cfa8c2aa433e167222cbd28dd0c91a5c80570
+PKG_HASH:=cdf97020be8ef73e74f12e0703e0f871ebd26c641ce2cb31f67c90a79483c372
PKG_MAINTAINER:=Jianhui Zhao <zhaojh329@gmail.com>
PKG_LICENSE:=MIT
Package/libuhttpd-openssl=$(call Package/libuhttpd/Default,openssl,+PACKAGE_libuhttpd-openssl:libopenssl)
Package/libuhttpd-wolfssl=$(call Package/libuhttpd/Default,wolfssl,+PACKAGE_libuhttpd-wolfssl:libwolfssl)
-Package/libuhttpd-mbedtls=$(call Package/libuhttpd/Default,mbedtls,+PACKAGE_libuhttpd-mbedtls:libmbedtls)
+Package/libuhttpd-mbedtls=$(call Package/libuhttpd/Default,mbedtls,+PACKAGE_libuhttpd-mbedtls:libmbedtls +PACKAGE_libuhttpd-mbedtls:zlib)
Package/libuhttpd-nossl=$(call Package/libuhttpd/Default,nossl)
ifeq ($(BUILD_VARIANT),openssl)
PKG_NAME:=libupnp
PKG_VERSION:=1.14.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=@SF/pupnp
PKG_LICENSE_FILES:=COPYING
PKG_CPE_ID:=cpe:/a:libupnp_project:libupnp
+PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
PKG_NAME:=libuwifi
PKG_VERSION:=2020-03-10
-PKG_RELEASE:=4
+PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/br101/libuwifi.git
include $(TOPDIR)/rules.mk
PKG_NAME:=libvpx
-PKG_VERSION:=1.8.2
+PKG_VERSION:=1.9.0
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://chromium.googlesource.com/webm/libvpx
-PKG_MIRROR_HASH:=51e871a928fe98f14fd08285cb9b64c0d540b36b630ee7d47bc464e909366db7
+PKG_MIRROR_HASH:=0984f8c899b345f6be6f52f5e4888a6d654a45641b7b36de49e1aab22e1ecb58
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
PKG_MAINTAINER:=Luiz Angelo Daros de Luca <luizluca@gmail.com>
include $(TOPDIR)/rules.mk
PKG_NAME:=x264
-PKG_VERSION:=snapshot-20190324-2245
-PKG_RELEASE:=2
+PKG_VERSION:=2020-10-26
+PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_SOURCE_URL:=https://download.videolan.org/x264/snapshots/
-PKG_MAINTAINER:=Adrian Panella <ianchi74@outlook.com>
-PKG_HASH:=68010057edaadffc7593933d13084e8d32e041c42b17c089513d88c917f2ad54
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://code.videolan.org/videolan/x264.git
+PKG_SOURCE_VERSION:=4121277b40a667665d4eea1726aefdc55d12d110
+PKG_MIRROR_HASH:=4b4955e8f92d0c4afecbced2cc6414a123085f7472d198b3eeddaa9490b84f60
-PKG_LICENSE:=GPL-2.0
+PKG_MAINTAINER:=Adrian Panella <ianchi74@outlook.com>
+PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=COPYING
PKG_INSTALL:=1
PKG_NAME:=libxslt
PKG_VERSION:=1.1.34
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:= \
PKG_LICENSE_FILES:=COPYING
PKG_CPE_ID:=cpe:/a:xmlsoft:libxslt
+PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
HOST_BUILD_DEPENDS:=libxml2/host
include $(TOPDIR)/rules.mk
PKG_NAME:=libyang
-PKG_VERSION:=1.0.184
+PKG_VERSION:=1.0.215
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/CESNET/libyang/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=1a5637451b73c4c5683837eb4c51371bb084795f653bc1a5fc20fed5541b58bc
+PKG_HASH:=c4498a77a7c12a28c9911f993eeafbf2badd2ecea58bb74781bd61cfc635e4c9
PKG_MAINTAINER:=Jakov Smolic <jakov.smolic@sartura.hr>
PKG_LICENSE:=BSD-3-Clause
include $(TOPDIR)/rules.mk
PKG_NAME:=nss
-PKG_VERSION:=3.58
+PKG_VERSION:=3.61
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:= \
https://download.cdn.mozilla.net/pub/security/$(PKG_NAME)/releases/NSS_$(subst .,_,$(PKG_VERSION))_RTM/src \
https://archive.mozilla.org/pub/security/$(PKG_NAME)/releases/NSS_$(subst .,_,$(PKG_VERSION))_RTM/src
-PKG_HASH:=9f73cf789b5f109b978e5239551b609b0cafa88d18f0bc8ce3f976cb629353c0
+PKG_HASH:=312e2d804b34ccf0fec70b57cf8cd6ac853f8ced60df53e30ebb0a7bcd0e1370
PKG_MAINTAINER:=Lucian Cristian <lucian.cristian@gmail.com>
PKG_LICENCE:=MPL-2.0
#native compile nsinstall
define Build/Prepare
$(call Build/Prepare/Default)
+ifeq ($(QUILT),)
USE_NATIVE=1 OS_REL_CFLAGS="$(HOST_CFLAGS)" LDFLAGS="$(HOST_LDFLAGS)" \
CC="$(HOSTCC)" CPU_ARCH="$(HOST_ARCH)" \
$(MAKE) -C $(PKG_BUILD_DIR)/nss/coreconf/nsinstall
+endif
endef
define Build/Compile
define Build/InstallDev
$(INSTALL_DIR) \
+ $(2)/bin \
+ $(1)/usr/bin \
$(1)/usr/include/nss \
$(1)/usr/lib \
$(1)/usr/lib/pkgconfig
$(1)/usr/lib/
$(CP) $(PKG_BUILD_DIR)/nss/config/*.pc \
$(1)/usr/lib/pkgconfig/
+ $(CP) $(PKG_BUILD_DIR)/nss/config/nss-config \
+ $(1)/usr/bin/
+ $(SED) 's,^\(prefix\)=.*,\1=$(STAGING_DIR)/usr,g' \
+ $(1)/usr/bin/nss-config
+ $(LN) ../../usr/bin/nss-config \
+ $(2)/bin/
endef
define Package/nss-utils/install
For 3.48, Requires: updated to nspr >= 4.24.
For 3.51.1, Requires: updated to nspr >= 4.25.
-diff -Naurp nss-3.28-orig/nss/Makefile nss-3.28/nss/Makefile
---- nss-3.28-orig/nss/Makefile 2016-12-21 05:56:27.000000000 -0600
-+++ nss-3.28/nss/Makefile 2016-12-26 22:24:52.695146032 -0600
+--- a/nss/Makefile
++++ b/nss/Makefile
@@ -48,7 +48,6 @@ include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
$(MAKE) all
$(MAKE) latest
-diff -Naurp nss-3.28-orig/nss/config/Makefile nss-3.28/nss/config/Makefile
---- nss-3.28-orig/nss/config/Makefile 1969-12-31 18:00:00.000000000 -0600
-+++ nss-3.28/nss/config/Makefile 2016-12-26 22:20:40.008205774 -0600
+--- /dev/null
++++ b/nss/config/Makefile
@@ -0,0 +1,40 @@
+CORE_DEPTH = ..
+DEPTH = ..
+
+dummy: all export libs
+
-diff -Naurp nss-3.28-orig/nss/config/nss-config.in nss-3.28/nss/config/nss-config.in
---- nss-3.28-orig/nss/config/nss-config.in 1969-12-31 18:00:00.000000000 -0600
-+++ nss-3.28/nss/config/nss-config.in 2016-12-26 22:20:40.008205774 -0600
+--- /dev/null
++++ b/nss/config/nss-config.in
@@ -0,0 +1,153 @@
+#!/bin/sh
+
+ echo $libdirs
+fi
+
-diff -Naurp nss-3.28-orig/nss/config/nss.pc.in nss-3.28/nss/config/nss.pc.in
---- nss-3.28-orig/nss/config/nss.pc.in 1969-12-31 18:00:00.000000000 -0600
-+++ nss-3.28/nss/config/nss.pc.in 2016-12-26 22:22:53.300694346 -0600
+--- /dev/null
++++ b/nss/config/nss.pc.in
@@ -0,0 +1,12 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+Libs: -L@libdir@ -lnss@NSS_MAJOR_VERSION@ -lnssutil@NSS_MAJOR_VERSION@ -lsmime@NSS_MAJOR_VERSION@ -lssl@NSS_MAJOR_VERSION@ -lsoftokn@NSS_MAJOR_VERSION@
+Cflags: -I${includedir}
+
-diff -Naurp nss-3.28-orig/nss/manifest.mn nss-3.28/nss/manifest.mn
---- nss-3.28-orig/nss/manifest.mn 2016-12-21 05:56:27.000000000 -0600
-+++ nss-3.28/nss/manifest.mn 2016-12-26 22:24:12.278991843 -0600
+--- a/nss/manifest.mn
++++ b/nss/manifest.mn
@@ -10,7 +10,7 @@ IMPORTS = nspr20/v4.8 \
RELEASE = nss
-DIRS = coreconf lib cmd cpputil gtests
+DIRS = coreconf lib cmd cpputil config
- lib: coreconf
- cmd: lib
+ HAVE_ALL_TARGET := 1
---- a/nss/coreconf/arch.mk 2019-04-01 22:20:32.470080052 +0300
-+++ b/nss/coreconf/arch.mk 2019-04-01 22:21:01.730987548 +0300
+--- a/nss/coreconf/arch.mk
++++ b/nss/coreconf/arch.mk
@@ -20,13 +20,13 @@
# Macros for getting the OS architecture
#
---- a/nss/lib/dbm/src/dirent.h 2017-10-19 17:15:14.797053528 +0300
-+++ b/nss/lib/dbm/src/dirent.h 2017-10-19 17:15:26.156310432 +0300
+--- a/nss/lib/dbm/src/dirent.h
++++ b/nss/lib/dbm/src/dirent.h
@@ -30,7 +30,7 @@
#define MAXNAMLEN FILENAME_MAX
#endif
#endif
---- a/nss/coreconf/rules.mk 2019-03-31 22:39:06.741609534 +0300
-+++ b/nss/coreconf/rules.mk 2019-03-31 22:36:13.260356949 +0300
-@@ -261,7 +261,7 @@
+--- a/nss/coreconf/rules.mk
++++ b/nss/coreconf/rules.mk
+@@ -176,7 +176,7 @@ $(LIBRARY): $(OBJS) | $$(@D)/d
ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET)))
$(AR) $(subst /,\\,$(OBJS))
else
endif
$(RANLIB) $@
---- a/nss/coreconf/arch.mk 2019-03-31 23:38:34.374931416 +0300
-+++ b/nss/coreconf/arch.mk 2019-03-31 23:38:44.667236102 +0300
-@@ -334,7 +334,7 @@
+--- a/nss/coreconf/arch.mk
++++ b/nss/coreconf/arch.mk
+@@ -306,7 +306,7 @@ else
OBJDIR_NAME_COMPILER = $(COMPILER_TAG)
endif
OBJDIR_NAME_BASE = $(OS_TARGET)$(OS_RELEASE)$(CPU_TAG)$(OBJDIR_NAME_COMPILER)$(LIBC_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG)
ifeq (,$(filter-out WIN%,$(OS_TARGET)))
---- a/nss/coreconf/Linux.mk 2019-04-01 10:08:59.129269177 +0300
-+++ b/nss/coreconf/Linux.mk 2019-04-01 10:09:15.557782574 +0300
-@@ -144,7 +144,8 @@
+--- a/nss/coreconf/Linux.mk
++++ b/nss/coreconf/Linux.mk
+@@ -108,11 +108,6 @@ LIBC_TAG = _glibc
+ endif
+
+ ifdef BUILD_OPT
+-ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE))
+- OPTIMIZER = -Os
+-else
+- OPTIMIZER = -O2
+-endif
+ ifdef MOZ_DEBUG_SYMBOLS
+ ifdef MOZ_DEBUG_FLAGS
+ OPTIMIZER += $(MOZ_DEBUG_FLAGS)
+@@ -144,7 +139,8 @@ ifdef USE_PTHREADS
DEFINES += -D_REENTRANT
endif
-+ifndef USE_NATIVE
-DSO_CFLAGS = -fPIC
++ifndef USE_NATIVE
+DSO_CFLAGS = $(fpic)
DSO_LDOPTS = -shared $(ARCHFLAG) -Wl,--gc-sections
# The linker on Red Hat Linux 7.2 and RHEL 2.1 (GNU ld version 2.11.90.0.8)
# incorrectly reports undefined references in the libraries we link with, so
-@@ -154,6 +155,7 @@
+@@ -154,6 +150,7 @@ DSO_LDOPTS = -shared $(ARCHFLAG) -Wl,--
ZDEFS_FLAG = -Wl,-z,defs
DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG))
LDFLAGS += $(ARCHFLAG) -z noexecstack
# On Maemo, we need to use the -rpath-link flag for even the standard system
# library directories.
---- a/nss/coreconf/Linux.mk 2019-04-06 20:25:36.431663894 +0300
-+++ b/nss/coreconf/Linux.mk 2019-04-06 20:26:23.397129525 +0300
-@@ -108,11 +108,6 @@
+@@ -195,7 +192,7 @@ RPATH = -Wl,-rpath,'$$ORIGIN:/opt/sun/pr
endif
-
- ifdef BUILD_OPT
--ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE))
-- OPTIMIZER = -Os
--else
-- OPTIMIZER = -O2
--endif
- ifdef MOZ_DEBUG_SYMBOLS
- ifdef MOZ_DEBUG_FLAGS
- OPTIMIZER += $(MOZ_DEBUG_FLAGS)
-@@ -192,7 +192,7 @@
endif
- endif
-
+
-MKSHLIB = $(CC) $(DSO_LDOPTS) -Wl,-soname -Wl,$(@:$(OBJDIR)/%.so=%.so) $(RPATH)
+MKSHLIB = $(CC) $(DSO_LDOPTS) -Wl,-soname -Wl,$(@:$(OBJDIR)/%.so=%.so) $(RPATH) $(fpic) -Wl,--gc-sections,--as-needed
-
+
ifdef MAPFILE
MKSHLIB += -Wl,--version-script,$(MAPFILE)
---- a/nss/coreconf/UNIX.mk 2019-04-06 20:34:24.284157646 +0300
-+++ b/nss/coreconf/UNIX.mk 2019-04-06 20:34:34.760485327 +0300
-@@ -10,7 +10,6 @@
+--- a/nss/coreconf/UNIX.mk
++++ b/nss/coreconf/UNIX.mk
+@@ -10,7 +10,6 @@ AR = ar cr $@
LDOPTS += -L$(SOURCE_LIB_DIR)
ifdef BUILD_OPT
--- a/nss/lib/sqlite/sqlite3.c
+++ b/nss/lib/sqlite/sqlite3.c
-@@ -39626,7 +39626,8 @@ static int proxyConchLock(unixFile *pFile, uuid_t myHostID, int lockType){
+@@ -39626,7 +39626,8 @@ static int proxyConchLock(unixFile *pFil
if( nTries==1 ){
conchModTime = buf.st_mtimespec;
continue;
}
-@@ -39652,7 +39653,7 @@ static int proxyConchLock(unixFile *pFile, uuid_t myHostID, int lockType){
+@@ -39652,7 +39653,7 @@ static int proxyConchLock(unixFile *pFil
/* don't break the lock on short read or a version mismatch */
return SQLITE_BUSY;
}
--- /dev/null
+--- a/nss/coreconf/nsinstall/nsinstall.c
++++ b/nss/coreconf/nsinstall/nsinstall.c
+@@ -36,8 +36,8 @@ typedef unsigned int mode_t;
+ #undef HAVE_FCHMOD
+ #endif
+
+-#ifdef LINUX
+ #include <getopt.h>
++#ifdef LINUX
+ #endif
+
+ #if defined(SCO) || defined(UNIXWARE) || defined(SNI) || defined(NCR) || defined(NEC)
include $(TOPDIR)/rules.mk
PKG_NAME:=openldap
-PKG_VERSION:=2.4.56
+PKG_VERSION:=2.4.57
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tgz
http://mirror.eu.oneandone.net/software/openldap/openldap-release/ \
http://mirror.switch.ch/ftp/software/mirror/OpenLDAP/openldap-release/ \
https://www.openldap.org/software/download/OpenLDAP/openldap-release/
-PKG_HASH:=25520e0363c93f3bcb89802a4aa3db33046206039436e0c7c9262db5a61115e0
+PKG_HASH:=c7ba47e1e6ecb5b436f3d43281df57abeffa99262141aec822628bc220f6b45a
PKG_LICENSE:=OLDAP-2.8
PKG_LICENSE_FILES:=LICENSE
PKG_CPE_ID:=cpe:/a:openldap:openldap
--- a/libraries/libldap/tls2.c
+++ b/libraries/libldap/tls2.c
-@@ -41,6 +41,7 @@ static tls_impl *tls_imp = &ldap_int_tls_impl;
+@@ -41,6 +41,7 @@ static tls_impl *tls_imp = &ldap_int_tls
#define HAS_TLS( sb ) ber_sockbuf_ctrl( sb, LBER_SB_OPT_HAS_IO, \
(void *)tls_imp->ti_sbio )
include $(TOPDIR)/rules.mk
PKG_NAME:=p11-kit
-PKG_VERSION:=0.23.21
+PKG_VERSION:=0.23.22
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/p11-glue/p11-kit/releases/download/$(PKG_VERSION)
-PKG_HASH:=f1baa493f05ca0d867f06bcb54cbb5cdb28c756db07207b6e18de18a87b10627
+PKG_HASH:=8a8f40153dd5a3f8e7c03e641f8db400133fb2a6a9ab2aee1b6d0cb0495ec6b6
PKG_MAINTAINER:=Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
PKG_LICENSE:=BSD-3-Clause
--- /dev/null
+From 507c394cfcf4edffc5e4450c5d737e545c26b857 Mon Sep 17 00:00:00 2001
+From: Daniel Engberg <daniel.engberg.lists@pyret.net>
+Date: Sat, 12 Dec 2020 18:56:38 +0100
+Subject: [PATCH] p11-kit/lists.c: Add stdint.h to fix compilation
+
+Add stdint.h otherwise compilation fails on FreeBSD 13-CURRENT with "use of undeclared identifier 'SIZE_MAX'"
+
+Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
+---
+ p11-kit/lists.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/p11-kit/lists.c b/p11-kit/lists.c
+index 365a6d89..1d9062be 100644
+--- a/p11-kit/lists.c
++++ b/p11-kit/lists.c
+@@ -39,6 +39,7 @@
+
+ #include <assert.h>
+ #include <ctype.h>
++#include <stdint.h>
+ #include <string.h>
+ #include <stdio.h>
+ #include <stdlib.h>
include $(TOPDIR)/rules.mk
PKG_NAME:=pcre2
-PKG_VERSION:=10.35
-PKG_RELEASE:=3
+PKG_VERSION:=10.36
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=@SF/pcre/$(PKG_NAME)/$(PKG_VERSION)
-PKG_HASH:=9ccba8e02b0ce78046cdfb52e5c177f0f445e421059e43becca4359c669d4613
+PKG_HASH:=a9ef39278113542968c7c73a31cfcb81aca1faa64690f400b907e8ab6b4a665c
PKG_MAINTAINER:=Shane Peelar <lookatyouhacker@gmail.com>
PKG_LICENSE:=BSD-3-Clause
PKG_NAME:=protobuf
PKG_VERSION:=3.14.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-cpp-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/google/protobuf/releases/download/v$(PKG_VERSION)
-Index: protobuf-3.13.0/cmake/install.cmake
-===================================================================
---- protobuf-3.13.0.orig/cmake/install.cmake
-+++ protobuf-3.13.0/cmake/install.cmake
+--- a/cmake/install.cmake
++++ b/cmake/install.cmake
@@ -16,8 +16,8 @@ foreach(_library ${_protobuf_libraries})
$<BUILD_INTERFACE:${protobuf_source_dir}/src>
$<INSTALL_INTERFACE:${CMAKE_INSTALL_INCLUDEDIR}>)
--- /dev/null
+From db2c4f357432ee18975a69af71f50ed415584829 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Thu, 17 Dec 2020 20:54:48 -0800
+Subject: [PATCH] remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS
+
+This is a linker flag and does not belong in CFLAGS.
+
+Fixes an issue with ola and protobuf.
+
+Signed-off-by: Rosen Penev <rosenp@gmail.com>
+---
+ cmake/protobuf-lite.pc.cmake | 2 +-
+ cmake/protobuf.pc.cmake | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/cmake/protobuf-lite.pc.cmake
++++ b/cmake/protobuf-lite.pc.cmake
+@@ -7,5 +7,5 @@ Name: Protocol Buffers
+ Description: Google's Data Interchange Format
+ Version: @protobuf_VERSION@
+ Libs: -L${libdir} -lprotobuf-lite @CMAKE_THREAD_LIBS_INIT@
+-Cflags: -I${includedir} @CMAKE_THREAD_LIBS_INIT@
++Cflags: -I${includedir}
+ Conflicts: protobuf
+--- a/cmake/protobuf.pc.cmake
++++ b/cmake/protobuf.pc.cmake
+@@ -7,5 +7,5 @@ Name: Protocol Buffers
+ Description: Google's Data Interchange Format
+ Version: @protobuf_VERSION@
+ Libs: -L${libdir} -lprotobuf @CMAKE_THREAD_LIBS_INIT@
+-Cflags: -I${includedir} @CMAKE_THREAD_LIBS_INIT@
++Cflags: -I${includedir}
+ Conflicts: protobuf-lite
PKG_NAME:=pthsem
PKG_VERSION:=2.0.8
-PKG_RELEASE:=6
+PKG_RELEASE:=7
PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.auto.tuwien.ac.at/~mkoegler/pth/
# The musl libc provides a proper implementation of sigaltstack() so
# prevent configure from wrongly assuming a broken Linux platform
-ifneq ($(CONFIG_USE_GLIBC),y)
- CONFIGURE_VARS += \
+CONFIGURE_VARS += \
ac_cv_check_sjlj=ssjlj
-endif
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/bin
include $(TOPDIR)/rules.mk
PKG_NAME:=pugixml
-PKG_VERSION:=1.10
-PKG_RELEASE:=2
+PKG_VERSION:=1.11.1
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/zeux/pugixml/releases/download/v$(PKG_VERSION)
-PKG_HASH:=55f399fbb470942410d348584dc953bcaec926415d3462f471ef350f29b5870a
+PKG_HASH:=9dce9f0a3756c5ab84ab7466c99972d030021d81d674f5d38b9e30e9a3ec4922
PKG_MAINTAINER:=
PKG_LICENSE:=MIT
include $(TOPDIR)/rules.mk
PKG_NAME:=redis
-PKG_VERSION:=6.0.9
+PKG_VERSION:=6.0.10
PKG_RELEASE:=1
PKG_SOURCE_URL:=http://download.redis.io/releases/
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=dc2bdcf81c620e9f09cfd12e85d3bc631c897b2db7a55218fd8a65eaa37f86dd
+PKG_HASH:=79bbb894f9dceb33ca699ee3ca4a4e1228be7fb5547aeb2f99d921e86c1285bd
PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec@nic.cz>
PKG_LICENSE:=BSD-3-Clause
+++ /dev/null
---- a/src/config.h
-+++ b/src/config.h
-@@ -30,6 +30,10 @@
- #ifndef __CONFIG_H
- #define __CONFIG_H
-
-+#if defined(__unix) || defined(__linux__)
-+#include <features.h>
-+#endif
-+
- #ifdef __APPLE__
- #include <AvailabilityMacros.h>
- #endif
-@@ -63,9 +67,9 @@
- #endif
-
- /* Test for backtrace() */
--#if defined(__APPLE__) || (defined(__linux__) && defined(__GLIBC__)) || \
-+#if (defined(__APPLE__) || (defined(__linux__) && defined(__GLIBC__)) || \
- defined(__FreeBSD__) || ((defined(__OpenBSD__) || defined(__NetBSD__)) && defined(USE_BACKTRACE))\
-- || defined(__DragonFly__)
-+ || defined(__DragonFly__)) && !defined(__UCLIBC__)
- #define HAVE_BACKTRACE 1
- #endif
-
include $(TOPDIR)/rules.mk
PKG_NAME:=sbc
-PKG_VERSION:=1.4
-PKG_RELEASE:=2
+PKG_VERSION:=1.5
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@KERNEL/linux/bluetooth/
-PKG_HASH:=518bf46e6bb3dc808a95e1eabad26fdebe8a099c1e781c27ed7fca6c2f4a54c9
+PKG_HASH:=0cbad69823a99e8421fe0700e8cf9eeb8fa0c1ad28e8dbc2182b3353507931d2
PKG_LICENSE:=LGPL-2.1-or-later
PKG_LICENSE_FILES:=COPYING.LIB
PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
--- /dev/null
+--- a/sbc/sbc_primitives.c
++++ b/sbc/sbc_primitives.c
+@@ -593,7 +593,9 @@ static int sbc_calc_scalefactors_j(
+
+ static void sbc_init_primitives_x86(struct sbc_encoder_state *state)
+ {
++#ifdef __x86__
+ __builtin_cpu_init();
++#endif
+
+ #ifdef SBC_BUILD_WITH_MMX_SUPPORT
+ if (__builtin_cpu_supports("mmx"))
include $(TOPDIR)/rules.mk
PKG_NAME:=spdlog
-PKG_VERSION:=1.8.1
+PKG_VERSION:=1.8.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/gabime/spdlog/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=5197b3147cfcfaa67dd564db7b878e4a4b3d9f3443801722b3915cdeced656cb
+PKG_HASH:=e20e6bd8f57e866eaf25a5417f0a38a116e537f1a77ac7b5409ca2b180cec0d5
PKG_MAINTAINER:=
PKG_LICENSE:=MIT
PKG_NAME:=tcp_wrappers
PKG_VERSION:=7.6
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=ftp://ftp.porcupine.org/pub/security
TARGET_CFLAGS += $(FPIC) -Wall
-ifeq ($(CONFIG_USE_MUSL),)
-TARGET_EXTRA_LIBS:=LIBS=-lnsl
-endif
-
-define Build/Compile
+define Build/Compile
$(MAKE) -C $(PKG_BUILD_DIR) \
$(TARGET_CONFIGURE_OPTS) \
OPT_CFLAGS="$(TARGET_CFLAGS)" \
tidy all
endef
-define Build/InstallDev
+define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_BUILD_DIR)/tcpd.h $(1)/usr/include/
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_BUILD_DIR)/shared/libwrap.so* $(1)/usr/lib/
endef
-define Package/libwrap/install
+define Package/libwrap/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_BUILD_DIR)/shared/libwrap.so.* $(1)/usr/lib/
endef
-
+
$(eval $(call BuildPackage,libwrap))
extern char *hosts_allow_table; /* for verification mode redirection */
extern char *hosts_deny_table; /* for verification mode redirection */
extern int hosts_access_verbose; /* for verbose matching mode */
-@@ -92,9 +118,14 @@ extern int resident; /* > 0 if resident process */
+@@ -92,9 +118,14 @@ extern int resident; /* > 0 if residen
*/
#ifdef __STDC__
extern struct request_info *request_init(); /* initialize request */
extern struct request_info *request_set(); /* update request structure */
#endif
-@@ -117,27 +148,31 @@ extern struct request_info *request_set(); /* update request structure */
+@@ -117,27 +148,31 @@ extern struct request_info *request_set(
* host_info structures serve as caches for the lookup results.
*/
or address pattern listed in the named file. The file format is
--- a/tcpd.h
+++ b/tcpd.h
-@@ -93,6 +93,7 @@ extern void refuse __P((struct request_i
+@@ -95,6 +95,7 @@ extern void refuse __P((struct request_i
extern char *xgets __P((char *, int, FILE *)); /* fgets() on steroids */
extern char *split_at __P((char *, int)); /* strchr() and split */
extern unsigned long dot_quad_addr __P((char *)); /* restricted inet_addr() */
-Index: tcp_wrappers_7.6/Makefile
-===================================================================
---- tcp_wrappers_7.6.orig/Makefile
-+++ tcp_wrappers_7.6/Makefile
+--- a/Makefile
++++ b/Makefile
@@ -1,4 +1,4 @@
-GLIBC=$(shell grep -s -c __GLIBC__ /usr/include/features.h)
+GLIBC=$(shell grep -s -c __GLIBC__ ${STAGING_DIR}/usr/include/features.h)
-diff -u tcp_wrappers_7.6.orig/clean_exit.c tcp_wrappers_7.6/clean_exit.c
---- tcp_wrappers_7.6.orig/clean_exit.c 1994-12-29 03:42:20.000000000 +1100
-+++ tcp_wrappers_7.6/clean_exit.c 2017-11-14 22:50:48.000000000 +1100
+--- a/clean_exit.c
++++ b/clean_exit.c
@@ -9,10 +9,11 @@
*/
extern void exit();
-diff -u tcp_wrappers_7.6.orig/diag.c tcp_wrappers_7.6/diag.c
---- tcp_wrappers_7.6.orig/diag.c 1994-12-29 03:42:20.000000000 +1100
-+++ tcp_wrappers_7.6/diag.c 2017-11-14 22:51:09.000000000 +1100
+--- a/diag.c
++++ b/diag.c
@@ -10,7 +10,7 @@
*/
#endif
/* System libraries */
-diff -u tcp_wrappers_7.6.orig/eval.c tcp_wrappers_7.6/eval.c
---- tcp_wrappers_7.6.orig/eval.c 1995-01-31 05:51:46.000000000 +1100
-+++ tcp_wrappers_7.6/eval.c 2017-11-14 22:51:50.000000000 +1100
+--- a/eval.c
++++ b/eval.c
@@ -19,7 +19,7 @@
*/
#endif
/* System libraries. */
-diff -u tcp_wrappers_7.6.orig/fakelog.c tcp_wrappers_7.6/fakelog.c
---- tcp_wrappers_7.6.orig/fakelog.c 1994-12-29 03:42:22.000000000 +1100
-+++ tcp_wrappers_7.6/fakelog.c 2017-11-14 22:52:07.000000000 +1100
+--- a/fakelog.c
++++ b/fakelog.c
@@ -6,7 +6,7 @@
*/
#endif
#include <stdio.h>
-@@ -17,7 +17,7 @@
+@@ -17,7 +17,7 @@ static char sccsid[] = "@(#) fakelog.c 1
/* ARGSUSED */
char *name;
int logopt;
int facility;
-@@ -27,7 +27,7 @@
+@@ -27,7 +27,7 @@ int facility;
/* vsyslog - format one record */
int severity;
char *fmt;
va_list ap;
-@@ -43,7 +43,7 @@
+@@ -43,7 +43,7 @@ va_list ap;
/* VARARGS */
{
va_list ap;
char *fmt;
-@@ -56,7 +56,7 @@
+@@ -56,7 +56,7 @@ VARARGS(syslog, int, severity)
/* closelog - dummy */
{
/* void */
}
-diff -u tcp_wrappers_7.6.orig/fix_options.c tcp_wrappers_7.6/fix_options.c
---- tcp_wrappers_7.6.orig/fix_options.c 2017-11-13 09:29:08.000000000 +1100
-+++ tcp_wrappers_7.6/fix_options.c 2017-11-14 22:52:22.000000000 +1100
+--- a/fix_options.c
++++ b/fix_options.c
@@ -6,7 +6,7 @@
*/
#endif
#include <sys/types.h>
-@@ -29,14 +29,14 @@
+@@ -29,14 +29,14 @@ static char sccsid[] = "@(#) fix_options
/* fix_options - get rid of IP-level socket options */
#else /* __GLIBC__ */
size_t optsize = sizeof(optbuf);
int ipproto;
-diff -u tcp_wrappers_7.6.orig/fromhost.c tcp_wrappers_7.6/fromhost.c
---- tcp_wrappers_7.6.orig/fromhost.c 1994-12-29 03:42:24.000000000 +1100
-+++ tcp_wrappers_7.6/fromhost.c 2017-11-14 22:52:33.000000000 +1100
+--- a/fromhost.c
++++ b/fromhost.c
@@ -11,7 +11,7 @@
*/
#endif
#if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
-diff -u tcp_wrappers_7.6.orig/hosts_access.c tcp_wrappers_7.6/hosts_access.c
---- tcp_wrappers_7.6.orig/hosts_access.c 2017-11-13 09:29:25.000000000 +1100
-+++ tcp_wrappers_7.6/hosts_access.c 2017-11-14 22:52:48.000000000 +1100
+--- a/hosts_access.c
++++ b/hosts_access.c
@@ -18,7 +18,7 @@
*/
#endif
/* System libraries. */
-diff -u tcp_wrappers_7.6.orig/hosts_ctl.c tcp_wrappers_7.6/hosts_ctl.c
---- tcp_wrappers_7.6.orig/hosts_ctl.c 1994-12-29 03:42:28.000000000 +1100
-+++ tcp_wrappers_7.6/hosts_ctl.c 2017-11-14 22:53:01.000000000 +1100
+--- a/hosts_ctl.c
++++ b/hosts_ctl.c
@@ -12,7 +12,7 @@
*/
#endif
#include <stdio.h>
-diff -u tcp_wrappers_7.6.orig/inetcf.c tcp_wrappers_7.6/inetcf.c
---- tcp_wrappers_7.6.orig/inetcf.c 1997-02-12 12:13:24.000000000 +1100
-+++ tcp_wrappers_7.6/inetcf.c 2017-11-14 22:53:11.000000000 +1100
+--- a/inetcf.c
++++ b/inetcf.c
@@ -6,7 +6,7 @@
*/
#endif
#include <sys/types.h>
-@@ -14,6 +14,7 @@
+@@ -14,6 +14,7 @@ static char sccsid[] = "@(#) inetcf.c 1.
#include <stdio.h>
#include <errno.h>
#include <string.h>
extern int errno;
extern void exit();
-@@ -21,6 +22,8 @@
+@@ -21,6 +22,8 @@ extern void exit();
#include "tcpd.h"
#include "inetcf.h"
/*
* Network configuration files may live in unusual places. Here are some
* guesses. Shorter names follow longer ones.
-diff -u tcp_wrappers_7.6.orig/misc.c tcp_wrappers_7.6/misc.c
---- tcp_wrappers_7.6.orig/misc.c 2017-11-13 09:29:25.000000000 +1100
-+++ tcp_wrappers_7.6/misc.c 2017-11-14 22:53:23.000000000 +1100
+--- a/misc.c
++++ b/misc.c
@@ -5,7 +5,7 @@
*/
#endif
#include <sys/types.h>
-diff -u tcp_wrappers_7.6.orig/myvsyslog.c tcp_wrappers_7.6/myvsyslog.c
---- tcp_wrappers_7.6.orig/myvsyslog.c 1994-12-29 03:42:34.000000000 +1100
-+++ tcp_wrappers_7.6/myvsyslog.c 2017-11-14 22:53:35.000000000 +1100
+--- a/myvsyslog.c
++++ b/myvsyslog.c
@@ -8,7 +8,7 @@
*/
#endif
#ifdef vsyslog
-diff -u tcp_wrappers_7.6.orig/options.c tcp_wrappers_7.6/options.c
---- tcp_wrappers_7.6.orig/options.c 2017-11-13 09:29:08.000000000 +1100
-+++ tcp_wrappers_7.6/options.c 2017-11-14 22:53:50.000000000 +1100
+--- a/options.c
++++ b/options.c
@@ -29,7 +29,7 @@
*/
#endif
/* System libraries. */
-@@ -47,6 +47,8 @@
+@@ -47,6 +47,8 @@ static char sccsid[] = "@(#) options.c 1
#include <ctype.h>
#include <setjmp.h>
#include <string.h>
#ifndef MAXPATHNAMELEN
#define MAXPATHNAMELEN BUFSIZ
-@@ -108,21 +110,21 @@
+@@ -108,21 +110,21 @@ struct option {
/* List of known keywords. Add yours here. */
static struct option option_table[] = {
};
/* process_options - process access control options */
-@@ -447,88 +449,88 @@
+@@ -447,88 +449,88 @@ struct syslog_names {
static struct syslog_names log_fac[] = {
#ifdef LOG_KERN
};
/* severity_map - lookup facility or severity value */
-@@ -589,7 +591,7 @@
+@@ -589,7 +591,7 @@ char *string;
if (src[0] == 0)
return (0);
if (ch == ':') {
if (*++src == 0)
tcpd_warn("rule ends in \":\"");
-diff -u tcp_wrappers_7.6.orig/patchlevel.h tcp_wrappers_7.6/patchlevel.h
---- tcp_wrappers_7.6.orig/patchlevel.h 1997-03-22 05:27:24.000000000 +1100
-+++ tcp_wrappers_7.6/patchlevel.h 2017-11-14 22:54:15.000000000 +1100
+--- a/patchlevel.h
++++ b/patchlevel.h
@@ -1,3 +1,3 @@
#ifndef lint
-static char patchlevel[] = "@(#) patchlevel 7.6 97/03/21 19:27:23";
+static char patchlevel[] __attribute__((__unused__)) = "@(#) patchlevel 7.6 97/03/21 19:27:23";
#endif
-diff -u tcp_wrappers_7.6.orig/percent_m.c tcp_wrappers_7.6/percent_m.c
---- tcp_wrappers_7.6.orig/percent_m.c 2017-11-13 09:29:08.000000000 +1100
-+++ tcp_wrappers_7.6/percent_m.c 2017-11-14 22:54:31.000000000 +1100
+--- a/percent_m.c
++++ b/percent_m.c
@@ -5,7 +5,7 @@
*/
#endif
#include <stdio.h>
-@@ -27,7 +27,7 @@
+@@ -27,7 +27,7 @@ char *ibuf;
char *bp = obuf;
char *cp = ibuf;
if (*cp == '%' && cp[1] == 'm') {
#ifdef HAVE_STRERROR
strcpy(bp, strerror(errno));
-diff -u tcp_wrappers_7.6.orig/percent_x.c tcp_wrappers_7.6/percent_x.c
---- tcp_wrappers_7.6.orig/percent_x.c 1994-12-29 03:42:38.000000000 +1100
-+++ tcp_wrappers_7.6/percent_x.c 2017-11-14 22:54:40.000000000 +1100
+--- a/percent_x.c
++++ b/percent_x.c
@@ -11,7 +11,7 @@
*/
#endif
/* System libraries. */
-@@ -19,6 +19,7 @@
+@@ -19,6 +19,7 @@ static char sccsid[] = "@(#) percent_x.c
#include <stdio.h>
#include <syslog.h>
#include <string.h>
extern void exit();
-diff -u tcp_wrappers_7.6.orig/refuse.c tcp_wrappers_7.6/refuse.c
---- tcp_wrappers_7.6.orig/refuse.c 1994-12-29 03:42:40.000000000 +1100
-+++ tcp_wrappers_7.6/refuse.c 2017-11-14 22:54:50.000000000 +1100
+--- a/refuse.c
++++ b/refuse.c
@@ -8,7 +8,7 @@
*/
#endif
/* System libraries. */
-diff -u tcp_wrappers_7.6.orig/rfc931.c tcp_wrappers_7.6/rfc931.c
---- tcp_wrappers_7.6.orig/rfc931.c 2017-11-13 09:29:08.000000000 +1100
-+++ tcp_wrappers_7.6/rfc931.c 2017-11-14 22:54:58.000000000 +1100
+--- a/rfc931.c
++++ b/rfc931.c
@@ -10,7 +10,7 @@
*/
#endif
/* System libraries. */
-@@ -23,6 +23,7 @@
+@@ -23,6 +23,7 @@ static char sccsid[] = "@(#) rfc931.c 1.
#include <setjmp.h>
#include <signal.h>
#include <string.h>
/* Local stuff. */
-@@ -152,7 +153,7 @@
+@@ -152,7 +153,7 @@ char *dest;
* protocol, not part of the data.
*/
*cp = 0;
result = user;
}
-diff -u tcp_wrappers_7.6.orig/safe_finger.c tcp_wrappers_7.6/safe_finger.c
---- tcp_wrappers_7.6.orig/safe_finger.c 2017-11-13 09:29:08.000000000 +1100
-+++ tcp_wrappers_7.6/safe_finger.c 2017-11-14 22:55:08.000000000 +1100
+--- a/safe_finger.c
++++ b/safe_finger.c
@@ -15,7 +15,7 @@
*/
#endif
/* System libraries */
-@@ -27,6 +27,10 @@
+@@ -27,6 +27,10 @@ static char sccsid[] = "@(#) safe_finger
#include <ctype.h>
#include <pwd.h>
#include <syslog.h>
extern void exit();
-@@ -45,6 +49,8 @@
+@@ -45,6 +49,8 @@ int finger_pid;
int allow_severity = SEVERITY;
int deny_severity = LOG_WARNING;
void cleanup(sig)
int sig;
{
-@@ -52,7 +58,7 @@
+@@ -52,7 +58,7 @@ int sig;
exit(0);
}
int argc;
char **argv;
{
-diff -u tcp_wrappers_7.6.orig/scaffold.c tcp_wrappers_7.6/scaffold.c
---- tcp_wrappers_7.6.orig/scaffold.c 2017-11-13 09:29:21.000000000 +1100
-+++ tcp_wrappers_7.6/scaffold.c 2017-11-14 22:55:32.000000000 +1100
+--- a/scaffold.c
++++ b/scaffold.c
@@ -5,7 +5,7 @@
*/
#endif
/* System libraries. */
-diff -u tcp_wrappers_7.6.orig/shell_cmd.c tcp_wrappers_7.6/shell_cmd.c
---- tcp_wrappers_7.6.orig/shell_cmd.c 1994-12-29 03:42:44.000000000 +1100
-+++ tcp_wrappers_7.6/shell_cmd.c 2017-11-14 22:55:45.000000000 +1100
+--- a/shell_cmd.c
++++ b/shell_cmd.c
@@ -9,7 +9,7 @@
*/
#endif
/* System libraries. */
-@@ -20,6 +20,9 @@
+@@ -20,6 +20,9 @@ static char sccsid[] = "@(#) shell_cmd.c
#include <stdio.h>
#include <syslog.h>
#include <string.h>
extern void exit();
-diff -u tcp_wrappers_7.6.orig/socket.c tcp_wrappers_7.6/socket.c
---- tcp_wrappers_7.6.orig/socket.c 2017-11-13 09:29:08.000000000 +1100
-+++ tcp_wrappers_7.6/socket.c 2017-11-14 22:55:57.000000000 +1100
+--- a/socket.c
++++ b/socket.c
@@ -16,7 +16,7 @@
*/
#endif
/* System libraries. */
-@@ -77,7 +77,7 @@
+@@ -77,7 +77,7 @@ struct request_info *request;
static struct sockaddr_in client;
static struct sockaddr_in server;
#if !defined (__GLIBC__)
#else /* __GLIBC__ */
size_t len;
#endif /* __GLIBC__ */
-@@ -229,7 +229,7 @@
+@@ -229,7 +229,7 @@ int fd;
char buf[BUFSIZ];
struct sockaddr_in sin;
#if !defined(__GLIBC__)
#else /* __GLIBC__ */
size_t size = sizeof(sin);
#endif /* __GLIBC__ */
-diff -u tcp_wrappers_7.6.orig/tcpd.c tcp_wrappers_7.6/tcpd.c
---- tcp_wrappers_7.6.orig/tcpd.c 1996-02-12 03:01:33.000000000 +1100
-+++ tcp_wrappers_7.6/tcpd.c 2017-11-14 22:56:09.000000000 +1100
+--- a/tcpd.c
++++ b/tcpd.c
@@ -11,7 +11,7 @@
*/
#endif
/* System libraries. */
-@@ -24,6 +24,7 @@
+@@ -24,6 +24,7 @@ static char sccsid[] = "@(#) tcpd.c 1.10
#include <stdio.h>
#include <syslog.h>
#include <string.h>
#ifndef MAXPATHNAMELEN
#define MAXPATHNAMELEN BUFSIZ
-@@ -38,10 +39,12 @@
+@@ -38,10 +39,12 @@ static char sccsid[] = "@(#) tcpd.c 1.10
#include "patchlevel.h"
#include "tcpd.h"
int argc;
char **argv;
{
-diff -u tcp_wrappers_7.6.orig/tcpd.h tcp_wrappers_7.6/tcpd.h
---- tcp_wrappers_7.6.orig/tcpd.h 2017-11-13 09:29:25.000000000 +1100
-+++ tcp_wrappers_7.6/tcpd.h 2017-11-14 22:36:40.000000000 +1100
-@@ -182,10 +182,10 @@
+--- a/tcpd.h
++++ b/tcpd.h
+@@ -184,10 +184,10 @@ extern void tli_host __P((struct request
#ifdef __STDC__
extern void tcpd_warn(char *, ...); /* report problem and proceed */
#endif
struct tcpd_context {
-diff -u tcp_wrappers_7.6.orig/tcpdchk.c tcp_wrappers_7.6/tcpdchk.c
---- tcp_wrappers_7.6.orig/tcpdchk.c 2017-11-13 09:29:08.000000000 +1100
-+++ tcp_wrappers_7.6/tcpdchk.c 2017-11-14 22:56:21.000000000 +1100
+--- a/tcpdchk.c
++++ b/tcpdchk.c
@@ -15,7 +15,7 @@
*/
#endif
/* System libraries. */
-@@ -30,6 +30,7 @@
+@@ -30,6 +30,7 @@ static char sccsid[] = "@(#) tcpdchk.c 1
#include <errno.h>
#include <netdb.h>
#include <string.h>
extern int errno;
extern void exit();
-@@ -199,13 +200,15 @@
+@@ -199,13 +200,15 @@ struct request_info *request;
char sv_list[BUFLEN]; /* becomes list of daemons */
char *cl_list; /* becomes list of requests */
char *sh_cmd; /* becomes optional shell command */
tcpd_context.file = table;
tcpd_context.line = 0;
while (xgets(sv_list, sizeof(sv_list), fp)) {
-@@ -331,7 +334,7 @@
+@@ -331,7 +334,7 @@ char *list;
clients = 0;
} else {
clients++;
check_user(cp);
check_host(host);
} else {
-@@ -446,7 +449,7 @@
+@@ -446,7 +449,7 @@ char *pat;
} else if (errno != ENOENT) {
tcpd_warn("open %s: %m", pat);
}
if (dot_quad_addr(pat) == INADDR_NONE
|| dot_quad_addr(mask) == INADDR_NONE)
tcpd_warn("%s/%s: bad net/mask pattern", pat, mask);
-diff -u tcp_wrappers_7.6.orig/tcpdmatch.c tcp_wrappers_7.6/tcpdmatch.c
---- tcp_wrappers_7.6.orig/tcpdmatch.c 1996-02-12 03:01:36.000000000 +1100
-+++ tcp_wrappers_7.6/tcpdmatch.c 2017-11-14 22:56:40.000000000 +1100
+--- a/tcpdmatch.c
++++ b/tcpdmatch.c
@@ -14,7 +14,7 @@
*/
#endif
/* System libraries. */
-@@ -29,6 +29,8 @@
+@@ -29,6 +29,8 @@ static char sccsid[] = "@(#) tcpdmatch.c
#include <syslog.h>
#include <setjmp.h>
#include <string.h>
extern void exit();
extern int optind;
-diff -u tcp_wrappers_7.6.orig/tli.c tcp_wrappers_7.6/tli.c
---- tcp_wrappers_7.6.orig/tli.c 1997-03-22 05:27:26.000000000 +1100
-+++ tcp_wrappers_7.6/tli.c 2017-11-14 22:56:50.000000000 +1100
+--- a/tli.c
++++ b/tli.c
@@ -15,7 +15,7 @@
*/
#endif
#ifdef TLI
-diff -u tcp_wrappers_7.6.orig/try-from.c tcp_wrappers_7.6/try-from.c
---- tcp_wrappers_7.6.orig/try-from.c 1994-12-29 03:42:55.000000000 +1100
-+++ tcp_wrappers_7.6/try-from.c 2017-11-14 22:56:59.000000000 +1100
+--- a/try-from.c
++++ b/try-from.c
@@ -11,7 +11,7 @@
*/
#endif
/* System libraries. */
-@@ -37,7 +37,7 @@
+@@ -37,7 +37,7 @@ static char sccsid[] = "@(#) try-from.c
int allow_severity = SEVERITY; /* run-time adjustable */
int deny_severity = LOG_WARNING; /* ditto */
int argc;
char **argv;
{
-diff -u tcp_wrappers_7.6.orig/update.c tcp_wrappers_7.6/update.c
---- tcp_wrappers_7.6.orig/update.c 1994-12-29 03:42:56.000000000 +1100
-+++ tcp_wrappers_7.6/update.c 2017-11-14 22:57:09.000000000 +1100
+--- a/update.c
++++ b/update.c
@@ -14,7 +14,7 @@
*/
#endif
/* System libraries */
-@@ -22,6 +22,7 @@
+@@ -22,6 +22,7 @@ static char sccsid[] = "@(#) update.c 1.
#include <stdio.h>
#include <syslog.h>
#include <string.h>
include $(TOPDIR)/rules.mk
PKG_NAME:=tiff
-PKG_VERSION:=4.1.0
-PKG_RELEASE:=3
+PKG_VERSION:=4.2.0
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://download.osgeo.org/libtiff
-PKG_HASH:=5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634
+PKG_HASH:=eb0484e568ead8fa23b513e9b0041df7e327f4ee2d22db5a533929dfc19633cb
PKG_MAINTAINER:=Jiri Slachta <jiri@slachta.eu>
PKG_LICENSE:=BSD-3-Clause
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=uci2
+PKG_VERSION:=1.0
+PKG_RELEASE:=1
+
+PKG_SOURCE_URL:=https://github.com/sartura/uci2.git
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_VERSION:=2d082b587d32ce019fd94317026911e9b51f90dd
+PKG_MIRROR_HASH:=965339e85ff60724fc25ef812c117d203df63055821aa4d0006cc7f59c421b5b
+
+PKG_MAINTAINER:=Jakov Petrina <jakov.petrina@sartura.hr>
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+
+define Package/libuci2/Default
+ TITLE:=AST-based C parser library for UCI
+ URL:=https://github.com/sartura/uci2
+endef
+
+define Package/libuci2
+ $(call Package/libuci2/Default)
+ SECTION:=libs
+ CATEGORY:=Libraries
+endef
+
+define Package/libuci2/description
+UCI2 is a C library that provides an alternative UCI parser with an Abstract
+Syntax Tree (AST) representation of configuration files.
+endef
+
+CMAKE_OPTIONS += \
+ -DENABLE_TESTS=OFF
+
+define Build/InstallDev
+ $(INSTALL_DIR) $(1)/usr/include
+ $(CP) $(PKG_INSTALL_DIR)/usr/include/{libuci2,uci2_ast}.h $(1)/usr/include/
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libuci2.so $(1)/usr/lib/
+endef
+
+define Package/libuci2/install
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libuci2.so $(1)/usr/lib/
+endef
+
+$(eval $(call BuildPackage,libuci2))
include $(TOPDIR)/rules.mk
PKG_NAME:=vips
-PKG_VERSION:=8.10.2
+PKG_VERSION:=8.10.5
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/libvips/libvips/releases/download/v$(PKG_VERSION)
-PKG_HASH:=c1d0d9cb54d75cd4f66dce787fbcac99f834f6621fbf47bce9e02ef65b4ab02a
+PKG_HASH:=a4eef2f5334ab6dbf133cd3c6d6394d5bdb3e76d5ea4d578b02e1bc3d9e1cfd8
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
PKG_LICENSE:=LGPL-2.1-or-later
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include/vips
- $(CP) \
- $(PKG_INSTALL_DIR)/usr/include/* \
- $(1)/usr/include/
+ $(CP) $(PKG_INSTALL_DIR)/usr/include/vips/* $(1)/usr/include/vips
$(INSTALL_DIR) $(1)/usr/lib/
- $(CP) \
- $(PKG_INSTALL_DIR)/usr/lib/*.so* \
- $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libvips.{a,so}* $(1)/usr/lib/
$(INSTALL_DIR) $(1)/usr/lib/pkgconfig/
- $(INSTALL_DATA) \
- $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/* \
- $(1)/usr/lib/pkgconfig/
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/vips.pc $(1)/usr/lib/pkgconfig/vips.pc
endef
define Package/vips/install
$(INSTALL_DIR) $(1)/usr/lib/
- $(CP) \
- $(PKG_INSTALL_DIR)/usr/lib/*.so* \
- $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libvips.so.* $(1)/usr/lib/
endef
$(eval $(call BuildPackage,vips))
-diff -u --recursive vips-8.10.2-vanilla/configure.ac vips-8.10.2/configure.ac
---- vips-8.10.2-vanilla/configure.ac 2020-10-12 11:43:59.000000000 -0500
-+++ vips-8.10.2/configure.ac 2020-11-19 12:17:39.393295442 -0600
-@@ -53,9 +53,6 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -53,9 +53,6 @@ AC_SUBST(LIBRARY_CURRENT)
AC_SUBST(LIBRARY_REVISION)
AC_SUBST(LIBRARY_AGE)
# remove the '(disabled, use --enable-introspection to enable)'
# suffix from the found_introspection variable
if test "x$found_introspection" != x"yes"; then
-diff -u --recursive vips-8.10.2-vanilla/libvips/Makefile.am vips-8.10.2/libvips/Makefile.am
---- vips-8.10.2-vanilla/libvips/Makefile.am 2020-09-14 10:38:03.000000000 -0500
-+++ vips-8.10.2/libvips/Makefile.am 2020-11-19 12:18:08.473384766 -0600
-@@ -67,56 +67,3 @@
+--- a/libvips/Makefile.am
++++ b/libvips/Makefile.am
+@@ -67,56 +67,3 @@ install-exec-hook:
echo "#define VIPS_SONAME \"$$dlname\"" >> soname.h && \
cp soname.h $(DESTDIR)$(pkgincludedir) && \
rm soname.h
-diff -u --recursive vips-8.10.2-vanilla/configure.ac vips-8.10.2/configure.ac
---- vips-8.10.2-vanilla/configure.ac 2020-10-12 11:43:59.000000000 -0500
-+++ vips-8.10.2/configure.ac 2020-11-19 12:16:45.187129100 -0600
-@@ -26,7 +26,11 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -26,7 +26,11 @@ VIPS_MAJOR_VERSION=vips_major_version()
VIPS_MINOR_VERSION=vips_minor_version()
VIPS_MICRO_VERSION=vips_micro_version()
VIPS_VERSION=vips_version()
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=usb-serial-xr_usb_serial_common
-PKG_VERSION:=1a
-PKG_RELEASE=1
+PKG_SOURCE_DATE:=2017-08-01
+PKG_SOURCE_VERSION:=b8dad8cf15de160afbd9989f880dc74b921a857b
+PKG_RELEASE:=1
-PKG_LICENSE:=GPLv2
-PKG_LICENSE_FILES:=
-
-PKG_SOURCE_URL:=https://github.com/kasbert/epsolar-tracer
PKG_SOURCE_PROTO:=git
-PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=8c21f4afdfd6acd77b6adad59a4dabe5cbf2b947
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
+PKG_SOURCE_URL:=https://github.com/kasbert/epsolar-tracer
+PKG_MIRROR_HASH:=2cf23fec2625480bb4a630f96cd172219d401bd3cf90943394504ea0ba814faf
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
+PKG_LICENSE:=GPL-2.0-or-later
+PKG_LICENSE_FILES:=LICENSE
PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
include $(TOPDIR)/rules.mk
PKG_NAME:=zeromq
-PKG_VERSION:=4.3.3
-PKG_RELEASE:=2
+PKG_VERSION:=4.3.4
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/zeromq/libzmq/releases/download/v$(PKG_VERSION)
-PKG_HASH:=9d9285db37ae942ed0780c016da87060497877af45094ff9e1a1ca736e3875a2
+PKG_HASH:=c593001a89f5a85dd2ddf564805deb860e02471171b3f204944857336295c3e5
PKG_MAINTAINER:=Dirk Chang <dirk@kooiot.com>
PKG_LICENSE:=GPL-3.0-or-later
+++ /dev/null
---- a/perf/benchmark_radix_tree.cpp
-+++ b/perf/benchmark_radix_tree.cpp
-@@ -26,8 +26,8 @@
- You should have received a copy of the GNU Lesser General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
--
--#if __cplusplus >= 201103L
-+#include <ios>
-+#if __cplusplus >= 201103L && !defined(__UCLIBCXX_MAJOR__)
-
- #include "radix_tree.hpp"
- #include "trie.hpp"
---- a/src/atomic_counter.hpp
-+++ b/src/atomic_counter.hpp
-@@ -35,7 +35,7 @@
-
- #if defined ZMQ_FORCE_MUTEXES
- #define ZMQ_ATOMIC_COUNTER_MUTEX
--#elif (defined __cplusplus && __cplusplus >= 201103L) \
-+#elif (defined __cplusplus && __cplusplus >= 201103L && !defined(__UCLIBCXX_MAJOR__)) \
- || (defined _MSC_VER && _MSC_VER >= 1900)
- #define ZMQ_ATOMIC_COUNTER_CXX11
- #elif defined ZMQ_HAVE_ATOMIC_INTRINSICS
---- a/src/atomic_ptr.hpp
-+++ b/src/atomic_ptr.hpp
-@@ -34,7 +34,7 @@
-
- #if defined ZMQ_FORCE_MUTEXES
- #define ZMQ_ATOMIC_PTR_MUTEX
--#elif (defined __cplusplus && __cplusplus >= 201103L) \
-+#elif (defined __cplusplus && __cplusplus >= 201103L && !defined(__UCLIBCXX_MAJOR__)) \
- || (defined _MSC_VER && _MSC_VER >= 1900)
- #define ZMQ_ATOMIC_PTR_CXX11
- #elif defined ZMQ_HAVE_ATOMIC_INTRINSICS
---- a/src/blob.hpp
-+++ b/src/blob.hpp
-@@ -38,7 +38,7 @@
- #include <algorithm>
- #include <ios>
-
--#if __cplusplus >= 201103L || defined(_MSC_VER) && _MSC_VER > 1700
-+#if __cplusplus >= 201103L && !defined(__UCLIBCXX_MAJOR__) || defined(_MSC_VER) && _MSC_VER > 1700
- #define ZMQ_HAS_MOVE_SEMANTICS
- #define ZMQ_MAP_INSERT_OR_EMPLACE(k, v) emplace (k, v)
- #define ZMQ_PUSH_OR_EMPLACE_BACK emplace_back
---- a/src/msg.hpp
-+++ b/src/msg.hpp
-@@ -30,8 +30,8 @@
- #ifndef __ZMQ_MSG_HPP_INCLUDE__
- #define __ZMQ_MSG_HPP_INCLUDE__
-
--#include <stddef.h>
--#include <stdio.h>
-+#include <cstddef>
-+#include <cstdio>
-
- #include "config.hpp"
- #include "err.hpp"
---- a/src/options.hpp
-+++ b/src/options.hpp
-@@ -305,7 +305,7 @@ int do_getsockopt (void *const optval_,
- template <typename T>
- int do_getsockopt (void *const optval_, size_t *const optvallen_, T value_)
- {
--#if __cplusplus >= 201103L && (!defined(__GNUC__) || __GNUC__ > 5)
-+#if __cplusplus >= 201103L && !defined(__UCLIBCXX_MAJOR__) && (!defined(__GNUC__) || __GNUC__ > 5)
- static_assert (std::is_trivially_copyable<T>::value,
- "invalid use of do_getsockopt");
- #endif
---- a/src/ctx.cpp
-+++ b/src/ctx.cpp
-@@ -725,7 +725,7 @@ void zmq::ctx_t::unregister_endpoints (c
- end = _endpoints.end ();
- it != end;) {
- if (it->second.socket == socket_)
--#if __cplusplus >= 201103L || (defined _MSC_VER && _MSC_VER >= 1700)
-+#if (__cplusplus >= 201103L || (defined _MSC_VER && _MSC_VER >= 1700)) && !defined(__UCLIBCXX_MAJOR__)
- it = _endpoints.erase (it);
- #else
- _endpoints.erase (it++);
---- a/src/radio.cpp
-+++ b/src/radio.cpp
-@@ -126,7 +126,7 @@ void zmq::radio_t::xpipe_terminated (pip
- end = _subscriptions.end ();
- it != end;) {
- if (it->second == pipe_) {
--#if __cplusplus >= 201103L || (defined _MSC_VER && _MSC_VER >= 1700)
-+#if (__cplusplus >= 201103L || (defined _MSC_VER && _MSC_VER >= 1700)) && !defined(__UCLIBCXX_MAJOR__)
- it = _subscriptions.erase (it);
- #else
- _subscriptions.erase (it++);
include $(TOPDIR)/rules.mk
PKG_NAME:=alpine
-PKG_VERSION:=2.23
-PKG_RELEASE:=2
+PKG_VERSION:=2.24
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://alpine.x10host.com/alpine/release/src
-PKG_HASH:=793a61215c005b5fcffb48f642f125915276b7ec7827508dd9e83d4c4da91f7b
+PKG_HASH:=651a9ffa0a29e2b646a0a6e0d5a2c8c50f27a07a26a61640b7c783d06d0abcef
PKG_MAINTAINER:=Antti Seppälä <a.seppala@gmail.com>
PKG_LICENSE:=Apache-2.0
define Package/alpine-nossl
$(call Package/alpine/Default)
TITLE+= (without OpenSSL support)
+ DEPENDS+= @BROKEN
VARIANT:=nossl
endef
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=exim
+PKG_VERSION:=4.94
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_SOURCE_URL:=https://ftp.exim.org/pub/exim/exim4/
+PKG_HASH:=f77ee8faf04f5db793243c3ae81c1f4e452cd6ad7dd515a80edf755c4b144bdb
+PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
+
+PKG_LICENSE:=GPL-2.0-or-later
+PKG_LICENSE_FILES:=LICENSE NOTICE
+PKG_CPE_ID:=cpe:/a:exim:exim
+
+PKG_CONFIG_DEPENDS:=\
+ CONFIG_BUILD_NLS \
+ CONFIG_PACKAGE_exim \
+ CONFIG_PACKAGE_exim-gnutls \
+ CONFIG_EXIM_GNUTLS_DANE \
+ CONFIG_PACKAGE_exim-openssl \
+ CONFIG_PACKAGE_exim-ldap \
+ CONFIG_PACKAGE_exim-lookup-mysql \
+ CONFIG_PACKAGE_exim-lookup-pgsql \
+ CONFIG_PACKAGE_exim-lookup-redis \
+ CONFIG_PACKAGE_exim-lookup-sqlite
+
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/host-build.mk
+include $(INCLUDE_DIR)/nls.mk
+
+LOOKUPS:= \
+ cdb \
+ dbmdb \
+ dnsdb \
+ json%+PACKAGE_exim-lookup-json:jansson \
+ mysql%+PACKAGE_exim-lookup-mysql:libmariadb \
+ passwd \
+ pgsql%+PACKAGE_exim-lookup-pgsql:libpq \
+ redis%+PACKAGE_exim-lookup-redis:libhiredis \
+ sqlite%+PACKAGE_exim-lookup-sqlite:libsqlite3
+
+define Package/exim/Default
+ SECTION:=mail
+ CATEGORY:=Mail
+ DEPENDS:=+libdb47 +libpcre $(ICONV_DEPENDS) +BUILD_NLS:libidn2 +BUILD_NLS:libidn
+ TITLE:=Exim message transfer agent
+ URL:=http://www.exim.org/
+ USERID:=mail=42:mail=42
+endef
+
+define Package/exim
+ $(call Package/exim/Default)
+ VARIANT:=nossl
+ CONFLICTS:=exim-openssl exim-gnutls exim-ldap
+endef
+
+define Package/exim-gnutls
+ $(call Package/exim/Default)
+ TITLE+=(with GnuTLS)
+ VARIANT:=gnutls
+ DEPENDS+=+PACKAGE_exim-gnutls:libgnutls +EXIM_GNUTLS_DANE:libgnutls-dane
+ PROVIDES:=exim
+ CONFLICTS:=exim-openssl exim-ldap
+endef
+define Package/exim-openssl
+ $(call Package/exim/Default)
+ TITLE+=(with OpenSSL)
+ VARIANT:=openssl
+ DEPENDS+=+PACKAGE_exim-openssl:libopenssl
+ PROVIDES:=exim
+ CONFLICTS:=exim-ldap
+endef
+
+define Package/exim-ldap
+ $(call Package/exim/Default)
+ TITLE+=(with OpenSSL and OpenLDAP)
+ VARIANT:=ldap
+ DEPENDS+=+PACKAGE_exim-ldap:libopenssl +PACKAGE_exim-ldap:libsasl2 +PACKAGE_exim-ldap:libopenldap
+ PROVIDES:=exim
+endef
+
+define Package/exim/Default/description
+Exim is a message transfer agent (MTA) developed at the University of
+Cambridge for use on Unix systems connected to the Internet.
+endef
+
+define Package/exim/description
+$(call Package/exim/Default/description)
+
+This package provides Exim without TLS support.
+endef
+
+define Package/exim-gnutls/description
+$(call Package/exim/Default/description)
+
+This package provides Exim built with GnuTLS.
+endef
+
+define Package/exim-gnutls/config
+ config EXIM_GNUTLS_DANE
+ bool "exim-gnutls DANE support"
+ depends on PACKAGE_exim-gnutls
+ default n
+ help
+ Build exim-gnutls against libgnutls-dane for DANE support.
+ libgnutls-dane depends on libunbound which depends on libopenssl.
+endef
+
+define Package/exim-openssl/description
+$(call Package/exim/Default/description)
+
+This package provides Exim built with OpenSSL.
+endef
+
+define Package/exim-ldap/description
+$(call Package/exim/Default/description)
+
+This package provides Exim built with OpenSSL, OpenLDAP and Cyrus SASL.
+endef
+
+define LookupGen
+define Package/exim-lookup-$(subst _,-,$(firstword $(subst %, ,$(1))))
+ SECTION:=mail
+ CATEGORY:=Mail
+ TITLE:=Exim lookup module $(firstword $(subst %, ,$(1)))
+ URL:=http://www.exim.org/
+ DEPENDS:=exim $(wordlist 2,$(words $(subst %, ,$(1))),$(subst %, ,$(1)))
+endef
+endef
+
+$(foreach file,$(LOOKUPS),$(eval $(call LookupGen,$(file))))
+
+define Package/exim/conffiles
+/etc/exim/exim.conf
+endef
+
+HOST_CFLAGS += -std=c99
+TARGET_CFLAGS += $(FPIC) -DNO_IP_OPTIONS -D_FILE_OFFSET_BITS=64
+
+MAKE_VARS += build=Linux-$$(ARCH)
+MAKE_FLAGS += AR="$$(TARGET_AR) r"
+HOST_MAKE_VARS += build=Linux-$$(ARCH)
+
+define Build/Configure
+ $(CP) $(PKG_BUILD_DIR)/src/EDITME $(PKG_BUILD_DIR)/Local/Makefile
+ echo "PID_FILE_PATH=/var/run/exim.pid" >> $(PKG_BUILD_DIR)/Local/Makefile
+ echo "BIN_DIRECTORY=/usr/sbin" >> $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%CONFIGURE_FILE=/usr/exim/configure%CONFIGURE_FILE=/etc/exim/exim.conf%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%# EXIM_GROUP=%EXIM_GROUP=42%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%# EXIM_USER=exim%EXIM_USER=42%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%# INCLUDE=.*%INCLUDE=-I$(STAGING_DIR)/usr/include -I$(STAGING_DIR)/usr/include%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%# HAVE_IPV6=YES%HAVE_IPV6=YES%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%# WITH_CONTENT_SCAN=yes%WITH_CONTENT_SCAN=yes%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%# SUPPORT_MAILDIR=yes%SUPPORT_MAILDIR=yes%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%# SUPPORT_MAILSTORE=yes%SUPPORT_MAILSTORE=yes%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%# SUPPORT_MBX=yes%SUPPORT_MBX=yes%' $(PKG_BUILD_DIR)/Local/Makefile
+# enable lookup modules
+ $(SED) 's%# LOOKUP_DSEARCH=yes%LOOKUP_DSEARCH=yes%' $(PKG_BUILD_DIR)/Local/Makefile
+ifdef CONFIG_PACKAGE_exim-lookup-dbmdb
+ $(SED) 's%LOOKUP_DBM=yes%LOOKUP_DBM=2%' $(PKG_BUILD_DIR)/Local/Makefile
+else
+ $(SED) 's%LOOKUP_DBM=yes%# LOOKUP_DBM=yes%' $(PKG_BUILD_DIR)/Local/Makefile
+endif
+ifdef CONFIG_PACKAGE_exim-lookup-dnsdb
+ $(SED) 's%LOOKUP_DNSDB=yes%LOOKUP_DNSDB=2%' $(PKG_BUILD_DIR)/Local/Makefile
+else
+ $(SED) 's%LOOKUP_DNSDB=yes%# LOOKUP_DNSDB=yes%' $(PKG_BUILD_DIR)/Local/Makefile
+endif
+ifdef CONFIG_PACKAGE_exim-lookup-passwd
+ $(SED) 's%# LOOKUP_PASSWD=yes%LOOKUP_PASSWD=2%' $(PKG_BUILD_DIR)/Local/Makefile
+endif
+ifdef CONFIG_PACKAGE_exim-lookup-cdb
+ $(SED) 's%# LOOKUP_CDB=yes%LOOKUP_CDB=2%' $(PKG_BUILD_DIR)/Local/Makefile
+endif
+ifdef CONFIG_PACKAGE_exim-lookup-json
+ $(SED) 's%# LOOKUP_JSON=yes%LOOKUP_JSON=2\
+ \nLOOKUP_JSON_INCLUDE=-I$(STAGING_DIR)/usr/include\
+ \nLOOKUP_JSON_LIBS=-Wl,--no-as-needed -ljansson%' $(PKG_BUILD_DIR)/Local/Makefile
+endif
+ifdef CONFIG_PACKAGE_exim-lookup-pgsql
+ $(SED) 's%# LOOKUP_PGSQL=yes%LOOKUP_PGSQL=2\
+ \nLOOKUP_PGSQL_LIBS=-Wl,--no-as-needed -lpq%' $(PKG_BUILD_DIR)/Local/Makefile
+endif
+ifdef CONFIG_PACKAGE_exim-lookup-sqlite
+ $(SED) 's%# LOOKUP_SQLITE=yes%LOOKUP_SQLITE=2\
+ \nLOOKUP_SQLITE_LIBS=-Wl,--no-as-needed -lsqlite3%' $(PKG_BUILD_DIR)/Local/Makefile
+endif
+ifdef CONFIG_PACKAGE_exim-lookup-mysql
+ $(SED) 's%# LOOKUP_MYSQL=yes%LOOKUP_MYSQL=2\
+ \nLOOKUP_MYSQL_INCLUDE=-I$(STAGING_DIR)/usr/include/mysql\
+ \nLOOKUP_MYSQL_LIBS=-Wl,--no-as-needed -lmysqlclient%' $(PKG_BUILD_DIR)/Local/Makefile
+endif
+ifdef CONFIG_PACKAGE_exim-lookup-redis
+ $(SED) 's%# LOOKUP_REDIS=yes%LOOKUP_REDIS=2\
+ \nLOOKUP_REDIS_INCLUDE=-I$(STAGING_DIR)/usr/include/hiredis\
+ \nLOOKUP_REDIS_LIBS=-Wl,--no-as-needed -lhiredis%' $(PKG_BUILD_DIR)/Local/Makefile
+endif
+
+ifeq ($(CONFIG_BUILD_NLS),y)
+ $(SED) 's%# HAVE_ICONV=yes%HAVE_ICONV=yes%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%# CFLAGS=-O -I/usr/local/include%CFLAGS=$(TARGET_CFLAGS) $(ICONV_CPPFLAGS)%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%# EXTRALIBS_EXIM=-L/usr/local/lib -liconv%EXTRALIBS_EXIM=-export-dynamic -rdynamic $(ICONV_LDFLAGS) -liconv -ldl%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%# SUPPORT_I18N_2008=yes%SUPPORT_I18N_2008=yes%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%# LDFLAGS += -lidn -lidn2%LDFLAGS += -lidn -lidn2%' $(PKG_BUILD_DIR)/Local/Makefile
+else
+ $(SED) 's%# HAVE_ICONV=yes%HAVE_ICONV=no%' $(PKG_BUILD_DIR)/Local/Makefile
+endif
+
+ $(SED) 's%# AUTH_CRAM_MD5=yes%AUTH_CRAM_MD5=yes%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%# AUTH_DOVECOT=yes%AUTH_DOVECOT=yes%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%# AUTH_EXTERNAL=yes%AUTH_EXTERNAL=yes%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%# AUTH_PLAINTEXT=yes%AUTH_PLAINTEXT=yes%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%# AUTH_SPA=yes%AUTH_SPA=yes%' $(PKG_BUILD_DIR)/Local/Makefile
+
+ifeq ($(BUILD_VARIANT),gnutls)
+ $(SED) 's%# USE_GNUTLS=yes%USE_GNUTLS=yes%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%# TLS_INCLUDE=-I/usr/local/.*%TLS_INCLUDE=-I$(STAGING_DIR)/usr/include%' $(PKG_BUILD_DIR)/Local/Makefile
+ifeq ($(CONFIG_EXIM_GNUTLS_DANE),y)
+ $(SED) 's%# TLS_LIBS=-lgnutls -lgnutls-dane%TLS_LIBS=-L$(STAGING_DIR)/usr/lib -lgnutls -lgnutls-dane%' $(PKG_BUILD_DIR)/Local/Makefile
+else
+ $(SED) 's%SUPPORT_DANE=yes%# SUPPORT_DANE=yes%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%# TLS_LIBS=-lgnutls -lgnutls-dane%TLS_LIBS=-L$(STAGING_DIR)/usr/lib -lgnutls%' $(PKG_BUILD_DIR)/Local/Makefile
+endif
+ $(SED) 's%# AUTH_TLS=yes%AUTH_TLS=yes%' $(PKG_BUILD_DIR)/Local/Makefile
+endif
+ifneq ($(filter ldap openssl, $(BUILD_VARIANT)),)
+ $(SED) 's%# USE_OPENSSL=yes%USE_OPENSSL=yes%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%# TLS_INCLUDE=-I/usr/local/.*%TLS_INCLUDE=-I$(STAGING_DIR)/usr/include%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%# TLS_LIBS=-lssl -lcrypto%TLS_LIBS=-L$(STAGING_DIR)/usr/lib -lssl -lcrypto%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%# AUTH_TLS=yes%AUTH_TLS=yes%' $(PKG_BUILD_DIR)/Local/Makefile
+endif
+ifeq ($(BUILD_VARIANT),ldap)
+ $(SED) 's%# LOOKUP_LDAP=yes%LOOKUP_LDAP=yes%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%# LDAP_LIB_TYPE=OPENLDAP2%LDAP_LIB_TYPE=OPENLDAP2%' $(PKG_BUILD_DIR)/Local/Makefile
+ echo "LOOKUP_LIBS+=-lldap -llber" >> $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%# AUTH_CYRUS_SASL=yes%AUTH_CYRUS_SASL=yes%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%# AUTH_LIBS=-lsasl2%AUTH_LIBS=-lsasl2%' $(PKG_BUILD_DIR)/Local/Makefile
+endif
+ifeq ($(BUILD_VARIANT),nossl)
+ $(SED) 's%# DISABLE_TLS=yes%DISABLE_TLS=yes%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%SUPPORT_DANE=yes%# SUPPORT_DANE=yes%' $(PKG_BUILD_DIR)/Local/Makefile
+endif
+ $(SED) 's%# CFLAGS_DYNAMIC=-shared -rdynamic -fPIC%CFLAGS_DYNAMIC=-shared -rdynamic $(FPIC)%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%# LOOKUP_MODULE_DIR=/usr/lib/exim/lookups/%LOOKUP_MODULE_DIR=/usr/lib/exim/lookups/%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(SED) 's%#DLOPEN_LOCAL_SCAN=yes%DLOPEN_LOCAL_SCAN=yes%' $(PKG_BUILD_DIR)/Local/Makefile
+ $(call Build/Compile/Default,makefile)
+ $(CP) $(PKG_BUILD_DIR)/OS/os.h-Linux $(PKG_BUILD_DIR)/build-Linux-$(ARCH)/os.h
+ # overwrite types for cross-compile
+ # (is all the below true for glibc as well?)
+ echo '#include <inttypes.h>' >> $(PKG_BUILD_DIR)/build-Linux-$(ARCH)/os.h
+ echo '#define ip_options ip_opts' >> $(PKG_BUILD_DIR)/build-Linux-$(ARCH)/os.h
+ echo '#undef OFF_T_FMT' >> $(PKG_BUILD_DIR)/build-Linux-$(ARCH)/os.h
+ echo '#define OFF_T_FMT "%" PRId64' >> $(PKG_BUILD_DIR)/build-Linux-$(ARCH)/os.h
+ echo '#undef LONGLONG_T' >> $(PKG_BUILD_DIR)/build-Linux-$(ARCH)/os.h
+ echo '#define LONGLONG_T int64_t' >> $(PKG_BUILD_DIR)/build-Linux-$(ARCH)/os.h
+ echo '#ifndef NS_MAXMSG' >> $(PKG_BUILD_DIR)/build-Linux-$(ARCH)/os.h
+ echo '#define NS_MAXMSG 65535' >> $(PKG_BUILD_DIR)/build-Linux-$(ARCH)/os.h
+ echo '#endif' >> $(PKG_BUILD_DIR)/build-Linux-$(ARCH)/os.h
+ $(HOST_MAKE_VARS) $(MAKE) $(HOST_MAKE_FLAGS) $(HOST_MAKE_VARS) -C $(PKG_BUILD_DIR)/build-Linux-$(ARCH) macro_predef
+endef
+
+define Package/exim/install
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/build-Linux-$(ARCH)/exim $(1)/usr/sbin
+endef
+
+Package/exim-gnutls/install = $(Package/exim/install)
+Package/exim-openssl/install = $(Package/exim/install)
+Package/exim-ldap/install = $(Package/exim/install)
+
+define LookupInstall
+define Package/exim-lookup-$(subst _,-,$(firstword $(subst %, ,$(1))))/install
+ $(INSTALL_DIR) $$(1)/usr/lib/exim/lookups
+ $(INSTALL_BIN) \
+ $(PKG_BUILD_DIR)/build-Linux-$(ARCH)/lookups/$(firstword $(subst %, ,$(1))).so \
+ $$(1)/usr/lib/exim/lookups
+endef
+endef
+
+$(foreach file,$(LOOKUPS),$(eval $(call LookupInstall,$(file))))
+
+$(eval $(call BuildPackage,exim))
+$(eval $(call BuildPackage,exim-gnutls))
+$(eval $(call BuildPackage,exim-openssl))
+$(eval $(call BuildPackage,exim-ldap))
+$(foreach file,$(LOOKUPS),$(eval $(call BuildPackage,exim-lookup-$(subst _,-,$(firstword $(subst %, ,$(file)))))))
--- /dev/null
+--- a/src/drtables.c
++++ b/src/drtables.c
+@@ -662,7 +662,7 @@ addlookupmodule(NULL, &ibase_lookup_modu
+ addlookupmodule(NULL, &ldap_lookup_module_info);
+ #endif
+
+-#ifdef LOOKUP_JSON
++#if defined(LOOKUP_JSON) && LOOKUP_JSON!=2
+ addlookupmodule(NULL, &json_lookup_module_info);
+ #endif
+
--- /dev/null
+From: Daniel Golle <daniel@makrotopia.org>
+Date: Sun, 27 Dec 2020 15:03:22 +0000
+Subject: [PATCH] use correct printf format for size_t
+
+pdkim.c: In function 'check_bare_ed25519_pubkey':
+pdkim.c:1355:60: warning: format '%lu' expects argument of type 'long unsigned int', but argument 2 has type 'size_t' {aka 'unsigned int'} [-Wformat=]
+ DEBUG(D_acl) debug_printf("DKIM: unexpected pubkey len %lu\n", p->key.len);
+ ~~^ ~~~~~~~~~~
+ %u
+Signed-off-by: Daniel Golle <daniel@makrotopia.org>
+---
+--- a/src/pdkim/pdkim.c
++++ b/src/pdkim/pdkim.c
+@@ -1352,7 +1352,7 @@ check_bare_ed25519_pubkey(pdkim_pubkey *
+ int excess = p->key.len - 32;
+ if (excess > 0)
+ {
+- DEBUG(D_acl) debug_printf("DKIM: unexpected pubkey len %lu\n", p->key.len);
++ DEBUG(D_acl) debug_printf("DKIM: unexpected pubkey len %zu\n", p->key.len);
+ p->key.data += excess; p->key.len = 32;
+ }
+ }
--- /dev/null
+--- a/src/config.h.defaults
++++ b/src/config.h.defaults
+@@ -33,6 +33,8 @@ Do not put spaces between # and the 'def
+
+ #define AUTH_VARS 3
+
++#define DLOPEN_LOCAL_SCAN
++
+ #define BIN_DIRECTORY
+
+ #define CONFIGURE_FILE
+--- a/src/EDITME
++++ b/src/EDITME
+@@ -877,6 +877,24 @@ HEADERS_CHARSET="ISO-8859-1"
+
+
+ #------------------------------------------------------------------------------
++# On systems which support dynamic loading of shared libraries, Exim can
++# load a local_scan function specified in its config file instead of having
++# to be recompiled with the desired local_scan function. For a full
++# description of the API to this function, see the Exim specification.
++
++#DLOPEN_LOCAL_SCAN=yes
++
++# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the
++# linker flags. Without it, the loaded .so won't be able to access any
++# functions from exim.
++
++LFLAGS = -rdynamic
++ifeq ($(OSTYPE),Linux)
++LFLAGS += -ldl
++endif
++
++
++#------------------------------------------------------------------------------
+ # The default distribution of Exim contains only the plain text form of the
+ # documentation. Other forms are available separately. If you want to install
+ # the documentation in "info" format, first fetch the Texinfo documentation
+--- a/src/globals.c
++++ b/src/globals.c
+@@ -42,6 +42,10 @@ int optionlist_auths_size = nelem(op
+
+ uschar *no_aliases = NULL;
+
++#ifdef DLOPEN_LOCAL_SCAN
++uschar *local_scan_path = NULL;
++#endif
++
+
+ /* For comments on these variables, see globals.h. I'm too idle to
+ duplicate them here... */
+--- a/src/globals.h
++++ b/src/globals.h
+@@ -162,6 +162,9 @@ extern int (*receive_feof)(void);
+ extern int (*receive_ferror)(void);
+ extern BOOL (*receive_smtp_buffered)(void);
+
++#ifdef DLOPEN_LOCAL_SCAN
++extern uschar *local_scan_path; /* Path to local_scan() library */
++#endif
+
+ /* For clearing, saving, restoring address expansion variables. We have to have
+ the size of this vector set explicitly, because it is referenced from more than
+--- a/src/local_scan.c
++++ b/src/local_scan.c
+@@ -5,61 +5,133 @@
+ /* Copyright (c) University of Cambridge 1995 - 2009 */
+ /* See the file NOTICE for conditions of use and distribution. */
+
+-
+-/******************************************************************************
+-This file contains a template local_scan() function that just returns ACCEPT.
+-If you want to implement your own version, you should copy this file to, say
+-Local/local_scan.c, and edit the copy. To use your version instead of the
+-default, you must set
+-
+-HAVE_LOCAL_SCAN=yes
+-LOCAL_SCAN_SOURCE=Local/local_scan.c
+-
+-in your Local/Makefile. This makes it easy to copy your version for use with
+-subsequent Exim releases.
+-
+-For a full description of the API to this function, see the Exim specification.
+-******************************************************************************/
+-
+-
+-/* This is the only Exim header that you should include. The effect of
+-including any other Exim header is not defined, and may change from release to
+-release. Use only the documented interface! */
+-
+ #include "local_scan.h"
+
+-
+-/* This is a "do-nothing" version of a local_scan() function. The arguments
+-are:
+-
+- fd The file descriptor of the open -D file, which contains the
+- body of the message. The file is open for reading and
+- writing, but modifying it is dangerous and not recommended.
+-
+- return_text A pointer to an unsigned char* variable which you can set in
+- order to return a text string. It is initialized to NULL.
+-
+-The return values of this function are:
+-
+- LOCAL_SCAN_ACCEPT
+- The message is to be accepted. The return_text argument is
+- saved in $local_scan_data.
+-
+- LOCAL_SCAN_REJECT
+- The message is to be rejected. The returned text is used
+- in the rejection message.
+-
+- LOCAL_SCAN_TEMPREJECT
+- This specifies a temporary rejection. The returned text
+- is used in the rejection message.
+-*/
++#ifdef DLOPEN_LOCAL_SCAN
++#include <stdlib.h>
++#include <dlfcn.h>
++static int (*local_scan_fn)(int fd, uschar **return_text) = NULL;
++static int load_local_scan_library(void);
++extern uschar *local_scan_path; /* Path to local_scan() library */
++#endif
+
+ int
+ local_scan(int fd, uschar **return_text)
+ {
+ fd = fd; /* Keep picky compilers happy */
+ return_text = return_text;
+-return LOCAL_SCAN_ACCEPT;
++#ifdef DLOPEN_LOCAL_SCAN
++/* local_scan_path is defined AND not the empty string */
++if (local_scan_path && *local_scan_path)
++ {
++ if (!local_scan_fn)
++ {
++ if (!load_local_scan_library())
++ {
++ char *base_msg , *error_msg , *final_msg ;
++ int final_length = -1 ;
++
++ base_msg=US"Local configuration error - local_scan() library failure\n";
++ error_msg = dlerror() ;
++
++ final_length = strlen(base_msg) + strlen(error_msg) + 1 ;
++ final_msg = (char*)malloc( final_length*sizeof(char) ) ;
++ *final_msg = '\0' ;
++
++ strcat( final_msg , base_msg ) ;
++ strcat( final_msg , error_msg ) ;
++
++ *return_text = final_msg ;
++ return LOCAL_SCAN_TEMPREJECT;
++ }
++ }
++ return local_scan_fn(fd, return_text);
++ }
++else
++#endif
++ return LOCAL_SCAN_ACCEPT;
+ }
+
++#ifdef DLOPEN_LOCAL_SCAN
++
++static int load_local_scan_library(void)
++{
++/* No point in keeping local_scan_lib since we'll never dlclose() anyway */
++void *local_scan_lib = NULL;
++int (*local_scan_version_fn)(void);
++int vers_maj;
++int vers_min;
++
++local_scan_lib = dlopen(local_scan_path, RTLD_NOW);
++if (!local_scan_lib)
++ {
++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library open failed - "
++ "message temporarily rejected");
++ return FALSE;
++ }
++
++local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_major");
++if (!local_scan_version_fn)
++ {
++ dlclose(local_scan_lib);
++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
++ "local_scan_version_major() function - message temporarily rejected");
++ return FALSE;
++ }
++
++/* The major number is increased when the ABI is changed in a non
++ backward compatible way. */
++vers_maj = local_scan_version_fn();
++
++local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_minor");
++if (!local_scan_version_fn)
++ {
++ dlclose(local_scan_lib);
++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
++ "local_scan_version_minor() function - message temporarily rejected");
++ return FALSE;
++ }
++
++/* The minor number is increased each time a new feature is added (in a
++ way that doesn't break backward compatibility) -- Marc */
++vers_min = local_scan_version_fn();
++
++
++if (vers_maj != LOCAL_SCAN_ABI_VERSION_MAJOR)
++ {
++ dlclose(local_scan_lib);
++ local_scan_lib = NULL;
++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible major"
++ "version number, you need to recompile your module for this version"
++ "of exim (The module was compiled for version %d.%d and this exim provides"
++ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
++ LOCAL_SCAN_ABI_VERSION_MINOR);
++ return FALSE;
++ }
++else if (vers_min > LOCAL_SCAN_ABI_VERSION_MINOR)
++ {
++ dlclose(local_scan_lib);
++ local_scan_lib = NULL;
++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible minor"
++ "version number, you need to recompile your module for this version"
++ "of exim (The module was compiled for version %d.%d and this exim provides"
++ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
++ LOCAL_SCAN_ABI_VERSION_MINOR);
++ return FALSE;
++ }
++
++local_scan_fn = dlsym(local_scan_lib, "local_scan");
++if (!local_scan_fn)
++ {
++ dlclose(local_scan_lib);
++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
++ "local_scan() function - message temporarily rejected");
++ return FALSE;
++ }
++
++return TRUE;
++}
++
++#endif /* DLOPEN_LOCAL_SCAN */
++
+ /* End of local_scan.c */
+--- a/src/readconf.c
++++ b/src/readconf.c
+@@ -205,6 +205,9 @@ static optionlist optionlist_config[] =
+ { "local_from_prefix", opt_stringptr, {&local_from_prefix} },
+ { "local_from_suffix", opt_stringptr, {&local_from_suffix} },
+ { "local_interfaces", opt_stringptr, {&local_interfaces} },
++#ifdef DLOPEN_LOCAL_SCAN
++ { "local_scan_path", opt_stringptr, {&local_scan_path} },
++#endif
+ #ifdef HAVE_LOCAL_SCAN
+ { "local_scan_timeout", opt_time, {&local_scan_timeout} },
+ #endif
include $(TOPDIR)/rules.mk
PKG_NAME:=msmtp
-PKG_VERSION:=1.8.12
+PKG_VERSION:=1.8.14
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://marlam.de/msmtp/releases
-PKG_HASH:=a86fef9477339923afefe974988a38e32d0feb90dfeeb88f7f55aac356a96354
+PKG_HASH:=d56f065d711486e9c234618515a02a48a48dab4051b34f3e108fbecb6fb773b4
PKG_MAINTAINER:=
PKG_LICENSE:=GPL-3.0-or-later
PKG_NAME:=opendkim
PKG_VERSION:=2.10.3
-PKG_RELEASE:=4
+PKG_RELEASE:=5
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/$(PKG_NAME)
define Package/libopendkim
SECTION:=mail
CATEGORY:=Libraries
- DEPENDS:=+libopenssl +libmilter-sendmail
+ DEPENDS:=+libopenssl +libmilter-sendmail +USE_GLIBC:libbsd
TITLE:=Library for signing and verifying DKIM signatures
URL:=http://opendkim.org/
endef
include $(TOPDIR)/rules.mk
PKG_NAME:=postfix
-PKG_VERSION:=3.5.7
-PKG_RELEASE:=2
+PKG_VERSION:=3.5.8
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:= \
https://cdn.postfix.johnriley.me/mirrors/postfix-release/official/ \
http://ftp.porcupine.org/mirrors/postfix-release/official/
-PKG_HASH:=b7a474f14e153dc7cbf6af38419729bc5af5c3c37aecf6b327a8f962158f0961
+PKG_HASH:=22582628cf3edc18c5155c9ff44543dd95a9435fb68135d76a99f572cb07456f
PKG_MAINTAINER:=Denis Shulyaka <Shulyaka@gmail.com>
PKG_LICENSE:=IPL-1.0
endif
CCARGS+=-DDEF_DB_TYPE=\"$(default_database_type)\"
+TARGET_LDFLAGS += $(if $(CONFIG_USE_GLIBC),-lresolv)
# prevent postfix-install from executing postconf at build time
# by explicitly providing the default values to postfix-install
define Build/Compile
# Currently postfix has a bug with Makefiles that CCARGS are not passed to the compiler, so we are copying them to CC as a workaround
- cd $(PKG_BUILD_DIR); $(MAKE) $(TARGET_CONFIGURE_OPTS) CC='$(TARGET_CC) $(CCARGS)'
+ cd $(PKG_BUILD_DIR); $(MAKE) $(TARGET_CONFIGURE_OPTS) CC='$(TARGET_CC) $(CCARGS) $(TARGET_CFLAGS) $(TARGET_LDFLAGS)'
$(foreach p, \
default_database_type config_directory command_directory daemon_directory \
shlib_directory manpage_directory data_directory queue_directory \
--- a/src/util/dict_db.c
+++ b/src/util/dict_db.c
-@@ -750,8 +750,8 @@ static DICT *dict_db_open(const char *class, const char *path, int open_flags,
+@@ -750,8 +750,8 @@ static DICT *dict_db_open(const char *cl
msg_fatal("create DB database: %m");
if (db == 0)
msg_panic("db_create null result");
--- a/src/util/sys_defs.h
+++ b/src/util/sys_defs.h
-@@ -760,9 +760,8 @@ extern int initgroups(const char *, int);
+@@ -760,9 +760,8 @@ extern int initgroups(const char *, int)
#define INTERNAL_LOCK MYFLOCK_STYLE_FLOCK
#define DEF_MAILBOX_LOCK "fcntl, dotlock" /* RedHat >= 4.x */
#define HAS_FSYNC
RELEASE=`(uname -r) 2>/dev/null`
# No ${x%%y} support in Solaris 11 /bin/sh
RELEASE_MAJOR=`expr "$RELEASE" : '\([0-9]*\)'` || exit 1
-@@ -229,6 +229,15 @@ case $# in
+@@ -242,6 +242,15 @@ case "$SYSTEM" in
esac
case "$SYSTEM.$RELEASE" in
+++ /dev/null
-From 4fe5b1f216f1643080299bdb35e07f07b9c2caae Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Thu, 2 May 2019 22:28:57 -0700
-Subject: [PATCH] dns_lookup: Fix compilation with uClibc-ng
-
-uClibc-ng does not have res_send or res_nsend. ifdef the entire function.
----
- src/dns/dns_lookup.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/src/dns/dns_lookup.c b/src/dns/dns_lookup.c
-index 1ea98b3..d7771d4 100644
---- a/src/dns/dns_lookup.c
-+++ b/src/dns/dns_lookup.c
-@@ -311,6 +311,10 @@ typedef struct DNS_REPLY {
- static int dns_res_query(const char *name, int class, int type,
- unsigned char *answer, int anslen)
- {
-+#ifdef __UCLIBC__
-+ msg_info("dns_res_query() is not supported under uClibc");
-+ return 0;
-+#else
- unsigned char msg_buf[MAX_DNS_QUERY_SIZE];
- HEADER *reply_header = (HEADER *) answer;
- int len;
-@@ -369,6 +373,7 @@ static int dns_res_query(const char *name, int class, int type,
- }
- return (len);
- }
-+#endif
- }
-
- /* dns_res_search - res_search() that can return negative replies */
---
-2.17.1
-
PKG_NAME:=gerbera
PKG_VERSION:=1.6.4
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/gerbera/gerbera/tar.gz/v$(PKG_VERSION)?
include $(TOPDIR)/rules.mk
PKG_NAME:=youtube-dl
-PKG_VERSION:=2020.12.7
+PKG_VERSION:=2021.1.16
PKG_RELEASE:=1
PYPI_NAME:=youtube_dl
-PKG_HASH:=bd127c3251a8e9f7a0eb18e4bbcf98409c0365354f735c985325bc19af669a24
+PKG_HASH:=acf74701a31b6c3d06f9d4245a46ba8fb6c378931681177412043c6e8276fee7
PKG_MAINTAINER:=Josef Schlehofer <pepe.schlehofer@gmail.com>
PKG_LICENSE:=Unlicense
include $(TOPDIR)/rules.mk
PKG_NAME:=adblock
-PKG_VERSION:=4.0.7
-PKG_RELEASE:=4
+PKG_VERSION:=4.0.8
+PKG_RELEASE:=3
PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
| energized_ultimate | | XXL | compilation | [Link](https://energized.pro) |
| energized_unified | | XXL | compilation | [Link](https://energized.pro) |
| firetv_tracking | | S | tracking | [Link](https://github.com/Perflyst/PiHoleBlocklist) |
+| games_tracking | | S | tracking | [Link](https://www.gameindustry.eu) |
| gaming | | S | gaming | [Link](https://github.com/abyssin/pihole-blocklist) |
| malwaredomains | | M | malware | [Link](https://malwaredomains.com) |
-| malwarelist | | S | malware | [Link](https://www.malwaredomainlist.com) |
| notracking | | XL | tracking | [Link](https://github.com/notracking/hosts-blocklists) |
| oisd_nl | | XXL | general | [Link](https://oisd.nl) |
| openphish | | S | phishing | [Link](https://openphish.com) |
| whocares | | M | general | [Link](https://someonewhocares.org) |
| winhelp | | S | general | [Link](https://winhelp2002.mvps.org) |
| winspy | | S | win_telemetry | [Link](https://github.com/crazy-max/WindowsSpyBlocker) |
-| youtube | | M | youtube | [Link](https://github.com/kboghdady/youTube_ads_4_pi-hole) |
| yoyo | x | S | general | [Link](https://pgl.yoyo.org/adservers) |
* List of supported and fully pre-configured adblock sources, already active sources are pre-selected.
{
local trigger delay type
- PROCD_RELOAD_DELAY=$((delay*1000))
trigger="$(uci_get adblock global adb_trigger)"
delay="$(uci_get adblock global adb_triggerdelay "2")"
type="$(uci_get adblock global adb_starttype "start")"
+ PROCD_RELOAD_DELAY=$((delay*1000))
if [ -n "${trigger}" ]
then
procd_add_interface_trigger "interface.*.up" "${trigger}" "${adb_init}" "${type}"
export LC_ALL=C
export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
set -o pipefail
-adb_ver="4.0.7"
+adb_ver="4.0.8"
adb_enabled=0
adb_debug=0
adb_forcedns=0
adb_dumpcmd="$(command -v tcpdump)"
adb_lookupcmd="$(command -v nslookup)"
adb_fetchutil=""
-adb_portlist="53 853 5353"
+adb_zonelist=""
+adb_portlist=""
adb_repiface=""
adb_replisten="53"
adb_repchunkcnt="5"
elif [ "${option}" = "adb_safesearchlist" ]
then
eval "${option}=\"$(printf "%s" "${adb_safesearchlist}") ${value}\""
+ elif [ "${option}" = "adb_zonelist" ]
+ then
+ eval "${option}=\"$(printf "%s" "${adb_zonelist}") ${value}\""
+ elif [ "${option}" = "adb_portlist" ]
+ then
+ eval "${option}=\"$(printf "%s" "${adb_portlist}") ${value}\""
fi
}
}
#
f_extconf()
{
- local config config_dir config_file port fwcfg
+ local config config_dir config_file section zone port fwcfg
case "${adb_dns}" in
"dnsmasq")
f_uci "${config}"
config="firewall"
- fwcfg="$(uci -qNX show "${config}")"
+ fwcfg="$(uci -qNX show "${config}" | "${adb_awk}" 'BEGIN{FS="[.=]"};/adblock_/{if(zone==$2){next}else{ORS=" ";zone=$2;print zone}}')"
if [ "${adb_enabled}" -eq 1 ] && [ "${adb_forcedns}" -eq 1 ] && \
[ "$(/etc/init.d/firewall enabled; printf "%u" ${?})" -eq 0 ]
then
- for port in ${adb_portlist}
+ for zone in ${adb_zonelist}
do
- if [ -z "$(printf "%s" "${fwcfg}" | grep -Fo -m1 "adblock_dns_${port}")" ]
- then
- uci -q batch <<-EOC
- set firewall."adblock_dns_${port}"="redirect"
- set firewall."adblock_dns_${port}".name="Adblock DNS, port ${port}"
- set firewall."adblock_dns_${port}".src="lan"
- set firewall."adblock_dns_${port}".proto="tcp udp"
- set firewall."adblock_dns_${port}".src_dport="${port}"
- set firewall."adblock_dns_${port}".dest_port="${port}"
- set firewall."adblock_dns_${port}".target="DNAT"
- EOC
- fi
+ for port in ${adb_portlist}
+ do
+ if [ -z "$(printf "%s" "${fwcfg}" | grep -o -m1 "adblock_${zone}${port}[ |\$]")" ]
+ then
+ uci -q batch <<-EOC
+ set firewall."adblock_${zone}${port}"="redirect"
+ set firewall."adblock_${zone}${port}".name="Adblock DNS (${zone}, ${port})"
+ set firewall."adblock_${zone}${port}".src="${zone}"
+ set firewall."adblock_${zone}${port}".proto="tcp udp"
+ set firewall."adblock_${zone}${port}".src_dport="${port}"
+ set firewall."adblock_${zone}${port}".dest_port="${port}"
+ set firewall."adblock_${zone}${port}".target="DNAT"
+ EOC
+ fi
+ fwcfg="${fwcfg/adblock_${zone}${port}[ |\$]/}"
+ done
done
- elif [ "${adb_enabled}" -eq 0 ] || [ "${adb_forcedns}" -eq 0 ]
+ fwcfg="${fwcfg#"${fwcfg%%[![:space:]]*}"}"
+ fwcfg="${fwcfg%"${fwcfg##*[![:space:]]}"}"
+ fi
+ if [ "${adb_enabled}" -eq 0 ] || [ "${adb_forcedns}" -eq 0 ] || [ -n "${fwcfg}" ]
then
- for port in ${adb_portlist}
+ for section in ${fwcfg}
do
- if [ -n "$(printf "%s" "${fwcfg}" | grep -Fo -m1 "adblock_dns_${port}")" ]
- then
- uci_remove firewall "adblock_dns_${port}"
- fi
+ uci_remove firewall "${section}"
done
fi
f_uci "${config}"
rset="/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}"
"${adb_awk}" "${rset}" "${adb_blacklist}" | \
"${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' > "${adb_tmpdir}/tmp.raw.${src_name}"
- sort ${adb_srtopts} -u "${adb_tmpdir}/tmp.raw.${src_name}" 2>/dev/null > "${adb_tmpfile}.${src_name}"
+ "${adb_sort}" ${adb_srtopts} -u "${adb_tmpdir}/tmp.raw.${src_name}" 2>/dev/null > "${adb_tmpfile}.${src_name}"
out_rc="${?}"
rm -f "${adb_tmpdir}/tmp.raw.${src_name}"
elif [ "${src_name}" = "whitelist" ] && [ -s "${adb_whitelist}" ]
find "${adb_backupdir}" ${ffiles} -print0 2>/dev/null | xargs -0 rm 2>/dev/null
fi
unset src_name
- sort ${adb_srtopts} -mu "${adb_tmpfile}".* 2>/dev/null > "${adb_tmpdir}/${adb_dnsfile}"
+ "${adb_sort}" ${adb_srtopts} -mu "${adb_tmpfile}".* 2>/dev/null > "${adb_tmpdir}/${adb_dnsfile}"
out_rc="${?}"
rm -f "${adb_tmpfile}".*
;;
"${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' > "${src_tmpsort}"
fi
rm -f "${src_tmpload}"
- sort ${adb_srtopts} -u "${src_tmpsort}" 2>/dev/null > "${src_tmpfile}"
+ "${adb_sort}" ${adb_srtopts} -u "${src_tmpsort}" 2>/dev/null > "${src_tmpfile}"
src_rc="${?}"
rm -f "${src_tmpsort}"
if [ "${src_rc}" -eq 0 ] && [ -s "${src_tmpfile}" ]
"${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' > "${src_tmpsort}"
fi
rm -f "${src_tmpload}"
- sort ${adb_srtopts} -u "${src_tmpsort}" 2>/dev/null > "${src_tmpfile}"
+ "${adb_sort}" ${adb_srtopts} -u "${src_tmpsort}" 2>/dev/null > "${src_tmpfile}"
src_rc="${?}"
rm -f "${src_tmpsort}"
if [ "${src_rc}" -eq 0 ] && [ -s "${src_tmpfile}" ]
wait
if [ -s "${adb_reportdir}/adb_report.raw" ]
then
- sort ${adb_srtopts} -k1 -k3 -k4 -k5 -k1 -ur "${adb_reportdir}/adb_report.raw" | \
+ "${adb_sort}" ${adb_srtopts} -k1 -k3 -k4 -k5 -k1 -ur "${adb_reportdir}/adb_report.raw" | \
"${adb_awk}" '{currA=($1+0);currB=$1;currC=substr($1,length($1),1);if(reqA==currB){reqA=0;printf "%s\t%s\n",d,$2}else if(currC=="+"){reqA=currA;d=$3"\t"$4"\t"$5"\t"$2}}' | \
- sort ${adb_srtopts} -k1 -k2 -k3 -k4 -ur > "${adb_reportdir}/adb_report.srt"
+ "${adb_sort}" ${adb_srtopts} -k1 -k2 -k3 -k4 -ur > "${adb_reportdir}/adb_report.srt"
rm -f "${adb_reportdir}/adb_report.raw"
fi
printf "%s" " \"${top}\": [ " >> "${adb_reportdir}/adb_report.json"
case "${top}" in
"top_clients")
- "${adb_awk}" '{print $3}' "${adb_reportdir}/adb_report.srt" | sort ${adb_srtopts} | uniq -c | \
- sort ${adb_srtopts} -nr | "${adb_awk}" '{ORS=" ";if(NR==1)printf "{ \"count\": \"%s\", \"address\": \"%s\" }",$1,$2; else if(NR<10)printf ", { \"count\": \"%s\", \"address\": \"%s\" }",$1,$2}' >> "${adb_reportdir}/adb_report.json"
+ "${adb_awk}" '{print $3}' "${adb_reportdir}/adb_report.srt" | "${adb_sort}" ${adb_srtopts} | uniq -c | \
+ "${adb_sort}" ${adb_srtopts} -nr | "${adb_awk}" '{ORS=" ";if(NR==1)printf "{ \"count\": \"%s\", \"address\": \"%s\" }",$1,$2; else if(NR<10)printf ", { \"count\": \"%s\", \"address\": \"%s\" }",$1,$2}' >> "${adb_reportdir}/adb_report.json"
;;
"top_domains")
- "${adb_awk}" '{if($5!="NX")print $4}' "${adb_reportdir}/adb_report.srt" | sort ${adb_srtopts} | uniq -c | \
- sort ${adb_srtopts} -nr | "${adb_awk}" '{ORS=" ";if(NR==1)printf "{ \"count\": \"%s\", \"address\": \"%s\" }",$1,$2; else if(NR<10)printf ", { \"count\": \"%s\", \"address\": \"%s\" }",$1,$2}' >> "${adb_reportdir}/adb_report.json"
+ "${adb_awk}" '{if($5!="NX")print $4}' "${adb_reportdir}/adb_report.srt" | "${adb_sort}" ${adb_srtopts} | uniq -c | \
+ "${adb_sort}" ${adb_srtopts} -nr | "${adb_awk}" '{ORS=" ";if(NR==1)printf "{ \"count\": \"%s\", \"address\": \"%s\" }",$1,$2; else if(NR<10)printf ", { \"count\": \"%s\", \"address\": \"%s\" }",$1,$2}' >> "${adb_reportdir}/adb_report.json"
;;
"top_blocked")
- "${adb_awk}" '{if($5=="NX")print $4}' "${adb_reportdir}/adb_report.srt" | sort ${adb_srtopts} | uniq -c | \
- sort ${adb_srtopts} -nr | "${adb_awk}" '{ORS=" ";if(NR==1)printf "{ \"count\": \"%s\", \"address\": \"%s\" }",$1,$2; else if(NR<10)printf ", { \"count\": \"%s\", \"address\": \"%s\" }",$1,$2}' >> "${adb_reportdir}/adb_report.json"
+ "${adb_awk}" '{if($5=="NX")print $4}' "${adb_reportdir}/adb_report.srt" | "${adb_sort}" ${adb_srtopts} | uniq -c | \
+ "${adb_sort}" ${adb_srtopts} -nr | "${adb_awk}" '{ORS=" ";if(NR==1)printf "{ \"count\": \"%s\", \"address\": \"%s\" }",$1,$2; else if(NR<10)printf ", { \"count\": \"%s\", \"address\": \"%s\" }",$1,$2}' >> "${adb_reportdir}/adb_report.json"
;;
esac
printf "%s" " ], " >> "${adb_reportdir}/adb_report.json"
f_log "debug" "f_report ::: action: ${adb_action}, report: ${adb_report}, search: ${1}, count: ${2}, process: ${3}, print: ${4}, dump_util: ${adb_dumpcmd}, repdir: ${adb_reportdir}, repiface: ${adb_repiface:-"-"}, replisten: ${adb_replisten}, repchunksize: ${adb_repchunksize}, repchunkcnt: ${adb_repchunkcnt}, bg_pid: ${bg_pid}"
}
+# source required system libraries
+#
+if [ -r "/lib/functions.sh" ] && [ -r "/lib/functions/network.sh" ] && [ -r "/usr/share/libubox/jshn.sh" ]
+then
+ . "/lib/functions.sh"
+ . "/lib/functions/network.sh"
+ . "/usr/share/libubox/jshn.sh"
+else
+ f_log "err" "system libraries not found"
+fi
+
# awk selection
#
adb_awk="$(command -v gawk)"
if [ -z "${adb_awk}" ]
then
adb_awk="$(command -v awk)"
+ if [ -z "${adb_awk}" ]
+ then
+ f_log "err" "awk not found"
+ fi
fi
-# source required system libraries
+# sort selection
#
-if [ -r "/lib/functions.sh" ] && [ -r "/lib/functions/network.sh" ] && [ -r "/usr/share/libubox/jshn.sh" ]
+adb_sort="$(command -v gnu-sort)"
+if [ -z "${adb_sort}" ]
then
- . "/lib/functions.sh"
- . "/lib/functions/network.sh"
- . "/usr/share/libubox/jshn.sh"
-else
- f_log "err" "system libraries not found"
+ adb_sort="$(command -v sort)"
+ if [ -z "$("${adb_sort}" --help 2>/dev/null | grep -Fo -m1 "coreutils")" ]
+ then
+ f_log "err" "coreutils sort not found"
+ fi
fi
# version information
"focus": "tracking",
"descurl": "https://github.com/Perflyst/PiHoleBlocklist"
},
+ "games_tracking": {
+ "url": "https://raw.githubusercontent.com/KodoPengin/GameIndustry-hosts-Template/master/Main%20template/hosts",
+ "rule": "/^0\\.0\\.0\\.0[[:space:]]+([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($2)}",
+ "size": "S",
+ "focus": "tracking",
+ "descurl": "https://www.gameindustry.eu"
+ },
"gaming": {
"url": "https://raw.githubusercontent.com/stopgaming/pihole-blocklist/master/game.txt",
"rule": "/^0\\.0\\.0\\.0[[:space:]]+([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($2)}",
"descurl": "https://github.com/abyssin/pihole-blocklist"
},
"malwaredomains": {
- "url": "https://mirror1.malwaredomains.com/files/justdomains",
+ "url": "https://mirror.cedia.org.ec/malwaredomains/justdomains",
"rule": "/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}",
"size": "M",
"focus": "malware",
"descurl": "https://www.malwaredomains.com"
},
- "malwarelist": {
- "url": "https://www.malwaredomainlist.com/hostslist/hosts.txt",
- "rule": "/^127\\.0\\.0\\.1[[:space:]]+([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($2)}",
- "size": "S",
- "focus": "malware",
- "descurl": "https://www.malwaredomainlist.com"
- },
"notracking": {
"url": "https://raw.githubusercontent.com/notracking/hosts-blocklists/master/dnscrypt-proxy/dnscrypt-proxy.blacklist.txt",
"rule": "/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}",
"focus": "win_telemetry",
"descurl": "https://github.com/crazy-max/WindowsSpyBlocker"
},
- "youtube": {
- "url": "https://raw.githubusercontent.com/kboghdady/youTube_ads_4_pi-hole/master/black.list",
- "rule": "/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}",
- "size": "M",
- "focus": "youtube",
- "descurl": "https://github.com/kboghdady/youTube_ads_4_pi-hole"
- },
"yoyo": {
"url": "https://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=0&mimetype=plaintext",
"rule": "/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}",
include $(TOPDIR)/rules.mk
PKG_NAME:=adguardhome
-PKG_VERSION:=0.104.1
+PKG_VERSION:=0.104.3
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
PKG_SOURCE_URL:=https://github.com/AdguardTeam/AdGuardHome
-PKG_MIRROR_HASH:=3abbbf0531fd991a96dc2ea32aaaa9ab65dee5f40bb71e5939ddd068bbb17f7c
+PKG_MIRROR_HASH:=9051c08ebefccd918cad9b487d2d3b2c4b276ac71f16706c2ae8ee2a37ba9d03
PKG_LICENSE:=GPL-3.0-only
PKG_LICENSE_FILES:=LICENSE.txt
PKG_NAME:=atftp
PKG_VERSION:=0.7.2
-PKG_RELEASE:=4
+PKG_RELEASE:=5
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/$(PKG_NAME)
-diff --git a/tftpd.h b/tftpd.h
-index 945065e..4c2f214 100644
--- a/tftpd.h
+++ b/tftpd.h
@@ -46,7 +46,7 @@ struct thread_data {
-diff --git a/tftp_io.c b/tftp_io.c
-index 605a9c2..6cce1f4 100644
--- a/tftp_io.c
+++ b/tftp_io.c
-@@ -64,7 +64,7 @@ int tftp_send_request(int socket, struct sockaddr_storage *sa, short type,
+@@ -64,7 +64,7 @@ int tftp_send_request(int socket, struct
buf_index += strlen(mode);
buf_index++;
-diff --git a/tftp_def.c b/tftp_def.c
-index 96abdc5..16240f7 100644
--- a/tftp_def.c
+++ b/tftp_def.c
-@@ -141,7 +141,7 @@ int print_eng(double value, char *string, int size, char *format)
+@@ -133,7 +133,7 @@ int print_eng(double value, char *string
/*
* This is a strncpy function that take care of string NULL termination
*/
{
strncpy(to, from, size);
if (size>0)
-diff --git a/tftp_def.h b/tftp_def.h
-index e4b338d..4418ee7 100644
--- a/tftp_def.h
+++ b/tftp_def.h
-@@ -50,7 +50,7 @@ extern char *tftp_errmsg[9];
+@@ -51,7 +51,7 @@ extern char *tftp_errmsg[9];
int timeval_diff(struct timeval *res, struct timeval *t1, struct timeval *t0);
int print_eng(double value, char *string, int size, char *format);
int Gethostbyname(char *addr, struct hostent *host);
char *sockaddr_print_addr(const struct sockaddr_storage *, char *, size_t);
-diff --git a/tftpd.h b/tftpd.h
-index 945065e..4bd3f17 100644
--- a/tftpd.h
+++ b/tftpd.h
-@@ -93,7 +93,7 @@ int tftpd_list_find_multicast_server_and_add(struct thread_data **thread,
+@@ -93,7 +93,7 @@ int tftpd_list_find_multicast_server_and
/*
* Defined in tftpd_list.c, operation on client structure list.
*/
void tftpd_clientlist_remove(struct thread_data *thread,
struct client_info *client);
void tftpd_clientlist_free(struct thread_data *thread);
-diff --git a/tftpd_list.c b/tftpd_list.c
-index f376159..159ffca 100644
--- a/tftpd_list.c
+++ b/tftpd_list.c
-@@ -201,7 +201,7 @@ int tftpd_list_find_multicast_server_and_add(struct thread_data **thread,
+@@ -201,7 +201,7 @@ int tftpd_list_find_multicast_server_and
return 0;
}
{
pthread_mutex_lock(&thread->client_mutex);
thread->client_ready = 1;
---
-2.1.4
-
/* Make a '\0' separated arg vector from a SEP separated list in
STRING, returning it in ARGZ, and the total length in LEN. If a
-@@ -69,65 +68,65 @@ extern error_t argz_create (char *__const __argv[], char **__restrict __argz,
+@@ -69,65 +68,65 @@ extern error_t argz_create (char *__cons
The result can be destroyed using free. */
extern error_t __argz_create_sep (__const char *__restrict __string,
int __sep, char **__restrict __argz,
/* Insert ENTRY into ARGZ & ARGZ_LEN before BEFORE, which should be an
existing entry in ARGZ; if BEFORE is NULL, ENTRY is appended to the end.
-@@ -138,11 +137,11 @@ extern void argz_delete (char **__restrict __argz,
+@@ -138,11 +137,11 @@ extern void argz_delete (char **__restri
extern error_t __argz_insert (char **__restrict __argz,
size_t *__restrict __argz_len,
char *__restrict __before,
/* Replace any occurrences of the string STR in ARGZ with WITH, reallocating
ARGZ as necessary. If REPLACE_COUNT is non-zero, *REPLACE_COUNT will be
-@@ -173,9 +172,9 @@ extern error_t argz_replace (char **__restrict __argz,
+@@ -173,11 +172,11 @@ extern error_t argz_replace (char **__re
...;
*/
extern char *__argz_next (__const char *__restrict __argz, size_t __argz_len,
- __const char *__restrict __entry) __THROW;
+ __const char *__restrict __entry) __attribute__ ((__nothrow__));
- #ifdef __USE_EXTERN_INLINES
+-#ifdef __USE_EXTERN_INLINES
++#if 0
extern inline char *
-@@ -200,6 +199,8 @@ argz_next (__const char *__argz, size_t __argz_len,
+ __argz_next (__const char *__argz, size_t __argz_len,
+ __const char *__entry)
+@@ -200,6 +199,8 @@ argz_next (__const char *__argz, size_t
}
#endif /* Use extern inlines. */
#
-# Copyright (c) 2018-2019 Dirk Brenken (dev@brenken.org)
+# Copyright (c) 2018-2021 Dirk Brenken (dev@brenken.org)
# This is free software, licensed under the GNU General Public License v3.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=banip
-PKG_VERSION:=0.3.12
-PKG_RELEASE:=3
+PKG_VERSION:=0.7.0
+PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
define Package/banip
SECTION:=net
CATEGORY:=Network
- TITLE:=Ban incoming and/or outgoing ip adresses via ipsets
+ TITLE:=Ban incoming and outgoing ip adresses via ipsets
DEPENDS:=+jshn +jsonfilter +ip +ipset +iptables +ca-bundle
PKGARCH:=all
endef
define Package/banip/conffiles
/etc/config/banip
-/etc/banip/banip.whitelist
+/etc/banip/banip.maclist
/etc/banip/banip.blacklist
+/etc/banip/banip.whitelist
endef
define Build/Prepare
$(INSTALL_CONF) ./files/banip.conf $(1)/etc/config/banip
$(INSTALL_DIR) $(1)/etc/banip
+ $(INSTALL_BIN) ./files/banip.mail $(1)/etc/banip
$(INSTALL_BIN) ./files/banip.service $(1)/etc/banip
+ $(INSTALL_CONF) ./files/banip.maclist $(1)/etc/banip
$(INSTALL_CONF) ./files/banip.blacklist $(1)/etc/banip
$(INSTALL_CONF) ./files/banip.whitelist $(1)/etc/banip
+ $(INSTALL_CONF) ./files/banip.countries $(1)/etc/banip
+ $(INSTALL_CONF) ./files/banip.sources $(1)/etc/banip
+ gzip -9 $(1)/etc/banip/banip.sources
$(INSTALL_DIR) $(1)/etc/hotplug.d/firewall
$(INSTALL_DATA) ./files/banip.hotplug $(1)/etc/hotplug.d/firewall/30-banip
+<!-- markdownlint-disable -->
+
# banIP - ban incoming and/or outgoing ip adresses via ipsets
## Description
IP address blocking is commonly used to protect against brute force attacks, prevent disruptive or unauthorized address(es) from access or it can be used to restrict access to or from a particular geographic area — for example.
## Main Features
-* support many IP blocklist sources (free for private usage, for commercial use please check their individual licenses):
+* Support of the following fully pre-configured domain blocklist sources (free for private usage, for commercial use please check their individual licenses)
+
+| Source | Focus | Information |
+| :------------------ | :--------------------------: | :-------------------------------------------------------------------------------- |
+| asn | ASN block | [Link](https://asn.ipinfo.app) |
+| bogon | Bogon prefixes | [Link](https://team-cymru.com) |
+| country | Country blocks | [Link](https://www.ipdeny.com/ipblocks) |
+| darklist | Attacker IP blacklist | [Link](https://darklist.de) |
+| debl | Fail2ban IP blacklist | [Link](https://www.blocklist.de) |
+| doh | Public DoH-Provider | [Link](https://github.com/dibdot/DoH-IP-blocklists) |
+| drop | Spamhaus drop compilation | [Link](https://www.spamhaus.org) |
+| dshield | Dshield IP blocklist | [Link](https://www.dshield.org) |
+| edrop | Spamhaus edrop compilation | [Link](https://www.spamhaus.org) |
+| feodo | Feodo Tracker | [Link](https://feodotracker.abuse.ch) |
+| firehol1 | Firehol Level 1 compilation | [Link](https://iplists.firehol.org/?ipset=firehol_level1) |
+| firehol2 | Firehol Level 2 compilation | [Link](https://iplists.firehol.org/?ipset=firehol_level2) |
+| firehol3 | Firehol Level 3 compilation | [Link](https://iplists.firehol.org/?ipset=firehol_level3) |
+| firehol4 | Firehol Level 4 compilation | [Link](https://iplists.firehol.org/?ipset=firehol_level4) |
+| iblockads | Advertising blocklist | [Link](https://www.iblocklist.com) |
+| iblockspy | Malicious spyware blocklist | [Link](https://www.iblocklist.com) |
+| myip | Myip Live IP blacklist | [Link](https://myip.ms) |
+| nixspam | iX spam protection | [Link](http://www.nixspam.org) |
+| proxy | Firehol list of open proxies | [Link](https://iplists.firehol.org/?ipset=proxylists) |
+| ssbl | SSL botnet IP blacklist | [Link](https://sslbl.abuse.ch) |
+| threat | Emerging Threats | [Link](https://rules.emergingthreats.net) |
+| tor | Tor exit nodes | [Link](https://fissionrelays.net/lists) |
+| uceprotect1 | Spam protection level 1 | [Link](http://www.uceprotect.net/en/index.php) |
+| uceprotect2 | Spam protection level 2 | [Link](http://www.uceprotect.net/en/index.php) |
+| voip | VoIP fraud blocklist | [Link](http://www.voipbl.org) |
+| yoyo | Ad protection blacklist | [Link](https://pgl.yoyo.org/adservers/) |
+
* zero-conf like automatic installation & setup, usually no manual changes needed
* automatically selects one of the following download utilities: aria2c, curl, uclient-fetch, wget
* Really fast downloads & list processing as they are handled in parallel as background jobs in a configurable 'Download Queue'
* procd based init system support (start/stop/restart/reload/refresh/status)
* procd network interface trigger support
* automatic blocklist backup & restore, they will be used in case of download errors or during startup
-* output comprehensive runtime information via LuCI or via 'status' init command
+* Provides comprehensive runtime information
+* Provides a detailed IPSet Report
+* Provides a powerful query function to quickly find blocked IPs/CIDR in banIP related IPSets
+* Provides an easily configurable blocklist update scheduler called 'Refresh Timer'
* strong LuCI support
* optional: add new banIP sources on your own
-* optional: log banned inbound and/or outbound IP to syslog.
## Prerequisites
-* [OpenWrt](https://openwrt.org), tested with the stable release series (19.07) and with the latest snapshot
-* download utility: 'uclient-fetch' with one of the 'libustream-*' ssl libraries, 'wget', 'aria2c' or 'curl' is required
+* [OpenWrt](https://openwrt.org), tested with the stable release series (19.07.x) and with the latest rolling snapshot releases. On turris devices it has been successfully tested with TurrisOS 5.2.x
+ <b>Please note:</b> Older OpenWrt releases like 18.06.x or 17.01.x are _not_ supported!
+ <b>Please note:</b> Devices with less than 128 MByte RAM are _not_ supported!
+* A download utility with SSL support: 'wget', 'uclient-fetch' with one of the 'libustream-*' ssl libraries, 'aria2c' or 'curl' is required
+* A certificate store like 'ca-bundle', as banIP checks the validity of the SSL certificates of all download sites by default
+* Optional E-Mail notification support: for E-Mail notifications you need to install the additional 'msmtp' package
## Installation & Usage
-* install 'banip' (_opkg install banip_)
-* at minimum configure the needed IP blocklist sources, the download utility and enable the banIP service in _/etc/config/banip_
-* control the banip service manually with _/etc/init.d/banip_ start/stop/restart/reload/refresh/status or use the LuCI frontend
+* Update your local opkg repository (_opkg update_)
+* Install 'banip' (_opkg install banip_). The banIP service is disabled by default
+* Install the LuCI companion package 'luci-app-banip' (_opkg install luci-app-banip_)
+* It's strongly recommended to use the LuCI frontend to easily configure all aspects of banIP, the application is located in LuCI under the 'Services' menu
-## LuCI banIP companion package
-* it's recommended to use the provided LuCI frontend to control all aspects of banIP
-* install 'luci-app-banip' (_opkg install luci-app-banip_)
-* the application is located in LuCI under 'Services' menu
-
-## banIP config options
-* usually the pre-configured banIP setup works quite well and no manual overrides are needed
-* the following options apply to the 'global' config section:
- * ban\_enabled => main switch to enable/disable banIP service (bool/default: '0', disabled)
- * ban\_automatic => determine the L2/L3 WAN network device automatically (bool/default: '1', enabled)
- * ban\_iface => space separated list of WAN network interface(s)/device(s) used by banIP (default: not set, automatically detected)
- * ban\_realtime => a small log/banIP background monitor to block SSH/LuCI brute force attacks in realtime (bool/default: 'false', disabled)
- * ban\_target\_src => action to perform when banning inbound IPv4 packets ('DROP'/'REJECT', default: 'DROP')
- * ban\_target\_src\_6 => action to perform when banning inbound IPv6 packets ('DROP'/'REJECT', default: 'DROP')
- * ban\_target\_dst => action to perform when banning outbound IPv4 packets ('DROP'/'REJECT', default: 'REJECT')
- * ban\_target\_dst\_6 => action to perform when banning outbound IPv6 packets ('DROP'/'REJECT', default: 'REJECT')
- * ban\_log\_src => switch to enable/disable logging of banned inbound IPv4 packets (bool/default: '0', disabled)
- * ban\_log\_dst => switch to enable/disable logging of banned outbound IPv4 packets (bool/default: '0', disabled)
-
-* the following options apply to the 'extra' config section:
- * ban\_debug => enable/disable banIP debug output (bool/default: '0', disabled)
- * ban\_nice => set the nice level of the banIP process and all sub-processes (int/default: '0', standard priority)
- * ban\_triggerdelay => additional trigger delay in seconds before banIP processing begins (int/default: '2')
- * ban\_backupdir => target directory for banIP backups (default: '/tmp')
- * ban\_sshdaemon => select the SSH daemon for logfile parsing, 'dropbear' or 'sshd' (default: 'dropbear')
- * ban\_starttype => select the used start type during boot, 'start', 'refresh' or 'reload' (default: 'start')
- * ban\_maxqueue => size of the download queue to handle downloads & IPSet processing in parallel (int/default: '4')
- * ban\_fetchutil => name of the used download utility: 'uclient-fetch', 'wget', 'curl', 'aria2c' (default: not set, automatically detected)
- * ban\_fetchparm => special config options for the download utility (default: not set)
- * ban\_autoblacklist => store auto-addons temporary in ipset and permanently in local blacklist as well (bool/default: '1', enabled)
- * ban\_autowhitelist => store auto-addons temporary in ipset and permanently in local whitelist as well (bool/default: '1', enabled)
-
-## Logging of banned packets
-* by setting ban\_log\_src=1 / ban\_log\_dst=1 in the config options, banIP will log banned inbound / outbound packets to syslog.
-* example of a logged inbound (dst) and outbound (src) packet:
+## banIP CLI
+* All important banIP functions are accessible via CLI as well.
<pre><code>
-Oct 2 12:49:14 gateway kernel: [434134.855130] REJECT(dst banIP) IN=br-lan OUT=br-wan MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=x.x.x.x DST=x.x.x.x LEN=100 TOS=0x00 PREC=0x00 TTL=63 ID=7938 PROTO=UDP SPT=16393 DPT=16393 LEN=80
+~# /etc/init.d/banip
+Syntax: /etc/init.d/banip [command]
-Oct 3 14:11:13 gateway kernel: [11290.429712] DROP(src banIP) IN=br-wan OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=x.x.x.x DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=63275 PROTO=TCP SPT=48246 DPT=37860 WINDOW=1024 RES=0x00 SYN URGP=0
+Available commands:
+ start Start the service
+ stop Stop the service
+ restart Restart the service
+ reload Reload configuration files (or restart if service does not implement reload)
+ enable Enable service autostart
+ disable Disable service autostart
+ enabled Check if service is started on boot
+ refresh Refresh ipsets without new list downloads
+ suspend Suspend banIP processing
+ resume Resume banIP processing
+ query <IP> Query active banIP IPSets for a specific IP address
+ report [<cli>|<mail>|<gen>|<json>] Print banIP related IPset statistics
+ list [<add>|<add_asn>|<add_country>|<remove>|<remove_asn>|<remove_country>] <source(s)> List/Edit available sources
+ timer [<add> <tasks> <hour> [<minute>] [<weekday>]]|[<remove> <line no.>] List/Edit cron update intervals
+ version Print version information
+ running Check if service is running
+ status Service status
+ trace Start with syscall trace
</code></pre>
-* to change the default logging behavior, the following options can be added to the 'global' config section:
- * ban\_log\_src\_opts => IPv4 iptables LOG options for banned inbound packets (default: '-m limit --limit 10/sec')
- * ban\_log\_src\_opts\_6 => IPv6 iptables LOG options for banned inbound packets (default: '-m limit --limit 10/sec')
- * ban\_log\_src\_prefix (default: '<ban\_target\_src>(src banIP) ', typically 'DROP(src banIP) ')
- * ban\_log\_src\_prefix\_6 (default: '<ban\_target\_src\_6>(src banIP) ', typically 'DROP('src banIP)' )
- * ban\_log\_dst\_opts => IPv4 iptables LOG options for banned outbound packets (default: '-m limit --limit 10/sec')
- * ban\_log\_dst\_opts\_6 => IPv6 iptables LOG options for banned outbound packets (default: '-m limit --limit 10/sec')
- * ban\_log\_dst\_prefix (default: '<ban\_target\_dst>(dst banIP) ', typically 'REJECT(dst banIP) ')
- * ban\_log\_dst\_prefix\_6 (default: '<ban\_target\_dst\_6>(dst banIP) ', typically 'REJECT('dst banIP)' )
+## banIP config options
+* Usually the auto pre-configured banIP setup works quite well and no manual overrides are needed
+
+| Option | Type | Default | Description |
+| :---------------------- | :----- | :------------------ | :--------------------------------------------------------------------------------------------------- |
+| ban_enabled | option | 0 | enable the banIP service |
+| ban_autodetect | option | 1 | auto-detect wan interfaces, devices and subnets |
+| ban_debug | option | 0 | enable banIP related debug logging |
+| ban_mail_enabled | option | 0 | enable the mail service |
+| ban_monitor_enabled | option | 0 | enable the log monitor, e.g. to catch failed ssh/luci logins |
+| ban_logsrc_enabled | option | 0 | enable the src-related logchain |
+| ban_logdst_enabled | option | 0 | enable the dst-related logchain |
+| ban_autoblacklist | option | 1 | add suspicious IPs automatically to the local blacklist |
+| ban_autowhitelist | option | 1 | add wan IPs/subnets automatically to the local whitelist |
+| ban_maxqueue | option | 4 | size of the download queue to handle downloads and processing in parallel |
+| ban_reportdir | option | /tmp/banIP-Report | directory where banIP stores the report files |
+| ban_backupdir | option | /tmp/banIP-Backup | directory where banIP stores the compressed backup files |
+| ban_ifaces | list | - | list option to add logical wan interfaces manually |
+| ban_sources | list | - | list option to add banIP sources |
+| ban_countries | list | - | list option to add certain countries as an alpha-2 ISO code, e.g. 'de' for germany |
+| ban_asns | list | - | list option to add certain ASNs (autonomous system number), e.g. '32934' for facebook |
+| ban_chain | option | banIP | name of the root chain used by banIP |
+| ban_global_settype | option | src+dst | global settype as default for all sources |
+| ban_settype_src | list | - | special SRC settype for a certain sources |
+| ban_settype_dst | list | - | special DST settype for a certain sources |
+| ban_settype_all | list | - | special SRC+DST settype for a certain sources |
+| ban_target_src | option | DROP | default src action (used by log chains as well) |
+| ban_target_dst | option | REJECT | default dst action (used by log chains as well) |
+| ban_lan_inputchains_4 | list | input_lan_rule | list option to add IPv4 lan input chains |
+| ban_lan_inputchains_6 | list | input_lan_rule | list option to add IPv6 lan input chains |
+| ban_lan_forwardchains_4 | list | forwarding_lan_rule | list option to add IPv4 lan forward chains |
+| ban_lan_forwardchains_6 | list | forwarding_lan_rule | list option to add IPv6 lan forward chains |
+| ban_wan_inputchains_4 | list | input_wan_rule | list option to add IPv4 wan input chains |
+| ban_wan_inputchains_6 | list | input_wan_rule | list option to add IPv6 wan input chains |
+| ban_wan_forwardchains_4 | list | forwarding_wan_rule | list option to add IPv4 wan forward chains |
+| ban_wan_forwardchains_6 | list | forwarding_wan_rule | list option to add IPv6 wan forward chains |
+| ban_mailreceiver | option | - | receiver address for banIP related notification E-Mails |
+| ban_mailsender | option | no-reply@banIP | sender address for banIP related notification E-Mails |
+| ban_mailtopic | option | banIP notification | topic for banIP related notification E-Mails |
+| ban_mailprofile | option | ban_notify | mail profile used in 'msmtp' for banIP related notification E-Mails |
+| ban_srcarc | option | /etc/banip/banip.sources.gz | full path to the compressed source archive file used by banIP |
+| ban_maclist | option | /etc/banip/banip.maclist | full path to the maclist file used by banIP |
+| ban_blacklist | option | /etc/banip/banip.blacklist | full path to the blacklist file used by banIP |
+| ban_whitelist | option | /etc/banip/banip.whitelist | full path to the whitelist file used by banIP |
+
## Examples
-**receive banIP runtime information:**
+**list/edit banIP sources:**
- # /etc/init.d/banip status
- ::: banIP runtime information
- + status : enabled
- + version : 0.3.0
- + util_info : /usr/bin/aria2c, true
- + ipset_info : 10 IPSets with overall 106729 IPs/Prefixes
- + backup_dir : /tmp
- + last_run : 03.10.2019 19:15:25
- + system : UBNT-ERX, OpenWrt SNAPSHOT r11102-ced4c0e635
+<pre><code>
+~# /etc/init.d/banip list
+::: Available banIP sources
+:::
+ Name Enabled Focus Info URL
+ ---------------------------------------------------------------------------
+ + asn ASN blocks https://asn.ipinfo.app
+ + bogon Bogon prefixes https://team-cymru.com
+ + country x Country blocks https://www.ipdeny.com/ipblocks
+ + debl x Fail2ban IP blacklist https://www.blocklist.de
+ + doh x Public DoH-Provider https://github.com/dibdot/DoH-IP-blocklists
+ + drop x Spamhaus drop compilation https://www.spamhaus.org
+ + dshield x Dshield IP blocklist https://www.dshield.org
+ + edrop Spamhaus edrop compilation https://www.spamhaus.org
+ + feodo x Feodo Tracker https://feodotracker.abuse.ch
+ + firehol1 x Firehol Level 1 compilation https://iplists.firehol.org/?ipset=firehol_level1
+ + firehol2 Firehol Level 2 compilation https://iplists.firehol.org/?ipset=firehol_level2
+ + firehol3 Firehol Level 3 compilation https://iplists.firehol.org/?ipset=firehol_level3
+ + firehol4 Firehol Level 4 compilation https://iplists.firehol.org/?ipset=firehol_level4
+ + iblockads Advertising blocklist https://www.iblocklist.com
+ + iblockspy x Malicious spyware blocklist https://www.iblocklist.com
+ + myip Myip Live IP blacklist https://myip.ms
+ + nixspam x iX spam protection http://www.nixspam.org
+ + proxy Firehol list of open proxies https://iplists.firehol.org/?ipset=proxylists
+ + sslbl x SSL botnet IP blacklist https://sslbl.abuse.ch
+ + threat x Emerging Threats https://rules.emergingthreats.net
+ + tor x Tor exit nodes https://fissionrelays.net/lists
+ + uceprotect1 x Spam protection level 1 http://www.uceprotect.net/en/index.php
+ + uceprotect2 Spam protection level 2 http://www.uceprotect.net/en/index.php
+ + voip x VoIP fraud blocklist http://www.voipbl.org
+ + yoyo x Ad protection blacklist https://pgl.yoyo.org/adservers/
+ ---------------------------------------------------------------------------
+ * Configured ASNs: -
+ * Configured Countries: af, bd, br, cn, hk, hu, id, il, in, iq, ir, kp, kr, no, pk, pl, ro, ru, sa, th, tr, ua, gb
+</code></pre>
+
+**receive banIP runtime information:**
-**cronjob for a regular IPSet blocklist update (/etc/crontabs/root):**
+<pre><code>
+~# /etc/init.d/banip status
+::: banIP runtime information
+ + status : enabled
+ + version : 0.7.0
+ + ipset_info : 23 IPSets with 302008 IPs/Prefixes
+ + active_sources : blacklist, country, debl, doh, drop, dshield, feodo, firehol1, iblockspy, nixspam, sslbl, threat,
+ tor, uceprotect1, voip, whitelist, yoyo
+ + active_devs : eth3
+ + active_ifaces : wan, wan6
+ + active_logterms : dropbear, sshd, luci
+ + active_subnets : xxx.xxx.x.xxx/24, xxxx:xxxx:xxxx:x:xxxx:xxxx:xxxx:xxxx/64
+ + run_infos : settype: src+dst, backup_dir: /mnt/data/banip, report_dir: /tmp/banIP-Report
+ + run_flags : protocols (4/6): ✔/✔, log (src/dst): ✔/✘, monitor: ✔, mail: ✔
+ + last_run : refresh, 0m 16s, 4019/3527/3680, 03.02.2021 19:57:46
+ + system : PC Engines apu4, OpenWrt SNAPSHOT r15556-20a0d435d8
+</code></pre>
+
+**generate an IPSet report:**
- # Every day at 06:00, update the IPSets of banIP
- 00 06 * * * /etc/init.d/banip reload
+<pre><code>
+~# /etc/init.d/banip report
+:::
+::: report on all banIP related IPSets
+:::
+ + Report timestamp ::: 04.02.2021 06:24:41
+ + Number of all IPSets ::: 24
+ + Number of all entries ::: 302448
+ + Number of IP entries ::: 224748
+ + Number of CIDR entries ::: 77700
+ + Number of MAC entries ::: 0
+ + Number of accessed entries ::: 36
+:::
+::: IPSet details
+:::
+ Name Type Count Cnt_IP Cnt_CIDR Cnt_MAC Cnt_ACC Entry details (Entry/Count)
+ --------------------------------------------------------------------------------------------------------------------
+ whitelist_4 src+dst 1 0 1 0 1
+ xxx.xxxx.xxx.xxxx/24 85
+ --------------------------------------------------------------------------------------------------------------------
+ whitelist_6 src+dst 2 0 2 0 1
+ xxxx:xxxx:xxxx::/64 29
+ --------------------------------------------------------------------------------------------------------------------
+ blacklist_4 src+dst 513 513 0 0 2
+ 192.35.168.16 3
+ 80.82.65.74 1
+ --------------------------------------------------------------------------------------------------------------------
+ blacklist_6 src+dst 1 1 0 0 0
+ --------------------------------------------------------------------------------------------------------------------
+ country_4 src 52150 0 52150 0 23
+ 124.5.0.0/16 1
+ 95.188.0.0/14 1
+ 121.16.0.0/12 1
+ 46.161.0.0/18 1
+ 42.56.0.0/14 1
+ 113.64.0.0/10 1
+ 113.252.0.0/14 1
+ 5.201.128.0/17 1
+ 125.64.0.0/11 1
+ 90.188.0.0/15 1
+ 60.0.0.0/11 1
+ 78.160.0.0/11 1
+ 1.80.0.0/12 1
+ 183.184.0.0/13 1
+ 175.24.0.0/14 1
+ 119.176.0.0/12 1
+ 59.88.0.0/13 1
+ 103.78.12.0/22 1
+ 123.128.0.0/13 1
+ 116.224.0.0/12 1
+ 42.224.0.0/12 1
+ 82.80.0.0/15 1
+ 14.32.0.0/11 1
+ --------------------------------------------------------------------------------------------------------------------
+ country_6 src 20099 0 20099 0 0
+ --------------------------------------------------------------------------------------------------------------------
+ debl_4 src+dst 29389 29389 0 0 1
+ 5.182.210.16 4
+ --------------------------------------------------------------------------------------------------------------------
+ debl_6 src+dst 64 64 0 0 0
+ --------------------------------------------------------------------------------------------------------------------
+ doh_4 src+dst 168 168 0 0 0
+ --------------------------------------------------------------------------------------------------------------------
+ doh_6 src+dst 122 122 0 0 0
+ --------------------------------------------------------------------------------------------------------------------
+ drop_4 src+dst 965 0 965 0 0
+ --------------------------------------------------------------------------------------------------------------------
+ drop_6 src+dst 36 0 36 0 0
+ --------------------------------------------------------------------------------------------------------------------
+ dshield_4 src+dst 20 0 20 0 1
+ 89.248.165.0/24 1
+ --------------------------------------------------------------------------------------------------------------------
+ feodo_4 src+dst 325 325 0 0 0
+ --------------------------------------------------------------------------------------------------------------------
+ firehol1_4 src+dst 2763 403 2360 0 0
+ --------------------------------------------------------------------------------------------------------------------
+ iblockspy_4 src+dst 3650 2832 818 0 0
+ --------------------------------------------------------------------------------------------------------------------
+ nixspam_4 src+dst 9577 9577 0 0 0
+ --------------------------------------------------------------------------------------------------------------------
+ sslbl_4 src+dst 104 104 0 0 0
+ --------------------------------------------------------------------------------------------------------------------
+ threat_4 src+dst 1300 315 985 0 0
+ --------------------------------------------------------------------------------------------------------------------
+ tor_4 src+dst 1437 1437 0 0 0
+ --------------------------------------------------------------------------------------------------------------------
+ tor_6 src+dst 478 478 0 0 0
+ --------------------------------------------------------------------------------------------------------------------
+ uceprotect1_4 src+dst 156249 156249 0 0 6
+ 192.241.220.137 1
+ 128.14.137.178 1
+ 61.219.11.153 1
+ 138.34.32.33 1
+ 107.174.133.130 2
+ 180.232.99.46 1
+ --------------------------------------------------------------------------------------------------------------------
+ voip_4 src+dst 12563 12299 264 0 0
+ --------------------------------------------------------------------------------------------------------------------
+ yoyo_4 src+dst 10472 10472 0 0 1
+ 204.79.197.200 2
+ --------------------------------------------------------------------------------------------------------------------
+</code></pre>
+
+**Enable E-Mail notification via 'msmtp':**
+To use the email notification you have to install & configure the package 'msmtp'.
+Modify the file '/etc/msmtprc', e.g.:
+<pre><code>
+[...]
+defaults
+auth on
+tls on
+tls_certcheck off
+timeout 5
+syslog LOG_MAIL
+[...]
+account ban_notify
+host smtp.gmail.com
+port 587
+from <address>k@gmail.com
+user <gmail-user>
+password <password>
+</code></pre>
+Finally enable E-Mail support and add a valid E-Mail receiver address in LuCI.
+
+**Edit, add new adblock sources:**
+The banIP blocklist sources are stored in an external, compressed JSON file '/etc/banip/banip.sources.gz'.
+This file is directly parsed in LuCI and accessible via CLI, just call _/etc/init.d/banip list_.
+To add new or edit existing sources extract the compressed JSON file _gunzip /etc/banip/banip.sources.gz_.
+A valid JSON source object contains the following required information, e.g.:
+<pre><code>
+ [...]
+ "tor": {
+ "url_4": "https://lists.fissionrelays.net/tor/exits-ipv4.txt",
+ "url_6": "https://lists.fissionrelays.net/tor/exits-ipv6.txt",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add tor_4 \"$1}",
+ "rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print \"add tor_6 \"$1}",
+ "focus": "Tor exit nodes",
+ "descurl": "https://fissionrelays.net/lists"
+ },
+ [...]
+</code></pre>
+Add an unique object name, make the required changes to 'url_4', 'rule_4' (and/or 'url_6', 'rule_6'), 'focus' and 'descurl' and finally compress the changed JSON file _gzip /etc/banip/banip.sources.gz_ to use the new source object in banIP.
+<b>Please note:</b> if you're going to add new sources on your own, please make a copy of the default file and work with that copy further on, cause the default will be overwritten with every banIP update. To reference your copy set the option 'ban\_srcarc' which points by default to '/etc/banip/banip.sources.gz'
+
## Support
Please join the banIP discussion in this [forum thread](https://forum.openwrt.org/t/banip-support-thread/16985) or contact me by mail <dev@brenken.org>
-
config banip 'global'
option ban_enabled '0'
- option ban_basever '0.3'
- option ban_automatic '1'
- option ban_realtime 'false'
- option ban_log_src '0'
- option ban_log_dst '0'
-
-config banip 'extra'
option ban_debug '0'
+ option ban_mail_enabled '0'
+ option ban_monitor_enabled '0'
+ option ban_logsrc_enabled '0'
+ option ban_logdst_enabled '0'
+ option ban_autodetect '1'
+ option ban_autoblacklist '1'
+ option ban_autowhitelist '1'
+ option ban_nice '0'
option ban_maxqueue '4'
-
-config source 'whitelist'
- option ban_src '/etc/banip/banip.whitelist'
- option ban_src_6 '/etc/banip/banip.whitelist'
- option ban_src_desc 'Always allow these IPs (IPv4/IPv6)'
- option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add whitelist \"\$1}'
- option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add whitelist_6 \"\$1}'
- option ban_src_settype 'net'
- option ban_src_ruletype 'src+dst'
- option ban_src_on '1'
- option ban_src_on_6 '0'
-
-config source 'blacklist'
- option ban_src '/etc/banip/banip.blacklist'
- option ban_src_6 '/etc/banip/banip.blacklist'
- option ban_src_desc 'Always deny these IPs (IPv4/IPv6)'
- option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add blacklist \"\$1}'
- option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add blacklist_6 \"\$1}'
- option ban_src_settype 'net'
- option ban_src_ruletype 'src+dst'
- option ban_src_on '0'
- option ban_src_on_6 '0'
-
-config source 'bogon'
- option ban_src 'https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt'
- option ban_src_6 'https://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt'
- option ban_src_desc 'Bogon prefixes, plus prefixes that have been allocated to RIRs but not yet assigned to ISPs (IPv4/IPv6)'
- option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add bogon \"\$1}'
- option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add bogon_6 \"\$1}'
- option ban_src_settype 'net'
- option ban_src_ruletype 'src+dst'
- option ban_src_on '0'
- option ban_src_on_6 '0'
-
-config source 'DoH'
- option ban_src 'https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-ipv4.txt'
- option ban_src_6 'https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-ipv6.txt'
- option ban_src_desc 'List of public DoH providers (DNS over HTTPS) (IPv4/IPv6)'
- option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add DoH \"\$1}'
- option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add DoH_6 \"\$1}'
- option ban_src_settype 'net'
- option ban_src_ruletype 'src+dst'
- option ban_src_on '0'
- option ban_src_on_6 '0'
-
-config source 'tor'
- option ban_src 'https://check.torproject.org/exit-addresses'
- option ban_src_desc 'List of Tor Exit Nodes (IPv4)'
- option ban_src_rset '/^(ExitAddress ([0-9]{1,3}\.){3}[0-9]{1,3})([[:space:]]|$)/{print \"add tor \"\$2}'
- option ban_src_settype 'ip'
- option ban_src_ruletype 'src'
- option ban_src_on '0'
- option ban_src_on_6 '0'
-
-config source 'threat'
- option ban_src 'https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt'
- option ban_src_desc 'Emerging Threats (IPv4)'
- option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add threat \"\$1}'
- option ban_src_settype 'net'
- option ban_src_ruletype 'src'
- option ban_src_on '0'
-
-config source 'debl'
- option ban_src 'https://www.blocklist.de/downloads/export-ips_all.txt'
- option ban_src_6 'https://www.blocklist.de/downloads/export-ips_all.txt'
- option ban_src_desc 'Fail2ban reporting service (IPv4/IPv6)'
- option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3})([[:space:]]|$)/{print \"add debl \"\$1}'
- option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add debl_6 \"\$1}'
- option ban_src_settype 'ip'
- option ban_src_ruletype 'src'
- option ban_src_on '0'
- option ban_src_on_6 '0'
-
-config source 'myip'
- option ban_src 'https://www.myip.ms/files/blacklist/general/latest_blacklist.txt'
- option ban_src_6 'https://www.myip.ms/files/blacklist/general/latest_blacklist.txt'
- option ban_src_desc 'IP blacklist provided by myip.ms (IPv4/IPv6)'
- option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3})([[:space:]]|$)/{print \"add myip \"\$1}'
- option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add myip_6 \"\$1}'
- option ban_src_settype 'ip'
- option ban_src_ruletype 'src'
- option ban_src_on '0'
- option ban_src_on_6 '0'
-
-config source 'yoyo'
- option ban_src 'https://pgl.yoyo.org/adservers/iplist.php?ipformat=plain&showintro=0&mimetype=plaintext'
- option ban_src_desc 'IP blocklist provided by Peter Lowe (IPv4)'
- option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3})([[:space:]]|$)/{print \"add yoyo \"\$1}'
- option ban_src_settype 'ip'
- option ban_src_ruletype 'src'
- option ban_src_on '0'
-
-config source 'sslbl'
- option ban_src 'https://sslbl.abuse.ch/blacklist/sslipblacklist.csv'
- option ban_src_desc 'SSL Blacklist by abuse.ch (IPv4)'
- option ban_src_rset 'BEGIN{FS=\",\"}/(([0-9]{1,3}\.){3}[0-9]{1,3},).*/{print \"add sslbl \"\$2}'
- option ban_src_settype 'ip'
- option ban_src_ruletype 'src'
- option ban_src_on '0'
-
-config source 'ransomware'
- option ban_src 'https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt'
- option ban_src_desc 'Ransomware Tracker by abuse.ch (IPv4)'
- option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3})([[:space:]]|$)/{print \"add ransomware \"\$1}'
- option ban_src_settype 'ip'
- option ban_src_ruletype 'src'
- option ban_src_on '0'
-
-config source 'feodo'
- option ban_src 'https://feodotracker.abuse.ch/downloads/ipblocklist.txt'
- option ban_src_desc 'Feodo Tracker by abuse.ch (IPv4)'
- option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3})([[:space:]]|$)/{print \"add feodo \"\$1}'
- option ban_src_settype 'ip'
- option ban_src_ruletype 'src'
- option ban_src_on '0'
-
-config source 'dshield'
- option ban_src 'https://feeds.dshield.org/block.txt'
- option ban_src_desc 'Dshield recommended IP blocklist. Contains top 20 attacking class C subnets (IPv4)'
- option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3})([[:space:]]|$)/{print \"add dshield \"\$1 \"/\"\$3}'
- option ban_src_settype 'net'
- option ban_src_ruletype 'src'
- option ban_src_on '0'
-
-config source 'proxy'
- option ban_src 'https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxylists.ipset'
- option ban_src_desc 'List of Open Proxies (IPv4)'
- option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3})([[:space:]]|$)/{print \"add proxy \"\$1}'
- option ban_src_settype 'ip'
- option ban_src_ruletype 'src'
- option ban_src_on '0'
-
-config source 'iblocklist'
- option ban_src 'https://list.iblocklist.com/?list=dgxtneitpuvgqqcpfulq&fileformat=cidr&archiveformat=gz'
- option ban_src_desc 'Contains advertising trackers and a short list of bad/intrusive porn sites (IPv4)'
- option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add iblocklist \"\$1}'
- option ban_src_settype 'net'
- option ban_src_ruletype 'src'
- option ban_src_on '0'
-
-config source 'drop'
- option ban_src 'https://www.spamhaus.org/drop/drop.txt'
- option ban_src_6 'https://www.spamhaus.org/drop/dropv6.txt'
- option ban_src_desc 'Spamhaus drop compilation (IPv4/IPv6)'
- option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add drop \"\$1}'
- option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add drop_6 \"\$1}'
- option ban_src_settype 'net'
- option ban_src_ruletype 'src'
- option ban_src_on '0'
- option ban_src_on_6 '0'
-
-config source 'edrop'
- option ban_src 'https://www.spamhaus.org/drop/edrop.txt'
- option ban_src_desc 'Spamhaus edrop compilation (IPv4)'
- option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add edrop \"\$1}'
- option ban_src_settype 'net'
- option ban_src_ruletype 'src'
- option ban_src_on '0'
-
-config source 'firehol1'
- option ban_src 'https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset'
- option ban_src_desc 'Firehol Level 1 compilation. Contains bogons, spamhaus drop and edrop, dshield and malware lists (IPv4)'
- option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add firehol1 \"\$1}'
- option ban_src_settype 'net'
- option ban_src_ruletype 'src'
- option ban_src_on '0'
-
-config source 'firehol2'
- option ban_src 'https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset'
- option ban_src_desc 'Firehol Level 2 compilation. Contains blocklists that track attacks, during the last 48 hours (IPv4)'
- option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add firehol2 \"\$1}'
- option ban_src_settype 'net'
- option ban_src_ruletype 'src'
- option ban_src_on '0'
-
-config source 'firehol3'
- option ban_src 'https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset'
- option ban_src_desc 'Firehol Level 3 compilation. Contains blocklists that track attacks, spyware and viruses (IPv4)'
- option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add firehol3 \"\$1}'
- option ban_src_settype 'net'
- option ban_src_ruletype 'src'
- option ban_src_on '0'
-
-config source 'firehol4'
- option ban_src 'https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level4.netset'
- option ban_src_desc 'Firehol Level 4 compilation. May include a large number of false positives (IPv4)'
- option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add firehol4 \"\$1}'
- option ban_src_settype 'net'
- option ban_src_ruletype 'src'
- option ban_src_on '0'
-
-config source 'country'
- option ban_src 'https://stat.ripe.net/data/country-resource-list/data.json?resource='
- option ban_src_6 'https://stat.ripe.net/data/country-resource-list/data.json?resource='
- option ban_src_desc 'Build a dynamic IPSet by country iso codes based on RIPE data (IPv4/IPv6)'
- option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add country \"\$1}'
- option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add country_6 \"\$1}'
- list ban_src_cat 'de'
- option ban_src_settype 'net'
- option ban_src_ruletype 'src'
- option ban_src_on '0'
- option ban_src_on_6 '0'
-
-config source 'asn'
- option ban_src 'https://stat.ripe.net/data/announced-prefixes/data.json?resource='
- option ban_src_6 'https://stat.ripe.net/data/announced-prefixes/data.json?resource='
- option ban_src_desc 'Build a dynamic IPSet by ASN numbers based on RIPE data (IPv4/IPv6)'
- option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add asn \"\$1}'
- option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add asn_6 \"\$1}'
- list ban_src_cat '32934'
- option ban_src_settype 'net'
- option ban_src_ruletype 'src'
- option ban_src_on '0'
- option ban_src_on_6 '0'
+ option ban_global_settype 'src+dst'
+ option ban_target_src 'DROP'
+ option ban_target_dst 'REJECT'
+ option ban_loglimit '100'
--- /dev/null
+tw;Taiwan
+af;Afghanistan
+al;Albania
+dz;Algeria
+as;American Samoa
+ad;Andorra
+ao;Angola
+ai;Anguilla
+aq;Antarctica
+ag;Antigua & Barbuda
+ar;Argentina
+am;Armenia
+aw;Aruba
+au;Australia
+at;Austria
+az;Azerbaijan
+bs;Bahamas
+bh;Bahrain
+bd;Bangladesh
+bb;Barbados
+by;Belarus
+be;Belgium
+bz;Belize
+bj;Benin
+bm;Bermuda
+bt;Bhutan
+bo;Bolivia
+bq;Caribbean Netherlands
+ba;Bosnia
+bw;Botswana
+bv;Bouvet Island
+br;Brazil
+io;British Indian Ocean Territory
+vg;British Virgin Islands
+bn;Brunei
+bg;Bulgaria
+bf;Burkina Faso
+bi;Burundi
+cv;Cape Verde
+kh;Cambodia
+cm;Cameroon
+ca;Canada
+ky;Cayman Islands
+cf;Central African Republic
+td;Chad
+cl;Chile
+cn;China
+hk;Hong Kong
+mo;Macau
+cx;Christmas Island
+cc;Cocos (Keeling) Islands
+co;Colombia
+km;Comoros
+cg;Congo - Brazzaville
+ck;Cook Islands
+cr;Costa Rica
+hr;Croatia
+cu;Cuba
+cw;Curaçao
+cy;Cyprus
+cz;Czechia
+ci;Côte d’Ivoire
+kp;North Korea
+cd;Congo - Kinshasa
+dk;Denmark
+dj;Djibouti
+dm;Dominica
+do;Dominican Republic
+ec;Ecuador
+eg;Egypt
+sv;El Salvador
+gq;Equatorial Guinea
+er;Eritrea
+ee;Estonia
+sz;Eswatini
+et;Ethiopia
+fk;Falkland Islands
+fo;Faroe Islands
+fj;Fiji
+fi;Finland
+fr;France
+gf;French Guiana
+pf;French Polynesia
+tf;French Southern Territories
+ga;Gabon
+gm;Gambia
+ge;Georgia
+de;Germany
+gh;Ghana
+gi;Gibraltar
+gr;Greece
+gl;Greenland
+gd;Grenada
+gp;Guadeloupe
+gu;Guam
+gt;Guatemala
+gg;Guernsey
+gn;Guinea
+gw;Guinea-Bissau
+gy;Guyana
+ht;Haiti
+hm;Heard & McDonald Islands
+va;Vatican City
+hn;Honduras
+hu;Hungary
+is;Iceland
+in;India
+id;Indonesia
+ir;Iran
+iq;Iraq
+ie;Ireland
+im;Isle of Man
+il;Israel
+it;Italy
+jm;Jamaica
+jp;Japan
+je;Jersey
+jo;Jordan
+kz;Kazakhstan
+ke;Kenya
+ki;Kiribati
+kw;Kuwait
+kg;Kyrgyzstan
+la;Laos
+lv;Latvia
+lb;Lebanon
+ls;Lesotho
+lr;Liberia
+ly;Libya
+li;Liechtenstein
+lt;Lithuania
+lu;Luxembourg
+mg;Madagascar
+mw;Malawi
+my;Malaysia
+mv;Maldives
+ml;Mali
+mt;Malta
+mh;Marshall Islands
+mq;Martinique
+mr;Mauritania
+mu;Mauritius
+yt;Mayotte
+mx;Mexico
+fm;Micronesia
+mc;Monaco
+mn;Mongolia
+me;Montenegro
+ms;Montserrat
+ma;Morocco
+mz;Mozambique
+mm;Myanmar
+na;Namibia
+nr;Nauru
+np;Nepal
+nl;Netherlands
+nc;New Caledonia
+nz;New Zealand
+ni;Nicaragua
+ne;Niger
+ng;Nigeria
+nu;Niue
+nf;Norfolk Island
+mp;Northern Mariana Islands
+no;Norway
+om;Oman
+pk;Pakistan
+pw;Palau
+pa;Panama
+pg;Papua New Guinea
+py;Paraguay
+pe;Peru
+ph;Philippines
+pn;Pitcairn Islands
+pl;Poland
+pt;Portugal
+pr;Puerto Rico
+qa;Qatar
+kr;South Korea
+md;Moldova
+ro;Romania
+ru;Russia
+rw;Rwanda
+re;Réunion
+bl;St. Barthélemy
+sh;St. Helena
+kn;St. Kitts & Nevis
+lc;St. Lucia
+mf;St. Martin
+pm;St. Pierre & Miquelon
+vc;St. Vincent & Grenadines
+ws;Samoa
+sm;San Marino
+st;São Tomé & Príncipe
+sa;Saudi Arabia
+sn;Senegal
+rs;Serbia
+sc;Seychelles
+sl;Sierra Leone
+sg;Singapore
+sx;Sint Maarten
+sk;Slovakia
+si;Slovenia
+sb;Solomon Islands
+so;Somalia
+za;South Africa
+gs;South Georgia & South Sandwich Islands
+ss;South Sudan
+es;Spain
+lk;Sri Lanka
+ps;Palestine
+sd;Sudan
+sr;Suriname
+sj;Svalbard & Jan Mayen
+se;Sweden
+ch;Switzerland
+sy;Syria
+tj;Tajikistan
+th;Thailand
+mk;North Macedonia
+tl;Timor-Leste
+tg;Togo
+tk;Tokelau
+to;Tonga
+tt;Trinidad & Tobago
+tn;Tunisia
+tr;Turkey
+tm;Turkmenistan
+tc;Turks & Caicos Islands
+tv;Tuvalu
+ug;Uganda
+ua;Ukraine
+ae;United Arab Emirates
+gb;United Kingdom
+tz;Tanzania
+um;U.S. Outlying Islands
+vi;U.S. Virgin Islands
+us;United States
+uy;Uruguay
+uz;Uzbekistan
+vu;Vanuatu
+ve;Venezuela
+vn;Vietnam
+wf;Wallis & Futuna
+eh;Western Sahara
+ye;Yemen
+zm;Zambia
+zw;Zimbabwe
+ax;Åland Islands
#!/bin/sh
#
-[ "${ACTION}" != "add" ] && exit 0
-
-ban_iface="wan"
-[ -r "/lib/functions/network.sh" ] && { . "/lib/functions/network.sh"; network_find_wan ban_iface; }
-[ "${INTERFACE}" != "${ban_iface}" ] && exit 0
-
ban_pidfile="/var/run/banip.pid"
ban_enabled="$(/etc/init.d/banip enabled; printf "%u" "${?}")"
-if [ "${ban_enabled}" = "0" ] && [ ! -s "${ban_pidfile}" ]
+
+if [ "${ban_enabled}" = "0" ] && [ "${ACTION}" = "add" ] && [ -n "${INTERFACE}" ]
then
- /etc/init.d/banip refresh
+ ban_ifaces="$(uci_get banip global ban_ifaces)"
+ if [ ! -s "${ban_pidfile}" ] && [ -n "$(printf "%s\n" "${ban_ifaces}" | grep -F "${INTERFACE}")" ]
+ then
+ /etc/init.d/banip refresh
+ fi
fi
exit 0
#!/bin/sh /etc/rc.common
+# written by Dirk Brenken (dev@brenken.org)
#
+# This is free software, licensed under the GNU General Public License v3.
+#
+# (s)hellcheck exceptions
+# shellcheck disable=1091,2030,2031,2034,2039,2086,2129,2140,2143,2154,2181,2183,2188
START=30
USE_PROCD=1
-extra_command "refresh" "Refresh ipsets without new list downloads"
+if [ -n "$(type -t extra_command)" ]
+then
+ extra_command "refresh" "Refresh ipsets without new list downloads"
+ extra_command "suspend" "Suspend banIP processing"
+ extra_command "resume" "Resume banIP processing"
+ extra_command "query" "<IP> Query active banIP IPSets for a specific IP address"
+ extra_command "report" "[<cli>|<mail>|<gen>|<json>] Print banIP related IPset statistics"
+ extra_command "list" "[<add>|<add_asn>|<add_country>|<remove>|<remove_asn>|<remove_country>] <source(s)> List/Edit available sources"
+ extra_command "timer" "[<add> <tasks> <hour> [<minute>] [<weekday>]]|[<remove> <line no.>] List/Edit cron update intervals"
+ extra_command "version" "Print version information"
+else
+ EXTRA_COMMANDS="status refresh suspend resume query report list timer version"
+ EXTRA_HELP=" status Service status
+ refresh Refresh ipsets without new list downloads
+ suspend Suspend banIP processing
+ resume Resume banIP processing
+ query <IP> Query active banIP IPSets for a specific IP address
+ report [<cli>|<mail>|<gen>|<json>] Print banIP related IPset statistics
+ list [<add>|<add_asn>|<add_country>|<remove>|<remove_asn>|<remove_country>] <source(s)> List/Edit available sources
+ timer [<add> <tasks> <hour> [<minute>] [<weekday>]]|[<remove> <line no.>] List/Edit cron update intervals
+ version Print version information"
+fi
ban_init="/etc/init.d/banip"
ban_script="/usr/bin/banip.sh"
ban_pidfile="/var/run/banip.pid"
if [ -s "${ban_pidfile}" ] && { [ "${action}" = "start" ] || [ "${action}" = "stop" ] || \
- [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "refresh" ]; }
+ [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "refresh" ] || \
+ [ "${action}" = "suspend" ] || [ "${action}" = "resume" ] || [ "${action}" = "query" ] || \
+ { [ "${action}" = "list" ] && [ -n "${1}" ]; } || { [ "${action}" = "report" ] && [ "${1}" != "json" ]; }; }
then
exit 0
fi
boot()
{
- [ -s "${ban_pidfile}" ] && > "${ban_pidfile}"
+ > "${ban_pidfile}"
rc_procd start_service
}
start_service()
{
- if [ "$("${ban_init}" enabled; printf "%u" ${?})" -eq 0 ]
+ if [ "$("${ban_init}" enabled; printf "%u" ${?})" = "0" ]
then
if [ "${action}" = "boot" ]
then
procd_open_instance "banip"
procd_set_param command "${ban_script}" "${@}"
procd_set_param pidfile "${ban_pidfile}"
- procd_set_param nice "$(uci_get banip extra ban_nice "0")"
+ procd_set_param nice "$(uci_get banip global ban_nice "0")"
procd_set_param stdout 1
procd_set_param stderr 1
procd_close_instance
fi
}
+version()
+{
+ rc_procd "${ban_script}" version
+}
+
refresh()
{
rc_procd start_service refresh
rc_procd start_service restart
}
+suspend()
+{
+ rc_procd start_service suspend
+}
+
+resume()
+{
+ rc_procd start_service resume
+}
+
+query()
+{
+ rc_procd "${ban_script}" query "${1}"
+}
+
+list()
+{
+ local src_archive src_file src_enabled key name enabled focus url_4 rule_4 url_6 rule_6 action="${1}"
+
+ if [ "${action%_*}" = "add" ] || [ "${action%_*}" = "remove" ]
+ then
+ shift
+ for name in "${@}"
+ do
+ case "${action}" in
+ "add")
+ if [ -z "$(uci_get banip global ban_sources | grep -Fo "${name}")" ]
+ then
+ uci_add_list banip global ban_sources "${name}"
+ printf "%s\n" "::: banIP source '${name}' added to config"
+ fi
+ ;;
+ "remove")
+ if [ -n "$(uci_get banip global ban_sources | grep -Fo "${name}")" ]
+ then
+ uci_remove_list banip global ban_sources "${name}"
+ printf "%s\n" "::: banIP source '${name}' removed from config"
+ fi
+ ;;
+ "add_asn")
+ if [ -z "$(uci_get banip global ban_asns | grep -Fo "${name}")" ]
+ then
+ uci_add_list banip global ban_asns "${name}"
+ printf "%s\n" "::: banIP asn '${name}' added to config"
+ fi
+ ;;
+ "remove_asn")
+ if [ -n "$(uci_get banip global ban_asns | grep -Fo "${name}")" ]
+ then
+ uci_remove_list banip global ban_asns "${name}"
+ printf "%s\n" "::: banIP asn '${name}' removed from config"
+ fi
+ ;;
+ "add_country")
+ if [ -z "$(uci_get banip global ban_countries | grep -Fo "${name}")" ]
+ then
+ uci_add_list banip global ban_countries "${name}"
+ printf "%s\n" "::: banIP country '${name}' added to config"
+ fi
+ ;;
+ "remove_country")
+ if [ -n "$(uci_get banip global ban_countries | grep -Fo "${name}")" ]
+ then
+ uci_remove_list banip global ban_countries "${name}"
+ printf "%s\n" "::: banIP country '${name}' removed from config"
+ fi
+ ;;
+ esac
+ done
+ if [ -n "$(uci -q changes banip)" ]
+ then
+ uci_commit banip
+ "${ban_init}" start
+ fi
+ else
+ src_archive="$(uci_get banip global ban_srcarc "/etc/banip/banip.sources.gz")"
+ src_file="$(uci_get banip global ban_srcfile "/tmp/ban_sources.json")"
+ src_enabled="$(uci -q show banip.global.ban_sources)"
+ if [ -r "${src_archive}" ]
+ then
+ zcat "${src_archive}" > "${src_file}"
+ else
+ printf "%s\n" "::: banIP source archive '${src_archive}' not found"
+ fi
+ if [ -r "${src_file}" ]
+ then
+ src_enabled="${src_enabled#*=}"
+ src_enabled="${src_enabled//\'}"
+ printf "%s\n" "::: Available banIP sources"
+ printf "%s\n" ":::"
+ printf "%-25s%-10s%-36s%s\n" " Name" "Enabled" "Focus" "Info URL"
+ printf "%s\n" " ---------------------------------------------------------------------------"
+ json_load_file "${src_file}"
+ json_get_keys keylist
+ for key in ${keylist}
+ do
+ json_select "${key}"
+ json_get_var focus "focus"
+ json_get_var descurl "descurl"
+ json_get_var url_4 "url_4"
+ json_get_var rule_4 "rule_4"
+ json_get_var url_6 "url_6"
+ json_get_var rule_6 "rule_6"
+ if { [ -n "${url_4}" ] && [ -n "${rule_4}" ]; } || { [ -n "${url_6}" ] && [ -n "${rule_6}" ]; }
+ then
+ if [ -n "$(printf "%s" "${src_enabled}" | grep -Fo "${key}")" ]
+ then
+ enabled="x"
+ else
+ enabled=" "
+ fi
+ src_enabled="${src_enabled/${key}}"
+ printf " + %-21s%-10s%-36s%s\n" "${key:0:20}" "${enabled}" "${focus:0:35}" "${descurl:0:50}"
+ else
+ src_enabled="${src_enabled} ${key}"
+ fi
+ json_select ..
+ done
+ asn_list="$(uci_get banip global ban_asns "-")"
+ country_list="$(uci_get banip global ban_countries "-")"
+ printf "%s\n" " ---------------------------------------------------------------------------"
+ printf " * %s\n" "Configured ASNs: ${asn_list// /, }"
+ printf " * %s\n" "Configured Countries: ${country_list// /, }"
+
+ if [ -n "${src_enabled// }" ]
+ then
+ printf "%s\n" " ---------------------------------------------------------------------------"
+ printf "%s\n" " Sources without valid configuration"
+ printf "%s\n" " ---------------------------------------------------------------------------"
+ for key in ${src_enabled}
+ do
+ printf " - %s\n" "${key:0:20}"
+ done
+ fi
+ else
+ printf "%s\n" "::: banIP source file '${src_file}' not found"
+ fi
+ fi
+}
+
+status()
+{
+ status_service
+}
+
status_service()
{
- local key keylist value
- local rtfile="$(uci_get banip global ban_rtfile "/tmp/ban_runtime.json")"
+ local key keylist value index_value values rtfile
+
+ rtfile="$(uci_get banip global ban_rtfile "/tmp/ban_runtime.json")"
json_load_file "${rtfile}" >/dev/null 2>&1
- json_select data >/dev/null 2>&1
- if [ "${?}" -eq 0 ]
+ json_get_keys keylist
+ if [ -n "${keylist}" ]
then
- printf "%s\\n" "::: banIP runtime information"
- json_get_keys keylist
+ printf "%s\n" "::: banIP runtime information"
for key in ${keylist}
do
- json_get_var value "${key}"
- printf " + %-10s : %s\\n" "${key}" "${value}"
+ json_get_var value "${key}" >/dev/null 2>&1
+ if [ "${key%_*}" = "active" ]
+ then
+ printf " + %-15s : " "${key}"
+ json_select "${key}" >/dev/null 2>&1
+ values=""
+ index=1
+ while json_get_type type "${index}" && [ "${type}" = "object" ]
+ do
+ json_get_values index_value "${index}" >/dev/null 2>&1
+ if [ "${index}" = "1" ]
+ then
+ values="${index_value}"
+ else
+ values="${values}, ${index_value}"
+ fi
+ index=$((index+1))
+ done
+ values="$(printf "%s" "${values}" | awk '{NR=1;max=98;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{printf"%-22s%s\n","",substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')"
+ printf "%s\n" "${values:-"-"}"
+ json_select ".."
+ else
+ printf " + %-15s : %s\n" "${key}" "${value:-"-"}"
+ fi
done
else
- printf "%s\\n" "::: no banIP runtime information available"
+ printf "%s\n" "::: no banIP runtime information available"
+ fi
+}
+
+report()
+{
+ rc_procd "${ban_script}" report "${1:-"cli"}"
+}
+
+timer()
+{
+ local cron_file cron_content cron_lineno action="${1:-"list"}" cron_tasks="${2}" hour="${3}" minute="${4:-0}" weekday="${5:-"*"}"
+
+ cron_file="/etc/crontabs/root"
+
+ if [ -s "${cron_file}" ] && [ "${action}" = "list" ]
+ then
+ awk '{print NR "> " $0}' "${cron_file}"
+ elif [ "${action}" = "add" ]
+ then
+ hour="${hour//[[:alpha:]]/}"
+ minute="${minute//[[:alpha:]]/}"
+ if [ -n "${cron_tasks}" ] && [ -n "${hour}" ] && [ -n "${minute}" ] && [ -n "${weekday}" ] && \
+ [ "${hour}" -ge 0 ] && [ "${hour}" -le 23 ] && \
+ [ "${minute}" -ge 0 ] && [ "${minute}" -le 59 ]
+ then
+ printf "%02d %02d %s\n" "${minute}" "${hour}" "* * ${weekday} ${ban_init} ${cron_tasks}" >> "${cron_file}"
+ /etc/init.d/cron restart
+ fi
+ elif [ -s "${cron_file}" ] && [ "${action}" = "remove" ]
+ then
+ cron_tasks="${cron_tasks//[[:alpha:]]/}"
+ cron_lineno="$(awk 'END{print NR}' "${cron_file}")"
+ cron_content="$(awk '{print $0}' "${cron_file}")"
+ if [ "${cron_tasks:-"0"}" -le "${cron_lineno:-"1"}" ] && [ -n "${cron_content}" ]
+ then
+ printf "%s\n" "${cron_content}" | awk "NR!~/^${cron_tasks}$/" > "${cron_file}"
+ /etc/init.d/cron restart
+ fi
fi
}
service_triggers()
{
- local trigger trigger_list="$(uci_get banip global ban_trigger)"
- local delay="$(uci_get banip extra ban_triggerdelay "2")"
- local type="$(uci_get banip extra ban_starttype "start")"
+ local iface delay
- PROCD_RELOAD_DELAY=$((${delay}*1000))
+ iface="$(uci_get banip global ban_trigger)"
+ delay="$(uci_get banip global ban_triggerdelay "5")"
+ PROCD_RELOAD_DELAY=$((delay*1000))
- if [ -z "${trigger_list}" ] && [ -r "/lib/functions/network.sh" ]
+ if [ -z "${iface}" ]
then
. "/lib/functions/network.sh"
- network_find_wan trigger_list
+ network_find_wan iface
+ if [ -n "${iface}" ]
+ then
+ uci_set banip global ban_trigger "${iface}"
+ uci_commit "banip"
+ fi
fi
-
- if [ -n "${trigger_list}" ]
+ if [ -n "${iface}" ]
then
- for trigger in ${trigger_list}
- do
- procd_add_interface_trigger "interface.*.up" "${trigger}" "${ban_init}" "${type}"
- done
- else
- procd_add_raw_trigger "interface.*.up" ${PROCD_RELOAD_DELAY} "${ban_init}" "${type}"
+
+ procd_add_interface_trigger "interface.*.up" "${iface}" "${ban_init}" "start"
fi
procd_add_reload_trigger "banip"
}
--- /dev/null
+#!/bin/sh
+# send mail script for banIP notifications
+# written by Dirk Brenken (dev@brenken.org)
+#
+# This is free software, licensed under the GNU General Public License v3.
+#
+# (s)hellcheck exceptions
+# shellcheck disable=1091,2030,2031,2034,2039,2086,2129,2140,2143,2154,2181,2183,2188
+
+export LC_ALL=C
+export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
+set -o pipefail
+
+if [ -r "/lib/functions.sh" ]
+then
+ . "/lib/functions.sh"
+ ban_debug="$(uci_get banip global ban_debug "0")"
+ ban_loglimit="$(uci_get banip global ban_loglimit "100")"
+ ban_mailsender="$(uci_get banip global ban_mailsender "no-reply@banIP")"
+ ban_mailreceiver="$(uci_get banip global ban_mailreceiver)"
+ ban_mailtopic="$(uci_get banip global ban_mailtopic "banIP notification")"
+ ban_mailprofile="$(uci_get banip global ban_mailprofile "ban_notify")"
+fi
+ban_ver="${1}"
+ban_mail="$(command -v msmtp)"
+ban_logger="$(command -v logger)"
+ban_logread="$(command -v logread)"
+ban_rc=1
+
+f_log()
+{
+ local class="${1}" log_msg="${2}"
+
+ if [ -x "${ban_logger}" ]
+ then
+ "${ban_logger}" -p "${class}" -t "banIP-${ban_ver%-*}[${$}]" "${log_msg}"
+ else
+ printf "%s %s %s\n" "${class}" "banIP-${ban_ver%-*}[${$}]" "${log_msg}"
+ fi
+}
+
+if [ -z "${ban_mailreceiver}" ]
+then
+ f_log "err" "please set the mail receiver with the 'ban_mailreceiver' option"
+ exit ${ban_rc}
+fi
+
+if [ "${ban_debug}" = "1" ]
+then
+ msmtp_debug="--debug"
+fi
+
+ban_mailhead="From: ${ban_mailsender}\nTo: ${ban_mailreceiver}\nSubject: ${ban_mailtopic}\nReply-to: ${ban_mailsender}\nMime-Version: 1.0\nContent-Type: text/html;charset=utf-8\nContent-Disposition: inline\n\n"
+
+# info preparation
+#
+sys_info="$(strings /etc/banner 2>/dev/null)"
+ban_info="$(/etc/init.d/banip "status" 2>/dev/null)"
+rep_info="${2}"
+log_info="$("${ban_logread}" -l "${ban_loglimit}" -e "banIP-" 2>/dev/null | awk '{NR=1;max=120;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{print substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')"
+
+# mail body
+#
+ban_mailtext="<html><body><pre style='display:block;font-family:monospace;font-size:1rem;padding:20;background-color:#f3eee5;white-space:pre'>"
+ban_mailtext="${ban_mailtext}\n<strong>++\n++ System Information ++\n++</strong>\n${sys_info}"
+ban_mailtext="${ban_mailtext}\n\n<strong>++\n++ banIP Status ++\n++</strong>\n${ban_info}"
+if [ -n "${rep_info}" ]
+then
+ ban_mailtext="${ban_mailtext}\n\n<strong>++\n++ banIP Report ++\n++</strong>\n${rep_info}"
+fi
+ban_mailtext="${ban_mailtext}\n\n<strong>++\n++ Logfile Information ++\n++</strong>\n${log_info}"
+ban_mailtext="${ban_mailtext}</pre></body></html>"
+
+# send mail
+#
+if [ -x "${ban_mail}" ]
+then
+ printf "%b" "${ban_mailhead}${ban_mailtext}" 2>/dev/null | "${ban_mail}" ${msmtp_debug} -a "${ban_mailprofile}" "${ban_mailreceiver}" >/dev/null 2>&1
+ ban_rc=${?}
+ f_log "info" "mail sent to '${ban_mailreceiver}' with rc '${ban_rc}'"
+else
+ f_log "err" "msmtp mail daemon not found"
+fi
+exit ${ban_rc}
#!/bin/sh
# log service to trace failed ssh/luci logins and conditionally refresh banIP
# written by Dirk Brenken (dev@brenken.org)
-
+#
# This is free software, licensed under the GNU General Public License v3.
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# (s)hellcheck exceptions
+# shellcheck disable=1091,2030,2031,2034,2039,2086,2129,2140,2143,2154,2181,2183,2188
-LC_ALL=C
-PATH="/usr/sbin:/usr/bin:/sbin:/bin"
+export LC_ALL=C
+export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
+set -o pipefail
ban_ver="${1}"
-ban_sshdaemon="${2}"
+ban_search="${2}"
ban_logger="$(command -v logger)"
ban_logread="$(command -v logread)"
if [ -x "${ban_logger}" ]
then
- "${ban_logger}" -p "${class}" -t "banIP-${ban_ver}[${$}]" "${log_msg}"
+ "${ban_logger}" -p "${class}" -t "banIP-${ban_ver%-*}[${$}]" "${log_msg}"
else
- printf "%s %s %s\\n" "${class}" "banIP-${ban_ver}[${$}]" "${log_msg}"
+ printf "%s %s %s\n" "${class}" "banIP-${ban_ver%-*}[${$}]" "${log_msg}"
fi
}
if [ -x "${ban_logread}" ]
then
f_log "info" "log/banIP service started"
- "${ban_logread}" -f -e "${ban_sshdaemon}\|luci: failed login" | \
- { grep -q "Exit before auth\|luci: failed login\|error: maximum authentication attempts exceeded"; [ $? -eq 0 ] && /etc/init.d/banip refresh; }
+ "${ban_logread}" -f | { grep -q "${ban_search}"; [ "${?}" = "0" ] && /etc/init.d/banip refresh; }
else
f_log "err" "can't start log/banIP service"
fi
#!/bin/sh
# banIP - ban incoming and outgoing ip adresses/subnets via ipset
# written by Dirk Brenken (dev@brenken.org)
-
+#
# This is free software, licensed under the GNU General Public License v3.
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
+#
# (s)hellcheck exceptions
-# shellcheck disable=1091,2039,2086,2140,2143,2181,2188
+# shellcheck disable=1091,2030,2031,2034,2039,2086,2129,2140,2143,2154,2181,2183,2188
# set initial defaults
#
-LC_ALL=C
-PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-ban_ver="0.3.12"
-ban_basever=""
-ban_enabled=0
-ban_automatic="1"
-ban_sources=""
-ban_iface=""
-ban_debug=0
-ban_backupdir="/mnt"
-ban_maxqueue=4
-ban_autoblacklist=1
-ban_autowhitelist=1
-ban_realtime="false"
+export LC_ALL=C
+export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
+set -o pipefail
+ban_ver="0.7.0"
+ban_enabled="0"
+ban_mail_enabled="0"
+ban_proto4_enabled="0"
+ban_proto6_enabled="0"
+ban_logsrc_enabled="0"
+ban_logdst_enabled="0"
+ban_monitor_enabled="0"
+ban_autodetect="1"
+ban_autoblacklist="1"
+ban_autowhitelist="1"
+ban_logterms=""
+ban_loglimit="100"
+ban_mailactions=""
+ban_search=""
+ban_devs=""
+ban_ifaces=""
+ban_debug="0"
+ban_maxqueue="4"
ban_fetchutil=""
-ban_ipt="$(command -v iptables)"
-ban_ipt_save="$(command -v iptables-save)"
-ban_ipt_restore="$(command -v iptables-restore)"
-ban_ipt6="$(command -v ip6tables)"
-ban_ipt6_save="$(command -v ip6tables-save)"
-ban_ipt6_restore="$(command -v ip6tables-restore)"
-ban_ipset="$(command -v ipset)"
-ban_logger="$(command -v logger)"
-ban_chain="banIP"
+ban_ip_cmd="$(command -v ip)"
+ban_ipt4_cmd="$(command -v iptables)"
+ban_ipt4_savecmd="$(command -v iptables-save)"
+ban_ipt4_restorecmd="$(command -v iptables-restore)"
+ban_ipt6_cmd="$(command -v ip6tables)"
+ban_ipt6_savecmd="$(command -v ip6tables-save)"
+ban_ipt6_restorecmd="$(command -v ip6tables-restore)"
+ban_ipset_cmd="$(command -v ipset)"
+ban_logger_cmd="$(command -v logger)"
+ban_allsources=""
+ban_sources=""
+ban_asns=""
+ban_countries=""
+ban_settype_src=""
+ban_settype_dst=""
+ban_settype_all=""
+ban_lan_inputchains_4=""
+ban_lan_inputchains_6=""
+ban_lan_forwardchains_4=""
+ban_lan_forwardchains_6=""
+ban_wan_inputchains_4=""
+ban_wan_inputchains_6=""
+ban_wan_forwardchains_4=""
+ban_wan_forwardchains_6=""
ban_action="${1:-"start"}"
ban_pidfile="/var/run/banip.pid"
-ban_rtfile="/tmp/ban_runtime.json"
+ban_tmpbase="/tmp"
+ban_rtfile="${ban_tmpbase}/ban_runtime.json"
+ban_srcfile="${ban_tmpbase}/ban_sources.json"
+ban_reportdir="${ban_tmpbase}/banIP-Report"
+ban_backupdir="${ban_tmpbase}/banIP-Backup"
+ban_srcarc="/etc/banip/banip.sources.gz"
+ban_mailservice="/etc/banip/banip.mail"
ban_logservice="/etc/banip/banip.service"
-ban_sshdaemon=""
-ban_setcnt=0
-ban_cnt=0
-ban_log_src=0
-ban_log_dst=0
+ban_maclist="/etc/banip/banip.maclist"
+ban_blacklist="/etc/banip/banip.blacklist"
+ban_whitelist="/etc/banip/banip.whitelist"
+ban_setcnt="0"
+ban_cnt="0"
# load environment
#
-f_envload()
+f_load()
{
# get system information
#
ban_sysver="$(ubus -S call system board 2>/dev/null | jsonfilter -e '@.model' -e '@.release.description' | \
awk 'BEGIN{ORS=", "}{print $0}' | awk '{print substr($0,1,length($0)-2)}')"
- # parse 'global' and 'extra' section by callback
- #
- config_cb()
- {
- local type="${1}"
- if [ "${type}" = "banip" ]
- then
- option_cb()
- {
- local option="${1}"
- local value="${2}"
- eval "${option}=\"${value}\""
- }
- else
- reset_cb
- fi
- }
-
- # parse 'source' typed sections
- #
- parse_config()
- {
- local value opt section="${1}" options="ban_src ban_src_6 ban_src_rset ban_src_rset_6 ban_src_settype ban_src_ruletype ban_src_on ban_src_on_6 ban_src_cat"
- for opt in ${options}
- do
- config_get value "${section}" "${opt}"
- if [ -n "${value}" ]
- then
- eval "${opt}_${section}=\"${value}\""
- if [ "${opt}" = "ban_src" ]
- then
- eval "ban_sources=\"${ban_sources} ${section}\""
- elif [ "${opt}" = "ban_src_6" ]
- then
- eval "ban_sources=\"${ban_sources} ${section}_6\""
- fi
- fi
- done
- }
-
# load config
#
- config_load banip
- config_foreach parse_config source
+ f_conf
- # setup logging
+ # check status
#
- ban_log_chain_src="${ban_log_chain_src:-"${ban_chain}_log_src"}"
- if [ "${ban_log_src}" -eq 1 ]
+ if [ "${ban_enabled}" = "0" ]
then
- log_target_src="${ban_target_src:-"DROP"}"
- ban_target_src="${ban_log_chain_src}"
-
- log_target_src_6="${ban_target_src_6:-"DROP"}"
- ban_target_src_6="${ban_log_chain_src}"
+ f_bgsrv "stop"
+ f_ipset "destroy"
+ f_jsnup "disabled"
+ f_rmbckp
+ f_log "info" "banIP is currently disabled, please set the config option 'ban_enabled' to '1' to use this service"
+ exit 0
fi
- ban_log_chain_dst="${ban_log_chain_dst:-"${ban_chain}_log_dst"}"
- if [ "${ban_log_dst}" -eq 1 ]
- then
- log_target_dst="${ban_target_dst:-"REJECT"}"
- ban_target_dst="${ban_log_chain_dst}"
+ f_dir "${ban_backupdir}"
+ f_dir "${ban_reportdir}"
+}
+
+# check/create directories
+#
+f_dir()
+{
+ local dir="${1}"
- log_target_dst_6="${ban_target_dst_6:-"REJECT"}"
- ban_target_dst_6="${ban_log_chain_dst}"
+ if [ ! -d "${dir}" ]
+ then
+ mkdir -p "${dir}"
+ if [ "${?}" = "0" ]
+ then
+ f_log "info" "directory '${dir}' created"
+ else
+ f_log "err" "directory '${dir}' could not be created"
+ fi
+ else
+ f_log "info" "directory '${dir}' is used"
fi
+}
- # version check
- #
- if [ -z "${ban_basever}" ] || [ "${ban_ver%.*}" != "${ban_basever}" ]
+# load banIP config
+#
+f_conf()
+{
+ if [ ! -r "/etc/config/banip" ] || [ -z "$(uci -q show banip.global.ban_autodetect)" ]
then
- f_log "info" "your banIP config seems to be too old, please update your config with the '--force-maintainer' opkg option"
- f_rmtemp
- exit 0
+ f_log "err" "no valid banIP config found, please re-install the package via opkg with the '--force-reinstall --force-maintainer' options"
fi
- # create temp directory & files
- #
- f_temp
+ config_cb()
+ {
+ option_cb()
+ {
+ local option="${1}"
+ local value="${2}"
+ eval "${option}=\"${value}\""
+ }
+ list_cb()
+ {
+ local option="${1}"
+ local value="${2}"
+ if [ "${option}" = "ban_ifaces" ]
+ then
+ eval "${option}=\"$(printf "%s" "${ban_ifaces}")${value} \""
+ elif [ "${option}" = "ban_sources" ]
+ then
+ eval "${option}=\"$(printf "%s" "${ban_sources}")${value} \""
+ elif [ "${option}" = "ban_localsources" ]
+ then
+ eval "${option}=\"$(printf "%s" "${ban_localsources}")${value} \""
+ elif [ "${option}" = "ban_settype_src" ]
+ then
+ eval "${option}=\"$(printf "%s" "${ban_settype_src}")${value} \""
+ elif [ "${option}" = "ban_settype_dst" ]
+ then
+ eval "${option}=\"$(printf "%s" "${ban_settype_dst}")${value} \""
+ elif [ "${option}" = "ban_settype_all" ]
+ then
+ eval "${option}=\"$(printf "%s" "${ban_settype_all}")${value} \""
+ elif [ "${option}" = "ban_mailactions" ]
+ then
+ eval "${option}=\"$(printf "%s" "${ban_mailactions}")${value} \""
+ elif [ "${option}" = "ban_logterms" ]
+ then
+ eval "${option}=\"$(printf "%s" "${ban_logterms}")${value} \""
+ elif [ "${option}" = "ban_countries" ]
+ then
+ eval "${option}=\"$(printf "%s" "${ban_countries}")${value} \""
+ elif [ "${option}" = "ban_asns" ]
+ then
+ eval "${option}=\"$(printf "%s" "${ban_asns}")${value} \""
+ elif [ "${option}" = "ban_lan_inputchains_4" ]
+ then
+ eval "${option}=\"$(printf "%s" "${ban_lan_inputchains_4}")${value} \""
+ elif [ "${option}" = "ban_lan_inputchains_6" ]
+ then
+ eval "${option}=\"$(printf "%s" "${ban_lan_inputchains_6}")${value} \""
+ elif [ "${option}" = "ban_lan_forwardchains_4" ]
+ then
+ eval "${option}=\"$(printf "%s" "${ban_lan_forwardchains_4}")${value} \""
+ elif [ "${option}" = "ban_lan_forwardchains_6" ]
+ then
+ eval "${option}=\"$(printf "%s" "${ban_lan_forwardchains_6}")${value} \""
+ elif [ "${option}" = "ban_wan_inputchains_4" ]
+ then
+ eval "${option}=\"$(printf "%s" "${ban_wan_inputchains_4}")${value} \""
+ elif [ "${option}" = "ban_wan_inputchains_6" ]
+ then
+ eval "${option}=\"$(printf "%s" "${ban_wan_inputchains_6}")${value} \""
+ elif [ "${option}" = "ban_wan_forwardchains_4" ]
+ then
+ eval "${option}=\"$(printf "%s" "${ban_wan_forwardchains_4}")${value} \""
+ elif [ "${option}" = "ban_wan_forwardchains_6" ]
+ then
+ eval "${option}=\"$(printf "%s" "${ban_wan_forwardchains_6}")${value} \""
+ fi
+ }
+ }
+ config_load banip
- # check status
- #
- if [ "${ban_enabled}" -eq 0 ]
+ ban_chain="${ban_chain:-"banIP"}"
+ ban_global_settype="${ban_global_settype:-"src+dst"}"
+ ban_target_src="${ban_target_src:-"DROP"}"
+ ban_target_dst="${ban_target_dst:-"REJECT"}"
+ ban_lan_inputchains_4="${ban_lan_inputchains_4:-"input_lan_rule"}"
+ ban_lan_inputchains_6="${ban_lan_inputchains_6:-"input_lan_rule"}"
+ ban_lan_forwardchains_4="${ban_lan_forwardchains_4:-"forwarding_lan_rule"}"
+ ban_lan_forwardchains_6="${ban_lan_forwardchains_6:-"forwarding_lan_rule"}"
+ ban_wan_inputchains_4="${ban_wan_inputchains_4:-"input_wan_rule"}"
+ ban_wan_inputchains_6="${ban_wan_inputchains_6:-"input_wan_rule"}"
+ ban_wan_forwardchains_4="${ban_wan_forwardchains_4:-"forwarding_wan_rule"}"
+ ban_wan_forwardchains_6="${ban_wan_forwardchains_6:-"forwarding_wan_rule"}"
+ ban_logchain_src="${ban_logchain_src:-"${ban_chain}_log_src"}"
+ ban_logchain_dst="${ban_logchain_dst:-"${ban_chain}_log_dst"}"
+ ban_logtarget_src="${ban_target_src}"
+ ban_logtarget_dst="${ban_target_dst}"
+ if [ "${ban_logsrc_enabled}" = "1" ]
then
- f_bgserv "stop"
- f_jsnup disabled
- f_ipset destroy
- f_rmbackup
- f_rmtemp
- f_log "info" "banIP is currently disabled, please set ban_enabled to '1' to use this service"
- exit 0
+ ban_logprefix_src="${ban_logprefix_src:-"[banIP-${ban_ver%-*}, src/${ban_target_src}] "}"
+ ban_logopts_src="${ban_logopts_src:-"-m limit --limit 2/sec"}"
+ ban_target_src="${ban_logchain_src}"
fi
+ if [ "${ban_logdst_enabled}" = "1" ]
+ then
+ ban_logprefix_dst="${ban_logprefix_dst:-"[banIP-${ban_ver%-*}, dst/${ban_target_dst}] "}"
+ ban_logopts_dst="${ban_logopts_dst:-"-m limit --limit 2/sec"}"
+ ban_target_dst="${ban_logchain_dst}"
+ fi
+ ban_localsources="${ban_localsources:-"maclist whitelist blacklist"}"
+ ban_logterms="${ban_logterms:-"dropbear sshd luci"}"
+ f_log "debug" "f_conf ::: ifaces: ${ban_ifaces:-"-"}, chain: ${ban_chain}, set_type: ${ban_global_settype}, log_chains (src/dst): ${ban_logchain_src}/${ban_logchain_dst}, targets (src/dst): ${ban_target_src}/${ban_target_dst}"
+ f_log "debug" "f_conf ::: lan_inputs (4/6): ${ban_lan_inputchains_4}/${ban_lan_inputchains_6}, lan_forwards (4/6): ${ban_lan_forwardchains_4}/${ban_lan_forwardchains_6}, wan_inputs (4/6): ${ban_wan_inputchains_4}/${ban_wan_inputchains_6}, wan_forwards (4/6): ${ban_wan_forwardchains_4}/${ban_wan_forwardchains_6}"
+ f_log "debug" "f_conf ::: local_sources: ${ban_localsources:-"-"}, log_terms: ${ban_logterms:-"-"}, log_prefixes (src/dst): ${ban_logprefix_src}/${ban_logprefix_dst}, log_options (src/dst): ${ban_logopts_src}/${ban_logopts_dst}"
}
# check environment
#
-f_envcheck()
+f_env()
{
- local util utils packages iface tmp cnt=0 cnt_max=0
+ local util utils packages iface tmp cnt="0" cnt_max="10"
+ ban_starttime="$(date "+%s")"
f_jsnup "running"
f_log "info" "start banIP processing (${ban_action})"
- # check backup directory
+ # create temp directory & files
#
- if [ ! -d "${ban_backupdir}" ]
- then
- f_log "err" "the backup directory '${ban_backupdir}' does not exist or has not been mounted yet, please create the directory or raise the 'ban_triggerdelay' to defer the banIP start"
- fi
+ f_tmp
# get wan devices and wan subnets
#
- if [ "${ban_automatic}" = "1" ]
+ if [ "${ban_autodetect}" = "1" ] && [ -z "${ban_ifaces}" ]
then
- while [ "${cnt}" -le 30 ]
+ while [ "${cnt}" -le "${cnt_max}" ]
do
network_find_wan iface
- if [ -n "${iface}" ] && [ -z "$(printf "%s\\n" "${ban_iface}" | grep -F "${iface}")" ]
+ if [ -n "${iface}" ] && [ -z "$(printf "%s\n" "${ban_ifaces}" | grep -F "${iface}")" ]
then
- ban_iface="${ban_iface} ${iface}"
- if [ "${cnt_max}" -eq 0 ]
- then
- cnt_max=$((cnt+5))
- fi
+ ban_proto4_enabled="1"
+ ban_ifaces="${ban_ifaces}${iface} "
+ uci_set banip global ban_proto4_enabled "1"
+ uci_add_list banip global ban_ifaces "${iface}"
fi
network_find_wan6 iface
- if [ -n "${iface}" ] && [ -z "$(printf "%s\\n" "${ban_iface}" | grep -F "${iface}")" ]
+ if [ -n "${iface}" ] && [ -z "$(printf "%s\n" "${ban_ifaces}" | grep -F "${iface}")" ]
then
- ban_iface="${ban_iface} ${iface}"
- if [ "${cnt_max}" -eq 0 ]
- then
- cnt_max=$((cnt+5))
- fi
+ ban_proto6_enabled="1"
+ ban_ifaces="${ban_ifaces}${iface} "
+ uci_set banip global ban_proto6_enabled "1"
+ uci_add_list banip global ban_ifaces "${iface}"
fi
- if [ -z "${ban_iface}" ] || [ "${cnt}" -le "${cnt_max}" ]
+ if [ -z "${ban_ifaces}" ]
then
- network_flush_cache
- cnt=$((cnt+1))
- sleep 1
+ if [ "${cnt}" -le "${cnt_max}" ]
+ then
+ network_flush_cache
+ cnt=$((cnt+1))
+ sleep 1
+ else
+ break
+ fi
else
+ if [ -n "$(uci -q changes "banip")" ]
+ then
+ uci_commit "banip"
+ fi
break
fi
done
fi
- for iface in ${ban_iface}
+ while [ "${cnt}" -le "${cnt_max}" ]
do
- network_get_device tmp "${iface}"
- if [ -n "${tmp}" ] && [ -z "$(printf "%s\\n" "${ban_dev}" | grep -F "${tmp}")" ]
- then
- ban_dev="${ban_dev} ${tmp}"
- else
- network_get_physdev tmp "${iface}"
- if [ -n "${tmp}" ] && [ -z "$(printf "%s\\n" "${ban_dev}" | grep -F "${tmp}")" ]
+ for iface in ${ban_ifaces}
+ do
+ network_get_device tmp "${iface}"
+ if [ -n "${tmp}" ] && [ -z "$(printf "%s\n" "${ban_devs}" | grep -F "${tmp}")" ]
+ then
+ ban_devs="${ban_devs} ${tmp}"
+ else
+ network_get_physdev tmp "${iface}"
+ if [ -n "${tmp}" ] && [ -z "$(printf "%s\n" "${ban_devs}" | grep -F "${tmp}")" ]
+ then
+ ban_devs="${ban_devs} ${tmp}"
+ fi
+ fi
+ network_get_subnet tmp "${iface}"
+ if [ -n "${tmp}" ] && [ -z "$(printf "%s\n" "${ban_subnets}" | grep -F "${tmp}")" ]
then
- ban_dev="${ban_dev} ${tmp}"
+ ban_subnets="${ban_subnets} ${tmp}"
fi
- fi
- network_get_subnets tmp "${iface}"
- if [ -n "${tmp}" ] && [ -z "$(printf "%s\\n" "${ban_subnets}" | grep -F "${tmp}")" ]
- then
- ban_subnets="${ban_subnets} ${tmp}"
- fi
- network_get_subnets6 tmp "${iface}"
- if [ -n "${tmp}" ] && [ -z "$(printf "%s\\n" "${ban_subnets6}" | grep -F "${tmp}")" ]
+ network_get_subnet6 tmp "${iface}"
+ if [ -n "${tmp}" ] && [ -z "$(printf "%s\n" "${ban_subnets}" | grep -F "${tmp}")" ]
+ then
+ ban_subnets="${ban_subnets} ${tmp}"
+ fi
+ done
+ if [ -z "${ban_devs}" ] || [ -z "${ban_subnets}" ]
then
- ban_subnets6="${ban_subnets6} ${tmp}"
+ if [ "${cnt}" -le "${cnt_max}" ]
+ then
+ network_flush_cache
+ cnt=$((cnt+1))
+ sleep 1
+ else
+ break
+ fi
+ else
+ break
fi
done
- ban_dev_all="$(ip link show 2>/dev/null | awk 'BEGIN{FS="[@: ]"}/^[0-9:]/{if($3!="lo"){print $3}}')"
+ ban_ipdevs="$("${ban_ip_cmd}" link show 2>/dev/null | awk 'BEGIN{FS="[@: ]"}/^[0-9:]/{if($3!="lo"){ORS=" ";print $3}}')"
- if [ -z "${ban_iface}" ] || [ -z "${ban_dev}" ] || [ -z "${ban_dev_all}" ]
+ if [ -z "${ban_ifaces}" ] || [ -z "${ban_devs}" ] || [ -z "${ban_ipdevs}" ]
then
- f_log "err" "wan interface(s)/device(s) (${ban_iface:-"-"}/${ban_dev:-"-"}) not found, please please check your configuration"
+ f_log "err" "logical wan interface(s)/device(s) '${ban_ifaces:-"-"}/${ban_devs:-"-"}' not found, please please check your configuration"
+ elif [ -z "${ban_ipdevs}" ]
+ then
+ f_log "err" "ip device(s) '${ban_ipdevs:-"-"}' not found, please please check your configuration"
+ fi
+
+ # check ipset/iptables utility
+ #
+ if [ ! -x "${ban_ipset_cmd}" ]
+ then
+ f_log "err" "ipset utility '${ban_ipset_cmd:-"-"}' not executable, please install package 'ipset'"
+ fi
+ if { [ "${ban_proto4_enabled}" = "1" ] && { [ ! -x "${ban_ipt4_cmd}" ] || [ ! -x "${ban_ipt4_savecmd}" ] || [ ! -x "${ban_ipt4_restorecmd}" ]; }; } || \
+ { [ "${ban_proto6_enabled}" = "1" ] && { [ ! -x "${ban_ipt6_cmd}" ] || [ ! -x "${ban_ipt6_savecmd}" ] || [ ! -x "${ban_ipt6_restorecmd}" ]; }; }
+ then
+ f_log "err" "iptables utilities '${ban_ipt4_cmd:-"-"}, ${ban_ipt4_savecmd:-"-"}, ${ban_ipt4_restorecmd:-"-"}/${ban_ipt6_cmd:-"-"}', ${ban_ipt6_savecmd:-"-"}, ${ban_ipt6_restorecmd:-"-"} not executable, please install the relevant iptables packages"
fi
- # check fetch utility
+ # check download utility
#
if [ -z "${ban_fetchutil}" ]
then
- cnt_max=$((cnt+5))
- while [ -z "${packages}" ]
+ while [ -z "${packages}" ] && [ "${cnt}" -le "${cnt_max}" ]
do
packages="$(opkg list-installed 2>/dev/null)"
- if [ "${cnt}" -gt "${cnt_max}" ]
- then
- break
- fi
cnt=$((cnt+1))
sleep 1
done
- if [ -n "${packages}" ]
+ if [ -z "${packages}" ]
then
- utils="aria2c curl wget uclient-fetch"
- for util in ${utils}
- do
- if { [ "${util}" = "uclient-fetch" ] && [ -n "$(printf "%s\\n" "${packages}" | grep "^libustream-")" ]; } || \
- { [ "${util}" = "wget" ] && [ -n "$(printf "%s\\n" "${packages}" | grep "^wget -")" ]; } || \
- { [ "${util}" != "uclient-fetch" ] && [ "${util}" != "wget" ]; }
+ f_log "err" "local opkg package repository is not available, please set 'ban_fetchutil' manually"
+ fi
+
+ utils="aria2c curl wget uclient-fetch"
+ for util in ${utils}
+ do
+ if { [ "${util}" = "uclient-fetch" ] && [ -n "$(printf "%s" "${packages}" | grep "^libustream-")" ]; } || \
+ { [ "${util}" = "wget" ] && [ -n "$(printf "%s" "${packages}" | grep "^wget -")" ]; } || \
+ [ "${util}" = "curl" ] || [ "${util}" = "aria2c" ]
+ then
+ if [ -x "$(command -v "${util}")" ]
then
- ban_fetchutil="$(command -v "${util}")"
- if [ -x "${ban_fetchutil}" ]
- then
- break
- fi
+ ban_fetchutil="${util}"
+ uci_set banip global ban_fetchutil "${util}"
+ uci_commit "banip"
+ break
fi
- unset ban_fetchutil util
- done
- fi
- else
- util="${ban_fetchutil}"
- ban_fetchutil="$(command -v "${util}")"
- if [ ! -x "${ban_fetchutil}" ]
- then
- unset ban_fetchutil util
- fi
+ fi
+ done
+ elif [ ! -x "$(command -v "${ban_fetchutil}")" ]
+ then
+ unset ban_fetchutil
fi
- case "${util}" in
+ case "${ban_fetchutil}" in
"aria2c")
- ban_fetchparm="${ban_fetchparm:-"--timeout=20 --allow-overwrite=true --auto-file-renaming=false --check-certificate=true --dir=/ -o"}"
+ ban_fetchparm="${ban_fetchparm:-"--timeout=20 --allow-overwrite=true --auto-file-renaming=false --check-certificate=true --log-level=warn --dir=/ -o"}"
;;
"curl")
- ban_fetchparm="${ban_fetchparm:-"--connect-timeout 20 -o"}"
+ ban_fetchparm="${ban_fetchparm:-"--connect-timeout 20 --silent --show-error --location -o"}"
;;
"uclient-fetch")
ban_fetchparm="${ban_fetchparm:-"--timeout=20 -O"}"
ban_fetchparm="${ban_fetchparm:-"--no-cache --no-cookies --max-redirect=0 --timeout=20 -O"}"
;;
esac
- if [ -z "${ban_fetchutil}" ] || [ -z "${ban_fetchparm}" ]
+ if [ -n "${ban_fetchutil}" ] && [ -n "${ban_fetchparm}" ]
then
+ ban_fetchutil="$(command -v "${ban_fetchutil}")"
+ else
f_log "err" "download utility with SSL support not found, please install 'uclient-fetch' with a 'libustream-*' variant or another download utility like 'wget', 'curl' or 'aria2'"
fi
- # check ssh daemon
+ # load JSON source file
#
- if [ -z "${ban_sshdaemon}" ]
+ if [ ! -r "${ban_srcfile}" ]
then
- utils="sshd dropbear"
- for util in ${utils}
- do
- if [ -x "$(command -v "${util}")" ]
- then
- if [ "$("/etc/init.d/${util}" enabled; printf "%u" ${?})" -eq 0 ]
- then
- ban_sshdaemon="${util}"
- break
- fi
- fi
- done
+ if [ -r "${ban_srcarc}" ]
+ then
+ zcat "${ban_srcarc}" > "${ban_srcfile}"
+ else
+ f_log "err" "banIP source archive not found"
+ fi
fi
- if [ -z "${ban_sshdaemon}" ]
+ if [ -r "${ban_srcfile}" ]
then
- f_log "err" "ssh daemon not found, please install 'dropbear' or 'sshd'"
+ json_load_file "${ban_srcfile}"
+ json_get_keys ban_allsources
+ ban_allsources="${ban_allsources} ${ban_localsources}"
+ else
+ f_log "err" "banIP source file not found"
fi
+ f_log "debug" "f_env ::: auto_detect: ${ban_autodetect}, fetch_util: ${ban_fetchutil:-"-"}, fetch_parm: ${ban_fetchparm:-"-"}, src_file: ${ban_srcfile:-"-"}, log_terms: ${ban_logterms}, interfaces: ${ban_ifaces:-"-"}, devices: ${ban_devs:-"-"}, subnets: ${ban_subnets:-"-"}, ip_devices: ${ban_ipdevs:-"-"}, protocols (4/6): ${ban_proto4_enabled}/${ban_proto6_enabled}"
}
# create temporary files and directories
#
-f_temp()
+f_tmp()
{
- if [ -d "/tmp" ] && [ -z "${ban_tmpdir}" ]
- then
- ban_tmpdir="$(mktemp -p /tmp -d)"
- ban_tmpfile="$(mktemp -p "${ban_tmpdir}" -tu)"
- elif [ ! -d "/tmp" ]
- then
- f_log "err" "the temp directory '/tmp' does not exist or has not been mounted yet, please create the directory or raise the 'ban_triggerdelay' to defer the banIP start"
- fi
+ f_dir "${ban_tmpbase}"
+
+ ban_tmpdir="$(mktemp -p "${ban_tmpbase}" -d)"
+ ban_tmpfile="$(mktemp -p "${ban_tmpdir}" -tu)"
if [ ! -f "${ban_pidfile}" ] || [ ! -s "${ban_pidfile}" ]
then
printf "%s" "${$}" > "${ban_pidfile}"
fi
+ f_log "debug" "f_tmp ::: tmp_base: ${ban_tmpbase:-"-"}, tmp_dir: ${ban_tmpdir:-"-"}, pid_file: ${ban_pidfile:-"-"}"
}
# remove temporary files and directories
#
-f_rmtemp()
+f_rmtmp()
{
if [ -d "${ban_tmpdir}" ]
then
rm -rf "${ban_tmpdir}"
fi
+ rm -f "${ban_srcfile}"
> "${ban_pidfile}"
+ f_log "debug" "f_rmtmp ::: tmp_base: ${ban_tmpbase:-"-"}, tmp_dir: ${ban_tmpdir:-"-"}, pid_file: ${ban_pidfile:-"-"}"
}
# remove backup files
#
-f_rmbackup()
+f_rmbckp()
{
if [ -d "${ban_backupdir}" ]
then
- rm -f "${ban_backupdir}"/banIP.*.gz
+ rm -f "${ban_backupdir}/banIP."*".gz"
+ fi
+}
+
+# status helper function
+#
+f_char()
+{
+ local result input="${1}"
+
+ if [ "${input}" = "1" ]
+ then
+ result="✔"
+ else
+ result="✘"
fi
+ printf "%s" "${result}"
}
-# iptables rules engine
+# apply iptables rules
#
f_iptrule()
{
- local rc timeout="-w 5" action="${1}" rule="${2}"
+ local rc timeout="-w 5" action="${1}" chain="${2}" rule="${3}" pos="${4}"
- if [ "${src_name##*_}" = "6" ]
+ if [ "${src_name}" = "maclist" ] || [ "${src_name##*_}" = "4" ]
then
- if [ -x "${ban_ipt6}" ]
+ rc="$("${ban_ipt4_cmd}" "${timeout}" -C ${chain} ${rule} 2>/dev/null; printf "%u" ${?})"
+ if { [ "${rc}" != "0" ] && { [ "${action}" = "-A" ] || [ "${action}" = "-I" ]; }; } || \
+ { [ "${rc}" = "0" ] && [ "${action}" = "-D" ]; }
then
- rc="$("${ban_ipt6}" "${timeout}" -C ${rule} 2>/dev/null; printf "%u" ${?})"
-
- if { [ "${rc}" -ne 0 ] && { [ "${action}" = "-A" ] || [ "${action}" = "-I" ]; } } || \
- { [ "${rc}" -eq 0 ] && [ "${action}" = "-D" ]; }
- then
- "${ban_ipt6}" "${timeout}" "${action}" ${rule} 2>/dev/null
- fi
+ "${ban_ipt4_cmd}" "${timeout}" "${action}" ${chain} ${pos} ${rule} 2>/dev/null
+ rc="${?}"
+ else
+ rc=0
fi
- else
- if [ -x "${ban_ipt}" ]
+ fi
+ if [ "${src_name}" = "maclist" ] || [ "${src_name##*_}" = "6" ]
+ then
+ rc="$("${ban_ipt6_cmd}" "${timeout}" -C ${chain} ${rule} 2>/dev/null; printf "%u" ${?})"
+ if { [ "${rc}" != "0" ] && { [ "${action}" = "-A" ] || [ "${action}" = "-I" ]; }; } || \
+ { [ "${rc}" = "0" ] && [ "${action}" = "-D" ]; }
then
- rc="$("${ban_ipt}" "${timeout}" -C ${rule} 2>/dev/null; printf "%u" ${?})"
-
- if { [ "${rc}" -ne 0 ] && { [ "${action}" = "-A" ] || [ "${action}" = "-I" ]; } } || \
- { [ "${rc}" -eq 0 ] && [ "${action}" = "-D" ]; }
- then
- "${ban_ipt}" "${timeout}" "${action}" ${rule} 2>/dev/null
- fi
+ "${ban_ipt6_cmd}" "${timeout}" "${action}" ${chain} ${pos} ${rule} 2>/dev/null
+ rc="${?}"
+ else
+ rc=0
fi
fi
- if [ "${?}" -ne 0 ]
+ if [ -n "${rc}" ] && [ "${rc}" != "0" ]
then
> "${tmp_err}"
- f_log "info" "can't create iptables rule: action: '${action:-"-"}', rule: '${rule:-"-"}'"
+ f_log "info" "iptables action '${action:-"-"}' failed with '${chain}, ${pos:-"-"}, ${rule:-"-"}'"
fi
}
-# remove/add iptables rules
+# iptables controller
#
-f_iptadd()
+f_iptables()
{
- local rm="${1}" dev
-
- for dev in ${ban_dev_all}
- do
- f_iptrule "-D" "${ban_chain} -i ${dev} -m conntrack --ctstate NEW -m set --match-set ${src_name} src -j ${target_src}"
- f_iptrule "-D" "${ban_chain} -o ${dev} -m conntrack --ctstate NEW -m set --match-set ${src_name} dst -j ${target_dst}"
- done
+ local destroy="${1}" dev
- if [ -z "${rm}" ] && [ "${cnt}" -gt 0 ]
+ if [ "${ban_action}" != "refresh" ] && [ "${ban_action}" != "resume" ]
+ then
+ for dev in ${ban_ipdevs}
+ do
+ if [ "${src_name}" = "maclist" ]
+ then
+ f_iptrule "-D" "${ban_chain}" "-o ${dev} -m conntrack --ctstate NEW -m set --match-set ${src_name} src -j RETURN"
+ elif [ "${src_name%_*}" = "whitelist" ]
+ then
+ f_iptrule "-D" "${ban_chain}" "-i ${dev} -m conntrack --ctstate NEW -m set --match-set ${src_name} src -j RETURN"
+ f_iptrule "-D" "${ban_chain}" "-o ${dev} -m conntrack --ctstate NEW -m set --match-set ${src_name} dst -j RETURN"
+ else
+ f_iptrule "-D" "${ban_chain}" "-i ${dev} -m conntrack --ctstate NEW -m set --match-set ${src_name} src -j ${ban_logtarget_src}"
+ f_iptrule "-D" "${ban_chain}" "-o ${dev} -m conntrack --ctstate NEW -m set --match-set ${src_name} dst -j ${ban_logtarget_dst}"
+ f_iptrule "-D" "${ban_chain}" "-i ${dev} -m conntrack --ctstate NEW -m set --match-set ${src_name} src -j ${ban_logchain_src}"
+ f_iptrule "-D" "${ban_chain}" "-o ${dev} -m conntrack --ctstate NEW -m set --match-set ${src_name} dst -j ${ban_logchain_dst}"
+ fi
+ done
+ fi
+ if [ -z "${destroy}" ] && [ "${cnt}" -gt "0" ]
then
- if [ "${src_ruletype}" != "dst" ]
+ if [ "${src_settype}" != "dst" ]
then
- f_iptrule "-I" "${wan_input} -j ${ban_chain}"
- f_iptrule "-I" "${wan_forward} -j ${ban_chain}"
- if [ "${src_name##*_}" != "6" ]
+ if [ "${src_name##*_}" = "4" ]
then
- # special IPv4 rules
- f_iptrule "-A" "${ban_chain} -p udp --dport 67:68 --sport 67:68 -j RETURN"
+ for chain in ${ban_wan_inputchains_4}
+ do
+ f_iptrule "-I" "${chain}" "-j ${ban_chain}"
+ done
+ for chain in ${ban_wan_forwardchains_4}
+ do
+ f_iptrule "-I" "${chain}" "-j ${ban_chain}"
+ done
+ f_iptrule "-A" "${ban_chain}" "-p udp --dport 67:68 --sport 67:68 -j RETURN"
+ elif [ "${src_name##*_}" = "6" ]
+ then
+ for chain in ${ban_wan_inputchains_6}
+ do
+ f_iptrule "-I" "${chain}" "-j ${ban_chain}"
+ done
+ for chain in ${ban_wan_forwardchains_6}
+ do
+ f_iptrule "-I" "${chain}" "-j ${ban_chain}"
+ done
+ f_iptrule "-A" "${ban_chain}" "-p ipv6-icmp -s fe80::/10 -d fe80::/10 -j RETURN"
+ f_iptrule "-A" "${ban_chain}" "-p udp -s fc00::/6 --sport 547 -d fc00::/6 --dport 546 -j RETURN"
fi
- for dev in ${ban_dev}
+ for dev in ${ban_devs}
do
- f_iptrule "${action:-"-A"}" "${ban_chain} -i ${dev} -m conntrack --ctstate NEW -m set --match-set ${src_name} src -j ${target_src}"
+ if [ "${src_name}" = "maclist" ]
+ then
+ f_iptrule "-I" "${ban_chain}" "-o ${dev} -m conntrack --ctstate NEW -m set --match-set ${src_name} src -j RETURN" "1"
+ elif [ "${src_name%_*}" = "whitelist" ]
+ then
+ f_iptrule "-I" "${ban_chain}" "-i ${dev} -m conntrack --ctstate NEW -m set --match-set ${src_name} src -j RETURN" "2"
+ else
+ f_iptrule "${action:-"-A"}" "${ban_chain}" "-i ${dev} -m conntrack --ctstate NEW -m set --match-set ${src_name} src -j ${ban_target_src}"
+ fi
done
fi
- if [ "${src_ruletype}" != "src" ]
+ if [ "${src_settype}" != "src" ]
then
- f_iptrule "-I" "${lan_input} -j ${ban_chain}"
- f_iptrule "-I" "${lan_forward} -j ${ban_chain}"
- if [ "${src_name##*_}" != "6" ]
+ if [ "${src_name##*_}" = "4" ]
+ then
+ for chain in ${ban_lan_inputchains_4}
+ do
+ f_iptrule "-I" "${chain}" "-j ${ban_chain}"
+ done
+ for chain in ${ban_lan_forwardchains_4}
+ do
+ f_iptrule "-I" "${chain}" "-j ${ban_chain}"
+ done
+ f_iptrule "-A" "${ban_chain}" "-p udp --dport 67:68 --sport 67:68 -j RETURN"
+ elif [ "${src_name##*_}" = "6" ]
then
- # special IPv4 rules
- f_iptrule "-A" "${ban_chain} -p udp --dport 67:68 --sport 67:68 -j RETURN"
+ for chain in ${ban_lan_inputchains_6}
+ do
+ f_iptrule "-I" "${chain}" "-j ${ban_chain}"
+ done
+ for chain in ${ban_lan_forwardchains_6}
+ do
+ f_iptrule "-I" "${chain}" "-j ${ban_chain}"
+ done
+ f_iptrule "-A" "${ban_chain}" "-p ipv6-icmp -s fe80::/10 -d fe80::/10 -j RETURN"
+ f_iptrule "-A" "${ban_chain}" "-p udp -s fc00::/6 --sport 547 -d fc00::/6 --dport 546 -j RETURN"
fi
- for dev in ${ban_dev}
+ for dev in ${ban_devs}
do
- f_iptrule "${action:-"-A"}" "${ban_chain} -o ${dev} -m conntrack --ctstate NEW -m set --match-set ${src_name} dst -j ${target_dst}"
+ if [ "${src_name%_*}" = "whitelist" ]
+ then
+ f_iptrule "-I" "${ban_chain}" "-o ${dev} -m conntrack --ctstate NEW -m set --match-set ${src_name} dst -j RETURN" "3"
+ elif [ "${src_name}" != "maclist" ]
+ then
+ f_iptrule "${action:-"-A"}" "${ban_chain}" "-o ${dev} -m conntrack --ctstate NEW -m set --match-set ${src_name} dst -j ${ban_target_dst}"
+ fi
done
fi
else
- if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -q -n list "${src_name}")" ]
- then
- "${ban_ipset}" -q destroy "${src_name}"
- fi
+ "${ban_ipset_cmd}" -q destroy "${src_name}"
fi
}
-# ipset/iptables actions
+# ipset controller
#
f_ipset()
{
- local out_rc source action ruleset rule cnt=0 cnt_ip=0 cnt_cidr=0 timeout="-w 5" mode="${1}" in_rc="${src_rc:-0}"
-
- if [ "${src_name%_6*}" = "whitelist" ]
- then
- target_src="RETURN"
- target_dst="RETURN"
- action="-I"
- fi
+ local src src_list action rule ipt_cmd out_rc cnt="0" cnt_ip="0" cnt_cidr="0" cnt_mac="0" timeout="-w 5" mode="${1}" in_rc="4"
case "${mode}" in
"backup")
gzip -cf "${tmp_load}" 2>/dev/null > "${ban_backupdir}/banIP.${src_name}.gz"
- out_rc="${?:-"${in_rc}"}"
+ out_rc="${?}"
f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}, out_rc: ${out_rc}"
return "${out_rc}"
;;
then
zcat "${ban_backupdir}/banIP.${src_name}.gz" 2>/dev/null > "${tmp_load}"
out_rc="${?}"
+ else
+ out_rc="${in_rc}"
fi
- out_rc="${out_rc:-"${in_rc}"}"
f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}, out_rc: ${out_rc}"
return "${out_rc}"
;;
then
rm -f "${ban_backupdir}/banIP.${src_name}.gz"
out_rc="${?}"
+ else
+ out_rc="${in_rc}"
fi
- out_rc="${out_rc:-"${in_rc}"}"
f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}, out_rc: ${out_rc}"
return "${out_rc}"
;;
"initial")
- local ipt log_src_target log_src_opts log_src_prefix log_dst_target log_dst_opts log_dst_prefix
- for src_name in "ruleset" "ruleset_6"
+ for proto in "4" "6"
do
- if [ "${src_name##*_}" = "6" ]
+ if [ "${proto}" = "4" ]
+ then
+ ipt_cmd="${ban_ipt4_cmd}"
+ chainsets="${ban_lan_inputchains_4} ${ban_lan_forwardchains_4} ${ban_wan_inputchains_4} ${ban_wan_forwardchains_4}"
+ elif [ "${proto}" = "6" ]
+ then
+ ipt_cmd="${ban_ipt6_cmd}"
+ chainsets="${ban_lan_inputchains_6} ${ban_lan_forwardchains_6} ${ban_wan_inputchains_6} ${ban_wan_forwardchains_6}"
+ fi
+
+ if [ -z "$("${ipt_cmd}" "${timeout}" -nL "${ban_chain}" 2>/dev/null)" ]
then
- ipt="${ban_ipt6}"
- ruleset="${ban_wan_input_chain_6:-"input_wan_rule"} ${ban_wan_forward_chain_6:-"forwarding_wan_rule"} ${ban_lan_input_chain_6:-"input_lan_rule"} ${ban_lan_forward_chain_6:-"forwarding_lan_rule"}"
- log_src_target="${log_target_src_6}"
- log_src_opts="${ban_log_src_opts_6:-"-m limit --limit 10/sec"}"
- log_src_prefix="${ban_log_src_prefix_6:-"${log_target_src_6}(src banIP) "}"
- log_dst_target="${log_target_dst_6}"
- log_dst_opts="${ban_log_dst_opts_6:-"-m limit --limit 10/sec"}"
- log_dst_prefix="${ban_log_dst_prefix_6:-"${log_target_dst_6}(dst banIP) "}"
+ "${ipt_cmd}" "${timeout}" -N "${ban_chain}" 2>/dev/null
+ out_rc="${?}"
+ f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}, chain: ${ban_chain:-"-"}, out_rc: ${out_rc}"
else
- ipt="${ban_ipt}"
- ruleset="${ban_wan_input_chain:-"input_wan_rule"} ${ban_wan_forward_chain:-"forwarding_wan_rule"} ${ban_lan_input_chain:-"input_lan_rule"} ${ban_lan_forward_chain:-"forwarding_lan_rule"}"
- log_src_target="${log_target_src}"
- log_src_opts="${ban_log_src_opts:-"-m limit --limit 10/sec"}"
- log_src_prefix="${ban_log_src_prefix:-"${log_target_src}(src banIP) "}"
- log_dst_target="${log_target_dst}"
- log_dst_opts="${ban_log_dst_opts:-"-m limit --limit 10/sec"}"
- log_dst_prefix="${ban_log_dst_prefix:-"${log_target_dst}(dst banIP) "}"
+ out_rc=0
+ for chain in ${chainsets}
+ do
+ f_iptrule "-D" "${chain}" "-j ${ban_chain}"
+ done
fi
- if [ -x "${ipt}" ]
+ if [ "${ban_logsrc_enabled}" = "1" ] && [ "${out_rc}" = "0" ] && [ -z "$("${ipt_cmd}" "${timeout}" -nL "${ban_logchain_src}" 2>/dev/null)" ]
then
- if [ -z "$("${ipt}" "${timeout}" -nL "${ban_chain}" 2>/dev/null)" ]
+ "${ipt_cmd}" "${timeout}" -N "${ban_logchain_src}" 2>/dev/null
+ out_rc="${?}"
+ if [ "${out_rc}" = "0" ]
then
- "${ipt}" "${timeout}" -N "${ban_chain}" 2>/dev/null
+ "${ipt_cmd}" "${timeout}" -A "${ban_logchain_src}" -j LOG ${ban_logopts_src} --log-prefix "${ban_logprefix_src}"
out_rc="${?}"
- else
- out_rc=0
- for rule in ${ruleset}
- do
- f_iptrule "-D" "${rule} -j ${ban_chain}"
- done
- fi
- f_log "debug" "f_ipset ::: name: -, mode: ${mode:-"-"}, chain: ${ban_chain:-"-"}, $src_name: ${ruleset:-"-"}, out_rc: ${out_rc}"
-
- if [ "${ban_log_src}" -eq 1 ] && [ "${out_rc}" -eq 0 ]
- then
- if [ -z "$("${ipt}" "${timeout}" -nL "${ban_log_chain_src}" 2>/dev/null)" ]
+ if [ "${out_rc}" = "0" ]
then
- "${ipt}" "${timeout}" -N "${ban_log_chain_src}" 2>/dev/null
+ "${ipt_cmd}" "${timeout}" -A "${ban_logchain_src}" -j "${ban_logtarget_src}"
out_rc="${?}"
- if [ "${out_rc}" -eq 0 ]
- then
- "${ipt}" "${timeout}" -A "${ban_log_chain_src}" -j LOG ${log_src_opts} --log-prefix "${log_src_prefix}" && \
- "${ipt}" "${timeout}" -A "${ban_log_chain_src}" -j "${log_src_target}"
- out_rc="${?}"
- fi
fi
- f_log "debug" "f_ipset ::: name: -, mode: ${mode:-"-"}, chain: ${ban_log_chain_src:-"-"}, out_rc: ${out_rc}"
fi
+ f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}, logchain_src: ${ban_logchain_src:-"-"}, out_rc: ${out_rc}"
+ fi
- if [ "${ban_log_dst}" -eq 1 ] && [ "${out_rc}" -eq 0 ]
+ if [ "${ban_logdst_enabled}" = "1" ] && [ "${out_rc}" = "0" ] && [ -z "$("${ipt_cmd}" "${timeout}" -nL "${ban_logchain_dst}" 2>/dev/null)" ]
+ then
+ "${ipt_cmd}" "${timeout}" -N "${ban_logchain_dst}" 2>/dev/null
+ out_rc="${?}"
+ if [ "${out_rc}" = "0" ]
then
- if [ -z "$("${ipt}" "${timeout}" -nL "${ban_log_chain_dst}" 2>/dev/null)" ]
+ "${ipt_cmd}" "${timeout}" -A "${ban_logchain_dst}" -j LOG ${ban_logopts_dst} --log-prefix "${ban_logprefix_dst}"
+ out_rc="${?}"
+ if [ "${out_rc}" = "0" ]
then
- "${ipt}" "${timeout}" -N "${ban_log_chain_dst}" 2>/dev/null
+ "${ipt_cmd}" "${timeout}" -A "${ban_logchain_dst}" -j "${ban_logtarget_dst}"
out_rc="${?}"
- if [ "${out_rc}" -eq 0 ]
- then
- "${ipt}" "${timeout}" -A "${ban_log_chain_dst}" -j LOG ${log_dst_opts} --log-prefix "${log_dst_prefix}" && \
- "${ipt}" "${timeout}" -A "${ban_log_chain_dst}" -j "${log_dst_target}"
- out_rc="${?}"
- fi
fi
- f_log "debug" "f_ipset ::: name: -, mode: ${mode:-"-"}, chain: ${ban_log_chain_dst:-"-"}, out_rc: ${out_rc}"
fi
+ f_log "debug" "f_ipset ::: name: initial, mode: ${mode:-"-"}, logchain_dst: ${ban_logchain_dst:-"-"}, out_rc: ${out_rc}"
fi
done
-
out_rc="${out_rc:-"${in_rc}"}"
- f_log "debug" "f_ipset ::: name: -, mode: ${mode:-"-"}, out_rc: ${out_rc}"
+ f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}, out_rc: ${out_rc}"
return "${out_rc}"
;;
"create")
- if [ -x "${ban_ipset}" ]
+ if [ "${src_name}" = "maclist" ] && [ -s "${tmp_file}" ] && [ -z "$("${ban_ipset_cmd}" -q -n list "${src_name}")" ]
then
- if [ -s "${tmp_file}" ] && [ -z "$("${ban_ipset}" -q -n list "${src_name}")" ]
- then
- "${ban_ipset}" -q create "${src_name}" hash:"${src_settype}" hashsize 64 maxelem 262144 family "${src_setipv}" counters
- out_rc="${?}"
- else
- "${ban_ipset}" -q flush "${src_name}"
- out_rc="${?}"
- fi
- if [ -s "${tmp_file}" ] && [ "${out_rc}" -eq 0 ]
+ "${ban_ipset_cmd}" create "${src_name}" hash:mac maxelem 262144 counters
+ out_rc="${?}"
+ elif [ -s "${tmp_file}" ] && [ -z "$("${ban_ipset_cmd}" -q -n list "${src_name}")" ]
+ then
+ "${ban_ipset_cmd}" create "${src_name}" hash:net hashsize 64 maxelem 262144 family "${src_ipver}" counters
+ out_rc="${?}"
+ else
+ "${ban_ipset_cmd}" -q flush "${src_name}"
+ out_rc="${?}"
+ fi
+ if [ -s "${tmp_file}" ] && [ "${out_rc}" = "0" ]
+ then
+ "${ban_ipset_cmd}" -q -! restore < "${tmp_file}"
+ out_rc="${?}"
+ if [ "${out_rc}" = "0" ]
then
- "${ban_ipset}" -q -! restore < "${tmp_file}"
- out_rc="${?}"
- if [ "${out_rc}" -eq 0 ]
- then
- "${ban_ipset}" -q save "${src_name}" > "${tmp_file}"
- cnt="$(($(wc -l 2>/dev/null < "${tmp_file}")-1))"
- cnt_cidr="$(grep -cF "/" "${tmp_file}")"
- cnt_ip="$((cnt-cnt_cidr))"
- printf "%s\\n" "${cnt}" > "${tmp_cnt}"
- fi
+ src_list="$("${ban_ipset_cmd}" -q list "${src_name}")"
+ cnt="$(printf "%s\n" "${src_list}" | awk '/^Number of entries:/{print $4}')"
+ cnt_mac="$(printf "%s\n" "${src_list}" | grep -cE "^(([0-9A-Z][0-9A-Z]:){5}[0-9A-Z]{2} packets)")"
+ cnt_cidr="$(printf "%s\n" "${src_list}" | grep -cE "(/[0-9]{1,3} packets)")"
+ cnt_ip=$((cnt-cnt_cidr-cnt_mac))
+ printf "%s\n" "${cnt}" > "${tmp_cnt}"
fi
- f_iptadd
fi
+ f_iptables
end_ts="$(date +%s)"
out_rc="${out_rc:-"${in_rc}"}"
- f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}, settype: ${src_settype:-"-"}, setipv: ${src_setipv:-"-"}, ruletype: ${src_ruletype:-"-"}, count(sum/ip/cidr): ${cnt}/${cnt_ip}/${cnt_cidr}, time: $((end_ts-start_ts)), out_rc: ${out_rc}"
+ f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}, ipver: ${src_ipver:-"-"}, settype: ${src_settype:-"-"}, count(sum/ip/cidr/mac): ${cnt}/${cnt_ip}/${cnt_cidr}/${cnt_mac}, time: $((end_ts-start_ts)), out_rc: ${out_rc}"
return "${out_rc}"
;;
"refresh")
- if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -q -n list "${src_name}")" ]
+ if [ -n "$("${ban_ipset_cmd}" -q -n list "${src_name}")" ]
then
- "${ban_ipset}" -q save "${src_name}" > "${tmp_file}"
- out_rc="${?}"
- if [ -s "${tmp_file}" ] && [ "${out_rc}" -eq 0 ]
+ out_rc=0
+ src_list="$("${ban_ipset_cmd}" -q list "${src_name}")"
+ cnt="$(printf "%s\n" "${src_list}" | awk '/^Number of entries:/{print $4}')"
+ cnt_mac="$(printf "%s\n" "${src_list}" | grep -cE "^(([0-9A-Z][0-9A-Z]:){5}[0-9A-Z]{2} packets)")"
+ cnt_cidr="$(printf "%s\n" "${src_list}" | grep -cE "(/[0-9]{1,3} packets)")"
+ cnt_ip=$((cnt-cnt_cidr-cnt_mac))
+ printf "%s\n" "${cnt}" > "${tmp_cnt}"
+ f_iptables
+ fi
+ end_ts="$(date +%s)"
+ out_rc="${out_rc:-"${in_rc}"}"
+ f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}, count(sum/ip/cidr/mac): ${cnt}/${cnt_ip}/${cnt_cidr}/${cnt_mac}, time: $((end_ts-start_ts)), out_rc: ${out_rc}"
+ return "${out_rc}"
+ ;;
+ "suspend")
+ for src in ${ban_sources} ${ban_localsources}
+ do
+ if [ "${src}" = "maclist" ] && [ -n "$("${ban_ipset_cmd}" -q -n list "${src}")" ]
then
- cnt="$(($(wc -l 2>/dev/null < "${tmp_file}")-1))"
- cnt_cidr="$(grep -cF "/" "${tmp_file}")"
- cnt_ip="$((cnt-cnt_cidr))"
- printf "%s\\n" "${cnt}" > "${tmp_cnt}"
+ tmp_file="${ban_backupdir}/${src}.file"
+ "${ban_ipset_cmd}" -q save "${src}" | tail -n +2 > "${tmp_file}"
+ "${ban_ipset_cmd}" -q flush "${src}"
+ else
+ for proto in "4" "6"
+ do
+ if [ -n "$("${ban_ipset_cmd}" -q -n list "${src}_${proto}")" ]
+ then
+ tmp_file="${ban_backupdir}/${src}_${proto}.file"
+ "${ban_ipset_cmd}" -q save "${src}_${proto}" | tail -n +2 > "${tmp_file}"
+ "${ban_ipset_cmd}" -q flush "${src}_${proto}"
+ fi
+ done
fi
- f_iptadd
+ done
+ f_log "debug" "f_ipset ::: name: ${src:-"-"}, mode: ${mode:-"-"}"
+ ;;
+ "resume")
+ "${ban_ipset_cmd}" -q -! restore < "${ban_backupdir}/${src_name}.file"
+ out_rc="${?}"
+ if [ "${out_rc}" = "0" ]
+ then
+ rm -f "${ban_backupdir}/${src_name}.file"
+ src_list="$("${ban_ipset_cmd}" -q list "${src_name}")"
+ cnt="$(printf "%s\n" "${src_list}" | awk '/^Number of entries:/{print $4}')"
+ cnt_mac="$(printf "%s\n" "${src_list}" | grep -cE "^(([0-9A-Z][0-9A-Z]:){5}[0-9A-Z]{2} packets)")"
+ cnt_cidr="$(printf "%s\n" "${src_list}" | grep -cE "(/[0-9]{1,3} packets)")"
+ cnt_ip=$((cnt-cnt_cidr-cnt_mac))
+ printf "%s\n" "${cnt}" > "${tmp_cnt}"
fi
+ f_iptables
end_ts="$(date +%s)"
out_rc="${out_rc:-"${in_rc}"}"
- f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}, count: ${cnt}/${cnt_ip}/${cnt_cidr}, time: $((end_ts-start_ts)), out_rc: ${out_rc}"
+ f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}, ipver: ${src_ipver:-"-"}, settype: ${src_settype:-"-"}, count(sum/ip/cidr/mac): ${cnt}/${cnt_ip}/${cnt_cidr}/${cnt_mac}, time: $((end_ts-start_ts)), out_rc: ${out_rc}"
return "${out_rc}"
;;
"flush")
- f_iptadd "remove"
-
- if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -q -n list "${src_name}")" ]
+ if [ -n "$("${ban_ipset_cmd}" -q -n list "${src_name}")" ]
then
- "${ban_ipset}" -q flush "${src_name}"
- "${ban_ipset}" -q destroy "${src_name}"
+ f_iptables "destroy"
+ out_rc=0
fi
- f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}"
- ;;
- "destroy")
- for chain in ${ban_log_chain_src} ${ban_log_chain_dst} ${ban_chain}
+ out_rc="${out_rc:-"${in_rc}"}"
+ f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}, out_rc: ${out_rc}"
+ return "${out_rc}"
+ ;;
+ "destroy")
+ for chain in ${ban_chain} ${ban_logchain_src} ${ban_logchain_dst}
do
- if [ -x "${ban_ipt}" ] && [ -x "${ban_ipt_save}" ] && [ -x "${ban_ipt_restore}" ] && \
- [ -n "$("${ban_ipt}" "${timeout}" -nL "${chain}" 2>/dev/null)" ]
+ if [ -n "$("${ban_ipt4_cmd}" "${timeout}" -nL "${chain}" 2>/dev/null)" ]
then
- "${ban_ipt_save}" | grep -v -- "-j ${chain}" | "${ban_ipt_restore}"
- "${ban_ipt}" "${timeout}" -F "${chain}" 2>/dev/null
- "${ban_ipt}" "${timeout}" -X "${chain}" 2>/dev/null
+ "${ban_ipt4_savecmd}" | grep -v -- "-j ${chain}" | "${ban_ipt4_restorecmd}"
+ "${ban_ipt4_cmd}" "${timeout}" -F "${chain}" 2>/dev/null
+ "${ban_ipt4_cmd}" "${timeout}" -X "${chain}" 2>/dev/null
fi
- if [ -x "${ban_ipt6}" ] && [ -x "${ban_ipt6_save}" ] && [ -x "${ban_ipt6_restore}" ] && \
- [ -n "$("${ban_ipt6}" "${timeout}" -nL "${chain}" 2>/dev/null)" ]
+ if [ -n "$("${ban_ipt6_cmd}" "${timeout}" -nL "${chain}" 2>/dev/null)" ]
then
- "${ban_ipt6_save}" | grep -v -- "-j ${chain}" | "${ban_ipt6_restore}"
- "${ban_ipt6}" "${timeout}" -F "${chain}" 2>/dev/null
- "${ban_ipt6}" "${timeout}" -X "${chain}" 2>/dev/null
+ "${ban_ipt6_savecmd}" | grep -v -- "-j ${chain}" | "${ban_ipt6_restorecmd}"
+ "${ban_ipt6_cmd}" "${timeout}" -F "${chain}" 2>/dev/null
+ "${ban_ipt6_cmd}" "${timeout}" -X "${chain}" 2>/dev/null
fi
done
- for source in ${ban_sources}
+ for src in ${ban_sources} ${ban_localsources}
do
- if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -q -n list "${source}")" ]
+ if [ "${src}" = "maclist" ] && [ -n "$("${ban_ipset_cmd}" -q -n list "${src}")" ]
then
- "${ban_ipset}" -q destroy "${source}"
+ "${ban_ipset_cmd}" -q destroy "${src}"
+ else
+ for proto in "4" "6"
+ do
+ if [ -n "$("${ban_ipset_cmd}" -q -n list "${src}_${proto}")" ]
+ then
+ "${ban_ipset_cmd}" -q destroy "${src}_${proto}"
+ fi
+ done
fi
done
f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}"
{
local class="${1}" log_msg="${2}"
- if [ -n "${log_msg}" ] && { [ "${class}" != "debug" ] || [ "${ban_debug}" -eq 1 ]; }
+ if [ -n "${log_msg}" ] && { [ "${class}" != "debug" ] || [ "${ban_debug}" = "1" ]; }
then
- if [ -x "${ban_logger}" ]
+ if [ -x "${ban_logger_cmd}" ]
then
- "${ban_logger}" -p "${class}" -t "banIP-${ban_ver}[${$}]" "${log_msg}"
+ "${ban_logger_cmd}" -p "${class}" -t "banIP-${ban_ver%-*}[${$}]" "${log_msg}"
else
- printf "%s %s %s\\n" "${class}" "banIP-${ban_ver}[${$}]" "${log_msg}"
+ printf "%s %s %s\n" "${class}" "banIP-${ban_ver%-*}[${$}]" "${log_msg}"
fi
if [ "${class}" = "err" ]
then
- f_jsnup error
- f_ipset destroy
- f_rmbackup
- f_rmtemp
+ f_jsnup "error"
+ f_ipset "destroy"
+ f_rmbckp
+ f_rmtmp
exit 1
fi
fi
# start log service to trace failed ssh/luci logins
#
-f_bgserv()
+f_bgsrv()
{
- local bg_pid status="${1}"
+ local bg_pid action="${1}"
- bg_pid="$(pgrep -f "^/bin/sh ${ban_logservice}.*|^logread -f -e ${ban_sshdaemon}\|luci: failed login|^grep -qE Exit before auth|luci: failed login|[0-9]+ \[preauth\]$" | awk '{ORS=" "; print $1}')"
- if [ -z "${bg_pid}" ] && [ "${status}" = "start" ] \
- && [ -x "${ban_logservice}" ] && [ "${ban_realtime}" = "true" ]
+ bg_pid="$(pgrep -f "^/bin/sh ${ban_logservice}|logread -f|^grep -q Exit|^grep -q error|^grep -q luci" | awk '{ORS=" "; print $1}')"
+ if [ -z "${bg_pid}" ] && [ "${action}" = "start" ] && [ -x "${ban_logservice}" ] && [ "${ban_monitor_enabled}" = "1" ]
then
- ( "${ban_logservice}" "${ban_ver}" "${ban_sshdaemon}" & )
- elif [ -n "${bg_pid}" ] && [ "${status}" = "stop" ]
+ if [ -n "$(printf "%s\n" "${ban_logterms}" | grep -F "dropbear")" ]
+ then
+ ban_search="Exit before auth from\|"
+ fi
+ if [ -n "$(printf "%s\n" "${ban_logterms}" | grep -F "sshd")" ]
+ then
+ ban_search="${ban_search}error: maximum authentication attempts exceeded\|sshd.*Connection closed by.*\[preauth\]\|"
+ fi
+ if [ -n "$(printf "%s\n" "${ban_logterms}" | grep -F "luci")" ]
+ then
+ ban_search="${ban_search}luci: failed login"
+ fi
+ ( "${ban_logservice}" "${ban_ver}" "${ban_search}" & )
+ elif [ -n "${bg_pid}" ] && [ "${action}" = "stop" ]
then
kill -HUP "${bg_pid}" 2>/dev/null
fi
- f_log "debug" "f_bgserv ::: status: ${status:-"-"}, bg_pid: ${bg_pid:-"-"}, ban_realtime: ${ban_realtime:-"-"}, log_service: ${ban_logservice:-"-"}"
+ f_log "debug" "f_bgsrv ::: action: ${action:-"-"}, bg_pid: ${bg_pid:-"-"}, monitor_enabled: ${ban_monitor_enabled:-"-"}, log_service: ${ban_logservice:-"-"}"
}
-# main function for banIP processing
+# download controller
+#
+f_down()
+{
+ local src_name="${1}" proto="${2}" src_ipver="${3}" src_url="${4}" src_rule="${5}" src_comp="${6}"
+ local ip start_ts end_ts src_settype src_log src_rc tmp_load tmp_file tmp_raw tmp_cnt tmp_err
+
+ start_ts="$(date +%s)"
+ if [ -n "$(printf "%s\n" "${ban_settype_src}" | grep -F "${src_name}")" ]
+ then
+ src_settype="src"
+ elif [ -n "$(printf "%s\n" "${ban_settype_dst}" | grep -F "${src_name}")" ]
+ then
+ src_settype="dst"
+ elif [ -n "$(printf "%s\n" "${ban_settype_all}" | grep -F "${src_name}")" ]
+ then
+ src_settype="src+dst"
+ else
+ src_settype="${ban_global_settype}"
+ fi
+ src_name="${src_name}_${proto}"
+ tmp_load="${ban_tmpfile}.${src_name}.load"
+ tmp_file="${ban_tmpfile}.${src_name}.file"
+ tmp_raw="${tmp_file}.raw"
+ tmp_cnt="${tmp_file}.cnt"
+ tmp_err="${tmp_file}.err"
+
+ # 'resume' mode
+ #
+ if [ "${ban_action}" = "resume" ]
+ then
+ if [ "${src_name%_*}" = "maclist" ]
+ then
+ src_name="maclist"
+ fi
+ f_ipset "resume"
+ src_rc="${?}"
+ if [ "${src_rc}" = "0" ]
+ then
+ return
+ fi
+ fi
+
+ # handle local downloads
+ #
+ case "${src_name%_*}" in
+ "blacklist"|"whitelist")
+ awk "${src_rule}" "${src_url}" > "${tmp_file}"
+ src_rc="${?}"
+ if [ "${src_rc}" = "0" ]
+ then
+ f_ipset "create"
+ else
+ f_log "debug" "f_down ::: name: ${src_name}, url: ${src_url}, rule: ${src_rule}, rc: ${src_rc}"
+ fi
+ return
+ ;;
+ "maclist")
+ src_name="${src_name%_*}"
+ tmp_file="${ban_tmpfile}.${src_name}.file"
+ tmp_cnt="${tmp_file}.cnt"
+ tmp_err="${tmp_file}.err"
+ awk "${src_rule}" "${src_url}" > "${tmp_file}"
+ src_rc="${?}"
+ if [ "${src_rc}" = "0" ]
+ then
+ f_ipset "create"
+ else
+ f_log "debug" "f_down ::: name: ${src_name}, url: ${src_url}, rule: ${src_rule}, rc: ${src_rc}"
+ fi
+ return
+ ;;
+ esac
+
+ # 'refresh' mode
+ #
+ if [ "${ban_action}" = "refresh" ]
+ then
+ f_ipset "refresh"
+ src_rc="${?}"
+ if [ "${src_rc}" = "0" ]
+ then
+ return
+ fi
+ fi
+
+ # 'start' mode
+ #
+ if [ "${ban_action}" = "start" ]
+ then
+ f_ipset "restore"
+ fi
+ src_rc="${?}"
+ if [ "${src_rc}" = "0" ]
+ then
+ awk "${src_rule}" "${tmp_load}" 2>/dev/null > "${tmp_file}"
+ src_rc="${?}"
+ if [ "${src_rc}" = "0" ]
+ then
+ f_ipset "create"
+ src_rc="${?}"
+ if [ "${src_rc}" = "0" ]
+ then
+ return
+ fi
+ fi
+ fi
+
+ # handle country related downloads
+ #
+ if [ "${src_name%_*}" = "country" ]
+ then
+ for country in ${ban_countries}
+ do
+ src_log="$("${ban_fetchutil}" ${ban_fetchparm} "${tmp_raw}" "${src_url}${country}-aggregated.zone" 2>&1)"
+ src_rc="${?}"
+ if [ "${src_rc}" = "0" ]
+ then
+ cat "${tmp_raw}" 2>/dev/null >> "${tmp_load}"
+ else
+ continue
+ fi
+ done
+
+ # handle asn related downloads
+ #
+ elif [ "${src_name%_*}" = "asn" ]
+ then
+ for asn in ${ban_asns}
+ do
+ src_log="$("${ban_fetchutil}" ${ban_fetchparm} "${tmp_raw}" "${src_url}AS${asn}" 2>&1)"
+ src_rc="${?}"
+ if [ "${src_rc}" = "0" ]
+ then
+ cat "${tmp_raw}" 2>/dev/null >> "${tmp_load}"
+ else
+ continue
+ fi
+ done
+
+ # handle compressed downloads
+ #
+ elif [ -n "${src_comp}" ]
+ then
+ case "${src_comp}" in
+ "gz")
+ src_log="$("${ban_fetchutil}" ${ban_fetchparm} "${tmp_raw}" "${src_url}" 2>&1)"
+ src_rc="${?}"
+ if [ "${src_rc}" -eq 0 ]
+ then
+ zcat "${tmp_raw}" 2>/dev/null > "${tmp_load}"
+ src_rc="${?}"
+ fi
+ ;;
+ esac
+
+ # handle normal downloads
+ #
+ else
+ src_log="$("${ban_fetchutil}" ${ban_fetchparm} "${tmp_load}" "${src_url}" 2>&1)"
+ src_rc="${?}"
+ fi
+
+ # download post-processing (backup, restore, regex)
+ #
+ if [ "${src_rc}" = "0" ]
+ then
+ f_ipset "backup"
+ src_rc="${?}"
+ elif [ "${ban_action}" != "start" ] && [ "${ban_action}" != "refresh" ]
+ then
+ f_ipset "restore"
+ src_rc="${?}"
+ fi
+ if [ "${src_rc}" = "0" ]
+ then
+ awk "${src_rule}" "${tmp_load}" 2>/dev/null > "${tmp_file}"
+ src_rc="${?}"
+ if [ "${src_rc}" = "0" ]
+ then
+ f_ipset "create"
+ src_rc="${?}"
+ elif [ "${ban_action}" != "refresh" ]
+ then
+ f_ipset "refresh"
+ src_rc="${?}"
+ fi
+ else
+ src_log="$(printf "%s" "${src_log}" | awk '{ORS=" ";print $0}')"
+ if [ "${ban_action}" != "refresh" ]
+ then
+ f_ipset "refresh"
+ src_rc="${?}"
+ fi
+ f_log "debug" "f_down ::: name: ${src_name}, url: ${src_url}, rule: ${src_rule}, rc: ${src_rc}, log: ${src_log:-"-"}"
+ fi
+}
+
+# main controller
#
f_main()
{
- local pid pid_list start_ts end_ts ip tmp_raw tmp_cnt tmp_load tmp_file mem_total mem_free cnt=1
- local src_name src_on src_url src_rset src_setipv src_settype src_ruletype src_cat src_log src_addon src_ts src_rc
- local wan_input wan_forward lan_input lan_forward target_src target_dst ssh_log luci_log
+ local src_name src_url_4 src_rule_4 src_url_6 src_rule_6 src_comp src_rc src_ts log_raw log_merge hold err_file cnt_file cnt=0
- if [ "${ban_sshdaemon}" = "dropbear" ]
+ # prepare logfile excerpts (dropbear, sshd, luci)
+ #
+ if [ "${ban_autoblacklist}" = "1" ] || [ "${ban_monitor_enabled}" = "1" ]
then
- ssh_log="$(logread -e "${ban_sshdaemon}" | grep -o "${ban_sshdaemon}.*" | sed 's/:[0-9]*$//g')"
- elif [ "${ban_sshdaemon}" = "sshd" ]
+ log_raw="$(logread -l "${ban_loglimit}")"
+ if [ -n "$(printf "%s\n" "${ban_logterms}" | grep -F "dropbear")" ]
+ then
+ log_merge="$(printf "%s\n" "${log_raw}" | grep "Exit before auth from" | awk 'match($0,/<[0-9A-f:\.]+:/){printf "%s\n",substr($0,RSTART+1,RLENGTH-2)}')"
+ fi
+ if [ -n "$(printf "%s\n" "${ban_logterms}" | grep -F "sshd")" ]
+ then
+ log_merge="${log_merge} $(printf "%s\n" "${log_raw}" | grep "error: maximum authentication attempts exceeded\|sshd.*Connection closed by.*\[preauth\]" | awk 'match($0,/[0-9A-f:\.]+ port/){printf "%s\n",substr($0,RSTART,RLENGTH-5)}')"
+ fi
+ if [ -n "$(printf "%s\n" "${ban_logterms}" | grep -F "luci")" ]
+ then
+ log_merge="${log_merge} $(printf "%s\n" "${log_raw}" | grep "luci: failed login on " | awk 'match($0,/[0-9A-f:\.]+$/){printf "%s\n",substr($0,RSTART,RLENGTH)}')"
+ fi
+ log_merge="$(printf "%s" "${log_merge}" | awk '{ORS=" ";print $0}')"
+ fi
+
+ # prepare new black- and whitelist entries
+ #
+ if [ "${ban_autowhitelist}" = "1" ] && [ -f "${ban_whitelist}" ]
+ then
+ for ip in ${ban_subnets}
+ do
+ if [ -z "$(grep -F "${ip}" "${ban_whitelist}")" ]
+ then
+ src_ts="# added on $(date "+%d.%m.%Y %H:%M:%S")"
+ printf "%-42s%s\n" "${ip}" "${src_ts}" >> "${ban_whitelist}"
+ f_log "info" "IP address '${ip}' added to whitelist"
+ fi
+ done
+ fi
+ if [ "${ban_autoblacklist}" = "1" ] && [ -f "${ban_blacklist}" ]
then
- ssh_log="$(logread -e "${ban_sshdaemon}" | grep -o "${ban_sshdaemon}.*" | sed 's/ port.*$//g')"
+ for ip in ${log_merge}
+ do
+ if [ -z "$(grep -F "${ip}" "${ban_blacklist}")" ]
+ then
+ src_ts="# added on $(date "+%d.%m.%Y %H:%M:%S")"
+ printf "%-42s%s\n" "${ip}" "${src_ts}" >> "${ban_blacklist}"
+ f_log "info" "IP address '${ip}' added to blacklist"
+ fi
+ done
fi
- luci_log="$(logread -e "luci: failed login" | grep -o "luci:.*")"
- mem_total="$(awk '/^MemTotal/ {print int($2/1000)}' "/proc/meminfo" 2>/dev/null)"
- mem_free="$(awk '/^MemFree/ {print int($2/1000)}' "/proc/meminfo" 2>/dev/null)"
- f_log "debug" "f_main ::: fetch_util: ${ban_fetchutil:-"-"}, fetch_parm: ${ban_fetchparm:-"-"}, ssh_daemon: ${ban_sshdaemon}, interface(s): ${ban_iface:-"-"}, device(s): ${ban_dev:-"-"}, all_devices: ${ban_dev_all:-"-"}, backup_dir: ${ban_backupdir:-"-"}, mem_total: ${mem_total:-0}, mem_free: ${mem_free:-0}, max_queue: ${ban_maxqueue}"
- # chain creation
+ # initial ipset/iptables creation
#
- f_ipset initial
- if [ "${?}" -ne 0 ]
+ f_ipset "initial"
+ if [ "${?}" != "0" ]
then
- f_log "err" "banIP processing failed, fatal error during iptables chain creation (${ban_sysver})"
+ f_log "err" "banIP processing failed, fatal error during ipset/iptables creation (${ban_sysver})"
fi
- # main loop
+ # load local source files (maclist, blacklist, whitelist)
#
- for src_name in ${ban_sources}
+ for src_name in ${ban_localsources}
do
- unset src_on
- if [ "${src_name##*_}" = "6" ]
+ if [ "${src_name}" = "maclist" ] && [ -s "${ban_maclist}" ]
+ then
+ (
+ src_rule_4="/^([0-9A-z][0-9A-z]:){5}[0-9A-z]{2}([[:space:]]|$)/{print \"add ${src_name} \"toupper(\$1)}"
+ f_down "${src_name}" "mac" "mac" "${ban_maclist}" "${src_rule_4}"
+ )&
+ fi
+ if [ "${ban_proto4_enabled}" = "1" ]
then
- if [ -x "${ban_ipt6}" ]
+ if [ "${src_name}" = "blacklist" ] && [ -s "${ban_blacklist}" ]
then
- src_on="$(eval printf "%s" \"\$\{ban_src_on_6_${src_name%_6*}\}\")"
- src_url="$(eval printf "%s" \"\$\{ban_src_6_${src_name%_6*}\}\")"
- src_rset="$(eval printf "%s" \"\$\{ban_src_rset_6_${src_name%_6*}\}\")"
- src_setipv="inet6"
- wan_input="${ban_wan_input_chain_6:-"input_wan_rule"}"
- wan_forward="${ban_wan_forward_chain_6:-"forwarding_wan_rule"}"
- lan_input="${ban_lan_input_chain_6:-"input_lan_rule"}"
- lan_forward="${ban_lan_forward_chain_6:-"forwarding_lan_rule"}"
- target_src="${ban_target_src_6:-"DROP"}"
- target_dst="${ban_target_dst_6:-"REJECT"}"
+ (
+ src_rule_4="/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add ${src_name}_4 \"\$1}"
+ f_down "${src_name}" "4" "inet" "${ban_blacklist}" "${src_rule_4}"
+ )&
+ elif [ "${src_name}" = "whitelist" ] && [ -s "${ban_whitelist}" ]
+ then
+ (
+ src_rule_4="/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add ${src_name}_4 \"\$1}"
+ f_down "${src_name}" "4" "inet" "${ban_whitelist}" "${src_rule_4}"
+ )&
fi
- else
- if [ -x "${ban_ipt}" ]
+ fi
+ if [ "${ban_proto6_enabled}" = "1" ]
+ then
+ if [ "${src_name}" = "blacklist" ] && [ -s "${ban_blacklist}" ]
+ then
+ (
+ src_rule_6="/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print \"add ${src_name}_6 \"\$1}"
+ f_down "${src_name}" "6" "inet6" "${ban_blacklist}" "${src_rule_6}"
+ )&
+ elif [ "${src_name}" = "whitelist" ] && [ -s "${ban_whitelist}" ]
then
- src_on="$(eval printf "%s" \"\$\{ban_src_on_${src_name}\}\")"
- src_url="$(eval printf "%s" \"\$\{ban_src_${src_name}\}\")"
- src_rset="$(eval printf "%s" \"\$\{ban_src_rset_${src_name}\}\")"
- src_setipv="inet"
- wan_input="${ban_wan_input_chain:-"input_wan_rule"}"
- wan_forward="${ban_wan_forward_chain:-"forwarding_wan_rule"}"
- lan_input="${ban_lan_input_chain:-"input_lan_rule"}"
- lan_forward="${ban_lan_forward_chain:-"forwarding_lan_rule"}"
- target_src="${ban_target_src:-"DROP"}"
- target_dst="${ban_target_dst:-"REJECT"}"
+ (
+ src_rule_6="/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print \"add ${src_name}_6 \"\$1}"
+ f_down "${src_name}" "6" "inet6" "${ban_whitelist}" "${src_rule_6}"
+ )&
fi
fi
- src_settype="$(eval printf "%s" \"\$\{ban_src_settype_${src_name%_6*}\}\")"
- src_ruletype="$(eval printf "%s" \"\$\{ban_src_ruletype_${src_name%_6*}\}\")"
- src_cat="$(eval printf "%s" \"\$\{ban_src_cat_${src_name%_6*}\}\")"
- src_addon=""
- src_rc=4
- tmp_load="${ban_tmpfile}.${src_name}.load"
- tmp_file="${ban_tmpfile}.${src_name}.file"
- tmp_raw="${tmp_file}.raw"
- tmp_cnt="${tmp_file}.cnt"
- tmp_err="${tmp_file}.err"
-
- # basic pre-checks
- #
- f_log "debug" "f_main ::: name: ${src_name}, src_on: ${src_on:-"-"}"
+ done
+ wait
- if [ -z "${src_on}" ] || [ "${src_on}" != "1" ] || [ -z "${src_url}" ] || \
- [ -z "${src_rset}" ] || [ -z "${src_settype}" ] || [ -z "${src_ruletype}" ]
+ # loop over all external sources
+ #
+ for src_name in ${ban_sources}
+ do
+ # get source data from JSON file
+ #
+ json_select "${src_name}" >/dev/null 2>&1
+ if [ "${?}" != "0" ]
then
- f_ipset flush
- f_ipset remove
continue
- elif [ "${ban_action}" = "refresh" ] && [ ! -f "${src_url}" ]
+ fi
+ json_objects="url_4 rule_4 url_6 rule_6 comp"
+ for object in ${json_objects}
+ do
+ eval json_get_var src_${object} "\${object}" >/dev/null 2>&1
+ done
+ json_select ..
+
+ # handle external IPv4 source downloads in a subshell
+ #
+ if [ "${ban_proto4_enabled}" = "1" ] && [ -n "${src_url_4}" ] && [ -n "${src_rule_4}" ]
then
- start_ts="$(date +%s)"
- f_ipset refresh
- if [ "${?}" -eq 0 ]
- then
- continue
- fi
+ (
+ f_down "${src_name}" "4" "inet" "${src_url_4}" "${src_rule_4}" "${src_comp}"
+ )&
+ fi
+
+ # handle external IPv6 source downloads in a subshell
+ #
+ if [ "${ban_proto6_enabled}" = "1" ] && [ -n "${src_url_6}" ] && [ -n "${src_rule_6}" ]
+ then
+ (
+ f_down "${src_name}" "6" "inet6" "${src_url_6}" "${src_rule_6}" "${src_comp}"
+ )&
fi
- # download queue processing
+ # control/limit download queues
#
- (
- start_ts="$(date +%s)"
- if [ "${ban_action}" = "start" ] && [ ! -f "${src_url}" ]
+ hold=$((cnt%ban_maxqueue))
+ if [ "${hold}" = "0" ]
+ then
+ wait
+ fi
+ cnt=$((cnt+1))
+ done
+ wait
+
+ # error out
+ #
+ for err_file in "${ban_tmpfile}."*".err"
+ do
+ if [ -f "${err_file}" ]
+ then
+ f_log "err" "banIP processing failed, fatal iptables errors during subshell processing (${ban_sysver})"
+ fi
+ done
+
+ # finish processing
+ #
+ ban_sources=""
+ for cnt_file in "${ban_tmpfile}."*".cnt"
+ do
+ if [ -f "${cnt_file}" ]
+ then
+ read -r cnt < "${cnt_file}"
+ ban_cnt=$((ban_cnt+cnt))
+ ban_setcnt=$((ban_setcnt+1))
+ src_name="$(printf "%s" "${cnt_file}" | grep -Eo "[a-z0-9_]+.file.cnt")"
+ src_name="${src_name%%.*}"
+ if [ -z "$(printf "%s" "${ban_sources}" | grep -F "${src_name%_*}")" ]
then
- f_ipset restore
+ ban_sources="${ban_sources} ${src_name%_*}"
+ ban_allsources="${ban_allsources/${src_name%_*}/}"
fi
- src_rc="${?}"
- if [ "${src_rc}" -ne 0 ] || [ ! -s "${tmp_load}" ]
+ fi
+ done
+ for src_name in ${ban_allsources}
+ do
+ if [ "${src_name}" = "maclist" ]
+ then
+ f_ipset "flush"
+ else
+ for proto in "4" "6"
+ do
+ src_name="${src_name%_*}_${proto}"
+ f_ipset "flush"
+ if [ "${src_name%_*}" != "blacklist" ] && [ "${src_name%_*}" != "whitelist" ]
+ then
+ f_ipset "remove"
+ fi
+ done
+ fi
+ done
+ f_log "info" "${ban_setcnt} IPSets with overall ${ban_cnt} IPs/Prefixes loaded successfully (${ban_sysver})"
+ f_bgsrv "start"
+ f_jsnup
+ f_rmtmp
+}
+
+# query ipsets for certain IP
+#
+f_query()
+{
+ local src proto result query_start query_end query_timeout="30" match="0" search="${1}"
+
+ if [ -z "${search}" ]
+ then
+ printf "%s\n" "::: missing search term, please submit a single ip or mac address :::"
+ else
+ query_start="$(date "+%s")"
+ printf "%s\n%s\n%s\n" ":::" "::: search '${search}' in banIP related IPSets" ":::"
+
+ for src in ${ban_localsources} ${ban_sources}
+ do
+ if [ "${src}" = "maclist" ] && [ -n "$("${ban_ipset_cmd}" -q -n list "${src}")" ]
then
- if [ -f "${src_url}" ]
+ result="$(ipset -q test ${src} ${search} >/dev/null 2>&1; printf "%u" "${?}")"
+ if [ "${result}" = "0" ]
then
- src_log="$(cat "${src_url}" 2>/dev/null > "${tmp_load}")"
- src_rc="${?}"
- case "${src_name}" in
- "whitelist")
- src_addon="${ban_subnets}"
- ;;
- "whitelist_6")
- src_addon="${ban_subnets6}"
- ;;
- "blacklist")
- if [ "${ban_sshdaemon}" = "dropbear" ]
- then
- pid_list="$(printf "%s\\n" "${ssh_log}" | grep -F "Exit before auth" | awk 'match($0,/(\[[0-9]+\])/){ORS=" ";print substr($0,RSTART,RLENGTH)}')"
- for pid in ${pid_list}
- do
- src_addon="${src_addon} $(printf "%s\\n" "${ssh_log}" | grep -F "${pid}" | awk 'match($0,/([0-9]{1,3}\.){3}[0-9]{1,3}$/){ORS=" ";print substr($0,RSTART,RLENGTH);exit}')"
- done
- elif [ "${ban_sshdaemon}" = "sshd" ]
- then
- src_addon="$(printf "%s\\n" "${ssh_log}" | grep -F "error: maximum authentication attempts exceeded" | awk 'match($0,/([0-9]{1,3}\.){3}[0-9]{1,3}$/){ORS=" ";print substr($0,RSTART,RLENGTH)}')"
- fi
- src_addon="${src_addon} $(printf "%s\\n" "${luci_log}" | awk 'match($0,/([0-9]{1,3}\.){3}[0-9]{1,3}$/){ORS=" ";print substr($0,RSTART,RLENGTH)}')"
- ;;
- "blacklist_6")
- if [ "${ban_sshdaemon}" = "dropbear" ]
- then
- pid_list="$(printf "%s\\n" "${ssh_log}" | grep -F "Exit before auth" | awk 'match($0,/(\[[0-9]+\])/){ORS=" ";print substr($0,RSTART,RLENGTH)}')"
- for pid in ${pid_list}
- do
- src_addon="${src_addon} $(printf "%s\\n" "${ssh_log}" | grep -F "${pid}" | awk 'match($0,/(([0-9A-f]{0,4}::?){1,7}[0-9A-f]{0,4}$)/){ORS=" ";print substr($0,RSTART,RLENGTH);exit}')"
- done
- elif [ "${ban_sshdaemon}" = "sshd" ]
- then
- src_addon="$(printf "%s\\n" "${ssh_log}" | grep -F "error: maximum authentication attempts exceeded" | awk 'match($0,/(([0-9A-f]{0,4}::?){1,7}[0-9A-f]{0,4}$)/){ORS=" ";print substr($0,RSTART,RLENGTH)}')"
- fi
- src_addon="${src_addon} $(printf "%s\\n" "${luci_log}" | awk 'match($0,/(([0-9A-f]{0,4}::?){1,7}[0-9A-f]{0,4}$)/){ORS=" ";print substr($0,RSTART,RLENGTH)}')"
- ;;
- esac
- for ip in ${src_addon}
- do
- if [ -z "$(grep -F "${ip}" "${src_url}")" ]
+ match="1"
+ printf "%s\n" " - found in IPSet '${src}'"
+ break
+ fi
+ else
+ for proto in "4" "6"
+ do
+ if [ -n "$("${ban_ipset_cmd}" -q -n list "${src}_${proto}")" ]
+ then
+ result="$(ipset -q test ${src}_${proto} ${search} >/dev/null 2>&1; printf "%u" "${?}")"
+ if [ "${result}" = "0" ]
then
- printf "%s\\n" "${ip}" >> "${tmp_load}"
- if { [ "${src_name//_*/}" = "blacklist" ] && [ "${ban_autoblacklist}" -eq 1 ]; } || \
- { [ "${src_name//_*/}" = "whitelist" ] && [ "${ban_autowhitelist}" -eq 1 ]; }
- then
- src_ts="# auto-added $(date "+%d.%m.%Y %H:%M:%S")"
- printf "%s %s\\n" "${ip}" "${src_ts}" >> "${src_url}"
- fi
+ match="1"
+ printf "%s\n" " - found in IPSet '${src}_${proto}'"
fi
- done
- elif [ -n "${src_cat}" ]
+ fi
+ done
+ fi
+ query_end="$(date "+%s")"
+ if [ "$((query_end-query_start))" -gt "${query_timeout}" ]
+ then
+ printf "%s\n\n" " - [...]"
+ break
+ fi
+ done
+ if [ "${match}" = "0" ]
+ then
+ printf "%s\n\n" " - no match"
+ fi
+ fi
+}
+
+# generate statistics
+#
+f_report()
+{
+ local report_json report_txt bg_pid content proto src src_list cnt cnt_mac cnt_cidr cnt_ip cnt_acc cnt_sum="0" cnt_set_sum="1" cnt_acc_sum="0" cnt_mac_sum="0" cnt_ip_sum="0" cnt_cidr_sum="0" cnt_set_sum="0" action="${1}"
+
+ report_json="${ban_reportdir}/ban_report.json"
+ report_txt="${ban_reportdir}/ban_mailreport.txt"
+
+ # build json file
+ #
+ if [ "${action}" != "json" ] && { [ -n "$("${ban_ipt4_savecmd}" | grep " ${ban_chain} ")" ] || [ -n "$("${ban_ipt6_savecmd}" | grep " ${ban_chain} ")" ]; }
+ then
+ > "${report_json}"
+ > "${report_txt}"
+ printf "%s\n" "{" >> "${report_json}"
+ printf "\t%s\n" "\"ipsets\": {" >> "${report_json}"
+ for src in ${ban_localsources} ${ban_sources}
+ do
+ if [ -n "$(printf "%s\n" "${ban_settype_src}" | grep -F "${src}")" ]
+ then
+ set_type="src"
+ elif [ -n "$(printf "%s\n" "${ban_settype_dst}" | grep -F "${src}")" ]
+ then
+ set_type="dst"
+ elif [ -n "$(printf "%s\n" "${ban_settype_all}" | grep -F "${src}")" ]
+ then
+ set_type="src+dst"
+ else
+ set_type="${ban_global_settype}"
+ fi
+ if [ "${src}" = "maclist" ]
+ then
+ src_list="$("${ban_ipset_cmd}" -q list "${src}")"
+ if [ -n "${src_list}" ]
then
- if [ "${src_cat//[0-9]/}" != "${src_cat}" ]
+ cnt="$(printf "%s" "${src_list}" | awk '/^Number of entries:/{print $4}')"
+ cnt_acc="$(printf "%s" "${src_list}" | grep -cE "^(([0-9A-Z][0-9A-Z]:){5}[0-9A-Z]{2} packets [1-9]+)")"
+ cnt_acc_sum=$((cnt_acc_sum+cnt_acc))
+ cnt_mac_sum="${cnt}"
+ cnt_sum=$((cnt_sum+cnt))
+ if [ "${cnt_set_sum}" != "0" ]
then
- for as in ${src_cat}
- do
- src_log="$("${ban_fetchutil}" ${ban_fetchparm} "${tmp_raw}" "${src_url}AS${as}" 2>&1)"
- src_rc="${?}"
- if [ "${src_rc}" -eq 0 ]
- then
- jsonfilter -i "${tmp_raw}" -e '@.data.prefixes.*.prefix' 2>/dev/null >> "${tmp_load}"
- else
- break
- fi
- done
- if [ "${src_rc}" -eq 0 ]
- then
- f_ipset backup
- elif [ "${ban_action}" != "start" ]
- then
- f_ipset restore
- fi
- else
- for co in ${src_cat}
- do
- src_log="$("${ban_fetchutil}" ${ban_fetchparm} "${tmp_raw}" "${src_url}${co}&v4_format=prefix" 2>&1)"
- src_rc="${?}"
- if [ "${src_rc}" -eq 0 ]
- then
- if [ "${src_name##*_}" = "6" ]
- then
- jsonfilter -i "${tmp_raw}" -e '@.data.resources.ipv6.*' 2>/dev/null >> "${tmp_load}"
- else
- jsonfilter -i "${tmp_raw}" -e '@.data.resources.ipv4.*' 2>/dev/null >> "${tmp_load}"
- fi
- else
- break
- fi
- done
- if [ "${src_rc}" -eq 0 ]
- then
- f_ipset backup
- elif [ "${ban_action}" != "start" ]
- then
- f_ipset restore
- fi
+ printf "%s\n" "," >> "${report_json}"
fi
- else
- src_log="$("${ban_fetchutil}" ${ban_fetchparm} "${tmp_raw}" "${src_url}" 2>&1)"
- src_rc="${?}"
- if [ "${src_rc}" -eq 0 ]
+ printf "\t\t%s\n" "\"${src}\": {" >> "${report_json}"
+ printf "\t\t\t%s\n" "\"type\": \"${set_type}\"," >> "${report_json}"
+ printf "\t\t\t%s\n" "\"count\": \"${cnt}\"," >> "${report_json}"
+ printf "\t\t\t%s\n" "\"count_ip\": \"0\"," >> "${report_json}"
+ printf "\t\t\t%s\n" "\"count_cidr\": \"0\"," >> "${report_json}"
+ printf "\t\t\t%s\n" "\"count_mac\": \"${cnt}\"," >> "${report_json}"
+ printf "\t\t\t%s" "\"count_acc\": \"${cnt_acc}\"" >> "${report_json}"
+ printf ",\n\t\t\t%s" "\"member_acc\": [" >> "${report_json}"
+ printf "%s" "${src_list}" | awk '/^(([0-9A-Z][0-9A-Z]:){5}[0-9A-Z]{2} packets [1-9]+)/{print $1,$3}' | \
+ awk 'BEGIN{i=0};{i=i+1;if(i==1){printf "\n\t\t\t\t\t{\n\t\t\t\t\t\t\"member\": \"%s\",\n\t\t\t\t\t\t\"packets\": \"%s\"\n\t\t\t\t\t}",$1,$2}else{printf ",\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"member\": \"%s\",\n\t\t\t\t\t\t\t\"packets\": \"%s\"\n\t\t\t\t\t\t}",$1,$2}}' >> "${report_json}"
+ printf "\n\t\t\t%s\n" "]" >> "${report_json}"
+ printf "\t\t%s" "}" >> "${report_json}"
+ cnt_set_sum=$((cnt_set_sum+1))
+ fi
+ else
+ for proto in "4" "6"
+ do
+ src_list="$("${ban_ipset_cmd}" -q list "${src}_${proto}")"
+ if [ -n "${src_list}" ]
then
- zcat "${tmp_raw}" 2>/dev/null > "${tmp_load}"
- src_rc="${?}"
- if [ "${src_rc}" -ne 0 ]
+ cnt="$(printf "%s\n" "${src_list}" | awk '/^Number of entries:/{print $4}')"
+ cnt_cidr="$(printf "%s\n" "${src_list}" | grep -cE "(/[0-9]{1,3} packets)")"
+ cnt_ip=$((cnt-cnt_cidr-cnt_mac))
+ cnt_acc="$(printf "%s\n" "${src_list}" | grep -cE "( packets [1-9]+)")"
+ cnt_cidr_sum=$((cnt_cidr_sum+cnt_cidr))
+ cnt_ip_sum=$((cnt_ip_sum+cnt_ip))
+ cnt_acc_sum=$((cnt_acc_sum+cnt_acc))
+ cnt_sum=$((cnt_sum+cnt))
+ if [ "${cnt_set_sum}" != "0" ]
then
- mv -f "${tmp_raw}" "${tmp_load}"
- src_rc="${?}"
+ printf "%s\n" "," >> "${report_json}"
fi
- if [ "${src_rc}" -eq 0 ]
- then
- f_ipset backup
- src_rc="${?}"
- fi
- elif [ "${ban_action}" != "start" ]
- then
- f_ipset restore
- src_rc="${?}"
+ printf "\t\t%s\n" "\"${src}_${proto}\": {" >> "${report_json}"
+ printf "\t\t\t%s\n" "\"type\": \"${set_type}\"," >> "${report_json}"
+ printf "\t\t\t%s\n" "\"count\": \"${cnt}\"," >> "${report_json}"
+ printf "\t\t\t%s\n" "\"count_ip\": \"${cnt_ip}\"," >> "${report_json}"
+ printf "\t\t\t%s\n" "\"count_cidr\": \"${cnt_cidr}\"," >> "${report_json}"
+ printf "\t\t\t%s\n" "\"count_mac\": \"0\"," >> "${report_json}"
+ printf "\t\t\t%s" "\"count_acc\": \"${cnt_acc}\"" >> "${report_json}"
+ printf ",\n\t\t\t%s" "\"member_acc\": [" >> "${report_json}"
+ printf "%s" "${src_list}" | awk '/( packets [1-9]+)/{print $1,$3}' | \
+ awk 'BEGIN{i=0};{i=i+1;if(i==1){printf "\n\t\t\t\t\t{\n\t\t\t\t\t\t\"member\": \"%s\",\n\t\t\t\t\t\t\"packets\": \"%s\"\n\t\t\t\t\t}",$1,$2}else{printf ",\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"member\": \"%s\",\n\t\t\t\t\t\t\t\"packets\": \"%s\"\n\t\t\t\t\t\t}",$1,$2}}' >> "${report_json}"
+ printf "\n\t\t\t%s\n" "]" >> "${report_json}"
+ printf "\t\t%s" "}" >> "${report_json}"
+ cnt_set_sum=$((cnt_set_sum+1))
fi
- fi
+ done
fi
+ done
+ printf "\n\t%s" "}" >> "${report_json}"
+ printf ",\n\t%s\n" "\"timestamp\": \"$(date "+%d.%m.%Y %H:%M:%S")\"," >> "${report_json}"
+ printf "\t%s\n" "\"cnt_set_sum\": \"${cnt_set_sum}\"," >> "${report_json}"
+ printf "\t%s\n" "\"cnt_ip_sum\": \"${cnt_ip_sum}\"," >> "${report_json}"
+ printf "\t%s\n" "\"cnt_cidr_sum\": \"${cnt_cidr_sum}\"," >> "${report_json}"
+ printf "\t%s\n" "\"cnt_mac_sum\": \"${cnt_mac_sum}\"," >> "${report_json}"
+ printf "\t%s\n" "\"cnt_sum\": \"${cnt_sum}\"," >> "${report_json}"
+ printf "\t%s\n" "\"cnt_acc_sum\": \"${cnt_acc_sum}\"" >> "${report_json}"
+ printf "%s\n" "}" >> "${report_json}"
+ fi
- if [ "${src_rc}" -eq 0 ]
- then
- awk "${src_rset}" "${tmp_load}" 2>/dev/null > "${tmp_file}"
- src_rc="${?}"
- if [ "${src_rc}" -eq 0 ]
- then
- f_ipset create
- src_rc="${?}"
- elif [ "${ban_action}" != "refresh" ]
+ # output preparation
+ #
+ if [ -s "${report_json}" ] && { [ "${action}" = "cli" ] || [ "${action}" = "mail" ]; }
+ then
+ printf "%s\n%s\n%s\n" ":::" "::: report on all banIP related IPSets" ":::" >> "${report_txt}"
+ json_load_file "${report_json}" >/dev/null 2>&1
+ json_get_var value "timestamp" >/dev/null 2>&1
+ printf " + %s\n" "Report timestamp ::: ${value}" >> "${report_txt}"
+ json_get_var value "cnt_set_sum" >/dev/null 2>&1
+ printf " + %s\n" "Number of all IPSets ::: ${value:-"0"}" >> "${report_txt}"
+ json_get_var value "cnt_sum" >/dev/null 2>&1
+ printf " + %s\n" "Number of all entries ::: ${value:-"0"}" >> "${report_txt}"
+ json_get_var value "cnt_ip_sum" >/dev/null 2>&1
+ printf " + %s\n" "Number of IP entries ::: ${value:-"0"}" >> "${report_txt}"
+ json_get_var value "cnt_cidr_sum" >/dev/null 2>&1
+ printf " + %s\n" "Number of CIDR entries ::: ${value:-"0"}" >> "${report_txt}"
+ json_get_var value "cnt_mac_sum" >/dev/null 2>&1
+ printf " + %s\n" "Number of MAC entries ::: ${value:-"0"}" >> "${report_txt}"
+ json_get_var value "cnt_acc_sum" >/dev/null 2>&1
+ printf " + %s\n" "Number of accessed entries ::: ${value:-"0"}" >> "${report_txt}"
+ json_select "ipsets"
+ json_get_keys ipsetlist
+ if [ -n "${ipsetlist}" ]
+ then
+ printf "%s\n%s\n%s\n" ":::" "::: IPSet details" ":::" >> "${report_txt}"
+ printf "%-25s%-12s%-11s%-10s%-10s%-10s%-10s%s\n" " Name" "Type" "Count" "Cnt_IP" "Cnt_CIDR" "Cnt_MAC" "Cnt_ACC" "Entry details (Entry/Count)" >> "${report_txt}"
+ printf "%s\n" " --------------------------------------------------------------------------------------------------------------------" >> "${report_txt}"
+ fi
+ for ipset in ${ipsetlist}
+ do
+ set_info="${ipset}"
+ acc_info=""
+ json_select "${ipset}"
+ json_get_keys detaillist
+ for detail in ${detaillist}
+ do
+ if [ "${detail}" != "member_acc" ]
then
- f_ipset refresh
- src_rc="${?}"
- fi
- else
- src_log="$(printf "%s" "${src_log}" | awk '{ORS=" ";print $0}')"
- if [ "${ban_action}" != "refresh" ]
+ json_get_var value "${detail}" >/dev/null 2>&1
+ set_info="${set_info} ${value}"
+ elif [ "${detail}" = "member_acc" ]
then
- f_ipset refresh
- src_rc="${?}"
+ index=1
+ json_select "${detail}"
+ while json_get_type type "${index}" && [ "${type}" = "object" ]
+ do
+ json_get_values values "${index}" >/dev/null 2>&1
+ acc_info="${acc_info} ${values}"
+ index=$((index+1))
+ done
+ json_select ".."
fi
- f_log "debug" "f_main ::: name: ${src_name}, url: ${src_url}, rc: ${src_rc}, log: ${src_log:-"-"}"
+ done
+ printf " %-21s%-12s%-11s%-10s%-10s%-10s%s\n" ${set_info} >> "${report_txt}"
+ if [ -n "${acc_info}" ]
+ then
+ printf " %-25s%s\n" ${acc_info} >> "${report_txt}"
fi
- )&
- hold="$((cnt%ban_maxqueue))"
- if [ "${hold}" -eq 0 ]
- then
- wait
- fi
- cnt="$((cnt+1))"
- done
- wait
+ printf "%s\n" " --------------------------------------------------------------------------------------------------------------------" >> "${report_txt}"
+ json_select ".."
+ done
+ content="$(cat "${report_txt}" 2>/dev/null)"
+ fi
- if [ -z "$(ls "${ban_tmpfile}".*.err 2>/dev/null)" ]
+ # report output
+ #
+ if [ "${action}" = "cli" ]
then
- for cnt_file in "${ban_tmpfile}".*.cnt
- do
- if [ -f "$cnt_file" ]
- then
- read -r cnt < "$cnt_file"
- ban_cnt="$((ban_cnt+cnt))"
- ban_setcnt="$((ban_setcnt+1))"
- fi
- done
- f_log "info" "${ban_setcnt} IPSets with overall ${ban_cnt} IPs/Prefixes loaded successfully (${ban_sysver})"
- f_bgserv "start"
- f_jsnup
- f_rmtemp
- else
- f_log "err" "banIP processing failed, fatal iptables error(s) during subshell processing (${ban_sysver})"
+ printf "%s\n" "${content}"
+ elif [ "${action}" = "json" ]
+ then
+ cat "${ban_reportdir}/ban_report.json"
+ elif [ "${action}" = "mail" ] && [ "${ban_mail_enabled}" = "1" ] && [ -x "${ban_mailservice}" ]
+ then
+ ( "${ban_mailservice}" "${ban_ver}" "${content}" >/dev/null 2>&1 )&
+ bg_pid="${!}"
fi
+ f_log "debug" "f_report ::: action: ${action}, report_json: ${report_json}, report_txt: ${report_txt}, bg_pid: ${bg_pid:-"-"}"
}
# update runtime information
#
f_jsnup()
{
- local rundate status="${1:-"enabled"}"
+ local memory entry runtime cnt_info status="${1:-"enabled"}"
- rundate="$(date "+%d.%m.%Y %H:%M:%S")"
- ban_cntinfo="${ban_setcnt} IPSets with overall ${ban_cnt} IPs/Prefixes"
+ if [ "${status}" = "enabled" ] || [ "${status}" = "error" ]
+ then
+ ban_endtime="$(date "+%s")"
+ cnt_info="${ban_setcnt} IPSets with ${ban_cnt} IPs/Prefixes"
+ memory="$(awk '/^MemTotal|^MemFree|^MemAvailable/{ORS="/"; print int($2/1000)}' "/proc/meminfo" 2>/dev/null | awk '{print substr($0,1,length($0)-1)}')"
+ if [ "$(( (ban_endtime-ban_starttime)/60 ))" -lt "60" ]
+ then
+ runtime="${ban_action}, $(( (ban_endtime-ban_starttime)/60 ))m $(( (ban_endtime-ban_starttime)%60 ))s, ${memory:-0}, $(date "+%d.%m.%Y %H:%M:%S")"
+ else
+ runtime="${ban_action}, n/a, ${memory:-0}, $(date "+%d.%m.%Y %H:%M:%S")"
+ fi
+ fi
> "${ban_rtfile}"
json_load_file "${ban_rtfile}" >/dev/null 2>&1
json_init
- json_add_object "data"
json_add_string "status" "${status}"
json_add_string "version" "${ban_ver}"
- json_add_string "util_info" "${ban_fetchutil:-"-"}, ${ban_realtime:-"-"}"
- json_add_string "ipset_info" "${ban_cntinfo:-"-"}"
- json_add_string "backup_dir" "${ban_backupdir}"
- json_add_string "last_run" "${rundate:-"-"}"
+ json_add_string "ipset_info" "${cnt_info:-"-"}"
+ json_add_array "active_sources"
+ if [ "${status}" = "running" ] || [ "${status}" = "error" ]
+ then
+ json_add_object
+ json_add_string "source" "-"
+ json_close_object
+ else
+ for entry in ${ban_sources}
+ do
+ json_add_object
+ json_add_string "source" "${entry}"
+ json_close_object
+ done
+ fi
+ json_close_array
+ json_add_array "active_devs"
+ for entry in ${ban_devs}
+ do
+ json_add_object
+ json_add_string "dev" "${entry}"
+ json_close_object
+ done
+ json_close_array
+ json_add_array "active_ifaces"
+ for entry in ${ban_ifaces}
+ do
+ json_add_object
+ json_add_string "iface" "${entry}"
+ json_close_object
+ done
+ json_close_array
+ json_add_array "active_logterms"
+ for entry in ${ban_logterms}
+ do
+ json_add_object
+ json_add_string "term" "${entry}"
+ json_close_object
+ done
+ json_close_array
+ json_add_array "active_subnets"
+ for entry in ${ban_subnets}
+ do
+ json_add_object
+ json_add_string "subnet" "${entry}"
+ json_close_object
+ done
+ json_close_array
+ json_add_string "run_infos" "settype: ${ban_global_settype}, backup_dir: ${ban_backupdir}, report_dir: ${ban_reportdir}"
+ json_add_string "run_flags" "protocols (4/6): $(f_char ${ban_proto4_enabled})/$(f_char ${ban_proto6_enabled}), log (src/dst): $(f_char ${ban_logsrc_enabled})/$(f_char ${ban_logdst_enabled}), monitor: $(f_char ${ban_monitor_enabled}), mail: $(f_char ${ban_mail_enabled})"
+ json_add_string "last_run" "${runtime:-"-"}"
json_add_string "system" "${ban_sysver}"
- json_close_object
json_dump > "${ban_rtfile}"
- f_log "debug" "f_jsnup ::: status: ${status}, setcnt: ${ban_setcnt}, cnt: ${ban_cnt}"
+
+ if [ "${ban_mail_enabled}" = "1" ] && [ -x "${ban_mailservice}" ] && { [ "${status}" = "error" ] || \
+ { [ "${status}" = "enabled" ] && { [ -z "${ban_mailactions}" ] || [ -n "$(printf "%s\n" "${ban_mailactions}" | grep -F "${ban_action}")" ]; }; }; }
+ then
+ ( "${ban_mailservice}" "${ban_ver}" >/dev/null 2>&1 )&
+ bg_pid="${!}"
+ fi
+ f_log "debug" "f_jsnup ::: status: ${status:-"-"}, action: ${ban_action}, mail_enabled: ${ban_mail_enabled}, mail_actions: ${ban_mailactions}, mail_service: ${ban_mailservice}, mail_pid: ${bg_pid:-"-"}"
}
# source required system libraries
f_log "err" "system libraries not found"
fi
+if [ "${ban_action}" = "suspend" ] || [ "${ban_action}" = "resume" ] || \
+ [ "${ban_action}" = "report" ] || [ "${ban_action}" = "query" ]
+then
+ json_load_file "${ban_rtfile}" >/dev/null 2>&1
+ json_get_var ban_status "status"
+fi
+
+# version information
+#
+if [ "${ban_action}" = "version" ]
+then
+ printf "%s\n" "${ban_ver}"
+ exit 0
+fi
+
# handle different banIP actions
#
-f_envload
+f_load
case "${ban_action}" in
"stop")
- f_bgserv "stop"
- f_jsnup stopped
- f_ipset destroy
- f_rmbackup
- f_rmtemp
+ f_bgsrv "stop"
+ f_ipset "destroy"
+ f_jsnup "stopped"
+ f_rmbckp
+ ;;
+ "restart")
+ f_bgsrv "stop"
+ f_ipset "destroy"
+ f_rmbckp
+ f_env
+ f_main
+ ;;
+ "suspend")
+ if [ "${ban_status}" = "enabled" ]
+ then
+ f_bgsrv "stop"
+ f_jsnup "running"
+ f_ipset "suspend"
+ f_jsnup "paused"
+ fi
+ f_rmtmp
+ ;;
+ "resume")
+ if [ "${ban_status}" = "paused" ]
+ then
+ f_bgsrv "stop"
+ f_env
+ f_main
+ else
+ f_rmtmp
+ fi
+ ;;
+ "query")
+ if [ "${ban_status}" = "enabled" ]
+ then
+ f_query "${2}"
+ fi
+ ;;
+ "report")
+ if [ "${ban_status}" = "enabled" ] || [ "${2}" = "json" ]
+ then
+ f_report "${2}"
+ fi
;;
- "start"|"restart"|"reload"|"refresh")
- f_bgserv "stop"
- f_envcheck
+ "start"|"reload"|"refresh")
+ f_bgsrv "stop"
+ f_env
f_main
;;
esac
--- /dev/null
+{
+ "asn": {
+ "url_4": "https://asn.ipinfo.app/api/text/list/",
+ "url_6": "https://asn.ipinfo.app/api/text/list/",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add asn_4 \"$1}",
+ "rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print \"add asn_6 \"$1}",
+ "focus": "ASN blocks",
+ "descurl": "https://asn.ipinfo.app"
+ },
+ "bogon": {
+ "url_4": "https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt",
+ "url_6": "https://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add bogon_4 \"$1}",
+ "rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print \"add bogon_6 \"$1}",
+ "focus": "Bogon prefixes",
+ "descurl": "https://team-cymru.com"
+ },
+ "country": {
+ "url_4": "https://www.ipdeny.com/ipblocks/data/aggregated/",
+ "url_6": "https://www.ipdeny.com/ipv6/ipaddresses/aggregated/",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add country_4 \"$1}",
+ "rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print \"add country_6 \"$1}",
+ "focus": "Country blocks",
+ "descurl": "https://www.ipdeny.com/ipblocks"
+ },
+ "darklist": {
+ "url_4": "https://darklist.de/raw.php",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add darklist_4 \"$1}",
+ "focus": "Attacker IP blacklist",
+ "descurl": "https://darklist.de"
+ },
+ "debl": {
+ "url_4": "https://www.blocklist.de/downloads/export-ips_all.txt",
+ "url_6": "https://www.blocklist.de/downloads/export-ips_all.txt",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add debl_4 \"$1}",
+ "rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print \"add debl_6 \"$1}",
+ "focus": "Fail2ban IP blacklist",
+ "descurl": "https://www.blocklist.de"
+ },
+ "doh": {
+ "url_4": "https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-ipv4.txt",
+ "url_6": "https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-ipv6.txt",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add doh_4 \"$1}",
+ "rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print \"add doh_6 \"$1}",
+ "focus": "Public DoH-Provider",
+ "descurl": "https://github.com/dibdot/DoH-IP-blocklists"
+ },
+ "drop": {
+ "url_4": "https://www.spamhaus.org/drop/drop.txt",
+ "url_6": "https://www.spamhaus.org/drop/dropv6.txt",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add drop_4 \"$1}",
+ "rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print \"add drop_6 \"$1}",
+ "focus": "Spamhaus drop compilation",
+ "descurl": "https://www.spamhaus.org"
+ },
+ "dshield": {
+ "url_4": "https://feeds.dshield.org/block.txt",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add dshield_4 \"$1 \"/\"$3}",
+ "focus": "Dshield IP blocklist",
+ "descurl": "https://www.dshield.org"
+ },
+ "edrop": {
+ "url_4": "https://www.spamhaus.org/drop/edrop.txt",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add edrop_4 \"$1}",
+ "focus": "Spamhaus edrop compilation",
+ "descurl": "https://www.spamhaus.org"
+ },
+ "feodo": {
+ "url_4": "https://feodotracker.abuse.ch/downloads/ipblocklist.txt",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add feodo_4 \"$1}",
+ "focus": "Feodo Tracker",
+ "descurl": "https://feodotracker.abuse.ch"
+ },
+ "firehol1": {
+ "url_4": "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add firehol1_4 \"$1}",
+ "focus": "Firehol Level 1 compilation",
+ "descurl": "https://iplists.firehol.org/?ipset=firehol_level1"
+ },
+ "firehol2": {
+ "url_4": "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add firehol2_4 \"$1}",
+ "focus": "Firehol Level 2 compilation",
+ "descurl": "https://iplists.firehol.org/?ipset=firehol_level2"
+ },
+ "firehol3": {
+ "url_4": "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add firehol3_4 \"$1}",
+ "focus": "Firehol Level 3 compilation",
+ "descurl": "https://iplists.firehol.org/?ipset=firehol_level3"
+ },
+ "firehol4": {
+ "url_4": "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level4.netset",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add firehol4_4 \"$1}",
+ "focus": "Firehol Level 4 compilation",
+ "descurl": "https://iplists.firehol.org/?ipset=firehol_level4"
+ },
+ "iblockads": {
+ "url_4": "https://list.iblocklist.com/?list=dgxtneitpuvgqqcpfulq&fileformat=cidr&archiveformat=gz",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add iblockads_4 \"$1}",
+ "focus": "Advertising blocklist",
+ "descurl": "https://www.iblocklist.com",
+ "comp": "gz"
+ },
+ "iblockspy": {
+ "url_4": "https://list.iblocklist.com/?list=llvtlsjyoyiczbkjsxpf&fileformat=cidr&archiveformat=gz",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add iblockspy_4 \"$1}",
+ "focus": "Malicious spyware blocklist",
+ "descurl": "https://www.iblocklist.com",
+ "comp": "gz"
+ },
+ "myip": {
+ "url_4": "https://myip.ms/files/blacklist/general/latest_blacklist.txt",
+ "url_6": "https://myip.ms/files/blacklist/general/latest_blacklist.txt",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add myip_4 \"$1}",
+ "rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print \"add myip_6 \"$1}",
+ "focus": "Myip Live IP blacklist",
+ "descurl": "https://myip.ms"
+ },
+ "nixspam": {
+ "url_4": "http://www.dnsbl.manitu.net/download/nixspam-ip.dump.gz",
+ "rule_4": "/(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add nixspam_4 \"$2}",
+ "focus": "iX spam protection",
+ "descurl": "http://www.nixspam.org",
+ "comp": "gz"
+ },
+ "proxy": {
+ "url_4": "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxylists.ipset",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add proxy_4 \"$1}",
+ "focus": "Firehol list of open proxies",
+ "descurl": "https://iplists.firehol.org/?ipset=proxylists"
+ },
+ "sslbl": {
+ "url_4": "https://sslbl.abuse.ch/blacklist/sslipblacklist.csv",
+ "rule_4": "BEGIN{FS=\",\"}/(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)/{print \"add sslbl_4 \"$2}",
+ "focus": "SSL botnet IP blacklist",
+ "descurl": "https://sslbl.abuse.ch"
+ },
+ "threat": {
+ "url_4": "https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add threat_4 \"$1}",
+ "focus": "Emerging Threats",
+ "descurl": "https://rules.emergingthreats.net"
+ },
+ "tor": {
+ "url_4": "https://lists.fissionrelays.net/tor/exits-ipv4.txt",
+ "url_6": "https://lists.fissionrelays.net/tor/exits-ipv6.txt",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add tor_4 \"$1}",
+ "rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print \"add tor_6 \"$1}",
+ "focus": "Tor exit nodes",
+ "descurl": "https://fissionrelays.net/lists"
+ },
+ "uceprotect1": {
+ "url_4": "http://wget-mirrors.uceprotect.net/rbldnsd-all/dnsbl-1.uceprotect.net.gz",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{print \"add uceprotect1_4 \"$1}",
+ "focus": "Spam protection level 1",
+ "descurl": "http://www.uceprotect.net/en/index.php",
+ "comp": "gz"
+ },
+ "uceprotect2": {
+ "url_4": "http://wget-mirrors.uceprotect.net/rbldnsd-all/dnsbl-2.uceprotect.net.gz",
+ "rule_4": "BEGIN{IGNORECASE=1}/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]+NET[[:space:]]+)/{print \"add uceprotect2_4 \"$1}",
+ "focus": "Spam protection level 2",
+ "descurl": "http://www.uceprotect.net/en/index.php",
+ "comp": "gz"
+ },
+ "voip": {
+ "url_4": "http://www.voipbl.org/update/",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add voip_4 \"$1}",
+ "focus": "VoIP fraud blocklist",
+ "descurl": "http://www.voipbl.org"
+ },
+ "yoyo": {
+ "url_4": "https://pgl.yoyo.org/adservers/iplist.php?ipformat=plain&showintro=0&mimetype=plaintext",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add yoyo_4 \"$1}",
+ "focus": "Ad protection blacklist",
+ "descurl": "https://pgl.yoyo.org/adservers/"
+ }
+}
PKG_NAME:=bfdd
PKG_SOURCE_DATE:=2019-08-22
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE_VERSION:=c54534beb524afc3972039f57b56ec65332b43f7
PKG_SOURCE_URL:=https://codeload.github.com/rzalamena/bfdd/tar.gz/$(PKG_SOURCE_VERSION)?
/etc/bfdd/bfdd.json
endef
-TARGET_CFLAGS += -D_GNU_SOURCE
-
define Package/bfdd/install
$(INSTALL_DIR) \
$(1)/usr/sbin \
---- a/bfd_packet.c 2019-08-15 02:45:47.270120616 +0300
-+++ b/bfd_packet.c 2019-08-15 02:44:38.266117706 +0300
-@@ -34,7 +34,6 @@
+--- a/bfd_packet.c
++++ b/bfd_packet.c
+@@ -29,12 +29,15 @@
+ #define _UAPI_IPV6_H
+ #endif /* _UAPI_IPV6_H */
+
++#include <features.h>
+ #include <linux/filter.h>
+ #include <linux/if_ether.h>
#include <linux/if_packet.h>
#include <linux/udp.h>
#include <linux/ip.h>
--#include <linux/ipv6.h>
++#ifdef __GLIBC__
+ #include <linux/ipv6.h>
++#endif
#include <arpa/inet.h>
#include <sys/types.h>
+++ /dev/null
-diff --git a/bfd_packet.c b/bfd_packet.c
-index e8f99f9..2c9fa91 100644
---- a/bfd_packet.c
-+++ b/bfd_packet.c
-@@ -29,6 +29,8 @@
- #define _UAPI_IPV6_H
- #endif /* _UAPI_IPV6_H */
-
-+#define _GNU_SOURCE
-+
- #include <linux/filter.h>
- #include <linux/if_ether.h>
- #include <linux/if_packet.h>
include $(TOPDIR)/rules.mk
PKG_NAME:=bind
-PKG_VERSION:=9.16.8
+PKG_VERSION:=9.17.9
PKG_RELEASE:=1
USERID:=bind=57:bind=57
PKG_SOURCE_URL:= \
https://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) \
https://ftp.isc.org/isc/bind9/$(PKG_VERSION)
-PKG_HASH:=9e9b9c563692be86ec41f670f6b70e26c14e72445c742d7b5eb4db7d2b5e8d31
+PKG_HASH:=075de055d1c3d8fede6a93cc890203670948e0f13310a21d4980cb5e378f7306
PKG_FIXUP:=autoreconf
PKG_REMOVE_FILES:=aclocal.m4 libtool.m4
./files/bind/db.root \
./files/bind/bind.keys \
$(1)/etc/bind/
+ sed -e '1s/ broadcast / empty rfc1918 /' \
+ < ./files/bind/db.0 \
+ > $(1)/etc/bind/db.empty
$(CP) ./files/bind/named.conf.example $(1)/etc/bind/named.conf
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/named.init $(1)/etc/init.d/named
endef
define Package/bind-server-filter-aaaa/install
- $(INSTALL_DIR) $(1)/usr/lib/named
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/named/filter-aaaa.so $(1)/usr/lib/named
+ $(INSTALL_DIR) $(1)/usr/lib/bind
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/bind/filter-aaaa.so $(1)/usr/lib/bind
endef
define Package/bind-client/install
endef
define Package/bind-check/install
- $(INSTALL_DIR) $(1)/usr/sbin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/named-checkconf $(1)/usr/sbin/
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/named-checkzone $(1)/usr/sbin/
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/named-checkconf $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/named-checkzone $(1)/usr/bin/
endef
define Package/bind-dnssec/install
- $(INSTALL_DIR) $(1)/usr/sbin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/dnssec-keygen $(1)/usr/sbin/
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/dnssec-settime $(1)/usr/sbin/
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/dnssec-signzone $(1)/usr/sbin/
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/dnssec-keygen $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/dnssec-settime $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/dnssec-signzone $(1)/usr/bin/
endef
define Package/bind-host/install
auth-nxdomain no; # conform to RFC1035
};
+include "/etc/bind/named-rndc.conf";
+
+include "/tmp/bind/named.conf.local";
+
// prime the server with knowledge of the root servers
zone "." {
type hint;
USE_PROCD=1
-START=50
+START=22
config_file=/etc/bind/named.conf
+config_dir=$(dirname $config_file)
+named_options_file=/etc/bind/named-rndc.conf
+rndc_conf_file=/etc/bind/rndc.conf
pid_file=/var/run/named/named.pid
+rndc_temp=$(mktemp /tmp/rndc-confgen.XXXXXX)
logdir=/var/log/named/
cachedir=/var/cache/bind
libdir=/var/lib/bind
+dyndir=/tmp/bind
+
+conf_local_file=$dyndir/named.conf.local
+
fix_perms() {
- for dir in $libdir $logdir $cachedir; do
+ for dir in $libdir $logdir $cachedir $dyndir; do
test -e "$dir" || {
mkdir -p "$dir"
chgrp bind "$dir"
done
}
+reload_service() {
+ rndc -q reload
+}
+
start_service() {
user_exists bind 57 || user_add bind 57
group_exists bind 57 || group_add bind 57
fix_perms
+
+ rndc-confgen > $rndc_temp
+
+ sed -r -n \
+ -e '/^# options \{$/,/^\};$/{ s/^/# / }' \
+ -e p \
+ -e '/^# End of rndc\.conf$/q' \
+ < $rndc_temp > $rndc_conf_file
+
+ sed -r -n \
+ -e '1,/^# End of rndc\.conf$/ { b done }' \
+ -e '/^# Use with the following in named.conf/ { p ; b done }' \
+ -e '/^# End of named\.conf$/ { p ; b done }' \
+ -e '/^# key /,$ { s/^# // ; p }' \
+ -e ': done' \
+ < $rndc_temp > $named_options_file
+
+ rm -f $rndc_temp
+
+ touch $conf_local_file
+
procd_open_instance
procd_set_param command /usr/sbin/named -u bind -f -c $config_file
+ procd_set_param file $config_file \
+ $config_dir/bind.keys \
+ $named_options_file \
+ $conf_local_file \
+ $config_dir/db.*
procd_set_param respawn
procd_close_instance
}
+++ /dev/null
---- a/bin/Makefile.in
-+++ b/bin/Makefile.in
-@@ -12,7 +12,7 @@ VPATH = @srcdir@
- top_srcdir = @top_srcdir@
-
- SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen \
-- @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ plugins tests
-+ @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ plugins
- TARGETS =
-
- @BIND9_MAKE_RULES@
+++ /dev/null
-From 12a10bcfb1999d07961206587d79ce27c432c6ce Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
-Date: Tue, 27 Oct 2020 12:40:45 +0100
-Subject: [PATCH] Fix cross-compilation
-
-Using AC_RUN_IFELSE() in configure.ac breaks cross-compilation:
-
- configure: error: cannot run test program while cross compiling
-
-Commit 978c7b2e89aa37a7ddfe2f6b6ba12ce73dd04528 caused AC_RUN_IFELSE()
-to be used instead of AC_LINK_IFELSE() because the latter had seemingly
-been causing the check for --wrap support in the linker to not work as
-expected. However, it later turned out that the problem lied elsewhere:
-a minus sign ('-') was missing from the LDFLAGS variable used in the
-relevant check [1].
-
-Revert to using AC_LINK_IFELSE() for checking whether the linker
-supports the --wrap option in order to make cross-compilation possible
-again.
-
-Fixes: https://gitlab.isc.org/isc-projects/bind9/-/issues/2237
-
-[1] see commit cfa4ea64bc06685f210a4187dcc05cc0aac84851
----
- configure | 16 ++++------------
- configure.ac | 2 +-
- 2 files changed, 5 insertions(+), 13 deletions(-)
-
-diff --git a/configure b/configure
-index a408f0dcf6..7694a18c0b 100755
---- a/configure
-+++ b/configure
-@@ -22047,13 +22047,7 @@ $as_echo_n "checking for linker support for --wrap option... " >&6; }
-
-
- LDFLAGS="-Wl,--wrap,exit"
--if test "$cross_compiling" = yes; then :
-- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
--$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
--as_fn_error $? "cannot run test program while cross compiling
--See \`config.log' for more details" "$LINENO" 5; }
--else
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- #include <stdlib.h>
- void __real_exit (int status);
-@@ -22067,7 +22061,7 @@ exit (1);
- return 0;
- }
- _ACEOF
--if ac_fn_c_try_run "$LINENO"; then :
-+if ac_fn_c_try_link "$LINENO"; then :
- LD_WRAP_TESTS=true
-
- $as_echo "#define LD_WRAP 1" >>confdefs.h
-@@ -22078,10 +22072,8 @@ else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
- $as_echo "no" >&6; }
- fi
--rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
-- conftest.$ac_objext conftest.beam conftest.$ac_ext
--fi
--
-+rm -f core conftest.err conftest.$ac_objext \
-+ conftest$ac_exeext conftest.$ac_ext
-
- CCASFLAGS=$CCASFLAGS_wrap_ax_save_flags
-
-diff --git a/configure.ac b/configure.ac
-index 1201b5e2a7..9648d9727a 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -2247,7 +2247,7 @@ LD_WRAP_TESTS=false
- AC_MSG_CHECKING([for linker support for --wrap option])
- AX_SAVE_FLAGS([wrap])
- LDFLAGS="-Wl,--wrap,exit"
--AC_RUN_IFELSE(
-+AC_LINK_IFELSE(
- [AC_LANG_PROGRAM([[#include <stdlib.h>
- void __real_exit (int status);
- void __wrap_exit (int status) { __real_exit (0); }
---
-GitLab
PKG_NAME:=bridge-utils
PKG_VERSION:=1.7
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@KERNEL/linux/kernel/people/shemminger/bridge-utils
CATEGORY:=Base system
TITLE:=Ethernet bridging configuration utility
URL:=http://www.linuxfromscratch.org/blfs/view/svn/basicnet/bridge-utils.html
- ALTERNATIVES:=300:/usr/sbin/brctl:/usr/libexec/bridge-utils-brctl
+ ALTERNATIVES:=300:/usr/sbin/brctl:/usr/libexec/brctl-bridge-utils
endef
define Package/bridge/description
define Package/bridge/install
$(INSTALL_DIR) $(1)/usr/libexec
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/brctl $(1)/usr/libexec/bridge-utils-brctl
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/brctl $(1)/usr/libexec/brctl-bridge-utils
endef
$(eval $(call BuildPackage,bridge))
PKG_NAME:=cifs-utils
PKG_VERSION:=6.11
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://download.samba.org/pub/linux-cifs/cifs-utils/
define Package/cifsmount/install
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/sbin/mount.cifs $(1)/usr/sbin/
- $(LN) /usr/sbin/mount.cifs $(1)/usr/sbin/mount.smb3
+ $(LN) mount.cifs $(1)/usr/sbin/mount.smb3
endef
define Package/smbinfo/install
PKG_NAME:=clamav
PKG_VERSION:=0.102.4
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.clamav.net/downloads/production/
define Package/clamav/conffiles
/etc/config/clamav
+/etc/config/clamav-milter
endef
define Package/clamav/install
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/clamav.config $(1)/etc/config/clamav
+ $(INSTALL_CONF) ./files/clamav-milter.config $(1)/etc/config/clamav-milter
$(INSTALL_DIR) $(1)/etc/init.d/
$(INSTALL_BIN) ./files/clamav.init $(1)/etc/init.d/clamav
+ $(INSTALL_BIN) ./files/clamav-milter.init $(1)/etc/init.d/clamav-milter
$(INSTALL_DIR) $(1)/usr/share/clamav
$(CP) ./files/bytecode.cvd $(1)/usr/share/clamav/
--- /dev/null
+config clamav-milter 'clamav-milter'
+ option clamav_milter_config_file '/etc/clamav/clamav-milter.conf'
+ option Foreground 'true'
+ option PidFile '/var/run/clamav/clamav-milter.pid'
+ option User 'nobody'
+ option MilterSocketGroup 'nogroup'
+ option AllowSupplementaryGroups 'true'
+ option ReadTimeout '120'
+ option OnClean 'Accept'
+ option OnInfected 'Quarantine'
+ option OnFail 'Defer'
+ option AddHeader 'Replace'
+ option LogVerbose 'true'
+ option LogTime 'true'
+ option LogSyslog 'true'
+ option LogFacility 'LOG_LOCAL6'
+ option LogInfected 'Full'
+ option LogClean 'Basic'
+ option MaxFileSize '25M'
+ option SupportMultipleRecipients 'true'
+ option RejectMsg 'Rejecting Harmful Email: %v found.'
+ option TemporaryDirectory '/tmp'
+ option MilterSocket 'unix:/var/run/clamav/clamav-milter.sock'
+ option MilterSocketMode '666'
+ option ClamdSocket 'tcp:127.0.0.1:3310'
+ option FixStaleSocket 'true'
--- /dev/null
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2015 OpenWrt.org
+
+START=90
+STOP=10
+
+USE_PROCD=1
+PROG=/usr/sbin/clamav-milter
+CLAMAV_MILTER_CONFIGFILE="/tmp/clamav/clamav-milter.conf"
+
+validate_clamav_milter_section() {
+ uci_load_validate clamav-milter clamav_milter "$1" "$2" \
+ 'clamav_milter_config_file:string' \
+ 'Foreground:string' \
+ 'PidFile:string' \
+ 'User:string' \
+ 'MilterSocketGroup:string' \
+ 'AllowSupplementaryGroups:string' \
+ 'ReadTimeout:uinteger' \
+ 'OnClean:string' \
+ 'OnInfected:string' \
+ 'OnFail:string' \
+ 'AddHeader:string' \
+ 'LogVerbose:string' \
+ 'LogTime:string' \
+ 'LogSyslog:string' \
+ 'LogFacility:string' \
+ 'LogInfected:string' \
+ 'LogClean:string' \
+ 'MaxFileSize:string' \
+ 'SupportMultipleRecipients:string' \
+ 'RejectMsg:string' \
+ 'TemporaryDirectory:string' \
+ 'MilterSocket:string' \
+ 'MilterSocketMode:uinteger' \
+ 'ClamdSocket:string' \
+ 'FixStaleSocket:string'
+}
+
+start_clamav_milter_instance() {
+ [ "$2" = 0 ] || {
+ echo "validation failed"
+ return 1
+ }
+
+ mkdir -p /etc/clamav/
+ mkdir -p /var/run/clamav/
+ chmod a+rw /var/run/clamav
+
+ mkdir -p "$(dirname $CLAMAV_MILTER_CONFIGFILE)"
+ ln -sf "$clamav_milter_config_file" "$CLAMAV_MILTER_CONFIGFILE"
+
+ {
+ echo "Foreground " "$Foreground"
+ echo "PidFile " "$PidFile"
+ echo "User " "$User"
+ echo "MilterSocketGroup " "$MilterSocketGroup"
+ echo "AllowSupplementaryGroups " "$AllowSupplementaryGroups"
+ echo "ReadTimeout " "$ReadTimeout"
+ echo "OnClean " "$OnClean"
+ echo "OnInfected " "$OnInfected"
+ echo "OnFail " "$OnFail"
+ echo "AddHeader " "$AddHeader"
+ echo "LogVerbose " "$LogVerbose"
+ echo "LogTime " "$LogTime"
+ echo "LogSyslog " "$LogSyslog"
+ echo "LogFacility " "$LogFacility"
+ echo "LogInfected " "$LogInfected"
+ echo "LogClean " "$LogClean"
+ echo "MaxFileSize " "$MaxFileSize"
+ echo "SupportMultipleRecipients " "$SupportMultipleRecipients"
+ echo "RejectMsg " "$RejectMsg"
+ echo "TemporaryDirectory " "$TemporaryDirectory"
+ echo "MilterSocket " "$MilterSocket"
+ echo "MilterSocketMode " "$MilterSocketMode"
+ echo "ClamdSocket " "$ClamdSocket"
+ echo "FixStaleSocket " "$FixStaleSocket"
+ } > "$CLAMAV_MILTER_CONFIGFILE"
+
+ procd_open_instance
+ procd_set_param command $PROG -c $CLAMAV_MILTER_CONFIGFILE
+ procd_set_param file $CLAMAV_MILTER_CONFIGFILE
+ procd_close_instance
+}
+
+start_service()
+{
+ validate_clamav_milter_section clamav_milter start_clamav_milter_instance
+}
+
+stop_service()
+{
+ service_stop $PROG
+}
+
+service_triggers()
+{
+ procd_add_reload_trigger "clamav-milter"
+ procd_add_validation validate_clamav_milter_section
+}
option AlertEncrypted 'yes'
option MaxFileSize '10M'
option TemporaryDirectory '/tmp'
- option LocalSocket '/var/run/clamav/clamd.sock'
+ # option LocalSocket '/var/run/clamav/clamd.sock'
+ option TCPAddr '127.0.0.1'
+ option TCPSocket '3310'
option User 'nobody'
option ExitOnOOM 'yes'
option DatabaseDirectory '/usr/share/clamav'
'AlertEncrypted:string' \
'MaxFileSize:string' \
'LocalSocket:string' \
+ 'TCPSocket:port' \
+ 'TCPAddr:ipaddr' \
'User:string' \
'ExitOnOOM:string' \
'DatabaseDirectory:string'
echo "TemporaryDirectory " "$TemporaryDirectory"
echo "AlertEncrypted " "$AlertEncrypted"
echo "MaxFileSize " "$MaxFileSize"
- echo "LocalSocket " "$LocalSocket"
echo "User " "$User"
echo "ExitOnOOM " "$ExitOnOOM"
echo "DatabaseDirectory " "$DatabaseDirectory"
} > "$CLAMD_CONFIGFILE"
+ if [ -n "$LocalSocket" ]; then
+ echo "LocalSocket " "$LocalSocket" >>"$CLAMD_CONFIGFILE"
+ fi
+
+ if [ -n "$TCPSocket" ]; then
+ echo "TCPAddr" "$TCPAddr" >>"$CLAMD_CONFIGFILE"
+ echo "TCPSocket " "$TCPSocket" >>"$CLAMD_CONFIGFILE"
+ fi
+
procd_open_instance
procd_set_param command $PROG -c $CLAMD_CONFIGFILE
procd_set_param file $CLAMD_CONFIGFILE
include $(TOPDIR)/rules.mk
PKG_NAME:=conntrack-tools
+PKG_VERSION:=1.4.6
PKG_RELEASE:=1
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://git.netfilter.org/conntrack-tools
-PKG_SOURCE_DATE:=2018-05-01
-PKG_SOURCE_VERSION:=88610abee7e58f4da7ec6f198e00ff70a92c870f
-PKG_MIRROR_HASH:=cccc5e25e3cb159385b170f63f9b7fd2186f68d32239718080f605c060ea1cb8
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE_URL:=https://www.netfilter.org/projects/conntrack-tools/files
+PKG_HASH:=590859cc848245dbfd9c6487761dd303b3a1771e007f4f42213063ca56205d5f
PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
-PKG_LICENSE:=GPL-2.0
-PKG_CPE_ID:=cpe:/a:conntrack-tools_project:conntrack-tools
+PKG_LICENSE:=GPL-2.0-or-later
+PKG_LICENSE_FILES:=COPYING
+PKG_CPE_ID:=cpe:/a:netfilter:conntrack-tools
-PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
-
+PKG_BUILD_PARALLEL:=1
PKG_BUILD_DEPENDS:=libtirpc
include $(INCLUDE_DIR)/package.mk
CATEGORY:=Network
DEPENDS:=+libnetfilter-conntrack +libnetfilter-cttimeout +libnetfilter-cthelper +libnetfilter-queue
SUBMENU:=Firewall
- URL:=http://conntrack-tools.netfilter.org/
+ URL:=https://conntrack-tools.netfilter.org/
endef
define Package/conntrack
+++ /dev/null
---- a/configure.ac
-+++ b/configure.ac
-@@ -50,6 +50,25 @@
- AS_HELP_STRING([--enable-systemd], [Build systemd support]),
- [enable_systemd="$enableval"], [enable_systemd="no"])
-
-+AC_ARG_WITH([libtirpc],
-+ AS_HELP_STRING([--with-libtirpc], [Use libtirpc as RPC implementation (instead of sunrpc)]),
-+ [], [ with_libtirpc=no ])
-+
-+AS_IF([test "x$with_libtirpc" != xno],
-+ [PKG_CHECK_MODULES([TIRPC],
-+ [libtirpc],
-+ [RPC_CFLAGS=$TIRPC_CFLAGS; RPC_LIBS=$TIRPC_LIBS;],
-+ [AC_MSG_ERROR([libtirpc requested, but library not found.])]
-+ )],
-+ [AC_CHECK_HEADER(rpc/rpc.h,
-+ [RPC_CFLAGS=""; RPC_LIBS="";],
-+ [AC_MSG_ERROR([sunrpc requested, but headers are not present.])]
-+ )]
-+)
-+
-+AC_SUBST(RPC_CFLAGS)
-+AC_SUBST(RPC_LIBS)
-+
- PKG_CHECK_MODULES([LIBNFNETLINK], [libnfnetlink >= 1.0.1])
- PKG_CHECK_MODULES([LIBMNL], [libmnl >= 1.0.3])
- PKG_CHECK_MODULES([LIBNETFILTER_CONNTRACK], [libnetfilter_conntrack >= 1.0.7])
---- a/src/helpers/Makefile.am
-+++ b/src/helpers/Makefile.am
-@@ -30,8 +30,8 @@
- ct_helper_mdns_la_CFLAGS = $(HELPER_CFLAGS)
-
- ct_helper_rpc_la_SOURCES = rpc.c
--ct_helper_rpc_la_LDFLAGS = $(HELPER_LDFLAGS)
--ct_helper_rpc_la_CFLAGS = $(HELPER_CFLAGS)
-+ct_helper_rpc_la_LDFLAGS = $(HELPER_LDFLAGS) $(RPC_LIBS)
-+ct_helper_rpc_la_CFLAGS = $(HELPER_CFLAGS) $(RPC_CFLAGS)
-
- ct_helper_tftp_la_SOURCES = tftp.c
- ct_helper_tftp_la_LDFLAGS = $(HELPER_LDFLAGS)
PKG_NAME:=coova-chilli
PKG_VERSION:=1.5
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/coova/coova-chilli/tar.gz/$(PKG_VERSION)?
DISABLE_NLS=
-TARGET_CFLAGS += $(FPIC) -Wno-address-of-packed-member
+TARGET_CFLAGS += $(FPIC) -Wno-error
CONFIGURE_VARS += \
ARCH="$(LINUX_KARCH)" \
include $(TOPDIR)/rules.mk
PKG_NAME:=curl
-PKG_VERSION:=7.73.0
-PKG_RELEASE:=2
+PKG_VERSION:=7.74.0
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://dl.uxnr.de/mirror/curl/ \
https://curl.mirror.anstey.ca/ \
https://curl.askapache.com/download/ \
https://curl.haxx.se/download/
-PKG_HASH:=7c4c7ca4ea88abe00fea4740dcf81075c031b1d0bb23aff2d5efde20a3c2408a
+PKG_HASH:=999d5f2c403cf6e25d58319fdd596611e455dd195208746bc6e6d197a77e878b
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=COPYING
+++ /dev/null
-From a3d5b199f96a108f38bd1f6adaf3a7585f721d02 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 15 Oct 2020 22:56:13 +0200
-Subject: [PATCH] openssl: acknowledge SRP disabling in configure properly
-
-Follow-up to 68a513247409
-
-Use a new separate define that is the combination of both
-HAVE_OPENSSL_SRP and USE_TLS_SRP: USE_OPENSSL_SRP
-
-Bug: https://curl.haxx.se/mail/lib-2020-10/0037.html
-
-Closes #6094
----
- lib/vtls/openssl.c | 16 ++++++++++++----
- 1 file changed, 12 insertions(+), 4 deletions(-)
-
---- a/lib/vtls/openssl.c
-+++ b/lib/vtls/openssl.c
-@@ -225,6 +225,14 @@
- "ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH"
- #endif
-
-+#ifdef HAVE_OPENSSL_SRP
-+/* the function exists */
-+#ifdef USE_TLS_SRP
-+/* the functionality is not disabled */
-+#define USE_OPENSSL_SRP
-+#endif
-+#endif
-+
- struct ssl_backend_data {
- /* these ones requires specific SSL-types */
- SSL_CTX* ctx;
-@@ -2471,7 +2479,7 @@ static CURLcode ossl_connect_step1(struc
- #endif
- #endif
- const long int ssl_version = SSL_CONN_CONFIG(version);
--#ifdef HAVE_OPENSSL_SRP
-+#ifdef USE_OPENSSL_SRP
- const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(authtype);
- #endif
- char * const ssl_cert = SSL_SET_OPTION(primary.clientcert);
-@@ -2516,7 +2524,7 @@ static CURLcode ossl_connect_step1(struc
- failf(data, OSSL_PACKAGE " was built without SSLv2 support");
- return CURLE_NOT_BUILT_IN;
- #else
--#ifdef HAVE_OPENSSL_SRP
-+#ifdef USE_OPENSSL_SRP
- if(ssl_authtype == CURL_TLSAUTH_SRP)
- return CURLE_SSL_CONNECT_ERROR;
- #endif
-@@ -2529,7 +2537,7 @@ static CURLcode ossl_connect_step1(struc
- failf(data, OSSL_PACKAGE " was built without SSLv3 support");
- return CURLE_NOT_BUILT_IN;
- #else
--#ifdef HAVE_OPENSSL_SRP
-+#ifdef USE_OPENSSL_SRP
- if(ssl_authtype == CURL_TLSAUTH_SRP)
- return CURLE_SSL_CONNECT_ERROR;
- #endif
-@@ -2797,7 +2805,7 @@ static CURLcode ossl_connect_step1(struc
- }
- #endif
-
--#ifdef HAVE_OPENSSL_SRP
-+#ifdef USE_OPENSSL_SRP
- if(ssl_authtype == CURL_TLSAUTH_SRP) {
- char * const ssl_username = SSL_SET_OPTION(username);
-
include $(TOPDIR)/rules.mk
PKG_NAME:=dawn
-PKG_SOURCE_DATE:=2020-09-03
-PKG_RELEASE:=1
+PKG_SOURCE_DATE:=2020-12-31
+PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/berlin-open-wireless-lab/DAWN.git
-PKG_SOURCE_VERSION:=b639145ce90230e693c41e71624ea0c0798c424d
-PKG_MIRROR_HASH:=e31113da86e4b3b013d073f288d0d77315ce67830b0fc669fa96917667a03d9c
+PKG_SOURCE_VERSION:=8ce09d64def9a1ad4bbf57dd3fe724a8a9b93334
+PKG_MIRROR_HASH:=cc33ca6ab1c4bd3e9e2a7a380700c6c15d222b3fd7064a3ce2963abb0965f078
PKG_MAINTAINER:=Nick Hainke <vincent@systemli.org>
PKG_LICENSE:=GPL-2.0-only
PKG_NAME:=ddns-scripts
PKG_VERSION:=2.8.2
-PKG_RELEASE:=4
+PKG_RELEASE:=7
PKG_LICENSE:=GPL-2.0
# Transfer Programs
WGET=$(command -v wget)
-WGET_SSL=$(command -v wget-ssl)
+$WGET -V 2>/dev/null | grep -F -q +https && WGET_SSL=$WGET
CURL=$(command -v curl)
# CURL_SSL not empty then SSL support available
[ -z "$bind_network" ] && [ "$ip_source" = "network" ] && [ "$ip_network" ] && bind_network="$ip_network"
# lets prefer GNU Wget because it does all for us - IPv4/IPv6/HTTPS/PROXY/force IP version
- if [ -n "$WGET_SSL" -a $USE_CURL -eq 0 ]; then # except global option use_curl is set to "1"
- __PROG="$WGET_SSL --hsts-file=/tmp/.wget-hsts -nv -t 1 -O $DATFILE -o $ERRFILE" # non_verbose no_retry outfile errfile
+ if [ -n "$WGET_SSL" ] && [ $USE_CURL -eq 0 ]; then # except global option use_curl is set to "1"
+ __PROG="$WGET --hsts-file=/tmp/.wget-hsts -nv -t 1 -O $DATFILE -o $ERRFILE" # non_verbose no_retry outfile errfile
# force network/ip to use for communication
if [ -n "$bind_network" ]; then
local __BINDIP
+++ /dev/null
-{
- "name": "ddns.com.br",
- "ipv4": {
- "url": "http://[DOMAIN]:[PASSWORD]@members.ddns.com.br/nic/update?hostname=[DOMAIN]&myip=[IP]"
- }
-}
+++ /dev/null
-{
- "name": "dyns.net",
- "ipv4": {
- "url": "http://www.dyns.net/postscript011.php?username=[USERNAME]&password=[PASSWORD]&host=[DOMAIN]&ip=[IP]",
- "answer": "200"
- }
-}
{
"name": "myonlineportal.net",
"ipv4": {
- "url": "http://[USERNAME]:[PASSWORD]@myonlineportal.net/updateddns?hostname=[DOMAIN]&ip=[IP]",
+ "url": "http://myonlineportal.net/updateddns?hostname=[DOMAIN]&ip=[IP]&username=[USERNAME]&password=[PASSWORD]",
"answer": "good|nochg"
},
"ipv6": {
- "url": "http://[USERNAME]:[PASSWORD]@myonlineportal.net/updateddns?hostname=[DOMAIN]&ip6=[IP]",
+ "url": "http://myonlineportal.net/updateddns?hostname=[DOMAIN]&ip6=[IP]&username=[USERNAME]&password=[PASSWORD]",
"answer": "good|nochg"
}
}
+++ /dev/null
-{
- "name": "nubem.com",
- "ipv4": {
- "url": "http://[USERNAME]:[PASSWORD]@nubem.com/nic/update?hostname=[DOMAIN]&myip=[IP]"
- }
-}
all-inkl.com
changeip.com
core-networks.de
-ddns.com.br
ddnss.de
ddo.jp
desec.io
dyndns.org
dyndnss.net
dynsip.org
-dyns.net
dynu.com
dynv6.com
easydns.com
no-ip.pl
now-dns.com
nsupdate.info
-nubem.com
opendns.com
oray.com
ovh.com
--- /dev/null
+#
+# Copyright (C) 2020 Bogdan Shatik <bogdikxxx@mail.ru>
+#
+# This is free software, licensed under the GNU General Public License v3.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=eoip
+PKG_VERSION:=0.5
+PKG_RELEASE:=1
+PKG_MAINTAINER:=Bogdan Shatik <bogdikxxx@mail.ru>
+PKG_LICENSE:=GPL-3.0-or-later
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://github.com/bogdik/openwrt-linux-eoip/releases/download/0.5/
+PKG_HASH:=22f6f3864665adef26c7fbd57543a396108ba2dff1282af8143f18bc2a9912f8
+
+PKG_INSTALL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/eoip
+ TITLE:=Mikrotik-compatible userspace EoIP tunnel
+ URL:=https://code.google.com/p/linux-eoip/
+ SECTION:=net
+ CATEGORY:=Network
+ SUBMENU:=VPN
+ DEPENDS:=+kmod-tun +libpthread +liblzo
+endef
+
+define Package/eoip/conffiles
+/etc/config/eoip
+endef
+
+define Package/eoip/description
+ linux-eoip can create ethernet tunnels compatible with Mikrotik EoIP tunnel.
+ At current moment it is easiest way to create stateless tunnel with Mikrotik.
+endef
+
+CONFIGURE_ARGS += \
+ --with-kernel="$(LINUX_DIR)" \
+ --with-zlib="$(STAGING_DIR)/usr" \
+ --with-lzo-include="$(STAGING_DIR)/usr/include/lzo"
+
+define Package/eoip/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/eoip $(1)/usr/bin/
+ $(INSTALL_DIR) $(1)/etc/config
+ $(INSTALL_DATA) ./files/eoip.config $(1)/etc/config/eoip
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/eoip.init $(1)/etc/init.d/eoip
+endef
+
+$(eval $(call BuildPackage,eoip))
--- /dev/null
+config eoip
+ option enabled 0
+ option name 0
+ option idtun 123
+ option dst '192.168.99.100'
+ option dynamic 1
--- /dev/null
+#!/bin/sh /etc/rc.common
+
+START=99
+USE_PROCD=1
+INDEX=0
+
+append_bool() {
+ local section="$1"
+ local option="$2"
+ local value="$3"
+ local _val
+ config_get_bool _val "$section" "$option" '0'
+ [ "$_val" -gt 0 ] && append args "$3"
+}
+
+append_string() {
+ local section="$1"
+ local option="$2"
+ local value="$3"
+ local _val
+ config_get _val "$section" "$option"
+ [ -n "$_val" ] && append args "$3$_val"
+}
+
+service_triggers () {
+ procd_open_trigger
+ procd_add_reload_trigger "eoip"
+ procd_add_config_trigger "config.change" "eoip" /etc/init.d/eoip restart
+ procd_add_config_trigger "config.change" "/etc/config/eoip" /etc/init.d/eoip restart
+ procd_close_trigger
+}
+
+start_service() {
+ config_load "eoip"
+ echo "" > /etc/eoip.cfg
+ echo "#!/bin/sh" > /etc/afterStart.sh
+ echo "chkCount=0">> /etc/afterStart.sh
+ echo "while [ \$chkCount -le 10 ];do">> /etc/afterStart.sh
+ echo " chkStarted=\$(ip a | grep zeoip | wc -l)">> /etc/afterStart.sh
+ echo " if [ \$chkStarted -eq 0 ]; then">> /etc/afterStart.sh
+ echo " chkCount=\$((chkCount+1))">> /etc/afterStart.sh
+ echo " sleep 2">> /etc/afterStart.sh
+ echo " else">> /etc/afterStart.sh
+ echo " chkCount=11">> /etc/afterStart.sh
+ echo " fi">> /etc/afterStart.sh
+ echo "done">> /etc/afterStart.sh
+ echo "now=\$(ip a | grep \"@zeoip\" | awk '{print \$2}' | sed 's/.$//' | cut -d \"@\" -f 1)" >> /etc/afterStart.sh
+ echo "IFS=\$'\n'" >> /etc/afterStart.sh
+ echo "for s in \$now ; do" >> /etc/afterStart.sh
+ echo " ip link delete link dev \$s" >> /etc/afterStart.sh
+ echo "done" >> /etc/afterStart.sh
+ echo "rm /etc/afterStart.sh" >> /etc/afterStart.sh
+ chmod +x /etc/afterStart.sh
+ config_foreach start_eoip eoip
+ config_foreach start_eoip_vlan eoip
+ if [ "$(cat /etc/eoip.cfg | grep zeoip)" != '' ]; then
+ /etc/afterStart.sh&
+ procd_open_instance
+ args=" /etc/eoip.cfg"
+ procd_set_param command /usr/bin/eoip $args
+ procd_close_instance
+ else
+ rm /etc/afterStart.sh
+ fi
+}
+
+stop_service() {
+ killall eoip
+}
+
+start_eoip() {
+ local section="$1" runas_root
+ config_get_bool enabled "$section" enabled
+ if [ "$enabled" -gt 0 ]; then
+ config_get name "$section" name
+ config_get idtun "$section" idtun
+ config_get dst "$section" dst
+ config_get_bool dynamic "$section" dynamic 0
+ if [ "${name}" != '' ] && [ "${dst}" != '' ] && [ "${idtun}" != '' ]; then
+ cnt=$(cat /etc/eoip.cfg | grep "zeoip${name}" | wc -l)
+ if [ $cnt -eq 0 ]; then
+ echo "[zeoip${name}]" >>/etc/eoip.cfg
+ echo "id=${idtun}" >>/etc/eoip.cfg
+ echo "dst=${dst}" >>/etc/eoip.cfg
+ [ "$dynamic" -gt 0 ] && echo "dynamic=${dynamic}" >>/etc/eoip.cfg
+ INDEX=$((INDEX+1))
+ else
+ result=$(uci delete /etc/config/eoip.@eoip[$INDEX])
+ INDEX=$((INDEX+1))
+ fi
+ fi
+ fi
+}
+
+start_eoip_vlan() {
+ local section="$1" runas_root
+ config_get name "$section" name
+ config_list_foreach "$section" vlan handle_vlan ${name}
+}
+
+handle_vlan() {
+ local value="$1"
+ local name="$2"
+ echo "ip link add link zeoip${name} name zeoip${name}.${value} type vlan id ${value}" >> /etc/afterStart.sh
+}
--- /dev/null
+--- a/eoip.c 2013-09-25 22:50:48.272763057 +0200
++++ b/eoip.c 2013-09-25 22:51:03.804762840 +0200
+@@ -430,7 +430,7 @@
+ exit(1);
+
+ mfd = fopen(pidfile, "w");
+- fprintf(mfd,"%d", getpid());
++ fprintf(mfd,"%d\n", getpid());
+ fclose(mfd);
+
+ /* structure of Mikrotik EoIP:
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=etebase
+PKG_VERSION:=0.6.1
+PKG_RELEASE:=1
+
+PKG_SOURCE:=etebase-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://github.com/etesync/server/archive/v$(PKG_VERSION)
+PKG_HASH:=4832c35fa1b46936bfde894a8c888989e9a37dd64ca588df22524825f3e568ec
+
+PKG_LICENSE:=AGPL-3.0-only
+PKG_LICENSE_FILES:=LICENSE
+PKG_MAINTAINER:=Peter Stadler <peter.stadler@student.uibk.ac.at>
+
+PKG_BUILD_PARALLEL:=1
+PYTHON3_PKG_BUILD:=0
+
+PKG_UNPACK=$(HOST_TAR) -C $(PKG_BUILD_DIR) --strip-components=1 -xzf $(DL_DIR)/$(PKG_SOURCE)
+
+include $(INCLUDE_DIR)/package.mk
+include ../../lang/python/python3-package.mk
+
+
+define Package/etebase
+ SECTION:=net
+ CATEGORY:=Network
+ SUBMENU:=Web Servers/Proxies
+ TITLE:=End-to-end encrypted backend
+ URL:=https://www.etebase.com/
+ DEPENDS:=+nginx-ssl +uwsgi +uwsgi-syslog-plugin +uwsgi-python3-plugin +python3-light \
+ +python3-asgiref +python3-cffi +python3-django-cors-headers +python3-django \
+ +python3-django-restframework +python3-drf-nested-routers +python3-msgpack \
+ +python3-pycparser +python3-pynacl +python3-pytz +python3-six +python3-sqlparse
+ # +psycopg2-binary would be needed for using postgres db.
+ USERID:=etebase=44312
+endef
+
+
+define Package/etebase/description
+ End-to-end encrypted backend
+endef
+
+
+Build/Compile:=:
+
+
+define Py3Package/etebase/install
+ # OpenWrt specific:
+ $(INSTALL_DIR) $(1)/etc/uci-defaults/
+ $(CP) ./files/81_setup-etebase $(1)/etc/uci-defaults/
+
+ $(INSTALL_DIR) $(1)/etc/init.d/
+ $(INSTALL_BIN) ./files/uwsgi.init $(1)/etc/init.d/etebase
+
+ $(INSTALL_DIR) $(1)/etc/config/
+ $(INSTALL_CONF) ./files/uci.cfg $(1)/etc/config/etebase
+
+ # Server configuration:
+ $(INSTALL_DIR) $(1)/etc/nginx/conf.d/
+ $(INSTALL_CONF) ./files/etebase.locations $(1)/etc/nginx/conf.d/
+
+ $(INSTALL_DIR) $(1)/etc/uwsgi/vassals/
+ $(INSTALL_CONF) ./files/uwsgi.ini $(1)/etc/uwsgi/vassals/etebase.available
+ #init links etebase.available /var/etc/etebase/uwsgi.ini:
+ $(LN) /var/etc/etebase/uwsgi.ini $(1)/etc/uwsgi/vassals/etebase.ini
+
+ # Upstream application:
+ $(INSTALL_DIR) $(1)/usr/share/etebase/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/manage.py $(1)/usr/share/etebase/
+ #init creates /var/etc/etebase/server.ini from uci.cfg:
+ $(LN) /var/etc/etebase/server.ini $(1)/usr/share/etebase/etebase-server.ini
+
+ $(INSTALL_DIR) $(1)/usr/share/etebase/django_etebase/
+ $(CP) $(PKG_BUILD_DIR)/django_etebase/* $(1)/usr/share/etebase/django_etebase/
+
+ $(INSTALL_DIR) $(1)/usr/share/etebase/etebase_server/
+ $(CP) $(PKG_BUILD_DIR)/etebase_server/* $(1)/usr/share/etebase/etebase_server/
+
+ $(INSTALL_DIR) $(1)/usr/share/etebase/myauth/
+ $(CP) $(PKG_BUILD_DIR)/myauth/* $(1)/usr/share/etebase/myauth/
+
+ $(INSTALL_DIR) $(1)/usr/share/etebase/templates/
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/templates/* $(1)/usr/share/etebase/templates/
+
+ $(INSTALL_DIR) $(1)/www/etebase/static/
+endef
+
+
+Py3Package/etebase/filespec:=
+
+
+define Package/etebase/postrm
+#!/bin/sh
+[ -n "$${IPKG_INSTROOT}" ] && exit 0
+cd /usr/share/etebase/ && rmdir */*/*/*/* */*/*/* */*/* */* * 2>/dev/null
+[ "$${PKG_UPGRADE}" = "1" ] && exit 0
+rm -r /www/etebase/static
+rmdir --ignore-fail-on-non-empty /www/etebase /var/etc/etebase
+exit 0
+endef
+
+
+define Package/etebase/conffiles
+/etc/config/etebase
+/etc/nginx/conf.d/etebase.locations
+/etc/uwsgi/vassals/etebase.available
+endef
+
+
+$(eval $(call Py3Package,etebase))
+$(eval $(call BuildPackage,etebase))
+$(eval $(call BuildPackage,etebase-src))
--- /dev/null
+#!/bin/sh
+
+cd /usr/share/etebase || exit 1
+
+python3 manage.pyc migrate --noinput || exit 1
+
+# setup minimal ini for collectstatic:
+mkdir -p /var/etc/etebase/ || exit 1
+printf "[global]\nSTATIC_ROOT=/www/etebase/static" >etebase-server.ini || exit 1
+python3 manage.pyc collectstatic --noinput || exit 1
+
+ETEBASE_HAS_USER_PY3CMD="import sqlite3
+c = sqlite3.connect('db.sqlite3').cursor()
+c.execute('select * from myauth_user;')
+if c.fetchone()==None: print('0')
+else: print('1')"
+
+echo
+
+if [ "$(python3 -c "$ETEBASE_HAS_USER_PY3CMD" || exit 1)" = "0" ]
+then
+ echo "===== First, create a superuser of the Webinterface by ====="
+ [ -t 0 ] && python3 manage.pyc createsuperuser ||
+ echo "===== python3 $(pwd)/manage.pyc createsuperuser ====="
+fi
+
+chown -Rh etebase:nogroup . /www/etebase/ || exit 1
+
+[ -x /etc/init.d/nginx ] || exit 1
+
+/etc/init.d/nginx running && /etc/init.d/nginx reload || /etc/init.d/nginx start
+
+router_ip() {
+ local ifstat="$(ifstatus "lan")"
+
+ for ip in $(echo "${ifstat}" | jsonfilter -e '@["ipv4-address"].*.address')
+ do echo "${ip}" && return
+ done
+
+ for ip in $(echo "${ifstat}" | jsonfilter -e '@["ipv6-address"].*.address')
+ do echo "[${ip}]" && return
+ done
+
+ for ip in $(echo "${ifstat}" | \
+ jsonfilter -e '@["ipv6-prefix-assignment"].*["local-address"].address')
+ do echo "[${ip}]" && return
+ done
+
+ echo '$ROUTER'
+}
+
+echo "===== You can add users by https://$(router_ip)/etebase/admin/login ====="
+
+exit 0
--- /dev/null
+location /etebase/static {
+ access_log off;
+ error_log /dev/null;
+ expires 1y;
+ try_files $uri $uri/ =404;
+}
+
+location /etebase/media {
+ access_log off;
+ error_log /dev/null;
+ expires 1y;
+ try_files $uri $uri/ =404;
+}
+
+location /etebase {
+ access_log off;
+ error_log /dev/null;
+ include uwsgi_params;
+ uwsgi_pass unix:///var/run/etebase.socket;
+}
--- /dev/null
+
+config django 'global'
+ option static_url 'static/'
+ option debug 'false'
+
+config django 'allowed_hosts'
+ list uci_allow_all_ips_of 'loopback'
+ list uci_allow_all_ips_of 'lan'
+# list allowed_host "example.com"
+
+config django 'database'
+ option engine 'django.db.backends.sqlite3'
+ option name 'db.sqlite3'
--- /dev/null
+; The script /etc/init.d/etebase creates the second symlink in the
+; following chain when starting (and deletes it when stopping the service):
+; /etc/uwsgi/vassals/etebase.ini (letting the emperor load it on-demand)
+; -> /var/etc/etebase/uwsgi.ini (in RAM)
+; -> /etc/uwsgi/vassals/etebase.available (this file)
+
+[uwsgi]
+strict = true
+
+plugin = python
+manage-script-name = true
+chdir = /usr/share/etebase
+mount = /etebase=etebase_server.wsgi:application
+pidfile = /var/etc/etebase/master.pid
+
+enable-threads = true
+thunder-lock = true
+post-buffering = 8192
+harakiri = 60
+lazy-apps = true
+master = true
+idle = 600
+
+plugin = syslog
+; disable-logging only affects req-logger:
+disable-logging = true
+log-format=%(method) %(uri) => return %(status) (%(rsize) bytes in %(msecs) ms)
+req-logger = syslog:etebase_req
+
+logger = etebase syslog:etebase_main
+ignore-sigpipe = true
+ignore-write-errors = true
+
+if-env = UWSGI_EMPEROR_FD
+; the regular expression leaves for successful de/activation only one line each:
+log-route = etebase ^(?!... Starting uWSGI |compiled with version: |os: Linux|nodename: |machine: |clock source: |pcre jit |detected number of CPU cores: |current working directory: |writing pidfile to |detected binary path: |chdir.. to |your processes number limit is |your memory page size is |detected max file descriptor number: |lock engine: |thunder lock: |uwsgi socket |setgid.. to |setuid.. to |Python version: |Python main interpreter initialized at |python threads support |your server socket listen backlog is limited to |your mercy for graceful operations on workers is |mapped |... Operational MODE: |... uWSGI is running in multiple interpreter mode ...|spawned uWSGI worker |mounting |WSGI app |announcing my loyalty to the Emperor...|workers have been inactive for more than |SIGINT/SIGQUIT received...killing workers...|worker |goodbye to uWSGI.)
+end-if =
+
+if-not-env = UWSGI_EMPEROR_FD
+log-route = etebase .*
+vacuum = true
+socket = /var/run/etebase.socket
+end-if =
+
+chmod-socket = 660
+chown-socket = etebase:nogroup
+uid = etebase
+gid = nogroup
--- /dev/null
+#!/bin/sh /etc/rc.common
+
+START=82
+
+USE_PROCD=1
+
+ETEBASE_INI="/var/etc/etebase/server.ini"
+
+
+etebase_print_uci_allow_all_ips_of() {
+ local ifstat="$(ifstatus "$1")"
+
+ for ip in $(echo "${ifstat}" | jsonfilter -e '@["ipv4-address"].*.address')
+ do echo "allowed_host_${ip//[^0-9]/_} = ${ip}"
+ done
+
+ for ip in $(echo "${ifstat}" | jsonfilter -e '@["ipv6-address"].*.address')
+ do echo "allowed_host_${ip//[^0-9A-Fa-f]/_} = [${ip}]"
+ done
+
+ for ip in $(echo "${ifstat}" | \
+ jsonfilter -e '@["ipv6-prefix-assignment"].*["local-address"].address')
+ do echo "allowed_host_${ip//[^0-9A-Fa-f]/_} = [${ip}]"
+ done
+}
+
+
+etebase_validate_global() {
+ cd /usr/share/etebase/ >/dev/null || return
+
+ uci_load_validate etebase django "global" "$1" \
+ 'secret_file:file:secret.txt' \
+ 'static_url:string:static/' \
+ 'language_code:string:en-us' \
+ 'time_zone:string:UTC' \
+ 'debug:bool:false' \
+ ;
+}
+
+
+etebase_print_global() {
+ printf "\n[global]\n"
+
+ echo "secret_file = ${secret_file}"
+ echo "static_root = /www/etebase/static" #sic!
+ echo "static_url = ${static_url}"
+ echo "language_code = ${language_code}"
+ echo "time_zone = ${time_zone}"
+ echo "debug = ${debug}"
+}
+
+
+etebase_validate_allowed_hosts() {
+ cd /usr/share/etebase/ >/dev/null || return
+
+ uci_load_validate etebase django "allowed_hosts" "$1" \
+ 'uci_allow_all_ips_of:network' \
+ 'allowed_host:host' \
+ ;
+}
+
+
+etebase_print_allowed_hosts() {
+ printf "\n[allowed_hosts]\n"
+
+ local iface
+ for iface in ${uci_allow_all_ips_of}
+ do etebase_print_uci_allow_all_ips_of "${iface}"
+ done
+
+ local host
+ for host in ${allowed_host}
+ do echo "allowed_host_${host//[^0-9A-Za-z]/_} = ${host}"
+ done
+}
+
+
+etebase_validate_database() {
+ cd /usr/share/etebase/ >/dev/null || return
+
+ uci_load_validate etebase django "database" "$1" \
+ 'engine:hostname:django.db.backends.sqlite3' \
+ 'name:file:db.sqlite3' \
+ ;
+}
+
+
+etebase_print_database() {
+ printf "\n[database]\n"
+ echo "engine = ${engine}"
+ echo "name = ${name}"
+}
+
+
+etebase_init() { # This must print ONLY configuration lines:
+ echo "; This file is re-created from /etc/config/etebase "
+ etebase_validate_global etebase_print_global
+ etebase_validate_allowed_hosts etebase_print_allowed_hosts
+ etebase_validate_database etebase_print_database
+} >"${ETEBASE_INI}"
+
+
+start_service() {
+ mkdir -p /var/etc/etebase/
+
+ etebase_init
+
+ logger -p 'daemon.info' -t 'etebase_init' 'starting ...'
+ ln -sf /etc/uwsgi/vassals/etebase.available /var/etc/etebase/uwsgi.ini
+}
+
+
+stop_service() {
+ rm -f /var/etc/etebase/uwsgi.ini "${ETEBASE_INI}"
+}
+
+
+reload_service() {
+ etebase_init
+
+ logger -p 'daemon.info' -t 'etebase_init' 'reloading ...'
+ kill -SIGHUP "$(cat "/var/etc/etebase/master.pid")" 2>/dev/null
+ #if the server is in on-demand mode, the ini files are reloaded then, too.
+}
+
+
+service_triggers() {
+ procd_open_validate
+ etebase_validate_global "$@"
+ etebase_validate_allowed_hosts "$@"
+ etebase_validate_database "$@"
+ procd_close_validate
+
+ config_load etebase
+ config_list_foreach "allowed_hosts" "uci_allow_all_ips_of" procd_add_reload_interface_trigger
+ procd_add_reload_trigger etebase
+}
+++ /dev/null
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=etesync-server
-PKG_VERSION:=0.3.0
-PKG_RELEASE:=3
-
-PKG_SOURCE:=etesync-server-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://github.com/etesync/server/archive/v$(PKG_VERSION)
-PKG_HASH:=d0728effa898a8b7afb4ce7439e0d0fd46bc819008925f21788d7e113435b579
-
-PKG_LICENSE:=AGPL-3.0-only
-PKG_LICENSE_FILES:=LICENSE
-PKG_MAINTAINER:=Peter Stadler <peter.stadler@student.uibk.ac.at>
-
-PKG_BUILD_PARALLEL:=1
-PYTHON3_PKG_BUILD:=0
-
-PKG_UNPACK=$(HOST_TAR) -C $(PKG_BUILD_DIR) --strip-components=1 -xzf $(DL_DIR)/$(PKG_SOURCE)
-
-include $(INCLUDE_DIR)/package.mk
-include ../../lang/python/python3-package.mk
-
-
-define Package/etesync-server
- SECTION:=net
- CATEGORY:=Network
- SUBMENU:=Web Servers/Proxies
- TITLE:=End-to-End Encrypted Secure Data Sync
- URL:=https://www.etesync.com/
- DEPENDS:=+nginx-ssl +python3-light +python3-django \
- +python3-django-restframework +python3-drf-nested-routers \
- +python3-django-cors-headers +python3-django-etesync-journal \
- +uwsgi +uwsgi-python3-plugin +uwsgi-syslog-plugin
- USERID:=etesync=44312
-endef
-
-
-define Package/etesync-server/description
- End-to-End Encrypted Secure Data Sync
-endef
-
-
-Build/Compile:=:
-
-
-define Py3Package/etesync-server/install
- $(INSTALL_DIR) $(1)/www/etesync/static/
-
- $(INSTALL_DIR) $(1)/etc/uci-defaults/
- $(CP) ./files/81_setup-etesync-server $(1)/etc/uci-defaults/
-
- $(INSTALL_DIR) $(1)/etc/nginx/conf.d/
- $(INSTALL_CONF) ./files/etesync.locations $(1)/etc/nginx/conf.d/
-
- $(INSTALL_DIR) $(1)/etc/config/
- $(INSTALL_CONF) ./files/uci.cfg $(1)/etc/config/etesync_server
-
- $(INSTALL_DIR) $(1)/usr/share/etesync-server/templates/
- $(INSTALL_DATA) $(PKG_BUILD_DIR)/templates/* \
- $(1)/usr/share/etesync-server/templates/
-
- $(INSTALL_DIR) $(1)/usr/share/etesync-server/etesync_server/
- $(INSTALL_DATA) $(PKG_BUILD_DIR)/manage.py \
- $(1)/usr/share/etesync-server/
-
- $(INSTALL_DATA) $(PKG_BUILD_DIR)/etesync_server/* \
- $(1)/usr/share/etesync-server/etesync_server/
-
- $(LN) /var/etc/etesync-server/etesync-server.ini \
- $(1)/usr/share/etesync-server/
- #init creates /var/etc/etesync-server/etesync-server.ini from uci.cfg
-
- $(INSTALL_DIR) $(1)/etc/uwsgi/vassals/
- $(INSTALL_CONF) ./files/uwsgi.ini \
- $(1)/etc/uwsgi/vassals/etesync-server.available
-
- $(LN) /var/etc/etesync-server/uwsgi.ini \
- $(1)/etc/uwsgi/vassals/etesync-server.ini
- #init links etesync-server.available /var/etc/etesync-server/uwsgi.ini
-
- $(INSTALL_DIR) $(1)/etc/init.d/
- $(INSTALL_BIN) ./files/uwsgi.init $(1)/etc/init.d/etesync-server
-endef
-
-Py3Package/etesync-server/filespec:=
-
-
-define Package/etesync-server/postrm
-#!/bin/sh
-[ -n "$${IPKG_INSTROOT}" ] && exit 0
-rmdir --ignore-fail-on-non-empty /usr/share/etesync-server/etesync_server
-[ "$${PKG_UPGRADE}" = "1" ] && exit 0
-rm -r /www/etesync/static
-rmdir /www/etesync
-exit 0
-endef
-
-
-define Package/etesync-server/conffiles
-/etc/config/etesync_server
-/etc/nginx/conf.d/etesync.locations
-/etc/uwsgi/vassals/etesync-server.available
-endef
-
-
-$(eval $(call Py3Package,etesync-server))
-$(eval $(call BuildPackage,etesync-server))
-$(eval $(call BuildPackage,etesync-server-src))
+++ /dev/null
-#!/bin/sh
-
-cd /usr/share/etesync-server || exit 1
-
-python3 manage.pyc migrate --noinput || exit 1
-
-# setup minimal ini for collectstatic:
-mkdir -p /var/etc/etesync-server/ || exit 1
-printf "[global]\nSTATIC_ROOT=/www/etesync/static" >etesync-server.ini || exit 1
-python3 manage.pyc collectstatic --noinput || exit 1
-
-ETESYNC_HAS_USER_PY3CMD="import sqlite3
-c = sqlite3.connect('db.sqlite3').cursor()
-c.execute('select * from auth_user')
-if c.fetchone()==None: print('0')
-else: print('1')"
-
-echo
-
-if [ "$(python3 -c "$ETESYNC_HAS_USER_PY3CMD" || exit 1)" = "0" ]
-then
- echo "===== First, create a superuser of the Webinterface by ====="
- [ -t 0 ] && python3 manage.pyc createsuperuser ||
- echo "===== python3 $(pwd)/manage.pyc createsuperuser ====="
-fi
-
-chown -Rh etesync:nogroup . /www/etesync/ || exit 1
-
-[ -x /etc/init.d/nginx ] || exit 1
-
-/etc/init.d/nginx running && /etc/init.d/nginx reload || /etc/init.d/nginx start
-
-router_ip() {
- local ifstat="$(ifstatus "lan")"
-
- for ip in $(echo "${ifstat}" | jsonfilter -e '@["ipv4-address"].*.address')
- do echo "${ip}" && return
- done
-
- for ip in $(echo "${ifstat}" | jsonfilter -e '@["ipv6-address"].*.address')
- do echo "[${ip}]" && return
- done
-
- for ip in $(echo "${ifstat}" | \
- jsonfilter -e '@["ipv6-prefix-assignment"].*["local-address"].address')
- do echo "[${ip}]" && return
- done
-
- echo '$ROUTER'
-}
-
-echo "===== You can add users by https://$(router_ip)/etesync/admin/login ====="
-
-exit 0
+++ /dev/null
-location /etesync/static {
- access_log off;
- error_log /dev/null;
- expires 1y;
- try_files $uri $uri/ =404;
-}
-
-location /etesync {
- access_log off;
- error_log /dev/null;
- include uwsgi_params;
- uwsgi_pass unix:///var/run/etesync-server.socket;
-}
+++ /dev/null
-
-config django 'global'
- option static_url 'static/'
- option debug 'false'
-
-config django 'allowed_hosts'
- list uci_allow_all_ips_of 'loopback'
- list uci_allow_all_ips_of 'lan'
-# list allowed_host "example.com"
-
-config django 'database'
- option engine 'django.db.backends.sqlite3'
- option name 'db.sqlite3'
+++ /dev/null
-; The script /etc/init.d/etesync-server creates the second symlink in the
-; following chain when starting (and deletes it when stopping the service):
-; /etc/uwsgi/vassals/etesync-server.ini (letting the emperor load it on-demand)
-; -> /var/etc/etesync-server/uwsgi.ini (in RAM)
-; -> /etc/uwsgi/vassals/etesync-server.available (this file)
-
-[uwsgi]
-strict = true
-
-plugin = python
-manage-script-name = true
-chdir = /usr/share/etesync-server
-mount = /etesync=etesync_server.wsgi:application
-pidfile = /var/etc/etesync-server/master.pid
-
-enable-threads = true
-thunder-lock = true
-post-buffering = 8192
-harakiri = 60
-lazy-apps = true
-master = true
-idle = 600
-
-plugin = syslog
-; disable-logging only affects req-logger:
-disable-logging = true
-log-format=%(method) %(uri) => return %(status) (%(rsize) bytes in %(msecs) ms)
-req-logger = syslog:etesync-server_req
-
-logger = etesync syslog:etesync-server_main
-ignore-sigpipe = true
-ignore-write-errors = true
-
-if-env = UWSGI_EMPEROR_FD
-; the regular expression leaves for successful de/activation only one line each:
-log-route = etesync ^(?!... Starting uWSGI |compiled with version: |os: Linux|nodename: |machine: |clock source: |pcre jit |detected number of CPU cores: |current working directory: |writing pidfile to |detected binary path: |chdir.. to |your processes number limit is |your memory page size is |detected max file descriptor number: |lock engine: |thunder lock: |uwsgi socket |setgid.. to |setuid.. to |Python version: |Python main interpreter initialized at |python threads support |your server socket listen backlog is limited to |your mercy for graceful operations on workers is |mapped |... Operational MODE: |... uWSGI is running in multiple interpreter mode ...|spawned uWSGI worker |mounting |WSGI app |announcing my loyalty to the Emperor...|workers have been inactive for more than |SIGINT/SIGQUIT received...killing workers...|worker |goodbye to uWSGI.)
-end-if =
-
-if-not-env = UWSGI_EMPEROR_FD
-log-route = etesync .*
-vacuum = true
-socket = /var/run/etesync-server.socket
-end-if =
-
-chmod-socket = 660
-chown-socket = etesync:nogroup
-uid = etesync
-gid = nogroup
+++ /dev/null
-#!/bin/sh /etc/rc.common
-
-START=82
-
-USE_PROCD=1
-
-ETESYNC_INI="/var/etc/etesync-server/etesync-server.ini"
-
-
-etesync_print_uci_allow_all_ips_of() {
- local ifstat="$(ifstatus "$1")"
-
- for ip in $(echo "${ifstat}" | jsonfilter -e '@["ipv4-address"].*.address')
- do echo "allowed_host_${ip//[^0-9]/_} = ${ip}"
- done
-
- for ip in $(echo "${ifstat}" | jsonfilter -e '@["ipv6-address"].*.address')
- do echo "allowed_host_${ip//[^0-9A-Fa-f]/_} = [${ip}]"
- done
-
- for ip in $(echo "${ifstat}" | \
- jsonfilter -e '@["ipv6-prefix-assignment"].*["local-address"].address')
- do echo "allowed_host_${ip//[^0-9A-Fa-f]/_} = [${ip}]"
- done
-}
-
-
-etesync_validate_global() {
- cd /usr/share/etesync-server/ >/dev/null || return
-
- uci_load_validate etesync_server django "global" "$1" \
- 'secret_file:file:secret.txt' \
- 'static_url:string:/etesync/static' \
- 'language_code:string:en-us' \
- 'time_zone:string:UTC' \
- 'debug:bool:false' \
- ;
-}
-
-
-etesync_print_global() {
- printf "\n[global]\n"
-
- echo "secret_file = ${secret_file}"
- echo "static_root = /www/etesync/static" #sic!
- echo "static_url = ${static_url}"
- echo "language_code = ${language_code}"
- echo "time_zone = ${time_zone}"
- echo "debug = ${debug}"
-}
-
-
-etesync_validate_allowed_hosts() {
- uci_load_validate etesync_server django "allowed_hosts" "$1" \
- 'uci_allow_all_ips_of:network' \
- 'allowed_host:host' \
- ;
-}
-
-
-etesync_print_allowed_hosts() {
- printf "\n[allowed_hosts]\n"
-
- local iface
- for iface in ${uci_allow_all_ips_of}
- do etesync_print_uci_allow_all_ips_of "${iface}"
- done
-
- local host
- for host in ${allowed_host}
- do echo "allowed_host_${host//[^0-9A-Za-z]/_} = ${host}"
- done
-}
-
-
-etesync_validate_database() {
- cd /usr/share/etesync-server/ >/dev/null || return
-
- uci_load_validate etesync_server django "database" "$1" \
- 'engine:hostname:django.db.backends.sqlite3' \
- 'name:file:db.sqlite3' \
- ;
-}
-
-
-etesync_print_database() {
- printf "\n[database]\n"
-
- echo "engine = ${engine}"
- echo "name = ${name}"
-}
-
-
-etesync_init() { # This must print ONLY configuration lines:
- echo "; This file is re-created from /etc/config/etesync_server "
- etesync_validate_global etesync_print_global
- etesync_validate_allowed_hosts etesync_print_allowed_hosts
- etesync_validate_database etesync_print_database
-} >"${ETESYNC_INI}"
-
-
-start_service() {
- mkdir -p /var/etc/etesync-server/
- etesync_init
- logger -p 'daemon.info' -t 'etesync-server_init' 'starting ...'
- ln -sf /etc/uwsgi/vassals/etesync-server.available \
- /var/etc/etesync-server/uwsgi.ini
-}
-
-
-stop_service() {
- rm -f /var/etc/etesync-server/uwsgi.ini "${ETESYNC_INI}"
-}
-
-
-reload_service() {
- etesync_init
- logger -p 'daemon.info' -t 'etesync-server_init' 'reloading ...'
- kill -SIGHUP "$(cat "/var/etc/etesync-server/master.pid")" 2>/dev/null
- #if the server is in on-demand mode, the ini files are reloaded then, too.
-}
-
-
-service_triggers() {
- procd_open_validate
- etesync_validate_global "$@"
- etesync_validate_allowed_hosts "$@"
- etesync_validate_database "$@"
- procd_close_validate
-
- config_load etesync_server
- config_list_foreach "allowed_hosts" "uci_allow_all_ips_of" \
- procd_add_reload_interface_trigger
-
- procd_add_reload_trigger etesync_server
-}
PKG_NAME:=freeradius3
PKG_VERSION:=3_0_21
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=release_$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/FreeRADIUS/freeradius-server/archive
define Package/freeradius3-common
$(call Package/freeradius3/Default)
TITLE:=common files
- DEPENDS:=+USE_GLIBC:libpthread +FREERADIUS3_OPENSSL:libopenssl +libcap +libpcap +libncurses +libpcre +libreadline +libtalloc +libatomic
+ DEPENDS:=+USE_GLIBC:libpthread +USE_GLIBC:libbsd +FREERADIUS3_OPENSSL:libopenssl +libcap +libpcap +libncurses +libpcre +libreadline +libtalloc +libatomic
endef
define Package/freeradius3-default
include $(TOPDIR)/rules.mk
PKG_NAME:=frr
PKG_VERSION:=7.5
-PKG_RELEASE:=1
-PKG_SOURCE_DATE:=2020-12-02
+PKG_RELEASE:=3
+PKG_SOURCE_DATE:=2021-01-22
PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_DATE).tar.gz
-PKG_SOURCE_VERSION:=b1e06590a7b4d4b8f7309f432ababebb1b3fa754
+PKG_SOURCE_VERSION:=a4af08a19e93cc8560f571ffc4819d53ed35ad66
PKG_SOURCE_URL:=https://codeload.github.com/FRRouting/frr/tar.gz/$(PKG_SOURCE_VERSION)?
-PKG_HASH:=901763a6deff56c7e1738c4fadbfbb9846548d3d2a2572d4d1a75109805bd055
+PKG_HASH:=69bcbcde984560e9c41f52f5c509c58ea3d8d287750cc546d3a95e2ec9110dd4
PKG_MAINTAINER:=Lucian Cristian <lucian.cristian@gmail.com>
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_SOURCE_VERSION)
#fwknop config
menu "Configuration"
- depends on PACKAGE_fwknopd
+ depends on PACKAGE_fwknopd || PACKAGE_fwknop
config FWKNOPD_GPG
bool "Enable GPG support"
select PACKAGE_iptables-mod-nfqueue
default n
-
endmenu
PKG_NAME:=fwknop
PKG_VERSION:=2.6.10
-PKG_RELEASE:=5
+PKG_RELEASE:=6
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://www.cipherdyne.org/fwknop/download
CATEGORY:=Network
SUBMENU:=Firewall
TITLE+= Daemon
- DEPENDS:=+iptables +libfko +!FWKNOPD_NFQ_CAPTURE:libpcap +FWKNOPD_NFQ_CAPTURE:iptables-mod-nfqueue +FWKNOP_GPG:gnupg \
- +FWKNOPD_NFQ_CAPTURE:libnetfilter-queue +FWKNOPD_NFQ_CAPTURE:libnfnetlink
+ DEPENDS:=+iptables +libfko +!FWKNOPD_NFQ_CAPTURE:libpcap +FWKNOPD_NFQ_CAPTURE:iptables-mod-nfqueue \
+ +FWKNOPD_NFQ_CAPTURE:libnetfilter-queue +FWKNOPD_NFQ_CAPTURE:libnfnetlink \
+ +FWKNOP_GPG:gnupg +FWKNOP_GPG:libgpgme
endef
define Package/fwknopd/description
CATEGORY:=Network
SUBMENU:=Firewall
TITLE+= Client
- DEPENDS:=+libfko
+ DEPENDS:=+libfko +FWKNOPD_GPG:gnupg +FWKNOPD_GPG:libgpgme
endef
define Package/fwknop/description
CATEGORY:=Libraries
SUBMENU:=Firewall
TITLE+= Library
+ DEPENDS:=+FWKNOPD_GPG:gnupg +FWKNOPD_GPG:libgpgme
endef
define Package/libfko/description
include $(TOPDIR)/rules.mk
PKG_NAME:=gateway-go
-PKG_VERSION:=0.1.92
-PKG_RELEASE:=2
+PKG_VERSION:=0.1.95
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/OpenIoTHub/gateway-go/tar.gz/v${PKG_VERSION}?
-PKG_HASH:=dd8074d9312e00ff957ffd1f3be7ba118a9b8cc31f07aa1ed594ef07931dab16
+PKG_HASH:=50a1c0e997664ae71da5b7394b792634832df50e8eba90ba8be7afd64e65a866
PKG_MAINTAINER:=Yu Fang <newfarry@126.com>
PKG_LICENSE:=MIT
PKG_NAME:=gitolite
PKG_VERSION:=3.6.11
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_HASH:=2166a61b14de19e605b14f4a13a070fbfd5ecd247b6fd725108f111198a2c121
mkdir -p $(PKG_INSTALL_DIR)/usr/libexec/gitolite
$(PKG_BUILD_DIR)/install -to $(PKG_INSTALL_DIR)/usr/libexec/gitolite
mkdir -p $(PKG_INSTALL_DIR)/usr/bin
- ln -sf /usr/libexec/gitolite/gitolite $(PKG_INSTALL_DIR)/usr/bin/gitolite
+ $(LN) ../libexec/gitolite/gitolite $(PKG_INSTALL_DIR)/usr/bin/gitolite
endef
define Package/gitolite/install
PKG_NAME:=gnunet
PKG_VERSION:=0.13.3
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@GNU/gnunet
PKG_HASH:=318e06c4134d1a8ce3b4385d82b11316eaaeb9a4dbc5d4b646453dfc53199296
DEPENDS_namestore-fcfsd:=+gnunet-gns +libmicrohttpd-ssl
LIBEXEC_namestore-fcfsd:=namestore-fcfsd
-DEPENDS_gns-proxy:=+gnunet-gns +gnunet-curl +libmicrohttpd-ssl
+DEPENDS_gns-proxy:=+gnunet-gns +gnunet-curl +libmicrohttpd-ssl +PACKAGE_libgnutls-dane:libgnutls-dane
LIBEXEC_gns-proxy:=gns-proxy
DEPENDS_datastore:=+gnunet-gns
include $(TOPDIR)/rules.mk
PKG_NAME:=haproxy
-PKG_VERSION:=2.2.6
+PKG_VERSION:=2.2.8
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.haproxy.org/download/2.2/src
-PKG_HASH:=be1c6754cbaceafc4837e0c6036c7f81027a3992516435cbbbc5dc749bf5a087
+PKG_HASH:=61f90e3e2a36bd8800a5bee31cba7eef37c9aa8a353b6c741edaa411510b14be
PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>, \
Christian Lachner <gladiac@gmail.com>
#!/bin/sh
CLONEURL=https://git.haproxy.org/git/haproxy-2.2.git
-BASE_TAG=v2.2.6
+BASE_TAG=v2.2.8
TMP_REPODIR=tmprepo
PATCHESDIR=patches
include $(TOPDIR)/rules.mk
PKG_NAME:=hs20
-PKG_RELEASE:=2
+PKG_RELEASE:=4
PKG_SOURCE_URL:=http://w1.fi/hostap.git
PKG_SOURCE_PROTO:=git
define Download/dm-ddf-dtd
URL:=http://www.openmobilealliance.org/tech/DTD
- FILE:=dm_ddf-v1_2.dtd
- HASH:=1fb8f97ee13b673e0d2386ef3ec64fbc9c8d75429a9725dc3fac295c4d5ccae4
+ FILE:=dm_ddf-v1_3.dtd
+ HASH:=9b3e1dc66a2d38fc6e1300e9fb6f06f95d042206dabc94ae989739feaeb0733e
endef
define Download/spp-xsd
define Package/hs20-common/install
$(INSTALL_DIR) $(1)/etc/hs20/spp
- $(INSTALL_DATA) $(DL_DIR)/dm_ddf-v1_2.dtd $(1)/etc/hs20/spp
+ $(INSTALL_DATA) $(DL_DIR)/dm_ddf-v1_3.dtd $(1)/etc/hs20/spp
$(INSTALL_DATA) $(DL_DIR)/spp-v1_0.xsd $(1)/etc/hs20/spp/spp.xsd
endef
mkdir -p /etc/hs20/AS/Key
cp /etc/hs20/ca/server.* /etc/hs20/ca/ca.pem /etc/hs20/AS/Key
+ uci batch <<EOF
+set uhttpd.main.cert='/etc/hs20/ca/server.pem'
+set uhttpd.main.key='/etc/hs20/ca/server.key'
+commit uhttpd
+EOF
+
return 0
}
sql_set $realm remediation_url "$remediation_url"
sql_set $realm free_remediation_url "$free_remediation_url"
sql_set $realm signup_url "$signup_url"
+ echo "DELETE FROM wildcards WHERE identity='';"
+ echo "INSERT INTO wildcards(identity,methods) VALUES('','TTLS,TLS');"
) | sqlite3 /etc/hs20/AS/DB/eap_user.db
return 0
--- /dev/null
+--- a/hs20/server/spp_server.c
++++ b/hs20/server/spp_server.c
+@@ -1329,7 +1329,7 @@ static xml_node_t * spp_get_mo(struct hs
+ return NULL;
+ }
+
+- snprintf(fname, sizeof(fname), "%s/spp/dm_ddf-v1_2.dtd", ctx->root_dir);
++ snprintf(fname, sizeof(fname), "%s/spp/dm_ddf-v1_3.dtd", ctx->root_dir);
+ if (xml_validate_dtd(ctx->xml, tnds, fname, ret_err) == 0)
+ *valid = 1;
+ else if (ret_err && *ret_err &&
include $(TOPDIR)/rules.mk
PKG_NAME:=https-dns-proxy
-PKG_VERSION:=2020-08-21
-PKG_RELEASE=1
+PKG_VERSION:=2021-01-17
+PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/aarond10/https_dns_proxy
-PKG_SOURCE_DATE:=2020-08-21
-PKG_SOURCE_VERSION:=dd22b71250d33d0c8c39bb01a595e016db819c56
-PKG_MIRROR_HASH:=1c93a9f0833e120880d3b311e43db568d219e047e100a03ed6c7a3c00544d36c
+PKG_SOURCE_DATE:=2021-01-17
+PKG_SOURCE_VERSION:=37511cc08712d7548978a4f6f1cc457b7594fb96
+PKG_MIRROR_HASH:=4e6a7dcb69e350d1df9f17570439b589e031e249da7f91f2ec7600a955e0aaa3
PKG_MAINTAINER:=Stan Grishin <stangri@melmac.net>
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
SECTION:=net
CATEGORY:=Network
TITLE:=DNS Over HTTPS Proxy
+ URL:=https://docs.openwrt.melmac.net/https-dns-proxy/
DEPENDS:=+libcares +libcurl +libev +ca-bundle
CONFLICTS:=https_dns_proxy
endef
define Package/https-dns-proxy/description
https-dns-proxy is a light-weight DNS<-->HTTPS, non-caching translation proxy for the RFC 8484 DoH standard.
It receives regular (UDP) DNS requests and issues them via DoH.
-Please see https://docs.openwrt.melmac.net/https-dns-proxy/ for further information.
+Please see https://docs.openwrt.melmac.net/https-dns-proxy/ for more information.
endef
define Package/https-dns-proxy/conffiles
# shellcheck disable=SC2034
USE_PROCD=1
+if type extra_command 1>/dev/null 2>&1; then
+ extra_command 'version' 'Show version information'
+else
# shellcheck disable=SC2034
-EXTRA_COMMANDS='version'
-version() { echo "$PKG_VERSION"; }
+ EXTRA_COMMANDS='version'
+fi
+readonly PROG=/usr/sbin/https-dns-proxy
dnsmasqConfig=''
-PROG=/usr/sbin/https-dns-proxy
+version() { echo "$PKG_VERSION"; }
xappend() { param="$param $1"; }
start_instance() {
local cfg="$1" param listen_addr listen_port i
-
+ append_parm "$cfg" 'resolver_url' '-r'
+ append_parm "$cfg" 'polling_interval' '-i'
append_parm "$cfg" 'listen_addr' '-a' '127.0.0.1'
append_parm "$cfg" 'listen_port' '-p' "$p"
+ append_parm "$cfg" 'dscp_codepoint' '-c'
append_parm "$cfg" 'bootstrap_dns' '-b'
- append_parm "$cfg" 'resolver_url' '-r'
append_parm "$cfg" 'user' '-u' 'nobody'
append_parm "$cfg" 'group' '-g' 'nogroup'
append_parm "$cfg" 'proxy_server' '-t'
p="$((p+1))"
}
-service_triggers() {
- procd_add_reload_trigger 'https-dns-proxy'
-}
-
start_service() {
local p=5053
config_load 'https-dns-proxy'
stop_service() {
config_load 'https-dns-proxy'
- config_get dnsmasqConfig 'config' 'update_dnsmasq_config' '*'
+ config_get dnsmasqConfig 'config' 'update_dnsmasq_config' '*'
dhcp_backup 'restore'
if [ -n "$(uci -q changes dhcp)" ]; then
uci -q commit dhcp
}
service_triggers() {
- procd_add_reload_trigger 'https-dns-proxy'
+ procd_add_config_trigger "config.change" "https-dns-proxy" /etc/init.d/https-dns-proxy reload
}
dnsmasq_add_doh_server() {
PKG_NAME:=i2pd
PKG_VERSION:=2.35.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/PurpleI2P/i2pd/tar.gz/$(PKG_VERSION)?
-diff --git a/contrib/i2pd.conf b/contrib/i2pd.conf
-index 5ef39bc9..8d5034eb 100644
--- a/contrib/i2pd.conf
+++ b/contrib/i2pd.conf
@@ -8,12 +8,12 @@
--- /dev/null
+From ca3b8191510c1006d031d02c50edcf6b4f6a6e8f Mon Sep 17 00:00:00 2001
+From: R4SAS <r4sas@i2pmail.org>
+Date: Thu, 10 Dec 2020 18:32:41 +0300
+Subject: [PATCH] [avx] check ig c++ target supports AVX
+
+Signed-off-by: R4SAS <r4sas@i2pmail.org>
+---
+ libi2pd/Crypto.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/libi2pd/Crypto.cpp
++++ b/libi2pd/Crypto.cpp
+@@ -638,7 +638,7 @@ namespace crypto
+ {
+ uint64_t buf[256];
+ uint64_t hash[12]; // 96 bytes
+-#if defined(__x86_64__) || defined(__i386__)
++#if (defined(__x86_64__) || defined(__i386__)) && defined(__AVX__) // not all X86 targets supports AVX (like old Pentium, see #1600)
+ if(i2p::cpu::avx)
+ {
+ __asm__
+--- a/libi2pd/Identity.cpp
++++ b/libi2pd/Identity.cpp
+@@ -828,7 +828,7 @@ namespace data
+ XORMetric operator^(const IdentHash& key1, const IdentHash& key2)
+ {
+ XORMetric m;
+-#if defined(__x86_64__) || defined(__i386__)
++#if (defined(__x86_64__) || defined(__i386__)) && defined(__AVX__) // not all X86 targets supports AVX (like old Pentium, see #1600)
+ if(i2p::cpu::avx)
+ {
+ __asm__
--- /dev/null
+#
+# Copyright (C) 2007-2010 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=iperf
+PKG_VERSION:=2.0.13
+PKG_RELEASE:=2
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_HASH:=c88adec966096a81136dda91b4bd19c27aae06df4d45a7f547a8e50d723778ad
+PKG_SOURCE_URL:=@SF/iperf2
+
+PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
+PKG_LICENSE:=BSD-3-Clause
+
+PKG_BUILD_PARALLEL:=1
+
+PKG_CONFIG_DEPENDS:=CONFIG_IPERF_ENABLE_MULTICAST
+
+include $(INCLUDE_DIR)/uclibc++.mk
+include $(INCLUDE_DIR)/package.mk
+
+define Package/iperf
+ SECTION:=net
+ CATEGORY:=Network
+ DEPENDS:= $(CXX_DEPENDS) +libpthread
+ TITLE:=Internet Protocol bandwidth measuring tool
+ URL:=http://sourceforge.net/projects/iperf2/
+endef
+
+define Package/iperf/description
+ Iperf is a modern alternative for measuring TCP and UDP bandwidth
+ performance, allowing the tuning of various parameters and
+ characteristics.
+endef
+
+define Package/iperf/config
+ config IPERF_ENABLE_MULTICAST
+ depends on PACKAGE_iperf
+ bool "Enable multicast support"
+endef
+
+
+TARGET_CFLAGS += -D_GNU_SOURCE
+ifeq ($(CONFIG_IPERF_ENABLE_MULTICAST),y)
+CONFIGURE_ARGS += --enable-multicast
+else
+CONFIGURE_ARGS += --disable-multicast
+endif
+
+ifeq ($(CONFIG_IPV6),)
+ CONFIGURE_ARGS += --disable-ipv6
+endif
+
+CONFIGURE_VARS += CXXFLAGS="$$$$CXXFLAGS -fno-rtti"
+CONFIGURE_VARS += LIBS="-lpthread -lm"
+
+define Package/iperf/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/iperf $(1)/usr/bin/iperf
+endef
+
+$(eval $(call BuildPackage,iperf))
--- /dev/null
+--- a/src/Listener.cpp
++++ b/src/Listener.cpp
+@@ -723,6 +723,7 @@ int Listener::L2_setup (void) {
+
+ // Now optimize packet flow up the raw socket
+ // Establish the flow BPF to forward up only "connected" packets to this raw socket
++#ifdef HAVE_IPV6
+ if (l->sa_family == AF_INET6) {
+ #ifdef HAVE_IPV6
+ struct in6_addr *v6peer = SockAddr_get_in6_addr(&server->peer);
+@@ -740,6 +741,9 @@ int Listener::L2_setup (void) {
+ return -1;
+ #endif /* HAVE_IPV6 */
+ } else {
++#else
++ {
++#endif
+ rc = SockAddr_v4_Connect_BPF(server->mSock, ((struct sockaddr_in *)(l))->sin_addr.s_addr, ((struct sockaddr_in *)(p))->sin_addr.s_addr, ((struct sockaddr_in *)(l))->sin_port, ((struct sockaddr_in *)(p))->sin_port);
+ WARN_errno( rc == SOCKET_ERROR, "l2 connect ip bpf");
+ }
--- /dev/null
+--- a/config.h.in
++++ b/config.h.in
+@@ -360,7 +360,9 @@
+ #undef _REENTRANT
+
+ /* */
++#ifndef __cplusplus
+ #undef bool
++#endif
+
+ /* Define to empty if `const' does not conform to ANSI C. */
+ #undef const
--- /dev/null
+#
+# Copyright (C) 2007-2010 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=iperf
+PKG_VERSION:=3.9
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://downloads.es.net/pub/iperf
+PKG_HASH:=24b63a26382325f759f11d421779a937b63ca1bc17c44587d2fcfedab60ac038
+
+PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
+PKG_LICENSE:=BSD-3-Clause
+
+PKG_BUILD_PARALLEL:=1
+PKG_INSTALL:=1
+
+PKG_FIXUP:=autoreconf
+
+include $(INCLUDE_DIR)/package.mk
+
+DISABLE_NLS:=
+
+define Package/iperf3/default
+ SECTION:=net
+ CATEGORY:=Network
+ TITLE:=Internet Protocol bandwidth measuring tool
+ URL:=https://github.com/esnet/iperf
+endef
+
+define Package/iperf3
+$(call Package/iperf3/default)
+ VARIANT:=nossl
+endef
+
+define Package/iperf3-ssl
+$(call Package/iperf3/default)
+ TITLE+= with iperf_auth support
+ VARIANT:=ssl
+ DEPENDS:= +libopenssl
+endef
+
+TARGET_CFLAGS += -D_GNU_SOURCE
+CONFIGURE_ARGS += --disable-shared
+
+ifeq ($(BUILD_VARIANT),ssl)
+ CONFIGURE_ARGS += --with-openssl="$(STAGING_DIR)/usr"
+else
+ CONFIGURE_ARGS += --without-openssl
+endif
+
+MAKE_FLAGS += noinst_PROGRAMS=
+
+define Package/iperf3/description
+ Iperf is a modern alternative for measuring TCP and UDP bandwidth
+ performance, allowing the tuning of various parameters and
+ characteristics.
+endef
+
+# autoreconf fails if the README file isn't present
+define Build/Prepare
+ $(call Build/Prepare/Default)
+ touch $(PKG_BUILD_DIR)/README
+endef
+
+define Package/iperf3/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/iperf3 $(1)/usr/bin/
+endef
+
+define Package/iperf3-ssl/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/iperf3 $(1)/usr/bin/
+endef
+
+$(eval $(call BuildPackage,iperf3))
+$(eval $(call BuildPackage,iperf3-ssl))
include $(TOPDIR)/rules.mk
PKG_NAME:=iputils
-PKG_VERSION:=20200821
+PKG_VERSION:=20210202
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://codeload.github.com/iputils/iputils/tar.gz/s$(PKG_VERSION)?
-PKG_HASH:=f265da0d02dd2259efd8c57a9c2e0c8bb3361abb14639fcffb26707be5783a5b
-PKG_BUILD_DIR:=$(BUILD_DIR)/iputils-s$(PKG_VERSION)
+PKG_SOURCE_URL:=https://codeload.github.com/iputils/iputils/tar.gz/$(PKG_VERSION)?
+PKG_HASH:=3f557ecfd2ace873801231d2c1f42de73ced9fbc1ef3a438d847688b5fb0e8ab
+PKG_BUILD_DIR:=$(BUILD_DIR)/iputils-$(PKG_VERSION)
PKG_MAINTAINER:=Noah Meyerhans <frodo@morgul.net>
PKG_LICENSE:=BSD-3-Clause
endef
define Package/iputils-tftpd/install
- $(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin//tftpd $(1)/usr/bin/
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/tftpd $(1)/usr/sbin/
endef
$(eval $(call BuildPackage,iputils-ping))
--- /dev/null
+Description: set a static version string rather than discern it from git
+--- a/meson.build
++++ b/meson.build
+@@ -17,6 +17,7 @@ add_project_arguments(
+
+ conf = configuration_data()
+ conf.set_quoted('PACKAGE_NAME', meson.project_name())
++conf.set('VCS_TAG', meson.project_version())
+ conf.set('_GNU_SOURCE', 1, description : 'Enable GNU extensions on systems that have them.')
+
+ build_arping = get_option('BUILD_ARPING')
+@@ -207,10 +208,10 @@ foreach h : [
+ endif
+ endforeach
+
+-git_version_h = vcs_tag(
++git_version_h = configure_file(
+ input : 'git-version.h.meson',
+ output : 'git-version.h',
+- fallback : meson.project_version()
++ configuration: conf
+ )
+
+ config_h = configure_file(
PKG_NAME:=isc-dhcp
UPSTREAM_NAME:=dhcp
PKG_VERSION:=4.4.1
-PKG_RELEASE:=9
+PKG_RELEASE:=15
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE
$(call Package/isc-dhcp/Default)
TITLE+= server (without IPv6)
VARIANT:=ipv4
+ DEPENDS+=bind-server bind-client
endef
define Package/isc-dhcp-server-ipv6
$(call Package/isc-dhcp/Default)
TITLE+= server (with IPv6)
VARIANT:=ipv6
+ DEPENDS+=bind-server bind-client
endef
define Package/isc-dhcp-server/description
#!/bin/sh /etc/rc.common
-START=19
+START=25
USE_PROCD=1
PROG=/usr/sbin/dhcpd
+TTL=3600
+PREFIX="update add"
+
lease_file=/tmp/dhcpd.leases
config_file=/tmp/run/dhcpd.conf
+dyndir=/tmp/bind
+conf_local_file=$dyndir/named.conf.local
+
+session_key_name=local-ddns
+session_key_file=/var/run/named/session.key
+
+dyn_file=$(mktemp -u /tmp/dhcpd.XXXXXX)
+
time2seconds() {
local timestring=$1
local multiplier number suffix
'
}
+update() {
+ local lhs="$1" family="$2" type="$3"
+ shift 3
+
+ [ $dynamicdns -eq 1 ] && \
+ echo -e "$PREFIX" "$lhs $family $type $@\nsend" >> $dyn_file
+}
+
explode() {
local arg="$1"
echo "$arg" | sed -e 's/\./, /g'
}
+rev_str() {
+ local str="$1" delim="$2"
+ local frag result="" IFS="$delim"
+
+ for frag in $str; do
+ result="$frag${result:+$delim}$result"
+ done
+
+ echo "$result"
+}
+
+create_empty_zone() {
+ local zone="$1"
+
+ if [ ! -f $dyndir/db."$zone" ]; then
+ cp -p /etc/bind/db.empty $dyndir/db."$zone"
+ chmod g+w $dyndir/db."$zone"
+ chgrp bind $dyndir/db."$zone"
+ fi
+}
+
append_routes() {
local tuple tuples="$1"
local string=
echo " option $tag $formatted;"
}
+static_cname_add() {
+ local cfg="$1"
+ local cname target
+
+ config_get cname "$cfg" "cname"
+ [ -n "$cname" ] || return 0
+ config_get target "$cfg" "target"
+ [ -n "$target" ] || return 0
+
+ update "$cname.$domain." IN CNAME "$target.$domain."
+}
+
+static_cnames() {
+ config_foreach static_cname_add cname "$@"
+}
+
+static_domain_add() {
+ local cfg="$1"
+ local name ip ips revip
+
+ config_get name "$cfg" "name"
+ [ -n "$name" ] || return 0
+ config_get ip "$cfg" "ip"
+ [ -n "$ip" ] || return 0
+
+ ips="$ip"
+ for ip in $ips; do
+ revip="$(rev_str "$ip" ".")"
+
+ update "$name.$domain." IN A "$ip"
+ update "$revip.in-addr.arpa." IN PTR "$name.$domain."
+ done
+}
+
+static_domains() {
+ config_foreach static_domain_add domain "$@"
+}
+
+static_mxhost_add() {
+ local cfg="$1"
+ local domain2 relay pref
+
+ config_get domain2 "$cfg" "domain"
+ [ -n "$domain2" ] || return 0
+ config_get relay "$cfg" "relay"
+ [ -n "$relay" ] || return 0
+ config_get pref "$cfg" "pref"
+ [ -n "$pref" ] || return 0
+
+ if [ "$domain2" = "@" ]; then
+ update "$domain." IN MX "$pref" "$relay.$domain."
+ else
+ update "$domain2.$domain." IN MX "$pref" "$relay.$domain."
+ fi
+}
+
+static_mxhosts() {
+ config_foreach static_mxhost_add mxhost "$@"
+}
+
+static_srvhost_add() {
+ local cfg="$1"
+ local srv target port priority weight
+
+ config_get srv "$cfg" "srv"
+ [ -n "$srv" ] || return 0
+ config_get target "$cfg" "target"
+ [ -n "$target" ] || return 0
+ config_get port "$cfg" "port"
+ [ -n "$port" ] || return 0
+ config_get priority "$cfg" "priority"
+ [ -n "$priority" ] || return 0
+ config_get weight "$cfg" "weight"
+ [ -n "$weight" ] || return 0
+
+ update "$srv.$domain." IN SRV "$priority" "$weight" "$port" "$target"
+}
+
+static_srvhosts() {
+ config_foreach static_srvhost_add srvhost "$@"
+}
+
static_host_add() {
local cfg="$1"
- local broadcast hostid macn macs mac name ip leasetime
+ local broadcast hostid macn macs mac name ip ips revip leasetime
config_get macs "$cfg" "mac"
[ -n "$macs" ] || return 0
config_list_foreach "$cfg" "dhcp_option" append_dhcp_options
echo "}"
done
+
+ ips="$ip"
+ for ip in $ips; do
+ revip="$(rev_str "$ip" ".")"
+
+ update "$name.$domain." IN A "$ip"
+ update "$revip.in-addr.arpa." IN PTR "$name.$domain."
+ done
}
static_hosts() {
}
dhcpd_add() {
- local cfg="$1"
+ local cfg="$1" synthesize="$2"
local dhcp6range="::"
local dynamicdhcp end gateway ifname ignore leasetime limit net netmask
local proto networkid start subnet
[ static = "$proto" ] || return 0
+ local pair="$(echo "${subnet%%/*}" | cut -d. -f1-2)"
+ case "$pair" in
+ 10.*)
+ rfc1918_nets="$rfc1918_nets${rfc1918_nets:+ }10"
+ ;;
+ 172.1[6789]|172.2[0-9]|172.3[01]|192.168)
+ rfc1918_nets="$rfc1918_nets${rfc1918_nets:+ }$pair"
+ ;;
+ esac
+ [ $synthesize -eq 0 ] && return
+
config_get_bool dynamicdhcp "$cfg" "dynamicdhcp" 1
dhcp_ifs="$dhcp_ifs $ifname"
gateway="$IP"
fi
- gen_dhcp_subnet "$cfg" >> $config_file
+ gen_dhcp_subnet "$cfg"
}
general_config() {
local always_broadcast boot_unknown_clients log_facility
local default_lease_time max_lease_time
+
config_get_bool always_broadcast "isc_dhcpd" "always_broadcast" 0
config_get_bool authoritative "isc_dhcpd" "authoritative" 1
config_get_bool boot_unknown_clients "isc_dhcpd" "boot_unknown_clients" 1
config_get log_facility "isc_dhcpd" "log_facility"
config_get domain "isc_dhcpd" "domain"
+ config_get_bool dynamicdns "isc_dhcpd" dynamicdns 0
[ $always_broadcast -eq 1 ] && echo "always-broadcast true;"
[ $authoritative -eq 1 ] && echo "authoritative;"
max_lease_time="$(time2seconds "$max_lease_time")"
[ "$?" -ne 0 ] && return 1
+ if [ $dynamicdns -eq 1 ]; then
+ create_empty_zone "$domain"
+
+ local mynet
+
+ for mynet in $rfc1918_nets; do
+ mynet="$(rev_str "$mynet" ".")"
+ create_empty_zone "$mynet.in-addr.arpa"
+ done
+
+ cat <<EOF > $conf_local_file
+zone "$domain" {
+ type master;
+ file "$dyndir/db.$domain";
+ allow-update { key $session_key_name; };
+ allow-transfer { key $session_key_name; };
+};
+
+EOF
+
+ for mynet in $rfc1918_nets; do
+ mynet="$(rev_str "$mynet" ".")"
+ cat <<EOF >> $conf_local_file
+zone "$mynet.in-addr.arpa" {
+ type master;
+ file "$dyndir/db.$mynet.in-addr.arpa";
+ allow-update { key $session_key_name; };
+ allow-transfer { key $session_key_name; };
+};
+
+EOF
+ done
+
+ /etc/init.d/named reload
+ sleep 1
+
+ cat <<EOF
+ddns-domainname "$domain.";
+ddns-update-style standard;
+ddns-updates on;
+ignore client-updates;
+
+update-static-leases on;
+use-host-decl-names on;
+update-conflict-detection off;
+update-optimization off;
+
+include "$session_key_file";
+
+zone $domain. {
+ primary 127.0.0.1;
+ key local-ddns;
+}
+
+EOF
+
+ for mynet in $rfc1918_nets; do
+ mynet="$(rev_str "$mynet" ".")"
+ cat <<EOF
+zone $mynet.in-addr.arpa. {
+ primary 127.0.0.1;
+ key local-ddns;
+}
+
+EOF
+ done
+ fi
+
if [ -n "$log_facility" ] ; then
echo "log-facility $log_facility;"
fi
}
start_service() {
- local domain dhcp_ifs authoritative
+ local domain dhcp_ifs authoritative dynamicdns
if [ -n "$DHCPD_BOOT" ] ; then
return 0
config_load dhcp
+ local rfc1918_nets=""
+
+ # alas we have to make 2 passes...
+ config_foreach dhcpd_add dhcp 0
+
+ rfc1918_nets="$(echo "$rfc1918_nets" | tr ' ' $'\n' | sort | uniq | tr $'\n' ' ')"
+
general_config > $config_file
- config_foreach dhcpd_add dhcp
+ if [ $dynamicdns -eq 1 ]; then
+ cat <<EOF > $dyn_file
+; Generated by /etc/init.d/dhcpd at $(date)
+
+ttl $TTL
+
+EOF
+ fi
+
+ rfc1918_nets=
+
+ config_foreach dhcpd_add dhcp 1 >> $config_file
static_hosts >> $config_file
+ static_cnames >> $config_file
+
+ static_domains >> $config_file
+
+ static_mxhosts >> $config_file
+
+ static_srvhosts >> $config_file
+
+ if [ $dynamicdns -eq 1 ]; then
+ nsupdate -l -v $dyn_file
+
+ rm -f $dyn_file
+ fi
+
[ -z "$dhcp_ifs" ] && return 0
fi
reload_service() {
rc_procd start_service "$@"
- prodcd_send_signal dhcpd "$@"
+ procd_send_signal dhcpd "$@"
}
add_interface_trigger() {
--- /dev/null
+--- a/bind/Makefile.in
++++ b/bind/Makefile.in
+@@ -57,6 +57,7 @@
+ rm -rf ${cleandirs} ${cleanfiles} ; \
+ (cd ${bindsrcdir} && \
+ export CC=${CROSS_CC} && \
++ ac_cv_func_catgets=no \
+ ./configure ${bindconfig} --disable-atomic \
+ --disable-kqueue --disable-epoll --disable-kqueue \
+ --disable-epoll --disable-devpoll --without-openssl \
PKG_NAME:=kadnode
PKG_VERSION:=2.3.0
-PKG_RELEASE:=2
-
-PKG_LICENSE:=MIT
+PKG_RELEASE:=3
PKG_SOURCE_URL:=https://codeload.github.com/mwarning/KadNode/tar.gz/v$(PKG_VERSION)?
PKG_SOURCE:=kadnode-$(PKG_VERSION).tar.gz
PKG_HASH:=abb2ca66fb525fab53157d5486bbb43e3a522a4bdc9280a3dcb8cb403ee08583
PKG_BUILD_DIR:=$(BUILD_DIR)/KadNode-$(PKG_VERSION)
+PKG_MAINTAINER:=Moritz Warning <moritzwarning@web.de>
+PKG_LICENSE:=MIT
PKG_BUILD_PARALLEL:=1
URL:=https://github.com/mwarning/KadNode
MENU:=1
DEPENDS:=+KADNODE_ENABLE_BOB:libmbedtls +KADNODE_ENABLE_TLS:libmbedtls +KADNODE_ENABLE_UPNP:libminiupnpc +KADNODE_ENABLE_NATPMP:libnatpmp
- MAINTAINER:=Moritz Warning <moritzwarning@web.de>
endef
define Package/kadnode/description
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/build/kadnode $(1)/usr/bin/
ifeq ($(CONFIG_KADNODE_ENABLE_CMD),y)
- $(LN) /usr/bin/kadnode $(1)/usr/bin/kadnode-ctl
+ $(LN) kadnode $(1)/usr/bin/kadnode-ctl
endif
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) files/kadnode.init $(1)/etc/init.d/kadnode
include $(TOPDIR)/rules.mk
PKG_NAME:=keepalived
-PKG_VERSION:=2.1.5
-PKG_RELEASE:=1
+PKG_VERSION:=2.2.1
+PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.keepalived.org/software
-PKG_HASH:=d94d7ccbc5c95ab39c95a0e5ae89a25a224f39b6811f2930d3a1885a69732259
+PKG_HASH:=91186f20c83ffc48d7a15a9a6e2329ed4feeb2dcb51f4aa9672c8840190ea741
PKG_CPE_ID:=cpe:/a:keepalived:keepalived
PKG_LICENSE:=GPL-2.0-or-later
include $(TOPDIR)/rules.mk
PKG_NAME:=knot
-PKG_VERSION:=3.0.2
+PKG_VERSION:=3.0.4
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://secure.nic.cz/files/knot-dns/
-PKG_HASH:=f813a5e53263ef51d0415508e1f7d33cfbb75a139ccb10a344ae5a91689933fb
+PKG_HASH:=451d8913a769b7e4bcb3e250a3181b448e28a82cfc58cea6f2509475d7327983
PKG_MAINTAINER:=Daniel Salzman <daniel.salzman@nic.cz>
PKG_LICENSE:=GPL-3.0 LGPL-2.0 0BSD BSD-3-Clause OLDAP-2.8
include $(TOPDIR)/rules.mk
PKG_NAME:=ksmbd-tools
-PKG_VERSION:=3.3.1
+PKG_VERSION:=3.3.4
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/cifsd-team/ksmbd-tools/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=0831677c5ccb91ba38c764ad22577830650a78300a676c2e7bb1baecadbdf725
+PKG_HASH:=f7065da4008292bcaf43b15190715b4f224919f7d60f18b79b836eab6ee6d43b
PKG_MAINTAINER:=Andy Walsh <andy.walsh44+github@gmail.com>
PKG_LICENSE:=GPL-2.0-or-later
CONFIGURE_VARS += GLIB_LIBS="$(STAGING_DIR)/usr/lib/libglib-2.0.a"
TARGET_CFLAGS += -ffunction-sections -fdata-sections -flto
-TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed -liconv $(if $(INTL_FULL),-lintl)
+TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed -liconv $(if $(INTL_FULL),-lintl) $(if $(CONFIG_USE_GLIBC),-lpthread)
define Package/ksmbd-server/install
$(INSTALL_DIR) $(1)/usr/sbin
SMBD_IFACE=""
+config_get_sane()
+{
+ config_get "$@"
+ set -- "$(echo "$1" | tr -d '<>[]{};%?=#\n')"
+}
+
smb_header()
{
- config_get SMBD_IFACE $1 interface "lan"
+ config_get_sane SMBD_IFACE "$1" interface "lan"
# resolve interfaces
- local interfaces
interfaces=$(
. /lib/functions/network.sh
- local net
for net in $SMBD_IFACE; do
- local device
- network_is_up $net || continue
+ network_is_up "$net" || continue
network_get_device device "$net"
- echo -n "${device:-$net} "
+ printf "%s " "${device:-$net}"
done
)
- local workgroup description
- local hostname
- hostname="$(cat /proc/sys/kernel/hostname)"
+ # we dont use netbios anymore as default and wsd/avahi is dns based
+ hostname="$(cat /proc/sys/kernel/hostname | tr -d '{};%?=#\n')"
- config_get workgroup $1 workgroup "WORKGROUP"
- config_get description $1 description "Ksmbd on OpenWrt"
- config_get_bool ALLOW_LEGACY_PROTOCOLS $1 allow_legacy_protocols 0
+ config_get_sane workgroup "$1" workgroup "WORKGROUP"
+ config_get_sane description "$1" description "Ksmbd on OpenWrt"
+ config_get_bool ALLOW_LEGACY_PROTOCOLS "$1" allow_legacy_protocols 0
sed -e "s#|NAME|#$hostname#g" \
-e "s#|WORKGROUP|#$workgroup#g" \
smb_add_share()
{
- local name
- local path
- local comment
- local users
- local create_mask
- local dir_mask
- local browseable
- local read_only
- local writeable
- local guest_ok
- local force_root
- local write_list
- local read_list
- local hide_dot_files
- local veto_files
- local inherit_owner
- local force_create_mode
- local force_directory_mode
-
- config_get name $1 name
- config_get path $1 path
- config_get comment $1 comment
- config_get users $1 users
- config_get create_mask $1 create_mask
- config_get dir_mask $1 dir_mask
- config_get browseable $1 browseable
- config_get read_only $1 read_only
- config_get writeable $1 writeable
- config_get guest_ok $1 guest_ok
- config_get_bool force_root $1 force_root 0
- config_get write_list $1 write_list
- config_get read_list $1 read_list
- config_get hide_dot_files $1 hide_dot_files
- config_get veto_files $1 veto_files
- config_get inherit_owner $1 inherit_owner
- config_get force_create_mode $1 force_create_mode
- config_get force_directory_mode $1 force_directory_mode
+ config_get_sane name "$1" name
+ config_get_sane path "$1" path
+ config_get_sane comment "$1" comment
+ config_get_sane users "$1" users
+ config_get_sane create_mask "$1" create_mask
+ config_get_sane dir_mask "$1" dir_mask
+ config_get_sane browseable "$1" browseable
+ config_get_sane read_only "$1" read_only
+ config_get_sane writeable "$1" writeable
+ config_get_sane guest_ok "$1" guest_ok
+ config_get_bool force_root "$1" force_root 0
+ config_get_sane write_list "$1" write_list
+ config_get_sane read_list "$1" read_list
+ config_get_sane hide_dot_files "$1" hide_dot_files
+ config_get_sane veto_files "$1" veto_files
+ config_get_sane inherit_owner "$1" inherit_owner
+ config_get_sane force_create_mode "$1" force_create_mode
+ config_get_sane force_directory_mode "$1" force_directory_mode
[ -z "$name" ] || [ -z "$path" ] && return
procd_add_reload_trigger "dhcp" "system" "ksmbd"
- local i
for i in $SMBD_IFACE; do
- procd_add_reload_interface_trigger $i
+ procd_add_reload_interface_trigger "$i"
done
}
include $(TOPDIR)/rules.mk
PKG_NAME:=libreswan
-PKG_VERSION:=4.1
+PKG_VERSION:=4.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://download.libreswan.org/
-PKG_HASH:=216444c3a2ede7bed5820648856fa5d9cc8fc4b4122bd4a1129d1a5954d9227d
+PKG_HASH:=bbf1babda23bdb269f6ac75d8e1a24cdc6da5d15191b15ad7b10096319105cd7
PKG_MAINTAINER:=Lucian Cristian <lucian.cristian@gmail.com>
PKG_LICENSE:=GPL-2.0-or-later
DEPENDS:= +IPV6:kmod-ip6-vti +IPV6:kmod-ipsec6 +ip-full +iptables-mod-ipsec \
+kmod-crypto-aead +kmod-crypto-authenc +kmod-crypto-gcm \
+kmod-crypto-hash +kmod-crypto-rng +kmod-ip-vti +kmod-ipsec \
- +kmod-ipsec4 +kmod-ipt-ipsec +libevent2 +libevent2-pthreads \
+ +kmod-ipsec4 +kmod-ipt-ipsec +kmod-xfrm-interface +libevent2 +libevent2-pthreads \
+libldns +librt +libunbound +nss-utils +nspr +libcap-ng
PROVIDES:=openswan
CONFLICTS:=strongswan
USE_LIBCAP_NG=true \
USE_SYSTEMD_WATCHDOG=false \
USE_SECCOMP=false\
+ USE_XFRM_INTERFACE_IFLA_HEADER=false \
PREFIX="/usr" \
FINALRUNDIR="/var/run/pluto" \
FINALNSSDIR="/etc/ipsec.d" \
include $(TOPDIR)/rules.mk
PKG_NAME:=lighttpd
-PKG_VERSION:=1.4.56
-PKG_RELEASE:=5
+PKG_VERSION:=1.4.59
+PKG_RELEASE:=1
# release candidate ~rcX testing; remove for release
-#PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-1.4.56
+#PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-1.4.59
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://download.lighttpd.net/lighttpd/releases-1.4.x
-PKG_HASH:=e4ce84cd79e8ae8ba193c7a7cc79c4afba9a076b443ef9f8d4bcd13a3354df77
+PKG_HASH:=fb953db273daef08edb6e202556cae8a3d07eed6081c96bd9903db957d1084d5
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
PKG_LICENSE:=BSD-3-Clause
your lighttpd configuration file.
(mod_gnutls, mod_mbedtls, mod_nss, mod_openssl, mod_wolfssl)
+config LIGHTTPD_SSL_DEPENDS
+ bool
+ depends on LIGHTTPD_SSL
+ default PACKAGE_lighttpd-mod-mbedtls || PACKAGE_lighttpd-mod-wolfssl || PACKAGE_lighttpd-mod-gnutls || PACKAGE_lighttpd-mod-nss
+
+config LIGHTTPD_SSL_SELECT
+ tristate
+ depends on LIGHTTPD_SSL
+ default m if !LIGHTTPD_SSL_DEPENDS
+ select PACKAGE_lighttpd-mod-openssl
+
config LIGHTTPD_LOGROTATE
bool "Logrotate support"
depends on PACKAGE_lighttpd
It adds support for logrotate functionality.
endef
-ifneq ($(strip $(CONFIG_LIGHTTPD_SSL)),)
- ifeq ($(CONFIG_PACKAGE_lighttpd-mod-openssl),)
- ifeq ($(CONFIG_PACKAGE_lighttpd-mod-mbedtls),)
- ifeq ($(CONFIG_PACKAGE_lighttpd-mod-wolfssl),)
- ifeq ($(CONFIG_PACKAGE_lighttpd-mod-gnutls),)
- ifeq ($(CONFIG_PACKAGE_lighttpd-mod-nss),)
- CONFIG_PACKAGE_lighttpd-mod-openssl=m
- endif
- endif
- endif
- endif
- endif
-endif
-
-ifneq ($(CONFIG_PACKAGE_lighttpd-mod-auth),)
- ifeq ($(CONFIG_PACKAGE_lighttpd-mod-authn_file),)
- CONFIG_PACKAGE_lighttpd-mod-authn_file=m
- endif
-endif
-
MESON_ARGS += \
-Dwith_brotli=false \
-Dwith_bzip=false \
-Dwith_webdav_props=$(if $(CONFIG_PACKAGE_lighttpd-mod-webdav),true,false) \
-Dwith_wolfssl=$(if $(CONFIG_PACKAGE_lighttpd-mod-wolfssl),true,false) \
-Dwith_xattr=false \
- -Dwith_zlib=$(if $(CONFIG_PACKAGE_lighttpd-mod-deflate),true,false)
+ -Dwith_zlib=$(if $(CONFIG_PACKAGE_lighttpd-mod-deflate),true,false) \
+ -Dwith_zstd=false
BASE_MODULES:=dirlisting indexfile staticfile
# Finally, everything else.
$(eval $(call BuildPlugin,access,Access restrictions,,30))
$(eval $(call BuildPlugin,accesslog,Access logging,,30))
+$(eval $(call BuildPlugin,ajp13,AJP13 Tomcat connector,,30))
$(eval $(call BuildPlugin,alias,Directory alias,,30))
$(eval $(call BuildPlugin,cgi,CGI,,30))
$(eval $(call BuildPlugin,cml,Cache Meta Language,+PACKAGE_lighttpd-mod-cml:liblua +PACKAGE_lighttpd-mod-cml:libnettle,30))
--- /dev/null
+From a737572aa4b7a50fd9ac3f54245e40fd5cd2609d Mon Sep 17 00:00:00 2001
+From: Glenn Strauss <gstrauss@gluelogic.com>
+Date: Wed, 3 Feb 2021 00:35:34 -0500
+Subject: [PATCH] [meson] add with_zstd to meson_options.txt
+
+Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
+---
+ meson_options.txt | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/meson_options.txt b/meson_options.txt
+index 51bea44d..f6687159 100644
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -148,6 +148,11 @@ option('with_zlib',
+ value: true,
+ description: 'with deflate-support for mod_deflate [default: on]',
+ )
++option('with_zstd',
++ type: 'boolean',
++ value: false,
++ description: 'with zstd-support for mod_deflate [default: off]',
++)
+
+ option('build_extra_warnings',
+ type: 'boolean',
+--
+2.29.2
+
+++ /dev/null
-From 2a1e55dc62c72893d128400334131a56a218ee1a Mon Sep 17 00:00:00 2001
-From: Glenn Strauss <gstrauss@gluelogic.com>
-Date: Tue, 1 Dec 2020 16:23:49 -0500
-Subject: [PATCH] [mod_webdav] define _ATFILE_SOURCE if AT_FDCWD
-
-Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
----
- src/mod_webdav.c | 15 ++++++++++++---
- 1 file changed, 20 insertions(+), 5 deletions(-)
-
-diff --git a/src/mod_webdav.c b/src/mod_webdav.c
-index c3fe79a2..9c27ad8f 100644
---- a/src/mod_webdav.c
-+++ b/src/mod_webdav.c
-@@ -182,9 +182,18 @@
- #include <string.h>
- #include <unistd.h> /* getpid() linkat() rmdir() unlinkat() */
-
--/* Note: filesystem access race conditions exist without _ATFILE_SOURCE */
-+#ifdef AT_FDCWD
- #ifndef _ATFILE_SOURCE
-+#define _ATFILE_SOURCE
-+#endif
-+#endif
-+
-+#ifndef AT_SYMLINK_NOFOLLOW
- #define AT_SYMLINK_NOFOLLOW 0
-+#endif
-+
-+/* Note: filesystem access race conditions exist without _ATFILE_SOURCE */
-+#ifndef _ATFILE_SOURCE
- /*(trigger linkat() fail to fallback logic in mod_webdav.c)*/
- #define linkat(odfd,opath,ndfd,npath,flags) -1
- #endif
-@@ -2371,7 +2380,10 @@ webdav_delete_dir (const plugin_config * const pconf,
- buffer_append_string_len(&dst->rel_path, de->d_name, len);
-
- #ifndef _ATFILE_SOURCE
-- #ifndef _DIRENT_HAVE_D_TYPE
-+ #ifdef _DIRENT_HAVE_D_TYPE
-+ if (de->d_type == DT_UNKNOWN)
-+ #endif
-+ {
- struct stat st;
- if (0 != stat(dst->path.ptr, &st)) {
- dst->path.ptr[ (dst->path.used = dst_path_used) -1]='\0';
-@@ -2379,6 +2391,6 @@ webdav_delete_dir (const plugin_config * const pconf,
- continue; /* file *just* disappeared? */
- }
- s_isdir = S_ISDIR(st.st_mode);
-- #endif
-+ }
- #endif
-
-@@ -2903,7 +2902,10 @@ webdav_copymove_dir (const plugin_config * const pconf,
- buffer_append_string_len(&dst->rel_path, de->d_name, len);
-
- #ifndef _ATFILE_SOURCE
-- #ifndef _DIRENT_HAVE_D_TYPE
-+ #ifdef _DIRENT_HAVE_D_TYPE
-+ if (de->d_type == DT_UNKNOWN)
-+ #endif
-+ {
- if (0 != stat(src->path.ptr, &st)) {
- src->path.ptr[ (src->path.used = src_path_used) -1]='\0';
- src->rel_path.ptr[(src->rel_path.used = src_rel_path_used)-1]='\0';
-@@ -2912,7 +2914,7 @@ webdav_copymove_dir (const plugin_config * const pconf,
- continue; /* file *just* disappeared? */
- }
- d_type = st.st_mode;
-- #endif
-+ }
- #endif
-
- if (S_ISDIR(d_type)) { /* recursive call; depth first */
---
-2.28.0
-
+++ /dev/null
-From 716e4d7a5d773607d87d5521f5943cff019bcd97 Mon Sep 17 00:00:00 2001
-From: Glenn Strauss <gstrauss@gluelogic.com>
-Date: Mon, 30 Nov 2020 19:31:05 -0500
-Subject: [PATCH] [core] fix lighttpd -1 one-shot with pipes
-
-Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
----
- src/server.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/server.c b/src/server.c
-index 83c0241f..a781027e 100644
---- a/src/server.c
-+++ b/src/server.c
-@@ -356,7 +356,7 @@ static int server_oneshot_read_cq(connection *con, chunkqueue *cq, off_t max_byt
- /* temporary set con->fd to oneshot_fd (fd input) rather than outshot_fdout
- * (lighttpd generally assumes operation on sockets, so this is a kludge) */
- int fd = con->fd;
-- con->fd = oneshot_fd;
-+ con->fd = oneshot_fdn->fd;
- int rc = oneshot_read_cq(con, cq, max_bytes);
- con->fd = fd;
-
---
-2.28.0
-
+++ /dev/null
-From 233a218ab3cf449a0667438cf0b1830eeb33471b Mon Sep 17 00:00:00 2001
-From: Glenn Strauss <gstrauss@gluelogic.com>
-Date: Thu, 3 Dec 2020 17:16:52 -0500
-Subject: [PATCH] [build] fix meson.build when building all TLS mods
-
-x-ref:
- "[lighttpd] -mod-openssl fails"
- https://github.com/openwrt/packages/issues/14121
- "[lighttpd] -mod-wolfssl fails"
- https://github.com/openwrt/packages/issues/14122
-
-Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
----
- src/meson.build | 20 +++++++++++++-------
- 1 file changed, 13 insertions(+), 7 deletions(-)
-
-diff --git a/src/meson.build b/src/meson.build
-index 71e4ec90..2d6ee2df 100644
---- a/src/meson.build
-+++ b/src/meson.build
-@@ -432,15 +432,20 @@ if get_option('with_mysql')
- endif
-
- libssl = []
--libx509 = []
- libcrypto = []
-+libsslcrypto = []
- libgnutls = []
-+libmbedtls = []
-+libmbedcrypto = []
-+libmbedx509 = []
-+libwolfssl = []
- if get_option('with_openssl')
- # manual search:
- # header: openssl/ssl.h
- # function: SSL_new (-lssl)
- # function: BIO_f_base64 (-lcrypto)
- libssl = [ dependency('libssl') ]
-+ libsslcrypto = [ dependency('libcrypto') ]
- libcrypto = [ dependency('libcrypto') ]
- conf_data.set('HAVE_OPENSSL_SSL_H', true)
- conf_data.set('HAVE_LIBSSL', true)
-@@ -449,7 +454,7 @@ if get_option('with_wolfssl')
- # manual search:
- # header: wolfssl/ssl.h
- # function: wolfSSL_Init (-lwolfssl)
-- libssl = [ dependency('wolfssl') ]
-+ libwolfssl = [ dependency('wolfssl') ]
- libcrypto = [ dependency('wolfssl') ]
- conf_data.set('HAVE_WOLFSSL_SSL_H', true)
- endif
-@@ -459,8 +464,9 @@ if get_option('with_mbedtls')
- # function: mbedtls_cipher_info_from_type (-lmbedtls)
- # function: mbedtls_x509_get_name (-lmbedx509)
- # function: mbedtls_base64_encode (-lmbedcrypto)
-- libssl = [ compiler.find_library('mbedtls') ]
-- libx509 = [ compiler.find_library('mbedx509') ]
-+ libmbedtls = [ compiler.find_library('mbedtls') ]
-+ libmbedx509 = [ compiler.find_library('mbedx509') ]
-+ libmbedcrypto = [ compiler.find_library('mbedcrypto') ]
- libcrypto = [ compiler.find_library('mbedcrypto') ]
- conf_data.set('HAVE_LIBMBEDCRYPTO', true)
- endif
-@@ -1070,19 +1076,19 @@ endif
-
- if get_option('with_openssl')
- modules += [
-- [ 'mod_openssl', [ 'mod_openssl.c' ], libssl + libcrypto ],
-+ [ 'mod_openssl', [ 'mod_openssl.c' ], libssl + libsslcrypto ],
- ]
- endif
-
- if get_option('with_wolfssl')
- modules += [
-- [ 'mod_wolfssl', [ 'mod_wolfssl.c' ], libcrypto ],
-+ [ 'mod_wolfssl', [ 'mod_wolfssl.c' ], libwolfssl ],
- ]
- endif
-
- if get_option('with_mbedtls')
- modules += [
-- [ 'mod_mbedtls', [ 'mod_mbedtls.c' ], libssl + libx509 + libcrypto ],
-+ [ 'mod_mbedtls', [ 'mod_mbedtls.c' ], libmbedtls + libmbedx509 + libmbedcrypto ],
- ]
- endif
-
---
-2.28.0
-
+++ /dev/null
-From a27e55b2dd0887f462c36ff788dde5c5de20a154 Mon Sep 17 00:00:00 2001
-From: Glenn Strauss <gstrauss@gluelogic.com>
-Date: Sat, 5 Dec 2020 11:19:03 -0500
-Subject: [PATCH] [core] add missing mod_wolfssl to ssl compat list
-
-add missing mod_wolfssl to ssl compat module list
-
-x-ref:
- "[lighttpd] -mod-wolfssl fails (requires dependency on -mod-openssl?)"
- https://github.com/openwrt/packages/issues/14139
-
-Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
----
- src/configfile.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/configfile.c b/src/configfile.c
-index da444154..c7739c4f 100644
---- a/src/configfile.c
-+++ b/src/configfile.c
-@@ -345,6 +345,8 @@ static void config_compat_module_load (server *srv) {
- append_mod_openssl = 0;
- else if (buffer_eq_slen(m, CONST_STR_LEN("mod_openssl")))
- append_mod_openssl = 0;
-+ else if (buffer_eq_slen(m, CONST_STR_LEN("mod_wolfssl")))
-+ append_mod_openssl = 0;
- else if (buffer_eq_slen(m, CONST_STR_LEN("mod_authn_file")))
- append_mod_authn_file = 0;
- else if (buffer_eq_slen(m, CONST_STR_LEN("mod_authn_ldap")))
---
-2.28.0
-
+++ /dev/null
-From a43420ba07645acb71f31e95b9c7b4e894794afd Mon Sep 17 00:00:00 2001
-From: Glenn Strauss <gstrauss@gluelogic.com>
-Date: Sun, 6 Dec 2020 22:50:49 -0500
-Subject: [PATCH] [mod_wolfssl] add complex preproc logic for SNI
-
-add complex preproc logic for SNI detection
-- HAVE_SNI is not sufficient
-- HAVE_LIGHTY is not sufficient (in wolfssl <= 4.5.0)
-Instead, use more complex logic wrapping calls to SNI_Callback()
-in wolfssl.
-
-x-ref:
- "[lighttpd] -mod-wolfssl inhibited by missing library functionality"
- https://github.com/openwrt/packages/issues/14142
- "put all SNI code behind simpler preprocessor directive HAVE_SNI"
- https://github.com/wolfSSL/wolfssl/pull/3538
-
-Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
----
- src/mod_wolfssl.c | 15 ++++++++++++---
- 1 file changed, 12 insertions(+), 3 deletions(-)
-
-diff --git a/src/mod_wolfssl.c b/src/mod_wolfssl.c
-index a22b0ebe..70f7488b 100644
---- a/src/mod_wolfssl.c
-+++ b/src/mod_wolfssl.c
-@@ -2041,13 +2041,22 @@ network_init_ssl (server *srv, plugin_config_socket *s, plugin_data *p)
- * && (HAVE_STUNNEL || WOLFSSL_NGINX || HAVE_LIGHTY)))
- * and sniRecvCb sniRecvCbArg are hidden by *different* set of defines
- * in wolfssl/internal.h)
-- * Note: SNI callbacks disabled if wolfSSL is not built OPENSSL_ALL ! */
-- #ifdef OPENSSL_ALL /* regretable */
-+ * Note: wolfSSL SNI callbacks members not present unless wolfSSL is
-+ * built OPENSSL_ALL or some additional combination of preprocessor
-+ * defines. The following should work with more recent wolfSSL versions
-+ * (and HAVE_LIGHTY is not sufficient in wolfssl <= 4.5.0) */
-+ #if defined(OPENSSL_ALL) \
-+ || (defined(OPENSSL_EXTRA) \
-+ && (defined(HAVE_STUNNEL) \
-+ || defined(WOLFSSL_NGINX) \
-+ || defined(WOLFSSL_HAPROXY)))
-+ #else
-+ #undef HAVE_SNI
-+ #endif
- #ifdef HAVE_SNI
- wolfSSL_CTX_set_servername_callback(
- s->ssl_ctx, network_ssl_servername_callback);
- wolfSSL_CTX_set_servername_arg(s->ssl_ctx, srv);
-- #endif /* regretable */
- #else
- log_error(srv->errh, __FILE__, __LINE__,
- "SSL: WARNING: SNI callbacks *crippled* in wolfSSL library build");
---
-2.28.0
-
--- /dev/null
+#
+# Copyright (C) 2011 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=maccalc
+PKG_RELEASE:=1
+PKG_LICENSE:=GPL-2.0
+
+PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/maccalc
+ SECTION:=utils
+ CATEGORY:=Utilities
+ TITLE:=MAC address calculation
+endef
+
+define Package/maccalc/description
+ This package contains a MAC address manipulation utility.
+endef
+
+define Build/Configure
+endef
+
+define Build/Compile
+ $(MAKE) -C $(PKG_BUILD_DIR) \
+ CC="$(TARGET_CC)" \
+ CFLAGS="$(TARGET_CFLAGS) -Wall" \
+ LDFLAGS="$(TARGET_LDFLAGS)"
+endef
+
+define Package/maccalc/install
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/maccalc $(1)/usr/sbin/
+endef
+
+$(eval $(call BuildPackage,maccalc))
--- /dev/null
+CC = gcc
+CFLAGS = -Wall
+OBJS = main.o
+
+all: maccalc
+
+%.o: %.c
+ $(CC) $(CFLAGS) -c -o $@ $<
+
+maccalc: $(OBJS)
+ $(CC) -o $@ $(OBJS)
+
+clean:
+ rm -f maccalc *.o
--- /dev/null
+/*
+ * MAC address manupulation utility
+ *
+ * Copyright (C) 2011 Gabor Juhos <juhosg@openwrt.org>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 as published
+ * by the Free Software Foundation.
+ *
+ */
+
+#include <errno.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <string.h>
+#include <unistd.h>
+
+#define MAC_ADDRESS_LEN 6
+
+#define ERR_INVALID 1
+#define ERR_IO 2
+
+static void usage(void);
+
+char *maccalc_name;
+
+static int parse_mac(const char *mac_str, unsigned char *buf)
+{
+ int t;
+
+ t = sscanf(mac_str, "%02hhx:%02hhx:%02hhx:%02hhx:%02hhx:%02hhx",
+ &buf[0], &buf[1], &buf[2], &buf[3], &buf[4], &buf[5]);
+
+ if (t != MAC_ADDRESS_LEN)
+ return ERR_INVALID;
+
+ return 0;
+}
+
+static void print_mac(unsigned char *buf)
+{
+ printf("%02x:%02x:%02x:%02x:%02x:%02x\n",
+ buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
+}
+
+static int maccalc_do_add(int argc, const char *argv[])
+{
+ unsigned char mac[MAC_ADDRESS_LEN];
+ uint32_t t;
+ int err;
+ int i;
+
+ if (argc != 2) {
+ usage();
+ return ERR_INVALID;
+ }
+
+ err = parse_mac(argv[0], mac);
+ if (err)
+ return err;
+
+ i = atoi(argv[1]);
+
+ t = (mac[3] << 16) | (mac[4] << 8) | mac[5];
+ t += i;
+ mac[3] = (t >> 16) & 0xff;
+ mac[4] = (t >> 8) & 0xff;
+ mac[5] = t & 0xff;
+
+ print_mac(mac);
+ return 0;
+}
+
+static int maccalc_do_logical(int argc, const char *argv[],
+ unsigned char (*op)(unsigned char n1,
+ unsigned char n2))
+{
+ unsigned char mac1[MAC_ADDRESS_LEN];
+ unsigned char mac2[MAC_ADDRESS_LEN];
+ int err;
+ int i;
+
+ if (argc != 2) {
+ usage();
+ return ERR_INVALID;
+ }
+
+ err = parse_mac(argv[0], mac1);
+ if (err)
+ return err;
+
+ err = parse_mac(argv[1], mac2);
+ if (err)
+ return err;
+
+ for (i = 0; i < MAC_ADDRESS_LEN; i++)
+ mac1[i] = op(mac1[i],mac2[i]);
+
+ print_mac(mac1);
+ return 0;
+}
+
+static int maccalc_do_mac2bin(int argc, const char *argv[])
+{
+ unsigned char mac[MAC_ADDRESS_LEN];
+ ssize_t c;
+ int err;
+
+ if (argc != 1) {
+ usage();
+ return ERR_INVALID;
+ }
+
+ err = parse_mac(argv[0], mac);
+ if (err)
+ return err;
+
+ c = write(STDOUT_FILENO, mac, sizeof(mac));
+ if (c != sizeof(mac)) {
+ fprintf(stderr, "failed to write to stdout\n");
+ return ERR_IO;
+ }
+
+ return 0;
+}
+
+static ssize_t read_safe(int fd, void *buf, size_t count)
+{
+ ssize_t total = 0;
+ ssize_t r;
+
+ while(count > 0) {
+ r = read(fd, buf, count);
+ if (r == 0)
+ /* EOF */
+ break;
+ if (r < 0) {
+ if (errno == EINTR)
+ /* interrupted by a signal, restart */
+ continue;
+ /* error */
+ total = -1;
+ break;
+ }
+
+ /* ok */
+ total += r;
+ count -= r;
+ buf += r;
+ }
+
+ return total;
+}
+
+static int maccalc_do_bin2mac(int argc, const char *argv[])
+{
+ unsigned char mac[MAC_ADDRESS_LEN];
+ ssize_t c;
+
+ if (argc != 0) {
+ usage();
+ return ERR_INVALID;
+ }
+
+ c = read_safe(STDIN_FILENO, mac, sizeof(mac));
+ if (c != sizeof(mac)) {
+ fprintf(stderr, "failed to read from stdin\n");
+ return ERR_IO;
+ }
+
+ print_mac(mac);
+ return 0;
+}
+
+static unsigned char op_or(unsigned char n1, unsigned char n2)
+{
+ return n1 | n2;
+}
+
+static int maccalc_do_or(int argc, const char *argv[])
+{
+ return maccalc_do_logical(argc, argv, op_or);
+}
+
+static unsigned char op_and(unsigned char n1, unsigned char n2)
+{
+ return n1 & n2;
+}
+
+static int maccalc_do_and(int argc, const char *argv[])
+{
+ return maccalc_do_logical(argc, argv, op_and);
+}
+
+static unsigned char op_xor(unsigned char n1, unsigned char n2)
+{
+ return n1 ^ n2;
+}
+
+static int maccalc_do_xor(int argc, const char *argv[])
+{
+ return maccalc_do_logical(argc, argv, op_xor);
+}
+
+static void usage(void)
+{
+ fprintf(stderr,
+ "Usage: %s <command>\n"
+ "valid commands:\n"
+ " add <mac> <number>\n"
+ " and|or|xor <mac1> <mac2>\n"
+ " mac2bin <mac>\n"
+ " bin2mac\n",
+ maccalc_name);
+}
+
+int main(int argc, const char *argv[])
+{
+ int (*op)(int argc, const char *argv[]);
+ int ret;
+
+ maccalc_name = (char *) argv[0];
+
+ if (argc < 2) {
+ usage();
+ return EXIT_FAILURE;
+ }
+
+ if (strcmp(argv[1], "add") == 0) {
+ op = maccalc_do_add;
+ } else if (strcmp(argv[1], "and") == 0) {
+ op = maccalc_do_and;
+ } else if (strcmp(argv[1], "or") == 0) {
+ op = maccalc_do_or;
+ } else if (strcmp(argv[1], "xor") == 0) {
+ op = maccalc_do_xor;
+ } else if (strcmp(argv[1], "mac2bin") == 0) {
+ op = maccalc_do_mac2bin;
+ } else if (strcmp(argv[1], "bin2mac") == 0) {
+ op = maccalc_do_bin2mac;
+ } else {
+ fprintf(stderr, "unknown command '%s'\n", argv[1]);
+ usage();
+ return EXIT_FAILURE;
+ }
+
+ argc -= 2;
+ argv += 2;
+
+ ret = op(argc, argv);
+ if (ret)
+ return EXIT_FAILURE;
+
+ return EXIT_SUCCESS;
+}
PKG_NAME:=mDNSResponder
PKG_VERSION:=IETF104
-PKG_RELEASE:=2
+PKG_RELEASE:=4
PKG_SOURCE:=mDNSResponder-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://opensource.apple.com/tarballs/mDNSResponder/IETF/
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
- $(CP) $(PKG_BUILD_DIR)/mDNSShared/dns_sd.h $(1)/usr/include/
+ $(CP) $(PKG_INSTALL_DIR)/usr/include/dns_sd.h $(1)/usr/include/
$(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_BUILD_DIR)/mDNSPosix/build/prod/*.so* $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libdns_sd.so.1 $(1)/usr/lib/
+ $(LN) -s libdns_sd.so.1 $(1)/usr/lib/libdns_sd.so
endef
define Package/mdns-utils/install
PKG_NAME:=mini_snmpd
PKG_VERSION:=1.6
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_MAINTAINER:=Marcin Jurkowski <marcin1j@gmail.com>
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYING
[ -z $netdev_count ] && netdev_count=0
# for the purposes of snmp monitoring it doesn't need to be up, it just needs to exist in /proc/net/dev
network_get_device netdev "$name"
- if [ -n "$netdev" ] && grep -qF "$netdev" /proc/net/dev ]; then
+ if [ -n "$netdev" ] && grep -qF "$netdev" /proc/net/dev; then
[ $netdev_count -ge 8 ] && {
_err "$cfg: too many network interfaces configured, ignoring $name"
return
include $(TOPDIR)/rules.mk
PKG_NAME:=miniupnpc
-PKG_VERSION:=2.2.0
+PKG_VERSION:=2.2.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://miniupnp.tuxfamily.org/files
-PKG_HASH:=ff56bec3e5a3aec41f4decb43cb0b925231d6ab4cdfd7a74caa5c7c1043c4ef0
+PKG_HASH:=3a3167e57727bf1d2a7b4861f7c7b57a663f58b9cf68227762ed2fc64e8ea11f
PKG_MAINTAINER:=
PKG_LICENSE:=BSD-3-Clause
TARGET_CFLAGS += $(FPIC)
TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed
+define Build/InstallDev
+ $(INSTALL_DIR) $(1)/usr/include
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/include/miniupnpc/ $(1)/usr/include/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.{a,so*} $(1)/usr/lib/
+endef
+
define Package/miniupnpc/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/upnpc-shared $(1)/usr/bin/upnpc
include $(TOPDIR)/rules.mk
PKG_NAME:=miniupnpd
-PKG_VERSION:=2.2.0
-PKG_RELEASE:=4
+PKG_VERSION:=2.2.1
+PKG_RELEASE:=1
PKG_SOURCE_URL:=https://miniupnp.tuxfamily.org/files
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=f105210a13ed0ebfc649f661ecc59e0a072cc547b04977851f22b5521b4cadff
+PKG_HASH:=f158dc73b718ca72da69e25ef23c57c3a10a0d7e7d1b4b9b57d5690823040ec2
PKG_MAINTAINER:=
PKG_LICENSE:=BSD-3-Clause
include $(TOPDIR)/rules.mk
PKG_NAME:=modemmanager
-PKG_VERSION:=1.14.8
-PKG_RELEASE:=2
+PKG_VERSION:=1.14.10
+PKG_RELEASE:=1
PKG_SOURCE:=ModemManager-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://www.freedesktop.org/software/ModemManager
-PKG_HASH:=fe1a26ba51b4bda7abd09ad4dadedd87d8b8154809fc9d88e94f75fdfff19295
+PKG_HASH:=4ea60b375a761e17e7bb095bca894579ed0e8e33b273dc698b5cbe03947f357f
PKG_BUILD_DIR:=$(BUILD_DIR)/ModemManager-$(PKG_VERSION)
PKG_MAINTAINER:=Nicholas Smith <nicholas.smith@telcoantennas.com.au>
include $(TOPDIR)/rules.mk
PKG_NAME:=mosquitto
-PKG_VERSION:=2.0.0
+PKG_VERSION:=2.0.5
PKG_RELEASE:=1
PKG_LICENSE:=EPL-2.0
PKG_LICENSE_FILES:=LICENSE.txt
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://mosquitto.org/files/source/
-PKG_HASH:=ca8c21d1b04037df27639de9ea8f82fa73e1cbd24e83e6394ed67b537c4b6d86
+PKG_HASH:=67eaeb4160e5793715c017f53c4f42808d76129b7ad131d765a6a23792e58d5d
include $(INCLUDE_DIR)/package.mk
+++ /dev/null
-diff --git a/apps/mosquitto_ctrl/Makefile b/apps/mosquitto_ctrl/Makefile
-index 59b23596..3a4843bf 100644
---- a/apps/mosquitto_ctrl/Makefile
-+++ b/apps/mosquitto_ctrl/Makefile
-@@ -8,8 +8,7 @@ else
- LIBMOSQ:=../../lib/libmosquitto.a
- endif
-
--LOCAL_CPPFLAGS:=-I/usr/include/cjson -I/usr/local/include/cjson -I../mosquitto_passwd
--LOCAL_LDFLAGS:=-L/usr/local/lib
-+LOCAL_CPPFLAGS:=-I../mosquitto_passwd
-
- OBJS= mosquitto_ctrl.o \
- client.o \
include $(TOPDIR)/rules.mk
PKG_NAME:=mwan3
-PKG_VERSION:=2.10.3
-PKG_RELEASE:=3
+PKG_VERSION:=2.10.6
+PKG_RELEASE:=1
PKG_MAINTAINER:=Florian Eckert <fe@dev.tdt.de>, \
Aaron Goodman <aaronjg@alumni.stanford.edu>
PKG_LICENSE:=GPL-2.0
$(INSTALL_BIN) ./files/usr/sbin/mwan3track \
$(1)/usr/sbin/
+ $(INSTALL_DIR) $(1)/etc
+ $(INSTALL_BIN) ./files/etc/mwan3.user \
+ $(1)/etc/
+
$(CP) $(PKG_BUILD_DIR)/libwrap_mwan3_sockopt.so.1.0 $(1)/lib/mwan3/
$(INSTALL_DIR) $(1)/etc/uci-defaults
exit 3
fi
-[ "$MWAN3_STARTUP" = 1 ] || procd_lock
+[ "$MWAN3_STARTUP" = "init" ] || procd_lock
+
+mwan3_init
-config_load mwan3
/etc/init.d/mwan3 running || {
[ "$MWAN3_STARTUP" = "init" ] || procd_lock
LOG notice "mwan3 hotplug $ACTION on $INTERFACE not called because globally disabled"
exit 0
}
-mwan3_init
-
if [ "$MWAN3_STARTUP" != "init" ] && [ "$ACTION" = "ifup" ]; then
mwan3_set_user_iface_rules $INTERFACE $DEVICE
fi
[ -f "/etc/mwan3.user" ] && {
. /lib/functions.sh
. /lib/mwan3/mwan3.sh
- initscript=/etc/init.d/mwan3
+ initscript=/etc/init.d/mwan3
. /lib/functions/procd.sh
[ "$MWAN3_SHUTDOWN" != 1 ] && procd_lock
config_get_bool enabled "$INTERFACE" enabled 0
[ "${enabled}" -eq 1 ] || {
- [ "$MWAN3_SHUTDOWN" != 1 ] && mwan3_unlock "$ACTION" "$DEVICE-user"
exit 0
}
START=19
USE_PROCD=1
+SCRIPTNAME="mwan3-init"
service_running() {
[ -d "$MWAN3_STATUS_DIR" ]
start_service() {
local enabled hotplug_pids
- config_load mwan3
mwan3_init
config_foreach start_tracker interface
stop_service() {
local ipset rule IP IPTR IPT family table tid
- config_load mwan3
mwan3_init
config_foreach mwan3_interface_shutdown interface
IP="$IP6"
fi
- for tid in $(ip route list table all | sed -ne 's/.*table \([0-9]\+\).*/\1/p' | sort -u); do
+ for tid in $($IP route list table all | sed -ne 's/.*table \([0-9]\+\).*/\1/p' | sort -u); do
[ $tid -gt $MWAN3_INTERFACE_MAX ] && continue
$IP route flush table $tid &> /dev/null
done
mwan3_init()
{
- local bitcnt
- local mmdefault
+ local bitcnt mmdefault source_routing
+
+ config_load mwan3
[ -d $MWAN3_STATUS_DIR ] || mkdir -p $MWAN3_STATUS_DIR/iface_state
MMX_MASK=$(cat "${MWAN3_STATUS_DIR}/mmx_mask")
MWAN3_INTERFACE_MAX=$(uci_get_state mwan3 globals iface_max)
else
- config_load mwan3
config_get MMX_MASK globals mmx_mask '0x3F00'
echo "$MMX_MASK"| tr 'A-F' 'a-f' > "${MWAN3_STATUS_DIR}/mmx_mask"
LOG debug "Using firewall mask ${MMX_MASK}"
LOG debug "Max interface count is ${MWAN3_INTERFACE_MAX}"
fi
+ # remove "linkdown", expiry and source based routing modifiers from route lines
+ config_get_bool source_routing globals source_routing 0
+ [ $source_routing -eq 1 ] && unset source_routing
+ MWAN3_ROUTE_LINE_EXP="s/linkdown //; s/expires [0-9]\+sec//; s/error [0-9]\+//; ${source_routing:+s/default\(.*\) from [^ ]*/default\1/;} p"
+
# mark mask constants
bitcnt=$(mwan3_count_one_bits MMX_MASK)
mmdefault=$(((1<<bitcnt)-1))
unset "$1"
[ -z "$route_device" ] && return
- curr_table=$(eval "echo \"\$mwan3_dev_tbl_${route_family}\"")
+ curr_table=$(eval "echo \"\$mwan3_dev_tbl_${route_family}\"")
for entry in $curr_table; do
if [ "${entry%%=*}" = "$route_device" ]; then
_tid=${entry##*=}
mwan3_get_routes()
{
- local source_routing
- config_get_bool source_routing globals source_routing 0
- [ $source_routing -eq 0 ] && unset source_routing
- $IP route list table main | sed -ne "/^linkdown/T; s/expires \([0-9]\+\)sec//;s/error [0-9]\+//; ${source_routing:+s/default\(.*\) from [^ ]*/default\1/;} p" | uniq
+ $IP route list table main | sed -ne "$MWAN3_ROUTE_LINE_EXP" | uniq
}
mwan3_create_iface_route()
local interface device src_ip family
mwan3_init
- config_load mwan3
interface=$1 ; shift
[ -z "$*" ] && echo "no command specified for mwan3 use" && return
mwan3_add_all_routes()
{
- local tid IP IPT route_line family active_tbls tid initial_state
+ local tid IP IPT route_line family active_tbls tid initial_state error
local ipv=$1
add_active_tbls()
{
let tid++
[ -n "${active_tbls##* $tid *}" ] && return
- $IP route add table $tid $route_line ||
- LOG warn "failed to add $route_line to table $tid"
+ error=$($IP route add table $tid $route_line 2>&1) ||
+ LOG warn "failed to add $route_line to table $tid - error: $error"
}
mwan3_update_dev_to_table
tid=0
active_tbls=" "
config_foreach add_active_tbls interface
- [ $active_tbls = " " ] && return
+ [ "$active_tbls" = " " ] && return
mwan3_get_routes | while read -r route_line; do
mwan3_route_line_dev "tid" "$route_line" "$ipv"
if [ -n "$tid" ] && [ -z "${active_tbls##* $tid *}" ]; then
mwan3_rtmon_route_handle()
{
- local action route_line family tbl device line route_line_exp tid source_routing
+ local action route_line family tbl device line tid
route_line=${1##"Deleted "}
route_family=$2
- config_get_bool source_routing globals source_routing 0
- [ $source_routing -eq 0 ] && unset source_routing
-
if [ "$route_line" = "$1" ]; then
action="replace"
- route_line_exp="s/expires \([0-9]\+\)sec//;s/error [0-9]\+//; ${source_routing:+s/default\(.*\) from [^ ]*/default\1/}"
$IPS -! add mwan3_connected_${route_family##ip} ${route_line%% *}
else
action="del"
- route_line_exp="s/expires [0-9]\+sec//;s/error [0-9]\+//; ${source_routing:+s/default\(.*\) from [^ ]*/default\1/}"
mwan3_set_connected_${route_family}
fi
+ if [ -z "${route_line##*linkdown*}" ]; then
+ LOG debug "attempting to add link on down interface - $route_line"
+ fi
+
if [ "$route_family" = "ipv4" ]; then
IP="$IP4"
elif [ "$route_family" = "ipv6" ] && [ $NO_IPV6 -eq 0 ]; then
IP="$IP6"
- route_line=$(echo "$route_line" | sed "$route_line_exp")
else
LOG warn "route update called with invalid family - $route_family"
return
fi
-
- # don't try to add routes when link has gone down
- if [ -z "${route_line##linkdown*}" ]; then
- LOG debug "not adding route due to linkdown - skipping $route_line"
- return
- fi
+ route_line=$(echo "$route_line" | sed -ne "$MWAN3_ROUTE_LINE_EXP")
handle_route() {
+ local error
local iface=$1
tbl=$($IP route list table $tid 2>/dev/null)$'\n'
network_get_device device "$iface"
LOG debug "adjusting route $device: '$IP route $action table $tid $route_line'"
- $IP route "$action" table $tid $route_line ||
- LOG warn "failed: '$IP route $action table $tid $route_line'"
+ error=$($IP route "$action" table $tid $route_line 2>&1)||
+ LOG warn "failed: '$IP route $action table $tid $route_line' - error: $error"
}
handle_route_cb(){
local iface=$1
{
local IP family
- config_load mwan3
+ mwan3_init
+
family=$1
[ -z $family ] && family=ipv4
if [ "$family" = "ipv6" ]; then
else
IP="$IP4"
fi
- mwan3_init
sh -c "echo \$\$; exec $IP monitor route" | {
read -r monitor_pid
trap_with_arg func_trap "$monitor_pid" SIGINT SIGTERM SIGKILL
+ KILL -SIGSTOP $$
while IFS='' read -r line; do
[ -z "${line##*table*}" ] && continue
LOG debug "handling route update $family '$line'"
done
} &
child=$!
- kill -SIGSTOP $child
trap_with_arg func_trap "$child" SIGINT SIGTERM SIGKILL
mwan3_set_connected_${family}
mwan3_add_all_routes ${family}
kill -SIGCONT $child
- wait $!
+ wait $child
}
main "$@"
trap if_down USR1
trap if_up USR2
- config_load mwan3
config_get FAMILY $INTERFACE family ipv4
config_get track_method $INTERFACE track_method ping
config_get_bool httping_ssl $INTERFACE httping_ssl 0
include $(TOPDIR)/rules.mk
PKG_NAME:=netifyd
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_MAINTAINER:=Darryl Sokoloski <darryl@egloo.ca>
PKG_LICENSE:=GPL-3.0-or-later
--- /dev/null
+--- a/src/netifyd.cpp
++++ b/src/netifyd.cpp
+@@ -144,7 +144,7 @@ static void nd_usage(int rc = 0, bool ve
+ {
+ fprintf(stderr, "%s\n", nd_get_version_and_features().c_str());
+ fprintf(stderr, "Copyright (C) 2015-2020 eGloo Incorporated\n"
+- "[%s %s]\n", GIT_RELEASE, GIT_DATE);
++ "[%s]\n", PACKAGE_VERSION);
+ if (version) {
+ fprintf(stderr, "\nThis application uses nDPI v%s\n"
+ "http://www.ntop.org/products/deep-packet-inspection/ndpi/\n", ndpi_revision());
include $(TOPDIR)/rules.mk
PKG_NAME:=netopeer2
-PKG_VERSION:=1.1.39
-PKG_RELEASE:=1
+PKG_VERSION:=1.1.53
+PKG_RELEASE:=2
PKG_LICENSE:=BSD-3-Clause
PKG_MAINTAINER:=Jakov Smolic <jakov.smolic@sartura.hr>
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/CESNET/Netopeer2/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=e983683eda68792fedd73af54a5c7997496091489aa921f2a9e0dd27f2f6e19a
+PKG_HASH:=6b43026211a787d5cb91d47cb7fdd7923649044c55f264aaf85bf5676c004211
CMAKE_INSTALL:=1
<name>default-ssh</name>
<ssh>
<tcp-server-parameters>
- <local-address>0.0.0.0</local-address>
+ <local-address>::</local-address>
<keepalives>
<idle-time>1</idle-time>
<max-probes>10</max-probes>
include $(TOPDIR)/rules.mk
PKG_NAME:=nextdns
-PKG_VERSION:=1.9.4
+PKG_VERSION:=1.10.1
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
PKG_SOURCE_URL:=https://github.com/nextdns/nextdns.git
-PKG_MIRROR_HASH:=9487c5a6b5acf21c92f1b9720de6d05a760fc7acb0861e14b5a71acd99ebc347
+PKG_MIRROR_HASH:=74491853d9f0d278d4e163ac6aeb6ebab0364abc9fdd346954777e4e4960fcc2
PKG_MAINTAINER:=Olivier Poitrey <rs@nextdns.io>
PKG_LICENSE:=MIT
include $(TOPDIR)/rules.mk
PKG_NAME:=nfs-kernel-server
-PKG_VERSION:=2.5.1
+PKG_VERSION:=2.5.2
PKG_RELEASE:=1
-PKG_HASH:=446ff6d2b039dedb0de96b88a3677516c9314613fc6f28b7b6e94c51fb375195
+PKG_HASH:=09c20d30322e957a6e9547fb5aa742b163c142cd36b244c2485ae0cc3d71d32d
PKG_SOURCE_URL:=@SF/nfs
PKG_SOURCE:=nfs-utils-$(PKG_VERSION).tar.xz
+++ /dev/null
---- a/support/nfsidmap/libnfsidmap.c
-+++ b/support/nfsidmap/libnfsidmap.c
-@@ -89,6 +89,10 @@ gid_t nobody_gid = (gid_t)-1;
- #define NFS4DNSTXTREC "_nfsv4idmapdomain"
- #endif
-
-+#ifndef NS_MAXMSG
-+#define NS_MAXMSG 65535
-+#endif
-+
- /* Default logging fuction */
- static void default_logger(const char *fmt, ...)
- {
# Copyright (C) 2018 rosysong@rosinson.com
#
-. /lib/nft-qos/core.sh
-. /lib/nft-qos/monitor.sh
-. /lib/nft-qos/dynamic.sh
-. /lib/nft-qos/static.sh
-. /lib/nft-qos/mac.sh
-. /lib/nft-qos/priority.sh
+. "${IPKG_INSTROOT}/lib/nft-qos/core.sh"
+. "${IPKG_INSTROOT}/lib/nft-qos/monitor.sh"
+. "${IPKG_INSTROOT}/lib/nft-qos/dynamic.sh"
+. "${IPKG_INSTROOT}/lib/nft-qos/static.sh"
+. "${IPKG_INSTROOT}/lib/nft-qos/mac.sh"
+. "${IPKG_INSTROOT}/lib/nft-qos/priority.sh"
START=99
USE_PROCD=1
include $(TOPDIR)/rules.mk
PKG_NAME:=nginx-util
-PKG_VERSION:=1.4
-PKG_RELEASE:=3
+PKG_VERSION:=1.5
+PKG_RELEASE:=1
PKG_MAINTAINER:=Peter Stadler <peter.stadler@student.uibk.ac.at>
include $(INCLUDE_DIR)/package.mk
CATEGORY:=Network
SUBMENU:=Web Servers/Proxies
TITLE:=Nginx configurator including SSL
- DEPENDS:=+libstdcpp +libubus +libubox +libpthread +libopenssl
+ DEPENDS:=+libstdcpp +libuci +libubus +libubox +libpthread +libopenssl
# TODO: remove after a transition period (together with below and pkg nginx):
# It actually removes nginx-util (replacing it by a dummy pkg) to avoid
# conflicts with nginx-ssl-util*
It uses the standard regex library of C++.
+define Package/nginx-ssl-util/install/default
+ $(INSTALL_DIR) $(1)/etc/nginx/conf.d/
+
+ $(INSTALL_CONF) ./files/uci.conf.template $(1)/etc/nginx/
+ $(LN) /var/lib/nginx/uci.conf $(1)/etc/nginx/uci.conf
+
+ $(INSTALL_CONF) ./files/restrict_locally $(1)/etc/nginx/
+
+ $(INSTALL_DIR) $(1)/etc/config/
+ $(INSTALL_CONF) ./files/nginx.config $(1)/etc/config/nginx
+
+ifneq ($(CONFIG_IPV6),y) # the used IPv6 directives have `::` in them:
+ $(SED) "/::/d" $(1)/etc/nginx/restrict_locally
+ $(SED) "/::/d" $(1)/etc/config/nginx
+endif
+endef
+
+
define Package/nginx-ssl-util/install
+ $(call Package/nginx-ssl-util/install/default, $(1))
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/nginx-ssl-util $(1)/usr/bin/nginx-util
endef
define Package/nginx-ssl-util-nopcre/install
+ $(call Package/nginx-ssl-util/install/default, $(1))
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/nginx-ssl-util-nopcre \
$(1)/usr/bin/nginx-util
endef
+define Package/nginx-ssl-util/prerm
+#!/bin/sh
+
+[ -n "$${IPKG_INSTROOT}" ] && exit 0
+[ "$${PKG_UPGRADE}" = "1" ] && exit 0
+case "$$(/sbin/uci get "nginx.global.uci_enable" 2>/dev/null)" in
+ 1|on|true|yes|enabled) ;;
+ *) exit 0;;
+esac
+
+eval "$$(/usr/bin/nginx-util get_env)" &&
+[ "$$(/sbin/uci get "nginx.$${LAN_NAME}.$${MANAGE_SSL}" 2>/dev/null)" = \
+ "self-signed" ] &&
+cd "/etc/nginx" &&
+rm -f "$$(/sbin/uci get "nginx.$${LAN_NAME}.ssl_certificate")" \
+ "$$(/sbin/uci get "nginx.$${LAN_NAME}.ssl_certificate_key")"
+
+exit 0
+endef
+
+
+Package/nginx-ssl-util-nopcre/prerm = $(Package/nginx-ssl-util/prerm)
+
+
$(eval $(call BuildPackage,nginx-ssl-util))
$(eval $(call BuildPackage,nginx-ssl-util-nopcre))
--- /dev/null
+#!/bin/sh
+# This is a template copy it by: ./README.sh | xclip -selection c
+# to https://openwrt.org/docs/guide-user/services/webserver/nginx#configuration
+
+
+NGINX_UTIL="/usr/bin/nginx-util"
+
+EXAMPLE_COM="example.com"
+
+MSG="
+/* Created by the following bash script that includes the source of some files:
+ * https://github.com/openwrt/packages/net/nginx-util/files/README.sh
+ */"
+
+eval $("${NGINX_UTIL}" get_env)
+
+code() {
+ local file
+ [ $# -gt 1 ] && file="$2" || file="$(basename "$1")"
+ printf "<file nginx %s>\n%s</file>" "$1" "$(cat "${file}")";
+}
+
+ifConfEcho() {
+ sed -nE "s/^\s*$1=\s*(\S*)\s*\\\\$/\n$2 \"\1\";/p" ../../nginx/Makefile;
+}
+
+cat <<EOF
+
+
+
+
+
+===== Configuration =====${MSG}
+
+
+
+The official Documentation contains a
+[[https://docs.nginx.com/nginx/admin-guide/|Admin Guide]].
+Here we will look at some often used configuration parts and how we handle them
+at OpenWrt.
+At different places there are references to the official
+[[https://docs.nginx.com/nginx/technical-specs/|Technical Specs]]
+for further reading.
+
+**tl;dr:** When starting Nginx by ''/etc/init.d/nginx'', it creates its main
+configuration dynamically based on a minimal template and the
+[[docs:guide-user:base-system:uci|🡒UCI]] configuration.
+
+The UCI ''/etc/config/nginx'' contains initially:
+| ''config server '${LAN_NAME}''' | \
+Default server for the LAN, which includes all ''${CONF_DIR}*.locations''. |
+| ''config server '_redirect2ssl''' | \
+Redirects inexistent URLs to HTTPS. |
+
+It enables also the ''${CONF_DIR}'' directory for further configuration:
+| ''${CONF_DIR}\$NAME.conf'' | \
+Is included in the main configuration. \
+It is prioritized over a UCI ''config server '\$NAME' ''. |
+| ''${CONF_DIR}\$NAME.locations'' | \
+Is include in the ''${LAN_NAME}'' server and can be re-used for others, too. |
+| ''$(dirname "${CONF_DIR}")/restrict_locally'' | \
+Is include in the ''${LAN_NAME}'' server and allows only accesses from LAN. |
+
+Setup configuration (for a server ''\$NAME''):
+| ''$(basename ${NGINX_UTIL}) [${ADD_SSL_FCT}|del_ssl] \$NAME'' | \
+Add/remove a self-signed certificate and corresponding directives. |
+| ''uci set nginx.\$NAME.access_log='logd openwrt''' | \
+Writes accesses to Openwrt’s \
+[[docs:guide-user:base-system:log.essentials|🡒logd]]. |
+| ''uci set nginx.\$NAME.error_log='logd' '' | \
+Writes errors to Openwrt’s \
+[[docs:guide-user:base-system:log.essentials|🡒logd]]. |
+| ''uci [set|add_list] nginx.\$NAME.key='value' '' | \
+Becomes a ''key value;'' directive if the //key// does not start with //uci_//. |
+| ''uci set nginx.\$NAME=[disable|server]'' |\
+Disable/enable inclusion in the dynamic conf.|
+| ''uci set nginx.global.uci_enable=false'' | \
+Use a custom ''${NGINX_CONF}'' rather than a dynamic conf. |
+
+
+
+==== Basic ====${MSG}
+
+
+We modify the configuration by changing servers saved in the UCI configuration
+at ''/etc/config/nginx'' and/or by creating different configuration files in the
+''${CONF_DIR}'' directory.
+These files use the file extensions ''.locations'' and ''.conf'' plus ''.crt''
+and ''.key'' for SSL certificates and keys.((
+We can disable a single configuration file in ''${CONF_DIR}'' by giving it
+another extension, e.g., by adding ''.disabled''.))
+For the new configuration to take effect, we must reload it by:
+
+<code bash>service nginx reload</code>
+
+For OpenWrt we use a special initial configuration, which is explained in the
+section [[#openwrt_s_defaults|🡓OpenWrt’s Defaults]].
+So, we can make a site available at a specific URL in the **LAN** by creating a
+''.locations'' file in the directory ''${CONF_DIR}''.
+Such a file consists just of some
+[[https://nginx.org/en/docs/http/ngx_http_core_module.html#location|
+location blocks]].
+Under the latter link, you can find also the official documentation for all
+available directives of the HTTP core of Nginx.
+Look for //location// in the Context list.
+
+The following example provides a simple template, see at the end for
+different [[#locations_for_apps|🡓Locations for Apps]]((look for
+[[https://github.com/search?utf8=%E2%9C%93&q=repo%3Aopenwrt%2Fpackages
++extension%3Alocations&type=Code&ref=advsearch&l=&l=|
+other packages using a .locations file]], too.)):
+
+<code nginx ${CONF_DIR}example.locations>
+location /ex/am/ple {
+ access_log off; # default: not logging accesses.
+ # access_log /proc/self/fd/1 openwrt; # use logd (init forwards stdout).
+ # error_log stderr; # default: logging to logd (init forwards stderr).
+ error_log /dev/null; # disable error logging after config file is read.
+ # (state path of a file for access_log/error_log to the file instead.)
+ index index.html;
+}
+# location /eg/static { … }
+</code>
+
+All location blocks in all ''.locations'' files must use different URLs,
+since they are all included in the ''${LAN_NAME}'' server that is part of the
+[[#openwrt_s_defaults|🡓OpenWrt’s Defaults]].((
+We reserve the ''location /'' for making LuCI available under the root URL,
+e.g. [[https://192.168.1.1/|192.168.1.1/]].
+All other sites shouldn’t use the root ''location /'' without suffix.))
+We should use the root URL for other sites than LuCI only on **other** domain
+names, e.g., we could make a site available at https://${EXAMPLE_COM}/.
+In order to do that, we create [[#new_server_parts|🡓New Server Parts]] for all
+domain names.
+We can also activate SSL thereby, see
+[[#ssl_server_parts|🡓SSL Server Parts]].
+We use such server parts also for publishing sites to the internet (WAN)
+instead of making them available just locally (in the LAN).
+
+Via ''${CONF_DIR}*.conf'' files we can add directives to the //http// part of
+the configuration.
+If you would change the configuration ''$(basename "${UCI_CONF}").template''
+instead, it is not updated to new package's versions anymore.
+Although it is not recommended, you can also disable the whole UCI config and
+create your own ''${NGINX_CONF}''; then invoke:
+
+<code bash>uci set nginx.global.uci_enable=false</code>
+
+
+
+==== New Server Parts ====${MSG}
+
+
+For making the router reachable from the WAN at a registered domain name,
+it is not enough letting the
+[[docs:guide-user:firewall:firewall_configuration|🡒firewall]] accept requests
+(typically on ports 80 and 443) and giving the name server the internet IP
+address of the router (maybe updated automatically by a
+[[docs:guide-user:services:ddns:client|🡒DDNS Client]]).
+
+We also need to set up virtual hosting for this domain name by creating an
+appropriate server section in ''/etc/config/nginx''
+(or in a ''${CONF_DIR}*.conf'' file, which cannot be changed using UCI).
+All such parts are included in the main configuration of OpenWrt
+([[#openwrt_s_defaults|🡓OpenWrt’s Defaults]]).
+
+In the server part, we state the domain as
+[[https://nginx.org/en/docs/http/ngx_http_core_module.html#server_name|
+server_name]].
+The link points to the same document as for the location blocks in the
+[[#basic|🡑Basic Configuration]]: the official documentation for all available
+directives of the HTTP core of Nginx.
+This time look for //server// in the Context list, too.
+The server part should also contain similar location blocks as
+++before.|
+We can re-include a ''.locations'' file that is included in the server part for
+the LAN by default.
+Then the site is reachable under the same path at both domains, e.g. by
+https://192.168.1.1/ex/am/ple as well as by https://${EXAMPLE_COM}/ex/am/ple.
+++
+
+We can add directives to a server in the UCI configuration by invoking
+''uci [set|add_list] nginx.${EXAMPLE_COM//./_}.key=value''.
+If the //key// is not starting with //uci_//, it becomes a ''key value;''
+++directive.|
+Although the UCI config does not support nesting like Nginx, we can add a whole
+block as //value//.
+++
+
+We cannot use dots in a //key// name other than in the //value//.
+In the following example we replace the dot in //${EXAMPLE_COM}// by an
+underscore for the UCI name of the server, but not for Nginx's //server_name//:
+
+<code bash>
+uci add nginx server &&
+uci rename nginx.@server[-1]=${EXAMPLE_COM//./_} &&
+uci add_list nginx.${EXAMPLE_COM//./_}.listen='80' &&
+uci add_list nginx.${EXAMPLE_COM//./_}.listen='[::]:80' &&
+uci set nginx.${EXAMPLE_COM//./_}.server_name='${EXAMPLE_COM}' &&
+uci add_list nginx.${EXAMPLE_COM//./_}.include=\
+'$(basename ${CONF_DIR})/${EXAMPLE_COM}.locations'
+# uci add_list nginx.${EXAMPLE_COM//./_}.location='/ { … }' \
+# root location for this server.
+</code>
+
+We can disable respective re-enable this server again by:
+
+<code bash>
+uci set nginx.${EXAMPLE_COM//./_}=disable # respective: \
+uci set nginx.${EXAMPLE_COM//./_}=server
+</code>
+
+These changes are made in the RAM (and can be used until a reboot), we can save
+them permanently by:
+
+<code bash>uci commit nginx</code>
+
+For creating a similar ''${CONF_DIR}${EXAMPLE_COM}.conf'', we can adopt the
+following:
+
+<code nginx ${CONF_DIR}${EXAMPLE_COM}.conf>
+server {
+ listen 80;
+ listen [::]:80;
+ server_name ${EXAMPLE_COM};
+ include '$(basename ${CONF_DIR})/${EXAMPLE_COM}.locations';
+ # location / { … } # root location for this server.
+}
+</code>
+
+[[#openwrt_s_defaults|🡓OpenWrt’s Defaults]] include the UCI server
+''config server '_redirect2ssl' ''.
+It acts as //default_server// for HTTP and redirects requests for inexistent
+URLs to HTTPS.
+For making another domain name accessible to all addresses, the corresponding
+server part should listen on port //80// and contain the FQDN as
+//server_name//, cf. the official documentation on
+[[https://nginx.org/en/docs/http/request_processing.html|request_processing]].
+
+Furthermore, there is a UCI server named ''${LAN_NAME}''.
+It is the //default_server// for HTTPS and allows connections from LAN only.
+It includes the file ''$(dirname "${CONF_DIR}")/restrict_locally'' with
+appropriate //allow/deny// directives, cf. the official documentation on
+[[https://nginx.org/en/docs/http/ngx_http_access_module.html|limiting access]].
+
+
+
+==== SSL Server Parts ====${MSG}
+
+
+For enabling HTTPS for a domain we need a SSL certificate as well as its key and
+add them by the directives //ssl_certificate// respective
+//ssl_certificate_key// to the server part of the domain
+([[https://nginx.org/en/docs/http/configuring_https_servers.html#sni|TLS SNI]]
+is supported by default).
+The rest of the configuration is similar as for general
+[[#new_server_parts|🡑New Server Parts]].
+We only have to adjust the listen directives by adding the //ssl// parameter and
+changing the port from //80// to //443//.
+
+The official documentation of the SSL module contains an
+[[https://nginx.org/en/docs/http/ngx_http_ssl_module.html#example|
+example]] with some optimizations.
+We can extend an existing UCI server section similarly, e.g., for the above
+''config server '${EXAMPLE_COM//./_}' '' we invoke:
+
+<code bash>
+# Instead of 'del_list' the listen* entries, we could use '443 ssl' beforehand.
+uci del_list nginx.${EXAMPLE_COM//./_}.listen='80' &&
+uci del_list nginx.${EXAMPLE_COM//./_}.listen='[::]:80' &&
+uci add_list nginx.${EXAMPLE_COM//./_}.listen='443 ssl' &&
+uci add_list nginx.${EXAMPLE_COM//./_}.listen='[::]:443 ssl' &&
+uci set nginx.${EXAMPLE_COM//./_}.ssl_certificate=\
+'${CONF_DIR}${EXAMPLE_COM}.crt' &&
+uci set nginx.${EXAMPLE_COM//./_}.ssl_certificate_key=\
+'${CONF_DIR}${EXAMPLE_COM}.key' &&
+uci set nginx.${EXAMPLE_COM//./_}.ssl_session_cache=\
+'${SSL_SESSION_CACHE_ARG}' &&
+uci set nginx.${EXAMPLE_COM//./_}.ssl_session_timeout=\
+'${SSL_SESSION_TIMEOUT_ARG}' &&
+uci commit nginx
+</code>
+
+For making the server in ''${CONF_DIR}${EXAMPLE_COM}.conf'' available
+via SSL, we can make similar changes there.
+
+The following command creates a **self-signed** SSL certificate and changes the
+corresponding configuration:
+
+<code bash>$(basename "${NGINX_UTIL}") ${ADD_SSL_FCT} ${EXAMPLE_COM}</code>
+
+ - If a ''$(basename "${CONF_DIR}")/${EXAMPLE_COM}.conf'' file exists, it\
+ adds //ssl_*// directives and changes the //listen// directives there.\
+ Else it does that similarly to the example above for a ++selected UCI\
+ server.| Hereby it searches the UCI config first for a server with the\
+ given name and then for a server whose //server_name// contains the name.\
+ For //${EXAMPLE_COM}// it is the latter as a UCI key cannot have dots.++
+ - It checks if there is a certificate with key for '${EXAMPLE_COM}' that is\
+ valid for at least 13 months or tries to create a self-signed one.
+ - When cron is activated, it installs a cron job for renewing the self-signed\
+ certificate every year if needed, too. We can activate cron by: \
+ <code bash>service cron enable && service cron start</code>
+
+This can be undone by invoking:
+
+<code bash>$(basename "${NGINX_UTIL}") del_ssl ${EXAMPLE_COM}</code>
+
+For using an SSL certificate and key that are managed otherwise, there is:
+
+<code bash>$(basename "${NGINX_UTIL}") add_ssl ${EXAMPLE_COM} "\$MANAGER" \
+"/absolute/path/to/crt" "/absolute/path/to/key"</code>
+
+It only adds //ssl_*// directives and changes the //listen// directives in
+the appropriate configuration, but does not create or change the certificate
+or its key. This can be reverted by:
+
+<code bash>$(basename "${NGINX_UTIL}") del_ssl ${EXAMPLE_COM} "\$MANAGER"</code>
+
+For example [[https://github.com/ndilieto/uacme|uacme]] or
+[[https://github.com/Neilpang/acme.sh|acme.sh]] can be used for creating an SSL
+certificate signed by Let’s Encrypt and changing the config
+++accordingly.|
+They call ''$(basename "${NGINX_UTIL}") add_ssl \$FQDN acme \$CRT \$KEY''
+internally.++
+We can install them by:
+
+<code bash>
+opkg update && opkg install uacme #or: acme #and for LuCI: luci-app-acme
+</code>
+
+[[#openwrt_s_defaults|🡓OpenWrt’s Defaults]] include a UCI server for the LAN:
+''config server '${LAN_NAME}' ''.
+It has //ssl_*// directives prepared for a self-signed((Let’s Encrypt (and other
+CAs) cannot sign certificates of a **local** server.))
+SSL certificate, which is created on the first start of Nginx.
+The server listens on all addresses, is the //default_server// for HTTPS and
+allows connections from LAN only (by including the file ''restrict_locally''
+with //allow/deny// directives, cf. the official documentation on
+[[https://nginx.org/en/docs/http/ngx_http_access_module.html|limiting access]]).
+
+For making another domain name accessible to all addresses, the corresponding
+SSL server part should listen on port //443// and contain the FQDN as
+//server_name//, cf. the official documentation on
+[[https://nginx.org/en/docs/http/request_processing.html|request_processing]].
+
+Furthermore, there is also a UCI server named ''_redirect2ssl'', which listens
+on all addresses, acts as //default_server// for HTTP and redirects requests for
+inexistent URLs to HTTPS.
+
+
+
+==== OpenWrt’s Defaults ====${MSG}
+
+
+Since Nginx is compiled with these presets, we can pretend that the main
+configuration will always contain the following directives
+(though we can overwrite them):
+
+<code nginx>$(ifConfEcho --pid-path pid)\
+$(ifConfEcho --lock-path lock_file)\
+$(ifConfEcho --error-log-path error_log)\
+$(false && ifConfEcho --http-log-path access_log)\
+$(ifConfEcho --http-proxy-temp-path proxy_temp_path)\
+$(ifConfEcho --http-client-body-temp-path client_body_temp_path)\
+$(ifConfEcho --http-fastcgi-temp-path fastcgi_temp_path)\
+</code>
+
+When starting or reloading the Nginx service, the ''/etc/init.d/nginx'' script
+sets also the following directives
+(so we cannot change them in the used configuration file):
+
+<code nginx>
+daemon off; # procd expects services to run in the foreground
+</code>
+
+Then, the init sript creates the main configuration
+''$(basename "${UCI_CONF}")'' dynamically from the template:
+
+$(code "${UCI_CONF}.template")
+
+So, the access log is turned off by default and we can look at the error log
+by ''logread'', as init.d script forwards stderr and stdout to the
+[[docs:guide-user:base-system:log.essentials|🡒runtime log]].
+We can set the //error_log// and //access_log// to files, where the log
+messages are forwarded to instead (after the configuration is read).
+And for redirecting the access log of a //server// or //location// to the logd,
+too, we insert the following directive in the corresponding block:
+
+<code nginx> access_log /proc/self/fd/1 openwrt;</code>
+
+If we setup a server through UCI, we can use the options //error_log// and/or
+//access_log// also with the special path
+++'logd'.|
+When initializing the Nginx service, this special path is replaced by //stderr//
+respective ///proc/self/fd/1// (which are forwarded to the runtime log).
+++
+
+For creating the configuration from the template shown above, Nginx’s init
+script replaces the comment ''#UCI_HTTP_CONFIG'' by all UCI servers.
+For each server section in the the UCI configuration, it basically copies all
+options into a Nginx //server { … }// part, in detail:
+ * Options starting with ''uci_'' are skipped. Currently there is only\
+ the ''option ${MANAGE_SSL}=…'' in ++usage.| It is set to\
+ //'self-signed'// when invoking\
+ ''$(basename ${NGINX_UTIL}) ${ADD_SSL_FCT} \$NAME''.\
+ Then the corresponding certificate is re-newed if it is about to expire.\
+ All those certificates are checked on the initialization of the Nginx service\
+ and if Cron is available, it is deployed for checking them annually, too.++
+ * All other lists or options of the form ''key='value' '' are written\
+ one-to-one as ''key value;'' directives to the configuration file.\
+ Just the path //logd// has a special meaning for the logging directives\
+ (described in the previous paragraph).
+
+The init.d script of Nginx uses the //$(basename ${NGINX_UTIL})// for creating
+the configuration file
+++in RAM.|
+The main configuration ''${UCI_CONF}'' is a symbolic link to this place
+(it is a dead link if the Nginx service is not running).
+++
+
+We could use a custom configuration created at ''${NGINX_CONF}'' instead of the
+dynamic configuration, too.((
+For using a custom configuration at ''${NGINX_CONF}'', we execute
+<code bash>uci set nginx.global.uci_enable='false' </code>
+Then the rest of the UCI config is ignored and //init.d// will not create the
+main configuration dynamically from the template anymore.
+Invoking ''$(basename ${NGINX_UTIL}) [${ADD_SSL_FCT}|del_ssl] \$FQDN''
+will still try to change a server in ''$(basename "${CONF_DIR}")/\$FQDN.conf''
+(this is less reliable than for a UCI config as it uses regular expressions, not
+a complete parser for the Nginx configuration).))
+This is not encouraged since you cannot setup servers using UCI anymore.
+Rather, we can put custom configuration parts to ''.conf'' files in the
+''${CONF_DIR}'' directory.
+The main configuration pulls in all ''$(basename "${CONF_DIR}")/*.conf'' files
+into the //http {…}// block behind the created UCI servers.
+
+The initial UCI config is enabled and contains two server section:
+
+$(code "/etc/config/nginx" "nginx.config")
+
+While the LAN server is the //default_server// for HTTPS, the server
+redirecting requests for an inexistent ''server_name'' from HTTP to HTTPS acts
+as //default_server// if there is ++no other|;
+it uses an invalid name for that, more in the official documentation on
+[[https://nginx.org/en/docs/http/request_processing.html|request_processing]]
+++.
+
+The LAN server pulls in all ''.locations'' files from the directory
+''${CONF_DIR}''.
+We can install the location parts of different sites there (see
+[[#basic|🡑Basic Configuration]]) and re-include them into other servers.
+This is needed especially for making them available to the WAN
+([[#new_server_parts|🡑New Server Parts]]).
+The LAN server listens for all addresses on port //443// and restricts the
+access to local addresses by including:
+$(code "$(dirname "${CONF_DIR}")/restrict_locally")
+
+When starting or reloading the Nginx service, the init.d looks which UCI servers
+have set ''option ${MANAGE_SSL} 'self-signed' '', e.g. the LAN server.
+For all those servers it checks if there is a certificate that is still valid
+for 13 months or (re-)creates a self-signed one.
+If there is any such server, it installs also a cron job that checks the
+corresponding certificates once a year.
+The option ''${MANAGE_SSL}'' is set to //'self-signed'// respectively removed
+from a UCI server named ''${EXAMPLE_COM//./_}'' by the following
+(see [[#ssl_server_parts|🡑SSL Server Parts]], too):
+
+<code bash>
+$(basename ${NGINX_UTIL}) ${ADD_SSL_FCT} ${EXAMPLE_COM//./_} \
+# respectively: \
+$(basename ${NGINX_UTIL}) del_ssl ${EXAMPLE_COM//./_}
+</code>
+
+
+EOF
--- /dev/null
+
+config main global
+ option uci_enable 'true'
+
+config server '_lan'
+ list listen '443 ssl default_server'
+ list listen '[::]:443 ssl default_server'
+ option server_name '_lan'
+ list include 'restrict_locally'
+ list include 'conf.d/*.locations'
+ option uci_manage_ssl 'self-signed'
+ option ssl_certificate '/etc/nginx/conf.d/_lan.crt'
+ option ssl_certificate_key '/etc/nginx/conf.d/_lan.key'
+ option ssl_session_cache 'shared:SSL:32k'
+ option ssl_session_timeout '64m'
+ option access_log 'off; # logd openwrt'
+
+config server '_redirect2ssl'
+ list listen '80'
+ list listen '[::]:80'
+ option server_name '_redirect2ssl'
+ option return '302 https://$host$request_uri'
--- /dev/null
+ allow ::1;
+ allow fc00::/7;
+ allow fec0::/10;
+ allow fe80::/10;
+ allow 127.0.0.0/8;
+ allow 10.0.0.0/8;
+ allow 172.16.0.0/12;
+ allow 192.168.0.0/16;
+ allow 169.254.0.0/16;
+ deny all;
--- /dev/null
+# Consider using UCI or creating files in /etc/nginx/conf.d/ for configuration.
+# Parsing UCI configuration is skipped if uci set nginx.global.uci_enable=false
+# For details see: https://openwrt.org/docs/guide-user/services/webserver/nginx
+
+worker_processes auto;
+
+user root;
+
+events {}
+
+http {
+ access_log off;
+ log_format openwrt
+ '$request_method $scheme://$host$request_uri => $status'
+ ' (${body_bytes_sent}B in ${request_time}s) <- $http_referer';
+
+ include mime.types;
+ default_type application/octet-stream;
+ sendfile on;
+
+ client_max_body_size 128M;
+ large_client_header_buffers 2 1k;
+
+ gzip on;
+ gzip_vary on;
+ gzip_proxied any;
+
+ root /www;
+
+ #UCI_HTTP_CONFIG
+ include conf.d/*.conf;
+}
--- /dev/null
+---
+Language: Cpp
+AccessModifierOffset: -2
+AlignAfterOpenBracket: Align
+AlignConsecutiveMacros: false
+AlignConsecutiveAssignments: false
+AlignConsecutiveDeclarations: false
+AlignEscapedNewlines: Left
+AlignOperands: true
+AlignTrailingComments: true
+AllowAllArgumentsOnNextLine: true
+AllowAllConstructorInitializersOnNextLine: true
+AllowAllParametersOfDeclarationOnNextLine: false
+AllowShortBlocksOnASingleLine: Always
+AllowShortCaseLabelsOnASingleLine: true
+# AllowShortEnumsOnASingleLine: true
+AllowShortLambdasOnASingleLine: All
+AllowShortFunctionsOnASingleLine: Inline
+AllowShortIfStatementsOnASingleLine: Always
+AllowShortLoopsOnASingleLine: true
+AlwaysBreakAfterDefinitionReturnType: None
+AlwaysBreakAfterReturnType: None
+AlwaysBreakBeforeMultilineStrings: true
+AlwaysBreakTemplateDeclarations: Yes
+BinPackArguments: true
+BinPackParameters: false
+# BitFieldColonSpacing: After
+BreakBeforeBraces: Custom
+BraceWrapping:
+ AfterCaseLabel: false
+ AfterClass: false
+ AfterControlStatement: MultiLine
+ AfterEnum: false
+ AfterFunction: true
+ AfterNamespace: false
+ AfterObjCDeclaration: false
+ AfterStruct: false
+ AfterUnion: false
+ AfterExternBlock: false
+ BeforeCatch: true
+ BeforeElse: true
+ # BeforeLambdaBody: true
+ # BeforeWhile: false
+ IndentBraces: false
+ SplitEmptyFunction: false
+ SplitEmptyRecord: false
+ SplitEmptyNamespace: false
+BreakBeforeBinaryOperators: None
+BreakBeforeInheritanceComma: false
+BreakInheritanceList: BeforeColon
+BreakBeforeTernaryOperators: true
+BreakConstructorInitializersBeforeComma: false
+BreakConstructorInitializers: BeforeColon
+BreakAfterJavaFieldAnnotations: false
+BreakStringLiterals: true
+ColumnLimit: 100
+CommentPragmas: '^ IWYU pragma:'
+CompactNamespaces: false
+ConstructorInitializerAllOnOneLineOrOnePerLine: true
+ConstructorInitializerIndentWidth: 4
+ContinuationIndentWidth: 4
+Cpp11BracedListStyle: true
+DeriveLineEnding: true
+DerivePointerAlignment: false
+DisableFormat: false
+ExperimentalAutoDetectBinPacking: false
+FixNamespaceComments: true
+ForEachMacros:
+ - foreach
+ - Q_FOREACH
+ - BOOST_FOREACH
+IncludeBlocks: Preserve
+IncludeCategories:
+ - Regex: '^<ext/.*\.h>'
+ Priority: 2
+ SortPriority: 0
+ - Regex: '^<.*\.h>'
+ Priority: 1
+ SortPriority: 0
+ - Regex: '^<.*'
+ Priority: 2
+ SortPriority: 0
+ - Regex: '.*'
+ Priority: 3
+ SortPriority: 0
+IncludeIsMainRegex: '([-_](test|unittest))?$'
+IncludeIsMainSourceRegex: ''
+IndentCaseLabels: true
+IndentGotoLabels: true
+IndentPPDirectives: None
+IndentWidth: 4
+IndentWrappedFunctionNames: false
+JavaScriptQuotes: Leave
+JavaScriptWrapImports: true
+KeepEmptyLinesAtTheStartOfBlocks: false
+MacroBlockBegin: ''
+MacroBlockEnd: ''
+MaxEmptyLinesToKeep: 1
+NamespaceIndentation: None
+ObjCBinPackProtocolList: Never
+ObjCBlockIndentWidth: 2
+ObjCSpaceAfterProperty: false
+ObjCSpaceBeforeProtocolList: true
+PenaltyBreakAssignment: 2
+PenaltyBreakBeforeFirstCallParameter: 1
+PenaltyBreakComment: 300
+PenaltyBreakFirstLessLess: 120
+PenaltyBreakString: 1000
+PenaltyBreakTemplateDeclaration: 10
+PenaltyExcessCharacter: 1000000
+PenaltyReturnTypeOnItsOwnLine: 200
+PointerAlignment: Left
+RawStringFormats:
+ - Language: Cpp
+ Delimiters:
+ - cc
+ - CC
+ - cpp
+ - Cpp
+ - CPP
+ - 'c++'
+ - 'C++'
+ CanonicalDelimiter: ''
+ BasedOnStyle: google
+ - Language: TextProto
+ Delimiters:
+ - pb
+ - PB
+ - proto
+ - PROTO
+ EnclosingFunctions:
+ - EqualsProto
+ - EquivToProto
+ - PARSE_PARTIAL_TEXT_PROTO
+ - PARSE_TEST_PROTO
+ - PARSE_TEXT_PROTO
+ - ParseTextOrDie
+ - ParseTextProtoOrDie
+ CanonicalDelimiter: ''
+ BasedOnStyle: google
+ReflowComments: true
+SortIncludes: true
+SortUsingDeclarations: true
+SpaceAfterCStyleCast: false
+SpaceAfterLogicalNot: false
+SpaceAfterTemplateKeyword: true
+SpaceBeforeAssignmentOperators: true
+SpaceBeforeCpp11BracedList: false
+SpaceBeforeCtorInitializerColon: true
+SpaceBeforeInheritanceColon: true
+SpaceBeforeParens: ControlStatements
+SpaceBeforeRangeBasedForLoopColon: true
+SpaceInEmptyBlock: false
+SpaceInEmptyParentheses: false
+SpacesBeforeTrailingComments: 2
+SpacesInAngles: false
+SpacesInConditionalStatement: false
+SpacesInContainerLiterals: true
+SpacesInCStyleCastParentheses: false
+SpacesInParentheses: false
+SpacesInSquareBrackets: false
+SpaceBeforeSquareBrackets: false
+Standard: Auto
+StatementMacros:
+ - Q_UNUSED
+ - QT_REQUIRE_VERSION
+TabWidth: 4
+UseCRLF: false
+UseTab: Never
+...
+
--- /dev/null
+---
+Checks: 'clang-diagnostic-*,clang-analyzer-*,*,-fuchsia-*,-misc-definitions-in-headers,-llvm-header-guard,-*-qualified-auto,-llvm-include-order'
+WarningsAsErrors: ''
+HeaderFilterRegex: '.*'
+AnalyzeTemporaryDtors: false
+FormatStyle: file
+CheckOptions:
+ - key: abseil-string-find-startswith.AbseilStringsMatchHeader
+ value: 'absl/strings/match.h'
+ - key: abseil-string-find-startswith.IncludeStyle
+ value: llvm
+ - key: abseil-string-find-startswith.StringLikeClasses
+ value: '::std::basic_string'
+ - key: bugprone-argument-comment.CommentBoolLiterals
+ value: '0'
+ - key: bugprone-argument-comment.CommentCharacterLiterals
+ value: '0'
+ - key: bugprone-argument-comment.CommentFloatLiterals
+ value: '0'
+ - key: bugprone-argument-comment.CommentIntegerLiterals
+ value: '0'
+ - key: bugprone-argument-comment.CommentNullPtrs
+ value: '0'
+ - key: bugprone-argument-comment.CommentStringLiterals
+ value: '0'
+ - key: bugprone-argument-comment.CommentUserDefinedLiterals
+ value: '0'
+ - key: bugprone-argument-comment.IgnoreSingleArgument
+ value: '0'
+ - key: bugprone-argument-comment.StrictMode
+ value: '0'
+ - key: bugprone-assert-side-effect.AssertMacros
+ value: assert
+ - key: bugprone-assert-side-effect.CheckFunctionCalls
+ value: '0'
+ - key: bugprone-dangling-handle.HandleClasses
+ value: 'std::basic_string_view;std::experimental::basic_string_view'
+ - key: bugprone-dynamic-static-initializers.HeaderFileExtensions
+ value: ',h,hh,hpp,hxx'
+ - key: bugprone-exception-escape.FunctionsThatShouldNotThrow
+ value: ''
+ - key: bugprone-exception-escape.IgnoredExceptions
+ value: ''
+ - key: bugprone-misplaced-widening-cast.CheckImplicitCasts
+ value: '0'
+ - key: bugprone-not-null-terminated-result.WantToUseSafeFunctions
+ value: '1'
+ - key: bugprone-signed-char-misuse.CharTypdefsToIgnore
+ value: ''
+ - key: bugprone-sizeof-expression.WarnOnSizeOfCompareToConstant
+ value: '1'
+ - key: bugprone-sizeof-expression.WarnOnSizeOfConstant
+ value: '1'
+ - key: bugprone-sizeof-expression.WarnOnSizeOfIntegerExpression
+ value: '0'
+ - key: bugprone-sizeof-expression.WarnOnSizeOfThis
+ value: '1'
+ - key: bugprone-string-constructor.LargeLengthThreshold
+ value: '8388608'
+ - key: bugprone-string-constructor.WarnOnLargeLength
+ value: '1'
+ - key: bugprone-suspicious-enum-usage.StrictMode
+ value: '0'
+ - key: bugprone-suspicious-missing-comma.MaxConcatenatedTokens
+ value: '5'
+ - key: bugprone-suspicious-missing-comma.RatioThreshold
+ value: '0.200000'
+ - key: bugprone-suspicious-missing-comma.SizeThreshold
+ value: '5'
+ - key: bugprone-suspicious-string-compare.StringCompareLikeFunctions
+ value: ''
+ - key: bugprone-suspicious-string-compare.WarnOnImplicitComparison
+ value: '1'
+ - key: bugprone-suspicious-string-compare.WarnOnLogicalNotComparison
+ value: '0'
+ - key: bugprone-too-small-loop-variable.MagnitudeBitsUpperLimit
+ value: '16'
+ - key: bugprone-unhandled-self-assignment.WarnOnlyIfThisHasSuspiciousField
+ value: '1'
+ - key: bugprone-unused-return-value.CheckedFunctions
+ value: '::std::async;::std::launder;::std::remove;::std::remove_if;::std::unique;::std::unique_ptr::release;::std::basic_string::empty;::std::vector::empty'
+ - key: cert-dcl16-c.IgnoreMacros
+ value: '1'
+ - key: cert-dcl16-c.NewSuffixes
+ value: 'L;LL;LU;LLU'
+ - key: cert-dcl59-cpp.HeaderFileExtensions
+ value: ',h,hh,hpp,hxx'
+ - key: cert-err09-cpp.CheckThrowTemporaries
+ value: '1'
+ - key: cert-err61-cpp.CheckThrowTemporaries
+ value: '1'
+ - key: cert-msc32-c.DisallowedSeedTypes
+ value: 'time_t,std::time_t'
+ - key: cert-msc51-cpp.DisallowedSeedTypes
+ value: 'time_t,std::time_t'
+ - key: cert-oop11-cpp.IncludeStyle
+ value: llvm
+ - key: cert-oop54-cpp.WarnOnlyIfThisHasSuspiciousField
+ value: '0'
+ - key: cppcoreguidelines-avoid-magic-numbers.IgnoredFloatingPointValues
+ value: '1.0;100.0;'
+ - key: cppcoreguidelines-avoid-magic-numbers.IgnoredIntegerValues
+ value: '1;2;3;4;'
+ - key: cppcoreguidelines-explicit-virtual-functions.AllowOverrideAndFinal
+ value: '0'
+ - key: cppcoreguidelines-explicit-virtual-functions.FinalSpelling
+ value: final
+ - key: cppcoreguidelines-explicit-virtual-functions.IgnoreDestructors
+ value: '1'
+ - key: cppcoreguidelines-explicit-virtual-functions.OverrideSpelling
+ value: override
+ - key: cppcoreguidelines-macro-usage.AllowedRegexp
+ value: '^DEBUG_*'
+ - key: cppcoreguidelines-macro-usage.CheckCapsOnly
+ value: '0'
+ - key: cppcoreguidelines-macro-usage.IgnoreCommandLineMacros
+ value: '1'
+ - key: cppcoreguidelines-no-malloc.Allocations
+ value: '::malloc;::calloc'
+ - key: cppcoreguidelines-no-malloc.Deallocations
+ value: '::free'
+ - key: cppcoreguidelines-no-malloc.Reallocations
+ value: '::realloc'
+ - key: cppcoreguidelines-non-private-member-variables-in-classes.IgnoreClassesWithAllMemberVariablesBeingPublic
+ value: '1'
+ - key: cppcoreguidelines-owning-memory.LegacyResourceConsumers
+ value: '::free;::realloc;::freopen;::fclose'
+ - key: cppcoreguidelines-owning-memory.LegacyResourceProducers
+ value: '::malloc;::aligned_alloc;::realloc;::calloc;::fopen;::freopen;::tmpfile'
+ - key: cppcoreguidelines-pro-bounds-constant-array-index.GslHeader
+ value: ''
+ - key: cppcoreguidelines-pro-bounds-constant-array-index.IncludeStyle
+ value: '0'
+ - key: cppcoreguidelines-pro-type-member-init.IgnoreArrays
+ value: '0'
+ - key: cppcoreguidelines-pro-type-member-init.UseAssignment
+ value: '0'
+ - key: cppcoreguidelines-special-member-functions.AllowMissingMoveFunctions
+ value: '0'
+ - key: cppcoreguidelines-special-member-functions.AllowSoleDefaultDtor
+ value: '0'
+ - key: google-build-namespaces.HeaderFileExtensions
+ value: ',h,hh,hpp,hxx'
+ - key: google-global-names-in-headers.HeaderFileExtensions
+ value: ',h,hh,hpp,hxx'
+ - key: google-readability-braces-around-statements.ShortStatementLines
+ value: '1'
+ - key: google-readability-function-size.BranchThreshold
+ value: '4294967295'
+ - key: google-readability-function-size.LineThreshold
+ value: '4294967295'
+ - key: google-readability-function-size.NestingThreshold
+ value: '4294967295'
+ - key: google-readability-function-size.ParameterThreshold
+ value: '4294967295'
+ - key: google-readability-function-size.StatementThreshold
+ value: '800'
+ - key: google-readability-function-size.VariableThreshold
+ value: '4294967295'
+ - key: google-readability-namespace-comments.ShortNamespaceLines
+ value: '10'
+ - key: google-readability-namespace-comments.SpacesBeforeComments
+ value: '2'
+ - key: google-runtime-int.SignedTypePrefix
+ value: int
+ - key: google-runtime-int.TypeSuffix
+ value: ''
+ - key: google-runtime-int.UnsignedTypePrefix
+ value: uint
+ - key: google-runtime-references.WhiteListTypes
+ value: ''
+ - key: hicpp-braces-around-statements.ShortStatementLines
+ value: '0'
+ - key: hicpp-function-size.BranchThreshold
+ value: '4294967295'
+ - key: hicpp-function-size.LineThreshold
+ value: '4294967295'
+ - key: hicpp-function-size.NestingThreshold
+ value: '4294967295'
+ - key: hicpp-function-size.ParameterThreshold
+ value: '4294967295'
+ - key: hicpp-function-size.StatementThreshold
+ value: '800'
+ - key: hicpp-function-size.VariableThreshold
+ value: '4294967295'
+ - key: hicpp-member-init.IgnoreArrays
+ value: '0'
+ - key: hicpp-member-init.UseAssignment
+ value: '0'
+ - key: hicpp-move-const-arg.CheckTriviallyCopyableMove
+ value: '1'
+ - key: hicpp-multiway-paths-covered.WarnOnMissingElse
+ value: '0'
+ - key: hicpp-named-parameter.IgnoreFailedSplit
+ value: '0'
+ - key: hicpp-no-malloc.Allocations
+ value: '::malloc;::calloc'
+ - key: hicpp-no-malloc.Deallocations
+ value: '::free'
+ - key: hicpp-no-malloc.Reallocations
+ value: '::realloc'
+ - key: hicpp-signed-bitwise.IgnorePositiveIntegerLiterals
+ value: '0'
+ - key: hicpp-special-member-functions.AllowMissingMoveFunctions
+ value: '0'
+ - key: hicpp-special-member-functions.AllowSoleDefaultDtor
+ value: '0'
+ - key: hicpp-uppercase-literal-suffix.IgnoreMacros
+ value: '1'
+ - key: hicpp-uppercase-literal-suffix.NewSuffixes
+ value: ''
+ - key: hicpp-use-auto.MinTypeNameLength
+ value: '5'
+ - key: hicpp-use-auto.RemoveStars
+ value: '0'
+ - key: hicpp-use-emplace.ContainersWithPushBack
+ value: '::std::vector;::std::list;::std::deque'
+ - key: hicpp-use-emplace.SmartPointers
+ value: '::std::shared_ptr;::std::unique_ptr;::std::auto_ptr;::std::weak_ptr'
+ - key: hicpp-use-emplace.TupleMakeFunctions
+ value: '::std::make_pair;::std::make_tuple'
+ - key: hicpp-use-emplace.TupleTypes
+ value: '::std::pair;::std::tuple'
+ - key: hicpp-use-equals-default.IgnoreMacros
+ value: '1'
+ - key: hicpp-use-equals-delete.IgnoreMacros
+ value: '1'
+ - key: hicpp-use-noexcept.ReplacementString
+ value: ''
+ - key: hicpp-use-noexcept.UseNoexceptFalse
+ value: '1'
+ - key: hicpp-use-nullptr.NullMacros
+ value: ''
+ - key: hicpp-use-override.AllowOverrideAndFinal
+ value: '0'
+ - key: hicpp-use-override.FinalSpelling
+ value: final
+ - key: hicpp-use-override.IgnoreDestructors
+ value: '0'
+ - key: hicpp-use-override.OverrideSpelling
+ value: override
+ - key: llvm-namespace-comment.ShortNamespaceLines
+ value: '1'
+ - key: llvm-namespace-comment.SpacesBeforeComments
+ value: '1'
+ - key: misc-throw-by-value-catch-by-reference.CheckThrowTemporaries
+ value: '1'
+ - key: misc-unused-parameters.StrictMode
+ value: '0'
+ - key: modernize-loop-convert.MaxCopySize
+ value: '16'
+ - key: modernize-loop-convert.MinConfidence
+ value: reasonable
+ - key: modernize-loop-convert.NamingStyle
+ value: CamelCase
+ - key: modernize-make-shared.IgnoreMacros
+ value: '1'
+ - key: modernize-make-shared.IncludeStyle
+ value: '0'
+ - key: modernize-make-shared.MakeSmartPtrFunction
+ value: 'std::make_shared'
+ - key: modernize-make-shared.MakeSmartPtrFunctionHeader
+ value: memory
+ - key: modernize-make-unique.IgnoreMacros
+ value: '1'
+ - key: modernize-make-unique.IncludeStyle
+ value: '0'
+ - key: modernize-make-unique.MakeSmartPtrFunction
+ value: 'std::make_unique'
+ - key: modernize-make-unique.MakeSmartPtrFunctionHeader
+ value: memory
+ - key: modernize-pass-by-value.IncludeStyle
+ value: llvm
+ - key: modernize-pass-by-value.ValuesOnly
+ value: '0'
+ - key: modernize-raw-string-literal.ReplaceShorterLiterals
+ value: '0'
+ - key: modernize-replace-auto-ptr.IncludeStyle
+ value: llvm
+ - key: modernize-replace-random-shuffle.IncludeStyle
+ value: llvm
+ - key: modernize-use-auto.MinTypeNameLength
+ value: '5'
+ - key: modernize-use-auto.RemoveStars
+ value: '0'
+ - key: modernize-use-default-member-init.IgnoreMacros
+ value: '1'
+ - key: modernize-use-default-member-init.UseAssignment
+ value: '0'
+ - key: modernize-use-emplace.ContainersWithPushBack
+ value: '::std::vector;::std::list;::std::deque'
+ - key: modernize-use-emplace.SmartPointers
+ value: '::std::shared_ptr;::std::unique_ptr;::std::auto_ptr;::std::weak_ptr'
+ - key: modernize-use-emplace.TupleMakeFunctions
+ value: '::std::make_pair;::std::make_tuple'
+ - key: modernize-use-emplace.TupleTypes
+ value: '::std::pair;::std::tuple'
+ - key: modernize-use-equals-default.IgnoreMacros
+ value: '1'
+ - key: modernize-use-equals-delete.IgnoreMacros
+ value: '1'
+ - key: modernize-use-nodiscard.ReplacementString
+ value: '[[nodiscard]]'
+ - key: modernize-use-noexcept.ReplacementString
+ value: ''
+ - key: modernize-use-noexcept.UseNoexceptFalse
+ value: '1'
+ - key: modernize-use-nullptr.NullMacros
+ value: 'NULL'
+ - key: modernize-use-override.AllowOverrideAndFinal
+ value: '0'
+ - key: modernize-use-override.FinalSpelling
+ value: final
+ - key: modernize-use-override.IgnoreDestructors
+ value: '0'
+ - key: modernize-use-override.OverrideSpelling
+ value: override
+ - key: modernize-use-transparent-functors.SafeMode
+ value: '0'
+ - key: modernize-use-using.IgnoreMacros
+ value: '1'
+ - key: objc-forbidden-subclassing.ForbiddenSuperClassNames
+ value: 'ABNewPersonViewController;ABPeoplePickerNavigationController;ABPersonViewController;ABUnknownPersonViewController;NSHashTable;NSMapTable;NSPointerArray;NSPointerFunctions;NSTimer;UIActionSheet;UIAlertView;UIImagePickerController;UITextInputMode;UIWebView'
+ - key: openmp-exception-escape.IgnoredExceptions
+ value: ''
+ - key: performance-faster-string-find.StringLikeClasses
+ value: 'std::basic_string'
+ - key: performance-for-range-copy.AllowedTypes
+ value: ''
+ - key: performance-for-range-copy.WarnOnAllAutoCopies
+ value: '0'
+ - key: performance-inefficient-string-concatenation.StrictMode
+ value: '0'
+ - key: performance-inefficient-vector-operation.EnableProto
+ value: '0'
+ - key: performance-inefficient-vector-operation.VectorLikeClasses
+ value: '::std::vector'
+ - key: performance-move-const-arg.CheckTriviallyCopyableMove
+ value: '1'
+ - key: performance-move-constructor-init.IncludeStyle
+ value: llvm
+ - key: performance-no-automatic-move.AllowedTypes
+ value: ''
+ - key: performance-type-promotion-in-math-fn.IncludeStyle
+ value: llvm
+ - key: performance-unnecessary-copy-initialization.AllowedTypes
+ value: ''
+ - key: performance-unnecessary-value-param.AllowedTypes
+ value: ''
+ - key: performance-unnecessary-value-param.IncludeStyle
+ value: llvm
+ - key: portability-simd-intrinsics.Std
+ value: ''
+ - key: portability-simd-intrinsics.Suggest
+ value: '0'
+ - key: readability-braces-around-statements.ShortStatementLines
+ value: '0'
+ - key: readability-else-after-return.WarnOnUnfixable
+ value: '1'
+ - key: readability-function-size.BranchThreshold
+ value: '4294967295'
+ - key: readability-function-size.LineThreshold
+ value: '4294967295'
+ - key: readability-function-size.NestingThreshold
+ value: '4294967295'
+ - key: readability-function-size.ParameterThreshold
+ value: '4294967295'
+ - key: readability-function-size.StatementThreshold
+ value: '800'
+ - key: readability-function-size.VariableThreshold
+ value: '4294967295'
+ - key: readability-identifier-naming.IgnoreFailedSplit
+ value: '0'
+ - key: readability-implicit-bool-conversion.AllowIntegerConditions
+ value: '0'
+ - key: readability-implicit-bool-conversion.AllowPointerConditions
+ value: '0'
+ - key: readability-inconsistent-declaration-parameter-name.IgnoreMacros
+ value: '1'
+ - key: readability-inconsistent-declaration-parameter-name.Strict
+ value: '0'
+ - key: readability-magic-numbers.IgnoredFloatingPointValues
+ value: '1.0;100.0;'
+ - key: readability-magic-numbers.IgnoredIntegerValues
+ value: '1;2;3;4;'
+ - key: readability-redundant-member-init.IgnoreBaseInCopyConstructors
+ value: '0'
+ - key: readability-redundant-smartptr-get.IgnoreMacros
+ value: '1'
+ - key: readability-redundant-string-init.StringNames
+ value: '::std::basic_string'
+ - key: readability-simplify-boolean-expr.ChainedConditionalAssignment
+ value: '0'
+ - key: readability-simplify-boolean-expr.ChainedConditionalReturn
+ value: '0'
+ - key: readability-simplify-subscript-expr.Types
+ value: '::std::basic_string;::std::basic_string_view;::std::vector;::std::array'
+ - key: readability-static-accessed-through-instance.NameSpecifierNestingThreshold
+ value: '3'
+ - key: readability-uppercase-literal-suffix.IgnoreMacros
+ value: '1'
+ - key: readability-uppercase-literal-suffix.NewSuffixes
+ value: ''
+ - key: zircon-temporary-objects.Names
+ value: ''
+...
+
SET(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
+FIND_PATH(uci_include_dir uci.h)
+FIND_LIBRARY(uci NAMES uci)
+INCLUDE_DIRECTORIES(${uci_include_dir})
+
+FIND_PATH(ubox_include_dir libubox/blobmsg.h)
+FIND_LIBRARY(ubox NAMES ubox)
+INCLUDE_DIRECTORIES(${ubox_include_dir})
IF(UBUS)
FIND_LIBRARY(ubus NAMES ubus)
INCLUDE_DIRECTORIES(${ubus_include_dir})
-FIND_PATH(ubox_include_dir libubox/blobmsg.h)
-FIND_LIBRARY(ubox NAMES ubox)
-INCLUDE_DIRECTORIES(${ubox_include_dir})
-
ADD_EXECUTABLE(nginx-ssl-util nginx-util.cpp)
-TARGET_LINK_LIBRARIES(nginx-ssl-util ${ubox} ${ubus} pthread ssl crypto pcre)
+TARGET_LINK_LIBRARIES(nginx-ssl-util ${uci} ${ubox} ${ubus} pthread ssl crypto pcre)
INSTALL(TARGETS nginx-ssl-util RUNTIME DESTINATION bin)
ADD_EXECUTABLE(nginx-ssl-util-nopcre nginx-util.cpp)
TARGET_COMPILE_DEFINITIONS(nginx-ssl-util-nopcre PUBLIC -DNO_PCRE)
-TARGET_LINK_LIBRARIES(nginx-ssl-util-nopcre ${ubox} ${ubus} pthread ssl crypto)
+TARGET_LINK_LIBRARIES(nginx-ssl-util-nopcre ${uci} ${ubox} ${ubus} pthread ssl crypto)
INSTALL(TARGETS nginx-ssl-util-nopcre RUNTIME DESTINATION bin)
ELSE()
CONFIGURE_FILE(test-px5g.sh test-px5g.sh COPYONLY)
CONFIGURE_FILE(test-nginx-util.sh test-nginx-util.sh COPYONLY)
CONFIGURE_FILE(test-nginx-util-root.sh test-nginx-util-root.sh COPYONLY)
+CONFIGURE_FILE(../files/nginx.config config-nginx-ssl COPYONLY)
+CONFIGURE_FILE(../files/uci.conf.template uci.conf.template COPYONLY)
ADD_EXECUTABLE(px5g px5g.cpp)
TARGET_LINK_LIBRARIES(px5g ssl crypto)
ADD_EXECUTABLE(nginx-ssl-util-noubus nginx-util.cpp)
TARGET_COMPILE_DEFINITIONS(nginx-ssl-util-noubus PUBLIC -DNO_UBUS)
-TARGET_LINK_LIBRARIES(nginx-ssl-util-noubus pthread ssl crypto pcre)
+TARGET_LINK_LIBRARIES(nginx-ssl-util-noubus ${uci} ${ubox} pthread ssl crypto pcre)
INSTALL(TARGETS nginx-ssl-util-noubus RUNTIME DESTINATION bin)
ADD_EXECUTABLE(nginx-ssl-util-nopcre-noubus nginx-util.cpp)
TARGET_COMPILE_DEFINITIONS(nginx-ssl-util-nopcre-noubus PUBLIC -DNO_PCRE -DNO_UBUS)
-TARGET_LINK_LIBRARIES(nginx-ssl-util-nopcre-noubus pthread ssl crypto)
+TARGET_LINK_LIBRARIES(nginx-ssl-util-nopcre-noubus ${uci} ${ubox} pthread ssl crypto)
INSTALL(TARGETS nginx-ssl-util-nopcre-noubus RUNTIME DESTINATION bin)
ENDIF()
--- /dev/null
+/* Copyright 2020 Peter Stadler
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
#include "nginx-util.hpp"
#include "px5g-openssl.hpp"
-
#ifndef NO_UBUS
static constexpr auto UBUS_TIMEOUT = 1000;
#endif
// once a year:
static constexpr auto CRON_INTERVAL = std::string_view{"3 3 12 12 *"};
-static constexpr auto LAN_SSL_LISTEN =
- std::string_view{"/var/lib/nginx/lan_ssl.listen"};
+static constexpr auto LAN_SSL_LISTEN = std::string_view{"/var/lib/nginx/lan_ssl.listen"};
-static constexpr auto LAN_SSL_LISTEN_DEFAULT =
+static constexpr auto LAN_SSL_LISTEN_DEFAULT = // TODO(pst) deprecate
std::string_view{"/var/lib/nginx/lan_ssl.listen.default"};
static constexpr auto ADD_SSL_FCT = std::string_view{"add_ssl"};
-static constexpr auto SSL_SESSION_CACHE_ARG =
- [](const std::string_view & /*name*/) -> std::string
- { return "shared:SSL:32k"; };
+static constexpr auto SSL_SESSION_CACHE_ARG = [](const std::string_view & /*name*/) -> std::string {
+ return "shared:SSL:32k";
+};
static constexpr auto SSL_SESSION_TIMEOUT_ARG = std::string_view{"64m"};
-
-using _Line =
- std::array< std::string (*)(const std::string &, const std::string &), 2 >;
+using _Line = std::array<std::string (*)(const std::string&, const std::string&), 2>;
class Line {
-
-private:
-
+ private:
_Line _line;
-public:
+ public:
+ explicit Line(const _Line& line) noexcept : _line{line} {}
- explicit Line(const _Line & line) noexcept : _line{line} {}
-
- template<const _Line & ...xn>
+ template <const _Line&... xn>
static auto build() noexcept -> Line
{
- return Line{_Line{
- [](const std::string & p, const std::string & b) -> std::string
- { return (... + xn[0](p, b)); },
- [](const std::string & p, const std::string & b) -> std::string
- { return (... + xn[1](p, b)); }
- }};
+ return Line{_Line{[](const std::string& p, const std::string& b) -> std::string {
+ return (... + xn[0](p, b));
+ },
+ [](const std::string& p, const std::string& b) -> std::string {
+ return (... + xn[1](p, b));
+ }}};
}
-
- [[nodiscard]] auto STR(const std::string & param, const std::string & begin)
- const -> std::string
- { return _line[0](param, begin); }
-
+ [[nodiscard]] auto STR(const std::string& param, const std::string& begin) const -> std::string
+ {
+ return _line[0](param, begin);
+ }
[[nodiscard]] auto RGX() const -> rgx::regex
- { return rgx::regex{_line[1]("", "")}; }
-
+ {
+ return rgx::regex{_line[1]("", "")};
+ }
};
+auto get_if_missed(const std::string& conf,
+ const Line& LINE,
+ const std::string& val,
+ const std::string& indent = "\n ",
+ bool compare = true) -> std::string;
-auto get_if_missed(const std::string & conf, const Line & LINE,
- const std::string & val,
- const std::string & indent="\n ", bool compare=true)
- -> std::string;
+auto replace_if(const std::string& conf,
+ const rgx::regex& rgx,
+ const std::string& val,
+ const std::string& insert) -> std::string;
-
-auto delete_if(const std::string & conf, const rgx::regex & rgx,
- const std::string & val="", bool compare=false)
+auto replace_listen(const std::string& conf, const std::array<const char*, 2>& ngx_port)
-> std::string;
+auto check_ssl_certificate(const std::string& crtpath, const std::string& keypath) -> bool;
-void add_ssl_directives_to(const std::string & name, bool isdefault);
-
+auto contains(const std::string& sentence, const std::string& word) -> bool;
-void create_ssl_certificate(const std::string & crtpath,
- const std::string & keypath,
- int days=792);
+auto get_uci_section_for_name(const std::string& name) -> uci::section;
+void add_ssl_if_needed(const std::string& name);
-void use_cron_to_recreate_certificate(const std::string & name);
+void add_ssl_if_needed(const std::string& name,
+ std::string_view manage,
+ std::string_view crt,
+ std::string_view key);
+void install_cron_job(const Line& CRON_LINE, const std::string& name = "");
-void add_ssl_if_needed(const std::string & name);
+void remove_cron_job(const Line& CRON_LINE, const std::string& name = "");
+auto del_ssl_legacy(const std::string& name) -> bool;
-void del_ssl_directives_from(const std::string & name, bool isdefault);
+void del_ssl(const std::string& name);
+void del_ssl(const std::string& name, std::string_view manage);
-void del_ssl(const std::string & name);
+auto check_ssl(const uci::package& pkg, bool is_enabled) -> bool;
+inline void check_ssl(const uci::package& pkg)
+{
+ if (!check_ssl(pkg, is_enabled(pkg))) {
+#ifndef NO_UBUS
+ if (ubus::call("service", "list", UBUS_TIMEOUT).filter("nginx")) {
+ call("/etc/init.d/nginx", "reload");
+ std::cerr << "Reload Nginx.\n";
+ }
+#endif
+ }
+}
constexpr auto _begin = _Line{
- [](const std::string & /*param*/, const std::string & begin) -> std::string
- { return begin; },
+ [](const std::string& /*param*/, const std::string& begin) -> std::string { return begin; },
- [](const std::string & /*param*/, const std::string & /*begin*/)
- -> std::string
- { return R"([{;](?:\s*#[^\n]*(?=\n))*(\s*))"; }
-};
+ [](const std::string& /*param*/, const std::string & /*begin*/) -> std::string {
+ return R"([{;](?:\s*#[^\n]*(?=\n))*(\s*))";
+ }};
+constexpr auto _space = _Line{[](const std::string& /*param*/, const std::string &
+ /*begin*/) -> std::string { return std::string{" "}; },
-constexpr auto _space = _Line{
- [](const std::string & /*param*/, const std::string & /*begin*/)
- -> std::string
- { return std::string{" "}; },
-
- [](const std::string & /*param*/, const std::string & /*begin*/)
- -> std::string
- { return R"(\s+)"; }
-};
-
+ [](const std::string& /*param*/, const std::string &
+ /*begin*/) -> std::string { return R"(\s+)"; }};
constexpr auto _newline = _Line{
- [](const std::string & /*param*/, const std::string & /*begin*/)
- -> std::string
- { return std::string{"\n"}; },
+ [](const std::string& /*param*/, const std::string & /*begin*/) -> std::string {
+ return std::string{"\n"};
+ },
- [](const std::string & /*param*/, const std::string & /*begin*/)
- -> std::string
- { return std::string{"\n"}; }
+ [](const std::string& /*param*/, const std::string & /*begin*/) -> std::string {
+ return std::string{"(\n)"};
+ } // capture it as _end captures it, too.
};
+constexpr auto _end =
+ _Line{[](const std::string& /*param*/, const std::string & /*begin*/) -> std::string {
+ return std::string{";"};
+ },
-constexpr auto _end = _Line{
- [](const std::string & /*param*/, const std::string & /*begin*/)
- -> std::string
- { return std::string{";"}; },
+ [](const std::string& /*param*/, const std::string & /*begin*/) -> std::string {
+ return std::string{R"(\s*(;(?:[\t ]*#[^\n]*)?))"};
+ }};
- [](const std::string & /*param*/, const std::string & /*begin*/)
- -> std::string
- { return std::string{R"(\s*;(?:[\t ]*#[^\n]*)?)"}; }
-};
-
-
-template<char clim='\0'>
+template <char clim = '\0'>
static constexpr auto _capture = _Line{
- [](const std::string & param, const std::string & /*begin*/) -> std::string
- { return '\'' + param + '\''; },
-
- [](const std::string & /*param*/, const std::string & /*begin*/)
- -> std::string
- {
- const auto lim = clim=='\0' ? std::string{"\\s"} : std::string{clim};
- return std::string{R"(((?:(?:"[^"]*")|(?:[^'")"} +
- lim + "][^" + lim + "]*)|(?:'[^']*'))+)";
- }
-};
+ [](const std::string& param, const std::string & /*begin*/) -> std::string {
+ return '\'' + param + '\'';
+ },
+ [](const std::string& /*param*/, const std::string & /*begin*/) -> std::string {
+ const auto lim = clim == '\0' ? std::string{"\\s"} : std::string{clim};
+ return std::string{R"(((?:(?:"[^"]*")|(?:[^'")"} + lim + "][^" + lim + "]*)|(?:'[^']*'))+)";
+ }};
-template<const std::string_view & strptr, char clim='\0'>
-constexpr auto _escape = _Line{
- [](const std::string & /*param*/, const std::string & /*begin*/)
- -> std::string
- {
- return clim=='\0' ?
- std::string{strptr.data()} :
- clim + std::string{strptr.data()} + clim;
+template <const std::string_view& strptr, char clim = '\0'>
+static constexpr auto _escape = _Line{
+ [](const std::string& /*param*/, const std::string & /*begin*/) -> std::string {
+ return clim == '\0' ? std::string{strptr.data()} : clim + std::string{strptr.data()} + clim;
},
- [](const std::string & /*param*/, const std::string & /*begin*/)
- -> std::string
- {
+ [](const std::string& /*param*/, const std::string & /*begin*/) -> std::string {
std::string ret{};
for (char c : strptr) {
- switch(c) {
- case '^': ret += '\\'; [[fallthrough]];
- case '_': [[fallthrough]];
- case '-': ret += c;
- break;
- default:
- if ((isalpha(c)!=0) || (isdigit(c)!=0)) { ret += c; }
- else { ret += std::string{"["}+c+"]"; }
- }
+ switch (c) {
+ case '^': ret += '\\'; [[fallthrough]];
+ case '_': [[fallthrough]];
+ case '-': ret += c; break;
+ default:
+ if ((isalpha(c) != 0) || (isdigit(c) != 0)) {
+ ret += c;
+ }
+ else {
+ ret += std::string{"["} + c + "]";
+ }
+ }
}
- return "(?:"+ret+"|'"+ret+"'"+"|\""+ret+"\""+")";
- }
-};
+ return "(?:" + ret + "|'" + ret + "'" + "|\"" + ret + "\"" + ")";
+ }};
+constexpr std::string_view _check_ssl = "check_ssl";
constexpr std::string_view _server_name = "server_name";
+constexpr std::string_view _listen = "listen";
+
constexpr std::string_view _include = "include";
constexpr std::string_view _ssl_certificate = "ssl_certificate";
constexpr std::string_view _ssl_session_timeout = "ssl_session_timeout";
-
// For a compile time regex lib, this must be fixed, use one of these options:
// * Hand craft or macro concat them (loosing more or less flexibility).
// * Use Macro concatenation of __VA_ARGS__ with the help of:
// https://p99.gforge.inria.fr/p99-html/group__preprocessor__for.html
// * Use constexpr---not available for strings or char * for now---look at lib.
-static const auto CRON_CMD = Line::build
- <_space, _escape<NGINX_UTIL>, _space, _escape<ADD_SSL_FCT,'\''>, _space,
- _capture<>, _newline>();
+static const auto CRON_CHECK =
+ Line::build<_space, _escape<NGINX_UTIL>, _space, _escape<_check_ssl, '\''>, _newline>();
+
+static const auto CRON_CMD = Line::build<_space,
+ _escape<NGINX_UTIL>,
+ _space,
+ _escape<ADD_SSL_FCT, '\''>,
+ _space,
+ _capture<>,
+ _newline>();
static const auto NGX_SERVER_NAME =
Line::build<_begin, _escape<_server_name>, _space, _capture<';'>, _end>();
-static const auto NGX_INCLUDE_LAN_LISTEN = Line::build
- <_begin, _escape<_include>, _space, _escape<LAN_LISTEN,'\''>, _end>();
+static const auto NGX_INCLUDE_LAN_LISTEN =
+ Line::build<_begin, _escape<_include>, _space, _escape<LAN_LISTEN, '\''>, _end>();
-static const auto NGX_INCLUDE_LAN_LISTEN_DEFAULT = Line::build
- <_begin, _escape<_include>, _space,
- _escape<LAN_LISTEN_DEFAULT, '\''>, _end>();
+static const auto NGX_INCLUDE_LAN_LISTEN_DEFAULT =
+ Line::build<_begin, _escape<_include>, _space, _escape<LAN_LISTEN_DEFAULT, '\''>, _end>();
-static const auto NGX_INCLUDE_LAN_SSL_LISTEN = Line::build
- <_begin, _escape<_include>, _space, _escape<LAN_SSL_LISTEN, '\''>, _end>();
+static const auto NGX_INCLUDE_LAN_SSL_LISTEN =
+ Line::build<_begin, _escape<_include>, _space, _escape<LAN_SSL_LISTEN, '\''>, _end>();
-static const auto NGX_INCLUDE_LAN_SSL_LISTEN_DEFAULT = Line::build
- <_begin, _escape<_include>, _space,
- _escape<LAN_SSL_LISTEN_DEFAULT, '\''>, _end>();
+static const auto NGX_INCLUDE_LAN_SSL_LISTEN_DEFAULT =
+ Line::build<_begin, _escape<_include>, _space, _escape<LAN_SSL_LISTEN_DEFAULT, '\''>, _end>();
-static const auto NGX_SSL_CRT = Line::build
- <_begin, _escape<_ssl_certificate>, _space, _capture<';'>, _end>();
+static const auto NGX_SSL_CRT =
+ Line::build<_begin, _escape<_ssl_certificate>, _space, _capture<';'>, _end>();
-static const auto NGX_SSL_KEY = Line::build
- <_begin, _escape<_ssl_certificate_key>, _space, _capture<';'>, _end>();
+static const auto NGX_SSL_KEY =
+ Line::build<_begin, _escape<_ssl_certificate_key>, _space, _capture<';'>, _end>();
-static const auto NGX_SSL_SESSION_CACHE = Line::build
- <_begin, _escape<_ssl_session_cache>, _space, _capture<';'>, _end>();
+static const auto NGX_SSL_SESSION_CACHE =
+ Line::build<_begin, _escape<_ssl_session_cache>, _space, _capture<';'>, _end>();
-static const auto NGX_SSL_SESSION_TIMEOUT = Line::build
- <_begin, _escape<_ssl_session_timeout>, _space, _capture<';'>, _end>();
+static const auto NGX_SSL_SESSION_TIMEOUT =
+ Line::build<_begin, _escape<_ssl_session_timeout>, _space, _capture<';'>, _end>();
+static const auto NGX_LISTEN = Line::build<_begin, _escape<_listen>, _space, _capture<';'>, _end>();
-auto get_if_missed(const std::string & conf, const Line & LINE,
- const std::string & val,
- const std::string & indent, bool compare)
- -> std::string
+static const auto NGX_PORT_80 = std::array<const char*, 2>{
+ R"(^\s*([^:]*:|\[[^\]]*\]:)?80(\s|$|;))",
+ "$01443 ssl$2",
+};
+
+static const auto NGX_PORT_443 = std::array<const char*, 2>{
+ R"(^\s*([^:]*:|\[[^\]]*\]:)?443(\s.*)?\sssl(\s|$|;))",
+ "$0180$2$3",
+};
+
+// ------------------------- implementation: ----------------------------------
+
+auto get_if_missed(const std::string& conf,
+ const Line& LINE,
+ const std::string& val,
+ const std::string& indent,
+ bool compare) -> std::string
{
if (!compare || val.empty()) {
return rgx::regex_search(conf, LINE.RGX()) ? "" : LINE.STR(val, indent);
}
- rgx::smatch match; // assuming last capture has the value!
+ rgx::smatch match; // assuming last capture has the value!
- for (auto pos = conf.begin();
- rgx::regex_search(pos, conf.end(), match, LINE.RGX());
+ for (auto pos = conf.begin(); rgx::regex_search(pos, conf.end(), match, LINE.RGX());
pos += match.position(0) + match.length(0))
{
- const std::string value = match.str(match.size() - 1);
+ const std::string value = match.str(match.size() - 2);
- if (value==val || value=="'"+val+"'" || value=='"'+val+'"') {
+ if (value == val || value == "'" + val + "'" || value == '"' + val + '"') {
return "";
}
}
return LINE.STR(val, indent);
}
+auto replace_if(const std::string& conf,
+ const rgx::regex& rgx,
+ const std::string& val,
+ const std::string& insert) -> std::string
+{
+ std::string ret{};
+ auto pos = conf.begin();
-auto delete_if(const std::string & conf, const rgx::regex & rgx,
- const std::string & val, const bool compare)
+ auto skip = 0;
+ for (rgx::smatch match; rgx::regex_search(pos, conf.end(), match, rgx);
+ pos += match.position(match.size() - 1))
+ {
+ auto i = match.size() - 2;
+ const std::string value = match.str(i);
+
+ bool compare = !val.empty();
+ if (compare && value != val && value != "'" + val + "'" && value != '"' + val + '"') {
+ ret.append(pos + skip, pos + match.position(i) + match.length(i));
+ skip = 0;
+ }
+ else {
+ ret.append(pos + skip, pos + match.position(match.size() > 2 ? 1 : 0));
+ ret += insert;
+ skip = 1;
+ }
+ }
+
+ ret.append(pos + skip, conf.end());
+ return ret;
+}
+
+auto replace_listen(const std::string& conf, const std::array<const char*, 2>& ngx_port)
-> std::string
{
std::string ret{};
auto pos = conf.begin();
- for (rgx::smatch match;
- rgx::regex_search(pos, conf.end(), match, rgx);
- pos += match.position(0) + match.length(0))
+ for (rgx::smatch match; rgx::regex_search(pos, conf.end(), match, NGX_LISTEN.RGX());
+ pos += match.position(match.size() - 1))
{
- const std::string value = match.str(match.size() - 1);
- auto len = match.position(1);
- if (compare && value!=val && value!="'"+val+"'" && value!='"'+val+'"') {
- len = match.position(0) + match.length(0);
- }
- ret.append(pos, pos + len);
+ auto i = match.size() - 2;
+ ret.append(pos, pos + match.position(i));
+ ret += rgx::regex_replace(match.str(i), rgx::regex{ngx_port[0]}, ngx_port[1]);
}
ret.append(pos, conf.end());
return ret;
}
-
-void add_ssl_directives_to(const std::string & name, const bool isdefault)
+inline void add_ssl_directives_to(const std::string& name)
{
const std::string prefix = std::string{CONF_DIR} + name;
- std::string conf = read_file(prefix+".conf");
+ const std::string const_conf = read_file(prefix + ".conf");
- const std::string & const_conf = conf; // iteration needs const string.
- rgx::smatch match; // captures str(1)=indentation spaces, str(2)=server name
+ rgx::smatch match; // captures str(1)=indentation spaces, str(2)=server name
for (auto pos = const_conf.begin();
- rgx::regex_search(pos, const_conf.end(), match, NGX_SERVER_NAME.RGX());
- pos += match.position(0) + match.length(0))
+ rgx::regex_search(pos, const_conf.end(), match, NGX_SERVER_NAME.RGX());
+ pos += match.position(0) + match.length(0))
{
- if (match.str(2).find(name) == std::string::npos) { continue; }
+ if (!contains(match.str(2), name)) {
+ continue;
+ } // else:
const std::string indent = match.str(1);
- std::string adds = isdefault ?
- get_if_missed(conf, NGX_INCLUDE_LAN_SSL_LISTEN_DEFAULT,"",indent) :
- get_if_missed(conf, NGX_INCLUDE_LAN_SSL_LISTEN, "", indent);
+ auto adds = std::string{};
- adds += get_if_missed(conf, NGX_SSL_CRT, prefix+".crt", indent);
+ adds += get_if_missed(const_conf, NGX_SSL_CRT, prefix + ".crt", indent);
- adds += get_if_missed(conf, NGX_SSL_KEY, prefix+".key", indent);
+ adds += get_if_missed(const_conf, NGX_SSL_KEY, prefix + ".key", indent);
- adds += get_if_missed(conf, NGX_SSL_SESSION_CACHE,
- SSL_SESSION_CACHE_ARG(name), indent, false);
+ adds += get_if_missed(const_conf, NGX_SSL_SESSION_CACHE, SSL_SESSION_CACHE_ARG(name),
+ indent, false);
- adds += get_if_missed(conf, NGX_SSL_SESSION_TIMEOUT,
- std::string{SSL_SESSION_TIMEOUT_ARG}, indent, false);
+ adds += get_if_missed(const_conf, NGX_SSL_SESSION_TIMEOUT,
+ std::string{SSL_SESSION_TIMEOUT_ARG}, indent, false);
- if (adds.length() > 0) {
- pos += match.position(0) + match.length(0);
+ pos += match.position(0) + match.length(0);
+ std::string conf =
+ std::string(const_conf.begin(), pos) + adds + std::string(pos, const_conf.end());
- conf = std::string(const_conf.begin(), pos) + adds +
- std::string(pos, const_conf.end());
+ conf = replace_if(conf, NGX_INCLUDE_LAN_LISTEN_DEFAULT.RGX(), "",
+ NGX_INCLUDE_LAN_SSL_LISTEN_DEFAULT.STR("", indent));
- conf = isdefault ?
- delete_if(conf, NGX_INCLUDE_LAN_LISTEN_DEFAULT.RGX()) :
- delete_if(conf, NGX_INCLUDE_LAN_LISTEN.RGX());
+ conf = replace_if(conf, NGX_INCLUDE_LAN_LISTEN.RGX(), "",
+ NGX_INCLUDE_LAN_SSL_LISTEN.STR("", indent));
- write_file(prefix+".conf", conf);
+ conf = replace_listen(conf, NGX_PORT_80);
- std::cerr<<"Added SSL directives to "<<prefix<<".conf: ";
- std::cerr<<adds<<std::endl;
+ if (conf != const_conf) {
+ write_file(prefix + ".conf", conf);
+ std::cerr << "Added SSL directives to " << prefix << ".conf\n";
}
return;
throw std::runtime_error(errmsg);
}
-
-template<typename T>
-inline auto num2hex(T bytes) -> std::array<char, 2*sizeof(bytes)+1>
+template <typename T>
+inline auto num2hex(T bytes) -> std::array<char, 2 * sizeof(bytes) + 1>
{
- constexpr auto n = 2*sizeof(bytes);
- std::array<char, n+1> str{};
+ constexpr auto n = 2 * sizeof(bytes);
+ std::array<char, n + 1> str{};
- for (size_t i=0; i<n; ++i) {
+ for (size_t i = 0; i < n; ++i) {
static const std::array<char, 17> hex{"0123456789ABCDEF"};
static constexpr auto get = 0x0fU;
str.at(i) = hex.at(bytes & get);
return str;
}
-
-template<typename T>
-inline auto get_nonce(const T salt=0) -> T
+template <typename T>
+inline auto get_nonce(const T salt = 0) -> T
{
T nonce = 0;
static constexpr auto move = 6U;
- constexpr size_t steps = (sizeof(nonce)*8 - 1)/move + 1;
+ constexpr size_t steps = (sizeof(nonce) * 8 - 1) / move + 1;
- for (size_t i=0; i<steps; ++i) {
- if (!urandom.good()) { throw std::runtime_error("get_nonce error"); }
+ for (size_t i = 0; i < steps; ++i) {
+ if (!urandom.good()) {
+ throw std::runtime_error("get_nonce error");
+ }
nonce = (nonce << move) + static_cast<unsigned>(urandom.get());
}
return nonce;
}
-
-void create_ssl_certificate(const std::string & crtpath,
- const std::string & keypath,
- const int days)
+inline void create_ssl_certificate(const std::string& crtpath,
+ const std::string& keypath,
+ const int days = 792)
{
size_t nonce = 0;
- try { nonce = get_nonce(nonce); }
+ try {
+ nonce = get_nonce(nonce);
+ }
- catch (...) { // the address of a variable should be random enough:
- auto addr = &crtpath;
- auto addrptr = static_cast<const size_t *>(
- static_cast<const void *>(&addr) );
- nonce += *addrptr;
+ catch (...) { // the address of a variable should be random enough:
+ // NOLINTNEXTLINE(cppcoreguidelines-pro-type-reinterpret-cast) sic:
+ nonce += reinterpret_cast<size_t>(&crtpath);
}
auto noncestr = num2hex(nonce);
write_key(pkey, tmpkeypath);
- std::string subject {"/C=ZZ/ST=Somewhere/L=None/CN=OpenWrt/O=OpenWrt"};
+ std::string subject{"/C=ZZ/ST=Somewhere/L=None/CN=OpenWrt/O=OpenWrt"};
subject += noncestr.data();
selfsigned(pkey, days, subject, tmpcrtpath);
- static constexpr auto to_seconds = 24*60*60;
+ static constexpr auto to_seconds = 24 * 60 * 60;
static constexpr auto leeway = 42;
- if (!checkend(tmpcrtpath, days*to_seconds - leeway)) {
+ if (!checkend(tmpcrtpath, days * to_seconds - leeway)) {
throw std::runtime_error("bug: created certificate is not valid!!");
}
+ }
+ catch (...) {
+ std::cerr << "create_ssl_certificate error: ";
+ std::cerr << "cannot create selfsigned certificate, ";
+ std::cerr << "removing temporary files ..." << std::endl;
- } catch (...) {
- std::cerr<<"create_ssl_certificate error: ";
- std::cerr<<"cannot create selfsigned certificate, ";
- std::cerr<<"removing temporary files ..."<<std::endl;
-
- if (remove(tmpcrtpath.c_str())!=0) {
- auto errmsg = "\t cannot remove "+tmpcrtpath;
+ if (remove(tmpcrtpath.c_str()) != 0) {
+ auto errmsg = "\t cannot remove " + tmpcrtpath;
perror(errmsg.c_str());
}
- if (remove(tmpkeypath.c_str())!=0) {
- auto errmsg = "\t cannot remove "+tmpkeypath;
+ if (remove(tmpkeypath.c_str()) != 0) {
+ auto errmsg = "\t cannot remove " + tmpkeypath;
perror(errmsg.c_str());
}
throw;
}
- if ( rename(tmpcrtpath.c_str(), crtpath.c_str())!=0 ||
- rename(tmpkeypath.c_str(), keypath.c_str())!=0 )
+ if (rename(tmpcrtpath.c_str(), crtpath.c_str()) != 0 ||
+ rename(tmpkeypath.c_str(), keypath.c_str()) != 0)
{
auto errmsg = std::string{"create_ssl_certificate warning: "};
- errmsg += "cannot move "+tmpcrtpath+" to "+crtpath;
- errmsg += " or "+tmpkeypath+" to "+keypath+", continuing ... ";
+ errmsg += "cannot move " + tmpcrtpath + " to " + crtpath;
+ errmsg += " or " + tmpkeypath + " to " + keypath + ", continuing ... ";
perror(errmsg.c_str());
}
+ std::cerr << "Created self-signed SSL certificate '" << crtpath;
+ std::cerr << "' with key '" << keypath << "'.\n";
+}
+
+auto check_ssl_certificate(const std::string& crtpath, const std::string& keypath) -> bool
+{
+ { // paths are relative to dir:
+ auto dir = std::string_view{"/etc/nginx"};
+ auto crt_rel = crtpath[0] != '/';
+ auto key_rel = keypath[0] != '/';
+ if ((crt_rel || key_rel) && (chdir(dir.data()) != 0)) {
+ auto errmsg = std::string{"check_ssl_certificate error: entering "};
+ errmsg += dir;
+ perror(errmsg.c_str());
+ errmsg += " (need to change directory since the given ";
+ errmsg += crt_rel ? "ssl_certificate '" + crtpath : std::string{};
+ errmsg += crt_rel && key_rel ? "' and " : "";
+ errmsg += key_rel ? "ssl_certificate_key '" + keypath : std::string{};
+ errmsg += crt_rel && key_rel ? "' are" : "' is a";
+ errmsg += " relative path";
+ errmsg += crt_rel && key_rel ? "s)" : ")";
+ throw std::runtime_error(errmsg);
+ }
+ }
+
+ constexpr auto remaining_seconds = (365 + 32) * 24 * 60 * 60;
+ constexpr auto validity_days = 3 * (365 + 31);
+
+ bool is_valid = true;
+
+ if (access(keypath.c_str(), R_OK) != 0 || access(crtpath.c_str(), R_OK) != 0) {
+ is_valid = false;
+ }
+
+ else {
+ try {
+ if (!checkend(crtpath, remaining_seconds)) {
+ is_valid = false;
+ }
+ }
+ catch (...) { // something went wrong, maybe it is in DER format:
+ try {
+ if (!checkend(crtpath, remaining_seconds, false)) {
+ is_valid = false;
+ }
+ }
+ catch (...) { // it has neither DER nor PEM format, rebuild.
+ is_valid = false;
+ }
+ }
+ }
+
+ if (!is_valid) {
+ create_ssl_certificate(crtpath, keypath, validity_days);
+ }
+
+ return is_valid;
}
+auto contains(const std::string& sentence, const std::string& word) -> bool
+{
+ auto pos = sentence.find(word);
+ if (pos == std::string::npos) {
+ return false;
+ }
+ if (pos != 0 && (isgraph(sentence[pos - 1]) != 0)) {
+ return false;
+ }
+ if (isgraph(sentence[pos + word.size()]) != 0) {
+ return false;
+ }
+ // else:
+ return true;
+}
-void use_cron_to_recreate_certificate(const std::string & name)
+auto get_uci_section_for_name(const std::string& name) -> uci::section
{
- static const char * filename = "/etc/crontabs/root";
+ auto pkg = uci::package{"nginx"}; // let it throw.
+
+ auto uci_enabled = is_enabled(pkg);
+
+ if (uci_enabled) {
+ for (auto sec : pkg) {
+ if (sec.name() == name) {
+ return sec;
+ }
+ }
+ // try interpreting 'name' as FQDN:
+ for (auto sec : pkg) {
+ for (auto opt : sec) {
+ if (opt.name() == "server_name") {
+ for (auto itm : opt) {
+ if (contains(itm.name(), name)) {
+ return sec;
+ }
+ }
+ }
+ }
+ }
+ }
+
+ auto errmsg = std::string{"lookup error: neither there is a file named '"};
+ errmsg += std::string{CONF_DIR} + name + ".conf' nor the UCI config has ";
+ if (uci_enabled) {
+ errmsg += "a nginx server with section name or 'server_name': " + name;
+ }
+ else {
+ errmsg += "been enabled by:\n\tuci set nginx.global.uci_enable=true";
+ }
+ throw std::runtime_error(errmsg);
+}
+
+inline auto add_ssl_to_config(const std::string& name,
+ const std::string_view manage = "self-signed",
+ const std::string_view crt = "",
+ const std::string_view key = "")
+{
+ auto sec = get_uci_section_for_name(name); // let it throw.
+ auto secname = sec.name();
+
+ struct {
+ std::string crt;
+ std::string key;
+ } ret;
+
+ std::cerr << "Adding SSL directives to UCI server: nginx." << secname << "\n";
+
+ std::cerr << "\t" << MANAGE_SSL << "='" << manage << "'\n";
+ sec.set(MANAGE_SSL.data(), manage.data());
+
+ if (!crt.empty() && !key.empty()) {
+ sec.set("ssl_certificate", crt.data());
+ std::cerr << "\tssl_certificate='" << crt << "'\n";
+ sec.set("ssl_certificate_key", key.data());
+ std::cerr << "\tssl_certificate_key='" << key << "'\n";
+ }
+
+ auto cache = false;
+ auto timeout = false;
+ for (auto opt : sec) {
+ if (opt.name() == "ssl_session_cache") {
+ cache = true;
+ continue;
+ } // else:
+
+ if (opt.name() == "ssl_session_timeout") {
+ timeout = true;
+ continue;
+ }
+
+ // else:
+ for (auto itm : opt) {
+ if (opt.name() == "ssl_certificate_key") {
+ ret.key = itm.name();
+ }
+
+ else if (opt.name() == "ssl_certificate") {
+ ret.crt = itm.name();
+ }
+
+ else if (opt.name() == "listen") {
+ auto val = regex_replace(itm.name(), rgx::regex{NGX_PORT_80[0]}, NGX_PORT_80[1]);
+ if (val != itm.name()) {
+ std::cerr << "\t" << opt.name() << "='" << val << "' (replacing)\n";
+ itm.rename(val.c_str());
+ }
+ }
+ }
+ }
+
+ if (ret.crt.empty()) {
+ ret.crt = std::string{CONF_DIR} + name + ".crt";
+ std::cerr << "\tssl_certificate='" << ret.crt << "'\n";
+ sec.set("ssl_certificate", ret.crt.c_str());
+ }
+
+ if (ret.key.empty()) {
+ ret.key = std::string{CONF_DIR} + name + ".key";
+ std::cerr << "\tssl_certificate_key='" << ret.key << "'\n";
+ sec.set("ssl_certificate_key", ret.key.c_str());
+ }
+
+ if (!cache) {
+ std::cerr << "\tssl_session_cache='" << SSL_SESSION_CACHE_ARG(name) << "'\n";
+ sec.set("ssl_session_cache", SSL_SESSION_CACHE_ARG(name).data());
+ }
+
+ if (!timeout) {
+ std::cerr << "\tssl_session_timeout='" << SSL_SESSION_TIMEOUT_ARG << "'\n";
+ sec.set("ssl_session_timeout", SSL_SESSION_TIMEOUT_ARG.data());
+ }
+
+ sec.commit();
+
+ return ret;
+}
+
+void install_cron_job(const Line& CRON_LINE, const std::string& name)
+{
+ static const char* filename = "/etc/crontabs/root";
std::string conf{};
- try { conf = read_file(filename); }
- catch (const std::ifstream::failure &) { /* is ok if not found, create. */ }
+ try {
+ conf = read_file(filename);
+ }
+ catch (const std::ifstream::failure&) { /* is ok if not found, create. */
+ }
- const std::string add = get_if_missed(conf, CRON_CMD, name);
+ const std::string add = get_if_missed(conf, CRON_LINE, name);
if (add.length() > 0) {
#ifndef NO_UBUS
- auto service = ubus::call("service","list",UBUS_TIMEOUT).filter("cron");
-
- if (!service) {
- std::string errmsg{"use_cron_to_recreate_certificate error: "};
- errmsg += "Cron unavailable to re-create the ssl certificate for ";
- errmsg += name + "\n";
+ if (!ubus::call("service", "list", UBUS_TIMEOUT).filter("cron")) {
+ std::string errmsg{"install_cron_job error: "};
+ errmsg += "Cron unavailable to re-create the ssl certificate";
+ errmsg += (name.empty() ? std::string{"s\n"} : " for '" + name + "'\n");
throw std::runtime_error(errmsg);
- } // else active with or without instances:
+ } // else active with or without instances:
#endif
- write_file(filename, std::string{CRON_INTERVAL}+add, std::ios::app);
+ const auto* pre = (conf.length() == 0 || conf.back() == '\n' ? "" : "\n");
+ write_file(filename, pre + std::string{CRON_INTERVAL} + add, std::ios::app);
#ifndef NO_UBUS
call("/etc/init.d/cron", "reload");
#endif
- std::cerr<<"Rebuild the ssl certificate for '";
- std::cerr<<name<<"' annually with cron."<<std::endl;
+ std::cerr << "Rebuild the self-signed SSL certificate";
+ std::cerr << (name.empty() ? std::string{"s"} : " for '" + name + "'");
+ std::cerr << " annually with cron." << std::endl;
+ }
+}
+
+void add_ssl_if_needed(const std::string& name)
+{
+ const auto legacypath = std::string{CONF_DIR} + name + ".conf";
+ if (access(legacypath.c_str(), R_OK) == 0) {
+ add_ssl_directives_to(name); // let it throw.
+
+ const auto crtpath = std::string{CONF_DIR} + name + ".crt";
+ const auto keypath = std::string{CONF_DIR} + name + ".key";
+ check_ssl_certificate(crtpath, keypath); // let it throw.
+
+ try {
+ install_cron_job(CRON_CMD, name);
+ }
+ catch (...) {
+ std::cerr << "add_ssl_if_needed warning: cannot use cron to rebuild ";
+ std::cerr << "the self-signed SSL certificate for " << name << "\n";
+ }
+ return;
+ } // else:
+
+ auto paths = add_ssl_to_config(name); // let it throw.
+
+ check_ssl_certificate(paths.crt, paths.key); // let it throw.
+
+ try {
+ install_cron_job(CRON_CHECK);
+ }
+ catch (...) {
+ std::cerr << "add_ssl_if_needed warning: cannot use cron to rebuild ";
+ std::cerr << "the self-signed SSL certificates.\n";
}
}
+void add_ssl_if_needed(const std::string& name,
+ const std::string_view manage,
+ const std::string_view crt,
+ const std::string_view key)
+{
+ if (crt[0] != '/') {
+ auto errmsg = std::string{"add_ssl_if_needed error: ssl_certificate "};
+ errmsg += "path cannot be relative '" + std::string{crt} + "'";
+ throw std::runtime_error(errmsg);
+ }
+
+ if (key[0] != '/') {
+ auto errmsg = std::string{"add_ssl_if_needed error: path to ssl_key "};
+ errmsg += "cannot be relative '" + std::string{key} + "'";
+ throw std::runtime_error(errmsg);
+ }
+
+ const auto legacypath = std::string{CONF_DIR} + name + ".conf";
+
+ if (access(legacypath.c_str(), R_OK) != 0) {
+ add_ssl_to_config(name, manage, crt, key); // let it throw.
+ return;
+ } // else:
+
+ // symlink crt+key to the paths that add_ssl_directives_to uses (if needed):
+
+ auto crtpath = std::string{CONF_DIR} + name + ".crt";
+ if (crtpath != crt && /* then */ symlink(crt.data(), crtpath.c_str()) != 0) {
+ auto errmsg = std::string{"add_ssl_if_needed error: cannot link "};
+ errmsg += "ssl_certificate " + crtpath + " -> " + crt.data() + " (";
+ errmsg += std::to_string(errno) + "): " + std::strerror(errno);
+ throw std::runtime_error(errmsg);
+ }
+
+ auto keypath = std::string{CONF_DIR} + name + ".key";
+ if (keypath != key && /* then */ symlink(key.data(), keypath.c_str()) != 0) {
+ auto errmsg = std::string{"add_ssl_if_needed error: cannot link "};
+ errmsg += "ssl_certificate_key " + keypath + " -> " + key.data() + " (";
+ errmsg += std::to_string(errno) + "): " + std::strerror(errno);
+ throw std::runtime_error(errmsg);
+ }
-void add_ssl_if_needed(const std::string & name)
+ add_ssl_directives_to(name); // let it throw.
+}
+
+void remove_cron_job(const Line& CRON_LINE, const std::string& name)
{
- add_ssl_directives_to(name, name==LAN_NAME); // let it throw.
+ static const char* filename = "/etc/crontabs/root";
- const auto crtpath = std::string{CONF_DIR} + name + ".crt";
- const auto keypath = std::string{CONF_DIR} + name + ".key";
- constexpr auto remaining_seconds = (365 + 32)*24*60*60;
- constexpr auto validity_days = 3*(365 + 31);
+ const auto const_conf = read_file(filename);
- bool is_valid = true;
+ bool changed = false;
+ auto conf = std::string{};
- if (access(keypath.c_str(), R_OK) != 0 ||
- access(crtpath.c_str(), R_OK) != 0)
- { is_valid = false; }
+ size_t prev = 0;
+ size_t curr = 0;
+ while ((curr = const_conf.find('\n', prev)) != std::string::npos) {
+ auto line = const_conf.substr(prev, curr - prev + 1);
- else {
- try {
- if (!checkend(crtpath, remaining_seconds)) {
- is_valid = false;
- }
+ if (line == replace_if(line, CRON_LINE.RGX(), name, "")) {
+ conf += line;
}
- catch (...) { // something went wrong, maybe it is in DER format:
- try {
- if (!checkend(crtpath, remaining_seconds, false)) {
- is_valid = false;
- }
- }
- catch (...) { // it has neither DER nor PEM format, rebuild.
- is_valid = false;
- }
+ else {
+ changed = true;
}
+
+ prev = curr + 1;
}
- if (!is_valid) { create_ssl_certificate(crtpath, keypath, validity_days); }
+ if (changed) {
+ write_file(filename, conf);
- try { use_cron_to_recreate_certificate(name); }
- catch (...) {
- std::cerr<<"add_ssl_if_needed warning: ";
- std::cerr<<"cannot use cron to rebuild certificate for "<<name<<"\n";
+ std::cerr << "Do not rebuild the self-signed SSL certificate";
+ std::cerr << (name.empty() ? std::string{"s"} : " for '" + name + "'");
+ std::cerr << " annually with cron anymore." << std::endl;
+
+#ifndef NO_UBUS
+ if (ubus::call("service", "list", UBUS_TIMEOUT).filter("cron")) {
+ call("/etc/init.d/cron", "reload");
+ }
+#endif
}
}
-
-void del_ssl_directives_from(const std::string & name, const bool isdefault)
+inline void del_ssl_directives_from(const std::string& name)
{
const std::string prefix = std::string{CONF_DIR} + name;
- std::string conf = read_file(prefix+".conf");
+ const std::string const_conf = read_file(prefix + ".conf");
- const std::string & const_conf = conf; // iteration needs const string.
- rgx::smatch match; // captures str(1)=indentation spaces, str(2)=server name
+ rgx::smatch match; // captures str(1)=indentation spaces, str(2)=server name
for (auto pos = const_conf.begin();
- rgx::regex_search(pos, const_conf.end(), match, NGX_SERVER_NAME.RGX());
- pos += match.position(0) + match.length(0))
+ rgx::regex_search(pos, const_conf.end(), match, NGX_SERVER_NAME.RGX());
+ pos += match.position(0) + match.length(0))
{
- if (match.str(2).find(name) == std::string::npos) { continue; }
+ if (!contains(match.str(2), name)) {
+ continue;
+ } // else:
const std::string indent = match.str(1);
- std::string adds = isdefault ?
- get_if_missed(conf, NGX_INCLUDE_LAN_LISTEN_DEFAULT,"",indent) :
- get_if_missed(conf, NGX_INCLUDE_LAN_LISTEN, "", indent);
-
- if (adds.length() > 0) {
- pos += match.position(1);
+ std::string conf = const_conf;
- conf = std::string(const_conf.begin(), pos) + adds
- + std::string(pos, const_conf.end());
+ conf = replace_listen(conf, NGX_PORT_443);
- conf = isdefault ?
- delete_if(conf, NGX_INCLUDE_LAN_SSL_LISTEN_DEFAULT.RGX())
- : delete_if(conf, NGX_INCLUDE_LAN_SSL_LISTEN.RGX());
+ conf = replace_if(conf, NGX_INCLUDE_LAN_SSL_LISTEN_DEFAULT.RGX(), "",
+ NGX_INCLUDE_LAN_LISTEN_DEFAULT.STR("", indent));
- const auto crtpath = prefix+".crt";
- conf = delete_if(conf, NGX_SSL_CRT.RGX(), crtpath, true);
+ conf = replace_if(conf, NGX_INCLUDE_LAN_SSL_LISTEN.RGX(), "",
+ NGX_INCLUDE_LAN_LISTEN.STR("", indent));
- const auto keypath = prefix+".key";
- conf = delete_if(conf, NGX_SSL_KEY.RGX(), keypath, true);
+ // NOLINTNEXTLINE(performance-inefficient-string-concatenation) prefix:
+ conf = replace_if(conf, NGX_SSL_CRT.RGX(), prefix + ".crt", "");
- conf = delete_if(conf, NGX_SSL_SESSION_CACHE.RGX());
+ // NOLINTNEXTLINE(performance-inefficient-string-concatenation) prefix:
+ conf = replace_if(conf, NGX_SSL_KEY.RGX(), prefix + ".key", "");
- conf = delete_if(conf, NGX_SSL_SESSION_TIMEOUT.RGX());
+ conf = replace_if(conf, NGX_SSL_SESSION_CACHE.RGX(), "", "");
- write_file(prefix+".conf", conf);
+ conf = replace_if(conf, NGX_SSL_SESSION_TIMEOUT.RGX(), "", "");
- std::cerr<<"Deleted SSL directives from "<<prefix<<".conf\n";
+ if (conf != const_conf) {
+ write_file(prefix + ".conf", conf);
+ std::cerr << "Deleted SSL directives from " << prefix << ".conf\n";
}
return;
throw std::runtime_error(errmsg);
}
-
-void del_ssl(const std::string & name)
+inline auto del_ssl_from_config(const std::string& name,
+ const std::string_view manage = "self-signed")
{
- static const char * filename = "/etc/crontabs/root";
+ auto sec = get_uci_section_for_name(name); // let it throw.
+ auto secname = sec.name();
- try {
- const auto const_conf = read_file(filename);
+ struct {
+ std::string crt;
+ std::string key;
+ } ret;
- bool changed = false;
- auto conf = std::string{};
+ std::cerr << "Deleting SSL directives from UCI server: nginx." << secname << "\n";
- size_t prev = 0;
- size_t curr = 0;
- while ((curr=const_conf.find('\n', prev)) != std::string::npos) {
+ auto manage_match = false;
+ for (auto opt : sec) {
+ for (auto itm : opt) {
+ if (opt.name() == "ssl_certificate_key") {
+ ret.key = itm.name();
+ }
- auto line = const_conf.substr(prev, curr-prev+1);
+ else if (opt.name() == "ssl_certificate") {
+ ret.crt = itm.name();
+ }
- if (line==delete_if(line,CRON_CMD.RGX(),std::string{name},true)) {
- conf += line;
- } else { changed = true; }
+ else if (opt.name() == "ssl_session_cache" || opt.name() == "ssl_session_timeout") {
+ }
- prev = curr + 1;
- }
+ else if (opt.name() == MANAGE_SSL && itm.name() == manage) {
+ manage_match = true;
+ }
- if (changed) {
- write_file(filename, conf);
+ else if (opt.name() == "listen") {
+ auto val = regex_replace(itm.name(), rgx::regex{NGX_PORT_443[0]}, NGX_PORT_443[1]);
+ if (val != itm.name()) {
+ std::cerr << "\t" << opt.name() << " (set back to '" << val << "')\n";
+ itm.rename(val.c_str());
+ }
+ continue; /* not deleting opt, look at other itm : opt */
+ }
- std::cerr<<"Do not rebuild the ssl certificate for '";
- std::cerr<<name<<"' annually with cron anymore."<<std::endl;
+ else {
+ continue; /* not deleting opt, look at other itm : opt */
+ }
-#ifndef NO_UBUS
- if (ubus::call("service", "list", UBUS_TIMEOUT).filter("cron"))
- { call("/etc/init.d/cron", "reload"); }
-#endif
+ // Delete matching opt (not skipped by continue):
+ std::cerr << "\t" << opt.name() << " (was '" << itm.name() << "')\n";
+ opt.del();
+ break;
}
+ }
+ if (manage_match) {
+ sec.commit();
+ return ret;
+ } // else:
+
+ auto errmsg = std::string{"del_ssl error: not changing config wihtout: "};
+ errmsg += "uci set nginx." + secname + "." + MANAGE_SSL.data() + "='" + manage.data();
+ errmsg += "'";
+ throw std::runtime_error(errmsg);
+}
- } catch (...) {
- std::cerr<<"del_ssl warning: ";
- std::cerr<<"cannot delete cron job for "<<name<<" in "<<filename<<"\n";
+auto del_ssl_legacy(const std::string& name) -> bool
+{
+ const auto legacypath = std::string{CONF_DIR} + name + ".conf";
+
+ if (access(legacypath.c_str(), R_OK) != 0) {
+ return false;
}
- try { del_ssl_directives_from(name, name==LAN_NAME); }
+ try {
+ remove_cron_job(CRON_CMD, name);
+ }
+ catch (...) {
+ std::cerr << "del_ssl warning: cannot remove cron job rebuilding ";
+ std::cerr << "the self-signed SSL certificate for " << name << "\n";
+ }
+
+ try {
+ del_ssl_directives_from(name);
+ }
catch (...) {
- std::cerr<<"del_ssl error: ";
- std::cerr<<"cannot delete SSL directives from "<<name<<".conf\n";
+ std::cerr << "del_ssl error: ";
+ std::cerr << "cannot delete SSL directives from " << name << ".conf\n";
throw;
}
- const auto crtpath = std::string{CONF_DIR} + name + ".crt";
+ return true;
+}
- if (remove(crtpath.c_str())!=0) {
- auto errmsg = "del_ssl warning: cannot remove "+crtpath;
- perror(errmsg.c_str());
+void del_ssl(const std::string& name)
+{
+ auto crtpath = std::string{};
+ auto keypath = std::string{};
+
+ if (del_ssl_legacy(name)) { // let it throw.
+ crtpath = std::string{CONF_DIR} + name + ".crt";
+ keypath = std::string{CONF_DIR} + name + ".key";
}
- const auto keypath = std::string{CONF_DIR} + name + ".key";
+ else {
+ auto paths = del_ssl_from_config(name); // let it throw.
+ crtpath = paths.crt;
+ keypath = paths.key;
+ }
- if (remove(keypath.c_str())!=0) {
- auto errmsg = "del_ssl warning: cannot remove "+keypath;
+ if (remove(crtpath.c_str()) != 0) {
+ auto errmsg = "del_ssl warning: cannot remove " + crtpath;
+ perror(errmsg.c_str());
+ }
+
+ if (remove(keypath.c_str()) != 0) {
+ auto errmsg = "del_ssl warning: cannot remove " + keypath;
perror(errmsg.c_str());
}
}
+void del_ssl(const std::string& name, const std::string_view manage)
+{
+ const auto legacypath = std::string{CONF_DIR} + name + ".conf";
+
+ if (access(legacypath.c_str(), R_OK) != 0) {
+ del_ssl_from_config(name, manage); // let it throw.
+ return;
+ } // else:
+
+ del_ssl_directives_from(name); // let it throw.
+
+ for (const auto* ext : {".crt", ".key"}) {
+ struct stat sb {};
+
+ auto path = std::string{CONF_DIR} + name + ext;
+
+ // managed version of add_ssl_if_needed created symlinks (if needed):
+ // NOLINTNEXTLINE(hicpp-signed-bitwise) S_ISLNK macro:
+ if (lstat(path.c_str(), &sb) == 0 && S_ISLNK(sb.st_mode)) {
+ if (remove(path.c_str()) != 0) {
+ auto errmsg = "del_ssl warning: cannot remove " + path;
+ perror(errmsg.c_str());
+ }
+ }
+ }
+}
+
+auto check_ssl(const uci::package& pkg, bool is_enabled) -> bool
+{
+ auto are_valid = true;
+ auto is_enabled_and_at_least_one_has_manage_ssl = false;
+
+ if (is_enabled) {
+ for (auto sec : pkg) {
+ if (sec.anonymous() || sec.type() != "server") {
+ continue;
+ } // else:
+
+ const auto legacypath = std::string{CONF_DIR} + sec.name() + ".conf";
+ if (access(legacypath.c_str(), R_OK) == 0) {
+ continue;
+ } // else:
+
+ auto keypath = std::string{};
+ auto crtpath = std::string{};
+ auto self_signed = false;
+
+ for (auto opt : sec) {
+ for (auto itm : opt) {
+ if (opt.name() == "ssl_certificate_key") {
+ keypath = itm.name();
+ }
+
+ else if (opt.name() == "ssl_certificate") {
+ crtpath = itm.name();
+ }
+
+ else if (opt.name() == MANAGE_SSL) {
+ if (itm.name() == "self-signed") {
+ self_signed = true;
+ }
+
+ // else if (itm.name()=="???") { /* manage other */ }
+
+ else {
+ continue;
+ } // no supported manage_ssl string.
+
+ is_enabled_and_at_least_one_has_manage_ssl = true;
+ }
+ }
+ }
+
+ if (self_signed && !crtpath.empty() && !keypath.empty()) {
+ try {
+ if (!check_ssl_certificate(crtpath, keypath)) {
+ are_valid = false;
+ }
+ }
+ catch (...) {
+ std::cerr << "check_ssl warning: cannot build certificate '";
+ std::cerr << crtpath << "' or key '" << keypath << "'.\n";
+ }
+ }
+ }
+ }
+
+ auto suffix = std::string_view{" the cron job checking the managed SSL certificates.\n"};
+
+ if (is_enabled_and_at_least_one_has_manage_ssl) {
+ try {
+ install_cron_job(CRON_CHECK);
+ }
+ catch (...) {
+ std::cerr << "check_ssl warning: cannot install" << suffix;
+ }
+ }
+
+ else if (access("/etc/crontabs/root", R_OK) == 0) {
+ try {
+ remove_cron_job(CRON_CHECK);
+ }
+ catch (...) {
+ std::cerr << "check_ssl warning: cannot remove" << suffix;
+ }
+ } // else: do nothing
+
+ return are_valid;
+}
#endif
#include <iostream>
+#include <numeric>
-#include "nginx-util.hpp"
-
-#ifndef NO_SSL
#include "nginx-ssl-util.hpp"
-#endif
+#include "nginx-util.hpp"
+static auto constexpr file_comment_auto_created =
+ std::string_view{"# This file is re-created when Nginx starts.\n"};
-void create_lan_listen()
+// TODO(pst) replace it with blobmsg_get_string if upstream takes const:
+#ifndef NO_UBUS
+static inline auto _pst_get_string(const blob_attr* attr) -> char*
{
- std::string listen = "# This file is re-created if Nginx starts or"
- " a LAN address changes.\n";
- std::string listen_default = listen;
- std::string ssl_listen = listen;
- std::string ssl_listen_default = listen;
-
- auto add_listen = [&listen, &listen_default
-#ifndef NO_SSL
- ,&ssl_listen, &ssl_listen_default
-#endif
- ]
- (const std::string &pre, const std::string &ip, const std::string &suf)
- -> void
- {
- if (ip.empty()) { return; }
- const std::string val = pre + ip + suf;
- listen += "\tlisten " + val + ":80;\n";
- listen_default += "\tlisten " + val + ":80 default_server;\n";
-#ifndef NO_SSL
- ssl_listen += "\tlisten " + val + ":443 ssl;\n";
- ssl_listen_default += "\tlisten " + val + ":443 ssl default_server;\n";
+ return static_cast<char*>(blobmsg_data(attr));
+}
#endif
- };
+
+void create_lan_listen() // create empty files for compatibility:
+{
+ // TODO(pst): replace by dummies after transitioning nginx config to UCI:
+ std::vector<std::string> ips;
#ifndef NO_UBUS
try {
- auto loopback_status=ubus::call("network.interface.loopback", "status");
+ auto loopback_status = ubus::call("network.interface.loopback", "status");
- for (auto ip : loopback_status.filter("ipv4-address", "", "address")) {
- add_listen("", static_cast<const char *>(blobmsg_data(ip)), "");
+ for (const auto* ip : loopback_status.filter("ipv4-address", "", "address")) {
+ ips.emplace_back(_pst_get_string(ip));
}
- for (auto ip : loopback_status.filter("ipv6-address", "", "address")) {
- add_listen("[", static_cast<const char *>(blobmsg_data(ip)), "]");
+ for (const auto* ip : loopback_status.filter("ipv6-address", "", "address")) {
+ ips.emplace_back(std::string{"["} + _pst_get_string(ip) + "]");
}
- } catch (const std::runtime_error &) { /* do nothing about it */ }
+ }
+ catch (const std::runtime_error&) { /* do nothing about it */
+ }
try {
auto lan_status = ubus::call("network.interface.lan", "status");
- for (auto ip : lan_status.filter("ipv4-address", "", "address")) {
- add_listen("", static_cast<const char *>(blobmsg_data(ip)), "");
+ for (const auto* ip : lan_status.filter("ipv4-address", "", "address")) {
+ ips.emplace_back(_pst_get_string(ip));
}
- for (auto ip : lan_status.filter("ipv6-address", "", "address")) {
- add_listen("[", static_cast<const char *>(blobmsg_data(ip)), "]");
+ for (const auto* ip : lan_status.filter("ipv6-address", "", "address")) {
+ ips.emplace_back(std::string{"["} + _pst_get_string(ip) + "]");
}
- for (auto ip : lan_status.filter("ipv6-prefix-assignment", "",
- "local-address", "address"))
- {
- add_listen("[", static_cast<const char *>(blobmsg_data(ip)), "]");
+ for (const auto* ip :
+ lan_status.filter("ipv6-prefix-assignment", "", "local-address", "address")) {
+ ips.emplace_back(std::string{"["} + _pst_get_string(ip) + "]");
}
- } catch (const std::runtime_error &) { /* do nothing about it */ }
+ }
+ catch (const std::runtime_error&) { /* do nothing about it */
+ }
#else
- add_listen("", "127.0.0.1", "");
+ ips.emplace_back("127.0.0.1");
#endif
+ std::string listen = std::string{file_comment_auto_created};
+ std::string listen_default = std::string{file_comment_auto_created};
+ for (const auto& ip : ips) {
+ listen += "\tlisten " + ip + ":80;\n";
+ listen_default += "\tlisten " + ip + ":80 default_server;\n";
+ }
write_file(LAN_LISTEN, listen);
write_file(LAN_LISTEN_DEFAULT, listen_default);
-#ifndef NO_SSL
+
+ std::string ssl_listen = std::string{file_comment_auto_created};
+ std::string ssl_listen_default = std::string{file_comment_auto_created};
+ for (const auto& ip : ips) {
+ ssl_listen += "\tlisten " + ip + ":443 ssl;\n";
+ ssl_listen_default += "\tlisten " + ip + ":443 ssl default_server;\n";
+ }
write_file(LAN_SSL_LISTEN, ssl_listen);
write_file(LAN_SSL_LISTEN_DEFAULT, ssl_listen_default);
-#endif
}
+inline auto change_if_starts_with(const std::string_view& subject,
+ const std::string_view& prefix,
+ const std::string_view& substitute,
+ const std::string_view& seperator = " \t\n;") -> std::string
+{
+ auto view = subject;
+ view = view.substr(view.find_first_not_of(seperator));
+ if (view.rfind(prefix, 0) == 0) {
+ if (view.size() == prefix.size()) {
+ return std::string{substitute};
+ }
+ view = view.substr(prefix.size());
+ if (seperator.find(view[0]) != std::string::npos) {
+ auto ret = std::string{substitute};
+ ret += view;
+ return ret;
+ }
+ }
+ return std::string{subject};
+}
+
+inline auto create_server_conf(const uci::section& sec, const std::string& indent = "")
+ -> std::string
+{
+ auto secname = sec.name();
+
+ auto legacypath = std::string{CONF_DIR} + secname + ".conf";
+ if (access(legacypath.c_str(), R_OK) == 0) {
+ auto message = std::string{"skipped UCI server 'nginx."} + secname;
+ message += "' as it could conflict with: " + legacypath + "\n";
+
+ // TODO(pst) std::cerr<<"create_server_conf notice: "<<message;
+
+ return indent + "# " + message;
+ } // else:
+
+ auto conf = indent + "server { #see uci show 'nginx." + secname + "'\n";
+
+ for (auto opt : sec) {
+ for (auto itm : opt) {
+ if (opt.name().rfind("uci_", 0) == 0) {
+ continue;
+ }
+ // else: standard opt.name()
+
+ auto val = itm.name();
+
+ if (opt.name() == "error_log") {
+ val = change_if_starts_with(val, "logd", "/proc/self/fd/1");
+ }
+
+ else if (opt.name() == "access_log") {
+ val = change_if_starts_with(val, "logd", "stderr");
+ }
+
+ conf += indent + "\t" + opt.name() + " " + itm.name() + ";\n";
+ }
+ }
+
+ conf += indent + "}\n";
+
+ return conf;
+}
+
+void init_uci(const uci::package& pkg)
+{
+ auto conf = std::string{file_comment_auto_created};
+ static const auto uci_http_config = std::string_view{"#UCI_HTTP_CONFIG\n"};
+
+ const auto tmpl = read_file(std::string{UCI_CONF} + ".template");
+ auto pos = tmpl.find(uci_http_config);
+
+ if (pos == std::string::npos) {
+ conf += tmpl;
+ }
+
+ else {
+ const auto index = tmpl.find_last_not_of(" \t", pos - 1);
+
+ const auto before = tmpl.begin() + index + 1;
+ const auto middle = tmpl.begin() + pos;
+ const auto after = middle + uci_http_config.length();
+
+ conf.append(tmpl.begin(), before);
+
+ const auto indent = std::string{before, middle};
+ for (auto sec : pkg) {
+ if (sec.type() == std::string_view{"server"}) {
+ conf += create_server_conf(sec, indent) + "\n";
+ }
+ }
+
+ conf.append(after, tmpl.end());
+ }
+
+ write_file(VAR_UCI_CONF, conf);
+}
+
+auto is_enabled(const uci::package& pkg) -> bool
+{
+ for (auto sec : pkg) {
+ if (sec.type() != std::string_view{"main"}) {
+ continue;
+ }
+ if (sec.name() != std::string_view{"global"}) {
+ continue;
+ }
+ for (auto opt : sec) {
+ if (opt.name() != "uci_enable") {
+ continue;
+ }
+ for (auto itm : opt) {
+ if (itm) {
+ return true;
+ }
+ }
+ }
+ }
+ return false;
+}
+
+/*
+ * ___________main_thread________________|______________thread_1________________
+ * create_lan_listen() or do nothing | config = uci::package("nginx")
+ * if config_enabled (set in thread_1): | config_enabled = is_enabled(config)
+ * then init_uci(config) | check_ssl(config, config_enabled)
+ */
void init_lan()
{
std::exception_ptr ex;
-
-#ifndef NO_SSL
- auto thrd = std::thread([]{ //&ex
- try { add_ssl_if_needed(std::string{LAN_NAME}); }
+ std::unique_ptr<uci::package> config;
+ bool config_enabled = false;
+ std::mutex configuring;
+
+ configuring.lock();
+ auto thrd = std::thread([&config, &config_enabled, &configuring, &ex] {
+ try {
+ config = std::make_unique<uci::package>("nginx");
+ config_enabled = is_enabled(*config);
+ configuring.unlock();
+ check_ssl(*config, config_enabled);
+ }
catch (...) {
- std::cerr<<"init_lan notice: no server named "<<LAN_NAME<<std::endl;
- // not: ex = std::current_exception();
+ std::cerr << "init_lan error: checking UCI file /etc/config/nginx\n";
+ ex = std::current_exception();
}
});
-#endif
- try { create_lan_listen(); }
+ try {
+ create_lan_listen();
+ }
catch (...) {
- std::cerr<<"init_lan error: cannot create LAN listen files"<<std::endl;
+ std::cerr << "init_lan error: cannot create listen files of local IPs.\n";
ex = std::current_exception();
}
-#ifndef NO_SSL
- thrd.join();
-#endif
+ configuring.lock();
+ if (config_enabled) {
+ try {
+ init_uci(*config);
+ }
+ catch (...) {
+ std::cerr << "init_lan error: cannot create " << VAR_UCI_CONF << " from ";
+ std::cerr << UCI_CONF << ".template using UCI file /etc/config/nginx\n";
+ ex = std::current_exception();
+ }
+ }
- if (ex) { std::rethrow_exception(ex); }
+ thrd.join();
+ if (ex) {
+ std::rethrow_exception(ex);
+ }
}
-
void get_env()
{
- std::cout<<"NGINX_CONF="<<"'"<<NGINX_CONF<<"'"<<std::endl;
- std::cout<<"CONF_DIR="<<"'"<<CONF_DIR<<"'"<<std::endl;
- std::cout<<"LAN_NAME="<<"'"<<LAN_NAME<<"'"<<std::endl;
- std::cout<<"LAN_LISTEN="<<"'"<<LAN_LISTEN<<"'"<<std::endl;
-#ifndef NO_SSL
- std::cout<<"LAN_SSL_LISTEN="<<"'"<<LAN_SSL_LISTEN<<"'"<<std::endl;
- std::cout<<"SSL_SESSION_CACHE_ARG="<<"'"<<SSL_SESSION_CACHE_ARG(LAN_NAME)<<
- "'"<<std::endl;
- std::cout<<"SSL_SESSION_TIMEOUT_ARG="<<"'"<<SSL_SESSION_TIMEOUT_ARG<<"'\n";
- std::cout<<"ADD_SSL_FCT="<<"'"<<ADD_SSL_FCT<<"'"<<std::endl;
-#endif
+ std::cout << "UCI_CONF="
+ << "'" << UCI_CONF << "'" << std::endl;
+ std::cout << "NGINX_CONF="
+ << "'" << NGINX_CONF << "'" << std::endl;
+ std::cout << "CONF_DIR="
+ << "'" << CONF_DIR << "'" << std::endl;
+ std::cout << "LAN_NAME="
+ << "'" << LAN_NAME << "'" << std::endl;
+ std::cout << "LAN_LISTEN="
+ << "'" << LAN_LISTEN << "'" << std::endl;
+ std::cout << "LAN_SSL_LISTEN="
+ << "'" << LAN_SSL_LISTEN << "'" << std::endl;
+ std::cout << "SSL_SESSION_CACHE_ARG="
+ << "'" << SSL_SESSION_CACHE_ARG(LAN_NAME) << "'" << std::endl;
+ std::cout << "SSL_SESSION_TIMEOUT_ARG="
+ << "'" << SSL_SESSION_TIMEOUT_ARG << "'\n";
+ std::cout << "ADD_SSL_FCT="
+ << "'" << ADD_SSL_FCT << "'" << std::endl;
+ std::cout << "MANAGE_SSL="
+ << "'" << MANAGE_SSL << "'" << std::endl;
}
-
-auto main(int argc, char * argv[]) -> int
+auto main(int argc, char* argv[]) -> int
{
// TODO(pst): use std::span when available:
- auto args = std::basic_string_view<char *>{argv, static_cast<size_t>(argc)};
+ auto args = std::basic_string_view<char*>{argv, static_cast<size_t>(argc)};
auto cmds = std::array{
std::array<std::string_view, 2>{"init_lan", ""},
std::array<std::string_view, 2>{"get_env", ""},
-#ifndef NO_SSL
- std::array<std::string_view, 2>{ADD_SSL_FCT, " server_name" },
- std::array<std::string_view, 2>{"del_ssl", " server_name" },
-#endif
+ std::array<std::string_view, 2>{
+ ADD_SSL_FCT, "server_name [manager /path/to/ssl_certificate /path/to/ssl_key]"},
+ std::array<std::string_view, 2>{"del_ssl", "server_name [manager]"},
+ std::array<std::string_view, 2>{"check_ssl", ""},
};
try {
+ if (argc == 2 && args[1] == cmds[0][0]) {
+ init_lan();
+ }
- if (argc==2 && args[1]==cmds[0][0]) { init_lan(); }
+ else if (argc == 2 && args[1] == cmds[1][0]) {
+ get_env();
+ }
- else if (argc==2 && args[1]==cmds[1][0]) { get_env(); }
+ else if (argc == 3 && args[1] == cmds[2][0]) {
+ add_ssl_if_needed(std::string{args[2]});
+ }
-#ifndef NO_SSL
- else if (argc==3 && args[1]==cmds[2][0])
- { add_ssl_if_needed(std::string{args[2]});}
+ // NOLINTNEXTLINE(readability-magic-numbers,cppcoreguidelines-avoid-magic-numbers): 6
+ else if (argc == 6 && args[1] == cmds[2][0]) {
+ // NOLINTNEXTLINE(readability-magic-numbers,cppcoreguidelines-avoid-magic-numbers): 5
+ add_ssl_if_needed(std::string{args[2]}, args[3], args[4], args[5]);
+ }
- else if (argc==3 && args[1]==cmds[3][0])
- { del_ssl(std::string{args[2]}); }
+ else if (argc == 3 && args[1] == cmds[3][0]) {
+ del_ssl(std::string{args[2]});
+ }
- else if (argc==2 && args[1]==cmds[3][0])
- { del_ssl(std::string{LAN_NAME}); }
-#endif
+ else if (argc == 4 && args[1] == cmds[3][0]) {
+ del_ssl(std::string{args[2]}, args[3]);
+ }
+
+ else if (argc == 2 && args[1] == cmds[3][0]) // TODO(pst) deprecate
+ {
+ try {
+ auto name = std::string{LAN_NAME};
+ if (del_ssl_legacy(name)) {
+ auto crtpath = std::string{CONF_DIR} + name + ".crt";
+ remove(crtpath.c_str());
+ auto keypath = std::string{CONF_DIR} + name + ".key";
+ remove(keypath.c_str());
+ }
+ }
+ catch (...) { /* do nothing. */
+ }
+ }
+
+ else if (argc == 2 && args[1] == cmds[4][0]) {
+ check_ssl(uci::package{"nginx"});
+ }
else {
- std::cerr<<"Tool for creating Nginx configuration files (";
+ std::cerr << "Tool for creating Nginx configuration files (";
#ifdef VERSION
- std::cerr<<"version "<<VERSION<<" ";
+ std::cerr << "version " << VERSION << " ";
#endif
- std::cerr<<"with ";
+ std::cerr << "with libuci, ";
#ifndef NO_UBUS
- std::cerr<<"ubus, ";
-#endif
-#ifndef NO_SSL
- std::cerr<<"libopenssl, ";
-#ifdef NO_PCRE
- std::cerr<<"std::regex, ";
-#else
- std::cerr<<"PCRE, ";
+ std::cerr << "libubus, ";
#endif
+ std::cerr << "libopenssl, ";
+#ifndef NO_PCRE
+ std::cerr << "PCRE, ";
#endif
- std::cerr<<"pthread and libstdcpp)."<<std::endl;
+ std::cerr << "pthread and libstdcpp)." << std::endl;
- auto usage = std::string{"usage: "} + *argv + " [";
- for (auto cmd : cmds) {
- usage += std::string{cmd[0]};
- usage += std::string{cmd[1]} + "|";
- }
- usage[usage.size()-1] = ']';
- std::cerr<<usage<<std::endl;
+ auto usage =
+ std::accumulate(cmds.begin(), cmds.end(), std::string{"usage: "} + *argv + " [",
+ [](const auto& use, const auto& cmd) {
+ return use + std::string{cmd[0]} + (cmd[1].empty() ? "" : " ") +
+ std::string{cmd[1]} + "|";
+ });
+ usage[usage.size() - 1] = ']';
+ std::cerr << usage << std::endl;
throw std::runtime_error("main error: argument not recognized");
}
return 0;
-
}
- catch (const std::exception & e) { std::cerr<<e.what()<<std::endl; }
+ catch (const std::exception& e) {
+ std::cerr << " * " << *argv << " " << e.what() << "\n";
+ }
- catch (...) { perror("main error"); }
+ catch (...) {
+ std::cerr << " * * " << *argv;
+ perror(" main error");
+ }
return 1;
-
}
#include <fstream>
#include <string>
#include <string_view>
-#include <thread>
+// #include <sys/types.h>
+#include <sys/stat.h>
#include <unistd.h>
+#include <thread>
#include <vector>
#ifndef NO_UBUS
#include "ubus-cxx.hpp"
#endif
+#include "uci-cxx.hpp"
static constexpr auto NGINX_UTIL = std::string_view{"/usr/bin/nginx-util"};
+static constexpr auto VAR_UCI_CONF = std::string_view{"/var/lib/nginx/uci.conf"};
+
+static constexpr auto UCI_CONF = std::string_view{"/etc/nginx/uci.conf"};
+
static constexpr auto NGINX_CONF = std::string_view{"/etc/nginx/nginx.conf"};
static constexpr auto CONF_DIR = std::string_view{"/etc/nginx/conf.d/"};
static constexpr auto LAN_NAME = std::string_view{"_lan"};
-static constexpr auto LAN_LISTEN =std::string_view{"/var/lib/nginx/lan.listen"};
+static auto constexpr MANAGE_SSL = std::string_view{"uci_manage_ssl"};
-static constexpr auto LAN_LISTEN_DEFAULT =
- std::string_view{"/var/lib/nginx/lan.listen.default"};
+static constexpr auto LAN_LISTEN = std::string_view{"/var/lib/nginx/lan.listen"};
+static constexpr auto LAN_LISTEN_DEFAULT = // TODO(pst) deprecate
+ std::string_view{"/var/lib/nginx/lan.listen.default"};
// mode: optional ios::binary and/or ios::app (default ios::trunc)
-void write_file(const std::string_view & name, const std::string & str,
- std::ios_base::openmode flag=std::ios::trunc);
-
+void write_file(const std::string_view& name,
+ const std::string& str,
+ std::ios_base::openmode flag = std::ios::trunc);
// mode: optional ios::binary (internally ios::ate|ios::in)
-auto read_file(const std::string_view & name,
- std::ios_base::openmode mode=std::ios::in) -> std::string;
-
+auto read_file(const std::string_view& name, std::ios_base::openmode mode = std::ios::in)
+ -> std::string;
// all S must be convertible to const char[]
-template<typename ...S>
-auto call(const std::string & program, S... args) -> pid_t;
-
+template <typename... S>
+auto call(const std::string& program, S... args) -> pid_t;
void create_lan_listen();
+void init_uci(const uci::package& pkg);
-void init_lan();
+auto is_enabled(const uci::package& pkg) -> bool;
+void init_lan();
void get_env();
-
-
// --------------------- partial implementation: ------------------------------
-
-void write_file(const std::string_view & name, const std::string & str,
+void write_file(const std::string_view& name,
+ const std::string& str,
const std::ios_base::openmode flag)
{
auto tmp = std::string{name};
- if ( (flag & std::ios::ate) == 0 && (flag & std::ios::app) == 0 ) {
+ if ((flag & std::ios::ate) == 0 && (flag & std::ios::app) == 0) {
tmp += ".tmp-XXXXXX";
auto fd = mkstemp(&tmp[0]);
- if (fd==-1 || close(fd)!=0)
- { throw std::runtime_error("write_file error: cannot access " + tmp); }
+ if (fd == -1 || close(fd) != 0) {
+ throw std::runtime_error("write_file error: cannot access " + tmp);
+ }
}
try {
std::ofstream file(tmp.data(), flag);
if (!file.good()) {
- throw std::ofstream::failure
- ("write_file error: cannot open " + std::string{tmp});
+ throw std::ofstream::failure("write_file error: cannot open " + std::string{tmp});
}
- file<<str<<std::flush;
+ file << str << std::flush;
file.close();
- } catch(...) {
- if (tmp!=name) { remove(tmp.c_str()); } //remove can fail.
+ }
+ catch (...) {
+ if (tmp != name) {
+ remove(tmp.c_str());
+ } // remove can fail.
throw;
}
if (rename(tmp.c_str(), name.data()) != 0) {
- throw std::runtime_error
- ("write_file error: cannot move " + tmp + " to " + name.data());
+ throw std::runtime_error("write_file error: cannot move " + tmp + " to " + name.data());
}
}
-
-auto read_file(const std::string_view & name,
- const std::ios_base::openmode mode) -> std::string
+auto read_file(const std::string_view& name, const std::ios_base::openmode mode) -> std::string
{
- std::ifstream file(name.data(), mode|std::ios::ate);
+ std::ifstream file(name.data(), mode | std::ios::ate);
if (!file.good()) {
- throw std::ifstream::failure(
- "read_file error: cannot open " + std::string{name});
+ throw std::ifstream::failure("read_file error: cannot open " + std::string{name});
}
std::string ret{};
ret.reserve(size);
file.seekg(0);
- ret.assign((std::istreambuf_iterator<char>(file)),
- std::istreambuf_iterator<char>());
+ ret.assign((std::istreambuf_iterator<char>(file)), std::istreambuf_iterator<char>());
file.close();
return ret;
}
-
-template<typename ...S>
-auto call(const char * program, S... args) -> pid_t
+template <typename... S>
+auto call(const char* program, S... args) -> pid_t
{
pid_t pid = fork();
- if (pid==0) { //child:
- std::array<char *, sizeof...(args)+2> argv =
- { strdup(program), strdup(args)..., nullptr };
+ if (pid == 0) { // child:
+ std::array<char*, sizeof...(args) + 2> argv = {strdup(program), strdup(args)..., nullptr};
- execv(program, argv.data()); // argv cannot be const char * const[]!
+ execv(program, argv.data()); // argv cannot be const char * const[]!
_exit(EXIT_FAILURE); // exec never returns.
- } else if (pid>0) { //parent:
+ }
+ else if (pid > 0) { // parent:
return pid;
}
throw std::runtime_error(errmsg);
}
-
#endif
// #define OPENSSL_API_COMPAT 0x10102000L
#include <fcntl.h>
-#include <memory>
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
+#include <unistd.h>
+#include <memory>
#include <stdexcept>
#include <string>
-#include <unistd.h>
-
static constexpr auto rsa_min_modulus_bits = 512;
using X509_NAME_ptr = std::unique_ptr<X509_NAME, decltype(&::X509_NAME_free)>;
-
-auto checkend(const std::string & crtpath,
- time_t seconds=0, bool use_pem=true) -> bool;
-
+auto checkend(const std::string& crtpath, time_t seconds = 0, bool use_pem = true) -> bool;
auto gen_eckey(int curve) -> EVP_PKEY_ptr;
+auto gen_rsakey(int keysize, BN_ULONG exponent = RSA_F4) -> EVP_PKEY_ptr;
-auto gen_rsakey(int keysize, BN_ULONG exponent=RSA_F4) -> EVP_PKEY_ptr;
-
-
-void write_key(const EVP_PKEY_ptr & pkey,
- const std::string & keypath="", bool use_pem=true);
-
-
-auto subject2name(const std::string & subject) -> X509_NAME_ptr;
-
-
-void selfsigned(const EVP_PKEY_ptr & pkey, int days,
- const std::string & subject="", const std::string & crtpath="",
- bool use_pem=true);
+void write_key(const EVP_PKEY_ptr& pkey, const std::string& keypath = "", bool use_pem = true);
+auto subject2name(const std::string& subject) -> X509_NAME_ptr;
+void selfsigned(const EVP_PKEY_ptr& pkey,
+ int days,
+ const std::string& subject = "",
+ const std::string& crtpath = "",
+ bool use_pem = true);
// ------------------------- implementation: ----------------------------------
-
-inline auto print_error(const char * str, const size_t /*len*/, void * errmsg)
- -> int
+inline auto print_error(const char* str, const size_t /*len*/, void* errmsg) -> int
{
- *static_cast<std::string *>(errmsg) += str;
+ *static_cast<std::string*>(errmsg) += str;
return 0;
}
-
// wrapper for clang-tidy:
-inline auto _BIO_new_fp(FILE * stream, const bool use_pem,
- const bool close=false) -> BIO *
+inline auto _BIO_new_fp(FILE* stream, const bool use_pem, const bool close = false) -> BIO*
{
- return BIO_new_fp( stream, //NOLINTNEXTLINE(hicpp-signed-bitwise) macros:
- (use_pem ? BIO_FP_TEXT : 0) | (close ? BIO_CLOSE : BIO_NOCLOSE) );
+ return BIO_new_fp(stream, // NOLINTNEXTLINE(hicpp-signed-bitwise) macros:
+ (use_pem ? BIO_FP_TEXT : 0) | (close ? BIO_CLOSE : BIO_NOCLOSE));
}
-
-auto checkend(const std::string & crtpath,
- const time_t seconds, const bool use_pem) -> bool
+auto checkend(const std::string& crtpath, const time_t seconds, const bool use_pem) -> bool
{
- BIO * bio = crtpath.empty() ?
- _BIO_new_fp(stdin, use_pem) :
- BIO_new_file(crtpath.c_str(), (use_pem ? "r" : "rb"));
+ BIO* bio = crtpath.empty() ? _BIO_new_fp(stdin, use_pem)
+ : BIO_new_file(crtpath.c_str(), (use_pem ? "r" : "rb"));
- X509 * x509 = nullptr;
+ X509* x509 = nullptr;
if (bio != nullptr) {
- x509 = use_pem ?
- PEM_read_bio_X509_AUX(bio, nullptr, nullptr, nullptr) :
- d2i_X509_bio(bio, nullptr);
+ x509 = use_pem ? PEM_read_bio_X509_AUX(bio, nullptr, nullptr, nullptr)
+ : d2i_X509_bio(bio, nullptr);
BIO_free(bio);
}
- if (x509==nullptr) {
+ if (x509 == nullptr) {
std::string errmsg{"checkend error: unable to load certificate\n"};
ERR_print_errors_cb(print_error, &errmsg);
throw std::runtime_error(errmsg);
return (cmp >= 0);
}
-
auto gen_eckey(const int curve) -> EVP_PKEY_ptr
{
- EC_GROUP * group = curve!=0 ? EC_GROUP_new_by_curve_name(curve) : nullptr;
+ EC_GROUP* group = curve != 0 ? EC_GROUP_new_by_curve_name(curve) : nullptr;
if (group == nullptr) {
std::string errmsg{"gen_eckey error: cannot build group for curve id "};
EC_GROUP_set_point_conversion_form(group, POINT_CONVERSION_UNCOMPRESSED);
- auto eckey = EC_KEY_new();
+ auto* eckey = EC_KEY_new();
if (eckey != nullptr) {
- if ( (EC_KEY_set_group(eckey, group) == 0) ||
- (EC_KEY_generate_key(eckey) == 0) )
- {
+ if ((EC_KEY_set_group(eckey, group) == 0) || (EC_KEY_generate_key(eckey) == 0)) {
EC_KEY_free(eckey);
eckey = nullptr;
}
EVP_PKEY_ptr pkey{EVP_PKEY_new(), ::EVP_PKEY_free};
// EVP_PKEY_assign_EC_KEY is a macro casting eckey to char *:
- //NOLINTNEXTLINE(cppcoreguidelines-pro-type-cstyle-cast)
+ // NOLINTNEXTLINE(cppcoreguidelines-pro-type-cstyle-cast)
if (!EVP_PKEY_assign_EC_KEY(pkey.get(), eckey)) {
EC_KEY_free(eckey);
std::string errmsg{"gen_eckey error: cannot assign EC key to EVP\n"};
return pkey;
}
-
auto gen_rsakey(const int keysize, const BN_ULONG exponent) -> EVP_PKEY_ptr
{
- if (keysize<rsa_min_modulus_bits || keysize>OPENSSL_RSA_MAX_MODULUS_BITS) {
+ if (keysize < rsa_min_modulus_bits || keysize > OPENSSL_RSA_MAX_MODULUS_BITS) {
std::string errmsg{"gen_rsakey error: RSA keysize ("};
errmsg += std::to_string(keysize) + ") out of range [512..";
errmsg += std::to_string(OPENSSL_RSA_MAX_MODULUS_BITS) + "]";
throw std::runtime_error(errmsg);
}
- auto bignum = BN_new();
+ auto* bignum = BN_new();
if (bignum == nullptr) {
std::string errmsg{"gen_rsakey error: cannot get big number struct\n"};
throw std::runtime_error(errmsg);
}
- auto rsa = RSA_new();
+ auto* rsa = RSA_new();
if (rsa != nullptr) {
if ((BN_set_word(bignum, exponent) == 0) ||
EVP_PKEY_ptr pkey{EVP_PKEY_new(), ::EVP_PKEY_free};
// EVP_PKEY_assign_RSA is a macro casting rsa to char *:
- //NOLINTNEXTLINE(cppcoreguidelines-pro-type-cstyle-cast)
+ // NOLINTNEXTLINE(cppcoreguidelines-pro-type-cstyle-cast)
if (!EVP_PKEY_assign_RSA(pkey.get(), rsa)) {
RSA_free(rsa);
std::string errmsg{"gen_rsakey error: cannot assign RSA key to EVP\n"};
return pkey;
}
-
-void write_key(const EVP_PKEY_ptr & pkey,
- const std::string & keypath, const bool use_pem)
+void write_key(const EVP_PKEY_ptr& pkey, const std::string& keypath, const bool use_pem)
{
- BIO * bio = nullptr;
+ BIO* bio = nullptr;
- if (keypath.empty()) { bio = _BIO_new_fp(stdout, use_pem); }
+ if (keypath.empty()) {
+ bio = _BIO_new_fp(stdout, use_pem);
+ }
- else { // BIO_new_file(keypath.c_str(), (use_pem ? "w" : "wb") );
+ else { // BIO_new_file(keypath.c_str(), (use_pem ? "w" : "wb") );
static constexpr auto mask = 0600;
// auto fd = open(keypath.c_str(), O_WRONLY | O_CREAT | O_TRUNC, mask);
// creat has no cloexec, alt. triggers cppcoreguidelines-pro-type-vararg
- //NOLINTNEXTLINE(android-cloexec-creat)
- auto fd = creat(keypath.c_str(), mask); // the same without va_args.
+ // NOLINTNEXTLINE(android-cloexec-creat)
+ auto fd = creat(keypath.c_str(), mask); // the same without va_args.
if (fd >= 0) {
- auto fp = fdopen(fd, (use_pem ? "w" : "wb") );
+ auto* fp = fdopen(fd, (use_pem ? "w" : "wb"));
if (fp != nullptr) {
bio = _BIO_new_fp(fp, use_pem, true);
- if (bio == nullptr) { fclose(fp); } // (fp owns fd)
+ if (bio == nullptr) {
+ // NOLINTNEXTLINE(cppcoreguidelines-owning-memory) fp owns fd:
+ fclose(fp);
+ }
+ }
+ else {
+ close(fd);
}
- else { close(fd); }
}
-
}
if (bio == nullptr) {
int len = 0;
- auto key = pkey.get();
- switch (EVP_PKEY_base_id(key)) { // use same format as px5g:
+ auto* key = pkey.get();
+ switch (EVP_PKEY_base_id(key)) { // use same format as px5g:
case EVP_PKEY_EC:
- len = use_pem ?
- PEM_write_bio_ECPrivateKey(bio, EVP_PKEY_get0_EC_KEY(key),
- nullptr, nullptr, 0, nullptr, nullptr) :
- i2d_ECPrivateKey_bio(bio, EVP_PKEY_get0_EC_KEY(key));
+ len = use_pem ? PEM_write_bio_ECPrivateKey(bio, EVP_PKEY_get0_EC_KEY(key), nullptr,
+ nullptr, 0, nullptr, nullptr)
+ : i2d_ECPrivateKey_bio(bio, EVP_PKEY_get0_EC_KEY(key));
break;
case EVP_PKEY_RSA:
- len = use_pem ?
- PEM_write_bio_RSAPrivateKey(bio, EVP_PKEY_get0_RSA(key),
- nullptr, nullptr, 0, nullptr, nullptr) :
- i2d_RSAPrivateKey_bio(bio, EVP_PKEY_get0_RSA(key));
+ len = use_pem ? PEM_write_bio_RSAPrivateKey(bio, EVP_PKEY_get0_RSA(key), nullptr,
+ nullptr, 0, nullptr, nullptr)
+ : i2d_RSAPrivateKey_bio(bio, EVP_PKEY_get0_RSA(key));
break;
default:
- len = use_pem ?
- PEM_write_bio_PrivateKey(bio, key,
- nullptr, nullptr, 0, nullptr, nullptr) :
- i2d_PrivateKey_bio(bio, key);
+ len = use_pem
+ ? PEM_write_bio_PrivateKey(bio, key, nullptr, nullptr, 0, nullptr, nullptr)
+ : i2d_PrivateKey_bio(bio, key);
}
BIO_free_all(bio);
- if (len==0) {
+ if (len == 0) {
std::string errmsg{"write_key error: cannot write EVP pkey to "};
errmsg += keypath.empty() ? "stdout" : keypath;
errmsg += "\n";
}
}
-
-auto subject2name(const std::string & subject) -> X509_NAME_ptr
+auto subject2name(const std::string& subject) -> X509_NAME_ptr
{
- if (!subject.empty() && subject[0]!='/') {
+ if (!subject.empty() && subject[0] != '/') {
throw std::runtime_error("subject2name errror: not starting with /");
}
throw std::runtime_error(errmsg);
}
- if (subject.empty()) { return name; }
+ if (subject.empty()) {
+ return name;
+ }
- size_t prev = 1;
+ int prev = 1;
std::string type{};
char chr = '=';
- for (size_t i=0; subject[i] != 0; ) {
+ for (int i = 0; subject[i] != 0;) {
++i;
- if (subject[i]=='\\' && subject[++i]=='\0') {
+ if (subject[i] == '\\' && subject[++i] == '\0') {
throw std::runtime_error("subject2name errror: escape at the end");
}
- if (subject[i]!=chr && subject[i]!='\0') { continue; }
+ if (subject[i] != chr && subject[i] != '\0') {
+ continue;
+ }
if (chr == '=') {
- type = subject.substr(prev, i-prev);
+ type = subject.substr(prev, i - prev);
chr = '/';
- } else {
+ }
+ else {
auto nid = OBJ_txt2nid(type.c_str());
if (nid == NID_undef) {
// skip unknown entries (silently?).
- } else {
- auto val = // X509_NAME_add_entry_by_NID wants it unsigned:
- //NOLINTNEXTLINE(cppcoreguidelines-pro-type-reinterpret-cast)
- reinterpret_cast<const unsigned char *>(&subject[prev]);
+ }
+ else {
+ const auto* val = // X509_NAME_add_entry_by_NID wants it unsigned:
+ // NOLINTNEXTLINE(cppcoreguidelines-pro-type-reinterpret-cast)
+ reinterpret_cast<const unsigned char*>(&subject[prev]);
- auto len = i - prev;
+ int len = i - prev;
- if ( X509_NAME_add_entry_by_NID(name.get(), nid,
- MBSTRING_ASC, //NOLINT(hicpp-signed-bitwise) is macro
- val, len, -1, 0)
- == 0 )
+ if (X509_NAME_add_entry_by_NID(
+ name.get(), nid,
+ MBSTRING_ASC, // NOLINT(hicpp-signed-bitwise) is macro
+ val, len, -1, 0) == 0)
{
std::string errmsg{"subject2name error: cannot add "};
- errmsg += "/" + type +"="+ subject.substr(prev, len) +"\n";
+ errmsg += "/" + type + "=" + subject.substr(prev, len) + "\n";
ERR_print_errors_cb(print_error, &errmsg);
throw std::runtime_error(errmsg);
}
}
chr = '=';
}
- prev = i+1;
+ prev = i + 1;
}
return name;
}
-
-void selfsigned(const EVP_PKEY_ptr & pkey, const int days,
- const std::string & subject, const std::string & crtpath,
+void selfsigned(const EVP_PKEY_ptr& pkey,
+ const int days,
+ const std::string& subject,
+ const std::string& crtpath,
const bool use_pem)
{
- auto x509 = X509_new();
+ auto* x509 = X509_new();
if (x509 == nullptr) {
std::string errmsg{"selfsigned error: cannot create X509 structure\n"};
throw std::runtime_error(errmsg);
}
- auto freeX509_and_throw = [&x509](const std::string & what)
- {
+ auto freeX509_and_throw = [&x509](const std::string& what) {
X509_free(x509);
std::string errmsg{"selfsigned error: cannot set "};
errmsg += what + " in X509 certificate\n";
throw std::runtime_error(errmsg);
};
- if (X509_set_version(x509, 2) == 0) { freeX509_and_throw("version"); }
+ if (X509_set_version(x509, 2) == 0) {
+ freeX509_and_throw("version");
+ }
- if (X509_set_pubkey(x509, pkey.get()) == 0) { freeX509_and_throw("pubkey");}
+ if (X509_set_pubkey(x509, pkey.get()) == 0) {
+ freeX509_and_throw("pubkey");
+ }
if ((X509_gmtime_adj(X509_getm_notBefore(x509), 0) == nullptr) ||
- (X509_time_adj_ex(X509_getm_notAfter(x509), days,0,nullptr) == nullptr))
+ (X509_time_adj_ex(X509_getm_notAfter(x509), days, 0, nullptr) == nullptr))
{
freeX509_and_throw("times");
}
X509_NAME_ptr name{nullptr, ::X509_NAME_free};
- try { name = subject2name(subject); }
+ try {
+ name = subject2name(subject);
+ }
catch (...) {
X509_free(x509);
throw;
freeX509_and_throw("issuer");
}
- auto bignum = BN_new();
+ auto* bignum = BN_new();
- if (bignum == nullptr) { freeX509_and_throw("serial (creating big number struct)"); }
+ if (bignum == nullptr) {
+ freeX509_and_throw("serial (creating big number struct)");
+ }
static const auto BITS = 159;
if (BN_rand(bignum, BITS, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY) == 0) {
freeX509_and_throw("signing digest");
}
- BIO * bio = crtpath.empty() ?
- _BIO_new_fp(stdout, use_pem) :
- BIO_new_file(crtpath.c_str(), (use_pem ? "w" : "wb"));
+ BIO* bio = crtpath.empty() ? _BIO_new_fp(stdout, use_pem)
+ : BIO_new_file(crtpath.c_str(), (use_pem ? "w" : "wb"));
int len = 0;
if (bio != nullptr) {
- len = use_pem ?
- PEM_write_bio_X509(bio, x509) :
- i2d_X509_bio(bio, x509);
+ len = use_pem ? PEM_write_bio_X509(bio, x509) : i2d_X509_bio(bio, x509);
BIO_free_all(bio);
}
X509_free(x509);
- if (len==0) {
+ if (len == 0) {
std::string errmsg{"selfsigned error: cannot write certificate to "};
errmsg += crtpath.empty() ? "stdout" : crtpath;
errmsg += "\n";
}
}
-
#endif
-#include "px5g-openssl.hpp"
+#include <unistd.h>
#include <array>
#include <iostream>
+#include <numeric>
#include <string>
#include <string_view>
-#include <unistd.h>
-
-
-class argv_view { // TODO(pst): use std::span when available.
-
-private:
-
- std::basic_string_view<const char *> data;
-
-public:
-
- argv_view(const argv_view &) = delete;
-
-
- argv_view(argv_view &&) = delete;
-
+#include "px5g-openssl.hpp"
- auto operator=(const argv_view &) -> argv_view & = delete;
+class argv_view { // TODO(pst): use std::span when available.
+ private:
+ std::basic_string_view<const char*> data;
- auto operator=(argv_view &&) -> argv_view & = delete;
+ public:
+ argv_view(const argv_view&) = delete;
+ argv_view(argv_view&&) = delete;
- argv_view(const char ** argv, int argc) :
- data{argv, static_cast<size_t>(argc)} {}
+ auto operator=(const argv_view&) -> argv_view& = delete;
+ auto operator=(argv_view &&) -> argv_view& = delete;
- inline auto operator[] (size_t pos) const -> std::string_view
- { return std::string_view{data[pos]}; }
+ argv_view(const char** argv, int argc) : data{argv, static_cast<size_t>(argc)} {}
+ inline auto operator[](size_t pos) const -> std::string_view
+ {
+ return std::string_view{data[pos]};
+ }
[[nodiscard]] inline constexpr auto size() const noexcept -> size_t
- { return data.size(); }
-
+ {
+ return data.size();
+ }
~argv_view() = default;
-
};
-
static const auto default_validity = 30;
+auto checkend(const argv_view& argv) -> int;
-auto checkend(const argv_view & argv) -> int;
-
-
-void eckey(const argv_view & argv);
-
-
-void rsakey(const argv_view & argv);
+void eckey(const argv_view& argv);
+void rsakey(const argv_view& argv);
-void selfsigned(const argv_view & argv);
+void selfsigned(const argv_view& argv);
-
-inline auto parse_int(const std::string_view & arg) -> int
+inline auto parse_int(const std::string_view& arg) -> int
{
- size_t pos;
+ size_t pos = 0;
int ret = stoi(std::string{arg}, &pos);
if (pos < arg.size()) {
throw std::runtime_error("number has trailing char");
return ret;
}
-
-inline auto parse_curve(const std::string_view & name) -> int
+inline auto parse_curve(const std::string_view& name) -> int
{
- if (name=="P-384") { return NID_secp384r1; }
- if (name=="P-521") { return NID_secp521r1; }
- if (name=="P-256" || name=="secp256r1") { return NID_X9_62_prime256v1; }
- if (name=="secp192r1") { return NID_X9_62_prime192v1; }
+ if (name == "P-384") {
+ return NID_secp384r1;
+ }
+ if (name == "P-521") {
+ return NID_secp521r1;
+ }
+ if (name == "P-256" || name == "secp256r1") {
+ return NID_X9_62_prime256v1;
+ }
+ if (name == "secp192r1") {
+ return NID_X9_62_prime192v1;
+ }
return OBJ_sn2nid(name.data());
// not: if (curve == 0) { curve = EC_curve_nist2nid(name.c_str()); }
}
-
-auto checkend(const argv_view & argv) -> int
+auto checkend(const argv_view& argv) -> int
{
bool use_pem = true;
std::string crtpath{};
time_t seconds = 0;
- for (size_t i=2; i<argv.size(); ++i) {
- if (argv[i]=="-der") {
+ for (size_t i = 2; i < argv.size(); ++i) {
+ if (argv[i] == "-der") {
use_pem = false;
- } else if (argv[i]=="-in") {
+ }
+ else if (argv[i] == "-in") {
++i;
if (i >= argv.size()) {
if (!crtpath.empty()) {
if (argv[i] == crtpath) {
- std::cerr<<"checkend warning: repeated same -in file\n";
- } else {
- throw std::runtime_error
- ("checkend error: more than one -in file");
+ std::cerr << "checkend warning: repeated same -in file\n";
+ }
+ else {
+ throw std::runtime_error("checkend error: more than one -in file");
}
}
crtpath = argv[i];
}
- else if (argv[i][0]=='-') {
- std::cerr<<"checkend warning: skipping option "<<argv[i]<<std::endl;
- } else { // main option:
+ else if (argv[i][0] == '-') {
+ std::cerr << "checkend warning: skipping option " << argv[i] << std::endl;
+ }
+ else { // main option:
intmax_t num = 0;
try {
num = parse_int(argv[i]);
- } catch (...) {
+ }
+ catch (...) {
auto errmsg = std::string{"checkend error: invalid time "};
errmsg += argv[i];
std::throw_with_nested(std::runtime_error(errmsg));
seconds = static_cast<time_t>(num);
- if (num!=static_cast<intmax_t>(seconds)) {
+ if (num != static_cast<intmax_t>(seconds)) {
auto errmsg = std::string{"checkend error: time too big "};
errmsg += argv[i];
throw std::runtime_error(errmsg);
}
bool valid = checkend(crtpath, seconds, use_pem);
- std::cout<<"Certificate will"<<(valid ? " not " : " ")<<"expire"<<std::endl;
+ std::cout << "Certificate will" << (valid ? " not " : " ") << "expire" << std::endl;
return (valid ? 0 : 1);
}
-
-void eckey(const argv_view & argv)
+void eckey(const argv_view& argv)
{
bool has_main_option = false;
bool use_pem = true;
std::string keypath{};
int curve = NID_X9_62_prime256v1;
- for (size_t i=2; i < argv.size(); ++i) {
- if (argv[i]=="-der") {
+ for (size_t i = 2; i < argv.size(); ++i) {
+ if (argv[i] == "-der") {
use_pem = false;
- } else if (argv[i]=="-out") {
+ }
+ else if (argv[i] == "-out") {
++i;
if (i >= argv.size()) {
}
if (!keypath.empty()) {
- if (argv[i]==keypath) {
- std::cerr<<"eckey warning: repeated same -out file\n";
- } else {
- throw std::runtime_error
- ("eckey error: more than one -out file");
+ if (argv[i] == keypath) {
+ std::cerr << "eckey warning: repeated same -out file\n";
+ }
+ else {
+ throw std::runtime_error("eckey error: more than one -out file");
}
}
keypath = argv[i];
}
- else if (argv[i][0]=='-') {
- std::cerr<<"eckey warning: skipping option "<<argv[i]<<std::endl;
- } else { //main option:
+ else if (argv[i][0] == '-') {
+ std::cerr << "eckey warning: skipping option " << argv[i] << std::endl;
+ }
+ else { // main option:
if (has_main_option) {
- throw std::runtime_error
- ("eckey error: more than one main option");
- } //else:
+ throw std::runtime_error("eckey error: more than one main option");
+ } // else:
has_main_option = true;
curve = parse_curve(argv[i]);
write_key(gen_eckey(curve), keypath, use_pem);
}
-
-void rsakey(const argv_view & argv)
+void rsakey(const argv_view& argv)
{
bool has_main_option = false;
bool use_pem = true;
BN_ULONG exponent = RSA_F4;
int keysize = rsa_min_modulus_bits;
- for (size_t i=2; i < argv.size(); ++i) {
- if (argv[i]=="-der") {
+ for (size_t i = 2; i < argv.size(); ++i) {
+ if (argv[i] == "-der") {
use_pem = false;
- } else if (argv[i]=="-3") {
+ }
+ else if (argv[i] == "-3") {
exponent = 3;
- } else if (argv[i]=="-out") {
+ }
+ else if (argv[i] == "-out") {
++i;
if (i >= argv.size()) {
}
if (!keypath.empty()) {
- if (argv[i]==keypath) {
- std::cerr<<"rsakey warning: repeated -out file"<<std::endl;
- } else {
- throw std::runtime_error
- ("rsakey error: more than one -out file");
+ if (argv[i] == keypath) {
+ std::cerr << "rsakey warning: repeated -out file" << std::endl;
+ }
+ else {
+ throw std::runtime_error("rsakey error: more than one -out file");
}
}
keypath = argv[i];
}
- else if (argv[i][0]=='-') {
- std::cerr<<"rsakey warning: skipping option "<<argv[i]<<std::endl;
- } else { //main option:
+ else if (argv[i][0] == '-') {
+ std::cerr << "rsakey warning: skipping option " << argv[i] << std::endl;
+ }
+ else { // main option:
if (has_main_option) {
throw std::runtime_error("rsakey error: more than one keysize");
- } //else:
+ } // else:
has_main_option = true;
try {
keysize = parse_int(argv[i]);
- } catch (...) {
+ }
+ catch (...) {
std::string errmsg{"rsakey error: invalid keysize "};
errmsg += argv[i];
std::throw_with_nested(std::runtime_error(errmsg));
write_key(gen_rsakey(keysize, exponent), keypath, use_pem);
}
-
-void selfsigned(const argv_view & argv)
+void selfsigned(const argv_view& argv)
{
bool use_pem = true;
int days = default_validity;
int curve = NID_X9_62_prime256v1;
- for (size_t i=2; i < argv.size(); ++i) {
- if (argv[i]=="-der") {
+ for (size_t i = 2; i < argv.size(); ++i) {
+ if (argv[i] == "-der") {
use_pem = false;
- } else if (argv[i]=="-days") {
+ }
+ else if (argv[i] == "-days") {
++i;
try {
days = parse_int(argv[i]);
- } catch (...) {
+ }
+ catch (...) {
std::string errmsg{"selfsigned error: not a number for -days "};
errmsg += argv[i].substr(4);
std::throw_with_nested(std::runtime_error(errmsg));
}
}
- else if (argv[i]=="-newkey") {
+ else if (argv[i] == "-newkey") {
++i;
if (i >= argv.size()) {
- throw std::runtime_error
- ("selfsigned error: -newkey misses algorithm option");
+ throw std::runtime_error("selfsigned error: -newkey misses algorithm option");
}
static constexpr auto rsa_prefix = std::string_view{"rsa:"};
- if (argv[i]=="ec") {
+ if (argv[i] == "ec") {
use_rsa = false;
- } else if (argv[i].rfind(rsa_prefix, 0) == 0) {
+ }
+ else if (argv[i].rfind(rsa_prefix, 0) == 0) {
use_rsa = true;
try {
keysize = parse_int(argv[i].substr(rsa_prefix.size()));
- } catch (...) {
+ }
+ catch (...) {
std::string errmsg{"selfsigned error: invalid keysize "};
errmsg += argv[i].substr(4);
std::throw_with_nested(std::runtime_error(errmsg));
}
- } else {
+ }
+ else {
throw std::runtime_error("selfsigned error: invalid algorithm");
}
}
- else if (argv[i]=="-pkeyopt") {
+ else if (argv[i] == "-pkeyopt") {
++i;
if (i >= argv.size()) {
- throw std::runtime_error
- ("selfsigned error: -pkeyopt misses value");
+ throw std::runtime_error("selfsigned error: -pkeyopt misses value");
}
- static constexpr auto curve_prefix =
- std::string_view{"ec_paramgen_curve:"};
+ static constexpr auto curve_prefix = std::string_view{"ec_paramgen_curve:"};
if (argv[i].rfind(curve_prefix, 0) != 0) {
throw std::runtime_error("selfsigned error: -pkeyopt invalid");
curve = parse_curve(argv[i].substr(curve_prefix.size()));
}
- else if (argv[i]=="-keyout") {
+ else if (argv[i] == "-keyout") {
++i;
if (i >= argv.size()) {
- throw std::runtime_error
- ("selfsigned error: -keyout misses path");
+ throw std::runtime_error("selfsigned error: -keyout misses path");
}
if (!keypath.empty()) {
- if (argv[i]==keypath) {
- std::cerr<<"selfsigned warning: repeated -keyout file\n";
- } else {
- throw std::runtime_error
- ("selfsigned error: more than one -keyout file");
+ if (argv[i] == keypath) {
+ std::cerr << "selfsigned warning: repeated -keyout file\n";
+ }
+ else {
+ throw std::runtime_error("selfsigned error: more than one -keyout file");
}
}
keypath = argv[i];
}
- else if (argv[i]=="-out") {
+ else if (argv[i] == "-out") {
++i;
if (i >= argv.size()) {
- throw std::runtime_error
- ("selfsigned error: -out misses filename");
+ throw std::runtime_error("selfsigned error: -out misses filename");
}
if (!crtpath.empty()) {
- if (argv[i]==crtpath) {
- std::cerr<<"selfsigned warning: repeated same -out file\n";
- } else {
- throw std::runtime_error
- ("selfsigned error: more than one -out file");
+ if (argv[i] == crtpath) {
+ std::cerr << "selfsigned warning: repeated same -out file\n";
+ }
+ else {
+ throw std::runtime_error("selfsigned error: more than one -out file");
}
}
crtpath = argv[i];
}
- else if (argv[i]=="-subj") {
+ else if (argv[i] == "-subj") {
++i;
if (i >= argv.size()) {
- throw std::runtime_error
- ("selfsigned error: -subj misses value");
+ throw std::runtime_error("selfsigned error: -subj misses value");
}
if (!subject.empty()) {
- if (argv[i]==subject) {
- std::cerr<<"selfsigned warning: repeated same -subj\n";
- } else {
- throw std::runtime_error
- ("selfsigned error: more than one -subj value");
+ if (argv[i] == subject) {
+ std::cerr << "selfsigned warning: repeated same -subj\n";
+ }
+ else {
+ throw std::runtime_error("selfsigned error: more than one -subj value");
}
}
}
else {
- std::cerr<<"selfsigned warning: skipping option "<<argv[i]<<std::endl;
+ std::cerr << "selfsigned warning: skipping option " << argv[i] << std::endl;
}
}
selfsigned(pkey, days, subject, crtpath, use_pem);
- if (!keypath.empty()) { write_key(pkey, keypath, use_pem); }
+ if (!keypath.empty()) {
+ write_key(pkey, keypath, use_pem);
+ }
}
-
-auto main(int argc, const char ** argv) -> int
+auto main(int argc, const char** argv) -> int
{
auto args = argv_view{argv, argc};
auto cmds = std::array{
std::array<std::string, 2>{"checkend",
- " [-der] [-in certificate_path] [seconds_remaining]"
- },
- std::array<std::string, 2>{"eckey",
- " [-der] [-out key_path] [curve_name]"
- },
- std::array<std::string, 2>{"rsakey",
- " [-der] [-out key_path] [-3] [key_size]"
- },
- std::array<std::string, 2>{"selfsigned",
+ " [-der] [-in certificate_path] [seconds_remaining]"},
+ std::array<std::string, 2>{"eckey", " [-der] [-out key_path] [curve_name]"},
+ std::array<std::string, 2>{"rsakey", " [-der] [-out key_path] [-3] [key_size]"},
+ std::array<std::string, 2>{
+ "selfsigned",
" [-der] [-keyout key_path] [-out certificate_path]"
" [-newkey ec|rsa:key_size] [-pkeyopt ec_paramgen_curve:name]"
- " [-days validity] [-subj /C=.../ST=.../L=.../O=.../CN=.../... ]"
- },
+ " [-days validity] [-subj /C=.../ST=.../L=.../O=.../CN=.../... ]"},
};
try {
- if (argc < 2) { throw std::runtime_error("error: no argument"); }
+ if (argc < 2) {
+ throw std::runtime_error("error: no argument");
+ }
- if (args[1]==cmds[0][0]) {return checkend(args);}
+ if (args[1] == cmds[0][0]) {
+ return checkend(args);
+ }
- if (args[1]==cmds[1][0]) { eckey(args); }
+ if (args[1] == cmds[1][0]) {
+ eckey(args);
+ }
- else if (args[1]==cmds[2][0]) { rsakey(args); }
+ else if (args[1] == cmds[2][0]) {
+ rsakey(args);
+ }
- else if (args[1]==cmds[3][0]) { selfsigned(args); }
+ else if (args[1] == cmds[3][0]) {
+ selfsigned(args);
+ }
- else { throw std::runtime_error("error: argument not recognized"); }
+ else {
+ throw std::runtime_error("error: argument not recognized");
+ }
}
- catch (const std::exception & e) {
-
- auto usage = std::string{"usage: \n"} ;
- for (auto cmd : cmds) {
- usage += std::string{4, ' '} + *argv +" "+ cmd[0] + cmd[1] +"\n";
- }
+ catch (const std::exception& e) {
+ auto usage = std::accumulate(
+ cmds.begin(), cmds.end(), std::string{"usage: \n"},
+ [=](const auto& use, const auto& cmd) {
+ return use + std::string{4, ' '} + *argv + " " + cmd[0] + cmd[1] + "\n";
+ });
- std::cerr<<usage<<std::flush;
+ std::cerr << usage << std::flush;
- auto print_nested =
- [](auto && self, const std::exception & outer, int depth=0) -> void
- {
- std::cerr<<std::string(depth, '\t')<<outer.what()<<std::endl;
- try { std::rethrow_if_nested(outer); }
- catch (const std::exception & inner) { self(self, inner, depth+1); }
+ auto print_nested = [](auto&& self, const std::exception& outer, int depth = 0) -> void {
+ std::cerr << std::string(depth, '\t') << outer.what() << std::endl;
+ try {
+ std::rethrow_if_nested(outer);
+ }
+ catch (const std::exception& inner) {
+ self(self, inner, depth + 1);
+ }
};
print_nested(print_nested, e);
}
catch (...) {
- std::cerr<<*argv<<" unknown error."<<std::endl;
+ std::cerr << *argv << " unknown error." << std::endl;
return 2;
}
#ifndef __REGEXP_PCRE_HPP
#define __REGEXP_PCRE_HPP
-#include <array>
#include <pcre.h>
+#include <array>
#include <stdexcept>
#include <string>
#include <vector>
-
namespace rgx {
/* partially implement the std::regex interface using PCRE for performance
* (=> pass "match" as non-const reference)
*/
-
namespace regex_constants {
- enum error_type
- {
- _enum_error_collate,
- _enum_error_ctype,
- _enum_error_escape,
- _enum_error_backref,
- _enum_error_brack,
- _enum_error_paren,
- _enum_error_brace,
- _enum_error_badbrace,
- _enum_error_range,
- _enum_error_space,
- _enum_error_badrepeat,
- _enum_error_complexity,
- _enum_error_stack,
- _enum_error_last
- };
- static const error_type error_collate(_enum_error_collate);
- static const error_type error_ctype(_enum_error_ctype);
- static const error_type error_escape(_enum_error_escape);
- static const error_type error_backref(_enum_error_backref);
- static const error_type error_brack(_enum_error_brack);
- static const error_type error_paren(_enum_error_paren);
- static const error_type error_brace(_enum_error_brace);
- static const error_type error_badbrace(_enum_error_badbrace);
- static const error_type error_range(_enum_error_range);
- static const error_type error_space(_enum_error_space);
- static const error_type error_badrepeat(_enum_error_badrepeat);
- static const error_type error_complexity(_enum_error_complexity);
- static const error_type error_stack(_enum_error_stack);
-} // namespace regex_constants
-
-
+enum error_type {
+ _enum_error_collate,
+ _enum_error_ctype,
+ _enum_error_escape,
+ _enum_error_backref,
+ _enum_error_brack,
+ _enum_error_paren,
+ _enum_error_brace,
+ _enum_error_badbrace,
+ _enum_error_range,
+ _enum_error_space,
+ _enum_error_badrepeat,
+ _enum_error_complexity,
+ _enum_error_stack,
+ _enum_error_last
+};
+static const error_type error_collate(_enum_error_collate);
+static const error_type error_ctype(_enum_error_ctype);
+static const error_type error_escape(_enum_error_escape);
+static const error_type error_backref(_enum_error_backref);
+static const error_type error_brack(_enum_error_brack);
+static const error_type error_paren(_enum_error_paren);
+static const error_type error_brace(_enum_error_brace);
+static const error_type error_badbrace(_enum_error_badbrace);
+static const error_type error_range(_enum_error_range);
+static const error_type error_space(_enum_error_space);
+static const error_type error_badrepeat(_enum_error_badrepeat);
+static const error_type error_complexity(_enum_error_complexity);
+static const error_type error_stack(_enum_error_stack);
+} // namespace regex_constants
class regex_error : public std::runtime_error {
-
-private:
-
+ private:
regex_constants::error_type errcode;
+ public:
+ explicit regex_error(regex_constants::error_type code, const char* what = "regex error")
+ : runtime_error(what), errcode(code)
+ {}
-public:
-
- explicit regex_error(regex_constants::error_type code,
- const char * what="regex error")
- : runtime_error(what), errcode(code)
- { }
-
-
- [[nodiscard]] auto code() const -> regex_constants::error_type
- { return errcode; }
-
+ [[nodiscard]] auto virtual code() const -> regex_constants::error_type;
};
-
+[[nodiscard]] auto regex_error::code() const -> regex_constants::error_type
+{
+ return errcode;
+}
class regex {
-
-private:
-
+ private:
int errcode = 0;
- const char * errptr = nullptr;
+ const char* errptr = nullptr;
int erroffset = 0;
- pcre * const re = nullptr;
+ pcre* const re = nullptr;
- static const std::array<regex_constants::error_type,86> errcode_pcre2regex;
+ static const std::array<regex_constants::error_type, 86> errcode_pcre2regex;
static const auto BASE = 10;
-
-public:
-
+ public:
inline regex() = default;
+ inline regex(const regex&) = delete;
- inline regex(const regex &) = delete;
-
-
- inline regex(regex &&) = default;
-
-
- inline auto operator=(const regex &) -> regex & = delete;
+ inline regex(regex&&) = default;
+ inline auto operator=(const regex&) -> regex& = delete;
- inline auto operator=(regex &&) -> regex & = delete;
+ inline auto operator=(regex &&) -> regex& = delete;
+ explicit regex(const std::string& str) : regex(str.c_str()) {}
- explicit regex(const std::string & str)
- : re{ pcre_compile2(str.c_str(), 0, &errcode, &errptr, &erroffset,nullptr) }
+ explicit regex(const char* const str)
+ : re{pcre_compile2(str, 0, &errcode, &errptr, &erroffset, nullptr)}
{
- if (re==nullptr) {
+ if (re == nullptr) {
std::string what = std::string("regex error: ") + errptr + '\n';
- what += " '" + str + "'\n";
+ what += " '" + std::string{str} + "'\n";
what += " " + std::string(erroffset, ' ') + '^';
throw regex_error(errcode_pcre2regex.at(errcode), what.c_str());
}
}
+ ~regex()
+ {
+ if (re != nullptr) {
+ pcre_free(re);
+ }
+ }
- ~regex() { if (re != nullptr) { pcre_free(re); } }
-
-
- inline auto operator()() const -> const pcre * { return re; }
-
+ inline auto operator()() const -> const pcre*
+ {
+ return re;
+ }
};
-
-
class smatch {
-
friend auto regex_search(std::string::const_iterator begin,
std::string::const_iterator end,
- smatch & match, //NOLINT(google-runtime-references)
- const regex & rgx); // match std::regex interface.
-
-
-private:
+ smatch& match, // NOLINT(google-runtime-references)
+ const regex& rgx); // match std::regex interface.
+ private:
std::string::const_iterator begin;
std::string::const_iterator end;
- std::vector <int> vec{};
+ std::vector<int> vec{};
int n = 0;
-
-public:
-
- [[nodiscard]] inline auto position(int i=0) const {
- return (i<0 || i>=n) ? std::string::npos : vec[2*i];
+ public:
+ [[nodiscard]] inline auto position(int i = 0) const
+ {
+ return (i < 0 || i >= n) ? std::string::npos : vec[2 * i];
}
-
- [[nodiscard]] inline auto length(int i=0) const {
- return (i<0 || i>=n) ? 0 : vec[2*i+1] - vec[2*i];
+ [[nodiscard]] inline auto length(int i = 0) const
+ {
+ return (i < 0 || i >= n) ? 0 : vec[2 * i + 1] - vec[2 * i];
}
-
- [[nodiscard]] auto str(int i=0) const -> std::string { // should we throw?
- if (i<0 || i>=n) { return ""; }
- int x = vec[2*i];
- if (x<0) { return ""; }
- int y = vec[2*i+1];
+ [[nodiscard]] auto str(int i = 0) const -> std::string
+ { // should we throw?
+ if (i < 0 || i >= n) {
+ return "";
+ }
+ int x = vec[2 * i];
+ if (x < 0) {
+ return "";
+ }
+ int y = vec[2 * i + 1];
return std::string{begin + x, begin + y};
}
+ [[nodiscard]] auto format(const std::string& fmt) const;
- [[nodiscard]] auto format(const std::string & fmt) const;
-
-
- [[nodiscard]] auto size() const -> int { return n; }
-
-
- [[nodiscard]] inline auto empty() const { return n<0; }
-
+ [[nodiscard]] auto size() const -> int
+ {
+ return n;
+ }
- [[nodiscard]] inline auto ready() const { return !vec.empty(); }
+ [[nodiscard]] inline auto empty() const
+ {
+ return n < 0;
+ }
+ [[nodiscard]] inline auto ready() const
+ {
+ return !vec.empty();
+ }
};
+inline auto regex_search(const std::string& subj, const regex& rgx);
-inline auto regex_search(const std::string & subj, const regex & rgx);
-
-
-auto regex_replace(const std::string & subj,
- const regex & rgx,
- const std::string & insert);
-
-
-inline auto regex_search(const std::string & subj,
- smatch & match, //NOLINT(google-runtime-references)
- const regex & rgx); // match std::regex interface.
+auto regex_replace(const std::string& subj, const regex& rgx, const std::string& insert);
+inline auto regex_search(const std::string& subj,
+ smatch& match, // NOLINT(google-runtime-references)
+ const regex& rgx); // match std::regex interface.
auto regex_search(std::string::const_iterator begin,
std::string::const_iterator end,
- smatch & match, //NOLINT(google-runtime-references)
- const regex & rgx); // match std::regex interface.
-
-
+ smatch& match, // NOLINT(google-runtime-references)
+ const regex& rgx); // match std::regex interface.
// ------------------------- implementation: ----------------------------------
-
-inline auto regex_search(const std::string & subj, const regex & rgx)
+inline auto regex_search(const std::string& subj, const regex& rgx)
{
- if (rgx()==nullptr) {
+ if (rgx() == nullptr) {
throw std::runtime_error("regex_search error: no regex given");
}
- int n = pcre_exec(rgx(), nullptr, subj.c_str(), subj.length(),
- 0, 0, nullptr, 0);
- return n>=0;
+ int n =
+ pcre_exec(rgx(), nullptr, subj.c_str(), static_cast<int>(subj.length()), 0, 0, nullptr, 0);
+ return n >= 0;
}
-
auto regex_search(const std::string::const_iterator begin,
const std::string::const_iterator end,
- smatch & match,
- const regex & rgx)
+ smatch& match,
+ const regex& rgx)
{
- if (rgx()==nullptr) {
+ if (rgx() == nullptr) {
throw std::runtime_error("regex_search error: no regex given");
}
int sz = 0;
pcre_fullinfo(rgx(), nullptr, PCRE_INFO_CAPTURECOUNT, &sz);
- sz = 3*(sz + 1);
+ sz = 3 * (sz + 1);
match.vec.reserve(sz);
- const char * subj = &*begin;
- size_t len = &*end - subj;
+ const char* subj = &*begin;
+ int len = static_cast<int>(&*end - subj);
match.begin = begin;
match.end = end;
match.n = pcre_exec(rgx(), nullptr, subj, len, 0, 0, &match.vec[0], sz);
- if (match.n<0) { return false; }
- if (match.n==0) { match.n = sz/3; }
+ if (match.n < 0) {
+ return false;
+ }
+ if (match.n == 0) {
+ match.n = sz / 3;
+ }
return true;
}
-
-inline auto regex_search(const std::string & subj, smatch & match,
- const regex & rgx)
+inline auto regex_search(const std::string& subj, smatch& match, const regex& rgx)
{
return regex_search(subj.begin(), subj.end(), match, rgx);
}
-
-auto smatch::format(const std::string & fmt) const {
+auto smatch::format(const std::string& fmt) const
+{
std::string ret{};
size_t index = 0;
- size_t pos;
- while ((pos=fmt.find('$', index)) != std::string::npos) {
- ret.append(fmt, index, pos-index);
+ size_t pos = 0;
+ while ((pos = fmt.find('$', index)) != std::string::npos) {
+ ret.append(fmt, index, pos - index);
index = pos + 1;
char chr = fmt[index++];
- switch(chr) {
-
- case '&': // match
+ switch (chr) {
+ case '&': // match
ret += str(0);
break;
- case '`': // prefix
- ret.append(begin, begin+vec[0]);
+ case '`': // prefix
+ ret.append(begin, begin + vec[0]);
break;
- case '\'': // suffix
- ret.append(begin+vec[1], end);
+ case '\'': // suffix
+ ret.append(begin + vec[1], end);
break;
default:
- if (isdigit(chr) != 0) { // one or two digits => submatch:
+ if (isdigit(chr) != 0) { // one or two digits => submatch:
int num = chr - '0';
chr = fmt[index];
- if (isdigit(chr) != 0) { // second digit:
+ if (isdigit(chr) != 0) { // second digit:
++index;
static const auto base = 10;
- num = num*base + chr - '0';
+ num = num * base + chr - '0';
}
ret += str(num);
break;
- } //else:
+ } // else:
ret += '$';
[[fallthrough]];
- case '$': // escaped
+ case '$': // escaped
ret += chr;
}
}
return ret;
}
-
-auto regex_replace(const std::string & subj,
- const regex & rgx,
- const std::string & insert)
+auto regex_replace(const std::string& subj, const regex& rgx, const std::string& insert)
{
- if (rgx()==nullptr) {
+ if (rgx() == nullptr) {
throw std::runtime_error("regex_replace error: no regex given");
}
std::string ret{};
auto pos = subj.begin();
- for (smatch match;
- regex_search(pos, subj.end(), match, rgx);
+ for (smatch match; regex_search(pos, subj.end(), match, rgx);
pos += match.position(0) + match.length(0))
{
ret.append(pos, pos + match.position(0));
return ret;
}
-
-
// ------------ There is only the translation table below : -------------------
-
const std::array<regex_constants::error_type, 86> regex::errcode_pcre2regex = {
// 0 no error
regex_constants::error_type::_enum_error_last,
regex_constants::error_backref,
// 56 inconsistent NEWLINE options
regex_constants::error_escape,
- // 57 \g is not followed by a braced, angle-bracketed, or quoted name/number or by a plain number
+ // 57 \g is not followed by a braced, angle-bracketed, or quoted name/number or by a plain
+ // number
regex_constants::error_backref,
// 58 a numbered reference must not be zero
regex_constants::error_backref,
// 84 group name must start with a non-digit
regex_constants::error_backref,
// 85 parentheses are too deeply nested (stack check)
- regex_constants::error_stack
-};
-
-
-} // namespace rgx
+ regex_constants::error_stack};
+} // namespace rgx
#endif
NGINX_UTIL="/usr/bin/nginx-util"
+ORIG=".original-test-nginx-util-root"
+
+mkdir -p /tmp/.uci/
+
+uci commit nginx || { printf "Error invoking: uci commit\n Exit."; exit 2; }
+
+
+pst_exit() {
+ printf "\nExit: Recovering original settings ... "
+
+ uci revert nginx
+
+ cd "/etc/config/" && rm "nginx" && mv "nginx.${ORIG}" "nginx" ||
+ printf "\n%s: not moved %s to %s\n" "/etc/config/" "nginx${ORIG}" "nginx"
+
+ cd "/etc/crontabs/" && rm "root" && mv "root${ORIG}" "root" ||
+ printf "\n%s: not moved %s to %s\n" "/etc/crontabs/" "root${ORIG}" "root"
+
+ cd "$(dirname "${CONF_DIR}")" && rm -r "${CONF_DIR}" &&
+ mv "$(basename "${CONF_DIR}")${ORIG}" "$(basename "${CONF_DIR}")" ||
+ printf "\n%s: not moved %s to %s\n" "$(dirname "${CONF_DIR}")" \
+ "$(basename "${CONF_DIR}")${ORIG}" "$(basename "${CONF_DIR}")"
+
+ printf "done.\n"
+
+ exit "$1"
+}
+
+
+mkdir -p "/etc/config/" && touch "/etc/config/nginx"
+
+cd "/etc/config/" && [ ! -e "nginx${ORIG}" ] && cp "nginx" "nginx.${ORIG}" || {
+ printf "\n%s: not copied %s to %s\n" "/etc/config/" "nginx" "nginx${ORIG}"
+ pst_exit 3
+}
+
+uci set nginx.global.uci_enable=1
+
+
+mkdir -p "/etc/crontabs/" && touch "/etc/crontabs/root"
+
+cd "/etc/crontabs/" && [ ! -e "root${ORIG}" ] && mv "root" "root${ORIG}" || {
+ printf "\n%s: not moved %s to %s\n" "/etc/crontabs/" "root${ORIG}" "root"
+ pst_exit 4
+}
+
+touch "/etc/crontabs/root"
+
+
+# ----------------------------------------------------------------------------
+
__esc_newlines() {
echo "${1}" | sed -E 's/$/\\n/' | tr -d '\n' | sed -E 's/\\n$/\n/'
}
echo "" | sed -E "c${1}"
}
+
+fileauto="# This file is re-created when Nginx starts."
+
+setpoint_init_lan() {
+ echo "${fileauto}"
+
+ sed -n -E '/^\s*#UCI_HTTP_CONFIG\s*$/q;p' "${UCI_CONF}.template"
+
+ local rhs="\t}\n\n\tserver { #see uci show 'nginx.\1'"
+ uci -n export nginx \
+ | sed -E -e "s/'//g" \
+ -e '/^\s*package\s+nginx\s*$/d' \
+ -e '/^\s*config\s+main\s/d' \
+ -e "s/^\s*config\s+server\s+(.*)$/$rhs/g" \
+ -e 's/^\s*list\s/\t\t/g' \
+ -e 's/^\s*option\s/\t\t/g' \
+ -e 's/^\s*uci_listen_locally\s+/\t\tlisten 127.0.0.1:/g' \
+ -e '/^\s*uci_/d' \
+ -e '/^$/d' -e "s/[^'\n]$/&;/g" \
+ | sed "1,2d"
+ printf "\t}\n\n"
+
+ sed -E '1,/^\s*#UCI_HTTP_CONFIG\s*$/ d' "${UCI_CONF}.template"
+}
+
+
setpoint_add_ssl() {
local indent="\n$1"
local name="$2"
[ "${name}" = "${LAN_NAME}" ] && default=".default"
local prefix="${CONF_DIR}${name}"
- local CONF="$(grep -vE "$(_regex "${NGX_INCLUDE}" \
- "${LAN_LISTEN}${default}")" "${prefix}.sans" 2>/dev/null)"
local ADDS=""
- echo "${CONF}" \
- | grep -qE "$(_regex "${NGX_INCLUDE}" "${LAN_SSL_LISTEN}${default}")" \
- || ADDS="${ADDS}${indent}$(_sed_rhs "${NGX_INCLUDE}" \
- "${LAN_SSL_LISTEN}${default}")"
+ local CONF
+ CONF="$(sed -E \
+ -e "s/$(_regex "${NGX_INCLUDE}" "${LAN_LISTEN}${default}")/$1$(\
+ _sed_rhs "${NGX_INCLUDE}" "${LAN_SSL_LISTEN}${default}")/g" \
+ -e "s/^(\s*listen\s+)([^:]*:|\[[^]]*\]:)?80(\s|$|;)/\1\2443 ssl\3/g" \
+ "${prefix}.sans" 2>/dev/null)"
echo "${CONF}" | grep -qE "$(_regex "${NGX_SSL_CRT}" "${prefix}")" \
|| ADDS="${ADDS}${indent}$(_sed_rhs "${NGX_SSL_CRT}" "${prefix}")"
echo "${CONF}" | grep -qE "$(_regex "${NGX_SSL_KEY}" "${prefix}")" \
}
+test_existence() {
+ if [ "$2" -eq "0" ]
+ then
+ [ ! -f "$1" ] && echo "$1 missing!" &&
+ [ "${PRINT_PASSED}" -gt 1 ] && pst_exit 1
+ else
+ [ -f "$1" ] && echo "$1 existing!" &&
+ [ "${PRINT_PASSED}" -gt 1 ] && pst_exit 1
+ fi
+}
+
+
test() {
eval "$1 2>/dev/null >/dev/null"
if [ "$?" -eq "$2" ]
&& printf "%-72s%-1s\n" "$1" "2>/dev/null >/dev/null (-> $2?) passed."
else
printf "%-72s%-1s\n" "$1" "2>/dev/null >/dev/null (-> $2?) failed!!!"
- [ "${PRINT_PASSED}" -gt 1 ] && exit 1
+ [ "${PRINT_PASSED}" -gt 0 ] && printf "\n### Snip:\n" && eval "$1"
+ [ "${PRINT_PASSED}" -gt 0 ] && printf "### Snap.\n"
+ [ "${PRINT_PASSED}" -gt 1 ] && pst_exit 1
fi
}
+
[ "$PRINT_PASSED" -gt 0 ] && printf "\nTesting %s get_env ...\n" "${NGINX_UTIL}"
+
eval $("${NGINX_UTIL}" get_env)
+test '[ -n "${UCI_CONF}" ]' 0
test '[ -n "${NGINX_CONF}" ]' 0
test '[ -n "${CONF_DIR}" ]' 0
test '[ -n "${LAN_NAME}" ]' 0
test '[ -n "${SSL_SESSION_CACHE_ARG}" ]' 0
test '[ -n "${SSL_SESSION_TIMEOUT_ARG}" ]' 0
test '[ -n "${ADD_SSL_FCT}" ]' 0
+test '[ -n "${MANAGE_SSL}" ]' 0
+
+mkdir -p "$(dirname "${LAN_LISTEN}")"
+
+mkdir -p "${CONF_DIR}"
+
+cd "$(dirname "${CONF_DIR}")" && [ ! -e "$(basename "${CONF_DIR}")${ORIG}" ] &&
+mv "$(basename "${CONF_DIR}")" "$(basename "${CONF_DIR}")${ORIG}" ||
+{
+ printf "\n%s: not moved %s to %s\n" "$(dirname "${CONF_DIR}")" \
+ "$(basename "${CONF_DIR}")" "$(basename "${CONF_DIR}")${ORIG}"
+ pst_exit 3
+}
[ "$PRINT_PASSED" -gt 0 ] && printf "\nPrepare files in %s ...\n" "${CONF_DIR}"
mkdir -p "${CONF_DIR}"
-cd "${CONF_DIR}" || exit 2
+cd "${CONF_DIR}" || pst_exit 2
NGX_INCLUDE="include '\$';"
NGX_SERVER_NAME="server_name * '\$' *;"
EOF
CONFS="${CONFS} minimal:0"
+cat > listens.sans <<EOF
+server {
+ listen 80;
+ listen 81;
+ listen hostname:80;
+ listen hostname:81;
+ listen [::]:80;
+ listen [::]:81;
+ listen 1.3:80;
+# listen 1.3:80;
+ listen 1.3:81;
+ listen [1::3]:80;
+ listen [1::3]:81;
+ server_name listens;
+}
+EOF
+CONFS="${CONFS} listens:0"
+
cat > normal.sans <<EOF
server {
include '${LAN_LISTEN}';
EOF
CONFS="${CONFS} normal:0"
+cat > acme.sans <<EOF
+server {
+ listen 80;
+ include '${LAN_LISTEN}';
+ server_name acme;
+}
+EOF
+CONFS="${CONFS} acme:0"
+
cat > more_server.sans <<EOF
server {
# include '${LAN_LISTEN}';
cat > more_names.sans <<EOF
server {
include '${LAN_LISTEN}';
+ include '${LAN_LISTEN}';
+ include '${LAN_LISTEN}';
+ not include '${LAN_LISTEN}';
server_name example.com more_names example.org;
}
EOF
CONFS="${CONFS} tab:0"
+
+[ "$PRINT_PASSED" -gt 0 ] && printf "\nSetup files in %s ...\n" "${CONF_DIR}"
+
+
+for conf in ${CONFS}
+do test 'setpoint_add_ssl " " '"${conf%:*}" "${conf#*:}"
+done
+
+test 'setpoint_add_ssl "\t" tab' 0 # fixes wrong indentation.
+
+
+
+[ "$PRINT_PASSED" -gt 0 ] && printf "\nTesting Cron ... \n"
+
+
+echo -n "prefix" >"/etc/crontabs/root"
+test '"${NGINX_UTIL}" add_ssl _lan' 0
+echo "postfix" >>"/etc/crontabs/root"
+test_setpoint "/etc/crontabs/root" "prefix
+3 3 12 12 * ${NGINX_UTIL} 'check_ssl'
+postfix"
+
+test '"${NGINX_UTIL}" del_ssl _lan' 0
+test_setpoint "/etc/crontabs/root" "prefix
+3 3 12 12 * ${NGINX_UTIL} 'check_ssl'
+postfix"
+
+test '"${NGINX_UTIL}" check_ssl' 0
+test_setpoint "/etc/crontabs/root" "prefix
+postfix"
+
+test '"${NGINX_UTIL}" add_ssl _lan' 0
+test_setpoint "/etc/crontabs/root" "prefix
+postfix
+3 3 12 12 * ${NGINX_UTIL} 'check_ssl'"
+
+rm -f "/etc/crontabs/root"
+
+
+[ "$PRINT_PASSED" -gt 0 ] && printf '\n\t-"-\t(legacy) ... \n'
+
+echo -n "prefix" >"/etc/crontabs/root"
+cp "minimal.sans" "minimal.conf"
+
+test '"${NGINX_UTIL}" add_ssl minimal' 0
+echo "postfix" >>"/etc/crontabs/root"
+test_setpoint "/etc/crontabs/root" "prefix
+3 3 12 12 * ${NGINX_UTIL} 'add_ssl' 'minimal'
+postfix"
+
+test '"${NGINX_UTIL}" del_ssl minimal' 0
+test_setpoint "/etc/crontabs/root" "prefix
+postfix"
+
+rm -f "/etc/crontabs/root"
+
+
+
[ "$PRINT_PASSED" -gt 0 ] && printf "\nTesting %s init_lan ...\n" "${NGINX_UTIL}"
-mkdir -p "$(dirname "${LAN_LISTEN}")"
-cp "${LAN_NAME}.sans" "${LAN_NAME}.conf"
+rm -f "${LAN_NAME}.conf" "_redirect2ssl.conf" "${UCI_ADDED}.conf"
+rm -f "$(readlink "${UCI_CONF}")"
test '"${NGINX_UTIL}" init_lan' 0
+test_setpoint "${UCI_CONF}" "$(setpoint_init_lan)"
+test_setpoint "/etc/crontabs/root" "3 3 12 12 * ${NGINX_UTIL} 'check_ssl'"
-[ "$PRINT_PASSED" -gt 0 ] && printf "\nSetup files in %s ...\n" "${CONF_DIR}"
+[ "$PRINT_PASSED" -gt 0 ] && printf '\n\t-"-\twith temporary UCI config ... \n'
-for conf in ${CONFS}
-do test 'setpoint_add_ssl " " '"${conf%:*}" "${conf#*:}"
-done
+UCI_ADDED="$(uci add nginx server)" &&
+uci set nginx.@server[-1].server_name='temp' &&
+uci add_list nginx.@server[-1].listen='81 default_server' &&
+uci add_list nginx.@server[-1].listen='80' &&
+echo "UCI: nginx.${UCI_ADDED} added."
+
+rm -f "${LAN_NAME}.conf" "_redirect2ssl.conf" "${UCI_ADDED}.conf"
+rm -f "$(readlink "${UCI_CONF}")"
+
+test '"${NGINX_UTIL}" init_lan' 0
+test_setpoint "${UCI_CONF}" "$(setpoint_init_lan)"
+test_setpoint "/etc/crontabs/root" "3 3 12 12 * ${NGINX_UTIL} 'check_ssl'"
+
+
+[ "$PRINT_PASSED" -gt 0 ] && printf '\n\t-"-\t(legacy) ... \n'
+
+cp "${LAN_NAME}.sans" "${LAN_NAME}.conf"
+touch "_redirect2ssl.conf" "${UCI_ADDED}.conf"
+rm -f "$(readlink "${UCI_CONF}")"
+test '"${NGINX_UTIL}" init_lan' 0
+
+skipped() {
+ printf "\t# skipped UCI server 'nginx.%s'" "$1"
+ printf " as it could conflict with: %s%s.conf\n\n" "${CONF_DIR}" "$1"
+}
+rhs="$(skipped "$LAN_NAME" && skipped _redirect2ssl && skipped "${UCI_ADDED}")"
+sed -E -e "s/^\t#UCI_HTTP_CONFIG$/$(__esc_sed_rhs "$rhs")\n/" \
+ -e 's/\\n/\n/g' -e "1i${fileauto}" "${UCI_CONF}.template" >"uci.setpoint"
+
+test_setpoint "${UCI_CONF}" "$(cat "uci.setpoint")"
+test_setpoint "/etc/crontabs/root" ""
-test 'setpoint_add_ssl "\t" tab' 0 # fixes wrong indentation.
[ "$PRINT_PASSED" -gt 0 ] && printf "\nTesting %s add_ssl ...\n" "${NGINX_UTIL}"
-cp different_name.sans different_name.with
test '[ "${ADD_SSL_FCT}" = "add_ssl" ] ' 0
+rm -f "${LAN_NAME}.conf" "_redirect2ssl.conf" "${UCI_ADDED}.conf"
+rm -f "$(readlink "${UCI_CONF}")"
+test 'uci set nginx._lan.uci_manage_ssl="self-signed"' 0
+"${NGINX_UTIL}" del_ssl "${LAN_NAME}" 2>/dev/null
+test_setpoint "/etc/crontabs/root" ""
+test_existence "${LAN_NAME}.crt" 1
+test_existence "${LAN_NAME}.key" 1
+test '"${NGINX_UTIL}" add_ssl '"${UCI_ADDED}"' acme \
+ '"${CONF_DIR}${UCI_ADDED}.crt"' '"${CONF_DIR}${UCI_ADDED}.key"' ' 0
+test_setpoint "/etc/crontabs/root" ""
+test_existence "${UCI_ADDED}.crt" 1
+test_existence "${UCI_ADDED}.key" 1
+test '"${NGINX_UTIL}" add_ssl '"${LAN_NAME}" 0
+test_setpoint "/etc/crontabs/root" "3 3 12 12 * ${NGINX_UTIL} 'check_ssl'"
+test_existence "${LAN_NAME}.crt" 0
+test_existence "${LAN_NAME}.key" 0
+test '"${NGINX_UTIL}" add_ssl '"${LAN_NAME}" 0
+test_setpoint "/etc/crontabs/root" "3 3 12 12 * ${NGINX_UTIL} 'check_ssl'"
+test '"${NGINX_UTIL}" add_ssl inexistent' 1
+test_setpoint "/etc/crontabs/root" "3 3 12 12 * ${NGINX_UTIL} 'check_ssl'"
+test '"${NGINX_UTIL}" init_lan' 0
+test_setpoint "${UCI_CONF}" "$(setpoint_init_lan)"
+test_setpoint "/etc/crontabs/root" "3 3 12 12 * ${NGINX_UTIL} 'check_ssl'"
+test_existence "${UCI_ADDED}.crt" 1
+test_existence "${UCI_ADDED}.key" 1
+test_existence "${LAN_NAME}.crt" 0
+test_existence "${LAN_NAME}.key" 0
+
+
+[ "$PRINT_PASSED" -gt 0 ] && printf '\n\t-"-\t(legacy) ... \n'
+
+cp different_name.sans different_name.with
+
+cp "/etc/crontabs/root" "cron.setpoint"
for conf in ${CONFS}; do
name="${conf%:*}"
+ [ "${name}" = "acme" ] && continue
+ [ "${name}" = "different_name" ] ||
+ echo "3 3 12 12 * ${NGINX_UTIL} 'add_ssl' '${name}'" >>"cron.setpoint"
cp "${name}.sans" "${name}.conf"
test '"${NGINX_UTIL}" add_ssl '"${name}" "${conf#*:}"
test_setpoint "${name}.conf" "$(cat "${name}.with")"
+ test_setpoint "/etc/crontabs/root" "$(cat "cron.setpoint")"
+ [ "${name}" = "different_name" ] || test_existence "${name}.crt" 0
+ [ "${name}" = "different_name" ] || test_existence "${name}.key" 0
done
+cp acme.sans acme.conf
+test '"${NGINX_UTIL}" add_ssl acme acme /path/to/crt /path/to/key' 0
+test_setpoint "acme.conf" "$(cat "acme.with")"
+test_setpoint "/etc/crontabs/root" "$(cat "cron.setpoint")"
+test_existence "acme.crt" 1
+test_existence "acme.key" 1
+
+
+
[ "$PRINT_PASSED" -gt 0 ] && printf "\nTesting %s del_ssl ...\n" "${NGINX_UTIL}"
-sed -i "/server {/a\\ include '${LAN_LISTEN}';" minimal.sans
+
+sed -E -e 's/443 ssl/80/' -e '/[^2]ssl/d' "/etc/config/nginx" >"config.setpoint"
+
+cp "/etc/crontabs/root" "cron.setpoint"
+rm -f "${LAN_NAME}.conf" "_redirect2ssl.conf" "${UCI_ADDED}.conf"
+test '"${NGINX_UTIL}" del_ssl '"${LAN_NAME}" 0
+test_setpoint "/etc/crontabs/root" "$(cat "cron.setpoint")"
+test_existence "${LAN_NAME}.crt" 1
+test_existence "${LAN_NAME}.key" 1
+test '"${NGINX_UTIL}" del_ssl '"${LAN_NAME}" 1
+test_setpoint "/etc/crontabs/root" "$(cat "cron.setpoint")"
+
+rm -f "$(readlink "${UCI_CONF}")"
+sed -E "/$(__esc_regex "'check_ssl'")/d" "/etc/crontabs/root" >"cron.setpoint"
+test '"${NGINX_UTIL}" init_lan' 0
+test_setpoint "${UCI_CONF}" "$(setpoint_init_lan)"
+test_setpoint "/etc/crontabs/root" "$(cat "cron.setpoint")"
+
+touch "${UCI_ADDED}.crt" "${UCI_ADDED}.key"
+test '"${NGINX_UTIL}" del_ssl "'${UCI_ADDED}'" acme' 0
+test_setpoint "/etc/crontabs/root" "$(cat "cron.setpoint")"
+test_existence "${UCI_ADDED}.crt" 0
+test_existence "${UCI_ADDED}.key" 0
+
+test '"${NGINX_UTIL}" del_ssl inexistent' 1
+test_setpoint "/etc/crontabs/root" "$(cat "cron.setpoint")"
+
+test_setpoint "/etc/config/nginx" "$(cat "config.setpoint")"
+test '"${NGINX_UTIL}" add_ssl "'${UCI_ADDED}'" acme \
+ '"${CONF_DIR}${UCI_ADDED}.crt"' '"${CONF_DIR}${UCI_ADDED}.key"' ' 0
+test '"${NGINX_UTIL}" add_ssl "'$(uci get "nginx.${UCI_ADDED}.server_name")'"' 0
+test '"${NGINX_UTIL}" del_ssl "'$(uci get "nginx.${UCI_ADDED}.server_name")'"' 0
+rm -f "$(readlink "${UCI_CONF}")"
+sed -E "/$(__esc_regex "'check_ssl'")/d" "/etc/crontabs/root" >"cron.setpoint"
+test '"${NGINX_UTIL}" init_lan' 0
+test_setpoint "${UCI_CONF}" "$(setpoint_init_lan)"
+test_setpoint "/etc/crontabs/root" "$(cat "cron.setpoint")"
+test_existence "${UCI_ADDED}.crt" 1
+test_existence "${UCI_ADDED}.key" 1
+
+
+[ "$PRINT_PASSED" -gt 0 ] && printf '\n\t-"-\t(legacy) ... \n'
for conf in ${CONFS}; do
name="${conf%:*}"
+ [ "${name}" = "acme" ] && continue
+ sed -E "/$(__esc_regex "'${name}'")/d" "/etc/crontabs/root" >"cron.setpoint"
+ touch "${name}.crt" "${name}.key"
cp "${name}.with" "${name}.conf"
test '"${NGINX_UTIL}" del_ssl '"${name}" "${conf#*:}"
test_setpoint "${name}.conf" "$(cat "${name}.sans")"
+ test_setpoint "/etc/crontabs/root" "$(cat "cron.setpoint")"
+ [ "${name}" = "different_name" ] && rm "${name}.crt" "${name}.key"
+ test_existence "${name}.crt" 1
+ test_existence "${name}.key" 1
done
+test_setpoint "/etc/crontabs/root" ""
+
+test '"${NGINX_UTIL}" del_ssl acme acme' 0
+test_existence "acme.crt" 1
+test_existence "acme.key" 1
+
+cp acme.with acme.conf
+touch acme.crt acme.key
+echo "3 3 12 12 * ${NGINX_UTIL} 'add_ssl' 'acme'" >>"/etc/crontabs/root"
+test '"${NGINX_UTIL}" del_ssl acme acme' 0
+test_setpoint "acme.conf" "$(cat "acme.sans")"
+test_setpoint "/etc/crontabs/root" "3 3 12 12 * ${NGINX_UTIL} 'add_ssl' 'acme'"
+test_existence "acme.crt" 0
+test_existence "acme.key" 0
+"${NGINX_UTIL}" del_ssl acme 2>/dev/null
+test_setpoint "/etc/crontabs/root" ""
+test_existence "acme.crt" 1
+test_existence "acme.key" 1
+
+
+[ "$PRINT_PASSED" -gt 0 ] && printf "\nTesting without UCI ... \n"
+
+rm -f "$(readlink "${UCI_CONF}")"
+
+test 'uci set nginx.global.uci_enable=0' 0
+
+test '"${NGINX_UTIL}" init_lan' 0
+
+test '[ -e "$(readlink '"${UCI_CONF}"')" ]' 1
+
+cp "${LAN_NAME}.sans" "${LAN_NAME}.conf"
+test '"${NGINX_UTIL}" add_ssl '"${LAN_NAME}" 0
+test '"${NGINX_UTIL}" add_ssl '"${LAN_NAME}" 0
+test '"${NGINX_UTIL}" del_ssl '"${LAN_NAME}" 0
+test '"${NGINX_UTIL}" del_ssl '"${LAN_NAME}" 0
+
+test 'rm "${LAN_NAME}.conf"' 0
+test '"${NGINX_UTIL}" add_ssl '"${LAN_NAME}" 1
+test '"${NGINX_UTIL}" del_ssl '"${LAN_NAME}" 1
+
+
+
+pst_exit 0
ln -s /bin "${TMPROOT}/bin"
-mkdir -p "${TMPROOT}/usr/bin/"
+mkdir -p "${TMPROOT}/etc/crontabs/"
+
+mkdir -p "${TMPROOT}/etc/config/"
+cp "./config-nginx-ssl" "${TMPROOT}/etc/config/nginx"
+mkdir -p "${TMPROOT}/etc/nginx/"
+cp "./uci.conf.template" "${TMPROOT}/etc/nginx/uci.conf.template"
+ln -s "${TMPROOT}/var/lib/nginx/uci.conf" "${TMPROOT}/etc/nginx/uci.conf"
+
+mkdir -p "${TMPROOT}/usr/bin/"
+cp "/usr/local/bin/uci" "${TMPROOT}/usr/bin/"
cp "./test-nginx-util-root.sh" "${TMPROOT}/usr/bin/"
#include "ubus-cxx.hpp"
-
inline void example_for_checking_if_there_is_a_key()
{
if (ubus::call("service", "list").filter("cron")) {
- std::cout<<"Cron is active (with or without instances) "<<std::endl;
+ std::cout << "Cron is active (with or without instances) " << std::endl;
}
}
-
inline void example_for_getting_values()
{
auto lan_status = ubus::call("network.interface.lan", "status");
- for (auto t : lan_status.filter("ipv6-address", "", "address")) {
- //NOLINTNEXTLINE(cppcoreguidelines-pro-type-const-cast)
- auto x = const_cast<blob_attr *>(t);
- std::cout<<"["<<blobmsg_get_string(x)<<"] ";
+ for (const auto* t : lan_status.filter("ipv6-address", "", "address")) {
+ // NOLINTNEXTLINE(cppcoreguidelines-pro-type-const-cast)
+ auto* x = const_cast<blob_attr*>(t);
+ std::cout << "[" << blobmsg_get_string(x) << "] ";
}
- for (auto t : lan_status.filter("ipv4-address", "").filter("address")) {
- //NOLINTNEXTLINE(cppcoreguidelines-pro-type-const-cast)
- auto x = const_cast<blob_attr *>(t);
- std::cout<<blobmsg_get_string(x)<<" ";
+ for (const auto* t : lan_status.filter("ipv4-address", "").filter("address")) {
+ // NOLINTNEXTLINE(cppcoreguidelines-pro-type-const-cast)
+ auto* x = const_cast<blob_attr*>(t);
+ std::cout << blobmsg_get_string(x) << " ";
}
- std::cout<<std::endl;
+ std::cout << std::endl;
}
-
inline void example_for_sending_message()
{
- auto set_arg = [](blob_buf * buf) -> int
- { return blobmsg_add_string(buf, "config", "nginx"); };
- for (auto t : ubus::call("uci", "get", set_arg).filter("values")) {
- //NOLINTNEXTLINE(cppcoreguidelines-pro-type-const-cast)
- auto x = const_cast<blob_attr *>(t);
- std::cout<<blobmsg_get_string(x)<<"\n";
+ auto set_arg = [](blob_buf* buf) -> int { return blobmsg_add_string(buf, "config", "nginx"); };
+ for (const auto* t : ubus::call("uci", "get", set_arg).filter("values")) {
+ // NOLINTNEXTLINE(cppcoreguidelines-pro-type-const-cast)
+ auto* x = const_cast<blob_attr*>(t);
+ std::cout << blobmsg_get_string(x) << "\n";
}
}
-
inline void example_for_exploring()
{
ubus::strings keys{"ipv4-address", "", ""};
- for (auto t : ubus::call("network.interface.lan", "status").filter(keys)) {
- //NOLINTNEXTLINE(cppcoreguidelines-pro-type-const-cast)
- auto x = const_cast<blob_attr *>(t);
- std::cout<<blobmsg_name(x)<<": ";
+ for (const auto* t : ubus::call("network.interface.lan", "status").filter(keys)) {
+ // NOLINTNEXTLINE(cppcoreguidelines-pro-type-const-cast)
+ auto* x = const_cast<blob_attr*>(t);
+ std::cout << blobmsg_name(x) << ": ";
switch (blob_id(x)) {
- case BLOBMSG_TYPE_UNSPEC: std::cout<<"[unspecified]"; break;
- case BLOBMSG_TYPE_ARRAY: std::cout<<"[array]"; break;
- case BLOBMSG_TYPE_TABLE: std::cout<<"[table]"; break;
- case BLOBMSG_TYPE_STRING: std::cout<<blobmsg_get_string(x); break;
- case BLOBMSG_TYPE_INT64: std::cout<<blobmsg_get_u64(x); break;
- case BLOBMSG_TYPE_INT32: std::cout<<blobmsg_get_u32(x); break;
- case BLOBMSG_TYPE_INT16: std::cout<<blobmsg_get_u16(x); break;
- case BLOBMSG_TYPE_BOOL: std::cout<<blobmsg_get_bool(x); break;
- case BLOBMSG_TYPE_DOUBLE: std::cout<<blobmsg_get_double(x); break;
- default: std::cout<<"[unknown]";
+ case BLOBMSG_TYPE_UNSPEC: std::cout << "[unspecified]"; break;
+ case BLOBMSG_TYPE_ARRAY: std::cout << "[array]"; break;
+ case BLOBMSG_TYPE_TABLE: std::cout << "[table]"; break;
+ case BLOBMSG_TYPE_STRING: std::cout << blobmsg_get_string(x); break;
+ case BLOBMSG_TYPE_INT64: std::cout << blobmsg_get_u64(x); break;
+ case BLOBMSG_TYPE_INT32: std::cout << blobmsg_get_u32(x); break;
+ case BLOBMSG_TYPE_INT16: std::cout << blobmsg_get_u16(x); break;
+ case BLOBMSG_TYPE_BOOL: std::cout << blobmsg_get_bool(x); break;
+ case BLOBMSG_TYPE_DOUBLE: std::cout << blobmsg_get_double(x); break;
+ default: std::cout << "[unknown]";
}
- std::cout<<std::endl;
+ std::cout << std::endl;
}
}
-
inline void example_for_recursive_exploring()
-{ // output like from the original ubus call:
- const auto explore = [](auto message) -> void
- {
+{ // output like from the original ubus call:
+ const auto explore = [](auto message) -> void {
auto end = message.end();
- auto explore_internal =
- [&end](auto & explore_ref, auto it, size_t depth=1) -> void
- {
- std::cout<<std::endl;
+ auto explore_internal = [&end](auto& explore_ref, auto it, size_t depth = 1) -> void {
+ std::cout << std::endl;
bool first = true;
- for (; it!=end; ++it) {
- //NOLINTNEXTLINE(cppcoreguidelines-pro-type-const-cast)
- auto attr = const_cast<blob_attr *>(*it);
- if (first) { first = false; }
- else { std::cout<<",\n"; }
- std::cout<<std::string(depth, '\t');
+ for (; it != end; ++it) {
+ // NOLINTNEXTLINE(cppcoreguidelines-pro-type-const-cast)
+ auto* attr = const_cast<blob_attr*>(*it);
+ if (first) {
+ first = false;
+ }
+ else {
+ std::cout << ",\n";
+ }
+ std::cout << std::string(depth, '\t');
std::string name = blobmsg_name(attr);
- if (!name.empty()) { std::cout<<"\""<<name<<"\": "; }
+ if (!name.empty()) {
+ std::cout << "\"" << name << "\": ";
+ }
switch (blob_id(attr)) {
- case BLOBMSG_TYPE_UNSPEC: std::cout<<"(unspecified)"; break;
+ case BLOBMSG_TYPE_UNSPEC: std::cout << "(unspecified)"; break;
case BLOBMSG_TYPE_ARRAY:
- std::cout<<"[";
- explore_ref(explore_ref, ubus::iterator{attr}, depth+1);
- std::cout<<"\n"<<std::string(depth, '\t')<<"]";
+ std::cout << "[";
+ explore_ref(explore_ref, ubus::iterator{attr}, depth + 1);
+ std::cout << "\n" << std::string(depth, '\t') << "]";
break;
case BLOBMSG_TYPE_TABLE:
- std::cout<<"{";
- explore_ref(explore_ref, ubus::iterator{attr}, depth+1);
- std::cout<<"\n"<<std::string(depth, '\t')<<"}";
+ std::cout << "{";
+ explore_ref(explore_ref, ubus::iterator{attr}, depth + 1);
+ std::cout << "\n" << std::string(depth, '\t') << "}";
break;
case BLOBMSG_TYPE_STRING:
- std::cout<<"\""<<blobmsg_get_string(attr)<<"\"";
- break;
- case BLOBMSG_TYPE_INT64:
- std::cout<<blobmsg_get_u64(attr);
- break;
- case BLOBMSG_TYPE_INT32:
- std::cout<<blobmsg_get_u32(attr);
- break;
- case BLOBMSG_TYPE_INT16:
- std::cout<<blobmsg_get_u16(attr);
+ std::cout << "\"" << blobmsg_get_string(attr) << "\"";
break;
+ case BLOBMSG_TYPE_INT64: std::cout << blobmsg_get_u64(attr); break;
+ case BLOBMSG_TYPE_INT32: std::cout << blobmsg_get_u32(attr); break;
+ case BLOBMSG_TYPE_INT16: std::cout << blobmsg_get_u16(attr); break;
case BLOBMSG_TYPE_BOOL:
- std::cout<<(blobmsg_get_bool(attr) ? "true" : "false");
+ std::cout << (blobmsg_get_bool(attr) ? "true" : "false");
break;
- case BLOBMSG_TYPE_DOUBLE:
- std::cout<<blobmsg_get_double(attr);
- break;
- default: std::cout<<"(unknown)"; break;
+ case BLOBMSG_TYPE_DOUBLE: std::cout << blobmsg_get_double(attr); break;
+ default: std::cout << "(unknown)"; break;
}
}
};
- std::cout<<"{";
+ std::cout << "{";
explore_internal(explore_internal, message.begin());
- std::cout<<"\n}"<<std::endl;
+ std::cout << "\n}" << std::endl;
};
explore(ubus::call("network.interface.lan", "status"));
}
-
-auto main() -> int {
-
+auto main() -> int
+{
try {
example_for_checking_if_there_is_a_key();
return 0;
}
- catch (const std::exception & e) { std::cerr<<e.what()<<std::endl; }
+ catch (const std::exception& e) {
+ std::cerr << e.what() << std::endl;
+ }
- catch (...) { perror("main error"); }
+ catch (...) {
+ perror("main error");
+ }
return 1;
}
#ifndef _UBUS_CXX_HPP
#define _UBUS_CXX_HPP
-#include <cassert>
#include <libubus.h>
+#include <cassert>
#include <memory>
#include <mutex>
#include <string>
#include <iostream>
#endif
-
namespace ubus {
static constexpr int call_timeout = 500;
using strings = std::vector<std::string>;
+inline auto concat(strings dest)
+{
+ return dest;
+}
-inline auto concat(strings dest) { return dest; }
-
-
-template<class ...Strings>
-inline auto concat(strings dest, strings src, Strings ...more)
+template <class... Strings>
+inline auto concat(strings dest, strings src, Strings... more)
{
dest.reserve(dest.size() + src.size());
dest.insert(std::end(dest), std::make_move_iterator(std::begin(src)),
return concat(std::move(dest), std::move(more)...);
}
-
-template<class S, class ...Strings>
-inline auto concat(strings dest, S src, Strings ...more)
+template <class S, class... Strings>
+inline auto concat(strings dest, S src, Strings... more)
{
dest.emplace_back(std::move(src));
return concat(std::move(dest), std::move(more)...);
}
-
-
class iterator {
-
-private:
-
- const strings & keys;
+ private:
+ const strings& keys;
const size_t n = 0;
size_t i = 0;
- const blob_attr * pos = nullptr;
+ const blob_attr* pos = nullptr;
std::unique_ptr<iterator> cur{};
- iterator * parent = nullptr;
+ iterator* parent = nullptr;
size_t rem = 0;
-
[[nodiscard]] inline auto matches() const -> bool
{
- return (keys[i].empty() || blobmsg_name(cur->pos)==keys[i]);
+ return (keys[i].empty() || blobmsg_name(cur->pos) == keys[i]);
}
-
- explicit iterator(iterator * par)
- : keys{par->keys}, n{par->n}, pos{par->pos}, cur{this}, parent{par}
+ explicit iterator(iterator* par)
+ : keys{par->keys}, n{par->n}, pos{par->pos}, cur{this}, parent{par}
{
- if (pos!=nullptr) {
+ if (pos != nullptr) {
rem = blobmsg_data_len(pos);
- pos = static_cast<blob_attr *>(blobmsg_data(pos));
+ pos = static_cast<blob_attr*>(blobmsg_data(pos));
}
}
-
-public:
-
- explicit iterator(const blob_attr * msg, const strings & filter={""})
- : keys{filter}, n{keys.size()-1}, pos{msg}, cur{this}
+ public:
+ explicit iterator(const blob_attr* msg, const strings& key_filter = {""})
+ : keys{key_filter}, n{keys.size() - 1}, pos{msg}, cur{this}
{
- if (pos!=nullptr) {
+ if (pos != nullptr) {
rem = blobmsg_data_len(pos);
- pos = static_cast<blob_attr *>(blobmsg_data(pos));
+ pos = static_cast<blob_attr*>(blobmsg_data(pos));
- if (rem==0) { pos = nullptr; }
- else if (i!=n || !matches()) { ++*this; }
+ if (rem == 0) {
+ pos = nullptr;
+ }
+ else if (i != n || !matches()) {
+ ++*this;
+ }
}
}
+ inline iterator(iterator&&) noexcept = default;
- inline iterator(iterator &&) noexcept = default;
-
-
- inline iterator(const iterator &) = delete;
-
+ inline iterator(const iterator&) = delete;
- inline auto operator=(const iterator &) -> iterator & = delete;
+ inline auto operator=(const iterator&) -> iterator& = delete;
+ inline auto operator=(iterator &&) -> iterator& = delete;
- inline auto operator=(iterator &&) -> iterator & = delete;
-
-
- inline auto operator*() { return cur->pos; }
-
-
- inline auto operator!=(const iterator & rhs)
- { return (cur->rem!=rhs.cur->rem || cur->pos!=rhs.cur->pos); }
-
+ inline auto operator*()
+ {
+ return cur->pos;
+ }
- auto operator++() -> iterator &;
+ inline auto operator!=(const iterator& rhs)
+ {
+ return (cur->rem != rhs.cur->rem || cur->pos != rhs.cur->pos);
+ }
+ auto operator++() -> iterator&;
inline ~iterator()
- { if (cur.get()==this) { static_cast<void>(cur.release()); } }
-
+ {
+ if (cur.get() == this) {
+ static_cast<void>(cur.release());
+ }
+ }
};
-
-
class message {
-
-private:
-
- const msg_ptr msg{}; // initialized by callback.
+ private:
+ const msg_ptr msg{}; // initialized by callback.
const strings keys{};
+ public:
+ inline explicit message(msg_ptr message_ptr, strings key_filter = {""})
+ : msg{std::move(message_ptr)}, keys{std::move(key_filter)}
+ {}
-public:
-
- inline explicit message(msg_ptr message_ptr, strings filter={""})
- : msg{std::move(message_ptr)}, keys{std::move(filter)} {}
-
+ inline message(message&&) = default;
- inline message(message &&) = default;
+ inline message(const message&) = delete;
+ inline auto operator=(message &&) -> message& = delete;
- inline message(const message &) = delete;
-
-
- inline auto operator=(message &&) -> message & = delete;
-
-
- inline auto operator=(const message &) -> message & = delete;
-
+ inline auto operator=(const message&) -> message& = delete;
[[nodiscard]] inline auto begin() const -> iterator
- { return iterator{msg.get(), keys}; }
-
+ {
+ return iterator{msg.get(), keys};
+ }
[[nodiscard]] inline auto end() const -> iterator
- { return iterator{nullptr, keys}; }
-
-
- inline explicit operator bool() const { return begin()!=end(); }
+ {
+ return iterator{nullptr, keys};
+ }
+ inline explicit operator bool() const
+ {
+ return begin() != end();
+ }
- template<class ...Strings>
- auto filter(Strings ...filter)
+ template <class... Strings>
+ auto filter(Strings... key_filter)
{
strings both{};
- if (keys.size()!=1 || !keys[0].empty()) { both = keys; }
- both = concat(std::move(both), std::move(filter)...);
+ if (keys.size() != 1 || !keys[0].empty()) {
+ both = keys;
+ }
+ both = concat(std::move(both), std::move(key_filter)...);
return std::move(message{msg, std::move(both)});
}
-
inline ~message() = default;
-
};
-
-
class lock_shared_resources {
-
-private:
-
+ private:
static std::mutex inuse;
+ public:
+ inline lock_shared_resources()
+ {
+ inuse.lock();
+ }
-public:
-
-
- inline lock_shared_resources() { inuse.lock(); }
-
-
- inline lock_shared_resources(lock_shared_resources &&) noexcept = default;
-
-
- inline lock_shared_resources(const lock_shared_resources &) = delete;
-
-
- inline auto operator=(const lock_shared_resources &) -> auto & = delete;
+ inline lock_shared_resources(lock_shared_resources&&) noexcept = default;
+ inline lock_shared_resources(const lock_shared_resources&) = delete;
- inline auto operator=(lock_shared_resources &&) -> auto && = delete;
+ inline auto operator=(const lock_shared_resources&) -> auto& = delete;
+ inline auto operator=(lock_shared_resources &&) -> auto&& = delete;
- //NOLINTNEXTLINE(readability-convert-member-functions-to-static)
- inline auto get_context() -> ubus_context * // is member to enforce inuse.
+ // NOLINTNEXTLINE(readability-convert-member-functions-to-static)
+ inline auto get_context() -> ubus_context* // is member to enforce inuse.
{
- static auto ubus_freeing = [] (ubus_context * ctx) { ubus_free(ctx); };
- static std::unique_ptr<ubus_context, decltype(ubus_freeing)>
- lazy_ctx{ubus_connect(nullptr), ubus_freeing};
+ static auto ubus_freeing = [](ubus_context* ctx) { ubus_free(ctx); };
+ static std::unique_ptr<ubus_context, decltype(ubus_freeing)> lazy_ctx{ubus_connect(nullptr),
+ ubus_freeing};
- if (!lazy_ctx) { // it could be available on a later call:
+ if (!lazy_ctx) { // it could be available on a later call:
lazy_ctx.reset(ubus_connect(nullptr));
return lazy_ctx.get();
}
-
- //NOLINTNEXTLINE(readability-convert-member-functions-to-static)
- inline auto get_blob_buf() -> blob_buf * // is member to enforce inuse.
+ // NOLINTNEXTLINE(readability-convert-member-functions-to-static)
+ inline auto get_blob_buf() -> blob_buf* // is member to enforce inuse.
{
static blob_buf buf;
- static auto blob_buf_freeing = [] (blob_buf * b) { blob_buf_free(b); };
+ static auto blob_buf_freeing = [](blob_buf* b) { blob_buf_free(b); };
static std::unique_ptr<blob_buf, decltype(blob_buf_freeing)>
- created_to_free_on_the_end_of_life{&buf, blob_buf_freeing};
+ created_to_free_on_the_end_of_life{&buf, blob_buf_freeing};
blob_buf_init(&buf, 0);
return &buf;
}
-
- inline ~lock_shared_resources() { inuse.unlock(); }
-
+ inline ~lock_shared_resources()
+ {
+ inuse.unlock();
+ }
};
+template <class F>
+auto call(const char* path, const char* method, F set_arguments, int timeout = call_timeout)
+ -> message;
-template<class F>
-auto call(const char * path, const char * method, F set_arguments,
- int timeout=call_timeout) -> message;
-
-
-inline auto call(const char * path, const char * method,
- int timeout=call_timeout) -> message
-{ return call(path, method, [](blob_buf * /*buf*/) { return 0; }, timeout); }
-
-
-inline auto call(const char * path, int timeout=call_timeout) -> message
-{ return call(path, "", timeout); }
-
-
+inline auto call(const char* path, const char* method, int timeout = call_timeout) -> message
+{
+ return call(
+ path, method, [](blob_buf* /*buf*/) { return 0; }, timeout);
+}
+inline auto call(const char* path, int timeout = call_timeout) -> message
+{
+ return call(path, "", timeout);
+}
// ------------------------- implementation: ----------------------------------
-
std::mutex lock_shared_resources::inuse;
-
-inline auto iterator::operator++() -> iterator &
+inline auto iterator::operator++() -> iterator&
{
- for(;;) {
- #ifndef NDEBUG
- std::cout<<std::string(i,'>')<<" look for "<<keys[i]<<" at ";
- std::cout<<blobmsg_name(cur->pos)<<std::endl;
- #endif
+ for (;;) {
+#ifndef NDEBUG
+ std::cout << std::string(i, '>') << " look for " << keys[i] << " at ";
+ std::cout << blobmsg_name(cur->pos) << std::endl;
+#endif
auto id = blob_id(cur->pos);
- if ( (id==BLOBMSG_TYPE_TABLE || id==BLOBMSG_TYPE_ARRAY)
- && i<n
- && matches()
- && blobmsg_data_len(cur->pos)>0 )
- { //immmerge:
+ if ((id == BLOBMSG_TYPE_TABLE || id == BLOBMSG_TYPE_ARRAY) && i < n && matches() &&
+ blobmsg_data_len(cur->pos) > 0)
+ { // immmerge:
++i;
- auto tmp = cur.release();
+ auto* tmp = cur.release();
- struct new_iterator : public iterator // use private constructor:
- { explicit new_iterator(iterator * par) : iterator{par} {} };
+ struct new_iterator : public iterator // use private constructor:
+ {
+ explicit new_iterator(iterator* par) : iterator{par} {}
+ };
cur = std::make_unique<new_iterator>(tmp);
-
- } else {
+ }
+ else {
while (true) {
cur->rem -= blob_pad_len(cur->pos);
cur->pos = blob_next(cur->pos);
auto len = blob_pad_len(cur->pos);
- if (cur->rem>0 && len<=cur->rem && len>=sizeof(blob_attr))
- { break; }
+ if (cur->rem > 0 && len <= cur->rem && len >= sizeof(blob_attr)) {
+ break;
+ }
- //emerge:
- auto tmp = cur->parent;
+ // emerge:
+ auto* tmp = cur->parent;
if (tmp == nullptr) {
cur->pos = nullptr;
--i;
}
}
- if (i==n && matches()) { return *cur; }
+ if (i == n && matches()) {
+ return *cur;
+ }
}
}
-
-template<class F>
-inline auto call(const char * path, const char * method, F set_arguments,
- int timeout) -> message
+template <class F>
+inline auto call(const char* path, const char* method, F set_arguments, int timeout) -> message
{
-
auto shared = lock_shared_resources{};
- auto ctx = shared.get_context();
+ auto* ctx = shared.get_context();
- uint32_t id;
+ uint32_t id = 0;
int err = ubus_lookup_id(ctx, path, &id);
- if (err==0) { // call
+ if (err == 0) { // call
ubus_request request{};
- auto buf = shared.get_blob_buf();
+ auto* buf = shared.get_blob_buf();
err = set_arguments(buf);
- if (err==0) {
+ if (err == 0) {
err = ubus_invoke_async(ctx, id, method, buf->head, &request);
}
- if (err==0) {
-
+ if (err == 0) {
msg_ptr message_ptr;
/* Cannot capture message_ptr, the lambda would be another type.
- * Pass a location where to save the message as priv pointer when
- * invoking and get it back here:
- */
+ * Pass a location where to save the message as priv pointer when
+ * invoking and get it back here:
+ */
request.priv = &message_ptr;
- request.data_cb =
- [](ubus_request * req, int /*type*/, blob_attr * msg)
- {
- if (req==nullptr || msg==nullptr) { return; }
+ request.data_cb = [](ubus_request* req, int /*type*/, blob_attr* msg) {
+ if (req == nullptr || msg == nullptr) {
+ return;
+ }
- auto saved = static_cast<msg_ptr *>(req->priv);
- if (saved==nullptr || *saved) { return; }
+ auto* saved = static_cast<msg_ptr*>(req->priv);
+ if (saved == nullptr || *saved) {
+ return;
+ }
saved->reset(blob_memdup(msg), free);
- if (!*saved) { throw std::bad_alloc(); }
+ if (!*saved) {
+ throw std::bad_alloc();
+ }
};
err = ubus_complete_request(ctx, &request, timeout);
- if (err==0) { return message{message_ptr}; }
+ if (err == 0) {
+ return message{message_ptr};
+ }
}
}
std::string errmsg = "ubus::call error: cannot invoke";
- errmsg += " (" + std::to_string(err) + ") " + path + " " + method;
+ errmsg += " (" + std::to_string(err) + ") " + path + " " + method;
throw std::runtime_error(errmsg);
}
-
-} // namespace ubus
-
+} // namespace ubus
#endif
--- /dev/null
+#include <iostream>
+#include <mutex>
+#include <string>
+#include <string_view>
+#include <vector>
+
+#include "uci-cxx.hpp"
+
+auto main() -> int
+{
+ uci::element p = uci::package{"nginx"};
+ std::cout << "package " << p.name() << "\n\n";
+ for (auto s : p) {
+ std::cout << "config " << s.type() << " '" << s.name() << "'\n";
+ for (auto o : s) {
+ for (auto i : o) {
+ std::cout << "\t" << o.type() << " " << o.name() << " '" << i.name() << "'\n";
+ }
+ }
+ std::cout << "\n";
+ }
+}
--- /dev/null
+#ifndef _UCI_CXX_HPP
+#define _UCI_CXX_HPP
+
+#include <uci.h>
+#include <memory>
+#include <mutex>
+#include <stdexcept>
+#include <string>
+#include <string_view>
+
+namespace uci {
+
+template <class T>
+class iterator { // like uci_foreach_element_safe.
+
+ private:
+ const uci_ptr& _ptr;
+
+ uci_element* _it = nullptr;
+
+ uci_element* _next = nullptr;
+
+ // wrapper for clang-tidy
+ inline auto _list_to_element(const uci_list* cur) -> uci_element*
+ {
+ // NOLINTNEXTLINE(cppcoreguidelines-pro-bounds-pointer-arithmetic,cppcoreguidelines-pro-type-cstyle-cast)
+ return list_to_element(cur); // macro casting container=pointer-offset.
+ }
+
+ public:
+ inline explicit iterator(const uci_ptr& ptr, const uci_list* cur)
+ : _ptr{ptr}, _it{_list_to_element(cur)}
+ {
+ _next = _list_to_element(_it->list.next);
+ }
+
+ inline iterator(iterator&&) noexcept = default;
+
+ inline iterator(const iterator&) = delete;
+
+ inline auto operator=(const iterator&) -> iterator& = delete;
+
+ inline auto operator=(iterator &&) -> iterator& = delete;
+
+ auto operator*() -> T
+ {
+ return T{_ptr, _it};
+ }
+
+ inline auto operator!=(const iterator& rhs) -> bool
+ {
+ return (&_it->list != &rhs._it->list);
+ }
+
+ inline auto operator++() -> iterator&
+ {
+ _it = _next;
+ _next = _list_to_element(_next->list.next);
+ return *this;
+ }
+
+ inline ~iterator() = default;
+};
+
+class locked_context {
+ private:
+ static std::mutex inuse;
+
+ public:
+ inline locked_context()
+ {
+ inuse.lock();
+ }
+
+ inline locked_context(locked_context&&) noexcept = default;
+
+ inline locked_context(const locked_context&) = delete;
+
+ inline auto operator=(const locked_context&) -> locked_context& = delete;
+
+ inline auto operator=(locked_context &&) -> locked_context& = delete;
+
+ // NOLINTNEXTLINE(readability-convert-member-functions-to-static)
+ inline auto get() -> uci_context* // is member to enforce inuse
+ {
+ static auto free_ctx = [](uci_context* ctx) { uci_free_context(ctx); };
+ static std::unique_ptr<uci_context, decltype(free_ctx)> lazy_ctx{uci_alloc_context(),
+ free_ctx};
+
+ if (!lazy_ctx) { // it could be available on a later call:
+ lazy_ctx.reset(uci_alloc_context());
+ if (!lazy_ctx) {
+ throw std::runtime_error("uci error: cannot allocate context");
+ }
+ }
+
+ return lazy_ctx.get();
+ }
+
+ inline ~locked_context()
+ {
+ inuse.unlock();
+ }
+};
+
+template <class T>
+class element {
+ private:
+ uci_list* _begin = nullptr;
+
+ uci_list* _end = nullptr;
+
+ uci_ptr _ptr{};
+
+ protected:
+ [[nodiscard]] inline auto ptr() -> uci_ptr&
+ {
+ return _ptr;
+ }
+
+ [[nodiscard]] inline auto ptr() const -> const uci_ptr&
+ {
+ return _ptr;
+ }
+
+ void init_begin_end(uci_list* begin, uci_list* end)
+ {
+ _begin = begin;
+ _end = end;
+ }
+
+ inline explicit element(const uci_ptr& pre, uci_element* last) : _ptr{pre}
+ {
+ _ptr.last = last;
+ }
+
+ inline explicit element() = default;
+
+ public:
+ inline element(element&&) noexcept = default;
+
+ inline element(const element&) = delete;
+
+ inline auto operator=(const element&) -> element& = delete;
+
+ inline auto operator=(element &&) -> element& = delete;
+
+ auto operator[](std::string_view key) const -> T;
+
+ [[nodiscard]] inline auto name() const -> std::string
+ {
+ return _ptr.last->name;
+ }
+
+ void rename(const char* value) const;
+
+ void commit() const;
+
+ [[nodiscard]] inline auto begin() const -> iterator<T>
+ {
+ return iterator<T>{_ptr, _begin};
+ }
+
+ [[nodiscard]] inline auto end() const -> iterator<T>
+ {
+ return iterator<T>{_ptr, _end};
+ }
+
+ inline ~element() = default;
+};
+
+class section;
+
+class option;
+
+class item;
+
+class package : public element<section> {
+ public:
+ inline package(const uci_ptr& pre, uci_element* last) : element{pre, last}
+ {
+ // NOLINTNEXTLINE(cppcoreguidelines-pro-bounds-pointer-arithmetic,cppcoreguidelines-pro-type-cstyle-cast)
+ ptr().p = uci_to_package(ptr().last); // macro casting pointer-offset.
+ ptr().package = ptr().last->name;
+
+ auto* end = &ptr().p->sections;
+ auto* begin = end->next;
+ init_begin_end(begin, end);
+ }
+
+ explicit package(const char* name);
+
+ auto set(const char* key, const char* type) const -> section;
+};
+
+class section : public element<option> {
+ public:
+ inline section(const uci_ptr& pre, uci_element* last) : element{pre, last}
+ {
+ // NOLINTNEXTLINE(cppcoreguidelines-pro-bounds-pointer-arithmetic,cppcoreguidelines-pro-type-cstyle-cast)
+ ptr().s = uci_to_section(ptr().last); // macro casting pointer-offset.
+ ptr().section = ptr().last->name;
+
+ auto* end = &ptr().s->options;
+ auto* begin = end->next;
+ init_begin_end(begin, end);
+ }
+
+ auto set(const char* key, const char* value) const -> option;
+
+ void del();
+
+ [[nodiscard]] inline auto anonymous() const -> bool
+ {
+ return ptr().s->anonymous;
+ }
+
+ [[nodiscard]] inline auto type() const -> std::string
+ {
+ return ptr().s->type;
+ }
+};
+
+class option : public element<item> {
+ public:
+ inline option(const uci_ptr& pre, uci_element* last) : element{pre, last}
+ {
+ // NOLINTNEXTLINE(cppcoreguidelines-pro-bounds-pointer-arithmetic,cppcoreguidelines-pro-type-cstyle-cast)
+ ptr().o = uci_to_option(ptr().last); // macro casting pointer-offset.
+ ptr().option = ptr().last->name;
+
+ if (ptr().o->type == UCI_TYPE_LIST) { // use union ptr().o->v as list:
+ // NOLINTNEXTLINE(cppcoreguidelines-pro-type-union-access)
+ auto* end = &ptr().o->v.list;
+ auto* begin = end->next;
+ init_begin_end(begin, end);
+ }
+ else {
+ auto* begin = &ptr().last->list;
+ auto* end = begin->next;
+ init_begin_end(begin, end);
+ }
+ }
+
+ void del();
+
+ [[nodiscard]] inline auto type() const -> std::string
+ {
+ return (ptr().o->type == UCI_TYPE_LIST ? "list" : "option");
+ }
+};
+
+class item : public element<item> {
+ public:
+ inline item(const uci_ptr& pre, uci_element* last) : element{pre, last}
+ {
+ ptr().value = ptr().last->name;
+ }
+
+ [[nodiscard]] inline auto type() const -> std::string
+ {
+ return (ptr().o->type == UCI_TYPE_LIST ? "list" : "option");
+ }
+
+ [[nodiscard]] inline auto name() const -> std::string
+ {
+ return (ptr().last->type == UCI_TYPE_ITEM
+ ? ptr().last->name
+ :
+ // else: use union ptr().o->v as string:
+ // NOLINTNEXTLINE(cppcoreguidelines-pro-type-union-access)
+ ptr().o->v.string);
+ }
+
+ inline explicit operator bool() const
+ {
+ const auto x = std::string_view{name()};
+
+ if (x == "0" || x == "off" || x == "false" || x == "no" || x == "disabled") {
+ return false;
+ }
+
+ if (x == "1" || x == "on" || x == "true" || x == "yes" || x == "enabled") {
+ return true;
+ }
+
+ auto errmsg = std::string{"uci_error: item is not bool "} + name();
+ throw std::runtime_error(errmsg);
+ }
+
+ void rename(const char* value) const;
+};
+
+// ------------------------- implementation: ----------------------------------
+
+std::mutex locked_context::inuse{};
+
+inline auto uci_error(uci_context* ctx, const char* prefix = nullptr) -> std::runtime_error
+{
+ char* errmsg = nullptr;
+ uci_get_errorstr(ctx, &errmsg, prefix);
+
+ std::unique_ptr<char, decltype(&std::free)> auto_free{errmsg, std::free};
+ return std::runtime_error{errmsg};
+}
+
+template <class T>
+auto element<T>::operator[](std::string_view key) const -> T
+{
+ for (auto elmt : *this) {
+ if (elmt.name() == key) {
+ return elmt;
+ }
+ }
+
+ auto errmsg = std::string{"uci error: cannot find "}.append(key);
+ throw uci_error(locked_context{}.get(), errmsg.c_str());
+}
+
+template <class T>
+void element<T>::rename(const char* value) const
+{
+ if (value == name()) {
+ return;
+ }
+
+ auto ctx = locked_context{};
+ auto tmp_ptr = uci_ptr{_ptr};
+ tmp_ptr.value = value;
+ if (uci_rename(ctx.get(), &tmp_ptr) != 0) {
+ auto errmsg = std::string{"uci error: cannot rename "}.append(name());
+ throw uci_error(ctx.get(), errmsg.c_str());
+ }
+}
+
+template <class T>
+void element<T>::commit() const
+{
+ auto ctx = locked_context{};
+ // TODO(pst) use when possible:
+ // if (uci_commit(ctx.get(), &_ptr.p, true) != 0) {
+ // auto errmsg = std::string{"uci error: cannot commit "} + _ptr.package;
+ // throw uci_error(ctx.get(), errmsg.c_str());
+ // }
+ auto err = uci_save(ctx.get(), _ptr.p);
+ if (err == 0) {
+ uci_package* tmp_pkg = nullptr;
+ uci_context* tmp_ctx = uci_alloc_context();
+ err = (tmp_ctx == nullptr ? 1 : 0);
+ if (err == 0) {
+ err = uci_load(tmp_ctx, _ptr.package, &tmp_pkg);
+ }
+ if (err == 0) {
+ err = uci_commit(tmp_ctx, &tmp_pkg, false);
+ }
+ if (err == 0) {
+ err = uci_unload(tmp_ctx, tmp_pkg);
+ }
+ if (tmp_ctx != nullptr) {
+ uci_free_context(tmp_ctx);
+ }
+ }
+
+ if (err != 0) {
+ auto errmsg = std::string{"uci error: cannot commit "} + _ptr.package;
+ throw uci_error(ctx.get(), errmsg.c_str());
+ }
+}
+
+package::package(const char* name)
+{
+ auto ctx = locked_context{};
+
+ auto* pkg = uci_lookup_package(ctx.get(), name);
+ if (pkg == nullptr) {
+ if (uci_load(ctx.get(), name, &pkg) != 0) {
+ auto errmsg = std::string{"uci error: cannot load package "} + name;
+ throw uci_error(ctx.get(), errmsg.c_str());
+ }
+ }
+
+ ptr().package = name;
+ ptr().p = pkg;
+ ptr().last = &pkg->e;
+
+ auto* end = &ptr().p->sections;
+ auto* begin = end->next;
+ init_begin_end(begin, end);
+}
+
+auto package::set(const char* key, const char* type) const -> section
+{
+ auto ctx = locked_context{};
+
+ auto tmp_ptr = uci_ptr{ptr()};
+ tmp_ptr.section = key;
+ tmp_ptr.value = type;
+ if (uci_set(ctx.get(), &tmp_ptr) != 0) {
+ auto errmsg = std::string{"uci error: cannot set section "} + type + "'" + key +
+ "' in package " + name();
+ throw uci_error(ctx.get(), errmsg.c_str());
+ }
+
+ return section{ptr(), tmp_ptr.last};
+}
+
+auto section::set(const char* key, const char* value) const -> option
+{
+ auto ctx = locked_context{};
+
+ auto tmp_ptr = uci_ptr{ptr()};
+ tmp_ptr.option = key;
+ tmp_ptr.value = value;
+ if (uci_set(ctx.get(), &tmp_ptr) != 0) {
+ auto errmsg = std::string{"uci error: cannot set option "} + key + "'" + value +
+ "' in package " + name();
+ throw uci_error(ctx.get(), errmsg.c_str());
+ }
+
+ return option{ptr(), tmp_ptr.last};
+}
+
+void section::del()
+{
+ auto ctx = locked_context{};
+ if (uci_delete(ctx.get(), &ptr()) != 0) {
+ auto errmsg = std::string{"uci error: cannot delete section "} + name();
+ throw uci_error(ctx.get(), errmsg.c_str());
+ }
+}
+
+void option::del()
+{
+ auto ctx = locked_context{};
+ if (uci_delete(ctx.get(), &ptr()) != 0) {
+ auto errmsg = std::string{"uci error: cannot delete option "} + name();
+ throw uci_error(ctx.get(), errmsg.c_str());
+ }
+}
+
+void item::rename(const char* value) const
+{
+ if (value == name()) {
+ return;
+ }
+
+ auto ctx = locked_context{};
+ auto tmp_ptr = uci_ptr{ptr()};
+
+ if (tmp_ptr.last->type != UCI_TYPE_ITEM) {
+ tmp_ptr.value = value;
+ if (uci_set(ctx.get(), &tmp_ptr) != 0) {
+ auto errmsg = std::string{"uci error: cannot rename item "} + name();
+ throw uci_error(ctx.get(), errmsg.c_str());
+ }
+ return;
+ } // else:
+
+ tmp_ptr.value = tmp_ptr.last->name;
+ if (uci_del_list(ctx.get(), &tmp_ptr) != 0) {
+ auto errmsg = std::string{"uci error: cannot rename (del) "} + name();
+ throw uci_error(ctx.get(), errmsg.c_str());
+ }
+
+ tmp_ptr.value = value;
+ if (uci_add_list(ctx.get(), &tmp_ptr) != 0) {
+ auto errmsg = std::string{"uci error: cannot rename (add) "} + value;
+ throw uci_error(ctx.get(), errmsg.c_str());
+ }
+}
+
+} // namespace uci
+
+#endif
include $(TOPDIR)/rules.mk
PKG_NAME:=nginx
-PKG_VERSION:=1.19.4
+PKG_VERSION:=1.19.6
PKG_RELEASE:=1
PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://nginx.org/download/
-PKG_HASH:=61df546927905a0d624f9396bb7a8bc7ca7fd26522ce9714d56a78b73284000e
+PKG_HASH:=b11195a02b1d3285ddf2987e02c6b6d28df41bb1b1dd25f33542848ef4fc33b5
PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de> \
Ansuel Smith <ansuelsmth@gmail.com>
TITLE:=Nginx web server
URL:=http://nginx.org/
DEPENDS:=+libopenssl +libpthread
- PROVIDES:=nginx
+ # TODO: add PROVIDES when removing nginx
+ # PROVIDES:=nginx
endef
define Package/nginx/description
VARIANT:=ssl
DEPENDS+= +NGINX_PCRE:libpcre \
+NGINX_PCRE:nginx-ssl-util +!NGINX_PCRE:nginx-ssl-util-nopcre \
- +NGINX_HTTP_GZIP:zlib +NGINX_LUA:liblua +libpthread +NGINX_DAV:libxml2 \
+ +NGINX_HTTP_GZIP:zlib +NGINX_LUA:liblua +NGINX_DAV:libxml2 \
+NGINX_UBUS:libubus +NGINX_UBUS:libblobmsg-json +NGINX_UBUS:libjson-c
+ EXTRA_DEPENDS:=nginx-ssl-util$(if $(CONFIG_NGINX_PCRE),,-nopcre) (>=1.5-1) (<2)
CONFLICTS:=nginx-all-module
endef
TITLE += with ALL module selected
DEPENDS+=+libpcre +nginx-ssl-util +zlib +liblua +libxml2 +libubus \
+libblobmsg-json +libjson-c
+ EXTRA_DEPENDS:=nginx-ssl-util (>=1.5-1) (<2)
VARIANT:=all-module
PROVIDES += nginx-ssl
endef
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/nginx $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/etc/nginx/conf.d
$(INSTALL_DATA) $(addprefix $(PKG_INSTALL_DIR)/etc/nginx/,$(config_files)) $(1)/etc/nginx/
- $(INSTALL_CONF) ./files/nginx.conf $(1)/etc/nginx/
- $(INSTALL_CONF) ./files/_lan.conf $(1)/etc/nginx/conf.d/
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/nginx.init $(1)/etc/init.d/nginx
ifeq ($(CONFIG_NGINX_NAXSI),y)
endif
$(if $(CONFIG_NGINX_NAXSI),$($(INSTALL_BIN) $(PKG_BUILD_DIR)/nginx-naxsi/naxsi_config/naxsi_core.rules $(1)/etc/nginx))
$(if $(CONFIG_NGINX_NAXSI),$(chmod 0640 $(1)/etc/nginx/naxsi_core.rules))
- $(INSTALL_CONF) ./files/_redirect2ssl.conf $(1)/etc/nginx/conf.d/
-ifneq ($(CONFIG_IPV6),y)
- $(SED) '/listen\s*\[/d' $(1)/etc/nginx/conf.d/*.conf # without IPv6 [::]
-endif
endef
Package/nginx-all-module/install = $(Package/nginx-ssl/install)
[ -z "$${IPKG_INSTROOT}" ] || exit 0
[ "$${PKG_UPGRADE}" = "1" ] && exit 0
eval $$(/usr/bin/nginx-util get_env)
-rm -f "$${CONF_DIR}$${LAN_NAME}.crt"
-rm -f "$${CONF_DIR}$${LAN_NAME}.key"
+[ "$$(uci get "nginx.$${LAN_NAME}.$${MANAGE_SSL}")" = "self-signed" ] || exit 0
+rm -f "$$(uci get "nginx.$${LAN_NAME}.ssl_certificate")"
+rm -f "$$(uci get "nginx.$${LAN_NAME}.ssl_certificate_key")"
exit 0
endef
endef
endif
+$(eval $(call BuildPackage,nginx-ssl))
+$(eval $(call BuildPackage,nginx-all-module))
+$(eval $(call BuildPackage,nginx-mod-luci))
+
# TODO: remove after a transition period (together with pkg nginx-util):
# It is for smoothly substituting nginx and nginx-mod-luci-ssl (by nginx-ssl
# respectively nginx-mod-luci). Add above commented PROVIDES when removing.
-Package/nginx = $(Package/nginx-ssl)
-Package/nginx/install = $(Package/nginx-ssl/install)
-Package/nginx/prerm = $(Package/nginx-ssl/prerm)
-$(eval $(call BuildPackage,nginx))
+define Package/nginx
+ TITLE:=Dummy package for transition when upgrading.
+ DEPENDS:=+nginx-ssl
+ PKGARCH:=all
+endef
-$(eval $(call BuildPackage,nginx-ssl))
-$(eval $(call BuildPackage,nginx-all-module))
-$(eval $(call BuildPackage,nginx-mod-luci))
+define Package/nginx/install
+ $(INSTALL_DIR) $(1)/usr/bin
+endef
+
+$(eval $(call BuildPackage,nginx))
define Package/nginx-mod-luci-ssl
TITLE:=Dummy package for transition when upgrading.
+++ /dev/null
-#!/bin/sh
-# This is a template copy it by: ./README.sh | xclip -selection c
-# to https://openwrt.org/docs/guide-user/services/webserver/nginx#configuration
-
-NGINX_UTIL="/usr/bin/nginx-util"
-
-EXAMPLE_COM="example.com"
-
-MSG="
-/* Created by the following bash script that includes the source of some files:
- * https://github.com/openwrt/packages/net/nginx/files/README.sh
- */"
-
-eval $("${NGINX_UTIL}" get_env)
-
-code() { printf "<file nginx %s>\n%s</file>" "$1" "$(cat "$(basename $1)")"; }
-
-ifConfEcho() { sed -nE "s/^\s*$1=\s*(\S*)\s*\\\\$/\n$2 \"\1\";/p" ../Makefile;}
-
-cat <<EOF
-
-
-
-
-
-===== Configuration =====${MSG}
-
-
-
-The official Documentation contains a
-[[https://docs.nginx.com/nginx/admin-guide/|Admin Guide]].
-Here we will look at some often used configuration parts and how we handle them
-at OpenWrt.
-At different places there are references to the official
-[[https://docs.nginx.com/nginx/technical-specs/|Technical Specs]]
-for further reading.
-
-**tl;dr:** The main configuration is a minimal configuration enabling the
-''${CONF_DIR}'' directory:
- * There is a ''${LAN_NAME}.conf'' containing a default server for the LAN, \
-which includes all ''*.locations''.
- * We can disable parts of the configuration by renaming them.
- * If we want to install other HTTPS servers that are also reachable locally, \
- we can include the ''${LAN_SSL_LISTEN}'' file.
- * We have a server in ''_redirect2ssl.conf'' that redirects inexistent URLs \
- to HTTPS, too.
- * We can create a self-signed certificate and add corresponding directives \
-to e.g. ''${EXAMPLE_COM}.conf'' by invoking \
-<code>$(basename ${NGINX_UTIL}) ${ADD_SSL_FCT} ${EXAMPLE_COM}</code>
-
-
-
-==== Basic ====${MSG}
-
-
-We modify the configuration by creating different configuration files in the
-''${CONF_DIR}'' directory.
-The configuration files use the file extensions ''.locations'' and
-''.conf'' plus ''.crt'' and ''.key'' for SSL certificates and keys.
-We can disable single configuration parts by giving them another extension,
-e.g., by adding ''.disabled''.
-For the new configuration to take effect, we must reload it by:
-<code>service nginx reload</code>
-
-For OpenWrt we use a special initial configuration, which is explained below in
-the section [[#openwrt_s_defaults|OpenWrt’s Defaults]].
-So, we can make a site available at a specific URL in the **LAN** by creating a
-''.locations'' file in the directory ''${CONF_DIR}''.
-Such a file consists just of some
-[[https://nginx.org/en/docs/http/ngx_http_core_module.html#location|
-location blocks]].
-Under the latter link, you can find also the official documentation for all
-available directives of the HTTP core of Nginx.
-Look for //location// in the Context list.
-
-The following example provides a simple template, see at the end for
-different [[#locations_for_apps|Locations for Apps]] and look for
-[[https://github.com/search?utf8=%E2%9C%93&q=repo%3Aopenwrt%2Fpackages
-+extension%3Alocations&type=Code&ref=advsearch&l=&l=|
-other packages using a .locations file]], too:
-<code nginx ${CONF_DIR}example.locations>
-location /ex/am/ple {
- access_log off; # default: not logging accesses.
- # access_log /proc/self/fd/1 openwrt; # use logd (init forwards stdout).
- # error_log stderr; # default: logging to logd (init forwards stderr).
- error_log /dev/null; # disable error logging after config file is read.
- # (state path of a file for access_log/error_log to the file instead.)
- index index.html;
-}
-# location /eg/static { … }
-</code>
-
-All location blocks in all ''.locations'' files must use different URLs,
-since they are all included in the ''${LAN_NAME}.conf'' that is part of the
-[[#openwrt_s_defaults|OpenWrt’s Defaults]].
-We reserve the ''location /'' for making LuCI available under the root URL,
-e.g. [[https://192.168.1.1/|192.168.1.1/]].
-All other sites shouldn’t use the root ''location /'' without suffix.
-We can make other sites available on the root URL of other domain names, e.g.
-on www.example.com/.
-In order to do that, we create a ''.conf'' file for every domain name:
-see the next section [[#new_server_parts|New Server Parts]].
-We can also activate SSL there, as described below in the section
-[[#ssl_server_parts|SSL Server Parts]].
-We use such server parts also for publishing sites to the internet (WAN)
-instead of making them available just in the LAN.
-
-Via ''.conf'' files we can also add directives to the //http// part of the
-configuration. The difference to editing the main ''${NGINX_CONF}''
-file instead is the following: If the package’s ''nginx.conf'' file is updated
-it will only be installed if the old file has not been changed.
-
-
-
-==== New Server Parts ====${MSG}
-
-
-For making the router reachable from the WAN at a registered domain name,
-it is not enough to give the name server the internet IP address of the router
-(maybe updated automatically by a
-[[docs:guide-user:services:ddns:client|DDNS Client]]).
-We also need to set up virtual hosting for this domain name by creating an
-appropriate server part in a ''${CONF_DIR}*.conf'' file.
-All such files are included at the start of Nginx by the default main
-configuration of OpenWrt ''${NGINX_CONF}'' as depicted in
-[[#openwrt_s_defaults|OpenWrt’s Defaults]].
-
-In the server part, we state the domain as
-[[https://nginx.org/en/docs/http/ngx_http_core_module.html#server_name|
-server_name]].
-The link points to the same document as for the location blocks in the
-[[#basic|Basic Configuration]]: the official documentation for all available
-directives of the HTTP core of Nginx.
-This time look for //server// in the Context list, too.
-The server part should also contain similar location blocks as before.
-We can re-include a ''.locations'' file that is included in the server part for
-the LAN by default.
-Then the site is reachable under the same path at both domains, e.g., by
-http://192.168.1.1/ex/am/ple as well as by http://example.com/ex/am/ple.
-
-The following example is a simple template:
-<code nginx ${CONF_DIR}${EXAMPLE_COM}.conf>
-server {
- listen 80;
- listen [::]:80;
- server_name ${EXAMPLE_COM};
- # location / { … } # root location for this server.
- include '${CONF_DIR}${EXAMPLE_COM}.locations';
-}
-</code>
-
-
-
-==== SSL Server Parts ====${MSG}
-
-
-We can enable HTTPS for a domain if Nginx is installed with SSL support.
-We need a SSL certificate as well as its key and add them by the directives
-//ssl_certificate// respective //ssl_certificate_key// to the server part of the
-domain.
-The rest of the configuration is similar as described in the previous section
-[[#new_server_parts|New Server Parts]],
-we only have to adjust the listen directives by adding the //ssl// parameter,
-see the official documentation for
-[[https://nginx.org/en/docs/http/configuring_https_servers.html|
-configuring HTTPS servers]], too.
-
-The [[#openwrt_s_defaults|OpenWrt’s Defaults]] include a ''${LAN_NAME}.conf''
-file containing a server part that listens on the LAN address(es) and acts as
-//default_server// with ssl on port 443.
-For making the domain name accessible in the LAN, too, the corresponding
-server part must listen **explicitly** on the local IP address(es), cf. the
-official documentation on
-[[https://nginx.org/en/docs/http/request_processing.html|request_processing]].
-We can include the file ''${LAN_SSL_LISTEN}'' that contains the listen
-directives with ssl parameter for all LAN addresses on the HTTP port 443 and is
-updated automatically.
-
-The official documentation of the SSL module contains an
-[[https://nginx.org/en/docs/http/ngx_http_ssl_module.html#example|
-example]],
-which includes some optimizations.
-The following template is extended similarly:
-<code nginx ${CONF_DIR}${EXAMPLE_COM}>
-server {
- listen 443 ssl;
- listen [::]:443 ssl;
- include '${LAN_SSL_LISTEN}';
- server_name ${EXAMPLE_COM};
- ssl_certificate '${CONF_DIR}${EXAMPLE_COM}.crt';
- ssl_certificate_key '${CONF_DIR}${EXAMPLE_COM}.key';
- ssl_session_cache ${SSL_SESSION_CACHE_ARG};
- ssl_session_timeout ${SSL_SESSION_TIMEOUT_ARG};
- # location / { … } # root location for this server.
- include '${CONF_DIR}${EXAMPLE_COM}.locations';
-}
-</code>
-
-For creating a certificate (and its key) we can use Let’s Encrypt by installing
-[[https://github.com/Neilpang/acme.sh|ACME Shell Script]]:
-<code>opkg update && opkg install acme # and for LuCI: luci-app-acme</code>
-
-For the LAN server in the ''${LAN_NAME}.conf'' file, the init script
-''/etc/init.d/nginx'' script installs automatically a self-signed certificate.
-We can use this mechanism also for other sites by issuing, e.g.:
-<code>$(basename ${NGINX_UTIL}) ${ADD_SSL_FCT} ${EXAMPLE_COM}</code>
- - It adds SSL directives to the server part of \
- ''${CONF_DIR}${EXAMPLE_COM}.conf'' like in the example above.
- - Then, it checks if there is a certificate and key for the given domain name\
- that is valid for at least 13 months or tries to create a self-signed one.
- - When cron is activated, it installs a cron job for renewing the self-signed\
- certificate every year if needed, too. We can activate cron by: \
- <code>service cron enable && service cron start</code>
-
-Beside the ''${LAN_NAME}.conf'' file, the
-[[#openwrt_s_defaults|OpenWrt’s Defaults]] include also the
-''_redirect2ssl.conf'' file containing a server part that redirects all HTTP
-request for inexistent URIs to HTTPS.
-
-
-
-==== OpenWrt’s Defaults ====${MSG}
-
-
-The default main configuration file is:
-$(code ${NGINX_CONF})
-
-We can pretend the main configuration contains also the following presets,
-since Nginx is configured with them:
-<code nginx>$(ifConfEcho --pid-path pid)\
-$(ifConfEcho --lock-path lock_file)\
-$(ifConfEcho --error-log-path error_log)\
-$(false && ifConfEcho --http-log-path access_log)\
-$(ifConfEcho --http-proxy-temp-path proxy_temp_path)\
-$(ifConfEcho --http-client-body-temp-path client_body_temp_path)\
-$(ifConfEcho --http-fastcgi-temp-path fastcgi_temp_path)\
-</code>
-
-So, the access log is turned off by default and we can look at the error log
-by ''logread'', as Nginx’s init file forwards stderr and stdout to the
-[[docs:guide-user:base-system:log.essentials|logd]].
-We can set the //error_log// and //access_log// to files where the log
-messages are forwarded to instead (after the configuration is read).
-And for redirecting the access log of a //server// or //location// to the logd,
-too, we insert the following directive in the corresponding block:
-<code nginx>
- access_log /proc/self/fd/1 openwrt;
-</code>
-
-At the end, the main configuration pulls in all ''.conf'' files from the
-directory ''${CONF_DIR}'' into the http block, especially the following
-server part for the LAN:
-$(code ${CONF_DIR}${LAN_NAME}.conf)
-
-It pulls in all ''.locations'' files from the directory ''${CONF_DIR}''.
-We can install the location parts of different sites there (see above in the
-[[#basic|Basic Configuration]]) and re-include them in server parts of other
-''${CONF_DIR}*.conf'' files.
-This is needed especially for making them available to the WAN as described
-above in the section [[#new_server_parts|New Server Parts]].
-All ''.locations'' become available on the LAN through the file
-''$(basename ${LAN_SSL_LISTEN}).default'', which contains one of the following
-directives for every local IP address:
-<code nginx>
- listen IPv4:443 ssl default_server;
- listen [IPv6]:443 ssl default_server;
-</code>
-The ''${LAN_SSL_LISTEN}'' file contains the same directives without the
-parameter ''default_server''.
-We can include this file in other server parts that should be reachable in the
-LAN through their //server_name//.
-Both files ''${LAN_SSL_LISTEN}{,.default}'' are (re-)created if Nginx starts
-through its init for OpenWrt or the LAN interface changes.
-
-There is also the following server part that redirects requests for an
-inexistent ''server_name'' from HTTP to HTTPS (using an invalid name, more in
-the official documentation on
-[[https://nginx.org/en/docs/http/request_processing.html|request_processing]]):
-$(code ${CONF_DIR}_redirect2ssl.conf)
-
-Nginx’s init file for OpenWrt installs automatically a self-signed certificate
-for the LAN server part if needed and possible:
- - Everytime Nginx starts, we check if the LAN is set up for SSL.
- - We add //ssl*// directives (like in the example of the previous section \
- [[#ssl_server_parts|SSL Server Parts]]) to the configuration file \
- ''${CONF_DIR}${LAN_NAME}.conf'' if needed and if it looks “normal”, i.e., \
- it has a ''server_name ${LAN_NAME};'' part.
- - If there is no corresponding certificate that is valid for more than 13 \
- months at ''${CONF_DIR}${LAN_NAME}.{crt,key}'', we create a self-signed one.
- - We activate SSL by including the ssl listen directives from \
- ''${LAN_SSL_LISTEN}.default'' and it becomes available by the default \
- redirect from ''listen *:80;'' in ''${CONF_DIR}_redirect2ssl.conf''
- - If cron is available, i.e., its status is not ''inactive'', we use it \
- to check the certificate for validity once a year and renew it if there \
- are only about 13 months of the more than 3 years life time left.
-
-The points 2, 3 and 5 can be used for other domains, too:
-As described in the section [[#new_server_parts|New Server Parts]] above, we
-create a server part in ''${CONF_DIR}www.example.com.conf'' with
-a corresponding ''server_name www.example.com;'' directive and call
-<code>$(basename ${NGINX_UTIL}) ${ADD_SSL_FCT} www.example.com</code>
-EOF
+++ /dev/null
-# default_server for the LAN addresses getting the IPs by:
-# ifstatus lan | jsonfilter -e '@["ipv4-address","ipv6-address"].*.address'
-server {
- server_name _lan;
- include '/var/lib/nginx/lan_ssl.listen.default';
- ssl_certificate '/etc/nginx/conf.d/_lan.crt';
- ssl_certificate_key '/etc/nginx/conf.d/_lan.key';
- ssl_session_cache 'shared:SSL:32k';
- ssl_session_timeout '64m';
- # access_log /proc/self/fd/1 openwrt; # use logd (init forwards stdout).
- include conf.d/*.locations;
-}
+++ /dev/null
-# acts as default server if there is no other.
-server {
- listen 80;
- listen [::]:80;
- server_name _redirect2ssl;
- return 302 https://$host$request_uri;
-}
+++ /dev/null
-# Please consider creating files in /etc/nginx/conf.d/ instead of editing this.
-# For details see https://openwrt.org/docs/guide-user/services/webserver/nginx
-
-worker_processes auto;
-
-user root;
-
-events {}
-
-http {
- access_log off;
- log_format openwrt
- '$request_method $scheme://$host$request_uri => $status'
- ' (${body_bytes_sent}B in ${request_time}s) <- $http_referer';
-
- include mime.types;
- default_type application/octet-stream;
- sendfile on;
-
- client_max_body_size 128M;
- large_client_header_buffers 2 1k;
-
- gzip on;
- gzip_vary on;
- gzip_proxied any;
-
- root /www;
-
- include conf.d/*.conf;
-}
[ -d /var/log/nginx ] || mkdir -p /var/log/nginx
[ -d /var/lib/nginx ] || mkdir -p /var/lib/nginx
+ rm -f "$(readlink "${UCI_CONF}")"
${NGINX_UTIL} init_lan
- CONF="${NGINX_CONF}"
+ if [ -e "${UCI_CONF}" ]
+ then CONF="${UCI_CONF}"
+ else CONF="${NGINX_CONF}"
+ fi
local message
message="$(/usr/sbin/nginx -t -c "${CONF}" -g "${G_OPTS}" 2>&1)" ||
}
-service_triggers() {
- procd_add_reload_interface_trigger loopback
- procd_add_reload_interface_trigger lan
-}
-
-
reload_service() {
nginx_init
- procd_send_signal nginx
+ if [ "$(cat "/proc/$(cat "/var/run/nginx.pid")/cmdline")" = \
+ "nginx: master process /usr/sbin/nginx -c ${CONF} -g ${G_OPTS}" ]
+ then procd_send_signal nginx
+ else restart
+ fi
}
+++ /dev/null
-#
-# Copyright (C) 2017 Steven Hessing
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-# Name and release number of this package
-PKG_NAME:=noddos
-PKG_VERSION:=0.5.5
-PKG_RELEASE:=5
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=https://github.com/noddos/noddos/releases/download/v$(PKG_VERSION)/
-PKG_HASH:=1f5be0c1015b0407036eecc8449d60d2abcacec442bba55db85fc32e89f754db
-
-PKG_MAINTAINER:=Steven Hessing <steven.hessing@gmail.com>
-PKG_LICENSE:=GPL-3.0-or-later
-PKG_LICENSE_FILES:=LICENSE.md
-
-PKG_BUILD_PARALLEL:=1
-CMAKE_INSTALL:=1
-
-include $(INCLUDE_DIR)/package.mk
-include $(INCLUDE_DIR)/cmake.mk
-
-define Package/noddos
- SECTION:=net
- CATEGORY:=Network
- TITLE:=noddos -- device-aware cloud-powered firewall
- URL:=https://www.noddos.io/
- DEPENDS:=+libstdcpp +libnetfilter-conntrack +libcurl +libopenssl +openssl-util +ca-bundle +wget +bzip2 +libtins +ipset +libpthread +libyaml-cpp
-endef
-
-define Package/noddos/description
-Noddos discovers what devices you have in your network and tailors the firewall rules based on whitelisted flows for that device. Noddos downloads the firewall rules periodically from the cloud. In order to support creating these firewall rules, noddos can, after opt-in, upload anonimized traffic statistics for each device to the cloud. The Luci interface is available in the luci-apps-noddos package. For information, visit https://www.noddos.io/
-endef
-
-define Package/noddos/conffiles
-/etc/config/noddos
-endef
-
-define Package/noddos/install
- $(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_DIR) $(1)/usr/sbin
- $(INSTALL_DIR) $(1)/etc/config
- $(INSTALL_DIR) $(1)/etc/init.d
- $(INSTALL_DIR) $(1)/etc/noddos
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/noddos $(1)/usr/sbin/
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/tools/getnoddosdeviceprofiles $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/tools/makenoddoscert.sh $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/files/noddos.init $(1)/etc/init.d/noddos
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/files/noddos.uciconfig $(1)/etc/config/noddos
- $(INSTALL_DATA) $(PKG_BUILD_DIR)/files/noddos.yml-base $(1)/etc/noddos
- $(INSTALL_DATA) $(PKG_BUILD_DIR)/files/noddosconfig.pem $(1)/etc/noddos
-endef
-
-define Package/noddos/prerm
- #!/bin/sh
- # check if we are on real system
- if [ -z "$${IPKG_INSTROOT}" ]; then
- /etc/init.d/noddos stop
- echo "Removing rc.d symlink for noddos"
- /etc/init.d/noddos disable
- fi
- exit 0
-endef
-
-define Package/noddos/postrm
- #!/bin/sh
- # check if we are on real system
- if [ -z "$${IPKG_INSTROOT}" ]; then
- echo "Removing noddos data directory"
- rm -rf /var/lib/noddos
- if [ -f /var/etc/noddos.yml ]; then
- rm /var/etc/noddos.yml
- fi
- fi
- exit 0
-endef
-
-$(eval $(call BuildPackage,noddos))
+++ /dev/null
---- a/src/opensslfingerprint.cxx
-+++ b/src/opensslfingerprint.cxx
-@@ -110,7 +110,9 @@ std::string getCertFingerprint(const std
- snprintf(&fpbuf[57], 3, "%02x", md[19]);
-
- if (Debug) {
-- syslog (LOG_DEBUG, "Cert: %s, fingerprint: %s", x->name, fpbuf);
-+ char *namebuf = X509_NAME_oneline(X509_get_subject_name(x),NULL,0);
-+ syslog (LOG_DEBUG, "Cert: %s, fingerprint: %s", namebuf, fpbuf);
-+ free(namebuf);
- }
-
- std::string fp = fpbuf;
+++ /dev/null
-From 5200105f412ceefa0784bf914aa215146fd067b0 Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Wed, 26 Dec 2018 16:45:47 -0200
-Subject: [PATCH] Ipset.cxx: update libipset API to version 7
-
-Old API compatibility was kept with a compatibility shim.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
-
-diff --git a/src/Ipset.cxx b/src/Ipset.cxx
-index 9333fe6..da97f93 100644
---- a/src/Ipset.cxx
-+++ b/src/Ipset.cxx
-@@ -90,23 +90,19 @@ void Ipset::Open (const std::string inIpsetName, std::string inIpsetType, bool i
- isIpsetv4 = inisIpsetv4;
- ipset_load_types();
-
-- struct ipset_session *session = ipset_session_init(printf);
-+ struct ipset_session *session = noddos_ipset_session_init();
- if (session == nullptr) {
- syslog (LOG_ERR, "Ipset: Cannot initialize ipset session.");
- ipset_session_fini(session);
- throw std::runtime_error ("Cannot initialize ipset session.");
- }
-
-- if (ipset_envopt_parse(session, IPSET_ENV_EXIST, NULL) < 0) {
-- syslog (LOG_ERR, "Ipset: Can't set environment option.");
-- ipset_session_fini(session);
-- throw std::runtime_error ("Can't set environment option.");
-- }
-+ ipset_envopt_set(session, IPSET_ENV_EXIST);
- int r = ipset_session_data_set(session, IPSET_SETNAME, ipsetName.c_str());
- if ( r < 0) {
-- syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_error(session));
-+ throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_report_msg(session));
- } else if (r > 0) {
- if (Debug == true) {
- syslog (LOG_DEBUG, "Ipset: Not creating set %s as it already exists", ipsetName.c_str());
-@@ -115,27 +111,27 @@ void Ipset::Open (const std::string inIpsetName, std::string inIpsetType, bool i
- return;
- }
- if (ipset_session_data_set(session, IPSET_OPT_TYPENAME, ipsetType.c_str()) < 0) {
-- syslog (LOG_ERR, "Ipset: Can't set setname %s to type %s: %s", ipsetName.c_str(), ipsetType.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't set setname %s to type %s: %s", ipsetName.c_str(), ipsetType.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't set type " + ipsetType + ": " + ipset_session_error(session));
-+ throw std::runtime_error("Can't set type " + ipsetType + ": " + ipset_session_report_msg(session));
- }
- const struct ipset_type *type = ipset_type_get(session, IPSET_CMD_CREATE);
- if (type == NULL) {
-- syslog (LOG_ERR, "Ipset: Can't set create ip %s: %s", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't set create ip %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't create ipset " + ipsetName + ": " + ipset_session_error(session));
-+ throw std::runtime_error("Can't create ipset " + ipsetName + ": " + ipset_session_report_msg(session));
- }
-
- uint32_t timeout = 0; /* default to infinity */
- if (ipset_session_data_set(session, IPSET_OPT_TIMEOUT, &timeout) < 0) {
-- syslog (LOG_ERR, "Ipset: Can't set setname %s to timeout %d: %s", ipsetName.c_str(), timeout, ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't set setname %s to timeout %d: %s", ipsetName.c_str(), timeout, ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't set time-out " + ipsetName + ": " + ipset_session_error(session));
-+ throw std::runtime_error("Can't set time-out " + ipsetName + ": " + ipset_session_report_msg(session));
- }
- if (ipset_session_data_set(session, IPSET_OPT_TYPE, type)) {
-- syslog (LOG_ERR, "Ipset: Can't set setname %s option type: %s", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't set setname %s option type: %s", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't set ipset type: " + ipsetName + ": " + ipset_session_error(session));
-+ throw std::runtime_error("Can't set ipset type: " + ipsetName + ": " + ipset_session_report_msg(session));
- }
- uint8_t family = 0;
- if (ipsetType == "hash:ip" && isIpsetv4 == true) {
-@@ -149,20 +145,20 @@ void Ipset::Open (const std::string inIpsetName, std::string inIpsetType, bool i
- throw std::invalid_argument("Unknown ipset data type " + ipsetType);
- }
- if (ipset_session_data_set(session, IPSET_OPT_FAMILY, &family) < 0) {
-- syslog (LOG_ERR, "Ipset: Can't set setname %s address family %d: %s", ipsetName.c_str(), family, ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't set setname %s address family %d: %s", ipsetName.c_str(), family, ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Cannot set ipset family: " + ipsetName + ": " + ipset_session_error(session));
-+ throw std::runtime_error("Cannot set ipset family: " + ipsetName + ": " + ipset_session_report_msg(session));
- }
-
- if (ipset_cmd(session, IPSET_CMD_CREATE, /*lineno*/ 0) != 0) {
-- syslog (LOG_ERR, "Ipset: Can't create setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't create setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Failed to create ipset " + ipsetName + ": " + ipset_session_error(session));
-+ throw std::runtime_error("Failed to create ipset " + ipsetName + ": " + ipset_session_report_msg(session));
- }
- if (ipset_commit(session) < 0) {
-- syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_error(session));
-+ throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_report_msg(session));
- }
- ipset_session_fini(session);
- }
-@@ -173,33 +169,29 @@ bool Ipset::ipset_exec(enum ipset_cmd cmd) {
- if (Debug == true) {
- syslog(LOG_DEBUG, "Ipset: received command %d for ipset %s", cmd, ipsetName.c_str());
- }
-- struct ipset_session *session = ipset_session_init(printf);
-+ struct ipset_session *session = noddos_ipset_session_init();
- if (session == nullptr) {
- syslog (LOG_ERR, "Ipset: Cannot initialize ipset session.");
- ipset_session_fini(session);
- throw std::runtime_error ("Cannot initialize ipset session.");
- }
-
-- if (ipset_envopt_parse(session, IPSET_ENV_EXIST, NULL) < 0) {
-- syslog (LOG_ERR, "Ipset: Can't set environment option.");
-- ipset_session_fini(session);
-- throw std::runtime_error ("Can't set environment option.");
-- }
-+ ipset_envopt_set(session, IPSET_ENV_EXIST);
- if (ipset_session_data_set(session, IPSET_SETNAME, ipsetName.c_str()) < 0) {
-- syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_error(session));
-+ throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_report_msg(session));
- }
-
- if (ipset_cmd(session, cmd, 0) != 0) {
- ipset_session_fini(session);
-- syslog (LOG_ERR, "Ipset: Can't exec ipset cmd for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
-- throw std::runtime_error("Can't exec ipset cmd for " + ipsetName + ": " + ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't exec ipset cmd for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
-+ throw std::runtime_error("Can't exec ipset cmd for " + ipsetName + ": " + ipset_session_report_msg(session));
- }
- if (ipset_commit(session) < 0) {
-- syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_error(session));
-+ throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_report_msg(session));
- }
- ipset_session_fini(session);
- return true;
-@@ -210,61 +202,57 @@ bool Ipset::ipset_exec(enum ipset_cmd cmd, const Tins::IPv4Address &inIpAddress
- if (Debug == true) {
- syslog(LOG_DEBUG, "Ipset: received command %d for IP address %s for ipset %s", cmd, inIpAddress.to_string().c_str(), ipsetName.c_str());
- }
-- struct ipset_session *session = ipset_session_init(printf);
-+ struct ipset_session *session = noddos_ipset_session_init();
- if (session == nullptr) {
- syslog (LOG_ERR, "Ipset: Cannot initialize ipset session.");
- ipset_session_fini(session);
- throw std::runtime_error ("Cannot initialize ipset session.");
- }
-
-- if (ipset_envopt_parse(session, IPSET_ENV_EXIST, NULL) < 0) {
-- syslog (LOG_ERR, "Ipset: Can't set environment option.");
-- ipset_session_fini(session);
-- throw std::runtime_error ("Can't set environment option.");
-- }
-+ ipset_envopt_set(session, IPSET_ENV_EXIST);
- if (ipset_session_data_set(session, IPSET_SETNAME, ipsetName.c_str()) < 0) {
-- syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_error(session));
-+ throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_report_msg(session));
- }
- const struct ipset_type *type = ipset_type_get(session, cmd);
- if (type == NULL) {
-- syslog (LOG_ERR, "Ipset: Can't get type for set %s: %s", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't get type for set %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't get type for set " + ipsetName + ": " + ipset_session_error(session));
-+ throw std::runtime_error("Can't get type for set " + ipsetName + ": " + ipset_session_report_msg(session));
- }
-
- uint8_t family = NFPROTO_IPV4;
- if (ipset_session_data_set(session, IPSET_OPT_FAMILY, &family) < 0) {
-- syslog (LOG_ERR, "Ipset: Can't set session data to IPv4 family for set %s: %s", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't set session data to IPv4 family for set %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't set session data for " + ipsetName + " to the IPv4 family, error: " + ipset_session_error(session));
-+ throw std::runtime_error("Can't set session data for " + ipsetName + " to the IPv4 family, error: " + ipset_session_report_msg(session));
- }
- struct in_addr sin;
- inet_aton (inIpAddress.to_string().c_str(), &sin);
- if (ipset_session_data_set(session, IPSET_OPT_IP, &sin) < 0) {
-- syslog (LOG_ERR, "Can't set session data to the IPv4 address for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Can't set session data to the IPv4 address for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't set session data to the IPv4 address for setname " + ipsetName + ", error: " + ipset_session_error(session));
-+ throw std::runtime_error("Can't set session data to the IPv4 address for setname " + ipsetName + ", error: " + ipset_session_report_msg(session));
- }
-
- if (timeout) {
- if (ipset_session_data_set(session, IPSET_OPT_TIMEOUT, &timeout) != 0) {
-- syslog (LOG_ERR, "Ipset: Can't set timeout for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't set timeout for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't set timeout for " + ipsetName + ": " + ipset_session_error(session));
-+ throw std::runtime_error("Can't set timeout for " + ipsetName + ": " + ipset_session_report_msg(session));
- return false;
- }
- }
- if (ipset_cmd(session, cmd, 0) != 0) {
- ipset_session_fini(session);
-- syslog (LOG_ERR, "Ipset: Can't exec ipset cmd for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
-- throw std::runtime_error("Can't exec ipset cmd for " + ipsetName + ": " + ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't exec ipset cmd for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
-+ throw std::runtime_error("Can't exec ipset cmd for " + ipsetName + ": " + ipset_session_report_msg(session));
- }
- if (ipset_commit(session) < 0) {
-- syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_error(session));
-+ throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_report_msg(session));
- }
- ipset_session_fini(session);
- return true;
-@@ -274,61 +262,57 @@ bool Ipset::ipset_exec(enum ipset_cmd cmd, const Tins::IPv6Address &inIpAddress
- if (Debug == true) {
- syslog(LOG_DEBUG, "Ipset: received command %d for IP address %s for ipset %s", cmd, inIpAddress.to_string().c_str(), ipsetName.c_str());
- }
-- struct ipset_session *session = ipset_session_init(printf);
-+ struct ipset_session *session = noddos_ipset_session_init();
- if (session == nullptr) {
- syslog (LOG_ERR, "Ipset: Cannot initialize ipset session.");
- ipset_session_fini(session);
- throw std::runtime_error ("Cannot initialize ipset session.");
- }
-
-- if (ipset_envopt_parse(session, IPSET_ENV_EXIST, NULL) < 0) {
-- syslog (LOG_ERR, "Ipset: Can't set environment option.");
-- ipset_session_fini(session);
-- throw std::runtime_error ("Can't set environment option.");
-- }
-+ ipset_envopt_set(session, IPSET_ENV_EXIST);
- if (ipset_session_data_set(session, IPSET_SETNAME, ipsetName.c_str()) < 0) {
-- syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_error(session));
-+ throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_report_msg(session));
- }
- const struct ipset_type *type = ipset_type_get(session, cmd);
- if (type == NULL) {
-- syslog (LOG_ERR, "Ipset: Can't get type for set %s: %s", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't get type for set %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't get type for set " + ipsetName + ": " + ipset_session_error(session));
-+ throw std::runtime_error("Can't get type for set " + ipsetName + ": " + ipset_session_report_msg(session));
- }
-
- uint8_t family = NFPROTO_IPV6;
- if (ipset_session_data_set(session, IPSET_OPT_FAMILY, &family) < 0) {
-- syslog (LOG_ERR, "Ipset: Can't set session data to IPv6 family for set %s: %s", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't set session data to IPv6 family for set %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't set session data for " + ipsetName + " to the IPv6 family, error: " + ipset_session_error(session));
-+ throw std::runtime_error("Can't set session data for " + ipsetName + " to the IPv6 family, error: " + ipset_session_report_msg(session));
- }
-
- unsigned char buf[sizeof(struct in6_addr)];
- int s = inet_pton(AF_INET6, inIpAddress.to_string().c_str(), buf);
- if (ipset_session_data_set(session, IPSET_OPT_IP, &buf) < 0) {
-- syslog (LOG_ERR, "Ipset: Can't set session data to the IPv4 address for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't set session data to the IPv4 address for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't set session data to the IPv4 address for setname " + ipsetName + ", error: " + ipset_session_error(session));
-+ throw std::runtime_error("Can't set session data to the IPv4 address for setname " + ipsetName + ", error: " + ipset_session_report_msg(session));
- }
-
- if (timeout) {
- if (ipset_session_data_set(session, IPSET_OPT_TIMEOUT, &timeout) != 0) {
-- syslog (LOG_ERR, "Ipset: Can't set timeout for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't set timeout for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't set timeout for " + ipsetName + ": " + ipset_session_error(session));
-+ throw std::runtime_error("Can't set timeout for " + ipsetName + ": " + ipset_session_report_msg(session));
- }
- }
- if (ipset_cmd(session, cmd, 0) != 0) {
-- syslog (LOG_ERR, "Ipset: Can't exec ipset cmd for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't exec ipset cmd for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't exec ipset cmd for " + ipsetName + ": " + ipset_session_error(session));
-+ throw std::runtime_error("Can't exec ipset cmd for " + ipsetName + ": " + ipset_session_report_msg(session));
- }
- if (ipset_commit(session) < 0) {
-- syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_error(session));
-+ throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_report_msg(session));
- }
- ipset_session_fini(session);
- return true;
-@@ -338,50 +322,46 @@ bool Ipset::ipset_exec(enum ipset_cmd cmd, const std::string Mac, time_t timeout
- if (Debug == true) {
- syslog(LOG_DEBUG, "Ipset: received command %d for MAC address %s for ipset %s", cmd, Mac.c_str(), ipsetName.c_str());
- }
-- struct ipset_session *session = ipset_session_init(printf);
-+ struct ipset_session *session = noddos_ipset_session_init();
- if (session == nullptr) {
- syslog (LOG_ERR, "Ipset: Cannot initialize ipset session.");
- ipset_session_fini(session);
- throw std::runtime_error ("Cannot initialize ipset session.");
- }
-
-- if (ipset_envopt_parse(session, IPSET_ENV_EXIST, NULL) < 0) {
-- syslog (LOG_ERR, "Ipset: Can't set environment option.");
-- ipset_session_fini(session);
-- throw std::runtime_error ("Can't set environment option.");
-- }
-+ ipset_envopt_set(session, IPSET_ENV_EXIST);
- if (ipset_session_data_set(session, IPSET_SETNAME, ipsetName.c_str()) < 0) {
-- syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't set setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_error(session));
-+ throw std::runtime_error("Can't set setname " + ipsetName + ": " + ipset_session_report_msg(session));
- }
- const struct ipset_type *type = ipset_type_get(session, cmd);
- if (type == NULL) {
-- syslog (LOG_ERR, "Ipset: Can't get type for set %s: %s", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't get type for set %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't get type for set " + ipsetName + ": " + ipset_session_error(session));
-+ throw std::runtime_error("Can't get type for set " + ipsetName + ": " + ipset_session_report_msg(session));
- }
- if (ipset_parse_elem(session, (ipset_opt)type->last_elem_optional, Mac.c_str()) < 0) {
-- syslog (LOG_ERR, "Ipset: Can't call ipset_parse_elem for %s: %s ", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't call ipset_parse_elem for %s: %s ", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't call ipset_parse_elem for ipset " + ipsetName + ": " + ipset_session_error(session));
-+ throw std::runtime_error("Can't call ipset_parse_elem for ipset " + ipsetName + ": " + ipset_session_report_msg(session));
- }
- if (timeout) {
- if (ipset_session_data_set(session, IPSET_OPT_TIMEOUT, &timeout) != 0) {
-- syslog (LOG_ERR, "Ipset: Can't set timeout for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't set timeout for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't set timeout for " + ipsetName + ": " + ipset_session_error(session));
-+ throw std::runtime_error("Can't set timeout for " + ipsetName + ": " + ipset_session_report_msg(session));
- }
- }
- if (ipset_cmd(session, cmd, 0) != 0) {
-- syslog (LOG_ERR, "Ipset: Can't exec ipset cmd for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't exec ipset cmd for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't exec ipset cmd for " + ipsetName + ": " + ipset_session_error(session));
-+ throw std::runtime_error("Can't exec ipset cmd for " + ipsetName + ": " + ipset_session_report_msg(session));
- }
- if (ipset_commit(session) < 0) {
-- syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_error(session));
-+ throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_report_msg(session));
- }
- ipset_session_fini(session);
- return true;
-diff --git a/src/Ipset.h b/src/Ipset.h
-index 2c5f7b2..eb180da 100644
---- a/src/Ipset.h
-+++ b/src/Ipset.h
-@@ -41,6 +41,31 @@
-
- #include "MacAddress.h"
-
-+#if IPSET_PROTOCOL < 7
-+/* compatibility shims */
-+
-+inline void ipset_envopt_set(struct ipset_session *session, enum ipset_envopt opt)
-+{
-+ ipset_envopt_parse(session, opt, NULL);
-+}
-+
-+inline const char * ipset_session_report_msg(const struct ipset_session *session)
-+{
-+ return ipset_session_error(session);
-+}
-+
-+static inline struct ipset_session *noddos_ipset_session_init(void)
-+{
-+ return ipset_session_init(printf);
-+}
-+
-+#else
-+
-+static inline struct ipset_session *noddos_ipset_session_init(void)
-+{
-+ return ipset_session_init(NULL, NULL);
-+}
-+#endif
-
- std::string getIpsetUuid (std::string inUuid);
- std::string getIpsetName (std::string inUuid, bool inSrc, bool inIpv4 = true);
-@@ -99,23 +124,19 @@ public:
- }
- bool Exists() {
- try {
-- struct ipset_session *session = ipset_session_init(printf);
-+ struct ipset_session *session = noddos_ipset_session_init();
- if (session == nullptr) {
- syslog (LOG_ERR, "Ipset: Cannot initialize ipset session.");
- ipset_session_fini(session);
- throw std::runtime_error ("Cannot initialize ipset session.");
- }
-
-- if (ipset_envopt_parse(session, IPSET_ENV_EXIST, NULL) < 0) {
-- syslog (LOG_ERR, "Ipset: Can't set environment option.");
-- ipset_session_fini(session);
-- throw std::runtime_error ("Can't set environment option.");
-- }
-+ ipset_envopt_set(session, IPSET_ENV_EXIST);
- int r = ipset_session_data_set(session, IPSET_SETNAME, ipsetName.c_str());
- if (ipset_commit(session) < 0) {
-- syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_error(session));
-+ syslog (LOG_ERR, "Ipset: Can't commit for setname %s: %s", ipsetName.c_str(), ipset_session_report_msg(session));
- ipset_session_fini(session);
-- throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_error(session));
-+ throw std::runtime_error("Can't call ipset_commit for " + ipsetName + ": " + ipset_session_report_msg(session));
- }
- ipset_session_fini(session);
- return r == 0;
+++ /dev/null
-From eb1730afff9377a5f167d0738ad0b3aeba9634d0 Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Tue, 19 Mar 2019 18:27:10 -0300
-Subject: [PATCH] getnoddosdeviceprofiles: wget timestamping check
-
-Check if the --timestamping option is available to avoid an error in
-openwrt when wget is handled by uclient-fetch.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
-
-diff --git a/tools/getnoddosdeviceprofiles b/tools/getnoddosdeviceprofiles
-index 337e351..174034f 100755
---- a/tools/getnoddosdeviceprofiles
-+++ b/tools/getnoddosdeviceprofiles
-@@ -86,7 +86,12 @@ fi
- # That's also why we don't delete the downloaded file
- if [ "$WGET" != "" ]
- then
-- GETURL="$WGET --quiet --timestamping"
-+ GETURL="$WGET --quiet"
-+ # Make sure wget accepts --timestamping
-+ if wget --help 2>&1 | egrep timestamping > /dev/null
-+ then
-+ GETURL="$GETURL --timestamping"
-+ fi
- else
- if [ "$CURL" != "" ]
- then
+++ /dev/null
---- a/src/opensslfingerprint.cxx
-+++ b/src/opensslfingerprint.cxx
-@@ -73,9 +73,11 @@ std::string getCertFingerprint(const std::string certfile, const bool Debug = fa
- // closes file
- close(fd);
-
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- // initialize OpenSSL
- SSL_load_error_strings();
- SSL_library_init();
-+#endif
-
- // creates BIO buffer
- BIO * bio = BIO_new_mem_buf(buff, len);
PKG_NAME:=ola
PKG_VERSION:=0.10.8
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/OpenLightingProject/ola/tar.gz/$(PKG_VERSION)?
--- /dev/null
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -61,7 +61,7 @@ COMMON_TESTING_PROTOBUF_FLAGS = $(COMMON
+
+ # The generated protobuf files don't compile with -Werror on win32 so we
+ # disable fatal warnings on WIN32.
+-if ! USING_WIN32
++if USING_WIN32
+ if FATAL_WARNINGS
+ COMMON_CXXFLAGS += -Werror
+ COMMON_PROTOBUF_CXXFLAGS += -Werror -Wno-error=unused-parameter \
#
-# Copyright (C) 2020 CZ.NIC, z. s. p. o. (https://www.nic.cz/)
+# Copyright (C) 2020-2021 CZ.NIC, z. s. p. o. (https://www.nic.cz/)
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=ooniprobe
-PKG_VERSION:=3.0.11
+PKG_VERSION:=3.4.0
PKG_RELEASE:=1
PKG_SOURCE:=probe-cli-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/ooni/probe-cli/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=870b8e2d801a5ae96a27fe0f7898f70ff2839ea12c9872e272b78f175e07deb2
+PKG_HASH:=e573cc6496860b75c02d35a1829c220c9c8062350f2178fce208698538bb3ced
PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec@nic.cz>
PKG_LICENSE:=BSD-3-Clause
include $(TOPDIR)/rules.mk
PKG_NAME:=open-iscsi
-PKG_VERSION:=2.1.1
-PKG_RELEASE:=2
+PKG_VERSION:=2.1.3
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/open-iscsi/open-iscsi/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=dfc1ea37f230f9d116f5b39c795b35be43002d65c81330ccd3878786532b811b
+PKG_HASH:=5410474b23552016220d04aa181903cb50ae988f29e99cb03f3e2de86a109be4
PKG_MAINTAINER:=Lucian CRISTIAN <lucian.cristian@gmail.com>
PKG_LICENSE:=GPL-2.0-or-later
--build=$(GNU_HOST_NAME) \
--prefix=/usr \
LIB_DIR=/usr/lib \
+ CC="$(TARGET_CC)" \
CFLAGS="$(TARGET_CFLAGS) $(EXTRA_CFLAGS)" \
)
endef
usr/idbm.c | 18 +++++-------------
1 file changed, 5 insertions(+), 13 deletions(-)
-diff --git a/usr/idbm.c b/usr/idbm.c
-index be4d4e3..a7da540 100644
--- a/usr/idbm.c
+++ b/usr/idbm.c
-@@ -2078,6 +2078,10 @@ static int idbm_rec_write(node_rec_t *rec, bool disable_lock)
+@@ -2178,6 +2178,10 @@ static int idbm_rec_write(node_rec_t *re
goto free_portal;
}
rc = stat(portal, &statb);
if (rc) {
rc = 0;
-@@ -2086,22 +2090,10 @@ static int idbm_rec_write(node_rec_t *rec, bool disable_lock)
+@@ -2186,23 +2190,11 @@ static int idbm_rec_write(node_rec_t *re
* set the tgpt. In new versions you must pass all the info in
* from the start
*/
}
if (!S_ISDIR(statb.st_mode)) {
-- /*
+ /*
- * older iscsiadm versions had you create the config then set
- * set the tgpt. In new versions you must pass all the info in
- * from the start
- if (rec->tpgt == PORTAL_GROUP_TAG_UNKNOWN)
- /* drop down to old style portal as config */
- goto open_conf;
- /*
+- /*
* Old style portal as a file, but with tpgt. Let's update it.
*/
---
-2.21.0
-
+ if (unlink(portal)) {
usr/idbm.c | 129 +++++++++++++++++++++++++++++++++++------------------
1 file changed, 86 insertions(+), 43 deletions(-)
-diff --git a/usr/idbm.c b/usr/idbm.c
-index a7da540..2f5e309 100644
--- a/usr/idbm.c
+++ b/usr/idbm.c
-@@ -2030,12 +2030,7 @@ mkdir_portal:
+@@ -2130,12 +2130,7 @@ mkdir_portal:
return f;
}
{
struct stat statb;
FILE *f;
-@@ -2048,39 +2043,8 @@ static int idbm_rec_write(node_rec_t *rec, bool disable_lock)
+@@ -2148,39 +2143,8 @@ static int idbm_rec_write(node_rec_t *re
return ISCSI_ERR_NOMEM;
}
rc = stat(portal, &statb);
if (rc) {
-@@ -2101,11 +2065,11 @@ static int idbm_rec_write(node_rec_t *rec, bool disable_lock)
+@@ -2201,11 +2165,11 @@ static int idbm_rec_write(node_rec_t *re
log_error("Could not convert %s: %s", portal,
strerror(errno));
rc = ISCSI_ERR_IDBM;
}
mkdir_portal:
-@@ -2116,24 +2080,103 @@ mkdir_portal:
+@@ -2216,24 +2180,103 @@ mkdir_portal:
log_error("Could not make dir %s: %s",
portal, strerror(errno));
rc = ISCSI_ERR_IDBM;
rc = ISCSI_ERR_IDBM;
- goto unlock;
+ goto free_portal;
- }
-
- idbm_print(IDBM_PRINT_TYPE_NODE, rec, 1, f);
- fclose(f);
--unlock:
++ }
++
++ idbm_print(IDBM_PRINT_TYPE_NODE, rec, 1, f);
++ fclose(f);
+free_portal:
+ free(portal);
+ return rc;
+ if (!portal) {
+ log_error("Could not alloc portal");
+ return ISCSI_ERR_NOMEM;
-+ }
+ }
+ snprintf(portal, PATH_MAX, "%s/%s/%s,%d", NODE_CONFIG_DIR,
+ rec->name, rec->conn[0].address, rec->conn[0].port);
-+
+
+ f = fopen(portal, "w");
+ if (!f) {
+ log_error("Could not open %s: %sd", portal, strerror(errno));
+ rc = ISCSI_ERR_IDBM;
+ goto free_portal;
+ }
-+ idbm_print(IDBM_PRINT_TYPE_NODE, rec, 1, f);
-+ fclose(f);
+ idbm_print(IDBM_PRINT_TYPE_NODE, rec, 1, f);
+ fclose(f);
+-unlock:
+free_portal:
+ free(portal);
+ return rc;
if (!disable_lock)
idbm_unlock();
free_portal:
---
-2.21.0
-
usr/idbm.c | 40 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 40 insertions(+)
-diff --git a/usr/idbm.c b/usr/idbm.c
-index b6193e7..2208c4a 100644
--- a/usr/idbm.c
+++ b/usr/idbm.c
@@ -28,6 +28,7 @@
#define IDBM_HIDE 0 /* Hide parameter when print. */
#define IDBM_SHOW 1 /* Show parameter when print. */
#define IDBM_MASKED 2 /* Show "stars" instead of real value when print */
-@@ -202,6 +207,8 @@ static struct int_list_tbl {
+@@ -203,6 +208,8 @@ static struct int_list_tbl {
{ "SHA3-256", AUTH_CHAP_ALG_SHA3_256 },
};
static void
idbm_recinfo_discovery(discovery_rec_t *r, recinfo_t *ri)
{
-@@ -2206,12 +2213,49 @@ static int idbm_rec_write_old(node_rec_t *rec)
+@@ -2207,12 +2214,49 @@ static int idbm_rec_write_old(node_rec_t
FILE *f;
char *portal;
int rc = 0;
snprintf(portal, PATH_MAX, "%s/%s/%s,%d", NODE_CONFIG_DIR,
rec->name, rec->conn[0].address, rec->conn[0].port);
-
usr/iface.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
-diff --git a/usr/iface.c b/usr/iface.c
-index 645b0b8..9cd07fd 100644
--- a/usr/iface.c
+++ b/usr/iface.c
-@@ -993,6 +993,7 @@ int iface_setup_from_boot_context(struct iface_rec *iface,
+@@ -998,6 +998,7 @@ int iface_setup_from_boot_context(struct
{
struct iscsi_transport *t = NULL;
uint32_t hostno;
if (strlen(context->initiatorname))
strlcpy(iface->iname, context->initiatorname,
-@@ -1006,10 +1007,7 @@ int iface_setup_from_boot_context(struct iface_rec *iface,
+@@ -1011,10 +1012,7 @@ int iface_setup_from_boot_context(struct
return 0;
}
} else if (strlen(context->iface)) {
memset(transport_name, 0, ISCSI_TRANSPORT_NAME_MAXLEN);
/* make sure offload driver is loaded */
-@@ -1035,9 +1033,6 @@ int iface_setup_from_boot_context(struct iface_rec *iface,
+@@ -1040,9 +1038,6 @@ int iface_setup_from_boot_context(struct
}
strlcpy(iface->netdev, context->iface, sizeof(iface->netdev));
} else
return 0;
---
-2.21.0
-
usr/iscsid.c | 2 +-
6 files changed, 15 insertions(+), 15 deletions(-)
-diff --git a/iscsiuio/src/unix/libs/qedi.c b/iscsiuio/src/unix/libs/qedi.c
-index 3414cb5..a359700 100644
--- a/iscsiuio/src/unix/libs/qedi.c
+++ b/iscsiuio/src/unix/libs/qedi.c
-@@ -1023,7 +1023,7 @@ static int qedi_read(nic_t *nic, packet_t *pkt)
+@@ -1030,7 +1030,7 @@ static int qedi_read(nic_t *nic, packet_
LOG_DEBUG(PFX "%s:hw_prod %d bd_prod %d, rx_pkt_idx %d, rxlen %d",
nic->log_name, hw_prod, bd_prod, rx_bd->rx_pkt_index, len);
nic->log_name, sw_cons, bd_cons, QEDI_NUM_RX_BD);
if (bd_cons != bd_prod) {
-diff --git a/iscsiuio/src/unix/main.c b/iscsiuio/src/unix/main.c
-index 0c9ad49..f83f305 100644
--- a/iscsiuio/src/unix/main.c
+++ b/iscsiuio/src/unix/main.c
@@ -391,6 +391,9 @@ int main(int argc, char *argv[])
/* Spin off the signal handling thread */
pthread_attr_init(&attr);
-diff --git a/libopeniscsiusr/idbm.c b/libopeniscsiusr/idbm.c
-index 7bc2381..7d4c338 100644
--- a/libopeniscsiusr/idbm.c
+++ b/libopeniscsiusr/idbm.c
-@@ -321,12 +321,11 @@ int _idbm_lock(struct iscsi_context *ctx)
+@@ -321,12 +321,11 @@ int _idbm_lock(struct iscsi_context *ctx
return 0;
}
}
fd = open(LOCK_FILE, O_RDWR | O_CREAT, 0666);
-diff --git a/usr/idbm.c b/usr/idbm.c
-index d5e16cb..a210c88 100644
--- a/usr/idbm.c
+++ b/usr/idbm.c
-@@ -1438,12 +1438,10 @@ int idbm_lock(void)
+@@ -1439,12 +1439,10 @@ int idbm_lock(void)
return 0;
}
}
fd = open(LOCK_FILE, O_RDWR | O_CREAT, 0666);
-diff --git a/usr/iscsid.c b/usr/iscsid.c
-index 99d27ab..dbb0900 100644
--- a/usr/iscsid.c
+++ b/usr/iscsid.c
-@@ -490,8 +490,8 @@ int main(int argc, char *argv[])
+@@ -495,8 +495,8 @@ int main(int argc, char *argv[])
log_close(log_pid);
exit(ISCSI_ERR);
}
if ((control_fd = ipc->ctldev_open()) < 0) {
log_close(log_pid);
-diff --git a/usr/initiator.c b/usr/initiator.c
-index a07f9aa..a06760c 100644
--- a/usr/initiator.c
+++ b/usr/initiator.c
-@@ -580,7 +580,7 @@ __session_conn_reopen(iscsi_conn_t *conn, queue_task_t *qtask, int do_stop,
+@@ -580,7 +580,7 @@ __session_conn_reopen(iscsi_conn_t *conn
int redirected)
{
iscsi_session_t *session = conn->session;
log_debug(1, "re-opening session %d (reopen_cnt %d)", session->id,
session->reopen_cnt);
---
-2.21.1
-
+++ /dev/null
-From d4ed4972df1ffe9381e33f2800f8e574f632948c Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Mon, 2 Mar 2020 15:21:30 -0800
-Subject: [PATCH 1/1] iscsi_if.h replace zero-length array with flexible-array
- member
-
----
- include/iscsi_if.h | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/include/iscsi_if.h b/include/iscsi_if.h
-index 2d46214..e8cee0d 100644
---- a/include/iscsi_if.h
-+++ b/include/iscsi_if.h
-@@ -337,7 +337,7 @@ enum iscsi_param_type {
- struct iscsi_param_info {
- uint32_t len; /* Actual length of the param value */
- uint16_t param; /* iscsi param */
-- uint8_t value[0]; /* length sized value follows */
-+ uint8_t value[]; /* length sized value follows */
- } __attribute__((__packed__));
-
- struct iscsi_iface_param_info {
-@@ -346,7 +346,7 @@ struct iscsi_iface_param_info {
- uint16_t param; /* iscsi param value */
- uint8_t iface_type; /* IPv4 or IPv6 */
- uint8_t param_type; /* iscsi_param_type */
-- uint8_t value[0]; /* length sized value follows */
-+ uint8_t value[]; /* length sized value follows */
- } __attribute__((__packed__));
-
- /*
-@@ -723,7 +723,7 @@ enum iscsi_flashnode_param {
- struct iscsi_flashnode_param_info {
- uint32_t len; /* Actual length of the param */
- uint16_t param; /* iscsi param value */
-- uint8_t value[0]; /* length sized value follows */
-+ uint8_t value[]; /* length sized value follows */
- } __attribute__((__packed__));
-
- enum iscsi_discovery_parent_type {
-@@ -841,7 +841,7 @@ struct iscsi_stats {
- * up to ISCSI_STATS_CUSTOM_MAX
- */
- uint32_t custom_length;
-- struct iscsi_stats_custom custom[0]
-+ struct iscsi_stats_custom custom[]
- __attribute__ ((aligned (sizeof(uint64_t))));
- };
-
-@@ -972,7 +972,7 @@ struct iscsi_offload_host_stats {
- * up to ISCSI_HOST_STATS_CUSTOM_MAX
- */
- uint32_t custom_length;
-- struct iscsi_host_stats_custom custom[0]
-+ struct iscsi_host_stats_custom custom[]
- __attribute__ ((aligned (sizeof(uint64_t))));
- };
-
---
-2.21.1
-
+++ /dev/null
-From b32f59619c32ed6cd136194d92c649b74926c6f2 Mon Sep 17 00:00:00 2001
-From: Lee Duncan <lduncan@suse.com>
-Date: Wed, 25 Mar 2020 18:00:50 -0700
-Subject: [PATCH] Fix issue where "iscsi-iname -p" core dumps.
-
-While I was at it, I made the usage message a function
-and made it print to stderr insted of stdout.
----
- utils/Makefile | 2 +-
- utils/iscsi-iname.c | 17 +++++++++++++----
- 2 files changed, 14 insertions(+), 5 deletions(-)
-
-diff --git a/utils/Makefile b/utils/Makefile
-index f65f1e79..aed3bb0a 100644
---- a/utils/Makefile
-+++ b/utils/Makefile
-@@ -1,7 +1,7 @@
- # This Makefile will work only with GNU make.
-
- CFLAGS ?= -O2 -fno-inline -g
--CFLAGS += -Wall -Wstrict-prototypes
-+CFLAGS += -Wall -Wextra -Wstrict-prototypes
- PROGRAMS = iscsi-iname
-
- all: $(PROGRAMS)
-diff --git a/utils/iscsi-iname.c b/utils/iscsi-iname.c
-index da850dca..0f587e1e 100644
---- a/utils/iscsi-iname.c
-+++ b/utils/iscsi-iname.c
-@@ -40,6 +40,13 @@
- * a seperator and 12 characters (6 random bytes in hex representation) */
- #define PREFIX_MAX_LEN 210
-
-+static void usage(void)
-+{
-+ fprintf(stderr, "Usage: iscsi-iname [-h | --help | -p <prefix>]\n");
-+ fprintf(stderr, "where <prefix> has max length of %d\n",
-+ PREFIX_MAX_LEN);
-+}
-+
- int
- main(int argc, char *argv[])
- {
-@@ -68,15 +75,17 @@ main(int argc, char *argv[])
- "on every invocation.\n");
- exit(0);
- } else if ( strcmp(prefix, "-p") == 0 ) {
-+ if (argc != 3) {
-+ usage();
-+ exit(1);
-+ }
- prefix = argv[2];
- if (strnlen(prefix, PREFIX_MAX_LEN + 1) > PREFIX_MAX_LEN) {
-- printf("Error: Prefix cannot exceed %d "
-- "characters.\n", PREFIX_MAX_LEN);
-+ usage();
- exit(1);
- }
- } else {
-- printf("\nUsage: iscsi-iname [-h | --help | "
-- "-p <prefix>]\n");
-+ usage();
- exit(0);
- }
- } else {
+++ /dev/null
-From 6ed14d48f6e9a8dfb37cc68472b04cfb3673b7bd Mon Sep 17 00:00:00 2001
-From: Lee Duncan <lduncan@suse.com>
-Date: Fri, 27 Mar 2020 17:50:41 -0700
-Subject: [PATCH 1/3] Change include of <sys/poll.h> to <poll.h>
-
-The proper local is <poll.h>.
----
- iscsiuio/src/unix/nic_nl.c | 2 +-
- usr/discovery.c | 2 +-
- usr/event_poll.c | 2 +-
- usr/io.c | 2 +-
- usr/netlink.c | 2 +-
- 5 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/iscsiuio/src/unix/nic_nl.c b/iscsiuio/src/unix/nic_nl.c
-index f8306563..dee462e7 100644
---- a/iscsiuio/src/unix/nic_nl.c
-+++ b/iscsiuio/src/unix/nic_nl.c
-@@ -50,7 +50,7 @@
- #include <linux/netlink.h>
- #include <iscsi_if.h>
- #include <sys/ioctl.h>
--#include <sys/poll.h>
-+#include <poll.h>
- #include <sys/types.h>
- #include <sys/user.h>
- #include <sys/socket.h>
-diff --git a/usr/discovery.c b/usr/discovery.c
-index 9ce122e1..7dec696f 100644
---- a/usr/discovery.c
-+++ b/usr/discovery.c
-@@ -25,7 +25,7 @@
- #include <stdint.h>
- #include <stdlib.h>
- #include <string.h>
--#include <sys/poll.h>
-+#include <poll.h>
- #include <sys/time.h>
- #include <sys/param.h>
- #include <sys/socket.h>
-diff --git a/usr/event_poll.c b/usr/event_poll.c
-index 4cf4ce2b..ffd12a37 100644
---- a/usr/event_poll.c
-+++ b/usr/event_poll.c
-@@ -23,7 +23,7 @@
- */
- #include <stdlib.h>
- #include <errno.h>
--#include <sys/poll.h>
-+#include <poll.h>
- #include <sys/types.h>
- #include <sys/wait.h>
- #include <sys/signalfd.h>
-diff --git a/usr/io.c b/usr/io.c
-index 210a10ad..a46c9f8c 100644
---- a/usr/io.c
-+++ b/usr/io.c
-@@ -24,7 +24,7 @@
- #include <signal.h>
- #include <unistd.h>
- #include <fcntl.h>
--#include <sys/poll.h>
-+#include <poll.h>
- #include <sys/ioctl.h>
- #include <netinet/tcp.h>
- #include <arpa/inet.h>
-diff --git a/usr/netlink.c b/usr/netlink.c
-index d42ca4fb..22cad834 100644
---- a/usr/netlink.c
-+++ b/usr/netlink.c
-@@ -30,7 +30,7 @@
- #include <asm/types.h>
- #include <sys/socket.h>
- #include <sys/types.h>
--#include <sys/poll.h>
-+#include <poll.h>
- #include <linux/netlink.h>
-
- #include "types.h"
-
-From fbe6c1c766a88edccb0d7f4168d2d87a3cdb4660 Mon Sep 17 00:00:00 2001
-From: Lee Duncan <lduncan@suse.com>
-Date: Fri, 27 Mar 2020 17:57:52 -0700
-Subject: [PATCH 2/3] Fix type mismatch under musl.
-
-It complains about rl.rlim_cur and rl.rlim_max being
-long long unsigned, so cast them, since it's debug
-messages anyway.
----
- usr/iscsi_util.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/usr/iscsi_util.c b/usr/iscsi_util.c
-index fd8fc0cf..db1dc377 100644
---- a/usr/iscsi_util.c
-+++ b/usr/iscsi_util.c
-@@ -152,7 +152,9 @@ int increase_max_files(void)
- log_debug(1, "Could not get file limit (err %d)", errno);
- return errno;
- }
-- log_debug(1, "Max file limits %lu %lu", rl.rlim_cur, rl.rlim_max);
-+ log_debug(1, "Max file limits %lu %lu",
-+ (long unsigned)rl.rlim_cur,
-+ (long unsigned)rl.rlim_max);
-
- if (rl.rlim_cur < ISCSI_MAX_FILES)
- rl.rlim_cur = ISCSI_MAX_FILES;
-@@ -162,7 +164,8 @@ int increase_max_files(void)
- err = setrlimit(RLIMIT_NOFILE, &rl);
- if (err) {
- log_debug(1, "Could not set file limit to %lu/%lu (err %d)",
-- rl.rlim_cur, rl.rlim_max, errno);
-+ (long unsigned)rl.rlim_cur,
-+ (long unsigned)rl.rlim_max, errno);
- return errno;
- }
-
-
-From a93c2f1cf5a55887074bdda65aa6ad6c533191f0 Mon Sep 17 00:00:00 2001
-From: Lee Duncan <lduncan@suse.com>
-Date: Sun, 29 Mar 2020 11:01:07 -0700
-Subject: [PATCH 3/3] More changes for musl.
-
-Clean up some code that musl complains about. The
-changes all seem like a good idea in general, and
-should not effect functionality.
----
- usr/iscsistart.c | 1 -
- usr/mgmt_ipc.c | 1 +
- usr/statics.c | 3 +--
- 3 files changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/usr/iscsistart.c b/usr/iscsistart.c
-index 00a9c78a..ee810f7a 100644
---- a/usr/iscsistart.c
-+++ b/usr/iscsistart.c
-@@ -30,7 +30,6 @@
- #include <time.h>
- #include <sys/mman.h>
- #include <sys/utsname.h>
--#include <sys/signal.h>
- #include <sys/types.h>
- #include <sys/wait.h>
-
-diff --git a/usr/mgmt_ipc.c b/usr/mgmt_ipc.c
-index 51267c13..c292161f 100644
---- a/usr/mgmt_ipc.c
-+++ b/usr/mgmt_ipc.c
-@@ -26,6 +26,7 @@
- #include <unistd.h>
- #include <pwd.h>
- #include <sys/un.h>
-+#include <string.h>
-
- #include "iscsid.h"
- #include "idbm.h"
-diff --git a/usr/statics.c b/usr/statics.c
-index 59fb044d..f59729ba 100644
---- a/usr/statics.c
-+++ b/usr/statics.c
-@@ -1,6 +1,6 @@
- #include <unistd.h>
- #include <pwd.h>
--#include <sys/errno.h>
-+#include <errno.h>
- #include <sys/types.h>
-
- static struct passwd root_pw = {
-@@ -17,4 +17,3 @@ getpwuid(uid_t uid)
- return 0;
- }
- }
--
+++ /dev/null
-From 16d4899d52b3b88774ac6d9b3cc0f5626f4705da Mon Sep 17 00:00:00 2001
-From: Lee Duncan <lduncan@suse.com>
-Date: Tue, 19 Nov 2019 07:54:41 -0800
-Subject: [PATCH] Ignore iface.example in iface match checks
-
-Just a cleanup, as looking at the example file
-didn't hurt anything, but did waste our time.
----
- usr/iface.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/usr/iface.c b/usr/iface.c
-index 323f1675..11f3d2ac 100644
---- a/usr/iface.c
-+++ b/usr/iface.c
-@@ -905,6 +905,9 @@ int iface_for_each_iface(void *data, int skip_def, int *nr_found,
- !strcmp(iface_dent->d_name, ".."))
- continue;
-
-+ if (!strcmp(iface_dent->d_name, "iface.example"))
-+ continue;
-+
- log_debug(5, "iface_for_each_iface found %s",
- iface_dent->d_name);
- iface = iface_alloc(iface_dent->d_name, &err);
[ -n "$password2" ] && echo "$password2" >> "$pwfile"
}
[ "$token_mode" = "script" ] && {
- $token_script > "$pwfile" 2> /dev/null || {
+ $token_script >> "$pwfile" 2> /dev/null || {
logger -t openconenct "Cannot get password from script '$token_script'"
proto_setup_failed "$config"
}
--- /dev/null
+if PACKAGE_openssh-server
+
+config OPENSSH_LIBFIDO2
+ bool
+ default y
+ prompt "Include libfido2 support in openssh-server"
+ help
+ OpenSSH version 8.2 added two new ssh authentication methods,
+ namely `ecdsa_sk` and `ed25519_sk`. These two methods make use
+ of hardware keys that implement the FIDO and FIDO2 protocols.
+ In order to use these two types, libfido2 is required.
+endif
PKG_NAME:=openssh
PKG_VERSION:=8.4p1
-PKG_RELEASE:=1
+PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
PKG_CPE_ID:=cpe:/a:openssh:openssh
PKG_REMOVE_FILES:=
+PKG_CONFIG_DEPENDS := \
+ CONFIG_OPENSSH_LIBFIDO2
+
+PKG_BUILD_DEPENDS += OPENSSH_LIBFIDO2:libfido2
include $(INCLUDE_DIR)/package.mk
$(call Package/openssh/Default)
TITLE+= client
ALTERNATIVES:=\
- 200:/usr/bin/ssh:/usr/bin/openssh-ssh \
- 200:/usr/bin/scp:/usr/bin/openssh-scp \
-
+ 200:/usr/bin/ssh:/usr/libexec/ssh-openssh \
+ 200:/usr/bin/scp:/usr/libexec/scp-openssh
endef
define Package/openssh-client/description
define Package/openssh-server
$(call Package/openssh/Default)
- DEPENDS+= +openssh-keygen
+ DEPENDS+= +openssh-keygen +OPENSSH_LIBFIDO2:libfido2
TITLE+= server
USERID:=sshd=22:sshd=22
endef
+define Package/openssh-server/config
+ source "$(SOURCE)/Config.in"
+endef
+
define Package/openssh-server/description
OpenSSH server.
endef
--without-bsd-auth \
--without-kerberos5 \
--with-stackprotect \
- --with$(if $(CONFIG_OPENSSL_ENGINE),,out)-ssl-engine
-
+ --with$(if $(CONFIG_OPENSSL_ENGINE),,out)-ssl-engine \
+ --with$(if $(CONFIG_OPENSSH_LIBFIDO2),,out)-security-key-builtin
+
ifeq ($(BUILD_VARIANT),with-pam)
CONFIGURE_ARGS += \
--with-pam
$(INSTALL_DIR) $(1)/etc/ssh
chmod 0700 $(1)/etc/ssh
$(CP) $(PKG_INSTALL_DIR)/etc/ssh/ssh_config $(1)/etc/ssh/
- $(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/ssh $(1)/usr/bin/openssh-ssh
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/scp $(1)/usr/bin/openssh-scp
+ $(INSTALL_DIR) $(1)/usr/libexec
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/ssh $(1)/usr/libexec/ssh-openssh
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/scp $(1)/usr/libexec/scp-openssh
endef
define Package/openssh-client-utils/install
sed -r -i 's,^#(HostKey /etc/ssh/ssh_host_(rsa|ed25519)_key)$$$$,\1,' $(1)/etc/ssh/sshd_config
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/sshd.init $(1)/etc/init.d/sshd
+ $(INSTALL_DIR) $(1)/lib/preinit
+ $(INSTALL_BIN) ./files/sshd.failsafe $(1)/lib/preinit/99_10_failsafe_sshd
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/sshd $(1)/usr/sbin/
endef
--- /dev/null
+#!/bin/sh
+
+failsafe_sshd () {
+
+ # if dropbear is executable it can handle failsafe
+ [ -x /usr/sbin/dropbear ] && return
+
+ sshd_tmpdir=/tmp/sshd
+ mkdir $sshd_tmpdir
+
+ sed -i 's/^root:.*/root::0:17000:::::/g' /etc/shadow
+
+ for type in ed25519; do
+ key=$sshd_tmpdir/ssh_host_${type}_key
+ ssh-keygen -N '' -t ${type} -f ${key}
+ done
+
+ mkdir -m 0700 -p /var/empty
+
+ cat > $sshd_tmpdir/sshd_config <<EOF
+HostKey $sshd_tmpdir/ssh_host_ed25519_key
+PermitRootLogin yes
+PermitEmptyPasswords yes
+EOF
+
+ /usr/sbin/sshd -f $sshd_tmpdir/sshd_config -E $sshd_tmpdir/sshd.log
+
+}
+
+boot_hook_add failsafe failsafe_sshd
PKG_NAME:=openvpn-easy-rsa
PKG_VERSION:=3.0.8
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_URL:=https://codeload.github.com/OpenVPN/easy-rsa/tar.gz/v$(PKG_VERSION)?
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_HASH:=fd6b67d867c3b8afd53efa2ca015477f6658a02323e1799432083472ac0dd200
$(INSTALL_BIN) $(PKG_BUILD_DIR)/dist-staging/unix/EasyRSA-$(PKG_VERSION)/easyrsa $(1)/usr/lib/easy-rsa/
$(INSTALL_DIR) $(1)/usr/bin
- $(LN) /usr/lib/easy-rsa/easyrsa $(1)/usr/bin/easyrsa
+ $(LN) ../lib/easy-rsa/easyrsa $(1)/usr/bin/easyrsa
$(INSTALL_DIR) $(1)/etc/easy-rsa
$(INSTALL_DATA) $(PKG_BUILD_DIR)/dist-staging/unix/EasyRSA-$(PKG_VERSION)/openssl-easyrsa.cnf $(1)/etc/easy-rsa/openssl-1.0.cnf
- $(LN) /etc/easy-rsa/openssl-1.0.cnf $(1)/etc/easy-rsa/openssl-easyrsa.cnf
- $(LN) /etc/easy-rsa/openssl-easyrsa.cnf $(1)/usr/lib/easy-rsa/openssl-easyrsa.cnf
+ $(LN) openssl-1.0.cnf $(1)/etc/easy-rsa/openssl-easyrsa.cnf
+ $(LN) ../../../etc/easy-rsa/openssl-easyrsa.cnf $(1)/usr/lib/easy-rsa/openssl-easyrsa.cnf
$(INSTALL_DATA) $(PKG_BUILD_DIR)/dist-staging/unix/EasyRSA-$(PKG_VERSION)/vars.example $(1)/etc/easy-rsa/vars
- $(LN) /etc/easy-rsa/vars $(1)/usr/lib/easy-rsa/vars
+ $(LN) ../../../etc/easy-rsa/vars $(1)/usr/lib/easy-rsa/vars
$(INSTALL_DIR) $(1)/etc/easy-rsa/pki
chmod 700 $(1)/etc/easy-rsa/pki
$(INSTALL_DIR) $(1)/etc/easy-rsa/x509-types
$(INSTALL_DATA) $(PKG_BUILD_DIR)/dist-staging/unix/EasyRSA-$(PKG_VERSION)/x509-types/* $(1)/etc/easy-rsa/x509-types/
- $(LN) /etc/easy-rsa/x509-types $(1)/usr/lib/easy-rsa/x509-types
+ $(LN) ../../../etc/easy-rsa/x509-types $(1)/usr/lib/easy-rsa/x509-types
$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
$(INSTALL_DATA) files/openvpn-easy-rsa.upgrade $(1)/lib/upgrade/keep.d/$(PKG_NAME)
--- /dev/null
+#
+# Copyright (C) 2012 Jo-Philipp Wich <jo@mein.io>
+#
+# This is free software, licensed under the Apache 2 license.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=owipcalc
+PKG_RELEASE:=6
+PKG_LICENSE:=Apache-2.0
+
+include $(INCLUDE_DIR)/package.mk
+
+
+define Package/owipcalc
+ SECTION:=utils
+ CATEGORY:=Utilities
+ TITLE:=Simple IPv4/IPv6 address calculator
+ MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
+endef
+
+define Package/owipcalc/description
+ The owipcalc utility supports a number of calculations and tests to work
+ with ip-address ranges, this is useful for scripts that e.g. need to
+ partition ipv6-prefixes into small subnets or to calculate address ranges
+ for dhcp pools.
+endef
+
+define Build/Configure
+endef
+
+define Build/Compile
+ $(TARGET_CC) $(TARGET_CFLAGS) \
+ -o $(PKG_BUILD_DIR)/owipcalc $(PKG_BUILD_DIR)/owipcalc.c
+endef
+
+
+define Package/owipcalc/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/owipcalc $(1)/usr/bin/owipcalc
+endef
+
+$(eval $(call BuildPackage,owipcalc))
--- /dev/null
+/*
+ * owipcalc - OpenWrt IP Calculator
+ *
+ * Copyright (C) 2012 Jo-Philipp Wich <jo@mein.io>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdbool.h>
+#include <stdlib.h>
+
+#include <string.h>
+#include <unistd.h>
+
+#include <arpa/inet.h>
+
+
+struct cidr {
+ uint8_t family;
+ uint32_t prefix;
+ union {
+ struct in_addr v4;
+ struct in6_addr v6;
+ } addr;
+ union {
+ char v4[sizeof("255.255.255.255/255.255.255.255 ")];
+ char v6[sizeof("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:255.255.255.255/128 ")];
+ } buf;
+ struct cidr *next;
+};
+
+struct op {
+ const char *name;
+ const char *desc;
+ struct {
+ bool (*a1)(struct cidr *a);
+ bool (*a2)(struct cidr *a, struct cidr *b);
+ } f4;
+ struct {
+ bool (*a1)(struct cidr *a);
+ bool (*a2)(struct cidr *a, struct cidr *b);
+ } f6;
+};
+
+
+static bool quiet = false;
+static bool printed = false;
+
+static struct cidr *stack = NULL;
+
+#define qprintf(...) \
+ do { \
+ if (!quiet) printf(__VA_ARGS__); \
+ printed = true; \
+ } while(0)
+
+static void cidr_push(struct cidr *a)
+{
+ if (a)
+ {
+ a->next = stack;
+ stack = a;
+ }
+}
+
+static bool cidr_pop(struct cidr *a)
+{
+ struct cidr *old = stack;
+
+ if (old)
+ {
+ stack = stack->next;
+ free(old);
+
+ return true;
+ }
+
+ return false;
+}
+
+static struct cidr * cidr_clone(struct cidr *a)
+{
+ struct cidr *b = malloc(sizeof(*b));
+
+ if (!b)
+ {
+ fprintf(stderr, "out of memory\n");
+ exit(255);
+ }
+
+ memcpy(b, a, sizeof(*b));
+ cidr_push(b);
+
+ return b;
+}
+
+
+static struct cidr * cidr_parse4(const char *s)
+{
+ char *p = NULL, *r;
+ struct in_addr mask;
+ struct cidr *addr = malloc(sizeof(struct cidr));
+
+ if (!addr || (strlen(s) >= sizeof(addr->buf.v4)))
+ goto err;
+
+ snprintf(addr->buf.v4, sizeof(addr->buf.v4), "%s", s);
+
+ addr->family = AF_INET;
+
+ if ((p = strchr(addr->buf.v4, '/')) != NULL)
+ {
+ *p++ = 0;
+
+ if (strchr(p, '.') != NULL)
+ {
+ if (inet_pton(AF_INET, p, &mask) != 1)
+ goto err;
+
+ for (addr->prefix = 0; mask.s_addr; mask.s_addr >>= 1)
+ addr->prefix += (mask.s_addr & 1);
+ }
+ else
+ {
+ addr->prefix = strtoul(p, &r, 10);
+
+ if ((p == r) || (*r != 0) || (addr->prefix > 32))
+ goto err;
+ }
+ }
+ else
+ {
+ addr->prefix = 32;
+ }
+
+ if (p == addr->buf.v4+1)
+ memset(&addr->addr.v4, 0, sizeof(addr->addr.v4));
+ else if (inet_pton(AF_INET, addr->buf.v4, &addr->addr.v4) != 1)
+ goto err;
+
+ return addr;
+
+err:
+ if (addr)
+ free(addr);
+
+ return NULL;
+}
+
+static bool cidr_add4(struct cidr *a, struct cidr *b)
+{
+ uint32_t x = ntohl(a->addr.v4.s_addr);
+ uint32_t y = ntohl(b->addr.v4.s_addr);
+
+ struct cidr *n = cidr_clone(a);
+
+ if ((n->family != AF_INET) || (b->family != AF_INET))
+ return false;
+
+ if ((uint32_t)(x + y) < x)
+ {
+ fprintf(stderr, "overflow during 'add'\n");
+ return false;
+ }
+
+ n->addr.v4.s_addr = htonl(x + y);
+ return true;
+}
+
+static bool cidr_sub4(struct cidr *a, struct cidr *b)
+{
+ uint32_t x = ntohl(a->addr.v4.s_addr);
+ uint32_t y = ntohl(b->addr.v4.s_addr);
+
+ struct cidr *n = cidr_clone(a);
+
+ if ((n->family != AF_INET) || (b->family != AF_INET))
+ return false;
+
+ if ((uint32_t)(x - y) > x)
+ {
+ fprintf(stderr, "underflow during 'sub'\n");
+ return false;
+ }
+
+ n->addr.v4.s_addr = htonl(x - y);
+ return true;
+}
+
+static bool cidr_network4(struct cidr *a)
+{
+ struct cidr *n = cidr_clone(a);
+
+ n->addr.v4.s_addr &= htonl(~((1 << (32 - n->prefix)) - 1));
+ n->prefix = 32;
+
+ return true;
+}
+
+static bool cidr_broadcast4(struct cidr *a)
+{
+ struct cidr *n = cidr_clone(a);
+
+ n->addr.v4.s_addr |= htonl(((1 << (32 - n->prefix)) - 1));
+ n->prefix = 32;
+
+ return true;
+}
+
+static bool cidr_contains4(struct cidr *a, struct cidr *b)
+{
+ uint32_t net1 = a->addr.v4.s_addr & htonl(~((1 << (32 - a->prefix)) - 1));
+ uint32_t net2 = b->addr.v4.s_addr & htonl(~((1 << (32 - a->prefix)) - 1));
+
+ if (printed)
+ qprintf(" ");
+
+ if ((a->prefix == 0) || ((b->prefix >= a->prefix) && (net1 == net2)))
+ {
+ qprintf("1");
+ return true;
+ }
+ else
+ {
+ qprintf("0");
+ return false;
+ }
+}
+
+static bool cidr_netmask4(struct cidr *a)
+{
+ struct cidr *n = cidr_clone(a);
+
+ n->addr.v4.s_addr = htonl(~((1 << (32 - n->prefix)) - 1));
+ n->prefix = 32;
+
+ return true;
+}
+
+static bool cidr_private4(struct cidr *a)
+{
+ uint32_t x = ntohl(a->addr.v4.s_addr);
+
+ if (printed)
+ qprintf(" ");
+
+ if (((x >= 0x0A000000) && (x <= 0x0AFFFFFF)) ||
+ ((x >= 0xAC100000) && (x <= 0xAC1FFFFF)) ||
+ ((x >= 0xC0A80000) && (x <= 0xC0A8FFFF)))
+ {
+ qprintf("1");
+ return true;
+ }
+ else
+ {
+ qprintf("0");
+ return false;
+ }
+}
+
+static bool cidr_linklocal4(struct cidr *a)
+{
+ uint32_t x = ntohl(a->addr.v4.s_addr);
+
+ if (printed)
+ qprintf(" ");
+
+ if ((x >= 0xA9FE0000) && (x <= 0xA9FEFFFF))
+ {
+ qprintf("1");
+ return true;
+ }
+ else
+ {
+ qprintf("0");
+ return false;
+ }
+}
+
+static bool cidr_prev4(struct cidr *a, struct cidr *b)
+{
+ struct cidr *n = cidr_clone(a);
+
+ n->prefix = b->prefix;
+ n->addr.v4.s_addr -= htonl(1 << (32 - b->prefix));
+
+ return true;
+}
+
+static bool cidr_next4(struct cidr *a, struct cidr *b)
+{
+ struct cidr *n = cidr_clone(a);
+
+ n->prefix = b->prefix;
+ n->addr.v4.s_addr += htonl(1 << (32 - b->prefix));
+
+ return true;
+}
+
+static bool cidr_6to4(struct cidr *a)
+{
+ struct cidr *n = cidr_clone(a);
+ uint32_t x = a->addr.v4.s_addr;
+
+ memset(&n->addr.v6.s6_addr, 0, sizeof(n->addr.v6.s6_addr));
+
+ n->family = AF_INET6;
+ n->prefix = 48;
+
+ n->addr.v6.s6_addr[0] = 0x20;
+ n->addr.v6.s6_addr[1] = 0x02;
+ n->addr.v6.s6_addr[2] = (x >> 24);
+ n->addr.v6.s6_addr[3] = (x >> 16) & 0xFF;
+ n->addr.v6.s6_addr[4] = (x >> 8) & 0xFF;
+ n->addr.v6.s6_addr[5] = x & 0xFF;
+
+ return true;
+}
+
+static bool cidr_print4(struct cidr *a)
+{
+ char *p;
+
+ if (!a || (a->family != AF_INET))
+ return false;
+
+ if (!(p = (char *)inet_ntop(AF_INET, &a->addr.v4, a->buf.v4, sizeof(a->buf.v4))))
+ return false;
+
+ if (printed)
+ qprintf(" ");
+
+ qprintf("%s", p);
+
+ if (a->prefix < 32)
+ qprintf("/%u", a->prefix);
+
+ cidr_pop(a);
+
+ return true;
+}
+
+
+static struct cidr * cidr_parse6(const char *s)
+{
+ char *p = NULL, *r;
+ struct cidr *addr = malloc(sizeof(struct cidr));
+
+ if (!addr || (strlen(s) >= sizeof(addr->buf.v6)))
+ goto err;
+
+ snprintf(addr->buf.v6, sizeof(addr->buf.v6), "%s", s);
+
+ addr->family = AF_INET6;
+
+ if ((p = strchr(addr->buf.v6, '/')) != NULL)
+ {
+ *p++ = 0;
+
+ addr->prefix = strtoul(p, &r, 10);
+
+ if ((p == r) || (*r != 0) || (addr->prefix > 128))
+ goto err;
+ }
+ else
+ {
+ addr->prefix = 128;
+ }
+
+ if (p == addr->buf.v6+1)
+ memset(&addr->addr.v6, 0, sizeof(addr->addr.v6));
+ else if (inet_pton(AF_INET6, addr->buf.v6, &addr->addr.v6) != 1)
+ goto err;
+
+ return addr;
+
+err:
+ if (addr)
+ free(addr);
+
+ return NULL;
+}
+
+static bool cidr_add6(struct cidr *a, struct cidr *b)
+{
+ uint8_t idx = 15, carry = 0, overflow = 0;
+
+ struct cidr *n = cidr_clone(a);
+ struct in6_addr *x = &n->addr.v6;
+ struct in6_addr *y = &b->addr.v6;
+
+ if ((a->family != AF_INET6) || (b->family != AF_INET6))
+ return false;
+
+ do {
+ overflow = !!((x->s6_addr[idx] + y->s6_addr[idx] + carry) >= 256);
+ x->s6_addr[idx] += y->s6_addr[idx] + carry;
+ carry = overflow;
+ }
+ while (idx-- > 0);
+
+ if (carry)
+ {
+ fprintf(stderr, "overflow during 'add'\n");
+ return false;
+ }
+
+ return true;
+}
+
+static bool cidr_sub6(struct cidr *a, struct cidr *b)
+{
+ uint8_t idx = 15, carry = 0, underflow = 0;
+
+ struct cidr *n = cidr_clone(a);
+ struct in6_addr *x = &n->addr.v6;
+ struct in6_addr *y = &b->addr.v6;
+
+ if ((n->family != AF_INET6) || (b->family != AF_INET6))
+ return false;
+
+ do {
+ underflow = !!((x->s6_addr[idx] - y->s6_addr[idx] - carry) < 0);
+ x->s6_addr[idx] -= y->s6_addr[idx] + carry;
+ carry = underflow;
+ }
+ while (idx-- > 0);
+
+ if (carry)
+ {
+ fprintf(stderr, "underflow during 'sub'\n");
+ return false;
+ }
+
+ return true;
+}
+
+static bool cidr_prev6(struct cidr *a, struct cidr *b)
+{
+ uint8_t idx, carry = 1, underflow = 0;
+ struct cidr *n = cidr_clone(a);
+ struct in6_addr *x = &n->addr.v6;
+
+ if (b->prefix == 0)
+ {
+ fprintf(stderr, "underflow during 'prev'\n");
+ return false;
+ }
+
+ idx = (b->prefix - 1) / 8;
+
+ do {
+ underflow = !!((x->s6_addr[idx] - carry) < 0);
+ x->s6_addr[idx] -= carry;
+ carry = underflow;
+ }
+ while (idx-- > 0);
+
+ if (carry)
+ {
+ fprintf(stderr, "underflow during 'prev'\n");
+ return false;
+ }
+
+ n->prefix = b->prefix;
+
+ return true;
+}
+
+static bool cidr_next6(struct cidr *a, struct cidr *b)
+{
+ uint8_t idx, carry = 1, overflow = 0;
+ struct cidr *n = cidr_clone(a);
+ struct in6_addr *x = &n->addr.v6;
+
+ if (b->prefix == 0)
+ {
+ fprintf(stderr, "overflow during 'next'\n");
+ return false;
+ }
+
+ idx = (b->prefix - 1) / 8;
+
+ do {
+ overflow = !!((x->s6_addr[idx] + carry) >= 256);
+ x->s6_addr[idx] += carry;
+ carry = overflow;
+ }
+ while (idx-- > 0);
+
+ if (carry)
+ {
+ fprintf(stderr, "overflow during 'next'\n");
+ return false;
+ }
+
+ n->prefix = b->prefix;
+
+ return true;
+}
+
+static bool cidr_network6(struct cidr *a)
+{
+ uint8_t i;
+ struct cidr *n = cidr_clone(a);
+
+ for (i = 0; i < (128 - n->prefix) / 8; i++)
+ n->addr.v6.s6_addr[15-i] = 0;
+
+ if ((128 - n->prefix) % 8)
+ n->addr.v6.s6_addr[15-i] &= ~((1 << ((128 - n->prefix) % 8)) - 1);
+
+ return true;
+}
+
+static bool cidr_contains6(struct cidr *a, struct cidr *b)
+{
+ struct in6_addr *x = &a->addr.v6;
+ struct in6_addr *y = &b->addr.v6;
+ uint8_t i = ((128 - a->prefix) / 8) % 16;
+ uint8_t m = ~((1 << ((128 - a->prefix) % 8)) - 1);
+ uint8_t net1 = x->s6_addr[15-i] & m;
+ uint8_t net2 = y->s6_addr[15-i] & m;
+
+ if (printed)
+ qprintf(" ");
+
+ if ((a->prefix == 0) ||
+ ((b->prefix >= a->prefix) && (net1 == net2) &&
+ ((i == 15) || !memcmp(&x->s6_addr, &y->s6_addr, 15-i))))
+ {
+ qprintf("1");
+ return true;
+ }
+ else
+ {
+ qprintf("0");
+ return false;
+ }
+}
+
+static bool cidr_linklocal6(struct cidr *a)
+{
+ if (printed)
+ qprintf(" ");
+
+ if ((a->addr.v6.s6_addr[0] == 0xFE) &&
+ (a->addr.v6.s6_addr[1] >= 0x80) &&
+ (a->addr.v6.s6_addr[1] <= 0xBF))
+ {
+ qprintf("1");
+ return true;
+ }
+ else
+ {
+ qprintf("0");
+ return false;
+ }
+}
+
+static bool cidr_ula6(struct cidr *a)
+{
+ if (printed)
+ qprintf(" ");
+
+ if ((a->addr.v6.s6_addr[0] >= 0xFC) &&
+ (a->addr.v6.s6_addr[0] <= 0xFD))
+ {
+ qprintf("1");
+ return true;
+ }
+ else
+ {
+ qprintf("0");
+ return false;
+ }
+}
+
+static bool cidr_print6(struct cidr *a)
+{
+ char *p;
+
+ if (!a || (a->family != AF_INET6))
+ return NULL;
+
+ if (!(p = (char *)inet_ntop(AF_INET6, &a->addr.v6, a->buf.v6, sizeof(a->buf.v6))))
+ return false;
+
+ if (printed)
+ qprintf(" ");
+
+ qprintf("%s", p);
+
+ if (a->prefix < 128)
+ qprintf("/%u", a->prefix);
+
+ cidr_pop(a);
+
+ return true;
+}
+
+
+static struct cidr * cidr_parse(const char *op, const char *s, int af_hint)
+{
+ char *r;
+ struct cidr *a;
+
+ uint8_t i;
+ uint32_t sum = strtoul(s, &r, 0);
+
+ if ((r > s) && (*r == 0))
+ {
+ a = malloc(sizeof(struct cidr));
+
+ if (!a)
+ return NULL;
+
+ if (af_hint == AF_INET)
+ {
+ a->family = AF_INET;
+ a->prefix = sum;
+ a->addr.v4.s_addr = htonl(sum);
+ }
+ else
+ {
+ a->family = AF_INET6;
+ a->prefix = sum;
+
+ for (i = 0; i <= 15; i++)
+ {
+ a->addr.v6.s6_addr[15-i] = sum % 256;
+ sum >>= 8;
+ }
+ }
+
+ return a;
+ }
+
+ if (strchr(s, ':'))
+ a = cidr_parse6(s);
+ else
+ a = cidr_parse4(s);
+
+ if (!a)
+ return NULL;
+
+ if (a->family != af_hint)
+ {
+ fprintf(stderr, "attempt to '%s' %s with %s address\n",
+ op,
+ (af_hint == AF_INET) ? "ipv4" : "ipv6",
+ (af_hint != AF_INET) ? "ipv4" : "ipv6");
+ exit(4);
+ }
+
+ return a;
+}
+
+static bool cidr_howmany(struct cidr *a, struct cidr *b)
+{
+ if (printed)
+ qprintf(" ");
+
+ if (b->prefix < a->prefix)
+ qprintf("0");
+ else
+ qprintf("%u", 1 << (b->prefix - a->prefix));
+
+ return true;
+}
+
+static bool cidr_prefix(struct cidr *a, struct cidr *b)
+{
+ a->prefix = b->prefix;
+ return true;
+}
+
+static bool cidr_quiet(struct cidr *a)
+{
+ quiet = true;
+ return true;
+}
+
+
+struct op ops[] = {
+ { .name = "add",
+ .desc = "Add argument to base address",
+ .f4.a2 = cidr_add4,
+ .f6.a2 = cidr_add6 },
+
+ { .name = "sub",
+ .desc = "Substract argument from base address",
+ .f4.a2 = cidr_sub4,
+ .f6.a2 = cidr_sub6 },
+
+ { .name = "next",
+ .desc = "Advance base address to next prefix of given size",
+ .f4.a2 = cidr_next4,
+ .f6.a2 = cidr_next6 },
+
+ { .name = "prev",
+ .desc = "Lower base address to previous prefix of give size",
+ .f4.a2 = cidr_prev4,
+ .f6.a2 = cidr_prev6 },
+
+ { .name = "network",
+ .desc = "Turn base address into network address",
+ .f4.a1 = cidr_network4,
+ .f6.a1 = cidr_network6 },
+
+ { .name = "broadcast",
+ .desc = "Turn base address into broadcast address",
+ .f4.a1 = cidr_broadcast4 },
+
+ { .name = "prefix",
+ .desc = "Set the prefix of base address to argument",
+ .f4.a2 = cidr_prefix,
+ .f6.a2 = cidr_prefix },
+
+ { .name = "netmask",
+ .desc = "Calculate netmask of base address",
+ .f4.a1 = cidr_netmask4 },
+
+ { .name = "6to4",
+ .desc = "Calculate 6to4 prefix of given ipv4-address",
+ .f4.a1 = cidr_6to4 },
+
+ { .name = "howmany",
+ .desc = "Print amount of righ-hand prefixes that fit into base address",
+ .f4.a2 = cidr_howmany,
+ .f6.a2 = cidr_howmany },
+
+ { .name = "contains",
+ .desc = "Print '1' if argument fits into base address or '0' if not",
+ .f4.a2 = cidr_contains4,
+ .f6.a2 = cidr_contains6 },
+
+ { .name = "private",
+ .desc = "Print '1' if base address is in RFC1918 private space or '0' "
+ "if not",
+ .f4.a1 = cidr_private4 },
+
+ { .name = "linklocal",
+ .desc = "Print '1' if base address is in 169.254.0.0/16 or FE80::/10 "
+ "link local space or '0' if not",
+ .f4.a1 = cidr_linklocal4,
+ .f6.a1 = cidr_linklocal6 },
+
+ { .name = "ula",
+ .desc = "Print '1' if base address is in FC00::/7 unique local address "
+ "(ULA) space or '0' if not",
+ .f6.a1 = cidr_ula6 },
+
+ { .name = "quiet",
+ .desc = "Suppress output, useful for test operation where the result can "
+ "be inferred from the exit code",
+ .f4.a1 = cidr_quiet,
+ .f6.a1 = cidr_quiet },
+
+ { .name = "pop",
+ .desc = "Pop intermediate result from stack",
+ .f4.a1 = cidr_pop,
+ .f6.a1 = cidr_pop },
+
+ { .name = "print",
+ .desc = "Print intermediate result and pop it from stack, invoked "
+ "implicitely at the end of calculation if no intermediate prints "
+ "happened",
+ .f4.a1 = cidr_print4,
+ .f6.a1 = cidr_print6 },
+};
+
+static void usage(const char *prog)
+{
+ int i;
+
+ fprintf(stderr,
+ "\n"
+ "Usage:\n\n"
+ " %s {base address} operation [argument] "
+ "[operation [argument] ...]\n\n"
+ "Operations:\n\n",
+ prog);
+
+ for (i = 0; i < sizeof(ops) / sizeof(ops[0]); i++)
+ {
+ if (ops[i].f4.a2 || ops[i].f6.a2)
+ {
+ fprintf(stderr, " %s %s\n",
+ ops[i].name,
+ (ops[i].f4.a2 && ops[i].f6.a2) ? "{ipv4/ipv6/amount}" :
+ (ops[i].f6.a2 ? "{ipv6/amount}" : "{ipv4/amount}"));
+ }
+ else
+ {
+ fprintf(stderr, " %s\n", ops[i].name);
+ }
+
+ fprintf(stderr, " %s.\n", ops[i].desc);
+
+ if ((ops[i].f4.a1 && ops[i].f6.a1) || (ops[i].f4.a2 && ops[i].f6.a2))
+ fprintf(stderr, " Applicable to ipv4- and ipv6-addresses.\n\n");
+ else if (ops[i].f6.a2 || ops[i].f6.a1)
+ fprintf(stderr, " Only applicable to ipv6-addresses.\n\n");
+ else
+ fprintf(stderr, " Only applicable to ipv4-addresses.\n\n");
+ }
+
+ fprintf(stderr,
+ "Examples:\n\n"
+ " Calculate a DHCP range:\n\n"
+ " $ %s 192.168.1.1/255.255.255.0 network add 100 print add 150 print\n"
+ " 192.168.1.100\n"
+ " 192.168.1.250\n\n"
+ " Count number of prefixes:\n\n"
+ " $ %s 2001:0DB8:FDEF::/48 howmany ::/64\n"
+ " 65536\n\n",
+ prog, prog);
+
+ exit(1);
+}
+
+static bool runop(char ***arg, int *status)
+{
+ int i;
+ char *arg1 = **arg;
+ char *arg2 = *(*arg+1);
+ struct cidr *a = stack;
+ struct cidr *b = NULL;
+
+ if (!arg1)
+ return false;
+
+ for (i = 0; i < sizeof(ops) / sizeof(ops[0]); i++)
+ {
+ if (!strcmp(ops[i].name, arg1))
+ {
+ if (ops[i].f4.a2 || ops[i].f6.a2)
+ {
+ if (!arg2)
+ {
+ fprintf(stderr, "'%s' requires an argument\n",
+ ops[i].name);
+
+ *status = 2;
+ return false;
+ }
+
+ b = cidr_parse(ops[i].name, arg2, a->family);
+
+ if (!b)
+ {
+ fprintf(stderr, "invalid address argument for '%s'\n",
+ ops[i].name);
+
+ *status = 3;
+ return false;
+ }
+
+ *arg += 2;
+
+ if (((a->family == AF_INET) && !ops[i].f4.a2) ||
+ ((a->family == AF_INET6) && !ops[i].f6.a2))
+ {
+ fprintf(stderr, "'%s' not supported for %s addresses\n",
+ ops[i].name,
+ (a->family == AF_INET) ? "ipv4" : "ipv6");
+
+ *status = 5;
+ return false;
+ }
+
+ *status = !((a->family == AF_INET) ? ops[i].f4.a2(a, b)
+ : ops[i].f6.a2(a, b));
+
+ return true;
+ }
+ else
+ {
+ *arg += 1;
+
+ if (((a->family == AF_INET) && !ops[i].f4.a1) ||
+ ((a->family == AF_INET6) && !ops[i].f6.a1))
+ {
+ fprintf(stderr, "'%s' not supported for %s addresses\n",
+ ops[i].name,
+ (a->family == AF_INET) ? "ipv4" : "ipv6");
+
+ *status = 5;
+ return false;
+ }
+
+ *status = !((a->family == AF_INET) ? ops[i].f4.a1(a)
+ : ops[i].f6.a1(a));
+
+ return true;
+ }
+ }
+ }
+
+ return false;
+}
+
+int main(int argc, char **argv)
+{
+ int status = 0;
+ char **arg = argv+2;
+ struct cidr *a;
+
+ if (argc < 3)
+ usage(argv[0]);
+
+ a = strchr(argv[1], ':') ? cidr_parse6(argv[1]) : cidr_parse4(argv[1]);
+
+ if (!a)
+ usage(argv[0]);
+
+ cidr_push(a);
+
+ while (runop(&arg, &status));
+
+ if (*arg)
+ {
+ fprintf(stderr, "unknown operation '%s'\n", *arg);
+ exit(6);
+ }
+
+ if (!printed && (status < 2))
+ {
+ if (stack->family == AF_INET)
+ cidr_print4(stack);
+ else
+ cidr_print6(stack);
+ }
+
+ qprintf("\n");
+
+ exit(status);
+}
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/nccgroup/phantap
-PKG_MIRROR_HASH:=01723a955e975b877f35924d3b5bfa53251f8928abe4657de0ed4c4943d9510c
-PKG_SOURCE_DATE:=2020.02.09
-PKG_SOURCE_VERSION:=fb3be84b4f4e081c35b7d0caa977bc659c02f8f1
+PKG_MIRROR_HASH:=d625970df1f3757d0805b956bcb721bcc6fa102e397cd3e16e558be8bec8abb3
+PKG_SOURCE_DATE:=2020.12.31
+PKG_SOURCE_VERSION:=a71772357301e10e9d8bc2d512505c9c5a4a18a4
PKG_MAINTAINER:=Diana Dragusin <diana.dragusin@nccgroup.com>, \
Etienne Champetier <champetier.etienne@gmail.com>
PKG_NAME:=rsync
PKG_VERSION:=3.2.3
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://download.samba.org/pub/rsync/src
PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/nls.mk
define Package/rsync
SECTION:=net
CATEGORY:=Network
SUBMENU:=File Transfer
TITLE:=Fast remote file copy program (like rcp)
- DEPENDS:=+libpopt +zlib +RSYNC_xattr:libattr +RSYNC_acl:libacl +RSYNC_zstd:libzstd
+ DEPENDS:=+libpopt +zlib +RSYNC_xattr:libattr +RSYNC_acl:libacl +RSYNC_zstd:libzstd $(ICONV_DEPENDS)
URL:=https://rsync.samba.org/
MENU:=1
endef
--without-included-zlib \
--disable-debug \
--disable-asm \
- --disable-iconv \
- --disable-iconv-open \
--disable-lz4 \
--disable-locale \
--disable-md2man \
--disable-openssl \
--disable-simd \
--disable-xxhash \
+ --$(if $(CONFIG_BUILD_NLS),en,dis)able-iconv \
+ --$(if $(CONFIG_BUILD_NLS),en,dis)able-iconv-open \
--$(if $(CONFIG_RSYNC_zstd),en,dis)able-zstd \
--$(if $(CONFIG_RSYNC_xattr),en,dis)able-xattr-support \
--$(if $(CONFIG_RSYNC_acl),en,dis)able-acl-support \
#
-# Copyright (c) 2018 Gregory L. Dietsche <Gregory.Dietsche@cuw.edu>
+# Copyright (c) 2021 Gregory L. Dietsche <Gregory.Dietsche@cuw.edu>
# This is free software, licensed under the MIT License
#
include $(TOPDIR)/rules.mk
PKG_NAME:=safe-search
-PKG_VERSION:=1.0.2
-PKG_RELEASE:=2
+PKG_VERSION:=2.0.0
+PKG_RELEASE:=1
PKG_LICENSE:=MIT
PKG_MAINTAINER:=Gregory L. Dietsche <Gregory.Dietsche@cuw.edu>
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) ./files/safe-search-update $(1)/usr/sbin/safe-search-update
+ $(INSTALL_BIN) ./files/safe-search-maintenance $(1)/usr/sbin/safe-search-maintenance
$(INSTALL_DIR) $(1)/etc/safe-search/enabled
$(INSTALL_DIR) $(1)/etc/safe-search/available
$(INSTALL_DATA) ./files/hosts/* $(1)/etc/safe-search/available/
endef
+define Package/safe-search/postinst
+#!/bin/sh
+if [ -z "$${IPGK_INSTROOT}" ]; then
+ echo "0 * * * * /bin/nice /usr/sbin/safe-search-maintenance>/dev/null 2>&1">>/etc/crontabs/root
+ /etc/init.d/cron restart
+fi
+exit 0
+endef
+
define Package/safe-search/prerm
#!/bin/sh
if [ -z "$${IPGK_INSTROOT}" ]; then
uci del_list dhcp.@dnsmasq[0].addnhosts=/etc/safe-search/enabled
uci commit dhcp
/etc/init.d/dnsmasq reload
+ crontab -l | grep -v "safe-search-maintenance" | sort | uniq | crontab -
fi
exit 0
endef
-#
-# Copyright (c) 2018 Gregory L. Dietsche <Gregory.Dietsche@cuw.edu>
-# This is free software, licensed under the MIT License
-#
+##########################################################################
+# **** IMPORTANT **** #
+# Do not make changes to this file instead please execute: #
+# /usr/sbin/safe-search-maintenance #
+# If this file is not working, please ensure dnsmasq is able to READ it! #
+##########################################################################
-#
-# IMPORTANT: if this file is not working, make sure that dnsmasq is able to READ it!
-#
-
-#204.79.197.220 strict.bing.com
-#::FFFF:CC4F:C5DC strict.bing.com
+# Last Updated On: Tue Jan 12 13:42:47 CST 2021
204.79.197.220 bing.com www.bing.com
-::FFFF:CC4F:C5DC bing.com www.bing.com
-#
-# Copyright (c) 2019 Gregory L. Dietsche <Gregory.Dietsche@cuw.edu>
-# This is free software, licensed under the MIT License
-#
+##########################################################################
+# **** IMPORTANT **** #
+# Do not make changes to this file instead please execute: #
+# /usr/sbin/safe-search-maintenance #
+# If this file is not working, please ensure dnsmasq is able to READ it! #
+##########################################################################
-#
-# IMPORTANT: if this file is not working, make sure that dnsmasq is able to READ it!
-#
-
-#40.89.244.237 safe.duckduckgo.com
+# Last Updated On: Tue Jan 12 13:42:47 CST 2021
40.89.244.237 duckduckgo.com
-#
-# Copyright (c) 2018 Gregory L. Dietsche <Gregory.Dietsche@cuw.edu>
-# This is free software, licensed under the MIT License
-#
-# IMPORTANT: if this file is not working, make sure that dnsmasq is able to READ it!
-#
-# Google Safe Search Host List
-# Generated on Sat Dec 7 10:21:21 CST 2019
-# From: https://www.google.com/supported_domains
+##########################################################################
+# **** IMPORTANT **** #
+# Do not make changes to this file instead please execute: #
+# /usr/sbin/safe-search-maintenance #
+# If this file is not working, please ensure dnsmasq is able to READ it! #
+##########################################################################
-#2001:4860:4802:32::78 forcesafesearch.google.com
-#216.239.38.120 forcesafesearch.google.com
+# Last Updated On: Tue Jan 12 13:42:47 CST 2021
2001:4860:4802:32::78 google.com
-2001:4860:4802:32::78 google.ad
-2001:4860:4802:32::78 google.ae
-2001:4860:4802:32::78 google.com.af
-2001:4860:4802:32::78 google.com.ag
-2001:4860:4802:32::78 google.com.ai
-2001:4860:4802:32::78 google.al
-2001:4860:4802:32::78 google.am
-2001:4860:4802:32::78 google.co.ao
-2001:4860:4802:32::78 google.com.ar
-2001:4860:4802:32::78 google.as
-2001:4860:4802:32::78 google.at
-2001:4860:4802:32::78 google.com.au
-2001:4860:4802:32::78 google.az
-2001:4860:4802:32::78 google.ba
-2001:4860:4802:32::78 google.com.bd
-2001:4860:4802:32::78 google.be
-2001:4860:4802:32::78 google.bf
-2001:4860:4802:32::78 google.bg
-2001:4860:4802:32::78 google.com.bh
-2001:4860:4802:32::78 google.bi
-2001:4860:4802:32::78 google.bj
-2001:4860:4802:32::78 google.com.bn
-2001:4860:4802:32::78 google.com.bo
-2001:4860:4802:32::78 google.com.br
-2001:4860:4802:32::78 google.bs
-2001:4860:4802:32::78 google.bt
-2001:4860:4802:32::78 google.co.bw
-2001:4860:4802:32::78 google.by
-2001:4860:4802:32::78 google.com.bz
-2001:4860:4802:32::78 google.ca
-2001:4860:4802:32::78 google.cd
-2001:4860:4802:32::78 google.cf
-2001:4860:4802:32::78 google.cg
-2001:4860:4802:32::78 google.ch
-2001:4860:4802:32::78 google.ci
-2001:4860:4802:32::78 google.co.ck
-2001:4860:4802:32::78 google.cl
-2001:4860:4802:32::78 google.cm
-2001:4860:4802:32::78 google.cn
-2001:4860:4802:32::78 google.com.co
-2001:4860:4802:32::78 google.co.cr
-2001:4860:4802:32::78 google.com.cu
-2001:4860:4802:32::78 google.cv
-2001:4860:4802:32::78 google.com.cy
-2001:4860:4802:32::78 google.cz
-2001:4860:4802:32::78 google.de
-2001:4860:4802:32::78 google.dj
-2001:4860:4802:32::78 google.dk
-2001:4860:4802:32::78 google.dm
-2001:4860:4802:32::78 google.com.do
-2001:4860:4802:32::78 google.dz
-2001:4860:4802:32::78 google.com.ec
-2001:4860:4802:32::78 google.ee
-2001:4860:4802:32::78 google.com.eg
-2001:4860:4802:32::78 google.es
-2001:4860:4802:32::78 google.com.et
-2001:4860:4802:32::78 google.fi
-2001:4860:4802:32::78 google.com.fj
-2001:4860:4802:32::78 google.fm
-2001:4860:4802:32::78 google.fr
-2001:4860:4802:32::78 google.ga
-2001:4860:4802:32::78 google.ge
-2001:4860:4802:32::78 google.gg
-2001:4860:4802:32::78 google.com.gh
-2001:4860:4802:32::78 google.com.gi
-2001:4860:4802:32::78 google.gl
-2001:4860:4802:32::78 google.gm
-2001:4860:4802:32::78 google.gr
-2001:4860:4802:32::78 google.com.gt
-2001:4860:4802:32::78 google.gy
-2001:4860:4802:32::78 google.com.hk
-2001:4860:4802:32::78 google.hn
-2001:4860:4802:32::78 google.hr
-2001:4860:4802:32::78 google.ht
-2001:4860:4802:32::78 google.hu
-2001:4860:4802:32::78 google.co.id
-2001:4860:4802:32::78 google.ie
-2001:4860:4802:32::78 google.co.il
-2001:4860:4802:32::78 google.im
-2001:4860:4802:32::78 google.co.in
-2001:4860:4802:32::78 google.iq
-2001:4860:4802:32::78 google.is
-2001:4860:4802:32::78 google.it
-2001:4860:4802:32::78 google.je
-2001:4860:4802:32::78 google.com.jm
-2001:4860:4802:32::78 google.jo
-2001:4860:4802:32::78 google.co.jp
-2001:4860:4802:32::78 google.co.ke
-2001:4860:4802:32::78 google.com.kh
-2001:4860:4802:32::78 google.ki
-2001:4860:4802:32::78 google.kg
-2001:4860:4802:32::78 google.co.kr
-2001:4860:4802:32::78 google.com.kw
-2001:4860:4802:32::78 google.kz
-2001:4860:4802:32::78 google.la
-2001:4860:4802:32::78 google.com.lb
-2001:4860:4802:32::78 google.li
-2001:4860:4802:32::78 google.lk
-2001:4860:4802:32::78 google.co.ls
-2001:4860:4802:32::78 google.lt
-2001:4860:4802:32::78 google.lu
-2001:4860:4802:32::78 google.lv
-2001:4860:4802:32::78 google.com.ly
-2001:4860:4802:32::78 google.co.ma
-2001:4860:4802:32::78 google.md
-2001:4860:4802:32::78 google.me
-2001:4860:4802:32::78 google.mg
-2001:4860:4802:32::78 google.mk
-2001:4860:4802:32::78 google.ml
-2001:4860:4802:32::78 google.com.mm
-2001:4860:4802:32::78 google.mn
-2001:4860:4802:32::78 google.ms
-2001:4860:4802:32::78 google.com.mt
-2001:4860:4802:32::78 google.mu
-2001:4860:4802:32::78 google.mv
-2001:4860:4802:32::78 google.mw
-2001:4860:4802:32::78 google.com.mx
-2001:4860:4802:32::78 google.com.my
-2001:4860:4802:32::78 google.co.mz
-2001:4860:4802:32::78 google.com.na
-2001:4860:4802:32::78 google.com.ng
-2001:4860:4802:32::78 google.com.ni
-2001:4860:4802:32::78 google.ne
-2001:4860:4802:32::78 google.nl
-2001:4860:4802:32::78 google.no
-2001:4860:4802:32::78 google.com.np
-2001:4860:4802:32::78 google.nr
-2001:4860:4802:32::78 google.nu
-2001:4860:4802:32::78 google.co.nz
-2001:4860:4802:32::78 google.com.om
-2001:4860:4802:32::78 google.com.pa
-2001:4860:4802:32::78 google.com.pe
-2001:4860:4802:32::78 google.com.pg
-2001:4860:4802:32::78 google.com.ph
-2001:4860:4802:32::78 google.com.pk
-2001:4860:4802:32::78 google.pl
-2001:4860:4802:32::78 google.pn
-2001:4860:4802:32::78 google.com.pr
-2001:4860:4802:32::78 google.ps
-2001:4860:4802:32::78 google.pt
-2001:4860:4802:32::78 google.com.py
-2001:4860:4802:32::78 google.com.qa
-2001:4860:4802:32::78 google.ro
-2001:4860:4802:32::78 google.ru
-2001:4860:4802:32::78 google.rw
-2001:4860:4802:32::78 google.com.sa
-2001:4860:4802:32::78 google.com.sb
-2001:4860:4802:32::78 google.sc
-2001:4860:4802:32::78 google.se
-2001:4860:4802:32::78 google.com.sg
-2001:4860:4802:32::78 google.sh
-2001:4860:4802:32::78 google.si
-2001:4860:4802:32::78 google.sk
-2001:4860:4802:32::78 google.com.sl
-2001:4860:4802:32::78 google.sn
-2001:4860:4802:32::78 google.so
-2001:4860:4802:32::78 google.sm
-2001:4860:4802:32::78 google.sr
-2001:4860:4802:32::78 google.st
-2001:4860:4802:32::78 google.com.sv
-2001:4860:4802:32::78 google.td
-2001:4860:4802:32::78 google.tg
-2001:4860:4802:32::78 google.co.th
-2001:4860:4802:32::78 google.com.tj
-2001:4860:4802:32::78 google.tl
-2001:4860:4802:32::78 google.tm
-2001:4860:4802:32::78 google.tn
-2001:4860:4802:32::78 google.to
-2001:4860:4802:32::78 google.com.tr
-2001:4860:4802:32::78 google.tt
-2001:4860:4802:32::78 google.com.tw
-2001:4860:4802:32::78 google.co.tz
-2001:4860:4802:32::78 google.com.ua
-2001:4860:4802:32::78 google.co.ug
-2001:4860:4802:32::78 google.co.uk
-2001:4860:4802:32::78 google.com.uy
-2001:4860:4802:32::78 google.co.uz
-2001:4860:4802:32::78 google.com.vc
-2001:4860:4802:32::78 google.co.ve
-2001:4860:4802:32::78 google.vg
-2001:4860:4802:32::78 google.co.vi
-2001:4860:4802:32::78 google.com.vn
-2001:4860:4802:32::78 google.vu
-2001:4860:4802:32::78 google.ws
-2001:4860:4802:32::78 google.rs
-2001:4860:4802:32::78 google.co.za
-2001:4860:4802:32::78 google.co.zm
-2001:4860:4802:32::78 google.co.zw
-2001:4860:4802:32::78 google.cat
-2001:4860:4802:32::78 www.google.com
-2001:4860:4802:32::78 www.google.ad
-2001:4860:4802:32::78 www.google.ae
-2001:4860:4802:32::78 www.google.com.af
-2001:4860:4802:32::78 www.google.com.ag
-2001:4860:4802:32::78 www.google.com.ai
-2001:4860:4802:32::78 www.google.al
-2001:4860:4802:32::78 www.google.am
-2001:4860:4802:32::78 www.google.co.ao
-2001:4860:4802:32::78 www.google.com.ar
-2001:4860:4802:32::78 www.google.as
-2001:4860:4802:32::78 www.google.at
-2001:4860:4802:32::78 www.google.com.au
-2001:4860:4802:32::78 www.google.az
-2001:4860:4802:32::78 www.google.ba
-2001:4860:4802:32::78 www.google.com.bd
-2001:4860:4802:32::78 www.google.be
-2001:4860:4802:32::78 www.google.bf
-2001:4860:4802:32::78 www.google.bg
-2001:4860:4802:32::78 www.google.com.bh
-2001:4860:4802:32::78 www.google.bi
-2001:4860:4802:32::78 www.google.bj
-2001:4860:4802:32::78 www.google.com.bn
-2001:4860:4802:32::78 www.google.com.bo
-2001:4860:4802:32::78 www.google.com.br
-2001:4860:4802:32::78 www.google.bs
-2001:4860:4802:32::78 www.google.bt
-2001:4860:4802:32::78 www.google.co.bw
-2001:4860:4802:32::78 www.google.by
-2001:4860:4802:32::78 www.google.com.bz
-2001:4860:4802:32::78 www.google.ca
-2001:4860:4802:32::78 www.google.cd
-2001:4860:4802:32::78 www.google.cf
-2001:4860:4802:32::78 www.google.cg
-2001:4860:4802:32::78 www.google.ch
-2001:4860:4802:32::78 www.google.ci
-2001:4860:4802:32::78 www.google.co.ck
-2001:4860:4802:32::78 www.google.cl
-2001:4860:4802:32::78 www.google.cm
-2001:4860:4802:32::78 www.google.cn
-2001:4860:4802:32::78 www.google.com.co
-2001:4860:4802:32::78 www.google.co.cr
-2001:4860:4802:32::78 www.google.com.cu
-2001:4860:4802:32::78 www.google.cv
-2001:4860:4802:32::78 www.google.com.cy
-2001:4860:4802:32::78 www.google.cz
-2001:4860:4802:32::78 www.google.de
-2001:4860:4802:32::78 www.google.dj
-2001:4860:4802:32::78 www.google.dk
-2001:4860:4802:32::78 www.google.dm
-2001:4860:4802:32::78 www.google.com.do
-2001:4860:4802:32::78 www.google.dz
-2001:4860:4802:32::78 www.google.com.ec
-2001:4860:4802:32::78 www.google.ee
-2001:4860:4802:32::78 www.google.com.eg
-2001:4860:4802:32::78 www.google.es
-2001:4860:4802:32::78 www.google.com.et
-2001:4860:4802:32::78 www.google.fi
-2001:4860:4802:32::78 www.google.com.fj
-2001:4860:4802:32::78 www.google.fm
-2001:4860:4802:32::78 www.google.fr
-2001:4860:4802:32::78 www.google.ga
-2001:4860:4802:32::78 www.google.ge
-2001:4860:4802:32::78 www.google.gg
-2001:4860:4802:32::78 www.google.com.gh
-2001:4860:4802:32::78 www.google.com.gi
-2001:4860:4802:32::78 www.google.gl
-2001:4860:4802:32::78 www.google.gm
-2001:4860:4802:32::78 www.google.gr
-2001:4860:4802:32::78 www.google.com.gt
-2001:4860:4802:32::78 www.google.gy
-2001:4860:4802:32::78 www.google.com.hk
-2001:4860:4802:32::78 www.google.hn
-2001:4860:4802:32::78 www.google.hr
-2001:4860:4802:32::78 www.google.ht
-2001:4860:4802:32::78 www.google.hu
-2001:4860:4802:32::78 www.google.co.id
-2001:4860:4802:32::78 www.google.ie
-2001:4860:4802:32::78 www.google.co.il
-2001:4860:4802:32::78 www.google.im
-2001:4860:4802:32::78 www.google.co.in
-2001:4860:4802:32::78 www.google.iq
-2001:4860:4802:32::78 www.google.is
-2001:4860:4802:32::78 www.google.it
-2001:4860:4802:32::78 www.google.je
-2001:4860:4802:32::78 www.google.com.jm
-2001:4860:4802:32::78 www.google.jo
-2001:4860:4802:32::78 www.google.co.jp
-2001:4860:4802:32::78 www.google.co.ke
-2001:4860:4802:32::78 www.google.com.kh
-2001:4860:4802:32::78 www.google.ki
-2001:4860:4802:32::78 www.google.kg
-2001:4860:4802:32::78 www.google.co.kr
-2001:4860:4802:32::78 www.google.com.kw
-2001:4860:4802:32::78 www.google.kz
-2001:4860:4802:32::78 www.google.la
-2001:4860:4802:32::78 www.google.com.lb
-2001:4860:4802:32::78 www.google.li
-2001:4860:4802:32::78 www.google.lk
-2001:4860:4802:32::78 www.google.co.ls
-2001:4860:4802:32::78 www.google.lt
-2001:4860:4802:32::78 www.google.lu
-2001:4860:4802:32::78 www.google.lv
-2001:4860:4802:32::78 www.google.com.ly
-2001:4860:4802:32::78 www.google.co.ma
-2001:4860:4802:32::78 www.google.md
-2001:4860:4802:32::78 www.google.me
-2001:4860:4802:32::78 www.google.mg
-2001:4860:4802:32::78 www.google.mk
-2001:4860:4802:32::78 www.google.ml
-2001:4860:4802:32::78 www.google.com.mm
-2001:4860:4802:32::78 www.google.mn
-2001:4860:4802:32::78 www.google.ms
-2001:4860:4802:32::78 www.google.com.mt
-2001:4860:4802:32::78 www.google.mu
-2001:4860:4802:32::78 www.google.mv
-2001:4860:4802:32::78 www.google.mw
-2001:4860:4802:32::78 www.google.com.mx
-2001:4860:4802:32::78 www.google.com.my
-2001:4860:4802:32::78 www.google.co.mz
-2001:4860:4802:32::78 www.google.com.na
-2001:4860:4802:32::78 www.google.com.ng
-2001:4860:4802:32::78 www.google.com.ni
-2001:4860:4802:32::78 www.google.ne
-2001:4860:4802:32::78 www.google.nl
-2001:4860:4802:32::78 www.google.no
-2001:4860:4802:32::78 www.google.com.np
-2001:4860:4802:32::78 www.google.nr
-2001:4860:4802:32::78 www.google.nu
-2001:4860:4802:32::78 www.google.co.nz
-2001:4860:4802:32::78 www.google.com.om
-2001:4860:4802:32::78 www.google.com.pa
-2001:4860:4802:32::78 www.google.com.pe
-2001:4860:4802:32::78 www.google.com.pg
-2001:4860:4802:32::78 www.google.com.ph
-2001:4860:4802:32::78 www.google.com.pk
-2001:4860:4802:32::78 www.google.pl
-2001:4860:4802:32::78 www.google.pn
-2001:4860:4802:32::78 www.google.com.pr
-2001:4860:4802:32::78 www.google.ps
-2001:4860:4802:32::78 www.google.pt
-2001:4860:4802:32::78 www.google.com.py
-2001:4860:4802:32::78 www.google.com.qa
-2001:4860:4802:32::78 www.google.ro
-2001:4860:4802:32::78 www.google.ru
-2001:4860:4802:32::78 www.google.rw
-2001:4860:4802:32::78 www.google.com.sa
-2001:4860:4802:32::78 www.google.com.sb
-2001:4860:4802:32::78 www.google.sc
-2001:4860:4802:32::78 www.google.se
-2001:4860:4802:32::78 www.google.com.sg
-2001:4860:4802:32::78 www.google.sh
-2001:4860:4802:32::78 www.google.si
-2001:4860:4802:32::78 www.google.sk
-2001:4860:4802:32::78 www.google.com.sl
-2001:4860:4802:32::78 www.google.sn
-2001:4860:4802:32::78 www.google.so
-2001:4860:4802:32::78 www.google.sm
-2001:4860:4802:32::78 www.google.sr
-2001:4860:4802:32::78 www.google.st
-2001:4860:4802:32::78 www.google.com.sv
-2001:4860:4802:32::78 www.google.td
-2001:4860:4802:32::78 www.google.tg
-2001:4860:4802:32::78 www.google.co.th
-2001:4860:4802:32::78 www.google.com.tj
-2001:4860:4802:32::78 www.google.tl
-2001:4860:4802:32::78 www.google.tm
-2001:4860:4802:32::78 www.google.tn
-2001:4860:4802:32::78 www.google.to
-2001:4860:4802:32::78 www.google.com.tr
-2001:4860:4802:32::78 www.google.tt
-2001:4860:4802:32::78 www.google.com.tw
-2001:4860:4802:32::78 www.google.co.tz
-2001:4860:4802:32::78 www.google.com.ua
-2001:4860:4802:32::78 www.google.co.ug
-2001:4860:4802:32::78 www.google.co.uk
-2001:4860:4802:32::78 www.google.com.uy
-2001:4860:4802:32::78 www.google.co.uz
-2001:4860:4802:32::78 www.google.com.vc
-2001:4860:4802:32::78 www.google.co.ve
-2001:4860:4802:32::78 www.google.vg
-2001:4860:4802:32::78 www.google.co.vi
-2001:4860:4802:32::78 www.google.com.vn
-2001:4860:4802:32::78 www.google.vu
-2001:4860:4802:32::78 www.google.ws
-2001:4860:4802:32::78 www.google.rs
-2001:4860:4802:32::78 www.google.co.za
-2001:4860:4802:32::78 www.google.co.zm
-2001:4860:4802:32::78 www.google.co.zw
-2001:4860:4802:32::78 www.google.cat
216.239.38.120 google.com
+2001:4860:4802:32::78 google.ad
216.239.38.120 google.ad
+2001:4860:4802:32::78 google.ae
216.239.38.120 google.ae
+2001:4860:4802:32::78 google.com.af
216.239.38.120 google.com.af
+2001:4860:4802:32::78 google.com.ag
216.239.38.120 google.com.ag
+2001:4860:4802:32::78 google.com.ai
216.239.38.120 google.com.ai
+2001:4860:4802:32::78 google.al
216.239.38.120 google.al
+2001:4860:4802:32::78 google.am
216.239.38.120 google.am
+2001:4860:4802:32::78 google.co.ao
216.239.38.120 google.co.ao
+2001:4860:4802:32::78 google.com.ar
216.239.38.120 google.com.ar
+2001:4860:4802:32::78 google.as
216.239.38.120 google.as
+2001:4860:4802:32::78 google.at
216.239.38.120 google.at
+2001:4860:4802:32::78 google.com.au
216.239.38.120 google.com.au
+2001:4860:4802:32::78 google.az
216.239.38.120 google.az
+2001:4860:4802:32::78 google.ba
216.239.38.120 google.ba
+2001:4860:4802:32::78 google.com.bd
216.239.38.120 google.com.bd
+2001:4860:4802:32::78 google.be
216.239.38.120 google.be
+2001:4860:4802:32::78 google.bf
216.239.38.120 google.bf
+2001:4860:4802:32::78 google.bg
216.239.38.120 google.bg
+2001:4860:4802:32::78 google.com.bh
216.239.38.120 google.com.bh
+2001:4860:4802:32::78 google.bi
216.239.38.120 google.bi
+2001:4860:4802:32::78 google.bj
216.239.38.120 google.bj
+2001:4860:4802:32::78 google.com.bn
216.239.38.120 google.com.bn
+2001:4860:4802:32::78 google.com.bo
216.239.38.120 google.com.bo
+2001:4860:4802:32::78 google.com.br
216.239.38.120 google.com.br
+2001:4860:4802:32::78 google.bs
216.239.38.120 google.bs
+2001:4860:4802:32::78 google.bt
216.239.38.120 google.bt
+2001:4860:4802:32::78 google.co.bw
216.239.38.120 google.co.bw
+2001:4860:4802:32::78 google.by
216.239.38.120 google.by
+2001:4860:4802:32::78 google.com.bz
216.239.38.120 google.com.bz
+2001:4860:4802:32::78 google.ca
216.239.38.120 google.ca
+2001:4860:4802:32::78 google.cd
216.239.38.120 google.cd
+2001:4860:4802:32::78 google.cf
216.239.38.120 google.cf
+2001:4860:4802:32::78 google.cg
216.239.38.120 google.cg
+2001:4860:4802:32::78 google.ch
216.239.38.120 google.ch
+2001:4860:4802:32::78 google.ci
216.239.38.120 google.ci
+2001:4860:4802:32::78 google.co.ck
216.239.38.120 google.co.ck
+2001:4860:4802:32::78 google.cl
216.239.38.120 google.cl
+2001:4860:4802:32::78 google.cm
216.239.38.120 google.cm
+2001:4860:4802:32::78 google.cn
216.239.38.120 google.cn
+2001:4860:4802:32::78 google.com.co
216.239.38.120 google.com.co
+2001:4860:4802:32::78 google.co.cr
216.239.38.120 google.co.cr
+2001:4860:4802:32::78 google.com.cu
216.239.38.120 google.com.cu
+2001:4860:4802:32::78 google.cv
216.239.38.120 google.cv
+2001:4860:4802:32::78 google.com.cy
216.239.38.120 google.com.cy
+2001:4860:4802:32::78 google.cz
216.239.38.120 google.cz
+2001:4860:4802:32::78 google.de
216.239.38.120 google.de
+2001:4860:4802:32::78 google.dj
216.239.38.120 google.dj
+2001:4860:4802:32::78 google.dk
216.239.38.120 google.dk
+2001:4860:4802:32::78 google.dm
216.239.38.120 google.dm
+2001:4860:4802:32::78 google.com.do
216.239.38.120 google.com.do
+2001:4860:4802:32::78 google.dz
216.239.38.120 google.dz
+2001:4860:4802:32::78 google.com.ec
216.239.38.120 google.com.ec
+2001:4860:4802:32::78 google.ee
216.239.38.120 google.ee
+2001:4860:4802:32::78 google.com.eg
216.239.38.120 google.com.eg
+2001:4860:4802:32::78 google.es
216.239.38.120 google.es
+2001:4860:4802:32::78 google.com.et
216.239.38.120 google.com.et
+2001:4860:4802:32::78 google.fi
216.239.38.120 google.fi
+2001:4860:4802:32::78 google.com.fj
216.239.38.120 google.com.fj
+2001:4860:4802:32::78 google.fm
216.239.38.120 google.fm
+2001:4860:4802:32::78 google.fr
216.239.38.120 google.fr
+2001:4860:4802:32::78 google.ga
216.239.38.120 google.ga
+2001:4860:4802:32::78 google.ge
216.239.38.120 google.ge
+2001:4860:4802:32::78 google.gg
216.239.38.120 google.gg
+2001:4860:4802:32::78 google.com.gh
216.239.38.120 google.com.gh
+2001:4860:4802:32::78 google.com.gi
216.239.38.120 google.com.gi
+2001:4860:4802:32::78 google.gl
216.239.38.120 google.gl
+2001:4860:4802:32::78 google.gm
216.239.38.120 google.gm
+2001:4860:4802:32::78 google.gp
+216.239.38.120 google.gp
+2001:4860:4802:32::78 google.gr
216.239.38.120 google.gr
+2001:4860:4802:32::78 google.com.gt
216.239.38.120 google.com.gt
+2001:4860:4802:32::78 google.gy
216.239.38.120 google.gy
+2001:4860:4802:32::78 google.com.hk
216.239.38.120 google.com.hk
+2001:4860:4802:32::78 google.hn
216.239.38.120 google.hn
+2001:4860:4802:32::78 google.hr
216.239.38.120 google.hr
+2001:4860:4802:32::78 google.ht
216.239.38.120 google.ht
+2001:4860:4802:32::78 google.hu
216.239.38.120 google.hu
+2001:4860:4802:32::78 google.co.id
216.239.38.120 google.co.id
+2001:4860:4802:32::78 google.ie
216.239.38.120 google.ie
+2001:4860:4802:32::78 google.co.il
216.239.38.120 google.co.il
+2001:4860:4802:32::78 google.im
216.239.38.120 google.im
+2001:4860:4802:32::78 google.co.in
216.239.38.120 google.co.in
+2001:4860:4802:32::78 google.iq
216.239.38.120 google.iq
+2001:4860:4802:32::78 google.is
216.239.38.120 google.is
+2001:4860:4802:32::78 google.it
216.239.38.120 google.it
+2001:4860:4802:32::78 google.je
216.239.38.120 google.je
+2001:4860:4802:32::78 google.com.jm
216.239.38.120 google.com.jm
+2001:4860:4802:32::78 google.jo
216.239.38.120 google.jo
+2001:4860:4802:32::78 google.co.jp
216.239.38.120 google.co.jp
+2001:4860:4802:32::78 google.co.ke
216.239.38.120 google.co.ke
+2001:4860:4802:32::78 google.com.kh
216.239.38.120 google.com.kh
+2001:4860:4802:32::78 google.ki
216.239.38.120 google.ki
+2001:4860:4802:32::78 google.kg
216.239.38.120 google.kg
+2001:4860:4802:32::78 google.co.kr
216.239.38.120 google.co.kr
+2001:4860:4802:32::78 google.com.kw
216.239.38.120 google.com.kw
+2001:4860:4802:32::78 google.kz
216.239.38.120 google.kz
+2001:4860:4802:32::78 google.la
216.239.38.120 google.la
+2001:4860:4802:32::78 google.com.lb
216.239.38.120 google.com.lb
+2001:4860:4802:32::78 google.li
216.239.38.120 google.li
+2001:4860:4802:32::78 google.lk
216.239.38.120 google.lk
+2001:4860:4802:32::78 google.co.ls
216.239.38.120 google.co.ls
+2001:4860:4802:32::78 google.lt
216.239.38.120 google.lt
+2001:4860:4802:32::78 google.lu
216.239.38.120 google.lu
+2001:4860:4802:32::78 google.lv
216.239.38.120 google.lv
+2001:4860:4802:32::78 google.com.ly
216.239.38.120 google.com.ly
+2001:4860:4802:32::78 google.co.ma
216.239.38.120 google.co.ma
+2001:4860:4802:32::78 google.md
216.239.38.120 google.md
+2001:4860:4802:32::78 google.me
216.239.38.120 google.me
+2001:4860:4802:32::78 google.mg
216.239.38.120 google.mg
+2001:4860:4802:32::78 google.mk
216.239.38.120 google.mk
+2001:4860:4802:32::78 google.ml
216.239.38.120 google.ml
+2001:4860:4802:32::78 google.com.mm
216.239.38.120 google.com.mm
+2001:4860:4802:32::78 google.mn
216.239.38.120 google.mn
+2001:4860:4802:32::78 google.ms
216.239.38.120 google.ms
+2001:4860:4802:32::78 google.com.mt
216.239.38.120 google.com.mt
+2001:4860:4802:32::78 google.mu
216.239.38.120 google.mu
+2001:4860:4802:32::78 google.mv
216.239.38.120 google.mv
+2001:4860:4802:32::78 google.mw
216.239.38.120 google.mw
+2001:4860:4802:32::78 google.com.mx
216.239.38.120 google.com.mx
+2001:4860:4802:32::78 google.com.my
216.239.38.120 google.com.my
+2001:4860:4802:32::78 google.co.mz
216.239.38.120 google.co.mz
+2001:4860:4802:32::78 google.com.na
216.239.38.120 google.com.na
+2001:4860:4802:32::78 google.com.nf
+216.239.38.120 google.com.nf
+2001:4860:4802:32::78 google.com.ng
216.239.38.120 google.com.ng
+2001:4860:4802:32::78 google.com.ni
216.239.38.120 google.com.ni
+2001:4860:4802:32::78 google.ne
216.239.38.120 google.ne
+2001:4860:4802:32::78 google.nl
216.239.38.120 google.nl
+2001:4860:4802:32::78 google.no
216.239.38.120 google.no
+2001:4860:4802:32::78 google.com.np
216.239.38.120 google.com.np
+2001:4860:4802:32::78 google.nr
216.239.38.120 google.nr
+2001:4860:4802:32::78 google.nu
216.239.38.120 google.nu
+2001:4860:4802:32::78 google.co.nz
216.239.38.120 google.co.nz
+2001:4860:4802:32::78 google.com.om
216.239.38.120 google.com.om
+2001:4860:4802:32::78 google.com.pa
216.239.38.120 google.com.pa
+2001:4860:4802:32::78 google.com.pe
216.239.38.120 google.com.pe
+2001:4860:4802:32::78 google.com.pg
216.239.38.120 google.com.pg
+2001:4860:4802:32::78 google.com.ph
216.239.38.120 google.com.ph
+2001:4860:4802:32::78 google.com.pk
216.239.38.120 google.com.pk
+2001:4860:4802:32::78 google.pl
216.239.38.120 google.pl
+2001:4860:4802:32::78 google.pn
216.239.38.120 google.pn
+2001:4860:4802:32::78 google.com.pr
216.239.38.120 google.com.pr
+2001:4860:4802:32::78 google.ps
216.239.38.120 google.ps
+2001:4860:4802:32::78 google.pt
216.239.38.120 google.pt
+2001:4860:4802:32::78 google.com.py
216.239.38.120 google.com.py
+2001:4860:4802:32::78 google.com.qa
216.239.38.120 google.com.qa
+2001:4860:4802:32::78 google.ro
216.239.38.120 google.ro
+2001:4860:4802:32::78 google.ru
216.239.38.120 google.ru
+2001:4860:4802:32::78 google.rw
216.239.38.120 google.rw
+2001:4860:4802:32::78 google.com.sa
216.239.38.120 google.com.sa
+2001:4860:4802:32::78 google.com.sb
216.239.38.120 google.com.sb
+2001:4860:4802:32::78 google.sc
216.239.38.120 google.sc
+2001:4860:4802:32::78 google.se
216.239.38.120 google.se
+2001:4860:4802:32::78 google.com.sg
216.239.38.120 google.com.sg
+2001:4860:4802:32::78 google.sh
216.239.38.120 google.sh
+2001:4860:4802:32::78 google.si
216.239.38.120 google.si
+2001:4860:4802:32::78 google.sk
216.239.38.120 google.sk
+2001:4860:4802:32::78 google.com.sl
216.239.38.120 google.com.sl
+2001:4860:4802:32::78 google.sn
216.239.38.120 google.sn
+2001:4860:4802:32::78 google.so
216.239.38.120 google.so
+2001:4860:4802:32::78 google.sm
216.239.38.120 google.sm
+2001:4860:4802:32::78 google.sr
216.239.38.120 google.sr
+2001:4860:4802:32::78 google.st
216.239.38.120 google.st
+2001:4860:4802:32::78 google.com.sv
216.239.38.120 google.com.sv
+2001:4860:4802:32::78 google.td
216.239.38.120 google.td
+2001:4860:4802:32::78 google.tg
216.239.38.120 google.tg
+2001:4860:4802:32::78 google.co.th
216.239.38.120 google.co.th
+2001:4860:4802:32::78 google.com.tj
216.239.38.120 google.com.tj
+2001:4860:4802:32::78 google.tk
+216.239.38.120 google.tk
+2001:4860:4802:32::78 google.tl
216.239.38.120 google.tl
+2001:4860:4802:32::78 google.tm
216.239.38.120 google.tm
+2001:4860:4802:32::78 google.tn
216.239.38.120 google.tn
+2001:4860:4802:32::78 google.to
216.239.38.120 google.to
+2001:4860:4802:32::78 google.com.tr
216.239.38.120 google.com.tr
+2001:4860:4802:32::78 google.tt
216.239.38.120 google.tt
+2001:4860:4802:32::78 google.com.tw
216.239.38.120 google.com.tw
+2001:4860:4802:32::78 google.co.tz
216.239.38.120 google.co.tz
+2001:4860:4802:32::78 google.com.ua
216.239.38.120 google.com.ua
+2001:4860:4802:32::78 google.co.ug
216.239.38.120 google.co.ug
+2001:4860:4802:32::78 google.co.uk
216.239.38.120 google.co.uk
+2001:4860:4802:32::78 google.com.uy
216.239.38.120 google.com.uy
+2001:4860:4802:32::78 google.co.uz
216.239.38.120 google.co.uz
+2001:4860:4802:32::78 google.com.vc
216.239.38.120 google.com.vc
+2001:4860:4802:32::78 google.co.ve
216.239.38.120 google.co.ve
+2001:4860:4802:32::78 google.vg
216.239.38.120 google.vg
+2001:4860:4802:32::78 google.co.vi
216.239.38.120 google.co.vi
+2001:4860:4802:32::78 google.com.vn
216.239.38.120 google.com.vn
+2001:4860:4802:32::78 google.vu
216.239.38.120 google.vu
+2001:4860:4802:32::78 google.ws
216.239.38.120 google.ws
+2001:4860:4802:32::78 google.rs
216.239.38.120 google.rs
+2001:4860:4802:32::78 google.co.za
216.239.38.120 google.co.za
+2001:4860:4802:32::78 google.co.zm
216.239.38.120 google.co.zm
+2001:4860:4802:32::78 google.co.zw
216.239.38.120 google.co.zw
+2001:4860:4802:32::78 google.cat
216.239.38.120 google.cat
+2001:4860:4802:32::78 www.google.com
216.239.38.120 www.google.com
+2001:4860:4802:32::78 www.google.ad
216.239.38.120 www.google.ad
+2001:4860:4802:32::78 www.google.ae
216.239.38.120 www.google.ae
+2001:4860:4802:32::78 www.google.com.af
216.239.38.120 www.google.com.af
+2001:4860:4802:32::78 www.google.com.ag
216.239.38.120 www.google.com.ag
+2001:4860:4802:32::78 www.google.com.ai
216.239.38.120 www.google.com.ai
+2001:4860:4802:32::78 www.google.al
216.239.38.120 www.google.al
+2001:4860:4802:32::78 www.google.am
216.239.38.120 www.google.am
+2001:4860:4802:32::78 www.google.co.ao
216.239.38.120 www.google.co.ao
+2001:4860:4802:32::78 www.google.com.ar
216.239.38.120 www.google.com.ar
+2001:4860:4802:32::78 www.google.as
216.239.38.120 www.google.as
+2001:4860:4802:32::78 www.google.at
216.239.38.120 www.google.at
+2001:4860:4802:32::78 www.google.com.au
216.239.38.120 www.google.com.au
+2001:4860:4802:32::78 www.google.az
216.239.38.120 www.google.az
+2001:4860:4802:32::78 www.google.ba
216.239.38.120 www.google.ba
+2001:4860:4802:32::78 www.google.com.bd
216.239.38.120 www.google.com.bd
+2001:4860:4802:32::78 www.google.be
216.239.38.120 www.google.be
+2001:4860:4802:32::78 www.google.bf
216.239.38.120 www.google.bf
+2001:4860:4802:32::78 www.google.bg
216.239.38.120 www.google.bg
+2001:4860:4802:32::78 www.google.com.bh
216.239.38.120 www.google.com.bh
+2001:4860:4802:32::78 www.google.bi
216.239.38.120 www.google.bi
+2001:4860:4802:32::78 www.google.bj
216.239.38.120 www.google.bj
+2001:4860:4802:32::78 www.google.com.bn
216.239.38.120 www.google.com.bn
+2001:4860:4802:32::78 www.google.com.bo
216.239.38.120 www.google.com.bo
+2001:4860:4802:32::78 www.google.com.br
216.239.38.120 www.google.com.br
+2001:4860:4802:32::78 www.google.bs
216.239.38.120 www.google.bs
+2001:4860:4802:32::78 www.google.bt
216.239.38.120 www.google.bt
+2001:4860:4802:32::78 www.google.co.bw
216.239.38.120 www.google.co.bw
+2001:4860:4802:32::78 www.google.by
216.239.38.120 www.google.by
+2001:4860:4802:32::78 www.google.com.bz
216.239.38.120 www.google.com.bz
+2001:4860:4802:32::78 www.google.ca
216.239.38.120 www.google.ca
+2001:4860:4802:32::78 www.google.cd
216.239.38.120 www.google.cd
+2001:4860:4802:32::78 www.google.cf
216.239.38.120 www.google.cf
+2001:4860:4802:32::78 www.google.cg
216.239.38.120 www.google.cg
+2001:4860:4802:32::78 www.google.ch
216.239.38.120 www.google.ch
+2001:4860:4802:32::78 www.google.ci
216.239.38.120 www.google.ci
+2001:4860:4802:32::78 www.google.co.ck
216.239.38.120 www.google.co.ck
+2001:4860:4802:32::78 www.google.cl
216.239.38.120 www.google.cl
+2001:4860:4802:32::78 www.google.cm
216.239.38.120 www.google.cm
+2001:4860:4802:32::78 www.google.cn
216.239.38.120 www.google.cn
+2001:4860:4802:32::78 www.google.com.co
216.239.38.120 www.google.com.co
+2001:4860:4802:32::78 www.google.co.cr
216.239.38.120 www.google.co.cr
+2001:4860:4802:32::78 www.google.com.cu
216.239.38.120 www.google.com.cu
+2001:4860:4802:32::78 www.google.cv
216.239.38.120 www.google.cv
+2001:4860:4802:32::78 www.google.com.cy
216.239.38.120 www.google.com.cy
+2001:4860:4802:32::78 www.google.cz
216.239.38.120 www.google.cz
+2001:4860:4802:32::78 www.google.de
216.239.38.120 www.google.de
+2001:4860:4802:32::78 www.google.dj
216.239.38.120 www.google.dj
+2001:4860:4802:32::78 www.google.dk
216.239.38.120 www.google.dk
+2001:4860:4802:32::78 www.google.dm
216.239.38.120 www.google.dm
+2001:4860:4802:32::78 www.google.com.do
216.239.38.120 www.google.com.do
+2001:4860:4802:32::78 www.google.dz
216.239.38.120 www.google.dz
+2001:4860:4802:32::78 www.google.com.ec
216.239.38.120 www.google.com.ec
+2001:4860:4802:32::78 www.google.ee
216.239.38.120 www.google.ee
+2001:4860:4802:32::78 www.google.com.eg
216.239.38.120 www.google.com.eg
+2001:4860:4802:32::78 www.google.es
216.239.38.120 www.google.es
+2001:4860:4802:32::78 www.google.com.et
216.239.38.120 www.google.com.et
+2001:4860:4802:32::78 www.google.fi
216.239.38.120 www.google.fi
+2001:4860:4802:32::78 www.google.com.fj
216.239.38.120 www.google.com.fj
+2001:4860:4802:32::78 www.google.fm
216.239.38.120 www.google.fm
+2001:4860:4802:32::78 www.google.fr
216.239.38.120 www.google.fr
+2001:4860:4802:32::78 www.google.ga
216.239.38.120 www.google.ga
+2001:4860:4802:32::78 www.google.ge
216.239.38.120 www.google.ge
+2001:4860:4802:32::78 www.google.gg
216.239.38.120 www.google.gg
+2001:4860:4802:32::78 www.google.com.gh
216.239.38.120 www.google.com.gh
+2001:4860:4802:32::78 www.google.com.gi
216.239.38.120 www.google.com.gi
+2001:4860:4802:32::78 www.google.gl
216.239.38.120 www.google.gl
+2001:4860:4802:32::78 www.google.gm
216.239.38.120 www.google.gm
+2001:4860:4802:32::78 www.google.gp
+216.239.38.120 www.google.gp
+2001:4860:4802:32::78 www.google.gr
216.239.38.120 www.google.gr
+2001:4860:4802:32::78 www.google.com.gt
216.239.38.120 www.google.com.gt
+2001:4860:4802:32::78 www.google.gy
216.239.38.120 www.google.gy
+2001:4860:4802:32::78 www.google.com.hk
216.239.38.120 www.google.com.hk
+2001:4860:4802:32::78 www.google.hn
216.239.38.120 www.google.hn
+2001:4860:4802:32::78 www.google.hr
216.239.38.120 www.google.hr
+2001:4860:4802:32::78 www.google.ht
216.239.38.120 www.google.ht
+2001:4860:4802:32::78 www.google.hu
216.239.38.120 www.google.hu
+2001:4860:4802:32::78 www.google.co.id
216.239.38.120 www.google.co.id
+2001:4860:4802:32::78 www.google.ie
216.239.38.120 www.google.ie
+2001:4860:4802:32::78 www.google.co.il
216.239.38.120 www.google.co.il
+2001:4860:4802:32::78 www.google.im
216.239.38.120 www.google.im
+2001:4860:4802:32::78 www.google.co.in
216.239.38.120 www.google.co.in
+2001:4860:4802:32::78 www.google.iq
216.239.38.120 www.google.iq
+2001:4860:4802:32::78 www.google.is
216.239.38.120 www.google.is
+2001:4860:4802:32::78 www.google.it
216.239.38.120 www.google.it
+2001:4860:4802:32::78 www.google.je
216.239.38.120 www.google.je
+2001:4860:4802:32::78 www.google.com.jm
216.239.38.120 www.google.com.jm
+2001:4860:4802:32::78 www.google.jo
216.239.38.120 www.google.jo
+2001:4860:4802:32::78 www.google.co.jp
216.239.38.120 www.google.co.jp
+2001:4860:4802:32::78 www.google.co.ke
216.239.38.120 www.google.co.ke
+2001:4860:4802:32::78 www.google.com.kh
216.239.38.120 www.google.com.kh
+2001:4860:4802:32::78 www.google.ki
216.239.38.120 www.google.ki
+2001:4860:4802:32::78 www.google.kg
216.239.38.120 www.google.kg
+2001:4860:4802:32::78 www.google.co.kr
216.239.38.120 www.google.co.kr
+2001:4860:4802:32::78 www.google.com.kw
216.239.38.120 www.google.com.kw
+2001:4860:4802:32::78 www.google.kz
216.239.38.120 www.google.kz
+2001:4860:4802:32::78 www.google.la
216.239.38.120 www.google.la
+2001:4860:4802:32::78 www.google.com.lb
216.239.38.120 www.google.com.lb
+2001:4860:4802:32::78 www.google.li
216.239.38.120 www.google.li
+2001:4860:4802:32::78 www.google.lk
216.239.38.120 www.google.lk
+2001:4860:4802:32::78 www.google.co.ls
216.239.38.120 www.google.co.ls
+2001:4860:4802:32::78 www.google.lt
216.239.38.120 www.google.lt
+2001:4860:4802:32::78 www.google.lu
216.239.38.120 www.google.lu
+2001:4860:4802:32::78 www.google.lv
216.239.38.120 www.google.lv
+2001:4860:4802:32::78 www.google.com.ly
216.239.38.120 www.google.com.ly
+2001:4860:4802:32::78 www.google.co.ma
216.239.38.120 www.google.co.ma
+2001:4860:4802:32::78 www.google.md
216.239.38.120 www.google.md
+2001:4860:4802:32::78 www.google.me
216.239.38.120 www.google.me
+2001:4860:4802:32::78 www.google.mg
216.239.38.120 www.google.mg
+2001:4860:4802:32::78 www.google.mk
216.239.38.120 www.google.mk
+2001:4860:4802:32::78 www.google.ml
216.239.38.120 www.google.ml
+2001:4860:4802:32::78 www.google.com.mm
216.239.38.120 www.google.com.mm
+2001:4860:4802:32::78 www.google.mn
216.239.38.120 www.google.mn
+2001:4860:4802:32::78 www.google.ms
216.239.38.120 www.google.ms
+2001:4860:4802:32::78 www.google.com.mt
216.239.38.120 www.google.com.mt
+2001:4860:4802:32::78 www.google.mu
216.239.38.120 www.google.mu
+2001:4860:4802:32::78 www.google.mv
216.239.38.120 www.google.mv
+2001:4860:4802:32::78 www.google.mw
216.239.38.120 www.google.mw
+2001:4860:4802:32::78 www.google.com.mx
216.239.38.120 www.google.com.mx
+2001:4860:4802:32::78 www.google.com.my
216.239.38.120 www.google.com.my
+2001:4860:4802:32::78 www.google.co.mz
216.239.38.120 www.google.co.mz
+2001:4860:4802:32::78 www.google.com.na
216.239.38.120 www.google.com.na
+2001:4860:4802:32::78 www.google.com.nf
+216.239.38.120 www.google.com.nf
+2001:4860:4802:32::78 www.google.com.ng
216.239.38.120 www.google.com.ng
+2001:4860:4802:32::78 www.google.com.ni
216.239.38.120 www.google.com.ni
+2001:4860:4802:32::78 www.google.ne
216.239.38.120 www.google.ne
+2001:4860:4802:32::78 www.google.nl
216.239.38.120 www.google.nl
+2001:4860:4802:32::78 www.google.no
216.239.38.120 www.google.no
+2001:4860:4802:32::78 www.google.com.np
216.239.38.120 www.google.com.np
+2001:4860:4802:32::78 www.google.nr
216.239.38.120 www.google.nr
+2001:4860:4802:32::78 www.google.nu
216.239.38.120 www.google.nu
+2001:4860:4802:32::78 www.google.co.nz
216.239.38.120 www.google.co.nz
+2001:4860:4802:32::78 www.google.com.om
216.239.38.120 www.google.com.om
+2001:4860:4802:32::78 www.google.com.pa
216.239.38.120 www.google.com.pa
+2001:4860:4802:32::78 www.google.com.pe
216.239.38.120 www.google.com.pe
+2001:4860:4802:32::78 www.google.com.pg
216.239.38.120 www.google.com.pg
+2001:4860:4802:32::78 www.google.com.ph
216.239.38.120 www.google.com.ph
+2001:4860:4802:32::78 www.google.com.pk
216.239.38.120 www.google.com.pk
+2001:4860:4802:32::78 www.google.pl
216.239.38.120 www.google.pl
+2001:4860:4802:32::78 www.google.pn
216.239.38.120 www.google.pn
+2001:4860:4802:32::78 www.google.com.pr
216.239.38.120 www.google.com.pr
+2001:4860:4802:32::78 www.google.ps
216.239.38.120 www.google.ps
+2001:4860:4802:32::78 www.google.pt
216.239.38.120 www.google.pt
+2001:4860:4802:32::78 www.google.com.py
216.239.38.120 www.google.com.py
+2001:4860:4802:32::78 www.google.com.qa
216.239.38.120 www.google.com.qa
+2001:4860:4802:32::78 www.google.ro
216.239.38.120 www.google.ro
+2001:4860:4802:32::78 www.google.ru
216.239.38.120 www.google.ru
+2001:4860:4802:32::78 www.google.rw
216.239.38.120 www.google.rw
+2001:4860:4802:32::78 www.google.com.sa
216.239.38.120 www.google.com.sa
+2001:4860:4802:32::78 www.google.com.sb
216.239.38.120 www.google.com.sb
+2001:4860:4802:32::78 www.google.sc
216.239.38.120 www.google.sc
+2001:4860:4802:32::78 www.google.se
216.239.38.120 www.google.se
+2001:4860:4802:32::78 www.google.com.sg
216.239.38.120 www.google.com.sg
+2001:4860:4802:32::78 www.google.sh
216.239.38.120 www.google.sh
+2001:4860:4802:32::78 www.google.si
216.239.38.120 www.google.si
+2001:4860:4802:32::78 www.google.sk
216.239.38.120 www.google.sk
+2001:4860:4802:32::78 www.google.com.sl
216.239.38.120 www.google.com.sl
+2001:4860:4802:32::78 www.google.sn
216.239.38.120 www.google.sn
+2001:4860:4802:32::78 www.google.so
216.239.38.120 www.google.so
+2001:4860:4802:32::78 www.google.sm
216.239.38.120 www.google.sm
+2001:4860:4802:32::78 www.google.sr
216.239.38.120 www.google.sr
+2001:4860:4802:32::78 www.google.st
216.239.38.120 www.google.st
+2001:4860:4802:32::78 www.google.com.sv
216.239.38.120 www.google.com.sv
+2001:4860:4802:32::78 www.google.td
216.239.38.120 www.google.td
+2001:4860:4802:32::78 www.google.tg
216.239.38.120 www.google.tg
+2001:4860:4802:32::78 www.google.co.th
216.239.38.120 www.google.co.th
+2001:4860:4802:32::78 www.google.com.tj
216.239.38.120 www.google.com.tj
+2001:4860:4802:32::78 www.google.tk
+216.239.38.120 www.google.tk
+2001:4860:4802:32::78 www.google.tl
216.239.38.120 www.google.tl
+2001:4860:4802:32::78 www.google.tm
216.239.38.120 www.google.tm
+2001:4860:4802:32::78 www.google.tn
216.239.38.120 www.google.tn
+2001:4860:4802:32::78 www.google.to
216.239.38.120 www.google.to
+2001:4860:4802:32::78 www.google.com.tr
216.239.38.120 www.google.com.tr
+2001:4860:4802:32::78 www.google.tt
216.239.38.120 www.google.tt
+2001:4860:4802:32::78 www.google.com.tw
216.239.38.120 www.google.com.tw
+2001:4860:4802:32::78 www.google.co.tz
216.239.38.120 www.google.co.tz
+2001:4860:4802:32::78 www.google.com.ua
216.239.38.120 www.google.com.ua
+2001:4860:4802:32::78 www.google.co.ug
216.239.38.120 www.google.co.ug
+2001:4860:4802:32::78 www.google.co.uk
216.239.38.120 www.google.co.uk
+2001:4860:4802:32::78 www.google.com.uy
216.239.38.120 www.google.com.uy
+2001:4860:4802:32::78 www.google.co.uz
216.239.38.120 www.google.co.uz
+2001:4860:4802:32::78 www.google.com.vc
216.239.38.120 www.google.com.vc
+2001:4860:4802:32::78 www.google.co.ve
216.239.38.120 www.google.co.ve
+2001:4860:4802:32::78 www.google.vg
216.239.38.120 www.google.vg
+2001:4860:4802:32::78 www.google.co.vi
216.239.38.120 www.google.co.vi
+2001:4860:4802:32::78 www.google.com.vn
216.239.38.120 www.google.com.vn
+2001:4860:4802:32::78 www.google.vu
216.239.38.120 www.google.vu
+2001:4860:4802:32::78 www.google.ws
216.239.38.120 www.google.ws
+2001:4860:4802:32::78 www.google.rs
216.239.38.120 www.google.rs
+2001:4860:4802:32::78 www.google.co.za
216.239.38.120 www.google.co.za
+2001:4860:4802:32::78 www.google.co.zm
216.239.38.120 www.google.co.zm
+2001:4860:4802:32::78 www.google.co.zw
216.239.38.120 www.google.co.zw
+2001:4860:4802:32::78 www.google.cat
216.239.38.120 www.google.cat
-#
-# Copyright (c) 2018 Gregory L. Dietsche <Gregory.Dietsche@cuw.edu>
-# This is free software, licensed under the MIT License
-#
+##########################################################################
+# **** IMPORTANT **** #
+# Do not make changes to this file instead please execute: #
+# /usr/sbin/safe-search-maintenance #
+# If this file is not working, please ensure dnsmasq is able to READ it! #
+##########################################################################
-#
-# IMPORTANT: if this file is not working, make sure that dnsmasq is able to READ it!
-#
+# Last Updated On: Tue Jan 12 13:42:47 CST 2021
-#216.239.38.120 restrict.youtube.com
-#2001:4860:4802:32::78 restrict.youtube.com
-
-#IPv6
-2001:4860:4802:32::78 www.youtube.com
-2001:4860:4802:32::78 m.youtube.com
-2001:4860:4802:32::78 youtubei.googleapis.com
-2001:4860:4802:32::78 youtube.googleapis.com
-2001:4860:4802:32::78 www.youtube-nocookie.com
-
-#IPv4
-216.239.38.120 www.youtube.com
-216.239.38.120 m.youtube.com
-216.239.38.120 youtubei.googleapis.com
-216.239.38.120 youtube.googleapis.com
-216.239.38.120 www.youtube-nocookie.com
+2001:4860:4802:32::78 www.youtube.com m.youtube.com youtubei.googleapis.com youtube.googleapis.com www.youtube-nocookie.com
+216.239.38.120 www.youtube.com m.youtube.com youtubei.googleapis.com youtube.googleapis.com www.youtube-nocookie.com
-#
-# Copyright (c) 2018 Gregory L. Dietsche <Gregory.Dietsche@cuw.edu>
-# This is free software, licensed under the MIT License
-#
+##########################################################################
+# **** IMPORTANT **** #
+# Do not make changes to this file instead please execute: #
+# /usr/sbin/safe-search-maintenance #
+# If this file is not working, please ensure dnsmasq is able to READ it! #
+##########################################################################
-#
-# IMPORTANT: if this file is not working, make sure that dnsmasq is able to READ it!
-#
+# Last Updated On: Tue Jan 12 13:42:47 CST 2021
-#216.239.38.119 restrictmoderate.youtube.com
-#2001:4860:4802:32::77 restrictmoderate.youtube.com
-
-#IPv6
-2001:4860:4802:32::77 www.youtube.com
-2001:4860:4802:32::77 m.youtube.com
-2001:4860:4802:32::77 youtubei.googleapis.com
-2001:4860:4802:32::77 youtube.googleapis.com
-2001:4860:4802:32::77 www.youtube-nocookie.com
-
-#IPv4
-216.239.38.119 www.youtube.com
-216.239.38.119 m.youtube.com
-216.239.38.119 youtubei.googleapis.com
-216.239.38.119 youtube.googleapis.com
-216.239.38.119 www.youtube-nocookie.com
+2001:4860:4802:32::77 youtube.com m.youtube.com youtubei.googleapis.com youtube.googleapis.com www.youtube-nocookie.com
+216.239.38.119 www.youtube.com m.youtube.com youtubei.googleapis.com youtube.googleapis.com www.youtube-nocookie.com
--- /dev/null
+#!/bin/sh
+#
+# Copyright (c) 2021 Gregory L. Dietsche <Gregory.Dietsche@cuw.edu>
+# This is free software, licensed under the MIT License
+#
+
+HasIpAddressChanged() {
+ # Create a sorted, unique list of addresses using DNS
+ HOST_LIVE=$(nslookup "$1" | grep "Address\ [0-9]\+:" | sed -r 's/^Address [0-9]+: //' | sort | uniq -i)
+
+ # Create a sorted, unique list of addresess currently in use
+ HOST_SAFE=$(grep -i "^[:0-9a-f]" "$2" | sed 's/ .*//' | sort | uniq -i)
+
+ # dns resolution errors / not being connected to the internet can cause this.
+ if [ -z "$HOST_LIVE" ]; then
+ return 1
+ fi
+
+ #If the lists do not match, then we want to update to match the DNS records.
+ if [ "$HOST_LIVE" = "$HOST_SAFE" ]; then
+ return 1 # IP has NOT changed
+ fi
+
+ return 0 # IP has changed
+}
+
+StartIpAddressUpdate(){
+ echo Updating "$1"
+ RELOAD_DNSMASQ=1
+
+ #Create the new hosts file...
+ cat >"$1"<<EOL
+##########################################################################
+# **** IMPORTANT **** #
+# Do not make changes to this file instead please execute: #
+# /usr/sbin/safe-search-maintenance #
+# If this file is not working, please ensure dnsmasq is able to READ it! #
+##########################################################################
+
+# Last Updated On: $(date)
+
+EOL
+}
+
+MakeHost(){
+ for ipAddr in $HOST_LIVE
+ do
+ echo "$ipAddr $1"
+ done
+}
+
+#################################################
+### strict.bing.com ###
+#################################################
+HOST_FILE=/etc/safe-search/available/bing.default
+if HasIpAddressChanged strict.bing.com $HOST_FILE; then
+ StartIpAddressUpdate $HOST_FILE
+ MakeHost "bing.com www.bing.com">>$HOST_FILE
+fi
+
+#################################################
+### safe.duckduckgo.com ###
+#################################################
+HOST_FILE=/etc/safe-search/available/duckduckgo.default
+if HasIpAddressChanged safe.duckduckgo.com $HOST_FILE; then
+ StartIpAddressUpdate $HOST_FILE
+ MakeHost "duckduckgo.com">>$HOST_FILE
+fi
+
+#################################################
+### restrict.youtube.com ###
+#################################################
+HOST_FILE=/etc/safe-search/available/youtube.restrict
+if HasIpAddressChanged restrict.youtube.com $HOST_FILE; then
+ StartIpAddressUpdate $HOST_FILE
+ MakeHost "www.youtube.com m.youtube.com youtubei.googleapis.com youtube.googleapis.com www.youtube-nocookie.com">>$HOST_FILE
+fi
+
+#################################################
+### restrictmoderate.youtube.com ###
+#################################################
+HOST_FILE=/etc/safe-search/available/youtube.restrictmoderate
+if HasIpAddressChanged restrictmoderate.youtube.com $HOST_FILE; then
+ StartIpAddressUpdate $HOST_FILE
+ MakeHost "www.youtube.com m.youtube.com youtubei.googleapis.com youtube.googleapis.com www.youtube-nocookie.com">>$HOST_FILE
+fi
+
+#################################################
+### forcesafesearch.google.com ###
+### https://www.google.com/supported_domains ###
+#################################################
+HOST_FILE=/etc/safe-search/available/google.default
+if HasIpAddressChanged forcesafesearch.google.com $HOST_FILE; then
+ StartIpAddressUpdate $HOST_FILE
+ cat >>"$HOST_FILE"<<EOL
+$(MakeHost "google.com")
+$(MakeHost "google.ad")
+$(MakeHost "google.ae")
+$(MakeHost "google.com.af")
+$(MakeHost "google.com.ag")
+$(MakeHost "google.com.ai")
+$(MakeHost "google.al")
+$(MakeHost "google.am")
+$(MakeHost "google.co.ao")
+$(MakeHost "google.com.ar")
+$(MakeHost "google.as")
+$(MakeHost "google.at")
+$(MakeHost "google.com.au")
+$(MakeHost "google.az")
+$(MakeHost "google.ba")
+$(MakeHost "google.com.bd")
+$(MakeHost "google.be")
+$(MakeHost "google.bf")
+$(MakeHost "google.bg")
+$(MakeHost "google.com.bh")
+$(MakeHost "google.bi")
+$(MakeHost "google.bj")
+$(MakeHost "google.com.bn")
+$(MakeHost "google.com.bo")
+$(MakeHost "google.com.br")
+$(MakeHost "google.bs")
+$(MakeHost "google.bt")
+$(MakeHost "google.co.bw")
+$(MakeHost "google.by")
+$(MakeHost "google.com.bz")
+$(MakeHost "google.ca")
+$(MakeHost "google.cd")
+$(MakeHost "google.cf")
+$(MakeHost "google.cg")
+$(MakeHost "google.ch")
+$(MakeHost "google.ci")
+$(MakeHost "google.co.ck")
+$(MakeHost "google.cl")
+$(MakeHost "google.cm")
+$(MakeHost "google.cn")
+$(MakeHost "google.com.co")
+$(MakeHost "google.co.cr")
+$(MakeHost "google.com.cu")
+$(MakeHost "google.cv")
+$(MakeHost "google.com.cy")
+$(MakeHost "google.cz")
+$(MakeHost "google.de")
+$(MakeHost "google.dj")
+$(MakeHost "google.dk")
+$(MakeHost "google.dm")
+$(MakeHost "google.com.do")
+$(MakeHost "google.dz")
+$(MakeHost "google.com.ec")
+$(MakeHost "google.ee")
+$(MakeHost "google.com.eg")
+$(MakeHost "google.es")
+$(MakeHost "google.com.et")
+$(MakeHost "google.fi")
+$(MakeHost "google.com.fj")
+$(MakeHost "google.fm")
+$(MakeHost "google.fr")
+$(MakeHost "google.ga")
+$(MakeHost "google.ge")
+$(MakeHost "google.gg")
+$(MakeHost "google.com.gh")
+$(MakeHost "google.com.gi")
+$(MakeHost "google.gl")
+$(MakeHost "google.gm")
+$(MakeHost "google.gp")
+$(MakeHost "google.gr")
+$(MakeHost "google.com.gt")
+$(MakeHost "google.gy")
+$(MakeHost "google.com.hk")
+$(MakeHost "google.hn")
+$(MakeHost "google.hr")
+$(MakeHost "google.ht")
+$(MakeHost "google.hu")
+$(MakeHost "google.co.id")
+$(MakeHost "google.ie")
+$(MakeHost "google.co.il")
+$(MakeHost "google.im")
+$(MakeHost "google.co.in")
+$(MakeHost "google.iq")
+$(MakeHost "google.is")
+$(MakeHost "google.it")
+$(MakeHost "google.je")
+$(MakeHost "google.com.jm")
+$(MakeHost "google.jo")
+$(MakeHost "google.co.jp")
+$(MakeHost "google.co.ke")
+$(MakeHost "google.com.kh")
+$(MakeHost "google.ki")
+$(MakeHost "google.kg")
+$(MakeHost "google.co.kr")
+$(MakeHost "google.com.kw")
+$(MakeHost "google.kz")
+$(MakeHost "google.la")
+$(MakeHost "google.com.lb")
+$(MakeHost "google.li")
+$(MakeHost "google.lk")
+$(MakeHost "google.co.ls")
+$(MakeHost "google.lt")
+$(MakeHost "google.lu")
+$(MakeHost "google.lv")
+$(MakeHost "google.com.ly")
+$(MakeHost "google.co.ma")
+$(MakeHost "google.md")
+$(MakeHost "google.me")
+$(MakeHost "google.mg")
+$(MakeHost "google.mk")
+$(MakeHost "google.ml")
+$(MakeHost "google.com.mm")
+$(MakeHost "google.mn")
+$(MakeHost "google.ms")
+$(MakeHost "google.com.mt")
+$(MakeHost "google.mu")
+$(MakeHost "google.mv")
+$(MakeHost "google.mw")
+$(MakeHost "google.com.mx")
+$(MakeHost "google.com.my")
+$(MakeHost "google.co.mz")
+$(MakeHost "google.com.na")
+$(MakeHost "google.com.nf")
+$(MakeHost "google.com.ng")
+$(MakeHost "google.com.ni")
+$(MakeHost "google.ne")
+$(MakeHost "google.nl")
+$(MakeHost "google.no")
+$(MakeHost "google.com.np")
+$(MakeHost "google.nr")
+$(MakeHost "google.nu")
+$(MakeHost "google.co.nz")
+$(MakeHost "google.com.om")
+$(MakeHost "google.com.pa")
+$(MakeHost "google.com.pe")
+$(MakeHost "google.com.pg")
+$(MakeHost "google.com.ph")
+$(MakeHost "google.com.pk")
+$(MakeHost "google.pl")
+$(MakeHost "google.pn")
+$(MakeHost "google.com.pr")
+$(MakeHost "google.ps")
+$(MakeHost "google.pt")
+$(MakeHost "google.com.py")
+$(MakeHost "google.com.qa")
+$(MakeHost "google.ro")
+$(MakeHost "google.ru")
+$(MakeHost "google.rw")
+$(MakeHost "google.com.sa")
+$(MakeHost "google.com.sb")
+$(MakeHost "google.sc")
+$(MakeHost "google.se")
+$(MakeHost "google.com.sg")
+$(MakeHost "google.sh")
+$(MakeHost "google.si")
+$(MakeHost "google.sk")
+$(MakeHost "google.com.sl")
+$(MakeHost "google.sn")
+$(MakeHost "google.so")
+$(MakeHost "google.sm")
+$(MakeHost "google.sr")
+$(MakeHost "google.st")
+$(MakeHost "google.com.sv")
+$(MakeHost "google.td")
+$(MakeHost "google.tg")
+$(MakeHost "google.co.th")
+$(MakeHost "google.com.tj")
+$(MakeHost "google.tk")
+$(MakeHost "google.tl")
+$(MakeHost "google.tm")
+$(MakeHost "google.tn")
+$(MakeHost "google.to")
+$(MakeHost "google.com.tr")
+$(MakeHost "google.tt")
+$(MakeHost "google.com.tw")
+$(MakeHost "google.co.tz")
+$(MakeHost "google.com.ua")
+$(MakeHost "google.co.ug")
+$(MakeHost "google.co.uk")
+$(MakeHost "google.com.uy")
+$(MakeHost "google.co.uz")
+$(MakeHost "google.com.vc")
+$(MakeHost "google.co.ve")
+$(MakeHost "google.vg")
+$(MakeHost "google.co.vi")
+$(MakeHost "google.com.vn")
+$(MakeHost "google.vu")
+$(MakeHost "google.ws")
+$(MakeHost "google.rs")
+$(MakeHost "google.co.za")
+$(MakeHost "google.co.zm")
+$(MakeHost "google.co.zw")
+$(MakeHost "google.cat")
+$(MakeHost "www.google.com")
+$(MakeHost "www.google.ad")
+$(MakeHost "www.google.ae")
+$(MakeHost "www.google.com.af")
+$(MakeHost "www.google.com.ag")
+$(MakeHost "www.google.com.ai")
+$(MakeHost "www.google.al")
+$(MakeHost "www.google.am")
+$(MakeHost "www.google.co.ao")
+$(MakeHost "www.google.com.ar")
+$(MakeHost "www.google.as")
+$(MakeHost "www.google.at")
+$(MakeHost "www.google.com.au")
+$(MakeHost "www.google.az")
+$(MakeHost "www.google.ba")
+$(MakeHost "www.google.com.bd")
+$(MakeHost "www.google.be")
+$(MakeHost "www.google.bf")
+$(MakeHost "www.google.bg")
+$(MakeHost "www.google.com.bh")
+$(MakeHost "www.google.bi")
+$(MakeHost "www.google.bj")
+$(MakeHost "www.google.com.bn")
+$(MakeHost "www.google.com.bo")
+$(MakeHost "www.google.com.br")
+$(MakeHost "www.google.bs")
+$(MakeHost "www.google.bt")
+$(MakeHost "www.google.co.bw")
+$(MakeHost "www.google.by")
+$(MakeHost "www.google.com.bz")
+$(MakeHost "www.google.ca")
+$(MakeHost "www.google.cd")
+$(MakeHost "www.google.cf")
+$(MakeHost "www.google.cg")
+$(MakeHost "www.google.ch")
+$(MakeHost "www.google.ci")
+$(MakeHost "www.google.co.ck")
+$(MakeHost "www.google.cl")
+$(MakeHost "www.google.cm")
+$(MakeHost "www.google.cn")
+$(MakeHost "www.google.com.co")
+$(MakeHost "www.google.co.cr")
+$(MakeHost "www.google.com.cu")
+$(MakeHost "www.google.cv")
+$(MakeHost "www.google.com.cy")
+$(MakeHost "www.google.cz")
+$(MakeHost "www.google.de")
+$(MakeHost "www.google.dj")
+$(MakeHost "www.google.dk")
+$(MakeHost "www.google.dm")
+$(MakeHost "www.google.com.do")
+$(MakeHost "www.google.dz")
+$(MakeHost "www.google.com.ec")
+$(MakeHost "www.google.ee")
+$(MakeHost "www.google.com.eg")
+$(MakeHost "www.google.es")
+$(MakeHost "www.google.com.et")
+$(MakeHost "www.google.fi")
+$(MakeHost "www.google.com.fj")
+$(MakeHost "www.google.fm")
+$(MakeHost "www.google.fr")
+$(MakeHost "www.google.ga")
+$(MakeHost "www.google.ge")
+$(MakeHost "www.google.gg")
+$(MakeHost "www.google.com.gh")
+$(MakeHost "www.google.com.gi")
+$(MakeHost "www.google.gl")
+$(MakeHost "www.google.gm")
+$(MakeHost "www.google.gp")
+$(MakeHost "www.google.gr")
+$(MakeHost "www.google.com.gt")
+$(MakeHost "www.google.gy")
+$(MakeHost "www.google.com.hk")
+$(MakeHost "www.google.hn")
+$(MakeHost "www.google.hr")
+$(MakeHost "www.google.ht")
+$(MakeHost "www.google.hu")
+$(MakeHost "www.google.co.id")
+$(MakeHost "www.google.ie")
+$(MakeHost "www.google.co.il")
+$(MakeHost "www.google.im")
+$(MakeHost "www.google.co.in")
+$(MakeHost "www.google.iq")
+$(MakeHost "www.google.is")
+$(MakeHost "www.google.it")
+$(MakeHost "www.google.je")
+$(MakeHost "www.google.com.jm")
+$(MakeHost "www.google.jo")
+$(MakeHost "www.google.co.jp")
+$(MakeHost "www.google.co.ke")
+$(MakeHost "www.google.com.kh")
+$(MakeHost "www.google.ki")
+$(MakeHost "www.google.kg")
+$(MakeHost "www.google.co.kr")
+$(MakeHost "www.google.com.kw")
+$(MakeHost "www.google.kz")
+$(MakeHost "www.google.la")
+$(MakeHost "www.google.com.lb")
+$(MakeHost "www.google.li")
+$(MakeHost "www.google.lk")
+$(MakeHost "www.google.co.ls")
+$(MakeHost "www.google.lt")
+$(MakeHost "www.google.lu")
+$(MakeHost "www.google.lv")
+$(MakeHost "www.google.com.ly")
+$(MakeHost "www.google.co.ma")
+$(MakeHost "www.google.md")
+$(MakeHost "www.google.me")
+$(MakeHost "www.google.mg")
+$(MakeHost "www.google.mk")
+$(MakeHost "www.google.ml")
+$(MakeHost "www.google.com.mm")
+$(MakeHost "www.google.mn")
+$(MakeHost "www.google.ms")
+$(MakeHost "www.google.com.mt")
+$(MakeHost "www.google.mu")
+$(MakeHost "www.google.mv")
+$(MakeHost "www.google.mw")
+$(MakeHost "www.google.com.mx")
+$(MakeHost "www.google.com.my")
+$(MakeHost "www.google.co.mz")
+$(MakeHost "www.google.com.na")
+$(MakeHost "www.google.com.nf")
+$(MakeHost "www.google.com.ng")
+$(MakeHost "www.google.com.ni")
+$(MakeHost "www.google.ne")
+$(MakeHost "www.google.nl")
+$(MakeHost "www.google.no")
+$(MakeHost "www.google.com.np")
+$(MakeHost "www.google.nr")
+$(MakeHost "www.google.nu")
+$(MakeHost "www.google.co.nz")
+$(MakeHost "www.google.com.om")
+$(MakeHost "www.google.com.pa")
+$(MakeHost "www.google.com.pe")
+$(MakeHost "www.google.com.pg")
+$(MakeHost "www.google.com.ph")
+$(MakeHost "www.google.com.pk")
+$(MakeHost "www.google.pl")
+$(MakeHost "www.google.pn")
+$(MakeHost "www.google.com.pr")
+$(MakeHost "www.google.ps")
+$(MakeHost "www.google.pt")
+$(MakeHost "www.google.com.py")
+$(MakeHost "www.google.com.qa")
+$(MakeHost "www.google.ro")
+$(MakeHost "www.google.ru")
+$(MakeHost "www.google.rw")
+$(MakeHost "www.google.com.sa")
+$(MakeHost "www.google.com.sb")
+$(MakeHost "www.google.sc")
+$(MakeHost "www.google.se")
+$(MakeHost "www.google.com.sg")
+$(MakeHost "www.google.sh")
+$(MakeHost "www.google.si")
+$(MakeHost "www.google.sk")
+$(MakeHost "www.google.com.sl")
+$(MakeHost "www.google.sn")
+$(MakeHost "www.google.so")
+$(MakeHost "www.google.sm")
+$(MakeHost "www.google.sr")
+$(MakeHost "www.google.st")
+$(MakeHost "www.google.com.sv")
+$(MakeHost "www.google.td")
+$(MakeHost "www.google.tg")
+$(MakeHost "www.google.co.th")
+$(MakeHost "www.google.com.tj")
+$(MakeHost "www.google.tk")
+$(MakeHost "www.google.tl")
+$(MakeHost "www.google.tm")
+$(MakeHost "www.google.tn")
+$(MakeHost "www.google.to")
+$(MakeHost "www.google.com.tr")
+$(MakeHost "www.google.tt")
+$(MakeHost "www.google.com.tw")
+$(MakeHost "www.google.co.tz")
+$(MakeHost "www.google.com.ua")
+$(MakeHost "www.google.co.ug")
+$(MakeHost "www.google.co.uk")
+$(MakeHost "www.google.com.uy")
+$(MakeHost "www.google.co.uz")
+$(MakeHost "www.google.com.vc")
+$(MakeHost "www.google.co.ve")
+$(MakeHost "www.google.vg")
+$(MakeHost "www.google.co.vi")
+$(MakeHost "www.google.com.vn")
+$(MakeHost "www.google.vu")
+$(MakeHost "www.google.ws")
+$(MakeHost "www.google.rs")
+$(MakeHost "www.google.co.za")
+$(MakeHost "www.google.co.zm")
+$(MakeHost "www.google.co.zw")
+$(MakeHost "www.google.cat")
+EOL
+fi
+
+if [ "$RELOAD_DNSMASQ" = "1" ]; then
+ echo restarting dnsmasq to activate new IP addresses.
+ /etc/init.d/dnsmasq restart
+fi
# Valid modes for youtube are restrict and restrictmoderate
config safe-search 'youtube'
- option enabled 0
option mode 'restrict'
+ option enabled 0
#!/bin/sh
#
-# Copyright (c) 2018 Gregory L. Dietsche <Gregory.Dietsche@cuw.edu>
+# Copyright (c) 2021 Gregory L. Dietsche <Gregory.Dietsche@cuw.edu>
# This is free software, licensed under the MIT License
#
uci del_list dhcp.@dnsmasq[0].addnhosts=/etc/safe-search/enabled
uci add_list dhcp.@dnsmasq[0].addnhosts=/etc/safe-search/enabled
uci commit dhcp
-#/etc/init.d/dnsmasq reload #safe-search-update does this for us.
+/usr/sbin/safe-search-maintenance
/usr/sbin/safe-search-update
+#/etc/init.d/dnsmasq reload #safe-search-update does this for us.
exit 0
depends on PACKAGE_samba4-server
help
installs:
- modules: vfs_virusfilter vfs_shell_snap vfs_commit vfs_worm vfs_xattr_tdb vfs_aio_fork vfs_aio_pthread (vfs_linux_xfs_sgid) vfs_netatalk vfs_dirsort vfs_fileid
+ modules: vfs_virusfilter vfs_shell_snap vfs_commit vfs_worm vfs_xattr_tdb (vfs_linux_xfs_sgid) vfs_netatalk vfs_dirsort vfs_fileid
Additional VFS modules that aren't commonly used, vfs_linux_xfs_sgid requires kmod-fs-xfs to be selected separately
default n
include $(TOPDIR)/rules.mk
PKG_NAME:=samba
-PKG_VERSION:=4.13.2
-PKG_RELEASE:=1
+PKG_VERSION:=4.13.4
+PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:= \
http://www.nic.funet.fi/index/samba/pub/samba/stable/ \
http://samba.mirror.bit.nl/samba/ftp/stable/ \
https://download.samba.org/pub/samba/stable/
-PKG_HASH:=276464396a05d88b775bda01ac2eb1e5a636ccf7010b0fd28efc3d85583af2b4
+PKG_HASH:=a1b34c63f7100cc8626902d80f335c7cb0b45d4707dd3c4b010f7a28ed615c78
PKG_MAINTAINER:=Andy Walsh <andy.walsh44+github@gmail.com>
PKG_LICENSE:=GPL-3.0-only
CONFIG_SAMBA4_SERVER_VFSX \
CONFIG_SAMBA4_SERVER_AD_DC \
CONFIG_PACKAGE_kmod-fs-btrfs \
- CONFIG_PACKAGE_kmod-fs-xfs
+ CONFIG_PACKAGE_kmod-fs-xfs \
+ CONFIG_KERNEL_IO_URING
PYTHON3_PKG_BUILD:=0
define Package/samba4-libs
$(call Package/samba4/Default)
TITLE+= libs
- DEPENDS:= +libtirpc +libreadline +libpopt +libcap +zlib +libgnutls +libtasn1 +libuuid +libopenssl +libpthread \
+ DEPENDS:= +libtirpc +libreadline +libpopt +libcap +zlib +libgnutls +libtasn1 +libuuid +libopenssl +libpthread +KERNEL_IO_URING:liburing \
+PACKAGE_libpam:libpam \
+SAMBA4_SERVER_VFS:attr \
- +SAMBA4_SERVER_VFSX:libaio \
+SAMBA4_SERVER_AVAHI:libavahi-client \
+SAMBA4_SERVER_AD_DC:python3-cryptodome +SAMBA4_SERVER_AD_DC:libopenldap +SAMBA4_SERVER_AD_DC:jansson +SAMBA4_SERVER_AD_DC:libarchive +SAMBA4_SERVER_AD_DC:acl +SAMBA4_SERVER_AD_DC:attr
endef
SAMBA4_AUTH_MODULES :=auth_builtin,auth_sam,auth_unix,
SAMBA4_VFS_MODULES :=vfs_default,
SAMBA4_VFS_MODULES_SHARED :=auth_script,
+# always build if kernel supports io_uring
+ifdef CONFIG_KERNEL_IO_URING
+ SAMBA4_VFS_MODULES_SHARED :=$(SAMBA4_VFS_MODULES_SHARED)vfs_io_uring,
+endif
ifeq ($(CONFIG_SAMBA4_SERVER_VFS),y)
SAMBA4_VFS_MODULES_SHARED :=$(SAMBA4_VFS_MODULES_SHARED)vfs_fruit,vfs_shadow_copy2,vfs_recycle,vfs_fake_perms,vfs_readonly,vfs_cap,vfs_offline,vfs_crossrename,vfs_catia,vfs_streams_xattr,vfs_xattr_tdb,vfs_default_quota,
ifdef CONFIG_PACKAGE_kmod-fs-btrfs
endif
endif
ifeq ($(CONFIG_SAMBA4_SERVER_VFSX),y)
- SAMBA4_VFS_MODULES_SHARED :=$(SAMBA4_VFS_MODULES_SHARED)vfs_virusfilter,vfs_shell_snap,vfs_commit,vfs_worm,vfs_aio_fork,vfs_aio_pthread,vfs_netatalk,vfs_dirsort,vfs_fileid,
+ SAMBA4_VFS_MODULES_SHARED :=$(SAMBA4_VFS_MODULES_SHARED)vfs_virusfilter,vfs_shell_snap,vfs_commit,vfs_worm,vfs_netatalk,vfs_dirsort,vfs_fileid,
ifdef CONFIG_PACKAGE_kmod-fs-xfs
SAMBA4_VFS_MODULES_SHARED :=$(SAMBA4_VFS_MODULES_SHARED)vfs_linux_xfs_sgid,
endif
PY_VER:=$(PYTHON3_VERSION_MAJOR)$(PYTHON3_VERSION_MINOR)
# NOTE: bundle + make private, we want to avoid version configuration (build, link) conflicts
HOST_CONFIGURE_ARGS += --builtin-libraries=replace --nonshared-binary=asn1_compile,compile_et
-SYSTEM_BUNDLED_LIBS:=talloc,tevent,tevent-util,texpect,tdb,ldb,tdr,cmocka,replace,com_err
+SYSTEM_PRIVATE_BUNDLED_LIBS:=talloc,tevent,tevent-util,texpect,tdb,ldb,tdr,cmocka,replace,com_err
+SYSTEM_BUNDLED_LIBS:=
PYTHON_BUNDLED_LIBS:=pytalloc-util.cpython-$(PY_VER),pyldb-util.cpython-$(PY_VER)
# CONFIGURE_ARGS += --builtin-libraries=talloc,tevent,tevent-util,texpect,tdb,ldb,tdr,cmocka,com_err
+ifdef CONFIG_KERNEL_IO_URING
+ SYSTEM_BUNDLED_LIBS:=,uring
+endif
ifeq ($(CONFIG_SAMBA4_SERVER_AD_DC),y)
- CONFIGURE_ARGS += --bundled-libraries=NONE,$(SYSTEM_BUNDLED_LIBS),$(PYTHON_BUNDLED_LIBS)
+ CONFIGURE_ARGS += --bundled-libraries=NONE,$(SYSTEM_PRIVATE_BUNDLED_LIBS)$(SYSTEM_BUNDLED_LIBS),$(PYTHON_BUNDLED_LIBS)
else
- CONFIGURE_ARGS += --bundled-libraries=NONE,$(SYSTEM_BUNDLED_LIBS)
+ CONFIGURE_ARGS += --bundled-libraries=NONE,$(SYSTEM_PRIVATE_BUNDLED_LIBS)$(SYSTEM_BUNDLED_LIBS)
endif
-CONFIGURE_ARGS += --private-libraries=$(SYSTEM_BUNDLED_LIBS)
+CONFIGURE_ARGS += --private-libraries=$(SYSTEM_PRIVATE_BUNDLED_LIBS)
export COMPILE_ET=$(STAGING_DIR_HOSTPKG)/bin/compile_et_samba
export ASN1_COMPILE=$(STAGING_DIR_HOSTPKG)/bin/asn1_compile_samba
SAMBA_IFACE=""
+config_get_sane() {
+ config_get "$@"
+ set -- "$(echo "$1" | tr -d '<>[]{};%?=#\n')"
+}
+
smb_header() {
- config_get SAMBA_IFACE $1 interface "lan"
+ config_get_sane SAMBA_IFACE "$1" interface "lan"
# resolve interfaces
- local interfaces
interfaces=$(
. /lib/functions/network.sh
- local net
for net in $SAMBA_IFACE; do
- local device
- network_is_up $net || continue
+ network_is_up "$net" || continue
network_get_device device "$net"
printf "%s " "${device:-$net}"
done
)
- local workgroup description charset
# we dont use netbios anymore as default and wsd/avahi is dns based
- local hostname
- hostname="$(cat /proc/sys/kernel/hostname)"
+ hostname="$(cat /proc/sys/kernel/hostname | tr -d '{};%?=#\n')"
- config_get workgroup $1 workgroup "WORKGROUP"
- config_get description $1 description "Samba on OpenWrt"
- config_get charset $1 charset "UTF-8"
+ config_get_sane workgroup "$1" workgroup "WORKGROUP"
+ config_get_sane description "$1" description "Samba on OpenWrt"
+ config_get_sane charset "$1" charset "UTF-8"
- config_get_bool MACOS $1 macos 0
- config_get_bool DISABLE_NETBIOS $1 disable_netbios 0
- config_get_bool DISABLE_AD_DC $1 disable_ad_dc 0
- config_get_bool DISABLE_WINBIND $1 disable_winbind 0
- config_get_bool DISABLE_ASYNC_IO $1 disable_async_io 0
- config_get_bool ALLOW_LEGACY_PROTOCOLS $1 allow_legacy_protocols 0
- config_get_bool ENABLE_EXTRA_TUNING $1 enable_extra_tuning 0
+ config_get_bool MACOS "$1" macos 0
+ config_get_bool DISABLE_NETBIOS "$1" disable_netbios 0
+ config_get_bool DISABLE_AD_DC "$1" disable_ad_dc 0
+ config_get_bool DISABLE_WINBIND "$1" disable_winbind 0
+ config_get_bool DISABLE_ASYNC_IO "$1" disable_async_io 0
+ config_get_bool ALLOW_LEGACY_PROTOCOLS "$1" allow_legacy_protocols 0
+ config_get_bool ENABLE_EXTRA_TUNING "$1" enable_extra_tuning 0
mkdir -p /var/etc
sed -e "s#|NAME|#$hostname#g" \
# extra tuning options by community feedback (kinda try&error)
if [ "$ENABLE_EXTRA_TUNING" -eq 1 ]; then
- local socket_opt
socket_opt="$(grep -i 'socket options' /etc/samba/smb.conf.template | awk -F'=' '{print $2}' | tr -d '\n')"
[ -n "$socket_opt" ] && printf "\tsocket options =%s SO_KEEPALIVE\n" "$socket_opt" # add keepalive, maybe larger buffer? SO_RCVBUF=65536 SO_SNDBUF=65536
printf "\tmax xmit = 131072\n" # increase smb1 transmit size
printf "\tmin receivefile size = 131072\n" # allows zero-copy writes via fs
printf "\tfake oplocks = Yes\n" # may corrupt files for simultanous writes to the same files by multiple clients, but might also see big speed boost
- printf "\tuse sendfile = Yes\n" # enable sendfile, not sure whats with the 2019 bug https://bugzilla.samba.org/show_bug.cgi?id=14095
+ printf "\tuse sendfile = Yes\n" # enable sendfile?
fi
if [ "$DISABLE_NETBIOS" -eq 1 ] || [ ! -x /usr/sbin/nmbd ]; then
if [ "$DISABLE_ASYNC_IO" -eq 1 ]; then
printf "\taio read size = 0\n"
printf "\taio write size = 0\n"
- # sendfile bug: https://bugzilla.samba.org/show_bug.cgi?id=14095
- printf "\tuse sendfile = no\n"
fi
if [ "$ALLOW_LEGACY_PROTOCOLS" -eq 1 ]; then
if [ ! -L /etc/samba/smb.conf ]; then
logger -p daemon.warn -t 'samba4-server' "Local custom /etc/samba/smb.conf file detected, all luci/config settings are ignored!"
fi
-
}
smb_add_share() {
- local name
- local path
- local users
- local create_mask
- local dir_mask
- local browseable
- local read_only
- local writeable
- local guest_ok
- local guest_only
- local inherit_owner
- local vfs_objects
- local timemachine
- local timemachine_maxsize
- local force_root
- local write_list
- local read_list
-
- config_get name $1 name
- config_get path $1 path
- config_get users $1 users
- config_get create_mask $1 create_mask
- config_get dir_mask $1 dir_mask
- config_get browseable $1 browseable
- config_get read_only $1 read_only
- config_get writeable $1 writeable
- config_get guest_ok $1 guest_ok
- config_get guest_only $1 guest_only
- config_get inherit_owner $1 inherit_owner
- config_get vfs_objects $1 vfs_objects
- config_get_bool timemachine $1 timemachine 0
- config_get timemachine_maxsize $1 timemachine_maxsize
- config_get_bool force_root $1 force_root 0
- config_get write_list $1 write_list
- config_get read_list $1 read_list
-
+ config_get_sane name "$1" name
+ config_get_sane path "$1" path
+ config_get_sane users "$1" users
+ config_get_sane create_mask "$1" create_mask
+ config_get_sane dir_mask "$1" dir_mask
+ config_get_sane browseable "$1" browseable
+ config_get_sane read_only "$1" read_only
+ config_get_sane writeable "$1" writeable
+ config_get_sane guest_ok "$1" guest_ok
+ config_get_sane guest_only "$1" guest_only
+ config_get_sane inherit_owner "$1" inherit_owner
+ config_get_sane vfs_objects "$1" vfs_objects
+ config_get_bool timemachine "$1" timemachine 0
+ config_get_sane timemachine_maxsize "$1" timemachine_maxsize
+ config_get_bool force_root "$1" force_root 0
+ config_get_sane write_list "$1" write_list
+ config_get_sane read_list "$1" read_list
+
[ -z "$name" ] || [ -z "$path" ] && return
{
[ -n "$timemachine_maxsize" ] && printf "\tfruit:time machine max size = %sG\n" "${timemachine_maxsize}"
fi
fi
+
+ # always enable io_uring if we can
+ if [ "$DISABLE_ASYNC_IO" -ne 1 ] && [ -e /usr/lib/samba/vfs/io_uring.so ] && grep "io_uring_setup" /proc/kallsyms >>2 ; then
+ logger -p daemon.info -t 'samba4-server' "io_uring support found in kernel, enabling VFS io_uring."
+ # make sure its last in list
+ if [ -n "$vfs_objects" ]; then
+ vfs_objects="$vfs_objects io_uring"
+ else
+ vfs_objects="io_uring"
+ fi
+ fi
[ -n "$vfs_objects" ] && printf "\tvfs objects = %s\n" "$vfs_objects"
} >> /var/etc/smb.conf
procd_add_reload_trigger "dhcp" "system" "samba4"
- local i
for i in $SAMBA_IFACE; do
- procd_add_reload_interface_trigger $i
+ procd_add_reload_interface_trigger "$i"
done
}
exit 1
fi
- local nice_value
- config_get nice_value extra samba_nice 0
+ config_get_sane nice_value extra samba_nice 0
# start main AD-DC daemon, will spawn (smbd,nmbd,winbindd) as needed/configured.
if [ "$DISABLE_AD_DC" -ne 1 ] && [ -x /usr/sbin/samba ]; then
procd_open_instance
procd_set_param command /usr/sbin/samba -F
- procd_set_param nice $nice_value
+ procd_set_param nice "$nice_value"
procd_set_param respawn
procd_set_param file /etc/samba/smb.conf
procd_set_param limits nofile=16384
# start fileserver daemon
procd_open_instance
procd_set_param command /usr/sbin/smbd -F
- procd_set_param nice $nice_value
+ procd_set_param nice "$nice_value"
procd_set_param respawn
procd_set_param file /etc/samba/smb.conf
procd_set_param limits nofile=16384
if [ "$DISABLE_NETBIOS" -ne 1 ] && [ -x /usr/sbin/nmbd ]; then
procd_open_instance
procd_set_param command /usr/sbin/nmbd -F
- procd_set_param nice $nice_value
+ procd_set_param nice "$nice_value"
procd_set_param respawn
procd_set_param file /etc/samba/smb.conf
procd_close_instance
if [ "$DISABLE_WINBIND" -ne 1 ] && [ -x /usr/sbin/winbindd ]; then
procd_open_instance
procd_set_param command /usr/sbin/winbindd -F
- procd_set_param nice $nice_value
+ procd_set_param nice "$nice_value"
procd_set_param respawn
procd_set_param file /etc/samba/smb.conf
procd_close_instance
PKG_NAME:=simple-adblock
PKG_VERSION:=1.8.4
-PKG_RELEASE:=3
+PKG_RELEASE:=10
PKG_MAINTAINER:=Stan Grishin <stangri@melmac.net>
PKG_LICENSE:=GPL-3.0-or-later
SECTION:=net
CATEGORY:=Network
TITLE:=Simple AdBlock Service
- DEPENDS:=+jshn +jsonfilter
+ URL:=https://docs.openwrt.melmac.net/simple-adblock/
+ DEPENDS:=+jshn
PKGARCH:=all
endef
Simple adblock script to block ad or abuse/malware domains with DNSMASQ or Unbound.
Script supports local/remote list of domains and hosts-files for both block-listing and allow-listing.
Please see https://docs.openwrt.melmac.net/simple-adblock/ for more information.
-
endef
define Package/simple-adblock/conffiles
/etc/config/simple-adblock
endef
-define Build/Prepare
- mkdir -p $(PKG_BUILD_DIR)/files/
- $(CP) ./files/simple-adblock.init $(PKG_BUILD_DIR)/files/simple-adblock.init
- sed -i "s|^\(PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" $(PKG_BUILD_DIR)/files/simple-adblock.init
-endef
-
define Build/Configure
endef
define Package/simple-adblock/install
$(INSTALL_DIR) $(1)/etc/init.d
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/files/simple-adblock.init $(1)/etc/init.d/simple-adblock
+ $(INSTALL_BIN) ./files/simple-adblock.init $(1)/etc/init.d/simple-adblock
+ sed -i "s|^\(PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" $(1)/etc/init.d/simple-adblock
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/simple-adblock.conf $(1)/etc/config/simple-adblock
$(INSTALL_DIR) $(1)/tmp
# File size: 44.0K
list blocked_domains_url 'https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt'
-# File size: 584.0K
-# block-list too big for most routers
-# list blocked_domains_url 'https://mirror1.malwaredomains.com/files/justdomains'
-
# File size: 16.0K
list blocked_hosts_url 'https://adaway.org/hosts.txt'
# File size: 20.0K
list blocked_hosts_url 'https://cdn.jsdelivr.net/gh/hoshsadiq/adblock-nocoin-list/hosts.txt'
-# File size: 36.0K
- list blocked_hosts_url 'https://www.malwaredomainlist.com/hostslist/hosts.txt'
-
# File size: 80.0K
list blocked_hosts_url 'https://pgl.yoyo.org/as/serverlist.php?hostformat=hosts&showintro=1&mimetype=plaintext'
s|raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/|cdn.jsdelivr.net/gh/hoshsadiq/adblock-nocoin-list@|g
s|raw.githubusercontent.com/jawz101/MobileAdTrackers/|cdn.jsdelivr.net/gh/jawz101/MobileAdTrackers@|g
s|http://winhelp2002.mvps.org/hosts.txt|https://winhelp2002.mvps.org/hosts.txt|g
-/dshield.org/d
+\|dshield.org|d
+\|www.malwaredomainlist.com/hostslist/hosts.txt|d
+\|https://mirror1.malwaredomains.com/files/justdomains|d
USE_PROCD=1
LC_ALL=C
+if type extra_command 1>/dev/null 2>&1; then
+ extra_command 'check' 'Checks if specified domain is found in current block-list'
+ extra_command 'dl' 'Force-downloads all enabled block-list'
+ extra_command 'sizes' 'Displays the file-sizes of enabled block-listo'
+ extra_command 'show' 'Shows the service last-run status'
+ extra_command 'version' 'Show version information'
+else
# shellcheck disable=SC2034
-extra_command "check" "Checks if specified domain is found in current block-list"
-extra_command "dl" "Force-downloads all enabled block-list"
-extra_command "sizes" "Displays the file-sizes of enabled block-listo"
-extra_command "show" "Shows the service last-run status"
-extra_command "version" "Show version"
+ EXTRA_COMMANDS='check dl killcache sizes show version'
+# shellcheck disable=SC2034
+ EXTRA_HELP=' check Checks if specified domain is found in current block-list
+ dl Force-downloads all enabled block-list
+ sizes Displays the file-sizes of enabled block-lists
+ show Shows the service last-run status'
+fi
readonly packageName='simple-adblock'
readonly serviceName="$packageName $PKG_VERSION"
output_failn() { output 1 "$_FAIL_\\n"; output 2 "$__FAIL__\\n"; }
str_replace() { printf "%b" "$1" | sed -e "s/$(printf "%b" "$2")/$(printf "%b" "$3")/g"; }
str_contains() { test "$1" != "$(str_replace "$1" "$2" '')"; }
-compare_versions() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"; }
+compare_values() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"; }
is_chaos_calmer() { ubus -S call system board | grep -q 'Chaos Calmer'; }
-is_ipset_procd() { compare_versions "$(sed -ne 's/^Version: //p' /usr/lib/opkg/info/firewall.control)" "2019-09-18"; }
led_on(){ if [ -n "${1}" ] && [ -e "${1}/trigger" ]; then echo 'default-on' > "${1}/trigger" 2>&1; fi; }
led_off(){ if [ -n "${1}" ] && [ -e "${1}/trigger" ]; then echo 'none' > "${1}/trigger" 2>&1; fi; }
dnsmasq_hup() { killall -q -HUP dnsmasq; }
tmpfs() {
local action="$1" instance="$2" value="$3"
local status message error stats
- local readReload readRestart curReload curRestart ret
+ local reload restart curReload curRestart ret i
if [ -s "$jsonFile" ]; then
- status="$(jsonfilter -i $jsonFile -l1 -e "@['data']['status']")"
- message="$(jsonfilter -i $jsonFile -l1 -e "@['data']['message']")"
- error="$(jsonfilter -i $jsonFile -l1 -e "@['data']['error']")"
- stats="$(jsonfilter -i $jsonFile -l1 -e "@['data']['stats']")"
- readReload="$(jsonfilter -i $jsonFile -l1 -e "@['data']['reload']")"
- readRestart="$(jsonfilter -i $jsonFile -l1 -e "@['data']['restart']")"
+ json_load_file "$jsonFile" 2>/dev/null
+ json_select 'data' 2>/dev/null
+ for i in status message error stats reload restart; do
+ json_get_var $i "$i" 2>/dev/null
+ done
fi
case "$action" in
get)
curRestart="$compressedCache $forceDNS $led"
if [ ! -s "$jsonFile" ]; then
ret='on_boot'
- elif [ "$curReload" != "$readReload" ]; then
+ elif [ "$curReload" != "$reload" ]; then
ret='download'
- elif [ "$curRestart" != "$readRestart" ]; then
+ elif [ "$curRestart" != "$restart" ]; then
ret='restart'
fi
printf "%b" "$ret"
stats)
unset stats;;
triggers)
- unset readReload; unset readRestart;;
+ unset reload; unset restart;;
esac
;;
set)
stats)
stats="$value";;
triggers)
- readReload="$parallelDL $debug $dlTimeout $allowed_domains $blocked_domains $allowed_domains_urls $blocked_domains_urls $blocked_hosts_urls $targetDNS"
- readRestart="$compressedCache $forceDNS $led"
+ reload="$parallelDL $debug $dlTimeout $allowed_domains $blocked_domains $allowed_domains_urls $blocked_domains_urls $blocked_hosts_urls $targetDNS"
+ restart="$compressedCache $forceDNS $led"
;;
esac
;;
json_add_string message "$message"
json_add_string error "$error"
json_add_string stats "$stats"
- json_add_string reload "$readReload"
- json_add_string restart "$readRestart"
+ json_add_string reload "$reload"
+ json_add_string restart "$restart"
json_close_object
json_dump > "$jsonFile"
sync
esac
}
-fw3Ops() {
- local action="$1" param="$2" _restart
- case "$action" in
- reload) /etc/init.d/firewall reload >/dev/null 2>&1;;
- restart) /etc/init.d/firewall restart >/dev/null 2>&1;;
- remove)
- case "$param" in
- dns_redirect) uci -q del firewall.simple_adblock_dns_redirect;;
- ipset) uci -q del firewall.simple_adblock_ipset
- uci -q del firewall.simple_adblock_ipset_rule;;
- *)
- uci -q del firewall.simple_adblock_dns_redirect
- uci -q del firewall.simple_adblock_ipset
- uci -q del firewall.simple_adblock_ipset_rule
- ;;
- esac
- ;;
- insert)
- case "$param" in
- dns_redirect)
- if ! uci -q get firewall.simple_adblock_dns_redirect >/dev/null; then
- uci -q set firewall.simple_adblock_dns_redirect=redirect
- uci -q set firewall.simple_adblock_dns_redirect.name=simple_adblock_dns_hijack
- uci -q set firewall.simple_adblock_dns_redirect.target=DNAT
- uci -q set firewall.simple_adblock_dns_redirect.src=lan
- uci -q set firewall.simple_adblock_dns_redirect.proto=tcpudp
- uci -q set firewall.simple_adblock_dns_redirect.src_dport=53
- uci -q set firewall.simple_adblock_dns_redirect.dest_port=53
- fi
- ;;
- ipset)
- if ! uci -q get firewall.simple_adblock_ipset >/dev/null; then
- uci -q set firewall.simple_adblock_ipset=ipset
- uci -q set firewall.simple_adblock_ipset.name=adb
- uci -q set firewall.simple_adblock_ipset.match=dest_net
- uci -q set firewall.simple_adblock_ipset.storage=hash
- uci -q set firewall.simple_adblock_ipset.enabled=1
- _restart=1
- fi
- if ! uci -q get firewall.simple_adblock_ipset_rule >/dev/null; then
- uci -q set firewall.simple_adblock_ipset_rule=rule
- uci -q set firewall.simple_adblock_ipset_rule.name=simple_adblock_ipset_rule
- uci -q set firewall.simple_adblock_ipset_rule.ipset=adb
- uci -q set firewall.simple_adblock_ipset_rule.src=lan
- uci -q set firewall.simple_adblock_ipset_rule.dest='*'
- uci -q set firewall.simple_adblock_ipset_rule.proto=tcpudp
- uci -q set firewall.simple_adblock_ipset_rule.target=REJECT
- uci -q set firewall.simple_adblock_ipset_rule.enabled=1
- fi
- ;;
- *)
- if ! uci -q get firewall.simple_adblock_dns_redirect >/dev/null; then
- uci -q set firewall.simple_adblock_dns_redirect=redirect
- uci -q set firewall.simple_adblock_dns_redirect.name=simple_adblock_dns_hijack
- uci -q set firewall.simple_adblock_dns_redirect.target=DNAT
- uci -q set firewall.simple_adblock_dns_redirect.src=lan
- uci -q set firewall.simple_adblock_dns_redirect.proto=tcpudp
- uci -q set firewall.simple_adblock_dns_redirect.src_dport=53
- uci -q set firewall.simple_adblock_dns_redirect.dest_port=53
- fi
- if ! uci -q get firewall.simple_adblock_ipset >/dev/null; then
- uci -q set firewall.simple_adblock_ipset=ipset
- uci -q set firewall.simple_adblock_ipset.name=adb
- uci -q set firewall.simple_adblock_ipset.match=dest_net
- uci -q set firewall.simple_adblock_ipset.storage=hash
- uci -q set firewall.simple_adblock_ipset.enabled=1
- _restart=1
- fi
- if ! uci -q get firewall.simple_adblock_ipset_rule >/dev/null; then
- uci -q set firewall.simple_adblock_ipset_rule=rule
- uci -q set firewall.simple_adblock_ipset_rule.name=simple_adblock_ipset_rule
- uci -q set firewall.simple_adblock_ipset_rule.ipset=adb
- uci -q set firewall.simple_adblock_ipset_rule.src=lan
- uci -q set firewall.simple_adblock_ipset_rule.dest='*'
- uci -q set firewall.simple_adblock_ipset_rule.proto=tcpudp
- uci -q set firewall.simple_adblock_ipset_rule.target=REJECT
- uci -q set firewall.simple_adblock_ipset_rule.enabled=1
- fi
- ;;
- esac
- esac
- if [ -n "$(uci changes firewall)" ]; then
- uci -q commit firewall
- if [ -z "$_restart" ]; then
- fw3Ops 'reload'
- else
- fw3Ops 'restart'
- fi
- fi
-}
-
process_url() {
local label type D_TMP R_TMP
if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ]; then return 1; fi
output 2 "[DL] Config Update: $label $__FAIL__\\n"
tmpfs add error "errorDownloadingConfigUpdate"
else
- if ! sed -f "$R_TMP" -i /etc/config/simple-adblock; then
+ if [ -s "$R_TMP" ] && sed -f "$R_TMP" -i /etc/config/simple-adblock; then
+ output 1 "$_OK_"
+ output 2 "[DL] Config Update: $label $__OK__\\n"
+ else
output 1 "$_FAIL_"
output 2 "[DL] Config Update: $label $__FAIL__\\n"
tmpfs add error "errorParsingConfigUpdate"
- else
- output 1 "$_OK_"
- output 2 "[DL] Config Update: $label $__OK__\\n"
fi
fi
rm -f "$R_TMP"
tmpfs del all
tmpfs set triggers
- if is_chaos_calmer || ! is_ipset_procd; then
- if [ "$forceDNS" -ne 0 ]; then
- fw3Ops 'insert' 'dns_redirect'
- else
- fw3Ops 'remove' 'dns_redirect'
- fi
- if [ "$targetDNS" = 'dnsmasq.ipset' ]; then
- fw3Ops 'insert' 'ipset'
- else
- fw3Ops 'remove' 'ipset'
- fi
- procd_open_instance 'main'
- procd_set_param command /bin/true
- procd_set_param stdout 1
- procd_set_param stderr 1
- procd_close_instance
- else
- procd_open_instance 'main'
- procd_set_param command /bin/true
- procd_set_param stdout 1
- procd_set_param stderr 1
- procd_open_data
- json_add_array firewall
- if [ "$forceDNS" -ne 0 ]; then
- json_add_object ''
- json_add_string type redirect
- json_add_string name simple_adblock_dns_redirect
- json_add_string target DNAT
- json_add_string src lan
- json_add_string proto tcpudp
- json_add_string src_dport 53
- json_add_string dest_port 53
- json_add_string reflection 0
- json_close_object
- fi
- if [ "$targetDNS" = 'dnsmasq.ipset' ]; then
- json_add_object ''
- json_add_string type ipset
- json_add_string name adb
- json_add_string match dest_net
- json_add_string storage hash
- json_add_string enabled 1
- json_close_object
- json_add_object ''
- json_add_string type rule
- json_add_string name simple_adblock_ipset_rule
- json_add_string ipset adb
- json_add_string src lan
- json_add_string dest '*'
- json_add_string proto tcpudp
- json_add_string target REJECT
- json_add_string enabled 1
- json_close_object
- fi
- json_close_array
- procd_close_data
- procd_close_instance
+ procd_open_instance 'main'
+ procd_set_param command /bin/true
+ procd_set_param stdout 1
+ procd_set_param stderr 1
+ procd_open_data
+ json_add_array firewall
+ if [ "$forceDNS" -ne 0 ]; then
+ json_add_object ''
+ json_add_string type redirect
+ json_add_string name simple_adblock_dns_redirect
+ json_add_string target DNAT
+ json_add_string src lan
+ json_add_string proto tcpudp
+ json_add_string src_dport 53
+ json_add_string dest_port 53
+ json_add_string reflection 0
+ json_close_object
+ fi
+ if [ "$targetDNS" = 'dnsmasq.ipset' ]; then
+ json_add_object ''
+ json_add_string type ipset
+ json_add_string name adb
+ json_add_string match dest_net
+ json_add_string storage hash
+ json_add_string enabled 1
+ json_close_object
+ json_add_object ''
+ json_add_string type rule
+ json_add_string name simple_adblock_ipset_rule
+ json_add_string ipset adb
+ json_add_string src lan
+ json_add_string dest '*'
+ json_add_string proto tcpudp
+ json_add_string target REJECT
+ json_add_string enabled 1
+ json_close_object
fi
+ json_close_array
+ procd_close_data
+ procd_close_instance
if [ "$action" = 'restore' ]; then
output 0 "Starting $serviceName... "
remove_lock
}
-service_started() { is_ipset_procd && procd_set_config_changed firewall; }
-service_stopped() { is_ipset_procd && procd_set_config_changed firewall; }
+service_started() { procd_set_config_changed firewall; }
+service_stopped() { procd_set_config_changed firewall; }
restart_service() { rc_procd start_service 'restart'; }
reload_service() { restart_service; }
restart() { restart_service; }
stop_service() {
load_package_config
- fw3Ops 'remove' 'all'
if [ -s "$outputFile" ]; then
output "Stopping $serviceName... "
cacheOps 'create'
}
service_triggers() {
- procd_add_reload_trigger 'simple-adblock'
+ procd_open_trigger
+ procd_add_config_trigger "config.change" "${packageName}" /etc/init.d/${packageName} reload
+ procd_close_trigger
}
check() {
[ "${i//melmac}" != "$i" ] && continue
if $dl_command "$i" $dl_flag /tmp/sast 2>/dev/null && [ -s /tmp/sast ]; then
echo "# File size: $(du -sh /tmp/sast | awk '{print $1}')"
- if compare_versions "$(du -sk /tmp/sast)" "500"; then
+ if compare_values "$(du -sk /tmp/sast)" "500"; then
echo "# block-list too big for most routers"
- elif compare_versions "$(du -sk /tmp/sast)" "100"; then
+ elif compare_values "$(du -sk /tmp/sast)" "100"; then
echo "# block-list may be too big for some routers"
fi
rm -rf /tmp/sast
for i in $blocked_hosts_urls; do
if $dl_command "$i" $dl_flag /tmp/sast 2>/dev/null && [ -s /tmp/sast ]; then
echo "# File size: $(du -sh /tmp/sast | awk '{print $1}')"
- if compare_versions "$(du -sk /tmp/sast)" "500"; then
+ if compare_values "$(du -sk /tmp/sast)" "500"; then
echo "# block-list too big for most routers"
- elif compare_versions "$(du -sk /tmp/sast)" "100"; then
+ elif compare_values "$(du -sk /tmp/sast)" "100"; then
echo "# block-list may be too big for some routers"
fi
rm -rf /tmp/sast
+++ /dev/null
-#
-# Copyright (C) 2014 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=smartsnmpd
-PKG_VERSION:=2015-02-22
-PKG_RELEASE:=2
-
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://github.com/credosemi/smartsnmp
-PKG_SOURCE_VERSION:=ca1d455fd06748caa629fe7ad16a47cec8877b93
-PKG_MIRROR_HASH:=fda89ec37944b4f800eb3c0147678745b57f08c87f10d246d3c9d165a43418b4
-
-PKG_MAINTAINER:=Xiongfei Guo <xfguo@credosemi.com>
-PKG_LICENSE:=GPL-2.0-or-later
-PKG_LICENSE_FILES:=LICENSE
-
-PKG_BUILD_DEPENDS:=scons/host
-
-include $(INCLUDE_DIR)/package.mk
-include ../../devel/scons/scons.mk
-
-define Package/smartsnmpd
- SECTION:=net
- CATEGORY:=Network
- DEPENDS+=+lua +liblua +libubox +libuci-lua +libubus-lua
- TITLE:=Smart-SNMP (Agent)
- URL:=https://github.com/credosemi/smartsnmp
-endef
-
-define Package/smartsnmpd/description
-smartsnmpd is an implementation of SNMP Agent. Its goal is "Easily
-writing boring SNMP MIB with Lua". This package add native support
-for OpenWrt. Include using ubus and uci to get system info/status.
-And, it use libubox/uloop as low level event-driven library.
-endef
-
-ifeq ($(CONFIG_BIG_ENDIAN),y)
- TARGET_CFLAGS += -DBIG_ENDIAN
-else
- TARGET_CFLAGS += -DLITTLE_ENDIAN
-endif
-
-SCONS_OPTIONS += --transport=uloop
-
-define Build/Configure
- (cd $(PKG_BUILD_DIR); \
- $(SCONS_VARS) \
- CFLAGS="$(TARGET_CFLAGS) $(TARGET_CPPFLAGS)" \
- scons \
- prefix=/usr \
- $(SCONS_OPTIONS) \
- )
-endef
-
-define Package/smartsnmpd/conffiles
-/etc/config/smartsnmpd
-endef
-
-define Package/smartsnmpd/install
- $(INSTALL_DIR) $(1)/usr/sbin
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/smartsnmpd $(1)/usr/sbin/smartsnmpd
-
- $(INSTALL_DIR) $(1)/usr/lib/lua/smartsnmp
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/build/smartsnmp/core.so $(1)/usr/lib/lua/smartsnmp/core.so
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/lualib/smartsnmp/*.lua $(1)/usr/lib/lua/smartsnmp/
-
- $(INSTALL_DIR) $(1)/usr/lib/lua/smartsnmp/mibs
- $(INSTALL_BIN) ./files/mibs/*.lua $(1)/usr/lib/lua/smartsnmp/mibs/
-
- $(INSTALL_DIR) $(1)/etc/config
- $(INSTALL_DATA) ./files/smartsnmpd.conf $(1)/etc/config/smartsnmpd
-
- $(INSTALL_DIR) $(1)/etc/init.d
- $(INSTALL_BIN) ./files/smartsnmpd.init $(1)/etc/init.d/smartsnmpd
-endef
-
-$(eval $(call BuildPackage,smartsnmpd))
-
+++ /dev/null
---
--- This file is part of SmartSNMP
--- Copyright (C) 2014, Credo Semiconductor Inc.
---
--- This program is free software; you can redistribute it and/or modify
--- it under the terms of the GNU General Public License as published by
--- the Free Software Foundation; either version 2 of the License, or
--- (at your option) any later version.
---
--- This program is distributed in the hope that it will be useful,
--- but WITHOUT ANY WARRANTY; without even the implied warranty of
--- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
--- GNU General Public License for more details.
---
--- You should have received a copy of the GNU General Public License along
--- with this program; if not, write to the Free Software Foundation, Inc.,
--- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
---
-
-local mib = require "smartsnmp"
-
-local dummy = {}
-
-return dummy
+++ /dev/null
---
--- This file is part of SmartSNMP
--- Copyright (C) 2014, Credo Semiconductor Inc.
---
--- This program is free software; you can redistribute it and/or modify
--- it under the terms of the GNU General Public License as published by
--- the Free Software Foundation; either version 2 of the License, or
--- (at your option) any later version.
---
--- This program is distributed in the hope that it will be useful,
--- but WITHOUT ANY WARRANTY; without even the implied warranty of
--- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
--- GNU General Public License for more details.
---
--- You should have received a copy of the GNU General Public License along
--- with this program; if not, write to the Free Software Foundation, Inc.,
--- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
---
-
-local mib = require "smartsnmp"
-require "ubus"
-require "uloop"
-
-uloop.init()
-
-local conn = ubus.connect()
-if not conn then
- error("Failed to connect to ubusd")
-end
-
-local if_cache = {}
-local if_status_cache = {}
-local if_index_cache = {}
-
-local last_load_time = os.time()
-local function need_to_reload()
- if os.time() - last_load_time >= 3 then
- last_load_time = os.time()
- return true
- else
- return false
- end
-end
-
-local function load_config()
- if need_to_reload() == true then
- if_cache = {}
- if_status_cache = {}
- if_index_cache = {}
-
- -- if description
- for k, v in pairs(conn:call("network.device", "status", {})) do
- if_status_cache[k] = {}
- end
-
- for name_ in pairs(if_status_cache) do
- for k, v in pairs(conn:call("network.device", "status", { name = name_ })) do
- if k == 'mtu' then
- if_status_cache[name_].mtu = v
- elseif k == 'macaddr' then
- if_status_cache[name_].macaddr = v
- elseif k == 'up' then
- if v == true then
- if_status_cache[name_].up = 1
- else
- if_status_cache[name_].up = 2
- end
- elseif k == 'statistics' then
- for item, stat in pairs(v) do
- if item == 'rx_bytes' then
- if_status_cache[name_].in_octet = stat
- elseif item == 'tx_bytes' then
- if_status_cache[name_].out_octet = stat
- elseif item == 'rx_errors' then
- if_status_cache[name_].in_errors = stat
- elseif item == 'tx_errors' then
- if_status_cache[name_].out_errors = stat
- elseif item == 'rx_dropped' then
- if_status_cache[name_].in_discards = stat
- elseif item == 'tx_dropped' then
- if_status_cache[name_].out_discards = stat
- end
- end
- end
- end
- end
-
- if_cache['desc'] = {}
- for name, status in pairs(if_status_cache) do
- table.insert(if_cache['desc'], name)
- for k, v in pairs(status) do
- if if_cache[k] == nil then if_cache[k] = {} end
- table.insert(if_cache[k], v)
- end
- end
-
- -- if index
- for i in ipairs(if_cache['desc']) do
- table.insert(if_index_cache, i)
- end
- end
-end
-
-mib.module_methods.or_table_reg("1.3.6.1.2.1.2", "The MIB module for managing Interfaces implementations")
-
-local ifGroup = {
- [1] = mib.ConstInt(function () load_config() return #if_index_cache end),
- [2] = {
- [1] = {
- [1] = mib.ConstIndex(function () load_config() return if_index_cache end),
- [2] = mib.ConstString(function (i) load_config() return if_cache['desc'][i] end),
- [4] = mib.ConstInt(function (i) load_config() return if_cache['mtu'][i] end),
- [6] = mib.ConstString(function (i) load_config() return if_cache['macaddr'][i] end),
- [8] = mib.ConstInt(function (i) load_config() return if_cache['up'][i] end),
- [10] = mib.ConstCount(function (i) load_config() return if_cache['in_octet'][i] end),
- [13] = mib.ConstCount(function (i) load_config() return if_cache['in_discards'][i] end),
- [14] = mib.ConstCount(function (i) load_config() return if_cache['in_errors'][i] end),
- [16] = mib.ConstCount(function (i) load_config() return if_cache['out_octet'][i] end),
- [19] = mib.ConstCount(function (i) load_config() return if_cache['out_discards'][i] end),
- [20] = mib.ConstCount(function (i) load_config() return if_cache['out_errors'][i] end),
- }
- }
-}
-
-return ifGroup
+++ /dev/null
---
--- This file is part of SmartSNMP
--- Copyright (C) 2014, Credo Semiconductor Inc.
---
--- This program is free software; you can redistribute it and/or modify
--- it under the terms of the GNU General Public License as published by
--- the Free Software Foundation; either version 2 of the License, or
--- (at your option) any later version.
---
--- This program is distributed in the hope that it will be useful,
--- but WITHOUT ANY WARRANTY; without even the implied warranty of
--- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
--- GNU General Public License for more details.
---
--- You should have received a copy of the GNU General Public License along
--- with this program; if not, write to the Free Software Foundation, Inc.,
--- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
---
-
-local mib = require "smartsnmp"
-local uci = require "uci"
-
--- System config
-local context = uci.cursor("/etc/config", "/tmp/.uci")
-
--- scalar index
-local sysDesc = 1
-local sysObjectID = 2
-local sysUpTime = 3
-local sysContact = 4
-local sysName = 5
-local sysLocation = 6
-local sysServices = 7
-local sysORLastChange = 8
-
--- table index
-local sysORTable = 9
-
--- entry index
-local sysOREntry = 1
-
--- list index
-local sysORIndex = 1
-local sysORID = 2
-local sysORDesc = 3
-local sysORUpTime = 4
-
-local startup_time = 0
-local or_last_changed_time = 0
-
-local function mib_system_startup(time)
- startup_time = time
- or_last_changed_time = time
-end
-
-mib_system_startup(os.time())
-
-local sysGroup = {}
-local or_oid_cache = {}
-local or_index_cache = {}
-local or_table_cache = {}
-
-local or_table_reg = function (oid, desc)
- local row = {}
- row['oid'] = {}
- for i in string.gmatch(oid, "%d") do
- table.insert(row['oid'], tonumber(i))
- end
- row['desc'] = desc
- row['uptime'] = os.time()
- table.insert(or_table_cache, row)
-
- or_last_changed_time = os.time()
-
- or_oid_cache[oid] = #or_table_cache
-
- or_index_cache = {}
- for i in ipairs(or_table_cache) do
- table.insert(or_index_cache, i)
- end
-end
-
-local or_table_unreg = function (oid)
- local or_idx = or_oid_cache[oid]
-
- if or_table_cache[or_idx] ~= nil then
- table.remove(or_table_cache, or_idx)
- or_last_changed_time = os.time()
-
- or_index_cache = {}
- for i in ipairs(or_table_cache) do
- table.insert(or_index_cache, i)
- end
- end
-end
-
-local last_load_time = os.time()
-local function need_to_reload()
- if os.difftime(os.time(), last_load_time) < 3 then
- return false
- else
- last_load_time = os.time()
- return true
- end
-end
-
-local function load_config()
- if need_to_reload() == true then
- context:load("smartsnmpd")
- end
-end
-
-context:load("smartsnmpd")
-
-local sysMethods = {
- ["or_table_reg"] = or_table_reg,
- ["or_table_unreg"] = or_table_unreg
-}
-mib.module_method_register(sysMethods)
-
-sysGroup = {
- rocommunity = 'public',
- [sysDesc] = mib.ConstString(function () load_config() return mib.sh_call("uname -a") end),
- [sysObjectID] = mib.ConstOid(function ()
- load_config()
- local oid
- local objectid
- context:foreach("smartsnmpd", "smartsnmpd", function (s)
- objectid = s.objectid
- end)
- if objectid ~= nil then
- oid = {}
- for i in string.gmatch(objectid, "%d+") do
- table.insert(oid, tonumber(i))
- end
- end
- return oid
- end),
- [sysUpTime] = mib.ConstTimeticks(function () load_config() return os.difftime(os.time(), startup_time) * 100 end),
- [sysContact] = mib.ConstString(function ()
- load_config()
- local contact
- context:foreach("smartsnmpd", "smartsnmpd", function (s)
- contact = s.contact
- end)
- return contact
- end),
- [sysName] = mib.ConstString(function () load_config() return mib.sh_call("uname -n") end),
- [sysLocation] = mib.ConstString(function ()
- load_config()
- local location
- context:foreach("smartsnmpd", "smartsnmpd", function (s)
- location = s.location
- end)
- return location
- end),
- [sysServices] = mib.ConstInt(function ()
- load_config()
- local services
- context:foreach("smartsnmpd", "smartsnmpd", function (s)
- services = tonumber(s.services)
- end)
- return services
- end),
- [sysORLastChange] = mib.ConstTimeticks(function () load_config() return os.difftime(os.time(), or_last_changed_time) * 100 end),
- [sysORTable] = {
- [sysOREntry] = {
- [sysORIndex] = mib.UnaIndex(function () load_config() return or_index_cache end),
- [sysORID] = mib.ConstOid(function (i) load_config() return or_table_cache[i].oid end),
- [sysORDesc] = mib.ConstString(function (i) load_config() return or_table_cache[i].desc end),
- [sysORUpTime] = mib.ConstTimeticks(function (i) load_config() return os.difftime(os.time(), or_table_cache[i].uptime) * 100 end),
- }
- }
-}
-
-return sysGroup
+++ /dev/null
-config smartsnmpd
- option port '161'
- option ro_community 'public'
- option rw_community 'private'
- option mib_module_path 'mibs'
- option objectid '1.2.3.4'
- option contact 'Me <me@example.org>'
- option location 'Shanghai'
- option services '72'
-
-config smartsnmpd_module
- option oid "1.3.6.1.2.1.1"
- option module 'system'
-
-config smartsnmpd_module
- option oid "1.3.6.1.2.1.2"
- option module 'interfaces'
-
-config smartsnmpd_module
- option oid "1.3.6.1.1"
- option module 'dummy'
+++ /dev/null
-#!/bin/sh /etc/rc.common
-# Copyright (C) 2014 OpenWrt.org
-
-START=97
-
-USE_PROCD=1
-PROG=/usr/sbin/smartsnmpd
-CONFIGFILE=/etc/smartsnmpd.conf
-
-smartsnmpd_mib_module() {
- local cfg="$1"
- config_get OID "$cfg" oid
- config_get MODULE "$cfg" module
- echo " ['$OID'] = '$MODULE'," >> $CONFIGFILE
-}
-
-start_service() {
- include /lib/functions
-
- config_load smartsnmpd
-
- procd_open_instance
- procd_set_param command $PROG -c $CONFIGFILE
- procd_set_param file $CONFIGFILE
- procd_set_param respawn
- procd_close_instance
-
- # before we can call xappend
- mkdir -p "$(dirname $CONFIGFILE)"
-
- echo "-- auto-generated config file from /etc/config/smartsnmpd" > $CONFIGFILE
-
- {
- config_get PORT smartsnmpd port 161
- echo "port = $PORT"
-
- config_get RO_COMMUNITY smartsnmpd ro_community 'public'
- config_get RW_COMMUNITY smartsnmpd rw_community 'private'
- echo "ro_community = '$RO_COMMUNITY'"
- echo "rw_community = '$RW_COMMUNITY'"
-
- config_get MIB_MODULE_PATH smartsnmpd mib_module_path '/usr/lib/lua/smartsnmp/mibs/'
- echo "mib_module_path = '$MIB_MODULE_PATH'"
-
- echo "mib_modules = {"
- config_foreach smartsnmpd_mib_module smartsnmpd_module
- echo "}"
- } >> $CONFIGFILE
-}
+++ /dev/null
---- a/SConstruct
-+++ b/SConstruct
-@@ -133,21 +133,21 @@ env = Environment(
- )
-
- # handle options/environment varibles.
--if os.environ.has_key('CC'):
-+if 'CC' in os.environ:
- env.Replace(CC = os.environ['CC'])
-
- # CFLAGS
- if GetOption("cflags") != "":
- env.Append(CFLAGS = GetOption("cflags"))
--elif os.environ.has_key('CFLAGS'):
-+elif 'CFLAGS' in os.environ:
- env.Append(CFLAGS = os.environ['CFLAGS'])
-
- # LDFLAGS
- if GetOption("ldflags") != "":
- env.Replace(LINKFLAGS = GetOption("ldflags"))
--elif os.environ.has_key('LDFLAGS'):
-+elif 'LDFLAGS' in os.environ:
- env.Replace(LINKFLAGS = os.environ['LDFLAGS'])
--elif os.environ.has_key('LINKFLAGS'):
-+elif 'LINKFLAGS' in os.environ:
- env.Replace(LINKFLAGS = os.environ['LINKFLAGS'])
-
- # LIBS
-@@ -183,10 +183,10 @@ elif GetOption("transport") == 'built-in' or GetOption("transport") == '':
- elif GetOption("evloop") == 'select' or GetOption("evloop") == '':
- pass
- else:
-- print "Error: Not the right event driving type"
-+ print("Error: Not the right event driving type")
- Exit(1)
- else:
-- print "Error: Transport not found!"
-+ print("Error: Transport not found!")
- Exit(1)
-
- # autoconf
-@@ -205,18 +205,18 @@ else:
- if GetOption("transport") == 'built-in' or GetOption("transport") == '':
- if GetOption("evloop") == 'epoll':
- if not conf.CheckEpoll():
-- print "Error: epoll failed"
-+ print("Error: epoll failed")
- Exit(1)
- elif GetOption("evloop") == 'kqueue':
- if not conf.CheckKqueue():
-- print "Error: Kqueue failed"
-+ print("Error: Kqueue failed")
- Exit(1)
- elif GetOption("evloop") == 'select' or GetOption("evloop") == '':
- if not conf.CheckSelect():
-- print "Error: select failed"
-+ print("Error: select failed")
- Exit(1)
- else:
-- print "Error: Not the right event driving type"
-+ print("Error: Not the right event driving type")
- Exit(1)
-
- # CFLAGS
-@@ -232,7 +232,7 @@ if conf.CheckLib('lua'):
- elif conf.CheckLib('lua5.1'):
- env.Append(LIBS = ['lua5.1'])
- else:
-- print "Error: liblua or liblua5.1 not found!"
-+ print("Error: liblua or liblua5.1 not found!")
- Exit(1)
-
- # find lua header files
-@@ -241,7 +241,7 @@ if conf.CheckCHeader('lua.h'):
- elif conf.CheckCHeader('lua5.1/lua.h'):
- env.Append(CFLAGS = ['-I/usr/include/lua5.1'])
- else:
-- print "Error: lua.h not found"
-+ print("Error: lua.h not found")
- Exit(1)
-
- env = conf.Finish()
+++ /dev/null
---- a/SConstruct
-+++ b/SConstruct
-@@ -134,21 +134,21 @@ env = Environment(
-
- # handle options/environment varibles.
- if 'CC' in os.environ:
-- env.Replace(CC = os.environ['CC'])
-+ env.Replace(CC = Split(os.environ['CC']))
-
- # CFLAGS
- if GetOption("cflags") != "":
- env.Append(CFLAGS = GetOption("cflags"))
- elif 'CFLAGS' in os.environ:
-- env.Append(CFLAGS = os.environ['CFLAGS'])
-+ env.Append(CFLAGS = Split(os.environ['CFLAGS']))
-
- # LDFLAGS
- if GetOption("ldflags") != "":
- env.Replace(LINKFLAGS = GetOption("ldflags"))
- elif 'LDFLAGS' in os.environ:
-- env.Replace(LINKFLAGS = os.environ['LDFLAGS'])
-+ env.Replace(LINKFLAGS = Split(os.environ['LDFLAGS']))
- elif 'LINKFLAGS' in os.environ:
-- env.Replace(LINKFLAGS = os.environ['LINKFLAGS'])
-+ env.Replace(LINKFLAGS = Split(os.environ['LINKFLAGS']))
-
- # LIBS
- if GetOption("libs") != "":
-@@ -192,15 +192,6 @@ else:
- # autoconf
- conf = Configure(env, custom_tests = {'CheckEpoll' : CheckEpoll, 'CheckSelect' : CheckSelect, 'CheckKqueue' : CheckKqueue, 'CheckEndian' : CheckEndian})
-
--# Endian check
--endian = conf.CheckEndian()
--if endian == 'Big':
-- env.Append(CFLAGS = ["-DBIG_ENDIAN"])
--elif endian == 'Little':
-- env.Append(CFLAGS = ["-DLITTLE_ENDIAN"])
--else:
-- raise SConfError("Error when testing the endian.")
--
- # built-in event loop check
- if GetOption("transport") == 'built-in' or GetOption("transport") == '':
- if GetOption("evloop") == 'epoll':
include $(TOPDIR)/rules.mk
PKG_NAME:=snort3
-PKG_VERSION:=3.0.3-1
+PKG_VERSION:=3.1.0.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.snort.org/downloads/snortplus/
-PKG_HASH:=30a22cec90d77504db80d8e8902f98c536b1b8160c575fb66a97a6765f83c600
+PKG_HASH:=c4e2e78e3afa879d7e35e482afe42a6c4b96ed26198a9979edf7953b5151ccbf
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/$(PKG_NAME)-$(PKG_VERSION)
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
$(PKG_INSTALL_DIR)/usr/include/snort/lua/snort_plugin.lua \
$(1)/usr/share/lua/
- $(CP) \
- $(PKG_INSTALL_DIR)/usr/include/snort/lua/snort_config.lua \
- $(1)/usr/share/lua/
-
$(INSTALL_DIR) $(1)/etc/snort
$(INSTALL_DIR) $(1)/etc/init.d
PKG_NAME:=socat
PKG_VERSION:=1.7.3.4
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=http://www.dest-unreach.org/socat/download
{
uci_load_validate socat socat "$1" "$2" \
'enable:bool:1' \
- 'SocatOptions:string'
+ 'SocatOptions:or(string, list(string))'
+}
+
+append_param_command()
+{
+ procd_append_param command "$1"
}
socat_instance()
{
+ local is_list
+
[ "$2" = 0 ] || {
echo "validation failed"
return 1
procd_open_instance
procd_set_param command "$PROG"
- procd_append_param command $SocatOptions
+ config_get is_list "$1" SocatOptions_LENGTH
+ if [ -z "$is_list" ]; then
+ procd_append_param command $SocatOptions
+ else
+ config_list_foreach "$1" SocatOptions append_param_command
+ fi
+ procd_set_param stdout 1
+ procd_set_param stderr 1
procd_close_instance
}
include $(TOPDIR)/rules.mk
PKG_NAME:=sqm-scripts
-PKG_SOURCE_VERSION:=ab763cba8b1516b3afa99760e0ca884f8b8d93b8
-PKG_VERSION:=1.4.0
-PKG_RELEASE:=9
+PKG_SOURCE_VERSION:=bb064ad6065dcfb4966662bfab15b9fcdbb48e5f
+PKG_VERSION:=1.5.0
+PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/tohojo/sqm-scripts
-PKG_MIRROR_HASH:=43f59dd4c74c5f1634498c18e370c5185110be1084597df37773cecf306e3a24
+PKG_MIRROR_HASH:=d41301ed1e318ea81c6c8f29c1847efdda3663573d12a3e0b855b4b8b8cf0610
PKG_MAINTAINER:=Toke Høiland-Jørgensen <toke@toke.dk>
PKG_LICENSE:=GPL-2.0-only
include $(TOPDIR)/rules.mk
PKG_NAME:=squid
-PKG_VERSION:=4.12
-PKG_RELEASE:=2
+PKG_VERSION:=4.13
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://www3.us.squid-cache.org/Versions/v4/ \
http://www2.pl.squid-cache.org/Versions/v4/ \
http://www.squid-cache.org/Versions/v4/
-PKG_HASH:=f42a03c8b3dc020722c88bf1a87da8cb0c087b2f66b41d8256c77ee1b527e317
+PKG_HASH:=6891a0f540e60779b4f24f1802a302f813c6f473ec7336a474ed68c3e2e53ee0
PKG_MAINTAINER:=Marko Ratkaj <marko.ratkaj@sartura.hr>
PKG_LICENSE:=GPL-2.0-or-later
PKG_NAME:=subversion
PKG_VERSION:=1.14.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_URL:=@APACHE/subversion
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/nls.mk
-
define Package/subversion/Default
SECTION:=net
CATEGORY:=Network
--with-utf8proc=internal \
$(call autoconf_bool,INTL_FULL,nls)
+TARGET_LDFLAGS += $(if $(INTL_FULL),-lintl)
+
define Package/subversion-libs/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libsvn_*.so.* $(1)/usr/lib/
include $(TOPDIR)/rules.mk
PKG_NAME:=sysrepo
-PKG_VERSION:=1.4.70
+PKG_VERSION:=1.4.104
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/sysrepo/sysrepo/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=f0f894d4ed98ce9d20fda219378b844731d796e95115c07f4c067d853e20ca36
+PKG_HASH:=635f68ad5f8cb5ea3bd7c3081963f1a9a79ee0d6570facb1f3bcbf3b640446a4
PKG_MAINTAINER:=Jakov Smolic <jakov.smolic@sartura.hr>
PKG_LICENSE:=Apache-2.0
PKG_NAME:=tcpreplay
PKG_VERSION:=4.3.3
-PKG_RELEASE:=1
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/appneta/tcpreplay/releases/download/v$(PKG_VERSION)
PKG_LICENSE_FILES:=docs/LICENSE
PKG_CPE_ID:=cpe:/a:appneta:tcpreplay
-PKG_FIXUP:=libtool
+PKG_FIXUP:=autoreconf
+PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
CATEGORY:=Network
URL:=http://tcpreplay.appneta.com/
MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
- DEPENDS:=+librt +libpcap
+ DEPENDS:=+librt +libpcap +libdnet
endef
define Package/tcpbridge
CONFIGURE_ARGS += \
--enable-force-pf \
--enable-dynamic-link \
- --prefix="$(PKG_INSTALL_DIR)/usr" \
- --exec-prefix="$(PKG_INSTALL_DIR)/usr" \
+ --with-libdnet="$(STAGING_DIR)/usr" \
--with-libpcap="$(STAGING_DIR)/usr"
define tcpreplayTemplate
#
-# Copyright (C) 02020 CZ.NIC, z. s. p. o. (https://www.nic.cz/)
+# Copyright (C) 2020-2021 CZ.NIC, z. s. p. o. (https://www.nic.cz/)
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
PKG_NAME:=tor-hs
PKG_VERSION:=0.0.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec@nic.cz>
PKG_LICENSE:=GPL-3.0-or-later
CATEGORY:=Network
SUBMENU:=IP Addresses and Names
TITLE:=Tor hidden service configurator
- DEPENDS:=+tor
+ DEPENDS:=+tor +rpcd
endef
define Package/tor-hs/description
define Build/Install
endef
+define Package/tor-hs/postinst
+#!/bin/sh
+[ -z "$${IPKG_INSTROOT}" ] && /etc/init.d/rpcd restart
+exit 0
+endef
+
+define Package/tor-hs/postrm
+#!/bin/sh
+[ -z "$${IPKG_INSTROOT}" ] && /etc/init.d/rpcd restart
+exit 0
+endef
+
define Package/tor-hs/install
$(INSTALL_DIR) $(1)/etc/config/
$(CP) ./files/tor-hs.conf $(1)/etc/config/tor-hs
PKG_NAME:=transmission
PKG_VERSION:=3.00
-PKG_RELEASE:=8
+PKG_RELEASE:=11
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@GITHUB/transmission/transmission-releases/master
CATEGORY:=Network
TITLE:=BitTorrent client
URL:=https://www.transmissionbt.com
- DEPENDS:=+libcurl +libevent2 +libminiupnpc +libnatpmp +libpthread +librt +zlib +LIBCURL_NOSSL:libmbedtls +LIBCURL_GNUTLS:libmbedtls $(ICONV_DEPENDS)
+ DEPENDS:=+libcurl +libevent2 +libminiupnpc +libnatpmp +libpthread +librt +zlib +LIBCURL_NOSSL:libmbedtls +LIBCURL_GNUTLS:libmbedtls +LIBCURL_WOLFSSL:libmbedtls $(ICONV_DEPENDS)
endef
define Package/transmission-daemon
$(if $(CONFIG_LIBCURL_GNUTLS),--with-crypto=polarssl) \
$(if $(CONFIG_LIBCURL_MBEDTLS),--with-crypto=polarssl) \
$(if $(CONFIG_LIBCURL_OPENSSL),--with-crypto=openssl) \
- $(if $(CONFIG_LIBCURL_WOLFSSL),--with-crypto=cyassl)
+ $(if $(CONFIG_LIBCURL_WOLFSSL),--with-crypto=polarssl)
define Package/transmission-daemon/install
$(INSTALL_DIR) $(1)/usr/bin
"exit",
"exit_group",
"fadvise64",
+ "fadvise64_64",
"fallocate",
+ "fchmod",
"fcntl",
"fcntl64",
"fstat",
"getpid",
"getsockname",
"getsockopt",
+ "getuid",
"getuid32",
"ioctl",
"listen",
--- a/configure.ac
+++ b/configure.ac
-@@ -555,9 +555,6 @@ dnl it should be safe to re-edit 0.40 back down to 0.23
+@@ -555,9 +555,6 @@ dnl it should be safe to re-edit 0.40 ba
use_nls=no
if test "x$enable_nls" = "xyes" ; then
use_nls=yes
--- a/configure.ac
+++ b/configure.ac
-@@ -152,8 +152,8 @@ AS_IF([test "x$want_crypto" = "xauto" -o "x$want_crypto" = "xcyassl"], [
+@@ -152,8 +152,8 @@ AS_IF([test "x$want_crypto" = "xauto" -o
)
])
AS_IF([test "x$want_crypto" = "xauto" -o "x$want_crypto" = "xpolarssl"], [
--- a/libtransmission/webseed.c
+++ b/libtransmission/webseed.c
-@@ -510,8 +510,6 @@ static void webseed_timer_func(evutil_socket_t foo UNUSED, short bar UNUSED, voi
+@@ -510,8 +510,6 @@ static void webseed_timer_func(evutil_so
++w->retry_tickcount;
}
include $(TOPDIR)/rules.mk
PKG_NAME:=uacme
-PKG_VERSION:=1.2.1
-PKG_RELEASE:=2
+PKG_VERSION:=1.6
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/ndilieto/uacme/tar.gz/upstream/$(PKG_VERSION)?
-PKG_HASH:=ccd6001e96ec2eb22a1d557bf8dcc4152a567782afc9a1e017a93d7de3b49833
+PKG_HASH:=baeb1621e4b5d3cbf339531aa8c0df29ccffbb9c996379265349976d2c09c259
PKG_MAINTAINER:=Lucian Cristian <lucian.cristian@gmail.com>
PKG_LICENSE:=GPL-3.0-or-later
include $(TOPDIR)/rules.mk
PKG_NAME:=UDPspeeder
-PKG_VERSION:=20200818.1
-PKG_RELEASE:=1
+PKG_VERSION:=20210116.0
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/wangyu-/$(PKG_NAME)/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=54bc6dc1283630ed78c033ae26b0f6af24bb92da17784ec64ae56d6e5ca73dd6
+PKG_HASH:=657ae24dfd592a1f6f114342231b24d09baec712957969f425477b9f9fd5994a
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
CATEGORY:=Network
TITLE:=UDP Network Speed-Up Tool
URL:=https://github.com/wangyu-/UDPspeeder
- DEPENDS:= +libstdcpp +librt
+ DEPENDS:= +libstdcpp +librt +libatomic
endef
define Package/UDPspeeder/description
include $(TOPDIR)/rules.mk
PKG_NAME:=umurmur
-PKG_VERSION:=0.2.17
-PKG_RELEASE:=3
+PKG_VERSION:=0.2.19
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/umurmur/umurmur/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=e77b7b6616768f4a1c07442afe49a772692f667b00c23cc85909d4dd0ce206d2
+PKG_HASH:=338053160bc48e48850061cdfc19cf1b2bb66e56877c04cd6de7831b468646b6
PKG_MAINTAINER:=Martin Johansson <martin@fatbob.nu>
PKG_LICENSE:=BSD-3-Clause
+++ /dev/null
-From 45a0a33aea1878c467c380562d6e38b3e4c713a9 Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Fri, 8 Jun 2018 11:59:04 -0300
-Subject: [PATCH] Update openssl 1.1 deprecated API
-
-Allows building with openssl 1.1 compiled without deprecated API support.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
----
- src/ssli_openssl.c | 27 ++++++++++++++++++++++++---
- 1 file changed, 24 insertions(+), 3 deletions(-)
-
-diff --git a/src/ssli_openssl.c b/src/ssli_openssl.c
-index 8ff1bcf..4f7979c 100644
---- a/src/ssli_openssl.c
-+++ b/src/ssli_openssl.c
-@@ -42,6 +42,8 @@
-
- #include <openssl/x509v3.h>
- #include <openssl/ssl.h>
-+#include <openssl/rsa.h>
-+#include <openssl/bn.h>
- #include <openssl/err.h>
- #include <openssl/safestack.h>
- static X509 *x509;
-@@ -159,6 +161,7 @@ static void SSL_initializeCert() {
-
- char *crt = (char *)getStrConf(CERTIFICATE);
- char *key = (char *)getStrConf(KEY);
-+ BIGNUM *e = NULL;
-
- if (context) {
- bool_t did_load_cert = SSL_CTX_use_certificate_chain_file(context, crt);
-@@ -172,13 +175,24 @@ static void SSL_initializeCert() {
-
- x509 = X509_new();
- pkey = EVP_PKEY_new();
-- rsa = RSA_generate_key(4096,RSA_F4,NULL,NULL);
-+ rsa = RSA_new();
-+ e = BN_new();
-+ if (x509 == NULL || pkey == NULL || rsa == NULL || e == NULL || !BN_set_word(e, RSA_F4) ||
-+ !RSA_generate_key_ex (rsa, 4096, e, NULL)) {
-+ Log_fatal("Failed to Generate RSA key.");
-+ }
-+ BN_free(e);
- EVP_PKEY_assign_RSA(pkey, rsa);
-
- X509_set_version(x509, 2);
- ASN1_INTEGER_set(X509_get_serialNumber(x509),1);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- X509_gmtime_adj(X509_get_notBefore(x509),0);
- X509_gmtime_adj(X509_get_notAfter(x509),60*60*24*365);
-+#else
-+ X509_gmtime_adj(X509_getm_notBefore(x509),0);
-+ X509_gmtime_adj(X509_getm_notAfter(x509),60*60*24*365);
-+#endif
- X509_set_pubkey(x509, pkey);
-
- X509_NAME *name=X509_get_subject_name(x509);
-@@ -214,9 +228,10 @@ void SSLi_init(void)
- SSL *ssl;
- int i, offset = 0, cipherstringlen = 0;
- STACK_OF(SSL_CIPHER) *cipherlist = NULL, *cipherlist_new = NULL;
-- SSL_CIPHER *cipher;
-+ const SSL_CIPHER *cipher;
- char *cipherstring;
-
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- SSL_library_init();
- OpenSSL_add_all_algorithms();
- SSL_load_error_strings();
-@@ -225,13 +240,17 @@ void SSLi_init(void)
- context = SSL_CTX_new(SSLv23_server_method());
- SSL_CTX_set_options(context, SSL_OP_NO_SSLv2);
- SSL_CTX_set_options(context, SSL_OP_NO_SSLv3);
-- SSL_CTX_set_options(context, SSL_OP_CIPHER_SERVER_PREFERENCE);
-+#else
-+ context = SSL_CTX_new(TLS_server_method());
-+ SSL_CTX_set_min_proto_version(context, TLS1_VERSION);
-+#endif
- if (context == NULL)
- {
- ERR_print_errors_fp(stderr);
- abort();
- }
-
-+ SSL_CTX_set_options(context, SSL_OP_CIPHER_SERVER_PREFERENCE);
- SSL_CTX_set_cipher_list(context, ciphers);
-
- EC_KEY *ecdhkey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
-@@ -290,7 +309,9 @@ void SSLi_init(void)
- void SSLi_deinit(void)
- {
- SSL_CTX_free(context);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- EVP_cleanup();
-+#endif
- }
-
- int SSLi_nonblockaccept(SSL_handle_t *ssl, bool_t *SSLready)
---
-2.16.4
-
+++ /dev/null
---- a/src/ssli_openssl.c
-+++ b/src/ssli_openssl.c
-@@ -46,6 +46,9 @@
- #include <openssl/bn.h>
- #include <openssl/err.h>
- #include <openssl/safestack.h>
-+#ifndef OPENSSL_NO_EC
-+#include <openssl/ec.h>
-+#endif
- static X509 *x509;
- static RSA *rsa;
- static SSL_CTX *context;
-@@ -253,9 +256,11 @@ void SSLi_init(void)
- SSL_CTX_set_options(context, SSL_OP_CIPHER_SERVER_PREFERENCE);
- SSL_CTX_set_cipher_list(context, ciphers);
-
-+#ifndef OPENSSL_NO_EC
- EC_KEY *ecdhkey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
- SSL_CTX_set_tmp_ecdh(context, ecdhkey);
- EC_KEY_free(ecdhkey);
-+#endif
-
- char const * sslCAPath = getStrConf(CAPATH);
- if(sslCAPath != NULL)
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=usbip
-PKG_RELEASE:=12
+PKG_RELEASE:=13
PKG_LICENSE:=GPL-2.0-only
# Since kernel 2.6.39.1 userspace tools are inside the kernel tree
define Package/usbip
$(call Package/usbip/Default)
TITLE+= (common)
- DEPENDS+= +libwrap +kmod-usbip +libudev +USE_GLIBC:libbsd
+ DEPENDS+= +libwrap +kmod-usbip +libudev +USE_GLIBC:libbsd +usbids
endef
define Package/usbip-client
CONFIGURE_VARS+= $(if $(CONFIG_USE_GLIBC),LIBS='-lbsd -lpthread')
CFLAGS+="$(TARGET_CFLAGS) -I$(STAGING_DIR)/usr/include"
-USB_IDS_VER:=0.318
-USB_IDS_FILE:=usb.ids.$(USB_IDS_VER)
-define Download/usb.ids
- FILE:=$(USB_IDS_FILE)
- URL_FILE:=usb.ids
- URL:=@GITHUB/vcrhonek/hwdata/v$(USB_IDS_VER)
- HASH:=84bc5452e4e45c2250e01bc74e03528b2a53c4724b2c4a5feaea76a922f83915
-endef
-
define Package/usbip/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libusbip.so.* $(1)/usr/lib/
- $(INSTALL_DIR) $(1)/usr/share/hwdata
- $(CP) $(DL_DIR)/usb.ids.$(USB_IDS_VER) $(1)/usr/share/hwdata/usb.ids
endef
define Package/usbip-client/install
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/usbipd $(1)/usr/sbin/
endef
-$(eval $(call Download,usb.ids))
$(eval $(call BuildPackage,usbip))
$(eval $(call BuildPackage,usbip-client))
$(eval $(call BuildPackage,usbip-server))
include $(TOPDIR)/rules.mk
PKG_NAME:=wget
-PKG_VERSION:=1.20.3
-PKG_RELEASE:=4
+PKG_VERSION:=1.21.1
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@GNU/$(PKG_NAME)
-PKG_HASH:=31cccfc6630528db1c8e3a06f6decf2a370060b982841cfab2b8677400a5092e
+PKG_HASH:=59ba0bdade9ad135eda581ae4e59a7a9f25e3a4bde6a5419632b31906120e26e
+
PKG_MAINTAINER:=Peter Wagner <tripolar@gmx.at>
PKG_LICENSE:=GPL-3.0-or-later
PKG_LICENSE_FILES:=COPYING
-
PKG_CPE_ID:=cpe:/a:gnu:wget
+PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
+
include $(INCLUDE_DIR)/package.mk
define Package/wget/Default
SUBMENU:=File Transfer
TITLE:=Non-interactive network downloader
URL:=https://www.gnu.org/software/wget/index.html
- PROVIDES:=gnu-wget
+ PROVIDES:=gnu-wget wget
endef
define Package/wget/Default/description
archives and home pages or to travel the Web like a WWW robot.
endef
-define Package/wget
+define Package/wget-ssl
$(call Package/wget/Default)
DEPENDS+= +libopenssl +librt
TITLE+= (with SSL support)
VARIANT:=ssl
- PROVIDES+=wget-ssl
- ALTERNATIVES:=300:/usr/bin/wget:/usr/bin/wget-ssl
+ ALTERNATIVES:=300:/usr/bin/wget:/usr/libexec/wget-ssl
endef
-define Package/wget/description
+define Package/wget-ssl/description
$(call Package/wget/Default/description)
This package is built with SSL support.
endef
$(call Package/wget/Default)
TITLE+= (without SSL support)
VARIANT:=nossl
- PROVIDES+=wget
- ALTERNATIVES:=300:/usr/bin/wget:/usr/bin/wget-nossl
+ ALTERNATIVES:=300:/usr/bin/wget:/usr/libexec/wget-nossl
endef
define Package/wget-nossl/description
--without-ssl
endif
-define Package/wget/install
- $(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/wget $(1)/usr/bin/wget-ssl
+define Package/wget-ssl/install
+ $(INSTALL_DIR) $(1)/usr/libexec
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/wget $(1)/usr/libexec/wget-ssl
endef
define Package/wget-nossl/install
- $(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/wget $(1)/usr/bin/wget-nossl
+ $(INSTALL_DIR) $(1)/usr/libexec
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/wget $(1)/usr/libexec/wget-nossl
endef
-$(eval $(call BuildPackage,wget))
+$(eval $(call BuildPackage,wget-ssl))
$(eval $(call BuildPackage,wget-nossl))
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=xray-core
+PKG_VERSION:=1.2.4
+PKG_RELEASE:=$(AUTORELEASE)
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/XTLS/Xray-core/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=25f6c9edec0ac1f98328943cd2bb760ac7b69107582f9d27e43559da39dc01ed
+
+PKG_MAINTAINER:=Tianling Shen <cnsztl@project-openwrt.eu.org>
+PKG_LICENSE:=MPL-2.0
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/Xray-core-$(PKG_VERSION)
+PKG_BUILD_DEPENDS:=golang/host
+PKG_BUILD_PARALLEL:=1
+PKG_USE_MIPS16:=0
+
+GO_PKG:=github.com/xtls/xray-core
+GO_PKG_BUILD_PKG:=github.com/xtls/xray-core/main
+GO_PKG_LDFLAGS:=-s -w
+GO_PKG_LDFLAGS_X:= \
+ $(GO_PKG)/core.version=$(PKG_VERSION) \
+ $(GO_PKG)/core.codename=OpenWrt
+
+include $(INCLUDE_DIR)/package.mk
+include ../../lang/golang/golang-package.mk
+
+define Package/xray/template
+ TITLE:=A platform for building proxies to bypass network restrictions
+ SECTION:=net
+ CATEGORY:=Network
+ URL:=https://xray.sh
+endef
+
+define Package/xray-core
+ $(call Package/xray/template)
+ DEPENDS:=$(GO_ARCH_DEPENDS) +ca-bundle
+ PROVIDES:=v2ray-core
+endef
+
+define Package/xray-example
+ $(call Package/xray/template)
+ TITLE+= (example configs)
+ DEPENDS:=xray-core
+ PKGARCH:=all
+endef
+
+define Package/xray-geodata
+ $(call Package/xray/template)
+ TITLE+= (geodata files)
+ DEPENDS:=xray-core
+ PKGARCH:=all
+endef
+
+define Package/xray/description
+ Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.
+ It secures your network connections and thus protects your privacy.
+endef
+
+define Package/xray-core/description
+ $(call Package/xray/description)
+endef
+
+define Package/xray-example/description
+ $(call Package/xray/description)
+
+ This includes example configuration files for xray-core.
+endef
+
+define Package/xray-geodata/description
+ $(call Package/xray/description)
+
+ This includes GEO datas used for xray-core.
+endef
+
+define Package/xray-core/conffiles
+/etc/xray/
+/etc/config/xray
+endef
+
+GEOIP_VER:=202101280019
+GEOIP_FILE:=geoip.dat.$(GEOIP_VER)
+
+define Download/geoip
+ URL:=https://github.com/v2fly/geoip/releases/download/$(GEOIP_VER)/
+ URL_FILE:=geoip.dat
+ FILE:=$(GEOIP_FILE)
+ HASH:=69bb1f820f416e4591a7b76bfabf9fde9cce6550cddcc1a99b2ccafeb2a8ebd3
+endef
+
+GEOSITE_VER:=20210130061540
+GEOSITE_FILE:=dlc.dat.$(GEOSITE_VER)
+
+define Download/geosite
+ URL:=https://github.com/v2fly/domain-list-community/releases/download/$(GEOSITE_VER)/
+ URL_FILE:=dlc.dat
+ FILE:=$(GEOSITE_FILE)
+ HASH:=bc9748c95b0545376356174b005fccfbc21d647df46293d5197853ee06a9c0a2
+endef
+
+define Build/Prepare
+ $(call Build/Prepare/Default)
+ifneq ($(CONFIG_PACKAGE_xray-geodata),)
+ $(call Download,geoip)
+ $(call Download,geosite)
+endif
+endef
+
+define Package/xray-core/install
+ $(call GoPackage/Package/Install/Bin,$(PKG_INSTALL_DIR))
+ $(INSTALL_DIR) $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/main $(1)/usr/bin/xray
+ $(LN) xray $(1)/usr/bin/v2ray
+
+ $(INSTALL_DIR) $(1)/etc/xray/
+ $(INSTALL_CONF) $(CURDIR)/files/config.json.example $(1)/etc/xray/
+
+ $(INSTALL_DIR) $(1)/etc/config/
+ $(INSTALL_CONF) $(CURDIR)/files/xray.conf $(1)/etc/config/xray
+ $(INSTALL_DIR) $(1)/etc/init.d/
+ $(INSTALL_BIN) $(CURDIR)/files/xray.init $(1)/etc/init.d/xray
+
+ $(INSTALL_DIR) $(1)/etc/capabilities/
+ $(INSTALL_DATA) $(CURDIR)/files/xray.capabilities $(1)/etc/capabilities/xray.json
+endef
+
+define Package/xray-example/install
+ $(INSTALL_DIR) $(1)/etc/xray/
+ $(INSTALL_CONF) $(CURDIR)/files/vpoint_socks_vmess.json $(1)/etc/xray/
+ $(INSTALL_CONF) $(CURDIR)/files/vpoint_vmess_freedom.json $(1)/etc/xray/
+endef
+
+define Package/xray-geodata/install
+ $(INSTALL_DIR) $(1)/usr/share/xray/
+ $(INSTALL_DATA) $(DL_DIR)/$(GEOIP_FILE) $(1)/usr/share/xray/geoip.dat
+ $(INSTALL_DATA) $(DL_DIR)/$(GEOSITE_FILE) $(1)/usr/share/xray/geosite.dat
+endef
+
+$(eval $(call BuildPackage,xray-core))
+$(eval $(call BuildPackage,xray-example))
+$(eval $(call BuildPackage,xray-geodata))
--- /dev/null
+// Config file of Xray. This file follows standard JSON format, with comments support.
+// Uncomment entries below to satisfy your needs. Also read our manual for more detail at
+// https://www.v2fly.org/en_US/config/overview.html and https://xray.sh/en/config/
+{
+ "log": {
+ // By default, Xray writes access log to stdout.
+ // "access": "/path/to/access/log/file",
+
+ // By default, Xray write error log to stdout.
+ // "error": "/path/to/error/log/file",
+
+ // Log level, one of "debug", "info", "warning", "error", "none"
+ "loglevel": "warning"
+ },
+ // List of inbound proxy configurations.
+ "inbounds": [{
+ // Port to listen on. You may need root access if the value is less than 1024.
+ "port": 1080,
+
+ // IP address to listen on. Change to "0.0.0.0" to listen on all network interfaces.
+ "listen": "127.0.0.1",
+
+ // Tag of the inbound proxy. May be used for routing.
+ "tag": "socks-inbound",
+
+ // Protocol name of inbound proxy.
+ "protocol": "socks",
+
+ // Settings of the protocol. Varies based on protocol.
+ "settings": {
+ "auth": "noauth",
+ "udp": false,
+ "ip": "127.0.0.1"
+ },
+
+ // Enable sniffing on TCP connection.
+ "sniffing": {
+ "enabled": true,
+ // Target domain will be overriden to the one carried by the connection, if the connection is HTTP or HTTPS.
+ "destOverride": ["http", "tls"]
+ }
+ }],
+ // List of outbound proxy configurations.
+ "outbounds": [{
+ // Protocol name of the outbound proxy.
+ "protocol": "freedom",
+
+ // Settings of the protocol. Varies based on protocol.
+ "settings": {},
+
+ // Tag of the outbound. May be used for routing.
+ "tag": "direct"
+ },{
+ "protocol": "blackhole",
+ "settings": {},
+ "tag": "blocked"
+ }],
+
+ // Transport is for global transport settings. If you have multiple transports with same settings
+ // (say mKCP), you may put it here, instead of in each individual inbound/outbounds.
+ //"transport": {},
+
+ // Routing controls how traffic from inbounds are sent to outbounds.
+ "routing": {
+ "domainStrategy": "IPOnDemand",
+ "rules":[
+ {
+ // Blocks access to private IPs. Remove this if you want to access your router.
+ "type": "field",
+ "ip": ["geoip:private"],
+ "outboundTag": "blocked"
+ },
+ {
+ // Blocks major ads.
+ "type": "field",
+ "domain": ["geosite:category-ads"],
+ "outboundTag": "blocked"
+ }
+ ]
+ },
+
+ // Dns settings for domain resolution.
+ "dns": {
+ // Static hosts, similar to hosts file.
+ "hosts": {
+ // Match v2ray.com to another domain on CloudFlare. This domain will be used when querying IPs for v2ray.com.
+ "domain:v2ray.com": "www.vicemc.net",
+
+ // The following settings help to eliminate DNS poisoning in mainland China.
+ // It is safe to comment these out if this is not the case for you.
+ "domain:github.io": "pages.github.com",
+ "domain:wikipedia.org": "www.wikimedia.org",
+ "domain:shadowsocks.org": "electronicsrealm.com"
+ },
+ "servers": [
+ "1.1.1.1",
+ {
+ "address": "114.114.114.114",
+ "port": 53,
+ // List of domains that use this DNS first.
+ "domains": [
+ "geosite:cn"
+ ]
+ },
+ "8.8.8.8",
+ "localhost"
+ ]
+ },
+
+ // Policy controls some internal behavior of how Xray handles connections.
+ // It may be on connection level by user levels in 'levels', or global settings in 'system.'
+ "policy": {
+ // Connection policys by user levels
+ "levels": {
+ "0": {
+ "uplinkOnly": 0,
+ "downlinkOnly": 0
+ }
+ },
+ "system": {
+ "statsInboundUplink": false,
+ "statsInboundDownlink": false,
+ "statsOutboundUplink": false,
+ "statsOutboundDownlink": false
+ }
+ },
+
+ // Stats enables internal stats counter.
+ // This setting can be used together with Policy and Api.
+ //"stats":{},
+
+ // Api enables gRPC APIs for external programs to communicate with Xray instance.
+ //"api": {
+ //"tag": "api",
+ //"services": [
+ // "HandlerService",
+ // "LoggerService",
+ // "StatsService"
+ //]
+ //},
+
+ // You may add other entries to the configuration, but they will not be recognized by Xray.
+ "other": {}
+}
--- /dev/null
+{
+ "log": {
+ "loglevel": "warning"
+ },
+ "inbounds": [{
+ "port": 1080,
+ "listen": "127.0.0.1",
+ "protocol": "socks",
+ "settings": {
+ "auth": "noauth",
+ "udp": false,
+ "ip": "127.0.0.1"
+ }
+ }],
+ "outbounds": [{
+ "protocol": "freedom",
+ "settings": {},
+ "tag": "direct"
+ }],
+ "policy": {
+ "levels": {
+ "0": {"uplinkOnly": 0}
+ }
+ }
+}
--- /dev/null
+{
+ "inbounds": [{
+ "port": 10086,
+ "protocol": "vmess",
+ "settings": {
+ "clients": [
+ {
+ "id": "23ad6b10-8d1a-40f7-8ad0-e3e35cd38297",
+ "level": 1,
+ "alterId": 64
+ }
+ ]
+ }
+ }],
+ "outbounds": [{
+ "protocol": "freedom",
+ "settings": {}
+ },{
+ "protocol": "blackhole",
+ "settings": {},
+ "tag": "blocked"
+ }],
+ "routing": {
+ "rules": [
+ {
+ "type": "field",
+ "ip": ["geoip:private"],
+ "outboundTag": "blocked"
+ }
+ ]
+ }
+}
--- /dev/null
+{
+ "ambient": [
+ "CAP_NET_ADMIN",
+ "CAP_NET_BIND_SERVICE"
+ ],
+ "bounding": [
+ "CAP_NET_ADMIN",
+ "CAP_NET_BIND_SERVICE"
+ ]
+}
--- /dev/null
+
+config xray 'enabled'
+ option enabled '0'
+
+config xray 'config'
+ option confdir '/etc/xray'
+ list conffiles '/etc/xray/config.json'
+ option datadir '/usr/share/xray'
+ option format 'json'
+
--- /dev/null
+#!/bin/sh /etc/rc.common
+
+USE_PROCD=1
+START=99
+
+CONF="xray"
+PROG="/usr/bin/xray"
+CAPA_FILE="/etc/capabilities/xray.json"
+
+start_service() {
+ config_load "$CONF"
+
+ local enabled
+ config_get enabled "enabled" "enabled" "0"
+ [ "$enabled" -eq "0" ] && exit 1
+
+ local confdir
+ local conffiles
+ local datadir
+ local format
+
+ config_get confdir "config" "confdir"
+ config_get conffiles "config" "conffiles"
+ config_get datadir "config" "datadir" "/usr/share/xray"
+ config_get format "config" "format" "json"
+
+ procd_open_instance "$CONF"
+ procd_set_param command "$PROG" run
+ [ -n "$confdir" ] && procd_append_param command -confdir "$confdir"
+ [ -n "$conffiles" ] && {
+ for i in $conffiles
+ do
+ procd_append_param command -config "$i"
+ done
+ }
+ procd_append_param command -format "$format"
+ procd_set_param env XRAY_LOCATION_ASSET="$datadir"
+ procd_set_param file $conffiles
+
+ procd_set_param stdout 1
+ procd_set_param stderr 1
+ procd_set_param respawn
+
+ [ -x "/sbin/ujail" -a -e "$CAPA_FILE" ] && {
+ procd_add_jail "$CONF"
+ procd_set_param capabilities "$CAPA_FILE"
+ procd_set_param user nobody
+ procd_set_param no_new_privs 1
+ }
+ procd_close_instance
+}
+
+reload_service() {
+ stop
+ start
+}
+
+service_triggers() {
+ procd_add_reload_trigger "$CONF"
+}
PKG_NAME:=madplay
PKG_VERSION:=0.15.2b
-PKG_RELEASE:=8
+PKG_RELEASE:=9
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/mad \
PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=COPYING
-PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/nls.mk
-define Package/madplay/default
+define Package/madplay
SECTION:=sound
CATEGORY:=Sound
- DEPENDS:=+libid3tag +libmad $(INTL_DEPENDS) $(2)
- TITLE:=MPEG audio player in fixed point - $(1)
- VARIANT:=$(1)
- URL:=http://sourceforge.net/projects/mad
+ DEPENDS:=+libid3tag +libmad $(INTL_DEPENDS) +alsa-lib
+ TITLE:=MPEG audio player in fixed point - ALSA
+ URL:=https://sourceforge.net/projects/mad
endef
-Package/madplay-alsa=$(call Package/madplay/default,alsa,+alsa-lib)
-Package/madplay=$(call Package/madplay/default,oss)
-
define Package/madplay/description
MAD is an MPEG audio decoder. It currently only supports the MPEG 1
standard, but fully implements all three audio layers (Layer I, Layer II,
--disable-debugging \
--disable-profiling \
--disable-experimental \
- --without-libiconv-prefix \
- --without-libintl-prefix \
--without-esd \
+ --with-alsa
CONFIGURE_VARS += \
lt_prog_compiler_pic=$(FPIC)
MAKE_FLAGS += CFLAGS="$(TARGET_CFLAGS)"
-ifeq ($(BUILD_VARIANT),alsa)
- CONFIGURE_ARGS += \
- --without-oss \
- --with-alsa
-else
- CONFIGURE_ARGS += \
- --without-alsa \
- --with-oss
-endif
-
define Package/madplay/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/madplay $(1)/usr/bin/
endef
-define Package/madplay-alsa/install
- $(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/madplay $(1)/usr/bin/
-endef
-
-$(eval $(call BuildPackage,madplay-alsa))
$(eval $(call BuildPackage,madplay))
+++ /dev/null
---- a/intl/Makefile.in
-+++ b/intl/Makefile.in
-@@ -19,7 +19,7 @@
- PACKAGE = @PACKAGE@
- VERSION = @VERSION@
-
--SHELL = /bin/sh
-+SHELL = @SHELL@
-
- srcdir = @srcdir@
- top_srcdir = @top_srcdir@
-@@ -56,6 +56,7 @@ DEFS = -DLOCALEDIR=\"$(localedir)\" -DLO
- -DENABLE_RELOCATABLE=1 -DIN_LIBRARY -DINSTALLDIR=\"$(libdir)\" -DNO_XMALLOC \
- -Dset_relocation_prefix=libintl_set_relocation_prefix \
- -Drelocate=libintl_relocate \
-+-DINSTALLPREFIX=\"$(prefix)\" \
- -DDEPENDS_ON_LIBICONV=1 @DEFS@
- CPPFLAGS = @CPPFLAGS@
- CFLAGS = @CFLAGS@
---- a/po/Makefile.in.in
-+++ b/po/Makefile.in.in
-@@ -13,7 +13,7 @@
- PACKAGE = @PACKAGE@
- VERSION = @VERSION@
-
--SHELL = /bin/sh
-+SHELL = @SHELL@
- @SET_MAKE@
-
- srcdir = @srcdir@
+++ /dev/null
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -24,8 +24,8 @@
-
- ## Process this file with automake to produce Makefile.in
-
--SUBDIRS = intl po
--DIST_SUBDIRS = intl po m4 msvc++
-+SUBDIRS = intl
-+DIST_SUBDIRS = intl m4 msvc++
-
- ACLOCAL_AMFLAGS = -I m4
-
include $(TOPDIR)/rules.mk
PKG_NAME:=shairport-sync
-PKG_VERSION:=3.3.6
-PKG_RELEASE:=2
+PKG_VERSION:=3.3.7
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/mikebrady/shairport-sync/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=a8382affd25c473fa38ead5690148c6c3902098f359f9c881eefe139e1f49f49
+PKG_HASH:=7f8d4ecec53f2f681a962467bf09205568fc936c8c31a9ee07b1bd72d3d95b12
PKG_MAINTAINER:=Ted Hess <thess@kitschensync.net>, \
Mike Brady <mikebrady@eircom.net>
endif
--- a/configure.ac
+++ b/configure.ac
-@@ -19,7 +19,6 @@ with_os=`echo ${with_os} | tr '[[:upper:]]' '[[:lower:]]' `
+@@ -19,7 +19,6 @@ with_os=`echo ${with_os} | tr '[[:upper:
# Checks for programs.
AC_PROG_CC
define Build/Prepare
$(call Build/Prepare/Default)
+ifeq ($(QUILT),)
mv $(PKG_BUILD_DIR)/pico/* $(PKG_BUILD_DIR)
+endif
endef
define Package/svox/install
--- /dev/null
+#
+# Copyright (C) 2009-2012 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=acsccid
+PKG_VERSION:=1.1.8
+PKG_RELEASE:=1
+
+PKG_SOURCE:=v$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://github.com/acshk/acsccid/archive/
+PKG_HASH:=68d15eb20e7f52153509f1dc300cf0c68b388c59d7d124ba494fd96c61a6e7c6
+PKG_MAINTAINER:=Vincent JARDIN <vjardin@free.fr>
+PKG_LICENSE:=LGPL-2.1-or-later
+PKG_LICENSE_FILES:=COPYING
+
+PKG_FIXUP:=libtool
+PKG_INSTALL:=1
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/nls.mk
+
+define Package/acsccid
+ SECTION:=libs
+ CATEGORY:=Libraries
+ DEPENDS:=$(ICONV_DEPENDS) +libusb-1.0 +libpcsclite
+ TITLE:=PCSC driver for ACS USB CCID smart card readers
+ URL:=https://github.com/acshk/acsccid
+endef
+
+define Package/acsccid/description
+ PCSC driver for ACS USB CCID (Chip/Smart Card Interface Devices)
+ smart card readers and ICCD (Integrated Circuit(s)
+ Card Devices).
+endef
+
+TARGET_CFLAGS += $(FPIC)
+
+TARGET_LDFLAGS += "-lpthread"
+
+CONFIGURE_ARGS += \
+ --enable-embedded \
+ --enable-usbdropdir=/usr/lib/pcsc/drivers
+
+define Package/acsccid/install
+ $(INSTALL_DIR) $(1)/usr/lib/pcsc
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/pcsc/drivers $(1)/usr/lib/pcsc/
+endef
+
+$(eval $(call BuildPackage,acsccid))
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=apk
+PKG_VERSION:=2.12.1
+PKG_RELEASE:=$(AUTORELEASE)
+
+PKG_SOURCE:=apk-tools-v$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://gitlab.alpinelinux.org/alpine/apk-tools/-/archive/v$(PKG_VERSION)
+PKG_HASH:=b191dbd5019e8933b78b66779412e901e9b88fb12c460a22995e342b3efe83eb
+PKG_BUILD_DIR:=$(BUILD_DIR)/apk-tools-v$(PKG_VERSION)
+
+PKG_MAINTAINER:=Paul Spooren <mail@aparcar.org>
+PKG_LICENSE:=GPL-2.0-only
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/apk
+ SECTION:=utils
+ CATEGORY:=Utilities
+ TITLE:=apk package manager
+ DEPENDS:=+zlib +libopenssl @!arc
+ URL:=$(PKG_SOURCE_URL)
+endef
+
+define Package/alpine-keys
+ SECTION:=utils
+ CATEGORY:=Utilities
+ TITLE:=Alpine apk public signing keys
+ DEPENDS:=apk
+endef
+
+define Package/alpine-repositories
+ SECTION:=utils
+ CATEGORY:=Utilities
+ TITLE:=Official Alpine repositories
+ DEPENDS:=apk
+endef
+
+MAKE_FLAGS += LUA=no
+
+define Package/apk/install
+ $(INSTALL_DIR) $(1)/lib/apk/db
+
+ $(INSTALL_DIR) $(1)/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/sbin/apk $(1)/bin/apk
+
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/lib/* $(1)/usr/lib/
+
+ $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/apk.pc \
+ $(1)/usr/lib/pkgconfig/
+
+ $(INSTALL_DIR) $(1)/etc/apk/
+ echo $(ARCH) > $(1)/etc/apk/arch
+ touch $(1)/etc/apk/world
+endef
+
+define Package/alpine-keys/install
+ $(INSTALL_DIR) $(1)/etc/apk/keys
+ $(INSTALL_DATA) ./files/alpine-keys/* $(1)/etc/apk/keys
+endef
+
+define Package/alpine-repositories/install
+ $(INSTALL_DIR) $(1)/etc/apk/keys
+ $(INSTALL_DATA) ./files/alpine-repositories $(1)/etc/apk/repositories
+endef
+
+$(eval $(call BuildPackage,apk))
+$(eval $(call BuildPackage,alpine-keys))
+$(eval $(call BuildPackage,alpine-repositories))
--- /dev/null
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1yHJxQgsHQREclQu4Ohe
+qxTxd1tHcNnvnQTu/UrTky8wWvgXT+jpveroeWWnzmsYlDI93eLI2ORakxb3gA2O
+Q0Ry4ws8vhaxLQGC74uQR5+/yYrLuTKydFzuPaS1dK19qJPXB8GMdmFOijnXX4SA
+jixuHLe1WW7kZVtjL7nufvpXkWBGjsfrvskdNA/5MfxAeBbqPgaq0QMEfxMAn6/R
+L5kNepi/Vr4S39Xvf2DzWkTLEK8pcnjNkt9/aafhWqFVW7m3HCAII6h/qlQNQKSo
+GuH34Q8GsFG30izUENV9avY7hSLq7nggsvknlNBZtFUcmGoQrtx3FmyYsIC8/R+B
+ywIDAQAB
+-----END PUBLIC KEY-----
--- /dev/null
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNijDxJ8kloskKQpJdx+
+mTMVFFUGDoDCbulnhZMJoKNkSuZOzBoFC94omYPtxnIcBdWBGnrm6ncbKRlR+6oy
+DO0W7c44uHKCFGFqBhDasdI4RCYP+fcIX/lyMh6MLbOxqS22TwSLhCVjTyJeeH7K
+aA7vqk+QSsF4TGbYzQDDpg7+6aAcNzg6InNePaywA6hbT0JXbxnDWsB+2/LLSF2G
+mnhJlJrWB1WGjkz23ONIWk85W4S0XB/ewDefd4Ly/zyIciastA7Zqnh7p3Ody6Q0
+sS2MJzo7p3os1smGjUF158s6m/JbVh4DN6YIsxwl2OjDOz9R0OycfJSDaBVIGZzg
+cQIDAQAB
+-----END PUBLIC KEY-----
--- /dev/null
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlzMkl7b5PBdfMzGdCT0
+cGloRr5xGgVmsdq5EtJvFkFAiN8Ac9MCFy/vAFmS8/7ZaGOXoCDWbYVLTLOO2qtX
+yHRl+7fJVh2N6qrDDFPmdgCi8NaE+3rITWXGrrQ1spJ0B6HIzTDNEjRKnD4xyg4j
+g01FMcJTU6E+V2JBY45CKN9dWr1JDM/nei/Pf0byBJlMp/mSSfjodykmz4Oe13xB
+Ca1WTwgFykKYthoLGYrmo+LKIGpMoeEbY1kuUe04UiDe47l6Oggwnl+8XD1MeRWY
+sWgj8sF4dTcSfCMavK4zHRFFQbGp/YFJ/Ww6U9lA3Vq0wyEI6MCMQnoSMFwrbgZw
+wwIDAQAB
+-----END PUBLIC KEY-----
--- /dev/null
+https://dl-cdn.alpinelinux.org/alpine/edge/main
+https://dl-cdn.alpinelinux.org/alpine/edge/community
+
--- /dev/null
+From b05a93c48fdbb50f0c464310dc2ce45777d32ea2 Mon Sep 17 00:00:00 2001
+From: Paul Spooren <mail@aparcar.org>
+Date: Fri, 2 Oct 2020 14:08:52 -1000
+Subject: [PATCH] remove doc generation
+
+Signed-off-by: Paul Spooren <mail@aparcar.org>
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/Makefile
++++ b/Makefile
+@@ -25,7 +25,7 @@ export DESTDIR SBINDIR LIBDIR CONFDIR MA
+ ##
+ # Top-level subdirs
+
+-subdirs := libfetch/ src/ doc/
++subdirs := libfetch/ src/
+
+ ##
+ # Include all rules and stuff
--- /dev/null
+From c4c8aa5ba0ec6bf4c6d74c4807b66edfbd91be7c Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Mon, 11 Jan 2021 01:51:58 -0800
+Subject: [PATCH] fix compilation without deprecated OpenSSL APIs
+
+(De)initialization is deprecated under OpenSSL 1.0 and above.
+
+[TT: Some simplifications, and additional edits.]
+
+Signed-off-by: Rosen Penev <rosenp@gmail.com>
+---
+ libfetch/common.c | 12 ++++--------
+ src/apk.c | 26 +-------------------------
+ src/apk_openssl.h | 27 +++++++++++++++++++++++++++
+ 3 files changed, 32 insertions(+), 33 deletions(-)
+
+--- a/libfetch/common.c
++++ b/libfetch/common.c
+@@ -499,15 +499,11 @@ static int fetch_ssl_setup_client_certif
+ int
+ fetch_ssl(conn_t *conn, const struct url *URL, int verbose)
+ {
+- /* Init the SSL library and context */
+- if (!SSL_library_init()){
+- fprintf(stderr, "SSL library init failed\n");
+- return (-1);
+- }
+-
+- SSL_load_error_strings();
+-
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ conn->ssl_meth = SSLv23_client_method();
++#else
++ conn->ssl_meth = TLS_client_method();
++#endif
+ conn->ssl_ctx = SSL_CTX_new(conn->ssl_meth);
+ SSL_CTX_set_mode(conn->ssl_ctx, SSL_MODE_AUTO_RETRY);
+
+--- a/src/apk.c
++++ b/src/apk.c
+@@ -20,11 +20,6 @@
+ #include <unistd.h>
+ #include <sys/stat.h>
+
+-#include <openssl/crypto.h>
+-#ifndef OPENSSL_NO_ENGINE
+-#include <openssl/engine.h>
+-#endif
+-
+ #include <fetch.h>
+
+ #include "apk_defines.h"
+@@ -385,25 +380,6 @@ static int parse_options(int argc, char
+ return 0;
+ }
+
+-static void fini_openssl(void)
+-{
+- EVP_cleanup();
+-#ifndef OPENSSL_NO_ENGINE
+- ENGINE_cleanup();
+-#endif
+- CRYPTO_cleanup_all_ex_data();
+-}
+-
+-static void init_openssl(void)
+-{
+- atexit(fini_openssl);
+- OpenSSL_add_all_algorithms();
+-#ifndef OPENSSL_NO_ENGINE
+- ENGINE_load_builtin_engines();
+- ENGINE_register_all_complete();
+-#endif
+-}
+-
+ static void on_sigwinch(int s)
+ {
+ apk_reset_screen_width();
+@@ -484,7 +460,7 @@ int main(int argc, char **argv)
+ apk_force |= applet->forced_force;
+ }
+
+- init_openssl();
++ apk_openssl_init();
+ setup_automatic_flags();
+ fetchConnectionCacheInit(32, 4);
+
+--- a/src/apk_openssl.h
++++ b/src/apk_openssl.h
+@@ -11,7 +11,11 @@
+ #define APK_SSL_COMPAT_H
+
+ #include <openssl/opensslv.h>
++#include <openssl/crypto.h>
+ #include <openssl/evp.h>
++#ifndef OPENSSL_NO_ENGINE
++#include <openssl/engine.h>
++#endif
+
+ #if OPENSSL_VERSION_NUMBER < 0x1010000fL || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+
+@@ -25,6 +29,29 @@ static inline void EVP_MD_CTX_free(EVP_M
+ return EVP_MD_CTX_destroy(mdctx);
+ }
+
++static inline void apk_openssl_cleanup(void)
++{
++ EVP_cleanup();
++#ifndef OPENSSL_NO_ENGINE
++ ENGINE_cleanup();
++#endif
++ CRYPTO_cleanup_all_ex_data();
++}
++
++static inline void apk_openssl_init(void)
++{
++ atexit(apk_openssl_cleanup);
++ OpenSSL_add_all_algorithms();
++#ifndef OPENSSL_NO_ENGINE
++ ENGINE_load_builtin_engines();
++ ENGINE_register_all_complete();
++#endif
++}
++
++#else
++
++static inline void apk_openssl_init(void) {}
++
+ #endif
+
+ #endif
--- /dev/null
+#!/bin/sh
+
+case "$1" in
+ "apk")
+ apk --version | grep "${2#*v}"
+ ;;
+esac
PKG_NAME:=auc
PKG_VERSION:=0.1.4
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_LICENSE:=GPL-3.0
include $(INCLUDE_DIR)/package.mk
find_library(json NAMES json-c json)
ADD_EXECUTABLE(auc auc.c)
-TARGET_LINK_LIBRARIES(auc uci ubox ubus uclient blobmsg_json ${json})
+TARGET_LINK_LIBRARIES(auc uci ubox ubus uclient blobmsg_json ${json} ${CMAKE_DL_LIBS})
INSTALL(TARGETS auc RUNTIME DESTINATION sbin)
PKG_NAME:=augeas
PKG_VERSION:=1.12.0
-PKG_RELEASE=1
+PKG_RELEASE=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://download.augeas.net/
Set of Augeas lenses.
endef
+CONFIGURE_ARGS+= \
+ --without-selinux
+
define Package/augeas-lenses-tests
SECTION:=utils
CATEGORY:=Utilities
PKG_NAME:=bash
PKG_VERSION:=5.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@GNU/bash
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 5.1
+Patch-ID: bash51-001
+
+Bug-Reported-by: Fazal Majid <fazal@majid.org>
+Bug-Reference-ID: <DEAB7D2C-C626-450C-B2E5-281AFF2D26D4@majid.org>
+Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2020-12/msg00000.html
+
+Bug-Description:
+
+There is a missing dependency on a constructed file, which can cause highly
+parellel builds to fail.
+
+Patch (apply with `patch -p0'):
+
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -1315,6 +1315,7 @@ bashline.o: trap.h flags.h assoc.h $(BAS
+ bashline.o: $(DEFSRC)/common.h $(GLOB_LIBSRC)/glob.h alias.h
+ bashline.o: pcomplete.h ${BASHINCDIR}/chartypes.h input.h
+ bashline.o: ${BASHINCDIR}/shmbutil.h ${BASHINCDIR}/shmbchar.h
++bashline.o: ${DEFDIR}/builtext.h
+ bracecomp.o: config.h bashansi.h ${BASHINCDIR}/ansi_stdlib.h
+ bracecomp.o: shell.h syntax.h config.h bashjmp.h ${BASHINCDIR}/posixjmp.h
+ bracecomp.o: command.h ${BASHINCDIR}/stdc.h error.h
+@@ -1435,6 +1436,7 @@ builtins/evalstring.o: quit.h unwind_pro
+ builtins/evalstring.o: dispose_cmd.h make_cmd.h subst.h externs.h
+ builtins/evalstring.o: jobs.h builtins.h flags.h input.h execute_cmd.h
+ builtins/evalstring.o: bashhist.h $(DEFSRC)/common.h pathnames.h
++builtins/evalstring.o: ${DEFDIR}/builtext.h
+ builtins/getopt.o: config.h ${BASHINCDIR}/memalloc.h
+ builtins/getopt.o: shell.h syntax.h bashjmp.h command.h general.h xmalloc.h error.h
+ builtins/getopt.o: variables.h arrayfunc.h conftypes.h quit.h ${BASHINCDIR}/maxpath.h unwind_prot.h dispose_cmd.h
+--- a/builtins/Makefile.in
++++ b/builtins/Makefile.in
+@@ -361,7 +361,7 @@ evalstring.o: $(topdir)/dispose_cmd.h $(
+ evalstring.o: $(topdir)/externs.h $(topdir)/jobs.h $(topdir)/builtins.h
+ evalstring.o: $(topdir)/flags.h $(topdir)/input.h $(topdir)/execute_cmd.h
+ evalstring.o: $(topdir)/bashhist.h $(srcdir)/common.h
+-evalstring.o: $(topdir)/trap.h $(topdir)/redir.h ../pathnames.h
++evalstring.o: $(topdir)/trap.h $(topdir)/redir.h ../pathnames.h ./builtext.h
+ #evalstring.o: $(topdir)/y.tab.h
+ getopt.o: ../config.h $(BASHINCDIR)/memalloc.h
+ getopt.o: $(topdir)/shell.h $(topdir)/syntax.h $(topdir)/bashjmp.h $(topdir)/command.h
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -1,6 +1,6 @@
+ /* patchlevel.h -- current bash patch level */
+
+-/* Copyright (C) 2001-2016 Free Software Foundation, Inc.
++/* Copyright (C) 2001-2020 Free Software Foundation, Inc.
+
+ This file is part of GNU Bash, the Bourne Again SHell.
+
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 0
++#define PATCHLEVEL 1
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 5.1
+Patch-ID: bash51-002
+
+Bug-Reported-by: oguzismailuysal@gmail.com
+Bug-Reference-ID: <CAH7i3LoHFUa4aSF5-AD2r80HG-p-YzD_9ZxomarZkhP8NMq63g@mail.gmail.com>
+Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2020-12/msg00037.html
+
+Bug-Description:
+
+If there are no jobs, and the `-n' and `-p' options are both supplied to
+`wait', bash can assign a value to the variable name specified with `-p'
+instead of leaving it unset.
+
+Patch (apply with `patch -p0'):
+
+--- a/builtins/wait.def
++++ b/builtins/wait.def
+@@ -213,11 +213,11 @@ wait_builtin (list)
+ }
+
+ status = wait_for_any_job (wflags, &pstat);
+- if (status < 0)
+- status = 127;
+-
+ if (vname && status >= 0)
+ bind_var_to_int (vname, pstat.pid);
++
++ if (status < 0)
++ status = 127;
+ if (list)
+ unset_waitlist ();
+ WAIT_RETURN (status);
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 1
++#define PATCHLEVEL 2
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 5.1
+Patch-ID: bash51-003
+
+Bug-Reported-by: oguzismailuysal@gmail.com
+Bug-Reference-ID: <CAH7i3LpG91BnNcDtaTUm2Ph7a+PnJkuh6nAc87cVL7_38tOaMQ@mail.gmail.com>
+Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2020-12/msg00050.html
+
+Bug-Description:
+
+Bash does not put a command substitution process that is started to perform an
+expansion in a child process into the right process group where it can receive
+keyboard-generated signals.
+
+Patch (apply with `patch -p0'):
+
+--- a/subst.c
++++ b/subst.c
+@@ -6356,8 +6356,10 @@ command_substitute (string, quoted, flag
+
+ #if defined (JOB_CONTROL)
+ old_pipeline_pgrp = pipeline_pgrp;
+- /* Don't reset the pipeline pgrp if we're already a subshell in a pipeline. */
+- if ((subshell_environment & SUBSHELL_PIPE) == 0)
++ /* Don't reset the pipeline pgrp if we're already a subshell in a pipeline or
++ we've already forked to run a disk command (and are expanding redirections,
++ for example). */
++ if ((subshell_environment & (SUBSHELL_FORK|SUBSHELL_PIPE)) == 0)
+ pipeline_pgrp = shell_pgrp;
+ cleanup_the_pipeline ();
+ #endif /* JOB_CONTROL */
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 2
++#define PATCHLEVEL 3
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 5.1
+Patch-ID: bash51-004
+
+Bug-Reported-by: oguzismailuysal@gmail.com
+Bug-Reference-ID: <CAH7i3LoHGmwaghDpCWRUfcY04gQmeDTH3RiG=bf2b=KbU=gyhw@mail.gmail.com>
+Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2020-12/msg00039.html
+
+Bug-Description:
+
+If a key-value compound array assignment to an associative array is supplied
+as an assignment statement argument to the `declare' command that declares the
+array, the assignment doesn't perform the correct word expansions.
+
+This patch makes key-value assignment and subscript assignment perform the
+same expansions when they're supplied as an argument to `declare'.
+
+Patch (apply with `patch -p0'):
+
+--- a/arrayfunc.c
++++ b/arrayfunc.c
+@@ -597,6 +597,27 @@ assign_assoc_from_kvlist (var, nlist, h,
+ free (aval);
+ }
+ }
++
++/* Return non-zero if L appears to be a key-value pair associative array
++ compound assignment. */
++int
++kvpair_assignment_p (l)
++ WORD_LIST *l;
++{
++ return (l && (l->word->flags & W_ASSIGNMENT) == 0 && l->word->word[0] != '['); /*]*/
++}
++
++char *
++expand_and_quote_kvpair_word (w)
++ char *w;
++{
++ char *t, *r;
++
++ t = w ? expand_assignment_string_to_string (w, 0) : 0;
++ r = sh_single_quote (t ? t : "");
++ free (t);
++ return r;
++}
+ #endif
+
+ /* Callers ensure that VAR is not NULL. Associative array assignments have not
+@@ -640,7 +661,7 @@ assign_compound_array_list (var, nlist,
+ last_ind = (a && (flags & ASS_APPEND)) ? array_max_index (a) + 1 : 0;
+
+ #if ASSOC_KVPAIR_ASSIGNMENT
+- if (assoc_p (var) && nlist && (nlist->word->flags & W_ASSIGNMENT) == 0 && nlist->word->word[0] != '[') /*]*/
++ if (assoc_p (var) && kvpair_assignment_p (nlist))
+ {
+ iflags = flags & ~ASS_APPEND;
+ assign_assoc_from_kvlist (var, nlist, nhash, iflags);
+--- a/arrayfunc.h
++++ b/arrayfunc.h
+@@ -67,6 +67,9 @@ extern SHELL_VAR *assign_array_var_from_
+ extern char *expand_and_quote_assoc_word PARAMS((char *, int));
+ extern void quote_compound_array_list PARAMS((WORD_LIST *, int));
+
++extern int kvpair_assignment_p PARAMS((WORD_LIST *));
++extern char *expand_and_quote_kvpair_word PARAMS((char *));
++
+ extern int unbind_array_element PARAMS((SHELL_VAR *, char *, int));
+ extern int skipsubscript PARAMS((const char *, int, int));
+
+--- a/subst.c
++++ b/subst.c
+@@ -11604,6 +11604,7 @@ expand_oneword (value, flags)
+ {
+ WORD_LIST *l, *nl;
+ char *t;
++ int kvpair;
+
+ if (flags == 0)
+ {
+@@ -11618,11 +11619,21 @@ expand_oneword (value, flags)
+ {
+ /* Associative array */
+ l = parse_string_to_word_list (value, 1, "array assign");
++#if ASSOC_KVPAIR_ASSIGNMENT
++ kvpair = kvpair_assignment_p (l);
++#endif
++
+ /* For associative arrays, with their arbitrary subscripts, we have to
+ expand and quote in one step so we don't have to search for the
+ closing right bracket more than once. */
+ for (nl = l; nl; nl = nl->next)
+ {
++#if ASSOC_KVPAIR_ASSIGNMENT
++ if (kvpair)
++ /* keys and values undergo the same set of expansions */
++ t = expand_and_quote_kvpair_word (nl->word->word);
++ else
++#endif
+ if ((nl->word->flags & W_ASSIGNMENT) == 0)
+ t = sh_single_quote (nl->word->word ? nl->word->word : "");
+ else
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 3
++#define PATCHLEVEL 4
+
+ #endif /* _PATCHLEVEL_H_ */
PKG_NAME:=bonnie++
PKG_VERSION:=1.98
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tgz
PKG_SOURCE_URL:=https://www.coker.com.au/bonnie++/
bonnie++: $(BONOBJS)
- $(LINK) -o bonnie++ $(BONOBJS) $(THREAD_LFLAGS)
-+ $(CXX) $(CXXFLAGS) -o bonnie++ $(BONOBJS)
++ $(CXX) $(CXXFLAGS) -o bonnie++ $(BONOBJS) @thread_ldflags@
zcav: $(ZCAVOBJS)
- $(LINK) -o zcav $(ZCAVOBJS) $(THREAD_LFLAGS)
-+ $(CXX) $(CXXFLAGS) -o zcav $(ZCAVOBJS)
++ $(CXX) $(CXXFLAGS) -o zcav $(ZCAVOBJS) @thread_ldflags@
getc_putc: $(GETCOBJS) getc_putc_helper
- $(LINK) -o getc_putc $(GETCOBJS) $(THREAD_LFLAGS)
include $(TOPDIR)/rules.mk
PKG_NAME:=btrfs-progs
-PKG_VERSION:=5.7
+PKG_VERSION:=5.10
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@KERNEL/linux/kernel/people/kdave/btrfs-progs
-PKG_HASH:=5c2f048b8c814852614b0b262ab2d468ea02774ef01124ebc0ab708df262de5c
+PKG_HASH:=e71a0d6dd504f3a5d957fce9a30281eb61ecf991c8af315fe0061a1b97a1d021
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-v$(PKG_VERSION)
PKG_MAINTAINER:=Karel Kočí <karel.koci@nic.cz>
DEPENDS:= \
+libattr \
+libuuid \
+ +libmount \
+zlib \
+libblkid \
+liblzo \
include $(TOPDIR)/rules.mk
PKG_NAME:=cni-plugins
-PKG_VERSION:=0.8.7
-PKG_RELEASE:=2
+PKG_VERSION:=0.9.0
+PKG_RELEASE:=1
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/containernetworking/plugins/archive/v$(PKG_VERSION)
-PKG_HASH:=de9fa170b4b6d38f6ff5287b313ddaf3c31f70bccb10e971ad59adadae22dd74
+PKG_HASH:=54abd2fb7762943ff57832dfba19de12db09f0a0f8e69b31f1a2bb2baca395e7
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>, Paul Spooren <mail@aparcar.org>
PKG_NAME:=collectd
PKG_VERSION:=5.12.0
-PKG_RELEASE:=1
+PKG_RELEASE:=7
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://collectd.org/files/ \
smart \
snmp_agent \
statsd \
- swap \
synproxy \
sysevent \
tape \
csv \
curl \
df \
+ dhcpleases \
disk \
dns \
email \
filecount \
fscache \
interface \
+ ipstatistics \
iptables \
irq \
iwinfo \
rrdtool \
sensors \
snmp \
+ snmp6 \
+ swap \
syslog \
table \
tail \
$(eval $(call BuildPlugin,curl,cURL input,curl,+PACKAGE_collectd-mod-curl:libcurl))
#$(eval $(call BuildPlugin,dbi,relational database input,dbi,+PACKAGE_collectd-mod-dbi:libdbi))
$(eval $(call BuildPlugin,df,disk space input,df,))
+$(eval $(call BuildPlugin,dhcpleases,show dhcpleases,dhcpleases,))
$(eval $(call BuildPlugin,disk,disk usage/timing input,disk,))
$(eval $(call BuildPlugin,dns,DNS traffic input,dns,+PACKAGE_collectd-mod-dns:libpcap))
$(eval $(call BuildPlugin,email,email output,email,))
$(eval $(call BuildPlugin,filecount,file count input,filecount,))
$(eval $(call BuildPlugin,fscache,file-system based caching framework input,fscache,))
$(eval $(call BuildPlugin,interface,network interfaces input,interface,))
+$(eval $(call BuildPlugin,ipstatistics,ipstatistics input,ipstatistics,))
$(eval $(call BuildPlugin,iptables,iptables status input,iptables,+PACKAGE_collectd-mod-iptables:iptables +libip4tc +libip6tc))
$(eval $(call BuildPlugin,irq,interrupt usage input,irq,))
$(eval $(call BuildPlugin,iwinfo,libiwinfo wireless statistics,iwinfo,+PACKAGE_collectd-mod-iwinfo:libiwinfo))
$(eval $(call BuildPlugin,rrdtool,RRDtool output,rrdtool,+PACKAGE_collectd-mod-rrdtool:librrd1))
$(eval $(call BuildPlugin,sensors,lm_sensors input,sensors,+PACKAGE_collectd-mod-sensors:libsensors))
$(eval $(call BuildPlugin,snmp,SNMP input,snmp,+PACKAGE_collectd-mod-snmp:libnetsnmp))
+$(eval $(call BuildPlugin,snmp6,snmp6 input,snmp6,))
+$(eval $(call BuildPlugin,swap,swap input,swap,))
$(eval $(call BuildPlugin,syslog,syslog output,syslog,))
$(eval $(call BuildPlugin,tail,tail input,tail,))
$(eval $(call BuildPlugin,tail-csv,tail CSV input,tail_csv,))
}
config_get_bool Forward "$cfg" Forward
- if [ "$value" = "0" ]; then
+ if [ "$Forward" = "0" ]; then
printf "\\tForward false\n" >> "$COLLECTD_CONF"
else
printf "\\tForward true\n" >> "$COLLECTD_CONF"
[ -z "$config" ] || {
printf "%s<Plugin %s>\n" "${CONFIG_STRING}" "$cfg" >> "$COLLECTD_CONF"
- echo -e "${config}" >> "$COLLECTD_CONF"
+ echo -n -e "${config}" >> "$COLLECTD_CONF"
printf "%s</Plugin>\n" "${CONFIG_STRING}" >> "$COLLECTD_CONF"
}
-
- printf "\n" >> "$COLLECTD_CONF"
}
process_plugins() {
process_config() {
local alt_config_file BaseDir Include PIDFile PluginDir TypesDB
- local Interval ReadThreads Hostname
+ local Interval ReadThreads WriteThreads Hostname
+ local WriteQueueLimitHigh WriteQueueLimitLow CollectInternalStats
rm -f "$COLLECTD_CONF"
printf "Interval %s\n" "$Interval" >> "$COLLECTD_CONF"
config_get ReadThreads globals ReadThreads 2
- printf "ReadThreads \"%s\"\n" "$ReadThreads" >> "$COLLECTD_CONF"
+ printf "ReadThreads %s\n" "$ReadThreads" >> "$COLLECTD_CONF"
+
+ config_get WriteThreads globals WriteThreads 2
+ printf "WriteThreads %s\n" "$WriteThreads" >> "$COLLECTD_CONF"
+
+ config_get WriteQueueLimitLow globals WriteQueueLimitLow 0
+ [ "$WriteQueueLimitLow" -ne 0 ] \
+ && printf "WriteQueueLimitLow %s\n" "$WriteQueueLimitLow" >> "$COLLECTD_CONF"
+
+ config_get WriteQueueLimitHigh globals WriteQueueLimitHigh 0
+ [ "$WriteQueueLimitHigh" -ne 0 ] \
+ && printf "WriteQueueLimitHigh %s\n" "$WriteQueueLimitHigh" >> "$COLLECTD_CONF"
+
+ config_get_bool CollectInternalStats globals CollectInternalStats 0
+ if [ "$CollectInternalStats" = "0" ]; then
+ printf "CollectInternalStats false\n" >> "$COLLECTD_CONF"
+ else
+ printf "CollectInternalStats true\n" >> "$COLLECTD_CONF"
+ fi
config_get Hostname globals Hostname "$(uname -n)"
printf "Hostname \"%s\"\n" "$Hostname" >> "$COLLECTD_CONF"
# option TypesDB '/usr/share/collectd/types.db'
# option Interval '30'
# option ReadThreads '2'
+# option WriteThreads '2'
+# option WriteQueueLimitLow '0'
+# option WriteQueueLimitHigh '0'
+# option CollectInternalStats '0'
#config plugin 'apcups'
# option enable '0'
#config plugin 'sensors'
# option enable '0'
+#config plugin 'swap'
+# option enable '0'
+# option ReportByDevice '1'
+# option ValuesAbsolute '1'
+# option ValuesPercentage '0'
+# option ReportIO '1'
+# option ReportBytes '1'
+
#config plugin 'tcpconns'
# option enable '0'
# list ListeningPort '0'
--- /dev/null
+{
+ "bool": [
+ "ReportBytes",
+ "ReportByDevice",
+ "ValuesAbsolute",
+ "ValuesPercentage",
+ "ReportIO"
+ ]
+}
--- /dev/null
+From: Nick Hainke <vincent@systemli.org>
+Date: Mon, 7 Dec 2020 23:07:30 +0100
+Subject: [PATCH] dhcpleases: add dhcpleases plugin
+
+Changelog: dhcpleases: add plugin for counting current dhcp leases
+
+The plugin is useful for the Freifunk Community. Currently, we use
+the exec-plugin. With that dhcpleases plugin we have native collectd
+support to measure this important statistic.
+
+Signed-off-by: Nick Hainke <vincent@systemli.org>
+---
+ Makefile.am | 6 ++++
+ README | 3 ++
+ configure.ac | 2 ++
+ src/collectd.conf.in | 5 +++
+ src/dhcpleases.c | 83 ++++++++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 99 insertions(+)
+ create mode 100644 src/dhcpleases.c
+
+diff --git a/Makefile.am b/Makefile.am
+index 00947da0..5ee76a00 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -963,6 +963,12 @@ df_la_LDFLAGS = $(PLUGIN_LDFLAGS)
+ df_la_LIBADD = libignorelist.la libmount.la
+ endif
+
++if BUILD_PLUGIN_DHCPLEASES
++pkglib_LTLIBRARIES += dhcpleases.la
++dhcpleases_la_SOURCES = src/dhcpleases.c
++dhcpleases_la_LDFLAGS = $(PLUGIN_LDFLAGS)
++endif
++
+ if BUILD_PLUGIN_DISK
+ pkglib_LTLIBRARIES += disk.la
+ disk_la_SOURCES = src/disk.c
+diff --git a/README b/README
+index e42e9c24..dd104408 100644
+--- a/README
++++ b/README
+@@ -106,6 +106,9 @@ Features
+ Disk utilization: Sectors read/written, number of read/write actions,
+ average time an IO-operation took to complete.
+
++ - dhcpleases
++ Collect number of current dhcp leases.
++
+ - dns
+ DNS traffic: Query types, response codes, opcodes and traffic/octets
+ transferred.
+diff --git a/configure.ac b/configure.ac
+index bcfb8cf5..6c2b6574 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -7061,6 +7061,7 @@ AC_PLUGIN([curl_xml], [$plugin_curl_xml], [CURL generic xml
+ AC_PLUGIN([dbi], [$with_libdbi], [General database statistics])
+ AC_PLUGIN([dcpmm], [$with_libpmwapi], [Intel(R) Optane(TM) DC Persistent Memory performance and health statistics])
+ AC_PLUGIN([df], [$plugin_df], [Filesystem usage statistics])
++AC_PLUGIN([dhcpleases], [yes], [DHCP Leases])
+ AC_PLUGIN([disk], [$plugin_disk], [Disk usage statistics])
+ AC_PLUGIN([dns], [$with_libpcap], [DNS traffic analysis])
+ AC_PLUGIN([dpdkevents], [$plugin_dpdkevents], [Events from DPDK])
+@@ -7508,6 +7509,7 @@ AC_MSG_RESULT([ curl_xml . . . . . . $enable_curl_xml])
+ AC_MSG_RESULT([ dbi . . . . . . . . . $enable_dbi])
+ AC_MSG_RESULT([ dcpmm . . . . . . . $enable_dcpmm])
+ AC_MSG_RESULT([ df . . . . . . . . . $enable_df])
++AC_MSG_RESULT([ dhcpleases. . . . . . $enable_dhcpleases])
+ AC_MSG_RESULT([ disk . . . . . . . . $enable_disk])
+ AC_MSG_RESULT([ dns . . . . . . . . . $enable_dns])
+ AC_MSG_RESULT([ dpdkevents. . . . . . $enable_dpdkevents])
+diff --git a/src/collectd.conf.in b/src/collectd.conf.in
+index 562a55d9..94659e81 100644
+--- a/src/collectd.conf.in
++++ b/src/collectd.conf.in
+@@ -119,6 +119,7 @@
+ #@BUILD_PLUGIN_DBI_TRUE@LoadPlugin dbi
+ #@BUILD_PLUGIN_DCPMM_TRUE@LoadPlugin dcpmm
+ #@BUILD_PLUGIN_DF_TRUE@LoadPlugin df
++#@BUILD_PLUGIN_DHCPLEASES_TRUE@LoadPlugin dhcpleases
+ #@BUILD_PLUGIN_DISK_TRUE@LoadPlugin disk
+ #@BUILD_PLUGIN_DNS_TRUE@LoadPlugin dns
+ #@BUILD_PLUGIN_DPDKEVENTS_TRUE@LoadPlugin dpdkevents
+@@ -689,6 +690,10 @@
+ # SelectNumericQueryTypes true
+ #</Plugin>
+
++#<Plugin dhcpleases>
++# Path "/tmp/dhcp.leases"
++#</Plugin>
++
+ #<Plugin "dpdkevents">
+ # <EAL>
+ # Coremask "0x1"
+diff --git a/src/dhcpleases.c b/src/dhcpleases.c
+new file mode 100644
+index 00000000..f43d62bf
+--- /dev/null
++++ b/src/dhcpleases.c
+@@ -0,0 +1,83 @@
++#include <errno.h>
++#include <stdio.h>
++
++#include "utils/common/common.h"
++
++#include "configfile.h"
++#include "plugin.h"
++
++static char *dhcp_lease_file;
++
++static const char *config_keys[] = {
++ "Path",
++};
++static int config_keys_num = STATIC_ARRAY_SIZE(config_keys);
++
++/* copied from ping.c plugin */
++static int config_set_string(const char *name, /* {{{ */
++ char **var, const char *value) {
++ char *tmp;
++
++ tmp = strdup(value);
++ if (tmp == NULL) {
++ ERROR("dhcpleases plugin: Setting `%s' to `%s' failed: strdup failed: %s", name,
++ value, STRERRNO);
++ return 1;
++ }
++
++ if (*var != NULL)
++ free(*var);
++ *var = tmp;
++ return 0;
++} /* }}} int config_set_string */
++
++static int dhcpleases_config(const char *key, const char *value) {
++ if (strcasecmp(key, "Path") == 0) {
++ int status = config_set_string(key, &dhcp_lease_file, value);
++ if (status != 0)
++ return status;
++ }
++ return 0;
++}
++
++static void dhcpleases_submit(gauge_t counter) {
++ value_list_t vl = VALUE_LIST_INIT;
++ value_t values[] = {
++ {.gauge = counter},
++ };
++
++ vl.values = values;
++ vl.values_len = STATIC_ARRAY_SIZE(values);
++
++ sstrncpy(vl.plugin, "dhcpleases", sizeof(vl.plugin));
++ sstrncpy(vl.type, "count", sizeof(vl.type));
++
++ plugin_dispatch_values(&vl);
++}
++
++static int dhcp_leases_read(void) {
++
++ FILE *fh;
++ char buffer[1024];
++ gauge_t count = 0;
++
++ if ((fh = fopen(dhcp_lease_file, "r")) == NULL) {
++ WARNING("interface plugin: fopen: %s", STRERRNO);
++ return -1;
++ }
++
++ while (fgets(buffer, 1024, fh) != NULL) {
++ count++;
++ }
++ fclose(fh);
++
++ dhcpleases_submit(count);
++
++ return 0;
++}
++
++void module_register(void) {
++ plugin_register_config("dhcpleases", dhcpleases_config, config_keys,
++ config_keys_num);
++ plugin_register_read("dhcpleases", dhcp_leases_read);
++}
+--
+2.29.2
+
--- /dev/null
+From: Nick Hainke <vincent@systemli.org>
+Date: Mon, 7 Dec 2020 19:29:54 +0100
+Subject: [PATCH] snmp6: add ipv6 statistics
+
+ChangeLog: snmp6 plugin: Add plugin for parsing IPv6 statistics
+
+We would like to have pure ipv6 interface statistics. To get them,
+we parse the snmp6 interface.
+
+Signed-off-by: Nick Hainke <vincent@systemli.org>
+---
+ Makefile.am | 8 +++
+ README | 4 ++
+ configure.ac | 2 +
+ src/collectd.conf.in | 6 ++
+ src/snmp6.c | 135 +++++++++++++++++++++++++++++++++++++++++++
+ src/types.db | 2 +
+ 6 files changed, 157 insertions(+)
+ create mode 100644 src/snmp6.c
+
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -1964,6 +1964,14 @@ TESTS += test_plugin_snmp_agent
+
+ endif
+
++if BUILD_PLUGIN_SNMP6
++pkglib_LTLIBRARIES += snmp6.la
++snmp6_la_SOURCES = src/snmp6.c
++snmp6_la_CFLAGS = $(AM_CFLAGS)
++snmp6_la_LDFLAGS = $(PLUGIN_LDFLAGS)
++snmp6_la_LIBADD = libignorelist.la
++endif # BUILD_PLUGIN_SNMP6
++
+ if BUILD_PLUGIN_STATSD
+ pkglib_LTLIBRARIES += statsd.la
+ statsd_la_SOURCES = src/statsd.c
+--- a/README
++++ b/README
+@@ -422,6 +422,10 @@ Features
+ network devices such as switches, routers, thermometers, rack monitoring
+ servers, etc. See collectd-snmp(5).
+
++ - snmp6
++ Read values from SNMP6 (Simple Network Management Protocol). Supports pure
++ IPv6 interface statistics.
++
+ - statsd
+ Acts as a StatsD server, reading values sent over the network from StatsD
+ clients and calculating rates and other aggregates out of these values.
+--- a/configure.ac
++++ b/configure.ac
+@@ -7162,6 +7162,7 @@ AC_PLUGIN([slurm], [$with_
+ AC_PLUGIN([smart], [$plugin_smart], [SMART statistics])
+ AC_PLUGIN([snmp], [$with_libnetsnmp], [SNMP querying plugin])
+ AC_PLUGIN([snmp_agent], [$with_libnetsnmpagent], [SNMP agent plugin])
++AC_PLUGIN([snmp6], [yes], [IPv6 Interface traffic statistics via snmp6])
+ AC_PLUGIN([statsd], [yes], [StatsD plugin])
+ AC_PLUGIN([swap], [$plugin_swap], [Swap usage statistics])
+ AC_PLUGIN([synproxy], [$plugin_synproxy], [Synproxy stats plugin])
+@@ -7611,6 +7612,7 @@ AC_MSG_RESULT([ slurm . . . . . . . .
+ AC_MSG_RESULT([ smart . . . . . . . . $enable_smart])
+ AC_MSG_RESULT([ snmp . . . . . . . . $enable_snmp])
+ AC_MSG_RESULT([ snmp_agent . . . . . $enable_snmp_agent])
++AC_MSG_RESULT([ snmp6 . . . . . . . . $enable_snmp6])
+ AC_MSG_RESULT([ statsd . . . . . . . $enable_statsd])
+ AC_MSG_RESULT([ swap . . . . . . . . $enable_swap])
+ AC_MSG_RESULT([ synproxy . . . . . . $enable_synproxy])
+--- a/src/collectd.conf.in
++++ b/src/collectd.conf.in
+@@ -207,6 +207,7 @@
+ #@BUILD_PLUGIN_SMART_TRUE@LoadPlugin smart
+ #@BUILD_PLUGIN_SNMP_TRUE@LoadPlugin snmp
+ #@BUILD_PLUGIN_SNMP_AGENT_TRUE@LoadPlugin snmp_agent
++#@BUILD_PLUGIN_SNMP6_TRUE@LoadPlugin snmp6
+ #@BUILD_PLUGIN_STATSD_TRUE@LoadPlugin statsd
+ #@BUILD_PLUGIN_SWAP_TRUE@LoadPlugin swap
+ #@BUILD_PLUGIN_SYSEVENT_TRUE@LoadPlugin sysevent
+@@ -1718,6 +1719,11 @@
+ # </Table>
+ #</Plugin>
+
++#<Plugin snmp6>
++# Interface "eth0"
++# IgnoreSelected false
++#</Plugin>
++
+ #<Plugin statsd>
+ # Host "::"
+ # Port "8125"
+--- /dev/null
++++ b/src/snmp6.c
+@@ -0,0 +1,135 @@
++/*
++ This Plugin is based opn the interface.c Plugin.
++*/
++#include <stdint.h>
++#include <stdlib.h>
++#include <string.h>
++#include <errno.h>
++#include <stdbool.h>
++#include <stdio.h>
++
++#include <net/if.h>
++#include <sys/types.h>
++#include <ifaddrs.h>
++
++#include "plugin.h"
++#include "utils/cmds/putval.h"
++#include "utils/common/common.h"
++#include "utils/ignorelist/ignorelist.h"
++
++static const char *config_keys[] = {
++ "Interface",
++ "IgnoreSelected",
++};
++static int config_keys_num = STATIC_ARRAY_SIZE(config_keys);
++
++static ignorelist_t *ignorelist;
++
++static int snmp6_config(const char *key, const char *value) {
++ if (ignorelist == NULL)
++ ignorelist = ignorelist_create(/* invert = */ 1);
++
++ if (strcasecmp(key, "Interface") == 0) {
++ ignorelist_add(ignorelist, value);
++ } else if (strcasecmp(key, "IgnoreSelected") == 0) {
++ int invert = 1;
++ if (IS_TRUE(value))
++ invert = 0;
++ ignorelist_set_invert(ignorelist, invert);
++ }
++
++ return 0;
++}
++
++/* Copied from interface.c */
++static void snmp6_submit(const char *dev, const char *type, derive_t rx,
++ derive_t tx) {
++ value_list_t vl = VALUE_LIST_INIT;
++ value_t values[] = {
++ {.derive = rx},
++ {.derive = tx},
++ };
++
++ vl.values = values;
++ vl.values_len = STATIC_ARRAY_SIZE(values);
++ sstrncpy(vl.plugin, "snmp6", sizeof(vl.plugin));
++ sstrncpy(vl.plugin_instance, dev, sizeof(vl.plugin_instance));
++ sstrncpy(vl.type, type, sizeof(vl.type));
++
++ plugin_dispatch_values(&vl);
++} /* void if_submit */
++
++int snmp_read(char *ifname) {
++ FILE *fh;
++ char buffer[1024];
++ char *fields[2];
++ int numfields;
++ int currline = 0;
++ derive_t data[76];
++ char procpath[1024];
++ int offset = 0;
++
++ if (ignorelist_match(ignorelist, ifname) != 0)
++ return 0;
++
++ if (strncmp("all", ifname, strlen("all")) == 0) {
++ snprintf(procpath, 1024, "/proc/net/snmp6");
++ offset = 1;
++ } else {
++ snprintf(procpath, 1024, "/proc/net/dev_snmp6/%s", ifname);
++ }
++
++ if ((fh = fopen(procpath, "r")) == NULL) {
++ WARNING("snmp6 plugin: try opening %s : fopen: %s", procpath, STRERRNO);
++ return -1;
++ }
++
++ while (fgets(buffer, 1024, fh) != NULL) {
++ numfields = strsplit(buffer, fields, 2);
++
++ if (numfields < 2)
++ return -1;
++
++ data[currline++] = atoll(fields[1]);
++ }
++
++ fclose(fh);
++
++ if (currline < 28) {
++ return -1;
++ }
++
++ snmp6_submit(ifname, "if_octets", data[23 - offset], data[24 - offset]);
++ snmp6_submit(ifname, "if_octets_mcast", data[25 - offset], data[26 - offset]);
++ snmp6_submit(ifname, "if_octets_bcast", data[27 - offset], data[28 - offset]);
++ return 0;
++}
++
++int read_all_interfaces(void) {
++#ifndef HAVE_IFADDRS_H
++ return -1;
++#else
++
++ // getifaddrs is not working all the time (e.g. wireguard interfaces)
++ // instead we use if_nameindex() syscall as suggested in:
++ // https://stackoverflow.com/a/45796495/8474618
++ struct if_nameindex *if_nidxs, *intf;
++
++ if_nidxs = if_nameindex();
++
++ if (if_nidxs != NULL) {
++ for (intf = if_nidxs; intf->if_index != 0 || intf->if_name != NULL; intf++) {
++ snmp_read(intf->if_name);
++ }
++ if_freenameindex(if_nidxs);
++ }
++
++ snmp_read("all");
++ return 0;
++#endif
++}
++
++void module_register(void) {
++ plugin_register_config("snmp6", snmp6_config, config_keys, config_keys_num);
++ plugin_register_read("snmp6", read_all_interfaces);
++} /* void module_register */
+--- a/src/types.db
++++ b/src/types.db
+@@ -132,6 +132,8 @@ if_dropped rx:DERIVE:0:U, t
+ if_errors rx:DERIVE:0:U, tx:DERIVE:0:U
+ if_multicast value:DERIVE:0:U
+ if_octets rx:DERIVE:0:U, tx:DERIVE:0:U
++if_octets_mcast rx:DERIVE:0:U, tx:DERIVE:0:U
++if_octets_bcast rx:DERIVE:0:U, tx:DERIVE:0:U
+ if_packets rx:DERIVE:0:U, tx:DERIVE:0:U
+ if_rx_dropped value:DERIVE:0:U
+ if_rx_errors value:DERIVE:0:U
--- /dev/null
+--- /dev/null
++++ b/src/ipstatistics.c
+@@ -0,0 +1,104 @@
++/*
++ This Plugin is based opn the interface.c Plugin.
++*/
++#include <errno.h>
++#include <stdbool.h>
++#include <stdint.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++
++#include <ifaddrs.h>
++#include <net/if.h>
++#include <sys/types.h>
++
++#include "plugin.h"
++#include "utils/cmds/putval.h"
++#include "utils/common/common.h"
++
++/* Copied from interface.c */
++static void ipstatistics_submit(const char *type, derive_t ip4rx,
++ derive_t ip4tx, derive_t ip6rx, derive_t ip6tx) {
++ value_list_t vl = VALUE_LIST_INIT;
++ value_t values[] = {
++ {.derive = ip4rx},
++ {.derive = ip4tx},
++ {.derive = ip6rx},
++ {.derive = ip6tx}
++ };
++
++ vl.values = values;
++ vl.values_len = STATIC_ARRAY_SIZE(values);
++ sstrncpy(vl.plugin, "ipstatistics", sizeof(vl.plugin));
++ sstrncpy(vl.plugin_instance, "all", sizeof(vl.plugin_instance));
++ sstrncpy(vl.type, type, sizeof(vl.type));
++
++ plugin_dispatch_values(&vl);
++} /* void if_submit */
++
++int ipstatistics_read() {
++ FILE *fh;
++ char buffer[1024];
++ char *fields[19];
++ int numfields;
++
++ derive_t ip4_in = 0;
++ derive_t ip4_out = 0;
++ derive_t ip6_in = 0;
++ derive_t ip6_out = 0;
++
++ if ((fh = fopen("/proc/net/snmp6", "r")) == NULL) {
++ WARNING("ipstatistics plugin: try opening %s : fopen: %s", "/proc/net/snmp6",
++ STRERRNO);
++ return -1;
++ }
++
++ while (fgets(buffer, 1024, fh) != NULL) {
++ numfields = strsplit(buffer, fields, 2);
++
++ if (numfields < 2)
++ return -1;
++
++ if (strcasecmp(fields[0], "Ip6OutOctets") == 0) {
++ ip6_out = atoll(fields[1]);
++ }
++
++ if (strcasecmp(fields[0], "Ip6InOctets") == 0) {
++ ip6_in = atoll(fields[1]);
++ }
++ }
++
++ fclose(fh);
++
++ if ((fh = fopen("/proc/net/netstat", "r")) == NULL) {
++ WARNING("ipstatistics plugin: try opening %s : fopen: %s", "/proc/net/netstat",
++ STRERRNO);
++ return -1;
++ }
++
++ int count_ipext = 0;
++ while (fgets(buffer, 1024, fh) != NULL) {
++ numfields = strsplit(buffer, fields, 19);
++
++ if (numfields < 8)
++ return -1;
++
++ if (strcasecmp(fields[0], "IpExt:") == 0) {
++ count_ipext++;
++ if (count_ipext == 2) {
++ ip4_in = atoll(fields[7]);
++ ip4_out = atoll(fields[8]);
++ }
++ }
++ }
++
++ fclose(fh);
++
++ ipstatistics_submit("ip_stats_octets", ip4_in, ip4_out, ip6_in, ip6_out);
++ return 0;
++}
++
++void module_register(void) {
++ plugin_register_read("ipstatistics", ipstatistics_read);
++} /* void module_register */
++
+--- a/src/types.db
++++ b/src/types.db
+@@ -148,6 +148,7 @@ invocations value:DERIVE:0:U
+ io_octets rx:DERIVE:0:U, tx:DERIVE:0:U
+ io_ops read:DERIVE:0:U, write:DERIVE:0:U
+ io_packets rx:DERIVE:0:U, tx:DERIVE:0:U
++ip_stats_octets ip4rx:DERIVE:0:U, ip4tx:DERIVE:0:U, ip6rx:DERIVE:0:U, ip6tx:DERIVE:0:U
+ ipc value:GAUGE:0:U
+ ipt_bytes value:DERIVE:0:U
+ ipt_packets value:DERIVE:0:U
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -1239,6 +1239,12 @@ ipstats_la_SOURCES = src/ipstats.c
+ ipstats_la_LDFLAGS = $(PLUGIN_LDFLAGS)
+ endif
+
++if BUILD_PLUGIN_IPSTATISTICS
++pkglib_LTLIBRARIES += ipstatistics.la
++ipstatistics_la_SOURCES = src/ipstatistics.c
++ipstatistics_la_LDFLAGS = $(PLUGIN_LDFLAGS)
++endif
++
+ if BUILD_PLUGIN_IPVS
+ pkglib_LTLIBRARIES += ipvs.la
+ ipvs_la_SOURCES = src/ipvs.c
+--- a/configure.ac
++++ b/configure.ac
+@@ -7091,6 +7091,7 @@ AC_PLUGIN([ipc], [$plugi
+ AC_PLUGIN([ipmi], [$plugin_ipmi], [IPMI sensor statistics])
+ AC_PLUGIN([iptables], [$with_libiptc], [IPTables rule counters])
+ AC_PLUGIN([ipstats], [$plugin_ipstats], [IP packet statistics])
++AC_PLUGIN([ipstatistics], [yes], [IP4 and IP6 statistics])
+ AC_PLUGIN([ipvs], [$plugin_ipvs], [IPVS connection statistics])
+ AC_PLUGIN([irq], [$plugin_irq], [IRQ statistics])
+ AC_PLUGIN([iwinfo], [$with_iwinfo], [Common iwinfo wireless statistics])
+@@ -7542,6 +7543,7 @@ AC_MSG_RESULT([ ipc . . . . . . . . .
+ AC_MSG_RESULT([ ipmi . . . . . . . . $enable_ipmi])
+ AC_MSG_RESULT([ iptables . . . . . . $enable_iptables])
+ AC_MSG_RESULT([ ipstats . . . . . . . $enable_ipstats])
++AC_MSG_RESULT([ ipstatistics . . . . $enable_ipstatistics])
+ AC_MSG_RESULT([ ipvs . . . . . . . . $enable_ipvs])
+ AC_MSG_RESULT([ irq . . . . . . . . . $enable_irq])
+ AC_MSG_RESULT([ iwinfo . . . . . . . $enable_iwinfo])
+--- a/src/collectd.conf.in
++++ b/src/collectd.conf.in
+@@ -145,6 +145,7 @@
+ #@BUILD_PLUGIN_IPC_TRUE@LoadPlugin ipc
+ #@BUILD_PLUGIN_IPMI_TRUE@LoadPlugin ipmi
+ #@BUILD_PLUGIN_IPSTATS_TRUE@LoadPlugin ipstats
++#@BUILD_PLUGIN_IPSTATISTICS_TRUE@LoadPlugin ipstatistics
+ #@BUILD_PLUGIN_IPTABLES_TRUE@LoadPlugin iptables
+ #@BUILD_PLUGIN_IPVS_TRUE@LoadPlugin ipvs
+ #@BUILD_PLUGIN_IRQ_TRUE@LoadPlugin irq
include $(TOPDIR)/rules.mk
PKG_NAME:=conmon
-PKG_VERSION:=2.0.21
+PKG_VERSION:=2.0.24
PKG_RELEASE:=1
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/containers/$(PKG_NAME)/archive/v$(PKG_VERSION)
-PKG_HASH:=03c357c2ee35317e781111d59c4f3fb34033e77a17a8f4221f2ed6d3bcc10c25
+PKG_HASH:=e00bc44a8bd783fd417a5c90d3b8c15035ddc69b18350a31258e7f79aec8c697
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
+PKG_BUILD_DEPENDS:=golang/host
PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
include $(TOPDIR)/rules.mk
PKG_NAME:=containerd
-PKG_VERSION:=1.3.7
-PKG_RELEASE:=1
+PKG_VERSION:=1.4.3
+PKG_RELEASE:=3
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/containerd/containerd/tar.gz/v${PKG_VERSION}?
-PKG_HASH:=d30d59e143697aa4f0960205b3f5ac59c573b332f20507740ef2dc0fb5ae8ded
-PKG_SOURCE_VERSION:=8fba4e9a7d01810a393d5d25a3621dc101981175
+PKG_HASH:=bc6d9452c700af0ebc09c0da8ddba55be4c03ac8928e72ca92d98905800c8018
+PKG_SOURCE_VERSION:=269548fa27e0089a8b8278fc4fc781d7f65a939b
PKG_MAINTAINER:=Gerard Ryan <G.M0N3Y.2503@gmail.com>
PKG_BUILD_DEPENDS:=golang/host
PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
+PKG_USE_MIPS16:=0
GO_PKG:=github.com/containerd/containerd
include $(INCLUDE_DIR)/package.mk
include ../../lang/golang/golang-package.mk
-define Package/containerd/config
-config CONTAINERD_SECCOMP
- depends on PACKAGE_containerd
- bool "Enable support for seccomp in containerd"
- default DOCKER_SECCOMP
- select KERNEL_SECCOMP
- help
- Build containerd with support for seccomp filters.
- Also pulls-in the needed kernel features.
-endef
-
define Package/containerd
SECTION:=utils
CATEGORY:=Utilities
TITLE:=containerd container runtime
URL:=https://containerd.io/
- DEPENDS:=$(GO_ARCH_DEPENDS) @(aarch64||arm||x86_64) +btrfs-progs +runc +libseccomp
+ DEPENDS:=$(GO_ARCH_DEPENDS) +btrfs-progs +runc
MENU:=1
endef
VERSION=$(PKG_VERSION) \
REVISION=$(PKG_SOURCE_VERSION)
-ifeq ($(CONFIG_CONTAINERD_SECCOMP),y)
-MAKE_FLAGS += BUILDTAGS='seccomp'
+ifeq ($(CONFIG_SELINUX),y)
+MAKE_FLAGS += BUILDTAGS='selinux'
else
MAKE_FLAGS += BUILDTAGS=''
endif
define Package/containerd/install
$(INSTALL_DIR) $(1)/usr/bin/
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/bin/{ctr,containerd,containerd-stress,containerd-shim} $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/bin/{ctr,containerd,containerd-stress,containerd-shim,containerd-shim-runc-v1,containerd-shim-runc-v2} $(1)/usr/bin/
endef
$(eval $(call BuildPackage,containerd))
include $(TOPDIR)/rules.mk
PKG_NAME:=coremark
-PKG_SOURCE_DATE:=2020-09-16
-PKG_SOURCE_VERSION:=41537ea30b0104438b4ff993e7d349af26900acf
-PKG_RELEASE:=2
+PKG_SOURCE_DATE:=2020-12-17
+PKG_SOURCE_VERSION:=5e0f662ce709f1af8d272bd8d3960034603d3850
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_DATE).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/eembc/coremark/tar.gz/$(PKG_SOURCE_VERSION)?
-PKG_HASH:=ebbaa7463084b3261438b9b378c1968532156f7fb90bf3f94f45f0b0b817e181
+PKG_HASH:=fb0a2ee2113322eb976fa521d0ac033a997e0097185c2c2325d84ca94a7f5a6d
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_SOURCE_VERSION)
PKG_MAINTAINER:=Lim Guo Wei <limguowei@gmail.com>
PKG_NAME:=coreutils
PKG_VERSION:=8.32
-PKG_RELEASE:=5
+PKG_RELEASE:=6
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@GNU/coreutils
base32 b2sum basenc csplit dir dircolors fmt join numfmt pathchk pinky \
pr ptx sha224sum sha384sum stdbuf tsort vdir
-$(eval $(foreach a,$(DIR_BIN),ALTS_$(a):=300:/bin/$(a):/usr/bin/gnu-$(a)$(newline)))
-$(eval $(foreach a,$(DIR_USR_BIN),ALTS_$(a):=300:/usr/bin/$(a):/usr/bin/gnu-$(a)$(newline)))
-$(eval $(foreach a,$(DIR_USR_SBIN),ALTS_$(a):=300:/usr/sbin/$(a):/usr/bin/gnu-$(a)$(newline)))
+$(eval $(foreach a,$(DIR_BIN),ALTS_$(a):=300:/bin/$(a):/usr/libexec/$(a)-coreutils$(newline)))
+$(eval $(foreach a,$(DIR_USR_BIN),ALTS_$(a):=300:/usr/bin/$(a):/usr/libexec/$(a)-coreutils$(newline)))
+$(eval $(foreach a,$(DIR_USR_SBIN),ALTS_$(a):=300:/usr/sbin/$(a):/usr/libexec/$(a)-coreutils$(newline)))
DEPENDS_sort = +libpthread
DEPENDS_timeout = +librt
define BuildPlugin
define Package/$(1)/install
- $(INSTALL_DIR) $$(1)/usr/bin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/$(2) $$(1)/usr/bin/$(if $(ALTS_$(2)),gnu-$(2),$(2))
+ $(INSTALL_DIR) $$(1)/usr/$(if $(ALTS_$(2)),libexec,bin)
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/$(2) $$(1)/usr/$(if $(ALTS_$(2)),libexec/$(2)-coreutils,bin/$(2))
$(foreach f,$(FILES_$(2)),
$(INSTALL_DIR) $$(1)/$(dir $(f))
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/$(f) $$(1)/$(f)
include $(TOPDIR)/rules.mk
PKG_NAME:=ctop
-PKG_VERSION:=0.7.4
+PKG_VERSION:=0.7.5
PKG_RELEASE:=1
PKG_SOURCE:=v$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/bcicen/ctop/archive
-PKG_HASH:=55d9a3c6d4cddf6f1afdd52401bb709d3265a96c45fdc51bfa4223467c5d7fb1
+PKG_HASH:=a9a3be0e5eab2fee6b44a5d063188a354f9c0dde3d96a169d1490981f7826e9a
PKG_MAINTAINER:=Javier Marcet <javier@marcet.info>
PKG_LICENSE:=MIT
PKG_BUILD_DEPENDS:=golang/host
PKG_BUILD_PARALLEL:=1
+PKG_USE_MIPS16:=0
GO_PKG:=github.com/bcicen/ctop
CATEGORY:=Utilities
TITLE:=Top-like interface for container metrics
URL:=https://ctop.sh/
- DEPENDS:=$(GO_ARCH_DEPENDS) @(aarch64||arm||x86_64)
+ DEPENDS:=$(GO_ARCH_DEPENDS)
endef
define Package/ctop/description
+++ /dev/null
-config DOCKER_KERNEL_OPTIONS
- bool "Enable Basic kernel support for Docker"
- depends on PACKAGE_docker-ce
- default y
- select KERNEL_CGROUPS
- select KERNEL_CGROUP_CPUACCT
- select KERNEL_CGROUP_DEVICE
- select KERNEL_CGROUP_FREEZER
- select KERNEL_CGROUP_SCHED
- select KERNEL_NAMESPACES
- select KERNEL_CPUSETS
- select KERNEL_MEMCG
- select KERNEL_KEYS
- select KERNEL_POSIX_MQUEUE
- help
- Select needed kernel options for Docker. Options include
- cgroups, namespaces and other miscellaneous options.
- see also https://github.com/docker/engine/blob/master/contrib/check-config.sh
-
-config DOCKER_SECCOMP
- bool "Enable support for seccomp in Docker"
- depends on PACKAGE_docker-ce
- default n
- select KERNEL_SECCOMP
- select PACKAGE_libseccomp
- help
- Build Docker with support for seccomp filters.
- Select libseccomp which also pulls-in the needed kernel features.
-
-config DOCKER_RES_SHAPE
- bool "Enables support for resource shaping"
- depends on PACKAGE_docker-ce
- default n
- select KERNEL_MEMCG_SWAP
- select KERNEL_MEMCG_SWAP_ENABLED
- select KERNEL_BLK_DEV_THROTTLING
- select KERNEL_CFQ_GROUP_IOSCHED
- select KERNEL_CGROUP_PERF
- select KERNEL_CGROUP_HUGETLB
- select KERNEL_FAIR_GROUP_SCHED
- select KERNEL_NET_CLS_CGROUP
- select KERNEL_CGROUP_NET_CLASSID
- select KERNEL_CGROUP_NET_PRIO
- select KERNEL_CFS_BANDWIDTH
- select KERNEL_RT_GROUP_SCHED
-
-menu "Network"
- depends on PACKAGE_docker-ce
-
- config DOCKER_NET_OVERLAY
- bool "Enables the Overlay network feature"
- default n
- select PACKAGE_kmod-udptunnel4
- help
- Selects kernel options for the Overlay network feature.
- Includes udptunnel4
-
- config DOCKER_NET_ENCRYPT
- bool "Enable encrypted networking kernel support"
- depends on DOCKER_NET_OVERLAY
- default n
- select PACKAGE_kmod-ipsec
- select PACKAGE_kmod-ipsec4
- select PACKAGE_kmod-crypto-gcm
- select PACKAGE_kmod-crypto-ghash
- help
- Select needed kernel options for encrypted networking support.
-
- config DOCKER_NET_MACVLAN
- bool "Enables macvlan kernel support"
- default n
- select PACKAGE_kmod-macvlan
- select PACKAGE_kmod-dummy
-
- config DOCKER_NET_TFTP
- bool "Enable ftp/tftp client kernel support"
- default n
- select PACKAGE_kmod-nf-nathelper
- select PACKAGE_kmod-nf-nathelper-extra
-endmenu
-
-menu "Storage"
- depends on PACKAGE_docker-ce
-
- config DOCKER_STO_EXT4
- bool "Enables support for ext3 or ext4 as the backing filesystem"
- default n
- select KERNEL_EXT4_FS_POSIX_ACL
-
- config DOCKER_STO_BTRFS
- bool "Enables support for btrfs as the backing filesystem"
- default n
- select PACKAGE_kmod-fs-btrfs
- select KERNEL_BTRFS_FS_POSIX_ACL
-endmenu
+++ /dev/null
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=docker-ce
-PKG_VERSION:=19.03.13
-PKG_RELEASE:=5
-PKG_LICENSE:=Apache-2.0
-PKG_LICENSE_FILES:=components/cli/LICENSE components/engine/LICENSE
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://codeload.github.com/docker/docker-ce/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=b2ff08675738031b6d6d59a90226657c16726851957c11b5fb85a4598b933b92
-PKG_SOURCE_VERSION:=4484c46d9d # SHA1 used within the docker executables
-
-PKG_MAINTAINER:=Gerard Ryan <G.M0N3Y.2503@gmail.com>
-
-# $(1) = path to dependent package 'Makefile'
-# $(2) = relevant docker-ce '.installer' file
-define EnsureVendoredVersion
- ( \
- DEP_VER=$$$$( grep --only-matching --perl-regexp '(?<=PKG_SOURCE_VERSION:=)(.*)' "$(1)" ); \
- VEN_VER=$$$$( grep --only-matching --perl-regexp '(?<=_COMMIT:=)(.*)(?=})' "$(PKG_BUILD_DIR)/components/engine/hack/dockerfile/install/$(2)" ); \
- if [ $$$$VEN_VER != $$$$DEP_VER ]; then \
- echo "ERROR: Expected 'PKG_SOURCE_VERSION:=$$$$VEN_VER' in '$(1)', found 'PKG_SOURCE_VERSION:=$$$$DEP_VER'"; \
- exit 1; \
- fi \
- )
-endef
-
-PKG_BUILD_DEPENDS:=golang/host
-PKG_BUILD_PARALLEL:=1
-
-GO_PKG:=github.com/docker
-
-include $(INCLUDE_DIR)/package.mk
-include ../../lang/golang/golang-package.mk
-
-define Package/docker-ce/config
- source "$(SOURCE)/Config.in"
-endef
-
-define Package/docker-ce
- SECTION:=utils
- CATEGORY:=Utilities
- TITLE:=Docker Community Edition
- URL:=https://www.docker.com/
- DEPENDS:=$(GO_ARCH_DEPENDS) @(aarch64||arm||x86_64) +btrfs-progs +ca-certificates +cgroupfs-mount +containerd +libdevmapper +libnetwork +tini \
- +DOCKER_SECCOMP:libseccomp +iptables-mod-extra +kmod-br-netfilter +kmod-ikconfig +kmod-nf-conntrack-netlink +kmod-nf-ipvs +kmod-veth
- USERID:=docker:docker
- MENU:=1
-endef
-
-define Package/docker-ce/conffiles
-/etc/config/dockerd
-endef
-
-define Package/docker-ce/description
- Docker Engine is used by millions enables containerized applications
- to run anywhere consistently on any infrastructure.
-endef
-
-define Build/Prepare
- $(Build/Prepare/Default)
-
- # Verify dependencies are the vendored version
- $(call EnsureVendoredVersion,../containerd/Makefile,containerd.installer)
- $(call EnsureVendoredVersion,../libnetwork/Makefile,proxy.installer)
- $(call EnsureVendoredVersion,../runc/Makefile,runc.installer)
- $(call EnsureVendoredVersion,../tini/Makefile,tini.installer)
-endef
-
-define Build/Configure
- # move so GoPackage/Build/Configure will get the correct path
- mv $(PKG_BUILD_DIR)/components/engine $(PKG_BUILD_DIR)/
- mv $(PKG_BUILD_DIR)/components/cli $(PKG_BUILD_DIR)/
-
- # docker generates files at build time so we'll just symlink for now and call GoPackage/Build/Configure later
- mkdir -p $(GO_PKG_BUILD_DIR)/bin \
- $(GO_PKG_BUILD_DIR)/src \
- $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/ \
- $(GO_BUILD_CACHE_DIR)
- $(LN) $(PKG_BUILD_DIR)/cli $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/cli
- $(LN) $(PKG_BUILD_DIR)/engine $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/docker
-endef
-
-ifeq ($(CONFIG_DOCKER_SECCOMP),y)
-BUILDTAGS:=seccomp
-else
-BUILDTAGS:=
-endif
-
-define Build/Compile
- ( \
- export $(GO_PKG_VARS) \
- GITCOMMIT=$(PKG_SOURCE_VERSION) \
- DOCKER_GITCOMMIT=$(PKG_SOURCE_VERSION) \
- DOCKER_BUILDTAGS='$(BUILDTAGS)' \
- VERSION=$(PKG_VERSION) \
- \
- && echo "Compiling CLI..." \
- && cd $(PKG_BUILD_DIR)/cli \
- && ./scripts/build/binary \
- \
- && echo "Compiling Engine..." \
- && cd $(PKG_BUILD_DIR)/engine \
- && ./hack/make.sh binary \
- )
-
- # done here to include autogenerated files also
- rm $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/cli
- rm $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/docker
- $(call GoPackage/Build/Configure)
-endef
-
-define Package/docker-ce/install
- $(INSTALL_DIR) $(1)/usr/bin/
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/cli/build/docker $(1)/usr/bin/
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/engine/bundles/binary-daemon/dockerd $(1)/usr/bin/
-
- $(INSTALL_DIR) $(1)/opt/docker/
- $(INSTALL_DIR) $(1)/usr/share/docker/
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/engine/contrib/check-config.sh $(1)/usr/share/docker/
-
- $(INSTALL_DIR) $(1)/etc/init.d
- $(INSTALL_BIN) ./files/dockerd.init $(1)/etc/init.d/dockerd
-
- $(INSTALL_DIR) $(1)/etc/config
- $(INSTALL_CONF) ./files/etc/config/dockerd $(1)/etc/config/dockerd
-
- # Must be after systcl 11-br-netfilter.conf from kmod-br-netfilter
- $(INSTALL_DIR) $(1)/etc/sysctl.d
- $(INSTALL_DATA) ./files/etc/sysctl.d/sysctl-br-netfilter-ip.conf \
- $(1)/etc/sysctl.d/12-br-netfilter-ip.conf
-endef
-
-define Package/docker-ce/postinst
-#!/bin/sh
-[ -n "$$IPKG_INSTROOT" ] || {
- /etc/init.d/dockerd enable
- /etc/init.d/dockerd uciadd
- /etc/init.d/dockerd start
-}
-endef
-
-define Package/docker-ce/prerm
-#!/bin/sh
-[ -n "$$IPKG_INSTROOT" ] || {
- /etc/init.d/dockerd disable
- /etc/init.d/dockerd stop
- /etc/init.d/dockerd ucidel
-}
-endef
-
-$(eval $(call BuildPackage,docker-ce))
+++ /dev/null
-#!/bin/sh /etc/rc.common
-
-USE_PROCD=1
-START=25
-
-extra_command "uciadd" "<interface> <device> <zone> Add docker bridge configuration to network and firewall uci config"
-extra_command "ucidel" "<interface> <device> <zone> Delete docker bridge configuration from network and firewall uci config"
-
-DOCKER_CONF_DIR="/tmp/dockerd"
-DOCKERD_CONF="${DOCKER_CONF_DIR}/daemon.json"
-
-uci_quiet() {
- uci -q "${@}" >/dev/null
-}
-
-json_add_array_string() {
- json_add_string "" "${1}"
-}
-
-boot() {
- uciadd
- rc_procd start_service
-}
-
-uciadd() {
- local iface="${1}"
- local device="${2}"
- local zone="${3}"
-
- [ -z "${iface}" ] && {
- iface="docker"
- device="docker0"
- zone="docker"
- }
-
- /etc/init.d/dockerd running && {
- echo "Please stop dockerd service first"
- exit 0
- }
-
- # Add network interface
- if ! uci_quiet get network.${iface}; then
- logger -t "dockerd-init" -p notice "Adding docker default interface to network uci config (${iface})"
- uci_quiet add network interface
- uci_quiet rename network.@interface[-1]="${iface}"
- uci_quiet set network.@interface[-1].ifname="${device}"
- uci_quiet set network.@interface[-1].proto="none"
- uci_quiet set network.@interface[-1].auto="0"
- uci_quiet commit network
- fi
-
- # Add docker bridge device
- if ! uci_quiet get network.${device}; then
- logger -t "dockerd-init" -p notice "Adding docker default bridge device to network uci config (${device})"
- uci_quiet add network device
- uci_quiet rename network.@device[-1]="${device}"
- uci_quiet set network.@device[-1].type="bridge"
- uci_quiet set network.@device[-1].name="${device}"
- uci_quiet add_list network.@device[-1].ifname="${device}"
- uci_quiet commit network
- fi
-
- # Add firewall zone
- if ! uci_quiet get firewall.${zone}; then
- logger -t "dockerd-init" -p notice "Adding docker default firewall zone to firewall uci config (${zone})"
- uci_quiet add firewall zone
- uci_quiet rename firewall.@zone[-1]="${zone}"
- uci_quiet set firewall.@zone[-1].network="${iface}"
- uci_quiet set firewall.@zone[-1].input="REJECT"
- uci_quiet set firewall.@zone[-1].output="ACCEPT"
- uci_quiet set firewall.@zone[-1].forward="REJECT"
- uci_quiet set firewall.@zone[-1].name="${zone}"
- uci_quiet commit firewall
- fi
-
- reload_config
-}
-
-ucidel() {
- local iface="${1}"
- local device="${2}"
- local zone="${3}"
-
- [ -z "${iface}" ] && {
- iface="docker"
- device="docker0"
- zone="docker"
- }
-
- /etc/init.d/dockerd running && {
- echo "Please stop dockerd service first"
- exit 0
- }
-
- if uci_quiet get network.${device}; then
- logger -t "dockerd-init" -p notice "Deleting docker default bridge device from network uci config (${device})"
- uci_quiet delete network.${device}
- uci_quiet commit network
- fi
-
- if uci_quiet get network.${iface}; then
- logger -t "dockerd-init" -p notice "Deleting docker default interface from network uci config (${iface})"
- uci_quiet delete network.${iface}
- uci_quiet commit network
- fi
-
- if uci_quiet get firewall.${zone}; then
- logger -t "dockerd-init" -p notice "Deleting docker firewall zone from firewall uci config (${zone})"
- uci_quiet delete firewall.${zone}
- uci_quiet commit firewall
- fi
-
- reload_config
-}
-
-process_config() {
- local alt_config_file data_root log_level iptables bip
-
- [ -f /etc/config/dockerd ] || {
- # Use the daemon default configuration
- DOCKERD_CONF=""
- return 0
- }
-
- # reset configuration
- rm -fr "${DOCKER_CONF_DIR}"
- mkdir -p "${DOCKER_CONF_DIR}"
-
- config_load 'dockerd'
- config_get alt_config_file globals alt_config_file
- [ -n "${alt_config_file}" ] && [ -f "${alt_config_file}" ] && {
- ln -s "${alt_config_file}" "${DOCKERD_CONF}"
- return 0
- }
-
- config_get data_root globals data_root "/opt/docker/"
- config_get log_level globals log_level "warn"
- config_get_bool iptables globals iptables "1"
- config_get bip globals bip ""
-
- . /usr/share/libubox/jshn.sh
- json_init
- json_add_string "data-root" "${data_root}"
- json_add_string "log-level" "${log_level}"
- [ -z "${bip}" ] || json_add_string "bip" "${bip}"
- json_add_array "registry-mirrors"
- config_list_foreach globals registry_mirrors json_add_array_string
- json_close_array
- json_add_array "hosts"
- config_list_foreach globals hosts json_add_array_string
- json_close_array
-
- json_add_boolean iptables "${iptables}"
- [ "${iptables}" -ne "0" ] && config_foreach iptables_add_blocking_rule firewall
-
- json_dump > "${DOCKERD_CONF}"
-}
-
-start_service() {
- local nofile=$(cat /proc/sys/fs/nr_open)
-
- process_config
-
- procd_open_instance
- procd_set_param stderr 1
- if [ -z "${DOCKERD_CONF}" ]; then
- procd_set_param command /usr/bin/dockerd
- else
- procd_set_param command /usr/bin/dockerd --config-file="${DOCKERD_CONF}"
- fi
- procd_set_param limits nofile="${nofile} ${nofile}"
- procd_close_instance
-}
-
-reload_service() {
- process_config
- procd_send_signal dockerd
-}
-
-service_triggers() {
- procd_add_reload_trigger 'dockerd'
-}
-
-iptables_add_blocking_rule() {
- local cfg="${1}"
-
- local device=""
- local extra_iptables_args=""
-
- handle_iptables_rule() {
- local interface="${1}"
- local outbound="${2}"
- local extra_iptables_args="${3}"
-
- local inbound=""
-
- . /lib/functions/network.sh
- network_get_physdev inbound "${interface}"
-
- [ -z "${inbound}" ] && {
- logger -t "dockerd-init" -p notice "Unable to get physical device for interface ${interface}"
- return
- }
-
- # Ignore errors as it might already be present
- iptables --table filter --new DOCKER-USER 2>/dev/null
- if ! iptables --table filter --check DOCKER-USER --in-interface "${inbound}" --out-interface "${outbound}" ${extra_iptables_args} --jump DROP 2>/dev/null; then
- logger -t "dockerd-init" -p notice "Drop traffic from ${inbound} to ${outbound}"
- iptables --table filter --insert DOCKER-USER --in-interface "${inbound}" --out-interface "${outbound}" ${extra_iptables_args} --jump DROP
- fi
- }
-
- config_get device "${cfg}" device
-
- [ -z "${device}" ] && {
- logger -t "dockerd-init" -p notice "No device configured for ${cfg}"
- return
- }
-
- config_get extra_iptables_args "${cfg}" extra_iptables_args
- config_list_foreach "${cfg}" blocked_interfaces handle_iptables_rule "${device}" "${extra_iptables_args}"
-}
-
-stop_service() {
- if /etc/init.d/dockerd running; then
- service_stop "/usr/bin/dockerd"
- fi
-}
+++ /dev/null
-# The following settings require a restart of docker to take full effect, A reload will only have partial or no effect:
-# bip
-# blocked_interfaces
-# extra_iptables_args
-# device
-
-config globals 'globals'
-# option alt_config_file "/etc/docker/daemon.json"
- option data_root "/opt/docker/"
- option log_level "warn"
- list hosts "unix:///var/run/docker.sock"
- option bip "172.18.0.1/24"
-# option iptables "0"
-# list registry_mirrors "https://<my-docker-mirror-host>"
-# list registry_mirrors "https://hub.docker.com"
-
-# Docker ignores fw3 rules and by default all external source IPs are allowed to connect to the Docker host.
-# See https://docs.docker.com/network/iptables/ for more details.
-# firewall config changes are only additive i.e firewall will need to be restarted first to clear old changes,
-# then docker restarted to load in new changes.
-config firewall 'firewall'
- option device 'docker0'
- list blocked_interfaces 'wan'
-# option extra_iptables_args '--match conntrack ! --ctstate RELATED,ESTABLISHED' # allow outbound connections
+++ /dev/null
-# Do not edit, changes to this file will be lost on upgrades
-# /etc/sysctl.conf can be used to customize sysctl settings
-
-# enable bridge firewalling for docker
-net.bridge.bridge-nf-call-ip6tables=1
-net.bridge.bridge-nf-call-iptables=1
-
+++ /dev/null
-Index: docker-ce-18.09.0/components/engine/hack/make.sh
-===================================================================
---- docker-ce-18.09.0.orig/components/engine/hack/make.sh
-+++ docker-ce-18.09.0/components/engine/hack/make.sh
-@@ -129,7 +129,7 @@ fi
- # with a newer libdevmapper than the one it was built with.
- if \
- command -v gcc &> /dev/null \
-- && ! ( echo -e '#include <libdevmapper.h>\nint main() { dm_task_deferred_remove(NULL); }'| gcc -xc - -o /dev/null $(pkg-config --libs devmapper) &> /dev/null ) \
-+ && ! ( echo -e '#include <libdevmapper.h>\nint main() { dm_task_deferred_remove(NULL); }'| gcc -xc - -o /dev/null $(pkg-config --libs libdevmapper) &> /dev/null ) \
- ; then
- add_buildtag libdm dlsym_deferred_remove
- fi
+++ /dev/null
-From 2fdfb4404ab811cb00227a3de111437b829e55cf Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Wed, 17 Jul 2019 17:34:04 +0800
-Subject: [PATCH] imporve hardcoded CC on cross compile
-
-Since commit applied in moby [61a3285 Support cross-compile for arm]
-it hardcoded var-CC to support cross-compile for arm
-
-Correct it with "${parameter:-word}" format, it is helpful for user
-define toolchains
-
-(Use Default Values. If parameter is unset or null, the expansion of
-word is substituted. Otherwise, the value of parameter is substituted.)
-
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
-Upstream-commit: 3c701e4db1b8646c2324ae524b4e7ca1b1147a07
-Component: engine
----
- components/engine/hack/make/.binary | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/components/engine/hack/make/.binary b/components/engine/hack/make/.binary
-index 53de6749e5..66f4ca05f3 100644
---- a/components/engine/hack/make/.binary
-+++ b/components/engine/hack/make/.binary
-@@ -44,27 +44,27 @@ if [ "$(go env GOOS)/$(go env GOARCH)" != "$(go env GOHOSTOS)/$(go env GOHOSTARC
- # must be cross-compiling!
- case "$(go env GOOS)/$(go env GOARCH)" in
- windows/amd64)
-- export CC=x86_64-w64-mingw32-gcc
-+ export CC="${CC:-x86_64-w64-mingw32-gcc}"
- export CGO_ENABLED=1
- ;;
- linux/arm)
- case "${GOARM}" in
- 5|"")
-- export CC=arm-linux-gnueabi-gcc
-+ export CC="${CC:-arm-linux-gnueabi-gcc}"
- export CGO_ENABLED=1
- ;;
- 7)
-- export CC=arm-linux-gnueabihf-gcc
-+ export CC="${CC:-arm-linux-gnueabihf-gcc}"
- export CGO_ENABLED=1
- ;;
- esac
- ;;
- linux/arm64)
-- export CC=aarch64-linux-gnu-gcc
-+ export CC="${CC:-aarch64-linux-gnu-gcc}"
- export CGO_ENABLED=1
- ;;
- linux/amd64)
-- export CC=x86_64-linux-gnu-gcc
-+ export CC="${CC:-x86_64-linux-gnu-gcc}"
- export CGO_ENABLED=1
- ;;
- esac
include $(TOPDIR)/rules.mk
PKG_NAME:=docker-compose
-PKG_VERSION:=1.27.4
+PKG_VERSION:=1.28.2
PKG_RELEASE:=1
PYPI_NAME:=docker-compose
-PKG_HASH:=5a5690f24c27d4b43dcbe6b3fae91ba680713208e99ee863352b3bae37bcaa83
+PKG_HASH:=2f148b590414915d029dad7551f4cdf0b03a774dc9baa674480217236d260cc1
PKG_MAINTAINER:=Javier Marcet <javier@marcet.info>
PKG_LICENSE:=Apache-2.0
CATEGORY:=Utilities
TITLE:=Docker Compose
URL:=https://github.com/docker/compose
- DEPENDS+=+docker-ce \
+ DEPENDS+=+docker \
+python3-light \
+python3-cached-property \
+python3-distro \
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=docker
+PKG_VERSION:=20.10.2
+PKG_RELEASE:=1
+PKG_LICENSE:=Apache-2.0
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/docker/cli/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=a663f54a158c6b2b23b253b14bf0de56ff035750098e760319de1edb7f4ae76d
+PKG_SOURCE_VERSION:=2291f61 # SHA1 used within the docker executable
+
+PKG_MAINTAINER:=Gerard Ryan <G.M0N3Y.2503@gmail.com>
+
+PKG_BUILD_DEPENDS:=golang/host
+PKG_BUILD_PARALLEL:=1
+PKG_USE_MIPS16:=0
+
+GO_PKG:=github.com/docker/cli
+
+include $(INCLUDE_DIR)/package.mk
+include ../../lang/golang/golang-package.mk
+
+define Package/docker
+ SECTION:=utils
+ CATEGORY:=Utilities
+ TITLE:=Docker Community Edition CLI
+ URL:=https://www.docker.com/
+ DEPENDS:=$(GO_ARCH_DEPENDS)
+endef
+
+define Package/docker/description
+The CLI used in the Docker CE and Docker EE products.
+endef
+
+TAR_OPTIONS:=--strip-components 1 $(TAR_OPTIONS)
+TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS)
+
+define Build/Compile
+ ( \
+ cd $(PKG_BUILD_DIR); \
+ $(GO_PKG_VARS) \
+ GITCOMMIT=$(PKG_SOURCE_VERSION) \
+ VERSION=$(PKG_VERSION) \
+ ./scripts/build/binary; \
+ )
+endef
+
+define Package/docker/install
+ $(INSTALL_DIR) $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/build/docker $(1)/usr/bin/
+endef
+$(eval $(call BuildPackage,docker))
--- /dev/null
+# These options are mostly specified by https://github.com/moby/moby/blob/master/contrib/check-config.sh
+
+config DOCKER_CGROUP_OPTIONS
+ bool "Enable available kernel support for CGroupsV1"
+ default n
+ depends on PACKAGE_dockerd
+ select KERNEL_CGROUP_DEVICE
+ select KERNEL_CGROUP_FREEZER
+ select KERNEL_NET_CLS_CGROUP
+ select KERNEL_CGROUP_NET_PRIO
+ select PACKAGE_cgroupfs-mount
+ help
+ Selects kernel options to enable CGroups V1.
+
+config DOCKER_OPTIONAL_FEATURES
+ bool "Enable optional kernel support for Docker"
+ default n
+ depends on PACKAGE_dockerd
+ select KERNEL_MEMCG_SWAP_ENABLED
+ select KERNEL_CFQ_GROUP_IOSCHED
+ select KERNEL_CGROUP_PERF
+ select KERNEL_CGROUP_HUGETLB
+ help
+ Select 'Optional Features' kernel options for Docker that are unselected.
+ See https://github.com/moby/moby/blob/master/contrib/check-config.sh
+
+menu "Network"
+ depends on PACKAGE_dockerd
+
+ config DOCKER_NET_OVERLAY
+ bool "Includes the Overlay network feature"
+ default n
+ select PACKAGE_kmod-vxlan
+ help
+ Selects kmod-vxlan for the Overlay network feature.
+
+ config DOCKER_NET_ENCRYPT
+ bool "Includes encrypted networking kernel modules"
+ depends on DOCKER_NET_OVERLAY
+ default n
+ select PACKAGE_kmod-crypto-gcm
+ select PACKAGE_kmod-crypto-seqiv
+ select PACKAGE_kmod-crypto-ghash
+ select PACKAGE_kmod-ipsec
+ help
+ Select needed kernel modules for encrypted networking support.
+
+ config DOCKER_NET_MACVLAN
+ bool "Includes macvlan kernel modules"
+ default n
+ select PACKAGE_kmod-macvlan
+ select PACKAGE_kmod-dummy
+
+ config DOCKER_NET_TFTP
+ bool "Includes ftp/tftp client kernel modules"
+ default n
+ select PACKAGE_kmod-nf-nathelper
+ select PACKAGE_kmod-nf-nathelper-extra
+endmenu
+
+menu "Storage"
+ depends on PACKAGE_dockerd
+
+ config DOCKER_STO_EXT4
+ bool "Enables support for ext3 or ext4 as the backing filesystem"
+ default n
+ select KERNEL_EXT4_FS_POSIX_ACL
+ select KERNEL_EXT4_FS_SECURITY
+
+ config DOCKER_STO_BTRFS
+ bool "Enables support for btrfs as the backing filesystem"
+ default n
+ select KERNEL_BTRFS_FS_POSIX_ACL
+endmenu
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=dockerd
+PKG_VERSION:=20.10.2
+PKG_RELEASE:=2
+PKG_LICENSE:=Apache-2.0
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/moby/moby/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=dc4818f0cba2ded2f6f7420a1fda027ddbf6c6c9fe319f84d1311bfe610447ca
+PKG_SOURCE_VERSION:=8891c58 # SHA1 used within the docker executables
+
+PKG_MAINTAINER:=Gerard Ryan <G.M0N3Y.2503@gmail.com>
+
+PKG_BUILD_DEPENDS:=golang/host
+PKG_BUILD_PARALLEL:=1
+PKG_USE_MIPS16:=0
+
+GO_PKG:=github.com/docker/docker
+
+include $(INCLUDE_DIR)/package.mk
+include ../../lang/golang/golang-package.mk
+
+define Package/dockerd/config
+ source "$(SOURCE)/Config.in"
+endef
+
+define Package/dockerd
+ SECTION:=utils
+ CATEGORY:=Utilities
+ TITLE:=Docker Community Edition Daemon
+ URL:=https://www.docker.com/
+ DEPENDS:=$(GO_ARCH_DEPENDS) +btrfs-progs +ca-certificates +containerd +libdevmapper +libnetwork +tini \
+ +KERNEL_SECCOMP:libseccomp +iptables-mod-extra +kmod-br-netfilter +kmod-ikconfig +kmod-nf-conntrack-netlink +kmod-nf-ipvs \
+ +kmod-nf-nat +kmod-veth
+ USERID:=docker:docker
+ MENU:=1
+endef
+
+define Package/dockerd/conffiles
+/etc/config/dockerd
+endef
+
+define Package/dockerd/description
+The Docker CE Engine.
+endef
+
+TAR_OPTIONS:=--strip-components 1 $(TAR_OPTIONS)
+TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS)
+
+# $(1) = path to dependent package 'Makefile'
+# $(2) = relevant dependency '.installer' file
+define EnsureVendoredVersion
+ ( \
+ DEP_VER=$$$$( grep --only-matching --perl-regexp '(?<=PKG_SOURCE_VERSION:=)(.*)' "$(1)" ); \
+ VEN_VER=$$$$( grep --only-matching --perl-regexp '(?<=_COMMIT:=)(.*)(?=})' "$(PKG_BUILD_DIR)/hack/dockerfile/install/$(2)" ); \
+ if [ $$$$VEN_VER != $$$$DEP_VER ]; then \
+ echo "ERROR: Expected 'PKG_SOURCE_VERSION:=$$$$VEN_VER' in '$(1)', found 'PKG_SOURCE_VERSION:=$$$$DEP_VER'"; \
+ exit 1; \
+ fi \
+ )
+endef
+
+define Build/Prepare
+ $(Build/Prepare/Default)
+
+ # Verify dependencies are the vendored version
+ $(call EnsureVendoredVersion,../containerd/Makefile,containerd.installer)
+ $(call EnsureVendoredVersion,../libnetwork/Makefile,proxy.installer)
+ $(call EnsureVendoredVersion,../runc/Makefile,runc.installer)
+ $(call EnsureVendoredVersion,../tini/Makefile,tini.installer)
+
+ # Verify CLI is the same version
+ ( \
+ CLI_MAKEFILE="../docker/Makefile"; \
+ CLI_VERSION=$$$$( grep --only-matching --perl-regexp '(?<=PKG_VERSION:=)(.*)' "$$$$CLI_MAKEFILE" ); \
+ if [ $$$$CLI_VERSION != $(PKG_VERSION) ]; then \
+ echo "ERROR: Expected 'PKG_VERSION:=$(PKG_VERSION)' in '$$$$CLI_MAKEFILE', found 'PKG_VERSION:=$$$$CLI_VERSION'"; \
+ exit 1; \
+ fi \
+ )
+endef
+
+BUILDTAGS:=
+ifeq ($(KERNEL_SECCOMP),y)
+BUILDTAGS += seccomp
+endif
+ifeq ($(CONFIG_SELINUX),y)
+BUILDTAGS += selinux
+endif
+
+define Build/Compile
+ ( \
+ cd $(PKG_BUILD_DIR); \
+ $(GO_PKG_VARS) \
+ DOCKER_GITCOMMIT=$(PKG_SOURCE_VERSION) \
+ DOCKER_BUILDTAGS='$(BUILDTAGS)' \
+ VERSION=$(PKG_VERSION) \
+ ./hack/make.sh binary; \
+ )
+endef
+
+define Package/dockerd/install
+ $(INSTALL_DIR) $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/bundles/binary-daemon/dockerd $(1)/usr/bin/
+
+ $(INSTALL_DIR) $(1)/opt/docker/
+ $(INSTALL_DIR) $(1)/usr/share/docker/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/contrib/check-config.sh $(1)/usr/share/docker/
+
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/dockerd.init $(1)/etc/init.d/dockerd
+
+ $(INSTALL_DIR) $(1)/etc/config
+ $(INSTALL_CONF) ./files/etc/config/dockerd $(1)/etc/config/dockerd
+
+ # Must be after systcl 11-br-netfilter.conf from kmod-br-netfilter
+ $(INSTALL_DIR) $(1)/etc/sysctl.d
+ $(INSTALL_DATA) ./files/etc/sysctl.d/sysctl-br-netfilter-ip.conf \
+ $(1)/etc/sysctl.d/12-br-netfilter-ip.conf
+endef
+
+define Package/dockerd/postinst
+#!/bin/sh
+[ -n "$$IPKG_INSTROOT" ] || {
+ /etc/init.d/dockerd enable
+ /etc/init.d/dockerd uciadd
+ /etc/init.d/dockerd start
+}
+endef
+
+define Package/dockerd/prerm
+#!/bin/sh
+[ -n "$$IPKG_INSTROOT" ] || {
+ /etc/init.d/dockerd disable
+ /etc/init.d/dockerd stop
+ /etc/init.d/dockerd ucidel
+}
+endef
+
+$(eval $(call BuildPackage,dockerd))
--- /dev/null
+#!/bin/sh /etc/rc.common
+
+USE_PROCD=1
+START=99
+
+extra_command "uciadd" "<interface> <device> <zone> Add docker bridge configuration to network and firewall uci config"
+extra_command "ucidel" "<interface> <device> <zone> Delete docker bridge configuration from network and firewall uci config"
+
+DOCKER_CONF_DIR="/tmp/dockerd"
+DOCKERD_CONF="${DOCKER_CONF_DIR}/daemon.json"
+
+uci_quiet() {
+ uci -q "${@}" >/dev/null
+}
+
+json_add_array_string() {
+ json_add_string "" "${1}"
+}
+
+boot() {
+ uciadd
+ rc_procd start_service
+}
+
+uciadd() {
+ local iface="${1}"
+ local device="${2}"
+ local zone="${3}"
+
+ [ -z "${iface}" ] && {
+ iface="docker"
+ device="docker0"
+ zone="docker"
+ }
+
+ /etc/init.d/dockerd running && {
+ echo "Please stop dockerd service first"
+ exit 0
+ }
+
+ # Add network interface
+ if ! uci_quiet get network.${iface}; then
+ logger -t "dockerd-init" -p notice "Adding docker default interface to network uci config (${iface})"
+ uci_quiet add network interface
+ uci_quiet rename network.@interface[-1]="${iface}"
+ uci_quiet set network.@interface[-1].ifname="${device}"
+ uci_quiet set network.@interface[-1].proto="none"
+ uci_quiet set network.@interface[-1].auto="0"
+ uci_quiet commit network
+ fi
+
+ # Add docker bridge device
+ if ! uci_quiet get network.${device}; then
+ logger -t "dockerd-init" -p notice "Adding docker default bridge device to network uci config (${device})"
+ uci_quiet add network device
+ uci_quiet rename network.@device[-1]="${device}"
+ uci_quiet set network.@device[-1].type="bridge"
+ uci_quiet set network.@device[-1].name="${device}"
+ uci_quiet add_list network.@device[-1].ifname="${device}"
+ uci_quiet commit network
+ fi
+
+ # Add firewall zone
+ if ! uci_quiet get firewall.${zone}; then
+ logger -t "dockerd-init" -p notice "Adding docker default firewall zone to firewall uci config (${zone})"
+ uci_quiet add firewall zone
+ uci_quiet rename firewall.@zone[-1]="${zone}"
+ uci_quiet set firewall.@zone[-1].network="${iface}"
+ uci_quiet set firewall.@zone[-1].input="REJECT"
+ uci_quiet set firewall.@zone[-1].output="ACCEPT"
+ uci_quiet set firewall.@zone[-1].forward="REJECT"
+ uci_quiet set firewall.@zone[-1].name="${zone}"
+ uci_quiet commit firewall
+ fi
+
+ reload_config
+}
+
+ucidel() {
+ local iface="${1}"
+ local device="${2}"
+ local zone="${3}"
+
+ [ -z "${iface}" ] && {
+ iface="docker"
+ device="docker0"
+ zone="docker"
+ }
+
+ /etc/init.d/dockerd running && {
+ echo "Please stop dockerd service first"
+ exit 0
+ }
+
+ if uci_quiet get network.${device}; then
+ logger -t "dockerd-init" -p notice "Deleting docker default bridge device from network uci config (${device})"
+ uci_quiet delete network.${device}
+ uci_quiet commit network
+ fi
+
+ if uci_quiet get network.${iface}; then
+ logger -t "dockerd-init" -p notice "Deleting docker default interface from network uci config (${iface})"
+ uci_quiet delete network.${iface}
+ uci_quiet commit network
+ fi
+
+ if uci_quiet get firewall.${zone}; then
+ logger -t "dockerd-init" -p notice "Deleting docker firewall zone from firewall uci config (${zone})"
+ uci_quiet delete firewall.${zone}
+ uci_quiet commit firewall
+ fi
+
+ reload_config
+}
+
+process_config() {
+ local alt_config_file data_root log_level iptables bip
+
+ [ -f /etc/config/dockerd ] || {
+ # Use the daemon default configuration
+ DOCKERD_CONF=""
+ return 0
+ }
+
+ # reset configuration
+ rm -fr "${DOCKER_CONF_DIR}"
+ mkdir -p "${DOCKER_CONF_DIR}"
+
+ config_load 'dockerd'
+ config_get alt_config_file globals alt_config_file
+ [ -n "${alt_config_file}" ] && [ -f "${alt_config_file}" ] && {
+ ln -s "${alt_config_file}" "${DOCKERD_CONF}"
+ return 0
+ }
+
+ config_get data_root globals data_root "/opt/docker/"
+ config_get log_level globals log_level "warn"
+ config_get_bool iptables globals iptables "1"
+ config_get bip globals bip ""
+
+ . /usr/share/libubox/jshn.sh
+ json_init
+ json_add_string "data-root" "${data_root}"
+ json_add_string "log-level" "${log_level}"
+ [ -z "${bip}" ] || json_add_string "bip" "${bip}"
+ json_add_array "registry-mirrors"
+ config_list_foreach globals registry_mirrors json_add_array_string
+ json_close_array
+ json_add_array "hosts"
+ config_list_foreach globals hosts json_add_array_string
+ json_close_array
+
+ json_add_boolean iptables "${iptables}"
+ [ "${iptables}" -ne "0" ] && config_foreach iptables_add_blocking_rule firewall
+
+ json_dump > "${DOCKERD_CONF}"
+}
+
+start_service() {
+ local nofile=$(cat /proc/sys/fs/nr_open)
+
+ process_config
+
+ procd_open_instance
+ procd_set_param stderr 1
+ if [ -z "${DOCKERD_CONF}" ]; then
+ procd_set_param command /usr/bin/dockerd
+ else
+ procd_set_param command /usr/bin/dockerd --config-file="${DOCKERD_CONF}"
+ fi
+ procd_set_param limits nofile="${nofile} ${nofile}"
+ procd_close_instance
+}
+
+reload_service() {
+ process_config
+ procd_send_signal dockerd
+}
+
+service_triggers() {
+ procd_add_reload_trigger 'dockerd'
+}
+
+iptables_add_blocking_rule() {
+ local cfg="${1}"
+
+ local device=""
+ local extra_iptables_args=""
+
+ handle_iptables_rule() {
+ local interface="${1}"
+ local outbound="${2}"
+ local extra_iptables_args="${3}"
+
+ local inbound=""
+
+ . /lib/functions/network.sh
+ network_get_physdev inbound "${interface}"
+
+ [ -z "${inbound}" ] && {
+ logger -t "dockerd-init" -p notice "Unable to get physical device for interface ${interface}"
+ return
+ }
+
+ # Ignore errors as it might already be present
+ iptables --table filter --new DOCKER-USER 2>/dev/null
+ if ! iptables --table filter --check DOCKER-USER --in-interface "${inbound}" --out-interface "${outbound}" ${extra_iptables_args} --jump DROP 2>/dev/null; then
+ logger -t "dockerd-init" -p notice "Drop traffic from ${inbound} to ${outbound}"
+ iptables --table filter --insert DOCKER-USER --in-interface "${inbound}" --out-interface "${outbound}" ${extra_iptables_args} --jump DROP
+ fi
+ }
+
+ config_get device "${cfg}" device
+
+ [ -z "${device}" ] && {
+ logger -t "dockerd-init" -p notice "No device configured for ${cfg}"
+ return
+ }
+
+ config_get extra_iptables_args "${cfg}" extra_iptables_args
+ config_list_foreach "${cfg}" blocked_interfaces handle_iptables_rule "${device}" "${extra_iptables_args}"
+}
+
+stop_service() {
+ if /etc/init.d/dockerd running; then
+ service_stop "/usr/bin/dockerd"
+ fi
+}
--- /dev/null
+# The following settings require a restart of docker to take full effect, A reload will only have partial or no effect:
+# bip
+# blocked_interfaces
+# extra_iptables_args
+# device
+
+config globals 'globals'
+# option alt_config_file "/etc/docker/daemon.json"
+ option data_root "/opt/docker/"
+ option log_level "warn"
+ list hosts "unix:///var/run/docker.sock"
+ option bip "172.18.0.1/24"
+# option iptables "0"
+# list registry_mirrors "https://<my-docker-mirror-host>"
+# list registry_mirrors "https://hub.docker.com"
+
+# Docker ignores fw3 rules and by default all external source IPs are allowed to connect to the Docker host.
+# See https://docs.docker.com/network/iptables/ for more details.
+# firewall config changes are only additive i.e firewall will need to be restarted first to clear old changes,
+# then docker restarted to load in new changes.
+config firewall 'firewall'
+ option device 'docker0'
+ list blocked_interfaces 'wan'
+# option extra_iptables_args '--match conntrack ! --ctstate RELATED,ESTABLISHED' # allow outbound connections
--- /dev/null
+# Do not edit, changes to this file will be lost on upgrades
+# /etc/sysctl.conf can be used to customize sysctl settings
+
+# enable bridge firewalling for docker
+net.bridge.bridge-nf-call-ip6tables=1
+net.bridge.bridge-nf-call-iptables=1
+
--- /dev/null
+Index: docker-ce-20.10.0/hack/make.sh
+===================================================================
+--- docker-ce-20.10.0.orig/hack/make.sh
++++ docker-ce-20.10.0/hack/make.sh
+@@ -95,7 +95,7 @@ fi
+ # with a newer libdevmapper than the one it was built with.
+ if
+ command -v gcc &> /dev/null \
+- && ! (echo -e '#include <libdevmapper.h>\nint main() { dm_task_deferred_remove(NULL); }' | gcc -xc - -o /dev/null $(pkg-config --libs devmapper) &> /dev/null) \
++ && ! (echo -e '#include <libdevmapper.h>\nint main() { dm_task_deferred_remove(NULL); }' | gcc -xc - -o /dev/null $(pkg-config --libs libdevmapper) &> /dev/null) \
+ ;
+ then
+ add_buildtag libdm dlsym_deferred_remove
PKG_NAME:=findutils
PKG_VERSION:=4.7.0
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@GNU/$(PKG_NAME)
define Package/findutils-find
$(call Package/findutils/Default)
TITLE+= - find utility
- ALTERNATIVES:=300:/usr/bin/find:/usr/libexec/findutils-find
+ ALTERNATIVES:=300:/usr/bin/find:/usr/libexec/find-findutils
endef
define Package/findutils-xargs
$(call Package/findutils/Default)
TITLE+= - xargs utility
- ALTERNATIVES:=300:/usr/bin/xargs:/usr/libexec/findutils-xargs
+ ALTERNATIVES:=300:/usr/bin/xargs:/usr/libexec/xargs-findutils
endef
define Package/findutils-locate
define Package/findutils-find/install
$(INSTALL_DIR) $(1)/usr/libexec
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/find $(1)/usr/libexec/findutils-find
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/find $(1)/usr/libexec/find-findutils
endef
define Package/findutils-xargs/install
$(INSTALL_DIR) $(1)/usr/libexec
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/xargs $(1)/usr/libexec/findutils-xargs
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/xargs $(1)/usr/libexec/xargs-findutils
endef
define Package/findutils-locate/install
include $(TOPDIR)/rules.mk
PKG_NAME:=fontconfig
-PKG_VERSION:=2.11.1
+PKG_VERSION:=2.13.93
PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_SOURCE_URL:=http://fontconfig.org/release/
-PKG_HASH:=dc62447533bca844463a3c3fd4083b57c90f18a70506e7a9f4936b5a1e516a99
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_SOURCE_URL:=https://fontconfig.org/release/
+PKG_HASH:=ea968631eadc5739bc7c8856cef5c77da812d1f67b763f5e51b57b8026c1a0a0
PKG_CPE_ID:=cpe:/a:fontconfig_project:fontconfig
PKG_FIXUP:=libtool
PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
+PKG_BUILD_DEPENDS:=gperf/host
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=fuse3
-PKG_VERSION:=3.10.0
+PKG_VERSION:=3.10.1
PKG_RELEASE:=1
PKG_SOURCE:=fuse-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/libfuse/libfuse/releases/download/fuse-$(PKG_VERSION)
-PKG_HASH:=26517954567f237a7dbcb532755ba0d2c77575c5d90db7566b6e40ec05b0a039
+PKG_HASH:=d82d74d4c03e099f806e4bb31483955637c69226576bf0ca9bd142f1d50ae451
PKG_BUILD_DIR:=$(BUILD_DIR)/fuse-$(PKG_VERSION)
PKG_MAINTAINER:=
+++ /dev/null
-From 4ebb018e78b53a8afe0368e7cd7a17a67c52e3df Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Wed, 28 Oct 2020 19:20:35 -0700
-Subject: [PATCH] remove old uclibc hack
-
-This actually prevents sshfs linking to it as fuse_new becomes
-unavailable.
-
-According to the git history, this seems to predate 2006.
-
-Signed-off-by: Rosen Penev <rosenp@gmail.com>
----
- lib/fuse_misc.h | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/lib/fuse_misc.h b/lib/fuse_misc.h
-index a8b59617..f384aeab 100644
---- a/lib/fuse_misc.h
-+++ b/lib/fuse_misc.h
-@@ -10,10 +10,9 @@
-
- /*
- Versioned symbols cannot be used in some cases because it
-- - confuse the dynamic linker in uClibc
- - not supported on MacOSX (in MachO binary format)
- */
--#if (!defined(__UCLIBC__) && !defined(__APPLE__))
-+#ifndef __APPLE__
- # if HAVE_SYMVER_ATTRIBUTE
- # define FUSE_SYMVER(sym1, sym2) __attribute__ ((symver (sym2)))
- # else
+++ /dev/null
-From e032ca7a88afe1a7cd028ca63e2993af9c0b91af Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Wed, 28 Oct 2020 19:25:38 -0700
-Subject: [PATCH] remove fuse_mutex_init
-
-This seems to have been added before 2006 to fix a uclibc bug. It
-doesn't seem to be the case anymore so just get rid of it.
-
-Signed-off-by: Rosen Penev <rosenp@gmail.com>
----
- lib/fuse.c | 4 ++--
- lib/fuse_loop_mt.c | 4 ++--
- lib/fuse_lowlevel.c | 4 ++--
- lib/fuse_misc.h | 14 --------------
- 4 files changed, 6 insertions(+), 20 deletions(-)
-
-diff --git a/lib/fuse.c b/lib/fuse.c
-index 70299ef1..2125cdaa 100755
---- a/lib/fuse.c
-+++ b/lib/fuse.c
-@@ -3390,7 +3390,7 @@ static void fuse_lib_opendir(fuse_req_t req, fuse_ino_t ino,
- dh->len = 0;
- dh->filled = 0;
- dh->nodeid = ino;
-- fuse_mutex_init(&dh->lock);
-+ pthread_mutex_init(&dh->lock, NULL);
-
- llfi->fh = (uintptr_t) dh;
-
-@@ -4973,7 +4973,7 @@ struct fuse *fuse_new_31(struct fuse_args *args,
- if (node_table_init(&f->id_table) == -1)
- goto out_free_name_table;
-
-- fuse_mutex_init(&f->lock);
-+ pthread_mutex_init(&f->lock, NULL);
-
- root = alloc_node(f);
- if (root == NULL) {
-diff --git a/lib/fuse_loop_mt.c b/lib/fuse_loop_mt.c
-index 0c6a5b79..71be15da 100644
---- a/lib/fuse_loop_mt.c
-+++ b/lib/fuse_loop_mt.c
-@@ -65,7 +65,7 @@ static struct fuse_chan *fuse_chan_new(int fd)
- memset(ch, 0, sizeof(*ch));
- ch->fd = fd;
- ch->ctr = 1;
-- fuse_mutex_init(&ch->lock);
-+ pthread_mutex_init(&ch->lock, NULL);
-
- return ch;
- }
-@@ -321,7 +321,7 @@ int fuse_session_loop_mt_32(struct fuse_session *se, struct fuse_loop_config *co
- mt.main.thread_id = pthread_self();
- mt.main.prev = mt.main.next = &mt.main;
- sem_init(&mt.finish, 0, 0);
-- fuse_mutex_init(&mt.lock);
-+ pthread_mutex_init(&mt.lock, NULL);
-
- pthread_mutex_lock(&mt.lock);
- err = fuse_loop_start_thread(&mt);
-diff --git a/lib/fuse_lowlevel.c b/lib/fuse_lowlevel.c
-index 83510b3c..d227688b 100644
---- a/lib/fuse_lowlevel.c
-+++ b/lib/fuse_lowlevel.c
-@@ -155,7 +155,7 @@ static struct fuse_req *fuse_ll_alloc_req(struct fuse_session *se)
- req->se = se;
- req->ctr = 1;
- list_init_req(req);
-- fuse_mutex_init(&req->lock);
-+ pthread_mutex_init(&req->lock, NULL);
- }
-
- return req;
-@@ -2958,7 +2958,7 @@ struct fuse_session *fuse_session_new(struct fuse_args *args,
- list_init_req(&se->interrupts);
- list_init_nreq(&se->notify_list);
- se->notify_ctr = 1;
-- fuse_mutex_init(&se->lock);
-+ pthread_mutex_init(&se->lock, NULL);
-
- err = pthread_key_create(&se->pipe_key, fuse_ll_pipe_destructor);
- if (err) {
-diff --git a/lib/fuse_misc.h b/lib/fuse_misc.h
-index f384aeab..f956ab79 100644
---- a/lib/fuse_misc.h
-+++ b/lib/fuse_misc.h
-@@ -22,20 +22,6 @@
- #define FUSE_SYMVER(sym1, sym2)
- #endif
-
--#ifndef USE_UCLIBC
--#define fuse_mutex_init(mut) pthread_mutex_init(mut, NULL)
--#else
--/* Is this hack still needed? */
--static inline void fuse_mutex_init(pthread_mutex_t *mut)
--{
-- pthread_mutexattr_t attr;
-- pthread_mutexattr_init(&attr);
-- pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_ADAPTIVE_NP);
-- pthread_mutex_init(mut, &attr);
-- pthread_mutexattr_destroy(&attr);
--}
--#endif
--
- #ifdef HAVE_STRUCT_STAT_ST_ATIM
- /* Linux */
- #define ST_ATIM_NSEC(stbuf) ((stbuf)->st_atim.tv_nsec)
#include <linux/ktime.h>
#include <linux/proc_fs.h>
#include <linux/seq_file.h>
+#include <linux/version.h>
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Nuno Goncalves");
return single_open(file, proc_show, NULL);
}
-static const struct file_operations hello_proc_fops = {
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,6,0)
+static const struct proc_ops hello_proc_ops = {
+ .proc_open = proc_open,
+ .proc_read = seq_read,
+ .proc_lseek = seq_lseek,
+ .proc_release = single_release,
+};
+#else
+static const struct file_operations hello_proc_ops = {
.owner = THIS_MODULE,
.open = proc_open,
.read = seq_read,
.llseek = seq_lseek,
.release = single_release,
};
+#endif
static irq_handler_t handle_rx_start(unsigned int irq, void* device, struct pt_regs* registers)
{
{
bool success = true;
- proc_create("gl_mifi_mcu", 0, NULL, &hello_proc_fops);
+ proc_create("gl_mifi_mcu", 0, NULL, &hello_proc_ops);
success &= gpio_request(gpio_tx, "soft_uart_tx") == 0;
success &= gpio_direction_output(gpio_tx, 1) == 0;
include $(TOPDIR)/rules.mk
PKG_NAME:=gnuplot
-PKG_VERSION:=5.4.0
-PKG_RELEASE:=2
+PKG_VERSION:=5.4.1
+PKG_RELEASE:=1
PKG_MAINTAINER:=Matteo Cicuttin <datafl4sh@toxicnet.eu>
PKG_BUILD_DIR:=$(BUILD_DIR)/gnuplot-$(PKG_VERSION)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/gnuplot
-PKG_HASH:=eb4082f03a399fd1e9e2b380cf7a4f785e77023d8dcc7e17570c1b5570a49c47
+PKG_HASH:=6b690485567eaeb938c26936e5e0681cf70c856d273cc2c45fabf64d8bc6590e
PKG_CAT:=zcat
PKG_FIXUP:=autoreconf
-Index: gnuplot-5.4.0/Makefile.am
-===================================================================
---- gnuplot-5.4.0.orig/Makefile.am
-+++ gnuplot-5.4.0/Makefile.am
+--- a/Makefile.am
++++ b/Makefile.am
@@ -1,7 +1,7 @@
## Process this file with automake to produce Makefile.in -*-Makefile-*-
AUTOMAKE_OPTIONS = foreign
include $(TOPDIR)/rules.mk
PKG_NAME:=gptfdisk
-PKG_VERSION:=1.0.5
+PKG_VERSION:=1.0.6
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/$(PKG_NAME)
-PKG_HASH:=0e7d3987cd0488ecaf4b48761bc97f40b1dc089e5ff53c4b37abe30bc67dcb2f
+PKG_HASH:=ddc551d643a53f0bd4440345d3ae32c49b04a797e9c01036ea460b6bb4168ca8
PKG_MAINTAINER:=Alif M. Ahmad <alive4ever@live.com>
PKG_LICENSE:=GPL-2.0-or-later
PKG_BUILD_PARALLEL:=1
-include $(INCLUDE_DIR)/uclibc++.mk
include $(INCLUDE_DIR)/package.mk
define Package/gptfdisk/Default
CATEGORY:=Utilities
SUBMENU:=Disc
URL:=https://www.rodsbooks.com/gdisk
- DEPENDS:=$(CXX_DEPENDS)
+ DEPENDS:=+libstdcpp
endef
define Package/gdisk
endef
TARGET_CXXFLAGS += -std=c++11 -ffunction-sections -fdata-sections -fno-rtti -flto
-TARGET_LDFLAGS += $(if $(CONFIG_USE_GLIBC),-lm) -Wl,--gc-sections,--as-needed
-ifeq ($(CONFIG_USE_UCLIBCXX),y)
-TARGET_LDFLAGS += -nodefaultlibs
-endif
+TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed
define Package/gdisk/install
$(INSTALL_DIR) $(1)/usr/bin
+++ /dev/null
-From b33f93bea332211afae037e4b6f379f0876302d1 Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Tue, 8 Oct 2019 20:51:54 -0700
-Subject: [PATCH] Add some extra flushes before getline/cin
-
-These are not covered by the previous commits.
-
-Signed-off-by: Rosen Penev <rosenp@gmail.com>
----
- diskio-unix.cc | 2 +-
- gptcurses.cc | 4 ++--
- parttypes.cc | 2 +-
- support.cc | 2 +-
- 4 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/diskio-unix.cc b/diskio-unix.cc
-index d9f8b8d..c38fda5 100644
---- a/diskio-unix.cc
-+++ b/diskio-unix.cc
-@@ -92,7 +92,7 @@ int DiskIO::OpenForRead(void) {
- #if defined(__linux__) && !defined(EFI)
- if (isOpen && realFilename.substr(0,4) == "/dev") {
- ostringstream modelNameFilename;
-- modelNameFilename << "/sys/block" << realFilename.substr(4,512) << "/device/model";
-+ modelNameFilename << "/sys/block" << realFilename.substr(4,512) << "/device/model" << flush;
- ifstream modelNameFile(modelNameFilename.str().c_str());
- if (modelNameFile.is_open()) {
- getline(modelNameFile, modelName);
-diff --git a/gptcurses.cc b/gptcurses.cc
-index 4ebfde1..ca6f4ea 100644
---- a/gptcurses.cc
-+++ b/gptcurses.cc
-@@ -422,7 +422,7 @@ void GPTDataCurses::Verify(void) {
- def_prog_mode();
- endwin();
- GPTData::Verify();
-- cout << "\nPress the <Enter> key to continue: ";
-+ cout << "\nPress the <Enter> key to continue: " << flush;
- cin.get(junk);
- reset_prog_mode();
- refresh();
-@@ -820,7 +820,7 @@ void ShowTypes(void) {
- def_prog_mode();
- endwin();
- tempType.ShowAllTypes(LINES - 3);
-- cout << "\nPress the <Enter> key to continue: ";
-+ cout << "\nPress the <Enter> key to continue: " << flush;
- cin.get(junk);
- reset_prog_mode();
- refresh();
-diff --git a/parttypes.cc b/parttypes.cc
-index cd225d1..6c2c8c6 100644
---- a/parttypes.cc
-+++ b/parttypes.cc
-@@ -530,7 +530,7 @@ void PartType::ShowAllTypes(int maxLines) const {
-
- cout.unsetf(ios::uppercase);
- if (maxLines > 0) {
-- cout << "Type search string, or <Enter> to show all codes: ";
-+ cout << "Type search string, or <Enter> to show all codes: " << flush;
- matchString = ToLower(ReadString());
- } // if
- while (thisType != NULL) {
-diff --git a/support.cc b/support.cc
-index 891caad..645ef5d 100644
---- a/support.cc
-+++ b/support.cc
-@@ -127,7 +127,7 @@ uint64_t GetSectorNum(uint64_t low, uint64_t high, uint64_t def, uint64_t sSize,
- char line[255];
-
- do {
-- cout << prompt;
-+ cout << prompt << flush;
- cin.getline(line, 255);
- if (!cin.good())
- exit(5);
---
-2.17.1
-
include $(TOPDIR)/rules.mk
PKG_NAME:=haveged
-PKG_VERSION:=1.9.13
+PKG_VERSION:=1.9.14
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/jirka-h/haveged/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=d17bd22fa1745daca5ac72e014ed3b0fe5720da4c115953124b1bf2a0aa2b04b
+PKG_HASH:=938cb494bcad7e4f24e61eb50fab4aa0acbc3240c80f3ad5c6cf7e6e922618c3
PKG_BUILD_DIR:=$(BUILD_DIR)/haveged-$(PKG_VERSION)
PKG_LICENSE:=GPLv3
PKG_NAME:=hfsprogs
PKG_VERSION:=332.25
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).orig.tar.gz
PKG_SOURCE_URL:=http://archive.ubuntu.com/ubuntu/pool/universe/h/$(PKG_NAME)
create mode 100644 fsck_hfs.tproj/dfalib/Makefile.lnx
create mode 100644 newfs_hfs.tproj/Makefile.lnx
-diff --git a/Makefile.lnx b/Makefile.lnx
-new file mode 100644
-index 0000000..687d1e7
--- /dev/null
+++ b/Makefile.lnx
@@ -0,0 +1,8 @@
+ for d in $(SUBDIRS); do $(MAKE) -C $$d -f Makefile.lnx $@; done
+
+export CC CFLAGS
-diff --git a/fsck_hfs.tproj/Makefile.lnx b/fsck_hfs.tproj/Makefile.lnx
-new file mode 100644
-index 0000000..977d7e8
--- /dev/null
+++ b/fsck_hfs.tproj/Makefile.lnx
@@ -0,0 +1,16 @@
+ $(MAKE) -C dfalib -f Makefile.lnx clean
+
+.PHONY : FORCE clean
-diff --git a/fsck_hfs.tproj/dfalib/Makefile.lnx b/fsck_hfs.tproj/dfalib/Makefile.lnx
-new file mode 100644
-index 0000000..8c07196
--- /dev/null
+++ b/fsck_hfs.tproj/dfalib/Makefile.lnx
@@ -0,0 +1,15 @@
+
+clean:
+ $(RM) $(OFILES) libdfa.a
-diff --git a/newfs_hfs.tproj/Makefile.lnx b/newfs_hfs.tproj/Makefile.lnx
-new file mode 100644
-index 0000000..58e6700
--- /dev/null
+++ b/newfs_hfs.tproj/Makefile.lnx
@@ -0,0 +1,12 @@
21 files changed, 429 insertions(+), 85 deletions(-)
create mode 100644 include/missing.h
-diff --git a/fsck_hfs.tproj/cache.c b/fsck_hfs.tproj/cache.c
-index be46195..527088a 100644
--- a/fsck_hfs.tproj/cache.c
+++ b/fsck_hfs.tproj/cache.c
@@ -26,7 +26,11 @@
#include <sys/uio.h>
#include <unistd.h>
#include <string.h>
-diff --git a/fsck_hfs.tproj/dfalib/BTree.c b/fsck_hfs.tproj/dfalib/BTree.c
-index edd8301..7ad9fe0 100644
--- a/fsck_hfs.tproj/dfalib/BTree.c
+++ b/fsck_hfs.tproj/dfalib/BTree.c
-@@ -1705,7 +1705,9 @@ OSStatus BTGetInformation (SFCB *filePtr,
+@@ -1705,7 +1705,9 @@ OSStatus BTGetInformation (SFCB *fil
UInt16 version,
BTreeInfoRec *info )
{
BTreeControlBlockPtr btreePtr;
-diff --git a/fsck_hfs.tproj/dfalib/BlockCache.c b/fsck_hfs.tproj/dfalib/BlockCache.c
-index 1bb952f..e3a28a2 100644
--- a/fsck_hfs.tproj/dfalib/BlockCache.c
+++ b/fsck_hfs.tproj/dfalib/BlockCache.c
@@ -20,6 +20,9 @@
#include "SRuntime.h"
#include "Scavenger.h"
#include "../cache.h"
-diff --git a/fsck_hfs.tproj/dfalib/SBTree.c b/fsck_hfs.tproj/dfalib/SBTree.c
-index 2fbcd1d..cd81b13 100644
--- a/fsck_hfs.tproj/dfalib/SBTree.c
+++ b/fsck_hfs.tproj/dfalib/SBTree.c
@@ -322,7 +322,9 @@ ErrorExit:
OSStatus result;
UInt32 actualSectorsAdded;
-diff --git a/fsck_hfs.tproj/dfalib/SDevice.c b/fsck_hfs.tproj/dfalib/SDevice.c
-index bf6f61c..9a46023 100644
--- a/fsck_hfs.tproj/dfalib/SDevice.c
+++ b/fsck_hfs.tproj/dfalib/SDevice.c
@@ -2,7 +2,7 @@
if (devBlockSize != 512) {
*numBlocks = (devBlockCount * (UInt64)devBlockSize) / 512;
-@@ -70,24 +108,24 @@ OSErr GetDeviceSize(int driveRefNum, UInt64 *numBlocks, UInt32 *blockSize)
+@@ -70,24 +108,24 @@ OSErr GetDeviceSize(int driveRefNum, UIn
{
/* return format list status code */
kFmtLstCode = 6,
ParamBlockRec pb;
FormatListRec formatListRecords[kMaxFormatListRecs];
DrvSts status;
-@@ -95,22 +133,22 @@ OSErr GetDeviceSize(int driveRefNum, UInt64 *numBlocks, UInt32 *blockSize)
+@@ -95,22 +133,22 @@ OSErr GetDeviceSize(int driveRefNum, UIn
OSErr result;
unsigned long blocks = 0;
/* Get the current disk's size. */
for( formatListRecIndex = 0;
formatListRecIndex < pb.cntrlParam.csParam[0];
-@@ -131,7 +169,7 @@ OSErr GetDeviceSize(int driveRefNum, UInt64 *numBlocks, UInt32 *blockSize)
+@@ -131,7 +169,7 @@ OSErr GetDeviceSize(int driveRefNum, UIn
else if ( driveQElementPtr->dQRefNum == (short)kSonyRefNum )
{
/* The drive is a non-SuperDrive floppy which only supports 400K and 800K disks */
result = DriveStatus(driveQElementPtr->dQDrive, &status);
if ( result == noErr )
{
-@@ -140,11 +178,11 @@ OSErr GetDeviceSize(int driveRefNum, UInt64 *numBlocks, UInt32 *blockSize)
+@@ -140,11 +178,11 @@ OSErr GetDeviceSize(int driveRefNum, UIn
case kSingleSided:
blocks = kSingleSidedSize;
break;
default: // This should never happen
result = paramErr;
break;
-@@ -155,20 +193,20 @@ OSErr GetDeviceSize(int driveRefNum, UInt64 *numBlocks, UInt32 *blockSize)
+@@ -155,20 +193,20 @@ OSErr GetDeviceSize(int driveRefNum, UIn
{
/* The drive is not a floppy and it doesn't support ReturnFormatList */
/* so use the dQDrvSz field(s) */
default: // This should never happen
result = paramErr;
break;
-@@ -177,7 +215,7 @@ OSErr GetDeviceSize(int driveRefNum, UInt64 *numBlocks, UInt32 *blockSize)
+@@ -177,7 +215,7 @@ OSErr GetDeviceSize(int driveRefNum, UIn
*numBlocks = blocks;
*blockSize = 512;
return( result );
#endif
}
-@@ -188,7 +226,7 @@ OSErr DeviceRead(int device, int drive, void* buffer, SInt64 offset, UInt32 reqB
+@@ -188,7 +226,7 @@ OSErr DeviceRead(int device, int drive,
#if BSD
off_t seek_off;
ssize_t nbytes;
*actBytes = 0;
seek_off = lseek(device, offset, SEEK_SET);
-diff --git a/fsck_hfs.tproj/dfalib/SKeyCompare.c b/fsck_hfs.tproj/dfalib/SKeyCompare.c
-index 46e145f..18d99c5 100644
--- a/fsck_hfs.tproj/dfalib/SKeyCompare.c
+++ b/fsck_hfs.tproj/dfalib/SKeyCompare.c
-@@ -454,7 +454,9 @@ SInt32 CompareExtentKeysPlus( const HFSPlusExtentKey *searchKey, const HFSPlusEx
+@@ -454,7 +454,9 @@ SInt32 CompareExtentKeysPlus( const HFSP
* The name portion of the key is compared using a 16-bit binary comparison.
* This is called from the b-tree code.
*/
SInt32
CompareAttributeKeys(const AttributeKey *searchKey, const AttributeKey *trialKey)
{
-diff --git a/fsck_hfs.tproj/dfalib/SRepair.c b/fsck_hfs.tproj/dfalib/SRepair.c
-index 01c1a10..8eb759c 100644
--- a/fsck_hfs.tproj/dfalib/SRepair.c
+++ b/fsck_hfs.tproj/dfalib/SRepair.c
@@ -1617,7 +1617,9 @@ Output:
OSErr err;
HFSMasterDirectoryBlock *mdb;
-diff --git a/fsck_hfs.tproj/dfalib/SRuntime.h b/fsck_hfs.tproj/dfalib/SRuntime.h
-index 646917b..770e3ef 100644
--- a/fsck_hfs.tproj/dfalib/SRuntime.h
+++ b/fsck_hfs.tproj/dfalib/SRuntime.h
@@ -27,8 +27,11 @@
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
-@@ -91,10 +94,12 @@ typedef const unsigned char * ConstStr255Param;
+@@ -91,10 +94,12 @@ typedef const unsigned char * ConstStr25
typedef u_int32_t HFSCatalogNodeID;
/* OS error codes */
enum {
-diff --git a/fsck_hfs.tproj/dfalib/SUtils.c b/fsck_hfs.tproj/dfalib/SUtils.c
-index 72035f0..6e9253e 100644
--- a/fsck_hfs.tproj/dfalib/SUtils.c
+++ b/fsck_hfs.tproj/dfalib/SUtils.c
-@@ -380,7 +380,8 @@ void InvalidateCalculatedVolumeBitMap( SGlobPtr GPtr )
+@@ -380,7 +380,8 @@ void InvalidateCalculatedVolumeBitMap( S
// GPtr->realVCB Real in-memory vcb
//------------------------------------------------------------------------------
/*-------------------------------------------------------------------------------
-diff --git a/fsck_hfs.tproj/dfalib/SVerify2.c b/fsck_hfs.tproj/dfalib/SVerify2.c
-index 6a47935..c68f3d8 100644
--- a/fsck_hfs.tproj/dfalib/SVerify2.c
+++ b/fsck_hfs.tproj/dfalib/SVerify2.c
@@ -32,7 +32,9 @@
#include "BTree.h"
#include "BTreePrivate.h"
-@@ -1354,8 +1356,13 @@ OSErr CompareVolumeHeader( SGlobPtr GPtr, HFSPlusVolumeHeader *volumeHeader )
+@@ -1354,8 +1356,13 @@ OSErr CompareVolumeHeader( SGlobPtr GPtr
* clump size for read-only media is irrelevant we skip the clump size
* check to avoid non useful warnings.
*/
if ( isWriteable != 0 &&
volumeHeader->catalogFile.clumpSize != vcb->vcbCatalogFile->fcbClumpSize ) {
PrintError(GPtr, E_InvalidClumpSize, 0);
-diff --git a/fsck_hfs.tproj/dfalib/Scavenger.h b/fsck_hfs.tproj/dfalib/Scavenger.h
-index cf53970..edb3a80 100644
--- a/fsck_hfs.tproj/dfalib/Scavenger.h
+++ b/fsck_hfs.tproj/dfalib/Scavenger.h
@@ -37,11 +37,16 @@
#ifdef __cplusplus
extern "C" {
-@@ -1465,4 +1470,8 @@ extern int AllocateContigBitmapBits (SVCB *vcb, UInt32 numBlocks, UInt32 *actua
+@@ -1465,4 +1470,8 @@ extern int AllocateContigBitmapBits (SV
};
#endif
+#endif */
+
#endif /* __SCAVENGER__ */
-diff --git a/fsck_hfs.tproj/dfalib/hfs_endian.c b/fsck_hfs.tproj/dfalib/hfs_endian.c
-index 7fa5385..69500c1 100755
--- a/fsck_hfs.tproj/dfalib/hfs_endian.c
+++ b/fsck_hfs.tproj/dfalib/hfs_endian.c
@@ -31,7 +31,11 @@
#include <hfs/hfs_format.h>
#include "Scavenger.h"
-diff --git a/fsck_hfs.tproj/dfalib/hfs_endian.h b/fsck_hfs.tproj/dfalib/hfs_endian.h
-index 52d0c3a..0763d9d 100755
--- a/fsck_hfs.tproj/dfalib/hfs_endian.h
+++ b/fsck_hfs.tproj/dfalib/hfs_endian.h
@@ -27,9 +27,14 @@
#include "SRuntime.h"
/*********************/
-diff --git a/fsck_hfs.tproj/fsck_hfs.c b/fsck_hfs.tproj/fsck_hfs.c
-index 90532fd..f1a18bd 100644
--- a/fsck_hfs.tproj/fsck_hfs.c
+++ b/fsck_hfs.tproj/fsck_hfs.c
@@ -24,10 +24,14 @@
ExitThisRoutine:
if (lflag) {
fcntl(fs_fd, F_THAW_FS, NULL);
-@@ -401,16 +423,18 @@ setup( char *dev, int *blockDevice_fdPtr, int *canWritePtr )
+@@ -401,16 +423,18 @@ setup( char *dev, int *blockDevice_fdPtr
fswritefd = -1;
*blockDevice_fdPtr = -1;
*canWritePtr = 0;
if ((fsreadfd = open(dev, O_RDONLY)) < 0) {
printf("Can't open %s: %s\n", dev, strerror(errno));
return (0);
-@@ -419,7 +443,7 @@ setup( char *dev, int *blockDevice_fdPtr, int *canWritePtr )
+@@ -419,7 +443,7 @@ setup( char *dev, int *blockDevice_fdPtr
/* attempt to get write access to the block device and if not check if volume is */
/* mounted read-only. */
getWriteAccess( dev, blockDevice_fdPtr, canWritePtr );
if (preen == 0 && !guiControl)
printf("** %s", dev);
if (nflag || (fswritefd = open(dev, O_WRONLY)) < 0) {
-@@ -433,10 +457,14 @@ setup( char *dev, int *blockDevice_fdPtr, int *canWritePtr )
+@@ -433,10 +457,14 @@ setup( char *dev, int *blockDevice_fdPtr
printf("\n");
/* Get device block size to initialize cache */
/* calculate the cache block size and total blocks */
if (CalculateCacheSize(userCacheSize, &cacheBlockSize, &cacheTotalBlocks, debug) != 0) {
-@@ -463,11 +491,15 @@ setup( char *dev, int *blockDevice_fdPtr, int *canWritePtr )
+@@ -463,11 +491,15 @@ setup( char *dev, int *blockDevice_fdPtr
static void getWriteAccess( char *dev, int *blockDevice_fdPtr, int *canWritePtr )
{
void * myNamePtr;
myPtr = NULL;
-@@ -490,6 +522,9 @@ static void getWriteAccess( char *dev, int *blockDevice_fdPtr, int *canWritePtr
+@@ -490,6 +522,9 @@ static void getWriteAccess( char *dev, i
}
// get count of mounts then get the info for each
myMountsCount = getfsstat( NULL, 0, MNT_NOWAIT );
if ( myMountsCount < 0 )
goto ExitThisRoutine;
-@@ -513,8 +548,8 @@ static void getWriteAccess( char *dev, int *blockDevice_fdPtr, int *canWritePtr
+@@ -513,8 +548,8 @@ static void getWriteAccess( char *dev, i
}
myBufPtr++;
}
ExitThisRoutine:
if ( myPtr != NULL )
free( myPtr );
-diff --git a/fsck_hfs.tproj/utilities.c b/fsck_hfs.tproj/utilities.c
-index ee41bef..8e1cd77 100644
--- a/fsck_hfs.tproj/utilities.c
+++ b/fsck_hfs.tproj/utilities.c
@@ -183,12 +183,14 @@ retry:
(void)strcat(rawbuf, &dp[1]);
return (rawbuf);
-diff --git a/include/missing.h b/include/missing.h
-new file mode 100644
-index 0000000..0a859c4
--- /dev/null
+++ b/include/missing.h
@@ -0,0 +1,114 @@
+#define KAUTH_FILESEC_XATTR "com.apple.system.Security"
+
+#endif
-diff --git a/newfs_hfs.tproj/hfs_endian.c b/newfs_hfs.tproj/hfs_endian.c
-index 117b7f8..fdf7353 100644
--- a/newfs_hfs.tproj/hfs_endian.c
+++ b/newfs_hfs.tproj/hfs_endian.c
@@ -30,7 +30,12 @@
#include <hfs/hfs_format.h>
#include "hfs_endian.h"
-diff --git a/newfs_hfs.tproj/hfs_endian.h b/newfs_hfs.tproj/hfs_endian.h
-index 8d9d01d..5c7ff57 100644
--- a/newfs_hfs.tproj/hfs_endian.h
+++ b/newfs_hfs.tproj/hfs_endian.h
@@ -29,7 +29,12 @@
/*********************/
/* BIG ENDIAN Macros */
-diff --git a/newfs_hfs.tproj/makehfs.c b/newfs_hfs.tproj/makehfs.c
-index 085222f..7609779 100644
--- a/newfs_hfs.tproj/makehfs.c
+++ b/newfs_hfs.tproj/makehfs.c
@@ -31,10 +31,16 @@
#include <hfs/hfs_format.h>
#include <hfs/hfs_mount.h>
-@@ -129,7 +136,9 @@ static UInt32 Largest __P((UInt32 a, UInt32 b, UInt32 c, UInt32 d ));
+@@ -129,7 +136,9 @@ static UInt32 Largest __P((UInt32 a, UIn
static void MarkBitInAllocationBuffer __P((HFSPlusVolumeHeader *header,
UInt32 allocationBlock, void* sectorBuffer, UInt32 *sector));
static UInt32 UTCToLocal __P((UInt32 utcTime));
-@@ -158,11 +167,14 @@ void SETOFFSET (void *buffer, UInt16 btNodeSize, SInt16 recOffset, SInt16 vecOff
+@@ -158,11 +167,14 @@ void SETOFFSET (void *buffer, UInt16 btN
#define ROUNDUP(x, u) (((x) % (u) == 0) ? (x) : ((x)/(u) + 1) * (u))
/*
* make_hfs
*
-@@ -528,6 +540,7 @@ InitMDB(hfsparams_t *defaults, UInt32 driveBlocks, HFS_MDB *mdbp)
+@@ -528,6 +540,7 @@ InitMDB(hfsparams_t *defaults, UInt32 dr
* Map UTF-8 input into a Mac encoding.
* On conversion errors "untitled" is used as a fallback.
*/
{
UniChar unibuf[kHFSMaxVolumeNameChars];
CFStringRef cfstr;
-@@ -553,7 +566,11 @@ InitMDB(hfsparams_t *defaults, UInt32 driveBlocks, HFS_MDB *mdbp)
+@@ -553,7 +566,11 @@ InitMDB(hfsparams_t *defaults, UInt32 dr
bcopy(&mdbp->drVN[1], defaults->volumeName, mdbp->drVN[0]);
defaults->volumeName[mdbp->drVN[0]] = '\0';
}
mdbp->drFndrInfo[4] = SET_HFS_TEXT_ENCODING(defaults->encodingHint);
mdbp->drWrCnt = kWriteSeqNum;
-@@ -1100,9 +1117,11 @@ InitCatalogRoot_HFSPlus(const hfsparams_t *dp, const HFSPlusVolumeHeader *header
+@@ -1100,9 +1117,11 @@ InitCatalogRoot_HFSPlus(const hfsparams_
UInt16 nodeSize;
SInt16 offset;
UInt32 unicodeBytes;
int index = 0;
nodeSize = dp->catalogNodeSize;
-@@ -1122,7 +1141,9 @@ InitCatalogRoot_HFSPlus(const hfsparams_t *dp, const HFSPlusVolumeHeader *header
+@@ -1122,7 +1141,9 @@ InitCatalogRoot_HFSPlus(const hfsparams_
* First record is always the root directory...
*/
ckp = (HFSPlusCatalogKey *)((UInt8 *)buffer + offset);
/* Use CFString functions to get a HFSPlus Canonical name */
cfstr = CFStringCreateWithCString(kCFAllocatorDefault, (char *)dp->volumeName, kCFStringEncodingUTF8);
cfOK = _CFStringGetFileSystemRepresentation(cfstr, canonicalName, sizeof(canonicalName));
-@@ -1139,6 +1160,7 @@ InitCatalogRoot_HFSPlus(const hfsparams_t *dp, const HFSPlusVolumeHeader *header
+@@ -1139,6 +1160,7 @@ InitCatalogRoot_HFSPlus(const hfsparams_
dp->volumeName, kDefaultVolumeNameStr);
}
CFRelease(cfstr);
ckp->nodeName.length = SWAP_BE16 (ckp->nodeName.length);
unicodeBytes = sizeof(UniChar) * SWAP_BE16 (ckp->nodeName.length);
-@@ -1821,15 +1843,15 @@ WriteBuffer(const DriveInfo *driveInfo, UInt64 startingSector, UInt32 byteCount,
+@@ -1821,15 +1843,15 @@ WriteBuffer(const DriveInfo *driveInfo,
off_t sector;
if ((byteCount % driveInfo->sectorSize) != 0)
}
-@@ -1913,7 +1935,7 @@ DivideAndRoundUp(UInt32 numerator, UInt32 denominator)
+@@ -1913,7 +1935,7 @@ DivideAndRoundUp(UInt32 numerator, UInt3
return quotient;
}
static int
ConvertUTF8toUnicode(const UInt8* source, UInt32 bufsize, UniChar* unibuf,
-@@ -2006,6 +2028,9 @@ ConvertUTF8toUnicode(const UInt8* source, UInt32 bufsize, UniChar* unibuf,
+@@ -2006,6 +2028,9 @@ ConvertUTF8toUnicode(const UInt8* source
static int
getencodinghint(unsigned char *name)
{
}
-@@ -2034,12 +2060,14 @@ void GenerateVolumeUUID(VolumeUUID *newVolumeID) {
+@@ -2034,12 +2060,14 @@ void GenerateVolumeUUID(VolumeUUID *newV
unsigned char digest[20];
time_t now;
clock_t uptime;
do {
/* Initialize the SHA-1 context for processing: */
-@@ -2052,52 +2080,58 @@ void GenerateVolumeUUID(VolumeUUID *newVolumeID) {
+@@ -2052,52 +2080,58 @@ void GenerateVolumeUUID(VolumeUUID *newV
SHA1_Update(&context, &uptime, sizeof(uptime));
/* The kernel's boot time: */
/* The current GMT (26 ASCII characters): */
time(&now);
strncpy(randomInputBuffer, asctime(gmtime(&now)), 26); /* "Mon Mar 27 13:46:26 2000" */
-diff --git a/newfs_hfs.tproj/newfs_hfs.c b/newfs_hfs.tproj/newfs_hfs.c
-index c4176a9..bf2ed21 100644
--- a/newfs_hfs.tproj/newfs_hfs.c
+++ b/newfs_hfs.tproj/newfs_hfs.c
@@ -38,8 +38,13 @@
}
exit(0);
-@@ -506,7 +527,9 @@ hfs_newfs(char *device, int forceHFS, int isRaw)
+@@ -506,7 +527,9 @@ hfs_newfs(char *device, int forceHFS, in
int fso = 0;
int retval = 0;
hfsparams_t defaults = {0};
if (gPartitionSize) {
dip.sectorSize = kBytesPerSector;
-@@ -526,6 +549,34 @@ hfs_newfs(char *device, int forceHFS, int isRaw)
+@@ -526,6 +549,34 @@ hfs_newfs(char *device, int forceHFS, in
if (fstat( fso, &stbuf) < 0)
fatal("%s: %s", device, strerror(errno));
if (ioctl(fso, DKIOCGETBLOCKCOUNT, &dip.totalSectors) < 0)
fatal("%s: %s", device, strerror(errno));
-@@ -537,11 +588,14 @@ hfs_newfs(char *device, int forceHFS, int isRaw)
+@@ -537,11 +588,14 @@ hfs_newfs(char *device, int forceHFS, in
dip.sectorsPerIO = (128 * 1024) / dip.sectorSize; /* use 128K as default */
else
dip.sectorsPerIO = MIN(maxSectorsPerIO, (1024 * 1024) / dip.sectorSize);
if (dip.sectorSize != kBytesPerSector) {
if (isRaw) {
close(fso);
-@@ -556,7 +610,9 @@ hfs_newfs(char *device, int forceHFS, int isRaw)
+@@ -556,7 +610,9 @@ hfs_newfs(char *device, int forceHFS, in
dip.sectorSize = kBytesPerSector;
}
}
dip.sectorOffset = 0;
time(&createtime);
-diff --git a/newfs_hfs.tproj/newfs_hfs.h b/newfs_hfs.tproj/newfs_hfs.h
-index 968ff10..5680a34 100644
--- a/newfs_hfs.tproj/newfs_hfs.h
+++ b/newfs_hfs.tproj/newfs_hfs.h
@@ -19,8 +19,12 @@
create mode 100644 include/hfs/hfs_mount.h
create mode 100644 include/sys/appleapiopts.h
-diff --git a/include/bitstring.h b/include/bitstring.h
-new file mode 100644
-index 0000000..fbecfbe
--- /dev/null
+++ b/include/bitstring.h
@@ -0,0 +1,164 @@
+}
+
+#endif /* !_BITSTRING_H_ */
-diff --git a/include/hfs/hfs_format.h b/include/hfs/hfs_format.h
-new file mode 100644
-index 0000000..d820329
--- /dev/null
+++ b/include/hfs/hfs_format.h
@@ -0,0 +1,689 @@
+#endif
+
+#endif /* __HFS_FORMAT__ */
-diff --git a/include/hfs/hfs_mount.h b/include/hfs/hfs_mount.h
-new file mode 100644
-index 0000000..ad729f2
--- /dev/null
+++ b/include/hfs/hfs_mount.h
@@ -0,0 +1,78 @@
+#endif /* __APPLE_API_UNSTABLE */
+
+#endif /* ! _HFS_MOUNT_H_ */
-diff --git a/include/sys/appleapiopts.h b/include/sys/appleapiopts.h
-new file mode 100644
-index 0000000..4d2061f
--- /dev/null
+++ b/include/sys/appleapiopts.h
@@ -0,0 +1,52 @@
fsck_hfs.tproj/dfalib/hfs_endian.c | 2 +-
4 files changed, 16 insertions(+), 13 deletions(-)
-diff --git a/fsck_hfs.tproj/dfalib/BTreePrivate.h b/fsck_hfs.tproj/dfalib/BTreePrivate.h
-index 058c75b..2fc2f28 100644
--- a/fsck_hfs.tproj/dfalib/BTreePrivate.h
+++ b/fsck_hfs.tproj/dfalib/BTreePrivate.h
@@ -104,6 +104,9 @@ typedef enum {
typedef struct BTreeControlBlock { // fields specific to BTree CBs
UInt8 keyCompareType; /* Key string Comparison Type */
-@@ -144,7 +147,7 @@ typedef struct BTreeControlBlock { // fields specific to BTree CBs
+@@ -144,7 +147,7 @@ typedef struct BTreeControlBlock { /
UInt32 numPossibleHints; // Looks like a formated hint
UInt32 numValidHints; // Hint used to find correct record.
SFCB *fcbPtr; // fcb of btree file
} BTreeControlBlock, *BTreeControlBlockPtr;
-diff --git a/fsck_hfs.tproj/dfalib/SControl.c b/fsck_hfs.tproj/dfalib/SControl.c
-index 37eb242..4ce9e16 100644
--- a/fsck_hfs.tproj/dfalib/SControl.c
+++ b/fsck_hfs.tproj/dfalib/SControl.c
@@ -1034,7 +1034,7 @@ static int ScavTerm( SGlobPtr GPtr )
}
}
}
-diff --git a/fsck_hfs.tproj/dfalib/SVerify1.c b/fsck_hfs.tproj/dfalib/SVerify1.c
-index c272d4d..a273bf3 100644
--- a/fsck_hfs.tproj/dfalib/SVerify1.c
+++ b/fsck_hfs.tproj/dfalib/SVerify1.c
-@@ -789,8 +789,8 @@ OSErr CreateExtentsBTreeControlBlock( SGlobPtr GPtr )
+@@ -789,8 +789,8 @@ OSErr CreateExtentsBTreeControlBlock( SG
//
// set up our DFA extended BTCB area. Will we have enough memory on all HFS+ volumes.
//
err = R_NoMem;
goto exit;
}
-@@ -1144,8 +1144,8 @@ OSErr CreateCatalogBTreeControlBlock( SGlobPtr GPtr )
+@@ -1144,8 +1144,8 @@ OSErr CreateCatalogBTreeControlBlock( SG
// set up our DFA extended BTCB area. Will we have enough memory on all HFS+ volumes.
//
err = R_NoMem;
goto exit;
}
-@@ -1779,8 +1779,8 @@ OSErr CreateAttributesBTreeControlBlock( SGlobPtr GPtr )
+@@ -1779,8 +1779,8 @@ OSErr CreateAttributesBTreeControlBlock(
//
// set up our DFA extended BTCB area. Will we have enough memory on all HFS+ volumes.
//
err = R_NoMem;
goto exit;
}
-@@ -1793,7 +1793,7 @@ OSErr CreateAttributesBTreeControlBlock( SGlobPtr GPtr )
+@@ -1793,7 +1793,7 @@ OSErr CreateAttributesBTreeControlBlock(
}
else
{
err = R_NoMem;
goto exit;
}
-diff --git a/fsck_hfs.tproj/dfalib/hfs_endian.c b/fsck_hfs.tproj/dfalib/hfs_endian.c
-index 69500c1..3cc9eb4 100755
--- a/fsck_hfs.tproj/dfalib/hfs_endian.c
+++ b/fsck_hfs.tproj/dfalib/hfs_endian.c
@@ -437,7 +437,7 @@ hfs_swap_HFSPlusBTInternalNode (
fsck_hfs.tproj/dfalib/SBTree.c | 14 +++++------
2 files changed, 31 insertions(+), 31 deletions(-)
-diff --git a/fsck_hfs.tproj/dfalib/BTreeTreeOps.c b/fsck_hfs.tproj/dfalib/BTreeTreeOps.c
-index b812b14..37fb170 100644
--- a/fsck_hfs.tproj/dfalib/BTreeTreeOps.c
+++ b/fsck_hfs.tproj/dfalib/BTreeTreeOps.c
-@@ -223,7 +223,7 @@ OSStatus SearchTree (BTreeControlBlockPtr btreePtr,
+@@ -223,7 +223,7 @@ OSStatus SearchTree (BTreeControlBlockPt
//
if (curNodeNum == 0)
{
err = fsBTInvalidNodeErr;
goto ErrorExit;
}
-@@ -433,7 +433,7 @@ OSStatus InsertLevel (BTreeControlBlockPtr btreePtr,
+@@ -433,7 +433,7 @@ OSStatus InsertLevel (BTreeControlBlockP
M_ExitOnError (err);
if ( DEBUG_BUILD && updateParent && newRoot )
}
//////////////////////// Update Parent(s) ///////////////////////////////
-@@ -448,7 +448,7 @@ OSStatus InsertLevel (BTreeControlBlockPtr btreePtr,
+@@ -448,7 +448,7 @@ OSStatus InsertLevel (BTreeControlBlockP
secondaryKey = nil;
++level;
-@@ -456,7 +456,7 @@ OSStatus InsertLevel (BTreeControlBlockPtr btreePtr,
+@@ -456,7 +456,7 @@ OSStatus InsertLevel (BTreeControlBlockP
index = treePathTable [level].index;
parentNodeNum = treePathTable [level].node;
err = GetNode (btreePtr, parentNodeNum, &parentNode); // released as target node in next level up
M_ExitOnError (err);
-@@ -470,7 +470,7 @@ OSStatus InsertLevel (BTreeControlBlockPtr btreePtr,
+@@ -470,7 +470,7 @@ OSStatus InsertLevel (BTreeControlBlockP
{
//¥¥Êdebug: check if ptr == targetNodeNum
GetRecordByIndex (btreePtr, parentNode.buffer, index, &keyPtr, &recPtr, &recSize);
return err;
-@@ -566,7 +566,7 @@ static OSErr InsertNode (BTreeControlBlockPtr btreePtr,
+@@ -566,7 +566,7 @@ static OSErr InsertNode (BTreeControlBlo
*rootSplit = false;
leftNodeNum = ((NodeDescPtr) targetNode->buffer)->bLink;
rightNodeNum = ((NodeDescPtr) targetNode->buffer)->fLink;
-@@ -606,7 +606,7 @@ static OSErr InsertNode (BTreeControlBlockPtr btreePtr,
+@@ -606,7 +606,7 @@ static OSErr InsertNode (BTreeControlBlo
if ( leftNodeNum > 0 )
{
if ( siblingNode->buffer == nil )
{
-@@ -614,7 +614,7 @@ static OSErr InsertNode (BTreeControlBlockPtr btreePtr,
+@@ -614,7 +614,7 @@ static OSErr InsertNode (BTreeControlBlo
M_ExitOnError (err);
}
if ( !key->skipRotate ) // are rotates allowed?
{
-@@ -703,7 +703,7 @@ OSStatus DeleteTree (BTreeControlBlockPtr btreePtr,
+@@ -703,7 +703,7 @@ OSStatus DeleteTree (BTreeControlBlock
targetNodeNum = treePathTable[level].node;
targetNodePtr = targetNode->buffer;
DeleteRecord (btreePtr, targetNodePtr, index);
-@@ -797,7 +797,7 @@ OSStatus DeleteTree (BTreeControlBlockPtr btreePtr,
+@@ -797,7 +797,7 @@ OSStatus DeleteTree (BTreeControlBlock
//¥¥Êdebug: check if ptr == targetNodeNum
GetRecordByIndex (btreePtr, parentNode.buffer, index, &keyPtr, &recPtr, &recSize);
// need to delete and re-insert this parent key/ptr
DeleteRecord (btreePtr, parentNode.buffer, index);
-@@ -1018,7 +1018,7 @@ static OSStatus RotateLeft (BTreeControlBlockPtr btreePtr,
+@@ -1018,7 +1018,7 @@ static OSStatus RotateLeft (BTreeContro
keyPtr, keyLength, recPtr, recSize);
if ( !didItFit )
{
err = fsBTBadRotateErr;
goto ErrorExit;
}
-@@ -1031,7 +1031,7 @@ static OSStatus RotateLeft (BTreeControlBlockPtr btreePtr,
+@@ -1031,7 +1031,7 @@ static OSStatus RotateLeft (BTreeContro
didItFit = RotateRecordLeft (btreePtr, leftNode, rightNode);
if ( !didItFit )
{
err = fsBTBadRotateErr;
goto ErrorExit;
}
-@@ -1048,7 +1048,7 @@ static OSStatus RotateLeft (BTreeControlBlockPtr btreePtr,
+@@ -1048,7 +1048,7 @@ static OSStatus RotateLeft (BTreeContro
keyPtr, keyLength, recPtr, recSize);
if ( !didItFit )
{
err = fsBTBadRotateErr;
goto ErrorExit;
}
-@@ -1117,7 +1117,7 @@ static OSStatus SplitLeft (BTreeControlBlockPtr btreePtr,
+@@ -1117,7 +1117,7 @@ static OSStatus SplitLeft (BTreeControl
right = rightNode->buffer;
left = leftNode->buffer;
//¥¥ type should be kLeafNode or kIndexNode
-@@ -1240,8 +1240,8 @@ static OSStatus AddNewRootNode (BTreeControlBlockPtr btreePtr,
+@@ -1240,8 +1240,8 @@ static OSStatus AddNewRootNode (BTreeCon
Boolean didItFit;
UInt16 keyLength;
/////////////////////// Initialize New Root Node ////////////////////////////
-@@ -1264,7 +1264,7 @@ static OSStatus AddNewRootNode (BTreeControlBlockPtr btreePtr,
+@@ -1264,7 +1264,7 @@ static OSStatus AddNewRootNode (BTreeCon
didItFit = InsertKeyRecord ( btreePtr, rootNode.buffer, 0, keyPtr, keyLength,
(UInt8 *) &rightNode->bLink, 4 );
//////////////////// Insert Right Node Index Record /////////////////////////
-@@ -1275,7 +1275,7 @@ static OSStatus AddNewRootNode (BTreeControlBlockPtr btreePtr,
+@@ -1275,7 +1275,7 @@ static OSStatus AddNewRootNode (BTreeCon
didItFit = InsertKeyRecord ( btreePtr, rootNode.buffer, 1, keyPtr, keyLength,
(UInt8 *) &leftNode->fLink, 4 );
#if DEBUG_TREEOPS
-@@ -1355,7 +1355,7 @@ static OSStatus SplitRight (BTreeControlBlockPtr btreePtr,
+@@ -1355,7 +1355,7 @@ static OSStatus SplitRight (BTreeContro
}
rightPtr = rightNodePtr->buffer;
//¥¥ type should be kLeafNode or kIndexNode
-@@ -1557,7 +1557,7 @@ static OSStatus RotateRight (BTreeControlBlockPtr btreePtr,
+@@ -1557,7 +1557,7 @@ static OSStatus RotateRight (BTreeContr
keyPtr, keyLength, recPtr, recSize);
if ( !didItFit )
{
err = fsBTBadRotateErr;
goto ErrorExit;
}
-@@ -1572,7 +1572,7 @@ static OSStatus RotateRight (BTreeControlBlockPtr btreePtr,
+@@ -1572,7 +1572,7 @@ static OSStatus RotateRight (BTreeContr
didItFit = RotateRecordRight( btreePtr, leftNodePtr, rightNodePtr );
if ( !didItFit )
{
err = fsBTBadRotateErr;
goto ErrorExit;
}
-@@ -1583,7 +1583,7 @@ static OSStatus RotateRight (BTreeControlBlockPtr btreePtr,
+@@ -1583,7 +1583,7 @@ static OSStatus RotateRight (BTreeContr
keyPtr, keyLength, recPtr, recSize);
if ( !didItFit )
{
err = fsBTBadRotateErr;
goto ErrorExit;
}
-@@ -1607,7 +1607,7 @@ static OSStatus RotateRight (BTreeControlBlockPtr btreePtr,
+@@ -1607,7 +1607,7 @@ static OSStatus RotateRight (BTreeContr
keyPtr, keyLength, recPtr, recSize);
if ( !didItFit )
{
err = fsBTBadRotateErr;
goto ErrorExit;
}
-diff --git a/fsck_hfs.tproj/dfalib/SBTree.c b/fsck_hfs.tproj/dfalib/SBTree.c
-index cd81b13..eeb4e8c 100644
--- a/fsck_hfs.tproj/dfalib/SBTree.c
+++ b/fsck_hfs.tproj/dfalib/SBTree.c
-@@ -103,7 +103,7 @@ OSErr SearchBTreeRecord(SFCB *fcb, const void* key, UInt32 hint, void* foundKey,
+@@ -103,7 +103,7 @@ OSErr SearchBTreeRecord(SFCB *fcb, const
CopyMemory(&resultIterator->key, foundKey, CalcKeySize(btcb, &resultIterator->key)); //¥¥ warning, this could overflow user's buffer!!!
if ( DEBUG_BUILD && !ValidHFSRecord(data, btcb, *dataSize) )
}
ErrorExit:
-@@ -211,7 +211,7 @@ OSErr GetBTreeRecord(SFCB *fcb, SInt16 selectionIndex, void* key, void* data, UI
+@@ -211,7 +211,7 @@ OSErr GetBTreeRecord(SFCB *fcb, SInt16 s
CopyMemory(&iterator->key, key, CalcKeySize(btcb, &iterator->key)); //¥¥ warning, this could overflow user's buffer!!!
if ( DEBUG_BUILD && !ValidHFSRecord(data, btcb, *dataSize) )
}
-@@ -243,7 +243,7 @@ OSErr InsertBTreeRecord(SFCB *fcb, const void* key, const void* data, UInt16 dat
+@@ -243,7 +243,7 @@ OSErr InsertBTreeRecord(SFCB *fcb, const
CopyMemory(key, &iterator.key, CalcKeySize(btcb, (BTreeKey *) key)); //¥¥ should we range check against maxkeylen?
if ( DEBUG_BUILD && !ValidHFSRecord(data, btcb, dataSize) )
result = BTInsertRecord( fcb, &iterator, &btRecord, dataSize );
-@@ -305,7 +305,7 @@ OSErr ReplaceBTreeRecord(SFCB *fcb, const void* key, UInt32 hint, void *newData,
+@@ -305,7 +305,7 @@ OSErr ReplaceBTreeRecord(SFCB *fcb, cons
CopyMemory(key, &iterator.key, CalcKeySize(btcb, (BTreeKey *) key)); //¥¥ should we range check against maxkeylen?
if ( DEBUG_BUILD && !ValidHFSRecord(newData, btcb, dataSize) )
result = BTReplaceRecord( fcb, &iterator, &btRecord, dataSize );
-@@ -344,7 +344,7 @@ SetEndOfForkProc ( SFCB *filePtr, FSSize minEOF, FSSize maxEOF )
+@@ -344,7 +344,7 @@ SetEndOfForkProc ( SFCB *filePtr, FSSize
else
{
if ( DEBUG_BUILD )
return -1;
}
-@@ -370,7 +370,7 @@ SetEndOfForkProc ( SFCB *filePtr, FSSize minEOF, FSSize maxEOF )
+@@ -370,7 +370,7 @@ SetEndOfForkProc ( SFCB *filePtr, FSSize
// Make sure we got at least as much space as we needed
//
if (filePtr->fcbLogicalSize < minEOF) {
return dskFulErr;
}
-@@ -442,7 +442,7 @@ static OSErr CheckBTreeKey(const BTreeKey *key, const BTreeControlBlock *btcb)
+@@ -442,7 +442,7 @@ static OSErr CheckBTreeKey(const BTreeKe
if ( (keyLen < 6) || (keyLen > btcb->maxKeyLength) )
{
if ( DEBUG_BUILD )
fsck_hfs.tproj/dfalib/hfs_endian.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
-diff --git a/fsck_hfs.tproj/dfalib/SControl.c b/fsck_hfs.tproj/dfalib/SControl.c
-index 4ce9e16..8b03ece 100644
--- a/fsck_hfs.tproj/dfalib/SControl.c
+++ b/fsck_hfs.tproj/dfalib/SControl.c
@@ -776,7 +776,7 @@ static int ScavSetUp( SGlob *GPtr)
R_NoMem, sizeof(ScavStaticStructures) );
}
return( R_NoMem );
-diff --git a/fsck_hfs.tproj/dfalib/hfs_endian.c b/fsck_hfs.tproj/dfalib/hfs_endian.c
-index 3cc9eb4..6ca2ac1 100755
--- a/fsck_hfs.tproj/dfalib/hfs_endian.c
+++ b/fsck_hfs.tproj/dfalib/hfs_endian.c
@@ -563,7 +563,7 @@ hfs_swap_HFSPlusBTInternalNode (
newfs_hfs.tproj/makehfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/newfs_hfs.tproj/makehfs.c b/newfs_hfs.tproj/makehfs.c
-index 7609779..2233ef7 100644
--- a/newfs_hfs.tproj/makehfs.c
+++ b/newfs_hfs.tproj/makehfs.c
-@@ -70,7 +70,7 @@ extern Boolean _CFStringGetFileSystemRepresentation(CFStringRef string, UInt8 *b
+@@ -70,7 +70,7 @@ extern Boolean _CFStringGetFileSystemRep
#include "readme.h"
fsck_hfs.tproj/fsck_hfs.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
-diff --git a/fsck_hfs.tproj/fsck_hfs.c b/fsck_hfs.tproj/fsck_hfs.c
-index f1a18bd..6117698 100644
--- a/fsck_hfs.tproj/fsck_hfs.c
+++ b/fsck_hfs.tproj/fsck_hfs.c
@@ -104,7 +104,7 @@ main(argc, argv)
fsck_hfs.tproj/fsck_debug.h | 10 +++++-----
4 files changed, 22 insertions(+), 22 deletions(-)
-diff --git a/fsck_hfs.tproj/dfalib/SRepair.c b/fsck_hfs.tproj/dfalib/SRepair.c
-index 8eb759c..89c12d6 100644
--- a/fsck_hfs.tproj/dfalib/SRepair.c
+++ b/fsck_hfs.tproj/dfalib/SRepair.c
-@@ -1825,13 +1825,13 @@ static OSErr FixAttrSize(SGlobPtr GPtr, RepairOrderPtr p)
+@@ -1825,13 +1825,13 @@ static OSErr FixAttrSize(SGlobPtr GPtr,
result = BTSearchRecord(GPtr->calculatedAttributesFCB, &iterator,
kInvalidMRUCacheKey, &btRecord, &recSize, &iterator);
if (result) {
result = btNotFound;
goto out;
}
-@@ -1862,7 +1862,7 @@ static OSErr FixAttrSize(SGlobPtr GPtr, RepairOrderPtr p)
+@@ -1862,7 +1862,7 @@ static OSErr FixAttrSize(SGlobPtr GPtr,
result = BTReplaceRecord(GPtr->calculatedAttributesFCB, &iterator,
&btRecord, recSize);
if (result) {
if (err) {
goto create_symlink;
}
-@@ -3227,12 +3227,12 @@ static OSErr MoveExtent(SGlobPtr GPtr, ExtentInfo *extentInfo)
+@@ -3227,12 +3227,12 @@ static OSErr MoveExtent(SGlobPtr GPtr, E
&extentData, &recordSize, &foundExtentIndex);
foundLocation = extentsBTree;
if (err != noErr) {
goto out;
}
}
-@@ -3241,7 +3241,7 @@ static OSErr MoveExtent(SGlobPtr GPtr, ExtentInfo *extentInfo)
+@@ -3241,7 +3241,7 @@ static OSErr MoveExtent(SGlobPtr GPtr, E
err = CopyDiskBlocks(GPtr, extentInfo->startBlock, extentInfo->blockCount,
extentInfo->newStartBlock);
if (err != noErr) {
goto out;
}
-@@ -3260,7 +3260,7 @@ static OSErr MoveExtent(SGlobPtr GPtr, ExtentInfo *extentInfo)
+@@ -3260,7 +3260,7 @@ static OSErr MoveExtent(SGlobPtr GPtr, E
}
if (err != noErr) {
goto out;
}
-@@ -3491,7 +3491,7 @@ static OSErr SearchExtentInAttributeBT(SGlobPtr GPtr, ExtentInfo *extentInfo,
+@@ -3491,7 +3491,7 @@ static OSErr SearchExtentInAttributeBT(S
result = BTSearchRecord(GPtr->calculatedAttributesFCB, &iterator,
kInvalidMRUCacheKey, &btRecord, recordSize, &iterator);
if (result) {
goto out;
}
-diff --git a/fsck_hfs.tproj/dfalib/SVerify1.c b/fsck_hfs.tproj/dfalib/SVerify1.c
-index a273bf3..39bda5c 100644
--- a/fsck_hfs.tproj/dfalib/SVerify1.c
+++ b/fsck_hfs.tproj/dfalib/SVerify1.c
-@@ -2157,9 +2157,9 @@ CheckAttributeRecord(SGlobPtr GPtr, const HFSPlusAttrKey *key, const HFSPlusAttr
+@@ -2157,9 +2157,9 @@ CheckAttributeRecord(SGlobPtr GPtr, cons
if (doDelete == true) {
result = DeleteBTreeRecord(GPtr->calculatedAttributesFCB, key);
}
/* Set flags to mark header and map dirty */
-@@ -3034,7 +3034,7 @@ OSErr CheckFileExtents( SGlobPtr GPtr, UInt32 fileNumber, UInt8 forkType,
+@@ -3034,7 +3034,7 @@ OSErr CheckFileExtents( SGlobPtr GPtr, U
// checkout the extent record first
err = ChkExtRec( GPtr, extents, &lastExtentIndex );
if (err != noErr) {
/* Stop verification if bad extent is found for system file or EA */
if ((fileNumber < kHFSFirstUserCatalogNodeID) ||
-diff --git a/fsck_hfs.tproj/fsck_debug.c b/fsck_hfs.tproj/fsck_debug.c
-index 1be3fc5..77e8e51 100644
--- a/fsck_hfs.tproj/fsck_debug.c
+++ b/fsck_hfs.tproj/fsck_debug.c
@@ -25,18 +25,18 @@
{
if (cur_debug_level & type) {
va_list ap;
-diff --git a/fsck_hfs.tproj/fsck_debug.h b/fsck_hfs.tproj/fsck_debug.h
-index 81e3932..cb1b9be 100644
--- a/fsck_hfs.tproj/fsck_debug.h
+++ b/fsck_hfs.tproj/fsck_debug.h
@@ -36,18 +36,18 @@ enum debug_message_type {
fsck_hfs.tproj/dfalib/SVerify2.c | 4 +-
10 files changed, 177 insertions(+), 177 deletions(-)
-diff --git a/fsck_hfs.tproj/dfalib/BTree.c b/fsck_hfs.tproj/dfalib/BTree.c
-index 7ad9fe0..c0c8744 100644
--- a/fsck_hfs.tproj/dfalib/BTree.c
+++ b/fsck_hfs.tproj/dfalib/BTree.c
-@@ -163,21 +163,21 @@ OSStatus BTInitialize (FCB *filePtr,
+@@ -163,21 +163,21 @@ OSStatus BTInitialize (FCB *filePtr
////////////////////// Preliminary Error Checking ///////////////////////////
if ((maxKeyLength == 0) ||
(maxKeyLength > kMaxKeyLength)) return fsBTInvalidKeyLengthErr;
-@@ -209,7 +209,7 @@ OSStatus BTInitialize (FCB *filePtr,
+@@ -209,7 +209,7 @@ OSStatus BTInitialize (FCB *filePtr
//////////////////////// Allocate Control Block /////////////////////////////
M_RESIDENT_ALLOCATE_FIXED_CLEAR( &btreePtr, sizeof( BTreeControlBlock ), kFSBTreeControlBlockType );
{
err = memFullErr;
goto ErrorExit;
-@@ -220,7 +220,7 @@ OSStatus BTInitialize (FCB *filePtr,
+@@ -220,7 +220,7 @@ OSStatus BTInitialize (FCB *filePtr
btreePtr->flags = 0;
btreePtr->attributes = 0;
btreePtr->forkPtr = forkPtr;
btreePtr->keyDescPtr = keyDescPtr;
btreePtr->btreeType = btreeType;
btreePtr->treeDepth = 0;
-@@ -282,7 +282,7 @@ OSStatus BTInitialize (FCB *filePtr,
+@@ -282,7 +282,7 @@ OSStatus BTInitialize (FCB *filePtr
///////////////////// Copy Key Descriptor To Header /////////////////////////
#if SupportsKeyDescriptors
{
err = CheckKeyDescriptor (keyDescPtr, maxKeyLength);
M_ExitOnError (err);
-@@ -309,7 +309,7 @@ OSStatus BTInitialize (FCB *filePtr,
+@@ -309,7 +309,7 @@ OSStatus BTInitialize (FCB *filePtr
err = UpdateHeader (btreePtr);
M_ExitOnError (err);
M_RESIDENT_DEALLOCATE_FIXED( btreePtr, sizeof( BTreeControlBlock ), kFSBTreeControlBlockType );
return noErr;
-@@ -320,7 +320,7 @@ OSStatus BTInitialize (FCB *filePtr,
+@@ -320,7 +320,7 @@ OSStatus BTInitialize (FCB *filePtr
ErrorExit:
(void) ReleaseNode (btreePtr, &headerNode);
M_RESIDENT_DEALLOCATE_FIXED( btreePtr, sizeof( BTreeControlBlock ), kFSBTreeControlBlockType );
return err;
-@@ -342,7 +342,7 @@ Input: filePtr - pointer to file to open as a B-tree
+@@ -342,7 +342,7 @@ Input: filePtr - pointer to file to
setEndOfForkProc - pointer to client's SetEOF function
Result: noErr - success
fsBTInvalidFileErr -
memFullErr -
!= noErr - failure
-@@ -364,16 +364,16 @@ OSStatus BTOpenPath (SFCB *filePtr,
+@@ -364,16 +364,16 @@ OSStatus BTOpenPath (SFCB *filePtr
////////////////////// Preliminary Error Checking ///////////////////////////
return noErr;
// is file large enough to contain header node?
-@@ -384,7 +384,7 @@ OSStatus BTOpenPath (SFCB *filePtr,
+@@ -384,7 +384,7 @@ OSStatus BTOpenPath (SFCB *filePtr
//////////////////////// Allocate Control Block /////////////////////////////
btreePtr = (BTreeControlBlock*) AllocateClearMemory( sizeof( BTreeControlBlock ) );
{
Panic ("\pBTOpen: no memory for btreePtr.");
return memFullErr;
-@@ -397,7 +397,7 @@ OSStatus BTOpenPath (SFCB *filePtr,
+@@ -397,7 +397,7 @@ OSStatus BTOpenPath (SFCB *filePtr
/////////////////////////// Read Header Node ////////////////////////////////
btreePtr->fcbPtr = filePtr;
filePtr->fcbBtree = (void *) btreePtr; // attach btree cb to file
-@@ -487,7 +487,7 @@ OSStatus BTOpenPath (SFCB *filePtr,
+@@ -487,7 +487,7 @@ OSStatus BTOpenPath (SFCB *filePtr
////////////////////////// Get Key Descriptor ///////////////////////////////
#if SupportsKeyDescriptors
{
err = GetKeyDescriptor (btreePtr, nodeRec.buffer); //¥¥ it should check amount of memory allocated...
M_ExitOnError (err);
-@@ -499,7 +499,7 @@ OSStatus BTOpenPath (SFCB *filePtr,
+@@ -499,7 +499,7 @@ OSStatus BTOpenPath (SFCB *filePtr
else
#endif
{
}
err = ReleaseNode (btreePtr, &nodeRec);
-@@ -528,7 +528,7 @@ OSStatus BTOpenPath (SFCB *filePtr,
+@@ -528,7 +528,7 @@ OSStatus BTOpenPath (SFCB *filePtr
ErrorExit:
(void) ReleaseNode (btreePtr, &nodeRec);
DisposeMemory( btreePtr );
-@@ -567,7 +567,7 @@ OSStatus BTClosePath (SFCB *filePtr)
+@@ -567,7 +567,7 @@ OSStatus BTClosePath (SFCB *filePt
btreePtr = (BTreeControlBlockPtr) filePtr->fcbBtree;
return fsBTInvalidFileErr;
////////////////////// Check for other BTree Paths //////////////////////////
-@@ -603,14 +603,14 @@ OSStatus BTClosePath (SFCB *filePtr)
+@@ -603,14 +603,14 @@ OSStatus BTClosePath (SFCB *filePt
M_ExitOnError (err);
#if SupportsKeyDescriptors
// LogEndTime(kTraceCloseBTree, noErr);
-@@ -643,7 +643,7 @@ Function: Search for position in B*Tree indicated by searchKey. If a valid node
+@@ -643,7 +643,7 @@ Function: Search for position in B*Tree
Input: pathPtr - pointer to path for BTree file.
searchKey - pointer to search key to match.
Output: record - pointer to BufferDescriptor containing record
recordLen - length of data at recordPtr
-@@ -678,14 +678,14 @@ OSStatus BTSearchRecord (SFCB *filePtr,
+@@ -678,14 +678,14 @@ OSStatus BTSearchRecord (SFCB *fil
// LogStartTime(kTraceSearchBTree);
{
err = CheckKey (&searchIterator->key, btreePtr->keyDescPtr, btreePtr->maxKeyLength);
M_ExitOnError (err);
-@@ -775,9 +775,9 @@ OSStatus BTSearchRecord (SFCB *filePtr,
+@@ -775,9 +775,9 @@ OSStatus BTSearchRecord (SFCB *fil
//¥¥ Should check for errors! Or BlockMove could choke on recordPtr!!!
GetRecordByIndex (btreePtr, node.buffer, index, &keyPtr, &recordPtr, &len);
{
ByteCount recordSize;
-@@ -794,7 +794,7 @@ OSStatus BTSearchRecord (SFCB *filePtr,
+@@ -794,7 +794,7 @@ OSStatus BTSearchRecord (SFCB *fil
/////////////////////// Success - Update Iterator ///////////////////////////
{
resultIterator->hint.writeCount = btreePtr->writeCount;
resultIterator->hint.nodeNum = nodeNum;
-@@ -825,10 +825,10 @@ OSStatus BTSearchRecord (SFCB *filePtr,
+@@ -825,10 +825,10 @@ OSStatus BTSearchRecord (SFCB *fil
ErrorExit:
{
resultIterator->hint.writeCount = 0;
resultIterator->hint.nodeNum = 0;
-@@ -892,18 +892,18 @@ OSStatus BTIterateRecord (SFCB *filePtr,
+@@ -892,18 +892,18 @@ OSStatus BTIterateRecord (SFCB *fi
////////////////////////// Priliminary Checks ///////////////////////////////
{
return fsBTInvalidFileErr; //¥¥ handle properly
}
-@@ -968,7 +968,7 @@ OSStatus BTIterateRecord (SFCB *filePtr,
+@@ -968,7 +968,7 @@ OSStatus BTIterateRecord (SFCB *fi
}
else
{
{
nodeNum = ((NodeDescPtr) node.buffer)->bLink;
if ( nodeNum > 0)
-@@ -981,13 +981,13 @@ OSStatus BTIterateRecord (SFCB *filePtr,
+@@ -981,13 +981,13 @@ OSStatus BTIterateRecord (SFCB *fi
}
}
// Before we stomp on "right", we'd better release it if needed
index = ((NodeDescPtr) node.buffer)->numRecords -1;
}
}
-@@ -1012,7 +1012,7 @@ OSStatus BTIterateRecord (SFCB *filePtr,
+@@ -1012,7 +1012,7 @@ OSStatus BTIterateRecord (SFCB *fi
}
else
{
{
nodeNum = ((NodeDescPtr) node.buffer)->fLink;
if ( nodeNum > 0)
-@@ -1025,13 +1025,13 @@ OSStatus BTIterateRecord (SFCB *filePtr,
+@@ -1025,13 +1025,13 @@ OSStatus BTIterateRecord (SFCB *fi
}
}
// Before we stomp on "left", we'd better release it if needed
{
iterator->hint.writeCount = 0;
iterator->hint.nodeNum = 0;
-@@ -1157,7 +1157,7 @@ OSStatus BTInsertRecord (SFCB *filePtr,
+@@ -1157,7 +1157,7 @@ OSStatus BTInsertRecord (SFCB *fil
////////////////////////// Priliminary Checks ///////////////////////////////
err = CheckInsertParams (filePtr, iterator, record, recordLen);
if (err != noErr)
-@@ -1317,7 +1317,7 @@ OSStatus BTSetRecord (SFCB *filePtr,
+@@ -1317,7 +1317,7 @@ OSStatus BTSetRecord (SFCB *fileP
////////////////////////// Priliminary Checks ///////////////////////////////
err = CheckInsertParams (filePtr, iterator, record, recordLen);
if (err != noErr)
-@@ -1506,7 +1506,7 @@ OSStatus BTReplaceRecord (SFCB *filePtr,
+@@ -1506,7 +1506,7 @@ OSStatus BTReplaceRecord (SFCB *fi
////////////////////////// Priliminary Checks ///////////////////////////////
err = CheckInsertParams (filePtr, iterator, record, recordLen);
if (err != noErr)
-@@ -1645,20 +1645,20 @@ OSStatus BTDeleteRecord (SFCB *filePtr,
+@@ -1645,20 +1645,20 @@ OSStatus BTDeleteRecord (SFCB *fil
////////////////////////// Priliminary Checks ///////////////////////////////
{
err = CheckKey (&iterator->key, btreePtr->keyDescPtr, btreePtr->maxKeyLength);
M_ExitOnError (err);
-@@ -1712,12 +1712,12 @@ OSStatus BTGetInformation (SFCB *filePtr,
+@@ -1712,12 +1712,12 @@ OSStatus BTGetInformation (SFCB *fil
BTreeControlBlockPtr btreePtr;
//¥¥ check version?
-@@ -1730,7 +1730,7 @@ OSStatus BTGetInformation (SFCB *filePtr,
+@@ -1730,7 +1730,7 @@ OSStatus BTGetInformation (SFCB *fil
info->keyDescriptor = btreePtr->keyDescPtr; //¥¥ this won't do at all...
info->reserved = 0;
info->keyDescLength = 0;
else
info->keyDescLength = (UInt32) btreePtr->keyDescPtr->length;
-@@ -1762,11 +1762,11 @@ OSStatus BTFlushPath (SFCB *filePtr)
+@@ -1762,11 +1762,11 @@ OSStatus BTFlushPath (SFCB *fileP
// LogStartTime(kTraceFlushBTree);
err = UpdateHeader (btreePtr);
-@@ -1788,13 +1788,13 @@ Input: iterator - pointer to BTreeIterator
+@@ -1788,13 +1788,13 @@ Input: iterator - pointer to BTreeItera
Output: iterator - iterator with the hint.nodeNum cleared
Result: noErr - success
return paramErr;
iterator->hint.nodeNum = 0;
-diff --git a/fsck_hfs.tproj/dfalib/BTreeAllocate.c b/fsck_hfs.tproj/dfalib/BTreeAllocate.c
-index 485d867..02bdd8d 100644
--- a/fsck_hfs.tproj/dfalib/BTreeAllocate.c
+++ b/fsck_hfs.tproj/dfalib/BTreeAllocate.c
-@@ -83,7 +83,7 @@ OSStatus AllocateNode (BTreeControlBlockPtr btreePtr, UInt32 *nodeNum)
+@@ -83,7 +83,7 @@ OSStatus AllocateNode (BTreeControlBlock
nodeNumber = 0; // first node number of header map record
// - and for ErrorExit
while (true)
-@@ -192,7 +192,7 @@ OSStatus FreeNode (BTreeControlBlockPtr btreePtr, UInt32 nodeNum)
+@@ -192,7 +192,7 @@ OSStatus FreeNode (BTreeControlBlockPtr
//////////////////////////// Find Map Record ////////////////////////////////
nodeIndex = 0; // first node number of header map record
while (nodeNum >= nodeIndex)
{
-@@ -278,8 +278,8 @@ OSStatus ExtendBTree (BTreeControlBlockPtr btreePtr,
+@@ -278,8 +278,8 @@ OSStatus ExtendBTree (BTreeControlBlockP
nodeSize = btreePtr->nodeSize;
filePtr = btreePtr->fcbPtr;
node is retrieved.
-@@ -474,7 +474,7 @@ OSStatus GetMapNode (BTreeControlBlockPtr btreePtr,
+@@ -474,7 +474,7 @@ OSStatus GetMapNode (BTreeControlBlockPt
UInt16 mapIndex;
UInt32 nextNodeNum;
*mapSize = 0;
return err;
-diff --git a/fsck_hfs.tproj/dfalib/BTreeMiscOps.c b/fsck_hfs.tproj/dfalib/BTreeMiscOps.c
-index 7c9edca..997f34b 100644
--- a/fsck_hfs.tproj/dfalib/BTreeMiscOps.c
+++ b/fsck_hfs.tproj/dfalib/BTreeMiscOps.c
-@@ -236,13 +236,13 @@ OSStatus FindIteratorPosition (BTreeControlBlockPtr btreePtr,
+@@ -236,13 +236,13 @@ OSStatus FindIteratorPosition (BTreeCont
// assume index points to UInt16
// assume foundRecord points to Boolean
{
err = fsBTInvalidIteratorErr;
goto ErrorExit;
-@@ -250,7 +250,7 @@ OSStatus FindIteratorPosition (BTreeControlBlockPtr btreePtr,
+@@ -250,7 +250,7 @@ OSStatus FindIteratorPosition (BTreeCont
#if SupportsKeyDescriptors
//¥¥ verify iterator key (change CheckKey to take btreePtr instead of keyDescPtr?)
{
err = CheckKey (&iterator->key, btreePtr->keyDescPtr, btreePtr->maxKeyLength );
M_ExitOnError (err);
-@@ -309,7 +309,7 @@ OSStatus FindIteratorPosition (BTreeControlBlockPtr btreePtr,
+@@ -309,7 +309,7 @@ OSStatus FindIteratorPosition (BTreeCont
{
*right = *middle;
*middle = *left;
index = leftIndex;
goto SuccessfulExit;
-@@ -330,7 +330,7 @@ OSStatus FindIteratorPosition (BTreeControlBlockPtr btreePtr,
+@@ -330,7 +330,7 @@ OSStatus FindIteratorPosition (BTreeCont
{
*right = *middle;
*middle = *left;
index = leftIndex;
goto SuccessfulExit;
-@@ -363,7 +363,7 @@ OSStatus FindIteratorPosition (BTreeControlBlockPtr btreePtr,
+@@ -363,7 +363,7 @@ OSStatus FindIteratorPosition (BTreeCont
{
*left = *middle;
*middle = *right;
index = rightIndex;
goto SuccessfulExit;
-@@ -427,15 +427,15 @@ OSStatus CheckInsertParams (SFCB *filePtr,
+@@ -427,15 +427,15 @@ OSStatus CheckInsertParams (SFCB *
{
BTreeControlBlockPtr btreePtr;
{
OSStatus err;
-diff --git a/fsck_hfs.tproj/dfalib/BTreeNodeOps.c b/fsck_hfs.tproj/dfalib/BTreeNodeOps.c
-index da07cc7..ef2bd7b 100644
--- a/fsck_hfs.tproj/dfalib/BTreeNodeOps.c
+++ b/fsck_hfs.tproj/dfalib/BTreeNodeOps.c
-@@ -105,7 +105,7 @@ Function: Gets an existing BTree node from FS Agent and verifies it.
+@@ -105,7 +105,7 @@ Function: Gets an existing BTree node fr
Input: btreePtr - pointer to BTree control block
nodeNum - number of node to request
Result:
noErr - success
-@@ -139,7 +139,7 @@ OSStatus GetNode (BTreeControlBlockPtr btreePtr,
+@@ -139,7 +139,7 @@ OSStatus GetNode (BTreeControlBlockPtr
if (err != noErr)
{
Panic ("\pGetNode: getNodeProc returned error.");
goto ErrorExit;
}
++btreePtr->numGetNodes;
-@@ -156,8 +156,8 @@ OSStatus GetNode (BTreeControlBlockPtr btreePtr,
+@@ -156,8 +156,8 @@ OSStatus GetNode (BTreeControlBlockPtr
return noErr;
ErrorExit:
// LogEndTime(kTraceGetNode, err);
-@@ -176,7 +176,7 @@ Function: Gets a new BTree node from FS Agent and initializes it to an empty
+@@ -176,7 +176,7 @@ Function: Gets a new BTree node from FS
Input: btreePtr - pointer to BTree control block
nodeNum - number of node to request
Result: noErr - success
!= noErr - failure
-@@ -203,7 +203,7 @@ OSStatus GetNewNode (BTreeControlBlockPtr btreePtr,
+@@ -203,7 +203,7 @@ OSStatus GetNewNode (BTreeControlBlockPt
if (err != noErr)
{
Panic ("\pGetNewNode: getNodeProc returned error.");
return err;
}
++btreePtr->numGetNewNodes;
-@@ -248,7 +248,7 @@ OSStatus ReleaseNode (BTreeControlBlockPtr btreePtr,
+@@ -248,7 +248,7 @@ OSStatus ReleaseNode (BTreeControlBlockP
err = noErr;
{
/*
* The nodes must remain in the cache as big endian!
-@@ -267,8 +267,8 @@ OSStatus ReleaseNode (BTreeControlBlockPtr btreePtr,
+@@ -267,8 +267,8 @@ OSStatus ReleaseNode (BTreeControlBlockP
++btreePtr->numReleaseNodes;
}
// LogEndTime(kTraceReleaseNode, err);
-@@ -299,7 +299,7 @@ OSStatus TrashNode (BTreeControlBlockPtr btreePtr,
+@@ -299,7 +299,7 @@ OSStatus TrashNode (BTreeControlBlockPtr
err = noErr;
{
releaseNodeProc = btreePtr->releaseBlockProc;
err = releaseNodeProc (btreePtr->fcbPtr,
-@@ -309,8 +309,8 @@ OSStatus TrashNode (BTreeControlBlockPtr btreePtr,
+@@ -309,8 +309,8 @@ OSStatus TrashNode (BTreeControlBlockPtr
++btreePtr->numReleaseNodes;
}
return err;
}
-@@ -338,7 +338,7 @@ OSStatus UpdateNode (BTreeControlBlockPtr btreePtr,
+@@ -338,7 +338,7 @@ OSStatus UpdateNode (BTreeControlBlockPt
err = noErr;
{
// LogStartTime(kTraceReleaseNode);
err = hfs_swap_BTNode(nodePtr, btreePtr->fcbPtr, kSwapBTNodeHostToBig);
-@@ -358,8 +358,8 @@ OSStatus UpdateNode (BTreeControlBlockPtr btreePtr,
+@@ -358,8 +358,8 @@ OSStatus UpdateNode (BTreeControlBlockPt
++btreePtr->numUpdateNodes;
}
return noErr;
-diff --git a/fsck_hfs.tproj/dfalib/BTreeTreeOps.c b/fsck_hfs.tproj/dfalib/BTreeTreeOps.c
-index 37fb170..73e1fda 100644
--- a/fsck_hfs.tproj/dfalib/BTreeTreeOps.c
+++ b/fsck_hfs.tproj/dfalib/BTreeTreeOps.c
-@@ -177,7 +177,7 @@ Output: nodeNum - number of the node containing the key position
+@@ -177,7 +177,7 @@ Output: nodeNum - number of the node
Result: noErr - key found, index is record index
fsBTRecordNotFoundErr - key not found, index is insert index
*returnIndex = 0;
return err;
-@@ -354,7 +354,7 @@ OSStatus InsertTree ( BTreeControlBlockPtr btreePtr,
+@@ -354,7 +354,7 @@ OSStatus InsertTree ( BTreeControlBlockP
primaryKey.replacingKey = replacingKey;
primaryKey.skipRotate = false;
targetNode, index, level, insertNode );
return err;
-@@ -385,7 +385,7 @@ OSStatus InsertLevel (BTreeControlBlockPtr btreePtr,
+@@ -385,7 +385,7 @@ OSStatus InsertLevel (BTreeControlBlockP
#if defined(applec) && !defined(__SC__)
PanicIf ((level == 1) && (((NodeDescPtr)targetNode->buffer)->kind != kBTLeafNode), "\P InsertLevel: non-leaf at level 1! ");
#endif
targetNodeNum = treePathTable [level].node;
insertParent = false;
-@@ -420,7 +420,7 @@ OSStatus InsertLevel (BTreeControlBlockPtr btreePtr,
+@@ -420,7 +420,7 @@ OSStatus InsertLevel (BTreeControlBlockP
////// process second insert (if any) //////
{
Boolean temp;
-@@ -446,7 +446,7 @@ OSStatus InsertLevel (BTreeControlBlockPtr btreePtr,
+@@ -446,7 +446,7 @@ OSStatus InsertLevel (BTreeControlBlockP
UInt8 * recPtr;
UInt16 recSize;
PanicIf ( (level == btreePtr->treeDepth), "InsertLevel: unfinished insert!?");
-@@ -606,9 +606,9 @@ static OSErr InsertNode (BTreeControlBlockPtr btreePtr,
+@@ -606,9 +606,9 @@ static OSErr InsertNode (BTreeControlBlo
if ( leftNodeNum > 0 )
{
{
err = GetNode (btreePtr, leftNodeNum, siblingNode); // will be released by caller or a split below
M_ExitOnError (err);
-@@ -703,7 +703,7 @@ OSStatus DeleteTree (BTreeControlBlockPtr btreePtr,
+@@ -703,7 +703,7 @@ OSStatus DeleteTree (BTreeControlBlock
targetNodeNum = treePathTable[level].node;
targetNodePtr = targetNode->buffer;
DeleteRecord (btreePtr, targetNodePtr, index);
-@@ -766,7 +766,7 @@ OSStatus DeleteTree (BTreeControlBlockPtr btreePtr,
+@@ -766,7 +766,7 @@ OSStatus DeleteTree (BTreeControlBlock
deleteRequired = false;
updateRequired = false;
{
btreePtr->rootNode = 0;
btreePtr->treeDepth = 0;
-@@ -1124,7 +1124,7 @@ static OSStatus SplitLeft (BTreeControlBlockPtr btreePtr,
+@@ -1124,7 +1124,7 @@ static OSStatus SplitLeft (BTreeControl
if ( (right->height == 1) && (right->kind != kBTLeafNode) )
return fsBTInvalidNodeErr;
{
if ( left->fLink != rightNodeNum )
return fsBTInvalidNodeErr; //¥¥ E_BadSibling ?
-@@ -1145,7 +1145,7 @@ static OSStatus SplitLeft (BTreeControlBlockPtr btreePtr,
+@@ -1145,7 +1145,7 @@ static OSStatus SplitLeft (BTreeControl
/////////////// Update Forward Link In Original Left Node ///////////////////
{
left->fLink = newNodeNum;
err = UpdateNode (btreePtr, leftNode);
-@@ -1240,8 +1240,8 @@ static OSStatus AddNewRootNode (BTreeControlBlockPtr btreePtr,
+@@ -1240,8 +1240,8 @@ static OSStatus AddNewRootNode (BTreeCon
Boolean didItFit;
UInt16 keyLength;
/////////////////////// Initialize New Root Node ////////////////////////////
-@@ -1362,7 +1362,7 @@ static OSStatus SplitRight (BTreeControlBlockPtr btreePtr,
+@@ -1362,7 +1362,7 @@ static OSStatus SplitRight (BTreeContro
if ( (leftPtr->height == 1) && (leftPtr->kind != kBTLeafNode) )
return fsBTInvalidNodeErr;
{
if ( rightPtr->bLink != nodeNum )
return fsBTInvalidNodeErr; //¥¥ E_BadSibling ?
-@@ -1382,7 +1382,7 @@ static OSStatus SplitRight (BTreeControlBlockPtr btreePtr,
+@@ -1382,7 +1382,7 @@ static OSStatus SplitRight (BTreeContro
/////////////// Update backward Link In Original Right Node ///////////////////
{
rightPtr->bLink = newNodeNum;
err = UpdateNode (btreePtr, rightNodePtr);
-@@ -1739,7 +1739,7 @@ static int DoKeyCheck( NodeDescPtr nodeP, BTreeControlBlock *btcb )
+@@ -1739,7 +1739,7 @@ static int DoKeyCheck( NodeDescPtr nodeP
UInt16 keyLength;
KeyPtr keyPtr;
UInt8 *dataPtr;
if ( nodeP->numRecords == 0 )
-@@ -1766,7 +1766,7 @@ static int DoKeyCheck( NodeDescPtr nodeP, BTreeControlBlock *btcb )
+@@ -1766,7 +1766,7 @@ static int DoKeyCheck( NodeDescPtr nodeP
return( -1 );
}
{
if ( CompareKeys( (BTreeControlBlockPtr)btcb, prevkeyP, keyPtr ) >= 0 )
{
-diff --git a/fsck_hfs.tproj/dfalib/SControl.c b/fsck_hfs.tproj/dfalib/SControl.c
-index 8b03ece..d3145e0 100644
--- a/fsck_hfs.tproj/dfalib/SControl.c
+++ b/fsck_hfs.tproj/dfalib/SControl.c
-@@ -82,7 +82,7 @@ CheckHFS( int fsReadRef, int fsWriteRef, int checkLevel, int repairLevel,
+@@ -82,7 +82,7 @@ CheckHFS( int fsReadRef, int fsWriteRef
{
SGlob dataArea; // Allocate the scav globals
short temp;
return( noErr );
}
-@@ -1113,7 +1113,7 @@ Boolean IsBlueBoxSharedDrive ( DrvQElPtr dqPtr )
+@@ -1113,7 +1113,7 @@ Boolean IsBlueBoxSharedDrive ( DrvQElPtr
// Now look at the name of the Driver name. If it is .BlueBoxShared keep it out of the list of available disks.
driverDCtlHandle = GetDCtlEntry(dqPtr->dQRefNum);
driverDCtlPtr = *driverDCtlHandle;
{
if (((driverDCtlPtr->dCtlFlags) & Is_Ram_Based_Mask) == 0)
{
-@@ -1127,19 +1127,19 @@ Boolean IsBlueBoxSharedDrive ( DrvQElPtr dqPtr )
+@@ -1127,19 +1127,19 @@ Boolean IsBlueBoxSharedDrive ( DrvQElPtr
}
driverName = (StringPtr)&(drvrHeaderPtr->drvrName);
paramBlock.ioVRefNum = dqPtr->dQDrive;
paramBlock.ioCRefNum = dqPtr->dQRefNum;
paramBlock.csCode = kDriveIcon; // return physical icon
-@@ -1152,7 +1152,7 @@ Boolean IsBlueBoxSharedDrive ( DrvQElPtr dqPtr )
+@@ -1152,7 +1152,7 @@ Boolean IsBlueBoxSharedDrive ( DrvQElPtr
iconAndStringRecPtr = * (IconAndStringRecPtr*) & paramBlock.csParam;
whereStringPtr = (StringPtr) & iconAndStringRecPtr->string;
{
return( true );
}
-diff --git a/fsck_hfs.tproj/dfalib/SRepair.c b/fsck_hfs.tproj/dfalib/SRepair.c
-index 89c12d6..b261c37 100644
--- a/fsck_hfs.tproj/dfalib/SRepair.c
+++ b/fsck_hfs.tproj/dfalib/SRepair.c
-@@ -844,7 +844,7 @@ static int DelFThd( SGlobPtr GPtr, UInt32 fid ) // the file ID
+@@ -844,7 +844,7 @@ static int DelFThd( SGlobPtr GPtr, UInt3
isHFSPlus = VolumeObjectIsHFSPlus( );
result = SearchBTreeRecord( GPtr->calculatedCatalogFCB, &key, kNoHint, &foundKey, &record, &recSize, &hint );
if ( result ) return ( IntError( GPtr, result ) );
-@@ -910,7 +910,7 @@ static OSErr FixDirThread( SGlobPtr GPtr, UInt32 did ) // the dir ID
+@@ -910,7 +910,7 @@ static OSErr FixDirThread( SGlobPtr GPtr
isHFSPlus = VolumeObjectIsHFSPlus( );
result = SearchBTreeRecord( GPtr->calculatedCatalogFCB, &key, kNoHint, &foundKey, &record, &recSize, &hint );
if ( result )
-@@ -2171,7 +2171,7 @@ static OSErr FixOrphanedFiles ( SGlobPtr GPtr )
+@@ -2171,7 +2171,7 @@ static OSErr FixOrphanedFiles ( SGlobPtr
}
//-- Build the key for the file thread
err = SearchBTreeRecord( GPtr->calculatedCatalogFCB, &key, kNoHint,
&tempKey, &threadRecord, &recordSize, &hint2 );
-diff --git a/fsck_hfs.tproj/dfalib/SUtils.c b/fsck_hfs.tproj/dfalib/SUtils.c
-index 6e9253e..491afbf 100644
--- a/fsck_hfs.tproj/dfalib/SUtils.c
+++ b/fsck_hfs.tproj/dfalib/SUtils.c
@@ -395,11 +395,11 @@ OSErr GetVolumeFeatures( SGlobPtr GPtr )
pb.ioParam.ioVRefNum = GPtr->realVCB->vcbVRefNum;
pb.ioParam.ioBuffer = (Ptr) &buffer;
pb.ioParam.ioReqCount = sizeof( buffer );
-@@ -2282,7 +2282,7 @@ void print_prime_buckets(PrimeBuckets *cur);
+@@ -2282,7 +2282,7 @@ void print_prime_buckets(PrimeBuckets *c
* 4. btreetye - can be kHFSPlusCatalogRecord or kHFSPlusAttributeRecord
* indicates which btree prime number bucket should be incremented
*
*/
void RecordXAttrBits(SGlobPtr GPtr, UInt16 flags, HFSCatalogNodeID fileid, UInt16 btreetype)
{
-diff --git a/fsck_hfs.tproj/dfalib/SVerify1.c b/fsck_hfs.tproj/dfalib/SVerify1.c
-index 39bda5c..c33155f 100644
--- a/fsck_hfs.tproj/dfalib/SVerify1.c
+++ b/fsck_hfs.tproj/dfalib/SVerify1.c
-@@ -790,13 +790,13 @@ OSErr CreateExtentsBTreeControlBlock( SGlobPtr GPtr )
+@@ -790,13 +790,13 @@ OSErr CreateExtentsBTreeControlBlock( SG
// set up our DFA extended BTCB area. Will we have enough memory on all HFS+ volumes.
//
btcb->refCon = AllocateClearMemory( sizeof(BTreeExtensionsRec) ); // allocate space for our BTCB extensions
{
err = R_NoMem;
goto exit;
-@@ -1145,13 +1145,13 @@ OSErr CreateCatalogBTreeControlBlock( SGlobPtr GPtr )
+@@ -1145,13 +1145,13 @@ OSErr CreateCatalogBTreeControlBlock( SG
//
btcb->refCon = AllocateClearMemory( sizeof(BTreeExtensionsRec) ); // allocate space for our BTCB extensions
result = SearchBTreeRecord( GPtr->calculatedCatalogFCB, &key, kNoHint, &foundKey, &threadRecord, &recSize, &hint );
if ( result != noErr ) {
char idStr[16];
-@@ -1780,26 +1780,26 @@ OSErr CreateAttributesBTreeControlBlock( SGlobPtr GPtr )
+@@ -1780,26 +1780,26 @@ OSErr CreateAttributesBTreeControlBlock(
// set up our DFA extended BTCB area. Will we have enough memory on all HFS+ volumes.
//
btcb->refCon = AllocateClearMemory( sizeof(BTreeExtensionsRec) ); // allocate space for our BTCB extensions
{
err = R_NoMem;
goto exit;
-@@ -2358,7 +2358,7 @@ static OSErr RcdMDBEmbededVolDescriptionErr( SGlobPtr GPtr, OSErr type, HFSMaste
+@@ -2358,7 +2358,7 @@ static OSErr RcdMDBEmbededVolDescription
RcdError( GPtr, type ); // first, record the error
p = AllocMinorRepairOrder( GPtr, sizeof(EmbededVolDescription) ); // get the node
p->type = type; // save error info
desc = (EmbededVolDescription *) &(p->name);
-@@ -2397,7 +2397,7 @@ static OSErr RcdInvalidWrapperExtents( SGlobPtr GPtr, OSErr type )
+@@ -2397,7 +2397,7 @@ static OSErr RcdInvalidWrapperExtents( S
RcdError( GPtr, type ); // first, record the error
p = AllocMinorRepairOrder( GPtr, 0 ); // get the node
p->type = type; // save error info
-@@ -3029,7 +3029,7 @@ OSErr CheckFileExtents( SGlobPtr GPtr, UInt32 fileNumber, UInt8 forkType,
+@@ -3029,7 +3029,7 @@ OSErr CheckFileExtents( SGlobPtr GPtr, U
foundBadExtent = false;
lastExtentIndex = GPtr->numExtents;
{
// checkout the extent record first
err = ChkExtRec( GPtr, extents, &lastExtentIndex );
-@@ -3105,7 +3105,7 @@ OSErr CheckFileExtents( SGlobPtr GPtr, UInt32 fileNumber, UInt8 forkType,
+@@ -3105,7 +3105,7 @@ OSErr CheckFileExtents( SGlobPtr GPtr, U
if ( err == btNotFound )
{
err = noErr; // no more extent records
break;
}
else if ( err != noErr )
-@@ -3121,7 +3121,7 @@ OSErr CheckFileExtents( SGlobPtr GPtr, UInt32 fileNumber, UInt8 forkType,
+@@ -3121,7 +3121,7 @@ OSErr CheckFileExtents( SGlobPtr GPtr, U
if ( err == btNotFound )
{
err = noErr; // no more extent records
break;
}
else if ( err != noErr )
-@@ -3205,7 +3205,7 @@ static OSErr AddExtentToOverlapList( SGlobPtr GPtr, HFSCatalogNodeID fileNumber,
+@@ -3205,7 +3205,7 @@ static OSErr AddExtentToOverlapList( SGl
}
// If it's uninitialized
{
GPtr->overlappedExtents = (ExtentsTable **) NewHandleClear( sizeof(ExtentsTable) );
extentsTableH = GPtr->overlappedExtents;
-diff --git a/fsck_hfs.tproj/dfalib/SVerify2.c b/fsck_hfs.tproj/dfalib/SVerify2.c
-index c68f3d8..da1a982 100644
--- a/fsck_hfs.tproj/dfalib/SVerify2.c
+++ b/fsck_hfs.tproj/dfalib/SVerify2.c
-@@ -1013,7 +1013,7 @@ static int BTKeyChk( SGlobPtr GPtr, NodeDescPtr nodeP, BTreeControlBlock *btcb )
+@@ -1013,7 +1013,7 @@ static int BTKeyChk( SGlobPtr GPtr, Node
UInt16 keyLength;
KeyPtr keyPtr;
UInt8 *dataPtr;
if ( nodeP->numRecords == 0 )
-@@ -1044,7 +1044,7 @@ static int BTKeyChk( SGlobPtr GPtr, NodeDescPtr nodeP, BTreeControlBlock *btcb )
+@@ -1044,7 +1044,7 @@ static int BTKeyChk( SGlobPtr GPtr, Node
return( E_KeyLen );
}
fsck_hfs.tproj/cache.c | 30 ++++++++++++++++--------------
1 file changed, 16 insertions(+), 14 deletions(-)
-diff --git a/fsck_hfs.tproj/cache.c b/fsck_hfs.tproj/cache.c
-index 527088a..540fa0b 100644
--- a/fsck_hfs.tproj/cache.c
+++ b/fsck_hfs.tproj/cache.c
-@@ -961,20 +961,21 @@ int CacheLookup (Cache_t *cache, uint64_t off, Tag_t **tag)
+@@ -961,20 +961,21 @@ int CacheLookup (Cache_t *cache, uint64_
*/
int CacheRawRead (Cache_t *cache, uint64_t off, uint32_t len, void *buf)
{
/* Update counters */
cache->DiskRead++;
-@@ -989,21 +990,22 @@ int CacheRawRead (Cache_t *cache, uint64_t off, uint32_t len, void *buf)
+@@ -989,21 +990,22 @@ int CacheRawRead (Cache_t *cache, uint64
*/
int CacheRawWrite (Cache_t *cache, uint64_t off, uint32_t len, void *buf)
{
include/missing.h | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
-diff --git a/include/missing.h b/include/missing.h
-index 0a859c4..f50e8fb 100644
--- a/include/missing.h
+++ b/include/missing.h
-@@ -72,7 +72,7 @@
+@@ -71,7 +71,7 @@
#define NAME_MAX 255
/* Byteswap stuff */
#define NXSwapBigShortToHost(x) be16_to_cpu(x)
#define OSSwapBigToHostInt16(x) be16_to_cpu(x)
#define NXSwapBigLongToHost(x) be32_to_cpu(x)
-@@ -88,6 +88,9 @@
+@@ -87,6 +87,9 @@
#ifndef be32_to_cpu
#define be32_to_cpu(x) bswap_32(x)
#endif
#ifndef be64_to_cpu
#define be64_to_cpu(x) bswap_64(x)
#endif
-@@ -102,6 +105,9 @@
+@@ -101,6 +104,9 @@
#ifndef be32_to_cpu
#define be32_to_cpu(x) (x)
#endif
newfs_hfs.tproj/newfs_hfs.8 | 23 ++++++++---------------
2 files changed, 15 insertions(+), 26 deletions(-)
-diff --git a/fsck_hfs.tproj/fsck_hfs.8 b/fsck_hfs.tproj/fsck_hfs.8
-index aec9949..0bc804d 100644
--- a/fsck_hfs.tproj/fsck_hfs.8
+++ b/fsck_hfs.tproj/fsck_hfs.8
@@ -19,18 +19,18 @@
When preening file systems,
.Nm
will fix common inconsistencies for file systems that were not
-@@ -105,9 +103,9 @@ to check and repair journaled HFS+ file systems.
+@@ -105,9 +103,9 @@ to check and repair journaled HFS+ file
.It Fl g
Causes
.Nm
.Nm
tool.
.It Fl l
-@@ -144,8 +142,6 @@ specified file system for a new catalog file and if there is no damage
+@@ -144,8 +142,6 @@ specified file system for a new catalog
to the leaf nodes in the existing catalog file.
.El
.Pp
.Sh SEE ALSO
.Xr fsck 8
.Sh BUGS
-diff --git a/newfs_hfs.tproj/newfs_hfs.8 b/newfs_hfs.tproj/newfs_hfs.8
-index d002cc9..fe91962 100644
--- a/newfs_hfs.tproj/newfs_hfs.8
+++ b/newfs_hfs.tproj/newfs_hfs.8
@@ -19,10 +19,10 @@
has several options to allow the defaults to be selectively overridden.
The options are as follows:
.Bl -tag -width Fl
-@@ -66,7 +60,7 @@ Set the group of the file system's root directory to
+@@ -66,7 +60,7 @@ Set the group of the file system's root
Specify the access permissions mask for the file system's root directory.
.It Fl h
Creates a legacy HFS format filesystem. This option
.Bl -tag -width Fl
.It Em a=bytes
Set the attribute b-tree node size.
-@@ -139,8 +133,7 @@ Set the extent overflow b-tree node size.
+@@ -139,8 +133,7 @@ Set the extent overflow b-tree node size
Volume name (file system name) in ascii or UTF-8 format.
.El
.Sh SEE ALSO
---- diskdev_cmds-332.25/newfs_hfs.tproj/makehfs.c 2015-03-27 21:58:04.163171675 -0700
-+++ hfsprogs-332.25/newfs_hfs.tproj/makehfs.c 2015-03-27 21:56:03.687175020 -0700
-@@ -2119,10 +2119,12 @@
+--- a/newfs_hfs.tproj/makehfs.c
++++ b/newfs_hfs.tproj/makehfs.c
+@@ -2119,10 +2119,12 @@ void GenerateVolumeUUID(VolumeUUID *newV
sysctl(mib, 2, sysctlstring, &datalen, NULL, 0);
SHA1_Update(&context, sysctlstring, datalen);
#endif
#endif
#include <sys/errno.h>
#include <sys/stat.h>
-+#ifdef __GLIBC__
++#if 0
#include <sys/sysctl.h>
+#endif
#if !LINUX
-Index: diskdev_cmds-332.25/fsck_hfs.tproj/dfalib/SVerify1.c
-===================================================================
---- diskdev_cmds-332.25.orig/fsck_hfs.tproj/dfalib/SVerify1.c
-+++ diskdev_cmds-332.25/fsck_hfs.tproj/dfalib/SVerify1.c
+--- a/fsck_hfs.tproj/dfalib/SVerify1.c
++++ b/fsck_hfs.tproj/dfalib/SVerify1.c
@@ -2848,7 +2848,7 @@ OSErr VLockedChk( SGlobPtr GPtr )
}
else // Because we don't have the unicode converters, just fill it with a dummy name.
--- a/newfs_hfs.tproj/makehfs.c
+++ b/newfs_hfs.tproj/makehfs.c
-@@ -376,7 +376,7 @@ make_hfsplus(const DriveInfo *driveInfo, hfsparams_t *defaults)
+@@ -376,7 +376,7 @@ make_hfsplus(const DriveInfo *driveInfo,
if ( (temp & 0x01FF) != 0 )
temp = (temp + kBytesPerSector) & 0xFFFFFE00;
if (nodeBuffer == NULL)
err(1, NULL);
-@@ -1814,7 +1814,7 @@ ClearDisk(const DriveInfo *driveInfo, UInt64 startingSector, UInt32 numberOfSect
+@@ -1814,7 +1814,7 @@ ClearDisk(const DriveInfo *driveInfo, UI
bufferSize = bufferSizeInSectors << kLog2SectorSize;
--- a/disklib/dump.h
+++ b/disklib/dump.h
-@@ -110,9 +110,7 @@ extern long dev_bsize; /* block size of underlying disk device */
+@@ -110,9 +110,7 @@ extern long dev_bsize; /* block size of
extern int dev_bshift; /* log2(dev_bsize) */
extern int tp_bshift; /* log2(TP_BSIZE) */
#include <sys/param.h>
#include <sys/types.h>
#include <sys/time.h>
-@@ -80,6 +79,7 @@ extern Boolean _CFStringGetFileSystemRepresentation(CFStringRef string, UInt8 *b
+@@ -80,6 +79,7 @@ extern Boolean _CFStringGetFileSystemRep
#define kJournalFileType 0x6a726e6c /* 'jrnl' */
--- /dev/null
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=hwdata
+PKG_VERSION:=0.343
+PKG_RELEASE:=2
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/vcrhonek/hwdata/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=ccb4d21337b3773cc02654b360e91feb44c9258728d2f027b72013bd5628113b
+
+PKG_MAINTAINER:=
+PKG_LICENSE:=GPL-2.0-or-later XFree86-1.0
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/pciids
+ SECTION:=utils
+ CATEGORY:=Utilities
+ TITLE:=PCI ID list
+ URL:=https://github.com/vcrhonek/hwdata
+endef
+
+define Package/usbids
+ SECTION:=utils
+ CATEGORY:=Utilities
+ TITLE:=USB ID list
+ URL:=https://github.com/vcrhonek/hwdata
+endef
+
+define Package/pciids/install
+ $(INSTALL_DIR) $(1)/usr/share/hwdata
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/pci.ids $(1)/usr/share/hwdata
+endef
+
+define Package/usbids/install
+ $(INSTALL_DIR) $(1)/usr/share/hwdata
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/usb.ids $(1)/usr/share/hwdata
+endef
+
+$(eval $(call BuildPackage,pciids))
+$(eval $(call BuildPackage,usbids))
PKG_NAME:=hwinfo
PKG_VERSION:=21.71
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/openSUSE/hwinfo/tar.gz/$(PKG_VERSION)?
PKG_HASH:=c4c573eb15cbc10103f5044b485d7e4ff941500ed559743a1c98e6a6deb0ebda
PKG_LICENSE:=GPL-2.0-or-later
+PKG_LICENSE_FILES:=COPYING
PKG_MAINTAINER:=Alberto Bursi <bobafetthotmail@gmail.com>
PKG_BUILD_DEPENDS:= hwinfo/host
-VERSION := $(shell $(GIT2LOG) --version VERSION ; cat VERSION)
-endif
+BRANCH := master
-+VERSION := $(shell echo 21.7 > VERSION; cat VERSION)
++VERSION := $(shell echo 21.71 > VERSION; cat VERSION)
PREFIX := hwinfo-$(VERSION)
include Makefile.common
host builds and whatnot, we simply remove it and disable this
functionality in hwinfo.
This also saves some space.
---- a/Makefile
-+++ b/Makefile
-@@ -25,13 +25,14 @@
+--- a/Makefile
++++ b/Makefile
+@@ -25,13 +25,14 @@ LIBDIR ?= /usr/lib
endif
ULIBDIR = $(LIBDIR)
SHARED_FLAGS =
OBJS_NO_TINY = names.o parallel.o modem.o
-
--- a/src/hd/bios.c
+++ b/src/hd/bios.c
-@@ -447,9 +447,10 @@
+@@ -447,9 +447,10 @@ void hd_scan_bios(hd_data_t *hd_data)
}
}
if(vbe->ok) {
bt->vbe_ver = vbe->version;
-
--- a/src/hd/bios.h
+++ b/src/hd/bios.h
@@ -5,4 +5,5 @@
-void get_vbe_info(hd_data_t *hd_data, vbe_info_t *vbe);
+//disabled as we removed the lib needed by this function
+//void get_vbe_info(hd_data_t *hd_data, vbe_info_t *vbe);
-
--- a/src/hd/mdt.c
+++ b/src/hd/mdt.c
@@ -1,4 +1,6 @@
--- a/src/ids/Makefile
+++ b/src/ids/Makefile
-@@ -17,47 +17,47 @@
+@@ -17,47 +17,47 @@ IDFILES += src/bus src/class src/extra s
src/usb src/usb2 src/isapnp src/monitor src/camera src/tv2 src/tv src/dvb2 src/dvb \
src/chipcard src/modem src/pcmcia src/s390 src/sdio
>>disable the install functionality as we take the files we need with OpenWrt build system
>>changes to all makefiles to respect the compile flags
---- a/Makefile
-+++ b/Makefile
+--- a/Makefile
++++ b/Makefile
@@ -1,6 +1,6 @@
TOPDIR = $(CURDIR)
SUBDIRS = src
CLEANFILES = hwinfo hwinfo.pc hwinfo.static hwscan hwscan.static hwscand hwscanqueue doc/libhd doc/*~
LIBS = -lhd
SLIBS = -lhd -luuid
-@@ -18,11 +18,11 @@
+@@ -18,11 +18,11 @@ PREFIX := hwinfo-$(VERSION)
include Makefile.common
ULIBDIR = $(LIBDIR)
# this library has been removed from the code, disabling it here too
-@@ -39,13 +39,13 @@
+@@ -39,13 +39,13 @@ OBJS_NO_TINY = names.o parallel.o modem.
.PHONY: fullstatic static shared tiny doc diet tinydiet uc tinyuc
hwscan: hwscan.o $(LIBHD)
$(CC) hwscan.o $(LDFLAGS) $(CFLAGS) $(LIBS) -o $@
-@@ -99,28 +99,29 @@
+@@ -99,28 +99,29 @@ doc:
@cd doc ; doxygen libhd.doxy
install:
archive: changelog
@if [ ! -d .git ] ; then echo no git repo ; false ; fi
-
--- a/Makefile.common
+++ b/Makefile.common
@@ -1,28 +1,26 @@
SHARED_FLAGS = -fPIC
LDFLAGS += -Lsrc
-@@ -36,7 +34,7 @@
+@@ -36,7 +34,7 @@ LIBHD_NAME = $(LIBHD_BASE).so.$(LIBHD_VE
LIBHD_SO = $(TOPDIR)/src/$(LIBHD_NAME)
LIBHD_D = $(TOPDIR)/src/.lib
.PHONY: all distclean clean install subdirs
-
--- a/src/Makefile
+++ b/src/Makefile
-@@ -12,7 +12,7 @@
+@@ -12,7 +12,7 @@ include $(TOPDIR)/Makefile.common
#endif
$(LIBHD): $(OBJS)
ifdef SHARED_FLAGS
--- a/src/hd/Makefile
+++ b/src/hd/Makefile
-@@ -12,4 +12,4 @@
- @perl -pi -e "s/define\s+HD_MINOR_VERSION\s+\d+/define HD_MINOR_VERSION\t$(LIBHD_MINOR_VERSION)/" $@
+@@ -8,4 +8,4 @@ version.h: $(TOPDIR)/VERSION
+ @echo "#define HD_VERSION_STRING \"`cat $(TOPDIR)/VERSION`\"" >$@
$(LIBHD_D): $(OBJS)
- ar r $(LIBHD) $?
+ $(AR) r $(LIBHD) $?
-
--- a/src/isdn/Makefile
+++ b/src/isdn/Makefile
-@@ -5,5 +5,5 @@
+@@ -5,5 +5,5 @@ SUBDIRS = cdb
include $(TOPDIR)/Makefile.common
$(LIBHD_D): $(OBJS)
--- a/src/smp/Makefile
+++ b/src/smp/Makefile
-@@ -4,4 +4,4 @@
+@@ -4,4 +4,4 @@ TARGETS = $(LIBHD_D)
include $(TOPDIR)/Makefile.common
$(LIBHD_D): $(OBJS)
- ar r $(LIBHD) $?
+ $(AR) r $(LIBHD) $?
-
include $(TOPDIR)/rules.mk
PKG_NAME:=libnetwork
-PKG_RELEASE:=2
+PKG_RELEASE:=1
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
+GO_PKG:=github.com/docker/libnetwork
+GO_PKG_BUILD_PKG:= \
+ $(GO_PKG)/cmd/proxy \
+ $(GO_PKG)/cmd/dnet
+
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://$(GO_PKG)
-PKG_SOURCE_VERSION:=026aabaa659832804b01754aaadd2c0f420c68b6
-PKG_SOURCE_DATE:=2020-06-17
-PKG_MIRROR_HASH:=4ec8d3a7a99478dae9aef9f8337c14b91750164351963f9a6ed2288588d080e3
+PKG_SOURCE_VERSION:=fa125a3512ee0f6187721c88582bf8c4378bd4d7
+PKG_SOURCE_DATE:=2020-12-15
+PKG_MIRROR_HASH:=f6fcc6c900c1d542dfede0f53691108f12b63ff20ecf870eebc0aa2df1848b24
PKG_MAINTAINER:=Gerard Ryan <G.M0N3Y.2503@gmail.com>
PKG_BUILD_DEPENDS:=golang/host
PKG_BUILD_PARALLEL:=1
-
-GO_PKG:=github.com/docker/libnetwork
-GO_PKG_BUILD_PKG:= \
- $(GO_PKG)/cmd/proxy \
- $(GO_PKG)/cmd/dnet
+PKG_USE_MIPS16:=0
include $(INCLUDE_DIR)/package.mk
include ../../lang/golang/golang-package.mk
CATEGORY:=Utilities
TITLE:=networking for containers
URL:=https://github.com/docker/libnetwork
- DEPENDS:=$(GO_ARCH_DEPENDS) @(aarch64||arm||x86_64)
+ DEPENDS:=$(GO_ARCH_DEPENDS)
endef
define Package/libnetwork/description
include $(TOPDIR)/rules.mk
PKG_NAME:=LVM2
-PKG_VERSION:=2.03.10
+PKG_VERSION:=2.03.11
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME).$(PKG_VERSION).tgz
PKG_SOURCE_URL:=https://sourceware.org/pub/lvm2
-PKG_HASH:=5ad1645a480440892e35f31616682acba0dc204ed049635d2df3e5a5929d0ed0
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME).$(PKG_VERSION)
+PKG_HASH:=842c4510d4653990927d4518a5bf2743126a37531671a05842cdaf8d54bb9dd4
+PKG_BUILD_DIR:=$(BUILD_DIR)/lvm2-$(BUILD_VARIANT)/$(PKG_NAME).$(PKG_VERSION)
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
PKG_LICENSE:=GPL-2.0 LGPL-2.1
include $(INCLUDE_DIR)/package.mk
-define Package/libdevmapper
+define Package/libdevmapper/Default
SECTION:=libs
CATEGORY:=Libraries
TITLE:=The Linux Kernel Device Mapper userspace library
URL:=https://sourceware.org/dm/
- DEPENDS:=+kmod-dm +libpthread +libuuid +librt +libblkid +libselinux
+ DEPENDS:=+kmod-dm +libpthread +libuuid +librt +libblkid
endef
-define Package/libdevmapper/description
+
+define Package/libdevmapper-normal
+ $(call Package/libdevmapper/Default)
+ VARIANT := normal
+ PROVIDES := libdevmapper
+endef
+
+define Package/libdevmapper-selinux
+ $(call Package/libdevmapper/Default)
+ VARIANT := selinux
+ DEPENDS += +libselinux
+ PROVIDES := libdevmapper
+endef
+
+define Package/libdevmapper-normal/description
The device-mapper is a component of the 2.6 linux kernel that supports logical
volume management. It is required by LVM2 and EVMS.
endef
-define Package/lvm2
+define Package/libdevmapper-selinux/description
+$(call Package/libdevmapper-normal/description)
+ This variant supports SELinux
+
+endef
+
+define Package/lvm2/default
SECTION:=utils
CATEGORY:=Utilities
SUBMENU:=Disc
TITLE:=The Linux Logical Volume Manager
URL:=https://sourceware.org/lvm2/
- DEPENDS:=+libdevmapper +libreadline +libncurses +libaio
+ DEPENDS:=+libreadline +libncurses +libaio
+endef
+
+define Package/lvm2-normal
+ $(call Package/lvm2/default)
+ VARIANT := normal
+ DEPENDS += +libdevmapper-normal
+ PROVIDES := lvm2
endef
-define Package/lvm2/description
+define Package/lvm2-selinux
+ $(call Package/lvm2/default)
+ VARIANT := selinux
+ DEPENDS += +libdevmapper-selinux
+ PROVIDES := lvm2
+endef
+
+define Package/lvm2-normal/description
LVM2 refers to a new userspace toolset that provide logical volume management
facilities on linux. It is reasonably backwards-compatible with the original
LVM toolset.
endef
+define Package/lvm2-selinux/description
+$(call Package/lvm2-normal/description)
+ This variant supports SELinux
+
+endef
+
+
CONFIGURE_ARGS += \
--disable-o_direct \
--with-default-pid-dir=/var/run \
--with-default-dm-run-dir=/var/run \
--with-default-run-dir=/var/run/lvm \
- --with-default-locking-dir=/var/lock/lvm
+ --with-default-locking-dir=/var/lock/lvm \
+ --$(if $(findstring selinux,$(BUILD_VARIANT)),en,dis)able-selinux
ifneq ($(shell /bin/sh -c "echo -n 'X'"),X)
MAKE_SHELL = SHELL=/bin/bash
define Build/Compile
$(MAKE) -C $(PKG_BUILD_DIR) \
+ CC="$(TARGET_CC)" \
CFLAGS="$(TARGET_CFLAGS) $(TARGET_CPPFLAGS) $(FPIC)" \
DESTDIR="$(PKG_INSTALL_DIR)" \
$(MAKE_SHELL) \
$(CP) $(PKG_BUILD_DIR)/libdm/libdevmapper.pc $(1)/usr/lib/pkgconfig
endef
-define Package/libdevmapper/install
+define Package/libdevmapper-normal/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libdevmapper.so.* $(1)/usr/lib
endef
-define Package/lvm2/install
+Package/libdevmapper-selinux/install = $(Package/libdevmapper-normal/install)
+
+define Package/lvm2-normal/install
$(INSTALL_DIR) $(1)/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/lvm $(1)/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/dmsetup $(1)/sbin
$(FIND) $(PKG_INSTALL_DIR)/usr/sbin/ -type l -exec $(CP) -a {} $(1)/sbin/ \;
endef
-define Package/lvm2/conffiles
+Package/lvm2-selinux/install = $(Package/lvm2-normal/install)
+
+define Package/lvm2-normal/conffiles
/etc/lvm/lvm.conf
endef
-$(eval $(call BuildPackage,libdevmapper))
-$(eval $(call BuildPackage,lvm2))
+Package/lvm2-selinux/conffiles = $(Package/lvm2/conffiles)
+
+$(eval $(call BuildPackage,libdevmapper-normal))
+$(eval $(call BuildPackage,libdevmapper-selinux))
+$(eval $(call BuildPackage,lvm2-normal))
+$(eval $(call BuildPackage,lvm2-selinux))
--- a/lib/commands/toolcontext.c
+++ b/lib/commands/toolcontext.c
-@@ -1599,7 +1599,7 @@ struct cmd_context *create_toolcontext(unsigned is_clvmd,
+@@ -1605,7 +1605,7 @@ struct cmd_context *create_toolcontext(u
/* FIXME Make this configurable? */
reset_lvm_errno(1);
/* Set in/out stream buffering before glibc */
if (set_buffering
#ifdef SYS_gettid
-@@ -1980,7 +1980,7 @@ void destroy_toolcontext(struct cmd_context *cmd)
+@@ -1986,7 +1986,7 @@ void destroy_toolcontext(struct cmd_cont
if (cmd->pending_delete_mem)
dm_pool_destroy(cmd->pending_delete_mem);
if (is_valid_fd(STDIN_FILENO) &&
--- a/tools/lvmcmdline.c
+++ b/tools/lvmcmdline.c
-@@ -3230,6 +3230,7 @@ int lvm_split(char *str, int *argc, char **argv, int max)
+@@ -3241,6 +3241,7 @@ int lvm_split(char *str, int *argc, char
/* Make sure we have always valid filedescriptors 0,1,2 */
static int _check_standard_fds(void)
{
int err = is_valid_fd(STDERR_FILENO);
if (!is_valid_fd(STDIN_FILENO) &&
-@@ -3256,6 +3257,12 @@ static int _check_standard_fds(void)
+@@ -3267,6 +3268,12 @@ static int _check_standard_fds(void)
strerror(errno));
return 0;
}
if (area == max_areas && missing > 0) {
/* Too bad. Warn the user and proceed, as things are
-@@ -521,8 +527,13 @@ static void _lock_mem(struct cmd_context *cmd)
+@@ -521,8 +527,13 @@ static void _lock_mem(struct cmd_context
* will not block memory locked thread
* Note: assuming _memlock_count_daemon is updated before _memlock_count
*/
--- a/lib/device/dev-io.c
+++ b/lib/device/dev-io.c
-@@ -374,7 +374,7 @@ int dev_open_flags(struct device *dev, int flags, int direct, int quiet)
+@@ -379,7 +379,7 @@ int dev_open_flags(struct device *dev, i
return 0;
}
include $(TOPDIR)/rules.mk
PKG_NAME:=nano
-PKG_VERSION:=5.4
+PKG_VERSION:=5.5
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@GNU/nano
-PKG_HASH:=fe993408b22286355809ce48ebecc4444d19af8203ed4959d269969112ed86e9
+PKG_HASH:=390b81bf9b41ff736db997aede4d1f60b4453fbd75a519a4ddb645f6fd687e4a
PKG_LICENSE:=GPL-3.0-or-later
PKG_LICENSE_FILES:=COPYING
PKG_NAME:=ntfs-3g
PKG_VERSION:=2017.3.23
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)_ntfsprogs-$(PKG_VERSION).tgz
PKG_SOURCE_URL:=https://www.tuxera.com/opensource/
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libntfs-3g.so.* $(1)/usr/lib/
$(INSTALL_DIR) $(1)/sbin
- $(CP) $(PKG_INSTALL_DIR)/sbin/mount.ntfs-3g $(1)/sbin/
+ $(LN) ../usr/bin/ntfs-3g $(1)/sbin/mount.ntfs-3g
endef
define Package/ntfs-3g/postinst
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/lowntfs-3g $(1)/usr/bin/
$(INSTALL_DIR) $(1)/sbin
- $(CP) $(PKG_INSTALL_DIR)/sbin/mount.lowntfs-3g $(1)/sbin/
+ $(LN) ../usr/bin/lowntfs-3g $(1)/sbin/mount.lowntfs-3g
endef
define Package/ntfs-3g-low/postinst
define Package/ntfs-3g-utils/install
$(INSTALL_DIR) $(1)/sbin
- $(CP) $(PKG_INSTALL_DIR)/sbin/mkfs.ntfs $(1)/sbin/
+ $(LN) ../usr/sbin/mkntfs $(1)/sbin/mkfs.ntfs
$(INSTALL_DIR) $(1)/usr/bin
$(FIND) $(PKG_INSTALL_DIR)/usr/bin/ -type f ! -regex '.*[^/]*ntfs-3g[^/]*' -exec $(INSTALL_BIN) {} $(1)/usr/bin/ \;
$(INSTALL_DIR) $(1)/usr/sbin
include $(TOPDIR)/rules.mk
PKG_NAME:=oath-toolkit
-PKG_VERSION:=2.6.4
+PKG_VERSION:=2.6.5
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SAVANNAH/oath-toolkit
-PKG_HASH:=bfc6255ead837e6966f092757a697c3191c93fa58323ce07859a5f666d52d684
+PKG_HASH:=d207120c7e7fdd540142d04ca06d83fb3277c8f2fb794a74535d04b2aa0ec219
PKG_MAINTAINER:=Fam Zheng <fam@euphon.net>
PKG_LICENSE:=LGPL-2.0-or-later GPL-3.0-or-later
PKG_LICENSE_FILES:=COPYING
PKG_CPE_ID:=cpe:/a:nongnu:oath_toolkit
-PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
PKG_NAME:=open2300
PKG_SOURCE_DATE:=2014-03-04
PKG_SOURCE_VERSION:=1af8ae609da66f8e1b745533c19095c9758bfb0b
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/wezm/open2300
$(INSTALL_DATA) ./files/open2300.conf $(1)/etc/
$(INSTALL_DIR) $(1)/usr/lib
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/lib2300.so.1.11 $(1)/usr/lib/
- ln -sf /usr/lib/lib2300.so.1.11 $(1)/usr/lib/lib2300.so
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/lib2300.so.1.11 $(1)/usr/lib/
+ $(LN) lib2300.so.1.11 $(1)/usr/lib/lib2300.so
endef
$(eval $(call BuildPackage,open2300))
include $(TOPDIR)/rules.mk
PKG_NAME:=openocd
-PKG_SOURCE_VERSION:=v0.10.0-1000-gdb23c13d
+PKG_SOURCE_VERSION:=v0.11.0-rc1
PKG_VERSION:=$(PKG_SOURCE_VERSION)
-PKG_RELEASE:=2
+PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE_URL:=git://git.code.sf.net/p/openocd/code
-PKG_MIRROR_HASH:=6f8c0ecf240427654ad5e911b44f78996da931209280f4a19c1215802ff14638
+PKG_MIRROR_HASH:=c4a0a6cad821946608c843f557b993e7cfeb0f193e4c0f149ebfbfbfd57054a6
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYING
CATEGORY:=Utilities
TITLE:=OpenOCD Utility
URL:=http://openocd.sf.net/
- DEPENDS:=+PACKAGE_openocd_with_usb:libusb-1.0 \
- +PACKAGE_openocd_with_usb:libusb-compat \
- +PACKAGE_openocd_with_usb:libftdi1 \
- +PACKAGE_openocd_with_usb:hidapi
-endef
-
-define Package/openocd/config
- if PACKAGE_openocd
- config PACKAGE_openocd_with_usb
- bool "Build with support for USB adapters."
- default y
- endif
+ DEPENDS:=+libusb-1.0 \
+ +libusb-compat \
+ +libftdi1 \
+ +hidapi \
+ +libgpiod
endef
define Package/openocd/description
--prefix="/usr" \
--disable-werror \
MAKEINFO=true \
- $(if $(CONFIG_PACKAGE_openocd_with_usb),,PKG_CONFIG=false) \
--enable-dummy \
- --enable-sysfsgpio
+ --enable-sysfsgpio \
+ --enable-linuxgpiod
TARGET_CFLAGS += -DRELSTR=\\\"-$(PKG_VERSION)-$(PKG_RELEASE)-OpenWrt\\\"
+++ /dev/null
-From c60252ac2b636c4d99b766a574b9df0966151696 Mon Sep 17 00:00:00 2001
-From: Andreas Fritiofson <andreas.fritiofson@gmail.com>
-Date: Fri, 17 Apr 2020 13:49:28 +0200
-Subject: [PATCH] bitbang: Fix FTBFS with GCC 10
-
-GCC 10 defaults to -fno-common which breaks the sharing of bitbang_swd
-struct between bitbang drivers due to a missing extern.
-
-Change-Id: I2b4122f7939cec91a72284006748f99a23548324
-Signed-off-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
-Reviewed-on: http://openocd.zylin.com/5592
-Tested-by: jenkins
-Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>
-Reviewed-by: Jonathan McDowell <noodles-openocd@earth.li>
----
- src/jtag/drivers/bitbang.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/jtag/drivers/bitbang.h b/src/jtag/drivers/bitbang.h
-index edb779c..bbbc693 100644
---- a/src/jtag/drivers/bitbang.h
-+++ b/src/jtag/drivers/bitbang.h
-@@ -57,7 +57,7 @@ struct bitbang_interface {
- void (*swdio_drive)(bool on);
- };
-
--const struct swd_driver bitbang_swd;
-+extern const struct swd_driver bitbang_swd;
-
- extern bool swd_mode;
-
PKG_NAME:=pciutils
PKG_VERSION:=3.7.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@KERNEL/software/utils/pciutils
CATEGORY:=Utilities
TITLE:=Linux PCI Utilities
URL:=http://mj.ucw.cz/pciutils.shtml
- DEPENDS:=+libkmod +libpci
+ DEPENDS:=+libkmod +libpci +pciids
endef
define Package/pciutils/description
URL:=http://mj.ucw.cz/pciutils.shtml
endef
-
-PCI_IDS_VER:=0.336
-PCI_IDS_FILE:=pci.ids.$(PCI_IDS_VER)
-define Download/pci_ids
- FILE:=$(PCI_IDS_FILE)
- URL_FILE:=pci.ids
- URL:=@GITHUB/vcrhonek/hwdata/v$(PCI_IDS_VER)
- HASH:=94053616c1f9b93540861931fb7891b1b30d6fd21b3e2c1647467527ea38f557
-endef
-$(eval $(call Download,pci_ids))
-
-define Build/Prepare
- $(call Build/Prepare/Default)
- $(RM) $(PKG_BUILD_DIR)/pci.ids
- $(CP) $(DL_DIR)/$(PCI_IDS_FILE) $(PKG_BUILD_DIR)/pci.ids
-endef
-
TARGET_CFLAGS += $(FPIC)
MAKE_FLAGS += \
define Package/pciutils/install
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/{lspci,setpci,update-pciids} $(1)/usr/sbin/
- $(INSTALL_DIR) $(1)/usr/share
- $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/pci.ids $(1)/usr/share/
endef
define Package/libpci/install
--- a/Makefile
+++ b/Makefile
-@@ -119,7 +119,7 @@
+@@ -119,7 +119,7 @@ distclean: clean
install: all
# -c is ignored on Linux, but required on FreeBSD
$(DIRINSTALL) -m 755 $(DESTDIR)$(SBINDIR) $(DESTDIR)$(IDSDIR) $(DESTDIR)$(MANDIR)/man8 $(DESTDIR)$(MANDIR)/man7 $(DESTDIR)/$(MANDIR)/man5
--- a/update-pciids.sh
+++ b/update-pciids.sh
@@ -6,9 +6,8 @@ set -e
- SRC="http://pci-ids.ucw.cz/v2.2/pci.ids"
+ SRC="https://pci-ids.ucw.cz/v2.2/pci.ids"
DEST=pci.ids
PCI_COMPRESSED_IDS=
-GREP=grep
--- /dev/null
+--- a/Makefile
++++ b/Makefile
+@@ -35,7 +35,7 @@ ABI_VERSION=.3
+ PREFIX=/usr/local
+ SBINDIR=$(PREFIX)/sbin
+ SHAREDIR=$(PREFIX)/share
+-IDSDIR=$(SHAREDIR)
++IDSDIR=$(SHAREDIR)/hwdata
+ MANDIR:=$(shell if [ -d $(PREFIX)/share/man ] ; then echo $(PREFIX)/share/man ; else echo $(PREFIX)/man ; fi)
+ INCDIR=$(PREFIX)/include
+ LIBDIR=$(PREFIX)/lib
PKG_NAME:=pcsc-lite
PKG_VERSION:=1.9.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://pcsclite.apdu.fr/files/
--disable-libsystemd \
--enable-libusb \
--enable-static \
+ --enable-ipcdir=/var/run/pcscd \
--enable-usbdropdir=/usr/lib/pcsc/drivers
define Build/InstallDev
include $(TOPDIR)/rules.mk
PKG_NAME:=podman
-PKG_VERSION:=2.1.1
-PKG_RELEASE:=4
+PKG_VERSION:=2.2.1
+PKG_RELEASE:=2
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/containers/podman/archive/v$(PKG_VERSION)
-PKG_HASH:=5ebaa6e0dbd7fd1863f70d2bc71dc8a94e195c3339c17e3cac4560c9ec5747f8
+PKG_HASH:=bd86b181251e2308cb52f18410fb52d89df7f130cecf0298bbf9a848fe7daf60
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
--- /dev/null
+From 1ad796677e1ce3f03463c791818176586987c389 Mon Sep 17 00:00:00 2001
+From: Paul Holzinger <paul.holzinger@web.de>
+Date: Mon, 21 Dec 2020 12:30:06 +0100
+Subject: [PATCH] Fix build for mips architecture
+
+The signal SIGSTKFLT does not exists on mips architectures.
+Also RTMIN and RTMAX are different.
+
+This code is copied from docker.
+
+Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
+---
+ pkg/signal/signal_linux.go | 1 +
+ pkg/signal/signal_linux_mipsx.go | 106 +++++++++++++++++++++++++++++++
+ 2 files changed, 107 insertions(+)
+ create mode 100644 pkg/signal/signal_linux_mipsx.go
+
+--- a/pkg/signal/signal_linux.go
++++ b/pkg/signal/signal_linux.go
+@@ -1,4 +1,5 @@
+ // +build linux
++// +build !mips,!mipsle,!mips64,!mips64le
+
+ // Signal handling for Linux only.
+ package signal
+--- /dev/null
++++ b/pkg/signal/signal_linux_mipsx.go
+@@ -0,0 +1,106 @@
++// +build linux
++// +build mips mipsle mips64 mips64le
++
++// Special signal handling for mips architecture
++package signal
++
++// Copyright 2013-2018 Docker, Inc.
++
++// NOTE: this package has originally been copied from github.com/docker/docker.
++
++import (
++ "os"
++ "os/signal"
++ "syscall"
++
++ "golang.org/x/sys/unix"
++)
++
++const (
++ sigrtmin = 34
++ sigrtmax = 127
++)
++
++// signalMap is a map of Linux signals.
++var signalMap = map[string]syscall.Signal{
++ "ABRT": unix.SIGABRT,
++ "ALRM": unix.SIGALRM,
++ "BUS": unix.SIGBUS,
++ "CHLD": unix.SIGCHLD,
++ "CLD": unix.SIGCLD,
++ "CONT": unix.SIGCONT,
++ "FPE": unix.SIGFPE,
++ "HUP": unix.SIGHUP,
++ "ILL": unix.SIGILL,
++ "INT": unix.SIGINT,
++ "IO": unix.SIGIO,
++ "IOT": unix.SIGIOT,
++ "KILL": unix.SIGKILL,
++ "PIPE": unix.SIGPIPE,
++ "POLL": unix.SIGPOLL,
++ "PROF": unix.SIGPROF,
++ "PWR": unix.SIGPWR,
++ "QUIT": unix.SIGQUIT,
++ "SEGV": unix.SIGSEGV,
++ "EMT": unix.SIGEMT,
++ "STOP": unix.SIGSTOP,
++ "SYS": unix.SIGSYS,
++ "TERM": unix.SIGTERM,
++ "TRAP": unix.SIGTRAP,
++ "TSTP": unix.SIGTSTP,
++ "TTIN": unix.SIGTTIN,
++ "TTOU": unix.SIGTTOU,
++ "URG": unix.SIGURG,
++ "USR1": unix.SIGUSR1,
++ "USR2": unix.SIGUSR2,
++ "VTALRM": unix.SIGVTALRM,
++ "WINCH": unix.SIGWINCH,
++ "XCPU": unix.SIGXCPU,
++ "XFSZ": unix.SIGXFSZ,
++ "RTMIN": sigrtmin,
++ "RTMIN+1": sigrtmin + 1,
++ "RTMIN+2": sigrtmin + 2,
++ "RTMIN+3": sigrtmin + 3,
++ "RTMIN+4": sigrtmin + 4,
++ "RTMIN+5": sigrtmin + 5,
++ "RTMIN+6": sigrtmin + 6,
++ "RTMIN+7": sigrtmin + 7,
++ "RTMIN+8": sigrtmin + 8,
++ "RTMIN+9": sigrtmin + 9,
++ "RTMIN+10": sigrtmin + 10,
++ "RTMIN+11": sigrtmin + 11,
++ "RTMIN+12": sigrtmin + 12,
++ "RTMIN+13": sigrtmin + 13,
++ "RTMIN+14": sigrtmin + 14,
++ "RTMIN+15": sigrtmin + 15,
++ "RTMAX-14": sigrtmax - 14,
++ "RTMAX-13": sigrtmax - 13,
++ "RTMAX-12": sigrtmax - 12,
++ "RTMAX-11": sigrtmax - 11,
++ "RTMAX-10": sigrtmax - 10,
++ "RTMAX-9": sigrtmax - 9,
++ "RTMAX-8": sigrtmax - 8,
++ "RTMAX-7": sigrtmax - 7,
++ "RTMAX-6": sigrtmax - 6,
++ "RTMAX-5": sigrtmax - 5,
++ "RTMAX-4": sigrtmax - 4,
++ "RTMAX-3": sigrtmax - 3,
++ "RTMAX-2": sigrtmax - 2,
++ "RTMAX-1": sigrtmax - 1,
++ "RTMAX": sigrtmax,
++}
++
++// CatchAll catches all signals and relays them to the specified channel.
++func CatchAll(sigc chan os.Signal) {
++ handledSigs := make([]os.Signal, 0, len(signalMap))
++ for _, s := range signalMap {
++ handledSigs = append(handledSigs, s)
++ }
++ signal.Notify(sigc, handledSigs...)
++}
++
++// StopCatch stops catching the signals and closes the specified channel.
++func StopCatch(sigc chan os.Signal) {
++ signal.Stop(sigc)
++ close(sigc)
++}
--- /dev/null
+From 21f5154399fc33959a4f3c42e29cade6757015c9 Mon Sep 17 00:00:00 2001
+From: Valentin Rothberg <rothberg@redhat.com>
+Date: Tue, 5 Jan 2021 10:44:16 +0100
+Subject: [PATCH] vendor containers/psgo@v1.5.2
+
+Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
+---
+ go.mod | 2 +-
+ go.sum | 4 ++--
+ .../internal/capabilities/capabilities.go | 2 +-
+ .../containers/psgo/internal/dev/tty.go | 5 ++--
+ .../containers/psgo/internal/proc/status.go | 2 +-
+ .../psgo/internal/process/process.go | 4 ++--
+ vendor/github.com/containers/psgo/psgo.go | 24 +++++++++----------
+ vendor/modules.txt | 2 +-
+ 8 files changed, 23 insertions(+), 22 deletions(-)
+
+--- a/go.mod
++++ b/go.mod
+@@ -14,7 +14,7 @@ require (
+ github.com/containers/common v0.29.0
+ github.com/containers/conmon v2.0.20+incompatible
+ github.com/containers/image/v5 v5.9.0
+- github.com/containers/psgo v1.5.1
++ github.com/containers/psgo v1.5.2
+ github.com/containers/storage v1.24.1
+ github.com/coreos/go-systemd/v22 v22.1.0
+ github.com/cri-o/ocicni v0.2.1-0.20201102180012-75c612fda1a2
+--- a/go.sum
++++ b/go.sum
+@@ -109,8 +109,8 @@ github.com/containers/libtrust v0.0.0-20
+ github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
+ github.com/containers/ocicrypt v1.0.3 h1:vYgl+RZ9Q3DPMuTfxmN+qp0X2Bj52uuY2vnt6GzVe1c=
+ github.com/containers/ocicrypt v1.0.3/go.mod h1:CUBa+8MRNL/VkpxYIpaMtgn1WgXGyvPQj8jcy0EVG6g=
+-github.com/containers/psgo v1.5.1 h1:MQNb7FLbXqBdqz6u4lI2QWizVz4RSTzs1+Nk9XT1iVA=
+-github.com/containers/psgo v1.5.1/go.mod h1:2ubh0SsreMZjSXW1Hif58JrEcFudQyIy9EzPUWfawVU=
++github.com/containers/psgo v1.5.2 h1:3aoozst/GIwsrr/5jnFy3FrJay98uujPCu9lTuSZ/Cw=
++github.com/containers/psgo v1.5.2/go.mod h1:2ubh0SsreMZjSXW1Hif58JrEcFudQyIy9EzPUWfawVU=
+ github.com/containers/storage v1.23.6/go.mod h1:haFs0HRowKwyzvWEx9EgI3WsL8XCSnBDb5f8P5CAxJY=
+ github.com/containers/storage v1.23.7/go.mod h1:cUT2zHjtx+WlVri30obWmM2gpqpi8jfPsmIzP1TVpEI=
+ github.com/containers/storage v1.24.0 h1:Fo2LkF7tkMLmo38sTZ/G8wHjcn8JfUFPfyTxM4WwMfk=
+--- a/vendor/github.com/containers/psgo/internal/capabilities/capabilities.go
++++ b/vendor/github.com/containers/psgo/internal/capabilities/capabilities.go
+@@ -13,7 +13,7 @@
+ // limitations under the License.
+
+ // Package capabilities provides a mapping from common kernel bit masks to the
+-// alphanumerical represenation of kernel capabilities. See capabilities(7)
++// alphanumerical representation of kernel capabilities. See capabilities(7)
+ // for additional information.
+ package capabilities
+
+--- a/vendor/github.com/containers/psgo/internal/dev/tty.go
++++ b/vendor/github.com/containers/psgo/internal/dev/tty.go
+@@ -113,8 +113,9 @@ func TTYs() (*[]TTY, error) {
+ }
+ s := fi.Sys().(*syscall.Stat_t)
+ t := TTY{
+- Minor: minDevNum(s.Rdev),
+- Major: majDevNum(s.Rdev),
++ // Rdev is type uint32 on mips arch so we have to cast to uint64
++ Minor: minDevNum(uint64(s.Rdev)),
++ Major: majDevNum(uint64(s.Rdev)),
+ Path: dev,
+ }
+ ttys = append(ttys, t)
+--- a/vendor/github.com/containers/psgo/internal/proc/status.go
++++ b/vendor/github.com/containers/psgo/internal/proc/status.go
+@@ -24,7 +24,7 @@ import (
+ "github.com/pkg/errors"
+ )
+
+-// Status is a direct translation of a `/proc/[pid]/status`, wich provides much
++// Status is a direct translation of a `/proc/[pid]/status`, which provides much
+ // of the information in /proc/[pid]/stat and /proc/[pid]/statm in a format
+ // that's easier for humans to parse.
+ type Status struct {
+--- a/vendor/github.com/containers/psgo/internal/process/process.go
++++ b/vendor/github.com/containers/psgo/internal/process/process.go
+@@ -31,9 +31,9 @@ type Process struct {
+ Pid string
+ // Stat contains data from /proc/$pid/stat.
+ Stat proc.Stat
+- // Status containes data from /proc/$pid/status.
++ // Status contains data from /proc/$pid/status.
+ Status proc.Status
+- // CmdLine containes data from /proc/$pid/cmdline.
++ // CmdLine contains data from /proc/$pid/cmdline.
+ CmdLine []string
+ // Label containers data from /proc/$pid/attr/current.
+ Label string
+--- a/vendor/github.com/containers/psgo/psgo.go
++++ b/vendor/github.com/containers/psgo/psgo.go
+@@ -482,7 +482,7 @@ func JoinNamespaceAndProcessInfoByPidsWi
+ // catch race conditions
+ continue
+ }
+- return nil, errors.Wrapf(err, "error extracing PID namespace")
++ return nil, errors.Wrapf(err, "error extracting PID namespace")
+ }
+ if _, exists := nsMap[ns]; !exists {
+ nsMap[ns] = true
+@@ -759,7 +759,7 @@ func processVSZ(p *process.Process, ctx
+ }
+
+ // parseCAP parses cap (a string bit mask) and returns the associated set of
+-// capabilities. If all capabilties are set, "full" is returned. If no
++// capabilities. If all capabilities are set, "full" is returned. If no
+ // capability is enabled, "none" is returned.
+ func parseCAP(cap string) (string, error) {
+ mask, err := strconv.ParseUint(cap, 16, 64)
+@@ -777,36 +777,36 @@ func parseCAP(cap string) (string, error
+ return strings.Join(caps, ","), nil
+ }
+
+-// processCAPAMB returns the set of ambient capabilties associated with
+-// process p. If all capabilties are set, "full" is returned. If no
++// processCAPAMB returns the set of ambient capabilities associated with
++// process p. If all capabilities are set, "full" is returned. If no
+ // capability is enabled, "none" is returned.
+ func processCAPAMB(p *process.Process, ctx *psContext) (string, error) {
+ return parseCAP(p.Status.CapAmb)
+ }
+
+-// processCAPINH returns the set of inheritable capabilties associated with
+-// process p. If all capabilties are set, "full" is returned. If no
++// processCAPINH returns the set of inheritable capabilities associated with
++// process p. If all capabilities are set, "full" is returned. If no
+ // capability is enabled, "none" is returned.
+ func processCAPINH(p *process.Process, ctx *psContext) (string, error) {
+ return parseCAP(p.Status.CapInh)
+ }
+
+-// processCAPPRM returns the set of permitted capabilties associated with
+-// process p. If all capabilties are set, "full" is returned. If no
++// processCAPPRM returns the set of permitted capabilities associated with
++// process p. If all capabilities are set, "full" is returned. If no
+ // capability is enabled, "none" is returned.
+ func processCAPPRM(p *process.Process, ctx *psContext) (string, error) {
+ return parseCAP(p.Status.CapPrm)
+ }
+
+-// processCAPEFF returns the set of effective capabilties associated with
+-// process p. If all capabilties are set, "full" is returned. If no
++// processCAPEFF returns the set of effective capabilities associated with
++// process p. If all capabilities are set, "full" is returned. If no
+ // capability is enabled, "none" is returned.
+ func processCAPEFF(p *process.Process, ctx *psContext) (string, error) {
+ return parseCAP(p.Status.CapEff)
+ }
+
+-// processCAPBND returns the set of bounding capabilties associated with
+-// process p. If all capabilties are set, "full" is returned. If no
++// processCAPBND returns the set of bounding capabilities associated with
++// process p. If all capabilities are set, "full" is returned. If no
+ // capability is enabled, "none" is returned.
+ func processCAPBND(p *process.Process, ctx *psContext) (string, error) {
+ return parseCAP(p.Status.CapBnd)
+--- a/vendor/modules.txt
++++ b/vendor/modules.txt
+@@ -160,7 +160,7 @@ github.com/containers/ocicrypt/keywrap/p
+ github.com/containers/ocicrypt/keywrap/pkcs7
+ github.com/containers/ocicrypt/spec
+ github.com/containers/ocicrypt/utils
+-# github.com/containers/psgo v1.5.1
++# github.com/containers/psgo v1.5.2
+ github.com/containers/psgo
+ github.com/containers/psgo/internal/capabilities
+ github.com/containers/psgo/internal/cgroups
--- /dev/null
+From fcba0df068d07ee7a26ec9d891220233d7d17dfd Mon Sep 17 00:00:00 2001
+From: Paul Holzinger <paul.holzinger@web.de>
+Date: Wed, 6 Jan 2021 23:32:40 +0100
+Subject: [PATCH] Fix build for mips architecture followup
+
+Followup to commit (1ad796677e1c). The build on mips is still
+failing because SIGWINCH was not defined in the signal pkg.
+
+Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
+---
+ pkg/signal/signal_linux_mipsx.go | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/pkg/signal/signal_linux_mipsx.go
++++ b/pkg/signal/signal_linux_mipsx.go
+@@ -19,6 +19,8 @@ import (
+ const (
+ sigrtmin = 34
+ sigrtmax = 127
++
++ SIGWINCH = syscall.SIGWINCH
+ )
+
+ // signalMap is a map of Linux signals.
--- /dev/null
+--- a/pkg/spec/config_linux.go
++++ b/pkg/spec/config_linux.go
+@@ -294,8 +294,8 @@ func (c *CreateConfig) createBlockIO() (
+ lwd := spec.LinuxWeightDevice{
+ Weight: &wd.Weight,
+ }
+- lwd.Major = int64(unix.Major(wdStat.Rdev))
+- lwd.Minor = int64(unix.Minor(wdStat.Rdev))
++ lwd.Major = int64(unix.Major(uint64(wdStat.Rdev))) //nolint: unconvert
++ lwd.Minor = int64(unix.Minor(uint64(wdStat.Rdev))) //nolint: unconvert
+ lwds = append(lwds, lwd)
+ }
+ bio.WeightDevice = lwds
+@@ -357,8 +357,8 @@ func makeThrottleArray(throttleInput []s
+ ltd := spec.LinuxThrottleDevice{
+ Rate: t.rate,
+ }
+- ltd.Major = int64(unix.Major(ltdStat.Rdev))
+- ltd.Minor = int64(unix.Minor(ltdStat.Rdev))
++ ltd.Major = int64(unix.Major(uint64(ltdStat.Rdev))) // nolint: unconvert
++ ltd.Minor = int64(unix.Minor(uint64(ltdStat.Rdev))) // nolint: unconvert
+ ltds = append(ltds, ltd)
+ }
+ return ltds, nil
+--- a/pkg/specgen/generate/container.go
++++ b/pkg/specgen/generate/container.go
+@@ -282,8 +282,8 @@ func finishThrottleDevices(s *specgen.Sp
+ if err := unix.Stat(k, &statT); err != nil {
+ return err
+ }
+- v.Major = (int64(unix.Major(statT.Rdev)))
+- v.Minor = (int64(unix.Minor(statT.Rdev)))
++ v.Major = (int64(unix.Major(uint64(statT.Rdev)))) // nolint: unconvert
++ v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) // nolint: unconvert
+ s.ResourceLimits.BlockIO.ThrottleReadBpsDevice = append(s.ResourceLimits.BlockIO.ThrottleReadBpsDevice, v)
+ }
+ }
+@@ -293,8 +293,8 @@ func finishThrottleDevices(s *specgen.Sp
+ if err := unix.Stat(k, &statT); err != nil {
+ return err
+ }
+- v.Major = (int64(unix.Major(statT.Rdev)))
+- v.Minor = (int64(unix.Minor(statT.Rdev)))
++ v.Major = (int64(unix.Major(uint64(statT.Rdev)))) // nolint: unconvert
++ v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) // nolint: unconvert
+ s.ResourceLimits.BlockIO.ThrottleWriteBpsDevice = append(s.ResourceLimits.BlockIO.ThrottleWriteBpsDevice, v)
+ }
+ }
+@@ -304,8 +304,8 @@ func finishThrottleDevices(s *specgen.Sp
+ if err := unix.Stat(k, &statT); err != nil {
+ return err
+ }
+- v.Major = (int64(unix.Major(statT.Rdev)))
+- v.Minor = (int64(unix.Minor(statT.Rdev)))
++ v.Major = (int64(unix.Major(uint64(statT.Rdev)))) // nolint: unconvert
++ v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) // nolint: unconvert
+ s.ResourceLimits.BlockIO.ThrottleReadIOPSDevice = append(s.ResourceLimits.BlockIO.ThrottleReadIOPSDevice, v)
+ }
+ }
+@@ -315,8 +315,8 @@ func finishThrottleDevices(s *specgen.Sp
+ if err := unix.Stat(k, &statT); err != nil {
+ return err
+ }
+- v.Major = (int64(unix.Major(statT.Rdev)))
+- v.Minor = (int64(unix.Minor(statT.Rdev)))
++ v.Major = (int64(unix.Major(uint64(statT.Rdev)))) // nolint: unconvert
++ v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) // nolint: unconvert
+ s.ResourceLimits.BlockIO.ThrottleWriteIOPSDevice = append(s.ResourceLimits.BlockIO.ThrottleWriteIOPSDevice, v)
+ }
+ }
include $(TOPDIR)/rules.mk
PKG_NAME:=prometheus-node-exporter-lua
-PKG_VERSION:=2020.10.29
-PKG_RELEASE:=1
+PKG_VERSION:=2020.12.07
+PKG_RELEASE:=2
PKG_MAINTAINER:=Etienne CHAMPETIER <champetier.etienne@gmail.com>
PKG_LICENSE:=Apache-2.0
$(INSTALL_BIN) ./files/usr/lib/lua/prometheus-collectors/wifi_stations.lua $(1)/usr/lib/lua/prometheus-collectors/
endef
+define Package/prometheus-node-exporter-lua-snmp6
+ $(call Package/prometheus-node-exporter-lua/Default)
+ TITLE+= (snmp6 collector)
+ DEPENDS:=prometheus-node-exporter-lua +libubus-lua
+endef
+
+define Package/prometheus-node-exporter-lua-snmp6/install
+ $(INSTALL_DIR) $(1)/usr/lib/lua/prometheus-collectors
+ $(INSTALL_BIN) ./files/usr/lib/lua/prometheus-collectors/snmp6.lua $(1)/usr/lib/lua/prometheus-collectors/
+endef
+
$(eval $(call BuildPackage,prometheus-node-exporter-lua))
$(eval $(call BuildPackage,prometheus-node-exporter-lua-bmx6))
$(eval $(call BuildPackage,prometheus-node-exporter-lua-bmx7))
$(eval $(call BuildPackage,prometheus-node-exporter-lua-uci_dhcp_host))
$(eval $(call BuildPackage,prometheus-node-exporter-lua-wifi))
$(eval $(call BuildPackage,prometheus-node-exporter-lua-wifi_stations))
+$(eval $(call BuildPackage,prometheus-node-exporter-lua-snmp6))
}
local function scrape()
- -- NOTE: Both of these are missing in OpenWRT kernels.
- -- See: https://dev.openwrt.org/ticket/15781
local netstat = get_contents("/proc/net/netstat") .. get_contents("/proc/net/snmp")
-- all devices
--- /dev/null
+local ubus = require "ubus"
+
+local function get_devices() -- based on hostapd_stations.lua
+ local u = ubus.connect()
+ local status = u:call("network.device", "status", {})
+ local devices = {}
+
+ for dev, dev_table in pairs(status) do
+ table.insert(devices, dev)
+ end
+ return devices
+end
+
+local function get_metric(device)
+ local label = {
+ device = device
+ }
+
+ if device == "all" then
+ for e in io.lines("/proc/net/snmp6") do
+ local snmp6 = space_split(e)
+ metric("snmp6_" .. snmp6[1], "counter", label, tonumber(snmp6[2]))
+ end
+ else
+ for e in io.lines("/proc/net/dev_snmp6/" .. device) do
+ local snmp6 = space_split(e)
+ metric("snmp6_" .. snmp6[1], "counter", label, tonumber(snmp6[2]))
+ end
+ end
+end
+
+local function scrape()
+ get_metric("all")
+ for _, devicename in ipairs(get_devices()) do
+ get_metric(devicename)
+ end
+end
+
+return { scrape = scrape }
PKG_NAME:=qemu
PKG_VERSION:=5.0.0
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_HASH:=2f13a92a0fa5c8b69ff0796b59b86b080bbb92ebad5d301a7724dd06b5e78cb6
PKG_SOURCE_URL:=http://download.qemu.org/
include $(INCLUDE_DIR)/nls.mk
include $(INCLUDE_DIR)/package.mk
-QEMU_DEPS_IN_GUEST := @(TARGET_x86_64||TARGET_armvirt||TARGET_arm64||TARGET_malta)
+QEMU_DEPS_IN_GUEST := @(TARGET_x86_64||TARGET_armvirt||TARGET_malta)
QEMU_DEPS_IN_HOST := @(TARGET_x86_64||TARGET_sunxi)
QEMU_DEPS_IN_HOST += $(CXX_DEPENDS)
QEMU_DEPS_IN_HOST += $(ICONV_DEPENDS)
--- /dev/null
+From 80ec6872aceb18c68b1cf5b6f8acd6ad667cbd4f Mon Sep 17 00:00:00 2001
+From: Yousong Zhou <yszhou4tech@gmail.com>
+Date: Thu, 17 Dec 2020 15:55:55 +0800
+Subject: [PATCH] qga: invoke separate applets for guest-shutdown modes
+
+/sbin/shutdown is not available on OpenWrt by default
+
+Origin: "main/qemu: fix shutdown from guest agent"
+https://gitlab.alpinelinux.org/alpine/aports/commit/76b81b486480fd9c3294cd420bcf2df01c27790d
+---
+ qga/commands-posix.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/qga/commands-posix.c b/qga/commands-posix.c
+index a52af0315f..623d856c64 100644
+--- a/qga/commands-posix.c
++++ b/qga/commands-posix.c
+@@ -84,6 +84,7 @@ static void ga_wait_child(pid_t pid, int *status, Error **errp)
+ void qmp_guest_shutdown(bool has_mode, const char *mode, Error **errp)
+ {
+ const char *shutdown_flag;
++ const char *fallback_cmd = NULL;
+ Error *local_err = NULL;
+ pid_t pid;
+ int status;
+@@ -91,10 +92,13 @@ void qmp_guest_shutdown(bool has_mode, const char *mode, Error **errp)
+ slog("guest-shutdown called, mode: %s", mode);
+ if (!has_mode || strcmp(mode, "powerdown") == 0) {
+ shutdown_flag = "-P";
++ fallback_cmd = "/sbin/poweroff";
+ } else if (strcmp(mode, "halt") == 0) {
+ shutdown_flag = "-H";
++ fallback_cmd = "/sbin/halt";
+ } else if (strcmp(mode, "reboot") == 0) {
+ shutdown_flag = "-r";
++ fallback_cmd = "/sbin/reboot";
+ } else {
+ error_setg(errp,
+ "mode is invalid (valid values are: halt|powerdown|reboot");
+@@ -111,6 +115,7 @@ void qmp_guest_shutdown(bool has_mode, const char *mode, Error **errp)
+
+ execle("/sbin/shutdown", "shutdown", "-h", shutdown_flag, "+0",
+ "hypervisor initiated shutdown", (char*)NULL, environ);
++ execle(fallback_cmd, fallback_cmd, (char*)NULL, environ);
+ _exit(EXIT_FAILURE);
+ } else if (pid < 0) {
+ error_setg_errno(errp, errno, "failed to create child process");
include $(TOPDIR)/rules.mk
PKG_NAME:=quota
-PKG_VERSION:=4.05
-PKG_RELEASE:=3
+PKG_VERSION:=4.06
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/linuxquota
-PKG_HASH:=ef3b5b5d1014ed1344b46c1826145e20cbef8db967b522403c9a060761cf7ab9
+PKG_HASH:=2f3e03039f378d4f0d97acdb49daf581dcaad64d2e1ddf129495fd579fbd268d
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
PKG_LICENSE:=GPL-2.0-or-later
--- /dev/null
+diff --git a/quota.c b/quota.c
+index a6ed61f..a60de12 100644
+--- a/quota.c
++++ b/quota.c
+@@ -385,7 +385,7 @@ int main(int argc, char **argv)
+ break;
+ case 259:
+ fscount++;
+- fsnames = reallocarray(fsnames, fscount, sizeof(char *));
++ fsnames = realloc(fsnames, fscount * sizeof(char *));
+ if (!fsnames)
+ die(1, _("Not enough memory for filesystem names"));
+ fsnames[fscount - 1] = optarg;
include $(TOPDIR)/rules.mk
PKG_NAME:=rpcd-mod-lxc
-PKG_RELEASE=20171206
+PKG_RELEASE=20201208
PKG_LICENSE:=ISC
$(INSTALL_BIN) $(PKG_BUILD_DIR)/lib/lxc.so $(1)/usr/lib/rpcd/
endef
+define Package/rpcd-mod-lxc/postinst
+#!/bin/sh
+[ -n "$$IPKG_INSTROOT" ] || /etc/init.d/rpcd reload
+endef
+
$(eval $(call BuildPackage,rpcd-mod-lxc))
include $(TOPDIR)/rules.mk
PKG_NAME:=rtl_433
-PKG_VERSION:=20.02
+PKG_VERSION:=20.11
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/merbanan/rtl_433/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=4f114017ede02d3038c449cf7d25cc82eecda5960e5229cc229774681a9ad80b
+PKG_HASH:=12a5cb7a733ba352467522c704d5b685aa6137582dc18aaa444d4891c29ee839
PKG_MAINTAINER:=Jasper Scholte <NightNL@outlook.com>
PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=COPYING
-CMAKE_INSTALL:=1
PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
rtl_433 turns your Realtek RTL2832 based DVB dongle into a 433.92MHz generic data receiver.
endef
+define Build/InstallDev
+ $(INSTALL_DIR) $(1)/usr/include
+ $(CP) $(PKG_INSTALL_DIR)/usr/include/rtl_433.h $(1)/usr/include
+ $(CP) $(PKG_INSTALL_DIR)/usr/include/rtl_433_devices.h $(1)/usr/include
+endef
+
define Package/rtl_433/install
+ $(INSTALL_DIR) $(1)/etc/rtl_433
+ $(CP) $(PKG_INSTALL_DIR)/usr/etc/rtl_433/*.conf $(1)/etc/rtl_433
$(INSTALL_DIR) $(1)/usr/bin
$(CP) $(PKG_INSTALL_DIR)/usr/bin/rtl_433 $(1)/usr/bin
endef
include $(TOPDIR)/rules.mk
PKG_NAME:=rtty
-PKG_VERSION:=7.1.4
+PKG_VERSION:=7.3.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL=https://github.com/zhaojh329/rtty/releases/download/v$(PKG_VERSION)
-PKG_HASH:=f0b8cf4c4d3d4b34d10097fe430d32ab1576edbf41131d27b6b964e078be1716
+PKG_HASH:=38bf042421c3d5e1ff862a64bd299d4b8b1e193faf4e56f8f8beb55e88cb7924
CMAKE_INSTALL:=1
PKG_LICENSE:=MIT
PKG_NAME:=runc
PKG_VERSION:=1.0.0-rc92
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
CATEGORY:=Utilities
TITLE:=runc container runtime
URL:=https://www.opencontainers.org/
- DEPENDS:=$(GO_ARCH_DEPENDS) @(aarch64||arm||x86_64) +KERNEL_SECCOMP_FILTER:libseccomp
+ DEPENDS:=$(GO_ARCH_DEPENDS) +KERNEL_SECCOMP_FILTER:libseccomp
endef
define Package/runc/description
CATEGORY:=Utilities
TITLE+= (drivers)
DEPENDS:=+ALL:sane-backends-all
- BUILDONLY:=1
endef
define Package/sane-backends/description
PKG_NAME:=sipcalc
PKG_SOURCE_DATE:=2014-10-24
-PKG_RELEASE:=1
+PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/sii/sipcalc
include $(INCLUDE_DIR)/uclibc++.mk
PKG_NAME:=smartmontools
-PKG_VERSION:=7.1
-PKG_RELEASE:=3
+PKG_VERSION:=7.2
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/smartmontools
-PKG_HASH:=3f734d2c99deb1e4af62b25d944c6252de70ca64d766c4c7294545a2e659b846
+PKG_HASH:=5cd98a27e6393168bc6aaea070d9e1cd551b0f898c52f66b2ff2e5d274118cd6
PKG_MAINTAINER:=Maxim Storchak <m.storchak@gmail.com>
PKG_LICENSE:=GPL-2.0-or-later
+ "-v 228,raw48,Power-off_Retract_Count "
+ // 229 Unknown_Attribute
+ "-v 230,raw48,Head_Amplitude,HDD "
-+ "-v 231,raw48,Temperature_Celsius "
++ "-v 231,raw48,Temperature_Celsius,HDD "
+ "-v 232,raw48,Available_Reservd_Space "
+ "-v 233,raw48,Media_Wearout_Indicator,SSD "
+ // 234-239 Unknown_Attribute
diff --git a/configure b/configure
-index 6f442b3..5803c83 100755
+index 88928cf..736fabd 100755
--- a/configure
+++ b/configure
-@@ -6988,7 +6988,7 @@ releaseversion='${PACKAGE}-${VERSION}'
+@@ -6964,7 +6964,7 @@ releaseversion='${PACKAGE}-${VERSION}'
# Set platform-specific modules and symbols
os_libs=
os_dltools='curl wget lynx svn'
-os_mailer=mail
+os_mailer=mailx
- os_hostname="'hostname'"
+ os_hostname="'hostname' 'uname -n'"
os_dnsdomainname=
os_nisdomainname="'domainname'"
--- /dev/null
+#!/bin/sh
+
+case "$1" in
+ smartctl|smartd) "$1" -V | head -n 1 | grep "$2" ;;
+esac
include $(TOPDIR)/rules.mk
PKG_NAME:=spi-tools
-PKG_VERSION:=0.8.5
+PKG_VERSION:=0.8.6
PKG_RELEASE:=1
PKG_SOURCE_URL:=https://codeload.github.com/cpb-/spi-tools/tar.gz/$(PKG_VERSION)?
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=a1846bf3b4d38fc419f8efe4555242aa581358fdca28452b3ca11f74e3572e33
+PKG_HASH:=319ad6ab296111109ea4a820e216cef392429295de7e10e76f7146677337cf09
PKG_MAINTAINER:=John Crispin <blogic@openwrt.org>
PKG_LICENSE:=GPL-2.0-only
include $(TOPDIR)/rules.mk
PKG_NAME:=stress-ng
-PKG_VERSION:=0.12.00
+PKG_VERSION:=0.12.02
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://kernel.ubuntu.com/~cking/tarballs/stress-ng
-PKG_HASH:=b2b738f574671926654b1623103a7aa58ee6911894ac78760ee188c4bfa96fe2
+PKG_HASH:=f847be115f60d3ad7d37c806fd1bfb1412aa3c631fca581d6dc233322f50d6a5
PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
PKG_LICENSE:=GPL-2.0-only
CATEGORY:=Utilities
TITLE:=stress-ng is a stress test utility
URL:=https://kernel.ubuntu.com/~cking/stress-ng/
- DEPENDS:=+zlib
+ DEPENDS:=+zlib +libbsd +libaio +libsctp
endef
define Package/stress-ng/description
--- a/stress-fp-error.c
+++ b/stress-fp-error.c
-@@ -109,42 +109,43 @@ static int stress_fp_error(const stress_args_t *args)
+@@ -115,42 +115,43 @@ static int stress_fp_error(const stress_
do {
volatile double d1, d2;
/*
* Use volatiles to force compiler to generate code
* to perform run time computation of 1.0 / M_PI
-@@ -165,14 +166,15 @@ static int stress_fp_error(const stress_args_t *args)
+@@ -171,14 +172,15 @@ static int stress_fp_error(const stress_
stress_fp_check(args, "DBL_MAX + DBL_MAX / 2.0",
DBL_MAX + DBL_MAX / 2.0, INFINITY,
false, true, 0, FE_OVERFLOW | FE_INEXACT);
+++ /dev/null
---- a/Makefile.config
-+++ b/Makefile.config
-@@ -67,7 +67,7 @@ ifeq ($(shell uname -s),SunOS)
- endif
-
- ifndef $(HAVE_LIB_AIO)
--HAVE_LIB_AIO = $(shell $(MAKE) $(MAKE_OPTS) TEST_LIBS=$(LIB_AIO) TEST_PROG=test-libaio have_test_prog)
-+#HAVE_LIB_AIO = $(shell $(MAKE) $(MAKE_OPTS) TEST_LIBS=$(LIB_AIO) TEST_PROG=test-libaio have_test_prog)
- ifeq ($(HAVE_LIB_AIO),1)
- CONFIG_CFLAGS += -DHAVE_LIB_AIO
- CONFIG_LDFLAGS += $(LIB_AIO)
-@@ -76,7 +76,7 @@ endif
- endif
-
- ifndef $(HAVE_LIB_BSD)
--HAVE_LIB_BSD = $(shell $(MAKE) $(MAKE_OPTS) TEST_LIBS=$(LIB_BSD) TEST_PROG=test-libbsd have_test_prog)
-+#HAVE_LIB_BSD = $(shell $(MAKE) $(MAKE_OPTS) TEST_LIBS=$(LIB_BSD) TEST_PROG=test-libbsd have_test_prog)
- ifeq ($(HAVE_LIB_BSD),1)
- CONFIG_CFLAGS += -DHAVE_LIB_BSD
- CONFIG_LDFLAGS += $(LIB_BSD)
-@@ -103,7 +103,7 @@ endif
- endif
-
- ifndef $(HAVE_LIB_SCTP)
--HAVE_LIB_SCTP = $(shell $(MAKE) $(MAKE_OPTS) TEST_LIBS=$(LIB_SCTP) TEST_PROG=test-libsctp have_test_prog)
-+#HAVE_LIB_SCTP = $(shell $(MAKE) $(MAKE_OPTS) TEST_LIBS=$(LIB_SCTP) TEST_PROG=test-libsctp have_test_prog)
- ifeq ($(HAVE_LIB_SCTP),1)
- CONFIG_CFLAGS += -DHAVE_LIB_SCTP
- CONFIG_LDFLAGS += $(LIB_SCTP)
-@@ -178,7 +178,7 @@ endif
- endif
-
- ifndef $(HAVE_AIO_H)
--HAVE_AIO_H = $(shell $(MAKE) $(MAKE_OPTS) HEADER=aio.h have_header_h)
-+#HAVE_AIO_H = $(shell $(MAKE) $(MAKE_OPTS) HEADER=aio.h have_header_h)
- ifeq ($(HAVE_AIO_H),1)
- CONFIG_CFLAGS += -DHAVE_AIO_H
- $(info autoconfig: using aio.h)
-@@ -2516,7 +2516,7 @@ endif
- endif
-
- ifndef $(HAVE_SETPROCTITLE)
--HAVE_SETPROCTITLE = $(shell $(MAKE) $(MAKE_OPTS) TEST_LIBS=$(LIB_BSD) TEST_PROG=test-setproctitle have_test_prog)
-+#HAVE_SETPROCTITLE = $(shell $(MAKE) $(MAKE_OPTS) TEST_LIBS=$(LIB_BSD) TEST_PROG=test-setproctitle have_test_prog)
- ifeq ($(HAVE_SETPROCTITLE),1)
- CONFIG_CFLAGS += -DHAVE_SETPROCTITLE
- $(info autoconfig: using setproctitle)
-@@ -3140,7 +3140,7 @@ endif
- ifndef $(HAVE_WCSLCAT)
- WCSFUNC=wcslcat
- export WCSFUNC
--HAVE_WCSLCAT = $(shell $(MAKE) $(MAKE_OPTS) WCSFUNC=wcslcat have_wcsfunc)
-+#HAVE_WCSLCAT = $(shell $(MAKE) $(MAKE_OPTS) WCSFUNC=wcslcat have_wcsfunc)
- ifeq ($(HAVE_WCSLCAT),1)
- CONFIG_CFLAGS += -DHAVE_WCSLCAT
- $(info autoconfig: using wcslcat)
-@@ -3150,7 +3150,7 @@ endif
- ifndef $(HAVE_WCSLCPY)
- WCSFUNC=wcslcpy
- export WCSFUNC
--HAVE_WCSLCPY = $(shell $(MAKE) $(MAKE_OPTS) WCSFUNC=wcslcpy have_wcsfunc)
-+#HAVE_WCSLCPY = $(shell $(MAKE) $(MAKE_OPTS) WCSFUNC=wcslcpy have_wcsfunc)
- ifeq ($(HAVE_WCSLCPY),1)
- CONFIG_CFLAGS += -DHAVE_WCSLCPY
- $(info autoconfig: using wcslcpy)
include $(TOPDIR)/rules.mk
PKG_NAME:=sumo
-PKG_VERSION:=1.7.0
-PKG_RELEASE:=2
+PKG_VERSION:=1.8.0
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-src-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/sumo
-PKG_HASH:=1f7a668568c92d1eeaa0e54a8af45052747accf9ba42983b21e906a80b16a9c2
+PKG_HASH:=fb0636152085153155ddb41841f0175c5f1e7989907b883f6c7453c63af49edb
PKG_MAINTAINER:=Álvaro Fernández Rojas <noltari@gmail.com>
PKG_LICENSE:=GPL-3.0-or-later
various APIs to remotely control the simulation.
endef
+CMAKE_OPTIONS += \
+ -DCCACHE_SUPPORT=OFF
+
define Package/sumo/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/{activitygen,dfrouter,duarouter,emissionsDrivingCycle,emissionsMap,jtrrouter,marouter,netconvert,netgenerate,od2trips,polyconvert} $(1)/usr/bin
+++ /dev/null
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -29,12 +29,6 @@ project(SUMO)
- set(PACKAGE_VERSION "1.7.0")
- cmake_minimum_required(VERSION 3.1)
-
--find_program(CCACHE_FOUND "ccache")
--if (CCACHE_FOUND AND CCACHE_SUPPORT)
-- message(STATUS "Enabling ccache")
-- set_property(GLOBAL PROPERTY RULE_LAUNCH_COMPILE "ccache")
--endif()
--
- set(CMAKE_COLOR_MAKEFILE ON)
- set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/build/cmake_modules/")
-
include $(TOPDIR)/rules.mk
PKG_NAME:=syncthing
-PKG_VERSION:=1.9.0
-PKG_RELEASE:=2
+PKG_VERSION:=1.12.1
+PKG_RELEASE:=0
PKG_SOURCE:=syncthing-source-v$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/syncthing/syncthing/releases/download/v$(PKG_VERSION)
-PKG_HASH:=a4e3e5997b2c4c76512ed9b32a067b2a90e26c0d445f8c3c62af65d2b93d4d8b
+PKG_HASH:=f636441137650316b83809c177efb4df73be024547e056ea03dcf0ed627d81c7
PKG_BUILD_DIR=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)/$(PKG_NAME)
include $(TOPDIR)/rules.mk
PKG_NAME:=sysstat
-PKG_VERSION:=12.4.1
+PKG_VERSION:=12.4.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://pagesperso-orange.fr/sebastien.godard/
-PKG_HASH:=24af8d4eff5118a18f67d5eadda843b9cb9fd29ae4922c0e8b8399621313ce0b
+PKG_HASH:=3701b2c1883d50eb384d7b95ce5b6df0a71fdcb3c23f96cb58098d1bcffa018f
PKG_MAINTAINER:=Marko Ratkaj <marko.ratkaj@sartura.hr>
PKG_LICENSE:=GPL-2.0-or-later
sadc: sadc.o act_sadc.o sa_wrap.o sa_common_sadc.o common_sadc.o systest.o librdstats.a librdsensors.a
-@@ -293,7 +293,7 @@ sar: sar.o act_sar.o format_sar.o sa_common.o pr_stats.o librdstats_light.a libs
+@@ -293,7 +293,7 @@ sar: sar.o act_sar.o format_sar.o sa_com
sadf.o: sadf.c sadf.h version.h sa.h common.h rd_stats.h rd_sensors.h
include $(TOPDIR)/rules.mk
PKG_NAME:=tini
-PKG_VERSION:=0.18.0
-PKG_RELEASE:=1
+PKG_VERSION:=0.19.0
+PKG_RELEASE:=2
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/krallin/tini/tar.gz/v${PKG_VERSION}?
-PKG_HASH:=1097675352d6317b547e73f9dc7c6839fd0bb0d96dafc2e5c95506bb324049a2
-PKG_SOURCE_VERSION:=fec3683b971d9c3ef73f284f176672c44b448662
+PKG_HASH:=0fd35a7030052acd9f58948d1d900fe1e432ee37103c5561554408bdac6bbf0d
+PKG_SOURCE_VERSION:=de40ad007797e0dcd8b7126f27bb87401d224240
+TINI_COMMIT:=de40ad0
PKG_MAINTAINER:=Gerard Ryan <G.M0N3Y.2503@gmail.com>
A tiny but valid init process for containers.
endef
-# static version seemes to be effected by https://www.openwall.com/lists/musl/2018/07/18/8 so we use the workaround
-TARGET_CFLAGS += -Wl,--build-id
+CMAKE_OPTIONS += -DTINI_VERSION_GIT='$(TINI_COMMIT)'
+TARGET_LDFLAGS += $(if $(CONFIG_USE_GLIBC),-lc -lgcc_eh)
define Package/tini/install
$(INSTALL_DIR) $(1)/usr/bin
--- /dev/null
+commit 31b0908a5eff3926195670beecc8548c429ceff5
+Author: Gerard Ryan <G.M0N3Y.2503@gmail.com>
+Date: Sat Oct 31 16:53:39 2020 +1000
+
+ Added support for setting git version externally
+ * This to help when building from source snapshots
+ that don't have the .git file structure.
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 332b361..3f6f44b 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -13,27 +13,37 @@ if(MINIMAL)
+ add_definitions(-DTINI_MINIMAL=1)
+ endif()
+
+-# Extract git version and dirty-ness
+-execute_process (
+- COMMAND git --git-dir "${PROJECT_SOURCE_DIR}/.git" --work-tree "${PROJECT_SOURCE_DIR}" log -n 1 --date=local --pretty=format:%h
+- WORKING_DIRECTORY "${PROJECT_SOURCE_DIR}"
+- RESULT_VARIABLE git_version_check_ret
+- OUTPUT_VARIABLE tini_VERSION_GIT
+-)
+-
+-execute_process(
+- COMMAND git --git-dir "${PROJECT_SOURCE_DIR}/.git" --work-tree "${PROJECT_SOURCE_DIR}" status --porcelain --untracked-files=no
+- WORKING_DIRECTORY "${PROJECT_SOURCE_DIR}"
+- OUTPUT_VARIABLE git_dirty_check_out
+-)
+-
+-if("${git_version_check_ret}" EQUAL 0)
+- set(tini_VERSION_GIT " - git.${tini_VERSION_GIT}")
+- if(NOT "${git_dirty_check_out}" STREQUAL "")
+- set(tini_VERSION_GIT "${tini_VERSION_GIT}-dirty")
+- endif()
++# Set the git version
++if (NOT "${TINI_VERSION_GIT}" STREQUAL "")
++ # Set by the user directly
++ set(tini_VERSION_GIT "${TINI_VERSION_GIT}")
+ else()
+- set(tini_VERSION_GIT "")
++ # Extract git version
++ execute_process (
++ COMMAND git --git-dir "${PROJECT_SOURCE_DIR}/.git" --work-tree "${PROJECT_SOURCE_DIR}" log -n 1 --date=local --pretty=format:%h
++ WORKING_DIRECTORY "${PROJECT_SOURCE_DIR}"
++ RESULT_VARIABLE git_version_check_ret
++ OUTPUT_VARIABLE tini_VERSION_GIT
++ )
++
++ if("${git_version_check_ret}" EQUAL 0)
++ # Extract git dirty-ness
++ execute_process(
++ COMMAND git --git-dir "${PROJECT_SOURCE_DIR}/.git" --work-tree "${PROJECT_SOURCE_DIR}" status --porcelain --untracked-files=no
++ WORKING_DIRECTORY "${PROJECT_SOURCE_DIR}"
++ OUTPUT_VARIABLE git_dirty_check_out
++ )
++
++ if(NOT "${git_dirty_check_out}" STREQUAL "")
++ set(tini_VERSION_GIT "${tini_VERSION_GIT}-dirty")
++ endif()
++ else()
++ set(tini_VERSION_GIT "")
++ endif()
++endif()
++
++if(NOT ${tini_VERSION_GIT} STREQUAL "")
++ set(tini_VERSION_GIT " - git.${tini_VERSION_GIT}")
+ endif()
+
+ # Flags
include $(TOPDIR)/rules.mk
PKG_NAME:=ttyd
-PKG_VERSION:=1.6.1
-PKG_RELEASE:=3
+PKG_VERSION:=1.6.3
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/tsl0922/ttyd/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=d72dcca3dec00cda87b80a0a25ae4fee2f8b9098c1cdb558508dcb14fbb6fafc
+PKG_HASH:=1116419527edfe73717b71407fb6e06f46098fc8a8e6b0bb778c4c75dc9f64b9
PKG_MAINTAINER:=Shuanglei Tao <tsl0922@gmail.com>
PKG_LICENSE:=MIT
#include "utils.h"
-@@ -441,7 +442,8 @@ int main(int argc, char **argv) {
+@@ -478,7 +479,8 @@ int main(int argc, char **argv) {
return -1;
}
+++ /dev/null
-From f7c171ffbe2d7677af4974a235ed3ccb7b3ba8c8 Mon Sep 17 00:00:00 2001
-From: Shuanglei Tao <tsl0922@gmail.com>
-Date: Tue, 28 Jul 2020 22:55:01 +0800
-Subject: [PATCH 2/7] protocol: fix request path for h2
-
----
- src/protocol.c | 12 +++++++-----
- src/server.h | 1 +
- 2 files changed, 8 insertions(+), 5 deletions(-)
-
-diff --git a/src/protocol.c b/src/protocol.c
-index fa96b6b..1be0a4e 100644
---- a/src/protocol.c
-+++ b/src/protocol.c
-@@ -236,8 +236,12 @@ int callback_tty(struct lws *wsi, enum lws_callback_reasons reason, void *user,
- lwsl_warn("refuse to serve WS client due to the --max-clients option.\n");
- return 1;
- }
-- if (lws_hdr_copy(wsi, buf, sizeof(buf), WSI_TOKEN_GET_URI) <= 0 ||
-- strcmp(buf, endpoints.ws) != 0) {
-+
-+ n = lws_hdr_copy(wsi, pss->path, sizeof(pss->path), WSI_TOKEN_GET_URI);
-+#if defined(LWS_ROLE_H2)
-+ if (n <= 0) n = lws_hdr_copy(wsi, pss->path, sizeof(pss->path), WSI_TOKEN_HTTP_COLON_PATH);
-+#endif
-+ if (strncmp(pss->path, endpoints.ws, n) != 0) {
- lwsl_warn("refuse to serve WS client for illegal ws path: %s\n", buf);
- return 1;
- }
-@@ -276,8 +280,6 @@ int callback_tty(struct lws *wsi, enum lws_callback_reasons reason, void *user,
- LIST_INSERT_HEAD(&server->procs, proc, entry);
- server->client_count++;
-
-- lws_hdr_copy(wsi, buf, sizeof(buf), WSI_TOKEN_GET_URI);
--
- #if LWS_LIBRARY_VERSION_NUMBER >= 2004000
- lws_get_peer_simple(lws_get_network_wsi(wsi), pss->address, sizeof(pss->address));
- #else
-@@ -285,7 +287,7 @@ int callback_tty(struct lws *wsi, enum lws_callback_reasons reason, void *user,
- lws_get_peer_addresses(wsi, lws_get_socket_fd(wsi), name, sizeof(name), pss->address,
- sizeof(pss->address));
- #endif
-- lwsl_notice("WS %s - %s, clients: %d\n", buf, pss->address, server->client_count);
-+ lwsl_notice("WS %s - %s, clients: %d\n", pss->path, pss->address, server->client_count);
- break;
-
- case LWS_CALLBACK_SERVER_WRITEABLE:
-diff --git a/src/server.h b/src/server.h
-index 116d9b9..167ea8b 100644
---- a/src/server.h
-+++ b/src/server.h
-@@ -57,6 +57,7 @@ struct pss_tty {
- int initial_cmd_index;
- bool authenticated;
- char address[50];
-+ char path[20];
-
- struct lws *wsi;
- char *buffer;
---
-2.20.1
-
include $(TOPDIR)/rules.mk
PKG_NAME:=uhubctl
-PKG_VERSION:=2.2.0
+PKG_VERSION:=2.3.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/mvp/uhubctl/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=e5a722cb41967903bedbab4eea566ab332241a7f05fc7bc9c386b9a5e1762d8b
+PKG_HASH:=714f733592d3cb6ba8efc84fbc03b1beed2323918ff33aef01cdb956755be7b7
PKG_LICENSE:=GPL-2.0-only
PKG_LICENSE_FILES:=COPYING LICENSE
include $(TOPDIR)/rules.mk
PKG_NAME:=unrar
-PKG_VERSION:=6.0.2
+PKG_VERSION:=6.0.3
PKG_RELEASE:=1
PKG_SOURCE:=unrarsrc-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.rarlab.com/rar
-PKG_HASH:=81bf188333f89c976780a477af27f651f54aa7da9312303d8d1a804696d3edd3
+PKG_HASH:=1def53392d879f9e304aa6eac1339cf41f9bce1111a2f5845071665738c4aca0
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)-$(BUILD_VARIANT)/unrar
PKG_MAINTAINER:=Álvaro Fernández Rojas <noltari@gmail.com>, \
TARGET_LDFLAGS +=-nodefaultlibs
endif
TARGET_CXXFLAGS +=-fno-rtti -flto
-TARGET_LDFLAGS +=$(FPIC) -Wl,--gc-sections
+TARGET_LDFLAGS +=$(FPIC) -Wl,--gc-sections $(if $(CONFIG_USE_GLIBC),-lpthread)
define Package/unrar/Default
TITLE:=UnRAR
--- /dev/null
+#
+# Copyright (C) 2007-2016 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=usbutils
+PKG_VERSION:=013
+PKG_RELEASE:=2
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_SOURCE_URL:=@KERNEL/linux/utils/usb/usbutils
+PKG_HASH:=9e23494fcc78b7a80ee29a07dd179c95ae2f71509c35728dbbabc2d1cca41338
+
+PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
+PKG_LICENSE:=GPL-2.0-only
+PKG_LICENSE_FILES:=COPYING
+
+PKG_FIXUP:=autoreconf
+PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/usbutils
+ SECTION:=utils
+ CATEGORY:=Utilities
+ DEPENDS:=+libusb-1.0 +libudev +usbids +librt +libpthread
+ TITLE:=USB devices listing utilities
+ URL:=http://www.linux-usb.org/
+endef
+
+CONFIGURE_ARGS += \
+ --datadir=$(CONFIGURE_PREFIX)/share/hwdata
+
+define Package/usbutils/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/lsusb $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/usbreset $(1)/usr/bin/
+endef
+
+$(eval $(call BuildPackage,usbutils))
PKG_NAME:=watchcat
PKG_VERSION:=1
-PKG_RELEASE:=8
+PKG_RELEASE:=11
PKG_MAINTAINER:=Roger D <rogerdammit@gmail.com>
PKG_LICENSE:=GPL-2.0
PIDFILE="/tmp/run/watchcat"
append_string() {
- local varname="$1"; local add="$2"; local separator="${3:- }"; local actual
+ varname="$1"
+ add="$2"
+ separator="${3:- }"
+ actual
eval "actual=\$$varname"
new="${actual:+$actual$separator}$add"
eval "$varname=\$new"
}
-timetoseconds() {
- local time=$1
- unset seconds
+time_to_seconds() {
+ time=$1
+
+ { [ "$time" -ge 1 ] 2>/dev/null && seconds="$time"; } ||
+ { [ "${time%s}" -ge 1 ] 2>/dev/null && seconds="${time%s}"; } ||
+ { [ "${time%m}" -ge 1 ] 2>/dev/null && seconds=$((${time%m} * 60)); } ||
+ { [ "${time%h}" -ge 1 ] 2>/dev/null && seconds=$((${time%h} * 3600)); } ||
+ { [ "${time%d}" -ge 1 ] 2>/dev/null && seconds=$((${time%d} * 86400)); }
- { [ "$time" -ge 1 ] 2> /dev/null && seconds="$time"; } || \
- { [ "${time%s}" -ge 1 ] 2> /dev/null && seconds="${time%s}"; } || \
- { [ "${time%m}" -ge 1 ] 2> /dev/null && seconds=$((${time%m}*60)); } || \
- { [ "${time%h}" -ge 1 ] 2> /dev/null && seconds=$((${time%h}*3600)); } || \
- { [ "${time%d}" -ge 1 ] 2> /dev/null && seconds=$((${time%d}*86400)); }
+ echo $seconds
+ unset seconds
+ unset time
}
load_watchcat() {
- config_get period $1 period
- config_get mode $1 mode
- config_get pinghosts $1 pinghosts
- config_get pingperiod $1 pingperiod
- config_get nopingtime $1 nopingtime
- config_get forcedelay $1 forcedelay
-
- local nopingtime_dflt="900"
- local forcedelay_dflt="60"
+ config_get period "$1" period "120"
+ config_get mode "$1" mode "restart_iface"
+ config_get pinghosts "$1" pinghosts "8.8.8.8"
+ config_get pingperiod "$1" pingperiod "60"
+ config_get forcedelay "$1" forcedelay "60"
+ config_get pingsize "$1" pingsize "standard"
+ config_get interface "$1" interface
+ config_get mmifacename "$1" mmifacename
+ config_get unlockbands "$1" unlockbands "0"
+
+ # Fix potential typo in mode and provide backward compatibility.
+ [ "$mode" = "allways" ] && mode="periodic_reboot"
+ [ "$mode" = "always" ] && mode="periodic_reboot"
+ [ "$mode" = "ping" ] && mode="ping_reboot"
- # Fix potential typo in mode (backward compatibility).
- [ "$mode" = "allways" ] && mode="always"
-
error=""
warn=""
-
- if [ -z "$period" ]
- then
- append_string "error" "period is not set! Use time value(ex: '30'; '4m'; '6h'; '2d')." "; "
- else
- timetoseconds "$period";period="$seconds"
- [ "$period" -ge 1 ] \
- || append_string "error" "period has invalid format! Use time value(ex: '30'; '4m'; '6h'; '2d')" "; "
- fi
-
- [ "$mode" = "always" -o "$mode" = "ping" ] \
- || append_string "error" "mode must be 'always' or 'ping'" "; "
-
- if [ -z "$forcedelay" ]
- then
- forcedelay="$forcedelay_dflt"
- append_string "warn" "forcedelay is not configured! Defaulted to $forcedelay seconds" "; "
- else
- [ "$forcedelay" -ge 0 ] || {
- forcedelay="$forcedelay_dflt"
- append_string "warn" "forcedelay is invalid! Defaulted to $forcedelay seconds" "; "
- }
+
+ # Checks for settings common to all operation modes
+ if [ "$mode" != "periodic_reboot" ] && [ "$mode" != "ping_reboot" ] && [ "$mode" != "restart_iface" ]; then
+ append_string "error" "mode must be 'periodic_reboot' or 'ping_reboot' or 'restart_iface'" "; "
fi
-
- [ -z "$error" -a "$mode" = "ping" ] && {
- [ -z "$pinghosts" ] \
- && append_string "error" "pinghosts must be set in 'ping' mode! Use space separated address list (ex: '8.8.8.8 9.9.9.9')" "; "
-
- if [ -z "$nopingtime" ]
- then
- nopingtime="$nopingtime_dflt"
- append_string "warn" "nopingtime is not configured! Defaulted to $nopingtime seconds" "; "
- else
- timetoseconds "$nopingtime";nopingtime="$seconds"
- [ "$nopingtime" -ge 0 ] || {
- nopingtime="$nopingtime_dflt"
- append_string "warn" "nopingtime invalid format! Use time value(ex: '30'; '4m'; '6h'; '2d'). Defaulted to $nopingtime seconds" "; "
- }
- fi
-
- local pingperiod_dflt="$((period/5))"
-
- if [ -z "$pingperiod" ]
- then
- pingperiod="$pingperiod_dflt"
- append_string "warn" "pingperiod is not configured! Defaulted to $pingperiod seconds(1/5 of period)" "; "
- else
- timetoseconds "$pingperiod";pingperiod="$seconds"
- [ "$pingperiod" -ge 0 -a "$pingperiod" -ge "$period" ] && {
- pingperiod="$pingperiod_dflt"
- append_string "warn" "pingperiod is invalid value(greater than period)! Defaulted to $pingperiod seconds(1/5 of period)" "; "
- }
- [ "$pingperiod" -ge 0 ] || {
- pingperiod="$pingperiod_dflt"
- append_string "warn" "pingperiod has invalid format! Use time value(ex: '30'; '4m'; '6h'; '2d'). Defaulted to $pingperiod seconds(1/5 of period)" "; "
- }
+
+ period="$(time_to_seconds "$period")"
+ [ "$period" -ge 1 ] ||
+ append_string "error" "period has invalid format! Use time value(ex: '30'; '4m'; '6h'; '2d')" "; "
+
+ # ping_reboot mode and restart_iface mode specific checks
+ if [ "$mode" = "ping_reboot" ] || [ "$mode" = "restart_iface" ]; then
+
+ if [ -z "$error" ]; then
+
+ pingperiod_default="$((period / 5))"
+
+ pingperiod="$(time_to_seconds "$pingperiod")"
+ if [ "$pingperiod" -ge 0 ] && [ "$pingperiod" -ge "$period" ]; then
+ pingperiod="$(time_to_seconds "$pingperiod_default")"
+ append_string "warn" "pingperiod cannot be greater than $period. Defaulted to $pingperiod_default seconds (1/5 of period)" "; "
+ fi
+
+ if [ "$pingperiod" -lt 0 ]; then
+ append_string "warn" "pingperiod cannot be a negative value." "; "
+ fi
+
+ if [ "$mmifacename" != "" ] && [ "$period" -lt 30 ]; then
+ append_string "error" "Check interval is less than 30s. For robust operation with ModemManager modem interfaces it is recommended to set the period to at least 30s."
+ fi
fi
- }
-
- [ -n "$warn" ] && logger -p user.warn -t "watchcat" "$1: $warn"
- [ -n "$error" ] && { logger -p user.err -t "watchcat" "reboot program $1 not started - $error"; return; }
+ fi
- if [ "$mode" = "always" ]
- then
- /usr/bin/watchcat.sh "always" "$period" "$forcedelay" &
- logger -p user.info -t "watchcat" "started task (mode=$mode;period=$period;forcedelay=$forcedelay)"
- else
- /usr/bin/watchcat.sh "ping" "$period" "$forcedelay" "$pinghosts" "$pingperiod" "$nopingtime" &
- logger -p user.info -t "watchcat" "started task (mode=$mode;period=$period;pinghosts=$pinghosts;pingperiod=$pingperiod;forcedelay=$forcedelay;nopingtime=$nopingtime)"
+ # ping_reboot mode and periodic_reboot mode specific checks
+ if [ "$mode" = "ping_reboot" ] || [ "$mode" = "periodic_reboot" ]; then
+ forcedelay="$(time_to_seconds "$forcedelay")"
fi
- echo $! >> "${PIDFILE}.pids"
+ [ -n "$warn" ] && logger -p user.warn -t "watchcat" "$1: $warn"
+ [ -n "$error" ] && {
+ logger -p user.err -t "watchcat" "reboot program $1 not started - $error"
+ return
+ }
+
+ case "$mode" in
+ periodic_reboot)
+ /usr/bin/watchcat.sh "periodic_reboot" "$period" "$forcedelay" &
+ logger -p user.info -t "watchcat" "started task (mode=$mode;period=$period;forcedelay=$forcedelay)"
+ ;;
+ ping_reboot)
+ /usr/bin/watchcat.sh "ping_reboot" "$period" "$forcedelay" "$pinghosts" "$pingperiod" "$pingsize" &
+ logger -p user.info -t "watchcat" "started task (mode=$mode;period=$period;pinghosts=$pinghosts;pingperiod=$pingperiod;forcedelay=$forcedelay;pingsize=$pingsize)"
+ ;;
+ restart_iface)
+ /usr/bin/watchcat.sh "restart_iface" "$period" "$pinghosts" "$pingperiod" "$pingsize" "$interface" "$mmifacename" &
+ logger -p user.info -t "watchcat" "started task (mode=$mode;period=$period;pinghosts=$pinghosts;pingperiod=$pingperiod;pingsize=$pingsize;interface=$interface;mmifacename=$mmifacename;unlockbands=$unlockbands)"
+ ;;
+ *)
+ echo "Error starting Watchcat service. Invalid mode selection: $mode"
+ ;;
+ esac
+
+ echo $! >>"${PIDFILE}.pids"
}
stop() {
- if [ -f "${PIDFILE}.pids" ]
- then
+ if [ -f "${PIDFILE}.pids" ]; then
logger -p user.info -t "watchcat" "stopping all tasks"
- while read pid
- do
+ while read pid; do
kill -KILL "$pid"
- done < "${PIDFILE}.pids"
+ done <"${PIDFILE}.pids"
rm "${PIDFILE}.pids"
[ -f "${PIDFILE}.pids" ] && stop
config_load system
- if [ -n "$(uci show system.@watchcat[0])" ] # at least one watchcat section exists
- then
+ if [ -n "$(uci show system.@watchcat[0])" ]; then # at least one watchcat section exists
logger -p user.info -t "watchcat" "starting all tasks"
config_foreach load_watchcat watchcat
logger -p user.info -t "watchcat" "all tasks started"
uci -q show system.@watchcat[0] || {
uci add system watchcat
uci set system.@watchcat[0].period=6h
- uci set system.@watchcat[0].mode=ping
+ uci set system.@watchcat[0].mode=ping_reboot
uci set system.@watchcat[0].pinghosts=8.8.8.8
uci set system.@watchcat[0].forcedelay=30
uci commit
#!/bin/sh
#
# Copyright (C) 2010 segal.di.ubi.pt
+# Copyright (C) 2020 nbembedded.com
#
# This is free software, licensed under the GNU General Public License v2.
#
+get_ping_size() {
+ ps=$1
+ case "$ps" in
+ small)
+ ps="1"
+ ;;
+ windows)
+ ps="32"
+ ;;
+ standard)
+ ps="56"
+ ;;
+ big)
+ ps="248"
+ ;;
+ huge)
+ ps="1492"
+ ;;
+ jumbo)
+ ps="9000"
+ ;;
+ *)
+ echo "Error: invalid ping_size. ping_size should be either: small, windows, standard, big, huge or jumbo"
+ echo "Cooresponding ping packet sizes (bytes): small=1, windows=32, standard=56, big=248, huge=1492, jumbo=9000"
+ ;;
+ esac
+ echo $ps
+}
+
reboot_now() {
- reboot &
+ reboot &
- [ "$1" -ge 1 ] && {
- sleep "$1"
- echo 1 > /proc/sys/kernel/sysrq
- echo b > /proc/sysrq-trigger # Will immediately reboot the system without syncing or unmounting your disks.
- }
+ [ "$1" -ge 1 ] && {
+ sleep "$1"
+ echo 1 >/proc/sys/kernel/sysrq
+ echo b >/proc/sysrq-trigger # Will immediately reboot the system without syncing or unmounting your disks.
+ }
}
-watchcat_always() {
- local period="$1"; local forcedelay="$2"
+watchcat_periodic() {
+ failure_period="$1"
+ force_reboot_delay="$2"
- sleep "$period" && reboot_now "$forcedelay"
+ sleep "$failure_period" && reboot_now "$force_reboot_delay"
+}
+
+watchcat_restart_modemmanager_iface() {
+ [ "$2" -gt 0 ] && {
+ logger -t INFO "Resetting current-bands to 'any' on modem: \"$1\" now."
+ /usr/bin/mmcli -m any --set-current-bands=any
+ }
+ logger -t INFO "Reconnecting modem: \"$1\" now."
+ /etc/init.d/modemmanager restart
+ ifup "$1"
+}
+
+watchcat_restart_network_iface() {
+ logger -t INFO "Restarting network interface: \"$1\"."
+ ip link set "$1" down
+ ip link set "$1" up
+}
+
+watchcat_restart_all_network() {
+ logger -t INFO "Restarting networking now by running: /etc/init.d/network restart"
+ /etc/init.d/network restart
+}
+
+watchcat_monitor_network() {
+ failure_period="$1"
+ ping_hosts="$2"
+ ping_frequency_interval="$3"
+ ping_size="$4"
+ iface="$5"
+ mm_iface_name="$6"
+ mm_iface_unlock_bands="$7"
+
+ time_now="$(cat /proc/uptime)"
+ time_now="${time_now%%.*}"
+
+ [ "$time_now" -lt "$failure_period" ] && sleep "$((failure_period - time_now))"
+
+ time_now="$(cat /proc/uptime)"
+ time_now="${time_now%%.*}"
+ time_lastcheck="$time_now"
+ time_lastcheck_withinternet="$time_now"
+
+ ping_size="$(get_ping_size "$ping_size")"
+
+ while true; do
+ # account for the time ping took to return. With a ping time of 5s, ping might take more than that, so it is important to avoid even more delay.
+ time_now="$(cat /proc/uptime)"
+ time_now="${time_now%%.*}"
+ time_diff="$((time_now - time_lastcheck))"
+
+ [ "$time_diff" -lt "$ping_frequency_interval" ] && sleep "$((ping_frequency_interval - time_diff))"
+
+ time_now="$(cat /proc/uptime)"
+ time_now="${time_now%%.*}"
+ time_lastcheck="$time_now"
+
+ for host in $ping_hosts; do
+ if [ "$iface" != "" ]; then
+ ping_result="$(
+ ping -I "$iface" -s "$ping_size" -c 1 "$host" &>/dev/null
+ echo $?
+ )"
+ else
+ ping_result="$(
+ ping -s "$ping_size" -c 1 "$host" &>/dev/null
+ echo $?
+ )"
+ fi
+
+ if [ "$ping_result" -eq 0 ]; then
+ time_lastcheck_withinternet="$time_now"
+ else
+ if [ "$iface" != "" ]; then
+ logger -p daemon.info -t "watchcat[$$]" "Could not reach $host via \"$iface\" for \"$((time_now - time_lastcheck_withinternet))\" seconds. Restarting \"$iface\" after reaching \"$failure_period\" seconds"
+ else
+ logger -p daemon.info -t "watchcat[$$]" "Could not reach $host for \"$((time_now - time_lastcheck_withinternet))\" seconds. Restarting networking after reaching \"$failure_period\" seconds"
+ fi
+ fi
+ done
+
+ [ "$((time_now - time_lastcheck_withinternet))" -ge "$failure_period" ] && {
+ if [ "$mm_iface_name" != "" ]; then
+ watchcat_restart_modemmanager_iface "$mm_iface_name" "$mm_iface_unlock_bands"
+ fi
+ if [ "$iface" != "" ]; then
+ watchcat_restart_network_iface "$iface"
+ else
+ watchcat_restart_all_network
+ fi
+ /etc/init.d/watchcat start
+ }
+
+ done
}
watchcat_ping() {
- local period="$1"; local forcedelay="$2"; local pinghosts="$3"; local pingperiod="$4"; local nopingtime="$5"
-
- local time_now="$(cat /proc/uptime)";time_now="${time_now%%.*}"
-
- [ "$time_now" -lt "$nopingtime" ] && sleep "$((nopingtime-time_now))"
-
- time_now="$(cat /proc/uptime)";time_now="${time_now%%.*}"
- local time_lastcheck="$time_now"
- local time_lastcheck_withinternet="$time_now"
-
- while true
- do
- # account for the time ping took to return. With a ping time of 5s, ping might take more than that, so it is important to avoid even more delay.
- time_now="$(cat /proc/uptime)"; time_now="${time_now%%.*}"
- local time_diff="$((time_now-time_lastcheck))"
-
- [ "$time_diff" -lt "$pingperiod" ] && sleep "$((pingperiod-time_diff))"
-
- time_now="$(cat /proc/uptime)";time_now="${time_now%%.*}"
- time_lastcheck="$time_now"
-
- for host in $pinghosts
- do
- if ping -c 1 "$host" &> /dev/null
- then
- time_lastcheck_withinternet="$time_now"
- else
- logger -p daemon.info -t "watchcat[$$]" "no internet connectivity for $((time_now-time_lastcheck_withinternet)). Reseting when reaching $period"
- fi
- done
-
- [ "$((time_now-time_lastcheck_withinternet))" -ge "$period" ] && reboot_now "$forcedelay"
- done
+ failure_period="$1"
+ force_reboot_delay="$2"
+ ping_hosts="$3"
+ ping_frequency_interval="$4"
+ ping_size="$5"
+
+ time_now="$(cat /proc/uptime)"
+ time_now="${time_now%%.*}"
+
+ [ "$time_now" -lt "$failure_period" ] && sleep "$((failure_period - time_now))"
+
+ time_now="$(cat /proc/uptime)"
+ time_now="${time_now%%.*}"
+ time_lastcheck="$time_now"
+ time_lastcheck_withinternet="$time_now"
+
+ ping_size="$(get_ping_size "$ping_size")"
+
+ while true; do
+ # account for the time ping took to return. With a ping time of 5s, ping might take more than that, so it is important to avoid even more delay.
+ time_now="$(cat /proc/uptime)"
+ time_now="${time_now%%.*}"
+ time_diff="$((time_now - time_lastcheck))"
+
+ [ "$time_diff" -lt "$ping_frequency_interval" ] && sleep "$((ping_frequency_interval - time_diff))"
+
+ time_now="$(cat /proc/uptime)"
+ time_now="${time_now%%.*}"
+ time_lastcheck="$time_now"
+
+ for host in $ping_hosts; do
+ if [ "$iface" != "" ]; then
+ ping_result="$(
+ ping -I "$iface" -s "$ping_size" -c 1 "$host" &>/dev/null
+ echo $?
+ )"
+ else
+ ping_result="$(
+ ping -s "$ping_size" -c 1 "$host" &>/dev/null
+ echo $?
+ )"
+ fi
+
+ if [ "$ping_result" -eq 0 ]; then
+ time_lastcheck_withinternet="$time_now"
+ else
+ logger -p daemon.info -t "watchcat[$$]" "Could not reach $host for $((time_now - time_lastcheck_withinternet)). Rebooting after reaching $failure_period"
+ fi
+ done
+
+ [ "$((time_now - time_lastcheck_withinternet))" -ge "$failure_period" ] && reboot_now "$force_reboot_delay"
+ done
}
-if [ "$1" = "always" ]
-then
- watchcat_always "$2" "$3"
-else
- watchcat_ping "$2" "$3" "$4" "$5" "$6"
-fi
+mode="$1"
+
+# Fix potential typo in mode and provide backward compatibility.
+[ "$mode" = "allways" ] && mode="periodic_reboot"
+[ "$mode" = "always" ] && mode="periodic_reboot"
+[ "$mode" = "ping" ] && mode="ping_reboot"
+
+case "$mode" in
+periodic_reboot)
+ watchcat_periodic "$2" "$3"
+ ;;
+ping_reboot)
+ watchcat_ping "$2" "$3" "$4" "$5" "$6"
+ ;;
+restart_iface)
+ watchcat_monitor_network "$2" "$3" "$4" "$5" "$6" "$7"
+ ;;
+*)
+ echo "Error: invalid mode selected: $mode"
+ ;;
+esac
PKG_NAME:=whois
PKG_VERSION:=5.5.7
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/main/w/whois
+++ /dev/null
---- a/Makefile
-+++ b/Makefile
-@@ -56,8 +56,6 @@ DEFS += -DHAVE_ICONV
- endif
-
- ifeq ($(shell $(PKG_CONFIG) --exists 'libxcrypt >= 4.1' || echo NO),)
--DEFS += -DHAVE_CRYPT_H -DHAVE_LINUX_CRYPT_GENSALT $(shell $(PKG_CONFIG) --cflags libcrypt)
--mkpasswd_LDADD += $(shell $(PKG_CONFIG) --libs libcrypt)
- else ifdef HAVE_XCRYPT
- DEFS += -DHAVE_XCRYPT_H -DHAVE_LINUX_CRYPT_GENSALT
- mkpasswd_LDADD += -lxcrypt
--- /dev/null
+--- a/Makefile
++++ b/Makefile
+@@ -72,7 +72,7 @@ endif
+ CPPFLAGS += $(DEFS) $(INCLUDES)
+
+ ##############################################################################
+-all: Makefile.depend whois mkpasswd pos
++all: Makefile.depend whois
+
+ ##############################################################################
+ %.o: %.c
+@@ -121,7 +121,7 @@ afl-run:
+ nice afl-fuzz -i ../afl_in -o ../afl_out -- ./whois
+
+ ##############################################################################
+-install: install-whois install-mkpasswd install-pos
++install: install-whois
+
+ install-whois: whois
+ $(INSTALL) -d $(BASEDIR)$(prefix)/bin/
+++ /dev/null
---- a/Makefile
-+++ b/Makefile
-@@ -62,7 +62,7 @@ endif
- CPPFLAGS += $(DEFS) $(INCLUDES)
-
- ##############################################################################
--all: Makefile.depend whois mkpasswd pos
-+all: Makefile.depend whois pos
-
- ##############################################################################
- %.o: %.c
PKG_NAME:=xfsprogs
PKG_VERSION:=5.9.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@KERNEL/linux/utils/fs/xfs/xfsprogs
--disable-libicu
TARGET_CFLAGS += -DHAVE_MAP_SYNC
+TARGET_LDFLAGS += $(if $(CONFIG_USE_GLIBC),-lrt)
define Package/xfs-admin/install
$(INSTALL_DIR) $(1)/sbin
PKG_NAME:=xz
PKG_VERSION:=5.2.5
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@SF/lzmautils
$(call Package/xz/Default)
DEPENDS:=xz-utils $(2)
TITLE:=$(1) utility from XZ Utils
- $(if $(3),ALTERNATIVES:=$(foreach f,$(1) $(3),300:/usr/bin/$(f):/usr/bin/lzmautils-$(1)))
+ $(if $(3),ALTERNATIVES:=$(foreach f,$(1) $(3),300:/usr/bin/$(f):/usr/libexec/$(1)-lzmautils))
endef
define Package/$(1)/description
endef
define Package/$(1)/install
- $(INSTALL_DIR) $$(1)/usr/bin
- $(CP) $(PKG_INSTALL_DIR)/usr/bin/$(1) $$(1)/usr/bin/$(if $(3),lzmautils-$(1))
+ $(INSTALL_DIR) $$(1)$(if $(3),/usr/libexec,/usr/bin)
+ $(CP) $(PKG_INSTALL_DIR)/usr/bin/$(1) $$(1)$(if $(3),/usr/libexec/$(1)-lzmautils,/usr/bin/$(1))
endef
$$(eval $$(call BuildPackage,$(1)))
include $(TOPDIR)/rules.mk
PKG_NAME:=yq
-PKG_VERSION:=3.4.1
+PKG_VERSION:=4.4.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://codeload.github.com/mikefarah/yq/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=73259f808d589d11ea7a18e4cd38a2e98b518a6c2c178d1ec57d9c5942277cb1
+PKG_SOURCE_URL:=https://codeload.github.com/mikefarah/yq/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=bdd078847a74245e4c09af3dc31cdb482588398f342a8db4c019115a8495ebad
PKG_MAINTAINER:=Tianling Shen <cnsztl@project-openwrt.eu.org>
PKG_LICENSE:=MIT
PKG_USE_MIPS16:=0
GO_PKG:=github.com/mikefarah/yq
+GO_PKG_LDFLAGS:=-s -w
include $(INCLUDE_DIR)/package.mk
include ../../lang/golang/golang-package.mk
#
-# Copyright (C) 2007-2020 OpenWrt.org
+# Copyright (C) 2007-2021 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=zoneinfo
-PKG_VERSION:=2020d
+PKG_VERSION:=2021a
PKG_RELEASE:=1
#As i couldn't find real license used "Public Domain"
PKG_SOURCE:=tzdata$(PKG_VERSION).tar.gz
PKG_SOURCE_CODE:=tzcode$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.iana.org/time-zones/repository/releases
-PKG_HASH:=8d813957de363387696f05af8a8889afa282ab5016a764c701a20758d39cbaf3
+PKG_HASH:=39e7d2ba08c68cbaefc8de3227aab0dec2521be8042cf56855f7dc3a9fb14e08
include $(INCLUDE_DIR)/package.mk
define Download/tzcode
FILE=$(PKG_SOURCE_CODE)
URL=$(PKG_SOURCE_URL)
- HASH:=6cf050ba28e8053029d3f32d71341d11a794c6b5dd51a77fc769d6dae364fad5
+ HASH:=eb46bfa124b5b6bd13d61a609bfde8351bd192894708d33aa06e5c1e255802d0
endef
$(eval $(call Download,tzcode))
include $(TOPDIR)/rules.mk
PKG_NAME:=zstd
-PKG_VERSION:=1.4.5
-PKG_RELEASE:=2
+PKG_VERSION:=1.4.8
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.zst
PKG_SOURCE_URL:=https://github.com/facebook/zstd/releases/download/v$(PKG_VERSION)
-PKG_HASH:=2c2366874bc449ff539614266d8c0d6ecdb4baf30bb65609c239ab4ed23c03c7
+PKG_HASH:=c7ea10e20dd61b457220455e3cf553069987b968b7c63d1b9d46acbdb45623eb
PKG_MAINTAINER:=
PKG_LICENSE:=GPL-2.0-or-later
+++ /dev/null
---- a/build/meson/meson.build
-+++ b/build/meson/meson.build
-@@ -22,7 +22,6 @@ project('zstd',
- cc = meson.get_compiler('c')
- cxx = meson.get_compiler('cpp')
- pkgconfig = import('pkgconfig')
--python3 = import('python').find_installation()
- windows_mod = import('windows')
-
- host_machine_os = host_machine.system()
-@@ -40,8 +39,8 @@ compiler_msvc = 'msvc'
- zstd_version = meson.project_version()
-
- zstd_h_file = join_paths(meson.current_source_dir(), '../../lib/zstd.h')
--GetZstdLibraryVersion_py = files('GetZstdLibraryVersion.py')
--r = run_command(python3, GetZstdLibraryVersion_py, zstd_h_file)
-+GetZstdLibraryVersion_py = find_program('GetZstdLibraryVersion.py', native : true)
-+r = run_command(GetZstdLibraryVersion_py, zstd_h_file)
- if r.returncode() == 0
- zstd_version = r.stdout().strip()
- message('Project version is now: @0@'.format(zstd_version))
projects / feed / packages.git / commitdiff