include $(TOPDIR)/rules.mk
PKG_NAME:=netdata
-PKG_VERSION:=1.5.0
+PKG_VERSION:=1.6.0
PKG_RELEASE:=1
PKG_MAINTAINER:=Daniel Engberg <daniel.engberg.lists@pyret.net>
PKG_LICENSE:=GPL-3.0
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/firehol/netdata/releases/download/v$(PKG_VERSION)
-PKG_SOURCE_VERSION:=c5f8cecf83a7ed8880003b66614c71f7b2bff5b594f412262ec85143ca44adae
+PKG_HASH:=7839491f6e8b297cc8c28ca96845ff087f7961a12b92aa0eea1f66528da8bdaf
PKG_INSTALL:=1
PKG_FIXUP:=autoreconf
include $(TOPDIR)/rules.mk
PKG_NAME:=php
-PKG_VERSION:=7.1.2
+PKG_VERSION:=7.1.3
PKG_RELEASE:=1
PKG_MAINTAINER:=Michael Heimpold <mhei@heimpold.de>
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://www.php.net/distributions/
-PKG_MD5SUM:=d79afea1870277c86fac903566fb6c5d
-PKG_HASH:=d815a0c39fd57bab1434a77ff0610fb507c22f790c66cd6f26e27030c4b3e971
+PKG_MD5SUM:=d604d688be17f4a05b99dbb7fb9581f4
+PKG_HASH:=e4887c2634778e37fd962fbdf5c4a7d32cd708482fe07b448804625570cb0bb0
PKG_FIXUP:=libtool autoreconf
PKG_BUILD_PARALLEL:=1
include $(TOPDIR)/rules.mk
PKG_NAME:=ruby
-PKG_VERSION:=2.4.0
+PKG_VERSION:=2.4.1
PKG_RELEASE:=1
# First two numbes
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=http://cache.ruby-lang.org/pub/ruby/$(PKG_ABI_VERSION)/
-PKG_MD5SUM:=440bbbdc49d08d3650f340dccb35986d9399177ad69a204def56e5d3954600cf
+PKG_HASH:=ccfb2d0a61e2a9c374d51e099b0d833b09241ee78fc17e1fe38e3b282160237c
PKG_MAINTAINER:=Luiz Angelo Daros de Luca <luizluca@gmail.com>
PKG_LICENSE:=BSD-2-Clause
PKG_LICENSE_FILES:=COPYING
include $(TOPDIR)/rules.mk
PKG_NAME:=libarchive
-PKG_VERSION:=3.2.2
+PKG_VERSION:=3.3.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.libarchive.org/downloads
-PKG_MD5SUM:=691c194ee132d1f0f7a42541f091db811bc2e56f7107e9121be2bc8c04f1060f
+PKG_HASH:=29ca5bd1624ca5a007aa57e16080262ab4379dbf8797f5c52f7ea74a3b0424e7
PKG_MAINTAINER:=Johannes Morgenroth <morgenroth@ibr.cs.tu-bs.de>
PKG_LICENSE:=BSD-2-Clause
endef
CONFIGURE_ARGS += \
- --with-ssl=openssl
+ --with-ssl=openssl \
+ --with-idn=no
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include/
--- /dev/null
+diff --git a/configure.ac b/configure.ac
+index 8435d9a..148453c 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -109,9 +109,22 @@ else
+ fi
+ AC_SUBST([TEST_DIRS])
+
+-PKG_CHECK_MODULES(LIBIDN, libidn, have_idn=yes, have_idn=no)
+-if test "x$have_idn" = "xyes"; then
+- AC_DEFINE(HAVE_IDN, 1, [Define if IDN support is included])
++dnl +--------------------------------------------------------+
++dnl | Checking for libidn support |-
++dnl +--------------------------------------------------------+
++AC_ARG_WITH(idn,
++ AS_HELP_STRING([--with-idn=@<:@auto|no@:>@],
++ [Whether to use libidn [[default=auto]]]),
++ ac_idn=$withval,
++ ac_idn=auto)
++
++if test "x$ac_idn" = "xauto"; then
++ PKG_CHECK_MODULES(LIBIDN, libidn, enable_idn=yes, enable_idn=no)
++ if test "x$enable_idn" = "xyes"; then
++ AC_DEFINE(HAVE_IDN, 1, [Define if IDN support is included])
++ fi
++else
++ enable_idn=no
+ fi
+
+ dnl Gtk doc
+@@ -323,7 +336,7 @@ echo "
+
+ prefix: ${prefix}
+ compiler: ${CC}
+- Have IDN support: ${have_idn}
++ Enable IDN support: ${enable_idn}
+ Enable SSL: ${enable_ssl}
+ Asynchronous DNS: ${enable_asyncns}
+ Linux TCP keepalives: ${use_keepalives}
--- /dev/null
+#
+# Copyright (C) 2017 Lucian Cristian <lucian.cristian@gmail.com>
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=greyfix
+PKG_VERSION:=0.4.0
+PKG_RELEASE:=1
+
+PKG_SOURCE_URL:=http://www.kim-minh.com/pub/greyfix
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_HASH:=26013edce3a38d586282bfc22eb91bd22df54e3558ea1b3dae54d3e7a769e4fe
+
+MAINTAINER:=Lucian Cristian <lucian.cristian@gmail.com>
+PKG_LICENSE:=GPLv2
+
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/greyfix
+ SECTION:=mail
+ CATEGORY:=Mail
+ DEPENDS:=+libdb47
+ TITLE:=Greyfix - greylisting with Postfix.
+ URL:=http://www.kim-minh.com/pub/greyfix/
+endef
+
+define Package/greyfix/description
+ Greyfix is the greylisting policy daemon for Postfix written by Kim Minh Kaplan.
+endef
+
+CONFIGURE_ARGS += \
+ --localstatedir=/usr/lib \
+
+define Package/greyfix/install
+ $(INSTALL_DIR) $(1)/usr/sbin \
+ $(1)/usr/lib/greyfix
+ $(CP) $(PKG_BUILD_DIR)/greyfix $(1)/usr/sbin/
+endef
+
+$(eval $(call BuildPackage,greyfix))
--- /dev/null
+--- a/configure 2017-03-08 20:12:00.720885949 +0200
++++ b/configure 2017-03-08 20:12:51.210722711 +0200
+@@ -4190,37 +4190,6 @@
+
+ fi
+
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking match between Berkeley DB header files and runtime" >&5
+-$as_echo_n "checking match between Berkeley DB header files and runtime... " >&6; }
+-if test "$cross_compiling" = yes; then :
+- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
+-else
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-#include <db.h>
+-int
+-main ()
+-{
+-int M, m; db_version(&M, &m, 0);
+- return DB_VERSION_MAJOR != M || DB_VERSION_MINOR != m;
+- ;
+- return 0;
+-}
+-_ACEOF
+-if ac_fn_c_try_run "$LINENO"; then :
+-
+-else
+- as_fn_error $? "Berkeley DB header file does not match the library file" "$LINENO" 5
+-fi
+-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+- conftest.$ac_objext conftest.beam conftest.$ac_ext
+-fi
+-
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+-$as_echo "yes" >&6; }
+ ac_config_files="$ac_config_files Makefile"
+
+ cat >confcache <<\_ACEOF
PKG_NAME:=dnscrypt-proxy
PKG_VERSION:=1.9.4
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=http://download.dnscrypt.org/dnscrypt-proxy
}
create_config_file() {
- local address port resolver resolvers_list ephemeral_keys client_key syslog syslog_prefix local_cache query_log_file block_ipv6
+ local address port resolver resolvers_list ephemeral_keys client_key syslog syslog_prefix local_cache query_log_file block_ipv6 provider_name provider_key resolver_address
local config_path="$2"
[ ! -d "$CONFIG_DIR" ] && mkdir -p "$CONFIG_DIR"
config_get address $1 'address' '127.0.0.1'
config_get port $1 'port' '5353'
config_get resolver $1 'resolver' ''
+ config_get provider_name $1 'providername' ''
+ config_get provider_key $1 'providerkey' ''
+ config_get resolver_address $1 'resolveraddress' ''
config_get resolvers_list $1 'resolvers_list' '/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'
config_get client_key $1 'client_key' ''
config_get syslog_prefix $1 'syslog_prefix' 'dnscrypt-proxy'
append_param_not_empty "ResolverName" "$resolver" $config_path
append_param "ResolversList" "$resolvers_list" $config_path
+ append_param_not_empty "ProviderName" "$provider_name" $config_path
+ append_param_not_empty "ProviderKey" "$provider_key" $config_path
+ append_param_not_empty "ResolverAddress" "$resolver_address" $config_path
append_param "User" "$USER" $config_path
append_param "LocalAddress" "$address:$port" $config_path
append_param_not_empty "ClientKey" "$client_key" $config_path
include $(TOPDIR)/rules.mk
PKG_NAME:=git
-PKG_VERSION:=2.11.1
+PKG_VERSION:=2.12.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@KERNEL/software/scm/git/
-PKG_HASH:=c0a779cae325d48a1d5ba08b6ee1febcc31d0657a6da01fd1dec1c6e10976415
+PKG_HASH:=db11674364b764e101966d829a2e271c9b9d2a8bd4d8ecb4221a1dcdc9a3ada2
PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
--- /dev/null
+--- a/configure.ac
++++ b/configure.ac
+@@ -869,7 +869,8 @@ AC_RUN_IFELSE(
+ FILE *f = fopen(".", "r");
+ return f && fread(&c, 1, 1, f)]])],
+ [ac_cv_fread_reads_directories=no],
+- [ac_cv_fread_reads_directories=yes])
++ [ac_cv_fread_reads_directories=yes],
++ [ac_cv_fread_reads_directories=no])
+ ])
+ if test $ac_cv_fread_reads_directories = yes; then
+ FREAD_READS_DIRECTORIES=UnfortunatelyYes
+@@ -903,7 +904,8 @@ AC_RUN_IFELSE(
+ if (snprintf(buf, 3, "%s", "12345") != 5
+ || strcmp(buf, "12")) return 1]])],
+ [ac_cv_snprintf_returns_bogus=no],
+- [ac_cv_snprintf_returns_bogus=yes])
++ [ac_cv_snprintf_returns_bogus=yes],
++ [ac_cv_snprintf_returns_bogus=no])
+ ])
+ if test $ac_cv_snprintf_returns_bogus = yes; then
+ SNPRINTF_RETURNS_BOGUS=UnfortunatelyYes
+@@ -926,7 +928,8 @@ yippeeyeswehaveit
+ #endif
+ ]),
+ [ac_cv_sane_mode_bits=yes],
+- [ac_cv_sane_mode_bits=no])
++ [ac_cv_sane_mode_bits=no],
++ [ac_cv_sane_mode_bits=yes])
+ ])
+ if test $ac_cv_sane_mode_bits = yes; then
+ NEEDS_MODE_TRANSLATION=
+++ /dev/null
---- a/config.mak.uname
-+++ b/config.mak.uname
-@@ -17,9 +17,6 @@ endif
- # because maintaining the nesting to match is a pain. If
- # we had "elif" things would have been much nicer...
-
--ifeq ($(uname_M),x86_64)
-- XDL_FAST_HASH = YesPlease
--endif
- ifeq ($(uname_S),OSF1)
- # Need this for u_short definitions et al
- BASIC_CFLAGS += -D_OSF_SOURCE
--- /dev/null
+--- a/Makefile
++++ b/Makefile
+@@ -1125,7 +1125,7 @@ else
+ endif
+ curl_check := $(shell (echo 072200; $(CURL_CONFIG) --vernum | sed -e '/^70[BC]/s/^/0/') 2>/dev/null | sort -r | sed -ne 2p)
+ ifeq "$(curl_check)" "072200"
+- USE_CURL_FOR_IMAP_SEND = YesPlease
++# USE_CURL_FOR_IMAP_SEND = YesPlease
+ endif
+ ifdef USE_CURL_FOR_IMAP_SEND
+ BASIC_CFLAGS += -DUSE_CURL_FOR_IMAP_SEND
+++ /dev/null
---- a/configure.ac
-+++ b/configure.ac
-@@ -867,7 +867,8 @@ AC_RUN_IFELSE(
- FILE *f = fopen(".", "r");
- return f && fread(&c, 1, 1, f)]])],
- [ac_cv_fread_reads_directories=no],
-- [ac_cv_fread_reads_directories=yes])
-+ [ac_cv_fread_reads_directories=yes],
-+ [ac_cv_fread_reads_directories=no])
- ])
- if test $ac_cv_fread_reads_directories = yes; then
- FREAD_READS_DIRECTORIES=UnfortunatelyYes
-@@ -901,7 +902,8 @@ AC_RUN_IFELSE(
- if (snprintf(buf, 3, "%s", "12345") != 5
- || strcmp(buf, "12")) return 1]])],
- [ac_cv_snprintf_returns_bogus=no],
-- [ac_cv_snprintf_returns_bogus=yes])
-+ [ac_cv_snprintf_returns_bogus=yes],
-+ [ac_cv_snprintf_returns_bogus=no])
- ])
- if test $ac_cv_snprintf_returns_bogus = yes; then
- SNPRINTF_RETURNS_BOGUS=UnfortunatelyYes
-@@ -924,7 +926,8 @@ yippeeyeswehaveit
- #endif
- ]),
- [ac_cv_sane_mode_bits=yes],
-- [ac_cv_sane_mode_bits=no])
-+ [ac_cv_sane_mode_bits=no],
-+ [ac_cv_sane_mode_bits=yes])
- ])
- if test $ac_cv_sane_mode_bits = yes; then
- NEEDS_MODE_TRANSLATION=
+++ /dev/null
---- a/Makefile
-+++ b/Makefile
-@@ -1117,7 +1117,7 @@ else
- endif
- curl_check := $(shell (echo 072200; $(CURL_CONFIG) --vernum | sed -e '/^70[BC]/s/^/0/') 2>/dev/null | sort -r | sed -ne 2p)
- ifeq "$(curl_check)" "072200"
-- USE_CURL_FOR_IMAP_SEND = YesPlease
-+# USE_CURL_FOR_IMAP_SEND = YesPlease
- endif
- ifdef USE_CURL_FOR_IMAP_SEND
- BASIC_CFLAGS += -DUSE_CURL_FOR_IMAP_SEND
PKG_NAME:=lighttpd
PKG_VERSION:=1.4.45
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=http://download.lighttpd.net/lighttpd/releases-1.4.x
+PKG_SOURCE_URL:=https://download.lighttpd.net/lighttpd/releases-1.4.x
PKG_MD5SUM:=a128e1eda76899ce3fd115efae5fe631
PKG_LICENSE:=BSD-3c
--without-attr \
--without-bzip2 \
--without-fam \
- --without-gdbm \
- --without-ldap \
- --with-lua \
- --without-memcache \
--with-pcre \
--without-valgrind \
$(call autoconf_bool,CONFIG_IPV6,ipv6)
--without-openssl
endif
-ifneq ($(SDK)$(CONFIG_PACKAGE_lighttpd-mod-mysql-vhost),)
- CONFIGURE_ARGS+= \
- --with-mysql
+ifneq ($(SDK)$(CONFIG_PACKAGE_lighttpd-mod-authn_gssapi),)
+ CONFIGURE_ARGS+= --with-krb5
else
- CONFIGURE_ARGS+= \
- --without-mysql
+ CONFIGURE_ARGS+= --without-krb5
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_lighttpd-mod-authn_ldap),)
+ CONFIGURE_ARGS+= --with-ldap
+else
+ CONFIGURE_ARGS+= --without-ldap
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_lighttpd-mod-authn_mysql),)
+ CONFIGURE_ARGS+= --with-mysql
+else
+ CONFIGURE_ARGS+= --without-mysql
+endif
+
+#ifneq ($(SDK)$(CONFIG_PACKAGE_lighttpd-mod-geoip),)
+# CONFIGURE_ARGS+= --with-geoip
+#else
+# CONFIGURE_ARGS+= --without-geoip
+#endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_lighttpd-mod-cml)$(CONFIG_PACKAGE_lighttpd-mod-magnet),)
+ CONFIGURE_ARGS+= --with-lua
+else
+ CONFIGURE_ARGS+= --without-lua
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_lighttpd-mod-mysql_vhost),)
+ CONFIGURE_ARGS+= --with-mysql
+else
+ CONFIGURE_ARGS+= --without-mysql
+endif
+
+#ifneq ($(SDK)$(CONFIG_PACKAGE_lighttpd-mod-cml)$(CONFIG_PACKAGE_lighttpd-mod-trigger_b4_dl),)
+# CONFIGURE_ARGS+= --with-memcached
+#else
+# CONFIGURE_ARGS+= --without-memcached
+#endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_lighttpd-mod-trigger_b4_dl),)
+ CONFIGURE_ARGS+= --with-gdbm
+else
+ CONFIGURE_ARGS+= --without-gdbm
endif
ifneq ($(SDK)$(CONFIG_PACKAGE_lighttpd-mod-webdav),)
TITLE:=$(2) module
endef
+ ifneq ($(SDK)$(CONFIG_PACKAGE_lighttpd-mod-$(1)),)
define Package/lighttpd-mod-$(1)/install
$(INSTALL_DIR) $$(1)/usr/lib/lighttpd
$(CP) $(PKG_INSTALL_DIR)/usr/lib/lighttpd/mod_$(1).so $$(1)/usr/lib/lighttpd
echo 'server.modules += ( "mod_$(1)" )' > $$(1)/etc/lighttpd/conf.d/$(4)-$(1).conf ; \
fi
endef
+ endif
$$(eval $$(call BuildPackage,lighttpd-mod-$(1)))
endef
# Next, permit authentication.
$(eval $(call BuildPlugin,auth,Authentication,,20))
$(eval $(call BuildPlugin,authn_file,File-based authentication,,20))
+$(eval $(call BuildPlugin,authn_gssapi,Kerberos-based authentication,+PACKAGE_lighttpd-mod-authn_gssapi:krb5-libs,20))
+$(eval $(call BuildPlugin,authn_ldap,LDAP-based authentication,+PACKAGE_lighttpd-mod-authn_ldap:libopenldap,20))
+$(eval $(call BuildPlugin,authn_mysql,Mysql-based authentication,+PACKAGE_lighttpd-mod-authn_mysql:libmysqlclient,20))
# Finally, everything else.
$(eval $(call BuildPlugin,access,Access restrictions,,30))
$(eval $(call BuildPlugin,accesslog,Access logging,,30))
$(eval $(call BuildPlugin,alias,Directory alias,,30))
$(eval $(call BuildPlugin,cgi,CGI,,30))
-$(eval $(call BuildPlugin,cml,Cache Meta Language,+liblua,30))
+#$(eval $(call BuildPlugin,cml,Cache Meta Language,+PACKAGE_lighttpd-mod-cml:liblua +PACKAGE_lighttpd-mod-cml:libmemcached,30))
+$(eval $(call BuildPlugin,cml,Cache Meta Language,+PACKAGE_lighttpd-mod-cml:liblua,30))
$(eval $(call BuildPlugin,compress,Compress output,+PACKAGE_lighttpd-mod-compress:zlib,30))
+$(eval $(call BuildPlugin,deflate,Compress dynamic output,+PACKAGE_lighttpd-mod-deflate:zlib,30))
$(eval $(call BuildPlugin,evasive,Evasive,,30))
-$(eval $(call BuildPlugin,evhost,Exnhanced Virtual-Hosting,,30))
+$(eval $(call BuildPlugin,evhost,Enhanced Virtual-Hosting,,30))
$(eval $(call BuildPlugin,expire,Expire,,30))
$(eval $(call BuildPlugin,extforward,Extract client,,30))
$(eval $(call BuildPlugin,fastcgi,FastCGI,,30))
$(eval $(call BuildPlugin,flv_streaming,FLV streaming,,30))
-$(eval $(call BuildPlugin,magnet,Magnet,+liblua,30))
+#$(eval $(call BuildPlugin,geoip,Geolocation,+PACKAGE_lighttpd-mod-geoip:libgeoip,30))
+$(eval $(call BuildPlugin,magnet,Magnet,+PACKAGE_lighttpd-mod-magnet:liblua,30))
$(eval $(call BuildPlugin,mysql_vhost,Mysql virtual hosting,+PACKAGE_lighttpd-mod-mysql_vhost:libmysqlclient,30))
$(eval $(call BuildPlugin,proxy,Proxy,,30))
$(eval $(call BuildPlugin,rewrite,URL rewriting,+PACKAGE_lighttpd-mod-rewrite:libpcre,30))
$(eval $(call BuildPlugin,secdownload,Secure and fast download,,30))
$(eval $(call BuildPlugin,setenv,Environment variable setting,,30))
$(eval $(call BuildPlugin,simple_vhost,Simple virtual hosting,,30))
-$(eval $(call BuildPlugin,ssi,SSI,+libpcre,30))
+$(eval $(call BuildPlugin,ssi,SSI,+PACKAGE_lighttpd-mod-ssi:libpcre,30))
$(eval $(call BuildPlugin,status,Server status display,,30))
-$(eval $(call BuildPlugin,trigger_b4_dl,Trigger before download,+PACKAGE_lighttpd-mod-trigger_b4_dl:libpcre,30))
+#$(eval $(call BuildPlugin,trigger_b4_dl,Trigger before download,+PACKAGE_lighttpd-mod-trigger_b4_dl:libpcre +PACKAGE_lighttpd-mod-trigger_b4_dl:libgdbm +PACKAGE_lighttpd-mod-trigger_b4_dl:libmemcached,30))
+$(eval $(call BuildPlugin,trigger_b4_dl,Trigger before download,+PACKAGE_lighttpd-mod-trigger_b4_dl:libpcre +PACKAGE_lighttpd-mod-trigger_b4_dl:libgdbm,30))
$(eval $(call BuildPlugin,userdir,User directory,,30))
$(eval $(call BuildPlugin,usertrack,User tracking,,30))
$(eval $(call BuildPlugin,webdav,WebDAV,+PACKAGE_lighttpd-mod-webdav:libsqlite3 +PACKAGE_lighttpd-mod-webdav:libuuid +PACKAGE_lighttpd-mod-webdav:libxml2,30))
-server.modules = (
-)
-
server.document-root = "/www"
server.upload-dirs = ( "/tmp" )
server.errorlog = "/var/log/lighttpd/error.log"
index-file.names = ( "index.php", "index.html",
"index.htm", "default.htm",
- "index.lighttpd.html" )
+ )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
#server.bind = "localhost"
#server.tag = "lighttpd"
#server.errorlog-use-syslog = "enable"
-#server.network-backend = "write"
+#server.network-backend = "writev"
### Use IPv6 if available
#include_shell "/usr/share/lighttpd/use-ipv6.pl"
#dir-listing.encoding = "utf-8"
#server.dir-listing = "enable"
-include "/etc/lighttpd/mime.conf"
-include_shell "cat /etc/lighttpd/conf.d/*.conf"
+include "/etc/lighttpd/mime.conf"
+include "/etc/lighttpd/conf.d/*.conf"
service_stop /usr/sbin/lighttpd
}
+restart() {
+ /usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf || exit 1
+ stop
+ start
+}
+
PKG_NAME:=linuxptp
PKG_VERSION:=1.8
-PKG_RELEASE:=2
-PKG_REV:=891d56e4292653c5c19ac8345159a1f1f5b2df26
+PKG_RELEASE:=3
PKG_MAINTAINER:=Wojciech Dubowik <Wojciech.Dubowik@neratec.com>
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_SOURCE_URL:=git://git.code.sf.net/p/linuxptp/code
-PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=$(PKG_REV)
-PKG_SOURCE_PROTO:=git
-PKG_MD5SUM:=
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tgz
+PKG_SOURCE_URL:=@SF/$(PKG_NAME)/v$(PKG_VERSION)
+PKG_MD5SUM:=5688cdfe57932273e1dbf35b3b97b9a0
+PKG_HASH:=fa8e00f6ec73cefa7bb313dce7f60dfe5eb9e2bde3353594e9ac18edc93e5165
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYING
computers.
endef
+EXTRA_CFLAGS += -DHAVE_CLOCK_ADJTIME -DHAVE_POSIX_SPAWN -DHAVE_ONESTEP_SYNC
+
MAKE_VARS += \
- EXTRA_CFLAGS="$(TARGET_CFLAGS) $(TARGET_CPPFLAGS)"
+ EXTRA_CFLAGS="$(TARGET_CFLAGS) $(TARGET_CPPFLAGS) $(EXTRA_CFLAGS)"
define Package/linuxptp/install
$(INSTALL_DIR) $(1)/usr/sbin
include $(TOPDIR)/rules.mk
PKG_NAME:=mwan3
-PKG_VERSION:=2.1
-PKG_RELEASE:=4
-PKG_MAINTAINER:=Jeroen Louwes <jeroen.louwes@gmail.com>, \
- Florian Eckert <fe@dev.tdt.de>
+PKG_VERSION:=2.3
+PKG_RELEASE:=5
+PKG_MAINTAINER:=Florian Eckert <fe@dev.tdt.de>
PKG_LICENSE:=GPLv2
include $(INCLUDE_DIR)/package.mk
SUBMENU:=Routing and Redirection
DEPENDS:=+ip +ipset +iptables +iptables-mod-conntrack-extra +iptables-mod-ipopt
TITLE:=Multiwan hotplug script with connection tracking support
- MAINTAINER:=Jeroen Louwes <jeroen.louwes@gmail.com>, \
- Florian Eckert <fe@dev.tdt.de>
+ MAINTAINER:=Florian Eckert <fe@dev.tdt.de>
PKGARCH:=all
endef
define Package/mwan3/conffiles
/etc/config/mwan3
+/etc/mwan3.user
endef
define Build/Compile
[ -x /usr/sbin/ip6tables ] || exit 7
[ -x /usr/bin/logger ] || exit 8
-config_get family $INTERFACE family ipv4
+if [ "$ACTION" == "ifup" ]; then
+ config_get family $INTERFACE family ipv4
+ if [ "$family" = "ipv4" ]; then
+ ubus call network.interface.${INTERFACE}_4 status &>/dev/null
+ if [ "$?" -eq "0" ]; then
+ network_get_gateway gateway ${INTERFACE}_4
+ else
+ network_get_gateway gateway $INTERFACE
+ fi
+ elif [ "$family" = "ipv6" ]; then
+ ubus call network.interface.${INTERFACE}_6 status &>/dev/null
+ if [ "$?" -eq "0" ]; then
+ network_get_gateway6 gateway ${INTERFACE}_6
+ else
+ network_get_gateway6 gateway ${INTERFACE}
+ fi
+ fi
-if [ "$family" == "ipv4" ]; then
- network_get_gateway gateway $INTERFACE
-elif [ "$family" == "ipv6" ]; then
- network_get_gateway6 gateway $INTERFACE
+ [ -n "$gateway" ] || exit 9
fi
-[ -n "$gateway" ] || exit 9
-
$LOG notice "$ACTION interface $INTERFACE (${DEVICE:-unknown})"
mwan3_set_connected_iptables
--- /dev/null
+#!/bin/sh
+
+[ -f "/etc/mwan3.user" ] && {
+ . /lib/functions.sh
+
+ config_load mwan3
+ config_get enabled "$INTERFACE" enabled 0
+ [ "${enabled}" = "1" ] || exit 0
+ env -i ACTION="$ACTION" INTERFACE="$INTERFACE" DEVICE="$DEVICE" \
+ /bin/sh /etc/mwan3.user
+}
+
+exit 0
--- /dev/null
+#!/bin/sh
+#
+# This file is interpreted as shell script.
+# Put your custom mwan3 action here, they will
+# be executed with each netifd hotplug interface event
+# on interfaces for which mwan3 is enabled.
+#
+# There are three main environment variables that are passed to this script.
+#
+# $ACTION Either "ifup" or "ifdown"
+# $INTERFACE Name of the interface which went up or down (e.g. "wan" or "wwan")
+# $DEVICE Physical device name which interface went up or down (e.g. "eth0" or "wwan0")
if [ "$family" == "ipv4" ]; then
- network_get_ipaddr src_ip $1
+ ubus call network.interface.${1}_4 status &>/dev/null
+ if [ "$?" -eq "0" ]; then
+ network_get_ipaddr src_ip ${1}_4
+ else
+ network_get_ipaddr src_ip $1
+ fi
$IPS -! create mwan3_connected list:set
if [ "$family" == "ipv6" ]; then
- network_get_ipaddr6 src_ipv6 $1
+ ubus call network.interface.${1}_6 status &>/dev/null
+ if [ "$?" -eq "0" ]; then
+ network_get_ipaddr6 src_ipv6 ${1}_6
+ else
+ network_get_ipaddr6 src_ipv6 $1
+ fi
$IPS -! create mwan3_connected_v6 hash:net family inet6
[ -n "$id" ] || return 0
if [ "$family" == "ipv4" ]; then
+ ubus call network.interface.${1}_4 status &>/dev/null
+ if [ "$?" -eq "0" ]; then
+ network_get_gateway route_args ${1}_4
+ else
+ network_get_gateway route_args $1
+ fi
- network_get_gateway route_args $1
route_args="via $route_args dev $2"
$IP4 route flush table $id
if [ "$family" == "ipv6" ]; then
- network_get_gateway6 route_args $1
+ ubus call network.interface.${1}_6 status &>/dev/null
+ if [ "$?" -eq "0" ]; then
+ network_get_gateway6 route_args ${1}_6
+ else
+ network_get_gateway6 route_args $1
+ fi
+
route_args="via $route_args dev $2"
$IP6 route flush table $id
echo "$$" > /var/run/mwan3track-$1.pid
score=$(($7+$8))
-track_ips=$(echo $* | cut -d ' ' -f 9-99)
+track_ips=$(echo $* | cut -d ' ' -f 10-99)
host_up_count=0
lost=0
include $(TOPDIR)/rules.mk
PKG_NAME:=openssh
-PKG_VERSION:=7.4p1
+PKG_VERSION:=7.5p1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://ftp.spline.de/pub/OpenBSD/OpenSSH/portable/ \
- https://anorien.csc.warwick.ac.uk/pub/OpenBSD/OpenSSH/portable/ \
- https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
-PKG_MD5SUM:=b2db2a83caf66a208bb78d6d287cdaa3
+PKG_SOURCE_URL:=https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
+ https://ftp.spline.de/pub/OpenBSD/OpenSSH/portable/ \
+ https://anorien.csc.warwick.ac.uk/pub/OpenBSD/OpenSSH/portable/
+PKG_HASH:=9846e3c5fab9f0547400b4d2c017992f914222b3fd1f8eee6c7dc6bc5e59f9f0
PKG_LICENSE:=BSD ISC
PKG_LICENSE_FILES:=LICENCE
--- /dev/null
+--- a/ssh_config
++++ b/ssh_config
+@@ -48,3 +48,6 @@
+ # VisualHostKey no
+ # ProxyCommand ssh -q -W %h:%p gateway.example.com
+ # RekeyLimit 1G 1h
++
++# enable DSCP QoS values (per RFC-4594)
++#IPQoS AF21 AF11
+--- a/sshd_config
++++ b/sshd_config
+@@ -107,6 +107,9 @@ AuthorizedKeysFile .ssh/authorized_keys
+ # no default banner path
+ #Banner none
+
++# enable DSCP QoS values (per RFC-4594)
++#IPQoS AF21 AF11
++
+ # override default of no subsystems
+ Subsystem sftp /usr/libexec/sftp-server
+
+++ /dev/null
---- a/includes.h
-+++ b/includes.h
-@@ -60,6 +60,9 @@
- /*
- *-*-nto-qnx needs these headers for strcasecmp and LASTLOG_FILE respectively
- */
-+#ifdef HAVE_STRING_H
-+# include <string.h>
-+#endif
- #ifdef HAVE_STRINGS_H
- # include <strings.h>
- #endif
+++ /dev/null
---- a/auth-pam.c
-+++ b/auth-pam.c
-@@ -159,7 +159,7 @@ sshpam_sigchld_handler(int sig)
- }
- if (WIFSIGNALED(sshpam_thread_status) &&
- WTERMSIG(sshpam_thread_status) == SIGTERM)
-- return; /* terminated by pthread_cancel */
-+ return; /* terminated by pthread2_cancel */
- if (!WIFEXITED(sshpam_thread_status))
- sigdie("PAM: authentication thread exited unexpectedly");
- if (WEXITSTATUS(sshpam_thread_status) != 0)
-@@ -168,14 +168,14 @@ sshpam_sigchld_handler(int sig)
-
- /* ARGSUSED */
- static void
--pthread_exit(void *value)
-+pthread2_exit(void *value)
- {
- _exit(0);
- }
-
- /* ARGSUSED */
- static int
--pthread_create(sp_pthread_t *thread, const void *attr,
-+pthread2_create(sp_pthread_t *thread, const void *attr,
- void *(*thread_start)(void *), void *arg)
- {
- pid_t pid;
-@@ -201,7 +201,7 @@ pthread_create(sp_pthread_t *thread, con
- }
-
- static int
--pthread_cancel(sp_pthread_t thread)
-+pthread2_cancel(sp_pthread_t thread)
- {
- signal(SIGCHLD, sshpam_oldsig);
- return (kill(thread, SIGTERM));
-@@ -209,7 +209,7 @@ pthread_cancel(sp_pthread_t thread)
-
- /* ARGSUSED */
- static int
--pthread_join(sp_pthread_t thread, void **value)
-+pthread2_join(sp_pthread_t thread, void **value)
- {
- int status;
-
-@@ -510,7 +510,7 @@ sshpam_thread(void *ctxtp)
- /* XXX - can't do much about an error here */
- ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer);
- buffer_free(&buffer);
-- pthread_exit(NULL);
-+ pthread2_exit(NULL);
-
- auth_fail:
- buffer_put_cstring(&buffer,
-@@ -521,7 +521,7 @@ sshpam_thread(void *ctxtp)
- else
- ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer);
- buffer_free(&buffer);
-- pthread_exit(NULL);
-+ pthread2_exit(NULL);
-
- return (NULL); /* Avoid warning for non-pthread case */
- }
-@@ -533,8 +533,8 @@ sshpam_thread_cleanup(void)
-
- debug3("PAM: %s entering", __func__);
- if (ctxt != NULL && ctxt->pam_thread != 0) {
-- pthread_cancel(ctxt->pam_thread);
-- pthread_join(ctxt->pam_thread, NULL);
-+ pthread2_cancel(ctxt->pam_thread);
-+ pthread2_join(ctxt->pam_thread, NULL);
- close(ctxt->pam_psock);
- close(ctxt->pam_csock);
- memset(ctxt, 0, sizeof(*ctxt));
-@@ -698,7 +698,7 @@ sshpam_init_ctx(Authctxt *authctxt)
- }
- ctxt->pam_psock = socks[0];
- ctxt->pam_csock = socks[1];
-- if (pthread_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt) == -1) {
-+ if (pthread2_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt) == -1) {
- error("PAM: failed to start authentication thread: %s",
- strerror(errno));
- close(socks[0]);
+++ /dev/null
---- a/ssh_config
-+++ b/ssh_config
-@@ -46,3 +46,6 @@
- # VisualHostKey no
- # ProxyCommand ssh -q -W %h:%p gateway.example.com
- # RekeyLimit 1G 1h
-+
-+# enable DSCP QoS values (per RFC-4594)
-+#IPQoS AF21 AF11
---- a/sshd_config
-+++ b/sshd_config
-@@ -122,6 +122,9 @@ UsePrivilegeSeparation sandbox # Defaul
- # no default banner path
- #Banner none
-
-+# enable DSCP QoS values (per RFC-4594)
-+#IPQoS AF21 AF11
-+
- # override default of no subsystems
- Subsystem sftp /usr/libexec/sftp-server
-
--- /dev/null
+# Copyright (c) 2017 Stan Grishin (stangri@melmac.net)
+# This is free software, licensed under the GNU General Public License v3.
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=simple-adblock
+PKG_VERSION:=1.5.6
+PKG_RELEASE:=6
+PKG_LICENSE:=GPL-3.0+
+PKG_MAINTAINER:=Stan Grishin <stangri@melmac.net>
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/$(PKG_NAME)
+ SECTION:=net
+ CATEGORY:=Network
+ TITLE:=Simple AdBlock Service
+ PKGARCH:=all
+endef
+
+define Package/$(PKG_NAME)/description
+This service provides dnsmasq-based ad blocking.
+Please see the README for further information.
+
+endef
+
+define Package/$(PKG_NAME)/conffiles
+/etc/config/simple-adblock
+endef
+
+define Build/Prepare
+ mkdir -p $(PKG_BUILD_DIR)/files/
+ $(CP) ./files/simple-adblock.init $(PKG_BUILD_DIR)/files/simple-adblock.init
+ sed -i "s|^\(PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" $(PKG_BUILD_DIR)/files/simple-adblock.init
+endef
+
+define Build/Configure
+endef
+
+define Build/Compile
+endef
+
+define Package/$(PKG_NAME)/install
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/files/simple-adblock.init $(1)/etc/init.d/simple-adblock
+ $(INSTALL_DIR) $(1)/etc/config
+ $(INSTALL_CONF) ./files/simple-adblock.conf $(1)/etc/config/simple-adblock
+endef
+
+$(eval $(call BuildPackage,$(PKG_NAME)))
--- /dev/null
+# Simple AdBlock
+A simple DNSMASQ-based AdBlocking service for OpenWrt/LEDE Project. Loosely based on [bole5's](https://forum.openwrt.org/profile.php?id=45571) idea with major performance improvements, added features and Web UI (as a separate package); inspired by @dibdot's innovation.
+
+## Features
+- Supports OpenWrt Designated Driver and LEDE Project.
+- Super-fast due to the nature of supported block lists and backgrounding of already downloaded data while next list is downloading.
+- Supports both hosts files and domains lists for blocking (to keep it lean and fast).
+- Everything is configurable from Web UI.
+- Allows you to easily add your own domains to whitelist or blacklist.
+- Allows you to easily add URLs to your own blocked hosts or domains lists to block/whitelist (just put whitelisted domains one per line).
+- Requires no configuration for the download utility wherever you want to use wget/libopenssl or uclient-fetch/libustream-mbedtls.
+- Installs dependencies automatically (DD/LEDE-default uclient-fetch libustream-mbedtls).
+- Doesn't stay in memory -- creates the list of blocked domains and then uses DNSMASQ and firewall rules to serve "domain not found reply".
+- As some of the default lists are using https, reliably works with either wget/libopenssl or uclient-fetch/libustream-mbedtls.
+- Very lightweight and easily hackable, the whole script is just one /etc/init.d/simple-adblock file.
+- Logs single entry in the system log with the number of blocked domains if verbosity is set to 0.
+- Retains the downloaded/sorted adblocking list on service stop and reuses it on service start (use reload if you want to force re-download of the list).
+- Blocks ads served over https.
+- Proudly made in Canada, using locally-sourced electrons.
+
+If you want a more robust AdBlocking, supporting free memory detection and complex block lists, check out [@dibdot's adblock](https://github.com/openwrt/packages/tree/master/net/adblock/files).
+
+
+## Screenshot (luci-app-simple-adblock)
+![screenshot](https://raw.githubusercontent.com/stangri/screenshots/master/simple-adblock/screenshot04.png "screenshot")
+
+
+## Requirements
+This service requires the following packages to be installed on your router: ```dnsmasq``` or ```dnsmasq-full``` and either ```wget``` and ```libopenssl``` (for OpenWrt CC 15.05.1) or ```uclient-fetch``` and ```libustream-mbedtls``` (for OpenWrt DD trunk and all LEDE Project release and snapshot builds). Additionally installation of ```coreutils-sort``` is highly recommended as it speeds up blocklist processing.
+
+To satisfy the requirements for connect to your router via ssh and run the following commands:
+###### OpenWrt CC 15.05.1
+```sh
+opkg update; opkg install wget libopenssl coreutils-sort dnsmasq
+```
+
+###### LEDE Project and OpenWrt DD trunk
+```sh
+opkg update; opkg install uclient-fetch libustream-mbedtls coreutils-sort dnsmasq
+```
+
+###### IPv6 Support
+For IPv6 support additionally install ```ip6tables-mod-nat``` and ```kmod-ipt-nat6``` packages from Web UI or run the following in the command line:
+```sh
+opkg update; opkg install ip6tables-mod-nat kmod-ipt-nat6
+```
+
+###### Speed up blocklist processing with coreutils-sort
+The ```coreutils-sort``` is an optional, but recommended package as it speeds up sorting and removing duplicates from the merged list dramatically. If opkg complains that it can't install ```coreutils-sort``` because /usr/bin/sort is already provided by busybox, you can run ```opkg --force-overwrite install coreutils-sort```.
+
+
+#### Unmet dependencies
+If you are running a development (trunk/snapshot) build of OpenWrt/LEDE Project on your router and your build is outdated (meaning that packages of the same revision/commit hash are no longer available and when you try to satisfy the [requirements](#requirements) you get errors), please flash either current LEDE release image or current development/snapshot image.
+
+
+## How to install
+Install ```simple-adblock``` and ```luci-app-simple-adblock``` packages from Web UI or run the following in the command line:
+```sh
+opkg update; opkg install simple-adblock luci-app-simple-adblock
+```
+
+If ```simple-adblock``` and ```luci-app-simple-adblock``` packages are not found in the official feed/repo for your version of OpenWrt/LEDE Project, you will need to [add a custom repo to your router](#add-custom-repo-to-your-router) first.
+
+
+#### Add custom repo to your router
+If your router is not set up with the access to repository containing these packages you will need to add custom repository to your router by connecting to your router via ssh and running the following commands:
+```sh
+echo -e -n 'untrusted comment: public key 7ffc7517c4cc0c56\nRWR//HUXxMwMVnx7fESOKO7x8XoW4/dRidJPjt91hAAU2L59mYvHy0Fa\n' > /tmp/stangri-repo.pub && opkg-key add /tmp/stangri-repo.pub
+! grep -q 'stangri_repo' /etc/opkg/customfeeds.conf && echo 'src/gz stangri_repo https://raw.githubusercontent.com/stangri/openwrt-repo/master' >> /etc/opkg/customfeeds.conf
+opkg update
+```
+
+
+#### Default Settings
+Default configuration has service disabled (use Web UI to enable/start service or run ```uci set simple-adblock.config.enabled=1```) and selected ad/malware lists suitable for routers with 64Mb RAM. The configuration file has lists in descending order starting with biggest ones, comment out or delete the lists you don't want or your router can't handle.
+
+
+## How to customize
+You can use Web UI (found in Services/Simple AdBlock) to add/remove/edit links to:
+- hosts files (127.0.0.1 or 0.0.0.0 followed by space and domain name per line) to be blocked.
+- domains lists (one domain name per line) to be blocked.
+- domains lists (one domain name per line) to be whitelisted. It is useful if you want to run simple-adblock on multiple routers and maintain one centralized whitelist which you can publish on a web-server.
+
+Please note that these lists **have** to include either ```http://``` or ```https://``` prefix. Some of the top block lists (both hosts files and domains lists) suitable for routers with at least 8MB RAM are used in the default simple-adblock installation.
+
+You can also use Web UI to add individual domains to be blocked or whitelisted.
+
+If you want to use CLI to customize simple-adblock config, you can probably figure out how to do it by looking at the contents of ```/etc/config/simple-adblock``` or output of the ```uci show simple-adblock``` command.
+
+## How does it work
+This service downloads (and processes in the background, removing comments and other useless data) lists of hosts and domains to be blocked, combines those lists into one big block list, removes duplicates and sorts it and then removes your whitelisted domains from the block list before converting to to dnsmasq-compatible file and restarting dnsmasq. The result of the process is that dnsmasq returns "domain not found" for the blocked domains.
+
+If you specify ```google.com``` as a domain to be whitelisted, you will have access to ```google.com```, ```www.google.com```, ```analytics.google.com```, but not fake domains like ```email-google.com``` or ```drive.google.com.verify.signin.normandeassociation.com``` for example. If you only want to allow ```www.google.com``` while blocking all other ```google.com``` subdomains, just specify ```www.google.com``` as domain to be whitelisted.
+
+In general, whatever domain is specified to be whitelisted; it, along with with its subdomains will be whitelisted, but not any fake domains containing it.
+
+## Documentation / Discussion
+Please head to [OpenWrt Forum](https://forum.openwrt.org/viewtopic.php?pid=307950) or [LEDE Project Forum](https://forum.lede-project.org/t/simple-adblock-fast-lightweight-and-fully-uci-luci-configurable-ad-blocking/) for discussion of this package.
+
+## What's New
+1.5.6:
+- Better handling of service start/enable from Web UI and enabled flag management.
+
+1.5.5:
+- Implemented support to set one of the router LEDs on/off based on the AdBlocking status.
+- Fixed the output bug when verbosity=1.
+
+1.5.3:
+- No longer using enabled in config file, Simple AdBlocking Web UI now enables/disables service directly.
+
+1.5.1:
+- Reworked console/system log output logic and formatting.
+
+1.5.0:
+- Processes already downloaded lists in the background while downloading next list from config, dramatically increasing overall speed.
+
+1.0.0:
+- Initial release
--- /dev/null
+config simple-adblock 'config'
+ option enabled '0'
+ option verbosity '2'
+ option force_dns '1'
+ option run_in_background '1'
+ option hosts_file '/var/dnsmasq.d/simple-adblock'
+ list whitelist_domain 'raw.githubusercontent.com'
+# list blacklist_hosts_url 'http://support.it-mate.co.uk/downloads/hosts.txt'
+# list blacklist_hosts_url 'http://hostsfile.mine.nu/Hosts'
+# list blacklist_hosts_url 'http://hosts-file.net/.\ad_servers.txt'
+# list blacklist_hosts_url 'http://sysctl.org/cameleon/hosts.win'
+ list blacklist_hosts_url 'http://www.mvps.org/winhelp2002/hosts.txt'
+ list blacklist_hosts_url 'http://pgl.yoyo.org/as/serverlist.php?hostformat=hosts&showintro=1&mimetype=plaintext'
+ list blacklist_hosts_url 'http://www.malwaredomainlist.com/hostslist/hosts.txt'
+ list blacklist_hosts_url 'https://adaway.org/hosts.txt'
+ list blacklist_hosts_url 'http://someonewhocares.org/hosts/hosts'
+ list blacklist_hosts_url 'https://zeustracker.abuse.ch/blocklist.php?download=hostfile'
+ list blacklist_domains_url 'http://mirror1.malwaredomains.com/files/justdomains'
+ list blacklist_domains_url 'https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt'
+ list blacklist_domains_url 'https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt'
+ list blacklist_domains_url 'https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt'
+ list blacklist_domains_url 'https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt'
+ list blacklist_domains_url 'https://gitlab.com/gwillem/public-snippets/snippets/28813/raw'
+ list blacklist_domains_url 'http://dshield.org/feeds/suspiciousdomains_High.txt'
+# list blacklist_domains_url 'http://dshield.org/feeds/suspiciousdomains_Medium.txt'
+# list blacklist_domains_url 'http://dshield.org/feeds/suspiciousdomains_Low.txt'
--- /dev/null
+#!/bin/sh /etc/rc.common
+PKG_VERSION=
+
+export START=94
+export USE_PROCD=1
+#PROCD_DEBUG=1
+
+readonly A_TMP='/var/hosts.allowed.tmp'
+readonly B_TMP='/var/hosts.blocked.tmp'
+readonly T_TMP='/var/simple-adblock.hosts'
+readonly dl='wget --no-check-certificate -qO-'
+readonly h_filter='/localhost/d;/^#/d;/^$/d;/^[^0-9]/d;s/^0\.0\.0\.0.//;s/^127\.0\.0\.1.//;s/[[:space:]]*#.*$//;s/[[:cntrl:]]$//;s/[[:space:]]//g;'
+readonly d_filter='/localhost/d;/^#/d;/^$/d;s/[[:space:]]*#.*$//;s/[[:space:]]*$//;s/[[:cntrl:]]$//;/[[:space:]]/d;/^</d;'
+readonly f_filter='s|^|local=/|;s|$|/|'
+readonly _ok_='\033[0;32m\xe2\x9c\x93\033[0m'
+readonly _fail_='\033[0;31m\xe2\x9c\x97\033[0m'
+readonly __ok__='\033[0;32m[\xe2\x9c\x93]\033[0m'
+readonly __fail__='\033[0;31m[\xe2\x9c\x97]\033[0m'
+readonly _error_='\033[0;31mERROR\033[0m'
+
+export verbosity=2 force_dns=1 bgrun=0 hosts_file='/var/dnsmasq.d/simple-adblock' led wan_if wan_gw wanphysdev
+
+ok() { case $verbosity in 1) output "$_ok_";; 2) output "$__ok__\n";; esac; }
+okn() { case $verbosity in 1) output "$_ok_\n";; 2) output "$__ok__\n";; esac; }
+fail() { case $verbosity in 1) output "$_fail_";; 2) output "$__fail__\n";; esac; }
+failn() { case $verbosity in 1) output "$_fail_\n";; 2) output "$__fail__\n";; esac; }
+output() { [[ $# -ne 1 ]] && { [[ ! $((verbosity & $1)) -gt 0 ]] && return 0 || shift; }; local msg; msg=$(echo -n "${1/$p_name /service }" | sed 's|\\033\[[0-9]\?;\?[0-9]\?[0-9]\?m||g'); [[ -t 1 ]] && echo -e -n "$1"; [[ $(echo -e -n "$msg" | wc -l) -gt 0 ]] && logger -t "${PKG_NAME:-service} [$$]" "$(echo -e -n ${logmsg}${msg})" && logmsg='' || logmsg=${logmsg}${msg}; }
+PKG_NAME="${PKG_NAME:-simple-adblock}"; p_name="${PKG_NAME} ${PKG_VERSION}"
+
+led_on(){ [[ -n "$led" && -e "$led/trigger" ]] && echo "default-on" > "$led/trigger"; }
+led_off(){ [[ -n "$led" && -e "$led/trigger" ]] && echo "none" > "$led/trigger"; }
+
+is_enabled () {
+ local c=1 enabled
+ config_load $PKG_NAME
+ config_get_bool enabled 'config' 'enabled' 1
+ config_get_bool bgrun 'config' 'run_in_background' 0
+ config_get_bool force_dns 'config' 'force_dns' 1
+ config_get verbosity 'config' 'verbosity' '2'
+ config_get hosts_file 'config' 'hosts_file' '/var/dnsmasq.d/simple-adblock'
+ config_get led 'config' 'led'
+ led="${led:+/sys/class/leds/$led}"
+ [[ $enabled -gt 0 ]] || { output "$_error_: $p_name is not enabled.\n"; return 1; }
+ source /lib/functions/network.sh
+ while : ; do
+ network_find_wan wan_if; [ -n "$wan_if" ] && network_get_gateway wan_gw $wan_if;
+ [[ $c -ge 25 || -n "$wan_gw" ]] && break
+ output "$p_name waiting for wan gateway...\n"; sleep 2; network_flush_cache; let "c+=1";
+ done
+ [ -n "$wan_gw" ] && return 0 || { output "$_error_: $p_name failed to discover WAN gateway.\n"; return 1; }
+}
+
+reset_iptables() {
+ [[ $force_dns -eq 0 ]] && return 0
+ [ -z "$PKG_NAME" ] && return 1
+ iptables-save | grep -Fv -- "$PKG_NAME" | iptables-restore
+ lsmod | grep -q ip6table_nat && ip6tables-save | grep -Fv -- "$PKG_NAME" | ip6tables-restore
+ [ ! "$1" == "quiet" ] && output 'No longer forcing local DNS server.\n'
+}
+
+set_iptables() {
+ local ip ipv6 label ipv6wan brname
+ network_get_ipaddr ip lan; network_get_ipaddr6 ipv6 lan; network_get_device brname lan; network_get_physdev wanphysdev wan;
+ ipv6wan=$(ifconfig $wanphysdev | grep inet6 | awk '{print $3}')
+
+ if [[ $force_dns -ne 0 ]]; then
+ [ -n "$ip" ] && iptables -t nat -A prerouting_rule -i $brname -p tcp --dport 53 -j DNAT --to $ip -m comment --comment "$PKG_NAME"
+ [ -n "$ip" ] && iptables -t nat -A prerouting_rule -i $brname -p udp --dport 53 -j DNAT --to $ip -m comment --comment "$PKG_NAME"
+ if [[ -n "$ipv6" && -n "$ipv6wan" ]] && lsmod | grep -q ip6table_nat; then
+ ip6tables -t nat -A PREROUTING -i $brname -p tcp --dport 53 -j DNAT --to-destination [$ipv6] -m comment --comment "$PKG_NAME"
+ ip6tables -t nat -A PREROUTING -i $brname -p udp --dport 53 -j DNAT --to-destination [$ipv6] -m comment --comment "$PKG_NAME"
+ label="$ip/$ipv6"
+ else
+ label="$ip"
+ fi
+ [ -n "$label" ] && output "Forcing local DNS server: $label.\n" || output "$_error_: $p_name failed to obtain LAN IP address for DNS forcing!\n"
+ fi
+}
+
+stop_adblocking () {
+ [ -f $hosts_file ] && mv $hosts_file $T_TMP
+ output 3 "Restarting dnsmasq "
+ led_off
+ /etc/init.d/dnsmasq restart >/dev/null 2>&1
+ [[ $? -eq 0 ]] && { okn; output "$p_name stopped.\n"; } || { failn; output "$_error_: $p_name failed to reload dnsmasq!\n"; }
+}
+
+process_url() {
+ local label type D_TMP R_TMP
+ [[ -n "$1" && -n "$2" && -n "$3" ]] || return 1
+ local url=$1
+ [ "$2" == "hosts" ] && label="Hosts: $(echo $1 | cut -d'/' -f3)" filter="$h_filter" || label="Domains: $(echo $1 | cut -d'/' -f3)" filter="$d_filter"
+ [ "$3" == "blocked" ] && { type='Blocked'; D_TMP="$B_TMP"; } || { type='Allowed'; D_TMP="$A_TMP"; }
+ R_TMP="/var/simple-adblock_$(head /dev/urandom | tr -dc 'A-Za-z0-9' | head -c10)"
+ while [ -e "$R_TMP" ]; do R_TMP="/var/simple-adblock_$(head /dev/urandom | tr -dc 'A-Za-z0-9' | head -c10)"; done
+ touch "$R_TMP"
+ output 2 "[DL] $type $label "
+ $dl "${url}" > "$R_TMP" && ok || fail
+ { sed -i "$filter" "$R_TMP"; cat "$R_TMP" >> "$D_TMP"; rm -f "$R_TMP"; } &
+}
+
+start_adblocking () {
+ local whitelist_domains blacklist_domains whitelist_domains_urls blacklist_domains_urls blacklist_hosts_urls
+ config_get whitelist_domains 'config' 'whitelist_domain'
+ config_get blacklist_domains 'config' 'blacklist_domain'
+ config_get whitelist_domains_urls 'config' 'whitelist_domains_url'
+ config_get blacklist_domains_urls 'config' 'blacklist_domains_url'
+ config_get blacklist_hosts_urls 'config' 'blacklist_hosts_url'
+
+ local hf w_filter
+
+ [ ! -d ${hosts_file%/*} ] && mkdir -p ${hosts_file%/*}
+ if [[ -s $T_TMP && ! "$1" == "reload" ]]; then
+ output 3 'Found existing data file, reusing it '
+ mv $T_TMP $hosts_file && okn || failn
+ else
+ [ -f $A_TMP ] && rm -f $A_TMP; [ -f $B_TMP ] && rm -f $B_TMP; [ -f $T_TMP ] && rm -f $T_TMP; [ -f $hosts_file ] && rm -f $hosts_file
+ touch $A_TMP; touch $B_TMP; touch $T_TMP;
+
+ if [ -n "$blacklist_hosts_urls" ]; then
+ output 1 '[DL] Blocked Hosts '
+ for hf in ${blacklist_hosts_urls}; do process_url "$hf" 'hosts' 'blocked'; done
+ output 1 '\n'
+ fi
+
+ if [ -n "$blacklist_domains_urls" ]; then
+ output 1 '[DL] Blocked Domains '
+ for hf in ${blacklist_domains_urls}; do process_url "$hf" 'domains' 'blocked'; done
+ output 1 '\n'
+ fi
+
+ if [ -n "$whitelist_domains_urls" ]; then
+ output 1 '[DL] Allowed Domains '
+ for hf in ${whitelist_domains_urls}; do process_url "$hf" 'domains' 'allowed'; done
+ output 1 '\n'
+ fi
+ output 3 'Waiting for background processes '
+ wait && okn
+
+ [ -n "$blacklist_domains" ] && for hf in ${blacklist_domains}; do echo "$hf" | sed "$d_filter" >> $B_TMP; done
+ whitelist_domains="${whitelist_domains}"$'\n'"$(cat $A_TMP)"
+ [ -n "$whitelist_domains" ] && for hf in ${whitelist_domains}; do hf=$(echo $hf | sed 's/\./\\./g'); w_filter="$w_filter/^${hf}$/d;/\\.${hf}$/d;"; done
+
+ if [ -s $B_TMP ]; then
+ output 1 'Processing downloads '
+ output 2 'Sorting merged file '; sort $B_TMP | uniq > $T_TMP && ok || fail
+ output 2 'Whitelisting domains '; sed -i "$w_filter" $T_TMP && ok || fail
+ output 2 'Formatting merged file '; sed "$f_filter" $T_TMP > $hosts_file && ok || fail
+ output 1 '\n'
+
+ output 3 'Removing temporary files '
+ [ -f $A_TMP ] && rm -f $A_TMP; [ -f $B_TMP ] && rm -f $B_TMP; [ -f $T_TMP ] && rm -f $T_TMP;
+ okn
+ fi
+ fi
+
+ if [ -s $hosts_file ]; then
+ output 3 'Restarting dnsmasq '
+ /etc/init.d/dnsmasq restart >/dev/null 2>&1
+ if [[ $? -eq 0 ]]; then
+ led_on; okn;
+ output "$p_name blocking $(wc -l < $hosts_file) domains $_ok_\n"
+ else
+ failn; output "$_error_: $p_name failed to reload dnsmasq!\n";
+ exit 1
+ fi
+ else
+ output "$_error_: $p_name failed to create its data file!\n"
+ exit 1
+ fi
+}
+
+boot() { sleep 10; rc_procd start_service; rc_procd service_triggers; }
+
+reload_service () {
+ is_enabled || return 1
+ [[ -t 1 && $bgrun -eq 1 ]] && (start_adblocking 'reload' | cat &) || start_adblocking 'reload'
+}
+
+start_service () {
+ is_enabled || return 1
+
+ procd_open_instance
+ procd_set_param stdout 1
+ procd_set_param stderr 1
+ procd_close_instance
+
+ reset_iptables quiet
+ set_iptables
+ [[ -t 1 && $bgrun -eq 1 ]] && (start_adblocking $1 | cat &) || start_adblocking $1
+}
+
+stop_service () {
+ is_enabled || return 1
+ reset_iptables
+ [[ -t 1 && $bgrun -eq 1 ]] && (stop_adblocking | cat &) || stop_adblocking
+}
+
+service_triggers () {
+ procd_add_reload_trigger 'simple-adblock'
+}
#
-# Copyright (C) 2009-2014 OpenWrt.org
+# Copyright (C) 2009-2017 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=sslh
-PKG_VERSION:=v1.17
-PKG_RELEASE:=2
+PKG_VERSION:=v1.18
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://rutschle.net/tech/
-PKG_MD5SUM:=1fc3ada4bafaca5a9786cc1431f48ed4
+PKG_SOURCE_URL:=http://rutschle.net/tech/sslh/
+PKG_MD5SUM:=0e3568d5d234516c634d4df156473298
PKG_LICENSE:=GPL-2.0+
PKG_LICENSE_FILES:=COPYING
CC="$(TARGET_CC)" \
CFLAGS="$(TARGET_CFLAGS)" \
LDFLAGS="$(TARGET_LDFLAGS)" \
+ ENABLE_REGEX= \
USELIBCONFIG= \
USELIBWRAP= \
USELIBPCRE= \
#!/bin/sh /etc/rc.common
-# Copyright (C) 2009-2012 OpenWrt.org
+# Copyright (C) 2009-2017 OpenWrt.org
START=95
+diff --git a/Makefile b/Makefile
+index b1cf9ce..28f90c3 100644
--- a/Makefile
+++ b/Makefile
-@@ -45,16 +45,12 @@ all: sslh $(MAN) echosrv
+@@ -65,16 +65,12 @@ all: sslh $(MAN) echosrv
version.h:
./genver.sh >version.h
- $(CC) $(CFLAGS) $(LDFLAGS) -o sslh-select sslh-select.o $(OBJS) $(LIBS)
- #strip sslh-select
-
- echosrv: $(OBJS) echosrv.o
- $(CC) $(CFLAGS) $(LDFLAGS) -o echosrv echosrv.o probe.o common.o $(LIBS)
+ systemd-sslh-generator: systemd-sslh-generator.o
+ $(CC) $(CFLAGS) $(LDFLAGS) -o systemd-sslh-generator systemd-sslh-generator.o -lconfig
-@@ -85,7 +81,7 @@ distclean: clean
+@@ -110,7 +106,7 @@ distclean: clean
rm -f tags cscope.*
clean:
-- rm -f sslh-fork sslh-select echosrv version.h $(MAN) *.o *.gcov *.gcno *.gcda *.png *.html *.css *.info
-+ rm -f sslh-fork echosrv version.h $(MAN) *.o *.gcov *.gcno *.gcda *.png *.html *.css *.info
+- rm -f sslh-fork sslh-select echosrv version.h $(MAN) systemd-sslh-generator *.o *.gcov *.gcno *.gcda *.png *.html *.css *.info
++ rm -f sslh-fork echosrv version.h $(MAN) systemd-sslh-generator *.o *.gcov *.gcno *.gcda *.png *.html *.css *.info
tags:
ctags --globals -T *.[ch]
+++ /dev/null
-From 3aefaf300478cd6fbc4892d5baaf70521ed323af Mon Sep 17 00:00:00 2001
-From: Yves Rutschle <git1@rutschle.net>
-Date: Thu, 9 Jul 2015 15:31:42 +0200
-Subject: [PATCH] Added Makefile option to build without libpcre
-
----
---- a/Makefile
-+++ b/Makefile
-@@ -2,6 +2,7 @@
-
- VERSION=$(shell ./genver.sh -r)
- USELIBCONFIG=1 # Use libconfig? (necessary to use configuration files)
-+USELIBPCRE=1 # Use libpcre? (necessary to use regex probe)
- USELIBWRAP?= # Use libwrap?
- USELIBCAP= # Use libcap?
- COV_TEST= # Perform test coverage?
-@@ -27,6 +28,10 @@ ifneq ($(strip $(USELIBWRAP)),)
- CPPFLAGS+=-DLIBWRAP
- endif
-
-+ifneq ($(strip $(USELIBPCRE)),)
-+ CPPFLAGS+=-DLIBPCRE
-+endif
-+
- ifneq ($(strip $(USELIBCONFIG)),)
- LIBS:=$(LIBS) -lconfig
- CPPFLAGS+=-DLIBCONFIG
---- a/probe.c
-+++ b/probe.c
-@@ -21,7 +21,9 @@
-
- #define _GNU_SOURCE
- #include <stdio.h>
-+#ifdef LIBPCRE
- #include <regex.h>
-+#endif
- #include <ctype.h>
- #include "probe.h"
-
-@@ -226,6 +228,7 @@ static int is_tls_protocol(const char *p
-
- static int regex_probe(const char *p, int len, struct proto *proto)
- {
-+#ifdef LIBPCRE
- regex_t **probe = proto->data;
- regmatch_t pos = { 0, len };
-
-@@ -233,6 +236,11 @@ static int regex_probe(const char *p, in
- /* try them all */;
-
- return (*probe != NULL);
-+#else
-+ /* Should never happen as we check when loading config file */
-+ fprintf(stderr, "FATAL: regex probe called but not built in\n");
-+ exit(5);
-+#endif
- }
-
- /*
---- a/sslh-main.c
-+++ b/sslh-main.c
-@@ -25,7 +25,9 @@
- #ifdef LIBCONFIG
- #include <libconfig.h>
- #endif
-+#ifdef LIBPCRE
- #include <regex.h>
-+#endif
-
- #include "common.h"
- #include "probe.h"
-@@ -174,6 +176,7 @@ static int config_listen(config_t *confi
- #ifdef LIBCONFIG
- static void setup_regex_probe(struct proto *p, config_setting_t* probes)
- {
-+#ifdef LIBPCRE
- int num_probes, errsize, i, res;
- char *err;
- const char * expr;
-@@ -201,6 +204,10 @@ static void setup_regex_probe(struct pro
- exit(1);
- }
- }
-+#else
-+ fprintf(stderr, "line %d: regex probe specified but not compiled in\n", config_setting_source_line(probes));
-+ exit(5);
-+#endif
- }
- #endif
-
PKG_NAME:=unbound
PKG_VERSION:=1.6.1
-PKG_RELEASE:=3
+PKG_RELEASE:=5
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE
$(INSTALL_DATA) ./files/unbound_srv.conf $(1)/etc/unbound/unbound_srv.conf
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_DATA) ./files/unbound.uci $(1)/etc/config/unbound
- $(INSTALL_DIR) $(1)/etc/hotplug.d/iface
- $(INSTALL_BIN) ./files/unbound.iface $(1)/etc/hotplug.d/iface/25-unbound
$(INSTALL_DIR) $(1)/etc/hotplug.d/ntp
$(INSTALL_BIN) ./files/unbound.ntpd $(1)/etc/hotplug.d/ntp/25-unbound
$(INSTALL_DIR) $(1)/etc/init.d
+++ /dev/null
-#!/bin/sh
-##############################################################################
-#
-# Copyright (C) 2016 Eric Luehrsen
-#
-##############################################################################
-#
-# "Restart" Unbound on hotplug interface up:
-# - Clean rebind of unbound to new interfaces
-# - Some of Unbound conf options to not reload run time
-# - Unbound can grow a bit so this will shrink it back
-#
-##############################################################################
-
-if [ "$ACTION" = ifup ] && /etc/init.d/unbound enabled ; then
- /etc/init.d/unbound restart
-fi
-
-##############################################################################
-
##############################################################################
start_service() {
+ # WAIT! Unbound often takes its time writing closure stats to syslog
+ pidof $PROG && sleep 1
+
# complex UCI work
unbound_start
##############################################################################
service_triggers() {
- procd_add_reload_trigger "dhcp" "network" "unbound"
+ procd_add_reload_trigger "unbound"
+ procd_add_raw_trigger "interface.*" 2000 /etc/init.d/unbound restart
}
##############################################################################
##############################################################################
+copy_dash_update() {
+ # TODO: remove this function and use builtins when this issues is resovled.
+ # Due to OpenWrt/LEDE divergence "cp -u" isn't yet universally available.
+ local filetime keeptime
+
+
+ if [ -f $UNBOUND_KEYFILE.keep ] ; then
+ # root.key.keep is reused if newest
+ filetime=$( date -r $UNBOUND_KEYFILE +%s )
+ keeptime=$( date -r $UNBOUND_KEYFILE.keep +%s )
+
+
+ if [ $keeptime -gt $filetime ] ; then
+ cp $UNBOUND_KEYFILE.keep $UNBOUND_KEYFILE
+ fi
+
+
+ rm -f $UNBOUND_KEYFILE.keep
+ fi
+}
+
+##############################################################################
+
create_interface_dns() {
local cfg="$1"
local ipcommand logint ignore ifname ifdashname
local resolvsym=0
local dhcp_origin=$( uci get dhcp.@odhcpd[0].leasefile )
local dhcp_dir=$( dirname "$dhcp_origin" )
+ local filestuff
if [ ! -x /usr/sbin/dnsmasq -o ! -x /etc/init.d/dnsmasq ] ; then
if [ -f $UNBOUND_KEYFILE ] ; then
- # Lets not lose RFC 5011 tracking if we don't have to
- cp -p $UNBOUND_KEYFILE $UNBOUND_KEYFILE.keep
+ filestuff=$( cat $UNBOUND_KEYFILE )
+
+
+ case "$filestuff" in
+ *"state=2 [ VALID ]"*)
+ # Lets not lose RFC 5011 tracking if we don't have to
+ cp -p $UNBOUND_KEYFILE $UNBOUND_KEYFILE.keep
+ ;;
+ esac
fi
fi
- if [ -f $UNBOUND_KEYFILE.keep ] ; then
- # root.key.keep is reused if newest
- cp -u $UNBOUND_KEYFILE.keep $UNBOUND_KEYFILE
- rm -f $UNBOUND_KEYFILE.keep
- fi
+ copy_dash_update
# Ensure access and prepare to jail
rm -f /tmp/resolv.conf
ln -s /tmp/resolv.conf.auto /tmp/resolv.conf
fi
-
-
- # Unbound has a log dump which takes time; don't overlap a "restart"
- sleep 1
}
##############################################################################
PKG_NAME:=vpnbypass
PKG_VERSION:=1.3.0
-PKG_RELEASE:=3
+PKG_RELEASE:=5
PKG_LICENSE:=GPL-3.0+
PKG_MAINTAINER:=Stan Grishin <stangri@melmac.net>
define Package/vpnbypass
SECTION:=net
CATEGORY:=Network
- DEPENDS:=+ip-full +ipset +iptables +ubox +dnsmasq-full
- CONFLICTS:=ip dnsmasq
+ DEPENDS:=+ipset +iptables
+ CONFLICTS:=openvpn-policy-routing
TITLE:=Simple VPN Bypass Service
PKGARCH:=all
endef
![screenshot](https://raw.githubusercontent.com/stangri/screenshots/master/vpnbypass/screenshot02.png "screenshot")
## Requirements
-This service requires following packages to be installed on your router: ```ip-full ipset iptables dnsmasq-full``` (```ip-full``` requires you uninstall ```ip``` first; ```dnsmasq-full``` requires you uninstall ```dnsmasq``` first). Run the following commands to satisfy the requirements:
+This service requires following packages to be installed on your router: ```ipset``` and ```iptables```. Additionally, if you want to use Domain Bypass feature, you need to install ```dnsmasq-full``` (```dnsmasq-full``` requires you uninstall ```dnsmasq``` first).
+
+To fully satisfy the requirements for both IP/Port VPN Bypass and Domain Bypass features connect to your router via ssh and run the following commands:
```sh
-opkg update
-opkg remove dnsmasq ip
-opkg install ip-full ipset iptables dnsmasq-full
+opkg update; opkg remove dnsmasq; opkg install ipset iptables dnsmasq-full
+```
+
+To satisfy the requirements for just IP/Port VPN Bypass connect to your router via ssh and run the following commands:
+```sh
+opkg update; opkg install ipset iptables
```
+#### Unmet dependencies
+If you are running a development (trunk/snapshot) build of OpenWrt/LEDE Project on your router and your build is outdated (meaning that packages of the same revision/commit hash are no longer available and when you try to satisfy the [requirements](#requirements) you get errors), please flash either current LEDE release image or current development/snapshot image.
+
## How to install
+<!---
+#### From Web UI/Luci
+Navigate to System->Software page on your router and then perform the following actions:
+1. Click "Update Lists"
+2. Wait for the update process to finish.
+3. In the "Download and install package:" field type ```vpnbypass luci-app-vpnbypass```
+4. Click "OK" to install ```vpnbypass``` and ```luci-app-vpnbypass```
+
+If you get an ```Unknown package 'vpnbypass'``` error, your router is not set up with the access to repository containing these packages and you need to add custom repository to your router first.
+
+#### From console/ssh
+--->
+Please make sure that the [requirements](#requirements) are satisfied and install ```vpnbypass``` and ```luci-app-vpnbypass``` from Web UI or connect to your router via ssh and run the following commands:
```sh
opkg update
opkg install vpnbypass luci-app-vpnbypass
```
+If these packages are not found in the official feed/repo for your version of OpenWrt/LEDE Project, you will need to [add a custom repo to your router](#add-custom-repo-to-your-router) first.
+
+#### Add custom repo to your router
+If your router is not set up with the access to repository containing these packages you will need to add custom repository to your router by connecting to your router via ssh and running the following commands:
-Until the packages are in the official feed/repo for your version, you can install them with:
-- OpenWrt
+###### OpenWrt CC 15.05.1
```sh
opkg update; opkg install wget libopenssl
-wget --no-check-certificate https://github.com/stangri/Files/raw/master/vpnbypass.ipk -O /tmp/vpnbypass.ipk
-wget --no-check-certificate https://github.com/stangri/Files/raw/master/luci-app-vpnbypass.ipk -O /tmp/luci-app-vpnbypass.ipk
-opkg install /tmp/vpnbypass.ipk /tmp/luci-app-vpnbypass.ipk
+echo -e -n 'untrusted comment: public key 7ffc7517c4cc0c56\nRWR//HUXxMwMVnx7fESOKO7x8XoW4/dRidJPjt91hAAU2L59mYvHy0Fa\n' > /tmp/stangri-repo.pub && opkg-key add /tmp/stangri-repo.pub
+! grep -q 'stangri_repo' /etc/opkg/customfeeds.conf && echo 'src/gz stangri_repo https://raw.githubusercontent.com/stangri/openwrt-repo/master' >> /etc/opkg/customfeeds.conf
+opkg update
```
-- LEDE Project
+###### LEDE Project and OpenWrt DD trunk
```sh
opkg update; opkg install uclient-fetch libustream-mbedtls
-wget --no-check-certificate https://github.com/stangri/Files/raw/master/vpnbypass.ipk -O /tmp/vpnbypass.ipk
-wget --no-check-certificate https://github.com/stangri/Files/raw/master/luci-app-vpnbypass.ipk -O /tmp/luci-app-vpnbypass.ipk
-opkg install /tmp/vpnbypass.ipk /tmp/luci-app-vpnbypass.ipk
+echo -e -n 'untrusted comment: public key 7ffc7517c4cc0c56\nRWR//HUXxMwMVnx7fESOKO7x8XoW4/dRidJPjt91hAAU2L59mYvHy0Fa\n' > /tmp/stangri-repo.pub && opkg-key add /tmp/stangri-repo.pub
+! grep -q 'stangri_repo' /etc/opkg/customfeeds.conf && echo 'src/gz stangri_repo https://raw.githubusercontent.com/stangri/openwrt-repo/master' >> /etc/opkg/customfeeds.conf
+opkg update
```
-### Default Settings
+## Default Settings
Default configuration has service disabled (use Web UI to enable/start service or run ```uci set vpnbypass.config.enabled=1```) and routes Plex Media Server traffic (port 32400) outside of the VPN tunnel, routes LogmeIn Hamachi traffic (25.0.0.0/8) outside of the VPN tunnel and also routes internet traffic from local IPs 192.168.1.81-192.168.1.87 outside of the VPN tunnel. You can safely delete these example rules if they do not apply to you.
## Documentation / Discussion
Please head to [LEDE Project Forum](https://forum.lede-project.org/t/vpn-bypass-split-tunneling-service-luci-ui/1106) for discussions of this service.
-### Bypass Domains Format/Syntax
+#### Bypass Domains Format/Syntax
Domain lists should be in following format/syntax: ```/domain1.com/domain2.com/vpnbypass```. Please don't forget the leading ```/``` and trailing ```/vpnbypass```. There's no validation if you enter something incorrectly -- it just won't work. Please see [Notes/Known Issues](#notesknown-issues) if you want to edit this setting manually, without Web UI.
## What's New
- Initial release.
## Notes/Known Issues
-Domains to be accessed outside of VPN tunnel are handled by dnsmasq and thus are not defined in ```/etc/config/vpnpass```, but rather in ```/etc/config/dhcp```. To add/delete/edit domains you can use VPN Bypass Web UI or you can edit ```/etc/config/dhcp``` manually or run following commands:
+1. Domains to be accessed outside of VPN tunnel are handled by dnsmasq and thus are not defined in ```/etc/config/vpnpass```, but rather in ```/etc/config/dhcp```. To add/delete/edit domains you can use VPN Bypass Web UI or you can edit ```/etc/config/dhcp``` manually or run following commands:
```sh
uci add_list dhcp.@dnsmasq[-1].ipset='/github.com/plex.tv/google.com/vpnbypass'
uci add_list dhcp.@dnsmasq[-1].ipset='/hulu.com/netflix.com/nhl.com/vpnbypass'
uci commit dhcp
/etc/init.d/dnsmasq restart
```
+This feature requires ```dnsmasq-full``` to work. See [Requirements](#requirements) paragraph for more details.
#!/bin/sh /etc/rc.common
PKG_VERSION=
-START=94
-USE_PROCD=1
+export START=94
+export USE_PROCD=1
readonly __ok__='\033[0;32m[\xe2\x9c\x93]\033[0m'
readonly __fail__='\033[0;31m[\xe2\x9c\x97]\033[0m'
readonly __pass__='\033[0;33m[-]\033[0m'
readonly __error__='\033[0;31mERROR\033[0m'
-output() { local msg=$(echo -n "${1/$p_name /service }" | sed 's|\\033\[[0-9]\?;\?[0-9]\?[0-9]\?m||g'); [ -n "$2" ] && [ ! $(($verbosity & $2)) -gt 0 ] && return 0; [ -t 1 ] && echo -e -n "$1"; [ $(echo -e -n "$msg" | wc -l) -gt 0 ] && logger -t "${PKG_NAME:-service} [$$]" "$(echo -e -n ${logmsg}${msg})" && logmsg='' || logmsg=${logmsg}${msg}; }
+export verbosity=2 TID='200' IPSET='vpnbypass' FW_MARK='0x010000' FW_MASK='0xff0000' wan_if4 wan_gw
+
+output() { [[ $# -ne 1 ]] && { [[ ! $((verbosity & $1)) -gt 0 ]] && return 0 || shift; }; local msg; msg=$(echo -n "${1/$p_name /service }" | sed 's|\\033\[[0-9]\?;\?[0-9]\?[0-9]\?m||g'); [[ -t 1 ]] && echo -e -n "$1"; [[ $(echo -e -n "$msg" | wc -l) -gt 0 ]] && logger -t "${PKG_NAME:-service} [$$]" "$(echo -e -n ${logmsg}${msg})" && logmsg='' || logmsg=${logmsg}${msg}; }
PKG_NAME="${PKG_NAME:-vpnbypass}"; p_name="${PKG_NAME} ${PKG_VERSION}"
is_enabled() {
config_get_bool enabled 'config' 'enabled' 1
config_get verbosity 'config' 'verbosity' '2'
config_get TID 'config' 'table_number' '200'
- config_get IPSET 'config' 'ipset' 'vpnbypass'
+ config_get IPSET 'config' 'ipset' 'vpnbypass'
config_get FW_MARK 'config' 'fw_mark' '0x010000'
config_get FW_MASK 'config' 'fw_mask' '0xff0000'
source /lib/functions/network.sh
- [ "$enabled" -gt 0 ] || { output "$__error__: $p_name is not enabled.\n"; return 1; }
+ [[ $enabled -gt 0 ]] || { output "$__error__: $p_name is not enabled.\n"; return 1; }
source /lib/functions/network.sh
while : ; do
network_find_wan wan_if4
[ -n "$wan_if4" ] && network_get_gateway wan_gw $wan_if4
- [ "$c" -ge 25 -o -n "$wan_gw" ] && break
+ [[ $c -ge 25 || -n "$wan_gw" ]] && break
output "$p_name waiting for wan gateway...\n"
sleep 2; network_flush_cache; let "c+=1";
done
}
ipt() {
- local d=$(echo $* | sed s/-A/-D/g)
+ local d; d=$(echo "$*" | sed s/-A/-D/g);
[ "$d" != "$*" ] && iptables $d >/dev/null 2>&1
- d=$(echo $* | sed s/-I/-D/g)
+ d=$(echo "$*" | sed s/-I/-D/g)
[ "$d" != "$*" ] && iptables $d >/dev/null 2>&1
- d=$(echo $* | sed s/-N/-F/g)
+ d=$(echo "$*" | sed s/-N/-F/g)
[ "$d" != "$*" ] && iptables $d >/dev/null 2>&1
- d=$(echo $* | sed s/-N/-X/g)
+ d=$(echo "$*" | sed s/-N/-X/g)
[ "$d" != "$*" ] && iptables $d >/dev/null 2>&1
-
- iptables $* >/dev/null 2>&1
+ d="$*"
+ iptables $d >/dev/null 2>&1 || output "\n$__error__: iptables $d\n"
}
start_service() {
- local ll
+ local ll lports rports routes ranges
is_enabled || return 1
config_get lports 'config' 'localport'
config_get rports 'config' 'remoteport'
config_get routes 'config' 'remotesubnet'
config_get ranges 'config' 'localsubnet'
- config_get domains 'config' 'domain'
procd_open_instance
procd_set_param stdout 1
procd_set_param stderr 1
procd_close_instance
+ iptables -t mangle -D PREROUTING -m mark --mark 0x00/${FW_MASK} -g VPNBYPASS >/dev/null 2>&1
ipt -t mangle -N VPNBYPASS; ipt -t mangle -A PREROUTING -m mark --mark 0x00/${FW_MASK} -g VPNBYPASS;
ipt -t mangle -A VPNBYPASS -m set --match-set $IPSET dst -j MARK --set-mark ${FW_MARK}/${FW_MASK}
ip rule del fwmark "$FW_MARK" table "$TID" >/dev/null 2>&1; ipset -q flush "$IPSET"; ipset -q destroy "$IPSET";
ip rule del fwmark "$FW_MARK" table "$TID" >/dev/null 2>&1; ipset -q flush "$IPSET"; ipset -q destroy "$IPSET";
ip route flush table "$TID"; ip route flush cache;
- ipt -t mangle -D PREROUTING -m mark --mark 0x00/${FW_MASK} -g VPNBYPASS
- ipt -t mangle -F VPNBYPASS; ipt -t mangle -X VPNBYPASS;
+ iptables -t mangle -D PREROUTING -m mark --mark 0x00/${FW_MASK} -g VPNBYPASS >/dev/null 2>&1
+ iptables -t mangle -F VPNBYPASS >/dev/null 2>&1; iptables -t mangle -X VPNBYPASS >/dev/null 2>&1;
output "$p_name stopped\n"
}
start_service
}
-st_load_interfaces(){ local d; config_get d $1 ifname; [ "$1" == "$wan_if4" -o "$d" != "${d/tun}" -o "$d" != "${d/tap}" ] && ifaces=" ${1} ${ifaces}"; }
+st_load_interfaces(){ local d; config_get d $1 ifname; [[ "$1" == "$wan_if4" || "$d" != "${d/tun}" || "$d" != "${d/tap}" ]] && ifaces=" ${1} ${ifaces}"; }
service_triggers() {
local ifaces n
procd_add_reload_trigger 'vpnbypass'
#
-# Copyright (C) 2008-2015 OpenWrt.org
+# Copyright (C) 2008-2017 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=wavemon
-PKG_VERSION:=0.8.0
+PKG_VERSION:=0.8.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+++ /dev/null
-diff --git a/wavemon.h b/wavemon.h
-index e7584f7..8c76d11 100644
---- a/wavemon.h
-+++ b/wavemon.h
-@@ -19,6 +19,7 @@
- * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- */
- #include <stdio.h>
-+#include <stdint.h>
- #include <stdlib.h>
- #include <unistd.h>
- #include <signal.h>
-@@ -33,7 +34,7 @@
- #include <ctype.h>
- #include <math.h>
- #include <stdbool.h>
--#include <ncurses.h>
-+#include <curses.h>
-
- #include "llist.h"
-
PKG_NAME:=wireguard
-PKG_VERSION:=0.0.20170223
-PKG_RELEASE:=2
+PKG_VERSION:=0.0.20170324
+PKG_RELEASE:=1
PKG_SOURCE:=WireGuard-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://git.zx2c4.com/WireGuard/snapshot/
-PKG_HASH:=6d2c8cd29c4f9fb404546a4749ec050739a26b4a49b5864f1dec531377c3c50d
+PKG_HASH:=2ec08a5d74cb3a63576f06d3cae695b6b8995acd9665e2fa4da91927b467ca51
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYING
depends on PACKAGE_zerotier
default n
-config ZEROTIER_USE_MINIUPNPC
- bool "Build with MiniUPnPc"
+config ZEROTIER_ENABLE_PORTMAPPING
+ bool "Build with MiniUPnPc and NAT-PMP support"
depends on PACKAGE_zerotier
default n
-config ZEROTIER_ENABLE_NETWORK_CONTROLLER
- bool "Build with network controller"
+config ZEROTIER_ENABLE_CLUSTER
+ bool "Build with cluster support"
depends on PACKAGE_zerotier
default n
config ZEROTIER_ENABLE_SELFTEST
- bool "Build a self test program"
+ bool "Build self test program"
depends on PACKAGE_zerotier
default n
include $(TOPDIR)/rules.mk
PKG_NAME:=zerotier
-PKG_VERSION:=1.1.14
+PKG_VERSION:=1.2.2
PKG_RELEASE:=4
PKG_LICENSE:=GPL-3.0
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/zerotier/ZeroTierOne
PKG_SOURCE_SUBDIR:=ZeroTierOne-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=ae491c277e6f35d1acbdcbf700e2b834957295ae
+PKG_SOURCE_VERSION:=cfe0d0971f3ce5972d955250dc1ff6ec7a30e3f7
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_MIRROR_MD5SUM:=c8c3219c995a59161832d580a194f6280de7a4eef75cebece6f38400b64f003e
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_SOURCE_SUBDIR)
-PKG_BUILD_DEPENDS:=uclibcxx
PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
define Package/zerotier
SECTION:=net
CATEGORY:=Network
- DEPENDS:=+libpthread +kmod-tun +ip +ZEROTIER_ENABLE_NETWORK_CONTROLLER:libsqlite3 +ZEROTIER_USE_MINIUPNPC:libminiupnpc +ZEROTIER_USE_MINIUPNPC:libnatpmp
+ DEPENDS:=+libpthread +kmod-tun +ip +libstdcpp +ZEROTIER_ENABLE_PORTMAPPING:libminiupnpc +ZEROTIER_ENABLE_PORTMAPPING:libnatpmp
TITLE:=Create flat virtual Ethernet networks of almost unlimited size
URL:=https://www.zerotier.com
SUBMENU:=VPN
source "$(SOURCE)/Config.in"
endef
-ifeq ($(CONFIG_ZEROTIER_ENABLE_NETWORK_CONTROLLER),y)
-MAKE_FLAGS += ZT_ENABLE_NETWORK_CONTROLLER=1
-MAKE_FLAGS += LDLIBS+=" -lsqlite3 "
+ifeq ($(CONFIG_ZEROTIER_ENABLE_CLUSTER),y)
+MAKE_FLAGS += ZT_ENABLE_CLUSTER=1
endif
-ifeq ($(CONFIG_ZEROTIER_USE_MINIUPNPC),y)
-MAKE_FLAGS += ZT_USE_MINIUPNPC=1
+ifeq ($(CONFIG_ZEROTIER_ENABLE_PORTMAPPING),y)
+MAKE_FLAGS += ZT_ENABLE_PORTMAPPING=1
endif
ifeq ($(CONFIG_ZEROTIER_ENABLE_DEBUG),y)
TARGET_CXXFLAGS += -DZT_TRACE -ggdb3
endif
-MAKE_FLAGS += \
- DEFS="" \
- LDFLAGS+=" -L$(STAGING_DIR)/usr/lib/uClibc++ -pthread " \
- LDLIBS+=" -fno-builtin -nodefaultlibs -Wl,-Bstatic -luClibc++ -Wl,-Bdynamic -lpthread -lm -lc -lsupc++ -lc -lgcc -lgcc_eh -lgcc_s -lssp_nonshared " \
- CXXFLAGS+=" -fno-builtin -nostdinc++ -I$(STAGING_DIR)/usr/include/uClibc++ -DGCC_HASCLASSVISIBILITY -Wall -fPIE -fvisibility=hidden "
-
define Build/Compile
$(call Build/Compile/Default,one)
ifeq ($(CONFIG_ZEROTIER_ENABLE_SELFTEST),y)
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/zerotier-one $(1)/usr/bin/
$(LN) zerotier-one $(1)/usr/bin/zerotier-cli
- $(LN) zerotier-one $(1)/usr/bin//zerotier-idtool
+ $(LN) zerotier-one $(1)/usr/bin/zerotier-idtool
ifeq ($(CONFIG_ZEROTIER_ENABLE_SELFTEST),y)
$(INSTALL_BIN) $(PKG_BUILD_DIR)/zerotier-selftest $(1)/usr/bin/
procd_open_instance
procd_add_reload_interface_trigger "$interface"
procd_set_param command $ZT_COMMAND $ARGS
- procd_set_param nice -10
procd_close_instance
}
+++ /dev/null
-From 830250759cd4c14ca2ae5ddf24f0a0427f258622 Mon Sep 17 00:00:00 2001
-From: Adam Ierymenko <adam.ierymenko@gmail.com>
-Date: Tue, 26 Jul 2016 16:36:20 -0700
-Subject: [PATCH 1/2] Fix for running under MUSL libc (e.g. Alpine Linux)
-
----
- osdep/Thread.hpp | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/osdep/Thread.hpp b/osdep/Thread.hpp
-index 7fb38d8..4f90dc0 100644
---- a/osdep/Thread.hpp
-+++ b/osdep/Thread.hpp
-@@ -125,6 +125,10 @@ public:
- throw()\r
- {\r
- memset(&_tid,0,sizeof(_tid));\r
-+ pthread_attr_init(&_tattr);\r
-+#ifdef __LINUX__\r
-+ pthread_attr_setstacksize(&_tattr,8388608); // for MUSL libc and others, has no effect in normal glibc environments\r
-+#endif\r
- _started = false;\r
- }\r
- \r
-@@ -157,7 +161,7 @@ public:
- {\r
- Thread t;\r
- t._started = true;\r
-- if (pthread_create(&t._tid,(const pthread_attr_t *)0,&___zt_threadMain<C>,instance))\r
-+ if (pthread_create(&t._tid,&t._tattr,&___zt_threadMain<C>,instance))\r
- throw std::runtime_error("pthread_create() failed, unable to create thread");\r
- return t;\r
- }\r
-@@ -184,6 +188,7 @@ public:
- \r
- private:\r
- pthread_t _tid;\r
-+ pthread_attr_t _tattr;\r
- volatile bool _started;\r
- };\r
- \r
---
-2.9.0
-
--- /dev/null
+From 4fd495fca8417a8fd4405951d1eee80f345eaf9b Mon Sep 17 00:00:00 2001
+From: Moritz Warning <moritzwarning@web.de>
+Date: Sun, 19 Mar 2017 01:13:14 +0100
+Subject: [PATCH 1/2] prevent D_FORTIFY_SOURCE from being defined twice
+
+---
+ make-linux.mk | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/make-linux.mk b/make-linux.mk
+index 7c77f58f..508d8c42 100644
+--- a/make-linux.mk
++++ b/make-linux.mk
+@@ -8,9 +8,10 @@ ifeq ($(origin CXX),default)
+ endif
+
+ INCLUDES?=
+-DEFS?=-D_FORTIFY_SOURCE=2
++DEFS?=
+ LDLIBS?=
+ DESTDIR?=
++ZT_ENABLE_PORTMAPPING?=0
+
+ include objects.mk
+
+--
+2.12.0
+
+++ /dev/null
-From 333bbabc6dfad0553fb63d560ab6442a50cc9e52 Mon Sep 17 00:00:00 2001
-From: Moritz Warning <moritzwarning@web.de>
-Date: Fri, 22 Jul 2016 23:27:31 +0200
-Subject: [PATCH 2/2] fix build
-
----
- make-linux.mk | 30 +++++++++++++++---------------
- 1 file changed, 15 insertions(+), 15 deletions(-)
-
---- a/make-linux.mk
-+++ b/make-linux.mk
-@@ -39,24 +39,24 @@ include objects.mk
-
- # On Linux we auto-detect the presence of some libraries and if present we
- # link against the system version. This works with our package build images.
--ifeq ($(wildcard /usr/include/lz4.h),)
-+#ifeq ($(wildcard $(STAGING_DIR)/usr/include/lz4.h),)
- OBJS+=ext/lz4/lz4.o
--else
-- LDLIBS+=-llz4
-- DEFS+=-DZT_USE_SYSTEM_LZ4
--endif
--ifeq ($(wildcard /usr/include/http_parser.h),)
-+#else
-+# LDLIBS+=-llz4
-+# DEFS+=-DZT_USE_SYSTEM_LZ4
-+#endif
-+#ifeq ($(wildcard $(STAGING_DIR)/usr/include/http_parser.h),)
- OBJS+=ext/http-parser/http_parser.o
--else
-- LDLIBS+=-lhttp_parser
-- DEFS+=-DZT_USE_SYSTEM_HTTP_PARSER
--endif
--ifeq ($(wildcard /usr/include/json-parser/json.h),)
-+#else
-+# LDLIBS+=-lhttp_parser
-+# DEFS+=-DZT_USE_SYSTEM_HTTP_PARSER
-+#endif
-+#ifeq ($(wildcard $(STAGING_DIR)/usr/include/json-parser/json.h),)
- OBJS+=ext/json-parser/json.o
--else
-- LDLIBS+=-ljsonparser
-- DEFS+=-DZT_USE_SYSTEM_JSON_PARSER
--endif
-+#else
-+# LDLIBS+=-ljsonparser
-+# DEFS+=-DZT_USE_SYSTEM_JSON_PARSER
-+#endif
-
- ifeq ($(ZT_USE_MINIUPNPC),1)
- OBJS+=osdep/PortMapper.o
--- /dev/null
+From b8390696d81f66109560d12046bb63b9704e07f3 Mon Sep 17 00:00:00 2001
+From: Moritz Warning <moritzwarning@web.de>
+Date: Sun, 19 Mar 2017 01:14:10 +0100
+Subject: [PATCH 2/2] make natpmp/miniupnpc configurable
+
+also include staging_dir variable in the search paths
+---
+ make-linux.mk | 32 ++++++++++++++++++--------------
+ 1 file changed, 18 insertions(+), 14 deletions(-)
+
+diff --git a/make-linux.mk b/make-linux.mk
+index 508d8c42..36060857 100644
+--- a/make-linux.mk
++++ b/make-linux.mk
+@@ -22,20 +22,24 @@ OBJS+=ext/http-parser/http_parser.o
+ # Auto-detect miniupnpc and nat-pmp as well and use system libs if present,
+ # otherwise build into binary as done on Mac and Windows.
+ OBJS+=osdep/PortMapper.o
+-DEFS+=-DZT_USE_MINIUPNPC
+-MINIUPNPC_IS_NEW_ENOUGH=$(shell grep -sqr '.*define.*MINIUPNPC_VERSION.*"2.."' /usr/include/miniupnpc/miniupnpc.h && echo 1)
+-ifeq ($(MINIUPNPC_IS_NEW_ENOUGH),1)
+- DEFS+=-DZT_USE_SYSTEM_MINIUPNPC
+- LDLIBS+=-lminiupnpc
+-else
+- DEFS+=-DMINIUPNP_STATICLIB -DMINIUPNPC_SET_SOCKET_TIMEOUT -DMINIUPNPC_GET_SRC_ADDR -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -DOS_STRING=\"Linux\" -DMINIUPNPC_VERSION_STRING=\"2.0\" -DUPNP_VERSION_STRING=\"UPnP/1.1\" -DENABLE_STRNATPMPERR
+- OBJS+=ext/miniupnpc/connecthostport.o ext/miniupnpc/igd_desc_parse.o ext/miniupnpc/minisoap.o ext/miniupnpc/minissdpc.o ext/miniupnpc/miniupnpc.o ext/miniupnpc/miniwget.o ext/miniupnpc/minixml.o ext/miniupnpc/portlistingparse.o ext/miniupnpc/receivedata.o ext/miniupnpc/upnpcommands.o ext/miniupnpc/upnpdev.o ext/miniupnpc/upnperrors.o ext/miniupnpc/upnpreplyparse.o
+-endif
+-ifeq ($(wildcard /usr/include/natpmp.h),)
+- OBJS+=ext/libnatpmp/natpmp.o ext/libnatpmp/getgateway.o
+-else
+- LDLIBS+=-lnatpmp
+- DEFS+=-DZT_USE_SYSTEM_NATPMP
++
++ifeq ($(ZT_ENABLE_PORTMAPPING),1)
++ DEFS+=-DZT_USE_MINIUPNPC
++ MINIUPNPC_IS_NEW_ENOUGH=$(shell grep -sqr '.*define.*MINIUPNPC_VERSION.*"2.."' $(STAGING_DIR)/usr/include/miniupnpc/miniupnpc.h && echo 1)
++ ifeq ($(MINIUPNPC_IS_NEW_ENOUGH),1)
++ DEFS+=-DZT_USE_SYSTEM_MINIUPNPC
++ LDLIBS+=-lminiupnpc
++ else
++ DEFS+=-DMINIUPNP_STATICLIB -DMINIUPNPC_SET_SOCKET_TIMEOUT -DMINIUPNPC_GET_SRC_ADDR -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -DOS_STRING=\"Linux\" -DMINIUPNPC_VERSION_STRING=\"2.0\" -DUPNP_VERSION_STRING=\"UPnP/1.1\" -DENABLE_STRNATPMPERR
++ OBJS+=ext/miniupnpc/connecthostport.o ext/miniupnpc/igd_desc_parse.o ext/miniupnpc/minisoap.o ext/miniupnpc/minissdpc.o ext/miniupnpc/miniupnpc.o ext/miniupnpc/miniwget.o ext/miniupnpc/minixml.o ext/miniupnpc/portlistingparse.o ext/miniupnpc/receivedata.o ext/miniupnpc/upnpcommands.o ext/miniupnpc/upnpdev.o ext/miniupnpc/upnperrors.o ext/miniupnpc/upnpreplyparse.o
++ endif
++
++ ifeq ($(wildcard $(STAGING_DIR)/usr/include/natpmp.h),)
++ OBJS+=ext/libnatpmp/natpmp.o ext/libnatpmp/getgateway.o
++ else
++ LDLIBS+=-lnatpmp
++ DEFS+=-DZT_USE_SYSTEM_NATPMP
++ endif
+ endif
+
+ ifeq ($(ZT_ENABLE_CLUSTER),1)
+--
+2.12.0
+
+++ /dev/null
-From 21f4958bd48cae59b478b1b3445e00fa4fb18991 Mon Sep 17 00:00:00 2001
-From: muebau <muebau@gmail.com>
-Date: Fri, 5 Aug 2016 19:22:45 +0200
-Subject: [PATCH] OpenWRT workaround to avoid seg faults
-
----
- service/OneService.cpp | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/service/OneService.cpp b/service/OneService.cpp
-index 13820f5..9ba3238 100644
---- a/service/OneService.cpp
-+++ b/service/OneService.cpp
-@@ -862,8 +862,8 @@ public:
- }
-
- // Start two background threads to handle expensive ops out of line
-- Thread::start(_node);
-- Thread::start(_node);
-+ //Thread::start(_node);
-+ //Thread::start(_node);
-
- _nextBackgroundTaskDeadline = 0;
- uint64_t clockShouldBe = OSUtils::now();
---
-2.7.4
-
+++ /dev/null
---- a/make-linux.mk
-+++ b/make-linux.mk
-@@ -64,7 +64,8 @@ ifeq ($(ZT_USE_MINIUPNPC),1)
- DEFS+=-DZT_USE_MINIUPNPC
-
- # Auto-detect libminiupnpc at least v2.0
-- MINIUPNPC_IS_NEW_ENOUGH=$(shell grep -sqr '.*define.*MINIUPNPC_VERSION.*"2.."' /usr/include/miniupnpc/miniupnpc.h && echo 1)
-+ #MINIUPNPC_IS_NEW_ENOUGH=$(shell grep -sqr '.*define.*MINIUPNPC_VERSION.*"2.."' $(STAGING_DIR)/usr/include/miniupnpc/miniupnpc.h && echo 1)
-+ MINIUPNPC_IS_NEW_ENOUGH=1
- ifeq ($(MINIUPNPC_IS_NEW_ENOUGH),1)
- DEFS+=-DZT_USE_SYSTEM_MINIUPNPC
- LDLIBS+=-lminiupnpc
-@@ -74,7 +75,7 @@ ifeq ($(ZT_USE_MINIUPNPC),1)
- endif
-
- # Auto-detect libnatpmp
-- ifeq ($(wildcard /usr/include/natpmp.h),)
-+ ifeq ($(wildcard $(STAGING_DIR)/usr/include/natpmp.h),)
- OBJS+=ext/libnatpmp/natpmp.o ext/libnatpmp/getgateway.o
- else
- LDLIBS+=-lnatpmp
---- a/osdep/PortMapper.cpp
-+++ b/osdep/PortMapper.cpp
-@@ -180,7 +180,7 @@ public:
- struct IGDdatas data;
-
- int upnpError = 0;
-- UPNPDev *devlist = upnpDiscoverAll(5000,(const char *)0,(const char *)0,0,0,2,&upnpError);
-+ UPNPDev *devlist = upnpDiscoverAll(5000,(const char *)0,(const char *)0,0,0,&upnpError);
- if (devlist) {
-
- #ifdef ZT_PORTMAPPER_TRACE
include $(TOPDIR)/rules.mk
PKG_NAME:=canutils
-PKG_RELEASE=2
+PKG_RELEASE=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/linux-can/can-utils
-PKG_SOURCE_VERSION:=0e3ff3b3157e456d4b6343f5d4b42ef692bce538
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.bz2
-PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_SOURCE_VERSION)
+PKG_SOURCE_DATE:=2017-02-16
+PKG_SOURCE_VERSION:=cb33a55720716cbe01e6025a2bda74a1b7e492d3
+PKG_MIRROR_HASH:=cb6a615bc7d62923d5bc0130891e824e9964de8a31920004b74872a07d8743ef
PKG_MAINTAINER:=Anton Glukhov <anton.a.glukhov@gmail.com>
PKG_LICENSE:=GPL-2.0+
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_SOURCE_SUBDIR)
PKG_FIXUP:=autoreconf
include $(INCLUDE_DIR)/package.mk
PKG_NAME:=cryptodev-linux
PKG_VERSION:=1.8.git-2017-02-09
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE_URL:=https://github.com/cryptodev-linux/cryptodev-linux.git
PKG_SOURCE_VERSION:=6818263667ca488f9b1c86e36ea624c4ea1c309f
+PKG_MAINTAINER:=Ansuel Smith ansuelsmth@gmail.com
+
PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
include $(INCLUDE_DIR)/package.mk
define KernelPackage/cryptodev/install
$(INSTALL_DIR) $(1)/etc/modules.d
- $(INSTALL_DATA) ./files/cryptodev.modules $(1)/etc/modules.d/80-cryptodev
+ $(INSTALL_DATA) ./files/cryptodev.modules $(1)/etc/modules.d/50-cryptodev
$(INSTALL_DIR) $(1)/lib/modules/$(LINUX_VERSION)
$(INSTALL_DIR) $(1)/usr/sbin
endef
-cryptodev
+cryptodev cryptodev_verbosity=-1
include $(TOPDIR)/rules.mk
PKG_NAME:=dosfstools
-PKG_VERSION:=4.0
-PKG_RELEASE:=2
+PKG_VERSION:=4.1
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/dosfstools/dosfstools/releases/download/v$(PKG_VERSION)/ \
http://fossies.org/linux/misc
-PKG_MD5SUM:=9037738953559d1efe04fc5408b6846216cc0138f7f9d32de80b6ec3c35e7daf
+PKG_HASH:=e6b2aca70ccc3fe3687365009dd94a2e18e82b688ed4e260e04b7412471cc173
PKG_MAINTAINER:=Álvaro Fernández Rojas <noltari@gmail.com>
PKG_LICENSE:=GPL-3.0+
+++ /dev/null
-From 1e76e5778a1885452939a79d9145b80634a5b023 Mon Sep 17 00:00:00 2001
-From: Andreas Bombe <aeb@debian.org>
-Date: Wed, 11 May 2016 03:44:58 +0200
-Subject: [PATCH] mkfs: Default to 64/32 heads/sectors for targets smaller than
- 512 MB
-
-This may put defaults in certain use cases a little bit more in line
-with the old defaults in versions up to 3.0.28. It has mostly aesthetic
-value in most cases.
-
-Signed-off-by: Andreas Bombe <aeb@debian.org>
----
- src/mkfs.fat.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
---- a/src/mkfs.fat.c
-+++ b/src/mkfs.fat.c
-@@ -519,6 +519,16 @@ static void establish_params(struct devi
- unsigned int cluster_size = 4; /* starting point for FAT12 and FAT16 */
- int def_root_dir_entries = 512;
-
-+ if (info->size < 512 * 1024 * 1024) {
-+ /*
-+ * These values are more or less meaningless, but we can at least
-+ * use less extreme values for smaller filesystems where the large
-+ * dummy values signifying LBA only access are not needed.
-+ */
-+ sec_per_track = 32;
-+ heads = 64;
-+ }
-+
- if (info->type != TYPE_FIXED) {
- /* enter default parameters for floppy disks if the size matches */
- switch (info->size / 1024) {
-AC_SEARCH_LIBS(iconv_open, iconv)
+AC_CHECK_LIB(iconv, iconv_open)
- AC_CONFIG_FILES([Makefile src/Makefile src/version.h
- manpages/Makefile manpages/mkfs.fat.8
+ # xxd (distributed with vim) is used in the testsuite
+ AC_CHECK_PROG([XXD_FOUND], [xxd], [yes])
--- /dev/null
+#
+# Copyright (C) 2016 Nikil Mehta <nikil.mehta@gmail.com>
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=moreutils
+PKG_VERSION:=0.60
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).orig.tar.xz
+PKG_SOURCE_URL:=http://http.debian.net/debian/pool/main/m/moreutils/
+PKG_HASH:=e42d18bacbd2d003779a55fb3542befa5d1d217ee37c1874e8c497581ebc17c5
+
+PKG_MAINTAINER:=Nikil Mehta <nikil.mehta@gmail.com>
+PKG_LICENSE:=GPL-2.0
+PKG_LICENSE_FILES:=COPYING
+
+PKG_INSTALL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/moreutils
+ SECTION:=utils
+ CATEGORY:=Utilities
+ TITLE:=additional Unix utilities
+ URL:=https://joeyh.name/code/moreutils/
+ DEPENDS:=+perl +perlbase-file +perlbase-getopt +perlbase-io +perlbase-ipc +perlbase-posix
+endef
+
+define Package/moreutils/description
+ This is a growing collection of the Unix tools that nobody thought
+ to write long ago, when Unix was young.
+ .
+ So far, it includes the following utilities:
+ - chronic: runs a command quietly unless it fails
+ - combine: combine the lines in two files using boolean operations
+ - errno: look up errno names and descriptions
+ - ifdata: get network interface info without parsing ifconfig output
+ - ifne: run a program if the standard input is not empty
+ - isutf8: check if a file or standard input is utf-8
+ - lckdo: execute a program with a lock held
+ - mispipe: pipe two commands, returning the exit status of the first
+ - parallel: run multiple jobs at once
+ - pee: tee standard input to pipes
+ - sponge: soak up standard input and write to a file
+ - ts: timestamp standard input
+ - vidir: edit a directory in your text editor
+ - vipe: insert a text editor into a pipe
+ - zrun: automatically uncompress arguments to command
+endef
+
+define Package/moreutils/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/* $(1)/usr/bin/
+endef
+
+$(eval $(call BuildPackage,moreutils))
--- /dev/null
+--- a/Makefile
++++ b/Makefile
+@@ -13,7 +13,7 @@
+
+ DOCBOOK2XMAN=xsltproc --param man.authors.section.enabled 0 $(DOCBOOKXSL)/manpages/docbook.xsl
+
+-all: $(BINS) $(MANS)
++all: $(BINS)
+
+ clean:
+ rm -f $(BINS) $(MANS) dump.c errnos.h errno.o
+@@ -27,9 +27,6 @@
+ $(INSTALL_BIN) $(BINS) $(DESTDIR)$(PREFIX)/bin
+ install $(PERLSCRIPTS) $(DESTDIR)$(PREFIX)/bin
+
+- mkdir -p $(DESTDIR)$(PREFIX)/share/man/man1
+- install $(MANS) $(DESTDIR)$(PREFIX)/share/man/man1
+-
+ check: isutf8
+ ./is_utf8/test.sh
+
include $(TOPDIR)/rules.mk
PKG_NAME:=zoneinfo
-PKG_VERSION:=2017a
-PKG_VERSION_CODE:=2017a
+PKG_VERSION:=2017b
+PKG_VERSION_CODE:=2017b
PKG_RELEASE:=1
#As i couldn't find real license used "Public Domain"
PKG_SOURCE:=tzdata$(PKG_VERSION).tar.gz
PKG_SOURCE_CODE:=tzcode$(PKG_VERSION_CODE).tar.gz
PKG_SOURCE_URL:=http://www.iana.org/time-zones/repository/releases
-PKG_MD5SUM:=cb8274cd175f8a4d9d1b89895df876dc
+PKG_MD5SUM:=50dc0dc50c68644c1f70804f2e7a1625
include $(INCLUDE_DIR)/package.mk
define Download/tzcode
FILE=$(PKG_SOURCE_CODE)
URL=$(PKG_SOURCE_URL)
- MD5SUM:=eef0bfac7a52dce6989a7d8b40d86fe0
+ MD5SUM:=afaf15deb13759e8b543d86350385b16
endef
$(eval $(call Download,tzcode))