--- /dev/null
+name: Check APK compatible version/release
+
+on:
+ pull_request_target:
+ types: [opened, synchronize, converted_to_draft, ready_for_review, edited]
+
+jobs:
+ build:
+ name: Check APK compatible version/release
+ runs-on: ubuntu-latest
+ strategy:
+ fail-fast: false
+
+ permissions:
+ pull-requests: write
+
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ ref: ${{ github.event.pull_request.head.sha }}
+ fetch-depth: 0
+
+ - name: Determine branch name
+ run: |
+ BRANCH="${GITHUB_BASE_REF#refs/heads/}"
+ echo "Building for $BRANCH"
+ echo "BRANCH=$BRANCH" >> $GITHUB_ENV
+
+ - name: Setup APK
+ run: |
+ wget -O $GITHUB_WORKSPACE/apk https://buildbot.aparcar.org/apk.static
+ chmod +x $GITHUB_WORKSPACE/apk
+
+ - name: Determine changed packages
+ run: |
+ RET=0
+ INCOMPATIBLE_VERSION=""
+
+ # only detect packages with changes
+ PKG_ROOTS=$(find . -name Makefile | \
+ grep -v ".*/src/Makefile" | \
+ sed -e 's@./\(.*\)/Makefile@\1/@')
+ CHANGES=$(git diff --diff-filter=d --name-only origin/$BRANCH...)
+
+ for ROOT in $PKG_ROOTS; do
+ for CHANGE in $CHANGES; do
+ if [[ "$CHANGE" == "$ROOT"* ]]; then
+ PKG_RELEASE=$(grep -E '^PKG_RELEASE' "$ROOT/Makefile" | cut -f 2 -d '=')
+ if [ -n "$PKG_RELEASE" ]; then
+ if [[ "$PKG_RELEASE" == '^[0-9]+$' ]]; then
+ echo "PKG_RELEASE is not an integer: $PKG_RELEASE"
+ INCOMPATIBLE_VERSION+=" $ROOT"
+ break
+ fi
+ fi
+ PKG_VERSION=$(grep -E '^PKG_VERSION' "$ROOT/Makefile" | cut -f 2 -d '=')
+ if [ -n "$PKG_VERSION" ]; then
+ $GITHUB_WORKSPACE/apk version --quiet --check "$PKG_VERSION"
+ if [[ "$?" -gt "0" ]]; then
+ echo "PKG_VERSION is not compatible: $PKG_VERSION"
+ INCOMPATIBLE_VERSION+=" $ROOT"
+ fi
+ fi
+ fi
+ done
+ done
+
+ echo "Incompatible versions: $INCOMPATIBLE_VERSION"
+
+ if [ -n "$INCOMPATIBLE_VERSION" ]; then
+ RET=1
+ cat > "$GITHUB_WORKSPACE/pr_comment.md" << EOF
+ OpenWrt will change to the APK package manager which requires
+ deterministic verisons. Please make sure that **PKG_VERSION**
+ follows [Semantic Versioning](https://semver.org) or more specifically,
+ the [APK version scheme](https://gitlab.alpinelinux.org/alpine/apk-tools/-/blob/master/doc/apk-package.5.scd?ref_type=heads#L47).
+ If the version is based on a date, please use dots instead of dashes, i.e. **24.01.01**.
+
+ The **PKG_RELEASE** should be an integer and not contain any letters or special characters.
+
+ EOF
+
+ fi
+
+ for ROOT in $INCOMPATIBLE_VERSION; do
+ echo " - ${ROOT}Makefile" >> "$GITHUB_WORKSPACE/pr_comment.md"
+ done
+
+ exit $RET
+
+ - name: Find Comment
+ uses: peter-evans/find-comment@v2
+ if: ${{ failure() }}
+ id: fc
+ with:
+ issue-number: ${{ github.event.pull_request.number }}
+ comment-author: "github-actions[bot]"
+
+ - name: Create or update comment
+ uses: peter-evans/create-or-update-comment@v2
+ if: ${{ failure() }}
+ with:
+ comment-id: ${{ steps.fc.outputs.comment-id }}
+ issue-number: ${{ github.event.pull_request.number }}
+ body-file: "pr_comment.md"
+ edit-mode: replace
RET=1
fi
+ author="$(git show -s --format=%aN $commit)"
+ if echo $author | grep -q '\S\+\s\+\S\+'; then
+ success "Author name ($author) seems ok"
+ else
+ err "Author name ($author) need to be your real name 'firstname lastname'"
+ RET=1
+ fi
+
subject="$(git show -s --format=%s $commit)"
if echo "$subject" | grep -q -e '^[0-9A-Za-z,+/_-]\+: ' -e '^Revert ' -e '^CONTRIBUTING.md' -e '^README.md'; then
success "Commit subject line seems ok ($subject)"
--- /dev/null
+*.o
+.DS_Store
+.*.swp
+*.orig
+*.rej
+.vscode*
+/.env
+/.env.*
+/*.patch
PKG_NAME:=atop
PKG_RELEASE:=1
-PKG_VERSION:=2.7.1
+PKG_VERSION:=2.11.0
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.atoptool.nl/download/
-PKG_HASH:=ca48d2f17e071deead5e6e9cc9e388bf6a3270d695e61976b3794d4d927b5c4e
+PKG_HASH:=9b94c666602efff7bf402ecce706c347f38c39cb63498f9d39626861e5646e20
PKG_MAINTAINER:=Toni Uhlig <matzeton@googlemail.com>
PKG_LICENSE:=GPL-2.0-or-later
SECTION:=admin
CATEGORY:=Administration
TITLE:=System and process monitor for Linux
- DEPENDS:=+zlib +libncurses
+ DEPENDS:=+zlib +libncurses +glib2
URL:=https://www.atoptool.nl/
endef
network activity per process/thread.
endef
-MAKE_FLAGS += \
- CFLAGS+="-Wno-misleading-indentation -Wno-unused-const-variable -Wno-format-truncation"
-
define Package/atop/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/atop $(1)/usr/bin/
+++ /dev/null
---- a/Makefile
-+++ b/Makefile
-@@ -33,7 +33,7 @@ VERS = $(shell ./atop -V 2>/dev/null
- all: atop atopsar atopacctd atopconvert atopcat
-
- atop: atop.o $(ALLMODS) Makefile
-- $(CC) atop.o $(ALLMODS) -o atop -lncursesw -lz -lm -lrt $(LDFLAGS)
-+ $(CC) $(CFLAGS) atop.o $(ALLMODS) -o atop -lncursesw -lz -lm -lrt $(LDFLAGS)
-
- atopsar: atop
- ln -sf atop atopsar
include $(TOPDIR)/rules.mk
PKG_NAME:=bottom
-PKG_VERSION:=0.9.4
+PKG_VERSION:=0.9.7
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/ClementTsang/bottom/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=199123ef354bcabaa8a2e3b7b477b324f5b647d503a2599d08296733846eea6e
+PKG_HASH:=29c3f75323ae0245576ea23268bb0956757352bf3b16d05f511357655b9cc71e
PKG_MAINTAINER:=Luca Barbato <lu_zero@luminem.org>
PKG_LICENSE:=MIT
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fluent-bit
+PKG_VERSION:=3.1.3
+PKG_RELEASE:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/fluent/fluent-bit.git
+PKG_SOURCE_VERSION=v$(PKG_VERSION)
+PKG_MIRROR_HASH:=85b861693a9ed597e4e55e30330dd2fb96daa997eb71424a55ccc28de92eef78
+
+PKG_LICENSE:=Apache-2.0
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+
+define Package/fluent-bit
+ SECTION:=admin
+ CATEGORY:=Administration
+ TITLE:=Fast and Lightweight Logs and Metrics processor
+ URL:=https://fluentbit.io/
+ DEPENDS:= +libyaml +libopenssl +libcurl +libatomic +musl-fts +flex +bison
+endef
+
+define Package/fluent-bit/description
+ Fluent Bit is a super fast, lightweight, and highly scalable logging
+ and metrics processor and forwarder.
+endef
+
+define Package/fluent-bit/conffiles
+/etc/fluent-bit/parsers.conf
+endef
+
+TARGET_LDFLAGS +=-lfts -latomic
+
+CMAKE_OPTIONS+= \
+ -DFLB_RELEASE=Yes \
+ -DEXCLUDE_FROM_ALL=true \
+ -DFLB_EXAMPLES=No \
+ -DFLB_CHUNK_TRACE=No \
+ -DFLB_BACKTRACE=No \
+ -DFLB_WASM=No \
+ -DFLB_LUAJIT=No
+
+define Package/fluent-bit/install
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/fluent-bit $(1)/usr/sbin/
+
+ $(INSTALL_DIR) $(1)/etc/fluent-bit
+ $(INSTALL_CONF) $(PKG_BUILD_DIR)/conf/parsers.conf $(1)/etc/fluent-bit/parsers.conf
+endef
+
+$(eval $(call BuildPackage,fluent-bit))
include $(TOPDIR)/rules.mk
PKG_NAME:=monit
-PKG_VERSION:=5.33.0
+PKG_VERSION:=5.34.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://bitbucket.org/tildeslash/monit/downloads/
-PKG_HASH:=1ace889c0183473a9d70160df6533bb6e1338dc1354f5928507803e1e2a863b5
+PKG_HASH:=37f514cd8973bbce104cb8517ff3fc504052a083703eee0d0e873db26b919820
PKG_MAINTAINER:=Yaroslav Petrov <info@lank.me>
PKG_LICENSE:=AGPL-3.0
endef
CONFIGURE_ARGS += \
+ --with-piddir="/var/run" \
--without-pam \
ac_cv_ipv6=$(if $(CONFIG_IPV6),yes,no) \
libmonit_cv_setjmp_available=yes \
+++ /dev/null
---- a/configure.ac
-+++ b/configure.ac
-@@ -477,14 +477,7 @@ AC_ARG_WITH(ipv6,
-
- # Find the right directory to put the root-mode PID file in
- AC_MSG_CHECKING([pid file location])
--if test -d "/run"
--then
-- piddir="/run"
--elif test -d "/var/run"; then
-- piddir="/var/run"
--elif test -d "/etc"; then
-- piddir="/etc"
--fi
-+piddir="/var/run"
-
- AC_DEFINE_UNQUOTED([PIDDIR], "$piddir",
- [Define to the pid storage directory.])
include $(TOPDIR)/rules.mk
PKG_NAME:=openwisp-config
-PKG_RELEASE:=2
+PKG_VERSION:=1.0.1
+PKG_RELEASE:=3
PKG_MAINTAINER:=Federico Capoano <f.capoano@openwisp.io>
PKG_LICENSE:=GPL-3.0-or-later
PKG_SOURCE_URL:=https://github.com/openwisp/openwisp-config.git
-PKG_MIRROR_HASH:=d1760c42e6388a2431e4c4514ec6d8a519757035b630b2bf0a8574b65effc4c3
+PKG_MIRROR_HASH:=14d65c0aa092b5815bcc3b53c26784a069adf783d3e2c6f5f13a4d62024e5620
PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=1.0.1
+PKG_SOURCE_VERSION:=$(PKG_VERSION)
include $(INCLUDE_DIR)/package.mk
include $(TOPDIR)/rules.mk
PKG_NAME:=openwisp-monitoring
-PKG_RELEASE:=2
+PKG_VERSION:=0.1.1
+PKG_RELEASE:=3
PKG_MAINTAINER:=Federico Capoano <support@openwisp.io>
PKG_LICENSE:=GPL-3.0-or-later
PKG_LICENSE_FILES:=LICENSE
PKG_SOURCE_URL:=https://github.com/openwisp/openwrt-openwisp-monitoring.git
-PKG_MIRROR_HASH:=b09f2b6ac1a41b6abab3d85917c02b16a94bfec3876c6062108ce600a4a25d98
+PKG_MIRROR_HASH:=97ae00b37518919079d894622c664d330bbf0cb0ee1b68c84991b459c1a087ee
PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=0.1.1
+PKG_SOURCE_VERSION:=$(PKG_VERSION)
PKGARCH:=all
include $(INCLUDE_DIR)/package.mk
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=qbee-agent
+PKG_VERSION:=2024.36
+PKG_RELEASE:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/qbee-io/qbee-agent.git
+PKG_SOURCE_VERSION:=d52fb5e69b479550636570a2db6cebe06f5f129b
+PKG_MIRROR_HASH:=58b4e7b741754bf86d315eb32e43d4a8b80c8b8f5a95cf94b77f48c193385d60
+
+PKG_LICENSE:=Apache-2.0
+PKG_LICENSE_FILES:=LICENSE
+PKG_MAINTAINER:=Jon Henrik Bjørnstad <jonhenrik@qbee.io>
+
+PKG_BUILD_DEPENDS:=golang/host
+PKG_BUILD_FLAGS:=no-mips16
+PKG_BUILD_PARALLEL:=1
+
+GO_PKG:=go.qbee.io/agent
+GO_PKG_LDFLAGS_X:= \
+ $(GO_PKG)/app.Version=$(PKG_VERSION) \
+ $(GO_PKG)/app.Commit=$(PKG_SOURCE_VERSION)
+
+include $(INCLUDE_DIR)/package.mk
+include ../../lang/golang/golang-package.mk
+
+define Package/qbee-agent
+ SECTION:=admin
+ CATEGORY:=Administration
+ TITLE:=qbee.io fleet management agent
+ URL:=https://qbee.io
+ DEPENDS:=$(GO_ARCH_DEPENDS)
+endef
+
+define Package/qbee-agent/description
+ qbee.io is a SaaS provided fleet management solution. This package
+ provides the agent that runs on the device and communicates with
+ the qbee.io server.
+endef
+
+define Package/qbee-agent/install
+ $(INSTALL_DIR) $(1)/etc/qbee/ppkeys
+ $(INSTALL_CONF) $(PKG_BUILD_DIR)/package/share/ssl/ca.cert $(1)/etc/qbee/ppkeys/ca.cert
+
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(GO_PKG_BUILD_BIN_DIR)/agent $(1)/usr/bin/qbee-agent
+
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/qbee-agent.init $(1)/etc/init.d/qbee-agent
+endef
+
+$(eval $(call BuildPackage,qbee-agent))
--- /dev/null
+#!/bin/sh /etc/rc.common
+
+START=99
+STOP=11
+USE_PROCD=1
+
+ARGS="start"
+
+start_service() {
+ if [ ! -f /etc/qbee/qbee-agent.json ]; then
+ echo "Device seems to not have been bootstrapped. Please run 'qbee-agent bootstrap -k <bootstrap-key>' as root to bootstrap."
+ return 0
+ fi
+
+ procd_open_instance qbee-agent
+ procd_set_param command /usr/bin/qbee-agent $ARGS
+ procd_set_param respawn 3600 60 0
+ procd_set_param stdout 1
+ procd_set_param stderr 1
+ procd_set_param pidfile /var/run/qbee-agent.pid
+ procd_set_param term_timeout 600
+ procd_close_instance
+}
include $(TOPDIR)/rules.mk
PKG_NAME:=rsyslog
-PKG_VERSION:=8.2312.0
+PKG_VERSION:=8.2408.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:= \
https://fossies.org/linux/misc \
https://www.rsyslog.com/files/download/rsyslog
-PKG_HASH:=774032006128a896437f5913e132aa27dbfb937cd8847e449522d5a12d63d03e
+PKG_HASH:=8bb2f15f9bf9bb7e635182e3d3e370bfc39d08bf35a367dce9714e186f787206
PKG_MAINTAINER:=
PKG_LICENSE:=GPL-3.0-or-later
include $(TOPDIR)/rules.mk
PKG_NAME:=sudo
-PKG_VERSION:=1.9.15p5
+PKG_REALVERSION:=1.9.15p5
+PKG_VERSION:=$(subst p,_p,$(PKG_REALVERSION))
PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_REALVERSION).tar.gz
PKG_SOURCE_URL:=https://www.sudo.ws/dist
PKG_HASH:=558d10b9a1991fb3b9fa7fa7b07ec4405b7aefb5b3cb0b0871dbc81e3a88e558
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_REALVERSION)
PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
case "$1" in
sudo)
- sudo --version | grep "$2"
+ sudo --version | grep "${2//_p/p}"
;;
esac
include $(TOPDIR)/rules.mk
PKG_NAME:=zabbix
-PKG_VERSION:=6.4.7
-PKG_RELEASE:=2
+PKG_VERSION:=7.0.0
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://cdn.zabbix.com/zabbix/sources/stable/$(basename $(PKG_VERSION))/ \
https://cdn.zabbix.com/zabbix/sources/oldstable/$(basename $(PKG_VERSION))/
-PKG_HASH:=6b4e81f07de4c82c7994871bea51be4d6427683fa9a7fbe112fd7559b3670e49
+PKG_HASH:=520641483223f680ef6e685284b556ba34a496d886a38dc3bca085cde21031b1
PKG_MAINTAINER:=Etienne CHAMPETIER <champetier.etienne@gmail.com>
-PKG_LICENSE:=GPL-2.0
+PKG_LICENSE:=AGPL-3.0-only
PKG_LICENSE_FILES:=COPYING
PKG_CPE_ID:=cpe:/a:zabbix:zabbix
define Package/zabbix-agentd
$(call Package/zabbix/Default)
TITLE+= agentd
+ DEPENDS+= +libevent2-pthreads
PROVIDES:=zabbix-agentd
VARIANT:=nossl
DEFAULT_VARIANT:=1
define Package/zabbix-agentd-openssl
$(call Package/zabbix/Default)
TITLE+= agentd (with OpenSSL)
- DEPENDS+= +libopenssl
+ DEPENDS+= +libevent2-pthreads +libopenssl
PROVIDES:=zabbix-agentd
VARIANT:=openssl
endef
define Package/zabbix-agentd-gnutls
$(call Package/zabbix/Default)
TITLE+= agentd (with GnuTLS)
- DEPENDS+= +libgnutls
+ DEPENDS+= +libevent2-pthreads +libgnutls
PROVIDES:=zabbix-agentd
VARIANT:=gnutls
endef
@@ -136,6 +133,7 @@ Server=127.0.0.1
# Range: 0-100
# Default:
- # StartAgents=3
+ # StartAgents=10
+StartAgents=1
##### Active checks related
--- a/src/libs/zbxcommon/misc.c
+++ b/src/libs/zbxcommon/misc.c
-@@ -329,7 +329,7 @@ void zbx_help(void)
- void zbx_version(void)
+@@ -223,7 +223,7 @@ static const char copyright_message[] =
+ void zbx_print_version(const char *title_message)
{
printf("%s (Zabbix) %s\n", title_message, ZABBIX_VERSION);
- printf("Revision %s %s, compilation time: %s %s\n\n", ZABBIX_REVISION, ZABBIX_REVDATE, __DATE__, __TIME__);
--- /dev/null
+# SPDX-License-Identifier: GPL-2.0-only
+#
+# Copyright (C) 2024 Luca Barbato
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=cargo-c
+PKG_VERSION:=0.9.32
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/lu-zero/cargo-c/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=a96f3cc6c63d9901c9583083338d50b0132504bb067f68accc17f4116ed01f72
+
+PKG_MAINTAINER:=Luca Barbato <lu_zero@luminem.org>
+PKG_LICENSE:=MIT
+PKG_LICENSE_FILES:=LICENSE
+
+HOST_BUILD_DEPENDS:=rust/host
+HOST_BUILD_PARALLEL:=1
+PKG_HOST_ONLY:=1
+
+include $(INCLUDE_DIR)/host-build.mk
+include $(INCLUDE_DIR)/package.mk
+include ../../lang/rust/rust-host-build.mk
+
+define Package/cargo-c
+ SECTION:=lang
+ CATEGORY:=Languages
+ SUBMENU:=Rust
+ TITLE:=Build and install rust crates as C libraries
+ DEPENDS:=$(RUST_ARCH_DEPENDS)
+ URL:=https://github.com/lu-zero/cargo-c
+ BUILDONLY:=1
+endef
+
+define Package/cargo-c/description
+ Build and install crates with C bindings so they appear as normal
+ C libraries.
+endef
+
+$(eval $(call RustBinHostBuild))
+$(eval $(call HostBuild))
+$(eval $(call BuildPackage,cargo-c))
include $(TOPDIR)/rules.mk
PKG_NAME:=delve
-PKG_VERSION:=1.20.1
+PKG_VERSION:=1.22.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/go-delve/delve/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=a10aa97d3f6b6219877a73dd305d511442ad0caab740de76fc005796a480de93
+PKG_HASH:=fe6f0d97c233d4f0f1ed422c11508cc57c14e9e0915f9a258f1912c46824cbfb
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
-PKG_MAINTAINER:=Niels Widger <niels@qacafe.com>
+PKG_MAINTAINER:=
PKG_BUILD_DEPENDS:=golang/host
PKG_BUILD_PARALLEL:=1
GCC_VERSION:=$(call qstrip,$(CONFIG_GCC_VERSION))
PKG_VERSION:=$(firstword $(subst +, ,$(GCC_VERSION)))
GCC_MAJOR_VERSION:=$(word 1,$(subst ., ,$(PKG_VERSION)))
-PKG_RELEASE:=6
+PKG_RELEASE:=7
GCC_DIR:=$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE_URL:=@GNU/gcc/gcc-$(PKG_VERSION)
PKG_HASH:=949a5d4f99e786421a93b532b22ffab5578de7321369975b91aec97adfda8c3b
endif
-ifeq ($(PKG_VERSION),13.2.0)
- PKG_HASH:=e275e76442a6067341a27f04c5c6b83d8613144004c0413528863dc6b5c743da
+ifeq ($(PKG_VERSION),13.3.0)
+ PKG_HASH:=0845e9621c9543a13f484e94584a49ffc0129970e9914624235fc1d061a0c083
+endif
+
+ifeq ($(PKG_VERSION),14.2.0)
+ PKG_HASH:=a7b39bc69cbf9e25826c5a60ab26477001f7c08d85cec04bc0e29cabed6f3cc9
endif
PATCH_DIR:=patches-$(GCC_MAJOR_VERSION).x
endef
ifeq ($(CONFIG_INCLUDE_STATIC_LIBC),y)
- COPY_STATIC_LIBC=cp -a $(TOOLCHAIN_DIR)/lib/libc.a $(1)/usr/lib/$(PKG_NAME)/$(REAL_GNU_TARGET_NAME)/$(PKG_VERSION)
+ COPY_STATIC_LIBC=cp -a $(TOOLCHAIN_ROOT_DIR)/lib/libc.a $(1)/usr/lib/$(PKG_NAME)/$(REAL_GNU_TARGET_NAME)/$(PKG_VERSION)
endif
ifeq ($(CONFIG_INCLUDE_STATIC_LIBPTHREAD),y)
- COPY_STATIC_LIBPTHREAD=cp -a $(TOOLCHAIN_DIR)/lib/libpthread.a $(1)/usr/lib/$(PKG_NAME)/$(REAL_GNU_TARGET_NAME)/$(PKG_VERSION)
+ COPY_STATIC_LIBPTHREAD=cp -a $(TOOLCHAIN_ROOT_DIR)/lib/libpthread.a $(1)/usr/lib/$(PKG_NAME)/$(REAL_GNU_TARGET_NAME)/$(PKG_VERSION)
endif
ifeq ($(CONFIG_INCLUDE_STATIC_LIBSTDC),y)
- COPY_STATIC_LIBSTDC=cp -a $(TOOLCHAIN_DIR)/lib/libstdc++.a $(1)/usr/lib/$(PKG_NAME)/$(REAL_GNU_TARGET_NAME)/$(PKG_VERSION)
+ COPY_STATIC_LIBSTDC=cp -a $(TOOLCHAIN_ROOT_DIR)/lib/libstdc++.a $(1)/usr/lib/$(PKG_NAME)/$(REAL_GNU_TARGET_NAME)/$(PKG_VERSION)
endif
ifeq ($(CONFIG_INCLUDE_STATIC_LINK_SPEC),y)
TARGET_CPPFLAGS += -D_GLIBCXX_INCLUDE_NEXT_C_HEADERS
# not using sstrip here as this messes up the .so's somehow
-STRIP:=$(TOOLCHAIN_DIR)/bin/$(TARGET_CROSS)strip
+STRIP:=$(firstword $(TOOLCHAIN_BIN_DIRS))/$(TARGET_CROSS)strip
RSTRIP:= \
- NM="$(TOOLCHAIN_DIR)/bin/$(TARGET_CROSS)nm" \
+ NM="$(firstword $(TOOLCHAIN_BIN_DIRS))/$(TARGET_CROSS)nm" \
STRIP="$(STRIP)" \
STRIP_KMOD="$(STRIP) --strip-debug" \
$(SCRIPT_DIR)/rstrip.sh
ln -s $(REAL_GNU_TARGET_NAME)-gcc $(1)/usr/bin/cc
ln -s $(REAL_GNU_TARGET_NAME)-gcc $(1)/usr/bin/$(REAL_GNU_TARGET_NAME)-gcc-$(PKG_VERSION)
cp -ar $(PKG_INSTALL_DIR)/usr/lib/gcc $(1)/usr/lib
- cp -ar $(TOOLCHAIN_DIR)/include $(1)/usr
- cp -a $(TOOLCHAIN_DIR)/lib/*.{o,so*} $(1)/usr/lib/$(PKG_NAME)/$(REAL_GNU_TARGET_NAME)/$(PKG_VERSION)
- cp -a $(TOOLCHAIN_DIR)/lib/*nonshared*.a $(1)/usr/lib/$(PKG_NAME)/$(REAL_GNU_TARGET_NAME)/$(PKG_VERSION)
- cp -a $(TOOLCHAIN_DIR)/lib/libm.a $(1)/usr/lib/$(PKG_NAME)/$(REAL_GNU_TARGET_NAME)/$(PKG_VERSION)
+ cp -ar $(TOOLCHAIN_ROOT_DIR)/include $(1)/usr
+ cp -a $(TOOLCHAIN_ROOT_DIR)/lib/*.{o,so*} $(1)/usr/lib/$(PKG_NAME)/$(REAL_GNU_TARGET_NAME)/$(PKG_VERSION)
+ cp -a $(TOOLCHAIN_ROOT_DIR)/lib/*nonshared*.a $(1)/usr/lib/$(PKG_NAME)/$(REAL_GNU_TARGET_NAME)/$(PKG_VERSION)
+ cp -a $(TOOLCHAIN_ROOT_DIR)/lib/libm.a $(1)/usr/lib/$(PKG_NAME)/$(REAL_GNU_TARGET_NAME)/$(PKG_VERSION)
$(COPY_STATIC_LIBC)
$(COPY_STATIC_LIBPTHREAD)
$(COPY_STATIC_LIBSTDC)
+++ /dev/null
-From 9970b576b7e4ae337af1268395ff221348c4b34a Mon Sep 17 00:00:00 2001
-From: Francois-Xavier Coudert <fxcoudert@gcc.gnu.org>
-Date: Thu, 7 Mar 2024 14:36:03 +0100
-Subject: [PATCH] Include safe-ctype.h after C++ standard headers, to avoid
- over-poisoning
-
-When building gcc's C++ sources against recent libc++, the poisoning of
-the ctype macros due to including safe-ctype.h before including C++
-standard headers such as <list>, <map>, etc, causes many compilation
-errors, similar to:
-
- In file included from /home/dim/src/gcc/master/gcc/gensupport.cc:23:
- In file included from /home/dim/src/gcc/master/gcc/system.h:233:
- In file included from /usr/include/c++/v1/vector:321:
- In file included from
- /usr/include/c++/v1/__format/formatter_bool.h:20:
- In file included from
- /usr/include/c++/v1/__format/formatter_integral.h:32:
- In file included from /usr/include/c++/v1/locale:202:
- /usr/include/c++/v1/__locale:546:5: error: '__abi_tag__' attribute
- only applies to structs, variables, functions, and namespaces
- 546 | _LIBCPP_INLINE_VISIBILITY
- | ^
- /usr/include/c++/v1/__config:813:37: note: expanded from macro
- '_LIBCPP_INLINE_VISIBILITY'
- 813 | # define _LIBCPP_INLINE_VISIBILITY _LIBCPP_HIDE_FROM_ABI
- | ^
- /usr/include/c++/v1/__config:792:26: note: expanded from macro
- '_LIBCPP_HIDE_FROM_ABI'
- 792 |
- __attribute__((__abi_tag__(_LIBCPP_TOSTRING(
- _LIBCPP_VERSIONED_IDENTIFIER))))
- | ^
- In file included from /home/dim/src/gcc/master/gcc/gensupport.cc:23:
- In file included from /home/dim/src/gcc/master/gcc/system.h:233:
- In file included from /usr/include/c++/v1/vector:321:
- In file included from
- /usr/include/c++/v1/__format/formatter_bool.h:20:
- In file included from
- /usr/include/c++/v1/__format/formatter_integral.h:32:
- In file included from /usr/include/c++/v1/locale:202:
- /usr/include/c++/v1/__locale:547:37: error: expected ';' at end of
- declaration list
- 547 | char_type toupper(char_type __c) const
- | ^
- /usr/include/c++/v1/__locale:553:48: error: too many arguments
- provided to function-like macro invocation
- 553 | const char_type* toupper(char_type* __low, const
- char_type* __high) const
- | ^
- /home/dim/src/gcc/master/gcc/../include/safe-ctype.h:146:9: note:
- macro 'toupper' defined here
- 146 | #define toupper(c) do_not_use_toupper_with_safe_ctype
- | ^
-
-This is because libc++ uses different transitive includes than
-libstdc++, and some of those transitive includes pull in various ctype
-declarations (typically via <locale>).
-
-There was already a special case for including <string> before
-safe-ctype.h, so move the rest of the C++ standard header includes to
-the same location, to fix the problem.
-
-gcc/ChangeLog:
-
- * system.h: Include safe-ctype.h after C++ standard headers.
-
-Signed-off-by: Dimitry Andric <dimitry@andric.com>
----
- gcc/system.h | 39 ++++++++++++++++++---------------------
- 1 file changed, 18 insertions(+), 21 deletions(-)
-
---- a/gcc/system.h
-+++ b/gcc/system.h
-@@ -194,27 +194,8 @@ extern int fprintf_unlocked (FILE *, con
- #undef fread_unlocked
- #undef fwrite_unlocked
-
--/* Include <string> before "safe-ctype.h" to avoid GCC poisoning
-- the ctype macros through safe-ctype.h */
--
--#ifdef __cplusplus
--#ifdef INCLUDE_STRING
--# include <string>
--#endif
--#endif
--
--/* There are an extraordinary number of issues with <ctype.h>.
-- The last straw is that it varies with the locale. Use libiberty's
-- replacement instead. */
--#include "safe-ctype.h"
--
--#include <sys/types.h>
--
--#include <errno.h>
--
--#if !defined (errno) && defined (HAVE_DECL_ERRNO) && !HAVE_DECL_ERRNO
--extern int errno;
--#endif
-+/* Include C++ standard headers before "safe-ctype.h" to avoid GCC
-+ poisoning the ctype macros through safe-ctype.h */
-
- #ifdef __cplusplus
- #if defined (INCLUDE_ALGORITHM) || !defined (HAVE_SWAP_IN_UTILITY)
-@@ -229,6 +210,9 @@ extern int errno;
- #ifdef INCLUDE_SET
- # include <set>
- #endif
-+#ifdef INCLUDE_STRING
-+# include <string>
-+#endif
- #ifdef INCLUDE_VECTOR
- # include <vector>
- #endif
-@@ -245,6 +229,19 @@ extern int errno;
- # include <type_traits>
- #endif
-
-+/* There are an extraordinary number of issues with <ctype.h>.
-+ The last straw is that it varies with the locale. Use libiberty's
-+ replacement instead. */
-+#include "safe-ctype.h"
-+
-+#include <sys/types.h>
-+
-+#include <errno.h>
-+
-+#if !defined (errno) && defined (HAVE_DECL_ERRNO) && !HAVE_DECL_ERRNO
-+extern int errno;
-+#endif
-+
- /* Some of glibc's string inlines cause warnings. Plus we'd rather
- rely on (and therefore test) GCC's string builtins. */
- #define __NO_STRING_INLINES
+++ /dev/null
-From 5213047b1d50af63dfabb5e5649821a6cb157e33 Mon Sep 17 00:00:00 2001
-From: Francois-Xavier Coudert <fxcoudert@gcc.gnu.org>
-Date: Sat, 16 Mar 2024 09:50:00 +0100
-Subject: [PATCH] libcc1: fix <vector> include
-
-Use INCLUDE_VECTOR before including system.h, instead of directly
-including <vector>, to avoid running into poisoned identifiers.
-
-Signed-off-by: Dimitry Andric <dimitry@andric.com>
-
-libcc1/ChangeLog:
-
- PR middle-end/111632
- * libcc1plugin.cc: Fix include.
- * libcp1plugin.cc: Fix include.
----
- libcc1/libcc1plugin.cc | 3 +--
- libcc1/libcp1plugin.cc | 3 +--
- 2 files changed, 2 insertions(+), 4 deletions(-)
-
---- a/libcc1/libcc1plugin.cc
-+++ b/libcc1/libcc1plugin.cc
-@@ -32,6 +32,7 @@
- #undef PACKAGE_VERSION
-
- #define INCLUDE_MEMORY
-+#define INCLUDE_VECTOR
- #include "gcc-plugin.h"
- #include "system.h"
- #include "coretypes.h"
-@@ -69,8 +70,6 @@
- #include "gcc-c-interface.h"
- #include "context.hh"
-
--#include <vector>
--
- using namespace cc1_plugin;
-
- \f
---- a/libcc1/libcp1plugin.cc
-+++ b/libcc1/libcp1plugin.cc
-@@ -33,6 +33,7 @@
- #undef PACKAGE_VERSION
-
- #define INCLUDE_MEMORY
-+#define INCLUDE_VECTOR
- #include "gcc-plugin.h"
- #include "system.h"
- #include "coretypes.h"
-@@ -71,8 +72,6 @@
- #include "rpc.hh"
- #include "context.hh"
-
--#include <vector>
--
- using namespace cc1_plugin;
-
- \f
--- a/gcc/config/mips/mips.cc
+++ b/gcc/config/mips/mips.cc
-@@ -20213,7 +20213,7 @@ mips_option_override (void)
+@@ -20219,7 +20219,7 @@ mips_option_override (void)
flag_pcc_struct_return = 0;
/* Decide which rtx_costs structure to use. */
--- a/gcc/config/aarch64/aarch64.h
+++ b/gcc/config/aarch64/aarch64.h
-@@ -1185,7 +1185,7 @@ extern enum aarch64_code_model aarch64_c
+@@ -1195,7 +1195,7 @@ extern enum aarch64_code_model aarch64_c
/* Extra specs when building a native AArch64-hosted compiler.
Option rewriting rules based on host system. */
--- /dev/null
+commit 81cc26c706b2bc8c8c1eb1a322e5c5157900836e
+Author: Felix Fietkau <nbd@openwrt.org>
+Date: Sun Oct 19 21:45:51 2014 +0000
+
+ gcc: do not assume that the Mac OS X filesystem is case insensitive
+
+ Signed-off-by: Felix Fietkau <nbd@openwrt.org>
+
+ SVN-Revision: 42973
+
+--- a/include/filenames.h
++++ b/include/filenames.h
+@@ -44,11 +44,6 @@ extern "C" {
+ # define IS_DIR_SEPARATOR(c) IS_DOS_DIR_SEPARATOR (c)
+ # define IS_ABSOLUTE_PATH(f) IS_DOS_ABSOLUTE_PATH (f)
+ #else /* not DOSish */
+-# if defined(__APPLE__)
+-# ifndef HAVE_CASE_INSENSITIVE_FILE_SYSTEM
+-# define HAVE_CASE_INSENSITIVE_FILE_SYSTEM 1
+-# endif
+-# endif /* __APPLE__ */
+ # define HAS_DRIVE_SPEC(f) (0)
+ # define IS_DIR_SEPARATOR(c) IS_UNIX_DIR_SEPARATOR (c)
+ # define IS_ABSOLUTE_PATH(f) IS_UNIX_ABSOLUTE_PATH (f)
--- /dev/null
+--- a/gcc/real.h
++++ b/gcc/real.h
+@@ -77,8 +77,10 @@ struct GTY(()) real_value {
+ + (REAL_VALUE_TYPE_SIZE%HOST_BITS_PER_WIDE_INT ? 1 : 0)) /* round up */
+
+ /* Verify the guess. */
++#ifndef __LP64__
+ extern char test_real_width
+ [sizeof (REAL_VALUE_TYPE) <= REAL_WIDTH * sizeof (HOST_WIDE_INT) ? 1 : -1];
++#endif
+
+ /* Calculate the format for CONST_DOUBLE. We need as many slots as
+ are necessary to overlay a REAL_VALUE_TYPE on them. This could be
--- /dev/null
+commit 098bd91f5eae625c7d2ee621e10930fc4434e5e2
+Author: Luka Perkov <luka@openwrt.org>
+Date: Tue Feb 26 16:16:33 2013 +0000
+
+ gcc: don't build documentation
+
+ This closes #13039.
+
+ Signed-off-by: Luka Perkov <luka@openwrt.org>
+
+ SVN-Revision: 35807
+
+--- a/gcc/Makefile.in
++++ b/gcc/Makefile.in
+@@ -3549,18 +3549,10 @@ doc/gcc.info: $(TEXI_GCC_FILES)
+ doc/gccint.info: $(TEXI_GCCINT_FILES)
+ doc/cppinternals.info: $(TEXI_CPPINT_FILES)
+
+-doc/%.info: %.texi
+- if [ x$(BUILD_INFO) = xinfo ]; then \
+- $(MAKEINFO) $(MAKEINFOFLAGS) -I . -I $(gcc_docdir) \
+- -I $(gcc_docdir)/include -o $@ $<; \
+- fi
++doc/%.info:
+
+ # Duplicate entry to handle renaming of gccinstall.info
+-doc/gccinstall.info: $(TEXI_GCCINSTALL_FILES)
+- if [ x$(BUILD_INFO) = xinfo ]; then \
+- $(MAKEINFO) $(MAKEINFOFLAGS) -I $(gcc_docdir) \
+- -I $(gcc_docdir)/include -o $@ $<; \
+- fi
++doc/gccinstall.info:
+
+ doc/cpp.dvi: $(TEXI_CPP_FILES)
+ doc/gcc.dvi: $(TEXI_GCC_FILES)
--- /dev/null
+Fix https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84790.
+MIPS16 functions have a static assembler prologue which clobbers
+registers v0 and v1. Add these register clobbers to function call
+instructions.
+
+--- a/gcc/config/mips/mips.cc
++++ b/gcc/config/mips/mips.cc
+@@ -3227,6 +3227,12 @@ mips_emit_call_insn (rtx pattern, rtx or
+ emit_insn (gen_update_got_version ());
+ }
+
++ if (TARGET_MIPS16 && TARGET_USE_GOT)
++ {
++ clobber_reg (&CALL_INSN_FUNCTION_USAGE (insn), MIPS16_PIC_TEMP);
++ clobber_reg (&CALL_INSN_FUNCTION_USAGE (insn), MIPS_PROLOGUE_TEMP (word_mode));
++ }
++
+ if (TARGET_MIPS16
+ && TARGET_EXPLICIT_RELOCS
+ && TARGET_CALL_CLOBBERED_GP)
--- /dev/null
+--- a/gcc/gcc.cc
++++ b/gcc/gcc.cc
+@@ -985,7 +985,9 @@ proper position among the other output f
+ #endif
+
+ #ifndef LINK_SSP_SPEC
+-#ifdef TARGET_LIBC_PROVIDES_SSP
++#if DEFAULT_LIBC == LIBC_MUSL
++#define LINK_SSP_SPEC "-lssp_nonshared"
++#elif defined(TARGET_LIBC_PROVIDES_SSP)
+ #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
+ "|fstack-protector-strong|fstack-protector-explicit:}"
+ #else
--- /dev/null
+commit ecf7671b769fe96f7b5134be442089f8bdba55d2
+Author: Felix Fietkau <nbd@nbd.name>
+Date: Thu Aug 4 20:29:45 2016 +0200
+
+gcc: add a patch to generate better code with Os on mips
+
+Also happens to reduce compressed code size a bit
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+
+--- a/gcc/config/mips/mips.cc
++++ b/gcc/config/mips/mips.cc
+@@ -20453,7 +20453,7 @@ mips_option_override (void)
+ flag_pcc_struct_return = 0;
+
+ /* Decide which rtx_costs structure to use. */
+- if (optimize_size)
++ if (0 && optimize_size)
+ mips_cost = &mips_rtx_cost_optimize_size;
+ else
+ mips_cost = &mips_rtx_cost_data[mips_tune];
--- /dev/null
+commit 8570c4be394cff7282f332f97da2ff569a927ddb
+Author: Imre Kaloz <kaloz@openwrt.org>
+Date: Wed Feb 2 20:06:12 2011 +0000
+
+ fixup arm soft-float symbols
+
+ SVN-Revision: 25325
+
+--- a/libgcc/config/arm/t-linux
++++ b/libgcc/config/arm/t-linux
+@@ -1,6 +1,10 @@
+ LIB1ASMSRC = arm/lib1funcs.S
+ LIB1ASMFUNCS = _udivsi3 _divsi3 _umodsi3 _modsi3 _dvmd_lnx _clzsi2 _clzdi2 \
+- _ctzsi2 _arm_addsubdf3 _arm_addsubsf3
++ _ctzsi2 _arm_addsubdf3 _arm_addsubsf3 \
++ _arm_negdf2 _arm_muldivdf3 _arm_cmpdf2 _arm_unorddf2 \
++ _arm_fixdfsi _arm_fixunsdfsi _arm_truncdfsf2 \
++ _arm_negsf2 _arm_muldivsf3 _arm_cmpsf2 _arm_unordsf2 \
++ _arm_fixsfsi _arm_fixunssfsi
+
+ # Just for these, we omit the frame pointer since it makes such a big
+ # difference.
+--- a/gcc/config/arm/linux-elf.h
++++ b/gcc/config/arm/linux-elf.h
+@@ -58,8 +58,6 @@
+ %{shared:-lc} \
+ %{!shared:%{profile:-lc_p}%{!profile:-lc}}"
+
+-#define LIBGCC_SPEC "%{mfloat-abi=soft*:-lfloat} -lgcc"
+-
+ #define GLIBC_DYNAMIC_LINKER "/lib/ld-linux.so.2"
+
+ #define LINUX_TARGET_LINK_SPEC "%{h*} \
--- /dev/null
+commit c96312958c0621e72c9b32da5bc224ffe2161384
+Author: Felix Fietkau <nbd@openwrt.org>
+Date: Mon Oct 19 23:26:09 2009 +0000
+
+ gcc: create a proper libgcc_pic.a static library for relinking (4.3.3+ for now, backport will follow)
+
+ SVN-Revision: 18086
+
+--- a/libgcc/Makefile.in
++++ b/libgcc/Makefile.in
+@@ -940,11 +940,12 @@ $(libgcov-driver-objects): %$(objext): $
+
+ # Static libraries.
+ libgcc.a: $(libgcc-objects)
++libgcc_pic.a: $(libgcc-s-objects)
+ libgcov.a: $(libgcov-objects)
+ libunwind.a: $(libunwind-objects)
+ libgcc_eh.a: $(libgcc-eh-objects)
+
+-libgcc.a libgcov.a libunwind.a libgcc_eh.a:
++libgcc.a libgcov.a libunwind.a libgcc_eh.a libgcc_pic.a:
+ -rm -f $@
+
+ objects="$(objects)"; \
+@@ -968,7 +969,7 @@ all: libunwind.a
+ endif
+
+ ifeq ($(enable_shared),yes)
+-all: libgcc_eh.a libgcc_s$(SHLIB_EXT)
++all: libgcc_eh.a libgcc_pic.a libgcc_s$(SHLIB_EXT)
+ ifneq ($(LIBUNWIND),)
+ all: libunwind$(SHLIB_EXT)
+ libgcc_s$(SHLIB_EXT): libunwind$(SHLIB_EXT)
+@@ -1174,6 +1175,10 @@ install-shared:
+ chmod 644 $(DESTDIR)$(inst_libdir)/libgcc_eh.a
+ $(RANLIB) $(DESTDIR)$(inst_libdir)/libgcc_eh.a
+
++ $(INSTALL_DATA) libgcc_pic.a $(mapfile) $(DESTDIR)$(inst_libdir)/
++ chmod 644 $(DESTDIR)$(inst_libdir)/libgcc_pic.a
++ $(RANLIB) $(DESTDIR)$(inst_libdir)/libgcc_pic.a
++
+ $(subst @multilib_dir@,$(MULTIDIR),$(subst \
+ @shlib_base_name@,libgcc_s,$(subst \
+ @shlib_slibdir_qual@,$(MULTIOSSUBDIR),$(SHLIB_INSTALL))))
--- /dev/null
+commit 7edc8ca5456d9743dd0075eb3cc5b04f4f24c8cc
+Author: Imre Kaloz <kaloz@openwrt.org>
+Date: Wed Feb 2 19:34:36 2011 +0000
+
+ add armv4 fixup patches
+
+ SVN-Revision: 25322
+
+
+--- a/gcc/config/arm/linux-eabi.h
++++ b/gcc/config/arm/linux-eabi.h
+@@ -88,10 +88,15 @@
+ #define MUSL_DYNAMIC_LINKER \
+ "/lib/ld-musl-arm" MUSL_DYNAMIC_LINKER_E "%{mfloat-abi=hard:hf}%{mfdpic:-fdpic}.so.1"
+
++/* For armv4 we pass --fix-v4bx to linker to support EABI */
++#undef TARGET_FIX_V4BX_SPEC
++#define TARGET_FIX_V4BX_SPEC " %{mcpu=arm8|mcpu=arm810|mcpu=strongarm*"\
++ "|march=armv4|mcpu=fa526|mcpu=fa626:--fix-v4bx}"
++
+ /* At this point, bpabi.h will have clobbered LINK_SPEC. We want to
+ use the GNU/Linux version, not the generic BPABI version. */
+ #undef LINK_SPEC
+-#define LINK_SPEC EABI_LINK_SPEC \
++#define LINK_SPEC EABI_LINK_SPEC TARGET_FIX_V4BX_SPEC \
+ LINUX_OR_ANDROID_LD (LINUX_TARGET_LINK_SPEC, \
+ LINUX_TARGET_LINK_SPEC " " ANDROID_LINK_SPEC)
+
--- /dev/null
+commit dcfc40358b5a3cae7320c17f8d1cebd5ad5540cd
+Author: Felix Fietkau <nbd@openwrt.org>
+Date: Sun Feb 12 20:25:47 2012 +0000
+
+ gcc 4.6: port over the missing patch 850-use_shared_libgcc.patch to prevent libgcc crap from leaking into every single binary
+
+ SVN-Revision: 30486
+--- a/gcc/config/arm/linux-eabi.h
++++ b/gcc/config/arm/linux-eabi.h
+@@ -129,10 +129,6 @@
+ "%{Ofast|ffast-math|funsafe-math-optimizations:%{!shared:crtfastmath.o%s}} " \
+ LINUX_OR_ANDROID_LD (GNU_USER_TARGET_ENDFILE_SPEC, ANDROID_ENDFILE_SPEC)
+
+-/* Use the default LIBGCC_SPEC, not the version in linux-elf.h, as we
+- do not use -lfloat. */
+-#undef LIBGCC_SPEC
+-
+ /* Clear the instruction cache from `beg' to `end'. This is
+ implemented in lib1funcs.S, so ensure an error if this definition
+ is used. */
+--- a/gcc/config/linux.h
++++ b/gcc/config/linux.h
+@@ -58,6 +58,10 @@ see the files COPYING3 and COPYING.RUNTI
+ builtin_assert ("system=posix"); \
+ } while (0)
+
++#ifndef LIBGCC_SPEC
++#define LIBGCC_SPEC "%{static|static-libgcc:-lgcc}%{!static:%{!static-libgcc:-lgcc_s}}"
++#endif
++
+ /* Determine which dynamic linker to use depending on whether GLIBC or
+ uClibc or Bionic or musl is the default C library and whether
+ -muclibc or -mglibc or -mbionic or -mmusl has been passed to change
+--- a/libgcc/mkmap-symver.awk
++++ b/libgcc/mkmap-symver.awk
+@@ -136,5 +136,5 @@ function output(lib) {
+ else if (inherit[lib])
+ printf("} %s;\n", inherit[lib]);
+ else
+- printf ("\n local:\n\t*;\n};\n");
++ printf ("\n\t*;\n};\n");
+ }
+--- a/gcc/config/rs6000/linux.h
++++ b/gcc/config/rs6000/linux.h
+@@ -70,6 +70,9 @@
+ #undef CPP_OS_DEFAULT_SPEC
+ #define CPP_OS_DEFAULT_SPEC "%(cpp_os_linux)"
+
++#undef LIBGCC_SPEC
++#define LIBGCC_SPEC "%{!static:%{!static-libgcc:-lgcc_s}} -lgcc"
++
+ #undef LINK_SHLIB_SPEC
+ #define LINK_SHLIB_SPEC "%{shared:-shared} %{!shared: %{static:-static}} \
+ %{static-pie:-static -pie --no-dynamic-linker -z text}"
--- /dev/null
+commit 64661de100da1ec1061ef3e5e400285dce115e6b
+Author: Felix Fietkau <nbd@openwrt.org>
+Date: Sun May 10 13:16:35 2015 +0000
+
+ gcc: add some size optimization patches
+
+ Signed-off-by: Felix Fietkau <nbd@openwrt.org>
+
+ SVN-Revision: 45664
+
+--- a/libgcc/config/t-libunwind
++++ b/libgcc/config/t-libunwind
+@@ -2,8 +2,7 @@
+
+ HOST_LIBGCC2_CFLAGS += -DUSE_GAS_SYMVER
+
+-LIB2ADDEH = $(srcdir)/unwind-sjlj.c $(srcdir)/unwind-c.c \
+- $(srcdir)/unwind-compat.c $(srcdir)/unwind-dw2-fde-compat.c
++LIB2ADDEH = $(srcdir)/unwind-sjlj.c $(srcdir)/unwind-c.c
+ LIB2ADDEHSTATIC = $(srcdir)/unwind-sjlj.c $(srcdir)/unwind-c.c
+
+ # Override the default value from t-slibgcc-elf-ver and mention -lunwind
--- /dev/null
+--- a/gcc/config/rs6000/rs6000-logue.cc
++++ b/gcc/config/rs6000/rs6000-logue.cc
+@@ -344,7 +344,7 @@ rs6000_savres_strategy (rs6000_stack_t *
+ /* Define cutoff for using out-of-line functions to save registers. */
+ if (DEFAULT_ABI == ABI_V4 || TARGET_ELF)
+ {
+- if (!optimize_size)
++ if (1)
+ {
+ strategy |= SAVE_INLINE_FPRS | REST_INLINE_FPRS;
+ strategy |= SAVE_INLINE_GPRS | REST_INLINE_GPRS;
--- /dev/null
+--- a/libgcc/crtstuff.c
++++ b/libgcc/crtstuff.c
+@@ -152,7 +152,7 @@ call_ ## FUNC (void) \
+ #endif
+
+ #if !defined(USE_TM_CLONE_REGISTRY) && defined(OBJECT_FORMAT_ELF)
+-# define USE_TM_CLONE_REGISTRY 1
++# define USE_TM_CLONE_REGISTRY 0
+ #elif !defined(USE_TM_CLONE_REGISTRY)
+ # define USE_TM_CLONE_REGISTRY 0
+ #endif
--- /dev/null
+--- a/libgcc/config/mips/t-mips16
++++ b/libgcc/config/mips/t-mips16
+@@ -42,3 +42,6 @@ SYNC_CFLAGS = -mno-mips16
+
+ # Version these symbols if building libgcc.so.
+ SHLIB_MAPFILES += $(srcdir)/config/mips/libgcc-mips16.ver
++
++CRTSTUFF_T_CFLAGS += -mno-mips16
++CRTSTUFF_T_CFLAGS_S += -mno-mips16
--- /dev/null
+commit 99368862e44740ff4fd33760893f04e14f9dbdf1
+Author: Felix Fietkau <nbd@openwrt.org>
+Date: Tue Jul 31 00:52:27 2007 +0000
+
+ Port the mbsd_multi patch from freewrt, which adds -fhonour-copts. This will emit warnings in packages that don't use our target cflags properly
+
+ SVN-Revision: 8256
+
+ This patch brings over a feature from MirBSD:
+ * -fhonour-copts
+ If this option is not given, it's warned (depending
+ on environment variables). This is to catch errors
+ of misbuilt packages which override CFLAGS themselves.
+
+ This patch was authored by Thorsten Glaser <tg at mirbsd.de>
+ with copyright assignment to the FSF in effect.
+
+--- a/gcc/c-family/c-opts.cc
++++ b/gcc/c-family/c-opts.cc
+@@ -108,6 +108,9 @@ static size_t include_cursor;
+ /* Whether any standard preincluded header has been preincluded. */
+ static bool done_preinclude;
+
++/* Check if a port honours COPTS. */
++static int honour_copts = 0;
++
+ static void handle_OPT_d (const char *);
+ static void set_std_cxx98 (int);
+ static void set_std_cxx11 (int);
+@@ -498,6 +501,12 @@ c_common_handle_option (size_t scode, co
+ flag_no_builtin = !value;
+ break;
+
++ case OPT_fhonour_copts:
++ if (c_language == clk_c) {
++ honour_copts++;
++ }
++ break;
++
+ case OPT_fconstant_string_class_:
+ constant_string_class_name = arg;
+ break;
+@@ -1291,6 +1300,47 @@ c_common_init (void)
+ return false;
+ }
+
++ if (c_language == clk_c) {
++ char *ev = getenv ("GCC_HONOUR_COPTS");
++ int evv;
++ if (ev == NULL)
++ evv = -1;
++ else if ((*ev == '0') || (*ev == '\0'))
++ evv = 0;
++ else if (*ev == '1')
++ evv = 1;
++ else if (*ev == '2')
++ evv = 2;
++ else if (*ev == 's')
++ evv = -1;
++ else {
++ warning (0, "unknown GCC_HONOUR_COPTS value, assuming 1");
++ evv = 1; /* maybe depend this on something like MIRBSD_NATIVE? */
++ }
++ if (evv == 1) {
++ if (honour_copts == 0) {
++ error ("someone does not honour COPTS at all in lenient mode");
++ return false;
++ } else if (honour_copts != 1) {
++ warning (0, "someone does not honour COPTS correctly, passed %d times",
++ honour_copts);
++ }
++ } else if (evv == 2) {
++ if (honour_copts == 0) {
++ error ("someone does not honour COPTS at all in strict mode");
++ return false;
++ } else if (honour_copts != 1) {
++ error ("someone does not honour COPTS correctly, passed %d times",
++ honour_copts);
++ return false;
++ }
++ } else if (evv == 0) {
++ if (honour_copts != 1)
++ inform (UNKNOWN_LOCATION, "someone does not honour COPTS correctly, passed %d times",
++ honour_copts);
++ }
++ }
++
+ return true;
+ }
+
+--- a/gcc/c-family/c.opt
++++ b/gcc/c-family/c.opt
+@@ -1910,6 +1910,9 @@ C++ ObjC++ Optimization Alias(fexception
+ fhonor-std
+ C++ ObjC++ WarnRemoved
+
++fhonour-copts
++C ObjC C++ ObjC++ RejectNegative
++
+ fhosted
+ C ObjC
+ Assume normal C execution environment.
+--- a/gcc/common.opt
++++ b/gcc/common.opt
+@@ -1881,6 +1881,9 @@ Enum(hardcfr_check_noreturn_calls) Strin
+ EnumValue
+ Enum(hardcfr_check_noreturn_calls) String(always) Value(HCFRNR_ALWAYS)
+
++fhonour-copts
++Common RejectNegative
++
+ ; Nonzero means ignore `#ident' directives. 0 means handle them.
+ ; Generate position-independent code for executables if possible
+ ; On SVR4 targets, it also controls whether or not to emit a
+--- a/gcc/doc/invoke.texi
++++ b/gcc/doc/invoke.texi
+@@ -10597,6 +10597,17 @@ This option is only supported for C and
+
+ This warning is upgraded to an error by @option{-pedantic-errors}.
+
++@item -fhonour-copts
++@opindex fhonour-copts
++If @env{GCC_HONOUR_COPTS} is set to 1, abort if this option is not
++given at least once, and warn if it is given more than once.
++If @env{GCC_HONOUR_COPTS} is set to 2, abort if this option is not
++given exactly once.
++If @env{GCC_HONOUR_COPTS} is set to 0 or unset, warn if this option
++is not given exactly once.
++The warning is quelled if @env{GCC_HONOUR_COPTS} is set to @samp{s}.
++This flag and environment variable only affect the C language.
++
+ @opindex Wstack-protector
+ @opindex Wno-stack-protector
+ @item -Wstack-protector
+--- a/gcc/opts.cc
++++ b/gcc/opts.cc
+@@ -2833,6 +2833,9 @@ common_handle_option (struct gcc_options
+ add_comma_separated_to_vector (&opts->x_flag_ignored_attributes, arg);
+ break;
+
++ case OPT_fhonour_copts:
++ break;
++
+ case OPT_Werror:
+ dc->set_warning_as_error_requested (value);
+ break;
--- /dev/null
+Author: Jo-Philipp Wich <jow@openwrt.org>
+Date: Sat Apr 21 03:02:39 2012 +0000
+
+ gcc: add patch to make the getenv() spec function nonfatal if requested environment variable is unset
+
+ SVN-Revision: 31390
+
+--- a/gcc/gcc.cc
++++ b/gcc/gcc.cc
+@@ -10319,8 +10319,10 @@ getenv_spec_function (int argc, const ch
+ }
+
+ if (!value)
+- fatal_error (input_location,
+- "environment variable %qs not defined", varname);
++ {
++ warning (input_location, "environment variable %qs not defined", varname);
++ value = "";
++ }
+
+ /* We have to escape every character of the environment variable so
+ they are not interpreted as active spec characters. A
--- /dev/null
+From dda6b050cd74a352670787a294596a9c56c21327 Mon Sep 17 00:00:00 2001
+From: Yousong Zhou <yszhou4tech@gmail.com>
+Date: Fri, 4 May 2018 18:20:53 +0800
+Subject: [PATCH] gotools: fix compilation when making cross compiler
+
+libgo is "the runtime support library for the Go programming language.
+This library is intended for use with the Go frontend."
+
+gccgo will link target files with libgo.so which depends on libgcc_s.so.1, but
+the linker will complain that it cannot find it. That's because shared libgcc
+is not present in the install directory yet. libgo.so was made without problem
+because gcc will emit -lgcc_s when compiled with -shared option. When gotools
+were being made, it was supplied with -static-libgcc thus no link option was
+provided. Check LIBGO in gcc/go/gcc-spec.c for how gccgo make a builtin spec
+for linking with libgo.so
+
+- GccgoCrossCompilation, https://github.com/golang/go/wiki/GccgoCrossCompilation
+- Cross-building instructions, http://www.eglibc.org/archives/patches/msg00078.html
+
+When 3-pass GCC compilation is used, shared libgcc runtime libraries will be
+available after gcc pass2 completed and will meet the gotools link requirement
+at gcc pass3
+---
+ gotools/Makefile.am | 4 +++-
+ gotools/Makefile.in | 4 +++-
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+--- a/gotools/Makefile.am
++++ b/gotools/Makefile.am
+@@ -26,6 +26,7 @@ PWD_COMMAND = $${PWDCMD-pwd}
+ STAMP = echo timestamp >
+
+ libgodir = ../$(target_noncanonical)/libgo
++libgccdir = ../$(target_noncanonical)/libgcc
+ LIBGODEP = $(libgodir)/libgo.la
+
+ LIBGOTOOL = $(libgodir)/libgotool.a
+@@ -41,7 +42,8 @@ GOCFLAGS = $(CFLAGS_FOR_TARGET)
+ GOCOMPILE = $(GOCOMPILER) $(GOCFLAGS)
+
+ AM_GOCFLAGS = -I $(libgodir)
+-AM_LDFLAGS = -L $(libgodir) -L $(libgodir)/.libs
++AM_LDFLAGS = -L $(libgodir) -L $(libgodir)/.libs \
++ -L $(libgccdir) -L $(libgccdir)/.libs -lgcc_s
+ GOLINK = $(GOCOMPILER) $(GOCFLAGS) $(AM_GOCFLAGS) $(LDFLAGS) $(AM_LDFLAGS) -o $@
+
+ libgosrcdir = $(srcdir)/../libgo/go
+--- a/gotools/Makefile.in
++++ b/gotools/Makefile.in
+@@ -337,6 +337,7 @@ mkinstalldirs = $(SHELL) $(toplevel_srcd
+ PWD_COMMAND = $${PWDCMD-pwd}
+ STAMP = echo timestamp >
+ libgodir = ../$(target_noncanonical)/libgo
++libgccdir = ../$(target_noncanonical)/libgcc
+ LIBGODEP = $(libgodir)/libgo.la
+ LIBGOTOOL = $(libgodir)/libgotool.a
+ @NATIVE_FALSE@GOCOMPILER = $(GOC)
+@@ -346,7 +347,8 @@ LIBGOTOOL = $(libgodir)/libgotool.a
+ GOCFLAGS = $(CFLAGS_FOR_TARGET)
+ GOCOMPILE = $(GOCOMPILER) $(GOCFLAGS)
+ AM_GOCFLAGS = -I $(libgodir)
+-AM_LDFLAGS = -L $(libgodir) -L $(libgodir)/.libs
++AM_LDFLAGS = -L $(libgodir) -L $(libgodir)/.libs \
++ -L $(libgccdir) -L $(libgccdir)/.libs -lgcc_s
+ GOLINK = $(GOCOMPILER) $(GOCFLAGS) $(AM_GOCFLAGS) $(LDFLAGS) $(AM_LDFLAGS) -o $@
+ libgosrcdir = $(srcdir)/../libgo/go
+ cmdsrcdir = $(libgosrcdir)/cmd
--- /dev/null
+commit 9c6e71079b46ad5433165feaa2001450f2017b56
+Author: Przemysław Buczkowski <prem@prem.moe>
+Date: Mon Aug 16 13:16:21 2021 +0100
+
+ GCC: Patch for Apple Silicon compatibility
+
+ This patch fixes a linker error occuring when compiling
+ the cross-compiler on macOS and ARM64 architecture.
+
+ Adapted from:
+ https://github.com/richfelker/musl-cross-make/issues/116#issuecomment-823612404
+
+ Change-Id: Ia3ee98a163bbb62689f42e2da83a5ef36beb0913
+ Reviewed-on: https://review.haiku-os.org/c/buildtools/+/4329
+ Reviewed-by: John Scipione <jscipione@gmail.com>
+ Reviewed-by: Adrien Destugues <pulkomandy@gmail.com>
+
+--- a/gcc/config/aarch64/aarch64.h
++++ b/gcc/config/aarch64/aarch64.h
+@@ -1410,7 +1410,7 @@ extern enum aarch64_code_model aarch64_c
+
+ /* Extra specs when building a native AArch64-hosted compiler.
+ Option rewriting rules based on host system. */
+-#if defined(__aarch64__)
++#if defined(__aarch64__) && ! defined(__APPLE__)
+ extern const char *host_detect_local_cpu (int argc, const char **argv);
+ #define HAVE_LOCAL_CPU_DETECT
+ # define EXTRA_SPEC_FUNCTIONS \
+--- a/gcc/config/host-darwin.cc
++++ b/gcc/config/host-darwin.cc
+@@ -23,6 +23,8 @@
+ #include "options.h"
+ #include "diagnostic-core.h"
+ #include "config/host-darwin.h"
++#include "hosthooks.h"
++#include "hosthooks-def.h"
+ #include <errno.h>
+
+ /* For Darwin (macOS only) platforms, without ASLR (PIE) enabled on the
+@@ -181,3 +183,5 @@ darwin_gt_pch_use_address (void *&addr,
+
+ return 1;
+ }
++
++const struct host_hooks host_hooks = HOST_HOOKS_INITIALIZER;
+++ /dev/null
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=miredo
-PKG_VERSION:=1.2.6
-PKG_RELEASE:=3
-
-PKG_SOURCE:=miredo-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=https://www.remlab.net/files/miredo/
-PKG_HASH:=fa26d2f4a405415833669e2e2e22677b225d8f83600844645d5683535ea43149
-
-PKG_CONFIG_DEPENDS:= \
- CONFIG_IPV6 \
- CONFIG_TUN
-PKG_BUILD_PARALLEL:=1
-PKG_CHECK_FORMAT_SECURITY:=0
-PKG_INSTALL:=1
-PKG_BUILD_FLAGS:=gc-sections
-
-PKG_MAINTAINER:=
-PKG_LICENSE:=GPL-2.0-or-later
-PKG_LICENSE_FILES:=COPYING
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/miredo
- SECTION:=net
- CATEGORY:=Network
- TITLE:=Teredo IPv6 tunneling utility
- URL:=https://www.remlab.net/miredo/
- DEPENDS:=@IPV6 +libpthread +librt +kmod-tun
-endef
-
-define Package/miredo/description
- Miredo is an open-source Teredo IPv6 tunneling software, for Linux and the BSD
- operating systems. It includes functional implementations of all components of
- the Teredo specification (client, relay and server). It is meant to provide
- IPv6 connectivity even from behind NAT devices.
-endef
-
-define Package/miredo/conffiles
-/etc/miredo/miredo.conf
-endef
-
-CONFIGURE_ARGS+= \
- --enable-shared \
- --enable-static \
- --disable-binreloc \
- --with-pic \
- --without-libiconv-prefix \
- --without-libintl-prefix
-
-CONFIGURE_VARS += \
- ac_cv_header_sys_capability_h=no
-
-TARGET_CFLAGS+= \
- $(FPIC)
-
-define Package/miredo/install
- $(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/*.so* $(1)/usr/lib/
- $(INSTALL_DIR) $(1)/usr/sbin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/miredo $(1)/usr/sbin/
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/miredo-checkconf $(1)/usr/sbin/
- $(INSTALL_DIR) $(1)/usr/lib/miredo
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/miredo/miredo-privproc $(1)/usr/lib/miredo
- $(INSTALL_DIR) $(1)/etc/miredo
- $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/miredo/miredo.conf $(1)/etc/miredo
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/etc/miredo/client-hook $(1)/etc/miredo
- $(INSTALL_DIR) $(1)/etc/init.d/
- $(INSTALL_BIN) ./files/miredo.init $(1)/etc/init.d/miredo
-endef
-
-$(eval $(call BuildPackage,miredo))
+++ /dev/null
-#!/bin/sh /etc/rc.common
-
-USE_PROCD=1
-START=41
-
-PROG=/usr/sbin/miredo
-CONFFILE=/etc/miredo/miredo.conf
-
-start_service() {
- procd_open_instance
- procd_set_param command $PROG -f -c $CONFFILE
- procd_set_param respawn
- procd_set_param file $CONFFILE
- procd_set_param stdout 1 # forward stdout of the command to logd
- procd_set_param stderr 1 # same for stderr
- procd_close_instance
-}
+++ /dev/null
---- a/libteredo/debug.h
-+++ b/libteredo/debug.h
-@@ -43,8 +43,10 @@ static inline void debug (const char *st
- # ifdef __linux__
- # include <errno.h>
- # include <assert.h>
--# undef PTHREAD_MUTEX_INITIALIZER
--# define PTHREAD_MUTEX_INITIALIZER PTHREAD_ERRORCHECK_MUTEX_INITIALIZER_NP
-+# if defined(PTHREAD_ERRORCHECK_MUTEX_INITIALIZER_NP)
-+# undef PTHREAD_MUTEX_INITIALIZER
-+# define PTHREAD_MUTEX_INITIALIZER PTHREAD_ERRORCHECK_MUTEX_INITIALIZER_NP
-+# endif
-
- static inline int
- d_pthread_mutex_init (pthread_mutex_t *mutex, pthread_mutexattr_t *pattr)
-@@ -57,7 +59,7 @@ d_pthread_mutex_init (pthread_mutex_t *m
- pthread_mutexattr_init (&attr);
- }
-
-- pthread_mutexattr_settype (pattr, PTHREAD_MUTEX_ERRORCHECK_NP);
-+ pthread_mutexattr_settype (pattr, PTHREAD_MUTEX_ERRORCHECK);
- int res = pthread_mutex_init (mutex, pattr);
-
- if (pattr == &attr)
+++ /dev/null
---- a/libtun6/tun6.c
-+++ b/libtun6/tun6.c
-@@ -53,7 +53,7 @@
- const char os_driver[] = "Linux";
- # define USE_LINUX 1
-
--# include <linux/if_tun.h> // TUNSETIFF - Linux tunnel driver
-+# include <linux/if_tun.h> // TUNSETIFF - Linux tunnel driver, ETH_P_IPV6
- /*
- * <linux/ipv6.h> conflicts with <netinet/in.h> and <arpa/inet.h>,
- * so we've got to declare this structure by hand.
-@@ -65,7 +65,7 @@ struct in6_ifreq {
- };
-
- # include <net/route.h> // struct in6_rtmsg
--# include <netinet/if_ether.h> // ETH_P_IPV6
-+//# include <netinet/if_ether.h> // ETH_P_IPV6
-
- typedef struct
- {
+++ /dev/null
---- a/include/gettext.h
-+++ b/include/gettext.h
-@@ -182,7 +182,7 @@ npgettext_aux (const char *domain,
- (((__GNUC__ >= 3 || __GNUG__ >= 2) && !defined(__STRICT_ANSI__)) \
- /* || __STDC_VERSION__ >= 199901L */ )
-
--#if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS
-+#if !defined(_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS)
- #include <stdlib.h>
- #endif
-
-@@ -206,7 +206,7 @@ dcpgettext_expr (const char *domain,
- size_t msgctxt_len = strlen (msgctxt) + 1;
- size_t msgid_len = strlen (msgid) + 1;
- const char *translation;
--#if _LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS
-+#if defined(_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS)
- char msg_ctxt_id[msgctxt_len + msgid_len];
- #else
- char buf[1024];
-@@ -221,7 +221,7 @@ dcpgettext_expr (const char *domain,
- msg_ctxt_id[msgctxt_len - 1] = '\004';
- memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len);
- translation = dcgettext (domain, msg_ctxt_id, category);
--#if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS
-+#if !defined(_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS)
- if (msg_ctxt_id != buf)
- free (msg_ctxt_id);
- #endif
-@@ -252,7 +252,7 @@ dcnpgettext_expr (const char *domain,
- size_t msgctxt_len = strlen (msgctxt) + 1;
- size_t msgid_len = strlen (msgid) + 1;
- const char *translation;
--#if _LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS
-+#if defined(_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS)
- char msg_ctxt_id[msgctxt_len + msgid_len];
- #else
- char buf[1024];
-@@ -267,7 +267,7 @@ dcnpgettext_expr (const char *domain,
- msg_ctxt_id[msgctxt_len - 1] = '\004';
- memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len);
- translation = dcngettext (domain, msg_ctxt_id, msgid_plural, n, category);
--#if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS
-+#if !defined(_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS)
- if (msg_ctxt_id != buf)
- free (msg_ctxt_id);
- #endif
+++ /dev/null
-From: Tomasz Buchert <tomasz@debian.org>
-Date: Fri, 6 Feb 2015 11:33:20 +0100
-Subject: Fix reproducibility issues
-
-We replace unreproducible CC macros with
-N/A placeholders. This fixes #776716.
----
- src/main.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
---- a/src/main.c
-+++ b/src/main.c
-@@ -92,10 +92,11 @@ miredo_version (void)
- #ifndef VERSION
- # define VERSION "unknown version"
- #endif
-+ const char* UNKNOWN = "N/A";
- printf (_("Miredo: Teredo IPv6 tunneling software %s (%s)\n"
- " built %s on %s (%s)\n"),
-- VERSION, PACKAGE_HOST, __DATE__,
-- PACKAGE_BUILD_HOSTNAME, PACKAGE_BUILD);
-+ VERSION, UNKNOWN, UNKNOWN,
-+ UNKNOWN, UNKNOWN);
- printf (_("Configured with: %s\n"), PACKAGE_CONFIGURE_INVOCATION);
- puts (_("Written by Remi Denis-Courmont.\n"));
-
PKG_NAME:=tayga
PKG_VERSION:=0.9.2
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE:=tayga-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=http://www.litech.org/tayga/
local iface="$2"
local link="tayga-$cfg"
- local ipv4_addr ipv6_addr prefix dynamic_pool ipaddr ip6addr noroutes
- json_get_vars ipv4_addr ipv6_addr prefix dynamic_pool ipaddr ip6addr noroutes
+ local ipv4_addr ipv6_addr prefix dynamic_pool map_ipv4 map_ipv6 ipaddr ip6addr noroutes
+ json_get_vars ipv4_addr ipv6_addr prefix dynamic_pool map_ipv4 map_ipv6 ipaddr ip6addr noroutes
[ -z "$ipv4_addr" -o -z "$prefix" ] && {
proto_notify_error "$cfg" "REQUIRED_PARAMETERS_MISSING"
proto_block_restart "$cfg"
echo "prefix $prefix" >>$tmpconf
[ -n "$dynamic_pool" ] &&
echo "dynamic-pool $dynamic_pool" >>$tmpconf
+ # TODO: Allow setting multiple static mapping
+ [ -n "$map_ipv4" ] &&
+ echo "map $map_ipv4 $map_ipv6" >>$tmpconf
echo "data-dir /var/run/tayga/$cfg" >>$tmpconf
- #TODO: Support static mapping of IPv4 <-> IPv6
# here we create TUN device and check configuration
tayga -c $tmpconf --mktun
proto_add_ipv6_route "$prefix6" "$mask6"
}
}
+ # TODO: Set up routes and firewall rules for clat/nat46 automatically?
proto_send_update "$cfg"
proto_config_add_string "ipv6_addr"
proto_config_add_string "prefix"
proto_config_add_string "dynamic_pool"
+ proto_config_add_string "map_ipv4"
+ proto_config_add_string "map_ipv6"
proto_config_add_string "ipaddr"
proto_config_add_string "ip6addr:ip6addr"
proto_config_add_boolean "noroutes"
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=v4l2loopback
-PKG_RELEASE:=2
+PKG_VERSION:=0.13.2
+PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://github.com/umlaeute/v4l2loopback.git
-PKG_SOURCE_VERSION:=v0.12.7
-PKG_MIRROR_HASH:=ee4adacdd38901c83349b36627ad9e8698564797d2e96297bfeb5202e80667a5
+PKG_SOURCE_URL:=https://github.com/umlaeute/v4l2loopback
+PKG_SOURCE_VERSION:=v$(PKG_VERSION)
+PKG_MIRROR_HASH:=06b786138b35daab3edfafb95432f1b838676e6dd615c481eae0553182eac67b
PKG_MAINTAINER:=Michel Promonet <michel.promonet@free.fr>
PKG_CPE_ID:=cpe:/o:v4l2loopback_project:v4l2loopback
include $(TOPDIR)/rules.mk
PKG_NAME:=erlang
-PKG_VERSION:=26.2.4
+PKG_VERSION:=27.0.1
PKG_RELEASE:=1
PKG_SOURCE:=otp_src_$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/erlang/otp/releases/download/OTP-$(PKG_VERSION)
-PKG_HASH:=b51ad69f57e2956dff4c893bcb09ad68fee23a7f8f6bba7d58449516b696de95
+PKG_HASH:=26d894e2f0dda9d13560af08ea589afc01569df6b5486e565beb5accb99c9cf4
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE.txt
PKG_BUILD_DEPENDS:=erlang/host openssl
PKG_ASLR_PIE:=0
+PKG_CONFIG_DEPENDS:= \
+ CONFIG_KERNEL_TRANSPARENT_HUGEPAGE
+
HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/otp_src_$(PKG_VERSION)
PKG_BUILD_DIR:=$(BUILD_DIR)/otp_src_$(PKG_VERSION)
define Package/erlang
$(call Package/erlang/Default)
DEPENDS+= +libncurses +librt +zlib +libstdcpp
- PROVIDES:= erlang-erts=14.2.4 erlang-kernel=9.2.3 erlang-sasl=4.2.1 erlang-stdlib=5.2.2
+ PROVIDES:= erlang-erts=15.0.1 erlang-kernel=10.0.1 erlang-sasl=4.2.2 erlang-stdlib=6.0.1
endef
define Package/erlang/description
define Package/erlang-asn1
$(call Package/erlang/Default)
TITLE:=Abstract Syntax Notation One (ASN.1) support
- VERSION:=5.2.2
+ VERSION:=5.3
DEPENDS+= +erlang +erlang-syntax-tools
endef
define Package/erlang-compiler
$(call Package/erlang/Default)
TITLE:=Byte code compiler
- VERSION:=8.4.3
+ VERSION:=8.5.1
DEPENDS+= +erlang
endef
define Package/erlang-crypto
$(call Package/erlang/Default)
TITLE:=Cryptography support
- VERSION:=5.4.2
+ VERSION:=5.5
DEPENDS+= +erlang +libopenssl
endef
define Package/erlang-inets
$(call Package/erlang/Default)
TITLE:=Internet clients and servers
- VERSION:=9.1
+ VERSION:=9.2
DEPENDS+= +erlang
endef
define Package/erlang-mnesia
$(call Package/erlang/Default)
TITLE:=Distributed database
- VERSION:=4.23
+ VERSION:=4.23.2
DEPENDS+= +erlang
endef
define Package/erlang-runtime-tools
$(call Package/erlang/Default)
TITLE:=Low-profile debugging/tracing tools
- VERSION:=2.0.1
+ VERSION:=2.1
DEPENDS+= +erlang
endef
define Package/erlang-snmp
$(call Package/erlang/Default)
TITLE:=Simple Network Management Protocol (SNMP) support
- VERSION:=5.15
+ VERSION:=5.16
DEPENDS+= +erlang +erlang-asn1
endef
define Package/erlang-public-key
$(call Package/erlang/Default)
TITLE:=Public Key support
- VERSION:=1.15.1
+ VERSION:=1.16.1
DEPENDS+= +erlang +erlang-crypto +erlang-asn1
endef
define Package/erlang-ssh
$(call Package/erlang/Default)
TITLE:=Secure Shell (SSH) support
- VERSION:=5.1.4
+ VERSION:=5.2.1
DEPENDS+= +erlang +erlang-crypto
endef
define Package/erlang-ssl
$(call Package/erlang/Default)
TITLE:=Secure Sockets Layer (SSL) support
- VERSION:=11.1.3
+ VERSION:=11.2.1
DEPENDS+= +erlang +erlang-crypto
endef
define Package/erlang-syntax-tools
$(call Package/erlang/Default)
TITLE:=Abstract Erlang syntax trees handling support
- VERSION:=3.1
+ VERSION:=3.2
DEPENDS+= +erlang
endef
define Package/erlang-tools
$(call Package/erlang/Default)
TITLE:=Erlang tools support
- VERSION:=3.6
+ VERSION:=4.0
DEPENDS+= +erlang
endef
define Package/erlang-reltool
$(call Package/erlang/Default)
TITLE:=Erlang reltool support
- VERSION:=1.0
+ VERSION:=1.0.1
DEPENDS+= +erlang
endef
define Package/erlang-erl-interface
$(call Package/erlang/Default)
TITLE:=Erlang erl_interface support
- VERSION:=5.5.1
+ VERSION:=5.5.2
DEPENDS+= +erlang
endef
define Package/erlang-os_mon
$(call Package/erlang/Default)
TITLE:=Erlang OS Monitoring Application
- VERSION:=2.9.1
+ VERSION:=2.10
DEPENDS+= +erlang
endef
define Package/erlang-xmerl
$(call Package/erlang/Default)
TITLE:=Erlang XML export
- VERSION:=1.3.34
+ VERSION:=2.0
DEPENDS+= +erlang
endef
# Host
HOST_CONFIGURE_ARGS += \
+ --without-wx \
--with-ssl="$(STAGING_DIR_HOST)" \
--without-javac
--without-javac \
--enable-dynamic-ssl-lib
+## Override incorrect THP detection by configure script
+ERTS_THP=no
+ifeq ($(CONFIG_KERNEL_TRANSPARENT_HUGEPAGE),y)
+ ERTS_THP=yes
+endif
+
CONFIGURE_VARS += \
SHLIB_LD="$(TARGET_CC)" \
TARGET_ARCH="$(TARGET_ARCH)" \
+ erts_cv_linux_thp=$(ERTS_THP) \
ac_cv_func_mmap_fixed_mapped=yes \
ac_cv_path_WX_CONFIG_PATH=no \
erl_xcomp_getaddrinfo=no \
include $(TOPDIR)/rules.mk
GO_VERSION_MAJOR_MINOR:=1.22
-GO_VERSION_PATCH:=2
+GO_VERSION_PATCH:=7
PKG_NAME:=golang
PKG_VERSION:=$(GO_VERSION_MAJOR_MINOR)$(if $(GO_VERSION_PATCH),.$(GO_VERSION_PATCH))
PKG_SOURCE:=go$(PKG_VERSION).src.tar.gz
PKG_SOURCE_URL:=$(GO_SOURCE_URLS)
-PKG_HASH:=374ea82b289ec738e968267cac59c7d5ff180f9492250254784b2044e90df5a9
+PKG_HASH:=66432d87d85e0cfac3edffe637d5930fc4ddf5793313fe11e4a0f333023c879f
PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
PKG_LICENSE:=BSD-3-Clause
PKG_NAME:=lua-cjson
PKG_VERSION:=2.1.0
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_MAINTAINER:=Dirk Chang <dirk@kooiot.com>
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://www.kyne.com.au/~mark/software/download/
+PKG_SOURCE_URL:=https://kyne.au/~mark/software/download/
PKG_HASH:=51bc69cd55931e0cba2ceae39e9efa2483f4292da3a88a1ed470eda829f6c778
HOST_BUILD_DEPENDS:=lua/host
include $(TOPDIR)/rules.mk
PKG_NAME:=lua-eco
-PKG_VERSION:=3.5.1
+PKG_VERSION:=3.6.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL=https://github.com/zhaojh329/lua-eco/releases/download/v$(PKG_VERSION)
-PKG_HASH:=eef79d98e06b682f9fca1f84f164b949c493582e01adb775bfb1c2dbcf2e8b42
+PKG_HASH:=0fdcd8eb9e93f2d1f0ff2132298faae2e13a8bfd676bd91db4d53e48917d6a74
PKG_MAINTAINER:=Jianhui Zhao <zhaojh329@gmail.com>
PKG_LICENSE:=MIT
Package/lua-eco-ip=$(call Package/lua-eco/Module,ip utils,+lua-eco-netlink)
Package/lua-eco-nl80211=$(call Package/lua-eco/Module,nl80211,+lua-eco-netlink)
Package/lua-eco-ssh=$(call Package/lua-eco/Module,ssh,+lua-eco-socket +libssh2)
+Package/lua-eco-packet=$(call Package/lua-eco/Module,packet,+lua-eco-nl80211)
define Package/lua-eco-ssl/config
choice
$(INSTALL_BIN) $(PKG_BUILD_DIR)/ssh.so $(1)/usr/local/lib/lua/5.3/eco/core
endef
+define Package/lua-eco-packet/install
+ $(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/packet.lua $(1)/usr/local/lib/lua/5.3/eco
+endef
+
$(eval $(call BuildPackage,lua-eco))
$(eval $(call BuildPackage,lua-eco-log))
$(eval $(call BuildPackage,lua-eco-base64))
$(eval $(call BuildPackage,lua-eco-ip))
$(eval $(call BuildPackage,lua-eco-nl80211))
$(eval $(call BuildPackage,lua-eco-ssh))
+$(eval $(call BuildPackage,lua-eco-packet))
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=lua-ffi
+PKG_VERSION:=1.0.0
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL=https://github.com/zhaojh329/lua-ffi/releases/download/v$(PKG_VERSION)
+PKG_HASH:=e26a8ed685c1aa31566683e3c06b057fd9ae6c7eec9922abe7661eeb678f1cd8
+
+PKG_MAINTAINER:=Jianhui Zhao <zhaojh329@gmail.com>
+PKG_LICENSE:=MIT
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+
+define Package/lua-ffi/default
+ TITLE:=A portable lightweight C FFI for $(1), based on libffi
+ CATEGORY:=Languages
+ SECTION:=lang
+ SUBMENU:=Lua
+ DEPENDS:=+libffi
+ URL:=https://github.com/zhaojh329/lua-ffi
+endef
+
+define Package/lua-ffi/default/description
+ Lua-ffi is a portable lightweight C FFI for Lua, based on libffi
+ and aiming to be mostly compatible with LuaJIT FFI, but written
+ from scratch in C language.
+endef
+
+define Package/lua-ffi
+ $(call Package/lua-ffi/default,lua5.1)
+ DEPENDS+=+liblua
+ VARIANT:=lua51
+endef
+
+define Package/lua-ffi-lua5.3
+ $(call Package/lua-ffi/default,lua5.3)
+ DEPENDS+=+liblua5.3
+ VARIANT:=lua53
+endef
+
+define Package/lua-ffi-lua5.4
+ $(call Package/lua-ffi/default,lua5.4)
+ DEPENDS+=+liblua5.4
+ VARIANT:=lua54
+endef
+
+Package/lua-ffi/description = $(Package/lua-ffi/default/description)
+Package/lua-ffi-lua5.3/description = $(Package/lua-ffi/default/description)
+Package/lua-ffi-lua5.4/description = $(Package/lua-ffi/default/description)
+
+ifeq ($(BUILD_VARIANT),lua51)
+ CMAKE_OPTIONS += -DLUA_INCLUDE_DIR="$(STAGING_DIR)/usr/include"
+endif
+
+ifeq ($(BUILD_VARIANT),lua53)
+ CMAKE_OPTIONS += -DLUA_INCLUDE_DIR="$(STAGING_DIR)/usr/include/lua5.3"
+endif
+
+ifeq ($(BUILD_VARIANT),lua54)
+ CMAKE_OPTIONS += -DLUA_INCLUDE_DIR="$(STAGING_DIR)/usr/include/lua5.4"
+endif
+
+define Package/lua-ffi/install
+ $(INSTALL_DIR) $(1)/usr/lib/lua
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/ffi.so $(1)/usr/lib/lua
+endef
+
+define Package/lua-ffi-lua5.3/install
+ $(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/ffi.so $(1)/usr/local/lib/lua/5.3
+endef
+
+define Package/lua-ffi-lua5.4/install
+ $(INSTALL_DIR) $(1)/usr/local/lib/lua/5.4
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/ffi.so $(1)/usr/local/lib/lua/5.4
+endef
+
+$(eval $(call BuildPackage,lua-ffi))
+$(eval $(call BuildPackage,lua-ffi-lua5.3))
+$(eval $(call BuildPackage,lua-ffi-lua5.4))
include $(TOPDIR)/rules.mk
PKG_NAME:=luajit2
-PKG_VERSION:=2.1-20240314
+PKG_VERSION:=2.1-20240626
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/openresty/luajit2/archive/refs/tags/v$(PKG_VERSION).tar.gz?
-PKG_HASH:=3efddc4104a0ce720ddf4da3d9bce927f3c5816a8a45a043462ca58914cde271
+PKG_HASH:=1e53822a1105df216b9657ccb0293a152ac5afd875abc848453bfa353ca8181b
PKG_MAINTAINER:=Javier Marcet <javier@marcet.info>
PKG_LICENSE:=MIT
PKG_NAME:=luasocket
PKG_VERSION:=3.1.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
$(INSTALL_DIR) $(1)/usr/lib/lua/socket
$(INSTALL_DATA) $(PKG_BUILD_DIR)/src/{ftp,http,smtp,tp,url,headers}.lua $(1)/usr/lib/lua/socket
$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/unix.so $(1)/usr/lib/lua/socket
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/serial.so $(1)/usr/lib/lua/socket
ln -sf ../socket-3.0.0.so $(1)/usr/lib/lua/socket/core.so
endef
PKG_NAME:=lzmq
PKG_VERSION:=0.4.4
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_MAINTAINER:=Dirk Chang <dirk@kooiot.com>
PKG_LICENSE:=MIT
--- /dev/null
+--- a/src/lzmq.c
++++ b/src/lzmq.c
+@@ -23,6 +23,7 @@
+ #include <assert.h>\r
+ #include "zsupport.h"\r
+ #include <memory.h>\r
++#include <stdlib.h>\r
+ \r
+ #define LUAZMQ_MODULE_NAME "lzmq"\r
+ #define LUAZMQ_MODULE_LICENSE "MIT"\r
include $(TOPDIR)/rules.mk
PKG_NAME:=node
-PKG_VERSION:=v20.13.1
+PKG_VERSION:=20.17.0
PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://nodejs.org/dist/$(PKG_VERSION)
-PKG_HASH:=a85ee53aa0a5c2f5ca94fa414cdbceb91eb7d18a77fc498358512c14cc6c6991
+PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://nodejs.org/dist/v$(PKG_VERSION)
+PKG_HASH:=409bda5f1896c7c20866610d778d1760991884ad2e7940837cd3f2854cf73747
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-v$(PKG_VERSION)
+HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/$(PKG_NAME)-v$(PKG_VERSION)
PKG_MAINTAINER:=Hirokazu MORIKAWA <morikw2@gmail.com>, Adrian Panella <ianchi74@outlook.com>
PKG_LICENSE:=MIT
--- a/lib/internal/modules/cjs/loader.js
+++ b/lib/internal/modules/cjs/loader.js
-@@ -1518,7 +1518,8 @@ Module._initPaths = function() {
+@@ -1650,7 +1650,8 @@ Module._initPaths = function() {
path.resolve(process.execPath, '..') :
path.resolve(process.execPath, '..', '..');
--- a/node.gyp
+++ b/node.gyp
-@@ -1214,6 +1214,7 @@
+@@ -1305,6 +1305,7 @@
'dependencies': [
'deps/simdutf/simdutf.gyp:simdutf#host',
],
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the
-@@ -1338,13 +1339,6 @@ function lookupAndConnect(self, options)
+@@ -1339,13 +1340,6 @@ function lookupAndConnect(self, options)
hints: options.hints || 0,
};
--- a/node.gyp
+++ b/node.gyp
-@@ -1215,6 +1215,7 @@
+@@ -1306,6 +1306,7 @@
'deps/simdutf/simdutf.gyp:simdutf#host',
],
'libraries!':[ '-licui18n', '-licuuc', '-licudata', '-lcrypto', '-lssl', '-lz', '-lhttp_parser', '-luv', '-lnghttp2', '-lcares' ],
include $(TOPDIR)/rules.mk
PKG_NAME:=perl-cgi
-PKG_VERSION:=4.64
+PKG_VERSION:=4.66
PKG_RELEASE:=1
PKG_SOURCE_URL:=https://www.cpan.org/authors/id/L/LE/LEEJO
PKG_SOURCE:=CGI-$(PKG_VERSION).tar.gz
-PKG_HASH:=39bd8e40ce00cdab39e0a2bc71abd2bbe451d1d97bc7e54e41a2e199eb6226e7
+PKG_HASH:=4697437688a193e3f02556e1d223015590c1f2800b40becf83dc12d5cc5ed8e1
PKG_BUILD_DIR:=$(BUILD_DIR)/perl/CGI-$(PKG_VERSION)
PKG_MAINTAINER:=Marcel Denia <naoir@gmx.net>, \
include $(TOPDIR)/rules.mk
PKG_NAME:=perl-text-csv_xs
-PKG_VERSION:=1.53
+PKG_VERSION:=1.55
PKG_RELEASE:=1
PKG_SOURCE:=Text-CSV_XS-$(PKG_VERSION).tgz
PKG_SOURCE_URL:=https://cpan.metacpan.org/authors/id/H/HM/HMBRAND
-PKG_HASH:=ba3231610fc755a69e14eb4a3c6d8cce46cc4fd32853777a6c9ce485a8878b42
+PKG_HASH:=e4b623b31b4ac35e99d7b797d5b7c2205a5b984bcd88dee1a9460a6a39d40b5e
PKG_BUILD_DIR:=$(BUILD_DIR)/perl/Text-CSV_XS-$(PKG_VERSION)
PKG_MAINTAINER:=Philip Prindeville <philipp@redfish-solutions.com>
--- /dev/null
+--- a/CSV_XS.xs
++++ b/CSV_XS.xs
+@@ -1235,14 +1235,14 @@ static void cx_ErrorDiag (pTHX_ csv_t *c
+ SV **svp;
+
+ if ((svp = hv_fetchs (csv->self, "_ERROR_DIAG", FALSE)) && *svp) {
+- if (SvIOK (*svp)) (void)fprintf (stderr, "ERR: %d\n", SvIV (*svp));
++ if (SvIOK (*svp)) (void)fprintf (stderr, "ERR: %ld\n", SvIV (*svp));
+ if (SvPOK (*svp)) (void)fprintf (stderr, "ERR: %s\n", SvPV_nolen (*svp));
+ }
+ if ((svp = hv_fetchs (csv->self, "_ERROR_POS", FALSE)) && *svp) {
+- if (SvIOK (*svp)) (void)fprintf (stderr, "POS: %d\n", SvIV (*svp));
++ if (SvIOK (*svp)) (void)fprintf (stderr, "POS: %ld\n", SvIV (*svp));
+ }
+ if ((svp = hv_fetchs (csv->self, "_ERROR_FLD", FALSE)) && *svp) {
+- if (SvIOK (*svp)) (void)fprintf (stderr, "FLD: %d\n", SvIV (*svp));
++ if (SvIOK (*svp)) (void)fprintf (stderr, "FLD: %ld\n", SvIV (*svp));
+ }
+ } /* ErrorDiag */
+
include $(TOPDIR)/rules.mk
PKG_NAME:=perl-try-tiny
-PKG_VERSION:=0.31
+PKG_VERSION:=0.32
PKG_RELEASE:=1
PKG_SOURCE_URL:=https://cpan.metacpan.org/authors/id/E/ET/ETHER/
PKG_SOURCE:=Try-Tiny-$(PKG_VERSION).tar.gz
-PKG_HASH:=3300d31d8a4075b26d8f46ce864a1d913e0e8467ceeba6655d5d2b2e206c11be
+PKG_HASH:=ef2d6cab0bad18e3ab1c4e6125cc5f695c7e459899f512451c8fa3ef83fa7fc0
PKG_BUILD_DIR:=$(BUILD_DIR)/perl/Try-Tiny-$(PKG_VERSION)
PKG_MAINTAINER:=Matt Merhar <mattmerhar@protonmail.com>
PKG_RELEASE:=2
PKG_SOURCE_URL:=https://www.cpan.org/src/5.0
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_HASH:=d91115e90b896520e83d4de6b52f8254ef2b70a8d545ffab33200ea9f1cf29e8
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_HASH:=c740348f357396327a9795d3e8323bafd0fe8a5c7835fc1cbaba0cc8dfe7161f
PKG_LICENSE:=GPL-1.0-or-later Artistic-1.0-Perl
PKG_LICENSE_FILES:=Copying Artistic README
-Dowrt:threads=$(if $(CONFIG_PERL_THREADS),yes,no) \
-Dowrt:staging_dir='$(STAGING_DIR)' \
-Dowrt:host_perl_prefix='$(HOST_PERL_PREFIX)' \
- -Dsysroot='$(TOOLCHAIN_DIR)' \
+ -Dsysroot='$(TOOLCHAIN_ROOT_DIR)' \
files/version.config \
files/base.config \
files/$(patsubst i386,i486,$(ARCH)).config \
endef
define Build/Compile
+ # make depend is required to avoid race conditions: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996953
+ +$(MAKE) -C $(PKG_BUILD_DIR) depend
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)
endef
($owrt:libc eq 'glibc') {
perllibs="$perllibs -lbsd"
ldflags="$ldflags -L$owrt:staging_dir/lib"
+
+ d_perl_lc_all_category_positions_init='undef'
+ d_perl_lc_all_separator='undef'
+ d_perl_lc_all_uses_name_value_pairs='define'
+
+ perl_lc_all_category_positions_init=''
+ perl_lc_all_separator=''
}
# uclibc does not provide crypt_r().
i_fcntl='define'
h_fcntl='true'
d_strerror_r='undef'
+
+ d_perl_lc_all_category_positions_init='define'
+ d_perl_lc_all_separator='undef'
+ d_perl_lc_all_uses_name_value_pairs='undef'
+
+ perl_lc_all_category_positions_init='{ 0, 1, 5, 2, 3, 4 }'
+ perl_lc_all_separator=''
}
# Set the version here
PERL_REVISION=5
-PERL_VERSION=38
-PERL_SUBVERSION=2
+PERL_VERSION=40
+PERL_SUBVERSION=0
# (api_revison, api_version, api_subversion) = (revision, version, 0) usually
PERL_API_REVISION=5
-PERL_API_VERSION=38
+PERL_API_VERSION=40
PERL_API_SUBVERSION=0
dynamic_ext='attributes B Compress/Raw/Bzip2 Compress/Raw/Zlib Cwd Data/Dumper DB_File Devel/Peek Devel/PPPort Digest/MD5 Digest/SHA Encode Fcntl File/DosGlob File/Glob Filter/Util/Call GDBM_File Hash/Util Hash/Util/FieldHash I18N/Langinfo IO IPC/SysV List/Util Math/BigInt/FastCalc MIME/Base64 mro Opcode PerlIO/encoding PerlIO/mmap PerlIO/scalar PerlIO/via POSIX re SDBM_File Socket Storable Sys/Hostname Sys/Syslog threads threads/shared Time/HiRes Time/Piece Unicode/Collate Unicode/Normalize XS/APItest XS/Typemap'
--- a/perl.c
+++ b/perl.c
-@@ -317,7 +317,7 @@ perl_construct(pTHXx)
+@@ -318,7 +318,7 @@ perl_construct(pTHXx)
PL_localpatches = local_patches; /* For possible -v */
#endif
--- /dev/null
+--- a/ext/POSIX/POSIX.xs
++++ b/ext/POSIX/POSIX.xs
+@@ -28,11 +28,7 @@ static int not_here(const char *s);
+ #include <sys/errno2.h>
+ #endif
+ #include <float.h>
+-#ifdef I_FENV
+-#if !(defined(__vax__) && defined(__NetBSD__))
+ #include <fenv.h>
+-#endif
+-#endif
+ #include <limits.h>
+ #include <locale.h>
+ #include <math.h>
+@@ -182,7 +178,7 @@ static int not_here(const char *s);
+ #endif
+
+ /* We will have an emulation. */
+-#ifndef FE_TONEAREST
++#ifndef FE_TOWARDZERO
+ # define FE_TOWARDZERO 0
+ # define FE_TONEAREST 1
+ # define FE_UPWARD 2
--- a/perl.c
+++ b/perl.c
-@@ -2098,16 +2098,6 @@ S_Internals_V(pTHX_ CV *cv)
+@@ -2092,16 +2092,6 @@ S_Internals_V(pTHX_ CV *cv)
PUSHs(Perl_newSVpvn_flags(aTHX_ non_bincompat_options,
sizeof(non_bincompat_options) - 1, SVs_TEMP));
ranlib = $ranlib
ECHO = $echo
-@@ -786,7 +787,7 @@ bitcount.h: generate_uudmap$(HOST_EXE_EX
+@@ -791,7 +792,7 @@ bitcount.h: generate_uudmap$(HOST_EXE_EX
./generate_uudmap$(HOST_EXE_EXT) $(generated_headers)
generate_uudmap$(HOST_EXE_EXT): generate_uudmap$(OBJ_EXT)
$(LNS) $(HOST_GENERATE) generate_uudmap$(HOST_EXE_EXT)
!NO!SUBS!
-@@ -891,26 +892,26 @@ mydtrace.h: $(DTRACE_H)
+@@ -896,26 +897,26 @@ mydtrace.h: $(DTRACE_H)
define)
$spitshell >>$Makefile <<'!NO!SUBS!'
$(DTRACE_MINI_O): perldtrace.d $(miniperl_objs_nodt)
!NO!SUBS!
;;
-@@ -921,13 +922,13 @@ $(LIBPERL): $& $(perllib_dep) $(DYNALOAD
+@@ -926,13 +927,13 @@ $(LIBPERL): $& $(perllib_dep) $(DYNALOAD
case "$useshrplib" in
true)
$spitshell >>$Makefile <<'!NO!SUBS!'
mv $@ libperl$(OBJ_EXT)
$(AR) qv $(LIBPERL) libperl$(OBJ_EXT)
!NO!SUBS!
-@@ -936,7 +937,7 @@ $(LIBPERL): $& $(perllib_dep) $(DYNALOAD
+@@ -941,7 +942,7 @@ $(LIBPERL): $& $(perllib_dep) $(DYNALOAD
;;
*)
$spitshell >>$Makefile <<'!NO!SUBS!'
$(AR) rc $(LIBPERL) $(perllib_objs) $(DYNALOADER)
@$(ranlib) $(LIBPERL)
!NO!SUBS!
-@@ -970,7 +971,7 @@ $(MINIPERL_EXE): lib/buildcustomize.pl
+@@ -975,7 +976,7 @@ $(MINIPERL_EXE): lib/buildcustomize.pl
amigaos*)
$spitshell >>$Makefile <<'!NO!SUBS!'
lib/buildcustomize.pl: $& $(miniperl_objs) write_buildcustomize.pl
$(CC) $(CLDFLAGS) -o $(MINIPERL_EXE) \
$(miniperl_objs) $(libs)
# $(LDLIBPTH) ./miniperl$(HOST_EXE_EXT) -w -Ilib -Idist/Exporter/lib -MExporter -e '<?>' || sh -c 'echo >&2 Failed to build miniperl. Please run make minitest; exit 1'
-@@ -992,7 +993,7 @@ NAMESPACEFLAGS = -force_flat_namespace
+@@ -997,7 +998,7 @@ NAMESPACEFLAGS = -force_flat_namespace
esac
$spitshell >>$Makefile <<'!NO!SUBS!'
lib/buildcustomize.pl: $& $(miniperl_objs) write_buildcustomize.pl
$(CC) $(CLDFLAGS) $(NAMESPACEFLAGS) -o $(MINIPERL_EXE) \
$(miniperl_objs) $(libs)
$(LDLIBPTH) ./miniperl$(HOST_EXE_EXT) -w -Ilib -Idist/Exporter/lib -MExporter -e '<?>' || sh -c 'echo >&2 Failed to build miniperl. Please run make minitest; exit 1'
-@@ -1003,8 +1004,8 @@ lib/buildcustomize.pl: $& $(miniperl_obj
+@@ -1008,8 +1009,8 @@ lib/buildcustomize.pl: $& $(miniperl_obj
if test "X$hostperl" != X; then
$spitshell >>$Makefile <<!GROK!THIS!
lib/buildcustomize.pl: \$& \$(miniperl_dep) write_buildcustomize.pl
\$(LNS) \$(HOST_PERL) \$(MINIPERL_EXE)
\$(LDLIBPTH) ./miniperl\$(HOST_EXE_EXT) -w -Ilib -Idist/Exporter/lib -MExporter -e '<?>' || sh -c 'echo >&2 Failed to build miniperl. Please run make minitest; exit 1'
\$(MINIPERL) -f write_buildcustomize.pl 'osname' "$osname"
-@@ -1012,7 +1013,7 @@ lib/buildcustomize.pl: \$& \$(miniperl_d
+@@ -1017,7 +1018,7 @@ lib/buildcustomize.pl: \$& \$(miniperl_d
else
$spitshell >>$Makefile <<'!NO!SUBS!'
lib/buildcustomize.pl: $& $(miniperl_dep) write_buildcustomize.pl
$(CC) $(CLDFLAGS) -o $(MINIPERL_EXE) \
$(miniperl_objs) $(libs)
$(LDLIBPTH) ./miniperl$(HOST_EXE_EXT) -w -Ilib -Idist/Exporter/lib -MExporter -e '<?>' || sh -c 'echo >&2 Failed to build miniperl. Please run make minitest; exit 1'
-@@ -1025,7 +1026,7 @@ lib/buildcustomize.pl: $& $(miniperl_dep
+@@ -1030,7 +1031,7 @@ lib/buildcustomize.pl: $& $(miniperl_dep
$spitshell >>$Makefile <<'!NO!SUBS!'
$(PERL_EXE): $& $(perlmain_dep) $(LIBPERL) $(static_ext) ext.libs $(PERLEXPORT) write_buildcustomize.pl
!NO!SUBS!
case "$osname" in
-@@ -1133,8 +1134,8 @@ pod/perl5382delta.pod: pod/perldelta.pod
- $(LNS) perldelta.pod pod/perl5382delta.pod
+@@ -1130,8 +1131,8 @@ pod/perl5400delta.pod: pod/perldelta.pod
+ $(LNS) perldelta.pod pod/perl5400delta.pod
extra.pods: $(MINIPERL_EXE)
- -@test ! -f extra.pods || rm -f `cat extra.pods`
-@for x in `grep -l '^=[a-z]' README.* | grep -v README.vms` ; do \
nx=`echo $$x | sed -e "s/README\.//"`; \
$(LNS) ../$$x "pod/perl"$$nx".pod" ; \
-@@ -1334,11 +1335,11 @@ realclean: _realcleaner _mopup
+@@ -1330,11 +1331,11 @@ realclean: _realcleaner _mopup
@echo "Note that '$(MAKE) realclean' does not delete config.sh or Policy.sh"
_clobber:
clobber: _realcleaner _mopup _clobber
-@@ -1346,24 +1347,24 @@ distclean: clobber
+@@ -1342,24 +1343,24 @@ distclean: clobber
# Like distclean but also removes emacs backups and *.orig.
veryclean: _verycleaner _mopup _clobber
- -rm -f perl.export perl.dll perl.libexp perl.map perl.def
- -rm -f *perl.xok
- -rm -f cygwin.c libperl*.def libperl*.dll cygperl*.dll *.exe.stackdump
-- -rm -f $(PERL_EXE) $(MINIPERL_EXE) $(LIBPERL) libperl.* microperl
+- -rm -f $(PERL_EXE) $(MINIPERL_EXE) $(LIBPERL) libperl.*
- -rm -f config.arch config.over $(DTRACE_H)
+ -@test -f extra.pods && $(RMS) `cat extra.pods`
+ -@test -f vms/README_vms.pod && $(RMS) vms/README_vms.pod
+ $(RMS) perl.export perl.dll perl.libexp perl.map perl.def
+ $(RMS) *perl.xok
+ $(RMS) cygwin.c libperl*.def libperl*.dll cygperl*.dll *.exe.stackdump
-+ $(RMS) $(PERL_EXE) $(MINIPERL_EXE) $(LIBPERL) libperl.* microperl
++ $(RMS) $(PERL_EXE) $(MINIPERL_EXE) $(LIBPERL) libperl.*
+ $(RMS) config.arch config.over $(DTRACE_H)
_cleaner1:
-cd pod; $(LDLIBPTH) $(MAKE) $(CLEAN)
-cd utils; $(LDLIBPTH) $(MAKE) $(CLEAN)
-@if test -f $(MINIPERL_EXE) ; then \
-@@ -1373,8 +1374,8 @@ _cleaner1:
+@@ -1369,8 +1370,8 @@ _cleaner1:
else \
sh $(CLEAN).sh ; \
fi
# Dear POSIX, thanks for making the default to xargs to be
# run once if nothing is passed in. It is such a great help.
-@@ -1389,24 +1390,24 @@ _cleaner1:
+@@ -1385,24 +1386,24 @@ _cleaner1:
# Add new rules before that line - the next line (rm -f so_locations ...) is
# used as a placeholder by a regen script.
_cleaner2:
-rmdir lib/version lib/threads lib/inc/ExtUtils lib/inc lib/encoding
-rmdir lib/autodie/exception lib/autodie/Scope lib/autodie lib/XS
-rmdir lib/Win32API lib/VMS lib/Unicode/Collate/Locale
-@@ -1457,11 +1458,11 @@ _realcleaner:
+@@ -1459,11 +1460,11 @@ _realcleaner:
_verycleaner:
@$(LDLIBPTH) $(MAKE) _cleaner1 CLEAN=veryclean
@$(LDLIBPTH) $(MAKE) _cleaner2
lint $(lintflags) -DPERL_CORE -D_REENTRANT -DDEBUGGING -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 $(c)
cscopeflags = -Rb # Recursive, build-only.
-@@ -1522,7 +1523,7 @@ case "$targethost" in
+@@ -1524,7 +1525,7 @@ case "$targethost" in
'') $spitshell >>$Makefile <<'!NO!SUBS!'
test_prep test-prep: test_prep_pre $(MINIPERL_EXE) $(unidatafiles) $(PERL_EXE) \
$(dynamic_ext) $(TEST_PERL_DLL) runtests $(generated_pods) common_build
!NO!SUBS!
;;
-@@ -1572,7 +1573,7 @@ test_prep test-prep: test_prep_pre \$(MI
+@@ -1574,7 +1575,7 @@ test_prep test-prep: test_prep_pre \$(MI
$to config.sh
# --- For lib/diagnostics.t with -Duseshrplib
$to \$(PERL_EXE)
$to t/\$(PERL_EXE)
!GROK!THIS!
-@@ -1582,7 +1583,7 @@ esac
+@@ -1592,7 +1593,7 @@ else
$spitshell >>$Makefile <<'!NO!SUBS!'
test_prep_reonly: $(MINIPERL_EXE) $(PERL_EXE) $(dynamic_ext_re) $(TEST_PERL_DLL)
$(MINIPERL) make_ext.pl $(dynamic_ext_re) MAKE="$(MAKE)" LIBPERL_A=$(LIBPERL) LINKTYPE=dynamic
- cd t && (rm -f $(PERL_EXE); $(LNS) ../$(PERL_EXE) $(PERL_EXE))
+ cd t && ($(RMS) $(PERL_EXE); $(LNS) ../$(PERL_EXE) $(PERL_EXE))
!NO!SUBS!
+ fi
- case "$targethost" in
-@@ -1637,7 +1638,7 @@ minitest_prep: $(MINIPERL_EXE)
+@@ -1648,7 +1649,7 @@ minitest_prep: $(MINIPERL_EXE)
@echo "You may see some irrelevant test failures if you have been unable"
@echo "to build lib/Config.pm, or the Unicode data files."
@echo " "
# Macros to invoke sort the MANIFEST during build
MANIFEST_SRT = MANIFEST.srt
-@@ -996,7 +996,7 @@ lib/buildcustomize.pl: $& $(miniperl_obj
+@@ -1001,7 +1001,7 @@ lib/buildcustomize.pl: $& $(miniperl_obj
@$(RMS) miniperl.xok
$(CC) $(CLDFLAGS) $(NAMESPACEFLAGS) -o $(MINIPERL_EXE) \
$(miniperl_objs) $(libs)
$(MINIPERL) -f write_buildcustomize.pl
!NO!SUBS!
;;
-@@ -1007,7 +1007,7 @@ lib/buildcustomize.pl: \$& \$(miniperl_d
+@@ -1012,7 +1012,7 @@ lib/buildcustomize.pl: \$& \$(miniperl_d
@\$(RMS) miniperl.xok
@\$(RMS) \$(MINIPERL_EXE)
\$(LNS) \$(HOST_PERL) \$(MINIPERL_EXE)
\$(MINIPERL) -f write_buildcustomize.pl 'osname' "$osname"
!GROK!THIS!
else
-@@ -1016,7 +1016,7 @@ lib/buildcustomize.pl: $& $(miniperl_dep
+@@ -1021,7 +1021,7 @@ lib/buildcustomize.pl: $& $(miniperl_dep
@$(RMS) miniperl.xok
$(CC) $(CLDFLAGS) -o $(MINIPERL_EXE) \
$(miniperl_objs) $(libs)
$spitshell >>$Makefile <<!GROK!THIS!
# Macros to invoke a copy of our fully operational perl during the build.
PERL_EXE = perl\$(EXE_EXT)
-@@ -1040,20 +1024,6 @@ $(PERL_EXE): $& $(perlmain_dep) $(LIBPER
+@@ -1045,20 +1029,6 @@ $(PERL_EXE): $& $(perlmain_dep) $(LIBPER
$(SHRPENV) $(CC) -o perl $(CLDFLAGS) $(CCDLFLAGS) $(perlmain_objs) $(LLIBPERL) $(static_ext) `cat ext.libs` $(libs)
!NO!SUBS!
;;
+++ /dev/null
-From ba6e2c38aafc23cf114f3ba0d0ff3baead34328b Mon Sep 17 00:00:00 2001
-From: Yves Orton <demerphq@gmail.com>
-Date: Tue, 1 Aug 2023 23:12:46 +0200
-Subject: [PATCH] regcomp*.c, regexec.c - fixup regex engine build under
- -Uusedl
-
-The regex engine is built a bit different from most of the perl
-codebase. It is compiled as part of the main libperl.so and it is
-also compiled (with DEBUGGING enabled) as part of the re extension.
-When perl itself is compiled with DEBUGGING enabled then the code
-in the re.so extension and the code in libperl.so is the same.
-
-This all works fine and dandy until you have a static build where the
-re.so is linked into libperl.so, which results in duplicate symbols
-being defined. These symbols come in two flaviours: "auxiliary" and
-"debugging" related symbols.
-
-We have basically three cases:
-
-1. USE_DYNAMIC_LOADING is defined. In this case we are doing a dynamic
- build and re.so will be separate from libperl.so, so it even if this
- is a DEBUGGING enabled build debug and auxiliary functions can be
- compiled into *both* re.so and libperl.so. This is basically the
- "standard build".
-
-2. USE_DYNAMIC_LOADING is not defined, and DEBUGGING is not defined
- either. In this case auxiliary functions should only be compiled in
- libperl.so, and the debug functions should only be compiled into
- re.so
-
-3. USE_DYNAMIC_LOADING is not defined, and DEBUGGING *is* defined. In
- this case auxiliary functions AND debug functions should only be
- compiled into libperl.so
-
-It is possible to detect the different build options by looking at the
-defines 'USE_DYNAMIC_LOADING', 'PERL_EXT_RE_DEBUG' and
-'DEBUGGING_RE_ONLY'. 'USE_DYNAMIC_LOADING' is NOT defined when we are
-building a static perl. 'PERL_EXT_RE_DEBUG' is defined only when we are
-building re.so, and 'DEBUGGING_RE_ONLY' is defined only when we are
-building re.so in a perl that is not itself already a DEBUGGING enabled
-perl. The file ext/re/re_top.h responsible for setting up
-DEBUGGING_RE_ONLY.
-
-This patch uses 'PERL_EXT_RE_DEBUG', 'DEBUGGING_RE_ONLY' and
-'USE_DYNAMIC_LOADING' to define in regcomp.h two further define flags
-'PERL_RE_BUILD_DEBUG' and 'PERL_RE_BUILD_AUX'.
-
-The 'PERL_RE_BUILD_DEBUG' flag determines if the debugging functions
-should be compiled into libperl.so or re.so or both. The
-'PERL_RE_BUILD_AUX' flag determines if the auxiliary functions should be
-compiled into just libperl.so or into it and re.so. We then use these
-flags to guard the different types of functions so that we can build in
-all three modes without duplicate symbols.
----
- regcomp.c | 13 +-
- regcomp.h | 14 ++-
- regcomp_debug.c | 308 +++++++++++++++++++++++-----------------------
- regcomp_invlist.c | 3 +-
- regexec.c | 3 +-
- 5 files changed, 181 insertions(+), 160 deletions(-)
-
---- a/regcomp.c
-+++ b/regcomp.c
-@@ -290,6 +290,7 @@ S_edit_distance(const UV* src,
- /* END of edit_distance() stuff
- * ========================================================= */
-
-+#ifdef PERL_RE_BUILD_AUX
- /* add a data member to the struct reg_data attached to this regex, it should
- * always return a non-zero return. the 's' argument is the type of the items
- * being added and the n is the number of items. The length of 's' should match
-@@ -340,6 +341,7 @@ Perl_reg_add_data(RExC_state_t* const pR
- assert(count>0);
- return count;
- }
-+#endif /* PERL_RE_BUILD_AUX */
-
- /*XXX: todo make this not included in a non debugging perl, but appears to be
- * used anyway there, in 'use re' */
-@@ -7443,6 +7445,7 @@ S_regatom(pTHX_ RExC_state_t *pRExC_stat
- }
-
-
-+#ifdef PERL_RE_BUILD_AUX
- void
- Perl_populate_anyof_bitmap_from_invlist(pTHX_ regnode *node, SV** invlist_ptr)
- {
-@@ -7502,6 +7505,7 @@ Perl_populate_anyof_bitmap_from_invlist(
- }
- }
- }
-+#endif /* PERL_RE_BUILD_AUX */
-
- /* Parse POSIX character classes: [[:foo:]], [[=foo=]], [[.foo.]].
- Character classes ([:foo:]) can also be negated ([:^foo:]).
-@@ -9095,6 +9099,7 @@ S_dump_regex_sets_structures(pTHX_ RExC_
- #undef IS_OPERATOR
- #undef IS_OPERAND
-
-+#ifdef PERL_RE_BUILD_AUX
- void
- Perl_add_above_Latin1_folds(pTHX_ RExC_state_t *pRExC_state, const U8 cp, SV** invlist)
- {
-@@ -9182,6 +9187,8 @@ Perl_add_above_Latin1_folds(pTHX_ RExC_s
- }
- }
- }
-+#endif /* PERL_RE_BUILD_AUX */
-+
-
- STATIC void
- S_output_posix_warnings(pTHX_ RExC_state_t *pRExC_state, AV* posix_warnings)
-@@ -12105,6 +12112,7 @@ S_optimize_regclass(pTHX_
-
- #undef HAS_NONLOCALE_RUNTIME_PROPERTY_DEFINITION
-
-+#ifdef PERL_RE_BUILD_AUX
- void
- Perl_set_ANYOF_arg(pTHX_ RExC_state_t* const pRExC_state,
- regnode* const node,
-@@ -12261,6 +12269,7 @@ Perl_set_ANYOF_arg(pTHX_ RExC_state_t* c
- RExC_rxi->data->data[n] = (void*)rv;
- ARG1u_SET(node, n);
- }
-+#endif /* PERL_RE_BUILD_AUX */
-
- SV *
-
-@@ -12999,6 +13008,8 @@ S_regtail_study(pTHX_ RExC_state_t *pREx
- }
- #endif
-
-+
-+#ifdef PERL_RE_BUILD_AUX
- SV*
- Perl_get_ANYOFM_contents(pTHX_ const regnode * n) {
-
-@@ -13047,7 +13058,7 @@ Perl_get_ANYOFHbbm_contents(pTHX_ const
- UTF_CONTINUATION_MARK | 0));
- return cp_list;
- }
--
-+#endif /* PERL_RE_BUILD_AUX */
-
-
- SV *
---- a/regcomp.h
-+++ b/regcomp.h
-@@ -1554,7 +1554,19 @@ typedef enum {
- #define EVAL_OPTIMISTIC_FLAG 128
- #define EVAL_FLAGS_MASK (EVAL_OPTIMISTIC_FLAG-1)
-
--
-+/* We define PERL_RE_BUILD_DEBUG if we are NOT compiling the re extension and
-+ * we are under DEBUGGING, or if we are ARE compiling the re extension
-+ * and this is not a DEBUGGING enabled build (identified by
-+ * DEBUGGING_RE_ONLY being defined)
-+ */
-+#if ( defined(USE_DYNAMIC_LOADING) && defined(DEBUGGING)) || \
-+ ( defined(PERL_EXT_RE_BUILD) && defined(DEBUGGING_RE_ONLY)) || \
-+ (!defined(PERL_EXT_RE_BUILD) && defined(DEBUGGING))
-+#define PERL_RE_BUILD_DEBUG
-+#endif
-+#if ( defined(USE_DYNAMIC_LOADING) || !defined(PERL_EXT_RE_BUILD) )
-+#define PERL_RE_BUILD_AUX
-+#endif
-
- #endif /* PERL_REGCOMP_H_ */
-
---- a/regcomp_debug.c
-+++ b/regcomp_debug.c
-@@ -18,8 +18,7 @@
- #include "unicode_constants.h"
- #include "regcomp_internal.h"
-
--#ifdef DEBUGGING
--
-+#ifdef PERL_RE_BUILD_DEBUG
- int
- Perl_re_printf(pTHX_ const char *fmt, ...)
- {
-@@ -159,13 +158,160 @@ Perl_debug_peep(pTHX_ const char *str, c
- });
- }
-
--#endif /* DEBUGGING */
-+const regnode *
-+Perl_dumpuntil(pTHX_ const regexp *r, const regnode *start, const regnode *node,
-+ const regnode *last, const regnode *plast,
-+ SV* sv, I32 indent, U32 depth)
-+{
-+ const regnode *next;
-+ const regnode *optstart= NULL;
-+
-+ RXi_GET_DECL(r, ri);
-+ DECLARE_AND_GET_RE_DEBUG_FLAGS;
-+
-+ PERL_ARGS_ASSERT_DUMPUNTIL;
-+
-+#ifdef DEBUG_DUMPUNTIL
-+ Perl_re_printf( aTHX_ "--- %d : %d - %d - %d\n", indent, node-start,
-+ last ? last-start : 0, plast ? plast-start : 0);
-+#endif
-+
-+ if (plast && plast < last)
-+ last= plast;
-+
-+ while (node && (!last || node < last)) {
-+ const U8 op = OP(node);
-+
-+ if (op == CLOSE || op == SRCLOSE || op == WHILEM)
-+ indent--;
-+ next = regnext((regnode *)node);
-+ const regnode *after = regnode_after((regnode *)node,0);
-+
-+ /* Where, what. */
-+ if (op == OPTIMIZED) {
-+ if (!optstart && RE_DEBUG_FLAG(RE_DEBUG_COMPILE_OPTIMISE))
-+ optstart = node;
-+ else
-+ goto after_print;
-+ } else
-+ CLEAR_OPTSTART;
-+
-+ regprop(r, sv, node, NULL, NULL);
-+ Perl_re_printf( aTHX_ "%4" IVdf ":%*s%s", (IV)(node - start),
-+ (int)(2*indent + 1), "", SvPVX_const(sv));
-+
-+ if (op != OPTIMIZED) {
-+ if (next == NULL) /* Next ptr. */
-+ Perl_re_printf( aTHX_ " (0)");
-+ else if (REGNODE_TYPE(op) == BRANCH
-+ && REGNODE_TYPE(OP(next)) != BRANCH )
-+ Perl_re_printf( aTHX_ " (FAIL)");
-+ else
-+ Perl_re_printf( aTHX_ " (%" IVdf ")", (IV)(next - start));
-+ Perl_re_printf( aTHX_ "\n");
-+ }
-+
-+ after_print:
-+ if (REGNODE_TYPE(op) == BRANCHJ) {
-+ assert(next);
-+ const regnode *nnode = (OP(next) == LONGJMP
-+ ? regnext((regnode *)next)
-+ : next);
-+ if (last && nnode > last)
-+ nnode = last;
-+ DUMPUNTIL(after, nnode);
-+ }
-+ else if (REGNODE_TYPE(op) == BRANCH) {
-+ assert(next);
-+ DUMPUNTIL(after, next);
-+ }
-+ else if ( REGNODE_TYPE(op) == TRIE ) {
-+ const regnode *this_trie = node;
-+ const U32 n = ARG1u(node);
-+ const reg_ac_data * const ac = op>=AHOCORASICK ?
-+ (reg_ac_data *)ri->data->data[n] :
-+ NULL;
-+ const reg_trie_data * const trie =
-+ (reg_trie_data*)ri->data->data[op<AHOCORASICK ? n : ac->trie];
-+#ifdef DEBUGGING
-+ AV *const trie_words
-+ = MUTABLE_AV(ri->data->data[n + TRIE_WORDS_OFFSET]);
-+#endif
-+ const regnode *nextbranch= NULL;
-+ I32 word_idx;
-+ SvPVCLEAR(sv);
-+ for (word_idx= 0; word_idx < (I32)trie->wordcount; word_idx++) {
-+ SV ** const elem_ptr = av_fetch_simple(trie_words, word_idx, 0);
-+
-+ Perl_re_indentf( aTHX_ "%s ",
-+ indent+3,
-+ elem_ptr
-+ ? pv_pretty(sv, SvPV_nolen_const(*elem_ptr),
-+ SvCUR(*elem_ptr), PL_dump_re_max_len,
-+ PL_colors[0], PL_colors[1],
-+ (SvUTF8(*elem_ptr)
-+ ? PERL_PV_ESCAPE_UNI
-+ : 0)
-+ | PERL_PV_PRETTY_ELLIPSES
-+ | PERL_PV_PRETTY_LTGT
-+ )
-+ : "???"
-+ );
-+ if (trie->jump) {
-+ U16 dist= trie->jump[word_idx+1];
-+ Perl_re_printf( aTHX_ "(%" UVuf ")\n",
-+ (UV)((dist ? this_trie + dist : next) - start));
-+ if (dist) {
-+ if (!nextbranch)
-+ nextbranch= this_trie + trie->jump[0];
-+ DUMPUNTIL(this_trie + dist, nextbranch);
-+ }
-+ if (nextbranch && REGNODE_TYPE(OP(nextbranch))==BRANCH)
-+ nextbranch= regnext((regnode *)nextbranch);
-+ } else {
-+ Perl_re_printf( aTHX_ "\n");
-+ }
-+ }
-+ if (last && next > last)
-+ node= last;
-+ else
-+ node= next;
-+ }
-+ else if ( op == CURLY ) { /* "next" might be very big: optimizer */
-+ DUMPUNTIL(after, after + 1); /* +1 is NOT a REGNODE_AFTER */
-+ }
-+ else if (REGNODE_TYPE(op) == CURLY && op != CURLYX) {
-+ assert(next);
-+ DUMPUNTIL(after, next);
-+ }
-+ else if ( op == PLUS || op == STAR) {
-+ DUMPUNTIL(after, after + 1); /* +1 NOT a REGNODE_AFTER */
-+ }
-+ else if (REGNODE_TYPE(op) == EXACT || op == ANYOFHs) {
-+ /* Literal string, where present. */
-+ node = (const regnode *)REGNODE_AFTER_varies(node);
-+ }
-+ else {
-+ node = REGNODE_AFTER_opcode(node,op);
-+ }
-+ if (op == CURLYX || op == OPEN || op == SROPEN)
-+ indent++;
-+ if (REGNODE_TYPE(op) == END)
-+ break;
-+ }
-+ CLEAR_OPTSTART;
-+#ifdef DEBUG_DUMPUNTIL
-+ Perl_re_printf( aTHX_ "--- %d\n", (int)indent);
-+#endif
-+ return node;
-+}
-+
-+#endif /* PERL_RE_BUILD_DEBUG */
-
- /*
- - regdump - dump a regexp onto Perl_debug_log in vaguely comprehensible form
- */
- #ifdef DEBUGGING
--
- static void
- S_regdump_intflags(pTHX_ const char *lead, const U32 flags)
- {
-@@ -907,8 +1053,8 @@ Perl_regprop(pTHX_ const regexp *prog, S
- #endif /* DEBUGGING */
- }
-
--#ifdef DEBUGGING
-
-+#ifdef DEBUGGING
- STATIC void
- S_put_code_point(pTHX_ SV *sv, UV c)
- {
-@@ -1517,154 +1663,4 @@ S_put_charclass_bitmap_innards(pTHX_ SV
-
- return did_output_something;
- }
--
--
--const regnode *
--Perl_dumpuntil(pTHX_ const regexp *r, const regnode *start, const regnode *node,
-- const regnode *last, const regnode *plast,
-- SV* sv, I32 indent, U32 depth)
--{
-- const regnode *next;
-- const regnode *optstart= NULL;
--
-- RXi_GET_DECL(r, ri);
-- DECLARE_AND_GET_RE_DEBUG_FLAGS;
--
-- PERL_ARGS_ASSERT_DUMPUNTIL;
--
--#ifdef DEBUG_DUMPUNTIL
-- Perl_re_printf( aTHX_ "--- %d : %d - %d - %d\n", indent, node-start,
-- last ? last-start : 0, plast ? plast-start : 0);
--#endif
--
-- if (plast && plast < last)
-- last= plast;
--
-- while (node && (!last || node < last)) {
-- const U8 op = OP(node);
--
-- if (op == CLOSE || op == SRCLOSE || op == WHILEM)
-- indent--;
-- next = regnext((regnode *)node);
-- const regnode *after = regnode_after((regnode *)node,0);
--
-- /* Where, what. */
-- if (op == OPTIMIZED) {
-- if (!optstart && RE_DEBUG_FLAG(RE_DEBUG_COMPILE_OPTIMISE))
-- optstart = node;
-- else
-- goto after_print;
-- } else
-- CLEAR_OPTSTART;
--
-- regprop(r, sv, node, NULL, NULL);
-- Perl_re_printf( aTHX_ "%4" IVdf ":%*s%s", (IV)(node - start),
-- (int)(2*indent + 1), "", SvPVX_const(sv));
--
-- if (op != OPTIMIZED) {
-- if (next == NULL) /* Next ptr. */
-- Perl_re_printf( aTHX_ " (0)");
-- else if (REGNODE_TYPE(op) == BRANCH
-- && REGNODE_TYPE(OP(next)) != BRANCH )
-- Perl_re_printf( aTHX_ " (FAIL)");
-- else
-- Perl_re_printf( aTHX_ " (%" IVdf ")", (IV)(next - start));
-- Perl_re_printf( aTHX_ "\n");
-- }
--
-- after_print:
-- if (REGNODE_TYPE(op) == BRANCHJ) {
-- assert(next);
-- const regnode *nnode = (OP(next) == LONGJMP
-- ? regnext((regnode *)next)
-- : next);
-- if (last && nnode > last)
-- nnode = last;
-- DUMPUNTIL(after, nnode);
-- }
-- else if (REGNODE_TYPE(op) == BRANCH) {
-- assert(next);
-- DUMPUNTIL(after, next);
-- }
-- else if ( REGNODE_TYPE(op) == TRIE ) {
-- const regnode *this_trie = node;
-- const U32 n = ARG1u(node);
-- const reg_ac_data * const ac = op>=AHOCORASICK ?
-- (reg_ac_data *)ri->data->data[n] :
-- NULL;
-- const reg_trie_data * const trie =
-- (reg_trie_data*)ri->data->data[op<AHOCORASICK ? n : ac->trie];
--#ifdef DEBUGGING
-- AV *const trie_words
-- = MUTABLE_AV(ri->data->data[n + TRIE_WORDS_OFFSET]);
--#endif
-- const regnode *nextbranch= NULL;
-- I32 word_idx;
-- SvPVCLEAR(sv);
-- for (word_idx= 0; word_idx < (I32)trie->wordcount; word_idx++) {
-- SV ** const elem_ptr = av_fetch_simple(trie_words, word_idx, 0);
--
-- Perl_re_indentf( aTHX_ "%s ",
-- indent+3,
-- elem_ptr
-- ? pv_pretty(sv, SvPV_nolen_const(*elem_ptr),
-- SvCUR(*elem_ptr), PL_dump_re_max_len,
-- PL_colors[0], PL_colors[1],
-- (SvUTF8(*elem_ptr)
-- ? PERL_PV_ESCAPE_UNI
-- : 0)
-- | PERL_PV_PRETTY_ELLIPSES
-- | PERL_PV_PRETTY_LTGT
-- )
-- : "???"
-- );
-- if (trie->jump) {
-- U16 dist= trie->jump[word_idx+1];
-- Perl_re_printf( aTHX_ "(%" UVuf ")\n",
-- (UV)((dist ? this_trie + dist : next) - start));
-- if (dist) {
-- if (!nextbranch)
-- nextbranch= this_trie + trie->jump[0];
-- DUMPUNTIL(this_trie + dist, nextbranch);
-- }
-- if (nextbranch && REGNODE_TYPE(OP(nextbranch))==BRANCH)
-- nextbranch= regnext((regnode *)nextbranch);
-- } else {
-- Perl_re_printf( aTHX_ "\n");
-- }
-- }
-- if (last && next > last)
-- node= last;
-- else
-- node= next;
-- }
-- else if ( op == CURLY ) { /* "next" might be very big: optimizer */
-- DUMPUNTIL(after, after + 1); /* +1 is NOT a REGNODE_AFTER */
-- }
-- else if (REGNODE_TYPE(op) == CURLY && op != CURLYX) {
-- assert(next);
-- DUMPUNTIL(after, next);
-- }
-- else if ( op == PLUS || op == STAR) {
-- DUMPUNTIL(after, after + 1); /* +1 NOT a REGNODE_AFTER */
-- }
-- else if (REGNODE_TYPE(op) == EXACT || op == ANYOFHs) {
-- /* Literal string, where present. */
-- node = (const regnode *)REGNODE_AFTER_varies(node);
-- }
-- else {
-- node = REGNODE_AFTER_opcode(node,op);
-- }
-- if (op == CURLYX || op == OPEN || op == SROPEN)
-- indent++;
-- if (REGNODE_TYPE(op) == END)
-- break;
-- }
-- CLEAR_OPTSTART;
--#ifdef DEBUG_DUMPUNTIL
-- Perl_re_printf( aTHX_ "--- %d\n", (int)indent);
--#endif
-- return node;
--}
--
--#endif /* DEBUGGING */
-+#endif /* DEBUGGING */
---- a/regcomp_invlist.c
-+++ b/regcomp_invlist.c
-@@ -18,7 +18,7 @@
- #include "unicode_constants.h"
- #include "regcomp_internal.h"
-
--
-+#ifdef PERL_RE_BUILD_AUX
- void
- Perl_populate_bitmap_from_invlist(pTHX_ SV * invlist, const UV offset, const U8 * bitmap, const Size_t len)
- {
-@@ -70,6 +70,7 @@ Perl_populate_invlist_from_bitmap(pTHX_
- }
- }
- }
-+#endif /* PERL_RE_BUILD_AUX */
-
- /* This section of code defines the inversion list object and its methods. The
- * interfaces are highly subject to change, so as much as possible is static to
---- a/regexec.c
-+++ b/regexec.c
-@@ -4421,7 +4421,8 @@ S_regtry(pTHX_ regmatch_info *reginfo, c
- */
- #define REPORT_CODE_OFF 29
- #define INDENT_CHARS(depth) ((int)(depth) % 20)
--#ifdef DEBUGGING
-+
-+#ifdef PERL_RE_BUILD_DEBUG
- int
- Perl_re_exec_indentf(pTHX_ const char *fmt, U32 depth, ...)
- {
endef
define Package/perlbase-bytes/install
-$(call perlmod/Install,$(1),bytes.pm bytes_heavy.pl,)
+$(call perlmod/Install,$(1),bytes.pm,)
$(call perlmod/InstallBaseTests,$(1),lib/bytes.t)
endef
-PERL_VERSION:=5.38.2
+PERL_VERSION:=5.40.0
PERL_EXPLODE:=$(subst ., ,$(PERL_VERSION))
include $(TOPDIR)/rules.mk
PKG_NAME:=php
-PKG_VERSION:=8.3.6
-PKG_RELEASE:=2
+PKG_VERSION:=8.3.11
+PKG_RELEASE:=1
PKG_MAINTAINER:=Michael Heimpold <mhei@heimpold.de>
PKG_LICENSE:=PHP-3.01
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://www.php.net/distributions/
-PKG_HASH:=53c8386b2123af97626d3438b3e4058e0c5914cb74b048a6676c57ac647f5eae
+PKG_HASH:=b862b098a08ab9bf4b36ed12c7d0d9f65353656b36fb0e3c5344093aceb35802
PKG_BUILD_PARALLEL:=1
PKG_BUILD_FLAGS:=no-mips16
+ fi
+fi
+
- PHP_DATE_CFLAGS="-Wno-implicit-fallthrough -I@ext_builddir@/lib -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -DHAVE_TIMELIB_CONFIG_H=1"
- timelib_sources="lib/astro.c lib/dow.c lib/parse_date.c lib/parse_tz.c lib/parse_posix.c
- lib/timelib.c lib/tm2unixtime.c lib/unixtime2tm.c lib/parse_iso_intervals.c lib/interval.c"
+ AX_CHECK_COMPILE_FLAG([-Wno-implicit-fallthrough],
+ [PHP_DATE_CFLAGS="$PHP_DATE_CFLAGS -Wno-implicit-fallthrough"],,
+ [-Werror])
--- a/ext/date/lib/parse_tz.c
+++ b/ext/date/lib/parse_tz.c
@@ -26,9 +26,22 @@
--- a/configure.ac
+++ b/configure.ac
-@@ -1490,7 +1490,7 @@ PHP_REMOVE_USR_LIB(LDFLAGS)
+@@ -1493,7 +1493,7 @@ PHP_REMOVE_USR_LIB(LDFLAGS)
EXTRA_LDFLAGS="$EXTRA_LDFLAGS $PHP_LDFLAGS"
EXTRA_LDFLAGS_PROGRAM="$EXTRA_LDFLAGS_PROGRAM $PHP_LDFLAGS"
--- a/configure.ac
+++ b/configure.ac
-@@ -1686,13 +1686,13 @@ CFLAGS_CLEAN="$CFLAGS \$(PROF_FLAGS)"
+@@ -1689,13 +1689,13 @@ CFLAGS_CLEAN="$CFLAGS \$(PROF_FLAGS)"
CFLAGS="\$(CFLAGS_CLEAN) $standard_libtool_flag"
CXXFLAGS="$CXXFLAGS $standard_libtool_flag \$(PROF_FLAGS)"
+++ /dev/null
-From e680bd98d34a86302db434c5be23d0cf9d23df23 Mon Sep 17 00:00:00 2001
-From: Jan Beich <jbeich@FreeBSD.org>
-Date: Sat, 20 Apr 2024 23:49:22 +0200
-Subject: devel/php*-intl: unbreak build with ICU 75
-
-In file included from ext/intl/intl_convertcpp.cpp:17:
-In file included from ./intl_convertcpp.h:22:
-In file included from /usr/local/include/unicode/unistr.h:39:
-/usr/local/include/unicode/stringpiece.h:133:29: error: no template named 'enable_if_t' in namespace 'std'
- typename = std::enable_if_t<
- ~~~~~^
-/usr/local/include/unicode/stringpiece.h:134:23: error: no template named 'is_same_v' in namespace 'std'; did you mean 'is_same'?
- (std::is_same_v<decltype(T().data()), const char*>
- ~~~~~^
-/usr/include/c++/v1/__type_traits/is_same.h:22:29: note: 'is_same' declared here
-struct _LIBCPP_TEMPLATE_VIS is_same : _BoolConstant<__is_same(_Tp, _Up)> { };
- ^
-In file included from ext/intl/intl_convertcpp.cpp:17:
-In file included from ./intl_convertcpp.h:22:
-In file included from /usr/local/include/unicode/unistr.h:39:
-/usr/local/include/unicode/stringpiece.h:139:17: error: use of address-of-label extension outside of a function body
- std::is_same_v<decltype(T().size()), size_t>>>
- ^
-/usr/local/include/unicode/stringpiece.h:139:62: error: expected member name or ';' after declaration specifiers
- std::is_same_v<decltype(T().size()), size_t>>>
- ^
-PR: 278420
-Reported by: antoine (via exp-run)
----
-
---- a/ext/intl/config.m4
-+++ b/ext/intl/config.m4
-@@ -80,7 +80,16 @@ if test "$PHP_INTL" != "no"; then
- breakiterator/codepointiterator_methods.cpp"
-
- PHP_REQUIRE_CXX()
-- PHP_CXX_COMPILE_STDCXX(11, mandatory, PHP_INTL_STDCXX)
-+
-+ AC_MSG_CHECKING([if intl requires -std=gnu++17])
-+ AS_IF([test "$PKG_CONFIG icu-uc --atleast-version=74"],[
-+ AC_MSG_RESULT([yes])
-+ PHP_CXX_COMPILE_STDCXX(17, mandatory, PHP_INTL_STDCXX)
-+ ],[
-+ AC_MSG_RESULT([no])
-+ PHP_CXX_COMPILE_STDCXX(11, mandatory, PHP_INTL_STDCXX)
-+ ])
-+
- PHP_INTL_CXX_FLAGS="$INTL_COMMON_FLAGS $PHP_INTL_STDCXX $ICU_CXXFLAGS"
- case $host_alias in
- *cygwin*) PHP_INTL_CXX_FLAGS="$PHP_INTL_CXX_FLAGS -D_POSIX_C_SOURCE=200809L"
--- /dev/null
+--- a/ext/gd/config.m4
++++ b/ext/gd/config.m4
+@@ -152,7 +152,7 @@ AC_DEFUN([PHP_GD_CHECK_FORMAT],[
+ LIBS="${LIBS} ${GD_SHARED_LIBADD}"
+ old_CFLAGS="${CFLAGS}"
+ CFLAGS="${CFLAGS} ${GDLIB_CFLAGS}"
+- AC_MSG_CHECKING([for working gdImageCreateFrom$1 in libgd])
++ AC_MSG_CHECKING([for gdImageCreateFrom$1 in libgd (OpenWrt build config based)])
+ AC_LANG_PUSH([C])
+ AC_RUN_IFELSE([AC_LANG_SOURCE([
+ #include <stdio.h>
+@@ -179,7 +179,10 @@ int main(int argc, char** argv) {
+ ],[
+ AC_MSG_RESULT([no])
+ ],[
+- AC_MSG_RESULT([no])
++ AC_MSG_RESULT([$3])
++ m4_if([$3],[yes],[
++ AC_DEFINE($2, 1, [Does gdImageCreateFrom$1 work?])
++ ])
+ ])
+ AC_LANG_POP([C])
+ CFLAGS="${old_CFLAGS}"
+@@ -187,13 +190,14 @@ int main(int argc, char** argv) {
+ ])
+
+ AC_DEFUN([PHP_GD_CHECK_VERSION],[
+- PHP_GD_CHECK_FORMAT([Png], [HAVE_GD_PNG])
+- PHP_GD_CHECK_FORMAT([Avif], [HAVE_GD_AVIF])
+- PHP_GD_CHECK_FORMAT([Webp], [HAVE_GD_WEBP])
+- PHP_GD_CHECK_FORMAT([Jpeg], [HAVE_GD_JPG])
+- PHP_GD_CHECK_FORMAT([Xpm], [HAVE_GD_XPM])
+- PHP_GD_CHECK_FORMAT([Bmp], [HAVE_GD_BMP])
+- PHP_GD_CHECK_FORMAT([Tga], [HAVE_GD_TGA])
++ dnl The 3rd parameter is OpenWrt specific default derived from libgd build
++ PHP_GD_CHECK_FORMAT([Png], [HAVE_GD_PNG], [yes])
++ PHP_GD_CHECK_FORMAT([Avif], [HAVE_GD_AVIF], [no])
++ PHP_GD_CHECK_FORMAT([Webp], [HAVE_GD_WEBP], [yes])
++ PHP_GD_CHECK_FORMAT([Jpeg], [HAVE_GD_JPG], [yes])
++ PHP_GD_CHECK_FORMAT([Xpm], [HAVE_GD_XPM], [no])
++ PHP_GD_CHECK_FORMAT([Bmp], [HAVE_GD_BMP], [no])
++ PHP_GD_CHECK_FORMAT([Tga], [HAVE_GD_TGA], [no])
+ PHP_CHECK_LIBRARY(gd, gdFontCacheShutdown, [AC_DEFINE(HAVE_GD_FREETYPE, 1, [ ])], [], [ $GD_SHARED_LIBADD ])
+ PHP_CHECK_LIBRARY(gd, gdVersionString, [AC_DEFINE(HAVE_GD_LIBVERSION, 1, [ ])], [], [ $GD_SHARED_LIBADD ])
+ PHP_CHECK_LIBRARY(gd, gdImageGetInterpolationMethod, [AC_DEFINE(HAVE_GD_GET_INTERPOLATION, 1, [ ])], [], [ $GD_SHARED_LIBADD ])
include $(TOPDIR)/rules.mk
PKG_NAME:=django-restframework
-PKG_VERSION:=3.15.1
+PKG_VERSION:=3.15.2
PKG_RELEASE:=1
PYPI_NAME:=djangorestframework
-PKG_HASH:=f88fad74183dfc7144b2756d0d2ac716ea5b4c7c9840995ac3bfd8ec034333c1
+PKG_HASH:=36fe88cd2d6c6bec23dca9804bab2ba5517a8bb9d8f47ebc68981b56840107ad
PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
PKG_LICENSE:=BSD-3-Clause
include $(TOPDIR)/rules.mk
PKG_NAME:=django
-PKG_VERSION:=5.0.4
+PKG_VERSION:=5.1
PKG_RELEASE:=1
PYPI_NAME:=Django
-PKG_HASH:=4bd01a8c830bb77a8a3b0e7d8b25b887e536ad17a81ba2dce5476135c73312bd
+PKG_HASH:=848a5980e8efb76eea70872fb0e4bc5e371619c70fffbe48e3e1b50b2c09455d
PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>, Peter Stadler <peter.stadler@student.uibk.ac.at>
PKG_LICENSE:=BSD-3-Clause
include $(TOPDIR)/rules.mk
PKG_NAME:=numpy
-PKG_VERSION:=1.26.4
+PKG_VERSION:=2.1.0
PKG_RELEASE:=1
PYPI_NAME:=$(PKG_NAME)
-PKG_HASH:=2a02aba9ed12e4ac4eb3ea9421c420301a0c6460d9830d74a9df87efa4912010
+PKG_HASH:=7dc90da0081f7e1da49ec4e398ede6a8e9cc4f5ebe5f9e06b443ed889ee9aaa2
PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
--- a/pyproject.toml
+++ b/pyproject.toml
-@@ -1,8 +1,8 @@
+@@ -1,7 +1,7 @@
[build-system]
-build-backend = "mesonpy"
+#build-backend = "mesonpy"
requires = [
- "Cython>=0.29.34,<3.1",
-- "meson-python>=0.15.0,<0.16.0",
-+# "meson-python>=0.15.0,<0.16.0",
+- "meson-python>=0.15.0",
++# "meson-python>=0.15.0",
+ "Cython>=3.0.6", # keep in sync with version check in meson.build
]
- [project]
-@@ -181,14 +181,14 @@ environment = {PKG_CONFIG_PATH="/opt/32/
- config-settings = "setup-args=--vsenv setup-args=-Dallow-noblas=true"
+@@ -181,8 +181,8 @@ select = "*-win32"
+ config-settings = "setup-args=--vsenv setup-args=-Dallow-noblas=true build-dir=build"
repair-wheel-command = ""
-[tool.meson-python]
+#[tool.meson-python]
+#meson = 'vendored-meson/meson/meson.py'
+ [tool.meson-python.args]
+ install = ['--tags=runtime,python-runtime,tests,devel']
+@@ -190,8 +190,8 @@ install = ['--tags=runtime,python-runtim
[tool.spin]
package = 'numpy'
--- /dev/null
+--- a/pyproject.toml
++++ b/pyproject.toml
+@@ -59,6 +59,9 @@ download = "https://pypi.org/project/num
+ tracker = "https://github.com/numpy/numpy/issues"
+ "release notes" = "https://numpy.org/doc/stable/release"
+
++[tool.setuptools]
++py-modules = []
++
+ [tool.towncrier]
+ single_file = false
+ filename = "doc/source/release/notes-towncrier.rst"
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=python-evdev
-PKG_VERSION:=1.7.0
+PKG_VERSION:=1.7.1
PKG_RELEASE:=1
PKG_LICENSE:=BSD-3-Clause
PKG_MAINTAINER:=Paulo Costa <me@paulo.costa.nom.br>, Alexandru Ardelean <ardeleanalex@gmail.com>
PYPI_NAME:=evdev
-PKG_HASH:=95bd2a1e0c6ce2cd7a2ecc6e6cd9736ff794b3ad5cb54d81d8cbc2e414d0b870
+PKG_HASH:=0c72c370bda29d857e188d931019c32651a9c1ea977c08c8d939b1ced1637fde
include ../pypi.mk
include $(INCLUDE_DIR)/package.mk
include $(TOPDIR)/rules.mk
PKG_NAME:=python-lxml
-PKG_VERSION:=5.2.1
+PKG_VERSION:=5.2.2
PKG_RELEASE:=1
PYPI_NAME:=lxml
-PKG_HASH:=3f7765e69bbce0906a7c74d5fe46d2c7a7596147318dbc08e4a2431f3060e306
+PKG_HASH:=bb2dc4898180bea79863d5487e5f9c7c34297414bad54bcd0f0852aee9cfdb87
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSES.txt
include $(TOPDIR)/rules.mk
PKG_NAME:=python-networkx
-PKG_VERSION:=3.2.1
+PKG_VERSION:=3.3
PKG_RELEASE:=1
PYPI_NAME:=networkx
-PKG_HASH:=9f1bb5cf3409bf324e0a722c20bdb4c20ee39bf1c30ce8ae499c8502b0b5e0c6
+PKG_HASH:=0c127d8b2f4865f59ae9cb8aafcd60b5c70f3241ebd66f7defad7c4ab90126c9
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE.txt
include $(TOPDIR)/rules.mk
PKG_NAME:=python-requests
-PKG_VERSION:=2.31.0
+PKG_VERSION:=2.32.3
PKG_RELEASE:=1
PKG_MAINTAINER:=Josef Schlehofer <pepe.schlehofer@gmail.com>, Alexandru Ardelean <ardeleanalex@gmail.com>
PKG_CPE_ID:=cpe:/a:python:requests
PYPI_NAME:=requests
-PKG_HASH:=942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1
+PKG_HASH:=55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760
include ../pypi.mk
include $(INCLUDE_DIR)/package.mk
include $(TOPDIR)/rules.mk
PKG_NAME:=python-selinux
-PKG_VERSION:=3.5
+PKG_VERSION:=3.6
PKG_RELEASE:=1
SRC_NAME:=libselinux
PKG_SOURCE:=$(SRC_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION)
-PKG_HASH:=9a3a3705ac13a2ccca2de6d652b6356fead10f36fb33115c185c5ccdf29eec19
+PKG_HASH:=ba4e0ef34b270e7672a5e5f1b523fe2beab3a40bb33d9389f4ad3a8728f21b52
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/$(SRC_NAME)-$(PKG_VERSION)
PKG_MAINTAINER:=Thomas Petazzoni <thomas.petazzoni@bootlin.com>
LDSHARED="$(HOSTCC) -shared" \
CFLAGS="$(HOST_CFLAGS)" \
CPPFLAGS="$(HOST_CPPFLAGS) -I$(HOST_PYTHON3_INC_DIR)" \
- LDFLAGS="$(HOST_LDFLAGS) -lpython$(PYTHON3_VERSION) -Wl$(comma)-rpath$(comma)$(STAGING_DIR_HOSTPKG)/lib" \
+ LDFLAGS="$(HOST_LDFLAGS) -lpython$(PYTHON3_VERSION)" \
$(CARGO_HOST_CONFIG_VARS) \
SETUPTOOLS_RUST_CARGO_PROFILE="$(CARGO_HOST_PROFILE)"
include ../python3-version.mk
PKG_NAME:=python3
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_VERSION:=$(PYTHON3_VERSION).$(PYTHON3_VERSION_MICRO)
PKG_SOURCE:=Python-$(PKG_VERSION).tar.xz
HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/Python-$(PKG_VERSION)
PKG_BUILD_DEPENDS:=bluez python3/host python-build/host python-installer/host python-wheel/host
-HOST_BUILD_DEPENDS:=bzip2/host libffi/host
+HOST_BUILD_DEPENDS:=bzip2/host libffi/host readline/host
include $(INCLUDE_DIR)/host-build.mk
include $(INCLUDE_DIR)/package.mk
Py3Package/python3-light/install:=:
Package/python3/install:=:
-# libuuid is provided by e2fsprogs and uuid/uuid.h is moved into
-# $(STAGING_DIR_HOST)/include/e2fsprogs
-HOST_CFLAGS += \
- -I$(STAGING_DIR_HOST)/include/e2fsprogs
-HOST_CPPFLAGS += \
- -I$(STAGING_DIR_HOST)/include/e2fsprogs
-
-HOST_LDFLAGS += \
- -Wl$(comma)-rpath$(comma)$(STAGING_DIR_HOSTPKG)/lib
-
ifeq ($(HOST_OS),Linux)
HOST_LDFLAGS += \
-Wl,--no-as-needed -lrt
--- /dev/null
+--- a/configure.ac
++++ b/configure.ac
+@@ -5839,20 +5839,13 @@ if test "$with_readline" != no; then
+ # library. NOTE: Keep the precedence of listed libraries synchronised
+ # with setup.py.
+ AC_MSG_CHECKING([how to link readline libs])
+- for py_libtermcap in "" tinfo ncursesw ncurses curses termcap; do
+- if test -z "$py_libtermcap"; then
+- READLINE_LIBS="-l$LIBREADLINE"
+- else
+- READLINE_LIBS="-l$LIBREADLINE -l$py_libtermcap"
+- fi
+- LIBS="$READLINE_LIBS $LIBS_no_readline"
+- AC_LINK_IFELSE(
+- [AC_LANG_CALL([],[readline])],
+- [py_cv_lib_readline=yes])
+- if test $py_cv_lib_readline = yes; then
+- break
+- fi
+- done
++ PKG_CHECK_MODULES_STATIC(
++ [READLINE], [readline], [
++ py_cv_lib_readline=yes
++ AC_DEFINE(HAVE_LIBREADLINE, 1,
++ [Define to build the readline module.])
++ ], py_cv_lib_readline=no
++ )
+
+ # Uncomment this line if you want to use READLINE_LIBS in Makefile or scripts
+ #AC_SUBST([READLINE_LIBS])
+@@ -5860,8 +5853,6 @@ if test "$with_readline" != no; then
+ AC_MSG_RESULT([none])
+ else
+ AC_MSG_RESULT([$READLINE_LIBS])
+- AC_DEFINE(HAVE_LIBREADLINE, 1,
+- [Define to build the readline module.])
+ fi
+ fi
+
+@@ -6099,12 +6090,6 @@ then
+ [Define if you have struct stat.st_mtimensec])
+ fi
+
+-# first curses header check
+-ac_save_cppflags="$CPPFLAGS"
+-if test "$cross_compiling" = no; then
+- CPPFLAGS="$CPPFLAGS -I/usr/include/ncursesw"
+-fi
+-
+ AC_CHECK_HEADERS(curses.h ncurses.h)
+
+ # On Solaris, term.h requires curses.h
include $(TOPDIR)/rules.mk
PKG_NAME:=ruby
-PKG_VERSION:=3.2.2
-PKG_RELEASE:=2
+PKG_VERSION:=3.3.4
+PKG_RELEASE:=1
# First two numbes
PKG_ABI_VERSION:=$(subst $(space),.,$(wordlist 1, 2, $(subst .,$(space),$(PKG_VERSION))))
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://cache.ruby-lang.org/pub/ruby/$(PKG_ABI_VERSION)/
-PKG_HASH:=4b352d0f7ec384e332e3e44cdbfdcd5ff2d594af3c8296b5636c710975149e23
+PKG_HASH:=fe6a30f97d54e029768f2ddf4923699c416cdbc3a6e96db3e2d5716c7db96a34
PKG_MAINTAINER:=Luiz Angelo Daros de Luca <luizluca@gmail.com>
PKG_LICENSE:=BSD-2-Clause
PKG_LICENSE_FILES:=COPYING
/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/debug-*/README.md
/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/debug-*/TODO.md
endef
+define Package/ruby-debug/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/rdbg $(1)/usr/bin/
+ $(call RubyBuildPackage/install,debug,$(1))
+endef
define Package/ruby-delegate/files
/usr/lib/ruby/$(PKG_ABI_VERSION)/delegate.rb
endef
define Package/ruby-gems/files
+/usr/lib/ruby/$(PKG_ABI_VERSION)/bundled_gems.rb
/usr/lib/ruby/$(PKG_ABI_VERSION)/rubygems.rb
/usr/lib/ruby/$(PKG_ABI_VERSION)/rubygems
endef
define Package/ruby-net-smtp/files-excluded
/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/net-smtp-*/LICENSE.txt
/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/net-smtp-*/README.md
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/net-smtp-*/NEWS.md
endef
define Package/ruby-nkf/files
/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/prime-*/README.md
endef
+define Package/ruby-prism/files
+/usr/lib/ruby/$(PKG_ABI_VERSION)/prism.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/prism/*
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/specifications/default/prism-*.gemspec
+endef
+
define Package/ruby-pstore/files
/usr/lib/ruby/$(PKG_ABI_VERSION)/pstore.rb
/usr/lib/ruby/$(PKG_ABI_VERSION)/pstore/
/usr/lib/ruby/$(PKG_ABI_VERSION)/racc
/usr/lib/ruby/$(PKG_ABI_VERSION)/*/racc/*.so
/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/racc-*/
-/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/specifications/default/racc-*.gemspec
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/specifications/racc-*.gemspec
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/extensions/*/$(PKG_ABI_VERSION)/racc-*/*
endef
define Package/ruby-racc/install
$(INSTALL_DIR) $(1)/usr/bin
/usr/lib/ruby/$(PKG_ABI_VERSION)/*/ripper.so
endef
+define Package/ruby-rjit/files
+/usr/lib/ruby/$(PKG_ABI_VERSION)/ruby_vm/rjit/
+endef
+
define Package/ruby-rss/files
/usr/lib/ruby/$(PKG_ABI_VERSION)/rss
/usr/lib/ruby/$(PKG_ABI_VERSION)/rss.rb
/usr/lib/ruby/$(PKG_ABI_VERSION)/syntax_suggest.rb
/usr/lib/ruby/$(PKG_ABI_VERSION)/syntax_suggest/
/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/specifications/default/syntax_suggest-*.gemspec
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/syntax_suggest-*/
+endef
+define Package/ruby-syntax_suggest/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/syntax_suggest $(1)/usr/bin/
+ $(call RubyBuildPackage/install,syntax_suggest,$(1))
endef
define Package/ruby-syslog/files
$$(eval $$(call BuildPackage,ruby-$(1)))
endef
+
$(eval $(call BuildPackage,libruby))
$(eval $(call BuildPackage,ruby))
$(eval $(call BuildPackage,ruby-dev))
$(eval $(call RubyBuildPackage,base64,Encode and decode base64,))
$(eval $(call RubyBuildPackage,benchmark,Performance benchmarking library,))
$(eval $(call RubyBuildPackage,bigdecimal,Arbitrary-precision decimal floating-point library,))
-$(eval $(call RubyBuildPackage,bundler,Manage dependencies,+ruby-erb +ruby-irb +ruby-logger +ruby-open-uri +ruby-readline +ruby-yaml))
+$(eval $(call RubyBuildPackage,bundler,Manage dependencies,+ruby-erb +ruby-irb +ruby-logger +ruby-readline +ruby-yaml))
$(eval $(call RubyBuildPackage,cgi,CGI support toolkit,+ruby-pstore +ruby-securerandom +ruby-shellwords +ruby-stringio +ruby-tempfile))
$(eval $(call RubyBuildPackage,continuation,Similar to C setjmp/longjmp with extra states,))
$(eval $(call RubyBuildPackage,coverage,Coverage measurement,))
$(eval $(call RubyBuildPackage,fileutils,File utility methods for copying moving removing etc,+ruby-enc +ruby-etc +ruby-rbconfig +ruby-socket))
$(eval $(call RubyBuildPackage,find,top-down traversal of a set of file paths,+ruby-enc))
$(eval $(call RubyBuildPackage,forwardable,delegation of methods to a object,))
-$(eval $(call RubyBuildPackage,gems,gems packet management,+ruby-json +ruby-net-http +ruby-open3 +ruby-pathname +ruby-psych +ruby-rake))
+$(eval $(call RubyBuildPackage,gems,gems packet management,+ruby-json +ruby-open-uri +ruby-open3 +ruby-pathname +ruby-psych +ruby-rake))
$(eval $(call RubyBuildPackage,getoptlong,implementation of getoptLong,))
$(eval $(call RubyBuildPackage,io-console,Console interface,))
$(eval $(call RubyBuildPackage,io-nonblock,Non-blocking mode with IO class,))
$(eval $(call RubyBuildPackage,io-wait,Waits until IO is readable or writable without blocking,))
$(eval $(call RubyBuildPackage,ipaddr,Set of methods to manipulate an IP address,+ruby-socket))
$(eval $(call RubyBuildPackage,irb,(interactive shell),+ruby-gems +ruby-reline +ruby-ripper))
-$(eval $(call RubyBuildPackage,json,JSON Implementation for Ruby,+ruby-date +ruby-ostruct))
+$(eval $(call RubyBuildPackage,json,JSON Implementation for Ruby,+ruby-bigdecimal +ruby-date +ruby-ostruct))
$(eval $(call RubyBuildPackage,logger,logger and syslog library,+ruby-monitor +ruby-rbconfig))
$(eval $(call RubyBuildPackage,matrix,implementation of Matrix and Vector classes,))
$(eval $(call RubyBuildPackage,minitest,Gem minitest,+ruby-gems +ruby-mutex_m))
$(eval $(call RubyBuildPackage,mutex_m,extend objects to be handled like a Mutex,))
$(eval $(call RubyBuildPackage,net-ftp,FTP lib,+ruby-monitor +ruby-net-protocol +ruby-openssl +ruby-time))
$(eval $(call RubyBuildPackage,net-http,HTTP lib,+ruby-cgi +ruby-net-protocol +ruby-resolv +ruby-strscan +ruby-uri +ruby-zlib))
-$(eval $(call RubyBuildPackage,net-imap,IMAP lib,+ruby-json +ruby-monitor +ruby-net-protocol +ruby-openssl +ruby-strscan))
+$(eval $(call RubyBuildPackage,net-imap,IMAP lib,+ruby-json +ruby-monitor +ruby-net-protocol +ruby-securerandom +ruby-strscan +ruby-time))
$(eval $(call RubyBuildPackage,net-pop,POP3 lib,+ruby-net-protocol +ruby-openssl))
$(eval $(call RubyBuildPackage,net-protocol,Abstract for net-* clients,+ruby-socket +ruby-timeout))
$(eval $(call RubyBuildPackage,net-smtp,SMTP lib,+ruby-net-protocol +ruby-openssl))
$(eval $(call RubyBuildPackage,pp,Pretty print objects,+ruby-etc +ruby-io-console +ruby-prettyprint))
$(eval $(call RubyBuildPackage,prettyprint,PrettyPrint library,))
$(eval $(call RubyBuildPackage,prime,Prime numbers and factorization library,+ruby-forwardable +ruby-singleton))
+$(eval $(call RubyBuildPackage,prism,parser for the Ruby programming language,+ruby-delegate +ruby-enc +ruby-rbconfig +ruby-ripper +ruby-stringio))
$(eval $(call RubyBuildPackage,pstore,file based persistence,+ruby-digest +ruby-enc))
-$(eval $(call RubyBuildPackage,psych,YAML parser and emitter,+ruby-bigdecimal +ruby-date +ruby-enc +ruby-forwardable +ruby-stringio +libyaml))
+$(eval $(call RubyBuildPackage,psych,YAML parser and emitter,+ruby-bigdecimal +ruby-date +ruby-enc +ruby-stringio +libyaml))
$(eval $(call RubyBuildPackage,pty,Creates and manages pseudo terminals,))
-$(eval $(call RubyBuildPackage,racc,LALR parser generator,+ruby-forwardable +ruby-optparse +ruby-rbconfig +ruby-stringio))
+$(eval $(call RubyBuildPackage,racc,LALR parser generator,+ruby-forwardable +ruby-mkmf +ruby-optparse +ruby-stringio))
$(eval $(call RubyBuildPackage,rake,Rake (make replacement),+ruby-fileutils +ruby-monitor +ruby-optparse +ruby-ostruct +ruby-set +ruby-singleton))
$(eval $(call RubyBuildPackage,random_formatter,Formats generated random numbers in many manners,))
$(eval $(call RubyBuildPackage,rbconfig,RbConfig,))
-$(eval $(call RubyBuildPackage,rbs,RBS provides syntax and semantics definition for the Ruby Signature language,+ruby-logger +ruby-mkmf +ruby-rdoc))
+$(eval $(call RubyBuildPackage,rbs,RBS provides syntax and semantics definition for the Ruby Signature language,+ruby-abbrev +ruby-logger +ruby-rdoc))
$(eval $(call RubyBuildPackage,rdoc,RDoc produces HTML and command-line documentation for Ruby projects,+ruby-did-you-mean +ruby-erb +ruby-racc +ruby-ripper +ruby-yaml))
$(eval $(call RubyBuildPackage,readline-ext,support for native GNU readline,+libncurses +libreadline))
$(eval $(call RubyBuildPackage,readline,loads readline-ext(native) or reline(ruby),+ruby-reline))
-$(eval $(call RubyBuildPackage,reline,alternative to readline-ext in pure ruby,+ruby-fiddle +ruby-forwardable +ruby-io-console +ruby-tempfile +ruby-timeout))
+$(eval $(call RubyBuildPackage,reline,alternative to readline-ext in pure ruby,+ruby-fiddle +ruby-forwardable +ruby-io-console +ruby-tempfile))
$(eval $(call RubyBuildPackage,resolv,DNS resolver library,+ruby-securerandom +ruby-timeout))
$(eval $(call RubyBuildPackage,resolv-replace,Replace Socket DNS with Resolv,+ruby-resolv))
$(eval $(call RubyBuildPackage,rexml,XML toolkit,+ruby-enc +ruby-forwardable +ruby-pp +ruby-set +ruby-stringio +ruby-strscan))
$(eval $(call RubyBuildPackage,rinda,Linda paradigm implementation,+ruby-drb +ruby-forwardable))
$(eval $(call RubyBuildPackage,ripper,script parser,))
+$(eval $(call RubyBuildPackage,rjit,jit written in pure Ruby,+ruby-fiddle +ruby-set))
$(eval $(call RubyBuildPackage,rss,RSS toolkit,+ruby-english +ruby-nkf +ruby-open-uri +ruby-rexml))
$(eval $(call RubyBuildPackage,ruby2_keywords,Placeholder to satisfy dependencies on ruby2_keywords))
$(eval $(call RubyBuildPackage,securerandom,Secure random number generators,+ruby-openssl +ruby-random_formatter))
$(eval $(call RubyBuildPackage,socket,socket support,+ruby-io-wait))
$(eval $(call RubyBuildPackage,stringio,Pseudo `IO` class from/to `String`,))
$(eval $(call RubyBuildPackage,strscan,Lexical scanning operations on a String,))
-$(eval $(call RubyBuildPackage,syntax_suggest,Find missing end syntax errors,+ruby-optparse +ruby-pathname +ruby-ripper +ruby-stringio +ruby-timeout +ruby-tmpdir))
+$(eval $(call RubyBuildPackage,syntax_suggest,Find missing end syntax errors,+ruby-gems +ruby-prism))
$(eval $(call RubyBuildPackage,syslog,Syslog Lib,+ruby-logger))
$(eval $(call RubyBuildPackage,tempfile,Manages temporary files,+ruby-delegate +ruby-tmpdir))
$(eval $(call RubyBuildPackage,testunit,Gem test-unit,+ruby-csv +ruby-debug +ruby-erb +ruby-powerassert +ruby-rexml +ruby-yaml))
# Fake enc/utf_16 to dummy enc:
package_files["ruby-enc"]+=[RbConfig::CONFIG["rubylibdir"] + "/enc/utf_16.rb" ]
-require_regex=/^require ["']([^"']+)["'].*/
-require_regex_ignore=/^require ([a-zA-Z\$]|["']$|.*\/$)/
+require_regex=/^ *require ["']([^"']+)["'].*/
+require_regex_ignore=/^ *require ([a-zA-Z\$]|["']\$|.*\/$|.*#.*|.*\.$)/
require_ignore=%w{
- bundler
- capistrano/version
- coverage/helpers
- dbm
- diff/lcs
- foo
- gettext/mo
- gettext/po_parser
- graphviz
- iconv
- java
- jruby
- json/pure
- minitest/proveit
- open3/jruby_windows
- profile
- racc/cparse-jruby.jar
- rubygems/defaults/operating_system
- sorted_set
- stackprof
- thread
- tracer
- uconv
- webrick
- webrick/https
- win32api
- win32console
- win32ole
- win32/resolv
- win32/sspi
- xml/encoding-ja
- xmlencoding-ja
- xml/parser
- xmlparser
- xmlscan/scanner
+ bundler
+ capistrano/version
+ coverage/helpers
+ dbm
+ ffi
+ fiber
+ foo
+ gettext/mo
+ gettext/po_parser
+ graphviz
+ iconv
+ java
+ jruby
+ json/pure
+ minitest/proveit
+ open3/jruby_windows
+ prism/prism
+ profile
+ racc/cparse-jruby.jar
+ repl_type_completor
+ rubygems/defaults/operating_system
+ rubygems/net/http
+ rubygems/timeout
+ sorted_set
+ stackprof
+ thread
+ tracer
+ uconv
+ webrick
+ webrick/https
+ win32api
+ win32ole
+ win32/resolv
+ win32/sspi
+ xml/encoding-ja
+ xmlencoding-ja
+ xml/parser
+ xmlparser
+ xmlscan/scanner
}
matched_ignored={}
when /^require /
#puts "#{file}:#{line}"
if require_regex_ignore =~ line
- #puts "Ignoring #{line} at #{file}:#{lineno} (REGEX)..."
+ puts "Ignoring #{line} at #{file}:#{lineno} (REGEX)..."
next
end
if not require_regex =~ line
- puts "Unknown require: '#{line}' at file #{file}:#{lineno}"
+ puts "Unknown require: '#{line}' at file #{file}:#{lineno} and it did not match #{require_regex_ignore}"
failed=true
end
require=line.gsub(require_regex,"\\1")
# For optional require or for breaking cycle dependencies
weak_dependency=Hash.new { |h,k| h[k]=[] }
weak_dependency.merge!({
-"ruby-irb" =>%w{ruby-rdoc ruby-readline ruby-debug}, # irb/cmd/help.rb irb/cmd/debug.rb,3.2/irb/cmd/debug.rb
-"ruby-gems" =>%w{ruby-bundler ruby-rdoc}, # rubygems.rb rubygems/server.rb
-"ruby-racc" =>%w{ruby-gems}, # /usr/bin/racc*
-"ruby-rake" =>%w{ruby-gems}, # /usr/bin/rake
-"ruby-rdoc" =>%w{ruby-readline}, # rdoc/ri/driver.rb
-"ruby-testunit" =>%w{ruby-io-console}, # gems/test-unit-3.1.5/lib/test/unit/ui/console/testrunner.rb
-"ruby-net-http" =>%w{ruby-open-uri} # net/http/status.rb
+ "ruby-irb" =>%w{ruby-rdoc ruby-readline ruby-debug}, # irb/cmd/help.rb irb/cmd/debug.rb,3.2/irb/cmd/debug.rb
+ "ruby-gems" =>%w{ruby-bundler ruby-rdoc}, # rubygems.rb rubygems/server.rb rdoc/rubygems_hook
+ "ruby-racc" =>%w{ruby-gems}, # /usr/bin/racc*
+ "ruby-rake" =>%w{ruby-gems ruby-debug}, # /usr/bin/rake gems/3.3/gems/rake-13.1.0/lib/rake/application.rb
+ "ruby-rdoc" =>%w{ruby-readline}, # rdoc/ri/driver.rb
+ "ruby-testunit" =>%w{ruby-io-console}, # gems/test-unit-3.1.5/lib/test/unit/ui/console/testrunner.rb
+ "ruby-net-http" =>%w{ruby-open-uri} # net/http/status.rb
})
puts "Looking for package dependencies..."
deps.each {|dep| puts "#{pkg}: #{dep} also depends on #{pkg}" if package_dependencies[dep].include?(pkg) }
deps_new = deps.collect {|dep| [dep] + package_dependencies[dep] }.inject([],:+).uniq.sort
if not deps == deps_new
- puts "#{pkg}: #{deps.join(",")}"
- puts "#{pkg}: #{deps_new.join(",")}"
+ puts "#{pkg}: {deps.join(",")} (OLD)"
+ puts "#{pkg}: #{deps_new.join(",")} (NEW)"
package_dependencies[pkg]=deps_new
if deps_new.include?(pkg)
function list_staging_files {
cd "$1"; find \
\( \( -name "root-*" -or -name "packages" -or -name "stamp" -or -name "pkginfo" -or -name "host" -or -name man \) -prune \) -or -true \
- \( -path "*ruby*" -or -name "erb" -or -name "gem" -or -name "irb" -or -name "rake" -or -name "rdoc" -or -name "ri" -or -name "testrb" -or -name "racc" -or -name "racc2y" -or -name "y2racc" \) \
+ \( \
+ -path "*ruby*" -or \
+ -name "bundle" -or \
+ -name "bundler" -or \
+ -name "erb" -or \
+ -name "gem" -or \
+ -name "irb" -or \
+ -name "racc" -or \
+ -name "racc2y" -or \
+ -name "rake" -or \
+ -name "rbs" -or \
+ -name "rdbg" -or \
+ -name "rdoc" -or \
+ -name "ri" -or \
+ -name "syntax_suggest" -or \
+ -name "testrb" -or \
+ -name "typeprof" -or \
+ -name "y2racc" \
+ \) \
-not -path "*/usr/lib/ruby/gems/*/cache/*" \
-not -name "*test_case.rb" \
-not -name "*.rdoc" \
include $(TOPDIR)/rules.mk
PKG_NAME:=rust
-PKG_VERSION:=1.78.0
-PKG_RELEASE:=2
+PKG_VERSION:=1.81.0
+PKG_RELEASE:=1
PKG_SOURCE:=rustc-$(PKG_VERSION)-src.tar.gz
PKG_SOURCE_URL:=https://static.rust-lang.org/dist/
-PKG_HASH:=ff544823a5cb27f2738128577f1e7e00ee8f4c83f2a348781ae4fc355e91d5a9
+PKG_HASH:=872448febdff32e50c3c90a7e15f9bb2db131d13c588fe9071b0ed88837ccfa7
HOST_BUILD_DIR:=$(BUILD_DIR)/host/rustc-$(PKG_VERSION)-src
PKG_MAINTAINER:=Luca Barbato <lu_zero@luminem.org>
--set=target.$(RUSTC_TARGET_ARCH).linker=$(TARGET_CC_NOCACHE) \
--set=target.$(RUSTC_TARGET_ARCH).ranlib=$(TARGET_RANLIB) \
--set=target.$(RUSTC_TARGET_ARCH).crt-static=false \
- $(if $(CONFIG_USE_MUSL),--set=target.$(RUSTC_TARGET_ARCH).musl-root=$(TOOLCHAIN_DIR))
+ $(if $(CONFIG_USE_MUSL),--set=target.$(RUSTC_TARGET_ARCH).musl-root=$(TOOLCHAIN_ROOT_DIR))
# CARGO_HOME is an environmental
HOST_CONFIGURE_VARS += CARGO_HOME="$(CARGO_HOME)"
--- a/src/bootstrap/Cargo.toml
+++ b/src/bootstrap/Cargo.toml
-@@ -61,7 +61,7 @@ tar = "0.4"
+@@ -60,7 +60,7 @@ tar = "0.4"
termcolor = "1.4"
toml = "0.5"
walkdir = "2.4"
+xz2 = { version = "0.1", features = ["static"] }
# Dependencies needed by the build-metrics feature
- sysinfo = { version = "0.30", optional = true }
+ sysinfo = { version = "0.30", default-features = false, optional = true }
+++ /dev/null
-From bd479113d38aa453cbad9d9f5ca9c5fc8903b0cf Mon Sep 17 00:00:00 2001
-From: onur-ozkan <work@onurozkan.dev>
-Date: Thu, 11 Apr 2024 14:57:10 +0300
-Subject: [PATCH] correct the handling of `bootstrap-cache-path` option
-
-This change makes `build.bootstrap-cache-path` option to be configurable with
-`./configure` script, so it can be used like `./configure --bootstrap-cache-path=demo`.
-
-Signed-off-by: onur-ozkan <work@onurozkan.dev>
----
- config.example.toml | 2 +-
- src/bootstrap/configure.py | 4 +++-
- 2 files changed, 4 insertions(+), 2 deletions(-)
-
---- a/config.example.toml
-+++ b/config.example.toml
-@@ -302,7 +302,7 @@
-
- # Set the bootstrap/download cache path. It is useful when building rust
- # repeatedly in a CI invironment.
--# bootstrap-cache-path = /shared/cache
-+#bootstrap-cache-path = /path/to/shared/cache
-
- # Enable a build of the extended Rust tool set which is not only the compiler
- # but also tools such as Cargo. This will also produce "combined installers"
---- a/src/bootstrap/configure.py
-+++ b/src/bootstrap/configure.py
-@@ -152,9 +152,9 @@ v("default-linker", "rust.default-linker
- # (others are conditionally saved).
- o("manage-submodules", "build.submodules", "let the build manage the git submodules")
- o("full-bootstrap", "build.full-bootstrap", "build three compilers instead of two (not recommended except for testing reproducible builds)")
--o("bootstrap-cache-path", "build.bootstrap-cache-path", "use provided path for the bootstrap cache")
- o("extended", "build.extended", "build an extended rust tool set")
-
-+v("bootstrap-cache-path", None, "use provided path for the bootstrap cache")
- v("tools", None, "List of extended tools will be installed")
- v("codegen-backends", None, "List of codegen backends to build")
- v("build", "build.build", "GNUs ./configure syntax LLVM build triple")
-@@ -359,6 +359,8 @@ def apply_args(known_args, option_checki
- set('target.{}.llvm-filecheck'.format(build_triple), value, config)
- elif option.name == 'tools':
- set('build.tools', value.split(','), config)
-+ elif option.name == 'bootstrap-cache-path':
-+ set('build.bootstrap-cache-path', value, config)
- elif option.name == 'codegen-backends':
- set('rust.codegen-backends', value.split(','), config)
- elif option.name == 'host':
This patch bumps all libc dependencies and checksums to 0.2.147, which includes the fix for musl 1.2.4.
---- a/vendor/elasticlunr-rs/Cargo.lock
-+++ b/vendor/elasticlunr-rs/Cargo.lock
+--- a/vendor/elasticlunr-rs-3.0.2/Cargo.lock
++++ b/vendor/elasticlunr-rs-3.0.2/Cargo.lock
@@ -555,9 +555,9 @@ checksum = "e2abad23fbc42b3700f2f279844d
[[package]]
[[package]]
name = "lindera"
---- a/vendor/libffi/Cargo.lock
-+++ b/vendor/libffi/Cargo.lock
+--- a/vendor/libffi-3.2.0/Cargo.lock
++++ b/vendor/libffi-3.2.0/Cargo.lock
@@ -10,9 +10,9 @@ checksum = "50d30906286121d95be3d479533b
[[package]]
+++ /dev/null
-From 4db00fe229f08b06feeee552ae53af9f49c25048 Mon Sep 17 00:00:00 2001
-From: Luca Barbato <lu_zero@gentoo.org>
-Date: Fri, 10 May 2024 16:38:19 +0200
-Subject: [PATCH] Use an helper to move the files
-
-In case the source is not in the same filesystem.
----
- src/bootstrap/src/core/build_steps/dist.rs | 6 ++++--
- src/bootstrap/src/core/download.rs | 6 +++---
- src/bootstrap/src/utils/helpers.rs | 15 +++++++++++++++
- src/bootstrap/src/utils/tarball.rs | 4 ++--
- 4 files changed, 24 insertions(+), 7 deletions(-)
-
---- a/src/bootstrap/src/core/build_steps/dist.rs
-+++ b/src/bootstrap/src/core/build_steps/dist.rs
-@@ -26,7 +26,9 @@ use crate::core::build_steps::tool::{sel
- use crate::core::builder::{Builder, Kind, RunConfig, ShouldRun, Step};
- use crate::core::config::TargetSelection;
- use crate::utils::channel;
--use crate::utils::helpers::{exe, is_dylib, output, t, target_supports_cranelift_backend, timeit};
-+use crate::utils::helpers::{
-+ exe, is_dylib, move_file, output, t, target_supports_cranelift_backend, timeit,
-+};
- use crate::utils::tarball::{GeneratedTarball, OverlayKind, Tarball};
- use crate::{Compiler, DependencyType, Mode, LLVM_TOOLS};
-
-@@ -1993,7 +1995,7 @@ impl Step for Extended {
- builder.run(&mut cmd);
-
- if !builder.config.dry_run() {
-- t!(fs::rename(exe.join(&filename), distdir(builder).join(&filename)));
-+ t!(move_file(exe.join(&filename), distdir(builder).join(&filename)));
- }
- }
- }
---- a/src/bootstrap/src/core/download.rs
-+++ b/src/bootstrap/src/core/download.rs
-@@ -12,7 +12,7 @@ use build_helper::ci::CiEnv;
- use xz2::bufread::XzDecoder;
-
- use crate::core::config::RustfmtMetadata;
--use crate::utils::helpers::{check_run, exe, program_out_of_date};
-+use crate::utils::helpers::{check_run, exe, move_file, program_out_of_date};
- use crate::{core::build_steps::llvm::detect_llvm_sha, utils::helpers::hex_encode};
- use crate::{t, Config};
-
-@@ -209,7 +209,7 @@ impl Config {
- None => panic!("no protocol in {url}"),
- }
- t!(
-- std::fs::rename(&tempfile, dest_path),
-+ move_file(&tempfile, dest_path),
- format!("failed to rename {tempfile:?} to {dest_path:?}")
- );
- }
-@@ -313,7 +313,7 @@ impl Config {
- if src_path.is_dir() && dst_path.exists() {
- continue;
- }
-- t!(fs::rename(src_path, dst_path));
-+ t!(move_file(src_path, dst_path));
- }
- let dst_dir = dst.join(directory_prefix);
- if dst_dir.exists() {
---- a/src/bootstrap/src/utils/helpers.rs
-+++ b/src/bootstrap/src/utils/helpers.rs
-@@ -150,6 +150,21 @@ pub fn symlink_dir(config: &Config, orig
- }
- }
-
-+/// Rename a file if from and to are in the same filesystem or
-+/// copy and remove the file otherwise
-+pub fn move_file<P: AsRef<Path>, Q: AsRef<Path>>(from: P, to: Q) -> io::Result<()> {
-+ match fs::rename(&from, &to) {
-+ // FIXME: Once `ErrorKind::CrossesDevices` is stabilized use
-+ // if e.kind() == io::ErrorKind::CrossesDevices {
-+ #[cfg(unix)]
-+ Err(e) if e.raw_os_error() == Some(libc::EXDEV) => {
-+ std::fs::copy(&from, &to)?;
-+ std::fs::remove_file(&from)
-+ }
-+ r => r,
-+ }
-+}
-+
- pub fn forcing_clang_based_tests() -> bool {
- if let Some(var) = env::var_os("RUSTBUILD_FORCE_CLANG_BASED_TESTS") {
- match &var.to_string_lossy().to_lowercase()[..] {
---- a/src/bootstrap/src/utils/tarball.rs
-+++ b/src/bootstrap/src/utils/tarball.rs
-@@ -6,7 +6,7 @@ use std::{
- use crate::core::builder::Builder;
- use crate::core::{build_steps::dist::distdir, builder::Kind};
- use crate::utils::channel;
--use crate::utils::helpers::t;
-+use crate::utils::helpers::{move_file, t};
-
- #[derive(Copy, Clone)]
- pub(crate) enum OverlayKind {
-@@ -269,7 +269,7 @@ impl<'a> Tarball<'a> {
- // name, not "image". We rename the image directory just before passing
- // into rust-installer.
- let dest = self.temp_dir.join(self.package_name());
-- t!(std::fs::rename(&self.image_dir, &dest));
-+ t!(move_file(&self.image_dir, &dest));
-
- self.run(|this, cmd| {
- let distdir = distdir(this.builder);
# ARM Logic
ifeq ($(ARCH),arm)
- ifeq ($(CONFIG_arm_v7),y)
+ ifeq ($(CONFIG_arm_v6)$(CONFIG_arm_v7),)
+ RUSTC_TARGET_ARCH:=$(subst arm,armv5te,$(RUSTC_TARGET_ARCH))
+ else ifeq ($(CONFIG_arm_v7),y)
RUSTC_TARGET_ARCH:=$(subst arm,armv7,$(RUSTC_TARGET_ARCH))
endif
PKG_NAME:=tcl
TCL_MAJOR_VERSION:=8.6
-PKG_VERSION:=${TCL_MAJOR_VERSION}.11
-PKG_RELEASE:=2
+PKG_VERSION:=${TCL_MAJOR_VERSION}.14
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)$(PKG_VERSION)-src.tar.gz
PKG_SOURCE_URL:=@SF/$(PKG_NAME)
-PKG_HASH:=8c0486668586672c5693d7d95817cb05a18c5ecca2f40e2836b9578064088258
+PKG_HASH:=5880225babf7954c58d4fb0f5cf6279104ce1cd6aa9b71e9a6322540e1c4de66
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)$(PKG_VERSION)
HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/$(PKG_NAME)$(PKG_VERSION)
include $(TOPDIR)/rules.mk
PKG_NAME:=afalg_engine
-PKG_VERSION:=1.2.0-beta.1
-PKG_RELEASE:=5
+PKG_VERSION:=1.2.1
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/cotequeiroz/afalg_engine/archive/v$(PKG_VERSION)
-PKG_HASH:=6f0da98a3c12eaf50331ac7cd81f7b8800abf54b96fd73bd3e37cc50fd3d2ba8
+PKG_HASH:=3f0f6ee9ea7a5ea9c668ec16f8c492aa024a82dca78d0fbe30fd256f9da95d65
PKG_MAINTAINER:=Eneas U de Queiroz <cotequeiroz@gmail.com>
PKG_LICENSE:=Apache-2.0
--- /dev/null
+#!/bin/sh
+
+test_afalg_engine() {
+ opkg install openssl-util
+ openssl engine -t -c -v -pre DUMP_INFO afalg
+}
+
+case "$1" in
+ libopenssl-afalg_sync)
+ test_afalg_engine
+ ;;
+ *)
+ echo "Unexpected package '$1'" >&2
+ exit 1
+ ;;
+esac
include $(TOPDIR)/rules.mk
PKG_NAME:=apr
-PKG_VERSION:=1.7.4
+PKG_VERSION:=1.7.5
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=@APACHE/apr/
-PKG_HASH:=fc648de983f3a2a6c9e78dea1f180639bd2fad6c06d556d4367a701fe5c35577
+PKG_HASH:=cd0f5d52b9ab1704c72160c5ee3ed5d3d4ca2df4a7f8ab564e3cb352b67232f2
PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>
include $(TOPDIR)/rules.mk
PKG_NAME:=boost
-PKG_VERSION:=1.84.0
-PKG_SOURCE_VERSION:=1_84_0
+PKG_VERSION:=1.86.0
+PKG_SOURCE_VERSION:=1_86_0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)_$(PKG_SOURCE_VERSION).tar.bz2
PKG_SOURCE_URL:=@SF/$(PKG_NAME)/$(PKG_NAME)/$(PKG_VERSION) https://boostorg.jfrog.io/artifactory/main/release/$(PKG_VERSION)/source/
-PKG_HASH:=cc4b893acf645c9d4b698e9a0f08ca8846aa5d6c68275c14c3e7949c24109454
+PKG_HASH:=1bed88e40401b2cb7a1f76d4bab499e352fa4d0c5f31c0dbae64e24d34d7513b
PKG_MAINTAINER:=Carlos M. Ferreira <carlosmf.pt@gmail.com>
PKG_LICENSE:=BSL-1.0
endef
define Package/boost/description
-This package provides the Boost v1.84.0 libraries.
+This package provides the Boost v1.86.0 libraries.
Boost is a set of free, peer-reviewed, portable C++ source libraries.
This package provides the following run-time libraries:
- atomic
+ - charconv
- chrono
- - cobalt (new)
+ - cobalt
- container
- context
- contract
- wave
There are many more header-only libraries supported by Boost.
-See more at http://www.boost.org/doc/libs/1_84_0/
+See more at http://www.boost.org/doc/libs/1_86_0/
endef
PKG_BUILD_DEPENDS:=boost/host
endef
$(eval $(call DefineBoostLibrary,atomic,system))
+$(eval $(call DefineBoostLibrary,charconv,,,,libquadmath))
$(eval $(call DefineBoostLibrary,chrono,system))
$(eval $(call DefineBoostLibrary,cobalt,system container))
$(eval $(call DefineBoostLibrary,container))
include $(TOPDIR)/rules.mk
PKG_NAME:=c-ares
-PKG_VERSION:=1.28.1
+PKG_VERSION:=1.33.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://c-ares.org/download
-PKG_HASH:=675a69fc54ddbf42e6830bc671eeb6cd89eeca43828eb413243fd2c0a760809d
+PKG_SOURCE_URL:=https://github.com/c-ares/c-ares/releases/download/v$(PKG_VERSION)
+PKG_HASH:=06869824094745872fa26efd4c48e622b9bd82a89ef0ce693dc682a23604f415
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE.md
--- /dev/null
+#
+# Copyright (C) 2009-2015 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=db
+PKG_VERSION:=5.3.28
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://download.oracle.com/berkeley-db/
+PKG_HASH:=e0a992d740709892e81f9d93f06daf305cf73fb81b545afe72478043172c3628
+
+PKG_MAINTAINER:=Marcel Denia <naoir@gmx.net>
+PKG_LICENSE:=Sleepycat
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_FIXUP:=autoreconf
+PKG_BUILD_DEPENDS:=libxml2
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/libdb47
+ SECTION:=libs
+ CATEGORY:=Libraries
+ TITLE:=Berkeley DB library
+ URL:=http://www.oracle.com/us/products/database/berkeley-db
+ PROVIDES:=libdb47-full
+ ABI_VERSION:=5
+endef
+
+define Package/libdb47/description
+ Berkeley DB library.
+endef
+
+define Package/libdb47xx
+ SECTION:=libs
+ CATEGORY:=Libraries
+ DEPENDS:=+libdb47 +libstdcpp
+ TITLE:=Berkeley DB library for C++
+ URL:=http://www.oracle.com/us/products/database/berkeley-db
+ PROVIDES:=libdb47xx-full
+ ABI_VERSION:=5
+endef
+
+define Package/libdb47xx/description
+ Berkeley DB library C++ wrapper.
+endef
+
+CONFIGURE_PATH = build_unix
+CONFIGURE_CMD = ../dist/configure
+
+CONFIGURE_ARGS += \
+ --enable-shared \
+ --enable-static \
+ --disable-java \
+ --with-mutex=POSIX/pthreads/library \
+ --disable-tcl \
+ --enable-compat185 \
+ --disable-debug \
+ $(if $(CONFIG_PACKAGE_libdb47xx),--enable-cxx,--disable-cxx)
+
+TARGET_CFLAGS += $(FPIC)
+
+define Build/Compile
+ +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/build_unix \
+ DESTDIR="$(PKG_INSTALL_DIR)" all
+ $(MAKE) -C $(PKG_BUILD_DIR)/build_unix \
+ DESTDIR="$(PKG_INSTALL_DIR)" install
+endef
+
+define Package/libdb47/install
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libdb-*.so $(1)/usr/lib/
+endef
+
+define Package/libdb47xx/install
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libdb_cxx-*.so $(1)/usr/lib/
+endef
+
+define Build/InstallDev
+ $(INSTALL_DIR) $(1)/usr/include
+ $(CP) $(PKG_INSTALL_DIR)/usr/include/db.h $(1)/usr/include/
+ $(CP) $(PKG_INSTALL_DIR)/usr/include/db_cxx.h $(1)/usr/include/
+ $(INSTALL_DIR) $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libdb*.{a,so} $(1)/usr/lib
+endef
+
+$(eval $(call BuildPackage,libdb47))
+$(eval $(call BuildPackage,libdb47xx))
--- /dev/null
+With higher paralelism it sometimes fails with:
+libtool: link: `util_log.lo' is not a valid libtool object
+make: *** [db_replicate] Error 1
+
+Upstream-Status: Inappropriate [as far as open source community is concerned, upstream is dead]
+
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+
+--- a/dist/Makefile.in
++++ b/dist/Makefile.in
+@@ -1034,7 +1034,7 @@ db_recover: db_recover@o@ util_sig@o@ $(
+ db_recover@o@ util_sig@o@ $(DEF_LIB) $(LIBS)
+ $(POSTLINK) $@
+
+-db_replicate: db_replicate@o@ util_sig@o@ $(DEF_LIB)
++db_replicate: db_replicate@o@ util_log@o@ util_sig@o@ $(DEF_LIB)
+ $(CCLINK) -o $@ $(LDFLAGS) \
+ db_replicate@o@ util_log@o@ util_sig@o@ $(DEF_LIB) $(LIBS)
+ $(POSTLINK) $@
--- /dev/null
+From 29621d637e30982489693f2e207ce6a1790e3337 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 22 Mar 2017 15:32:26 +0000
+Subject: [PATCH] atomic: Rename local __atomic_compare_exchange to avoid clash
+ with builtins
+
+Helps building with clang
+
+Fixes
+
+../db-5.3.28/src/dbinc/atomic.h:179:19: error: definition of builtin function '__atomic_compare_exchange'
+static inline int __atomic_compare_exchange(
+
+Upstream-Status: Inappropriate [as far as open source community is concerned, upstream is dead]
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/dbinc/atomic.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/src/dbinc/atomic.h
++++ b/src/dbinc/atomic.h
+@@ -144,7 +144,7 @@ typedef LONG volatile *interlocked_val;
+ #define atomic_inc(env, p) __atomic_inc(p)
+ #define atomic_dec(env, p) __atomic_dec(p)
+ #define atomic_compare_exchange(env, p, o, n) \
+- __atomic_compare_exchange((p), (o), (n))
++ __db_atomic_compare_exchange((p), (o), (n))
+ static inline int __atomic_inc(db_atomic_t *p)
+ {
+ int temp;
+@@ -176,7 +176,7 @@ static inline int __atomic_dec(db_atomic
+ * http://gcc.gnu.org/onlinedocs/gcc-4.1.0/gcc/Atomic-Builtins.html
+ * which configure could be changed to use.
+ */
+-static inline int __atomic_compare_exchange(
++static inline int __db_atomic_compare_exchange(
+ db_atomic_t *p, atomic_value_t oldval, atomic_value_t newval)
+ {
+ atomic_value_t was;
--- /dev/null
+From 32e5943a3c4637d39e4d65b544dcb99e280210e3 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sun, 23 Jul 2017 10:54:26 -0700
+Subject: [PATCH] configure: Add explicit tag options to libtool invocation
+
+This helps cross compile when tag inference via heuristics
+fail because CC variable is having -fPIE -pie and libtool
+smartly removes it when building libraries
+
+Upstream-Status: Inappropriate [as far as open source community is concerned, upstream is dead]
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ dist/configure.ac | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+--- a/dist/configure.ac
++++ b/dist/configure.ac
+@@ -366,12 +366,12 @@ LIBTOOL="./libtool"
+
+ INSTALLER="\$(LIBTOOL) --mode=install cp -p"
+
+-MAKEFILE_CC="\$(LIBTOOL) --mode=compile ${MAKEFILE_CC}"
+-MAKEFILE_SOLINK="\$(LIBTOOL) --mode=link ${MAKEFILE_CCLINK} -avoid-version"
+-MAKEFILE_CCLINK="\$(LIBTOOL) --mode=link ${MAKEFILE_CCLINK}"
+-MAKEFILE_CXX="\$(LIBTOOL) --mode=compile ${MAKEFILE_CXX}"
+-MAKEFILE_XSOLINK="\$(LIBTOOL) --mode=link ${MAKEFILE_CXXLINK} -avoid-version"
+-MAKEFILE_CXXLINK="\$(LIBTOOL) --mode=link ${MAKEFILE_CXXLINK}"
++MAKEFILE_CC="\$(LIBTOOL) --tag=CC --mode=compile ${MAKEFILE_CC}"
++MAKEFILE_SOLINK="\$(LIBTOOL) --tag=CC --mode=link ${MAKEFILE_CCLINK} -avoid-version"
++MAKEFILE_CCLINK="\$(LIBTOOL) --tag=CC --mode=link ${MAKEFILE_CCLINK}"
++MAKEFILE_CXX="\$(LIBTOOL) --tag=CXX --mode=compile ${MAKEFILE_CXX}"
++MAKEFILE_XSOLINK="\$(LIBTOOL) --tag=CXX --mode=link ${MAKEFILE_CXXLINK} -avoid-version"
++MAKEFILE_CXXLINK="\$(LIBTOOL) --tag=CXX --mode=link ${MAKEFILE_CXXLINK}"
+
+
+ case "$host_os" in
--- /dev/null
+configure wants to use host-specific types to get a 64-bit integer in db.h
+instead of using an alias such as int64_t. This means that the header differs
+in multilib environments for no good reason, so replace the type with the alias
+in stdint.h.
+
+This then breaks the overly complicated type check but as we know that int64_t
+exists and works, we can just delete that.
+
+Upstream-Status: Inappropriate [as far as open source community is concerned, upstream is dead]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+--- a/dist/aclocal/sequence.m4
++++ b/dist/aclocal/sequence.m4
+@@ -21,14 +21,14 @@ AC_DEFUN(AM_SEQUENCE_CONFIGURE, [
+ db_cv_seq_type="no"
+ if test "$db_cv_build_sequence" = "yes" -a\
+ "$ac_cv_sizeof_long" -eq "8"; then
+- db_cv_seq_type="long"
++ db_cv_seq_type="int64_t"
+ db_cv_seq_fmt='"%ld"'
+ db_cv_seq_ufmt='"%lu"'
+ INT64_FMT='#define INT64_FMT "%ld"'
+ UINT64_FMT='#define UINT64_FMT "%lu"'
+ else if test "$db_cv_build_sequence" = "yes" -a\
+ "$ac_cv_sizeof_long_long" -eq "8"; then
+- db_cv_seq_type="long long"
++ db_cv_seq_type="int64_t"
+ db_cv_seq_fmt='"%lld"'
+ db_cv_seq_ufmt='"%llu"'
+ INT64_FMT='#define INT64_FMT "%lld"'
+@@ -38,44 +38,7 @@ AC_DEFUN(AM_SEQUENCE_CONFIGURE, [
+ fi
+ fi
+
+- # Test to see if we can declare variables of the appropriate size
+- # and format them. If we're cross-compiling, all we get is a link
+- # test, which won't test for the appropriate printf format strings.
+- if test "$db_cv_build_sequence" = "yes"; then
+- AC_TRY_RUN([
+- main() {
+- $db_cv_seq_type l;
+- unsigned $db_cv_seq_type u;
+- char buf@<:@100@:>@;
+-
+- buf@<:@0@:>@ = 'a';
+- l = 9223372036854775807LL;
+- (void)snprintf(buf, sizeof(buf), $db_cv_seq_fmt, l);
+- if (strcmp(buf, "9223372036854775807"))
+- return (1);
+- u = 18446744073709551615ULL;
+- (void)snprintf(buf, sizeof(buf), $db_cv_seq_ufmt, u);
+- if (strcmp(buf, "18446744073709551615"))
+- return (1);
+- return (0);
+- }],, [db_cv_build_sequence="no"],
+- AC_TRY_LINK(,[
+- $db_cv_seq_type l;
+- unsigned $db_cv_seq_type u;
+- char buf@<:@100@:>@;
+-
+- buf@<:@0@:>@ = 'a';
+- l = 9223372036854775807LL;
+- (void)snprintf(buf, sizeof(buf), $db_cv_seq_fmt, l);
+- if (strcmp(buf, "9223372036854775807"))
+- return (1);
+- u = 18446744073709551615ULL;
+- (void)snprintf(buf, sizeof(buf), $db_cv_seq_ufmt, u);
+- if (strcmp(buf, "18446744073709551615"))
+- return (1);
+- return (0);
+- ],, [db_cv_build_sequence="no"]))
+- fi
++ db_cv_build_sequence="yes"
+ if test "$db_cv_build_sequence" = "yes"; then
+ AC_SUBST(db_seq_decl)
+ db_seq_decl="typedef $db_cv_seq_type db_seq_t;";
--- /dev/null
+From a3569f118fd95b7ad41e1a1128e17c0b8928556d Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sun, 20 Jan 2019 18:30:23 -0800
+Subject: [PATCH] Fix libc++ compatibility by renaming atomic_init API
+
+db5 does not build because it is redefining a C++11 standard
+library identifier, atomic_init(). Therefore prefix all
+its internal defines with '__db_', to avoid collisions.
+
+Upstream-Status: Inappropriate [as far as open source community is concerned, upstream is dead]
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/dbinc/atomic.h | 4 ++--
+ src/mp/mp_fget.c | 4 ++--
+ src/mp/mp_mvcc.c | 4 ++--
+ src/mp/mp_region.c | 4 ++--
+ src/mutex/mut_method.c | 2 +-
+ src/mutex/mut_tas.c | 4 ++--
+ 6 files changed, 11 insertions(+), 11 deletions(-)
+
+--- a/src/dbinc/atomic.h
++++ b/src/dbinc/atomic.h
+@@ -70,7 +70,7 @@ typedef struct {
+ * These have no memory barriers; the caller must include them when necessary.
+ */
+ #define atomic_read(p) ((p)->value)
+-#define atomic_init(p, val) ((p)->value = (val))
++#define __db_atomic_init(p, val) ((p)->value = (val))
+
+ #ifdef HAVE_ATOMIC_SUPPORT
+
+@@ -206,7 +206,7 @@ static inline int __db_atomic_compare_ex
+ #define atomic_dec(env, p) (--(p)->value)
+ #define atomic_compare_exchange(env, p, oldval, newval) \
+ (DB_ASSERT(env, atomic_read(p) == (oldval)), \
+- atomic_init(p, (newval)), 1)
++ __db_atomic_init(p, (newval)), 1)
+ #else
+ #define atomic_inc(env, p) __atomic_inc(env, p)
+ #define atomic_dec(env, p) __atomic_dec(env, p)
+--- a/src/mp/mp_fget.c
++++ b/src/mp/mp_fget.c
+@@ -649,7 +649,7 @@ alloc: /* Allocate a new buffer header
+
+ /* Initialize enough so we can call __memp_bhfree. */
+ alloc_bhp->flags = 0;
+- atomic_init(&alloc_bhp->ref, 1);
++ __db_atomic_init(&alloc_bhp->ref, 1);
+ #ifdef DIAGNOSTIC
+ if ((uintptr_t)alloc_bhp->buf & (sizeof(size_t) - 1)) {
+ __db_errx(env, DB_STR("3025",
+@@ -955,7 +955,7 @@ alloc: /* Allocate a new buffer header
+ MVCC_MPROTECT(bhp->buf, mfp->pagesize,
+ PROT_READ);
+
+- atomic_init(&alloc_bhp->ref, 1);
++ __db_atomic_init(&alloc_bhp->ref, 1);
+ MUTEX_LOCK(env, alloc_bhp->mtx_buf);
+ alloc_bhp->priority = bhp->priority;
+ alloc_bhp->pgno = bhp->pgno;
+--- a/src/mp/mp_mvcc.c
++++ b/src/mp/mp_mvcc.c
+@@ -276,7 +276,7 @@ __memp_bh_freeze(dbmp, infop, hp, bhp, n
+ #else
+ memcpy(frozen_bhp, bhp, SSZA(BH, buf));
+ #endif
+- atomic_init(&frozen_bhp->ref, 0);
++ __db_atomic_init(&frozen_bhp->ref, 0);
+ if (mutex != MUTEX_INVALID)
+ frozen_bhp->mtx_buf = mutex;
+ else if ((ret = __mutex_alloc(env, MTX_MPOOL_BH,
+@@ -428,7 +428,7 @@ __memp_bh_thaw(dbmp, infop, hp, frozen_b
+ #endif
+ alloc_bhp->mtx_buf = mutex;
+ MUTEX_LOCK(env, alloc_bhp->mtx_buf);
+- atomic_init(&alloc_bhp->ref, 1);
++ __db_atomic_init(&alloc_bhp->ref, 1);
+ F_CLR(alloc_bhp, BH_FROZEN);
+ }
+
+--- a/src/mp/mp_region.c
++++ b/src/mp/mp_region.c
+@@ -245,7 +245,7 @@ __memp_init(env, dbmp, reginfo_off, htab
+ MTX_MPOOL_FILE_BUCKET, 0, &htab[i].mtx_hash)) != 0)
+ return (ret);
+ SH_TAILQ_INIT(&htab[i].hash_bucket);
+- atomic_init(&htab[i].hash_page_dirty, 0);
++ __db_atomic_init(&htab[i].hash_page_dirty, 0);
+ }
+
+ /*
+@@ -302,7 +302,7 @@ no_prealloc:
+ } else
+ hp->mtx_hash = mtx_base + (i % dbenv->mp_mtxcount);
+ SH_TAILQ_INIT(&hp->hash_bucket);
+- atomic_init(&hp->hash_page_dirty, 0);
++ __db_atomic_init(&hp->hash_page_dirty, 0);
+ #ifdef HAVE_STATISTICS
+ hp->hash_io_wait = 0;
+ hp->hash_frozen = hp->hash_thawed = hp->hash_frozen_freed = 0;
+--- a/src/mutex/mut_method.c
++++ b/src/mutex/mut_method.c
+@@ -474,7 +474,7 @@ atomic_compare_exchange(env, v, oldval,
+ MUTEX_LOCK(env, mtx);
+ ret = atomic_read(v) == oldval;
+ if (ret)
+- atomic_init(v, newval);
++ __db_atomic_init(v, newval);
+ MUTEX_UNLOCK(env, mtx);
+
+ return (ret);
+--- a/src/mutex/mut_tas.c
++++ b/src/mutex/mut_tas.c
+@@ -47,7 +47,7 @@ __db_tas_mutex_init(env, mutex, flags)
+
+ #ifdef HAVE_SHARED_LATCHES
+ if (F_ISSET(mutexp, DB_MUTEX_SHARED))
+- atomic_init(&mutexp->sharecount, 0);
++ __db_atomic_init(&mutexp->sharecount, 0);
+ else
+ #endif
+ if (MUTEX_INIT(&mutexp->tas)) {
+@@ -536,7 +536,7 @@ __db_tas_mutex_unlock(env, mutex)
+ F_CLR(mutexp, DB_MUTEX_LOCKED);
+ /* Flush flag update before zeroing count */
+ MEMBAR_EXIT();
+- atomic_init(&mutexp->sharecount, 0);
++ __db_atomic_init(&mutexp->sharecount, 0);
+ } else {
+ DB_ASSERT(env, sharecount > 0);
+ MEMBAR_EXIT();
--- /dev/null
+From 96b303caf70a7635953c36e5bfb9ad6e75cb7637 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 14 Feb 2020 14:12:59 -0800
+Subject: [PATCH] clock: Do not define own timespec
+
+timespec is provided by libc and its best left to libc
+os_gettime takes a db_timespec and passed its address to clock_gettime
+which assumes that db_timespec and timespec are same but actually
+its 12-bytes here and libc has 16-bytes
+
+This can cause problems especially with 64bit time_t
+
+Upstream-Status: Inappropriate [as far as open source community is concerned, upstream is dead]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/dbinc/clock.h | 17 +----------------
+ 1 file changed, 1 insertion(+), 16 deletions(-)
+
+--- a/src/dbinc/clock.h
++++ b/src/dbinc/clock.h
+@@ -44,22 +44,8 @@
+ extern "C" {
+ #endif
+
+-/*
+- * This declaration is POSIX-compatible. Because there are lots of different
+- * time.h include file patterns out there, it's easier to declare our own name
+- * in all cases than to try and discover if a system has a struct timespec.
+- * For the same reason, and because we'd have to #include <sys/time.h> in db.h,
+- * we don't export any timespec structures in the DB API, even in places where
+- * it would make sense, like the replication statistics information.
+- */
+-typedef struct {
+- time_t tv_sec; /* seconds */
+-#ifdef HAVE_MIXED_SIZE_ADDRESSING
+- int32_t tv_nsec;
+-#else
+- long tv_nsec; /* nanoseconds */
+-#endif
+-} db_timespec;
++#include <time.h>
++#define db_timespec struct timespec
+
+ /* Operations on timespecs */
+ #undef timespecclear
--- /dev/null
+--- a/src/mp/mp_stat.c
++++ b/src/mp/mp_stat.c
+@@ -87,6 +87,13 @@ __memp_stat(env, gspp, fspp, flags)
+ u_int32_t i;
+ uintmax_t tmp_wait, tmp_nowait;
+
++ /*
++ * The array holding the lengths related to the buffer allocated for *fspp.
++ * The first element of the array holds the number of entries allocated.
++ * The second element of the array holds the total number of bytes allocated.
++ */
++ u_int32_t fsp_len[2];
++
+ dbmp = env->mp_handle;
+ mp = dbmp->reginfo[0].primary;
+
+@@ -193,32 +200,53 @@ __memp_stat(env, gspp, fspp, flags)
+ if (fspp != NULL) {
+ *fspp = NULL;
+
+- /* Count the MPOOLFILE structures. */
+- i = 0;
+- len = 0;
+- if ((ret = __memp_walk_files(env,
+- mp, __memp_count_files, &len, &i, flags)) != 0)
+- return (ret);
+-
+- if (i == 0)
+- return (0);
+- len += sizeof(DB_MPOOL_FSTAT *); /* Trailing NULL */
++ while (*fspp == NULL) {
++ /* Count the MPOOLFILE structures. */
++ i = 0;
++ /*
++ * Allow space for the first __memp_get_files() to align the
++ * structure array to uintmax_t, DB_MPOOL_STAT's most
++ * restrictive field. [#23150]
++ */
++ len = sizeof(uintmax_t);
++ if ((ret = __memp_walk_files(env,
++ mp, __memp_count_files, &len, &i, flags)) != 0)
++ return (ret);
++
++ if (i == 0)
++ return (0);
++
++ /*
++ * Copy the number of DB_MPOOL_FSTAT entries and the number of
++ * bytes allocated for them into fsp_len. Do not count the space
++ * reserved for allignment.
++ */
++ fsp_len[0] = i;
++ fsp_len[1] = len - sizeof(uintmax_t);
+
+- /* Allocate space */
+- if ((ret = __os_umalloc(env, len, fspp)) != 0)
+- return (ret);
++ len += sizeof(DB_MPOOL_FSTAT *); /* Trailing NULL */
+
+- tfsp = *fspp;
+- *tfsp = NULL;
++ /* Allocate space */
++ if ((ret = __os_umalloc(env, len, fspp)) != 0)
++ return (ret);
+
+- /*
+- * Files may have been opened since we counted, don't walk
+- * off the end of the allocated space.
+- */
+- if ((ret = __memp_walk_files(env,
+- mp, __memp_get_files, &tfsp, &i, flags)) != 0)
+- return (ret);
++ tfsp = *fspp;
++ *tfsp = NULL;
+
++ /*
++ * Files may have been opened since we counted, if we walk off
++ * the end of the allocated space specified in fsp_len, retry.
++ */
++ if ((ret = __memp_walk_files(env,
++ mp, __memp_get_files, &tfsp, fsp_len, flags)) != 0) {
++ if (ret == DB_BUFFER_SMALL) {
++ __os_ufree(env, *fspp);
++ *fspp = NULL;
++ tfsp = NULL;
++ } else
++ return (ret);
++ }
++ }
+ *++tfsp = NULL;
+ }
+
+@@ -286,28 +314,35 @@ __memp_count_files(env, mfp, argp, count
+ * for the text file names.
+ */
+ static int
+-__memp_get_files(env, mfp, argp, countp, flags)
++__memp_get_files(env, mfp, argp, fsp_len, flags)
+ ENV *env;
+ MPOOLFILE *mfp;
+ void *argp;
+- u_int32_t *countp;
++ u_int32_t fsp_len[];
+ u_int32_t flags;
+ {
+ DB_MPOOL *dbmp;
+ DB_MPOOL_FSTAT **tfsp, *tstruct;
+ char *name, *tname;
+- size_t nlen;
++ size_t nlen, tlen;
+
+- if (*countp == 0)
+- return (0);
++ /* We walked through more files than argp was allocated for. */
++ if (fsp_len[0] == 0)
++ return DB_BUFFER_SMALL;
+
+ dbmp = env->mp_handle;
+ tfsp = *(DB_MPOOL_FSTAT ***)argp;
+
+ if (*tfsp == NULL) {
+- /* Add 1 to count because we need to skip over the NULL. */
+- tstruct = (DB_MPOOL_FSTAT *)(tfsp + *countp + 1);
+- tname = (char *)(tstruct + *countp);
++ /*
++ * Add 1 to count because to skip over the NULL end marker.
++ * Align it further for DB_MPOOL_STAT's most restrictive field
++ * because uintmax_t might require stricter alignment than
++ * pointers; e.g., IP32 LL64 SPARC. [#23150]
++ */
++ tstruct = (DB_MPOOL_FSTAT *)&tfsp[fsp_len[0] + 1];
++ tstruct = ALIGNP_INC(tstruct, sizeof(uintmax_t));
++ tname = (char *)&tstruct[fsp_len[0]];
+ *tfsp = tstruct;
+ } else {
+ tstruct = *tfsp + 1;
+@@ -317,6 +352,15 @@ __memp_get_files(env, mfp, argp, countp,
+
+ name = __memp_fns(dbmp, mfp);
+ nlen = strlen(name) + 1;
++
++ /* The space required for file names is larger than argp was allocated for. */
++ tlen = sizeof(DB_MPOOL_FSTAT *) + sizeof(DB_MPOOL_FSTAT) + nlen;
++ if (fsp_len[1] < tlen)
++ return DB_BUFFER_SMALL;
++ else
++ /* Count down the number of bytes left in argp. */
++ fsp_len[1] -= tlen;
++
+ memcpy(tname, name, nlen);
+ memcpy(tstruct, &mfp->stat, sizeof(mfp->stat));
+ tstruct->file_name = tname;
+@@ -325,7 +369,9 @@ __memp_get_files(env, mfp, argp, countp,
+ tstruct->st_pagesize = mfp->pagesize;
+
+ *(DB_MPOOL_FSTAT ***)argp = tfsp;
+- (*countp)--;
++
++ /* Count down the number of entries left in argp. */
++ fsp_len[0]--;
+
+ if (LF_ISSET(DB_STAT_CLEAR))
+ memset(&mfp->stat, 0, sizeof(mfp->stat));
+--- a/src/mp/mp_sync.c
++++ b/src/mp/mp_sync.c
+@@ -57,11 +57,13 @@ __memp_walk_files(env, mp, func, arg, co
+ if ((t_ret = func(env,
+ mfp, arg, countp, flags)) != 0 && ret == 0)
+ ret = t_ret;
+- if (ret != 0 && !LF_ISSET(DB_STAT_MEMP_NOERROR))
++ if (ret != 0 &&
++ (!LF_ISSET(DB_STAT_MEMP_NOERROR) || ret == DB_BUFFER_SMALL))
+ break;
+ }
+ MUTEX_UNLOCK(env, hp->mtx_hash);
+- if (ret != 0 && !LF_ISSET(DB_STAT_MEMP_NOERROR))
++ if (ret != 0 &&
++ (!LF_ISSET(DB_STAT_MEMP_NOERROR) || ret == DB_BUFFER_SMALL))
+ break;
+ }
+ return (ret);
--- /dev/null
+--- a/src/dbinc_auto/int_def.in
++++ b/src/dbinc_auto/int_def.in
+@@ -1373,6 +1373,7 @@
+ #define __memp_pgread __memp_pgread@DB_VERSION_UNIQUE_NAME@
+ #define __memp_pg __memp_pg@DB_VERSION_UNIQUE_NAME@
+ #define __memp_bhfree __memp_bhfree@DB_VERSION_UNIQUE_NAME@
++#define __memp_bh_clear_dirty __memp_bh_clear_dirty@DB_VERSION_UNIQUE_NAME@
+ #define __memp_fget_pp __memp_fget_pp@DB_VERSION_UNIQUE_NAME@
+ #define __memp_fget __memp_fget@DB_VERSION_UNIQUE_NAME@
+ #define __memp_fcreate_pp __memp_fcreate_pp@DB_VERSION_UNIQUE_NAME@
+@@ -1397,6 +1398,7 @@
+ #define __memp_fclose __memp_fclose@DB_VERSION_UNIQUE_NAME@
+ #define __memp_mf_discard __memp_mf_discard@DB_VERSION_UNIQUE_NAME@
+ #define __memp_inmemlist __memp_inmemlist@DB_VERSION_UNIQUE_NAME@
++#define __memp_mf_mark_dead __memp_mf_mark_dead@DB_VERSION_UNIQUE_NAME@
+ #define __memp_fput_pp __memp_fput_pp@DB_VERSION_UNIQUE_NAME@
+ #define __memp_fput __memp_fput@DB_VERSION_UNIQUE_NAME@
+ #define __memp_unpin_buffers __memp_unpin_buffers@DB_VERSION_UNIQUE_NAME@
+@@ -1455,6 +1457,7 @@
+ #define __mp_xxx_fh __mp_xxx_fh@DB_VERSION_UNIQUE_NAME@
+ #define __memp_sync_int __memp_sync_int@DB_VERSION_UNIQUE_NAME@
+ #define __memp_mf_sync __memp_mf_sync@DB_VERSION_UNIQUE_NAME@
++#define __memp_purge_dead_files __memp_purge_dead_files@DB_VERSION_UNIQUE_NAME@
+ #define __memp_trickle_pp __memp_trickle_pp@DB_VERSION_UNIQUE_NAME@
+ #define __mutex_alloc __mutex_alloc@DB_VERSION_UNIQUE_NAME@
+ #define __mutex_alloc_int __mutex_alloc_int@DB_VERSION_UNIQUE_NAME@
+--- a/src/dbinc_auto/mp_ext.h
++++ b/src/dbinc_auto/mp_ext.h
+@@ -16,6 +16,7 @@ int __memp_bhwrite __P((DB_MPOOL *, DB_M
+ int __memp_pgread __P((DB_MPOOLFILE *, BH *, int));
+ int __memp_pg __P((DB_MPOOLFILE *, db_pgno_t, void *, int));
+ int __memp_bhfree __P((DB_MPOOL *, REGINFO *, MPOOLFILE *, DB_MPOOL_HASH *, BH *, u_int32_t));
++void __memp_bh_clear_dirty __P((ENV*, DB_MPOOL_HASH *, BH *));
+ int __memp_fget_pp __P((DB_MPOOLFILE *, db_pgno_t *, DB_TXN *, u_int32_t, void *));
+ int __memp_fget __P((DB_MPOOLFILE *, db_pgno_t *, DB_THREAD_INFO *, DB_TXN *, u_int32_t, void *));
+ int __memp_fcreate_pp __P((DB_ENV *, DB_MPOOLFILE **, u_int32_t));
+@@ -40,6 +41,7 @@ int __memp_fclose_pp __P((DB_MPOOLFILE *
+ int __memp_fclose __P((DB_MPOOLFILE *, u_int32_t));
+ int __memp_mf_discard __P((DB_MPOOL *, MPOOLFILE *, int));
+ int __memp_inmemlist __P((ENV *, char ***, int *));
++void __memp_mf_mark_dead __P((DB_MPOOL *, MPOOLFILE *, int*));
+ int __memp_fput_pp __P((DB_MPOOLFILE *, void *, DB_CACHE_PRIORITY, u_int32_t));
+ int __memp_fput __P((DB_MPOOLFILE *, DB_THREAD_INFO *, void *, DB_CACHE_PRIORITY));
+ int __memp_unpin_buffers __P((ENV *, DB_THREAD_INFO *));
+@@ -98,6 +100,7 @@ int __memp_fsync __P((DB_MPOOLFILE *));
+ int __mp_xxx_fh __P((DB_MPOOLFILE *, DB_FH **));
+ int __memp_sync_int __P((ENV *, DB_MPOOLFILE *, u_int32_t, u_int32_t, u_int32_t *, int *));
+ int __memp_mf_sync __P((DB_MPOOL *, MPOOLFILE *, int));
++int __memp_purge_dead_files __P((ENV *));
+ int __memp_trickle_pp __P((DB_ENV *, int, int *));
+
+ #if defined(__cplusplus)
+--- a/src/mp/mp_bh.c
++++ b/src/mp/mp_bh.c
+@@ -474,11 +474,8 @@ file_dead:
+ if (F_ISSET(bhp, BH_DIRTY | BH_TRASH)) {
+ MUTEX_LOCK(env, hp->mtx_hash);
+ DB_ASSERT(env, !SH_CHAIN_HASNEXT(bhp, vc));
+- if (ret == 0 && F_ISSET(bhp, BH_DIRTY)) {
+- F_CLR(bhp, BH_DIRTY | BH_DIRTY_CREATE);
+- DB_ASSERT(env, atomic_read(&hp->hash_page_dirty) > 0);
+- atomic_dec(env, &hp->hash_page_dirty);
+- }
++ if (ret == 0)
++ __memp_bh_clear_dirty(env, hp, bhp);
+
+ /* put the page back if necessary. */
+ if ((ret != 0 || BH_REFCOUNT(bhp) > 1) &&
+@@ -688,3 +685,29 @@ no_hp: if (mfp != NULL)
+
+ return (ret);
+ }
++
++/*
++ * __memp_bh_clear_dirty --
++ * Clear the dirty flag of of a buffer. Calls on the same buffer must be
++ * serialized to get the accounting correct. This can be achieved by
++ * acquiring an exclusive lock on the buffer, a shared lock on the
++ * buffer plus an exclusive lock on the hash bucket, or some other
++ * mechanism that guarantees single-thread access to the entire region
++ * (e.g. during __memp_region_bhfree()).
++ *
++ * PUBLIC: void __memp_bh_clear_dirty __P((ENV*, DB_MPOOL_HASH *, BH *));
++ */
++void
++__memp_bh_clear_dirty(env, hp, bhp)
++ ENV *env;
++ DB_MPOOL_HASH *hp;
++ BH *bhp;
++{
++ COMPQUIET(env, env);
++ if (F_ISSET(bhp, BH_DIRTY)) {
++ F_CLR(bhp, BH_DIRTY | BH_DIRTY_CREATE);
++ DB_ASSERT(env, atomic_read(&hp->hash_page_dirty) > 0);
++ (void)atomic_dec(env, &hp->hash_page_dirty);
++ }
++}
++
+--- a/src/mp/mp_fget.c
++++ b/src/mp/mp_fget.c
+@@ -439,12 +439,7 @@ thawed: need_free = (atomic_dec(env, &
+ if (flags == DB_MPOOL_FREE) {
+ freebuf: MUTEX_LOCK(env, hp->mtx_hash);
+ h_locked = 1;
+- if (F_ISSET(bhp, BH_DIRTY)) {
+- F_CLR(bhp, BH_DIRTY | BH_DIRTY_CREATE);
+- DB_ASSERT(env,
+- atomic_read(&hp->hash_page_dirty) > 0);
+- atomic_dec(env, &hp->hash_page_dirty);
+- }
++ __memp_bh_clear_dirty(env, hp, bhp);
+
+ /*
+ * If the buffer we found is already freed, we're done.
+--- a/src/mp/mp_fopen.c
++++ b/src/mp/mp_fopen.c
+@@ -14,6 +14,7 @@
+ #include "dbinc/db_page.h"
+ #include "dbinc/hash.h"
+
++static int __memp_count_dead_mutex __P((DB_MPOOL *, u_int32_t *));
+ static int __memp_mpf_alloc __P((DB_MPOOL *,
+ DB_MPOOLFILE *, const char *, u_int32_t, u_int32_t, MPOOLFILE **));
+ static int __memp_mpf_find __P((ENV *,
+@@ -711,7 +712,11 @@ __memp_mpf_find(env, dbmfp, hp, path, fl
+ */
+ if (LF_ISSET(DB_TRUNCATE)) {
+ MUTEX_LOCK(env, mfp->mutex);
+- mfp->deadfile = 1;
++ /*
++ * We cannot purge dead files here, because the caller
++ * is holding the mutex of the hash bucket of mfp.
++ */
++ __memp_mf_mark_dead(dbmp, mfp, NULL);
+ MUTEX_UNLOCK(env, mfp->mutex);
+ continue;
+ }
+@@ -909,10 +914,11 @@ __memp_fclose(dbmfp, flags)
+ MPOOLFILE *mfp;
+ char *rpath;
+ u_int32_t ref;
+- int deleted, ret, t_ret;
++ int deleted, purge_dead, ret, t_ret;
+
+ env = dbmfp->env;
+ dbmp = env->mp_handle;
++ purge_dead = 0;
+ ret = 0;
+
+ /*
+@@ -1006,7 +1012,7 @@ __memp_fclose(dbmfp, flags)
+ if (--mfp->mpf_cnt == 0 || LF_ISSET(DB_MPOOL_DISCARD)) {
+ if (LF_ISSET(DB_MPOOL_DISCARD) ||
+ F_ISSET(mfp, MP_TEMP) || mfp->unlink_on_close) {
+- mfp->deadfile = 1;
++ __memp_mf_mark_dead(dbmp, mfp, &purge_dead);
+ }
+ if (mfp->unlink_on_close) {
+ if ((t_ret = __db_appname(dbmp->env, DB_APP_DATA,
+@@ -1039,6 +1045,8 @@ __memp_fclose(dbmfp, flags)
+ }
+ if (!deleted && !LF_ISSET(DB_MPOOL_NOLOCK))
+ MUTEX_UNLOCK(env, mfp->mutex);
++ if (purge_dead)
++ (void)__memp_purge_dead_files(env);
+
+ done: /* Discard the DB_MPOOLFILE structure. */
+ if (dbmfp->pgcookie != NULL) {
+@@ -1093,7 +1101,7 @@ __memp_mf_discard(dbmp, mfp, hp_locked)
+ * mutex so we don't deadlock. Make sure nobody ever looks at this
+ * structure again.
+ */
+- mfp->deadfile = 1;
++ __memp_mf_mark_dead(dbmp, mfp, NULL);
+
+ /* Discard the mutex we're holding and return it too the pool. */
+ MUTEX_UNLOCK(env, mfp->mutex);
+@@ -1218,3 +1226,104 @@ nomem: MUTEX_UNLOCK(env, hp->mtx_hash);
+ *namesp = NULL;
+ return (ret);
+ }
++
++/*
++ * __memp_mf_mark_dead --
++ * Mark an MPOOLFILE as dead because its contents are no longer necessary.
++ * This happens when removing, truncation, or closing an unnamed in-memory
++ * database. Return, in the purgep parameter, whether the caller should
++ * call __memp_purge_dead_files() after the lock on mfp is released. The
++ * caller must hold an exclusive lock on the mfp handle.
++ *
++ * PUBLIC: void __memp_mf_mark_dead __P((DB_MPOOL *, MPOOLFILE *, int*));
++ */
++void
++__memp_mf_mark_dead(dbmp, mfp, purgep)
++ DB_MPOOL *dbmp;
++ MPOOLFILE *mfp;
++ int *purgep;
++{
++ ENV *env;
++#ifdef HAVE_MUTEX_SUPPORT
++ REGINFO *infop;
++ DB_MUTEXREGION *mtxregion;
++ u_int32_t mutex_max, mutex_inuse, dead_mutex;
++#endif
++
++ if (purgep != NULL)
++ *purgep = 0;
++
++ env = dbmp->env;
++
++#ifdef HAVE_MUTEX_SUPPORT
++ MUTEX_REQUIRED(env, mfp->mutex);
++
++ if (MUTEX_ON(env) && mfp->deadfile == 0) {
++ infop = &env->mutex_handle->reginfo;
++ mtxregion = infop->primary;
++
++ mutex_inuse = mtxregion->stat.st_mutex_inuse;
++ if ((mutex_max = env->dbenv->mutex_max) == 0)
++ mutex_max = infop->rp->max / mtxregion->mutex_size;
++
++ /*
++ * Purging dead pages requires a full scan of the entire cache
++ * buffer, so it is a slow operation. We only want to do it
++ * when it is necessary and provides enough benefits. Below is
++ * a simple heuristic that determines when to purge all dead
++ * pages.
++ */
++ if (purgep != NULL && mutex_inuse > mutex_max - 200) {
++ /*
++ * If the mutex region is almost full and there are
++ * many mutexes held by dead files, purge dead files.
++ */
++ (void)__memp_count_dead_mutex(dbmp, &dead_mutex);
++ dead_mutex += mfp->block_cnt + 1;
++
++ if (dead_mutex > mutex_inuse / 20)
++ *purgep = 1;
++ }
++ }
++#endif
++
++ mfp->deadfile = 1;
++}
++
++/*
++ * __memp_count_dead_mutex --
++ * Estimate the number of mutexes held by dead files.
++ */
++static int
++__memp_count_dead_mutex(dbmp, dead_mutex)
++ DB_MPOOL *dbmp;
++ u_int32_t *dead_mutex;
++{
++ ENV *env;
++ DB_MPOOL_HASH *hp;
++ MPOOL *mp;
++ MPOOLFILE *mfp;
++ u_int32_t mutex_per_file;
++ int busy, i;
++
++ env = dbmp->env;
++ *dead_mutex = 0;
++ mutex_per_file = 1;
++#ifndef HAVE_ATOMICFILEREAD
++ mutex_per_file = 2;
++#endif
++ mp = dbmp->reginfo[0].primary;
++ hp = R_ADDR(dbmp->reginfo, mp->ftab);
++ for (i = 0; i < MPOOL_FILE_BUCKETS; i++, hp++) {
++ busy = MUTEX_TRYLOCK(env, hp->mtx_hash);
++ if (busy)
++ continue;
++ SH_TAILQ_FOREACH(mfp, &hp->hash_bucket, q, __mpoolfile) {
++ if (mfp->deadfile)
++ *dead_mutex += mfp->block_cnt + mutex_per_file;
++ }
++ MUTEX_UNLOCK(env, hp->mtx_hash);
++ }
++
++ return (0);
++}
+--- a/src/mp/mp_method.c
++++ b/src/mp/mp_method.c
+@@ -640,7 +640,7 @@ __memp_nameop(env, fileid, newname, full
+ MPOOLFILE *mfp;
+ roff_t newname_off;
+ u_int32_t bucket;
+- int locked, ret;
++ int locked, purge_dead, ret;
+ size_t nlen;
+ void *p;
+
+@@ -657,6 +657,7 @@ __memp_nameop(env, fileid, newname, full
+ nhp = NULL;
+ p = NULL;
+ locked = ret = 0;
++ purge_dead = 0;
+
+ if (!MPOOL_ON(env))
+ goto fsop;
+@@ -749,7 +750,7 @@ __memp_nameop(env, fileid, newname, full
+ */
+ if (mfp->no_backing_file)
+ mfp->mpf_cnt--;
+- mfp->deadfile = 1;
++ __memp_mf_mark_dead(dbmp, mfp, &purge_dead);
+ MUTEX_UNLOCK(env, mfp->mutex);
+ } else {
+ /*
+@@ -808,6 +809,12 @@ err: if (p != NULL) {
+ if (nhp != NULL && nhp != hp)
+ MUTEX_UNLOCK(env, nhp->mtx_hash);
+ }
++ /*
++ * __memp_purge_dead_files() must be called when the hash bucket is
++ * unlocked.
++ */
++ if (purge_dead)
++ (void)__memp_purge_dead_files(env);
+ return (ret);
+ }
+
+--- a/src/mp/mp_sync.c
++++ b/src/mp/mp_sync.c
+@@ -26,6 +26,7 @@ static int __memp_close_flush_files __P(
+ static int __memp_sync_files __P((ENV *));
+ static int __memp_sync_file __P((ENV *,
+ MPOOLFILE *, void *, u_int32_t *, u_int32_t));
++static inline void __update_err_ret(int, int*);
+
+ /*
+ * __memp_walk_files --
+@@ -965,3 +966,123 @@ __bhcmp(p1, p2)
+ return (1);
+ return (0);
+ }
++
++/*
++ * __memp_purge_dead_files --
++ * Remove all dead files and their buffers from the mpool. The caller
++ * cannot hold any lock on the dead MPOOLFILE handles, their buffers
++ * or their hash buckets.
++ *
++ * PUBLIC: int __memp_purge_dead_files __P((ENV *));
++ */
++int
++__memp_purge_dead_files(env)
++ ENV *env;
++{
++ BH *bhp;
++ DB_MPOOL *dbmp;
++ DB_MPOOL_HASH *hp, *hp_end;
++ REGINFO *infop;
++ MPOOL *c_mp, *mp;
++ MPOOLFILE *mfp;
++ u_int32_t i_cache;
++ int ret, t_ret, h_lock;
++
++ if (!MPOOL_ON(env))
++ return (0);
++
++ dbmp = env->mp_handle;
++ mp = dbmp->reginfo[0].primary;
++ ret = t_ret = h_lock = 0;
++
++ /*
++ * Walk each cache's list of buffers and free all buffers whose
++ * MPOOLFILE is marked as dead.
++ */
++ for (i_cache = 0; i_cache < mp->nreg; i_cache++) {
++ infop = &dbmp->reginfo[i_cache];
++ c_mp = infop->primary;
++
++ hp = R_ADDR(infop, c_mp->htab);
++ hp_end = &hp[c_mp->htab_buckets];
++ for (; hp < hp_end; hp++) {
++ /* Skip empty buckets. */
++ if (SH_TAILQ_FIRST(&hp->hash_bucket, __bh) == NULL)
++ continue;
++
++ /*
++ * Search for a dead buffer. Other places that call
++ * __memp_bhfree() acquire the buffer lock before the
++ * hash bucket lock. Even though we acquire the two
++ * locks in reverse order, we cannot deadlock here
++ * because we don't block waiting for the locks.
++ */
++ t_ret = MUTEX_TRYLOCK(env, hp->mtx_hash);
++ if (t_ret != 0) {
++ __update_err_ret(t_ret, &ret);
++ continue;
++ }
++ h_lock = 1;
++ SH_TAILQ_FOREACH(bhp, &hp->hash_bucket, hq, __bh) {
++ /* Skip buffers that are being used. */
++ if (BH_REFCOUNT(bhp) > 0)
++ continue;
++
++ mfp = R_ADDR(dbmp->reginfo, bhp->mf_offset);
++ if (!mfp->deadfile)
++ continue;
++
++ /* Found a dead buffer. Prepare to free it. */
++ t_ret = MUTEX_TRYLOCK(env, bhp->mtx_buf);
++ if (t_ret != 0) {
++ __update_err_ret(t_ret, &ret);
++ continue;
++ }
++
++ DB_ASSERT(env, (!F_ISSET(bhp, BH_EXCLUSIVE) &&
++ BH_REFCOUNT(bhp) == 0));
++ F_SET(bhp, BH_EXCLUSIVE);
++ (void)atomic_inc(env, &bhp->ref);
++
++ __memp_bh_clear_dirty(env, hp, bhp);
++
++ /*
++ * Free the buffer. The buffer and hash bucket
++ * are unlocked by __memp_bhfree.
++ */
++ if ((t_ret = __memp_bhfree(dbmp, infop, mfp,
++ hp, bhp, BH_FREE_FREEMEM)) == 0)
++ /*
++ * Decrement hp, so the next turn will
++ * search the same bucket again.
++ */
++ hp--;
++ else
++ __update_err_ret(t_ret, &ret);
++
++ /*
++ * The hash bucket is unlocked, we need to
++ * start over again.
++ */
++ h_lock = 0;
++ break;
++ }
++
++ if (h_lock) {
++ MUTEX_UNLOCK(env, hp->mtx_hash);
++ h_lock = 0;
++ }
++ }
++ }
++
++ return (ret);
++}
++
++static inline void
++__update_err_ret(t_ret, retp)
++ int t_ret;
++ int *retp;
++{
++ if (t_ret != 0 && t_ret != DB_LOCK_NOTGRANTED && *retp == 0)
++ *retp = t_ret;
++}
+--- a/src/mp/mp_trickle.c
++++ b/src/mp/mp_trickle.c
+@@ -67,6 +67,10 @@ __memp_trickle(env, pct, nwrotep)
+ return (EINVAL);
+ }
+
++ /* First we purge all dead files and their buffers. */
++ if ((ret = __memp_purge_dead_files(env)) != 0)
++ return (ret);
++
+ /*
+ * Loop through the caches counting total/dirty buffers.
+ *
+--- a/src/mutex/mut_region.c
++++ b/src/mutex/mut_region.c
+@@ -17,7 +17,7 @@
+ static db_size_t __mutex_align_size __P((ENV *));
+ static int __mutex_region_init __P((ENV *, DB_MUTEXMGR *));
+ static size_t __mutex_region_size __P((ENV *));
+-static size_t __mutex_region_max __P((ENV *));
++static size_t __mutex_region_max __P((ENV *, u_int32_t));
+
+ /*
+ * __mutex_open --
+@@ -34,7 +34,7 @@ __mutex_open(env, create_ok)
+ DB_MUTEXMGR *mtxmgr;
+ DB_MUTEXREGION *mtxregion;
+ size_t size;
+- u_int32_t cpu_count;
++ u_int32_t cpu_count, mutex_needed;
+ int ret;
+ #ifndef HAVE_ATOMIC_SUPPORT
+ u_int i;
+@@ -61,19 +61,20 @@ __mutex_open(env, create_ok)
+ }
+
+ /*
+- * If the user didn't set an absolute value on the number of mutexes
+- * we'll need, figure it out. We're conservative in our allocation,
+- * we need mutexes for DB handles, group-commit queues and other things
+- * applications allocate at run-time. The application may have kicked
+- * up our count to allocate its own mutexes, add that in.
++ * Figure out the number of mutexes we'll need. We're conservative in
++ * our allocation, we need mutexes for DB handles, group-commit queues
++ * and other things applications allocate at run-time. The application
++ * may have kicked up our count to allocate its own mutexes, add that
++ * in.
+ */
++ mutex_needed =
++ __lock_region_mutex_count(env) +
++ __log_region_mutex_count(env) +
++ __memp_region_mutex_count(env) +
++ __txn_region_mutex_count(env);
+ if (dbenv->mutex_cnt == 0 &&
+ F_ISSET(env, ENV_PRIVATE | ENV_THREAD) != ENV_PRIVATE)
+- dbenv->mutex_cnt =
+- __lock_region_mutex_count(env) +
+- __log_region_mutex_count(env) +
+- __memp_region_mutex_count(env) +
+- __txn_region_mutex_count(env);
++ dbenv->mutex_cnt = mutex_needed;
+
+ if (dbenv->mutex_max != 0 && dbenv->mutex_cnt > dbenv->mutex_max)
+ dbenv->mutex_cnt = dbenv->mutex_max;
+@@ -90,8 +91,8 @@ __mutex_open(env, create_ok)
+ size = __mutex_region_size(env);
+ if (create_ok)
+ F_SET(&mtxmgr->reginfo, REGION_CREATE_OK);
+- if ((ret = __env_region_attach(env,
+- &mtxmgr->reginfo, size, size + __mutex_region_max(env))) != 0)
++ if ((ret = __env_region_attach(env, &mtxmgr->reginfo,
++ size, size + __mutex_region_max(env, mutex_needed))) != 0)
+ goto err;
+
+ /* If we created the region, initialize it. */
+@@ -352,9 +353,13 @@ __mutex_region_size(env)
+
+ s = sizeof(DB_MUTEXMGR) + 1024;
+
+- /* We discard one mutex for the OOB slot. */
++ /*
++ * We discard one mutex for the OOB slot. Make sure mutex_cnt doesn't
++ * overflow.
++ */
+ s += __env_alloc_size(
+- (dbenv->mutex_cnt + 1) *__mutex_align_size(env));
++ (dbenv->mutex_cnt + (dbenv->mutex_cnt == UINT32_MAX ? 0 : 1)) *
++ __mutex_align_size(env));
+
+ return (s);
+ }
+@@ -364,28 +369,42 @@ __mutex_region_size(env)
+ * Return the amount of space needed to reach the maximum size.
+ */
+ static size_t
+-__mutex_region_max(env)
++__mutex_region_max(env, mutex_needed)
+ ENV *env;
++ u_int32_t mutex_needed;
+ {
+ DB_ENV *dbenv;
+- u_int32_t max;
++ u_int32_t max, mutex_cnt;
+
+ dbenv = env->dbenv;
++ mutex_cnt = dbenv->mutex_cnt;
+
+- if ((max = dbenv->mutex_max) == 0) {
++ /*
++ * We want to limit the region size to accommodate at most UINT32_MAX
++ * mutexes. If mutex_cnt is UINT32_MAX, no more space is allowed.
++ */
++ if ((max = dbenv->mutex_max) == 0 && mutex_cnt != UINT32_MAX)
+ if (F_ISSET(env, ENV_PRIVATE | ENV_THREAD) == ENV_PRIVATE)
+- max = dbenv->mutex_inc + 1;
+- else
++ if (dbenv->mutex_inc + 1 < UINT32_MAX - mutex_cnt)
++ max = dbenv->mutex_inc + 1 + mutex_cnt;
++ else
++ max = UINT32_MAX;
++ else {
+ max = __lock_region_mutex_max(env) +
+ __txn_region_mutex_max(env) +
+ __log_region_mutex_max(env) +
+ dbenv->mutex_inc + 100;
+- } else if (max <= dbenv->mutex_cnt)
++ if (max < UINT32_MAX - mutex_needed)
++ max += mutex_needed;
++ else
++ max = UINT32_MAX;
++ }
++
++ if (max <= mutex_cnt)
+ return (0);
+ else
+- max -= dbenv->mutex_cnt;
+-
+- return ( __env_alloc_size(max * __mutex_align_size(env)));
++ return (__env_alloc_size(
++ (max - mutex_cnt) * __mutex_align_size(env)));
+ }
+
+ #ifdef HAVE_MUTEX_SYSTEM_RESOURCES
--- /dev/null
+--- a/lang/sql/sqlite/tool/lemon.c
++++ b/lang/sql/sqlite/tool/lemon.c
+@@ -3428,7 +3428,7 @@ void print_stack_union(
+ int maxdtlength; /* Maximum length of any ".datatype" field. */
+ char *stddt; /* Standardized name for a datatype */
+ int i,j; /* Loop counters */
+- int hash; /* For hashing the name of a type */
++ unsigned hash; /* For hashing the name of a type */
+ const char *name; /* Name of the parser */
+
+ /* Allocate and initialize types[] and allocate stddt[] */
+@@ -3491,7 +3491,7 @@ void print_stack_union(
+ break;
+ }
+ hash++;
+- if( hash>=arraysize ) hash = 0;
++ if( hash>=(unsigned)arraysize ) hash = 0;
+ }
+ if( types[hash]==0 ){
+ sp->dtnum = hash + 1;
--- /dev/null
+Author: Filip Januš <fjanus@redhat.com>
+Date: 6 Sep 2021
+Related: https://bugzilla.redhat.com/show_bug.cgi?id=1992402
+Patch was created based on the discussion in the previous link
+--- a/src/os/os_map.c
++++ b/src/os/os_map.c
+@@ -213,7 +213,10 @@ __os_attach(env, infop, rp)
+ if (rp->max < rp->size)
+ rp->max = rp->size;
+ if (ret == 0 && F_ISSET(infop, REGION_CREATE)) {
+- if (F_ISSET(dbenv, DB_ENV_REGION_INIT))
++
++ rp->size = rp->max;
++
++ if (F_ISSET(dbenv, DB_ENV_REGION_INIT))
+ ret = __db_file_write(env, infop->fhp,
+ rp->size / MEGABYTE, rp->size % MEGABYTE, 0x00);
+ else
--- /dev/null
+--- a/src/btree/bt_cursor.c
++++ b/src/btree/bt_cursor.c
+@@ -282,6 +282,8 @@ __bamc_refresh(dbc)
+ *
+ * Recno uses the btree bt_ovflsize value -- it's close enough.
+ */
++ if (t->bt_minkey == 0)
++ return (DB_RECOVER);
+ cp->ovflsize = B_MINKEY_TO_OVFLSIZE(
+ dbp, F_ISSET(dbc, DBC_OPD) ? 2 : t->bt_minkey, dbp->pgsize);
+
+--- a/src/btree/bt_verify.c
++++ b/src/btree/bt_verify.c
+@@ -611,7 +611,11 @@ __bam_vrfy_inp(dbp, vdp, h, pgno, nentri
+ isbad = 1;
+ goto err;
+ default:
+- DB_ASSERT(env, ret != 0);
++ if (ret == 0) {
++ isbad = 1;
++ ret = DB_VERIFY_FATAL;
++ goto err;
++ }
+ break;
+ }
+
+@@ -922,7 +926,7 @@ __bam_vrfy_itemorder(dbp, vdp, ip, h, pg
+ DBT dbta, dbtb, dup_1, dup_2, *p1, *p2, *tmp;
+ ENV *env;
+ PAGE *child;
+- db_pgno_t cpgno;
++ db_pgno_t cpgno, grandparent;
+ VRFY_PAGEINFO *pip;
+ db_indx_t i, *inp;
+ int adj, cmp, freedup_1, freedup_2, isbad, ret, t_ret;
+@@ -954,7 +958,8 @@ __bam_vrfy_itemorder(dbp, vdp, ip, h, pg
+
+ buf1 = buf2 = NULL;
+
+- DB_ASSERT(env, !LF_ISSET(DB_NOORDERCHK));
++ if (LF_ISSET(DB_NOORDERCHK))
++ return (EINVAL);
+
+ dupfunc = (dbp->dup_compare == NULL) ? __bam_defcmp : dbp->dup_compare;
+ if (TYPE(h) == P_LDUP)
+@@ -963,6 +968,7 @@ __bam_vrfy_itemorder(dbp, vdp, ip, h, pg
+ func = __bam_defcmp;
+ if (dbp->bt_internal != NULL) {
+ bt = (BTREE *)dbp->bt_internal;
++ grandparent = bt->bt_root;
+ if (TYPE(h) == P_IBTREE && (bt->bt_compare != NULL ||
+ dupfunc != __bam_defcmp)) {
+ /*
+@@ -974,8 +980,24 @@ __bam_vrfy_itemorder(dbp, vdp, ip, h, pg
+ */
+ mpf = dbp->mpf;
+ child = h;
++ cpgno = pgno;
+ while (TYPE(child) == P_IBTREE) {
++ if (NUM_ENT(child) == 0) {
++ EPRINT((env, DB_STR_A("1088",
++ "Page %lu: internal page is empty and should not be",
++ "%lu"), (u_long)cpgno));
++ ret = DB_VERIFY_BAD;
++ goto err;
++ }
+ bi = GET_BINTERNAL(dbp, child, 0);
++ if (grandparent == bi->pgno) {
++ EPRINT((env, DB_STR_A("5552",
++ "Page %lu: found twice in the btree",
++ "%lu"), (u_long)grandparent));
++ ret = DB_VERIFY_FATAL;
++ goto err;
++ } else
++ grandparent = cpgno;
+ cpgno = bi->pgno;
+ if (child != h &&
+ (ret = __memp_fput(mpf,
+@@ -1231,7 +1253,10 @@ overflow: if (!ovflok) {
+ */
+ if (dup_1.data == NULL ||
+ dup_2.data == NULL) {
+- DB_ASSERT(env, !ovflok);
++ if (ovflok) {
++ isbad = 1;
++ goto err;
++ }
+ if (pip != NULL)
+ F_SET(pip,
+ VRFY_INCOMPLETE);
+@@ -1569,9 +1594,10 @@ bad_prev: isbad = 1;
+ (ret = __db_vrfy_ovfl_structure(dbp, vdp,
+ child->pgno, child->tlen,
+ flags | DB_ST_OVFL_LEAF)) != 0) {
+- if (ret == DB_VERIFY_BAD)
++ if (ret == DB_VERIFY_BAD) {
+ isbad = 1;
+- else
++ break;
++ } else
+ goto done;
+ }
+
+@@ -1645,9 +1671,10 @@ bad_prev: isbad = 1;
+ stflags | DB_ST_TOPLEVEL,
+ NULL, NULL, NULL)) != 0) {
+ if (ret ==
+- DB_VERIFY_BAD)
++ DB_VERIFY_BAD) {
+ isbad = 1;
+- else
++ break;
++ } else
+ goto err;
+ }
+ }
+@@ -1790,7 +1817,10 @@ bad_prev: isbad = 1;
+ */
+
+ /* Otherwise, __db_vrfy_childput would be broken. */
+- DB_ASSERT(env, child->refcnt >= 1);
++ if (child->refcnt < 1) {
++ isbad = 1;
++ goto err;
++ }
+
+ /*
+ * An overflow referenced more than twice here
+@@ -1807,9 +1837,10 @@ bad_prev: isbad = 1;
+ if ((ret = __db_vrfy_ovfl_structure(dbp,
+ vdp, child->pgno, child->tlen,
+ flags)) != 0) {
+- if (ret == DB_VERIFY_BAD)
++ if (ret == DB_VERIFY_BAD) {
+ isbad = 1;
+- else
++ break;
++ } else
+ goto done;
+ }
+ }
+@@ -1847,9 +1878,10 @@ bad_prev: isbad = 1;
+ if ((ret = __bam_vrfy_subtree(dbp, vdp, li->pgno,
+ i == 0 ? NULL : li, ri, flags, &child_level,
+ &child_nrecs, NULL)) != 0) {
+- if (ret == DB_VERIFY_BAD)
++ if (ret == DB_VERIFY_BAD) {
+ isbad = 1;
+- else
++ break;
++ } else
+ goto done;
+ }
+
+@@ -2675,7 +2707,11 @@ __bam_meta2pgset(dbp, vdp, btmeta, flags
+ db_pgno_t current, p;
+ int err_ret, ret;
+
+- DB_ASSERT(dbp->env, pgset != NULL);
++ if (pgset == NULL) {
++ EPRINT((dbp->env, DB_STR("5542",
++ "Error, database contains no visible pages.")));
++ return (DB_RUNRECOVERY);
++ }
+
+ mpf = dbp->mpf;
+ h = NULL;
+--- a/src/db/db_conv.c
++++ b/src/db/db_conv.c
+@@ -493,8 +493,11 @@ __db_byteswap(dbp, pg, h, pagesize, pgin
+ db_indx_t i, *inp, len, tmp;
+ u_int8_t *end, *p, *pgend;
+
+- if (pagesize == 0)
+- return (0);
++ /* This function is also used to byteswap logs, so
++ * the pagesize might not be an actual page size.
++ */
++ if (!(pagesize >= 24 && pagesize <= DB_MAX_PGSIZE))
++ return (EINVAL);
+
+ if (pgin) {
+ M_32_SWAP(h->lsn.file);
+@@ -513,26 +516,41 @@ __db_byteswap(dbp, pg, h, pagesize, pgin
+ pgend = (u_int8_t *)h + pagesize;
+
+ inp = P_INP(dbp, h);
+- if ((u_int8_t *)inp >= pgend)
+- goto out;
++ if ((u_int8_t *)inp > pgend)
++ return (__db_pgfmt(env, pg));
+
+ switch (TYPE(h)) {
+ case P_HASH_UNSORTED:
+ case P_HASH:
+ for (i = 0; i < NUM_ENT(h); i++) {
++ if ((u_int8_t*)(inp + i) >= pgend)
++ return (__db_pgfmt(env, pg));
++ if (inp[i] == 0)
++ continue;
+ if (pgin)
+ M_16_SWAP(inp[i]);
++ if (inp[i] >= pagesize)
++ return (__db_pgfmt(env, pg));
+
+- if (P_ENTRY(dbp, h, i) >= pgend)
+- continue;
++ if (P_ENTRY(dbp, h, i) >= pgend)
++ return (__db_pgfmt(env, pg));
+
+ switch (HPAGE_TYPE(dbp, h, i)) {
+ case H_KEYDATA:
+ break;
+ case H_DUPLICATE:
++ if (LEN_HITEM(dbp, h, pagesize, i) <
++ HKEYDATA_SIZE(0))
++ return (__db_pgfmt(env, pg));
++
+ len = LEN_HKEYDATA(dbp, h, pagesize, i);
+ p = HKEYDATA_DATA(P_ENTRY(dbp, h, i));
+- for (end = p + len; p < end;) {
++
++ end = p + len;
++ if (end > pgend)
++ return (__db_pgfmt(env, pg));
++
++ while (p < end) {
+ if (pgin) {
+ P_16_SWAP(p);
+ memcpy(&tmp,
+@@ -544,14 +562,20 @@ __db_byteswap(dbp, pg, h, pagesize, pgin
+ SWAP16(p);
+ }
+ p += tmp;
++ if (p >= end)
++ return (__db_pgfmt(env, pg));
+ SWAP16(p);
+ }
+ break;
+ case H_OFFDUP:
++ if ((inp[i] + HOFFDUP_SIZE) > pagesize)
++ return (__db_pgfmt(env, pg));
+ p = HOFFPAGE_PGNO(P_ENTRY(dbp, h, i));
+ SWAP32(p); /* pgno */
+ break;
+ case H_OFFPAGE:
++ if ((inp[i] + HOFFPAGE_SIZE) > pagesize)
++ return (__db_pgfmt(env, pg));
+ p = HOFFPAGE_PGNO(P_ENTRY(dbp, h, i));
+ SWAP32(p); /* pgno */
+ SWAP32(p); /* tlen */
+@@ -559,7 +583,6 @@ __db_byteswap(dbp, pg, h, pagesize, pgin
+ default:
+ return (__db_pgfmt(env, pg));
+ }
+-
+ }
+
+ /*
+@@ -576,8 +599,12 @@ __db_byteswap(dbp, pg, h, pagesize, pgin
+ case P_LDUP:
+ case P_LRECNO:
+ for (i = 0; i < NUM_ENT(h); i++) {
++ if ((u_int8_t *)(inp + i) >= pgend)
++ return (__db_pgfmt(env, pg));
+ if (pgin)
+ M_16_SWAP(inp[i]);
++ if (inp[i] >= pagesize)
++ return (__db_pgfmt(env, pg));
+
+ /*
+ * In the case of on-page duplicates, key information
+@@ -597,7 +624,7 @@ __db_byteswap(dbp, pg, h, pagesize, pgin
+
+ bk = GET_BKEYDATA(dbp, h, i);
+ if ((u_int8_t *)bk >= pgend)
+- continue;
++ return (__db_pgfmt(env, pg));
+ switch (B_TYPE(bk->type)) {
+ case B_KEYDATA:
+ M_16_SWAP(bk->len);
+@@ -605,6 +632,8 @@ __db_byteswap(dbp, pg, h, pagesize, pgin
+ case B_DUPLICATE:
+ case B_OVERFLOW:
+ bo = (BOVERFLOW *)bk;
++ if (((u_int8_t *)bo + BOVERFLOW_SIZE) > pgend)
++ return (__db_pgfmt(env, pg));
+ M_32_SWAP(bo->pgno);
+ M_32_SWAP(bo->tlen);
+ break;
+@@ -618,12 +647,17 @@ __db_byteswap(dbp, pg, h, pagesize, pgin
+ break;
+ case P_IBTREE:
+ for (i = 0; i < NUM_ENT(h); i++) {
++ if ((u_int8_t *)(inp + i) > pgend)
++ return (__db_pgfmt(env, pg));
+ if (pgin)
+ M_16_SWAP(inp[i]);
++ if ((u_int16_t)(inp[i] +
++ BINTERNAL_SIZE(0) - 1) > pagesize)
++ break;
+
+ bi = GET_BINTERNAL(dbp, h, i);
+- if ((u_int8_t *)bi >= pgend)
+- continue;
++ if (((u_int8_t *)bi + BINTERNAL_SIZE(0)) > pgend)
++ return (__db_pgfmt(env, pg));
+
+ M_16_SWAP(bi->len);
+ M_32_SWAP(bi->pgno);
+@@ -634,6 +668,10 @@ __db_byteswap(dbp, pg, h, pagesize, pgin
+ break;
+ case B_DUPLICATE:
+ case B_OVERFLOW:
++ if ((u_int16_t)(inp[i] +
++ BINTERNAL_SIZE(BOVERFLOW_SIZE) - 1) >
++ pagesize)
++ goto out;
+ bo = (BOVERFLOW *)bi->data;
+ M_32_SWAP(bo->pgno);
+ M_32_SWAP(bo->tlen);
+@@ -648,12 +686,16 @@ __db_byteswap(dbp, pg, h, pagesize, pgin
+ break;
+ case P_IRECNO:
+ for (i = 0; i < NUM_ENT(h); i++) {
++ if ((u_int8_t *)(inp + i) >= pgend)
++ return (__db_pgfmt(env, pg));
+ if (pgin)
+ M_16_SWAP(inp[i]);
++ if (inp[i] >= pagesize)
++ return (__db_pgfmt(env, pg));
+
+ ri = GET_RINTERNAL(dbp, h, i);
+- if ((u_int8_t *)ri >= pgend)
+- continue;
++ if ((((u_int8_t *)ri) + RINTERNAL_SIZE) > pgend)
++ return (__db_pgfmt(env, pg));
+
+ M_32_SWAP(ri->pgno);
+ M_32_SWAP(ri->nrecs);
+--- a/src/db/db_vrfy.c
++++ b/src/db/db_vrfy.c
+@@ -375,8 +375,10 @@ __db_verify(dbp, ip, name, subdb, handle
+ vdp, name, 0, lp, rp, flags)) != 0) {
+ if (t_ret == DB_VERIFY_BAD)
+ isbad = 1;
+- else
+- goto err;
++ else {
++ ret = t_ret;
++ goto err;
++ }
+ }
+
+ /*
+@@ -764,9 +766,10 @@ __db_vrfy_walkpages(dbp, vdp, handle, ca
+ */
+ if ((t_ret = __memp_fget(mpf, &i,
+ vdp->thread_info, NULL, 0, &h)) != 0) {
+- if (dbp->type == DB_HASH ||
++ if ((dbp->type == DB_HASH ||
+ (dbp->type == DB_QUEUE &&
+- F_ISSET(dbp, DB_AM_INMEM))) {
++ F_ISSET(dbp, DB_AM_INMEM))) &&
++ t_ret != DB_RUNRECOVERY) {
+ if ((t_ret =
+ __db_vrfy_getpageinfo(vdp, i, &pip)) != 0)
+ goto err1;
+@@ -936,6 +939,8 @@ err: if (h != NULL && (t_ret = __memp_f
+ return (ret == 0 ? t_ret : ret);
+ }
+
++ if (ret == DB_PAGE_NOTFOUND && isbad == 1)
++ ret = 0;
+ return ((isbad == 1 && ret == 0) ? DB_VERIFY_BAD : ret);
+ }
+
+@@ -1567,7 +1572,7 @@ __db_vrfy_meta(dbp, vdp, meta, pgno, fla
+ if (pgno == PGNO_BASE_MD &&
+ dbtype != DB_QUEUE && meta->last_pgno != vdp->last_pgno) {
+ #ifdef HAVE_FTRUNCATE
+- isbad = 1;
++ ret = DB_VERIFY_FATAL;
+ EPRINT((env, DB_STR_A("0552",
+ "Page %lu: last_pgno is not correct: %lu != %lu",
+ "%lu %lu %lu"), (u_long)pgno,
+@@ -1608,7 +1613,11 @@ __db_vrfy_freelist(dbp, vdp, meta, flags
+
+ env = dbp->env;
+ pgset = vdp->pgset;
+- DB_ASSERT(env, pgset != NULL);
++ if (pgset == NULL) {
++ EPRINT((env, DB_STR("5543",
++ "Error, database contains no visible pages.")));
++ return (DB_RUNRECOVERY);
++ }
+
+ if ((ret = __db_vrfy_getpageinfo(vdp, meta, &pip)) != 0)
+ return (ret);
+@@ -1993,7 +2002,8 @@ __db_salvage_pg(dbp, vdp, pgno, h, handl
+ int keyflag, ret, t_ret;
+
+ env = dbp->env;
+- DB_ASSERT(env, LF_ISSET(DB_SALVAGE));
++ if (!LF_ISSET(DB_SALVAGE))
++ return (EINVAL);
+
+ /*
+ * !!!
+@@ -2126,10 +2136,8 @@ __db_salvage_leaf(dbp, vdp, pgno, h, han
+ int (*callback) __P((void *, const void *));
+ u_int32_t flags;
+ {
+- ENV *env;
+-
+- env = dbp->env;
+- DB_ASSERT(env, LF_ISSET(DB_SALVAGE));
++ if (!LF_ISSET(DB_SALVAGE))
++ return (EINVAL);
+
+ /* If we got this page in the subdb pass, we can safely skip it. */
+ if (__db_salvage_isdone(vdp, pgno))
+@@ -2223,8 +2231,8 @@ __db_salvage_unknowns(dbp, vdp, handle,
+ ret = t_ret;
+ break;
+ case SALVAGE_OVERFLOW:
+- DB_ASSERT(env, 0); /* Shouldn't ever happen. */
+- break;
++ EPRINT((env, DB_STR("5544", "Invalid page type to salvage.")));
++ return (EINVAL);
+ case SALVAGE_HASH:
+ if ((t_ret = __ham_salvage(dbp, vdp,
+ pgno, h, handle, callback, flags)) != 0 && ret == 0)
+@@ -2237,8 +2245,8 @@ __db_salvage_unknowns(dbp, vdp, handle,
+ * Shouldn't happen, but if it does, just do what the
+ * nice man says.
+ */
+- DB_ASSERT(env, 0);
+- break;
++ EPRINT((env, DB_STR("5545", "Invalid page type to salvage.")));
++ return (EINVAL);
+ }
+ if ((t_ret = __memp_fput(mpf,
+ vdp->thread_info, h, dbp->priority)) != 0 && ret == 0)
+@@ -2284,8 +2292,8 @@ __db_salvage_unknowns(dbp, vdp, handle,
+ ret = t_ret;
+ break;
+ default:
+- DB_ASSERT(env, 0); /* Shouldn't ever happen. */
+- break;
++ EPRINT((env, DB_STR("5546", "Invalid page type to salvage.")));
++ return (EINVAL);
+ }
+ if ((t_ret = __memp_fput(mpf,
+ vdp->thread_info, h, dbp->priority)) != 0 && ret == 0)
+@@ -2342,7 +2350,10 @@ __db_vrfy_inpitem(dbp, h, pgno, i, is_bt
+
+ env = dbp->env;
+
+- DB_ASSERT(env, himarkp != NULL);
++ if (himarkp == NULL) {
++ __db_msg(env, "Page %lu index has no end.", (u_long)pgno);
++ return (DB_VERIFY_FATAL);
++ }
+ inp = P_INP(dbp, h);
+
+ /*
+@@ -2755,7 +2766,11 @@ __db_salvage_subdbpg(dbp, vdp, master, h
+ goto err;
+ ovfl_bufsz = bkkey->len + 1;
+ }
+- DB_ASSERT(env, subdbname != NULL);
++ if (subdbname == NULL) {
++ EPRINT((env, DB_STR("5547", "Subdatabase cannot be null.")));
++ ret = EINVAL;
++ goto err;
++ }
+ memcpy(subdbname, bkkey->data, bkkey->len);
+ subdbname[bkkey->len] = '\0';
+ }
+--- a/src/db/db_vrfyutil.c
++++ b/src/db/db_vrfyutil.c
+@@ -208,7 +208,8 @@ __db_vrfy_getpageinfo(vdp, pgno, pipp)
+ if ((ret = __db_get(pgdbp,
+ vdp->thread_info, vdp->txn, &key, &data, 0)) == 0) {
+ /* Found it. */
+- DB_ASSERT(env, data.size == sizeof(VRFY_PAGEINFO));
++ if (data.size != sizeof(VRFY_PAGEINFO))
++ return (DB_VERIFY_FATAL);
+ pip = data.data;
+ LIST_INSERT_HEAD(&vdp->activepips, pip, links);
+ goto found;
+@@ -336,7 +337,8 @@ __db_vrfy_pgset_get(dbp, ip, txn, pgno,
+ F_SET(&data, DB_DBT_USERMEM);
+
+ if ((ret = __db_get(dbp, ip, txn, &key, &data, 0)) == 0) {
+- DB_ASSERT(dbp->env, data.size == sizeof(int));
++ if (data.size != sizeof(int))
++ return (EINVAL);
+ } else if (ret == DB_NOTFOUND)
+ val = 0;
+ else
+@@ -376,7 +378,8 @@ __db_vrfy_pgset_inc(dbp, ip, txn, pgno)
+ F_SET(&data, DB_DBT_USERMEM);
+
+ if ((ret = __db_get(dbp, ip, txn, &key, &data, 0)) == 0) {
+- DB_ASSERT(dbp->env, data.size == sizeof(int));
++ if (data.size != sizeof(int))
++ return (DB_VERIFY_FATAL);
+ } else if (ret != DB_NOTFOUND)
+ return (ret);
+
+@@ -413,7 +416,8 @@ __db_vrfy_pgset_next(dbc, pgnop)
+ if ((ret = __dbc_get(dbc, &key, &data, DB_NEXT)) != 0)
+ return (ret);
+
+- DB_ASSERT(dbc->env, key.size == sizeof(db_pgno_t));
++ if (key.size != sizeof(db_pgno_t))
++ return (DB_VERIFY_FATAL);
+ *pgnop = pgno;
+
+ return (0);
+@@ -560,7 +564,8 @@ __db_vrfy_ccset(dbc, pgno, cipp)
+ if ((ret = __dbc_get(dbc, &key, &data, DB_SET)) != 0)
+ return (ret);
+
+- DB_ASSERT(dbc->env, data.size == sizeof(VRFY_CHILDINFO));
++ if (data.size != sizeof(VRFY_CHILDINFO))
++ return (DB_VERIFY_FATAL);
+ *cipp = (VRFY_CHILDINFO *)data.data;
+
+ return (0);
+@@ -588,7 +593,8 @@ __db_vrfy_ccnext(dbc, cipp)
+ if ((ret = __dbc_get(dbc, &key, &data, DB_NEXT_DUP)) != 0)
+ return (ret);
+
+- DB_ASSERT(dbc->env, data.size == sizeof(VRFY_CHILDINFO));
++ if (data.size != sizeof(VRFY_CHILDINFO))
++ return (DB_VERIFY_FATAL);
+ *cipp = (VRFY_CHILDINFO *)data.data;
+
+ return (0);
+@@ -715,7 +721,8 @@ __db_salvage_getnext(vdp, dbcp, pgnop, p
+ return (ret);
+
+ while ((ret = __dbc_get(*dbcp, &key, &data, DB_NEXT)) == 0) {
+- DB_ASSERT(dbp->env, data.size == sizeof(u_int32_t));
++ if (data.size != sizeof(u_int32_t))
++ return (DB_VERIFY_FATAL);
+ memcpy(&pgtype, data.data, sizeof(pgtype));
+
+ if (skip_overflow && pgtype == SALVAGE_OVERFLOW)
+@@ -724,8 +731,9 @@ __db_salvage_getnext(vdp, dbcp, pgnop, p
+ if ((ret = __dbc_del(*dbcp, 0)) != 0)
+ return (ret);
+ if (pgtype != SALVAGE_IGNORE) {
+- DB_ASSERT(dbp->env, key.size == sizeof(db_pgno_t));
+- DB_ASSERT(dbp->env, data.size == sizeof(u_int32_t));
++ if (key.size != sizeof(db_pgno_t)
++ || data.size != sizeof(u_int32_t))
++ return (DB_VERIFY_FATAL);
+
+ *pgnop = *(db_pgno_t *)key.data;
+ *pgtypep = *(u_int32_t *)data.data;
+--- a/src/db/partition.c
++++ b/src/db/partition.c
+@@ -461,9 +461,19 @@ __partition_chk_meta(dbp, ip, txn, flags
+ } else
+ part->nparts = meta->nparts;
+ } else if (meta->nparts != 0 && part->nparts != meta->nparts) {
++ ret = EINVAL;
+ __db_errx(env, DB_STR("0656",
+ "Number of partitions does not match."));
++ goto err;
++ }
++ /*
++ * There is no limit on the number of partitions, but I cannot imagine a real
++ * database having more than 10000.
++ */
++ if (meta->nparts > 10000) {
+ ret = EINVAL;
++ __db_errx(env, DB_STR_A("5553",
++ "Too many partitions %lu", "%lu"), (u_long)(meta->nparts));
+ goto err;
+ }
+
+@@ -1874,10 +1884,13 @@ __part_verify(dbp, vdp, fname, handle, c
+ memcpy(rp->data, key->data, key->size);
+ B_TSET(rp->type, B_KEYDATA);
+ }
+-vrfy: if ((t_ret = __db_verify(*pdbp, ip, (*pdbp)->fname,
+- NULL, handle, callback,
+- lp, rp, flags | DB_VERIFY_PARTITION)) != 0 && ret == 0)
+- ret = t_ret;
++vrfy: if ((t_ret = __db_verify(*pdbp, ip, (*pdbp)->fname,
++ NULL, handle, callback,
++ lp, rp, flags | DB_VERIFY_PARTITION)) != 0 && ret == 0) {
++ ret = t_ret;
++ if (ret == ENOENT)
++ break;
++ }
+ }
+
+ err: if (lp != NULL)
+--- a/src/hash/hash_page.c
++++ b/src/hash/hash_page.c
+@@ -865,7 +865,11 @@ __ham_verify_sorted_page (dbc, p)
+ /* Validate that next, prev pointers are OK */
+ n = NUM_ENT(p);
+ dbp = dbc->dbp;
+- DB_ASSERT(dbp->env, n%2 == 0 );
++ if (n % 2 != 0) {
++ __db_errx(dbp->env, DB_STR_A("5549",
++ "Odd number of entries on page: %lu", "%lu"), (u_long)(p->pgno));
++ return (DB_VERIFY_FATAL);
++ }
+
+ env = dbp->env;
+ t = dbp->h_internal;
+@@ -936,7 +940,12 @@ __ham_verify_sorted_page (dbc, p)
+ if ((ret = __db_prpage(dbp, p, DB_PR_PAGE)) != 0)
+ return (ret);
+ #endif
+- DB_ASSERT(dbp->env, res < 0);
++ if (res >= 0) {
++ __db_errx(env, DB_STR_A("5550",
++ "Odd number of entries on page: %lu", "%lu"),
++ (u_long)p->pgno);
++ return (DB_VERIFY_FATAL);
++ }
+ }
+
+ prev = curr;
+--- a/src/hash/hash_verify.c
++++ b/src/hash/hash_verify.c
+@@ -443,7 +443,7 @@ __ham_vrfy_structure(dbp, vdp, meta_pgno
+ isbad = 1;
+ else
+ goto err;
+- }
++ }
+
+ /*
+ * There may be unused hash pages corresponding to buckets
+@@ -574,7 +574,7 @@ __ham_vrfy_bucket(dbp, vdp, m, bucket, f
+ "Page %lu: impossible first page in bucket %lu", "%lu %lu"),
+ (u_long)pgno, (u_long)bucket));
+ /* Unsafe to continue. */
+- isbad = 1;
++ ret = DB_VERIFY_FATAL;
+ goto err;
+ }
+
+@@ -604,7 +604,7 @@ __ham_vrfy_bucket(dbp, vdp, m, bucket, f
+ EPRINT((env, DB_STR_A("1116",
+ "Page %lu: hash page referenced twice", "%lu"),
+ (u_long)pgno));
+- isbad = 1;
++ ret = DB_VERIFY_FATAL;
+ /* Unsafe to continue. */
+ goto err;
+ } else if ((ret = __db_vrfy_pgset_inc(vdp->pgset,
+@@ -1049,7 +1049,11 @@ __ham_meta2pgset(dbp, vdp, hmeta, flags,
+ COMPQUIET(flags, 0);
+ ip = vdp->thread_info;
+
+- DB_ASSERT(dbp->env, pgset != NULL);
++ if (pgset == NULL) {
++ EPRINT((dbp->env, DB_STR("5548",
++ "Error, database contains no visible pages.")));
++ return (DB_VERIFY_FATAL);
++ }
+
+ mpf = dbp->mpf;
+ totpgs = 0;
+--- a/src/qam/qam_verify.c
++++ b/src/qam/qam_verify.c
+@@ -465,7 +465,14 @@ __qam_vrfy_walkqueue(dbp, vdp, handle, c
+ /* Verify/salvage each page. */
+ if ((ret = __db_cursor(dbp, vdp->thread_info, NULL, &dbc, 0)) != 0)
+ return (ret);
+-begin: for (; i <= stop; i++) {
++begin: if ((stop - i) > 100000) {
++ EPRINT((env, DB_STR_A("5551",
++"Warning, many possible extends files (%lu), will take a long time to verify",
++ "%lu"), (u_long)(stop - i)));
++ }
++ for (; i <= stop; i++) {
++ if (i == UINT32_MAX)
++ break;
+ /*
+ * If DB_SALVAGE is set, we inspect our database of completed
+ * pages, and skip any we've already printed in the subdb pass.
--- /dev/null
+Description: Enhance the rtreenode function in order to avoid a heap out-of-bounds read
+Origin: https://www.sqlite.org/src/info/90acdbfce9c08858
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929775
+
+--- a/lang/sql/sqlite/ext/rtree/rtree.c
++++ b/lang/sql/sqlite/ext/rtree/rtree.c
+@@ -3089,38 +3089,45 @@ static void rtreenode(sqlite3_context *c
+ RtreeNode node;
+ Rtree tree;
+ int ii;
++ int nData;
++ int errCode;
++ sqlite3_str *pOut;
+
+ UNUSED_PARAMETER(nArg);
+ memset(&node, 0, sizeof(RtreeNode));
+ memset(&tree, 0, sizeof(Rtree));
+ tree.nDim = sqlite3_value_int(apArg[0]);
++ if( tree.nDim<1 || tree.nDim>5 ) return;
+ tree.nBytesPerCell = 8 + 8 * tree.nDim;
+ node.zData = (u8 *)sqlite3_value_blob(apArg[1]);
++ nData = sqlite3_value_bytes(apArg[1]);
++ if( nData<4 ) return;
++ if( nData<NCELL(&node)*tree.nBytesPerCell ) return;
+
++ pOut = sqlite3_str_new(0);
+ for(ii=0; ii<NCELL(&node); ii++){
+- char zCell[512];
+- int nCell = 0;
+ RtreeCell cell;
+ int jj;
+
+ nodeGetCell(&tree, &node, ii, &cell);
+- sqlite3_snprintf(512-nCell,&zCell[nCell],"%lld", cell.iRowid);
+- nCell = strlen(zCell);
++ if( ii>0 ) sqlite3_str_append(pOut, " ", 1);
++ sqlite3_str_appendf(pOut, "{%lld", cell.iRowid);
+ for(jj=0; jj<tree.nDim*2; jj++){
+- sqlite3_snprintf(512-nCell,&zCell[nCell]," %f",(double)cell.aCoord[jj].f);
+- nCell = strlen(zCell);
++#ifndef SQLITE_RTREE_INT_ONLY
++ sqlite3_str_appendf(pOut, " %g", (double)cell.aCoord[jj].f);
++#else
++ sqlite3_str_appendf(pOut, " %d", cell.aCoord[jj].i);
++#endif
+ }
+
+- if( zText ){
+- char *zTextNew = sqlite3_mprintf("%s {%s}", zText, zCell);
+- sqlite3_free(zText);
+- zText = zTextNew;
+- }else{
+- zText = sqlite3_mprintf("{%s}", zCell);
+- }
++
++ sqlite3_str_append(pOut, "}", 1);
++
+ }
+-
+- sqlite3_result_text(ctx, zText, -1, sqlite3_free);
++ errCode = sqlite3_str_errcode(pOut);
++ sqlite3_result_text(ctx, sqlite3_str_finish(pOut), -1, sqlite3_free);
++ sqlite3_result_error_code(ctx, errCode);
++
+ }
+
+ static void rtreedepth(sqlite3_context *ctx, int nArg, sqlite3_value **apArg){
--- /dev/null
+Description: CVE-2017-10140: Reads DB_CONFIG from the current working directory
+ Do not access DB_CONFIG when db_home is not set.
+Origin: vendor, https://src.fedoraproject.org/rpms/libdb/raw/8047fa8580659fcae740c25e91b490539b8453eb/f/db-5.3.28-cwd-db_config.patch
+Bug-Debian: https://bugs.debian.org/872436
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1464032
+Bug-SuSE: https://bugzilla.novell.com/show_bug.cgi?id=1043886
+Forwarded: no
+Author: Petr Kubat <pkubat@redhat.com>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2017-08-17
+
+--- a/src/env/env_open.c
++++ b/src/env/env_open.c
+@@ -473,7 +473,7 @@ __env_config(dbenv, db_home, flagsp, mod
+ env->db_mode = mode == 0 ? DB_MODE_660 : mode;
+
+ /* Read the DB_CONFIG file. */
+- if ((ret = __env_read_db_config(env)) != 0)
++ if (env->db_home != NULL && (ret = __env_read_db_config(env)) != 0)
+ return (ret);
+
+ /*
--- /dev/null
+From: Andy Whitcroft <apw@canonical.com>
+Subject: [PATCH] MMAP_EXTEND mode requires we extend in full system page increments
+Date: Wed, 12 Mar 2014 11:58:31 +0100
+
+When extending a mmap file we must ensure we extend by full system pages,
+otherwise there is a risk (when the filesystem page size is smaller than
+the system page size) that we will not allocate disk extents to store
+the memory and it will be lost resulting in data loss.
+
+Signed-off-by: Andy Whitcroft <apw@canonical.com>
+Signed-off-by: Cédric Le Goater <clg@fr.ibm.com>
+
+---
+ env_file.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+--- a/src/env/env_file.c
++++ b/src/env/env_file.c
+@@ -28,6 +28,15 @@ __db_file_extend(env, fhp, size)
+ int ret;
+ char buf;
+
++#ifdef HAVE_MMAP_EXTEND
++ /*
++ * We have to ensure we extend a mmap'd segment a full memory page at
++ * a time or risk the end of the page not having any filesystem blocks
++ * associated resulting in the data loss.
++ */
++ size = DB_ALIGN(size, getpagesize()) - 1;
++#endif
++
+ buf = '\0';
+ /*
+ * Extend the file by writing the last page. If the region is >4Gb,
--- /dev/null
+--- a/src/dbinc/mutex_int.h
++++ b/src/dbinc/mutex_int.h
+@@ -850,7 +850,11 @@ typedef volatile unsigned char tsl_t;
+ * alignment locally.
+ */
+ #ifndef MUTEX_ALIGN
+-#define MUTEX_ALIGN sizeof(unsigned int)
++# if defined(__linux__) && defined(__sparc__)
++# define MUTEX_ALIGN 8
++# else
++# define MUTEX_ALIGN sizeof(unsigned int)
++# endif
+ #endif
+
+ /*
--- /dev/null
+--- a/src/dbinc/db_page.h
++++ b/src/dbinc/db_page.h
+@@ -256,6 +256,17 @@ typedef struct __pg_crypto {
+ */
+ } PG_CRYPTO;
+
++/*
++ * With most compilers sizeof(PG_CRYPTO) == 38. However some ABIs
++ * require it to be padded to 40 bytes. The padding must be excluded
++ * from our size calculations due to the 16-byte alignment requirement
++ * for crypto.
++ *
++ * A similar problem applies to PG_CHKSUM, but it's too late to change
++ * that.
++ */
++#define SIZEOF_PG_CRYPTO 38
++
+ typedef struct _db_page {
+ DB_LSN lsn; /* 00-07: Log sequence number. */
+ db_pgno_t pgno; /* 08-11: Current page number. */
+@@ -291,7 +302,7 @@ typedef struct _db_page {
+ */
+ #define P_INP(dbp, pg) \
+ ((db_indx_t *)((u_int8_t *)(pg) + SIZEOF_PAGE + \
+- (F_ISSET((dbp), DB_AM_ENCRYPT) ? sizeof(PG_CRYPTO) : \
++ (F_ISSET((dbp), DB_AM_ENCRYPT) ? SIZEOF_PG_CRYPTO : \
+ (F_ISSET((dbp), DB_AM_CHKSUM) ? sizeof(PG_CHKSUM) : 0))))
+
+ #define P_IV(dbp, pg) \
+++ /dev/null
-#
-# Copyright (C) 2009-2015 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-BASE_VERSION:=4.7.25
-
-PKG_NAME:=db47
-PKG_VERSION:=$(BASE_VERSION).4.NC
-PKG_RELEASE:=7
-
-PKG_BUILD_DIR:=$(BUILD_DIR)/db-$(BASE_VERSION).NC
-PKG_SOURCE:=db-$(BASE_VERSION).NC.tar.gz
-PKG_SOURCE_URL:=http://download.oracle.com/berkeley-db/
-PKG_HASH:=cd39c711023ff44c01d3c8ff0323eef7318660772b24f287556e6bf676a12535
-
-PKG_MAINTAINER:=Marcel Denia <naoir@gmx.net>
-PKG_LICENSE:=Sleepycat
-PKG_LICENSE_FILES:=LICENSE
-
-PKG_BUILD_DEPENDS:=libxml2
-PKG_FIXUP:=autoreconf
-PKG_LIBTOOL_PATHS:=. build_unix
-PKG_BUILD_PARALLEL:=1
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/libdb47
- SECTION:=libs
- CATEGORY:=Libraries
- TITLE:=Berkeley DB library (4.7)
- URL:=http://www.oracle.com/us/products/database/berkeley-db
- PROVIDES:=libdb47-full
-endef
-
-define Package/libdb47/description
- Berkeley DB library (4.7).
-endef
-
-define Package/libdb47xx
- SECTION:=libs
- CATEGORY:=Libraries
- DEPENDS:=+libdb47 +libstdcpp
- TITLE:=Berkeley DB library (4.7) for C++
- URL:=http://www.oracle.com/us/products/database/berkeley-db
- PROVIDES:=libdb47xx-full
-endef
-
-define Package/libdb47xx/description
- Berkeley DB library (4.7). C++ wrapper.
-endef
-
-CONFIGURE_PATH = build_unix
-CONFIGURE_CMD = ../dist/configure
-
-CONFIGURE_ARGS += \
- --enable-shared \
- --enable-static \
- --disable-java \
- --with-mutex=POSIX/pthreads/library \
- --disable-tcl \
- --disable-rpc \
- --enable-compat185 \
- --disable-debug \
- $(if $(CONFIG_PACKAGE_libdb47xx),--enable-cxx,--disable-cxx)
-
-TARGET_CFLAGS += $(FPIC)
-
-define Build/Compile
- +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/build_unix \
- DESTDIR="$(PKG_INSTALL_DIR)" all
- $(MAKE) -C $(PKG_BUILD_DIR)/build_unix \
- DESTDIR="$(PKG_INSTALL_DIR)" install
-endef
-
-define Package/libdb47/install
- $(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libdb-*.so $(1)/usr/lib/
-endef
-
-define Package/libdb47xx/install
- $(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libdb_cxx-*.so $(1)/usr/lib/
-endef
-
-define Build/InstallDev
- $(INSTALL_DIR) $(1)/usr/include
- $(CP) $(PKG_INSTALL_DIR)/usr/include/db.h $(1)/usr/include/
- $(CP) $(PKG_INSTALL_DIR)/usr/include/db_cxx.h $(1)/usr/include/
- $(INSTALL_DIR) $(1)/usr/lib/
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libdb*.{a,so} $(1)/usr/lib
-endef
-
-$(eval $(call BuildPackage,libdb47))
-$(eval $(call BuildPackage,libdb47xx))
+++ /dev/null
---- a/sequence/sequence.c
-+++ b/sequence/sequence.c
-@@ -187,7 +187,11 @@ __seq_open_pp(seq, txn, keyp, flags)
- if ((ret = __db_get_flags(dbp, &tflags)) != 0)
- goto err;
-
-- if (DB_IS_READONLY(dbp)) {
-+ /*
-+ * We can let replication clients open sequences, but must
-+ * check later that they do not update them.
-+ */
-+ if (F_ISSET(dbp, DB_AM_RDONLY)) {
- ret = __db_rdonly(dbp->env, "DB_SEQUENCE->open");
- goto err;
- }
-@@ -244,6 +248,11 @@ retry: if ((ret = __db_get(dbp, ip,
- if ((ret != DB_NOTFOUND && ret != DB_KEYEMPTY) ||
- !LF_ISSET(DB_CREATE))
- goto err;
-+ if (IS_REP_CLIENT(env) &&
-+ !F_ISSET(dbp, DB_AM_NOT_DURABLE)) {
-+ ret = __db_rdonly(env, "DB_SEQUENCE->open");
-+ goto err;
-+ }
- ret = 0;
-
- rp = &seq->seq_record;
-@@ -296,7 +305,12 @@ retry: if ((ret = __db_get(dbp, ip,
- */
- rp = seq->seq_data.data;
- if (rp->seq_version == DB_SEQUENCE_OLDVER) {
--oldver: rp->seq_version = DB_SEQUENCE_VERSION;
-+oldver: if (IS_REP_CLIENT(env) &&
-+ !F_ISSET(dbp, DB_AM_NOT_DURABLE)) {
-+ ret = __db_rdonly(env, "DB_SEQUENCE->open");
-+ goto err;
-+ }
-+ rp->seq_version = DB_SEQUENCE_VERSION;
- if (!F_ISSET(env, ENV_LITTLEENDIAN)) {
- if (IS_DB_AUTO_COMMIT(dbp, txn)) {
- if ((ret =
-@@ -707,6 +721,13 @@ __seq_get(seq, txn, delta, retp, flags)
-
- MUTEX_LOCK(env, seq->mtx_seq);
-
-+ if (handle_check && IS_REP_CLIENT(env) &&
-+ !F_ISSET(dbp, DB_AM_NOT_DURABLE)) {
-+ ret = __db_rdonly(env, "DB_SEQUENCE->get");
-+ goto err;
-+ }
-+
-+
- if (rp->seq_min + delta > rp->seq_max) {
- __db_errx(env, "Sequence overflow");
- ret = EINVAL;
+++ /dev/null
---- a/lock/lock.c
-+++ b/lock/lock.c
-@@ -1274,10 +1274,12 @@ __lock_put_internal(lt, lockp, obj_ndx,
- SH_TAILQ_REMOVE(
- <->obj_tab[obj_ndx], sh_obj, links, __db_lockobj);
- if (sh_obj->lockobj.size > sizeof(sh_obj->objdata)) {
-- LOCK_REGION_LOCK(env);
-+ if (region->part_t_size != 1)
-+ LOCK_REGION_LOCK(env);
- __env_alloc_free(<->reginfo,
- SH_DBT_PTR(&sh_obj->lockobj));
-- LOCK_REGION_UNLOCK(env);
-+ if (region->part_t_size != 1)
-+ LOCK_REGION_UNLOCK(env);
- }
- SH_TAILQ_INSERT_HEAD(
- &FREE_OBJS(lt, part_id), sh_obj, links, __db_lockobj);
-@@ -1467,15 +1469,21 @@ retry: SH_TAILQ_FOREACH(sh_obj, <->obj
- if (obj->size <= sizeof(sh_obj->objdata))
- p = sh_obj->objdata;
- else {
-- LOCK_REGION_LOCK(env);
-+ /*
-+ * If we have only one partition, the region is locked.
-+ */
-+ if (region->part_t_size != 1)
-+ LOCK_REGION_LOCK(env);
- if ((ret =
- __env_alloc(<->reginfo, obj->size, &p)) != 0) {
- __db_errx(env,
- "No space for lock object storage");
-- LOCK_REGION_UNLOCK(env);
-+ if (region->part_t_size != 1)
-+ LOCK_REGION_UNLOCK(env);
- goto err;
- }
-- LOCK_REGION_UNLOCK(env);
-+ if (region->part_t_size != 1)
-+ LOCK_REGION_UNLOCK(env);
- }
-
- memcpy(p, obj->data, obj->size);
+++ /dev/null
---- a/lock/lock_deadlock.c
-+++ b/lock/lock_deadlock.c
-@@ -121,7 +121,7 @@ __lock_detect(env, atype, rejectp)
- DB_LOCKTAB *lt;
- db_timespec now;
- locker_info *idmap;
-- u_int32_t *bitmap, *copymap, **deadp, **free_me, *tmpmap;
-+ u_int32_t *bitmap, *copymap, **deadp, **deadlist, *tmpmap;
- u_int32_t i, cid, keeper, killid, limit, nalloc, nlockers;
- u_int32_t lock_max, txn_max;
- int ret, status;
-@@ -133,7 +133,8 @@ __lock_detect(env, atype, rejectp)
- if (IS_REP_CLIENT(env))
- atype = DB_LOCK_MINWRITE;
-
-- free_me = NULL;
-+ copymap = tmpmap = NULL;
-+ deadlist = NULL;
-
- lt = env->lk_handle;
- if (rejectp != NULL)
-@@ -179,11 +180,11 @@ __lock_detect(env, atype, rejectp)
- memcpy(copymap, bitmap, nlockers * sizeof(u_int32_t) * nalloc);
-
- if ((ret = __os_calloc(env, sizeof(u_int32_t), nalloc, &tmpmap)) != 0)
-- goto err1;
-+ goto err;
-
- /* Find a deadlock. */
- if ((ret =
-- __dd_find(env, bitmap, idmap, nlockers, nalloc, &deadp)) != 0)
-+ __dd_find(env, bitmap, idmap, nlockers, nalloc, &deadlist)) != 0)
- return (ret);
-
- /*
-@@ -204,8 +205,7 @@ __lock_detect(env, atype, rejectp)
- txn_max = TXN_MAXIMUM;
-
- killid = BAD_KILLID;
-- free_me = deadp;
-- for (; *deadp != NULL; deadp++) {
-+ for (deadp = deadlist; *deadp != NULL; deadp++) {
- if (rejectp != NULL)
- ++*rejectp;
- killid = (u_int32_t)(*deadp - bitmap) / nalloc;
-@@ -342,11 +342,12 @@ dokill: if (killid == BAD_KILLID) {
- __db_msg(env,
- "Aborting locker %lx", (u_long)idmap[killid].id);
- }
-- __os_free(env, tmpmap);
--err1: __os_free(env, copymap);
--
--err: if (free_me != NULL)
-- __os_free(env, free_me);
-+err: if(copymap != NULL)
-+ __os_free(env, copymap);
-+ if (deadlist != NULL)
-+ __os_free(env, deadlist);
-+ if(tmpmap != NULL)
-+ __os_free(env, tmpmap);
- __os_free(env, bitmap);
- __os_free(env, idmap);
-
-@@ -360,6 +361,17 @@ err: if (free_me != NULL)
-
- #define DD_INVALID_ID ((u_int32_t) -1)
-
-+/*
-+ * __dd_build --
-+ * Build the lock dependency bit maps.
-+ * Notes on synchronization:
-+ * LOCK_SYSTEM_LOCK is used to hold objects locked when we have
-+ * a single partition.
-+ * LOCK_LOCKERS is held while we are walking the lockers list and
-+ * to single thread the use of lockerp->dd_id.
-+ * LOCK_DD protects the DD list of objects.
-+ */
-+
- static int
- __dd_build(env, atype, bmp, nlockers, allocp, idmap, rejectp)
- ENV *env;
-@@ -393,6 +405,7 @@ __dd_build(env, atype, bmp, nlockers, al
- * In particular we do not build the conflict array and our caller
- * needs to expect this.
- */
-+ LOCK_SYSTEM_LOCK(lt, region);
- if (atype == DB_LOCK_EXPIRE) {
- skip: LOCK_DD(env, region);
- op = SH_TAILQ_FIRST(®ion->dd_objs, __db_lockobj);
-@@ -430,17 +443,18 @@ skip: LOCK_DD(env, region);
- OBJECT_UNLOCK(lt, region, indx);
- }
- UNLOCK_DD(env, region);
-+ LOCK_SYSTEM_UNLOCK(lt, region);
- goto done;
- }
-
- /*
-- * We'll check how many lockers there are, add a few more in for
-- * good measure and then allocate all the structures. Then we'll
-- * verify that we have enough room when we go back in and get the
-- * mutex the second time.
-+ * Allocate after locking the region
-+ * to make sure the structures are large enough.
- */
--retry: count = region->stat.st_nlockers;
-+ LOCK_LOCKERS(env, region);
-+ count = region->stat.st_nlockers;
- if (count == 0) {
-+ UNLOCK_LOCKERS(env, region);
- *nlockers = 0;
- return (0);
- }
-@@ -448,50 +462,37 @@ retry: count = region->stat.st_nlockers;
- if (FLD_ISSET(env->dbenv->verbose, DB_VERB_DEADLOCK))
- __db_msg(env, "%lu lockers", (u_long)count);
-
-- count += 20;
- nentries = (u_int32_t)DB_ALIGN(count, 32) / 32;
-
-- /*
-- * Allocate enough space for a count by count bitmap matrix.
-- *
-- * XXX
-- * We can probably save the malloc's between iterations just
-- * reallocing if necessary because count grew by too much.
-- */
-+ /* Allocate enough space for a count by count bitmap matrix. */
- if ((ret = __os_calloc(env, (size_t)count,
-- sizeof(u_int32_t) * nentries, &bitmap)) != 0)
-+ sizeof(u_int32_t) * nentries, &bitmap)) != 0) {
-+ UNLOCK_LOCKERS(env, region);
- return (ret);
-+ }
-
- if ((ret = __os_calloc(env,
- sizeof(u_int32_t), nentries, &tmpmap)) != 0) {
-+ UNLOCK_LOCKERS(env, region);
- __os_free(env, bitmap);
- return (ret);
- }
-
- if ((ret = __os_calloc(env,
- (size_t)count, sizeof(locker_info), &id_array)) != 0) {
-+ UNLOCK_LOCKERS(env, region);
- __os_free(env, bitmap);
- __os_free(env, tmpmap);
- return (ret);
- }
-
- /*
-- * Now go back in and actually fill in the matrix.
-- */
-- if (region->stat.st_nlockers > count) {
-- __os_free(env, bitmap);
-- __os_free(env, tmpmap);
-- __os_free(env, id_array);
-- goto retry;
-- }
--
-- /*
- * First we go through and assign each locker a deadlock detector id.
- */
- id = 0;
-- LOCK_LOCKERS(env, region);
- SH_TAILQ_FOREACH(lip, ®ion->lockers, ulinks, __db_locker) {
- if (lip->master_locker == INVALID_ROFF) {
-+ DB_ASSERT(env, id < count);
- lip->dd_id = id++;
- id_array[lip->dd_id].id = lip->id;
- switch (atype) {
-@@ -510,7 +511,6 @@ retry: count = region->stat.st_nlockers;
- lip->dd_id = DD_INVALID_ID;
-
- }
-- UNLOCK_LOCKERS(env, region);
-
- /*
- * We only need consider objects that have waiters, so we use
-@@ -669,7 +669,6 @@ again: memset(bitmap, 0, count * sizeof
- * status after building the bit maps so that we will not detect
- * a blocked transaction without noting that it is already aborting.
- */
-- LOCK_LOCKERS(env, region);
- for (id = 0; id < count; id++) {
- if (!id_array[id].valid)
- continue;
-@@ -738,6 +737,7 @@ get_lock: id_array[id].last_lock = R_OF
- id_array[id].in_abort = 1;
- }
- UNLOCK_LOCKERS(env, region);
-+ LOCK_SYSTEM_UNLOCK(lt, region);
-
- /*
- * Now we can release everything except the bitmap matrix that we
-@@ -839,6 +839,7 @@ __dd_abort(env, info, statusp)
- ret = 0;
-
- /* We must lock so this locker cannot go away while we abort it. */
-+ LOCK_SYSTEM_LOCK(lt, region);
- LOCK_LOCKERS(env, region);
-
- /*
-@@ -895,6 +896,7 @@ __dd_abort(env, info, statusp)
- done: OBJECT_UNLOCK(lt, region, info->last_ndx);
- err:
- out: UNLOCK_LOCKERS(env, region);
-+ LOCK_SYSTEM_UNLOCK(lt, region);
- return (ret);
- }
-
+++ /dev/null
---- a/dbinc/repmgr.h
-+++ b/dbinc/repmgr.h
-@@ -374,6 +374,7 @@ typedef struct {
- #define SITE_FROM_EID(eid) (&db_rep->sites[eid])
- #define EID_FROM_SITE(s) ((int)((s) - (&db_rep->sites[0])))
- #define IS_VALID_EID(e) ((e) >= 0)
-+#define IS_KNOWN_REMOTE_SITE(e) ((e) >= 0 && ((u_int)(e)) < db_rep->site_cnt)
- #define SELF_EID INT_MAX
-
- #define IS_PEER_POLICY(p) ((p) == DB_REPMGR_ACKS_ALL_PEERS || \
---- a/rep/rep_elect.c
-+++ b/rep/rep_elect.c
-@@ -33,7 +33,7 @@ static int __rep_elect_init
- static int __rep_fire_elected __P((ENV *, REP *, u_int32_t));
- static void __rep_elect_master __P((ENV *, REP *));
- static int __rep_tally __P((ENV *, REP *, int, u_int32_t *, u_int32_t, roff_t));
--static int __rep_wait __P((ENV *, db_timeout_t *, int *, int, u_int32_t));
-+static int __rep_wait __P((ENV *, db_timeout_t *, int, u_int32_t));
-
- /*
- * __rep_elect --
-@@ -55,7 +55,7 @@ __rep_elect(dbenv, given_nsites, nvotes,
- ENV *env;
- LOG *lp;
- REP *rep;
-- int done, eid, elected, full_elect, locked, in_progress, need_req;
-+ int done, elected, full_elect, locked, in_progress, need_req;
- int ret, send_vote, t_ret;
- u_int32_t ack, ctlflags, egen, nsites, orig_tally, priority, realpri;
- u_int32_t tiebreaker;
-@@ -181,8 +181,7 @@ __rep_elect(dbenv, given_nsites, nvotes,
- REP_SYSTEM_UNLOCK(env);
- (void)__rep_send_message(env, DB_EID_BROADCAST,
- REP_MASTER_REQ, NULL, NULL, 0, 0);
-- ret = __rep_wait(env, &to, &eid,
-- 0, REP_F_EPHASE0);
-+ ret = __rep_wait(env, &to, 0, REP_F_EPHASE0);
- REP_SYSTEM_LOCK(env);
- F_CLR(rep, REP_F_EPHASE0);
- switch (ret) {
-@@ -286,11 +285,11 @@ restart:
- REP_SYSTEM_LOCK(env);
- goto vote;
- }
-- ret = __rep_wait(env, &to, &eid, full_elect, REP_F_EPHASE1);
-+ ret = __rep_wait(env, &to, full_elect, REP_F_EPHASE1);
- switch (ret) {
- case 0:
- /* Check if election complete or phase complete. */
-- if (eid != DB_EID_INVALID && !IN_ELECTION(rep)) {
-+ if (!IN_ELECTION(rep)) {
- RPRINT(env, DB_VERB_REP_ELECT,
- (env, "Ended election phase 1"));
- goto edone;
-@@ -398,15 +397,12 @@ phase2:
- REP_SYSTEM_LOCK(env);
- goto i_won;
- }
-- ret = __rep_wait(env, &to, &eid, full_elect, REP_F_EPHASE2);
-+ ret = __rep_wait(env, &to, full_elect, REP_F_EPHASE2);
- RPRINT(env, DB_VERB_REP_ELECT,
- (env, "Ended election phase 2 %d", ret));
- switch (ret) {
- case 0:
-- if (eid != DB_EID_INVALID)
-- goto edone;
-- ret = DB_REP_UNAVAIL;
-- break;
-+ goto edone;
- case DB_REP_EGENCHG:
- if (to > timeout)
- to = timeout;
-@@ -1050,13 +1046,6 @@ __rep_elect_master(env, rep)
- ENV *env;
- REP *rep;
- {
-- /*
-- * We often come through here twice, sometimes even more. We mustn't
-- * let the redundant calls affect stats counting. But rep_elect relies
-- * on this first part for setting eidp.
-- */
-- rep->master_id = rep->eid;
--
- if (F_ISSET(rep, REP_F_MASTERELECT | REP_F_MASTER)) {
- /* We've been through here already; avoid double counting. */
- return;
-@@ -1093,10 +1082,10 @@ __rep_fire_elected(env, rep, egen)
- (timeout > 5000000) ? 500000 : ((timeout >= 10) ? timeout / 10 : 1);
-
- static int
--__rep_wait(env, timeoutp, eidp, full_elect, flags)
-+__rep_wait(env, timeoutp, full_elect, flags)
- ENV *env;
- db_timeout_t *timeoutp;
-- int *eidp, full_elect;
-+ int full_elect;
- u_int32_t flags;
- {
- DB_REP *db_rep;
-@@ -1174,7 +1163,6 @@ __rep_wait(env, timeoutp, eidp, full_ele
- F_CLR(rep, REP_F_EGENUPDATE);
- ret = DB_REP_EGENCHG;
- } else if (phase_over) {
-- *eidp = rep->master_id;
- done = 1;
- ret = 0;
- }
---- a/repmgr/repmgr_net.c
-+++ b/repmgr/repmgr_net.c
-@@ -100,6 +100,8 @@ __repmgr_send(dbenv, control, rec, lsnp,
- control, rec, &nsites_sent, &npeers_sent)) != 0)
- goto out;
- } else {
-+ DB_ASSERT(env, IS_KNOWN_REMOTE_SITE(eid));
-+
- /*
- * If this is a request that can be sent anywhere, then see if
- * we can send it to our peer (to save load on the master), but
+++ /dev/null
---- a/repmgr/repmgr_net.c
-+++ b/repmgr/repmgr_net.c
-@@ -1136,7 +1136,7 @@ __repmgr_listen(env)
- }
-
- ret = net_errno;
-- __db_err(env, ret, why);
-+ __db_err(env, ret, "%s", why);
- clean: if (s != INVALID_SOCKET)
- (void)closesocket(s);
- return (ret);
PKG_NAME:=elektra
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE.md
-PKG_VERSION:=0.9.7
-PKG_RELEASE:=5
+PKG_VERSION:=0.9.14
+PKG_RELEASE:=1
# Use this for official releasees
-PKG_HASH:=12b7b046004db29317b7b937dc794abf719c400ba3115af8d41849127b562681
+PKG_HASH:=e4632bb6baa78f6a68c312469e41fd1ef07406571749e32f2645b1858d01a58d
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://ftp.libelektra.org/ftp/elektra/releases
endef
define CONTENT_ELEKTRA_PLUGINS_TEXT
-base64 conditionals csvstorage date file filecheck glob hexcode
-hexnumber hosts iconv ipaddr keytometa line lineendings list
+base64 blacklist conditionals csvstorage date file filecheck glob hexcode
+hexnumber hosts iconv ipaddr keytometa line lineendings
mathcheck macaddr mini network path profile quickdump
range reference rgbcolor shell syslog type uname unit validation
endef
define Package/libelektra-lua
$(call Package/libelektra/Default)
TITLE:=Elektra lua plugin
- DEPENDS:=+libelektra-core +lua5.3 +libstdcpp
+ DEPENDS:=+libelektra-core +lua5.4 +libstdcpp
endef
define Package/libelektra-lua/description
#$(CP) $(PKG_INSTALL_DIR)/usr/lib/libelektraintercept-* $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libelektra-resolver_fm_pb_b.so $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libelektra-utility.so* $(1)/usr/lib/
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libelektra-cache.so $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libelektra-internalnotification.so $(1)/usr/lib/
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libelektra-mmapstorage.so $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libelektra-ni.so $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libelektra-spec.so $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libelektra-sync.so $(1)/usr/lib/
#include <cstdarg>
+#include <cstdint>
#include <cstring>
- #include <functional>
- #include <locale>
+
+ #if __GNUC__ >= 12
include $(TOPDIR)/rules.mk
PKG_NAME:=expat
-PKG_VERSION:=2.6.2
+PKG_VERSION:=2.6.3
PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=@SF/expat \
- https://github.com/libexpat/libexpat/releases/download/R_$(subst .,_,$(PKG_VERSION))
-PKG_HASH:=ee14b4c5d8908b1bec37ad937607eab183d4d9806a08adee472c3c3121d27364
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://github.com/libexpat/libexpat/releases/download/R_$(subst .,_,$(PKG_VERSION))
+PKG_HASH:=17aa6cfc5c4c219c09287abfc10bc13f0c06f30bb654b28bfe6f567ca646eb79
PKG_MAINTAINER:=Ted Hess <thess@kitschensync.net>
PKG_LICENSE:=MIT
endef
CMAKE_OPTIONS += \
- -DDOCBOOK_TO_MAN=OFF \
-DEXPAT_BUILD_TOOLS=OFF \
-DEXPAT_BUILD_EXAMPLES=OFF \
-DEXPAT_BUILD_TESTS=OFF \
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=$(PKG_VERSION)
PKG_SOURCE_URL:=https://github.com/knik0/faad2
-PKG_MIRROR_HASH:=3bedd29eb3a55a052158bb27f68c69177ebacb93c6a0643c0aac6303512eeb15
+PKG_MIRROR_HASH:=8dfc89b418293a91c0fc0d11013205449669ce973f5e951500c1e11e3ac61970
PKG_MAINTAINER:=Ted Hess <thess@kitschensync.net>
PKG_LICENSE:=GPL-2.0-or-later
include $(TOPDIR)/rules.mk
PKG_NAME:=freetype
-PKG_VERSION:=2.13.2
+PKG_VERSION:=2.13.3
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@SF/freetype
-PKG_HASH:=12991c4e55c506dd7f9b765933e62fd2be2e06d421505d7950a132e4f1bb484d
+PKG_HASH:=0550350666d427c74daeb85d5ac7bb353acba5f76956395995311a9c6f063289
PKG_MAINTAINER:=Val Kulkov <val.kulkov@gmail.com>
PKG_LICENSE:=FTL GPL-2.0-only MIT ZLIB GPL-3.0-or-later
include $(TOPDIR)/rules.mk
PKG_NAME:=gdbm
-PKG_VERSION:=1.21
-PKG_RELEASE:=2
+PKG_VERSION:=1.23
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@GNU/gdbm
-PKG_HASH:=b0b7dbdefd798de7ddccdd8edf6693a30494f7789777838042991ef107339cc2
+PKG_HASH:=74b1081d21fff13ae4bd7c16e5d6e504a4c26f7cde1dca0d963a484174bbcacd
PKG_MAINTAINER:=Marcel Denia <naoir@gmx.net>
PKG_LICENSE:=GPL-3.0-or-later
PKG_LICENSE_FILES:=COPYING
-PKG_INSTALL:=2
+PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=0
include $(INCLUDE_DIR)/package.mk
BINOWN=`id -u` \
BINGRP=`id -g` \
DESTDIR="$(PKG_INSTALL_DIR)" \
+ SUBDIRS=src \
all install
endef
include $(TOPDIR)/rules.mk
PKG_NAME:=glib2
-PKG_VERSION:=2.74.7
-PKG_RELEASE:=3
+PKG_VERSION:=2.82.0
+PKG_RELEASE:=1
PKG_SOURCE:=glib-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@GNOME/glib/$(basename $(PKG_VERSION))
-PKG_HASH:=196ab86c27127a61b7a70c3ba6af7b97bdc01c07cd3b21abd5e778b955eccb1b
+PKG_HASH:=f4c82ada51366bddace49d7ba54b33b4e4d6067afa3008e4847f41cb9b5c38d3
PKG_MAINTAINER:=Peter Wagner <tripolar@gmx.at>
PKG_LICENSE:=LGPL-2.1-or-later
# default feature=auto see meson_options.txt
COMP_ARGS+=-Dselinux=disabled
-
-# default boolean=false see meson_options.txt
-COMP_ARGS+=-Dforce_posix_threads=true
-
# default boolean=true see meson_options.txt
COMP_ARGS+=-Dglib_assert=false
# default boolean=true see meson_options.txt
COMP_ARGS+=-Dtests=false
+# default feature=auto see meson_options.txt
+COMP_ARGS+=-Dintrospection=disabled
+
+# set runtime dir to /var/run
+COMP_ARGS+=-Druntime_dir=/var/run
-MESON_HOST_ARGS += $(COMP_ARGS) -Dxattr=false -Ddefault_library=static -Dnls=disabled -Dforce_fallback_for=libpcre2-8
-MESON_ARGS += $(COMP_ARGS) -Dxattr=true -Db_lto=true -Ddefault_library=both -Dnls=$(if $(CONFIG_BUILD_NLS),en,dis)abled
+MESON_HOST_ARGS += $(COMP_ARGS) -Dxattr=false -Dnls=disabled
+MESON_ARGS += $(COMP_ARGS) -Dxattr=true -Db_lto=true -Dnls=$(if $(CONFIG_BUILD_NLS),en,dis)abled
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/bin
--- a/glib/valgrind.h
+++ b/glib/valgrind.h
-@@ -158,7 +158,7 @@
+@@ -159,7 +159,7 @@
# define PLAT_s390x_linux 1
#elif defined(__linux__) && defined(__mips__) && (__mips==64)
# define PLAT_mips64_linux 1
--- a/meson.build
+++ b/meson.build
-@@ -1062,7 +1062,7 @@ if host_system == 'windows' and (cc.get_
+@@ -1189,7 +1189,7 @@ if host_system == 'windows' and (cc.get_
glib_conf.set('HAVE_C99_SNPRINTF', false)
glib_conf.set('HAVE_C99_VSNPRINTF', false)
glib_conf.set('HAVE_UNIX98_PRINTF', false)
+++ /dev/null
---- a/glib/meson.build
-+++ b/glib/meson.build
-@@ -366,6 +366,7 @@ pcre2_static_args = []
-
- if use_pcre2_static_flag
- pcre2_static_args = ['-DPCRE2_STATIC']
-+ pcre2 = pcre2.as_link_whole()
- endif
-
- glib_c_args = ['-DG_LOG_DOMAIN="GLib"', '-DGLIB_COMPILATION'] + pcre2_static_args + glib_hidden_visibility_args
+++ /dev/null
-From ebcc3c01db27b79af38b42c3c52a79d0225f744c Mon Sep 17 00:00:00 2001
-From: Seungha Yang <seungha@centricular.com>
-Date: Sun, 14 Aug 2022 04:56:20 +0900
-Subject: [PATCH] glib-mkenums: Specify output encoding as UTF-8 explicitly for
- non-English locale
-
-Fixup regression introduced by
-https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2797
----
- gobject/glib-mkenums.in | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/gobject/glib-mkenums.in
-+++ b/gobject/glib-mkenums.in
-@@ -22,6 +22,9 @@ import locale
- # Non-english locale systems might complain to unrecognized character
- sys.stdout = io.TextIOWrapper(sys.stdout.detach(), encoding='utf-8')
-
-+# Non-english locale systems might complain to unrecognized character
-+sys.stdout = io.TextIOWrapper(sys.stdout.detach(), encoding='utf-8')
-+
- VERSION_STR = '''glib-mkenums version @VERSION@
- glib-mkenums comes with ABSOLUTELY NO WARRANTY.
- You may redistribute copies of glib-mkenums under the terms of
PKG_NAME:=gost_engine
PKG_VERSION:=3.0.3
-PKG_RELEASE:=10
+PKG_RELEASE:=11
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
CMAKE_OPTIONS += -DOPENSSL_ENGINES_DIR=/usr/lib/$(ENGINES_DIR)
define Package/libopenssl-gost_engine/install
- $(INSTALL_DIR) $(1)/usr/lib $(1)/usr/lib/$(ENGINES_DIR) $(1)/etc/ssl/engines.cnf.d
+ $(INSTALL_DIR) $(1)/usr/lib $(1)/usr/lib/$(ENGINES_DIR) $(1)/etc/ssl/modules.cnf.d
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libgost.so \
$(1)/usr/lib/
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/gost.so \
$(1)/usr/lib/$(ENGINES_DIR)/
- $(INSTALL_DATA) ./files/gost.cnf $(1)/etc/ssl/engines.cnf.d/
+ $(INSTALL_DATA) ./files/gost.cnf $(1)/etc/ssl/modules.cnf.d/
endef
define Package/gost_engine-util/install
--- /dev/null
+#!/bin/sh
+# shellcheck disable=SC2059
+
+run_md_test () {
+ [ $# -ge 3 ] || {
+ echo "Error: insufficient args to run_md_test()" >&2
+ exit 1
+ }
+ DGST="$1"; shift
+ INP="$1"; shift
+ EXP="$1"; shift
+ printf "Testing digest %s: " "$DGST" >&2
+ OUT="$(printf "$INP" | openssl dgst -"$DGST" "$@")" || exit 1
+ [ -z "${OUT%%*"$EXP"}" ] || {
+ printf "Failure: expected: '%s', got '%s'\n" "$EXP" "$OUT" >&2
+ exit 1
+ }
+ echo OK >&2 || true
+}
+
+run_cipher_test() {
+ [ $# -ge 5 ] || {
+ echo "Error: insufficient args to run_cipher_test()" >&2
+ exit 1
+ }
+ ALG="$1"; shift
+ KEY="$1"; shift
+ IV="$1"; shift
+ CLEAR_TEXT="$1"; shift
+ CIPHER_TEXT="$1"; shift
+ printf "Testing %s encryption: " "$ALG" >&2
+ OUT="$(printf "$CLEAR_TEXT" | openssl enc -e -"$ALG" -K "$KEY" -iv "$IV" "$@" -a -A)" || exit 1
+ [ -z "${OUT%"$CIPHER_TEXT"}" ] || {
+ printf "Encryption failure: expected: '%s', got '%s'\n" "$CIPHER_TEXT" "$OUT" >&2
+ exit 1
+ }
+ echo OK >&2
+ printf "Testing %s decryption: " "$ALG" >&2
+ OUT="$(printf "$CIPHER_TEXT" | openssl enc -d -"$ALG" -K "$KEY" -iv "$IV" "$@" -a -A)" || exit 1
+ [ -z "${OUT%"$(printf "$CLEAR_TEXT")"}" ] || {
+ echo "Decryption failure!" >&2
+ echo "----------- expected hexdump -------------" >&2
+ printf "$CLEAR_TEXT" | hexdump -C
+ echo "------------ result hexdump --------------" >&2
+ echo "$OUT" | hexdump -C >&2
+ exit 1
+ }
+ echo OK >&2 || true
+}
+
+case "$1" in
+ libopenssl-gost_engine)
+ opkg install openssl-util
+ run_md_test \
+ md_gost12_256 \
+ 012345678901234567890123456789012345678901234567890123456789012 \
+ 9d151eefd8590b89daa6ba6cb74af9275dd051026bb149a452fd84e5e57b5500
+ export CRYPT_PARAMS="1.2.643.2.2.31.1"
+ run_cipher_test \
+ gost89 \
+ 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF \
+ 0000000000000000 \
+ "The quick brown fox jumps over the lazy dog\n" \
+ "B/QQLGGFxKCeZ24mm/pLycXfZXWRa4eb0TqJOiKF7maQEHze73oxXS61S/o="
+ ;;
+ gost_engine-util)
+ printf "Testing gost12sum: "
+ EXP=9d151eefd8590b89daa6ba6cb74af9275dd051026bb149a452fd84e5e57b5500
+ OUT=$(printf 012345678901234567890123456789012345678901234567890123456789012 | gost12sum)
+ [ -z "${OUT##"$EXP"*}" ] || {
+ printf "Failure: expected: '%s', got '%s'\n" "$EXP" "$OUT" >&2
+ exit 1
+ }
+ echo OK >&2 || true
+ ;;
+ *)
+ echo "Unexpected package '$1'" >&2
+ exit 1
+ ;;
+esac
include $(TOPDIR)/rules.mk
PKG_NAME:=inih
-PKG_VERSION:=r58
+PKG_VERSION:=58
PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://codeload.github.com/benhoyt/inih/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=e79216260d5dffe809bda840be48ab0eec7737b2bb9f02d2275c1b46344ea7b7
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/benhoyt/inih
+PKG_SOURCE_VERSION:=r$(PKG_VERSION)
+PKG_MIRROR_HASH:=3dcf4cfd05e5cb0228a19896635fac40d7752c4eac05578c6aaf696d387eaeb7
PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
PKG_LICENSE:=BSD-3-Clause
PKG_NAME:=keyutils
PKG_VERSION:=1.6.3
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/snapshot/
endef
MAKE_FLAGS += \
- BINDIR=/usr/bin \
+ BINDIR=/bin \
LIBDIR=/usr/lib \
- SBINDIR=/usr/sbin \
+ SBINDIR=/sbin \
CFLAGS="$(TARGET_CFLAGS) $(FPIC)"
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
+
$(INSTALL_DIR) $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libkeyutils.a $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libkeyutils.so.$(ABI_VERSION)* $(1)/usr/lib/
endef
define Package/keyutils/install
- $(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/keyutils $(1)/etc/request-key.d
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/request-key $(1)/usr/sbin/
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/key.dns_resolver $(1)/usr/sbin/
+ $(INSTALL_DIR) $(1)/sbin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/sbin/request-key $(1)/sbin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/sbin/key.dns_resolver $(1)/sbin/
+
+ $(INSTALL_DIR) $(1)/etc/keyutils $(1)/etc/request-key.d
$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/request-key.conf $(1)/etc/
endef
define Package/keyctl/install
- $(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/keyctl $(1)/usr/bin
+ $(INSTALL_DIR) $(1)/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/bin/keyctl $(1)/bin
endef
$(eval $(call BuildPackage,libkeyutils))
include $(TOPDIR)/rules.mk
PKG_NAME:=libarchive
-PKG_VERSION:=3.7.3
+PKG_VERSION:=3.7.4
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://www.libarchive.org/downloads
-PKG_HASH:=63e7a7174638fc7d6b79b4c8b0ad954e0f4f45abe7239c1ecb200232aa9a43d2
+PKG_HASH:=f887755c434a736a609cbd28d87ddbfbe9d6a3bb5b703c22c02f6af80a802735
PKG_MAINTAINER:=Johannes Morgenroth <morgenroth@ibr.cs.tu-bs.de>
PKG_LICENSE:=BSD-2-Clause
-DENABLE_ZSTD=OFF \
-DENABLE_LIBXML2=OFF \
-DENABLE_PCREPOSIX=OFF \
+ -DENABLE_PCRE2POSIX=OFF \
-DENABLE_LibGCC=OFF \
-DENABLE_CNG=OFF \
\
PKG_SOURCE_URL:=https://codeload.github.com/PJK/libcbor/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=89e0a83d16993ce50651a7501355453f5250e8729dfc8d4a251a78ea23bb26d7
-PKG_LICENSE:=GPL-3.0-or-later
+PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=COPYING
PKG_MAINTAINER:=Linos Giannopoulos <linosgian00+openwrt@gmail.com>
include $(TOPDIR)/rules.mk
PKG_NAME:=libdaq3
-PKG_VERSION:=3.0.14
+PKG_VERSION:=3.0.15
PKG_RELEASE:=1
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
PKG_SOURCE:=libdaq-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/snort3/libdaq/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=521364d69f8b764281ce39924d2e4c4c43348c7679768c41246adea9c7a31cc3
+PKG_HASH:=174c639d59f7bda84d71bda50257febbb2646138aa7bbf948bb4d4a8be60f2d8
PKG_BUILD_DIR:=$(BUILD_DIR)/libdaq-$(PKG_VERSION)
PKG_FIXUP:=autoreconf
include $(TOPDIR)/rules.mk
+VERSION:=3.1
+RELEASE_DATE:=20240808
+
PKG_NAME:=libedit
-PKG_VERSION:=20240517-3.1
+PKG_VERSION:=$(RELEASE_DATE).$(VERSION)
PKG_RELEASE:=1
PKG_MAINTAINER:=Daniel Salzman <daniel.salzman@nic.cz>
PKG_LICENSE:=BSD-3-Clause
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://thrysoee.dk/editline/
-PKG_HASH:=3a489097bb4115495f3bd85ae782852b7097c556d9500088d74b6fa38dbd12ff
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(RELEASE_DATE)-$(VERSION)
+PKG_SOURCE:=$(PKG_NAME)-$(RELEASE_DATE)-$(VERSION).tar.gz
+PKG_SOURCE_URL:=https://thrysoee.dk/editline/
+PKG_HASH:=5f0573349d77c4a48967191cdd6634dd7aa5f6398c6a57fe037cc02696d6099f
PKG_INSTALL:=1
PKG_HASH:=3601792e320032d428002c4cce8499a4c7b803319051a25a0c9f1f138ffee45a
PKG_MAINTAINER:=Linos Giannopoulos <linosgian00+openwrt@gmail.com>
-PKG_LICENSE:=GPL-3.0-or-later
+PKG_LICENSE:=BSD-2-Clause
PKG_LICENSE_FILES:=COPYING
PKG_FORTIFY_SOURCE:=0
include $(TOPDIR)/rules.mk
PKG_NAME:=libfmt
-PKG_VERSION:=10.2.1
-PKG_RELEASE:=2
+PKG_VERSION:=11.0.2
+PKG_RELEASE:=1
PKG_SOURCE_NAME:=fmt
PKG_SOURCE:=$(PKG_SOURCE_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/fmtlib/$(PKG_SOURCE_NAME)/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=1250e4cc58bf06ee631567523f48848dc4596133e163f02615c97f78bab6c811
+PKG_HASH:=6cb1e6d37bdcb756dbbe59be438790db409cdb4868c66e888d5df9f13f7c027f
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_SOURCE_NAME)-$(PKG_VERSION)
PKG_MAINTAINER:=Othmar Truniger <github@truniger.ch>
+++ /dev/null
-From 44c3fe1ebb466ab5c296e1a1a6991c7c7b51b72e Mon Sep 17 00:00:00 2001
-From: Victor Zverovich <viz@meta.com>
-Date: Fri, 9 Feb 2024 15:58:56 -0800
-Subject: [PATCH] Fix handling of static separator
-
----
- include/fmt/format-inl.h | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
---- a/include/fmt/format-inl.h
-+++ b/include/fmt/format-inl.h
-@@ -114,7 +114,11 @@ template <typename Char> FMT_FUNC Char d
-
- FMT_FUNC auto write_loc(appender out, loc_value value,
- const format_specs<>& specs, locale_ref loc) -> bool {
--#ifndef FMT_STATIC_THOUSANDS_SEPARATOR
-+#ifdef FMT_STATIC_THOUSANDS_SEPARATOR
-+ value.visit(loc_writer<>{
-+ out, specs, std::string(1, FMT_STATIC_THOUSANDS_SEPARATOR), "\3", "."});
-+ return true;
-+#else
- auto locale = loc.get<std::locale>();
- // We cannot use the num_put<char> facet because it may produce output in
- // a wrong encoding.
-@@ -123,7 +127,6 @@ FMT_FUNC auto write_loc(appender out, lo
- return std::use_facet<facet>(locale).put(out, value, specs);
- return facet(locale).put(out, value, specs);
- #endif
-- return false;
- }
- } // namespace detail
-
include $(TOPDIR)/rules.mk
PKG_NAME:=libgpg-error
-PKG_VERSION:=1.47
+PKG_VERSION:=1.49
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://mirrors.dotsrc.org/gcrypt/libgpg-error \
http://ring.ksc.gr.jp/archives/net/gnupg/libgpg-error \
https://www.gnupg.org/ftp/gcrypt/libgpg-error
-PKG_HASH:=9e3c670966b96ecc746c28c2c419541e3bcb787d1a73930f5e5f5e1bcbbb9bdb
+PKG_HASH:=8b79d54639dbf4abc08b5406fb2f37e669a2dec091dd024fb87dd367131c63a9
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
PKG_LICENSE:=LGPL-2.1-or-later
include $(TOPDIR)/rules.mk
PKG_NAME:=libgpiod
-PKG_VERSION:=1.6.4
+PKG_VERSION:=2.1.3
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@KERNEL/software/libs/libgpiod/
-PKG_HASH:=7b146e12f28fbca3df7557f176eb778c5ccf952ca464698dba8a61b2e1e3f9b5
+PKG_HASH:=2be4c0b03e995d236c0e476e14aeb475d7b431dd1439609b6d65c540f91eaf58
PKG_MAINTAINER:=Michael Heimpold <mhei@heimpold.de>
PKG_LICENSE:=LGPL-2.1-or-later
include $(INCLUDE_DIR)/package.mk
include ../../lang/python/python3-package.mk
+ifneq ($(CONFIG_PACKAGE_libgpiodcxx),)
+CONFIGURE_ARGS += --enable-bindings-cxx
+else
+CONFIGURE_ARGS += --disable-bindings-cxx
+endif
+
ifneq ($(CONFIG_PACKAGE_gpiod-tools),)
CONFIGURE_ARGS += --enable-tools
endif
-ifneq ($(CONFIG_PACKAGE_python3-gpiod),)
-CONFIGURE_ARGS += --enable-bindings-python
-CONFIGURE_VARS += \
- PYTHON="$(STAGING_DIR_HOSTPKG)/bin/$(PYTHON3)" \
- PYTHON_CPPFLAGS="$(shell $(STAGING_DIR)/host/bin/$(PYTHON3)-config --includes)" \
- PYTHON_LIBS="$(shell $(STAGING_DIR)/host/bin/$(PYTHON3)-config --libs)"
-endif
+PYTHON3_PKG_WHEEL_NAME:=gpiod
+PYTHON3_PKG_WHEEL_VERSION:=2.0.1
+
+PYTHON3_PKG_SETUP_DIR:=bindings/python
+PYTHON3_PKG_SETUP_VARS += LINK_SYSTEM_LIBGPIOD=1
+
+TARGET_CPPFLAGS += -I$(PKG_BUILD_DIR)/include
+TARGET_LDFLAGS += -L$(PKG_BUILD_DIR)/lib/.libs
define Package/libgpiod
SECTION:=libs
URL:=https://git.kernel.org/pub/scm/libs/libgpiod/libgpiod.git
TITLE:=Library for interacting with Linux's GPIO character device
KCONFIG:= \
- CONFIG_GPIO_CDEV=y \
- CONFIG_GPIO_CDEV_V1=y
+ CONFIG_GPIO_CDEV=y
DEPENDS:=@GPIO_SUPPORT
endef
(gpiod stands for GPIO device).
endef
+define Package/libgpiodcxx
+ SECTION:=libs
+ CATEGORY:=Libraries
+ URL:=https://git.kernel.org/pub/scm/libs/libgpiod/libgpiod.git
+ TITLE:=C++ binding for libgpiod
+ DEPENDS:=+libstdcpp +libgpiod
+endef
+
+define Package/libgpiodcxx/description
+ This package contains the C++ binding for libgpiod.
+endef
+
define Package/python3-gpiod
SECTION:=lang
CATEGORY:=Languages
This package contains the Python bindings for libgpiod.
endef
+define Build/Configure
+ $(call Build/Configure/Default)
+ ifneq ($(CONFIG_PACKAGE_python3-gpiod),)
+ $(call Py3Build/Configure)
+ endif
+endef
+
+define Build/Compile
+ $(call Build/Compile/Default)
+ ifneq ($(CONFIG_PACKAGE_python3-gpiod),)
+ $(call Py3Build/Compile)
+ endif
+endef
+
+define Build/Install
+ $(call Build/Install/Default)
+ ifneq ($(CONFIG_PACKAGE_python3-gpiod),)
+ $(call Py3Build/Install/Default)
+ endif
+endef
+
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/gpiod.h $(1)/usr/include/
$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libgpiod.pc $(1)/usr/lib/pkgconfig/
+
+ ifneq ($(CONFIG_PACKAGE_libgpiodcxx),)
+ $(CP) $(PKG_INSTALL_DIR)/usr/include/gpiodcxx $(1)/usr/include/
+ $(CP) $(PKG_INSTALL_DIR)/usr/include/gpiod.hpp $(1)/usr/include/
+
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgpiodcxx.{so*,a} $(1)/usr/lib/
+
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libgpiodcxx.pc $(1)/usr/lib/pkgconfig/
+ endif
+
+ ifneq ($(CONFIG_PACKAGE_python3-gpiod),)
+ $(INSTALL_DIR) $(1)$(PYTHON3_PKG_DIR)
+ $(CP) $(PKG_INSTALL_DIR)$(PYTHON3_PKG_DIR)/* $(1)$(PYTHON3_PKG_DIR)
+ endif
endef
define Package/libgpiod/install
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libgpiod.so.* $(1)/usr/lib/
endef
+define Package/libgpiodcxx/install
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgpiodcxx.so.* $(1)/usr/lib/
+endef
+
define Package/gpiod-tools/install
$(INSTALL_DIR) $(1)/usr/bin
$(CP) $(PKG_INSTALL_DIR)/usr/bin/* $(1)/usr/bin/
endef
-define Package/python3-gpiod/install
- $(INSTALL_DIR) $(1)/$(PYTHON3_PKG_DIR)
- $(CP) $(PKG_INSTALL_DIR)/$(PYTHON3_PKG_DIR)/gpiod.so $(1)/$(PYTHON3_PKG_DIR)
+define Py3Package/python3-gpiod/install
+ # this empty define prevent installing tools from /usr/bin
endef
$(eval $(call BuildPackage,libgpiod))
+$(eval $(call BuildPackage,libgpiodcxx))
$(eval $(call BuildPackage,gpiod-tools))
+$(eval $(call Py3Package,python3-gpiod))
$(eval $(call BuildPackage,python3-gpiod))
+$(eval $(call BuildPackage,python3-gpiod-src))
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/libimobiledevice/libimobiledevice.git
-PKG_SOURCE_DATE:=2024-04-16
-PKG_SOURCE_VERSION:=5f083426b4ede24b2576f3a56eaf8ac3632c02f7
-PKG_MIRROR_HASH:=96d63f5a5cdfbc045aa58939fa0ab1ab81739b67b042b86bbbeee75d332e09d5
+PKG_SOURCE_DATE:=2024-05-20
+PKG_SOURCE_VERSION:=9ccc52222c287b35e41625cc282fb882544676c6
+PKG_MIRROR_HASH:=9d272d40515c5ba6be5fa22eb897724d8940a505163918120c005bbeed352475
PKG_MAINTAINER:=Rosen Penev <rosenp@gmail.com>
PKG_LICENSE:=LGPL-2.1-or-later
--- /dev/null
+--- a/tools/afcclient.c
++++ b/tools/afcclient.c
+@@ -37,6 +37,7 @@
+ #include <ctype.h>
+ #include <unistd.h>
+ #include <dirent.h>
++#include <time.h>
+
+ #ifdef WIN32
+ #include <windows.h>
include $(TOPDIR)/rules.mk
PKG_NAME:=libjpeg-turbo
-PKG_VERSION:=3.0.2
+PKG_VERSION:=3.0.3
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/libjpeg-turbo/libjpeg-turbo/releases/download/$(PKG_VERSION)
-PKG_HASH:=c2ce515a78d91b09023773ef2770d6b0df77d674e144de80d63e0389b3a15ca6
+PKG_HASH:=343e789069fc7afbcdfe44dbba7dbbf45afa98a15150e079a38e60e44578865d
PKG_MAINTAINER:=Rosen Penev <rosenp@gmail.com>
PKG_LICENSE:=BSD-3-Clause IJG zlib
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=libjwt
+PKG_VERSION:=1.17.1
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/benmcollins/libjwt/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=568cb5c272622e6ae045708594f1eded64fbfc101112d20de51875fce7653c83
+
+PKG_LICENSE:=MPL-2.0
+PKG_LICENSE_FILES:=LICENSE
+PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
+
+CMAKE_OPTIONS += \
+ -DBUILD_SHARED_LIBS=ON
+CMAKE_INSTALL:=1
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+
+define Package/libjwt
+ SECTION:=libs
+ CATEGORY:=Libraries
+ TITLE:=libjwt
+ URL:=https://github.com/benmcollins/libjwt
+ DEPENDS:=+libopenssl +jansson
+ ABI_VERSION:=0
+endef
+
+define Package/libjwt/description
+ JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.
+ libjwt seems to be the most popular implementation written in C.
+endef
+
+
+define Package/libjwt/install
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libjwt.so $(1)/usr/lib/libjwt.so.0
+ $(LN) libjwt.so.0 $(1)/usr/lib/libjwt.so
+endef
+
+$(eval $(call BuildPackage,libjwt))
include $(TOPDIR)/rules.mk
PKG_NAME:=lz4
-PKG_VERSION:=1.9.4
+PKG_VERSION:=1.10.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://codeload.github.com/lz4/lz4/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=0b0e3aa07c8c063ddf40b082bdf7e37a1562bda40a0ff5272957f3e987e0e54b
+PKG_SOURCE_URL:=https://github.com/lz4/lz4/releases/download/v$(PKG_VERSION)
+PKG_HASH:=537512904744b35e232912055ccf8ec66d768639ff3abe5788d90d792ec5f48b
PKG_MAINTAINER:=Darik Horn <dajhorn@vanadac.com>
PKG_CPE_ID:=cpe:/a:lz4_project:lz4
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/meson.mk
-MESON_BUILD_DIR:=$(PKG_BUILD_DIR)/contrib/meson/openwrt-build
+MESON_BUILD_DIR:=$(PKG_BUILD_DIR)/build/meson/openwrt-build
define Package/lz4/Default
SUBMENU:=Compression
PKG_NAME:=libmad
PKG_VERSION:=0.16.4
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=$(PKG_VERSION)
--- /dev/null
+From cb1e56cb691e0f9ebcad595632ef484389830431 Mon Sep 17 00:00:00 2001
+From: Mangix <mangixjohn@icloud.com>
+Date: Thu, 27 Jun 2024 20:13:07 +0000
+Subject: [PATCH] minimad: fix format under 32-bit
+
+This is pointer subtraction. Use proper macro for this. 32-bit needs to be %d.
+---
+ minimad.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/minimad.c
++++ b/minimad.c
+@@ -19,6 +19,7 @@
+ * $Id: minimad.c,v 1.4 2004/01/23 09:41:32 rob Exp $
+ */
+
++# include <inttypes.h>
+ # include <stdio.h>
+ # include <unistd.h>
+ # include <sys/stat.h>
+@@ -174,7 +175,7 @@ enum mad_flow error(void *data,
+ {
+ struct buffer *buffer = data;
+
+- fprintf(stderr, "decoding error 0x%04x (%s) at byte offset %u\n",
++ fprintf(stderr, "decoding error 0x%04x (%s) at byte offset %" PRIdPTR "\n",
+ stream->error, mad_stream_errorstr(stream),
+ stream->this_frame - buffer->start);
+
include $(TOPDIR)/rules.mk
PKG_NAME:=libmaxminddb
-PKG_VERSION:=1.9.1
+PKG_VERSION:=1.11.0
PKG_RELEASE=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/maxmind/libmaxminddb/releases/download/$(PKG_VERSION)
-PKG_HASH:=a80682a89d915fdf60b35d316232fb04ebf36fff27fda9bd39fe8a38d3cd3f12
+PKG_HASH:=b2eea79a96fed77ad4d6c39ec34fed83d45fcb75a31c58956813d58dcf30b19f
PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec1@gmail.com>
PKG_LICENSE:=Apache-2.0
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://gitlab.freedesktop.org/mobile-broadband/libmbim.git
PKG_SOURCE_VERSION:=$(PKG_VERSION)
-PKG_MIRROR_HASH:=fdb9d945465b7ad13ccd180b3e2c580f45ba6859d464e75191d6f3f38257c1ac
+PKG_MIRROR_HASH:=0ff9212138eb68c2e33ad9220aa64df2e9a0da86f03dd02bf6d4cf02bcd95a68
PKG_BUILD_FLAGS:=gc-sections
include $(TOPDIR)/rules.mk
PKG_NAME:=libmspack
-PKG_VERSION:=0.10.1alpha
+PKG_REALVERSION:=0.11alpha
+PKG_VERSION:=0.11_alpha
PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://www.cabextract.org.uk/$(PKG_NAME)/
-PKG_HASH:=bac862dee6e0fc10d92c70212441d9f8ad9b0222edc9a708c3ead4adb1b24a8e
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_REALVERSION).tar.gz
+PKG_SOURCE_URL:=https://www.cabextract.org.uk/$(PKG_NAME)
+PKG_HASH:=70dd1fb2f0aecc36791b71a1e1840e62173079eadaa081192d1c323a0eeea21b
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_REALVERSION)
PKG_MAINTAINER:=Florian Eckert <fe@dev.tdt.de>
PKG_LICENSE:=LGPL-2.1-or-later
PKG_LICENSE_FILES:=COPYING.LIB
-PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
include $(TOPDIR)/rules.mk
PKG_NAME:=libnatpmp
-PKG_VERSION:=20150609
-PKG_RELEASE:=3
+PKG_VERSION:=20230423
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://miniupnp.tuxfamily.org/files
-PKG_HASH:=e1aa9c4c4219bc06943d6b2130f664daee213fb262fcb94dd355815b8f4536b0
+PKG_HASH:=0684ed2c8406437e7519a1bd20ea83780db871b3a3a5d752311ba3e889dbfc70
PKG_MAINTAINER:=
PKG_LICENSE:=BSD-3-Clause
---- /dev/null
+--- a/CMakeLists.txt
+++ b/CMakeLists.txt
-@@ -0,0 +1,50 @@
-+cmake_minimum_required(VERSION 2.8.12)
-+
-+if(POLICY CMP0048)
-+ cmake_policy(SET CMP0048 NEW)
-+endif()
-+
+@@ -4,7 +4,10 @@ if(POLICY CMP0048)
+ cmake_policy(SET CMP0048 NEW)
+ endif()
+
+-project(natpmp)
+project(natpmp C)
+
-+set (NATPMP_VERSION 20150609)
++set (NATPMP_VERSION 20230423)
+set (NATPMP_API_VERSION 1)
-+
-+set (NATPMP_SOURCES
-+ natpmp.c
-+ getgateway.c
-+)
-+
-+if (WIN32)
-+ set (NATPMP_SOURCES ${NATPMP_SOURCES} wingettimeofday.c)
-+endif (WIN32)
-+
-+# Library itself
+
+ set (NATPMP_SOURCES
+ natpmp.c
+@@ -16,20 +19,33 @@ if (WIN32)
+ endif (WIN32)
+
+ # Library itself
+-add_library(natpmp STATIC ${NATPMP_SOURCES})
+-target_include_directories(natpmp PUBLIC ${CMAKE_CURRENT_LIST_DIR})
+add_library(natpmp SHARED ${NATPMP_SOURCES})
+set_target_properties (natpmp PROPERTIES OUTPUT_NAME "natpmp")
+set_target_properties (natpmp PROPERTIES VERSION ${NATPMP_VERSION})
+set_target_properties (natpmp PROPERTIES SOVERSION ${NATPMP_API_VERSION})
-+target_compile_definitions(natpmp PRIVATE -DENABLE_STRNATPMPERR)
+ target_compile_definitions(natpmp PRIVATE -DENABLE_STRNATPMPERR)
+target_include_directories(natpmp PUBLIC ${CMAKE_CURRENT_LIST_DIR})
-+
-+if (WIN32)
-+ target_link_libraries(natpmp PUBLIC ws2_32 Iphlpapi)
-+ target_compile_definitions(natpmp PUBLIC -DNATPMP_STATICLIB)
-+endif (WIN32)
-+
+
+ if (WIN32)
+ target_link_libraries(natpmp PUBLIC ws2_32 Iphlpapi)
+ target_compile_definitions(natpmp PUBLIC -DNATPMP_STATICLIB)
+ endif (WIN32)
+
+install(TARGETS natpmp
+ RUNTIME DESTINATION bin
+ LIBRARY DESTINATION lib${LIB_SUFFIX}
+ ARCHIVE DESTINATION lib${LIB_SUFFIX})
+
-+# Executables
-+add_executable(natpmpc natpmpc.c)
-+target_link_libraries(natpmpc natpmp)
-+
+ # Executables
+ add_executable(natpmpc natpmpc.c)
+ target_link_libraries(natpmpc natpmp)
+
+install(FILES ${CMAKE_CURRENT_BINARY_DIR}/natpmpc DESTINATION bin)
+
-+add_executable(testgetgateway
-+ testgetgateway.c
-+ getgateway.c)
-+target_link_libraries(testgetgateway natpmp)
+ add_executable(testgetgateway
+ testgetgateway.c
+ getgateway.c)
+ target_link_libraries(testgetgateway natpmp)
+
+install(FILES natpmp.h DESTINATION include)
++install(FILES natpmp_declspec.h DESTINATION include)
include $(TOPDIR)/rules.mk
PKG_NAME:=libnet
-PKG_VERSION:=1.2-rc3
-PKG_RELEASE:=4
+PKG_VERSION:=1.3
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=@SF/libnet-dev
-PKG_HASH:=72c380785ad44183005e654b47cc12485ee0228d7fa6b0a87109ff7614be4a63
+PKG_SOURCE_URL:=https://github.com/libnet/libnet/releases/download/v$(PKG_VERSION)
+PKG_HASH:=ad1e2dd9b500c58ee462acd839d0a0ea9a2b9248a1287840bc601e774fb6b28f
+
PKG_MAINTAINER:=Mislav Novakovic <mislav.novakovic@sartura.hr>
PKG_LICENSE:=GPL-2.0
PKG_CPE_ID:=cpe:/a:libnet_project:libnet
-PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
-TARGET_CFLAGS += $(FPIC)
-
define Package/libnet-1.2.x
SECTION:=libs
CATEGORY:=Libraries
TITLE:=Low-level packet creation library
endef
-
CONFIGURE_ARGS += \
--enable-shared \
- --enable-static
-
-CONFIGURE_VARS += \
- ac_cv_libnet_endianess=$(ENDIANESS) \
- libnet_cv_have_packet_socket=yes \
- LL_INT_TYPE=libnet_link_linux
-
-define Build/Configure
- (cd $(PKG_BUILD_DIR); touch \
- configure.in \
- include.m4 \
- aclocal.m4 \
- Makefile.in \
- );
- $(call Build/Configure/Default)
-endef
-
+ --enable-static \
+ --with-pic
define Build/InstallDev
+ $(INSTALL_DIR) $(STAGING_DIR)/usr/bin
+ $(CP) $(PKG_INSTALL_DIR)/usr/bin/libnet-config $(STAGING_DIR)/usr/bin
+ $(INSTALL_DIR) $(2)/bin
+ $(LN) ../../usr/bin/libnet-config $(2)/bin/
+
$(INSTALL_DIR) $(STAGING_DIR)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/libnet.h $(STAGING_DIR)/usr/include
- $(INSTALL_DIR) $(STAGING_DIR)
- $(CP) $(PKG_BUILD_DIR)/libnet-config $(STAGING_DIR)/usr
- chmod a+x $(STAGING_DIR)/usr/libnet-config
+ $(INSTALL_DIR) $(STAGING_DIR)/usr/include/libnet
+ $(CP) $(PKG_INSTALL_DIR)/usr/include/libnet/*.h $(STAGING_DIR)/usr/include/libnet
$(INSTALL_DIR) $(STAGING_DIR)/usr/include/libnet
$(CP) $(PKG_INSTALL_DIR)/usr/include/libnet/libnet-*.h $(STAGING_DIR)/usr/include/libnet
$(INSTALL_DIR) $(STAGING_DIR)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libnet.{a,la,so*} $(STAGING_DIR)/usr/lib
+
+ $(INSTALL_DIR) $(STAGING_DIR)/usr/lib/pkgconfig
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libnet.pc $(STAGING_DIR)/usr/lib/pkgconfig
endef
define Package/libnet-1.2.x/install
+++ /dev/null
---- a/src/libnet_link_linux.c
-+++ b/src/libnet_link_linux.c
-@@ -30,13 +30,8 @@
- #include <sys/time.h>
-
- #include <net/if.h>
--#if (__GLIBC__)
- #include <netinet/if_ether.h>
- #include <net/if_arp.h>
--#else
--#include <linux/if_arp.h>
--#include <linux/if_ether.h>
--#endif
-
- #if (HAVE_PACKET_SOCKET)
- #ifndef SOL_PACKET
include $(TOPDIR)/rules.mk
PKG_NAME:=libnpupnp
-PKG_VERSION:=6.1.0
+PKG_VERSION:=6.1.3
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.lesbonscomptes.com/upmpdcli/downloads
-PKG_HASH:=1e305abf63ac945d9cb4576689670c009a914dc9d05b4c1ed605391e7f6b9719
+PKG_HASH:=80c3d5adc388e59057be52c4c33d7708efe05318487c09e342e7a1f4a83aa792
PKG_MAINTAINER:=
PKG_LICENSE:=LGPL-2.1-or-later
$(INSTALL_DIR) $(1)/usr/include/npupnp
$(CP) $(PKG_INSTALL_DIR)/usr/include/npupnp/* $(1)/usr/include/npupnp/
$(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnpupnp.so* $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnpupnp.{a,so*} $(1)/usr/lib/
$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libnpupnp.pc $(1)/usr/lib/pkgconfig/
endef
include $(TOPDIR)/rules.mk
PKG_NAME:=libnvme
-PKG_VERSION:=1.5
+PKG_VERSION:=1.9
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/linux-nvme/libnvme/archive/refs/tags/v$(PKG_VERSION)
-PKG_HASH:=f73ba1edde059b2d5e7c1048ad4f895e6047bff241c94b34a7aff5894779d086
+PKG_HASH:=455867060d2b7563eab59fe21779dff469d98465028997178c7efbe4b8763206
PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=LICENSE
endef
MESON_ARGS += \
- -Dopenssl=disabled -Dpython=disabled -Dlibdbus=disabled -Dkeyutils=disabled
+ -Dopenssl=disabled -Dpython=disabled -Dkeyutils=disabled
define Package/libnvme/install
$(INSTALL_DIR) $(1)/usr/lib
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/oping.h $(1)/usr/include/
+
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/liboping.{a,so*} $(1)/usr/lib/
+
+ $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/liboping.pc $(1)/usr/lib/pkgconfig/
endef
define Package/liboping/install
include $(TOPDIR)/rules.mk
PKG_NAME:=libpqxx
-PKG_VERSION:=7.9.0
+PKG_VERSION:=7.9.2
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/jtv/libpqxx
PKG_SOURCE_VERSION:=$(PKG_VERSION)
-PKG_MIRROR_HASH:=eebad0afd262ad399fd6b303ff86f2306916033f56afeb8b3840c1fb54777db1
+PKG_MIRROR_HASH:=3bc0572b06b6030d046aa1f11b64d644e78a688f58febbc2b4597f07672b22a8
CMAKE_INSTALL:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://gitlab.freedesktop.org/mobile-broadband/libqmi.git
PKG_SOURCE_VERSION:=$(PKG_VERSION)
-PKG_MIRROR_HASH:=beed19cfb25f65186d2a4d9c3aef54f023962662f37e7421cedb94978256791b
+PKG_MIRROR_HASH:=65ee91b81c6f68d908cc94a0b5d670eefa29d550ecf8ef94cb836981fbfa4c2a
PKG_BUILD_FLAGS:=gc-sections
include $(TOPDIR)/rules.mk
PKG_NAME:=libradiotap
-PKG_VERSION:=2020-06-22
-PKG_RELEASE:=5
+PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://github.com/radiotap/radiotap-library.git
-PKG_SOURCE_VERSION:=94984dd829a605a2d7af55241145c159607f3b30
-PKG_MIRROR_HASH:=1cd4e736534d33cc1a1a0eecce8ce1ea6a93686bf0c8f37635753eea94764bb2
+PKG_SOURCE_URL:=https://github.com/radiotap/radiotap-library
+PKG_SOURCE_DATE:=2023-10-09
+PKG_SOURCE_VERSION:=ee71d224e0faeb9ec4e198d587d4e5aac60d4afe
+PKG_MIRROR_HASH:=c829fcbaaef8ab15467b241fca331d484825bb8de1bf3a59bf29727345ec88d3
PKG_MAINTAINER:=Nick Hainke <vincent@systemli.org>
PKG_LICENSE:=ISC
+++ /dev/null
---- a/parse.c
-+++ b/parse.c
-@@ -1,3 +1,4 @@
-+#include <inttypes.h>
- #include <sys/types.h>
- #include <sys/stat.h>
- #include <sys/mman.h>
-@@ -39,7 +40,7 @@ static void print_radiotap_namespace(str
- {
- switch (iter->this_arg_index) {
- case IEEE80211_RADIOTAP_TSFT:
-- printf("\tTSFT: %llu\n", le64toh(*(unsigned long long *)iter->this_arg));
-+ printf("\tTSFT: %" PRIu64 "\n", le64toh(*(uint64_t *)iter->this_arg));
- break;
- case IEEE80211_RADIOTAP_FLAGS:
- printf("\tflags: %02x\n", *iter->this_arg);
include $(TOPDIR)/rules.mk
PKG_NAME:=re2
-PKG_VERSION:=2023-02-01
-PKG_RELEASE:=3
+PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://codeload.github.com/google/re2/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=cbce8b7803e856827201a132862e41af386e7afd9cc6d9a9bc7a4fa4d8ddbdde
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/google/re2
+PKG_SOURCE_DATE:=2023-02-01
+PKG_SOURCE_VERSION:=b025c6a3ae05995660e3b882eb3277f4399ced1a
+PKG_MIRROR_HASH:=b473f4fd10d9f0afd65d409cf11dd1fd7b4010cfa4e07cfc99d33e382390baef
PKG_MAINTAINER:=
PKG_LICENSE:=BSD-3-Clause
PKG_NAME:=libshout
PKG_VERSION:=2.4.6
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://downloads.us.xiph.org/releases/libshout/
--- /dev/null
+--- a/src/shout_private.h
++++ b/src/shout_private.h
+@@ -33,6 +33,8 @@
+ #include <common/timing/timing.h>
+ #include "util.h"
+
++#include <stdio.h>
++#include <stdlib.h>
+ #include <sys/types.h>
+
+ #ifdef HAVE_STDINT_H
PKG_NAME:=libssh
PKG_VERSION:=0.10.6
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://www.libssh.org/files/0.10/
-DWITH_STACK_PROTECTOR_STRONG=0 \
-DHAVE_WORDS_BIGENDIAN=$(if $(CONFIG_BIG_ENDIAN),1,0)
+define Build/InstallDev
+ $(call Build/InstallDev/cmake,$(1))
+ $(SED) 's,/usr/include,$$$${prefix}/include,g' $(1)/usr/lib/pkgconfig/libssh.pc
+ $(SED) 's,/usr/lib,$$$${exec_prefix}/lib,g' $(1)/usr/lib/pkgconfig/libssh.pc
+endef
+
define Package/libssh/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libssh* $(1)/usr/lib/
include $(TOPDIR)/rules.mk
PKG_NAME:=talloc
-PKG_VERSION:=2.3.4
+PKG_VERSION:=2.4.2
MAJOR_VERSION:=2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.samba.org/ftp/talloc
-PKG_HASH:=179f9ebe265e67e4ab2c26cad2b7de4b6a77c6c212f966903382869f06be6505
+PKG_HASH:=85ecf9e465e20f98f9950a52e9a411e14320bc555fa257d87697b7e7a9b1d8a6
PKG_MAINTAINER:=Ted Hess <thess@kitschensync.net>
PKG_LICENSE:=LGPL-3.0-or-later
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
-@@ -429,22 +429,13 @@ def configure(conf):
+@@ -441,33 +441,13 @@ def configure(conf):
conf.CHECK_FUNCS('prctl dirname basename')
- if conf.CHECK_FUNCS_IN('strlcpy strlcat', 'bsd', headers='bsd/string.h',
- checklibc=True):
- strlcpy_in_bsd = True
+- elif conf.env.enable_fuzzing:
+- # Just to complicate it more, some versions of Honggfuzz have
+- # got strlcpy and strlcat in libc, but not in <string.h>
+- # (unless it is there coincidentally, on a BSD). Therefore we
+- # can't use CHECK_FUNCS alone to decide whether to add the
+- # headers to replace.h.
+- #
+- # As this is only known to happen on a fuzzing compiler, we'll
+- # skip the check when not in fuzzing mode.
+- conf.CHECK_HEADERS('bsd/string.h')
+-
- if not conf.CHECK_FUNCS('getpeereid'):
- conf.CHECK_FUNCS_IN('getpeereid', 'bsd', headers='sys/types.h bsd/unistd.h')
- if not conf.CHECK_FUNCS_IN('setproctitle', 'setproctitle', headers='setproctitle.h'):
conf.CHECK_CODE('''
struct ucred cred;
-@@ -827,9 +818,6 @@ syscall(SYS_copy_file_range,0,NULL,0,NUL
+@@ -850,9 +830,6 @@ syscall(SYS_copy_file_range,0,NULL,0,NUL
# look for a method of finding the list of network interfaces
for method in ['HAVE_IFACE_GETIFADDRS', 'HAVE_IFACE_AIX', 'HAVE_IFACE_IFCONF', 'HAVE_IFACE_IFREQ']:
if conf.CHECK_CODE('''
#define %s 1
#define NO_CONFIG_H 1
-@@ -842,7 +830,7 @@ syscall(SYS_copy_file_range,0,NULL,0,NUL
+@@ -865,7 +842,7 @@ syscall(SYS_copy_file_range,0,NULL,0,NUL
#include "tests/getifaddrs.c"
''' % method,
method,
addmain=False,
execute=True):
break
-@@ -890,7 +878,6 @@ def build(bld):
+@@ -913,7 +890,6 @@ def build(bld):
break
extra_libs = ''
include $(TOPDIR)/rules.mk
PKG_NAME:=libtirpc
-PKG_VERSION:=1.3.3
+PKG_VERSION:=1.3.4
PKG_RELEASE:=1
PKG_SOURCE_URL:=@SF/libtirpc
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_HASH:=6474e98851d9f6f33871957ddee9714fdcd9d8a5ee9abb5a98d63ea2e60e12f3
+PKG_HASH:=1e0b0c7231c5fa122e06c0609a76723664d068b0dba3b8219b63e6340b347860
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=COPYING
include $(TOPDIR)/rules.mk
PKG_NAME:=libucontext
-PKG_VERSION:=1.2
+PKG_VERSION:=1.3.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://codeload.github.com/kaniini/libucontext/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=2657e087c493263e7bbbde152a5bc08ce22dc5a7970887ac4fd251b90b58401f
+PKG_SOURCE_URL:=https://codeload.github.com/kaniini/libucontext/tar.gz/$(PKG_NAME)-$(PKG_VERSION)?
+PKG_HASH:=1243ee9f03ad38e624f6844427b7bc1f0a05aa5de70f15f3b03805a364b971d6
PKG_MAINTAINER:=Volker Christian <me@vchrist.at>
PKG_LICENSE:=ISC
PKG_LICENSE_FILES:=LICENSE
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_NAME)-$(PKG_VERSION)
PKG_BUILD_FLAGS:=no-mips16
PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
endef
define Package/libucontext/description
- Thie package is a development package aimed to be linked to
+ This package is a development package aimed to be linked to
libraries/applications which need the SYS-V ucontext API.
endef
+++ /dev/null
---- a/arch/arm/swapcontext.S
-+++ b/arch/arm/swapcontext.S
-@@ -17,10 +17,12 @@ ALIAS(__swapcontext, libucontext_swapcon
-
- FUNC(libucontext_swapcontext)
- /* copy all of the current registers into the ucontext structure */
-- add r2, r0, #REG_OFFSET(0)
-- stmia r2, {r0-r12}
- str r13, [r0,#REG_OFFSET(13)]
- str r14, [r0,#REG_OFFSET(15)]
-+ add r2, r0, #REG_OFFSET(0)
-+ /* copy r0 with value 0 to indicate success (return value 0) */
-+ mov r0, #0
-+ stmia r2, {r0-r12}
-
- /* load new registers from the second ucontext structure */
- add r14, r1, #REG_OFFSET(0)
--- /dev/null
+--- a/meson.build
++++ b/meson.build
+@@ -40,7 +40,7 @@ if cpu in ['ppc', 'ppc64']
+ 'arch' / cpu / 'retfromsyscall.c'
+ ]
+ endif
+-if cpu not in ['mips', 'mips64', 'ppc', 'ppc64', 's390x']
++if cpu not in ['loongarch64', 'mips', 'mips64', 'ppc', 'ppc64', 's390x', 'x86']
+ project_source_files += [
+ 'arch' / cpu / 'trampoline.c'
+ ]
+++ /dev/null
---- a/test_libucontext.c
-+++ b/test_libucontext.c
-@@ -9,6 +9,9 @@
- #include <string.h>
- #include <libucontext/libucontext.h>
-
-+#define handle_error(msg) \
-+ do { perror(msg); exit(EXIT_FAILURE); } while (0)
-+
- static libucontext_ucontext_t ctx[3];
-
-
-@@ -36,7 +39,8 @@ static void f1 (int a, int b, int c, int
- printf("looks like all arguments are passed correctly\n");
-
- printf("swap back to f2\n");
-- libucontext_swapcontext(&ctx[1], &ctx[2]);
-+ if (libucontext_swapcontext(&ctx[1], &ctx[2]) != 0)
-+ handle_error("libucontext_swapcontext");
- printf("finish f1\n");
- }
-
-@@ -44,7 +48,8 @@ static void f1 (int a, int b, int c, int
- static void f2 (void) {
- printf("start f2\n");
- printf("swap to f1\n");
-- libucontext_swapcontext(&ctx[2], &ctx[1]);
-+ if (libucontext_swapcontext(&ctx[2], &ctx[1]) != 0)
-+ handle_error("libucontext_swapcontext");
- printf("finish f2, should swap to f1\n");
- }
-
-@@ -63,7 +68,8 @@ int main (int argc, const char *argv[])
- printf("setting up context 1\n");
-
-
-- libucontext_getcontext(&ctx[1]);
-+ if (libucontext_getcontext(&ctx[1]) != 0)
-+ handle_error("libucontext_getcontext");
- ctx[1].uc_stack.ss_sp = st1;
- ctx[1].uc_stack.ss_size = sizeof st1;
- ctx[1].uc_link = &ctx[0];
-@@ -83,16 +89,20 @@ int main (int argc, const char *argv[])
- printf("doing initial swapcontext\n");
-
-
-- libucontext_swapcontext(&ctx[0], &ctx[2]);
-+ if (libucontext_swapcontext(&ctx[0], &ctx[2]) != 0)
-+ handle_error("libucontext_swapcontext");
-
-
- printf("returned from initial swapcontext\n");
-
-
- /* test ability to use getcontext/setcontext without makecontext */
-- libucontext_getcontext(&ctx[1]);
-+ if (libucontext_getcontext(&ctx[1]) != 0)
-+ handle_error("libucontext_getcontext");
- printf("done = %d\n", done);
-- if (done++ == 0) libucontext_setcontext(&ctx[1]);
-+ if (done++ == 0)
-+ if (libucontext_setcontext(&ctx[1]) != 0)
-+ handle_error("libucontext_setcontext");
- if (done != 2) {
- fprintf(stderr, "wrong value for done. got %d, expected 2\n", done);
- abort();
---- a/test_libucontext_posix.c
-+++ b/test_libucontext_posix.c
-@@ -9,6 +9,9 @@
- #include <string.h>
- #include <ucontext.h>
-
-+#define handle_error(msg) \
-+ do { perror(msg); exit(EXIT_FAILURE); } while (0)
-+
- static ucontext_t ctx[3];
-
-
-@@ -36,7 +39,8 @@ static void f1 (int a, int b, int c, int
- printf("looks like all arguments are passed correctly\n");
-
- printf("swap back to f2\n");
-- swapcontext(&ctx[1], &ctx[2]);
-+ if (swapcontext(&ctx[1], &ctx[2]) != 0)
-+ handle_error("swapcontext");
- printf("finish f1\n");
- }
-
-@@ -44,7 +48,8 @@ static void f1 (int a, int b, int c, int
- static void f2 (void) {
- printf("start f2\n");
- printf("swap to f1\n");
-- swapcontext(&ctx[2], &ctx[1]);
-+ if (swapcontext(&ctx[2], &ctx[1]) != 0)
-+ handle_error("swapcontext");
- printf("finish f2, should swap to f1\n");
- }
-
-@@ -83,16 +88,19 @@ int main (int argc, const char *argv[])
- printf("doing initial swapcontext\n");
-
-
-- swapcontext(&ctx[0], &ctx[2]);
--
-+ if (swapcontext(&ctx[0], &ctx[2]) != 0)
-+ handle_error("swapcontext");
-
- printf("returned from initial swapcontext\n");
-
-
- /* test ability to use getcontext/setcontext without makecontext */
-- getcontext(&ctx[1]);
-+ if (getcontext(&ctx[1]) != 0)
-+ handle_error("getcontext");
- printf("done = %d\n", done);
-- if (done++ == 0) setcontext(&ctx[1]);
-+ if (done++ == 0)
-+ if (setcontext(&ctx[1]) != 0)
-+ handle_error("setcontext");
- if (done != 2) {
- fprintf(stderr, "wrong value for done. got %d, expected 2\n", done);
- abort();
PKG_NAME:=libupnp
PKG_VERSION:=1.14.18
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=@SF/pupnp
--- /dev/null
+From 155eb2a6dea9489e3d206bfe6ef6612cb93becc4 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Sat, 29 Jun 2024 16:59:10 -0700
+Subject: [PATCH] fix 32-bit format warnings
+
+Seems this PRIzu takes size_t, not unsigned long.
+
+Signed-off-by: Rosen Penev <rosenp@gmail.com>
+---
+ upnp/src/gena/gena_device.c | 2 +-
+ upnp/src/genlib/net/http/httpreadwrite.c | 7 ++-----
+ 2 files changed, 3 insertions(+), 6 deletions(-)
+
+--- a/upnp/src/gena/gena_device.c
++++ b/upnp/src/gena/gena_device.c
+@@ -449,7 +449,7 @@ static char *AllocGenaHeaders(
+ "%s%s%" PRIzu "%s%s%s",
+ HEADER_LINE_1,
+ HEADER_LINE_2A,
+- (unsigned long)strlen(propertySet) + 2,
++ strlen(propertySet) + 2,
+ HEADER_LINE_2B,
+ HEADER_LINE_3,
+ HEADER_LINE_4);
+--- a/upnp/src/genlib/net/http/httpreadwrite.c
++++ b/upnp/src/genlib/net/http/httpreadwrite.c
+@@ -626,7 +626,7 @@ int http_SendMessage(SOCKINFO *info, int
+ rc = snprintf(Chunk_Header,
+ sizeof(Chunk_Header),
+ "%" PRIzx "\r\n",
+- (unsigned long)num_read);
++ num_read);
+ if (rc < 0 ||
+ (unsigned int)rc >=
+ sizeof(Chunk_Header)) {
+@@ -1765,10 +1765,7 @@ int http_MakeMessage(membuffer *buf,
+ } else if (c == 'd') {
+ /* integer */
+ num = (size_t)va_arg(argp, int);
+- rc = snprintf(tempbuf,
+- sizeof(tempbuf),
+- "%" PRIzu,
+- (unsigned long)num);
++ rc = snprintf(tempbuf, sizeof(tempbuf), "%" PRIzu, num);
+ if (rc < 0 || (unsigned int)rc >= sizeof(tempbuf) ||
+ membuffer_append(buf, tempbuf, strlen(tempbuf)))
+ goto error_handler;
include $(TOPDIR)/rules.mk
PKG_NAME:=libupnpp
-PKG_VERSION:=0.24.1
+PKG_VERSION:=0.26.5
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.lesbonscomptes.com/upmpdcli/downloads
-PKG_HASH:=f09d5162f237bcb971ef4bbd45de9e93a073d96555cd691374eb1a3f338b2d0b
+PKG_HASH:=b0e089783c5893c16afe23d90a6ee6947c2ec34ca6c3cf555622f7d9cc2b2b3c
PKG_MAINTAINER:=
PKG_LICENSE:=LGPL-2.1-or-later
PKG_LICENSE_FILES:=COPYING
-PKG_INSTALL:=1
-PKG_BUILD_PARALLEL:=1
-
include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/meson.mk
define Package/libupnpp
SECTION:=libs
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/libupnpp $(1)/usr/include/
$(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libupnpp.{la,so*} $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libupnpp.{a,so*} $(1)/usr/lib/
$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libupnpp.pc $(1)/usr/lib/pkgconfig/
endef
include $(TOPDIR)/rules.mk
PKG_NAME:=liburcu
-PKG_VERSION:=0.14.0
+PKG_VERSION:=0.14.1
PKG_RELEASE:=1
PKG_MAINTAINER:=Daniel Salzman <daniel.salzman@nic.cz>
PKG_SOURCE:=userspace-rcu-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://lttng.org/files/urcu/
-PKG_HASH:=ca43bf261d4d392cff20dfae440836603bf009fce24fdc9b2697d837a2239d4f
+PKG_HASH:=231acb13dc6ec023e836a0f0666f6aab47dc621ecb1d2cd9d9c22f922678abc0
PKG_BUILD_DIR:=$(BUILD_DIR)/userspace-rcu-$(PKG_VERSION)
PKG_FIXUP:=autoreconf
include $(TOPDIR)/rules.mk
PKG_NAME:=liburing
-PKG_VERSION:=2.6
+PKG_VERSION:=2.7
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://git.kernel.dk/cgit/liburing/snapshot
-PKG_HASH:=78bcc0dc0d004a238d8b5f597adbb4ec74926352a3983b872db7f0efdb72565d
+PKG_HASH:=cc5268f97d089bc21d3d5848959e6620b2dfc85023b92479dad0496b2c51df06
PKG_MAINTAINER:=Christian Lachner <gladiac@gmail.com>
PKG_LICENSE:=MIT
PKG_NAME:=libuwsc
PKG_VERSION:=3.3.5
-PKG_RELEASE:=5.1
+PKG_RELEASE:=6
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL=https://github.com/zhaojh329/libuwsc/releases/download/v$(PKG_VERSION)
include $(TOPDIR)/rules.mk
PKG_NAME:=v4l-utils
-PKG_VERSION:=1.26.1
+PKG_VERSION:=1.28.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://www.linuxtv.org/downloads/v4l-utils
-PKG_HASH:=4a71608c0ef7df2931176989e6d32b445c0bdc1030a2376d929c8ca6e550ec4e
+PKG_HASH:=fcb1ac1f22c1673e932b1779384f61cd6b7dd76e0e500bfb57e7a598588980b4
PKG_MAINTAINER:=Ted Hess <thess@kitschensync.net>
dep_libudev,
--- a/meson.build
+++ b/meson.build
-@@ -178,6 +178,8 @@ size_t iconv (iconv_t cd, char * *inbuf,
+@@ -202,6 +202,8 @@ size_t iconv (iconv_t cd, char * *inbuf,
endif
endif
include $(TOPDIR)/rules.mk
PKG_NAME:=libvorbisidec
-PKG_REV:=20180319
-PKG_VERSION:=1.0.3-$(PKG_REV)
-PKG_RELEASE:=2
+PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
+PKG_SOURCE_DATE:=2024-06-11
PKG_SOURCE_URL:=https://gitlab.xiph.org/xiph/tremor.git
-PKG_SOURCE_VERSION:=7c30a66346199f3f09017a09567c6c8a3a0eedc8
-PKG_MIRROR_HASH:=82aa52d3f1920e06834800d2c191530ce0ddc8a1f61986be4faea56d70cbb517
+PKG_SOURCE_VERSION:=9b78f57f4335f7158dbb82df00645d2ba57e0d33
+PKG_MIRROR_HASH:=521a65a192078fd70ac402c54a8b35986280ce96117c9b9a10f769e4caec7135
PKG_MAINTAINER:=Ted Hess <thess@kitschensync.net>
PKG_LICENSE:=BSD-3-Clause
include $(TOPDIR)/rules.mk
PKG_NAME:=libvpx
-PKG_VERSION:=1.14.0
+PKG_VERSION:=1.14.1
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://chromium.googlesource.com/webm/libvpx
-PKG_MIRROR_HASH:=00c35f3101a55ac8f899174bacc27bb45fabfc2dd47ccfaa69eaab65d88e89cd
+PKG_MIRROR_HASH:=a9737eadde24611fbbf080f28c792d804ea0970dadbc9421b427e18bb8f14820
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
PKG_MAINTAINER:=Luiz Angelo Daros de Luca <luizluca@gmail.com>
include $(TOPDIR)/rules.mk
PKG_NAME:=x264
-PKG_VERSION:=2024-01-13
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://code.videolan.org/videolan/x264.git
-PKG_SOURCE_VERSION:=4815ccadb1890572f2bf8b9d9553d56f6c9122ad
-PKG_MIRROR_HASH:=50ab1157a4a026e44f551ea9d62c82626c88711f033a171e5031f2bf87b06eab
+PKG_SOURCE_DATE:=2024-05-13
+PKG_SOURCE_VERSION:=4613ac3c15fd75cebc4b9f65b7fb95e70a3acce1
+PKG_MIRROR_HASH:=03d8ca3495185504a601e36bff017e1044cb3f6c32cb567fb12d6f9707bb78cd
PKG_MAINTAINER:=Adrian Panella <ianchi74@outlook.com>
PKG_LICENSE:=GPL-2.0-or-later
include $(TOPDIR)/rules.mk
PKG_NAME:=lmdb
-PKG_VERSION:=0.9.32
+PKG_VERSION:=0.9.33
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://git.openldap.org/openldap/openldap.git
-PKG_SOURCE_DATE:=2024-01-29
PKG_SOURCE_VERSION:=LMDB_$(PKG_VERSION)
-PKG_MIRROR_HASH:=2fe139bf74e186c937eae2b1dea9094d902c16a4852378135441f4c5d837fec5
+PKG_MIRROR_HASH:=cf6c73e3397ab8b8d81f45dd49a9becccf3c44727ffc640d4b905afda992b58b
PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec1@gmail.com>
PKG_LICENSE:=OLDAP-2.8
include $(TOPDIR)/rules.mk
PKG_NAME:=minizip-ng
-PKG_VERSION:=4.0.5
+PKG_VERSION:=4.0.7
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/zlib-ng/minizip-ng/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=9bb636474b8a4269280d32aca7de4501f5c24cc642c9b4225b4ed7b327f4ee73
+PKG_HASH:=a87f1f734f97095fe1ef0018217c149d53d0f78438bcb77af38adc21dff2dfbc
PKG_MAINTAINER:=David Woodhouse <dwmw2@infradead.org>
PKG_LICENSE:=Zlib
PKG_MAINTAINER:=Espen Jürgensen <espenjurgensen+openwrt@gmail.com>
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYING
+PKG_CPE_ID:=cpe:/a:mini-xml_project:mini-xml
include $(INCLUDE_DIR)/package.mk
include $(TOPDIR)/rules.mk
PKG_NAME:=nghttp2
-PKG_VERSION:=1.61.0
+PKG_VERSION:=1.62.1
PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/nghttp2/nghttp2/releases/download/v$(PKG_VERSION)
-PKG_HASH:=aa7594c846e56a22fbf3d6e260e472268808d3b49d5e0ed339f589e9cc9d484c
+PKG_HASH:=2345d4dc136fda28ce243e0bb21f2e7e8ef6293d62c799abbf6f633a6887af72
PKG_MAINTAINER:=Hans Dedecker <dedeckeh@gmail.com>
PKG_LICENSE:=MIT
include $(TOPDIR)/rules.mk
PKG_NAME:=nghttp3
-PKG_VERSION:=1.2.0
+PKG_VERSION:=1.5.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=https://github.com/ngtcp2/$(PKG_NAME)/releases/download/v$(PKG_VERSION)/
-PKG_HASH:=d2e216bae7bd7362f850922e4237a5caa204853b3594b22adccab4c1e1c1d1aa
+PKG_SOURCE_URL:=https://github.com/ngtcp2/nghttp3/releases/download/v$(PKG_VERSION)/
+PKG_HASH:=8c00e3910ea2ad1218dafebcf8dd2ffdf030c992d9ceb65834d29e5e5278dd0d
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=COPYING
-PKG_MAINTAINER:=Stan Grishin <stangri@melmac.ca>
+PKG_MAINTAINER:=Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
CMAKE_INSTALL:=1
include $(TOPDIR)/rules.mk
PKG_NAME:=ngtcp2
-PKG_VERSION:=1.4.0
+PKG_VERSION:=1.7.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=https://github.com/ngtcp2/$(PKG_NAME)/releases/download/v$(PKG_VERSION)/
-PKG_HASH:=b5d1433b9f5c06ce249e1e390e97dcfa49bf7ada5cb7c8bed8e6cd4feaf1ca4a
+PKG_SOURCE_URL:=https://github.com/ngtcp2/ngtcp2/releases/download/v$(PKG_VERSION)/
+PKG_HASH:=e07c79090f96f6738fabab2129657c53f0cc05164de3662592581ca5425617b1
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=COPYING
-PKG_MAINTAINER:=Stan Grishin <stangri@melmac.ca>
+PKG_MAINTAINER:=Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
CMAKE_INSTALL:=1
CMAKE_OPTIONS += -DENABLE_LIB_ONLY=ON
+define Build/InstallDev
+ $(call Build/InstallDev/cmake,$(1))
+ $(SED) 's,/usr/include,$$$${prefix}/include,g' $(1)/usr/lib/pkgconfig/libngtcp2.pc
+ $(SED) 's,/usr/lib,$$$${exec_prefix}/lib,g' $(1)/usr/lib/pkgconfig/libngtcp2.pc
+endef
+
define Package/libngtcp2/install
$(INSTALL_DIR) $(1)/usr/lib
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libngtcp2*.so* $(1)/usr/lib
include $(TOPDIR)/rules.mk
PKG_NAME:=OpenBLAS
-PKG_VERSION:=0.3.27
+PKG_VERSION:=0.3.28
PKG_RELEASE:=1
PKG_SOURCE:=OpenBLAS-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://github.com/xianyi/OpenBLAS/releases/download/v$(PKG_VERSION)/
-PKG_HASH:=aa2d68b1564fe2b13bc292672608e9cdeeeb6dc34995512e65c3b10f4599e897
+PKG_SOURCE_URL:=https://github.com/OpenMathLib/OpenBLAS/releases/download/v$(PKG_VERSION)/
+PKG_HASH:=f1003466ad074e9b0c8d421a204121100b0751c96fc6fcf3d1456bd12f8a00a1
PKG_LICENSE:=BSD-3-Clause
PKG_CPE_ID:=cpe:/a:openblas_project:openblas
PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
$(CP) $(PKG_INSTALL_DIR)/usr/lib/* $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/* $(1)/usr/lib/pkgconfig/
+ $(SED) 's,/usr/include,$$$${prefix}/include,g' $(1)/usr/lib/pkgconfig/openblas.pc
+ $(SED) 's,/usr/lib,$$$${exec_prefix}/lib,g' $(1)/usr/lib/pkgconfig/openblas.pc
endef
define Package/openblas/install
include $(TOPDIR)/rules.mk
PKG_NAME:=openldap
-PKG_VERSION:=2.6.7
-PKG_RELEASE:=1
+PKG_VERSION:=2.6.8
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tgz
PKG_SOURCE_URL:=https://mirror.eu.oneandone.net/software/openldap/openldap-release/ \
https://www.openldap.org/software/download/OpenLDAP/openldap-release/
-PKG_HASH:=cd775f625c944ed78a3da18a03b03b08eea73c8aabc97b41bb336e9a10954930
+PKG_HASH:=48969323e94e3be3b03c6a132942dcba7ef8d545f2ad35401709019f696c3c4e
PKG_LICENSE:=OLDAP-2.8
PKG_LICENSE_FILES:=LICENSE
PKG_CPE_ID:=cpe:/a:openldap:openldap
include $(TOPDIR)/rules.mk
PKG_NAME:=opus
-PKG_VERSION:=1.5.1
-PKG_RELEASE:=2
+PKG_VERSION:=1.5.2
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://downloads.xiph.org/releases/opus
-PKG_HASH:=b84610959b8d417b611aa12a22565e0a3732097c6389d19098d844543e340f85
+PKG_HASH:=65c1d2f78b9f2fb20082c38cbe47c951ad5839345876e46941612ee87f9a7ce1
PKG_MAINTAINER:=Ted Hess <thess@kitchensync.net>, Ian Leonard <antonlacon@gmail.com>
PKG_LICENSE:=BSD-3-Clause
include $(TOPDIR)/rules.mk
PKG_NAME:=p11-kit
-PKG_VERSION:=0.24.1
-PKG_RELEASE:=2
+PKG_VERSION:=0.25.3
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/p11-glue/p11-kit/releases/download/$(PKG_VERSION)
-PKG_HASH:=d8be783efd5cd4ae534cee4132338e3f40f182c3205d23b200094ec85faaaef8
+PKG_HASH:=d8ddce1bb7e898986f9d250ccae7c09ce14d82f1009046d202a0eb1b428b2adc
PKG_MAINTAINER:=Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
PKG_LICENSE:=BSD-3-Clause
--- /dev/null
+From c203931e32040f2ffb41461f3e3a5ebf3829ef63 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Fri, 28 Jun 2024 13:07:07 -0700
+Subject: [PATCH] fix format warning with 32-bit platforms on musl
+
+musl uses 64-bit time_t, even on 32-bit platforms. Cast to avoid the warning.
+---
+ p11-kit/server.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/p11-kit/server.c
++++ b/p11-kit/server.c
+@@ -45,6 +45,7 @@
+ #include <assert.h>
+ #include <errno.h>
+ #include <fcntl.h>
++#include <inttypes.h>
+ #include <limits.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+@@ -558,7 +559,7 @@ server_loop (Server *server,
+
+ /* timeout */
+ if (ret == 0 && children_avail == 0 && timeout != NULL) {
+- p11_message (_("no connections to %s for %lu secs, exiting"), server->socket_name, timeout->tv_sec);
++ p11_message (_("no connections to %s for %" PRIu64 " secs, exiting"), server->socket_name, (uint64_t)timeout->tv_sec);
+ break;
+ }
+
PKG_LICENSE:=LGPL-2.1-or-later
PKG_LICENSE_FILES:=COPYING
-PKG_CONFIG_DEPENDS:=CONFIG_PACKAGE_qrencode
+PKG_CONFIG_DEPENDS:=CONFIG_QRENCODE_PNG
PKG_BUILD_FLAGS:=lto
SECTION:=libs
CATEGORY:=Libraries
TITLE:=Library for encoding data in a QR Code symbol
+ MENU:=1
URL:=https://fukuchi.org/works/qrencode/
+ DEPENDS:=+QRENCODE_PNG:libpng
endef
define Package/libqrencode/description
digits or 4000 characters, and is highly robust.
endef
+define Package/libqrencode/config
+ config QRENCODE_PNG
+ bool "Enable PNG output"
+ depends on PACKAGE_libqrencode
+ select PACKAGE_libpng
+ default n
+endef
+
define Package/qrencode
SECTION:=utils
CATEGORY:=Utilities
endef
CMAKE_OPTIONS += \
- -DCMAKE_DISABLE_FIND_PACKAGE_PNG=ON \
- -DWITHOUT_PNG=ON \
+ -DCMAKE_DISABLE_FIND_PACKAGE_PNG=O$(if $(CONFIG_QRENCODE_PNG),FF,N) \
+ -DWITHOUT_PNG=O$(if $(CONFIG_QRENCODE_PNG),FF,N) \
-DWITH_TOOLS=O$(if $(CONFIG_PACKAGE_qrencode),N,FF) \
-DWITH_TESTS=OFF \
-DBUILD_SHARED_LIBS=ON
include $(TOPDIR)/rules.mk
PKG_NAME:=sqlite
-PKG_VERSION:=3410200
+PKG_VERSION:=3460100
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-autoconf-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://www.sqlite.org/2023/
-PKG_HASH:=e98c100dd1da4e30fa460761dab7c0b91a50b785e167f8c57acc46514fae9499
+PKG_SOURCE_URL:=https://www.sqlite.org/2024/
+PKG_HASH:=67d3fe6d268e6eaddcae3727fce58fcc8e9c53869bdd07a0c61e38ddf2965071
PKG_CPE_ID:=cpe:/a:sqlite:sqlite
PKG_LICENSE:=PUBLICDOMAIN
define Package/sqlite3/Default
SUBMENU:=Database
TITLE:=SQLite (v3.x) database engine
- URL:=http://www.sqlite.org/
+ URL:=https://www.sqlite.org/
endef
define Package/sqlite3/Default/description
include $(TOPDIR)/rules.mk
PKG_NAME:=taglib
-PKG_VERSION:=2.0
+PKG_VERSION:=2.0.1
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/taglib/taglib
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
-PKG_MIRROR_HASH:=de161820f5a5d3e0e0fb8f04fdae8c8a094897d1418e33b39ca634d4c538ecd0
+PKG_MIRROR_HASH:=2422e6c4ce9ea59882b6a9c078309bb95d6c11537b769f2ff22bc2fa977c56f3
PKG_MAINTAINER:=
PKG_LICENSE:=LGPL-2.1-or-later
include $(TOPDIR)/rules.mk
PKG_NAME:=tiff
-PKG_VERSION:=4.6.0
+PKG_VERSION:=4.7.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://download.osgeo.org/libtiff
-PKG_HASH:=88b3979e6d5c7e32b50d7ec72fb15af724f6ab2cbf7e10880c360a77e4b5d99a
+PKG_HASH:=67160e3457365ab96c5b3286a0903aa6e78bdc44c4bc737d2e486bcecb6ba976
PKG_MAINTAINER:=Jiri Slachta <jiri@slachta.eu>
PKG_LICENSE:=libtiff
PKG_NAME:=unixodbc
PKG_VERSION:=2.3.12
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=unixODBC-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.unixodbc.org
PKG_BUILD_DIR:=$(BUILD_DIR)/unixODBC-$(PKG_VERSION)
HOST_BUILD_DIR:=$(BUILD_DIR)/host/unixODBC-$(PKG_VERSION)
-PKG_BUILD_PARALLEL:=1
-PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
HOST_BUILD_DEPENDS:=unixodbc
HOST_BUILD_PARALLEL:=1
+From 45f501e1be2db6b017cc242c79bfb9de32b332a1 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 29 Jan 2024 08:27:29 +0100
+Subject: [PATCH] PostgreSQL driver: Fix incompatible pointer-to-integer types
+
+These result in out-of-bounds stack writes on 64-bit architectures
+(caller has 4 bytes, callee writes 8 bytes), and seem to have gone
+unnoticed on little-endian architectures (although big-endian
+architectures must be broken).
+
+This change is required to avoid a build failure with GCC 14.
+---
+ Drivers/Postgre7.1/info.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
--- a/Drivers/Postgre7.1/info.c
+++ b/Drivers/Postgre7.1/info.c
-@@ -1786,7 +1786,7 @@ HSTMT hcol_stmt;
+@@ -1779,14 +1779,14 @@ char *table_name;
+ char index_name[MAX_INFO_STRING];
+ short fields_vector[8];
+ char isunique[10], isclustered[10];
+-SDWORD index_name_len, fields_vector_len;
++SQLLEN index_name_len, fields_vector_len;
+ TupleNode *row;
+ int i;
+ HSTMT hcol_stmt;
StatementClass *col_stmt, *indx_stmt;
char column_name[MAX_INFO_STRING], relhasrules[MAX_INFO_STRING];
char **column_names = 0;
int total_columns = 0;
char error = TRUE;
ConnInfo *ci;
+@@ -2136,7 +2136,7 @@ HSTMT htbl_stmt;
+ StatementClass *tbl_stmt;
+ char tables_query[STD_STATEMENT_LEN];
+ char attname[MAX_INFO_STRING];
+-SDWORD attname_len;
++SQLLEN attname_len;
+ char pktab[MAX_TABLE_LEN + 1];
+ Int2 result_cols;
+
include $(TOPDIR)/rules.mk
PKG_NAME:=vips
-PKG_VERSION:=8.15.1
+PKG_VERSION:=8.15.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/libvips/libvips/releases/download/v$(PKG_VERSION)
-PKG_HASH:=06811f5aed3e7bc03e63d05537ff4b501de5283108c8ee79396c60601a00830c
+PKG_HASH:=a2ab15946776ca7721d11cae3215f20f1f097b370ff580cd44fc0f19387aee84
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
PKG_LICENSE:=LGPL-2.1-or-later
include $(TOPDIR)/rules.mk
PKG_NAME:=xmlrpc-c
-PKG_VERSION:=1.59.02
+PKG_VERSION:=1.59.03
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tgz
PKG_SOURCE_URL:=@SF/xmlrpc-c/Xmlrpc-c%20Super%20Stable/$(PKG_VERSION)
-PKG_HASH:=e25e45be1bae7e90f1de69be3d6838917ba3839b2f1c7d3fc0e6663d8622a5ab
+PKG_HASH:=bdb71db42ab0be51591555885d11682b044c1034d4a3296401bf921ec0b233fe
PKG_MAINTAINER:=Ted Hess <thess@kitschensync.net>
PKG_LICENSE:=VARIOUS
PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/nls.mk
define Package/xmlrpc-c/Default
SECTION:=libs
PKG_NAME:=usb-serial-xr_usb_serial_common
PKG_SOURCE_DATE:=2023-03-21
PKG_SOURCE_VERSION:=90ad530166f096347a5a57b6f9eb21c422a40fd9
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/kasbert/epsolar-tracer
return 0;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 2, 0)
-+ dev_vdbg(&xr_usb_serial->data->dev, "%s - count %ld\n", __func__, count);
++ dev_vdbg(&xr_usb_serial->data->dev, "%s - count %zd\n", __func__, count);
+#else
dev_vdbg(&xr_usb_serial->data->dev, "%s - count %d\n", __func__, count);
+#endif
count = (count > xr_usb_serial->writesize) ? xr_usb_serial->writesize : count;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 2, 0)
-+ dev_vdbg(&xr_usb_serial->data->dev, "%s - write %ld\n", __func__, count);
++ dev_vdbg(&xr_usb_serial->data->dev, "%s - write %zd\n", __func__, count);
+#else
dev_vdbg(&xr_usb_serial->data->dev, "%s - write %d\n", __func__, count);
+#endif
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/HardySimpson/zlog
PKG_SOURCE_VERSION:=$(PKG_VERSION)
-PKG_MIRROR_HASH:=f726edf847c6953c8035f49f0b50dab185b051c01abbb5b12fb1994511d19a48
+PKG_MIRROR_HASH:=501d89c6883de14e8e6c53e1597f425814b3b467b31da04c50390d4924efecf3
PKG_MAINTAINER:=Marko Ratkaj <markoratkaj@gmail.com>
PKG_LICENSE:=Apache-2.0
include $(TOPDIR)/rules.mk
PKG_NAME:=exim
-PKG_VERSION:=4.97.1
+PKG_VERSION:=4.98
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://ftp.exim.org/pub/exim/exim4/
-PKG_HASH:=bd782057509a793593508528590626d185ea160ce32cb34beda262e99cefdfa9
+PKG_HASH:=0ebc108a779f9293ba4b423c20818f9a3db79b60286d96abc6ba6b85a15852f7
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
PKG_LICENSE:=GPL-2.0-or-later
#ifndef OPENSSL_NO_ECDH
# include <openssl/ec.h>
#endif
-@@ -944,8 +947,9 @@ pkey = EVP_RSA_gen(2048);
+@@ -947,8 +950,9 @@ pkey = EVP_RSA_gen(2048);
X509_set_version(x509, 2); /* N+1 - version 3 */
ASN1_INTEGER_set(X509_get_serialNumber(x509), 1);
X509_set_pubkey(x509, pkey);
name = X509_get_subject_name(x509);
-@@ -4979,8 +4983,8 @@ return string_fmt_append(g,
+@@ -4972,8 +4976,8 @@ return string_fmt_append(g,
" Runtime: %s\n"
" : %s\n",
OPENSSL_VERSION_TEXT,
/* third line is 38 characters for the %s and the line is 73 chars long;
the OpenSSL output includes a "built on: " prefix already. */
}
-@@ -5022,8 +5026,6 @@ if (pidnow != pidlast)
+@@ -5015,8 +5019,6 @@ if (pidnow != pidlast)
is unique for each thread", this doesn't apparently apply across processes,
so our own warning from vaguely_random_number_fallback() applies here too.
Fix per PostgreSQL. */
--- a/src/EDITME
+++ b/src/EDITME
-@@ -904,6 +904,21 @@ HEADERS_CHARSET="ISO-8859-1"
+@@ -913,6 +913,21 @@ HEADERS_CHARSET="ISO-8859-1"
#------------------------------------------------------------------------------
/* End of local_scan.h */
--- a/src/readconf.c
+++ b/src/readconf.c
-@@ -216,6 +216,9 @@ static optionlist optionlist_config[] =
+@@ -219,6 +219,9 @@ static optionlist optionlist_config[] =
{ "local_from_prefix", opt_stringptr, {&local_from_prefix} },
{ "local_from_suffix", opt_stringptr, {&local_from_suffix} },
{ "local_interfaces", opt_stringptr, {&local_interfaces} },
#endif
--- a/src/string.c
+++ b/src/string.c
-@@ -453,6 +453,7 @@ return ss;
+@@ -455,6 +455,7 @@ return ss;
#if (defined(HAVE_LOCAL_SCAN) || defined(EXPAND_DLFUNC)) \
&& !defined(MACRO_PREDEF) && !defined(COMPILE_UTILITY)
/*************************************************
* Copy and save string *
*************************************************/
-@@ -498,6 +499,7 @@ string_copyn_function(const uschar * s,
+@@ -500,6 +501,7 @@ string_copyn_function(const uschar * s,
{
return string_copyn(s, n);
}
--- a/src/exim.c
+++ b/src/exim.c
-@@ -642,13 +642,15 @@ exim_nullstd(void)
+@@ -647,13 +647,15 @@ exim_nullstd(void)
{
int devnull = -1;
struct stat statbuf;
+++ /dev/null
---- a/src/transports/smtp.c
-+++ b/src/transports/smtp.c
-@@ -938,7 +938,7 @@ if ( sx->early_pipe_active
- if (!(er = dbfn_read_enforce_length(dbm_file, ehlo_resp_key, sizeof(dbdata_ehlo_resp))))
- debug_printf("no ehlo-resp record!\n");
- else
-- debug_printf("ehlo-resp record is %d seconds old\n", time(NULL) - er->time_stamp);
-+ debug_printf("ehlo-resp record is %.0f seconds old\n", difftime(time(NULL), er->time_stamp));
- }
-
- dbfn_delete(dbm_file, ehlo_resp_key);
include $(TOPDIR)/rules.mk
PKG_NAME:=msmtp
-PKG_VERSION:=1.8.25
+PKG_VERSION:=1.8.26
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://marlam.de/msmtp/releases
-PKG_HASH:=2dfe1dbbb397d26fe0b0b6b2e9cd2efdf9d72dd42d18e70d7f363ada2652d738
+PKG_HASH:=6cfc488344cef189267e60aea481f00d4c7e2a59b53c6c659c520a4d121f66d8
PKG_MAINTAINER:=
PKG_LICENSE:=GPL-3.0-or-later
--- /dev/null
+#!/bin/sh
+
+case "$1" in
+ msmtp)
+ msmtp --version | grep "$2"
+ ;;
+esac
include $(TOPDIR)/rules.mk
PKG_NAME:=ffmpeg
-PKG_VERSION:=5.1.3
-PKG_RELEASE:=5
+PKG_VERSION:=6.1.2
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://ffmpeg.org/releases/
-PKG_HASH:=1b113593ff907293be7aed95acdda5e785dd73616d7d4ec90a0f6adbc5a0312e
+PKG_HASH:=3b624649725ecdc565c903ca6643d41f33bd49239922e45c9b1442c63dca4e38
PKG_MAINTAINER:=Ted Hess <thess@kitschensync.net>, \
Ian Leonard <antonlacon@gmail.com>
# Strip off FPU notation
-REAL_CPU_TYPE:=$(firstword $(subst +, ,$(CONFIG_CPU_TYPE)))
+REAL_CPU_TYPE:=$(call qstrip,$(firstword $(subst +, ,$(CONFIG_CPU_TYPE))))
# Fixup cpu types recogized by ffmpeg configure
REAL_CPU_TYPE:=$(subst octeonplus,octeon+,$(REAL_CPU_TYPE))
FFMPEG_CONFIGURE:= \
- CFLAGS="$(TARGET_CFLAGS) $(TARGET_CPPFLAGS) $(FPIC)" \
+ CFLAGS="$(TARGET_CFLAGS) $(TARGET_CPPFLAGS) $(FPIC) -Wno-error=incompatible-pointer-types" \
LDFLAGS="$(TARGET_LDFLAGS)" \
./configure \
--enable-cross-compile \
--cross-prefix="$(TARGET_CROSS)" \
--arch="$(ARCH)" \
- $(if $(REAL_CPU_TYPE),--cpu=$(call qstrip,$(REAL_CPU_TYPE)),) \
+ $(if $(REAL_CPU_TYPE),--cpu=$(REAL_CPU_TYPE),) \
--target-os=linux \
--prefix="/usr" \
--pkg-config="pkg-config" \
+++ /dev/null
---- a/libavcodec/mips/cabac.h
-+++ b/libavcodec/mips/cabac.h
-@@ -30,6 +30,7 @@
- #include "libavutil/mips/mmiutils.h"
- #include "config.h"
-
-+#ifndef __mips16
- #define get_cabac_inline get_cabac_inline_mips
- static av_always_inline int get_cabac_inline_mips(CABACContext *c,
- uint8_t * const state){
-@@ -225,4 +226,6 @@ static av_always_inline int get_cabac_by
-
- return res;
- }
-+
-+#endif
- #endif /* AVCODEC_MIPS_CABAC_H */
+++ /dev/null
-From: Rémi Denis-Courmont <remi@remlab.net>
-Date: Sun, 16 Jul 2023 15:18:02 +0000 (+0300)
-Subject: avcodec/x86/mathops: clip constants used with shift instructions within inline assembly
-X-Git-Url: http://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff_plain/25cd95a9dc3510c3cc0d7aad6f9d83f6a1078c7e?hp=e5b5dd66535f444451e0fee59247b224d866f334
-
-avcodec/x86/mathops: clip constants used with shift instructions within inline assembly
-
-Fixes assembling with binutil as >= 2.41
-
-Signed-off-by: James Almer <jamrial@gmail.com>
-(cherry picked from commit effadce6c756247ea8bae32dc13bb3e6f464f0eb)
----
-
---- a/libavcodec/x86/mathops.h
-+++ b/libavcodec/x86/mathops.h
-@@ -35,12 +35,20 @@
- static av_always_inline av_const int MULL(int a, int b, unsigned shift)
- {
- int rt, dummy;
-+ if (__builtin_constant_p(shift))
- __asm__ (
- "imull %3 \n\t"
- "shrdl %4, %%edx, %%eax \n\t"
- :"=a"(rt), "=d"(dummy)
-- :"a"(a), "rm"(b), "ci"((uint8_t)shift)
-+ :"a"(a), "rm"(b), "i"(shift & 0x1F)
- );
-+ else
-+ __asm__ (
-+ "imull %3 \n\t"
-+ "shrdl %4, %%edx, %%eax \n\t"
-+ :"=a"(rt), "=d"(dummy)
-+ :"a"(a), "rm"(b), "c"((uint8_t)shift)
-+ );
- return rt;
- }
-
-@@ -113,19 +121,31 @@ __asm__ volatile(\
- // avoid +32 for shift optimization (gcc should do that ...)
- #define NEG_SSR32 NEG_SSR32
- static inline int32_t NEG_SSR32( int32_t a, int8_t s){
-+ if (__builtin_constant_p(s))
- __asm__ ("sarl %1, %0\n\t"
- : "+r" (a)
-- : "ic" ((uint8_t)(-s))
-+ : "i" (-s & 0x1F)
- );
-+ else
-+ __asm__ ("sarl %1, %0\n\t"
-+ : "+r" (a)
-+ : "c" ((uint8_t)(-s))
-+ );
- return a;
- }
-
- #define NEG_USR32 NEG_USR32
- static inline uint32_t NEG_USR32(uint32_t a, int8_t s){
-+ if (__builtin_constant_p(s))
- __asm__ ("shrl %1, %0\n\t"
- : "+r" (a)
-- : "ic" ((uint8_t)(-s))
-+ : "i" (-s & 0x1F)
- );
-+ else
-+ __asm__ ("shrl %1, %0\n\t"
-+ : "+r" (a)
-+ : "c" ((uint8_t)(-s))
-+ );
- return a;
- }
-
include $(TOPDIR)/rules.mk
PKG_NAME:=graphicsmagick
-PKG_VERSION:=1.3.43
+PKG_VERSION:=1.3.45
PKG_RELEASE:=1
PKG_BUILD_DIR:=$(BUILD_DIR)/GraphicsMagick-$(PKG_VERSION)
PKG_SOURCE:=GraphicsMagick-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@SF/graphicsmagick
-PKG_HASH:=2b88580732cd7e409d9e22c6116238bef4ae06fcda11451bf33d259f9cbf399f
+PKG_HASH:=dcea5167414f7c805557de2d7a47a9b3147bcbf617b91f5f0f4afe5e6543026b
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=Copyright.txt
--without-bzlib \
--without-dps \
--without-fpx \
+ --without-gs \
--without-jbig \
--without-webp \
--with-jpeg \
--without-jp2 \
--without-lcms2 \
+ --without-libzip \
--without-lzma \
--with-png \
--with-tiff \
include $(TOPDIR)/rules.mk
PKG_NAME:=gst1-libav
-PKG_VERSION:=1.22.8
+PKG_VERSION:=1.24.4
PKG_RELEASE:=1
PKG_SOURCE:=gst-libav-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://gstreamer.freedesktop.org/src/gst-libav
-PKG_HASH:=be39349bc07ab4cdbd9a5fd6ea9848c601c7560ba5a0577ad5200b83bd424981
+PKG_HASH:=4d3803f36008e847fc4842c8dd366162baf8359526cc46c1851bf68bb638da73
PKG_BUILD_DIR:=$(BUILD_DIR)/gst-libav-$(PKG_VERSION)
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org> \
include $(TOPDIR)/rules.mk
PKG_NAME:=gst1-plugins-bad
-PKG_VERSION:=1.22.8
+PKG_VERSION:=1.24.4
PKG_RELEASE:=1
PKG_SOURCE:=gst-plugins-bad-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://gstreamer.freedesktop.org/src/gst-plugins-bad/
-PKG_HASH:=458783f8236068991e3e296edd671c8eddb8be6fac933c1c2e1503462864ea0f
+PKG_HASH:=260bd0a463b4faff9a42f41e5e028f787f10a92b779af8959aec64586f546bd3
PKG_BUILD_DIR:=$(BUILD_DIR)/gst-plugins-bad-$(PKG_VERSION)
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org> \
-Dgsm=disabled \
-Dipcpipeline=disabled \
-Diqa=disabled \
- -Dkate=disabled \
-Dkms=disabled \
-Dladspa=disabled \
-Dlibde265=disabled \
include $(TOPDIR)/rules.mk
PKG_NAME:=gst1-plugins-base
-PKG_VERSION:=1.22.8
+PKG_VERSION:=1.24.4
PKG_RELEASE:=1
PKG_SOURCE:=gst-plugins-base-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://gstreamer.freedesktop.org/src/gst-plugins-base
-PKG_HASH:=eb6792e5c73c6defb9159c36ea6e4b78a2f8af6512678b4bd3b02c8d2d492acf
+PKG_HASH:=09f4ddf246eeb819da1494ce336316edbbcb28fdff3ee2f9804891e84df39b2a
PKG_BUILD_DIR:=$(BUILD_DIR)/gst-plugins-base-$(PKG_VERSION)
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org> \
$$(eval $$(call BuildPackage,libgst1$(1)))
endef
-$(eval $(call GstBuildLibrary,allocators,allocators,,))
+$(eval $(call GstBuildLibrary,allocators,allocators,,+libdrm))
$(eval $(call GstBuildLibrary,app,app,,))
$(eval $(call GstBuildLibrary,audio,audio,tag,))
$(eval $(call GstBuildLibrary,fft,FFT,,))
include $(TOPDIR)/rules.mk
PKG_NAME:=gst1-plugins-good
-PKG_VERSION:=1.22.8
+PKG_VERSION:=1.24.4
PKG_RELEASE:=1
PKG_SOURCE:=gst-plugins-good-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://gstreamer.freedesktop.org/src/gst-plugins-good/
-PKG_HASH:=e305b9f07f52743ca481da0a4e0c76c35efd60adaf1b0694eb3bb021e2137e39
+PKG_HASH:=023096d661cf58cde3e0dcdbf56897bf588830232358c305f3e15fd63e116626
PKG_BUILD_DIR:=$(BUILD_DIR)/gst-plugins-good-$(PKG_VERSION)
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org> \
endef
+TARGET_CFLAGS += -Wno-error=incompatible-pointer-types
+
GST_COND_SELECT = -D$(1)=$(if $(CONFIG_PACKAGE_gst1-mod-$(1)),en,dis)abled
GST_VERSION:=1.0
include $(TOPDIR)/rules.mk
PKG_NAME:=gst1-plugins-ugly
-PKG_VERSION:=1.22.8
+PKG_VERSION:=1.24.4
PKG_RELEASE:=1
PKG_SOURCE:=gst-plugins-ugly-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://gstreamer.freedesktop.org/src/gst-plugins-ugly
-PKG_HASH:=0761d96ba508e01c0271881b26828c2bffd7d8afd50872219f088f755b252ca7
+PKG_HASH:=4604f8709c0bc4d6960ef6ae6fd91e0b20af011bfe22e103f5b85377cf3f1ef4
PKG_BUILD_DIR:=$(BUILD_DIR)/gst-plugins-ugly-$(PKG_VERSION)
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org> \
-Drealmedia=disabled \
\
-Da52dec=disabled \
- -Damrnb=disabled \
- -Damrwbdec=disabled \
-Dcdio=disabled \
-Ddvdread=disabled \
$(call GST_COND_SELECT,mpeg2dec) \
include $(TOPDIR)/rules.mk
PKG_NAME:=gstreamer1
-PKG_VERSION:=1.22.8
+PKG_VERSION:=1.24.4
PKG_RELEASE:=1
PKG_SOURCE:=gstreamer-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://gstreamer.freedesktop.org/src/gstreamer
-PKG_HASH:=ad4e3db1771139b1db17b1afa7c05db083ae0100bd4da244b71f162dcce41bfc
+PKG_HASH:=52c93bc48e03533aa676fd8c15eb6b5fc326c68db311c50bcc0a865f31a6c653
PKG_BUILD_DIR:=$(BUILD_DIR)/gstreamer-$(PKG_VERSION)
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org> \
--- a/gst/gstplugin.c
+++ b/gst/gstplugin.c
-@@ -854,15 +854,8 @@ _priv_gst_plugin_load_file_for_registry
+@@ -862,15 +862,8 @@ _priv_gst_plugin_load_file_for_registry
}
#endif
include $(TOPDIR)/rules.mk
PKG_NAME:=imagemagick
-PKG_VERSION:=7.1.1.31
+PKG_VERSION:=7.1.1.38
PKG_RELEASE:=1
PKG_MAINTAINER:=Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
PKG_SOURCE:=ImageMagick-$(_PKGREV).tar.xz
PKG_SOURCE_URL:=https://imagemagick.org/archive
-PKG_HASH:=7e5c8db53dd90a0cfc5cc7ca6d34728ed86054b4bc86e9787902285fec1107a8
+PKG_HASH:=48de548d4977fc226c982ca03b9d6ad8001b47d8dc142b49fdca69333bc4ad82
PKG_BUILD_DIR:=$(BUILD_DIR)/ImageMagick-$(_PKGREV)
PKG_FIXUP:=autoreconf
PKG_NAME:=mjpg-streamer
PKG_VERSION:=1.0.0
-PKG_RELEASE:=5
+PKG_RELEASE:=6
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/jacksonliam/mjpg-streamer/tar.gz/v$(PKG_VERSION)?
local enabled
config_get_bool enabled "$1" 'enabled' 0
- [ "$enabled" ] || return
+ [ "$enabled" -gt 0 ] || return
local input
config_get input "$s" 'input'
PKG_SOURCE:=$(PKG_NAME)-release-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/Motion-Project/motion/tar.gz/release-$(PKG_VERSION)?
PKG_HASH:=42320a1c7b54a3f0b5a49cecf34a5d752760b28383bc573b3ca1240581786fe5
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-release-$(PKG_VERSION)
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-release-$(PKG_VERSION)
PKG_MAINTAINER:=Roger D <rogerdammit@gmail.com>
PKG_LICENSE:=GPL-2.0-or-later
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/nls.mk
-define Package/motion
+define Package/motion/Default
SECTION:=multimedia
CATEGORY:=Multimedia
DEPENDS:=+libjpeg +libpthread +libmicrohttpd $(INTL_DEPENDS)
TITLE:=webcam motion sensing and logging
+ PROVIDES:=motion
URL:=https://motion-project.github.io/
endef
+define Package/motion/Default/description
+Motion is a program that monitor video signals from many types of cameras and
+depending upon how they are configured, perform actions when movement is
+detected.
+endef
+
+define Package/motion-noffmpeg
+$(call Package/motion/Default)
+ TITLE+= (w/o FFMPEG support)
+ VARIANT:=noffmpeg
+ DEFAULT_VARIANT:=1
+endef
+
+define Package/motion-noffmpeg/description
+$(call Package/motion/Default/description)
+This package is built without FFMPEG support.
+endef
+
+define Package/motion-ffmpeg
+$(call Package/motion/Default)
+ TITLE+= (with FFMPEG support)
+ VARIANT:=ffmpeg
+ DEPENDS+=+libffmpeg-full
+endef
+
+define Package/motion-ffmpeg/description
+$(call Package/motion/Default/description)
+This package is built with FFMPEG support.
+endef
+
define Package/motion/conffiles
/etc/config/motion
/etc/motion.conf
endef
+Package/motion-noffmpeg/conffiles = $(Package/motion/conffiles)
+Package/motion-ffmpeg/conffiles = $(Package/motion/conffiles)
+
CONFIGURE_ARGS += \
--without-bktr \
--without-webp \
--without-mmal \
- --without-ffmpeg \
--without-mariadb \
--without-mysql \
--without-pgsql \
--without-sqlite3 \
--without-optimizecpu
+ifeq ($(BUILD_VARIANT),noffmpeg)
+ CONFIGURE_ARGS += --without-ffmpeg
+endif
+ifeq ($(BUILD_VARIANT),ffmpeg)
+ CONFIGURE_ARGS += --with-ffmpeg
+endif
+
define Package/motion/install
$(INSTALL_DIR) $(1)/etc/config $(1)/etc/init.d
$(INSTALL_CONF) ./files/motion.conf $(1)/etc/config/motion
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/motion $(1)/usr/bin/
endef
+Package/motion-noffmpeg/install = $(Package/motion/install)
+Package/motion-ffmpeg/install = $(Package/motion/install)
-$(eval $(call BuildPackage,motion))
+$(eval $(call BuildPackage,motion-noffmpeg))
+$(eval $(call BuildPackage,motion-ffmpeg))
PKG_NAME:=rtpmidid
PKG_VERSION:=23.12
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/davidmoreno/rtpmidid
--- /dev/null
+--- a/include/rtpmidid/signal.hpp
++++ b/include/rtpmidid/signal.hpp
+@@ -24,6 +24,7 @@
+ #include <cstdint>
+ #include <functional>
+ #include <map>
++#include <memory>
+
+ // #define DEBUG0 DEBUG
+ #define DEBUG0(...)
+@@ -171,4 +172,4 @@ public:
+ }
+ #undef DEBUG0
+ };
+-} // namespace rtpmidid
+\ No newline at end of file
++} // namespace rtpmidid
+--- a/lib/mdns_rtpmidi.cpp
++++ b/lib/mdns_rtpmidi.cpp
+@@ -28,6 +28,8 @@
+ #include <avahi-common/error.h>
+ #include <avahi-common/malloc.h>
+
++#include <algorithm>
++
+ struct AvahiTimeout {
+ rtpmidid::poller_t::timer_t timer_id;
+ void *userdata;
+--- a/lib/poller.cpp
++++ b/lib/poller.cpp
+@@ -21,6 +21,8 @@
+ #include <sys/epoll.h>
+ #include <unistd.h>
+
++#include <algorithm>
++
+ #include <rtpmidid/exceptions.hpp>
+ #include <rtpmidid/logger.hpp>
+ #include <rtpmidid/poller.hpp>
--- /dev/null
+--- a/include/rtpmidid/iobytes.hpp
++++ b/include/rtpmidid/iobytes.hpp
+@@ -330,7 +330,7 @@ public:
+
+ template <>
+ struct fmt::formatter<rtpmidid::io_bytes_reader> : formatter<std::string_view> {
+- auto format(const rtpmidid::io_bytes_reader &data, format_context &ctx) {
++ auto format(const rtpmidid::io_bytes_reader &data, format_context &ctx) const {
+ return formatter<std::string_view>::format(
+ fmt::format("[io_bytes_reader {} to {}, at {}, {}B left]",
+ (void *)data.start, (void *)data.end, (void *)data.position,
+@@ -340,7 +340,7 @@ struct fmt::formatter<rtpmidid::io_bytes
+ };
+ template <>
+ struct fmt::formatter<rtpmidid::io_bytes_writer> : formatter<std::string_view> {
+- auto format(const rtpmidid::io_bytes_reader &data, format_context &ctx) {
++ auto format(const rtpmidid::io_bytes_reader &data, format_context &ctx) const {
+ return formatter<std::string_view>::format(
+ fmt::format("[io_bytes_writer {} to {}, at {}, {}B left]",
+ (void *)data.start, (void *)data.end, (void *)data.position,
+--- a/include/rtpmidid/network.hpp
++++ b/include/rtpmidid/network.hpp
+@@ -24,7 +24,7 @@
+
+ template <>
+ struct fmt::formatter<sockaddr_storage> : formatter<std::string_view> {
+- auto format(const sockaddr_storage &addr, format_context &ctx) {
++ auto format(const sockaddr_storage &addr, format_context &ctx) const {
+ // print ip address and port
+ char name[INET6_ADDRSTRLEN];
+ if (addr.ss_family == AF_INET) {
+--- a/include/rtpmidid/rtpclient.hpp
++++ b/include/rtpmidid/rtpclient.hpp
+@@ -99,7 +99,7 @@ template <>
+ struct fmt::formatter<rtpmidid::rtpclient_t::endpoint_t>
+ : formatter<std::string_view> {
+ auto format(const rtpmidid::rtpclient_t::endpoint_t &data,
+- format_context &ctx) {
++ format_context &ctx) const {
+ return formatter<std::string_view>::format(
+ fmt::format("[endpoint_t [{}]:{}]", data.hostname, data.port), ctx);
+ }
+@@ -109,7 +109,7 @@ template <>
+ struct fmt::formatter<std::vector<rtpmidid::rtpclient_t::endpoint_t>>
+ : formatter<std::string_view> {
+ auto format(const std::vector<rtpmidid::rtpclient_t::endpoint_t> &data,
+- format_context &ctx) {
++ format_context &ctx) const {
+ std::string result;
+ for (auto &endpoint : data) {
+ result +=
+@@ -123,7 +123,7 @@ template <>
+ struct fmt::formatter<std::list<rtpmidid::rtpclient_t::endpoint_t>>
+ : formatter<std::string_view> {
+ auto format(const std::list<rtpmidid::rtpclient_t::endpoint_t> &data,
+- format_context &ctx) {
++ format_context &ctx) const {
+ std::string result = "[";
+ for (auto &endpoint : data) {
+ result += fmt::format("[endpoint_t [{}]:{}] ", endpoint.hostname,
+--- a/include/rtpmidid/rtppeer.hpp
++++ b/include/rtpmidid/rtppeer.hpp
+@@ -152,7 +152,7 @@ public:
+ template <>
+ struct fmt::formatter<rtpmidid::rtppeer_t::status_e>
+ : formatter<std::string_view> {
+- auto format(rtpmidid::rtppeer_t::status_e c, format_context &ctx) {
++ auto format(rtpmidid::rtppeer_t::status_e c, format_context &ctx) const {
+ std::string_view name = "UNKNOWN";
+ switch (c) {
+ case rtpmidid::rtppeer_t::status_e::NOT_CONNECTED:
+@@ -175,7 +175,7 @@ struct fmt::formatter<rtpmidid::rtppeer_
+ template <>
+ struct fmt::formatter<rtpmidid::rtppeer_t::port_e>
+ : formatter<std::string_view> {
+- auto format(rtpmidid::rtppeer_t::port_e c, format_context &ctx) {
++ auto format(rtpmidid::rtppeer_t::port_e c, format_context &ctx) const {
+ const char *name = "UNKNOWN"; // NOLINT
+ switch (c) {
+ case rtpmidid::rtppeer_t::port_e::MIDI_PORT:
+@@ -192,7 +192,7 @@ struct fmt::formatter<rtpmidid::rtppeer_
+ template <>
+ struct fmt::formatter<rtpmidid::rtppeer_t::disconnect_reason_e>
+ : formatter<std::string_view> {
+- auto format(rtpmidid::rtppeer_t::disconnect_reason_e c, format_context &ctx) {
++ auto format(rtpmidid::rtppeer_t::disconnect_reason_e c, format_context &ctx) const {
+ const char *name = "UNKNOWN"; // NOLINT
+ switch (c) {
+ case rtpmidid::rtppeer_t::disconnect_reason_e::CANT_CONNECT:
+--- a/lib/mdns_rtpmidi.cpp
++++ b/lib/mdns_rtpmidi.cpp
+@@ -52,12 +52,12 @@ struct AvahiEntryGroup {
+ rtpmidid::mdns_rtpmidi_t *current = nullptr;
+
+ template <> struct fmt::formatter<AvahiWatchEvent> : fmt::formatter<int> {
+- auto format(AvahiWatchEvent ev, fmt::format_context &ctx) {
++ auto format(AvahiWatchEvent ev, fmt::format_context &ctx) const {
+ return fmt::formatter<int>::format((int)ev, ctx);
+ }
+ };
+ template <> struct fmt::formatter<AvahiBrowserEvent> : fmt::formatter<int> {
+- auto format(AvahiBrowserEvent ev, fmt::format_context &ctx) {
++ auto format(AvahiBrowserEvent ev, fmt::format_context &ctx) const {
+ return fmt::formatter<int>::format((int)ev, ctx);
+ }
+ };
+--- a/src/aseq.hpp
++++ b/src/aseq.hpp
+@@ -152,7 +152,7 @@ template <> struct hash<rtpmididns::aseq
+ template <>
+ struct fmt::formatter<rtpmididns::aseq_t::port_t>
+ : formatter<std::string_view> {
+- auto format(rtpmididns::aseq_t::port_t c, format_context &ctx) {
++ auto format(rtpmididns::aseq_t::port_t c, format_context &ctx) const {
+ auto name = fmt::format("port_t[{}, {}]", c.client, c.port);
+ return formatter<std::string_view>::format(name, ctx);
+ }
+--- a/src/mididata.hpp
++++ b/src/mididata.hpp
+@@ -37,9 +37,9 @@ public:
+
+ template <>
+ struct fmt::formatter<rtpmididns::mididata_t> : formatter<std::string_view> {
+- auto format(const rtpmididns::mididata_t &data, format_context &ctx) {
++ auto format(const rtpmididns::mididata_t &data, format_context &ctx) const {
+
+ return fmt::format_to(ctx.out(), "[mididata_t {} + {}, at {}]",
+ (void *)data.start, data.size(), data.pos());
+ }
+-};
+\ No newline at end of file
++};
+--- a/src/settings.hpp
++++ b/src/settings.hpp
+@@ -58,7 +58,7 @@ template <>
+ struct fmt::formatter<rtpmididns::settings_t::alsa_announce_t>
+ : formatter<std::string_view> {
+ auto format(const rtpmididns::settings_t::alsa_announce_t &data,
+- format_context &ctx) {
++ format_context &ctx) const {
+
+ return fmt::format_to(ctx.out(), "[alsa_announce_t {}]", data.name);
+ }
+@@ -68,7 +68,7 @@ template <>
+ struct fmt::formatter<std::vector<rtpmididns::settings_t::alsa_announce_t>>
+ : formatter<std::string_view> {
+ auto format(const std::vector<rtpmididns::settings_t::alsa_announce_t> &data,
+- format_context &ctx) {
++ format_context &ctx) const {
+ std::string result = "[";
+ for (auto &item : data) {
+ result += fmt::format("[{}] ", item.name);
+@@ -82,7 +82,7 @@ template <>
+ struct fmt::formatter<rtpmididns::settings_t::rtpmidi_announce_t>
+ : formatter<std::string_view> {
+ auto format(const rtpmididns::settings_t::rtpmidi_announce_t &data,
+- format_context &ctx) {
++ format_context &ctx) const {
+
+ return fmt::format_to(ctx.out(), "[rtpmidi_announce_t {} {}]", data.name,
+ data.port);
+@@ -94,7 +94,7 @@ struct fmt::formatter<std::vector<rtpmid
+ : formatter<std::string_view> {
+ auto
+ format(const std::vector<rtpmididns::settings_t::rtpmidi_announce_t> &data,
+- format_context &ctx) {
++ format_context &ctx) const {
+ std::string result = "[";
+ for (auto &item : data) {
+ result +=
+@@ -109,7 +109,7 @@ template <>
+ struct fmt::formatter<rtpmididns::settings_t::connect_to_t>
+ : formatter<std::string_view> {
+ auto format(const rtpmididns::settings_t::connect_to_t &data,
+- format_context &ctx) {
++ format_context &ctx) const {
+
+ return fmt::format_to(ctx.out(), "[connect_to_t {} {} {}]", data.hostname,
+ data.port, data.name);
+@@ -120,7 +120,7 @@ template <>
+ struct fmt::formatter<std::vector<rtpmididns::settings_t::connect_to_t>>
+ : formatter<std::string_view> {
+ auto format(const std::vector<rtpmididns::settings_t::connect_to_t> &data,
+- format_context &ctx) {
++ format_context &ctx) const {
+ std::string result = "[";
+ for (auto &item : data) {
+ result += fmt::format("[connect_to_t {} {} {}] ", item.hostname,
+@@ -133,7 +133,7 @@ struct fmt::formatter<std::vector<rtpmid
+
+ template <>
+ struct fmt::formatter<rtpmididns::settings_t> : formatter<std::string_view> {
+- auto format(const rtpmididns::settings_t &data, format_context &ctx) {
++ auto format(const rtpmididns::settings_t &data, format_context &ctx) const {
+
+ return fmt::format_to(ctx.out(),
+ "[settings_t alsa_name: {} alsa_network: {} "
include $(TOPDIR)/rules.mk
PKG_NAME:=tvheadend
-PKG_VERSION:=2023-06-05
-PKG_RELEASE:=2
+PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://github.com/tvheadend/tvheadend.git
-PKG_MIRROR_HASH:=9c640c7697eaf2deca64d3994fd655288f96f7118a88a649bd8614a6164bd30f
-PKG_SOURCE_VERSION:=003fd92707531bdf7ad1753ab028db8748ac5ab8
-PKG_SOURCE_DATE:=2023-06-05
+PKG_SOURCE_URL:=https://github.com/tvheadend/tvheadend
+PKG_MIRROR_HASH:=0dbdc13634db4150e772aec8da730ffb7f0cadf3d3c46158a422a7dada16dcfc
+PKG_SOURCE_VERSION:=adef81b8d2a6edb3a665679f394bac05b7dc91c8
+PKG_SOURCE_DATE:=2024-08-12
PKG_LICENSE:=GPL-3.0
PKG_LICENSE_FILES:=LICENSE.md
include $(TOPDIR)/rules.mk
PKG_NAME:=v4l2camera
-PKG_VERSION:=0.1.8
+PKG_VERSION:=0.2.1
PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/mpromonet/v4l2camera
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
-PKG_MIRROR_HASH:=455445e6c59faa03100706fadd00bbe4a8ccb8d1adb52f2d405f5708aa084e10
+PKG_MIRROR_HASH:=34a412bcee8b917fb04b8e5ccb08db9129c3f7972ea89cf17f11aa78358311dc
UI_FILE:=v4l2camera-ui-$(PKG_VERSION).tgz
-UI_HASH:=9a03905fde298abe028e01ba575006a5bff5182ed3d45da01eace045cfef2f82
+UI_HASH:=30dde9617a67595068110d3cee3a3ed0ca03f60c07ba9e0925b3cf51d699ab84
-LIVE555_VERSION:=2023.01.19
-LIVE555_HASH:=a7c64913f7f7007c5fdc29ea811e3ca781f262271b3e42afdd4bc1041d86fa99
+LIVE555_VERSION:=2024.08.01
+LIVE555_HASH:=839ab7437d01e629f8094ea1ec8c7a7bb504c7deed9edfc9e17ac34f9a1a193f
LIVE555_FILE:=live.$(LIVE555_VERSION).tar.gz
PKG_MAINTAINER:=Michel Promonet<michel.promonet@free.fr>
SECTION:=multimedia
CATEGORY:=Multimedia
TITLE:=v4l2camera
- DEPENDS:=+libstdcpp
+ DEPENDS:=+libstdcpp +alsa-lib
URL:=https://github.com/mpromonet/v4l2camera
endef
HASH:=$(UI_HASH)
endef
+TARGET_LDFLAGS += -lasound
+
define Build/Prepare
# download live555
$(eval $(call Download,live555))
+++ /dev/null
-From: Michel Promonet <michel.promonet@free.fr>
-Subject: [PATCH] Fix crash formating time_t as long (it is a long long)
-Signed-off-by: Michel Promonet <michel.promonet@free.fr>
-
----
---- a/live/liveMedia/ServerMediaSession.cpp
-+++ b/live/liveMedia/ServerMediaSession.cpp
-@@ -272,7 +272,7 @@ char* ServerMediaSession::generateSDPDes
-
- char const* const sdpPrefixFmt =
- "v=0\r\n"
-- "o=- %ld%06ld %d IN %s %s\r\n"
-+ "o=- %lld%06lld %d IN %s %s\r\n"
- "s=%s\r\n"
- "i=%s\r\n"
- "t=0 0\r\n"
-@@ -300,7 +300,7 @@ char* ServerMediaSession::generateSDPDes
-
- // Generate the SDP prefix (session-level lines):
- snprintf(sdp, sdpLength, sdpPrefixFmt,
-- fCreationTime.tv_sec, fCreationTime.tv_usec, // o= <session id>
-+ (long long)fCreationTime.tv_sec, (long long)fCreationTime.tv_usec, // o= <session id>
- 1, // o= <version> // (needs to change if params are modified)
- addressFamily == AF_INET ? "IP4" : "IP6", // o= <address family>
- ipAddressStr.val(), // o= <address>
include $(TOPDIR)/rules.mk
PKG_NAME:=v4l2rtspserver
-PKG_VERSION:=0.3.10
-PKG_RELEASE:=9
+PKG_VERSION:=0.3.11
+PKG_RELEASE:=10
#cannot use codeload as this uses submodules
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/mpromonet/v4l2rtspserver
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
-PKG_MIRROR_HASH:=34bb8f34adfe72572abe3496f144ee3075ebd25180878e0131b783d881ceea62
+PKG_MIRROR_HASH:=3f205fa879a9bc7c6aa0785214badb7d4f4724ef914d172c426e64f18bc5de27
PKG_BUILD_FLAGS:=gc-sections lto
-LIVE555_VERSION:=2023.01.19
-LIVE555_HASH:=a7c64913f7f7007c5fdc29ea811e3ca781f262271b3e42afdd4bc1041d86fa99
+LIVE555_VERSION:=2024.08.01
+LIVE555_HASH:=839ab7437d01e629f8094ea1ec8c7a7bb504c7deed9edfc9e17ac34f9a1a193f
LIVE555_FILE:=live.$(LIVE555_VERSION).tar.gz
PKG_MAINTAINER:=Roger Dammit <rogerdammit@gmail.com>
SECTION:=multimedia
CATEGORY:=Multimedia
TITLE:=v4l2rtspserver
- DEPENDS:=+libstdcpp
+ DEPENDS:=+libstdcpp +alsa-lib
URL:=https://github.com/mpromonet/v4l2rtspserver
endef
TARGET_LDFLAGS += -Wl,--as-needed
CMAKE_OPTIONS += \
- -DALSA=OFF \
-DSTATICSTDCPP=OFF \
-DWITH_SSL=OFF \
-DLIVE555CFLAGS="SOCKLEN_T=socklen_t;_LARGEFILE_SOURCE=1;_FILE_OFFSET_BITS=64;LOCALE_NOT_USED;NO_SSTREAM=1;ALLOW_RTSP_SERVER_PORT_REUSE=1;NO_STD_LIB=1;VERSION=\"$(PKG_VERSION)\""
+++ /dev/null
-From: Michel Promonet <michel.promonet@free.fr>
-Subject: [PATCH] Fix crash formating time_t as long (it is a long long)
-Signed-off-by: Michel Promonet <michel.promonet@free.fr>
-
----
---- a/live/liveMedia/ServerMediaSession.cpp
-+++ b/live/liveMedia/ServerMediaSession.cpp
-@@ -272,7 +272,7 @@ char* ServerMediaSession::generateSDPDes
-
- char const* const sdpPrefixFmt =
- "v=0\r\n"
-- "o=- %ld%06ld %d IN %s %s\r\n"
-+ "o=- %lld%06lld %d IN %s %s\r\n"
- "s=%s\r\n"
- "i=%s\r\n"
- "t=0 0\r\n"
-@@ -300,7 +300,7 @@ char* ServerMediaSession::generateSDPDes
-
- // Generate the SDP prefix (session-level lines):
- snprintf(sdp, sdpLength, sdpPrefixFmt,
-- fCreationTime.tv_sec, fCreationTime.tv_usec, // o= <session id>
-+ (long long)fCreationTime.tv_sec, (long long)fCreationTime.tv_usec, // o= <session id>
- 1, // o= <version> // (needs to change if params are modified)
- addressFamily == AF_INET ? "IP4" : "IP6", // o= <address family>
- ipAddressStr.val(), // o= <address>
-#
-# Copyright (C) 2013-2017 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
include $(TOPDIR)/rules.mk
PKG_NAME:=xupnpd
-PKG_REV:=e4e542d9b6d0043d470fda283e2cd325bbb91950
-PKG_VERSION:=2018-11-20
-PKG_RELEASE:=2
+PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://codeload.github.com/clark15b/xupnpd/tar.gz/$(PKG_REV)?
-PKG_HASH:=9177b7d5615172fe64f1b6120e5239c0b818ba4bff1f26916fe39fb69eefee4f
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_REV)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/clark15b/xupnpd
+PKG_SOURCE_DATE:=2021-04-08
+PKG_SOURCE_VERSION:=2bc1e741e0efe04cb3150430ff25410093618b4f
+PKG_MIRROR_HASH:=00ba72ed3d394220cc564319d29b79c20e482d904e81aa7563b17349e918f94f
+PKG_MAINTAINER:=Álvaro Fernández Rojas <noltari@gmail.com>
PKG_LICENSE:=GPLv2
PKG_LICENSE_FILES:=LICENSE
-PKG_MAINTAINER:=Álvaro Fernández Rojas <noltari@gmail.com>
-
include $(INCLUDE_DIR)/package.mk
LUA_FLAGS:=-llua -lssl -lcrypto
include $(TOPDIR)/rules.mk
PKG_NAME:=yt-dlp
-PKG_VERSION:=2023.12.30
+PKG_VERSION:=2024.7.9
PKG_RELEASE:=1
PYPI_NAME:=yt-dlp
-PKG_HASH:=a11862e57721b0a0f0883dfeb5a4d79ba213a2d4c45e1880e9fd70f8e6570c38
+PKG_HASH:=e19f00f9e55e90bca1c94bcaf809aa33e51634be9f0de2df84a72d3206934f94
+PYPI_SOURCE_NAME:=yt_dlp
PKG_MAINTAINER:=Michal Vasilek <michal.vasilek@nic.cz>
PKG_LICENSE:=Unlicense
PKG_LICENSE_FILES:=LICENSE
+PKG_BUILD_DEPENDS:=python-hatchling/host
+
include ../../lang/python/pypi.mk
include $(INCLUDE_DIR)/package.mk
include ../../lang/python/python3-package.mk
include $(TOPDIR)/rules.mk
PKG_NAME:=aardvark-dns
-PKG_VERSION:=1.10.0
+PKG_VERSION:=1.11.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/containers/aardvark-dns/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=b3e77b3ff4eb40f010c78ca00762761e8c639c47e1cb67686d1eb7f522fbc81e
+PKG_HASH:=3e95b363f89a945ee6e63f51051f9eb982bdc469bf8e727b5d7adca676789750
PKG_MAINTAINER:=Oskari Rauta <oskari.rauta@gmail.com>
PKG_LICENSE:=Apache-2.0
include $(TOPDIR)/rules.mk
PKG_NAME:=acme-common
-PKG_VERSION:=1.1.1
+PKG_VERSION:=1.4.0
PKG_MAINTAINER:=Toke Høiland-Jørgensen <toke@toke.dk>
PKG_LICENSE:=GPL-3.0-only
load_options() {
section=$1
+ config_get staging "$section" staging
# compatibility for old option name
- config_get_bool staging "$section" use_staging
if [ -z "$staging" ]; then
- config_get_bool staging "$section" staging 0
+ config_get_bool staging "$section" use_staging 0
fi
export staging
config_get calias "$section" calias
export dalias
config_get domains "$section" domains
export domains
- export main_domain
main_domain="$(first_arg $domains)"
+ export main_domain
config_get keylength "$section" keylength
if [ "$keylength" ]; then
log warn "Option \"keylength\" is deprecated, please use key_type (e.g., ec256, rsa2048) instead."
fi
export state_dir
- config_get debug "$section" debug 0
+ config_get_bool debug "$section" debug 0
export debug
# only look for the first acme section
#!/bin/sh
+. /lib/functions.sh
+
+# Create a symlink to webroot
+if [ -d /www/ ] && [ ! -L /www/.well-known/acme-challenge ] && [ ! -d /www/.well-known/acme-challenge/ ]; then
+ mkdir -p /www/.well-known/
+ ln -s /var/run/acme/challenge/ /www/.well-known/acme-challenge
+fi
+
+# migrate deprecated opts
+# shellcheck disable=SC2155
+handle_cert() {
+ local section="$1"
+ local use_staging=$(uci_get acme "$section" use_staging)
+ if [ -n "$use_staging" ]; then
+ uci_remove acme "$section" use_staging
+ local staging=$(uci_get acme "$section" staging)
+ if [ -z "$staging" ]; then
+ uci_set acme "$section" staging "$use_staging"
+ fi
+ fi
+
+ local keylength=$(uci_get acme "$section" keylength)
+ if [ -n "$keylength" ]; then
+ uci_remove acme "$section" keylength
+ local key_type=$(uci_get acme "$section" key_type)
+ if [ -z "$key_type" ]; then
+ case $keylength in
+ ec-*) key_type=${keylength/-/} ;;
+ *) key_type=rsa$keylength ;;
+ esac
+ uci_set acme "$section" key_type "$key_type"
+ fi
+ fi
+
+ local standalone=$(uci_get acme "$section" standalone)
+ [ -n "$standalone" ] && uci_remove acme "$section" standalone
+ local dns=$(uci_get acme "$section" dns)
+ local validation_method=$(uci_get acme "$section" validation_method)
+ if [ -z "$validation_method" ]; then
+ if [ -n "$dns" ]; then
+ validation_method="dns"
+ elif [ "$standalone" = 1 ]; then
+ validation_method="standalone"
+ else
+ validation_method="webroot"
+ fi
+ uci_set acme "$section" validation_method "$validation_method"
+ fi
+}
+
+config_load acme
+config_foreach handle_cert cert
+uci_commit
grep -q '/etc/init.d/acme' /etc/crontabs/root 2>/dev/null && exit 0
echo "0 0 * * * /etc/init.d/acme start" >>/etc/crontabs/root
PKG_NAME:=adblock-fast
PKG_VERSION:=1.1.2
-PKG_RELEASE:=1
+PKG_RELEASE:=3
PKG_MAINTAINER:=Stan Grishin <stangri@melmac.ca>
PKG_LICENSE:=AGPL-3.0-or-later
SECTION:=net
CATEGORY:=Network
TITLE:=AdBlock Fast Service
- URL:=https://docs.openwrt.melmac.net/adblock-fast/
+ URL:=https://github.com/stangri/adblock-fast/
DEPENDS:=+jshn +curl
DEPENDS+=+!BUSYBOX_DEFAULT_AWK:gawk
DEPENDS+=+!BUSYBOX_DEFAULT_GREP:grep
$(SED) "s|^\(readonly PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" $(1)/etc/init.d/adblock-fast
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/etc/config/adblock-fast $(1)/etc/config/adblock-fast
- $(INSTALL_DIR) $(1)/tmp
- $(INSTALL_DATA) ./files/adblock-fast.config.update $(1)/tmp/adblock-fast.config.update
$(INSTALL_DIR) $(1)/etc/uci-defaults
- $(INSTALL_BIN) ./files/etc/uci-defaults/90-adblock-fast $(1)/etc/uci-defaults/90-adblock-fast
+ $(INSTALL_BIN) ./files/etc/uci-defaults/90-adblock-fast $(1)/etc/uci-defaults/90-adblock-fast
endef
define Package/adblock-fast/postinst
#!/bin/sh
# check if we are on real system
if [ -z "$${IPKG_INSTROOT}" ]; then
- sed -f /tmp/adblock-fast.config.update -i /etc/config/adblock-fast || true
/etc/init.d/adblock-fast enable
fi
exit 0
--- /dev/null
+# README
+
+Documentation for this project is available at [https://docs.openwrt.melmac.net/adblock-fast/](https://docs.openwrt.melmac.net/adblock-fast/).
+
\|dnsmasq.oisd.nl|d
\|dnsmasq2.oisd.nl|d
\|https://cdn.jsdelivr.net/gh/AdguardTeam/cname-trackers@master/combined_disguised_trackers_justdomains.txt|d
+\|sysctl.org/cameleon/hosts|d
option debug '0'
option dns 'dnsmasq.servers'
list dnsmasq_instance '*'
-# option dnsmasq_config_file_url 'https://big.oisd.nl/dnsmasq2'
+# option dnsmasq_config_file_url 'https://small.oisd.nl/dnsmasq2'
option download_timeout '10'
option force_dns '1'
list force_dns_port '53'
option verbosity '2'
config file_url
- option url 'https://cdn.jsdelivr.net/gh/StevenBlack/hosts/hosts'
- option size '6770929'
+ option name 'Hagezi - Pro'
+ option url 'https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/pro.txt'
+ option size '12522070'
option action 'block'
option enabled '0'
config file_url
+ option name 'AdguardTeam - CNAME Trackers'
option url 'https://raw.githubusercontent.com/AdguardTeam/cname-trackers/master/data/combined_disguised_trackers_justdomains.txt'
option size '6241707'
option action 'block'
option enabled '0'
config file_url
+ option name 'OISD - Big'
option url 'https://big.oisd.nl/'
option size '6163363'
option action 'block'
option enabled '0'
config file_url
- option url 'https://cdn.jsdelivr.net/gh/bongochong/CombinedPrivacyBlockLists/NoFormatting/cpbl-ctld.txt'
- option size '2608152'
+ option name 'StevenBlack - Unified hosts'
+ option url 'https://cdn.jsdelivr.net/gh/StevenBlack/hosts/hosts'
+ option size '4790642'
+ option action 'block'
+ option enabled '0'
+
+config file_url
+ option name '1Hosts - Lite'
+ option url 'https://o0.pages.dev/Lite/domains.txt'
+ option size '2786010'
option action 'block'
option enabled '0'
config file_url
- option url 'http://sysctl.org/cameleon/hosts'
- option size '638545'
+ option name 'Bongochong - Combined Privacy Block Lists (TLD Optimized)'
+ option url 'https://cdn.jsdelivr.net/gh/bongochong/CombinedPrivacyBlockLists/NoFormatting/cpbl-ctld.txt'
+ option size '2608152'
option action 'block'
option enabled '0'
config file_url
+ option name 'Kboghdady - YouTube Ads DNS'
option url 'https://cdn.jsdelivr.net/gh/kboghdady/youTube_ads_4_pi-hole/black.list'
option size '553006'
option action 'block'
option enabled '0'
config file_url
+ option name 'AdguardTeam - CNAME Clickthroughs'
option url 'https://raw.githubusercontent.com/AdguardTeam/cname-trackers/master/data/combined_disguised_clickthroughs_justdomains.txt'
option size '362170'
option action 'block'
option enabled '0'
config file_url
+ option name 'SomeoneWhoCares - Hosts'
option url 'https://someonewhocares.org/hosts/hosts'
option size '347410'
option action 'block'
option enabled '0'
config file_url
+ option name 'WinHelp2002 MVPS - Hosts'
option url 'https://winhelp2002.mvps.org/hosts.txt'
option size '334861'
option action 'block'
option enabled '0'
config file_url
+ option name 'AdAway - Hosts'
option url 'https://adaway.org/hosts.txt'
option size '243454'
option action 'block'
option enabled '0'
config file_url
+ option name 'AdguardTeam - CNAME Ads'
option url 'https://raw.githubusercontent.com/AdguardTeam/cname-trackers/master/data/combined_disguised_ads_justdomains.txt'
option size '222595'
option action 'block'
option enabled '0'
config file_url
+ option name 'AdguardTeam - CNAME Microsites'
option url 'https://raw.githubusercontent.com/AdguardTeam/cname-trackers/master/data/combined_disguised_microsites_justdomains.txt'
option size '123275'
option action 'block'
option enabled '0'
config file_url
+ option name 'Yoyo.org - Hosts'
option url 'https://pgl.yoyo.org/as/serverlist.php?hostformat=hosts&showintro=1&mimetype=plaintext'
option size '99588'
option action 'block'
option enabled '0'
config file_url
+ option name 'Hoshsadiq - NoCoin Adblock List'
option url 'https://cdn.jsdelivr.net/gh/hoshsadiq/adblock-nocoin-list/hosts.txt'
option size '11149'
option action 'block'
USE_PROCD=1
LC_ALL=C
+[ -n "${IPKG_INSTROOT}" ] && return 0
+
if type extra_command 1>/dev/null 2>&1; then
extra_command 'allow' 'Allows domain in current block-list and config'
extra_command 'check' 'Checks if specified domain is found in current block-list'
readonly packageName='adblock-fast'
readonly PKG_VERSION='dev-test'
-readonly packageCompat='1'
+readonly packageCompat='2'
readonly serviceName="$packageName $PKG_VERSION"
readonly packageConfigFile="/etc/config/${packageName}"
readonly dnsmasqAddnhostsFile="/var/run/${packageName}/dnsmasq.addnhosts"
label="${url##*//}"
label="${label%%/*}"
- label="File: $label"
+ label="${name:-$label}"
+ label="List: $label"
case "$action" in
allow) type='Allowed'; D_TMP="$A_TMP"
;;
}
adb_config_update() {
+ _cleanup_missing_urls() {
+ local cfg="$1" url size
+ config_get url "$cfg" url
+ if [ -z "$url" ]; then
+ uci_delete "$packageName" "$cfg"
+ fi
+ }
local R_TMP label
local param validation_result="$3"
case "$1" in
fi
fi
rm -f "$R_TMP"
+ config_load "$packageName"
+ config_foreach _cleanup_missing_urls 'file_url'
+ [ -n "$(uci_changes "$packageName")" ] && uci_commit "$packageName"
return 0
}
adb_sizes() {
_config_add_url_size() {
- local cfg="$1" url size
+ local cfg="$1" url name size
config_get url "$cfg" url
+ config_get name "$cfg" name
size="$(get_url_filesize "$url")"
- output "$url${size:+: $size} "
+ output "${name:-$url}${size:+: $size} "
if [ -n "$size" ]; then
uci_set "$packageName" "$cfg" 'size' "$size"
output_okn
load_environment "$validation_result" 'quiet' || return 1
config_load "$packageName"
config_foreach _config_add_url_size 'file_url'
- uci_commit "$packageName"
+ [ -n "$(uci_changes "$packageName")" ] && uci_commit "$packageName"
}
# shellcheck disable=SC2120
'enabled:bool:1' \
'action:or("allow", "block"):block' \
'size:or(uinteger, "")' \
+ 'name:string' \
'url:string'
}
output_okn
fi
+# Transition to list names
+_find_name() { grep -B1 "$1" "/etc/config/${packageName}-opkg" | head -1 | cut -d "'" -f2; }
+
+add_name() {
+ local cfg="$1"
+ local url name label
+ config_get url "$cfg" 'url'
+ config_get name "$cfg" 'name'
+ if [ -z "$name" ]; then
+ label="${url##*//}"
+ label="${label%%/*}";
+ output "Finding name for ${label}: "
+ name="$(_find_name "$url")"
+ if [ -n "$name" ]; then
+ uci_set "$packageName" "$cfg" 'name' "$name"
+ output "$name "
+ output_okn
+ else
+ output "Unknown "
+ output_failn
+ fi
+ else
+ output "Name for ${label} already set to ${name} "
+ output_okn
+ fi
+}
+
+if [ -s "/etc/config/${packageName}-opkg" ] && ! grep -q 'option name' "/etc/config/${packageName}"; then
+ config_load "$packageName"
+ config_foreach add_name 'file_url'
+ [ -n "$(uci_changes "$packageName")" ] && uci_commit "$packageName"
+fi
+
exit 0
include $(TOPDIR)/rules.mk
PKG_NAME:=adblock
-PKG_VERSION:=4.1.5
-PKG_RELEASE:=9
+PKG_VERSION:=4.2.2
+PKG_RELEASE:=4
PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
SECTION:=net
CATEGORY:=Network
TITLE:=Powerful adblock script to block ad/abuse domains by using DNS
- DEPENDS:=+jshn +jsonfilter +coreutils +coreutils-sort +ca-bundle +opkg
+ DEPENDS:=+jshn +jsonfilter +coreutils +coreutils-sort +gawk +ca-bundle
PKGARCH:=all
endef
# DNS based ad/abuse domain blocking
## Description
-A lot of people already use adblocker plugins within their desktop browsers, but what if you are using your (smart) phone, tablet, watch or any other (wlan) gadget!? Getting rid of annoying ads, trackers and other abuse sites (like facebook) is simple: block them with your router. When the DNS server on your router receives DNS requests, you will sort out queries that ask for the resource records of ad servers and return a simple 'NXDOMAIN'. This is nothing but **N**on-e**X**istent Internet or Intranet domain name, if domain name is unable to resolved using the DNS server, a condition called the 'NXDOMAIN' occurred.
+A lot of people already use adblocker plugins within their desktop browsers, but what if you are using your (smart) phone, tablet, watch or any other (wlan) gadget!? Getting rid of annoying ads, trackers and other abuse sites (like facebook) is simple: block them with your router. When the DNS server on your router receives DNS requests, you will sort out queries that ask for the resource records of ad servers and return a simple 'NXDOMAIN'. This is nothing but **N**on-e**X**istent Internet or Intranet domain name, if domain name is unable to resolved using the DNS server, a condition called the 'NXDOMAIN' occurred.
## Main Features
* Support of the following fully pre-configured domain blocklist sources (free for private usage, for commercial use please check their individual licenses)
| Source | Enabled | Size | Focus | Information |
| :------------------ | :-----: | :--- | :--------------- | :-------------------------------------------------------------------------------- |
-| adaway | x | S | mobile | [Link](https://github.com/AdAway/adaway.github.io) |
+| 1Hosts | | VAR | compilation | [Link](https://github.com/badmojr/1Hosts) |
+| adaway | | S | mobile | [Link](https://github.com/AdAway/adaway.github.io) |
| adguard | x | L | general | [Link](https://adguard.com) |
| adguard_tracking | | L | tracking | [Link](https://github.com/AdguardTeam/cname-trackers) |
| android_tracking | | S | tracking | [Link](https://github.com/Perflyst/PiHoleBlocklist) |
| anudeep | | M | compilation | [Link](https://github.com/anudeepND/blacklist) |
| bitcoin | | S | mining | [Link](https://github.com/hoshsadiq/adblock-nocoin-list) |
| cpbl | | XL | compilation | [Link](https://github.com/bongochong/CombinedPrivacyBlockLists) |
-| disconnect | x | S | general | [Link](https://disconnect.me) |
+| disconnect | | S | general | [Link](https://disconnect.me) |
| doh_blocklist | | S | doh_server | [Link](https://github.com/dibdot/DoH-IP-blocklists) |
| easylist | | M | compilation | [Link](https://easylist.to) |
| easyprivacy | | M | tracking | [Link](https://easylist.to) |
| firetv_tracking | | S | tracking | [Link](https://github.com/Perflyst/PiHoleBlocklist) |
| games_tracking | | S | tracking | [Link](https://www.gameindustry.eu) |
+| hagezi | | VAR | compilation | [Link](https://github.com/hagezi/dns-blocklists) |
| hblock | | XL | compilation | [Link](https://hblock.molinero.dev) |
| lightswitch05 | | XL | compilation | [Link](https://github.com/lightswitch05/hosts) |
| notracking | | XL | tracking | [Link](https://github.com/notracking/hosts-blocklists) |
| whocares | | M | general | [Link](https://someonewhocares.org) |
| winhelp | | S | general | [Link](https://winhelp2002.mvps.org) |
| winspy | | S | win_telemetry | [Link](https://github.com/crazy-max/WindowsSpyBlocker) |
-| yoyo | x | S | general | [Link](https://pgl.yoyo.org/adservers) |
+| yoyo | | S | general | [Link](https://pgl.yoyo.org/adservers) |
-* List of supported and fully pre-configured adblock sources, already active sources are pre-selected.
- <b><em>To avoid OOM errors, please do not select too many lists!</em></b>
- List size information with the respective domain ranges as follows:
- • <b>S</b> (-10k), <b>M</b> (10k-30k) and <b>L</b> (30k-80k) should work for 128 MByte devices,
- • <b>XL</b> (80k-200k) should work for 256-512 MByte devices,
- • <b>XXL</b> (200k-) needs more RAM and Multicore support, e.g. x86 or raspberry devices.
- • <b>VAR</b> (50k-500k) variable size depending on the selection.
+* List of supported and fully pre-configured adblock sources, already active sources are pre-selected.
+ <b><em>To avoid OOM errors, please do not select too many lists!</em></b>
+ List size information with the respective domain ranges as follows:
+ • <b>S</b> (-10k), <b>M</b> (10k-30k) and <b>L</b> (30k-80k) should work for 128 MByte devices,
+ • <b>XL</b> (80k-200k) should work for 256-512 MByte devices,
+ • <b>XXL</b> (200k-) needs more RAM and Multicore support, e.g. x86 or raspberry devices.
+ • <b>VAR</b> (50k-900k) variable size depending on the selection.
* Zero-conf like automatic installation & setup, usually no manual changes needed
* Simple but yet powerful adblock engine: adblock does not use error prone external iptables rulesets, http pixel server instances and things like that
* Supports five different DNS backend formats: dnsmasq, unbound, named (bind), kresd or raw (e.g. used by dnscrypt-proxy)
* Strong LuCI support, all relevant options are exposed to the web frontend
## Prerequisites
-* [OpenWrt](https://openwrt.org), tested with the stable release series and with the latest rolling snapshot releases.
- <b>Please note:</b> Devices with less than 128 MByte RAM are _not_ supported!
+* [OpenWrt](https://openwrt.org), tested with the stable release series and with the latest snapshot releases.
+ <b>Please note:</b> Devices with less than 128 MByte RAM are _not_ supported!
+ <b>Please note:</b> For performance reasons, adblock depends on gnu awk (gawk) by default.
+ If you insist to use the slow busybox awk implementation, remove the gawk package afterwards (_opkg remove gawk --force-depends_) or install adblock without any dependency checks/installation (_opkg install adblock --nodeps_). Both installation variants are officially unsupported.
* A usual setup with an enabled DNS backend at minimum - dumb AP modes without a working DNS backend are _not_ supported
* A download utility with SSL support: 'wget', 'uclient-fetch' with one of the 'libustream-*' ssl libraries, 'aria2c' or 'curl' is required
* A certificate store such as 'ca-bundle' or 'ca-certificates', as adblock checks the validity of the SSL certificates of all download sites by default
* Optional E-Mail notification support: for E-Mail notifications you need to install the additional 'msmtp' package
* Optional DNS Query Report support: for DNS reporting you need to install the additional package 'tcpdump-mini' or 'tcpdump'
-* Optional support for gnu awk as alternative to the busybox default, install the additional package 'gawk'
## Installation & Usage
* Update your local opkg repository (_opkg update_)
* Update from a former adblock version is easy. During the update a backup is made of the old configuration '/etc/config/adblock-backup' and replaced by the new config - that's all
## Adblock CLI Options
-* All important adblock functions are accessible via CLI as well.
+* All important adblock functions are accessible via CLI as well.
<pre><code>
~# /etc/init.d/adblock
Syntax: /etc/init.d/adblock [command]
resume Resume adblock processing
query <domain> Query active blocklists and backups for a specific domain
report [<search>] Print DNS statistics with an optional search parameter
- list [<add>|<add_utc>|<add_eng>|<add_stb>|<remove>|<remove_utc>|<remove_eng>|<remove_stb>] <source(s)> List/Edit available sources
+ list List available sources
timer [<add> <tasks> <hour> [<minute>] [<weekday>]]|[<remove> <line no.>] List/Edit cron update intervals
version Print version information
running Check if service is running
| adb_jaildir | /tmp | path for the generated jail list |
## Examples
-**Change the DNS backend to 'unbound':**
-No further configuration is needed, adblock deposits the final blocklist 'adb_list.overall' in '/var/lib/unbound' by default.
+**Change the DNS backend to 'unbound':**
+No further configuration is needed, adblock deposits the final blocklist 'adb_list.overall' in '/var/lib/unbound' by default.
To preserve the DNS cache after adblock processing please install the additional package 'unbound-control'.
-**Change the DNS backend to 'bind':**
-Adblock deposits the final blocklist 'adb_list.overall' in '/var/lib/bind' by default.
+**Change the DNS backend to 'bind':**
+Adblock deposits the final blocklist 'adb_list.overall' in '/var/lib/bind' by default.
To preserve the DNS cache after adblock processing please install the additional package 'bind-rdnc'.
To use the blocklist please modify '/etc/bind/named.conf':
<pre><code>
};
</code></pre>
-**Change the DNS backend to 'kresd':**
-Adblock deposits the final blocklist 'adb_list.overall' in '/etc/kresd', no further configuration needed.
+**Change the DNS backend to 'kresd':**
+Adblock deposits the final blocklist 'adb_list.overall' in '/etc/kresd', no further configuration needed.
<b>Please note:</b> The knot-resolver (kresd) is only available on Turris devices and does not support the SafeSearch functionality yet.
-**Use restrictive jail modes:**
+**Use restrictive jail modes:**
You can enable a restrictive 'adb_list.jail' to block access to all domains except those listed in the whitelist file. Usually this list will be generated as an additional list for guest or kidsafe configurations (for a separate dns server instance). If the jail directory points to your primary dns directory, adblock enables the restrictive jail mode automatically (jail mode only).
-**Manually override the download options:**
-By default adblock uses the following pre-configured download options:
+**Manually override the download options:**
+By default adblock uses the following pre-configured download options:
* aria2c: <code>--timeout=20 --allow-overwrite=true --auto-file-renaming=false --log-level=warn --dir=/ -o</code>
* curl: <code>--connect-timeout 20 --silent --show-error --location -o</code>
* uclient-fetch: <code>--timeout=20 -O</code>
To override the default set 'adb_fetchparm' manually to your needs.
-**Enable E-Mail notification via 'msmtp':**
-To use the email notification you have to install & configure the package 'msmtp'.
+**Enable E-Mail notification via 'msmtp':**
+To use the email notification you have to install & configure the package 'msmtp'.
Modify the file '/etc/msmtprc':
<pre><code>
[...]
</code></pre>
Finally enable E-Mail support and add a valid E-Mail receiver address in LuCI.
-**Service status output:**
-In LuCI you'll see the realtime status in the 'Runtime' section on the overview page.
+**Service status output:**
+In LuCI you'll see the realtime status in the 'Runtime' section on the overview page.
To get the status in the CLI, just call _/etc/init.d/adblock status_ or _/etc/init.d/adblock status\_service_:
<pre><code>
~#@blackhole:~# /etc/init.d/adblock status
+ last_run : restart, 3m 17s, 249/73/68, 2022-09-10T13:43:07+02:00
+ system : ASUS RT-AX53U, OpenWrt SNAPSHOT r20535-2ca5602864
</code></pre>
-The 'last\_run' line includes the used start type, the run duration, the memory footprint after DNS backend loading (total/free/available) and the date/time of the last run.
+The 'last\_run' line includes the used start type, the run duration, the memory footprint after DNS backend loading (total/free/available) and the date/time of the last run.
-**Edit, add new adblock sources:**
-The adblock blocklist sources are stored in an external, compressed JSON file '/etc/adblock/adblock.sources.gz'.
+**Edit, add new adblock sources:**
+The adblock blocklist sources are stored in an external, compressed JSON file '/etc/adblock/adblock.sources.gz'.
This file is directly parsed in LuCI and accessible via CLI, just call _/etc/init.d/adblock list_:
<pre><code>
/etc/init.d/adblock list
+ yoyo x S general https://pgl.yoyo.org
</code></pre>
-To add new or edit existing sources extract the compressed JSON file _gunzip /etc/adblock/adblock.sources.gz_.
+To add new or edit existing sources extract the compressed JSON file _gunzip /etc/adblock/adblock.sources.gz_.
A valid JSON source object contains the following required information, e.g.:
<pre><code>
[...]
},
[...]
</code></pre>
-Add an unique object name, make the required changes to 'url', 'rule', 'size' and 'descurl' and finally compress the changed JSON file _gzip /etc/adblock/adblock.sources_ to use the new source object in adblock.
-<b>Please note:</b> if you're going to add new sources on your own, please make a copy of the default file and work with that copy further on, cause the default will be overwritten with every adblock update. To reference your copy set the option 'adb\_srcarc' which points by default to '/etc/adblock/adblock.sources.gz'
+Add an unique object name, make the required changes to 'url', 'rule', 'size' and 'descurl' and finally compress the changed JSON file _gzip /etc/adblock/adblock.sources_ to use the new source object in adblock.
+<b>Please note:</b> if you're going to add new sources on your own, please make a copy of the default file and work with that copy further on, cause the default will be overwritten with every adblock update. To reference your copy set the option 'adb\_srcarc' which points by default to '/etc/adblock/adblock.sources.gz'
<b>Please note:</b> when adblock starts, it looks for the uncompressed 'adb\_srcfile', only if this file is not found the archive 'adb\_srcarc' is unpacked once and then the uncompressed file is used
## Support
Please join the adblock discussion in this [forum thread](https://forum.openwrt.org/t/adblock-support-thread/507) or contact me by mail <dev@brenken.org>
-Have fun!
-Dirk
+## Removal
+Stop all adblock related services with _/etc/init.d/adblock stop_ and remove the adblock package if necessary.
+
+## Donations
+You like this project - is there a way to donate? Generally speaking "No" - I have a well-paying full-time job and my OpenWrt projects are just a hobby of mine in my spare time.
+
+If you still insist to donate some bucks ...
+* I would be happy if you put your money in kind into other, social projects in your area, e.g. a children's hospice
+* Let's meet and invite me for a coffee if you are in my area, the “Markgräfler Land” in southern Germany or in Switzerland (Basel)
+* Send your money to my [PayPal account](https://www.paypal.me/DirkBrenken) and I will collect your donations over the year to support various social projects in my area
+No matter what you decide - thank you very much for your support!
+
+Have fun!
+Dirk
-stb;fakenews;alternates/fakenews/hosts
-stb;fakenews-gambling;alternates/fakenews-gambling/hosts
-stb;fakenews-gambling-porn;alternates/fakenews-gambling-porn/hosts
-stb;fakenews-gambling-porn-social;alternates/fakenews-porn-social/hosts
-stb;fakenews-gambling-social;alternates/fakenews-gambling-social/hosts
-stb;fakenews-porn;alternates/fakenews-porn/hosts
-stb;fakenews-porn-social;alternates/fakenews-porn-social/hosts
-stb;fakenews-social;alternates/fakenews-social/hosts
-stb;gambling;alternates/gambling/hosts
-stb;gambling-porn;alternates/gambling-porn/hosts
-stb;gambling-porn-social;alternates/gambling-porn-social/hosts
-stb;gambling-social;alternates/gambling-social/hosts
-stb;porn;alternates/porn/hosts
-stb;porn-social;alternates/porn-social/hosts
-stb;social;alternates/social/hosts
+hag;multi-light;light-onlydomains.txt
+hag;multi-normal;multi-onlydomains.txt
+hag;multi-pro;pro-onlydomains.txt
+hag;multi-pro.mini;pro.mini-onlydomains.txt
+hag;multi-pro.plus;pro.plus-onlydomains.txt
+hag;multi-pro.plus.mini;pro.plus.mini-onlydomains.txt
+hag;multi-ultimate;ultimate-onlydomains.txt
+hag;multi-ultimate.mini;ultimate.mini-onlydomains.txt
+hag;threat-intelligence;tif-onlydomains.txt
+hag;threat-intelligence.medium;tif.medium-onlydomains.txt
+hag;threat-intelligence.mini;tif.mini-onlydomains.txt
+hag;anti.piracy;anti.piracy-onlydomains.txt
+hag;doh;doh-onlydomains.txt
+hag;doh-vpn-proxy-bypass;doh-vpn-proxy-bypass-onlydomains.txt
+hag;dyndns;dyndns-onlydomains.txt
+hag;fake;fake-onlydomains.txt
+hag;gambling;gambling-onlydomains.txt
+hag;gambling.medium;gambling.medium-onlydomains.txt
+hag;gambling.mini;gambling.mini-onlydomains.txt
+hag;hoster;hoster-onlydomains.txt
+hag;tracker.amazon;native.amazon-onlydomains.txt
+hag;tracker.apple;native.apple-onlydomains.txt
+hag;tracker.huawei;native.huawei-onlydomains.txt
+hag;tracker.lgwebos;native.lgwebos-onlydomains.txt
+hag;tracker.oppo-realme;native.oppo-realme-onlydomains.txt
+hag;tracker.tiktok;native.tiktok-onlydomains.txt
+hag;tracker.tiktok.extended;native.tiktok.extended-onlydomains.txt
+hag;tracker.vivo;native.vivo-onlydomains.txt
+hag;tracker.winoffice;native.winoffice-onlydomains.txt
+hag;tracker.xiaomi;native.xiaomi-onlydomains.txt
+hag;nosafesearch;nosafesearch-onlydomains.txt
+hag;popupads;popupads-onlydomains.txt
+hst;mini;mini/domains.wildcards
+hst;lite;Lite/domains.wildcards
+hst;pro;Pro/domains.wildcards
+hst;xtra;Xtra/domains.wildcards
stb;standard;hosts
+stb;standard-fakenews;alternates/fakenews/hosts
+stb;standard-fakenews-gambling;alternates/fakenews-gambling/hosts
+stb;standard-fakenews-gambling-porn;alternates/fakenews-gambling-porn/hosts
+stb;standard-fakenews-gambling-porn-social;alternates/fakenews-porn-social/hosts
+stb;standard-fakenews-gambling-social;alternates/fakenews-gambling-social/hosts
+stb;standard-fakenews-porn;alternates/fakenews-porn/hosts
+stb;standard-fakenews-porn-social;alternates/fakenews-porn-social/hosts
+stb;standard-fakenews-social;alternates/fakenews-social/hosts
+stb;standard-gambling;alternates/gambling/hosts
+stb;standard-gambling-porn;alternates/gambling-porn/hosts
+stb;standard-gambling-porn-social;alternates/gambling-porn-social/hosts
+stb;standard-gambling-social;alternates/gambling-social/hosts
+stb;standard-porn;alternates/porn/hosts
+stb;standard-porn-social;alternates/porn-social/hosts
+stb;standard-social;alternates/social/hosts
+stb;fakenews;alternates/fakenews-only/hosts
+stb;fakenews-gambling;alternates/fakenews-gambling-only/hosts
+stb;fakenews-gambling-porn;alternates/fakenews-gambling-porn-only/hosts
+stb;fakenews-gambling-porn-social;alternates/fakenews-porn-social-only/hosts
+stb;fakenews-gambling-social;alternates/fakenews-gambling-social-only/hosts
+stb;fakenews-porn;alternates/fakenews-porn-only/hosts
+stb;fakenews-porn-social;alternates/fakenews-porn-social-only/hosts
+stb;fakenews-social;alternates/fakenews-social-only/hosts
+stb;gambling;alternates/gambling-only/hosts
+stb;gambling-porn;alternates/gambling-porn-only/hosts
+stb;gambling-porn-social;alternates/gambling-porn-social-only/hosts
+stb;gambling-social;alternates/gambling-social-only/hosts
+stb;porn;alternates/porn-only/hosts
+stb;porn-social;alternates/porn-social-only/hosts
+stb;social;alternates/social-only/hosts
utc;adult
utc;agressif
utc;arjel
option adb_mail '0'
option adb_report '0'
option adb_backup '1'
- list adb_sources 'adaway'
list adb_sources 'adguard'
- list adb_sources 'disconnect'
- list adb_sources 'yoyo'
#!/bin/sh /etc/rc.common
-# Copyright (c) 2015-2022 Dirk Brenken (dev@brenken.org)
+# Copyright (c) 2015-2024 Dirk Brenken (dev@brenken.org)
# This is free software, licensed under the GNU General Public License v3.
-# disable (s)hellcheck in release
+# (s)hellcheck exceptions
# shellcheck disable=all
START=30
extra_command "resume" "Resume adblock processing"
extra_command "query" "<domain> Query active blocklists and backups for a specific domain"
extra_command "report" "[[<cli>|<mail>|<gen>|<json>] [<top_count>] [<res_count>] [<search>]] Print DNS statistics with an optional search parameter"
-extra_command "list" "[<add>|<add_utc>|<add_eng>|<add_stb>|<remove>|<remove_utc>|<remove_eng>|<remove_stb>] <source(s)> List/Edit available sources"
+extra_command "list" "List available sources"
extra_command "timer" "[<add> <tasks> <hour> [<minute>] [<weekday>]]|[<remove> <line no.>] List/Edit cron update intervals"
adb_init="/etc/init.d/adblock"
adb_script="/usr/bin/adblock.sh"
adb_pidfile="/var/run/adblock.pid"
-if [ -s "${adb_pidfile}" ] && { [ "${action}" = "start" ] || [ "${action}" = "stop" ] ||
- [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "report" ] ||
- [ "${action}" = "suspend" ] || [ "${action}" = "resume" ] || [ "${action}" = "query" ] ||
- { [ "${action}" = "list" ] && [ -n "${1}" ]; }; }; then
- return 0
-fi
+[ "${action}" = "boot" ] && "${adb_init}" running && exit 0
+[ -s "${adb_pidfile}" ] && { [ "${action}" = "start" ] || [ "${action}" = "stop" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "report" ] || [ "${action}" = "suspend" ] || [ "${action}" = "resume" ] || [ "${action}" = "query" ] || { [ "${action}" = "list" ] && [ -n "${1}" ]; }; } && exit 1
boot() {
- [ -s "${adb_pidfile}" ] && : >"${adb_pidfile}"
+ : >"${adb_pidfile}"
rc_procd start_service
}
}
list() {
- local src_archive src_file src_enabled enabled name utc_list size focus descurl action="${1}"
-
- if [ "${action%_*}" = "add" ] || [ "${action%_*}" = "remove" ]; then
- shift
- for name in "${@}"; do
- case "${action}" in
- "add")
- if ! uci_get adblock global adb_sources | grep -q "${name}"; then
- uci_add_list adblock global adb_sources "${name}"
- printf "%s\n" "::: adblock source '${name}' added to config"
- fi
- ;;
- "remove")
- if uci_get adblock global adb_sources | grep -q "${name}"; then
- uci_remove_list adblock global adb_sources "${name}"
- printf "%s\n" "::: adblock source '${name}' removed from config"
- fi
- ;;
- "add_utc")
- if ! uci_get adblock global adb_utc_sources | grep -q "${name}"; then
- uci_add_list adblock global adb_utc_sources "${name}"
- printf "%s\n" "::: adblock utcapitole '${name}' added to config"
- fi
- ;;
- "remove_utc")
- if uci_get adblock global adb_utc_sources | grep -q "${name}"; then
- uci_remove_list adblock global adb_utc_sources "${name}"
- printf "%s\n" "::: adblock utcapitole '${name}' removed from config"
- fi
- ;;
- "add_eng")
- if ! uci_get adblock global adb_eng_sources | grep -q "${name}"; then
- uci_add_list adblock global adb_eng_sources "${name}"
- printf "%s\n" "::: adblock energized '${name}' added to config"
- fi
- ;;
- "remove_eng")
- if uci_get adblock global adb_eng_sources | grep -q "${name}"; then
- uci_remove_list adblock global adb_eng_sources "${name}"
- printf "%s\n" "::: adblock energized '${name}' removed from config"
- fi
- ;;
- "add_stb")
- if ! uci_get adblock global adb_stb_sources | grep -q "${name}"; then
- uci_add_list adblock global adb_stb_sources "${name}"
- printf "%s\n" "::: adblock stevenblack '${name}' added to config"
- fi
- ;;
- "remove_stb")
- if uci_get adblock global adb_stb_sources | grep -q "${name}"; then
- uci_remove_list adblock global adb_stb_sources "${name}"
- printf "%s\n" "::: adblock stevenblack '${name}' removed from config"
- fi
- ;;
- esac
- done
- [ -n "$(uci -q changes adblock)" ] && { uci_commit adblock; "${adb_init}" start; }
- else
- src_archive="$(uci_get adblock global adb_srcarc "/etc/adblock/adblock.sources.gz")"
- src_file="$(uci_get adblock global adb_srcfile "/tmp/adb_sources.json")"
- src_enabled="$(uci -q show adblock.global.adb_sources)"
- [ -r "${src_archive}" ] && zcat "${src_archive}" >"${src_file}" || printf "%s\n" "::: adblock source archive '${src_archive}' not found"
-
- if [ -r "${src_file}" ]; then
- src_enabled="${src_enabled#*=}"
- src_enabled="${src_enabled//\'}"
- printf "%s\n" "::: Available adblock sources"
- printf "%s\n" ":::"
- printf "%-25s%-10s%-7s%-21s%s\n" " Name" "Enabled" "Size" "Focus" "Info URL"
- printf "%s\n" " -------------------------------------------------------------------"
- json_load_file "${src_file}"
- json_get_keys keylist
- for key in ${keylist}; do
- json_select "${key}"
- json_get_var size "size"
- json_get_var focus "focus"
- json_get_var descurl "descurl"
- json_get_var url "url"
- json_get_var rule "rule"
- if [ -n "${url}" ] && [ -n "${rule}" ]; then
- if printf "%s" "${src_enabled}" | grep -q "${key}"; then
- enabled="x"
- else
- enabled=" "
- fi
- src_enabled="${src_enabled/${key}}"
- printf " + %-21s%-10s%-7s%-21s%s\n" "${key:0:20}" "${enabled}" "${size:0:3}" "${focus:0:20}" "${descurl:0:50}"
+ local src_archive src_file src_enabled enabled name utc_list size focus descurl
+
+ src_archive="$(uci_get adblock global adb_srcarc "/etc/adblock/adblock.sources.gz")"
+ src_file="$(uci_get adblock global adb_srcfile "/tmp/adb_sources.json")"
+ src_enabled="$(uci -q show adblock.global.adb_sources)"
+ [ -r "${src_archive}" ] && zcat "${src_archive}" >"${src_file}" || printf "%s\n" "::: adblock source archive '${src_archive}' not found"
+
+ if [ -r "${src_file}" ]; then
+ src_enabled="${src_enabled#*=}"
+ src_enabled="${src_enabled//\'}"
+ printf "%s\n" "::: Available adblock sources"
+ printf "%s\n" ":::"
+ printf "%-25s%-10s%-7s%-21s%s\n" " Name" "Enabled" "Size" "Focus" "Info URL"
+ printf "%s\n" " -------------------------------------------------------------------"
+ json_load_file "${src_file}"
+ json_get_keys keylist
+ for key in ${keylist}; do
+ json_select "${key}"
+ json_get_var size "size"
+ json_get_var focus "focus"
+ json_get_var descurl "descurl"
+ json_get_var url "url"
+ json_get_var rule "rule"
+ if [ -n "${url}" ] && [ -n "${rule}" ]; then
+ if printf "%s" "${src_enabled}" | grep -q "${key}"; then
+ enabled="x"
else
- src_enabled="${src_enabled} ${key}"
+ enabled=" "
fi
- json_select ..
- done
- utc_list="$(uci_get adblock global adb_utc_sources "-")"
- eng_list="$(uci_get adblock global adb_eng_sources "-")"
- stb_list="$(uci_get adblock global adb_stb_sources "-")"
- printf "%s\n" " ---------------------------------------------------------------------------"
- printf " * %s\n" "Configured utcapitole categories: ${utc_list// /, }"
- printf " * %s\n" "Configured energized variants: ${eng_list// /, }"
- printf " * %s\n" "Configured stevenblack variants: ${stb_list// /, }"
-
- if [ -n "${src_enabled// }" ]; then
- printf "%s\n" " ---------------------------------------------------------------------------"
- printf "%s\n" " Sources with invalid configuration"
- printf "%s\n" " ---------------------------------------------------------------------------"
- for key in ${src_enabled}; do
- printf " - %s\n" "${key:0:20}"
- done
+ src_enabled="${src_enabled/${key}}"
+ printf " + %-21s%-10s%-7s%-21s%s\n" "${key:0:20}" "${enabled}" "${size:0:3}" "${focus:0:20}" "${descurl:0:50}"
+ else
+ src_enabled="${src_enabled} ${key}"
fi
- else
- printf "%s\n" "::: adblock source file '${src_file}' not found"
+ json_select ..
+ done
+ utc_list="$(uci_get adblock global adb_utc_sources "-")"
+ hag_list="$(uci_get adblock global adb_hag_sources "-")"
+ stb_list="$(uci_get adblock global adb_stb_sources "-")"
+ printf "%s\n" " ---------------------------------------------------------------------------"
+ printf " * %s\n" "Configured utcapitole categories: ${utc_list// /, }"
+ printf " * %s\n" "Configured hagezi variants: ${hag_list// /, }"
+ printf " * %s\n" "Configured stevenblack variants: ${stb_list// /, }"
+
+ if [ -n "${src_enabled// }" ]; then
+ printf "%s\n" " ---------------------------------------------------------------------------"
+ printf "%s\n" " Sources with invalid configuration"
+ printf "%s\n" " ---------------------------------------------------------------------------"
+ for key in ${src_enabled}; do
+ printf " - %s\n" "${key:0:20}"
+ done
fi
+ else
+ printf "%s\n" "::: adblock source file '${src_file}' not found"
fi
}
iface="$(uci_get adblock global adb_trigger)"
delay="$(uci_get adblock global adb_triggerdelay "5")"
- PROCD_RELOAD_DELAY="$((delay * 1000))"
+ PROCD_RELOAD_DELAY="$((delay * 1000))"
[ -n "${iface}" ] && procd_add_interface_trigger "interface.*.up" "${iface}" "${adb_init}" "start"
+
+ PROCD_RELOAD_DELAY="$((2 * 1000))"
procd_add_reload_trigger "adblock"
}
# Copyright (c) 2015-2024 Dirk Brenken (dev@brenken.org)
# This is free software, licensed under the GNU General Public License v3.
-# disable (s)hellcheck in release
+# (s)hellcheck exceptions
# shellcheck disable=all
# set initial defaults
export LC_ALL=C
export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-adb_ver="4.1.5"
+adb_ver="4.2.2-r4"
adb_enabled="0"
adb_debug="0"
adb_forcedns="0"
adb_srcarc="/etc/adblock/adblock.sources.gz"
adb_srcfile="${adb_tmpbase}/adb_sources.json"
adb_rtfile="${adb_tmpbase}/adb_runtime.json"
-adb_loggercmd="$(command -v logger)"
-adb_dumpcmd="$(command -v tcpdump)"
-adb_lookupcmd="$(command -v nslookup)"
adb_fetchutil=""
adb_fetchinsecure=""
adb_zonelist=""
adb_sources=""
adb_cnt=""
-# load & check adblock environment
+# command selector
+#
+f_cmd() {
+ local cmd pri_cmd="${1}" sec_cmd="${2}"
+
+ cmd="$(command -v "${pri_cmd}" 2>/dev/null)"
+ if [ ! -x "${cmd}" ]; then
+ if [ -n "${sec_cmd}" ]; then
+ [ "${sec_cmd}" = "optional" ] && return
+ cmd="$(command -v "${sec_cmd}" 2>/dev/null)"
+ fi
+ if [ -x "${cmd}" ]; then
+ printf "%s" "${cmd}"
+ else
+ f_log "emerg" "command '${pri_cmd:-"-"}'/'${sec_cmd:-"-"}' not found"
+ fi
+ else
+ printf "%s" "${cmd}"
+ fi
+}
+
+# load adblock environment
#
f_load() {
local bg_pid iface port ports cpu core
- adb_sysver="$(ubus -S call system board 2>/dev/null | jsonfilter -q -e '@.model' -e '@.release.description' |
- "${adb_awk}" 'BEGIN{RS="";FS="\n"}{printf "%s, %s",$1,$2}')"
- adb_memory="$("${adb_awk}" '/^MemTotal|^MemFree|^MemAvailable/{ORS="/"; print int($2/1000)}' "/proc/meminfo" 2>/dev/null |
- "${adb_awk}" '{print substr($0,1,length($0)-1)}')"
-
+ adb_sysver="$("${adb_ubuscmd}" -S call system board 2>/dev/null | "${adb_jsoncmd}" -q -e '@.model' -e '@.release.description' |
+ "${adb_awkcmd}" 'BEGIN{RS="";FS="\n"}{printf "%s, %s",$1,$2}')"
+ adb_memory="$("${adb_awkcmd}" '/^MemAvailable/{printf "%s",int($2/1000)}' "/proc/meminfo" 2>/dev/null)"
f_conf
- cpu="$(grep -c '^processor' /proc/cpuinfo 2>/dev/null)"
- core="$(grep -cm1 '^core id' /proc/cpuinfo 2>/dev/null)"
- [ "${cpu}" = "0" ] && cpu="1"
- [ "${core}" = "0" ] && core="1"
- adb_cores="$((cpu * core))"
+ if [ -z "${adb_cores}" ]; then
+ cpu="$("${adb_grepcmd}" -c '^processor' /proc/cpuinfo 2>/dev/null)"
+ core="$("${adb_grepcmd}" -cm1 '^core id' /proc/cpuinfo 2>/dev/null)"
+ [ "${cpu}" = "0" ] && cpu="1"
+ [ "${core}" = "0" ] && core="1"
+ adb_cores="$((cpu * core))"
+ [ "${adb_cores}" -gt "16" ] && adb_cores="16"
+ fi
if [ "${adb_action}" != "report" ]; then
f_dns
exit 0
fi
- bg_pid="$(pgrep -f "^${adb_dumpcmd}.*adb_report\\.pcap$" | "${adb_awk}" '{ORS=" "; print $1}')"
+ bg_pid="$("${adb_pgrepcmd}" -f "^${adb_dumpcmd}.*adb_report\\.pcap$" | "${adb_awkcmd}" '{ORS=" "; print $1}')"
if [ -x "${adb_dumpcmd}" ] && { [ "${adb_report}" = "0" ] || { [ -n "${bg_pid}" ] && { [ "${adb_action}" = "stop" ] || [ "${adb_action}" = "restart" ]; }; }; }; then
if [ -n "${bg_pid}" ]; then
kill -HUP "${bg_pid}" 2>/dev/null
done
unset bg_pid
fi
+ rm -f "${adb_reportdir}"/adb_report.pcap*
fi
if [ -x "${adb_dumpcmd}" ] && [ "${adb_report}" = "1" ] && [ -z "${bg_pid}" ] && [ "${adb_action}" != "report" ] && [ "${adb_action}" != "stop" ]; then
f_log "info" "report directory '${adb_reportdir}' created"
fi
if [ -n "${adb_repiface}" ] && [ -d "${adb_reportdir}" ]; then
- ("${adb_dumpcmd}" -nn -p -s0 -l -i ${adb_repiface} ${ports} -C${adb_repchunksize} -W${adb_repchunkcnt} -w "${adb_reportdir}/adb_report.pcap" >/dev/null 2>&1 &)
- bg_pid="$(pgrep -f "^${adb_dumpcmd}.*adb_report\\.pcap$" | "${adb_awk}" '{ORS=" "; print $1}')"
+ ("${adb_dumpcmd}" --immediate-mode -nn -p -s0 -l -i ${adb_repiface} ${ports} -C${adb_repchunksize} -W${adb_repchunkcnt} -w "${adb_reportdir}/adb_report.pcap" >/dev/null 2>&1 &)
+ bg_pid="$("${adb_pgrepcmd}" -f "^${adb_dumpcmd}.*adb_report\\.pcap$" | "${adb_awkcmd}" '{ORS=" "; print $1}')"
else
f_log "info" "Please set the name of the reporting network device 'adb_repiface' manually"
fi
f_conf() {
local cnt="0" cnt_max="10"
- [ ! -r "/etc/config/adblock" ] && f_log "err" "no valid adblock config found, please re-install the package via opkg with the '--force-reinstall --force-maintainer' options"
+ [ ! -r "/etc/config/adblock" ] && f_log "err" "no valid adblock config found, please re-install the adblock package"
config_cb() {
option_cb() {
local value="${2}"
if [ "${option}" = "adb_sources" ]; then
eval "${option}=\"$(printf "%s" "${adb_sources}") ${value}\""
- elif [ "${option}" = "adb_eng_sources" ]; then
- eval "${option}=\"$(printf "%s" "${adb_eng_sources}") ${value}\""
+ elif [ "${option}" = "adb_hag_sources" ]; then
+ eval "${option}=\"$(printf "%s" "${adb_hag_sources}") ${value}\""
+ elif [ "${option}" = "adb_hst_sources" ]; then
+ eval "${option}=\"$(printf "%s" "${adb_hst_sources}") ${value}\""
elif [ "${option}" = "adb_stb_sources" ]; then
eval "${option}=\"$(printf "%s" "${adb_stb_sources}") ${value}\""
elif [ "${option}" = "adb_utc_sources" ]; then
adb_dnsuser="${adb_dnsuser:-"dnsmasq"}"
adb_dnsdir="${adb_dnsdir:-"/tmp/dnsmasq.d"}"
adb_dnsheader="${adb_dnsheader:-""}"
- adb_dnsdeny="${adb_dnsdeny:-"${adb_awk} '{print \"local=/\"\$0\"/\"}'"}"
- adb_dnsallow="${adb_dnsallow:-"${adb_awk} '{print \"local=/\"\$0\"/#\"}'"}"
- adb_dnssafesearch="${adb_dnssafesearch:-"${adb_awk} -v item=\"\$item\" '{print \"address=/\"\$0\"/\"item\"\"}'"}"
- adb_dnsstop="${adb_dnsstop:-"address=/#/"}"
+ adb_dnsdeny="${adb_dnsdeny:-"${adb_awkcmd} '{print \"local=/\"\$0\"/\"}'"}"
+ adb_dnsallow="${adb_dnsallow:-"${adb_awkcmd} '{print \"local=/\"\$0\"/#\"}'"}"
+ adb_dnssafesearch="${adb_dnssafesearch:-"${adb_awkcmd} -v item=\"\$item\" '{print \"address=/\"\$0\"/\"item\"\";print \"local=/\"\$0\"/\"}'"}"
+ adb_dnsstop="${adb_dnsstop:-"address=/#/\nlocal=/#/"}"
;;
"unbound")
adb_dnscachecmd="$(command -v unbound-control || printf "%s" "-")"
adb_dnsuser="${adb_dnsuser:-"unbound"}"
adb_dnsdir="${adb_dnsdir:-"/var/lib/unbound"}"
adb_dnsheader="${adb_dnsheader:-""}"
- adb_dnsdeny="${adb_dnsdeny:-"${adb_awk} '{print \"local-zone: \\042\"\$0\"\\042 always_nxdomain\"}'"}"
- adb_dnsallow="${adb_dnsallow:-"${adb_awk} '{print \"local-zone: \\042\"\$0\"\\042 always_transparent\"}'"}"
- adb_dnssafesearch="${adb_dnssafesearch:-"${adb_awk} -v item=\"\$item\" '{type=\"AAAA\";if(match(item,/^([0-9]{1,3}\.){3}[0-9]{1,3}$/)){type=\"A\"}}{print \"local-data: \\042\"\$0\" \"type\" \"item\"\\042\"}'"}"
+ adb_dnsdeny="${adb_dnsdeny:-"${adb_awkcmd} '{print \"local-zone: \\042\"\$0\"\\042 always_nxdomain\"}'"}"
+ adb_dnsallow="${adb_dnsallow:-"${adb_awkcmd} '{print \"local-zone: \\042\"\$0\"\\042 always_transparent\"}'"}"
+ adb_dnssafesearch="${adb_dnssafesearch:-"${adb_awkcmd} -v item=\"\$item\" '{type=\"AAAA\";if(match(item,/^([0-9]{1,3}\.){3}[0-9]{1,3}$/)){type=\"A\"}}{print \"local-data: \\042\"\$0\" \"type\" \"item\"\\042\"}'"}"
adb_dnsstop="${adb_dnsstop:-"local-zone: \".\" always_nxdomain"}"
;;
"named")
adb_dnsuser="${adb_dnsuser:-"bind"}"
adb_dnsdir="${adb_dnsdir:-"/var/lib/bind"}"
adb_dnsheader="${adb_dnsheader:-"\$TTL 2h\n@ IN SOA localhost. root.localhost. (1 6h 1h 1w 2h)\n IN NS localhost.\n"}"
- adb_dnsdeny="${adb_dnsdeny:-"${adb_awk} '{print \"\"\$0\" CNAME .\\n*.\"\$0\" CNAME .\"}'"}"
- adb_dnsallow="${adb_dnsallow:-"${adb_awk} '{print \"\"\$0\" CNAME rpz-passthru.\\n*.\"\$0\" CNAME rpz-passthru.\"}'"}"
- adb_dnsdenyip="${adb_dnsdenyip:-"${adb_awk} '{print \"\"\$0\".rpz-client-ip CNAME .\"}'"}"
- adb_dnsallowip="${adb_dnsallowip:-"${adb_awk} '{print \"\"\$0\".rpz-client-ip CNAME rpz-passthru.\"}'"}"
- adb_dnssafesearch="${adb_dnssafesearch:-"${adb_awk} -v item=\"\$item\" '{print \"\"\$0\" CNAME \"item\".\\n*.\"\$0\" CNAME \"item\".\"}'"}"
+ adb_dnsdeny="${adb_dnsdeny:-"${adb_awkcmd} '{print \"\"\$0\" CNAME .\\n*.\"\$0\" CNAME .\"}'"}"
+ adb_dnsallow="${adb_dnsallow:-"${adb_awkcmd} '{print \"\"\$0\" CNAME rpz-passthru.\\n*.\"\$0\" CNAME rpz-passthru.\"}'"}"
+ adb_dnsdenyip="${adb_dnsdenyip:-"${adb_awkcmd} '{print \"\"\$0\".rpz-client-ip CNAME .\"}'"}"
+ adb_dnsallowip="${adb_dnsallowip:-"${adb_awkcmd} '{print \"\"\$0\".rpz-client-ip CNAME rpz-passthru.\"}'"}"
+ adb_dnssafesearch="${adb_dnssafesearch:-"${adb_awkcmd} -v item=\"\$item\" '{print \"\"\$0\" CNAME \"item\".\\n*.\"\$0\" CNAME \"item\".\"}'"}"
adb_dnsstop="${adb_dnsstop:-"* CNAME ."}"
;;
"kresd")
adb_dnsuser="${adb_dnsuser:-"root"}"
adb_dnsdir="${adb_dnsdir:-"/etc/kresd"}"
adb_dnsheader="${adb_dnsheader:-"\$TTL 2h\n@ IN SOA localhost. root.localhost. (1 6h 1h 1w 2h)\n"}"
- adb_dnsdeny="${adb_dnsdeny:-"${adb_awk} '{print \"\"\$0\" CNAME .\\n*.\"\$0\" CNAME .\"}'"}"
- adb_dnsallow="${adb_dnsallow:-"${adb_awk} '{print \"\"\$0\" CNAME rpz-passthru.\\n*.\"\$0\" CNAME rpz-passthru.\"}'"}"
- adb_dnssafesearch="${adb_dnssafesearch:-"${adb_awk} -v item=\"\$item\" '{type=\"AAAA\";if(match(item,/^([0-9]{1,3}\.){3}[0-9]{1,3}$/)){type=\"A\"}}{print \"\"\$0\" \"type\" \"item\"\"}'"}"
+ adb_dnsdeny="${adb_dnsdeny:-"${adb_awkcmd} '{print \"\"\$0\" CNAME .\\n*.\"\$0\" CNAME .\"}'"}"
+ adb_dnsallow="${adb_dnsallow:-"${adb_awkcmd} '{print \"\"\$0\" CNAME rpz-passthru.\\n*.\"\$0\" CNAME rpz-passthru.\"}'"}"
+ adb_dnssafesearch="${adb_dnssafesearch:-"${adb_awkcmd} -v item=\"\$item\" '{type=\"AAAA\";if(match(item,/^([0-9]{1,3}\.){3}[0-9]{1,3}$/)){type=\"A\"}}{print \"\"\$0\" \"type\" \"item\"\"}'"}"
adb_dnsstop="${adb_dnsstop:-"* CNAME ."}"
;;
"raw")
if [ "${adb_dns}" != "raw" ] && [ "${adb_action}" != "stop" ]; then
while [ "${cnt}" -le 30 ]; do
- dns_up="$(ubus -S call service list "{\"name\":\"${adb_dns}\"}" 2>/dev/null | jsonfilter -l1 -e "@[\"${adb_dns}\"].instances.*.running" 2>/dev/null)"
+ dns_up="$("${adb_ubuscmd}" -S call service list "{\"name\":\"${adb_dns}\"}" 2>/dev/null | "${adb_jsoncmd}" -l1 -e "@[\"${adb_dns}\"].instances.*.running" 2>/dev/null)"
if [ "${dns_up}" = "true" ]; then
break
fi
f_rmdns() {
local status
- status="$(ubus -S call service list '{"name":"adblock"}' 2>/dev/null | jsonfilter -l1 -e '@["adblock"].instances.*.running' 2>/dev/null)"
+ status="$("${adb_ubuscmd}" -S call service list '{"name":"adblock"}' 2>/dev/null | "${adb_jsoncmd}" -l1 -e '@["adblock"].instances.*.running' 2>/dev/null)"
if [ "${adb_dns}" = "raw" ] || { [ -n "${adb_dns}" ] && [ -n "${status}" ]; }; then
: >"${adb_rtfile}"
[ "${adb_backup}" = "1" ] && rm -f "${adb_backupdir}/${adb_dnsprefix}".*.gz
local change config="${1}"
if [ -n "${config}" ]; then
- change="$(uci -q changes "${config}" | "${adb_awk}" '{ORS=" "; print $0}')"
+ change="$(uci -q changes "${config}" | "${adb_awkcmd}" '{ORS=" "; print $0}')"
if [ -n "${change}" ]; then
uci_commit "${config}"
case "${config}" in
[ -s "${adb_tmpfile}.${name}" ] && adb_cnt="$(wc -l 2>/dev/null <"${adb_tmpfile}.${name}")"
;;
"whitelist")
- [ -s "${adb_tmpdir}/tmp.raw.${name}" ] && { adb_cnt="$(wc -l 2>/dev/null <"${adb_tmpdir}/tmp.raw.${name}")"; rm -f "${adb_tmpdir}/tmp.raw.${name}"; }
+ [ -s "${adb_tmpdir}/tmp.raw.${name}" ] && { adb_cnt="$(wc -l 2>/dev/null <"${adb_tmpdir}/tmp.raw.${name}")"; : >"${adb_tmpdir}/tmp.raw.${name}"; }
;;
"safesearch")
[ -s "${adb_tmpdir}/tmp.safesearch.${name}" ] && adb_cnt="$(wc -l 2>/dev/null <"${adb_tmpdir}/tmp.safesearch.${name}")"
f_uci "${config}"
config="firewall"
- fwcfg="$(uci -qNX show "${config}" | "${adb_awk}" 'BEGIN{FS="[.=]"};/adblock_/{if(zone==$2){next}else{ORS=" ";zone=$2;print zone}}')"
+ fwcfg="$(uci -qNX show "${config}" | "${adb_awkcmd}" 'BEGIN{FS="[.=]"};/adblock_/{if(zone==$2){next}else{ORS=" ";zone=$2;print zone}}')"
if [ "${adb_enabled}" = "1" ] && [ "${adb_forcedns}" = "1" ] &&
/etc/init.d/firewall enabled; then
for zone in ${adb_zonelist}; do
if [ "${restart_rc}" = "0" ]; then
rset="/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}"
while [ "${cnt}" -le "${adb_dnstimeout}" ]; do
- dns_service="$(ubus -S call service list "{\"name\":\"${adb_dns}\"}")"
- dns_up="$(printf "%s" "${dns_service}" | jsonfilter -l1 -e "@[\"${adb_dns}\"].instances.*.running")"
- dns_pid="$(printf "%s" "${dns_service}" | jsonfilter -l1 -e "@[\"${adb_dns}\"].instances.*.pid")"
+ dns_service="$("${adb_ubuscmd}" -S call service list "{\"name\":\"${adb_dns}\"}")"
+ dns_up="$(printf "%s" "${dns_service}" | "${adb_jsoncmd}" -l1 -e "@[\"${adb_dns}\"].instances.*.running")"
+ dns_pid="$(printf "%s" "${dns_service}" | "${adb_jsoncmd}" -l1 -e "@[\"${adb_dns}\"].instances.*.pid")"
if [ "${dns_up}" = "true" ] && [ -n "${dns_pid}" ] && ! ls "/proc/${dns_pid}/fd/${adb_dnsdir}/${adb_dnsfile}" >/dev/null 2>&1; then
- if [ -x "${adb_lookupcmd}" ] && [ -n "$(printf "%s" "${adb_lookupdomain}" | "${adb_awk}" "${rset}")" ]; then
+ if [ -x "${adb_lookupcmd}" ] && [ -n "$(printf "%s" "${adb_lookupdomain}" | "${adb_awkcmd}" "${rset}")" ]; then
if "${adb_lookupcmd}" "${adb_lookupdomain}" >/dev/null 2>&1; then
out_rc="0"
break
if [ -n "${adb_allowip}" ]; then
: >"${adb_tmpdir}/tmp.raw.${src_name}"
for ip in ${adb_allowip}; do
- printf "%s" "${ip}" | "${adb_awk}" "${rset}" >>"${adb_tmpdir}/tmp.raw.${src_name}"
+ printf "%s" "${ip}" | "${adb_awkcmd}" "${rset}" >>"${adb_tmpdir}/tmp.raw.${src_name}"
done
eval "${adb_dnsallowip}" "${adb_tmpdir}/tmp.raw.${src_name}" >"${adb_tmpdir}/tmp.add.${src_name}"
out_rc="${?}"
if [ -n "${adb_denyip}" ] && { [ -z "${out_rc}" ] || [ "${out_rc}" = "0" ]; }; then
: >"${adb_tmpdir}/tmp.raw.${src_name}"
for ip in ${adb_denyip}; do
- printf "%s" "${ip}" | "${adb_awk}" "${rset}" >>"${adb_tmpdir}/tmp.raw.${src_name}"
+ printf "%s" "${ip}" | "${adb_awkcmd}" "${rset}" >>"${adb_tmpdir}/tmp.raw.${src_name}"
done
eval "${adb_dnsdenyip}" "${adb_tmpdir}/tmp.raw.${src_name}" >>"${adb_tmpdir}/tmp.add.${src_name}"
out_rc="${?}"
fi
- rm -f "${adb_tmpdir}/tmp.raw.${src_name}"
+ : >"${adb_tmpdir}/tmp.raw.${src_name}"
fi
;;
"blacklist" | "whitelist")
src_name="${mode}"
if [ "${src_name}" = "blacklist" ] && [ -f "${adb_blacklist}" ]; then
rset="/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}"
- "${adb_awk}" "${rset}" "${adb_blacklist}" >"${adb_tmpdir}/tmp.raw.${src_name}"
+ "${adb_awkcmd}" "${rset}" "${adb_blacklist}" >"${adb_tmpdir}/tmp.raw.${src_name}"
if [ -s "${adb_whitelist}" ]; then
- "${adb_awk}" 'NR==FNR{member[$1];next}!($1 in member)' "${adb_whitelist}" "${adb_tmpdir}/tmp.raw.${src_name}" >"${adb_tmpdir}/tmp.deduplicate.${src_name}"
+ "${adb_awkcmd}" 'NR==FNR{member[$1];next}!($1 in member)' "${adb_whitelist}" "${adb_tmpdir}/tmp.raw.${src_name}" >"${adb_tmpdir}/tmp.deduplicate.${src_name}"
else
cat "${adb_tmpdir}/tmp.raw.${src_name}" >"${adb_tmpdir}/tmp.deduplicate.${src_name}"
fi
- "${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' "${adb_tmpdir}/tmp.deduplicate.${src_name}" >"${adb_tmpdir}/tmp.raw.${src_name}"
- "${adb_sort}" ${adb_srtopts} -u "${adb_tmpdir}/tmp.raw.${src_name}" 2>/dev/null >"${adb_tmpfile}.${src_name}"
+ "${adb_awkcmd}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' "${adb_tmpdir}/tmp.deduplicate.${src_name}" >"${adb_tmpdir}/tmp.raw.${src_name}"
+ "${adb_sortcmd}" ${adb_srtopts} -u "${adb_tmpdir}/tmp.raw.${src_name}" 2>/dev/null >"${adb_tmpfile}.${src_name}"
out_rc="${?}"
- rm -f "${adb_tmpdir}/tmp.raw.${src_name}"
+ : > "${adb_tmpdir}/tmp.raw.${src_name}"
elif [ "${src_name}" = "whitelist" ] && [ -f "${adb_whitelist}" ]; then
rset="/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}"
- printf "%s\n" "${adb_lookupdomain}" | "${adb_awk}" "${rset}" >"${adb_tmpdir}/tmp.raw.${src_name}"
- "${adb_awk}" "${rset}" "${adb_whitelist}" >>"${adb_tmpdir}/tmp.raw.${src_name}"
+ printf "%s\n" "${adb_lookupdomain}" | "${adb_awkcmd}" "${rset}" >"${adb_tmpdir}/tmp.raw.${src_name}"
+ "${adb_awkcmd}" "${rset}" "${adb_whitelist}" >>"${adb_tmpdir}/tmp.raw.${src_name}"
out_rc="${?}"
if [ "${out_rc}" = "0" ]; then
- rset="/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{gsub(\"\\\\.\",\"\\\\.\",\$1);print tolower(\"^(|.*\\\\.)\"\$1\"$\")}"
- "${adb_awk}" "${rset}" "${adb_tmpdir}/tmp.raw.${src_name}" >"${adb_tmpdir}/tmp.rem.${src_name}"
+ rset="/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}"
+ "${adb_awkcmd}" "${rset}" "${adb_tmpdir}/tmp.raw.${src_name}" >"${adb_tmpdir}/tmp.rem.${src_name}"
out_rc="${?}"
if [ "${out_rc}" = "0" ] && [ "${adb_dnsallow}" != "1" ]; then
eval "${adb_dnsallow}" "${adb_tmpdir}/tmp.raw.${src_name}" >"${adb_tmpdir}/tmp.add.${src_name}"
out_rc="${?}"
if [ "${out_rc}" = "0" ] && [ "${adb_jail}" = "1" ] && [ "${adb_dnsstop}" != "0" ]; then
- : >"${adb_jaildir}/${adb_dnsjail}"
+ rm -f "${adb_jaildir}/${adb_dnsjail}"
[ -n "${adb_dnsheader}" ] && printf "%b" "${adb_dnsheader}" >>"${adb_jaildir}/${adb_dnsjail}"
cat "${adb_tmpdir}/tmp.add.${src_name}" >>"${adb_jaildir}/${adb_dnsjail}"
- printf "%s\n" "${adb_dnsstop}" >>"${adb_jaildir}/${adb_dnsjail}"
+ printf "%b\n" "${adb_dnsstop}" >>"${adb_jaildir}/${adb_dnsjail}"
fi
fi
fi
fi
if [ "${out_rc}" = "0" ]; then
if [ -x "${adb_lookupcmd}" ]; then
- safe_ips="$("${adb_lookupcmd}" "${safe_cname}" 2>/dev/null | "${adb_awk}" '/^Address[ 0-9]*: /{ORS=" ";print $NF}')"
- [ -n "${safe_ips}" ] && "${adb_awk}" "${rset}" "${safe_domains}" >"${adb_tmpdir}/tmp.raw.safesearch.${src_name}"
+ safe_ips="$("${adb_lookupcmd}" "${safe_cname}" 2>/dev/null | "${adb_awkcmd}" '/^Address[ 0-9]*: /{ORS=" ";print $NF}')"
+ [ -n "${safe_ips}" ] && "${adb_awkcmd}" "${rset}" "${safe_domains}" >"${adb_tmpdir}/tmp.raw.safesearch.${src_name}"
fi
out_rc="${?}"
fi
safe_cname="strict.bing.com"
safe_domains="www.bing.com"
if [ -x "${adb_lookupcmd}" ]; then
- safe_ips="$("${adb_lookupcmd}" "${safe_cname}" 2>/dev/null | "${adb_awk}" '/^Address[ 0-9]*: /{ORS=" ";print $NF}')"
+ safe_ips="$("${adb_lookupcmd}" "${safe_cname}" 2>/dev/null | "${adb_awkcmd}" '/^Address[ 0-9]*: /{ORS=" ";print $NF}')"
[ -n "${safe_ips}" ] && printf "%s\n" ${safe_domains} >"${adb_tmpdir}/tmp.raw.safesearch.${src_name}"
fi
out_rc="${?}"
safe_cname="safe.duckduckgo.com"
safe_domains="duckduckgo.com"
if [ -x "${adb_lookupcmd}" ]; then
- safe_ips="$("${adb_lookupcmd}" "${safe_cname}" 2>/dev/null | "${adb_awk}" '/^Address[ 0-9]*: /{ORS=" ";print $NF}')"
+ safe_ips="$("${adb_lookupcmd}" "${safe_cname}" 2>/dev/null | "${adb_awkcmd}" '/^Address[ 0-9]*: /{ORS=" ";print $NF}')"
[ -n "${safe_ips}" ] && printf "%s\n" ${safe_domains} >"${adb_tmpdir}/tmp.raw.safesearch.${src_name}"
fi
out_rc="${?}"
safe_cname="safesearch.pixabay.com"
safe_domains="pixabay.com"
if [ -x "${adb_lookupcmd}" ]; then
- safe_ips="$("${adb_lookupcmd}" "${safe_cname}" 2>/dev/null | "${adb_awk}" '/^Address[ 0-9]*: /{ORS=" ";print $NF}')"
+ safe_ips="$("${adb_lookupcmd}" "${safe_cname}" 2>/dev/null | "${adb_awkcmd}" '/^Address[ 0-9]*: /{ORS=" ";print $NF}')"
[ -n "${safe_ips}" ] && printf "%s\n" ${safe_domains} >"${adb_tmpdir}/tmp.raw.safesearch.${src_name}"
fi
out_rc="${?}"
safe_cname="familysearch.yandex.ru"
safe_domains="ya.ru yandex.ru yandex.com yandex.com.tr yandex.ua yandex.by yandex.ee yandex.lt yandex.lv yandex.md yandex.uz yandex.tm yandex.tj yandex.az yandex.kz"
if [ -x "${adb_lookupcmd}" ]; then
- safe_ips="$("${adb_lookupcmd}" "${safe_cname}" 2>/dev/null | "${adb_awk}" '/^Address[ 0-9]*: /{ORS=" ";print $NF}')"
+ safe_ips="$("${adb_lookupcmd}" "${safe_cname}" 2>/dev/null | "${adb_awkcmd}" '/^Address[ 0-9]*: /{ORS=" ";print $NF}')"
[ -n "${safe_ips}" ] && printf "%s\n" ${safe_domains} >"${adb_tmpdir}/tmp.raw.safesearch.${src_name}"
fi
out_rc="${?}"
fi
safe_domains="www.youtube.com m.youtube.com youtubei.googleapis.com youtube.googleapis.com www.youtube-nocookie.com"
if [ -x "${adb_lookupcmd}" ]; then
- safe_ips="$("${adb_lookupcmd}" "${safe_cname}" 2>/dev/null | "${adb_awk}" '/^Address[ 0-9]*: /{ORS=" ";print $NF}')"
+ safe_ips="$("${adb_lookupcmd}" "${safe_cname}" 2>/dev/null | "${adb_awkcmd}" '/^Address[ 0-9]*: /{ORS=" ";print $NF}')"
[ -n "${safe_ips}" ] && printf "%s\n" ${safe_domains} >"${adb_tmpdir}/tmp.raw.safesearch.${src_name}"
fi
out_rc="${?}"
[ "${adb_dns}" = "named" ] && array="${safe_cname}" || array="${safe_ips}"
for item in ${array}; do
if ! eval "${adb_dnssafesearch}" "${adb_tmpdir}/tmp.raw.safesearch.${src_name}" >>"${adb_tmpdir}/tmp.safesearch.${src_name}"; then
- rm -f "${adb_tmpdir}/tmp.safesearch.${src_name}"
+ : >"${adb_tmpdir}/tmp.safesearch.${src_name}"
break
fi
done
out_rc="${?}"
- rm -f "${adb_tmpdir}/tmp.raw.safesearch.${src_name}"
+ : >"${adb_tmpdir}/tmp.raw.safesearch.${src_name}"
fi
;;
"backup")
find "${adb_backupdir}" ${ffiles} -print0 2>/dev/null | xargs -0 rm 2>/dev/null
fi
unset src_name
- "${adb_sort}" ${adb_srtopts} -mu "${adb_tmpfile}".* 2>/dev/null >"${adb_tmpdir}/${adb_dnsfile}"
+ "${adb_sortcmd}" ${adb_srtopts} -mu "${adb_tmpfile}".* 2>/dev/null >"${adb_tmpdir}/${adb_dnsfile}"
out_rc="${?}"
rm -f "${adb_tmpfile}".*
;;
# top level domain compression
#
f_tld() {
- local cnt cnt_tld source="${1}" temp_tld="${1}.tld"
-
- if "${adb_awk}" '{if(NR==1){tld=$NF};while(getline){if(index($NF,tld".")==0){print tld;tld=$NF}}print tld}' "${source}" |
- "${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' >"${temp_tld}"; then
- mv -f "${temp_tld}" "${source}"
- cnt_tld="$(wc -l 2>/dev/null <"${source}")"
- else
- rm -f "${temp_tld}"
+ local cnt cnt_tld cnt_rem source="${1}" temp_tld="${1}.tld"
+
+ if "${adb_awkcmd}" '{if(NR==1){tld=$NF};while(getline){if(index($NF,tld".")==0){print tld;tld=$NF}}print tld}' "${source}" |
+ "${adb_awkcmd}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' >"${temp_tld}"; then
+ cnt_tld="$(wc -l 2>/dev/null <"${temp_tld}")"
+ if [ -s "${adb_tmpdir}/tmp.rem.whitelist" ]; then
+ "${adb_awkcmd}" 'NR==FNR{del[$0];next};!($0 in del)' "${adb_tmpdir}/tmp.rem.whitelist" "${temp_tld}" >"${source}"
+ cnt_rem="$(wc -l 2>/dev/null <"${source}")"
+ else
+ mv -f "${temp_tld}" "${source}"
+ fi
fi
- f_log "debug" "f_tld ::: source: ${source}, cnt: ${adb_cnt:-"-"}, cnt_tld: ${cnt_tld:-"-"}"
+ : > "${temp_tld}"
+ f_log "debug" "f_tld ::: source: ${source}, cnt: ${adb_cnt:-"-"}, cnt_tld: ${cnt_tld:-"-"}, cnt_rem: ${cnt_rem:-"-"}"
}
# suspend/resume adblock processing
while [ "${domain}" != "${tld}" ]; do
search="${domain//[+*~%\$&\"\']/}"
search="${search//./\\.}"
- result="$("${adb_awk}" -F '/|\"|\t| ' "/^(${search}|${prefix}+${search}.*${suffix})$/{i++;if(i<=9){printf \" + %s\n\",\$${field}}else if(i==10){printf \" + %s\n\",\"[...]\";exit}}" "${adb_dnsdir}/${adb_dnsfile}")"
+ result="$("${adb_awkcmd}" -F '/|\"|\t| ' "/^(${search}|${prefix}+${search}.*${suffix})$/{i++;if(i<=9){printf \" + %s\n\",\$${field}}else if(i==10){printf \" + %s\n\",\"[...]\";exit}}" "${adb_dnsdir}/${adb_dnsfile}")"
printf "%s\n%s\n%s\n" ":::" "::: domain '${domain}' in active blocklist" ":::"
printf "%s\n\n" "${result:-" - no match"}"
domain="${tld}"
suffix="${file##*.}"
if [ "${suffix}" = "gz" ]; then
zcat "${file}" 2>/dev/null |
- "${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' | "${adb_awk}" -v f="${file##*/}" "BEGIN{rc=1};/^($search|.*\\.${search})$/{i++;if(i<=3){printf \" + %-30s%s\n\",f,\$1;rc=0}else if(i==4){printf \" + %-30s%s\n\",f,\"[...]\"}};END{exit rc}"
+ "${adb_awkcmd}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' | "${adb_awkcmd}" -v f="${file##*/}" "BEGIN{rc=1};/^($search|.*\\.${search})$/{i++;if(i<=3){printf \" + %-30s%s\n\",f,\$1;rc=0}else if(i==4){printf \" + %-30s%s\n\",f,\"[...]\"}};END{exit rc}"
else
- "${adb_awk}" -v f="${file##*/}" "BEGIN{rc=1};/^($search|.*\\.${search})$/{i++;if(i<=3){printf \" + %-30s%s\n\",f,\$1;rc=0}else if(i==4){printf \" + %-30s%s\n\",f,\"[...]\"}};END{exit rc}" "${file}"
+ "${adb_awkcmd}" -v f="${file##*/}" "BEGIN{rc=1};/^($search|.*\\.${search})$/{i++;if(i<=3){printf \" + %-30s%s\n\",f,\$1;rc=0}else if(i==4){printf \" + %-30s%s\n\",f,\"[...]\"}};END{exit rc}" "${file}"
fi
if [ "${?}" = "0" ]; then
result="true"
f_jsnup() {
local entry sources runtime utils bg_pid status="${1:-"enabled"}"
- adb_memory="$("${adb_awk}" '/^MemTotal|^MemFree|^MemAvailable/{ORS="/"; print int($2/1000)}' "/proc/meminfo" 2>/dev/null |
- "${adb_awk}" '{print substr($0,1,length($0)-1)}')"
+ adb_memory="$("${adb_awkcmd}" '/^MemTotal|^MemFree|^MemAvailable/{ORS="/"; print int($2/1000)}' "/proc/meminfo" 2>/dev/null |
+ "${adb_awkcmd}" '{print substr($0,1,length($0)-1)}')"
case "${status}" in
"enabled" | "error")
esac
json_init
if json_load_file "${adb_rtfile}" >/dev/null 2>&1; then
- utils="download: $(readlink -fn "${adb_fetchutil}"), sort: $(readlink -fn "${adb_sort}"), awk: $(readlink -fn "${adb_awk}")"
+ utils="download: $(readlink -fn "${adb_fetchutil}"), sort: $(readlink -fn "${adb_sortcmd}"), awk: $(readlink -fn "${adb_awkcmd}")"
[ -z "${adb_cnt}" ] && { json_get_var adb_cnt "blocked_domains"; adb_cnt="${adb_cnt%% *}"; }
[ -z "${runtime}" ] && json_get_var runtime "last_run"
fi
adb_cnt="0"
sources="restrictive_jail"
else
- sources="$(printf "%s\n" ${adb_sources} | "${adb_sort}" | "${adb_awk}" '{ORS=" ";print $0}')"
+ sources="$(printf "%s\n" ${adb_sources} | "${adb_sortcmd}" | "${adb_awkcmd}" '{ORS=" ";print $0}')"
fi
: >"${adb_rtfile}"
if [ -n "${log_msg}" ] && { [ "${class}" != "debug" ] || [ "${adb_debug}" = "1" ]; }; then
[ -x "${adb_loggercmd}" ] && "${adb_loggercmd}" -p "${class}" -t "adblock-${adb_ver}[${$}]" "${log_msg}" || \
printf "%s %s %s\n" "${class}" "adblock-${adb_ver}[${$}]" "${log_msg}"
- if [ "${class}" = "err" ]; then
+ if [ "${class}" = "err" ] || [ "${class}" = "emerg" ]; then
f_rmdns
f_jsnup "error"
exit 1
f_main() {
local src_tmpload src_tmpfile src_name src_rset src_url src_log src_arc src_cat src_item src_list src_entries src_suffix src_rc entry cnt
- f_log "debug" "f_main ::: memory: ${adb_memory:-0}, cores: ${adb_cores}, safe_search: ${adb_safesearch}, force_dns: ${adb_forcedns}, awk: ${adb_awk}"
+ f_log "debug" "f_main ::: memory: ${adb_memory:-0}, cores: ${adb_cores}, safe_search: ${adb_safesearch}, force_dns: ${adb_forcedns}, awk: ${adb_awkcmd}"
# white- and blacklist preparation
#
fi
: >"${src_arc}"
else
- src_log="$(printf "%s" "${src_log}" | "${adb_awk}" '{ORS=" ";print $0}')"
+ src_log="$(printf "%s" "${src_log}" | "${adb_awkcmd}" '{ORS=" ";print $0}')"
f_log "info" "download of '${src_name}' failed, url: ${src_url}, rule: ${src_rset:-"-"}, categories: ${src_cat:-"-"}, rc: ${src_rc}, log: ${src_log:-"-"}"
fi
if [ "${src_rc}" = "0" ] && [ -s "${src_tmpload}" ]; then
- if [ -s "${adb_tmpdir}/tmp.rem.whitelist" ]; then
- "${adb_awk}" "${src_rset}" "${src_tmpload}" | sed "s/\r//g" |
- grep -Evf "${adb_tmpdir}/tmp.rem.whitelist" | "${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' >"${src_tmpsort}"
- else
- "${adb_awk}" "${src_rset}" "${src_tmpload}" | sed "s/\r//g" |
- "${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' >"${src_tmpsort}"
- fi
+ "${adb_awkcmd}" "${src_rset}" "${src_tmpload}" | "${adb_sedcmd}" "s/\r//g" | "${adb_awkcmd}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' >"${src_tmpsort}"
: >"${src_tmpload}"
- "${adb_sort}" ${adb_srtopts} -u "${src_tmpsort}" 2>/dev/null >"${src_tmpfile}"
+ "${adb_sortcmd}" ${adb_srtopts} -u "${src_tmpsort}" 2>/dev/null >"${src_tmpfile}"
src_rc="${?}"
: >"${src_tmpsort}"
if [ "${src_rc}" = "0" ] && [ -s "${src_tmpfile}" ]; then
elif [ "${adb_backup}" = "1" ] && [ "${adb_action}" != "start" ]; then
f_log "info" "archive preparation of '${src_name}' failed, categories: ${src_cat:-"-"}, entries: ${src_entries}, rc: ${src_rc}"
f_list restore
- rm -f "${src_tmpfile}"
+ : >"${src_tmpfile}"
fi
elif [ "${adb_backup}" = "1" ] && [ "${adb_action}" != "start" ]; then
f_log "info" "archive extraction of '${src_name}' failed, categories: ${src_cat:-"-"}, entries: ${src_entries}, rc: ${src_rc}"
) &
fi
else
- if [ "${src_name}" = "energized" ] && [ -n "${adb_eng_sources}" ]; then
- src_cat="${adb_eng_sources}"
+ if [ "${src_name}" = "1hosts" ] && [ -n "${adb_hst_sources}" ]; then
+ src_cat="${adb_hst_sources}"
+ elif [ "${src_name}" = "hagezi" ] && [ -n "${adb_hag_sources}" ]; then
+ src_cat="${adb_hag_sources}"
elif [ "${src_name}" = "stevenblack" ] && [ -n "${adb_stb_sources}" ]; then
src_cat="${adb_stb_sources}"
- elif { [ "${src_name}" = "energized" ] && [ -z "${adb_eng_sources}" ]; } ||
+ elif { [ "${src_name}" = "1hosts" ] && [ -z "${adb_hst_sources}" ]; } ||
+ { [ "${src_name}" = "hagezi" ] && [ -z "${adb_hag_sources}" ]; } ||
{ [ "${src_name}" = "stevenblack" ] && [ -z "${adb_stb_sources}" ]; }; then
continue
fi
fi
done
if [ "${src_rc}" = "0" ] && [ -s "${src_tmpload}" ]; then
- if [ -s "${adb_tmpdir}/tmp.rem.whitelist" ]; then
- "${adb_awk}" "${src_rset}" "${src_tmpload}" | sed "s/\r//g" |
- grep -Evf "${adb_tmpdir}/tmp.rem.whitelist" | "${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' >"${src_tmpsort}"
- else
- "${adb_awk}" "${src_rset}" "${src_tmpload}" | sed "s/\r//g" |
- "${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' >"${src_tmpsort}"
- fi
+ "${adb_awkcmd}" "${src_rset}" "${src_tmpload}" | "${adb_sedcmd}" "s/\r//g" |
+ "${adb_awkcmd}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' >"${src_tmpsort}"
: >"${src_tmpload}"
- "${adb_sort}" ${adb_srtopts} -u "${src_tmpsort}" 2>/dev/null >"${src_tmpfile}"
+ "${adb_sortcmd}" ${adb_srtopts} -u "${src_tmpsort}" 2>/dev/null >"${src_tmpfile}"
src_rc="${?}"
: >"${src_tmpsort}"
if [ "${src_rc}" = "0" ] && [ -s "${src_tmpfile}" ]; then
elif [ "${adb_backup}" = "1" ] && [ "${adb_action}" != "start" ]; then
f_log "info" "preparation of '${src_name}' failed, rc: ${src_rc}"
f_list restore
- rm -f "${src_tmpfile}"
+ : >"${src_tmpfile}"
fi
else
- src_log="$(printf "%s" "${src_log}" | "${adb_awk}" '{ORS=" ";print $0}')"
+ src_log="$(printf "%s" "${src_log}" | "${adb_awkcmd}" '{ORS=" ";print $0}')"
f_log "info" "download of '${src_name}' failed, url: ${src_url}, rule: ${src_rset:-"-"}, categories: ${src_cat:-"-"}, rc: ${src_rc}, log: ${src_log:-"-"}"
[ "${adb_backup}" = "1" ] && [ "${adb_action}" != "start" ] && f_list restore
fi
for file in "${adb_reportdir}/adb_report.pcap"*; do
(
if [ "${adb_repiface}" = "any" ]; then
- "${adb_dumpcmd}" "${resolve}" -tttt -r "${file}" 2>/dev/null |
- "${adb_awk}" -v cnt="${cnt}" '!/\.lan\. |PTR\? | SOA\? /&&/ A[\? ]+|NXDomain|0\.0\.0\.0/{a=$1;b=substr($2,0,8);c=$6;sub(/\.[0-9]+$/,"",c);gsub(/[^[:alnum:]\.:-]/,"",c);d=cnt $9;sub(/\*$/,"",d);
- e=$(NF-1);sub(/[0-9]\/[0-9]\/[0-9]|0\.0\.0\.0/,"NX",e);sub(/\.$/,"",e);sub(/([0-9]{1,3}\.){3}[0-9]{1,3}/,"OK",e);gsub(/[^[:alnum:]\.-]/,"",e);if(e==""){e="err"};printf "%s\t%s\t%s\t%s\t%s\n",d,e,a,b,c}' >>"${report_raw}"
+ "${adb_dumpcmd}" "${resolve}" --immediate-mode -T domain -tttt -r "${file}" 2>/dev/null |
+ "${adb_awkcmd}" -v cnt="${cnt}" '!/\.lan\. |PTR\? | SOA\? | Flags /&&/ A[A]*\? |NXDomain|0\.0\.0\.0|[0-9]\/[0-9]\/[0-9]/{sub(/\.[0-9]+$/,"",$6);
+ type=substr($(NF-1),length($(NF-1)));
+ if(type=="."&&$(NF-2)!="CNAME")
+ {domain=substr($(NF-1),1,length($(NF-1))-1);type="RQ"}
+ else
+ {if($(NF-2)~/NXDomain/||$(NF-1)=="0.0.0.0"){type="NX"}else{type="OK"};domain=""};
+ printf "%08d\t%s\t%s\t%s\t%-25s\t%s\n",$9,type,$1,substr($2,1,8),$6,domain}' >>"${report_raw}"
else
- "${adb_dumpcmd}" "${resolve}" -tttt -r "${file}" 2>/dev/null |
- "${adb_awk}" -v cnt="${cnt}" '!/\.lan\. |PTR\? | SOA\? /&&/ A[\? ]+|NXDomain|0\.0\.0\.0/{a=$1;b=substr($2,0,8);c=$4;sub(/\.[0-9]+$/,"",c);gsub(/[^[:alnum:]\.:-]/,"",c);d=cnt $7;sub(/\*$/,"",d);
- e=$(NF-1);sub(/[0-9]\/[0-9]\/[0-9]|0\.0\.0\.0/,"NX",e);sub(/\.$/,"",e);sub(/([0-9]{1,3}\.){3}[0-9]{1,3}/,"OK",e);gsub(/[^[:alnum:]\.-]/,"",e);if(e==""){e="err"};printf "%s\t%s\t%s\t%s\t%s\n",d,e,a,b,c}' >>"${report_raw}"
+ "${adb_dumpcmd}" "${resolve}" --immediate-mode -T domain -tttt -r "${file}" 2>/dev/null |
+ "${adb_awkcmd}" -v cnt="${cnt}" '!/\.lan\. |PTR\? | SOA\? | Flags /&&/ A[A]*\? |NXDomain|0\.0\.0\.0|[0-9]\/[0-9]\/[0-9]/{sub(/\.[0-9]+$/,"",$4);
+ type=substr($(NF-1),length($(NF-1)));
+ if(type=="."&&$(NF-2)!="CNAME")
+ {domain=substr($(NF-1),1,length($(NF-1))-1);type="RQ"}
+ else
+ {if($(NF-2)~/NXDomain/||$(NF-1)=="0.0.0.0"){type="NX"}else{type="OK"};domain=""};
+ printf "%08d\t%s\t%s\t%s\t%-25s\t%s\n",$7,type,$1,substr($2,1,8),$4,domain}' >>"${report_raw}"
fi
) &
hold="$((cnt % adb_cores))"
done
wait
if [ -s "${report_raw}" ]; then
- "${adb_sort}" ${adb_srtopts} -k1 -k3 -k4 -k5 -k1 -ur "${report_raw}" |
- "${adb_awk}" '{currA=($1+0);currB=$1;currC=substr($1,length($1),1);if(reqA==currB){reqA=0;printf "%s\t%s\n",d,$2}else if(currC=="+"){reqA=currA;d=$3"\t"$4"\t"$5"\t"$2}}' |
- "${adb_sort}" ${adb_srtopts} -k1 -k2 -k3 -k4 -ur >"${report_srt}"
- rm -f "${report_raw}"
+ "${adb_sortcmd}" ${adb_srtopts} -k3,3 -k4,4 -k1,1 -k2,2 -u -r "${report_raw}" |
+ "${adb_awkcmd}" '{currA=($1+0);currB=$1;currC=$2;if(reqA==currB){reqA=0;printf "%-90s\t%s\n",d,$2}else if(currC=="RQ"){reqA=currA;d=$3"\t"$4"\t"$5"\t"$6}}' |
+ "${adb_sortcmd}" ${adb_srtopts} -u -r >"${report_srt}"
+ : >"${report_raw}"
fi
if [ -s "${report_srt}" ]; then
- start="$("${adb_awk}" 'END{printf "%s_%s",$1,$2}' "${report_srt}")"
- end="$("${adb_awk}" 'NR==1{printf "%s_%s",$1,$2}' "${report_srt}")"
+ start="$("${adb_awkcmd}" 'END{printf "%s_%s",$1,$2}' "${report_srt}")"
+ end="$("${adb_awkcmd}" 'NR==1{printf "%s_%s",$1,$2}' "${report_srt}")"
total="$(wc -l <"${report_srt}")"
- blocked="$("${adb_awk}" '{if($5=="NX")cnt++}END{printf "%s",cnt}' "${report_srt}")"
- percent="$("${adb_awk}" -v t="${total}" -v b="${blocked}" 'BEGIN{printf "%.2f%s",b/t*100,"%"}')"
+ blocked="$("${adb_awkcmd}" '{if($5=="NX")cnt++}END{printf "%s",cnt}' "${report_srt}")"
+ percent="$("${adb_awkcmd}" -v t="${total}" -v b="${blocked}" 'BEGIN{printf "%.2f%s",b/t*100,"%"}')"
: >"${report_jsn}"
{
printf "%s\n" "{ "
printf "\t%s" "\"${top}\": [ " >>"${report_jsn}"
case "${top}" in
"top_clients")
- "${adb_awk}" '{print $3}' "${report_srt}" | "${adb_sort}" ${adb_srtopts} | uniq -c |
- "${adb_sort}" ${adb_srtopts} -nr |
- "${adb_awk}" "{ORS=\" \";if(NR==1)printf \"\n\t\t{\n\t\t\t\\\"count\\\": \\\"%s\\\",\n\t\t\t\\\"address\\\": \\\"%s\\\"\n\t\t}\",\$1,\$2; else if(NR<=${top_count})printf \",\n\t\t{\n\t\t\t\\\"count\\\": \\\"%s\\\",\n\t\t\t\\\"address\\\": \\\"%s\\\"\n\t\t}\",\$1,\$2}" >>"${report_jsn}"
+ "${adb_awkcmd}" '{print $3}' "${report_srt}" | "${adb_sortcmd}" ${adb_srtopts} | uniq -c |
+ "${adb_sortcmd}" ${adb_srtopts} -nr |
+ "${adb_awkcmd}" "{ORS=\" \";if(NR==1)printf \"\n\t\t{\n\t\t\t\\\"count\\\": \\\"%s\\\",\n\t\t\t\\\"address\\\": \\\"%s\\\"\n\t\t}\",\$1,\$2; else if(NR<=${top_count})printf \",\n\t\t{\n\t\t\t\\\"count\\\": \\\"%s\\\",\n\t\t\t\\\"address\\\": \\\"%s\\\"\n\t\t}\",\$1,\$2}" >>"${report_jsn}"
;;
"top_domains")
- "${adb_awk}" '{if($5!="NX")print $4}' "${report_srt}" | "${adb_sort}" ${adb_srtopts} | uniq -c |
- "${adb_sort}" ${adb_srtopts} -nr |
- "${adb_awk}" "{ORS=\" \";if(NR==1)printf \"\n\t\t{\n\t\t\t\\\"count\\\": \\\"%s\\\",\n\t\t\t\\\"address\\\": \\\"%s\\\"\n\t\t}\",\$1,\$2; else if(NR<=${top_count})printf \",\n\t\t{\n\t\t\t\\\"count\\\": \\\"%s\\\",\n\t\t\t\\\"address\\\": \\\"%s\\\"\n\t\t}\",\$1,\$2}" >>"${report_jsn}"
+ "${adb_awkcmd}" '{if($5!="NX")print $4}' "${report_srt}" | "${adb_sortcmd}" ${adb_srtopts} | uniq -c |
+ "${adb_sortcmd}" ${adb_srtopts} -nr |
+ "${adb_awkcmd}" "{ORS=\" \";if(NR==1)printf \"\n\t\t{\n\t\t\t\\\"count\\\": \\\"%s\\\",\n\t\t\t\\\"address\\\": \\\"%s\\\"\n\t\t}\",\$1,\$2; else if(NR<=${top_count})printf \",\n\t\t{\n\t\t\t\\\"count\\\": \\\"%s\\\",\n\t\t\t\\\"address\\\": \\\"%s\\\"\n\t\t}\",\$1,\$2}" >>"${report_jsn}"
;;
"top_blocked")
- "${adb_awk}" '{if($5=="NX")print $4}' "${report_srt}" |
- "${adb_sort}" ${adb_srtopts} | uniq -c | "${adb_sort}" ${adb_srtopts} -nr |
- "${adb_awk}" "{ORS=\" \";if(NR==1)printf \"\n\t\t{\n\t\t\t\\\"count\\\": \\\"%s\\\",\n\t\t\t\\\"address\\\": \\\"%s\\\"\n\t\t}\",\$1,\$2; else if(NR<=${top_count})printf \",\n\t\t{\n\t\t\t\\\"count\\\": \\\"%s\\\",\n\t\t\t\\\"address\\\": \\\"%s\\\"\n\t\t}\",\$1,\$2}" >>"${report_jsn}"
+ "${adb_awkcmd}" '{if($5=="NX")print $4}' "${report_srt}" |
+ "${adb_sortcmd}" ${adb_srtopts} | uniq -c | "${adb_sortcmd}" ${adb_srtopts} -nr |
+ "${adb_awkcmd}" "{ORS=\" \";if(NR==1)printf \"\n\t\t{\n\t\t\t\\\"count\\\": \\\"%s\\\",\n\t\t\t\\\"address\\\": \\\"%s\\\"\n\t\t}\",\$1,\$2; else if(NR<=${top_count})printf \",\n\t\t{\n\t\t\t\\\"count\\\": \\\"%s\\\",\n\t\t\t\\\"address\\\": \\\"%s\\\"\n\t\t}\",\$1,\$2}" >>"${report_jsn}"
;;
esac
printf "\n\t%s\n" "]," >>"${report_jsn}"
done
search="${search//./\\.}"
search="${search//[+*~%\$&\"\' ]/}"
- "${adb_awk}" "BEGIN{i=0;printf \"\t\\\"requests\\\": [\n\"}/(${search})/{i++;if(i==1)printf \"\n\t\t{\n\t\t\t\\\"date\\\": \\\"%s\\\",\n\t\t\t\\\"time\\\": \\\"%s\\\",\n\t\t\t\\\"client\\\": \\\"%s\\\",\n\t\t\t\\\"domain\\\": \\\"%s\\\",\n\t\t\t\\\"rc\\\": \\\"%s\\\"\n\t\t}\",\$1,\$2,\$3,\$4,\$5;else if(i<=${res_count})printf \",\n\t\t{\n\t\t\t\\\"date\\\": \\\"%s\\\",\n\t\t\t\\\"time\\\": \\\"%s\\\",\n\t\t\t\\\"client\\\": \\\"%s\\\",\n\t\t\t\\\"domain\\\": \\\"%s\\\",\n\t\t\t\\\"rc\\\": \\\"%s\\\"\n\t\t}\",\$1,\$2,\$3,\$4,\$5}END{printf \"\n\t]\n}\n\"}" "${adb_reportdir}/adb_report.srt" >>"${report_jsn}"
- rm -f "${report_srt}"
+ "${adb_awkcmd}" "BEGIN{i=0;printf \"\t\\\"requests\\\": [\n\"}/(${search})/{i++;if(i==1)printf \"\n\t\t{\n\t\t\t\\\"date\\\": \\\"%s\\\",\n\t\t\t\\\"time\\\": \\\"%s\\\",\n\t\t\t\\\"client\\\": \\\"%s\\\",\n\t\t\t\\\"domain\\\": \\\"%s\\\",\n\t\t\t\\\"rc\\\": \\\"%s\\\"\n\t\t}\",\$1,\$2,\$3,\$4,\$5;else if(i<=${res_count})printf \",\n\t\t{\n\t\t\t\\\"date\\\": \\\"%s\\\",\n\t\t\t\\\"time\\\": \\\"%s\\\",\n\t\t\t\\\"client\\\": \\\"%s\\\",\n\t\t\t\\\"domain\\\": \\\"%s\\\",\n\t\t\t\\\"rc\\\": \\\"%s\\\"\n\t\t}\",\$1,\$2,\$3,\$4,\$5}END{printf \"\n\t]\n}\n\"}" "${adb_reportdir}/adb_report.srt" >>"${report_jsn}"
+ : >"${report_srt}"
fi
fi
json_select ".."
done
content="$(cat "${report_txt}" 2>/dev/null)"
- rm -f "${report_txt}"
+ : >"${report_txt}"
fi
# report output
f_log "err" "system libraries not found"
fi
-# awk check
-#
-adb_awk="$(command -v gawk)"
-if [ ! -x "${adb_awk}" ]; then
- adb_awk="$(command -v awk)"
- [ ! -x "${adb_awk}" ] && f_log "err" "awk not found or not executable"
-fi
-
-# sort check
+# reference required system utilities
#
-adb_sort="$(command -v sort)"
-if [ ! -x "${adb_sort}" ] || ! "${adb_sort}" --version 2>/dev/null | grep -q "coreutils"; then
- f_log "err" "coreutils sort not found or not executable"
-fi
+adb_awkcmd="$(f_cmd gawk awk)"
+adb_sortcmd="$(f_cmd sort)"
+adb_grepcmd="$(f_cmd grep)"
+adb_pgrepcmd="$(f_cmd pgrep)"
+adb_sedcmd="$(f_cmd sed)"
+adb_jsoncmd="$(f_cmd jsonfilter)"
+adb_ubuscmd="$(f_cmd ubus)"
+adb_loggercmd="$(f_cmd logger)"
+adb_dumpcmd="$(f_cmd tcpdump optional)"
+adb_lookupcmd="$(f_cmd nslookup)"
# handle different adblock actions
#
{
+ "1hosts": {
+ "url": "https://raw.githubusercontent.com/badmojr/1Hosts/master/",
+ "rule": "/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}",
+ "size": "VAR",
+ "focus": "compilation",
+ "descurl": "https://github.com/badmojr/1Hosts"
+ },
"adaway": {
"url": "https://raw.githubusercontent.com/AdAway/adaway.github.io/master/hosts.txt",
"rule": "/^127\\.0\\.0\\.1[[:space:]]+([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($2)}",
"size": "XL",
"focus": "compilation",
"descurl": "https://hblock.molinero.dev"
+ },
+ "hagezi": {
+ "url": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/",
+ "rule": "/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}",
+ "size": "VAR",
+ "focus": "compilation",
+ "descurl": "https://github.com/hagezi/dns-blocklists"
},
"lightswitch05": {
"url": "https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt",
"descurl": "https://github.com/notracking/hosts-blocklists"
},
"oisd_big": {
- "url": "https://big.oisd.nl/domainswild",
- "rule": "BEGIN{FS=\"\\\\*.\"}/^\\*\\.([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($2)}",
+ "url": "https://big.oisd.nl/domainswild2",
+ "rule": "/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}",
"size": "XXL",
"focus": "general",
"descurl": "https://oisd.nl"
},
"oisd_nsfw": {
- "url": "https://nsfw.oisd.nl/domainswild",
- "rule": "BEGIN{FS=\"\\\\*.\"}/^\\*\\.([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($2)}",
+ "url": "https://nsfw.oisd.nl/domainswild2",
+ "rule": "/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}",
"size": "XXL",
"focus": "porn",
"descurl": "https://oisd.nl"
},
"oisd_small": {
- "url": "https://small.oisd.nl/domainswild",
- "rule": "BEGIN{FS=\"\\\\*.\"}/^\\*\\.([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($2)}",
+ "url": "https://small.oisd.nl/domainswild2",
+ "rule": "/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}",
"size": "L",
"focus": "general",
"descurl": "https://oisd.nl"
include $(TOPDIR)/rules.mk
PKG_NAME:=adguardhome
-PKG_VERSION:=0.107.48
-PKG_RELEASE:=1
+PKG_VERSION:=0.107.52
+PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
PKG_SOURCE_URL:=https://github.com/AdguardTeam/AdGuardHome
-PKG_MIRROR_HASH:=74d53a1fffeb5c24db536efadc92eeab2d8978277e513a98e630d2a3f7d142f6
+PKG_MIRROR_HASH:=1416358cfa1ab86f0b9b3a421e501be11214b6c33ac80e674913e2385f81d5b8
PKG_LICENSE:=GPL-3.0-only
PKG_LICENSE_FILES:=LICENSE.txt
config adguardhome config
# Where to store persistent data by AdGuard Home
option workdir /var/adguardhome
+ option config /etc/adguardhome.yaml
config_load adguardhome
config_get WORK_DIR config workdir
+ config_get CONFIG_FILE config config "/etc/adguardhome.yaml"
[ -d "$WORK_DIR" ] || mkdir -m 0755 -p "$WORK_DIR"
procd_open_instance
- procd_set_param command "$PROG" -c /etc/adguardhome.yaml -w "$WORK_DIR" --no-check-update
+ procd_set_param command "$PROG" -c "$CONFIG_FILE" -w "$WORK_DIR" --no-check-update
procd_set_param stdout 1
procd_set_param stderr 1
procd_close_instance
include $(TOPDIR)/rules.mk
PKG_NAME:=alist
-PKG_VERSION:=3.34.0
+PKG_VERSION:=3.37.4
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/alist-org/alist/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=843d6ccc74210d6541d0c976c4b396381ca98a855a9c75b2e753e94c7f78cbad
+PKG_HASH:=0f2c54aba7ddcfd7df3e959ce40709bbd88bf4eb9b0436079db879c8eb25b51b
PKG_LICENSE:=AGPL-3.0-only
PKG_LICENSE_FILES:=LICENSE
GO_PKG_LDFLAGS_X:= \
$(GO_PKG)/internal/conf.Version=$(PKG_VERSION) \
$(GO_PKG)/internal/conf.WebVersion=$(PKG_VERSION)
+ifeq ($(filter aarch64 x86_64, $(ARCH)),)
+ GO_PKG_EXCLUDES:=drivers/lark
+endif
include $(INCLUDE_DIR)/package.mk
include ../../lang/golang/golang-package.mk
/etc/config/alist
endef
-WEB_VERSION:=3.34.0
+WEB_VERSION:=3.37.1
WEB_FILE:=$(PKG_NAME)-web-$(WEB_VERSION).tar.gz
define Download/alist-web
URL:=https://github.com/alist-org/alist-web/releases/download/$(WEB_VERSION)/
URL_FILE:=dist.tar.gz
FILE:=$(WEB_FILE)
- HASH:=82a634c20df88b0ce385d029d0a23a8047b825273621d08c276232fb3309442c
+ HASH:=0ca1fceb5291c59d5b5dcc0f3e871eac96485d39abce8495f1eb510cc12bccf6
endef
define Build/Prepare
include $(TOPDIR)/rules.mk
PKG_NAME:=apache
-PKG_VERSION:=2.4.58
+PKG_VERSION:=2.4.62
PKG_RELEASE:=1
PKG_SOURCE_NAME:=httpd
PKG_SOURCE:=$(PKG_SOURCE_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=@APACHE/httpd/
-PKG_HASH:=fa16d72a078210a54c47dd5bef2f8b9b8a01d94909a51453956b3ec6442ea4c5
+PKG_HASH:=674188e7bf44ced82da8db522da946849e22080d73d16c93f7f4df89e25729ec
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_SOURCE_NAME)-$(PKG_VERSION)
-#endif
+static const char server_built[] = "";
- AP_DECLARE(const char *) ap_get_server_built()
+ AP_DECLARE(const char *) ap_get_server_built(void)
{
--- a/server/Makefile.in
+++ b/server/Makefile.in
+++ /dev/null
---- a/modules/md/md_crypt.c
-+++ b/modules/md/md_crypt.c
-@@ -1194,23 +1194,23 @@ int md_certs_are_equal(const md_cert_t *
-
- int md_cert_is_valid_now(const md_cert_t *cert)
- {
-- return ((X509_cmp_current_time(X509_get_notBefore(cert->x509)) < 0)
-- && (X509_cmp_current_time(X509_get_notAfter(cert->x509)) > 0));
-+ return ((X509_cmp_current_time(X509_get0_notBefore(cert->x509)) < 0)
-+ && (X509_cmp_current_time(X509_get0_notAfter(cert->x509)) > 0));
- }
-
- int md_cert_has_expired(const md_cert_t *cert)
- {
-- return (X509_cmp_current_time(X509_get_notAfter(cert->x509)) <= 0);
-+ return (X509_cmp_current_time(X509_get0_notAfter(cert->x509)) <= 0);
- }
-
- apr_time_t md_cert_get_not_after(const md_cert_t *cert)
- {
-- return md_asn1_time_get(X509_get_notAfter(cert->x509));
-+ return md_asn1_time_get(X509_get0_notAfter(cert->x509));
- }
-
- apr_time_t md_cert_get_not_before(const md_cert_t *cert)
- {
-- return md_asn1_time_get(X509_get_notBefore(cert->x509));
-+ return md_asn1_time_get(X509_get0_notBefore(cert->x509));
- }
-
- md_timeperiod_t md_cert_get_valid(const md_cert_t *cert)
---- a/modules/ssl/ssl_engine_init.c
-+++ b/modules/ssl/ssl_engine_init.c
-@@ -231,7 +231,7 @@ apr_status_t ssl_init_Module(apr_pool_t
- apr_status_t rv;
- apr_array_header_t *pphrases;
-
-- if (SSLeay() < MODSSL_LIBRARY_VERSION) {
-+ if (OpenSSL_version_num() < MODSSL_LIBRARY_VERSION) {
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, APLOGNO(01882)
- "Init: this version of mod_ssl was compiled against "
- "a newer library (%s, version currently loaded is %s)"
---- a/modules/ssl/ssl_engine_io.c
-+++ b/modules/ssl/ssl_engine_io.c
-@@ -1316,9 +1316,9 @@ static apr_status_t ssl_io_filter_handsh
- if (dc->proxy->ssl_check_peer_expire != FALSE) {
- if (!cert
- || (X509_cmp_current_time(
-- X509_get_notBefore(cert)) >= 0)
-+ X509_get0_notBefore(cert)) >= 0)
- || (X509_cmp_current_time(
-- X509_get_notAfter(cert)) <= 0)) {
-+ X509_get0_notAfter(cert)) <= 0)) {
- proxy_ssl_check_peer_ok = FALSE;
- ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c, APLOGNO(02004)
- "SSL Proxy: Peer certificate is expired");
---- a/modules/ssl/ssl_engine_log.c
-+++ b/modules/ssl/ssl_engine_log.c
-@@ -171,10 +171,10 @@ static void ssl_log_cert_error(const cha
- BIO_puts(bio, "(ERROR)");
-
- BIO_puts(bio, " / notbefore: ");
-- ASN1_TIME_print(bio, X509_get_notBefore(cert));
-+ ASN1_TIME_print(bio, X509_get0_notBefore(cert));
-
- BIO_puts(bio, " / notafter: ");
-- ASN1_TIME_print(bio, X509_get_notAfter(cert));
-+ ASN1_TIME_print(bio, X509_get0_notAfter(cert));
-
- BIO_puts(bio, "]");
-
---- a/modules/ssl/ssl_engine_vars.c
-+++ b/modules/ssl/ssl_engine_vars.c
-@@ -490,13 +490,13 @@ static char *ssl_var_lookup_ssl_cert(apr
- result = ssl_var_lookup_ssl_cert_serial(p, xs);
- }
- else if (strcEQ(var, "V_START")) {
-- result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notBefore(xs));
-+ result = ssl_var_lookup_ssl_cert_valid(p, X509_get0_notBefore(xs));
- }
- else if (strcEQ(var, "V_END")) {
-- result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notAfter(xs));
-+ result = ssl_var_lookup_ssl_cert_valid(p, X509_get0_notAfter(xs));
- }
- else if (strcEQ(var, "V_REMAIN")) {
-- result = ssl_var_lookup_ssl_cert_remain(p, X509_get_notAfter(xs));
-+ result = ssl_var_lookup_ssl_cert_remain(p, X509_get0_notAfter(xs));
- resdup = FALSE;
- }
- else if (*var && strcEQ(var+1, "_DN")) {
---- a/modules/ssl/ssl_private.h
-+++ b/modules/ssl/ssl_private.h
-@@ -102,6 +102,9 @@
- #include <openssl/x509v3.h>
- #include <openssl/x509_vfy.h>
- #include <openssl/ocsp.h>
-+#include <openssl/dh.h>
-+#include <openssl/bn.h>
-+#include <openssl/ui.h>
-
- /* Avoid tripping over an engine build installed globally and detected
- * when the user points at an explicit non-engine flavor of OpenSSL
---- a/support/ab.c
-+++ b/support/ab.c
-@@ -665,11 +665,11 @@ static void ssl_print_cert_info(BIO *bio
-
- BIO_printf(bio, "Certificate version: %ld\n", X509_get_version(cert)+1);
- BIO_printf(bio,"Valid from: ");
-- ASN1_UTCTIME_print(bio, X509_get_notBefore(cert));
-+ ASN1_UTCTIME_print(bio, X509_get0_notBefore(cert));
- BIO_printf(bio,"\n");
-
- BIO_printf(bio,"Valid to : ");
-- ASN1_UTCTIME_print(bio, X509_get_notAfter(cert));
-+ ASN1_UTCTIME_print(bio, X509_get0_notAfter(cert));
- BIO_printf(bio,"\n");
-
- pk = X509_get_pubkey(cert);
-@@ -2647,8 +2647,10 @@ int main(int argc, const char * const ar
- CRYPTO_malloc_init();
- #endif
- #endif
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- SSL_load_error_strings();
- SSL_library_init();
-+#endif
- bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
include $(TOPDIR)/rules.mk
PKG_NAME:=apfree-wifidog
-PKG_VERSION:=7.02.1977
+PKG_VERSION:=7.08.2035
PKG_RELEASE:=1
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://github.com/liudf0716/apfree-wifidog.git
-PKG_SOURCE_VERSION:=$(PKG_VERSION)
-PKG_MIRROR_HASH:=35c2492121678652b108acde08d1b1121db03c6badc4d8bd4befaa6af8d0123f
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/liudf0716/$(PKG_NAME)/tar.gz/$(PKG_VERSION)?
+PKG_HASH:=b7977be1b498c58643c32365d278bdc2e9bbc8f8b50b7189a59992efadb062c7
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
PKG_MAINTAINER:=Dengfeng Liu <liudf0716@gmail.com>
PKG_LICENSE:=GPL-3.0-or-later
config wifidogx 'common'
option gateway_interface 'br-lan'
- option auth_server_hostname 'your auth server domain or ip'
- option auth_server_port 443
+ option auth_server_hostname 'wifidogx.online'
+ option auth_server_port 80
option auth_server_path '/wifidog/'
option check_interval 60
option client_timeout 5
option wired_passed 0
option enabled 0
+ option log_level 1
+ option js_filter 1
+ option apple_cna 0
+ option enable_websocket 1
+ option enable_dns_forward 1
+
+config group 'wechat'
+ option g_type '3'
+ list wildcard_domain '.weixin.qq.com'
+ option g_desc '微信泛域名'
+
+config group 'wechat2'
+ option g_type '1'
+ list domain_name 'weixin.qq.com'
+ option g_desc '微信域名'
+
+config group 'dingtalk'
+ option g_type '3'
+ list wildcard_domain '.dingtalk.com'
+ option g_desc '钉钉'
+
+config group 'dingtalk2'
+ option g_type '1'
+ list domain_name 'dingtalk.com'
+ option g_desc '钉钉域名'
+
+config group 'alipay'
+ option g_type '3'
+ list wildcard_domain '.alipay.com'
+ list wildcard_domain '.alipayobjects.com'
+ list wildcard_domain '.alipaydev.com'
+ option g_desc '支付宝'
+
+config group 'alipay2'
+ option g_type '1'
+ list domain_name 'alipay.com'
+ list domain_name 'alipayobjects.com'
+ list domain_name 'alipaydev.com'
+ option g_desc '支付宝域名'
+
+config group 'macdemo'
+ option g_type '2'
+ list mac_address 'A0:B0:C0:D0:E0:F0'
+ option g_desc 'mac group demo'
\ No newline at end of file
PROG=/usr/bin/${NAME}
CONFIGFILE=/tmp/wifidogx.conf
+handle_gateway() {
+ local section=$1
+ local gateway_name gateway_channel gateway_id
+
+ config_get gateway_name $section gateway_name
+ config_get gateway_channel $section gateway_channel
+ config_get gateway_id $section gateway_id
+ if [ -z "$gateway_name" ] || [ -z "$gateway_channel" ]; then
+ echo "gateway_name is required for $section" >&2
+ return
+ fi
+ # if gateway_id is not set, get it from the gateway_name
+ if [ -z "$gateway_id" ]; then
+ gateway_id=$(ifconfig $gateway_name | grep HWaddr | awk '{print $5}' | tr 'a-z' 'A-Z')
+ [ -z "$gateway_id" ] && {
+ echo "Failed to get gateway_id for $gateway_name" >&2
+ return
+ }
+ gateway_id=$(echo $gateway_id | tr -d ':')
+ uci set wifidogx.$section.gateway_id=$gateway_id
+ uci commit wifidogx
+ fi
+
+ echo "GatewaySetting {
+ GatewayInterface $gateway_name
+ GatewayChannel $gateway_channel
+ GatewayID $gateway_id
+}" >> ${CONFIGFILE}
+}
+
prepare_wifidog_conf() {
[ -f ${CONFIGFILE} ] && rm -f ${CONFIGFILE}
uci_validate_section ${NAME} ${NAME} common \
'enabled:bool:0' \
- 'gateway_id:string' \
- 'gateway_interface:string:br-lan' \
+ 'log_level:integer:7' \
+ 'device_id:string' \
'auth_server_hostname:string' \
'auth_server_port:port:443' \
'auth_server_path:string:/wifidog/' \
'client_timeout:integer:5' \
'wired_passed:bool:1' \
'apple_cna:bool:0' \
- 'channel_path:string' \
- 'trusted_domains:string' \
- 'trusted_macs:string' \
+ 'trusted_domains:list(host)' \
+ 'trusted_wildcard_domains:list(string)' \
+ 'trusted_macs:list(string)' \
+ 'app_white_list:list(string)' \
+ 'mac_white_list:list(string)' \
+ 'wildcard_white_list:list(string)' \
+ 'enable_dns_forward:bool:1' \
+ 'enable_websocket:bool:1' \
'js_filter:bool:1'
- # if gateway_id is not set, get it from br-lan
- if [ -z "$gateway_id" ]; then
- gateway_id=$(sed -e 's/://g' /sys/class/net/${gateway_interface}/address)
- # convert to upper case
- gateway_id=$(echo $gateway_id | tr '[a-z]' '[A-Z]')
- # uci add gateway_id to config file
- uci set ${NAME}.common.gateway_id=$gateway_id
- uci commit ${NAME}
+ if [ ! -z "$app_white_list" ]; then
+ # iterate app_white_list and find the corresponding domain according to the item
+ for group in $app_white_list; do
+ group_domain_list=$(uci get wifidogx.$group.domain_name)
+ # if the domain list is not empty, add it to trusted_domains
+ if [ ! -z "$group_domain_list" ]; then
+ trusted_domains="$trusted_domains $group_domain_list"
+ fi
+ done
fi
-
- # if channel_path is not set, set it to apfree
- if [ -z "$channel_path" ]; then
- channel_path=apfree
- uci set ${NAME}.common.channel_path=$channel_path
- uci commit ${NAME}
+
+ if [ ! -z "$mac_white_list" ]; then
+ # iterate mac_white_list and find the corresponding mac according to the item
+ for group in $mac_white_list; do
+ group_mac_list=$(uci get wifidogx.$group.mac_address)
+ # if the mac list is not empty, add it to trusted_macs
+ if [ ! -z "$group_mac_list" ]; then
+ trusted_macs="$trusted_macs $group_mac_list"
+ fi
+ done
+ fi
+
+ if [ ! -z "$wildcard_white_list" ]; then
+ # iterate wildcard_white_list and find the corresponding domain according to the item
+ for group in $wildcard_white_list; do
+ group_wildcard_list=$(uci get wifidogx.$group.wildcard_domain)
+ if [ ! -z "$group_wildcard_list" ]; then
+ trusted_wildcard_domains="$trusted_wildcard_domains $group_wildcard_list"
+ fi
+ done
fi
# set above variables to config file
- echo "GatewayID $gateway_id" > ${CONFIGFILE}
- echo "GatewayInterface $gateway_interface" >> ${CONFIGFILE}
+ echo "DeviceID $device_id" > ${CONFIGFILE}
echo "AuthServer {
Hostname $auth_server_hostname
HTTPPort $auth_server_port
echo "JsFilter $js_filter" >> ${CONFIGFILE}
echo "WiredPassed $wired_passed" >> ${CONFIGFILE}
echo "BypassAppleCNA $apple_cna" >> ${CONFIGFILE}
- # if has trusted_domains, add it to config file
+ echo "EnableDNSForward $enable_dns_forward" >> ${CONFIGFILE}
+ echo "EnableWS $enable_websocket" >> ${CONFIGFILE}
+ # if has trusted_domains, parse the list to a string with ',' as separator and add it to config file
if [ ! -z "$trusted_domains" ]; then
+ trusted_domains=$(echo $trusted_domains | tr ' ' ',')
echo "TrustedDomains $trusted_domains" >> ${CONFIGFILE}
fi
# if has trusted_macs, add it to config file
if [ ! -z "$trusted_macs" ]; then
+ trusted_macs=$(echo $trusted_macs | tr ' ' ',')
echo "TrustedMACList $trusted_macs" >> ${CONFIGFILE}
fi
+ # if has trusted_wildcard_domains, add it to config file
+ if [ ! -z "$trusted_wildcard_domains" ]; then
+ trusted_wildcard_domains=$(echo $trusted_wildcard_domains | tr ' ' ',')
+ echo "TrustedPanDomains $trusted_wildcard_domains" >> ${CONFIGFILE}
+ fi
+
+ config_foreach handle_gateway gateway
}
start_service() {
procd_open_instance
# -f: run in foreground
- procd_set_param command $PROG -c $CONFIGFILE -f -d 0
+ procd_set_param command $PROG -c $CONFIGFILE -s -f -d $log_level
procd_set_param respawn # respawn automatically if something died
procd_set_param file /etc/config/wifidogx
procd_close_instance
service_triggers() {
procd_add_reload_trigger "${NAME}"
+ procd_add_interface_trigger "interface.*.up" "wan" /etc/init.d/wifidogx restart
}
PKG_NAME:=apinger
PKG_SOURCE_DATE:=2015-04-09
PKG_SOURCE_VERSION:=78eb328721ba1a10571c19df95acddcb5f0c17c8
-PKG_RELEASE:=7
+PKG_RELEASE:=8
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/Jajcus/apinger
- ctime(&t->last_received_tv.tv_sec));
- fprintf(f,"Average delay: %0.3fms\n",AVG_DELAY(t));
+ if(config->status_format){
-+ fprintf(f,"%s|%s|%s|%i|%i|%u|",t->name, t->config->srcip, t->description, t->last_sent+1,
-+ t->received, t->last_received_tv.tv_sec);
++ fprintf(f,"%s|%s|%s|%i|%i|%" PRIu64 "|",t->name, t->config->srcip, t->description, t->last_sent+1,
++ t->received, (uint64_t)t->last_received_tv.tv_sec);
+ fprintf(f,"%0.3fms|", AVG_DELAY(t));
+ }
+ else{
PKG_NAME:=atftp
PKG_VERSION:=0.8.0
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/$(PKG_NAME)
config_load atftpd
- config_get enable service enable 0
+ config_get_bool enable service enable 0
[ "$enable" -eq "0" ] && return 0
config_get srv service path "/srv/tftp"
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=$(PKG_VERSION)
PKG_SOURCE_URL:=https://github.com/RIPE-NCC/ripe-atlas-probe-busybox
-PKG_MIRROR_HASH:=6caa57297984814ed3d3369f7ac8682c688e39ed592102977048ab7de80e1a91
+PKG_MIRROR_HASH:=5cb9c17f381e57105bb4ff7c83923619478f970ab9b43ff90a2ed9b1c3879fe0
PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec1@gmail.com>
PKG_LICENSE:=GPL-2.0-or-later
include $(TOPDIR)/rules.mk
PKG_NAME:=banip
-PKG_VERSION:=0.9.6
-PKG_RELEASE:=1
+PKG_VERSION:=1.0.0
+PKG_RELEASE:=6
PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
## Main Features
* banIP supports the following fully pre-configured domain blocklist feeds (free for private usage, for commercial use please check their individual licenses).
- **Please note:** By default every feed blocks all supported chains. The columns "WAN-INP", "WAN-FWD" and "LAN-FWD" show for which chains the feeds are suitable in common scenarios, e.g. the first entry should be limited to the LAN forward chain - see the config options 'ban\_blockpolicy', 'ban\_blockinput', 'ban\_blockforwardwan' and 'ban\_blockforwardlan' below.
+**Please note:** By default every feed blocks packet traversal in all supported chains, the table columns "WAN-INP", "WAN-FWD" and "LAN-FWD" show for which chains the feeds are suitable in common scenarios:
+ * WAN-INP chain applies to packets from internet to your router
+ * WAN-FWD chain applies to packets from internet to other local devices (not your router)
+ * LAN-FWD chain applies to local packets going out to the internet (not your router)
+ For instance the first entry should be limited to the LAN forward chain - just set the 'LAN-Forward Chain' option under the 'Feed/Set Seetings' config tab accordingly.
| Feed | Focus | WAN-INP | WAN-FWD | LAN-FWD | Port-Limit | Information |
| :------------------ | :----------------------------- | :-----: | :-----: | :-----: | :----------: | :----------------------------------------------------------- |
| backscatterer | backscatterer IPs | x | x | | | [Link](https://www.uceprotect.net/en/index.php) |
| becyber | malicious attacker IPs | x | x | | | [Link](https://github.com/duggytuxy/malicious_ip_addresses) |
| binarydefense | binary defense banlist | x | x | | | [Link](https://iplists.firehol.org/?ipset=bds_atif) |
-| bogon | bogon prefixes | x | x | | | [Link](https://team-cymru.com) |
+| bogon | bogon prefixes | x | x | x | | [Link](https://team-cymru.com) |
| bruteforceblock | bruteforceblocker IPs | x | x | | | [Link](https://danger.rulez.sk/index.php/bruteforceblocker/) |
| country | country blocks | x | x | | | [Link](https://www.ipdeny.com/ipblocks) |
| cinsscore | suspicious attacker IPs | x | x | | | [Link](https://cinsscore.com/#list) |
| talos | talos IPs | x | x | | | [Link](https://talosintelligence.com/reputation_center) |
| threat | emerging threats | x | x | | | [Link](https://rules.emergingthreats.net) |
| threatview | malicious IPs | x | x | | | [Link](https://threatview.io) |
-| tor | tor exit nodes | x | x | | | [Link](https://github.com/SecOps-Institute/Tor-IP-Addresses) |
+| tor | tor exit nodes | x | x | x | | [Link](https://www.dan.me.uk) |
| turris | turris sentinel blocklist | x | x | | | [Link](https://view.sentinel.turris.cz) |
| uceprotect1 | spam protection level 1 | x | x | | | [Link](https://www.uceprotect.net/en/index.php) |
| uceprotect2 | spam protection level 2 | x | x | | | [Link](https://www.uceprotect.net/en/index.php) |
* Supports concatenation of local MAC addresses with IPv4/IPv6 addresses, e.g. to enforce dhcp assignments
* All local input types support ranges in CIDR notation
* Auto-add the uplink subnet or uplink IP to the local allowlist
-* Prevent common ICMP, UDP and SYN flood attacks and drop spoofed tcp flags & invalid conntrack packets (DDoS attacks) in an additional prerouting chain
+* Prevent common ICMP, UDP and SYN flood attacks and drop spoofed tcp flags & invalid conntrack packets (DoS attacks) in an additional prerouting chain
* Provides a small background log monitor to ban unsuccessful login attempts in real-time (like fail2ban, crowdsec etc.)
* Auto-add unsuccessful LuCI, nginx, Asterisk or ssh login attempts to the local blocklist
-* Auto-add entire subnets to the blocklist Sets based on an additional RDAP request with the monitored suspicious IP
+* Auto-add entire subnets to the blocklist Set based on an additional RDAP request with the monitored suspicious IP
* Fast feed processing as they are handled in parallel as background jobs (on capable multi-core hardware)
* Per feed it can be defined whether the wan-input chain, the wan-forward chain or the lan-forward chain should be blocked (default: all chains)
* Automatic blocklist backup & restore, the backups will be used in case of download errors or during startup
* **[OpenWrt](https://openwrt.org)**, latest stable release or a snapshot with nft/firewall 4 support
* A download utility with SSL support: 'aria2c', 'curl', full 'wget' or 'uclient-fetch' with one of the 'libustream-*' SSL libraries, the latter one doesn't provide support for ETag HTTP header
* A certificate store like 'ca-bundle', as banIP checks the validity of the SSL certificates of all download sites by default
-* For E-Mail notifications you need to install and setup the additional 'msmtp' package
+* For E-Mail notifications you need to install and setup the additional 'msmtp' package
**Please note:**
-* Devices with less than 256Mb of RAM are **_not_** supported
+* Devices with less than 256MB of RAM are **_not_** supported
* Any previous installation of ancient banIP 0.7.x must be uninstalled, and the /etc/banip folder and the /etc/config/banip configuration file must be deleted (they are recreated when this version is installed)
## Installation & Usage
* Install banIP (_opkg install banip_) - the banIP service is disabled by default
* Install the LuCI companion package 'luci-app-banip' (opkg install luci-app-banip)
* It's strongly recommended to use the LuCI frontend to easily configure all aspects of banIP, the application is located in LuCI under the 'Services' menu
+* To be able to use banIP in a meaningful way, you must activate the service and possibly also activate a few blocklist feeds
* If you're using a complex network setup, e.g. special tunnel interfaces, than untick the 'Auto Detection' option under the 'General Settings' tab and set the required options manually
* Start the service with '/etc/init.d/banip start' and check everything is working by running '/etc/init.d/banip status' and also check the 'Firewall Log' and 'Processing Log' tabs
-* If you're going to configure banIP via CLI, edit the config file '/etc/config/banip' and enable the service (set ban\_enabled to '1'), then add pre-configured feeds via 'ban\_feed' (see the feed list above) and add/change other options to your needs, see the options reference table below
## banIP CLI interface
-* All important banIP functions are accessible via CLI.
+* All important banIP functions are accessible via CLI, too. If you're going to configure banIP via CLI, edit the config file '/etc/config/banip' and enable the service, add pre-configured feeds and add/change other options to your needs, see the options reference table below.
```
~# /etc/init.d/banip
Syntax: /etc/init.d/banip [command]
| ban_loglimit | option | 100 | scan only the last n log entries permanently. A value of '0' disables the monitor |
| ban_logcount | option | 1 | how many times the IP must appear in the log to be considered as suspicious |
| ban_logterm | list | regex | various regex for logfile parsing (default: dropbear, sshd, luci, nginx, asterisk and cgi-remote events) |
-| ban_logreadfile | option | /var/log/messages | alternative location for parsing the log file, e.g. via syslog-ng, to deactivate the standard parsing via logread |
+| ban_logreadfile | option | /var/log/messages | alternative location for parsing a log file via tail, to deactivate the standard parsing via logread |
| ban_autodetect | option | 1 | auto-detect wan interfaces, devices and subnets |
| ban_debug | option | 0 | enable banIP related debug logging |
-| ban_icmplimit | option | 10 | threshold in number of packets to detect icmp DDoS in prerouting chain. A value of '0' disables this safeguard |
-| ban_synlimit | option | 10 | threshold in number of packets to detect syn DDoS in prerouting chain. A value of '0' disables this safeguard |
-| ban_udplimit | option | 100 | threshold in number of packets to detect udp DDoS in prerouting chain. A value of '0' disables this safeguard |
+| ban_icmplimit | option | 10 | threshold in number of packets to detect icmp DoS in prerouting chain. A value of '0' disables this safeguard |
+| ban_synlimit | option | 10 | threshold in number of packets to detect syn DoS in prerouting chain. A value of '0' disables this safeguard |
+| ban_udplimit | option | 100 | threshold in number of packets to detect udp DoS in prerouting chain. A value of '0' disables this safeguard |
| ban_logprerouting | option | 0 | log supsicious packets in the prerouting chain |
| ban_loginput | option | 0 | log supsicious packets in the wan-input chain |
| ban_logforwardwan | option | 0 | log supsicious packets in the wan-forward chain |
| ban_reportdir | option | /tmp/banIP-report | directory where banIP stores the report files |
| ban_backupdir | option | /tmp/banIP-backup | directory where banIP stores the compressed backup files |
| ban_protov4 | option | - / autodetect | enable IPv4 support |
-| ban_protov6 | option | - / autodetect | enable IPv4 support |
+| ban_protov6 | option | - / autodetect | enable IPv6 support |
| ban_ifv4 | list | - / autodetect | logical wan IPv4 interfaces, e.g. 'wan' |
| ban_ifv6 | list | - / autodetect | logical wan IPv6 interfaces, e.g. 'wan6' |
| ban_dev | list | - / autodetect | wan device(s), e.g. 'eth2' |
| ban_trigger | list | - | logical reload trigger interface(s), e.g. 'wan' |
| ban_triggerdelay | option | 20 | trigger timeout during interface reload and boot |
| ban_deduplicate | option | 1 | deduplicate IP addresses across all active Sets |
-| ban_splitsize | option | 0 | split ext. Sets after every n lines/members (saves RAM) |
+| ban_splitsize | option | 0 | split the processing/loading of Sets in chunks of n lines/members (saves RAM) |
| ban_cores | option | - / autodetect | limit the cpu cores used by banIP (saves RAM) |
| ban_nftloglevel | option | warn | nft loglevel, values: emerg, alert, crit, err, warn, notice, info, debug |
| ban_nftpriority | option | -100 | nft priority for the banIP table (the prerouting table is fixed to priority -150) |
| ban_mailprofile | option | ban_notify | mail profile used in 'msmtp' for banIP related notification E-Mails |
| ban_mailnotification | option | 0 | receive E-Mail notifications with every banIP run |
| ban_reportelements | option | 1 | count Set elements in the report, disable this option to speed up the report significantly |
-| ban_resolver | option | - | external resolver used for DNS lookups |
+| ban_resolver | option | - | external resolver used for DNS lookups, by default the local resolver/forwarder will be used |
| ban_remotelog | option | 0 | enable the cgi interface to receive remote logging events |
| ban_remotetoken | option | - | unique token to communicate with the cgi interface |
:::
Timestamp: 2024-04-17 23:02:15
------------------------------
- blocked syn-flood packets in prerouting : 5
- blocked udp-flood packets in prerouting : 11
- blocked icmp-flood packets in prerouting : 6
- blocked invalid ct packets in prerouting : 277
- blocked invalid tcp packets in prerouting: 0
- ----------
- auto-added IPs to allowlist today: 0
- auto-added IPs to blocklist today: 0
+ blocked syn-flood packets : 5
+ blocked udp-flood packets : 11
+ blocked icmp-flood packets : 6
+ blocked invalid ct packets : 277
+ blocked invalid tcp packets: 0
+ ---
+ auto-added IPs to allowlist: 0
+ auto-added IPs to blocklist: 0
Set | Elements | WAN-Input (packets) | WAN-Forward (packets) | LAN-Forward (packets) | Port/Protocol Limit
---------------------+--------------+-----------------------+-----------------------+-----------------------+------------------------
**banIP runtime information**
```
-~# /etc/init.d/banip status
::: banIP runtime information
+ status : active (nft: ✔, monitor: ✔)
- + version : 0.9.5-r1
- + element_count : 335706
- + active_feeds : allowlistv4MAC, allowlistv6MAC, allowlistv4, allowlistv6, adguardtrackersv6, adguardtrackersv4, becyberv4, cinsscorev4, deblv4, countryv6, countryv4, deblv6, dropv6, dohv4, dropv4, dohv6, threatv4, firehol1v4, ipthreatv4, firehol2v4, turrisv4, blocklistv4MAC, blocklistv6MAC, blocklistv4, blocklistv6
+ + version : 0.9.6-r1
+ + element_count : 108036
+ + active_feeds : allowlistv4MAC, allowlistv6MAC, allowlistv4, allowlistv6, cinsscorev4, deblv4, countryv6, countryv4, deblv6, dohv4, dohv6, turrisv4, blocklistv4MAC, blocklistv6MAC, blocklistv4, blocklistv6
+ active_devices : wan: pppoe-wan / wan-if: wan, wan_6 / vlan-allow: - / vlan-block: -
+ active_uplink : 217.83.205.130, fe80::9cd6:12e9:c4df:75d3, 2003:ed:b5ff:43bd:9cd5:12e7:c3ef:75d8
- + nft_info : priority: 0, policy: performance, loglevel: warn, expiry: 2h
+ + nft_info : priority: -100, policy: performance, loglevel: warn, expiry: 2h, limit (icmp/syn/udp): 10/10/100
+ run_info : base: /mnt/data/banIP, backup: /mnt/data/banIP/backup, report: /mnt/data/banIP/report
+ run_flags : auto: ✔, proto (4/6): ✔/✔, log (pre/inp/fwd/lan): ✔/✘/✘/✘, dedup: ✔, split: ✘, custom feed: ✘, allowed only: ✘
- + last_run : action: reload, log: logread, fetch: curl, duration: 2m 33s, date: 2024-04-17 05:57:56
- + system_info : cores: 4, memory: 1573, device: Bananapi BPI-R3, OpenWrt SNAPSHOT r25932-338b463e1e
+ + last_run : action: reload, log: logread, fetch: curl, duration: 1m 21s, date: 2024-05-27 05:56:29
+ + system_info : cores: 4, memory: 1661, device: Bananapi BPI-R3, OpenWrt SNAPSHOT r26353-a96354bcfb
```
**banIP search information**
1.10.255.58
1.11.67.53
1.11.114.211
-1.11.208.29
-1.12.75.87
-1.12.231.227
-1.12.247.134
-1.12.251.141
-1.14.96.156
-1.14.250.37
-1.15.40.79
-1.15.71.140
-1.15.77.237
[...]
```
-**default regex for logfile parsing**
+
+## Best practise & tweaks
+**Recommendation for low memory systems**
+nftables supports the atomic loading of firewall rules (incl. elements), which is cool but unfortunately is also very memory intensive. To reduce the memory pressure on low memory systems (i.e. those with 256-512MB RAM), you should optimize your configuration with the following options:
+
+* point 'ban_basedir', 'ban_reportdir' and 'ban_backupdir' to an external usb drive
+* set 'ban_cores' to '1' (only useful on a multicore system) to force sequential feed processing
+* set 'ban_splitsize' e.g. to '1024' to split the load of an external Set after every 1024 lines/elements
+* set 'ban_reportelements' to '0' to disable the CPU intensive counting of Set elements
+
+**Sensible choice of blocklists**
+The following feeds are just my personal recommendation as an initial setup:
+* cinsscore, debl, turris in WAN-Input and WAN-Forward chain
+* doh in LAN-Forward chain
+
+In total, this feed selection blocks about 20K IP addresses. It may also be useful to include some countries to the country feed in WAN-Input and WAN-Forward chain.
+Please note: don't just blindly activate (too) many feeds at once, sooner or later this will lead to OOM conditions.
+
+**Log Terms for logfile parsing**
+Like fail2ban and crowdsec, banIP supports logfile scanning and automatic blocking of suspicious attacker IPs.
+In the default config only the log terms to detect failed login attempts via dropbear and LuCI are in place. The following search pattern has been tested as well - just transfer the required regular expression via cut and paste to your config (without quotation marks):
```
-list ban_logterm 'Exit before auth from'
-list ban_logterm 'luci: failed login'
-list ban_logterm 'error: maximum authentication attempts exceeded'
-list ban_logterm 'sshd.*Connection closed by.*\[preauth\]'
-list ban_logterm 'SecurityEvent=\"InvalidAccountID\".*RemoteAddress='
-list ban_logterm 'received a suspicious remote IP '\''.*'\'''
+dropbear : 'Exit before auth from'
+LuCI : 'luci: failed login'
+sshd1 : 'error: maximum authentication attempts exceeded'
+sshd2 : 'sshd.*Connection closed by.*\[preauth\]'
+asterisk : 'SecurityEvent=\"InvalidAccountID\".*RemoteAddress='
+nginx : 'received a suspicious remote IP '\''.*'\'''
+openvpn : 'TLS Error: could not determine wrapping from \[AF_INET\]'
```
+You find the 'Log Terms' option in LuCI under the 'Log Settings' tab. Feel free to add more log terms to meet your needs and protect additional services.
-**allow-/blocklist handling**
-banIP supports local allow and block lists, MAC/IPv4/IPv6 addresses (incl. ranges in CIDR notation) or domain names. These files are located in /etc/banip/banip.allowlist and /etc/banip/banip.blocklist.
+**Allow-/Blocklist handling**
+banIP supports local allow- and block-lists, MAC/IPv4/IPv6 addresses (incl. ranges in CIDR notation) or domain names. These files are located in /etc/banip/banip.allowlist and /etc/banip/banip.blocklist.
Unsuccessful login attempts or suspicious requests will be tracked and added to the local blocklist (see the 'ban_autoblocklist' option). The blocklist behaviour can be further tweaked with the 'ban_nftexpiry' option.
Depending on the options 'ban_autoallowlist' and 'ban_autoallowuplink' the uplink subnet or the uplink IP will be added automatically to local allowlist.
Furthermore, you can reference external Allowlist URLs with additional IPv4 and IPv6 feeds (see 'ban_allowurl').
Both local lists also accept domain names as input to allow IP filtering based on these names. The corresponding IPs (IPv4 & IPv6) will be extracted and added to the Sets. You can also start the domain lookup separately via /etc/init.d/banip lookup at any time.
-**allowlist-only mode**
-banIP supports an "allowlist only" mode. This option skips all blocklists and restricts the internet access only to specific, explicitly allowed IP segments - and block access to the rest of the internet. All IPs which are _not_ listed in the allowlist (plus the external Allowlist URLs) are blocked.
+**Allowlist-only mode**
+banIP supports an "allowlist only" mode. This option skips all blocklists and restricts Internet access only to certain, explicitly permitted IP segments - and blocks access to the rest of the Internet. All IPs that are _not_ listed in the allowlist or in the external allowlist URLs are blocked. In this mode it might be useful to limit the allowlist feed to the wan-input / wan-forward chain, to still allow lan-forward communication to the rest of the world.
**MAC/IP-binding**
-banIP supports concatenation of local MAC addresses/ranges with IPv4/IPv6 addresses, e.g. to enforce dhcp assignments. Following notations in the local allow and block lists are allowed:
+banIP supports concatenation of local MAC addresses/ranges with IPv4/IPv6 addresses, e.g. to enforce dhcp assignments.
+The following notations in the local allow- and block-list are supported:
```
MAC-address only:
C8:C2:9B:F7:80:12 => this will be populated to the v4MAC- and v6MAC-Sets with the IP-wildcards 0.0.0.0/0 and ::/0
C8:C2:9B:F7:80:12 => this will be populated to v6MAC-Set with the IP-wildcard ::/0
```
-**enable the cgi interface to receive remote logging events**
+**CGI interface to receive remote logging events**
banIP ships a basic cgi interface in '/www/cgi-bin/banip' to receive remote logging events (disabled by default). The cgi interface evaluates logging events via GET or POST request (see examples below). To enable the cgi interface set the following options:
* set 'ban_remotelog' to '1' to enbale the cgi interface
Please note: for security reasons use this cgi interface only internally and only encrypted via https transfer protocol.
-**redirect Asterisk security logs to lodg/logread**
-banIP only supports logfile scanning via logread, so to monitor attacks on Asterisk, its security log must be available via logread. To do this, edit '/etc/asterisk/logger.conf' and add the line 'syslog.local0 = security', then run 'asterisk -rx reload logger' to update the running Asterisk configuration.
-
-**send status E-Mails and update the banIP lists via cron job**
-For a regular, automatic status mailing and update of the used lists on a daily basis set up a cron job, e.g.
-```
-55 03 * * * /etc/init.d/banip report mail
-00 04 * * * /etc/init.d/banip reload
-```
-
-**tweaks for low memory systems**
-nftables supports the atomic loading of firewall rules (incl. elements), which is cool but unfortunately is also very memory intensive. To reduce the memory pressure on low memory systems (i.e. those with 256-512Mb RAM), you should optimize your configuration with the following options:
-
- * point 'ban_basedir', 'ban_reportdir' and 'ban_backupdir' to an external usb drive
- * set 'ban_cores' to '1' (only useful on a multicore system) to force sequential feed processing
- * set 'ban_splitsize' e.g. to '1000' to split the load of an external Set after every 1000 lines/members
- * set 'ban_reportelements' to '0' to disable the CPU intensive counting of Set elements
-
-**tweak the download options**
+**Download options**
By default banIP uses the following pre-configured download options:
```
* aria2c: --timeout=20 --retry-wait=10 --max-tries=5 --max-file-not-found=5 --allow-overwrite=true --auto-file-renaming=false --log-level=warn --dir=/ -o
```
To override the default set 'ban_fetchretry', 'ban_fetchinsecure' or globally 'ban_fetchparm' to your needs.
-**send E-Mail notifications via 'msmtp'**
-To use the email notification you must install & configure the package 'msmtp'.
+**Configure E-Mail notifications via 'msmtp'**
+To use the email notification you must install and configure the package 'msmtp'.
Modify the file '/etc/msmtprc', e.g.:
```
[...]
user <gmail-user>
password <password>
```
-Finally add a valid E-Mail receiver address.
+Finally add a valid E-Mail receiver address in banIP.
-**change existing banIP feeds or add port limitations**
+**Send status E-Mails and update the banIP lists via cron job**
+For a regular, automatic status mailing and update of the used lists on a daily basis set up a cron job, e.g.
+```
+55 03 * * * /etc/init.d/banip report mail
+00 04 * * * /etc/init.d/banip reload
+```
+**Redirect asterisk security logs to lodg/logread**
+By default banIP scans the logfile via logread, so to monitor attacks on asterisk, its security log must be available via logread. To do this, edit '/etc/asterisk/logger.conf' and add the line 'syslog.local0 = security', then run 'asterisk -rx reload logger' to update the running asterisk configuration.
+
+**Change/add banIP feeds and port limitations**
The banIP default blocklist feeds are stored in an external JSON file '/etc/banip/banip.feeds'. All custom changes should be stored in an external JSON file '/etc/banip/banip.custom.feeds' (empty by default). It's recommended to use the LuCI based Custom Feed Editor to make changes to this file.
A valid JSON source object contains the following information, e.g.:
```
[...]
- "tor":{
- "url_4": "https://raw.githubusercontent.com/SecOps-Institute/Tor-IP-Addresses/master/tor-exit-nodes.lst",
- "url_6": "https://raw.githubusercontent.com/SecOps-Institute/Tor-IP-Addresses/master/tor-exit-nodes.lst",
- "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
- "rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
- "descr": "tor exit nodes",
- "flag": "gz tcp 80-88 udp 50000"
+"stevenblack":{
+ "url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/stevenblack-ipv4.txt",
+ "url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/stevenblack-ipv6.txt",
+ "rule_4": "/^127\\./{next}/^(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
+ "rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
+ "descr": "stevenblack IPs",
+ "flag": "tcp 80 443"
},
[...]
```
Add an unique feed name (no spaces, no special chars) and make the required changes: adapt at least the URL, the regex and the description for a new feed.
Please note: the flag field is optional, it's a space separated list of options: supported are 'gz' as an archive format, protocols 'tcp' or 'udp' with port numbers/port ranges for destination port limitations - multiple definitions are possible.
+**Debug options**
+Whenever you encounter banIP related processing problems, please check the "Processing Log" tab.
+Typical symptoms:
+* The nftables initialization failed: untick the 'Auto Detection' option in the 'General Settings' config section and set the required options manually
+* A blocklist feed does not work: maybe a temporary server problem or the download URL has been changed. In the latter case, just use the Custom Feed Editor to point this feed to a new URL
+To get much more processing information, please enable "Verbose Debug Logging" and restart banIP.
+
+Whenever you encounter firewall problems, enable the logging of certain chains in the "Log Settings" config section, restart banIP and check the "Firewall Log" tab.
+Typical symptoms:
+* A feed blocks a legit IP: disable the entire feed or add this IP to your local allowlist and reload banIP
+* A feed (e.g. doh) interrupts almost all client connections: check the feed table above for reference and limit the feed to a certain chain in the "Feed/Set Settings" config section
+* The allowlist doesn't free a certain IP/MAC address: check the current content of the allowlist with the "Set Survey" under the "Set Reporting" tab to make sure that the desired IP/MAC is listed - if not, reload banIP
+
## Support
-Please join the banIP discussion in this [forum thread](https://forum.openwrt.org/t/banip-support-thread/16985) or contact me by mail <dev@brenken.org>
+Please join the banIP discussion in this [forum thread](https://forum.openwrt.org/t/banip-support-thread/16985) or contact me by mail <dev@brenken.org>
+If you want to report an error, please describe it in as much detail as possible - with (debug) logs, the current banIP status, your banIP configuration, etc.
## Removal
-* stop all banIP related services with _/etc/init.d/banip stop_
-* remove the banip package (_opkg remove banip_)
+Stop all banIP related services with _/etc/init.d/banip stop_ and remove the banip package if necessary.
+
+## Donations
+You like this project - is there a way to donate? Generally speaking "No" - I have a well-paying full-time job and my OpenWrt projects are just a hobby of mine in my spare time.
+
+If you still insist to donate some bucks ...
+* I would be happy if you put your money in kind into other, social projects in your area, e.g. a children's hospice
+* Let's meet and invite me for a coffee if you are in my area, the “Markgräfler Land” in southern Germany or in Switzerland (Basel)
+* Send your money to my [PayPal account](https://www.paypal.me/DirkBrenken) and I will collect your donations over the year to support various social projects in my area
+
+No matter what you decide - thank you very much for your support!
Have fun!
Dirk
local cpu core
if [ -z "${ban_dev}" ]; then
- ban_debug="$(uci_get banip global ban_debug)"
+ ban_debug="$(uci_get banip global ban_debug "0")"
ban_cores="$(uci_get banip global ban_cores)"
fi
ban_packages="$("${ban_ubuscmd}" -S call rpc-sys packagelist '{ "all": true }' 2>/dev/null)"
cmd="$(command -v "${pri_cmd}" 2>/dev/null)"
if [ ! -x "${cmd}" ]; then
if [ -n "${sec_cmd}" ]; then
- [ "${sec_cmd}" = "true" ] && return
+ [ "${sec_cmd}" = "optional" ] && return
cmd="$(command -v "${sec_cmd}" 2>/dev/null)"
fi
if [ -x "${cmd}" ]; then
if [ -n "${log_msg}" ] && { [ "${class}" != "debug" ] || [ "${ban_debug}" = "1" ]; }; then
if [ -x "${ban_logcmd}" ]; then
- "${ban_logcmd}" -p "${class}" -t "banIP-${ban_ver}[${$}]" "${log_msg}"
+ "${ban_logcmd}" -p "${class}" -t "banIP-${ban_ver}[${$}]" "${log_msg::512}"
else
- printf "%s %s %s\n" "${class}" "banIP-${ban_ver}[${$}]" "${log_msg}"
+ printf "%s %s %s\n" "${class}" "banIP-${ban_ver}[${$}]" "${log_msg::512}"
fi
fi
if [ "${class}" = "err" ] || [ "${class}" = "emerg" ]; then
- if [ "${class}" = "err" ]; then
+ if [ "${class}" = "err" ]; then
"${ban_nftcmd}" delete table inet banIP >/dev/null 2>&1
if [ "$(uci_get banip global ban_enabled)" = "1" ]; then
f_genstatus "error"
if [ "${rir}" = "${region}" ] && ! printf "%s" "${ban_country}" | "${ban_grepcmd}" -qw "${ccode}"; then
ban_country="${ban_country} ${ccode}"
fi
- done < "${ban_countryfile}"
+ done <"${ban_countryfile}"
done
}
f_actual() {
local nft monitor ppid pids pid
- if "${ban_nftcmd}" list chain inet banIP pre-routing >/dev/null 2>&1; then
+ if "${ban_nftcmd}" -t list set inet banIP allowlistv4MAC >/dev/null 2>&1; then
nft="$(f_char "1")"
else
nft="$(f_char "0")"
elif ! printf "%s" "${tmp_proto}" | "${ban_grepcmd}" -qw "${flag}"; then
tmp_proto="${tmp_proto}, ${flag}"
fi
- elif [ -n "${flag//[![:digit]-]/}" ]; then
+ elif [ -n "${flag//[![:digit:]-]/}" ]; then
if [ -z "${tmp_port}" ]; then
tmp_port="${flag}"
elif ! printf "%s" "${tmp_port}" | "${ban_grepcmd}" -qw "${flag}"; then
# nft header (tables and chains)
#
printf "%s\n\n" "#!/usr/sbin/nft -f"
- if "${ban_nftcmd}" list chain inet banIP pre-routing >/dev/null 2>&1; then
+ if "${ban_nftcmd}" -t list set inet banIP allowlistv4MAC >/dev/null 2>&1; then
printf "%s\n" "delete table inet banIP"
fi
printf "%s\n" "add table inet banIP"
elif ! printf "%s" "${tmp_proto}" | "${ban_grepcmd}" -qw "${flag}"; then
tmp_proto="${tmp_proto}, ${flag}"
fi
- elif [ -n "${flag//[![:digit]-]/}" ]; then
+ elif [ -n "${flag//[![:digit:]-]/}" ]; then
if [ -z "${tmp_port}" ]; then
tmp_port="${flag}"
elif ! printf "%s" "${tmp_port}" | "${ban_grepcmd}" -qw "${flag}"; then
feed_rc="${?}"
fi
- # build nft file with Sets and rules for regular downloads
+ # final file & Set preparation for regular downloads
#
if [ "${feed_rc}" = "0" ] && [ ! -s "${tmp_nft}" ]; then
# deduplicate Sets
if [ "${ban_deduplicate}" = "1" ] && [ "${feed_url}" != "local" ]; then
"${ban_awkcmd}" '{sub("\r$", "");print}' "${tmp_load}" 2>/dev/null | "${ban_awkcmd}" "${feed_rule}" 2>/dev/null >"${tmp_raw}"
"${ban_awkcmd}" 'NR==FNR{member[$0];next}!($0 in member)' "${ban_tmpfile}.deduplicate" "${tmp_raw}" 2>/dev/null | tee -a "${ban_tmpfile}.deduplicate" >"${tmp_split}"
+ feed_rc="${?}"
else
"${ban_awkcmd}" '{sub("\r$", "");print}' "${tmp_load}" 2>/dev/null | "${ban_awkcmd}" "${feed_rule}" 2>/dev/null >"${tmp_split}"
+ feed_rc="${?}"
fi
- feed_rc="${?}"
+ : >"${tmp_raw}" >"${tmp_load}"
# split Sets
#
if [ "${feed_rc}" = "0" ]; then
- if [ -n "${ban_splitsize//[![:digit]]/}" ] && [ "${ban_splitsize//[![:digit]]/}" -gt "512" ]; then
- if ! "${ban_awkcmd}" "NR%${ban_splitsize//[![:digit]]/}==1{file=\"${tmp_file}.\"++i;}{ORS=\" \";print > file}" "${tmp_split}" 2>/dev/null; then
- f_log "info" "can't split Set '${feed}' to size '${ban_splitsize//[![:digit]]/}'"
+ if [ -n "${ban_splitsize//[![:digit:]]/}" ] && [ "${ban_splitsize//[![:digit:]]/}" -ge "512" ]; then
+ if ! "${ban_awkcmd}" "NR%${ban_splitsize//[![:digit:]]/}==1{file=\"${tmp_file}.\"++i;}{ORS=\" \";print > file}" "${tmp_split}" 2>/dev/null; then
+ feed_rc="${?}"
rm -f "${tmp_file}".*
+ f_log "info" "can't split Set '${feed}' to size '${ban_splitsize//[![:digit:]]/}'"
fi
else
"${ban_awkcmd}" '{ORS=" ";print}' "${tmp_split}" 2>/dev/null >"${tmp_file}.1"
+ feed_rc="${?}"
fi
- feed_rc="${?}"
fi
- : >"${tmp_raw}" >"${tmp_load}"
- if [ "${feed_rc}" = "0" ] && [ "${proto}" = "4" ]; then
- {
- # nft header (IPv4 Set)
- #
- printf "%s\n\n" "#!/usr/sbin/nft -f"
- [ -s "${tmp_flush}" ] && "${ban_catcmd}" "${tmp_flush}"
- printf "%s\n" "add set inet banIP ${feed} { type ipv4_addr; flags interval; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}.1") }"
-
- # input and forward rules
- #
- [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ${feed_dport} ip saddr @${feed} ${log_input} counter ${feed_target}"
- [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ${feed_dport} ip saddr @${feed} ${log_forwardwan} counter ${feed_target}"
- [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ${feed_dport} ip daddr @${feed} ${log_forwardlan} counter goto reject-chain"
- } >"${tmp_nft}"
- elif [ "${feed_rc}" = "0" ] && [ "${proto}" = "6" ]; then
- {
- # nft header (IPv6 Set)
- #
- printf "%s\n\n" "#!/usr/sbin/nft -f"
- [ -s "${tmp_flush}" ] && "${ban_catcmd}" "${tmp_flush}"
- printf "%s\n" "add set inet banIP ${feed} { type ipv6_addr; flags interval; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}.1") }"
-
- # input and forward rules
- #
- [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ${feed_dport} ip6 saddr @${feed} ${log_input} counter ${feed_target}"
- [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ${feed_dport} ip6 saddr @${feed} ${log_forwardwan} counter ${feed_target}"
- [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ${feed_dport} ip6 daddr @${feed} ${log_forwardlan} counter goto reject-chain"
- } >"${tmp_nft}"
+ # build nft file
+ #
+ if [ "${feed_rc}" = "0" ] && [ -s "${tmp_file}.1" ]; then
+ if [ "${proto}" = "4" ]; then
+ {
+ # nft header (IPv4 Set) input and forward rules
+ #
+ printf "%s\n\n" "#!/usr/sbin/nft -f"
+ [ -s "${tmp_flush}" ] && "${ban_catcmd}" "${tmp_flush}"
+ printf "%s\n" "add set inet banIP ${feed} { type ipv4_addr; flags interval; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}.1") }"
+ [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ${feed_dport} ip saddr @${feed} ${log_input} counter ${feed_target}"
+ [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ${feed_dport} ip saddr @${feed} ${log_forwardwan} counter ${feed_target}"
+ [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ${feed_dport} ip daddr @${feed} ${log_forwardlan} counter goto reject-chain"
+ } >"${tmp_nft}"
+ elif [ "${proto}" = "6" ]; then
+ {
+ # nft header (IPv6 Set) plus input and forward rules
+ #
+ printf "%s\n\n" "#!/usr/sbin/nft -f"
+ [ -s "${tmp_flush}" ] && "${ban_catcmd}" "${tmp_flush}"
+ printf "%s\n" "add set inet banIP ${feed} { type ipv6_addr; flags interval; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}.1") }"
+ [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ${feed_dport} ip6 saddr @${feed} ${log_input} counter ${feed_target}"
+ [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ${feed_dport} ip6 saddr @${feed} ${log_forwardwan} counter ${feed_target}"
+ [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ${feed_dport} ip6 daddr @${feed} ${log_forwardlan} counter goto reject-chain"
+ } >"${tmp_nft}"
+ fi
fi
: >"${tmp_flush}" >"${tmp_file}.1"
fi
#
if [ "${feed_rc}" = "0" ]; then
for split_file in "${tmp_file}".*; do
- [ ! -s "${split_file}" ] && continue
- "${ban_sedcmd}" -i "1 i #!/usr/sbin/nft -f\nadd element inet banIP "${feed}" { " "${split_file}"
- printf "%s\n" "}" >> "${split_file}"
- if ! "${ban_nftcmd}" -f "${split_file}" >/dev/null 2>&1; then
- f_log "info" "can't add split file '${split_file##*.}' to Set '${feed}'"
+ if [ -s "${split_file}" ]; then
+ "${ban_sedcmd}" -i "1 i #!/usr/sbin/nft -f\nadd element inet banIP "${feed}" { " "${split_file}"
+ printf "%s\n" "}" >>"${split_file}"
+ if ! "${ban_nftcmd}" -f "${split_file}" >/dev/null 2>&1; then
+ f_log "info" "can't add split file '${split_file##*.}' to Set '${feed}'"
+ fi
+ : >"${split_file}"
fi
- : >"${split_file}"
done
if [ "${ban_debug}" = "1" ] && [ "${ban_reportelements}" = "1" ]; then
cnt_set="$("${ban_nftcmd}" -j list set inet banIP "${feed}" 2>/dev/null | "${ban_jsoncmd}" -qe '@.nftables[*].set.elem[*]' | wc -l 2>/dev/null)"
json_add_string "${object}" "${object}"
done
json_close_array
- json_add_string "nft_info" "priority: ${ban_nftpriority}, policy: ${ban_nftpolicy}, loglevel: ${ban_nftloglevel}, expiry: ${ban_nftexpiry:-"-"}"
+ json_add_string "nft_info" "priority: ${ban_nftpriority}, policy: ${ban_nftpolicy}, loglevel: ${ban_nftloglevel}, expiry: ${ban_nftexpiry:-"-"}, limit (icmp/syn/udp): ${ban_icmplimit}/${ban_synlimit}/${ban_udplimit}"
json_add_string "run_info" "base: ${ban_basedir}, backup: ${ban_backupdir}, report: ${ban_reportdir}"
json_add_string "run_flags" "auto: $(f_char ${ban_autodetect}), proto (4/6): $(f_char ${ban_protov4})/$(f_char ${ban_protov6}), log (pre/inp/fwd/lan): $(f_char ${ban_logprerouting})/$(f_char ${ban_loginput})/$(f_char ${ban_logforwardwan})/$(f_char ${ban_logforwardlan}), dedup: $(f_char ${ban_deduplicate}), split: $(f_char ${split}), custom feed: $(f_char ${custom_feed}), allowed only: $(f_char ${ban_allowlistonly})"
json_add_string "last_run" "${runtime:-"-"}"
else
json_get_var value "${key}" >/dev/null 2>&1
if [ "${key}" = "status" ]; then
- value="${value} ($(f_actual))"
+ [ "${value}" = "active" ] && value="${value} ($(f_actual))" || value="${value}"
fi
fi
if [ "${key}" != "wan_interfaces" ] && [ "${key}" != "vlan_allow" ] && [ "${key}" != "vlan_block" ]; then
if [ "${ip%%.*}" = "127" ] || [ "${ip%%.*}" = "0" ] || [ -z "${ip%%::*}" ]; then
continue
else
- if { [ "${feed}" = "allowlist" ] && ! "${ban_grepcmd}" -q "^${ip}" "${ban_allowlist}"; } ||
- { [ "${feed}" = "blocklist" ] && ! "${ban_grepcmd}" -q "^${ip}" "${ban_blocklist}"; }; then
- if [ "${ip##*:}" = "${ip}" ]; then
- elementsv4="${elementsv4} ${ip},"
- else
- elementsv6="${elementsv6} ${ip},"
- fi
- if [ "${feed}" = "allowlist" ] && [ "${ban_autoallowlist}" = "1" ]; then
- printf "%-42s%s\n" "${ip}" "# '${domain}' added on $(date "+%Y-%m-%d %H:%M:%S")" >>"${ban_allowlist}"
- elif [ "${feed}" = "blocklist" ] && [ "${ban_autoblocklist}" = "1" ]; then
- printf "%-42s%s\n" "${ip}" "# '${domain}' added on $(date "+%Y-%m-%d %H:%M:%S")" >>"${ban_blocklist}"
- fi
- cnt_ip="$((cnt_ip + 1))"
+ [ "${ip##*:}" = "${ip}" ] && elementsv4="${elementsv4} ${ip}," || elementsv6="${elementsv6} ${ip},"
+ if [ "${feed}" = "allowlist" ] && [ "${ban_autoallowlist}" = "1" ] && ! "${ban_grepcmd}" -q "^${ip}[[:space:]]*#" "${ban_allowlist}"; then
+ printf "%-42s%s\n" "${ip}" "# '${domain}' added on $(date "+%Y-%m-%d %H:%M:%S")" >>"${ban_allowlist}"
+ elif [ "${feed}" = "blocklist" ] && [ "${ban_autoblocklist}" = "1" ] && ! "${ban_grepcmd}" -q "^${ip}[[:space:]]*#" "${ban_blocklist}"; then
+ printf "%-42s%s\n" "${ip}" "# '${domain}' added on $(date "+%Y-%m-%d %H:%M:%S")" >>"${ban_blocklist}"
fi
+ cnt_ip="$((cnt_ip + 1))"
fi
done
cnt_domain="$((cnt_domain + 1))"
end_time="$(date "+%s")"
duration="$(((end_time - start_time) / 60))m $(((end_time - start_time) % 60))s"
- f_log "debug" "f_lookup ::: feed: ${feed}, domains: ${cnt_domain}, IPs: ${cnt_ip}, duration: ${duration}"
+ f_log "info" "domain lookup finished in ${duration} (${feed}, ${cnt_domain} domains, ${cnt_ip} IPs)"
}
# table statistics
printf "%s\n" " blocked icmp-flood packets : ${sum_icmpflood}"
printf "%s\n" " blocked invalid ct packets : ${sum_ctinvalid}"
printf "%s\n" " blocked invalid tcp packets: ${sum_tcpinvalid}"
- printf "%s\n" " ----------"
+ printf "%s\n" " ---"
printf "%s\n" " auto-added IPs to allowlist: ${autoadd_allow}"
printf "%s\n\n" " auto-added IPs to blocklist: ${autoadd_block}"
json_select "sets" >/dev/null 2>&1
# log monitor
#
f_monitor() {
- local daemon logread_cmd loglimit_cmd nft_expiry line proto ip log_raw log_count rdap_log rdap_rc rdap_prefix rdap_length rdap_info
+ local daemon logread_cmd loglimit_cmd nft_expiry line proto ip log_raw log_count idx prefix cidr rdap_log rdap_rc rdap_idx rdap_info
if [ -f "${ban_logreadfile}" ]; then
logread_cmd="${ban_logreadcmd} -qf ${ban_logreadfile} 2>/dev/null | ${ban_grepcmd} -e \"${ban_logterm%%??}\" 2>/dev/null"
rdap_log="$("${ban_fetchcmd}" ${ban_rdapparm} "${ban_rdapfile}" "${ban_rdapurl}${ip}" 2>&1)"
rdap_rc="${?}"
if [ "${rdap_rc}" = "0" ] && [ -s "${ban_rdapfile}" ]; then
- [ "${proto}" = "v4" ] && rdap_prefix="$(jsonfilter -l1 -i "${ban_rdapfile}" -qe '@.cidr0_cidrs.*.v4prefix')"
- [ "${proto}" = "v6" ] && rdap_prefix="$(jsonfilter -l1 -i "${ban_rdapfile}" -qe '@.cidr0_cidrs.*.v6prefix')"
- rdap_length="$(jsonfilter -l1 -i "${ban_rdapfile}" -qe '@.cidr0_cidrs.*.length')"
- rdap_info="$(jsonfilter -l1 -i "${ban_rdapfile}" -qe '@.country' -qe '@.notices[@.title="Source"].description[1]' | awk 'BEGIN{RS="";FS="\n"}{printf "%s, %s",$1,$2}')"
- [ -z "${rdap_info}" ] && rdap_info="$(jsonfilter -l1 -i "${ban_rdapfile}" -qe '@.notices[0].links[0].value' | awk 'BEGIN{FS="[/.]"}{printf"%s, %s","n/a",toupper($4)}')"
- if [ -n "${rdap_prefix}" ] && [ -n "${rdap_length}" ]; then
- if "${ban_nftcmd}" add element inet banIP "blocklist${proto}" { ${rdap_prefix}/${rdap_length} ${nft_expiry} } >/dev/null 2>&1; then
- f_log "info" "add IP range '${rdap_prefix}/${rdap_length}' (source: ${rdap_info:-"n/a"} ::: expiry: ${ban_nftexpiry:-"-"}) to blocklist${proto} set"
+ [ "${proto}" = "v4" ] && rdap_idx="$("${ban_jsoncmd}" -i "${ban_rdapfile}" -qe '@.cidr0_cidrs[@.v4prefix].*' | "${ban_awkcmd}" '{ORS=" "; print}')"
+ [ "${proto}" = "v6" ] && rdap_idx="$("${ban_jsoncmd}" -i "${ban_rdapfile}" -qe '@.cidr0_cidrs[@.v6prefix].*' | "${ban_awkcmd}" '{ORS=" "; print}')"
+ rdap_info="$("${ban_jsoncmd}" -l1 -i "${ban_rdapfile}" -qe '@.country' -qe '@.notices[@.title="Source"].description[1]' | "${ban_awkcmd}" 'BEGIN{RS="";FS="\n"}{printf "%s, %s",$1,$2}')"
+ [ -z "${rdap_info}" ] && rdap_info="$("${ban_jsoncmd}" -l1 -i "${ban_rdapfile}" -qe '@.notices[0].links[0].value' | "${ban_awkcmd}" 'BEGIN{FS="[/.]"}{printf"%s, %s","n/a",toupper($4)}')"
+ for idx in ${rdap_idx}; do
+ if [ -z "${prefix}" ]; then
+ prefix="${idx}"
+ continue
+ else
+ cidr="${prefix}/${idx}"
+ if "${ban_nftcmd}" add element inet banIP "blocklist${proto}" { ${cidr} ${nft_expiry} } >/dev/null 2>&1; then
+ f_log "info" "add IP range '${cidr}' (source: ${rdap_info:-"n/a"} ::: expiry: ${ban_nftexpiry:-"-"}) to blocklist${proto} set"
+ fi
+ prefix=""
fi
- fi
+ done
else
f_log "info" "rdap request failed (rc: ${rdap_rc:-"-"}/log: ${rdap_log})"
fi
f_log "emerg" "system libraries not found"
fi
-# initial system calls
+# reference required system utilities
#
ban_awkcmd="$(f_cmd gawk awk)"
ban_catcmd="$(f_cmd cat)"
ban_jsoncmd="$(f_cmd jsonfilter)"
ban_logcmd="$(f_cmd logger)"
ban_lookupcmd="$(f_cmd nslookup)"
-ban_mailcmd="$(f_cmd msmtp true)"
+ban_mailcmd="$(f_cmd msmtp optional)"
ban_nftcmd="$(f_cmd nft)"
ban_pgrepcmd="$(f_cmd pgrep)"
ban_sedcmd="$(f_cmd sed)"
ban_ubuscmd="$(f_cmd ubus)"
ban_zcatcmd="$(f_cmd zcat)"
+f_system
if [ "${ban_action}" != "stop" ]; then
[ ! -d "/etc/banip" ] && f_log "err" "no banIP config directory"
[ ! -r "/etc/config/banip" ] && f_log "err" "no banIP config"
[ "$(uci_get banip global ban_enabled)" = "0" ] && f_log "err" "banIP is disabled"
fi
-
-f_system
f_mkfile "${ban_allowlist}"
f_mkfile "${ban_blocklist}"
-# firewall check
+# firewall/fw4 pre-check
#
-if [ "${ban_action}" != "reload" ]; then
- if [ -x "${ban_fw4cmd}" ]; then
- cnt="0"
- while [ "${cnt}" -lt "30" ] && ! /etc/init.d/firewall status >/dev/null 2>&1; do
- cnt="$((cnt + 1))"
- sleep 1
- done
- if ! /etc/init.d/firewall status >/dev/null 2>&1; then
- f_log "err" "nftables based firewall error"
- fi
- else
- f_log "err" "nftables based firewall not found"
- fi
+if [ ! -x "${ban_fw4cmd}" ] || [ ! -x "/etc/init.d/firewall" ]; then
+ f_log "err" "firewall/fw4 not found"
+elif ! /etc/init.d/firewall status >/dev/null 2>&1; then
+ f_log "info" "firewall/fw4 is not running"
fi
# init banIP nftables namespace
#!/bin/sh
# banIP cgi remote logging script - ban incoming and outgoing IPs via named nftables Sets
-# Copyright (c) 2018-2023 Dirk Brenken (dev@brenken.org)
+# Copyright (c) 2018-2024 Dirk Brenken (dev@brenken.org)
# This is free software, licensed under the GNU General Public License v3.
# (s)hellcheck exceptions
option ban_autodetect '1'
list ban_logterm 'Exit before auth from'
list ban_logterm 'luci: failed login'
- list ban_logterm 'error: maximum authentication attempts exceeded'
- list ban_logterm 'sshd.*Connection closed by.*\[preauth\]'
- list ban_logterm 'SecurityEvent=\"InvalidAccountID\".*RemoteAddress='
- list ban_logterm 'received a suspicious remote IP '\''.*'\'''
},
"nixspam":{
"url_4": "https://www.nixspam.net/download/nixspam-ip.dump.gz",
- "rule_4": "/^127\\./{next}/^(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$2}",
+ "rule_4": "/127\\./{next}/(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$2}",
"descr": "iX spam protection",
"flag": "gz"
},
},
"sslbl":{
"url_4": "https://sslbl.abuse.ch/blacklist/sslipblacklist.csv",
- "rule_4": "BEGIN{FS=\",\"}/^127\\./{next}/^(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)/{printf \"%s,\\n\",$2}",
+ "rule_4": "BEGIN{FS=\",\"}/127\\./{next}/(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)/{printf \"%s,\\n\",$2}",
"descr": "SSL botnet IPs"
},
"stevenblack":{
"descr": "malicious IPs"
},
"tor":{
- "url_4": "https://raw.githubusercontent.com/SecOps-Institute/Tor-IP-Addresses/master/tor-exit-nodes.lst",
- "url_6": "https://raw.githubusercontent.com/SecOps-Institute/Tor-IP-Addresses/master/tor-exit-nodes.lst",
+ "url_4": "https://www.dan.me.uk/torlist/?exit",
+ "url_6": "https://www.dan.me.uk/torlist/?exit",
"rule_4": "/^127\\./{next}/^(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
"descr": "tor exit nodes"
},
"urlhaus":{
"url_4": "https://urlhaus.abuse.ch/downloads/ids/",
- "rule_4": "match($0,/content:\"127\\./{next}/(content:\"([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5]))/){printf \"%s,\\n\",substr($0,RSTART+9,RLENGTH-9)}",
+ "rule_4": "BEGIN{FS=\";\"}/content:\"127\\./{next}/(content:\"([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\")/{printf \"%s,\\n\",substr($10,11,length($10)-11)}",
"descr": "urlhaus IDS IPs"
},
"urlvir":{
PKG_NAME:=basicstation
PKG_VERSION:=2.0.6
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/lorabasics/basicstation/tar.gz/v$(PKG_VERSION)?
--- /dev/null
+From 120c5817c0fb89aeb1641d86322e5168ceaa08cc Mon Sep 17 00:00:00 2001
+From: Glenn Strauss <gstrauss@gluelogic.com>
+Date: Fri, 19 Jul 2024 11:26:39 -0400
+Subject: [PATCH] build with mbedtls 3.x
+
+Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
+---
+ src/cups.c | 15 +++++++++------
+ src/tls.c | 8 ++++++--
+ src/tls.h | 6 +++++-
+ 3 files changed, 20 insertions(+), 9 deletions(-)
+
+--- a/src/cups.c
++++ b/src/cups.c
+@@ -38,6 +38,9 @@
+ #include "mbedtls/sha512.h"
+ #include "mbedtls/bignum.h"
+
++#ifndef MBEDTLS_PRIVATE
++#define MBEDTLS_PRIVATE(x) x
++#endif
+
+ #define FAIL_CNT_THRES 6
+ #define SIGCRC_LEN 4
+@@ -72,12 +75,12 @@ static int cups_verifySig (cups_sig_t* s
+ mbedtls_ecdsa_context ecdsa;
+ mbedtls_ecdsa_init(&ecdsa);
+ int ret;
+- if ((ret = mbedtls_ecp_group_load (&k.grp, MBEDTLS_ECP_DP_SECP256R1) ) ||
+- (ret = mbedtls_mpi_read_binary (&k.Q.X, (u1_t*)key.buf, 32) ) ||
+- (ret = mbedtls_mpi_read_binary (&k.Q.Y, (u1_t*)key.buf+32, 32) ) ||
+- (ret = mbedtls_mpi_lset (&k.Q.Z, 1) ) ||
+- (ret = mbedtls_ecp_check_pubkey (&k.grp, &k.Q) ) ||
+- (ret = mbedtls_ecdsa_from_keypair (&ecdsa, &k) ) ||
++ if ((ret = mbedtls_ecp_group_load (&k.MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_SECP256R1) ) ||
++ (ret = mbedtls_mpi_read_binary (&k.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), (u1_t*)key.buf, 32) ) ||
++ (ret = mbedtls_mpi_read_binary (&k.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), (u1_t*)key.buf+32, 32) ) ||
++ (ret = mbedtls_mpi_lset (&k.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 1) ) ||
++ (ret = mbedtls_ecp_check_pubkey (&k.MBEDTLS_PRIVATE(grp), &k.MBEDTLS_PRIVATE(Q)) ) ||
++ (ret = mbedtls_ecdsa_from_keypair (&ecdsa, &k) ) ||
+ (ret = mbedtls_ecdsa_read_signature (&ecdsa, sig->hash, sizeof(sig->hash), sig->signature, sig->len ))
+ ) {
+ verified = 0;
+--- a/src/tls.c
++++ b/src/tls.c
+@@ -28,7 +28,6 @@
+
+ #include "mbedtls/net_sockets.h"
+ #include "mbedtls/ssl.h"
+-#include "mbedtls/certs.h"
+ #include "mbedtls/entropy.h"
+ #include "mbedtls/ctr_drbg.h"
+ #include "mbedtls/error.h"
+@@ -230,7 +229,12 @@ int tls_setMyCert (tlsconf_t* conf, cons
+ keyb = (u1_t*)dbuf.buf;
+ keyl = dbuf.bufsize+1;
+ }
+- if( (ret = mbedtls_pk_parse_key(mykey, keyb, keyl, (const u1_t*)pwd, pwd?strlen(pwd):0)) != 0 ) {
++ ret = mbedtls_pk_parse_key(mykey, keyb, keyl, (const u1_t*)pwd, pwd?strlen(pwd):0
++#if MBEDTLS_VERSION_NUMBER >= 0x03000000 /* mbedtls 3.0.0 */
++ , mbedtls_ctr_drbg_random, assertDBRG()
++#endif
++ );
++ if( ret != 0 ) {
+ log_mbedError(ERROR, ret, "Parsing key");
+ goto errexit;
+ }
+--- a/src/tls.h
++++ b/src/tls.h
+@@ -30,7 +30,11 @@
+ #define _tls_h_
+
+ #include "mbedtls/ssl.h"
+-#include "mbedtls/net.h"
++#if MBEDTLS_VERSION_NUMBER < 0x02040000L
++#include <mbedtls/net.h>
++#else
++#include "mbedtls/net_sockets.h"
++#endif
+
+ typedef struct tlsconf tlsconf_t;
+ typedef struct mbedtls_ssl_context* tlsctx_p;
#
# Copyright (C) 2006-2012 OpenWrt.org
-# 2014-2020 Noah Meyerhans <frodo@morgul.net>
+# 2014-2024 Noah Meyerhans <frodo@morgul.net>
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=bind
-PKG_VERSION:=9.18.24
+PKG_VERSION:=9.20.0
PKG_RELEASE:=1
USERID:=bind=57:bind=57
PKG_SOURCE_URL:= \
https://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) \
https://ftp.isc.org/isc/bind9/$(PKG_VERSION)
-PKG_HASH:=709d73023c9115ddad3bab65b6c8c79a590196d0d114f5d0ca2533dbd52ddf66
+PKG_HASH:=cc580998017b51f273964058e8cb3aa5482bc785243dea71e5556ec565a13347
PKG_FIXUP:=autoreconf
PKG_REMOVE_FILES:=aclocal.m4 libtool.m4
+libpthread \
+libatomic \
+libuv \
+ +liburcu \
+BIND_ENABLE_DOH:libnghttp2 \
+BIND_ENABLE_GSSAPI:krb5-libs \
+BIND_ENABLE_GSSAPI:libcomerr \
--disable-geoip \
--with-openssl="$(STAGING_DIR)/usr" \
--without-lmdb \
- --enable-epoll \
--without-readline \
--sysconfdir=/etc/bind
include $(TOPDIR)/rules.mk
PKG_NAME:=boinc
-PKG_VERSION:=7.24.3
+PKG_VERSION:=8.0.4
PKG_VERSION_SHORT:=$(shell echo $(PKG_VERSION)| cut -f1,2 -d.)
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/BOINC/boinc
PKG_SOURCE_VERSION:=client_release/$(PKG_VERSION_SHORT)/$(PKG_VERSION)
-PKG_MIRROR_HASH:=568a87739949e018c3a0ab0b72ba887b82bfc1b91a060f1cf1266dbfe0a5f81b
+PKG_MIRROR_HASH:=9482abc4fae339bd28b9101987574f52c46bd426967a224173cdd89deb73ef4e
PKG_MAINTAINER:=Christian Dreihsig <christian.dreihsig@t-online.de>, Steffen Moeller <moeller@debian.org>
PKG_LICENSE:=GPL-3.0-or-later
--- a/configure.ac
+++ b/configure.ac
-@@ -543,8 +543,10 @@ SAH_CHECK_LIB([dl], [dlopen],
+@@ -546,8 +546,10 @@ SAH_CHECK_LIB([dl], [dlopen],
[BOINC_EXTRA_LIBS="${BOINC_EXTRA_LIBS} ${sah_lib_last}"])
SAH_CHECK_LIB([nsl], [gethostbyname],
[BOINC_EXTRA_LIBS="${BOINC_EXTRA_LIBS} ${sah_lib_last}"])
include $(TOPDIR)/rules.mk
PKG_NAME:=proto-bonding
-PKG_VERSION:=2021-04-09
-PKG_RELEASE:=3
+PKG_VERSION:=2021.04.09
+PKG_RELEASE:=1
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=
include $(TOPDIR)/rules.mk
PKG_NAME:=chrony
-PKG_VERSION:=4.5
-PKG_RELEASE:=2
+PKG_VERSION:=4.6
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://chrony-project.org/releases/
-PKG_HASH:=19fe1d9f4664d445a69a96c71e8fdb60bcd8df24c73d1386e02287f7366ad422
+PKG_HASH:=9adad4a5014420fc52b695896556fdfb49709dc7cd72d7f688d9eb85d5a274d5
PKG_MAINTAINER:=Miroslav Lichvar <mlichvar0@gmail.com>
PKG_LICENSE:=GPL-2.0
include $(TOPDIR)/rules.mk
PKG_NAME:=clamav
-PKG_VERSION:=1.3.0
+PKG_VERSION:=1.4.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.clamav.net/downloads/production/
-PKG_HASH:=0a86a6496320d91576037b33101119af6fd8d5b91060cd316a3a9c229e9604aa
+PKG_HASH:=d67ab299e5ca05dad3da299a5ea73d60209372a5becd7f13b9a33c290338a4e6
PKG_MAINTAINER:=Marko Ratkaj <markoratkaj@gmail.com> \
Lucian Cristian <lucian.cristian@gmail.com>
define Package/clamav/Default
SECTION:=net
- DEPENDS:=+check +libstdcpp +libpthread +zlib +libbz2 +libxml2 +libcurl +libjson-c +libmilter-sendmail +libopenssl +libltdl +libpcre2 $(ICONV_DEPENDS)
+ DEPENDS:=+check +libstdcpp +libpthread +zlib +libbz2 +libxml2 \
+ +libcurl +libjson-c +libmilter-sendmail +libopenssl +libltdl \
+ +libpcre2 $(ICONV_DEPENDS) $(RUST_ARCH_DEPENDS)
CATEGORY:=Network
SUBMENU:=Web Servers/Proxies
TITLE:=ClamAV
include $(TOPDIR)/rules.mk
PKG_NAME:=cloudflared
-PKG_VERSION:=2024.4.1
-PKG_RELEASE:=1
+PKG_VERSION:=2024.8.3
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/cloudflare/cloudflared/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=11bed2bd793cc03775aa6270797ed328434bc982e09fd3597e267590f28d2436
+PKG_HASH:=dd5c0a417020e16a916c87c0f0cff1aca51b0935ddbafdd093fc029fdc67751d
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
option token ''
option config '/etc/cloudflared/config.yml'
option origincert '/etc/cloudflared/cert.pem'
+ option edge_bind_address ''
+ option edge_ip_version ''
+ option grace_period ''
+ option protocol 'http2'
option region ''
+ option retries ''
+ option tag ''
+ option metrics ''
option loglevel 'info'
option logfile '/var/log/cloudflared.log'
append_param_arg() {
local value
config_get value "config" "$1" $2
- [ -n "$value" ] && procd_append_param command "--$1" "$value"
+ [ -n "$value" ] && procd_append_param command "--${1//_/-}" "$value"
}
start_service() {
append_param_arg "config" "/etc/cloudflared/config.yml"
append_param_arg "origincert" "/etc/cloudflared/cert.pem"
+ append_param_arg "edge_bind_address"
+ append_param_arg "edge_ip_version"
+ append_param_arg "grace_period"
+ append_param_arg "protocol"
append_param_arg "region"
+ append_param_arg "retries"
+ append_param_arg "tag"
+ append_param_arg "metrics"
append_param_arg "loglevel"
append_param_arg "logfile"
service_triggers() {
procd_add_reload_trigger "$CONF"
+ procd_add_interface_trigger "interface.*.up" "wan" /etc/init.d/cloudflared restart
}
include $(TOPDIR)/rules.mk
PKG_NAME:=croc
-PKG_VERSION:=9.6.15
+PKG_VERSION:=10.0.12
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/schollz/croc/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=ca118155cdf3ceb7496928b1c76387ba74f39b774372d30543e6cbd23d2c0a97
+PKG_HASH:=849670f3525a316c44787119e1f86365f7c81d66d8b52877ac5b314e226a1eb7
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
PKG_BUILD_PARALLEL:=1
PKG_BUILD_FLAGS:=no-mips16
-GO_PKG:=github.com/schollz/croc/v9
+GO_PKG:=github.com/schollz/croc/v10
GO_PKG_BUILD_PKG:=$(GO_PKG)
GO_PKG_LDFLAGS_X:=$(GO_PKG)/src/cli.Version=v$(PKG_VERSION)
include $(TOPDIR)/rules.mk
PKG_NAME:=crowdsec-firewall-bouncer
-PKG_VERSION:=0.0.28
-PKG_RELEASE:=2
+PKG_VERSION:=0.0.29
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/crowdsecurity/cs-firewall-bouncer/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=1e0f4d3cd8bc73da21eafc9b965fda0c1c1b0a27a2acc038004602797e4fccf0
+PKG_HASH:=d3b1b8d43fd063629c3875c6b17fa853e548ae43b0db8e770c98228872931a70
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
local section="$1"
+ local set_only
+ local hook_priority
local update_frequency
local log_level
local api_url
local log_max_backups
local log_max_age
local ipv4
- local input_chain_name
- local input6_chain_name
+ local chain_name
+ local chain6_name
+ local retry_initial_connect
+ config_get set_only $section set_only '1'
+ config_get hook_priority $section priority "4"
config_get update_frequency $section update_frequency '10s'
config_get log_level $section log_level 'info'
config_get api_url $section api_url "http://127.0.0.1:8080"
config_get log_max_backups $section log_max_backups '3'
config_get log_max_age $section log_max_age '30'
config_get_bool ipv4 $section ipv4 '1'
- config_get input_chain_name $section input_chain_name "input"
- config_get input6_chain_name $section input6_chain_name "input"
+ config_get chain_name $section chain_name "crowdsec-chain"
+ config_get chain6_name $section chain6_name "crowdsec6-chain"
+ config_get_bool retry_initial_connect $section retry_initial_connect '1'
# Create tmp dir & permissions if needed
if [ ! -d "${VARCONFIGDIR}" ]; then
log_max_age: $log_max_age
api_url: $api_url
api_key: $api_key
+ retry_initial_connect: bool($retry_initial_connect)
insecure_skip_verify: true
disable_ipv6: boolnot($ipv6)
deny_action: $deny_action
nftables:
ipv4:
enabled: bool($ipv4)
- set-only: true
+ set-only: bool($set_only)
table: $TABLE
- chain: $input_chain_name
+ chain: $chain_name
+ priority: $hook_priority
ipv6:
enabled: bool($ipv6)
- set-only: true
+ set-only: bool($set_only)
table: $TABLE6
- chain: $input6_chain_name
+ chain: $chain6_name
+ priority: $hook_priority
+ nftables_hooks:
+ - input
+ - forward
# packet filter
pf:
- # an empty disables the anchor
+ # an empty string disables the anchor
anchor_name: ""
prometheus:
enabled: false
local section="$1"
- local priority
+ local hook_priority
local deny_action
local deny_log
local log_prefix
local ipv6
local filter_input
local filter_forward
- local input_chain_name
- local forward_chain_name
- local input6_chain_name
- local forward6_chain_name
+ local chain_name
+ local chain6_name
local interface
local log_term=""
- config_get priority $section priority "4"
+ config_get hook_priority $section priority "4"
config_get deny_action $section deny_action "drop"
config_get_bool deny_log $section deny_log '0'
config_get log_prefix $section log_prefix "crowdsec: "
config_get_bool ipv6 $section ipv6 '1'
config_get_bool filter_input $section filter_input '1'
config_get_bool filter_forward $section filter_forward '1'
- config_get input_chain_name $section input_chain_name "input"
- config_get forward_chain_name $section forward_chain_name "forward"
- config_get input6_chain_name $section input6_chain_name "input"
- config_get forward6_chain_name $section forward6_chain_name "forward"
+ config_get chain_name $section chain_name "crowdsec-chain"
+ config_get chain6_name $section chain6_name "crowdsec6-chain"
config_get interface $section interface 'eth1'
if [ "$deny_log" -eq "1" ] ; then
nft add set ip crowdsec crowdsec-blacklists '{ type ipv4_addr; flags timeout; }'
if [ "$filter_input" -eq "1" ] ; then
- nft add chain ip "$TABLE" $input_chain_name "{ type filter hook input priority $priority; policy accept; }"
- nft add rule ip "$TABLE" $input_chain_name iifname { $interface } ct state new ip saddr @crowdsec-blacklists ${log_term} counter $deny_action
+ nft add chain ip "$TABLE" $chain_name-input "{ type filter hook input priority $hook_priority; policy accept; }"
+ nft add rule ip "$TABLE" $chain_name-input iifname { $interface } ct state new ip saddr @crowdsec-blacklists ${log_term} counter $deny_action
fi
if [ "$filter_forward" -eq "1" ] ; then
- nft add chain ip "$TABLE" $forward_chain_name "{ type filter hook forward priority $priority; policy accept; }"
- nft add rule ip "$TABLE" $forward_chain_name iifname { $interface } ct state new ip saddr @crowdsec-blacklists ${log_term} counter $deny_action
+ nft add chain ip "$TABLE" $chain_name-forward "{ type filter hook forward priority $hook_priority; policy accept; }"
+ nft add rule ip "$TABLE" $chain_name-forward iifname { $interface } ct state new ip daddr != 224.0.0.0/4 ip saddr @crowdsec-blacklists ${log_term} counter $deny_action
fi
fi
nft add set ip6 crowdsec6 crowdsec6-blacklists '{ type ipv6_addr; flags timeout; }'
if [ "$filter_input" -eq "1" ] ; then
- nft add chain ip6 "$TABLE6" $input6_chain_name "{ type filter hook input priority $priority; policy accept; }"
- nft add rule ip6 "$TABLE6" $input6_chain_name iifname { $interface } ct state new ip6 saddr @crowdsec6-blacklists ${log_term} counter $deny_action
+ nft add chain ip6 "$TABLE6" $chain6_name-input "{ type filter hook input priority $hook_priority; policy accept; }"
+ nft add rule ip6 "$TABLE6" $chain6_name-input iifname { $interface } ct state new ip6 saddr @crowdsec6-blacklists ${log_term} counter $deny_action
fi
if [ "$filter_forward" -eq "1" ] ; then
- nft add chain ip6 "$TABLE6" $forward6_chain_name "{ type filter hook forward priority $priority; policy accept; }"
- nft add rule ip6 "$TABLE6" $forward6_chain_name iifname { $interface } ct state new ip6 saddr @crowdsec6-blacklists ${log_term} counter $deny_action
+ nft add chain ip6 "$TABLE6" $chain6_name-forward "{ type filter hook forward priority $hook_priority; policy accept; }"
+ nft add rule ip6 "$TABLE6" $chain6_name-forward iifname { $interface } ct state new ip6 saddr @crowdsec6-blacklists ${log_term} counter $deny_action
fi
fi
}
local enabled
config_get_bool enabled $section enabled 0
+ config_get_bool set_only $section set_only 1
if [ "$enabled" -eq "1" ] ; then
init_yaml "$section"
- init_nftables "$section"
+ if [ "$set_only" -eq "1" ] ; then
+ init_nftables "$section"
+ fi
procd_open_instance
procd_set_param command "$PROG" -c "$VARCONFIG"
nft delete table ip crowdsec 2>/dev/null
nft delete table ip6 crowdsec6 2>/dev/null
}
-
-
include $(TOPDIR)/rules.mk
PKG_NAME:=crowdsec
-PKG_VERSION:=1.6.0
+PKG_VERSION:=1.6.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/crowdsecurity/crowdsec/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=6d79d67383c7faed6c5b2019e4f01c6ed84334c8c45cd1736ff18a03167aa192
+PKG_HASH:=5f8a4d6ebdaec0a31f6c66c8523896167be59f270b4337ce1db44f62403e7d94
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
include $(INCLUDE_DIR)/nls.mk
PKG_NAME:=curl
-PKG_VERSION:=8.7.1
-PKG_RELEASE:=2
+PKG_VERSION:=8.10.1
+PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/curl/curl/releases/download/curl-$(subst .,_,$(PKG_VERSION))/ \
- https://dl.uxnr.de/mirror/curl/ \
- https://curl.askapache.com/download/ \
https://curl.se/download/
-PKG_HASH:=05bbd2b698e9cfbab477c33aa5e99b4975501835a41b7ca6ca71de03d8849e76
+PKG_HASH:=73a4b0e99596a09fa5924a4fb7e4b995a85fda0d18a2c02ab9cf134bebce04ee
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=COPYING
define Package/curl/Default
SECTION:=net
CATEGORY:=Network
- URL:=http://curl.se/
- MAINTAINER:=
+ URL:=https://curl.se/
+ MAINTAINER:=Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
endef
define Package/curl
+++ /dev/null
-From: Kailun Qin <kailun.qin@intel.com>
-Date: Mon, 8 Apr 2024 05:13:56 -0400
-Subject: [PATCH] mbedtls: call mbedtls_ssl_setup() after RNG callback is set
-
-Since mbedTLS v3.6.0, the RNG check added in ssl_conf_check() will fail
-if no RNG is provided when calling mbedtls_ssl_setup().
-
-Therefore, mbedtls_ssl_conf_rng() needs to be called before the SSL
-context is passed to mbedtls_ssl_setup().
-
-Ref: https://github.com/Mbed-TLS/mbedtls/commit/b422cab052b51ec84758638d6783d6ba4fc60613
-
-Signed-off-by: Kailun Qin <kailun.qin@intel.com>
-Closes #13314
----
-
---- a/lib/vtls/mbedtls.c
-+++ b/lib/vtls/mbedtls.c
-@@ -602,10 +602,6 @@ mbed_connect_step1(struct Curl_cfilter *
- }
-
- mbedtls_ssl_init(&backend->ssl);
-- if(mbedtls_ssl_setup(&backend->ssl, &backend->config)) {
-- failf(data, "mbedTLS: ssl_init failed");
-- return CURLE_SSL_CONNECT_ERROR;
-- }
-
- /* new profile with RSA min key len = 1024 ... */
- mbedtls_ssl_conf_cert_profile(&backend->config,
-@@ -639,6 +635,15 @@ mbed_connect_step1(struct Curl_cfilter *
-
- mbedtls_ssl_conf_rng(&backend->config, mbedtls_ctr_drbg_random,
- &backend->ctr_drbg);
-+
-+ ret = mbedtls_ssl_setup(&backend->ssl, &backend->config);
-+ if(ret) {
-+ mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
-+ failf(data, "ssl_setup failed - mbedTLS: (-0x%04X) %s",
-+ -ret, errorbuf);
-+ return CURLE_SSL_CONNECT_ERROR;
-+ }
-+
- mbedtls_ssl_set_bio(&backend->ssl, cf,
- mbedtls_bio_cf_write,
- mbedtls_bio_cf_read,
--- a/Makefile.am
+++ b/Makefile.am
-@@ -135,7 +135,7 @@ CLEANFILES = $(VC14_LIBVCXPROJ) $(VC14_S
+@@ -94,7 +94,7 @@ CLEANFILES = $(VC14_LIBVCXPROJ) $(VC14_S
bin_SCRIPTS = curl-config
SUBDIRS = lib docs src scripts
--DIST_SUBDIRS = $(SUBDIRS) tests packages scripts include docs
+-DIST_SUBDIRS = $(SUBDIRS) tests packages include docs
+DIST_SUBDIRS = $(SUBDIRS) packages include
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libcurl.pc
-@@ -244,12 +244,9 @@ cygwinbin:
+@@ -203,12 +203,9 @@ cygwinbin:
if BUILD_DOCS
install-data-hook:
(cd include && $(MAKE) install)
+++ /dev/null
-#
-# Copyright (C) 2007-2011 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=daemonlogger
-PKG_VERSION:=1.2.1
-PKG_RELEASE:=1
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=@SF/daemonlogger
-PKG_HASH:=79fcd34d815e9c671ffa1ea3c7d7d50f895bb7a79b4448c4fd1c37857cf44a0b
-
-PKG_LICENSE:=GPL-2.0
-PKG_LICENSE_FILES:=COPYING
-
-PKG_MAINTAINER:=Mirko Vogt <mirko@openwrt.org>
-
-PKG_INSTALL:=1
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/daemonlogger
- SECTION:=net
- CATEGORY:=Network
- DEPENDS:=+libpcap +libdnet
- TITLE:=Software Network Tap
- URL:=http://www.snort.org/snort-downloads/additional-downloads
-endef
-
-CONFIGURE_VARS += \
- BUILD_CC="$(TARGET_CC)" \
- HOSTCC="$(HOSTCC)"
-
-MAKE_FLAGS := CCOPT="$(TARGET_CFLAGS)" INCLS="-I. $(TARGET_CPPFLAGS)"
-
-define Package/daemonlogger/install
- $(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/daemonlogger $(1)/usr/bin/
-endef
-
-$(eval $(call BuildPackage,daemonlogger))
PKG_NAME:=dante
PKG_VERSION:=1.4.3
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.inet.no/dante/files/
--- /dev/null
+--- a/include/osdep.h
++++ b/include/osdep.h
+@@ -218,6 +218,7 @@
+ #endif /* HAVE_STDDEF_H */
+
+ #if HAVE_PTHREAD_H
++#define _GNU_SOURCE
+ #include <pthread.h>
+ #endif /* HAVE_PTHREAD_H */
+
+--- a/lib/Rbindresvport.c
++++ b/lib/Rbindresvport.c
+@@ -72,11 +72,11 @@ Rbindresvport(s, _sin)
+
+ if (_sin == NULL) {
+ slog(LOG_DEBUG, "%s: fd %d, _sin = %p", function, s, _sin);
+- return bindresvport(s, _sin);
++ return Rbindresvport(s, _sin);
+ }
+
+ usrsockaddrcpy(&sin, TOSS(_sin), sizeof(*_sin));
+- if (bindresvport(s, TOIN(&sin)) != 0) {
++ if (Rbindresvport(s, TOIN(&sin)) != 0) {
+ slog(LOG_DEBUG, "%s: bindresvport(%d, %s) failed: %s",
+ function,
+ s,
+--- a/lib/Rconnect.c
++++ b/lib/Rconnect.c
+@@ -433,7 +433,7 @@ Rconnect(s, _name, namelen)
+ TOIN(&socksfd.local)->sin_port = htons(0);
+
+ /* LINTED pointer casts may be troublesome */
+- bindresvport(s, TOIN(&socksfd.local));
++ Rbindresvport(s, TOIN(&socksfd.local));
+ }
+
+ return Rconnect(s, TOSA(&name), namelen);
+--- a/libscompat.m4
++++ b/libscompat.m4
+@@ -34,6 +34,7 @@ AC_TRY_COMPILE([
+ #include <sys/types.h>
+ #include <sys/socket.h>
+ #include <stdio.h>
++#include <string.h>
+ #include <sys/ioctl.h>
+ #include <net/if.h>
+ #ifndef SIOCGIFHWADDR
+@@ -103,6 +104,7 @@ AC_CHECK_FUNC(getpassphrase,
+
+ AC_MSG_CHECKING([for sched_setaffinity])
+ AC_TRY_COMPILE([
++#define _GNU_SOURCE
+ #include <sched.h>
+ ],
+ [ cpu_set_t set1;
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=databag
+PKG_VERSION:=1.1.11
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://github.com/balzack/databag/releases/download/v$(PKG_VERSION)/server.tar.gz?
+PKG_HASH:=b4f9b46ffc9810156c6b8e50216ee4b703b5967a3a88acd982e0ce9ee42098e4
+
+PKG_MAINTAINER:=Roland Osborne <roland.osborne@gmail.com>
+PKG_LICENSE:=Apache-2.0
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_BUILD_DEPENDS:=golang/host
+PKG_BUILD_PARALLEL:=1
+PKG_BUILD_FLAGS:=no-mips16
+
+GO_PKG:=databag
+
+include $(INCLUDE_DIR)/package.mk
+include ../../lang/golang/golang-package.mk
+
+TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS)
+
+define Package/databag
+ SECTION:=net
+ CATEGORY:=Network
+ SUBMENU:=Instant Messaging
+ TITLE:=Federated Messaging Service
+ URL:=https://github.com/balzack/databag
+ DEPENDS:=$(GO_ARCH_DEPENDS)
+endef
+
+define Package/databag/description
+ Databag is a federated messaging service with browser and mobile clients.
+endef
+
+define Package/databag/conffiles
+/etc/config/databag
+endef
+
+define Download/static_web
+ URL:=https://github.com/balzack/databag/releases/download/v$(PKG_VERSION)
+ URL_FILE:=webapp.tar.gz
+ FILE:=$(PKG_NAME)-$(PKG_VERSION)-webapp.tar.gz
+ HASH:=9a9a4332a4837e356b3815fec3aacf5099d8a11dfcdad83847790d235101fa05
+endef
+
+TARGET_CFLAGS += "-D_LARGEFILE64_SOURCE"
+
+define Package/databag/install
+ $(call GoPackage/Package/Install/Bin,$(1))
+ $(INSTALL_DIR) $(1)/usr/share/databag
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/databag.db $(1)/usr/share/databag/
+ $(INSTALL_DIR) $(1)/usr/share/databag/web
+ gzip -dc $(DL_DIR)/$(PKG_NAME)-$(PKG_VERSION)-webapp.tar.gz | $(HOST_TAR) -C $(1)/usr/share/databag/web/ $(TAR_OPTIONS)
+
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) files/databag.init $(1)/etc/init.d/databag
+ $(INSTALL_DIR) $(1)/etc/config
+ $(INSTALL_CONF) files/databag.config $(1)/etc/config/databag
+endef
+
+$(eval $(call Download,static_web))
+$(eval $(call GoBinPackage,databag))
+$(eval $(call BuildPackage,databag))
--- /dev/null
+##
+## Databag is a federated messaging service
+##
+
+config databag 'config'
+
+ ## path where database and assets are store
+ option store_path '/tmp/databag/store'
+
+ ## listening port for the service
+ option service_port '7001'
+
--- /dev/null
+#!/bin/sh /etc/rc.common
+
+USE_PROCD=1
+START=50
+STOP=51
+
+start_service() {
+ # load config
+ config_load databag
+ config_get store_path "config" "store_path" "/tmp/databag/store"
+ config_get service_port "config" "service_port" "7001"
+
+ # init store
+ mkdir -p "${store_path}"
+ cp -n "/usr/share/databag/databag.db" "${store_path}"
+
+ # setup serice
+ procd_open_instance
+ procd_set_param command "/usr/bin/databag"
+ procd_append_param command -p "${service_port}"
+ procd_append_param command -s "${store_path}"
+ procd_append_param command -w "/usr/share/databag/web/build"
+ procd_close_instance
+}
PKG_NAME:=dcwapd
PKG_VERSION:=1.1.0
-PKG_RELEASE:=5
+PKG_RELEASE:=6
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/ewsi/$(PKG_NAME)/tar.gz/v$(PKG_VERSION)?
config_load "$CONFIGURATION"
local enabled
- config_get enabled general enabled
+ config_get_bool enabled general enabled
if [ "$enabled" != "1" ]; then
echo "dcwapd is disabled in UCI"
return 1
PKG_NAME:=ddns-scripts
PKG_VERSION:=2.8.2
-PKG_RELEASE:=44
+PKG_RELEASE:=47
PKG_LICENSE:=GPL-2.0
endef
+define Package/ddns-scripts-porkbun
+ $(call Package/ddns-scripts/Default)
+ TITLE:=Extension for porkbun.com API v3
+ DEPENDS:=ddns-scripts +curl
+ PROVIDES:=ddns-scripts_porkbun.com-v3
+endef
+
+define Package/ddns-scripts-porkbun/description
+ Dynamic DNS Client scripts extension for porkbun.com API v3 (require curl)
+ It requires:
+ "option username" to be a Porkbun API key
+ "option password" to be the corresponding Porkbun API secret key
+ "option domain" to be the FQDN for which to configure DDNS
+endef
+
+
define Build/Configure
endef
rm $(1)/usr/share/ddns/default/transip.nl.json
rm $(1)/usr/share/ddns/default/ns1.com.json
rm $(1)/usr/share/ddns/default/one.com.json
+ rm $(1)/usr/share/ddns/default/porkbun.com-v3.json
endef
endef
+define Package/ddns-scripts-porkbun/install
+ $(INSTALL_DIR) $(1)/usr/lib/ddns
+ $(INSTALL_BIN) ./files/usr/lib/ddns/update_porkbun_v3.sh \
+ $(1)/usr/lib/ddns
+
+ $(INSTALL_DIR) $(1)/usr/share/ddns/default
+ $(INSTALL_DATA) ./files/usr/share/ddns/default/porkbun.com-v3.json \
+ $(1)/usr/share/ddns/default/
+endef
+
+define Package/ddns-scripts-porkbun/prerm
+#!/bin/sh
+if [ -z "$${IPKG_INSTROOT}" ]; then
+ /etc/init.d/ddns stop
+fi
+exit 0
+endef
+
+
$(eval $(call BuildPackage,ddns-scripts))
$(eval $(call BuildPackage,ddns-scripts-services))
$(eval $(call BuildPackage,ddns-scripts-utils))
$(eval $(call BuildPackage,ddns-scripts-transip))
$(eval $(call BuildPackage,ddns-scripts-ns1))
$(eval $(call BuildPackage,ddns-scripts-one))
+$(eval $(call BuildPackage,ddns-scripts-porkbun))
return 2
}
# extract IP address
- if [ -n "$BIND_HOST" -o -n "$KNOT_HOST" ]; then # use BIND host or Knot host if installed
+ if [ -n "$BIND_HOST" ]; then # use BIND host if installed
__IPV4="$(awk -F "address " '/has address/ {print $2; exit}' "$DATFILE")"
__IPV6="$(awk -F "address " '/has IPv6/ {print $2; exit}' "$DATFILE")"
+ elif [ -n "$KNOT_HOST" ]; then # use Knot host if installed
+ __IPV4="$(awk -F "address " '/has IPv4/ {print $2; exit}' "$DATFILE")"
+ __IPV6="$(awk -F "address " '/has IPv6/ {print $2; exit}' "$DATFILE")"
elif [ -n "$DRILL" ]; then # use drill if installed
__IPV4="$(awk '/^'"$__HOST"'/ {print $5}' "$DATFILE" | grep -m 1 -o "$IPV4_REGEX")"
__IPV6="$(awk '/^'"$__HOST"'/ {print $5}' "$DATFILE" | grep -m 1 -o "$IPV6_REGEX")"
write_log 7 "last update: $(eval $EPOCH_TIME)"
fi
-# verify DNS server
-[ -n "$dns_server" ] && verify_dns "$dns_server"
-
# verify Proxy server and set environment
[ -n "$proxy" ] && {
verify_proxy "$proxy" && {
--- /dev/null
+#
+# Distributed under the terms of the GNU General Public License (GPL) version 2.0
+# 2024 Ansel Horn <dev@cahorn.net>
+#
+# Script for DDNS support via Porkbun's v3 API for the OpenWRT ddns-scripts package.
+#
+# Will attempt to create a new or edit an existing A or AAAA record for the
+# given domain and subdomain. Existing CNAME and ALIAS records WILL NOT BE
+# EDITED OR DELETED! "username" and "password" configurations should be set to
+# Porkbun API key and secret key, respectively.
+#
+# Porkbun API documentation:
+# https://porkbun.com/api/json/v3/documentation#DNS%20Create%20Record
+#
+
+# Source JSON parser
+. /usr/share/libubox/jshn.sh
+
+# Set API base URL
+# Porkbun has warned it may change API hostname in the future:
+# https://porkbun.com/api/json/v3/documentation#apiHost
+__API="https://api.porkbun.com/api/json/v3"
+
+# Check availability of cURL with SSL
+[ -z "$CURL" ] && [ -z "$CURL_SSL" ] && write_log 14 "cURL with SSL support required! Please install"
+
+# Validate configuration
+[ -z "$domain" ] && write_log 14 "Service section not configured correctly! Missing 'domain'"
+[ -z "$username" ] && write_log 14 "Service section not configured correctly! Missing 'username'"
+[ -z "$password" ] && write_log 14 "Service section not configured correctly! Missing 'password'"
+
+# Split FQDN into domain and subdomain(s)
+__DOMAIN_REGEX='^\(\(.*\)\.\)\?\([^.]\+\.[^.]\+\)$'
+echo $domain | grep "$__DOMAIN_REGEX" > /dev/null || write_log 14 "Invalid domain! Check 'domain' config"
+__DOMAIN=$(echo $domain | sed -e "s/$__DOMAIN_REGEX/\3/")
+__SUBDOMAIN=$(echo $domain | sed -e "s/$__DOMAIN_REGEX/\2/")
+
+# Determine IPv4 or IPv6 address and record type
+if [ "$use_ipv6" -eq 1 ]; then
+ expand_ipv6 "$__IP" __ADDR
+ __TYPE="AAAA"
+else
+ __ADDR="$__IP"
+ __TYPE="A"
+fi
+
+
+# Inject authentication into API request JSON payload
+function json_authenticate() {
+ json_add_string "apikey" "$username"
+ json_add_string "secretapikey" "$password"
+}
+
+# Make Porkbun API call
+# $1 - Porkbun API endpoint
+# $2 - request JSON payload
+function api_call() {
+ local response url
+ url="$__API/$1"
+ write_log 7 "API endpoint URL: $url"
+ write_log 7 "API request JSON payload: $2"
+ response=$($CURL --data "$2" "$url")
+ write_log 7 "API response JSON payload: $response"
+ echo "$response"
+
+
+# Check Porkbun API response status
+function json_check_status() {
+ local status
+ json_get_var status "status"
+ [ "$status" == "SUCCESS" ] || write_log 14 "API request failed!"
+}
+
+# Review DNS record and, if it is the record we're looking for, get its id
+function callback_review_record() {
+ local id name type
+ json_select "$2"
+ json_get_var id "id"
+ json_get_var name "name"
+ json_get_var type "type"
+ [ "$name" == "$domain" -a "$type" == "$__TYPE" ] && echo "$id"
+ json_select ..
+}
+
+# Retrieve all DNS records, find the first appropriate A/AAAA record, and get its id
+function find_existing_record_id() {
+ local request response
+ json_init
+ json_authenticate
+ request=$(json_dump)
+ response=$(api_call "/dns/retrieve/$__DOMAIN" "$request")
+ json_load "$response"
+ json_check_status
+ json_for_each_item callback_review_record "records"
+}
+
+# Create a new A/AAAA record
+function create_record() {
+ local request response
+ json_init
+ json_authenticate
+ json_add_string "name" "$__SUBDOMAIN"
+ json_add_string "type" "$__TYPE"
+ json_add_string "content" "$__ADDR"
+ request=$(json_dump)
+ response=$(api_call "/dns/create/$__DOMAIN" "$request")
+ json_load "$response"
+ json_check_status
+}
+
+# Retrieve an existing record and get its content
+# $1 - record id to retrieve
+function retrieve_record_content() {
+ local content request response
+ json_init
+ json_authenticate
+ request=$(json_dump)
+ response=$(api_call "/dns/retrieve/$__DOMAIN/$1" "$request")
+ json_load "$response"
+ json_check_status
+ json_select "records"
+ json_select 1
+ json_get_var content "content"
+ echo "$content"
+}
+
+# Edit an existing A/AAAA record
+# $1 - record id to edit
+function edit_record() {
+ local request response
+ json_init
+ json_authenticate
+ json_add_string "type" "$__TYPE"
+ json_add_string "content" "$__ADDR"
+ request=$(json_dump)
+ response=$(api_call "/dns/edit/$__DOMAIN/$1" "$request")
+ json_load "$response"
+ json_check_status
+}
+
+
+# Try to identify an appropriate existing DNS record to update
+if [ -z $rec_id]; then
+ write_log 7 "Retrieving DNS $__TYPE record"
+ __ID=$(find_existing_record_id)
+else
+ write_log 7 "Using user-supplied DNS record id: $rec_id"
+ __ID=$rec_id
+fi
+
+# Create or update DNS record with current IP address
+if [ -z "$__ID" ]; then
+ write_log 7 "Creating new DNS $__TYPE record"
+ create_record
+else
+ write_log 7 "Updating existing DNS $__TYPE record"
+ if [ "$(retrieve_record_content $__ID)" == "$__ADDR" ]; then
+ write_log 7 "Skipping Porkbun-unsupported forced noop update"
+ else
+ edit_record "$__ID"
+ fi
+fi
{
"name": "ovh.com",
"ipv4": {
- "url": "http://[USERNAME]:[PASSWORD]@www.ovh.com/nic/update?system=dyndns&hostname=[DOMAIN]&myip=[IP]",
+ "url": "https://[USERNAME]:[PASSWORD]@dns.eu.ovhapis.com/nic/update?system=dyndns&hostname=[DOMAIN]&myip=[IP]",
+ "answer": "good|nochg"
+ },
+ "ipv6": {
+ "url": "https://[USERNAME]:[PASSWORD]@dns.eu.ovhapis.com/nic/update?system=dyndns&hostname=[DOMAIN]&myip=[IP]",
"answer": "good|nochg"
}
}
--- /dev/null
+{
+ "name": "porkbun.com-v3",
+ "ipv4": {
+ "url": "update_porkbun_v3.sh"
+ },
+ "ipv6": {
+ "url": "update_porkbun_v3.sh"
+ }
+}
include $(TOPDIR)/rules.mk
PKG_NAME:=dhcpcd
-PKG_VERSION:=9.4.1
+PKG_VERSION:=10.0.10
PKG_RELEASE:=1
-PKG_SOURCE_URL:=ftp://roy.marples.name/pub/dhcpcd \
- http://roy.marples.name/downloads/dhcpcd
+PKG_SOURCE_URL:=https://github.com/NetworkConfiguration/dhcpcd/releases/download/v$(PKG_VERSION)/
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_HASH:=819357634efed1ea5cf44ec01b24d3d3f8852fec8b4249925dcc5667c54e376c
+PKG_HASH:=d582012992efddd2442bb1213c518a37d90febbcf8b11f8e76448c710dacad27
PKG_LICENSE:=BSD-2c
PKG_LICENSE_FILES:=
CATEGORY:=Network
TITLE:=DHCPv4/IPv4LL/IPv6RS/DHCPv6 quad stack client
URL:=http://roy.marples.name/projects/dhcpcd
+ USERID:=dhcpcd:dhcpcd
endef
define Package/dhcpcd/description
include $(TOPDIR)/rules.mk
PKG_NAME:=dhtd
-PKG_VERSION:=1.0.1
+PKG_VERSION:=1.0.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/mwarning/dhtd/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=7b1338059dfb9ed2300bb6b005d7cd677d99df8c74846eaed1b0cb97641b7297
+PKG_HASH:=15c10eec45800e8bc11489a8e4b6e36610b523a534f921b785b95dedca358b20
PKG_MAINTAINER:=Moritz Warning <moritzwarning@web.de>
PKG_LICENSE:=MIT
include $(TOPDIR)/rules.mk
PKG_NAME:=dnsdist
-PKG_VERSION:=1.9.4
+PKG_VERSION:=1.9.6
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://downloads.powerdns.com/releases/
-PKG_HASH:=297d3a3751af4650665c9d3890a1d5a7a0467175f2c8607d0d5980e3fd67ef14
+PKG_HASH:=f6c48d95525693fea6bd9422f3fdf69a77c75b06f02ed14ff0f42072f72082c9
PKG_MAINTAINER:=Peter van Dijk <peter.van.dijk@powerdns.com>, Remi Gacogne <remi.gacogne@powerdns.com>
PKG_LICENSE:=GPL-2.0-only
config 'dnsdist' 'general'
option enabled '0'
+ option user 'root'
+ option group 'root'
config_load dnsdist
local cfg=general
local enabled
+ local user
+ local group
config_get_bool enabled "$cfg" 'enabled' 1
+ config_get user "$cfg" user root
+ config_get group "$cfg" group root
[ $enabled -gt 0 ] || return 1
procd_open_instance
procd_set_param command dnsdist --supervised -C /etc/dnsdist.conf
+ [ "$user" != root ] && procd_append_param command -u "$user"
+ [ "$group" != root ] && procd_append_param command -g "$group"
procd_set_param file /etc/dnsdist.conf
procd_set_param respawn
procd_close_instance
include $(TOPDIR)/rules.mk
PKG_NAME:=dnslookup
-PKG_VERSION:=1.10.1
+PKG_VERSION:=1.11.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/ameshkov/dnslookup/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=f7b6ffb70136210ee321dee3e30a4c2b97958f7286cc7f0979aab3d8ed8ea723
+PKG_HASH:=31967c89406aa6da5f69c563815e58478b530c8e55f0d995065a363f68d5e535
PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
PKG_LICENSE:=MIT
include $(TOPDIR)/rules.mk
PKG_NAME:=dnsproxy
-PKG_VERSION:=0.71.1
+PKG_VERSION:=0.73.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/AdguardTeam/dnsproxy/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=9c55c83ce3521c5197293a7618ed3ff103d236344aabf73ba37055e3964d2087
+PKG_HASH:=9ab32251344f8353f3d3b02092fff887c30eaa1109839ec632bfe69d9fea25ab
PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
PKG_LICENSE:=Apache-2.0
option enabled '0'
option edns_addr ''
+config dnsproxy 'hosts'
+ option enabled '0'
+ list hosts_files ''
+
config dnsproxy 'private_rdns'
option enabled '0'
list upstream '127.0.0.1:53'
is_enabled() {
local enabled
- config_get enabled "$1" "$2" "0"
+ config_get_bool enabled "$1" "$2" "0"
if [ "$enabled" -eq "1" ]; then
return 0
else
load_config_list() {
if is_empty "global" "listen_addr"; then
append_param "--listen" "127.0.0.1"
- else
+ else
config_list_foreach "global" "listen_addr" "append_param '--listen'"
fi
if is_empty "global" "listen_port"; then
append_param "--port" "5353"
- else
+ else
config_list_foreach "global" "listen_port" "append_param '--port'"
fi
is_empty "bogus_nxdomain" "ip_addr" || config_list_foreach "bogus_nxdomain" "ip_addr" "append_param '--bogus-nxdomain'"
+ is_enabled "hosts" "enabled" && {
+ config_list_foreach "hosts" "hosts_files" "append_param '--hosts-files'"
+ }
+
is_enabled "private_rdns" "enabled" && {
append_param "--use-private-rdns"
config_list_foreach "private_rdns" "upstream" "append_param '--private-rdns-upstream'"
append_param_arg "global" "rate_limit" "--ratelimit"
append_param_arg "global" "udp_buf_size" "--udp-buf-size"
+ append_param_arg "hosts" "enabled" "--hosts-file-enabled" "0"
+
is_enabled "cache" "enabled" && {
append_param "--cache"
append_param_bool "cache" "cache_optimistic"
include $(TOPDIR)/rules.mk
PKG_NAME:=fping
-PKG_VERSION:=5.1
+PKG_VERSION:=5.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://fping.org/dist
-PKG_HASH:=1ee5268c063d76646af2b4426052e7d81a42b657e6a77d8e7d3d2e60fd7409fe
+PKG_HASH:=a7692d10d73fb0bb76e1f7459aa7f19bbcdbfc5adbedef02f468974b18b0e42f
PKG_MAINTAINER:=Nikil Mehta <nikil.mehta@gmail.com>
PKG_LICENSE:=BSD-4-Clause
include $(TOPDIR)/rules.mk
PKG_NAME:=freeradius3
-PKG_VERSION:=3_0_26
-PKG_RELEASE:=4
+PKG_VERSION:=3.2.5
+PKG_RELEASE:=3
-PKG_SOURCE:=release_$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://codeload.github.com/FreeRADIUS/freeradius-server/tar.gz/release_$(PKG_VERSION)?
-PKG_HASH:=6aea98d6126035e7ccca483d8b3faea447030169639807017ec98985b78fb2ca
+PKG_SOURCE:=freeradius-server-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://www.freeradius.org/ftp/pub/freeradius/
+PKG_HASH:=1e75f5fc1961d9854d1cb3c6921612fbe2b9edb8ee508a5a7cbd69f1e7607115
PKG_MAINTAINER:=
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYRIGHT LICENSE
PKG_CPE_ID:=cpe:/a:freeradius:freeradius
-PKG_BUILD_DIR:=$(BUILD_DIR)/freeradius-server-release_$(PKG_VERSION)
-PKG_FIXUP:=autoreconf
+PKG_BUILD_DIR:=$(BUILD_DIR)/freeradius-server-$(PKG_VERSION)
PYTHON3_PKG_BUILD:=0
PKG_CONFIG_DEPENDS := \
/etc/freeradius3/mods-config/attr_filter/pre-proxy
endef
+define Package/freeradius3-mod-cache
+ $(call Package/freeradius3/Default)
+ DEPENDS:=freeradius3
+ TITLE:=DATASTORE CACHE
+endef
+
+define Package/freeradius3-mod-cache/conffiles
+/etc/freeradius3/mods-available/cache
+endef
+
+define Package/freeradius3-mod-cache-rbtree
+ $(call Package/freeradius3/Default)
+ DEPENDS:=freeradius3 +freeradius3-mod-cache
+ TITLE:=DATASTORE CACHE RBTREE
+endef
+
+define Package/freeradius3-mod-cache-redis
+ $(call Package/freeradius3/Default)
+ DEPENDS:=freeradius3 +freeradius3-mod-cache +libhiredis
+ TITLE:=DATASTORE CACHE REDIS
+endef
+
define Package/freeradius3-mod-chap
$(call Package/freeradius3/Default)
DEPENDS:=freeradius3
/etc/freeradius3/mods-enabled/digest
endef
+define Package/freeradius3-mod-dpsk
+ $(call Package/freeradius3/Default)
+ DEPENDS:=freeradius3
+ TITLE:=MODULE DPSK
+endef
+
+define Package/freeradius3-mod-dpsk/conffiles
+/etc/freeradius3/mods-available/dpsk
+endef
+
define Package/freeradius3-mod-dynamic-clients
$(call Package/freeradius3/Default)
DEPENDS:=freeradius3
TITLE:=EAP/PWD module
endef
+define Package/freeradius3-mod-eap-sim
+ $(call Package/freeradius3/Default)
+ DEPENDS:=freeradius3-mod-eap
+ TITLE:=EAP/SIM module
+endef
+
define Package/freeradius3-mod-eap-tls
$(call Package/freeradius3/Default)
DEPENDS:=freeradius3-mod-eap @FREERADIUS3_OPENSSL
/etc/freeradius3/mods-available/ippool
endef
+define Package/freeradius3-mod-json
+ $(call Package/freeradius3/Default)
+ DEPENDS:=freeradius3 +libjson-c
+ TITLE:=Json module
+endef
+
+define Package/freeradius3-mod-json/conffiles
+/etc/freeradius3/mods-available/json
+endef
+
define Package/freeradius3-mod-krb5
$(call Package/freeradius3/Default)
DEPENDS:=freeradius3 +krb5-libs
TITLE:=Map module
endef
-define Package/freeradius3-mod-map/conffiles
+define Package/freeradius3-mod-sql-map/conffiles
/etc/freeradius3/mods-available/sql_map
endef
/etc/freeradius3/mods-config/sql/main/sqlite
endef
+define Package/freeradius3-mod-sql-unixodbc
+ $(call Package/freeradius3/Default)
+ DEPENDS:=freeradius3-mod-sql +unixodbc
+ TITLE:=Radius unixODBC back-end drivers
+endef
+
define Package/freeradius3-mod-sqlcounter
$(call Package/freeradius3/Default)
DEPENDS:=+freeradius3-mod-sql
/etc/freeradius3/mods-available/sqlippool
endef
+define Package/freeradius3-mod-totp
+ $(call Package/freeradius3/Default)
+ DEPENDS:=freeradius3
+ TITLE:=Totp module
+endef
+
+define Package/freeradius3-mod-totp/conffiles
+/etc/freeradius3/mods-available/totp
+/etc/freeradius3/sites-available/totp
+endef
+
+define Package/freeradius3-mod-unbound
+ $(call Package/freeradius3/Default)
+ DEPENDS:=freeradius3 +libunbound
+ TITLE:=Unbound module
+endef
+
+define Package/freeradius3-mod-unbound/conffiles
+/etc/freeradius3/mods-available/unbound
+/etc/freeradius3/mods-config/unbound
+endef
+
define Package/freeradius3-mod-unix
$(call Package/freeradius3/Default)
DEPENDS:=freeradius3
--with-radacctdir=/var/db/radacct \
--with-logdir=/var/log \
--without-pcre \
- --without-rlm_cache \
--without-rlm_cache_memcached \
--without-rlm_couchbase \
--without-rlm_eap_ikev2 \
- --without-rlm_eap_sim \
--without-rlm_eap_tnc \
--without-rlm_perl \
--without-rlm_python \
--without-rlm_sql_freetds \
--without-rlm_sql_iodbc \
--without-rlm_sql_oracle \
- --without-rlm_sql_unixodbc \
CONFIGURE_LIBS+= -latomic
microsoft \
wispr \
+ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-cache-redis),)
+ CONFIGURE_ARGS+= \
+ --with-rlm_cache_redis \
+ --with-rlm_cache_redis-include-dir="$(STAGING_DIR)/usr/include" \
+ --with-rlm_cache_redis-lib-dir="$(STAGING_DIR)/usr/lib"
+else
+ CONFIGURE_ARGS+= --without-rlm_cache_redis
+endif
+
ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-eap-fast),)
CONFIGURE_ARGS+= \
--with-rlm_eap_fast \
CONFIGURE_ARGS+= --without-rlm_ippool
endif
+ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-json),)
+ CONFIGURE_ARGS+= --with-rlm_json \
+ --with-rlm_json-include-dir="$(STAGING_DIR)/usr/include" \
+ --with-rlm_json-lib-dir="$(STAGING_DIR)/usr/lib"
+else
+ CONFIGURE_ARGS+= --without-rlm_json
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-krb5),)
+ CONFIGURE_ARGS+= \
+ --with-rlm_krb5 \
+ --with-rlm-krb5-dir="$(STAGING_DIR)/host/bin/krb5-config"
+else
+ CONFIGURE_ARGS+= --without-rlm_krb5
+endif
+
ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-ldap),)
CONFIGURE_ARGS+= --with-rlm_ldap \
--with-rlm_ldap-include-dir="$(STAGING_DIR)/usr/include" \
CONFIGURE_ARGS+= --without-rlm_sql_sqlite
endif
+ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-sql-unixodbc),)
+ CONFIGURE_ARGS+= \
+ --with-rlm_sql_unixodbc \
+ --with-rlm_sql_unixodbc-include-dir="$(STAGING_DIR)/usr/include" \
+ --with-rlm_sql_unixodbc-lib-dir="$(STAGING_DIR)/usr/lib"
+else
+ CONFIGURE_ARGS+= --without-rlm_sql_unixodbc
+endif
+
ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-sqlcounter),)
CONFIGURE_ARGS+= --with-rlm_sqlcounter
else
CONFIGURE_ARGS+= --without-rlm_sqlippool
endif
+ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-unbound),)
+ CONFIGURE_ARGS+= \
+ --with-rlm_unbound \
+ --with-rlm_unbound-include-dir="$(STAGING_DIR)/usr/include" \
+ --with-rlm_unbound-lib-dir="$(STAGING_DIR)/usr/lib"
+else
+ CONFIGURE_ARGS+= --without-rlm_unbound
+endif
+
ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-unix),)
CONFIGURE_ARGS+= --with-rlm_unix
else
LDFLAGS="$$$$LDFLAGS" \
LIBS="$(CONFIGURE_LIBS)" \
MYSQL_CONFIG="no" \
- ac_cv_lib_readline=no \
ax_cv_cc_builtin_choose_expr=yes \
ax_cv_cc_builtin_types_compatible_p=yes ax_cv_cc_builtin_bswap64=yes \
ax_cv_cc_bounded_attribute=no \
$(INSTALL_DIR) $(1)/etc/freeradius3/certs
$(CP) \
$(PKG_INSTALL_DIR)/etc/freeradius3/certs/ca.pem \
- $(PKG_INSTALL_DIR)/etc/freeradius3/certs/dh \
$(PKG_INSTALL_DIR)/etc/freeradius3/certs/server.pem \
$(1)/etc/freeradius3/certs/
endef
$(eval $(call BuildPackage,freeradius3-democerts))
$(eval $(call BuildPlugin,freeradius3-mod-always,rlm_always,))
$(eval $(call BuildPlugin,freeradius3-mod-attr-filter,rlm_attr_filter,))
+$(eval $(call BuildPlugin,freeradius3-mod-cache,rlm_cache,))
+$(eval $(call BuildPlugin,freeradius3-mod-cache-rbtree,rlm_cache_rbtree,))
+$(eval $(call BuildPlugin,freeradius3-mod-cache-redis,rlm_cache_redis,))
$(eval $(call BuildPlugin,freeradius3-mod-chap,rlm_chap,))
$(eval $(call BuildPlugin,freeradius3-mod-counter,rlm_counter,))
$(eval $(call BuildPlugin,freeradius3-mod-date,rlm_date,))
$(eval $(call BuildPlugin,freeradius3-mod-detail,rlm_detail,))
$(eval $(call BuildPlugin,freeradius3-mod-digest,rlm_digest,))
+$(eval $(call BuildPlugin,freeradius3-mod-dpsk,rlm_dpsk,))
$(eval $(call BuildPlugin,freeradius3-mod-dynamic-clients,rlm_dynamic_clients,))
$(eval $(call BuildPlugin,freeradius3-mod-eap,rlm_eap,))
$(eval $(call BuildPlugin,freeradius3-mod-eap-fast,rlm_eap_fast,))
$(eval $(call BuildPlugin,freeradius3-mod-eap-mschapv2,rlm_eap_mschapv2,))
$(eval $(call BuildPlugin,freeradius3-mod-eap-peap,rlm_eap_peap,))
$(eval $(call BuildPlugin,freeradius3-mod-eap-pwd,rlm_eap_pwd,))
+$(eval $(call BuildPlugin,freeradius3-mod-eap-sim,rlm_eap_sim,))
$(eval $(call BuildPlugin,freeradius3-mod-eap-tls,rlm_eap_tls,))
$(eval $(call BuildPlugin,freeradius3-mod-eap-ttls,rlm_eap_ttls,))
$(eval $(call BuildPlugin,freeradius3-mod-exec,rlm_exec,))
$(eval $(call BuildPlugin,freeradius3-mod-expr,rlm_expr,))
$(eval $(call BuildPlugin,freeradius3-mod-files,rlm_files,))
$(eval $(call BuildPlugin,freeradius3-mod-ippool,rlm_ippool,))
+$(eval $(call BuildPlugin,freeradius3-mod-json,rlm_json,))
$(eval $(call BuildPlugin,freeradius3-mod-krb5,rlm_krb5,))
$(eval $(call BuildPlugin,freeradius3-mod-ldap,rlm_ldap,))
$(eval $(call BuildPlugin,freeradius3-mod-linelog,rlm_linelog,))
$(eval $(call BuildPlugin,freeradius3-mod-sql-null,rlm_sql_null,))
$(eval $(call BuildPlugin,freeradius3-mod-sql-postgresql,rlm_sql_postgresql,))
$(eval $(call BuildPlugin,freeradius3-mod-sql-sqlite,rlm_sql_sqlite,))
+$(eval $(call BuildPlugin,freeradius3-mod-sql-unixodbc,rlm_sql_unixodbc,))
$(eval $(call BuildPlugin,freeradius3-mod-sqlcounter,rlm_sqlcounter,))
$(eval $(call BuildPlugin,freeradius3-mod-sqlippool,rlm_sqlippool,))
+$(eval $(call BuildPlugin,freeradius3-mod-totp,rlm_totp,))
+$(eval $(call BuildPlugin,freeradius3-mod-unbound,rlm_unbound,))
$(eval $(call BuildPlugin,freeradius3-mod-unix,rlm_unix,))
$(eval $(call BuildPlugin,freeradius3-mod-unpack,rlm_unpack,))
$(eval $(call BuildPlugin,freeradius3-mod-utf8,rlm_utf8,))
--- a/src/main/tls.c
+++ b/src/main/tls.c
-@@ -934,7 +934,7 @@ after_chain:
+@@ -956,7 +956,7 @@ after_chain:
}
if (vp) vp->vp_integer = state->mtu;
return state;
}
-@@ -4389,7 +4389,7 @@ post_ca:
+@@ -4515,7 +4515,7 @@ post_ca:
/*
* Callbacks, etc. for session resumption.
*/
/*
* Cache sessions on disk if requested.
*/
-@@ -4469,7 +4469,7 @@ post_ca:
+@@ -4595,7 +4595,7 @@ post_ca:
/*
* Setup session caching
*/
/*
* Create a unique context Id per EAP-TLS configuration.
*/
-@@ -4757,7 +4757,7 @@ fr_tls_server_conf_t *tls_server_conf_pa
+@@ -4883,7 +4883,7 @@ fr_tls_server_conf_t *tls_server_conf_pa
goto error;
}
--- a/src/include/threads.h
+++ b/src/include/threads.h
-@@ -89,7 +89,7 @@ static _t __fr_thread_local_init_##_n(pt
+@@ -92,7 +92,7 @@ static _t __fr_thread_local_init_##_n(pt
# define fr_thread_local_get(_n) _n
#elif defined(HAVE_PTHREAD_H)
# include <pthread.h>
static pthread_key_t __fr_thread_local_key_##_n;\
static pthread_once_t __fr_thread_local_once_##_n = PTHREAD_ONCE_INIT;\
static pthread_destructor_t __fr_thread_local_destructor_##_n = NULL;\
-@@ -100,17 +100,17 @@ static void __fr_thread_local_destroy_##
+@@ -103,17 +103,17 @@ static void __fr_thread_local_destroy_##
static void __fr_thread_local_key_init_##_n(void)\
{\
(void) pthread_key_create(&__fr_thread_local_key_##_n, __fr_thread_local_destroy_##_n);\
then
nas=$7
else
-- nas=`hostname`
+- nas=`(hostname || uname -n) 2>/dev/null | sed 1q`
+ nas=$(cat /proc/sys/kernel/hostname)
fi
--- a/src/main/threads.c
+++ b/src/main/threads.c
-@@ -298,6 +298,7 @@ static void ssl_locking_function(int mod
+@@ -265,6 +265,7 @@ static void ssl_locking_function(int mod
*/
int tls_mutexes_init(void)
{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- int i;
+ int i, num;
+
+ rad_assert(ssl_mutexes == NULL);
+@@ -282,6 +283,7 @@ int tls_mutexes_init(void)
+ }
- ssl_mutexes = rad_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
-@@ -316,6 +317,7 @@ int tls_mutexes_init(void)
- #ifdef HAVE_CRYPTO_SET_LOCKING_CALLBACK
CRYPTO_set_locking_callback(ssl_locking_function);
- #endif
+#endif
return 0;
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
# include <openssl/provider.h>
-@@ -2954,7 +2955,7 @@ int cbtls_verify(int ok, X509_STORE_CTX
+@@ -2996,7 +2997,7 @@ int cbtls_verify(int ok, X509_STORE_CTX
int my_ok = ok;
ASN1_INTEGER *sn = NULL;
VALUE_PAIR **certs;
char **identity;
#ifdef HAVE_OPENSSL_OCSP_H
-@@ -3028,7 +3029,7 @@ int cbtls_verify(int ok, X509_STORE_CTX
+@@ -3087,7 +3088,7 @@ int cbtls_verify(int ok, X509_STORE_CTX
* Get the Expiration Date
*/
buf[0] = '\0';
if (certs && (lookup <= 1) && asn_time &&
(asn_time->length < (int) sizeof(buf))) {
memcpy(buf, (char*) asn_time->data, asn_time->length);
-@@ -3041,7 +3042,7 @@ int cbtls_verify(int ok, X509_STORE_CTX
+@@ -3100,7 +3101,7 @@ int cbtls_verify(int ok, X509_STORE_CTX
* Get the Valid Since Date
*/
buf[0] = '\0';
if (certs && (lookup <= 1) && asn_time &&
(asn_time->length < (int) sizeof(buf))) {
memcpy(buf, (char*) asn_time->data, asn_time->length);
-@@ -3592,10 +3593,12 @@ static int set_ecdh_curve(SSL_CTX *ctx,
+@@ -3664,10 +3665,12 @@ static int set_ecdh_curve(SSL_CTX *ctx,
*/
- int tls_global_init(bool spawn_flag, bool check)
+ int tls_global_init(TLS_UNUSED bool spawn_flag, TLS_UNUSED bool check)
{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_load_error_strings(); /* readable error messages (examples show call before library_init) */
/*
* Initialize the index for the certificates.
-@@ -3693,6 +3696,7 @@ int tls_global_version_check(char const
+@@ -3767,6 +3770,7 @@ int tls_global_version_check(char const
*/
void tls_global_cleanup(void)
{
#if OPENSSL_VERSION_NUMBER < 0x10000000L
ERR_remove_state(0);
#elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-@@ -3718,6 +3722,7 @@ void tls_global_cleanup(void)
+@@ -3792,6 +3796,7 @@ void tls_global_cleanup(void)
ERR_free_strings();
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
--- a/src/modules/rlm_krb5/configure
+++ b/src/modules/rlm_krb5/configure
-@@ -1,10 +1,11 @@
- #! /bin/sh
- # From configure.ac Revision.
- # Guess values for system-dependent variables and create Makefiles.
--# Generated by GNU Autoconf 2.69.
-+# Generated by GNU Autoconf 2.71.
- #
- #
--# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
-+# Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation,
-+# Inc.
- #
- #
- # This configure script is free software; the Free Software Foundation
-@@ -15,14 +16,16 @@
-
- # Be more Bourne compatible
- DUALCASE=1; export DUALCASE # for MKS sh
--if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
-+as_nop=:
-+if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
-+then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
--else
-+else $as_nop
- case `(set -o) 2>/dev/null` in #(
- *posix*) :
- set -o posix ;; #(
-@@ -32,46 +35,46 @@ esac
- fi
-
-
-+
-+# Reset variables that may have inherited troublesome values from
-+# the environment.
-+
-+# IFS needs to be set, to space, tab, and newline, in precisely that order.
-+# (If _AS_PATH_WALK were called with IFS unset, it would have the
-+# side effect of setting IFS to empty, thus disabling word splitting.)
-+# Quoting is to prevent editors from complaining about space-tab.
- as_nl='
- '
- export as_nl
--# Printing a long string crashes Solaris 7 /usr/bin/printf.
--as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
--as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
--as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
--# Prefer a ksh shell builtin over an external printf program on Solaris,
--# but without wasting forks for bash or zsh.
--if test -z "$BASH_VERSION$ZSH_VERSION" \
-- && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
-- as_echo='print -r --'
-- as_echo_n='print -rn --'
--elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
-- as_echo='printf %s\n'
-- as_echo_n='printf %s'
--else
-- if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
-- as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
-- as_echo_n='/usr/ucb/echo -n'
-- else
-- as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
-- as_echo_n_body='eval
-- arg=$1;
-- case $arg in #(
-- *"$as_nl"*)
-- expr "X$arg" : "X\\(.*\\)$as_nl";
-- arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
-- esac;
-- expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
-- '
-- export as_echo_n_body
-- as_echo_n='sh -c $as_echo_n_body as_echo'
-- fi
-- export as_echo_body
-- as_echo='sh -c $as_echo_body as_echo'
--fi
-+IFS=" "" $as_nl"
-+
-+PS1='$ '
-+PS2='> '
-+PS4='+ '
-+
-+# Ensure predictable behavior from utilities with locale-dependent output.
-+LC_ALL=C
-+export LC_ALL
-+LANGUAGE=C
-+export LANGUAGE
-+
-+# We cannot yet rely on "unset" to work, but we need these variables
-+# to be unset--not just set to an empty or harmless value--now, to
-+# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct
-+# also avoids known problems related to "unset" and subshell syntax
-+# in other old shells (e.g. bash 2.01 and pdksh 5.2.14).
-+for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH
-+do eval test \${$as_var+y} \
-+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
-+done
-+
-+# Ensure that fds 0, 1, and 2 are open.
-+if (exec 3>&0) 2>/dev/null; then :; else exec 0</dev/null; fi
-+if (exec 3>&1) 2>/dev/null; then :; else exec 1>/dev/null; fi
-+if (exec 3>&2) ; then :; else exec 2>/dev/null; fi
-
- # The user is always right.
--if test "${PATH_SEPARATOR+set}" != set; then
-+if ${PATH_SEPARATOR+false} :; then
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
-@@ -80,13 +83,6 @@ if test "${PATH_SEPARATOR+set}" != set;
- fi
-
-
--# IFS
--# We need space, tab and new line, in precisely that order. Quoting is
--# there to prevent editors from complaining about space-tab.
--# (If _AS_PATH_WALK were called with IFS unset, it would disable word
--# splitting by setting IFS to empty value.)
--IFS=" "" $as_nl"
--
- # Find who we are. Look in the path if we contain no directory separator.
- as_myself=
- case $0 in #((
-@@ -95,8 +91,12 @@ case $0 in #((
- for as_dir in $PATH
- do
- IFS=$as_save_IFS
-- test -z "$as_dir" && as_dir=.
-- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
-+ case $as_dir in #(((
-+ '') as_dir=./ ;;
-+ */) ;;
-+ *) as_dir=$as_dir/ ;;
-+ esac
-+ test -r "$as_dir$0" && as_myself=$as_dir$0 && break
- done
- IFS=$as_save_IFS
-
-@@ -108,30 +108,10 @@ if test "x$as_myself" = x; then
- as_myself=$0
- fi
- if test ! -f "$as_myself"; then
-- $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
-+ printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
- exit 1
- fi
-
--# Unset variables that we do not need and which cause bugs (e.g. in
--# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
--# suppresses any "Segmentation fault" message there. '((' could
--# trigger a bug in pdksh 5.2.14.
--for as_var in BASH_ENV ENV MAIL MAILPATH
--do eval test x\${$as_var+set} = xset \
-- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
--done
--PS1='$ '
--PS2='> '
--PS4='+ '
--
--# NLS nuisances.
--LC_ALL=C
--export LC_ALL
--LANGUAGE=C
--export LANGUAGE
--
--# CDPATH.
--(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
- # Use a proper internal environment variable to ensure we don't fall
- # into an infinite loop, continuously re-executing ourselves.
-@@ -153,20 +133,22 @@ esac
- exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
- # Admittedly, this is quite paranoid, since all the known shells bail
- # out after a failed `exec'.
--$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
--as_fn_exit 255
-+printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
-+exit 255
- fi
- # We don't want this to propagate to other subprocesses.
- { _as_can_reexec=; unset _as_can_reexec;}
- if test "x$CONFIG_SHELL" = x; then
-- as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
-+ as_bourne_compatible="as_nop=:
-+if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
-+then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '\${1+\"\$@\"}'='\"\$@\"'
- setopt NO_GLOB_SUBST
--else
-+else \$as_nop
- case \`(set -o) 2>/dev/null\` in #(
- *posix*) :
- set -o posix ;; #(
-@@ -186,41 +168,52 @@ as_fn_success || { exitcode=1; echo as_f
- as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
- as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
- as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
--if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
-+if ( set x; as_fn_ret_success y && test x = \"\$1\" )
-+then :
-
--else
-+else \$as_nop
- exitcode=1; echo positional parameters were not saved.
- fi
- test x\$exitcode = x0 || exit 1
-+blah=\$(echo \$(echo blah))
-+test x\"\$blah\" = xblah || exit 1
- test -x / || exit 1"
- as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
- as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
- eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
- test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1"
-- if (eval "$as_required") 2>/dev/null; then :
-+ if (eval "$as_required") 2>/dev/null
-+then :
- as_have_required=yes
--else
-+else $as_nop
- as_have_required=no
- fi
-- if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
-+ if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null
-+then :
-
--else
-+else $as_nop
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
- as_found=false
- for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
- do
- IFS=$as_save_IFS
-- test -z "$as_dir" && as_dir=.
-+ case $as_dir in #(((
-+ '') as_dir=./ ;;
-+ */) ;;
-+ *) as_dir=$as_dir/ ;;
-+ esac
- as_found=:
- case $as_dir in #(
- /*)
- for as_base in sh bash ksh sh5; do
- # Try only shells that exist, to save several forks.
-- as_shell=$as_dir/$as_base
-+ as_shell=$as_dir$as_base
- if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
-- { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
-+ as_run=a "$as_shell" -c "$as_bourne_compatible""$as_required" 2>/dev/null
-+then :
- CONFIG_SHELL=$as_shell as_have_required=yes
-- if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
-+ if as_run=a "$as_shell" -c "$as_bourne_compatible""$as_suggested" 2>/dev/null
-+then :
- break 2
- fi
- fi
-@@ -228,14 +221,21 @@ fi
- esac
- as_found=false
- done
--$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
-- { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
-- CONFIG_SHELL=$SHELL as_have_required=yes
--fi; }
- IFS=$as_save_IFS
-+if $as_found
-+then :
-+
-+else $as_nop
-+ if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
-+ as_run=a "$SHELL" -c "$as_bourne_compatible""$as_required" 2>/dev/null
-+then :
-+ CONFIG_SHELL=$SHELL as_have_required=yes
-+fi
-+fi
-
-
-- if test "x$CONFIG_SHELL" != x; then :
-+ if test "x$CONFIG_SHELL" != x
-+then :
- export CONFIG_SHELL
- # We cannot yet assume a decent shell, so we have to provide a
- # neutralization value for shells without unset; and this also
-@@ -253,18 +253,19 @@ esac
- exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
- # Admittedly, this is quite paranoid, since all the known shells bail
- # out after a failed `exec'.
--$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
-+printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
- exit 255
- fi
-
-- if test x$as_have_required = xno; then :
-- $as_echo "$0: This script requires a shell more modern than all"
-- $as_echo "$0: the shells that I found on your system."
-- if test x${ZSH_VERSION+set} = xset ; then
-- $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
-- $as_echo "$0: be upgraded to zsh 4.3.4 or later."
-+ if test x$as_have_required = xno
-+then :
-+ printf "%s\n" "$0: This script requires a shell more modern than all"
-+ printf "%s\n" "$0: the shells that I found on your system."
-+ if test ${ZSH_VERSION+y} ; then
-+ printf "%s\n" "$0: In particular, zsh $ZSH_VERSION has bugs and should"
-+ printf "%s\n" "$0: be upgraded to zsh 4.3.4 or later."
- else
-- $as_echo "$0: Please tell bug-autoconf@gnu.org about your system,
-+ printf "%s\n" "$0: Please tell bug-autoconf@gnu.org about your system,
- $0: including any error possibly output before this
- $0: message. Then install a modern shell, or manually run
- $0: the script under such a shell if you do have one."
-@@ -291,6 +292,7 @@ as_fn_unset ()
- }
- as_unset=as_fn_unset
-
-+
- # as_fn_set_status STATUS
- # -----------------------
- # Set $? to STATUS, without forking.
-@@ -308,6 +310,14 @@ as_fn_exit ()
- as_fn_set_status $1
- exit $1
- } # as_fn_exit
-+# as_fn_nop
-+# ---------
-+# Do nothing but, unlike ":", preserve the value of $?.
-+as_fn_nop ()
-+{
-+ return $?
-+}
-+as_nop=as_fn_nop
-
- # as_fn_mkdir_p
- # -------------
-@@ -322,7 +332,7 @@ as_fn_mkdir_p ()
- as_dirs=
- while :; do
- case $as_dir in #(
-- *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
-+ *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
- *) as_qdir=$as_dir;;
- esac
- as_dirs="'$as_qdir' $as_dirs"
-@@ -331,7 +341,7 @@ $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
--$as_echo X"$as_dir" |
-+printf "%s\n" X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
-@@ -370,12 +380,13 @@ as_fn_executable_p ()
- # advantage of any shell optimizations that allow amortized linear growth over
- # repeated appends, instead of the typical quadratic growth present in naive
- # implementations.
--if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
-+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null
-+then :
- eval 'as_fn_append ()
- {
- eval $1+=\$2
- }'
--else
-+else $as_nop
- as_fn_append ()
- {
- eval $1=\$$1\$2
-@@ -387,18 +398,27 @@ fi # as_fn_append
- # Perform arithmetic evaluation on the ARGs, and store the result in the
- # global $as_val. Take advantage of shells that can avoid forks. The arguments
- # must be portable across $(()) and expr.
--if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
-+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null
-+then :
- eval 'as_fn_arith ()
- {
- as_val=$(( $* ))
- }'
--else
-+else $as_nop
- as_fn_arith ()
- {
- as_val=`expr "$@" || test $? -eq 1`
- }
- fi # as_fn_arith
-
-+# as_fn_nop
-+# ---------
-+# Do nothing but, unlike ":", preserve the value of $?.
-+as_fn_nop ()
-+{
-+ return $?
-+}
-+as_nop=as_fn_nop
-
- # as_fn_error STATUS ERROR [LINENO LOG_FD]
- # ----------------------------------------
-@@ -410,9 +430,9 @@ as_fn_error ()
- as_status=$1; test $as_status -eq 0 && as_status=1
- if test "$4"; then
- as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
-- $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
-+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
- fi
-- $as_echo "$as_me: error: $2" >&2
-+ printf "%s\n" "$as_me: error: $2" >&2
- as_fn_exit $as_status
- } # as_fn_error
-
-@@ -439,7 +459,7 @@ as_me=`$as_basename -- "$0" ||
- $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
--$as_echo X/"$0" |
-+printf "%s\n" X/"$0" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
-@@ -483,7 +503,7 @@ as_cr_alnum=$as_cr_Letters$as_cr_digits
- s/-\n.*//
- ' >$as_me.lineno &&
- chmod +x "$as_me.lineno" ||
-- { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
-+ { printf "%s\n" "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
-
- # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
- # already done that, so ensure we don't try to do so again and fall
-@@ -497,6 +517,10 @@ as_cr_alnum=$as_cr_Letters$as_cr_digits
- exit
- }
-
-+
-+# Determine whether it's possible to make 'echo' print without a newline.
-+# These variables are no longer used directly by Autoconf, but are AC_SUBSTed
-+# for compatibility with existing Makefiles.
- ECHO_C= ECHO_N= ECHO_T=
- case `echo -n x` in #(((((
- -n*)
-@@ -510,6 +534,13 @@ case `echo -n x` in #(((((
- ECHO_N='-n';;
- esac
-
-+# For backward compatibility with old third-party macros, we provide
-+# the shell variables $as_echo and $as_echo_n. New code should use
-+# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively.
-+as_echo='printf %s\n'
-+as_echo_n='printf %s'
-+
-+
- rm -f conf$$ conf$$.exe conf$$.file
- if test -d conf$$.dir; then
- rm -f conf$$.dir/conf$$.file
-@@ -575,19 +606,19 @@ MFLAGS=
- MAKEFLAGS=
-
- # Identity of this package.
--PACKAGE_NAME=
--PACKAGE_TARNAME=
--PACKAGE_VERSION=
--PACKAGE_STRING=
--PACKAGE_BUGREPORT=
--PACKAGE_URL=
-+PACKAGE_NAME=''
-+PACKAGE_TARNAME=''
-+PACKAGE_VERSION=''
-+PACKAGE_STRING=''
-+PACKAGE_BUGREPORT=''
-+PACKAGE_URL=''
-
- ac_unique_file="rlm_krb5.c"
- ac_subst_vars='LTLIBOBJS
- LIBOBJS
--targetname
- mod_cflags
- mod_ldflags
-+targetname
- krb5_config
- CPP
- OBJEXT
-@@ -616,6 +647,7 @@ infodir
- docdir
- oldincludedir
- includedir
-+runstatedir
- localstatedir
- sharedstatedir
- sysconfdir
-@@ -688,6 +720,7 @@ datadir='${datarootdir}'
- sysconfdir='${prefix}/etc'
- sharedstatedir='${prefix}/com'
- localstatedir='${prefix}/var'
-+runstatedir='${localstatedir}/run'
- includedir='${prefix}/include'
- oldincludedir='/usr/include'
- docdir='${datarootdir}/doc/${PACKAGE}'
-@@ -717,8 +750,6 @@ do
- *) ac_optarg=yes ;;
- esac
-
-- # Accept the important Cygnus configure options, so we can diagnose typos.
--
- case $ac_dashdash$ac_option in
- --)
- ac_dashdash=yes ;;
-@@ -759,9 +790,9 @@ do
- ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
-- as_fn_error $? "invalid feature name: $ac_useropt"
-+ as_fn_error $? "invalid feature name: \`$ac_useropt'"
- ac_useropt_orig=$ac_useropt
-- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
-+ ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
- "enable_$ac_useropt"
-@@ -785,9 +816,9 @@ do
- ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
-- as_fn_error $? "invalid feature name: $ac_useropt"
-+ as_fn_error $? "invalid feature name: \`$ac_useropt'"
- ac_useropt_orig=$ac_useropt
-- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
-+ ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
- "enable_$ac_useropt"
-@@ -940,6 +971,15 @@ do
- | -silent | --silent | --silen | --sile | --sil)
- silent=yes ;;
-
-+ -runstatedir | --runstatedir | --runstatedi | --runstated \
-+ | --runstate | --runstat | --runsta | --runst | --runs \
-+ | --run | --ru | --r)
-+ ac_prev=runstatedir ;;
-+ -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
-+ | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
-+ | --run=* | --ru=* | --r=*)
-+ runstatedir=$ac_optarg ;;
-+
- -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
- ac_prev=sbindir ;;
- -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
-@@ -989,9 +1029,9 @@ do
- ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
-- as_fn_error $? "invalid package name: $ac_useropt"
-+ as_fn_error $? "invalid package name: \`$ac_useropt'"
- ac_useropt_orig=$ac_useropt
-- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
-+ ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
- "with_$ac_useropt"
-@@ -1005,9 +1045,9 @@ do
- ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
-- as_fn_error $? "invalid package name: $ac_useropt"
-+ as_fn_error $? "invalid package name: \`$ac_useropt'"
- ac_useropt_orig=$ac_useropt
-- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
-+ ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
- "with_$ac_useropt"
-@@ -1051,9 +1091,9 @@ Try \`$0 --help' for more information"
-
- *)
- # FIXME: should be removed in autoconf 3.0.
-- $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
-+ printf "%s\n" "$as_me: WARNING: you should use --build, --host, --target" >&2
- expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
-- $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
-+ printf "%s\n" "$as_me: WARNING: invalid host type: $ac_option" >&2
- : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
- ;;
-
-@@ -1069,7 +1109,7 @@ if test -n "$ac_unrecognized_opts"; then
- case $enable_option_checking in
- no) ;;
- fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
-- *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
-+ *) printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
- esac
- fi
-
-@@ -1077,7 +1117,7 @@ fi
- for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
- datadir sysconfdir sharedstatedir localstatedir includedir \
- oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
-- libdir localedir mandir
-+ libdir localedir mandir runstatedir
- do
- eval ac_val=\$$ac_var
- # Remove trailing slashes.
-@@ -1133,7 +1173,7 @@ $as_expr X"$as_myself" : 'X\(.*[^/]\)//*
- X"$as_myself" : 'X\(//\)[^/]' \| \
- X"$as_myself" : 'X\(//\)$' \| \
- X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
--$as_echo X"$as_myself" |
-+printf "%s\n" X"$as_myself" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
-@@ -1230,6 +1270,7 @@ Fine tuning of the installation director
- --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
- --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
- --localstatedir=DIR modifiable single-machine data [PREFIX/var]
-+ --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
- --libdir=DIR object code libraries [EPREFIX/lib]
- --includedir=DIR C header files [PREFIX/include]
- --oldincludedir=DIR C header files for non-gcc [/usr/include]
-@@ -1256,8 +1297,8 @@ if test -n "$ac_init_help"; then
- Optional Packages:
- --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
- --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
-- --with-rlm_krb5 build rlm_krb5. (default=yes)
-- --with-rlm-krb5-dir=DIR Directory for krb5 files
-+ --without-rlm_krb5 build without Kerberos support
-+ --with-rlm-krb5-dir=DIR directory where krb5 files are installed
-
- Some influential environment variables:
- CC C compiler command
-@@ -1288,9 +1329,9 @@ if test "$ac_init_help" = "recursive"; t
- case "$ac_dir" in
- .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
- *)
-- ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
-+ ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'`
- # A ".." for each directory in $ac_dir_suffix.
-- ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
-+ ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
- case $ac_top_builddir_sub in
- "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
-@@ -1318,7 +1359,8 @@ esac
- ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
-
- cd "$ac_dir" || { ac_status=$?; continue; }
-- # Check for guested configure.
-+ # Check for configure.gnu first; this name is used for a wrapper for
-+ # Metaconfig's "Configure" on case-insensitive file systems.
- if test -f "$ac_srcdir/configure.gnu"; then
- echo &&
- $SHELL "$ac_srcdir/configure.gnu" --help=recursive
-@@ -1326,7 +1368,7 @@ ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_
- echo &&
- $SHELL "$ac_srcdir/configure" --help=recursive
- else
-- $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
-+ printf "%s\n" "$as_me: WARNING: no configuration information is in $ac_dir" >&2
- fi || ac_status=$?
- cd "$ac_pwd" || { ac_status=$?; break; }
- done
-@@ -1336,9 +1378,9 @@ test -n "$ac_init_help" && exit $ac_stat
- if $ac_init_version; then
- cat <<\_ACEOF
- configure
--generated by GNU Autoconf 2.69
-+generated by GNU Autoconf 2.71
-
--Copyright (C) 2012 Free Software Foundation, Inc.
-+Copyright (C) 2021 Free Software Foundation, Inc.
- This configure script is free software; the Free Software Foundation
- gives unlimited permission to copy, distribute and modify it.
- _ACEOF
-@@ -1349,20 +1391,25 @@ fi
- ## Autoconf initialization. ##
- ## ------------------------ ##
-
-+echo
-+echo Running tests for rlm_krb5
-+echo
-+
-+
- # ac_fn_c_try_compile LINENO
- # --------------------------
- # Try to compile conftest.$ac_ext, and return whether this succeeded.
- ac_fn_c_try_compile ()
- {
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
-- rm -f conftest.$ac_objext
-+ rm -f conftest.$ac_objext conftest.beam
- if { { ac_try="$ac_compile"
- case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
- esac
- eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
--$as_echo "$ac_try_echo"; } >&5
-+printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_compile") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
-@@ -1370,14 +1417,15 @@ $as_echo "$ac_try_echo"; } >&5
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
-- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
-- } && test -s conftest.$ac_objext; then :
-+ } && test -s conftest.$ac_objext
-+then :
- ac_retval=0
--else
-- $as_echo "$as_me: failed program was:" >&5
-+else $as_nop
-+ printf "%s\n" "$as_me: failed program was:" >&5
- sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-@@ -1399,7 +1447,7 @@ case "(($ac_try" in
- *) ac_try_echo=$ac_try;;
- esac
- eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
--$as_echo "$ac_try_echo"; } >&5
-+printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
-@@ -1407,14 +1455,15 @@ $as_echo "$ac_try_echo"; } >&5
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
-- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } > conftest.i && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
-- }; then :
-+ }
-+then :
- ac_retval=0
--else
-- $as_echo "$as_me: failed program was:" >&5
-+else $as_nop
-+ printf "%s\n" "$as_me: failed program was:" >&5
- sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-@@ -1430,14 +1479,14 @@ fi
- ac_fn_c_try_link ()
- {
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
-- rm -f conftest.$ac_objext conftest$ac_exeext
-+ rm -f conftest.$ac_objext conftest.beam conftest$ac_exeext
- if { { ac_try="$ac_link"
- case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
- esac
- eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
--$as_echo "$ac_try_echo"; } >&5
-+printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
-@@ -1445,17 +1494,18 @@ $as_echo "$ac_try_echo"; } >&5
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
-- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext && {
- test "$cross_compiling" = yes ||
- test -x conftest$ac_exeext
-- }; then :
-+ }
-+then :
- ac_retval=0
--else
-- $as_echo "$as_me: failed program was:" >&5
-+else $as_nop
-+ printf "%s\n" "$as_me: failed program was:" >&5
- sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-@@ -1476,11 +1526,12 @@ fi
- ac_fn_c_check_func ()
- {
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
--$as_echo_n "checking for $2... " >&6; }
--if eval \${$3+:} false; then :
-- $as_echo_n "(cached) " >&6
--else
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-+printf %s "checking for $2... " >&6; }
-+if eval test \${$3+y}
-+then :
-+ printf %s "(cached) " >&6
-+else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- /* Define $2 to an innocuous variant, in case <limits.h> declares $2.
-@@ -1488,16 +1539,9 @@ else
- #define $2 innocuous_$2
-
- /* System header to define __stub macros and hopefully few prototypes,
-- which can conflict with char $2 (); below.
-- Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-- <limits.h> exists even on freestanding compilers. */
--
--#ifdef __STDC__
--# include <limits.h>
--#else
--# include <assert.h>
--#endif
-+ which can conflict with char $2 (); below. */
-
-+#include <limits.h>
- #undef $2
-
- /* Override any GCC internal prototype to avoid an error.
-@@ -1515,32 +1559,33 @@ choke me
- #endif
-
- int
--main ()
-+main (void)
- {
- return $2 ();
- ;
- return 0;
- }
- _ACEOF
--if ac_fn_c_try_link "$LINENO"; then :
-+if ac_fn_c_try_link "$LINENO"
-+then :
- eval "$3=yes"
--else
-+else $as_nop
- eval "$3=no"
- fi
--rm -f core conftest.err conftest.$ac_objext \
-+rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- fi
- eval ac_res=\$$3
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
--$as_echo "$ac_res" >&6; }
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-+printf "%s\n" "$ac_res" >&6; }
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-
- } # ac_fn_c_check_func
-
- # ac_fn_c_try_run LINENO
- # ----------------------
--# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes
--# that executables *can* be run.
-+# Try to run conftest.$ac_ext, and return whether this succeeded. Assumes that
-+# executables *can* be run.
- ac_fn_c_try_run ()
- {
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
-@@ -1550,25 +1595,26 @@ case "(($ac_try" in
- *) ac_try_echo=$ac_try;;
- esac
- eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
--$as_echo "$ac_try_echo"; } >&5
-+printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
-- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && { ac_try='./conftest$ac_exeext'
- { { case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
- esac
- eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
--$as_echo "$ac_try_echo"; } >&5
-+printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
-- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-- test $ac_status = 0; }; }; then :
-+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-+ test $ac_status = 0; }; }
-+then :
- ac_retval=0
--else
-- $as_echo "$as_me: program exited with status $ac_status" >&5
-- $as_echo "$as_me: failed program was:" >&5
-+else $as_nop
-+ printf "%s\n" "$as_me: program exited with status $ac_status" >&5
-+ printf "%s\n" "$as_me: failed program was:" >&5
- sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=$ac_status
-@@ -1578,14 +1624,34 @@ fi
- as_fn_set_status $ac_retval
-
- } # ac_fn_c_try_run
-+ac_configure_args_raw=
-+for ac_arg
-+do
-+ case $ac_arg in
-+ *\'*)
-+ ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
-+ esac
-+ as_fn_append ac_configure_args_raw " '$ac_arg'"
-+done
-+
-+case $ac_configure_args_raw in
-+ *$as_nl*)
-+ ac_safe_unquote= ;;
-+ *)
-+ ac_unsafe_z='|&;<>()$`\\"*?[ '' ' # This string ends in space, tab.
-+ ac_unsafe_a="$ac_unsafe_z#~"
-+ ac_safe_unquote="s/ '\\([^$ac_unsafe_a][^$ac_unsafe_z]*\\)'/ \\1/g"
-+ ac_configure_args_raw=` printf "%s\n" "$ac_configure_args_raw" | sed "$ac_safe_unquote"`;;
-+esac
-+
- cat >config.log <<_ACEOF
- This file contains any messages produced by compilers while
- running configure, to aid debugging if configure makes a mistake.
-
- It was created by $as_me, which was
--generated by GNU Autoconf 2.69. Invocation command line was
-+generated by GNU Autoconf 2.71. Invocation command line was
-
-- $ $0 $@
-+ $ $0$ac_configure_args_raw
-
- _ACEOF
- exec 5>>config.log
-@@ -1618,8 +1684,12 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
- for as_dir in $PATH
- do
- IFS=$as_save_IFS
-- test -z "$as_dir" && as_dir=.
-- $as_echo "PATH: $as_dir"
-+ case $as_dir in #(((
-+ '') as_dir=./ ;;
-+ */) ;;
-+ *) as_dir=$as_dir/ ;;
-+ esac
-+ printf "%s\n" "PATH: $as_dir"
- done
- IFS=$as_save_IFS
-
-@@ -1654,7 +1724,7 @@ do
- | -silent | --silent | --silen | --sile | --sil)
- continue ;;
- *\'*)
-- ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
-+ ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
- esac
- case $ac_pass in
- 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
-@@ -1689,11 +1759,13 @@ done
- # WARNING: Use '\'' to represent an apostrophe within the trap.
- # WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
- trap 'exit_status=$?
-+ # Sanitize IFS.
-+ IFS=" "" $as_nl"
- # Save into config.log some information that might help in debugging.
- {
- echo
-
-- $as_echo "## ---------------- ##
-+ printf "%s\n" "## ---------------- ##
- ## Cache variables. ##
- ## ---------------- ##"
- echo
-@@ -1704,8 +1776,8 @@ trap 'exit_status=$?
- case $ac_val in #(
- *${as_nl}*)
- case $ac_var in #(
-- *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
--$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
-+ *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
-+printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
- esac
- case $ac_var in #(
- _ | IFS | as_nl) ;; #(
-@@ -1729,7 +1801,7 @@ $as_echo "$as_me: WARNING: cache variabl
- )
- echo
-
-- $as_echo "## ----------------- ##
-+ printf "%s\n" "## ----------------- ##
- ## Output variables. ##
- ## ----------------- ##"
- echo
-@@ -1737,14 +1809,14 @@ $as_echo "$as_me: WARNING: cache variabl
- do
- eval ac_val=\$$ac_var
- case $ac_val in
-- *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
-+ *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
- esac
-- $as_echo "$ac_var='\''$ac_val'\''"
-+ printf "%s\n" "$ac_var='\''$ac_val'\''"
- done | sort
- echo
-
- if test -n "$ac_subst_files"; then
-- $as_echo "## ------------------- ##
-+ printf "%s\n" "## ------------------- ##
- ## File substitutions. ##
- ## ------------------- ##"
- echo
-@@ -1752,15 +1824,15 @@ $as_echo "$as_me: WARNING: cache variabl
- do
- eval ac_val=\$$ac_var
- case $ac_val in
-- *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
-+ *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
- esac
-- $as_echo "$ac_var='\''$ac_val'\''"
-+ printf "%s\n" "$ac_var='\''$ac_val'\''"
- done | sort
- echo
- fi
-
- if test -s confdefs.h; then
-- $as_echo "## ----------- ##
-+ printf "%s\n" "## ----------- ##
- ## confdefs.h. ##
- ## ----------- ##"
- echo
-@@ -1768,8 +1840,8 @@ $as_echo "$as_me: WARNING: cache variabl
- echo
- fi
- test "$ac_signal" != 0 &&
-- $as_echo "$as_me: caught signal $ac_signal"
-- $as_echo "$as_me: exit $exit_status"
-+ printf "%s\n" "$as_me: caught signal $ac_signal"
-+ printf "%s\n" "$as_me: exit $exit_status"
- } >&5
- rm -f core *.core core.conftest.* &&
- rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
-@@ -1783,63 +1855,48 @@ ac_signal=0
- # confdefs.h avoids OS command line length limits that DEFS can exceed.
- rm -f -r conftest* confdefs.h
-
--$as_echo "/* confdefs.h */" > confdefs.h
-+printf "%s\n" "/* confdefs.h */" > confdefs.h
-
- # Predefined preprocessor variables.
-
--cat >>confdefs.h <<_ACEOF
--#define PACKAGE_NAME "$PACKAGE_NAME"
--_ACEOF
-+printf "%s\n" "#define PACKAGE_NAME \"$PACKAGE_NAME\"" >>confdefs.h
-
--cat >>confdefs.h <<_ACEOF
--#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
--_ACEOF
-+printf "%s\n" "#define PACKAGE_TARNAME \"$PACKAGE_TARNAME\"" >>confdefs.h
-
--cat >>confdefs.h <<_ACEOF
--#define PACKAGE_VERSION "$PACKAGE_VERSION"
--_ACEOF
-+printf "%s\n" "#define PACKAGE_VERSION \"$PACKAGE_VERSION\"" >>confdefs.h
-
--cat >>confdefs.h <<_ACEOF
--#define PACKAGE_STRING "$PACKAGE_STRING"
--_ACEOF
-+printf "%s\n" "#define PACKAGE_STRING \"$PACKAGE_STRING\"" >>confdefs.h
-
--cat >>confdefs.h <<_ACEOF
--#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
--_ACEOF
-+printf "%s\n" "#define PACKAGE_BUGREPORT \"$PACKAGE_BUGREPORT\"" >>confdefs.h
-
--cat >>confdefs.h <<_ACEOF
--#define PACKAGE_URL "$PACKAGE_URL"
--_ACEOF
-+printf "%s\n" "#define PACKAGE_URL \"$PACKAGE_URL\"" >>confdefs.h
-
-
- # Let the site file select an alternate cache file if it wants to.
- # Prefer an explicitly selected file to automatically selected ones.
--ac_site_file1=NONE
--ac_site_file2=NONE
- if test -n "$CONFIG_SITE"; then
-- # We do not want a PATH search for config.site.
-- case $CONFIG_SITE in #((
-- -*) ac_site_file1=./$CONFIG_SITE;;
-- */*) ac_site_file1=$CONFIG_SITE;;
-- *) ac_site_file1=./$CONFIG_SITE;;
-- esac
-+ ac_site_files="$CONFIG_SITE"
- elif test "x$prefix" != xNONE; then
-- ac_site_file1=$prefix/share/config.site
-- ac_site_file2=$prefix/etc/config.site
-+ ac_site_files="$prefix/share/config.site $prefix/etc/config.site"
- else
-- ac_site_file1=$ac_default_prefix/share/config.site
-- ac_site_file2=$ac_default_prefix/etc/config.site
-+ ac_site_files="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
- fi
--for ac_site_file in "$ac_site_file1" "$ac_site_file2"
-+
-+for ac_site_file in $ac_site_files
- do
-- test "x$ac_site_file" = xNONE && continue
-- if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
--$as_echo "$as_me: loading site script $ac_site_file" >&6;}
-+ case $ac_site_file in #(
-+ */*) :
-+ ;; #(
-+ *) :
-+ ac_site_file=./$ac_site_file ;;
-+esac
-+ if test -f "$ac_site_file" && test -r "$ac_site_file"; then
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
-+printf "%s\n" "$as_me: loading site script $ac_site_file" >&6;}
- sed 's/^/| /' "$ac_site_file" >&5
- . "$ac_site_file" \
-- || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
--$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-+ || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
- as_fn_error $? "failed to load site script $ac_site_file
- See \`config.log' for more details" "$LINENO" 5; }
- fi
-@@ -1849,19 +1906,327 @@ if test -r "$cache_file"; then
- # Some versions of bash will fail to source /dev/null (special files
- # actually), so we avoid doing that. DJGPP emulates it as a regular file.
- if test /dev/null != "$cache_file" && test -f "$cache_file"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
--$as_echo "$as_me: loading cache $cache_file" >&6;}
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
-+printf "%s\n" "$as_me: loading cache $cache_file" >&6;}
- case $cache_file in
- [\\/]* | ?:[\\/]* ) . "$cache_file";;
- *) . "./$cache_file";;
- esac
- fi
- else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
--$as_echo "$as_me: creating cache $cache_file" >&6;}
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
-+printf "%s\n" "$as_me: creating cache $cache_file" >&6;}
- >$cache_file
- fi
-
-+# Test code for whether the C compiler supports C89 (global declarations)
-+ac_c_conftest_c89_globals='
-+/* Does the compiler advertise C89 conformance?
-+ Do not test the value of __STDC__, because some compilers set it to 0
-+ while being otherwise adequately conformant. */
-+#if !defined __STDC__
-+# error "Compiler does not advertise C89 conformance"
-+#endif
-+
-+#include <stddef.h>
-+#include <stdarg.h>
-+struct stat;
-+/* Most of the following tests are stolen from RCS 5.7 src/conf.sh. */
-+struct buf { int x; };
-+struct buf * (*rcsopen) (struct buf *, struct stat *, int);
-+static char *e (p, i)
-+ char **p;
-+ int i;
-+{
-+ return p[i];
-+}
-+static char *f (char * (*g) (char **, int), char **p, ...)
-+{
-+ char *s;
-+ va_list v;
-+ va_start (v,p);
-+ s = g (p, va_arg (v,int));
-+ va_end (v);
-+ return s;
-+}
-+
-+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
-+ function prototypes and stuff, but not \xHH hex character constants.
-+ These do not provoke an error unfortunately, instead are silently treated
-+ as an "x". The following induces an error, until -std is added to get
-+ proper ANSI mode. Curiously \x00 != x always comes out true, for an
-+ array size at least. It is necessary to write \x00 == 0 to get something
-+ that is true only with -std. */
-+int osf4_cc_array ['\''\x00'\'' == 0 ? 1 : -1];
-+
-+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
-+ inside strings and character constants. */
-+#define FOO(x) '\''x'\''
-+int xlc6_cc_array[FOO(a) == '\''x'\'' ? 1 : -1];
-+
-+int test (int i, double x);
-+struct s1 {int (*f) (int a);};
-+struct s2 {int (*f) (double a);};
-+int pairnames (int, char **, int *(*)(struct buf *, struct stat *, int),
-+ int, int);'
-+
-+# Test code for whether the C compiler supports C89 (body of main).
-+ac_c_conftest_c89_main='
-+ok |= (argc == 0 || f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]);
-+'
-+
-+# Test code for whether the C compiler supports C99 (global declarations)
-+ac_c_conftest_c99_globals='
-+// Does the compiler advertise C99 conformance?
-+#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 199901L
-+# error "Compiler does not advertise C99 conformance"
-+#endif
-+
-+#include <stdbool.h>
-+extern int puts (const char *);
-+extern int printf (const char *, ...);
-+extern int dprintf (int, const char *, ...);
-+extern void *malloc (size_t);
-+
-+// Check varargs macros. These examples are taken from C99 6.10.3.5.
-+// dprintf is used instead of fprintf to avoid needing to declare
-+// FILE and stderr.
-+#define debug(...) dprintf (2, __VA_ARGS__)
-+#define showlist(...) puts (#__VA_ARGS__)
-+#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
-+static void
-+test_varargs_macros (void)
-+{
-+ int x = 1234;
-+ int y = 5678;
-+ debug ("Flag");
-+ debug ("X = %d\n", x);
-+ showlist (The first, second, and third items.);
-+ report (x>y, "x is %d but y is %d", x, y);
-+}
-+
-+// Check long long types.
-+#define BIG64 18446744073709551615ull
-+#define BIG32 4294967295ul
-+#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
-+#if !BIG_OK
-+ #error "your preprocessor is broken"
-+#endif
-+#if BIG_OK
-+#else
-+ #error "your preprocessor is broken"
-+#endif
-+static long long int bignum = -9223372036854775807LL;
-+static unsigned long long int ubignum = BIG64;
-+
-+struct incomplete_array
-+{
-+ int datasize;
-+ double data[];
-+};
-+
-+struct named_init {
-+ int number;
-+ const wchar_t *name;
-+ double average;
-+};
-+
-+typedef const char *ccp;
-+
-+static inline int
-+test_restrict (ccp restrict text)
-+{
-+ // See if C++-style comments work.
-+ // Iterate through items via the restricted pointer.
-+ // Also check for declarations in for loops.
-+ for (unsigned int i = 0; *(text+i) != '\''\0'\''; ++i)
-+ continue;
-+ return 0;
-+}
-+
-+// Check varargs and va_copy.
-+static bool
-+test_varargs (const char *format, ...)
-+{
-+ va_list args;
-+ va_start (args, format);
-+ va_list args_copy;
-+ va_copy (args_copy, args);
-+
-+ const char *str = "";
-+ int number = 0;
-+ float fnumber = 0;
-+
-+ while (*format)
-+ {
-+ switch (*format++)
-+ {
-+ case '\''s'\'': // string
-+ str = va_arg (args_copy, const char *);
-+ break;
-+ case '\''d'\'': // int
-+ number = va_arg (args_copy, int);
-+ break;
-+ case '\''f'\'': // float
-+ fnumber = va_arg (args_copy, double);
-+ break;
-+ default:
-+ break;
-+ }
-+ }
-+ va_end (args_copy);
-+ va_end (args);
-+
-+ return *str && number && fnumber;
-+}
-+'
-+
-+# Test code for whether the C compiler supports C99 (body of main).
-+ac_c_conftest_c99_main='
-+ // Check bool.
-+ _Bool success = false;
-+ success |= (argc != 0);
-+
-+ // Check restrict.
-+ if (test_restrict ("String literal") == 0)
-+ success = true;
-+ char *restrict newvar = "Another string";
-+
-+ // Check varargs.
-+ success &= test_varargs ("s, d'\'' f .", "string", 65, 34.234);
-+ test_varargs_macros ();
-+
-+ // Check flexible array members.
-+ struct incomplete_array *ia =
-+ malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
-+ ia->datasize = 10;
-+ for (int i = 0; i < ia->datasize; ++i)
-+ ia->data[i] = i * 1.234;
-+
-+ // Check named initializers.
-+ struct named_init ni = {
-+ .number = 34,
-+ .name = L"Test wide string",
-+ .average = 543.34343,
-+ };
-+
-+ ni.number = 58;
-+
-+ int dynamic_array[ni.number];
-+ dynamic_array[0] = argv[0][0];
-+ dynamic_array[ni.number - 1] = 543;
-+
-+ // work around unused variable warnings
-+ ok |= (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == '\''x'\''
-+ || dynamic_array[ni.number - 1] != 543);
-+'
-+
-+# Test code for whether the C compiler supports C11 (global declarations)
-+ac_c_conftest_c11_globals='
-+// Does the compiler advertise C11 conformance?
-+#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112L
-+# error "Compiler does not advertise C11 conformance"
-+#endif
-+
-+// Check _Alignas.
-+char _Alignas (double) aligned_as_double;
-+char _Alignas (0) no_special_alignment;
-+extern char aligned_as_int;
-+char _Alignas (0) _Alignas (int) aligned_as_int;
-+
-+// Check _Alignof.
-+enum
-+{
-+ int_alignment = _Alignof (int),
-+ int_array_alignment = _Alignof (int[100]),
-+ char_alignment = _Alignof (char)
-+};
-+_Static_assert (0 < -_Alignof (int), "_Alignof is signed");
-+
-+// Check _Noreturn.
-+int _Noreturn does_not_return (void) { for (;;) continue; }
-+
-+// Check _Static_assert.
-+struct test_static_assert
-+{
-+ int x;
-+ _Static_assert (sizeof (int) <= sizeof (long int),
-+ "_Static_assert does not work in struct");
-+ long int y;
-+};
-+
-+// Check UTF-8 literals.
-+#define u8 syntax error!
-+char const utf8_literal[] = u8"happens to be ASCII" "another string";
-+
-+// Check duplicate typedefs.
-+typedef long *long_ptr;
-+typedef long int *long_ptr;
-+typedef long_ptr long_ptr;
-+
-+// Anonymous structures and unions -- taken from C11 6.7.2.1 Example 1.
-+struct anonymous
-+{
-+ union {
-+ struct { int i; int j; };
-+ struct { int k; long int l; } w;
-+ };
-+ int m;
-+} v1;
-+'
-+
-+# Test code for whether the C compiler supports C11 (body of main).
-+ac_c_conftest_c11_main='
-+ _Static_assert ((offsetof (struct anonymous, i)
-+ == offsetof (struct anonymous, w.k)),
-+ "Anonymous union alignment botch");
-+ v1.i = 2;
-+ v1.w.k = 5;
-+ ok |= v1.i != 5;
-+'
-+
-+# Test code for whether the C compiler supports C11 (complete).
-+ac_c_conftest_c11_program="${ac_c_conftest_c89_globals}
-+${ac_c_conftest_c99_globals}
-+${ac_c_conftest_c11_globals}
-+
-+int
-+main (int argc, char **argv)
-+{
-+ int ok = 0;
-+ ${ac_c_conftest_c89_main}
-+ ${ac_c_conftest_c99_main}
-+ ${ac_c_conftest_c11_main}
-+ return ok;
-+}
-+"
-+
-+# Test code for whether the C compiler supports C99 (complete).
-+ac_c_conftest_c99_program="${ac_c_conftest_c89_globals}
-+${ac_c_conftest_c99_globals}
-+
-+int
-+main (int argc, char **argv)
-+{
-+ int ok = 0;
-+ ${ac_c_conftest_c89_main}
-+ ${ac_c_conftest_c99_main}
-+ return ok;
-+}
-+"
-+
-+# Test code for whether the C compiler supports C89 (complete).
-+ac_c_conftest_c89_program="${ac_c_conftest_c89_globals}
-+
-+int
-+main (int argc, char **argv)
-+{
-+ int ok = 0;
-+ ${ac_c_conftest_c89_main}
-+ return ok;
-+}
-+"
-+
- # Check that the precious variables saved in the cache have kept the same
- # value.
- ac_cache_corrupted=false
-@@ -1872,12 +2237,12 @@ for ac_var in $ac_precious_vars; do
- eval ac_new_val=\$ac_env_${ac_var}_value
- case $ac_old_set,$ac_new_set in
- set,)
-- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
--$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
-+printf "%s\n" "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,set)
-- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
--$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
-+printf "%s\n" "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,);;
- *)
-@@ -1886,24 +2251,24 @@ $as_echo "$as_me: error: \`$ac_var' was
- ac_old_val_w=`echo x $ac_old_val`
- ac_new_val_w=`echo x $ac_new_val`
- if test "$ac_old_val_w" != "$ac_new_val_w"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
--$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
-+printf "%s\n" "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
- ac_cache_corrupted=:
- else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
--$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
-+printf "%s\n" "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
- eval $ac_var=\$ac_old_val
- fi
-- { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
--$as_echo "$as_me: former value: \`$ac_old_val'" >&2;}
-- { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
--$as_echo "$as_me: current value: \`$ac_new_val'" >&2;}
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
-+printf "%s\n" "$as_me: former value: \`$ac_old_val'" >&2;}
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
-+printf "%s\n" "$as_me: current value: \`$ac_new_val'" >&2;}
- fi;;
- esac
- # Pass precious variables to config.status.
- if test "$ac_new_set" = set; then
- case $ac_new_val in
-- *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
-+ *\'*) ac_arg=$ac_var=`printf "%s\n" "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
- *) ac_arg=$ac_var=$ac_new_val ;;
- esac
- case " $ac_configure_args " in
-@@ -1913,11 +2278,12 @@ $as_echo "$as_me: current value: \`$ac
- fi
- done
- if $ac_cache_corrupted; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
--$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-- { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
--$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
-- as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
-+printf "%s\n" "$as_me: error: changes in the environment can compromise the build" >&2;}
-+ as_fn_error $? "run \`${MAKE-make} distclean' and/or \`rm $cache_file'
-+ and start over" "$LINENO" 5
- fi
- ## -------------------- ##
- ## Main body of script. ##
-@@ -1934,15 +2300,39 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-
-+
-+
-+
- # Check whether --with-rlm_krb5 was given.
--if test "${with_rlm_krb5+set}" = set; then :
-+if test ${with_rlm_krb5+y}
-+then :
- withval=$with_rlm_krb5;
- fi
-
-
--if test x$with_rlm_krb5 != xno; then
-
-- ac_ext=c
-+
-+fail=
-+fr_status=
-+fr_features=
-+: > "config.report"
-+: > "config.report.tmp"
-+
-+
-+
-+if test x"$with_rlm_krb5" != xno; then
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+ac_ext=c
- ac_cpp='$CPP $CPPFLAGS'
- ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
- ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-@@ -1950,11 +2340,12 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
- set dummy ${ac_tool_prefix}gcc; ac_word=$2
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
--$as_echo_n "checking for $ac_word... " >&6; }
--if ${ac_cv_prog_CC+:} false; then :
-- $as_echo_n "(cached) " >&6
--else
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-+printf %s "checking for $ac_word... " >&6; }
-+if test ${ac_cv_prog_CC+y}
-+then :
-+ printf %s "(cached) " >&6
-+else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
- else
-@@ -1962,11 +2353,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
- for as_dir in $PATH
- do
- IFS=$as_save_IFS
-- test -z "$as_dir" && as_dir=.
-+ case $as_dir in #(((
-+ '') as_dir=./ ;;
-+ */) ;;
-+ *) as_dir=$as_dir/ ;;
-+ esac
- for ac_exec_ext in '' $ac_executable_extensions; do
-- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}gcc"
-- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
- done
-@@ -1977,11 +2372,11 @@ fi
- fi
- CC=$ac_cv_prog_CC
- if test -n "$CC"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
--$as_echo "$CC" >&6; }
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-+printf "%s\n" "$CC" >&6; }
- else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
- fi
-
-
-@@ -1990,11 +2385,12 @@ if test -z "$ac_cv_prog_CC"; then
- ac_ct_CC=$CC
- # Extract the first word of "gcc", so it can be a program name with args.
- set dummy gcc; ac_word=$2
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
--$as_echo_n "checking for $ac_word... " >&6; }
--if ${ac_cv_prog_ac_ct_CC+:} false; then :
-- $as_echo_n "(cached) " >&6
--else
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-+printf %s "checking for $ac_word... " >&6; }
-+if test ${ac_cv_prog_ac_ct_CC+y}
-+then :
-+ printf %s "(cached) " >&6
-+else $as_nop
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
- else
-@@ -2002,11 +2398,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
- for as_dir in $PATH
- do
- IFS=$as_save_IFS
-- test -z "$as_dir" && as_dir=.
-+ case $as_dir in #(((
-+ '') as_dir=./ ;;
-+ */) ;;
-+ *) as_dir=$as_dir/ ;;
-+ esac
- for ac_exec_ext in '' $ac_executable_extensions; do
-- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="gcc"
-- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
- done
-@@ -2017,11 +2417,11 @@ fi
- fi
- ac_ct_CC=$ac_cv_prog_ac_ct_CC
- if test -n "$ac_ct_CC"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
--$as_echo "$ac_ct_CC" >&6; }
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-+printf "%s\n" "$ac_ct_CC" >&6; }
- else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
- fi
-
- if test "x$ac_ct_CC" = x; then
-@@ -2029,8 +2429,8 @@ fi
- else
- case $cross_compiling:$ac_tool_warned in
- yes:)
--{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
--$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
- ac_tool_warned=yes ;;
- esac
- CC=$ac_ct_CC
-@@ -2043,11 +2443,12 @@ if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
- set dummy ${ac_tool_prefix}cc; ac_word=$2
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
--$as_echo_n "checking for $ac_word... " >&6; }
--if ${ac_cv_prog_CC+:} false; then :
-- $as_echo_n "(cached) " >&6
--else
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-+printf %s "checking for $ac_word... " >&6; }
-+if test ${ac_cv_prog_CC+y}
-+then :
-+ printf %s "(cached) " >&6
-+else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
- else
-@@ -2055,11 +2456,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
- for as_dir in $PATH
- do
- IFS=$as_save_IFS
-- test -z "$as_dir" && as_dir=.
-+ case $as_dir in #(((
-+ '') as_dir=./ ;;
-+ */) ;;
-+ *) as_dir=$as_dir/ ;;
-+ esac
- for ac_exec_ext in '' $ac_executable_extensions; do
-- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}cc"
-- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
- done
-@@ -2070,11 +2475,11 @@ fi
- fi
- CC=$ac_cv_prog_CC
- if test -n "$CC"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
--$as_echo "$CC" >&6; }
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-+printf "%s\n" "$CC" >&6; }
- else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
- fi
-
-
-@@ -2083,11 +2488,12 @@ fi
- if test -z "$CC"; then
- # Extract the first word of "cc", so it can be a program name with args.
- set dummy cc; ac_word=$2
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
--$as_echo_n "checking for $ac_word... " >&6; }
--if ${ac_cv_prog_CC+:} false; then :
-- $as_echo_n "(cached) " >&6
--else
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-+printf %s "checking for $ac_word... " >&6; }
-+if test ${ac_cv_prog_CC+y}
-+then :
-+ printf %s "(cached) " >&6
-+else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
- else
-@@ -2096,15 +2502,19 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
- for as_dir in $PATH
- do
- IFS=$as_save_IFS
-- test -z "$as_dir" && as_dir=.
-+ case $as_dir in #(((
-+ '') as_dir=./ ;;
-+ */) ;;
-+ *) as_dir=$as_dir/ ;;
-+ esac
- for ac_exec_ext in '' $ac_executable_extensions; do
-- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-- if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
-+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
-+ if test "$as_dir$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
- ac_prog_rejected=yes
- continue
- fi
- ac_cv_prog_CC="cc"
-- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
- done
-@@ -2120,18 +2530,18 @@ if test $ac_prog_rejected = yes; then
- # However, it has the same basename, so the bogon will be chosen
- # first if we set CC to just the basename; use the full file name.
- shift
-- ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
-+ ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@"
- fi
- fi
- fi
- fi
- CC=$ac_cv_prog_CC
- if test -n "$CC"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
--$as_echo "$CC" >&6; }
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-+printf "%s\n" "$CC" >&6; }
- else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
- fi
-
-
-@@ -2142,11 +2552,12 @@ if test -z "$CC"; then
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
- set dummy $ac_tool_prefix$ac_prog; ac_word=$2
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
--$as_echo_n "checking for $ac_word... " >&6; }
--if ${ac_cv_prog_CC+:} false; then :
-- $as_echo_n "(cached) " >&6
--else
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-+printf %s "checking for $ac_word... " >&6; }
-+if test ${ac_cv_prog_CC+y}
-+then :
-+ printf %s "(cached) " >&6
-+else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
- else
-@@ -2154,11 +2565,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
- for as_dir in $PATH
- do
- IFS=$as_save_IFS
-- test -z "$as_dir" && as_dir=.
-+ case $as_dir in #(((
-+ '') as_dir=./ ;;
-+ */) ;;
-+ *) as_dir=$as_dir/ ;;
-+ esac
- for ac_exec_ext in '' $ac_executable_extensions; do
-- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
-- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
- done
-@@ -2169,11 +2584,11 @@ fi
- fi
- CC=$ac_cv_prog_CC
- if test -n "$CC"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
--$as_echo "$CC" >&6; }
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-+printf "%s\n" "$CC" >&6; }
- else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
- fi
-
-
-@@ -2186,11 +2601,12 @@ if test -z "$CC"; then
- do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
- set dummy $ac_prog; ac_word=$2
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
--$as_echo_n "checking for $ac_word... " >&6; }
--if ${ac_cv_prog_ac_ct_CC+:} false; then :
-- $as_echo_n "(cached) " >&6
--else
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-+printf %s "checking for $ac_word... " >&6; }
-+if test ${ac_cv_prog_ac_ct_CC+y}
-+then :
-+ printf %s "(cached) " >&6
-+else $as_nop
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
- else
-@@ -2198,11 +2614,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
- for as_dir in $PATH
- do
- IFS=$as_save_IFS
-- test -z "$as_dir" && as_dir=.
-+ case $as_dir in #(((
-+ '') as_dir=./ ;;
-+ */) ;;
-+ *) as_dir=$as_dir/ ;;
-+ esac
- for ac_exec_ext in '' $ac_executable_extensions; do
-- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="$ac_prog"
-- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
- done
-@@ -2213,11 +2633,11 @@ fi
- fi
- ac_ct_CC=$ac_cv_prog_ac_ct_CC
- if test -n "$ac_ct_CC"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
--$as_echo "$ac_ct_CC" >&6; }
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-+printf "%s\n" "$ac_ct_CC" >&6; }
- else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
- fi
-
-
-@@ -2229,34 +2649,138 @@ done
- else
- case $cross_compiling:$ac_tool_warned in
- yes:)
--{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
--$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-+ac_tool_warned=yes ;;
-+esac
-+ CC=$ac_ct_CC
-+ fi
-+fi
-+
-+fi
-+if test -z "$CC"; then
-+ if test -n "$ac_tool_prefix"; then
-+ # Extract the first word of "${ac_tool_prefix}clang", so it can be a program name with args.
-+set dummy ${ac_tool_prefix}clang; ac_word=$2
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-+printf %s "checking for $ac_word... " >&6; }
-+if test ${ac_cv_prog_CC+y}
-+then :
-+ printf %s "(cached) " >&6
-+else $as_nop
-+ if test -n "$CC"; then
-+ ac_cv_prog_CC="$CC" # Let the user override the test.
-+else
-+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-+for as_dir in $PATH
-+do
-+ IFS=$as_save_IFS
-+ case $as_dir in #(((
-+ '') as_dir=./ ;;
-+ */) ;;
-+ *) as_dir=$as_dir/ ;;
-+ esac
-+ for ac_exec_ext in '' $ac_executable_extensions; do
-+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
-+ ac_cv_prog_CC="${ac_tool_prefix}clang"
-+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
-+ break 2
-+ fi
-+done
-+ done
-+IFS=$as_save_IFS
-+
-+fi
-+fi
-+CC=$ac_cv_prog_CC
-+if test -n "$CC"; then
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-+printf "%s\n" "$CC" >&6; }
-+else
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
-+fi
-+
-+
-+fi
-+if test -z "$ac_cv_prog_CC"; then
-+ ac_ct_CC=$CC
-+ # Extract the first word of "clang", so it can be a program name with args.
-+set dummy clang; ac_word=$2
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-+printf %s "checking for $ac_word... " >&6; }
-+if test ${ac_cv_prog_ac_ct_CC+y}
-+then :
-+ printf %s "(cached) " >&6
-+else $as_nop
-+ if test -n "$ac_ct_CC"; then
-+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-+else
-+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-+for as_dir in $PATH
-+do
-+ IFS=$as_save_IFS
-+ case $as_dir in #(((
-+ '') as_dir=./ ;;
-+ */) ;;
-+ *) as_dir=$as_dir/ ;;
-+ esac
-+ for ac_exec_ext in '' $ac_executable_extensions; do
-+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
-+ ac_cv_prog_ac_ct_CC="clang"
-+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
-+ break 2
-+ fi
-+done
-+ done
-+IFS=$as_save_IFS
-+
-+fi
-+fi
-+ac_ct_CC=$ac_cv_prog_ac_ct_CC
-+if test -n "$ac_ct_CC"; then
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-+printf "%s\n" "$ac_ct_CC" >&6; }
-+else
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
-+fi
-+
-+ if test "x$ac_ct_CC" = x; then
-+ CC=""
-+ else
-+ case $cross_compiling:$ac_tool_warned in
-+yes:)
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
- ac_tool_warned=yes ;;
- esac
- CC=$ac_ct_CC
- fi
-+else
-+ CC="$ac_cv_prog_CC"
- fi
-
- fi
-
-
--test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
--$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-+test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
- as_fn_error $? "no acceptable C compiler found in \$PATH
- See \`config.log' for more details" "$LINENO" 5; }
-
- # Provide some information about the compiler.
--$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
-+printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
- set X $ac_compile
- ac_compiler=$2
--for ac_option in --version -v -V -qversion; do
-+for ac_option in --version -v -V -qversion -version; do
- { { ac_try="$ac_compiler $ac_option >&5"
- case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
- esac
- eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
--$as_echo "$ac_try_echo"; } >&5
-+printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_compiler $ac_option >&5") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
-@@ -2266,7 +2790,7 @@ $as_echo "$ac_try_echo"; } >&5
- cat conftest.er1 >&5
- fi
- rm -f conftest.er1 conftest.err
-- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- done
-
-@@ -2274,7 +2798,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_
- /* end confdefs.h. */
-
- int
--main ()
-+main (void)
- {
-
- ;
-@@ -2286,9 +2810,9 @@ ac_clean_files="$ac_clean_files a.out a.
- # Try to create an executable without -o first, disregard a.out.
- # It will help us diagnose broken compilers, and finding out an intuition
- # of exeext.
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
--$as_echo_n "checking whether the C compiler works... " >&6; }
--ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
-+printf %s "checking whether the C compiler works... " >&6; }
-+ac_link_default=`printf "%s\n" "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
-
- # The possible output files:
- ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
-@@ -2309,11 +2833,12 @@ case "(($ac_try" in
- *) ac_try_echo=$ac_try;;
- esac
- eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
--$as_echo "$ac_try_echo"; } >&5
-+printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_link_default") 2>&5
- ac_status=$?
-- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-- test $ac_status = 0; }; then :
-+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-+ test $ac_status = 0; }
-+then :
- # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
- # So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
- # in a Makefile. We should not override ac_cv_exeext if it was cached,
-@@ -2330,7 +2855,7 @@ do
- # certainly right.
- break;;
- *.* )
-- if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
-+ if test ${ac_cv_exeext+y} && test "$ac_cv_exeext" != no;
- then :; else
- ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
- fi
-@@ -2346,44 +2871,46 @@ do
- done
- test "$ac_cv_exeext" = no && ac_cv_exeext=
-
--else
-+else $as_nop
- ac_file=''
- fi
--if test -z "$ac_file"; then :
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
--$as_echo "$as_me: failed program was:" >&5
-+if test -z "$ac_file"
-+then :
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
-+printf "%s\n" "$as_me: failed program was:" >&5
- sed 's/^/| /' conftest.$ac_ext >&5
-
--{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
--$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-+{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
- as_fn_error 77 "C compiler cannot create executables
- See \`config.log' for more details" "$LINENO" 5; }
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
--fi
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
--$as_echo_n "checking for C compiler default output file name... " >&6; }
--{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
--$as_echo "$ac_file" >&6; }
-+else $as_nop
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+fi
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
-+printf %s "checking for C compiler default output file name... " >&6; }
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
-+printf "%s\n" "$ac_file" >&6; }
- ac_exeext=$ac_cv_exeext
-
- rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
- ac_clean_files=$ac_clean_files_save
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
--$as_echo_n "checking for suffix of executables... " >&6; }
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
-+printf %s "checking for suffix of executables... " >&6; }
- if { { ac_try="$ac_link"
- case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
- esac
- eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
--$as_echo "$ac_try_echo"; } >&5
-+printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
-- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-- test $ac_status = 0; }; then :
-+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-+ test $ac_status = 0; }
-+then :
- # If both `conftest.exe' and `conftest' are `present' (well, observable)
- # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
- # work properly (i.e., refer to `conftest.exe'), while it won't with
-@@ -2397,15 +2924,15 @@ for ac_file in conftest.exe conftest con
- * ) break;;
- esac
- done
--else
-- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
--$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-+else $as_nop
-+ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
- as_fn_error $? "cannot compute suffix of executables: cannot compile and link
- See \`config.log' for more details" "$LINENO" 5; }
- fi
- rm -f conftest conftest$ac_cv_exeext
--{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
--$as_echo "$ac_cv_exeext" >&6; }
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
-+printf "%s\n" "$ac_cv_exeext" >&6; }
-
- rm -f conftest.$ac_ext
- EXEEXT=$ac_cv_exeext
-@@ -2414,7 +2941,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_
- /* end confdefs.h. */
- #include <stdio.h>
- int
--main ()
-+main (void)
- {
- FILE *f = fopen ("conftest.out", "w");
- return ferror (f) || fclose (f) != 0;
-@@ -2426,8 +2953,8 @@ _ACEOF
- ac_clean_files="$ac_clean_files conftest.out"
- # Check that the compiler produces executables we can run. If not, either
- # the compiler is broken, or we cross compile.
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
--$as_echo_n "checking whether we are cross compiling... " >&6; }
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
-+printf %s "checking whether we are cross compiling... " >&6; }
- if test "$cross_compiling" != yes; then
- { { ac_try="$ac_link"
- case "(($ac_try" in
-@@ -2435,10 +2962,10 @@ case "(($ac_try" in
- *) ac_try_echo=$ac_try;;
- esac
- eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
--$as_echo "$ac_try_echo"; } >&5
-+printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
-- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- if { ac_try='./conftest$ac_cv_exeext'
- { { case "(($ac_try" in
-@@ -2446,39 +2973,40 @@ $as_echo "$ac_try_echo"; } >&5
- *) ac_try_echo=$ac_try;;
- esac
- eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
--$as_echo "$ac_try_echo"; } >&5
-+printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
-- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; }; then
- cross_compiling=no
- else
- if test "$cross_compiling" = maybe; then
- cross_compiling=yes
- else
-- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
--$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
--as_fn_error $? "cannot run C compiled programs.
-+ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-+as_fn_error 77 "cannot run C compiled programs.
- If you meant to cross compile, use \`--host'.
- See \`config.log' for more details" "$LINENO" 5; }
- fi
- fi
- fi
--{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
--$as_echo "$cross_compiling" >&6; }
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
-+printf "%s\n" "$cross_compiling" >&6; }
-
- rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
- ac_clean_files=$ac_clean_files_save
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
--$as_echo_n "checking for suffix of object files... " >&6; }
--if ${ac_cv_objext+:} false; then :
-- $as_echo_n "(cached) " >&6
--else
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
-+printf %s "checking for suffix of object files... " >&6; }
-+if test ${ac_cv_objext+y}
-+then :
-+ printf %s "(cached) " >&6
-+else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
-
- int
--main ()
-+main (void)
- {
-
- ;
-@@ -2492,11 +3020,12 @@ case "(($ac_try" in
- *) ac_try_echo=$ac_try;;
- esac
- eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
--$as_echo "$ac_try_echo"; } >&5
-+printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_compile") 2>&5
- ac_status=$?
-- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-- test $ac_status = 0; }; then :
-+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-+ test $ac_status = 0; }
-+then :
- for ac_file in conftest.o conftest.obj conftest.*; do
- test -f "$ac_file" || continue;
- case $ac_file in
-@@ -2505,31 +3034,32 @@ $as_echo "$ac_try_echo"; } >&5
- break;;
- esac
- done
--else
-- $as_echo "$as_me: failed program was:" >&5
-+else $as_nop
-+ printf "%s\n" "$as_me: failed program was:" >&5
- sed 's/^/| /' conftest.$ac_ext >&5
-
--{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
--$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-+{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
- as_fn_error $? "cannot compute suffix of object files: cannot compile
- See \`config.log' for more details" "$LINENO" 5; }
- fi
- rm -f conftest.$ac_cv_objext conftest.$ac_ext
- fi
--{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
--$as_echo "$ac_cv_objext" >&6; }
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
-+printf "%s\n" "$ac_cv_objext" >&6; }
- OBJEXT=$ac_cv_objext
- ac_objext=$OBJEXT
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
--$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
--if ${ac_cv_c_compiler_gnu+:} false; then :
-- $as_echo_n "(cached) " >&6
--else
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports GNU C" >&5
-+printf %s "checking whether the compiler supports GNU C... " >&6; }
-+if test ${ac_cv_c_compiler_gnu+y}
-+then :
-+ printf %s "(cached) " >&6
-+else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
-
- int
--main ()
-+main (void)
- {
- #ifndef __GNUC__
- choke me
-@@ -2539,29 +3069,33 @@ main ()
- return 0;
- }
- _ACEOF
--if ac_fn_c_try_compile "$LINENO"; then :
-+if ac_fn_c_try_compile "$LINENO"
-+then :
- ac_compiler_gnu=yes
--else
-+else $as_nop
- ac_compiler_gnu=no
- fi
--rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- ac_cv_c_compiler_gnu=$ac_compiler_gnu
-
- fi
--{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
--$as_echo "$ac_cv_c_compiler_gnu" >&6; }
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
-+printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; }
-+ac_compiler_gnu=$ac_cv_c_compiler_gnu
-+
- if test $ac_compiler_gnu = yes; then
- GCC=yes
- else
- GCC=
- fi
--ac_test_CFLAGS=${CFLAGS+set}
-+ac_test_CFLAGS=${CFLAGS+y}
- ac_save_CFLAGS=$CFLAGS
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
--$as_echo_n "checking whether $CC accepts -g... " >&6; }
--if ${ac_cv_prog_cc_g+:} false; then :
-- $as_echo_n "(cached) " >&6
--else
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
-+printf %s "checking whether $CC accepts -g... " >&6; }
-+if test ${ac_cv_prog_cc_g+y}
-+then :
-+ printf %s "(cached) " >&6
-+else $as_nop
- ac_save_c_werror_flag=$ac_c_werror_flag
- ac_c_werror_flag=yes
- ac_cv_prog_cc_g=no
-@@ -2570,57 +3104,60 @@ else
- /* end confdefs.h. */
-
- int
--main ()
-+main (void)
- {
-
- ;
- return 0;
- }
- _ACEOF
--if ac_fn_c_try_compile "$LINENO"; then :
-+if ac_fn_c_try_compile "$LINENO"
-+then :
- ac_cv_prog_cc_g=yes
--else
-+else $as_nop
- CFLAGS=""
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
-
- int
--main ()
-+main (void)
- {
-
- ;
- return 0;
- }
- _ACEOF
--if ac_fn_c_try_compile "$LINENO"; then :
-+if ac_fn_c_try_compile "$LINENO"
-+then :
-
--else
-+else $as_nop
- ac_c_werror_flag=$ac_save_c_werror_flag
- CFLAGS="-g"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
-
- int
--main ()
-+main (void)
- {
-
- ;
- return 0;
- }
- _ACEOF
--if ac_fn_c_try_compile "$LINENO"; then :
-+if ac_fn_c_try_compile "$LINENO"
-+then :
- ac_cv_prog_cc_g=yes
- fi
--rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- fi
--rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- fi
--rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- ac_c_werror_flag=$ac_save_c_werror_flag
- fi
--{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
--$as_echo "$ac_cv_prog_cc_g" >&6; }
--if test "$ac_test_CFLAGS" = set; then
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
-+printf "%s\n" "$ac_cv_prog_cc_g" >&6; }
-+if test $ac_test_CFLAGS; then
- CFLAGS=$ac_save_CFLAGS
- elif test $ac_cv_prog_cc_g = yes; then
- if test "$GCC" = yes; then
-@@ -2635,94 +3172,144 @@ else
- CFLAGS=
- fi
- fi
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
--$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
--if ${ac_cv_prog_cc_c89+:} false; then :
-- $as_echo_n "(cached) " >&6
--else
-- ac_cv_prog_cc_c89=no
-+ac_prog_cc_stdc=no
-+if test x$ac_prog_cc_stdc = xno
-+then :
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C11 features" >&5
-+printf %s "checking for $CC option to enable C11 features... " >&6; }
-+if test ${ac_cv_prog_cc_c11+y}
-+then :
-+ printf %s "(cached) " >&6
-+else $as_nop
-+ ac_cv_prog_cc_c11=no
- ac_save_CC=$CC
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
--#include <stdarg.h>
--#include <stdio.h>
--struct stat;
--/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
--struct buf { int x; };
--FILE * (*rcsopen) (struct buf *, struct stat *, int);
--static char *e (p, i)
-- char **p;
-- int i;
--{
-- return p[i];
--}
--static char *f (char * (*g) (char **, int), char **p, ...)
--{
-- char *s;
-- va_list v;
-- va_start (v,p);
-- s = g (p, va_arg (v,int));
-- va_end (v);
-- return s;
--}
--
--/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
-- function prototypes and stuff, but not '\xHH' hex character constants.
-- These don't provoke an error unfortunately, instead are silently treated
-- as 'x'. The following induces an error, until -std is added to get
-- proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
-- array size at least. It's necessary to write '\x00'==0 to get something
-- that's true only with -std. */
--int osf4_cc_array ['\x00' == 0 ? 1 : -1];
-+$ac_c_conftest_c11_program
-+_ACEOF
-+for ac_arg in '' -std=gnu11
-+do
-+ CC="$ac_save_CC $ac_arg"
-+ if ac_fn_c_try_compile "$LINENO"
-+then :
-+ ac_cv_prog_cc_c11=$ac_arg
-+fi
-+rm -f core conftest.err conftest.$ac_objext conftest.beam
-+ test "x$ac_cv_prog_cc_c11" != "xno" && break
-+done
-+rm -f conftest.$ac_ext
-+CC=$ac_save_CC
-+fi
-
--/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
-- inside strings and character constants. */
--#define FOO(x) 'x'
--int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
-+if test "x$ac_cv_prog_cc_c11" = xno
-+then :
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-+printf "%s\n" "unsupported" >&6; }
-+else $as_nop
-+ if test "x$ac_cv_prog_cc_c11" = x
-+then :
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-+printf "%s\n" "none needed" >&6; }
-+else $as_nop
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5
-+printf "%s\n" "$ac_cv_prog_cc_c11" >&6; }
-+ CC="$CC $ac_cv_prog_cc_c11"
-+fi
-+ ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11
-+ ac_prog_cc_stdc=c11
-+fi
-+fi
-+if test x$ac_prog_cc_stdc = xno
-+then :
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C99 features" >&5
-+printf %s "checking for $CC option to enable C99 features... " >&6; }
-+if test ${ac_cv_prog_cc_c99+y}
-+then :
-+ printf %s "(cached) " >&6
-+else $as_nop
-+ ac_cv_prog_cc_c99=no
-+ac_save_CC=$CC
-+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+/* end confdefs.h. */
-+$ac_c_conftest_c99_program
-+_ACEOF
-+for ac_arg in '' -std=gnu99 -std=c99 -c99 -qlanglvl=extc1x -qlanglvl=extc99 -AC99 -D_STDC_C99=
-+do
-+ CC="$ac_save_CC $ac_arg"
-+ if ac_fn_c_try_compile "$LINENO"
-+then :
-+ ac_cv_prog_cc_c99=$ac_arg
-+fi
-+rm -f core conftest.err conftest.$ac_objext conftest.beam
-+ test "x$ac_cv_prog_cc_c99" != "xno" && break
-+done
-+rm -f conftest.$ac_ext
-+CC=$ac_save_CC
-+fi
-
--int test (int i, double x);
--struct s1 {int (*f) (int a);};
--struct s2 {int (*f) (double a);};
--int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
--int argc;
--char **argv;
--int
--main ()
--{
--return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
-- ;
-- return 0;
--}
-+if test "x$ac_cv_prog_cc_c99" = xno
-+then :
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-+printf "%s\n" "unsupported" >&6; }
-+else $as_nop
-+ if test "x$ac_cv_prog_cc_c99" = x
-+then :
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-+printf "%s\n" "none needed" >&6; }
-+else $as_nop
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5
-+printf "%s\n" "$ac_cv_prog_cc_c99" >&6; }
-+ CC="$CC $ac_cv_prog_cc_c99"
-+fi
-+ ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99
-+ ac_prog_cc_stdc=c99
-+fi
-+fi
-+if test x$ac_prog_cc_stdc = xno
-+then :
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C89 features" >&5
-+printf %s "checking for $CC option to enable C89 features... " >&6; }
-+if test ${ac_cv_prog_cc_c89+y}
-+then :
-+ printf %s "(cached) " >&6
-+else $as_nop
-+ ac_cv_prog_cc_c89=no
-+ac_save_CC=$CC
-+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+/* end confdefs.h. */
-+$ac_c_conftest_c89_program
- _ACEOF
--for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
-- -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
-+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
- do
- CC="$ac_save_CC $ac_arg"
-- if ac_fn_c_try_compile "$LINENO"; then :
-+ if ac_fn_c_try_compile "$LINENO"
-+then :
- ac_cv_prog_cc_c89=$ac_arg
- fi
--rm -f core conftest.err conftest.$ac_objext
-+rm -f core conftest.err conftest.$ac_objext conftest.beam
- test "x$ac_cv_prog_cc_c89" != "xno" && break
- done
- rm -f conftest.$ac_ext
- CC=$ac_save_CC
--
- fi
--# AC_CACHE_VAL
--case "x$ac_cv_prog_cc_c89" in
-- x)
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
--$as_echo "none needed" >&6; } ;;
-- xno)
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
--$as_echo "unsupported" >&6; } ;;
-- *)
-- CC="$CC $ac_cv_prog_cc_c89"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
--$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
--esac
--if test "x$ac_cv_prog_cc_c89" != xno; then :
-
-+if test "x$ac_cv_prog_cc_c89" = xno
-+then :
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-+printf "%s\n" "unsupported" >&6; }
-+else $as_nop
-+ if test "x$ac_cv_prog_cc_c89" = x
-+then :
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-+printf "%s\n" "none needed" >&6; }
-+else $as_nop
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
-+printf "%s\n" "$ac_cv_prog_cc_c89" >&6; }
-+ CC="$CC $ac_cv_prog_cc_c89"
-+fi
-+ ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89
-+ ac_prog_cc_stdc=c89
-+fi
- fi
-
- ac_ext=c
-@@ -2731,45 +3318,41 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS con
- ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
- ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-- ac_ext=c
-+ac_ext=c
- ac_cpp='$CPP $CPPFLAGS'
- ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
- ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
- ac_compiler_gnu=$ac_cv_c_compiler_gnu
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
--$as_echo_n "checking how to run the C preprocessor... " >&6; }
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
-+printf %s "checking how to run the C preprocessor... " >&6; }
- # On Suns, sometimes $CPP names a directory.
- if test -n "$CPP" && test -d "$CPP"; then
- CPP=
- fi
- if test -z "$CPP"; then
-- if ${ac_cv_prog_CPP+:} false; then :
-- $as_echo_n "(cached) " >&6
--else
-- # Double quotes because CPP needs to be expanded
-- for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
-+ if test ${ac_cv_prog_CPP+y}
-+then :
-+ printf %s "(cached) " >&6
-+else $as_nop
-+ # Double quotes because $CC needs to be expanded
-+ for CPP in "$CC -E" "$CC -E -traditional-cpp" cpp /lib/cpp
- do
- ac_preproc_ok=false
- for ac_c_preproc_warn_flag in '' yes
- do
- # Use a header file that comes with gcc, so configuring glibc
- # with a fresh cross-compiler works.
-- # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-- # <limits.h> exists even on freestanding compilers.
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp. "Syntax error" is here to catch this case.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
--#ifdef __STDC__
--# include <limits.h>
--#else
--# include <assert.h>
--#endif
-+#include <limits.h>
- Syntax error
- _ACEOF
--if ac_fn_c_try_cpp "$LINENO"; then :
-+if ac_fn_c_try_cpp "$LINENO"
-+then :
-
--else
-+else $as_nop
- # Broken: fails on valid input.
- continue
- fi
-@@ -2781,10 +3364,11 @@ rm -f conftest.err conftest.i conftest.$
- /* end confdefs.h. */
- #include <ac_nonexistent.h>
- _ACEOF
--if ac_fn_c_try_cpp "$LINENO"; then :
-+if ac_fn_c_try_cpp "$LINENO"
-+then :
- # Broken: success on invalid input.
- continue
--else
-+else $as_nop
- # Passes both tests.
- ac_preproc_ok=:
- break
-@@ -2794,7 +3378,8 @@ rm -f conftest.err conftest.i conftest.$
- done
- # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
- rm -f conftest.i conftest.err conftest.$ac_ext
--if $ac_preproc_ok; then :
-+if $ac_preproc_ok
-+then :
- break
- fi
-
-@@ -2806,29 +3391,24 @@ fi
- else
- ac_cv_prog_CPP=$CPP
- fi
--{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
--$as_echo "$CPP" >&6; }
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
-+printf "%s\n" "$CPP" >&6; }
- ac_preproc_ok=false
- for ac_c_preproc_warn_flag in '' yes
- do
- # Use a header file that comes with gcc, so configuring glibc
- # with a fresh cross-compiler works.
-- # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-- # <limits.h> exists even on freestanding compilers.
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp. "Syntax error" is here to catch this case.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
--#ifdef __STDC__
--# include <limits.h>
--#else
--# include <assert.h>
--#endif
-+#include <limits.h>
- Syntax error
- _ACEOF
--if ac_fn_c_try_cpp "$LINENO"; then :
-+if ac_fn_c_try_cpp "$LINENO"
-+then :
-
--else
-+else $as_nop
- # Broken: fails on valid input.
- continue
- fi
-@@ -2840,10 +3420,11 @@ rm -f conftest.err conftest.i conftest.$
- /* end confdefs.h. */
- #include <ac_nonexistent.h>
- _ACEOF
--if ac_fn_c_try_cpp "$LINENO"; then :
-+if ac_fn_c_try_cpp "$LINENO"
-+then :
- # Broken: success on invalid input.
- continue
--else
-+else $as_nop
- # Passes both tests.
- ac_preproc_ok=:
- break
-@@ -2853,11 +3434,12 @@ rm -f conftest.err conftest.i conftest.$
- done
- # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
- rm -f conftest.i conftest.err conftest.$ac_ext
--if $ac_preproc_ok; then :
-+if $ac_preproc_ok
-+then :
-
--else
-- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
--$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-+else $as_nop
-+ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
- as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
- See \`config.log' for more details" "$LINENO" 5; }
- fi
-@@ -2869,31 +3451,32 @@ ac_link='$CC -o conftest$ac_exeext $CFLA
- ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-- rlm_krb5_dir=
-+rlm_krb5_dir=
-
- # Check whether --with-rlm-krb5-dir was given.
--if test "${with_rlm_krb5_dir+set}" = set; then :
-- withval=$with_rlm_krb5_dir; case "$withval" in
-- no)
-+if test ${with_rlm_krb5_dir+y}
-+then :
-+ withval=$with_rlm_krb5_dir; case "$withval" in
-+ no)
- as_fn_error $? "Need rlm-krb5-dir" "$LINENO" 5
- ;;
-- yes)
-+ yes)
- ;;
-- *)
-+ *)
- rlm_krb5_dir="$withval"
- ;;
-- esac
--
-+ esac
- fi
-
-
-- # Extract the first word of "krb5-config", so it can be a program name with args.
-+# Extract the first word of "krb5-config", so it can be a program name with args.
- set dummy krb5-config; ac_word=$2
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
--$as_echo_n "checking for $ac_word... " >&6; }
--if ${ac_cv_path_krb5_config+:} false; then :
-- $as_echo_n "(cached) " >&6
--else
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-+printf %s "checking for $ac_word... " >&6; }
-+if test ${ac_cv_path_krb5_config+y}
-+then :
-+ printf %s "(cached) " >&6
-+else $as_nop
- case $krb5_config in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_krb5_config="$krb5_config" # Let the user override the test with a path.
-@@ -2904,11 +3487,15 @@ as_dummy="${rlm_krb5_dir}/bin:${PATH}:/u
- for as_dir in $as_dummy
- do
- IFS=$as_save_IFS
-- test -z "$as_dir" && as_dir=.
-+ case $as_dir in #(((
-+ '') as_dir=./ ;;
-+ */) ;;
-+ *) as_dir=$as_dir/ ;;
-+ esac
- for ac_exec_ext in '' $ac_executable_extensions; do
-- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-- ac_cv_path_krb5_config="$as_dir/$ac_word$ac_exec_ext"
-- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
-+ ac_cv_path_krb5_config="$as_dir$ac_word$ac_exec_ext"
-+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
- done
-@@ -2921,1920 +3508,1639 @@ esac
- fi
- krb5_config=$ac_cv_path_krb5_config
- if test -n "$krb5_config"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_config" >&5
--$as_echo "$krb5_config" >&6; }
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_config" >&5
-+printf "%s\n" "$krb5_config" >&6; }
- else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
- fi
-
-
-- if test "$krb5_config" != 'not-found'; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking krb5-config CFLAGS" >&5
--$as_echo_n "checking krb5-config CFLAGS... " >&6; }
-- SMART_CPPFLAGS=$($krb5_config --cflags)
-- SMART_CPPFLAGS=$(echo "$SMART_CPPFLAGS" | sed 's/-I[ ]*/-isystem /g')
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: \"$SMART_CPPFLAGS\"" >&5
--$as_echo "\"$SMART_CPPFLAGS\"" >&6; }
--
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking krb5-config LDFLAGS" >&5
--$as_echo_n "checking krb5-config LDFLAGS... " >&6; }
-- SMART_LIBS=$($krb5_config --libs)
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${SMART_LIBS}" >&5
--$as_echo "${SMART_LIBS}" >&6; }
--
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking krb5-config reported version" >&5
--$as_echo_n "checking krb5-config reported version... " >&6; }
-- krb5_version_raw=$($krb5_config --version)
--
-- krb5_version=$(echo "$krb5_version_raw" | head -n 1 | \
-- awk '{split($(4),v,"."); if (v["3"] = "") v["3"] = "0"; print v["1"]v["2"]v["3"] }')
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${krb5_version_raw} ($krb5_version)" >&5
--$as_echo "${krb5_version_raw} ($krb5_version)" >&6; }
--
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking krb5-config reported vendor" >&5
--$as_echo_n "checking krb5-config reported vendor... " >&6; }
-- krb5_vendor=$($krb5_config --vendor)
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${krb5_vendor}" >&5
--$as_echo "${krb5_vendor}" >&6; }
--
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking canonical API type" >&5
--$as_echo_n "checking canonical API type... " >&6; }
-- if test "$krb5_vendor" = "Massachusetts Institute of Technology" || \
-- echo "$krb5_vendor" | grep -i 'MIT' > /dev/null 2>&1 || \
-- echo "$krb5_version_raw" | grep -i 'MIT' > /dev/null 2>&1 ; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: MIT" >&5
--$as_echo "MIT" >&6; }
-- krb5_api_type='mit'
-- else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: HEIMDAL" >&5
--$as_echo "HEIMDAL" >&6; }
-- krb5_api_type='heimdal'
-- fi
-+if test "$krb5_config" != 'not-found'; then
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking krb5-config CFLAGS" >&5
-+printf %s "checking krb5-config CFLAGS... " >&6; }
-+ SMART_CPPFLAGS=$($krb5_config --cflags)
-+ SMART_CPPFLAGS=$(echo "$SMART_CPPFLAGS" | sed 's/-I[ ]*/-isystem /g')
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: \"$SMART_CPPFLAGS\"" >&5
-+printf "%s\n" "\"$SMART_CPPFLAGS\"" >&6; }
-+
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking krb5-config LDFLAGS" >&5
-+printf %s "checking krb5-config LDFLAGS... " >&6; }
-+ SMART_LIBS=$($krb5_config --libs)
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${SMART_LIBS}" >&5
-+printf "%s\n" "${SMART_LIBS}" >&6; }
-+
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking krb5-config reported version" >&5
-+printf %s "checking krb5-config reported version... " >&6; }
-+ krb5_version_raw=$($krb5_config --version)
-+
-+ krb5_version=$(echo "$krb5_version_raw" | head -n 1 | \
-+ awk '{split($(4),v,"."); if (v["3"] == "") v["3"] = "0"; print v["1"]v["2"]v["3"] }')
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${krb5_version_raw} ($krb5_version)" >&5
-+printf "%s\n" "${krb5_version_raw} ($krb5_version)" >&6; }
-+
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking krb5-config reported vendor" >&5
-+printf %s "checking krb5-config reported vendor... " >&6; }
-+ krb5_vendor=$($krb5_config --vendor)
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${krb5_vendor}" >&5
-+printf "%s\n" "${krb5_vendor}" >&6; }
-+
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking canonical API type" >&5
-+printf %s "checking canonical API type... " >&6; }
-+ if test "$krb5_vendor" = "Massachusetts Institute of Technology" || \
-+ echo "$krb5_vendor" | grep -i 'MIT' > /dev/null 2>&1 || \
-+ echo "$krb5_version_raw" | grep -i 'MIT' > /dev/null 2>&1 ; then
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: MIT" >&5
-+printf "%s\n" "MIT" >&6; }
-+ krb5_api_type='mit'
- else
-- smart_try_dir="$rlm_krb5_dir/include"
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: HEIMDAL" >&5
-+printf "%s\n" "HEIMDAL" >&6; }
-+ krb5_api_type='heimdal'
-+ fi
-+else
-+ smart_try_dir="$rlm_krb5_dir/include"
-
-
-
- ac_safe=`echo "krb5.h" | sed 'y%./+-%__pm%'`
-+
-+if test "x" = "x"; then
-+ sm_pkg=`echo "${ac_safe}" | sed 's/.h//;s/^lib//'`
-+else
-+ sm_pkg=""
-+fi
-+
- old_CPPFLAGS="$CPPFLAGS"
--smart_include=
--smart_include_dir="/usr/local/include /opt/include"
-+smart_include_dir="/usr/local/include /opt/include /usr/local/${sm_pkg}/include /opt/homebrew/include /opt/homebrew/opt/${sm_pkg}/include"
-
- _smart_try_dir=
- _smart_include_dir=
-
- for _prefix in $smart_prefix ""; do
-- for _dir in $smart_try_dir; do
-- _smart_try_dir="${_smart_try_dir} ${_dir}/${_prefix}"
-- done
-+for _dir in $smart_try_dir; do
-+ _smart_try_dir="${_smart_try_dir} ${_dir}/${_prefix}"
-+done
-
-- for _dir in $smart_include_dir; do
-- _smart_include_dir="${_smart_include_dir} ${_dir}/${_prefix}"
-- done
-+for _dir in $smart_include_dir; do
-+ _smart_include_dir="${_smart_include_dir} ${_dir}/${_prefix}"
-+done
- done
-
- if test "x$_smart_try_dir" != "x"; then
-- for try in $_smart_try_dir; do
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5.h in $try" >&5
--$as_echo_n "checking for krb5.h in $try... " >&6; }
-- CPPFLAGS="-isystem $try $old_CPPFLAGS"
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+for try in $_smart_try_dir; do
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for krb5.h in $try" >&5
-+printf %s "checking for krb5.h in $try... " >&6; }
-+ CPPFLAGS="-isystem $try $old_CPPFLAGS"
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
-
-- #include <krb5.h>
-+
-+ #include <krb5.h>
-+
- int
--main ()
-+main (void)
- {
--int a = 1;
-+
-+ int a = 1;
-+
-+
- ;
- return 0;
- }
-+
- _ACEOF
--if ac_fn_c_try_compile "$LINENO"; then :
-+if ac_fn_c_try_compile "$LINENO"
-+then :
-
-- smart_include="-isystem $try"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
-+ smart_include="-isystem $try"
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+ break
-
--else
-+else $as_nop
-
-- smart_include=
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_include=
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
-
- fi
--rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-- done
-- CPPFLAGS="$old_CPPFLAGS"
-+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-+done
-+CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_include" = "x"; then
-- for _prefix in $smart_prefix; do
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${_prefix}/krb5.h" >&5
--$as_echo_n "checking for ${_prefix}/krb5.h... " >&6; }
-+for _prefix in $smart_prefix; do
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ${_prefix}/krb5.h" >&5
-+printf %s "checking for ${_prefix}/krb5.h... " >&6; }
-
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
-
-- #include <krb5.h>
-+
-+ #include <krb5.h>
-+
- int
--main ()
-+main (void)
- {
--int a = 1;
-+
-+ int a = 1;
-+
-+
- ;
- return 0;
- }
-+
- _ACEOF
--if ac_fn_c_try_compile "$LINENO"; then :
-+if ac_fn_c_try_compile "$LINENO"
-+then :
-
-- smart_include="-isystem ${_prefix}/"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
-+ smart_include="-isystem ${_prefix}/"
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+ break
-
--else
-+else $as_nop
-
-- smart_include=
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_include=
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
-
- fi
--rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-- done
-+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-+done
- fi
-
- if test "x$smart_include" = "x"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5.h" >&5
--$as_echo_n "checking for krb5.h... " >&6; }
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for krb5.h" >&5
-+printf %s "checking for krb5.h... " >&6; }
-
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
-
-- #include <krb5.h>
-+
-+ #include <krb5.h>
-+
- int
--main ()
-+main (void)
- {
--int a = 1;
-+
-+ int a = 1;
-+
-+
- ;
- return 0;
- }
-+
- _ACEOF
--if ac_fn_c_try_compile "$LINENO"; then :
-+if ac_fn_c_try_compile "$LINENO"
-+then :
-
-- smart_include=" "
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
-+ smart_include=" "
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+ break
-
--else
-+else $as_nop
-
-- smart_include=
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_include=
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
-
- fi
--rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- fi
-
- if test "x$smart_include" = "x"; then
--
-- for prefix in $smart_prefix; do
--
--
--if test "x$LOCATE" != "x"; then
-- DIRS=
-- file="${_prefix}/${1}"
--
-- for x in `${LOCATE} $file 2>/dev/null`; do
-- base=`echo $x | sed "s%/${file}%%"`
-- if test "x$x" = "x$base"; then
-- continue;
-- fi
--
-- dir=`${DIRNAME} $x 2>/dev/null`
-- exclude=`echo ${dir} | ${GREP} /home`
-- if test "x$exclude" != "x"; then
-- continue
-- fi
--
-- already=`echo \$_smart_include_dir ${DIRS} | ${GREP} ${dir}`
-- if test "x$already" = "x"; then
-- DIRS="$DIRS $dir"
-- fi
-- done
--fi
--
--eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\""
--
-- done
-+for try in $_smart_include_dir; do
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for krb5.h in $try" >&5
-+printf %s "checking for krb5.h in $try... " >&6; }
-+ CPPFLAGS="-isystem $try $old_CPPFLAGS"
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+/* end confdefs.h. */
-
-
--if test "x$LOCATE" != "x"; then
-- DIRS=
-- file=krb5.h
--
-- for x in `${LOCATE} $file 2>/dev/null`; do
-- base=`echo $x | sed "s%/${file}%%"`
-- if test "x$x" = "x$base"; then
-- continue;
-- fi
-+ #include <krb5.h>
-
-- dir=`${DIRNAME} $x 2>/dev/null`
-- exclude=`echo ${dir} | ${GREP} /home`
-- if test "x$exclude" != "x"; then
-- continue
-- fi
--
-- already=`echo \$_smart_include_dir ${DIRS} | ${GREP} ${dir}`
-- if test "x$already" = "x"; then
-- DIRS="$DIRS $dir"
-- fi
-- done
--fi
--
--eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\""
-+int
-+main (void)
-+{
-
-+ int a = 1;
-
-- for try in $_smart_include_dir; do
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5.h in $try" >&5
--$as_echo_n "checking for krb5.h in $try... " >&6; }
-- CPPFLAGS="-isystem $try $old_CPPFLAGS"
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--/* end confdefs.h. */
-
-- #include <krb5.h>
--int
--main ()
--{
--int a = 1;
- ;
- return 0;
- }
-+
- _ACEOF
--if ac_fn_c_try_compile "$LINENO"; then :
-+if ac_fn_c_try_compile "$LINENO"
-+then :
-
-- smart_include="-isystem $try"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
-+ smart_include="-isystem $try"
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+ break
-
--else
-+else $as_nop
-
-- smart_include=
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_include=
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
-
- fi
--rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-- done
-- CPPFLAGS="$old_CPPFLAGS"
-+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-+done
-+CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_include" != "x"; then
-- eval "ac_cv_header_$ac_safe=yes"
-- CPPFLAGS="$smart_include $old_CPPFLAGS"
-- SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS"
-+eval "ac_cv_header_$ac_safe=yes"
-+CPPFLAGS="$smart_include $old_CPPFLAGS"
-+SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS"
- fi
-
- smart_prefix=
-
-- if test "$ac_cv_header_krb5_h" != "yes"; then
-- fail="$fail krb5.h"
-- fi
-+ if test "$ac_cv_header_krb5_h" != "yes"; then
-+
-+fail="$fail krb5.h"
-
-- krb5libcrypto=
-- smart_try_dir="$rlm_krb5_dir/lib"
-+ fi
-+
-+ krb5libcrypto=
-+ smart_try_dir="$rlm_krb5_dir/lib"
-
-
- sm_lib_safe=`echo "k5crypto" | sed 'y%./+-%__p_%'`
- sm_func_safe=`echo "krb5_encrypt_data" | sed 'y%./+-%__p_%'`
-
-+if test "x" = "x"; then
-+ sm_pkg="${sm_lib_safe}"
-+else
-+ sm_pkg=""
-+fi
-+
- old_LIBS="$LIBS"
- old_CPPFLAGS="$CPPFLAGS"
- smart_lib=
- smart_ldflags=
--smart_lib_dir=
-+smart_lib_dir="/usr/local/lib /opt/lib /usr/local/${sm_pkg}/lib /opt/homebrew/lib /opt/homebrew/opt/${sm_pkg}/lib"
-
- if test "x$smart_try_dir" != "x"; then
-- for try in $smart_try_dir; do
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_encrypt_data in -lk5crypto in $try" >&5
--$as_echo_n "checking for krb5_encrypt_data in -lk5crypto in $try... " >&6; }
-- LIBS="-lk5crypto $old_LIBS"
-- CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+for try in $smart_try_dir; do
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for krb5_encrypt_data in -lk5crypto in $try" >&5
-+printf %s "checking for krb5_encrypt_data in -lk5crypto in $try... " >&6; }
-+ LIBS="-lk5crypto $old_LIBS"
-+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char krb5_encrypt_data();
- int
--main ()
-+main (void)
- {
- krb5_encrypt_data()
- ;
- return 0;
- }
- _ACEOF
--if ac_fn_c_try_link "$LINENO"; then :
--
-- smart_lib="-lk5crypto"
-- smart_ldflags="-L$try -Wl,-rpath,$try"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
-+if ac_fn_c_try_link "$LINENO"
-+then :
-
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_lib="-lk5crypto"
-+ smart_ldflags="-L$try -Wl,-rpath,$try"
-+ smart_ld_found="$try"
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+ break
-+
-+else $as_nop
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
- fi
--rm -f core conftest.err conftest.$ac_objext \
-+rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-- done
-- LIBS="$old_LIBS"
-- CPPFLAGS="$old_CPPFLAGS"
-+done
-+LIBS="$old_LIBS"
-+CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_lib" = "x"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_encrypt_data in -lk5crypto" >&5
--$as_echo_n "checking for krb5_encrypt_data in -lk5crypto... " >&6; }
-- LIBS="-lk5crypto $old_LIBS"
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for krb5_encrypt_data in -lk5crypto" >&5
-+printf %s "checking for krb5_encrypt_data in -lk5crypto... " >&6; }
-+LIBS="-lk5crypto $old_LIBS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char krb5_encrypt_data();
- int
--main ()
-+main (void)
- {
- krb5_encrypt_data()
- ;
- return 0;
- }
- _ACEOF
--if ac_fn_c_try_link "$LINENO"; then :
-+if ac_fn_c_try_link "$LINENO"
-+then :
-
-- smart_lib="-lk5crypto"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
--
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_lib="-lk5crypto"
-+ smart_ld_found=""
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+
-+else $as_nop
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
- fi
--rm -f core conftest.err conftest.$ac_objext \
-+rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-- LIBS="$old_LIBS"
-+LIBS="$old_LIBS"
- fi
-
- if test "x$smart_lib" = "x"; then
--
--
--if test "x$LOCATE" != "x"; then
-- DIRS=
-- file=libk5crypto${libltdl_cv_shlibext}
--
-- for x in `${LOCATE} $file 2>/dev/null`; do
-- base=`echo $x | sed "s%/${file}%%"`
-- if test "x$x" = "x$base"; then
-- continue;
-- fi
--
-- dir=`${DIRNAME} $x 2>/dev/null`
-- exclude=`echo ${dir} | ${GREP} /home`
-- if test "x$exclude" != "x"; then
-- continue
-- fi
--
-- already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}`
-- if test "x$already" = "x"; then
-- DIRS="$DIRS $dir"
-- fi
-- done
--fi
--
--eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\""
--
--
--
--if test "x$LOCATE" != "x"; then
-- DIRS=
-- file=libk5crypto.a
--
-- for x in `${LOCATE} $file 2>/dev/null`; do
-- base=`echo $x | sed "s%/${file}%%"`
-- if test "x$x" = "x$base"; then
-- continue;
-- fi
--
-- dir=`${DIRNAME} $x 2>/dev/null`
-- exclude=`echo ${dir} | ${GREP} /home`
-- if test "x$exclude" != "x"; then
-- continue
-- fi
--
-- already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}`
-- if test "x$already" = "x"; then
-- DIRS="$DIRS $dir"
-- fi
-- done
--fi
--
--eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\""
--
--
-- for try in $smart_lib_dir /usr/local/lib /opt/lib; do
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_encrypt_data in -lk5crypto in $try" >&5
--$as_echo_n "checking for krb5_encrypt_data in -lk5crypto in $try... " >&6; }
-- LIBS="-lk5crypto $old_LIBS"
-- CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+for try in $smart_lib_dir; do
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for krb5_encrypt_data in -lk5crypto in $try" >&5
-+printf %s "checking for krb5_encrypt_data in -lk5crypto in $try... " >&6; }
-+ LIBS="-lk5crypto $old_LIBS"
-+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char krb5_encrypt_data();
- int
--main ()
-+main (void)
- {
- krb5_encrypt_data()
- ;
- return 0;
- }
- _ACEOF
--if ac_fn_c_try_link "$LINENO"; then :
--
-- smart_lib="-lk5crypto"
-- smart_ldflags="-L$try -Wl,-rpath,$try"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
-+if ac_fn_c_try_link "$LINENO"
-+then :
-
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_lib="-lk5crypto"
-+ smart_ldflags="-L$try -Wl,-rpath,$try"
-+ smart_ld_found="$try"
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+ break
-+
-+else $as_nop
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
- fi
--rm -f core conftest.err conftest.$ac_objext \
-+rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-- done
-- LIBS="$old_LIBS"
-- CPPFLAGS="$old_CPPFLAGS"
-+done
-+LIBS="$old_LIBS"
-+CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_lib" != "x"; then
-- eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
-- LIBS="$smart_ldflags $smart_lib $old_LIBS"
-- SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
-+eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
-+LIBS="$smart_ldflags $smart_lib $old_LIBS"
-+SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
-+SMART_LD_FOUND="$smart_ld_found"
- fi
-
-- if test "x$ac_cv_lib_k5crypto_krb5_encrypt_data" = xyes; then
-- krb5libcrypto="-lk5crypto"
-- fi
-+ if test "x$ac_cv_lib_k5crypto_krb5_encrypt_data" = xyes; then
-+ krb5libcrypto="-lk5crypto"
-+ fi
-
-- if test "x$krb5libcrypto" = x; then
-+ if test "x$krb5libcrypto" = x; then
-
-
- sm_lib_safe=`echo "crypto" | sed 'y%./+-%__p_%'`
- sm_func_safe=`echo "DH_new" | sed 'y%./+-%__p_%'`
-
-+if test "x" = "x"; then
-+ sm_pkg="${sm_lib_safe}"
-+else
-+ sm_pkg=""
-+fi
-+
- old_LIBS="$LIBS"
- old_CPPFLAGS="$CPPFLAGS"
- smart_lib=
- smart_ldflags=
--smart_lib_dir=
-+smart_lib_dir="/usr/local/lib /opt/lib /usr/local/${sm_pkg}/lib /opt/homebrew/lib /opt/homebrew/opt/${sm_pkg}/lib"
-
- if test "x$smart_try_dir" != "x"; then
-- for try in $smart_try_dir; do
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for DH_new in -lcrypto in $try" >&5
--$as_echo_n "checking for DH_new in -lcrypto in $try... " >&6; }
-- LIBS="-lcrypto $old_LIBS"
-- CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+for try in $smart_try_dir; do
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for DH_new in -lcrypto in $try" >&5
-+printf %s "checking for DH_new in -lcrypto in $try... " >&6; }
-+ LIBS="-lcrypto $old_LIBS"
-+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char DH_new();
- int
--main ()
-+main (void)
- {
- DH_new()
- ;
- return 0;
- }
- _ACEOF
--if ac_fn_c_try_link "$LINENO"; then :
--
-- smart_lib="-lcrypto"
-- smart_ldflags="-L$try -Wl,-rpath,$try"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
-+if ac_fn_c_try_link "$LINENO"
-+then :
-
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_lib="-lcrypto"
-+ smart_ldflags="-L$try -Wl,-rpath,$try"
-+ smart_ld_found="$try"
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+ break
-+
-+else $as_nop
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
- fi
--rm -f core conftest.err conftest.$ac_objext \
-+rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-- done
-- LIBS="$old_LIBS"
-- CPPFLAGS="$old_CPPFLAGS"
-+done
-+LIBS="$old_LIBS"
-+CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_lib" = "x"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for DH_new in -lcrypto" >&5
--$as_echo_n "checking for DH_new in -lcrypto... " >&6; }
-- LIBS="-lcrypto $old_LIBS"
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for DH_new in -lcrypto" >&5
-+printf %s "checking for DH_new in -lcrypto... " >&6; }
-+LIBS="-lcrypto $old_LIBS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char DH_new();
- int
--main ()
-+main (void)
- {
- DH_new()
- ;
- return 0;
- }
- _ACEOF
--if ac_fn_c_try_link "$LINENO"; then :
--
-- smart_lib="-lcrypto"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-+if ac_fn_c_try_link "$LINENO"
-+then :
-
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_lib="-lcrypto"
-+ smart_ld_found=""
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+
-+else $as_nop
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
- fi
--rm -f core conftest.err conftest.$ac_objext \
-+rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-- LIBS="$old_LIBS"
-+LIBS="$old_LIBS"
- fi
-
- if test "x$smart_lib" = "x"; then
--
--
--if test "x$LOCATE" != "x"; then
-- DIRS=
-- file=libcrypto${libltdl_cv_shlibext}
--
-- for x in `${LOCATE} $file 2>/dev/null`; do
-- base=`echo $x | sed "s%/${file}%%"`
-- if test "x$x" = "x$base"; then
-- continue;
-- fi
--
-- dir=`${DIRNAME} $x 2>/dev/null`
-- exclude=`echo ${dir} | ${GREP} /home`
-- if test "x$exclude" != "x"; then
-- continue
-- fi
--
-- already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}`
-- if test "x$already" = "x"; then
-- DIRS="$DIRS $dir"
-- fi
-- done
--fi
--
--eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\""
--
--
--
--if test "x$LOCATE" != "x"; then
-- DIRS=
-- file=libcrypto.a
--
-- for x in `${LOCATE} $file 2>/dev/null`; do
-- base=`echo $x | sed "s%/${file}%%"`
-- if test "x$x" = "x$base"; then
-- continue;
-- fi
--
-- dir=`${DIRNAME} $x 2>/dev/null`
-- exclude=`echo ${dir} | ${GREP} /home`
-- if test "x$exclude" != "x"; then
-- continue
-- fi
--
-- already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}`
-- if test "x$already" = "x"; then
-- DIRS="$DIRS $dir"
-- fi
-- done
--fi
--
--eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\""
--
--
-- for try in $smart_lib_dir /usr/local/lib /opt/lib; do
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for DH_new in -lcrypto in $try" >&5
--$as_echo_n "checking for DH_new in -lcrypto in $try... " >&6; }
-- LIBS="-lcrypto $old_LIBS"
-- CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+for try in $smart_lib_dir; do
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for DH_new in -lcrypto in $try" >&5
-+printf %s "checking for DH_new in -lcrypto in $try... " >&6; }
-+ LIBS="-lcrypto $old_LIBS"
-+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char DH_new();
- int
--main ()
-+main (void)
- {
- DH_new()
- ;
- return 0;
- }
- _ACEOF
--if ac_fn_c_try_link "$LINENO"; then :
--
-- smart_lib="-lcrypto"
-- smart_ldflags="-L$try -Wl,-rpath,$try"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
-+if ac_fn_c_try_link "$LINENO"
-+then :
-
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_lib="-lcrypto"
-+ smart_ldflags="-L$try -Wl,-rpath,$try"
-+ smart_ld_found="$try"
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+ break
-+
-+else $as_nop
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
- fi
--rm -f core conftest.err conftest.$ac_objext \
-+rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-- done
-- LIBS="$old_LIBS"
-- CPPFLAGS="$old_CPPFLAGS"
-+done
-+LIBS="$old_LIBS"
-+CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_lib" != "x"; then
-- eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
-- LIBS="$smart_ldflags $smart_lib $old_LIBS"
-- SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
-+eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
-+LIBS="$smart_ldflags $smart_lib $old_LIBS"
-+SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
-+SMART_LD_FOUND="$smart_ld_found"
- fi
-
-- if test "x$ac_cv_lib_crypto_DH_new" = xyes; then
-- krb5libcrypto="-lcrypto"
-- fi
-+ if test "x$ac_cv_lib_crypto_DH_new" = xyes; then
-+ krb5libcrypto="-lcrypto"
- fi
-+ fi
-
-- if test "x$krb5libcrypto" = x; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: neither krb5 'k5crypto' nor 'crypto' libraries are found!" >&5
--$as_echo "$as_me: WARNING: neither krb5 'k5crypto' nor 'crypto' libraries are found!" >&2;}
-- fi
-+ if test "x$krb5libcrypto" = x; then
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: neither krb5 'k5crypto' nor 'crypto' libraries are found!" >&5
-+printf "%s\n" "$as_me: WARNING: neither krb5 'k5crypto' nor 'crypto' libraries are found!" >&2;}
-+ fi
-
-
-
- sm_lib_safe=`echo "com_err" | sed 'y%./+-%__p_%'`
- sm_func_safe=`echo "set_com_err_hook" | sed 'y%./+-%__p_%'`
-
-+if test "x" = "x"; then
-+ sm_pkg="${sm_lib_safe}"
-+else
-+ sm_pkg=""
-+fi
-+
- old_LIBS="$LIBS"
- old_CPPFLAGS="$CPPFLAGS"
- smart_lib=
- smart_ldflags=
--smart_lib_dir=
-+smart_lib_dir="/usr/local/lib /opt/lib /usr/local/${sm_pkg}/lib /opt/homebrew/lib /opt/homebrew/opt/${sm_pkg}/lib"
-
- if test "x$smart_try_dir" != "x"; then
-- for try in $smart_try_dir; do
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for set_com_err_hook in -lcom_err in $try" >&5
--$as_echo_n "checking for set_com_err_hook in -lcom_err in $try... " >&6; }
-- LIBS="-lcom_err $old_LIBS"
-- CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+for try in $smart_try_dir; do
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for set_com_err_hook in -lcom_err in $try" >&5
-+printf %s "checking for set_com_err_hook in -lcom_err in $try... " >&6; }
-+ LIBS="-lcom_err $old_LIBS"
-+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char set_com_err_hook();
- int
--main ()
-+main (void)
- {
- set_com_err_hook()
- ;
- return 0;
- }
- _ACEOF
--if ac_fn_c_try_link "$LINENO"; then :
-+if ac_fn_c_try_link "$LINENO"
-+then :
-
-- smart_lib="-lcom_err"
-- smart_ldflags="-L$try -Wl,-rpath,$try"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
--
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_lib="-lcom_err"
-+ smart_ldflags="-L$try -Wl,-rpath,$try"
-+ smart_ld_found="$try"
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+ break
-+
-+else $as_nop
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
- fi
--rm -f core conftest.err conftest.$ac_objext \
-+rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-- done
-- LIBS="$old_LIBS"
-- CPPFLAGS="$old_CPPFLAGS"
-+done
-+LIBS="$old_LIBS"
-+CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_lib" = "x"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for set_com_err_hook in -lcom_err" >&5
--$as_echo_n "checking for set_com_err_hook in -lcom_err... " >&6; }
-- LIBS="-lcom_err $old_LIBS"
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for set_com_err_hook in -lcom_err" >&5
-+printf %s "checking for set_com_err_hook in -lcom_err... " >&6; }
-+LIBS="-lcom_err $old_LIBS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char set_com_err_hook();
- int
--main ()
-+main (void)
- {
- set_com_err_hook()
- ;
- return 0;
- }
- _ACEOF
--if ac_fn_c_try_link "$LINENO"; then :
-+if ac_fn_c_try_link "$LINENO"
-+then :
-
-- smart_lib="-lcom_err"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
--
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_lib="-lcom_err"
-+ smart_ld_found=""
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+
-+else $as_nop
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
- fi
--rm -f core conftest.err conftest.$ac_objext \
-+rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-- LIBS="$old_LIBS"
-+LIBS="$old_LIBS"
- fi
-
- if test "x$smart_lib" = "x"; then
--
--
--if test "x$LOCATE" != "x"; then
-- DIRS=
-- file=libcom_err${libltdl_cv_shlibext}
--
-- for x in `${LOCATE} $file 2>/dev/null`; do
-- base=`echo $x | sed "s%/${file}%%"`
-- if test "x$x" = "x$base"; then
-- continue;
-- fi
--
-- dir=`${DIRNAME} $x 2>/dev/null`
-- exclude=`echo ${dir} | ${GREP} /home`
-- if test "x$exclude" != "x"; then
-- continue
-- fi
--
-- already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}`
-- if test "x$already" = "x"; then
-- DIRS="$DIRS $dir"
-- fi
-- done
--fi
--
--eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\""
--
--
--
--if test "x$LOCATE" != "x"; then
-- DIRS=
-- file=libcom_err.a
--
-- for x in `${LOCATE} $file 2>/dev/null`; do
-- base=`echo $x | sed "s%/${file}%%"`
-- if test "x$x" = "x$base"; then
-- continue;
-- fi
--
-- dir=`${DIRNAME} $x 2>/dev/null`
-- exclude=`echo ${dir} | ${GREP} /home`
-- if test "x$exclude" != "x"; then
-- continue
-- fi
--
-- already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}`
-- if test "x$already" = "x"; then
-- DIRS="$DIRS $dir"
-- fi
-- done
--fi
--
--eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\""
--
--
-- for try in $smart_lib_dir /usr/local/lib /opt/lib; do
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for set_com_err_hook in -lcom_err in $try" >&5
--$as_echo_n "checking for set_com_err_hook in -lcom_err in $try... " >&6; }
-- LIBS="-lcom_err $old_LIBS"
-- CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+for try in $smart_lib_dir; do
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for set_com_err_hook in -lcom_err in $try" >&5
-+printf %s "checking for set_com_err_hook in -lcom_err in $try... " >&6; }
-+ LIBS="-lcom_err $old_LIBS"
-+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char set_com_err_hook();
- int
--main ()
-+main (void)
- {
- set_com_err_hook()
- ;
- return 0;
- }
- _ACEOF
--if ac_fn_c_try_link "$LINENO"; then :
--
-- smart_lib="-lcom_err"
-- smart_ldflags="-L$try -Wl,-rpath,$try"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
-+if ac_fn_c_try_link "$LINENO"
-+then :
-
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_lib="-lcom_err"
-+ smart_ldflags="-L$try -Wl,-rpath,$try"
-+ smart_ld_found="$try"
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+ break
-+
-+else $as_nop
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
- fi
--rm -f core conftest.err conftest.$ac_objext \
-+rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-- done
-- LIBS="$old_LIBS"
-- CPPFLAGS="$old_CPPFLAGS"
-+done
-+LIBS="$old_LIBS"
-+CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_lib" != "x"; then
-- eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
-- LIBS="$smart_ldflags $smart_lib $old_LIBS"
-- SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
-+eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
-+LIBS="$smart_ldflags $smart_lib $old_LIBS"
-+SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
-+SMART_LD_FOUND="$smart_ld_found"
- fi
-
-- if test "x$ac_cv_lib_com_err_set_com_err_hook" != xyes; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: the comm_err library isn't found!" >&5
--$as_echo "$as_me: WARNING: the comm_err library isn't found!" >&2;}
-- fi
-+ if test "x$ac_cv_lib_com_err_set_com_err_hook" != xyes; then
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: the comm_err library isn't found!" >&5
-+printf "%s\n" "$as_me: WARNING: the comm_err library isn't found!" >&2;}
-+ fi
-
-
-
- sm_lib_safe=`echo "krb5" | sed 'y%./+-%__p_%'`
- sm_func_safe=`echo "krb5_verify_user_opt" | sed 'y%./+-%__p_%'`
-
-+if test "x" = "x"; then
-+ sm_pkg="${sm_lib_safe}"
-+else
-+ sm_pkg=""
-+fi
-+
- old_LIBS="$LIBS"
- old_CPPFLAGS="$CPPFLAGS"
- smart_lib=
- smart_ldflags=
--smart_lib_dir=
-+smart_lib_dir="/usr/local/lib /opt/lib /usr/local/${sm_pkg}/lib /opt/homebrew/lib /opt/homebrew/opt/${sm_pkg}/lib"
-
- if test "x$smart_try_dir" != "x"; then
-- for try in $smart_try_dir; do
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_verify_user_opt in -lkrb5 in $try" >&5
--$as_echo_n "checking for krb5_verify_user_opt in -lkrb5 in $try... " >&6; }
-- LIBS="-lkrb5 $old_LIBS"
-- CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+for try in $smart_try_dir; do
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for krb5_verify_user_opt in -lkrb5 in $try" >&5
-+printf %s "checking for krb5_verify_user_opt in -lkrb5 in $try... " >&6; }
-+ LIBS="-lkrb5 $old_LIBS"
-+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char krb5_verify_user_opt();
- int
--main ()
-+main (void)
- {
- krb5_verify_user_opt()
- ;
- return 0;
- }
- _ACEOF
--if ac_fn_c_try_link "$LINENO"; then :
--
-- smart_lib="-lkrb5"
-- smart_ldflags="-L$try -Wl,-rpath,$try"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
-+if ac_fn_c_try_link "$LINENO"
-+then :
-
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_lib="-lkrb5"
-+ smart_ldflags="-L$try -Wl,-rpath,$try"
-+ smart_ld_found="$try"
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+ break
-+
-+else $as_nop
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
- fi
--rm -f core conftest.err conftest.$ac_objext \
-+rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-- done
-- LIBS="$old_LIBS"
-- CPPFLAGS="$old_CPPFLAGS"
-+done
-+LIBS="$old_LIBS"
-+CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_lib" = "x"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_verify_user_opt in -lkrb5" >&5
--$as_echo_n "checking for krb5_verify_user_opt in -lkrb5... " >&6; }
-- LIBS="-lkrb5 $old_LIBS"
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for krb5_verify_user_opt in -lkrb5" >&5
-+printf %s "checking for krb5_verify_user_opt in -lkrb5... " >&6; }
-+LIBS="-lkrb5 $old_LIBS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char krb5_verify_user_opt();
- int
--main ()
-+main (void)
- {
- krb5_verify_user_opt()
- ;
- return 0;
- }
- _ACEOF
--if ac_fn_c_try_link "$LINENO"; then :
-+if ac_fn_c_try_link "$LINENO"
-+then :
-
-- smart_lib="-lkrb5"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
--
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_lib="-lkrb5"
-+ smart_ld_found=""
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+
-+else $as_nop
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
- fi
--rm -f core conftest.err conftest.$ac_objext \
-+rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-- LIBS="$old_LIBS"
-+LIBS="$old_LIBS"
- fi
-
- if test "x$smart_lib" = "x"; then
--
--
--if test "x$LOCATE" != "x"; then
-- DIRS=
-- file=libkrb5${libltdl_cv_shlibext}
--
-- for x in `${LOCATE} $file 2>/dev/null`; do
-- base=`echo $x | sed "s%/${file}%%"`
-- if test "x$x" = "x$base"; then
-- continue;
-- fi
--
-- dir=`${DIRNAME} $x 2>/dev/null`
-- exclude=`echo ${dir} | ${GREP} /home`
-- if test "x$exclude" != "x"; then
-- continue
-- fi
--
-- already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}`
-- if test "x$already" = "x"; then
-- DIRS="$DIRS $dir"
-- fi
-- done
--fi
--
--eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\""
--
--
--
--if test "x$LOCATE" != "x"; then
-- DIRS=
-- file=libkrb5.a
--
-- for x in `${LOCATE} $file 2>/dev/null`; do
-- base=`echo $x | sed "s%/${file}%%"`
-- if test "x$x" = "x$base"; then
-- continue;
-- fi
--
-- dir=`${DIRNAME} $x 2>/dev/null`
-- exclude=`echo ${dir} | ${GREP} /home`
-- if test "x$exclude" != "x"; then
-- continue
-- fi
--
-- already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}`
-- if test "x$already" = "x"; then
-- DIRS="$DIRS $dir"
-- fi
-- done
--fi
--
--eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\""
--
--
-- for try in $smart_lib_dir /usr/local/lib /opt/lib; do
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_verify_user_opt in -lkrb5 in $try" >&5
--$as_echo_n "checking for krb5_verify_user_opt in -lkrb5 in $try... " >&6; }
-- LIBS="-lkrb5 $old_LIBS"
-- CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+for try in $smart_lib_dir; do
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for krb5_verify_user_opt in -lkrb5 in $try" >&5
-+printf %s "checking for krb5_verify_user_opt in -lkrb5 in $try... " >&6; }
-+ LIBS="-lkrb5 $old_LIBS"
-+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char krb5_verify_user_opt();
- int
--main ()
-+main (void)
- {
- krb5_verify_user_opt()
- ;
- return 0;
- }
- _ACEOF
--if ac_fn_c_try_link "$LINENO"; then :
--
-- smart_lib="-lkrb5"
-- smart_ldflags="-L$try -Wl,-rpath,$try"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
-+if ac_fn_c_try_link "$LINENO"
-+then :
-
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_lib="-lkrb5"
-+ smart_ldflags="-L$try -Wl,-rpath,$try"
-+ smart_ld_found="$try"
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+ break
-+
-+else $as_nop
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
- fi
--rm -f core conftest.err conftest.$ac_objext \
-+rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-- done
-- LIBS="$old_LIBS"
-- CPPFLAGS="$old_CPPFLAGS"
-+done
-+LIBS="$old_LIBS"
-+CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_lib" != "x"; then
-- eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
-- LIBS="$smart_ldflags $smart_lib $old_LIBS"
-- SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
-+eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
-+LIBS="$smart_ldflags $smart_lib $old_LIBS"
-+SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
-+SMART_LD_FOUND="$smart_ld_found"
- fi
-
-- if test "x$ac_cv_lib_krb5_krb5_verify_user_opt" = xyes; then
-- krb5_api_type='heimdal'
-- else
-- krb5_api_type='mit'
-+ if test "x$ac_cv_lib_krb5_krb5_verify_user_opt" = xyes; then
-+ krb5_api_type='heimdal'
-+ else
-+ krb5_api_type='mit'
-
-
-
- sm_lib_safe=`echo "krb5" | sed 'y%./+-%__p_%'`
- sm_func_safe=`echo "krb5_get_init_creds_password" | sed 'y%./+-%__p_%'`
-
-+if test "x" = "x"; then
-+ sm_pkg="${sm_lib_safe}"
-+else
-+ sm_pkg=""
-+fi
-+
- old_LIBS="$LIBS"
- old_CPPFLAGS="$CPPFLAGS"
- smart_lib=
- smart_ldflags=
--smart_lib_dir=
-+smart_lib_dir="/usr/local/lib /opt/lib /usr/local/${sm_pkg}/lib /opt/homebrew/lib /opt/homebrew/opt/${sm_pkg}/lib"
-
- if test "x$smart_try_dir" != "x"; then
-- for try in $smart_try_dir; do
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_get_init_creds_password in -lkrb5 in $try" >&5
--$as_echo_n "checking for krb5_get_init_creds_password in -lkrb5 in $try... " >&6; }
-- LIBS="-lkrb5 $old_LIBS"
-- CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+for try in $smart_try_dir; do
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for krb5_get_init_creds_password in -lkrb5 in $try" >&5
-+printf %s "checking for krb5_get_init_creds_password in -lkrb5 in $try... " >&6; }
-+ LIBS="-lkrb5 $old_LIBS"
-+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char krb5_get_init_creds_password();
- int
--main ()
-+main (void)
- {
- krb5_get_init_creds_password()
- ;
- return 0;
- }
- _ACEOF
--if ac_fn_c_try_link "$LINENO"; then :
--
-- smart_lib="-lkrb5"
-- smart_ldflags="-L$try -Wl,-rpath,$try"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
-+if ac_fn_c_try_link "$LINENO"
-+then :
-
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_lib="-lkrb5"
-+ smart_ldflags="-L$try -Wl,-rpath,$try"
-+ smart_ld_found="$try"
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+ break
-+
-+else $as_nop
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
- fi
--rm -f core conftest.err conftest.$ac_objext \
-+rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-- done
-- LIBS="$old_LIBS"
-- CPPFLAGS="$old_CPPFLAGS"
-+done
-+LIBS="$old_LIBS"
-+CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_lib" = "x"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_get_init_creds_password in -lkrb5" >&5
--$as_echo_n "checking for krb5_get_init_creds_password in -lkrb5... " >&6; }
-- LIBS="-lkrb5 $old_LIBS"
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for krb5_get_init_creds_password in -lkrb5" >&5
-+printf %s "checking for krb5_get_init_creds_password in -lkrb5... " >&6; }
-+LIBS="-lkrb5 $old_LIBS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char krb5_get_init_creds_password();
- int
--main ()
-+main (void)
- {
- krb5_get_init_creds_password()
- ;
- return 0;
- }
- _ACEOF
--if ac_fn_c_try_link "$LINENO"; then :
-+if ac_fn_c_try_link "$LINENO"
-+then :
-
-- smart_lib="-lkrb5"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
--
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_lib="-lkrb5"
-+ smart_ld_found=""
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+
-+else $as_nop
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
- fi
--rm -f core conftest.err conftest.$ac_objext \
-+rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-- LIBS="$old_LIBS"
-+LIBS="$old_LIBS"
- fi
-
- if test "x$smart_lib" = "x"; then
--
--
--if test "x$LOCATE" != "x"; then
-- DIRS=
-- file=libkrb5${libltdl_cv_shlibext}
--
-- for x in `${LOCATE} $file 2>/dev/null`; do
-- base=`echo $x | sed "s%/${file}%%"`
-- if test "x$x" = "x$base"; then
-- continue;
-- fi
--
-- dir=`${DIRNAME} $x 2>/dev/null`
-- exclude=`echo ${dir} | ${GREP} /home`
-- if test "x$exclude" != "x"; then
-- continue
-- fi
--
-- already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}`
-- if test "x$already" = "x"; then
-- DIRS="$DIRS $dir"
-- fi
-- done
--fi
--
--eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\""
--
--
--
--if test "x$LOCATE" != "x"; then
-- DIRS=
-- file=libkrb5.a
--
-- for x in `${LOCATE} $file 2>/dev/null`; do
-- base=`echo $x | sed "s%/${file}%%"`
-- if test "x$x" = "x$base"; then
-- continue;
-- fi
--
-- dir=`${DIRNAME} $x 2>/dev/null`
-- exclude=`echo ${dir} | ${GREP} /home`
-- if test "x$exclude" != "x"; then
-- continue
-- fi
--
-- already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}`
-- if test "x$already" = "x"; then
-- DIRS="$DIRS $dir"
-- fi
-- done
--fi
--
--eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\""
--
--
-- for try in $smart_lib_dir /usr/local/lib /opt/lib; do
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_get_init_creds_password in -lkrb5 in $try" >&5
--$as_echo_n "checking for krb5_get_init_creds_password in -lkrb5 in $try... " >&6; }
-- LIBS="-lkrb5 $old_LIBS"
-- CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+for try in $smart_lib_dir; do
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for krb5_get_init_creds_password in -lkrb5 in $try" >&5
-+printf %s "checking for krb5_get_init_creds_password in -lkrb5 in $try... " >&6; }
-+ LIBS="-lkrb5 $old_LIBS"
-+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char krb5_get_init_creds_password();
- int
--main ()
-+main (void)
- {
- krb5_get_init_creds_password()
- ;
- return 0;
- }
- _ACEOF
--if ac_fn_c_try_link "$LINENO"; then :
--
-- smart_lib="-lkrb5"
-- smart_ldflags="-L$try -Wl,-rpath,$try"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
-+if ac_fn_c_try_link "$LINENO"
-+then :
-
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_lib="-lkrb5"
-+ smart_ldflags="-L$try -Wl,-rpath,$try"
-+ smart_ld_found="$try"
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+ break
-+
-+else $as_nop
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
- fi
--rm -f core conftest.err conftest.$ac_objext \
-+rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-- done
-- LIBS="$old_LIBS"
-- CPPFLAGS="$old_CPPFLAGS"
-+done
-+LIBS="$old_LIBS"
-+CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_lib" != "x"; then
-- eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
-- LIBS="$smart_ldflags $smart_lib $old_LIBS"
-- SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
-+eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
-+LIBS="$smart_ldflags $smart_lib $old_LIBS"
-+SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
-+SMART_LD_FOUND="$smart_ld_found"
- fi
-
-- if test "x$ac_cv_lib_krb5_krb5_get_init_creds_password" != xyes; then
-- fail="$fail krb5"
-- fi
-- fi
-+ if test "x$ac_cv_lib_krb5_krb5_get_init_creds_password" != xyes; then
-
-+fail="$fail krb5"
-+
-+ fi
- fi
-
-- LDFLAGS="${LDFLAGS} ${SMART_LIBS}"
-- CFLAGS="${CFLAGS} ${SMART_CPPFLAGS}"
-+fi
-
-- for ac_func in krb5_get_error_message krb5_free_error_string krb5_free_error_message
--do :
-- as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
--ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
--if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
-- cat >>confdefs.h <<_ACEOF
--#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
--_ACEOF
-+LDFLAGS="${LDFLAGS} ${SMART_LIBS}"
-+CFLAGS="${CFLAGS} ${SMART_CPPFLAGS}"
-+
-+ac_fn_c_check_func "$LINENO" "krb5_get_error_message" "ac_cv_func_krb5_get_error_message"
-+if test "x$ac_cv_func_krb5_get_error_message" = xyes
-+then :
-+ printf "%s\n" "#define HAVE_KRB5_GET_ERROR_MESSAGE 1" >>confdefs.h
-
- fi
--done
-+ac_fn_c_check_func "$LINENO" "krb5_free_error_string" "ac_cv_func_krb5_free_error_string"
-+if test "x$ac_cv_func_krb5_free_error_string" = xyes
-+then :
-+ printf "%s\n" "#define HAVE_KRB5_FREE_ERROR_STRING 1" >>confdefs.h
-
-- if test "x$ac_cv_func_krb5_get_error_message" = xyes; then
-- krb5mod_cflags="${krb5mod_cflags} -DHAVE_KRB5_GET_ERROR_MESSAGE"
-- fi
-- if test "x$ac_cv_func_krb5_free_error_message" = xyes; then
-- krb5mod_cflags="${krb5mod_cflags} -DHAVE_KRB5_FREE_ERROR_MESSAGE"
-- fi
-- if test "x$ac_cv_func_krb5_free_error_string" = xyes; then
-- krb5mod_cflags="${krb5mod_cflags} -DHAVE_KRB5_FREE_ERROR_STRING"
-- fi
-+fi
-+ac_fn_c_check_func "$LINENO" "krb5_free_error_message" "ac_cv_func_krb5_free_error_message"
-+if test "x$ac_cv_func_krb5_free_error_message" = xyes
-+then :
-+ printf "%s\n" "#define HAVE_KRB5_FREE_ERROR_MESSAGE 1" >>confdefs.h
-
-- if test "$krb5threadsafe" != "no"; then
-- krb5threadsafe=
-+fi
-+
-+if test "x$ac_cv_func_krb5_get_error_message" = xyes; then
-+ krb5mod_cflags="${krb5mod_cflags} -DHAVE_KRB5_GET_ERROR_MESSAGE"
-+fi
-+if test "x$ac_cv_func_krb5_free_error_message" = xyes; then
-+ krb5mod_cflags="${krb5mod_cflags} -DHAVE_KRB5_FREE_ERROR_MESSAGE"
-+fi
-+if test "x$ac_cv_func_krb5_free_error_string" = xyes; then
-+ krb5mod_cflags="${krb5mod_cflags} -DHAVE_KRB5_FREE_ERROR_STRING"
-+fi
-+
-+if test "$krb5threadsafe" != "no"; then
-+ krb5threadsafe=
-
-
-
- sm_lib_safe=`echo "krb5" | sed 'y%./+-%__p_%'`
- sm_func_safe=`echo "krb5_is_thread_safe" | sed 'y%./+-%__p_%'`
-
-+if test "x" = "x"; then
-+ sm_pkg="${sm_lib_safe}"
-+else
-+ sm_pkg=""
-+fi
-+
- old_LIBS="$LIBS"
- old_CPPFLAGS="$CPPFLAGS"
- smart_lib=
- smart_ldflags=
--smart_lib_dir=
-+smart_lib_dir="/usr/local/lib /opt/lib /usr/local/${sm_pkg}/lib /opt/homebrew/lib /opt/homebrew/opt/${sm_pkg}/lib"
-
- if test "x$smart_try_dir" != "x"; then
-- for try in $smart_try_dir; do
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_is_thread_safe in -lkrb5 in $try" >&5
--$as_echo_n "checking for krb5_is_thread_safe in -lkrb5 in $try... " >&6; }
-- LIBS="-lkrb5 $old_LIBS"
-- CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+for try in $smart_try_dir; do
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for krb5_is_thread_safe in -lkrb5 in $try" >&5
-+printf %s "checking for krb5_is_thread_safe in -lkrb5 in $try... " >&6; }
-+ LIBS="-lkrb5 $old_LIBS"
-+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char krb5_is_thread_safe();
- int
--main ()
-+main (void)
- {
- krb5_is_thread_safe()
- ;
- return 0;
- }
- _ACEOF
--if ac_fn_c_try_link "$LINENO"; then :
-+if ac_fn_c_try_link "$LINENO"
-+then :
-
-- smart_lib="-lkrb5"
-- smart_ldflags="-L$try -Wl,-rpath,$try"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
--
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_lib="-lkrb5"
-+ smart_ldflags="-L$try -Wl,-rpath,$try"
-+ smart_ld_found="$try"
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+ break
-+
-+else $as_nop
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
- fi
--rm -f core conftest.err conftest.$ac_objext \
-+rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-- done
-- LIBS="$old_LIBS"
-- CPPFLAGS="$old_CPPFLAGS"
-+done
-+LIBS="$old_LIBS"
-+CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_lib" = "x"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_is_thread_safe in -lkrb5" >&5
--$as_echo_n "checking for krb5_is_thread_safe in -lkrb5... " >&6; }
-- LIBS="-lkrb5 $old_LIBS"
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for krb5_is_thread_safe in -lkrb5" >&5
-+printf %s "checking for krb5_is_thread_safe in -lkrb5... " >&6; }
-+LIBS="-lkrb5 $old_LIBS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char krb5_is_thread_safe();
- int
--main ()
-+main (void)
- {
- krb5_is_thread_safe()
- ;
- return 0;
- }
- _ACEOF
--if ac_fn_c_try_link "$LINENO"; then :
--
-- smart_lib="-lkrb5"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-+if ac_fn_c_try_link "$LINENO"
-+then :
-
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_lib="-lkrb5"
-+ smart_ld_found=""
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+
-+else $as_nop
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
- fi
--rm -f core conftest.err conftest.$ac_objext \
-+rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-- LIBS="$old_LIBS"
-+LIBS="$old_LIBS"
- fi
-
- if test "x$smart_lib" = "x"; then
--
--
--if test "x$LOCATE" != "x"; then
-- DIRS=
-- file=libkrb5${libltdl_cv_shlibext}
--
-- for x in `${LOCATE} $file 2>/dev/null`; do
-- base=`echo $x | sed "s%/${file}%%"`
-- if test "x$x" = "x$base"; then
-- continue;
-- fi
--
-- dir=`${DIRNAME} $x 2>/dev/null`
-- exclude=`echo ${dir} | ${GREP} /home`
-- if test "x$exclude" != "x"; then
-- continue
-- fi
--
-- already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}`
-- if test "x$already" = "x"; then
-- DIRS="$DIRS $dir"
-- fi
-- done
--fi
--
--eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\""
--
--
--
--if test "x$LOCATE" != "x"; then
-- DIRS=
-- file=libkrb5.a
--
-- for x in `${LOCATE} $file 2>/dev/null`; do
-- base=`echo $x | sed "s%/${file}%%"`
-- if test "x$x" = "x$base"; then
-- continue;
-- fi
--
-- dir=`${DIRNAME} $x 2>/dev/null`
-- exclude=`echo ${dir} | ${GREP} /home`
-- if test "x$exclude" != "x"; then
-- continue
-- fi
--
-- already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}`
-- if test "x$already" = "x"; then
-- DIRS="$DIRS $dir"
-- fi
-- done
--fi
--
--eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\""
--
--
-- for try in $smart_lib_dir /usr/local/lib /opt/lib; do
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_is_thread_safe in -lkrb5 in $try" >&5
--$as_echo_n "checking for krb5_is_thread_safe in -lkrb5 in $try... " >&6; }
-- LIBS="-lkrb5 $old_LIBS"
-- CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+for try in $smart_lib_dir; do
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for krb5_is_thread_safe in -lkrb5 in $try" >&5
-+printf %s "checking for krb5_is_thread_safe in -lkrb5 in $try... " >&6; }
-+ LIBS="-lkrb5 $old_LIBS"
-+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char krb5_is_thread_safe();
- int
--main ()
-+main (void)
- {
- krb5_is_thread_safe()
- ;
- return 0;
- }
- _ACEOF
--if ac_fn_c_try_link "$LINENO"; then :
-+if ac_fn_c_try_link "$LINENO"
-+then :
-
-- smart_lib="-lkrb5"
-- smart_ldflags="-L$try -Wl,-rpath,$try"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
--
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_lib="-lkrb5"
-+ smart_ldflags="-L$try -Wl,-rpath,$try"
-+ smart_ld_found="$try"
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+ break
-+
-+else $as_nop
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
- fi
--rm -f core conftest.err conftest.$ac_objext \
-+rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-- done
-- LIBS="$old_LIBS"
-- CPPFLAGS="$old_CPPFLAGS"
-+done
-+LIBS="$old_LIBS"
-+CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_lib" != "x"; then
-- eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
-- LIBS="$smart_ldflags $smart_lib $old_LIBS"
-- SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
-+eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
-+LIBS="$smart_ldflags $smart_lib $old_LIBS"
-+SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
-+SMART_LD_FOUND="$smart_ld_found"
+@@ -4003,12 +4003,6 @@ if test "x$smart_lib" != "x"; then
fi
-- if test "x$ac_cv_lib_krb5_krb5_is_thread_safe" = xyes; then
-- if test "$cross_compiling" = yes; then :
+ if test "x$ac_cv_lib_krb5_krb5_is_thread_safe" = xyes; then
+- if test "$cross_compiling" = yes; then :
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot run test program while cross compiling
-See \`config.log' for more details" "$LINENO" 5; }
-else
-+ if test "x$ac_cv_lib_krb5_krb5_is_thread_safe" = xyes; then
-+ if test "$cross_compiling" = yes
-+then :
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5
-+printf "%s\n" "$as_me: WARNING: cross compiling: not checking" >&2;}
-+else $as_nop
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <krb5.h>
- int
--main ()
-+main (void)
- {
- return krb5_is_thread_safe() ? 0 : 1
- ;
- return 0;
- }
- _ACEOF
--if ac_fn_c_try_run "$LINENO"; then :
-+if ac_fn_c_try_run "$LINENO"
-+then :
- krb5threadsafe="-DKRB5_IS_THREAD_SAFE"
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: libkrb5 is not threadsafe" >&5
--$as_echo "$as_me: WARNING: libkrb5 is not threadsafe" >&2;}
-+else $as_nop
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: libkrb5 is not threadsafe" >&5
-+printf "%s\n" "$as_me: WARNING: libkrb5 is not threadsafe" >&2;}
+@@ -4028,7 +4022,6 @@ $as_echo "$as_me: WARNING: libkrb5 is no
fi
rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
conftest.$ac_objext conftest.beam conftest.$ac_ext
- fi
-
-- fi
-- else
-- krb5threadsafe=""
- fi
-+else
-+ krb5threadsafe=""
-+fi
-
-- if test "$krb5_api_type" = "mit"; then
-+if test "$krb5_api_type" = "mit"; then
-
-
- ac_safe=`echo "com_err.h" | sed 'y%./+-%__pm%'`
-+
-+if test "x" = "x"; then
-+ sm_pkg=`echo "${ac_safe}" | sed 's/.h//;s/^lib//'`
-+else
-+ sm_pkg=""
-+fi
-+
- old_CPPFLAGS="$CPPFLAGS"
--smart_include=
--smart_include_dir="/usr/local/include /opt/include"
-+smart_include_dir="/usr/local/include /opt/include /usr/local/${sm_pkg}/include /opt/homebrew/include /opt/homebrew/opt/${sm_pkg}/include"
-
- _smart_try_dir=
- _smart_include_dir=
-
- for _prefix in $smart_prefix ""; do
-- for _dir in $smart_try_dir; do
-- _smart_try_dir="${_smart_try_dir} ${_dir}/${_prefix}"
-- done
-+for _dir in $smart_try_dir; do
-+ _smart_try_dir="${_smart_try_dir} ${_dir}/${_prefix}"
-+done
-
-- for _dir in $smart_include_dir; do
-- _smart_include_dir="${_smart_include_dir} ${_dir}/${_prefix}"
-- done
-+for _dir in $smart_include_dir; do
-+ _smart_include_dir="${_smart_include_dir} ${_dir}/${_prefix}"
-+done
- done
-
- if test "x$_smart_try_dir" != "x"; then
-- for try in $_smart_try_dir; do
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for com_err.h in $try" >&5
--$as_echo_n "checking for com_err.h in $try... " >&6; }
-- CPPFLAGS="-isystem $try $old_CPPFLAGS"
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+for try in $_smart_try_dir; do
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for com_err.h in $try" >&5
-+printf %s "checking for com_err.h in $try... " >&6; }
-+ CPPFLAGS="-isystem $try $old_CPPFLAGS"
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
-
-- #include <com_err.h>
-+
-+ #include <com_err.h>
-+
- int
--main ()
-+main (void)
- {
--int a = 1;
-+
-+ int a = 1;
-+
-+
- ;
- return 0;
- }
-+
- _ACEOF
--if ac_fn_c_try_compile "$LINENO"; then :
-+if ac_fn_c_try_compile "$LINENO"
-+then :
-
-- smart_include="-isystem $try"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
-+ smart_include="-isystem $try"
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+ break
-
--else
-+else $as_nop
-
-- smart_include=
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_include=
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
-
- fi
--rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-- done
-- CPPFLAGS="$old_CPPFLAGS"
-+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-+done
-+CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_include" = "x"; then
-- for _prefix in $smart_prefix; do
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${_prefix}/com_err.h" >&5
--$as_echo_n "checking for ${_prefix}/com_err.h... " >&6; }
-+for _prefix in $smart_prefix; do
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ${_prefix}/com_err.h" >&5
-+printf %s "checking for ${_prefix}/com_err.h... " >&6; }
-
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
-
-- #include <com_err.h>
-+
-+ #include <com_err.h>
-+
- int
--main ()
-+main (void)
- {
--int a = 1;
-+
-+ int a = 1;
-+
-+
- ;
- return 0;
- }
-+
- _ACEOF
--if ac_fn_c_try_compile "$LINENO"; then :
-+if ac_fn_c_try_compile "$LINENO"
-+then :
-
-- smart_include="-isystem ${_prefix}/"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
-+ smart_include="-isystem ${_prefix}/"
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+ break
-
--else
-+else $as_nop
-
-- smart_include=
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_include=
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
-
- fi
--rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-- done
-+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-+done
- fi
-
- if test "x$smart_include" = "x"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for com_err.h" >&5
--$as_echo_n "checking for com_err.h... " >&6; }
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for com_err.h" >&5
-+printf %s "checking for com_err.h... " >&6; }
-
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
-
-- #include <com_err.h>
-+
-+ #include <com_err.h>
-+
- int
--main ()
-+main (void)
- {
--int a = 1;
-+
-+ int a = 1;
-+
-+
- ;
- return 0;
- }
-+
- _ACEOF
--if ac_fn_c_try_compile "$LINENO"; then :
-+if ac_fn_c_try_compile "$LINENO"
-+then :
-
-- smart_include=" "
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
-+ smart_include=" "
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+ break
-
--else
-+else $as_nop
-
-- smart_include=
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_include=
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
-
- fi
--rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- fi
-
- if test "x$smart_include" = "x"; then
-+for try in $_smart_include_dir; do
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for com_err.h in $try" >&5
-+printf %s "checking for com_err.h in $try... " >&6; }
-+ CPPFLAGS="-isystem $try $old_CPPFLAGS"
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+/* end confdefs.h. */
-
-- for prefix in $smart_prefix; do
--
--
--if test "x$LOCATE" != "x"; then
-- DIRS=
-- file="${_prefix}/${1}"
--
-- for x in `${LOCATE} $file 2>/dev/null`; do
-- base=`echo $x | sed "s%/${file}%%"`
-- if test "x$x" = "x$base"; then
-- continue;
-- fi
--
-- dir=`${DIRNAME} $x 2>/dev/null`
-- exclude=`echo ${dir} | ${GREP} /home`
-- if test "x$exclude" != "x"; then
-- continue
-- fi
--
-- already=`echo \$_smart_include_dir ${DIRS} | ${GREP} ${dir}`
-- if test "x$already" = "x"; then
-- DIRS="$DIRS $dir"
-- fi
-- done
--fi
--
--eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\""
--
-- done
--
--
--if test "x$LOCATE" != "x"; then
-- DIRS=
-- file=com_err.h
--
-- for x in `${LOCATE} $file 2>/dev/null`; do
-- base=`echo $x | sed "s%/${file}%%"`
-- if test "x$x" = "x$base"; then
-- continue;
-- fi
--
-- dir=`${DIRNAME} $x 2>/dev/null`
-- exclude=`echo ${dir} | ${GREP} /home`
-- if test "x$exclude" != "x"; then
-- continue
-- fi
-
-- already=`echo \$_smart_include_dir ${DIRS} | ${GREP} ${dir}`
-- if test "x$already" = "x"; then
-- DIRS="$DIRS $dir"
-- fi
-- done
--fi
-+ #include <com_err.h>
-
--eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\""
-+int
-+main (void)
-+{
-
-+ int a = 1;
-
-- for try in $_smart_include_dir; do
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for com_err.h in $try" >&5
--$as_echo_n "checking for com_err.h in $try... " >&6; }
-- CPPFLAGS="-isystem $try $old_CPPFLAGS"
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--/* end confdefs.h. */
-
-- #include <com_err.h>
--int
--main ()
--{
--int a = 1;
- ;
- return 0;
- }
-+
- _ACEOF
--if ac_fn_c_try_compile "$LINENO"; then :
-+if ac_fn_c_try_compile "$LINENO"
-+then :
-
-- smart_include="-isystem $try"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
-+ smart_include="-isystem $try"
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+ break
-
--else
-+else $as_nop
-
-- smart_include=
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_include=
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
-
- fi
--rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-- done
-- CPPFLAGS="$old_CPPFLAGS"
-+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-+done
-+CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_include" != "x"; then
-- eval "ac_cv_header_$ac_safe=yes"
-- CPPFLAGS="$smart_include $old_CPPFLAGS"
-- SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS"
-+eval "ac_cv_header_$ac_safe=yes"
-+CPPFLAGS="$smart_include $old_CPPFLAGS"
-+SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS"
- fi
-
- smart_prefix=
-
-- if test "$ac_cv_header_com_err_h" != "yes"; then
-+ if test "$ac_cv_header_com_err_h" != "yes"; then
-
-
- ac_safe=`echo "et/com_err.h" | sed 'y%./+-%__pm%'`
-+
-+if test "x" = "x"; then
-+ sm_pkg=`echo "${ac_safe}" | sed 's/.h//;s/^lib//'`
-+else
-+ sm_pkg=""
-+fi
-+
- old_CPPFLAGS="$CPPFLAGS"
--smart_include=
--smart_include_dir="/usr/local/include /opt/include"
-+smart_include_dir="/usr/local/include /opt/include /usr/local/${sm_pkg}/include /opt/homebrew/include /opt/homebrew/opt/${sm_pkg}/include"
-
- _smart_try_dir=
- _smart_include_dir=
-
- for _prefix in $smart_prefix ""; do
-- for _dir in $smart_try_dir; do
-- _smart_try_dir="${_smart_try_dir} ${_dir}/${_prefix}"
-- done
-+for _dir in $smart_try_dir; do
-+ _smart_try_dir="${_smart_try_dir} ${_dir}/${_prefix}"
-+done
-
-- for _dir in $smart_include_dir; do
-- _smart_include_dir="${_smart_include_dir} ${_dir}/${_prefix}"
-- done
-+for _dir in $smart_include_dir; do
-+ _smart_include_dir="${_smart_include_dir} ${_dir}/${_prefix}"
-+done
- done
-
- if test "x$_smart_try_dir" != "x"; then
-- for try in $_smart_try_dir; do
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for et/com_err.h in $try" >&5
--$as_echo_n "checking for et/com_err.h in $try... " >&6; }
-- CPPFLAGS="-isystem $try $old_CPPFLAGS"
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+for try in $_smart_try_dir; do
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for et/com_err.h in $try" >&5
-+printf %s "checking for et/com_err.h in $try... " >&6; }
-+ CPPFLAGS="-isystem $try $old_CPPFLAGS"
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
-
-- #include <et/com_err.h>
-+
-+ #include <et/com_err.h>
-+
- int
--main ()
-+main (void)
- {
--int a = 1;
-+
-+ int a = 1;
-+
-+
- ;
- return 0;
- }
-+
- _ACEOF
--if ac_fn_c_try_compile "$LINENO"; then :
-+if ac_fn_c_try_compile "$LINENO"
-+then :
-
-- smart_include="-isystem $try"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
-+ smart_include="-isystem $try"
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+ break
-
--else
-+else $as_nop
-
-- smart_include=
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_include=
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
-
- fi
--rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-- done
-- CPPFLAGS="$old_CPPFLAGS"
-+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-+done
-+CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_include" = "x"; then
-- for _prefix in $smart_prefix; do
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${_prefix}/et/com_err.h" >&5
--$as_echo_n "checking for ${_prefix}/et/com_err.h... " >&6; }
-+for _prefix in $smart_prefix; do
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ${_prefix}/et/com_err.h" >&5
-+printf %s "checking for ${_prefix}/et/com_err.h... " >&6; }
-
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
-
-- #include <et/com_err.h>
-+
-+ #include <et/com_err.h>
-+
- int
--main ()
-+main (void)
- {
--int a = 1;
-+
-+ int a = 1;
-+
-+
- ;
- return 0;
- }
-+
- _ACEOF
--if ac_fn_c_try_compile "$LINENO"; then :
-+if ac_fn_c_try_compile "$LINENO"
-+then :
-
-- smart_include="-isystem ${_prefix}/"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
-+ smart_include="-isystem ${_prefix}/"
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+ break
-
--else
-+else $as_nop
-
-- smart_include=
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_include=
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
-
- fi
--rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-- done
-+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-+done
- fi
-
- if test "x$smart_include" = "x"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for et/com_err.h" >&5
--$as_echo_n "checking for et/com_err.h... " >&6; }
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for et/com_err.h" >&5
-+printf %s "checking for et/com_err.h... " >&6; }
-
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
-
-- #include <et/com_err.h>
-+
-+ #include <et/com_err.h>
-+
- int
--main ()
-+main (void)
- {
--int a = 1;
-+
-+ int a = 1;
-+
-+
- ;
- return 0;
- }
-+
- _ACEOF
--if ac_fn_c_try_compile "$LINENO"; then :
-+if ac_fn_c_try_compile "$LINENO"
-+then :
-
-- smart_include=" "
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
-+ smart_include=" "
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+ break
-
--else
-+else $as_nop
-
-- smart_include=
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_include=
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
-
- fi
--rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- fi
-
- if test "x$smart_include" = "x"; then
-+for try in $_smart_include_dir; do
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for et/com_err.h in $try" >&5
-+printf %s "checking for et/com_err.h in $try... " >&6; }
-+ CPPFLAGS="-isystem $try $old_CPPFLAGS"
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+/* end confdefs.h. */
-
-- for prefix in $smart_prefix; do
--
--
--if test "x$LOCATE" != "x"; then
-- DIRS=
-- file="${_prefix}/${1}"
--
-- for x in `${LOCATE} $file 2>/dev/null`; do
-- base=`echo $x | sed "s%/${file}%%"`
-- if test "x$x" = "x$base"; then
-- continue;
-- fi
--
-- dir=`${DIRNAME} $x 2>/dev/null`
-- exclude=`echo ${dir} | ${GREP} /home`
-- if test "x$exclude" != "x"; then
-- continue
-- fi
--
-- already=`echo \$_smart_include_dir ${DIRS} | ${GREP} ${dir}`
-- if test "x$already" = "x"; then
-- DIRS="$DIRS $dir"
-- fi
-- done
--fi
--
--eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\""
--
-- done
--
--
--if test "x$LOCATE" != "x"; then
-- DIRS=
-- file=et/com_err.h
--
-- for x in `${LOCATE} $file 2>/dev/null`; do
-- base=`echo $x | sed "s%/${file}%%"`
-- if test "x$x" = "x$base"; then
-- continue;
-- fi
--
-- dir=`${DIRNAME} $x 2>/dev/null`
-- exclude=`echo ${dir} | ${GREP} /home`
-- if test "x$exclude" != "x"; then
-- continue
-- fi
-
-- already=`echo \$_smart_include_dir ${DIRS} | ${GREP} ${dir}`
-- if test "x$already" = "x"; then
-- DIRS="$DIRS $dir"
-- fi
-- done
--fi
-+ #include <et/com_err.h>
-
--eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\""
-+int
-+main (void)
-+{
-
-+ int a = 1;
-
-- for try in $_smart_include_dir; do
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for et/com_err.h in $try" >&5
--$as_echo_n "checking for et/com_err.h in $try... " >&6; }
-- CPPFLAGS="-isystem $try $old_CPPFLAGS"
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--/* end confdefs.h. */
-
-- #include <et/com_err.h>
--int
--main ()
--{
--int a = 1;
- ;
- return 0;
- }
-+
- _ACEOF
--if ac_fn_c_try_compile "$LINENO"; then :
-+if ac_fn_c_try_compile "$LINENO"
-+then :
-
-- smart_include="-isystem $try"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
-+ smart_include="-isystem $try"
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+printf "%s\n" "yes" >&6; }
-+ break
-
--else
-+else $as_nop
-
-- smart_include=
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-+ smart_include=
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+printf "%s\n" "no" >&6; }
-
- fi
--rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-- done
-- CPPFLAGS="$old_CPPFLAGS"
-+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-+done
-+CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_include" != "x"; then
-- eval "ac_cv_header_$ac_safe=yes"
-- CPPFLAGS="$smart_include $old_CPPFLAGS"
-- SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS"
-+eval "ac_cv_header_$ac_safe=yes"
-+CPPFLAGS="$smart_include $old_CPPFLAGS"
-+SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS"
- fi
-
- smart_prefix=
-
-- if test "$ac_cv_header_et_com_err_h" != "yes"; then
-- fail="$fail com_err.h"
-- else
-- krb5mod_cflags="$krb5mod_cflags -DET_COMM_ERR "
-- fi
-+ if test "$ac_cv_header_et_com_err_h" != "yes"; then
-+
-+fail="$fail com_err.h"
-+
-+ else
-+ krb5mod_cflags="$krb5mod_cflags -DET_COMM_ERR "
- fi
-- else
-- krb5mod_cflags="$krb5mod_cflags -DHEIMDAL_KRB5"
- fi
-+else
-+ krb5mod_cflags="$krb5mod_cflags -DHEIMDAL_KRB5"
-+fi
-+
-+
- targetname=rlm_krb5
- else
- targetname=
- echo \*\*\* module rlm_krb5 is disabled.
-+
-+
-+fr_status="disabled"
-+
- fi
-
- if test x"$fail" != x""; then
-+ targetname=""
-+
-+
- if test x"${enable_strict_dependencies}" = x"yes"; then
- as_fn_error $? "set --without-rlm_krb5 to disable it explicitly." "$LINENO" 5
- else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: silently not building rlm_krb5." >&5
--$as_echo "$as_me: WARNING: silently not building rlm_krb5." >&2;}
-- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: FAILURE: rlm_krb5 requires: $fail." >&5
--$as_echo "$as_me: WARNING: FAILURE: rlm_krb5 requires: $fail." >&2;};
-- targetname=""
-+
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: silently not building rlm_krb5." >&5
-+printf "%s\n" "$as_me: WARNING: silently not building rlm_krb5." >&2;}
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: FAILURE: rlm_krb5 requires: $fail." >&5
-+printf "%s\n" "$as_me: WARNING: FAILURE: rlm_krb5 requires: $fail." >&2;};
-+ fail="$(echo $fail)"
-+
-+
-+fr_status="skipping (requires $fail)"
-+
-+ fr_features=
-+
- fi
-+
-+else
-+
-+
-+fr_status="OK"
-+
- fi
-
--mod_ldflags="$krb5mod_ldflags $krb5libcrypto $SMART_LIBS"
--mod_cflags="$krb5mod_cflags $krb5threadsafe $SMART_CPPFLAGS"
-+if test x"$fr_features" = x""; then
-+ $as_echo "$fr_status" > "config.report"
-+else
-+ $as_echo_n "$fr_status ... " > "config.report"
-+ cat "config.report.tmp" >> "config.report"
-+fi
-
-+rm "config.report.tmp"
-
-
-
-
-- unset ac_cv_env_LIBS_set
-- unset ac_cv_env_LIBS_value
-+mod_ldflags="$krb5mod_ldflags $krb5libcrypto $SMART_LIBS"
-+mod_cflags="$krb5mod_cflags $krb5threadsafe $SMART_CPPFLAGS"
-
-- ac_config_files="$ac_config_files all.mk"
-+
-+
-+
-+ac_config_files="$ac_config_files all.mk"
-
- cat >confcache <<\_ACEOF
- # This file is a shell script that caches the results of configure
-@@ -4863,8 +5169,8 @@ _ACEOF
- case $ac_val in #(
- *${as_nl}*)
- case $ac_var in #(
-- *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
--$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
-+ *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
-+printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
- esac
- case $ac_var in #(
- _ | IFS | as_nl) ;; #(
-@@ -4894,15 +5200,15 @@ $as_echo "$as_me: WARNING: cache variabl
- /^ac_cv_env_/b end
- t clear
- :clear
-- s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
-+ s/^\([^=]*\)=\(.*[{}].*\)$/test ${\1+y} || &/
- t end
- s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
- :end' >>confcache
- if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
- if test -w "$cache_file"; then
- if test "x$cache_file" != "x/dev/null"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
--$as_echo "$as_me: updating cache $cache_file" >&6;}
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
-+printf "%s\n" "$as_me: updating cache $cache_file" >&6;}
- if test ! -f "$cache_file" || test -h "$cache_file"; then
- cat confcache >"$cache_file"
- else
-@@ -4916,8 +5222,8 @@ $as_echo "$as_me: updating cache $cache_
- fi
- fi
- else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
--$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
-+printf "%s\n" "$as_me: not updating unwritable cache $cache_file" >&6;}
- fi
- fi
- rm -f confcache
-@@ -4970,7 +5276,7 @@ U=
- for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
- # 1. Remove the extension, and $U if already installed.
- ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
-- ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
-+ ac_i=`printf "%s\n" "$ac_i" | sed "$ac_script"`
- # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
- # will be set to the directory where LIBOBJS objects are built.
- as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
-@@ -4986,8 +5292,8 @@ LTLIBOBJS=$ac_ltlibobjs
- ac_write_fail=0
- ac_clean_files_save=$ac_clean_files
- ac_clean_files="$ac_clean_files $CONFIG_STATUS"
--{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
--$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
-+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
-+printf "%s\n" "$as_me: creating $CONFIG_STATUS" >&6;}
- as_write_fail=0
- cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
- #! $SHELL
-@@ -5010,14 +5316,16 @@ cat >>$CONFIG_STATUS <<\_ASEOF || as_wri
-
- # Be more Bourne compatible
- DUALCASE=1; export DUALCASE # for MKS sh
--if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
-+as_nop=:
-+if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
-+then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
--else
-+else $as_nop
- case `(set -o) 2>/dev/null` in #(
- *posix*) :
- set -o posix ;; #(
-@@ -5027,46 +5335,46 @@ esac
- fi
-
-
-+
-+# Reset variables that may have inherited troublesome values from
-+# the environment.
-+
-+# IFS needs to be set, to space, tab, and newline, in precisely that order.
-+# (If _AS_PATH_WALK were called with IFS unset, it would have the
-+# side effect of setting IFS to empty, thus disabling word splitting.)
-+# Quoting is to prevent editors from complaining about space-tab.
- as_nl='
- '
- export as_nl
--# Printing a long string crashes Solaris 7 /usr/bin/printf.
--as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
--as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
--as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
--# Prefer a ksh shell builtin over an external printf program on Solaris,
--# but without wasting forks for bash or zsh.
--if test -z "$BASH_VERSION$ZSH_VERSION" \
-- && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
-- as_echo='print -r --'
-- as_echo_n='print -rn --'
--elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
-- as_echo='printf %s\n'
-- as_echo_n='printf %s'
--else
-- if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
-- as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
-- as_echo_n='/usr/ucb/echo -n'
-- else
-- as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
-- as_echo_n_body='eval
-- arg=$1;
-- case $arg in #(
-- *"$as_nl"*)
-- expr "X$arg" : "X\\(.*\\)$as_nl";
-- arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
-- esac;
-- expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
-- '
-- export as_echo_n_body
-- as_echo_n='sh -c $as_echo_n_body as_echo'
-- fi
-- export as_echo_body
-- as_echo='sh -c $as_echo_body as_echo'
-fi
-+IFS=" "" $as_nl"
-+
-+PS1='$ '
-+PS2='> '
-+PS4='+ '
-+
-+# Ensure predictable behavior from utilities with locale-dependent output.
-+LC_ALL=C
-+export LC_ALL
-+LANGUAGE=C
-+export LANGUAGE
-+
-+# We cannot yet rely on "unset" to work, but we need these variables
-+# to be unset--not just set to an empty or harmless value--now, to
-+# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct
-+# also avoids known problems related to "unset" and subshell syntax
-+# in other old shells (e.g. bash 2.01 and pdksh 5.2.14).
-+for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH
-+do eval test \${$as_var+y} \
-+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
-+done
-+
-+# Ensure that fds 0, 1, and 2 are open.
-+if (exec 3>&0) 2>/dev/null; then :; else exec 0</dev/null; fi
-+if (exec 3>&1) 2>/dev/null; then :; else exec 1>/dev/null; fi
-+if (exec 3>&2) ; then :; else exec 2>/dev/null; fi
-
- # The user is always right.
--if test "${PATH_SEPARATOR+set}" != set; then
-+if ${PATH_SEPARATOR+false} :; then
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
-@@ -5075,13 +5383,6 @@ if test "${PATH_SEPARATOR+set}" != set;
- fi
-
-
--# IFS
--# We need space, tab and new line, in precisely that order. Quoting is
--# there to prevent editors from complaining about space-tab.
--# (If _AS_PATH_WALK were called with IFS unset, it would disable word
--# splitting by setting IFS to empty value.)
--IFS=" "" $as_nl"
--
- # Find who we are. Look in the path if we contain no directory separator.
- as_myself=
- case $0 in #((
-@@ -5090,8 +5391,12 @@ case $0 in #((
- for as_dir in $PATH
- do
- IFS=$as_save_IFS
-- test -z "$as_dir" && as_dir=.
-- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
-+ case $as_dir in #(((
-+ '') as_dir=./ ;;
-+ */) ;;
-+ *) as_dir=$as_dir/ ;;
-+ esac
-+ test -r "$as_dir$0" && as_myself=$as_dir$0 && break
- done
- IFS=$as_save_IFS
-
-@@ -5103,30 +5408,10 @@ if test "x$as_myself" = x; then
- as_myself=$0
- fi
- if test ! -f "$as_myself"; then
-- $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
-+ printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
- exit 1
- fi
-
--# Unset variables that we do not need and which cause bugs (e.g. in
--# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
--# suppresses any "Segmentation fault" message there. '((' could
--# trigger a bug in pdksh 5.2.14.
--for as_var in BASH_ENV ENV MAIL MAILPATH
--do eval test x\${$as_var+set} = xset \
-- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
--done
--PS1='$ '
--PS2='> '
--PS4='+ '
--
--# NLS nuisances.
--LC_ALL=C
--export LC_ALL
--LANGUAGE=C
--export LANGUAGE
--
--# CDPATH.
--(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-
- # as_fn_error STATUS ERROR [LINENO LOG_FD]
-@@ -5139,13 +5424,14 @@ as_fn_error ()
- as_status=$1; test $as_status -eq 0 && as_status=1
- if test "$4"; then
- as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
-- $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
-+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
- fi
-- $as_echo "$as_me: error: $2" >&2
-+ printf "%s\n" "$as_me: error: $2" >&2
- as_fn_exit $as_status
- } # as_fn_error
-
-
-+
- # as_fn_set_status STATUS
- # -----------------------
- # Set $? to STATUS, without forking.
-@@ -5172,18 +5458,20 @@ as_fn_unset ()
- { eval $1=; unset $1;}
- }
- as_unset=as_fn_unset
-+
- # as_fn_append VAR VALUE
- # ----------------------
- # Append the text in VALUE to the end of the definition contained in VAR. Take
- # advantage of any shell optimizations that allow amortized linear growth over
- # repeated appends, instead of the typical quadratic growth present in naive
- # implementations.
--if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
-+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null
-+then :
- eval 'as_fn_append ()
- {
- eval $1+=\$2
- }'
--else
-+else $as_nop
- as_fn_append ()
- {
- eval $1=\$$1\$2
-@@ -5195,12 +5483,13 @@ fi # as_fn_append
- # Perform arithmetic evaluation on the ARGs, and store the result in the
- # global $as_val. Take advantage of shells that can avoid forks. The arguments
- # must be portable across $(()) and expr.
--if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
-+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null
-+then :
- eval 'as_fn_arith ()
- {
- as_val=$(( $* ))
- }'
--else
-+else $as_nop
- as_fn_arith ()
- {
- as_val=`expr "$@" || test $? -eq 1`
-@@ -5231,7 +5520,7 @@ as_me=`$as_basename -- "$0" ||
- $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
--$as_echo X/"$0" |
-+printf "%s\n" X/"$0" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
-@@ -5253,6 +5542,10 @@ as_cr_Letters=$as_cr_letters$as_cr_LETTE
- as_cr_digits='0123456789'
- as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-+
-+# Determine whether it's possible to make 'echo' print without a newline.
-+# These variables are no longer used directly by Autoconf, but are AC_SUBSTed
-+# for compatibility with existing Makefiles.
- ECHO_C= ECHO_N= ECHO_T=
- case `echo -n x` in #(((((
- -n*)
-@@ -5266,6 +5559,12 @@ case `echo -n x` in #(((((
- ECHO_N='-n';;
- esac
-
-+# For backward compatibility with old third-party macros, we provide
-+# the shell variables $as_echo and $as_echo_n. New code should use
-+# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively.
-+as_echo='printf %s\n'
-+as_echo_n='printf %s'
-+
- rm -f conf$$ conf$$.exe conf$$.file
- if test -d conf$$.dir; then
- rm -f conf$$.dir/conf$$.file
-@@ -5307,7 +5606,7 @@ as_fn_mkdir_p ()
- as_dirs=
- while :; do
- case $as_dir in #(
-- *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
-+ *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
- *) as_qdir=$as_dir;;
- esac
- as_dirs="'$as_qdir' $as_dirs"
-@@ -5316,7 +5615,7 @@ $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
--$as_echo X"$as_dir" |
-+printf "%s\n" X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
-@@ -5379,7 +5678,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_wri
- # values after options handling.
- ac_log="
- This file was extended by $as_me, which was
--generated by GNU Autoconf 2.69. Invocation command line was
-+generated by GNU Autoconf 2.71. Invocation command line was
- CONFIG_FILES = $CONFIG_FILES
- CONFIG_HEADERS = $CONFIG_HEADERS
-@@ -5428,14 +5727,16 @@ $config_files
- Report bugs to the package provider."
-
- _ACEOF
-+ac_cs_config=`printf "%s\n" "$ac_configure_args" | sed "$ac_safe_unquote"`
-+ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\''/g"`
- cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
--ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
-+ac_cs_config='$ac_cs_config_escaped'
- ac_cs_version="\\
- config.status
--configured by $0, generated by GNU Autoconf 2.69,
-+configured by $0, generated by GNU Autoconf 2.71,
- with options \\"\$ac_cs_config\\"
-
--Copyright (C) 2012 Free Software Foundation, Inc.
-+Copyright (C) 2021 Free Software Foundation, Inc.
- This config.status script is free software; the Free Software Foundation
- gives unlimited permission to copy, distribute and modify it."
-
-@@ -5472,21 +5773,21 @@ do
- -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
- ac_cs_recheck=: ;;
- --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
-- $as_echo "$ac_cs_version"; exit ;;
-+ printf "%s\n" "$ac_cs_version"; exit ;;
- --config | --confi | --conf | --con | --co | --c )
-- $as_echo "$ac_cs_config"; exit ;;
-+ printf "%s\n" "$ac_cs_config"; exit ;;
- --debug | --debu | --deb | --de | --d | -d )
- debug=: ;;
- --file | --fil | --fi | --f )
- $ac_shift
- case $ac_optarg in
-- *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
-+ *\'*) ac_optarg=`printf "%s\n" "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
- '') as_fn_error $? "missing file argument" ;;
- esac
- as_fn_append CONFIG_FILES " '$ac_optarg'"
- ac_need_defaults=false;;
- --he | --h | --help | --hel | -h )
-- $as_echo "$ac_cs_usage"; exit ;;
-+ printf "%s\n" "$ac_cs_usage"; exit ;;
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil | --si | --s)
- ac_cs_silent=: ;;
-@@ -5514,7 +5815,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_writ
- if \$ac_cs_recheck; then
- set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
- shift
-- \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
-+ \printf "%s\n" "running CONFIG_SHELL=$SHELL \$*" >&6
- CONFIG_SHELL='$SHELL'
- export CONFIG_SHELL
- exec "\$@"
-@@ -5528,7 +5829,7 @@ exec 5>>config.log
- sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
- ## Running $as_me. ##
- _ASBOX
-- $as_echo "$ac_log"
-+ printf "%s\n" "$ac_log"
- } >&5
-
- _ACEOF
-@@ -5553,7 +5854,7 @@ done
- # We use the long form for the default assignment because of an extremely
- # bizarre bug on SunOS 4.1.3.
- if $ac_need_defaults; then
-- test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
-+ test ${CONFIG_FILES+y} || CONFIG_FILES=$config_files
- fi
-
- # Have a temporary directory for convenience. Make it in the build tree
-@@ -5781,7 +6082,7 @@ do
- esac ||
- as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
- esac
-- case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
-+ case $ac_f in *\'*) ac_f=`printf "%s\n" "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
- as_fn_append ac_file_inputs " '$ac_f'"
- done
-
-@@ -5789,17 +6090,17 @@ do
- # use $as_me), people would be surprised to read:
- # /* config.h. Generated by config.status. */
- configure_input='Generated from '`
-- $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
-+ printf "%s\n" "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
- `' by configure.'
- if test x"$ac_file" != x-; then
- configure_input="$ac_file. $configure_input"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
--$as_echo "$as_me: creating $ac_file" >&6;}
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
-+printf "%s\n" "$as_me: creating $ac_file" >&6;}
- fi
- # Neutralize special characters interpreted by sed in replacement strings.
- case $configure_input in #(
- *\&* | *\|* | *\\* )
-- ac_sed_conf_input=`$as_echo "$configure_input" |
-+ ac_sed_conf_input=`printf "%s\n" "$configure_input" |
- sed 's/[\\\\&|]/\\\\&/g'`;; #(
- *) ac_sed_conf_input=$configure_input;;
- esac
-@@ -5816,7 +6117,7 @@ $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^
- X"$ac_file" : 'X\(//\)[^/]' \| \
- X"$ac_file" : 'X\(//\)$' \| \
- X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
--$as_echo X"$ac_file" |
-+printf "%s\n" X"$ac_file" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
-@@ -5840,9 +6141,9 @@ $as_echo X"$ac_file" |
- case "$ac_dir" in
- .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
- *)
-- ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
-+ ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'`
- # A ".." for each directory in $ac_dir_suffix.
-- ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
-+ ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
- case $ac_top_builddir_sub in
- "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
-@@ -5895,8 +6196,8 @@ ac_sed_dataroot='
- case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
- *datarootdir*) ac_datarootdir_seen=yes;;
- *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
-- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
--$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
-+printf "%s\n" "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
- _ACEOF
- cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
- ac_datarootdir_hack='
-@@ -5938,9 +6239,9 @@ test -z "$ac_datarootdir_hack$ac_dataroo
- { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
- { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \
- "$ac_tmp/out"`; test -z "$ac_out"; } &&
-- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
- which seems to be undefined. Please make sure it is defined" >&5
--$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
-+printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
- which seems to be undefined. Please make sure it is defined" >&2;}
-
- rm -f "$ac_tmp/stdin"
-@@ -5987,8 +6288,8 @@ if test "$no_create" != yes; then
- $ac_cs_success || as_fn_exit 1
- fi
- if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
--$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
-+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
-+printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
- fi
-
-
---- a/src/modules/rlm_krb5/configure.ac
-+++ b/src/modules/rlm_krb5/configure.ac
-@@ -1,187 +1,178 @@
--AC_PREREQ([2.53])
--AC_INIT(rlm_krb5.c)
-+AC_PREREQ([2.71])
-+AC_INIT
-+AC_CONFIG_SRCDIR([rlm_krb5.c])
- AC_REVISION($Revision$)
--AC_DEFUN(modname,[rlm_krb5])
-+FR_INIT_MODULE([rlm_krb5], [Kerberos support])
-
--AC_ARG_WITH([]modname,
--[ --with-[]modname build []modname. (default=yes)])
-+FR_MODULE_START_TESTS
-
--if test x$with_[]modname != xno; then
-+AC_PROG_CC
-+AC_PROG_CPP
-
-- AC_PROG_CC
-- AC_PROG_CPP
--
-- dnl extra argument: --with-rlm-krb5-dir
-- rlm_krb5_dir=
-- AC_ARG_WITH(rlm-krb5-dir,
-- [ --with-rlm-krb5-dir=DIR Directory for krb5 files []],
-- [ case "$withval" in
-- no)
-+dnl extra argument: --with-rlm-krb5-dir
-+rlm_krb5_dir=
-+AC_ARG_WITH(rlm-krb5-dir,
-+ [AS_HELP_STRING([--with-rlm-krb5-dir=DIR],
-+ [directory where krb5 files are installed])],
-+ [case "$withval" in
-+ no)
- AC_MSG_ERROR(Need rlm-krb5-dir)
- ;;
-- yes)
-+ yes)
- ;;
-- *)
-+ *)
- rlm_krb5_dir="$withval"
- ;;
-- esac ]
-- )
-+ esac])
-
-- AC_PATH_PROG(krb5_config, krb5-config, not-found, [${rlm_krb5_dir}/bin:${PATH}:/usr/bin:/usr/local/bin])
-- dnl #
-- dnl # If we can find krb5-config we can get the version of the library and determine
-- dnl # whether it's safe to enable threading.
-- dnl #
-- if test "$krb5_config" != 'not-found'; then
-- AC_MSG_CHECKING([krb5-config CFLAGS])
-- SMART_CPPFLAGS=$($krb5_config --cflags)
-- SMART_CPPFLAGS=[$(echo "$SMART_CPPFLAGS" | sed 's/-I[ ]*/-isystem /g')]
-- AC_MSG_RESULT("$SMART_CPPFLAGS")
--
-- AC_MSG_CHECKING([krb5-config LDFLAGS])
-- SMART_LIBS=$($krb5_config --libs)
-- AC_MSG_RESULT(${SMART_LIBS})
--
-- AC_MSG_CHECKING([krb5-config reported version])
-- krb5_version_raw=$($krb5_config --version)
--
-- dnl # AWK originally from from https://github.com/hpc/lustre
-- krb5_version=$(echo "$krb5_version_raw" | head -n 1 | \
-- awk '{split($(4),v,"."); if (v@<:@"3"@:>@ = "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }')
-- AC_MSG_RESULT([${krb5_version_raw} ($krb5_version)])
--
-- AC_MSG_CHECKING([krb5-config reported vendor])
-- krb5_vendor=$($krb5_config --vendor)
-- AC_MSG_RESULT([${krb5_vendor}])
--
-- AC_MSG_CHECKING([canonical API type])
-- if test "$krb5_vendor" = "Massachusetts Institute of Technology" || \
-- echo "$krb5_vendor" | grep -i 'MIT' > /dev/null 2>&1 || \
-- echo "$krb5_version_raw" | grep -i 'MIT' > /dev/null 2>&1 ; then
-- AC_MSG_RESULT([MIT])
-- krb5_api_type='mit'
-- else
-- AC_MSG_RESULT([HEIMDAL])
-- krb5_api_type='heimdal'
-- fi
-+AC_PATH_PROG(krb5_config, krb5-config, not-found, [${rlm_krb5_dir}/bin:${PATH}:/usr/bin:/usr/local/bin])
-+dnl #
-+dnl # If we can find krb5-config we can get the version of the library and determine
-+dnl # whether it's safe to enable threading.
-+dnl #
-+if test "$krb5_config" != 'not-found'; then
-+ AC_MSG_CHECKING([krb5-config CFLAGS])
-+ SMART_CPPFLAGS=$($krb5_config --cflags)
-+ SMART_CPPFLAGS=[$(echo "$SMART_CPPFLAGS" | sed 's/-I[ ]*/-isystem /g')]
-+ AC_MSG_RESULT("$SMART_CPPFLAGS")
-+
-+ AC_MSG_CHECKING([krb5-config LDFLAGS])
-+ SMART_LIBS=$($krb5_config --libs)
-+ AC_MSG_RESULT(${SMART_LIBS})
-+
-+ AC_MSG_CHECKING([krb5-config reported version])
-+ krb5_version_raw=$($krb5_config --version)
-+
-+ dnl # AWK originally from from https://github.com/hpc/lustre
-+ krb5_version=$(echo "$krb5_version_raw" | head -n 1 | \
-+ awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }')
-+ AC_MSG_RESULT([${krb5_version_raw} ($krb5_version)])
-+
-+ AC_MSG_CHECKING([krb5-config reported vendor])
-+ krb5_vendor=$($krb5_config --vendor)
-+ AC_MSG_RESULT([${krb5_vendor}])
-+
-+ AC_MSG_CHECKING([canonical API type])
-+ if test "$krb5_vendor" = "Massachusetts Institute of Technology" || \
-+ echo "$krb5_vendor" | grep -i 'MIT' > /dev/null 2>&1 || \
-+ echo "$krb5_version_raw" | grep -i 'MIT' > /dev/null 2>&1 ; then
-+ AC_MSG_RESULT([MIT])
-+ krb5_api_type='mit'
- else
-- smart_try_dir="$rlm_krb5_dir/include"
-- FR_SMART_CHECK_INCLUDE(krb5.h)
-- if test "$ac_cv_header_krb5_h" != "yes"; then
-- fail="$fail krb5.h"
-- fi
--
-- krb5libcrypto=
-- smart_try_dir="$rlm_krb5_dir/lib"
-- FR_SMART_CHECK_LIB(k5crypto, krb5_encrypt_data)
-- if test "x$ac_cv_lib_k5crypto_krb5_encrypt_data" = xyes; then
-- krb5libcrypto="-lk5crypto"
-- fi
--
-- if test "x$krb5libcrypto" = x; then
-- FR_SMART_CHECK_LIB(crypto, DH_new)
-- if test "x$ac_cv_lib_crypto_DH_new" = xyes; then
-- krb5libcrypto="-lcrypto"
-- fi
-- fi
--
-- if test "x$krb5libcrypto" = x; then
-- AC_MSG_WARN([neither krb5 'k5crypto' nor 'crypto' libraries are found!])
-- fi
--
-- FR_SMART_CHECK_LIB(com_err, set_com_err_hook)
-- if test "x$ac_cv_lib_com_err_set_com_err_hook" != xyes; then
-- AC_MSG_WARN([the comm_err library isn't found!])
-- fi
-+ AC_MSG_RESULT([HEIMDAL])
-+ krb5_api_type='heimdal'
-+ fi
-+else
-+ smart_try_dir="$rlm_krb5_dir/include"
-+ FR_SMART_CHECK_INCLUDE(krb5.h)
-+ if test "$ac_cv_header_krb5_h" != "yes"; then
-+ FR_MODULE_FAIL([krb5.h])
-+ fi
-
-- dnl #
-- dnl # Only the heimdal version of the library has this function
-- dnl #
-- FR_SMART_CHECK_LIB(krb5, krb5_verify_user_opt)
-- if test "x$ac_cv_lib_krb5_krb5_verify_user_opt" = xyes; then
-- krb5_api_type='heimdal'
-- else
-- krb5_api_type='mit'
-+ krb5libcrypto=
-+ smart_try_dir="$rlm_krb5_dir/lib"
-+ FR_SMART_CHECK_LIB(k5crypto, krb5_encrypt_data)
-+ if test "x$ac_cv_lib_k5crypto_krb5_encrypt_data" = xyes; then
-+ krb5libcrypto="-lk5crypto"
-+ fi
-
-- FR_SMART_CHECK_LIB(krb5, krb5_get_init_creds_password)
-- if test "x$ac_cv_lib_krb5_krb5_get_init_creds_password" != xyes; then
-- fail="$fail krb5"
-- fi
-+ if test "x$krb5libcrypto" = x; then
-+ FR_SMART_CHECK_LIB(crypto, DH_new)
-+ if test "x$ac_cv_lib_crypto_DH_new" = xyes; then
-+ krb5libcrypto="-lcrypto"
- fi
--
- fi
-
-- dnl #
-- dnl # Need to ensure the test program(s) link against the right library
-- dnl #
-- LDFLAGS="${LDFLAGS} ${SMART_LIBS}"
-- CFLAGS="${CFLAGS} ${SMART_CPPFLAGS}"
--
-- dnl #
-- dnl # Check how to free things returned by krb5_get_error_message
-- dnl #
-- AC_CHECK_FUNCS([krb5_get_error_message krb5_free_error_string krb5_free_error_message])
-- if test "x$ac_cv_func_krb5_get_error_message" = xyes; then
-- krb5mod_cflags="${krb5mod_cflags} -DHAVE_KRB5_GET_ERROR_MESSAGE"
-- fi
-- if test "x$ac_cv_func_krb5_free_error_message" = xyes; then
-- krb5mod_cflags="${krb5mod_cflags} -DHAVE_KRB5_FREE_ERROR_MESSAGE"
-+ if test "x$krb5libcrypto" = x; then
-+ AC_MSG_WARN([neither krb5 'k5crypto' nor 'crypto' libraries are found!])
- fi
-- if test "x$ac_cv_func_krb5_free_error_string" = xyes; then
-- krb5mod_cflags="${krb5mod_cflags} -DHAVE_KRB5_FREE_ERROR_STRING"
-+
-+ FR_SMART_CHECK_LIB(com_err, set_com_err_hook)
-+ if test "x$ac_cv_lib_com_err_set_com_err_hook" != xyes; then
-+ AC_MSG_WARN([the comm_err library isn't found!])
- fi
-
- dnl #
-- dnl # Only check if version checks have not found kerberos to be thread unsafe
-+ dnl # Only the heimdal version of the library has this function
- dnl #
-- if test "$krb5threadsafe" != "no"; then
-- krb5threadsafe=
-+ FR_SMART_CHECK_LIB(krb5, krb5_verify_user_opt)
-+ if test "x$ac_cv_lib_krb5_krb5_verify_user_opt" = xyes; then
-+ krb5_api_type='heimdal'
-+ else
-+ krb5_api_type='mit'
-
-- FR_SMART_CHECK_LIB(krb5, krb5_is_thread_safe)
-- if test "x$ac_cv_lib_krb5_krb5_is_thread_safe" = xyes; then
-- AC_RUN_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[return krb5_is_thread_safe() ? 0 : 1]])],
-- [krb5threadsafe="-DKRB5_IS_THREAD_SAFE"], [AC_MSG_WARN([[libkrb5 is not threadsafe]])])
-+ FR_SMART_CHECK_LIB(krb5, krb5_get_init_creds_password)
-+ if test "x$ac_cv_lib_krb5_krb5_get_init_creds_password" != xyes; then
-+ FR_MODULE_FAIL([krb5])
- fi
-- else
-- krb5threadsafe=""
fi
-
-- if test "$krb5_api_type" = "mit"; then
-- dnl #
-- dnl # This lives in different places depending on the distro
-- dnl #
-- FR_SMART_CHECK_INCLUDE([com_err.h])
-- if test "$ac_cv_header_com_err_h" != "yes"; then
-- FR_SMART_CHECK_INCLUDE([et/com_err.h])
-- if test "$ac_cv_header_et_com_err_h" != "yes"; then
-- fail="$fail com_err.h"
-- else
-- krb5mod_cflags="$krb5mod_cflags -DET_COMM_ERR "
-- fi
-- fi
-- else
-- krb5mod_cflags="$krb5mod_cflags -DHEIMDAL_KRB5"
-+fi
-+
-+dnl #
-+dnl # Need to ensure the test program(s) link against the right library
-+dnl #
-+LDFLAGS="${LDFLAGS} ${SMART_LIBS}"
-+CFLAGS="${CFLAGS} ${SMART_CPPFLAGS}"
-+
-+dnl #
-+dnl # Check how to free things returned by krb5_get_error_message
-+dnl #
-+AC_CHECK_FUNCS(\
-+ krb5_get_error_message \
-+ krb5_free_error_string \
-+ krb5_free_error_message \
-+)
-+if test "x$ac_cv_func_krb5_get_error_message" = xyes; then
-+ krb5mod_cflags="${krb5mod_cflags} -DHAVE_KRB5_GET_ERROR_MESSAGE"
-+fi
-+if test "x$ac_cv_func_krb5_free_error_message" = xyes; then
-+ krb5mod_cflags="${krb5mod_cflags} -DHAVE_KRB5_FREE_ERROR_MESSAGE"
-+fi
-+if test "x$ac_cv_func_krb5_free_error_string" = xyes; then
-+ krb5mod_cflags="${krb5mod_cflags} -DHAVE_KRB5_FREE_ERROR_STRING"
-+fi
-+
-+dnl #
-+dnl # Only check if version checks have not found kerberos to be thread unsafe
-+dnl #
-+if test "$krb5threadsafe" != "no"; then
-+ krb5threadsafe=
-+
-+ FR_SMART_CHECK_LIB(krb5, krb5_is_thread_safe)
-+ if test "x$ac_cv_lib_krb5_krb5_is_thread_safe" = xyes; then
-+ AC_RUN_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[return krb5_is_thread_safe() ? 0 : 1]])],
-+ [krb5threadsafe="-DKRB5_IS_THREAD_SAFE"], [AC_MSG_WARN([[libkrb5 is not threadsafe]])],
-+ [AC_MSG_WARN(cross compiling: not checking)])
- fi
-- targetname=modname
else
-- targetname=
-- echo \*\*\* module modname is disabled.
-+ krb5threadsafe=""
- fi
-
--if test x"$fail" != x""; then
-- if test x"${enable_strict_dependencies}" = x"yes"; then
-- AC_MSG_ERROR([set --without-]modname[ to disable it explicitly.])
-- else
-- AC_MSG_WARN([silently not building ]modname[.])
-- AC_MSG_WARN([FAILURE: ]modname[ requires: $fail.]);
-- targetname=""
-+if test "$krb5_api_type" = "mit"; then
-+ dnl #
-+ dnl # This lives in different places depending on the distro
-+ dnl #
-+ FR_SMART_CHECK_INCLUDE([com_err.h])
-+ if test "$ac_cv_header_com_err_h" != "yes"; then
-+ FR_SMART_CHECK_INCLUDE([et/com_err.h])
-+ if test "$ac_cv_header_et_com_err_h" != "yes"; then
-+ FR_MODULE_FAIL([com_err.h])
-+ else
-+ krb5mod_cflags="$krb5mod_cflags -DET_COMM_ERR "
-+ fi
- fi
-+else
-+ krb5mod_cflags="$krb5mod_cflags -DHEIMDAL_KRB5"
- fi
-
-+FR_MODULE_END_TESTS(strict)
-+
- mod_ldflags="$krb5mod_ldflags $krb5libcrypto $SMART_LIBS"
- mod_cflags="$krb5mod_cflags $krb5threadsafe $SMART_CPPFLAGS"
-
- AC_SUBST(mod_ldflags)
- AC_SUBST(mod_cflags)
--AC_SUBST(targetname)
--AC_OUTPUT(all.mk)
-+
-+AC_CONFIG_FILES([all.mk])
-+AC_OUTPUT
include $(TOPDIR)/rules.mk
PKG_NAME:=frr
PKG_VERSION:=9.0.0
-PKG_RELEASE:=2
+PKG_RELEASE:=7
PKG_SOURCE_DATE:=2023-08-12
PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_DATE).tar.gz
CONFIG_FRR_INTERNAL \
CONFIG_FRR_SNMP \
CONFIG_FRR_NO_SNMP \
- CONFIG_PACKAGE_frr-libfrr \
- CONFIG_PACKAGE_frr-vtysh \
+ CONFIG_PACKAGE_frr \
CONFIG_PACKAGE_frr-watchfrr \
CONFIG_PACKAGE_frr-zebra \
$(patsubst %,CONFIG_PACKAGE_frr-%,$(PKG_DAEMON_AVAILABLE)) \
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/host-build.mk
-define Package/frr-libfrr/config
+define Package/frr/config
source "$(SOURCE)/Config.in"
endef
define Package/frr
$(call Package/frr/Default)
- DEPENDS:=+librt
+ DEPENDS:=+librt +libatomic +libcap +libncurses +libjson-c +libreadline \
+ +libyang +libprotobuf-c +FRR_OPENSSL:libopenssl +FRR_SNMP:libnetsnmp +more
TITLE:=The FRRouting (FRR) Software Routing Suite
MENU:=1
endef
NHRP.
endef
-define Package/frr-libfrr
- $(call Package/frr/Default)
- TITLE:=zebra library
- DEPENDS+=+librt +libatomic +libcap +libjson-c +libyang +libprotobuf-c +FRR_OPENSSL:libopenssl +FRR_SNMP:libnetsnmp
- CONFLICTS:=quagga-libzebra
-endef
-
-define Package/frr-vtysh
- $(call Package/frr/Default)
- DEPENDS+=+frr-libfrr +libreadline +libncurses +more
- TITLE:=integrated shell for frr routing software
- CONFLICTS:=quagga-vtysh
-endef
-
define Package/frr-watchfrr
$(call Package/frr/Default)
TITLE:=frr watchdog
- DEPENDS+=+frr-libfrr
DEFAULT:=y if PACKAGE_frr
endef
define Package/frr-zebra
$(call Package/frr/Default)
TITLE:=Zebra daemon
- DEPENDS+=+frr-libfrr
DEFAULT:=y if PACKAGE_frr
CONFLICTS:=quagga-zebra
endef
define Package/frr-pythontools
$(call Package/frr/Default)
TITLE:=Python reload tool
- DEPENDS+=+frr-libfrr +python3-base +python3-light +python3-logging
+ DEPENDS+=+python3-base +python3-light +python3-logging
endef
##Migrate from quagga
define Package/frr-$(1)
$$(call Package/frr/Default)
TITLE:= $(1) routing engine
- DEPENDS+=frr-libfrr $(2)
+ifeq ($(1),bgpd)
+ KCONFIG:=CONFIG_TCP_MD5SIG=y
+endif
+ DEPENDS+=$(2)
endef
# if [ "$(1)" == "bfdd" ]; then \
# export HAVE_BFDD == 1 ; fi
$$(eval $$(call BuildPackage,frr-$(1)))
endef
-define Package/frr-libfrr/conffiles
+define Package/frr/conffiles
/etc/frr/daemons
/etc/frr/frr.conf
/etc/frr/vtysh.conf
HOST_CONFIGURE_ARGS+= \
--enable-clippy-only
+HOST_MAKE_FLAGS = \
+ LIBS+='-lz'
+
define Host/Install
$(INSTALL_DIR) $(STAGING_DIR_HOSTPKG)/bin
$(INSTALL_BIN) $(HOST_BUILD_DIR)/lib/clippy $(STAGING_DIR_HOSTPKG)/bin/
CONFIGURE_ARGS+= \
--with-clippy=$(STAGING_DIR_HOSTPKG)/bin/clippy \
--prefix=/usr \
+ --enable-vtysh \
+ --enable-zebra \
--enable-shared \
--disable-static \
--enable-user=network \
$(if $(CONFIG_FRR_OPENSSL),--with-crypto=openssl,) \
$(if $(CONFIG_FRR_SNMP),--enable-snmp,) \
$(foreach m,$(PKG_DAEMON_AVAILABLE), \
- $(call autoconf_bool,CONFIG_PACKAGE_frr-$(m),$(m)) ) \
- $(call autoconf_bool,CONFIG_PACKAGE_frr-vtysh,vtysh) \
- $(call autoconf_bool,CONFIG_PACKAGE_frr-libfrr,zebra)
+ $(call autoconf_bool,CONFIG_PACKAGE_frr-$(m),$(m)) )
define Package/frr/install
$(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/init.d
$(INSTALL_BIN) ./files/frrcommon.sh $(1)/usr/sbin/
$(INSTALL_BIN) ./files/frr $(1)/etc/init.d/
+ $(INSTALL_DIR) $(1)/usr/bin $(1)/etc/frr
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/vtysh $(1)/usr/bin/
+ $(INSTALL_CONF) ./files/vtysh.conf $(1)/etc/frr/
+ $(INSTALL_DIR) $(1)/usr/lib $(1)/etc/frr
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libfrr.so* $(1)/usr/lib/
+ $(if $(CONFIG_FRR_SNMP),$(CP) $(PKG_INSTALL_DIR)/usr/lib/libfrrsnmp.so* $(1)/usr/lib/,)
+ $(INSTALL_CONF) ./files/{frr.conf,daemons} $(1)/etc/frr/
endef
define Package/frr-watchfrr/install
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/zebra $(1)/usr/sbin/
endef
-define Package/frr-libfrr/install
- $(INSTALL_DIR) $(1)/usr/lib $(1)/etc/frr
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libfrr.so* $(1)/usr/lib/
- $(if $(CONFIG_FRR_SNMP),$(CP) $(PKG_INSTALL_DIR)/usr/lib/libfrrsnmp.so* $(1)/usr/lib/,)
- $(INSTALL_CONF) ./files/{frr.conf,daemons} $(1)/etc/frr/
-endef
-
-
define Package/frr-pythontools/install
$(INSTALL_DIR) $(1)/usr/lib/frr $(1)/usr/sbin $(1)/etc/frr
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/*.py $(1)/usr/lib/frr/
$(INSTALL_CONF) $(PKG_BUILD_DIR)/tools/etc/frr/support_bundle_commands.conf $(1)/etc/frr/
endef
-define Package/frr-vtysh/install
- $(INSTALL_DIR) $(1)/usr/bin $(1)/etc/frr
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/vtysh $(1)/usr/bin/
- $(INSTALL_CONF) ./files/vtysh.conf $(1)/etc/frr/
-endef
-
$(eval $(call HostBuild))
$(eval $(call BuildPackage,frr))
-$(eval $(call BuildPackage,frr-libfrr))
$(eval $(call BuildPackage,frr-pythontools))
$(eval $(call BuildPackage,frr-watchfrr))
$(eval $(call BuildPackage,frr-zebra))
-$(eval $(call BuildPackage,frr-vtysh))
$(eval $(call BuildDaemon,babeld,))
$(eval $(call BuildDaemon,bfdd,))
$(eval $(call BuildDaemon,bgpd,))
load_old_config "/etc/sysconfig/frr"
fi
-if { declare -p watchfrr_options 2>/dev/null || true; } | grep -q '^declare \-a'; then
+if { declare -p watchfrr_options 2>/dev/null || true; } | grep -q '^declare -a'; then
log_warning_msg "watchfrr_options contains a bash array value." \
"The configured value is intentionally ignored since it is likely wrong." \
"Please remove or fix the setting."
--- /dev/null
+From d286461971735a0b81a53039f38f66c47c632196 Mon Sep 17 00:00:00 2001
+From: Georgi Valkov <gvalkov@gmail.com>
+Date: Mon, 27 May 2024 17:30:54 +0300
+Subject: [PATCH] zebra: fix compilation with GCC14
+
+Fixes:
+zebra/zebra_netns_notify.c: In function 'zebra_ns_ready_read':
+zebra/zebra_netns_notify.c:265:40: error: implicit declaration of function 'basename' [-Wimplicit-function-declaration]
+ 265 | if (strmatch(VRF_DEFAULT_NAME, basename(netnspath))) {
+ | ^~~~~~~~
+
+Fixed by including libgen.h, then since basename may modify its
+parameter, allocate a copy on the stack, using strdupa, and pass the
+temporary string to basename.
+
+According to the man page for basename:
+With glibc, one gets the POSIX version of basename() when
+<libgen.h> is included, and the GNU version otherwise.
+
+The POSIX version of basename may modify the contents of path,
+so we should to pass a copy when calling this function.
+
+[1] https://man7.org/linux/man-pages/man3/basename.3.html
+
+Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
+---
+--- a/zebra/zebra_netns_notify.c
++++ b/zebra/zebra_netns_notify.c
+@@ -14,6 +14,7 @@
+ #include <sched.h>
+ #endif
+ #include <dirent.h>
++#include <libgen.h>
+ #include <sys/inotify.h>
+ #include <sys/stat.h>
+
+@@ -233,6 +234,7 @@ static void zebra_ns_ready_read(struct e
+ {
+ struct zebra_netns_info *zns_info = EVENT_ARG(t);
+ const char *netnspath;
++ const char *netnspath_basename;
+ int err, stop_retry = 0;
+
+ if (!zns_info)
+@@ -260,23 +262,24 @@ static void zebra_ns_ready_read(struct e
+ zebra_ns_continue_read(zns_info, stop_retry);
+ return;
+ }
++ netnspath_basename = basename(strdupa(netnspath));
+
+ /* check default name is not already set */
+- if (strmatch(VRF_DEFAULT_NAME, basename(netnspath))) {
+- zlog_warn("NS notify : NS %s is already default VRF.Cancel VRF Creation", basename(netnspath));
++ if (strmatch(VRF_DEFAULT_NAME, netnspath_basename)) {
++ zlog_warn("NS notify : NS %s is already default VRF.Cancel VRF Creation", netnspath_basename);
+ zebra_ns_continue_read(zns_info, 1);
+ return;
+ }
+- if (zebra_ns_notify_is_default_netns(basename(netnspath))) {
++ if (zebra_ns_notify_is_default_netns(netnspath_basename)) {
+ zlog_warn(
+ "NS notify : NS %s is default VRF. Ignore VRF creation",
+- basename(netnspath));
++ netnspath_basename);
+ zebra_ns_continue_read(zns_info, 1);
+ return;
+ }
+
+ /* success : close fd and create zns context */
+- zebra_ns_notify_create_context_from_entry_name(basename(netnspath));
++ zebra_ns_notify_create_context_from_entry_name(netnspath_basename);
+ zebra_ns_continue_read(zns_info, 1);
+ }
+
+@@ -395,7 +398,7 @@ void zebra_ns_notify_parse(void)
+ continue;
+ }
+ /* check default name is not already set */
+- if (strmatch(VRF_DEFAULT_NAME, basename(dent->d_name))) {
++ if (strmatch(VRF_DEFAULT_NAME, basename(strdupa(dent->d_name)))) {
+ zlog_warn("NS notify : NS %s is already default VRF.Cancel VRF Creation", dent->d_name);
+ continue;
+ }
PKG_NAME:=gatling
PKG_VERSION:=0.16
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://www.fefe.de/gatling/
Gatling is particularly good in situations with very high load.
endef
+define Package/gatling/conffiles
+/etc/config/gatling
+endef
+
define Package/gatling/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/gatling $(1)/usr/bin/
+
+ $(INSTALL_DIR) $(1)/etc/config
+ $(INSTALL_CONF) ./files/gatling.conf $(1)/etc/config/gatling
+
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/gatling.init $(1)/etc/init.d/gatling
endef
$(eval $(call BuildPackage,gatling))
--- /dev/null
+
+config gatling 'v4'
+ option listen_http '0.0.0.0:80'
+ option virtual_hosting off
+ option ftp_server off
+ option ftp_port '21'
+ option logging off
+ option timeout 23
+ option switch_to_uid 'nobody'
+ option chroot_dir '/var/www/'
+ option tarpit_clients off
+ option tarpit_clients_at 50
+ option localhost_access_only off
+ option permit_access_ftp_uploads_immediately off
+
+config gatling 'v6'
+ option listen_http '[::]:80'
+ option virtual_hosting off
+ option ftp_server off
+ option ftp_port '21'
+ option logging off
+ option timeout 23
+ option switch_to_uid 'nobody'
+ option chroot_dir '/var/www/'
+ option tarpit_clients off
+ option tarpit_clients_at 50
+ option localhost_access_only off
+ option permit_access_ftp_uploads_immediately off
--- /dev/null
+#!/bin/sh /etc/rc.common
+
+# shellcheck shell=ash
+
+# Just looks for changes in the config-file and applies them with a
+# one-time-run.
+
+USE_PROCD=1
+# PROCD_DEBUG=1
+
+# taken from /etc/init.d/uhttpd
+append_arg() {
+ local cfg="$1"
+ local var="$2"
+ local opt="$3"
+ local def="$4"
+ local val
+
+ config_get val "$cfg" "$var"
+ [ -n "$val" -o -n "$def" ] && procd_append_param command "$opt" "${val:-$def}"
+}
+
+service_triggers() {
+ procd_add_reload_trigger "gatling"
+}
+
+start_instance() {
+
+ local cfg="$1"
+ local ftp_server
+ local enabled
+
+ config_get_bool enabled "$cfg" 'enabled' 1
+ [ $enabled -gt 0 ] || return
+
+ procd_open_instance
+
+ procd_set_param command /usr/bin/gatling
+ procd_set_param stdout 1
+ procd_set_param stderr 1
+ procd_set_param term_timeout 20
+
+ # get listen-address and slice it from back, to cut at port-delimiter
+ config_get listen_http "$cfg" 'listen_http'
+ port="${listen_http##*:}"
+ ip="${listen_http%:*}"
+ case "$ip" in
+ '['*']') ip="${ip:1:-1}" ;;
+ esac
+
+ procd_append_param command -i "$ip"
+ procd_append_param command -p "$port"
+
+ append_arg "$cfg" switch_to_uid "-u"
+ append_arg "$cfg" chroot_dir "-c"
+ append_arg "$cfg" timeout "-T"
+
+ config_get_bool virtual_hosting "$cfg" 'virtual_hosting' 0
+ if [ "$virtual_hosting" -gt 0 ]; then
+ # enable virtual hosting
+ procd_append_param command -v
+ else
+ # disable
+ procd_append_param command -V
+ fi
+
+ config_get_bool ftp_server "$cfg" 'ftp_server' 0
+ if [ "$ftp_server" -gt 0 ]; then
+ procd_append_param command -f
+ append_arg "$cfg" ftp_port "-p"
+ else
+ procd_append_param command -F
+ fi
+
+ config_get_bool logging "$cfg" 'logging' 1
+ if [ "$logging" = 0 ]; then
+ procd_append_param command -n
+ fi
+
+ config_get_bool tarpit_clients "$cfg" 'tarpit_clients' 0
+ if [ "$tarpit_clients" -gt 0 ]; then
+ append_arg "$cfg" tarpit_clients_at "-A"
+ fi
+
+ config_get_bool localhost_access_only "$cfg" 'localhost_access_only' 0
+ if [ "$localhost_access_only" = 1 ]; then
+ procd_append_param command -L
+ fi
+
+ config_get_bool permit_access_ftp_uploads_immediately "$cfg" 'permit_access_ftp_uploads_immediately' 0
+ if [ "$permit_access_ftp_uploads_immediately" = 1 ]; then
+ procd_append_param command -a
+ fi
+
+ procd_close_instance
+}
+
+start_service() {
+ config_load gatling
+ config_foreach start_instance gatling
+}
--- /dev/null
+From ef2adc3e464d9b774794b23bbd0d591ba32e998c Mon Sep 17 00:00:00 2001
+From: Moritz Warning <moritzwarning@web.de>
+Date: Wed, 29 May 2024 09:16:08 +0200
+Subject: [PATCH] mbedtls: fix compilation with 3.0.0
+
+Signed-off-by: Moritz Warning <moritzwarning@web.de>
+---
+ gatling.h | 5 +++++
+ pssl.c | 23 +++++++++++++++++++----
+ 2 files changed, 24 insertions(+), 4 deletions(-)
+
+--- a/gatling.h
++++ b/gatling.h
+@@ -112,7 +112,12 @@ extern int init_serverside_tls(SSL** ssl
+
+ #ifdef USE_POLARSSL
+ /* in pssl.c */
++#include "mbedtls/version.h"
++#if (MBEDTLS_VERSION_NUMBER >= 0x03000000)
++#include <mbedtls/mbedtls_config.h>
++#else
+ #include <mbedtls/config.h>
++#endif
+ #include <mbedtls/platform.h>
+ #include <mbedtls/ssl.h>
+ #include <mbedtls/net_sockets.h>
+--- a/pssl.c
++++ b/pssl.c
+@@ -6,12 +6,18 @@
+ #include <sys/poll.h>
+ #include <netdb.h>
+ #include <fcntl.h>
++#include <mbedtls/version.h>
++#if (MBEDTLS_VERSION_NUMBER >= 0x03000000)
++#include <mbedtls/mbedtls_config.h>
++#include <mbedtls/psa_util.h>
++#else
+ #include <mbedtls/config.h>
++#include <mbedtls/certs.h>
++#endif
+ #include <mbedtls/platform.h>
+ #include <mbedtls/ssl.h>
+ #include <mbedtls/entropy.h>
+ #include <mbedtls/ctr_drbg.h>
+-#include <mbedtls/certs.h>
+ #include <mbedtls/x509.h>
+ #include <mbedtls/x509_crt.h>
+ #include <mbedtls/ssl_cache.h>
+@@ -56,7 +62,9 @@ int ciphersuites[] =
+ MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+ MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
++#if (MBEDTLS_VERSION_NUMBER < 0x03000000)
+ MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
++#endif
+ MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+ MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+ MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+@@ -73,7 +81,9 @@ int ciphersuites[] =
+ MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
+ MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+ MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
++#if (MBEDTLS_VERSION_NUMBER < 0x03000000)
+ MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
++#endif
+ // TLS_RSA_WITH_RC4_128_SHA,
+ // TLS_RSA_WITH_RC4_128_MD5,
+ 0
+@@ -85,7 +95,12 @@ static int parse_cert( const char* filen
+ mbedtls_pk_init(key);
+
+ if ((r=mbedtls_x509_crt_parse_file(srvcert,filename)) ||
+- (r=mbedtls_pk_parse_keyfile(key,filename,NULL)))
++#if (MBEDTLS_VERSION_NUMBER >= 0x03000000)
++ (r=mbedtls_pk_parse_keyfile(key,filename,NULL,mbedtls_psa_get_random,NULL))
++#else
++ (r=mbedtls_pk_parse_keyfile(key,filename,NULL))
++#endif
++ )
+ return r;
+ return 0;
+ }
+@@ -179,7 +194,7 @@ int init_serverside_tls(struct ssl_data*
+ mbedtls_ssl_conf_dh_param_ctx(&d->conf, &d->dhm);
+ // debug_set_threshold(65535);
+
+- mbedtls_ssl_conf_min_version(&d->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1); /* demand at least TLS 1.0 */
++ mbedtls_ssl_conf_min_version(&d->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3); /* demand at least TLS 1.2 */
+ // ssl_set_dh_param( ssl, "CD95C1B9959B0A135B9D306D53A87518E8ED3EA8CBE6E3A338D9DD3167889FC809FE1AD59B38C98D1A8FCE47E46DF5FB56B8EA3B03B2132C249A99209F62A1AD63511BD08A60655B0463B6F1BB79BEC9D17C71BD269C6B50CF0EDDAAB83290B4C697A7F641FBD21EE0E7B57C698AFEED8DA3AB800525E6887215A61CA62DC437", "04" );
+
+ if ((r=mbedtls_ssl_setup(&d->ssl,&d->conf)))
+@@ -210,7 +225,7 @@ int init_clientside_tls(struct ssl_data*
+ mbedtls_ssl_conf_ca_chain( &d->conf, d->crt.next, NULL );
+ mbedtls_ssl_conf_rng( &d->conf, mbedtls_ctr_drbg_random, &ctr_drbg );
+ mbedtls_ssl_conf_dbg( &d->conf, my_debug, NULL );
+- mbedtls_ssl_conf_min_version(&d->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1); /* demand at least TLS 1.0 */
++ mbedtls_ssl_conf_min_version(&d->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3); /* demand at least TLS 1.2 */
+ if ((r=mbedtls_ssl_setup(&d->ssl,&d->conf)))
+ return r;
+ if ((r=mbedtls_ssl_set_hostname(&d->ssl, hostname)))
include $(TOPDIR)/rules.mk
PKG_NAME:=geoipupdate
-PKG_VERSION:=4.9.0
+PKG_VERSION:=7.0.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/maxmind/geoipupdate/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=43195d457a372dc07be593d815212d6ea21e499a37a6111058efa3296759cba9
+PKG_HASH:=59c80ab737f128fc05e4ecdec4d84652182851dc8c8bea892022e3fc12db9101
PKG_LICENSE:=Apache-2.0 MIT
PKG_LICENSE_FILES:=LICENSE-APACHE LICENSE-MIT
-PKG_MAINTAINER:=Matthew Hagan <mnhagan88@gmail.com>
+PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
PKG_BUILD_DEPENDS:=golang/host
PKG_BUILD_PARALLEL:=1
PKG_BUILD_FLAGS:=no-mips16
-GO_PKG:=github.com/maxmind/geoipupdate
+GO_PKG:=github.com/maxmind/geoipupdate/v7
GO_PKG_LDFLAGS_X:= \
main.defaultConfigFile=/etc/GeoIP.conf \
- main.defaultDatabaseDirectory=/var/GeoIP
+ main.defaultDatabaseDirectory=/var/GeoIP \
+ main.version=$(PKG_VERSION)
include $(INCLUDE_DIR)/package.mk
include ../../lang/golang/golang-package.mk
define Package/geoipupdate
- TITLE:=GeoIP Update
- URL:=https://github.com/maxmind/geoipupdate
SECTION:=net
CATEGORY:=Network
+ TITLE:=GeoIP Update
+ URL:=https://github.com/maxmind/geoipupdate
DEPENDS:=$(GO_ARCH_DEPENDS)
endef
endef
define Package/geoipupdate/install
- $(call GoPackage/Package/Install/Bin,$(PKG_INSTALL_DIR))
-
- $(INSTALL_DIR) \
- $(1)/usr/sbin \
- $(1)/etc/init.d
+ $(call GoPackage/Package/Install/Bin,$(1))
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/geoipupdate $(1)/usr/sbin/
+ $(INSTALL_DIR) $(1)/etc
$(INSTALL_CONF) $(PKG_BUILD_DIR)/conf/GeoIP.conf.default $(1)/etc/GeoIP.conf
- $(INSTALL_BIN) ./files/geoipupdate.init $(1)/etc/init.d/geoipupdate
-
- $(SED) "s/^EditionIDs GeoLite2-Country GeoLite2-City/EditionIDs GeoLite2-Country/" $(1)/etc/GeoIP.conf
endef
define Package/geoipupdate/conffiles
+++ /dev/null
-#!/bin/sh /etc/rc.common
-
-START=99
-
-start() {
- [ -d /var/GeoIP ] || {
- mkdir -p /var/GeoIP
- }
-}
include $(TOPDIR)/rules.mk
PKG_NAME:=gg
-PKG_VERSION:=0.2.18
+PKG_VERSION:=0.2.19
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/mzz2017/gg/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=e49ec76f64941b89381fa2fd1060f40ad1f172483a42a56e3a39c5bc67ef0b99
+PKG_HASH:=57c3586d26635bddb4da4636cbc28a588bf7b19b8f6a04e23ec3cba9dd09396d
PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
PKG_LICENSE:=AGPL-3.0-only
include $(TOPDIR)/rules.mk
PKG_NAME:=git
-PKG_VERSION:=2.44.0
+PKG_VERSION:=2.45.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@KERNEL/software/scm/git/
-PKG_HASH:=e358738dcb5b5ea340ce900a0015c03ae86e804e7ff64e47aa4631ddee681de3
+PKG_HASH:=51bfe87eb1c02fed1484051875365eeab229831d30d0cec5d89a14f9e40e9adb
PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=COPYING
CONFIGURE_ARGS += \
--without-iconv \
+CONFIGURE_VARS += \
+ ac_cv_fread_reads_directories=yes \
+ ac_cv_snprintf_returns_bogus=yes \
+ ac_cv_sane_mode_bits=no
+
define Build/Configure
$(MAKE) -C $(PKG_BUILD_DIR) \
configure
+++ /dev/null
---- a/configure.ac
-+++ b/configure.ac
-@@ -964,7 +964,8 @@ AC_RUN_IFELSE(
- FILE *f = fopen(".", "r");
- return f != NULL;]])],
- [ac_cv_fread_reads_directories=no],
-- [ac_cv_fread_reads_directories=yes])
-+ [ac_cv_fread_reads_directories=yes],
-+ [ac_cv_fread_reads_directories=no])
- ])
- if test $ac_cv_fread_reads_directories = yes; then
- FREAD_READS_DIRECTORIES=UnfortunatelyYes
-@@ -998,7 +999,8 @@ AC_RUN_IFELSE(
- if (snprintf(buf, 3, "%s", "12345") != 5
- || strcmp(buf, "12")) return 1]])],
- [ac_cv_snprintf_returns_bogus=no],
-- [ac_cv_snprintf_returns_bogus=yes])
-+ [ac_cv_snprintf_returns_bogus=yes],
-+ [ac_cv_snprintf_returns_bogus=no])
- ])
- if test $ac_cv_snprintf_returns_bogus = yes; then
- SNPRINTF_RETURNS_BOGUS=UnfortunatelyYes
-@@ -1021,7 +1023,8 @@ yippeeyeswehaveit
- #endif
- ]),
- [ac_cv_sane_mode_bits=yes],
-- [ac_cv_sane_mode_bits=no])
-+ [ac_cv_sane_mode_bits=no],
-+ [ac_cv_sane_mode_bits=yes])
- ])
- if test $ac_cv_sane_mode_bits = yes; then
- NEEDS_MODE_TRANSLATION=
--- a/Makefile
+++ b/Makefile
-@@ -1636,7 +1636,7 @@ else
- endif
+@@ -1642,7 +1642,7 @@ else
+ endif
curl_check := $(shell (echo 072200; $(CURL_CONFIG) --vernum | sed -e '/^70[BC]/s/^/0/') 2>/dev/null | sort -r | sed -ne 2p)
- ifeq "$(curl_check)" "072200"
+ ifeq "$(curl_check)" "072200"
- USE_CURL_FOR_IMAP_SEND = YesPlease
+# USE_CURL_FOR_IMAP_SEND = YesPlease
- endif
- ifdef USE_CURL_FOR_IMAP_SEND
+ endif
+ ifdef USE_CURL_FOR_IMAP_SEND
BASIC_CFLAGS += -DUSE_CURL_FOR_IMAP_SEND
--- a/imap-send.c
+++ b/imap-send.c
-@@ -278,8 +278,10 @@ static int ssl_socket_connect(struct ima
+@@ -261,8 +261,10 @@ static int ssl_socket_connect(struct ima
int ret;
X509 *cert;
PKG_NAME:=gnunet-fuse
-PKG_VERSION:=0.19.1
+PKG_VERSION:=0.21.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@GNU/gnunet
-PKG_HASH:=8f1f6f4d76c108ae74c0ec849bc9c02dc8dea412e205c56236c86cb792ccc9b4
+PKG_HASH:=e2b66be6421aa0cd79e378bbf2f7f0f50cae31b03167af7cbde51d1d72280e2b
PKG_LICENSE:=GPL-3.0
PKG_LICENSE_FILES:=COPYING
PKG_NAME:=gnunet
-PKG_VERSION:=0.21.0
+PKG_VERSION:=0.21.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@GNU/gnunet
-PKG_HASH:=a846eb9f64b5602c6e518badfa32a9ee18d9e66042ad4765e40a936041ca74ad
+PKG_HASH:=8c2351268e9b8ba2ad288b8b337ce399f79c18e3ffd960803f4ed5de7dda9fa1
PKG_LICENSE:=AGPL-3.0
PKG_LICENSE_FILES:=COPYING
+++ /dev/null
-From 79b58e8a0c4155134bdf680899fab22a7c01f35a Mon Sep 17 00:00:00 2001
-From: Daniel Golle <daniel@makrotopia.org>
-Date: Sat, 9 Mar 2024 00:46:18 +0000
-Subject: [PATCH] DHTU: ship dhtu.conf
-To: gnunet-developers@gnu.org
-
-Without dhtu.conf GNUnet will create infinite loglines
-ERROR No DHT underlays configured!
-
-Ship the new config file to fix that.
----
- src/service/dht/Makefile.am | 3 +++
- src/service/dht/meson.build | 6 ++++++
- 2 files changed, 9 insertions(+)
-
---- a/src/service/dht/Makefile.am
-+++ b/src/service/dht/Makefile.am
-@@ -10,6 +10,9 @@ libexecdir= $(pkglibdir)/libexec/
- pkgcfg_DATA = \
- dht.conf
-
-+dist_pkgcfg_DATA = \
-+ dhtu.conf
-+
- if USE_COVERAGE
- AM_CFLAGS = --coverage -O0
- XLIB = -lgcov
---- /dev/null
-+++ b/src/service/dht/dhtu.conf
-@@ -0,0 +1,7 @@
-+[dhtu-gnunet]
-+ENABLED = YES
-+
-+[dhtu-ip]
-+ENABLED = NO
-+NSE = 4
-+UDP_PORT = 6666
include $(TOPDIR)/rules.mk
PKG_NAME:=gping
-PKG_VERSION:=1.16.1
+PKG_VERSION:=1.17.3
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/orf/gping/tar.gz/$(PKG_NAME)-v$(PKG_VERSION)?
-PKG_HASH:=557dad6e54b5dd23f88224ea7914776b7636672f237d9cbbea59972235ca89a8
+PKG_HASH:=bed3e1d46c2311ae15cad114700458a138e7d29fd45322cb9dd2c1108eb5a68e
PKG_MAINTAINER:=Jonas Jelonek <jelonek.jonas@gmail.com>
PKG_LICENSE:=MIT
include $(TOPDIR)/rules.mk
PKG_NAME:=haproxy
-PKG_VERSION:=2.8.9
+PKG_VERSION:=3.0.4
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://www.haproxy.org/download/2.8/src
-PKG_HASH:=7a821478f36f847607f51a51e80f4f890c37af4811d60438e7f63783f67592ff
+PKG_SOURCE_URL:=https://www.haproxy.org/download/3.0/src
+PKG_HASH:=aabfd98ada721bbfb68f7805586ced0373fb4c8d73e18faa94055a16c2096936
PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>, \
Christian Lachner <gladiac@gmail.com>
ifeq ($(BUILD_VARIANT),ssl)
ADDON+=USE_OPENSSL=1
ADDON+=ADDLIB="-lcrypto -lm"
+ ADDON+=USE_QUIC=1
+ ADDON+=USE_QUIC_OPENSSL_COMPAT=1
endif
define Build/Compile
#!/bin/sh
-CLONEURL=https://git.haproxy.org/git/haproxy-2.8.git
-BASE_TAG=v2.8.9
+CLONEURL=https://git.haproxy.org/git/haproxy-3.0.git
+BASE_TAG=v3.0.4
TMP_REPODIR=tmprepo
PATCHESDIR=patches
include $(TOPDIR)/rules.mk
PKG_NAME:=hev-socks5-server
-PKG_VERSION:=2.6.5
+PKG_VERSION:=2.6.7
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/heiher/hev-socks5-server/releases/download/$(PKG_VERSION)
-PKG_HASH:=07d3297483cc624464eec424f7dd27f2028f4f56c70c2c9d0b6902e181a32ccb
+PKG_HASH:=4f51610e38b952e7e422ab154c8afc48e6ff0e58ad6c605bb6e823c98a706906
PKG_MAINTAINER:=Ray Wang <r@hev.cc>
-PKG_LICENSE:=GPL-3.0-only
+PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=License
PKG_BUILD_FLAGS:=no-mips16
URL:=https://github.com/heiher/hev-socks5-server
endef
-MAKE_FLAGS += REV_ID="$(PKG_VERSION)"
-
define Package/hev-socks5-server/conffiles
/etc/config/hev-socks5-server
/etc/hev-socks5-server/
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=hev-socks5-tproxy
+PKG_VERSION:=2.5.7
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://github.com/heiher/hev-socks5-tproxy/releases/download/$(PKG_VERSION)
+PKG_HASH:=b5f29fef18ffe335fce4d6f96ce83c8bee04ce29fda420ba7248252d3b210578
+
+PKG_MAINTAINER:=Ray Wang <r@hev.cc>
+PKG_LICENSE:=MIT
+PKG_LICENSE_FILES:=License
+
+PKG_BUILD_FLAGS:=no-mips16
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/hev-socks5-tproxy
+ SECTION:=net
+ CATEGORY:=Network
+ TITLE:=A simple, lightweight socks5 transparent proxy for Linux
+ URL:=https://github.com/heiher/hev-socks5-tproxy
+endef
+
+define Package/hev-socks5-tproxy/description
+hev-socks5-tproxy is a lightweight tool that enables transparent proxying of
+network traffic through a SOCKS5 proxy. It’s designed to enhance privacy, bypass
+restrictions, and improve connectivity without requiring manual configuration on
+client devices.
+endef
+
+define Package/hev-socks5-tproxy/conffiles
+/etc/config/hev-socks5-tproxy
+/etc/hev-socks5-tproxy/
+endef
+
+define Package/hev-socks5-tproxy/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/hev-socks5-tproxy $(1)/usr/bin/
+
+ $(INSTALL_DIR) $(1)/etc/hev-socks5-tproxy/
+ $(INSTALL_CONF) $(PKG_BUILD_DIR)/conf/main.yml $(1)/etc/hev-socks5-tproxy/main.yml
+
+ $(INSTALL_DIR) $(1)/etc/config/
+ $(INSTALL_CONF) ./files/hev-socks5-tproxy.config $(1)/etc/config/hev-socks5-tproxy
+
+ $(INSTALL_DIR) $(1)/etc/init.d/
+ $(INSTALL_BIN) ./files/hev-socks5-tproxy.init $(1)/etc/init.d/hev-socks5-tproxy
+endef
+
+$(eval $(call BuildPackage,hev-socks5-tproxy))
--- /dev/null
+config hev-socks5-tproxy 'config'
+ option enabled '0'
+ option conffile '/etc/hev-socks5-tproxy/main.yml'
--- /dev/null
+#!/bin/sh /etc/rc.common
+
+USE_PROCD=1
+START=99
+
+CONF="hev-socks5-tproxy"
+PROG="/usr/bin/hev-socks5-tproxy"
+
+start_service() {
+ config_load "$CONF"
+
+ local enabled
+ config_get_bool enabled "config" "enabled" "0"
+ [ "$enabled" -eq "1" ] || return 1
+
+ local conffile
+ config_get conffile "config" "conffile"
+
+ procd_open_instance "$CONF"
+ procd_set_param command "$PROG" "$conffile"
+ procd_set_param file "$conffile"
+
+ procd_set_param limits core="unlimited"
+ procd_set_param limits nofile="1000000 1000000"
+ procd_set_param stdout 1
+ procd_set_param stderr 1
+ procd_set_param respawn
+
+ procd_close_instance
+}
+
+service_triggers() {
+ procd_add_reload_trigger "$CONF"
+}
--- /dev/null
+#!/bin/sh
+
+"$1" 2>&1 | grep "$2"
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=hev-socks5-tunnel
+PKG_VERSION:=2.7.3
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://github.com/heiher/hev-socks5-tunnel/releases/download/$(PKG_VERSION)
+PKG_HASH:=613c4132cfed26ccd6e9f59a3e8590723f07969ac677f4957cbe000b13737fea
+
+PKG_MAINTAINER:=Ray Wang <r@hev.cc>
+PKG_LICENSE:=MIT
+PKG_LICENSE_FILES:=License
+
+PKG_BUILD_FLAGS:=no-mips16
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/hev-socks5-tunnel
+ SECTION:=net
+ CATEGORY:=Network
+ TITLE:=A high-performance tun2socks for Unix
+ URL:=https://github.com/heiher/hev-socks5-tunnel
+endef
+
+define Package/hev-socks5-tunnel/description
+hev-socks5-tunnel is a fast and lightweight tool that routes internet traffic
+through a SOCKS5 proxy, enhancing privacy and bypassing restrictions. It’s known
+for its efficiency, simplicity, and low resource usage, making it ideal for secure
+and optimized online connections.
+endef
+
+define Package/hev-socks5-tunnel/conffiles
+/etc/config/hev-socks5-tunnel
+/etc/hev-socks5-tunnel/
+endef
+
+define Package/hev-socks5-tunnel/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/hev-socks5-tunnel $(1)/usr/bin/
+
+ $(INSTALL_DIR) $(1)/etc/hev-socks5-tunnel/
+ $(INSTALL_CONF) $(PKG_BUILD_DIR)/conf/main.yml $(1)/etc/hev-socks5-tunnel/main.yml
+
+ $(INSTALL_DIR) $(1)/etc/config/
+ $(INSTALL_CONF) ./files/hev-socks5-tunnel.config $(1)/etc/config/hev-socks5-tunnel
+
+ $(INSTALL_DIR) $(1)/etc/init.d/
+ $(INSTALL_BIN) ./files/hev-socks5-tunnel.init $(1)/etc/init.d/hev-socks5-tunnel
+endef
+
+$(eval $(call BuildPackage,hev-socks5-tunnel))
--- /dev/null
+config hev-socks5-tunnel 'config'
+ option enabled '0'
+ option conffile '/etc/hev-socks5-tunnel/main.yml'
--- /dev/null
+#!/bin/sh /etc/rc.common
+
+USE_PROCD=1
+START=99
+
+CONF="hev-socks5-tunnel"
+PROG="/usr/bin/hev-socks5-tunnel"
+
+start_service() {
+ config_load "$CONF"
+
+ local enabled
+ config_get_bool enabled "config" "enabled" "0"
+ [ "$enabled" -eq "1" ] || return 1
+
+ local conffile
+ config_get conffile "config" "conffile"
+
+ procd_open_instance "$CONF"
+ procd_set_param command "$PROG" "$conffile"
+ procd_set_param file "$conffile"
+
+ procd_set_param limits core="unlimited"
+ procd_set_param limits nofile="1000000 1000000"
+ procd_set_param stdout 1
+ procd_set_param stderr 1
+ procd_set_param respawn
+
+ procd_close_instance
+}
+
+service_triggers() {
+ procd_add_reload_trigger "$CONF"
+}
--- /dev/null
+#!/bin/sh
+
+"$1" 2>&1 | grep "$2"
include $(TOPDIR)/rules.mk
PKG_NAME:=hs20
-PKG_RELEASE:=9
+PKG_RELEASE:=10
PKG_SOURCE_URL:=http://w1.fi/hostap.git
PKG_SOURCE_PROTO:=git
start_service() {
local enabled
config_load hs20
- config_get enabled server enabled
+ config_get_bool enabled server enabled
[ "$enabled" != "1" ] && [ "$enabled" != "true" ] && exit 0
echo "starting"
include $(TOPDIR)/rules.mk
PKG_NAME:=https-dns-proxy
-PKG_VERSION:=2023.11.19
-PKG_RELEASE:=r1
+PKG_VERSION:=2023.12.26
+PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/aarond10/https_dns_proxy/
-PKG_SOURCE_DATE:=$(subst(.,-,$(PKG_VERSION)))
-PKG_SOURCE_RELEASE:=$(subst(r,,$(PKG_RELEASE)))
-PKG_SOURCE_VERSION:=489c57efd46983e688579974a2ab7aeaa7df8d83
-PKG_MIRROR_HASH:=804d857efe79437c7f859fb450aca0d6962b4e80b7354060eb399574083438e4
+PKG_SOURCE_VERSION:=8afbba71502ddd5aee91602318875a03e86dfc4e
+PKG_MIRROR_HASH:=4865cf4cdfe77f75656f35f191e349c01cab7c5f43ad2a0a49308796d48006e5
PKG_MAINTAINER:=Stan Grishin <stangri@melmac.ca>
PKG_LICENSE:=MIT
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk
-CMAKE_OPTIONS += -DCLANG_TIDY_EXE= -DGIT_VERSION=$(PKG_SOURCE_DATE)-$(PKG_SOURCE_RELEASE)
+TARGET_CFLAGS += $(FPIC)
+TARGET_LDFLAGS += -Wl,--gc-sections
+CMAKE_OPTIONS += -DCLANG_TIDY_EXE= -DSW_VERSION=$(PKG_VERSION)-$(PKG_RELEASE)
+
+CONFIGURE_ARGS += \
+ $(if $(CONFIG_LIBCURL_OPENSSL),--with-openssl="$(STAGING_DIR)/usr",--without-openssl) \
+ $(if $(CONFIG_LIBCURL_NGHTTP2),--with-nghttp2="$(STAGING_DIR)/usr",--without-nghttp2) \
+ $(if $(CONFIG_LIBCURL_NGHTTP3),--with-nghttp3="$(STAGING_DIR)/usr",--without-nghttp3) \
+ $(if $(CONFIG_LIBCURL_NGTCP2),--with-ngtcp2="$(STAGING_DIR)/usr",--without-ngtcp2) \
define Package/https-dns-proxy
SECTION:=net
CATEGORY:=Network
TITLE:=DNS Over HTTPS Proxy
- URL:=https://docs.openwrt.melmac.net/https-dns-proxy/
+ URL:=https://github.com/stangri/https-dns-proxy/
DEPENDS:=+libcares +libcurl +libev +ca-bundle +jsonfilter +resolveip
DEPENDS+=+!BUSYBOX_DEFAULT_GREP:grep
DEPENDS+=+!BUSYBOX_DEFAULT_SED:sed
define Package/https-dns-proxy/description
Light-weight DNS-over-HTTPS, non-caching translation proxy for the RFC 8484 DoH standard.
-It receives regular (UDP) DNS requests and resolves them via DoH resolver.
+It receives regular, unencrypted (UDP) DNS requests and resolves them via DoH resolver.
Please see https://docs.openwrt.melmac.net/https-dns-proxy/ for more information.
endef
--- /dev/null
+# README
+
+Documentation for this project is available at [https://docs.openwrt.melmac.net/https-dns-proxy/](https://docs.openwrt.melmac.net/https-dns-proxy/).
+
# shellcheck disable=SC2034
USE_PROCD=1
+[ -n "${IPKG_INSTROOT}" ] && return 0
+
if type extra_command 1>/dev/null 2>&1; then
extra_command 'version' 'Show version information'
else
dnsmasq_create_server_backup() {
local cfg="$1" i
[ -n "$(uci_get 'dhcp' "$cfg")" ] || return 1
+# uci_remove 'dhcp' "$cfg" 'doh_server' # this removes outdated doh_server entries, but causes unnecessary dnsmasq restarts
if [ -z "$(uci_get 'dhcp' "$cfg" 'doh_backup_noresolv')" ]; then
if [ -z "$(uci_get 'dhcp' "$cfg" 'noresolv')" ]; then
uci_set 'dhcp' "$cfg" 'doh_backup_noresolv' '-1'
+++ /dev/null
---- a/src/options.c
-+++ b/src/options.c
-@@ -24,7 +24,7 @@ const char * options_sw_version(void) {
- #ifdef SW_VERSION
- return SW_VERSION;
- #else
-- return "2023.10.10-atLeast"; // update date sometimes, like 1-2 times a year
-+ return "2023.11.19-r1"; // update date sometimes, like 1-2 times a year
- #endif
- }
-
include $(TOPDIR)/rules.mk
PKG_NAME:=i2pd
-PKG_VERSION:=2.50.2
+PKG_VERSION:=2.53.1
PKG_RELEASE:=1
PKG_BUILD_PARALLEL:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/PurpleI2P/i2pd/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=ae2ec4732c38fda71b4b48ce83624dd8b2e05083f2c94a03d20cafb616f63ca5
+PKG_HASH:=c6863d853905e7594ea661595ea591055f8f2f018b9b90507d5a43a6456188ea
PKG_MAINTAINER:=David Yang <mmyangfl@gmail.com>
PKG_LICENSE:=BSD-3-Clause
PKG_NAME:=ifstat
PKG_VERSION:=1.1
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://gael.roualland.free.fr/ifstat/
--- /dev/null
+--- a/configure
++++ b/configure
+@@ -783,7 +783,7 @@ cat > conftest.$ac_ext << EOF
+ #line 784 "configure"
+ #include "confdefs.h"
+
+-main(){return(0);}
++int main(){return(0);}
+ EOF
+ if { (eval echo configure:789: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ ac_cv_prog_cc_works=yes
include $(TOPDIR)/rules.mk
PKG_NAME:=iperf
-PKG_VERSION:=3.16
-PKG_RELEASE:=1
+PKG_VERSION:=3.17.1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://downloads.es.net/pub/iperf
-PKG_HASH:=cc740c6bbea104398cc3e466befc515a25896ec85e44a662d5f4a767b9cf713e
+PKG_HASH:=84404ca8431b595e86c473d8f23d8bb102810001f15feaf610effd3b318788aa
PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
PKG_LICENSE:=BSD-3-Clause
--- /dev/null
+From 4c7629f590bb18855e478a826833adb05d2a128b Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Sat, 8 Jun 2024 15:35:47 -0700
+Subject: [PATCH] fix -Wformat-y2k error
+
+%c potentially prints a 2 digit year. Just use a normal format.
+---
+ src/iperf_error.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/iperf_error.c
++++ b/src/iperf_error.c
+@@ -99,7 +99,7 @@ iperf_errexit(struct iperf_test *test, c
+ if (test != NULL && test->timestamps) {
+ time(&now);
+ ltm = localtime(&now);
+- strftime(iperf_timestrerr, sizeof(iperf_timestrerr), "%c ", ltm);
++ strftime(iperf_timestrerr, sizeof(iperf_timestrerr), "%Y-%m-%d %H:%M:%S", ltm);
+ ct = iperf_timestrerr;
+ }
+
--- /dev/null
+From fe09305eb6f907e4eb637b8edd0c8a986187d1dd Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Sat, 8 Jun 2024 15:23:51 -0700
+Subject: [PATCH] fix crash under big endian musl
+
+iperf_printf is using an int format here but an int64_t variable. The format only needs the first 3 digits. Cast to int to fix it.
+---
+ src/iperf_api.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/iperf_api.c
++++ b/src/iperf_api.c
+@@ -4056,7 +4056,7 @@ iperf_print_results(struct iperf_test *t
+ iperf_printf(test, report_sender_not_available_summary_format, "SUM");
+ }
+ else {
+- iperf_printf(test, report_sum_bw_retrans_format, mbuf, start_time, sender_time, ubuf, nbuf, total_retransmits, report_sender);
++ iperf_printf(test, report_sum_bw_retrans_format, mbuf, start_time, sender_time, ubuf, nbuf, (int)total_retransmits, report_sender);
+ }
+ } else {
+ /* Summary sum, TCP without retransmits. */
PKG_NAME:=isc-dhcp
UPSTREAM_NAME:=dhcp
PKG_VERSION:=4.4.3-P1
-PKG_RELEASE:=7
+PKG_RELEASE:=8
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE
append dhcp_ifs "$ifname"
- if ! ipcalc "$subnet" "$start" "$limit"; then
- echo "invalid range params: $subnet start: $start limit $limit" >&2
+ if [ -z "$start$limit" ]; then
+ if ! ipcalc "$subnet"; then
+ echo "invalid subnet param: $start" >&2
+ return 1
+ fi
+ elif ! ipcalc "$subnet" "$start" "$limit"; then
+ echo "invalid range params: $subnet start: $start limit: $limit" >&2
return 1
fi
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=jool
-PKG_VERSION:=4.1.11
+PKG_VERSION:=4.1.13
PKG_RELEASE:=1
PKG_LICENSE:=GPL-2.0-only
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/NICMx/Jool.git
-PKG_SOURCE_VERSION:=aed966aa4873af2d84fd445f49cf33f719539c9e
-PKG_MIRROR_HASH:=b3acf9886ea287cf3e8ce8476ebfc3820b354411e18fafd6abab7aa220d5273f
+PKG_SOURCE_VERSION:=39ca69f8717a83733548bea3b7bfad2a4799572a
+PKG_MIRROR_HASH:=f00592d639f34bc6c38e9d012d59a694b159a57ada1b86985cd4df38e4f85d5f
PKG_BUILD_DIR=$(KERNEL_BUILD_DIR)/$(PKG_SOURCE_SUBDIR)
PKG_BUILD_PARALLEL:=1
---- a/src/mod/common/skbuff.c
-+++ b/src/mod/common/skbuff.c
-@@ -109,9 +109,9 @@ static void print_skb_fields(struct sk_b
- print(tabs, "network_header:%u", skb->network_header);
- print(tabs, "mac_header:%u", skb->mac_header);
- print(tabs, "head:%p", skb->head);
-- print(tabs, "data:%ld", skb->data - skb->head);
-- print(tabs, "tail:%u", skb->tail);
-- print(tabs, "end:%u", skb->end);
-+ print(tabs, "data:%ld", (long int)(skb->data - skb->head));
-+ print(tabs, "tail:%u", (unsigned int)skb->tail);
-+ print(tabs, "end:%u", (unsigned int)skb->end);
- }
-
- static int truncated(unsigned int tabs)
--- a/src/mod/common/xlator.c
+++ b/src/mod/common/xlator.c
-@@ -890,7 +890,7 @@ void xlator_put(struct xlator *jool)
+@@ -891,7 +891,7 @@ void xlator_put(struct xlator *jool)
static bool offset_equals(struct instance_entry_usr *offset,
struct jool_instance *instance)
{
-- return (offset->ns == ((__u64)instance->jool.ns & 0xFFFFFFFF))
+- return (offset->ns == ((PTR_AS_UINT_TYPE)instance->jool.ns & 0xFFFFFFFF))
+ return (offset->ns == ((uintptr_t)instance->jool.ns & 0xFFFFFFFF))
&& (strcmp(offset->iname, instance->jool.iname) == 0);
}
--- a/src/mod/common/nl/instance.c
+++ b/src/mod/common/nl/instance.c
-@@ -37,7 +37,7 @@ static int serialize_instance(struct xla
+@@ -38,7 +38,7 @@ static int serialize_instance(struct xla
if (!root)
return 1;
-- error = nla_put_u32(skb, JNLAIE_NS, ((__u64)entry->ns) & 0xFFFFFFFF);
+- error = nla_put_u32(skb, JNLAIE_NS, ((PTR_AS_UINT_TYPE)entry->ns) & 0xFFFFFFFF);
+ error = nla_put_u32(skb, JNLAIE_NS, ((uintptr_t)entry->ns) & 0xFFFFFFFF);
if (error)
goto cancel;
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=kafs-client
+PKG_VERSION:=0.5-9957339e
+PKG_RELEASE:=2
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://gitlab.com/linux-afs/kafs-client.git
+PKG_SOURCE_VERSION:=99573359e25c1e31b84b23592ff72ae40c8756f5
+PKG_MIRROR_HASH:=69436e5e8760be7bf2fd50a316a6596ee910e3dfd888bdea8a2ee506a0a5c5f2
+
+PKG_LICENSE:=GPL-2.0
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/kafs-client
+ SECTION:=net
+ CATEGORY:=Network
+ SUBMENU:=Filesystem
+ DEPENDS:=+keyutils +krb5-libs +kmod-fs-afs +kmod-crypto-user
+ TITLE:=kafs client library
+ URL:=http://git.infradead.org/users/dhowells/kafs-client.git
+endef
+
+define Package/kafs-client/description
+kAFS utilities
+endef
+
+define Build/Compile
+ $(MAKE) -C $(PKG_BUILD_DIR)/src \
+ $(TARGET_CONFIGURE_OPTS) \
+ CFLAGS="$(TARGET_CFLAGS)"
+endef
+
+define Build/InstallDev
+ $(INSTALL_DIR) $(1)/usr/include/kafs
+ $(CP) $(PKG_BUILD_DIR)/src/include/kafs/*.h $(1)/usr/include/kafs/
+endef
+
+define Package/kafs-client/install
+ $(INSTALL_DIR) $(1)/afs
+
+ $(INSTALL_DIR) $(1)/etc
+ $(INSTALL_DIR) $(1)/etc/kafs
+ $(INSTALL_DIR) $(1)/etc/kafs/client.d
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/conf/client.conf $(1)/etc/kafs/
+
+ $(INSTALL_DIR) $(1)/etc/request-key.d
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/conf/kafs_dns.conf \
+ $(1)/etc/request-key.d/
+
+ $(INSTALL_DIR) $(1)/usr/share/kafs
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/conf/cellservdb.conf \
+ $(1)/usr/share/kafs/
+
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/lib*.so* $(1)/usr/lib/
+
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/aklog-kafs $(1)/usr/bin/
+
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/kafs-check-config $(1)/usr/sbin/
+
+ $(INSTALL_DIR) $(1)/usr/libexec
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/kafs-preload $(1)/usr/libexec/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/kafs-dns $(1)/usr/libexec/
+endef
+
+$(eval $(call BuildPackage,kafs-client))
--- /dev/null
+Hackishly cut out res_nquery for res_query. Surely there's a better way.
+
+--- a/src/lib_dns_lookup.c
++++ b/src/lib_dns_lookup.c
+@@ -312,13 +312,13 @@ static int dns_query_AFSDB(struct kafs_s
+ ns_msg handle; /* handle for response message */
+ union {
+ HEADER hdr;
+- u_char buf[NS_PACKETSZ];
++ unsigned char buf[NS_PACKETSZ];
+ } response; /* response buffers */
+
+ verbose("Get AFSDB RR for cell name:'%s'", cell_name);
+
+ /* query the dns for an AFSDB resource record */
+- response_len = res_nquery(&ctx->res,
++ response_len = res_query( // &ctx->res,
+ cell_name,
+ ns_c_in,
+ ns_t_afsdb,
+@@ -473,7 +473,7 @@ static int dns_query_SRV(struct kafs_ser
+ ns_msg handle; /* handle for response message */
+ union {
+ HEADER hdr;
+- u_char buf[NS_PACKETSZ];
++ unsigned char buf[NS_PACKETSZ];
+ } response;
+ enum dns_payload_protocol_type protocol;
+ char name[1024];
+@@ -483,7 +483,7 @@ static int dns_query_SRV(struct kafs_ser
+
+ verbose("Get SRV RR for name:'%s'", name);
+
+- response_len = res_nquery(&ctx->res,
++ response_len = res_query( // &ctx->res,
+ name,
+ ns_c_in,
+ ns_t_srv,
+--- a/src/lib_object.c
++++ b/src/lib_object.c
+@@ -23,11 +23,13 @@
+ int kafs_init_lookup_context(struct kafs_lookup_context *ctx)
+ {
+ memset(&ctx->res, 0, sizeof(ctx->res));
++#if 0
+ if (res_ninit(&ctx->res) < 0) {
+ ctx->report.bad_error = true;
+ ctx->report.error("%m");
+ return -1;
+ }
++#endif
+ return 0;
+ }
+
+@@ -36,7 +38,9 @@ int kafs_init_lookup_context(struct kafs
+ */
+ void kafs_clear_lookup_context(struct kafs_lookup_context *ctx)
+ {
++#if 0
+ res_nclose(&ctx->res);
++#endif
+ }
+
+ /*
include $(TOPDIR)/rules.mk
PKG_NAME:=kea
-PKG_VERSION:=2.4.0
+PKG_VERSION:=2.6.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://ftp.isc.org/isc/kea/$(PKG_VERSION)
-PKG_HASH:=3a33cd08dc3319ff544e6bbf2c0429042106f4051ebe115dc1bb2625c95003f7
+PKG_HASH:=207ceae33eb3b81ec4e6ac5605249a85b93779333b62aadf39e489f11dbcdc8d
PKG_MAINTAINER:=BangLang Huang <banglang.huang@foxmail.com>, Rosy Song <rosysong@rosinson.com>
PKG_LICENSE:=MPL-2.0
-SUBDIRS = . tests
+SUBDIRS = .
- AM_CPPFLAGS = -I$(top_srcdir)/src/lib -I$(top_builddir)/src/lib
+ AM_CPPFLAGS = -I$(top_srcdir)/src/lib -I$(top_builddir)/src/lib
AM_CPPFLAGS += $(BOOST_INCLUDES)
--- a/src/lib/asiolink/Makefile.am
+++ b/src/lib/asiolink/Makefile.am
--- a/src/lib/dhcp/Makefile.am
+++ b/src/lib/dhcp/Makefile.am
@@ -1,4 +1,4 @@
--SUBDIRS = . tests
+-SUBDIRS = . testutils tests
+SUBDIRS = .
AM_CPPFLAGS = -I$(top_builddir)/src/lib -I$(top_srcdir)/src/lib
-SUBDIRS = . testutils tests
+SUBDIRS = .
- AM_CPPFLAGS = -I$(top_srcdir)/src/lib -I$(top_builddir)/src/lib
- AM_CPPFLAGS += $(BOOST_INCLUDES) $(MYSQL_CPPFLAGS)
+ AM_CPPFLAGS =
+ AM_CPPFLAGS += -DKEA_ADMIN=\"@prefix@/sbin/kea-admin\"
--- a/src/lib/pgsql/Makefile.am
+++ b/src/lib/pgsql/Makefile.am
@@ -1,4 +1,4 @@
-SUBDIRS = . testutils tests
+SUBDIRS = .
- AM_CPPFLAGS = -I$(top_srcdir)/src/lib -I$(top_builddir)/src/lib
- AM_CPPFLAGS += $(BOOST_INCLUDES) $(PGSQL_CPPFLAGS)
+ AM_CPPFLAGS =
+ AM_CPPFLAGS += -DKEA_ADMIN=\"@prefix@/sbin/kea-admin\"
--- a/src/lib/process/Makefile.am
+++ b/src/lib/process/Makefile.am
@@ -1,4 +1,4 @@
+++ /dev/null
---- a/src/bin/keactrl/keactrl.in
-+++ b/src/bin/keactrl/keactrl.in
-@@ -115,7 +115,7 @@ get_pid_from_file() {
- # Extract the name portion (from last slash to last dot) of the config file name
- # File name and extension are documented in src/lib/util/filename.h
- local conf_name
-- conf_name=$(basename -- "${kea_config_file}" | rev | cut -f2- -d'.' | rev)
-+ conf_name=$(basename -- "${kea_config_file}" | awk '{for(i=length($0); i>0;i--) printf (substr($0,i,1));}' | cut -f2- -d'.' | awk '{for(i=length($0); i>0;i--) printf (substr($0,i,1));}')
-
- # Default the directory to --localstatedir / run
- local pid_file_dir
--- /dev/null
+commit 79f969979f2ac7ed73dbc2682a53c95ff84adb1a
+Author: Philip Prindeville <philipp@redfish-solutions.com>
+Date: Sat Aug 3 10:19:05 2024 -0600
+
+ [3533] do filename munging with variable expansions
+
+--- a/src/bin/keactrl/keactrl.in
++++ b/src/bin/keactrl/keactrl.in
+@@ -112,7 +112,8 @@ get_pid_from_file() {
+
+ # Extract the name portion (from last slash to last dot) of the config file name.
+ local conf_name
+- conf_name=$(basename -- "${kea_config_file}" | rev | cut -f2- -d'.' | rev)
++ conf_name=${kea_config_file##*/}
++ conf_name=${conf_name%.*}
+
+ # Default the directory to --localstatedir / run
+ local pid_file_dir
# list group "VI_1"
# list group "VI_2"
# option smtp_alert "1"
-# option notify_backup "<switch-backup-state-script>"
-# option notify_master "<switch-master-state-script>"
-# option notify_fault "<switch-fault-state-script>"
-# option notify "<switch-any-state-script>"
# option global_tracking 1
#config track_interface
# option nopreempt "1"
# option preempt_delay "500"
# option debug "2"
-# option notify_backup "<switch-backup-state-script>"
-# option notify_master "<switch-master-state-script>"
-# option notify_fault "<switch-fault-state-script>"
-# option notify_stop "<switch-stop-state-script>"
-# option notify "<switch-any-state-script>"
# option smtp_alert "1"
# option accept "1"
include $(TOPDIR)/rules.mk
PKG_NAME:=knot
-PKG_VERSION:=3.3.5
+PKG_VERSION:=3.4.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://secure.nic.cz/files/knot-dns/
-PKG_HASH:=0e0bf04319581280660e8e62ab04be64a7d632331e40fc9c87e76861305db3ad
+PKG_HASH:=2730b11398944faa5151c51b0655cf26631090343c303597814f2a57df424736
PKG_MAINTAINER:=Daniel Salzman <daniel.salzman@nic.cz>
PKG_LICENSE:=GPL-3.0 LGPL-2.0 0BSD BSD-3-Clause OLDAP-2.8
define Package/knot
$(call Package/knot/Default)
TITLE+= server with control utility
- DEPENDS+=+libedit +liburcu +knot-libs +knot-libzscanner
- EXTRA_DEPENDS:=knot-libs (=$(PKG_VERSION)-$(PKG_RELEASE)), \
- knot-libzscanner (=$(PKG_VERSION)-$(PKG_RELEASE))
+ DEPENDS+=+libedit +liburcu +libdbus +knot-libs +knot-libzscanner
+ EXTRA_DEPENDS:=knot-libs (=$(PKG_VERSION)-r$(PKG_RELEASE)), \
+ knot-libzscanner (=$(PKG_VERSION)-r$(PKG_RELEASE))
USERID:=knot=5353:knot=5353
endef
$(call Package/knot/Default)
TITLE+= advanced DNS lookup utility
DEPENDS+=+libedit +knot-libs
- EXTRA_DEPENDS:=knot-libs (=$(PKG_VERSION)-$(PKG_RELEASE))
+ EXTRA_DEPENDS:=knot-libs (=$(PKG_VERSION)-r$(PKG_RELEASE))
endef
define Package/knot-host
$(call Package/knot/Default)
TITLE+= simple DNS lookup utility
DEPENDS+=+libedit +knot-libs
- EXTRA_DEPENDS:=knot-libs (=$(PKG_VERSION)-$(PKG_RELEASE))
+ EXTRA_DEPENDS:=knot-libs (=$(PKG_VERSION)-r$(PKG_RELEASE))
endef
define Package/knot-nsupdate
$(call Package/knot/Default)
TITLE+= dynamic DNS update utility
DEPENDS+=+libedit +knot-libs +knot-libzscanner
- EXTRA_DEPENDS:=knot-libs (=$(PKG_VERSION)-$(PKG_RELEASE)), \
- knot-libzscanner (=$(PKG_VERSION)-$(PKG_RELEASE))
+ EXTRA_DEPENDS:=knot-libs (=$(PKG_VERSION)-r$(PKG_RELEASE)), \
+ knot-libzscanner (=$(PKG_VERSION)-r$(PKG_RELEASE))
endef
define Package/knot-zonecheck
$(call Package/knot/Default)
TITLE+= zonefile check utility
- DEPENDS+=+libedit +liburcu +knot-libs +knot-libzscanner
- EXTRA_DEPENDS:=knot-libs (=$(PKG_VERSION)-$(PKG_RELEASE)), \
- knot-libzscanner (=$(PKG_VERSION)-$(PKG_RELEASE))
+ DEPENDS+=+libedit +liburcu +libdbus +knot-libs +knot-libzscanner
+ EXTRA_DEPENDS:=knot-libs (=$(PKG_VERSION)-r$(PKG_RELEASE)), \
+ knot-libzscanner (=$(PKG_VERSION)-r$(PKG_RELEASE))
endef
define Package/knot-keymgr
$(call Package/knot/Default)
TITLE+= DNSSEC key management utility
- DEPENDS+=+libedit +liburcu +knot-libs +knot-libzscanner
- EXTRA_DEPENDS:=knot-libs (=$(PKG_VERSION)-$(PKG_RELEASE)), \
- knot-libzscanner (=$(PKG_VERSION)-$(PKG_RELEASE))
+ DEPENDS+=+libedit +liburcu +libdbus +knot-libs +knot-libzscanner
+ EXTRA_DEPENDS:=knot-libs (=$(PKG_VERSION)-r$(PKG_RELEASE)), \
+ knot-libzscanner (=$(PKG_VERSION)-r$(PKG_RELEASE))
endef
define Package/knot-tests
$(call Package/knot/Default)
TITLE+= tests
- DEPENDS+=+libedit +liburcu +knot-libs +knot-libzscanner
- EXTRA_DEPENDS:=knot-libs (=$(PKG_VERSION)-$(PKG_RELEASE)), \
- knot-libzscanner (=$(PKG_VERSION)-$(PKG_RELEASE))
+ DEPENDS+=+libedit +liburcu +libdbus +knot-libs +knot-libzscanner
+ EXTRA_DEPENDS:=knot-libs (=$(PKG_VERSION)-r$(PKG_RELEASE)), \
+ knot-libzscanner (=$(PKG_VERSION)-r$(PKG_RELEASE))
endef
define Package/knot-libs/description
--enable-cap-ng=no \
--enable-xdp=no \
--enable-maxminddb=no \
+ --enable-dbus=libdbus \
--enable-quic \
--disable-fastparser \
--without-libidn \
-ZSCANNER_TOOL="$BUILD"/zscanner-tool
+ZSCANNER_TOOL="$SOURCE"/zscanner-tool
- plan 86
+ plan 87
include $(TOPDIR)/rules.mk
PKG_NAME:=knxd
-PKG_VERSION:=0.14.61
+PKG_VERSION:=0.14.63
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/knxd/knxd/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=b5284c89a55a2c53e0ff769ec4f736fc1ad4b55afdd2a18b9258fa95f708d798
+PKG_HASH:=02117be61f720f8b41f5cdbd9a18b29bb117808ddeef775c7c011f9d8898c4b3
PKG_MAINTAINER:=Othmar Truniger <github@truniger.ch>
PKG_LICENSE:=GPL-2.0-or-later
-test -d .git || exit
-# git describe --tags
-git log --format=format:%D | perl -ne 'next unless s#.*tag: ##; s#,.*##; next if m#/#; print; exit;'
-+echo -n "0.14.61"
++echo -n "0.14.63"
include $(TOPDIR)/rules.mk
PKG_NAME:=krb5
-PKG_VERSION:=1.21.2
+PKG_VERSION:=1.21.3
PKG_RELEASE:=1
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://web.mit.edu/kerberos/dist/krb5/1.21
-PKG_HASH:=9560941a9d843c0243a71b17a7ac6fe31c7cebb5bce3983db79e52ae7e850491
+PKG_HASH:=b7a4cd5ead67fb08b980b21abd150ff7217e85ea320c9ed0c6dadd304840ad35
PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
PKG_NAME:=libcurl-gnutls
PKG_SOURCE_NAME:=curl
-PKG_VERSION:=8.7.1
+PKG_VERSION:=8.9.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_SOURCE_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/curl/curl/releases/download/curl-$(subst .,_,$(PKG_VERSION))/ \
- https://dl.uxnr.de/mirror/curl/ \
- https://curl.askapache.com/download/ \
https://curl.se/download/
-PKG_HASH:=6fea2aac6a4610fbd0400afb0bcddbe7258a64c63f1f68e5855ebc0c659710cd
+PKG_HASH:=f292f6cc051d5bbabf725ef85d432dfeacc8711dd717ea97612ae590643801e5
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
PKG_LICENSE:=MIT
PKG_NAME:=linuxptp
PKG_VERSION:=4.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tgz
PKG_SOURCE_URL:=@SF/$(PKG_NAME)/v$(PKG_VERSION)
--- /dev/null
+--- a/interface.c
++++ b/interface.c
+@@ -5,6 +5,7 @@
+ * @note SPDX-License-Identifier: GPL-2.0+
+ */
+ #include <stdlib.h>
++#include <string.h>
+ #include "interface.h"
+
+ struct interface {
include $(TOPDIR)/rules.mk
PKG_NAME:=lynx
-PKG_VERSION:=2.9.0
-PKG_RELEASE:=2
+PKG_VERSION:=2.9.2
+PKG_RELEASE:=1
PKG_LICENSE:=GPL-2.0
PKG_MAINTAINER:=Leonid Esman <leonid.esman@gmail.com>
PKG_SOURCE:=$(PKG_NAME)$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://invisible-mirror.net/archives/lynx/tarballs/ \
https://fossies.org/linux/www/
-PKG_HASH:=5bcae5e2e6043ca7b220963a97763c49c13218d849ffda6be7739bfd5a2d36ff
+PKG_HASH:=7374b89936d991669e101f4e97f2c9592036e1e8cdaa7bafc259a77ab6fb07ce
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)$(PKG_VERSION)
include $(INCLUDE_DIR)/package.mk
include $(TOPDIR)/rules.mk
PKG_NAME:=mdns-repeater
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_URL:=https://github.com/kennylevinsen/mdns-repeater.git
PKG_SOURCE_PROTO=git
local interfaces
config_get interfaces main interface
procd_open_instance
+ procd_set_param respawn
procd_set_param command $PROG -f $interfaces
# -f generates a lot of debug output
# no forwarding of stderr to logs
include $(TOPDIR)/rules.mk
PKG_NAME:=mDNSResponder
-PKG_VERSION:=IETF104
-PKG_RELEASE:=5
+PKG_VERSION:=2200.100.94.0.2
+PKG_RELEASE:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_VERSION:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE_URL:=https://github.com/apple-oss-distributions/mDNSResponder
+PKG_MIRROR_HASH:=6d019ca318d189233b10e7d4a51ec6952547a87c3b81646c094021490d5990a7
-PKG_SOURCE:=mDNSResponder-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://opensource.apple.com/tarballs/mDNSResponder/IETF/
-PKG_HASH:=b3a76fd35cf2d561546c2fbeaea1e5998b7e04b8330afb918ea5fbdeb202162c
PKG_MAINTAINER:=
PKG_LICENSE:=Apache-2.0
PKG_CPE_ID:=cpe:/a:apple:mdnsresponder
-PKG_BUILD_DIR:=$(BUILD_DIR)/mDNSResponder-$(PKG_VERSION)
-
PKG_BUILD_PARALLEL:=0
PKG_INSTALL:=1
This package contains mDNS client utilities:
- dns-sd
- mDNSClient
- - mDNSIdentify
- mDNSNetMonitor
- mDNSProxyResponder
- mDNSResponder
MANPATH="$(PKG_INSTALL_DIR)/usr/man" \
STARTUPSCRIPTDIR="$(PKG_INSTALL_DIR)/etc/init.d" \
RUNLEVELSCRIPTSDIR="$(PKG_INSTALL_DIR)/etc/rc.d" \
+ tls=no \
os=linux-uclibc
MAKE_PATH = mDNSPosix
$(INSTALL_DIR) $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/dns-sd $(1)/usr/bin/
$(CP) $(PKG_BUILD_DIR)/mDNSPosix/build/prod/mDNSClientPosix $(1)/usr/bin/mDNSClient
- $(CP) $(PKG_BUILD_DIR)/mDNSPosix/build/prod/mDNSIdentify $(1)/usr/bin/mDNSIdentify
$(CP) $(PKG_BUILD_DIR)/mDNSPosix/build/prod/mDNSNetMonitor $(1)/usr/bin/mDNSNetMonitor
$(CP) $(PKG_BUILD_DIR)/mDNSPosix/build/prod/mDNSProxyResponderPosix $(1)/usr/bin/mDNSProxyResponder
$(CP) $(PKG_BUILD_DIR)/mDNSPosix/build/prod/mDNSResponderPosix $(1)/usr/bin/mDNSResponder
procd_open_instance
procd_set_param command /usr/sbin/mdnsd -debug
procd_set_param respawn
+ procd_set_param stderr 1
procd_close_instance
}
--- /dev/null
+From c1f3e19d3cb0aa948248616eb1684a1e80aa39b4 Mon Sep 17 00:00:00 2001
+From: Nate Karstens <nate.karstens@garmin.com>
+Date: Wed, 28 Jun 2017 17:30:00 -0500
+Subject: [PATCH 1/8] Create subroutine for cleaning recent interfaces
+
+Moves functionality for cleaning the list of recent
+interfaces into its own subroutine.
+
+Upstream-Status: Submitted [dts@apple.com]
+
+Signed-off-by: Nate Karstens <nate.karstens@garmin.com>
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+---
+ mDNSPosix/mDNSPosix.c | 24 ++++++++++++++----------
+ 1 file changed, 14 insertions(+), 10 deletions(-)
+
+--- a/mDNSPosix/mDNSPosix.c
++++ b/mDNSPosix/mDNSPosix.c
+@@ -1322,6 +1322,19 @@ mDNSlocal int SetupSocket(struct sockadd
+ return err;
+ }
+
++// Clean up any interfaces that have been hanging around on the RecentInterfaces list for more than a minute
++mDNSlocal void CleanRecentInterfaces(void)
++{
++ PosixNetworkInterface **ri = &gRecentInterfaces;
++ const mDNSs32 utc = mDNSPlatformUTC();
++ while (*ri)
++ {
++ PosixNetworkInterface *pi = *ri;
++ if (utc - pi->LastSeen < 60) ri = (PosixNetworkInterface **)&pi->coreIntf.next;
++ else { *ri = (PosixNetworkInterface *)pi->coreIntf.next; mdns_free(pi); }
++ }
++}
++
+ // Creates a PosixNetworkInterface for the interface whose IP address is
+ // intfAddr and whose name is intfName and registers it with mDNS core.
+ mDNSlocal int SetupOneInterface(mDNS *const m, struct sockaddr *intfAddr, struct sockaddr *intfMask,
+@@ -1559,16 +1572,7 @@ mDNSlocal int SetupInterfaceList(mDNS *c
+
+ // Clean up.
+ if (intfList != NULL) freeifaddrs(intfList);
+-
+- // Clean up any interfaces that have been hanging around on the RecentInterfaces list for more than a minute
+- PosixNetworkInterface **ri = &gRecentInterfaces;
+- const mDNSs32 utc = mDNSPlatformUTC();
+- while (*ri)
+- {
+- PosixNetworkInterface *pi = *ri;
+- if (utc - pi->LastSeen < 60) ri = (PosixNetworkInterface **)&pi->coreIntf.next;
+- else { *ri = (PosixNetworkInterface *)pi->coreIntf.next; mdns_free(pi); }
+- }
++ CleanRecentInterfaces();
+
+ return err;
+ }
--- /dev/null
+From 14cc53bb09a3d8adf301f3842c765598467e63e1 Mon Sep 17 00:00:00 2001
+From: Alex Kiernan <alex.kiernan@gmail.com>
+Date: Thu, 1 Feb 2024 14:07:03 +0000
+Subject: [PATCH] Fix SIGSEGV during DumpStateLog()
+
+DumpStateLog() calls LogMsgWithLevelv() with category == NULL, avoid
+crashing in this case.
+
+Upstream-Status: Inactive-Upstream [Upstream does not take patches]
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+---
+ mDNSShared/mDNSDebug.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/mDNSShared/mDNSDebug.c
++++ b/mDNSShared/mDNSDebug.c
+@@ -71,7 +71,7 @@ mDNSlocal void LogMsgWithLevelv(os_log_t
+ mDNSlocal void LogMsgWithLevelv(const char *category, mDNSLogLevel_t level, const char *format, va_list args)
+ {
+ // Do not print the logs if the log category is MDNS_LOG_CATEGORY_DISABLED.
+- if (strcmp(category, MDNS_LOG_CATEGORY_DISABLED) == 0)
++ if (category && strcmp(category, MDNS_LOG_CATEGORY_DISABLED) == 0)
+ {
+ return;
+ }
--- /dev/null
+From 40ef0241afbb49f84e76afd65eb3ee17466bb582 Mon Sep 17 00:00:00 2001
+From: Nate Karstens <nate.karstens@garmin.com>
+Date: Wed, 28 Jun 2017 17:30:00 -0500
+Subject: [PATCH 2/8] Create subroutine for tearing down an interface
+
+Creates a subroutine for tearing down an interface.
+
+Upstream-Status: Submitted [dts@apple.com]
+
+Signed-off-by: Nate Karstens <nate.karstens@garmin.com>
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+---
+ mDNSPosix/mDNSPosix.c | 22 ++++++++++++++++------
+ 1 file changed, 16 insertions(+), 6 deletions(-)
+
+--- a/mDNSPosix/mDNSPosix.c
++++ b/mDNSPosix/mDNSPosix.c
+@@ -1043,6 +1043,19 @@ mDNSlocal void FreePosixNetworkInterface
+ gRecentInterfaces = intf;
+ }
+
++mDNSlocal void TearDownInterface(mDNS *const m, PosixNetworkInterface *intf)
++{
++ mDNS_DeregisterInterface(m, &intf->coreIntf, NormalActivation);
++ if (gMDNSPlatformPosixVerboseLevel > 0) fprintf(stderr, "Deregistered interface %s\n", intf->intfName);
++ FreePosixNetworkInterface(intf);
++
++ num_registered_interfaces--;
++ if (num_registered_interfaces == 0) {
++ num_pkts_accepted = 0;
++ num_pkts_rejected = 0;
++ }
++}
++
+ // Grab the first interface, deregister it, free it, and repeat until done.
+ mDNSlocal void ClearInterfaceList(mDNS *const m)
+ {
+@@ -1051,13 +1064,10 @@ mDNSlocal void ClearInterfaceList(mDNS *
+ while (m->HostInterfaces)
+ {
+ PosixNetworkInterface *intf = (PosixNetworkInterface*)(m->HostInterfaces);
+- mDNS_DeregisterInterface(m, &intf->coreIntf, NormalActivation);
+- if (gMDNSPlatformPosixVerboseLevel > 0) fprintf(stderr, "Deregistered interface %s\n", intf->intfName);
+- FreePosixNetworkInterface(intf);
++ TearDownInterface(m, intf);
+ }
+- num_registered_interfaces = 0;
+- num_pkts_accepted = 0;
+- num_pkts_rejected = 0;
++
++ assert(num_registered_interfaces == 0);
+ }
+
+ mDNSlocal int SetupIPv6Socket(int fd)
--- /dev/null
+From a198bcd457abd04f2e22812ff3a37246aa564614 Mon Sep 17 00:00:00 2001
+From: Alex Kiernan <alex.kiernan@gmail.com>
+Date: Mon, 5 Dec 2022 15:14:12 +0000
+Subject: [PATCH 2/6] make: Set libdns_sd.so soname correctly
+
+Upstream-Status: Pending
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+---
+ mDNSPosix/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/mDNSPosix/Makefile
++++ b/mDNSPosix/Makefile
+@@ -276,7 +276,7 @@ libdns_sd: setup $(BUILDDIR)/libdns_sd.$
+ CLIENTLIBOBJS = $(OBJDIR)/dnssd_clientlib.c.so.o $(OBJDIR)/dnssd_clientstub.c.so.o $(OBJDIR)/dnssd_ipc.c.so.o $(OBJDIR)/dnssd_errstring.c.so.o
+
+ $(BUILDDIR)/libdns_sd.$(LDSUFFIX): $(CLIENTLIBOBJS)
+- $(LD) $(SOOPTS) $(LINKOPTS) -o $@ $+
++ $(LD) $(SOOPTS) $(LINKOPTS) -Wl,-soname,libdns_sd.$(LDSUFFIX).1 -o $@ $+
+ $(STRIP) $@
+
+ Clients: setup libdns_sd ../Clients/build/dns-sd
--- /dev/null
+From deb3a2c51f32e0d2741be11a492e727129f770e2 Mon Sep 17 00:00:00 2001
+From: Nate Karstens <nate.karstens@garmin.com>
+Date: Wed, 28 Jun 2017 17:30:00 -0500
+Subject: [PATCH 3/8] Track interface socket family
+
+Tracks the socket family associated with the interface.
+
+Upstream-Status: Submitted [dts@apple.com]
+
+Signed-off-by: Nate Karstens <nate.karstens@garmin.com>
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+---
+ mDNSPosix/mDNSPosix.c | 1 +
+ mDNSPosix/mDNSPosix.h | 2 ++
+ 2 files changed, 3 insertions(+)
+
+--- a/mDNSPosix/mDNSPosix.c
++++ b/mDNSPosix/mDNSPosix.c
+@@ -1415,6 +1415,7 @@ mDNSlocal int SetupOneInterface(mDNS *co
+ // Set up the extra fields in PosixNetworkInterface.
+ assert(intf->intfName != NULL); // intf->intfName already set up above
+ intf->index = intfIndex;
++ intf->sa_family = intfAddr->sa_family;
+ intf->multicastSocket4 = -1;
+ #if HAVE_IPV6
+ intf->multicastSocket6 = -1;
+--- a/mDNSPosix/mDNSPosix.h
++++ b/mDNSPosix/mDNSPosix.h
+@@ -19,6 +19,7 @@
+ #define __mDNSPlatformPosix_h
+
+ #include <signal.h>
++#include <sys/socket.h>
+ #include <sys/time.h>
+
+ #ifdef __cplusplus
+@@ -40,6 +41,7 @@ struct PosixNetworkInterface
+ char * intfName;
+ PosixNetworkInterface * aliasIntf;
+ int index;
++ sa_family_t sa_family;
+ int multicastSocket4;
+ #if HAVE_IPV6
+ int multicastSocket6;
--- /dev/null
+From beab76b5708862f44d9acbe7a92db45e2f99259f Mon Sep 17 00:00:00 2001
+From: Nate Karstens <nate.karstens@garmin.com>
+Date: Tue, 1 Aug 2017 17:06:01 -0500
+Subject: [PATCH 4/8] Indicate loopback interface to mDNS core
+
+Tells the mDNS core if an interface is a loopback interface,
+similar to AddInterfaceToList() in the MacOS implementation.
+
+Upstream-Status: Submitted [dts@apple.com]
+
+Signed-off-by: Nate Karstens <nate.karstens@garmin.com>
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+---
+ mDNSPosix/mDNSPosix.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+--- a/mDNSPosix/mDNSPosix.c
++++ b/mDNSPosix/mDNSPosix.c
+@@ -1348,7 +1348,7 @@ mDNSlocal void CleanRecentInterfaces(voi
+ // Creates a PosixNetworkInterface for the interface whose IP address is
+ // intfAddr and whose name is intfName and registers it with mDNS core.
+ mDNSlocal int SetupOneInterface(mDNS *const m, struct sockaddr *intfAddr, struct sockaddr *intfMask,
+- const mDNSu8 *intfHaddr, mDNSu16 intfHlen, const char *intfName, int intfIndex)
++ const mDNSu8 *intfHaddr, mDNSu16 intfHlen, const char *intfName, int intfIndex, int intfFlags)
+ {
+ int err = 0;
+ PosixNetworkInterface *intf;
+@@ -1411,6 +1411,7 @@ mDNSlocal int SetupOneInterface(mDNS *co
+
+ intf->coreIntf.Advertise = m->AdvertiseLocalAddresses;
+ intf->coreIntf.McastTxRx = mDNStrue;
++ intf->coreIntf.Loopback = ((intfFlags & IFF_LOOPBACK) != 0) ? mDNStrue : mDNSfalse;
+
+ // Set up the extra fields in PosixNetworkInterface.
+ assert(intf->intfName != NULL); // intf->intfName already set up above
+@@ -1561,7 +1562,7 @@ mDNSlocal int SetupInterfaceList(mDNS *c
+ }
+ #endif
+ if (SetupOneInterface(m, i->ifa_addr, i->ifa_netmask,
+- hwaddr, hwaddr_len, i->ifa_name, ifIndex) == 0)
++ hwaddr, hwaddr_len, i->ifa_name, ifIndex, i->ifa_flags) == 0)
+ {
+ if (i->ifa_addr->sa_family == AF_INET)
+ foundav4 = mDNStrue;
+@@ -1578,7 +1579,7 @@ mDNSlocal int SetupInterfaceList(mDNS *c
+ // if ((m->HostInterfaces == NULL) && (firstLoopback != NULL))
+ if (!foundav4 && firstLoopback)
+ (void) SetupOneInterface(m, firstLoopback->ifa_addr, firstLoopback->ifa_netmask,
+- NULL, 0, firstLoopback->ifa_name, firstLoopbackIndex);
++ NULL, 0, firstLoopback->ifa_name, firstLoopbackIndex, firstLoopback->ifa_flags);
+ }
+
+ // Clean up.
--- /dev/null
+From e79f81f5cd626ad77ec64de4325f6645cf253c5e Mon Sep 17 00:00:00 2001
+From: Nate Karstens <nate.karstens@garmin.com>
+Date: Thu, 13 Jul 2017 09:00:00 -0500
+Subject: [PATCH 5/8] Use list for changed interfaces
+
+Uses a linked list to store the index of changed network interfaces
+instead of a bitfield. This allows for network interfaces with an
+index greater than 31 (an index of 36 was seen on Android).
+
+Upstream-Status: Submitted [dts@apple.com]
+
+Signed-off-by: Nate Karstens <nate.karstens@garmin.com>
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+---
+ mDNSPosix/mDNSPosix.c | 58 ++++++++++++++++++++++++++++++++-----------
+ 1 file changed, 43 insertions(+), 15 deletions(-)
+
+--- a/mDNSPosix/mDNSPosix.c
++++ b/mDNSPosix/mDNSPosix.c
+@@ -74,6 +74,14 @@ struct IfChangeRec
+ };
+ typedef struct IfChangeRec IfChangeRec;
+
++// Used to build a list of network interface indices
++struct NetworkInterfaceIndex
++{
++ int if_index;
++ struct NetworkInterfaceIndex *Next;
++};
++typedef struct NetworkInterfaceIndex NetworkInterfaceIndex;
++
+ // Note that static data is initialized to zero in (modern) C.
+ static PosixEventSource *gEventSources; // linked list of PosixEventSource's
+ static sigset_t gEventSignalSet; // Signals which event loop listens for
+@@ -1621,6 +1629,23 @@ mDNSlocal mStatus OpenIfNotifySocket(int
+ return err;
+ }
+
++mDNSlocal void AddInterfaceIndexToList(GenLinkedList *list, int if_index)
++{
++ NetworkInterfaceIndex *item;
++
++ for (item = (NetworkInterfaceIndex*)list->Head; item != NULL; item = item->Next)
++ {
++ if (if_index == item->if_index) return;
++ }
++
++ item = mdns_malloc(sizeof *item);
++ if (item == NULL) return;
++
++ item->if_index = if_index;
++ item->Next = NULL;
++ AddToTail(list, item);
++}
++
+ #if MDNS_DEBUGMSGS
+ mDNSlocal void PrintNetLinkMsg(const struct nlmsghdr *pNLMsg)
+ {
+@@ -1648,14 +1673,13 @@ mDNSlocal void PrintNetLinkMsg(cons
+ }
+ #endif
+
+-mDNSlocal mDNSu32 ProcessRoutingNotification(int sd)
++mDNSlocal void ProcessRoutingNotification(int sd, GenLinkedList *changedInterfaces)
+ // Read through the messages on sd and if any indicate that any interface records should
+ // be torn down and rebuilt, return affected indices as a bitmask. Otherwise return 0.
+ {
+ ssize_t readCount;
+ char buff[4096];
+ struct nlmsghdr *pNLMsg = (struct nlmsghdr*) buff;
+- mDNSu32 result = 0;
+
+ // The structure here is more complex than it really ought to be because,
+ // unfortunately, there's no good way to size a buffer in advance large
+@@ -1691,9 +1715,9 @@ mDNSlocal mDNSu32 ProcessRoutingNo
+
+ // Process the NetLink message
+ if (pNLMsg->nlmsg_type == RTM_GETLINK || pNLMsg->nlmsg_type == RTM_NEWLINK)
+- result |= 1 << ((struct ifinfomsg*) NLMSG_DATA(pNLMsg))->ifi_index;
++ AddInterfaceIndexToList(changedInterfaces, ((struct ifinfomsg*) NLMSG_DATA(pNLMsg))->ifi_index);
+ else if (pNLMsg->nlmsg_type == RTM_DELADDR || pNLMsg->nlmsg_type == RTM_NEWADDR)
+- result |= 1 << ((struct ifaddrmsg*) NLMSG_DATA(pNLMsg))->ifa_index;
++ AddInterfaceIndexToList(changedInterfaces, ((struct ifaddrmsg*) NLMSG_DATA(pNLMsg))->ifa_index);
+
+ // Advance pNLMsg to the next message in the buffer
+ if ((pNLMsg->nlmsg_flags & NLM_F_MULTI) != 0 && pNLMsg->nlmsg_type != NLMSG_DONE)
+@@ -1704,8 +1728,6 @@ mDNSlocal mDNSu32 ProcessRoutingNo
+ else
+ break; // all done!
+ }
+-
+- return result;
+ }
+
+ #else // USES_NETLINK
+@@ -1737,14 +1759,13 @@ mDNSlocal void PrintRoutingSocketMs
+ }
+ #endif
+
+-mDNSlocal mDNSu32 ProcessRoutingNotification(int sd)
++mDNSlocal void ProcessRoutingNotification(int sd, GenLinkedList *changedInterfaces)
+ // Read through the messages on sd and if any indicate that any interface records should
+ // be torn down and rebuilt, return affected indices as a bitmask. Otherwise return 0.
+ {
+ ssize_t readCount;
+ char buff[4096];
+ struct ifa_msghdr *pRSMsg = (struct ifa_msghdr*) buff;
+- mDNSu32 result = 0;
+
+ readCount = read(sd, buff, sizeof buff);
+ if (readCount < (ssize_t) sizeof(struct ifa_msghdr))
+@@ -1759,12 +1780,10 @@ mDNSlocal mDNSu32 ProcessRoutingNo
+ pRSMsg->ifam_type == RTM_IFINFO)
+ {
+ if (pRSMsg->ifam_type == RTM_IFINFO)
+- result |= 1 << ((struct if_msghdr*) pRSMsg)->ifm_index;
++ AddInterfaceIndexToList(changedInterfaces, ((struct if_msghdr*) pRSMsg)->ifm_index);
+ else
+- result |= 1 << pRSMsg->ifam_index;
++ AddInterfaceIndexToList(changedInterfaces, pRSMsg->ifam_index);
+ }
+-
+- return result;
+ }
+
+ #endif // USES_NETLINK
+@@ -1774,7 +1793,8 @@ mDNSlocal void InterfaceChangeCallback(i
+ {
+ IfChangeRec *pChgRec = (IfChangeRec*) context;
+ fd_set readFDs;
+- mDNSu32 changedInterfaces = 0;
++ GenLinkedList changedInterfaces;
++ NetworkInterfaceIndex *changedInterface;
+ struct timeval zeroTimeout = { 0, 0 };
+
+ (void)fd; // Unused
+@@ -1782,17 +1802,25 @@ mDNSlocal void InterfaceChangeCallback(i
+ FD_ZERO(&readFDs);
+ FD_SET(pChgRec->NotifySD, &readFDs);
+
++ InitLinkedList(&changedInterfaces, offsetof(NetworkInterfaceIndex, Next));
++
+ do
+ {
+- changedInterfaces |= ProcessRoutingNotification(pChgRec->NotifySD);
++ ProcessRoutingNotification(pChgRec->NotifySD, &changedInterfaces);
+ }
+ while (0 < select(pChgRec->NotifySD + 1, &readFDs, (fd_set*) NULL, (fd_set*) NULL, &zeroTimeout));
+
+ // Currently we rebuild the entire interface list whenever any interface change is
+ // detected. If this ever proves to be a performance issue in a multi-homed
+ // configuration, more care should be paid to changedInterfaces.
+- if (changedInterfaces)
++ if (changedInterfaces.Head != NULL)
+ mDNSPlatformPosixRefreshInterfaceList(pChgRec->mDNS);
++
++ while ((changedInterface = (NetworkInterfaceIndex*)changedInterfaces.Head) != NULL)
++ {
++ RemoveFromList(&changedInterfaces, changedInterface);
++ mdns_free(changedInterface);
++ }
+ }
+
+ // Register with either a Routing Socket or RtNetLink to listen for interface changes.
--- /dev/null
+From 764b6202402e9e5687ff873330e5ad6be6f69df7 Mon Sep 17 00:00:00 2001
+From: Alex Kiernan <alex.kiernan@gmail.com>
+Date: Mon, 5 Dec 2022 22:49:49 +0000
+Subject: [PATCH] mDNSCore: Fix broken debug parameter
+
+Upstream-Status: Pending
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+
+---
+ mDNSCore/mDNS.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/mDNSCore/mDNS.c
++++ b/mDNSCore/mDNS.c
+@@ -10249,7 +10249,7 @@ mDNSlocal void mDNSCoreReceiveNoUnicastA
+ #else
+ const DNSServRef dnsserv = qptr->qDNSServer;
+ #endif
+- debugf("mDNSCoreReceiveNoUnicastAnswers making negative cache entry TTL %d for %##s (%s)", negttl, currentQName, DNSTypeName(q.qtype));
++ debugf("mDNSCoreReceiveNoUnicastAnswers making negative cache entry TTL %d for %##s (%s)", negttl, currentQName->c, DNSTypeName(q.qtype));
+ // Create a negative record for the current name in the CNAME chain.
+ MakeNegativeCacheRecord(m, &m->rec.r, currentQName, currentQNameHash, q.qtype, q.qclass, negttl, mDNSInterface_Any,
+ dnsserv, response->h.flags);
--- /dev/null
+From a8accffb95267490b50401c8b65ec18db57b5ef5 Mon Sep 17 00:00:00 2001
+From: Nate Karstens <nate.karstens@garmin.com>
+Date: Wed, 9 Aug 2017 09:16:58 -0500
+Subject: [PATCH 7/8] Mark deleted interfaces as being changed
+
+Netlink notification handling ignores messages for deleted links,
+RTM_DELLINK. It does handle RTM_GETLINK. According to libnl docu-
+mentation (http://www.infradead.org/~tgr/libnl/doc/route.html)
+RTM_DELLINK can be sent by the kernel, but RTM_GETLINK cannot.
+There was likely a mixup in the original implementation, so this
+change replaces handling for RTM_GETLINK with RTM_DELLINK.
+
+Testing and Verification Instructions:
+ 1. Use ip-link to add and remove a VLAN interface and verify
+ that mDNSResponder handles the deleted link.
+
+Upstream-Status: Submitted [dts@apple.com]
+
+Signed-off-by: Nate Karstens <nate.karstens@garmin.com>
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+---
+ mDNSPosix/mDNSPosix.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/mDNSPosix/mDNSPosix.c
++++ b/mDNSPosix/mDNSPosix.c
+@@ -1714,7 +1714,7 @@ mDNSlocal void ProcessRoutingNo
+ #endif
+
+ // Process the NetLink message
+- if (pNLMsg->nlmsg_type == RTM_GETLINK || pNLMsg->nlmsg_type == RTM_NEWLINK)
++ if (pNLMsg->nlmsg_type == RTM_DELLINK || pNLMsg->nlmsg_type == RTM_NEWLINK)
+ AddInterfaceIndexToList(changedInterfaces, ((struct ifinfomsg*) NLMSG_DATA(pNLMsg))->ifi_index);
+ else if (pNLMsg->nlmsg_type == RTM_DELADDR || pNLMsg->nlmsg_type == RTM_NEWADDR)
+ AddInterfaceIndexToList(changedInterfaces, ((struct ifaddrmsg*) NLMSG_DATA(pNLMsg))->ifa_index);
--- /dev/null
+From ed58146d3aeecdb9920fdc017f85c18b5b10f2db Mon Sep 17 00:00:00 2001
+From: Nate Karstens <nate.karstens@garmin.com>
+Date: Thu, 10 Aug 2017 08:27:32 -0500
+Subject: [PATCH 8/8] Handle errors from socket calls
+
+Adds handling for socket() or read() returning a
+negative value (indicating an error has occurred).
+
+Upstream-Status: Submitted [dts@apple.com]
+
+Signed-off-by: Nate Karstens <nate.karstens@garmin.com>
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+---
+ mDNSPosix/mDNSPosix.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+--- a/mDNSPosix/mDNSPosix.c
++++ b/mDNSPosix/mDNSPosix.c
+@@ -1677,7 +1677,7 @@ mDNSlocal void ProcessRoutingNo
+ // Read through the messages on sd and if any indicate that any interface records should
+ // be torn down and rebuilt, return affected indices as a bitmask. Otherwise return 0.
+ {
+- ssize_t readCount;
++ ssize_t readVal, readCount;
+ char buff[4096];
+ struct nlmsghdr *pNLMsg = (struct nlmsghdr*) buff;
+
+@@ -1686,7 +1686,10 @@ mDNSlocal void ProcessRoutingNo
+ // enough to hold all pending data and so avoid message fragmentation.
+ // (Note that FIONREAD is not supported on AF_NETLINK.)
+
+- readCount = read(sd, buff, sizeof buff);
++ readVal = read(sd, buff, sizeof buff);
++ if (readVal < 0) return;
++ readCount = readVal;
++
+ while (1)
+ {
+ // Make sure we've got an entire nlmsghdr in the buffer, and payload, too.
+@@ -1702,7 +1705,9 @@ mDNSlocal void ProcessRoutingNo
+ pNLMsg = (struct nlmsghdr*) buff;
+
+ // read more data
+- readCount += read(sd, buff + readCount, sizeof buff - readCount);
++ readVal = read(sd, buff + readCount, sizeof buff - readCount);
++ if (readVal < 0) return;
++ readCount += readVal;
+ continue; // spin around and revalidate with new readCount
+ }
+ else
+@@ -1851,6 +1856,7 @@ mDNSlocal mDNSBool mDNSPlatformInit_CanR
+ int err;
+ int s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+ struct sockaddr_in s5353;
++ if (s < 0) return mDNSfalse;
+ s5353.sin_family = AF_INET;
+ s5353.sin_port = MulticastDNSPort.NotAnInteger;
+ s5353.sin_addr.s_addr = 0;
+++ /dev/null
---- a/mDNSShared/PlatformCommon.c
-+++ b/mDNSShared/PlatformCommon.c
-@@ -43,6 +43,10 @@
- typedef unsigned int socklen_t;
- #endif
-
-+#ifndef TCP_NOTSENT_LOWAT
-+#define TCP_NOTSENT_LOWAT 25
-+#endif
-+
- #if MDNS_MALLOC_DEBUGGING
- // We ONLY want this for malloc debugging--on a running production system we want to deal with
- // malloc failures, not just die. There is a small performance penalty for enabling these options
+++ /dev/null
-From 1fb07b9524b4afed3a826c087db4dc48a7bfdb89 Mon Sep 17 00:00:00 2001
-From: Ted Lemon <elemon@apple.com>
-Date: Thu, 6 Jun 2019 13:35:43 -0400
-Subject: [PATCH] Fix core dump while parsing interface list on Posix
-
----
---- a/mDNSPosix/mDNSPosix.c
-+++ b/mDNSPosix/mDNSPosix.c
-@@ -1320,7 +1320,8 @@ mDNSlocal int SetupInterfaceList(mDNS *c
- struct ifaddrs *i = intfList;
- while (i)
- {
-- if ( ((i->ifa_addr->sa_family == AF_INET)
-+ if ( i->ifa_addr != NULL &&
-+ ((i->ifa_addr->sa_family == AF_INET)
- #if HAVE_IPV6
- || (i->ifa_addr->sa_family == AF_INET6)
- #endif
--- /dev/null
+--- a/Clients/Makefile
++++ b/Clients/Makefile
+@@ -42,7 +42,7 @@ TARGETS = build/dns-sd build/dns-sd64
+ LIBS =
+ else
+ TARGETS = build/dns-sd
+-LIBS = -L../mDNSPosix/$(BUILDDIR)/ -ldns_sd
++LIBS ?= -L../mDNSPosix/$(BUILDDIR)/ -ldns_sd
+ endif
+
+ all: $(TARGETS)
+--- a/mDNSPosix/PosixDaemon.c
++++ b/mDNSPosix/PosixDaemon.c
+@@ -38,6 +38,11 @@
+ #include <pwd.h>
+ #include <sys/types.h>
+ #include <sys/socket.h>
++#ifdef __linux__
++#include <sys/capability.h> /* !!! We require libcap-dev for this. Oh well. */
++/* prctl is required to enable inheriting of capabilities across setuid */
++#include <sys/prctl.h>
++#endif /* __linux__ */
+
+ #if __APPLE__
+ #undef daemon
+@@ -194,6 +199,18 @@ int main(int argc, char **argv)
+
+ Reconfigure(&mDNSStorage);
+
++#ifdef __linux__
++ /*
++ * SO_BINDTODEVICE is privileged operation; however, we can get
++ * around it using capabilities instead of remaining root.
++ */
++ if (mStatus_NoError == err)
++ {
++ if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0)
++ perror("prctl PR_SET_KEEPCAPS");
++ }
++#endif /* __linux__ */
++
+ // Now that we're finished with anything privileged, switch over to running as "nobody"
+ if (mStatus_NoError == err)
+ {
+@@ -209,6 +226,21 @@ int main(int argc, char **argv)
+ {
+ LogMsg("WARNING: mdnsd continuing as root because setuid to \"nobody\" failed with %s", strerror(errno));
+ }
++#ifdef __linux__
++ struct __user_cap_header_struct ch;
++ struct __user_cap_data_struct cd[_LINUX_CAPABILITY_U32S_3];
++
++ memset(&ch, 0, sizeof(ch));
++ ch.version = _LINUX_CAPABILITY_VERSION_3;
++ ch.pid = getpid();
++ memset(&cd[0], 0, sizeof(cd));
++ /* CAP_NET_RAW is required to use SO_BINDTODEVICE */
++ int caps = CAP_TO_MASK(CAP_NET_RAW);
++ cd[0].permitted = caps;
++ cd[0].effective = caps;
++ if (capset(&ch, &cd[0]) < 0)
++ perror("capset");
++#endif /* __linux__ */
+ }
+ else
+ {
+@@ -216,6 +248,11 @@ int main(int argc, char **argv)
+ }
+ }
+
++#ifdef __linux__
++ if (mStatus_NoError == err)
++ err = mDNSPlatformPosixRefreshInterfaceList(&mDNSStorage);
++#endif /* __linux__ */
++
+ if (mStatus_NoError == err)
+ err = MainLoop(&mDNSStorage);
+
+--- a/mDNSPosix/mDNSPosix.c
++++ b/mDNSPosix/mDNSPosix.c
+@@ -1223,6 +1223,29 @@ mDNSlocal int SetupSocket(struct sockadd
+ if (err < 0) { err = errno; perror("setsockopt - IP_MULTICAST_TTL"); }
+ }
+
++#ifdef __linux__
++#ifdef SO_BINDTODEVICE
++ if (err == 0 && interfaceIndex)
++ {
++ char ifname[IFNAMSIZ];
++ if (if_indextoname(interfaceIndex, ifname))
++ {
++ err = setsockopt(*sktPtr, SOL_SOCKET, SO_BINDTODEVICE, ifname, strlen(ifname));
++ if (err < 0)
++ {
++ err = errno;
++ perror("setsockopt - SO_BINDTODEVICE");
++ }
++ }
++ else
++ {
++ err = errno;
++ perror("if_indextoname");
++ }
++ }
++#endif /* SO_BINDTODEVICE */
++#endif /* __linux__ */
++
+ // And start listening for packets
+ if (err == 0)
+ {
+@@ -1298,6 +1321,29 @@ mDNSlocal int SetupSocket(struct sockadd
+ if (err < 0) { err = errno; perror("setsockopt - IPV6_MULTICAST_HOPS"); }
+ }
+
++#ifdef __linux__
++#ifdef SO_BINDTODEVICE
++ if (err == 0 && interfaceIndex)
++ {
++ char ifname[IFNAMSIZ];
++ if (if_indextoname(interfaceIndex, ifname))
++ {
++ err = setsockopt(*sktPtr, SOL_SOCKET, SO_BINDTODEVICE, ifname, strlen(ifname));
++ if (err < 0)
++ {
++ err = errno;
++ perror("setsockopt - SO_BINDTODEVICE");
++ }
++ }
++ else
++ {
++ err = errno;
++ perror("if_indextoname");
++ }
++ }
++#endif /* SO_BINDTODEVICE */
++#endif /* __linux__ */
++
+ // And start listening for packets
+ if (err == 0)
+ {
+@@ -1899,8 +1945,12 @@ mDNSexport mStatus mDNSPlatformInit(mDNS
+ if (err == mStatus_NoError) err = SetupSocket(&sa, zeroIPPort, 0, &m->p->unicastSocket6);
+ #endif
+
++ // In Linux case, we can't set up sockets with different owner -
++ // it blows up SO_REUSEPORT. So we do this step bit later.
++#ifndef __linux__
+ // Tell mDNS core about the network interfaces on this machine.
+ if (err == mStatus_NoError) err = SetupInterfaceList(m);
++#endif /* !__linux__ */
+
+ // Tell mDNS core about DNS Servers
+ mDNS_Lock(m);
+--- a/mDNSShared/dnsextd_parser.y
++++ b/mDNSShared/dnsextd_parser.y
+@@ -15,6 +15,8 @@
+ * limitations under the License.
+ */
+
++%parse-param { void *context }
++
+ %{
+ #include <stdio.h>
+ #include <stdlib.h>
+@@ -23,7 +25,7 @@
+ #include "DebugServices.h"
+ #include "dnsextd.h"
+
+-void yyerror( const char* error );
++void yyerror( void* context, const char* error );
+ int yylex(void);
+
+
+@@ -409,7 +411,7 @@ int yywrap(void);
+
+ extern int yylineno;
+
+-void yyerror( const char *str )
++void yyerror( void* context, const char *str )
+ {
+ fprintf( stderr,"%s:%d: error: %s\n", g_filename, yylineno, str );
+ }
--- /dev/null
+--- a/Clients/dns-sd.c
++++ b/Clients/dns-sd.c
+@@ -2463,7 +2463,7 @@ Fail:
+ // The "@(#) " pattern is a special prefix the "what" command looks for
+ #pragma GCC diagnostic push
+ #pragma GCC diagnostic ignored "-Wdate-time"
+- const char VersionString_SCCS[] = "@(#) dns-sd " STRINGIFY(mDNSResponderVersion) " (" __DATE__ " " __TIME__ ")";
++ const char VersionString_SCCS[] = "@(#) dns-sd " STRINGIFY(mDNSResponderVersion);
+ #pragma GCC diagnostic pop
+
+ #if _BUILDING_XCODE_PROJECT_
+--- a/mDNSPosix/PosixDaemon.c
++++ b/mDNSPosix/PosixDaemon.c
+@@ -308,9 +308,9 @@ asm (".desc ___crashreporter_info__, 0x1
+
+ // For convenience when using the "strings" command, this is the last thing in the file
+ #if mDNSResponderVersion > 1
+-mDNSexport const char mDNSResponderVersionString_SCCS[] = "@(#) mDNSResponder-" STRINGIFY(mDNSResponderVersion) " (" __DATE__ " " __TIME__ ")";
++mDNSexport const char mDNSResponderVersionString_SCCS[] = "@(#) mDNSResponder-" STRINGIFY(mDNSResponderVersion);
+ #elif MDNS_VERSIONSTR_NODTS
+ mDNSexport const char mDNSResponderVersionString_SCCS[] = "@(#) mDNSResponder (Engineering Build)";
+ #else
+-mDNSexport const char mDNSResponderVersionString_SCCS[] = "@(#) mDNSResponder (Engineering Build) (" __DATE__ " " __TIME__ ")";
++mDNSexport const char mDNSResponderVersionString_SCCS[] = "@(#) mDNSResponder (Engineering Build)";
+ #endif
+--- a/mDNSShared/Java/JNISupport.c
++++ b/mDNSShared/Java/JNISupport.c
+@@ -1069,4 +1069,4 @@ exit:
+
+ // NOT static -- otherwise the compiler may optimize it out
+ // The "@(#) " pattern is a special prefix the "what" command looks for
+-const char VersionString_SCCS[] = "@(#) libjdns_sd " STRINGIFY(mDNSResponderVersion) " (" __DATE__ " " __TIME__ ")";
++const char VersionString_SCCS[] = "@(#) libjdns_sd " STRINGIFY(mDNSResponderVersion);
+--- a/mDNSShared/dnsextd.c
++++ b/mDNSShared/dnsextd.c
+@@ -3132,7 +3132,7 @@ mDNS mDNSStorage;
+
+ // For convenience when using the "strings" command, this is the last thing in the file
+ // The "@(#) " pattern is a special prefix the "what" command looks for
+-const char mDNSResponderVersionString_SCCS[] = "@(#) dnsextd " STRINGIFY(mDNSResponderVersion) " (" __DATE__ " " __TIME__ ")";
++const char mDNSResponderVersionString_SCCS[] = "@(#) dnsextd " STRINGIFY(mDNSResponderVersion);
+
+ #if _BUILDING_XCODE_PROJECT_
+ // If the process crashes, then this string will be magically included in the automatically-generated crash log
+--- a/mDNSShared/dnssd_clientlib.c
++++ b/mDNSShared/dnssd_clientlib.c
+@@ -372,7 +372,7 @@ DNSServiceErrorType DNSSD_API TXTRecordG
+ #pragma GCC diagnostic push
+ #pragma GCC diagnostic ignored "-Wdate-time"
+ #endif
+-const char VersionString_SCCS_libdnssd[] DNSSD_USED = "@(#) libdns_sd " STRINGIFY(mDNSResponderVersion) " (" __DATE__ " " __TIME__ ")";
++const char VersionString_SCCS_libdnssd[] DNSSD_USED = "@(#) libdns_sd " STRINGIFY(mDNSResponderVersion);
+ #if defined(__GNUC__)
+ #pragma GCC diagnostic pop
+ #endif
include $(TOPDIR)/rules.mk
PKG_NAME:=memcached
-PKG_VERSION:=1.6.17
+PKG_VERSION:=1.6.31
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://memcached.org/files
-PKG_HASH:=2055e373613d8fc21529aff9f0adce3e23b9ce01ba0478d30e7941d9f2bd1224
+PKG_HASH:=20d8d339b8fb1f6c79cee20559dc6ffb5dfee84db9e589f4eb214f6d2c873ef5
PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>
PKG_LICENSE:=BSD-3-Clause
include $(TOPDIR)/rules.mk
PKG_NAME:=miniupnpc
-PKG_VERSION:=2.2.3
+PKG_VERSION:=2.2.8
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://miniupnp.tuxfamily.org/files
-PKG_HASH:=dce41b4a4f08521c53a0ab163ad2007d18b5e1aa173ea5803bd47a1be3159c24
+PKG_HASH:=05b929679091b9921b6b6c1f25e39e4c8d1f4d46c8feb55a412aa697aee03a93
PKG_MAINTAINER:=
PKG_LICENSE:=BSD-3-Clause
define Package/miniupnpc/install
$(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/upnpc-shared $(1)/usr/bin/upnpc
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/listdevices $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/upnpc-shared $(1)/usr/bin/upnpc
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/upnp-listdevices-shared $(1)/usr/bin/upnp-listdevices
endef
define Package/libminiupnpc/install
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
-@@ -41,12 +41,6 @@ if (CMAKE_SYSTEM_NAME STREQUAL "Darwin")
+@@ -51,12 +51,6 @@ if (APPLE)
target_compile_definitions(miniupnpc-private INTERFACE _DARWIN_C_SOURCE)
endif ()
-
# Suppress noise warnings
if (MSVC)
- target_compile_definitions(miniupnpc-private INTERFACE _CRT_SECURE_NO_WARNINGS)
-@@ -221,16 +215,16 @@ endif ()
-
- if (NOT UPNPC_NO_INSTALL)
- install (FILES
-- miniupnpc.h
-- miniwget.h
-- upnpcommands.h
-- igd_desc_parse.h
-- upnpreplyparse.h
-- upnperrors.h
-- upnpdev.h
-- miniupnpctypes.h
-- portlistingparse.h
-- miniupnpc_declspec.h
-+ include/miniupnpc.h
-+ include/miniwget.h
-+ include/upnpcommands.h
-+ include/igd_desc_parse.h
-+ include/upnpreplyparse.h
-+ include/upnperrors.h
-+ include/upnpdev.h
-+ include/miniupnpctypes.h
-+ include/portlistingparse.h
-+ include/miniupnpc_declspec.h
- DESTINATION include/miniupnpc
- )
-
+ target_compile_definitions(miniupnpc-private INTERFACE _CRT_SECURE_NO_WARNINGS _WINSOCK_DEPRECATED_NO_WARNINGS)
include $(TOPDIR)/rules.mk
PKG_NAME:=miniupnpd
-PKG_VERSION:=2.3.3
-PKG_RELEASE:=2
+PKG_VERSION:=2.3.7
+PKG_RELEASE:=1
PKG_SOURCE_URL:=https://miniupnp.tuxfamily.org/files
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=6fd7019f936ff88c41e7c822f46f10b51bd72d665978f6586483de75b30c36bf
+PKG_HASH:=fbdd5501039730f04a8420ea2f8f54b7df63f9f04cde2dc67fa7371e80477bbe
PKG_MAINTAINER:=
PKG_LICENSE:=BSD-3-Clause
+libmnl \
+libuuid
PROVIDES:=miniupnpd
- TITLE:=Lightweight UPnP IGD, NAT-PMP & PCP daemon
+ TITLE:=Lightweight UPnP IGD & PCP/NAT-PMP daemon
SUBMENU:=Firewall
URL:=https://miniupnp.tuxfamily.org/
endef
--leasefile \
--portinuse \
--firewall=$(BUILD_VARIANT) \
- --disable-fork
+ --disable-fork \
+ --regex
TARGET_CFLAGS += $(FPIC)
TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed
endif
TESTUPNPDESCGENOBJS = testupnpdescgen.o upnpdescgen.o
-@@ -143,11 +143,11 @@ install: miniupnpd $(SRCDIR)/miniupnpd.8
- $(INSTALL) $(SRCDIR)/netfilter/ip6tables_init.sh $(DESTDIR)$(ETCINSTALLDIR)
- $(INSTALL) $(SRCDIR)/netfilter/ip6tables_removeall.sh $(DESTDIR)$(ETCINSTALLDIR)
- $(INSTALL) $(SRCDIR)/netfilter/miniupnpd_functions.sh $(DESTDIR)$(ETCINSTALLDIR)
-- $(INSTALL) --mode=0644 -b $(SRCDIR)/miniupnpd.conf $(DESTDIR)$(ETCINSTALLDIR)
-+ $(INSTALL) -m 0644 -b $(SRCDIR)/miniupnpd.conf $(DESTDIR)$(ETCINSTALLDIR)
- $(INSTALL) -d $(DESTDIR)$(PREFIX)/etc/init.d
- $(INSTALL) $(SRCDIR)/linux/miniupnpd.init.d.script $(DESTDIR)$(PREFIX)/etc/init.d/miniupnpd
- $(INSTALL) -d $(DESTDIR)$(MANINSTALLDIR)
-- $(INSTALL) --mode=0644 $(SRCDIR)/miniupnpd.8 $(DESTDIR)$(MANINSTALLDIR)
-+ $(INSTALL) -m 0644 $(SRCDIR)/miniupnpd.8 $(DESTDIR)$(MANINSTALLDIR)
- gzip -f $(DESTDIR)$(MANINSTALLDIR)/miniupnpd.8
-
- # genuuid is using the uuidgen CLI tool which is part of libuuid
PKG_NAME:=modemmanager
PKG_VERSION:=1.22.0
-PKG_RELEASE:=13
+PKG_RELEASE:=18
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://gitlab.freedesktop.org/mobile-broadband/ModemManager.git
PKG_SOURCE_VERSION:=$(PKG_VERSION)
-PKG_MIRROR_HASH:=11af92027970f1f0cb5d3016e3c62485399a6bbb81621723016b8b9a561af020
+PKG_MIRROR_HASH:=72d129a00d51f0acf4c421f02dd342728ca42980bd9644e3c9a69ca0792fd60b
PKG_MAINTAINER:=Nicholas Smith <nicholas@nbembedded.com>
PKG_LICENSE:=GPL-2.0-or-later
Select Utilities/usb-modeswitch if needed.
endef
+define Package/modemmanager-rpcd
+ SECTION:=net
+ CATEGORY:=Network
+ TITLE:=RPC interface for ModemManager for rpcd
+ URL:=https://www.freedesktop.org/wiki/Software/ModemManager
+ DEPENDS:= \
+ modemmanager \
+ +lua-cjson
+endef
+
+define Package/modemmanager-rpcd/description
+ ModemManager is a D-Bus-activated service which allows controlling mobile
+ broadband modems.
+
+ This package enables an rpcd interface for getting information from
+ ModemManager using e.g. ubus.
+endef
+
MESON_ARGS += \
-Dudev=false \
-Dudevdir=/lib/udev \
$(1)/lib/netifd/proto
endef
+define Package/modemmanager-rpcd/install
+ $(INSTALL_DIR) $(1)/usr/libexec/rpcd
+ $(INSTALL_BIN) ./files/usr/libexec/rpcd/modemmanager \
+ $(1)/usr/libexec/rpcd/
+endef
+
$(eval $(call BuildPackage,modemmanager))
+$(eval $(call BuildPackage,modemmanager-rpcd))
option lowpower '1'
option signalrate '30'
option allow_roaming '1'
+ option force_connection '1'
option init_epsbearer '<none|default|custom>'
Only 'device' and 'proto' are mandatory options, the remaining ones are all
The 'signalrate' option set's the signal refresh rate (in seconds) for the device.
You can call signal info with command: mmcli -m 0 --signal-get
+The 'force_connection' option is designed to ensure that the modem automatically
+attempts to reconnect regardless of any errors encountered during the
+connection process.
+
If there is no Circuit switch network available, then an initial EPS
bearer must be set, so this could be used during the network registration
process in 4G and 5G network. For this resaon a new configuration option
json_add_string proto "dhcpv6"
proto_add_dynamic_defaults
json_add_string extendprefix 1 # RFC 7278: Extend an IPv6 /64 Prefix to LAN
+ [ "$sourcefilter" = "0" ] && json_add_boolean sourcefilter "0"
[ -n "$metric" ] && json_add_int metric "${metric}"
json_close_object
ubus call network add_dynamic "$(json_dump)"
proto_config_add_string preferredmode
proto_config_add_string pincode
proto_config_add_string iptype
+ proto_config_add_boolean sourcefilter
proto_config_add_string plmn
proto_config_add_int signalrate
proto_config_add_boolean lowpower
proto_config_add_boolean allow_roaming
+ proto_config_add_boolean force_connection
proto_config_add_string init_epsbearer
proto_config_add_string init_iptype
proto_config_add_string 'init_allowedauth:list(string)'
local device apn allowedauth username password pincode
local iptype plmn metric signalrate allow_roaming
+ local force_connection
local init_epsbearer
local init_iptype init_allowedauth
local address prefix gateway mtu dns1 dns2
json_get_vars device apn allowedauth username password
- json_get_vars pincode iptype plmn metric signalrate allow_roaming
- json_get_vars allowedmode preferredmode
+ json_get_vars pincode iptype sourcefilter plmn metric signalrate allow_roaming
+ json_get_vars allowedmode preferredmode force_connection
json_get_vars init_epsbearer
json_get_vars init_iptype init_allowedauth
mmcli --modem="${device}" \
--timeout 120 \
--3gpp-register-in-operator="${plmn}" || {
- proto_notify_error "${interface}" MM_3GPP_OPERATOR_REGISTRATION_FAILED
- proto_block_restart "${interface}"
+
+ if [ -n "${force_connection}" ] && [ "${force_connection}" -eq 1 ]; then
+ echo "3GPP operator registration failed -> attempting restart"
+ proto_notify_error "${interface}" MM_INTERFACE_RESTART
+ else
+ proto_notify_error "${interface}" MM_3GPP_OPERATOR_REGISTRATION_FAILED
+ proto_block_restart "${interface}"
+ fi
return 1
}
}
# setup connect args; APN mandatory (even if it may be empty)
echo "starting connection with apn '${apn}'..."
- proto_notify_error "${interface}" MM_CONNECT_IN_PROGRESS
# setup allow-roaming parameter
if [ -n "${allow_roaming}" ] && [ "${allow_roaming}" -eq 0 ];then
append_param "${password:+password=${password}}"
mmcli --modem="${device}" --timeout 120 --simple-connect="${connectargs}" || {
- proto_notify_error "${interface}" MM_CONNECT_FAILED
- proto_block_restart "${interface}"
+ if [ -n "${force_connection}" ] && [ "${force_connection}" -eq 1 ]; then
+ echo "Connection failed -> attempting restart"
+ proto_notify_error "${interface}" MM_INTERFACE_RESTART
+ else
+ proto_notify_error "${interface}" MM_CONNECT_FAILED
+ proto_block_restart "${interface}"
+ fi
return 1
}
--- /dev/null
+#!/usr/bin/env lua
+
+local json = require "cjson"
+
+local status = {}
+local bearers = {}
+local sim = {}
+local signal = {}
+local location = {}
+
+local info = {}
+
+function mm_get_modem_bearer(index)
+
+ local command = string.format("/usr/bin/mmcli --bearer=%s --output-json 2>/dev/null", index)
+
+ local handle = io.popen(command)
+ local output = handle:read("*a")
+ handle:close()
+
+ local ok, status = pcall(function()
+ return json.decode(string.format(output))
+ end)
+
+ if not ok then
+ return
+ end
+
+ table.insert(bearers, status["bearer"])
+end
+
+function mm_get_modem_sim(index)
+
+ local command = string.format("/usr/bin/mmcli --sim=%s --output-json 2>/dev/null", index)
+
+ local handle = io.popen(command)
+ local output = handle:read("*a")
+ handle:close()
+
+ local ok, status = pcall(function()
+ return json.decode(string.format(output))
+ end)
+
+ if not ok then
+ return
+ end
+
+ sim = status["sim"]
+end
+
+function mm_get_modem_signal(modem)
+
+ local command = string.format("/usr/bin/mmcli --modem=%s --signal-get --output-json 2>/dev/null", modem)
+
+ local handle = io.popen(command)
+ local output = handle:read("*a")
+ handle:close()
+
+ local ok, status = pcall(function()
+ return json.decode(string.format(output))
+ end)
+
+ if ok == false then
+ return
+ end
+
+ signal = status["modem"]["signal"]
+end
+
+function mm_get_modem_location(modem)
+
+ local command = string.format("/usr/bin/mmcli --modem=%s --location-get --output-json 2>/dev/null", modem)
+
+ local handle = io.popen(command)
+ local output = handle:read("*a")
+ handle:close()
+
+ local ok, status = pcall(function()
+ return json.decode(string.format(output))
+ end)
+
+ if ok == false then
+ return
+ end
+
+ location = status["modem"]["location"]
+end
+
+function mm_get_modem_status(modem)
+
+ local command = string.format("/usr/bin/mmcli --modem=%s --output-json 2>/dev/null", modem)
+
+ local handle = io.popen(command)
+ local output = handle:read("*a")
+ handle:close()
+
+ local ok, mstatus = pcall(function()
+ return json.decode(string.format(output))
+ end)
+
+ if ok == false then
+ return
+ end
+
+ if mstatus["modem"]["generic"]["bearers"] ~= nil then
+ bearers = {}
+ for k, v in ipairs(mstatus["modem"]["generic"]["bearers"]) do
+ mm_get_modem_bearer(v)
+ end
+ if (next(bearers) ~= nil) then
+ mstatus["modem"]["generic"]["bearers"] = bearers
+ end
+ end
+
+ if mstatus["modem"]["generic"]["sim"] ~= "--" then
+ sim = {}
+ mm_get_modem_sim(mstatus["modem"]["generic"]["sim"])
+ if (next(sim) ~= nil) then
+ mstatus["modem"]["generic"]["sim"] = sim
+ end
+ else
+ mstatus["modem"]["generic"]["sim"] = {}
+ end
+
+ signal = {}
+ mm_get_modem_signal(modem)
+ if (next(signal) ~= nil) then
+ mstatus["modem"]["signal"] = signal
+ else
+ mstatus["modem"]["signal"] = {}
+ end
+
+ location = {}
+ mm_get_modem_location(modem)
+ if (next(location) ~= nil) then
+ mstatus["modem"]["location"] = location
+ else
+ mstatus["modem"]["location"] = {}
+ end
+
+ mstatus["modem"]["device"] = mstatus["modem"]["generic"]["device"]
+
+ table.insert(status["modem"], mstatus["modem"])
+end
+
+function aquire_data_modemmanager()
+
+ local command = string.format("/usr/bin/mmcli --list-modems --output-json 2>/dev/null")
+
+ local handle = io.popen(command)
+ local output = handle:read("*a")
+ handle:close()
+
+ local ok, modems = pcall(function()
+ return json.decode(output)
+ end)
+
+ if not ok then
+ return
+ end
+
+ entry_cache = {}
+ status = {}
+ status["modem"] = {}
+ for k, v in ipairs(modems["modem-list"]) do
+ mm_get_modem_status(modems["modem-list"][k])
+ end
+end
+
+function aquire_data_info()
+ aquire_data_modemmanager()
+
+ -- check if modemmanger is available and is using a modem
+ if status['modem'] == nil then
+ return
+ end
+
+ info['modem'] = {}
+
+ for k, v in ipairs(status['modem']) do
+ local element = {}
+
+ element['imei'] = status['modem'][k]['3gpp']['imei']
+ element['signal'] = status['modem'][k]['generic']['signal-quality']['value']
+ element['technology'] = status['modem'][k]['generic']['access-technologies'][1]
+ if status['modem'][k]['3gpp']['operator-name'] ~= '--' then
+ element['operator'] = status['modem'][k]['3gpp']['operator-name']
+ end
+ if status['modem'][k]['generic']['sim']['properties'] ~= nil then
+ element['iccid'] = status['modem'][k]['generic']['sim']['properties']['iccid']
+ element['imsi'] = status['modem'][k]['generic']['sim']['properties']['imsi']
+ end
+ element['device'] = status['modem'][k]['device']
+
+ table.insert(info['modem'], element)
+ end
+end
+
+function main(cmd, call)
+ if cmd == "list" then
+ print(json.encode({
+ dump = {},
+ info = {}
+ }))
+ elseif cmd == "call" then
+ if call == "dump" then
+ aquire_data_modemmanager()
+ print(json.encode(status))
+ elseif call == "info" then
+ aquire_data_info()
+ print(json.encode(info))
+ end
+ end
+end
+
+main(arg[1], arg[2])
include $(TOPDIR)/rules.mk
PKG_NAME:=mwan3
-PKG_VERSION:=2.11.13
-PKG_RELEASE:=2
+PKG_VERSION:=2.11.15
+PKG_RELEASE:=3
PKG_MAINTAINER:=Florian Eckert <fe@dev.tdt.de>, \
Aaron Goodman <aaronjg@alumni.stanford.edu>
PKG_LICENSE:=GPL-2.0
config_get family "$1" family ipv4
network_get_device device "$1"
[ -z "$device" ] && return
- config_get enabled "$1" enabled
+ config_get_bool enabled "$1" enabled
[ "$enabled" -eq 0 ] && return
curr_table=$(eval "echo \"\$mwan3_dev_tbl_${family}\"")
export "mwan3_dev_tbl_$family=${curr_table}${device}=$_tid "
return
fi
- for rule_id in $(ip rule list | awk '$1 % 1000 == '$id' && $1 > 1000 && $1 < 4000 {print substr($1,0,4)}'); do
+ for rule_id in $(ip rule list | awk -F : '$1 % 1000 == '$id' && $1 > 1000 && $1 < 4000 {print $1}'); do
$IP rule del pref $rule_id
done
}
mwan3_get_iface_id id "$1"
network_get_device device "$1"
- config_get enabled "$1" enabled 0
+ config_get_bool enabled "$1" enabled 0
config_get family "$1" family ipv4
if [ "$family" = "ipv4" ]; then
online=$(get_online_time "$iface")
offline=$(get_offline_time "$iface")
- config_get enabled "$iface" enabled 0
+ config_get_bool enabled "$iface" enabled 0
if [ -f "$MWAN3TRACK_STATUS_DIR/${iface}/STATUS" ]; then
network_get_uptime uptime "$iface"
# firewall rules
local interface device src_ip family
- mwan3_init
interface=$1 ; shift
[ -z "$*" ] && echo "no command specified for mwan3 use" && return
[ -z "$family" ] && echo "could not find family for $interface. Using ipv4." && family='ipv4'
echo "Running '$*' with DEVICE=$device SRCIP=$src_ip FWMARK=$MMX_DEFAULT FAMILY=$family"
- # shellcheck disable=SC2048
- FAMILY=$family DEVICE=$device SRCIP=$src_ip FWMARK=$MMX_DEFAULT LD_PRELOAD=/lib/mwan3/libwrap_mwan3_sockopt.so.1.0 $*
-
+ # if a program (not a shell builtin) is run: use "exec" for allowing direct process control
+ if [ -x "$(command -v "$1")" ]; then
+ set -- exec "$@"
+ fi
+ FAMILY=$family DEVICE=$device SRCIP=$src_ip FWMARK=$MMX_DEFAULT LD_PRELOAD=/lib/mwan3/libwrap_mwan3_sockopt.so.1.0 "$@"
}
case "$1" in
ifup|ifdown|interfaces|policies|connected|rules|status|start|stop|restart|use|internal)
mwan3_init
- # shellcheck disable=SC2048
- $*
+ "$@"
;;
*)
help
TRACK_PID=$!
wait $TRACK_PID
ping_status=$?
- loss="$(sed $TRACK_OUTPUT -ne 's/.*\([0-9]\+\)% packet loss.*/\1/p')"
+ loss="$(sed $TRACK_OUTPUT -ne 's/.* \([0-9]\+\)% packet loss.*/\1/p')"
if [ "$ping_status" -ne 0 ] || [ "$loss" -eq 100 ]; then
latency=999999
loss=100
WRAP nping -c $count $track_ip --${FAMILY#nping-} > $TRACK_OUTPUT &
TRACK_PID=$!
wait $TRACK_PID
- result=$(grep $TRACK_OUTPUT Lost | awk '{print $12}')
+ result=$(grep Lost $TRACK_OUTPUT | awk '{print $12}')
;;
esac
do_log=""
include $(TOPDIR)/rules.mk
PKG_NAME:=natmap
-PKG_VERSION:=20240303
+PKG_VERSION:=20240813
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/heiher/natmap/releases/download/$(PKG_VERSION)
-PKG_HASH:=d7b7a1ba2fc8dbd471ed88757fa6fc7c7e2d83f9f44c8f62661e9809d386d163
+PKG_HASH:=2fd89d286b19b9235d5e3477699c3752911bc5e80840ea1ed6930bfe98f47248
PKG_MAINTAINER:=Richard Yu <yurichard3839@gmail.com>, Ray Wang <r@hev.cc>
PKG_LICENSE:=MIT
load_interfaces() {
config_get interface "$1" interface
- config_get enable "$1" enable 1
+ config_get_bool enable "$1" enable 1
[ "${enable}" = "1" ] && interfaces=" ${interface} ${interfaces}"
}
'interval:uinteger' \
'stun_server:host' \
'http_server:host' \
- 'port:port' \
+ 'port:or(port,portrange)' \
'forward_target:host' \
'forward_port:port' \
'notify_script:file' \
PKG_SOURCE_URL:=https://codeload.github.com/slackhq/nebula/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=203713c58d0ec8a10df2f605af791a77a33f825454911ac3a5313ced591547fd
-PKG_MAINTAINER:=Stan Grishin <stangri@melmac.ca>
+PKG_MAINTAINER:=
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_CPE_ID:=cpe:/a:slack:nebula
PKG_NAME:=net-snmp
PKG_VERSION:=5.9.4
-PKG_RELEASE:=1
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/net-snmp
host/hr_system \
ieee802dot11 \
if-mib/ifXTable \
+ ip-mib/ipAddressTable \
ip-mib/inetNetToMediaTable \
+ ip-forward-mib/inetCidrRouteTable \
+ ip-forward-mib/ipCidrRouteTable \
mibII/at \
mibII/icmp \
mibII/ifTable \
SNMP_TRANSPORTS_INCLUDED+= UDPIPv6
endif
-TARGET_LDFLAGS += -L$(TOOLCHAIN_DIR)/usr/lib
-
define Build/Compile
$(MAKE) -C $(PKG_BUILD_DIR) \
INSTALL_PREFIX="$(PKG_INSTALL_DIR)" \
snmpd_system_add() {
local cfg="$1"
+ local hostname
+
config_get syslocation "$cfg" sysLocation
[ -n "$syslocation" ] && echo "sysLocation $syslocation" >> $CONFIGFILE
config_get syscontact "$cfg" sysContact
[ -n "$syscontact" ] && echo "sysContact $syscontact" >> $CONFIGFILE
config_get sysname "$cfg" sysName
[ -n "$sysname" ] && echo "sysName $sysname" >> $CONFIGFILE
+ [ -z "$sysname" ] && hostname=$(uci_get system.@system[0].hostname) && echo "sysName $hostname" >> $CONFIGFILE
config_get sysservice "$cfg" sysService
[ -n "$sysservice" ] && echo "sysService $sysservice" >> $CONFIGFILE
config_get sysdescr "$cfg" sysDescr
AC_MSG_CHECKING([for the type of fd_set::fds_bits])
-for type in __fd_mask __int32_t unknown; do
-+for type in __fd_mask __int32_t u_int32_t; do
++for type in fd_mask int32_t size_t; do
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
#include <sys/select.h>
#include <stddef.h>
--- /dev/null
+++ b/agent/mibgroup/ieee802dot11.c
-@@ -0,0 +1,4915 @@
+@@ -0,0 +1,4916 @@
+/****************************************************************************
+* *
+* File Name: ieee802dot11.c *
+#include <net-snmp/agent/net-snmp-agent-includes.h>
+#include "ieee802dot11.h"
+#include "iwlib.h"
++#include "util_funcs/header_generic.h"
+
+/****************************************************************************
+* Defines *
+ rc = ioctl ( skfd, SIOCGIFHWADDR, &ifr );
+ if ( rc >= 0 ) {
+
-+ sprintf ( MACAddress, "%02X:%02X:%02X:%02X:%02X:%02X\0",
++ sprintf ( MACAddress, "%02X:%02X:%02X:%02X:%02X:%02X",
+ ( UCHAR ) ifr.ifr_hwaddr.sa_data[0], ( UCHAR ) ifr.ifr_hwaddr.sa_data[1],
+ ( UCHAR ) ifr.ifr_hwaddr.sa_data[2], ( UCHAR ) ifr.ifr_hwaddr.sa_data[3],
+ ( UCHAR ) ifr.ifr_hwaddr.sa_data[4], ( UCHAR ) ifr.ifr_hwaddr.sa_data[5] );
+
+ if ( hasChanged (( char * ) &nSc, sizeof ( nSc ))) {
+ nSc.ifIndex = ifIndex;
-+ sprintf ( nSc.UID, "%04d\0", nSc.ifIndex );
++ sprintf ( nSc.UID, "%04ld", nSc.ifIndex );
+ strcpy ( nSc.ifName, ifName );
+ addList (( char * ) &scList, ( char * ) &nSc, sizeof ( nSc ));
+ }
+
+ if ( hasChanged (( char * ) &nPr, sizeof ( nPr ))) {
+ nPr.ifIndex = ifIndex;
-+ sprintf ( nPr.UID, "%04d\0", nPr.ifIndex );
++ sprintf ( nPr.UID, "%04ld", nPr.ifIndex );
+ strcpy ( nPr.ifName, ifName );
+ addList (( char * ) &prList, ( char * ) &nPr, sizeof ( nPr ));
+ }
+
+ if ( hasChanged (( char * ) &nOp, sizeof ( nOp ))) {
+ nOp.ifIndex = ifIndex;
-+ sprintf ( nOp.UID, "%04d\0", nOp.ifIndex );
++ sprintf ( nOp.UID, "%04ld", nOp.ifIndex );
+ strcpy ( nOp.ifName, ifName );
+ addList (( char * ) &opList, ( char * ) &nOp, sizeof ( nOp ));
+ }
+
+ if ( hasChanged (( char * ) &nCo, sizeof ( nCo ))) {
+ nCo.ifIndex = ifIndex;
-+ sprintf ( nCo.UID, "%04d\0", nCo.ifIndex );
++ sprintf ( nCo.UID, "%04ld", nCo.ifIndex );
+ strcpy ( nCo.ifName, ifName );
+ addList (( char * ) &coList, ( char * ) &nCo, sizeof ( nCo ));
+ }
+
+ if ( hasChanged (( char * ) &nRi, sizeof ( nRi ))) {
+ nRi.ifIndex = ifIndex;
-+ sprintf ( nRi.UID, "%04d\0", nRi.ifIndex );
++ sprintf ( nRi.UID, "%04ld", nRi.ifIndex );
+ strcpy ( nRi.ifName, ifName );
+ addList (( char * ) &riList, ( char * ) &nRi, sizeof ( nRi ));
+ }
+
+ if ( hasChanged (( char * ) &nPo, sizeof ( nPo ))) {
+ nPo.ifIndex = ifIndex;
-+ sprintf ( nPo.UID, "%04d\0", nPo.ifIndex );
++ sprintf ( nPo.UID, "%04ld", nPo.ifIndex );
+ strcpy ( nPo.ifName, ifName );
+ addList (( char * ) &poList, ( char * ) &nPo, sizeof ( nPo ));
+ }
+
+ if ( hasChanged (( char * ) &nPa, sizeof ( nPa ))) {
+ nPa.ifIndex = ifIndex;
-+ sprintf ( nPa.UID, "%04d\0", nPa.ifIndex );
++ sprintf ( nPa.UID, "%04ld", nPa.ifIndex );
+ strcpy ( nPa.ifName, ifName );
+ addList (( char * ) &paList, ( char * ) &nPa, sizeof ( nPa ));
+ }
+
+ if ( hasChanged (( char * ) &nPt, sizeof ( nPt ))) {
+ nPt.ifIndex = ifIndex;
-+ sprintf ( nPt.UID, "%04d\0", nPt.ifIndex );
++ sprintf ( nPt.UID, "%04ld", nPt.ifIndex );
+ strcpy ( nPt.ifName, ifName );
+ addList (( char * ) &ptList, ( char * ) &nPt, sizeof ( nPt ));
+ }
+
+ if ( hasChanged (( char * ) &nPf, sizeof ( nPf ))) {
+ nPf.ifIndex = ifIndex;
-+ sprintf ( nPf.UID, "%04d\0", nPf.ifIndex );
++ sprintf ( nPf.UID, "%04ld", nPf.ifIndex );
+ strcpy ( nPf.ifName, ifName );
+ addList (( char * ) &pfList, ( char * ) &nPf, sizeof ( nPf ));
+ }
+
+ if ( hasChanged (( char * ) &nPd, sizeof ( nPd ))) {
+ nPd.ifIndex = ifIndex;
-+ sprintf ( nPd.UID, "%04d\0", nPd.ifIndex );
++ sprintf ( nPd.UID, "%04ld", nPd.ifIndex );
+ strcpy ( nPd.ifName, ifName );
+ addList (( char * ) &pdList, ( char * ) &nPd, sizeof ( nPd ));
+ }
+
+ if ( hasChanged (( char * ) &nPi, sizeof ( nPi ))) {
+ nPi.ifIndex = ifIndex;
-+ sprintf ( nPi.UID, "%04d\0", nPi.ifIndex );
++ sprintf ( nPi.UID, "%04ld", nPi.ifIndex );
+ strcpy ( nPi.ifName, ifName );
+ addList (( char * ) &piList, ( char * ) &nPi, sizeof ( nPi ));
+ }
+ }
+
-+//printf ( "%s - ifIndex: %d ifName: %s UID: %s\n",
++//printf ( "%s - ifIndex: %ld ifName: %s UID: %s\n",
+// "load80211Structs() - HASCHANGED", ifIndex, ifName, nSc.UID );
+}
+
+ nAa.ifIndex = ifIndex;
+ nAa.authenticationAlgorithmsIndex = 1; // index number one
+ nAa.authenticationAlgorithm = 1; // 1 => open key
-+ sprintf ( nAa.UID, "%04d%04d\0", nAa.ifIndex, nAa.authenticationAlgorithmsIndex );
++ sprintf ( nAa.UID, "%04ld%04ld", nAa.ifIndex, nAa.authenticationAlgorithmsIndex );
+ nAa.authenticationAlgorithmsEnable = 1; // enabled by default
+ if ( ( wi->has_key ) &&
+ ( wi->key_size != 0 ) &&
+ nAa.ifIndex = ifIndex;
+ nAa.authenticationAlgorithmsIndex = 2; // index number 2
+ nAa.authenticationAlgorithm = 2; // 2 => shared key
-+ sprintf ( nAa.UID, "%04d%04d\0", nAa.ifIndex, nAa.authenticationAlgorithmsIndex );
++ sprintf ( nAa.UID, "%04ld%04ld", nAa.ifIndex, nAa.authenticationAlgorithmsIndex );
+ nAa.authenticationAlgorithmsEnable = 2;
+ if ( ( wi->has_key ) &&
+ ( wi->key_size != 0 ) &&
+ nDf.haveWEPDefaultKeyValue = TRUE;
+ nDf.ifIndex = ifIndex;
+ nDf.WEPDefaultKeyIndex = i + 1; // index number
-+ sprintf ( nDf.UID, "%04d%04d\0", nDf.ifIndex, nDf.WEPDefaultKeyIndex );
++ sprintf ( nDf.UID, "%04ld%04ld", nDf.ifIndex, nDf.WEPDefaultKeyIndex );
+ if ( wep[i].haveKey )
+ strcpy ( nDf.WEPDefaultKeyValue, "*****" );
+ else
+ nRt.supportedDataRatesTxIndex = i + 1;
+ nRt.supportedDataRatesTxValue = wi->range.bitrate[i] / 500000L;
+ nRt.haveSupportedDataRatesTxValue = TRUE;
-+ sprintf ( nRt.UID, "%04d%04d\0", nRt.ifIndex, nRt.supportedDataRatesTxIndex );
++ sprintf ( nRt.UID, "%04ld%04ld", nRt.ifIndex, nRt.supportedDataRatesTxIndex );
+ strcpy ( nRt.ifName, ifName );
+ addList (( char * ) &rtList, ( char * ) &nRt, sizeof ( nRt ));
+ }
+ nRr.supportedDataRatesRxIndex = i + 1;
+ nRr.supportedDataRatesRxValue = wi->range.bitrate[i] / 500000L;
+ nRr.haveSupportedDataRatesRxValue = TRUE;
-+ sprintf ( nRr.UID, "%04d%04d\0", nRr.ifIndex, nRr.supportedDataRatesRxIndex );
++ sprintf ( nRr.UID, "%04ld%04ld", nRr.ifIndex, nRr.supportedDataRatesRxIndex );
+ strcpy ( nRr.ifName, ifName );
+ addList (( char * ) &rrList, ( char * ) &nRr, sizeof ( nRr ));
+ }
+ s = bfr;
+ s = strchr ( s, ':' ); s++; /* Skip ethX: */
+ s = strtok ( s, " " ); /* ' ' => '\0' */
-+ sscanf ( s, "%X", &wi->stats.status ); // status
++ sscanf ( s, "%hX", &wi->stats.status ); // status
+
+ s = strtok ( NULL, " " ); // link quality
+ if ( strchr ( s, '.' ) != NULL )
+ wi->stats.qual.updated |= 1;
-+ sscanf ( s, "%d", &wi->stats.qual.qual );
++ sscanf ( s, "%hhd", &wi->stats.qual.qual );
+
+ s = strtok ( NULL, " " ); // signal level
+ if ( strchr ( s,'.' ) != NULL )
+ wi->stats.qual.updated |= 2;
-+ sscanf ( s, "%d", &wi->stats.qual.level );
++ sscanf ( s, "%hhd", &wi->stats.qual.level );
+
+ s = strtok ( NULL, " " ); // noise level
+ if ( strchr ( s, '.' ) != NULL )
+ wi->stats.qual.updated += 4;
-+ sscanf ( s, "%d", &wi->stats.qual.noise );
++ sscanf ( s, "%hhd", &wi->stats.qual.noise );
+
+ s = strtok ( NULL, " " ); sscanf ( s, "%d", &wi->stats.discard.nwid );
+ s = strtok ( NULL, " " ); sscanf ( s, "%d", &wi->stats.discard.code );
+ printf ( "%s %s\n", "SIOCGIWFREQ", " ===> no info.freq support" );
+
+ if ( info.has_sens )
-+ printf ( "%s sens: %d\n", "SIOCGIWSENS", info.sens );
++ printf ( "%s sens: %" PRIdPTR "\n", "SIOCGIWSENS", *(intptr_t *)&info.sens );
+ else
+ printf ( "%s %s\n", "SIOCGIWSENS", " ===> no info.sens support" );
+
+ if ( info.has_key ) {
-+ printf ( "%s key_size: %d key_flags: %d wepCurrentKey: %d\n",
++ printf ( "%s key_size: %d key_flags: %d wepCurrentKey: %ld\n",
+ "SIOCGIWENCODE", info.key_size, info.key_flags, wepCurrentKey );
+ printf ( "%s MODE: %d DISABLED: %d INDEX: %d OPEN: %d RESTRICTED: %d NOKEY: %d TEMP: %d\n",
+ "SIOCGIWENCODE", info.key_flags & IW_ENCODE_MODE,
+
+ for ( i = 0; i < MAX_WEP_KEYS; i++ ) {
+ if ( wep[i].haveKey )
-+ printf ( "%s wep[%d].len: %d wep[%d].key: %s\n",
++ printf ( "%s wep[%d].len: %ld wep[%d].key: %s\n",
+ "SIOCGIWENCODE", i, wep[i].len, i, wep[i].key );
+ }
+
+ printf ( "%s %s\n", "SIOCGIWAP", " ===> no ap_addr information" );
+
+ if ( info.has_bitrate )
-+ printf ( "%s bitrate: %d value: %d fixed: %d disabled: %d flags: %d\n",
-+ "SIOCGIWRATE", info.bitrate, info.bitrate.value, info.bitrate.fixed,
++ printf ( "%s bitrate: %" PRIdPTR " value: %d fixed: %d disabled: %d flags: %d\n",
++ "SIOCGIWRATE", *(intptr_t *)&info.bitrate, info.bitrate.value, info.bitrate.fixed,
+ info.bitrate.disabled, info.bitrate.flags );
+ else
+ printf ( "%s %s\n", "SIOCGIWRATE", " ===> no info.bitrate support" );
+
+ if ( info.has_rts )
-+ printf ( "%s rts: %d\n", "SIOCGIWRTS", info.rts );
++ printf ( "%s rts: %" PRIdPTR "\n", "SIOCGIWRTS", *(intptr_t *)&info.rts );
+ else
+ printf ( "%s %s\n", "SIOCGIWRTS", " ===> no info.rts support" );
+
+ if ( info.has_frag )
-+ printf ( "%s frag: %d\n", "SIOCGIWFRAG", info.frag );
++ printf ( "%s frag: %" PRIdPTR "\n", "SIOCGIWFRAG", *(intptr_t *)&info.frag );
+ else
+ printf ( "%s %s\n", "SIOCGIWFRAG", " ===> no info.frag support" );
+
+ printf ( "%s %s\n", "SIOCGIWMODE", " ===> no info.mode support" );
+
+ if ( info.has_power ) {
-+ printf ( "%s power: %d\n", "SIOCGIWPOWER", info.power );
++ printf ( "%s power: %" PRIdPTR "\n", "SIOCGIWPOWER", *(intptr_t *)&info.power );
+ printf ( "%s disabled: %d MIN: %d MAX: %d TIMEOUT: %d RELATIVE: %d\n",
+ "SIOCGIWPOWER",
+ info.power.disabled ? 1:0,
+ printf ( "%s %s\n", "SIOCGIWPOWER", " ===> no info.power support" );
+
+ if ( info.has_retry )
-+ printf ( "%s retry: %d\n", "SIOCGIWRETRY", info.retry );
++ printf ( "%s retry: %" PRIdPTR "\n", "SIOCGIWRETRY", *(intptr_t *)&info.retry );
+ else
+ printf ( "%s %s\n", "SIOCGIWRETRY", " ===> no info.retry support" );
+
+addList ( char *l, char *data, int len )
+{
+ char uid[256];
-+ LIST_HEAD ( , avNode ) *list;
++ avList_t *list;
+
+ // NOTE: this assumes the UID is at the beginning of the
+ // data structure and that UIDs are strings
+
-+ list = ( LIST_HEAD ( , avNode ) * ) l; // NOTE: don't know how to get
++ list = ( avList_t * ) l; // NOTE: don't know how to get
+ strcpy ( uid, data ); // rid of compiler warning on
+ // LISTHEAD typecast
+ // create a new node and the data that goes in it
+****************************************************************************/
+static void flushList ( char *l )
+{
-+ LIST_HEAD ( , avNode ) *list;
++ avList_t *list;
+
-+ list = ( LIST_HEAD ( , avNode ) * ) l; // NOTE: don't know how to get
++ list = ( avList_t * ) l; // NOTE: don't know how to get
+ while ( !LIST_EMPTY ( list )) { // rid of compiler warning on
+ np = LIST_FIRST ( list ); // LISTHEAD typecast
+ if ( np->data )
+
--- /dev/null
+++ b/agent/mibgroup/ieee802dot11.h
-@@ -0,0 +1,730 @@
+@@ -0,0 +1,732 @@
+/****************************************************************************
+* *
+* File Name: ieee802dot11.h *
+/****************************************************************************
+* Linked List Structure *
+****************************************************************************/
-+static struct avNode {
++struct avNode {
+ LIST_ENTRY ( avNode ) nodes;
+ char *data; // pointer to data
+};
+WriteMethod write_dot11SupportedRxAntenna;
+WriteMethod write_dot11DiversitySelectionRx;
+
++void shutdown_ieee802dot11 ( void );
++
+#endif /* _MIBGROUP_IEEE802DOT11_H */
--- /dev/null
+++ b/agent/mibgroup/iwlib.h
-@@ -0,0 +1,502 @@
+@@ -0,0 +1,509 @@
+/*
+ * Wireless Tools
+ *
+#include <unistd.h>
+#include <netdb.h> /* gethostbyname, getnetbyname */
+#include <net/ethernet.h> /* struct ether_addr */
++#ifdef HAVE_NET_IF_H
++#include <net/if.h>
++#endif
+#include <sys/time.h> /* struct timeval */
+#include <unistd.h>
+
+ && LINUX_VERSION_CODE < KERNEL_VERSION(2,1,0)
+#define LIBC5_HEADERS
+
++/* Musl */
++#elif !defined(__GLIBC__) && LINUX_VERSION_CODE >= KERNEL_VERSION(3,0,0)
++#define GENERIC_HEADERS
++
+/* Unsupported combination */
+#else
+#error "Your kernel/libc combination is not supported"
--- /dev/null
+--- a/agent/mib_modules.c
++++ b/agent/mib_modules.c
+@@ -42,6 +42,7 @@
+ #include <net-snmp/agent/table.h>
+ #include <net-snmp/agent/table_iterator.h>
+ #include "mib_module_includes.h"
++#include "mibgroup/ieee802dot11.h"
+
+ static int need_shutdown = 0;
+
--- a/agent/mibgroup/iwlib.h
+++ b/agent/mibgroup/iwlib.h
-@@ -85,6 +85,10 @@
- && LINUX_VERSION_CODE < KERNEL_VERSION(2,1,0)
- #define LIBC5_HEADERS
+@@ -92,6 +92,10 @@
+ #elif !defined(__GLIBC__) && LINUX_VERSION_CODE >= KERNEL_VERSION(3,0,0)
+ #define GENERIC_HEADERS
+/* Musl */
+#elif !defined(__GLIBC__) && LINUX_VERSION_CODE >= KERNEL_VERSION(3,0,0)
--- /dev/null
+#
+# Copyright (C) 2009-2013 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=netatalk
+PKG_VERSION:=3.2.5
+PKG_RELEASE:=1
+PKG_LICENSE:=GPL-2.0-or-later
+
+#PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_SOURCE_URL:=@SF/netatalk
+PKG_HASH:=57de9a7ed411029d6176e429a14ef314460251d8aebe7139aeadc35633d9584b
+
+PKG_BUILD_PARALLEL:=1
+PKG_INSTALL:=1
+PKG_FIXUP:=autoreconf
+
+PKG_CPE_ID:=cpe:/a:netatalk:netatalk
+
+PKG_BUILD_DEPENDS:=libevent2
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/netatalk
+ SECTION:=net
+ CATEGORY:=Network
+ SUBMENU:=Filesystem
+ DEPENDS:=+libattr +libdb47 +libgcrypt +libopenssl +libevent2
+ TITLE:=netatalk
+ URL:=http://netatalk.sourceforge.net
+ MAINTAINER:=An Pa <apccv@outlook.com>
+endef
+
+define Package/netatalk/decription
+ Netatalk is a freely-available Open Source AFP fileserver.
+ It also provides a kernel level implementation of the AppleTalk
+ Protocol Suite.
+endef
+
+TARGET_CFLAGS += -std=gnu99
+
+CONFIGURE_ARGS += \
+ --disable-afs \
+ --disable-hfs \
+ --enable-debugging \
+ --disable-shell-check \
+ --disable-timelord \
+ --disable-a2boot \
+ --disable-cups \
+ --disable-tcp-wrappers \
+ --with-cnid-default-backend=dbd \
+ --with-bdb="$(STAGING_DIR)/usr/" \
+ --with-libevent=no \
+ --with-libgcrypt-dir="$(STAGING_DIR)/usr" \
+ --with-ssl-dir="$(STAGING_DIR)/usr" \
+ --with-uams-path="/usr/lib/uams" \
+ --without-acls \
+ --without-kerberos \
+ --without-mysql \
+ --with-mysql-config=false \
+ --without-pam \
+ --disable-admin-group \
+ --disable-srvloc \
+ --disable-zeroconf \
+ $(if $(CONFIG_SHADOW_PASSWORDS),--with-shadow,--without-shadow) \
+ --without-dtrace \
+ --without-ldap
+
+define Package/netatalk/conffiles
+/etc/afp.conf
+/etc/extmap.conf
+/etc/netatalk/
+endef
+
+define Package/netatalk/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_DIR) $(1)/usr/lib/uams
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libatalk.so* $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/bin/dbd $(1)/usr/bin/
+ $(CP) $(PKG_INSTALL_DIR)/usr/bin/ad $(1)/usr/bin/
+ $(CP) $(PKG_INSTALL_DIR)/usr/bin/afppasswd $(1)/usr/bin/
+ $(CP) $(PKG_INSTALL_DIR)/usr/sbin/afpd $(1)/usr/sbin/
+ $(CP) $(PKG_INSTALL_DIR)/usr/sbin/cnid_dbd $(1)/usr/sbin/
+ $(CP) $(PKG_INSTALL_DIR)/usr/sbin/cnid_metad $(1)/usr/sbin/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/uams/*.so $(1)/usr/lib/uams/
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/afp.conf $(1)/etc/
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/extmap.conf $(1)/etc/
+ $(INSTALL_BIN) ./files/afpd.init $(1)/etc/init.d/afpd
+endef
+
+$(eval $(call BuildPackage,netatalk))
--- /dev/null
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2010-2012 OpenWrt.org
+
+START=80
+STOP=10
+
+USE_PROCD=1
+
+start_service() {
+ mkdir -p /var/netatalk/CNID/
+
+ procd_open_instance
+ procd_set_param command /usr/sbin/afpd -d -F /etc/afp.conf
+ procd_set_param file /etc/afp.conf
+ procd_set_param respawn
+ procd_close_instance
+
+ procd_open_instance
+ procd_set_param command /usr/sbin/cnid_metad -d
+ procd_set_param respawn
+ procd_close_instance
+}
+
include $(TOPDIR)/rules.mk
PKG_NAME:=netbird
-PKG_VERSION:=0.27.7
+PKG_VERSION:=0.29.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/netbirdio/netbird/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=8b93ea80bc8f6a69447c2ad00448c29b91f13822377136c1ea15b9ec45c23d9d
+PKG_HASH:=9072d16845de49ce395b150564b82f97a33defe007276b6b46d733306b6760ee
PKG_MAINTAINER:=Oskari Rauta <oskari.rauta@gmail.com>
PKG_LICENSE:=BSD-3-Clause
SUBMENU:=VPN
TITLE:=Connect your devices into a single secure private WireGuard®-based mesh network
URL:=https://netbird.io
- DEPENDS:=$(GO_ARCH_DEPENDS)
+ DEPENDS:=$(GO_ARCH_DEPENDS) +kmod-wireguard
endef
define Package/netbird/description
--- /dev/null
+#!/bin/sh
+
+"${PKG_NAME}" version | grep "${PKG_VERSION}"
include $(TOPDIR)/rules.mk
PKG_NAME:=nextdns
-PKG_VERSION:=1.43.3
+PKG_VERSION:=1.43.5
PKG_RELEASE:=1
PKG_SOURCE:=nextdns-$(PKG_VERSION).tar.gz
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
PKG_SOURCE_URL:=https://codeload.github.com/nextdns/nextdns/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=574b377d6f4af140e3dcfba78fcf68d52ddb32390c020d1fe9bc5ade0af85f97
+PKG_HASH:=743f64d876c2c7afdae47716af1d41a6c5ec21adae74a318e5eb9319023a38c2
PKG_MAINTAINER:=Olivier Poitrey <rs@nextdns.io>
PKG_LICENSE:=MIT
PKG_NAME:=nfs-kernel-server
PKG_VERSION:=2.6.2
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_HASH:=26d46448982252e9e2c8346d10cf13e1143e7089c866f53e25db3359f3e9493c
PKG_SOURCE_URL:=@SF/nfs
-/mnt *(ro,all_squash,insecure,sync)
+# /mnt *(ro,all_squash,insecure,sync)
include $(TOPDIR)/rules.mk
PKG_NAME:=nginx-util
-PKG_VERSION:=1.6
-PKG_RELEASE:=21
+PKG_VERSION:=1.7
+PKG_RELEASE:=1
PKG_MAINTAINER:=Peter Stadler <peter.stadler@student.uibk.ac.at>
include $(INCLUDE_DIR)/package.mk
CMAKE_OPTIONS+= -DUBUS=y
CMAKE_OPTIONS+= -DVERSION=$(PKG_VERSION)
-TARGET_CFLAGS+= -Wno-error=deprecated-declarations
-
define Package/nginx-ssl-util/default
SECTION:=net
CATEGORY:=Network
#ifndef _PX5G_OPENSSL_HPP
#define _PX5G_OPENSSL_HPP
-// #define OPENSSL_API_COMPAT 0x10102000L
#include <fcntl.h>
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
+#include <openssl/evp.h>
#include <unistd.h>
#include <memory>
#include <stdexcept>
auto gen_eckey(int curve) -> EVP_PKEY_ptr;
-auto gen_rsakey(int keysize, BN_ULONG exponent = RSA_F4) -> EVP_PKEY_ptr;
+auto gen_rsakey(int keysize) -> EVP_PKEY_ptr;
void write_key(const EVP_PKEY_ptr& pkey, const std::string& keypath = "", bool use_pem = true);
}
EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
-
EC_GROUP_set_point_conversion_form(group, POINT_CONVERSION_UNCOMPRESSED);
- auto* eckey = EC_KEY_new();
+ EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, nullptr);
- if (eckey != nullptr) {
- if ((EC_KEY_set_group(eckey, group) == 0) || (EC_KEY_generate_key(eckey) == 0)) {
- EC_KEY_free(eckey);
- eckey = nullptr;
- }
+ if (!ctx || !EVP_PKEY_paramgen_init(ctx)) {
+ EC_GROUP_free(group);
+ if (ctx) EVP_PKEY_CTX_free(ctx);
+ throw std::runtime_error("gen_eckey error: could not initialize paramgen");
}
- EC_GROUP_free(group);
-
- if (eckey == nullptr) {
- std::string errmsg{"gen_eckey error: cannot build key with curve id "};
- errmsg += std::to_string(curve) + "\n";
+ if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, curve) <= 0) {
+ EVP_PKEY_CTX_free(ctx);
+ EC_GROUP_free(group);
+ std::string errmsg{"gen_eckey error: cannot set curve nid\n"};
ERR_print_errors_cb(print_error, &errmsg);
throw std::runtime_error(errmsg);
}
- EVP_PKEY_ptr pkey{EVP_PKEY_new(), ::EVP_PKEY_free};
-
- // EVP_PKEY_assign_EC_KEY is a macro casting eckey to char *:
- // NOLINTNEXTLINE(cppcoreguidelines-pro-type-cstyle-cast)
- if (!EVP_PKEY_assign_EC_KEY(pkey.get(), eckey)) {
- EC_KEY_free(eckey);
- std::string errmsg{"gen_eckey error: cannot assign EC key to EVP\n"};
+ EVP_PKEY* params = nullptr;
+ if (EVP_PKEY_paramgen(ctx, ¶ms) <= 0) {
+ EVP_PKEY_CTX_free(ctx);
+ EC_GROUP_free(group);
+ std::string errmsg{"gen_eckey error: cannot generate parameters\n"};
ERR_print_errors_cb(print_error, &errmsg);
throw std::runtime_error(errmsg);
}
- return pkey;
-}
+ EVP_PKEY_CTX_free(ctx);
-auto gen_rsakey(const int keysize, const BN_ULONG exponent) -> EVP_PKEY_ptr
-{
- if (keysize < rsa_min_modulus_bits || keysize > OPENSSL_RSA_MAX_MODULUS_BITS) {
- std::string errmsg{"gen_rsakey error: RSA keysize ("};
- errmsg += std::to_string(keysize) + ") out of range [512..";
- errmsg += std::to_string(OPENSSL_RSA_MAX_MODULUS_BITS) + "]";
+ std::unique_ptr<EVP_PKEY, decltype(&EVP_PKEY_free)> params_ptr(params, EVP_PKEY_free);
+
+ EVP_PKEY_CTX* key_gen_ctx = EVP_PKEY_CTX_new(params, nullptr);
+
+ if (!key_gen_ctx || EVP_PKEY_keygen_init(key_gen_ctx) <= 0) {
+ EC_GROUP_free(group);
+ if (key_gen_ctx) EVP_PKEY_CTX_free(key_gen_ctx);
+ std::string errmsg{"gen_eckey error: cannot initialize key generation context\n"};
+ ERR_print_errors_cb(print_error, &errmsg);
throw std::runtime_error(errmsg);
}
- auto* bignum = BN_new();
- if (bignum == nullptr) {
- std::string errmsg{"gen_rsakey error: cannot get big number struct\n"};
+ EVP_PKEY* pkey = nullptr;
+ if (EVP_PKEY_keygen(key_gen_ctx, &pkey) <= 0) {
+ EVP_PKEY_CTX_free(key_gen_ctx);
+ EC_GROUP_free(group);
+ std::string errmsg{"gen_eckey error: cannot generate key pair\n"};
ERR_print_errors_cb(print_error, &errmsg);
throw std::runtime_error(errmsg);
}
- auto* rsa = RSA_new();
-
- if (rsa != nullptr) {
- if ((BN_set_word(bignum, exponent) == 0) ||
- (RSA_generate_key_ex(rsa, keysize, bignum, nullptr) == 0))
- {
- RSA_free(rsa);
- rsa = nullptr;
- }
- }
+ EVP_PKEY_CTX_free(key_gen_ctx);
+ EC_GROUP_free(group);
- BN_free(bignum);
+ return EVP_PKEY_ptr{pkey, EVP_PKEY_free};
+}
- if (rsa == nullptr) {
- std::string errmsg{"gen_rsakey error: cannot create RSA key with size"};
- errmsg += std::to_string(keysize) + " and exponent ";
- errmsg += std::to_string(exponent) + "\n";
- ERR_print_errors_cb(print_error, &errmsg);
+auto gen_rsakey(const int keysize) -> EVP_PKEY_ptr
+{
+ if (keysize < rsa_min_modulus_bits || keysize > OPENSSL_RSA_MAX_MODULUS_BITS) {
+ std::string errmsg{"gen_rsakey error: RSA keysize ("};
+ errmsg += std::to_string(keysize) + ") out of range [512..";
+ errmsg += std::to_string(OPENSSL_RSA_MAX_MODULUS_BITS) + "]";
throw std::runtime_error(errmsg);
}
- EVP_PKEY_ptr pkey{EVP_PKEY_new(), ::EVP_PKEY_free};
+ EVP_PKEY_ptr pkey = {EVP_RSA_gen(keysize), EVP_PKEY_free};
- // EVP_PKEY_assign_RSA is a macro casting rsa to char *:
- // NOLINTNEXTLINE(cppcoreguidelines-pro-type-cstyle-cast)
- if (!EVP_PKEY_assign_RSA(pkey.get(), rsa)) {
- RSA_free(rsa);
- std::string errmsg{"gen_rsakey error: cannot assign RSA key to EVP\n"};
+ if (!pkey) {
+ std::string errmsg{"gen_rsakey error: unable to generate RSA key with size: "};
+ errmsg += std::to_string(keysize);
ERR_print_errors_cb(print_error, &errmsg);
throw std::runtime_error(errmsg);
}
BIO* bio = nullptr;
if (keypath.empty()) {
- bio = _BIO_new_fp(stdout, use_pem);
+ bio = BIO_new_fp(stdout, BIO_NOCLOSE);
}
-
- else { // BIO_new_file(keypath.c_str(), (use_pem ? "w" : "wb") );
-
- static constexpr auto mask = 0600;
- // auto fd = open(keypath.c_str(), O_WRONLY | O_CREAT | O_TRUNC, mask);
- // creat has no cloexec, alt. triggers cppcoreguidelines-pro-type-vararg
- // NOLINTNEXTLINE(android-cloexec-creat)
- auto fd = creat(keypath.c_str(), mask); // the same without va_args.
-
- if (fd >= 0) {
- auto* fp = fdopen(fd, (use_pem ? "w" : "wb"));
-
- if (fp != nullptr) {
- bio = _BIO_new_fp(fp, use_pem, true);
- if (bio == nullptr) {
- // NOLINTNEXTLINE(cppcoreguidelines-owning-memory) fp owns fd:
- fclose(fp);
- }
- }
- else {
- close(fd);
- }
- }
+ else {
+ bio = BIO_new_file(keypath.c_str(), use_pem ? "w" : "wb");
}
if (bio == nullptr) {
throw std::runtime_error(errmsg);
}
- int len = 0;
-
- auto* key = pkey.get();
- switch (EVP_PKEY_base_id(key)) { // use same format as px5g:
- case EVP_PKEY_EC:
- len = use_pem ? PEM_write_bio_ECPrivateKey(bio, EVP_PKEY_get0_EC_KEY(key), nullptr,
- nullptr, 0, nullptr, nullptr)
- : i2d_ECPrivateKey_bio(bio, EVP_PKEY_get0_EC_KEY(key));
- break;
- case EVP_PKEY_RSA:
- len = use_pem ? PEM_write_bio_RSAPrivateKey(bio, EVP_PKEY_get0_RSA(key), nullptr,
- nullptr, 0, nullptr, nullptr)
- : i2d_RSAPrivateKey_bio(bio, EVP_PKEY_get0_RSA(key));
- break;
- default:
- len = use_pem
- ? PEM_write_bio_PrivateKey(bio, key, nullptr, nullptr, 0, nullptr, nullptr)
- : i2d_PrivateKey_bio(bio, key);
+ if (use_pem) {
+ if (PEM_write_bio_PrivateKey(bio, pkey.get(), nullptr, nullptr, 0, nullptr, nullptr) != 1) {
+ BIO_free_all(bio);
+ std::string errmsg{"write_key error: cannot write EVP pkey to "};
+ errmsg += keypath.empty() ? "stdout" : keypath;
+ errmsg += "\n";
+ ERR_print_errors_cb(print_error, &errmsg);
+ throw std::runtime_error(errmsg);
+ }
+ }
+ else {
+ if (i2d_PrivateKey_bio(bio, pkey.get()) != 1) {
+ BIO_free_all(bio);
+ std::string errmsg{"write_key error: cannot write EVP pkey to "};
+ errmsg += keypath.empty() ? "stdout" : keypath;
+ errmsg += "\n";
+ ERR_print_errors_cb(print_error, &errmsg);
+ throw std::runtime_error(errmsg);
+ }
}
BIO_free_all(bio);
-
- if (len == 0) {
- std::string errmsg{"write_key error: cannot write EVP pkey to "};
- errmsg += keypath.empty() ? "stdout" : keypath;
- errmsg += "\n";
- ERR_print_errors_cb(print_error, &errmsg);
- throw std::runtime_error(errmsg);
- }
}
auto subject2name(const std::string& subject) -> X509_NAME_ptr
throw std::runtime_error("subject2name errror: not starting with /");
}
- X509_NAME_ptr name = {X509_NAME_new(), ::X509_NAME_free};
+ X509_NAME_ptr name = {X509_NAME_new(), X509_NAME_free};
if (!name) {
std::string errmsg{"subject2name error: cannot create X509 name \n"};
include $(TOPDIR)/rules.mk
PKG_NAME:=nginx
-PKG_VERSION:=1.25.5
-PKG_RELEASE:=3
+PKG_VERSION:=1.26.1
+PKG_RELEASE:=1
PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://nginx.org/download/
-PKG_HASH:=2fe2294f8af4144e7e842eaea884182a84ee7970e11046ba98194400902bbec0
+PKG_HASH:=f9187468ff2eb159260bfd53867c25ff8e334726237acf227b9e870e53d3e36b
PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de> \
Christian Marangi <ansuelsmth@gmail.com>
PKG_NAME:=ntp
PKG_VERSION:=4.2.8p17
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/
PKG_LICENSE_FILES:=COPYRIGHT html/copyright.html
PKG_CPE_ID:=cpe:/a:ntp:ntp
-PKG_FIXUP:=autoreconf
PKG_LIBTOOL_PATHS:=. sntp
PKG_CHECK_FORMAT_SECURITY:=0
PKG_BUILD_PARALLEL:=1
PKG_NAME:=ocserv
PKG_VERSION:=1.3.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_BUILD_FLAGS:=no-mips16
PKG_BUILD_DIR :=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
[ -n "$hostname" ] && dyndns="true"
mkdir -p /var/etc
- sed -e "s#|PORT|#$port#g" \
- -e "s#|UDP_PORT|#$udp_port#g" \
- -e "s#|MAX_CLIENTS|#$max_clients#g" \
- -e "s#|MAX_SAME|#$max_same#g" \
- -e "s#|DPD|#$dpd#g" \
- -e "s#|AUTH|#$auth$authsuffix#g" \
- -e "s#|DYNDNS|#$dyndns#g" \
- -e "s#|PREDICTABLE_IPS|#$predictable_ips#g" \
- -e "s#|DEFAULT_DOMAIN|#$default_domain#g" \
- -e "s#|ENABLE_DEFAULT_DOMAIN|#$enable_default_domain#g" \
- -e "s#|ENABLE_SPLIT_DNS|#$enable_split_dns#g" \
- -e "s#|CISCO_COMPAT|#$cisco_compat#g" \
- -e "s#|PING_LEASES|#$ping_leases#g" \
- -e "s#|UDP|#$enable_udp#g" \
- -e "s#|COMPRESSION|#$enable_compression#g" \
- -e "s#|IPV4ADDR|#$ipaddr#g" \
- -e "s#|NETMASK|#$netmask#g" \
- -e "s#|IPV6ADDR|#$ip6addr#g" \
- -e "s#|ENABLE_IPV6|#$enable_ipv6#g" \
+ sed -e "s~|PORT|~$port~g" \
+ -e "s~|UDP_PORT|~$udp_port~g" \
+ -e "s~|MAX_CLIENTS|~$max_clients~g" \
+ -e "s~|MAX_SAME|~$max_same~g" \
+ -e "s~|DPD|~$dpd~g" \
+ -e "s~|AUTH|~$auth$authsuffix~g" \
+ -e "s~|DYNDNS|~$dyndns~g" \
+ -e "s~|PREDICTABLE_IPS|~$predictable_ips~g" \
+ -e "s~|DEFAULT_DOMAIN|~$default_domain~g" \
+ -e "s~|ENABLE_DEFAULT_DOMAIN|~$enable_default_domain~g" \
+ -e "s~|ENABLE_SPLIT_DNS|~$enable_split_dns~g" \
+ -e "s~|CISCO_COMPAT|~$cisco_compat~g" \
+ -e "s~|PING_LEASES|~$ping_leases~g" \
+ -e "s~|UDP|~$enable_udp~g" \
+ -e "s~|COMPRESSION|~$enable_compression~g" \
+ -e "s~|IPV4ADDR|~$ipaddr~g" \
+ -e "s~|NETMASK|~$netmask~g" \
+ -e "s~|IPV6ADDR|~$ip6addr~g" \
+ -e "s~|ENABLE_IPV6|~$enable_ipv6~g" \
/etc/ocserv/ocserv.conf.template > /var/etc/ocserv.conf
test -f /etc/ocserv/ocserv.conf.local && cat /etc/ocserv/ocserv.conf.local >> /var/etc/ocserv.conf
config_foreach setup_users ocservusers
procd_open_instance
- procd_set_param command /usr/sbin/ocserv -f -c /var/etc/ocserv.conf
+ procd_set_param command /usr/sbin/ocserv -s -f -c /var/etc/ocserv.conf
procd_set_param respawn
procd_close_instance
}
include $(TOPDIR)/rules.mk
PKG_NAME:=openfortivpn
-PKG_VERSION:=1.20.3
+PKG_VERSION:=1.22.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/adrienverge/openfortivpn/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=e54331098dc2c009cf98524f0ade027e337739506c5a60b65e2c2bf5f9c1d7e1
+PKG_HASH:=9aaaae2229f01b35bf79dcc9e1c0a4363cec75084a30fd46df58c20d52bff809
PKG_MAINTAINER:=Lucian Cristian <lucian.cristian@gmail.com>
PKG_LICENSE:=GPL-3.0-or-later OpenSSL
include $(TOPDIR)/rules.mk
PKG_NAME:=openssh
-PKG_VERSION:=9.7p1
+PKG_REALVERSION:=9.8p1
+PKG_VERSION:=9.8_p1
PKG_RELEASE:=2
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_REALVERSION).tar.gz
PKG_SOURCE_URL:=https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
-PKG_HASH:=490426f766d82a2763fcacd8d83ea3d70798750c7bd2aff2e57dc5660f773ffd
+PKG_HASH:=dd8bd002a379b5d499dfb050dd1fa9af8029e80461f4bb6c523c49973f5a39f3
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(if $(BUILD_VARIANT),$(PKG_NAME)-$(BUILD_VARIANT)/)$(PKG_NAME)-$(PKG_REALVERSION)
PKG_LICENSE:=BSD ISC
PKG_LICENSE_FILES:=LICENCE
--without-kerberos5 \
--with-stackprotect \
--with$(if $(CONFIG_OPENSSL_ENGINE),,out)-ssl-engine \
- --with$(if $(CONFIG_OPENSSH_LIBFIDO2),,out)-security-key-builtin
+ --with$(if $(CONFIG_OPENSSH_LIBFIDO2),,out)-security-key-builtin \
+ --with-cflags-after=-fzero-call-used-regs=skip
ifeq ($(BUILD_VARIANT),with-pam)
CONFIGURE_ARGS += \
$(INSTALL_BIN) ./files/sshd.failsafe $(1)/lib/preinit/99_10_failsafe_sshd
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/sshd $(1)/usr/sbin/
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/sshd-session $(1)/usr/lib/
endef
define Package/openssh-server-pam/install
--- /dev/null
+--- a/openbsd-compat/port-linux.c
++++ b/openbsd-compat/port-linux.c
+@@ -366,7 +366,7 @@ ssh_systemd_notify(const char *fmt, ...)
+ error_f("socket \"%s\": %s", path, strerror(errno));
+ goto out;
+ }
+- if (connect(fd, &addr, sizeof(addr)) != 0) {
++ if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) != 0) {
+ error_f("socket \"%s\" connect: %s", path, strerror(errno));
+ goto out;
+ }
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://erdgeist.org/gitweb/opentracker
-PKG_SOURCE_DATE:=2021-08-23
-PKG_SOURCE_VERSION:=110868ec4ebe60521d5a4ced63feca6a1cf0aa2a
-PKG_MIRROR_HASH:=9c48e442c1ac28d9141146cdf58cd733cf82a18bbef7880df1c61231b01e1329
+PKG_SOURCE_DATE:=2024-06-22
+PKG_SOURCE_VERSION:=c854b3db9bf620e86481acfcc9fc31eba64bc8e6
+PKG_MIRROR_HASH:=50d0fc8166ae927aa4dad7701f23c9faab80afb0680f7ea460e7b048f8f01a16
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
PKG_LICENSE:=Beerware
include $(INCLUDE_DIR)/package.mk
-define Package/opentracker/Default
+define Package/opentracker
SUBMENU:=BitTorrent
SECTION:=net
CATEGORY:=Network
TITLE:=opentracker
URL:=http://erdgeist.org/arts/software/opentracker/
DEPENDS:=+zlib +libpthread
+ PROVIDES:=opentracker6
endef
-define Package/opentracker
-$(call Package/opentracker/Default)
- VARIANT:=ipv4
-endef
-
-define Package/opentracker6
-$(call Package/opentracker/Default)
- TITLE+= (IPv6 build)
- VARIANT:=ipv6
-endef
-
-
-define Package/opentracker-default/description
+define Package/opentracker/description
opentracker - An open and free bittorrent tracker
opentracker is an open and free bittorrent tracker project.
Currently it is deployed as an open and free tracker instance.
Read our free and open tracker blog and announce your torrents there
(but do not hesitate to setup your own free trackers!).
-endef
-
-define Package/opentracker/description
- $(call Package/opentracker-default/description)
-
- This package contains the IPv4-build of opentracker.
+ opentracker now supports listening on both IPv4 and IPv6 at the same time.
endef
-define Package/opentracker6/description
- $(call Package/opentracker-default/description)
-
- This package contains the IPv6-build of opentracker.
-
-endef
-
-
MAKE_FLAGS += PREFIX="$(STAGING_DIR)/usr"
-ifeq ($(BUILD_VARIANT),ipv6)
- MAKE_FLAGS += FEATURES="-DWANT_V6"
-endif
+TARGET_CFLAGS += -DWANT_NO_AUTO_FREE
define Package/opentracker/conffiles
/etc/opentracker.conf
endef
-define Package/opentracker6/conffiles
-/etc/opentracker6.conf
-endef
-
define Package/opentracker/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/opentracker $(1)/usr/bin
$(INSTALL_BIN) ./files/opentracker.init $(1)/etc/init.d/opentracker
endef
-define Package/opentracker6/install
- $(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/opentracker $(1)/usr/bin/opentracker6
- $(INSTALL_DIR) $(1)/etc
- $(INSTALL_CONF) $(PKG_BUILD_DIR)/opentracker.conf.sample $(1)/etc/opentracker6.conf
- $(INSTALL_DIR) $(1)/etc/init.d
- $(INSTALL_BIN) ./files/opentracker6.init $(1)/etc/init.d/opentracker6
-endef
-
$(eval $(call BuildPackage,opentracker))
-$(eval $(call BuildPackage,opentracker6))
+++ /dev/null
-#!/bin/sh /etc/rc.common
-
-START=10
-STOP=15
-
-NAME="opentracker6"
-PROG="/usr/bin/opentracker6"
-OPTIONS="-f /etc/opentracker6.conf"
-USE_PROCD=1
-
-start_service()
-{
- procd_open_instance
- procd_set_param command $PROG $OPTIONS
- procd_close_instance
-}
--- a/Makefile
+++ b/Makefile
-@@ -9,13 +9,13 @@ CC?=gcc
+@@ -7,13 +7,13 @@
# BSD flavour
# PREFIX?=/usr/local
depends on !OPENVPN_wolfssl_ENABLE_IPROUTE2
bool "Enable support for data channel offload"
default n if OPENVPN_openssl_ENABLE_IPROUTE2
+ select WOLFSSL_HAS_OPENVPN
help
enable data channel offload support
using the ovpn-dco-v2 kernel module
PKG_NAME:=openvpn
-PKG_VERSION:=2.6.10
+PKG_VERSION:=2.6.12
PKG_RELEASE:=1
PKG_SOURCE_URL:=\
https://build.openvpn.net/downloads/releases/ \
https://swupdate.openvpn.net/community/releases/
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=1993bbb7b9edb430626eaa24573f881fd3df642f427fcb824b1aed1fca1bcc9b
+PKG_HASH:=1c610fddeb686e34f1367c347e027e418e07523a10f4d8ce4a2c2af2f61a1929
PKG_MAINTAINER:=
--syslog "openvpn($name)" \
--status "/var/run/openvpn.$name.status" \
--cd "$dir" \
- --config "$conf" \
- --up "/usr/libexec/openvpn-hotplug up $name" \
- --down "/usr/libexec/openvpn-hotplug down $name" \
- --route-up "/usr/libexec/openvpn-hotplug route-up $name" \
- --route-pre-down "/usr/libexec/openvpn-hotplug route-pre-down $name" \
- ${client:+--ipchange "/usr/libexec/openvpn-hotplug ipchange $name"} \
- ${up:+--setenv user_up "$up"} \
- ${down:+--setenv user_down "$down"} \
- ${route_up:+--setenv user_route_up "$route_up"} \
- ${route_pre_down:+--setenv user_route_pre_down "$route_pre_down"} \
- ${client:+${ipchange:+--setenv user_ipchange "$ipchange"}} \
+ --config "$conf"
+ # external scripts can only be called on script-security 2 or higher
+ if [ "${security:-2}" -lt 2 ]; then
+ logger -t "openvpn(${name})" "not adding hotplug scripts due to script-security ${security:-2}"
+ else
+ procd_append_param command \
+ --up "/usr/libexec/openvpn-hotplug up $name" \
+ --down "/usr/libexec/openvpn-hotplug down $name" \
+ --route-up "/usr/libexec/openvpn-hotplug route-up $name" \
+ --route-pre-down "/usr/libexec/openvpn-hotplug route-pre-down $name" \
+ ${client:+--ipchange "/usr/libexec/openvpn-hotplug ipchange $name"} \
+ ${up:+--setenv user_up "$up"} \
+ ${down:+--setenv user_down "$down"} \
+ ${route_up:+--setenv user_route_up "$route_up"} \
+ ${route_pre_down:+--setenv user_route_pre_down "$route_pre_down"} \
+ ${client:+${ipchange:+--setenv user_ipchange "$ipchange"}}
+ fi
+ procd_append_param command \
--script-security "${security:-2}" \
$(openvpn_get_dev "$name" "$conf") \
$(openvpn_get_credentials "$name" "$conf")
static char mbedtls_version[30];
- unsigned int pv = mbedtls_version_get_number();
+ unsigned int pv = MBEDTLS_VERSION_NUMBER;
- sprintf( mbedtls_version, "mbed TLS %d.%d.%d",
+ snprintf(mbedtls_version, sizeof(mbedtls_version), "mbed TLS %d.%d.%d",
(pv>>24)&0xff, (pv>>16)&0xff, (pv>>8)&0xff );
return mbedtls_version;
#include <openssl/kdf.h>
#endif
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-@@ -1374,7 +1374,7 @@ memcmp_constant_time(const void *a, cons
+@@ -1398,7 +1398,7 @@ memcmp_constant_time(const void *a, cons
return CRYPTO_memcmp(a, b, size);
}
PKG_NAME:=ostiary
PKG_VERSION:=4.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://ingles.homeunix.net/software/ost/latest/
--- /dev/null
+--- a/ost_main.c
++++ b/ost_main.c
+@@ -788,7 +788,7 @@ void Hup_Handler(int sig)
+ int main(int argc, char *argv[])
+ {
+ int i, listen_sock, clnt_sock, success;
+- size_t struct_len;
++ socklen_t struct_len;
+ char hash_out_buf[HASH_TEXT_SIZE]; /* for debug output */
+ #if HAVE_SIGACTION
+ struct sigaction sigact;
-# Copyright 2017-2023 MOSSDeF, Stan Grishin (stangri@melmac.ca)
-# This is free software, licensed under the GNU General Public License v3.
+# Copyright 2017-2024 MOSSDeF, Stan Grishin (stangri@melmac.ca).
+# This is free software, licensed under AGPL-3.0-or-later.
include $(TOPDIR)/rules.mk
PKG_NAME:=pbr
-PKG_VERSION:=1.1.4
-PKG_RELEASE:=16
+PKG_VERSION:=1.1.7
+PKG_RELEASE:=7
PKG_LICENSE:=AGPL-3.0-or-later
PKG_MAINTAINER:=Stan Grishin <stangri@melmac.ca>
CATEGORY:=Network
SUBMENU:=Routing and Redirection
TITLE:=Policy Based Routing Service
- URL:=https://docs.openwrt.melmac.net/pbr/
+ URL:=https://github.com/stangri/pbr/
DEPENDS:=+ip-full +jshn +jsonfilter +resolveip
DEPENDS+=+!BUSYBOX_DEFAULT_AWK:gawk
DEPENDS+=+!BUSYBOX_DEFAULT_GREP:grep
DEPENDS+=+!BUSYBOX_DEFAULT_SED:sed
- CONFLICTS:=vpnbypass vpn-policy-routing
PROVIDES:=pbr
PKGARCH:=all
endef
DEPENDS+=+kmod-nft-core +kmod-nft-nat +nftables-json
VARIANT:=nftables
DEFAULT_VARIANT:=1
- PROVIDES+=vpnbypass vpn-policy-routing
-endef
-
-define Package/pbr-iptables
-$(call Package/pbr/default)
- TITLE+= with iptables/ipset support
- DEPENDS+=+ipset +iptables +kmod-ipt-ipset +iptables-mod-ipopt
- VARIANT:=iptables
endef
define Package/pbr-netifd
$(call Package/pbr/default)
- TITLE+= with netifd support
+ TITLE+= with nft/nft set and netifd support
VARIANT:=netifd
endef
define Package/pbr/description
$(call Package/pbr/default/description)
- This version supports OpenWrt with both firewall3/ipset/iptables and firewall4/nft.
-endef
-
-define Package/pbr-iptables/description
- $(call Package/pbr/default/description)
- This version supports OpenWrt with firewall3/ipset/iptables.
+ This version supports OpenWrt (23.05 and newer) with firewall4/nft.
endef
define Package/pbr-netifd/description
$(call Package/pbr/default/description)
- This version supports OpenWrt with both firewall3/ipset/iptables and firewall4/nft.
- This version uses OpenWrt native netifd/tables to set up interfaces. This is WIP.
+ This version supports OpenWrt with (23.05 and newer) firewall4/nft.
+ This version uses OpenWrt native netifd/tables to set up interfaces. This is a WIP.
endef
define Package/pbr/default/conffiles
endef
Package/pbr/conffiles = $(Package/pbr/default/conffiles)
-Package/pbr-iptables/conffiles = $(Package/pbr/default/conffiles)
Package/pbr-netifd/conffiles = $(Package/pbr/default/conffiles)
define Build/Configure
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/etc/init.d/pbr $(1)/etc/init.d/pbr
$(SED) "s|^\(readonly PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" $(1)/etc/init.d/pbr
- $(INSTALL_DIR) $(1)/etc/uci-defaults
- $(INSTALL_BIN) ./files/etc/uci-defaults/90-pbr $(1)/etc/uci-defaults/90-pbr
- $(INSTALL_DIR) $(1)/usr/share/pbr
- $(INSTALL_DATA) ./files/usr/share/pbr/.keep $(1)/usr/share/pbr/.keep
- $(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.aws $(1)/usr/share/pbr/pbr.user.aws
- $(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.netflix $(1)/usr/share/pbr/pbr.user.netflix
- $(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.wg_server_and_client $(1)/usr/share/pbr/pbr.user.wg_server_and_client
-endef
-# $(INSTALL_DIR) $(1)/etc/hotplug.d/iface
-# $(INSTALL_DATA) ./files/etc/hotplug.d/iface/70-pbr $(1)/etc/hotplug.d/iface/70-pbr
-
-define Package/pbr/install
-$(call Package/pbr/default/install,$(1))
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/etc/config/pbr $(1)/etc/config/pbr
$(INSTALL_DIR) $(1)/usr/share/pbr
+ $(INSTALL_DATA) ./files/usr/share/pbr/.keep $(1)/usr/share/pbr/.keep
$(INSTALL_DATA) ./files/usr/share/pbr/firewall.include $(1)/usr/share/pbr/firewall.include
+ $(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.aws $(1)/usr/share/pbr/pbr.user.aws
+ $(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.netflix $(1)/usr/share/pbr/pbr.user.netflix
$(INSTALL_DIR) $(1)/usr/share/nftables.d
$(CP) ./files/usr/share/nftables.d/* $(1)/usr/share/nftables.d/
$(INSTALL_DIR) $(1)/etc/uci-defaults
- $(INSTALL_BIN) ./files/etc/uci-defaults/91-pbr-nft $(1)/etc/uci-defaults/91-pbr-nft
+ $(INSTALL_BIN) ./files/etc/uci-defaults/90-pbr $(1)/etc/uci-defaults/90-pbr
endef
-define Package/pbr-iptables/install
+define Package/pbr/install
$(call Package/pbr/default/install,$(1))
- $(INSTALL_DIR) $(1)/etc/hotplug.d/firewall
- $(INSTALL_DATA) ./files/etc/hotplug.d/firewall/70-pbr $(1)/etc/hotplug.d/firewall/70-pbr
- $(INSTALL_DIR) $(1)/etc/config
- $(INSTALL_CONF) ./files/etc/config/pbr.iptables $(1)/etc/config/pbr
$(INSTALL_DIR) $(1)/etc/uci-defaults
- $(INSTALL_BIN) ./files/etc/uci-defaults/91-pbr-iptables $(1)/etc/uci-defaults/91-pbr-iptables
+ $(INSTALL_BIN) ./files/etc/uci-defaults/91-pbr-nft $(1)/etc/uci-defaults/91-pbr-nft
endef
define Package/pbr-netifd/install
$(call Package/pbr/default/install,$(1))
- $(INSTALL_DIR) $(1)/etc/config
- $(INSTALL_CONF) ./files/etc/config/pbr $(1)/etc/config/pbr
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_BIN) ./files/etc/uci-defaults/91-pbr-netifd $(1)/etc/uci-defaults/91-pbr-netifd
endef
exit 0
endef
-define Package/pbr-iptables/postinst
- #!/bin/sh
- # check if we are on real system
- if [ -z "$${IPKG_INSTROOT}" ]; then
- echo -n "Installing rc.d symlink for pbr-iptables... "
- /etc/init.d/pbr enable && echo "OK" || echo "FAIL"
- fi
- exit 0
-endef
-
-define Package/pbr-iptables/prerm
- #!/bin/sh
- # check if we are on real system
- if [ -z "$${IPKG_INSTROOT}" ]; then
- uci -q delete firewall.pbr || true
- echo -n "Stopping pbr-iptables service... "
- /etc/init.d/pbr stop quiet >/dev/null 2>&1 && echo "OK" || echo "FAIL"
- echo -n "Removing rc.d symlink for pbr-iptables... "
- /etc/init.d/pbr disable && echo "OK" || echo "FAIL"
- fi
- exit 0
-endef
-
define Package/pbr-netifd/postinst
#!/bin/sh
# check if we are on real system
else
echo "FAIL"
fi
-
+ fi
+ exit 0
+endef
+
+define Package/pbr-netifd/postrm
+ #!/bin/sh
+ # check if we are on real system
+ if [ -z "$${IPKG_INSTROOT}" ]; then
+ fw4 -q reload || true
fi
exit 0
endef
$(eval $(call BuildPackage,pbr))
-$(eval $(call BuildPackage,pbr-iptables))
-#$(eval $(call BuildPackage,pbr-netifd))
+# $(eval $(call BuildPackage,pbr-netifd))
--- /dev/null
+# README
+
+Documentation for this project is available at [https://docs.openwrt.melmac.net/pbr/](https://docs.openwrt.melmac.net/pbr/).
+
list resolver_instance '*'
option ipv6_enabled '0'
list ignored_interface 'vpnserver'
- option nft_file_support '0'
option boot_timeout '30'
option rule_create_option 'add'
option procd_boot_delay '0'
option procd_reload_delay '1'
option webui_show_ignore_target '0'
+ option nft_rule_counter '0'
option nft_set_auto_merge '1'
- option nft_set_counter '1'
+ option nft_set_counter '0'
option nft_set_flags_interval '1'
option nft_set_flags_timeout '0'
option nft_set_gc_interval ''
option path '/usr/share/pbr/pbr.user.netflix'
option enabled '0'
-config include
- option path '/usr/share/pbr/pbr.user.wg_server_and_client'
+config dns_policy
+ option name 'Redirect Local IP DNS'
+ option src_addr '192.168.1.5'
+ option dest_dns '1.1.1.1'
option enabled '0'
config policy
--- /dev/null
+config pbr 'config'
+ option enabled '0'
+ option verbosity '2'
+ option strict_enforcement '1'
+ option resolver_set 'dnsmasq.ipset'
+ list resolver_instance '*'
+ option ipv6_enabled '0'
+ list ignored_interface 'vpnserver'
+ option boot_timeout '30'
+ option rule_create_option 'add'
+ option procd_boot_delay '0'
+ option procd_reload_delay '1'
+ option webui_show_ignore_target '0'
+ list webui_supported_protocol 'all'
+ list webui_supported_protocol 'tcp'
+ list webui_supported_protocol 'udp'
+ list webui_supported_protocol 'tcp udp'
+ list webui_supported_protocol 'icmp'
+
+config include
+ option path '/usr/share/pbr/pbr.user.aws'
+ option enabled 0
+
+config include
+ option path '/usr/share/pbr/pbr.user.netflix'
+ option enabled 0
+
+config include
+ option path '/usr/share/pbr/pbr.user.wg_server_and_client'
+ option enabled 0
+
+config policy
+ option name 'Plex/Emby Local Server'
+ option interface 'wan'
+ option src_port '8096 8920 32400'
+ option enabled '0'
+
+config policy
+ option name 'Plex/Emby Remote Servers'
+ option interface 'wan'
+ option dest_addr 'plex.tv my.plexapp.com emby.media app.emby.media tv.emby.media'
+ option enabled '0'
+
+config policy
+ option name 'WireGuard Server'
+ option interface 'wan'
+ option src_port '51820'
+ option chain 'OUTPUT'
+ option proto 'udp'
+ option enabled '0'
#!/bin/sh /etc/rc.common
-# Copyright 2020-2023 MOSSDeF, Stan Grishin (stangri@melmac.ca)
-# shellcheck disable=SC2018,SC2019,SC3043,SC3057,SC3060
+# Copyright 2020-2024 MOSSDeF, Stan Grishin (stangri@melmac.ca)
+# shellcheck disable=SC2018,SC2019,SC2034,SC3043,SC3057,SC3060
# sysctl net.ipv4.conf.default.rp_filter=1
# sysctl net.ipv4.conf.all.rp_filter=1
# shellcheck disable=SC2034
USE_PROCD=1
-#!/bin/sh
-# Copyright 2023 MOSSDeF, Stan Grishin (stangri@melmac.ca)
-# shellcheck disable=SC2018,SC2019,SC2034,SC3043,SC3057,SC3060
+[ -n "${IPKG_INSTROOT}" ] && return 0
readonly packageName='pbr'
readonly PKG_VERSION='dev-test'
+readonly packageCompat='7'
readonly serviceName="$packageName $PKG_VERSION"
-readonly serviceTrapSignals='exit SIGHUP SIGQUIT SIGKILL'
readonly packageConfigFile="/etc/config/${packageName}"
readonly packageLockFile="/var/run/${packageName}.lock"
readonly dnsmasqFileDefault="/var/dnsmasq.d/${packageName}"
readonly _WARNING_='\033[0;33mWARNING\033[0m'
readonly ip_full='/usr/libexec/ip-full'
# shellcheck disable=SC2155
-readonly ip_bin="$(command -v ip)"
-readonly ipTablePrefix='pbr'
-# shellcheck disable=SC2155
-readonly iptables="$(command -v iptables)"
-# shellcheck disable=SC2155
-readonly ip6tables="$(command -v ip6tables)"
-# shellcheck disable=SC2155
-readonly ipset="$(command -v ipset)"
-readonly ipsPrefix='pbr'
-readonly iptPrefix='PBR'
+readonly ipTablePrefix="$packageName"
# shellcheck disable=SC2155
readonly agh="$(command -v AdGuardHome)"
-readonly aghConfigFile='/etc/adguardhome.yaml'
-readonly aghIpsetFile="/var/run/${packageName}.adguardhome.ipsets"
# shellcheck disable=SC2155
readonly nft="$(command -v nft)"
readonly nftIPv4Flag='ip'
readonly nftIPv6Flag='ip6'
readonly nftTempFile="/var/run/${packageName}.nft"
readonly nftPermFile="/usr/share/nftables.d/ruleset-post/30-${packageName}.nft"
-readonly nftPrefix='pbr'
+readonly nftPrefix="$packageName"
readonly nftTable='fw4'
readonly chainsList='forward input output postrouting prerouting'
readonly ssConfigFile='/etc/shadowsocks'
icmp_interface=
ignored_interface=
ipv6_enabled=
-nft_file_support=
nft_user_set_policy=
nft_user_set_counter=
procd_boot_delay=
procd_reload_delay=
-procd_lan_interface=
procd_wan_ignore_status=
procd_wan_interface=
procd_wan6_interface=
resolver_set=
resolver_instance=
-rule_create_option=
-secure_reload=
strict_enforcement=
supported_interface=
verbosity=
wan_ip_rules_priority=
wan_mark=
+nft_rule_counter=
nft_set_auto_merge=
nft_set_counter=
nft_set_flags_interval=
nft_set_timeout=
# run-time
+aghConfigFile='/etc/AdGuardHome/AdGuardHome.yaml'
gatewaySummary=
errorSummary=
warningSummary=
wanGW4=
wanGW6=
serviceStartTrigger=
+processDnsPolicyError=
processPolicyError=
processPolicyWarning=
resolver_set_supported=
policy_routing_nft_prev_param4=
policy_routing_nft_prev_param6=
+nft_rule_params=
nft_set_params=
torDnsPort=
torTrafficPort=
output_okbn() { output 1 "$_OKB_\\n"; output 2 "$__OKB__\\n"; }
output_fail() { output 1 "$_FAIL_"; output 2 "$__FAIL__\\n"; }
output_failn() { output 1 "$_FAIL_\\n"; output 2 "$__FAIL__\\n"; }
+str_contains() { [ -n "$1" ] && [ -n "$2" ] && [ "${1//$2}" != "$1" ]; }
+str_contains_word() { echo "$1" | grep -q -w "$2"; }
+str_extras_to_underscore() { echo "$1" | tr '[\. ~`!@#$%^&*()\+/,<>?//;:]' '_'; }
+str_extras_to_space() { echo "$1" | tr ',;{}' ' '; }
+str_first_value_interface() { local i; for i in $1; do is_supported_interface "$i" && { echo "$i"; break; }; done; }
+str_first_value_ipv4() { local i; for i in $1; do is_ipv4 "$i" && { echo "$i"; break; }; done; }
+str_first_value_ipv6() { local i; for i in $1; do is_ipv6 "$i" && { echo "$i"; break; }; done; }
+str_first_word() { echo "${1%% *}"; }
# shellcheck disable=SC2317
str_replace() { printf "%b" "$1" | sed -e "s/$(printf "%b" "$2")/$(printf "%b" "$3")/g"; }
str_replace() { echo "${1//$2/$3}"; }
-str_contains() { [ -n "$1" ] && [ -n "$2" ] && [ "${1//$2}" != "$1" ]; }
-str_contains_word() { echo "$1" | grep -q -w "$2"; }
+str_to_dnsmsaq_nftset() { echo "$1" | tr ' ' '/'; }
str_to_lower() { echo "$1" | tr 'A-Z' 'a-z'; }
str_to_upper() { echo "$1" | tr 'a-z' 'A-Z'; }
-str_extras_to_underscore() { echo "$1" | tr '[\. ~`!@#$%^&*()\+/,<>?//;:]' '_'; }
-str_extras_to_space() { echo "$1" | tr ';{}' ' '; }
-debug() { local i j; for i in "$@"; do eval "j=\$$i"; echo "${i}: ${j} "; done; }
+debug() { local i j; for i in "$@"; do eval "j=\$$i"; logger "${packageName:+-t $packageName}" "${i}: ${j} "; done; }
quiet_mode() {
case "$1" in
on) verbosity=0;;
if [ -z "$verbosity" ] && [ -n "$packageName" ]; then
verbosity="$(uci_get "$packageName" 'config' 'verbosity' '2')"
fi
- if [ $# -ne 1 ] && is_integer "$1"; then
- if [ $((verbosity & $1)) -gt 0 ] || [ "$verbosity" = "$1" ]; then shift; text="$*"; else return 0; fi
+ if [ "$#" -ne '1' ] && is_integer "$1"; then
+ if [ "$((verbosity & $1))" -gt '0' ] || [ "$verbosity" = "$1" ]; then shift; text="$*"; else return 0; fi
fi
text="${text:-$*}";
[ -t 1 ] && printf "%b" "$text"
msg="${text//$serviceName /service }";
- if [ "$(printf "%b" "$msg" | wc -l)" -gt 0 ]; then
+ if [ "$(printf "%b" "$msg" | wc -l)" -gt '0' ]; then
[ -s "$sharedMemoryOutput" ] && memmsg="$(cat "$sharedMemoryOutput")"
logmsg="$(printf "%b" "${memmsg}${msg}" | sed 's/\x1b\[[0-9;]*m//g')"
logger -t "${packageName:-service} [$$]" "$(printf "%b" "$logmsg")"
network_get_gateway gw "$iface" true
if [ -z "$gw" ] || [ "$gw" = '0.0.0.0' ]; then
# gw="$(ubus call "network.interface.${iface}" status | jsonfilter -e "@.route[0].nexthop")"
- gw="$($ip_bin -4 a list dev "$dev" 2>/dev/null | grep inet | awk '{print $2}' | awk -F "/" '{print $1}')"
+ gw="$(ip -4 a list dev "$dev" 2>/dev/null | grep inet | awk '{print $2}' | awk -F "/" '{print $1}')"
fi
eval "$1"='$gw'
}
local iface="$2" dev="$3" gw
network_get_gateway6 gw "$iface" true
if [ -z "$gw" ] || [ "$gw" = '::/0' ] || [ "$gw" = '::0/0' ] || [ "$gw" = '::' ]; then
- gw="$($ip_bin -6 a list dev "$dev" 2>/dev/null | grep inet6 | grep 'scope global' | awk '{print $2}')"
+ gw="$(ip -6 a list dev "$dev" 2>/dev/null | grep inet6 | grep 'scope global' | awk '{print $2}')"
fi
eval "$1"='$gw'
}
+filter_options() {
+ local opt="$1" value="$2"
+ local i _ret=
+
+ case "$opt" in
+ phys_dev)
+ for i in $value; do
+ if is_phys_dev "$i"; then
+ _ret="${_ret:+$_ret }$i"
+ fi
+ done
+ ;;
+ phys_dev_negative)
+ for i in $value; do
+ if is_negation "$i" && is_phys_dev "${i:1}"; then
+ _ret="${_ret:+$_ret }$i"
+ fi
+ done
+ ;;
+ mac_address)
+ for i in $value; do
+ if is_mac_address "$i"; then
+ _ret="${_ret:+$_ret }$i"
+ fi
+ done
+ ;;
+ mac_address_negative)
+ for i in $value; do
+ if is_negation "$i" && is_mac_address "${i:1}"; then
+ _ret="${_ret:+$_ret }$i"
+ fi
+ done
+ ;;
+ domain)
+ for i in $value; do
+ if is_domain "$i"; then
+ _ret="${_ret:+$_ret }$i"
+ fi
+ done
+ ;;
+ domain_negative)
+ for i in $value; do
+ if is_negation "$i" && is_domain "${i:1}"; then
+ _ret="${_ret:+$_ret }$i"
+ fi
+ done
+ ;;
+ ipv4)
+ for i in $value; do
+ if is_ipv4 "$i" || is_ipv4_netmask "$i"; then
+ _ret="${_ret:+$_ret }$i"
+ fi
+ done
+ ;;
+ ipv4_negative)
+ for i in $value; do
+ if is_negation "$i" && { is_ipv4 "${i:1}" || is_ipv4_netmask "${i:1}"; }; then
+ _ret="${_ret:+$_ret }$i"
+ fi
+ done
+ ;;
+ ipv6)
+ for i in $value; do
+ if is_ipv6 "$i"; then
+ _ret="${_ret:+$_ret }$i"
+ fi
+ done
+ ;;
+ ipv6_negative)
+ for i in $value; do
+ if is_negation "$i" && is_ipv6 "${i:1}"; then
+ _ret="${_ret:+$_ret }$i"
+ fi
+ done
+ ;;
+ none)
+ :
+ ;;
+ *)
+ echo ''
+ return 1
+ ;;
+ esac
+ echo "$_ret"
+ return 0
+}
+inline_set() {
+ local value="$1" inline_set i
+ for i in $value; do
+ [ "${i:0:1}" = "!" ] && i=${i:1}
+ [ "${i:0:1}" = "@" ] && i=${i:1}
+ inline_set="${inline_set:+$inline_set, }$i"
+ done
+ echo "$inline_set"
+}
# shellcheck disable=SC2016
is_bad_user_file_nft_call() { grep -q '"\$nft" list' "$1" || grep '"\$nft" -f' "$1";}
is_config_enabled() {
- _check_config() { local en; config_get_bool en "$1" 'enabled' 1; [ "$en" -gt 0 ] && _cfg_enabled=0; }
+# shellcheck disable=SC2317
+ _check_config() { local en; config_get_bool en "$1" 'enabled' '1'; [ "$en" -gt '0' ] && _cfg_enabled=0; }
local cfg="$1" _cfg_enabled=1
[ -n "$1" ] || return 1
config_load "$packageName"
config_foreach _check_config "$cfg"
return "$_cfg_enabled"
}
+# shellcheck disable=SC2317
uci_get_device() { uci_get 'network' "$1" 'device' || uci_get 'network' "$1" 'dev'; }
uci_get_protocol() { uci_get 'network' "$1" 'proto'; }
-is_default_dev() { [ "$1" = "$($ip_bin -4 r | grep -m1 'dev' | grep -Eso 'dev [^ ]*' | awk '{print $2}')" ]; }
+is_default_dev() { [ "$1" = "$(ip -4 r | grep -m1 'dev' | grep -Eso 'dev [^ ]*' | awk '{print $2}')" ]; }
+is_disabled_interface() { [ "$(uci_get 'network' "$1" 'disabled')" = '1' ]; }
is_domain() { ! is_ipv6 "$1" && str_contains "$1" '[a-zA-Z]'; }
is_dslite() { local p; network_get_protocol p "$1"; [ "${p:0:6}" = "dslite" ]; }
is_family_mismatch() { ( is_ipv4_netmask "${1//!}" && is_ipv6 "${2//!}" ) || ( is_ipv6 "${1//!}" && is_ipv4_netmask "${2//!}" ); }
is_greater() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"; }
-is_greater_or_equal() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" = "$2"; }
+is_greater_or_equal() { test "$(printf '%s\n' "$@" | sort -V | head -n '1')" = "$2"; }
is_ignored_interface() { str_contains_word "$ignored_interface" "$1"; }
is_ignore_target() { [ "$(str_to_lower "$1")" = 'ignore' ]; }
is_integer() {
(*) return 0;;
esac
}
-is_ipset_type_supported() { ipset help hash:"$1" >/dev/null 2>&1; }
-is_nft_mode() { [ -x "$nft" ] && ! str_contains "$resolver_set" 'ipset' && "$nft" list chains inet | grep -q "${nftPrefix}_prerouting"; }
is_ipv4() { expr "$1" : '[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$' >/dev/null; }
is_ipv6() { ! is_mac_address "$1" && str_contains "$1" ':'; }
is_ipv6_global() { [ "${1:0:4}" = '2001' ]; }
is_lan() { local d; network_get_device d "$1"; str_contains "$d" 'br-lan'; }
is_l2tp() { local p; network_get_protocol p "$1"; [ "${p:0:4}" = "l2tp" ]; }
is_mac_address() { expr "$1" : '[0-9a-fA-F][0-9a-fA-F]:[0-9a-fA-F][0-9a-fA-F]:[0-9a-fA-F][0-9a-fA-F]:[0-9a-fA-F][0-9a-fA-F]:[0-9a-fA-F][0-9a-fA-F]:[0-9a-fA-F][0-9a-fA-F]$' >/dev/null; }
+is_negation() { [ "${1:0:1}" = '!' ]; }
is_netifd_table() { grep -q "ip.table.*$1" /etc/config/network; }
is_netifd_table_interface() { local iface="$1"; [ "$(uci_get 'network' "$iface" 'ip4table')" = "${packageName}_${iface%6}" ]; }
is_oc() { local p; network_get_protocol p "$1"; [ "${p:0:11}" = "openconnect" ]; }
is_ovpn() { local d; uci_get_device d "$1"; [ "${d:0:3}" = "tun" ] || [ "${d:0:3}" = "tap" ] || [ -f "/sys/devices/virtual/net/${d}/tun_flags" ]; }
is_ovpn_valid() { local dev_net dev_ovpn; uci_get_device dev_net "$1"; dev_ovpn="$(uci_get 'openvpn' "$1" 'dev')"; [ -n "$dev_net" ] && [ -n "$dev_ovpn" ] && [ "$dev_net" = "$dev_ovpn" ]; }
is_phys_dev() { [ "${1:0:1}" = "@" ] && ip l show | grep -E -q "^\\d+\\W+${1:1}"; }
+is_phys_dev_quick() { [ "${1:0:1}" = "@" ]; }
is_present() { command -v "$1" >/dev/null 2>&1; }
-is_service_running() { if is_nft_mode; then is_service_running_nft; else is_service_running_iptables; fi; }
-is_service_running_iptables() { [ -x "$iptables" ] && "$iptables" -t mangle -L | grep -q "${iptPrefix}_PREROUTING" >/dev/null 2>&1; }
+is_service_running() { is_service_running_nft; }
is_service_running_nft() { [ -x "$nft" ] && [ -n "$(get_mark_nft_chains)" ]; }
is_supported_iface_dev() { local n dev; for n in $ifacesSupported; do network_get_device dev "$n"; [ "$1" = "$dev" ] && return 0; done; return 1; }
is_supported_protocol() { grep -o '^[^#]*' /etc/protocols | grep -w -v '0' | grep . | awk '{print $1}' | grep -q "$1"; }
is_pptp() { local p; network_get_protocol p "$1"; [ "${p:0:4}" = "pptp" ]; }
is_softether() { local d; network_get_device d "$1"; [ "${d:0:4}" = "vpn_" ]; }
-is_supported_interface() { is_lan "$1" && return 1; str_contains_word "$supported_interface" "$1" || { ! is_ignored_interface "$1" && { is_wan "$1" || is_wan6 "$1" || is_tunnel "$1"; }; } || is_ignore_target "$1" || is_xray "$1"; }
+is_supported_interface() { is_lan "$1" && return 1; str_contains_word "$supported_interface" "$1" || { ! is_ignored_interface "$1" && ! is_disabled_interface "$1" && { is_wan "$1" || is_wan6 "$1" || is_tunnel "$1"; }; } || is_ignore_target "$1" || is_xray "$1"; }
is_tailscale() { local d; network_get_device d "$1"; [ "${d:0:9}" = "tailscale" ]; }
is_tor() { [ "$(str_to_lower "$1")" = "tor" ]; }
is_tor_running() {
is_wan() { [ "$1" = "$wanIface4" ] || { [ "${1##wan}" != "$1" ] && [ "${1##wan6}" = "$1" ]; } || [ "${1%%wan}" != "$1" ]; }
is_wan6() { [ -n "$wanIface6" ] && [ "$1" = "$wanIface6" ] || [ "${1/#wan6}" != "$1" ] || [ "${1/%wan6}" != "$1" ]; }
is_wg() { local p lp; network_get_protocol p "$1"; uci_get_listen_port lp "$1"; [ -z "$lp" ] && [ "${p:0:9}" = "wireguard" ]; }
+is_wg_server() { local p lp; network_get_protocol p "$1"; uci_get_listen_port lp "$1"; [ -n "$lp" ] && [ "${p:0:9}" = "wireguard" ]; }
is_xray() { [ -n "$(get_xray_traffic_port "$1")" ]; }
dnsmasq_kill() { killall -q -s HUP dnsmasq; }
dnsmasq_restart() { output 3 'Restarting dnsmasq '; if /etc/init.d/dnsmasq restart >/dev/null 2>&1; then output_okn; else output_failn; fi; }
get_rt_tables_next_id() { echo "$(($(sort -r -n "$rtTablesFile" | grep -o -E -m 1 "^[0-9]+")+1))"; }
get_rt_tables_non_pbr_next_id() { echo "$(($(grep -v "${ipTablePrefix}_" "$rtTablesFile" | sort -r -n | grep -o -E -m 1 "^[0-9]+")+1))"; }
# shellcheck disable=SC2016
-resolveip_to_ipt() { resolveip "$@" | sed -n 'H;${x;s/\n/,/g;s/^,//;p;};d'; }
-resolveip_to_ipt4() { resolveip_to_ipt -4 "$@"; }
-resolveip_to_ipt6() { [ -n "$ipv6_enabled" ] && resolveip_to_ipt -6 "$@"; }
-# shellcheck disable=SC2016
-resolveip_to_nftset() { resolveip "$@" | sed -n 'H;${x;s/\n/,/g;s/^,//;p;};d' | tr '\n' ' '; }
+resolveip_to_nftset() { resolveip "$@" | sed -n 'H;${x;s/\n/,/g;s/^,//;p;};d'; }
resolveip_to_nftset4() { resolveip_to_nftset -4 "$@"; }
resolveip_to_nftset6() { [ -n "$ipv6_enabled" ] && resolveip_to_nftset -6 "$@"; }
# shellcheck disable=SC2016
# shellcheck disable=SC2016
ipv6_leases_to_nftset() { [ -s '/tmp/hosts/odhcpd' ] || return 1; grep -v '^#' '/tmp/hosts/odhcpd' | grep "$1" | awk '{print $1}' | sed -n 'H;${x;s/\n/,/g;s/^,//;p;};d' | tr '\n' ' '; }
# shellcheck disable=SC3037
-ports_to_nftset() { echo -ne "$1"; }
-get_mark_ipt_chains() { [ -n "$(command -v iptables-save)" ] && iptables-save | grep ":${iptPrefix}_MARK_" | awk '{ print $1 }' | sed 's/://'; }
+ports_to_nftset() { echo -en "$1"; }
get_mark_nft_chains() { [ -x "$nft" ] && "$nft" list table inet "$nftTable" 2>/dev/null | grep chain | grep "${nftPrefix}_mark_" | awk '{ print $2 }'; }
-get_ipsets() { [ -x "$(command -v ipset)" ] && ipset list | grep "${ipsPrefix}_" | awk '{ print $2 }'; }
get_nft_sets() { [ -x "$nft" ] && "$nft" list table inet "$nftTable" 2>/dev/null | grep 'set' | grep "${nftPrefix}_" | awk '{ print $2 }'; }
__ubus_get() { ubus call service list "{ 'name': '$packageName' }" | jsonfilter -e "$1"; }
ubus_get_status() { __ubus_get "@.${packageName}.instances.main.data.status.${1}"; }
# luci app specific
is_enabled() { uci_get "$1" 'config' 'enabled'; }
-is_running_iptables() { iptables -t mangle -L | grep -q PBR_PREROUTING >/dev/null 2>&1; }
is_running_nft_file() { [ -s "$nftPermFile" ]; }
is_running_nft() { "$nft" list table inet fw4 | grep chain | grep -q pbr_mark_ >/dev/null 2>&1; }
-is_running() { is_running_iptables || is_running_nft; }
-check_ipset() { { [ -n "$ipset" ] && "$ipset" help hash:net; } >/dev/null 2>&1; }
-check_nft() { [ -n "$nft" ]; }
-check_agh() { [ -n "$agh" ] && [ -s "$aghConfigFile" ]; }
+check_nft() { [ -x "$nft" ]; }
+check_agh() { [ -x "$agh" ] && { [ -s "$aghConfigFile" ] || [ -s "${agh%/*}/AdGuardHome.yaml" ]; }; }
check_dnsmasq() { command -v dnsmasq >/dev/null 2>&1; }
check_unbound() { command -v unbound >/dev/null 2>&1; }
-check_agh_ipset() {
- check_ipset || return 1
- check_agh || return 1
- is_greater_or_equal "$($agh --version | sed 's|AdGuard Home, version v\(.*\)|\1|' | sed 's|-.*||')" '0.107.13'
-}
-check_dnsmasq_ipset() {
- local o;
- check_ipset || return 1
- check_dnsmasq || return 1
- o="$(dnsmasq -v 2>/dev/null)"
- ! echo "$o" | grep -q 'no-ipset' && echo "$o" | grep -q 'ipset'
-}
check_dnsmasq_nftset() {
local o;
check_nft || return 1
}
print_json_bool() { json_init; json_add_boolean "$1" "$2"; json_dump; json_cleanup; }
print_json_string() { json_init; json_add_string "$1" "$2"; json_dump; json_cleanup; }
+try() {
+ if ! "$@" >/dev/null 2>&1; then
+ state add 'errorSummary' 'errorTryFailed' "$*"
+ return 1
+ fi
+}
if type extra_command >/dev/null 2>&1; then
extra_command 'status' "Generates output required to troubleshoot routing issues
case "$1" in
errorConfigValidation) r="Config ($packageConfigFile) validation failure!";;
errorNoIpFull) r="ip-full binary cannot be found!";;
- errorNoIptables) r="iptables binary cannot be found!";;
- errorNoIpset) r="Resolver set support (${resolver_set}) requires ipset, but ipset binary cannot be found!";;
errorNoNft) r="Resolver set support (${resolver_set}) requires nftables, but nft binary cannot be found!";;
errorResolverNotSupported) r="Resolver set (${resolver_set}) is not supported on this system!";;
errorServiceDisabled) r="The ${packageName} service is currently disabled!";;
errorNoWanGateway) r="The ${serviceName} service failed to discover WAN gateway!";;
errorNoWanInterface) r="The %s inteface not found, you need to set the 'pbr.config.procd_wan_interface' option!";;
errorNoWanInterfaceHint) r="Refer to https://docs.openwrt.melmac.net/pbr/#procd_wan_interface.";;
- errorIpsetNameTooLong) r="The ipset name '%s' is longer than allowed 31 characters!";;
errorNftsetNameTooLong) r="The nft set name '%s' is longer than allowed 255 characters!";;
errorUnexpectedExit) r="Unexpected exit or service termination: '%s'!";;
errorPolicyNoSrcDest) r="Policy '%s' has no source/destination parameters!";;
errorPolicyNoInterface) r="Policy '%s' has no assigned interface!";;
+ errorPolicyNoDns) r="Policy '%s' has no assigned DNS!";;
+ errorPolicyProcessNoInterfaceDns) r="Interface '%s' has no assigned DNS!";;
errorPolicyUnknownInterface) r="Policy '%s' has an unknown interface!";;
errorPolicyProcessCMD) r="'%s'!";;
errorFailedSetup) r="Failed to set up '%s'!";;
errorDownloadUrl) r="Failed to download '%s'!";;
errorNoDownloadWithSecureReload) r="Policy '%s' refers to URL which can't be downloaded in 'secure_reload' mode!";;
errorFileSchemaRequiresCurl) r="The file:// schema requires curl, but it's not detected on this system!";;
+ errorIncompatibleUserFile) r="Incompatible custom user file detected '%s'!";;
warningInvalidOVPNConfig) r="Invalid OpenVPN config for '%s' interface.";;
warningResolverNotSupported) r="Resolver set (${resolver_set}) is not supported on this system.";;
- warningAGHVersionTooLow) r="Installed AdGuardHome ('%s') doesn't support 'ipset_file' option.";;
warningPolicyProcessCMD) r="'%s'";;
warningTorUnsetParams) r="Please unset 'src_addr', 'src_port' and 'dest_port' for policy '%s'.";;
warningTorUnsetProto) r="Please unset 'proto' or set 'proto' to 'all' for policy '%s'.";;
- warningTorUnsetChainIpt) r="Please unset 'chain' or set 'chain' to 'PREROUTING' for policy '%s'.";;
warningTorUnsetChainNft) r="Please unset 'chain' or set 'chain' to 'prerouting' for policy '%s'.";;
warningOutdatedWebUIApp) r="The WebUI application is outdated (version %s), please update it.";;
warningBadNftCallsInUserFile) r="Incompatible nft calls detected in user include file, disabling fw4 nft file support.";;
- warningDnsmasqInstanceNoConfdir) r="Dnsmasq instance (%s) targeted in settings, but it doesn't have its own confdir.";;
+ warningDnsmasqInstanceNoConfdir) r="Dnsmasq instance '%s' targeted in settings, but it doesn't have its own confdir.";;
esac
echo "$r"
}
unset dl_https_supported
fi
while [ -z "$dl_temp_file" ] || [ -e "$dl_temp_file" ]; do
- dl_temp_file="$(mktemp -u -q -t ${packageName}_tmp.XXXXXXXX)"
+ dl_temp_file="$(mktemp -u -q -t "${packageName}_tmp.XXXXXXXX")"
done
if is_url_file "$url" && ! is_present 'curl'; then
state add 'errorSummary' 'errorFileSchemaRequiresCurl' "$url"
}
load_package_config() {
- _check_user_files_for_bad_nft_calls() {
- local cfg="$1"
- local en path
- config_get_bool en "$cfg" 'enabled' 1
- config_get path "$cfg" 'path'
- [ "$en" -eq 0 ] && return 0
- [ -z "$path" ] && return 0
- [ -s "$path" ] || return 0
- is_bad_user_file_nft_call "$path" && user_file_check_result='bad'
- }
local param="$1"
local user_file_check_result i
config_load "$packageName"
config_get icmp_interface 'config' 'icmp_interface'
config_get ignored_interface 'config' 'ignored_interface'
config_get_bool ipv6_enabled 'config' 'ipv6_enabled' '0'
- config_get_bool nft_file_support 'config' 'nft_file_support' '1'
+ config_get_bool nft_rule_counter 'config' 'nft_rule_counter' '0'
config_get_bool nft_set_auto_merge 'config' 'nft_set_auto_merge' '1'
- config_get_bool nft_set_counter 'config' 'nft_set_counter' '1'
+ config_get_bool nft_set_counter 'config' 'nft_set_counter' '0'
config_get_bool nft_set_flags_interval 'config' 'nft_set_flags_interval' '1'
config_get_bool nft_set_flags_timeout 'config' 'nft_set_flags_timeout' '0'
config_get nft_set_gc_interval 'config' 'nft_set_gc_interval'
config_get nft_set_timeout 'config' 'nft_set_timeout'
config_get resolver_set 'config' 'resolver_set'
config_get resolver_instance 'config' 'resolver_instance' '*'
- config_get rule_create_option 'config' 'rule_create_option' 'add'
- config_get_bool secure_reload 'config' 'secure_reload' '0'
config_get_bool strict_enforcement 'config' 'strict_enforcement' '1'
config_get supported_interface 'config' 'supported_interface'
config_get verbosity 'config' 'verbosity' '2'
config_get procd_boot_delay 'config' 'procd_boot_delay' '0'
config_get procd_boot_timeout 'config' 'procd_boot_timeout' '30'
- config_get procd_lan_interface 'config' 'procd_lan_interface'
config_get procd_wan_ignore_status 'config' 'procd_wan_ignore_status' '0'
config_get procd_wan_interface 'config' 'procd_wan_interface' 'wan'
config_get procd_wan6_interface 'config' 'procd_wan6_interface' 'wan6'
config_get wan_mark 'config' 'wan_mark' '010000'
fw_mask="0x${fw_mask}"
wan_mark="0x${wan_mark}"
- [ -n "$ipv6_enabled" ] && [ "$ipv6_enabled" -eq 0 ] && unset ipv6_enabled
- [ -n "$nft_file_support" ] && [ "$nft_file_support" -eq 0 ] && unset nft_file_support
- [ -n "$nft_user_set_counter" ] && [ "$nft_user_set_counter" -eq 0 ] && unset nft_user_set_counter
- [ -n "$secure_reload" ] && [ "$secure_reload" -eq 0 ] && unset secure_reload
- config_foreach _check_user_files_for_bad_nft_calls 'include'
- [ -n "$user_file_check_result" ] && unset nft_file_support
- [ -n "$nft_file_support" ] && unset secure_reload
- is_config_enabled 'include' && unset secure_reload
- if is_nft_mode; then
- fw_maskXor="$(printf '%#x' "$((fw_mask ^ 0xffffffff))")"
- fw_maskXor="${fw_maskXor:-0xff00ffff}"
- else
- case $rule_create_option in
- insert|-i|-I) rule_create_option='-I';;
- add|-a|-A|*) rule_create_option='-A';;
- esac
+ if [ -x "$agh" ] && [ ! -s "$aghConfigFile" ]; then
+ [ -s "${agh%/*}/AdGuardHome.yaml" ] && aghConfigFile="${agh%/*}/AdGuardHome.yaml"
fi
+ [ -n "$ipv6_enabled" ] && [ "$ipv6_enabled" -eq '0' ] && unset ipv6_enabled
+ [ -n "$nft_user_set_counter" ] && [ "$nft_user_set_counter" -eq '0' ] && unset nft_user_set_counter
+ fw_maskXor="$(printf '%#x' "$((fw_mask ^ 0xffffffff))")"
+ fw_maskXor="${fw_maskXor:-0xff00ffff}"
+ [ "$nft_rule_counter" != '1' ] && unset nft_rule_counter
[ "$nft_set_auto_merge" != '1' ] && unset nft_set_auto_merge
[ "$nft_set_counter" != '1' ] && unset nft_set_counter
[ "$nft_set_flags_interval" != '1' ] && unset nft_set_flags_interval
fi
fi
fi
+
+ nft_rule_params="${nft_rule_counter:+counter}"
+
nft_set_params=" \
${nft_set_auto_merge:+ auto-merge;} \
${nft_set_counter:+ counter;} \
load_package_config "$param"
case "$param" in
on_start)
- if [ "$enabled" -eq 0 ]; then
+ if [ "$enabled" -eq '0' ]; then
state add 'errorSummary' 'errorServiceDisabled'
return 1
fi
state add 'errorSummary' 'errorConfigValidation'
return 1
fi
- if [ ! -x "$ip_bin" ]; then
- state add 'errorSummary' 'errorNoIpFull'
- return 1
- fi
- if is_nft_mode; then
- if [ "$(uci_get 'firewall' 'defaults' 'auto_includes')" = '0' ]; then
- uci_remove 'firewall' 'defaults' 'auto_includes'
- uci_commit firewall
- fi
- else
- if [ -z "$iptables" ] || [ ! -x "$iptables" ]; then
- state add 'errorSummary' 'errorNoIptables'
- return 1
- fi
+ # TODO: implement ip-full check
+# if [ ! -x ip ]; then
+# state add 'errorSummary' 'errorNoIpFull'
+# return 1
+# fi
+ if [ "$(uci_get 'firewall' 'defaults' 'auto_includes')" = '0' ]; then
+ uci_remove 'firewall' 'defaults' 'auto_includes'
+ uci_commit firewall
fi
;;
on_stop)
}
load_network() {
+# shellcheck disable=SC2317
_build_ifaces_supported() { is_supported_interface "$1" && ! str_contains "$ifacesSupported" "$1" && ifacesSupported="${ifacesSupported}${1} "; }
+# shellcheck disable=SC2317
_find_firewall_wan_zone() { [ "$(uci_get 'firewall' "$1" 'name')" = "wan" ] && firewallWanZone="$1"; }
local i param="$1"
local dev4 dev6
fi
while [ -z "$wanGW" ] ; do
load_network "$param"
- if [ $((sleepCount)) -gt $((procd_boot_timeout)) ] || [ -n "$wanGW" ]; then break; fi
+ if [ "$((sleepCount))" -gt "$((procd_boot_timeout))" ] || [ -n "$wanGW" ]; then break; fi
output "$serviceName waiting for $procd_wan_interface gateway...\\n"
sleep 1
network_flush_cache
fi
}
-# shellcheck disable=SC2086
-ipt4() {
- local d
- [ -x "$iptables" ] || return 1
- for d in "${*//-A/-D}" "${*//-I/-D}" "${*//-N/-F}" "${*//-N/-X}"; do
- [ "$d" != "$*" ] && "$iptables" $d >/dev/null 2>&1
- done
- d="$*"; "$iptables" $d >/dev/null 2>&1
-}
-
-# shellcheck disable=SC2086
-ipt6() {
- local d
- [ -n "$ipv6_enabled" ] || return 0
- [ -x "$ip6tables" ] || return 1
- for d in "${*//-A/-D}" "${*//-I/-D}" "${*//-N/-F}" "${*//-N/-X}"; do
- [ "$d" != "$*" ] && "$ip6tables" $d >/dev/null 2>&1
- done
- d="$*"
- "$ip6tables" $d >/dev/null 2>&1
-}
-
-# shellcheck disable=SC2086
-ipt() {
- local d failFlagIpv4=1 failFlagIpv6=1
- [ -x "$iptables" ] || return 1
- for d in "${*//-A/-D}" "${*//-I/-D}" "${*//-N/-F}" "${*//-N/-X}"; do
- if [ "$d" != "$*" ]; then
- "$iptables" $d >/dev/null 2>&1
- if [ -x "$ip6tables" ]; then
- "$ip6tables" $d >/dev/null 2>&1
- fi
- fi
- done
- d="$*"; "$iptables" $d >/dev/null 2>&1 && failFlagIpv4=0;
- if [ -n "$ipv6_enabled" ] && [ -x "$ip6tables" ]; then
- "$ip6tables" $d >/dev/null 2>&1 && failFlagIpv6=0
- fi
- [ "$failFlagIpv4" -eq 0 ] || [ "$failFlagIpv6" -eq 0 ]
-}
-
-# shellcheck disable=SC2086
-ips4() { [ -x "$ipset" ] && "$ipset" "$@" >/dev/null 2>&1; }
-ips6() { [ -x "$ipset" ] && { if [ -n "$ipv6_enabled" ] && [ -n "$*" ]; then "$ipset" "$@" >/dev/null 2>&1; else return 1; fi; }; }
-ips() {
- local command="$1" iface="$2" target="${3:-dst}" type="${4:-ip}" uid="$5" comment="$6" param="$7" mark="$7"
- local ipset4 ipset6 i
- local ipv4_error=1 ipv6_error=1
- ipset4="${ipsPrefix}${iface:+_$iface}_4${target:+_$target}${type:+_$type}${uid:+_$uid}"
- ipset6="${ipsPrefix}${iface:+_$iface}_6${target:+_$target}${type:+_$type}${uid:+_$uid}"
-
- [ -x "$ipset" ] || return 1
-
- if [ "${#ipset4}" -gt 31 ]; then
- state add 'errorSummary' 'errorIpsetNameTooLong' "$ipset4"
- return 1
- fi
-
- case "$command" in
- add)
- ips4 -q -! add "$ipset4" ["$param"] comment "$comment" && ipv4_error=0
- ips6 -q -! add "$ipset6" ["$param"] comment "$comment" && ipv6_error=0
- ;;
- add_agh_element)
- [ -n "$ipv6_enabled" ] || unset ipset6
- echo "${param}/${ipset4}${ipset6:+,$ipset6}" >> "$aghIpsetFile" && ipv4_error=0
- ;;
- add_dnsmasq_element)
- [ -n "$ipv6_enabled" ] || unset ipset6
- # shellcheck disable=SC2086
- echo "ipset=/${param}/${ipset4}${ipset6:+,$ipset6} # $comment" | tee -a $dnsmasqFileList >/dev/null 2>&1 && ipv4_error=0
- ;;
- create)
- ips4 -q -! create "$ipset4" "hash:$type" comment && ipv4_error=0
- ips6 -q -! create "$ipset6" "hash:$type" comment family inet6 && ipv6_error=0
- ;;
- create_agh_set)
- ips4 -q -! create "$ipset4" "hash:$type" comment && ipv4_error=0
- ips6 -q -! create "$ipset6" "hash:$type" comment family inet6 && ipv6_error=0
- ;;
- create_dnsmasq_set)
- ips4 -q -! create "$ipset4" "hash:$type" comment && ipv4_error=0
- ips6 -q -! create "$ipset6" "hash:$type" comment family inet6 && ipv6_error=0
- ;;
- create_user_set)
- case "$type" in
- ip|net)
- ips4 -q -! create "$ipset4" "hash:$type" comment && ipv4_error=0
- ips6 -q -! create "$ipset6" "hash:$type" comment family inet6 && ipv6_error=0
- case "$target" in
- dst)
- ipt4 -t mangle -A "${iptPrefix}_PREROUTING" -m set --match-set "$ipset4" dst -g "${iptPrefix}_MARK_${mark}" && ipv4_error=0
- ipt6 -t mangle -A "${iptPrefix}_PREROUTING" -m set --match-set "$ipset6" dst -g "${iptPrefix}_MARK_${mark}" && ipv6_error=0
- ;;
- src)
- ipt4 -t mangle -A "${iptPrefix}_PREROUTING" -m set --match-set "$ipset4" src -g "${iptPrefix}_MARK_${mark}" && ipv4_error=0
- ipt6 -t mangle -A "${iptPrefix}_PREROUTING" -m set --match-set "$ipset6" src -g "${iptPrefix}_MARK_${mark}" && ipv6_error=0
- ;;
- esac
- ;;
- mac)
- ips4 -q -! create "$ipset4" "hash:$type" comment && ipv4_error=0
- ips6 -q -! create "$ipset6" "hash:$type" comment family inet6 && ipv4_error=0
- ipt4 -t mangle -A "${iptPrefix}_PREROUTING" -m set --match-set "$ipset4" src -g "${iptPrefix}_MARK_${mark}" && ipv4_error=0
- ipt6 -t mangle -A "${iptPrefix}_PREROUTING" -m set --match-set "$ipset6" src -g "${iptPrefix}_MARK_${mark}" && ipv6_error=0
- ;;
- esac
- ;;
- delete|destroy)
- ips4 -q -! destroy "$ipset4" && ipv4_error=0
- ips6 -q -! destroy "$ipset6" && ipv6_error=0
- ;;
- delete_user_set)
- ips4 -q -! destroy "$ipset4" && ipv4_error=0
- ips6 -q -! destroy "$ipset6" family inet6 && ipv6_error=0
- case "$type" in
- ip|net)
- case "$target" in
- dst)
- ipt4 -t mangle -D "${iptPrefix}_PREROUTING" -m set --match-set "$ipset4" dst -g "${iptPrefix}_MARK_${mark}" && ipv4_error=0
- ipt6 -t mangle -D "${iptPrefix}_PREROUTING" -m set --match-set "$ipset6" dst -g "${iptPrefix}_MARK_${mark}" && ipv6_error=0
- ;;
- src)
- ipt4 -t mangle -D "${iptPrefix}_PREROUTING" -m set --match-set "$ipset4" src -g "${iptPrefix}_MARK_${mark}" && ipv4_error=0
- ipt6 -t mangle -D "${iptPrefix}_PREROUTING" -m set --match-set "$ipset6" src -g "${iptPrefix}_MARK_${mark}" && ipv6_error=0
- ;;
- esac
- ;;
- mac)
- ipt4 -t mangle -D "${iptPrefix}_PREROUTING" -m set --match-set "$ipset4" src -g "${iptPrefix}_MARK_${mark}" && ipv4_error=0
- ipt6 -t mangle -D "${iptPrefix}_PREROUTING" -m set --match-set "$ipset6" src -g "${iptPrefix}_MARK_${mark}" && ipv6_error=0
- ;;
- esac
- ;;
- flush|flush_user_set)
- ips4 -q -! flush "$ipset4" && ipv4_error=0
- ips6 -q -! flush "$ipset6" && ipv6_error=0
- ;;
- esac
- if [ "$ipv4_error" -eq '0' ] || [ "$ipv6_error" -eq '0' ]; then
- return 0
- else
- return 1
- fi
-}
-
nft_call() { [ -x "$nft" ] && "$nft" "$@" >/dev/null 2>&1; }
nft_file() {
local i
[ -x "$nft" ] || return 1
case "$1" in
add|add_command)
- [ -n "$nft_file_support" ] || return 1
shift
grep -q "$*" "$nftTempFile" || echo "$*" >> "$nftTempFile"
;;
for i in "$nftTempFile" "$nftPermFile"; do
mkdir -p "${i%/*}"
done
- [ -n "$nft_file_support" ] || return 1
{ echo '#!/usr/sbin/nft -f'; echo ''; } > "$nftTempFile"
;;
delete|rm|remove)
rm -f "$nftTempFile" "$nftPermFile"
;;
enabled)
- [ -n "$nft_file_support" ] && return 0 || return 1
+ return 0
;;
exists)
[ -s "$nftPermFile" ] && return 0 || return 1
;;
install)
- [ -n "$nft_file_support" ] || return 1
[ -s "$nftTempFile" ] || return 1
output "Installing fw4 nft file "
if nft_call -c -f "$nftTempFile" && \
[ -x "$nft" ] || return 1
- if [ "${#nftset4}" -gt 255 ]; then
+ if [ "${#nftset4}" -gt '255' ]; then
state add 'errorSummary' 'errorNftsetNameTooLong' "$nftset4"
return 1
fi
nft6 add set inet "$nftTable" "$nftset6" "{ type ipv6_addr; $nft_set_params comment \"$comment\"; }" && ipv6_error=0
case "$target" in
dst)
- nft4 add rule inet "$nftTable" "${nftPrefix}_prerouting" "$nftIPv4Flag" daddr "@${nftset4}" goto "${nftPrefix}_mark_${mark}" && ipv4_error=0
- nft6 add rule inet "$nftTable" "${nftPrefix}_prerouting" "$nftIPv6Flag" daddr "@${nftset6}" goto "${nftPrefix}_mark_${mark}" && ipv6_error=0
+ nft4 add rule inet "$nftTable" "${nftPrefix}_prerouting" "${nftIPv4Flag}" daddr "@${nftset4}" "${nft_rule_params}" goto "${nftPrefix}_mark_${mark}" && ipv4_error=0
+ nft6 add rule inet "$nftTable" "${nftPrefix}_prerouting" "${nftIPv6Flag}" daddr "@${nftset6}" "${nft_rule_params}" goto "${nftPrefix}_mark_${mark}" && ipv6_error=0
;;
src)
- nft4 add rule inet "$nftTable" "${nftPrefix}_prerouting" "$nftIPv4Flag" saddr "@${nftset4}" goto "${nftPrefix}_mark_${mark}" && ipv4_error=0
- nft6 add rule inet "$nftTable" "${nftPrefix}_prerouting" "$nftIPv6Flag" saddr "@${nftset6}" goto "${nftPrefix}_mark_${mark}" && ipv6_error=0
+ nft4 add rule inet "$nftTable" "${nftPrefix}_prerouting" "${nftIPv4Flag}" saddr "@${nftset4}" "${nft_rule_params}" goto "${nftPrefix}_mark_${mark}" && ipv4_error=0
+ nft6 add rule inet "$nftTable" "${nftPrefix}_prerouting" "${nftIPv6Flag}" saddr "@${nftset6}" "${nft_rule_params}" goto "${nftPrefix}_mark_${mark}" && ipv6_error=0
;;
esac
;;
mac)
nft4 add set inet "$nftTable" "$nftset4" "{ type ether_addr; $nft_set_params comment \"$comment\"; }" && ipv4_error=0
nft6 add set inet "$nftTable" "$nftset6" "{ type ether_addr; $nft_set_params comment \"$comment\"; }" && ipv6_error=0
- nft4 add rule inet "$nftTable" "${nftPrefix}_prerouting" ether saddr "@${nftset4}" goto "${nftPrefix}_mark_${mark}" && ipv4_error=0
- nft6 add rule inet "$nftTable" "${nftPrefix}_prerouting" ether saddr "@${nftset6}" goto "${nftPrefix}_mark_${mark}" && ipv6_error=0
+ nft4 add rule inet "$nftTable" "${nftPrefix}_prerouting" ether saddr "@${nftset4}" "${nft_rule_params}" goto "${nftPrefix}_mark_${mark}" && ipv4_error=0
+ nft6 add rule inet "$nftTable" "${nftPrefix}_prerouting" ether saddr "@${nftset6}" "${nft_rule_params}" goto "${nftPrefix}_mark_${mark}" && ipv6_error=0
;;
esac
;;
esac
;;
mac)
- nft_call delete rule inet "$nftTable" "${nftPrefix}_prerouting" ether saddr "@${nftset4}" goto "${nftPrefix}_mark_${mark}" && ipv4_error=0
- nft_call delete rule inet "$nftTable" "${nftPrefix}_prerouting" ether saddr "@${nftset6}" goto "${nftPrefix}_mark_${mark}" && ipv6_error=0
+ nft_call delete rule inet "$nftTable" "${nftPrefix}_prerouting" "ether" saddr "@${nftset4}" goto "${nftPrefix}_mark_${mark}" && ipv4_error=0
+ nft_call delete rule inet "$nftTable" "${nftPrefix}_prerouting" "ether" saddr "@${nftset6}" goto "${nftPrefix}_mark_${mark}" && ipv6_error=0
;;
esac
;;
cleanup_rt_tables() {
local i
# shellcheck disable=SC2013
- for i in $(grep -oh "${ipTablePrefix}_.*" $rtTablesFile); do
+ for i in $(grep -oh "${ipTablePrefix}_.*" "$rtTablesFile"); do
! is_netifd_table "$i" && sed -i "/${i}/d" "$rtTablesFile"
done
sync
}
cleanup_main_chains() {
- local i
- for i in $chainsList; do
+ local i j
+ for i in $chainsList dstnat_lan; do
i="$(str_to_lower "$i")"
nft_call flush chain inet "$nftTable" "${nftPrefix}_${i}"
done
- for i in $chainsList; do
- i="$(str_to_upper "$i")"
- ipt -t mangle -D "${i}" -m mark --mark "0x0/${fw_mask}" -j "${iptPrefix}_${i}"
- ipt -t mangle -F "${iptPrefix}_${i}"
- ipt -t mangle -X "${iptPrefix}_${i}"
- done
}
cleanup_marking_chains() {
- local i
+ local i j
for i in $(get_mark_nft_chains); do
nft_call flush chain inet "$nftTable" "$i"
nft_call delete chain inet "$nftTable" "$i"
done
- for i in $(get_mark_ipt_chains); do
- ipt -t mangle -F "$i"
- ipt -t mangle -X "$i"
- done
}
cleanup_sets() {
nft_call flush set inet "$nftTable" "$i"
nft_call delete set inet "$nftTable" "$i"
done
- for i in $(get_ipsets); do
- ipset -q -! flush "$i" >/dev/null 2>&1
- ipset -q -! destroy "$i" >/dev/null 2>&1
- done
}
state() {
resolver() {
local agh_version
- local param="$1"
+ local param="$1" iface="$2" target="$3" type="$4" uid="$5" name="$6" value="$7"
shift
if [ "$param" = 'cleanup_all' ]; then
- sed -i "/ipset_file: ${aghIpsetFile}/d" "$aghConfigFile" >/dev/null 2>&1
- rm -f "$aghIpsetFile"
local dfl
for dfl in $dnsmasqFileList; do
rm -f "$dfl"
store_hash) return 0;;
esac
;;
- adguardhome.ipset)
+ dnsmasq.nftset)
case "$param" in
add_resolver_element)
- [ -n "$resolver_set_supported" ] && ips 'add_agh_element' "$@";;
- create_resolver_set)
- [ -n "$resolver_set_supported" ] && ips 'create_agh_set' "$@";;
- check_support)
- if [ ! -x "$ipset" ]; then
- state add 'errorSummary' 'errorNoIpset'
- return 1
- fi
- if [ -n "$agh" ] && [ -s "$aghConfigFile" ]; then
- agh_version="$($agh --version | sed 's|AdGuard Home, version v\(.*\)|\1|' | sed 's|-.*||')"
- if is_greater_or_equal "$agh_version" '0.107.13'; then
- resolver_set_supported='true'
- return 0
- else
- state add 'warningSummary' 'warningAGHVersionTooLow' "$agh_version"
- return 1
- fi
- else
- state add 'warningSummary' 'warningResolverNotSupported'
- return 1
- fi
- ;;
- cleanup)
- [ -z "$resolver_set_supported" ] && return 0
- rm -f "$aghIpsetFile"
- sed -i "/ipset_file: ${aghIpsetFile}/d" "$aghConfigFile" >/dev/null 2>&1
- ;;
- configure)
- [ -z "$resolver_set_supported" ] && return 1
- mkdir -p "${aghIpsetFile%/*}"
- touch "$aghIpsetFile"
- sed -i '/ipset_file/d' "$aghConfigFile" >/dev/null 2>&1
- sed -i "/ ipset:/a \ \ ipset_file: $aghIpsetFile" "$aghConfigFile"
- ;;
- init) :;;
- init_end) :;;
- kill)
- [ -n "$resolver_set_supported" ] && [ -n "$agh" ] && killall -q -s HUP "$agh";;
- reload)
- [ -z "$resolver_set_supported" ] && return 1
- output 3 'Reloading adguardhome '
- if /etc/init.d/adguardhome reload >/dev/null 2>&1; then
- output_okn
- return 0
- else
- output_failn
- return 1
- fi
- ;;
- restart)
- [ -z "$resolver_set_supported" ] && return 1
- output 3 'Restarting adguardhome '
- if /etc/init.d/adguardhome restart >/dev/null 2>&1; then
- output_okn
- return 0
- else
- output_failn
- return 1
- fi
- ;;
- compare_hash)
- [ -z "$resolver_set_supported" ] && return 1
- local resolverNewHash
- if [ -s "$aghIpsetFile" ]; then
- resolverNewHash="$(md5sum "$aghIpsetFile" | awk '{ print $1; }')"
- fi
- [ "$resolverNewHash" != "$resolverStoredHash" ]
+ [ -n "$resolver_set_supported" ] || return 1
+ local d
+ for d in $value; do
+ nftset 'add_dnsmasq_element' "$iface" "$target" "$type" "$uid" "$name" "$d"
+ done
+# nftset 'add_dnsmasq_element' "$iface" "$target" "$type" "$uid" "$name" "$(str_to_dnsmsaq_nftset "$value")"
;;
- store_hash)
- [ -s "$aghIpsetFile" ] && resolverStoredHash="$(md5sum "$aghIpsetFile" | awk '{ print $1; }')";;
- esac
- ;;
- dnsmasq.ipset)
- case "$param" in
- add_resolver_element)
- [ -n "$resolver_set_supported" ] && ips 'add_dnsmasq_element' "$@";;
create_resolver_set)
- [ -n "$resolver_set_supported" ] && ips 'create_dnsmasq_set' "$@";;
+ [ -n "$resolver_set_supported" ] || return 1
+ nftset 'create_dnsmasq_set' "$iface" "$target" "$type" "$uid" "$name" "$value"
+ ;;
check_support)
- if [ ! -x "$ipset" ]; then
- state add 'errorSummary' 'errorNoIpset'
+ if [ ! -x "$nft" ]; then
+ state add 'errorSummary' 'errorNoNft'
return 1
fi
- if ! dnsmasq -v 2>/dev/null | grep -q 'no-ipset' && dnsmasq -v 2>/dev/null | grep -q 'ipset'; then
+ if ! dnsmasq -v 2>/dev/null | grep -q 'no-nftset' && dnsmasq -v 2>/dev/null | grep -q 'nftset'; then
resolver_set_supported='true'
return 0
else
[ -s "$dnsmasqFile" ] && resolverStoredHash="$(md5sum "$dnsmasqFile" | awk '{ print $1; }')";;
esac
;;
- dnsmasq.nftset)
- case "$param" in
- add_resolver_element)
- [ -n "$resolver_set_supported" ] && nftset 'add_dnsmasq_element' "$@";;
- create_resolver_set)
- [ -n "$resolver_set_supported" ] && nftset 'create_dnsmasq_set' "$@";;
- check_support)
- if [ ! -x "$nft" ]; then
- state add 'errorSummary' 'errorNoNft'
- return 1
- fi
- if ! dnsmasq -v 2>/dev/null | grep -q 'no-nftset' && dnsmasq -v 2>/dev/null | grep -q 'nftset'; then
- resolver_set_supported='true'
- return 0
- else
- state add 'warningSummary' 'warningResolverNotSupported'
- return 1
- fi
- ;;
- cleanup)
- if [ -n "$resolver_set_supported" ]; then
- local dfl
- for dfl in $dnsmasqFileList; do
- rm -f "$dfl"
- done
- fi
- ;;
- configure)
- if [ -n "$resolver_set_supported" ]; then
- local dfl
- for dfl in $dnsmasqFileList; do
- mkdir -p "${dfl%/*}"
- chmod -R 660 "${dfl%/*}"
- chown -R root:dnsmasq "${dfl%/*}"
- touch "$dfl"
- chmod 660 "$dfl"
- chown root:dnsmasq "$dfl"
- done
- fi
- ;;
- configure_instances)
- config_load 'dhcp'
- if [ "$resolver_instance" = "*" ]; then
- config_foreach _resolver_dnsmasq_confdir 'dnsmasq'
- dnsmasqFile="${dnsmasqFile:-$dnsmasqFileDefault}"
- str_contains "$dnsmasqFileList" "$dnsmasqFileDefault" || \
- dnsmasqFileList="${dnsmasqFileList:+$dnsmasqFileList }${dnsmasqFileDefault}"
- else
- for i in $resolver_instance; do
- _resolver_dnsmasq_confdir "@dnsmasq[$i]" \
- || _resolver_dnsmasq_confdir "$i"
- done
- dnsmasqFile="${dnsmasqFile:-$dnsmasqFileDefault}"
- str_contains "$dnsmasqFileList" "$dnsmasqFileDefault" || \
- dnsmasqFileList="${dnsmasqFileList:-$dnsmasqFileDefault}"
- fi
- ;;
- init) :;;
- init_end) :;;
- kill)
- [ -n "$resolver_set_supported" ] && killall -q -s HUP dnsmasq;;
- reload)
- [ -z "$resolver_set_supported" ] && return 1
- output 3 'Reloading dnsmasq '
- if /etc/init.d/dnsmasq reload >/dev/null 2>&1; then
- output_okn
- return 0
- else
- output_failn
- return 1
- fi
- ;;
- restart)
- [ -z "$resolver_set_supported" ] && return 1
- output 3 'Restarting dnsmasq '
- if /etc/init.d/dnsmasq restart >/dev/null 2>&1; then
- output_okn
- return 0
- else
- output_failn
- return 1
- fi
- ;;
- compare_hash)
- [ -z "$resolver_set_supported" ] && return 1
- local resolverNewHash
- if [ -s "$dnsmasqFile" ]; then
- resolverNewHash="$(md5sum "$dnsmasqFile" | awk '{ print $1; }')"
- fi
- [ "$resolverNewHash" != "$resolverStoredHash" ]
- ;;
- store_hash)
- [ -s "$dnsmasqFile" ] && resolverStoredHash="$(md5sum "$dnsmasqFile" | awk '{ print $1; }')";;
- esac
- ;;
- unbound.ipset)
- case "$param" in
- add_resolver_element) :;;
- create_resolver_set) :;;
- check_support) :;;
- cleanup) :;;
- configure) :;;
- init) :;;
- init_end) :;;
- kill) :;;
- reload) :;;
- restart) :;;
- compare_hash) :;;
- store_hash) :;;
- esac
- ;;
- unbound.nftset)
+ unbound.nftset)
case "$param" in
add_resolver_element) :;;
create_resolver_set) :;;
esac
}
-trap_process() {
- output "\\n"
- output "Unexpected exit or service termination: '${1}'!\\n"
- state add 'errorSummary' 'errorUnexpectedExit' "$1"
- traffic_killswitch 'remove'
-}
-
-traffic_killswitch() {
- local s=0
- case "$1" in
- insert)
- local lan_subnet wan_device wan6_device
- [ -n "$secure_reload" ] || return 0
- nft_file 'enabled' && return 0
- for i in $serviceTrapSignals; do
-# shellcheck disable=SC2064
- trap "trap_process $i" "$i"
- done
- output 3 'Activating traffic killswitch '
- network_get_subnet lan_subnet "${procd_lan_interface:-lan}"
- network_get_physdev wan_device "${wanIface4:-wan}"
- network_get_physdev wan6_device "${wanIface6:-wan6}"
- if is_nft_mode; then
- nft_call add chain inet "$nftTable" "${nftPrefix}_killswitch" '{ type filter hook forward priority 0; policy accept; }' || s=1
- nft_call add rule inet "$nftTable" "${nftPrefix}_killswitch" oifname "$wan_device" "$nftIPv4Flag" saddr "$lan_subnet" counter reject || s=1
- nft_call add rule inet "$nftTable" "${nftPrefix}_killswitch" oifname "$wan6_device" "$nftIPv6Flag" saddr "$lan_subnet" counter reject
- else
- ipt -N "${iptPrefix}_KILLSWITCH" || s=1
- ipt -A "${iptPrefix}_KILLSWITCH" -s "$lan_subnet" -o "$wan_device" -j REJECT || s=1
- ipt -A "${iptPrefix}_KILLSWITCH" -s "$lan_subnet" -o "$wan6_device" -j REJECT
- ipt -I FORWARD -j "${iptPrefix}_KILLSWITCH" || s=1
- fi
- if [ "$s" -eq 0 ]; then
- output_okn
- else
- output_failn
- fi
- ;;
- remove)
- if [ -n "$secure_reload" ] && ! nft_file 'enabled'; then
- output 3 'Deactivating traffic killswitch '
- fi
- if is_nft_mode; then
- nft_call flush chain inet "$nftTable" "${nftPrefix}_killswitch" || s=1
- nft_call delete chain inet "$nftTable" "${nftPrefix}_killswitch" || s=1
- else
- ipt -D FORWARD -j "${iptPrefix}_KILLSWITCH" || s=1
- ipt -F "${iptPrefix}_KILLSWITCH" || s=1
- ipt -X "${iptPrefix}_KILLSWITCH" || s=1
- fi
- if [ -n "$secure_reload" ] && ! nft_file 'enabled'; then
- if [ "$s" -eq 0 ]; then
- output_okn
- else
- output_failn
- fi
- fi
-# shellcheck disable=SC2086
- trap - $serviceTrapSignals
- ;;
- esac
-}
-
-policy_routing() { if is_nft_mode; then policy_routing_nft "$@"; else policy_routing_iptables "$@"; fi; }
-policy_routing_iptables() {
- local mark param4 param6 i negation value dest4 dest6 ipInsertOption="-A"
- local ip4error='1' ip6error='1'
- local name="$1" iface="$2" laddr="$3" lport="$4" raddr="$5" rport="$6" proto chain uid="$9"
- proto="$(str_to_lower "$7")"
- chain="$(str_to_upper "$8")"
- chain="${chain:-PREROUTING}"
- mark=$(eval echo "\$mark_${iface//-/_}")
+# original idea by @egc112: https://github.com/egc112/OpenWRT-egc-add-on/tree/main/stop-dns-leak
+dns_policy_routing() {
+ local mark i nftInsertOption='add' proto='tcp udp' proto_i
+ local param4 param6
+ local negation value dest4 dest6 first_value
+ local inline_set_ipv4_empty_flag inline_set_ipv6_empty_flag
+ local name="$1" src_addr="$2" dest_dns="$3" uid="$4"
+ local chain='dstnat_lan' iface='dns'
- if [ -n "$ipv6_enabled" ] && { is_ipv6 "$laddr" || is_ipv6 "$raddr"; }; then
+ if [ -z "${dest_dns_ipv4}${dest_dns_ipv6}" ]; then
processPolicyError='true'
- state add 'errorSummary' 'errorPolicyProcessNoIpv6' "$name"
+ state add 'errorSummary' 'errorPolicyProcessNoInterfaceDns' "'$dest_dns'"
return 1
fi
- if is_tor "$iface"; then
- return 1
- elif is_xray "$iface"; then
- unset rport
- [ -z "$lport" ] && lport='0-52,54-65535'
- proto='tcp udp'
- dest4="-j TPROXY --on-ip 0.0.0.0 --on-port $(get_xray_traffic_port "$iface")"
- dest6="-j TPROXY --on-ip :: --on-port $(get_xray_traffic_port "$iface")"
- elif [ -n "$mark" ]; then
- dest4="-g ${iptPrefix}_MARK_${mark}"
- dest6="-g ${iptPrefix}_MARK_${mark}"
- elif [ "$iface" = "ignore" ]; then
- dest4="-j RETURN"
- dest6="-j RETURN"
- else
+ if [ -z "$ipv6_enabled" ] && is_ipv6 "$(str_first_word "$src_addr")"; then
processPolicyError='true'
- state add 'errorSummary' 'errorPolicyProcessUnknownFwmark' "$iface"
+ state add 'errorSummary' 'errorPolicyProcessNoIpv6' "$name"
return 1
fi
- if is_family_mismatch "$laddr" "$raddr"; then
+ if { is_ipv4 "$(str_first_word "$src_addr")" && [ -z "$dest_dns_ipv4" ]; } || \
+ { is_ipv6 "$(str_first_word "$src_addr")" && [ -z "$dest_dns_ipv6" ]; }; then
processPolicyError='true'
- state add 'errorSummary' 'errorPolicyProcessMismatchFamily' "${name}: '$laddr' '$raddr'"
+ state add 'errorSummary' 'errorPolicyProcessMismatchFamily' "${name}: '$src_addr' '$dest_dns'"
return 1
fi
- if [ -z "$proto" ]; then
- if [ -n "${lport}${rport}" ]; then
- proto='tcp udp'
- else
- proto='all'
- fi
- fi
+ for proto_i in $proto; do
+ unset param4
+ unset param6
- for i in $proto; do
- if [ "$i" = 'all' ]; then
- param4="-t mangle ${ipInsertOption} ${iptPrefix}_${chain} $dest4"
- param6="-t mangle ${ipInsertOption} ${iptPrefix}_${chain} $dest6"
- elif ! is_supported_protocol "$i"; then
- processPolicyError='true'
- state add 'errorSummary' 'errorPolicyProcessUnknownProtocol' "${name}: '$i'"
- return 1
- else
- param4="-t mangle ${ipInsertOption} ${iptPrefix}_${chain} $dest4 -p $i"
- param6="-t mangle ${ipInsertOption} ${iptPrefix}_${chain} $dest6 -p $i"
- fi
+ dest4="dport 53 counter dnat ip to ${dest_dns_ipv4}:53"
+ dest6="dport 53 counter dnat ip6 to ${dest_dns_ipv6}:53"
- if [ -n "$laddr" ]; then
- if [ "${laddr:0:1}" = "!" ]; then
- negation='!'; value="${laddr:1}"
+ if [ -n "$src_addr" ]; then
+ if [ "${src_addr:0:1}" = "!" ]; then
+ negation='!='; src_addr="${src_addr//\!}"; nftset_suffix='_neg';
else
- unset negation; value="$laddr";
+ unset negation; unset nftset_suffix;
fi
- if is_phys_dev "$value"; then
- param4="$param4 ${negation:+$negation }-m physdev --physdev-in ${value:1}"
- param6="$param6 ${negation:+$negation }-m physdev --physdev-in ${value:1}"
- elif is_ipv4_netmask "$value"; then
- local target='src' type='net'
- if ips 'create' "$iface" "$target" "$type" "$uid" "${name}: $laddr" && \
- ips 'add' "$iface" "$target" "$type" "$uid" "${name}: $laddr" "$value"; then
- param4="$param4 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_4_${target}_${type}_${uid} $target"
- param6="$param6 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_6_${target}_${type}_${uid} $target"
- else
- param4="$param4 ${negation:+$negation }-s $value"
- param6="$param6 ${negation:+$negation }-s $value"
- fi
- elif is_mac_address "$value"; then
- local target='src' type='mac'
- if ips 'create' "$iface" "$target" "$type" "$uid" "${name}: $laddr" && \
- ips 'add' "$iface" "$target" "$type" "$uid" "${name}: $laddr" "$value"; then
- param4="$param4 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_4_${target}_${type}_${uid} $target"
- param6="$param6 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_6_${target}_${type}_${uid} $target"
- else
- param4="$param4 -m mac ${negation:+$negation }--mac-source $value"
- param6="$param6 -m mac ${negation:+$negation }--mac-source $value"
- fi
- else
- local target='src' type='ip'
- if ips 'create' "$iface" "$target" "$type" "$uid" "${name}: $laddr" && \
- ips 'add' "$iface" "$target" "$type" "$uid" "${name}: $laddr" "$value"; then
- param4="$param4 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_4_${target}_${type}_${uid} $target"
- param6="$param6 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_6_${target}_${type}_${uid} $target"
- else
- local resolvedIP4 resolvedIP6
- resolvedIP4="$(resolveip_to_ipt4 "$value")"
- resolvedIP6="$(resolveip_to_ipt6 "$value")"
- if [ -z "$resolvedIP4" ] && [ -z "$resolvedIP6" ]; then
- state add 'errorSummary' 'errorFailedToResolve' "$value"
+ value="$src_addr"
+ first_value="$(str_first_word "$value")"
+ if is_phys_dev_quick "$first_value"; then
+ param4="${param4:+$param4 }iifname ${negation:+$negation }{ $(inline_set "$value") }"
+ param6="${param6:+$param6 }iifname ${negation:+$negation }{ $(inline_set "$value") }"
+ elif is_mac_address "$first_value"; then
+ param4="${param4:+$param4 }ether saddr ${negation:+$negation }{ $(inline_set "$value") }"
+ param6="${param6:+$param6 }ether saddr ${negation:+$negation }{ $(inline_set "$value") }"
+ elif is_domain "$first_value"; then
+ local inline_set_ipv4='' inline_set_ipv6='' d=''
+ for d in $value; do
+ local resolved_ipv4 resolved_ipv6
+ resolved_ipv4="$(resolveip_to_nftset4 "$d")"
+ resolved_ipv6="$(resolveip_to_nftset6 "$d")"
+ if [ -z "${resolved_ipv4}${resolved_ipv6}" ]; then
+ state add 'errorSummary' 'errorFailedToResolve' "$d"
+ else
+ [ -n "$resolved_ipv4" ] && inline_set_ipv4="${inline_set_ipv4:+$inline_set_ipv4, }$resolved_ipv4"
+ [ -n "$resolved_ipv6" ] && inline_set_ipv6="${inline_set_ipv6:+$inline_set_ipv6, }$resolved_ipv6"
fi
- param4="$param4 ${negation:+$negation }-s $resolvedIP4"
- param6="$param6 ${negation:+$negation }-s $resolvedIP6"
- fi
- fi
- fi
-
- if [ -n "$lport" ]; then
- if [ "${lport:0:1}" = "!" ]; then
- negation='!'; value="${lport:1}"
+ done
+ [ -n "$inline_set_ipv4" ] || inline_set_ipv4_empty_flag='true'
+ [ -n "$inline_set_ipv6" ] || inline_set_ipv6_empty_flag='true'
+ param4="${param4:+$param4 }${nftIPv4Flag} saddr ${negation:+$negation }{ $inline_set_ipv4 }"
+ param6="${param6:+$param6 }${nftIPv6Flag} saddr ${negation:+$negation }{ $inline_set_ipv6 }"
else
- unset negation; value="$lport";
+ param4="${param4:+$param4 }${nftIPv4Flag} saddr ${negation:+$negation }{ $(inline_set "$value") }"
+ param6="${param6:+$param6 }${nftIPv6Flag} saddr ${negation:+$negation }{ $(inline_set "$value") }"
fi
- param4="$param4 -m multiport ${negation:+$negation }--sport ${value//-/:}"
- param6="$param6 -m multiport ${negation:+$negation }--sport ${value//-/:}"
fi
- if [ -n "$raddr" ]; then
- if [ "${raddr:0:1}" = "!" ]; then
- negation='!'; value="${raddr:1}"
- else
- unset negation; value="$raddr";
- fi
- if is_ipv4_netmask "$value"; then
- local target='dst' type='net'
- if ips 'create' "$iface" "$target" "$type" "$uid" "${name}: $raddr" && \
- ips 'add' "$iface" "$target" "$type" "$uid" "${name}: $raddr" "$value"; then
- param4="$param4 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_4_${target}_${type}_${uid} $target"
- param6="$param6 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_6_${target}_${type}_${uid} $target"
- else
- param4="$param4 ${negation:+$negation }-d ${value}"
- param6="$param6 ${negation:+$negation }-d ${value}"
- fi
- elif is_domain "$value"; then
- local target='dst' type='ip'
- if resolver 'create_resolver_set' "$iface" "$target" "$type" "$uid" "${name}: $raddr" && \
- resolver 'add_resolver_element' "$iface" "$target" "$type" "$uid" "${name}: $raddr" "$value"; then
- param4="$param4 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_4_${target}_${type}_${uid} $target"
- param6="$param6 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_6_${target}_${type}_${uid} $target"
- elif ips 'create' "$iface" "$target" "$type" "$uid" "${name}: $raddr" && \
- ips 'add' "$iface" "$target" "$type" "$uid" "${name}: $raddr" "$value"; then
- param4="$param4 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_4_${target}_${type}_${uid} $target"
- param6="$param6 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_6_${target}_${type}_${uid} $target"
- else
- local resolvedIP4 resolvedIP6
- resolvedIP4="$(resolveip_to_ipt4 "$value")"
- resolvedIP6="$(resolveip_to_ipt6 "$value")"
- if [ -z "$resolvedIP4" ] && [ -z "$resolvedIP6" ]; then
- state add 'errorSummary' 'errorFailedToResolve' "$value"
- fi
- param4="$param4 ${negation:+$negation }-d $resolvedIP4"
- param6="$param6 ${negation:+$negation }-d $resolvedIP6"
- fi
- else
- local target='dst' type='ip'
- if ips 'create' "$iface" "$target" "$type" "$uid" "${name}: $raddr" && \
- ips 'add' "$iface" "$target" "$type" "$uid" "${name}: $raddr" "$value"; then
- param4="$param4 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_4_${target}_${type}_${uid} $target"
- param6="$param6 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_6_${target}_${type}_${uid} $target"
- else
- param4="$param4 ${negation:+$negation }-d ${value}"
- param6="$param6 ${negation:+$negation }-d ${value}"
- fi
- fi
- fi
+ param4="$nftInsertOption rule inet ${nftTable} ${nftPrefix}_${chain} ${param4} ${proto_i} ${nft_rule_params} ${dest4} comment \"$name\""
+ param6="$nftInsertOption rule inet ${nftTable} ${nftPrefix}_${chain} ${param6} ${proto_i} ${nft_rule_params} ${dest6} comment \"$name\""
- if [ -n "$rport" ]; then
- if [ "${rport:0:1}" = "!" ]; then
- negation='!'; value="${rport:1}"
- else
- unset negation; value="$rport";
- fi
- param4="$param4 -m multiport ${negation:+$negation }--dport ${value//-/:}"
- param6="$param6 -m multiport ${negation:+$negation }--dport ${value//-/:}"
+ local ipv4_error='0' ipv6_error='0'
+ if [ "$policy_routing_nft_prev_param4" != "$param4" ] && \
+ [ -n "$first_value" ] && ! is_ipv6 "$first_value" && \
+ [ -z "$inline_set_ipv4_empty_flag" ] && [ -n "$dest_dns_ipv4" ]; then
+ nft4 "$param4" || ipv4_error='1'
+ policy_routing_nft_prev_param4="$param4"
fi
-
- if [ -n "$name" ]; then
- param4="$param4 -m comment --comment $(str_extras_to_underscore "$name")"
- param6="$param6 -m comment --comment $(str_extras_to_underscore "$name")"
+ if [ "$policy_routing_nft_prev_param6" != "$param6" ] && [ "$param4" != "$param6" ] && \
+ [ -n "$first_value" ] && ! is_ipv4 "$first_value" && \
+ [ -z "$inline_set_ipv6_empty_flag" ] && [ -n "$dest_dns_ipv6" ]; then
+ nft6 "$param6" || ipv6_error='1'
+ policy_routing_nft_prev_param6="$param6"
fi
- local ipv4_error='0' ipv6_error='0'
- if [ "$param4" = "$param6" ]; then
- ipt4 "$param4" || ipv4_error='1'
- else
- ipt4 "$param4" || ipv4_error='1'
- ipt6 "$param6" || ipv6_error='1'
+ if [ -n "$ipv6_enabled" ] && [ "$ipv4_error" -eq '1' ] && [ "$ipv6_error" -eq '1' ]; then
+ processPolicyError='true'
+ state add 'errorSummary' 'errorPolicyProcessInsertionFailed' "$name"
+ state add 'errorSummary' 'errorPolicyProcessCMD' "nft $param4"
+ state add 'errorSummary' 'errorPolicyProcessCMD' "nft $param6"
+ logger -t "$packageName" "ERROR: nft $param4"
+ logger -t "$packageName" "ERROR: nft $param6"
+ elif [ -z "$ipv6_enabled" ] && [ "$ipv4_error" -eq '1' ]; then
+ processPolicyError='true'
+ state add 'errorSummary' 'errorPolicyProcessInsertionFailedIpv4' "$name"
+ state add 'errorSummary' 'errorPolicyProcessCMD' "nft $param4"
+ logger -t "$packageName" "ERROR: nft $param4"
fi
-
- if [ -n "$ipv6_enabled" ] && [ "$ipv4_error" -eq '1' ] && [ "$ipv6_error" -eq '1' ]; then
- processPolicyError='true'
- state add 'errorSummary' 'errorPolicyProcessInsertionFailed' "$name"
- state add 'errorSummary' 'errorPolicyProcessCMD' "iptables $param4"
- state add 'errorSummary' 'errorPolicyProcessCMD' "iptables $param6"
- logger -t "$packageName" "ERROR: iptables $param4"
- logger -t "$packageName" "ERROR: iptables $param6"
- elif [ -z "$ipv6_enabled" ] && [ "$ipv4_error" -eq '1' ]; then
- processPolicyError='true'
- state add 'errorSummary' 'errorPolicyProcessInsertionFailedIpv4' "$name"
- state add 'errorSummary' 'errorPolicyProcessCMD' "iptables $param4"
- logger -t "$packageName" "ERROR: iptables $param4"
- fi
-
done
}
-policy_routing_nft() {
+
+policy_routing() {
local mark i nftInsertOption='add'
- local param4 param6 proto_i negation value dest4 dest6
+ local param4 param6 proto_i negation value dest4 dest6
+ local nftset_suffix first_value_src first_value_dest
+ local src_inline_set_ipv4_empty_flag src_inline_set_ipv6_empty_flag
+ local dest_inline_set_ipv4_empty_flag dest_inline_set_ipv6_empty_flag
local name="$1" iface="$2" src_addr="$3" src_port="$4" dest_addr="$5" dest_port="$6" proto chain uid="$9"
proto="$(str_to_lower "$7")"
chain="$(str_to_lower "$8")"
chain="${chain:-prerouting}"
mark=$(eval echo "\$mark_${iface//-/_}")
- if [ -z "$ipv6_enabled" ] && { is_ipv6 "$src_addr" || is_ipv6 "$dest_addr"; }; then
+ if [ -z "$ipv6_enabled" ] && \
+ { is_ipv6 "$(str_first_word "$src_addr")" || is_ipv6 "$(str_first_word "$dest_addr")"; }; then
processPolicyError='true'
state add 'errorSummary' 'errorPolicyProcessNoIpv6' "$name"
return 1
return 1
fi
- if is_family_mismatch "$src_addr" "$dest_addr"; then
- processPolicyError='true'
- state add 'errorSummary' 'errorPolicyProcessMismatchFamily' "${name}: '$src_addr' '$dest_addr'"
- return 1
- fi
+ # TODO: implement actual family mismatch check on lists
+# if is_family_mismatch "$src_addr" "$dest_addr"; then
+# processPolicyError='true'
+# state add 'errorSummary' 'errorPolicyProcessMismatchFamily' "${name}: '$src_addr' '$dest_addr'"
+# return 1
+# fi
if [ -z "$proto" ]; then
if [ -n "${src_port}${dest_port}" ]; then
if [ -n "$src_addr" ]; then
if [ "${src_addr:0:1}" = "!" ]; then
- negation='!='; value="${src_addr:1}"
+ negation='!='; value="${src_addr//\!}"; nftset_suffix='_neg';
else
- unset negation; value="$src_addr";
+ unset negation; value="$src_addr"; unset nftset_suffix;
fi
- if is_phys_dev "$value"; then
- param4="${param4:+$param4 }iifname ${negation:+$negation }${value:1}"
- param6="${param6:+$param6 }iifname ${negation:+$negation }${value:1}"
- elif is_mac_address "$value"; then
- local target='src' type='mac'
- if nftset 'create' "$iface" "$target" "$type" "$uid" "$name" && \
- nftset 'add' "$iface" "$target" "$type" "$uid" "$name" "$value"; then
- param4="${param4:+$param4 }ether saddr ${negation:+$negation }@${nftPrefix}_${iface}_4_${target}_${type}_${uid}"
- param6="${param6:+$param6 }ether saddr ${negation:+$negation }@${nftPrefix}_${iface}_6_${target}_${type}_${uid}"
- else
- param4="${param4:+$param4 }ether saddr ${negation:+$negation }${value}"
- param6="${param6:+$param6 }ether saddr ${negation:+$negation }${value}"
- fi
+ first_value_src="$(str_first_word "$value")"
+ if is_phys_dev_quick "$first_value_src"; then
+ param4="${param4:+$param4 }iifname ${negation:+$negation }{ $(inline_set "$value") }"
+ param6="${param6:+$param6 }iifname ${negation:+$negation }{ $(inline_set "$value") }"
+ elif is_mac_address "$first_value_src"; then
+ param4="${param4:+$param4 }ether saddr ${negation:+$negation }{ $(inline_set "$value") }"
+ param6="${param6:+$param6 }ether saddr ${negation:+$negation }{ $(inline_set "$value") }"
+ elif is_domain "$first_value_src"; then
+ local inline_set_ipv4='' inline_set_ipv6='' d=''
+ unset src_inline_set_ipv4_empty_flag
+ unset src_inline_set_ipv6_empty_flag
+ for d in $value; do
+ local resolved_ipv4 resolved_ipv6
+ resolved_ipv4="$(resolveip_to_nftset4 "$d")"
+ resolved_ipv6="$(resolveip_to_nftset6 "$d")"
+ if [ -z "${resolved_ipv4}${resolved_ipv6}" ]; then
+ state add 'errorSummary' 'errorFailedToResolve' "$d"
+ else
+ [ -n "$resolved_ipv4" ] && inline_set_ipv4="${inline_set_ipv4:+$inline_set_ipv4, }$resolved_ipv4"
+ [ -n "$resolved_ipv6" ] && inline_set_ipv6="${inline_set_ipv6:+$inline_set_ipv6, }$resolved_ipv6"
+ fi
+ done
+ [ -n "$inline_set_ipv4" ] || src_inline_set_ipv4_empty_flag='true'
+ [ -n "$inline_set_ipv6" ] || src_inline_set_ipv6_empty_flag='true'
+ param4="${param4:+$param4 }${nftIPv4Flag} saddr ${negation:+$negation }{ $inline_set_ipv4 }"
+ param6="${param6:+$param6 }${nftIPv6Flag} saddr ${negation:+$negation }{ $inline_set_ipv6 }"
else
- local target='src' type='ip'
- if nftset 'create' "$iface" "$target" "$type" "$uid" "$name" && \
- nftset 'add' "$iface" "$target" "$type" "$uid" "$name" "$value"; then
- param4="${param4:+$param4 }${nftIPv4Flag} saddr ${negation:+$negation }@${nftPrefix}_${iface}_4_${target}_${type}_${uid}"
- param6="${param6:+$param6 }${nftIPv6Flag} saddr ${negation:+$negation }@${nftPrefix}_${iface}_6_${target}_${type}_${uid}"
- else
- param4="${param4:+$param4 }${nftIPv4Flag} saddr ${negation:+$negation }${value}"
- param6="${param6:+$param6 }${nftIPv6Flag} saddr ${negation:+$negation }${value}"
- fi
+ param4="${param4:+$param4 }${nftIPv4Flag} saddr ${negation:+$negation }{ $(inline_set "$value") }"
+ param6="${param6:+$param6 }${nftIPv6Flag} saddr ${negation:+$negation }{ $(inline_set "$value") }"
fi
fi
if [ -n "$dest_addr" ]; then
if [ "${dest_addr:0:1}" = "!" ]; then
- negation='!='; value="${dest_addr:1}"
+ negation='!='; value="${src_addr//\!}"; nftset_suffix='_neg';
else
- unset negation; value="$dest_addr";
+ unset negation; value="$dest_addr"; unset nftset_suffix;
fi
- if is_phys_dev "$value"; then
- param4="${param4:+$param4 }oifname ${negation:+$negation }${value:1}"
- param6="${param6:+$param6 }oifname ${negation:+$negation }${value:1}"
- elif is_domain "$value"; then
+ first_value_dest="$(str_first_word "$value")"
+ if is_phys_dev_quick "$first_value_dest"; then
+ param4="${param4:+$param4 }oifname ${negation:+$negation }{ $(inline_set "$value") }"
+ param6="${param6:+$param6 }oifname ${negation:+$negation }{ $(inline_set "$value") }"
+ elif is_domain "$first_value_dest"; then
local target='dst' type='ip'
if resolver 'create_resolver_set' "$iface" "$target" "$type" "$uid" "$name" && \
resolver 'add_resolver_element' "$iface" "$target" "$type" "$uid" "$name" "$value"; then
- param4="${param4:+$param4 }${nftIPv4Flag} daddr ${negation:+$negation }@${nftPrefix}_${iface}_4_${target}_${type}_${uid}"
- param6="${param6:+$param6 }${nftIPv6Flag} daddr ${negation:+$negation }@${nftPrefix}_${iface}_6_${target}_${type}_${uid}"
- elif nftset 'create' "$iface" "$target" "$type" "$uid" "$name" && \
- nftset 'add' "$iface" "$target" "$type" "$uid" "$name" "$value"; then
- param4="${param4:+$param4 }${nftIPv4Flag} daddr ${negation:+$negation }@${nftPrefix}_${iface}_4_${target}_${type}_${uid}"
- param6="${param6:+$param6 }${nftIPv6Flag} daddr ${negation:+$negation }@${nftPrefix}_${iface}_6_${target}_${type}_${uid}"
+ param4="${param4:+$param4 }${nftIPv4Flag} daddr ${negation:+$negation }@${nftPrefix}_${iface}_4_${target}_${type}_${uid}${nftset_suffix}"
+ param6="${param6:+$param6 }${nftIPv6Flag} daddr ${negation:+$negation }@${nftPrefix}_${iface}_6_${target}_${type}_${uid}${nftset_suffix}"
else
- local resolvedIP4 resolvedIP6
- resolvedIP4="$(resolveip_to_nftset4 "$value")"
- resolvedIP6="$(resolveip_to_nftset6 "$value")"
- if [ -z "$resolvedIP4" ] && [ -z "$resolvedIP6" ]; then
- state add 'errorSummary' 'errorFailedToResolve' "$value"
- fi
- param4="${param4:+$param4 }${nftIPv4Flag} daddr ${negation:+$negation }{ $resolvedIP4 }"
- param6="${param6:+$param6 }${nftIPv6Flag} daddr ${negation:+$negation }{ $resolvedIP6 }"
+ local inline_set_ipv4='' inline_set_ipv6='' d=''
+ unset dest_inline_set_ipv4_empty_flag
+ unset dest_inline_set_ipv6_empty_flag
+ for d in $value; do
+ local resolved_ipv4 resolved_ipv6
+ resolved_ipv4="$(resolveip_to_nftset4 "$d")"
+ resolved_ipv6="$(resolveip_to_nftset6 "$d")"
+ if [ -z "${resolved_ipv4}${resolved_ipv6}" ]; then
+ state add 'errorSummary' 'errorFailedToResolve' "$d"
+ else
+ [ -n "$resolved_ipv4" ] && inline_set_ipv4="${inline_set_ipv4:+$inline_set_ipv4, }$resolved_ipv4"
+ [ -n "$resolved_ipv6" ] && inline_set_ipv6="${inline_set_ipv6:+$inline_set_ipv6, }$resolved_ipv6"
+ fi
+ done
+ [ -n "$inline_set_ipv4" ] || dest_inline_set_ipv4_empty_flag='true'
+ [ -n "$inline_set_ipv6" ] || dest_inline_set_ipv6_empty_flag='true'
+ param4="${param4:+$param4 }${nftIPv4Flag} daddr ${negation:+$negation }{ $inline_set_ipv4 }"
+ param6="${param6:+$param6 }${nftIPv6Flag} daddr ${negation:+$negation }{ $inline_set_ipv6 }"
fi
else
- local target='dst' type='ip'
- if nftset 'create' "$iface" "$target" "$type" "$uid" "$name" && \
- nftset 'add' "$iface" "$target" "$type" "$uid" "$name" "$value"; then
- param4="${param4:+$param4 }${nftIPv4Flag} daddr ${negation:+$negation }@${nftPrefix}_${iface}_4_${target}_${type}_${uid}"
- param6="${param6:+$param6 }${nftIPv6Flag} daddr ${negation:+$negation }@${nftPrefix}_${iface}_6_${target}_${type}_${uid}"
- else
- param4="${param4:+$param4 }${nftIPv4Flag} daddr ${negation:+$negation }${value}"
- param6="${param6:+$param6 }${nftIPv6Flag} daddr ${negation:+$negation }${value}"
- fi
+ param4="${param4:+$param4 }${nftIPv4Flag} daddr ${negation:+$negation }{ $(inline_set "$value") }"
+ param6="${param6:+$param6 }${nftIPv6Flag} daddr ${negation:+$negation }{ $(inline_set "$value") }"
fi
fi
else
unset negation; value="$src_port";
fi
- param4="${param4:+$param4 }${proto_i:+$proto_i }sport ${negation:+$negation }{$(ports_to_nftset "$value")}"
- param6="${param6:+$param6 }${proto_i:+$proto_i }sport ${negation:+$negation }{$(ports_to_nftset "$value")}"
+ param4="${param4:+$param4 }${proto_i:+$proto_i }sport ${negation:+$negation }{ $(inline_set "$value") }"
+ param6="${param6:+$param6 }${proto_i:+$proto_i }sport ${negation:+$negation }{ $(inline_set "$value") }"
fi
if [ -n "$dest_port" ]; then
else
unset negation; value="$dest_port";
fi
- param4="${param4:+$param4 }${proto_i:+$proto_i }dport ${negation:+$negation }{$(ports_to_nftset "$value")}"
- param6="${param6:+$param6 }${proto_i:+$proto_i }dport ${negation:+$negation }{$(ports_to_nftset "$value")}"
+ param4="${param4:+$param4 }${proto_i:+$proto_i }dport ${negation:+$negation }{ $(inline_set "$value") }"
+ param6="${param6:+$param6 }${proto_i:+$proto_i }dport ${negation:+$negation }{ $(inline_set "$value") }"
fi
if is_tor "$iface"; then
fi
done
else
- param4="$nftInsertOption rule inet $nftTable ${nftPrefix}_${chain} $param4 $dest4 comment \"$name\""
- param6="$nftInsertOption rule inet $nftTable ${nftPrefix}_${chain} $param6 $dest6 comment \"$name\""
+ param4="$nftInsertOption rule inet $nftTable ${nftPrefix}_${chain} ${param4} ${nft_rule_params} ${dest4} comment \"$name\""
+ param6="$nftInsertOption rule inet $nftTable ${nftPrefix}_${chain} ${param6} ${nft_rule_params} ${dest6} comment \"$name\""
local ipv4_error='0' ipv6_error='0'
- if [ "$policy_routing_nft_prev_param4" != "$param4" ]; then
- nft4 "$param4" || ipv4_error='1'
- policy_routing_nft_prev_param4="$param4"
+ if [ "$policy_routing_nft_prev_param4" != "$param4" ] && \
+ [ -z "$src_inline_set_ipv4_empty_flag" ] && [ -z "$dest_inline_set_ipv4_empty_flag" ] && \
+ [ "$filter_group_src_addr" != 'ipv6' ] && [ "$filter_group_src_addr" != 'ipv6_negative' ] && \
+ [ "$filter_group_dest_addr" != 'ipv6' ] && [ "$filter_group_dest_addr" != 'ipv6_negative' ]; then
+ nft4 "$param4" || ipv4_error='1'
+ policy_routing_nft_prev_param4="$param4"
fi
- if [ "$policy_routing_nft_prev_param6" != "$param6" ] && \
- [ "$param4" != "$param6" ]; then
- nft6 "$param6" || ipv6_error='1'
- policy_routing_nft_prev_param6="$param6"
+ if [ "$policy_routing_nft_prev_param6" != "$param6" ] && [ "$param4" != "$param6" ] && \
+ [ -z "$src_inline_set_ipv6_empty_flag" ] && [ -z "$dest_inline_set_ipv6_empty_flag" ] && \
+ [ "$filter_group_src_addr" != 'ipv4' ] && [ "$filter_group_src_addr" != 'ipv4_negative' ] && \
+ [ "$filter_group_dest_addr" != 'ipv4' ] && [ "$filter_group_dest_addr" != 'ipv4_negative' ]; then
+ nft6 "$param6" || ipv6_error='1'
+ policy_routing_nft_prev_param6="$param6"
fi
if [ -n "$ipv6_enabled" ] && [ "$ipv4_error" -eq '1' ] && [ "$ipv6_error" -eq '1' ]; then
done
}
-policy_process() {
- local i j uid="$9"
- if [ -z "$uid" ]; then # first non-recursive call
- [ "$enabled" -gt 0 ] || return 0
- unset processPolicyError
- uid="$1"
- if is_nft_mode; then
- chain="$(str_to_lower "$chain")"
- else
- chain="$(str_to_upper "$chain")"
- fi
- proto="$(str_to_lower "$proto")"
- [ "$proto" = 'auto' ] && unset proto
- [ "$proto" = 'all' ] && unset proto
- output 2 "Routing '$name' via $interface "
- if [ -z "${src_addr}${src_port}${dest_addr}${dest_port}" ]; then
- state add 'errorSummary' 'errorPolicyNoSrcDest' "$name"
- output_fail; return 1;
- fi
- if [ -z "$interface" ]; then
- state add 'errorSummary' 'errorPolicyNoInterface' "$name"
- output_fail; return 1;
- fi
- if ! is_supported_interface "$interface"; then
- state add 'errorSummary' 'errorPolicyUnknownInterface' "$name"
- output_fail; return 1;
- fi
- src_port="${src_port// / }"; src_port="${src_port// /,}"; src_port="${src_port//,\!/ !}";
- dest_port="${dest_port// / }"; dest_port="${dest_port// /,}"; dest_port="${dest_port//,\!/ !}";
- policy_process "$name" "$interface" "$src_addr" "$src_port" "$dest_addr" "$dest_port" "$proto" "$chain" "$uid"
- if [ -n "$processPolicyError" ]; then
- output_fail
- else
- output_ok
- fi
- else # recursive call, get options from passed variables
- local name="$1" interface="$2" src_addr="$3" src_port="$4" dest_addr="$5" dest_port="$6" proto="$7" chain="$8"
- if str_contains "$src_addr" '[ ;\{\}]'; then
- for i in $(str_extras_to_space "$src_addr"); do [ -n "$i" ] && policy_process "$name" "$interface" "$i" "$src_port" "$dest_addr" "$dest_port" "$proto" "$chain" "$uid"; done
- elif str_contains "$src_port" '[ ;\{\}]'; then
- for i in $(str_extras_to_space "$src_port"); do [ -n "$i" ] && policy_process "$name" "$interface" "$src_addr" "$i" "$dest_addr" "$dest_port" "$proto" "$chain" "$uid"; done
- elif str_contains "$dest_addr" '[ ;\{\}]'; then
- for i in $(str_extras_to_space "$dest_addr"); do [ -n "$i" ] && policy_process "$name" "$interface" "$src_addr" "$src_port" "$i" "$dest_port" "$proto" "$chain" "$uid"; done
- elif str_contains "$dest_port" '[ ;\{\}]'; then
- for i in $(str_extras_to_space "$dest_port"); do [ -n "$i" ] && policy_process "$name" "$interface" "$src_addr" "$src_port" "$dest_addr" "$i" "$proto" "$chain" "$uid"; done
- elif str_contains "$proto" '[ ;\{\}]'; then
- for i in $(str_extras_to_space "$proto"); do [ -n "$i" ] && policy_process "$name" "$interface" "$src_addr" "$src_port" "$dest_addr" "$dest_port" "$i" "$chain" "$uid"; done
- else
- if [ -n "$secure_reload" ] && { is_url_dl "$src_addr" || is_url_dl "$dest_addr"; }; then
- state add 'errorSummary' 'errorNoDownloadWithSecureReload' "$name"
- elif is_url "$src_addr"; then
- src_addr="$(process_url "$src_addr")"
- [ -n "$src_addr" ] && policy_process "$name" "$interface" "$src_addr" "$src_port" "$dest_addr" "$dest_port" "$proto" "$chain" "$uid"
- elif is_url "$dest_addr"; then
- dest_addr="$(process_url "$dest_addr")"
- [ -n "$dest_addr" ] && policy_process "$name" "$interface" "$src_addr" "$src_port" "$dest_addr" "$dest_port" "$proto" "$chain" "$uid"
- else
- policy_routing "$name" "$interface" "$src_addr" "$src_port" "$dest_addr" "$dest_port" "$proto" "$chain" "$uid"
+dns_policy_process() {
+ local i j uid="$1"
+
+ [ "$enabled" -gt '0' ] || return 0
+
+ src_addr="$(str_extras_to_space "$src_addr")"
+ dest_dns="$(str_extras_to_space "$dest_dns")"
+
+ local dest_dns_interface dest_dns_ipv4 dest_dns_ipv6
+ dest_dns_interface="$(str_first_value_interface "$dest_dns")"
+ dest_dns_ipv4="$(str_first_value_ipv4 "$dest_dns")"
+ dest_dns_ipv6="$(str_first_value_ipv6 "$dest_dns")"
+ if is_supported_interface "$dest_dns_interface"; then
+ local d
+ for d in $(uci -q get network."$dest_dns_interface".dns); do
+ if ! is_family_mismatch "$src_addr" "$d"; then
+ if is_ipv4 "$d"; then
+ dest_dns_ipv4="${dest_dns_ipv4:-$d}"
+ elif is_ipv6 "$d"; then
+ dest_dns_ipv6="${dest_dns_ipv6:-$d}"
+ fi
fi
+ done
+ fi
+
+ unset processDnsPolicyError
+ output 2 "Routing '$name' DNS to $dest_dns "
+ if [ -z "$src_addr" ]; then
+ state add 'errorSummary' 'errorPolicyNoSrcDest' "$name"
+ output_fail; return 1;
+ fi
+ if [ -z "$dest_dns" ]; then
+ state add 'errorSummary' 'errorPolicyNoDns' "$name"
+ output_fail; return 1;
+ fi
+
+ # group by type of src_addr values so that one nft set can be created per type within policy
+ local filter_list_src_addr='phys_dev phys_dev_negative mac_address mac_address_negative domain domain_negative ipv4 ipv4_negative ipv6 ipv6_negative'
+ local filter_group_src_addr filtered_value_src_addr
+ for filter_group_src_addr in $filter_list_src_addr; do
+ filtered_value_src_addr=$(filter_options "$filter_group_src_addr" "$src_addr")
+ if [ -n "$src_addr" ] && [ -n "$filtered_value_src_addr" ]; then
+ if str_contains "$filter_group_src_addr" 'ipv4' && [ -z "$dest_dns_ipv4" ] ; then
+ continue
+ fi
+ if str_contains "$filter_group_src_addr" 'ipv6' && [ -z "$dest_dns_ipv6" ] ; then
+ continue
+ fi
+ dns_policy_routing "$name" "$filtered_value_src_addr" "$dest_dns" "$uid"
fi
+ done
+
+ if [ -n "$processDnsPolicyError" ]; then
+ output_fail
+ else
+ output_ok
fi
}
-try() {
- if ! "$@"; then
- state add 'errorSummary' 'errorTryFailed' "$*"
- return 1
+policy_process() {
+ local i j uid="$1"
+
+ [ "$enabled" -gt '0' ] || return 0
+
+ src_addr="$(str_extras_to_space "$src_addr")"
+ src_port="$(str_extras_to_space "$src_port")"
+ dest_addr="$(str_extras_to_space "$dest_addr")"
+ dest_port="$(str_extras_to_space "$dest_port")"
+
+ unset processPolicyError
+ proto="$(str_to_lower "$proto")"
+ [ "$proto" = 'auto' ] && unset proto
+ [ "$proto" = 'all' ] && unset proto
+ output 2 "Routing '$name' via $interface "
+ if [ -z "${src_addr}${src_port}${dest_addr}${dest_port}" ]; then
+ state add 'errorSummary' 'errorPolicyNoSrcDest' "$name"
+ output_fail; return 1;
+ fi
+ if [ -z "$interface" ]; then
+ state add 'errorSummary' 'errorPolicyNoInterface' "$name"
+ output_fail; return 1;
+ fi
+ if ! is_supported_interface "$interface"; then
+ state add 'errorSummary' 'errorPolicyUnknownInterface' "$name"
+ output_fail; return 1;
+ fi
+
+ unset j
+ for i in $src_addr; do
+ if is_url "$i"; then
+ i="$(process_url "$i")"
+ fi
+ j="${j:+$j }$i"
+ done
+ src_addr="$j"
+
+ unset j
+ for i in $dest_addr; do
+ if is_url "$i"; then
+ i="$(process_url "$i")"
+ fi
+ j="${j:+$j }$i"
+ done
+ dest_addr="$j"
+
+ # TODO: if only src_addr is set add option 121 to dhcp leases?
+
+ local filter_list_src_addr='phys_dev phys_dev_negative mac_address mac_address_negative domain domain_negative ipv4 ipv4_negative ipv6 ipv6_negative'
+ local filter_list_dest_addr='domain domain_negative ipv4 ipv4_negative ipv6 ipv6_negative'
+ local filter_group_src_addr filtered_value_src_addr filter_group_dest_addr filtered_value_dest_addr
+ [ -z "$src_addr" ] && filter_list_src_addr='none'
+ for filter_group_src_addr in $filter_list_src_addr; do
+ filtered_value_src_addr=$(filter_options "$filter_group_src_addr" "$src_addr")
+ if [ -z "$src_addr" ] || { [ -n "$src_addr" ] && [ -n "$filtered_value_src_addr" ]; }; then
+ [ -z "$dest_addr" ] && filter_list_dest_addr='none'
+ for filter_group_dest_addr in $filter_list_dest_addr; do
+ filtered_value_dest_addr=$(filter_options "$filter_group_dest_addr" "$dest_addr")
+ if [ -z "$dest_addr" ] || { [ -n "$dest_addr" ] && [ -n "$filtered_value_dest_addr" ]; }; then
+ if str_contains "$filter_group_src_addr" 'ipv4' && str_contains "$filter_group_dest_addr" 'ipv6'; then
+ continue
+ fi
+ if str_contains "$filter_group_src_addr" 'ipv6' && str_contains "$filter_group_dest_addr" 'ipv4'; then
+ continue
+ fi
+ policy_routing "$name" "$interface" "$filtered_value_src_addr" "$src_port" "$filtered_value_dest_addr" "$dest_port" "$proto" "$chain" "$uid"
+ fi
+ done
+ fi
+ done
+
+ if [ -n "$processPolicyError" ]; then
+ output_fail
+ else
+ output_ok
fi
}
create)
if is_netifd_table_interface "$iface"; then
ipv4_error=0
- $ip_bin -4 rule del table "$tid" >/dev/null 2>&1
- try "$ip_bin" -4 rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv4_error=1
- if is_nft_mode; then
- try nft add chain inet "$nftTable" "${nftPrefix}_mark_${mark}" || ipv4_error=1
- try nft add rule inet "$nftTable" "${nftPrefix}_mark_${mark} counter mark set mark and ${fw_maskXor} xor ${mark}" || ipv4_error=1
- try nft add rule inet "$nftTable" "${nftPrefix}_mark_${mark} return" || ipv4_error=1
- else
- ipt -t mangle -N "${iptPrefix}_MARK_${mark}" || ipv4_error=1
- ipt -t mangle -A "${iptPrefix}_MARK_${mark}" -j MARK --set-xmark "${mark}/${fw_mask}" || ipv4_error=1
- ipt -t mangle -A "${iptPrefix}_MARK_${mark}" -j RETURN || ipv4_error=1
- fi
+ ip -4 rule del table "$tid" prio "$priority" >/dev/null 2>&1
+ try ip -4 rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv4_error=1
+ try nft add chain inet "$nftTable" "${nftPrefix}_mark_${mark}" || ipv4_error=1
+ try nft add rule inet "$nftTable" "${nftPrefix}_mark_${mark} ${nft_rule_params} mark set mark and ${fw_maskXor} xor ${mark}" || ipv4_error=1
+ try nft add rule inet "$nftTable" "${nftPrefix}_mark_${mark} return" || ipv4_error=1
if [ -n "$ipv6_enabled" ]; then
ipv6_error=0
- $ip_bin -6 rule del table "$tid" >/dev/null 2>&1
- try "$ip_bin" -6 rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$((priority-1))" || ipv6_error=1
+ ip -6 rule del table "$tid" prio "$priority" >/dev/null 2>&1
+ try ip -6 rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$((priority-1))" || ipv6_error=1
fi
else
if ! grep -q "$tid ${ipTablePrefix}_${iface}" "$rtTablesFile"; then
sed -i "/${ipTablePrefix}_${iface}/d" "$rtTablesFile"
- sync
echo "$tid ${ipTablePrefix}_${iface}" >> "$rtTablesFile"
sync
fi
- $ip_bin -4 rule del table "$tid" >/dev/null 2>&1
- $ip_bin -4 route flush table "$tid" >/dev/null 2>&1
- if [ -n "$gw4" ] || [ "$strict_enforcement" -ne 0 ]; then
+ ip -4 rule flush table "$tid" >/dev/null 2>&1
+ ip -4 route flush table "$tid" >/dev/null 2>&1
+ if [ -n "$gw4" ] || [ "$strict_enforcement" -ne '0' ]; then
ipv4_error=0
if [ -z "$gw4" ]; then
- try "$ip_bin" -4 route add unreachable default table "$tid" >/dev/null 2>&1 || ipv4_error=1
+ try ip -4 route add unreachable default table "$tid" >/dev/null 2>&1 || ipv4_error=1
else
- try "$ip_bin" -4 route add default via "$gw4" dev "$dev" table "$tid" >/dev/null 2>&1 || ipv4_error=1
+ try ip -4 route add default via "$gw4" dev "$dev" table "$tid" >/dev/null 2>&1 || ipv4_error=1
fi
# shellcheck disable=SC2086
while read -r i; do
i="$(echo "$i" | sed 's/ onlink$//')"
idev="$(echo "$i" | grep -Eso 'dev [^ ]*' | awk '{print $2}')"
if ! is_supported_iface_dev "$idev"; then
- try "$ip_bin" -4 route add $i table "$tid" >/dev/null 2>&1 || ipv4_error=1
+ try ip -4 route add $i table "$tid" >/dev/null 2>&1 || ipv4_error=1
fi
done << EOF
- $($ip_bin -4 route list table main)
+ $(ip -4 route list table main)
EOF
- try "$ip_bin" -4 rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv4_error=1
- if is_nft_mode; then
- try nft add chain inet "$nftTable" "${nftPrefix}_mark_${mark}" || ipv4_error=1
- try nft add rule inet "$nftTable" "${nftPrefix}_mark_${mark} counter mark set mark and ${fw_maskXor} xor ${mark}" || ipv4_error=1
- try nft add rule inet "$nftTable" "${nftPrefix}_mark_${mark} return" || ipv4_error=1
- else
- ipt -t mangle -N "${iptPrefix}_MARK_${mark}" || ipv4_error=1
- ipt -t mangle -A "${iptPrefix}_MARK_${mark}" -j MARK --set-xmark "${mark}/${fw_mask}" || ipv4_error=1
- ipt -t mangle -A "${iptPrefix}_MARK_${mark}" -j RETURN || ipv4_error=1
- fi
+ try ip -4 rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv4_error=1
+ try nft add chain inet "$nftTable" "${nftPrefix}_mark_${mark}" || ipv4_error=1
+ try nft add rule inet "$nftTable" "${nftPrefix}_mark_${mark} ${nft_rule_params} mark set mark and ${fw_maskXor} xor ${mark}" || ipv4_error=1
+ try nft add rule inet "$nftTable" "${nftPrefix}_mark_${mark} return" || ipv4_error=1
fi
if [ -n "$ipv6_enabled" ]; then
ipv6_error=0
- $ip_bin -6 rule del table "$tid" >/dev/null 2>&1
- $ip_bin -6 route flush table "$tid" >/dev/null 2>&1
- if { [ -n "$gw6" ] && [ "$gw6" != "::/0" ]; } || [ "$strict_enforcement" -ne 0 ]; then
+ ip -6 rule flush table "$tid" >/dev/null 2>&1
+ ip -6 route flush table "$tid" >/dev/null 2>&1
+ if { [ -n "$gw6" ] && [ "$gw6" != "::/0" ]; } || [ "$strict_enforcement" -ne '0' ]; then
if [ -z "$gw6" ] || [ "$gw6" = "::/0" ]; then
- try "$ip_bin" -6 route add unreachable default table "$tid" >/dev/null 2>&1 || ipv6_error=1
- elif "$ip_bin" -6 route list table main | grep -q " dev $dev6 "; then
- "$ip_bin" -6 route add default via "$gw6" dev "$dev6" table "$tid" >/dev/null 2>&1 || ipv6_error=1
+ try ip -6 route add unreachable default table "$tid" >/dev/null 2>&1 || ipv6_error=1
+ elif ip -6 route list table main | grep -q " dev $dev6 "; then
+ ip -6 route add default via "$gw6" dev "$dev6" table "$tid" >/dev/null 2>&1 || ipv6_error=1
while read -r i; do
i="$(echo "$i" | sed 's/ linkdown$//')"
i="$(echo "$i" | sed 's/ onlink$//')"
# shellcheck disable=SC2086
- try "$ip_bin" -6 route add $i table "$tid" >/dev/null 2>&1 || ipv6_error=1
+ try ip -6 route add $i table "$tid" >/dev/null 2>&1 || ipv6_error=1
done << EOF
- $($ip_bin -6 route list table main | grep " dev $dev6 ")
+ $(ip -6 route list table main | grep " dev $dev6 ")
EOF
else
- try "$ip_bin" -6 route add "$($ip_bin -6 -o a show "$dev6" | awk '{print $4}')" dev "$dev6" table "$tid" >/dev/null 2>&1 || ipv6_error=1
- try "$ip_bin" -6 route add default dev "$dev6" table "$tid" >/dev/null 2>&1 || ipv6_error=1
+ try ip -6 route add "$(ip -6 -o a show "$dev6" | awk '{print $4}')" dev "$dev6" table "$tid" >/dev/null 2>&1 || ipv6_error=1
+ try ip -6 route add default dev "$dev6" table "$tid" >/dev/null 2>&1 || ipv6_error=1
fi
fi
- try "$ip_bin" -6 rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$((priority-1))" >/dev/null 2>&1 || ipv6_error=1
+ try ip -6 rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$((priority-1))" >/dev/null 2>&1 || ipv6_error=1
fi
fi
- if [ "$ipv4_error" -eq 0 ] || [ "$ipv6_error" -eq 0 ]; then
+ if [ "$ipv4_error" -eq '0' ] || [ "$ipv6_error" -eq '0' ]; then
dscp="$(uci_get "$packageName" 'config' "${iface}_dscp")"
- if is_nft_mode; then
- if [ "${dscp:-0}" -ge 1 ] && [ "${dscp:-0}" -le 63 ]; then
- try nft add rule inet "$nftTable" "${nftPrefix}_prerouting ${nftIPv4Flag} dscp ${dscp} goto ${nftPrefix}_mark_${mark}" || s=1
- if [ -n "$ipv6_enabled" ]; then
- try nft add rule inet "$nftTable" "${nftPrefix}_prerouting ${nftIPv6Flag} dscp ${dscp} goto ${nftPrefix}_mark_${mark}" || s=1
- fi
- fi
- if [ "$iface" = "$icmp_interface" ]; then
- try nft add rule inet "$nftTable" "${nftPrefix}_output ${nftIPv4Flag} protocol icmp goto ${nftPrefix}_mark_${mark}" || s=1
- if [ -n "$ipv6_enabled" ]; then
- try nft add rule inet "$nftTable" "${nftPrefix}_output ${nftIPv6Flag} protocol icmp goto ${nftPrefix}_mark_${mark}" || s=1
- fi
+ if [ "${dscp:-0}" -ge '1' ] && [ "${dscp:-0}" -le '63' ]; then
+ try nft add rule inet "$nftTable" "${nftPrefix}_prerouting ${nftIPv4Flag} dscp ${dscp} ${nft_rule_params} goto ${nftPrefix}_mark_${mark}" || s=1
+ if [ -n "$ipv6_enabled" ]; then
+ try nft add rule inet "$nftTable" "${nftPrefix}_prerouting ${nftIPv6Flag} dscp ${dscp} ${nft_rule_params} goto ${nftPrefix}_mark_${mark}" || s=1
fi
- else
- if [ "${dscp:-0}" -ge 1 ] && [ "${dscp:-0}" -le 63 ]; then
- ipt -t mangle -I "${iptPrefix}_PREROUTING" -m dscp --dscp "${dscp}" -g "${iptPrefix}_MARK_${mark}" || s=1
- fi
- if [ "$iface" = "$icmp_interface" ]; then
- ipt -t mangle -I "${iptPrefix}_OUTPUT" -p icmp -g "${iptPrefix}_MARK_${mark}" || s=1
+ fi
+ if [ "$iface" = "$icmp_interface" ]; then
+ try nft add rule inet "$nftTable" "${nftPrefix}_output ${nftIPv4Flag} protocol icmp ${nft_rule_params} goto ${nftPrefix}_mark_${mark}" || s=1
+ if [ -n "$ipv6_enabled" ]; then
+ try nft add rule inet "$nftTable" "${nftPrefix}_output ${nftIPv6Flag} protocol icmp ${nft_rule_params} goto ${nftPrefix}_mark_${mark}" || s=1
fi
fi
else
return "$s"
;;
create_user_set)
- if is_nft_mode; then
- nftset 'create_user_set' "$iface" 'dst' 'ip' 'user' '' "$mark" || s=1
- nftset 'create_user_set' "$iface" 'src' 'ip' 'user' '' "$mark" || s=1
- nftset 'create_user_set' "$iface" 'src' 'mac' 'user' '' "$mark" || s=1
- else
- ips 'create_user_set' "$iface" 'dst' 'ip' 'user' '' "$mark" || s=1
- ips 'create_user_set' "$iface" 'dst' 'net' 'user' '' "$mark" || s=1
- ips 'create_user_set' "$iface" 'src' 'ip' 'user' '' "$mark" || s=1
- ips 'create_user_set' "$iface" 'src' 'net' 'user' '' "$mark" || s=1
- ips 'create_user_set' "$iface" 'src' 'mac' 'user' '' "$mark" || s=1
- fi
+ nftset 'create_user_set' "$iface" 'dst' 'ip' 'user' '' "$mark" || s=1
+ nftset 'create_user_set' "$iface" 'src' 'ip' 'user' '' "$mark" || s=1
+ nftset 'create_user_set' "$iface" 'src' 'mac' 'user' '' "$mark" || s=1
return "$s"
;;
delete|destroy)
- $ip_bin rule del table "$tid" >/dev/null 2>&1
+ ip rule del table "$tid" prio "$priority" >/dev/null 2>&1
if ! is_netifd_table_interface "$iface"; then
- $ip_bin route flush table "$tid" >/dev/null 2>&1
+ ip rule flush table "$tid" >/dev/null 2>&1
+ ip route flush table "$tid" >/dev/null 2>&1
sed -i "/${ipTablePrefix}_${iface}\$/d" "$rtTablesFile"
sync
fi
return "$s"
;;
reload_interface)
+ ip rule del table "$tid" prio "$priority" >/dev/null 2>&1
is_netifd_table_interface "$iface" && return 0;
ipv4_error=0
- $ip_bin rule del table "$tid" >/dev/null 2>&1
if ! is_netifd_table_interface "$iface"; then
- $ip_bin route flush table "$tid" >/dev/null 2>&1
+ ip rule flush table "$tid" >/dev/null 2>&1
+ ip route flush table "$tid" >/dev/null 2>&1
fi
- if [ -n "$gw4" ] || [ "$strict_enforcement" -ne 0 ]; then
+ if [ -n "$gw4" ] || [ "$strict_enforcement" -ne '0' ]; then
if [ -z "$gw4" ]; then
- try "$ip_bin" -4 route add unreachable default table "$tid" >/dev/null 2>&1 || ipv4_error=1
+ try ip -4 route add unreachable default table "$tid" >/dev/null 2>&1 || ipv4_error=1
else
- try "$ip_bin" -4 route add default via "$gw4" dev "$dev" table "$tid" >/dev/null 2>&1 || ipv4_error=1
+ try ip -4 route add default via "$gw4" dev "$dev" table "$tid" >/dev/null 2>&1 || ipv4_error=1
fi
- try "$ip_bin" rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv4_error=1
+ try ip rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv4_error=1
fi
if [ -n "$ipv6_enabled" ]; then
ipv6_error=0
- if { [ -n "$gw6" ] && [ "$gw6" != "::/0" ]; } || [ "$strict_enforcement" -ne 0 ]; then
+ if { [ -n "$gw6" ] && [ "$gw6" != "::/0" ]; } || [ "$strict_enforcement" -ne '0' ]; then
if [ -z "$gw6" ] || [ "$gw6" = "::/0" ]; then
- try "$ip_bin" -6 route add unreachable default table "$tid" || ipv6_error=1
- elif $ip_bin -6 route list table main | grep -q " dev $dev6 "; then
+ try ip -6 route add unreachable default table "$tid" || ipv6_error=1
+ elif ip -6 route list table main | grep -q " dev $dev6 "; then
while read -r i; do
# shellcheck disable=SC2086
- try "$ip_bin" -6 route add $i table "$tid" >/dev/null 2>&1 || ipv6_error=1
+ try ip -6 route add $i table "$tid" >/dev/null 2>&1 || ipv6_error=1
done << EOF
- $($ip_bin -6 route list table main | grep " dev $dev6 ")
+ $(ip -6 route list table main | grep " dev $dev6 ")
EOF
else
- try "$ip_bin" -6 route add "$($ip_bin -6 -o a show "$dev6" | awk '{print $4}')" dev "$dev6" table "$tid" >/dev/null 2>&1 || ipv6_error=1
- try "$ip_bin" -6 route add default dev "$dev6" table "$tid" >/dev/null 2>&1 || ipv6_error=1
+ try ip -6 route add "$(ip -6 -o a show "$dev6" | awk '{print $4}')" dev "$dev6" table "$tid" >/dev/null 2>&1 || ipv6_error=1
+ try ip -6 route add default dev "$dev6" table "$tid" >/dev/null 2>&1 || ipv6_error=1
fi
fi
- try "$ip_bin" -6 rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv6_error=1
+ try ip -6 rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv6_error=1
fi
- if [ "$ipv4_error" -eq 0 ] || [ "$ipv6_error" -eq 0 ]; then
+ if [ "$ipv4_error" -eq '0' ] || [ "$ipv6_error" -eq '0' ]; then
s=0
else
s=1
return 0
fi
+ if is_wg_server "$iface"; then
+ local disabled listen_port
+ disabled="$(uci_get 'network' "$iface" 'disabled')"
+ listen_port="$(uci_get 'network' "$iface" 'listen_port')"
+ case "$action" in
+ create|reload)
+ if [ "$disabled" != '1' ] && [ -n "$listen_port" ]; then
+ if [ -n "$wanIface4" ]; then
+ ip rule del sport "$listen_port" table "pbr_${wanIface4}" >/dev/null 2>&1
+ ip rule add sport "$listen_port" table "pbr_${wanIface4}" >/dev/null 2>&1
+ fi
+ if [ -n "$ipv6_enabled" ] && [ -n "$wanIface6" ]; then
+ ip rule del sport "$listen_port" table "pbr_${wanIface6}" >/dev/null 2>&1
+ ip rule add sport "$listen_port" table "pbr_${wanIface6}" >/dev/null 2>&1
+ fi
+ fi
+ ;;
+ destroy)
+ if [ -n "$listen_port" ]; then
+ ip rule del sport "$listen_port" table "pbr_${wanIface4}" >/dev/null 2>&1
+ ip rule del sport "$listen_port" table "pbr_${wanIface6}" >/dev/null 2>&1
+ fi
+ ;;
+ esac
+ return 0
+ fi
+
is_supported_interface "$iface" || return 0
is_wan6 "$iface" && return 0
- [ $((ifaceMark)) -gt $((fw_mask)) ] && return 1
+ [ "$((ifaceMark))" -gt "$((fw_mask))" ] && return 1
if is_ovpn "$iface" && ! is_ovpn_valid "$iface"; then
: || state add 'warningSummary' 'warningInvalidOVPNConfig' "$iface"
user_file_process() {
local shellBin="${SHELL:-/bin/ash}"
- [ "$enabled" -gt 0 ] || return 0
+ [ "$enabled" -gt '0' ] || return 0
if [ ! -s "$path" ]; then
state add 'errorSummary' 'errorUserFileNotFound' "$path"
output_fail
output_fail
return 1
fi
+ if is_bad_user_file_nft_call "$path"; then
+ state add 'errorSummary' 'errorIncompatibleUserFile' "$path"
+ output_fail
+ return 1
+ fi
output 2 "Running $path "
# shellcheck disable=SC1090
if ! . "$path"; then
tid="$(get_rt_tables_id "$reloadedIface")"
pre_init_tid="$(eval echo "\$pre_init_tid_${reloadedIface//-/_}")"
if [ "$tid" = "$pre_init_tid" ]; then
-# logger -t "$packageName" "Updated interface $reloadedIface TID: ${tid}; Pre-Init TID: ${pre_init_tid}. Reloading..."
serviceStartTrigger='on_interface_reload'
else
-# logger -t "$packageName" "Updated interface $reloadedIface TID: ${tid}; Pre-Init TID: ${pre_init_tid}. Restarting..."
serviceStartTrigger='on_start'
unset reloadedIface
fi
-# if is_ovpn "$reloadedIface"; then
-# logger -t "$packageName" "Updated interface is an OpenVPN tunnel, restarting."
-# serviceStartTrigger='on_start'
-# unset reloadedIface
-# else
-# serviceStartTrigger='on_interface_reload'
-# fi
;;
on_reload)
serviceStartTrigger='on_reload'
elif [ -z "$(ubus_get_status gateways)" ]; then
serviceStartTrigger='on_start'
unset reloadedIface
-# elif [ "$serviceStartTrigger" = 'on_interface_reload' ] && \
-# [ -z "$(ubus_get_interface "$reloadedIface" 'gateway_ipv4')" ] && \
-# [ -z "$(ubus_get_interface "$reloadedIface" 'gateway_ipv6')" ]; then
-# serviceStartTrigger='on_start'
-# unset reloadedIface
else
serviceStartTrigger="${serviceStartTrigger:-on_start}"
fi
json_close_array
output 1 '\n'
;;
- on_reload)
- traffic_killswitch 'insert'
- resolver 'store_hash'
- resolver 'cleanup_all'
- resolver 'configure'
- resolver 'init'
- cleanup_main_chains
- cleanup_sets
- nft_file 'create'
- if ! is_nft_mode; then
- for i in $chainsList; do
- i="$(str_to_upper "$i")"
- ipt -t mangle -N "${iptPrefix}_${i}"
- ipt -t mangle "$rule_create_option" "$i" -m mark --mark "0x0/${fw_mask}" -j "${iptPrefix}_${i}"
- done
- fi
- json_add_array 'gateways'
- interface_process 'all' 'prepare'
- config_foreach interface_process 'interface' 'reload'
- interface_process 'tor' 'destroy'
- is_tor_running && interface_process 'tor' 'reload'
- json_close_array
- if is_config_enabled 'policy'; then
- output 1 'Processing policies '
- config_load "$packageName"
- config_foreach load_validate_policy 'policy' policy_process
- output 1 '\n'
- fi
- if is_config_enabled 'include'; then
- interface_process 'all' 'prepare'
- config_foreach interface_process 'interface' 'create_user_set'
- output 1 'Processing user file(s) '
- config_load "$packageName"
- config_foreach load_validate_include 'include' user_file_process
- output 1 '\n'
- fi
- nft_file 'install'
- resolver 'init_end'
- ! nft_file 'exists' && resolver 'compare_hash' && resolver 'restart'
- traffic_killswitch 'remove'
- ;;
- on_start|*)
- traffic_killswitch 'insert'
+ on_reload|on_start|*)
resolver 'store_hash'
resolver 'cleanup_all'
resolver 'configure'
cleanup_marking_chains
cleanup_rt_tables
nft_file 'create'
- if ! is_nft_mode; then
- for i in $chainsList; do
- i="$(str_to_upper "$i")"
- ipt -t mangle -N "${iptPrefix}_${i}"
- ipt -t mangle "$rule_create_option" "$i" -m mark --mark "0x0/${fw_mask}" -j "${iptPrefix}_${i}"
- done
- fi
output 1 'Processing interfaces '
json_add_array 'gateways'
interface_process 'all' 'prepare'
config_foreach load_validate_policy 'policy' policy_process
output 1 '\n'
fi
+ if is_config_enabled 'dns_policy'; then
+ output 1 'Processing dns policies '
+ config_load "$packageName"
+ config_foreach load_validate_dns_policy 'dns_policy' dns_policy_process
+ output 1 '\n'
+ fi
if is_config_enabled 'include'; then
interface_process 'all' 'prepare'
config_foreach interface_process 'interface' 'create_user_set'
nft_file 'install'
resolver 'init_end'
! nft_file 'exists' && resolver 'compare_hash' && resolver 'restart'
- traffic_killswitch 'remove'
;;
esac
[ -n "$gatewaySummary" ] && json_add_string 'gateways' "$gatewaySummary"
[ -n "$errorSummary" ] && json_add_string 'errors' "$errorSummary"
[ -n "$warningSummary" ] && json_add_string 'warnings' "$warningSummary"
- if [ "$strict_enforcement" -ne 0 ] && str_contains "$gatewaySummary" '0.0.0.0'; then
+ if [ "$strict_enforcement" -ne '0' ] && str_contains "$gatewaySummary" '0.0.0.0'; then
json_add_string 'mode' 'strict'
fi
json_close_object
output "$serviceName FAILED TO START in fw4 nft file mode!!!"
output "Check the output of nft -c -f $nftTempFile"
fi
- elif is_nft_mode; then
- [ -n "$gatewaySummary" ] && output "$serviceName (nft mode) started with gateways:\\n${gatewaySummary}"
else
- [ -n "$gatewaySummary" ] && output "$serviceName (iptables mode) started with gateways:\\n${gatewaySummary}"
+ [ -n "$gatewaySummary" ] && output "$serviceName (nft mode) started with gateways:\\n${gatewaySummary}"
fi
state print 'errorSummary'
state print 'warningSummary'
procd_close_validate
procd_open_trigger
procd_add_config_trigger "config.change" 'openvpn' "/etc/init.d/${packageName}" reload 'on_openvpn_change'
- procd_add_config_trigger "config.change" "${packageName}" /etc/init.d/${packageName} reload
+ procd_add_config_trigger "config.change" "${packageName}" "/etc/init.d/${packageName}" reload
for n in $ifacesSupported; do
- procd_add_interface_trigger "interface.*" "$n" /etc/init.d/${packageName} on_interface_reload "$n"
+ procd_add_interface_trigger "interface.*" "$n" "/etc/init.d/${packageName}" on_interface_reload "$n"
done
procd_close_trigger
# procd_add_raw_trigger "interface.*.up" 4000 "/etc/init.d/${packageName}" restart 'on_interface_up'
load_environment 'on_stop'
! is_service_running && [ "$(get_rt_tables_next_id)" = "$(get_rt_tables_non_pbr_next_id)" ] && return 0
[ "$1" = 'quiet' ] && quiet_mode 'on'
- traffic_killswitch 'insert'
if nft_file 'exists'; then
nft_file_mode=1
fi
resolver 'store_hash'
resolver 'cleanup_all'
resolver 'compare_hash' && resolver 'restart'
- traffic_killswitch 'remove'
- if [ "$enabled" -ne 0 ]; then
+ if [ "$enabled" -ne '0' ]; then
if [ -n "$nft_file_mode" ]; then
output "$serviceName (fw4 nft file mode) stopped "; output_okn;
- elif is_nft_mode; then
- output "$serviceName (nft mode) stopped "; output_okn;
else
- output "$serviceName (iptables mode) stopped "; output_okn;
+ output "$serviceName (nft mode) stopped "; output_okn;
fi
fi
rm -f "$packageLockFile"
version() { echo "$PKG_VERSION"; }
status_service() {
- local _SEPARATOR_='============================================================'
- load_environment 'on_status'
- if is_nft_mode; then
- status_service_nft "$@"
- else
- status_service_iptables "$@"
- fi
-}
-
-status_service_nft() {
local i dev dev6 wan_tid
json_load "$(ubus call system board)"; json_select release; json_get_var dist distribution; json_get_var vers version
fi
if [ -n "$wanIface6" ]; then
network_get_device dev6 "$wanIface6"
- wanGW6=$($ip_bin -6 route show | grep -m1 " dev $dev6 " | awk '{print $1}')
- [ "$wanGW6" = "default" ] && wanGW6=$($ip_bin -6 route show | grep -m1 " dev $dev6 " | awk '{print $3}')
+ wanGW6=$(ip -6 route show | grep -m1 " dev $dev6 " | awk '{print $1}')
+ [ "$wanGW6" = "default" ] && wanGW6=$(ip -6 route show | grep -m1 " dev $dev6 " | awk '{print $3}')
fi
while [ "${1:0:1}" = "-" ]; do param="${1//-/}"; eval "set_$param=1"; shift; done
[ -e "/var/${packageName}-support" ] && rm -f "/var/${packageName}-support"
+# shellcheck disable=SC2154
status="$serviceName running on $dist $vers."
[ -n "$wanIface4" ] && status="$status WAN (IPv4): ${wanIface4}/${dev}/${wanGW4:-0.0.0.0}."
[ -n "$wanIface6" ] && status="$status WAN (IPv6): ${wanIface6}/${dev6}/${wanGW6:-::/0}."
fi
echo "$_SEPARATOR_"
echo "$packageName chains - policies"
- for i in forward input output prerouting postrouting; do
+ for i in $chainsList dstnat_lan; do
"$nft" -a list table inet "$nftTable" | sed -n "/chain ${nftPrefix}_${i} {/,/\t}/p"
done
echo "$_SEPARATOR_"
for i in $(get_nft_sets); do
"$nft" -a list table inet "$nftTable" | sed -n "/set ${i} {/,/\t}/p"
done
- if [ -s "$dnsmasqFile" ]; then
+ if [ -s "$dnsmasqFileDefault" ]; then
echo "$_SEPARATOR_"
echo "dnsmasq sets"
- cat "$dnsmasqFile"
+ cat "$dnsmasqFileDefault"
fi
# echo "$_SEPARATOR_"
# ip rule list | grep "${packageName}_"
echo "$_SEPARATOR_"
- tableCount="$(grep -c "${packageName}_" $rtTablesFile)" || tableCount=0
+ tableCount="$(grep -c "${packageName}_" "$rtTablesFile")" || tableCount=0
wan_tid=$(($(get_rt_tables_next_id)-tableCount))
- i=0; while [ $i -lt "$tableCount" ]; do
- echo "IPv4 table $((wan_tid + i)) route: $($ip_bin -4 route show table $((wan_tid + i)) | grep default)"
+ i=0; while [ "$i" -lt "$tableCount" ]; do
+ echo "IPv4 table $((wan_tid + i)) route: $(ip -4 route show table $((wan_tid + i)) | grep default)"
echo "IPv4 table $((wan_tid + i)) rule(s):"
- $ip_bin -4 rule list table "$((wan_tid + i))"
+ ip -4 rule list table "$((wan_tid + i))"
if [ -n "$ipv6_enabled" ]; then
- echo "IPv6 table $((wan_tid + i)) route: $($ip_bin -6 route show table $((wan_tid + i)) | grep default)"
+ echo "IPv6 table $((wan_tid + i)) route: $(ip -6 route show table $((wan_tid + i)) | grep default)"
echo "IPv6 table $((wan_tid + i)) rule(s):"
- $ip_bin -6 route show table $((wan_tid + i))
+ ip -6 route show table $((wan_tid + i))
fi
i=$((i + 1))
done
}
-status_service_iptables() {
- local dist vers out id s param status set_d set_p tableCount i=0 dev dev6 j wan_tid
-
- json_load "$(ubus call system board)"; json_select release; json_get_var dist distribution; json_get_var vers version
- if [ -n "$wanIface4" ]; then
- network_get_gateway wanGW4 "$wanIface4"
- network_get_device dev "$wanIface4"
- fi
- if [ -n "$wanIface6" ]; then
- network_get_device dev6 "$wanIface6"
- wanGW6=$($ip_bin -6 route show | grep -m1 " dev $dev6 " | awk '{print $1}')
- [ "$wanGW6" = "default" ] && wanGW6=$($ip_bin -6 route show | grep -m1 " dev $dev6 " | awk '{print $3}')
- fi
- while [ "${1:0:1}" = "-" ]; do param="${1//-/}"; eval "set_$param=1"; shift; done
- [ -e "/var/${packageName}-support" ] && rm -f "/var/${packageName}-support"
- status="$serviceName running on $dist $vers."
- [ -n "$wanIface4" ] && status="$status WAN (IPv4): ${wanIface4}/${dev}/${wanGW4:-0.0.0.0}."
- [ -n "$wanIface6" ] && status="$status WAN (IPv6): ${wanIface6}/${dev6}/${wanGW6:-::/0}."
- {
- echo "$status"
- echo "$_SEPARATOR_"
- dnsmasq --version 2>/dev/null | sed '/^$/,$d'
- if [ -n "$1" ]; then
- echo "$_SEPARATOR_"
- echo "Resolving domains"
- for i in $1; do
- echo "$i: $(resolveip "$i" | tr '\n' ' ')"
- done
- fi
-
- echo "$_SEPARATOR_"
- echo "Routes/IP Rules"
- tableCount="$(grep -c "${packageName}_" $rtTablesFile)" || tableCount=0
- if [ -n "$set_d" ]; then route; else route | grep '^default'; fi
- if [ -n "$set_d" ]; then ip rule list; fi
- wan_tid=$(($(get_rt_tables_next_id)-tableCount))
- i=0; while [ $i -lt "$tableCount" ]; do
- echo "IPv4 table $((wan_tid + i)) route: $($ip_bin -4 route show table $((wan_tid + i)) | grep default)"
- echo "IPv4 table $((wan_tid + i)) rule(s):"
- $ip_bin -4 rule list table "$((wan_tid + i))"
- i=$((i + 1))
- done
-
- if [ -n "$ipv6_enabled" ]; then
- i=0; while [ $i -lt "$tableCount" ]; do
- $ip_bin -6 route show table $((wan_tid + i)) | while read -r param; do
- echo "IPv6 Table $((wan_tid + i)): $param"
- done
- i=$((i + 1))
- done
- fi
-
- for j in Mangle NAT; do
- if [ -z "$set_d" ]; then
- for i in $chainsList; do
- i="$(str_to_upper "$i")"
- if iptables -v -t "$(str_to_lower $j)" -S "${iptPrefix}_${i}" >/dev/null 2>&1; then
- echo "$_SEPARATOR_"
- echo "$j IP Table: $i"
- iptables -v -t "$(str_to_lower $j)" -S "${iptPrefix}_${i}"
- if [ -n "$ipv6_enabled" ]; then
- echo "$_SEPARATOR_"
- echo "$j IPv6 Table: $i"
- iptables -v -t "$(str_to_lower $j)" -S "${iptPrefix}_${i}"
- fi
- fi
- done
- else
- echo "$_SEPARATOR_"
- echo "$j IP Table"
- iptables -L -t "$(str_to_lower $j)"
- if [ -n "$ipv6_enabled" ]; then
- echo "$_SEPARATOR_"
- echo "$j IPv6 Table"
- iptables -L -t "$(str_to_lower $j)"
- fi
- fi
- i=0; ifaceMark="$wan_mark";
- while [ $i -lt "$tableCount" ]; do
- if iptables -v -t "$(str_to_lower $j)" -S "${iptPrefix}_MARK_${ifaceMark}" >/dev/null 2>&1; then
- echo "$_SEPARATOR_"
- echo "$j IP Table MARK Chain: ${iptPrefix}_MARK_${ifaceMark}"
- iptables -v -t "$(str_to_lower $j)" -S "${iptPrefix}_MARK_${ifaceMark}"
- ifaceMark="$(printf '0x%06x' $((ifaceMark + wan_mark)))";
- fi
- i=$((i + 1))
- done
- done
-
- echo "$_SEPARATOR_"
- echo "Current ipsets"
- ipset save
- if [ -s "$dnsmasqFile" ]; then
- echo "$_SEPARATOR_"
- echo "DNSMASQ sets"
- cat "$dnsmasqFile"
- fi
- if [ -s "$aghIpsetFile" ]; then
- echo "$_SEPARATOR_"
- echo "AdGuardHome sets"
- cat "$aghIpsetFile"
- fi
- echo "$_SEPARATOR_"
- } | tee -a /var/${packageName}-support
- if [ -n "$set_p" ]; then
- printf "%b" "Pasting to paste.ee... "
- if curl --version 2>/dev/null | grep -q "Protocols: .*https.*"; then
- json_init; json_add_string 'description' "${packageName}-support"
- json_add_array 'sections'; json_add_object '0'
- json_add_string 'name' "$(uci_get 'system' '@system[0]' 'hostname')"
- json_add_string 'contents' "$(cat /var/${packageName}-support)"
- json_close_object; json_close_array; payload=$(json_dump)
- out=$(curl -s -k "https://api.paste.ee/v1/pastes" -X "POST" -H "Content-Type: application/json" -H "X-Auth-Token:uVOJt6pNqjcEWu7qiuUuuxWQafpHhwMvNEBviRV2B" -d "$payload")
- json_load "$out"; json_get_var id id; json_get_var s success
- [ "$s" = "1" ] && printf "%b" "https://paste.ee/p/$id $__OK__\\n" || printf "%b" "$__FAIL__\\n"
- [ -e "/var/${packageName}-support" ] && rm -f "/var/${packageName}-support"
- else
- printf "%b" "${__FAIL__}\\n"
- printf "%b" "${_ERROR_}: The curl, libopenssl or ca-bundle packages were not found!\\nRun 'opkg update; opkg install curl libopenssl ca-bundle' to install them.\\n"
- fi
- else
- printf "%b" "Your support details have been logged to '/var/${packageName}-support'. $__OK__\\n"
- fi
-}
-
# shellcheck disable=SC2120
load_validate_config() {
uci_load_validate "$packageName" "$packageName" "$1" "${2}${3:+ $3}" \
'enabled:bool:0' \
'strict_enforcement:bool:1' \
- 'secure_reload:bool:0' \
'ipv6_enabled:bool:0' \
- 'resolver_set:or("", "none", "dnsmasq.ipset", "dnsmasq.nftset")' \
+ 'resolver_set:or("", "none", "dnsmasq.nftset")' \
'resolver_instance:list(or(integer, string)):*' \
'verbosity:range(0,2):2' \
'wan_mark:regex("[A-Fa-f0-9]{8}"):010000' \
'supported_interface:list(or(ignore, tor, regex("xray_.*"), uci("network", "@interface")))' \
'procd_boot_delay:integer:0' \
'procd_boot_timeout:integer:30' \
- 'procd_lan_interface:string' \
'procd_reload_delay:integer:0' \
'procd_wan_ignore_status:bool:0' \
'procd_wan_interface:network:wan' \
'procd_wan6_interface:network:wan6' \
'wan_ip_rules_priority:uinteger:30000' \
- 'rule_create_option:or("", add, insert):add' \
'webui_supported_protocol:list(string)' \
- 'nft_file_support:bool:1'\
+ 'nft_rule_counter:bool:0'\
'nft_set_auto_merge:bool:1'\
- 'nft_set_counter:bool:1'\
+ 'nft_set_counter:bool:0'\
'nft_set_flags_interval:bool:1'\
'nft_set_flags_timeout:bool:0'\
'nft_set_gc_interval:or("", string)'\
'nft_set_timeout:or("", string)'
}
+# shellcheck disable=SC2120
+load_validate_dns_policy() {
+ local name
+ local enabled
+ local src_addr
+ local dest_dns
+ uci_load_validate "$packageName" 'policy' "$1" "${2}${3:+ $3}" \
+ 'name:string:Untitled' \
+ 'enabled:bool:1' \
+ 'src_addr:list(neg(or(host,network,macaddr,string)))' \
+ 'dest_dns:list(or(host,network,string))'
+}
+
# shellcheck disable=SC2120
load_validate_policy() {
local name
--- /dev/null
+#!/bin/sh /etc/rc.common
+# Copyright 2020-2024 MOSSDeF, Stan Grishin (stangri@melmac.ca)
+# shellcheck disable=SC2018,SC2019,SC2034,SC3043,SC3057,SC3060
+
+# sysctl net.ipv4.conf.default.rp_filter=1
+# sysctl net.ipv4.conf.all.rp_filter=1
+
+# shellcheck disable=SC2034
+START=94
+# shellcheck disable=SC2034
+USE_PROCD=1
+
+[ -n "${IPKG_INSTROOT}" ] && return 0
+
+readonly packageName='pbr'
+readonly PKG_VERSION='dev-test'
+readonly packageCompat='5'
+readonly serviceName="$packageName $PKG_VERSION"
+readonly serviceTrapSignals='exit SIGHUP SIGQUIT SIGKILL'
+readonly packageConfigFile="/etc/config/${packageName}"
+readonly packageLockFile="/var/run/${packageName}.lock"
+readonly dnsmasqFileDefault="/var/dnsmasq.d/${packageName}"
+readonly _OK_='\033[0;32m\xe2\x9c\x93\033[0m'
+readonly __OK__='\033[0;32m[\xe2\x9c\x93]\033[0m'
+readonly _OKB_='\033[1;34m\xe2\x9c\x93\033[0m'
+readonly __OKB__='\033[1;34m[\xe2\x9c\x93]\033[0m'
+readonly _FAIL_='\033[0;31m\xe2\x9c\x97\033[0m'
+readonly __FAIL__='\033[0;31m[\xe2\x9c\x97]\033[0m'
+readonly _ERROR_='\033[0;31mERROR\033[0m'
+readonly _WARNING_='\033[0;33mWARNING\033[0m'
+readonly ip_full='/usr/libexec/ip-full'
+# shellcheck disable=SC2155
+readonly ip_bin="$(command -v ip)"
+readonly ipTablePrefix='pbr'
+# shellcheck disable=SC2155
+readonly iptables="$(command -v iptables)"
+# shellcheck disable=SC2155
+readonly ip6tables="$(command -v ip6tables)"
+# shellcheck disable=SC2155
+readonly ipset="$(command -v ipset)"
+readonly ipsPrefix='pbr'
+readonly iptPrefix='PBR'
+# shellcheck disable=SC2155
+readonly agh="$(command -v AdGuardHome)"
+readonly aghIpsetFile="/var/run/${packageName}.adguardhome.ipsets"
+# shellcheck disable=SC2155
+readonly nft="$(command -v nft)"
+readonly nftIPv4Flag='ip'
+readonly nftIPv6Flag='ip6'
+readonly nftTempFile="/var/run/${packageName}.nft"
+readonly nftPermFile="/usr/share/nftables.d/ruleset-post/30-${packageName}.nft"
+readonly nftPrefix='pbr'
+readonly nftTable='fw4'
+readonly chainsList='forward input output postrouting prerouting'
+readonly ssConfigFile='/etc/shadowsocks'
+readonly torConfigFile='/etc/tor/torrc'
+readonly xrayIfacePrefix='xray_'
+readonly rtTablesFile='/etc/iproute2/rt_tables'
+
+# package config options
+procd_boot_timeout=
+enabled=
+fw_mask=
+icmp_interface=
+ignored_interface=
+ipv6_enabled=
+nft_file_support=
+nft_user_set_policy=
+nft_user_set_counter=
+procd_boot_delay=
+procd_reload_delay=
+procd_lan_interface=
+procd_wan_ignore_status=
+procd_wan_interface=
+procd_wan6_interface=
+resolver_set=
+resolver_instance=
+rule_create_option=
+secure_reload=
+strict_enforcement=
+supported_interface=
+verbosity=
+wan_ip_rules_priority=
+wan_mark=
+nft_set_auto_merge=
+nft_set_counter=
+nft_set_flags_interval=
+nft_set_flags_timeout=
+nft_set_flags_gc_interval=
+nft_set_policy=
+nft_set_timeout=
+
+# run-time
+aghConfigFile='/etc/AdGuardHome/AdGuardHome.yaml'
+gatewaySummary=
+errorSummary=
+warningSummary=
+wanIface4=
+wanIface6=
+dnsmasqFile=
+dnsmasqFileList=
+ifaceMark=
+ifaceTableID=
+ifacePriority=
+ifacesAll=
+ifacesSupported=
+firewallWanZone=
+wanGW4=
+wanGW6=
+serviceStartTrigger=
+processDnsPolicyError=
+processPolicyError=
+processPolicyWarning=
+resolver_set_supported=
+policy_routing_nft_prev_param4=
+policy_routing_nft_prev_param6=
+nft_set_params=
+torDnsPort=
+torTrafficPort=
+
+# shellcheck disable=SC1091
+. /lib/functions.sh
+# shellcheck disable=SC1091
+. /lib/functions/network.sh
+# shellcheck disable=SC1091
+. /usr/share/libubox/jshn.sh
+
+output_ok() { output 1 "$_OK_"; output 2 "$__OK__\\n"; }
+output_okn() { output 1 "$_OK_\\n"; output 2 "$__OK__\\n"; }
+output_okb() { output 1 "$_OKB_"; output 2 "$__OKB__\\n"; }
+output_okbn() { output 1 "$_OKB_\\n"; output 2 "$__OKB__\\n"; }
+output_fail() { output 1 "$_FAIL_"; output 2 "$__FAIL__\\n"; }
+output_failn() { output 1 "$_FAIL_\\n"; output 2 "$__FAIL__\\n"; }
+# shellcheck disable=SC2317
+str_replace() { printf "%b" "$1" | sed -e "s/$(printf "%b" "$2")/$(printf "%b" "$3")/g"; }
+str_replace() { echo "${1//$2/$3}"; }
+str_contains() { [ -n "$1" ] && [ -n "$2" ] && [ "${1//$2}" != "$1" ]; }
+str_contains_word() { echo "$1" | grep -q -w "$2"; }
+str_to_lower() { echo "$1" | tr 'A-Z' 'a-z'; }
+str_to_upper() { echo "$1" | tr 'a-z' 'A-Z'; }
+str_extras_to_underscore() { echo "$1" | tr '[\. ~`!@#$%^&*()\+/,<>?//;:]' '_'; }
+str_extras_to_space() { echo "$1" | tr ';{}' ' '; }
+debug() { local i j; for i in "$@"; do eval "j=\$$i"; echo "${i}: ${j} "; done; }
+quiet_mode() {
+ case "$1" in
+ on) verbosity=0;;
+ off) verbosity="$(uci_get "$packageName" 'config' 'verbosity' '2')";;
+ esac
+}
+output() {
+# Target verbosity level with the first parameter being an integer
+ is_integer() {
+ case "$1" in
+ (*[!0123456789]*) return 1;;
+ ('') return 1;;
+ (*) return 0;;
+ esac
+ }
+ local msg memmsg logmsg text
+ local sharedMemoryOutput="/dev/shm/$packageName-output"
+ if [ -z "$verbosity" ] && [ -n "$packageName" ]; then
+ verbosity="$(uci_get "$packageName" 'config' 'verbosity' '2')"
+ fi
+ if [ "$#" -ne '1' ] && is_integer "$1"; then
+ if [ "$((verbosity & $1))" -gt '0' ] || [ "$verbosity" = "$1" ]; then shift; text="$*"; else return 0; fi
+ fi
+ text="${text:-$*}";
+ [ -t 1 ] && printf "%b" "$text"
+ msg="${text//$serviceName /service }";
+ if [ "$(printf "%b" "$msg" | wc -l)" -gt '0' ]; then
+ [ -s "$sharedMemoryOutput" ] && memmsg="$(cat "$sharedMemoryOutput")"
+ logmsg="$(printf "%b" "${memmsg}${msg}" | sed 's/\x1b\[[0-9;]*m//g')"
+ logger -t "${packageName:-service} [$$]" "$(printf "%b" "$logmsg")"
+ rm -f "$sharedMemoryOutput"
+ else
+ printf "%b" "$msg" >> "$sharedMemoryOutput"
+ fi
+}
+pbr_find_iface() {
+ local iface i param="$2"
+ case "$param" in
+ wan6) iface="$procd_wan6_interface";;
+ wan|*) iface="$procd_wan_interface";;
+ esac
+ eval "$1"='${iface}'
+}
+pbr_get_gateway4() {
+ local iface="$2" dev="$3" gw
+ network_get_gateway gw "$iface" true
+ if [ -z "$gw" ] || [ "$gw" = '0.0.0.0' ]; then
+# gw="$(ubus call "network.interface.${iface}" status | jsonfilter -e "@.route[0].nexthop")"
+ gw="$($ip_bin -4 a list dev "$dev" 2>/dev/null | grep inet | awk '{print $2}' | awk -F "/" '{print $1}')"
+ fi
+ eval "$1"='$gw'
+}
+pbr_get_gateway6() {
+ local iface="$2" dev="$3" gw
+ network_get_gateway6 gw "$iface" true
+ if [ -z "$gw" ] || [ "$gw" = '::/0' ] || [ "$gw" = '::0/0' ] || [ "$gw" = '::' ]; then
+ gw="$($ip_bin -6 a list dev "$dev" 2>/dev/null | grep inet6 | grep 'scope global' | awk '{print $2}')"
+ fi
+ eval "$1"='$gw'
+}
+
+# shellcheck disable=SC2016
+is_bad_user_file_nft_call() { grep -q '"\$nft" list' "$1" || grep '"\$nft" -f' "$1";}
+is_config_enabled() {
+ _check_config() { local en; config_get_bool en "$1" 'enabled' '1'; [ "$en" -gt '0' ] && _cfg_enabled=0; }
+ local cfg="$1" _cfg_enabled=1
+ [ -n "$1" ] || return 1
+ config_load "$packageName"
+ config_foreach _check_config "$cfg"
+ return "$_cfg_enabled"
+}
+uci_get_device() { uci_get 'network' "$1" 'device' || uci_get 'network' "$1" 'dev'; }
+uci_get_protocol() { uci_get 'network' "$1" 'proto'; }
+is_default_dev() { [ "$1" = "$($ip_bin -4 r | grep -m1 'dev' | grep -Eso 'dev [^ ]*' | awk '{print $2}')" ]; }
+is_domain() { ! is_ipv6 "$1" && str_contains "$1" '[a-zA-Z]'; }
+is_dslite() { local p; network_get_protocol p "$1"; [ "${p:0:6}" = "dslite" ]; }
+is_family_mismatch() { ( is_ipv4_netmask "${1//!}" && is_ipv6 "${2//!}" ) || ( is_ipv6 "${1//!}" && is_ipv4_netmask "${2//!}" ); }
+is_greater() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"; }
+is_greater_or_equal() { test "$(printf '%s\n' "$@" | sort -V | head -n '1')" = "$2"; }
+is_ignored_interface() { str_contains_word "$ignored_interface" "$1"; }
+is_ignore_target() { [ "$(str_to_lower "$1")" = 'ignore' ]; }
+is_integer() {
+ case "$1" in
+ (*[!0123456789]*) return 1;;
+ ('') return 1;;
+ (*) return 0;;
+ esac
+}
+is_ipset_type_supported() { ipset help hash:"$1" >/dev/null 2>&1; }
+is_nft_mode() { return 1; }
+is_ipv4() { expr "$1" : '[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$' >/dev/null; }
+is_ipv6() { ! is_mac_address "$1" && str_contains "$1" ':'; }
+is_ipv6_global() { [ "${1:0:4}" = '2001' ]; }
+is_ipv6_link_local() { [ "${1:0:4}" = 'fe80' ]; }
+is_ipv6_unique_local() { [ "${1:0:2}" = 'fc' ] || [ "${1:0:2}" = 'fd' ]; }
+is_list() { str_contains "$1" ',' || str_contains "$1" ' '; }
+is_ipv4_netmask() { local ip="${1%/*}"; [ "$ip" != "$1" ] && is_ipv4 "$ip"; }
+is_lan() { local d; network_get_device d "$1"; str_contains "$d" 'br-lan'; }
+is_l2tp() { local p; network_get_protocol p "$1"; [ "${p:0:4}" = "l2tp" ]; }
+is_mac_address() { expr "$1" : '[0-9a-fA-F][0-9a-fA-F]:[0-9a-fA-F][0-9a-fA-F]:[0-9a-fA-F][0-9a-fA-F]:[0-9a-fA-F][0-9a-fA-F]:[0-9a-fA-F][0-9a-fA-F]:[0-9a-fA-F][0-9a-fA-F]$' >/dev/null; }
+is_netifd_table() { grep -q "ip.table.*$1" /etc/config/network; }
+is_netifd_table_interface() { local iface="$1"; [ "$(uci_get 'network' "$iface" 'ip4table')" = "${packageName}_${iface%6}" ]; }
+is_oc() { local p; network_get_protocol p "$1"; [ "${p:0:11}" = "openconnect" ]; }
+is_ovpn() { local d; uci_get_device d "$1"; [ "${d:0:3}" = "tun" ] || [ "${d:0:3}" = "tap" ] || [ -f "/sys/devices/virtual/net/${d}/tun_flags" ]; }
+is_ovpn_valid() { local dev_net dev_ovpn; uci_get_device dev_net "$1"; dev_ovpn="$(uci_get 'openvpn' "$1" 'dev')"; [ -n "$dev_net" ] && [ -n "$dev_ovpn" ] && [ "$dev_net" = "$dev_ovpn" ]; }
+is_phys_dev() { [ "${1:0:1}" = "@" ] && ip l show | grep -E -q "^\\d+\\W+${1:1}"; }
+is_present() { command -v "$1" >/dev/null 2>&1; }
+is_service_running() { if is_nft_mode; then is_service_running_nft; else is_service_running_iptables; fi; }
+is_service_running_iptables() { [ -x "$iptables" ] && "$iptables" -t mangle -L | grep -q "${iptPrefix}_PREROUTING" >/dev/null 2>&1; }
+is_service_running_nft() { [ -x "$nft" ] && [ -n "$(get_mark_nft_chains)" ]; }
+is_supported_iface_dev() { local n dev; for n in $ifacesSupported; do network_get_device dev "$n"; [ "$1" = "$dev" ] && return 0; done; return 1; }
+is_supported_protocol() { grep -o '^[^#]*' /etc/protocols | grep -w -v '0' | grep . | awk '{print $1}' | grep -q "$1"; }
+is_pptp() { local p; network_get_protocol p "$1"; [ "${p:0:4}" = "pptp" ]; }
+is_softether() { local d; network_get_device d "$1"; [ "${d:0:4}" = "vpn_" ]; }
+is_supported_interface() { is_lan "$1" && return 1; str_contains_word "$supported_interface" "$1" || { ! is_ignored_interface "$1" && { is_wan "$1" || is_wan6 "$1" || is_tunnel "$1"; }; } || is_ignore_target "$1" || is_xray "$1"; }
+is_tailscale() { local d; network_get_device d "$1"; [ "${d:0:9}" = "tailscale" ]; }
+is_tor() { [ "$(str_to_lower "$1")" = "tor" ]; }
+is_tor_running() {
+ local ret=0
+ is_ignored_interface 'tor' && return 1
+ [ -s "$torConfigFile" ] || return 1
+ json_load "$(ubus call service list "{ 'name': 'tor' }")" >/dev/null || return 1
+ json_select 'tor' >/dev/null || return 1
+ json_select 'instances' >/dev/null || return 1
+ json_select 'instance1' >/dev/null || return 1
+ json_get_var ret 'running' >/dev/null || return 1
+ json_cleanup
+ if [ "$ret" = "0" ]; then return 1; else return 0; fi
+}
+is_tunnel() { is_dslite "$1" || is_l2tp "$1" || is_oc "$1" || is_ovpn "$1" || is_pptp "$1" || is_softether "$1" || is_tailscale "$1" || is_tor "$1" || is_wg "$1"; }
+is_url() { is_url_file "$1" || is_url_dl "$1"; }
+is_url_dl() { is_url_ftp "$1" || is_url_http "$1" || is_url_https "$1"; }
+is_url_file() { [ "$1" != "${1#file://}" ];}
+is_url_ftp() { [ "$1" != "${1#ftp://}" ];}
+is_url_http() { [ "$1" != "${1#http://}" ];}
+is_url_https() { [ "$1" != "${1#https://}" ];}
+is_wan() { [ "$1" = "$wanIface4" ] || { [ "${1##wan}" != "$1" ] && [ "${1##wan6}" = "$1" ]; } || [ "${1%%wan}" != "$1" ]; }
+is_wan6() { [ -n "$wanIface6" ] && [ "$1" = "$wanIface6" ] || [ "${1/#wan6}" != "$1" ] || [ "${1/%wan6}" != "$1" ]; }
+is_wg() { local p lp; network_get_protocol p "$1"; uci_get_listen_port lp "$1"; [ -z "$lp" ] && [ "${p:0:9}" = "wireguard" ]; }
+is_xray() { [ -n "$(get_xray_traffic_port "$1")" ]; }
+dnsmasq_kill() { killall -q -s HUP dnsmasq; }
+dnsmasq_restart() { output 3 'Restarting dnsmasq '; if /etc/init.d/dnsmasq restart >/dev/null 2>&1; then output_okn; else output_failn; fi; }
+# shellcheck disable=SC2155
+get_ss_traffic_ports() { local i="$(jsonfilter -i "$ssConfigFile" -q -e "@.inbounds[*].port")"; echo "${i:-443}"; }
+# shellcheck disable=SC2155
+get_tor_dns_port() { local i="$(grep -m1 DNSPort "$torConfigFile" | awk -F: '{print $2}')"; echo "${i:-9053}"; }
+# shellcheck disable=SC2155
+get_tor_traffic_port() { local i="$(grep -m1 TransPort "$torConfigFile" | awk -F: '{print $2}')"; echo "${i:-9040}"; }
+get_xray_traffic_port() { local i="${1//$xrayIfacePrefix}"; [ "$i" = "$1" ] && unset i; echo "$i"; }
+get_rt_tables_id() { local iface="$1"; grep "${ipTablePrefix}_${iface}\$" "$rtTablesFile" | awk '{print $1;}'; }
+get_rt_tables_next_id() { echo "$(($(sort -r -n "$rtTablesFile" | grep -o -E -m 1 "^[0-9]+")+1))"; }
+get_rt_tables_non_pbr_next_id() { echo "$(($(grep -v "${ipTablePrefix}_" "$rtTablesFile" | sort -r -n | grep -o -E -m 1 "^[0-9]+")+1))"; }
+# shellcheck disable=SC2016
+resolveip_to_ipt() { resolveip "$@" | sed -n 'H;${x;s/\n/,/g;s/^,//;p;};d'; }
+resolveip_to_ipt4() { resolveip_to_ipt -4 "$@"; }
+resolveip_to_ipt6() { [ -n "$ipv6_enabled" ] && resolveip_to_ipt -6 "$@"; }
+# shellcheck disable=SC2016
+resolveip_to_nftset() { resolveip "$@" | sed -n 'H;${x;s/\n/,/g;s/^,//;p;};d' | tr '\n' ' '; }
+resolveip_to_nftset4() { resolveip_to_nftset -4 "$@"; }
+resolveip_to_nftset6() { [ -n "$ipv6_enabled" ] && resolveip_to_nftset -6 "$@"; }
+# shellcheck disable=SC2016
+ipv4_leases_to_nftset() { [ -s '/tmp/dhcp.leases' ] || return 1; grep "$1" '/tmp/dhcp.leases' | awk '{print $3}' | sed -n 'H;${x;s/\n/,/g;s/^,//;p;};d' | tr '\n' ' '; }
+# shellcheck disable=SC2016
+ipv6_leases_to_nftset() { [ -s '/tmp/hosts/odhcpd' ] || return 1; grep -v '^#' '/tmp/hosts/odhcpd' | grep "$1" | awk '{print $1}' | sed -n 'H;${x;s/\n/,/g;s/^,//;p;};d' | tr '\n' ' '; }
+# shellcheck disable=SC3037
+ports_to_nftset() { echo -en "$1"; }
+get_mark_ipt_chains() { [ -n "$(command -v iptables-save)" ] && iptables-save | grep ":${iptPrefix}_MARK_" | awk '{ print $1 }' | sed 's/://'; }
+get_mark_nft_chains() { [ -x "$nft" ] && "$nft" list table inet "$nftTable" 2>/dev/null | grep chain | grep "${nftPrefix}_mark_" | awk '{ print $2 }'; }
+get_ipsets() { [ -x "$(command -v ipset)" ] && ipset list | grep "${ipsPrefix}_" | awk '{ print $2 }'; }
+get_nft_sets() { [ -x "$nft" ] && "$nft" list table inet "$nftTable" 2>/dev/null | grep 'set' | grep "${nftPrefix}_" | awk '{ print $2 }'; }
+__ubus_get() { ubus call service list "{ 'name': '$packageName' }" | jsonfilter -e "$1"; }
+ubus_get_status() { __ubus_get "@.${packageName}.instances.main.data.status.${1}"; }
+ubus_get_interface() { __ubus_get "@.${packageName}.instances.main.data.gateways[@.name='${1}']${2:+.$2}"; }
+ubus_get_gateways() { __ubus_get "@.${packageName}.instances.main.data.gateways"; }
+uci_get_device() {
+ local __tmp
+ __tmp="$(uci_get 'network' "$2" 'device')"
+ [ -z "$__tmp" ] && unset "$1" && return 1
+ eval "$1=$__tmp"
+}
+uci_get_listen_port() {
+ local __tmp
+ __tmp="$(uci_get 'network' "$2" 'listen_port')"
+ [ -z "$__tmp" ] && unset "$1" && return 1
+ eval "$1=$__tmp"
+}
+
+# luci app specific
+is_enabled() { uci_get "$1" 'config' 'enabled'; }
+is_running_iptables() { iptables -t mangle -L | grep -q PBR_PREROUTING >/dev/null 2>&1; }
+is_running_nft_file() { [ -s "$nftPermFile" ]; }
+is_running_nft() { "$nft" list table inet fw4 | grep chain | grep -q pbr_mark_ >/dev/null 2>&1; }
+is_running() { is_running_iptables || is_running_nft; }
+check_ipset() { { [ -n "$ipset" ] && "$ipset" help hash:net; } >/dev/null 2>&1; }
+check_nft() { [ -x "$nft" ]; }
+check_agh() { [ -x "$agh" ] && { [ -s "$aghConfigFile" ] || [ -s "${agh%/*}/AdGuardHome.yaml" ]; }; }
+check_dnsmasq() { command -v dnsmasq >/dev/null 2>&1; }
+check_unbound() { command -v unbound >/dev/null 2>&1; }
+check_agh_ipset() {
+ check_ipset || return 1
+ check_agh || return 1
+ is_greater_or_equal "$($agh --version | sed 's|AdGuard Home, version v\(.*\)|\1|' | sed 's|-.*||')" '0.107.13'
+}
+check_dnsmasq_ipset() {
+ local o;
+ check_ipset || return 1
+ check_dnsmasq || return 1
+ o="$(dnsmasq -v 2>/dev/null)"
+ ! echo "$o" | grep -q 'no-ipset' && echo "$o" | grep -q 'ipset'
+}
+check_dnsmasq_nftset() {
+ local o;
+ check_nft || return 1
+ check_dnsmasq || return 1
+ o="$(dnsmasq -v 2>/dev/null)"
+ ! echo "$o" | grep -q 'no-nftset' && echo "$o" | grep -q 'nftset'
+}
+print_json_bool() { json_init; json_add_boolean "$1" "$2"; json_dump; json_cleanup; }
+print_json_string() { json_init; json_add_string "$1" "$2"; json_dump; json_cleanup; }
+
+if type extra_command >/dev/null 2>&1; then
+ extra_command 'status' "Generates output required to troubleshoot routing issues
+ Use '-d' option for more detailed output
+ Use '-p' option to automatically upload data under VPR paste.ee account
+ WARNING: while paste.ee uploads are unlisted, they are still publicly available
+ List domain names after options to include their lookup in report"
+ extra_command 'version' 'Show version information'
+ extra_command 'on_firewall_reload' ' Run service on firewall reload'
+ extra_command 'on_interface_reload' ' Run service on indicated interface reload'
+else
+# shellcheck disable=SC2034
+ EXTRA_COMMANDS='on_firewall_reload on_interface_reload status version'
+# shellcheck disable=SC2034
+ EXTRA_HELP=" status Generates output required to troubleshoot routing issues
+ Use '-d' option for more detailed output
+ Use '-p' option to automatically upload data under VPR paste.ee account
+ WARNING: while paste.ee uploads are unlisted, they are still publicly available
+ List domain names after options to include their lookup in report"
+fi
+
+get_text() {
+ local r
+ case "$1" in
+ errorConfigValidation) r="Config ($packageConfigFile) validation failure!";;
+ errorNoIpFull) r="ip-full binary cannot be found!";;
+ errorNoIptables) r="iptables binary cannot be found!";;
+ errorNoIpset) r="Resolver set support (${resolver_set}) requires ipset, but ipset binary cannot be found!";;
+ errorNoNft) r="Resolver set support (${resolver_set}) requires nftables, but nft binary cannot be found!";;
+ errorResolverNotSupported) r="Resolver set (${resolver_set}) is not supported on this system!";;
+ errorServiceDisabled) r="The ${packageName} service is currently disabled!";;
+ errorNoWanGateway) r="The ${serviceName} service failed to discover WAN gateway!";;
+ errorNoWanInterface) r="The %s inteface not found, you need to set the 'pbr.config.procd_wan_interface' option!";;
+ errorNoWanInterfaceHint) r="Refer to https://docs.openwrt.melmac.net/pbr/#procd_wan_interface.";;
+ errorIpsetNameTooLong) r="The ipset name '%s' is longer than allowed 31 characters!";;
+ errorNftsetNameTooLong) r="The nft set name '%s' is longer than allowed 255 characters!";;
+ errorUnexpectedExit) r="Unexpected exit or service termination: '%s'!";;
+ errorPolicyNoSrcDest) r="Policy '%s' has no source/destination parameters!";;
+ errorPolicyNoInterface) r="Policy '%s' has no assigned interface!";;
+ errorPolicyNoDns) r="Policy '%s' has no assigned DNS!";;
+ errorPolicyProcessNoInterfaceDns) r="Interface '%s' has no assigned DNS!";;
+ errorPolicyUnknownInterface) r="Policy '%s' has an unknown interface!";;
+ errorPolicyProcessCMD) r="'%s'!";;
+ errorFailedSetup) r="Failed to set up '%s'!";;
+ errorFailedReload) r="Failed to reload '%s'!";;
+ errorUserFileNotFound) r="Custom user file '%s' not found or empty!";;
+ errorUserFileSyntax) r="Syntax error in custom user file '%s'!";;
+ errorUserFileRunning) r="Error running custom user file '%s'!";;
+ errorUserFileNoCurl) r="Use of 'curl' is detected in custom user file '%s', but 'curl' isn't installed!";;
+ errorNoGateways) r="Failed to set up any gateway!";;
+ errorResolver) r="Resolver '%s'!";;
+ errorPolicyProcessNoIpv6) r="Skipping IPv6 policy '%s' as IPv6 support is disabled!";;
+ errorPolicyProcessUnknownFwmark) r="Unknown packet mark for interface '%s'!";;
+ errorPolicyProcessMismatchFamily) r="Mismatched IP family between in policy '%s'!";;
+ errorPolicyProcessUnknownProtocol) r="Unknown protocol in policy '%s'!";;
+ errorPolicyProcessInsertionFailed) r="Insertion failed for both IPv4 and IPv6 for policy '%s'!";;
+ errorPolicyProcessInsertionFailedIpv4) r="Insertion failed for IPv4 for policy '%s'!";;
+ errorInterfaceRoutingEmptyValues) r="Received empty tid/mark or interface name when setting up routing!";;
+ errorFailedToResolve) r="Failed to resolve '%s'!";;
+ errorTryFailed) r="Command failed: %s";;
+ errorNftFileInstall) r="Failed to install fw4 nft file '%s'!";;
+ errorDownloadUrlNoHttps) r="Failed to download '%s', HTTPS is not supported!";;
+ errorDownloadUrl) r="Failed to download '%s'!";;
+ errorNoDownloadWithSecureReload) r="Policy '%s' refers to URL which can't be downloaded in 'secure_reload' mode!";;
+ errorFileSchemaRequiresCurl) r="The file:// schema requires curl, but it's not detected on this system!";;
+ warningInvalidOVPNConfig) r="Invalid OpenVPN config for '%s' interface.";;
+ warningResolverNotSupported) r="Resolver set (${resolver_set}) is not supported on this system.";;
+ warningAGHVersionTooLow) r="Installed AdGuardHome ('%s') doesn't support 'ipset_file' option.";;
+ warningPolicyProcessCMD) r="'%s'";;
+ warningTorUnsetParams) r="Please unset 'src_addr', 'src_port' and 'dest_port' for policy '%s'.";;
+ warningTorUnsetProto) r="Please unset 'proto' or set 'proto' to 'all' for policy '%s'.";;
+ warningTorUnsetChainIpt) r="Please unset 'chain' or set 'chain' to 'PREROUTING' for policy '%s'.";;
+ warningTorUnsetChainNft) r="Please unset 'chain' or set 'chain' to 'prerouting' for policy '%s'.";;
+ warningOutdatedWebUIApp) r="The WebUI application is outdated (version %s), please update it.";;
+ warningBadNftCallsInUserFile) r="Incompatible nft calls detected in user include file, disabling fw4 nft file support.";;
+ warningDnsmasqInstanceNoConfdir) r="Dnsmasq instance (%s) targeted in settings, but it doesn't have its own confdir.";;
+ esac
+ echo "$r"
+}
+
+process_url() {
+ local url="$1"
+ local dl_command dl_https_supported dl_temp_file
+# TODO: check for FILE schema and missing curl
+ if is_present 'curl'; then
+ dl_command="curl --silent --insecure"
+ dl_flag="-o"
+ elif is_present '/usr/libexec/wget-ssl'; then
+ dl_command="/usr/libexec/wget-ssl --no-check-certificate -q"
+ dl_flag="-O"
+ elif is_present wget && wget --version 2>/dev/null | grep -q "+https"; then
+ dl_command="wget --no-check-certificate -q"
+ dl_flag="-O"
+ else
+ dl_command="uclient-fetch --no-check-certificate -q"
+ dl_flag="-O"
+ fi
+ if curl --version 2>/dev/null | grep -q "Protocols: .*https.*" \
+ || wget --version 2>/dev/null | grep -q "+ssl"; then
+ dl_https_supported=1
+ else
+ unset dl_https_supported
+ fi
+ while [ -z "$dl_temp_file" ] || [ -e "$dl_temp_file" ]; do
+ dl_temp_file="$(mktemp -u -q -t ${packageName}_tmp.XXXXXXXX)"
+ done
+ if is_url_file "$url" && ! is_present 'curl'; then
+ state add 'errorSummary' 'errorFileSchemaRequiresCurl' "$url"
+ elif is_url_https "$url" && [ -z "$dl_https_supported" ]; then
+ state add 'errorSummary' 'errorDownloadUrlNoHttps' "$url"
+ elif $dl_command "$url" "$dl_flag" "$dl_temp_file" 2>/dev/null; then
+ sed 'N;s/\n/ /;s/\s\+/ /g;' "$dl_temp_file"
+ else
+ state add 'errorSummary' 'errorDownloadUrl' "$url"
+ fi
+ rm -f "$dl_temp_file"
+}
+
+load_package_config() {
+ _check_user_files_for_bad_nft_calls() {
+ local cfg="$1"
+ local en path
+ config_get_bool en "$cfg" 'enabled' '1'
+ config_get path "$cfg" 'path'
+ [ "$en" -eq '0' ] && return 0
+ [ -z "$path" ] && return 0
+ [ -s "$path" ] || return 0
+ is_bad_user_file_nft_call "$path" && user_file_check_result='bad'
+ }
+ local param="$1"
+ local user_file_check_result i
+ config_load "$packageName"
+ config_get_bool enabled 'config' 'enabled' '0'
+ config_get fw_mask 'config' 'fw_mask' 'ff0000'
+ config_get icmp_interface 'config' 'icmp_interface'
+ config_get ignored_interface 'config' 'ignored_interface'
+ config_get_bool ipv6_enabled 'config' 'ipv6_enabled' '0'
+ config_get_bool nft_file_support 'config' 'nft_file_support' '1'
+ config_get_bool nft_set_auto_merge 'config' 'nft_set_auto_merge' '1'
+ config_get_bool nft_set_counter 'config' 'nft_set_counter' '1'
+ config_get_bool nft_set_flags_interval 'config' 'nft_set_flags_interval' '1'
+ config_get_bool nft_set_flags_timeout 'config' 'nft_set_flags_timeout' '0'
+ config_get nft_set_gc_interval 'config' 'nft_set_gc_interval'
+ config_get nft_set_policy 'config' 'nft_set_policy' 'performance'
+ config_get nft_set_timeout 'config' 'nft_set_timeout'
+ config_get resolver_set 'config' 'resolver_set'
+ config_get resolver_instance 'config' 'resolver_instance' '*'
+ config_get rule_create_option 'config' 'rule_create_option' 'add'
+ config_get_bool secure_reload 'config' 'secure_reload' '0'
+ config_get_bool strict_enforcement 'config' 'strict_enforcement' '1'
+ config_get supported_interface 'config' 'supported_interface'
+ config_get verbosity 'config' 'verbosity' '2'
+ config_get procd_boot_delay 'config' 'procd_boot_delay' '0'
+ config_get procd_boot_timeout 'config' 'procd_boot_timeout' '30'
+ config_get procd_lan_interface 'config' 'procd_lan_interface'
+ config_get procd_wan_ignore_status 'config' 'procd_wan_ignore_status' '0'
+ config_get procd_wan_interface 'config' 'procd_wan_interface' 'wan'
+ config_get procd_wan6_interface 'config' 'procd_wan6_interface' 'wan6'
+ config_get wan_ip_rules_priority 'config' 'wan_ip_rules_priority' '30000'
+ config_get wan_mark 'config' 'wan_mark' '010000'
+ fw_mask="0x${fw_mask}"
+ wan_mark="0x${wan_mark}"
+ if [ -x "$agh" ] && [ ! -s "$aghConfigFile" ]; then
+ [ -s "${agh%/*}/AdGuardHome.yaml" ] && aghConfigFile="${agh%/*}/AdGuardHome.yaml"
+ fi
+ [ -n "$ipv6_enabled" ] && [ "$ipv6_enabled" -eq '0' ] && unset ipv6_enabled
+ [ -n "$nft_file_support" ] && [ "$nft_file_support" -eq '0' ] && unset nft_file_support
+ [ -n "$nft_user_set_counter" ] && [ "$nft_user_set_counter" -eq '0' ] && unset nft_user_set_counter
+ [ -n "$secure_reload" ] && [ "$secure_reload" -eq '0' ] && unset secure_reload
+ config_foreach _check_user_files_for_bad_nft_calls 'include'
+ [ -n "$user_file_check_result" ] && unset nft_file_support
+ [ -n "$nft_file_support" ] && unset secure_reload
+ is_config_enabled 'include' && unset secure_reload
+ if is_nft_mode; then
+ fw_maskXor="$(printf '%#x' "$((fw_mask ^ 0xffffffff))")"
+ fw_maskXor="${fw_maskXor:-0xff00ffff}"
+ else
+ case $rule_create_option in
+ insert|-i|-I) rule_create_option='-I';;
+ add|-a|-A|*) rule_create_option='-A';;
+ esac
+ fi
+
+ [ "$nft_set_auto_merge" != '1' ] && unset nft_set_auto_merge
+ [ "$nft_set_counter" != '1' ] && unset nft_set_counter
+ [ "$nft_set_flags_interval" != '1' ] && unset nft_set_flags_interval
+ [ "$nft_set_flags_timeout" != '1' ] && unset nft_set_flags_timeout
+ [ -z "${nft_set_flags_timeout}${nft_set_timeout}" ] && unset nft_set_gc_interval
+ local nft_set_flags
+ if [ -n "${nft_set_flags_interval}${nft_set_flags_timeout}" ]; then
+ [ -n "$nft_set_flags_interval" ] && nft_set_flags='flags interval'
+ if [ -n "$nft_set_flags_timeout" ]; then
+ if [ -n "$nft_set_flags" ]; then
+ nft_set_flags="${nft_set_flags}, timeout"
+ else
+ nft_set_flags='flags timeout'
+ fi
+ fi
+ fi
+ nft_set_params=" \
+ ${nft_set_auto_merge:+ auto-merge;} \
+ ${nft_set_counter:+ counter;} \
+ ${nft_set_flags:+ $nft_set_flags;} \
+ ${nft_set_gc_interval:+ gc_interval "$nft_set_gc_interval";} \
+ ${nft_set_policy:+ policy "$nft_set_policy";} \
+ ${nft_set_timeout:+ timeout "$nft_set_timeout";} \
+ "
+
+ resolver 'check_support' && resolver 'configure_instances'
+}
+
+load_environment() {
+ local param="$1" validation_result="$2"
+ load_package_config "$param"
+ case "$param" in
+ on_start)
+ if [ "$enabled" -eq '0' ]; then
+ state add 'errorSummary' 'errorServiceDisabled'
+ return 1
+ fi
+ if [ -n "$validation_result" ] && [ "$validation_result" != '0' ]; then
+ output "${_ERROR_}: The $packageName config validation failed!\\n"
+ output "Please check if the '$packageConfigFile' contains correct values for config options.\\n"
+ state add 'errorSummary' 'errorConfigValidation'
+ return 1
+ fi
+ if [ ! -x "$ip_bin" ]; then
+ state add 'errorSummary' 'errorNoIpFull'
+ return 1
+ fi
+ if is_nft_mode; then
+ if [ "$(uci_get 'firewall' 'defaults' 'auto_includes')" = '0' ]; then
+ uci_remove 'firewall' 'defaults' 'auto_includes'
+ uci_commit firewall
+ fi
+ else
+ if [ -z "$iptables" ] || [ ! -x "$iptables" ]; then
+ state add 'errorSummary' 'errorNoIptables'
+ return 1
+ fi
+ fi
+ ;;
+ on_stop)
+ :
+ ;;
+ esac
+ load_network "$param"
+}
+
+load_network() {
+ _build_ifaces_supported() { is_supported_interface "$1" && ! str_contains "$ifacesSupported" "$1" && ifacesSupported="${ifacesSupported}${1} "; }
+ _find_firewall_wan_zone() { [ "$(uci_get 'firewall' "$1" 'name')" = "wan" ] && firewallWanZone="$1"; }
+ local i param="$1"
+ local dev4 dev6
+ if [ -z "$ifacesSupported" ]; then
+ config_load 'firewall'
+ config_foreach _find_firewall_wan_zone 'zone'
+ for i in $(uci_get 'firewall' "$firewallWanZone" 'network'); do
+ is_supported_interface "$i" && ! str_contains "$ifacesSupported" "$1" && ifacesSupported="${ifacesSupported}${i} "
+ done
+ config_load 'network'
+ config_foreach _build_ifaces_supported 'interface'
+ fi
+ wanIface4="$procd_wan_interface"
+ network_get_device dev4 "$wanIface4"
+ [ -z "$dev4" ] && network_get_physdev dev4 "$wanIface4"
+ [ -z "$wanGW4" ] && pbr_get_gateway4 wanGW4 "$wanIface4" "$dev4"
+ if [ -n "$ipv6_enabled" ]; then
+ wanIface6="$procd_wan6_interface"
+ network_get_device dev6 "$wanIface6"
+ [ -z "$dev6" ] && network_get_physdev dev6 "$wanIface6"
+ [ -z "$wanGW6" ] && pbr_get_gateway6 wanGW6 "$wanIface6" "$dev6"
+ fi
+
+ case "$param" in
+ on_boot|on_start)
+ [ -n "$wanIface4" ] && output 2 "Using wan interface (${param}): $wanIface4 \\n"
+ [ -n "$wanGW4" ] && output 2 "Found wan gateway (${param}): $wanGW4 \\n"
+ [ -n "$wanIface6" ] && output 2 "Using wan6 interface (${param}): $wanIface6 \\n"
+ [ -n "$wanGW6" ] && output 2 "Found wan6 gateway (${param}): $wanGW6 \\n"
+ ;;
+ esac
+ wanGW="${wanGW4:-$wanGW6}"
+}
+
+is_wan_up() {
+ local sleepCount='1' param="$1"
+ load_network "$param"
+ [ "$procd_wan_ignore_status" -eq '0' ] || return 0
+ [ "$param" = 'on_boot' ] || procd_boot_timeout='1'
+ if [ -z "$(uci_get network "$procd_wan_interface")" ]; then
+ state add 'errorSummary' 'errorNoWanInterface' "$procd_wan_interface"
+ state add 'errorSummary' 'errorNoWanInterfaceHint'
+ return 1
+ fi
+ while [ -z "$wanGW" ] ; do
+ load_network "$param"
+ if [ "$((sleepCount))" -gt "$((procd_boot_timeout))" ] || [ -n "$wanGW" ]; then break; fi
+ output "$serviceName waiting for $procd_wan_interface gateway...\\n"
+ sleep 1
+ network_flush_cache
+ sleepCount=$((sleepCount+1))
+ done
+ if [ -n "$wanGW" ]; then
+ return 0
+ else
+ state add 'errorSummary' 'errorNoWanGateway'
+ return 1
+ fi
+}
+
+# shellcheck disable=SC2086
+ipt4() {
+ local d
+ [ -x "$iptables" ] || return 1
+ for d in "${*//-A/-D}" "${*//-I/-D}" "${*//-N/-F}" "${*//-N/-X}"; do
+ [ "$d" != "$*" ] && "$iptables" $d >/dev/null 2>&1
+ done
+ d="$*"; "$iptables" $d >/dev/null 2>&1
+}
+
+# shellcheck disable=SC2086
+ipt6() {
+ local d
+ [ -n "$ipv6_enabled" ] || return 0
+ [ -x "$ip6tables" ] || return 1
+ for d in "${*//-A/-D}" "${*//-I/-D}" "${*//-N/-F}" "${*//-N/-X}"; do
+ [ "$d" != "$*" ] && "$ip6tables" $d >/dev/null 2>&1
+ done
+ d="$*"
+ "$ip6tables" $d >/dev/null 2>&1
+}
+
+# shellcheck disable=SC2086
+ipt() {
+ local d failFlagIpv4=1 failFlagIpv6=1
+ [ -x "$iptables" ] || return 1
+ for d in "${*//-A/-D}" "${*//-I/-D}" "${*//-N/-F}" "${*//-N/-X}"; do
+ if [ "$d" != "$*" ]; then
+ "$iptables" $d >/dev/null 2>&1
+ if [ -x "$ip6tables" ]; then
+ "$ip6tables" $d >/dev/null 2>&1
+ fi
+ fi
+ done
+ d="$*"; "$iptables" $d >/dev/null 2>&1 && failFlagIpv4=0;
+ if [ -n "$ipv6_enabled" ] && [ -x "$ip6tables" ]; then
+ "$ip6tables" $d >/dev/null 2>&1 && failFlagIpv6=0
+ fi
+ [ "$failFlagIpv4" -eq '0' ] || [ "$failFlagIpv6" -eq '0' ]
+}
+
+# shellcheck disable=SC2086
+ips4() { [ -x "$ipset" ] && "$ipset" "$@" >/dev/null 2>&1; }
+ips6() { [ -x "$ipset" ] && { if [ -n "$ipv6_enabled" ] && [ -n "$*" ]; then "$ipset" "$@" >/dev/null 2>&1; else return 1; fi; }; }
+ips() {
+ local command="$1" iface="$2" target="${3:-dst}" type="${4:-ip}" uid="$5" comment="$6" param="$7" mark="$7"
+ local ipset4 ipset6 i
+ local ipv4_error=1 ipv6_error=1
+ ipset4="${ipsPrefix}${iface:+_$iface}_4${target:+_$target}${type:+_$type}${uid:+_$uid}"
+ ipset6="${ipsPrefix}${iface:+_$iface}_6${target:+_$target}${type:+_$type}${uid:+_$uid}"
+
+ [ -x "$ipset" ] || return 1
+
+ if [ "${#ipset4}" -gt '31' ]; then
+ state add 'errorSummary' 'errorIpsetNameTooLong' "$ipset4"
+ return 1
+ fi
+
+ case "$command" in
+ add)
+ ips4 -q -! add "$ipset4" ["$param"] comment "$comment" && ipv4_error=0
+ ips6 -q -! add "$ipset6" ["$param"] comment "$comment" && ipv6_error=0
+ ;;
+ add_agh_element)
+ [ -n "$ipv6_enabled" ] || unset ipset6
+ echo "${param}/${ipset4}${ipset6:+,$ipset6}" >> "$aghIpsetFile" && ipv4_error=0
+ ;;
+ add_dnsmasq_element)
+ [ -n "$ipv6_enabled" ] || unset ipset6
+ # shellcheck disable=SC2086
+ echo "ipset=/${param}/${ipset4}${ipset6:+,$ipset6} # $comment" | tee -a $dnsmasqFileList >/dev/null 2>&1 && ipv4_error=0
+ ;;
+ create)
+ ips4 -q -! create "$ipset4" "hash:$type" comment && ipv4_error=0
+ ips6 -q -! create "$ipset6" "hash:$type" comment family inet6 && ipv6_error=0
+ ;;
+ create_agh_set)
+ ips4 -q -! create "$ipset4" "hash:$type" comment && ipv4_error=0
+ ips6 -q -! create "$ipset6" "hash:$type" comment family inet6 && ipv6_error=0
+ ;;
+ create_dnsmasq_set)
+ ips4 -q -! create "$ipset4" "hash:$type" comment && ipv4_error=0
+ ips6 -q -! create "$ipset6" "hash:$type" comment family inet6 && ipv6_error=0
+ ;;
+ create_user_set)
+ case "$type" in
+ ip|net)
+ ips4 -q -! create "$ipset4" "hash:$type" comment && ipv4_error=0
+ ips6 -q -! create "$ipset6" "hash:$type" comment family inet6 && ipv6_error=0
+ case "$target" in
+ dst)
+ ipt4 -t mangle -A "${iptPrefix}_PREROUTING" -m set --match-set "$ipset4" dst -g "${iptPrefix}_MARK_${mark}" && ipv4_error=0
+ ipt6 -t mangle -A "${iptPrefix}_PREROUTING" -m set --match-set "$ipset6" dst -g "${iptPrefix}_MARK_${mark}" && ipv6_error=0
+ ;;
+ src)
+ ipt4 -t mangle -A "${iptPrefix}_PREROUTING" -m set --match-set "$ipset4" src -g "${iptPrefix}_MARK_${mark}" && ipv4_error=0
+ ipt6 -t mangle -A "${iptPrefix}_PREROUTING" -m set --match-set "$ipset6" src -g "${iptPrefix}_MARK_${mark}" && ipv6_error=0
+ ;;
+ esac
+ ;;
+ mac)
+ ips4 -q -! create "$ipset4" "hash:$type" comment && ipv4_error=0
+ ips6 -q -! create "$ipset6" "hash:$type" comment family inet6 && ipv4_error=0
+ ipt4 -t mangle -A "${iptPrefix}_PREROUTING" -m set --match-set "$ipset4" src -g "${iptPrefix}_MARK_${mark}" && ipv4_error=0
+ ipt6 -t mangle -A "${iptPrefix}_PREROUTING" -m set --match-set "$ipset6" src -g "${iptPrefix}_MARK_${mark}" && ipv6_error=0
+ ;;
+ esac
+ ;;
+ delete|destroy)
+ ips4 -q -! destroy "$ipset4" && ipv4_error=0
+ ips6 -q -! destroy "$ipset6" && ipv6_error=0
+ ;;
+ delete_user_set)
+ ips4 -q -! destroy "$ipset4" && ipv4_error=0
+ ips6 -q -! destroy "$ipset6" family inet6 && ipv6_error=0
+ case "$type" in
+ ip|net)
+ case "$target" in
+ dst)
+ ipt4 -t mangle -D "${iptPrefix}_PREROUTING" -m set --match-set "$ipset4" dst -g "${iptPrefix}_MARK_${mark}" && ipv4_error=0
+ ipt6 -t mangle -D "${iptPrefix}_PREROUTING" -m set --match-set "$ipset6" dst -g "${iptPrefix}_MARK_${mark}" && ipv6_error=0
+ ;;
+ src)
+ ipt4 -t mangle -D "${iptPrefix}_PREROUTING" -m set --match-set "$ipset4" src -g "${iptPrefix}_MARK_${mark}" && ipv4_error=0
+ ipt6 -t mangle -D "${iptPrefix}_PREROUTING" -m set --match-set "$ipset6" src -g "${iptPrefix}_MARK_${mark}" && ipv6_error=0
+ ;;
+ esac
+ ;;
+ mac)
+ ipt4 -t mangle -D "${iptPrefix}_PREROUTING" -m set --match-set "$ipset4" src -g "${iptPrefix}_MARK_${mark}" && ipv4_error=0
+ ipt6 -t mangle -D "${iptPrefix}_PREROUTING" -m set --match-set "$ipset6" src -g "${iptPrefix}_MARK_${mark}" && ipv6_error=0
+ ;;
+ esac
+ ;;
+ flush|flush_user_set)
+ ips4 -q -! flush "$ipset4" && ipv4_error=0
+ ips6 -q -! flush "$ipset6" && ipv6_error=0
+ ;;
+ esac
+ if [ "$ipv4_error" -eq '0' ] || [ "$ipv6_error" -eq '0' ]; then
+ return 0
+ else
+ return 1
+ fi
+}
+
+nft_call() { [ -x "$nft" ] && "$nft" "$@" >/dev/null 2>&1; }
+nft_file() {
+ local i
+ [ -x "$nft" ] || return 1
+ case "$1" in
+ add|add_command)
+ [ -n "$nft_file_support" ] || return 1
+ shift
+ grep -q "$*" "$nftTempFile" || echo "$*" >> "$nftTempFile"
+ ;;
+ create)
+ rm -f "$nftTempFile" "$nftPermFile"
+ for i in "$nftTempFile" "$nftPermFile"; do
+ mkdir -p "${i%/*}"
+ done
+ [ -n "$nft_file_support" ] || return 1
+ { echo '#!/usr/sbin/nft -f'; echo ''; } > "$nftTempFile"
+ ;;
+ delete|rm|remove)
+ rm -f "$nftTempFile" "$nftPermFile"
+ ;;
+ enabled)
+ [ -n "$nft_file_support" ] && return 0 || return 1
+ ;;
+ exists)
+ [ -s "$nftPermFile" ] && return 0 || return 1
+ ;;
+ install)
+ [ -n "$nft_file_support" ] || return 1
+ [ -s "$nftTempFile" ] || return 1
+ output "Installing fw4 nft file "
+ if nft_call -c -f "$nftTempFile" && \
+ cp -f "$nftTempFile" "$nftPermFile"; then
+ output_okn
+ else
+ state add 'errorSummary' 'errorNftFileInstall' "$nftTempFile"
+ output_failn
+ fi
+ ;;
+ esac
+}
+nft() { [ -x "$nft" ] && [ -n "$*" ] && { nft_file 'add_command' "$@" || "$nft" "$@" >/dev/null 2>&1;} }
+nft4() { nft "$@"; }
+nft6() { [ -n "$ipv6_enabled" ] || return 0; nft "$@"; }
+nftset() {
+ local command="$1" iface="$2" target="${3:-dst}" type="${4:-ip}" uid="$5" comment="$6" param="$7" mark="$7"
+ local nftset4 nftset6 i param4 param6
+ local ipv4_error=1 ipv6_error=1
+ nftset4="${nftPrefix}${iface:+_$iface}_4${target:+_$target}${type:+_$type}${uid:+_$uid}"
+ nftset6="${nftPrefix}${iface:+_$iface}_6${target:+_$target}${type:+_$type}${uid:+_$uid}"
+
+ [ -x "$nft" ] || return 1
+
+ if [ "${#nftset4}" -gt '255' ]; then
+ state add 'errorSummary' 'errorNftsetNameTooLong' "$nftset4"
+ return 1
+ fi
+
+ case "$command" in
+ add)
+ if is_mac_address "$param" || is_list "$param"; then
+ nft4 add element inet "$nftTable" "$nftset4" "{ $param }" && ipv4_error=0
+ nft6 add element inet "$nftTable" "$nftset6" "{ $param }" && ipv6_error=0
+ elif is_ipv4_netmask "$param" || is_ipv4 "$param"; then
+ nft4 add element inet "$nftTable" "$nftset4" "{ $param }" && ipv4_error=0
+ elif is_ipv6 "$param"; then
+ nft6 add element inet "$nftTable" "$nftset6" "{ $param }" && ipv6_error=0
+ else
+ if [ "$target" = 'src' ]; then
+ param4="$(ipv4_leases_to_nftset "$param")"
+ param6="$(ipv6_leases_to_nftset "$param")"
+ fi
+ [ -z "$param4" ] && param4="$(resolveip_to_nftset4 "$param")"
+ [ -z "$param6" ] && param6="$(resolveip_to_nftset6 "$param")"
+ if [ -z "$param4" ] && [ -z "$param6" ]; then
+ state add 'errorSummary' 'errorFailedToResolve' "$param"
+ else
+ [ -n "$param4" ] && nft4 add element inet "$nftTable" "$nftset4" "{ $param4 }" && ipv4_error=0
+ [ -n "$param6" ] && nft6 add element inet "$nftTable" "$nftset6" "{ $param6 }" && ipv6_error=0
+ fi
+ fi
+ ;;
+ add_dnsmasq_element)
+ [ -n "$ipv6_enabled" ] || unset nftset6
+ # shellcheck disable=SC2086
+ echo "nftset=/${param}/4#inet#${nftTable}#${nftset4}${nftset6:+,6#inet#${nftTable}#$nftset6} # $comment" | tee -a $dnsmasqFileList >/dev/null 2>&1 && ipv4_error=0
+ ;;
+ create)
+ case "$type" in
+ ip|net)
+ nft4 add set inet "$nftTable" "$nftset4" "{ type ipv4_addr; $nft_set_params comment \"$comment\";}" && ipv4_error=0
+ nft6 add set inet "$nftTable" "$nftset6" "{ type ipv6_addr; $nft_set_params comment \"$comment\"; }" && ipv6_error=0
+ ;;
+ mac)
+ nft4 add set inet "$nftTable" "$nftset4" "{ type ether_addr; $nft_set_params comment \"$comment\"; }" && ipv4_error=0
+ nft6 add set inet "$nftTable" "$nftset6" "{ type ether_addr; $nft_set_params comment \"$comment\"; }" && ipv6_error=0
+ ;;
+ esac
+ ;;
+ create_dnsmasq_set)
+ nft4 add set inet "$nftTable" "$nftset4" "{ type ipv4_addr; $nft_set_params comment \"$comment\"; }" && ipv4_error=0
+ nft6 add set inet "$nftTable" "$nftset6" "{ type ipv6_addr; $nft_set_params comment \"$comment\"; }" && ipv6_error=0
+ ;;
+ create_user_set)
+ case "$type" in
+ ip|net)
+ nft4 add set inet "$nftTable" "$nftset4" "{ type ipv4_addr; $nft_set_params comment \"$comment\"; }" && ipv4_error=0
+ nft6 add set inet "$nftTable" "$nftset6" "{ type ipv6_addr; $nft_set_params comment \"$comment\"; }" && ipv6_error=0
+ case "$target" in
+ dst)
+ nft4 add rule inet "$nftTable" "${nftPrefix}_prerouting" "$nftIPv4Flag" daddr "@${nftset4}" goto "${nftPrefix}_mark_${mark}" && ipv4_error=0
+ nft6 add rule inet "$nftTable" "${nftPrefix}_prerouting" "$nftIPv6Flag" daddr "@${nftset6}" goto "${nftPrefix}_mark_${mark}" && ipv6_error=0
+ ;;
+ src)
+ nft4 add rule inet "$nftTable" "${nftPrefix}_prerouting" "$nftIPv4Flag" saddr "@${nftset4}" goto "${nftPrefix}_mark_${mark}" && ipv4_error=0
+ nft6 add rule inet "$nftTable" "${nftPrefix}_prerouting" "$nftIPv6Flag" saddr "@${nftset6}" goto "${nftPrefix}_mark_${mark}" && ipv6_error=0
+ ;;
+ esac
+ ;;
+ mac)
+ nft4 add set inet "$nftTable" "$nftset4" "{ type ether_addr; $nft_set_params comment \"$comment\"; }" && ipv4_error=0
+ nft6 add set inet "$nftTable" "$nftset6" "{ type ether_addr; $nft_set_params comment \"$comment\"; }" && ipv6_error=0
+ nft4 add rule inet "$nftTable" "${nftPrefix}_prerouting" ether saddr "@${nftset4}" goto "${nftPrefix}_mark_${mark}" && ipv4_error=0
+ nft6 add rule inet "$nftTable" "${nftPrefix}_prerouting" ether saddr "@${nftset6}" goto "${nftPrefix}_mark_${mark}" && ipv6_error=0
+ ;;
+ esac
+ ;;
+ delete|destroy)
+ nft_call delete set inet "$nftTable" "$nftset4" && ipv4_error=0
+ nft_call delete set inet "$nftTable" "$nftset6" && ipv6_error=0
+ ;;
+ delete_user_set)
+ nft_call delete set inet "$nftTable" "$nftset4" && ipv4_error=0
+ nft_call delete set inet "$nftTable" "$nftset6" && ipv6_error=0
+ case "$type" in
+ ip|net)
+ case "$target" in
+ dst)
+ nft_call delete rule inet "$nftTable" "${nftPrefix}_prerouting" "$nftIPv4Flag" daddr "@${nftset4}" goto "${nftPrefix}_mark_${mark}" && ipv4_error=0
+ nft_call delete rule inet "$nftTable" "${nftPrefix}_prerouting" "$nftIPv6Flag" daddr "@${nftset6}" goto "${nftPrefix}_mark_${mark}" && ipv6_error=0
+ ;;
+ src)
+ nft_call delete rule inet "$nftTable" "${nftPrefix}_prerouting" "$nftIPv4Flag" saddr "@${nftset4}" goto "${nftPrefix}_mark_${mark}" && ipv4_error=0
+ nft_call delete rule inet "$nftTable" "${nftPrefix}_prerouting" "$nftIPv6Flag" saddr "@${nftset6}" goto "${nftPrefix}_mark_${mark}" && ipv6_error=0
+ ;;
+ esac
+ ;;
+ mac)
+ nft_call delete rule inet "$nftTable" "${nftPrefix}_prerouting" ether saddr "@${nftset4}" goto "${nftPrefix}_mark_${mark}" && ipv4_error=0
+ nft_call delete rule inet "$nftTable" "${nftPrefix}_prerouting" ether saddr "@${nftset6}" goto "${nftPrefix}_mark_${mark}" && ipv6_error=0
+ ;;
+ esac
+ ;;
+ flush|flush_user_set)
+ nft_call flush set inet "$nftTable" "$nftset4" && ipv4_error=0
+ nft_call flush set inet "$nftTable" "$nftset6" && ipv6_error=0
+ ;;
+ esac
+# nft6 returns true if IPv6 support is not enabled
+ [ -z "$ipv6_enabled" ] && ipv6_error='1'
+ if [ "$ipv4_error" -eq '0' ] || [ "$ipv6_error" -eq '0' ]; then
+ return 0
+ else
+ return 1
+ fi
+}
+
+cleanup_rt_tables() {
+ local i
+# shellcheck disable=SC2013
+ for i in $(grep -oh "${ipTablePrefix}_.*" $rtTablesFile); do
+ ! is_netifd_table "$i" && sed -i "/${i}/d" "$rtTablesFile"
+ done
+ sync
+}
+
+cleanup_main_chains() {
+ local i j
+ for i in $chainsList dstnat_lan; do
+ i="$(str_to_lower "$i")"
+ nft_call flush chain inet "$nftTable" "${nftPrefix}_${i}"
+ done
+ for i in $chainsList; do
+ i="$(str_to_upper "$i")"
+ ipt -t mangle -D "${i}" -m mark --mark "0x0/${fw_mask}" -j "${iptPrefix}_${i}"
+ ipt -t mangle -F "${iptPrefix}_${i}"
+ ipt -t mangle -X "${iptPrefix}_${i}"
+ done
+ ipt -t nat -F "${iptPrefix}_PREROUTING"
+ ipt -t nat -X "${iptPrefix}_PREROUTING"
+}
+
+cleanup_marking_chains() {
+ local i j
+ for i in $(get_mark_nft_chains); do
+ nft_call flush chain inet "$nftTable" "$i"
+ nft_call delete chain inet "$nftTable" "$i"
+ done
+ for i in $(get_mark_ipt_chains); do
+ ipt -t mangle -F "$i"
+ ipt -t mangle -X "$i"
+ done
+}
+
+cleanup_sets() {
+ local i
+ for i in $(get_nft_sets); do
+ nft_call flush set inet "$nftTable" "$i"
+ nft_call delete set inet "$nftTable" "$i"
+ done
+ for i in $(get_ipsets); do
+ ipset -q -! flush "$i" >/dev/null 2>&1
+ ipset -q -! destroy "$i" >/dev/null 2>&1
+ done
+}
+
+state() {
+ local action="$1" param="$2" value="${3//#/_}"
+ shift 3
+# shellcheck disable=SC2124
+ local extras="$@"
+ local line error_id error_extra label
+ case "$action" in
+ add)
+ line="$(eval echo "\$$param")"
+ eval "$param"='${line:+$line#}${value}${extras:+ $extras}'
+ ;;
+ json)
+ json_init
+ json_add_object "$packageName"
+ case "$param" in
+ errorSummary)
+ json_add_array 'errors';;
+ warningSummary)
+ json_add_array 'warnings';;
+ esac
+ if [ -n "$(eval echo "\$$param")" ]; then
+ while read -r line; do
+ if str_contains "$line" ' '; then
+ error_id="${line% *}"
+ error_extra="${line#* }"
+ else
+ error_id="$line"
+ fi
+ json_add_object
+ json_add_string 'id' "$error_id"
+ json_add_string 'extra' "$error_extra"
+ json_close_object
+ done <<EOF
+$(eval echo "\$$param" | tr \# \\n)
+EOF
+ fi
+ json_close_array
+ json_close_object
+ json_dump
+ ;;
+ print)
+ [ -z "$(eval echo "\$$param")" ] && return 0
+ case "$param" in
+ errorSummary)
+ label="${_ERROR_}:";;
+ warningSummary)
+ label="${_WARNING_}:";;
+ esac
+ while read -r line; do
+ if str_contains "$line" ' '; then
+ error_id="${line% *}"
+ error_extra="${line#* }"
+ printf "%b $(get_text "$error_id")\\n" "$label" "$error_extra"
+ else
+ error_id="$line"
+ printf "%b $(get_text "$error_id")\\n" "$label"
+ fi
+ done <<EOF
+$(eval echo "\$$param" | tr \# \\n)
+EOF
+ ;;
+ set)
+ eval "$param"='${value}${extras:+ $extras}'
+ ;;
+ esac
+}
+
+_resolver_dnsmasq_confdir() {
+ local cfg="$1"
+ local confdir
+ [ -z "$(uci_get 'dhcp' "$cfg")" ] && return 1;
+ config_get confdir "$1" 'confdir'
+ if [ -z "$confdir" ] && [ "$resolver_instance" != "*" ]; then
+ state add 'warningSummary' 'warningDnsmasqInstanceNoConfdir' "$cfg"
+ fi
+ if [ -n "$confdir" ] && ! str_contains "$dnsmasqFileList" "$confdir"; then
+ dnsmasqFile="${confdir}/${packageName}"
+ dnsmasqFileList="${dnsmasqFileList:+$dnsmasqFileList }${dnsmasqFile}"
+ fi
+}
+
+resolver() {
+ local agh_version
+ local param="$1"
+ shift
+
+ if [ "$param" = 'cleanup_all' ]; then
+ sed -i "/ipset_file: ${aghIpsetFile}/d" "$aghConfigFile" >/dev/null 2>&1
+ rm -f "$aghIpsetFile"
+ local dfl
+ for dfl in $dnsmasqFileList; do
+ rm -f "$dfl"
+ done
+ return 0
+ fi
+
+ case "$resolver_set" in
+ ''|none)
+ case "$param" in
+ add_resolver_element) return 1;;
+ create_resolver_set) return 1;;
+ check_support) return 0;;
+ cleanup) return 0;;
+ configure) return 0;;
+ init) return 0;;
+ init_end) return 0;;
+ kill) return 0;;
+ reload) return 0;;
+ restart) return 0;;
+ compare_hash) return 0;;
+ store_hash) return 0;;
+ esac
+ ;;
+ adguardhome.ipset)
+ case "$param" in
+ add_resolver_element)
+ [ -n "$resolver_set_supported" ] && ips 'add_agh_element' "$@";;
+ create_resolver_set)
+ [ -n "$resolver_set_supported" ] && ips 'create_agh_set' "$@";;
+ check_support)
+ if [ ! -x "$ipset" ]; then
+ state add 'errorSummary' 'errorNoIpset'
+ return 1
+ fi
+ if [ -n "$agh" ] && [ -s "$aghConfigFile" ]; then
+ agh_version="$($agh --version | sed 's|AdGuard Home, version v\(.*\)|\1|' | sed 's|-.*||')"
+ if is_greater_or_equal "$agh_version" '0.107.13'; then
+ resolver_set_supported='true'
+ return 0
+ else
+ state add 'warningSummary' 'warningAGHVersionTooLow' "$agh_version"
+ return 1
+ fi
+ else
+ state add 'warningSummary' 'warningResolverNotSupported'
+ return 1
+ fi
+ ;;
+ cleanup)
+ [ -z "$resolver_set_supported" ] && return 0
+ rm -f "$aghIpsetFile"
+ sed -i "/ipset_file: ${aghIpsetFile}/d" "$aghConfigFile" >/dev/null 2>&1
+ ;;
+ configure)
+ [ -z "$resolver_set_supported" ] && return 1
+ mkdir -p "${aghIpsetFile%/*}"
+ touch "$aghIpsetFile"
+ sed -i '/ipset_file/d' "$aghConfigFile" >/dev/null 2>&1
+ sed -i "/ ipset:/a \ \ ipset_file: $aghIpsetFile" "$aghConfigFile"
+ ;;
+ init) :;;
+ init_end) :;;
+ kill)
+ [ -n "$resolver_set_supported" ] && [ -n "$agh" ] && killall -q -s HUP "$agh";;
+ reload)
+ [ -z "$resolver_set_supported" ] && return 1
+ output 3 'Reloading adguardhome '
+ if /etc/init.d/adguardhome reload >/dev/null 2>&1; then
+ output_okn
+ return 0
+ else
+ output_failn
+ return 1
+ fi
+ ;;
+ restart)
+ [ -z "$resolver_set_supported" ] && return 1
+ output 3 'Restarting adguardhome '
+ if /etc/init.d/adguardhome restart >/dev/null 2>&1; then
+ output_okn
+ return 0
+ else
+ output_failn
+ return 1
+ fi
+ ;;
+ compare_hash)
+ [ -z "$resolver_set_supported" ] && return 1
+ local resolverNewHash
+ if [ -s "$aghIpsetFile" ]; then
+ resolverNewHash="$(md5sum "$aghIpsetFile" | awk '{ print $1; }')"
+ fi
+ [ "$resolverNewHash" != "$resolverStoredHash" ]
+ ;;
+ store_hash)
+ [ -s "$aghIpsetFile" ] && resolverStoredHash="$(md5sum "$aghIpsetFile" | awk '{ print $1; }')";;
+ esac
+ ;;
+ dnsmasq.ipset)
+ case "$param" in
+ add_resolver_element)
+ [ -n "$resolver_set_supported" ] && ips 'add_dnsmasq_element' "$@";;
+ create_resolver_set)
+ [ -n "$resolver_set_supported" ] && ips 'create_dnsmasq_set' "$@";;
+ check_support)
+ if [ ! -x "$ipset" ]; then
+ state add 'errorSummary' 'errorNoIpset'
+ return 1
+ fi
+ if ! dnsmasq -v 2>/dev/null | grep -q 'no-ipset' && dnsmasq -v 2>/dev/null | grep -q 'ipset'; then
+ resolver_set_supported='true'
+ return 0
+ else
+ state add 'warningSummary' 'warningResolverNotSupported'
+ return 1
+ fi
+ ;;
+ cleanup)
+ if [ -n "$resolver_set_supported" ]; then
+ local dfl
+ for dfl in $dnsmasqFileList; do
+ rm -f "$dfl"
+ done
+ fi
+ ;;
+ configure)
+ if [ -n "$resolver_set_supported" ]; then
+ local dfl
+ for dfl in $dnsmasqFileList; do
+ mkdir -p "${dfl%/*}"
+ chmod -R 660 "${dfl%/*}"
+ chown -R root:dnsmasq "${dfl%/*}"
+ touch "$dfl"
+ chmod 660 "$dfl"
+ chown root:dnsmasq "$dfl"
+ done
+ fi
+ ;;
+ configure_instances)
+ config_load 'dhcp'
+ if [ "$resolver_instance" = "*" ]; then
+ config_foreach _resolver_dnsmasq_confdir 'dnsmasq'
+ dnsmasqFile="${dnsmasqFile:-$dnsmasqFileDefault}"
+ str_contains "$dnsmasqFileList" "$dnsmasqFileDefault" || \
+ dnsmasqFileList="${dnsmasqFileList:+$dnsmasqFileList }${dnsmasqFileDefault}"
+ else
+ for i in $resolver_instance; do
+ _resolver_dnsmasq_confdir "@dnsmasq[$i]" \
+ || _resolver_dnsmasq_confdir "$i"
+ done
+ dnsmasqFile="${dnsmasqFile:-$dnsmasqFileDefault}"
+ str_contains "$dnsmasqFileList" "$dnsmasqFileDefault" || \
+ dnsmasqFileList="${dnsmasqFileList:-$dnsmasqFileDefault}"
+ fi
+ ;;
+ init) :;;
+ init_end) :;;
+ kill)
+ [ -n "$resolver_set_supported" ] && killall -q -s HUP dnsmasq;;
+ reload)
+ [ -z "$resolver_set_supported" ] && return 1
+ output 3 'Reloading dnsmasq '
+ if /etc/init.d/dnsmasq reload >/dev/null 2>&1; then
+ output_okn
+ return 0
+ else
+ output_failn
+ return 1
+ fi
+ ;;
+ restart)
+ [ -z "$resolver_set_supported" ] && return 1
+ output 3 'Restarting dnsmasq '
+ if /etc/init.d/dnsmasq restart >/dev/null 2>&1; then
+ output_okn
+ return 0
+ else
+ output_failn
+ return 1
+ fi
+ ;;
+ compare_hash)
+ [ -z "$resolver_set_supported" ] && return 1
+ local resolverNewHash
+ if [ -s "$dnsmasqFile" ]; then
+ resolverNewHash="$(md5sum "$dnsmasqFile" | awk '{ print $1; }')"
+ fi
+ [ "$resolverNewHash" != "$resolverStoredHash" ]
+ ;;
+ store_hash)
+ [ -s "$dnsmasqFile" ] && resolverStoredHash="$(md5sum "$dnsmasqFile" | awk '{ print $1; }')";;
+ esac
+ ;;
+ dnsmasq.nftset)
+ case "$param" in
+ add_resolver_element)
+ [ -n "$resolver_set_supported" ] && nftset 'add_dnsmasq_element' "$@";;
+ create_resolver_set)
+ [ -n "$resolver_set_supported" ] && nftset 'create_dnsmasq_set' "$@";;
+ check_support)
+ if [ ! -x "$nft" ]; then
+ state add 'errorSummary' 'errorNoNft'
+ return 1
+ fi
+ if ! dnsmasq -v 2>/dev/null | grep -q 'no-nftset' && dnsmasq -v 2>/dev/null | grep -q 'nftset'; then
+ resolver_set_supported='true'
+ return 0
+ else
+ state add 'warningSummary' 'warningResolverNotSupported'
+ return 1
+ fi
+ ;;
+ cleanup)
+ if [ -n "$resolver_set_supported" ]; then
+ local dfl
+ for dfl in $dnsmasqFileList; do
+ rm -f "$dfl"
+ done
+ fi
+ ;;
+ configure)
+ if [ -n "$resolver_set_supported" ]; then
+ local dfl
+ for dfl in $dnsmasqFileList; do
+ mkdir -p "${dfl%/*}"
+ chmod -R 660 "${dfl%/*}"
+ chown -R root:dnsmasq "${dfl%/*}"
+ touch "$dfl"
+ chmod 660 "$dfl"
+ chown root:dnsmasq "$dfl"
+ done
+ fi
+ ;;
+ configure_instances)
+ config_load 'dhcp'
+ if [ "$resolver_instance" = "*" ]; then
+ config_foreach _resolver_dnsmasq_confdir 'dnsmasq'
+ dnsmasqFile="${dnsmasqFile:-$dnsmasqFileDefault}"
+ str_contains "$dnsmasqFileList" "$dnsmasqFileDefault" || \
+ dnsmasqFileList="${dnsmasqFileList:+$dnsmasqFileList }${dnsmasqFileDefault}"
+ else
+ for i in $resolver_instance; do
+ _resolver_dnsmasq_confdir "@dnsmasq[$i]" \
+ || _resolver_dnsmasq_confdir "$i"
+ done
+ dnsmasqFile="${dnsmasqFile:-$dnsmasqFileDefault}"
+ str_contains "$dnsmasqFileList" "$dnsmasqFileDefault" || \
+ dnsmasqFileList="${dnsmasqFileList:-$dnsmasqFileDefault}"
+ fi
+ ;;
+ init) :;;
+ init_end) :;;
+ kill)
+ [ -n "$resolver_set_supported" ] && killall -q -s HUP dnsmasq;;
+ reload)
+ [ -z "$resolver_set_supported" ] && return 1
+ output 3 'Reloading dnsmasq '
+ if /etc/init.d/dnsmasq reload >/dev/null 2>&1; then
+ output_okn
+ return 0
+ else
+ output_failn
+ return 1
+ fi
+ ;;
+ restart)
+ [ -z "$resolver_set_supported" ] && return 1
+ output 3 'Restarting dnsmasq '
+ if /etc/init.d/dnsmasq restart >/dev/null 2>&1; then
+ output_okn
+ return 0
+ else
+ output_failn
+ return 1
+ fi
+ ;;
+ compare_hash)
+ [ -z "$resolver_set_supported" ] && return 1
+ local resolverNewHash
+ if [ -s "$dnsmasqFile" ]; then
+ resolverNewHash="$(md5sum "$dnsmasqFile" | awk '{ print $1; }')"
+ fi
+ [ "$resolverNewHash" != "$resolverStoredHash" ]
+ ;;
+ store_hash)
+ [ -s "$dnsmasqFile" ] && resolverStoredHash="$(md5sum "$dnsmasqFile" | awk '{ print $1; }')";;
+ esac
+ ;;
+ unbound.ipset)
+ case "$param" in
+ add_resolver_element) :;;
+ create_resolver_set) :;;
+ check_support) :;;
+ cleanup) :;;
+ configure) :;;
+ init) :;;
+ init_end) :;;
+ kill) :;;
+ reload) :;;
+ restart) :;;
+ compare_hash) :;;
+ store_hash) :;;
+ esac
+ ;;
+ unbound.nftset)
+ case "$param" in
+ add_resolver_element) :;;
+ create_resolver_set) :;;
+ check_support) :;;
+ cleanup) :;;
+ configure) :;;
+ init) :;;
+ init_end) :;;
+ kill) :;;
+ reload) :;;
+ restart) :;;
+ compare_hash) :;;
+ store_hash) :;;
+ esac
+ ;;
+ esac
+}
+
+trap_process() {
+ output "\\n"
+ output "Unexpected exit or service termination: '${1}'!\\n"
+ state add 'errorSummary' 'errorUnexpectedExit' "$1"
+ traffic_killswitch 'remove'
+}
+
+traffic_killswitch() {
+ local s=0
+ case "$1" in
+ insert)
+ local lan_subnet wan_device wan6_device
+ [ -n "$secure_reload" ] || return 0
+ nft_file 'enabled' && return 0
+ for i in $serviceTrapSignals; do
+# shellcheck disable=SC2064
+ trap "trap_process $i" "$i"
+ done
+ output 3 'Activating traffic killswitch '
+ network_get_subnet lan_subnet "${procd_lan_interface:-lan}"
+ network_get_physdev wan_device "${wanIface4:-wan}"
+ network_get_physdev wan6_device "${wanIface6:-wan6}"
+ if is_nft_mode; then
+ nft_call add chain inet "$nftTable" "${nftPrefix}_killswitch" '{ type filter hook forward priority 0; policy accept; }' || s=1
+ nft_call add rule inet "$nftTable" "${nftPrefix}_killswitch" oifname "$wan_device" "$nftIPv4Flag" saddr "$lan_subnet" counter reject || s=1
+ nft_call add rule inet "$nftTable" "${nftPrefix}_killswitch" oifname "$wan6_device" "$nftIPv6Flag" saddr "$lan_subnet" counter reject
+ else
+ ipt -N "${iptPrefix}_KILLSWITCH" || s=1
+ ipt -A "${iptPrefix}_KILLSWITCH" -s "$lan_subnet" -o "$wan_device" -j REJECT || s=1
+ ipt -A "${iptPrefix}_KILLSWITCH" -s "$lan_subnet" -o "$wan6_device" -j REJECT
+ ipt -I FORWARD -j "${iptPrefix}_KILLSWITCH" || s=1
+ fi
+ if [ "$s" -eq '0' ]; then
+ output_okn
+ else
+ output_failn
+ fi
+ ;;
+ remove)
+ if [ -n "$secure_reload" ] && ! nft_file 'enabled'; then
+ output 3 'Deactivating traffic killswitch '
+ fi
+ if is_nft_mode; then
+ nft_call flush chain inet "$nftTable" "${nftPrefix}_killswitch" || s=1
+ nft_call delete chain inet "$nftTable" "${nftPrefix}_killswitch" || s=1
+ else
+ ipt -D FORWARD -j "${iptPrefix}_KILLSWITCH" || s=1
+ ipt -F "${iptPrefix}_KILLSWITCH" || s=1
+ ipt -X "${iptPrefix}_KILLSWITCH" || s=1
+ fi
+ if [ -n "$secure_reload" ] && ! nft_file 'enabled'; then
+ if [ "$s" -eq '0' ]; then
+ output_okn
+ else
+ output_failn
+ fi
+ fi
+# shellcheck disable=SC2086
+ trap - $serviceTrapSignals
+ ;;
+ esac
+}
+
+# original idea by @egc112: https://github.com/egc112/OpenWRT-egc-add-on/tree/main/stop-dns-leak
+dns_policy_routing() { if is_nft_mode; then dns_policy_routing_nft "$@"; else dns_policy_routing_iptables "$@"; fi; }
+dns_policy_routing_iptables() {
+ local mark param4 param6 i negation value dest4 dest6 ipInsertOption="-A"
+ local ip4error='1' ip6error='1' iface='dns'
+ local name="$1" src_addr="$2" dest_dns="$3" uid="$4"
+ local proto='tcp udp' chain='PREROUTING'
+
+ if [ -n "$ipv6_enabled" ] && { is_ipv6 "$src_addr" || is_ipv6 "$dest_dns"; }; then
+ processPolicyError='true'
+ state add 'errorSummary' 'errorPolicyProcessNoIpv6' "$name"
+ return 1
+ fi
+
+ if is_family_mismatch "$src_addr" "$dest_dns"; then
+ processPolicyError='true'
+ state add 'errorSummary' 'errorPolicyProcessMismatchFamily' "${name}: '${src_addr}' '${dest_dns}'"
+ return 1
+ fi
+
+ if is_supported_interface "$dest_dns"; then
+ local d
+ for d in $(uci -q get network."$dest_dns".dns); do
+ if ! is_family_mismatch "$src_addr" "$d"; then
+ if is_ipv4 "$d"; then
+ dest_dns4="${dest_dns4:-$d}"
+ elif is_ipv6 "$d"; then
+ dest_dns6="${dest_dns6:-$d}"
+ fi
+ fi
+ done
+ else
+ dest_dns4="$dest_dns"
+ dest_dns6="$dest_dns"
+ fi
+
+ if [ -z "${dest_dns4}${dest_dns6}" ]; then
+ processPolicyError='true'
+ state add 'errorSummary' 'errorPolicyProcessNoInterfaceDns' "'$dest_dns'"
+ return 1
+ fi
+
+ dest4="--dport 53 -j DNAT --to $dest_dns4"
+ dest6="--dport 53 -j DNAT --to $dest_dns6"
+
+ for i in $proto; do
+ param4="-t nat ${ipInsertOption} ${iptPrefix}_${chain} ${dest4} -p $i"
+ param6="-t nat ${ipInsertOption} ${iptPrefix}_${chain} ${dest6} -p $i"
+ if [ -n "$src_addr" ]; then
+ if [ "${src_addr:0:1}" = "!" ]; then
+ negation='!'; value="${src_addr:1}"
+ else
+ unset negation; value="$src_addr";
+ fi
+ if is_phys_dev "$value"; then
+ param4="$param4 ${negation:+$negation }-m physdev --physdev-in ${value:1}"
+ param6="$param6 ${negation:+$negation }-m physdev --physdev-in ${value:1}"
+ elif is_ipv4_netmask "$value"; then
+ local target='src' type='net'
+ if ips 'create' "$iface" "$target" "$type" "$uid" "${name}: $src_addr" && \
+ ips 'add' "$iface" "$target" "$type" "$uid" "${name}: $src_addr" "$value"; then
+ param4="$param4 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_4_${target}_${type}_${uid} $target"
+ param6="$param6 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_6_${target}_${type}_${uid} $target"
+ else
+ param4="$param4 ${negation:+$negation }-s $value"
+ param6="$param6 ${negation:+$negation }-s $value"
+ fi
+ elif is_mac_address "$value"; then
+ local target='src' type='mac'
+ if ips 'create' "$iface" "$target" "$type" "$uid" "${name}: $src_addr" && \
+ ips 'add' "$iface" "$target" "$type" "$uid" "${name}: $src_addr" "$value"; then
+ param4="$param4 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_4_${target}_${type}_${uid} $target"
+ param6="$param6 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_6_${target}_${type}_${uid} $target"
+ else
+ param4="$param4 -m mac ${negation:+$negation }--mac-source $value"
+ param6="$param6 -m mac ${negation:+$negation }--mac-source $value"
+ fi
+ else
+ local target='src' type='ip'
+ if ips 'create' "$iface" "$target" "$type" "$uid" "${name}: $src_addr" && \
+ ips 'add' "$iface" "$target" "$type" "$uid" "${name}: $src_addr" "$value"; then
+ param4="$param4 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_4_${target}_${type}_${uid} $target"
+ param6="$param6 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_6_${target}_${type}_${uid} $target"
+ else
+ local resolvedIP4 resolvedIP6
+ resolvedIP4="$(resolveip_to_ipt4 "$value")"
+ resolvedIP6="$(resolveip_to_ipt6 "$value")"
+ if [ -z "$resolvedIP4" ] && [ -z "$resolvedIP6" ]; then
+ state add 'errorSummary' 'errorFailedToResolve' "$value"
+ fi
+ param4="$param4 ${negation:+$negation }-s $resolvedIP4"
+ param6="$param6 ${negation:+$negation }-s $resolvedIP6"
+ fi
+ fi
+ fi
+
+ if [ -n "$name" ]; then
+ param4="$param4 -m comment --comment $(str_extras_to_underscore "$name")"
+ param6="$param6 -m comment --comment $(str_extras_to_underscore "$name")"
+ fi
+
+ local ipv4_error='0' ipv6_error='0'
+ if [ "$param4" = "$param6" ]; then
+ ipt4 "$param4" || ipv4_error='1'
+ else
+ ipt4 "$param4" || ipv4_error='1'
+ ipt6 "$param6" || ipv6_error='1'
+ fi
+
+ if [ -n "$ipv6_enabled" ] && [ "$ipv4_error" -eq '1' ] && [ "$ipv6_error" -eq '1' ]; then
+ processPolicyError='true'
+ state add 'errorSummary' 'errorPolicyProcessInsertionFailed' "$name"
+ state add 'errorSummary' 'errorPolicyProcessCMD' "iptables $param4"
+ state add 'errorSummary' 'errorPolicyProcessCMD' "iptables $param6"
+ logger -t "$packageName" "ERROR: iptables $param4"
+ logger -t "$packageName" "ERROR: iptables $param6"
+ elif [ -z "$ipv6_enabled" ] && [ "$ipv4_error" -eq '1' ]; then
+ processPolicyError='true'
+ state add 'errorSummary' 'errorPolicyProcessInsertionFailedIpv4' "$name"
+ state add 'errorSummary' 'errorPolicyProcessCMD' "iptables $param4"
+ logger -t "$packageName" "ERROR: iptables $param4"
+ fi
+
+ done
+}
+dns_policy_routing_nft() {
+ local mark i nftInsertOption='add'
+ local param4 param6 proto_i negation value dest4 dest6 dest_dns4 dest_dns6
+ local name="$1" src_addr="$2" dest_dns="$3" uid="$4"
+ local proto='tcp udp' chain='dstnat_lan' iface='dns'
+
+ if [ -z "$ipv6_enabled" ] && { is_ipv6 "$src_addr" || is_ipv6 "$dest_dns"; }; then
+ processPolicyError='true'
+ state add 'errorSummary' 'errorPolicyProcessNoIpv6' "$name"
+ return 1
+ fi
+
+ if is_family_mismatch "$src_addr" "$dest_dns"; then
+ processPolicyError='true'
+ state add 'errorSummary' 'errorPolicyProcessMismatchFamily' "${name}: '$src_addr' '$dest_dns'"
+ return 1
+ fi
+
+ if is_supported_interface "$dest_dns"; then
+ local d
+ for d in $(uci -q get network."$dest_dns".dns); do
+ if ! is_family_mismatch "$src_addr" "$d"; then
+ if is_ipv4 "$d"; then
+ dest_dns4="${dest_dns4:-$d}"
+ elif is_ipv6 "$d"; then
+ dest_dns6="${dest_dns6:-$d}"
+ fi
+ fi
+ done
+ else
+ dest_dns4="$dest_dns"
+ dest_dns6="$dest_dns"
+ fi
+
+ if [ -z "${dest_dns4}${dest_dns6}" ]; then
+ processPolicyError='true'
+ state add 'errorSummary' 'errorPolicyProcessNoInterfaceDns' "'$dest_dns'"
+ return 1
+ fi
+
+ dest4="dport 53 counter dnat ip to $dest_dns4"
+ dest6="dport 53 counter dnat ip to $dest_dns6"
+
+ for proto_i in $proto; do
+ unset param4
+ unset param6
+
+ if [ -n "$src_addr" ]; then
+ if [ "${src_addr:0:1}" = "!" ]; then
+ negation='!='; value="${src_addr:1}"
+ else
+ unset negation; value="$src_addr";
+ fi
+ if is_phys_dev "$value"; then
+ param4="${param4:+$param4 }iifname ${negation:+$negation }${value:1}"
+ param6="${param6:+$param6 }iifname ${negation:+$negation }${value:1}"
+ elif is_mac_address "$value"; then
+ local target='src' type='mac'
+ if nftset 'create' "$iface" "$target" "$type" "$uid" "$name" && \
+ nftset 'add' "$iface" "$target" "$type" "$uid" "$name" "$value"; then
+ param4="${param4:+$param4 }ether saddr ${negation:+$negation }@${nftPrefix}_${iface}_4_${target}_${type}_${uid}"
+ param6="${param6:+$param6 }ether saddr ${negation:+$negation }@${nftPrefix}_${iface}_6_${target}_${type}_${uid}"
+ else
+ param4="${param4:+$param4 }ether saddr ${negation:+$negation }${value}"
+ param6="${param6:+$param6 }ether saddr ${negation:+$negation }${value}"
+ fi
+ else
+ local target='src' type='ip'
+ if nftset 'create' "$iface" "$target" "$type" "$uid" "$name" && \
+ nftset 'add' "$iface" "$target" "$type" "$uid" "$name" "$value"; then
+ param4="${param4:+$param4 }${nftIPv4Flag} saddr ${negation:+$negation }@${nftPrefix}_${iface}_4_${target}_${type}_${uid}"
+ param6="${param6:+$param6 }${nftIPv6Flag} saddr ${negation:+$negation }@${nftPrefix}_${iface}_6_${target}_${type}_${uid}"
+ else
+ param4="${param4:+$param4 }${nftIPv4Flag} saddr ${negation:+$negation }${value}"
+ param6="${param6:+$param6 }${nftIPv6Flag} saddr ${negation:+$negation }${value}"
+ fi
+ fi
+ fi
+
+ param4="$nftInsertOption rule inet ${nftTable} ${nftPrefix}_${chain} ${param4} ${proto_i:+$proto_i }${dest4} comment \"$name\""
+ param6="$nftInsertOption rule inet ${nftTable} ${nftPrefix}_${chain} ${param6} ${proto_i:+$proto_i }${dest6} comment \"$name\""
+ local ipv4_error='0' ipv6_error='0'
+ if [ "$policy_routing_nft_prev_param4" != "$param4" ]; then
+ nft4 "$param4" || ipv4_error='1'
+ policy_routing_nft_prev_param4="$param4"
+ fi
+ if [ "$policy_routing_nft_prev_param6" != "$param6" ] && \
+ [ "$param4" != "$param6" ]; then
+ nft6 "$param6" || ipv6_error='1'
+ policy_routing_nft_prev_param6="$param6"
+ fi
+ if [ -n "$ipv6_enabled" ] && [ "$ipv4_error" -eq '1' ] && [ "$ipv6_error" -eq '1' ]; then
+ processPolicyError='true'
+ state add 'errorSummary' 'errorPolicyProcessInsertionFailed' "$name"
+ state add 'errorSummary' 'errorPolicyProcessCMD' "nft $param4"
+ state add 'errorSummary' 'errorPolicyProcessCMD' "nft $param6"
+ logger -t "$packageName" "ERROR: nft $param4"
+ logger -t "$packageName" "ERROR: nft $param6"
+ elif [ -z "$ipv6_enabled" ] && [ "$ipv4_error" -eq '1' ]; then
+ processPolicyError='true'
+ state add 'errorSummary' 'errorPolicyProcessInsertionFailedIpv4' "$name"
+ state add 'errorSummary' 'errorPolicyProcessCMD' "nft $param4"
+ logger -t "$packageName" "ERROR: nft $param4"
+ fi
+ done
+}
+
+dns_policy_process() {
+ local i j uid="$4"
+ if [ -z "$uid" ]; then # first call
+ [ "$enabled" -gt '0' ] || return 0
+ unset processDnsPolicyError
+ uid="$1"
+ output 2 "Routing '$name' DNS to $dest_dns "
+ if [ -z "${src_addr}" ]; then
+ state add 'errorSummary' 'errorPolicyNoSrcDest' "$name"
+ output_fail; return 1;
+ fi
+ if [ -z "$dest_dns" ]; then
+ state add 'errorSummary' 'errorPolicyNoDns' "$name"
+ output_fail; return 1;
+ fi
+ dns_policy_process "$name" "$src_addr" "$dest_dns" "$uid"
+ if [ -n "$processPolicyError" ]; then
+ output_fail
+ else
+ output_ok
+ fi
+ else # recursive call, get options from passed variables
+ local name="$1" src_addr="$2" dest_dns="$3"
+ if str_contains "$src_addr" '[ ;\{\}]'; then
+ for i in $(str_extras_to_space "$src_addr"); do [ -n "$i" ] && dns_policy_process "$name" "$i" "$dest_dns" "$uid"; done
+ elif str_contains "$dest_dns" '[ ;\{\}]'; then
+ for i in $(str_extras_to_space "$dest_dns"); do [ -n "$i" ] && dns_policy_process "$name" "$src_addr" "$i" "$uid"; done
+ else
+ if is_url "$src_addr"; then
+ src_addr="$(process_url "$src_addr")"
+ [ -n "$src_addr" ] && dns_policy_process "$name" "$src_addr" "$dest_dns" "$uid"
+ else
+ # if only src_addr is set add option 121 to dhcp leases?
+ dns_policy_routing "$name" "$src_addr" "$dest_dns" "$uid"
+ fi
+ fi
+ fi
+}
+
+policy_routing() { if is_nft_mode; then policy_routing_nft "$@"; else policy_routing_iptables "$@"; fi; }
+policy_routing_iptables() {
+ local mark param4 param6 i negation value dest4 dest6 ipInsertOption="-A"
+ local ip4error='1' ip6error='1'
+ local name="$1" iface="$2" laddr="$3" lport="$4" raddr="$5" rport="$6" proto chain uid="$9"
+ proto="$(str_to_lower "$7")"
+ chain="$(str_to_upper "$8")"
+ chain="${chain:-PREROUTING}"
+ mark=$(eval echo "\$mark_${iface//-/_}")
+
+ if [ -n "$ipv6_enabled" ] && { is_ipv6 "$laddr" || is_ipv6 "$raddr"; }; then
+ processPolicyError='true'
+ state add 'errorSummary' 'errorPolicyProcessNoIpv6' "$name"
+ return 1
+ fi
+
+ if is_tor "$iface"; then
+ return 1
+ elif is_xray "$iface"; then
+ unset rport
+ [ -z "$lport" ] && lport='0-52,54-65535'
+ proto='tcp udp'
+ dest4="-j TPROXY --on-ip 0.0.0.0 --on-port $(get_xray_traffic_port "$iface")"
+ dest6="-j TPROXY --on-ip :: --on-port $(get_xray_traffic_port "$iface")"
+ elif [ -n "$mark" ]; then
+ dest4="-g ${iptPrefix}_MARK_${mark}"
+ dest6="-g ${iptPrefix}_MARK_${mark}"
+ elif [ "$iface" = "ignore" ]; then
+ dest4="-j RETURN"
+ dest6="-j RETURN"
+ else
+ processPolicyError='true'
+ state add 'errorSummary' 'errorPolicyProcessUnknownFwmark' "$iface"
+ return 1
+ fi
+
+ if is_family_mismatch "$laddr" "$raddr"; then
+ processPolicyError='true'
+ state add 'errorSummary' 'errorPolicyProcessMismatchFamily' "${name}: '$laddr' '$raddr'"
+ return 1
+ fi
+
+ if [ -z "$proto" ]; then
+ if [ -n "${lport}${rport}" ]; then
+ proto='tcp udp'
+ else
+ proto='all'
+ fi
+ fi
+
+ for i in $proto; do
+ if [ "$i" = 'all' ]; then
+ param4="-t mangle ${ipInsertOption} ${iptPrefix}_${chain} $dest4"
+ param6="-t mangle ${ipInsertOption} ${iptPrefix}_${chain} $dest6"
+ elif ! is_supported_protocol "$i"; then
+ processPolicyError='true'
+ state add 'errorSummary' 'errorPolicyProcessUnknownProtocol' "${name}: '$i'"
+ return 1
+ else
+ param4="-t mangle ${ipInsertOption} ${iptPrefix}_${chain} $dest4 -p $i"
+ param6="-t mangle ${ipInsertOption} ${iptPrefix}_${chain} $dest6 -p $i"
+ fi
+
+ if [ -n "$laddr" ]; then
+ if [ "${laddr:0:1}" = "!" ]; then
+ negation='!'; value="${laddr:1}"
+ else
+ unset negation; value="$laddr";
+ fi
+ if is_phys_dev "$value"; then
+ param4="$param4 ${negation:+$negation }-m physdev --physdev-in ${value:1}"
+ param6="$param6 ${negation:+$negation }-m physdev --physdev-in ${value:1}"
+ elif is_ipv4_netmask "$value"; then
+ local target='src' type='net'
+ if ips 'create' "$iface" "$target" "$type" "$uid" "${name}: $laddr" && \
+ ips 'add' "$iface" "$target" "$type" "$uid" "${name}: $laddr" "$value"; then
+ param4="$param4 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_4_${target}_${type}_${uid} $target"
+ param6="$param6 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_6_${target}_${type}_${uid} $target"
+ else
+ param4="$param4 ${negation:+$negation }-s $value"
+ param6="$param6 ${negation:+$negation }-s $value"
+ fi
+ elif is_mac_address "$value"; then
+ local target='src' type='mac'
+ if ips 'create' "$iface" "$target" "$type" "$uid" "${name}: $laddr" && \
+ ips 'add' "$iface" "$target" "$type" "$uid" "${name}: $laddr" "$value"; then
+ param4="$param4 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_4_${target}_${type}_${uid} $target"
+ param6="$param6 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_6_${target}_${type}_${uid} $target"
+ else
+ param4="$param4 -m mac ${negation:+$negation }--mac-source $value"
+ param6="$param6 -m mac ${negation:+$negation }--mac-source $value"
+ fi
+ else
+ local target='src' type='ip'
+ if ips 'create' "$iface" "$target" "$type" "$uid" "${name}: $laddr" && \
+ ips 'add' "$iface" "$target" "$type" "$uid" "${name}: $laddr" "$value"; then
+ param4="$param4 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_4_${target}_${type}_${uid} $target"
+ param6="$param6 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_6_${target}_${type}_${uid} $target"
+ else
+ local resolvedIP4 resolvedIP6
+ resolvedIP4="$(resolveip_to_ipt4 "$value")"
+ resolvedIP6="$(resolveip_to_ipt6 "$value")"
+ if [ -z "$resolvedIP4" ] && [ -z "$resolvedIP6" ]; then
+ state add 'errorSummary' 'errorFailedToResolve' "$value"
+ fi
+ param4="$param4 ${negation:+$negation }-s $resolvedIP4"
+ param6="$param6 ${negation:+$negation }-s $resolvedIP6"
+ fi
+ fi
+ fi
+
+ if [ -n "$lport" ]; then
+ if [ "${lport:0:1}" = "!" ]; then
+ negation='!'; value="${lport:1}"
+ else
+ unset negation; value="$lport";
+ fi
+ param4="$param4 -m multiport ${negation:+$negation }--sport ${value//-/:}"
+ param6="$param6 -m multiport ${negation:+$negation }--sport ${value//-/:}"
+ fi
+
+ if [ -n "$raddr" ]; then
+ if [ "${raddr:0:1}" = "!" ]; then
+ negation='!'; value="${raddr:1}"
+ else
+ unset negation; value="$raddr";
+ fi
+ if is_ipv4_netmask "$value"; then
+ local target='dst' type='net'
+ if ips 'create' "$iface" "$target" "$type" "$uid" "${name}: $raddr" && \
+ ips 'add' "$iface" "$target" "$type" "$uid" "${name}: $raddr" "$value"; then
+ param4="$param4 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_4_${target}_${type}_${uid} $target"
+ param6="$param6 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_6_${target}_${type}_${uid} $target"
+ else
+ param4="$param4 ${negation:+$negation }-d ${value}"
+ param6="$param6 ${negation:+$negation }-d ${value}"
+ fi
+ elif is_domain "$value"; then
+ local target='dst' type='ip'
+ if resolver 'create_resolver_set' "$iface" "$target" "$type" "$uid" "${name}: $raddr" && \
+ resolver 'add_resolver_element' "$iface" "$target" "$type" "$uid" "${name}: $raddr" "$value"; then
+ param4="$param4 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_4_${target}_${type}_${uid} $target"
+ param6="$param6 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_6_${target}_${type}_${uid} $target"
+ elif ips 'create' "$iface" "$target" "$type" "$uid" "${name}: $raddr" && \
+ ips 'add' "$iface" "$target" "$type" "$uid" "${name}: $raddr" "$value"; then
+ param4="$param4 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_4_${target}_${type}_${uid} $target"
+ param6="$param6 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_6_${target}_${type}_${uid} $target"
+ else
+ local resolvedIP4 resolvedIP6
+ resolvedIP4="$(resolveip_to_ipt4 "$value")"
+ resolvedIP6="$(resolveip_to_ipt6 "$value")"
+ if [ -z "$resolvedIP4" ] && [ -z "$resolvedIP6" ]; then
+ state add 'errorSummary' 'errorFailedToResolve' "$value"
+ fi
+ param4="$param4 ${negation:+$negation }-d $resolvedIP4"
+ param6="$param6 ${negation:+$negation }-d $resolvedIP6"
+ fi
+ else
+ local target='dst' type='ip'
+ if ips 'create' "$iface" "$target" "$type" "$uid" "${name}: $raddr" && \
+ ips 'add' "$iface" "$target" "$type" "$uid" "${name}: $raddr" "$value"; then
+ param4="$param4 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_4_${target}_${type}_${uid} $target"
+ param6="$param6 -m set ${negation:+$negation }--match-set ${ipsPrefix}_${iface}_6_${target}_${type}_${uid} $target"
+ else
+ param4="$param4 ${negation:+$negation }-d ${value}"
+ param6="$param6 ${negation:+$negation }-d ${value}"
+ fi
+ fi
+ fi
+
+ if [ -n "$rport" ]; then
+ if [ "${rport:0:1}" = "!" ]; then
+ negation='!'; value="${rport:1}"
+ else
+ unset negation; value="$rport";
+ fi
+ param4="$param4 -m multiport ${negation:+$negation }--dport ${value//-/:}"
+ param6="$param6 -m multiport ${negation:+$negation }--dport ${value//-/:}"
+ fi
+
+ if [ -n "$name" ]; then
+ param4="$param4 -m comment --comment $(str_extras_to_underscore "$name")"
+ param6="$param6 -m comment --comment $(str_extras_to_underscore "$name")"
+ fi
+
+ local ipv4_error='0' ipv6_error='0'
+ if [ "$param4" = "$param6" ]; then
+ ipt4 "$param4" || ipv4_error='1'
+ else
+ ipt4 "$param4" || ipv4_error='1'
+ ipt6 "$param6" || ipv6_error='1'
+ fi
+
+ if [ -n "$ipv6_enabled" ] && [ "$ipv4_error" -eq '1' ] && [ "$ipv6_error" -eq '1' ]; then
+ processPolicyError='true'
+ state add 'errorSummary' 'errorPolicyProcessInsertionFailed' "$name"
+ state add 'errorSummary' 'errorPolicyProcessCMD' "iptables $param4"
+ state add 'errorSummary' 'errorPolicyProcessCMD' "iptables $param6"
+ logger -t "$packageName" "ERROR: iptables $param4"
+ logger -t "$packageName" "ERROR: iptables $param6"
+ elif [ -z "$ipv6_enabled" ] && [ "$ipv4_error" -eq '1' ]; then
+ processPolicyError='true'
+ state add 'errorSummary' 'errorPolicyProcessInsertionFailedIpv4' "$name"
+ state add 'errorSummary' 'errorPolicyProcessCMD' "iptables $param4"
+ logger -t "$packageName" "ERROR: iptables $param4"
+ fi
+
+ done
+}
+policy_routing_nft() {
+ local mark i nftInsertOption='add'
+ local param4 param6 proto_i negation value dest4 dest6
+ local name="$1" iface="$2" src_addr="$3" src_port="$4" dest_addr="$5" dest_port="$6" proto chain uid="$9"
+ proto="$(str_to_lower "$7")"
+ chain="$(str_to_lower "$8")"
+ chain="${chain:-prerouting}"
+ mark=$(eval echo "\$mark_${iface//-/_}")
+
+ if [ -z "$ipv6_enabled" ] && { is_ipv6 "$src_addr" || is_ipv6 "$dest_addr"; }; then
+ processPolicyError='true'
+ state add 'errorSummary' 'errorPolicyProcessNoIpv6' "$name"
+ return 1
+ fi
+
+ if is_tor "$iface"; then
+ unset dest_port
+ unset proto
+ elif is_xray "$iface"; then
+ unset dest_port
+ [ -z "$src_port" ] && src_port='0-65535'
+ dest4="tproxy $nftIPv4Flag to: $(get_xray_traffic_port "$iface") accept"
+ dest6="tproxy $nftIPv6Flag to: $(get_xray_traffic_port "$iface") accept"
+ elif [ -n "$mark" ]; then
+ dest4="goto ${nftPrefix}_mark_${mark}"
+ dest6="goto ${nftPrefix}_mark_${mark}"
+ elif [ "$iface" = "ignore" ]; then
+ dest4="return"
+ dest6="return"
+ else
+ processPolicyError='true'
+ state add 'errorSummary' 'errorPolicyProcessUnknownFwmark' "$iface"
+ return 1
+ fi
+
+ if is_family_mismatch "$src_addr" "$dest_addr"; then
+ processPolicyError='true'
+ state add 'errorSummary' 'errorPolicyProcessMismatchFamily' "${name}: '$src_addr' '$dest_addr'"
+ return 1
+ fi
+
+ if [ -z "$proto" ]; then
+ if [ -n "${src_port}${dest_port}" ]; then
+ proto='tcp udp'
+ else
+ proto='all'
+ fi
+ fi
+
+ for proto_i in $proto; do
+ unset param4
+ unset param6
+ if [ "$proto_i" = 'all' ]; then
+ unset proto_i
+ elif ! is_supported_protocol "$proto_i"; then
+ processPolicyError='true'
+ state add 'errorSummary' 'errorPolicyProcessUnknownProtocol' "${name}: '$proto_i'"
+ return 1
+ fi
+
+ if [ -n "$src_addr" ]; then
+ if [ "${src_addr:0:1}" = "!" ]; then
+ negation='!='; value="${src_addr:1}"
+ else
+ unset negation; value="$src_addr";
+ fi
+ if is_phys_dev "$value"; then
+ param4="${param4:+$param4 }iifname ${negation:+$negation }${value:1}"
+ param6="${param6:+$param6 }iifname ${negation:+$negation }${value:1}"
+ elif is_mac_address "$value"; then
+ local target='src' type='mac'
+ if nftset 'create' "$iface" "$target" "$type" "$uid" "$name" && \
+ nftset 'add' "$iface" "$target" "$type" "$uid" "$name" "$value"; then
+ param4="${param4:+$param4 }ether saddr ${negation:+$negation }@${nftPrefix}_${iface}_4_${target}_${type}_${uid}"
+ param6="${param6:+$param6 }ether saddr ${negation:+$negation }@${nftPrefix}_${iface}_6_${target}_${type}_${uid}"
+ else
+ param4="${param4:+$param4 }ether saddr ${negation:+$negation }${value}"
+ param6="${param6:+$param6 }ether saddr ${negation:+$negation }${value}"
+ fi
+ else
+ local target='src' type='ip'
+ if nftset 'create' "$iface" "$target" "$type" "$uid" "$name" && \
+ nftset 'add' "$iface" "$target" "$type" "$uid" "$name" "$value"; then
+ param4="${param4:+$param4 }${nftIPv4Flag} saddr ${negation:+$negation }@${nftPrefix}_${iface}_4_${target}_${type}_${uid}"
+ param6="${param6:+$param6 }${nftIPv6Flag} saddr ${negation:+$negation }@${nftPrefix}_${iface}_6_${target}_${type}_${uid}"
+ else
+ param4="${param4:+$param4 }${nftIPv4Flag} saddr ${negation:+$negation }${value}"
+ param6="${param6:+$param6 }${nftIPv6Flag} saddr ${negation:+$negation }${value}"
+ fi
+ fi
+ fi
+
+ if [ -n "$dest_addr" ]; then
+ if [ "${dest_addr:0:1}" = "!" ]; then
+ negation='!='; value="${dest_addr:1}"
+ else
+ unset negation; value="$dest_addr";
+ fi
+ if is_phys_dev "$value"; then
+ param4="${param4:+$param4 }oifname ${negation:+$negation }${value:1}"
+ param6="${param6:+$param6 }oifname ${negation:+$negation }${value:1}"
+ elif is_domain "$value"; then
+ local target='dst' type='ip'
+ if resolver 'create_resolver_set' "$iface" "$target" "$type" "$uid" "$name" && \
+ resolver 'add_resolver_element' "$iface" "$target" "$type" "$uid" "$name" "$value"; then
+ param4="${param4:+$param4 }${nftIPv4Flag} daddr ${negation:+$negation }@${nftPrefix}_${iface}_4_${target}_${type}_${uid}"
+ param6="${param6:+$param6 }${nftIPv6Flag} daddr ${negation:+$negation }@${nftPrefix}_${iface}_6_${target}_${type}_${uid}"
+ elif nftset 'create' "$iface" "$target" "$type" "$uid" "$name" && \
+ nftset 'add' "$iface" "$target" "$type" "$uid" "$name" "$value"; then
+ param4="${param4:+$param4 }${nftIPv4Flag} daddr ${negation:+$negation }@${nftPrefix}_${iface}_4_${target}_${type}_${uid}"
+ param6="${param6:+$param6 }${nftIPv6Flag} daddr ${negation:+$negation }@${nftPrefix}_${iface}_6_${target}_${type}_${uid}"
+ else
+ local resolvedIP4 resolvedIP6
+ resolvedIP4="$(resolveip_to_nftset4 "$value")"
+ resolvedIP6="$(resolveip_to_nftset6 "$value")"
+ if [ -z "$resolvedIP4" ] && [ -z "$resolvedIP6" ]; then
+ state add 'errorSummary' 'errorFailedToResolve' "$value"
+ fi
+ param4="${param4:+$param4 }${nftIPv4Flag} daddr ${negation:+$negation }{ $resolvedIP4 }"
+ param6="${param6:+$param6 }${nftIPv6Flag} daddr ${negation:+$negation }{ $resolvedIP6 }"
+ fi
+ else
+ local target='dst' type='ip'
+ if nftset 'create' "$iface" "$target" "$type" "$uid" "$name" && \
+ nftset 'add' "$iface" "$target" "$type" "$uid" "$name" "$value"; then
+ param4="${param4:+$param4 }${nftIPv4Flag} daddr ${negation:+$negation }@${nftPrefix}_${iface}_4_${target}_${type}_${uid}"
+ param6="${param6:+$param6 }${nftIPv6Flag} daddr ${negation:+$negation }@${nftPrefix}_${iface}_6_${target}_${type}_${uid}"
+ else
+ param4="${param4:+$param4 }${nftIPv4Flag} daddr ${negation:+$negation }${value}"
+ param6="${param6:+$param6 }${nftIPv6Flag} daddr ${negation:+$negation }${value}"
+ fi
+ fi
+ fi
+
+ if [ -n "$src_port" ]; then
+ if [ "${src_port:0:1}" = "!" ]; then
+ negation='!='; value="${src_port:1}"
+ else
+ unset negation; value="$src_port";
+ fi
+ param4="${param4:+$param4 }${proto_i:+$proto_i }sport ${negation:+$negation }{$(ports_to_nftset "$value")}"
+ param6="${param6:+$param6 }${proto_i:+$proto_i }sport ${negation:+$negation }{$(ports_to_nftset "$value")}"
+ fi
+
+ if [ -n "$dest_port" ]; then
+ if [ "${dest_port:0:1}" = "!" ]; then
+ negation='!='; value="${dest_port:1}"
+ else
+ unset negation; value="$dest_port";
+ fi
+ param4="${param4:+$param4 }${proto_i:+$proto_i }dport ${negation:+$negation }{$(ports_to_nftset "$value")}"
+ param6="${param6:+$param6 }${proto_i:+$proto_i }dport ${negation:+$negation }{$(ports_to_nftset "$value")}"
+ fi
+
+ if is_tor "$iface"; then
+ local dest_udp_53 dest_tcp_80 dest_udp_80 dest_tcp_443 dest_udp_443
+ local ipv4_error='0' ipv6_error='0'
+ local dest_i dest4 dest6
+ param4="$nftInsertOption rule inet $nftTable ${nftPrefix}_${chain} dstnat meta nfproto ipv4 $param4"
+ param6="$nftInsertOption rule inet $nftTable ${nftPrefix}_${chain} dstnat meta nfproto ipv6 $param6"
+ dest_udp_53="udp dport 53 counter redirect to :${torDnsPort} comment 'Tor-DNS-UDP'"
+ dest_tcp_80="tcp dport 80 counter redirect to :${torTrafficPort} comment 'Tor-HTTP-TCP'"
+ dest_udp_80="udp dport 80 counter redirect to :${torTrafficPort} comment 'Tor-HTTP-UDP'"
+ dest_tcp_443="tcp dport 443 counter redirect to :${torTrafficPort} comment 'Tor-HTTPS-TCP'"
+ dest_udp_443="udp dport 443 counter redirect to :${torTrafficPort} comment 'Tor-HTTPS-UDP'"
+ for dest_i in dest_udp_53 dest_tcp_80 dest_udp_80 dest_tcp_443 dest_udp_443; do
+ eval "dest4=\$$dest_i"
+ eval "dest6=\$$dest_i"
+ nft4 "$param4" "$dest4" || ipv4_error='1'
+ nft6 "$param6" "$dest6" || ipv6_error='1'
+ if [ -n "$ipv6_enabled" ] && [ "$ipv4_error" -eq '1' ] && [ "$ipv6_error" -eq '1' ]; then
+ processPolicyError='true'
+ state add 'errorSummary' 'errorPolicyProcessInsertionFailed' "$name"
+ state add 'errorSummary' 'errorPolicyProcessCMD' "nft $param4 $dest4"
+ state add 'errorSummary' 'errorPolicyProcessCMD' "nft $param6 $dest6"
+ logger -t "$packageName" "ERROR: nft $param4 $dest4"
+ logger -t "$packageName" "ERROR: nft $param6 $dest6"
+ elif [ -z "$ipv6_enabled" ] && [ "$ipv4_error" -eq '1' ]; then
+ processPolicyError='true'
+ state add 'errorSummary' 'errorPolicyProcessInsertionFailedIpv4' "$name"
+ state add 'errorSummary' 'errorPolicyProcessCMD' "nft $param4 $dest4"
+ logger -t "$packageName" "ERROR: nft $param4 $dest4"
+ fi
+ done
+ else
+ param4="$nftInsertOption rule inet $nftTable ${nftPrefix}_${chain} $param4 $dest4 comment \"$name\""
+ param6="$nftInsertOption rule inet $nftTable ${nftPrefix}_${chain} $param6 $dest6 comment \"$name\""
+ local ipv4_error='0' ipv6_error='0'
+ if [ "$policy_routing_nft_prev_param4" != "$param4" ]; then
+ nft4 "$param4" || ipv4_error='1'
+ policy_routing_nft_prev_param4="$param4"
+ fi
+ if [ "$policy_routing_nft_prev_param6" != "$param6" ] && \
+ [ "$param4" != "$param6" ]; then
+ nft6 "$param6" || ipv6_error='1'
+ policy_routing_nft_prev_param6="$param6"
+ fi
+
+ if [ -n "$ipv6_enabled" ] && [ "$ipv4_error" -eq '1' ] && [ "$ipv6_error" -eq '1' ]; then
+ processPolicyError='true'
+ state add 'errorSummary' 'errorPolicyProcessInsertionFailed' "$name"
+ state add 'errorSummary' 'errorPolicyProcessCMD' "nft $param4"
+ state add 'errorSummary' 'errorPolicyProcessCMD' "nft $param6"
+ logger -t "$packageName" "ERROR: nft $param4"
+ logger -t "$packageName" "ERROR: nft $param6"
+ elif [ -z "$ipv6_enabled" ] && [ "$ipv4_error" -eq '1' ]; then
+ processPolicyError='true'
+ state add 'errorSummary' 'errorPolicyProcessInsertionFailedIpv4' "$name"
+ state add 'errorSummary' 'errorPolicyProcessCMD' "nft $param4"
+ logger -t "$packageName" "ERROR: nft $param4"
+ fi
+ fi
+ done
+}
+
+policy_process() {
+ local i j uid="$9"
+ if [ -z "$uid" ]; then # first call
+ [ "$enabled" -gt '0' ] || return 0
+ unset processPolicyError
+ uid="$1"
+ if is_nft_mode; then
+ chain="$(str_to_lower "$chain")"
+ else
+ chain="$(str_to_upper "$chain")"
+ fi
+ proto="$(str_to_lower "$proto")"
+ [ "$proto" = 'auto' ] && unset proto
+ [ "$proto" = 'all' ] && unset proto
+ output 2 "Routing '$name' via $interface "
+ if [ -z "${src_addr}${src_port}${dest_addr}${dest_port}" ]; then
+ state add 'errorSummary' 'errorPolicyNoSrcDest' "$name"
+ output_fail; return 1;
+ fi
+ if [ -z "$interface" ]; then
+ state add 'errorSummary' 'errorPolicyNoInterface' "$name"
+ output_fail; return 1;
+ fi
+ if ! is_supported_interface "$interface"; then
+ state add 'errorSummary' 'errorPolicyUnknownInterface' "$name"
+ output_fail; return 1;
+ fi
+ src_port="${src_port// / }"; src_port="${src_port// /,}"; src_port="${src_port//,\!/ !}";
+ dest_port="${dest_port// / }"; dest_port="${dest_port// /,}"; dest_port="${dest_port//,\!/ !}";
+ policy_process "$name" "$interface" "$src_addr" "$src_port" "$dest_addr" "$dest_port" "$proto" "$chain" "$uid"
+ if [ -n "$processPolicyError" ]; then
+ output_fail
+ else
+ output_ok
+ fi
+ else # recursive call, get options from passed variables
+ local name="$1" interface="$2" src_addr="$3" src_port="$4" dest_addr="$5" dest_port="$6" proto="$7" chain="$8"
+ if str_contains "$src_addr" '[ ;\{\}]'; then
+ for i in $(str_extras_to_space "$src_addr"); do [ -n "$i" ] && policy_process "$name" "$interface" "$i" "$src_port" "$dest_addr" "$dest_port" "$proto" "$chain" "$uid"; done
+ elif str_contains "$src_port" '[ ;\{\}]'; then
+ for i in $(str_extras_to_space "$src_port"); do [ -n "$i" ] && policy_process "$name" "$interface" "$src_addr" "$i" "$dest_addr" "$dest_port" "$proto" "$chain" "$uid"; done
+ elif str_contains "$dest_addr" '[ ;\{\}]'; then
+ for i in $(str_extras_to_space "$dest_addr"); do [ -n "$i" ] && policy_process "$name" "$interface" "$src_addr" "$src_port" "$i" "$dest_port" "$proto" "$chain" "$uid"; done
+ elif str_contains "$dest_port" '[ ;\{\}]'; then
+ for i in $(str_extras_to_space "$dest_port"); do [ -n "$i" ] && policy_process "$name" "$interface" "$src_addr" "$src_port" "$dest_addr" "$i" "$proto" "$chain" "$uid"; done
+ elif str_contains "$proto" '[ ;\{\}]'; then
+ for i in $(str_extras_to_space "$proto"); do [ -n "$i" ] && policy_process "$name" "$interface" "$src_addr" "$src_port" "$dest_addr" "$dest_port" "$i" "$chain" "$uid"; done
+ else
+ if [ -n "$secure_reload" ] && { is_url_dl "$src_addr" || is_url_dl "$dest_addr"; }; then
+ state add 'errorSummary' 'errorNoDownloadWithSecureReload' "$name"
+ elif is_url "$src_addr"; then
+ src_addr="$(process_url "$src_addr")"
+ [ -n "$src_addr" ] && policy_process "$name" "$interface" "$src_addr" "$src_port" "$dest_addr" "$dest_port" "$proto" "$chain" "$uid"
+ elif is_url "$dest_addr"; then
+ dest_addr="$(process_url "$dest_addr")"
+ [ -n "$dest_addr" ] && policy_process "$name" "$interface" "$src_addr" "$src_port" "$dest_addr" "$dest_port" "$proto" "$chain" "$uid"
+ else
+ # if only src_addr is set add option 121 to dhcp leases?
+ policy_routing "$name" "$interface" "$src_addr" "$src_port" "$dest_addr" "$dest_port" "$proto" "$chain" "$uid"
+ fi
+ fi
+ fi
+}
+
+try() {
+ if ! "$@"; then
+ state add 'errorSummary' 'errorTryFailed' "$*"
+ return 1
+ fi
+}
+
+interface_routing() {
+ local action="$1" tid="$2" mark="$3" iface="$4" gw4="$5" dev="$6" gw6="$7" dev6="$8" priority="$9"
+ local dscp s=0 i ipv4_error=1 ipv6_error=1
+ if [ -z "$tid" ] || [ -z "$mark" ] || [ -z "$iface" ]; then
+ state add 'errorSummary' 'errorInterfaceRoutingEmptyValues'
+ return 1
+ fi
+ case "$action" in
+ create)
+ if is_netifd_table_interface "$iface"; then
+ ipv4_error=0
+ $ip_bin -4 rule del table "$tid" >/dev/null 2>&1
+ try "$ip_bin" -4 rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv4_error=1
+ if is_nft_mode; then
+ try nft add chain inet "$nftTable" "${nftPrefix}_mark_${mark}" || ipv4_error=1
+ try nft add rule inet "$nftTable" "${nftPrefix}_mark_${mark} counter mark set mark and ${fw_maskXor} xor ${mark}" || ipv4_error=1
+ try nft add rule inet "$nftTable" "${nftPrefix}_mark_${mark} return" || ipv4_error=1
+ else
+ ipt -t mangle -N "${iptPrefix}_MARK_${mark}" || ipv4_error=1
+ ipt -t mangle -A "${iptPrefix}_MARK_${mark}" -j MARK --set-xmark "${mark}/${fw_mask}" || ipv4_error=1
+ ipt -t mangle -A "${iptPrefix}_MARK_${mark}" -j RETURN || ipv4_error=1
+ fi
+ if [ -n "$ipv6_enabled" ]; then
+ ipv6_error=0
+ $ip_bin -6 rule del table "$tid" >/dev/null 2>&1
+ try "$ip_bin" -6 rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$((priority-1))" || ipv6_error=1
+ fi
+ else
+ if ! grep -q "$tid ${ipTablePrefix}_${iface}" "$rtTablesFile"; then
+ sed -i "/${ipTablePrefix}_${iface}/d" "$rtTablesFile"
+ sync
+ echo "$tid ${ipTablePrefix}_${iface}" >> "$rtTablesFile"
+ sync
+ fi
+ $ip_bin -4 rule del table "$tid" >/dev/null 2>&1
+ $ip_bin -4 route flush table "$tid" >/dev/null 2>&1
+ if [ -n "$gw4" ] || [ "$strict_enforcement" -ne '0' ]; then
+ ipv4_error=0
+ if [ -z "$gw4" ]; then
+ try "$ip_bin" -4 route add unreachable default table "$tid" >/dev/null 2>&1 || ipv4_error=1
+ else
+ try "$ip_bin" -4 route add default via "$gw4" dev "$dev" table "$tid" >/dev/null 2>&1 || ipv4_error=1
+ fi
+# shellcheck disable=SC2086
+ while read -r i; do
+ i="$(echo "$i" | sed 's/ linkdown$//')"
+ i="$(echo "$i" | sed 's/ onlink$//')"
+ idev="$(echo "$i" | grep -Eso 'dev [^ ]*' | awk '{print $2}')"
+ if ! is_supported_iface_dev "$idev"; then
+ try "$ip_bin" -4 route add $i table "$tid" >/dev/null 2>&1 || ipv4_error=1
+ fi
+ done << EOF
+ $($ip_bin -4 route list table main)
+EOF
+ try "$ip_bin" -4 rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv4_error=1
+ if is_nft_mode; then
+ try nft add chain inet "$nftTable" "${nftPrefix}_mark_${mark}" || ipv4_error=1
+ try nft add rule inet "$nftTable" "${nftPrefix}_mark_${mark} counter mark set mark and ${fw_maskXor} xor ${mark}" || ipv4_error=1
+ try nft add rule inet "$nftTable" "${nftPrefix}_mark_${mark} return" || ipv4_error=1
+ else
+ ipt -t mangle -N "${iptPrefix}_MARK_${mark}" || ipv4_error=1
+ ipt -t mangle -A "${iptPrefix}_MARK_${mark}" -j MARK --set-xmark "${mark}/${fw_mask}" || ipv4_error=1
+ ipt -t mangle -A "${iptPrefix}_MARK_${mark}" -j RETURN || ipv4_error=1
+ fi
+ fi
+ if [ -n "$ipv6_enabled" ]; then
+ ipv6_error=0
+ $ip_bin -6 rule del table "$tid" >/dev/null 2>&1
+ $ip_bin -6 route flush table "$tid" >/dev/null 2>&1
+ if { [ -n "$gw6" ] && [ "$gw6" != "::/0" ]; } || [ "$strict_enforcement" -ne '0' ]; then
+ if [ -z "$gw6" ] || [ "$gw6" = "::/0" ]; then
+ try "$ip_bin" -6 route add unreachable default table "$tid" >/dev/null 2>&1 || ipv6_error=1
+ elif "$ip_bin" -6 route list table main | grep -q " dev $dev6 "; then
+ "$ip_bin" -6 route add default via "$gw6" dev "$dev6" table "$tid" >/dev/null 2>&1 || ipv6_error=1
+ while read -r i; do
+ i="$(echo "$i" | sed 's/ linkdown$//')"
+ i="$(echo "$i" | sed 's/ onlink$//')"
+ # shellcheck disable=SC2086
+ try "$ip_bin" -6 route add $i table "$tid" >/dev/null 2>&1 || ipv6_error=1
+ done << EOF
+ $($ip_bin -6 route list table main | grep " dev $dev6 ")
+EOF
+ else
+ try "$ip_bin" -6 route add "$($ip_bin -6 -o a show "$dev6" | awk '{print $4}')" dev "$dev6" table "$tid" >/dev/null 2>&1 || ipv6_error=1
+ try "$ip_bin" -6 route add default dev "$dev6" table "$tid" >/dev/null 2>&1 || ipv6_error=1
+ fi
+ fi
+ try "$ip_bin" -6 rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$((priority-1))" >/dev/null 2>&1 || ipv6_error=1
+ fi
+ fi
+ if [ "$ipv4_error" -eq '0' ] || [ "$ipv6_error" -eq '0' ]; then
+ dscp="$(uci_get "$packageName" 'config' "${iface}_dscp")"
+ if is_nft_mode; then
+ if [ "${dscp:-0}" -ge '1' ] && [ "${dscp:-0}" -le '63' ]; then
+ try nft add rule inet "$nftTable" "${nftPrefix}_prerouting ${nftIPv4Flag} dscp ${dscp} goto ${nftPrefix}_mark_${mark}" || s=1
+ if [ -n "$ipv6_enabled" ]; then
+ try nft add rule inet "$nftTable" "${nftPrefix}_prerouting ${nftIPv6Flag} dscp ${dscp} goto ${nftPrefix}_mark_${mark}" || s=1
+ fi
+ fi
+ if [ "$iface" = "$icmp_interface" ]; then
+ try nft add rule inet "$nftTable" "${nftPrefix}_output ${nftIPv4Flag} protocol icmp goto ${nftPrefix}_mark_${mark}" || s=1
+ if [ -n "$ipv6_enabled" ]; then
+ try nft add rule inet "$nftTable" "${nftPrefix}_output ${nftIPv6Flag} protocol icmp goto ${nftPrefix}_mark_${mark}" || s=1
+ fi
+ fi
+ else
+ if [ "${dscp:-0}" -ge '1' ] && [ "${dscp:-0}" -le '63' ]; then
+ ipt -t mangle -I "${iptPrefix}_PREROUTING" -m dscp --dscp "${dscp}" -g "${iptPrefix}_MARK_${mark}" || s=1
+ fi
+ if [ "$iface" = "$icmp_interface" ]; then
+ ipt -t mangle -I "${iptPrefix}_OUTPUT" -p icmp -g "${iptPrefix}_MARK_${mark}" || s=1
+ fi
+ fi
+ else
+ s=1
+ fi
+ return "$s"
+ ;;
+ create_user_set)
+ if is_nft_mode; then
+ nftset 'create_user_set' "$iface" 'dst' 'ip' 'user' '' "$mark" || s=1
+ nftset 'create_user_set' "$iface" 'src' 'ip' 'user' '' "$mark" || s=1
+ nftset 'create_user_set' "$iface" 'src' 'mac' 'user' '' "$mark" || s=1
+ else
+ ips 'create_user_set' "$iface" 'dst' 'ip' 'user' '' "$mark" || s=1
+ ips 'create_user_set' "$iface" 'dst' 'net' 'user' '' "$mark" || s=1
+ ips 'create_user_set' "$iface" 'src' 'ip' 'user' '' "$mark" || s=1
+ ips 'create_user_set' "$iface" 'src' 'net' 'user' '' "$mark" || s=1
+ ips 'create_user_set' "$iface" 'src' 'mac' 'user' '' "$mark" || s=1
+ fi
+ return "$s"
+ ;;
+ delete|destroy)
+ $ip_bin rule del table "$tid" >/dev/null 2>&1
+ if ! is_netifd_table_interface "$iface"; then
+ $ip_bin route flush table "$tid" >/dev/null 2>&1
+ sed -i "/${ipTablePrefix}_${iface}\$/d" "$rtTablesFile"
+ sync
+ fi
+ return "$s"
+ ;;
+ reload_interface)
+ is_netifd_table_interface "$iface" && return 0;
+ ipv4_error=0
+ $ip_bin rule del table "$tid" >/dev/null 2>&1
+ if ! is_netifd_table_interface "$iface"; then
+ $ip_bin route flush table "$tid" >/dev/null 2>&1
+ fi
+ if [ -n "$gw4" ] || [ "$strict_enforcement" -ne '0' ]; then
+ if [ -z "$gw4" ]; then
+ try "$ip_bin" -4 route add unreachable default table "$tid" >/dev/null 2>&1 || ipv4_error=1
+ else
+ try "$ip_bin" -4 route add default via "$gw4" dev "$dev" table "$tid" >/dev/null 2>&1 || ipv4_error=1
+ fi
+ try "$ip_bin" rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv4_error=1
+ fi
+ if [ -n "$ipv6_enabled" ]; then
+ ipv6_error=0
+ if { [ -n "$gw6" ] && [ "$gw6" != "::/0" ]; } || [ "$strict_enforcement" -ne '0' ]; then
+ if [ -z "$gw6" ] || [ "$gw6" = "::/0" ]; then
+ try "$ip_bin" -6 route add unreachable default table "$tid" || ipv6_error=1
+ elif $ip_bin -6 route list table main | grep -q " dev $dev6 "; then
+ while read -r i; do
+ # shellcheck disable=SC2086
+ try "$ip_bin" -6 route add $i table "$tid" >/dev/null 2>&1 || ipv6_error=1
+ done << EOF
+ $($ip_bin -6 route list table main | grep " dev $dev6 ")
+EOF
+ else
+ try "$ip_bin" -6 route add "$($ip_bin -6 -o a show "$dev6" | awk '{print $4}')" dev "$dev6" table "$tid" >/dev/null 2>&1 || ipv6_error=1
+ try "$ip_bin" -6 route add default dev "$dev6" table "$tid" >/dev/null 2>&1 || ipv6_error=1
+ fi
+ fi
+ try "$ip_bin" -6 rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv6_error=1
+ fi
+ if [ "$ipv4_error" -eq '0' ] || [ "$ipv6_error" -eq '0' ]; then
+ s=0
+ else
+ s=1
+ fi
+ return "$s"
+ ;;
+ esac
+}
+
+json_add_gateway() {
+ local action="$1" tid="$2" mark="$3" iface="$4" gw4="$5" dev4="$6" gw6="$7" dev6="$8" priority="$9" default="${10}"
+ json_add_object ''
+ json_add_string 'name' "$iface"
+ json_add_string 'device_ipv4' "$dev4"
+ json_add_string 'gateway_ipv4' "$gw4"
+ json_add_string 'device_ipv6' "$dev6"
+ json_add_string 'gateway_ipv6' "$gw6"
+ if [ -n "$default" ]; then
+ json_add_boolean 'default' '1'
+ else
+ json_add_boolean 'default' '0'
+ fi
+ json_add_string 'action' "$action"
+ json_add_string 'table_id' "$tid"
+ json_add_string 'mark' "$mark"
+ json_add_string 'priority' "$priority"
+ json_close_object
+}
+
+interface_process() {
+ local gw4 gw6 dev dev6 s=0 dscp iface="$1" action="$2" reloadedIface="$3"
+ local displayText dispDev dispGw4 dispGw6 dispStatus
+
+ if [ "$iface" = 'all' ] && [ "$action" = 'prepare' ]; then
+ config_load 'network'
+ ifaceMark="$(printf '0x%06x' "$wan_mark")"
+ ifacePriority="$wan_ip_rules_priority"
+ unset ifaceTableID
+ return 0
+ fi
+
+ if [ "$iface" = 'tor' ]; then
+ case "$action" in
+ create|reload)
+ torDnsPort="$(get_tor_dns_port)"
+ torTrafficPort="$(get_tor_traffic_port)"
+ displayText="${iface}/53->${torDnsPort}/80,443->${torTrafficPort}"
+ gatewaySummary="${gatewaySummary}${displayText}\\n"
+ ;;
+ destroy)
+ ;;
+ esac
+ return 0
+ fi
+
+ is_supported_interface "$iface" || return 0
+ is_wan6 "$iface" && return 0
+ [ "$((ifaceMark))" -gt "$((fw_mask))" ] && return 1
+
+ if is_ovpn "$iface" && ! is_ovpn_valid "$iface"; then
+ : || state add 'warningSummary' 'warningInvalidOVPNConfig' "$iface"
+ fi
+
+ network_get_device dev "$iface"
+ [ -z "$dev" ] && network_get_physdev dev "$iface"
+ if is_wan "$iface" && [ -n "$wanIface6" ] && str_contains "$wanIface6" "$iface"; then
+ network_get_device dev6 "$wanIface6"
+ [ -z "$dev6" ] && network_get_physdev dev6 "$wanIface6"
+ fi
+
+ [ -z "$dev6" ] && dev6="$dev"
+ [ -z "$ifaceMark" ] && ifaceMark="$(printf '0x%06x' "$wan_mark")"
+ [ -z "$ifacePriority" ] && ifacePriority="$wan_ip_rules_priority"
+
+ case "$action" in
+ pre_init)
+ [ -z "$ifaceTableID" ] && ifaceTableID="$(get_rt_tables_non_pbr_next_id)"
+ eval "pre_init_mark_${iface//-/_}"='$ifaceMark'
+ eval "pre_init_priority_${iface//-/_}"='$ifacePriority'
+ eval "pre_init_tid_${iface//-/_}"='$ifaceTableID'
+ ifaceMark="$(printf '0x%06x' $((ifaceMark + wan_mark)))"
+ ifacePriority="$((ifacePriority - 1))"
+ ifaceTableID="$((ifaceTableID + 1))"
+ return 0
+ ;;
+ create)
+ ifaceTableID="$(get_rt_tables_id "$iface")"
+ [ -z "$ifaceTableID" ] && ifaceTableID="$(get_rt_tables_next_id)"
+ eval "mark_${iface//-/_}"='$ifaceMark'
+ eval "tid_${iface//-/_}"='$ifaceTableID'
+ pbr_get_gateway4 gw4 "$iface" "$dev"
+ pbr_get_gateway6 gw6 "$iface" "$dev6"
+ dispGw4="${gw4:-0.0.0.0}"
+ dispGw6="${gw6:-::/0}"
+ [ "$iface" != "$dev" ] && dispDev="$dev"
+ if is_default_dev "$dev"; then
+ [ "$verbosity" = '1' ] && dispStatus="$_OK_" || dispStatus="$__OK__"
+ fi
+ displayText="${iface}/${dispDev:+$dispDev/}${dispGw4}${ipv6_enabled:+/$dispGw6}"
+ output 2 "Setting up routing for '$displayText' "
+ if interface_routing 'create' "$ifaceTableID" "$ifaceMark" "$iface" "$gw4" "$dev" "$gw6" "$dev6" "$ifacePriority"; then
+ json_add_gateway 'create' "$ifaceTableID" "$ifaceMark" "$iface" "$gw4" "$dev" "$gw6" "$dev6" "$ifacePriority" "$dispStatus"
+ gatewaySummary="${gatewaySummary}${displayText}${dispStatus:+ $dispStatus}\\n"
+ if is_netifd_table_interface "$iface"; then output_okb; else output_ok; fi
+ else
+ state add 'errorSummary' 'errorFailedSetup' "$displayText"
+ output_fail
+ fi
+ ;;
+ create_user_set)
+ ifaceTableID="$(get_rt_tables_id "$iface")"
+ [ -z "$ifaceTableID" ] && ifaceTableID="$(get_rt_tables_next_id)"
+ eval "mark_${iface//-/_}"='$ifaceMark'
+ eval "tid_${iface//-/_}"='$ifaceTableID'
+ pbr_get_gateway4 gw4 "$iface" "$dev"
+ pbr_get_gateway6 gw6 "$iface" "$dev6"
+ dispGw4="${gw4:-0.0.0.0}"
+ dispGw6="${gw6:-::/0}"
+ [ "$iface" != "$dev" ] && dispDev="$dev"
+ if is_default_dev "$dev"; then
+ [ "$verbosity" = '1' ] && dispStatus="$_OK_" || dispStatus="$__OK__"
+ fi
+ displayText="${iface}/${dispDev:+$dispDev/}${dispGw4}${ipv6_enabled:+/$dispGw6}"
+ interface_routing 'create_user_set' "$ifaceTableID" "$ifaceMark" "$iface" "$gw4" "$dev" "$gw6" "$dev6" "$ifacePriority"
+ ;;
+ destroy)
+ ifaceTableID="$(get_rt_tables_id "$iface")"
+ [ -z "$ifaceTableID" ] && ifaceTableID="$(get_rt_tables_next_id)"
+ eval "mark_${iface//-/_}"='$ifaceMark'
+ eval "tid_${iface//-/_}"='$ifaceTableID'
+ pbr_get_gateway4 gw4 "$iface" "$dev"
+ pbr_get_gateway6 gw6 "$iface" "$dev6"
+ dispGw4="${gw4:-0.0.0.0}"
+ dispGw6="${gw6:-::/0}"
+ [ "$iface" != "$dev" ] && dispDev="$dev"
+ if is_default_dev "$dev"; then
+ [ "$verbosity" = '1' ] && dispStatus="$_OK_" || dispStatus="$__OK__"
+ fi
+ displayText="${iface}/${dispDev:+$dispDev/}${dispGw4}${ipv6_enabled:+/$dispGw6}"
+ displayText="${iface}/${dispDev:+$dispDev/}${dispGw4}${ipv6_enabled:+/$dispGw6}"
+ output 2 "Removing routing for '$displayText' "
+ interface_routing 'destroy' "${ifaceTableID}" "${ifaceMark}" "${iface}"
+ if is_netifd_table_interface "$iface"; then output_okb; else output_ok; fi
+ ;;
+ reload)
+ ifaceTableID="$(get_rt_tables_id "$iface")"
+ [ -z "$ifaceTableID" ] && ifaceTableID="$(get_rt_tables_next_id)"
+ eval "mark_${iface//-/_}"='$ifaceMark'
+ eval "tid_${iface//-/_}"='$ifaceTableID'
+ pbr_get_gateway4 gw4 "$iface" "$dev"
+ pbr_get_gateway6 gw6 "$iface" "$dev6"
+ dispGw4="${gw4:-0.0.0.0}"
+ dispGw6="${gw6:-::/0}"
+ [ "$iface" != "$dev" ] && dispDev="$dev"
+ if is_default_dev "$dev"; then
+ [ "$verbosity" = '1' ] && dispStatus="$_OK_" || dispStatus="$__OK__"
+ fi
+ displayText="${iface}/${dispDev:+$dispDev/}${dispGw4}${ipv6_enabled:+/$dispGw6}"
+ gatewaySummary="${gatewaySummary}${displayText}${dispStatus:+ $dispStatus}\\n"
+ ;;
+ reload_interface)
+ ifaceTableID="$(get_rt_tables_id "$iface")"
+ [ -z "$ifaceTableID" ] && ifaceTableID="$(get_rt_tables_next_id)"
+ eval "mark_${iface//-/_}"='$ifaceMark'
+ eval "tid_${iface//-/_}"='$ifaceTableID'
+ pbr_get_gateway4 gw4 "$iface" "$dev"
+ pbr_get_gateway6 gw6 "$iface" "$dev6"
+ dispGw4="${gw4:-0.0.0.0}"
+ dispGw6="${gw6:-::/0}"
+ [ "$iface" != "$dev" ] && dispDev="$dev"
+ if is_default_dev "$dev"; then
+ [ "$verbosity" = '1' ] && dispStatus="$_OK_" || dispStatus="$__OK__"
+ fi
+ displayText="${iface}/${dispDev:+$dispDev/}${dispGw4}${ipv6_enabled:+/$dispGw6}"
+ if [ "$iface" = "$reloadedIface" ]; then
+ output 2 "Reloading routing for '$displayText' "
+ if interface_routing 'reload_interface' "$ifaceTableID" "$ifaceMark" "$iface" "$gw4" "$dev" "$gw6" "$dev6" "$ifacePriority"; then
+ json_add_gateway 'reload_interface' "$ifaceTableID" "$ifaceMark" "$iface" "$gw4" "$dev" "$gw6" "$dev6" "$ifacePriority" "$dispStatus"
+ gatewaySummary="${gatewaySummary}${displayText}${dispStatus:+ $dispStatus}\\n"
+ if is_netifd_table_interface "$iface"; then output_okb; else output_ok; fi
+ else
+ state add 'errorSummary' 'errorFailedReload' "$displayText"
+ output_fail
+ fi
+ else
+ gatewaySummary="${gatewaySummary}${displayText}${dispStatus:+ $dispStatus}\\n"
+ fi
+ ;;
+ esac
+# ifaceTableID="$((ifaceTableID + 1))"
+ ifaceMark="$(printf '0x%06x' $((ifaceMark + wan_mark)))"
+ ifacePriority="$((ifacePriority - 2))"
+ return $s
+}
+
+user_file_process() {
+ local shellBin="${SHELL:-/bin/ash}"
+ [ "$enabled" -gt '0' ] || return 0
+ if [ ! -s "$path" ]; then
+ state add 'errorSummary' 'errorUserFileNotFound' "$path"
+ output_fail
+ return 1
+ fi
+ if ! $shellBin -n "$path"; then
+ state add 'errorSummary' 'errorUserFileSyntax' "$path"
+ output_fail
+ return 1
+ fi
+ output 2 "Running $path "
+# shellcheck disable=SC1090
+ if ! . "$path"; then
+ state add 'errorSummary' 'errorUserFileRunning' "$path"
+ if grep -q -w 'curl' "$path" && ! is_present 'curl'; then
+ state add 'errorSummary' 'errorUserFileNoCurl' "$path"
+ fi
+ output_fail
+ return 1
+ else
+ output_ok
+ return 0
+ fi
+}
+
+boot() {
+ local procd_boot_delay
+ config_load "$packageName"
+ config_get procd_boot_delay 'config' 'procd_boot_delay' '0'
+ nft_file 'delete'
+ ubus -t 30 wait_for network.interface 2>/dev/null
+ { is_integer "$procd_boot_delay" && sleep "$procd_boot_delay"; \
+ rc_procd start_service 'on_boot' && service_started 'on_boot'; } &
+}
+
+on_firewall_reload() {
+ if [ ! -e "$packageLockFile" ]; then
+ logger -t "$packageName" "Reload on firewall action aborted: service is stopped."
+ return 0
+ else
+ if nft_file 'exists'; then
+ logger -t "$packageName" "Reusing the fw4 nft file."
+ else
+ rc_procd start_service 'on_firewall_reload' "$1"
+ fi
+ fi
+}
+
+on_interface_reload() {
+ if [ ! -e "$packageLockFile" ]; then
+ logger -t "$packageName" "Reload on interface change aborted: service is stopped."
+ return 0
+ else
+ rc_procd start_service 'on_interface_reload' "$1"
+ fi
+}
+
+start_service() {
+ local resolverStoredHash resolverNewHash i param="$1" reloadedIface
+
+ load_environment "${param:-on_start}" "$(load_validate_config)" || return 1
+ is_wan_up "$param" || return 1
+
+ interface_process 'all' 'prepare'
+ config_foreach interface_process 'interface' 'pre_init'
+
+ case "$param" in
+ on_boot)
+ serviceStartTrigger='on_start'
+ ;;
+ on_firewall_reload)
+ serviceStartTrigger='on_start'
+ ;;
+ on_interface_reload)
+ reloadedIface="$2"
+ local tid pre_init_tid
+ tid="$(get_rt_tables_id "$reloadedIface")"
+ pre_init_tid="$(eval echo "\$pre_init_tid_${reloadedIface//-/_}")"
+ if [ "$tid" = "$pre_init_tid" ]; then
+# logger -t "$packageName" "Updated interface $reloadedIface TID: ${tid}; Pre-Init TID: ${pre_init_tid}. Reloading..."
+ serviceStartTrigger='on_interface_reload'
+ else
+# logger -t "$packageName" "Updated interface $reloadedIface TID: ${tid}; Pre-Init TID: ${pre_init_tid}. Restarting..."
+ serviceStartTrigger='on_start'
+ unset reloadedIface
+ fi
+# if is_ovpn "$reloadedIface"; then
+# logger -t "$packageName" "Updated interface is an OpenVPN tunnel, restarting."
+# serviceStartTrigger='on_start'
+# unset reloadedIface
+# else
+# serviceStartTrigger='on_interface_reload'
+# fi
+ ;;
+ on_reload)
+ serviceStartTrigger='on_reload'
+ ;;
+ on_restart)
+ serviceStartTrigger='on_start'
+ ;;
+ esac
+
+ if [ -n "$reloadedIface" ] && ! is_supported_interface "$reloadedIface"; then
+ return 0
+ fi
+
+ if [ -n "$(ubus_get_status error)" ] || [ -n "$(ubus_get_status warning)" ]; then
+ serviceStartTrigger='on_start'
+ unset reloadedIface
+ elif ! is_service_running; then
+ serviceStartTrigger='on_start'
+ unset reloadedIface
+ elif [ -z "$(ubus_get_status gateways)" ]; then
+ serviceStartTrigger='on_start'
+ unset reloadedIface
+# elif [ "$serviceStartTrigger" = 'on_interface_reload' ] && \
+# [ -z "$(ubus_get_interface "$reloadedIface" 'gateway_ipv4')" ] && \
+# [ -z "$(ubus_get_interface "$reloadedIface" 'gateway_ipv6')" ]; then
+# serviceStartTrigger='on_start'
+# unset reloadedIface
+ else
+ serviceStartTrigger="${serviceStartTrigger:-on_start}"
+ fi
+
+ procd_open_instance 'main'
+ procd_set_param command /bin/true
+ procd_set_param stdout 1
+ procd_set_param stderr 1
+ procd_open_data
+
+ case $serviceStartTrigger in
+ on_interface_reload)
+ output 1 "Reloading Interface: $reloadedIface "
+ json_add_array 'gateways'
+ interface_process 'all' 'prepare'
+ config_foreach interface_process 'interface' 'reload_interface' "$reloadedIface"
+ json_close_array
+ output 1 '\n'
+ ;;
+ on_reload)
+ traffic_killswitch 'insert'
+ resolver 'store_hash'
+ resolver 'cleanup_all'
+ resolver 'configure'
+ resolver 'init'
+ cleanup_main_chains
+ cleanup_sets
+ nft_file 'create'
+ if ! is_nft_mode; then
+ for i in $chainsList; do
+ i="$(str_to_upper "$i")"
+ ipt -t mangle -N "${iptPrefix}_${i}"
+ ipt -t mangle "$rule_create_option" "$i" -m mark --mark "0x0/${fw_mask}" -j "${iptPrefix}_${i}"
+ done
+ ipt -t nat -N "${iptPrefix}_PREROUTING"
+ fi
+ json_add_array 'gateways'
+ interface_process 'all' 'prepare'
+ config_foreach interface_process 'interface' 'reload'
+ interface_process 'tor' 'destroy'
+ is_tor_running && interface_process 'tor' 'reload'
+ json_close_array
+ if is_config_enabled 'policy'; then
+ output 1 'Processing policies '
+ config_load "$packageName"
+ config_foreach load_validate_policy 'policy' policy_process
+ output 1 '\n'
+ fi
+ if is_config_enabled 'dns_policy'; then
+ output 1 'Processing dns policies '
+ config_load "$packageName"
+ config_foreach load_validate_dns_policy 'dns_policy' dns_policy_process
+ output 1 '\n'
+ fi
+ if is_config_enabled 'include'; then
+ interface_process 'all' 'prepare'
+ config_foreach interface_process 'interface' 'create_user_set'
+ output 1 'Processing user file(s) '
+ config_load "$packageName"
+ config_foreach load_validate_include 'include' user_file_process
+ output 1 '\n'
+ fi
+ nft_file 'install'
+ resolver 'init_end'
+ ! nft_file 'exists' && resolver 'compare_hash' && resolver 'restart'
+ traffic_killswitch 'remove'
+ ;;
+ on_start|*)
+ traffic_killswitch 'insert'
+ resolver 'store_hash'
+ resolver 'cleanup_all'
+ resolver 'configure'
+ resolver 'init'
+ cleanup_main_chains
+ cleanup_sets
+ cleanup_marking_chains
+ cleanup_rt_tables
+ nft_file 'create'
+ if ! is_nft_mode; then
+ for i in $chainsList; do
+ i="$(str_to_upper "$i")"
+ ipt -t mangle -N "${iptPrefix}_${i}"
+ ipt -t mangle "$rule_create_option" "$i" -m mark --mark "0x0/${fw_mask}" -j "${iptPrefix}_${i}"
+ done
+ ipt -t nat -N "${iptPrefix}_PREROUTING"
+ fi
+ output 1 'Processing interfaces '
+ json_add_array 'gateways'
+ interface_process 'all' 'prepare'
+ config_foreach interface_process 'interface' 'create'
+ interface_process 'tor' 'destroy'
+ is_tor_running && interface_process 'tor' 'create'
+ json_close_array
+ ip route flush cache
+ output 1 '\n'
+ if is_config_enabled 'policy'; then
+ output 1 'Processing policies '
+ config_load "$packageName"
+ config_foreach load_validate_policy 'policy' policy_process
+ output 1 '\n'
+ fi
+ if is_config_enabled 'dns_policy'; then
+ output 1 'Processing dns policies '
+ config_load "$packageName"
+ config_foreach load_validate_dns_policy 'dns_policy' dns_policy_process
+ output 1 '\n'
+ fi
+ if is_config_enabled 'include'; then
+ interface_process 'all' 'prepare'
+ config_foreach interface_process 'interface' 'create_user_set'
+ output 1 'Processing user file(s) '
+ config_load "$packageName"
+ config_foreach load_validate_include 'include' user_file_process
+ output 1 '\n'
+ fi
+ nft_file 'install'
+ resolver 'init_end'
+ ! nft_file 'exists' && resolver 'compare_hash' && resolver 'restart'
+ traffic_killswitch 'remove'
+ ;;
+ esac
+
+ if [ -z "$gatewaySummary" ]; then
+ state add 'errorSummary' 'errorNoGateways'
+ fi
+ json_add_object 'status'
+ [ -n "$gatewaySummary" ] && json_add_string 'gateways' "$gatewaySummary"
+ [ -n "$errorSummary" ] && json_add_string 'errors' "$errorSummary"
+ [ -n "$warningSummary" ] && json_add_string 'warnings' "$warningSummary"
+ if [ "$strict_enforcement" -ne '0' ] && str_contains "$gatewaySummary" '0.0.0.0'; then
+ json_add_string 'mode' 'strict'
+ fi
+ json_close_object
+ procd_close_data
+ procd_close_instance
+}
+
+service_started() {
+ if nft_file 'exists'; then
+ procd_set_config_changed firewall
+ if nft_file 'exists'; then
+ resolver 'compare_hash' && resolver 'restart'
+ [ -n "$gatewaySummary" ] && output "$serviceName (fw4 nft file mode) started with gateways:\\n${gatewaySummary}"
+ else
+ output "$serviceName FAILED TO START in fw4 nft file mode!!!"
+ output "Check the output of nft -c -f $nftTempFile"
+ fi
+ elif is_nft_mode; then
+ [ -n "$gatewaySummary" ] && output "$serviceName (nft mode) started with gateways:\\n${gatewaySummary}"
+ else
+ [ -n "$gatewaySummary" ] && output "$serviceName (iptables mode) started with gateways:\\n${gatewaySummary}"
+ fi
+ state print 'errorSummary'
+ state print 'warningSummary'
+ touch "$packageLockFile"
+ if [ -n "$errorSummary" ]; then
+ return 2
+ elif [ -n "$warningSummary" ]; then
+ return 1
+ else
+ return 0
+ fi
+}
+
+service_triggers() {
+ local n
+ load_environment 'on_triggers'
+# shellcheck disable=SC2034
+ PROCD_RELOAD_DELAY=$(( procd_reload_delay * 1000 ))
+ procd_open_validate
+ load_validate_config
+ load_validate_policy
+ load_validate_include
+ procd_close_validate
+ procd_open_trigger
+ procd_add_config_trigger "config.change" 'openvpn' "/etc/init.d/${packageName}" reload 'on_openvpn_change'
+ procd_add_config_trigger "config.change" "${packageName}" /etc/init.d/${packageName} reload
+ for n in $ifacesSupported; do
+ procd_add_interface_trigger "interface.*" "$n" /etc/init.d/${packageName} on_interface_reload "$n"
+ done
+ procd_close_trigger
+# procd_add_raw_trigger "interface.*.up" 4000 "/etc/init.d/${packageName}" restart 'on_interface_up'
+ if [ "$serviceStartTrigger" = 'on_start' ]; then
+ output 3 "$serviceName monitoring interfaces: ${ifacesSupported}\\n"
+ fi
+}
+
+stop_service() {
+ local i nft_file_mode
+ load_environment 'on_stop'
+ ! is_service_running && [ "$(get_rt_tables_next_id)" = "$(get_rt_tables_non_pbr_next_id)" ] && return 0
+ [ "$1" = 'quiet' ] && quiet_mode 'on'
+ traffic_killswitch 'insert'
+ if nft_file 'exists'; then
+ nft_file_mode=1
+ fi
+ nft_file 'delete'
+ cleanup_main_chains
+ cleanup_sets
+ cleanup_marking_chains
+ output 1 'Resetting interfaces '
+ config_load 'network'
+ config_foreach interface_process 'interface' 'destroy'
+ interface_process 'tor' 'destroy'
+ cleanup_rt_tables
+ output 1 "\\n"
+ ip route flush cache
+ unset ifaceMark
+ unset ifaceTableID
+ resolver 'store_hash'
+ resolver 'cleanup_all'
+ resolver 'compare_hash' && resolver 'restart'
+ traffic_killswitch 'remove'
+ if [ "$enabled" -ne '0' ]; then
+ if [ -n "$nft_file_mode" ]; then
+ output "$serviceName (fw4 nft file mode) stopped "; output_okn;
+ elif is_nft_mode; then
+ output "$serviceName (nft mode) stopped "; output_okn;
+ else
+ output "$serviceName (iptables mode) stopped "; output_okn;
+ fi
+ fi
+ rm -f "$packageLockFile"
+}
+
+version() { echo "$PKG_VERSION"; }
+
+status_service() {
+ local _SEPARATOR_='============================================================'
+ load_environment 'on_status'
+ if is_nft_mode; then
+ status_service_nft "$@"
+ else
+ status_service_iptables "$@"
+ fi
+}
+
+status_service_iptables() {
+ local dist vers out id s param status set_d set_p tableCount i=0 dev dev6 j wan_tid
+
+ json_load "$(ubus call system board)"; json_select release; json_get_var dist distribution; json_get_var vers version
+ if [ -n "$wanIface4" ]; then
+ network_get_gateway wanGW4 "$wanIface4"
+ network_get_device dev "$wanIface4"
+ fi
+ if [ -n "$wanIface6" ]; then
+ network_get_device dev6 "$wanIface6"
+ wanGW6=$($ip_bin -6 route show | grep -m1 " dev $dev6 " | awk '{print $1}')
+ [ "$wanGW6" = "default" ] && wanGW6=$($ip_bin -6 route show | grep -m1 " dev $dev6 " | awk '{print $3}')
+ fi
+ while [ "${1:0:1}" = "-" ]; do param="${1//-/}"; eval "set_$param=1"; shift; done
+ [ -e "/var/${packageName}-support" ] && rm -f "/var/${packageName}-support"
+ status="$serviceName running on $dist $vers."
+ [ -n "$wanIface4" ] && status="$status WAN (IPv4): ${wanIface4}/${dev}/${wanGW4:-0.0.0.0}."
+ [ -n "$wanIface6" ] && status="$status WAN (IPv6): ${wanIface6}/${dev6}/${wanGW6:-::/0}."
+ {
+ echo "$status"
+ echo "$_SEPARATOR_"
+ dnsmasq --version 2>/dev/null | sed '/^$/,$d'
+ if [ -n "$1" ]; then
+ echo "$_SEPARATOR_"
+ echo "Resolving domains"
+ for i in $1; do
+ echo "$i: $(resolveip "$i" | tr '\n' ' ')"
+ done
+ fi
+
+ echo "$_SEPARATOR_"
+ echo "Routes/IP Rules"
+ tableCount="$(grep -c "${packageName}_" $rtTablesFile)" || tableCount=0
+ if [ -n "$set_d" ]; then route; else route | grep '^default'; fi
+ if [ -n "$set_d" ]; then ip rule list; fi
+ wan_tid=$(($(get_rt_tables_next_id)-tableCount))
+ i=0; while [ "$i" -lt "$tableCount" ]; do
+ echo "IPv4 table $((wan_tid + i)) route: $($ip_bin -4 route show table $((wan_tid + i)) | grep default)"
+ echo "IPv4 table $((wan_tid + i)) rule(s):"
+ $ip_bin -4 rule list table "$((wan_tid + i))"
+ i=$((i + 1))
+ done
+
+ if [ -n "$ipv6_enabled" ]; then
+ i=0; while [ "$i" -lt "$tableCount" ]; do
+ $ip_bin -6 route show table $((wan_tid + i)) | while read -r param; do
+ echo "IPv6 Table $((wan_tid + i)): $param"
+ done
+ i=$((i + 1))
+ done
+ fi
+
+ for j in Mangle NAT; do
+ if [ -z "$set_d" ]; then
+ for i in $chainsList; do
+ i="$(str_to_upper "$i")"
+ if iptables -v -t "$(str_to_lower $j)" -S "${iptPrefix}_${i}" >/dev/null 2>&1; then
+ echo "$_SEPARATOR_"
+ echo "$j IP Table: $i"
+ iptables -v -t "$(str_to_lower $j)" -S "${iptPrefix}_${i}"
+ if [ -n "$ipv6_enabled" ]; then
+ echo "$_SEPARATOR_"
+ echo "$j IPv6 Table: $i"
+ iptables -v -t "$(str_to_lower $j)" -S "${iptPrefix}_${i}"
+ fi
+ fi
+ done
+ else
+ echo "$_SEPARATOR_"
+ echo "$j IP Table"
+ iptables -L -t "$(str_to_lower $j)"
+ if [ -n "$ipv6_enabled" ]; then
+ echo "$_SEPARATOR_"
+ echo "$j IPv6 Table"
+ iptables -L -t "$(str_to_lower $j)"
+ fi
+ fi
+ i=0; ifaceMark="$wan_mark";
+ while [ "$i" -lt "$tableCount" ]; do
+ if iptables -v -t "$(str_to_lower $j)" -S "${iptPrefix}_MARK_${ifaceMark}" >/dev/null 2>&1; then
+ echo "$_SEPARATOR_"
+ echo "$j IP Table MARK Chain: ${iptPrefix}_MARK_${ifaceMark}"
+ iptables -v -t "$(str_to_lower $j)" -S "${iptPrefix}_MARK_${ifaceMark}"
+ ifaceMark="$(printf '0x%06x' $((ifaceMark + wan_mark)))";
+ fi
+ i=$((i + 1))
+ done
+ done
+
+ echo "$_SEPARATOR_"
+ echo "Current ipsets"
+ ipset save
+ if [ -s "$dnsmasqFileDefault" ]; then
+ echo "$_SEPARATOR_"
+ echo "DNSMASQ sets"
+ cat "$dnsmasqFileDefault"
+ fi
+ if [ -s "$aghIpsetFile" ]; then
+ echo "$_SEPARATOR_"
+ echo "AdGuardHome sets"
+ cat "$aghIpsetFile"
+ fi
+ echo "$_SEPARATOR_"
+ } | tee -a /var/${packageName}-support
+ if [ -n "$set_p" ]; then
+ printf "%b" "Pasting to paste.ee... "
+ if curl --version 2>/dev/null | grep -q "Protocols: .*https.*"; then
+ json_init; json_add_string 'description' "${packageName}-support"
+ json_add_array 'sections'; json_add_object '0'
+ json_add_string 'name' "$(uci_get 'system' '@system[0]' 'hostname')"
+ json_add_string 'contents' "$(cat /var/${packageName}-support)"
+ json_close_object; json_close_array; payload=$(json_dump)
+ out=$(curl -s -k "https://api.paste.ee/v1/pastes" -X "POST" -H "Content-Type: application/json" -H "X-Auth-Token:uVOJt6pNqjcEWu7qiuUuuxWQafpHhwMvNEBviRV2B" -d "$payload")
+ json_load "$out"; json_get_var id id; json_get_var s success
+ [ "$s" = "1" ] && printf "%b" "https://paste.ee/p/$id $__OK__\\n" || printf "%b" "$__FAIL__\\n"
+ [ -e "/var/${packageName}-support" ] && rm -f "/var/${packageName}-support"
+ else
+ printf "%b" "${__FAIL__}\\n"
+ printf "%b" "${_ERROR_}: The curl, libopenssl or ca-bundle packages were not found!\\nRun 'opkg update; opkg install curl libopenssl ca-bundle' to install them.\\n"
+ fi
+ else
+ printf "%b" "Your support details have been logged to '/var/${packageName}-support'. $__OK__\\n"
+ fi
+}
+
+status_service_nft() {
+ local i dev dev6 wan_tid
+
+ json_load "$(ubus call system board)"; json_select release; json_get_var dist distribution; json_get_var vers version
+ if [ -n "$wanIface4" ]; then
+ network_get_gateway wanGW4 "$wanIface4"
+ network_get_device dev "$wanIface4"
+ fi
+ if [ -n "$wanIface6" ]; then
+ network_get_device dev6 "$wanIface6"
+ wanGW6=$($ip_bin -6 route show | grep -m1 " dev $dev6 " | awk '{print $1}')
+ [ "$wanGW6" = "default" ] && wanGW6=$($ip_bin -6 route show | grep -m1 " dev $dev6 " | awk '{print $3}')
+ fi
+ while [ "${1:0:1}" = "-" ]; do param="${1//-/}"; eval "set_$param=1"; shift; done
+ [ -e "/var/${packageName}-support" ] && rm -f "/var/${packageName}-support"
+ status="$serviceName running on $dist $vers."
+ [ -n "$wanIface4" ] && status="$status WAN (IPv4): ${wanIface4}/${dev}/${wanGW4:-0.0.0.0}."
+ [ -n "$wanIface6" ] && status="$status WAN (IPv6): ${wanIface6}/${dev6}/${wanGW6:-::/0}."
+
+ echo "$_SEPARATOR_"
+ echo "$packageName - environment"
+ echo "$status"
+ echo "$_SEPARATOR_"
+ dnsmasq --version 2>/dev/null | sed '/^$/,$d'
+ if nft_file 'exists'; then
+ echo "$_SEPARATOR_"
+ echo "$packageName fw4 nft file: $nftPermFile"
+ sed '1d;2d;' "$nftPermFile"
+ fi
+ echo "$_SEPARATOR_"
+ echo "$packageName chains - policies"
+ for i in $chainsList dstnat_lan; do
+ "$nft" -a list table inet "$nftTable" | sed -n "/chain ${nftPrefix}_${i} {/,/\t}/p"
+ done
+ echo "$_SEPARATOR_"
+ echo "$packageName chains - marking"
+ for i in $(get_mark_nft_chains); do
+ "$nft" -a list table inet "$nftTable" | sed -n "/chain ${i} {/,/\t}/p"
+ done
+ echo "$_SEPARATOR_"
+ echo "$packageName nft sets"
+ for i in $(get_nft_sets); do
+ "$nft" -a list table inet "$nftTable" | sed -n "/set ${i} {/,/\t}/p"
+ done
+ if [ -s "$dnsmasqFileDefault" ]; then
+ echo "$_SEPARATOR_"
+ echo "dnsmasq sets"
+ cat "$dnsmasqFileDefault"
+ fi
+# echo "$_SEPARATOR_"
+# ip rule list | grep "${packageName}_"
+ echo "$_SEPARATOR_"
+ tableCount="$(grep -c "${packageName}_" $rtTablesFile)" || tableCount=0
+ wan_tid=$(($(get_rt_tables_next_id)-tableCount))
+ i=0; while [ "$i" -lt "$tableCount" ]; do
+ echo "IPv4 table $((wan_tid + i)) route: $($ip_bin -4 route show table $((wan_tid + i)) | grep default)"
+ echo "IPv4 table $((wan_tid + i)) rule(s):"
+ $ip_bin -4 rule list table "$((wan_tid + i))"
+ if [ -n "$ipv6_enabled" ]; then
+ echo "IPv6 table $((wan_tid + i)) route: $($ip_bin -6 route show table $((wan_tid + i)) | grep default)"
+ echo "IPv6 table $((wan_tid + i)) rule(s):"
+ $ip_bin -6 route show table $((wan_tid + i))
+ fi
+ i=$((i + 1))
+ done
+}
+
+# shellcheck disable=SC2120
+load_validate_config() {
+ uci_load_validate "$packageName" "$packageName" "$1" "${2}${3:+ $3}" \
+ 'enabled:bool:0' \
+ 'strict_enforcement:bool:1' \
+ 'secure_reload:bool:0' \
+ 'ipv6_enabled:bool:0' \
+ 'resolver_set:or("", "none", "adguardhome.ipset", "dnsmasq.ipset", "dnsmasq.nftset")' \
+ 'resolver_instance:list(or(integer, string)):*' \
+ 'verbosity:range(0,2):2' \
+ 'wan_mark:regex("[A-Fa-f0-9]{8}"):010000' \
+ 'fw_mask:regex("[A-Fa-f0-9]{8}"):ff0000' \
+ 'icmp_interface:or("", tor, uci("network", "@interface"))' \
+ 'ignored_interface:list(or(tor, uci("network", "@interface")))' \
+ 'supported_interface:list(or(ignore, tor, regex("xray_.*"), uci("network", "@interface")))' \
+ 'procd_boot_delay:integer:0' \
+ 'procd_boot_timeout:integer:30' \
+ 'procd_lan_interface:string' \
+ 'procd_reload_delay:integer:0' \
+ 'procd_wan_ignore_status:bool:0' \
+ 'procd_wan_interface:network:wan' \
+ 'procd_wan6_interface:network:wan6' \
+ 'wan_ip_rules_priority:uinteger:30000' \
+ 'rule_create_option:or("", add, insert):add' \
+ 'webui_supported_protocol:list(string)' \
+ 'nft_file_support:bool:1'\
+ 'nft_set_auto_merge:bool:1'\
+ 'nft_set_counter:bool:1'\
+ 'nft_set_flags_interval:bool:1'\
+ 'nft_set_flags_timeout:bool:0'\
+ 'nft_set_gc_interval:or("", string)'\
+ 'nft_set_policy:or("", memory, performance):performance'\
+ 'nft_set_timeout:or("", string)'
+}
+
+# shellcheck disable=SC2120
+load_validate_dns_policy() {
+ local name
+ local enabled
+ local src_addr
+ local dest_dns
+ uci_load_validate "$packageName" 'policy' "$1" "${2}${3:+ $3}" \
+ 'name:string:Untitled' \
+ 'enabled:bool:1' \
+ 'src_addr:list(neg(or(host,network,macaddr,string)))' \
+ 'dest_dns:list(or(host,network,string))'
+}
+
+# shellcheck disable=SC2120
+load_validate_policy() {
+ local name
+ local enabled
+ local interface
+ local proto
+ local chain
+ local src_addr
+ local src_port
+ local dest_addr
+ local dest_port
+ uci_load_validate "$packageName" 'policy' "$1" "${2}${3:+ $3}" \
+ 'name:string:Untitled' \
+ 'enabled:bool:1' \
+ 'interface:or("ignore", "tor", regex("xray_.*"), uci("network", "@interface")):wan' \
+ 'proto:or(string)' \
+ 'chain:or("", "forward", "input", "output", "prerouting", "postrouting", "FORWARD", "INPUT", "OUTPUT", "PREROUTING", "POSTROUTING"):prerouting' \
+ 'src_addr:list(neg(or(host,network,macaddr,string)))' \
+ 'src_port:list(neg(or(portrange,string)))' \
+ 'dest_addr:list(neg(or(host,network,string)))' \
+ 'dest_port:list(neg(or(portrange,string)))'
+}
+
+# shellcheck disable=SC2120
+load_validate_include() {
+ local path=
+ local enabled=
+ uci_load_validate "$packageName" 'include' "$1" "${2}${3:+ $3}" \
+ 'path:file' \
+ 'enabled:bool:0'
+}
#!/bin/sh
+# shellcheck disable=SC3043
readonly pbrFunctionsFile='/etc/init.d/pbr'
if [ -s "$pbrFunctionsFile" ]; then
EOT
fi
+# Transition from pre-1.1.7 versions
+_remove_wg_server_client() {
+ local path
+ config_get path "$1" 'path'
+ if [ "$path" = '/usr/share/pbr/pbr.user.wg_server_and_client' ]; then
+ uci_remove pbr "$1"
+ fi
+}
+config_load pbr
+config_foreach _remove_wg_server_client include
+[ -n "$(uci changes pbr)" ] && uci_commit pbr
+
exit 0
# shellcheck disable=SC2317
pbr_iface_setup() {
- local iface="${1}"
- local proto
+ local iface="${1}" tid
if is_supported_interface "${iface}"; then
output "Setting up ${packageName} routing tables for ${iface}... "
+ tid="$(get_rt_tables_next_id)"
+ if ! grep -q "$tid ${ipTablePrefix}_${iface%6}" "$rtTablesFile"; then
+ sed -i "/${ipTablePrefix}_${iface%6}/d" "$rtTablesFile"
+ echo "$tid ${ipTablePrefix}_${iface%6}" >> "$rtTablesFile"
+ sync
+ fi
uci_set 'network' "${iface}" 'ip4table' "${ipTablePrefix}_${iface%6}"
uci_set 'network' "${iface}" 'ip6table' "${ipTablePrefix}_${iface%6}"
- if ! grep -q -E -e "^[0-9]+\s+${ipTablePrefix}_${iface%6}$" "$rtTablesFile"; then
- sed -i -e "\$a $(($(sort -r -n "$rtTablesFile" | grep -o -E -m 1 "^[0-9]+")+1))\t${ipTablePrefix}_${iface%6}" \
- "$rtTablesFile"
- fi
output_okbn
fi
}
sed -i "/${ipTablePrefix}_/d" "$rtTablesFile"
sync
-config_load network
-config_foreach pbr_iface_setup interface
-uci_commit network
+config_load 'network'
+config_foreach pbr_iface_setup 'interface'
+uci_commit 'network'
sync
output "Restarting network... "
/etc/init.d/network restart
if check_dnsmasq_nftset; then
output "Setting resolver_set to 'dnsmasq.nftset'... "
uci_set pbr config resolver_set 'dnsmasq.nftset' && output_okn || output_failn
- elif check_agh_ipset; then
- output "Setting resolver_set to 'adguardhome.ipset'... "
- uci_set pbr config resolver_set 'adguardhome.ipset' && output_okn || output_failn
- elif check_dnsmasq_ipset; then
- output "Setting resolver_set to 'dnsmasq.ipset'... "
- uci_set pbr config resolver_set 'dnsmasq.ipset' && output_okn || output_failn
else
output "Setting resolver_set to 'none'... "
uci_set pbr config resolver_set 'none' && output_okn || output_failn
--- /dev/null
+jump pbr_dstnat_lan comment "Jump into pbr dstnat_lan chain";
+chain pbr_dstnat_lan {}
chain pbr_forward {}
chain pbr_input {}
chain pbr_output {}
TARGET_INTERFACE='wan'
TARGET_NFTSET_4="pbr_${TARGET_INTERFACE}_4_dst_ip_user"
TARGET_NFTSET_6="pbr_${TARGET_INTERFACE}_6_dst_ip_user"
-TARGET_IPSET_4="pbr_${TARGET_INTERFACE}_4_dst_net_user"
-TARGET_IPSET_6="pbr_${TARGET_INTERFACE}_6_dst_net_user"
TARGET_TABLE='inet fw4'
TARGET_URL="https://ip-ranges.amazonaws.com/ip-ranges.json"
TARGET_DL_FILE_4="/var/pbr_tmp_aws_ip_ranges.ipv4"
if [ ! -s "$TARGET_DL_FILE_4" ]; then
uclient-fetch --no-check-certificate -qO- "$TARGET_URL" 2>/dev/null | grep "ip_prefix" | sed 's/^.*\"ip_prefix\": \"//; s/\",//' > "$TARGET_DL_FILE_4"
fi
+
if [ -s "$TARGET_DL_FILE_4" ]; then
- if [ -n "$nft" ] && [ -x "$nft" ]; then
- while read -r p; do "$nft" "add element $TARGET_TABLE $TARGET_NFTSET_4 { $p }" || _ret=1; done < "$TARGET_DL_FILE_4"
- elif ipset -q list "$TARGET_IPSET_4" >/dev/null 2>&1; then
- if awk -v ipset="$TARGET_IPSET_4" '{print "add " ipset " " $1}' "$TARGET_DL_FILE_4" | ipset restore -!; then
- _ret=0
- else
- _ret=1
- fi
- fi
+ params=
+ while read -r p; do params="${params:+$params, }${p}"; done < "$TARGET_DL_FILE_4"
+ [ -n "$params" ] && nft "add element $TARGET_TABLE $TARGET_NFTSET_4 { $params }" || _ret=1
fi
if [ -n "$TARGET_DL_FILE_6" ] && [ ! -s "$TARGET_DL_FILE_6" ]; then
uclient-fetch --no-check-certificate -qO- "$TARGET_URL" 2>/dev/null | grep "ipv6_prefix" | sed 's/^.*\"ipv6_prefix\": \"//; s/\",//' > "$TARGET_DL_FILE_6"
fi
+
if [ -s "$TARGET_DL_FILE_6" ]; then
- if [ -n "$nft" ] && [ -x "$nft" ]; then
- while read -r p; do "$nft" "add element $TARGET_TABLE $TARGET_NFTSET_6 { $p }" || _ret=1; done < "$TARGET_DL_FILE_6"
- elif ipset -q list "$TARGET_IPSET_6" >/dev/null 2>&1; then
- if awk -v ipset="$TARGET_IPSET_6" '{print "add " ipset " " $1}' "$TARGET_DL_FILE_6" | ipset restore -!; then
- _ret=0
- else
- _ret=1
- fi
- fi
+ params=
+ while read -r p; do params="${params:+$params, }${p}"; done < "$TARGET_DL_FILE_6"
+ [ -n "$params" ] && nft "add element $TARGET_TABLE $TARGET_NFTSET_6 { $params }" || _ret=1
fi
return $_ret
--- /dev/null
+#!/bin/sh
+# This file is heavily based on code from https://github.com/Xentrk/netflix-vpn-bypass/blob/master/IPSET_Netflix.sh
+
+TARGET_INTERFACE='wan'
+TARGET_NFTSET_4="pbr_${TARGET_INTERFACE}_4_dst_ip_user"
+TARGET_NFTSET_6="pbr_${TARGET_INTERFACE}_6_dst_ip_user"
+TARGET_IPSET_4="pbr_${TARGET_INTERFACE}_4_dst_net_user"
+TARGET_IPSET_6="pbr_${TARGET_INTERFACE}_6_dst_net_user"
+TARGET_TABLE='inet fw4'
+TARGET_URL="https://ip-ranges.amazonaws.com/ip-ranges.json"
+TARGET_DL_FILE_4="/var/pbr_tmp_aws_ip_ranges.ipv4"
+# Uncomment the following line if you enabled ipv6 for pbr and want IPv6 entries added to the IPv6 set
+# TARGET_DL_FILE_6="/var/pbr_tmp_aws_ip_ranges.ipv6"
+_ret=0
+
+if [ ! -s "$TARGET_DL_FILE_4" ]; then
+ uclient-fetch --no-check-certificate -qO- "$TARGET_URL" 2>/dev/null | grep "ip_prefix" | sed 's/^.*\"ip_prefix\": \"//; s/\",//' > "$TARGET_DL_FILE_4"
+fi
+if [ -s "$TARGET_DL_FILE_4" ]; then
+ if [ -n "$nft" ] && [ -x "$nft" ]; then
+ while read -r p; do nft "add element $TARGET_TABLE $TARGET_NFTSET_4 { $p }" || _ret=1; done < "$TARGET_DL_FILE_4"
+ elif ipset -q list "$TARGET_IPSET_4" >/dev/null 2>&1; then
+ if awk -v ipset="$TARGET_IPSET_4" '{print "add " ipset " " $1}' "$TARGET_DL_FILE_4" | ipset restore -!; then
+ _ret=0
+ else
+ _ret=1
+ fi
+ fi
+fi
+
+if [ -n "$TARGET_DL_FILE_6" ] && [ ! -s "$TARGET_DL_FILE_6" ]; then
+ uclient-fetch --no-check-certificate -qO- "$TARGET_URL" 2>/dev/null | grep "ipv6_prefix" | sed 's/^.*\"ipv6_prefix\": \"//; s/\",//' > "$TARGET_DL_FILE_6"
+fi
+if [ -s "$TARGET_DL_FILE_6" ]; then
+ if [ -n "$nft" ] && [ -x "$nft" ]; then
+ while read -r p; do nft "add element $TARGET_TABLE $TARGET_NFTSET_6 { $p }" || _ret=1; done < "$TARGET_DL_FILE_6"
+ elif ipset -q list "$TARGET_IPSET_6" >/dev/null 2>&1; then
+ if awk -v ipset="$TARGET_IPSET_6" '{print "add " ipset " " $1}' "$TARGET_DL_FILE_6" | ipset restore -!; then
+ _ret=0
+ else
+ _ret=1
+ fi
+ fi
+fi
+
+return $_ret
TARGET_INTERFACE='wan'
TARGET_NFTSET_4="pbr_${TARGET_INTERFACE}_4_dst_ip_user"
TARGET_NFTSET_6="pbr_${TARGET_INTERFACE}_6_dst_ip_user"
-TARGET_IPSET_4="pbr_${TARGET_INTERFACE}_4_dst_net_user"
-TARGET_IPSET_6="pbr_${TARGET_INTERFACE}_6_dst_net_user"
TARGET_TABLE='inet fw4'
TARGET_ASN='2906'
TARGET_DL_FILE_4="/var/pbr_tmp_AS${TARGET_ASN}.ipv4"
uclient-fetch --no-check-certificate -qO- "$TARGET_URL" 2>/dev/null | jsonfilter -e '@.data.ipv4_prefixes[*].prefix' > "$TARGET_DL_FILE_4"
fi
fi
+
if [ -s "$TARGET_DL_FILE_4" ]; then
- if [ -n "$nft" ] && [ -x "$nft" ]; then
- while read -r p; do "$nft" "add element $TARGET_TABLE $TARGET_NFTSET_4 { $p }" || _ret=1; done < "$TARGET_DL_FILE_4"
- elif ipset -q list "$TARGET_IPSET_4" >/dev/null 2>&1; then
- if awk -v ipset="$TARGET_IPSET_4" '{print "add " ipset " " $1}' "$TARGET_DL_FILE_4" | ipset restore -!; then
- _ret=0
- else
- _ret=1
- fi
- fi
+ params=
+ while read -r p; do params="${params:+$params, }${p}"; done < "$TARGET_DL_FILE_4"
+ [ -n "$params" ] && nft "add element $TARGET_TABLE $TARGET_NFTSET_4 { $params }" || _ret=1
fi
if [ -n "$TARGET_DL_FILE_6" ] && [ ! -s "$TARGET_DL_FILE_6" ]; then
fi
fi
if [ -s "$TARGET_DL_FILE_6" ]; then
- if [ -n "$nft" ] && [ -x "$nft" ]; then
- while read -r p; do "$nft" "add element $TARGET_TABLE $TARGET_NFTSET_6 { $p }" || _ret=1; done < "$TARGET_DL_FILE_6"
- elif ipset -q list "$TARGET_IPSET_6" >/dev/null 2>&1; then
- if awk -v ipset="$TARGET_IPSET_6" '{print "add " ipset " " $1}' "$TARGET_DL_FILE_6" | ipset restore -!; then
- _ret=0
- else
- _ret=1
- fi
- fi
+ params=
+ while read -r p; do params="${params:+$params, }${p}"; done < "$TARGET_DL_FILE_6"
+ [ -n "$params" ] && nft "add element $TARGET_TABLE $TARGET_NFTSET_6 { $params }" || _ret=1
fi
return $_ret
--- /dev/null
+#!/bin/sh
+# This file is heavily based on code from https://github.com/Xentrk/netflix-vpn-bypass/blob/master/IPSET_Netflix.sh
+# Credits to https://forum.openwrt.org/u/dscpl for api.hackertarget.com code.
+# Credits to https://github.com/kkeker and https://github.com/tophirsch for api.bgpview.io code.
+
+TARGET_INTERFACE='wan'
+TARGET_NFTSET_4="pbr_${TARGET_INTERFACE}_4_dst_ip_user"
+TARGET_NFTSET_6="pbr_${TARGET_INTERFACE}_6_dst_ip_user"
+TARGET_IPSET_4="pbr_${TARGET_INTERFACE}_4_dst_net_user"
+TARGET_IPSET_6="pbr_${TARGET_INTERFACE}_6_dst_net_user"
+TARGET_TABLE='inet fw4'
+TARGET_ASN='2906'
+TARGET_DL_FILE_4="/var/pbr_tmp_AS${TARGET_ASN}.ipv4"
+# Uncomment the following line if you enabled ipv6 for pbr and want IPv6 entries added to the IPv6 set
+# TARGET_DL_FILE_6="/var/pbr_tmp_AS${TARGET_ASN}.ipv6"
+DB_SOURCE='ipinfo.io'
+#DB_SOURCE='api.hackertarget.com'
+#DB_SOURCE='api.bgpview.io'
+REGEX_IPV4='[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\/[0-9]\{1,\}'
+REGEX_IPV6='.*::.*'
+_ret=0
+
+if [ ! -s "$TARGET_DL_FILE_4" ]; then
+ if [ "$DB_SOURCE" = "ipinfo.io" ]; then
+ TARGET_URL="https://ipinfo.io/AS${TARGET_ASN}"
+ uclient-fetch --no-check-certificate -qO- "$TARGET_URL" 2>/dev/null | sed -n "s|\(.*\)/AS${TARGET_ASN}/\($REGEX_IPV4\)\"|\2|p" > "$TARGET_DL_FILE_4"
+ fi
+ if [ "$DB_SOURCE" = "api.hackertarget.com" ]; then
+ TARGET_URL="https://api.hackertarget.com/aslookup/?q=AS${TARGET_ASN}"
+ uclient-fetch --no-check-certificate -qO- "$TARGET_URL" 2>/dev/null | sed '1d' > "$TARGET_DL_FILE_4"
+ fi
+ if [ "$DB_SOURCE" = "api.bgpview.io" ]; then
+ TARGET_URL="https://api.bgpview.io/asn/${TARGET_ASN}/prefixes"
+ uclient-fetch --no-check-certificate -qO- "$TARGET_URL" 2>/dev/null | jsonfilter -e '@.data.ipv4_prefixes[*].prefix' > "$TARGET_DL_FILE_4"
+ fi
+fi
+if [ -s "$TARGET_DL_FILE_4" ]; then
+ if [ -n "$nft" ] && [ -x "$nft" ]; then
+ while read -r p; do nft "add element $TARGET_TABLE $TARGET_NFTSET_4 { $p }" || _ret=1; done < "$TARGET_DL_FILE_4"
+ elif ipset -q list "$TARGET_IPSET_4" >/dev/null 2>&1; then
+ if awk -v ipset="$TARGET_IPSET_4" '{print "add " ipset " " $1}' "$TARGET_DL_FILE_4" | ipset restore -!; then
+ _ret=0
+ else
+ _ret=1
+ fi
+ fi
+fi
+
+if [ -n "$TARGET_DL_FILE_6" ] && [ ! -s "$TARGET_DL_FILE_6" ]; then
+ if [ "$DB_SOURCE" = "ipinfo.io" ]; then
+ TARGET_URL="https://ipinfo.io/AS${TARGET_ASN}"
+ uclient-fetch --no-check-certificate -qO- "$TARGET_URL" 2>/dev/null | sed -n "s|\(.*\)/AS${TARGET_ASN}/\($REGEX_IPV6\)\"|\2|p" > "$TARGET_DL_FILE_6"
+ fi
+fi
+if [ -s "$TARGET_DL_FILE_6" ]; then
+ if [ -n "$nft" ] && [ -x "$nft" ]; then
+ while read -r p; do nft "add element $TARGET_TABLE $TARGET_NFTSET_6 { $p }" || _ret=1; done < "$TARGET_DL_FILE_6"
+ elif ipset -q list "$TARGET_IPSET_6" >/dev/null 2>&1; then
+ if awk -v ipset="$TARGET_IPSET_6" '{print "add " ipset " " $1}' "$TARGET_DL_FILE_6" | ipset restore -!; then
+ _ret=0
+ else
+ _ret=1
+ fi
+ fi
+fi
+
+return $_ret
_ret='1'
insert_ip_rule() {
- local proto listen_port
+ local disabled proto listen_port
+ config_get disabled "$1" disabled "0"
config_get proto "$1" proto
config_get listen_port "$1" listen_port
- if [ "$proto" = 'wireguard' ] && [ -n "$listen_port" ]; then
+ if [ "$disabled" -ne '1' ] && [ "$proto" = 'wireguard' ] && [ -n "$listen_port" ]; then
ip rule del sport "$listen_port" table "pbr_${WAN_INTERFACE}" >/dev/null 2>&1
ip rule add sport "$listen_port" table "pbr_${WAN_INTERFACE}" >/dev/null 2>&1 && _ret=0
fi
include $(TOPDIR)/rules.mk
PKG_NAME:=pdns-recursor
-PKG_VERSION:=5.0.5
+PKG_VERSION:=5.1.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://downloads.powerdns.com/releases/
-PKG_HASH:=02b9f053db64b32bd76ce6656cb35772c1d07a21fe0345ec13adb6f0fcfbf9ce
+PKG_HASH:=5b7ab793ace822294a3f38092fe72ee64748ff0cbb8a5283dc77f40780605ae9
PKG_MAINTAINER:=Peter van Dijk <peter.van.dijk@powerdns.com>, Remi Gacogne <remi.gacogne@powerdns.com>
PKG_LICENSE:=GPL-2.0-only
-# Autogenerated configuration file template
-#################################
-# ignore-unknown-settings Configuration settings to ignore if they are unknown
-#
-# ignore-unknown-settings=
-
-#################################
-# aggressive-nsec-cache-size The number of records to cache in the aggressive cache. If set to a value greater than 0, and DNSSEC processing or validation is enabled, the recursor will cache NSEC and NSEC3 records to generate negative answers, as defined in rfc8198
-#
-# aggressive-nsec-cache-size=100000
-
-#################################
-# allow-from If set, only allow these comma separated netmasks to recurse
-#
-# allow-from=127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10
-
-#################################
-# allow-from-file If set, load allowed netmasks from this file
-#
-# allow-from-file=
-
-#################################
-# allow-notify-for If set, NOTIFY requests for these zones will be allowed
-#
-# allow-notify-for=
-
-#################################
-# allow-notify-for-file If set, load NOTIFY-allowed zones from this file
-#
-# allow-notify-for-file=
-
-#################################
-# allow-notify-from If set, NOTIFY requests from these comma separated netmasks will be allowed
-#
-# allow-notify-from=
-
-#################################
-# allow-notify-from-file If set, load NOTIFY-allowed netmasks from this file
-#
-# allow-notify-from-file=
-
-#################################
-# allow-trust-anchor-query Allow queries for trustanchor.server CH TXT and negativetrustanchor.server CH TXT
-#
-# allow-trust-anchor-query=no
-
-#################################
-# any-to-tcp Answer ANY queries with tc=1, shunting to TCP
-#
-# any-to-tcp=no
-
-#################################
-# api-config-dir Directory where REST API stores config and zones
-#
-# api-config-dir=
-
-#################################
-# api-key Static pre-shared authentication key for access to the REST API
-#
-# api-key=
-
-#################################
-# auth-zones Zones for which we have authoritative data, comma separated domain=file pairs
-#
-# auth-zones=
-
-#################################
-# carbon-instance If set overwrites the instance name default
-#
-# carbon-instance=recursor
-
-#################################
-# carbon-interval Number of seconds between carbon (graphite) updates
-#
-# carbon-interval=30
-
-#################################
-# carbon-namespace If set overwrites the first part of the carbon string
-#
-# carbon-namespace=pdns
-
-#################################
-# carbon-ourname If set, overrides our reported hostname for carbon stats
-#
-# carbon-ourname=
-
-#################################
-# carbon-server If set, send metrics in carbon (graphite) format to this server IP address
-#
-# carbon-server=
-
-#################################
-# chroot switch to chroot jail
-#
-# chroot=
-
-#################################
-# client-tcp-timeout Timeout in seconds when talking to TCP clients
-#
-# client-tcp-timeout=2
-
-#################################
-# config-dir Location of configuration directory (recursor.conf)
-#
-# config-dir=/etc/powerdns
-
-#################################
-# config-name Name of this virtual configuration - will rename the binary image
-#
-# config-name=
-
-#################################
-# cpu-map Thread to CPU mapping, space separated thread-id=cpu1,cpu2..cpuN pairs
-#
-# cpu-map=
-
-#################################
-# daemon Operate as a daemon
-#
-# daemon=no
-
-#################################
-# disable-packetcache Disable packetcache
-#
-# disable-packetcache=no
-
-#################################
-# disable-syslog Disable logging to syslog, useful when running inside a supervisor that logs stdout
-#
-# disable-syslog=no
-
-#################################
-# distribution-load-factor The load factor used when PowerDNS is distributing queries to worker threads
-#
-# distribution-load-factor=0.0
-
-#################################
-# distribution-pipe-buffer-size Size in bytes of the internal buffer of the pipe used by the distributor to pass incoming queries to a worker thread
-#
-# distribution-pipe-buffer-size=0
-
-#################################
-# distributor-threads Launch this number of distributor threads, distributing queries to other threads
-#
-# distributor-threads=0
-
-#################################
-# dns64-prefix DNS64 prefix
-#
-# dns64-prefix=
-
-#################################
-# dnssec DNSSEC mode: off/process-no-validate/process (default)/log-fail/validate
-#
-# dnssec=process
-
-#################################
-# dnssec-log-bogus Log DNSSEC bogus validations
-#
-# dnssec-log-bogus=no
-
-#################################
-# dont-query If set, do not query these netmasks for DNS data
-#
-# dont-query=127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10, 0.0.0.0/8, 192.0.0.0/24, 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24, 240.0.0.0/4, ::/96, ::ffff:0:0/96, 100::/64, 2001:db8::/32
-
-#################################
-# dont-throttle-names Do not throttle nameservers with this name or suffix
-#
-# dont-throttle-names=
-
-#################################
-# dont-throttle-netmasks Do not throttle nameservers with this IP netmask
-#
-# dont-throttle-netmasks=
-
-#################################
-# dot-to-auth-names Use DoT to authoritative servers with these names or suffixes
-#
-# dot-to-auth-names=
-
-#################################
-# dot-to-port-853 Force DoT connection to target port 853 if DoT compiled in
-#
-# dot-to-port-853=yes
-
-#################################
-# ecs-add-for List of client netmasks for which EDNS Client Subnet will be added
-#
-# ecs-add-for=0.0.0.0/0, ::/0, !127.0.0.0/8, !10.0.0.0/8, !100.64.0.0/10, !169.254.0.0/16, !192.168.0.0/16, !172.16.0.0/12, !::1/128, !fc00::/7, !fe80::/10
-
-#################################
-# ecs-cache-limit-ttl Minimum TTL to cache ECS response
-#
-# ecs-cache-limit-ttl=0
-
-#################################
-# ecs-ipv4-bits Number of bits of IPv4 address to pass for EDNS Client Subnet
-#
-# ecs-ipv4-bits=24
-
-#################################
-# ecs-ipv4-cache-bits Maximum number of bits of IPv4 mask to cache ECS response
-#
-# ecs-ipv4-cache-bits=24
-
-#################################
-# ecs-ipv4-never-cache If we should never cache IPv4 ECS responses
-#
-# ecs-ipv4-never-cache=no
-
-#################################
-# ecs-ipv6-bits Number of bits of IPv6 address to pass for EDNS Client Subnet
-#
-# ecs-ipv6-bits=56
-
-#################################
-# ecs-ipv6-cache-bits Maximum number of bits of IPv6 mask to cache ECS response
-#
-# ecs-ipv6-cache-bits=56
-
-#################################
-# ecs-ipv6-never-cache If we should never cache IPv6 ECS responses
-#
-# ecs-ipv6-never-cache=no
-
-#################################
-# ecs-minimum-ttl-override The minimum TTL for records in ECS-specific answers
-#
-# ecs-minimum-ttl-override=1
-
-#################################
-# ecs-scope-zero-address Address to send to allow-listed authoritative servers for incoming queries with ECS prefix-length source of 0
-#
-# ecs-scope-zero-address=
-
-#################################
-# edns-outgoing-bufsize Outgoing EDNS buffer size
-#
-# edns-outgoing-bufsize=1232
-
-#################################
-# edns-padding-from List of netmasks (proxy IP in case of XPF or proxy-protocol presence, client IP otherwise) for which EDNS padding will be enabled in responses, provided that 'edns-padding-mode' applies
-#
-# edns-padding-from=
-
-#################################
-# edns-padding-mode Whether to add EDNS padding to all responses ('always') or only to responses for queries containing the EDNS padding option ('padded-queries-only', the default). In both modes, padding will only be added to responses for queries coming from `edns-padding-from`_ sources
-#
-# edns-padding-mode=padded-queries-only
-
-#################################
-# edns-padding-tag Packetcache tag associated to responses sent with EDNS padding, to prevent sending these to clients for which padding is not enabled.
-#
-# edns-padding-tag=7830
-
-#################################
-# edns-subnet-allow-list List of netmasks and domains that we should enable EDNS subnet for
-#
-# edns-subnet-allow-list=
-
-#################################
-# edns-subnet-whitelist List of netmasks and domains that we should enable EDNS subnet for (deprecated)
-#
-# edns-subnet-whitelist=
-
-#################################
-# entropy-source If set, read entropy from this file
-#
-# entropy-source=/dev/urandom
-
-#################################
-# etc-hosts-file Path to 'hosts' file
-#
-# etc-hosts-file=/etc/hosts
-
-#################################
-# event-trace-enabled If set, event traces are collected and send out via protobuf logging (1), logfile (2) or both(3)
-#
-# event-trace-enabled=0
-
-#################################
-# export-etc-hosts If we should serve up contents from /etc/hosts
-#
-# export-etc-hosts=off
-
-#################################
-# export-etc-hosts-search-suffix Also serve up the contents of /etc/hosts with this suffix
-#
-# export-etc-hosts-search-suffix=
-
-#################################
-# extended-resolution-errors If set, send an EDNS Extended Error extension on resolution failures, like DNSSEC validation errors
-#
-# extended-resolution-errors=no
-
-#################################
-# forward-zones Zones for which we forward queries, comma separated domain=ip pairs
-#
-# forward-zones=
-
-#################################
-# forward-zones-file File with (+)domain=ip pairs for forwarding
-#
-# forward-zones-file=
-
-#################################
-# forward-zones-recurse Zones for which we forward queries with recursion bit, comma separated domain=ip pairs
-#
-# forward-zones-recurse=
-
-#################################
-# gettag-needs-edns-options If EDNS Options should be extracted before calling the gettag() hook
-#
-# gettag-needs-edns-options=no
-
-#################################
-# hint-file If set, load root hints from this file
-#
-# hint-file=
-
-#################################
-# include-dir Include *.conf files from this directory
-#
-# include-dir=
-
-#################################
-# latency-statistic-size Number of latency values to calculate the qa-latency average
-#
-# latency-statistic-size=10000
-
-#################################
-# local-address IP addresses to listen on, separated by spaces or commas. Also accepts ports.
-#
-# local-address=127.0.0.1
-
-#################################
-# local-port port to listen on
-#
-# local-port=53
-
-#################################
-# log-common-errors If we should log rather common errors
-#
-# log-common-errors=no
-
-#################################
-# log-rpz-changes Log additions and removals to RPZ zones at Info level
-#
-# log-rpz-changes=no
-
-#################################
-# log-timestamp Print timestamps in log lines, useful to disable when running with a tool that timestamps stdout already
-#
-# log-timestamp=yes
-
-#################################
-# logging-facility Facility to log messages as. 0 corresponds to local0
-#
-# logging-facility=
-
-#################################
-# loglevel Amount of logging. Higher is more. Do not set below 3
-#
-# loglevel=6
-
-#################################
-# lowercase-outgoing Force outgoing questions to lowercase
-#
-# lowercase-outgoing=no
-
-#################################
-# lua-config-file More powerful configuration options
-#
-# lua-config-file=
-
-#################################
-# lua-dns-script Filename containing an optional 'lua' script that will be used to modify dns answers
-#
-# lua-dns-script=
-
-#################################
-# lua-maintenance-interval Number of seconds between calls to the lua user defined maintenance() function
-#
-# lua-maintenance-interval=1
-
-#################################
-# max-cache-bogus-ttl maximum number of seconds to keep a Bogus (positive or negative) cached entry in memory
-#
-# max-cache-bogus-ttl=3600
-
-#################################
-# max-cache-entries If set, maximum number of entries in the main cache
-#
-# max-cache-entries=1000000
-
-#################################
-# max-cache-ttl maximum number of seconds to keep a cached entry in memory
-#
-# max-cache-ttl=86400
-
-#################################
-# max-concurrent-requests-per-tcp-connection Maximum number of requests handled concurrently per TCP connection
-#
-# max-concurrent-requests-per-tcp-connection=10
-
-#################################
-# max-generate-steps Maximum number of $GENERATE steps when loading a zone from a file
-#
-# max-generate-steps=0
-
-#################################
-# max-include-depth Maximum nested $INCLUDE depth when loading a zone from a file
-#
-# max-include-depth=20
-
-#################################
-# max-mthreads Maximum number of simultaneous Mtasker threads
-#
-# max-mthreads=2048
-
-#################################
-# max-negative-ttl maximum number of seconds to keep a negative cached entry in memory
-#
-# max-negative-ttl=3600
-
-#################################
-# max-ns-address-qperq Maximum outgoing NS address queries per query
-#
-# max-ns-address-qperq=10
-
-#################################
-# max-packetcache-entries maximum number of entries to keep in the packetcache
-#
-# max-packetcache-entries=500000
-
-#################################
-# max-qperq Maximum outgoing queries per query
-#
-# max-qperq=60
-
-#################################
-# max-recursion-depth Maximum number of internal recursion calls per query, 0 for unlimited
-#
-# max-recursion-depth=40
-
-#################################
-# max-tcp-clients Maximum number of simultaneous TCP clients
-#
-# max-tcp-clients=128
-
-#################################
-# max-tcp-per-client If set, maximum number of TCP sessions per client (IP address)
-#
-# max-tcp-per-client=0
-
-#################################
-# max-tcp-queries-per-connection If set, maximum number of TCP queries in a TCP connection
-#
-# max-tcp-queries-per-connection=0
-
-#################################
-# max-total-msec Maximum total wall-clock time per query in milliseconds, 0 for unlimited
-#
-# max-total-msec=7000
-
-#################################
-# max-udp-queries-per-round Maximum number of UDP queries processed per recvmsg() round, before returning back to normal processing
-#
-# max-udp-queries-per-round=10000
-
-#################################
-# minimum-ttl-override The minimum TTL
-#
-# minimum-ttl-override=1
-
-#################################
-# network-timeout Wait this number of milliseconds for network i/o
-#
-# network-timeout=1500
-
-#################################
-# new-domain-db-size Size of the DB used to track new domains in terms of number of cells. Defaults to 67108864
-#
-# new-domain-db-size=67108864
-
-#################################
-# new-domain-history-dir Persist new domain tracking data here to persist between restarts
-#
-# new-domain-history-dir=/var/lib/pdns-recursor/nod
-
-#################################
-# new-domain-ignore-list List of domains (and implicitly all subdomains) which will never be considered a new domain
-#
-# new-domain-ignore-list=
-
-#################################
-# new-domain-log Log newly observed domains.
-#
-# new-domain-log=yes
-
-#################################
-# new-domain-lookup Perform a DNS lookup newly observed domains as a subdomain of the configured domain
-#
-# new-domain-lookup=
-
-#################################
-# new-domain-pb-tag If protobuf is configured, the tag to use for messages containing newly observed domains. Defaults to 'pdns-nod'
-#
-# new-domain-pb-tag=pdns-nod
-
-#################################
-# new-domain-tracking Track newly observed domains (i.e. never seen before).
-#
-# new-domain-tracking=no
-
-#################################
-# new-domain-whitelist List of domains (and implicitly all subdomains) which will never be considered a new domain (deprecated)
-#
-# new-domain-whitelist=
-
-#################################
-# no-shuffle Don't change
-#
-# no-shuffle=off
-
-#################################
-# non-local-bind Enable binding to non-local addresses by using FREEBIND / BINDANY socket options
-#
-# non-local-bind=no
-
-#################################
-# non-resolving-ns-max-fails Number of failed address resolves of a nameserver to start throttling it, 0 is disabled
-#
-# non-resolving-ns-max-fails=5
-
-#################################
-# non-resolving-ns-throttle-time Number of seconds to throttle a nameserver with a name failing to resolve
-#
-# non-resolving-ns-throttle-time=60
-
-#################################
-# nothing-below-nxdomain When an NXDOMAIN exists in cache for a name with fewer labels than the qname, send NXDOMAIN without doing a lookup (see RFC 8020)
-#
-# nothing-below-nxdomain=dnssec
-
-#################################
-# nsec3-max-iterations Maximum number of iterations allowed for an NSEC3 record
-#
-# nsec3-max-iterations=150
-
-#################################
-# packetcache-servfail-ttl maximum number of seconds to keep a cached servfail entry in packetcache
-#
-# packetcache-servfail-ttl=60
-
-#################################
-# packetcache-ttl maximum number of seconds to keep a cached entry in packetcache
-#
-# packetcache-ttl=3600
-
-#################################
-# pdns-distributes-queries If PowerDNS itself should distribute queries over threads
-#
-# pdns-distributes-queries=yes
-
-#################################
-# processes Launch this number of processes (EXPERIMENTAL, DO NOT CHANGE)
-#
-# processes=1
-
-#################################
-# protobuf-use-kernel-timestamp Compute the latency of queries in protobuf messages by using the timestamp set by the kernel when the query was received (when available)
-#
-# protobuf-use-kernel-timestamp=
-
-#################################
-# proxy-protocol-from A Proxy Protocol header is only allowed from these subnets
-#
-# proxy-protocol-from=
-
-#################################
-# proxy-protocol-maximum-size The maximum size of a proxy protocol payload, including the TLV values
-#
-# proxy-protocol-maximum-size=512
-
-#################################
-# public-suffix-list-file Path to the Public Suffix List file, if any
-#
-# public-suffix-list-file=
-
-#################################
-# qname-minimization Use Query Name Minimization
-#
-# qname-minimization=yes
-
-#################################
-# query-local-address Source IP address for sending queries
-#
-# query-local-address=0.0.0.0
-
-#################################
-# quiet Suppress logging of questions and answers
-#
-# quiet=
-
-#################################
-# record-cache-shards Number of shards in the record cache
-#
-# record-cache-shards=1024
-
-#################################
-# refresh-on-ttl-perc If a record is requested from the cache and only this % of original TTL remains, refetch
-#
-# refresh-on-ttl-perc=0
-
-#################################
-# reuseport Enable SO_REUSEPORT allowing multiple recursors processes to listen to 1 address
-#
-# reuseport=no
-
-#################################
-# rng Specify random number generator to use. Valid values are auto,sodium,openssl,getrandom,arc4random,urandom.
-#
-# rng=auto
-
-#################################
-# root-nx-trust If set, believe that an NXDOMAIN from the root means the TLD does not exist
-#
-# root-nx-trust=yes
-
-#################################
-# security-poll-suffix Domain name from which to query security update notifications
-#
-# security-poll-suffix=secpoll.powerdns.com.
-
-#################################
-# serve-rfc1918 If we should be authoritative for RFC 1918 private IP space
-#
-# serve-rfc1918=yes
-
-#################################
-# server-down-max-fails Maximum number of consecutive timeouts (and unreachables) to mark a server as down ( 0 => disabled )
-#
-# server-down-max-fails=64
-
-#################################
-# server-down-throttle-time Number of seconds to throttle all queries to a server after being marked as down
-#
-# server-down-throttle-time=60
-
-#################################
-# server-id Returned when queried for 'id.server' TXT or NSID, defaults to hostname, set custom or 'disabled'
-#
-# server-id=
-
-#################################
-# setgid If set, change group id to this gid for more security. When running inside systemd, use the User and Group settings in the unit-file!
-#
-# setgid=
-
-#################################
-# setuid If set, change user id to this uid for more security. When running inside systemd, use the User and Group settings in the unit-file!
-#
-# setuid=
-
-#################################
-# signature-inception-skew Allow the signature inception to be off by this number of seconds
-#
-# signature-inception-skew=60
-
-#################################
-# single-socket If set, only use a single socket for outgoing queries
-#
-# single-socket=off
-
-#################################
-# snmp-agent If set, register as an SNMP agent
-#
-# snmp-agent=no
-
-#################################
-# snmp-daemon-socket If set and snmp-agent is set, the socket to use to register to the SNMP daemon
-#
-# snmp-daemon-socket=
-
-#################################
-# snmp-master-socket If set and snmp-agent is set, the socket to use to register to the SNMP daemon (deprecated)
-#
-# snmp-master-socket=
-
-#################################
-# soa-minimum-ttl Don't change
-#
-# soa-minimum-ttl=0
-
-#################################
-# socket-dir Where the controlsocket will live, /var/run/pdns-recursor when unset and not chrooted. Set to the RUNTIME_DIRECTORY environment variable when that variable has a value (e.g. under systemd).
-#
-# socket-dir=
-
-#################################
-# socket-group Group of socket
-#
-# socket-group=
-
-#################################
-# socket-mode Permissions for socket
-#
-# socket-mode=
-
-#################################
-# socket-owner Owner of socket
-#
-# socket-owner=
-
-#################################
-# spoof-nearmiss-max If non-zero, assume spoofing after this many near misses
-#
-# spoof-nearmiss-max=1
-
-#################################
-# stack-size stack size per mthread
-#
-# stack-size=200000
-
-#################################
-# statistics-interval Number of seconds between printing of recursor statistics, 0 to disable
-#
-# statistics-interval=1800
-
-#################################
-# stats-api-blacklist List of statistics that are disabled when retrieving the complete list of statistics via the API (deprecated)
-#
-# stats-api-blacklist=cache-bytes, packetcache-bytes, special-memory-usage, ecs-v4-response-bits-1, ecs-v4-response-bits-2, ecs-v4-response-bits-3, ecs-v4-response-bits-4, ecs-v4-response-bits-5, ecs-v4-response-bits-6, ecs-v4-response-bits-7, ecs-v4-response-bits-8, ecs-v4-response-bits-9, ecs-v4-response-bits-10, ecs-v4-response-bits-11, ecs-v4-response-bits-12, ecs-v4-response-bits-13, ecs-v4-response-bits-14, ecs-v4-response-bits-15, ecs-v4-response-bits-16, ecs-v4-response-bits-17, ecs-v4-response-bits-18, ecs-v4-response-bits-19, ecs-v4-response-bits-20, ecs-v4-response-bits-21, ecs-v4-response-bits-22, ecs-v4-response-bits-23, ecs-v4-response-bits-24, ecs-v4-response-bits-25, ecs-v4-response-bits-26, ecs-v4-response-bits-27, ecs-v4-response-bits-28, ecs-v4-response-bits-29, ecs-v4-response-bits-30, ecs-v4-response-bits-31, ecs-v4-response-bits-32, ecs-v6-response-bits-1, ecs-v6-response-bits-2, ecs-v6-response-bits-3, ecs-v6-response-bits-4, ecs-v6-response-bits-5, ecs-v6-response-bits-6, ecs-v6-response-bits-7, ecs-v6-response-bits-8, ecs-v6-response-bits-9, ecs-v6-response-bits-10, ecs-v6-response-bits-11, ecs-v6-response-bits-12, ecs-v6-response-bits-13, ecs-v6-response-bits-14, ecs-v6-response-bits-15, ecs-v6-response-bits-16, ecs-v6-response-bits-17, ecs-v6-response-bits-18, ecs-v6-response-bits-19, ecs-v6-response-bits-20, ecs-v6-response-bits-21, ecs-v6-response-bits-22, ecs-v6-response-bits-23, ecs-v6-response-bits-24, ecs-v6-response-bits-25, ecs-v6-response-bits-26, ecs-v6-response-bits-27, ecs-v6-response-bits-28, ecs-v6-response-bits-29, ecs-v6-response-bits-30, ecs-v6-response-bits-31, ecs-v6-response-bits-32, ecs-v6-response-bits-33, ecs-v6-response-bits-34, ecs-v6-response-bits-35, ecs-v6-response-bits-36, ecs-v6-response-bits-37, ecs-v6-response-bits-38, ecs-v6-response-bits-39, ecs-v6-response-bits-40, ecs-v6-response-bits-41, ecs-v6-response-bits-42, ecs-v6-response-bits-43, ecs-v6-response-bits-44, ecs-v6-response-bits-45, ecs-v6-response-bits-46, ecs-v6-response-bits-47, ecs-v6-response-bits-48, ecs-v6-response-bits-49, ecs-v6-response-bits-50, ecs-v6-response-bits-51, ecs-v6-response-bits-52, ecs-v6-response-bits-53, ecs-v6-response-bits-54, ecs-v6-response-bits-55, ecs-v6-response-bits-56, ecs-v6-response-bits-57, ecs-v6-response-bits-58, ecs-v6-response-bits-59, ecs-v6-response-bits-60, ecs-v6-response-bits-61, ecs-v6-response-bits-62, ecs-v6-response-bits-63, ecs-v6-response-bits-64, ecs-v6-response-bits-65, ecs-v6-response-bits-66, ecs-v6-response-bits-67, ecs-v6-response-bits-68, ecs-v6-response-bits-69, ecs-v6-response-bits-70, ecs-v6-response-bits-71, ecs-v6-response-bits-72, ecs-v6-response-bits-73, ecs-v6-response-bits-74, ecs-v6-response-bits-75, ecs-v6-response-bits-76, ecs-v6-response-bits-77, ecs-v6-response-bits-78, ecs-v6-response-bits-79, ecs-v6-response-bits-80, ecs-v6-response-bits-81, ecs-v6-response-bits-82, ecs-v6-response-bits-83, ecs-v6-response-bits-84, ecs-v6-response-bits-85, ecs-v6-response-bits-86, ecs-v6-response-bits-87, ecs-v6-response-bits-88, ecs-v6-response-bits-89, ecs-v6-response-bits-90, ecs-v6-response-bits-91, ecs-v6-response-bits-92, ecs-v6-response-bits-93, ecs-v6-response-bits-94, ecs-v6-response-bits-95, ecs-v6-response-bits-96, ecs-v6-response-bits-97, ecs-v6-response-bits-98, ecs-v6-response-bits-99, ecs-v6-response-bits-100, ecs-v6-response-bits-101, ecs-v6-response-bits-102, ecs-v6-response-bits-103, ecs-v6-response-bits-104, ecs-v6-response-bits-105, ecs-v6-response-bits-106, ecs-v6-response-bits-107, ecs-v6-response-bits-108, ecs-v6-response-bits-109, ecs-v6-response-bits-110, ecs-v6-response-bits-111, ecs-v6-response-bits-112, ecs-v6-response-bits-113, ecs-v6-response-bits-114, ecs-v6-response-bits-115, ecs-v6-response-bits-116, ecs-v6-response-bits-117, ecs-v6-response-bits-118, ecs-v6-response-bits-119, ecs-v6-response-bits-120, ecs-v6-response-bits-121, ecs-v6-response-bits-122, ecs-v6-response-bits-123, ecs-v6-response-bits-124, ecs-v6-response-bits-125, ecs-v6-response-bits-126, ecs-v6-response-bits-127, ecs-v6-response-bits-128
-
-#################################
-# stats-api-disabled-list List of statistics that are disabled when retrieving the complete list of statistics via the API
-#
-# stats-api-disabled-list=cache-bytes, packetcache-bytes, special-memory-usage, ecs-v4-response-bits-1, ecs-v4-response-bits-2, ecs-v4-response-bits-3, ecs-v4-response-bits-4, ecs-v4-response-bits-5, ecs-v4-response-bits-6, ecs-v4-response-bits-7, ecs-v4-response-bits-8, ecs-v4-response-bits-9, ecs-v4-response-bits-10, ecs-v4-response-bits-11, ecs-v4-response-bits-12, ecs-v4-response-bits-13, ecs-v4-response-bits-14, ecs-v4-response-bits-15, ecs-v4-response-bits-16, ecs-v4-response-bits-17, ecs-v4-response-bits-18, ecs-v4-response-bits-19, ecs-v4-response-bits-20, ecs-v4-response-bits-21, ecs-v4-response-bits-22, ecs-v4-response-bits-23, ecs-v4-response-bits-24, ecs-v4-response-bits-25, ecs-v4-response-bits-26, ecs-v4-response-bits-27, ecs-v4-response-bits-28, ecs-v4-response-bits-29, ecs-v4-response-bits-30, ecs-v4-response-bits-31, ecs-v4-response-bits-32, ecs-v6-response-bits-1, ecs-v6-response-bits-2, ecs-v6-response-bits-3, ecs-v6-response-bits-4, ecs-v6-response-bits-5, ecs-v6-response-bits-6, ecs-v6-response-bits-7, ecs-v6-response-bits-8, ecs-v6-response-bits-9, ecs-v6-response-bits-10, ecs-v6-response-bits-11, ecs-v6-response-bits-12, ecs-v6-response-bits-13, ecs-v6-response-bits-14, ecs-v6-response-bits-15, ecs-v6-response-bits-16, ecs-v6-response-bits-17, ecs-v6-response-bits-18, ecs-v6-response-bits-19, ecs-v6-response-bits-20, ecs-v6-response-bits-21, ecs-v6-response-bits-22, ecs-v6-response-bits-23, ecs-v6-response-bits-24, ecs-v6-response-bits-25, ecs-v6-response-bits-26, ecs-v6-response-bits-27, ecs-v6-response-bits-28, ecs-v6-response-bits-29, ecs-v6-response-bits-30, ecs-v6-response-bits-31, ecs-v6-response-bits-32, ecs-v6-response-bits-33, ecs-v6-response-bits-34, ecs-v6-response-bits-35, ecs-v6-response-bits-36, ecs-v6-response-bits-37, ecs-v6-response-bits-38, ecs-v6-response-bits-39, ecs-v6-response-bits-40, ecs-v6-response-bits-41, ecs-v6-response-bits-42, ecs-v6-response-bits-43, ecs-v6-response-bits-44, ecs-v6-response-bits-45, ecs-v6-response-bits-46, ecs-v6-response-bits-47, ecs-v6-response-bits-48, ecs-v6-response-bits-49, ecs-v6-response-bits-50, ecs-v6-response-bits-51, ecs-v6-response-bits-52, ecs-v6-response-bits-53, ecs-v6-response-bits-54, ecs-v6-response-bits-55, ecs-v6-response-bits-56, ecs-v6-response-bits-57, ecs-v6-response-bits-58, ecs-v6-response-bits-59, ecs-v6-response-bits-60, ecs-v6-response-bits-61, ecs-v6-response-bits-62, ecs-v6-response-bits-63, ecs-v6-response-bits-64, ecs-v6-response-bits-65, ecs-v6-response-bits-66, ecs-v6-response-bits-67, ecs-v6-response-bits-68, ecs-v6-response-bits-69, ecs-v6-response-bits-70, ecs-v6-response-bits-71, ecs-v6-response-bits-72, ecs-v6-response-bits-73, ecs-v6-response-bits-74, ecs-v6-response-bits-75, ecs-v6-response-bits-76, ecs-v6-response-bits-77, ecs-v6-response-bits-78, ecs-v6-response-bits-79, ecs-v6-response-bits-80, ecs-v6-response-bits-81, ecs-v6-response-bits-82, ecs-v6-response-bits-83, ecs-v6-response-bits-84, ecs-v6-response-bits-85, ecs-v6-response-bits-86, ecs-v6-response-bits-87, ecs-v6-response-bits-88, ecs-v6-response-bits-89, ecs-v6-response-bits-90, ecs-v6-response-bits-91, ecs-v6-response-bits-92, ecs-v6-response-bits-93, ecs-v6-response-bits-94, ecs-v6-response-bits-95, ecs-v6-response-bits-96, ecs-v6-response-bits-97, ecs-v6-response-bits-98, ecs-v6-response-bits-99, ecs-v6-response-bits-100, ecs-v6-response-bits-101, ecs-v6-response-bits-102, ecs-v6-response-bits-103, ecs-v6-response-bits-104, ecs-v6-response-bits-105, ecs-v6-response-bits-106, ecs-v6-response-bits-107, ecs-v6-response-bits-108, ecs-v6-response-bits-109, ecs-v6-response-bits-110, ecs-v6-response-bits-111, ecs-v6-response-bits-112, ecs-v6-response-bits-113, ecs-v6-response-bits-114, ecs-v6-response-bits-115, ecs-v6-response-bits-116, ecs-v6-response-bits-117, ecs-v6-response-bits-118, ecs-v6-response-bits-119, ecs-v6-response-bits-120, ecs-v6-response-bits-121, ecs-v6-response-bits-122, ecs-v6-response-bits-123, ecs-v6-response-bits-124, ecs-v6-response-bits-125, ecs-v6-response-bits-126, ecs-v6-response-bits-127, ecs-v6-response-bits-128
-
-#################################
-# stats-carbon-blacklist List of statistics that are prevented from being exported via Carbon (deprecated)
-#
-# stats-carbon-blacklist=cache-bytes, packetcache-bytes, special-memory-usage, ecs-v4-response-bits-1, ecs-v4-response-bits-2, ecs-v4-response-bits-3, ecs-v4-response-bits-4, ecs-v4-response-bits-5, ecs-v4-response-bits-6, ecs-v4-response-bits-7, ecs-v4-response-bits-8, ecs-v4-response-bits-9, ecs-v4-response-bits-10, ecs-v4-response-bits-11, ecs-v4-response-bits-12, ecs-v4-response-bits-13, ecs-v4-response-bits-14, ecs-v4-response-bits-15, ecs-v4-response-bits-16, ecs-v4-response-bits-17, ecs-v4-response-bits-18, ecs-v4-response-bits-19, ecs-v4-response-bits-20, ecs-v4-response-bits-21, ecs-v4-response-bits-22, ecs-v4-response-bits-23, ecs-v4-response-bits-24, ecs-v4-response-bits-25, ecs-v4-response-bits-26, ecs-v4-response-bits-27, ecs-v4-response-bits-28, ecs-v4-response-bits-29, ecs-v4-response-bits-30, ecs-v4-response-bits-31, ecs-v4-response-bits-32, ecs-v6-response-bits-1, ecs-v6-response-bits-2, ecs-v6-response-bits-3, ecs-v6-response-bits-4, ecs-v6-response-bits-5, ecs-v6-response-bits-6, ecs-v6-response-bits-7, ecs-v6-response-bits-8, ecs-v6-response-bits-9, ecs-v6-response-bits-10, ecs-v6-response-bits-11, ecs-v6-response-bits-12, ecs-v6-response-bits-13, ecs-v6-response-bits-14, ecs-v6-response-bits-15, ecs-v6-response-bits-16, ecs-v6-response-bits-17, ecs-v6-response-bits-18, ecs-v6-response-bits-19, ecs-v6-response-bits-20, ecs-v6-response-bits-21, ecs-v6-response-bits-22, ecs-v6-response-bits-23, ecs-v6-response-bits-24, ecs-v6-response-bits-25, ecs-v6-response-bits-26, ecs-v6-response-bits-27, ecs-v6-response-bits-28, ecs-v6-response-bits-29, ecs-v6-response-bits-30, ecs-v6-response-bits-31, ecs-v6-response-bits-32, ecs-v6-response-bits-33, ecs-v6-response-bits-34, ecs-v6-response-bits-35, ecs-v6-response-bits-36, ecs-v6-response-bits-37, ecs-v6-response-bits-38, ecs-v6-response-bits-39, ecs-v6-response-bits-40, ecs-v6-response-bits-41, ecs-v6-response-bits-42, ecs-v6-response-bits-43, ecs-v6-response-bits-44, ecs-v6-response-bits-45, ecs-v6-response-bits-46, ecs-v6-response-bits-47, ecs-v6-response-bits-48, ecs-v6-response-bits-49, ecs-v6-response-bits-50, ecs-v6-response-bits-51, ecs-v6-response-bits-52, ecs-v6-response-bits-53, ecs-v6-response-bits-54, ecs-v6-response-bits-55, ecs-v6-response-bits-56, ecs-v6-response-bits-57, ecs-v6-response-bits-58, ecs-v6-response-bits-59, ecs-v6-response-bits-60, ecs-v6-response-bits-61, ecs-v6-response-bits-62, ecs-v6-response-bits-63, ecs-v6-response-bits-64, ecs-v6-response-bits-65, ecs-v6-response-bits-66, ecs-v6-response-bits-67, ecs-v6-response-bits-68, ecs-v6-response-bits-69, ecs-v6-response-bits-70, ecs-v6-response-bits-71, ecs-v6-response-bits-72, ecs-v6-response-bits-73, ecs-v6-response-bits-74, ecs-v6-response-bits-75, ecs-v6-response-bits-76, ecs-v6-response-bits-77, ecs-v6-response-bits-78, ecs-v6-response-bits-79, ecs-v6-response-bits-80, ecs-v6-response-bits-81, ecs-v6-response-bits-82, ecs-v6-response-bits-83, ecs-v6-response-bits-84, ecs-v6-response-bits-85, ecs-v6-response-bits-86, ecs-v6-response-bits-87, ecs-v6-response-bits-88, ecs-v6-response-bits-89, ecs-v6-response-bits-90, ecs-v6-response-bits-91, ecs-v6-response-bits-92, ecs-v6-response-bits-93, ecs-v6-response-bits-94, ecs-v6-response-bits-95, ecs-v6-response-bits-96, ecs-v6-response-bits-97, ecs-v6-response-bits-98, ecs-v6-response-bits-99, ecs-v6-response-bits-100, ecs-v6-response-bits-101, ecs-v6-response-bits-102, ecs-v6-response-bits-103, ecs-v6-response-bits-104, ecs-v6-response-bits-105, ecs-v6-response-bits-106, ecs-v6-response-bits-107, ecs-v6-response-bits-108, ecs-v6-response-bits-109, ecs-v6-response-bits-110, ecs-v6-response-bits-111, ecs-v6-response-bits-112, ecs-v6-response-bits-113, ecs-v6-response-bits-114, ecs-v6-response-bits-115, ecs-v6-response-bits-116, ecs-v6-response-bits-117, ecs-v6-response-bits-118, ecs-v6-response-bits-119, ecs-v6-response-bits-120, ecs-v6-response-bits-121, ecs-v6-response-bits-122, ecs-v6-response-bits-123, ecs-v6-response-bits-124, ecs-v6-response-bits-125, ecs-v6-response-bits-126, ecs-v6-response-bits-127, ecs-v6-response-bits-128, cumul-clientanswers, cumul-authanswers, policy-hits
-
-#################################
-# stats-carbon-disabled-list List of statistics that are prevented from being exported via Carbon
-#
-# stats-carbon-disabled-list=cache-bytes, packetcache-bytes, special-memory-usage, ecs-v4-response-bits-1, ecs-v4-response-bits-2, ecs-v4-response-bits-3, ecs-v4-response-bits-4, ecs-v4-response-bits-5, ecs-v4-response-bits-6, ecs-v4-response-bits-7, ecs-v4-response-bits-8, ecs-v4-response-bits-9, ecs-v4-response-bits-10, ecs-v4-response-bits-11, ecs-v4-response-bits-12, ecs-v4-response-bits-13, ecs-v4-response-bits-14, ecs-v4-response-bits-15, ecs-v4-response-bits-16, ecs-v4-response-bits-17, ecs-v4-response-bits-18, ecs-v4-response-bits-19, ecs-v4-response-bits-20, ecs-v4-response-bits-21, ecs-v4-response-bits-22, ecs-v4-response-bits-23, ecs-v4-response-bits-24, ecs-v4-response-bits-25, ecs-v4-response-bits-26, ecs-v4-response-bits-27, ecs-v4-response-bits-28, ecs-v4-response-bits-29, ecs-v4-response-bits-30, ecs-v4-response-bits-31, ecs-v4-response-bits-32, ecs-v6-response-bits-1, ecs-v6-response-bits-2, ecs-v6-response-bits-3, ecs-v6-response-bits-4, ecs-v6-response-bits-5, ecs-v6-response-bits-6, ecs-v6-response-bits-7, ecs-v6-response-bits-8, ecs-v6-response-bits-9, ecs-v6-response-bits-10, ecs-v6-response-bits-11, ecs-v6-response-bits-12, ecs-v6-response-bits-13, ecs-v6-response-bits-14, ecs-v6-response-bits-15, ecs-v6-response-bits-16, ecs-v6-response-bits-17, ecs-v6-response-bits-18, ecs-v6-response-bits-19, ecs-v6-response-bits-20, ecs-v6-response-bits-21, ecs-v6-response-bits-22, ecs-v6-response-bits-23, ecs-v6-response-bits-24, ecs-v6-response-bits-25, ecs-v6-response-bits-26, ecs-v6-response-bits-27, ecs-v6-response-bits-28, ecs-v6-response-bits-29, ecs-v6-response-bits-30, ecs-v6-response-bits-31, ecs-v6-response-bits-32, ecs-v6-response-bits-33, ecs-v6-response-bits-34, ecs-v6-response-bits-35, ecs-v6-response-bits-36, ecs-v6-response-bits-37, ecs-v6-response-bits-38, ecs-v6-response-bits-39, ecs-v6-response-bits-40, ecs-v6-response-bits-41, ecs-v6-response-bits-42, ecs-v6-response-bits-43, ecs-v6-response-bits-44, ecs-v6-response-bits-45, ecs-v6-response-bits-46, ecs-v6-response-bits-47, ecs-v6-response-bits-48, ecs-v6-response-bits-49, ecs-v6-response-bits-50, ecs-v6-response-bits-51, ecs-v6-response-bits-52, ecs-v6-response-bits-53, ecs-v6-response-bits-54, ecs-v6-response-bits-55, ecs-v6-response-bits-56, ecs-v6-response-bits-57, ecs-v6-response-bits-58, ecs-v6-response-bits-59, ecs-v6-response-bits-60, ecs-v6-response-bits-61, ecs-v6-response-bits-62, ecs-v6-response-bits-63, ecs-v6-response-bits-64, ecs-v6-response-bits-65, ecs-v6-response-bits-66, ecs-v6-response-bits-67, ecs-v6-response-bits-68, ecs-v6-response-bits-69, ecs-v6-response-bits-70, ecs-v6-response-bits-71, ecs-v6-response-bits-72, ecs-v6-response-bits-73, ecs-v6-response-bits-74, ecs-v6-response-bits-75, ecs-v6-response-bits-76, ecs-v6-response-bits-77, ecs-v6-response-bits-78, ecs-v6-response-bits-79, ecs-v6-response-bits-80, ecs-v6-response-bits-81, ecs-v6-response-bits-82, ecs-v6-response-bits-83, ecs-v6-response-bits-84, ecs-v6-response-bits-85, ecs-v6-response-bits-86, ecs-v6-response-bits-87, ecs-v6-response-bits-88, ecs-v6-response-bits-89, ecs-v6-response-bits-90, ecs-v6-response-bits-91, ecs-v6-response-bits-92, ecs-v6-response-bits-93, ecs-v6-response-bits-94, ecs-v6-response-bits-95, ecs-v6-response-bits-96, ecs-v6-response-bits-97, ecs-v6-response-bits-98, ecs-v6-response-bits-99, ecs-v6-response-bits-100, ecs-v6-response-bits-101, ecs-v6-response-bits-102, ecs-v6-response-bits-103, ecs-v6-response-bits-104, ecs-v6-response-bits-105, ecs-v6-response-bits-106, ecs-v6-response-bits-107, ecs-v6-response-bits-108, ecs-v6-response-bits-109, ecs-v6-response-bits-110, ecs-v6-response-bits-111, ecs-v6-response-bits-112, ecs-v6-response-bits-113, ecs-v6-response-bits-114, ecs-v6-response-bits-115, ecs-v6-response-bits-116, ecs-v6-response-bits-117, ecs-v6-response-bits-118, ecs-v6-response-bits-119, ecs-v6-response-bits-120, ecs-v6-response-bits-121, ecs-v6-response-bits-122, ecs-v6-response-bits-123, ecs-v6-response-bits-124, ecs-v6-response-bits-125, ecs-v6-response-bits-126, ecs-v6-response-bits-127, ecs-v6-response-bits-128, cumul-clientanswers, cumul-authanswers, policy-hits
-
-#################################
-# stats-rec-control-blacklist List of statistics that are prevented from being exported via rec_control get-all (deprecated)
-#
-# stats-rec-control-blacklist=cache-bytes, packetcache-bytes, special-memory-usage, ecs-v4-response-bits-1, ecs-v4-response-bits-2, ecs-v4-response-bits-3, ecs-v4-response-bits-4, ecs-v4-response-bits-5, ecs-v4-response-bits-6, ecs-v4-response-bits-7, ecs-v4-response-bits-8, ecs-v4-response-bits-9, ecs-v4-response-bits-10, ecs-v4-response-bits-11, ecs-v4-response-bits-12, ecs-v4-response-bits-13, ecs-v4-response-bits-14, ecs-v4-response-bits-15, ecs-v4-response-bits-16, ecs-v4-response-bits-17, ecs-v4-response-bits-18, ecs-v4-response-bits-19, ecs-v4-response-bits-20, ecs-v4-response-bits-21, ecs-v4-response-bits-22, ecs-v4-response-bits-23, ecs-v4-response-bits-24, ecs-v4-response-bits-25, ecs-v4-response-bits-26, ecs-v4-response-bits-27, ecs-v4-response-bits-28, ecs-v4-response-bits-29, ecs-v4-response-bits-30, ecs-v4-response-bits-31, ecs-v4-response-bits-32, ecs-v6-response-bits-1, ecs-v6-response-bits-2, ecs-v6-response-bits-3, ecs-v6-response-bits-4, ecs-v6-response-bits-5, ecs-v6-response-bits-6, ecs-v6-response-bits-7, ecs-v6-response-bits-8, ecs-v6-response-bits-9, ecs-v6-response-bits-10, ecs-v6-response-bits-11, ecs-v6-response-bits-12, ecs-v6-response-bits-13, ecs-v6-response-bits-14, ecs-v6-response-bits-15, ecs-v6-response-bits-16, ecs-v6-response-bits-17, ecs-v6-response-bits-18, ecs-v6-response-bits-19, ecs-v6-response-bits-20, ecs-v6-response-bits-21, ecs-v6-response-bits-22, ecs-v6-response-bits-23, ecs-v6-response-bits-24, ecs-v6-response-bits-25, ecs-v6-response-bits-26, ecs-v6-response-bits-27, ecs-v6-response-bits-28, ecs-v6-response-bits-29, ecs-v6-response-bits-30, ecs-v6-response-bits-31, ecs-v6-response-bits-32, ecs-v6-response-bits-33, ecs-v6-response-bits-34, ecs-v6-response-bits-35, ecs-v6-response-bits-36, ecs-v6-response-bits-37, ecs-v6-response-bits-38, ecs-v6-response-bits-39, ecs-v6-response-bits-40, ecs-v6-response-bits-41, ecs-v6-response-bits-42, ecs-v6-response-bits-43, ecs-v6-response-bits-44, ecs-v6-response-bits-45, ecs-v6-response-bits-46, ecs-v6-response-bits-47, ecs-v6-response-bits-48, ecs-v6-response-bits-49, ecs-v6-response-bits-50, ecs-v6-response-bits-51, ecs-v6-response-bits-52, ecs-v6-response-bits-53, ecs-v6-response-bits-54, ecs-v6-response-bits-55, ecs-v6-response-bits-56, ecs-v6-response-bits-57, ecs-v6-response-bits-58, ecs-v6-response-bits-59, ecs-v6-response-bits-60, ecs-v6-response-bits-61, ecs-v6-response-bits-62, ecs-v6-response-bits-63, ecs-v6-response-bits-64, ecs-v6-response-bits-65, ecs-v6-response-bits-66, ecs-v6-response-bits-67, ecs-v6-response-bits-68, ecs-v6-response-bits-69, ecs-v6-response-bits-70, ecs-v6-response-bits-71, ecs-v6-response-bits-72, ecs-v6-response-bits-73, ecs-v6-response-bits-74, ecs-v6-response-bits-75, ecs-v6-response-bits-76, ecs-v6-response-bits-77, ecs-v6-response-bits-78, ecs-v6-response-bits-79, ecs-v6-response-bits-80, ecs-v6-response-bits-81, ecs-v6-response-bits-82, ecs-v6-response-bits-83, ecs-v6-response-bits-84, ecs-v6-response-bits-85, ecs-v6-response-bits-86, ecs-v6-response-bits-87, ecs-v6-response-bits-88, ecs-v6-response-bits-89, ecs-v6-response-bits-90, ecs-v6-response-bits-91, ecs-v6-response-bits-92, ecs-v6-response-bits-93, ecs-v6-response-bits-94, ecs-v6-response-bits-95, ecs-v6-response-bits-96, ecs-v6-response-bits-97, ecs-v6-response-bits-98, ecs-v6-response-bits-99, ecs-v6-response-bits-100, ecs-v6-response-bits-101, ecs-v6-response-bits-102, ecs-v6-response-bits-103, ecs-v6-response-bits-104, ecs-v6-response-bits-105, ecs-v6-response-bits-106, ecs-v6-response-bits-107, ecs-v6-response-bits-108, ecs-v6-response-bits-109, ecs-v6-response-bits-110, ecs-v6-response-bits-111, ecs-v6-response-bits-112, ecs-v6-response-bits-113, ecs-v6-response-bits-114, ecs-v6-response-bits-115, ecs-v6-response-bits-116, ecs-v6-response-bits-117, ecs-v6-response-bits-118, ecs-v6-response-bits-119, ecs-v6-response-bits-120, ecs-v6-response-bits-121, ecs-v6-response-bits-122, ecs-v6-response-bits-123, ecs-v6-response-bits-124, ecs-v6-response-bits-125, ecs-v6-response-bits-126, ecs-v6-response-bits-127, ecs-v6-response-bits-128, cumul-clientanswers, cumul-authanswers, policy-hits
-
-#################################
-# stats-rec-control-disabled-list List of statistics that are prevented from being exported via rec_control get-all
-#
-# stats-rec-control-disabled-list=cache-bytes, packetcache-bytes, special-memory-usage, ecs-v4-response-bits-1, ecs-v4-response-bits-2, ecs-v4-response-bits-3, ecs-v4-response-bits-4, ecs-v4-response-bits-5, ecs-v4-response-bits-6, ecs-v4-response-bits-7, ecs-v4-response-bits-8, ecs-v4-response-bits-9, ecs-v4-response-bits-10, ecs-v4-response-bits-11, ecs-v4-response-bits-12, ecs-v4-response-bits-13, ecs-v4-response-bits-14, ecs-v4-response-bits-15, ecs-v4-response-bits-16, ecs-v4-response-bits-17, ecs-v4-response-bits-18, ecs-v4-response-bits-19, ecs-v4-response-bits-20, ecs-v4-response-bits-21, ecs-v4-response-bits-22, ecs-v4-response-bits-23, ecs-v4-response-bits-24, ecs-v4-response-bits-25, ecs-v4-response-bits-26, ecs-v4-response-bits-27, ecs-v4-response-bits-28, ecs-v4-response-bits-29, ecs-v4-response-bits-30, ecs-v4-response-bits-31, ecs-v4-response-bits-32, ecs-v6-response-bits-1, ecs-v6-response-bits-2, ecs-v6-response-bits-3, ecs-v6-response-bits-4, ecs-v6-response-bits-5, ecs-v6-response-bits-6, ecs-v6-response-bits-7, ecs-v6-response-bits-8, ecs-v6-response-bits-9, ecs-v6-response-bits-10, ecs-v6-response-bits-11, ecs-v6-response-bits-12, ecs-v6-response-bits-13, ecs-v6-response-bits-14, ecs-v6-response-bits-15, ecs-v6-response-bits-16, ecs-v6-response-bits-17, ecs-v6-response-bits-18, ecs-v6-response-bits-19, ecs-v6-response-bits-20, ecs-v6-response-bits-21, ecs-v6-response-bits-22, ecs-v6-response-bits-23, ecs-v6-response-bits-24, ecs-v6-response-bits-25, ecs-v6-response-bits-26, ecs-v6-response-bits-27, ecs-v6-response-bits-28, ecs-v6-response-bits-29, ecs-v6-response-bits-30, ecs-v6-response-bits-31, ecs-v6-response-bits-32, ecs-v6-response-bits-33, ecs-v6-response-bits-34, ecs-v6-response-bits-35, ecs-v6-response-bits-36, ecs-v6-response-bits-37, ecs-v6-response-bits-38, ecs-v6-response-bits-39, ecs-v6-response-bits-40, ecs-v6-response-bits-41, ecs-v6-response-bits-42, ecs-v6-response-bits-43, ecs-v6-response-bits-44, ecs-v6-response-bits-45, ecs-v6-response-bits-46, ecs-v6-response-bits-47, ecs-v6-response-bits-48, ecs-v6-response-bits-49, ecs-v6-response-bits-50, ecs-v6-response-bits-51, ecs-v6-response-bits-52, ecs-v6-response-bits-53, ecs-v6-response-bits-54, ecs-v6-response-bits-55, ecs-v6-response-bits-56, ecs-v6-response-bits-57, ecs-v6-response-bits-58, ecs-v6-response-bits-59, ecs-v6-response-bits-60, ecs-v6-response-bits-61, ecs-v6-response-bits-62, ecs-v6-response-bits-63, ecs-v6-response-bits-64, ecs-v6-response-bits-65, ecs-v6-response-bits-66, ecs-v6-response-bits-67, ecs-v6-response-bits-68, ecs-v6-response-bits-69, ecs-v6-response-bits-70, ecs-v6-response-bits-71, ecs-v6-response-bits-72, ecs-v6-response-bits-73, ecs-v6-response-bits-74, ecs-v6-response-bits-75, ecs-v6-response-bits-76, ecs-v6-response-bits-77, ecs-v6-response-bits-78, ecs-v6-response-bits-79, ecs-v6-response-bits-80, ecs-v6-response-bits-81, ecs-v6-response-bits-82, ecs-v6-response-bits-83, ecs-v6-response-bits-84, ecs-v6-response-bits-85, ecs-v6-response-bits-86, ecs-v6-response-bits-87, ecs-v6-response-bits-88, ecs-v6-response-bits-89, ecs-v6-response-bits-90, ecs-v6-response-bits-91, ecs-v6-response-bits-92, ecs-v6-response-bits-93, ecs-v6-response-bits-94, ecs-v6-response-bits-95, ecs-v6-response-bits-96, ecs-v6-response-bits-97, ecs-v6-response-bits-98, ecs-v6-response-bits-99, ecs-v6-response-bits-100, ecs-v6-response-bits-101, ecs-v6-response-bits-102, ecs-v6-response-bits-103, ecs-v6-response-bits-104, ecs-v6-response-bits-105, ecs-v6-response-bits-106, ecs-v6-response-bits-107, ecs-v6-response-bits-108, ecs-v6-response-bits-109, ecs-v6-response-bits-110, ecs-v6-response-bits-111, ecs-v6-response-bits-112, ecs-v6-response-bits-113, ecs-v6-response-bits-114, ecs-v6-response-bits-115, ecs-v6-response-bits-116, ecs-v6-response-bits-117, ecs-v6-response-bits-118, ecs-v6-response-bits-119, ecs-v6-response-bits-120, ecs-v6-response-bits-121, ecs-v6-response-bits-122, ecs-v6-response-bits-123, ecs-v6-response-bits-124, ecs-v6-response-bits-125, ecs-v6-response-bits-126, ecs-v6-response-bits-127, ecs-v6-response-bits-128, cumul-clientanswers, cumul-authanswers, policy-hits
-
-#################################
-# stats-ringbuffer-entries maximum number of packets to store statistics for
-#
-# stats-ringbuffer-entries=10000
-
-#################################
-# stats-snmp-blacklist List of statistics that are prevented from being exported via SNMP (deprecated)
-#
-# stats-snmp-blacklist=cache-bytes, packetcache-bytes, special-memory-usage, ecs-v4-response-bits-1, ecs-v4-response-bits-2, ecs-v4-response-bits-3, ecs-v4-response-bits-4, ecs-v4-response-bits-5, ecs-v4-response-bits-6, ecs-v4-response-bits-7, ecs-v4-response-bits-8, ecs-v4-response-bits-9, ecs-v4-response-bits-10, ecs-v4-response-bits-11, ecs-v4-response-bits-12, ecs-v4-response-bits-13, ecs-v4-response-bits-14, ecs-v4-response-bits-15, ecs-v4-response-bits-16, ecs-v4-response-bits-17, ecs-v4-response-bits-18, ecs-v4-response-bits-19, ecs-v4-response-bits-20, ecs-v4-response-bits-21, ecs-v4-response-bits-22, ecs-v4-response-bits-23, ecs-v4-response-bits-24, ecs-v4-response-bits-25, ecs-v4-response-bits-26, ecs-v4-response-bits-27, ecs-v4-response-bits-28, ecs-v4-response-bits-29, ecs-v4-response-bits-30, ecs-v4-response-bits-31, ecs-v4-response-bits-32, ecs-v6-response-bits-1, ecs-v6-response-bits-2, ecs-v6-response-bits-3, ecs-v6-response-bits-4, ecs-v6-response-bits-5, ecs-v6-response-bits-6, ecs-v6-response-bits-7, ecs-v6-response-bits-8, ecs-v6-response-bits-9, ecs-v6-response-bits-10, ecs-v6-response-bits-11, ecs-v6-response-bits-12, ecs-v6-response-bits-13, ecs-v6-response-bits-14, ecs-v6-response-bits-15, ecs-v6-response-bits-16, ecs-v6-response-bits-17, ecs-v6-response-bits-18, ecs-v6-response-bits-19, ecs-v6-response-bits-20, ecs-v6-response-bits-21, ecs-v6-response-bits-22, ecs-v6-response-bits-23, ecs-v6-response-bits-24, ecs-v6-response-bits-25, ecs-v6-response-bits-26, ecs-v6-response-bits-27, ecs-v6-response-bits-28, ecs-v6-response-bits-29, ecs-v6-response-bits-30, ecs-v6-response-bits-31, ecs-v6-response-bits-32, ecs-v6-response-bits-33, ecs-v6-response-bits-34, ecs-v6-response-bits-35, ecs-v6-response-bits-36, ecs-v6-response-bits-37, ecs-v6-response-bits-38, ecs-v6-response-bits-39, ecs-v6-response-bits-40, ecs-v6-response-bits-41, ecs-v6-response-bits-42, ecs-v6-response-bits-43, ecs-v6-response-bits-44, ecs-v6-response-bits-45, ecs-v6-response-bits-46, ecs-v6-response-bits-47, ecs-v6-response-bits-48, ecs-v6-response-bits-49, ecs-v6-response-bits-50, ecs-v6-response-bits-51, ecs-v6-response-bits-52, ecs-v6-response-bits-53, ecs-v6-response-bits-54, ecs-v6-response-bits-55, ecs-v6-response-bits-56, ecs-v6-response-bits-57, ecs-v6-response-bits-58, ecs-v6-response-bits-59, ecs-v6-response-bits-60, ecs-v6-response-bits-61, ecs-v6-response-bits-62, ecs-v6-response-bits-63, ecs-v6-response-bits-64, ecs-v6-response-bits-65, ecs-v6-response-bits-66, ecs-v6-response-bits-67, ecs-v6-response-bits-68, ecs-v6-response-bits-69, ecs-v6-response-bits-70, ecs-v6-response-bits-71, ecs-v6-response-bits-72, ecs-v6-response-bits-73, ecs-v6-response-bits-74, ecs-v6-response-bits-75, ecs-v6-response-bits-76, ecs-v6-response-bits-77, ecs-v6-response-bits-78, ecs-v6-response-bits-79, ecs-v6-response-bits-80, ecs-v6-response-bits-81, ecs-v6-response-bits-82, ecs-v6-response-bits-83, ecs-v6-response-bits-84, ecs-v6-response-bits-85, ecs-v6-response-bits-86, ecs-v6-response-bits-87, ecs-v6-response-bits-88, ecs-v6-response-bits-89, ecs-v6-response-bits-90, ecs-v6-response-bits-91, ecs-v6-response-bits-92, ecs-v6-response-bits-93, ecs-v6-response-bits-94, ecs-v6-response-bits-95, ecs-v6-response-bits-96, ecs-v6-response-bits-97, ecs-v6-response-bits-98, ecs-v6-response-bits-99, ecs-v6-response-bits-100, ecs-v6-response-bits-101, ecs-v6-response-bits-102, ecs-v6-response-bits-103, ecs-v6-response-bits-104, ecs-v6-response-bits-105, ecs-v6-response-bits-106, ecs-v6-response-bits-107, ecs-v6-response-bits-108, ecs-v6-response-bits-109, ecs-v6-response-bits-110, ecs-v6-response-bits-111, ecs-v6-response-bits-112, ecs-v6-response-bits-113, ecs-v6-response-bits-114, ecs-v6-response-bits-115, ecs-v6-response-bits-116, ecs-v6-response-bits-117, ecs-v6-response-bits-118, ecs-v6-response-bits-119, ecs-v6-response-bits-120, ecs-v6-response-bits-121, ecs-v6-response-bits-122, ecs-v6-response-bits-123, ecs-v6-response-bits-124, ecs-v6-response-bits-125, ecs-v6-response-bits-126, ecs-v6-response-bits-127, ecs-v6-response-bits-128, cumul-clientanswers, cumul-authanswers, policy-hits
-
-#################################
-# stats-snmp-disabled-list List of statistics that are prevented from being exported via SNMP
-#
-# stats-snmp-disabled-list=cache-bytes, packetcache-bytes, special-memory-usage, ecs-v4-response-bits-1, ecs-v4-response-bits-2, ecs-v4-response-bits-3, ecs-v4-response-bits-4, ecs-v4-response-bits-5, ecs-v4-response-bits-6, ecs-v4-response-bits-7, ecs-v4-response-bits-8, ecs-v4-response-bits-9, ecs-v4-response-bits-10, ecs-v4-response-bits-11, ecs-v4-response-bits-12, ecs-v4-response-bits-13, ecs-v4-response-bits-14, ecs-v4-response-bits-15, ecs-v4-response-bits-16, ecs-v4-response-bits-17, ecs-v4-response-bits-18, ecs-v4-response-bits-19, ecs-v4-response-bits-20, ecs-v4-response-bits-21, ecs-v4-response-bits-22, ecs-v4-response-bits-23, ecs-v4-response-bits-24, ecs-v4-response-bits-25, ecs-v4-response-bits-26, ecs-v4-response-bits-27, ecs-v4-response-bits-28, ecs-v4-response-bits-29, ecs-v4-response-bits-30, ecs-v4-response-bits-31, ecs-v4-response-bits-32, ecs-v6-response-bits-1, ecs-v6-response-bits-2, ecs-v6-response-bits-3, ecs-v6-response-bits-4, ecs-v6-response-bits-5, ecs-v6-response-bits-6, ecs-v6-response-bits-7, ecs-v6-response-bits-8, ecs-v6-response-bits-9, ecs-v6-response-bits-10, ecs-v6-response-bits-11, ecs-v6-response-bits-12, ecs-v6-response-bits-13, ecs-v6-response-bits-14, ecs-v6-response-bits-15, ecs-v6-response-bits-16, ecs-v6-response-bits-17, ecs-v6-response-bits-18, ecs-v6-response-bits-19, ecs-v6-response-bits-20, ecs-v6-response-bits-21, ecs-v6-response-bits-22, ecs-v6-response-bits-23, ecs-v6-response-bits-24, ecs-v6-response-bits-25, ecs-v6-response-bits-26, ecs-v6-response-bits-27, ecs-v6-response-bits-28, ecs-v6-response-bits-29, ecs-v6-response-bits-30, ecs-v6-response-bits-31, ecs-v6-response-bits-32, ecs-v6-response-bits-33, ecs-v6-response-bits-34, ecs-v6-response-bits-35, ecs-v6-response-bits-36, ecs-v6-response-bits-37, ecs-v6-response-bits-38, ecs-v6-response-bits-39, ecs-v6-response-bits-40, ecs-v6-response-bits-41, ecs-v6-response-bits-42, ecs-v6-response-bits-43, ecs-v6-response-bits-44, ecs-v6-response-bits-45, ecs-v6-response-bits-46, ecs-v6-response-bits-47, ecs-v6-response-bits-48, ecs-v6-response-bits-49, ecs-v6-response-bits-50, ecs-v6-response-bits-51, ecs-v6-response-bits-52, ecs-v6-response-bits-53, ecs-v6-response-bits-54, ecs-v6-response-bits-55, ecs-v6-response-bits-56, ecs-v6-response-bits-57, ecs-v6-response-bits-58, ecs-v6-response-bits-59, ecs-v6-response-bits-60, ecs-v6-response-bits-61, ecs-v6-response-bits-62, ecs-v6-response-bits-63, ecs-v6-response-bits-64, ecs-v6-response-bits-65, ecs-v6-response-bits-66, ecs-v6-response-bits-67, ecs-v6-response-bits-68, ecs-v6-response-bits-69, ecs-v6-response-bits-70, ecs-v6-response-bits-71, ecs-v6-response-bits-72, ecs-v6-response-bits-73, ecs-v6-response-bits-74, ecs-v6-response-bits-75, ecs-v6-response-bits-76, ecs-v6-response-bits-77, ecs-v6-response-bits-78, ecs-v6-response-bits-79, ecs-v6-response-bits-80, ecs-v6-response-bits-81, ecs-v6-response-bits-82, ecs-v6-response-bits-83, ecs-v6-response-bits-84, ecs-v6-response-bits-85, ecs-v6-response-bits-86, ecs-v6-response-bits-87, ecs-v6-response-bits-88, ecs-v6-response-bits-89, ecs-v6-response-bits-90, ecs-v6-response-bits-91, ecs-v6-response-bits-92, ecs-v6-response-bits-93, ecs-v6-response-bits-94, ecs-v6-response-bits-95, ecs-v6-response-bits-96, ecs-v6-response-bits-97, ecs-v6-response-bits-98, ecs-v6-response-bits-99, ecs-v6-response-bits-100, ecs-v6-response-bits-101, ecs-v6-response-bits-102, ecs-v6-response-bits-103, ecs-v6-response-bits-104, ecs-v6-response-bits-105, ecs-v6-response-bits-106, ecs-v6-response-bits-107, ecs-v6-response-bits-108, ecs-v6-response-bits-109, ecs-v6-response-bits-110, ecs-v6-response-bits-111, ecs-v6-response-bits-112, ecs-v6-response-bits-113, ecs-v6-response-bits-114, ecs-v6-response-bits-115, ecs-v6-response-bits-116, ecs-v6-response-bits-117, ecs-v6-response-bits-118, ecs-v6-response-bits-119, ecs-v6-response-bits-120, ecs-v6-response-bits-121, ecs-v6-response-bits-122, ecs-v6-response-bits-123, ecs-v6-response-bits-124, ecs-v6-response-bits-125, ecs-v6-response-bits-126, ecs-v6-response-bits-127, ecs-v6-response-bits-128, cumul-clientanswers, cumul-authanswers, policy-hits
-
-#################################
-# structured-logging Prefer structured logging
-#
-# structured-logging=yes
-
-#################################
-# tcp-fast-open Enable TCP Fast Open support on the listening sockets, using the supplied numerical value as the queue size
-#
-# tcp-fast-open=0
-
-#################################
-# tcp-fast-open-connect Enable TCP Fast Open support on outgoing sockets
-#
-# tcp-fast-open-connect=no
-
-#################################
-# tcp-out-max-idle-ms Time TCP/DoT connections are left idle in milliseconds or 0 if no limit
-#
-# tcp-out-max-idle-ms=10000
-
-#################################
-# tcp-out-max-idle-per-auth Maximum number of idle TCP/DoT connections to a specific IP per thread, 0 means do not keep idle connections open
-#
-# tcp-out-max-idle-per-auth=10
-
-#################################
-# tcp-out-max-idle-per-thread Maximum number of idle TCP/DoT connections per thread
-#
-# tcp-out-max-idle-per-thread=100
-
-#################################
-# tcp-out-max-queries Maximum total number of queries per TCP/DoT connection, 0 means no limit
-#
-# tcp-out-max-queries=0
-
-#################################
-# threads Launch this number of threads
-#
-# threads=2
-
-#################################
-# trace if we should output heaps of logging. set to 'fail' to only log failing domains
-#
-# trace=off
-
-#################################
-# udp-source-port-avoid List of comma separated UDP port number to avoid
-#
-# udp-source-port-avoid=11211
-
-#################################
-# udp-source-port-max Maximum UDP port to bind on
-#
-# udp-source-port-max=65535
-
-#################################
-# udp-source-port-min Minimum UDP port to bind on
-#
-# udp-source-port-min=1024
-
-#################################
-# udp-truncation-threshold Maximum UDP response size before we truncate
-#
-# udp-truncation-threshold=1232
-
-#################################
-# unique-response-db-size Size of the DB used to track unique responses in terms of number of cells. Defaults to 67108864
-#
-# unique-response-db-size=67108864
-
-#################################
-# unique-response-history-dir Persist unique response tracking data here to persist between restarts
-#
-# unique-response-history-dir=/var/lib/pdns-recursor/udr
-
-#################################
-# unique-response-log Log unique responses
-#
-# unique-response-log=yes
-
-#################################
-# unique-response-pb-tag If protobuf is configured, the tag to use for messages containing unique DNS responses. Defaults to 'pdns-udr'
-#
-# unique-response-pb-tag=pdns-udr
-
-#################################
-# unique-response-tracking Track unique responses (tuple of query name, type and RR).
-#
-# unique-response-tracking=no
-
-#################################
-# use-incoming-edns-subnet Pass along received EDNS Client Subnet information
-#
-# use-incoming-edns-subnet=no
-
-#################################
-# version-string string reported on version.pdns or version.bind
-#
-# version-string=PowerDNS Recursor 4.6.0
-
-#################################
-# webserver Start a webserver (for REST API)
-#
-# webserver=no
-
-#################################
-# webserver-address IP Address of webserver to listen on
-#
-# webserver-address=127.0.0.1
-
-#################################
-# webserver-allow-from Webserver access is only allowed from these subnets
-#
-# webserver-allow-from=127.0.0.1,::1
-
-#################################
-# webserver-hash-plaintext-credentials Whether to hash passwords and api keys supplied in plaintext, to prevent keeping the plaintext version in memory at runtime
-#
-# webserver-hash-plaintext-credentials=no
-
-#################################
-# webserver-loglevel Amount of logging in the webserver (none, normal, detailed)
-#
-# webserver-loglevel=normal
-
-#################################
-# webserver-password Password required for accessing the webserver
-#
-# webserver-password=
-
-#################################
-# webserver-port Port of webserver to listen on
-#
-# webserver-port=8082
-
-#################################
-# write-pid Write a PID file
-#
-# write-pid=yes
-
-#################################
-# x-dnssec-names Collect DNSSEC statistics for names or suffixes in this list in separate x-dnssec counters
-#
-# x-dnssec-names=
-
-#################################
-# xpf-allow-from XPF information is only processed from these subnets
-#
-# xpf-allow-from=
-
-#################################
-# xpf-rr-code XPF option code to use
-#
-# xpf-rr-code=0
+######### SECTION carbon #########
+carbon:
+##### If set overwrites the instance name default
+# instance: recursor
+##### Number of seconds between carbon (graphite) updates
+# interval: 30
+##### If set overwrites the first part of the carbon string
+# ns: pdns
+##### If set, overrides our reported hostname for carbon stats
+# ourname: ''
+##### If set, send metrics in carbon (graphite) format to this server IP address
+# server: []
+
+######### SECTION dnssec #########
+dnssec:
+##### Maximum estimated NSEC3 cost for a given query to consider aggressive use of the NSEC3 cache
+# aggressive_cache_max_nsec3_hash_cost: 150
+##### The minimum expected hit ratio to store NSEC3 records into the aggressive cache
+# aggressive_cache_min_nsec3_hit_ratio: 2000
+##### The number of records to cache in the aggressive cache. If set to a value greater than 0, and DNSSEC processing or validation is enabled, the recursor will cache NSEC and NSEC3 records to generate negative answers, as defined in rfc8198
+# aggressive_nsec_cache_size: 100000
+##### List of DNSSEC algorithm numbers that are considered unsupported
+# disabled_algorithms: []
+##### Log DNSSEC bogus validations
+# log_bogus: false
+##### Maximum number of DNSKEYs with the same algorithm and tag to consider when validating a given record
+# max_dnskeys: 2
+##### Maximum number of DS records to consider per zone
+# max_ds_per_zone: 8
+##### Maximum number of NSEC3 hashes that we are willing to compute during DNSSEC validation, per incoming query
+# max_nsec3_hash_computations_per_query: 600
+##### Maximum number of NSEC3s to consider when validating a given denial of existence
+# max_nsec3s_per_record: 10
+##### Maximum number of RRSIGs to consider when validating a given record
+# max_rrsigs_per_record: 2
+##### Maximum number of RRSIG signatures we are willing to validate per incoming query
+# max_signature_validations_per_query: 30
+#####
+# negative_trustanchors: []
+##### Maximum number of iterations allowed for an NSEC3 record
+# nsec3_max_iterations: 50
+##### Allow the signature inception to be off by this number of seconds
+# signature_inception_skew: 60
+##### A path to a zone file containing trust anchors
+# trustanchorfile: ''
+#####
+# trustanchorfile_interval: 24
+##### Sequence of trust anchors
+# trustanchors: []
+##### DNSSEC mode: off/process-no-validate/process (default)/log-fail/validate
+# validation: process
+##### Collect DNSSEC statistics for names or suffixes in this list in separate x-dnssec counters
+# x_dnssec_names: []
+
+######### SECTION ecs #########
+ecs:
+##### List of client netmasks for which EDNS Client Subnet will be added
+# add_for:
+# - 0.0.0.0/0
+# - ::/0
+# - '!127.0.0.0/8'
+# - '!10.0.0.0/8'
+# - '!100.64.0.0/10'
+# - '!169.254.0.0/16'
+# - '!192.168.0.0/16'
+# - '!172.16.0.0/12'
+# - '!::1/128'
+# - '!fc00::/7'
+# - '!fe80::/10'
+##### Minimum TTL to cache ECS response
+# cache_limit_ttl: 0
+##### Number of bits of IPv4 address to pass for EDNS Client Subnet
+# ipv4_bits: 24
+##### Maximum number of bits of IPv4 mask to cache ECS response
+# ipv4_cache_bits: 24
+##### If we should never cache IPv4 ECS responses
+# ipv4_never_cache: false
+##### Number of bits of IPv6 address to pass for EDNS Client Subnet
+# ipv6_bits: 56
+##### Maximum number of bits of IPv6 mask to cache ECS response
+# ipv6_cache_bits: 56
+##### If we should never cache IPv6 ECS responses
+# ipv6_never_cache: false
+##### The minimum TTL for records in ECS-specific answers
+# minimum_ttl_override: 1
+##### Address to send to allow-listed authoritative servers for incoming queries with ECS prefix-length source of 0
+# scope_zero_address: ''
+
+######### SECTION incoming #########
+incoming:
+##### If set, only allow these comma separated netmasks to recurse
+# allow_from:
+# - 127.0.0.0/8
+# - 10.0.0.0/8
+# - 100.64.0.0/10
+# - 169.254.0.0/16
+# - 192.168.0.0/16
+# - 172.16.0.0/12
+# - ::1/128
+# - fc00::/7
+# - fe80::/10
+##### If set, load allowed netmasks from this file
+# allow_from_file: ''
+##### Allow 'no recursion desired (RD=0)' queries.
+# allow_no_rd: false
+##### If set, NOTIFY requests for these zones will be allowed
+# allow_notify_for: []
+##### If set, load NOTIFY-allowed zones from this file
+# allow_notify_for_file: ''
+##### If set, NOTIFY requests from these comma separated netmasks will be allowed
+# allow_notify_from: []
+##### If set, load NOTIFY-allowed netmasks from this file
+# allow_notify_from_file: ''
+##### The load factor used when PowerDNS is distributing queries to worker threads
+# distribution_load_factor: 0.0
+##### Size in bytes of the internal buffer of the pipe used by the distributor to pass incoming queries to a worker thread
+# distribution_pipe_buffer_size: 0
+##### Launch this number of distributor threads, distributing queries to other threads
+# distributor_threads: 0
+##### List of netmasks (proxy IP in case of proxy-protocol presence, client IP otherwise) for which EDNS padding will be enabled in responses, provided that 'edns-padding-mode' applies
+# edns_padding_from: []
+##### Whether to add EDNS padding to all responses ('always') or only to responses for queries containing the EDNS padding option ('padded-queries-only', the default). In both modes, padding will only be added to responses for queries coming from 'setting-edns-padding-from' sources
+# edns_padding_mode: padded-queries-only
+##### Packetcache tag associated to responses sent with EDNS padding, to prevent sending these to clients for which padding is not enabled.
+# edns_padding_tag: 7830
+##### If EDNS Options should be extracted before calling the gettag() hook
+# gettag_needs_edns_options: false
+##### IP addresses to listen on, separated by spaces or commas. Also accepts ports.
+# listen:
+# - 127.0.0.1
+##### Maximum number of requests handled concurrently per TCP connection
+# max_concurrent_requests_per_tcp_connection: 10
+##### Maximum number of simultaneous TCP clients
+# max_tcp_clients: 128
+##### If set, maximum number of TCP sessions per client (IP address)
+# max_tcp_per_client: 0
+##### If set, maximum number of TCP queries in a TCP connection
+# max_tcp_queries_per_connection: 0
+##### Maximum number of UDP queries processed per recvmsg() round, before returning back to normal processing
+# max_udp_queries_per_round: 10000
+##### Enable binding to non-local addresses by using FREEBIND / BINDANY socket options
+# non_local_bind: false
+##### If PowerDNS itself should distribute queries over threads
+# pdns_distributes_queries: false
+##### port to listen on
+# port: 53
+##### A Proxy Protocol header should not be used for these listen addresses.
+# proxy_protocol_exceptions: []
+##### A Proxy Protocol header is required from these subnets
+# proxy_protocol_from: []
+##### The maximum size of a proxy protocol payload, including the TLV values
+# proxy_protocol_maximum_size: 512
+##### Sequence of ProxyMapping
+# proxymappings: []
+##### Enable SO_REUSEPORT allowing multiple recursors processes to listen to 1 address
+# reuseport: true
+##### Enable TCP Fast Open support on the listening sockets, using the supplied numerical value as the queue size
+# tcp_fast_open: 0
+##### Timeout in seconds when talking to TCP clients
+# tcp_timeout: 2
+##### Maximum UDP response size before we truncate
+# udp_truncation_threshold: 1232
+##### Pass along received EDNS Client Subnet information
+# use_incoming_edns_subnet: false
+
+######### SECTION logging #########
+logging:
+##### If we should log rather common errors
+# common_errors: false
+##### Disable logging to syslog, useful when running inside a supervisor that logs stderr
+# disable_syslog: false
+#####
+# dnstap_framestream_servers: []
+#####
+# dnstap_nod_framestream_servers: []
+##### Facility to log messages as. 0 corresponds to local0
+# facility: ''
+##### Amount of logging. Higher is more. Do not set below 3
+# loglevel: 6
+#####
+# outgoing_protobuf_servers: []
+#####
+# protobuf_servers: []
+##### Compute the latency of queries in protobuf messages by using the timestamp set by the kernel when the query was received (when available)
+# protobuf_use_kernel_timestamp: false
+##### Suppress logging of questions and answers
+# quiet: true
+##### Log additions and removals to RPZ zones at Info level
+# rpz_changes: false
+##### Number of seconds between printing of recursor statistics, 0 to disable
+# statistics_interval: 1800
+##### Prefer structured logging
+# structured_logging: true
+##### Structured logging backend
+# structured_logging_backend: default
+##### Print timestamps in log lines, useful to disable when running with a tool that timestamps stderr already
+# timestamp: true
+##### if we should output heaps of logging. set to 'fail' to only log failing domains
+# trace: no
+
+######### SECTION nod #########
+nod:
+##### Size of the DB used to track new domains in terms of number of cells. Defaults to 67108864
+# db_size: 67108864
+##### Interval (in seconds) to write the NOD and UDR DB snapshots
+# db_snapshot_interval: 600
+##### Persist new domain tracking data here to persist between restarts
+# history_dir: /var/lib/pdns-recursor/nod
+##### List of domains (and implicitly all subdomains) which will never be considered a new domain
+# ignore_list: []
+##### File with a list of domains (and implicitly all subdomains) which will never be considered a new domain
+# ignore_list_file: ''
+##### Log newly observed domains.
+# log: true
+##### Perform a DNS lookup newly observed domains as a subdomain of the configured domain
+# lookup: ''
+##### If protobuf is configured, the tag to use for messages containing newly observed domains. Defaults to 'pdns-nod'
+# pb_tag: pdns-nod
+##### Track newly observed domains (i.e. never seen before).
+# tracking: false
+##### Size of the DB used to track unique responses in terms of number of cells. Defaults to 67108864
+# unique_response_db_size: 67108864
+##### Persist unique response tracking data here to persist between restarts
+# unique_response_history_dir: /var/lib/pdns-recursor/udr
+##### List of domains (and implicitly all subdomains) which will never be considered for UDR
+# unique_response_ignore_list: []
+##### File with list of domains (and implicitly all subdomains) which will never be considered for UDR
+# unique_response_ignore_list_file: ''
+##### Log unique responses
+# unique_response_log: true
+##### If protobuf is configured, the tag to use for messages containing unique DNS responses. Defaults to 'pdns-udr'
+# unique_response_pb_tag: pdns-udr
+##### Track unique responses (tuple of query name, type and RR).
+# unique_response_tracking: false
+
+######### SECTION outgoing #########
+outgoing:
+##### Determines the probability of a server marked down to be used anyway
+# bypass_server_throttling_probability: 25
+##### If set, do not query these netmasks for DNS data
+# dont_query:
+# - 127.0.0.0/8
+# - 10.0.0.0/8
+# - 100.64.0.0/10
+# - 169.254.0.0/16
+# - 192.168.0.0/16
+# - 172.16.0.0/12
+# - ::1/128
+# - fc00::/7
+# - fe80::/10
+# - 0.0.0.0/8
+# - 192.0.0.0/24
+# - 192.0.2.0/24
+# - 198.51.100.0/24
+# - 203.0.113.0/24
+# - 240.0.0.0/4
+# - ::/96
+# - ::ffff:0:0/96
+# - 100::/64
+# - 2001:db8::/32
+##### Do not throttle nameservers with this name or suffix
+# dont_throttle_names: []
+##### Do not throttle nameservers with this IP netmask
+# dont_throttle_netmasks: []
+##### Use DoT to authoritative servers with these names or suffixes
+# dot_to_auth_names: []
+##### Force DoT connection to target port 853 if DoT compiled in
+# dot_to_port_853: true
+##### Outgoing EDNS buffer size
+# edns_bufsize: 1232
+##### Whether to add EDNS padding to outgoing DoT messages
+# edns_padding: true
+##### List of netmasks and domains that we should enable EDNS subnet for
+# edns_subnet_allow_list: []
+##### Force outgoing questions to lowercase
+# lowercase: false
+##### Maximum number of concurrent DoT probes
+# max_busy_dot_probes: 0
+##### Maximum outgoing NS address queries per query
+# max_ns_address_qperq: 10
+##### Maximum number of NS records to consider to resolve a name, 0 is no limit
+# max_ns_per_resolve: 13
+##### Maximum outgoing queries per query
+# max_qperq: 50
+##### Wait this number of milliseconds for network i/o
+# network_timeout: 1500
+##### Number of failed address resolves of a nameserver to start throttling it, 0 is disabled
+# non_resolving_ns_max_fails: 5
+##### Number of seconds to throttle a nameserver with a name failing to resolve
+# non_resolving_ns_throttle_time: 60
+##### Maximum number of consecutive timeouts (and unreachables) to mark a server as down ( 0 => disabled )
+# server_down_max_fails: 64
+##### Number of seconds to throttle all queries to a server after being marked as down
+# server_down_throttle_time: 60
+##### If set, only use a single socket for outgoing queries
+# single_socket: false
+##### Source IP address for sending queries
+# source_address:
+# - 0.0.0.0
+##### Enable TCP Fast Open support on outgoing sockets
+# tcp_fast_open_connect: false
+##### Time TCP/DoT connections are left idle in milliseconds or 0 if no limit
+# tcp_max_idle_ms: 10000
+##### Maximum number of idle TCP/DoT connections to a specific IP per thread, 0 means do not keep idle connections open
+# tcp_max_idle_per_auth: 10
+##### Maximum number of idle TCP/DoT connections per thread
+# tcp_max_idle_per_thread: 100
+##### Maximum total number of queries per TCP/DoT connection, 0 means no limit
+# tcp_max_queries: 0
+##### List of comma separated UDP port number to avoid
+# udp_source_port_avoid:
+# - '11211'
+##### Maximum UDP port to bind on
+# udp_source_port_max: 65535
+##### Minimum UDP port to bind on
+# udp_source_port_min: 1024
+
+######### SECTION packetcache #########
+packetcache:
+##### Disable packetcache
+# disable: false
+##### maximum number of entries to keep in the packetcache
+# max_entries: 500000
+##### maximum number of seconds to keep a cached NxDomain or NoData entry in packetcache
+# negative_ttl: 60
+##### maximum number of seconds to keep a cached servfail entry in packetcache
+# servfail_ttl: 60
+##### Number of shards in the packet cache
+# shards: 1024
+##### maximum number of seconds to keep a cached entry in packetcache
+# ttl: 86400
+
+######### SECTION recordcache #########
+recordcache:
+##### Replace records in record cache only after this % of original TTL has passed
+# locked_ttl_perc: 0
+##### maximum number of seconds to keep a Bogus (positive or negative) cached entry in memory
+# max_cache_bogus_ttl: 3600
+##### If set, maximum number of entries in the main cache
+# max_entries: 1000000
+##### maximum number of seconds to keep a negative cached entry in memory
+# max_negative_ttl: 3600
+##### maximum number of seconds to keep a cached entry in memory
+# max_ttl: 86400
+##### If a record is requested from the cache and only this % of original TTL remains, refetch
+# refresh_on_ttl_perc: 0
+##### Number of times a record's ttl is extended by 30s to be served stale
+# serve_stale_extensions: 0
+##### Number of shards in the record cache
+# shards: 1024
+##### Sequence of ZoneToCache entries
+# zonetocaches: []
+
+######### SECTION recursor #########
+recursor:
+##### Allow queries for trustanchor.server CH TXT and negativetrustanchor.server CH TXT
+# allow_trust_anchor_query: false
+#####
+# allowed_additional_qtypes: []
+##### Answer ANY queries with tc=1, shunting to TCP
+# any_to_tcp: false
+##### Zones for which we have authoritative data, comma separated domain=file pairs
+# auth_zones: []
+##### switch to chroot jail
+# chroot: ''
+##### Location of configuration directory (recursor.conf or recursor.yml)
+# config_dir: /etc/powerdns
+##### Name of this virtual configuration - will rename the binary image
+# config_name: ''
+##### Thread to CPU mapping, space separated thread-id=cpu1,cpu2..cpuN pairs
+# cpu_map: ''
+##### Operate as a daemon
+# daemon: false
+##### internal use only
+# devonly_regression_test_mode: false
+##### DNS64 prefix
+# dns64_prefix: ''
+##### Path to 'hosts' file
+# etc_hosts_file: /etc/hosts
+##### If set, event traces are collected and send out via protobuf logging (1), logfile (2) or both(3)
+# event_trace_enabled: 0
+##### If we should serve up contents from /etc/hosts
+# export_etc_hosts: false
+##### Also serve up the contents of /etc/hosts with this suffix
+# export_etc_hosts_search_suffix: ''
+##### If set, send an EDNS Extended Error extension on resolution failures, like DNSSEC validation errors
+# extended_resolution_errors: true
+##### Zones for which we forward queries, comma separated domain=ip pairs
+# forward_zones: []
+##### File with (+)domain=ip pairs for forwarding
+# forward_zones_file: ''
+##### Zones for which we forward queries with recursion bit, comma separated domain=ip pairs
+# forward_zones_recurse: []
+##### If set, load root hints from this file
+# hint_file: ''
+##### Configuration settings to ignore if they are unknown
+# ignore_unknown_settings: []
+##### Include *.conf files from this directory
+# include_dir: ''
+##### Number of latency values to calculate the qa-latency average
+# latency_statistic_size: 10000
+##### More powerful configuration options
+# lua_config_file: ''
+##### Filename containing an optional Lua script that will be used to modify dns answers
+# lua_dns_script: ''
+##### Number of seconds between calls to the lua user defined maintenance() function
+# lua_maintenance_interval: 1
+##### maximum number of queries that can be chained to an outgoing request, 0 is no limit
+# max_chain_length: 0
+##### Maximum number CNAME records followed
+# max_cnames_followed: 10
+##### Maximum number of $GENERATE steps when loading a zone from a file
+# max_generate_steps: 0
+##### Maximum nested $INCLUDE depth when loading a zone from a file
+# max_include_depth: 20
+##### Maximum number of simultaneous Mtasker threads
+# max_mthreads: 2048
+##### Maximum number of internal recursion calls per query, 0 for unlimited
+# max_recursion_depth: 16
+##### Maximum total wall-clock time per query in milliseconds, 0 for unlimited
+# max_total_msec: 7000
+##### The minimum TTL
+# minimum_ttl_override: 1
+##### When an NXDOMAIN exists in cache for a name with fewer labels than the qname, send NXDOMAIN without doing a lookup (see RFC 8020)
+# nothing_below_nxdomain: dnssec
+##### Path to the Public Suffix List file, if any
+# public_suffix_list_file: ''
+##### RFC9156 max minimize count
+# qname_max_minimize_count: 10
+##### Use Query Name Minimization
+# qname_minimization: true
+##### RFC9156 minimize one label parameter
+# qname_minimize_one_label: 4
+##### If set, believe that an NXDOMAIN from the root means the TLD does not exist
+# root_nx_trust: true
+##### Sequence of RPZ entries
+# rpzs: []
+##### Save parent NS set to be used if child NS set fails
+# save_parent_ns_set: true
+##### Domain name from which to query security update notifications
+# security_poll_suffix: secpoll.powerdns.com.
+##### If we should be authoritative for RFC 1918 private IP space
+# serve_rfc1918: true
+##### Returned when queried for 'id.server' TXT or NSID, defaults to hostname, set custom or 'disabled'
+# server_id: '*runtime determined*'
+##### If set, change group id to this gid for more security
+# setgid: ''
+##### If set, change user id to this uid for more security
+# setuid: ''
+##### Where the controlsocket will live, /var/run/pdns-recursor when unset and not chrooted
+# socket_dir: ''
+##### Group of socket
+# socket_group: ''
+##### Permissions for socket
+# socket_mode: ''
+##### Owner of socket
+# socket_owner: ''
+##### Sequence of sort lists
+# sortlists: []
+##### If non-zero, assume spoofing after this many near misses
+# spoof_nearmiss_max: 1
+##### Size of the stack cache, per mthread
+# stack_cache_size: 100
+##### stack size per mthread
+# stack_size: 200000
+##### List of statistics that are disabled when retrieving the complete list of statistics via the API
+# stats_api_disabled_list:
+# - cache-bytes
+# - packetcache-bytes
+# - special-memory-usage
+# - ecs-v4-response-bits-1
+# - ecs-v4-response-bits-2
+# - ecs-v4-response-bits-3
+# - ecs-v4-response-bits-4
+# - ecs-v4-response-bits-5
+# - ecs-v4-response-bits-6
+# - ecs-v4-response-bits-7
+# - ecs-v4-response-bits-8
+# - ecs-v4-response-bits-9
+# - ecs-v4-response-bits-10
+# - ecs-v4-response-bits-11
+# - ecs-v4-response-bits-12
+# - ecs-v4-response-bits-13
+# - ecs-v4-response-bits-14
+# - ecs-v4-response-bits-15
+# - ecs-v4-response-bits-16
+# - ecs-v4-response-bits-17
+# - ecs-v4-response-bits-18
+# - ecs-v4-response-bits-19
+# - ecs-v4-response-bits-20
+# - ecs-v4-response-bits-21
+# - ecs-v4-response-bits-22
+# - ecs-v4-response-bits-23
+# - ecs-v4-response-bits-24
+# - ecs-v4-response-bits-25
+# - ecs-v4-response-bits-26
+# - ecs-v4-response-bits-27
+# - ecs-v4-response-bits-28
+# - ecs-v4-response-bits-29
+# - ecs-v4-response-bits-30
+# - ecs-v4-response-bits-31
+# - ecs-v4-response-bits-32
+# - ecs-v6-response-bits-1
+# - ecs-v6-response-bits-2
+# - ecs-v6-response-bits-3
+# - ecs-v6-response-bits-4
+# - ecs-v6-response-bits-5
+# - ecs-v6-response-bits-6
+# - ecs-v6-response-bits-7
+# - ecs-v6-response-bits-8
+# - ecs-v6-response-bits-9
+# - ecs-v6-response-bits-10
+# - ecs-v6-response-bits-11
+# - ecs-v6-response-bits-12
+# - ecs-v6-response-bits-13
+# - ecs-v6-response-bits-14
+# - ecs-v6-response-bits-15
+# - ecs-v6-response-bits-16
+# - ecs-v6-response-bits-17
+# - ecs-v6-response-bits-18
+# - ecs-v6-response-bits-19
+# - ecs-v6-response-bits-20
+# - ecs-v6-response-bits-21
+# - ecs-v6-response-bits-22
+# - ecs-v6-response-bits-23
+# - ecs-v6-response-bits-24
+# - ecs-v6-response-bits-25
+# - ecs-v6-response-bits-26
+# - ecs-v6-response-bits-27
+# - ecs-v6-response-bits-28
+# - ecs-v6-response-bits-29
+# - ecs-v6-response-bits-30
+# - ecs-v6-response-bits-31
+# - ecs-v6-response-bits-32
+# - ecs-v6-response-bits-33
+# - ecs-v6-response-bits-34
+# - ecs-v6-response-bits-35
+# - ecs-v6-response-bits-36
+# - ecs-v6-response-bits-37
+# - ecs-v6-response-bits-38
+# - ecs-v6-response-bits-39
+# - ecs-v6-response-bits-40
+# - ecs-v6-response-bits-41
+# - ecs-v6-response-bits-42
+# - ecs-v6-response-bits-43
+# - ecs-v6-response-bits-44
+# - ecs-v6-response-bits-45
+# - ecs-v6-response-bits-46
+# - ecs-v6-response-bits-47
+# - ecs-v6-response-bits-48
+# - ecs-v6-response-bits-49
+# - ecs-v6-response-bits-50
+# - ecs-v6-response-bits-51
+# - ecs-v6-response-bits-52
+# - ecs-v6-response-bits-53
+# - ecs-v6-response-bits-54
+# - ecs-v6-response-bits-55
+# - ecs-v6-response-bits-56
+# - ecs-v6-response-bits-57
+# - ecs-v6-response-bits-58
+# - ecs-v6-response-bits-59
+# - ecs-v6-response-bits-60
+# - ecs-v6-response-bits-61
+# - ecs-v6-response-bits-62
+# - ecs-v6-response-bits-63
+# - ecs-v6-response-bits-64
+# - ecs-v6-response-bits-65
+# - ecs-v6-response-bits-66
+# - ecs-v6-response-bits-67
+# - ecs-v6-response-bits-68
+# - ecs-v6-response-bits-69
+# - ecs-v6-response-bits-70
+# - ecs-v6-response-bits-71
+# - ecs-v6-response-bits-72
+# - ecs-v6-response-bits-73
+# - ecs-v6-response-bits-74
+# - ecs-v6-response-bits-75
+# - ecs-v6-response-bits-76
+# - ecs-v6-response-bits-77
+# - ecs-v6-response-bits-78
+# - ecs-v6-response-bits-79
+# - ecs-v6-response-bits-80
+# - ecs-v6-response-bits-81
+# - ecs-v6-response-bits-82
+# - ecs-v6-response-bits-83
+# - ecs-v6-response-bits-84
+# - ecs-v6-response-bits-85
+# - ecs-v6-response-bits-86
+# - ecs-v6-response-bits-87
+# - ecs-v6-response-bits-88
+# - ecs-v6-response-bits-89
+# - ecs-v6-response-bits-90
+# - ecs-v6-response-bits-91
+# - ecs-v6-response-bits-92
+# - ecs-v6-response-bits-93
+# - ecs-v6-response-bits-94
+# - ecs-v6-response-bits-95
+# - ecs-v6-response-bits-96
+# - ecs-v6-response-bits-97
+# - ecs-v6-response-bits-98
+# - ecs-v6-response-bits-99
+# - ecs-v6-response-bits-100
+# - ecs-v6-response-bits-101
+# - ecs-v6-response-bits-102
+# - ecs-v6-response-bits-103
+# - ecs-v6-response-bits-104
+# - ecs-v6-response-bits-105
+# - ecs-v6-response-bits-106
+# - ecs-v6-response-bits-107
+# - ecs-v6-response-bits-108
+# - ecs-v6-response-bits-109
+# - ecs-v6-response-bits-110
+# - ecs-v6-response-bits-111
+# - ecs-v6-response-bits-112
+# - ecs-v6-response-bits-113
+# - ecs-v6-response-bits-114
+# - ecs-v6-response-bits-115
+# - ecs-v6-response-bits-116
+# - ecs-v6-response-bits-117
+# - ecs-v6-response-bits-118
+# - ecs-v6-response-bits-119
+# - ecs-v6-response-bits-120
+# - ecs-v6-response-bits-121
+# - ecs-v6-response-bits-122
+# - ecs-v6-response-bits-123
+# - ecs-v6-response-bits-124
+# - ecs-v6-response-bits-125
+# - ecs-v6-response-bits-126
+# - ecs-v6-response-bits-127
+# - ecs-v6-response-bits-128
+##### List of statistics that are prevented from being exported via Carbon
+# stats_carbon_disabled_list:
+# - cache-bytes
+# - packetcache-bytes
+# - special-memory-usage
+# - ecs-v4-response-bits-1
+# - ecs-v4-response-bits-2
+# - ecs-v4-response-bits-3
+# - ecs-v4-response-bits-4
+# - ecs-v4-response-bits-5
+# - ecs-v4-response-bits-6
+# - ecs-v4-response-bits-7
+# - ecs-v4-response-bits-8
+# - ecs-v4-response-bits-9
+# - ecs-v4-response-bits-10
+# - ecs-v4-response-bits-11
+# - ecs-v4-response-bits-12
+# - ecs-v4-response-bits-13
+# - ecs-v4-response-bits-14
+# - ecs-v4-response-bits-15
+# - ecs-v4-response-bits-16
+# - ecs-v4-response-bits-17
+# - ecs-v4-response-bits-18
+# - ecs-v4-response-bits-19
+# - ecs-v4-response-bits-20
+# - ecs-v4-response-bits-21
+# - ecs-v4-response-bits-22
+# - ecs-v4-response-bits-23
+# - ecs-v4-response-bits-24
+# - ecs-v4-response-bits-25
+# - ecs-v4-response-bits-26
+# - ecs-v4-response-bits-27
+# - ecs-v4-response-bits-28
+# - ecs-v4-response-bits-29
+# - ecs-v4-response-bits-30
+# - ecs-v4-response-bits-31
+# - ecs-v4-response-bits-32
+# - ecs-v6-response-bits-1
+# - ecs-v6-response-bits-2
+# - ecs-v6-response-bits-3
+# - ecs-v6-response-bits-4
+# - ecs-v6-response-bits-5
+# - ecs-v6-response-bits-6
+# - ecs-v6-response-bits-7
+# - ecs-v6-response-bits-8
+# - ecs-v6-response-bits-9
+# - ecs-v6-response-bits-10
+# - ecs-v6-response-bits-11
+# - ecs-v6-response-bits-12
+# - ecs-v6-response-bits-13
+# - ecs-v6-response-bits-14
+# - ecs-v6-response-bits-15
+# - ecs-v6-response-bits-16
+# - ecs-v6-response-bits-17
+# - ecs-v6-response-bits-18
+# - ecs-v6-response-bits-19
+# - ecs-v6-response-bits-20
+# - ecs-v6-response-bits-21
+# - ecs-v6-response-bits-22
+# - ecs-v6-response-bits-23
+# - ecs-v6-response-bits-24
+# - ecs-v6-response-bits-25
+# - ecs-v6-response-bits-26
+# - ecs-v6-response-bits-27
+# - ecs-v6-response-bits-28
+# - ecs-v6-response-bits-29
+# - ecs-v6-response-bits-30
+# - ecs-v6-response-bits-31
+# - ecs-v6-response-bits-32
+# - ecs-v6-response-bits-33
+# - ecs-v6-response-bits-34
+# - ecs-v6-response-bits-35
+# - ecs-v6-response-bits-36
+# - ecs-v6-response-bits-37
+# - ecs-v6-response-bits-38
+# - ecs-v6-response-bits-39
+# - ecs-v6-response-bits-40
+# - ecs-v6-response-bits-41
+# - ecs-v6-response-bits-42
+# - ecs-v6-response-bits-43
+# - ecs-v6-response-bits-44
+# - ecs-v6-response-bits-45
+# - ecs-v6-response-bits-46
+# - ecs-v6-response-bits-47
+# - ecs-v6-response-bits-48
+# - ecs-v6-response-bits-49
+# - ecs-v6-response-bits-50
+# - ecs-v6-response-bits-51
+# - ecs-v6-response-bits-52
+# - ecs-v6-response-bits-53
+# - ecs-v6-response-bits-54
+# - ecs-v6-response-bits-55
+# - ecs-v6-response-bits-56
+# - ecs-v6-response-bits-57
+# - ecs-v6-response-bits-58
+# - ecs-v6-response-bits-59
+# - ecs-v6-response-bits-60
+# - ecs-v6-response-bits-61
+# - ecs-v6-response-bits-62
+# - ecs-v6-response-bits-63
+# - ecs-v6-response-bits-64
+# - ecs-v6-response-bits-65
+# - ecs-v6-response-bits-66
+# - ecs-v6-response-bits-67
+# - ecs-v6-response-bits-68
+# - ecs-v6-response-bits-69
+# - ecs-v6-response-bits-70
+# - ecs-v6-response-bits-71
+# - ecs-v6-response-bits-72
+# - ecs-v6-response-bits-73
+# - ecs-v6-response-bits-74
+# - ecs-v6-response-bits-75
+# - ecs-v6-response-bits-76
+# - ecs-v6-response-bits-77
+# - ecs-v6-response-bits-78
+# - ecs-v6-response-bits-79
+# - ecs-v6-response-bits-80
+# - ecs-v6-response-bits-81
+# - ecs-v6-response-bits-82
+# - ecs-v6-response-bits-83
+# - ecs-v6-response-bits-84
+# - ecs-v6-response-bits-85
+# - ecs-v6-response-bits-86
+# - ecs-v6-response-bits-87
+# - ecs-v6-response-bits-88
+# - ecs-v6-response-bits-89
+# - ecs-v6-response-bits-90
+# - ecs-v6-response-bits-91
+# - ecs-v6-response-bits-92
+# - ecs-v6-response-bits-93
+# - ecs-v6-response-bits-94
+# - ecs-v6-response-bits-95
+# - ecs-v6-response-bits-96
+# - ecs-v6-response-bits-97
+# - ecs-v6-response-bits-98
+# - ecs-v6-response-bits-99
+# - ecs-v6-response-bits-100
+# - ecs-v6-response-bits-101
+# - ecs-v6-response-bits-102
+# - ecs-v6-response-bits-103
+# - ecs-v6-response-bits-104
+# - ecs-v6-response-bits-105
+# - ecs-v6-response-bits-106
+# - ecs-v6-response-bits-107
+# - ecs-v6-response-bits-108
+# - ecs-v6-response-bits-109
+# - ecs-v6-response-bits-110
+# - ecs-v6-response-bits-111
+# - ecs-v6-response-bits-112
+# - ecs-v6-response-bits-113
+# - ecs-v6-response-bits-114
+# - ecs-v6-response-bits-115
+# - ecs-v6-response-bits-116
+# - ecs-v6-response-bits-117
+# - ecs-v6-response-bits-118
+# - ecs-v6-response-bits-119
+# - ecs-v6-response-bits-120
+# - ecs-v6-response-bits-121
+# - ecs-v6-response-bits-122
+# - ecs-v6-response-bits-123
+# - ecs-v6-response-bits-124
+# - ecs-v6-response-bits-125
+# - ecs-v6-response-bits-126
+# - ecs-v6-response-bits-127
+# - ecs-v6-response-bits-128
+# - cumul-clientanswers
+# - cumul-authanswers
+# - policy-hits
+# - proxy-mapping-total
+# - remote-logger-count
+##### List of statistics that are prevented from being exported via rec_control get-all
+# stats_rec_control_disabled_list:
+# - cache-bytes
+# - packetcache-bytes
+# - special-memory-usage
+# - ecs-v4-response-bits-1
+# - ecs-v4-response-bits-2
+# - ecs-v4-response-bits-3
+# - ecs-v4-response-bits-4
+# - ecs-v4-response-bits-5
+# - ecs-v4-response-bits-6
+# - ecs-v4-response-bits-7
+# - ecs-v4-response-bits-8
+# - ecs-v4-response-bits-9
+# - ecs-v4-response-bits-10
+# - ecs-v4-response-bits-11
+# - ecs-v4-response-bits-12
+# - ecs-v4-response-bits-13
+# - ecs-v4-response-bits-14
+# - ecs-v4-response-bits-15
+# - ecs-v4-response-bits-16
+# - ecs-v4-response-bits-17
+# - ecs-v4-response-bits-18
+# - ecs-v4-response-bits-19
+# - ecs-v4-response-bits-20
+# - ecs-v4-response-bits-21
+# - ecs-v4-response-bits-22
+# - ecs-v4-response-bits-23
+# - ecs-v4-response-bits-24
+# - ecs-v4-response-bits-25
+# - ecs-v4-response-bits-26
+# - ecs-v4-response-bits-27
+# - ecs-v4-response-bits-28
+# - ecs-v4-response-bits-29
+# - ecs-v4-response-bits-30
+# - ecs-v4-response-bits-31
+# - ecs-v4-response-bits-32
+# - ecs-v6-response-bits-1
+# - ecs-v6-response-bits-2
+# - ecs-v6-response-bits-3
+# - ecs-v6-response-bits-4
+# - ecs-v6-response-bits-5
+# - ecs-v6-response-bits-6
+# - ecs-v6-response-bits-7
+# - ecs-v6-response-bits-8
+# - ecs-v6-response-bits-9
+# - ecs-v6-response-bits-10
+# - ecs-v6-response-bits-11
+# - ecs-v6-response-bits-12
+# - ecs-v6-response-bits-13
+# - ecs-v6-response-bits-14
+# - ecs-v6-response-bits-15
+# - ecs-v6-response-bits-16
+# - ecs-v6-response-bits-17
+# - ecs-v6-response-bits-18
+# - ecs-v6-response-bits-19
+# - ecs-v6-response-bits-20
+# - ecs-v6-response-bits-21
+# - ecs-v6-response-bits-22
+# - ecs-v6-response-bits-23
+# - ecs-v6-response-bits-24
+# - ecs-v6-response-bits-25
+# - ecs-v6-response-bits-26
+# - ecs-v6-response-bits-27
+# - ecs-v6-response-bits-28
+# - ecs-v6-response-bits-29
+# - ecs-v6-response-bits-30
+# - ecs-v6-response-bits-31
+# - ecs-v6-response-bits-32
+# - ecs-v6-response-bits-33
+# - ecs-v6-response-bits-34
+# - ecs-v6-response-bits-35
+# - ecs-v6-response-bits-36
+# - ecs-v6-response-bits-37
+# - ecs-v6-response-bits-38
+# - ecs-v6-response-bits-39
+# - ecs-v6-response-bits-40
+# - ecs-v6-response-bits-41
+# - ecs-v6-response-bits-42
+# - ecs-v6-response-bits-43
+# - ecs-v6-response-bits-44
+# - ecs-v6-response-bits-45
+# - ecs-v6-response-bits-46
+# - ecs-v6-response-bits-47
+# - ecs-v6-response-bits-48
+# - ecs-v6-response-bits-49
+# - ecs-v6-response-bits-50
+# - ecs-v6-response-bits-51
+# - ecs-v6-response-bits-52
+# - ecs-v6-response-bits-53
+# - ecs-v6-response-bits-54
+# - ecs-v6-response-bits-55
+# - ecs-v6-response-bits-56
+# - ecs-v6-response-bits-57
+# - ecs-v6-response-bits-58
+# - ecs-v6-response-bits-59
+# - ecs-v6-response-bits-60
+# - ecs-v6-response-bits-61
+# - ecs-v6-response-bits-62
+# - ecs-v6-response-bits-63
+# - ecs-v6-response-bits-64
+# - ecs-v6-response-bits-65
+# - ecs-v6-response-bits-66
+# - ecs-v6-response-bits-67
+# - ecs-v6-response-bits-68
+# - ecs-v6-response-bits-69
+# - ecs-v6-response-bits-70
+# - ecs-v6-response-bits-71
+# - ecs-v6-response-bits-72
+# - ecs-v6-response-bits-73
+# - ecs-v6-response-bits-74
+# - ecs-v6-response-bits-75
+# - ecs-v6-response-bits-76
+# - ecs-v6-response-bits-77
+# - ecs-v6-response-bits-78
+# - ecs-v6-response-bits-79
+# - ecs-v6-response-bits-80
+# - ecs-v6-response-bits-81
+# - ecs-v6-response-bits-82
+# - ecs-v6-response-bits-83
+# - ecs-v6-response-bits-84
+# - ecs-v6-response-bits-85
+# - ecs-v6-response-bits-86
+# - ecs-v6-response-bits-87
+# - ecs-v6-response-bits-88
+# - ecs-v6-response-bits-89
+# - ecs-v6-response-bits-90
+# - ecs-v6-response-bits-91
+# - ecs-v6-response-bits-92
+# - ecs-v6-response-bits-93
+# - ecs-v6-response-bits-94
+# - ecs-v6-response-bits-95
+# - ecs-v6-response-bits-96
+# - ecs-v6-response-bits-97
+# - ecs-v6-response-bits-98
+# - ecs-v6-response-bits-99
+# - ecs-v6-response-bits-100
+# - ecs-v6-response-bits-101
+# - ecs-v6-response-bits-102
+# - ecs-v6-response-bits-103
+# - ecs-v6-response-bits-104
+# - ecs-v6-response-bits-105
+# - ecs-v6-response-bits-106
+# - ecs-v6-response-bits-107
+# - ecs-v6-response-bits-108
+# - ecs-v6-response-bits-109
+# - ecs-v6-response-bits-110
+# - ecs-v6-response-bits-111
+# - ecs-v6-response-bits-112
+# - ecs-v6-response-bits-113
+# - ecs-v6-response-bits-114
+# - ecs-v6-response-bits-115
+# - ecs-v6-response-bits-116
+# - ecs-v6-response-bits-117
+# - ecs-v6-response-bits-118
+# - ecs-v6-response-bits-119
+# - ecs-v6-response-bits-120
+# - ecs-v6-response-bits-121
+# - ecs-v6-response-bits-122
+# - ecs-v6-response-bits-123
+# - ecs-v6-response-bits-124
+# - ecs-v6-response-bits-125
+# - ecs-v6-response-bits-126
+# - ecs-v6-response-bits-127
+# - ecs-v6-response-bits-128
+# - cumul-clientanswers
+# - cumul-authanswers
+# - policy-hits
+# - proxy-mapping-total
+# - remote-logger-count
+##### maximum number of packets to store statistics for
+# stats_ringbuffer_entries: 10000
+##### List of statistics that are prevented from being exported via SNMP
+# stats_snmp_disabled_list:
+# - cache-bytes
+# - packetcache-bytes
+# - special-memory-usage
+# - ecs-v4-response-bits-1
+# - ecs-v4-response-bits-2
+# - ecs-v4-response-bits-3
+# - ecs-v4-response-bits-4
+# - ecs-v4-response-bits-5
+# - ecs-v4-response-bits-6
+# - ecs-v4-response-bits-7
+# - ecs-v4-response-bits-8
+# - ecs-v4-response-bits-9
+# - ecs-v4-response-bits-10
+# - ecs-v4-response-bits-11
+# - ecs-v4-response-bits-12
+# - ecs-v4-response-bits-13
+# - ecs-v4-response-bits-14
+# - ecs-v4-response-bits-15
+# - ecs-v4-response-bits-16
+# - ecs-v4-response-bits-17
+# - ecs-v4-response-bits-18
+# - ecs-v4-response-bits-19
+# - ecs-v4-response-bits-20
+# - ecs-v4-response-bits-21
+# - ecs-v4-response-bits-22
+# - ecs-v4-response-bits-23
+# - ecs-v4-response-bits-24
+# - ecs-v4-response-bits-25
+# - ecs-v4-response-bits-26
+# - ecs-v4-response-bits-27
+# - ecs-v4-response-bits-28
+# - ecs-v4-response-bits-29
+# - ecs-v4-response-bits-30
+# - ecs-v4-response-bits-31
+# - ecs-v4-response-bits-32
+# - ecs-v6-response-bits-1
+# - ecs-v6-response-bits-2
+# - ecs-v6-response-bits-3
+# - ecs-v6-response-bits-4
+# - ecs-v6-response-bits-5
+# - ecs-v6-response-bits-6
+# - ecs-v6-response-bits-7
+# - ecs-v6-response-bits-8
+# - ecs-v6-response-bits-9
+# - ecs-v6-response-bits-10
+# - ecs-v6-response-bits-11
+# - ecs-v6-response-bits-12
+# - ecs-v6-response-bits-13
+# - ecs-v6-response-bits-14
+# - ecs-v6-response-bits-15
+# - ecs-v6-response-bits-16
+# - ecs-v6-response-bits-17
+# - ecs-v6-response-bits-18
+# - ecs-v6-response-bits-19
+# - ecs-v6-response-bits-20
+# - ecs-v6-response-bits-21
+# - ecs-v6-response-bits-22
+# - ecs-v6-response-bits-23
+# - ecs-v6-response-bits-24
+# - ecs-v6-response-bits-25
+# - ecs-v6-response-bits-26
+# - ecs-v6-response-bits-27
+# - ecs-v6-response-bits-28
+# - ecs-v6-response-bits-29
+# - ecs-v6-response-bits-30
+# - ecs-v6-response-bits-31
+# - ecs-v6-response-bits-32
+# - ecs-v6-response-bits-33
+# - ecs-v6-response-bits-34
+# - ecs-v6-response-bits-35
+# - ecs-v6-response-bits-36
+# - ecs-v6-response-bits-37
+# - ecs-v6-response-bits-38
+# - ecs-v6-response-bits-39
+# - ecs-v6-response-bits-40
+# - ecs-v6-response-bits-41
+# - ecs-v6-response-bits-42
+# - ecs-v6-response-bits-43
+# - ecs-v6-response-bits-44
+# - ecs-v6-response-bits-45
+# - ecs-v6-response-bits-46
+# - ecs-v6-response-bits-47
+# - ecs-v6-response-bits-48
+# - ecs-v6-response-bits-49
+# - ecs-v6-response-bits-50
+# - ecs-v6-response-bits-51
+# - ecs-v6-response-bits-52
+# - ecs-v6-response-bits-53
+# - ecs-v6-response-bits-54
+# - ecs-v6-response-bits-55
+# - ecs-v6-response-bits-56
+# - ecs-v6-response-bits-57
+# - ecs-v6-response-bits-58
+# - ecs-v6-response-bits-59
+# - ecs-v6-response-bits-60
+# - ecs-v6-response-bits-61
+# - ecs-v6-response-bits-62
+# - ecs-v6-response-bits-63
+# - ecs-v6-response-bits-64
+# - ecs-v6-response-bits-65
+# - ecs-v6-response-bits-66
+# - ecs-v6-response-bits-67
+# - ecs-v6-response-bits-68
+# - ecs-v6-response-bits-69
+# - ecs-v6-response-bits-70
+# - ecs-v6-response-bits-71
+# - ecs-v6-response-bits-72
+# - ecs-v6-response-bits-73
+# - ecs-v6-response-bits-74
+# - ecs-v6-response-bits-75
+# - ecs-v6-response-bits-76
+# - ecs-v6-response-bits-77
+# - ecs-v6-response-bits-78
+# - ecs-v6-response-bits-79
+# - ecs-v6-response-bits-80
+# - ecs-v6-response-bits-81
+# - ecs-v6-response-bits-82
+# - ecs-v6-response-bits-83
+# - ecs-v6-response-bits-84
+# - ecs-v6-response-bits-85
+# - ecs-v6-response-bits-86
+# - ecs-v6-response-bits-87
+# - ecs-v6-response-bits-88
+# - ecs-v6-response-bits-89
+# - ecs-v6-response-bits-90
+# - ecs-v6-response-bits-91
+# - ecs-v6-response-bits-92
+# - ecs-v6-response-bits-93
+# - ecs-v6-response-bits-94
+# - ecs-v6-response-bits-95
+# - ecs-v6-response-bits-96
+# - ecs-v6-response-bits-97
+# - ecs-v6-response-bits-98
+# - ecs-v6-response-bits-99
+# - ecs-v6-response-bits-100
+# - ecs-v6-response-bits-101
+# - ecs-v6-response-bits-102
+# - ecs-v6-response-bits-103
+# - ecs-v6-response-bits-104
+# - ecs-v6-response-bits-105
+# - ecs-v6-response-bits-106
+# - ecs-v6-response-bits-107
+# - ecs-v6-response-bits-108
+# - ecs-v6-response-bits-109
+# - ecs-v6-response-bits-110
+# - ecs-v6-response-bits-111
+# - ecs-v6-response-bits-112
+# - ecs-v6-response-bits-113
+# - ecs-v6-response-bits-114
+# - ecs-v6-response-bits-115
+# - ecs-v6-response-bits-116
+# - ecs-v6-response-bits-117
+# - ecs-v6-response-bits-118
+# - ecs-v6-response-bits-119
+# - ecs-v6-response-bits-120
+# - ecs-v6-response-bits-121
+# - ecs-v6-response-bits-122
+# - ecs-v6-response-bits-123
+# - ecs-v6-response-bits-124
+# - ecs-v6-response-bits-125
+# - ecs-v6-response-bits-126
+# - ecs-v6-response-bits-127
+# - ecs-v6-response-bits-128
+# - cumul-clientanswers
+# - cumul-authanswers
+# - policy-hits
+# - proxy-mapping-total
+# - remote-logger-count
+##### Set interval (in seconds) of the re-resolve checks of system resolver subsystem.
+# system_resolver_interval: 0
+##### Check for potential self-resolve, default enabled.
+# system_resolver_self_resolve_check: true
+##### Set TTL of system resolver feature, 0 (default) is disabled
+# system_resolver_ttl: 0
+##### Launch this number of threads listening for and processing TCP queries
+# tcp_threads: 1
+##### Launch this number of threads
+# threads: 2
+##### string reported on version.pdns or version.bind
+# version_string: '*runtime determined*'
+##### Write a PID file
+# write_pid: true
+
+######### SECTION snmp #########
+snmp:
+##### If set, register as an SNMP agent
+# agent: false
+##### If set and snmp-agent is set, the socket to use to register to the SNMP daemon
+# daemon_socket: ''
+
+######### SECTION webservice #########
+webservice:
+##### IP Address of webserver to listen on
+# address: 127.0.0.1
+##### Webserver access is only allowed from these subnets
+# allow_from:
+# - 127.0.0.1
+# - ::1
+##### Directory where REST API stores config and zones
+# api_dir: ''
+##### Static pre-shared authentication key for access to the REST API
+# api_key: ''
+##### Whether to hash passwords and api keys supplied in plaintext, to prevent keeping the plaintext version in memory at runtime
+# hash_plaintext_credentials: false
+##### Amount of logging in the webserver (none, normal, detailed)
+# loglevel: normal
+##### Password required for accessing the webserver
+# password: ''
+##### Port of webserver to listen on
+# port: 8082
+##### Start a webserver (for REST API)
+# webserver: false
+++ /dev/null
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -527,15 +527,6 @@ $(srcdir)/effective_tld_names.dat:
- pubsuffix.cc: $(srcdir)/effective_tld_names.dat
- $(AM_V_GEN)./mkpubsuffixcc
-
--## Config file
--sysconf_DATA = recursor.conf-dist recursor.yml-dist
--
--recursor.conf-dist: pdns_recursor
-- $(AM_V_GEN)./pdns_recursor --config=default > $@
--
--recursor.yml-dist: pdns_recursor
-- dir=$$(mktemp -d) && touch "$$dir/recursor.yml" && ./pdns_recursor --config-dir="$$dir" --config=default 2> /dev/null > $@ && rm "$$dir/recursor.yml" && rmdir "$$dir"
--
- ## Manpages
- MANPAGES=pdns_recursor.1 \
- rec_control.1
--- /dev/null
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -551,12 +551,6 @@ $(srcdir)/effective_tld_names.dat:
+ pubsuffix.cc: $(srcdir)/effective_tld_names.dat
+ $(srcdir)/mkpubsuffixcc $< $@
+
+-## Config file
+-sysconf_DATA = recursor.yml-dist
+-
+-recursor.yml-dist: pdns_recursor
+- dir=$$(mktemp -d) && touch "$$dir/recursor.yml" && ./pdns_recursor --config-dir="$$dir" --config=default 2> /dev/null > $@ && rm "$$dir/recursor.yml" && rmdir "$$dir"
+-
+ ## Manpages
+ MANPAGES=pdns_recursor.1 \
+ rec_control.1
include $(TOPDIR)/rules.mk
PKG_NAME:=pdns
-PKG_VERSION:=4.9.0
-PKG_RELEASE:=2
+PKG_VERSION:=4.9.1
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://downloads.powerdns.com/releases/
-PKG_HASH:=fe1d5433c88446ed70d931605c6ec377da99839c4e151b90b71aa211bd6eea92
+PKG_HASH:=30d9671b8f084774dbcba20f5a53a3134d0822ab2edc3ef968da030e630dd09a
PKG_MAINTAINER:=Peter van Dijk <peter.van.dijk@powerdns.com>, Remi Gacogne <remi.gacogne@powerdns.com>
PKG_LICENSE:=GPL-2.0-only
# disable-axfr-rectify=no
#################################
-# disable-syslog Disable logging to syslog, useful when running inside a supervisor that logs stdout
+# disable-syslog Disable logging to syslog, useful when running inside a supervisor that logs stderr
#
# disable-syslog=no
#
# dnsupdate=no
+#################################
+# dnsupdate-require-tsig Require TSIG secured DNS updates. Default is no.
+#
+# dnsupdate-require-tsig=no
+
#################################
# domain-metadata-cache-ttl Seconds to cache zone metadata from the database
#
#
# lua-records-exec-limit=1000
+#################################
+# lua-records-insert-whitespace Insert whitespace when combining LUA chunks
+#
+# lua-records-insert-whitespace=no
+
#################################
# max-cache-entries Maximum number of entries in the query cache
#
+++ /dev/null
-commit c6b1e59f3b413493551910a7d0a3e9206d488599
-Author: Chris Hofstaedtler <chris.hofstaedtler@deduktiva.com>
-Date: Sat Apr 6 23:51:35 2024 +0200
-
- auth dnsproxy: fix build on s390x
-
---- a/pdns/dnsproxy.cc
-+++ b/pdns/dnsproxy.cc
-@@ -240,10 +240,11 @@ void DNSProxy::mainloop()
- memcpy(&dHead, &buffer[0], sizeof(dHead));
- {
- auto conntrack = d_conntrack.lock();
--#if BYTE_ORDER == BIG_ENDIAN
-- // this is needed because spoof ID down below does not respect the native byteorder
-- d.id = (256 * (uint16_t)buffer[1]) + (uint16_t)buffer[0];
--#endif
-+ if (BYTE_ORDER == BIG_ENDIAN) {
-+ // this is needed because spoof ID down below does not respect the native byteorder
-+ dHead.id = (256 * (uint16_t)buffer[1]) + (uint16_t)buffer[0];
-+ }
-+
- auto iter = conntrack->find(dHead.id ^ d_xor);
- if (iter == conntrack->end()) {
- g_log << Logger::Error << "Discarding untracked packet from recursor backend with id " << (dHead.id ^ d_xor) << ". Conntrack table size=" << conntrack->size() << endl;
include $(TOPDIR)/rules.mk
PKG_NAME:=pingcheck
-PKG_VERSION:=2022-03-01
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/br101/pingcheck
-PKG_SOURCE_VERSION:=13b63da97696806ec68638e006ae4fe421f579ae
-PKG_MIRROR_HASH:=550eea1d2d53132c5021bd495ad2c35bcb20190ae4ae468e23bdecdc27534a74
+PKG_SOURCE_DATE:=2023-09-25
+PKG_SOURCE_VERSION:=000a799fe88ce232cc537305f9c25d646f9a10c5
+PKG_MIRROR_HASH:=5b3e8b22282aec459a8108d9db76af910cdb456e7d454f0504f511051dbd56b0
PKG_MAINTAINER:=Bruno Randolf <br1@einfach.org>
PKG_LICENSE:=GPL-2.0-or-later
+++ /dev/null
-#
-# Copyright (C) 2007-2011 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=polipo
-PKG_VERSION:=1.1.1
-PKG_RELEASE:=2
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://www.pps.jussieu.fr/~jch/software/files/$(PKG_NAME)/
-PKG_HASH:=a259750793ab79c491d05fcee5a917faf7d9030fb5d15e05b3704e9c9e4ee015
-
-PKG_CPE_ID:=cpe:/a:pps.jussieu:polipo
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/polipo
- SUBMENU:=Web Servers/Proxies
- SECTION:=net
- CATEGORY:=Network
- TITLE:=A caching web proxy
- URL:=http://www.pps.univ-paris-diderot.fr/~jch/software/polipo/
- MAINTAINER:=Gabriel Kerneis <gabriel@kerneis.info>
-endef
-
-define Package/polipo/description
- Polipo is a small and fast caching web proxy (a web cache, an HTTP proxy,
- a proxy server). While Polipo was designed to be used by one person or a
- small group of people, there is nothing that prevents it from being used
- by a larger group.
-endef
-
-TARGET_CFLAGS += -DHAVE_IPv6
-
-define Build/Compile
- $(MAKE) -C $(PKG_BUILD_DIR) \
- CC="$(TARGET_CC)" \
- CFLAGS="$(TARGET_CFLAGS)" \
- polipo
-endef
-
-define Package/polipo/conffiles
-/etc/config/polipo
-/etc/polipo/config
-endef
-
-define Package/polipo/install
- $(INSTALL_DIR) $(1)/usr/sbin
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/polipo $(1)/usr/sbin/
- $(INSTALL_DIR) $(1)/etc/polipo
- $(INSTALL_CONF) $(PKG_BUILD_DIR)/config.sample $(1)/etc/polipo/config
- $(INSTALL_DIR) $(1)/etc/config
- $(INSTALL_DATA) ./files/polipo.config $(1)/etc/config/polipo
- $(INSTALL_DIR) $(1)/etc/init.d
- $(INSTALL_BIN) ./files/polipo.init $(1)/etc/init.d/polipo
-endef
-
-$(eval $(call BuildPackage,polipo))
+++ /dev/null
-# polipo daemon configuration
-config 'polipo' 'daemon'
- # daemonise polipo (fork in background)
- option 'daemonise' '1'
- # where polipo will store its process pid
- option 'pidFile' '/var/run/polipo.pid'
-
-config 'polipo' 'general'
- option 'enabled' '1'
- # address on which polipo will listen, 0.0.0.0 means all addresses
- option 'proxyAddress' '0.0.0.0'
- # port on which polipo will listen, default is 8123
- #option 'proxyPort' '8123'
- # list of allowed clients to connect
- list 'allowedClients' '192.168.1.0/24'
- #list 'allowedClients' '127.0.0.1'
- #list 'allowedClients' '192.168.2.1'
- # how much RAM memory should Polipo use (in bytes).
- option 'chunkHighMark' '1048576'
- # enable disk cache index and serverlist of integrated polipo web interface
- #option 'disableIndexing' '0'
- #option 'disableServersList' '0'
- # disable loging to syslog
- option 'logSyslog' '0'
- # set log file location (disabled when not set)
- #option 'logFile' '/mnt/usbdrive/polipo/log'
-
-config 'polipo' 'cache'
- # disk cache location, you should always use external storage device
- # (disabled when not set)
- #option 'diskCacheRoot' '/mnt/usbdrive-p2/polipo/cache'
- # disk cache cleanup settings
- #option 'diskCacheUnlinkTime' '20d'
- #option 'diskCacheTruncateTime' '5d'
- #option 'diskCacheTruncateSize' '3145728'
- # set to 1 if proxy is used by multiple users
- #option 'cacheIsShared' '1'
-
-config 'polipo' 'pmm'
- # poor man's multiplexing semgnet size to fetch
- #option 'pmmSize' '8192'
-
+++ /dev/null
-#!/bin/sh /etc/rc.common
-# Copyright (C) 2008-2011 OpenWrt.org
-
-START=99
-
-CFGFILE=/var/etc/polipo.conf
-
-start() {
- config_load 'polipo'
-
- config_get_bool enabled "general" 'enabled' '0'
- [ $enabled -gt 0 ] || return 1
-
- mkdir -m 0755 -p /var/etc/
- echo '### AUTOGENERATED CONFIGURATION' > $CFGFILE
- echo '### DO NOT EDIT' >> $CFGFILE
- echo '### SEE /etc/config/polipo INSTEAD' >> $CFGFILE
- echo '' >> $CFGFILE
-
- config_foreach polipo_config 'polipo'
-
- # handle values that are disabled when not defined or empty
- echo "### VALUES THAT ARE DISABLED WHEN EMPTY" >> $CFGFILE
- polipo_atom "cache" "diskCacheRoot" '"' "1" >> $CFGFILE
- polipo_atom "general" "logFile" '"' "1" >> $CFGFILE
- polipo_atom "general" "localDocumentRoot" '"' "1" >> $CFGFILE
-
- service_start /usr/sbin/polipo -c "$CFGFILE"
-}
-
-stop() {
- service_stop /usr/sbin/polipo -c "$CFGFILE"
-}
-
-polipo_config() {
- echo "### SECTION $1" >> $CFGFILE
-
- string_options='authCredentials authRealm dnsNameServer forbiddenFile
- forbiddenUrl logFacility pidFile parentAuthCredentials parentProxy
- proxyAddress proxyName redirector socksParentProxy socksProxyType
- socksUserName uncachableFile'
-
- number_options='bigBufferSize chunkCriticalMark chunkHighMark chunkLowMark
- diskCacheDirectoryPermissions diskCacheFilePermissions
- diskCacheTruncateSize diskCacheWriteoutOnClose forbiddenRedirectCode
- logFilePermissions logLevel maxDiskCacheEntrySize maxDiskEntries
- maxObjectsWhenIdle maxPipelineTrain maxSideBuffering maxWriteoutWhenIdle
- objectHashTableSize objectHighMark pmmFirstSize pmmSize proxyPort
- publicObjectLowMark redirectorRedirectCode replyUnpipelineSize
- serverMaxSlots serverSlots serverSlots1 maxAgeFraction'
-
- time_options='clientTimeout diskCacheTruncateTime diskCacheUnlinkTime
- dnsGethostbynameTtl dnsMaxTimeout dnsNegativeTtl idleTime maxAge
- maxConnectionAge maxConnectionRequests maxExpiresAge maxNoModifiedAge
- replyUnpipelineTime serverExpireTime serverIdleTimeout serverTimeout
- smallRequestTime'
-
- multistate_options='censorReferer dnsQueryIPv6 dnsUseGethostbyname
- dontTrustVaryETag expectContinue pipelineAdditionalRequests
- useTemporarySourceAddress relaxTransparency'
-
- boolean_options='cacheIsShared daemonise disableConfiguration disableIndexing
- disableLocalInterface disableProxy disableServersList disableVia
- dontCacheCookies dontCacheRedirects logSyslog mindlesslyCacheVary
- preciseExpiry proxyOffline scrubLogs laxHttpParser'
-
- string_list_options='allowedClients censoredHeaders'
-
- number_list_options='allowedPorts tunnelAllowedPorts'
-
- for option in $string_options; do
- polipo_atom "$1" "$option" '"' >> $CFGFILE
- done
-
- for option in $number_options; do
- polipo_atom "$1" "$option" >> $CFGFILE
- done
-
- for option in $time_options; do
- polipo_atom "$1" "$option" >> $CFGFILE
- done
-
- for option in $multistate_options; do
- polipo_atom "$1" "$option" >> $CFGFILE
- done
-
- for option in $boolean_options; do
- polipo_boolean "$1" "$option" >> $CFGFILE
- done
-
- for option in $string_list_options; do
- polipo_list "$1" "$option" '"' >> $CFGFILE
- done
-
- for option in $number_list_options; do
- polipo_list "$1" "$option" >> $CFGFILE
- done
-}
-
-polipo_atom() {
- local SECTION=$1
- local OPTION=$2
- local QUOTE=$3
- local EMPTY_DISABLED=${4:-0}
-
- config_get _value "$SECTION" "$OPTION"
- [ -n "$_value" -o "$EMPTY_DISABLED" -eq "1" ] && {
- echo "$OPTION = ${QUOTE}${_value}${QUOTE}"
- }
-}
-
-polipo_boolean() {
- local SECTION=$1
- local OPTION=$2
-
- config_get_bool _value "$SECTION" "$OPTION"
- [ -n "$_value" ] && {
- [ "$_value" -eq "1" ] && _value="true" || _value="false"
- echo "$OPTION = $_value"
- }
-}
-
-polipo_list() {
- local SECTION=$1
- local OPTION=$2
- local QUOTE=$3
-
- config_get _value "$SECTION" "$OPTION"
-
- [ "$SECTION" = general ] && [ "$OPTION" = allowedClients ] && {
- case "$_value" in
- *127.0.0.1*) : ;;
- *) _value="127.0.0.1 $_value" ;;
- esac
- }
-
- [ -n "$_value" ] && {
- echo -n "$OPTION = "
-
- local FIRST=1
- for entry in $_value; do
- [ "$FIRST" -ne "1" ] && echo -n ", " || FIRST=0
-
- echo -n "${QUOTE}${entry}${QUOTE}"
- done
-
- echo ''
- }
-}
-
include $(TOPDIR)/rules.mk
PKG_NAME:=rclone
-PKG_VERSION:=1.66.0
+PKG_VERSION:=1.68.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/rclone/rclone/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=9249391867044a0fa4c5a948b46a03b320706b4d5c4d59db9d4aeff8d47cade2
+PKG_HASH:=6e0acbef1c9d21d7a4d53d876c374466de0966f2a1994a8ae448ea0c179ccc6a
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
PKG_NAME:=respondd
PKG_SOURCE_DATE:=2019-05-01
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/freifunk-gluon/respondd.git
{
config_get group "$1" group
config_get interfaces "$1" interface
- config_get disabled "$1" disabled 0
+ config_get_bool disabled "$1" disabled 0
if [ "$disabled" -gt "0" ]; then
return
+++ /dev/null
-#
-# Copyright (C) 2017-2020 Yousong Zhou <yszhou4tech@gmail.com>
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-# Checklist when bumping versions
-#
-# - update cipher list by checking src/crypto.c:crypto_init()
-# - check if default mode has changed from being tcp_only
-#
-PKG_NAME:=shadowsocks-libev
-PKG_VERSION:=3.3.5
-PKG_RELEASE:=11
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev/releases/download/v$(PKG_VERSION)
-PKG_HASH:=cfc8eded35360f4b67e18dc447b0c00cddb29cc57a3cec48b135e5fb87433488
-
-PKG_MAINTAINER:=Yousong Zhou <yszhou4tech@gmail.com>
-
-PKG_LICENSE:=GPL-3.0-or-later
-PKG_LICENSE_FILES:=LICENSE
-PKG_CPE_ID:=cpe:/a:shadowsocks:shadowsocks-libev
-
-PKG_FIXUP:=autoreconf
-PKG_INSTALL:=1
-PKG_BUILD_FLAGS:=no-mips16 lto
-PKG_BUILD_PARALLEL:=1
-PKG_BUILD_DEPENDS:=c-ares pcre2
-
-include $(INCLUDE_DIR)/package.mk
-
-
-define Package/shadowsocks-libev-config
- SECTION:=net
- CATEGORY:=Network
- SUBMENU:=Web Servers/Proxies
- TITLE:=shadowsocks-libev config scripts
- URL:=https://github.com/shadowsocks/shadowsocks-libev
-endef
-
-define Package/shadowsocks-libev-config/conffiles
-/etc/config/shadowsocks-libev
-endef
-
-define Package/shadowsocks-libev-config/install
- $(INSTALL_DIR) $(1)/etc/config
- $(INSTALL_DATA) ./files/shadowsocks-libev.config $(1)/etc/config/shadowsocks-libev
- $(INSTALL_DIR) $(1)/etc/init.d
- $(INSTALL_BIN) ./files/shadowsocks-libev.init $(1)/etc/init.d/shadowsocks-libev
-endef
-
-
-define Package/shadowsocks-libev/Default
- define Package/shadowsocks-libev-$(1)
- SECTION:=net
- CATEGORY:=Network
- SUBMENU:=Web Servers/Proxies
- TITLE:=shadowsocks-libev $(1)
- URL:=https://github.com/shadowsocks/shadowsocks-libev
- DEPENDS:=+libev +libmbedtls +libpthread +libsodium +shadowsocks-libev-config $(DEPENDS_$(1))
- endef
-
- define Package/shadowsocks-libev-$(1)/install
- $$(INSTALL_DIR) $$(1)/usr/bin
- $$(INSTALL_BIN) $$(PKG_INSTALL_DIR)/usr/bin/$(1) $$(1)/usr/bin
- endef
-
-endef
-
-DEPENDS_ss-local = +libpcre2
-DEPENDS_ss-server = +libcares +libpcre2
-
-SHADOWSOCKS_COMPONENTS:=ss-local ss-redir ss-tunnel ss-server
-define shadowsocks-libev/templates
- $(foreach component,$(SHADOWSOCKS_COMPONENTS),
- $(call Package/shadowsocks-libev/Default,$(component))
- )
-endef
-$(eval $(call shadowsocks-libev/templates))
-
-
-define Package/shadowsocks-libev-ss-rules
- SECTION:=net
- CATEGORY:=Network
- SUBMENU:=Web Servers/Proxies
- TITLE:=shadowsocks-libev ss-rules
- URL:=https://github.com/shadowsocks/shadowsocks-libev
- DEPENDS:=+firewall4 \
- +ip \
- +resolveip \
- +ucode \
- +ucode-mod-fs \
- +shadowsocks-libev-ss-redir \
- +shadowsocks-libev-config \
- +kmod-nft-tproxy
-endef
-
-define Package/shadowsocks-libev-ss-rules/install
- $(INSTALL_DIR) $(1)/usr/share/ss-rules
- $(INSTALL_DATA) ./files/ss-rules/* $(1)/usr/share/ss-rules/
-endef
-
-define Build/Prepare
- $(call Build/Prepare/Default)
- $(FIND) $(PKG_BUILD_DIR) \
- -name '*.o' \
- -o -name '*.lo' \
- -o -name '.deps' \
- -o -name '.libs' \
- | $(XARGS) rm -rvf
-endef
-
-CONFIGURE_ARGS += \
- --disable-documentation \
- --disable-silent-rules \
- --disable-assert \
- --disable-ssp \
-
-TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed
-
-$(eval $(call BuildPackage,shadowsocks-libev-config))
-$(eval $(call BuildPackage,shadowsocks-libev-ss-rules))
-$(foreach component,$(SHADOWSOCKS_COMPONENTS), \
- $(eval $(call BuildPackage,shadowsocks-libev-$(component))) \
-)
+++ /dev/null
-Skip to [recipes](#recipes) for quick setup instructions
-
-# components
-
-`ss-local` provides SOCKS5 proxy with UDP associate support.
-
- socks5 ss plain
- --------> tcp:local_address:local_port ----> ss server -------> dest
-
-`ss-redir`. The REDIRECT and TPROXY part are to be provided by `ss-rules` script. REDIRECT is for tcp traffic (`SO_ORIGINAL_DST` only supports TCP). TPROXY is for udp messages, but it's only available in the PREROUTING chain and as such cannot proxy local out traffic.
-
- plain plain ss plain
- ---------> REDIRECT ------> tcp:local_address:local_port ----> ss server -----> original dest
-
- plain plain ss plain
- ---------> TPROXY -------> udp:local_address:local_port -----> ss server -----> original dest
-
-`ss-tunnel` provides ssh `-L` local-forwarding-like tunnel. Typically it's used to tunnel DNS traffic to the remote.
-
- plain ss plain
- ---------> tcp|udp:local_address:local_port ------> ss server -------> tunnel_address
-
-`ss-server`, the "ss server" in the above diagram
-
-# uci
-
-Option names are the same as those used in json config files. Check `validate_xxx` func definition of the [service script](files/shadowsocks-libev.init) and shadowsocks-libev's own documentation for supported options and expected value types. A [sample config file](files/shadowsocks-libev.config) is also provided for reference.
-
-Every section have a `disabled` option to temporarily turn off the component instance or component instances referring to it.
-
-Section type `server` is for definition of remote shadowsocks servers. They will be referred to from other component sections and as such should be named (as compared to anonymous section).
-
-Section type `ss_local`, `ss_redir`, `ss_tunnel` are for specification of shadowsocks-libev components. They share mostly a common set of options like `local_port`, `verbose`, `fast_open`, `timeout`, etc.
-
-Plugin options should be specified in `server` section and will be inherited by other compoenents referring to it.
-
-We can have multiple instances of component and `server` sections. The relationship between them is many-to-one. This will have the following implications
-
- - It's possible to have both `ss_local` and `ss_redir` referring to the same `server` definition
- - It's possible to have multiple instances of `ss_redir` listening on the same address:port with `reuse_port` enabled referring to the same or different `server` sections
-
-`ss_rules` section is for configuring the behaviour of `ss-rules` script. There can only exist at most one such section with the name also being `ss_rules`
-
- redir_tcp name of ss_redir section with mode tcp_only or tcp_and_udp
- redir_udp name of ss_redir section with mode udp_only or tcp_and_udp
- ifnames only apply rules on packets from these ifnames
-
- --- for incoming packets having source address in
-
- src_ips_bypass will bypass the redir chain
- src_ips_forward will always go through the redir chain
- src_ips_checkdst will continue to have their destination addresses checked
-
- --- otherwise, the default action can be specified with
-
- src_default bypass, forward, [checkdst]
-
- --- if the previous check result is checkdst,
- --- then packets having destination address in
-
- dst_ips_bypass_file
- dst_ips_bypass will bypass the redir chain
- dst_ips_forward_file
- dst_ips_forward will go through the redir chain
-
- --- otherwise, the default action can be specified with
-
- dst_default [bypass], forward
-
- --- for local out tcp packets, the default action can be specified with
-
- local_default [bypass], forward, checkdst
-
-ss-rules now uses nft set for storing addresses/networks. Those set names are also part of the API and can be populated by other programs, e.g. dnsmasq with builtin nft set support. Note that while nftables set supports storing cidr networks when `interval` flag is on, it rejects elements with overlaping intervals.
-
-Extra nftables expressions can be specified with `nft_tcp_extra` and `nft_udp_extra` to apply ss_rules only to selected tcp/udp traffics. E.g. `tcp dport { 80, 443 }`, `udp dport 53`, etc.
-
-# incompatible changes
-
-| Commit date | Commit ID | Subject | Comment |
-| ----------- | --------- | ------- | ------- |
-| 2022-03-01 | fdaf2de2a | shadowsocks-libev: ss-rules: convert to using nft | ss-rules now uses nftables. UCI option ipt_args and dst_forward_recentrst are now deprecated and removed |
-| 2020-08-03 | 7d7cbae75 | shadowsocks-libev: support ss-server option local_address_{v4,v6} | ss_server bind_address now deprecated, use local_address |
-| 2019-05-09 | afe7d3424 | shadowsocks-libev: move plugin options to server section | This is a revision against c19e949 committed 2019-05-06 |
-| 2017-07-02 | b61af9703 | shadowsocks-libev: rewrite | Packaging of shadowsocks-libev was rewritten from scratch |
-
-# notes and faq
-
-Useful paths and commands for debugging
-
- # check current running status
- ubus call service list '{"name": "shadowsocks-libev"}'
- ubus call service list '{"name": "shadowsocks-libev", "verbose": true}'
-
- # dump validate definition
- ubus call service validate '{"package": "shadowsocks-libev"}'
- ubus call service validate '{"package": "shadowsocks-libev"}' \
- | jsonfilter -e '$["shadowsocks-libev"]["ss_tunnel"]'
-
- # check json config
- ls -l /var/etc/shadowsocks-libev/
-
- # set uci config option verbose to 1, restart the service and follow the log
- logread -f
-
-ss-redir needs to open a new socket and setsockopt IP_TRANSPARENT when sending udp reply to client. This requires `CAP_NET_ADMIN` and as such the process cannot run as `nobody`
-
-ss-local, ss-redir, etc. supports specifying an array of remote ss server, but supporting this in uci seems to be overkill. The workaround can be defining multiple `server` sections and multiple `ss-redir` instances with `reuse_port` enabled
-
-# recipes
-
-## forward all
-
-This will setup firewall rules to forward almost all incoming tcp/udp and locally generated tcp traffic (excluding those to private addresses like 192.168.0.0/16 etc.) through remote shadowsocks server
-
-Install components.
-Retry each command till it succeed
-
- opkg install shadowsocks-libev-ss-redir
- opkg install shadowsocks-libev-ss-rules
- opkg install shadowsocks-libev-ss-tunnel
-
-Edit uci config `/etc/config/shadowsocks-libev`.
-Replace `config server 'sss0'` section with parameters of your own remote shadowsocks server.
-As for other options, change them only when you know the effect.
-
- config server 'sss0'
- option disabled 0
- option server '_sss_addr_'
- option server_port '_sss_port_'
- option password '********'
- option method 'aes-256-cfb'
-
- config ss_tunnel
- option disabled 0
- option server 'sss0'
- option local_address '0.0.0.0'
- option local_port '8053'
- option tunnel_address '8.8.8.8:53'
- option mode 'tcp_and_udp'
-
- config ss_redir ssr0
- option disabled 0
- option server 'sss0'
- option local_address '0.0.0.0'
- option local_port '1100'
- option mode 'tcp_and_udp'
- option reuse_port 1
-
- config ss_rules 'ss_rules'
- option disabled 0
- option redir_tcp 'ssr0'
- option redir_udp 'ssr0'
- option src_default 'checkdst'
- option dst_default 'forward'
- option local_default 'forward'
-
-Restart shadowsocks-libev components
-
- /etc/init.d/shadowsocks-libev restart
-
-Check if things are in place
-
- nft list ruleset | sed -r -n '/^\t[a-z]+ ss_rules[^ ]+ \{/,/^\t\}/p'
- netstat -lntp | grep -E '8053|1100'
- ps ww | grep ss-
-
-Edit `/etc/config/dhcp`, making sure options are present in the first dnsmasq section like the following to let it use local tunnel endpoint for upstream dns query.
-Option `noresolv` instructs dnsmasq to not use other dns servers like advertised by local isp.
-Option `localuse` intends to make sure the device you are configuring also uses this dnsmasq instance as the resolver, not the ones from other sources.
-
- config dnsmasq
- ...
- list server '127.0.0.1#8053'
- option noresolv 1
- option localuse 1
-
-Restart dnsmasq
-
- /etc/init.d/dnsmasq restart
-
-Check network on your computer
-
- nslookup www.google.com
- curl -vv https://www.google.com
+++ /dev/null
-config ss_local
- option disabled 1
- option server 'sss0'
- option local_address '0.0.0.0'
- option local_port '1080'
- option timeout '30'
-
-config ss_tunnel
- option disabled 1
- option server 'sss0'
- option local_address '0.0.0.0'
- option local_port '1090'
- option tunnel_address 'example.com:80'
- option mode 'tcp_and_udp'
- option timeout '60'
-
-config ss_redir hi
- option disabled 1
- option server 'sss0'
- option local_address '0.0.0.0'
- option local_port '1100'
- option mode 'tcp_and_udp'
- option timeout '60'
- option fast_open 1
- option verbose 1
- option reuse_port 1
-
-config ss_redir hj
- option disabled 1
- option server 'sss0'
- option local_address '0.0.0.0'
- option local_port '1100'
- option mode 'tcp_and_udp'
- option timeout '60'
- option fast_open 1
- option verbose 1
- option reuse_port 1
-
-config ss_rules 'ss_rules'
- option disabled 1
- option redir_tcp 'hi'
- option redir_udp 'hi'
- option src_default 'checkdst'
- option dst_default 'bypass'
- option local_default 'checkdst'
- list src_ips_forward '192.168.1.4'
- list dst_ips_forward '8.8.8.8'
-
-config server 'sss0'
- option disabled 1
- option server '192.168.1.3'
- option server_port '9001'
- option password '********'
- option method 'aes-256-cfb'
-
-config ss_server
- option disabled 1
- option server_port '9001'
- option password '********'
- option method 'aes-256-cfb'
+++ /dev/null
-#!/bin/sh /etc/rc.common
-#
-# Copyright (C) 2017-2019 Yousong Zhou <yszhou4tech@gmail.com>
-#
-# This is free software, licensed under the GNU General Public License v3.
-# See /LICENSE for more information.
-#
-
-USE_PROCD=1
-START=99
-
-ss_confdir=/var/etc/shadowsocks-libev
-ss_bindir=/usr/bin
-
-ssrules_uc="/usr/share/ss-rules/ss-rules.uc"
-ssrules_nft="/etc/nftables.d/90-ss-rules.nft"
-
-ss_mkjson_server_conf() {
- local cfgserver
-
- config_get cfgserver "$cfg" server
- [ -n "$cfgserver" ] || return 1
- eval "$(validate_server_section "$cfg" ss_validate_mklocal)"
- validate_server_section "$cfgserver" || return 1
- [ "$disabled" = 0 ] || return 1
- ss_mkjson_server_conf_ "$cfgserver"
-}
-
-ss_mkjson_server_conf_() {
- [ -n "$server_port" ] || return 1
- [ -z "$server" ] || json_add_string server "$server"
- json_add_int server_port "$server_port"
- [ -z "$method" ] || json_add_string method "$method"
- [ -z "$key" ] || json_add_string key "$key"
- [ -z "$password" ] || json_add_string password "$password"
- [ -z "$plugin" ] || json_add_string plugin "$plugin"
- [ -z "$plugin_opts" ] || json_add_string plugin_opts "$plugin_opts"
-}
-
-ss_mkjson_ss_local_conf() {
- ss_mkjson_server_conf
-}
-
-ss_mkjson_ss_redir_conf() {
- ss_mkjson_server_conf
-}
-
-ss_mkjson_ss_server_conf() {
- ss_mkjson_server_conf_
-}
-
-ss_mkjson_ss_tunnel_conf() {
- ss_mkjson_server_conf || return 1
- [ -n "$tunnel_address" ] || return 1
- json_add_string tunnel_address "$tunnel_address"
-}
-
-ss_xxx() {
- local cfg="$1"
- local cfgtype="$2"
- local bin="$ss_bindir/${cfgtype/_/-}"
- local confjson="$ss_confdir/$cfgtype.$cfg.json"
-
- [ -x "$bin" ] || return
- eval "$("validate_${cfgtype}_section" "$cfg" ss_validate_mklocal)"
- "validate_${cfgtype}_section" "$cfg" || return
- [ "$disabled" = 0 ] || return
-
- json_init
- ss_mkjson_${cfgtype}_conf || return
- json_add_boolean use_syslog 1
- json_add_boolean ipv6_first "$ipv6_first"
- json_add_boolean fast_open "$fast_open"
- json_add_boolean reuse_port "$reuse_port"
- json_add_boolean no_delay "$no_delay"
- [ -z "$local_address" ] || json_add_string local_address "$local_address"
- [ -z "$local_port" ] || json_add_int local_port "$local_port"
- [ -z "$local_ipv4_address" ] || json_add_string local_ipv4_address "$local_ipv4_address"
- [ -z "$local_ipv6_address" ] || json_add_string local_ipv6_address "$local_ipv6_address"
- [ -z "$mode" ] || json_add_string mode "$mode"
- [ -z "$mtu" ] || json_add_int mtu "$mtu"
- [ -z "$timeout" ] || json_add_int timeout "$timeout"
- [ -z "$user" ] || json_add_string user "$user"
- [ -z "$acl" ] || json_add_string acl "$acl"
- json_dump -i >"$confjson"
-
- procd_open_instance "$cfgtype.$cfg"
- procd_set_param command "$bin" -c "$confjson"
- [ "$verbose" = 0 ] || procd_append_param command -v
- if [ -n "$bind_address" ]; then
- echo "$cfgtype $cfg: uci option bind_address deprecated, please switch to local_address" >&2
- procd_append_param command -b "$bind_address"
- fi
- procd_set_param file "$confjson"
- procd_set_param respawn
- procd_close_instance
- ss_rules_cb
-}
-
-ss_rules_cb() {
- local cfgserver server
-
- if [ "$cfgtype" = ss_redir ]; then
- config_get cfgserver "$cfg" server
- config_get server "$cfgserver" server
- ss_redir_servers="$ss_redir_servers $server"
- if [ "$mode" = tcp_only -o "$mode" = "tcp_and_udp" ]; then
- eval "ss_rules_redir_tcp_$cfg=$local_port"
- fi
- if [ "$mode" = udp_only -o "$mode" = "tcp_and_udp" ]; then
- eval "ss_rules_redir_udp_$cfg=$local_port"
- fi
- fi
-}
-
-ss_rules_nft_gen() {
- local cfg="ss_rules"
- local cfgtype
- local local_port_tcp local_port_udp
- local remote_servers
-
- [ -s "$ssrules_uc" ] || return 1
-
- config_get cfgtype "$cfg" TYPE
- [ "$cfgtype" = ss_rules ] || return 1
-
- eval "$(validate_ss_rules_section "$cfg" ss_validate_mklocal)"
- validate_ss_rules_section "$cfg" || return 1
- [ "$disabled" = 0 ] || return 2
-
- eval local_port_tcp="\$ss_rules_redir_tcp_$redir_tcp"
- eval local_port_udp="\$ss_rules_redir_udp_$redir_udp"
- [ -n "$local_port_tcp" -o -n "$local_port_udp" ] || return 1
- remote_servers="$(echo $ss_redir_servers \
- | tr ' ' '\n' \
- | sort -u \
- | xargs -n 1 resolveip \
- | sort -u)"
-
- local tmp="/tmp/ssrules"
- json_init
- json_add_string o_remote_servers "$remote_servers"
- json_add_int o_redir_tcp_port "$local_port_tcp"
- json_add_int o_redir_udp_port "$local_port_udp"
- json_add_string o_ifnames "$ifnames"
- json_add_string o_local_default "$local_default"
- json_add_string o_src_bypass "$src_ips_bypass"
- json_add_string o_src_forward "$src_ips_forward"
- json_add_string o_src_checkdst "$src_ips_checkdst"
- json_add_string o_src_default "$src_default"
- json_add_string o_dst_bypass "$dst_ips_bypass"
- json_add_string o_dst_forward "$dst_ips_forward"
- json_add_string o_dst_bypass_file "$dst_ips_bypass_file"
- json_add_string o_dst_forward_file "$dst_ips_forward_file"
- json_add_string o_dst_default "$dst_default"
- json_add_string o_nft_tcp_extra "$nft_tcp_extra"
- json_add_string o_nft_udp_extra "$nft_udp_extra"
- json_dump -i >"$tmp.json"
-
- if utpl -S -F "$tmp.json" "$ssrules_uc" >"$tmp.nft" \
- && ! cmp -s "$tmp.nft" "$ssrules_nft"; then
- echo "table inet chk {include \"$tmp.nft\";}" >"$tmp.nft.chk"
- if nft -f "$tmp.nft.chk" -c; then
- mv "$tmp.nft" "$ssrules_nft"
- fw4 restart
- fi
- rm -f "$tmp.nft.chk"
- fi
- rm -f "$tmp.json"
- rm -f "$tmp.nft"
-}
-
-ss_rules_nft_reset() {
- if [ -f "$ssrules_nft" ]; then
- rm -f "$ssrules_nft"
- fw4 restart
- fi
-}
-
-ss_rules() {
- if ! ss_rules_nft_gen; then
- ss_rules_nft_reset
- fi
-}
-
-start_service() {
- local cfgtype
-
- mkdir -p "$ss_confdir"
- config_load shadowsocks-libev
- for cfgtype in ss_local ss_redir ss_server ss_tunnel; do
- config_foreach ss_xxx "$cfgtype" "$cfgtype"
- done
- ss_rules
-}
-
-stop_service() {
- ss_rules_nft_reset
- rm -rf "$ss_confdir"
-}
-
-service_triggers() {
- procd_add_reload_interface_trigger wan
- procd_add_reload_trigger shadowsocks-libev
- procd_open_validate
- validate_server_section
- validate_ss_local_section
- validate_ss_redir_section
- validate_ss_rules_section
- validate_ss_server_section
- validate_ss_tunnel_section
- procd_close_validate
-}
-
-ss_validate_mklocal() {
- local tuple opts
-
- shift 2
- for tuple in "$@"; do
- opts="${tuple%%:*} $opts"
- done
- [ -z "$opts" ] || echo "local $opts"
-}
-
-ss_validate() {
- uci_validate_section shadowsocks-libev "$@"
-}
-
-validate_common_server_options_() {
- local cfgtype="$1"; shift
- local cfg="$1"; shift
- local func="$1"; shift
- local stream_methods='"table", "rc4", "rc4-md5", "aes-128-cfb", "aes-192-cfb", "aes-256-cfb", "aes-128-ctr", "aes-192-ctr", "aes-256-ctr", "bf-cfb", "camellia-128-cfb", "camellia-192-cfb", "camellia-256-cfb", "salsa20", "chacha20", "chacha20-ietf"'
- local aead_methods='"aes-128-gcm", "aes-192-gcm", "aes-256-gcm", "chacha20-ietf-poly1305", "xchacha20-ietf-poly1305"'
-
- "${func:-ss_validate}" "$cfgtype" "$cfg" "$@" \
- 'disabled:bool:0' \
- 'server:host' \
- 'server_port:port' \
- 'password:string' \
- 'key:string' \
- "method:or($stream_methods, $aead_methods)" \
- 'plugin:string' \
- 'plugin_opts:string'
-}
-
-validate_common_client_options_() {
- validate_common_options_ "$@" \
- 'server:uci("shadowsocks-libev", "@server")' \
- 'local_address:ipaddr:0.0.0.0' \
- 'local_port:port'
-}
-
-validate_common_options_() {
- local cfgtype="$1"; shift
- local cfg="$1"; shift
- local func="$1"; shift
-
- "${func:-ss_validate}" "$cfgtype" "$cfg" "$@" \
- 'disabled:bool:0' \
- 'fast_open:bool:0' \
- 'ipv6_first:bool:0' \
- 'no_delay:bool:0' \
- 'reuse_port:bool:0' \
- 'verbose:bool:0' \
- 'mode:or("tcp_only", "udp_only", "tcp_and_udp"):tcp_only' \
- 'mtu:uinteger' \
- 'timeout:uinteger' \
- 'user:string'
-}
-
-validate_server_section() {
- validate_common_server_options_ server "$1" "$2"
-}
-
-validate_ss_local_section() {
- validate_common_client_options_ ss_local "$1" "$2" \
- 'acl:file'
-}
-
-validate_ss_redir_section() {
- validate_common_client_options_ ss_redir "$1" "$2"
-}
-
-validate_ss_rules_section() {
- "${2:-ss_validate}" ss_rules "$1" \
- 'disabled:bool:0' \
- 'redir_tcp:uci("shadowsocks-libev", "@ss_redir")' \
- 'redir_udp:uci("shadowsocks-libev", "@ss_redir")' \
- 'src_ips_bypass:or(ipaddr,cidr)' \
- 'src_ips_forward:or(ipaddr,cidr)' \
- 'src_ips_checkdst:or(ipaddr,cidr)' \
- 'dst_ips_bypass_file:file' \
- 'dst_ips_bypass:or(ipaddr,cidr)' \
- 'dst_ips_forward_file:file' \
- 'dst_ips_forward:or(ipaddr,cidr)' \
- 'src_default:or("bypass", "forward", "checkdst"):checkdst' \
- 'dst_default:or("bypass", "forward"):bypass' \
- 'local_default:or("bypass", "forward", "checkdst"):bypass' \
- 'nft_tcp_extra:string' \
- 'nft_udp_extra:string' \
- 'ifnames:maxlength(15)'
-}
-
-validate_ss_server_section() {
- validate_common_server_options_ ss_server "$1" \
- validate_common_options_ \
- "$2" \
- 'local_address:ipaddr' \
- 'local_ipv4_address:ip4addr' \
- 'local_ipv6_address:ip6addr' \
- 'bind_address:ipaddr' \
- 'acl:file'
-}
-
-validate_ss_tunnel_section() {
- validate_common_client_options_ ss_tunnel "$1" \
- "$2" \
- 'tunnel_address:regex(".+\:[0-9]+")'
-}
+++ /dev/null
-{%
-function get_local_verdict() {
- let v = o_local_default;
- if (v == "checkdst") {
- return "goto ss_rules_dst_" + proto;
- } else if (v == "forward") {
- return "goto ss_rules_forward_" + proto;
- } else {
- return null;
- }
-}
-
-function get_src_default_verdict() {
- let v = o_src_default;
- if (v == "checkdst") {
- return "goto ss_rules_dst_" + proto;
- } else if (v == "forward") {
- return "goto ss_rules_forward_" + proto;
- } else {
- return "accept";
- }
-}
-
-function get_dst_default_verdict() {
- let v = o_dst_default;
- if (v == "forward") {
- return "goto ss_rules_forward_" + proto;
- } else {
- return "accept";
- }
-}
-
-function get_ifnames() {
- let res = [];
- for (let ifname in split(o_ifnames, /[ \t\n]/)) {
- ifname = trim(ifname);
- if (ifname) push(res, ifname);
- }
- return res;
-}
-
-let type, hook, priority, redir_port;
-if (proto == "tcp") {
- type = "nat";
- hook = "prerouting";
- priority = -1;
- redir_port = o_redir_tcp_port;
-} else if (proto == "udp") {
- type = "filter";
- hook = "prerouting";
- priority = "mangle";
- redir_port = o_redir_udp_port;
- if (system("
- set -o errexit
- iprr() {
- while ip $1 rule del fwmark 1 lookup 100 2>/dev/null; do true; done
- ip $1 rule add fwmark 1 lookup 100
- ip $1 route flush table 100 2>/dev/null || true
- ip $1 route add local default dev lo table 100
- }
- iprr -4
- iprr -6
- ") != 0) {
- return ;
- }
-} else {
- return;
-}
-
-%}
-{% if (redir_port): %}
-
-chain ss_rules_pre_{{ proto }} {
- type {{ type }} hook {{ hook }} priority {{ priority }};
- meta l4proto {{ proto }}{%- let ifnames=get_ifnames(); if (length(ifnames)): %} iifname { {{join(", ", ifnames)}} }{% endif %} goto ss_rules_pre_src_{{ proto }};
-}
-
-chain ss_rules_pre_src_{{ proto }} {
- ip daddr @ss_rules_dst_bypass_ accept;
- ip6 daddr @ss_rules6_dst_bypass_ accept;
- goto ss_rules_src_{{ proto }};
-}
-
-chain ss_rules_src_{{ proto }} {
- ip saddr @ss_rules_src_bypass accept;
- ip saddr @ss_rules_src_forward goto ss_rules_forward_{{ proto }};
- ip saddr @ss_rules_src_checkdst goto ss_rules_dst_{{ proto }};
- ip6 saddr @ss_rules6_src_bypass accept;
- ip6 saddr @ss_rules6_src_forward goto ss_rules_forward_{{ proto }};
- ip6 saddr @ss_rules6_src_checkdst goto ss_rules_dst_{{ proto }};
- {{ get_src_default_verdict() }};
-}
-
-chain ss_rules_dst_{{ proto }} {
- ip daddr @ss_rules_dst_bypass accept;
- ip daddr @ss_rules_dst_forward goto ss_rules_forward_{{ proto }};
- ip6 daddr @ss_rules6_dst_bypass accept;
- ip6 daddr @ss_rules6_dst_forward goto ss_rules_forward_{{ proto }};
- {{ get_dst_default_verdict() }};
-}
-
-{% if (proto == "tcp"): %}
-chain ss_rules_forward_{{ proto }} {
- meta l4proto tcp {{ o_nft_tcp_extra }} redirect to :{{ redir_port }};
-}
-{% let local_verdict = get_local_verdict(); if (local_verdict): %}
-chain ss_rules_local_out {
- type {{ type }} hook output priority -1;
- meta l4proto != tcp accept;
- ip daddr @ss_rules_dst_bypass_ accept;
- ip daddr @ss_rules_dst_bypass accept;
- ip6 daddr @ss_rules6_dst_bypass_ accept;
- ip6 daddr @ss_rules6_dst_bypass accept;
- {{ local_verdict }};
-}
-{% endif %}
-{% elif (proto == "udp"): %}
-chain ss_rules_forward_{{ proto }} {
- meta l4proto udp {{ o_nft_udp_extra }} meta mark set 1 tproxy to :{{ redir_port }};
-}
-{% endif %}
-{% endif %}
+++ /dev/null
-{%
-let fs = require("fs");
-
-let o_dst_bypass4_ = "
- 0.0.0.0/8
- 10.0.0.0/8
- 100.64.0.0/10
- 127.0.0.0/8
- 169.254.0.0/16
- 172.16.0.0/12
- 192.0.0.0/24
- 192.0.2.0/24
- 192.31.196.0/24
- 192.52.193.0/24
- 192.88.99.0/24
- 192.168.0.0/16
- 192.175.48.0/24
- 198.18.0.0/15
- 198.51.100.0/24
- 203.0.113.0/24
- 224.0.0.0/4
- 240.0.0.0/4
-";
-let o_dst_bypass6_ = "
- ::1/128
- ::/128
- ::ffff:0:0/96
- 64:ff9b:1::/48
- 100::/64
- fe80::/10
- 2001::/23
- fc00::/7
-";
-let o_dst_bypass_ = o_dst_bypass4_ + " " + o_dst_bypass6_;
-
-let set_suffix = {
- "src_bypass": {
- str: o_src_bypass,
- },
- "src_forward": {
- str: o_src_forward,
- },
- "src_checkdst": {
- str: o_src_checkdst,
- },
- "dst_bypass": {
- str: o_dst_bypass + " " + o_remote_servers,
- file: o_dst_bypass_file,
- },
- "dst_bypass_": {
- str: o_dst_bypass_,
- },
- "dst_forward": {
- str: o_dst_forward,
- file: o_dst_forward_file,
- },
- "dst_forward_rrst_": {},
-};
-
-function set_name(suf, af) {
- if (af == 4) {
- return "ss_rules_"+suf;
- } else {
- return "ss_rules6_"+suf;
- }
-}
-
-function set_elements_parse(res, str, af) {
- for (let addr in split(str, /[ \t\n]/)) {
- addr = trim(addr);
- if (!addr) continue;
- if (af == 4 && index(addr, ":") != -1) continue;
- if (af == 6 && index(addr, ":") == -1) continue;
- push(res, addr);
- }
-}
-
-function set_elements(suf, af) {
- let obj = set_suffix[suf];
- let res = [];
- let addr;
-
- let str = obj["str"];
- if (str) {
- set_elements_parse(res, str, af);
- }
-
- let file = obj["file"];
- if (file) {
- let fd = fs.open(file);
- if (fd) {
- str = fd.read("all");
- set_elements_parse(res, str, af);
- }
- }
-
- return res;
-}
-%}
-
-{% for (let suf in set_suffix): for (let af in [4, 6]): %}
-set {{ set_name(suf, af) }} {
- type ipv{{af}}_addr;
- flags interval;
- auto-merge;
-{% let elems = set_elements(suf, af); if (length(elems)): %}
- elements = {
-{% for (let i = 0; i < length(elems); i++): %}
- {{ elems[i] }}{% if (i < length(elems) - 1): %},{% endif %}{% print("\n") %}
-{% endfor %}
- }
-{% endif %}
-}
-{% endfor; endfor %}
+++ /dev/null
-{%
-
-include("set.uc");
-include("chain.uc", {proto: "tcp"});
-include("chain.uc", {proto: "udp"});
-
-%}
-
+++ /dev/null
-From d4f4d9761cbd41c3ab6de79383ff39b9f97bf452 Mon Sep 17 00:00:00 2001
-From: Syrone Wong <wong.syrone@gmail.com>
-Date: Sat, 18 Nov 2017 20:06:50 +0800
-Subject: [PATCH] Upgrade PCRE to PCRE2
-
-- Use 8bit variant by default
-
-This comes from a PR closed and never reopen as at times PCRE2 was too
-new(???.)
-
-Ref: https://github.com/shadowsocks/shadowsocks-libev/pull/1792
-Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
-[ squash the first 2 patch from PR, drop the last one ]
-Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
----
- .travis.yml | 9 ++-
- configure.ac | 8 +--
- m4/pcre.m4 | 152 ------------------------------------------
- m4/pcre2.m4 | 181 +++++++++++++++++++++++++++++++++++++++++++++++++++
- src/rule.c | 53 ++++++++++++---
- src/rule.h | 23 +++++--
- 6 files changed, 253 insertions(+), 173 deletions(-)
- delete mode 100644 m4/pcre.m4
- create mode 100644 m4/pcre2.m4
-
-# diff --git a/.travis.yml b/.travis.yml
-# index ee3424c..e7da08c 100644
-# --- a/.travis.yml
-# +++ b/.travis.yml
-# @@ -11,11 +11,12 @@ env:
-# global:
-# - LIBSODIUM_VER=1.0.12
-# - MBEDTLS_VER=2.4.0
-# + - PCRE2_VER=10.30
-# before_install:
-# - |
-# if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then
-# # All dependencies for macOS build. Some packages has been installed by travis so use reinstall.
-# - brew reinstall autoconf automake xmlto c-ares libev mbedtls libsodium asciidoc >> /dev/null 2>&1;
-# + brew reinstall autoconf automake xmlto pcre2 c-ares libev mbedtls libsodium asciidoc >> /dev/null 2>&1;
-# else
-# wget https://github.com/jedisct1/libsodium/releases/download/$LIBSODIUM_VER/libsodium-$LIBSODIUM_VER.tar.gz;
-# tar xvf libsodium-$LIBSODIUM_VER.tar.gz;
-# @@ -29,6 +30,12 @@ before_install:
-# make SHARED=1;
-# sudo make install;
-# popd;
-# + wget https://ftp.pcre.org/pub/pcre/pcre2-$PCRE2_VER.tar.gz;
-# + tar xvf pcre2-$PCRE2_VER.tar.gz;
-# + pushd pcre2-$PCRE2_VER;
-# + ./configure --prefix=/usr --enable-pcre2-16 --enable-pcre2-32 && make;
-# + sudo make install;
-# + popd;
-# # Load cached docker images
-# if [[ -d $HOME/docker ]]; then
-# ls $HOME/docker/*.tar.gz | xargs -I {file} sh -c "zcat {file} | docker load";
---- a/configure.ac
-+++ b/configure.ac
-@@ -20,10 +20,10 @@ AC_DISABLE_STATIC
- AC_DISABLE_SHARED
- LT_INIT([dlopen])
-
--dnl Check for pcre library
--TS_CHECK_PCRE
--if test "x${enable_pcre}" != "xyes"; then
-- AC_MSG_ERROR([Cannot find pcre library. Configure --with-pcre=DIR])
-+dnl Check for pcre2 library
-+TS_CHECK_PCRE2
-+if test "x${enable_pcre2}" != "xyes"; then
-+ AC_MSG_ERROR([Cannot find pcre2 library. Configure --with-pcre2=DIR])
- fi
-
- dnl Checks for using shared libraries from system
---- a/m4/pcre.m4
-+++ /dev/null
-@@ -1,152 +0,0 @@
--dnl -------------------------------------------------------- -*- autoconf -*-
--dnl Licensed to the Apache Software Foundation (ASF) under one or more
--dnl contributor license agreements. See the NOTICE file distributed with
--dnl this work for additional information regarding copyright ownership.
--dnl The ASF licenses this file to You under the Apache License, Version 2.0
--dnl (the "License"); you may not use this file except in compliance with
--dnl the License. You may obtain a copy of the License at
--dnl
--dnl http://www.apache.org/licenses/LICENSE-2.0
--dnl
--dnl Unless required by applicable law or agreed to in writing, software
--dnl distributed under the License is distributed on an "AS IS" BASIS,
--dnl WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
--dnl See the License for the specific language governing permissions and
--dnl limitations under the License.
--
--dnl
--dnl TS_ADDTO(variable, value)
--dnl
--dnl Add value to variable
--dnl
--AC_DEFUN([TS_ADDTO], [
-- if test "x$$1" = "x"; then
-- test "x$verbose" = "xyes" && echo " setting $1 to \"$2\""
-- $1="$2"
-- else
-- ats_addto_bugger="$2"
-- for i in $ats_addto_bugger; do
-- ats_addto_duplicate="0"
-- for j in $$1; do
-- if test "x$i" = "x$j"; then
-- ats_addto_duplicate="1"
-- break
-- fi
-- done
-- if test $ats_addto_duplicate = "0"; then
-- test "x$verbose" = "xyes" && echo " adding \"$i\" to $1"
-- $1="$$1 $i"
-- fi
-- done
-- fi
--])dnl
--
--dnl
--dnl TS_ADDTO_RPATH(path)
--dnl
--dnl Adds path to variable with the '-rpath' directive.
--dnl
--AC_DEFUN([TS_ADDTO_RPATH], [
-- AC_MSG_NOTICE([adding $1 to RPATH])
-- TS_ADDTO(LIBTOOL_LINK_FLAGS, [-R$1])
--])dnl
--
--dnl
--dnl pcre.m4: Trafficserver's pcre autoconf macros
--dnl
--
--dnl
--dnl TS_CHECK_PCRE: look for pcre libraries and headers
--dnl
--AC_DEFUN([TS_CHECK_PCRE], [
--enable_pcre=no
--AC_ARG_WITH(pcre, [AC_HELP_STRING([--with-pcre=DIR],[use a specific pcre library])],
--[
-- if test "x$withval" != "xyes" && test "x$withval" != "x"; then
-- pcre_base_dir="$withval"
-- if test "$withval" != "no"; then
-- enable_pcre=yes
-- case "$withval" in
-- *":"*)
-- pcre_include="`echo $withval |sed -e 's/:.*$//'`"
-- pcre_ldflags="`echo $withval |sed -e 's/^.*://'`"
-- AC_MSG_CHECKING(checking for pcre includes in $pcre_include libs in $pcre_ldflags )
-- ;;
-- *)
-- pcre_include="$withval/include"
-- pcre_ldflags="$withval/lib"
-- AC_MSG_CHECKING(checking for pcre includes in $withval)
-- ;;
-- esac
-- fi
-- fi
--],
--[
-- AC_CHECK_PROG(PCRE_CONFIG, pcre-config, pcre-config)
-- if test "x$PCRE_CONFIG" != "x"; then
-- enable_pcre=yes
-- pcre_base_dir="`$PCRE_CONFIG --prefix`"
-- pcre_include="`$PCRE_CONFIG --cflags | sed -es/-I//`"
-- pcre_ldflags="`$PCRE_CONFIG --libs | sed -es/-lpcre// -es/-L//`"
-- fi
--])
--
--if test "x$pcre_base_dir" = "x"; then
-- AC_MSG_CHECKING([for pcre location])
-- AC_CACHE_VAL(ats_cv_pcre_dir,[
-- for dir in /usr/local /usr ; do
-- if test -d $dir && ( test -f $dir/include/pcre.h || test -f $dir/include/pcre/pcre.h ); then
-- ats_cv_pcre_dir=$dir
-- break
-- fi
-- done
-- ])
-- pcre_base_dir=$ats_cv_pcre_dir
-- if test "x$pcre_base_dir" = "x"; then
-- enable_pcre=no
-- AC_MSG_RESULT([not found])
-- else
-- enable_pcre=yes
-- pcre_include="$pcre_base_dir/include"
-- pcre_ldflags="$pcre_base_dir/lib"
-- AC_MSG_RESULT([$pcre_base_dir])
-- fi
--else
-- AC_MSG_CHECKING(for pcre headers in $pcre_include)
-- if test -d $pcre_include && test -d $pcre_ldflags && ( test -f $pcre_include/pcre.h || test -f $pcre_include/pcre/pcre.h ); then
-- AC_MSG_RESULT([ok])
-- else
-- AC_MSG_RESULT([not found])
-- fi
--fi
--
--pcreh=0
--pcre_pcreh=0
--if test "$enable_pcre" != "no"; then
-- saved_ldflags=$LDFLAGS
-- saved_cppflags=$CFLAGS
-- pcre_have_headers=0
-- pcre_have_libs=0
-- if test "$pcre_base_dir" != "/usr"; then
-- TS_ADDTO(CFLAGS, [-I${pcre_include}])
-- TS_ADDTO(CFLAGS, [-DPCRE_STATIC])
-- TS_ADDTO(LDFLAGS, [-L${pcre_ldflags}])
-- TS_ADDTO_RPATH(${pcre_ldflags})
-- fi
-- AC_SEARCH_LIBS([pcre_exec], [pcre], [pcre_have_libs=1])
-- if test "$pcre_have_libs" != "0"; then
-- AC_CHECK_HEADERS(pcre.h, [pcre_have_headers=1])
-- AC_CHECK_HEADERS(pcre/pcre.h, [pcre_have_headers=1])
-- fi
-- if test "$pcre_have_headers" != "0"; then
-- AC_DEFINE(HAVE_LIBPCRE,1,[Compiling with pcre support])
-- AC_SUBST(LIBPCRE, [-lpcre])
-- else
-- enable_pcre=no
-- CFLAGS=$saved_cppflags
-- LDFLAGS=$saved_ldflags
-- fi
--fi
--AC_SUBST(pcreh)
--AC_SUBST(pcre_pcreh)
--])
---- /dev/null
-+++ b/m4/pcre2.m4
-@@ -0,0 +1,181 @@
-+dnl -------------------------------------------------------- -*- autoconf -*-
-+dnl Licensed to the Apache Software Foundation (ASF) under one or more
-+dnl contributor license agreements. See the NOTICE file distributed with
-+dnl this work for additional information regarding copyright ownership.
-+dnl The ASF licenses this file to You under the Apache License, Version 2.0
-+dnl (the "License"); you may not use this file except in compliance with
-+dnl the License. You may obtain a copy of the License at
-+dnl
-+dnl http://www.apache.org/licenses/LICENSE-2.0
-+dnl
-+dnl Unless required by applicable law or agreed to in writing, software
-+dnl distributed under the License is distributed on an "AS IS" BASIS,
-+dnl WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+dnl See the License for the specific language governing permissions and
-+dnl limitations under the License.
-+
-+dnl Modified by Syrone Wong <wong.syrone@gmail.com> to support pcre2 8bit variant only
-+
-+dnl
-+dnl TS_ADDTO(variable, value)
-+dnl
-+dnl Add value to variable
-+dnl
-+AC_DEFUN([TS_ADDTO], [
-+ if test "x$$1" = "x"; then
-+ test "x$verbose" = "xyes" && echo " setting $1 to \"$2\""
-+ $1="$2"
-+ else
-+ ats_addto_bugger="$2"
-+ for i in $ats_addto_bugger; do
-+ ats_addto_duplicate="0"
-+ for j in $$1; do
-+ if test "x$i" = "x$j"; then
-+ ats_addto_duplicate="1"
-+ break
-+ fi
-+ done
-+ if test $ats_addto_duplicate = "0"; then
-+ test "x$verbose" = "xyes" && echo " adding \"$i\" to $1"
-+ $1="$$1 $i"
-+ fi
-+ done
-+ fi
-+])dnl
-+
-+dnl
-+dnl TS_ADDTO_RPATH(path)
-+dnl
-+dnl Adds path to variable with the '-rpath' directive.
-+dnl
-+AC_DEFUN([TS_ADDTO_RPATH], [
-+ AC_MSG_NOTICE([adding $1 to RPATH])
-+ TS_ADDTO(LIBTOOL_LINK_FLAGS, [-R$1])
-+])dnl
-+
-+dnl
-+dnl pcre2.m4: Trafficserver's pcre2 autoconf macros
-+dnl
-+
-+dnl
-+dnl TS_CHECK_PCRE2: look for pcre2 libraries and headers
-+dnl
-+AC_DEFUN([TS_CHECK_PCRE2], [
-+enable_pcre2=no
-+AC_ARG_WITH(pcre2, [AC_HELP_STRING([--with-pcre2=DIR],[use a specific pcre2 library])],
-+[
-+ if test "x$withval" != "xyes" && test "x$withval" != "x"; then
-+ pcre2_base_dir="$withval"
-+ if test "$withval" != "no"; then
-+ enable_pcre2=yes
-+ case "$withval" in
-+ *":"*)
-+ pcre2_include="`echo $withval |sed -e 's/:.*$//'`"
-+ pcre2_ldflags="`echo $withval |sed -e 's/^.*://'`"
-+ AC_MSG_CHECKING(checking for pcre2 includes in $pcre2_include libs in $pcre2_ldflags )
-+ ;;
-+ *)
-+ pcre2_include="$withval/include"
-+ pcre2_ldflags="$withval/lib"
-+ AC_MSG_CHECKING(checking for pcre2 includes in $withval)
-+ ;;
-+ esac
-+ fi
-+ fi
-+],
-+[
-+ AC_CHECK_PROG(PCRE2_CONFIG, pcre2-config, pcre2-config)
-+ if test "x$PCRE2_CONFIG" != "x"; then
-+ enable_pcre2=yes
-+ pcre2_base_dir="`$PCRE2_CONFIG --prefix`"
-+ pcre2_include="`$PCRE2_CONFIG --cflags | sed -es/-I//`"
-+ pcre2_ldflags="`$PCRE2_CONFIG --libs8 | sed -es/-lpcre2-8// -es/-L//`"
-+ fi
-+])
-+
-+if test "x$pcre2_base_dir" = "x"; then
-+ AC_MSG_CHECKING([for pcre2 location])
-+ AC_CACHE_VAL(ats_cv_pcre2_dir,[
-+ for dir in /usr/local /usr ; do
-+ if test -d $dir && ( test -f $dir/include/pcre2.h || test -f $dir/include/pcre2/pcre2.h ); then
-+ ats_cv_pcre2_dir=$dir
-+ break
-+ fi
-+ done
-+ ])
-+ pcre2_base_dir=$ats_cv_pcre2_dir
-+ if test "x$pcre2_base_dir" = "x"; then
-+ enable_pcre2=no
-+ AC_MSG_RESULT([not found])
-+ else
-+ enable_pcre2=yes
-+ pcre2_include="$pcre2_base_dir/include"
-+ pcre2_ldflags="$pcre2_base_dir/lib"
-+ AC_MSG_RESULT([$pcre2_base_dir])
-+ fi
-+else
-+ AC_MSG_CHECKING(for pcre2 headers in $pcre2_include)
-+ if test -d $pcre2_include && test -d $pcre2_ldflags && ( test -f $pcre2_include/pcre2.h || test -f $pcre2_include/pcre2/pcre2.h ); then
-+ AC_MSG_RESULT([ok])
-+ else
-+ AC_MSG_RESULT([not found])
-+ fi
-+fi
-+
-+pcre2h=0
-+pcre2_pcre2h=0
-+if test "$enable_pcre2" != "no"; then
-+ saved_ldflags=$LDFLAGS
-+ saved_cppflags=$CFLAGS
-+ pcre2_have_headers=0
-+ pcre2_have_libs=0
-+ if test "$pcre2_base_dir" != "/usr"; then
-+ TS_ADDTO(CFLAGS, [-I${pcre2_include}])
-+ TS_ADDTO(CFLAGS, [-DPCRE2_STATIC])
-+ TS_ADDTO(LDFLAGS, [-L${pcre2_ldflags}])
-+ TS_ADDTO_RPATH(${pcre2_ldflags})
-+ fi
-+ AC_SEARCH_LIBS([pcre2_match_8], [pcre2-8], [pcre2_have_libs=1])
-+ if test "$pcre2_have_libs" != "0"; then
-+ AC_MSG_CHECKING([pcre2.h])
-+ AC_COMPILE_IFELSE(
-+ [AC_LANG_PROGRAM(
-+ [[
-+#define PCRE2_CODE_UNIT_WIDTH 8
-+#include <pcre2.h>
-+ ]],
-+ [[
-+ ]]
-+ )],
-+ [pcre2_have_headers=1
-+ AC_MSG_RESULT([ok])],
-+ [AC_MSG_RESULT([not found])]
-+ )
-+
-+ AC_MSG_CHECKING([pcre2/pcre2.h])
-+ AC_COMPILE_IFELSE(
-+ [AC_LANG_PROGRAM(
-+ [[
-+#define PCRE2_CODE_UNIT_WIDTH 8
-+#include <pcre2/pcre2.h>
-+ ]],
-+ [[
-+ ]]
-+ )],
-+ [pcre2_have_headers=1
-+ AC_MSG_RESULT([ok])],
-+ [AC_MSG_RESULT([not found])]
-+ )
-+ fi
-+ if test "$pcre2_have_headers" != "0"; then
-+ AC_DEFINE(HAVE_LIBPCRE2,1,[Compiling with pcre2 support])
-+ AC_SUBST(LIBPCRE2, [-lpcre2-8])
-+ else
-+ enable_pcre2=no
-+ CFLAGS=$saved_cppflags
-+ LDFLAGS=$saved_ldflags
-+ fi
-+fi
-+AC_SUBST(pcre2h)
-+AC_SUBST(pcre2_pcre2h)
-+])
---- a/src/rule.c
-+++ b/src/rule.c
-@@ -1,6 +1,7 @@
- /*
- * Copyright (c) 2011 and 2012, Dustin Lundquist <dustin@null-ptr.net>
- * Copyright (c) 2011 Manuel Kasper <mk@neon1.net>
-+ * Copyright (c) 2017 Syrone Wong <wong.syrone@gmail.com>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
-@@ -74,18 +75,37 @@ add_rule(struct cork_dllist *rules, rule
- cork_dllist_add(rules, &rule->entries);
- }
-
-+/*
-+ * XXX: As pattern and subject are char arguments, they can be straightforwardly
-+ * cast to PCRE2_SPTR as we are working in 8-bit code units.
-+ */
-+
- int
- init_rule(rule_t *rule)
- {
- if (rule->pattern_re == NULL) {
-- const char *reerr;
-- int reerroffset;
-+ int errornumber;
-+ PCRE2_SIZE erroroffset;
-+ rule->pattern_re = pcre2_compile(
-+ (PCRE2_SPTR)rule->pattern, /* the pattern */
-+ PCRE2_ZERO_TERMINATED, /* indicates pattern is zero-terminated */
-+ 0, /* default options */
-+ &errornumber, /* for error number */
-+ &erroroffset, /* for error offset */
-+ NULL); /* use default compile context */
-
-- rule->pattern_re =
-- pcre_compile(rule->pattern, 0, &reerr, &reerroffset, NULL);
- if (rule->pattern_re == NULL) {
-- LOGE("Regex compilation of \"%s\" failed: %s, offset %d",
-- rule->pattern, reerr, reerroffset);
-+ PCRE2_UCHAR errbuffer[512];
-+ pcre2_get_error_message(errornumber, errbuffer, sizeof(errbuffer));
-+ LOGE("PCRE2 regex compilation failed at offset %d: %s\n", (int)erroroffset,
-+ errbuffer);
-+ return 0;
-+ }
-+
-+ rule->pattern_re_match_data = pcre2_match_data_create_from_pattern(rule->pattern_re, NULL);
-+
-+ if (rule->pattern_re_match_data == NULL) {
-+ ERROR("PCRE2: the memory for the block could not be obtained");
- return 0;
- }
- }
-@@ -105,8 +125,15 @@ lookup_rule(const struct cork_dllist *ru
-
- cork_dllist_foreach_void(rules, curr, next) {
- rule_t *rule = cork_container_of(curr, rule_t, entries);
-- if (pcre_exec(rule->pattern_re, NULL,
-- name, name_len, 0, 0, NULL, 0) >= 0)
-+ if (pcre2_match(
-+ rule->pattern_re, /* the compiled pattern */
-+ (PCRE2_SPTR)name, /* the subject string */
-+ name_len, /* the length of the subject */
-+ 0, /* start at offset 0 in the subject */
-+ 0, /* default options */
-+ rule->pattern_re_match_data, /* block for storing the result */
-+ NULL /* use default match context */
-+ ) >= 0)
- return rule;
- }
-
-@@ -127,7 +154,13 @@ free_rule(rule_t *rule)
- return;
-
- ss_free(rule->pattern);
-- if (rule->pattern_re != NULL)
-- pcre_free(rule->pattern_re);
-+ if (rule->pattern_re != NULL) {
-+ pcre2_code_free(rule->pattern_re); /* data and the compiled pattern. */
-+ rule->pattern_re = NULL;
-+ }
-+ if (rule->pattern_re_match_data != NULL) {
-+ pcre2_match_data_free(rule->pattern_re_match_data); /* Release memory used for the match */
-+ rule->pattern_re_match_data = NULL;
-+ }
- ss_free(rule);
- }
---- a/src/rule.h
-+++ b/src/rule.h
-@@ -1,6 +1,7 @@
- /*
- * Copyright (c) 2011 and 2012, Dustin Lundquist <dustin@null-ptr.net>
- * Copyright (c) 2011 Manuel Kasper <mk@neon1.net>
-+ * Copyright (c) 2017 Syrone Wong <wong.syrone@gmail.com>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
-@@ -33,17 +34,27 @@
-
- #include <libcork/ds.h>
-
--#ifdef HAVE_PCRE_H
--#include <pcre.h>
--#elif HAVE_PCRE_PCRE_H
--#include <pcre/pcre.h>
--#endif
-+/*
-+ * The PCRE2_CODE_UNIT_WIDTH macro must be defined before including pcre2.h.
-+ * For a program that uses only one code unit width, setting it to 8, 16, or 32
-+ * makes it possible to use generic function names such as pcre2_compile(). Note
-+ * that just changing 8 to 16 (for example) is not sufficient to convert this
-+ * program to process 16-bit characters. Even in a fully 16-bit environment, where
-+ * string-handling functions such as strcmp() and printf() work with 16-bit
-+ * characters, the code for handling the table of named substrings will still need
-+ * to be modified.
-+ */
-+/* we only need to support ASCII chartable, thus set it to 8 */
-+#define PCRE2_CODE_UNIT_WIDTH 8
-+
-+#include <pcre2.h>
-
- typedef struct rule {
- char *pattern;
-
- /* Runtime fields */
-- pcre *pattern_re;
-+ pcre2_code *pattern_re;
-+ pcre2_match_data *pattern_re_match_data;
-
- struct cork_dllist_item entries;
- } rule_t;
include $(TOPDIR)/rules.mk
PKG_NAME:=sing-box
-PKG_VERSION:=1.8.14
+PKG_VERSION:=1.9.4
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/SagerNet/sing-box/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=2ba7cfa097f5963ba304d47606e7a6b61bf881eb86cbed78fa6e4efae44a0a5f
+PKG_HASH:=30652ce0151ef46f314b25df74b402278dd7c540ba0b7f1c2c66209314afad09
PKG_LICENSE:=GPL-3.0-or-later
PKG_LICENSE_FILES:=LICENSE
PKG_NAME:=snort3
PKG_VERSION:=3.1.84.0
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=$(PKG_VERSION)
}
+_date_range=''
+_operator=''
+_date=''
+
+_parse_date_range() {
+ local date_spec="$1"
+ case "$date_spec" in
+ ('') _operator='>' ; _date='' ;;
+ (-*) _operator='<' ; _date="${date_spec:1}" ;;
+ (=*) _operator='~' ; _date="${date_spec:1}" ;;
+ (+*) _operator='>' ; _date="${date_spec:1}" ;;
+ (today) _operator='>' ; _date=$(date +'%y/%m/%d-') ;;
+ (*) die "Invalid date specification '${date_spec}', did you forget the +/- prefix?" ;;
+ esac
+ if [ -z "$_date" ]; then
+ _date_range=''
+ else
+ local op=$_operator
+ [ "$op" = "~" ] && op='contains'
+ _date_range=" where date $op '$_date'"
+ fi
+}
+
_filter_by_date() {
# Grab all the alert_json files in the log directory, scan them
# for matching timestamps and return those lines that match.
- local log_dir="$1"
- local operator date
- case "$DATE_SPEC" in
- ('') operator='>' ; date='' ;;
- (-*) operator='<' ; date="${DATE_SPEC:1}" ;;
- (+*) operator='>' ; date="${DATE_SPEC:1}" ;;
- (today) operator='>' ; date=$(date +'%y/%m/%d-') ;;
- (*) die "Invalid date specification '${DATE_SPEC}', did you forget the +/- prefix?" ;;
- esac
-
- # We need to create a single json array because 'jsonfilter -a' is
- # severely broken.
- awk '
- BEGIN { print "[" }
- { print $0"," }
- END { print "{}]" }
- ' "${log_dir}"/*alert_json.txt \
- | jsonfilter -e '$[@.timestamp '${operator}' "'"${date}"'"]'
+ local log_dir="$1"
+ local operator="$2"
+ local date="$3"
+ cat "${log_dir}"/*alert_json.txt \
+ | jsonfilter -a -e '$[@.timestamp '${operator}' "'"${date}"'"]'
}
report() {
#-- Collect the inputs --
local msg src srcP dst dstP dir gid sid
local tmp=$(mktemp -t snort.rep.XXXXXX)
- _filter_by_date "${log_dir}" | while read -r line; do
+ _parse_date_range "$DATE_SPEC"
+ _filter_by_date "${log_dir}" "${_operator}" "${_date}" | while read -r line; do
src='' && dst='' && srcP='' && dstP=''
eval "$(jsonfilter -s "$line" \
-e 'msg=$.msg' \
local mlen=$(echo "$lines" | awk -F'#' '{print $1}' | wc -L)
local slen=$(echo "$lines" | awk -F'#' '{print $2}' | wc -L)
- echo "Events involving ${PATTERN:-all IPs} - $(date -Is)"
+ local match=''
+ [ -n "$PATTERN" ] && match=" involving '${PATTERN}'"
+ echo "Events${match}${_date_range} (run at $(date -Is))"
printf "%-*s %3s %5s %-3s %-*s %s\n" "$mlen" " Count Message" "gid" "sid" "Dir" "$slen" "Source" "Destination"
echo "$lines" | awk -F'#' '{printf "%-'"$mlen"'s %3d %5d %s %-'"$slen"'s %s\n", $1, $5, $6, $4, $2, $3}'
- printf "%7d incidents shown of %d logged\n" "$n_incidents" "$n_total"
+ local pct=$(awk -v n=$n_incidents -v t=$n_total 'END{printf "%.2f", 100*n/t}' /dev/null)
+ printf "%7d incidents shown of %d logged (%s%%)\n" "$n_incidents" "$n_total" "$pct"
#-- Lookup rules and references, if requested. --
if $VERBOSE; then
#-------------------------------------------------------------------------------
usage() {
- local msg="$1"
+ local msg="${1:-}"
[ -n "$msg" ] && printf "ERROR: %s\n\n" "$msg"
cat <<USAGE
pattern = A case-insensitive grep pattern used to filter output.
The date specification for '-d' can be either literal 'today'
- or a snort-formatted date prefixed by '-' or '+', meaning 'before'
- and 'after', respectively. Snort date reporting has the format
+ or a snort-formatted date prefixed by '-', '=' or '+', meaning 'before',
+ 'on' and 'after', respectively. Snort date reporting has the format
'YY/MM/DD-hh:mm:ss.ssssss', and you can use any prefix as a date.
- For example,
- > snort-mgr --date-spec +23/12/20-09 report
- will process all incidents from from 2023-12-20 at 0900 and later.
+
+ For example, to show incidents from 2023-12-20 at 0900 and later:
+ > snort-mgr report --date-spec +23/12/20-09
+
+ and to report all of the incidents between 1300-1400 on all dates:
+ > snort-mgr report --date-spec =-13:
$0 update-rules [-t/--testing]
include $(TOPDIR)/rules.mk
PKG_NAME:=snowflake
-PKG_VERSION:=2.8.1
+PKG_VERSION:=2.9.2
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
-PKG_MIRROR_HASH:=e86e4038be64c825c28a3c9ab666700b3126a73b193d3a93aab39587251a35a5
+PKG_MIRROR_HASH:=7b57423a1b326505999bbd3c96f60d3ef309399d5c16bb47755c39aed2deafbb
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE
include $(TOPDIR)/rules.mk
PKG_NAME:=softethervpn5
-PKG_VERSION:=5.02.5181
+PKG_VERSION:=5.02.5184
PKG_RELEASE:=1
PKG_LICENSE:=GPL-2.0
PKG_SOURCE_URL:=https://github.com/SoftEtherVPN/SoftEtherVPN/releases/download/$(PKG_VERSION)/
PKG_SOURCE:=SoftEtherVPN-$(PKG_VERSION).tar.xz
-PKG_HASH:=2222ef48b3f9102265ef7d27e496ad40a1bd1eaba8093bc5e696b48402c52441
+PKG_HASH:=7459f321ec957d160f95ccf5fccc46be6f2c26bd78f0bcdf03d53ae131d051f5
HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/SoftEtherVPN-$(PKG_VERSION)
PKG_BUILD_DIR:=$(BUILD_DIR)/SoftEtherVPN-$(PKG_VERSION)
#
-# Copyright (c) 2018 Tony Ambardar
+# Copyright (c) 2018-2024 Tony Ambardar
# This is free software, licensed under the GNU General Public License v2.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=speedtest-netperf
-PKG_VERSION:=1.0.0
+PKG_VERSION:=1.1.0
PKG_RELEASE:=1
PKG_LICENSE:=GPL-2.0
PKG_MAINTAINER:=Tony Ambardar <itugrok@yahoo.com>
3. **CPU Usage:** Observing CPU usage under network load gives insight into whether the router is CPU-bound, or if there is CPU "headroom" to support even higher network throughput. In addition to managing network traffic, a router actively running a speed test will also use CPU cycles to generate network load, and measuring this distinct CPU usage also helps gauge its impact.
-**Note:** _The `speedtest-netperf.sh` script uses servers and network bandwidth that are provided by generous volunteers (not some wealthy "big company"). Feel free to use the script to test your SQM configuration or troubleshoot network and latency problems. Continuous or high rate use of this script may result in denied access. Happy testing!_
+**Note:** _The `speedtest-netperf.sh` script uses servers and network bandwidth that are provided by generous volunteers. Feel free to use the script to test your SQM configuration or troubleshoot network and latency problems, but be warned that continuous or high-rate use of the servers may result in denied access. Happy testing!_
## Theory of Operation
Concurrent mode places greater stress on the network, and can expose additional latency problems. It provides a more realistic estimate of expected bidirectional throughput. However, the download and upload speeds reported may be considerably lower than your line's rated speed. This is not a bug, nor is it a problem with your internet connection. It's because the ACK (acknowledge) messages sent back to the sender may consume a significant fraction of a link's capacity (as much as 50% with highly asymmetric links, e.g 15:1 or 20:1).
+The script also supports measuring latency when idle as a baseline prior to measuring under network load. This allows better determination of induced latency under load, a critical bufferbloat parameter. The CPU details can also be used to verify idle conditions or examine CPU frequency against ping variations and jitter (e.g. tracing high jitter to occasional low CPU frequency operation).
+
After running `speedtest-netperf.sh`, if latency is seen to increase much during the data transfers, then other network activity, such as voice or video chat, gaming, and general interactive usage will likely suffer. Gamers will see this as frustrating lag when someone else uses the network, Skype and FaceTime users will see dropouts or freezes, and VOIP service may be unusable.
## Installation
## Usage
-The speedtest-netperf.sh script measures throughput, latency and CPU usage during file transfers. To invoke it:
+The speedtest-netperf.sh script measures throughput, latency and CPU usage during file transfers and when idle. To invoke it:
- speedtest-netperf.sh [-4 | -6] [-H netperf-server] [-t duration] [-p host-to-ping] [-n simultaneous-streams ] [-s | -c]
+ speedtest-netperf.sh [-4 | -6] [-H netperf-server] [-t duration] [-p host-to-ping] [-n simultaneous-streams ] [-s | -c [duration] ] [ -i [duration] ]
Options, if present, are:
-H | --host: DNS or Address of a netperf server (default - netperf.bufferbloat.net)
Alternate servers are netperf-east (US, east coast),
netperf-west (US, California), and netperf-eu (Denmark).
- -t | --time: Duration for how long each direction's test should run - (default - 60 seconds)
- -p | --ping: Host to ping to measure latency (default - gstatic.com)
+ -t | --time: Duration for how long each direction's test should run - (default - 30 seconds)
+ -p | --ping: Host to ping to measure latency (default - one.one.one.one)
-n | --number: Number of simultaneous sessions (default - 5 sessions)
- -s | --sequential: Sequential download/upload (default - sequential)
- -c | --concurrent: Concurrent download/upload
+ -s | --sequential: Sequential download/upload (default - disabled)
+ -c | --concurrent: Concurrent download/upload (default - disabled)
+ -i | --idle: Measure idle latency before speed test (default - disabled)
The primary script output shows download and upload speeds, together with the percent packet loss, and a summary of latencies, including min, max, average, median, and 10th and 90th percentiles so you can get a sense of the distribution.
```
[Sequential Test: NO SQM, POOR LATENCY] [Sequential Test: WITH SQM, GOOD LATENCY]
-# speedtest-netperf.sh # speedtest-netperf.sh
+# speedtest-netperf.sh --sequential # speedtest-netperf.sh --sequential
[date/time] Starting speedtest for 60 seconds per transfer [date/time] Starting speedtest for 60 seconds per transfer
session. Measure speed to netperf.bufferbloat.net (IPv4) session. Measure speed to netperf.bufferbloat.net (IPv4)
while pinging gstatic.com. Download and upload sessions are while pinging gstatic.com. Download and upload sessions are
# first downloading and then uploading network streams, while concurrent mode
# provides a stress test by dowloading and uploading streams simultaneously.
#
+# The script also supports measuring latency when idle as a baseline prior to
+# testing under network load.
+#
# NOTE: The script uses servers and network bandwidth that are provided by
-# generous volunteers (not some wealthy "big company"). Feel free to use the
-# script to test your SQM configuration or troubleshoot network and latency
-# problems. Continuous or high rate use of this script may result in denied
-# access. Happy testing!
+# generous volunteers. Feel free to use the script to test your SQM
+# configuration or troubleshoot network and latency problems, but be warned
+# that continuous or high-rate use of the servers may result in denied access.
+# Happy testing!
#
# For more information, consult the online README.md:
# https://github.com/openwrt/packages/blob/master/net/speedtest-netperf/files/README.md
-# Usage: speedtest-netperf.sh [-4 | -6] [ -H netperf-server ] [ -t duration ] [ -p host-to-ping ] [ -n simultaneous-streams ] [ -s | -c ]
+# Usage: speedtest-netperf.sh [-4 | -6] [ -H netperf-server ] [ -t duration ] [ -p host-to-ping ] [ -n simultaneous-streams ] [ -s | -c [duration] ] [ -i [duration] ]
# Options: If options are present:
#
# Alternate servers are netperf-east (east coast US),
# netperf-west (California), and netperf-eu (Denmark)
# -4 | -6: Enable ipv4 or ipv6 testing (ipv4 is the default)
-# -t | --time: Duration of each direction's test - (default - 60 seconds)
-# -p | --ping: Host to ping to measure latency (default - gstatic.com)
-# -n | --number: Number of simultaneous sessions (default - 5 sessions)
+# -t | --time: Duration of each direction's test - (default - 30 seconds)
+# -p | --ping: Host to ping to measure latency (default - one.one.one.one)
+# -n | --number: Number of simultaneous streams (default - 5 streams)
# based on whether concurrent or sequential upload/downloads)
-# -s | -c: Sequential or concurrent download/upload (default - sequential)
+# -s | -c: Sequential or concurrent download/upload (default - disabled)
+# -i | --idle: Measure idle latency before speed test (default - disabled)
# Copyright (c) 2014 - Rich Brown <rich.brown@blueberryhillsoftware.com>
-# Copyright (c) 2018 - Tony Ambardar <itugrok@yahoo.com>
+# Copyright (c) 2018-2024 - Tony Ambardar <itugrok@yahoo.com>
# GPLv2
cat /proc/$$/stat
while : ; do
sleep 1s
- egrep "^cpu[0-9]*" /proc/stat
+ grep "^cpu[0-9]*" /proc/stat
for c in $cpus; do
[ -r $c/$f ] && echo "cpufreq $(basename $c) $(cat $c/$f)"
done
done
}
-# Start $MAXSESSIONS datastreams between netperf client and server
+# Start $MAXSTREAMS datastreams between netperf client and server
# netperf writes the sole output value (in Mbps) to stdout when completed
start_netperf() {
- for i in $( seq $MAXSESSIONS ); do
- netperf $TESTPROTO -H $TESTHOST -t $1 -l $TESTDUR -v 0 -P 0 >> $2 &
-# echo "Starting PID $! params: $TESTPROTO -H $TESTHOST -t $1 -l $TESTDUR -v 0 -P 0 >> $2"
+ for i in $( seq $MAXSTREAMS ); do
+ netperf $TESTPROTO -H $TESTHOST -t $1 -l $SPEEDDUR -v 0 -P 0 >> $2 &
+# echo "Starting PID $! params: $TESTPROTO -H $TESTHOST -t $1 -l $SPEEDDUR -v 0 -P 0 >> $2"
done
}
exit 1
}
+# Measure ping latency at idle as a baseline for comparison.
+
+measure_idle() {
+
+ # Create temp files for netperf up/download results
+ PINGFILE=$(mktemp /tmp/measurepings.XXXXXX) || exit 1
+ LOADFILE=$(mktemp /tmp/measureload.XXXXXX) || exit 1
+# echo $PINGFILE $LOADFILE
+
+ # Start dots
+ print_dots &
+ DOTS_PID=$!
+# echo "Dots PID: $DOTS_PID"
+
+ # Start Ping
+ ping $TESTPROTO $PINGHOST > $PINGFILE &
+ PING_PID=$!
+# echo "Ping PID: $PING_PID"
+
+ # Start CPU load sampling
+ sample_load > $LOADFILE &
+ LOAD_PID=$!
+# echo "Load PID: $LOAD_PID"
+
+ # Wait for idle test period
+ sleep $IDLEDUR
+
+ # When idle time elapses, stop the CPU monitor, dots and pings
+ kill_load
+ kill_pings
+ kill_dots
+ echo
+
+ # Summarize the ping data
+ summarize_pings $PINGFILE
+
+ # Summarize the load data
+ summarize_load $LOADFILE
+
+ # Clean up
+ rm -f $PINGFILE
+ rm -f $LOADFILE
+}
+
# Measure speed, ping latency and cpu usage of netperf data transfers
# Called with direction parameter: "Download", "Upload", or "Bidirectional"
# The function gets other info from globals and command-line arguments.
# echo "Dots PID: $DOTS_PID"
# Start Ping
- if [ $TESTPROTO -eq "-4" ]; then
- ping $PINGHOST > $PINGFILE &
- else
- ping6 $PINGHOST > $PINGFILE &
- fi
+ ping $TESTPROTO $PINGHOST > $PINGFILE &
PING_PID=$!
# echo "Ping PID: $PING_PID"
# Wait until background netperf processes complete, check errors
if ! wait_netperf; then
- echo;echo "WARNING: netperf returned errors. Results may be inaccurate!"
+ echo
+ echo "WARNING: Results may be inaccurate since 'netperf' returned errors."
+ echo " Run directly for more details:"
+ echo " netperf $TESTPROTO -H $TESTHOST"
fi
# When netperf completes, stop the CPU monitor, dots and pings
rm -f $LOADFILE
}
+print_usage() {
+ echo \
+"Usage: speedtest-netperf.sh [ -H netperf-server ] [ -p host-to-ping ] [-4 | -6]
+ [ -i [duration] ] [ -s | -c [duration] ]
+ [ -t duration ] [ -n simultaneous-streams ]"
+}
+
+is_number() {
+ case "$1" in
+ ""|*[![:digit:]]*) return 1;;
+ *) return 0 ;;
+ esac
+}
+
# ------- Start of the main routine --------
-# set an initial values for defaults
+# Set initial values for defaults
TESTHOST="netperf.bufferbloat.net"
-TESTDUR="60"
-PINGHOST="gstatic.com"
-MAXSESSIONS=5
+PINGHOST="one.one.one.one"
+MAXSTREAMS=5
TESTPROTO="-4"
-TESTSEQ=1
-
-# read the options
-
-# extract options and their arguments into variables.
+TESTSPEED=0
+SPEEDDUR="30"
+TESTIDLE=0
+IDLEDUR="30"
+
+# Clear temp files
+DLFILE=
+ULFILE=
+PINGFILE=
+LOADFILE=
+
+# Parse options and their parameters into variables. Options for --idle,
+# --sequential and --concurrent have optional parameters.
while [ $# -gt 0 ]
do
case "$1" in
- -s|--sequential) TESTSEQ=1 ; shift 1 ;;
- -c|--concurrent) TESTSEQ=0 ; shift 1 ;;
+ -i|--idle)
+ TESTIDLE=1 ; shift 1
+ is_number "$1" && { IDLEDUR=$1 ; shift 1 ; } ;;
+ -s|--sequential)
+ TESTSPEED=1 ; shift 1
+ is_number "$1" && { SPEEDDUR=$1 ; shift 1 ; } ;;
+ -c|--concurrent)
+ TESTSPEED=2 ; shift 1
+ is_number "$1" && { SPEEDDUR=$1 ; shift 1 ; } ;;
-4|-6) TESTPROTO=$1 ; shift 1 ;;
-H|--host)
case "$2" in
"") echo "Missing hostname" ; exit 1 ;;
- *) TESTHOST=$2 ; shift 2 ;;
+ *) TESTHOST="$2" ; shift 2 ;;
esac ;;
-t|--time)
- case "$2" in
- "") echo "Missing duration" ; exit 1 ;;
- *) TESTDUR=$2 ; shift 2 ;;
- esac ;;
+ is_number "$2" || { echo "Missing duration" ; exit 1 ; }
+ IDLEDUR=$2 ; SPEEDDUR=$2 ; shift 2 ;;
-p|--ping)
case "$2" in
"") echo "Missing ping host" ; exit 1 ;;
*) PINGHOST=$2 ; shift 2 ;;
esac ;;
-n|--number)
- case "$2" in
- "") echo "Missing number of simultaneous streams" ; exit 1 ;;
- *) MAXSESSIONS=$2 ; shift 2 ;;
- esac ;;
+ is_number $2 || { echo "Missing number of streams" ; exit 1 ; }
+ MAXSTREAMS=$2 ; shift 2 ;;
--) shift ; break ;;
- *) echo "Usage: speedtest-netperf.sh [ -s | -c ] [-4 | -6] [ -H netperf-server ] [ -t duration ] [ -p host-to-ping ] [ -n simultaneous-sessions ]" ; exit 1 ;;
+ *) print_usage ; exit 1 ;;
esac
done
+# Extra argument validations
+
+if [ $TESTIDLE -eq "0" ] && [ $TESTSPEED -eq "0" ]; then
+ echo "Please select an idle latency test and/or speed test:"
+ print_usage ; exit 1
+fi
+
# Check dependencies
if ! netperf -V >/dev/null 2>&1; then
echo "Missing netperf program, please install" ; exit 1
fi
-# Start the main test
+# Catch a Ctl-C and stop background netperf, CPU stats, pinging and print_dots
+trap kill_background_and_exit HUP INT TERM
+
+# Start the main tests
DATE=$(date "+%Y-%m-%d %H:%M:%S")
-echo "$DATE Starting speedtest for $TESTDUR seconds per transfer session."
-echo "Measure speed to $TESTHOST (IPv${TESTPROTO#-}) while pinging $PINGHOST."
-echo -n "Download and upload sessions are "
-[ "$TESTSEQ " -eq "1" ] && echo -n "sequential," || echo -n "concurrent,"
-echo " each with $MAXSESSIONS simultaneous streams."
+echo -n "$DATE Begin test with "
+[ $TESTIDLE -eq "1" ] && echo -n "$IDLEDUR-second ping"
+[ $(($TESTIDLE * $TESTSPEED)) -ne "0" ] && echo -n ", "
+[ $TESTSPEED -ne "0" ] && echo -n "$SPEEDDUR-second transfer"
+echo " sessions."
+
+if [ $TESTIDLE -eq "1" ]; then
+ echo "Measure idle latency by pinging $PINGHOST (IPv${TESTPROTO#-})."
+ measure_idle
+ echo
+fi
-# Catch a Ctl-C and stop background netperf, CPU stats, pinging and print_dots
-trap kill_background_and_exit HUP INT TERM
+if [ $TESTSPEED -ne "0" ]; then
+ echo "Measure speed to $TESTHOST (IPv${TESTPROTO#-}) while pinging $PINGHOST."
+ echo -n "Download and upload sessions are "
+ [ "$TESTSPEED" -eq "1" ] && echo -n "sequential," || echo -n "concurrent,"
+ echo " each with $MAXSTREAMS simultaneous streams."
-if [ $TESTSEQ -eq "1" ]; then
- measure_direction "Download"
- measure_direction "Upload"
-else
- measure_direction "Bidirectional"
+ if [ $TESTSPEED -eq "1" ]; then
+ measure_direction "Download"
+ measure_direction "Upload"
+ else
+ measure_direction "Bidirectional"
+ fi
fi
+++ /dev/null
-#
-# This is free software, licensed under the GNU General Public License v2.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=sqm-scripts-extra
-PKG_VERSION:=2016-06-08
-PKG_RELEASE:=1
-PKG_LICENSE:=GPLv2
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_RELEASE).tar.xz
-PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)-$(PKG_RELEASE)
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/sqm-scripts-extra
- SECTION:=net
- CATEGORY:=Base system
- DEPENDS:=+sqm-scripts
- TITLE:=SQM Scripts - additional experimental scripts for testing
- PKGARCH:=all
- MAINTAINER:=Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>, \
- Sebastian Moeller <moeller0@gmx.de>
-endef
-
-define Package/sqm-scripts-extra/description
- A set of experimental scripts for sqm-scripts QoS package. The contents of this package may
- change as new qdiscs like 'cake' are developed and tested.
-endef
-
-define Package/sqm-scripts-extra/download
-endef
-
-define Build/Prepare
-endef
-
-define Build/Compile
-endef
-
-define Package/sqm-scripts-extra/install
- $(INSTALL_DIR) $(1)/usr/lib/sqm
- $(INSTALL_DATA) ./src/* $(1)/usr/lib/sqm/
-endef
-
-$(eval $(call BuildPackage,sqm-scripts-extra))
-
+++ /dev/null
-#!/bin/sh
-################################################################################
-# test_LAN_triple-isolate__piece_of_cake.qos (Cero3 Shaper)
-#
-# Abstract:
-# This is a one band cake and ipv6 enabled shaping script for Ethernet
-# gateways. This exists for the purpose of testing cake's different isolation
-# options, specifically the non-directional triple-isolate feature that promises
-# to finally tackle the bit-torrent hole in simple.qos.
-# This specific version is supposed to be used on LAN interfaces:
-# the script's ingress direction equals the internet/WAN upload direction
-# the script's egress direction equals the internet/WAN download direction
-#
-# NOTE: Shaping on a LAN interface only affects machines connected via that
-# LAN interface, so typically WIFI/WLAN traffic will not be shaped!
-#
-################################################################################
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License version 2 as
-# published by the Free Software Foundation.
-#
-# Copyright (C) 2012-2016
-# Michael D. Taht, Toke Høiland-Jørgensen, Sebastian Moeller
-#
-################################################################################
-
-. ${SQM_LIB_DIR}/defaults.sh
-
-################################################################################
-
-
-# this will only work with cake as qdisc...
-QDISC=cake
-
-
-# to keep this as simple as possible we ignore the *_CAKE_OPTS from defaults.sh
-INGRESS_CAKE_OPTS="besteffort dual-srchost"
-EGRESS_CAKE_OPTS="besteffort dual-dsthost"
-
-
-egress() {
- sqm_debug "egress"
- $TC qdisc del dev $IFACE root 2>/dev/null
- $TC qdisc add dev $IFACE root $( get_stab_string ) cake bandwidth ${UPLINK}kbit $( get_cake_lla_string ) ${EGRESS_CAKE_OPTS} ${EQDISC_OPTS}
-}
-
-
-ingress() {
- sqm_debug "ingress"
- $TC qdisc del dev $IFACE handle ffff: ingress 2>/dev/null
- $TC qdisc add dev $IFACE handle ffff: ingress
- $TC qdisc del dev $DEV root 2>/dev/null
- $TC qdisc add dev $DEV root $( get_stab_string ) cake bandwidth ${DOWNLINK}kbit $( get_cake_lla_string ) ${INGRESS_CAKE_OPTS} ${IQDISC_OPTS}
-
- $IP link set dev $DEV up
-
- # redirect all IP packets arriving in $IFACE to ifb0
-
- $TC filter add dev $IFACE parent ffff: protocol all prio 10 u32 \
- match u32 0 0 flowid 1:1 action mirred egress redirect dev $DEV
-}
-
-sqm_start() {
-
- #sm: flip upload and download bandwith so that the GUI values reflect directionality in regard to the ISP
- #sm: NOTE this is ugly and should be performed in defaults.sh or functions.sh if at all
- #sm: but for quick and dirty testing this should do
- local ORIG_UPLINK=${UPLINK}
- local ORIG_DOWNLINK=${DOWNLINK}
- UPLINK=${ORIG_DOWNLINK}
- DOWNLINK=${ORIG_UPLINK}
-
-
- [ -n "$IFACE" ] || return 1
- do_modules
- verify_qdisc $QDISC "cake" || return 1
- sqm_debug "Starting ${SCRIPT}"
-
- [ -z "$DEV" ] && DEV=$( get_ifb_for_if ${IFACE} )
-
-
- if [ "${UPLINK}" -ne 0 ];
- then
- egress
- sqm_debug "egress shaping activated"
- else
- sqm_debug "egress shaping deactivated"
- $TC qdisc del dev ${IFACE} root 2> /dev/null
- fi
- if [ "${DOWNLINK}" -ne 0 ];
- then
- verify_qdisc ingress "ingress" || return 1
- ingress
- sqm_debug "ingress shaping activated"
- else
- sqm_debug "ingress shaping deactivated"
- $TC qdisc del dev ${DEV} root 2> /dev/null
- $TC qdisc del dev ${IFACE} ingress 2> /dev/null
- fi
- return 0
-}
+++ /dev/null
-test_LAN_dual-isolate__piece_of_cake.qos (Cero3 Shaper)
-
-Abstract:
-This is a one band cake and ipv6 enabled shaping script for Ethernet gateways.
-This exists for the purpose of testing cake's different isolation options,
-specifically the non-directional dual-[src|dst]host feature that promises to finally
-tackle the bit-torrent hole in simple.qos.
-This specific version is supposed to be used on LAN interfaces:
- the script's ingress direction equals the internet/WAN upload direction
- the script's egress direction equals the internet/WAN download direction
-NOTE: Shaping on a LAN interface only affects machines connected via that
-LAN interface, so typically WIFI/WLAN traffic will not be shaped!
+++ /dev/null
-#!/bin/sh
-################################################################################
-# test_LAN_triple-isolate__piece_of_cake.qos (Cero3 Shaper)
-#
-# Abstract:
-# This is a one band cake and ipv6 enabled shaping script for Ethernet
-# gateways. This exists for the purpose of testing cake's different isolation
-# options, specifically the non-directional triple-isolate feature that promises
-# to finally tackle the bit-torrent hole in simple.qos.
-# This specific version is supposed to be used on LAN interfaces:
-# the script's ingress direction equals the internet/WAN upload direction
-# the script's egress direction equals the internet/WAN download direction
-#
-# NOTE: Shaping on a LAN interface only affects machines connected via that
-# LAN interface, so typically WIFI/WLAN traffic will not be shaped!
-#
-################################################################################
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License version 2 as
-# published by the Free Software Foundation.
-#
-# Copyright (C) 2012-2016
-# Michael D. Taht, Toke Høiland-Jørgensen, Sebastian Moeller
-#
-################################################################################
-
-. ${SQM_LIB_DIR}/defaults.sh
-
-################################################################################
-
-
-# this will only work with cake as qdisc...
-QDISC=cake
-
-
-# to keep this as simple as possible we ignore the *_CAKE_OPTS from defaults.sh
-INGRESS_CAKE_OPTS="besteffort triple-isolate"
-EGRESS_CAKE_OPTS="besteffort triple-isolate"
-
-
-egress() {
- sqm_debug "egress"
- $TC qdisc del dev $IFACE root 2>/dev/null
- $TC qdisc add dev $IFACE root $( get_stab_string ) cake bandwidth ${UPLINK}kbit $( get_cake_lla_string ) ${EGRESS_CAKE_OPTS} ${EQDISC_OPTS}
-}
-
-
-ingress() {
- sqm_debug "ingress"
- $TC qdisc del dev $IFACE handle ffff: ingress 2>/dev/null
- $TC qdisc add dev $IFACE handle ffff: ingress
- $TC qdisc del dev $DEV root 2>/dev/null
- $TC qdisc add dev $DEV root $( get_stab_string ) cake bandwidth ${DOWNLINK}kbit $( get_cake_lla_string ) ${INGRESS_CAKE_OPTS} ${IQDISC_OPTS}
-
- $IP link set dev $DEV up
-
- # redirect all IP packets arriving in $IFACE to ifb0
-
- $TC filter add dev $IFACE parent ffff: protocol all prio 10 u32 \
- match u32 0 0 flowid 1:1 action mirred egress redirect dev $DEV
-}
-
-sqm_start() {
-
- #sm: flip upload and download bandwith so that the GUI values reflect directionality in regard to the ISP
- #sm: NOTE this is ugly and should be performed in defaults.sh or functions.sh if at all
- #sm: but for quick and dirty testing this should do
- local ORIG_UPLINK=${UPLINK}
- local ORIG_DOWNLINK=${DOWNLINK}
- UPLINK=${ORIG_DOWNLINK}
- DOWNLINK=${ORIG_UPLINK}
-
-
- [ -n "$IFACE" ] || return 1
- do_modules
- verify_qdisc $QDISC "cake" || return 1
- sqm_debug "Starting ${SCRIPT}"
-
- [ -z "$DEV" ] && DEV=$( get_ifb_for_if ${IFACE} )
-
-
- if [ "${UPLINK}" -ne 0 ];
- then
- egress
- sqm_debug "egress shaping activated"
- else
- sqm_debug "egress shaping deactivated"
- $TC qdisc del dev ${IFACE} root 2> /dev/null
- fi
- if [ "${DOWNLINK}" -ne 0 ];
- then
- verify_qdisc ingress "ingress" || return 1
- ingress
- sqm_debug "ingress shaping activated"
- else
- sqm_debug "ingress shaping deactivated"
- $TC qdisc del dev ${DEV} root 2> /dev/null
- $TC qdisc del dev ${IFACE} ingress 2> /dev/null
- fi
- return 0
-}
+++ /dev/null
-test_LAN_triple-isolate__piece_of_cake.qos (Cero3 Shaper)
-
-Abstract:
-This is a one band cake and ipv6 enabled shaping script for Ethernet gateways.
-This exists for the purpose of testing cake's different isolation options,
-specifically the non-directional triple-isolate feature that promises to finally
-tackle the bit-torrent hole in simple.qos.
-This specific version is supposed to be used on LAN interfaces:
- the script's ingress direction equals the internet/WAN upload direction
- the script's egress direction equals the internet/WAN download direction
-NOTE: Shaping on a LAN interface only affects machines connected via that
-LAN interface, so typically WIFI/WLAN traffic will not be shaped!
+++ /dev/null
-#!/bin/sh
-################################################################################
-# test_WAN_dual-isolate__piece_of_cake.qos (Cero3 Shaper)
-#
-# Abstract:
-# This is a one band cake and ipv6 enabled shaping script for Ethernet
-# gateways. This exists for the purpose of testing cake's different isolation
-# options, specifically the directional dual-[src|dst]host feature that promises
-# to finally tackle the bit-torrent hole in simple.qos.
-# This specific version is supposed to be used on WAN interfaces:
-# the script's ingress direction equals the internet/WAN download direction
-# the script's egress direction equals the internet/WAN upload direction
-#
-################################################################################
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License version 2 as
-# published by the Free Software Foundation.
-#
-# Copyright (C) 2012-2016
-# Michael D. Taht, Toke Høiland-Jørgensen, Sebastian Moeller
-#
-################################################################################
-
-. ${SQM_LIB_DIR}/defaults.sh
-
-################################################################################
-
-
-# this will only work with cake as qdisc...
-QDISC=cake
-
-
-# to keep this as simple as possible we ignore the *_CAKE_OPTS from defaults.sh
-INGRESS_CAKE_OPTS="besteffort dual-dsthost"
-EGRESS_CAKE_OPTS="besteffort dual-srchost"
-
-
-egress() {
- sqm_debug "egress"
- $TC qdisc del dev $IFACE root 2>/dev/null
- $TC qdisc add dev $IFACE root $( get_stab_string ) cake bandwidth ${UPLINK}kbit $( get_cake_lla_string ) ${EGRESS_CAKE_OPTS} ${EQDISC_OPTS}
-}
-
-
-ingress() {
- sqm_debug "ingress"
- $TC qdisc del dev $IFACE handle ffff: ingress 2>/dev/null
- $TC qdisc add dev $IFACE handle ffff: ingress
- $TC qdisc del dev $DEV root 2>/dev/null
- $TC qdisc add dev $DEV root $( get_stab_string ) cake bandwidth ${DOWNLINK}kbit $( get_cake_lla_string ) ${INGRESS_CAKE_OPTS} ${IQDISC_OPTS}
-
- $IP link set dev $DEV up
-
- # redirect all IP packets arriving in $IFACE to ifb0
-
- $TC filter add dev $IFACE parent ffff: protocol all prio 10 u32 \
- match u32 0 0 flowid 1:1 action mirred egress redirect dev $DEV
-}
-
-sqm_start() {
- [ -n "$IFACE" ] || return 1
- do_modules
- verify_qdisc $QDISC "cake" || return 1
- sqm_debug "Starting ${SCRIPT}"
-
- [ -z "$DEV" ] && DEV=$( get_ifb_for_if ${IFACE} )
-
-
- if [ "${UPLINK}" -ne 0 ];
- then
- egress
- sqm_debug "egress shaping activated"
- else
- sqm_debug "egress shaping deactivated"
- $TC qdisc del dev ${IFACE} root 2> /dev/null
- fi
- if [ "${DOWNLINK}" -ne 0 ];
- then
- verify_qdisc ingress "ingress" || return 1
- ingress
- sqm_debug "ingress shaping activated"
- else
- sqm_debug "ingress shaping deactivated"
- $TC qdisc del dev ${DEV} root 2> /dev/null
- $TC qdisc del dev ${IFACE} ingress 2> /dev/null
- fi
- return 0
-}
+++ /dev/null
-test_WAN_dual-isolate__piece_of_cake.qos (Cero3 Shaper)
-
-Abstract:
-This is a one band cake and ipv6 enabled shaping script for Ethernet gateways.
-This exists for the purpose of testing cake's different isolation options,
-specifically the directional dual-[src|dst]host feature that promises to finally
-tackle the bit-torrent hole in simple.qos.
-This specific version is supposed to be used on WAN interfaces:
- the script's ingress direction equals the internet/WAN download direction
- the script's egress direction equals the internet/WAN upload direction
+++ /dev/null
-#!/bin/sh
-################################################################################
-# test_WAN_triple-isolate__piece_of_cake.qos (Cero3 Shaper)
-#
-# Abstract:
-# This is a one band cake and ipv6 enabled shaping script for Ethernet
-# gateways. This exists for the purpose of testing cake's different isolation
-# options, specifically the non-directional triple-isolate feature that promises
-# to finally tackle the bit-torrent hole in simple.qos.
-# This specific version is supposed to be used on WAN interfaces:
-# the script's ingress direction equals the internet/WAN download direction
-# the script's egress direction equals the internet/WAN upload direction
-#
-################################################################################
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License version 2 as
-# published by the Free Software Foundation.
-#
-# Copyright (C) 2012-2016
-# Michael D. Taht, Toke Høiland-Jørgensen, Sebastian Moeller
-#
-################################################################################
-
-. ${SQM_LIB_DIR}/defaults.sh
-
-################################################################################
-
-
-# this will only work with cake as qdisc...
-QDISC=cake
-
-
-# to keep this as simple as possible we ignore the *_CAKE_OPTS from defaults.sh
-INGRESS_CAKE_OPTS="besteffort triple-isolate"
-EGRESS_CAKE_OPTS="besteffort triple-isolate"
-
-
-egress() {
- sqm_debug "egress"
- $TC qdisc del dev $IFACE root 2>/dev/null
- $TC qdisc add dev $IFACE root $( get_stab_string ) cake bandwidth ${UPLINK}kbit $( get_cake_lla_string ) ${EGRESS_CAKE_OPTS} ${EQDISC_OPTS}
-}
-
-
-ingress() {
- sqm_debug "ingress"
- $TC qdisc del dev $IFACE handle ffff: ingress 2>/dev/null
- $TC qdisc add dev $IFACE handle ffff: ingress
- $TC qdisc del dev $DEV root 2>/dev/null
- $TC qdisc add dev $DEV root $( get_stab_string ) cake bandwidth ${DOWNLINK}kbit $( get_cake_lla_string ) ${INGRESS_CAKE_OPTS} ${IQDISC_OPTS}
-
- $IP link set dev $DEV up
-
- # redirect all IP packets arriving in $IFACE to ifb0
-
- $TC filter add dev $IFACE parent ffff: protocol all prio 10 u32 \
- match u32 0 0 flowid 1:1 action mirred egress redirect dev $DEV
-}
-
-sqm_start() {
- [ -n "$IFACE" ] || return 1
- do_modules
- verify_qdisc $QDISC "cake" || return 1
- sqm_debug "Starting ${SCRIPT}"
-
- [ -z "$DEV" ] && DEV=$( get_ifb_for_if ${IFACE} )
-
-
- if [ "${UPLINK}" -ne 0 ];
- then
- egress
- sqm_debug "egress shaping activated"
- else
- sqm_debug "egress shaping deactivated"
- $TC qdisc del dev ${IFACE} root 2> /dev/null
- fi
- if [ "${DOWNLINK}" -ne 0 ];
- then
- verify_qdisc ingress "ingress" || return 1
- ingress
- sqm_debug "ingress shaping activated"
- else
- sqm_debug "ingress shaping deactivated"
- $TC qdisc del dev ${DEV} root 2> /dev/null
- $TC qdisc del dev ${IFACE} ingress 2> /dev/null
- fi
- return 0
-}
+++ /dev/null
-test_WAN_triple-isolate__piece_of_cake.qos (Cero3 Shaper)
-
-Abstract:
-This is a one band cake and ipv6 enabled shaping script for Ethernet gateways.
-This exists for the purpose of testing cake's different isolation options,
-specifically the non-directional triple-isolate feature that promises to finally
-tackle the bit-torrent hole in simple.qos.
-This specific version is supposed to be used on WAN interfaces:
- the script's ingress direction equals the internet/WAN download direction
- the script's egress direction equals the internet/WAN upload direction
+++ /dev/null
-#!/bin/sh
-################################################################################
-# test_triple_isolated_llt_cake.qos
-# One bin cake shaper for ethernet gateways
-# using cake qdisc with triple-isolate and diffserv-llt (Latency-Loss-Tradeoff)
-#
-################################################################################
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License version 2 as
-# published by the Free Software Foundation.
-#
-# Copyright (C) 2012-2016
-# Michael D. Taht, Toke Høiland-Jørgensen, Sebastian Moeller
-#
-################################################################################
-
-. ${SQM_LIB_DIR}/defaults.sh
-
-################################################################################
-
-
-# this will only work with cake as qdisc...
-QDISC=cake
-
-
-# to keep this as simple as possible we ignore the *_CAKE_OPTS from defaults.sh
-INGRESS_CAKE_OPTS="diffserv-llt triple-isolate"
-EGRESS_CAKE_OPTS="diffserv-llt triple-isolate"
-
-
-egress() {
- sqm_debug "egress"
- $TC qdisc del dev $IFACE root 2>/dev/null
- $TC qdisc add dev $IFACE root $( get_stab_string ) cake bandwidth ${UPLINK}kbit $( get_cake_lla_string ) ${EGRESS_CAKE_OPTS} ${EQDISC_OPTS}
-}
-
-
-ingress() {
- sqm_debug "ingress"
- $TC qdisc del dev $IFACE handle ffff: ingress 2>/dev/null
- $TC qdisc add dev $IFACE handle ffff: ingress
- $TC qdisc del dev $DEV root 2>/dev/null
- $TC qdisc add dev $DEV root $( get_stab_string ) cake bandwidth ${DOWNLINK}kbit $( get_cake_lla_string ) ${INGRESS_CAKE_OPTS} ${IQDISC_OPTS}
-
- $IP link set dev $DEV up
-
- # redirect all IP packets arriving in $IFACE to ifb0
-
- $TC filter add dev $IFACE parent ffff: protocol all prio 10 u32 \
- match u32 0 0 flowid 1:1 action mirred egress redirect dev $DEV
-}
-
-sqm_start() {
- [ -n "$IFACE" ] || return 1
- do_modules
- verify_qdisc $QDISC "cake" || return 1
- sqm_debug "Starting ${SCRIPT}"
-
- [ -z "$DEV" ] && DEV=$( get_ifb_for_if ${IFACE} )
-
-
- if [ "${UPLINK}" -ne 0 ];
- then
- egress
- sqm_debug "egress shaping activated"
- else
- sqm_debug "egress shaping deactivated"
- $TC qdisc del dev ${IFACE} root 2> /dev/null
- fi
- if [ "${DOWNLINK}" -ne 0 ];
- then
- verify_qdisc ingress "ingress" || return 1
- ingress
- sqm_debug "ingress shaping activated"
- else
- sqm_debug "ingress shaping deactivated"
- $TC qdisc del dev ${DEV} root 2> /dev/null
- $TC qdisc del dev ${IFACE} ingress 2> /dev/null
- fi
- return 0
-}
+++ /dev/null
-Cake qdisc with triple-isolate and diffserv-llt (Latency-Loss-Tradeoff)
-options as the shaper and fq_codel as leaf qdisc. This script requires
-that cake is selected as qdisc.
include $(TOPDIR)/rules.mk
PKG_NAME:=squid
-PKG_VERSION:=6.9
+PKG_VERSION:=6.10
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://www2.pl.squid-cache.org/Versions/v6/ \
http://www.squid-cache.org/Versions/v6/
-PKG_HASH:=1ad72d46e1cb556e9561214f0fb181adb87c7c47927ef69bc8acd68a03f61882
+PKG_HASH:=0b07b187e723f04770dd25beb89aec12030a158696aa8892d87c8b26853408a7
PKG_MAINTAINER:=Marko Ratkaj <markoratkaj@gmail.com>
PKG_LICENSE:=GPL-2.0-or-later
CONFIGURE_ARGS += \
BUILDCXX=$(HOSTCXX_NOCACHE) \
+ BUILDCXXFLAGS="$(HOST_CXXFLAGS) $(HOST_CPPFLAGS) -std=c++17" \
--datadir=/usr/share/squid \
--libexecdir=/usr/lib/squid \
--sysconfdir=/etc/squid \
+++ /dev/null
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -626,7 +626,7 @@ cache_cf.o: cf_parser.cci
-
- # cf_gen builds the configuration files.
- cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES) cf_gen_defines.cci
-- $(BUILDCXX) $(BUILDCXXFLAGS) -o $@ $(srcdir)/cf_gen.cc -I$(srcdir) -I$(top_builddir)/include/ -I$(top_builddir)/src
-+ $(BUILDCXX) -std=c++17 -o $@ $(srcdir)/cf_gen.cc -I$(srcdir) -I$(top_builddir)/include/ -I$(top_builddir)/src
-
- # squid.conf.default is built by cf_gen when making cf_parser.cci
- squid.conf.default squid.conf.documented: cf_parser.cci
--- a/configure.ac
+++ b/configure.ac
-@@ -1043,7 +1043,7 @@ AC_MSG_NOTICE([HTCP support enabled: $en
+@@ -1033,7 +1033,7 @@ AC_MSG_NOTICE([HTCP support enabled: $en
# Cryptograhic libraries
SQUID_AUTO_LIB(nettle,[Nettle crypto],[LIBNETTLE])
include $(TOPDIR)/rules.mk
PKG_NAME:=sslh
-PKG_VERSION:=v1.23.1
+PKG_VERSION:=2.1.2
PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://rutschle.net/tech/sslh/
-PKG_HASH:=2aac006b40e5ae90e3b0fccb44acc994174e24e64457f25041b06aa2433ae637
+PKG_HASH:=dce8e1a77f48017b5164486084f000d9f20de2d54d293385aec18d606f9c61d9
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-v$(PKG_VERSION)
PKG_MAINTAINER:=Jonathan McCrohan <jmccrohan@gmail.com>
PKG_LICENSE:=GPL-2.0-or-later
PKG_NAME:=strongswan
PKG_VERSION:=5.9.14
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/
ipsec_xappend " right=$remote_gateway"
[ -n "$local_sourceip" ] && ipsec_xappend " leftsourceip=$local_sourceip"
- [ -n "$local_subnet" ] && ipsec_xappend " leftsubnet=$local_subnet"
+ [ -n "$local_subnet" ] && ipsec_xappend " leftsubnet=${local_subnet// /,}"
[ -n "$local_firewall" ] && ipsec_xappend " leftfirewall=$local_firewall"
[ -n "$remote_firewall" ] && ipsec_xappend " rightfirewall=$remote_firewall"
ipsec_xappend " rightauth=psk"
[ "$remote_sourceip" != "" ] && ipsec_xappend " rightsourceip=$remote_sourceip"
- [ "$remote_subnet" != "" ] && ipsec_xappend " rightsubnet=$remote_subnet"
+ [ "$remote_subnet" != "" ] && ipsec_xappend " rightsubnet=${remote_subnet// /,}"
ipsec_xappend " auto=$mode"
else
include $(TOPDIR)/rules.mk
PKG_NAME:=tailscale
-PKG_VERSION:=1.66.4
+PKG_VERSION:=1.72.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/tailscale/tailscale/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=db94df254a263110439aa9d6cf6e1e64a5644b6e6e459ab5298ba6e478a988cf
+PKG_HASH:=21b529e85144f526b61e0998c8b7885d53f17cba21252e5c7252c4014f5f507b
PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec1@gmail.com>
PKG_LICENSE:=BSD-3-Clause
include $(TOPDIR)/rules.mk
PKG_NAME:=tcpreplay
-PKG_VERSION:=4.4.4
-PKG_RELEASE:=2
+PKG_VERSION:=4.5.1
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/appneta/tcpreplay/releases/download/v$(PKG_VERSION)
-PKG_HASH:=3ff9753cc43bb15e77832cee657e3030dbcdd957fa247e6abacc605689e24051
+PKG_HASH:=5126613f783062b43f514b05ad981376050a8fee35b03c8de4445ddeefd95049
PKG_LICENSE:=GPL-3.0
PKG_LICENSE_FILES:=docs/LICENSE
+++ /dev/null
-From 55ad9d1d701e644ed5b8821456e31acf2e72920c Mon Sep 17 00:00:00 2001
-From: Gabriel Ganne <gabriel.ganne@gmail.com>
-Date: Sun, 28 Jan 2024 10:02:30 +0100
-Subject: [PATCH] allow recursice call to tcpedit_dlt_cleanup()
-
-This is just a quick hack to prevent a double-free should
-tcpedit_dlt_cleanup() call itself, which can hapen through dlt_jnpr_ether_cleanup()
-
-Ref: #813
----
- src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
---- a/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c
-+++ b/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c
-@@ -164,8 +164,10 @@ dlt_jnpr_ether_cleanup(tcpeditdlt_t *ctx
- jnpr_ether_config_t *config;
-
- config = (jnpr_ether_config_t *)ctx->encoder->config;
-- if (config->subctx != NULL)
-+ if (config->subctx != NULL) {
-+ ctx->decoded_extra = NULL;
- tcpedit_dlt_cleanup(config->subctx);
-+ }
- safe_free(plugin->config);
- plugin->config = NULL;
- plugin->config_size = 0;
--- /dev/null
+#!/bin/sh
+
+[ "$1" = "tcpreplay-all" ] || exit 0
+
+EXEC_LIST="tcpbridge tcpliveplay tcpreplay tcprewrite tcpcapinfo tcpprep tcpreplay-edit"
+
+for executable in $EXEC_LIST ; do
+ $executable --version
+ $executable --version 2>&1 | grep "$2"
+ [ $? == 0 ] || {
+ echo "Problem or incorrect version for '$executable'"
+ exit 1
+ }
+done
+
include $(TOPDIR)/rules.mk
PKG_NAME:=tgt
-PKG_VERSION:=1.0.91
+PKG_VERSION:=1.0.92
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/fujita/tgt/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=3bfd50e19f308e9d197e2f6877fb5d13e4777e5bbb61716a7409b3735b481d8f
+PKG_HASH:=06721dcdb88bcc13721bf5de92b57e84a208e04084f8ed937c3ecade6459662f
PKG_MAINTAINER:=Maxim Storchak <m.storchak@gmail.com>
PKG_LICENSE:=GPL-2.0-only
user-space daemon and tools.
endef
-ifneq ($(CONFIG_USE_MUSL),)
- TARGET_CFLAGS += -D_LARGEFILE64_SOURCE
-endif
-
define Build/Compile
$(call Build/Compile/Default,programs)
endef
CFLAGS += -DUSE_EVENTFD
TGTD_OBJS += bs_aio.o
LIBS += -laio
-@@ -55,7 +55,7 @@ ifneq ($(SD_NOTIFY),)
+@@ -56,7 +56,7 @@ ifneq ($(SD_NOTIFY),)
LIBS += -lsystemd
endif
TGTD_OBJS += tgtd.o mgmt.o target.o scsi.o log.o driver.o util.o work.o \
concat_buf.o parser.o spc.o sbc.o mmc.o osd.o scc.o smc.o \
ssc.o libssc.o bs_rdwr.o bs_ssc.o \
-@@ -82,14 +82,6 @@ tgtadm: $(TGTADM_OBJS)
+@@ -83,14 +83,6 @@ tgtadm: $(TGTADM_OBJS)
-include $(TGTADM_DEP)
+++ /dev/null
---- a/usr/tgtd.h
-+++ b/usr/tgtd.h
-@@ -9,6 +9,10 @@
- #include <systemd/sd-daemon.h>
- #endif
-
-+#ifndef __WORDSIZE
-+#include <sys/reg.h>
-+#endif
-+
- struct concat_buf;
-
- #define NR_SCSI_OPCODES 256
---- a/usr/util.h
-+++ b/usr/util.h
-@@ -21,6 +21,10 @@
- #include <sys/stat.h>
- #include <sys/types.h>
-
-+#ifndef __WORDSIZE
-+#include <sys/reg.h>
-+#endif
-+
- #include "be_byteshift.h"
-
- #define roundup(x, y) ((((x) + ((y) - 1)) / (y)) * (y))
PKG_NAME:=tinc
PKG_VERSION:=1.1pre18
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://tinc-vpn.org/packages
append_params "$s" logfile debug
SERVICE_PID_FILE="/var/run/tinc.$s.pid"
- service_start $BIN -c "$TMP_TINC/$s" $ARGS --pidfile="$SERVICE_PID_FILE"
+ # consequences of option -n "%s"
+ # tinc will display this warning Both netname and configuration directory given, using the latter...
+ # BUT the exported variable NETNAME will be set with the right value when run tinc-up script
+ service_start $BIN -c "$TMP_TINC/$s" -n "$s" $ARGS --pidfile="$SERVICE_PID_FILE"
}
stop_instance() {
PKG_NAME:=tinyproxy
PKG_VERSION:=1.11.1
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/tinyproxy/tinyproxy/releases/download/$(PKG_VERSION)
[ -n "$target" ] && target=' "'"$target"'"'
[ "$type" = "proxy" ] && [ -n "$via" ] && \
- echo "upstream $via$target"
+ echo "upstream http $via$target"
[ "$type" = "reject" ] && [ -n "$target" ] && \
- echo "no upstream$target"
+ echo "upstream none$target"
}
proxy_atom() {
include $(TOPDIR)/rules.mk
PKG_NAME:=tmate-ssh-server
-PKG_VERSION:=511fd2bd852464e76824279609a34ee93fe148a4
-PKG_RELEASE:=2
+PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://codeload.github.com/tmate-io/tmate-ssh-server/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=68602496ca6a17ea80f5be53eba047897ac714c7cdfcb3bcdc12c56b8f3c3b45
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/tmate-io/tmate-ssh-server.git
+PKG_SOURCE_DATE:=2023-06-02
+PKG_SOURCE_VERSION:=d7334ee4c3c8036c27fb35c7a24df3a88a15676b
+PKG_MIRROR_HASH:=e8fe9749766049c15242a85b51866d279f190186ada70e8900f4ae61e81d3886
PKG_LICENSE:=ISC
PKG_LICENSE_FILES:=COPYING
-PKG_MAINTAINER:=Paul Spooren <mail@aparcar.org>
+PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
PKG_FIXUP:=autoreconf
PKG_BUILD_PARALLEL:=1
include $(TOPDIR)/rules.mk
PKG_NAME:=tor
-PKG_VERSION:=0.4.8.11
+PKG_VERSION:=0.4.8.12
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://dist.torproject.org/ \
https://archive.torproject.org/tor-package-archive
-PKG_HASH:=8f2bdf90e63380781235aa7d604e159570f283ecee674670873d8bb7052c8e07
+PKG_HASH:=ca7cc735d98e3747b58f2f3cc14f804dd789fa0fb333a84dcb6bd70adbb8c874
PKG_MAINTAINER:=Hauke Mehrtens <hauke@hauke-m.de> \
Peter Wagner <tripolar@gmx.at>
PKG_LICENSE:=BSD-3-Clause
include $(TOPDIR)/rules.mk
PKG_NAME:=transmission
-PKG_VERSION:=4.0.5
-PKG_RELEASE:=2
+PKG_VERSION:=4.0.6
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/transmission/transmission/releases/download/$(PKG_VERSION)/
-PKG_HASH:=fd68ff114a479200043c30c7e69dba4c1932f7af36ca4c5b5d2edcb5866e6357
+PKG_HASH:=2a38fe6d8a23991680b691c277a335f8875bdeca2b97c6b26b598bc9c7b0c45f
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
PKG_LICENSE:=GPL-2.0-or-later
+++ /dev/null
-From da7d6fe0e1b162eac6cc048153ff7f201975b6c4 Mon Sep 17 00:00:00 2001
-From: Seo Suchan <tjtncks@gmail.com>
-Date: Thu, 2 May 2024 03:34:12 +0900
-Subject: [PATCH] fix compile with mbedtls 3.x
-
-Signed-off-by: Seo Suchan <tjtncks@gmail.com>
----
- libtransmission/crypto-utils-mbedtls.cc | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
---- a/libtransmission/crypto-utils-mbedtls.cc
-+++ b/libtransmission/crypto-utils-mbedtls.cc
-@@ -117,7 +117,7 @@ public:
- {
- mbedtls_sha1_init(&handle_);
-
--#if MBEDTLS_VERSION_NUMBER >= 0x02070000
-+#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000
- mbedtls_sha1_starts_ret(&handle_);
- #else
- mbedtls_sha1_starts(&handle_);
-@@ -128,7 +128,7 @@ public:
- {
- if (data_length > 0U)
- {
--#if MBEDTLS_VERSION_NUMBER >= 0x02070000
-+#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000
- mbedtls_sha1_update_ret(&handle_, static_cast<unsigned char const*>(data), data_length);
- #else
- mbedtls_sha1_update(&handle_, static_cast<unsigned char const*>(data), data_length);
-@@ -140,7 +140,7 @@ public:
- {
- auto digest = tr_sha1_digest_t{};
- auto* const digest_as_uchar = reinterpret_cast<unsigned char*>(std::data(digest));
--#if MBEDTLS_VERSION_NUMBER >= 0x02070000
-+#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000
- mbedtls_sha1_finish_ret(&handle_, digest_as_uchar);
- #else
- mbedtls_sha1_finish(&handle_, digest_as_uchar);
-@@ -168,10 +168,10 @@ public:
- {
- mbedtls_sha256_init(&handle_);
-
--#if MBEDTLS_VERSION_NUMBER >= 0x02070000
-+#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000
- mbedtls_sha256_starts_ret(&handle_, 0);
- #else
-- mbedtls_sha256_starts(&handle_);
-+ mbedtls_sha256_starts(&handle_, 0);
- #endif
- }
-
-@@ -179,7 +179,7 @@ public:
- {
- if (data_length > 0U)
- {
--#if MBEDTLS_VERSION_NUMBER >= 0x02070000
-+#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000
- mbedtls_sha256_update_ret(&handle_, static_cast<unsigned char const*>(data), data_length);
- #else
- mbedtls_sha256_update(&handle_, static_cast<unsigned char const*>(data), data_length);
-@@ -191,7 +191,7 @@ public:
- {
- auto digest = tr_sha256_digest_t{};
- auto* const digest_as_uchar = reinterpret_cast<unsigned char*>(std::data(digest));
--#if MBEDTLS_VERSION_NUMBER >= 0x02070000
-+#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000
- mbedtls_sha256_finish_ret(&handle_, digest_as_uchar);
- #else
- mbedtls_sha256_finish(&handle_, digest_as_uchar);
--- /dev/null
+From febfe49ca3ecab1a7142ecb34012c1f0b2bcdee8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?C=C5=93ur?= <coeur@gmx.fr>
+Date: Sat, 15 Jun 2024 07:24:06 +0800
+Subject: [PATCH] bump miniupnpc to 2.2.8 (#6907)
+
+* bump miniupnpc to 2.2.8
+---
+ libtransmission/port-forwarding-upnp.cc | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+--- a/libtransmission/port-forwarding-upnp.cc
++++ b/libtransmission/port-forwarding-upnp.cc
+@@ -275,8 +275,13 @@ tr_port_forwarding_state tr_upnpPulse(tr
+
+ FreeUPNPUrls(&handle->urls);
+ auto lanaddr = std::array<char, TR_ADDRSTRLEN>{};
+- if (UPNP_GetValidIGD(devlist, &handle->urls, &handle->data, std::data(lanaddr), std::size(lanaddr) - 1) ==
+- UPNP_IGD_VALID_CONNECTED)
++ if (
++#if (MINIUPNPC_API_VERSION >= 18)
++ UPNP_GetValidIGD(devlist, &handle->urls, &handle->data, std::data(lanaddr), std::size(lanaddr) - 1, nullptr, 0)
++#else
++ UPNP_GetValidIGD(devlist, &handle->urls, &handle->data, std::data(lanaddr), std::size(lanaddr) - 1)
++#endif
++ == UPNP_IGD_VALID_CONNECTED)
+ {
+ tr_logAddInfo(fmt::format(_("Found Internet Gateway Device '{url}'"), fmt::arg("url", handle->urls.controlURL)));
+ tr_logAddInfo(fmt::format(_("Local Address is '{address}'"), fmt::arg("address", lanaddr.data())));
include $(TOPDIR)/rules.mk
PKG_NAME:=travelmate
-PKG_VERSION:=2.1.2
-PKG_RELEASE:=6
+PKG_VERSION:=2.1.3
+PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
endef
define Package/travelmate/description
-A wlan connection manager for travel router.
+A wlan connection manager for travel routers.
Please see https://github.com/openwrt/packages/blob/master/net/travelmate/files/README.md for further information.
endef
<!-- markdownlint-disable -->
-# travelmate, a wlan connection manager for travel router
+# Travelmate, a wlan connection manager for travel routers
## Description
-If you’re planning an upcoming vacation or a business trip, taking your laptop, tablet or smartphone give you the ability to connect with friends or complete work on the go. But many hotels don’t have a secure wireless network setup or you’re limited on using a single device at once. Investing in a portable, mini travel router is a great way to connect all of your devices at once while having total control over your own personalized wireless network.
-A logical combination of AP+STA mode on one physical radio allows most of OpenWrt supported router devices to connect to a wireless hotspot/station (STA) and provide a wireless access point (AP) from that hotspot at the same time. Downside of this solution: whenever the STA interface looses the connection it will go into an active scan cycle which renders the radio unusable for AP mode operation, therefore the AP is taken down if the STA looses its association.
-To avoid these kind of deadlocks, travelmate will set all station interfaces to an "always off" mode and connects automatically to available/configured hotspots.
-
-## Main Features
-* STA interfaces operating in an "always off" mode, to make sure that the AP is always accessible
-* easy setup within normal OpenWrt environment
-* strong LuCI-Support with builtin interface wizard and a wireless station manager
-* render the QR-Code of the selected Access Point in LuCI to comfortably transfer the WLAN credentials to your mobile devices
-* fast uplink connections
-* support all kinds of uplinks, incl. hidden and enterprise uplinks (WEP-based uplinks are no longer supported!)
-* continuously checks the existing uplink connection (quality), e.g. for conditional uplink (dis-) connections
-* automatically add open uplinks to your wireless config, e.g. hotel captive portals
-* captive portal detection with internet online check and a 'heartbeat' function to keep the uplink connection up & running
-* captive portal auto-login hook (configured via uci/LuCI), you are able to reference an external script for captive portal auto-logins (see example below)
-* includes a vpn hook with support for 'wireguard' or 'openvpn' client setups to handle VPN (re-) connections automatically
-* includes an email hook to 'msmtp' to send notification e-mails after every succesful uplink connect
-* proactively scan and switch to a higher prioritized uplink, despite of an already existing connection
-* connection tracking which keeps start and end date of an uplink connection
-* automatically disable the uplink after n minutes, e.g. for timed connections
-* automatically (re-)enable the uplink after n minutes, e.g. after failed login attempts
-* option to generate a random unicast MAC address for each uplink connection
-* ntp time sync before sending emails
-* support devices with multiple radios in any order
+If you’re taking your laptop, tablet, or phone on
+an upcoming vacation or business trip, you'll want
+to connect with friends or complete work on the go.
+But many hotels don’t have a secure wireless network setup or
+limit you to using a single device at a time.
+
+Travelmate lets you use a small "travel router" to connect
+all of your devices at once while having total control over your own
+personal wireless network.
+
+Travelmate runs on OpenWrt, and provides an "uplink" to the hotel's wireless access point/hotspot.
+Travelmate then becomes the Access Point (AP) for you and your companions,
+providing secure access to the internet.
+See the [Installation and Usage](#installation-and-usage) section below.
+
+Travelmate manages all the network settings, firewall settings,
+connections to a hotel network, etc. and
+automatically (re)connnects to configured APs/hotspots as they become available.
+
+## Main Benefits and Features
+
+* Easy setup from LuCI web interface
+ with **Interface Wizard** and **Wireless Station manager**
+* Display a QR code to
+ transfer the wireless credentials to your mobile devices
+* Fast uplink connections
+* Supports routers with multiple radios in any order
+* Supports all kinds of uplinks, including hidden and enterprise uplinks.
+ (WEP-based uplinks are no longer supported)
+* Continuously checks the existing uplink quality,
+ e.g. for conditional uplink (dis)connections
+* Automatically add open uplinks to your wireless config, e.g. hotel captive portals
+* Captive portal detection with a
+ 'heartbeat' function to keep the uplink connection up and running
+* Captive portal hook for auto-login configured via uci/LuCI.
+ Use an external script for
+ captive portal auto-logins (see example below)
+* VPN hook supports 'wireguard' or 'openvpn' client
+ setups to handle VPN (re)connections automatically
+* Email hook via 'msmtp' sends notification e-mails
+ after every successful uplink connect
+* Proactively scan and switch to a higher priority uplink,
+ replacing an existing connection
+* Connection tracking logs start and end date of an uplink connection
+* Automatically disable the uplink after n minutes, e.g. for timed connections
+* Automatically (re)enable the uplink after n minutes, e.g. after failed login attempts
+* (Optional) Generate a random unicast MAC address for each uplink connection
+* NTP time sync before sending emails
* procd init and ntp-hotplug support
-* runtime information available via LuCI & via 'status' init command
-* status & debug logging to syslog
+* Runtime information available via LuCI & via 'status' init command
+* Log status and debug information to syslog
+* STA interfaces operate in an "always off" mode,
+ to make sure that the AP is always accessible
## Prerequisites
* [OpenWrt](https://openwrt.org), tested/compatible with current stable 23.x and latest OpenWrt snapshot
-* 'dnsmasq' as dns backend
-* 'iwinfo' for wlan scanning
-* 'curl' for connection checking and all kinds of captive portal magic, e.g. cp detection and auto-logins
-* a 'wpad' variant to support various WPA encrypted networks (WEP-based uplinks are no longer supported!)
-* optional: 'qrencode' for AP QR code support
+* The `luci-app-travelmate` ensures these packages are present:
+ * 'dnsmasq' as dns backend
+ * 'iwinfo' for wlan scanning
+ * 'curl' for connection checking and all kinds of captive portal magic,
+ e.g. cp detection and auto-logins
+ * a 'wpad' variant to support various WPA encrypted networks
+ (WEP-based uplinks are no longer supported!)* optional: 'qrencode' for AP QR code support
* optional: 'wireguard' or 'openvpn' for vpn client connections
-* optional: 'msmtp' to send out travelmate related status messages via email
-
-## Installation & Usage
-* **Please note:** before you start with travelmate ...
- * setup at least one AP, ideally on a separate radio
- * if you're using a single radio unit set the AP channel to 'auto'
-* download [travelmate](https://downloads.openwrt.org/snapshots/packages/x86_64/packages)
-* download [luci-app-travelmate](https://downloads.openwrt.org/snapshots/packages/x86_64/luci)
-* install both packages (_opkg install travelmate_, _opkg install luci-app-travelmate_)
-* the LuCI application is located under the 'Services' menu
-* start the travelmate 'Interface Wizard' once
-* add multiple uplink stations as you like via the 'Wireless Stations' tab
-* happy traveling ...
+* optional: 'msmtp' to send out Travelmate related status messages via email
+
+## Installation and Usage
+* Install OpenWrt on your router, and set it up to allow wireless connections.
+ Be sure to set a strong password on the wireless channel(s) so that only
+ you and your companions can use it.
+* Decide which radio you'll use for the Travelmate uplink (radio0, radio1, etc):
+ * 2.4GHz allows a longer (more distant) link; 5GHz provides a faster link
+ * Travelmate works on all radios.
+ But for better performance, configure the AP on a separate radio from
+ the one you're planning to use as the uplink.
+* Use LuCI web interface to install both **travelmate** and **luci-app-travelmate**
+* Open the Travelmate LuCI application - **Services -> Travelmate**
+* You must use the Travelmate **Interface Wizard** one time to
+ configure the uplink, firewall and other network settings
+* Use the **Wireless Stations** tab to add an uplink station
+ * **Scan** the radio you chose for the uplink
+ * Click **Add Uplink...** for the desired SSID.
+ If there are multiples, choose the one with the largest _Strength_
+ * You'll need to enter the credentials (password, etc)
+ * You should be "on the air" - test by browsing the internet
+* You may add additional uplinks (for different locations)
+ by repeating the previous step
+* Happy traveling ...
## Travelmate config options
-* usually the pre-configured travelmate setup works quite well and no manual config overrides are needed, all listed options apply to the 'global' section:
+* usually the pre-configured Travelmate setup works quite well and no manual config overrides are needed, all listed options apply to the 'global' section:
| Option | Default | Description/Valid Values |
| :----------------- | :--------------------------------- | :---------------------------------------------------------------------------------------------------- |
password zzz
</code></pre>
-Finally enable E-Mail support in travelmate and add a valid E-Mail receiver address.
+Finally enable E-Mail support in Travelmate and add a valid E-Mail receiver address.
## Captive Portal auto-logins
For automated captive portal logins you can reference an external shell script per uplink. All login scripts should be executable and located in '/etc/travelmate' with the extension '.login'. The package ships multiple ready to run auto-login scripts:
## Runtime information
-**receive travelmate runtime information:**
+**Receive Travelmate runtime information:**
<pre><code>
root@2go:~# /etc/init.d/travelmate status
::: travelmate runtime information
+ system : GL.iNet GL-A1300, OpenWrt SNAPSHOT r24187-bb8fd41f9a
</code></pre>
-To debug travelmate runtime problems, please always enable the 'trm\_debug' flag, restart travelmate and check the system log afterwards (_logread -e "trm-"_)
+To debug travelmate runtime problems, please always enable the 'trm\_debug' flag, restart Travelmate and check the system log afterwards (_logread -e "trm-"_)
## Support
-Please join the travelmate discussion in this [forum thread](https://forum.lede-project.org/t/travelmate-support-thread/5155) or contact me by [mail](mailto:dev@brenken.org)
+Please join the Travelmate discussion in this [forum thread](https://forum.openwrt.org/t/travelmate-support-thread/5155) or contact me by [mail](mailto:dev@brenken.org)
## Removal
-* stop the travelmate daemon with _/etc/init.d/travelmate stop_
-* remove the travelmate package (_opkg remove luci-app-travelmate_, _opkg remove travelmate_)
+* stop the Travelmate daemon with _/etc/init.d/travelmate stop_
+* remove the Travelmate package (_opkg remove luci-app-travelmate_, _opkg remove travelmate_)
+
+## Donations
+You like this project - is there a way to donate? Generally speaking "No" - I have a well-paying full-time job and my OpenWrt projects are just a hobby of mine in my spare time.
+
+If you still insist to donate some bucks ...
+* I would be happy if you put your money in kind into other, social projects in your area, e.g. a children's hospice
+* Let's meet and invite me for a coffee if you are in my area, the “Markgräfler Land” in southern Germany or in Switzerland (Basel)
+* Send your money to my [PayPal account](https://www.paypal.me/DirkBrenken) and I will collect your donations over the year to support various social projects in my area
+
+No matter what you decide - thank you very much for your support!
Have fun!
Dirk
trm_mailprofile="$(uci_get travelmate global trm_mailprofile "trm_notify")"
trm_mailsender="$(uci_get travelmate global trm_mailsender "no-reply@travelmate")"
trm_rtfile="$(uci_get travelmate global trm_rtfile "/tmp/trm_runtime.json")"
-trm_mailpgm="$(command -v msmtp)"
+trm_mailcmd="$(command -v msmtp)"
+trm_ubuscmd="$(command -v ubus)"
+trm_jsoncmd="$(command -v jsonfilter)"
trm_logger="$(command -v logger)"
+trm_ver="$("${trm_ubuscmd}" -S call rpc-sys packagelist '{ "all": true }' 2>/dev/null | "${trm_jsoncmd}" -ql1 -e '@.packages.travelmate')"
if [ -z "${trm_mailreceiver}" ]; then
- "${trm_logger}" -p "err" -t "trm-mail [${$}]" "please set the mail receiver with the 'trm_mailreceiver' option" 2>/dev/null
+ "${trm_logger}" -p "err" -t "trm-${trm_ver}[${$}]" "please set the mail receiver with the 'trm_mailreceiver' option" 2>/dev/null
exit 1
fi
# send mail
#
-printf "%b" "${trm_mailhead}${trm_mailtext}" 2>/dev/null | "${trm_mailpgm}" ${debug} -a "${trm_mailprofile}" "${trm_mailreceiver}" >/dev/null 2>&1
-"${trm_logger}" -p "info" -t "trm-mail [${$}]" "mail sent to '${trm_mailreceiver}' with rc '${?}'" 2>/dev/null
+printf "%b" "${trm_mailhead}${trm_mailtext}" 2>/dev/null | "${trm_mailcmd}" ${debug} -a "${trm_mailprofile}" "${trm_mailreceiver}" >/dev/null 2>&1
+"${trm_logger}" -p "info" -t "trm-${trm_ver}[${$}]" "mail sent to '${trm_mailreceiver}' with rc '${?}'" 2>/dev/null
{ [ "${mode}" = "dev" ] && { [ "${status}" = "false" ] || { [ "${trm_ifstatus}" != "${status}" ] && [ "${enabled}" = "0" ]; }; }; }; then
f_wifi
fi
+ if [ "${mode}" = "sta" ]; then
+ "${trm_ubuscmd}" -S call network.interface."${trm_iface}" down >/dev/null 2>&1
+ "${trm_ubuscmd}" -S call network.interface."${trm_iface}" up >/dev/null 2>&1
+ fi
+
while [ "${wait_time}" -le "${trm_maxwait}" ]; do
[ "${wait_time}" -gt "0" ] && sleep 1
wait_time="$((wait_time + 1))"
f_log "err" "system libraries not found"
fi
-# force ntp restart/sync
+# force ntp hotplug event/time sync
#
-if [ -f "/etc/init.d/sysntpd" ] && [ ! -s "${trm_ntpfile}" ]; then
- /etc/init.d/sysntpd restart >/dev/null 2>&1
- f_log "debug" "ntp time sync requested"
+if [ ! -s "${trm_ntpfile}" ]; then
+ "${trm_ubuscmd}" -S call hotplug.ntp call '{ "env": [ "ACTION=stratum" ] }' >/dev/null 2>&1
fi
# control travelmate actions
#!/bin/sh
# ntp hotplug script for travelmate
-# Copyright (c) 2020-2023 Dirk Brenken (dev@brenken.org)
+# Copyright (c) 2020-2024 Dirk Brenken (dev@brenken.org)
# This is free software, licensed under the GNU General Public License v3.
# set (s)hellcheck exceptions
trm_init="/etc/init.d/travelmate"
trm_ntpfile="/var/state/travelmate.ntp"
-trm_logger="$(command -v logger)"
if [ "${ACTION}" = "stratum" ] && [ ! -s "${trm_ntpfile}" ] && "${trm_init}" enabled; then
printf "%s" "$(date "+%Y.%m.%d-%H:%M:%S")" > "${trm_ntpfile}"
- "${trm_logger}" -p "info" -t "trm-ntp [${$}]" "get ntp time sync"
+ trm_ubuscmd="$(command -v ubus)"
+ trm_jsoncmd="$(command -v jsonfilter)"
+ trm_logger="$(command -v logger)"
+ trm_ver="$("${trm_ubuscmd}" -S call rpc-sys packagelist '{ "all": true }' 2>/dev/null | "${trm_jsoncmd}" -ql1 -e '@.packages.travelmate')"
+ "${trm_logger}" -p "info" -t "trm-${trm_ver}[${$}]" "get ntp time sync"
fi
-#
-# Copyright (C) 2006-2016 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
include $(TOPDIR)/rules.mk
PKG_NAME:=udpxy
-PKG_VERSION:=1.0-25.1
PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://codeload.github.com/pcherenkov/udpxy/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=a1a16e60895c6b2fd151321db47f5d5373843116f1b98ed9749e6c25a6c44497
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/pcherenkov/udpxy
+PKG_SOURCE_DATE:=2024-03-03
+PKG_SOURCE_VERSION:=23b434374d76e5de74138d44cbb8bda1b32dcfe0
+PKG_MIRROR_HASH:=719dd6f667f2f92e2b0d911e6bc5dd191e4ee719dd199f648e89832de960f16a
PKG_MAINTAINER:=Álvaro Fernández Rojas <noltari@gmail.com>
PKG_LICENSE:=GPL-3.0-or-later
include $(TOPDIR)/rules.mk
PKG_NAME:=unbound
-PKG_VERSION:=1.19.3
-PKG_RELEASE:=2
+PKG_VERSION:=1.21.0
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://nlnetlabs.nl/downloads/unbound
-PKG_HASH:=3ae322be7dc2f831603e4b0391435533ad5861c2322e34a76006a9fb65eb56b9
+PKG_HASH:=e7dca7d6b0f81bdfa6fa64ebf1053b5a999a5ae9278a87ef182425067ea14521
PKG_MAINTAINER:=Eric Luehrsen <ericluehrsen@gmail.com>
PKG_LICENSE:=BSD-3-Clause
UB_CTRL_CONF=$UB_VARDIR/ctrl.conf.tmp
UB_SRVMASQ_CONF=$UB_VARDIR/dnsmasq_srv.conf.tmp
UB_EXTMASQ_CONF=$UB_VARDIR/dnsmasq_ext.conf.tmp
+UB_RPZCNAME_CONF=$UB_VARDIR/unbound_rpz_cname.conf
# conf as found
UB_TOTAL_CONF=$UB_VARDIR/unbound.conf
DM_LIST_KNOWN_ZONES="invalid"
DM_LIST_TRN_ZONES=""
DM_LIST_LOCAL_DATA=""
+DM_LIST_PRZ_DATA=""
DM_LIST_LOCAL_PTR=""
DM_LIST_FWD_PORTS=""
DM_LIST_FWD_ZONES=""
config_get target "$cfg" target
+ # For cnames with a local data target the A RR is not resolved and missing
+ # in the response. As most applications don't send another query and fail,
+ # these entries are placed in a rpz zone instead.
if [ -n "$cname" ] && [ -n "$target" ] ; then
- create_local_zone "$cname"
- record="$cname.@@300@@IN@@CNAME@@$target."
- DM_LIST_LOCAL_DATA="$DM_LIST_LOCAL_DATA $record"
+ record="${DM_LIST_LOCAL_DATA#*${target}.@@*@@IN@@A@@}"
+ if [ "$record" == "$DM_LIST_LOCAL_DATA" ]; then
+ # Target is not a local data record => local data can be used
+ create_local_zone "$cname"
+ record="$cname.@@300@@IN@@CNAME@@$target."
+ DM_LIST_LOCAL_DATA="$DM_LIST_LOCAL_DATA $record"
+
+ else
+ # Target is a local data record => use rpz zone
+
+ # Add A RR at the end if still not present
+ record="$target@@A@@${record%% *}"
+ if [ "${DM_LIST_PRZ_DATA}" == "${DM_LIST_PRZ_DATA#*${record}}" ]; then
+ DM_LIST_PRZ_DATA="$DM_LIST_PRZ_DATA $record"
+ fi
+
+ # Add CNAME at the beginning
+ record="$cname@@CNAME@@$target."
+ DM_LIST_PRZ_DATA="$record $DM_LIST_PRZ_DATA"
+ fi
fi
}
echo
fi
} > $UB_SRVMASQ_CONF
+
+ if [ -n "$DM_LIST_PRZ_DATA" ] ; then
+ {
+ echo '$ORIGIN cname.rpz.localhost; generated by UCI'
+ echo ""
+ for record in $DM_LIST_PRZ_DATA; do
+ echo "${record//@@/ }"
+ done
+ } > $UB_RPZCNAME_CONF
+
+ {
+ echo "# $UB_EXTMASQ_CONF generated by UCI"
+ echo "rpz:"
+ echo " name: cname.rpz.localhost"
+ echo " zonefile: $UB_RPZCNAME_CONF"
+ echo ""
+ } > $UB_EXTMASQ_CONF
+ fi
fi
}
y = $0 ;
ct_start = length(y) - 32 + CIDR ;
for(i=ct_start; i>0; i--) { x = (x substr(y,i,1)) ; } ;
- gsub(/./,"&\.",x) ;
+ gsub(/./,"&.",x) ;
x = (x "ip6.arpa") ;
print x }'
}
ct_start = length(y);
for(i=ct_start; i>0; i--) { x = (x substr(y,i,1)) ; } ;
sub(/[0-9]+\//,"",x) ;
- gsub(/./,"&\.",x) ;
+ gsub(/./,"&.",x) ;
x = (x "ip6.arpa") ;
print x }'
}
CIDR = (CIDR / 8) ;
dtxt = $0 ;
sub(/\/.*/,"",dtxt) ;
- split(dtxt, dtxt, ".") ;
- for(i=1; i<=CIDR; i++) { x = (dtxt[i] "." x) ; }
+ split(dtxt, dtxtarr, ".") ;
+ for(i=1; i<=CIDR; i++) { x = (dtxtarr[i] "." x) ; }
x = (x "in-addr.arpa") ;
print x }'
}
if ((cls == "ipv4") && (hst != "-") && (cdr == 32) && (NF == 9)) {
# IPV4 ; only for provided hostnames and full /32 assignments
# NF=9 ; odhcpd errata in field format without host name
- ptr = adr ; qpr = "" ; split( ptr, ptr, "." ) ;
+ ptr = adr ; qpr = "" ; split( ptr, ptrarr, "." ) ;
slaac = slaac_eui64( id ) ;
# always create the pipe file
- for( i=1; i<=4; i++ ) { qpr = ( ptr[i] "." qpr) ; }
+ for( i=1; i<=4; i++ ) { qpr = ( ptrarr[i] "." qpr) ; }
x = ( fqdn ". 300 IN A " adr ) ;
y = ( qpr "in-addr.arpa. 300 IN PTR " fqdn ) ;
print ( x "\n" y ) > pipefile ;
##############################################################################
-function ipv6_ptr( ipv6, arpa, ary, end, i, j, new6, sz, start ) {
+function ipv6_ptr( ipv6, arpa, ary, end, m, n, new6, sz, start ) {
# IPV6 colon flexibility is a challenge when creating [ptr].ip6.arpa.
sz = split( ipv6, ary, ":" ) ; end = 9 - sz ;
- for( i=1; i<=sz; i++ ) {
- if( length(ary[i]) == 0 ) {
- for( j=1; j<=end; j++ ) { ary[i] = ( ary[i] "0000" ) ; }
+ for( m=1; m<=sz; m++ ) {
+ if( length(ary[m]) == 0 ) {
+ for( n=1; n<=end; n++ ) { ary[m] = ( ary[m] "0000" ) ; }
}
else {
- ary[i] = substr( ( "0000" ary[i] ), length( ary[i] )+5-4 ) ;
+ ary[m] = substr( ( "0000" ary[m] ), length( ary[m] )+5-4 ) ;
}
}
new6 = ary[1] ;
- for( i = 2; i <= sz; i++ ) { new6 = ( new6 ary[i] ) ; }
+ for( m = 2; m <= sz; m++ ) { new6 = ( new6 ary[m] ) ; }
start = length( new6 ) ;
- for( i=start; i>0; i-- ) { arpa = ( arpa substr( new6, i, 1 ) ) ; } ;
- gsub( /./, "&\.", arpa ) ; arpa = ( arpa "ip6.arpa" ) ;
+ for( m=start; m>0; m-- ) { arpa = ( arpa substr( new6, m, 1 ) ) ; } ;
+ gsub( /./, "&.", arpa ) ; arpa = ( arpa "ip6.arpa" ) ;
return arpa ;
}
fi
+ case $moduleopts in
+ *respip*)
+ modulestring="respip $modulestring"
+ ;;
+ esac
+
+
{
# Print final module string
echo " module-config: \"$modulestring\""
target. Use "uname" on host only if "UNAME" variable is empty.
--- a/configure.ac
+++ b/configure.ac
-@@ -845,7 +845,7 @@ if test x_$ub_test_python != x_no; then
+@@ -895,7 +895,7 @@ if test x_$ub_test_python != x_no; then
fi
fi
+++ /dev/null
-OpenWrt (modification):
-Patch the default configuration file with the tiny memory
-configuration example from Unbound documentation. This is the best
-starting point for embedded routers if one is not going to use UCI.
---- a/doc/example.conf.in
-+++ b/doc/example.conf.in
-@@ -19,6 +19,76 @@ server:
- # verbosity number, 0 is least verbose. 1 is default.
- # verbosity: 1
-
-+ ############################################################################
-+ # MEMORY CONTROL EXAMPLE
-+ # In the example config settings below memory usage is reduced. Some ser-
-+ # vice levels are lower, notable very large data and a high TCP load are
-+ # no longer supported ... are exceptional for the DNS.
-+ # (http://unbound.net/documentation/unbound.conf.html)
-+ ############################################################################
-+
-+ # Self jail Unbound with user "unbound" to /var/lib/unbound
-+ # The script /etc/init.d/unbound will setup the location
-+ username: "unbound"
-+ directory: "/var/lib/unbound"
-+ chroot: "/var/lib/unbound"
-+
-+ # The pid file is created before privleges drop so no concern
-+ pidfile: "/var/run/unbound.pid"
-+
-+ # no threads and no memory slabs for threads
-+ num-threads: 1
-+ msg-cache-slabs: 1
-+ rrset-cache-slabs: 1
-+ infra-cache-slabs: 1
-+ key-cache-slabs: 1
-+
-+ # don't be picky about interfaces but consider your firewall
-+ interface: 0.0.0.0
-+ interface: ::0
-+ access-control: 0.0.0.0/0 allow
-+ access-control: ::0/0 allow
-+
-+ # this limits TCP service but uses less buffers
-+ outgoing-num-tcp: 1
-+ incoming-num-tcp: 1
-+
-+ # use somewhat higher port numbers versus possible NAT issue
-+ outgoing-port-permit: "10240-65335"
-+
-+ # uses less memory but less performance
-+ outgoing-range: 60
-+ num-queries-per-thread: 30
-+
-+ # exclude large responses
-+ msg-buffer-size: 8192
-+
-+ # tiny memory cache
-+ infra-cache-numhosts: 200
-+ msg-cache-size: 100k
-+ rrset-cache-size: 100k
-+ key-cache-size: 100k
-+ neg-cache-size: 10k
-+
-+ # gentle on recursion
-+ target-fetch-policy: "2 1 0 0 0 0"
-+ harden-large-queries: yes
-+ harden-short-bufsize: yes
-+
-+ # DNSSEC enable by removing comments on "module-config:" and "auto-trust-
-+ # -anchor-file:" The init script will copy root key to /var/lib/unbound.
-+ # See package documentation for crontab entry to copy RFC5011 results back.
-+ #module-config: "validator iterator"
-+ #auto-trust-anchor-file: "/var/lib/unbound/root.key"
-+
-+ # DNSSEC needs real time to validate signatures. If your device does not
-+ # have power off clock (reboot), then you may need this work around.
-+ #domain-insecure: "pool.ntp.org"
-+
-+ ############################################################################
-+ # Resume Stock example.conf.in
-+ ############################################################################
-+
- # print statistics to the log (for every thread) every N seconds.
- # Set to "" or 0 to disable. Default is disabled.
- # statistics-interval: 0
include $(TOPDIR)/rules.mk
PKG_NAME:=uwsgi
-PKG_VERSION:=2.0.25.1
-PKG_RELEASE:=2
+PKG_VERSION:=2.0.26
+PKG_RELEASE:=1
PYPI_NAME:=uWSGI
PYPI_SOURCE_NAME:=uwsgi
-PKG_HASH:=d653d2d804c194c8cbe2585fa56efa2650313ae75c686a9d7931374d4dfbfc6e
+PKG_HASH:=86e6bfcd4dc20529665f5b7777193cdc48622fb2c59f0a7f1e3dc32b3882e7f9
PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=LICENSE
+PKG_CPE_ID:=cpe:/a:unbit:uwsgi
PKG_MAINTAINER:=Christian Marangi <ansuelsmth@gmail.com>
PKG_BUILD_DEPENDS:=python3/host
--- a/uwsgiconfig.py
+++ b/uwsgiconfig.py
-@@ -5,9 +5,9 @@ uwsgi_version = '2.0.25.1'
+@@ -5,9 +5,9 @@ uwsgi_version = '2.0.26'
import os
import re
import time
+++ /dev/null
---- a/core/regexp.c
-+++ b/core/regexp.c
-@@ -23,7 +23,7 @@ int uwsgi_regexp_build(char *re, uwsgi_p
-
- #ifdef UWSGI_PCRE2
- int errnbr;
-- long unsigned int erroff;
-+ size_t erroff;
-
- *pattern = pcre2_compile((const unsigned char *) re, PCRE2_ZERO_TERMINATED, 0, &errnbr, &erroff, NULL);
- #else
include $(TOPDIR)/rules.mk
PKG_NAME:=v2ray-core
-PKG_VERSION:=5.16.1
+PKG_VERSION:=5.18.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/v2fly/v2ray-core/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=e5d61b97168ebdf6da3d672ab40abe5b22951d46997072ca1ee497a3aa47ba05
+PKG_HASH:=15acf65228867d47dcab27f87af048a2f0e6ed5d347a2e68730d30ae2a3871eb
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
include $(INCLUDE_DIR)/package.mk
-GEOIP_VER:=202404250042
+GEOIP_VER:=202409120050
GEOIP_FILE:=geoip.dat.$(GEOIP_VER)
define Download/geoip
URL:=https://github.com/v2fly/geoip/releases/download/$(GEOIP_VER)/
URL_FILE:=geoip.dat
FILE:=$(GEOIP_FILE)
- HASH:=8ad42be541dfa7c2e548ba94b6dcb3fe431a105ba14d3907299316a036723760
+ HASH:=4ec83c46f84b3efb9856903e7c10d6c21f6515b9e656575c483dcf2a3d80f916
endef
-GEOSITE_VER:=20240426060244
+GEOSITE_VER:=20240914091803
GEOSITE_FILE:=dlc.dat.$(GEOSITE_VER)
define Download/geosite
URL:=https://github.com/v2fly/domain-list-community/releases/download/$(GEOSITE_VER)/
URL_FILE:=dlc.dat
FILE:=$(GEOSITE_FILE)
- HASH:=7aa19bb7fa5f99d62d3db87b632334caa356fb9b901f85f7168c064370973646
+ HASH:=c171f61d3ba8e0dcf31a9548e9fd928a9416e064ad9417664eadda8d25eb6ad9
endef
-GEOSITE_IRAN_VER:=202404290026
+GEOSITE_IRAN_VER:=202409160034
GEOSITE_IRAN_FILE:=iran.dat.$(GEOSITE_IRAN_VER)
define Download/geosite-ir
URL:=https://github.com/bootmortis/iran-hosted-domains/releases/download/$(GEOSITE_IRAN_VER)/
URL_FILE:=iran.dat
FILE:=$(GEOSITE_IRAN_FILE)
- HASH:=dcffe111e31e34bceba3b28afc74eb82df222f440145f46673c79186d392e4f8
+ HASH:=d4f7a05bb3c81a52a511a7ea5d2d865adadcb2d0ccdf4dd3a7bca5851d1e9d27
endef
define Package/v2ray-geodata/template
include $(TOPDIR)/rules.mk
PKG_NAME:=v2rayA
-PKG_VERSION:=2.2.5.1
+PKG_VERSION:=2.2.5.7
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/v2rayA/v2rayA/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=1935665d17e2bf2de7d3ca8a628e8c59d9ba934478a01080d68cdfe698481d3f
+PKG_HASH:=fae10dafa54508bf19961b111d608dda9bb7a79e724c88e60a464c58369f4826
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)/service
PKG_LICENSE:=AGPL-3.0-only
URL:=https://github.com/v2rayA/v2rayA/releases/download/v$(PKG_VERSION)/
URL_FILE:=web.tar.gz
FILE:=$(WEB_FILE)
- HASH:=a45c4ee179e310ff8eb8935181a54b341347ae08e072323d69d637e3a0a3f6df
+ HASH:=a5b6151549a318b1bd5a4cc01482ad0abc1a7bd99fa01037a2a6b84501a77c3e
endef
define Build/Prepare
+++ /dev/null
-#
-# Copyright (C) 2006-2014 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=vncrepeater
-PKG_VERSION:=0.14
-PKG_RELEASE:=2
-PKG_MAINTAINER:=Jirka Spicak <robutek@gmail.com>
-PKG_LICENSE:=GPL-2.0
-
-
-PKG_SOURCE:=repeater014.zip
-PKG_SOURCE_URL:=http://jtko.mbnet.fi/uvncrepeater
-PKG_HASH:=79178e9baa9cac05f26e43f742933958707cb5c0632c51a5706b13922f3bb5b0
-
-PKG_BUILD_PARALLEL:=1
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/vncrepeater
- SECTION:=net
- CATEGORY:=Network
- DEPENDS:=+libstdcpp
- TITLE:=UltraVNC repeater for Linux
- URL:=http://www.uvnc.com/addons/repeater.html
-endef
-
-define Package/vncrepeater/conffiles
-/etc/vncrepeater.conf
-endef
-
-define Package/vncrepeater/description
- Viewer can be behind Nat router or directly connected to the internet
- instead of forwarding serveral ports, you only need to forward 1 port.
- If the PC that runs the Repeater has access to the local DNS server,
- you can use your local DNS names instead of 10.10.10.12.
- This could be handy when you have a dynamic DHCP server allocating
- ip adresses for your PC.
-endef
-
-define Build/Prepare
- mkdir -p $(PKG_BUILD_DIR)
- $(PKG_UNPACK)
- $(CP) $(PKG_BUILD_DIR)/../Ver014/* $(PKG_BUILD_DIR)/
- rm -rf $(PKG_BUILD_DIR)/../Ver014/
- $(Build/Patch)
-endef
-
-define Build/Compile
- $(call Build/Compile/Default, \
- CC="$(TARGET_CXX)" \
- CFLAGS="$(TARGET_CFLAGS) $(TARGET_CPPFLAGS) -fno-rtti" \
- repeater \
- )
-endef
-
-define Package/vncrepeater/install
- $(INSTALL_DIR) $(1)/usr/sbin
- $(CP) $(PKG_BUILD_DIR)/repeater $(1)/usr/sbin/$(PKG_NAME)
- $(INSTALL_DIR) $(1)/etc
- $(CP) $(PKG_BUILD_DIR)/uvncrepeater.ini $(1)/etc/vncrepeater.conf
-endef
-
-$(eval $(call BuildPackage,vncrepeater))
+++ /dev/null
---- a/Makefile
-+++ b/Makefile
-@@ -1,27 +1,28 @@
- CFLAGS=-Wall
- repeater: repeater.o repeaterproc.o openbsd_stringfuncs.o iniparser.o readini.o repeaterutil.o repeaterevents.o
-- g++ $(CFLAGS) -o repeater repeater.o repeaterproc.o openbsd_stringfuncs.o iniparser.o readini.o repeaterutil.o repeaterevents.o
-+ $(CC) $(CFLAGS) -o repeater repeater.o repeaterproc.o openbsd_stringfuncs.o iniparser.o readini.o repeaterutil.o repeaterevents.o $(LDFLAGS)
-
- repeater.o: repeater.cpp
-- g++ $(CFLAGS) -c repeater.cpp
-+ $(CC) $(CFLAGS) -c repeater.cpp
-
- repeaterproc.o: repeaterproc.cpp
-- g++ $(CFLAGS) -c repeaterproc.cpp
-+ $(CC) $(CFLAGS) -c repeaterproc.cpp
-
- openbsd_stringfuncs.o: openbsd_stringfuncs.cpp
-- g++ $(CFLAGS) -c openbsd_stringfuncs.cpp
-+ $(CC) $(CFLAGS) -c openbsd_stringfuncs.cpp
-
- iniparser.o: iniparser.cpp
-- g++ $(CFLAGS) -c iniparser.cpp
-+ $(CC) $(CFLAGS) -c iniparser.cpp
-
- readini.o: readini.cpp
-- g++ $(CFLAGS) -c readini.cpp
-+ $(CC) $(CFLAGS) -c readini.cpp
-
- repeaterutil.o: repeaterutil.cpp
-- g++ $(CFLAGS) -c repeaterutil.cpp
-+ $(CC) $(CFLAGS) -c repeaterutil.cpp
-
- repeaterevents.o: repeaterevents.cpp
-- g++ $(CFLAGS) -c repeaterevents.cpp
-+ $(CC) $(CFLAGS) -c repeaterevents.cpp
-
- clean:
- rm -f *.o repeater
-+
+++ /dev/null
---- a/repeater.cpp
-+++ b/repeater.cpp
-@@ -593,7 +593,9 @@ static bool checkIdCode(char *IdCode)
- static long parseId(char *IdCode)
- {
- unsigned int ii;
-- int retVal;
-+ //PFaf 20101122: Minor correction due to compiler warning
-+ //int retVal;
-+ long retVal;
-
- debug(LEVEL_3, "parseId(): IdCode = %s\n", IdCode);
-
-@@ -998,9 +1000,13 @@ static bool isServerAddressAllowed(char
- allow = false;
-
- //server 0 == denied
-- if ((srvAddr.a == 0) || (srvAddr.b == 0) || (srvAddr.c == 0) || (srvAddr.d == 0))
-+ //Fix by PFaf - 20101122
-+ //Server address can be X.0.0.Y i.e. 10.0.0.1
-+ //since these are valid addresses, so we should not exclude them.
-+ //Only exclude addresses that start or end with zeros (0).
-+ //if ((srvAddr.a == 0) || (srvAddr.b == 0) || (srvAddr.c == 0) || (srvAddr.d == 0))
-+ if ((srvAddr.a == 0) || (srvAddr.d == 0))
- allow = false;
--
-
- //allowed so far ?
- if (allow)
-@@ -1983,7 +1989,7 @@ int main(int argc, char **argv)
- struct sigaction saInt;
-
- //ini file default
-- char defaultIniFilePathAndName[] = "/etc/uvncrepeater.ini";
-+ char defaultIniFilePathAndName[] = "/etc/vncrepeater.conf";
- char tmpBuf[MAX_PATH];
- bool memoryOk;
-
SUBMENU:=VPN
TITLE:=WireGuard Service Discovery
URL:=https://github.com/jwhited/wgsd
- DEPENDS:=+kmod-wireguard
+ DEPENDS:=$(GO_ARCH_DEPENDS) +kmod-wireguard
endef
define Package/wgsd-coredns
include $(TOPDIR)/rules.mk
PKG_NAME:=wifischedule
-PKG_VERSION:=1.0.5
-PKG_RELEASE:=2
+PKG_VERSION:=1.1.0
+PKG_RELEASE:=0
PKG_LICENSE:=PRPL
PKG_MAINTAINER:=Nils Koenig <openwrt@newk.it>
-#!/bin/sh
+#!/bin/ash
+# shellcheck shell=dash
# Copyright (c) 2016, prpl Foundation
+# Copyright ANNO DOMINI 2024 Jan Chren ~rindeal <dev.rindeal{a}gmail.com>
#
# Permission to use, copy, modify, and/or distribute this software for any purpose with or without
# fee is hereby granted, provided that the above copyright notice and this permission notice appear
# in all copies.
-#
+#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE
# INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE
# FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
set -o pipefail
-SCRIPT=$0
-LOCKFILE=/tmp/wifi_schedule.lock
-LOGFILE=/tmp/log/wifi_schedule.log
+
+SCRIPT="$0"
+PACKAGE="wifi_schedule"
+GLOBAL="${PACKAGE}.@global[0]"
+LOCKFILE="/tmp/${PACKAGE}.lock"
LOGGING=0 #default is off
-PACKAGE=wifi_schedule
-GLOBAL=${PACKAGE}.@global[0]
+
+# Converts the result of arithmetic expansion to a normal command return code
+# Usage: if _arith_bool $(( 3*4 > 12 && foo <= bar )) ...
+_arith_bool() { [ "$1" -ne 0 ] ;}
+
+# Usage: if _uci_bool $(_uci_get_value "foo.bar") ...
+_uci_bool() { [ "$1" -eq 1 ] ;}
+
+# Usage: _join_by_char , foo bar baz
+# Prints: `foo.bar,baz`
+_join_by_char()
+{
+ local IFS
+ IFS="$1"
+ shift
+ printf "%s" "$*"
+}
+
+## Usage: _log [emerg, alert, crit, err, warning, notice, info, debug] "Message ..."
_log()
{
- if [ ${LOGGING} -eq 1 ]; then
- local ts=$(date)
- echo "$ts $@" >> ${LOGFILE}
- fi
+ local severity="$1"
+ shift
+ _uci_bool "${LOGGING}" || return
+ logger -t "${PACKAGE}" -p "user.${severity}" "$@"
}
_exit()
{
- local rc=$1
- lock -u ${LOCKFILE}
- exit ${rc}
+ lock -u "${LOCKFILE}"
+ exit "$1"
}
-_cron_restart()
+_uci_get_value_raw() { uci get "$1" 2> /dev/null ;}
+
+_uci_get_value()
{
- /etc/init.d/cron restart > /dev/null
+ _uci_get_value_raw "$1"
+ local rc=$?
+ if [ "${rc}" -ne 0 ]; then
+ _log "notice" "Could not determine UCI value '$1'"
+ fi
+ return "${rc}"
}
-_add_cron_script()
-{
- (crontab -l ; echo "$1") | sort | uniq | crontab -
- _cron_restart
+_cfg_global_is_enabled() {
+ local value
+ value="$(_uci_get_value "${GLOBAL}.enabled")"
+ _uci_bool "${value}"
}
-_rm_cron_script()
+_cfg_global_is_unload_modules_enabled()
{
- crontab -l | grep -v "$1" | sort | uniq | crontab -
- _cron_restart
+ local unload_modules
+ unload_modules="$(_uci_get_value_raw "${GLOBAL}.unload_modules")" || return 1
+ _uci_bool "${unload_modules}"
}
-_get_uci_value_raw()
+# Prints: `entry1_name$'\n'entry2_name$'\n'...`
+_cfg_list_entries()
{
+ uci show "${PACKAGE}" | awk -F= '$2 == "entry" { n = split($1, a, "."); print a[n] }'
+}
+
+_cfg_entry_is_enabled() {
local value
- value=$(uci get $1 2> /dev/null)
- local rc=$?
- echo ${value}
- return ${rc}
+ value="$(_uci_get_value "${PACKAGE}.${entry}.enabled")"
+ _uci_bool "${value}"
}
-_get_uci_value()
+_cfg_entry_is_now_within_timewindow()
{
- local value
- value=$(_get_uci_value_raw $1)
- local rc=$?
- if [ ${rc} -ne 0 ]; then
- _log "Could not determine UCI value $1"
- return 1
- fi
- echo ${value}
+ local entry="$1"
+ local starttime stoptime daysofweek
+ local nowdow nowhhmm nowts startts stopts
+ starttime=$( _uci_get_value "${PACKAGE}.${entry}.starttime" ) || return 1
+ stoptime=$( _uci_get_value "${PACKAGE}.${entry}.stoptime" ) || return 1
+ daysofweek=$(_uci_get_value "${PACKAGE}.${entry}.daysofweek") || return 1
+
+ # check if day of week matches today
+ nowdow="$(date +%A)"
+ echo "${daysofweek}" | grep -q "${nowdow}" || return 1
+
+ nowhhmm="$(date "+%H:%M")"
+ nowts=$( date -u +%s -d "${nowhhmm}")
+ startts=$(date -u +%s -d "${starttime}")
+ stopts=$( date -u +%s -d "${stoptime}")
+ # add a day if stopts goes past midnight
+ stopts=$(( stopts < startts ? stopts + 86400 : stopts ))
+
+ _arith_bool $(( nowts >= startts && nowts < stopts ))
}
-_format_dow_list()
+_cfg_can_wifi_run_now()
{
- local dow=$1
- local flist=""
- local day
- for day in ${dow}
+ local entry
+ for entry in $(_cfg_list_entries)
do
- if [ ! -z ${flist} ]; then
- flist="${flist},"
- fi
- flist="${flist}${day:0:3}"
+ test -n "${entry}" || continue
+ _cfg_entry_is_enabled "${entry}" || continue
+ _cfg_entry_is_now_within_timewindow "${entry}" && return 0
done
- echo ${flist}
+ return 1
}
+_cron_restart() { service cron restart > /dev/null ;}
-_enable_wifi_schedule()
-{
- local entry=$1
- local starttime
- local stoptime
- starttime=$(_get_uci_value ${PACKAGE}.${entry}.starttime) || _exit 1
- stoptime=$(_get_uci_value ${PACKAGE}.${entry}.stoptime) || _exit 1
-
- local dow
- dow=$(_get_uci_value_raw ${PACKAGE}.${entry}.daysofweek) || _exit 1
-
- local fdow=$(_format_dow_list "$dow")
- local forcewifidown
- forcewifidown=$(_get_uci_value ${PACKAGE}.${entry}.forcewifidown)
- local stopmode="stop"
- if [ $forcewifidown -eq 1 ]; then
- stopmode="forcestop"
- fi
+# shellcheck disable=SC2312
+_crontab_append_line() { (crontab -l ; printf "%s\n" "$(_join_by_char ' ' "$@")") | crontab - ;}
+## Usage: _crontab_rm_script_entries_by_arg # this removes all script entries
+## Usage: _crontab_rm_script_entries_by_arg recheck # this removes just entries with recheck argument
+_crontab_rm_script_entries_by_arg()
+{
+ # this loop will create regexp that looks like this:
+ #
+ # ^\b${SCRIPT}\b\s+\b${@}\b
+ #
+ local regex="(:?^|[[:space:]])${SCRIPT}"
+ local arg
+ for arg in "$@"
+ do
+ regex="${regex}[[:space:]]+${arg}"
+ done
+ regex="${regex}(:?$|[[:space:]])"
- local stop_cron_entry="$(echo ${stoptime} | awk -F':' '{print $2, $1}') * * ${fdow} ${SCRIPT} ${stopmode}" # ${entry}"
- _add_cron_script "${stop_cron_entry}"
+ crontab -l | awk -v cmd_col_pos=6 -v regex="${regex}" '
+ {
+ is_blank_or_comment = $0 ~ /^[[:space:]]*(:?#.*)?$/
+ is_env_var = $0 ~ /^[[:space:]]*[a-zA-Z_][a-zA-Z0-9_]*[[:space:]]*=.*$/
- if [[ $starttime != $stoptime ]]
- then
- local start_cron_entry="$(echo ${starttime} | awk -F':' '{print $2, $1}') * * ${fdow} ${SCRIPT} start" # ${entry}"
- _add_cron_script "${start_cron_entry}"
- fi
+ # find index of the cmdline cell start
+ match($0, "[[:space:]]*([^[:space:]]+[[:space:]]+){" cmd_col_pos - 1 "}")
+ # get the cmdline cell
+ cmdline = substr($0, RLENGTH + 1)
- return 0
+ if ( is_blank_or_comment || is_env_var || cmdline !~ regex )
+ print
+ }' | crontab -
}
-_is_earlier()
+_crontab_add_from_cfg_entry()
{
- local hhmm=$1
- local ret=1
- if [[ $(date +%H) -lt ${hhmm:0:2} ]]
- then
- ret=0
- fi
- if [[ $(date +%H) -eq ${hhmm:0:2} && $(date +%M) -lt ${hhmm:3:4} ]]
+ local entry="$1"
+ local starttime stoptime daysofweek forcewifidown
+ starttime=$( _uci_get_value "${PACKAGE}.${entry}.starttime" ) || return 1
+ stoptime=$( _uci_get_value "${PACKAGE}.${entry}.stoptime" ) || return 1
+ daysofweek=$( _uci_get_value "${PACKAGE}.${entry}.daysofweek") || return 1
+ forcewifidown=$(_uci_get_value "${PACKAGE}.${entry}.forcewifidown")
+
+ # parse `HH:MM` to `Xhh` and `Xmm` variables
+ local starthh stophh startmm stopmm
+ starthh=$(echo "${starttime}" | cut -c 1-2) startmm=$(echo "${starttime}" | cut -c 4-5) || true
+ stophh=$( echo "${stoptime}" | cut -c 1-2) stopmm=$( echo "${stoptime}" | cut -c 4-5) || true
+
+ local fdow
+ # shellcheck disable=SC2046,SC2086
+ fdow=$(_join_by_char "," $(printf "%.3s\n" ${daysofweek}))
+
+ if [ "${starttime}" != "${stoptime}" ]
then
- ret=0
+ _crontab_append_line "${startmm} ${starthh} * * ${fdow} ${SCRIPT} start ${entry}"
fi
- echo $ret
-}
-# returns 0 if now() is in $entry
-_check_startup_timewindow()
-{
- local entry=$1
- local starttime
- local stoptime
- local dow
- starttime=$(_get_uci_value ${PACKAGE}.${entry}.starttime) || _exit 1
- stoptime=$(_get_uci_value ${PACKAGE}.${entry}.stoptime) || _exit 1
- dow=$(_get_uci_value_raw ${PACKAGE}.${entry}.daysofweek) || _exit 1
-
- echo $dow | grep $(date +%A) > /dev/null 2>&1
- rc=$?
-
- if [[ $rc -eq 0 && $(date +%H) -ge ${starttime:0:2} && $(date +%M) -ge ${starttime:3:4} && $(_is_earlier $stoptime) -eq 0 ]]
- then
- echo 0
- else
- echo 1
+ local stopmode="stop"
+ if _uci_bool "${forcewifidown}" ; then
+ stopmode="forcestop"
fi
+
+ _crontab_append_line "${stopmm} ${stophh} * * ${fdow} ${SCRIPT} ${stopmode} ${entry}"
+
+ return 0
}
-_get_wireless_interfaces()
+_crontab_reset_from_cfg()
{
- iwinfo | grep ESSID | cut -f 1 -s -d" "
+ _crontab_rm_script_entries_by_arg
+
+ _cfg_global_is_enabled || return
+
+ local entry
+ for entry in $(_cfg_list_entries)
+ do
+ test -n "${entry}" || continue
+ _cfg_entry_is_enabled "${entry}" || continue
+ _crontab_add_from_cfg_entry "${entry}"
+ done
}
+# region: kernel module unload feature
get_module_list()
{
local mod_list
local _if
- for _if in $(_get_wireless_interfaces)
+ for _if in $(_wifi_get_interfaces)
do
- local mod=$(basename $(readlink -f /sys/class/net/${_if}/device/driver))
- local mod_dep=$(modinfo ${mod} | awk '{if ($1 ~ /depends/) print $2}')
- mod_list=$(echo -e "${mod_list}\n${mod},${mod_dep}" | sort | uniq)
+ local mod mod_dep
+ # trunk-ignore(shellcheck/SC2312)
+ mod=$(basename "$(readlink -f "/sys/class/net/${_if}/device/driver")")
+ mod_dep=$(modinfo "${mod}" | awk '$1 ~ /^depends:/ { print $2 }')
+ mod_list=$(printf "%s\n%s,%s" "${mod_list}" "${mod}" "${mod_dep}" | sort -u)
done
- echo $mod_list | tr ',' ' '
+ # trunk-ignore(shellcheck/SC2250)
+ echo "$mod_list" | tr ',' ' '
}
save_module_list_uci()
{
- local list=$(get_module_list)
- uci set ${GLOBAL}.modules="${list}"
- uci commit ${PACKAGE}
+ local list
+ list=$(get_module_list)
+ uci set "${GLOBAL}.modules=${list}"
+ uci commit "${PACKAGE}"
}
_unload_modules()
{
- local list=$(_get_uci_value ${GLOBAL}.modules)
- local retries
- retries=$(_get_uci_value ${GLOBAL}.modules_retries) || _exit 1
- _log "unload_modules ${list} (retries: ${retries})"
+ local list retries
+ list=$(_uci_get_value "${GLOBAL}.modules")
+ retries=$(_uci_get_value "${GLOBAL}.modules_retries") || return 1
+ _log "info" "unload_modules ${list} (retries: ${retries})"
local i=0
- while [[ ${i} -lt ${retries} && "${list}" != "" ]]
- do
- i=$(($i+1))
+ # trunk-ignore(shellcheck/SC2250)
+ while _arith_bool $(( i < retries )) && test -n "$list"
+ do
+ : $(( i += 1 ))
local mod
local first=0
for mod in ${list}
do
- if [ $first -eq 0 ]; then
+ if [ "${first}" -eq 0 ]; then
list=""
first=1
fi
- rmmod ${mod} > /dev/null 2>&1
- if [ $? -ne 0 ]; then
+
+ if ! rmmod "${mod}" >/dev/null 2>&1 ; then
+ # trunk-ignore(shellcheck/SC2250)
list="$list $mod"
fi
done
done
}
-
_load_modules()
{
- local list=$(_get_uci_value ${GLOBAL}.modules)
- local retries
- retries=$(_get_uci_value ${GLOBAL}.modules_retries) || _exit 1
- _log "load_modules ${list} (retries: ${retries})"
+ local list retries
+ list=$( _uci_get_value "${GLOBAL}.modules") || return 1
+ retries=$(_uci_get_value "${GLOBAL}.modules_retries") || return 1
+ _log "info" "load_modules ${list} (retries: ${retries})"
local i=0
- while [[ ${i} -lt ${retries} && "${list}" != "" ]]
- do
- i=$(($i+1))
+ # trunk-ignore(shellcheck/SC2250)
+ while _arith_bool $(( i < retries )) && test -n "$list"
+ do
+ : $(( i += 1 ))
local mod
local first=0
for mod in ${list}
do
- if [ $first -eq 0 ]; then
+ if [ "${first}" -eq 0 ]; then
list=""
first=1
fi
- modprobe ${mod} > /dev/null 2>&1
- rc=$?
- if [ $rc -ne 255 ]; then
+ modprobe "${mod}" > /dev/null 2>&1
+ rc=$?
+ if [ "${rc}" -ne 255 ]; then
+ # trunk-ignore(shellcheck/SC2250)
list="$list $mod"
fi
done
done
}
-_create_cron_entries()
-{
- local entries=$(uci show ${PACKAGE} 2> /dev/null | awk -F'.' '{print $2}' | grep -v '=' | grep -v '@global\[0\]' | uniq | sort)
- local _entry
- for entry in ${entries}
- do
- local status
- status=$(_get_uci_value ${PACKAGE}.${entry}.enabled) || _exit 1
- if [ ${status} -eq 1 ]
- then
- _enable_wifi_schedule ${entry}
- fi
- done
-}
+# endregion: kernel module unload feature
-_should_wifi_enabled()
-{
+# Prints: `phy0-ap0$'\n'phy0-ap1$'\n'`
+_wifi_get_interfaces() { iwinfo | awk '/[^[:alnum:]]ESSID[^[:alnum:]]/ { print $1 }' ;}
- local enable_wifi=0
- local entries=$(uci show ${PACKAGE} 2> /dev/null | awk -F'.' '{print $2}' | grep -v '=' | grep -v '@global\[0\]' | uniq | sort)
- local _entry
- for _entry in ${entries}
- do
- local status
- status=$(_get_uci_value ${PACKAGE}.${_entry}.enabled) || _exit 1
- if [ ${status} -eq 1 ]
- then
- enable_wifi=$(_check_startup_timewindow $_entry)
- fi
- done
- echo ${enable_wifi}
-}
+# Prints: `radio0$'\n'radio1$'\n'`
+_wifi_get_devices() { uci show "wireless" | awk -F= '$2 == "wifi-device" { n = split($1, a, "."); print a[n] }' ;}
-startup()
+_wifi_rfkill_set_all_to()
{
- _log "startup"
- local global_enabled=$(_get_uci_value ${GLOBAL}.enabled) || _exit 1
- if [ ${global_enabled} -eq 1 ]; then
- local _enable_wifi=$(_should_wifi_enabled)
- if [ ${_enable_wifi} -eq 0 ]; then
- _log "enable wifi"
- enable_wifi
- else
- _log "disable wifi"
- disable_wifi
- fi
- fi
+ local status="$1"
+ _arith_bool $(( status == 0 || status == 1 )) || return 1
+ for radio in $(_wifi_get_devices)
+ do
+ uci set "wireless.${radio}.disabled=${status}"
+ done
+ uci commit
+ /sbin/wifi
}
-check_cron_status()
-{
- local global_enabled
- global_enabled=$(_get_uci_value ${GLOBAL}.enabled) || _exit 1
- _rm_cron_script "${SCRIPT}"
- if [ ${global_enabled} -eq 1 ]; then
- _create_cron_entries
- fi
-}
+_wifi_rfkill_unblock_all() { _wifi_rfkill_set_all_to 0 ;}
+_wifi_rfkill_block_all() { _wifi_rfkill_set_all_to 1 ;}
-disable_wifi()
+wifi_disable()
{
- _rm_cron_script "${SCRIPT} recheck"
- _set_status_wifi_uci 1
- local unload_modules
- unload_modules=$(_get_uci_value_raw ${GLOBAL}.unload_modules) || _exit 1
- if [[ "${unload_modules}" == "1" ]]; then
+ _crontab_rm_script_entries_by_arg "recheck"
+ _cron_restart
+ _wifi_rfkill_block_all
+ if _cfg_global_is_unload_modules_enabled
+ then
_unload_modules
- fi
+ fi
}
-soft_disable_wifi()
+wifi_soft_disable()
{
- local _disable_wifi=0 #0: disable wifi, 1: do not disable wifi
- local iwinfo=/usr/bin/iwinfo
- if [ ! -e ${iwinfo} ]; then
- _log "${iwinfo} not available, skipping"
+ if ! command -v iwinfo >/dev/null 2>&1 ; then
+ _log "info" "iwinfo not available, skipping"
return 1
fi
- local ignore_stations=$(_get_uci_value_raw ${GLOBAL}.ignore_stations)
- [ -n "${ignore_stations}" ] && _log "Ignoring station(s) ${ignore_stations}"
+ local has_assoc=false
+ local mac_filter='([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}'
+
+ local ignore_stations ignore_stations_filter
+ ignore_stations=$(_uci_get_value_raw "${GLOBAL}.ignore_stations")
+ # shellcheck disable=SC2086
+ ignore_stations_filter=$(_join_by_char "|" ${ignore_stations})
# check if no stations are associated
local _if
- for _if in $(_get_wireless_interfaces)
+ for _if in $(_wifi_get_interfaces)
do
- local stations=$(${iwinfo} ${_if} assoclist | grep -o -E '([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}')
+ local stations ignored_stations
+ stations=$(iwinfo "${_if}" assoclist | grep -o -E "${mac_filter}")
if [ -n "${ignore_stations}" ]; then
- stations=$(echo "${stations}" | grep -vwi -E "${ignore_stations// /|}")
+ local all_stations="${stations}"
+ # shellcheck disable=SC2086
+ stations=$(printf "%s\n" ${stations} | grep -vwi -E "${ignore_stations_filter}")
+ # shellcheck disable=SC2086
+ ignored_stations="$(printf "%s\n" ${all_stations} ${stations} | sort | uniq -u)"
fi
- if [ -n "${stations}" ]; then
- _disable_wifi=1
- _log "Station(s) $(echo ${stations}) associated on ${_if}"
+ test -n "${stations}" || continue
+
+ has_assoc=true
+
+ # shellcheck disable=SC2086
+ _log "info" "Clients connected on '${_if}': $(_join_by_char ' ' ${stations})" || true
+ if test -n "${ignored_stations}"
+ then
+ # shellcheck disable=SC2086
+ _log "info" "Clients ignored on '${_if}': $(_join_by_char ' ' ${ignored_stations})" || true
fi
done
- local _wifi_enabled=$(_should_wifi_enabled)
- if [[ ${_disable_wifi} -eq 0 && ${_wifi_enabled} -eq 1 ]]; then
- _log "No stations associated, disable wifi."
- disable_wifi
- elif [[ ${_disable_wifi} -eq 0 && ${_wifi_enabled} -eq 0 ]]; then
- _log "Do not disable wifi since there is an allow timeframe, skip rechecking."
- _rm_cron_script "${SCRIPT} recheck"
+ _crontab_rm_script_entries_by_arg "recheck"
+
+ if [ "${has_assoc}" = "false" ]
+ then
+ if _cfg_can_wifi_run_now
+ then
+ _log "info" "Do not disable wifi since there is an allow timewindow, skip rechecking."
+ else
+ _log "notice" "No stations associated, disable wifi."
+ wifi_disable
+ fi
else
- _log "Could not disable wifi due to associated stations, retrying..."
- local recheck_interval=$(_get_uci_value ${GLOBAL}.recheck_interval)
- _add_cron_script "*/${recheck_interval} * * * * ${SCRIPT} recheck"
+ _log "notice" "Could not disable wifi due to associated stations, retrying..."
+ local recheck_interval
+ recheck_interval=$(_uci_get_value "${GLOBAL}.recheck_interval")
+ if test -n "${recheck_interval}" && _arith_bool $(( recheck_interval > 0 )) ; then
+ _crontab_append_line "*/${recheck_interval} * * * * /bin/nice -n 19 ${SCRIPT} recheck"
+ fi
fi
+
+ _cron_restart
}
-_set_status_wifi_uci()
+wifi_enable()
{
- local status=$1
- local radios=$(uci show wireless | grep radio | awk -F'.' '{print $2}' | grep -v '[=|@]' | sort | uniq)
- for radio in ${radios}
- do
- uci set wireless.${radio}.disabled=${status}
- done
- uci commit
+ _crontab_rm_script_entries_by_arg "recheck"
+ _cron_restart
+ if _cfg_global_is_unload_modules_enabled
+ then
+ _load_modules
+ fi
+ _wifi_rfkill_unblock_all
}
-enable_wifi()
+wifi_startup()
{
- _rm_cron_script "${SCRIPT} recheck"
- local unload_modules
- unload_modules=$(_get_uci_value_raw ${GLOBAL}.unload_modules) || _exit 1
- if [[ "${unload_modules}" == "1" ]]; then
- _load_modules
+ _cfg_global_is_enabled || return
+
+ if _cfg_can_wifi_run_now
+ then
+ _log "notice" "enable wifi"
+ wifi_enable
+ else
+ _log "notice" "disable wifi"
+ wifi_disable
fi
- _set_status_wifi_uci 0
- /sbin/wifi
}
usage()
{
- echo ""
echo "$0 cron|start|startup|stop|forcestop|recheck|getmodules|savemodules|help"
echo ""
echo " UCI Config File: /etc/config/${PACKAGE}"
echo ""
}
+# shellcheck disable=SC2317
_cleanup()
{
- lock -u ${LOCKFILE}
- rm ${LOCKFILE}
+ lock -u "${LOCKFILE}"
+ rm "${LOCKFILE}"
}
###############################################################################
# MAIN
###############################################################################
-trap _cleanup EXIT
-
-LOGGING=$(_get_uci_value ${GLOBAL}.logging) || _exit 1
-_log ${SCRIPT} $1 $2
-lock ${LOCKFILE}
-
-case "$1" in
- cron)
- check_cron_status
- startup
- ;;
- start) enable_wifi ;;
- startup) startup ;;
- forcestop) disable_wifi ;;
- stop) soft_disable_wifi ;;
- recheck) soft_disable_wifi ;;
- getmodules) get_module_list ;;
- savemodules) save_module_list_uci ;;
- help|--help|-h|*) usage ;;
-esac
-
-_exit 0
+main() {
+ trap _cleanup EXIT
+
+ LOGGING=$(_uci_get_value "${GLOBAL}.logging") || _exit 1
+ _log "info" "${SCRIPT}" "$@"
+ lock "${LOCKFILE}"
+
+ case "$1" in
+ cron)
+ _crontab_reset_from_cfg
+ _cron_restart
+ wifi_startup
+ ;;
+ start) wifi_enable ;;
+ startup) wifi_startup ;;
+ forcestop) wifi_disable ;;
+ stop) wifi_soft_disable ;;
+ recheck) wifi_soft_disable ;;
+ getmodules) get_module_list ;;
+ savemodules) save_module_list_uci ;;
+ help|--help|-h|*) usage ;;
+ esac
+
+ _exit 0
+}
+
+main "${@}"
include $(TOPDIR)/rules.mk
PKG_NAME:=wsdd2
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/Netgear/wsdd2.git
--- /dev/null
+--- a/wsdd2.c
++++ b/wsdd2.c
+@@ -543,7 +543,15 @@ static int netlink_recv(struct endpoint
+ char buf[PAGE_SIZE];
+ struct sockaddr_nl sa;
+ struct iovec iov = { buf, sizeof buf };
+- struct msghdr msg = { &sa, sizeof sa, &iov, 1, NULL, 0, 0 };
++ struct msghdr msg = {
++ .msg_name = &sa,
++ .msg_namelen = sizeof(sa),
++ .msg_iov = &iov,
++ .msg_iovlen = 1,
++ .msg_control = NULL,
++ .msg_controllen = 0,
++ .msg_flags = 0,
++ };
+ ssize_t msglen = recvmsg(ep->sock, &msg, 0);
+
+ DEBUG(2, W, "%s: %zd bytes", __func__, msglen);
include $(TOPDIR)/rules.mk
PKG_NAME:=xfrpc
-PKG_VERSION:=2.9.644
+PKG_VERSION:=3.05.661
PKG_RELEASE:=1
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://github.com/liudf0716/xfrpc.git
-PKG_SOURCE_VERSION:=$(PKG_VERSION)
-PKG_MIRROR_HASH:=0040476ce8d2a8f7dffe6162ad2cd94797071bd4ccbdcac9433f518bb60340bd
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/liudf0716/xfrpc/tar.gz/$(PKG_VERSION)?
+PKG_HASH:=202b5eb6d4ecee5444ac5a55fea462ad106ebfb88f51ca8499553db4f701f28f
+PKG_BUILD_DIR:=$(BUILD_DIR)/xfrpc-$(PKG_VERSION)
PKG_MAINTAINER:=Dengfeng Liu <liudf0716@gmail.com>
PKG_LICENSE:=GPL-3.0-or-later
-config xfrp 'init'
- option disabled 1
- option loglevel 7
-
config xfrpc 'common'
- option server_addr frps_ip_address
+ option enabled 0
+ option loglevel 7
+ option server_addr frps.wifidogx.online
option server_port 7000
-config xfrpc 'ssh01'
- option type tcp
+config tcp 'ssh01'
option local_ip 127.0.0.1
option local_port 22
option remote_port 6000
-#config xfrpc 'web01'
-# option type http
+#config http 'web01'
# option local_ip 127.0.0.1
# option local_port 8080
# option custom_domains your_domain_name
-#config xfrpc 'web02'
-# option type https
+#config https 'web02'
# option local_ip 127.0.0.1
# option local_port 8443
-# option custom_domains your_domain_name
+# option subdomain your_domain_name
+
+#config socks5 'socks01'
+# option remote_port 6001
+
+#config plugin 'plugin01'
+# option remote_port 6002
+# option plugin_name http
+# option plugin_param 'youtube-url'
+# option plugin_action 'download'
#!/bin/sh /etc/rc.common
-# Copyright (C) 2022 Dengfeng Liu <liu_df@qq.com>
+# Copyright (C) 2022 Dengfeng Liu <liudf0716@gmail.com>
#
# This is free software, licensed under the GNU General Public License v3.
# See /LICENSE for more information.
handle_xfrpc() {
- local name="$1"
+ local section="$1"
+ local config="$2"
+
+ case "$section" in
+ common)
+ uci_validate_section xfrpc xfrpc common \
+ 'server_addr:host' \
+ 'server_port:uinteger' \
+ 'token:string:'
+ ;;
+ esac
+
+ # Write the validated settings to the config file
+ echo "[${section}]" >> "$config"
+ [ -z "$server_addr" ] || echo "server_addr = $server_addr" >> "$config"
+ [ -z "$server_port" ] || echo "server_port = $server_port" >> "$config"
+ [ -z "$token" ] || echo "token = $token" >> "$config"
+}
+
+handle_tcp() {
+ local section="$1"
local config="$2"
- echo "[$name]" >> "$config"
-
- handle_type() {
- uci_validate_section xfrpc xfrpc "$name" \
- 'type:or("tcp", "http", "https")' \
- 'local_ip:ipaddr:127.0.0.1' \
- 'local_port:uinteger'
-
- echo "type = $type" >> "$config"
- echo "local_ip = $local_ip" >> "$config"
- echo "local_port = $local_port" >> "$config"
- case "$type" in
- tcp|mstsc|socks5)
- config_get remote_port "$name" remote_port
- echo "remote_port = $remote_port" >> "$config"
- ;;
- http|https)
- config_get custom_domains "$name" custom_domains
- [ -z "$custom_domains" ] || echo "custom_domains = $custom_domains" >> "$config"
- config_get subdomain "$name" subdomain
- [ -z "$subdomain" ] || echo "subdomain = $subdomain" >> "$config"
- ;;
- esac
- }
-
- if [ "$name" = "common" ]; then
- uci_validate_section xfrpc xfrp "$name" \
- 'server_addr:host' \
- 'server_port:uinteger' \
- 'token:string:'
-
- echo "server_addr = $server_addr" >> "$config"
- echo "server_port = $server_port" >> "$config"
- [ -z "$token" ] || echo "token = $token" >> "$config"
- else
- handle_type
- fi
+ uci_validate_section xfrpc tcp $section \
+ 'enabled:bool:1' \
+ 'local_ip:host' \
+ 'local_port:uinteger' \
+ 'remote_port:uinteger'
+
+ # if enabled is 0, then return
+ [ $enabled = 0 ] && return
+
+ # Write the validated settings to the config file
+ echo "[${section}]" >> "$config"
+ echo "type = tcp" >> "$config"
+ [ -z "$local_ip" ] || echo "local_ip = $local_ip" >> "$config"
+ [ -z "$local_port" ] || echo "local_port = $local_port" >> "$config"
+ [ -z "$remote_port" ] || echo "remote_port = $remote_port" >> "$config"
+}
+
+handle_http() {
+ local section="$1"
+ local config="$2"
+
+ uci_validate_section xfrpc http $section \
+ 'enabled:bool:1' \
+ 'local_ip:host' \
+ 'local_port:uinteger' \
+ 'custom_domains:string' \
+ 'subdomain:string' \
+
+ # if enabled is 0, then return
+ [ $enabled = 0 ] && return
+
+ # Write the validated settings to the config file
+ echo "[${section}]" >> "$config"
+ echo "type = http" >> "$config"
+ [ -z "$local_ip" ] || echo "local_ip = $local_ip" >> "$config"
+ [ -z "$local_port" ] || echo "local_port = $local_port" >> "$config"
+ [ -z "$custom_domains" ] || echo "custom_domains = $custom_domains" >> "$config"
+ [ -z "$subdomain" ] || echo "subdomain = $subdomain" >> "$config"
+}
+
+handle_https() {
+ local section="$1"
+ local config="$2"
+
+ uci_validate_section xfrpc https $section \
+ 'enabled:bool:1' \
+ 'local_ip:host' \
+ 'local_port:uinteger' \
+ 'custom_domains:string' \
+ 'subdomain:string'
+
+ # if enabled is 0, then return
+ [ $enabled = 0 ] && return
+
+ # Write the validated settings to the config file
+ echo "[${section}]" >> "$config"
+ echo "type = https" >> "$config"
+ [ -z "$local_ip" ] || echo "local_ip = $local_ip" >> "$config"
+ [ -z "$local_port" ] || echo "local_port = $local_port" >> "$config"
+ [ -z "$custom_domains" ] || echo "custom_domains = $custom_domains" >> "$config"
+ [ -z "$subdomain" ] || echo "subdomain = $subdomain" >> "$config"
+}
+
+handle_socks5() {
+ local section="$1"
+ local config="$2"
+
+ uci_validate_section xfrpc socks5 $section \
+ 'enabled:bool:1' \
+ 'remote_port:uinteger'
+
+ # if enabled is 0, then return
+ [ $enabled = 0 ] && return
+
+ # Write the validated settings to the config file
+ echo "[${section}]" >> "$config"
+ echo "type = socks5" >> "$config"
+ [ -z "$remote_port" ] || echo "remote_port = $remote_port" >> "$config"
}
service_triggers() {
> "$conf_file"
config_load "$NAME"
- uci_validate_section xfrpc xfrp init \
- 'disabled:bool:0' \
+ uci_validate_section xfrpc xfrpc common \
+ 'enabled:bool:0' \
'loglevel:uinteger:0'
- if [ $disabled = 1 ]; then
+ if [ $enabled = 0 ]; then
echo "xfrpc service disabled"
return
fi
config_foreach handle_xfrpc xfrpc "$conf_file"
+ config_foreach handle_tcp tcp "$conf_file"
+ config_foreach handle_http http "$conf_file"
+ config_foreach handle_https https "$conf_file"
+ config_foreach handle_socks5 socks5 "$conf_file"
procd_open_instance
procd_set_param command "$PROG" -c "$conf_file" -f -d $loglevel
include $(TOPDIR)/rules.mk
PKG_NAME:=xray-core
-PKG_VERSION:=1.8.11
+PKG_VERSION:=1.8.24
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/XTLS/Xray-core/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=d99ee6008c508abbad6bbb242d058b22efb50fb35867d15447a2b4602ab4b283
+PKG_HASH:=86e3e388c77cda4d8457a607356416c201c1f18bbed53f0a9e76a228508ff298
PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
PKG_LICENSE:=MPL-2.0
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=xtables-addons
-PKG_VERSION:=3.24
-PKG_RELEASE:=2
-PKG_HASH:=3e823f71720519ced31c4c7d2bfaf7120d9c01c59a0843dfcbe93c95c64d81c1
+PKG_VERSION:=3.26
+PKG_RELEASE:=1
+PKG_HASH:=0b52df2117bacf2e32d1d3f98d09dbf88b274390733d3955699b108acaf9f2a6
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://inai.de/files/xtables-addons/
+#endif /* CONTROLLER_H_ */
--- /dev/null
+++ b/extensions/LUA/Kbuild
-@@ -0,0 +1,49 @@
+@@ -0,0 +1,51 @@
+# -*- Makefile -*-
+
+# Adding debug options
+ prot_buf_dynamic.o \
+
+
++# Enable <stddef.h> <stdarg.h>
++EXTRA_CFLAGS += -isystem $(shell $(CC) -print-file-name=include)
+# Adding Lua Support
+EXTRA_CFLAGS += -I$(src)/lua -I$(src)/lua/include
+xt_LUA-y += lua/lapi.o \
+#include <linux/string.h>
--- /dev/null
+++ b/extensions/LUA/lua/lapi.c
-@@ -0,0 +1,1086 @@
+@@ -0,0 +1,1083 @@
+/*
+** $Id: lapi.c,v 2.55.1.5 2008/07/04 18:41:18 roberto Exp $
+** Lua API
+** See Copyright Notice in lua.h
+*/
+
-+#include <stdarg.h>
-+#include <math.h>
-+#include <assert.h>
+#include <string.h>
+
+#define lapi_c
+}
--- /dev/null
+++ b/extensions/LUA/lua/llex.h
-@@ -0,0 +1,81 @@
+@@ -0,0 +1,83 @@
+/*
+** $Id: llex.h,v 1.58.1.1 2007/12/27 13:02:25 roberto Exp $
+** Lexical Analyzer
+#include "lobject.h"
+#include "lzio.h"
+
++/* prevent conflict with definition from asm/current.h */
++#undef current
+
+#define FIRST_RESERVED 257
+
+#endif
--- /dev/null
+++ b/extensions/LUA/lua/llimits.h
-@@ -0,0 +1,125 @@
+@@ -0,0 +1,124 @@
+/*
+** $Id: llimits.h,v 1.69.1.1 2007/12/27 13:02:25 roberto Exp $
+** Limits, basic types, and some other `installation-dependent' definitions
+#define llimits_h
+
+#include <stddef.h>
-+#include <limits.h>
+
+#include "lua.h"
+
+}
--- /dev/null
+++ b/extensions/LUA/lua/ltable.c
-@@ -0,0 +1,588 @@
+@@ -0,0 +1,587 @@
+/*
+** $Id: ltable.c,v 2.32.1.2 2007/12/28 15:32:23 roberto Exp $
+** Lua tables (hash)
+** Hence even when the load factor reaches 100%, performance remains good.
+*/
+
-+#include <math.h>
+#include <string.h>
+
+#define ltable_c
+#endif
--- /dev/null
+++ b/extensions/LUA/lua/luaconf.h
-@@ -0,0 +1,797 @@
+@@ -0,0 +1,803 @@
+/*
+** $Id: luaconf.h,v 1.82.1.7 2008/02/11 16:25:08 roberto Exp $
+** Configuration file for Lua
+#if !defined(__KERNEL__)
+#include <limits.h>
+#else
++#include <linux/kernel.h>
++
++#undef UCHAR_MAX
++#undef BUFSIZ
++#undef NO_FPU
+#define UCHAR_MAX 255
-+#define SHRT_MAX 32767
+#define BUFSIZ 8192
+#define NO_FPU
+#endif
+*/
+#if defined(__KERNEL__)
+#undef LUA_USE_ULONGJMP
++#define setjmp __builtin_setjmp
++#define longjmp __builtin_longjmp
+#endif
+
+#if defined(__cplusplus)
+RANLIB = ranlib
+SED = /bin/sed
+SET_MAKE =
-+SHELL = /bin/bash
++SHELL = /bin/sh
+STRIP = strip
+VERSION = 1.21
+abs_builddir = /home/andre/Dropbox/xtables-addons/extensions/LUA
+
--- /dev/null
+++ b/extensions/LUA/prot_buf_ip.c
-@@ -0,0 +1,209 @@
+@@ -0,0 +1,210 @@
+/*
+ * Copyright (C) 2010 University of Basel <http://cn.cs.unibas.ch/>
+ * by Andre Graf <andre@dergraf.org>
+ */
+
+#if defined(__KERNEL__)
++ #include <linux/bitops.h>
+ #include <net/checksum.h>
+ #include <net/tcp.h>
+#endif
+}
--- /dev/null
+++ b/extensions/LUA/prot_buf_tcp.c
-@@ -0,0 +1,188 @@
+@@ -0,0 +1,189 @@
+/*
+ * Copyright (C) 2010 University of Basel <http://cn.cs.unibas.ch/>
+ * by Andre Graf <andre@dergraf.org>
+ */
+
+#if defined(__KERNEL__)
++ #include <linux/bitops.h>
+ #include <net/checksum.h>
+ #include <net/tcp.h>
+#endif
+}
--- /dev/null
+++ b/extensions/LUA/prot_buf_udp.c
-@@ -0,0 +1,53 @@
+@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2010 University of Basel <http://cn.cs.unibas.ch/>
+ * by Andre Graf <andre@dergraf.org>
+ */
+
+#if defined(__KERNEL__)
++ #include <linux/bitops.h>
+ #include <net/checksum.h>
+#endif
+
+#include <linux/kernel.h>
+#include <linux/slab.h>
+#include <linux/module.h>
-+#include <asm/uaccess.h>
++#include <linux/uaccess.h>
+#include <net/ip.h>
+#include <linux/netfilter/x_tables.h>
+#include "xt_LUA.h"
+ * XT_CONTINUE inside the *register_lua_packet_lib* function.
+ */
+
-+spinlock_t lock = SPIN_LOCK_UNLOCKED;
++DEFINE_SPINLOCK(lock);
+
+static uint32_t
-+lua_tg(struct sk_buff *pskb, const struct xt_target_param *par)
++lua_tg(struct sk_buff *pskb, const struct xt_action_param *par)
+{
+ uint32_t verdict;
+ lua_packet_segment *p;
+
+ L = lua_envs[info->state_id]->L;
+
-+ if (!skb_make_writable(pskb, pskb->len))
++ if (skb_ensure_writable(pskb, pskb->len))
+ return NF_DROP;
+
+ /* call the function provided by --function parameter or the default 'process_packet' defined in Lua */
+ /* push the lua_packet_segment as a parameter */
+ p = (lua_packet_segment *)lua_newuserdata(L, sizeof(lua_packet_segment));
+ if (pskb->mac_header)
-+ p->start = pskb->mac_header;
++ p->start = skb_mac_header(pskb);
+ else if (pskb->network_header)
-+ p->start = pskb->network_header;
++ p->start = skb_network_header(pskb);
+ else if (pskb->transport_header)
-+ p->start = pskb->transport_header;
++ p->start = skb_transport_header(pskb);
+ p->offset = 0;
+ p->length = (unsigned long)pskb->tail - (unsigned long)p->start;
+ p->changes = NULL;
+ * some workqueue initialization. So far this is done each time this function
+ * is called, subject to change.
+ */
-+static bool
++static int
+lua_tg_checkentry(const struct xt_tgchk_param *par)
+{
+ const struct xt_lua_tginfo *info = par->targinfo;
+
+ if (load_script_into_state(info->state_id, info->script_size, (char *)info->buf)) {
+ lua_state_refs[info->state_id]++;
-+ return true;
++ return 0;
+ }
-+ return false;
++ return -EINVAL;
+}
+
+/*::*
+++ /dev/null
---- a/extensions/LUA/Kbuild
-+++ b/extensions/LUA/Kbuild
-@@ -22,6 +22,8 @@ xt_LUA-y += nf_lua.o \
- prot_buf_dynamic.o \
-
-
-+# Enable <stddef.h> <stdarg.h>
-+EXTRA_CFLAGS += -isystem $(shell $(CC) -print-file-name=include)
- # Adding Lua Support
- EXTRA_CFLAGS += -I$(src)/lua -I$(src)/lua/include
- xt_LUA-y += lua/lapi.o \
---- a/extensions/LUA/xt_LUA_target.c
-+++ b/extensions/LUA/xt_LUA_target.c
-@@ -19,7 +19,7 @@
- #include <linux/kernel.h>
- #include <linux/slab.h>
- #include <linux/module.h>
--#include <asm/uaccess.h>
-+#include <linux/uaccess.h>
- #include <net/ip.h>
- #include <linux/netfilter/x_tables.h>
- #include "xt_LUA.h"
-@@ -64,10 +64,10 @@ uint32_t lua_state_refs[LUA_STATE_ARRAY
- * XT_CONTINUE inside the *register_lua_packet_lib* function.
- */
-
--spinlock_t lock = SPIN_LOCK_UNLOCKED;
-+DEFINE_SPINLOCK(lock);
-
- static uint32_t
--lua_tg(struct sk_buff *pskb, const struct xt_target_param *par)
-+lua_tg(struct sk_buff *pskb, const struct xt_action_param *par)
- {
- uint32_t verdict;
- lua_packet_segment *p;
-@@ -79,7 +79,7 @@ lua_tg(struct sk_buff *pskb, const struc
-
- L = lua_envs[info->state_id]->L;
-
-- if (!skb_make_writable(pskb, pskb->len))
-+ if (skb_ensure_writable(pskb, pskb->len))
- return NF_DROP;
-
- /* call the function provided by --function parameter or the default 'process_packet' defined in Lua */
-@@ -88,11 +88,11 @@ lua_tg(struct sk_buff *pskb, const struc
- /* push the lua_packet_segment as a parameter */
- p = (lua_packet_segment *)lua_newuserdata(L, sizeof(lua_packet_segment));
- if (pskb->mac_header)
-- p->start = pskb->mac_header;
-+ p->start = skb_mac_header(pskb);
- else if (pskb->network_header)
-- p->start = pskb->network_header;
-+ p->start = skb_network_header(pskb);
- else if (pskb->transport_header)
-- p->start = pskb->transport_header;
-+ p->start = skb_transport_header(pskb);
- p->offset = 0;
- p->length = (unsigned long)pskb->tail - (unsigned long)p->start;
- p->changes = NULL;
-@@ -208,16 +208,16 @@ static bool load_script_into_state(uint3
- * some workqueue initialization. So far this is done each time this function
- * is called, subject to change.
- */
--static bool
-+static int
- lua_tg_checkentry(const struct xt_tgchk_param *par)
- {
- const struct xt_lua_tginfo *info = par->targinfo;
-
- if (load_script_into_state(info->state_id, info->script_size, (char *)info->buf)) {
- lua_state_refs[info->state_id]++;
-- return true;
-+ return 0;
- }
-- return false;
-+ return -EINVAL;
- }
-
- /*::*
---- a/extensions/LUA/lua/llimits.h
-+++ b/extensions/LUA/lua/llimits.h
-@@ -8,7 +8,6 @@
- #define llimits_h
-
- #include <stddef.h>
--#include <limits.h>
-
- #include "lua.h"
-
---- a/extensions/LUA/lua/lapi.c
-+++ b/extensions/LUA/lua/lapi.c
-@@ -4,9 +4,6 @@
- ** See Copyright Notice in lua.h
- */
-
--#include <stdarg.h>
--#include <math.h>
--#include <assert.h>
- #include <string.h>
-
- #define lapi_c
---- a/extensions/LUA/lua/ltable.c
-+++ b/extensions/LUA/lua/ltable.c
-@@ -18,7 +18,6 @@
- ** Hence even when the load factor reaches 100%, performance remains good.
- */
-
--#include <math.h>
- #include <string.h>
-
- #define ltable_c
---- a/extensions/LUA/lua/luaconf.h
-+++ b/extensions/LUA/lua/luaconf.h
-@@ -13,8 +13,12 @@
- #if !defined(__KERNEL__)
- #include <limits.h>
- #else
-+#include <linux/kernel.h>
-+
-+#undef UCHAR_MAX
-+#undef BUFSIZ
-+#undef NO_FPU
- #define UCHAR_MAX 255
--#define SHRT_MAX 32767
- #define BUFSIZ 8192
- #define NO_FPU
- #endif
-@@ -637,6 +641,8 @@ union luai_Cast { double l_d; long l_l;
- */
- #if defined(__KERNEL__)
- #undef LUA_USE_ULONGJMP
-+#define setjmp __builtin_setjmp
-+#define longjmp __builtin_longjmp
- #endif
-
- #if defined(__cplusplus)
---- a/extensions/LUA/lua/llex.h
-+++ b/extensions/LUA/lua/llex.h
-@@ -10,6 +10,8 @@
- #include "lobject.h"
- #include "lzio.h"
-
-+/* prevent conflict with definition from asm/current.h */
-+#undef current
-
- #define FIRST_RESERVED 257
-
+++ /dev/null
---- a/extensions/LUA/Makefile
-+++ b/extensions/LUA/Makefile
-@@ -110,7 +110,7 @@ PKG_CONFIG = /usr/bin/pkg-config
- RANLIB = ranlib
- SED = /bin/sed
- SET_MAKE =
--SHELL = /bin/bash
-+SHELL = /bin/sh
- STRIP = strip
- VERSION = 1.21
- abs_builddir = /home/andre/Dropbox/xtables-addons/extensions/LUA
--- /dev/null
+--- a/extensions/ACCOUNT/Makefile.am
++++ b/extensions/ACCOUNT/Makefile.am
+@@ -3,7 +3,7 @@
+ AM_CPPFLAGS = ${regular_CPPFLAGS} -I${abs_top_srcdir}/extensions
+ AM_CFLAGS = ${regular_CFLAGS} ${libxtables_CFLAGS}
+
+-include ${top_srcdir}/Makefile.extra
++include ../../Makefile.extra
+
+ sbin_PROGRAMS = iptaccount
+ iptaccount_LDADD = libxt_ACCOUNT_cl.la
include $(TOPDIR)/rules.mk
PKG_NAME:=yggdrasil-jumper
-PKG_VERSION:=0.3.0
+PKG_VERSION:=0.3.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/one-d-wide/yggdrasil-jumper/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=d0fd59e9f7a110094c9189b49b812fb0014c6c45535b4d30effd7cf602961454
+PKG_HASH:=7f3e2021fe901ed866c6220d7ffdc0a0bc949ffb7c86fd3cd3783a594526d8fd
PKG_MAINTAINER:=Remy D. Farley <one-d-wide@protonmail.com>
PKG_LICENSE:=LGPL-3.0-only
endef
define Package/yggdrasil-jumper/description
- Yggdrasil Jumper is independent project that aims to transparently reduce latency of
- a connection over Yggdrasil network, utilizing NAT traversal to bypass intermediary
- nodes. It periodically probes for active sessions and automatically establishes direct
- peerings over internet with remote nodes running Yggdrasil Jumper without requiring
- firewall or port configuration.
+ Yggdrasil-Jumper is an independent project that aims to transparently reduce
+ latency of a connection over Yggdrasil network, utilizing NAT traversal to
+ bypass intermediary nodes. It periodically probes for active sessions and
+ automatically establishes direct peerings over internet with remote nodes
+ running Yggdrasil-Jumper without requiring any firewall configuration or
+ port mapping.
endef
define Package/yggdrasil-jumper/install
include $(TOPDIR)/rules.mk
PKG_NAME:=yggdrasil
-PKG_VERSION:=0.5.5
-PKG_RELEASE:=2
+PKG_VERSION:=0.5.6
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/yggdrasil-network/yggdrasil-go/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=cdbb56b19b91b828afa282554862efb2a79dd4ada26dfb5a7bf3b0c5220f6c17
+PKG_HASH:=2e5a0874d29efd97147b98818afc1a457bc1d1cf42208df12d234962cb44379e
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-go-$(PKG_VERSION)
PKG_MAINTAINER:=William Fleurant <meshnet@protonmail.com>
define Package/yggdrasil/description
Yggdrasil builds end-to-end encrypted networks with IPv6.
- Beyond the similarities with cjdns is a different routing
- algorithm. This globally-agreed spanning tree uses greedy
- routing in a metric space. Back-pressure routing techniques
- allow advanced link aggregation bonding on per-stream basis.
- In turn, a single stream will span across multiple network
- interfaces simultaneously with much greater throughput.
endef
define Package/yggdrasil/install
PKG_NAME:=zerotier
PKG_VERSION:=1.14.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/zerotier/ZeroTierOne/tar.gz/$(PKG_VERSION)?
$(INSTALL_BIN) $(PKG_BUILD_DIR)/zerotier-one $(1)/usr/bin/
$(LN) zerotier-one $(1)/usr/bin/zerotier-cli
$(LN) zerotier-one $(1)/usr/bin/zerotier-idtool
+ $(INSTALL_DIR) $(1)/etc/uci-defaults
ifeq ($(CONFIG_ZEROTIER_ENABLE_SELFTEST),y)
$(INSTALL_BIN) $(PKG_BUILD_DIR)/zerotier-selftest $(1)/usr/bin/
-config zerotier sample_config
+config zerotier 'global'
+ # Sets whether ZeroTier is enabled or not
option enabled 0
-
- # persistent configuration folder (for ZT controller mode)
+ # Sets the ZeroTier listening port (default 9993; set to 0 for random)
+ #option port '9993'
+ # Client secret (leave blank to generate a secret on first run)
+ option secret ''
+ # Path of the optional file local.conf (see documentation at
+ # https://docs.zerotier.com/config#local-configuration-options)
+ #option local_conf_path '/etc/zerotier.conf'
+ # Persistent configuration directory (to perform other configurations such
+ # as controller mode or moons, etc.)
#option config_path '/etc/zerotier'
- # copy <config_path> to RAM to prevent writing to flash (for ZT controller mode)
+ # Copy the contents of the persistent configuration directory to memory
+ # instead of linking it, this avoids writing to flash
#option copy_config_path '1'
- #option port '9993'
-
- # path to the local.conf
- #option local_conf '/etc/zerotier.conf'
+# Network configuration, you can have as many configurations as networks you
+# want to join (the network name is optional)
+config network 'mynet'
+ # Identifier of the network you wish to join
+ option id '8056c2e21c000001'
+ # Network configuration parameters (all are optional, if not indicated the
+ # default values are set, see documentation at
+ # https://docs.zerotier.com/config/#network-specific-configuration)
+ option allow_managed '1'
+ option allow_global '0'
+ option allow_default '0'
+ option allow_dns '0'
- # Generate secret on first start
- option secret ''
+# Example of a second network (unnamed as it is optional)
+#config network
+# option id '1234567890123456'
+# option allow_managed '1'
+# option allow_global '0'
+# option allow_default '0'
+# option allow_dns '0'
- # Join a public network called Earth
- list join '8056c2e21c000001'
- #list join '<other_network>'
PROG=/usr/bin/zerotier-one
CONFIG_PATH=/var/lib/zerotier-one
-section_enabled() {
- config_get_bool enabled "$1" 'enabled' 0
- [ $enabled -ne 0 ]
+join_network() {
+ local section="${1}"
+ local id allow_managed allow_global allow_default allow_dns
+
+ config_get id "${section}" 'id'
+ config_get_bool allow_managed "${section}" 'allow_managed' 1
+ config_get_bool allow_global "${section}" 'allow_global' 0
+ config_get_bool allow_default "${section}" 'allow_default' 0
+ config_get_bool allow_dns "${section}" 'allow_dns' 0
+
+ if [ -n "${id}" ]; then
+ # an (empty) config file will cause ZT to join a network
+ touch "${CONFIG_PATH}"/networks.d/"${id}".conf
+ echo "allowManaged=${allow_managed}" > "${CONFIG_PATH}"/networks.d/"${id}".local.conf
+ echo "allowGlobal=${allow_global}" >> "${CONFIG_PATH}"/networks.d/"${id}".local.conf
+ echo "allowDefault=${allow_default}" >> "${CONFIG_PATH}"/networks.d/"${id}".local.conf
+ echo "allowDNS=${allow_dns}" >> "${CONFIG_PATH}"/networks.d/"${id}".local.conf
+ fi
}
-start_instance() {
- local cfg="$1"
- local port secret config_path local_conf copy_config_path path
+start_service() {
+ config_load zerotier
+ local enabled port secret local_conf_path config_path copy_config_path
local args=""
- if ! section_enabled "$cfg"; then
+ config_get_bool enabled 'global' 'enabled' 0
+ config_get port 'global' 'port'
+ config_get secret 'global' 'secret'
+ config_get local_conf_path 'global' 'local_conf_path'
+ config_get config_path 'global' 'config_path'
+ config_get_bool copy_config_path 'global' 'copy_config_path' 0
+
+ if [ ${enabled} -eq 0 ]; then
echo "disabled in /etc/config/zerotier"
- return 1
fi
- config_get config_path $cfg 'config_path'
- config_get port $cfg 'port'
- config_get secret $cfg 'secret'
- config_get local_conf $cfg 'local_conf'
- config_get_bool copy_config_path $cfg 'copy_config_path' 0
-
- path=${CONFIG_PATH}_$cfg
-
# Remove existing link or folder
- rm -rf $path
+ rm -rf "${CONFIG_PATH}"
- # Create link or copy files from CONFIG_PATH to config_path
- if [ -n "$config_path" -a "$config_path" != "$path" ]; then
- if [ ! -d "$config_path" ]; then
- echo "ZeroTier config_path does not exist: $config_path" 1>&2
+ # Create link or copy files from config_path to CONFIG_PATH
+ if [ -n "${config_path}" ]; then
+ if [ ! -d "${config_path}" ]; then
+ echo "ZeroTier config_path does not exist: ${config_path}" 1>&2
return
fi
- # ensure that the target exists
- mkdir -p $(dirname $path)
-
- if [ "$copy_config_path" = "1" ]; then
- cp -r $config_path $path
+ if [ ${copy_config_path} -eq 1 ]; then
+ cp -r "${config_path}" "${CONFIG_PATH}"
else
- ln -s $config_path $path
+ ln -s "${config_path}" "${CONFIG_PATH}"
fi
fi
- mkdir -p $path/networks.d
-
- # link latest default config path to latest config path
- rm -f $CONFIG_PATH
- ln -s $path $CONFIG_PATH
+ mkdir -p "${CONFIG_PATH}"/networks.d
+ config_foreach join_network network
- if [ -n "$port" ]; then
- args="$args -p${port}"
+ if [ -f "${local_conf_path}" ]; then
+ ln -s "${local_conf_path}" "${CONFIG_PATH}"/local.conf
fi
- if [ -z "$secret" ]; then
- echo "Generate secret - please wait..."
- local sf="/tmp/zt.$cfg.secret"
-
- zerotier-idtool generate "$sf" > /dev/null
- [ $? -ne 0 ] && return 1
-
- secret="$(cat $sf)"
- rm "$sf"
+ if [ -n "${port}" ]; then
+ args="${args} -p${port}"
+ fi
- uci set zerotier.$cfg.secret="$secret"
+ if [ -z "${secret}" ]; then
+ echo -n "Generating secret - please wait... "
+ secret="$(zerotier-idtool generate)"
+ [ ${?} -ne 0 ] && return 1
+ uci set zerotier.global.secret="${secret}"
uci commit zerotier
+ echo "done."
fi
- if [ -n "$secret" ]; then
- echo "$secret" > $path/identity.secret
+ if [ -n "${secret}" ]; then
+ echo "${secret}" > "${CONFIG_PATH}"/identity.secret
# make sure there is not previous identity.public
- rm -f $path/identity.public
+ rm -f "${CONFIG_PATH}"/identity.public
fi
- if [ -f "$local_conf" ]; then
- ln -s "$local_conf" $path/local.conf
- fi
-
- add_join() {
- # an (empty) config file will cause ZT to join a network
- touch $path/networks.d/$1.conf
- }
-
- config_list_foreach $cfg 'join' add_join
-
procd_open_instance
- procd_set_param command $PROG $args $path
+ procd_set_param command ${PROG} ${args}
procd_set_param stderr 1
procd_set_param respawn
procd_close_instance
}
-start_service() {
- config_load 'zerotier'
- config_foreach start_instance 'zerotier'
-}
-
-stop_instance() {
- local cfg="$1"
-
- # Remove existing link or folder
- rm -rf ${CONFIG_PATH}_${cfg}
-}
-
stop_service() {
- config_load 'zerotier'
- config_foreach stop_instance 'zerotier'
- rm -f ${CONFIG_PATH}
+ rm -rf "${CONFIG_PATH}"
}
reload_service() {
--- /dev/null
+# Convert the join list into networks
+nets=$(uci -q get zerotier.@zerotier[0].join)
+
+if [ -n "$nets" ]; then
+ for net in ${nets}; do
+ sid=$(uci add zerotier network)
+ uci set zerotier.${sid}.id=${net}
+ done
+ uci delete zerotier.@zerotier[0].join
+
+ # Rename local conf (only if defined)
+ uci -q rename zerotier.@zerotier[0].local_conf='local_conf_path' || true
+
+ # Rename configuration to global
+ uci rename zerotier.@zerotier[0]='global'
+
+ # Commit all changes
+ uci commit zerotier
+fi
include $(TOPDIR)/rules.mk
PKG_NAME:=znc
-PKG_VERSION:=1.9.0
+PKG_VERSION:=1.9.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://znc.in/releases \
https://znc.in/releases/archive
-PKG_HASH:=8b99c9dbb21c1309705073460be9bfacb6f7b0e83a15fe5d4b7140201b39d2a1
+PKG_HASH:=e8a7cf80e19aad510b4e282eaf61b56bc30df88ea2e0f64fadcdd303c4894f3c
PKG_MAINTAINER:=Jonas Gorski <jonas.gorski@gmail.com>
PKG_LICENSE:=Apache-2.0
PKG_NAME:=mpd
PKG_VERSION:=0.23.15
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://www.musicpd.org/download/mpd/0.23
--- /dev/null
+From 1402869715e3efca87942d79c3173a6b21a6925d Mon Sep 17 00:00:00 2001
+From: Rudi Heitbaum <rudi@heitbaum.com>
+Date: Fri, 5 Jul 2024 14:27:45 +0000
+Subject: [PATCH 1/1] lib/fmt: support build with libfmt-11.0.0
+
+Upstream libfmt commit fmtlib/fmt@d707292
+now requires the format function to be const.
+
+Adjust the function prototype so it is const and can compile.
+
+Signed-off-by: Rudi Heitbaum <rudi@heitbaum.com>
+Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
+---
+ src/lib/ffmpeg/LibFmt.hxx | 2 +-
+ src/lib/fmt/AudioFormatFormatter.hxx | 4 ++--
+ src/lib/fmt/ExceptionFormatter.hxx | 2 +-
+ src/lib/fmt/PathFormatter.hxx | 2 +-
+ 4 files changed, 5 insertions(+), 5 deletions(-)
+
+--- a/src/lib/ffmpeg/LibFmt.hxx
++++ b/src/lib/ffmpeg/LibFmt.hxx
+@@ -29,7 +29,7 @@ template<>
+ struct fmt::formatter<AVSampleFormat> : formatter<string_view>
+ {
+ template<typename FormatContext>
+- auto format(const AVSampleFormat format, FormatContext &ctx) {
++ auto format(const AVSampleFormat format, FormatContext &ctx) const {
+ const char *name = av_get_sample_fmt_name(format);
+ if (name == nullptr)
+ name = "?";
+--- a/src/lib/fmt/AudioFormatFormatter.hxx
++++ b/src/lib/fmt/AudioFormatFormatter.hxx
+@@ -39,7 +39,7 @@ template<>
+ struct fmt::formatter<SampleFormat> : formatter<string_view>
+ {
+ template<typename FormatContext>
+- auto format(const SampleFormat format, FormatContext &ctx) {
++ auto format(const SampleFormat format, FormatContext &ctx) const {
+ return formatter<string_view>::format(sample_format_to_string(format),
+ ctx);
+ }
+@@ -49,7 +49,7 @@ template<>
+ struct fmt::formatter<AudioFormat> : formatter<string_view>
+ {
+ template<typename FormatContext>
+- auto format(const AudioFormat &af, FormatContext &ctx) {
++ auto format(const AudioFormat &af, FormatContext &ctx) const {
+ return formatter<string_view>::format(ToString(af).c_str(),
+ ctx);
+ }
+--- a/src/lib/fmt/ExceptionFormatter.hxx
++++ b/src/lib/fmt/ExceptionFormatter.hxx
+@@ -38,7 +38,7 @@ template<>
+ struct fmt::formatter<std::exception_ptr> : formatter<string_view>
+ {
+ template<typename FormatContext>
+- auto format(std::exception_ptr e, FormatContext &ctx) {
++ auto format(std::exception_ptr e, FormatContext &ctx) const {
+ return formatter<string_view>::format(GetFullMessage(e), ctx);
+ }
+ };
+--- a/src/lib/fmt/PathFormatter.hxx
++++ b/src/lib/fmt/PathFormatter.hxx
+@@ -29,7 +29,7 @@ template<>
+ struct fmt::formatter<Path> : formatter<string_view>
+ {
+ template<typename FormatContext>
+- auto format(Path path, FormatContext &ctx) {
++ auto format(Path path, FormatContext &ctx) const {
+ return formatter<string_view>::format(path.ToUTF8(), ctx);
+ }
+ };
option port '' # 5000
option udp_port_base '' # 6001
option udp_port_range '' # 100
- option statistics '' # no/yes
+ option statistics '' # no/yes - DEPRECATED: This option will be removed in a future release. Use 'diagnostics_statistics' instead
option drift '' # 88
option resync_threshold '' # 2205
- option log_verbosity '' # 0/1/2/3
+ option log_verbosity '' # 0/1/2/3 - DEPRECATED: This option will be removed in a future release. Use 'diagnostics_log_verbosity' instead
option ignore_volume_control '' # no/yes
option volume_range_db '' # 30 to 150
option regtype '' # _raop._tcp
# AO
option ao_latency_offset '' # 0
option ao_buffer_length '' # 44100
+ # Diagnostics
+ option diagnostics_statistics '' # no/yes
+ option diagnostics_log_output_to '' # syslog/stderr/stdout
+ option diagnostics_log_verbosity '' # 0/1/2/3
append_num "$cfg" port "port"
append_num "$cfg" udp_port_base "udp_port_base"
append_num "$cfg" udp_port_range "udp_port_range"
- append_str "$cfg" statistics "statistics"
append_num "$cfg" drift "drift"
append_num "$cfg" resync_threshold "resync_threshold"
- append_num "$cfg" log_verbosity "log_verbosity"
append_str "$cfg" ignore_volume_control "ignore_volume_control"
append_num "$cfg" volume_range_db "volume_range_db"
append_str "$cfg" regtype "regtype"
append_num "$cfg" ao_latency_offset "audio_backend_latency_offset"
append_num "$cfg" ao_buffer_length "audio_backend_buffer_desired_length"
printf "};\n\n"
+
+ # Diagnostics
+ config_get log_verbosity "$cfg" log_verbosity
+ config_get statistics "$cfg" statistics
+
+ printf "diagnostics =\n"
+ printf "{\n"
+ append_str "$cfg" diagnostics_statistics "statistics" "${statistics}"
+ append_str "$cfg" diagnostics_log_output_to "log_output_to"
+ append_num "$cfg" diagnostics_log_verbosity "log_verbosity" "${log_verbosity}"
+ printf "};\n\n"
} > "$conf_file"
procd_open_instance
PKG_NAME:=squeezelite
PKG_VERSION:=1.9.9-1432
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/ralph-irving/squeezelite
local dop
config_get dop options dsd_over_pcm 0
[ "$dop" -eq 1 ] && cmdline="$cmdline -D"
+
+ local unmute
+ config_get unmute options unmute ""
+ [ -n "$unmute" ] && cmdline="$cmdline -U $unmute"
}
start_service() {
include $(TOPDIR)/rules.mk
PKG_NAME:=upmpdcli
-PKG_VERSION:=1.8.6
+PKG_VERSION:=1.8.11
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.lesbonscomptes.com/upmpdcli/downloads
-PKG_HASH:=55e3d27bea5bef4560f319137f1a5c7d08abbba5a9aae90ee3240903fdb8c3e4
+PKG_HASH:=d715120b869382ea701f07baa604c77b7895537e0655e1ed4dfa68d986d6a59f
PKG_MAINTAINER:=
PKG_LICENSE:=LGPL-2.1-or-later
PKG_LICENSE_FILES:=COPYING
-PKG_INSTALL:=1
-PKG_BUILD_PARALLEL:=1
-
include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/meson.mk
define Package/upmpdcli
SECTION:=sound
PKG_NAME:=acl
PKG_VERSION:=2.3.2
-PKG_RELEASE:=1
+PKG_RELEASE:=2
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://git.savannah.nongnu.org/cgit/acl.git/snapshot
-PKG_HASH:=0fc318808c1e91925398cbe41399a33b74dcf788a1c0af4feae8f7a322c6e6fd
-PKG_MAINTAINER:=Maxim Storchak <m.storchak@gmail.com>
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_SOURCE_URL:=@SAVANNAH/acl
+PKG_HASH:=97203a72cae99ab89a067fe2210c1cbf052bc492b479eca7d226d9830883b0bd
+PKG_MAINTAINER:=Maxim Storchak <m.storchak@gmail.com>
PKG_LICENSE:=LGPL-2.1 GPL-2.0
PKG_LICENSE_FILES:=doc/COPYING doc/COPYING.LGPL
PKG_CPE_ID:=cpe:/a:acl_project:acl
PKG_INSTALL:=1
-PKG_FIXUP:=autoreconf
+PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
+++ /dev/null
---- a/configure.ac
-+++ b/configure.ac
-@@ -34,12 +34,6 @@ AC_SYS_LARGEFILE
- AM_PROG_AR
- LT_INIT
-
--dnl Minimal version supporting AM_GNU_GETTEXT_REQUIRE_VERSION.
--AM_GNU_GETTEXT_VERSION([0.19.6])
--dnl Require at least the following version, but use the latest available one.
--AM_GNU_GETTEXT_REQUIRE_VERSION([0.19.8])
--AM_GNU_GETTEXT([external])
--
- AC_ARG_ENABLE([debug],
- [AS_HELP_STRING([--enable-debug], [Enable extra debugging])])
- AS_IF([test "x$enable_debug" = "xyes"],
-@@ -69,6 +63,5 @@ AC_CONFIG_COMMANDS([include/sys],
- AC_CONFIG_FILES([
- libacl.pc
- Makefile
-- po/Makefile.in
- ])
- AC_OUTPUT
+++ /dev/null
---- a/autogen.sh
-+++ b/autogen.sh
-@@ -1,6 +1,4 @@
- #!/bin/sh -ex
--po/update-potfiles
--autopoint --force
- am_libdir=$(automake --print-libdir)
- cp "${am_libdir}/INSTALL" doc/
- exec autoreconf -f -i
+++ /dev/null
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -3,8 +3,6 @@ ACLOCAL_AMFLAGS = -I m4
- EXTRA_DIST = \
- exports
-
--SUBDIRS = po
--
- AM_CPPFLAGS = \
- -I$(top_builddir)/include \
- -I$(top_srcdir)/include \
include $(TOPDIR)/rules.mk
PKG_NAME:=at
-PKG_VERSION:=3.2.2
+PKG_VERSION:=3.2.5
PKG_RELEASE:=1
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_SOURCE_URL:=https://salsa.debian.org/debian/at.git
-PKG_SOURCE_VERSION:=release/3.2.2
-PKG_MIRROR_HASH=93f7f99c4242dbc5218907981e32f74ddb5e09c5b7922617c8d84c16920f488d
+PKG_SOURCE:=at_$(PKG_VERSION).orig.tar.gz
+PKG_SOURCE_URL:=http://software.calhariz.com/at
+PKG_HASH:=bb066b389d7c9bb9d84a35738032b85c30cba7d949f758192adc72c9477fd3b8
PKG_MAINTAINER:=Phil Eichinger <phil@zankapfel.net>
PKG_LICENSE:=GPL-2.0-or-later GPL-3.0-or-later ISC
CATEGORY:=Utilities
DEPENDS:=+libelf
TITLE:=Delayed job execution and batch processing
- URL:=http://packages.debian.org/stable/at
+ URL:=https://salsa.debian.org/debian/at
endef
define Package/at/description
+++ /dev/null
-From 7f811d9c4ebc9444e613e251c31d6bf537a24dc1 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Mon, 13 Apr 2015 16:35:30 -0700
-Subject: [PATCH] remove glibc assumption
-
-glibc time.h header has an undocumented __isleap macro
-that we are using anf musl is missing it.
-Since it is undocumented & does not appear
-on any other libc, stop using it and just define the macro in
-locally instead.
-
-Upstream-Status: Pending
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-[patch from: http://patchwork.openembedded.org/patch/91893/ ]
-Signed-off-by: Phil Eichinger <phil@zankapfel.net>
----
- parsetime.y | 11 +++++++----
- 1 file changed, 7 insertions(+), 4 deletions(-)
-
---- a/parsetime.y
-+++ b/parsetime.y
-@@ -14,6 +14,9 @@
- ((y) % 4 == 0 && ((y) % 100 != 0 || (y) % 400 == 0))
- #endif
-
-+#define is_leap_year(y) \
-+ ((y) % 4 == 0 && ((y) % 100 != 0 || (y) % 400 == 0))
-+
- struct tm exectm;
- static int isgmt;
- static char *tz = NULL;
-@@ -230,8 +233,8 @@ date : month_name day_number
- mnum == 12) && dnum > 31)
- || ((mnum == 4 || mnum == 6 || mnum == 9 ||
- mnum == 11) && dnum > 30)
-- || (mnum == 2 && dnum > 29 && __isleap(ynum+1900))
-- || (mnum == 2 && dnum > 28 && !__isleap(ynum+1900))
-+ || (mnum == 2 && dnum > 29 && is_leap_year(ynum+1900))
-+ || (mnum == 2 && dnum > 28 && !is_leap_year(ynum+1900))
- )
- {
- yyerror("Error in day of month");
-@@ -274,8 +277,8 @@ date : month_name day_number
- mnum == 12) && dnum > 31)
- || ((mnum == 4 || mnum == 6 || mnum == 9 ||
- mnum == 11) && dnum > 30)
-- || (mnum == 2 && dnum > 29 && __isleap(ynum+1900))
-- || (mnum == 2 && dnum > 28 && !__isleap(ynum+1900))
-+ || (mnum == 2 && dnum > 29 && is_leap_year(ynum+1900))
-+ || (mnum == 2 && dnum > 28 && !is_leap_year(ynum+1900))
- )
- {
- yyerror("Error in day of month");
+++ /dev/null
---- a/getloadavg.c
-+++ b/getloadavg.c
-@@ -69,8 +69,9 @@ Boston, MA 02110-1301 USA */
- #include <config.h>
- #endif
-
--#include "lisp.h"
--#include "sysfile.h" /* for encapsulated open, close, read, write */
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <fcntl.h>
-
- #ifndef HAVE_GETLOADAVG
-
PKG_NAME:=attr
PKG_VERSION:=2.5.2
-PKG_RELEASE:=2
+PKG_RELEASE:=3
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://git.savannah.nongnu.org/cgit/attr.git/snapshot
-PKG_HASH:=b266cf45e2256b4d85a86554b42c0218abce40356f5c3026f88e15dcf73df775
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_SOURCE_URL:=@SAVANNAH/attr
+PKG_HASH:=f2e97b0ab7ce293681ab701915766190d607a1dba7fae8a718138150b700a70b
PKG_MAINTAINER:=Maxim Storchak <m.storchak@gmail.com>
PKG_CPE_ID:=cpe:/a:attr_project:attr
-PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
+++ /dev/null
---- a/configure.ac
-+++ b/configure.ac
-@@ -37,9 +37,6 @@ AC_SYS_LARGEFILE
- AM_PROG_AR
- LT_INIT
-
--AM_GNU_GETTEXT_VERSION([0.18.2])
--AM_GNU_GETTEXT([external])
--
- AC_ARG_ENABLE([debug],
- [AS_HELP_STRING([--enable-debug], [Enable extra debugging])])
- AS_IF([test "x$enable_debug" = "xyes"],
-@@ -65,6 +62,5 @@ AC_CONFIG_COMMANDS([include/attr],
- AC_CONFIG_FILES([
- libattr.pc
- Makefile
-- po/Makefile.in
- ])
- AC_OUTPUT
+++ /dev/null
---- a/autogen.sh
-+++ b/autogen.sh
-@@ -1,6 +1,4 @@
- #!/bin/sh -ex
--po/update-potfiles
--autopoint --force
- am_libdir=$(automake --print-libdir)
- cp "${am_libdir}/INSTALL" doc/
- exec autoreconf -f -i
+++ /dev/null
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -3,8 +3,6 @@ ACLOCAL_AMFLAGS = -I m4
- EXTRA_DIST = \
- exports
-
--SUBDIRS = po
--
- AM_CPPFLAGS = \
- -I$(top_builddir)/include \
- -I$(top_srcdir)/include \
+++ /dev/null
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=auc
-PKG_VERSION:=0.3.2
-PKG_RELEASE:=1
-PKG_LICENSE:=GPL-3.0
-
-include $(INCLUDE_DIR)/package.mk
-include $(INCLUDE_DIR)/cmake.mk
-
-define Package/auc
- SECTION:=base
- CATEGORY:=Base system
- TITLE:=Attended sysUpgrade CLI (EXPERIMENTAL)
- DEPENDS:=+attendedsysupgrade-common +libblobmsg-json +libubox +libubus \
- +libuci +libuclient +rpcd-mod-rpcsys
-endef
-
-define Package/auc/description
- CLI client for attended-sysupgrade
-endef
-
-EXTRA_CFLAGS += \
- -D'AUC_VERSION=\"$(PKG_VERSION)-$(PKG_RELEASE)\"' \
- $(if $(CONFIG_DEBUG),-DAUC_DEBUG=ON)
-
-define Package/auc/install
- $(INSTALL_DIR) $(1)/usr/sbin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/auc $(1)/usr/sbin/
-endef
-
-$(eval $(call BuildPackage,auc))
+++ /dev/null
-cmake_minimum_required(VERSION 2.6...3.12)
-
-PROJECT(auc C)
-ADD_DEFINITIONS(-Os -ggdb -Wall --std=gnu99 -Wmissing-declarations)
-
-SET(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
-
-find_library(json NAMES json-c json)
-
-ADD_EXECUTABLE(auc auc.c)
-TARGET_LINK_LIBRARIES(auc uci ubox ubus uclient blobmsg_json ${json} ${CMAKE_DL_LIBS})
-INSTALL(TARGETS auc RUNTIME DESTINATION sbin)
+++ /dev/null
-/*
- * auc - attendedsysUpgrade CLI
- * Copyright (C) 2017-2021 Daniel Golle <daniel@makrotopia.org>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 3
- * as published by the Free Software Foundation
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- */
-
-#define _GNU_SOURCE
-#ifndef AUC_VERSION
-#define AUC_VERSION "unknown"
-#endif
-
-#include <ctype.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <dlfcn.h>
-#include <glob.h>
-#include <stdio.h>
-#include <time.h>
-#include <sys/stat.h>
-#include <sys/wait.h>
-#include <unistd.h>
-#include <stdbool.h>
-
-#include <uci.h>
-#include <uci_blob.h>
-#include <json-c/json.h>
-#include <libubox/ulog.h>
-#include <libubox/list.h>
-#include <libubox/vlist.h>
-#include <libubox/blobmsg_json.h>
-#include <libubox/avl-cmp.h>
-#include <libubox/uclient.h>
-#include <libubox/uclient-utils.h>
-#include <libubus.h>
-
-#define REQ_TIMEOUT 15
-
-#define API_BRANCHES "branches"
-#define API_INDEX "index"
-#define API_JSON "json"
-#define API_JSON_VERSION "v1"
-#define API_JSON_EXT "." API_JSON
-#define API_PACKAGES "packages"
-#define API_REQUEST "api/v1/build"
-#define API_STATUS_QUEUED "queued"
-#define API_STATUS_STARTED "started"
-#define API_STORE "store"
-#define API_TARGETS "targets"
-
-#define PUBKEY_PATH "/etc/opkg/keys"
-#define SHA256SUM "/bin/busybox sha256sum"
-
-#ifdef AUC_DEBUG
-#define DPRINTF(...) if (debug) fprintf(stderr, __VA_ARGS__)
-#else
-#define DPRINTF(...)
-#endif
-
-static const char server_issues[]="https://github.com/openwrt/asu/issues";
-
-static struct ubus_context *ctx;
-static struct uclient *ucl = NULL;
-static char user_agent[80];
-static char *serverurl;
-static int upgrade_packages;
-static struct ustream_ssl_ctx *ssl_ctx;
-static const struct ustream_ssl_ops *ssl_ops;
-static off_t out_bytes;
-static off_t out_len;
-static off_t out_offset;
-static bool cur_resume;
-static int output_fd = -1;
-static bool retry = false;
-static char *board_name = NULL;
-static char *target = NULL;
-static char *distribution = NULL, *version = NULL, *revision = NULL;
-static char *rootfs_type = NULL;
-static int uptodate;
-static char *filename = NULL;
-static void *dlh = NULL;
-static int rc;
-static bool dont_ask = false;
-
-static int avl_verrevcmp(const void *k1, const void *k2, void *ptr);
-
-struct branch {
- struct avl_node avl;
- char *name;
- char *git_branch;
- char *path_packages;
- char *arch_packages;
- char **repos;
- struct avl_tree versions;
- struct list_head package_changes;
- bool snapshot;
- unsigned int branch_off_rev;
-};
-static struct avl_tree branches = AVL_TREE_INIT(branches, avl_verrevcmp, false, NULL);
-
-struct branch_version {
- struct avl_node avl;
- struct branch *branch;
- char *path;
- char *version;
- char *version_code;
- char *version_number;
- bool snapshot;
-};
-
-struct package_changes {
- struct list_head list;
- unsigned int revision;
- char *source;
- char *target;
- bool mandatory;
-};
-static LIST_HEAD(selected_package_changes);
-
-struct avl_pkg {
- struct avl_node avl;
- char *name;
- char *version;
-};
-static struct avl_tree pkg_tree = AVL_TREE_INIT(pkg_tree, avl_strcmp, false, NULL);
-
-#ifdef AUC_DEBUG
-static int debug = 0;
-#endif
-
-/*
- * policy for ubus call system board
- * see procd/system.c
- */
-enum {
- BOARD_BOARD_NAME,
- BOARD_RELEASE,
- BOARD_ROOTFS_TYPE,
- __BOARD_MAX,
-};
-
-static const struct blobmsg_policy board_policy[__BOARD_MAX] = {
- [BOARD_BOARD_NAME] = { .name = "board_name", .type = BLOBMSG_TYPE_STRING },
- [BOARD_RELEASE] = { .name = "release", .type = BLOBMSG_TYPE_TABLE },
- [BOARD_ROOTFS_TYPE] = { .name = "rootfs_type", .type = BLOBMSG_TYPE_STRING },
-};
-
-/*
- * policy for release information in system board reply
- * see procd/system.c
- */
-enum {
- RELEASE_DISTRIBUTION,
- RELEASE_REVISION,
- RELEASE_TARGET,
- RELEASE_VERSION,
- __RELEASE_MAX,
-};
-
-static const struct blobmsg_policy release_policy[__RELEASE_MAX] = {
- [RELEASE_DISTRIBUTION] = { .name = "distribution", .type = BLOBMSG_TYPE_STRING },
- [RELEASE_REVISION] = { .name = "revision", .type = BLOBMSG_TYPE_STRING },
- [RELEASE_TARGET] = { .name = "target", .type = BLOBMSG_TYPE_STRING },
- [RELEASE_VERSION] = { .name = "version", .type = BLOBMSG_TYPE_STRING },
-};
-
-/*
- * policy for package list returned from rpc-sys or from server
- * see rpcd/sys.c and ASU sources
- */
-enum {
- PACKAGES_ARCHITECTURE,
- PACKAGES_PACKAGES,
- __PACKAGES_MAX,
-};
-
-static const struct blobmsg_policy packages_policy[__PACKAGES_MAX] = {
- [PACKAGES_ARCHITECTURE] = { .name = "architecture", .type = BLOBMSG_TYPE_STRING },
- [PACKAGES_PACKAGES] = { .name = "packages", .type = BLOBMSG_TYPE_TABLE },
-};
-
-/*
- * policy for upgrade_test
- * see rpcd/sys.c
- */
-enum {
- UPGTEST_CODE,
- UPGTEST_STDERR,
- __UPGTEST_MAX,
-};
-
-static const struct blobmsg_policy upgtest_policy[__UPGTEST_MAX] = {
- [UPGTEST_CODE] = { .name = "code", .type = BLOBMSG_TYPE_INT32 },
- [UPGTEST_STDERR] = { .name = "stderr", .type = BLOBMSG_TYPE_STRING },
-};
-
-/*
- * policy for branches.json
- */
-enum {
- BRANCH_ENABLED,
- BRANCH_GIT_BRANCH,
- BRANCH_BRANCH_OFF_REV,
- BRANCH_NAME,
- BRANCH_PATH,
- BRANCH_PATH_PACKAGES,
- BRANCH_SNAPSHOT,
- BRANCH_REPOS,
- BRANCH_TARGETS,
- BRANCH_UPDATES,
- BRANCH_VERSIONS,
- BRANCH_PACKAGE_CHANGES,
- __BRANCH_MAX,
-};
-
-static const struct blobmsg_policy branches_policy[__BRANCH_MAX] = {
- [BRANCH_ENABLED] = { .name = "enabled", .type = BLOBMSG_TYPE_BOOL },
- [BRANCH_GIT_BRANCH] = { .name = "git_branch", .type = BLOBMSG_TYPE_STRING },
- [BRANCH_BRANCH_OFF_REV] = { .name = "branch_off_rev", .type = BLOBMSG_TYPE_INT32 },
- [BRANCH_NAME] = { .name = "name", .type = BLOBMSG_TYPE_STRING },
- [BRANCH_PATH] = { .name = "path", .type = BLOBMSG_TYPE_STRING },
- [BRANCH_PATH_PACKAGES] = { .name = "path_packages", .type = BLOBMSG_TYPE_STRING },
- [BRANCH_SNAPSHOT] = { .name = "snapshot", .type = BLOBMSG_TYPE_BOOL },
- [BRANCH_REPOS] = { .name = "repos", .type = BLOBMSG_TYPE_ARRAY },
- [BRANCH_TARGETS] = { .name = "targets", .type = BLOBMSG_TYPE_TABLE },
- [BRANCH_UPDATES] = { .name = "updates", .type = BLOBMSG_TYPE_STRING },
- [BRANCH_VERSIONS] = { .name = "versions", .type = BLOBMSG_TYPE_ARRAY },
- [BRANCH_PACKAGE_CHANGES] = { .name = "package_changes", .type = BLOBMSG_TYPE_ARRAY },
-};
-
-enum {
- PACKAGE_CHANGES_SOURCE,
- PACKAGE_CHANGES_TARGET,
- PACKAGE_CHANGES_REVISION,
- PACKAGE_CHANGES_MANDATORY,
- __PACKAGE_CHANGES_MAX,
-};
-
-static const struct blobmsg_policy package_changes_policy[__PACKAGE_CHANGES_MAX] = {
- [PACKAGE_CHANGES_SOURCE] = { .name = "source", .type = BLOBMSG_TYPE_STRING },
- [PACKAGE_CHANGES_TARGET] = { .name = "target", .type = BLOBMSG_TYPE_STRING },
- [PACKAGE_CHANGES_REVISION] = { .name = "revision", .type = BLOBMSG_TYPE_INT32 },
- [PACKAGE_CHANGES_MANDATORY] = { .name = "mandatory", .type = BLOBMSG_TYPE_BOOL },
-};
-
-/*
- * shared policy for target.json and server image request reply
- */
-enum {
- TARGET_ARCH_PACKAGES,
- TARGET_BINDIR,
- TARGET_DEVICE_PACKAGES,
- TARGET_ENQUEUED_AT,
- TARGET_IMAGES,
- TARGET_DETAIL,
- TARGET_MANIFEST,
- TARGET_METADATA_VERSION,
- TARGET_REQUEST_HASH,
- TARGET_QUEUE_POSITION,
- TARGET_STATUS,
- TARGET_STDERR,
- TARGET_STDOUT,
- TARGET_TARGET,
- TARGET_TITLES,
- TARGET_VERSION_CODE,
- TARGET_VERSION_NUMBER,
- __TARGET_MAX,
-};
-
-static const struct blobmsg_policy target_policy[__TARGET_MAX] = {
- [TARGET_ARCH_PACKAGES] = { .name = "arch_packages", .type = BLOBMSG_TYPE_STRING },
- [TARGET_BINDIR] = { .name = "bin_dir", .type = BLOBMSG_TYPE_STRING },
- [TARGET_DEVICE_PACKAGES] = { .name = "device_packages", .type = BLOBMSG_TYPE_ARRAY },
- [TARGET_ENQUEUED_AT] = { .name = "enqueued_at", .type = BLOBMSG_TYPE_STRING },
- [TARGET_IMAGES] = { .name = "images", .type = BLOBMSG_TYPE_ARRAY },
- [TARGET_MANIFEST] = { .name = "manifest", .type = BLOBMSG_TYPE_TABLE },
- [TARGET_DETAIL] = { .name = "detail", .type = BLOBMSG_TYPE_STRING },
- [TARGET_METADATA_VERSION] = { .name = "metadata_version", .type = BLOBMSG_TYPE_INT32 },
- [TARGET_REQUEST_HASH] = { .name = "request_hash", .type = BLOBMSG_TYPE_STRING },
- [TARGET_QUEUE_POSITION] = { .name = "queue_position", .type = BLOBMSG_TYPE_INT32 },
- [TARGET_STATUS] = { .name = "status", .type = BLOBMSG_TYPE_STRING },
- [TARGET_STDERR] = { .name = "stderr", .type = BLOBMSG_TYPE_STRING },
- [TARGET_STDOUT] = { .name = "stdout", .type = BLOBMSG_TYPE_STRING },
- [TARGET_TARGET] = { .name = "target", .type = BLOBMSG_TYPE_STRING },
- [TARGET_TITLES] = { .name = "titles", .type = BLOBMSG_TYPE_ARRAY },
- [TARGET_VERSION_CODE] = { .name = "version_code", .type = BLOBMSG_TYPE_STRING },
- [TARGET_VERSION_NUMBER] = { .name = "version_number", .type = BLOBMSG_TYPE_STRING },
-};
-
-/*
- * policy for images object in target
- */
-enum {
- IMAGES_FILESYSTEM,
- IMAGES_NAME,
- IMAGES_SHA256,
- IMAGES_TYPE,
- __IMAGES_MAX,
-};
-
-static const struct blobmsg_policy images_policy[__IMAGES_MAX] = {
- [IMAGES_FILESYSTEM] = { .name = "filesystem", .type = BLOBMSG_TYPE_STRING },
- [IMAGES_NAME] = { .name = "name", .type = BLOBMSG_TYPE_STRING },
- [IMAGES_SHA256] = { .name = "sha256", .type = BLOBMSG_TYPE_STRING },
- [IMAGES_TYPE] = { .name = "type", .type = BLOBMSG_TYPE_STRING },
-};
-
-/*
- * generic policy for HTTP JSON reply
- */
-enum {
- REPLY_ARRAY,
- REPLY_OBJECT,
- __REPLY_MAX,
-};
-
-static const struct blobmsg_policy reply_policy[__REPLY_MAX] = {
- [REPLY_ARRAY] = { .name = "reply", .type = BLOBMSG_TYPE_ARRAY },
- [REPLY_OBJECT] = { .name = "reply", .type = BLOBMSG_TYPE_TABLE },
-};
-
-/*
- * policy for HTTP headers received from server
- */
-enum {
- H_LEN,
- H_RANGE,
- H_UNKNOWN_PACKAGE,
- H_QUEUE_POSITION,
- __H_MAX
-};
-
-static const struct blobmsg_policy header_policy[__H_MAX] = {
- [H_LEN] = { .name = "content-length", .type = BLOBMSG_TYPE_STRING },
- [H_RANGE] = { .name = "content-range", .type = BLOBMSG_TYPE_STRING },
- [H_UNKNOWN_PACKAGE] = { .name = "x-unknown-package", .type = BLOBMSG_TYPE_STRING },
- [H_QUEUE_POSITION] = { .name = "x-queue-position", .type = BLOBMSG_TYPE_INT32 },
-};
-
-/*
- * load serverurl from UCI
- */
-static int load_config() {
- struct uci_context *uci_ctx;
- struct uci_package *uci_attendedsysupgrade;
- struct uci_section *uci_s;
- char *url;
-
- uci_ctx = uci_alloc_context();
- if (!uci_ctx)
- return -1;
-
- uci_ctx->flags &= ~UCI_FLAG_STRICT;
-
- if (uci_load(uci_ctx, "attendedsysupgrade", &uci_attendedsysupgrade) ||
- !uci_attendedsysupgrade) {
- fprintf(stderr, "Failed to load attendedsysupgrade config\n");
- return -1;
- }
- uci_s = uci_lookup_section(uci_ctx, uci_attendedsysupgrade, "server");
- if (!uci_s) {
- fprintf(stderr, "Failed to read server config section\n");
- return -1;
- }
- url = uci_lookup_option_string(uci_ctx, uci_s, "url");
- if (!url) {
- fprintf(stderr, "Failed to read server url from config\n");
- return -1;
- }
- if (strncmp(url, "https://", strlen("https://")) &&
- strncmp(url, "http://", strlen("http://"))) {
- fprintf(stderr, "Server url invalid (needs to be http://... or https://...)\n");
- return -1;
- }
-
- serverurl = strdup(url);
-
- uci_s = uci_lookup_section(uci_ctx, uci_attendedsysupgrade, "client");
- if (!uci_s) {
- fprintf(stderr, "Failed to read client config\n");
- return -1;
- }
- upgrade_packages = atoi(uci_lookup_option_string(uci_ctx, uci_s, "upgrade_packages"));
-
- uci_free_context(uci_ctx);
-
- return 0;
-}
-
-/*
- * libdpkg - Debian packaging suite library routines
- * vercmp.c - comparison of version numbers
- *
- * Copyright (C) 1995 Ian Jackson <iwj10@cus.cam.ac.uk>
- */
-
-/* assume ascii; warning: evaluates x multiple times! */
-#define order(x) ((x) == '~' ? -1 \
- : isdigit((x)) ? 0 \
- : !(x) ? 0 \
- : isalpha((x)) ? (x) \
- : (x) + 256)
-
-static int verrevcmp(const char *val, const char *ref)
-{
- if (!val)
- val = "";
- if (!ref)
- ref = "";
-
- while (*val || *ref) {
- int first_diff = 0;
-
- while ((*val && !isdigit(*val)) || (*ref && !isdigit(*ref))) {
- int vc = order(*val), rc = order(*ref);
- if (vc != rc)
- return vc - rc;
- val++;
- ref++;
- }
-
- while (*val == '0')
- val++;
- while (*ref == '0')
- ref++;
- while (isdigit(*val) && isdigit(*ref)) {
- if (!first_diff)
- first_diff = *val - *ref;
- val++;
- ref++;
- }
- if (isdigit(*val))
- return 1;
- if (isdigit(*ref))
- return -1;
- if (first_diff)
- return first_diff;
- }
- return 0;
-}
-
-static int avl_verrevcmp(const void *k1, const void *k2, void *ptr)
-{
- const char *d1 = (const char *)k1, *d2 = (const char*)k2;
-
- return verrevcmp(d1, d2);
-}
-
-/*
- * replace '-rc' by '~' in string
- */
-static inline void release_replace_rc(char *ver)
-{
- char *tmp;
-
- tmp = strstr(ver, "-rc");
- if (tmp && strlen(tmp) > 3) {
- *tmp = '~';
- memmove(tmp + 1, tmp + 3, strlen(tmp + 3) + 1);
- }
-}
-
-/*
- * OpenWrt release version string comperator
- * replaces '-rc' by '~' to fix ordering of release(s) (candidates)
- * using the void release_replace_rc(char *ver) function above.
- */
-static int openwrt_release_verrevcmp(const char *ver1, const char *ver2)
-{
- char mver1[16], mver2[16];
-
- strncpy(mver1, ver1, sizeof(mver1) - 1);
- mver1[sizeof(mver1) - 1] = '\0';
- strncpy(mver2, ver2, sizeof(mver2) - 1);
- mver2[sizeof(mver2) - 1] = '\0';
-
- release_replace_rc(mver1);
- release_replace_rc(mver2);
-
- return verrevcmp(mver1, mver2);
-}
-
-/*
- * Select package_changes from branch to global list
- */
-static void grab_changes(struct branch *br, unsigned int rev)
-{
- struct package_changes *c, *n;
-
-#ifdef AUC_DEBUG
- if (debug)
- fprintf(stderr, "grabbing changes for branch %s from revision %u\n", br->name, rev);
-#endif
-
- list_for_each_entry(c, &br->package_changes, list) {
- if (c->revision == 0 || c->revision > rev) {
- n = malloc(sizeof(struct package_changes));
- memcpy(n, c, sizeof(struct package_changes));
- INIT_LIST_HEAD(&n->list);
- list_add_tail(&n->list, &selected_package_changes);
- }
- }
-}
-
-/**
- * UBUS response callbacks
- */
-/*
- * rpc-sys packagelist
- * append array of package names to blobbuf given in req->priv
- */
-#define ANSI_ESC "\x1b"
-#define ANSI_COLOR_RESET ANSI_ESC "[0m"
-#define ANSI_COLOR_RED ANSI_ESC "[1;31m"
-#define ANSI_COLOR_GREEN ANSI_ESC "[1;32m"
-#define ANSI_COLOR_BLUE ANSI_ESC "[1;34m"
-#define ANSI_CURSOR_SAFE "[s"
-#define ANSI_CURSOR_RESTORE "[u"
-#define ANSI_ERASE_LINE "[K"
-
-#define PKG_UPGRADE 0x1
-#define PKG_DOWNGRADE 0x2
-#define PKG_NOT_FOUND 0x4
-#define PKG_ERROR 0x8
-
-static bool ask_user(const char *message)
-{
- char user_input;
- fflush(stdin);
- fprintf(stderr, "%s [N/y] ", message);
- user_input = getchar();
- fflush(stdin);
- if ((user_input == 'y') || (user_input == 'Y'))
- return true;
-
- return false;
-}
-
-static inline bool is_builtin_pkg(const char *pkgname)
-{
- return !strcmp(pkgname, "libc") ||
- !strcmp(pkgname, "librt") ||
- !strcmp(pkgname, "libpthread") ||
- !strcmp(pkgname, "kernel");
-}
-
-static const char *apply_package_changes(const char *pkgname, bool interactive)
-{
- struct package_changes *pkc;
- const char *mpkgname = pkgname;
-
- list_for_each_entry(pkc, &selected_package_changes, list) {
- /* package_change additions are dealt with later */
- if (!pkc->source)
- continue;
-
- if (strcmp(pkc->source, mpkgname))
- continue;
-
- if (!pkc->mandatory && interactive) {
- if (pkc->target)
- fprintf(stderr, "Package %s should be replaced by %s.\n", pkc->source, pkc->target);
- else
- fprintf(stderr, "Package %s should be removed.\n", pkc->source);
-
- if (dont_ask)
- pkc->mandatory = true;
- else
- pkc->mandatory = ask_user("Apply change");
- }
-
- if (!pkc->mandatory)
- continue;
-
- mpkgname = pkc->target;
-
- if (!mpkgname)
- break;
- }
- return mpkgname;
-}
-
-static void pkglist_check_cb(struct ubus_request *req, int type, struct blob_attr *msg)
-{
- int *status = (int *)req->priv;
- struct blob_attr *tb[__PACKAGES_MAX], *cur;
- struct avl_pkg *pkg;
- int rem;
- int cmpres;
- const char *pkgname;
- struct package_changes *pkc;
-
- blobmsg_parse(packages_policy, __PACKAGES_MAX, tb, blobmsg_data(msg), blobmsg_len(msg));
-
- if (!tb[PACKAGES_PACKAGES])
- return;
-
- blobmsg_for_each_attr(cur, tb[PACKAGES_PACKAGES], rem) {
- pkgname = blobmsg_name(cur);
- if (is_builtin_pkg(pkgname))
- continue;
-
- pkgname = apply_package_changes(pkgname, true);
- if (!pkgname) {
- fprintf(stderr, " %s: %s%s -> (not installed)%s\n",
- blobmsg_name(cur), ANSI_COLOR_BLUE,
- blobmsg_get_string(cur), ANSI_COLOR_RESET);
- continue;
- }
-
- pkg = avl_find_element(&pkg_tree, pkgname, pkg, avl);
- if (!pkg) {
- fprintf(stderr, "installed package %s%s%s cannot be found in remote list!\n",
- ANSI_COLOR_RED, pkgname, ANSI_COLOR_RESET);
- *status |= PKG_NOT_FOUND;
- continue;
- }
-
- if (pkgname != blobmsg_name(cur)) {
- fprintf(stderr, " %s%s: %s -> %s: %s%s\n", ANSI_COLOR_BLUE,
- blobmsg_name(cur),
- blobmsg_get_string(cur), pkgname, pkg->version,
- ANSI_COLOR_RESET);
- *status |= PKG_UPGRADE;
- continue;
- }
-
- cmpres = verrevcmp(blobmsg_get_string(cur), pkg->version);
- if (cmpres < 0)
- *status |= PKG_UPGRADE;
-
- if (cmpres > 0)
- *status |= PKG_DOWNGRADE;
-
- if (cmpres
-#ifdef AUC_DEBUG
- || debug
-#endif
- )
- fprintf(stderr, " %s: %s%s -> %s%s\n", blobmsg_name(cur),
- (!cmpres)?"":(cmpres > 0)?ANSI_COLOR_RED:ANSI_COLOR_GREEN,
- blobmsg_get_string(cur), pkg->version,
- (cmpres)?ANSI_COLOR_RESET:"");
- }
-
- list_for_each_entry(pkc, &selected_package_changes, list) {
- /* deal only with package_change additions now */
- if (pkc->source)
- continue;
-
- pkg = avl_find_element(&pkg_tree, pkc->target, pkg, avl);
- if (!pkg) {
- fprintf(stderr, "new package %s%s%s cannot be found in remote list!\n",
- ANSI_COLOR_RED, pkc->target, ANSI_COLOR_RESET);
- *status |= PKG_NOT_FOUND;
- continue;
- }
- fprintf(stderr, " %s: %s(not installed) -> %s%s\n", pkc->target, ANSI_COLOR_BLUE,
- pkg->version, ANSI_COLOR_RESET);
- }
-}
-
-/*
- * rpc-sys packagelist
- * append array of package names to blobbuf given in req->priv
- */
-static void pkglist_req_cb(struct ubus_request *req, int type, struct blob_attr *msg) {
- struct blob_buf *buf = (struct blob_buf *)req->priv;
- struct blob_attr *tb[__PACKAGES_MAX];
- struct blob_attr *cur;
- int rem;
- struct avl_pkg *pkg;
- void *table;
- const char *pkgname;
- struct package_changes *pkc;
-
- blobmsg_parse(packages_policy, __PACKAGES_MAX, tb, blob_data(msg), blob_len(msg));
-
- if (!tb[PACKAGES_PACKAGES]) {
- fprintf(stderr, "No packagelist received\n");
- return;
- }
-
- table = blobmsg_open_table(buf, "packages_versions");
-
- blobmsg_for_each_attr(cur, tb[PACKAGES_PACKAGES], rem) {
- pkgname = blobmsg_name(cur);
- if (is_builtin_pkg(pkgname))
- continue;
-
- pkgname = apply_package_changes(pkgname, false);
- pkg = avl_find_element(&pkg_tree, pkgname, pkg, avl);
- if (!pkg)
- continue;
-
- blobmsg_add_string(buf, pkgname, pkg->version);
- }
-
- list_for_each_entry(pkc, &selected_package_changes, list) {
- /* add new packages to request */
- if (pkc->source)
- continue;
-
- pkg = avl_find_element(&pkg_tree, pkc->target, pkg, avl);
- if (!pkg)
- continue;
-
- blobmsg_add_string(buf, pkc->target, pkg->version);
- }
- blobmsg_close_table(buf, table);
-};
-
-/*
- * system board
- * append append board information to blobbuf given in req->priv
- * populate board and release global strings
- */
-static void board_cb(struct ubus_request *req, int type, struct blob_attr *msg) {
- struct blob_buf *buf = (struct blob_buf *)req->priv;
- struct blob_attr *tb[__BOARD_MAX];
- struct blob_attr *rel[__RELEASE_MAX];
-
- blobmsg_parse(board_policy, __BOARD_MAX, tb, blob_data(msg), blob_len(msg));
-
-
- if (!tb[BOARD_RELEASE]) {
- fprintf(stderr, "No release received\n");
- rc=-ENODATA;
- return;
- }
-
- blobmsg_parse(release_policy, __RELEASE_MAX, rel,
- blobmsg_data(tb[BOARD_RELEASE]), blobmsg_data_len(tb[BOARD_RELEASE]));
-
- if (!rel[RELEASE_TARGET] ||
- !rel[RELEASE_DISTRIBUTION] ||
- !rel[RELEASE_VERSION] ||
- !rel[RELEASE_REVISION]) {
- fprintf(stderr, "No release information received\n");
- rc=-ENODATA;
- return;
- }
-
- target = strdup(blobmsg_get_string(rel[RELEASE_TARGET]));
- distribution = strdup(blobmsg_get_string(rel[RELEASE_DISTRIBUTION]));
- version = strdup(blobmsg_get_string(rel[RELEASE_VERSION]));
- revision = strdup(blobmsg_get_string(rel[RELEASE_REVISION]));
-
- if (!strcmp(target, "x86/64") || !strcmp(target, "x86/generic")) {
- /*
- * ugly work-around ahead:
- * ignore board name on generic x86 targets, as image name is always 'generic'
- */
- board_name = strdup("generic");
- } else {
- if (!tb[BOARD_BOARD_NAME]) {
- fprintf(stderr, "No board name received\n");
- rc=-ENODATA;
- return;
- }
- board_name = strdup(blobmsg_get_string(tb[BOARD_BOARD_NAME]));
- }
-
- if (tb[BOARD_ROOTFS_TYPE])
- rootfs_type = strdup(blobmsg_get_string(tb[BOARD_ROOTFS_TYPE]));
-
- blobmsg_add_string(buf, "target", target);
- blobmsg_add_string(buf, "version", version);
- blobmsg_add_string(buf, "revision", revision);
-}
-
-/*
- * rpc-sys upgrade_test
- * check if downloaded file is accepted by sysupgrade
- */
-static void upgtest_cb(struct ubus_request *req, int type, struct blob_attr *msg) {
- int *valid = (int *)req->priv;
- struct blob_attr *tb[__UPGTEST_MAX];
-
- blobmsg_parse(upgtest_policy, __UPGTEST_MAX, tb, blob_data(msg), blob_len(msg));
-
- if (!tb[UPGTEST_CODE]) {
- fprintf(stderr, "No sysupgrade test return code received\n");
- return;
- }
-
- *valid = (blobmsg_get_u32(tb[UPGTEST_CODE]) == 0)?1:0;
-
- if (tb[UPGTEST_STDERR])
- fprintf(stderr, "%s", blobmsg_get_string(tb[UPGTEST_STDERR]));
- else if (*valid == 0)
- fprintf(stderr, "image verification failed\n");
- else
- fprintf(stderr, "image verification succeeded\n");
-};
-
-/**
- * uclient stuff
- */
-static int open_output_file(const char *path, uint64_t resume_offset)
-{
- char *filename = NULL;
- int flags;
- int ret;
-
- if (cur_resume)
- flags = O_RDWR;
- else
- flags = O_WRONLY | O_EXCL;
-
- flags |= O_CREAT;
-
- filename = uclient_get_url_filename(path, "firmware.bin");
-
- fprintf(stderr, "Writing to '%s'\n", filename);
- ret = open(filename, flags, 0644);
- if (ret < 0)
- goto free;
-
- if (resume_offset &&
- lseek(ret, resume_offset, SEEK_SET) < 0) {
- fprintf(stderr, "Failed to seek %"PRIu64" bytes in output file\n", resume_offset);
- close(ret);
- ret = -1;
- goto free;
- }
-
- out_offset = resume_offset;
- out_bytes += resume_offset;
-
-free:
- free(filename);
- return ret;
-}
-
-struct jsonblobber {
- json_tokener *tok;
- struct blob_buf *outbuf;
-};
-
-static void request_done(struct uclient *cl)
-{
- struct jsonblobber *jsb = (struct jsonblobber *)cl->priv;
- if (jsb) {
- json_tokener_free(jsb->tok);
- free(jsb);
- };
-
- uclient_disconnect(cl);
- uloop_end();
-}
-
-static void header_done_cb(struct uclient *cl)
-{
- struct blob_attr *tb[__H_MAX];
- struct jsonblobber *jsb = (struct jsonblobber *)cl->priv;
- struct blob_buf *outbuf = NULL;
-
- if (jsb)
- outbuf = jsb->outbuf;
-
- uint64_t resume_offset = 0, resume_end, resume_size;
-
- if (uclient_http_redirect(cl)) {
- fprintf(stderr, "Redirected to %s on %s\n", cl->url->location, cl->url->host);
-
- return;
- }
-
- if (cl->status_code == 204 && cur_resume) {
- /* Resume attempt failed, try normal download */
- cur_resume = false;
- //init_request(cl);
- return;
- }
-
- DPRINTF("status code: %d\n", cl->status_code);
- DPRINTF("headers:\n%s\n", blobmsg_format_json_indent(cl->meta, true, 0));
- blobmsg_parse(header_policy, __H_MAX, tb, blob_data(cl->meta), blob_len(cl->meta));
-
- switch (cl->status_code) {
- case 400:
- request_done(cl);
- rc=-ESRCH;
- break;
- case 422:
- fprintf(stderr, "unknown package '%s' requested.\n",
- blobmsg_get_string(tb[H_UNKNOWN_PACKAGE]));
- rc=-ENOPKG;
- request_done(cl);
- break;
- case 201:
- case 202:
- retry = true;
- if (!outbuf)
- break;
-
- blobmsg_add_u32(outbuf, "status", cl->status_code);
-
- if (tb[H_QUEUE_POSITION])
- blobmsg_add_u32(outbuf, "queue_position", blobmsg_get_u32(tb[H_QUEUE_POSITION]));
-
- break;
- case 200:
- retry = false;
- if (cl->priv)
- break;
-
- if (tb[H_LEN])
- out_len = strtoul(blobmsg_get_string(tb[H_LEN]), NULL, 10);
-
- output_fd = open_output_file(cl->url->location, resume_offset);
- if (output_fd < 0) {
- perror("Cannot open output file");
- request_done(cl);
- }
- break;
- case 500:
- /* server may reply JSON object */
- break;
-
- default:
- DPRINTF("HTTP error %d\n", cl->status_code);
- request_done(cl);
- break;
- }
-}
-
-static void read_data_cb(struct uclient *cl)
-{
- char buf[256];
- int len;
- json_object *jsobj;
- struct blob_buf *outbuf = NULL;
- json_tokener *tok = NULL;
- struct jsonblobber *jsb = (struct jsonblobber *)cl->priv;
-
- if (!jsb) {
- while (1) {
- len = uclient_read(cl, buf, sizeof(buf));
- if (!len)
- return;
-
- out_bytes += len;
- write(output_fd, buf, len);
- }
- return;
- }
-
- outbuf = jsb->outbuf;
- tok = jsb->tok;
-
- while (1) {
- len = uclient_read(cl, buf, sizeof(buf));
- if (!len)
- break;
-
- out_bytes += len;
-
- jsobj = json_tokener_parse_ex(tok, buf, len);
-
- if (json_tokener_get_error(tok) == json_tokener_continue)
- continue;
-
- if (json_tokener_get_error(tok) != json_tokener_success)
- break;
-
- if (jsobj)
- {
- blobmsg_add_json_element(outbuf, "reply", jsobj);
-
- json_object_put(jsobj);
- break;
- }
- }
-}
-
-static void eof_cb(struct uclient *cl)
-{
- if (!cl->data_eof && !uptodate) {
- fprintf(stderr, "Connection reset prematurely\n");
- }
- request_done(cl);
-}
-
-static void handle_uclient_error(struct uclient *cl, int code)
-{
- const char *type = "Unknown error";
-
- switch(code) {
- case UCLIENT_ERROR_CONNECT:
- type = "Connection failed";
- break;
- case UCLIENT_ERROR_TIMEDOUT:
- type = "Connection timed out";
- break;
- case UCLIENT_ERROR_SSL_INVALID_CERT:
- type = "Invalid SSL certificate";
- break;
- case UCLIENT_ERROR_SSL_CN_MISMATCH:
- type = "Server hostname does not match SSL certificate";
- break;
- default:
- break;
- }
-
- fprintf(stderr, "Connection error: %s\n", type);
-
- request_done(cl);
-}
-
-static const struct uclient_cb check_cb = {
- .header_done = header_done_cb,
- .data_read = read_data_cb,
- .data_eof = eof_cb,
- .error = handle_uclient_error,
-};
-
-static int server_request(const char *url, struct blob_buf *inbuf, struct blob_buf *outbuf) {
- struct jsonblobber *jsb = NULL;
- int rc = -ENOENT;
- char *post_data;
- out_offset = 0;
- out_bytes = 0;
- out_len = 0;
-
-#ifdef AUC_DEBUG
- if (debug)
- fprintf(stderr, "Requesting URL: %s\n", url);
-#endif
-
- if (outbuf) {
- jsb = malloc(sizeof(struct jsonblobber));
- jsb->outbuf = outbuf;
- jsb->tok = json_tokener_new();
- };
-
- if (!ucl) {
- ucl = uclient_new(url, NULL, &check_cb);
- uclient_http_set_ssl_ctx(ucl, ssl_ops, ssl_ctx, 1);
- ucl->timeout_msecs = REQ_TIMEOUT * 1000;
- } else {
- uclient_set_url(ucl, url, NULL);
- }
-
- ucl->priv = jsb;
-
- rc = uclient_connect(ucl);
- if (rc)
- return rc;
-
- rc = uclient_http_set_request_type(ucl, inbuf?"POST":"GET");
- if (rc)
- return rc;
-
- uclient_http_reset_headers(ucl);
- uclient_http_set_header(ucl, "User-Agent", user_agent);
- if (inbuf) {
- uclient_http_set_header(ucl, "Content-Type", "application/json");
- post_data = blobmsg_format_json(inbuf->head, true);
- uclient_write(ucl, post_data, strlen(post_data));
- }
- rc = uclient_request(ucl);
- if (rc)
- return rc;
-
- uloop_run();
-
- return 0;
-}
-
-/**
- * ustream-ssl
- */
-static int init_ustream_ssl(void) {
- glob_t gl;
- int i;
-
- dlh = dlopen("libustream-ssl.so", RTLD_LAZY | RTLD_LOCAL);
- if (!dlh)
- return -ENOENT;
-
- ssl_ops = dlsym(dlh, "ustream_ssl_ops");
- if (!ssl_ops)
- return -ENOENT;
-
- ssl_ctx = ssl_ops->context_new(false);
-
- glob("/etc/ssl/certs/*.crt", 0, NULL, &gl);
- if (!gl.gl_pathc)
- return -ENOKEY;
-
- for (i = 0; i < gl.gl_pathc; i++)
- ssl_ops->context_add_ca_crt_file(ssl_ctx, gl.gl_pathv[i]);
-
- return 0;
-}
-
-static char* alloc_replace_var(char *in, const char *var, const char *replace)
-{
- char *tmp = in;
- char *res = NULL;
- char *eptr;
-
- while ((tmp = strchr(tmp, '{'))) {
- ++tmp;
- eptr = strchr(tmp, '}');
- if (!eptr)
- return NULL;
-
- if (!strncmp(tmp, var, (unsigned int)(eptr - tmp))) {
- asprintf(&res, "%.*s%s%s",
- (unsigned int)(tmp - in) - 1, in, replace, eptr + 1);
- break;
- }
- }
-
- if (!res)
- res = strdup(in);
-
- return res;
-}
-
-static int request_target(struct branch_version *bver, char *url)
-{
- static struct blob_buf boardbuf;
- struct blob_attr *tbr[__REPLY_MAX], *tb[__TARGET_MAX];
-
- blobmsg_buf_init(&boardbuf);
-
- if ((rc = server_request(url, NULL, &boardbuf))) {
- blob_buf_free(&boardbuf);
- return rc;
- }
-
- blobmsg_parse(reply_policy, __REPLY_MAX, tbr, blob_data(boardbuf.head), blob_len(boardbuf.head));
-
- if (!tbr[REPLY_OBJECT])
- return -ENODATA;
-
- blobmsg_parse(target_policy, __TARGET_MAX, tb, blobmsg_data(tbr[REPLY_OBJECT]), blobmsg_len(tbr[REPLY_OBJECT]));
-
- if (!tb[TARGET_METADATA_VERSION] ||
- !tb[TARGET_ARCH_PACKAGES] ||
- !tb[TARGET_IMAGES] ||
- !tb[TARGET_TARGET]) {
- blob_buf_free(&boardbuf);
- return -ENODATA;
- }
-
- if (blobmsg_get_u32(tb[TARGET_METADATA_VERSION]) != 1) {
- blob_buf_free(&boardbuf);
- return -EPFNOSUPPORT;
- }
-
- if (strcmp(blobmsg_get_string(tb[TARGET_TARGET]), target))
- return -EINVAL;
-
- if (strcmp(blobmsg_get_string(tb[TARGET_ARCH_PACKAGES]), bver->branch->arch_packages))
- return -EINVAL;
-
- if (tb[TARGET_VERSION_CODE])
- bver->version_code = strdup(blobmsg_get_string(tb[TARGET_VERSION_CODE]));
-
- if (tb[TARGET_VERSION_NUMBER])
- bver->version_number = strdup(blobmsg_get_string(tb[TARGET_VERSION_NUMBER]));
-
- blob_buf_free(&boardbuf);
- return 0;
-};
-
-static char* validate_target(struct blob_attr *branch)
-{
- struct blob_attr *cur;
- int rem;
-
- blobmsg_for_each_attr(cur, branch, rem)
- if (!strcmp(blobmsg_name(cur), target))
- return strdup(blobmsg_get_string(cur));
-
- return NULL;
-}
-
-static void process_branch(struct blob_attr *branch, bool only_active)
-{
- struct blob_attr *tb[__BRANCH_MAX], *pkc[__PACKAGE_CHANGES_MAX];
- struct blob_attr *curver, *curpkc;
- int remver, rempkc;
- struct branch *br;
- struct package_changes *pkce;
- char *tmp, *board_json_file;
- const char *brname;
-
- blobmsg_parse(branches_policy, __BRANCH_MAX, tb, blobmsg_data(branch), blobmsg_len(branch));
-
- /* mandatory fields */
- if (!(tb[BRANCH_ENABLED] && blobmsg_get_bool(tb[BRANCH_ENABLED]) &&
- tb[BRANCH_NAME] && tb[BRANCH_PATH] && tb[BRANCH_PATH_PACKAGES] &&
- tb[BRANCH_VERSIONS] && tb[BRANCH_TARGETS]))
- return;
-
- brname = blobmsg_get_string(tb[BRANCH_NAME]);
- if (only_active && strncmp(brname, version, strlen(brname)))
- return;
-
- br = calloc(1, sizeof(struct branch));
- avl_init(&br->versions, avl_verrevcmp, false, NULL);
- INIT_LIST_HEAD(&br->package_changes);
-
- /* check if target is offered in branch and get arch_packages */
- br->arch_packages = validate_target(tb[BRANCH_TARGETS]);
- if (!br->arch_packages) {
- free(br);
- return;
- }
-
- if (tb[BRANCH_GIT_BRANCH])
- br->git_branch = strdup(blobmsg_get_string(tb[BRANCH_GIT_BRANCH]));
-
- if (tb[BRANCH_BRANCH_OFF_REV])
- br->branch_off_rev = blobmsg_get_u32(tb[BRANCH_BRANCH_OFF_REV]);
- else
- br->branch_off_rev = 0;
-
- if (tb[BRANCH_SNAPSHOT])
- br->snapshot = blobmsg_get_bool(tb[BRANCH_SNAPSHOT]);
- else
- br->snapshot = false;
-
- br->name = strdup(blobmsg_get_string(tb[BRANCH_NAME]));
- br->path_packages = alloc_replace_var(blobmsg_get_string(tb[BRANCH_PATH_PACKAGES]), "branch", br->name);
- if (!br->path_packages) {
- free(br->name);
- free(br->arch_packages);
- free(br);
- return;
- }
-
- /* parse package changes */
- blobmsg_for_each_attr(curpkc, tb[BRANCH_PACKAGE_CHANGES], rempkc) {
- if (blobmsg_type(curpkc) != BLOBMSG_TYPE_TABLE)
- continue;
-
- blobmsg_parse(package_changes_policy, __PACKAGE_CHANGES_MAX, pkc, blobmsg_data(curpkc), blobmsg_len(curpkc));
- if (!pkc[PACKAGE_CHANGES_REVISION] || (!pkc[PACKAGE_CHANGES_SOURCE] && !pkc[PACKAGE_CHANGES_TARGET]))
- continue;
-
- pkce = calloc(1, sizeof(struct package_changes));
- if (!pkce)
- break;
-
- if (pkc[PACKAGE_CHANGES_SOURCE])
- pkce->source = strdup(blobmsg_get_string(pkc[PACKAGE_CHANGES_SOURCE]));
-
- if (pkc[PACKAGE_CHANGES_TARGET])
- pkce->target = strdup(blobmsg_get_string(pkc[PACKAGE_CHANGES_TARGET]));
-
- pkce->revision = blobmsg_get_u32(pkc[PACKAGE_CHANGES_REVISION]);
-
- if (pkc[PACKAGE_CHANGES_MANDATORY])
- pkce->mandatory = blobmsg_get_bool(pkc[PACKAGE_CHANGES_MANDATORY]);
-
- list_add_tail(&pkce->list, &br->package_changes);
- }
-
- /* add each version of the branch */
- blobmsg_for_each_attr(curver, tb[BRANCH_VERSIONS], remver) {
- if (blobmsg_type(curver) != BLOBMSG_TYPE_STRING)
- continue;
-
- struct branch_version *bver = calloc(1, sizeof(struct branch_version));
- bver->snapshot = !!strcasestr(blobmsg_get_string(curver), "snapshot");
- bver->path = alloc_replace_var(blobmsg_get_string(tb[BRANCH_PATH]), "version", blobmsg_get_string(curver));
- if (!bver->path) {
- free(bver);
- continue;
- }
- bver->version = strdup(blobmsg_get_string(curver));
- if (!bver->version) {
- free(bver->path);
- free(bver);
- continue;
- }
- bver->branch = br;
- if (asprintf(&board_json_file, "%s/%s/%s/%s/%s/%s/%s%s", serverurl, API_JSON,
- API_JSON_VERSION, bver->path, API_TARGETS, target, board_name,
- API_JSON_EXT) < 0) {
- free(bver->version);
- free(bver->path);
- free(bver);
- continue;
- }
- tmp = board_json_file;
- while ((tmp = strchr(tmp, ',')))
- *tmp = '_';
-
- if (request_target(bver, board_json_file)) {
- free(board_json_file);
- free(bver->version);
- free(bver->path);
- free(bver);
- continue;
- }
- free(board_json_file);
- bver->avl.key = bver->version;
- avl_insert(&br->versions, &bver->avl);
- }
-
- br->avl.key = br->name;
- avl_insert(&branches, &br->avl);
-}
-
-static int request_branches(bool only_active)
-{
- static struct blob_buf brbuf;
- struct blob_attr *cur;
- struct blob_attr *tb[__REPLY_MAX];
- int rem;
- char url[256];
- struct blob_attr *data;
-
- blobmsg_buf_init(&brbuf);
- snprintf(url, sizeof(url), "%s/%s/%s/%s%s", serverurl, API_JSON,
- API_JSON_VERSION, API_BRANCHES, API_JSON_EXT);
-
- if ((rc = server_request(url, NULL, &brbuf))) {
- blob_buf_free(&brbuf);
- return rc;
- };
-
- blobmsg_parse(reply_policy, __REPLY_MAX, tb, blob_data(brbuf.head), blob_len(brbuf.head));
-
- /* newer server API replies OBJECT, older API replies ARRAY... */
- if ((!tb[REPLY_ARRAY] && !tb[REPLY_OBJECT]))
- return -ENODATA;
-
- if (tb[REPLY_OBJECT])
- data = tb[REPLY_OBJECT];
- else
- data = tb[REPLY_ARRAY];
-
- blobmsg_for_each_attr(cur, data, rem)
- process_branch(cur, only_active);
-
- blob_buf_free(&brbuf);
-
- return 0;
-}
-
-static void free_branches()
-{
- struct branch *br, *tmp;
- struct branch_version *bver, *tmp2;
- struct package_changes *pkce, *tmp3;
-
- avl_for_each_element_safe(&branches, br, avl, tmp) {
- free(br->name);
- free(br->path_packages);
- free(br->arch_packages);
-
- avl_for_each_element_safe(&br->versions, bver, avl, tmp2) {
- avl_delete(&br->versions, &bver->avl);
- free(bver->version);
- free(bver->version_code);
- free(bver->version_number);
- free(bver->path);
- free(bver);
- }
-
- list_for_each_entry_safe(pkce, tmp3, &br->package_changes, list) {
- list_del(&pkce->list);
- free(pkce->source);
- free(pkce->target);
- free(pkce);
- }
-
- avl_delete(&branches, &br->avl);
- }
-}
-
-static struct branch *get_current_branch()
-{
- struct branch *br, *abr = NULL;
-
- avl_for_each_element(&branches, br, avl) {
- /* if branch name doesn't match version *prefix*, skip */
- if (!strncasecmp(br->name, version, strlen(br->name))) {
- abr = br;
- break;
- }
- }
-
- return abr;
-}
-
-static int revision_from_version_code(const char *version_code)
-{
- int res;
-
- if (sscanf(version_code, "r%d-", &res) == 1)
- return res;
-
- return -1;
-}
-
-static struct branch_version *select_branch(char *name, char *select_version)
-{
- struct branch *br;
- struct branch_version *bver, *abver = NULL;
-
- if (!name)
- name = version;
-
- avl_for_each_element(&branches, br, avl) {
- /* if branch name doesn't match version *prefix*, skip */
- if (strncasecmp(br->name, name, strlen(br->name)))
- continue;
-
- avl_for_each_element(&br->versions, bver, avl) {
- if (select_version) {
- if (!strcasecmp(bver->version, select_version)) {
- abver = bver;
- break;
- }
- } else {
- if (!strcasecmp(name, "snapshot")) {
- /* we are on the main snapshot branch */
- if (br->snapshot && bver->snapshot) {
- abver = bver;
- break;
- }
- } else {
- /* skip main snapshot branch */
- if (br->snapshot)
- continue;
-
- if (strcasestr(version, "snapshot")) {
- /* we are on a stable snapshot branch or coming from main snapshot branch */
- if (bver->snapshot) {
- abver = bver;
- break;
- }
- } else {
- if (bver->snapshot)
- continue;
-
- if (!abver || (openwrt_release_verrevcmp(abver->version, bver->version) < 0))
- abver = bver;
- }
- }
- }
- }
- if (abver)
- break;
- }
-
- return abver;
-}
-
-static int add_upg_packages(struct blob_attr *reply, char *arch)
-{
- struct blob_attr *tbr[__REPLY_MAX];
- struct blob_attr *tba[__PACKAGES_MAX];
- struct blob_attr *packages;
- struct blob_attr *cur;
- int rem;
- struct avl_pkg *avpk;
-
- blobmsg_parse(reply_policy, __REPLY_MAX, tbr, blob_data(reply), blob_len(reply));
-
- if (!tbr[REPLY_OBJECT])
- return -ENODATA;
-
- if (arch) {
- blobmsg_parse(packages_policy, __PACKAGES_MAX, tba, blobmsg_data(tbr[REPLY_OBJECT]), blobmsg_len(tbr[REPLY_OBJECT]));
- if (!tba[PACKAGES_ARCHITECTURE] ||
- !tba[PACKAGES_PACKAGES])
- return -ENODATA;
-
- if (strcmp(blobmsg_get_string(tba[PACKAGES_ARCHITECTURE]), arch))
- return -EBADMSG;
-
- packages = tba[PACKAGES_PACKAGES];
- } else {
- packages = tbr[REPLY_OBJECT];
- }
-
- blobmsg_for_each_attr(cur, packages, rem) {
- avpk = calloc(1, sizeof(struct avl_pkg));
- if (!avpk)
- return -ENOMEM;
-
- avpk->name = strdup(blobmsg_name(cur));
- if (!avpk->name) {
- free(avpk);
- return -ENOMEM;
- }
-
- avpk->version = strdup(blobmsg_get_string(cur));
- if (!avpk->version) {
- free(avpk->name);
- free(avpk);
- return -ENOMEM;
- }
-
- avpk->avl.key = avpk->name;
- if (avl_insert(&pkg_tree, &avpk->avl)) {
-
-#ifdef AUC_DEBUG
- if (debug)
- fprintf(stderr, "failed to insert package %s (%s)!\n", blobmsg_name(cur), blobmsg_get_string(cur));
-#endif
-
- if (avpk->name)
- free(avpk->name);
-
- if (avpk->version)
- free(avpk->version);
-
- free(avpk);
- }
- }
-
- return 0;
-}
-
-static int request_packages(struct branch_version *bver)
-{
- static struct blob_buf pkgbuf, archpkgbuf;
- char url[256];
- int ret;
-
- fprintf(stderr, "Requesting package lists...\n");
-
- blobmsg_buf_init(&archpkgbuf);
- snprintf(url, sizeof(url), "%s/%s/%s/%s/%s/%s/%s%s", serverurl, API_JSON,
- API_JSON_VERSION, bver->path, API_TARGETS, target, API_INDEX, API_JSON_EXT);
- if ((rc = server_request(url, NULL, &archpkgbuf))) {
- blob_buf_free(&archpkgbuf);
- return rc;
- };
-
- ret = add_upg_packages(archpkgbuf.head, bver->branch->arch_packages);
- blob_buf_free(&archpkgbuf);
-
- if (ret)
- return ret;
-
- blobmsg_buf_init(&pkgbuf);
- snprintf(url, sizeof(url), "%s/%s/%s/%s/%s/%s-%s%s", serverurl, API_JSON,
- API_JSON_VERSION, bver->path, API_PACKAGES, bver->branch->arch_packages,
- API_INDEX, API_JSON_EXT);
- if ((rc = server_request(url, NULL, &pkgbuf))) {
- blob_buf_free(&archpkgbuf);
- blob_buf_free(&pkgbuf);
- return rc;
- };
-
- ret = add_upg_packages(pkgbuf.head, NULL);
- blob_buf_free(&pkgbuf);
-
- return ret;
-}
-
-
-static int check_installed_packages(void)
-{
- static struct blob_buf allpkg;
- uint32_t id;
- int status = 0;
-
- blob_buf_init(&allpkg, 0);
- blobmsg_add_u8(&allpkg, "all", 1);
- blobmsg_add_string(&allpkg, "dummy", "foo");
- if (ubus_lookup_id(ctx, "rpc-sys", &id) ||
- ubus_invoke(ctx, id, "packagelist", allpkg.head, pkglist_check_cb, &status, 3000)) {
- fprintf(stderr, "cannot request packagelist from rpcd\n");
- status |= PKG_ERROR;
- }
-
- return status;
-}
-
-static int req_add_selected_packages(struct blob_buf *req)
-{
- static struct blob_buf allpkg;
- uint32_t id;
-
- blob_buf_init(&allpkg, 0);
- blobmsg_add_u8(&allpkg, "all", 0);
- blobmsg_add_string(&allpkg, "dummy", "foo");
- if (ubus_lookup_id(ctx, "rpc-sys", &id) ||
- ubus_invoke(ctx, id, "packagelist", allpkg.head, pkglist_req_cb, req, 3000)) {
- fprintf(stderr, "cannot request packagelist from rpcd\n");
- return -EFAULT;
- }
-
- return 0;
-}
-
-#if defined(__amd64__) || defined(__i386__)
-static int system_is_efi(void)
-{
- const char efidname[] = "/sys/firmware/efi/efivars";
- int fd = open(efidname, O_DIRECTORY | O_PATH);
-
- if (fd != -1) {
- close(fd);
- return 1;
- } else {
- return 0;
- }
-}
-#else
-static inline int system_is_efi(void) { return 0; }
-#endif
-
-static int get_image_by_type(struct blob_attr *images, const char *typestr, const char *fstype, char **image_name, char **image_sha256)
-{
- struct blob_attr *tb[__IMAGES_MAX];
- struct blob_attr *cur;
- int rem, ret = -ENOENT;
-
- blobmsg_for_each_attr(cur, images, rem) {
- blobmsg_parse(images_policy, __IMAGES_MAX, tb, blobmsg_data(cur), blobmsg_len(cur));
- if (!tb[IMAGES_FILESYSTEM] ||
- !tb[IMAGES_NAME] ||
- !tb[IMAGES_TYPE] ||
- !tb[IMAGES_SHA256])
- continue;
-
- if (fstype && strcmp(blobmsg_get_string(tb[IMAGES_FILESYSTEM]), fstype))
- continue;
-
- if (!strcmp(blobmsg_get_string(tb[IMAGES_TYPE]), typestr)) {
- *image_name = strdup(blobmsg_get_string(tb[IMAGES_NAME]));
- *image_sha256 = strdup(blobmsg_get_string(tb[IMAGES_SHA256]));
- ret = 0;
- break;
- }
- }
-
- return ret;
-}
-
-static int select_image(struct blob_attr *images, const char *target_fstype, char **image_name, char **image_sha256)
-{
- const char *combined_type;
- const char *fstype = rootfs_type;
- int ret = -ENOENT;
-
- if (target_fstype)
- fstype = target_fstype;
-
- if (system_is_efi())
- combined_type = "combined-efi";
- else
- combined_type = "combined";
-
- DPRINTF("images: %s\n", blobmsg_format_json_indent(images, true, 0));
-
- if (fstype) {
- ret = get_image_by_type(images, "sysupgrade", fstype, image_name, image_sha256);
- if (!ret)
- return 0;
-
- ret = get_image_by_type(images, combined_type, fstype, image_name, image_sha256);
- if (!ret)
- return 0;
-
- ret = get_image_by_type(images, "sdcard", fstype, image_name, image_sha256);
- if (!ret)
- return 0;
- }
-
- /* fallback to squashfs unless fstype requested explicitly */
- if (!target_fstype) {
- ret = get_image_by_type(images, "sysupgrade", "squashfs", image_name, image_sha256);
- if (!ret)
- return 0;
-
- ret = get_image_by_type(images, combined_type, "squashfs", image_name, image_sha256);
- if (!ret)
- return 0;
-
- ret = get_image_by_type(images, "sdcard", fstype, image_name, image_sha256);
- }
-
- return ret;
-}
-
-static bool validate_sha256(char *filename, char *sha256str)
-{
- char *cmd = calloc(strlen(SHA256SUM) + 1 + strlen(filename) + 1, sizeof(char));
- size_t reslen = (64 + 2 + strlen(filename) + 1) * sizeof(char);
- char *resstr = malloc(reslen);
- FILE *f;
- bool ret = false;
-
- strcpy(cmd, SHA256SUM);
- strcat(cmd, " ");
- strcat(cmd, filename);
-
- f = popen(cmd, "r");
- if (!f)
- goto sha256free;
-
- if (fread(resstr, reslen, 1, f) < 1)
- goto sha256close;
-
- if (!strncmp(sha256str, resstr, 64))
- ret = true;
-
-sha256close:
- fflush(f);
- pclose(f);
-sha256free:
- free(cmd);
- free(resstr);
-
- return ret;
-}
-
-static inline bool status_delay(const char *status)
-{
- return !strcmp(API_STATUS_QUEUED, status) ||
- !strcmp(API_STATUS_STARTED, status);
-}
-
-static void usage(const char *arg0)
-{
- fprintf(stdout, "%s: Attended sysUpgrade CLI client\n", arg0);
- fprintf(stdout, "Usage: auc [-b <branch>] [-B <ver>] [-c] %s[-f] [-h] [-r] [-y]\n",
-#ifdef AUC_DEBUG
-"[-d] "
-#else
-""
-#endif
- );
- fprintf(stdout, " -b <branch>\tuse specific release branch\n");
- fprintf(stdout, " -B <ver>\tuse specific release version\n");
- fprintf(stdout, " -c\t\tonly check if system is up-to-date\n");
-#ifdef AUC_DEBUG
- fprintf(stdout, " -d\t\tenable debugging output\n");
-#endif
- fprintf(stdout, " -f\t\tuse force\n");
- fprintf(stdout, " -h\t\toutput help\n");
- fprintf(stdout, " -n\t\tdry-run (don't download or upgrade)\n");
- fprintf(stdout, " -r\t\tcheck only for release upgrades\n");
- fprintf(stdout, " -F <fstype>\toverride filesystem type\n");
- fprintf(stdout, " -y\t\tdon't wait for user confirmation\n");
- fprintf(stdout, "\n");
- fprintf(stdout, "Please report issues to improve the server:\n");
- fprintf(stdout, "%s\n", server_issues);
-}
-
-
-/* this main function is too big... todo: split */
-int main(int args, char *argv[]) {
- static struct blob_buf checkbuf, infobuf, reqbuf, imgbuf, upgbuf;
- struct branch *current_branch, *running_branch;
- struct branch_version *target_version;
- int running_revision, covered_revision = 0;
- uint32_t id;
- int valid;
- char url[256];
- char *sanetized_board_name, *image_name, *image_sha256, *tmp;
- char *cmd_target_branch = NULL, *cmd_target_version = NULL, *cmd_target_fstype = NULL;
- struct blob_attr *tbr[__REPLY_MAX];
- struct blob_attr *tb[__TARGET_MAX] = {}; /* make sure tb is NULL initialized even if blobmsg_parse isn't called */
- struct stat imgstat;
- bool check_only = false;
- bool retry_delay = false;
- bool upg_check = false;
- bool dry_run = false;
- int revcmp = 0;
- int addargs;
- unsigned char argc = 1;
- bool force = false, use_get = false, in_queue = false, release_only = false;
-
- snprintf(user_agent, sizeof(user_agent), "%s/%s", argv[0], AUC_VERSION);
- fprintf(stdout, "%s\n", user_agent);
-
- while (argc<args) {
- if (!strncmp(argv[argc], "-h", 3) ||
- !strncmp(argv[argc], "--help", 7)) {
- usage(argv[0]);
- return 0;
- }
-
- addargs = 0;
-#ifdef AUC_DEBUG
- if (!strncmp(argv[argc], "-d", 3))
- debug = 1;
-#endif
- if (!strncmp(argv[argc], "-b", 3)) {
- cmd_target_branch = argv[argc + 1];
- addargs = 1;
- }
-
- if (!strncmp(argv[argc], "-B", 3)) {
- cmd_target_version = argv[argc + 1];
- addargs = 1;
- }
-
- if (!strncmp(argv[argc], "-c", 3))
- check_only = true;
-
- if (!strncmp(argv[argc], "-f", 3))
- force = true;
-
- if (!strncmp(argv[argc], "-F", 3)) {
- cmd_target_fstype = argv[argc + 1];
- addargs = 1;
- }
-
- if (!strncmp(argv[argc], "-n", 3))
- dry_run = true;
-
- if (!strncmp(argv[argc], "-r", 3))
- release_only = true;
-
- if (!strncmp(argv[argc], "-y", 3))
- dont_ask = true;
-
- argc += 1 + addargs;
- };
-
- if (load_config()) {
- rc=-EFAULT;
- goto freeubus;
- }
-
- if (chdir("/tmp")) {
- rc=-EFAULT;
- goto freeconfig;
- }
-
- if (!strncmp(serverurl, "https", 5)) {
- rc = init_ustream_ssl();
- if (rc == -2) {
- fprintf(stderr, "No CA certificates loaded, please install ca-certificates\n");
- rc=-1;
- goto freessl;
- }
-
- if (rc || !ssl_ctx) {
- fprintf(stderr, "SSL support not available, please install ustream-ssl\n");
- rc=-EPROTONOSUPPORT;
- goto freessl;
- }
- }
-
- uloop_init();
- ctx = ubus_connect(NULL);
- if (!ctx) {
- fprintf(stderr, "failed to connect to ubus.\n");
- return -1;
- }
-
- blobmsg_buf_init(&checkbuf);
- blobmsg_buf_init(&infobuf);
- blobmsg_buf_init(&reqbuf);
- blobmsg_buf_init(&imgbuf);
- /* ubus requires BLOBMSG_TYPE_UNSPEC */
- blob_buf_init(&upgbuf, 0);
-
- if (ubus_lookup_id(ctx, "system", &id) ||
- ubus_invoke(ctx, id, "board", NULL, board_cb, &checkbuf, 3000)) {
- fprintf(stderr, "cannot request board info from procd\n");
- rc=-EFAULT;
- goto freebufs;
- }
-
- fprintf(stdout, "Server: %s\n", serverurl);
- fprintf(stdout, "Running: %s %s on %s (%s)\n", version, revision, target, board_name);
- if (cmd_target_fstype && rootfs_type && strcmp(rootfs_type, cmd_target_fstype))
- fprintf(stderr, "WARNING: will change rootfs type from '%s' to '%s'\n",
- rootfs_type, cmd_target_fstype);
-
- if (request_branches(!(cmd_target_branch || cmd_target_version))) {
- rc=-ENODATA;
- goto freeboard;
- }
-
- running_branch = get_current_branch();
- running_revision = revision_from_version_code(revision);
- if (!running_branch)
- fprintf(stderr, "WARNING: cannot determing currently running branch.\n");
-
- target_version = select_branch(cmd_target_branch, cmd_target_version);
- if (!target_version) {
- rc=-EINVAL;
- goto freebranches;
- }
-
- fprintf(stdout, "Available: %s %s\n", target_version->version_number, target_version->version_code);
-
- if (running_branch->snapshot && !target_version->branch->snapshot)
- revcmp = (running_revision < target_version->branch->branch_off_rev)?-1:1;
- else if (!running_branch->snapshot && target_version->branch->snapshot)
- revcmp = -1;
- else
- revcmp = verrevcmp(version, target_version->version_number);
-
- if (revcmp < 0)
- upg_check |= PKG_UPGRADE;
- else if (revcmp > 0)
- upg_check |= PKG_DOWNGRADE;
-
- if (release_only && !(upg_check & PKG_UPGRADE)) {
- fprintf(stderr, "Nothing to be updated. Use '-f' to force.\n");
- rc = 0;
- goto freebranches;
- }
-
- if (target_version->branch == running_branch)
- grab_changes(running_branch, running_revision);
- else if (revcmp > 0)
- fprintf(stderr, "WARNING: Downgrade to older branch may not work as expected!\n");
- else avl_for_element_range(running_branch, target_version->branch, current_branch, avl) {
- if (current_branch == running_branch)
- grab_changes(running_branch, running_revision);
- else
- grab_changes(current_branch, covered_revision);
-
- if (current_branch->branch_off_rev > 0)
- covered_revision = current_branch->branch_off_rev;
- }
-
- if ((rc = request_packages(target_version)))
- goto freebranches;
-
- upg_check |= check_installed_packages();
- if (upg_check & PKG_ERROR) {
- rc = -ENOPKG;
- goto freebranches;
- }
-
- if (!upg_check && !force) {
- fprintf(stderr, "Nothing to be updated. Use '-f' to force.\n");
- rc=0;
- goto freebranches;
- };
-
- if (!force && (upg_check & PKG_DOWNGRADE)) {
- fprintf(stderr, "Refusing to downgrade. Use '-f' to force.\n");
- rc = -ENOTRECOVERABLE;
- goto freebranches;
- };
-
- if (!force && (upg_check & PKG_NOT_FOUND)) {
- fprintf(stderr, "Not all installed packages found in remote lists. Use '-f' to force.\n");
- rc = -ENOTRECOVERABLE;
- goto freebranches;
- };
-
- if (check_only)
- goto freebranches;
-
- if (!dont_ask) {
- if (!ask_user("Are you sure you want to continue the upgrade process?")) {
- rc = 0;
- goto freebranches;
- }
- }
-
- blobmsg_add_string(&reqbuf, "version", target_version->version);
- blobmsg_add_string(&reqbuf, "version_code", target_version->version_code);
- blobmsg_add_string(&reqbuf, "target", target);
-
- if (cmd_target_fstype || rootfs_type)
- blobmsg_add_string(&reqbuf, "filesystem", cmd_target_fstype?cmd_target_fstype:rootfs_type);
-
- sanetized_board_name = strdup(board_name);
- tmp = sanetized_board_name;
- while ((tmp = strchr(tmp, ',')))
- *tmp = '_';
-
- blobmsg_add_string(&reqbuf, "profile", sanetized_board_name);
- blobmsg_add_u8(&reqbuf, "diff_packages", 1);
-
- req_add_selected_packages(&reqbuf);
-
- snprintf(url, sizeof(url), "%s/%s", serverurl, API_REQUEST);
-
- use_get = false;
- do {
- retry = false;
-
- DPRINTF("requesting from %s\n%s%s", url, use_get?"":blobmsg_format_json_indent(reqbuf.head, true, 0), use_get?"":"\n");
-
- rc = server_request(url, use_get?NULL:&reqbuf, &imgbuf);
- if (rc)
- break;
-
- blobmsg_parse(reply_policy, __REPLY_MAX, tbr, blob_data(imgbuf.head), blob_len(imgbuf.head));
- if (!tbr[REPLY_OBJECT])
- break;
-
- blobmsg_parse(target_policy, __TARGET_MAX, tb, blobmsg_data(tbr[REPLY_OBJECT]), blobmsg_len(tbr[REPLY_OBJECT]));
-
- /* for compatibility with old server version, also support status in 200 reply */
- if (tb[TARGET_STATUS]) {
- tmp = blobmsg_get_string(tb[TARGET_STATUS]);
- if (status_delay(tmp))
- retry = 1;
- }
-
- if (tb[TARGET_REQUEST_HASH]) {
- if (retry) {
- if (!retry_delay)
- fputs("Requesting build", stderr);
-
- retry_delay = 2;
- if (tb[TARGET_QUEUE_POSITION]) {
- fprintf(stderr, "%s%s (position in queue: %d)",
- ANSI_ESC, in_queue?ANSI_CURSOR_RESTORE:ANSI_CURSOR_SAFE,
- blobmsg_get_u32(tb[TARGET_QUEUE_POSITION]));
- in_queue = true;
- } else {
- if (in_queue)
- fprintf(stderr, "%s%s%s%s",
- ANSI_ESC, ANSI_CURSOR_RESTORE,
- ANSI_ESC, ANSI_ERASE_LINE);
- fputc('.', stderr);
- in_queue = false;
- }
- } else {
- retry_delay = 0;
- }
- if (!use_get) {
- snprintf(url, sizeof(url), "%s/%s/%s", serverurl,
- API_REQUEST,
- blobmsg_get_string(tb[TARGET_REQUEST_HASH]));
- DPRINTF("polling via GET %s\n", url);
- }
- use_get = true;
- } else if (retry_delay) {
- retry_delay = 0;
- }
-
-#ifdef AUC_DEBUG
- if (debug && tb[TARGET_STDOUT])
- fputs(blobmsg_get_string(tb[TARGET_STDOUT]), stdout);
-
- if (debug && tb[TARGET_STDERR])
- fputs(blobmsg_get_string(tb[TARGET_STDERR]), stderr);
-#endif
-
- if (retry) {
- blob_buf_free(&imgbuf);
- blobmsg_buf_init(&imgbuf);
- sleep(retry_delay);
- }
- } while(retry);
-
- free(sanetized_board_name);
-
- if (!tb[TARGET_IMAGES] || !tb[TARGET_BINDIR]) {
- if (!rc)
- rc=-EBADMSG;
- goto freebranches;
- }
-
- if ((rc = select_image(tb[TARGET_IMAGES], cmd_target_fstype, &image_name, &image_sha256)))
- goto freebranches;
-
- snprintf(url, sizeof(url), "%s/%s/%s/%s", serverurl, API_STORE,
- blobmsg_get_string(tb[TARGET_BINDIR]),
- image_name);
-
- if (dry_run) {
- fprintf(stderr, "\nImage available at %s\n", url);
- rc = 0;
- goto freebranches;
- }
-
- fprintf(stderr, "\nDownloading image from %s\n", url);
- rc = server_request(url, NULL, NULL);
- if (rc)
- goto freebranches;
-
- filename = uclient_get_url_filename(url, "firmware.bin");
-
- if (stat(filename, &imgstat)) {
- fprintf(stderr, "image download failed\n");
- rc=-EPIPE;
- goto freebranches;
- }
-
- if ((intmax_t)imgstat.st_size != out_len) {
- fprintf(stderr, "file size mismatch\n");
- unlink(filename);
- rc=-EMSGSIZE;
- goto freebranches;
- }
-
- if (!validate_sha256(filename, image_sha256)) {
- fprintf(stderr, "sha256 mismatch\n");
- unlink(filename);
- rc=-EBADMSG;
- goto freebranches;
- }
-
- if (strcmp(filename, "firmware.bin")) {
- if (rename(filename, "firmware.bin")) {
- fprintf(stderr, "can't rename to firmware.bin\n");
- unlink(filename);
- rc=-errno;
- goto freebranches;
- }
- }
-
- valid = 0;
- if (ubus_lookup_id(ctx, "rpc-sys", &id) ||
- ubus_invoke(ctx, id, "upgrade_test", NULL, upgtest_cb, &valid, 15000)) {
- rc=-EFAULT;
- goto freebranches;
- }
-
- if (!valid) {
- rc=-EINVAL;
- goto freebranches;
- }
-
- fprintf(stdout, "invoking sysupgrade\n");
- blobmsg_add_u8(&upgbuf, "keep", 1);
- ubus_invoke(ctx, id, "upgrade_start", upgbuf.head, NULL, NULL, 120000);
- sleep(10);
-
-freebranches:
- free_branches();
- if (rc && tb[TARGET_STDOUT]
-#ifdef AUC_DEBUG
- && !debug
-#endif
- )
- fputs(blobmsg_get_string(tb[TARGET_STDOUT]), stdout);
- if (rc && tb[TARGET_STDERR]
-#ifdef AUC_DEBUG
- && !debug
-#endif
- )
- fputs(blobmsg_get_string(tb[TARGET_STDERR]), stderr);
-
- if (tb[TARGET_DETAIL]) {
- fputs(blobmsg_get_string(tb[TARGET_DETAIL]), stderr);
- fputc('\n', stderr);
- }
-
-freeboard:
- if (rootfs_type)
- free(rootfs_type);
-
- free(board_name);
- free(target);
- free(distribution);
- free(version);
-
-freebufs:
- blob_buf_free(&checkbuf);
- blob_buf_free(&infobuf);
- blob_buf_free(&reqbuf);
- blob_buf_free(&imgbuf);
- blob_buf_free(&upgbuf);
-
-freessl:
- if (ssl_ctx)
- ssl_ops->context_free(ssl_ctx);
-
-freeconfig:
- free(serverurl);
-
-freeubus:
- uloop_done();
- ubus_free(ctx);
-
- if (ucl)
- uclient_free(ucl);
-
- if (dlh)
- dlclose(dlh);
-
- if (rc)
- fprintf(stderr, "%s (%d)\n", strerror(-1 * rc), -1 * rc);
-
- return rc;
-}
include $(TOPDIR)/rules.mk
PKG_NAME:=augeas
-PKG_VERSION:=1.12.0
-PKG_RELEASE:=3
+PKG_VERSION:=1.14.1
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://download.augeas.net/
-PKG_HASH:=321942c9cc32185e2e9cb72d0a70eea106635b50269075aca6714e3ec282cb87
+PKG_SOURCE_URL:=https://github.com/hercules-team/augeas/releases/download/release-$(PKG_VERSION)
+PKG_HASH:=368bfdd782e4b9c7163baadd621359c82b162734864b667051ff6bcb57b9edff
PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
+
+PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec1@gmail.com>
PKG_LICENSE:=LGPL-2.1-or-later
PKG_LICENSE_FILES:=COPYING
PKG_CPE_ID:=cpe:/a:augeas:augeas
-PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec1@gmail.com>
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/nls.mk
PKG_NAME:=avrdude
PKG_VERSION:=7.3
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/avrdudes/avrdude
--- /dev/null
+From 315df4ba7670a1e5190373155196a40d5a3fd54b Mon Sep 17 00:00:00 2001
+From: Michael Heimpold <mhei@heimpold.de>
+Date: Wed, 27 Mar 2024 22:33:21 +0100
+Subject: [PATCH] Add support for libgpiod v2+ API
+
+libgpiod in version 2 or above introduced an API change which results
+in compile error with the current code.
+
+This commit adds some glue magic for the newer versions and
+tries to detect the used libgpiod version based on the information
+available in the pkg-config files.
+
+At the moment, this eliminates the possibility to statically link
+against this library.
+
+Signed-off-by: Michael Heimpold <mhei@heimpold.de>
+(cherry picked from commit ea701bc2f59c465f48dc290e8e6cf6d14416205f)
+Upstream-Status: Accepted - will be part of next release
+---
+ CMakeLists.txt | 39 ++++++++---
+ src/Makefile.am | 4 +-
+ src/cmake_config.h.in | 3 +
+ src/configure.ac | 31 +++++++++
+ src/linuxgpio.c | 156 ++++++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 222 insertions(+), 11 deletions(-)
+
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -126,7 +126,6 @@ if(USE_STATIC_LIBS)
+ set(PREFERRED_LIBFTDI1 libftdi1.a ftdi1)
+ set(PREFERRED_LIBREADLINE libreadline.a readline)
+ set(PREFERRED_LIBSERIALPORT libserialport.a serialport)
+- set(PREFERRED_LIBGPIOD libgpiod.a gpiod)
+ else()
+ set(PREFERRED_LIBELF elf)
+ set(PREFERRED_LIBUSB usb)
+@@ -136,7 +135,6 @@ else()
+ set(PREFERRED_LIBFTDI1 ftdi1)
+ set(PREFERRED_LIBREADLINE readline)
+ set(PREFERRED_LIBSERIALPORT serialport)
+- set(PREFERRED_LIBGPIOD gpiod)
+ endif()
+
+ # -------------------------------------
+@@ -237,12 +235,32 @@ if(HAVE_LIBSERIALPORT)
+ endif()
+
+ # -------------------------------------
+-# Find libgpiod, if needed
++# Find libgpiod using pkg-config, if needed
+ if(HAVE_LINUXGPIO)
+- find_library(HAVE_LIBGPIOD NAMES ${PREFERRED_LIBGPIOD})
+- if(HAVE_LIBGPIOD)
+- set(LIB_LIBGPIOD ${HAVE_LIBGPIOD})
+- set(CMAKE_REQUIRED_LIBRARIES ${LIB_LIBGPIOD})
++ # defaults/fallbacks
++ set(HAVE_LIBGPIOD 0)
++ set(HAVE_LIBGPIOD_V2 0)
++
++ find_package(PkgConfig)
++ if(PKG_CONFIG_FOUND)
++ # check whether we have version >= 2.0
++ pkg_check_modules(LIBGPIODV2 libgpiod>=2.0)
++ if(LIBGPIODV2_FOUND)
++ set(HAVE_LIBGPIOD 1)
++ set(HAVE_LIBGPIOD_V2 1)
++ set(CMAKE_REQUIRED_LIBRARIES ${LIBGPIODV2_LIBRARIES})
++ set(LIB_LIBGPIOD ${LIBGPIODV2_LINK_LIBRARIES})
++ else()
++ # check whether we have at least an older version
++ pkg_check_modules(LIBGPIOD libgpiod)
++ if(LIBGPIOD_FOUND)
++ set(HAVE_LIBGPIOD 1)
++ set(CMAKE_REQUIRED_LIBRARIES ${LIBGPIOD_LIBRARIES})
++ set(LIB_LIBGPIOD ${LIBGPIOD_LINK_LIBRARIES})
++ endif()
++ endif()
++ else()
++ message(WARNING "For using libgpiod, pkg-config would be required which is not available.")
+ endif()
+ endif()
+
+@@ -339,7 +357,8 @@ if (DEBUG_CMAKE)
+ message(STATUS "HAVE_LIBUSB_1_0_LIBUSB_H: ${HAVE_LIBUSB_1_0_LIBUSB_H}")
+ message(STATUS "HAVE_HIDAPI_HIDAPI_H: ${HAVE_HIDAPI_HIDAPI_H}")
+ message(STATUS "LIBUSB_COMPAT_DIR: ${LIBUSB_COMPAT_DIR}")
+- message(STATUS "HAVE_LIBGPIOD: ${HAVE_LIBGPIOD}")
++ message(STATUS "LIBGPIODV2_FOUND: ${LIBGPIODV2_FOUND}")
++ message(STATUS "LIBGPIOD_FOUND: ${LIBGPIOD_FOUND}")
+ message(STATUS "----------------------")
+ endif()
+
+@@ -409,7 +428,9 @@ endif()
+
+ if(HAVE_LINUXGPIO)
+ message(STATUS "ENABLED linuxgpio")
+- if (HAVE_LIBGPIOD)
++ if (LIBGPIODV2_FOUND)
++ message(STATUS "DO HAVE libgpiod (v2.x)")
++ elseif(LIBGPIOD_FOUND)
+ message(STATUS "DO HAVE libgpiod")
+ else()
+ message(STATUS "DON'T HAVE libgpiod")
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -62,10 +62,10 @@ libavrdude_la_CPPFLAGS = $(libavrdude_a_
+
+ avrdude_CFLAGS = @ENABLE_WARNINGS@
+
+-libavrdude_a_CFLAGS = @ENABLE_WARNINGS@
++libavrdude_a_CFLAGS = @ENABLE_WARNINGS@ $(LIBGPIOD_CFLAGS)
+ libavrdude_la_CFLAGS = $(libavrdude_a_CFLAGS)
+
+-avrdude_LDADD = $(top_builddir)/$(noinst_LIBRARIES) @LIBUSB_1_0@ @LIBHIDAPI@ @LIBUSB@ @LIBFTDI1@ @LIBFTDI@ @LIBHID@ @LIBELF@ @LIBPTHREAD@ @LIBSERIALPORT@ -lm
++avrdude_LDADD = $(top_builddir)/$(noinst_LIBRARIES) @LIBUSB_1_0@ @LIBHIDAPI@ @LIBUSB@ @LIBFTDI1@ @LIBFTDI@ @LIBHID@ @LIBELF@ @LIBPTHREAD@ @LIBSERIALPORT@ $(LIBGPIOD_LIBS) -lm
+
+ bin_PROGRAMS = avrdude
+
+--- a/src/cmake_config.h.in
++++ b/src/cmake_config.h.in
+@@ -30,6 +30,9 @@
+ /* Let linuxgpio know if libgpiod is available. */
+ #cmakedefine HAVE_LIBGPIOD
+
++/* Let linuxgpio know whether v2 of libgpiod is available. */
++#cmakedefine HAVE_LIBGPIOD_V2
++
+ /* Linux SPI support enabled */
+ #cmakedefine HAVE_LINUXSPI 1
+
+--- a/src/configure.ac
++++ b/src/configure.ac
+@@ -65,6 +65,14 @@ AN_MAKEVAR([AR], [AC_PROG_AR])
+ AN_PROGRAM([ar], [AC_PROG_AR])
+ AC_DEFUN([AC_PROG_AR], [AC_CHECK_TARGET_TOOL(AR, ar, :)])
+ AC_PROG_AR
++
++# If macro PKG_PROG_PKG_CONFIG is not available, Autoconf generates a misleading error message,
++# so check for existence first, and otherwise provide helpful advice.
++m4_ifndef([PKG_PROG_PKG_CONFIG], [m4_fatal(m4_normalize([
++ Macro PKG_PROG_PKG_CONFIG is not available.
++ It is usually defined in file pkg.m4 provided by package pkg-config.]))])
++PKG_PROG_PKG_CONFIG([0.23])
++
+ AH_TEMPLATE([HAVE_YYLEX_DESTROY],
+ [Define if lex/flex has yylex_destroy])
+ # flex should have this
+@@ -465,6 +473,22 @@ fi
+ if test "$enabled_linuxgpio" = "yes"; then
+ AC_DEFINE(HAVE_LINUXGPIO, 1, [Linux sysfs GPIO support enabled])
+ confsubst="$confsubst -e /^@HAVE_LINUXGPIO_/d"
++
++ PKG_CHECK_MODULES([LIBGPIOD], [libgpiod >= 2.0], [
++ have_libgpiod=yes
++ have_libgpiodv2=yes
++ AC_DEFINE([HAVE_LIBGPIOD], [1], [Linux libgpiod available])
++ AC_DEFINE([HAVE_LIBGPIOD_V2], [1], [Linux libgpiod (v2.x) available])
++ ], [
++ PKG_CHECK_MODULES([LIBGPIOD], [libgpiod], [
++ have_libgpiod=yes
++ have_libgpiodv2=no
++ AC_DEFINE([HAVE_LIBGPIOD], [1], [Linux libgpiod available])
++ ], [
++ have_libgpiod=no
++ have_libgpiodv2=no
++ ])
++ ])
+ else
+ confsubst="$confsubst -e /^@HAVE_LINUXGPIO_BEGIN@/,/^@HAVE_LINUXGPIO_END@/d"
+ fi
+@@ -678,6 +702,13 @@ fi
+
+ if test x$enabled_linuxgpio = xyes; then
+ echo "ENABLED linuxgpio"
++ if test "x$have_libgpiodv2" = xyes; then
++ echo "DO HAVE libgpiod (v2.x)"
++ elif test "x$have_libgpiod" = xyes; then
++ echo "DO HAVE libgpiod"
++ else
++ echo "DON'T HAVE libgpiod"
++ fi
+ else
+ echo "DISABLED linuxgpio"
+ fi
+--- a/src/linuxgpio.c
++++ b/src/linuxgpio.c
+@@ -337,6 +337,162 @@ static void linuxgpio_sysfs_close(PROGRA
+
+ #ifdef HAVE_LIBGPIOD
+
++#ifdef HAVE_LIBGPIOD_V2
++
++struct gpiod_line {
++ struct gpiod_chip *chip;
++ struct gpiod_line_request *line_request;
++ unsigned int gpio_num;
++};
++
++struct gpiod_line *gpiod_line_get(const char *port, int gpio_num) {
++ struct gpiod_line *rv;
++ char abs_port[32];
++
++ if (snprintf(abs_port, sizeof(abs_port), "/dev/%s", port) >= (int)sizeof(abs_port))
++ return NULL;
++
++ rv = calloc(sizeof(struct gpiod_line), 1);
++ if (!rv)
++ return NULL;
++
++ rv->gpio_num = gpio_num;
++
++ rv->chip = gpiod_chip_open(abs_port);
++ if (!rv->chip) {
++ free(rv);
++ return NULL;
++ }
++
++ return rv;
++}
++
++int gpiod_line_request_input(struct gpiod_line *gpio_line, const char *consumer) {
++ struct gpiod_line_settings *line_settings = NULL;
++ struct gpiod_line_config *line_config = NULL;
++ struct gpiod_request_config *req_cfg = NULL;
++ int retval = -1;
++
++ line_settings = gpiod_line_settings_new();
++ line_config = gpiod_line_config_new();
++ req_cfg = gpiod_request_config_new();
++
++ if (!line_settings || !line_config || !req_cfg)
++ goto err_out;
++
++ retval = gpiod_line_settings_set_direction(line_settings, GPIOD_LINE_DIRECTION_INPUT);
++ if (retval != 0)
++ goto err_out;
++
++ retval = gpiod_line_config_add_line_settings(line_config, &gpio_line->gpio_num, 1, line_settings);
++ if (retval != 0)
++ goto err_out;
++
++ gpiod_request_config_set_consumer(req_cfg, consumer);
++
++ gpio_line->line_request = gpiod_chip_request_lines(gpio_line->chip, req_cfg, line_config);
++ if (!gpio_line->line_request)
++ goto err_out;
++
++ retval = 0;
++
++err_out:
++ gpiod_line_settings_free(line_settings);
++ gpiod_line_config_free(line_config);
++ gpiod_request_config_free(req_cfg);
++ return retval;
++}
++
++int gpiod_line_request_output(struct gpiod_line *gpio_line, const char *consumer, int value) {
++ struct gpiod_line_settings *line_settings = NULL;
++ struct gpiod_line_config *line_config = NULL;
++ struct gpiod_request_config *req_cfg = NULL;
++ int retval = -1;
++
++ line_settings = gpiod_line_settings_new();
++ line_config = gpiod_line_config_new();
++ req_cfg = gpiod_request_config_new();
++
++ if (!line_settings || !line_config || !req_cfg)
++ goto err_out;
++
++ retval = gpiod_line_settings_set_direction(line_settings, GPIOD_LINE_DIRECTION_OUTPUT);
++ if (retval != 0)
++ goto err_out;
++
++ retval = gpiod_line_settings_set_output_value(line_settings, value ? GPIOD_LINE_VALUE_ACTIVE : GPIOD_LINE_VALUE_INACTIVE);
++ if (retval != 0)
++ goto err_out;
++
++ retval = gpiod_line_config_add_line_settings(line_config, &gpio_line->gpio_num, 1, line_settings);
++ if (retval != 0)
++ goto err_out;
++
++ gpiod_request_config_set_consumer(req_cfg, consumer);
++
++ gpio_line->line_request = gpiod_chip_request_lines(gpio_line->chip, req_cfg, line_config);
++ if (!gpio_line->line_request)
++ goto err_out;
++
++ retval = 0;
++
++err_out:
++ gpiod_line_settings_free(line_settings);
++ gpiod_line_config_free(line_config);
++ gpiod_request_config_free(req_cfg);
++ return retval;
++}
++
++int gpiod_line_set_direction_input(struct gpiod_line *gpio_line) {
++ struct gpiod_line_settings *line_settings = NULL;
++ struct gpiod_line_config *line_config = NULL;
++ int retval = -1;
++
++ line_settings = gpiod_line_settings_new();
++ line_config = gpiod_line_config_new();
++
++ if (!line_settings || !line_config)
++ goto err_out;
++
++ retval = gpiod_line_settings_set_direction(line_settings, GPIOD_LINE_DIRECTION_INPUT);
++ if (retval != 0)
++ goto err_out;
++
++ retval = gpiod_line_config_add_line_settings(line_config, &gpio_line->gpio_num, 1, line_settings);
++ if (retval != 0)
++ goto err_out;
++
++ retval = gpiod_line_request_reconfigure_lines(gpio_line->line_request, line_config);
++
++err_out:
++ gpiod_line_settings_free(line_settings);
++ gpiod_line_config_free(line_config);
++ return retval;
++}
++
++/* this helper is not thread safe, but we are not using threads... */
++char *gpiod_line_name(struct gpiod_line *gpio_line) {
++ static char buffer[16];
++ snprintf(buffer, sizeof(buffer), "%u", gpio_line->gpio_num);
++ return buffer;
++}
++
++void gpiod_line_release(struct gpiod_line *gpio_line) {
++ gpiod_line_request_release(gpio_line->line_request);
++ gpiod_chip_close(gpio_line->chip);
++ free(gpio_line);
++}
++
++static inline int gpiod_line_set_value(struct gpiod_line *gpio_line, int value) {
++ return gpiod_line_request_set_value(gpio_line->line_request, gpio_line->gpio_num, value);
++}
++
++static inline int gpiod_line_get_value(struct gpiod_line *gpio_line) {
++ return gpiod_line_request_get_value(gpio_line->line_request, gpio_line->gpio_num);
++}
++
++#endif
++
+ struct gpiod_line * linuxgpio_libgpiod_lines[N_PINS];
+
+ // Try to tell if libgpiod is going to work.
include $(TOPDIR)/rules.mk
PKG_NAME:=bash
-PKG_VERSION:=5.2.21
+PKG_VERSION:=5.2.32
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@GNU/bash
-PKG_HASH:=c8e31bdc59b69aaffc5b36509905ba3e5cbb12747091d27b4b977f078560d5b8
+PKG_HASH:=d3ef80d2b67d8cbbe4d3265c63a72c46f9b278ead6e0e06d61801b58f23f50b5
PKG_MAINTAINER:=Marcel Denia <naoir@gmx.net>
PKG_LICENSE:=GPL-3.0-or-later
include $(TOPDIR)/rules.mk
PKG_NAME:=bc
-PKG_VERSION:=1.06.95
+PKG_VERSION:=1.07.1
PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).orig.tar.gz
-PKG_SOURCE_URL:=@DEBIAN/pool/main/b/bc
-PKG_HASH:=5e1471869dd27ba4120dd3942d2f4ec6646cf917fb056be9ae0d3a8259668d47
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=@GNU/bc
+PKG_HASH:=62adfca89b0a1c0164c2cdca59ca210c1d44c3ffc46daf9931cf4942664cb02a
-PKG_MAINTAINER:=Bruno Randolf <br1@einfach.org>
-PKG_LICENSE:=GPL-2.0
+PKG_MAINTAINER:=Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
+PKG_LICENSE:=GPL-3.0-or-later
PKG_LICENSE_FILES:=COPYING
+PKG_FIXUP:=autoreconf
PKG_CPE_ID:=cpe:/a:gnu:bc
include $(INCLUDE_DIR)/package.mk
define Package/bc/Default
SECTION:=utils
CATEGORY:=Utilities
- URL:=http://packages.debian.org/bc
+ URL:=https://www.gnu.org/software/bc/
endef
define Package/bc
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -149,7 +149,7 @@ sbindir = @sbindir@
- sharedstatedir = @sharedstatedir@
- sysconfdir = @sysconfdir@
- target_alias = @target_alias@
--SUBDIRS = lib bc dc doc
-+SUBDIRS = lib bc dc
- MAINTAINERCLEANFILES = aclocal.m4 config.h.in configure Makefile.in \
- stamp-h $(distdir).tar.gz h/number.h depcomp missing
-
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,6 +1,6 @@
+SUBDIRS = lib bc dc
MAINTAINERCLEANFILES = aclocal.m4 config.h.in configure Makefile.in \
- stamp-h $(distdir).tar.gz h/number.h depcomp missing
+ stamp-h $(distdir).tar.gz h/number.h depcomp missing \
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -288,7 +288,7 @@ target_alias = @target_alias@
+ top_build_prefix = @top_build_prefix@
+ top_builddir = @top_builddir@
+ top_srcdir = @top_srcdir@
+-SUBDIRS = lib bc dc doc
++SUBDIRS = lib bc dc
+ MAINTAINERCLEANFILES = aclocal.m4 config.h.in configure Makefile.in \
+ stamp-h $(distdir).tar.gz h/number.h depcomp missing \
+ bc/libmath.h
--- /dev/null
+From af96fb92052c307818eefa4b687f964f1e3f542e Mon Sep 17 00:00:00 2001
+From: Matt Weber <matthew.weber@rockwellcollins.com>
+Date: Thu, 12 Sep 2019 15:04:35 -0500
+Subject: [PATCH] notice read and write errors on input and output
+
+Quoting from the bug report:
+ bc (1.06-19ubuntu1) dapper; urgency=low
+ * Make dc notice read and write errors on its input and output.
+ I grepped for mentions of the strings `putc', `print', `getc',
+ `FILE', `stdin', `stdout' and `stderr' and added calls to new
+ error-checking functions unless it was clear from the
+ immediately-surrounding code that the program was exiting
+ nonzero, or would exit nonzero if the call failed. I ignored
+ hits in lib/getopt*, which seems to pervasively ignore write
+ errors when printing usage messages, in the hope that these
+ were correct. I _think_ I got them all. -iwj.
+ -- Ian Jackson <iwj@ubuntu.com> Tue, 4 Apr 2006 17:21:02 +0100
+
+Upsteam:
+https://sources.debian.org/patches/bc/1.07.1-2/05_notice_read_write_errors.diff/
+
+[Reformatted to GIT for 1.0.7.1 by Matt W]
+Updated by Ryan Kavanagh <rak@debian.org> for 1.0.7.1 on 26 July 2017.
+Author: Ian Jackson <iwj@ubuntu.com>
+Origin: other
+Bug-Debian: http://bugs.debian.org/488735
+
+Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
+Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
+[Bernd:
+ Updated to incorporate changes by Matthias Klose <doko@debian.org>
+ on 2024-03-13 that fix Debian bug https://bugs.debian.org/1065375]
+---
+ bc/execute.c | 10 +++++++++-
+ bc/main.c | 3 +++
+ bc/sbc.y | 2 ++
+ bc/scan.c | 2 ++
+ bc/scan.l | 3 +++
+ bc/util.c | 15 ++++++++++++--
+ dc/dc.c | 3 +++
+ dc/eval.c | 55 +++++++++++++++++++++++++++++++++++++++-------------
+ dc/misc.c | 1 +
+ dc/numeric.c | 9 +++++++++
+ dc/stack.c | 11 ++++++++++-
+ dc/string.c | 2 ++
+ h/number.h | 11 +++++++----
+ lib/number.c | 24 +++++++++++++++++++++++
+ 14 files changed, 129 insertions(+), 22 deletions(-)
+
+--- a/bc/execute.c
++++ b/bc/execute.c
+@@ -104,6 +104,7 @@ execute (void)
+ }
+ out_char ('\n');
+ }
++ checkferror_output(stdout);
+ }
+ #endif
+
+@@ -224,6 +225,7 @@ execute (void)
+ }
+ }
+ fflush (stdout);
++ checkferror_output(stdout);
+ break;
+
+ case 'R' : /* Return from function */
+@@ -259,6 +261,7 @@ execute (void)
+ if (inst == 'W') out_char ('\n');
+ store_var (4); /* Special variable "last". */
+ fflush (stdout);
++ checkferror_output(stdout);
+ pop ();
+ break;
+
+@@ -342,6 +345,7 @@ execute (void)
+ case 'w' : /* Write a string to the output. */
+ while ((ch = byte(&pc)) != '"') out_schar (ch);
+ fflush (stdout);
++ checkferror_output(stdout);
+ break;
+
+ case 'x' : /* Exchange Top of Stack with the one under the tos. */
+@@ -549,7 +553,10 @@ execute (void)
+ {
+ signal (SIGINT, use_quit);
+ if (had_sigint)
+- printf ("\ninterrupted execution.\n");
++ {
++ printf ("\ninterrupted execution.\n");
++ checkferror_output(stdout);
++ }
+ }
+ }
+
+@@ -584,6 +591,7 @@ input_char (void)
+ out_col = 0; /* Saw a new line */
+ }
+ }
++ checkferror_input(stdin);
+
+ /* Classify and preprocess the input character. */
+ if (isdigit(in_ch))
+--- a/bc/main.c
++++ b/bc/main.c
+@@ -353,6 +353,9 @@ use_quit (int sig)
+ errno = save;
+ #else
+ write (1, "\n(interrupt) Exiting bc.\n", 26);
++#ifdef READLINE
++ rl_initialize (); /* Clear readline buffer */
++#endif
+ bc_exit(0);
+ #endif
+ }
+--- a/bc/sbc.y
++++ b/bc/sbc.y
+@@ -86,7 +86,9 @@ program : /* empty */
+ if (interactive && !quiet)
+ {
+ show_bc_version ();
++ checkferror_output(stdout);
+ welcome ();
++ checkferror_output(stdout);
+ }
+ }
+ | program input_item
+--- a/bc/scan.c
++++ b/bc/scan.c
+@@ -791,6 +791,7 @@ bcel_input (char *buf, yy_size_t *resul
+ if (bcel_len != 0)
+ history (hist, &histev, H_ENTER, bcel_line);
+ fflush (stdout);
++ checkferror_output(stdout);
+ }
+
+ if (bcel_len <= max)
+@@ -863,6 +864,7 @@ rl_input (char *buf, int *result, int ma
+ add_history (rl_line);
+ rl_line[rl_len-1] = '\n';
+ fflush (stdout);
++ checkferror_output(stdout);
+ }
+
+ if (rl_len <= max)
+--- a/bc/scan.l
++++ b/bc/scan.l
+@@ -99,6 +99,7 @@ bcel_input (char *buf, yy_size_t *resul
+ if (bcel_len != 0)
+ history (hist, &histev, H_ENTER, bcel_line);
+ fflush (stdout);
++ checkferror_output(stdout);
+ }
+
+ if (bcel_len <= max)
+@@ -171,6 +172,7 @@ rl_input (char *buf, int *result, int ma
+ add_history (rl_line);
+ rl_line[rl_len-1] = '\n';
+ fflush (stdout);
++ checkferror_output(stdout);
+ }
+
+ if (rl_len <= max)
+@@ -295,6 +297,7 @@ limits return(Limits);
+ if (c == EOF)
+ {
+ fprintf (stderr,"EOF encountered in a comment.\n");
++ checkferror_output(stderr);
+ break;
+ }
+ }
+--- a/bc/util.c
++++ b/bc/util.c
+@@ -247,9 +247,10 @@ init_gen (void)
+ continue_label = 0;
+ next_label = 1;
+ out_count = 2;
+- if (compile_only)
++ if (compile_only) {
+ printf ("@i");
+- else
++ checkferror_output(stdout);
++ } else
+ init_load ();
+ had_error = FALSE;
+ did_gen = FALSE;
+@@ -272,6 +273,7 @@ generate (const char *str)
+ printf ("\n");
+ out_count = 0;
+ }
++ checkferror_output(stdout);
+ }
+ else
+ load_code (str);
+@@ -289,6 +291,7 @@ run_code(void)
+ if (compile_only)
+ {
+ printf ("@r\n");
++ checkferror_output(stdout);
+ out_count = 0;
+ }
+ else
+@@ -326,6 +329,7 @@ out_char (int ch)
+ }
+ putchar (ch);
+ }
++ checkferror_output(stdout);
+ }
+
+ /* Output routines: Write a character CH to the standard output.
+@@ -355,6 +359,7 @@ out_schar (int ch)
+ }
+ putchar (ch);
+ }
++ checkferror_output(stdout);
+ }
+
+
+@@ -639,6 +644,7 @@ limits(void)
+ #ifdef OLD_EQ_OP
+ printf ("Old assignment operatiors are valid. (=-, =+, ...)\n");
+ #endif
++ checkferror_output(stdout);
+ }
+
+ /* bc_malloc will check the return value so all other places do not
+@@ -703,6 +709,7 @@ yyerror (str, va_alist)
+ fprintf (stderr,"%s %d: ",name,line_no);
+ vfprintf (stderr, str, args);
+ fprintf (stderr, "\n");
++ checkferror_output(stderr);
+ had_error = TRUE;
+ va_end (args);
+ }
+@@ -743,6 +750,7 @@ ct_warn (mesg, va_alist)
+ fprintf (stderr,"%s %d: Error: ",name,line_no);
+ vfprintf (stderr, mesg, args);
+ fprintf (stderr, "\n");
++ checkferror_output(stderr);
+ had_error = TRUE;
+ }
+ else
+@@ -755,6 +763,7 @@ ct_warn (mesg, va_alist)
+ fprintf (stderr,"%s %d: (Warning) ",name,line_no);
+ vfprintf (stderr, mesg, args);
+ fprintf (stderr, "\n");
++ checkferror_output(stderr);
+ }
+ va_end (args);
+ }
+@@ -789,6 +798,7 @@ rt_error (mesg, va_alist)
+ va_end (args);
+
+ fprintf (stderr, "\n");
++ checkferror_output(stderr);
+ runtime_error = TRUE;
+ }
+
+@@ -823,6 +833,7 @@ rt_warn (const char *mesg)
+ va_end (args);
+
+ fprintf (stderr, "\n");
++ checkferror_output(stderr);
+ }
+
+ /* bc_exit: Make sure to reset the edit state. */
+--- a/dc/dc.c
++++ b/dc/dc.c
+@@ -45,6 +45,7 @@
+ #include <getopt.h>
+ #include "dc.h"
+ #include "dc-proto.h"
++#include "number.h"
+
+ #ifndef EXIT_SUCCESS /* C89 <stdlib.h> */
+ # define EXIT_SUCCESS 0
+@@ -59,6 +60,7 @@ static void
+ bug_report_info DC_DECLVOID()
+ {
+ printf("Email bug reports to: bug-dc@gnu.org .\n");
++ checkferror_output(stdout);
+ }
+
+ static void
+@@ -69,6 +71,7 @@ show_version DC_DECLVOID()
+ This is free software; see the source for copying conditions. There is NO\n\
+ warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE,\n\
+ to the extent permitted by law.\n", DC_COPYRIGHT);
++ checkferror_output(stdout);
+ }
+
+ /* your generic usage function */
+@@ -85,6 +88,7 @@ Usage: %s [OPTION] [file ...]\n\
+ \n\
+ ", progname);
+ bug_report_info();
++ checkferror_output(f);
+ }
+
+ /* returns a pointer to one past the last occurance of c in s,
+--- a/dc/eval.c
++++ b/dc/eval.c
+@@ -41,6 +41,7 @@
+ #endif
+ #include "dc.h"
+ #include "dc-proto.h"
++#include "number.h"
+
+ typedef enum {DC_FALSE, DC_TRUE} dc_boolean;
+
+@@ -97,12 +98,15 @@ static int input_pushback;
+ static int
+ input_fil DC_DECLVOID()
+ {
++ int c;
+ if (input_pushback != EOF){
+- int c = input_pushback;
++ c = input_pushback;
+ input_pushback = EOF;
+ return c;
+ }
+- return getc(input_fil_fp);
++ c = getc(input_fil_fp);
++ checkferror_input(input_fil_fp);
++ return c;
+ }
+
+ /* passed as an argument to dc_getnum */
+@@ -301,11 +305,13 @@ dc_func DC_DECLARG((c, peekc, negcmp))
+ tmpint = dc_num2int(datum.v.number, DC_TOSS);
+ if (2 <= tmpint && tmpint <= DC_IBASE_MAX)
+ dc_ibase = tmpint;
+- else
++ else {
+ fprintf(stderr,
+ "%s: input base must be a number \
+ between 2 and %d (inclusive)\n",
+ progname, DC_IBASE_MAX);
++ checkferror_output(stderr);
++ }
+ }
+ break;
+ case 'k': /* set scale to value on top of stack */
+@@ -313,11 +319,12 @@ between 2 and %d (inclusive)\n",
+ tmpint = -1;
+ if (datum.dc_type == DC_NUMBER)
+ tmpint = dc_num2int(datum.v.number, DC_TOSS);
+- if ( ! (tmpint >= 0) )
++ if ( ! (tmpint >= 0) ) {
+ fprintf(stderr,
+ "%s: scale must be a nonnegative number\n",
+ progname);
+- else
++ checkferror_output(stderr);
++ } else
+ dc_scale = tmpint;
+ }
+ break;
+@@ -341,11 +348,12 @@ between 2 and %d (inclusive)\n",
+ tmpint = 0;
+ if (datum.dc_type == DC_NUMBER)
+ tmpint = dc_num2int(datum.v.number, DC_TOSS);
+- if ( ! (tmpint > 1) )
++ if ( ! (tmpint > 1) ) {
+ fprintf(stderr,
+ "%s: output base must be a number greater than 1\n",
+ progname);
+- else
++ checkferror_output(stderr);
++ } else
+ dc_obase = tmpint;
+ }
+ break;
+@@ -378,6 +386,7 @@ between 2 and %d (inclusive)\n",
+ fprintf(stderr,
+ "%s: square root of nonnumeric attempted\n",
+ progname);
++ checkferror_output(stderr);
+ }else if (dc_sqrt(datum.v.number, dc_scale, &tmpnum) == DC_SUCCESS){
+ dc_free_num(&datum.v.number);
+ datum.v.number = tmpnum;
+@@ -424,6 +433,7 @@ between 2 and %d (inclusive)\n",
+ dc_garbage("at top of stack", -1);
+ }
+ fflush(stdout);
++ checkferror_output(stdout);
+ break;
+ case 'Q': /* quit out of top-of-stack nested evals;
+ * pops value from stack;
+@@ -440,6 +450,7 @@ between 2 and %d (inclusive)\n",
+ fprintf(stderr,
+ "%s: Q command requires a number >= 1\n",
+ progname);
++ checkferror_output(stderr);
+ }
+ break;
+ case 'R': /* pop a value off of the evaluation stack,;
+@@ -483,11 +494,12 @@ between 2 and %d (inclusive)\n",
+ if (datum.dc_type == DC_NUMBER)
+ tmpint = dc_num2int(datum.v.number, DC_TOSS);
+ if (dc_pop(&datum) == DC_SUCCESS){
+- if (tmpint < 0)
++ if (tmpint < 0) {
+ fprintf(stderr,
+ "%s: array index must be a nonnegative integer\n",
+ progname);
+- else
++ checkferror_output(stderr);
++ } else
+ dc_array_set(peekc, tmpint, datum);
+ }
+ }
+@@ -499,18 +511,21 @@ between 2 and %d (inclusive)\n",
+ tmpint = -1;
+ if (datum.dc_type == DC_NUMBER)
+ tmpint = dc_num2int(datum.v.number, DC_TOSS);
+- if (tmpint < 0)
++ if (tmpint < 0) {
+ fprintf(stderr,
+ "%s: array index must be a nonnegative integer\n",
+ progname);
+- else
++ checkferror_output(stderr);
++ } else
+ dc_push(dc_array_get(peekc, tmpint));
+ }
+ return DC_EATONE;
+
+ default: /* What did that user mean? */
+ fprintf(stderr, "%s: ", progname);
++ checkferror_output(stderr);
+ dc_show_id(stdout, c, " unimplemented\n");
++ checkferror_output(stdout);
+ break;
+ }
+ return DC_OKAY;
+@@ -538,6 +553,7 @@ evalstr DC_DECLARG((string))
+ fprintf(stderr,
+ "%s: eval called with non-string argument\n",
+ progname);
++ checkferror_output(stderr);
+ return DC_OKAY;
+ }
+ interrupt_seen = 0;
+@@ -635,6 +651,7 @@ evalstr DC_DECLARG((string))
+ return DC_FAIL;
+ }
+ fprintf(stderr, "%s: unexpected EOS\n", progname);
++ checkferror_output(stderr);
+ return DC_OKAY;
+ }
+ }
+@@ -692,6 +709,7 @@ dc_evalfile DC_DECLARG((fp))
+ stdin_lookahead = EOF;
+ for (c=getc(fp); c!=EOF; c=peekc){
+ peekc = getc(fp);
++ checkferror_input(stdin);
+ /*
+ * The following if() is the only place where ``stdin_lookahead''
+ * might be set to other than EOF:
+@@ -717,24 +735,30 @@ dc_evalfile DC_DECLARG((fp))
+ signal(SIGINT, sigint_handler);
+ switch (dc_func(c, peekc, negcmp)){
+ case DC_OKAY:
+- if (stdin_lookahead != peekc && fp == stdin)
++ if (stdin_lookahead != peekc && fp == stdin) {
+ peekc = getc(fp);
++ checkferror_input(stdin);
++ }
+ break;
+ case DC_EATONE:
+ peekc = getc(fp);
++ checkferror_input(fp);
+ break;
+ case DC_EVALREG:
+ /*commands which send us here shall guarantee that peekc!=EOF*/
+ c = peekc;
+ peekc = getc(fp);
++ checkferror_input(fp);
+ stdin_lookahead = peekc;
+ if (dc_register_get(c, &datum) != DC_SUCCESS)
+ break;
+ dc_push(datum);
+ /*@fallthrough@*/
+ case DC_EVALTOS:
+- if (stdin_lookahead != peekc && fp == stdin)
++ if (stdin_lookahead != peekc && fp == stdin) {
+ peekc = getc(fp);
++ checkferror_input(stdin);
++ }
+ if (dc_pop(&datum) == DC_SUCCESS){
+ if (datum.dc_type == DC_NUMBER){
+ dc_push(datum);
+@@ -744,6 +768,7 @@ dc_evalfile DC_DECLARG((fp))
+ goto reset_and_exit_quit;
+ fprintf(stderr, "%s: Q command argument exceeded \
+ string execution depth\n", progname);
++ checkferror_output(stderr);
+ }
+ }else{
+ dc_garbage("at top of stack", -1);
+@@ -756,8 +781,11 @@ string execution depth\n", progname);
+ fprintf(stderr,
+ "%s: Q command argument exceeded string execution depth\n",
+ progname);
+- if (stdin_lookahead != peekc && fp == stdin)
++ checkferror_output(stderr);
++ if (stdin_lookahead != peekc && fp == stdin) {
+ peekc = getc(fp);
++ checkferror_input(stdin);
++ }
+ break;
+
+ case DC_INT:
+--- a/dc/misc.c
++++ b/dc/misc.c
+@@ -47,6 +47,7 @@
+ #include <getopt.h>
+ #include "dc.h"
+ #include "dc-proto.h"
++#include "number.h"
+
+ #ifndef EXIT_FAILURE /* C89 <stdlib.h> */
+ # define EXIT_FAILURE 1
+@@ -89,6 +90,7 @@ dc_show_id DC_DECLARG((fp, id, suffix))
+ fprintf(fp, "'%c' (%#o)%s", (unsigned int) id, id, suffix);
+ else
+ fprintf(fp, "%#o%s", (unsigned int) id, suffix);
++ checkferror_output(fp);
+ }
+
+ \f
+--- a/dc/numeric.c
++++ b/dc/numeric.c
+@@ -133,6 +133,7 @@ dc_div DC_DECLARG((a, b, kscale, result)
+ bc_init_num(CastNumPtr(result));
+ if (bc_divide(CastNum(a), CastNum(b), CastNumPtr(result), kscale)){
+ fprintf(stderr, "%s: divide by zero\n", progname);
++ checkferror_output(stderr);
+ return DC_DOMAIN_ERROR;
+ }
+ return DC_SUCCESS;
+@@ -155,6 +156,7 @@ dc_divrem DC_DECLARG((a, b, kscale, quot
+ if (bc_divmod(CastNum(a), CastNum(b),
+ CastNumPtr(quotient), CastNumPtr(remainder), kscale)){
+ fprintf(stderr, "%s: divide by zero\n", progname);
++ checkferror_output(stderr);
+ return DC_DOMAIN_ERROR;
+ }
+ return DC_SUCCESS;
+@@ -173,6 +175,7 @@ dc_rem DC_DECLARG((a, b, kscale, result)
+ bc_init_num(CastNumPtr(result));
+ if (bc_modulo(CastNum(a), CastNum(b), CastNumPtr(result), kscale)){
+ fprintf(stderr, "%s: remainder by zero\n", progname);
++ checkferror_output(stderr);
+ return DC_DOMAIN_ERROR;
+ }
+ return DC_SUCCESS;
+@@ -225,6 +228,7 @@ dc_sqrt DC_DECLARG((value, kscale, resul
+ tmp = bc_copy_num(CastNum(value));
+ if (!bc_sqrt(&tmp, kscale)){
+ fprintf(stderr, "%s: square root of negative number\n", progname);
++ checkferror_output(stderr);
+ bc_free_num(&tmp);
+ return DC_DOMAIN_ERROR;
+ }
+@@ -470,6 +474,7 @@ dc_dump_num DC_DECLARG((dcvalue, discard
+
+ for (cur=top_of_stack; cur; cur=next) {
+ putchar(cur->digit);
++ checkferror_output(stdout);
+ next = cur->link;
+ free(cur);
+ }
+@@ -587,6 +592,8 @@ out_char (ch)
+ out_col = 1;
+ }
+ putchar(ch);
++ checkferror_output(stdout);
++ checkferror_output(stderr);
+ }
+ }
+
+@@ -626,6 +633,7 @@ rt_error (mesg, va_alist)
+ vfprintf (stderr, mesg, args);
+ va_end (args);
+ fprintf (stderr, "\n");
++ checkferror_output(stderr);
+ }
+
+
+@@ -659,6 +667,7 @@ rt_warn (mesg, va_alist)
+ vfprintf (stderr, mesg, args);
+ va_end (args);
+ fprintf (stderr, "\n");
++ checkferror_output(stderr);
+ }
+
+ \f
+--- a/dc/stack.c
++++ b/dc/stack.c
+@@ -33,9 +33,13 @@
+ #include "dc.h"
+ #include "dc-proto.h"
+ #include "dc-regdef.h"
++#include "number.h"
+
+ /* an oft-used error message: */
+-#define Empty_Stack fprintf(stderr, "%s: stack empty\n", progname)
++#define Empty_Stack do{ \
++ fprintf(stderr, "%s: stack empty\n", progname); \
++ checkferror_output(stderr); \
++ }while(0)
+
+
+ /* simple linked-list implementation suffices: */
+@@ -91,6 +95,7 @@ dc_binop DC_DECLARG((op, kscale))
+ if (dc_stack->value.dc_type!=DC_NUMBER
+ || dc_stack->link->value.dc_type!=DC_NUMBER){
+ fprintf(stderr, "%s: non-numeric value\n", progname);
++ checkferror_output(stderr);
+ return;
+ }
+ (void)dc_pop(&b);
+@@ -131,6 +136,7 @@ dc_binop2 DC_DECLARG((op, kscale))
+ if (dc_stack->value.dc_type!=DC_NUMBER
+ || dc_stack->link->value.dc_type!=DC_NUMBER){
+ fprintf(stderr, "%s: non-numeric value\n", progname);
++ checkferror_output(stderr);
+ return;
+ }
+ (void)dc_pop(&b);
+@@ -169,6 +175,7 @@ dc_cmpop DC_DECLVOID()
+ if (dc_stack->value.dc_type!=DC_NUMBER
+ || dc_stack->link->value.dc_type!=DC_NUMBER){
+ fprintf(stderr, "%s: non-numeric value\n", progname);
++ checkferror_output(stderr);
+ return 0;
+ }
+ (void)dc_pop(&b);
+@@ -206,6 +213,7 @@ dc_triop DC_DECLARG((op, kscale))
+ || dc_stack->link->value.dc_type!=DC_NUMBER
+ || dc_stack->link->link->value.dc_type!=DC_NUMBER){
+ fprintf(stderr, "%s: non-numeric value\n", progname);
++ checkferror_output(stderr);
+ return;
+ }
+ (void)dc_pop(&c);
+@@ -327,6 +335,7 @@ dc_register_get DC_DECLARG((regid, resul
+ *result = dc_int2data(0);
+ }else if (r->value.dc_type==DC_UNINITIALIZED){
+ fprintf(stderr, "%s: BUG: register ", progname);
++ checkferror_output(stderr);
+ dc_show_id(stderr, regid, " exists but is uninitialized?\n");
+ return DC_FAIL;
+ }else{
+@@ -402,6 +411,7 @@ dc_register_pop DC_DECLARG((stackid, res
+ r = dc_register[stackid];
+ if (r==NULL || r->value.dc_type==DC_UNINITIALIZED){
+ fprintf(stderr, "%s: stack register ", progname);
++ checkferror_output(stderr);
+ dc_show_id(stderr, stackid, " is empty\n");
+ return DC_FAIL;
+ }
+--- a/dc/string.c
++++ b/dc/string.c
+@@ -45,6 +45,7 @@
+ #endif
+ #include "dc.h"
+ #include "dc-proto.h"
++#include "number.h"
+
+ /* here is the completion of the dc_string type: */
+ struct dc_string {
+@@ -94,6 +95,7 @@ dc_out_str DC_DECLARG((value, discard_fl
+ dc_discard discard_flag DC_DECLEND
+ {
+ fwrite(value->s_ptr, value->s_len, sizeof *value->s_ptr, stdout);
++ checkferror_output(stdout);
+ if (discard_flag == DC_TOSS)
+ dc_free_str(&value);
+ }
+@@ -169,6 +171,7 @@ dc_readstring DC_DECLARG((fp, ldelim, rd
+ }
+ *p++ = c;
+ }
++ checkferror_input(fp);
+ return dc_makestring(line_buf, (size_t)(p-line_buf));
+ }
+
+--- a/h/number.h
++++ b/h/number.h
+@@ -23,10 +23,10 @@
+ You may contact the author by:
+ e-mail: philnelson@acm.org
+ us-mail: Philip A. Nelson
+- Computer Science Department, 9062
+- Western Washington University
+- Bellingham, WA 98226-9062
+-
++ Computer Science Department, 9062
++ Western Washington University
++ Bellingham, WA 98226-9062
++
+ *************************************************************************/
+
+ #ifndef _NUMBER_H_
+@@ -140,4 +140,7 @@ void bc_out_num (bc_num num, int o_base,
+ int leading_zero);
+
+ void bc_out_long (long val, int size, int space, void (*out_char)(int));
++
++void checkferror_input (FILE*);
++void checkferror_output (FILE*);
+ #endif
+--- a/lib/number.c
++++ b/lib/number.c
+@@ -1713,6 +1713,7 @@ static void
+ out_char (int c)
+ {
+ putchar(c);
++ checkferror_output(stdout);
+ }
+
+
+@@ -1721,6 +1722,7 @@ pn (bc_num num)
+ {
+ bc_out_num (num, 10, out_char, 0);
+ out_char ('\n');
++ checkferror_output(stdout);
+ }
+
+
+@@ -1732,6 +1734,28 @@ pv (char *name, unsigned char *num, int
+ printf ("%s=", name);
+ for (i=0; i<len; i++) printf ("%c",BCD_CHAR(num[i]));
+ printf ("\n");
++ checkferror_output(stdout);
+ }
+
+ #endif
++\f
++/* check ferror() status and if so die */
++void
++checkferror_input (fp)
++ FILE *fp;
++{
++ if (ferror(fp)) {
++ perror("dc: could not read input file");
++ exit(EXIT_FAILURE);
++ }
++}
++
++void
++checkferror_output (fp)
++ FILE *fp;
++{
++ if (ferror(fp)) {
++ perror("dc: could not write output file");
++ exit(EXIT_FAILURE);
++ }
++}
--- /dev/null
+From 7243037e63bff34b08bb1c993787b98dee585b2f Mon Sep 17 00:00:00 2001
+From: Li Zhou <li.zhou@windriver.com>
+Date: Thu, 27 Jun 2019 13:10:47 +0800
+Subject: [PATCH] dc: fix exit code of q command
+
+The exit code for "echo q | dc" is 1 for dc-1.4.1;
+while the exit code for "echo q | dc" is 0 for dc-1.4.
+
+Here is the answer from ken@gnu.org:
+dc-1.4 was right. There was a rewrite of a chunk of code for 1.4.1 to
+fix a corner case in the Q command, and somehow the placement of the
+clean-up label for the 'q' command got misplaced on the error-handling
+branch instead of the clean-exit branch. The patch below fixes this
+(it is committed for whenever the next bc/dc release gets made).
+
+Thanks for the report,
+ --Ken Pizzini
+
+Upstream:
+https://git.yoctoproject.org/cgit.cgi/poky/plain/meta/recipes-extended/bc/bc/0001-dc-fix-exit-code-of-q-command.patch
+
+Signed-off-by: Li Zhou <li.zhou@windriver.com>
+Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
+---
+ dc/eval.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/dc/eval.c
++++ b/dc/eval.c
+@@ -842,10 +842,10 @@ error_fail:
+ fprintf(stderr, "%s: ", progname);
+ perror("error reading input");
+ return DC_FAIL;
+-reset_and_exit_quit:
+ reset_and_exit_fail:
+ signal(SIGINT, sigint_default);
+ return DC_FAIL;
++reset_and_exit_quit:
+ reset_and_exit_success:
+ signal(SIGINT, sigint_default);
+ return DC_SUCCESS;
--- /dev/null
+From a543af443c5f86b24ca89a994b75b6ef4751ac66 Mon Sep 17 00:00:00 2001
+From: Matt Weber <matthew.weber@rockwellcollins.com>
+Date: Thu, 12 Sep 2019 15:12:40 -0500
+Subject: [PATCH] no gen libmath
+
+These rules are not cross-friendly so delete them. libmath has been
+generated offline and included as part of this patch as the fbc tool
+used to generate that header is assuming the cross archtecture and
+can't execute.
+
+Upstream:
+https://git.yoctoproject.org/cgit.cgi/poky/plain/meta/recipes-extended/bc/bc/no-gen-libmath.patch
+https://git.yoctoproject.org/cgit.cgi/poky/plain/meta/recipes-extended/bc/bc/libmath.h
+
+[Reformatted to GIT for 1.0.7.1 by Matt W]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
+---
+ bc/Makefile.am | 8 --------
+ bc/libmath.h | 46 ++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 46 insertions(+), 8 deletions(-)
+ create mode 100644 bc/libmath.h
+
+--- a/bc/Makefile.am
++++ b/bc/Makefile.am
+@@ -31,14 +31,6 @@ global.o: libmath.h
+
+ fbcOBJ = main.o bc.o scan.o execute.o load.o storage.o util.o warranty.o
+
+-libmath.h: libmath.b $(fbcOBJ) $(LIBBC)
+- echo '{0}' > libmath.h
+- $(MAKE) global.o
+- $(LINK) -o fbc $(fbcOBJ) global.o $(LIBBC) $(LIBL) $(READLINELIB) $(LIBS)
+- ./fbc -c $(srcdir)/libmath.b </dev/null >libmath.h
+- $(srcdir)/fix-libmath_h
+- rm -f ./fbc ./global.o
+-
+ sbcOBJ = main.o sbc.o scan.o execute.o global.o load.o storage.o util.o \
+ warranty.o
+ sbc.o: sbc.c
+--- /dev/null
++++ b/bc/libmath.h
+@@ -0,0 +1,46 @@
++{"@iK20:s2:p@r",
++"@iF1,5.6,7,8,9,10,11,12,13,14,15[l0:KA:#Z1:l0:s7:pKA:s0:pl5:C1,0:",
++"s14:pl7:s0:pl14:RN1:l5:0<Z2:1s12:pl5:ns5:pN2:l2:s15:pK6:l15:+",
++"K.44:l5:*+s13:pl5:cS1+s2:pN3:l5:1>Z4:l10:1+s10:pl5:K2:/s5:pl2:",
++"1+s2:pJ3:N4:l13:s2:p1l5:+s14:pl5:s6:p1s8:pK2:s11:pN6:1B7:J5:N8:",
++"l11:i11:pJ6:N7:l6:l5:*s6:l8:l11:*s8:/s9:pl9:0=Z9:l10:0>Z10:N11:",
++"l10:d10:Z12:l14:l14:*s14:pJ11:N12:N10:l15:s2:pl12:Z13:1l14:/R",
++"N13:l14:1/RN9:l14:l9:+s14:pJ8:N5:0R]@r",
++"@iF2,5.7,9,10,11,12,13,14,15[l0:KA:#Z1:l0:s7:pKA:s0:pl5:C2,0:",
++"s14:pl7:s0:pl14:RN1:l5:0{Z2:1K10:l2:^-1/RN2:l2:s15:pK6:l2:+s2:",
++"pK2:s10:p0s11:pN3:l5:K2:}Z4:l10:K2:*s10:pl5:cRs5:pJ3:N4:N5:l5:",
++"K.5:{Z6:l10:K2:*s10:pl5:cRs5:pJ5:N6:l5:1-l5:1+/s13:s14:pl13:l13:",
++"*s12:pK3:s11:pN8:1B9:J7:N10:l11:K2:+s11:pJ8:N9:l13:l12:*s13:l11:",
++"/s9:pl9:0=Z11:l10:l14:*s14:pl15:s2:pl14:1/RN11:l14:l9:+s14:pJ10:N7:",
++"0R]@r",
++"@iF3,5.7,9,11,12,13,16,14,15[l0:KA:#Z1:l0:s7:pKA:s0:pl5:C3,0:",
++"s14:pl7:s0:pl14:RN1:l2:s15:pK1.1:l15:*K2:+s2:p1C4,0:s14:pl5:0",
++"<Z2:1s12:pl5:ns5:pN2:0s2:pl5:l14:/K2:+K4:/s13:pl5:K4:l13:*l14:",
++"*-s5:pl13:K2:%Z3:l5:ns5:pN3:l15:K2:+s2:pl5:s9:s14:pl5:nl5:*s16:",
++"pK3:s11:pN5:1B6:J4:N7:l11:K2:+s11:pJ5:N6:l9:l16:l11:l11:1-*/*",
++"s9:pl9:0=Z8:l15:s2:pl12:Z9:l14:n1/RN9:l14:1/RN8:l14:l9:+s14:p",
++"J7:N4:0R]@r",
++"@iF5,5.7,14,15[l0:KA:#Z1:l0:s7:pKA:s0:pl5:C5,0:s14:pl7:s0:pl14:",
++"RN1:l2:s15:pl2:K1.2:*s2:pl5:1C4,0:K2:*+C3,0:s14:pl15:s2:pl14:",
++"1/R0R]@r",
++"@iF4,5.6,7,9,10,11,12,13,16,14,15[l0:KA:#Z1:l0:s7:pKA:s0:pl5:",
++"C4,0:s14:pl7:s0:pl14:RN1:1s12:pl5:0<Z2:1ns12:pl5:ns5:pN2:l5:1",
++"=Z3:l2:K25:{Z4:K.7853981633974483096156608:l12:/RN4:l2:K40:{Z5:",
++"K.7853981633974483096156608458198757210492:l12:/RN5:l2:K60:{Z6:",
++"K.785398163397448309615660845819875721049292349843776455243736",
++":l12:/RN6:N3:l5:K.2:=Z7:l2:K25:{Z8:K.1973955598498807583700497",
++":l12:/RN8:l2:K40:{Z9:K.1973955598498807583700497651947902934475",
++":l12:/RN9:l2:K60:{Z10:K.197395559849880758370049765194790293447585103787852101517688",
++":l12:/RN10:N7:l2:s15:pl5:K.2:>Z11:l15:K5:+s2:pK.2:C4,0:s6:pN11:",
++"l15:K3:+s2:pN12:l5:K.2:>Z13:l10:1+s10:pl5:K.2:-1l5:K.2:*+/s5:",
++"pJ12:N13:l5:s13:s14:pl5:nl5:*s16:pK3:s11:pN15:1B16:J14:N17:l11:",
++"K2:+s11:pJ15:N16:l13:l16:*s13:l11:/s9:pl9:0=Z18:l15:s2:pl10:l6:",
++"*l14:+l12:/RN18:l14:l9:+s14:pJ17:N14:0R]@r",
++"@iF6,13,5.6,7,8,9,10,11,12,16,14,15[l0:KA:#Z1:l0:s7:pKA:s0:pl13:",
++"l5:C6,00:s14:pl7:s0:pl14:RN1:l2:s15:p0s2:pl13:1/s13:pl13:0<Z2:",
++"l13:ns13:pl13:K2:%1=Z3:1s12:pN3:N2:1s10:pK2:s11:pN5:l11:l13:{",
++"B6:J4:N7:l11:i11:pJ5:N6:l10:l11:*s10:pJ7:N4:K1.5:l15:*s2:pl5:",
++"l13:^K2:l13:^/l10:/s10:p1s9:s14:pl5:nl5:*K4:/s16:pK1.5:l15:*l10:",
++"cL+l10:cS-s2:p1s11:pN9:1B10:J8:N11:l11:i11:pJ9:N10:l9:l16:*l11:",
++"/l13:l11:+/s9:pl9:0=Z12:l15:s2:pl12:Z13:l10:nl14:*1/RN13:l10:",
++"l14:*1/RN12:l14:l9:+s14:pJ11:N8:0R]@r",0}
include $(TOPDIR)/rules.mk
PKG_NAME:=bcm27xx-eeprom
-PKG_VERSION:=v2024.04.20-2712
PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://codeload.github.com/raspberrypi/rpi-eeprom/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=83ea92e64d9a620376ef081d69f3cdde5a8b376b4a56aeb685f8a56dd10e7b14
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/raspberrypi/rpi-eeprom
+PKG_SOURCE_DATE:=2024-06-05
+PKG_SOURCE_VERSION:=e430a41e7323a1e28fb42b53cf79e5ba9b5ee975
+PKG_MIRROR_HASH:=6c9a45d4ea0f33a9dc18f11b6cdeb425f0682dc41099df3a1f350939aecce353
+PKG_MAINTAINER:=Álvaro Fernández Rojas <noltari@gmail.com>
PKG_LICENSE:=BSD-3-Clause Custom
PKG_LICENSE_FILES:=LICENSE
-PKG_MAINTAINER:=Álvaro Fernández Rojas <noltari@gmail.com>
-
include $(INCLUDE_DIR)/package.mk
TAR_OPTIONS:=--strip-components 1 $(TAR_OPTIONS)
$(INSTALL_DIR) $(1)/lib/firmware/raspberrypi/bootloader-2711/default
$(CP) $(PKG_BUILD_DIR)/firmware-2711/release-notes.md $(1)/lib/firmware/raspberrypi/bootloader-2711
- $(CP) $(PKG_BUILD_DIR)/firmware-2711/default/pieeprom-2024-04-15.bin $(1)/lib/firmware/raspberrypi/bootloader-2711/default
+ $(CP) $(PKG_BUILD_DIR)/firmware-2711/latest/pieeprom-2024-05-17.bin $(1)/lib/firmware/raspberrypi/bootloader-2711/default
$(CP) $(PKG_BUILD_DIR)/firmware-2711/default/recovery.bin $(1)/lib/firmware/raspberrypi/bootloader-2711/default
$(CP) $(PKG_BUILD_DIR)/firmware-2711/default/vl805-000138c0.bin $(1)/lib/firmware/raspberrypi/bootloader-2711/default
endef
$(INSTALL_DIR) $(1)/lib/firmware/raspberrypi/bootloader-2712/default
$(CP) $(PKG_BUILD_DIR)/firmware-2712/release-notes.md $(1)/lib/firmware/raspberrypi/bootloader-2712
- $(CP) $(PKG_BUILD_DIR)/firmware-2712/default/pieeprom-2024-04-20.bin $(1)/lib/firmware/raspberrypi/bootloader-2712/default
+ $(CP) $(PKG_BUILD_DIR)/firmware-2712/default/pieeprom-2024-06-05.bin $(1)/lib/firmware/raspberrypi/bootloader-2712/default
$(CP) $(PKG_BUILD_DIR)/firmware-2712/default/recovery.bin $(1)/lib/firmware/raspberrypi/bootloader-2712/default
endef
include $(TOPDIR)/rules.mk
PKG_NAME:=bluez-tools
-PKG_VERSION:=20201025.f653217
-PKG_RELEASE:=2
+PKG_RELEASE:=1
PKG_MAINTAINER:=Karl Osterseher <karli_o@gmx.at>
PKG_SOURCE_URL:=https://github.com/khvzak/bluez-tools.git
PKG_SOURCE_DATE:=2020-10-25
PKG_SOURCE_VERSION:=f65321736475429316f07ee94ec0deac8e46ec4a
-PKG_MIRROR_HASH:=153728e0de2bc95b83c9c9ace02a40ccd102eafd5a46c1891ac26212a362d551
-
-PKG_BUILD_DIR:=$(BUILD_DIR)/bluez-tools-$(PKG_VERSION)
+PKG_MIRROR_HASH:=f482de511114223d2896bf039473561d02ffcddd6eab0e127d9d8f9e4149fc13
PKG_FIXUP:=autoreconf
include $(TOPDIR)/rules.mk
PKG_NAME:=btrfs-progs
-PKG_VERSION:=6.5.1
+PKG_VERSION:=6.9
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@KERNEL/linux/kernel/people/kdave/btrfs-progs
-PKG_HASH:=dacbb28136e82586af802205263a428c3d1941778bc3fdc9b1b386ea12eb904e
+PKG_HASH:=7e14a5d597f323dd7d1b453e3a4e661a7e9f07ea060efbff4f76ff8315917de8
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-v$(PKG_VERSION)
PKG_MAINTAINER:=Karel Kočí <karel.koci@nic.cz>
include $(TOPDIR)/rules.mk
PKG_NAME:=cligen
-PKG_VERSION:=7.0.0
+PKG_VERSION:=7.1.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/clicon/$(PKG_NAME)/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=61cbfbc60ded80d9293d340fadffa30258ca753d08f588ce61bb9707511f9ae9
+PKG_HASH:=ccffe9f7b48d52a18d654d9e871cd90002fca10d6433198e2aab5feebe6ec684
PKG_MAINTAINER:=Olof Hagsand <olof@hagsand.se>, Philip Prindeville <philipp@redfish-solutions.com>
PKG_LICENSE:=Apache-2.0
include $(TOPDIR)/rules.mk
PKG_NAME:=clixon
-PKG_VERSION:=7.0.1
+PKG_VERSION:=7.1.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/clicon/$(PKG_NAME)/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=524bdf9447b0af9a63d5510ddc87fc843c206732619c64141f9f2b4e4cc014d1
+PKG_HASH:=8245b0b570171646694c66bb414d19deb785f0c866955c860f6e0bb06ff6bed8
PKG_MAINTAINER:=Olof Hagsand <olof@hagsand.se>, Philip Prindeville <philipp@redfish-solutions.com>
PKG_LICENSE:=Apache-2.0
PKG_NAME:=collectd
PKG_VERSION:=5.12.0
-PKG_RELEASE:=50
+PKG_RELEASE:=53
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://collectd.org/files/ \
PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
PKG_BUILD_FLAGS:=no-mips16
+PKG_BUILD_DEPENDS:=PACKAGE_collectd-mod-write-prometheus:protobuf-c/host
PKG_CONFIG_DEPENDS:= \
PACKAGE_COLLECTD_ENCRYPTED_NETWORK \
write_kafka \
write_log \
write_mongodb \
- write_prometheus \
write_redis \
write_riemann \
write_sensu \
vmem \
wireless \
write_graphite \
- write_http
+ write_http \
+ write_prometheus
PKG_CONFIG_DEPENDS:= \
$(patsubst %,CONFIG_PACKAGE_collectd-mod-%,$(subst _,-,$(COLLECTD_PLUGINS_SELECTED))) \
$(eval $(call BuildPlugin,wireless,wireless status input,wireless,))
$(eval $(call BuildPlugin,write-graphite,Carbon/Graphite output,write_graphite,+PACKAGE_collectd-mod-write-graphite:libpthread))
$(eval $(call BuildPlugin,write-http,HTTP POST output,write_http,+PACKAGE_collectd-mod-write-http:libcurl))
+$(eval $(call BuildPlugin,write-prometheus,Prometheus output,write_prometheus,+PACKAGE_collectd-mod-write-prometheus:libprotobuf-c +PACKAGE_collectd-mod-write-prometheus:libmicrohttpd))
$(eval $(call BuildScriptPlugin,sqm,SQM/qdisc collection,sqm_collectd,+PACKAGE_collectd-mod-sqm:collectd-mod-exec))
$(eval $(call BuildScriptLuaPlugin,ltq-dsl,Lantiq DSL collection,dsl,@ltq-dsl-app +PACKAGE_collectd-mod-ltq-dsl:collectd-mod-lua +libubus-lua))
local enable keys key option value
- config_get enable "$cfg" enable 0
+ config_get_bool enable "$cfg" enable 0
[ "$enable" = "1" ] || return 0
[ -f "/usr/lib/collectd/$cfg.so" ] || {
--- /dev/null
+From d409ffa2a64cac3fc2abe2bb86ec3a80cb34d0a6 Mon Sep 17 00:00:00 2001
+From: Jim Klimov <jimklimov+nut@gmail.com>
+Date: Wed, 31 Aug 2022 11:40:01 +0200
+Subject: [PATCH] configure.ac, src/nut.c: detect int types required by NUT API
+ we build against
+
+Either use the stricter int types required by NUT headers since v2.8.0 release,
+or the relaxed (arch-dependent) types required by older NUT releases - depending
+on which NUT API version the collectd is building against at the moment.
+
+Inspired by discussion at https://github.com/networkupstools/nut/issues/1638
+---
+ configure.ac | 100 +++++++++++++++++++++++++++++++++++++++++++++++++++
+ src/nut.c | 4 +--
+ 2 files changed, 102 insertions(+), 2 deletions(-)
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -5821,6 +5821,106 @@ if test "x$with_libupsclient" = "xyes";
+ fi
+
+ if test "x$with_libupsclient" = "xyes"; then
++ dnl The m4 script logic below is modelled after NUT_FUNC_GETNAMEINFO_ARGTYPES
++ dnl further originating in curl autoconf scripts or beyond. See there for an
++ dnl example of general-case logic to handle matching of numerous possible
++ dnl data types for each argument in supported API variants.
++ dnl Note: techically compiler complains here not about int types themselves,
++ dnl but about pointers to such data. We know "out of band" that e.g. NUT
++ dnl change to "size_t" happened at once for all arguments in the API, so
++ dnl simplify the handling here and now with that assumption.
++ AC_LANG_PUSH([C])
++ SAVE_CPPFLAGS="$CPPFLAGS"
++ SAVE_LDFLAGS="$LDFLAGS"
++ SAVE_CFLAGS="$CFLAGS"
++ CPPFLAGS="$CPPFLAGS $with_libupsclient_cflags"
++ LDFLAGS="$LDFLAGS $with_libupsclient_libs"
++ CFLAGS="$CFLAGS $with_libupsclient_cflags"
++ if test "x$GCC" = "xyes"; then
++ CFLAGS="$CFLAGS -Wall -Werror"
++ fi
++
++ dnl upscli_splitname() *is* there forever (2007 or older)
++ dnl but int types e.g. "port" changed in NUT 2.8.0
++ dnl Also this is the UPSCONN_t::port field type:
++ AC_CACHE_CHECK([int type of port argument for NUT upscli_splitname],
++ [collectd_cv_func_upscli_splitname_args], [
++ collectd_cv_func_upscli_splitname_args="unknown"
++ for port_arg in 'uint16_t' 'int' ; do
++ AC_COMPILE_IFELSE([
++ AC_LANG_PROGRAM([
++#include <upsclient.h>
++/* int upscli_splitname(const char *buf, char **upsname, char **hostname, <port_arg> *port); */
++ ],[
++const char *origname = "ups@localhost:3493";
++$port_arg port=0;
++char *hostname;
++char *upsname;
++int res = upscli_splitname(origname, &upsname, &hostname, &port);
++return(res);
++ ])
++ ],[
++ collectd_cv_func_upscli_splitname_args="$port_arg"
++ break
++ ])
++ done
++ ])
++
++ AS_IF([test x"$collectd_cv_func_upscli_splitname_args" = xunknown],
++ [AC_MSG_WARN([Can not find proper port type for upscli_splitname()])
++ with_libupsclient="no (required data types for NUT API were not detected)"],
++ [AC_DEFINE_UNQUOTED(NUT_PORT_TYPE, $collectd_cv_func_upscli_splitname_args,
++ [Define to the integer type for TCP/IP ports used by NUT API we build against])
++ ])
++
++
++ AC_CACHE_CHECK([int type of length/numbering arguments for NUT upscli_list_next],
++ [collectd_cv_func_upscli_list_next_args], [
++ collectd_cv_func_upscli_list_next_args="unknown"
++ for size_arg in 'size_t' 'unsigned int' 'int' ; do
++ AC_COMPILE_IFELSE([
++ AC_LANG_PROGRAM([
++#include <upsclient.h>
++/* int upscli_list_next(UPSCONN_t *ups, <size_arg> numq, const char **query, <size_arg> *numa, char ***answer); */
++
++#if HAVE_UPSCONN_T
++typedef UPSCONN_t collectd_upsconn_t;
++#elif HAVE_UPSCONN
++typedef UPSCONN collectd_upsconn_t;
++#else
++#error "Unable to determine the UPS connection type."
++#endif
++ ],[
++$size_arg query_num=0;
++$size_arg answer_num=0;
++const char * query;
++char** answer;
++collectd_upsconn_t ups;
++int res = upscli_list_next(&ups, query_num, &query, &answer_num, &answer);
++return(res);
++ ])
++ ],[
++ collectd_cv_func_upscli_list_next_args="$size_arg"
++ break
++ ])
++ done
++ ])
++
++ AS_IF([test x"$collectd_cv_func_upscli_list_next_args" = xunknown],
++ [AC_MSG_WARN([Can not find proper type for array sizes and string lengths used by upscli_list_next()])
++ with_libupsclient="no (required data types for NUT API were not detected)"],
++ [AC_DEFINE_UNQUOTED(NUT_SIZE_TYPE, $collectd_cv_func_upscli_list_next_args,
++ [Define to the integer type for array sizes and string lengths used by NUT API we build against])
++ ])
++
++
++ CPPFLAGS="$SAVE_CPPFLAGS"
++ LDFLAGS="$SAVE_LDFLAGS"
++ CFLAGS="$SAVE_CFLAGS"
++ AC_LANG_POP([C])
++fi
++
++if test "x$with_libupsclient" = "xyes"; then
+ BUILD_WITH_LIBUPSCLIENT_CFLAGS="$with_libupsclient_cflags"
+ BUILD_WITH_LIBUPSCLIENT_LIBS="$with_libupsclient_libs"
+ fi
+--- a/src/nut.c
++++ b/src/nut.c
+@@ -46,7 +46,7 @@ struct nut_ups_s {
+ collectd_upsconn_t *conn;
+ char *upsname;
+ char *hostname;
+- int port;
++ NUT_PORT_TYPE port;
+ nut_ups_t *next;
+ };
+
+@@ -250,7 +250,7 @@ static int nut_read(user_data_t *user_da
+ const char *query[3] = {"VAR", ups->upsname, NULL};
+ unsigned int query_num = 2;
+ char **answer;
+- unsigned int answer_num;
++ NUT_SIZE_TYPE answer_num;
+ int status;
+
+ /* (Re-)Connect if we have no connection */
include $(TOPDIR)/rules.mk
PKG_NAME:=containerd
-PKG_VERSION:=1.7.15
+PKG_VERSION:=1.7.20
PKG_RELEASE:=1
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/containerd/containerd/tar.gz/v${PKG_VERSION}?
-PKG_HASH:=2dc491434b182334b51350f810ed68ace3624c8a2d6e1eac490d93c653498a33
+PKG_HASH:=c4268561e514a2e8322bc8cdd39113d5e164fb31c2cef76f479d683395ea9bd6
PKG_MAINTAINER:=Gerard Ryan <G.M0N3Y.2503@gmail.com>
include $(TOPDIR)/rules.mk
PKG_NAME:=crun
-PKG_VERSION:=1.14.1
+PKG_VERSION:=1.15
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/containers/crun/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=eb25a87da0b528bb09dc6a231a0d28eb4f287fc864d62bf9a46cc48e36010935
+PKG_HASH:=357ebf4b391284d29176e1a638cff8f47569595db66c272c558241e4f807c600
PKG_BUILD_DEPENDS:=argp-standalone
PKG_BUILD_PARALLEL:=1
A fast and low-memory footprint OCI Container Runtime fully written in C.
endef
-LIBOCISPEC_COMMIT:=3d168261f250477061fe0eb3648bf998c70c6519
+LIBOCISPEC_COMMIT:=7b27d0a0bb87fdd7ee46365994e450a58405004f
define Download/libocispec
PROTO:=git
URL:=https://github.com/containers/libocispec.git
VERSION:=$(LIBOCISPEC_COMMIT)
- MIRROR_HASH:=4e308ff6a40e38aee184abef9156fa92b1ea9f978e277be2ed7b12f9e06f717f
+ MIRROR_HASH:=45562d4650b509e97d145a90a7fda07c9855f79ee96190cfd4181ae619fcc037
FILE:=libocispec-$(LIBOCISPEC_COMMIT).tar.xz
SUBDIR:=libocispec
endef
include $(TOPDIR)/rules.mk
PKG_NAME:=cryptsetup
-PKG_VERSION:=2.7.1
+PKG_VERSION:=2.7.4
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@KERNEL/linux/utils/cryptsetup/v$(subst $(space),.,$(wordlist 1, 2, $(subst .,$(space),$(PKG_VERSION))))
-PKG_HASH:=da5d1419e2a86e01aa32fd79582cd54d208857cb541bca2fd426a5ff1aaabbc3
+PKG_HASH:=dce29903a58f7b774fe61191e7e6de955de0f40d9e27b0028ffcf3438c0e9480
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
PKG_LICENSE:=GPL-2.0-or-later LGPL-2.1-or-later
include $(TOPDIR)/rules.mk
PKG_NAME:=compose
-PKG_VERSION:=2.27.0
+PKG_VERSION:=2.29.4
PKG_RELEASE:=1
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/docker/compose/tar.gz/v${PKG_VERSION}?
-PKG_HASH:=29b2232d1609dff03db74188a7944c85ba8b612f47a7e39938a43db8fb7d7067
+PKG_HASH:=a85bf4b23a52cf14233cc6d8645011e25e5f6a9168e4259de5df0d3386788afa
PKG_MAINTAINER:=Javier Marcet <javier@marcet.info>
include $(TOPDIR)/rules.mk
PKG_NAME:=docker
-PKG_VERSION:=26.1.0
+PKG_VERSION:=27.1.2
PKG_RELEASE:=1
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_GIT_URL:=github.com/docker/cli
PKG_GIT_REF:=v$(PKG_VERSION)
PKG_SOURCE_URL:=https://codeload.$(PKG_GIT_URL)/tar.gz/$(PKG_GIT_REF)?
-PKG_HASH:=742d8297c8222d4c6e1a5840d1604e215c94cbbee1c275a12fb98abd572083de
-PKG_GIT_SHORT_COMMIT:=9714adc # SHA1 used within the docker executables
+PKG_HASH:=e60fddb2bd2b4e19790d26b786c930e70fa935168373ef08055f74bbc450bce8
+PKG_GIT_SHORT_COMMIT:=d01f264 # SHA1 used within the docker executables
PKG_MAINTAINER:=Gerard Ryan <G.M0N3Y.2503@gmail.com>
include $(TOPDIR)/rules.mk
PKG_NAME:=dockerd
-PKG_VERSION:=26.1.0
-PKG_RELEASE:=1
+PKG_VERSION:=27.1.2
+PKG_RELEASE:=3
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_GIT_URL:=github.com/moby/moby
PKG_GIT_REF:=v$(PKG_VERSION)
PKG_SOURCE_URL:=https://codeload.$(PKG_GIT_URL)/tar.gz/$(PKG_GIT_REF)?
-PKG_HASH:=7a59781fe9e1d74d1ada53624f0bde909de503964b729dc9dfb21e56c3a9b8ae
-PKG_GIT_SHORT_COMMIT:=c8af8eb # SHA1 used within the docker executables
+PKG_HASH:=8c9b5fa44f0272726484c925d4d05f0aa189053ed8be9b27447bc116df1e99c9
+PKG_GIT_SHORT_COMMIT:=f9522e5 # SHA1 used within the docker executables
PKG_MAINTAINER:=Gerard Ryan <G.M0N3Y.2503@gmail.com>
}
process_config() {
- local alt_config_file data_root log_level iptables bip
+ local alt_config_file data_root log_level iptables ip6tables bip
[ -f /etc/config/dockerd ] || {
# Use the daemon default configuration
config_get data_root globals data_root "/opt/docker/"
config_get log_level globals log_level "warn"
config_get_bool iptables globals iptables "1"
+ config_get_bool ip6tables globals ip6tables "0"
# Don't add these options by default
# omission == docker defaults
config_get ip globals ip ""
config_get fixed_cidr globals fixed_cidr ""
config_get fixed_cidr_v6 globals fixed_cidr_v6 ""
+ # Use the *_proxy environment variable as the default value
+ config_get http_proxy proxies http_proxy "${http_proxy}"
+ config_get https_proxy proxies https_proxy "${https_proxy}"
+ config_get no_proxy proxies no_proxy "${no_proxy}"
. /usr/share/libubox/jshn.sh
json_init
json_add_string "data-root" "${data_root}"
json_add_string "log-level" "${log_level}"
json_add_boolean "iptables" "${iptables}"
+ json_add_boolean "ip6tables" "${ip6tables}"
[ -z "${log_driver}" ] || json_add_string "log-driver" "${log_driver}"
[ -z "${bip}" ] || json_add_string "bip" "${bip}"
[ -z "${registry_mirrors}" ] || json_add_array "registry-mirrors"
[ -z "${ip}" ] || json_add_string "ip" "${ip}"
[ -z "${fixed_cidr}" ] || json_add_string "fixed-cidr" "${fixed_cidr}"
[ -z "${fixed_cidr_v6}" ] || json_add_string "fixed-cidr-v6" "${fixed_cidr_v6}"
+ if [ -n "${http_proxy}" ] || [ -n "${https_proxy}" ] || [ -n "${no_proxy}" ]; then
+ json_add_object "proxies"
+ [ -z "${http_proxy}" ] || json_add_string "http-proxy" "${http_proxy}"
+ [ -z "${https_proxy}" ] || json_add_string "https-proxy" "${https_proxy}"
+ [ -z "${no_proxy}" ] || json_add_string "no-proxy" "${no_proxy}"
+ json_close_object
+ fi
json_dump > "${DOCKERD_CONF}"
[ "${iptables}" -eq "1" ] && config_foreach iptables_add_blocking_rule firewall
# list registry_mirrors 'https://<my-docker-mirror-host>'
# list registry_mirrors 'https://hub.docker.com'
+# If your organization uses a proxy server to connect to the internet, you may need to configure the proxy.
+# See https://docs.docker.com/engine/daemon/proxy/ for more details
+config proxies 'proxies'
+# option http_proxy 'http://proxy.example.com:3128'
+# option https_proxy 'https://proxy.example.com:3129'
+# option no_proxy '*.test.example.com,.example.org,127.0.0.0/8'
+
# Docker doesn't work well out of the box with fw4. This is because Docker relies on a compatibility layer that
# naively translates iptables rules. For the best compatibility replace the following dependencies:
# `firewall4` -> `firewall`
include $(TOPDIR)/rules.mk
PKG_NAME:=exfatprogs
-PKG_VERSION:=1.2.2
+PKG_VERSION:=1.2.4
PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://codeload.github.com/$(PKG_NAME)/$(PKG_NAME)/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=16b28c9130b4dfab0b571dce6d2959d2ee93fce27aa0f4b2c1bb30700f371393
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_SOURCE_URL:=https://github.com/exfatprogs/exfatprogs/releases/download/$(PKG_VERSION)
+PKG_HASH:=ad38126dfd9f74f8c6ecb35ddfd34d2582601d6c3ff26756610b8418360c8ee2
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
PKG_LICENSE:=GPL-2.0-only
PKG_LICENSE_FILES:=COPYING
PKG_CPE_ID:=cpe:/a:namjaejeon:exfatprogs
-PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
include $(TOPDIR)/rules.mk
PKG_NAME:=eza
-PKG_VERSION:=0.18.15
+PKG_VERSION:=0.19.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/eza-community/eza/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=53c6ea67804dbaa330918f6ce62a1cff866a145b2395c606903c0d128dd8564f
+PKG_HASH:=db4897ef7f58d0802620180e0b13bb35563e03c9de66624206b35dcad21007f8
PKG_MAINTAINER:=Jonas Jelonek <jelonek.jonas@gmail.com>
PKG_LICENSE:=MIT
include $(TOPDIR)/rules.mk
PKG_NAME:=findutils
-PKG_VERSION:=4.9.0
+PKG_VERSION:=4.10.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@GNU/$(PKG_NAME)
-PKG_HASH:=a2bfb8c09d436770edc59f50fa483e785b161a3b7b9d547573cb08065fd462fe
+PKG_HASH:=1387e0b67ff247d2abde998f90dfbf70c1491391a59ddfecb8ae698789f0a4f5
PKG_LICENSE:=GPL-3.0-or-later
PKG_LICENSE_FILES:=COPYING
include $(TOPDIR)/rules.mk
PKG_NAME:=fio
-PKG_VERSION:=3.34
+PKG_VERSION:=3.37
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=http://brick.kernel.dk/snaps
-PKG_HASH:=a5a28f19c701d4c8e04924bec1b85f6ac8c67fc8fe75968a5d6990e0b656a7a7
+PKG_HASH:=88f0fd6549ca07f7387e784a91706ab11e36d5c12ec26540f1b2d33c6f2d8327
PKG_MAINTAINER:=
PKG_LICENSE:=GPL-2.0-or-later
include $(TOPDIR)/rules.mk
PKG_NAME:=fx
-PKG_VERSION:=34.0.0
+PKG_VERSION:=35.0.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/antonmedv/fx/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=a1d436a8951a753488adda02fe9fb1091fabfe928eafce73f3b1e690a9dccbee
+PKG_HASH:=5ab642bb91ad9c1948de1add2d62acec22d82398e420957c191c1549999eb351
PKG_MAINTAINER:=Fabian Lipken <dynasticorpheus@gmail.com>
PKG_LICENSE:=MIT
PKG_NAME:=gawk
PKG_VERSION:=5.3.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@GNU/gawk
URL:=https://www.gnu.org/software/gawk/
TITLE:=GNU awk
DEPENDS:=+libncursesw +libreadline
+ ALTERNATIVES:=200:/usr/bin/awk:/usr/bin/gawk
endef
CONFIGURE_ARGS+= --disable-mpfr
include $(TOPDIR)/rules.mk
PKG_NAME:=gnuplot
-PKG_VERSION:=6.0.0
+PKG_VERSION:=6.0.1
PKG_RELEASE:=1
PKG_MAINTAINER:=Matteo Cicuttin <datafl4sh@toxicnet.eu>
PKG_CPE_ID:=cpe:/a:gnuplot_project:gnuplot
PKG_BUILD_DIR:=$(BUILD_DIR)/gnuplot-$(PKG_VERSION)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/gnuplot
-PKG_HASH:=635a28f0993f6ab0d1179e072ad39b8139d07f51237f841d93c6c2ff4b1758ec
+PKG_HASH:=e85a660c1a2a1808ff24f7e69981ffcbac66a45c9dcf711b65610b26ea71379a
PKG_CAT:=zcat
PKG_FIXUP:=autoreconf
endef
$(eval $(call BuildPackage,gnuplot))
-
implicit_link=no \
chrpath=no \
manbuild=no \
- sysroot="$(TOOLCHAIN_DIR)" \
+ sysroot="$(TOOLCHAIN_ROOT_DIR)" \
target="$(TARGET_CROSS:-=)"
define Build/InstallDev
--disable-manpages
define Build/Compile
- +$(MAKE_VARS) EFI_CFLAGS="-I$(TOOLCHAIN_DIR)/include $(TARGET_CFLAGS)" \
+ +$(MAKE_VARS) EFI_CFLAGS="$(patsubst %,-I%,$(TOOLCHAIN_INC_DIRS)) $(TARGET_CFLAGS)" \
$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/$(MAKE_PATH) \
$(MAKE_FLAGS) \
$(1);
endef
define Build/Install
- $(MAKE_VARS) EFI_CFLAGS="-I$(TOOLCHAIN_DIR)/include $(TARGET_CFLAGS)" \
+ $(MAKE_VARS) EFI_CFLAGS="$(patsubst %,-I%,$(TOOLCHAIN_INC_DIRS)) $(TARGET_CFLAGS)" \
$(MAKE) -C $(PKG_BUILD_DIR)/$(MAKE_PATH) \
$(MAKE_INSTALL_FLAGS) install
endef
include $(TOPDIR)/rules.mk
PKG_NAME:=hplip
-PKG_VERSION:=3.21.6
-PKG_RELEASE:=2
+PKG_VERSION:=3.23.12
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/hplip
-PKG_HASH:=cc3360d3d913684fb080db97a434b04be45e2cef23cc5bc4cbc5f64b0c5e7bca
+PKG_HASH:=a76c2ac8deb31ddb5f0da31398d25ac57440928a0692dcb060a48daa718e69ed
PKG_MAINTAINER:=Luiz Angelo Daros de Luca <luizluca@gmail.com>
PKG_LICENSE:=GPL-2.0 GPL-2.0-or-later
libhpmud_la_LDFLAGS += -lusb-1.0
endif
-@@ -363,7 +363,7 @@ hpmudext_la_CFLAGS += -Iprotocol/discove
+@@ -365,7 +365,7 @@ hpmudext_la_CFLAGS += -Iprotocol/discove
endif
if !LIBUSB01_BUILD
--- a/io/hpmud/musb.c
+++ b/io/hpmud/musb.c
-@@ -775,7 +775,7 @@ static int device_id(int fd, unsigned ch
+@@ -776,7 +776,7 @@ static int device_id(int fd, unsigned ch
len = size-1; /* leave byte for zero termination */
if (len > 2)
len -= 2;
then
echo $FLAGS
fi
-@@ -659,7 +659,7 @@ if test "$class_driver" = "no" && test "
+@@ -668,7 +668,7 @@ if test "$class_driver" = "no" && test "
AS_IF([test "x$FOUND_HEADER" != "xyes"],
[AC_MSG_ERROR([cannot find python-devel support], 6)])
fi
include $(TOPDIR)/rules.mk
PKG_NAME:=hwdata
-PKG_VERSION:=0.381
+PKG_VERSION:=0.387
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/vcrhonek/hwdata/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=53435c73964ddc24ac53fa86e29e8b9244ca1cab0578ffdd82fd280f35863004
+PKG_HASH:=8c6be8f0863a8ff5c83b2c46aa525b503b30d42792ed57891c40849de543e1ee
PKG_MAINTAINER:=
PKG_LICENSE:=GPL-2.0-or-later XFree86-1.0
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/host-build.mk
-define Host/Configure
- # copy uuid.h to another location in host build dir as that's where this package expects it
- $(INSTALL_DIR) $(STAGING_DIR_HOST)/include/uuid/
- $(CP) $(STAGING_DIR_HOST)/include/e2fsprogs/uuid/uuid.h $(STAGING_DIR_HOST)/include/uuid/uuid.h
-endef
-
define Host/Compile
# Build using host compiler and let it generate the files we need
# CFLAGS, CPPFLAGS & LDFLAGS need to be passed with CC because they are being ingored
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=i2csfp
+PKG_RELEASE:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_DATE:=2024-06-16
+PKG_SOURCE_VERSION:=da2c7582933d0eb76bad1c86d1252d200a702596
+PKG_SOURCE_URL:=https://github.com/ericwoud/i2csfp
+PKG_MIRROR_HASH:=4cf100018e7c8510f334b9f14968a063a3cabc3b505d4b4abe1f11e2b74389ae
+
+PKG_LICENSE:=GPL-3.0
+PKG_LICENSE_FILES:=LICENSE
+PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/i2csfp
+ SECTION:=utils
+ CATEGORY:=Utilities
+ TITLE:=I2C SFP utility
+endef
+
+define Package/i2csfp/description
+ A user-space program to access sfp module via i2c.
+endef
+
+define Build/Configure
+endef
+
+define Build/Compile
+ $(TARGET_CC) $(TARGET_CFLAGS) $(TARGET_CPPFLAGS) -Wall \
+ -o $(PKG_BUILD_DIR)/i2csfp $(PKG_BUILD_DIR)/i2csfp.c $(TARGET_LDFLAGS)
+endef
+
+define Package/i2csfp/install
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/i2csfp $(1)/usr/sbin/
+endef
+
+$(eval $(call BuildPackage,i2csfp))
PKG_MAINTAINER:=Marko Ratkaj <markoratkaj@gmail.com>
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=COPYING
+PKG_CPE_ID:=cpe:/a:jqlang:jq
PKG_INSTALL:=1
include $(TOPDIR)/rules.mk
PKG_NAME:=kitty-terminfo
-PKG_VERSION:=0.24.4
-PKG_RELEASE:=2
+PKG_VERSION:=0.35.2
+PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0-only
PKG_SOURCE:=kitty-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/kovidgoyal/kitty/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=e6619b635b5c9d6cebbba631a2175659698068ce1cd946732dc440b0f1c12ab3
+PKG_HASH:=35ecf63999a056ff691abab94a6f82328f4e432c8e229a69d02c25466be4398f
PKG_BUILD_DIR:=$(BUILD_DIR)/kitty-$(PKG_VERSION)
PKG_NAME:=klish
PKG_VERSION:=2.2.3
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://libcode.org/attachments/download/82
--- a/clish/shell/shell_execute.c
+++ b/clish/shell/shell_execute.c
-@@ -19,12 +19,14 @@
- #include <signal.h>
+@@ -20,7 +20,7 @@
#include <fcntl.h>
-+#if 0
/* Empty signal handler to ignore signal but don't use SIG_IGN. */
- static void sigignore(int signo)
+-static void sigignore(int signo)
++static void sigignore2(int signo)
{
signo = signo; /* Happy compiler */
return;
- }
-+#endif
-
- /*-------------------------------------------------------- */
- static int clish_shell_lock(const char *lock_path)
+@@ -361,7 +361,7 @@ int clish_shell_exec_action(clish_contex
+ */
+ sa.sa_flags = 0;
+ sigemptyset(&sa.sa_mask);
+- sa.sa_handler = sigignore; /* Empty signal handler */
++ sa.sa_handler = sigignore2; /* Empty signal handler */
+ sigaction(SIGINT, &sa, &old_sigint);
+ sigaction(SIGQUIT, &sa, &old_sigquit);
+ sigaction(SIGHUP, &sa, &old_sighup);
include $(TOPDIR)/rules.mk
PKG_NAME:=less
-PKG_VERSION:=643
+PKG_VERSION:=661
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:= @GNU/less \
http://www.greenwoodsoftware.com/less
-PKG_HASH:=2911b5432c836fa084c8a2e68f6cd6312372c026a58faaa98862731c8b6052e8
+PKG_HASH:=2b5f0167216e3ef0ffcb0c31c374e287eb035e4e223d5dae315c2783b6e738ed
PKG_LICENSE:=GPL-3.0-or-later
PKG_LICENSE_FILES:=COPYING
include $(TOPDIR)/rules.mk
PKG_NAME:=logrotate
-PKG_VERSION:=3.21.0
+PKG_VERSION:=3.22.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/logrotate/logrotate/releases/download/$(PKG_VERSION)
-PKG_HASH:=8fa12015e3b8415c121fc9c0ca53aa872f7b0702f543afda7e32b6c4900f6516
+PKG_HASH:=42b4080ee99c9fb6a7d12d8e787637d057a635194e25971997eebbe8d5e57618
PKG_MAINTAINER:=Christian Beier <cb@shoutrlabs.com>
PKG_LICENSE:=GPL-2.0-or-later
include $(TOPDIR)/rules.mk
PKG_NAME:=lolcat
-PKG_VERSION:=1.4
+PKG_VERSION:=1.5
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/jaseg/lolcat/tar.gz/refs/tags/v$(PKG_VERSION)?
-PKG_HASH:=6ea43ee2b2bb2f15fc91812b72ebcdaa883052853ed8f055b6f8b38637bda909
+PKG_HASH:=2af79bed90e0bda52ae500d16e7e7022037fad10c487c317e7f0ff17ec4b14f5
PKG_MAINTAINER:=Rui Salvaterra <rsalvaterra@gmail.com>
PKG_LICENSE:=WTFPL
--- /dev/null
+menu "Configuration"
+ depends on PACKAGE_lpac
+
+config LPAC_WITH_PCSC
+ bool "Include APDU PCSC Backend support"
+ default n
+ help
+ Compile LPAC with APDU PCSC Backend support.
+
+config LPAC_WITH_AT
+ bool "Include APDU AT Backend support"
+ default y
+ help
+ Compile LPAC with APDU AT Backend support.
+
+config LPAC_WITH_UQMI
+ bool "Include APDU uqmi Backend support"
+ default y
+ help
+ Compile LPAC with APDU uqmi Backend support.
+
+endmenu
include $(TOPDIR)/rules.mk
PKG_NAME:=lpac
-PKG_VERSION:=2.0.1
+PKG_VERSION:=2.1.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/estkme-group/lpac/tar.gz/refs/tags/v$(PKG_VERSION)?
-PKG_HASH:=6afa88ed7d38ba5973a540d818c800083368ac82b3b09ac6fd18f7929b830b0a
+PKG_HASH:=532c5daef6888fe91b0838e8e23bf23ea2f5f39cbb755c008676b9cdfbd833fb
-PKG_MAINTAINER:=David Bauer <mail@david-bauer.net>
+PKG_MAINTAINER:=David Bauer <david.bauer@uniberg.com>
PKG_LICENSE:=AGPL-3.0-only LGPL-2.0-only
CMAKE_INSTALL:=1
SECTION:=utils
CATEGORY:=Utilities
TITLE:=eUICC eSIM LPA written in C
- DEPENDS:=+libpcsclite +pcscd +libcurl
+ DEPENDS:= \
+ +LPAC_WITH_PCSC:libpcsclite \
+ +LPAC_WITH_PCSC:pcscd \
+ +libcurl
URL:=https://github.com/estkme-group/lpac
endef
backends.
endef
+define Package/lpac/config
+ source "$(SOURCE)/Config.in"
+endef
+
define Package/lpac/conffiles
/etc/config/lpac
endef
TARGET_CFLAGS += $(FPIC)
+# libqmi 1.35.4 or newer is required for QMI over QRTR
+CMAKE_OPTIONS += \
+ -DLPAC_WITH_APDU_PCSC=$(if $(CONFIG_LPAC_WITH_PCSC),ON,OFF) \
+ -DLPAC_WITH_APDU_AT=$(if $(CONFIG_LPAC_WITH_AT),ON,OFF) \
+ -DLPAC_WITH_APDU_UQMI=$(if $(CONFIG_LPAC_WITH_UQMI),ON,OFF) \
+ -DLPAC_WITH_APDU_QMI_QRTR=OFF
+
define Package/lpac/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) ./files/lpac.sh $(1)/usr/bin/lpac
. /lib/config/uci.sh
-APDU_BACKEND="$(uci_get lpac global apdu_backend at)"
+APDU_BACKEND="$(uci_get lpac global apdu_backend uqmi)"
APDU_DEBUG="$(uci_get lpac global apdu_debug 0)"
HTTP_BACKEND="$(uci_get lpac global http_backend curl)"
HTTP_DEBUG="$(uci_get lpac global http_debug 0)"
-AT_DEVICE="$(uci_get lpac at device /dev/ttyUSB2)"
-AT_DEBUG="$(uci_get lpac at debug 0)"
-
export LPAC_HTTP="$HTTP_BACKEND"
if [ "$HTTP_DEBUG" -eq 1 ]; then
export LIBEUICC_DEBUG_HTTP="1"
export LIBEUICC_DEBUG_APDU="1"
fi
-export AT_DEVICE="$AT_DEVICE"
-export AT_DEBUG="$AT_DEBUG"
+if [ "$APDU_BACKEND" = "at" ]; then
+ AT_DEVICE="$(uci_get lpac at device /dev/ttyUSB2)"
+ AT_DEBUG="$(uci_get lpac at debug 0)"
+ export AT_DEVICE="$AT_DEVICE"
+ export AT_DEBUG="$AT_DEBUG"
+elif [ "$APDU_BACKEND" = "uqmi" ]; then
+ UQMI_DEV="$(uci_get lpac uqmi device /dev/cdc-wdm0)"
+ UQMI_DEBUG="$(uci_get lpac uqmi debug 0)"
+ export LPAC_QMI_DEV="$UQMI_DEV"
+ export LPAC_QMI_DEBUG="$UQMI_DEBUG"
+fi
/usr/lib/lpac "$@"
config global global
- option apdu_backend 'at'
+ option apdu_backend 'uqmi'
option http_backend 'curl'
option apdu_debug '0'
option http_debug '0'
config at at
option device '/dev/ttyUSB2'
option debug '0'
+
+config uqmi uqmi
+ option device '/dev/cdc-wdm0'
+ option debug '0'
--- /dev/null
+From 96c73de212c84caa1cc2796980e762321e0acdc3 Mon Sep 17 00:00:00 2001
+From: David Bauer <david.bauer@uniberg.com>
+Date: Wed, 27 Mar 2024 22:20:16 +0100
+Subject: [PATCH] driver: add uqmi backend
+
+This commit adds a backend to interface with an eUICC connected to a
+compatible modem using the uqmi application.
+
+This allows OpenWrt to manage an eUICC including the download and
+installation of SIM profiles.
+
+This was previously not possible with most modems, as the APDU
+operations were aborted due to exceeding the timeout imposed
+on the AT interface by the modem firmware.
+
+Tested-on: Quectel EC25 / Quectel EP06 / Quectel RG520N
+
+Signed-off-by: David Bauer <david.bauer@uniberg.com>
+---
+ driver/CMakeLists.txt | 3 +
+ driver/apdu/uqmi.c | 273 ++++++++++++++++++++++++++++++++++++++++++
+ driver/apdu/uqmi.h | 7 ++
+ driver/driver.c | 6 +
+ 4 files changed, 289 insertions(+)
+ create mode 100644 driver/apdu/uqmi.c
+ create mode 100644 driver/apdu/uqmi.h
+
+--- a/driver/CMakeLists.txt
++++ b/driver/CMakeLists.txt
+@@ -47,6 +47,9 @@ if(LPAC_WITH_APDU_AT)
+ target_sources(euicc-drivers PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/apdu/at.c)
+ endif()
+
++set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DLPAC_WITH_APDU_UQMI")
++target_sources(euicc-drivers PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/apdu/uqmi.c)
++
+ if(LPAC_WITH_APDU_GBINDER)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DLPAC_WITH_APDU_GBINDER")
+ target_sources(euicc-drivers PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/apdu/gbinder_hidl.c)
+--- /dev/null
++++ b/driver/apdu/uqmi.c
+@@ -0,0 +1,273 @@
++// SPDX-License-Identifier: MIT
++/* Copyright (c) 2024 David Bauer <david.bauer@uniberg.com> */
++
++#include "at.h"
++
++#include <inttypes.h>
++#include <stdio.h>
++#include <stdarg.h>
++#include <string.h>
++#include <stdlib.h>
++#include <unistd.h>
++
++#include <cjson/cJSON_ex.h>
++#include <euicc/interface.h>
++#include <euicc/hexutil.h>
++
++static FILE *fuart;
++static int client_id = 0;
++static int logic_channel = 0;
++static char *devpath = NULL;
++
++
++static int uqmi_execute_command(const char *command, char *buf, size_t bufsize)
++{
++ char *debug_str = getenv("LPAC_QMI_DEBUG");
++ char final_command[2048] = {};
++ FILE *fp;
++ char *remaining;
++ int debug = debug_str ? atoi(debug_str) : 0;
++
++ if (debug)
++ printf("UQMI_DEBUG_TX: %s\n", command);
++
++ if (snprintf(final_command, sizeof(final_command), "uqmi -s -d %s %s", devpath, command) >= sizeof(final_command))
++ {
++ fprintf(stderr, "Command too long\n");
++ return -1;
++ }
++
++ fp = popen(final_command, "r");
++ if (fp == NULL)
++ {
++ fprintf(stderr, "Failed to execute command: %s\n", command);
++ return -1;
++ }
++
++ remaining = buf;
++ if (buf) {
++ while (fgets(remaining, bufsize - (remaining - buf), fp) != NULL)
++ {
++ /* Read to buffer */
++ }
++ if (debug)
++ printf("UQMI_DEBUG_RX: %s", buf);
++ }
++
++ pclose(fp);
++ return 0;
++}
++
++static int uqmi_open_client()
++{
++ char buffer[2048] = {};
++ int ret;
++
++ ret = uqmi_execute_command("uqmi -s -d /dev/cdc-wdm0 --get-client-id uim", buffer, sizeof(buffer));
++ if (ret)
++ {
++ return -1;
++ }
++
++ client_id = atoi(buffer);
++ if (client_id == 0)
++ {
++ return -1;
++ }
++
++ return 0;
++}
++
++static int apdu_interface_connect(struct euicc_ctx *ctx)
++{
++ const char *device;
++
++ client_id = 0;
++ logic_channel = 0;
++ devpath = getenv("LPAC_QMI_DEV");
++
++ return uqmi_open_client();
++}
++
++static void apdu_interface_disconnect(struct euicc_ctx *ctx)
++{
++ char command[64] = {};
++
++ snprintf(command, sizeof(command), "--set-client-id uim,%d --release-client-id uim", client_id);
++ uqmi_execute_command(command, NULL, 0);
++
++ client_id = 0;
++ logic_channel = 0;
++}
++
++static int apdu_interface_transmit(struct euicc_ctx *ctx, uint8_t **rx, uint32_t *rx_len, const uint8_t *tx, uint32_t tx_len)
++{
++ cJSON *root = NULL, *jtmp = NULL;
++ char cmd[2048] = {};
++ char buf[2048] = {};
++ char *json;
++
++ *rx = NULL;
++ *rx_len = 0;
++
++ if (!client_id)
++ {
++ return -1;
++ }
++
++ if (!logic_channel)
++ {
++ return -1;
++ }
++
++ for (int i = 0; i < tx_len; i++)
++ {
++ snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "%02X", (uint8_t)(tx[i] & 0xFF));
++ }
++
++ snprintf(cmd, sizeof(cmd), "--set-client-id uim,%d --keep-client-id uim --uim-slot 1 --uim-channel-id %d --uim-apdu-send \"%s\"",
++ client_id, logic_channel, buf);
++ uqmi_execute_command(cmd, buf, sizeof(buf));
++
++ json = strstr(buf, "{");
++ if (!json)
++ {
++ printf("No JSON found\n");
++ goto fail;
++ }
++
++ root = cJSON_Parse(json);
++ if (!root)
++ {
++ printf("Failed to parse JSON\n");
++ goto fail;
++ }
++
++ jtmp = cJSON_GetObjectItem(root, "response");
++ if (!jtmp || !cJSON_IsString(jtmp))
++ {
++ printf("Failed to get response\n");
++ goto fail;
++ }
++
++ *rx_len = strlen(jtmp->valuestring) / 2;
++ *rx = malloc(*rx_len);
++ if (euicc_hexutil_hex2bin_r(*rx, *rx_len, jtmp->valuestring, strlen(jtmp->valuestring)) < 0)
++ {
++ printf("Failed to convert hex '%s' to binary\n", jtmp->valuestring);
++ goto fail;
++ }
++
++ cJSON_Delete(root);
++ return 0;
++fail:
++ if (root)
++ {
++ cJSON_Delete(root);
++ }
++
++ if (*rx)
++ {
++ free(*rx);
++ }
++ *rx_len = 0;
++ return -1;
++}
++
++static int apdu_interface_logic_channel_open(struct euicc_ctx *ctx, const uint8_t *aid, uint8_t aid_len)
++{
++ char *response, *json;
++ char buf[2048] = {};
++ char cmd[2048] = {};
++ cJSON *root, *jtmp;
++
++ if (!client_id)
++ {
++ return -1;
++ }
++
++ if (logic_channel)
++ {
++ return logic_channel;
++ }
++
++ snprintf(cmd, sizeof(cmd), "--set-client-id uim,%d --keep-client-id uim --uim-slot 1 --uim-channel-open ", client_id);
++ for (int i = 0; i < aid_len; i++)
++ {
++ snprintf(cmd + strlen(cmd), sizeof(cmd) - strlen(cmd), "%02X", (uint8_t)(aid[i] & 0xFF));
++ }
++
++ uqmi_execute_command(cmd, buf, sizeof(buf));
++
++ json = strstr(buf, "{");
++ if (!json)
++ {
++ printf("No JSON found\n");
++ return -1;
++ }
++
++ root = cJSON_Parse(json);
++ if (!root)
++ {
++ printf("Failed to parse JSON\n");
++ return -1;
++ }
++
++ jtmp = cJSON_GetObjectItem(root, "channel_id");
++ if (!jtmp || !cJSON_IsNumber(jtmp))
++ {
++ printf("Failed to get channel_id\n");
++ cJSON_Delete(root);
++ return -1;
++ }
++
++ logic_channel = jtmp->valueint;
++
++ cJSON_Delete(root);
++ return logic_channel;
++}
++
++static void apdu_interface_logic_channel_close(struct euicc_ctx *ctx, uint8_t channel)
++{
++ char cmd[2048] = {};
++
++ if (!logic_channel)
++ {
++ return;
++ }
++
++ snprintf(cmd, sizeof(cmd), "--set-client-id uim,%d --keep-client-id uim --uim-slot 1 --uim-channel-id %d --uim-channel-close", client_id, logic_channel);
++ uqmi_execute_command(cmd, NULL, 0);
++ logic_channel = 0;
++ return;
++}
++
++static int libapduinterface_init(struct euicc_apdu_interface *ifstruct)
++{
++ memset(ifstruct, 0, sizeof(struct euicc_apdu_interface));
++
++ ifstruct->connect = apdu_interface_connect;
++ ifstruct->disconnect = apdu_interface_disconnect;
++ ifstruct->logic_channel_open = apdu_interface_logic_channel_open;
++ ifstruct->logic_channel_close = apdu_interface_logic_channel_close;
++ ifstruct->transmit = apdu_interface_transmit;
++
++ return 0;
++}
++
++static int libapduinterface_main(int argc, char **argv)
++{
++ return 0;
++}
++
++static void libapduinterface_fini(void)
++{
++}
++
++const struct euicc_driver driver_apdu_uqmi = {
++ .type = DRIVER_APDU,
++ .name = "uqmi",
++ .init = (int (*)(void *))libapduinterface_init,
++ .main = libapduinterface_main,
++ .fini = libapduinterface_fini,
++};
+--- /dev/null
++++ b/driver/apdu/uqmi.h
+@@ -0,0 +1,7 @@
++// SPDX-License-Identifier: MIT
++/* Copyright (c) 2024 David Bauer <david.bauer@uniberg.com> */
++
++#pragma once
++#include <driver.private.h>
++
++extern const struct euicc_driver driver_apdu_uqmi;
+--- a/driver/driver.c
++++ b/driver/driver.c
+@@ -22,6 +22,9 @@
+ #ifdef LPAC_WITH_APDU_AT
+ #include "driver/apdu/at.h"
+ #endif
++#ifdef LPAC_WITH_APDU_UQMI
++#include "driver/apdu/uqmi.h"
++#endif
+ #ifdef LPAC_WITH_HTTP_CURL
+ #include "driver/http/curl.h"
+ #endif
+@@ -44,6 +47,9 @@ static const struct euicc_driver *driver
+ #ifdef LPAC_WITH_APDU_AT
+ &driver_apdu_at,
+ #endif
++#ifdef LPAC_WITH_APDU_UQMI
++ &driver_apdu_uqmi,
++#endif
+ #ifdef LPAC_WITH_HTTP_CURL
+ &driver_http_curl,
+ #endif
include $(TOPDIR)/rules.mk
PKG_NAME:=LVM2
-PKG_VERSION:=2.03.23
-PKG_VERSION_DM:=1.02.197
+PKG_VERSION:=2.03.25
+PKG_VERSION_DM:=1.02.199
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME).$(PKG_VERSION).tgz
PKG_SOURCE_URL:=https://sourceware.org/pub/lvm2
-PKG_HASH:=74e794a9e9dee1bcf8a2065f65b9196c44fdf321e22d63b98ed7de8c9aa17a5d
+PKG_HASH:=4bea6fd2e5af9cdb3e27b48b4efa8d89210d9bfa13df900e092e404720a59b1d
PKG_BUILD_DIR:=$(BUILD_DIR)/lvm2-$(BUILD_VARIANT)/$(PKG_NAME).$(PKG_VERSION)
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
--- a/lib/commands/toolcontext.c
+++ b/lib/commands/toolcontext.c
-@@ -1709,7 +1709,7 @@ struct cmd_context *create_toolcontext(u
+@@ -1660,6 +1660,7 @@ struct cmd_context *create_toolcontext(u
/* FIXME Make this configurable? */
reset_lvm_errno(1);
--#ifndef VALGRIND_POOL
-+#if defined(__GLIBC__) && !defined(VALGRIND_POOL)
++#ifdef __GLIBC__
/* Set in/out stream buffering before glibc */
if (set_buffering
- #ifdef SYS_gettid
-@@ -2085,7 +2085,7 @@ void destroy_toolcontext(struct cmd_cont
+ && !cmd->running_on_valgrind /* Skipping within valgrind execution. */
+@@ -1704,6 +1705,7 @@ struct cmd_context *create_toolcontext(u
+ } else if (!set_buffering)
+ /* Without buffering, must not use stdin/stdout */
+ init_silent(1);
++#endif
+
+ /*
+ * Environment variable LVM_SYSTEM_DIR overrides this below.
+@@ -2038,6 +2040,7 @@ void destroy_toolcontext(struct cmd_cont
+ if (cmd->cft_def_hash)
dm_hash_destroy(cmd->cft_def_hash);
- dm_device_list_destroy(&cmd->cache_dm_devs);
--#ifndef VALGRIND_POOL
-+#if defined(__GLIBC__) && !defined(VALGRIND_POOL)
- if (cmd->linebuffer) {
++#ifdef __GLIBC__
+ if (!cmd->running_on_valgrind && cmd->linebuffer) {
+ int flags;
/* Reset stream buffering to defaults */
- if (is_valid_fd(STDIN_FILENO) &&
+@@ -2061,6 +2064,7 @@ void destroy_toolcontext(struct cmd_cont
+
+ free(cmd->linebuffer);
+ }
++#endif
+
+ destroy_config_context(cmd);
+
--- a/tools/lvmcmdline.c
+++ b/tools/lvmcmdline.c
-@@ -3437,6 +3437,7 @@ int lvm_split(char *str, int *argc, char
+@@ -3375,6 +3375,7 @@ int lvm_split(char *str, int *argc, char
/* Make sure we have always valid filedescriptors 0,1,2 */
static int _check_standard_fds(void)
{
int err = is_valid_fd(STDERR_FILENO);
if (!is_valid_fd(STDIN_FILENO) &&
-@@ -3463,6 +3464,12 @@ static int _check_standard_fds(void)
+@@ -3401,6 +3402,12 @@ static int _check_standard_fds(void)
strerror(errno));
return 0;
}
--- a/lib/mm/memlock.c
+++ b/lib/mm/memlock.c
-@@ -199,12 +199,15 @@ static void _allocate_memory(void)
- * memory on free(), this is good enough for our purposes.
- */
+@@ -195,12 +195,15 @@ static void _allocate_memory(void)
+ * memory on free(), this is good enough for our purposes.
+ */
while (missing > 0) {
+#ifdef __GLIBC__
struct MALLINFO inf = MALLINFO();
inf = MALLINFO();
if (hblks < inf.hblks) {
-@@ -214,9 +217,12 @@ static void _allocate_memory(void)
+@@ -210,9 +213,12 @@ static void _allocate_memory(void)
free(areas[area]);
_size_malloc_tmp /= 2;
} else {
if (area == max_areas && missing > 0) {
/* Too bad. Warn the user and proceed, as things are
-@@ -537,8 +543,13 @@ static void _lock_mem(struct cmd_context
+@@ -529,8 +535,13 @@ static void _lock_mem(struct cmd_context
* will not block memory locked thread
* Note: assuming _memlock_count_daemon is updated before _memlock_count
*/
include $(TOPDIR)/rules.mk
PKG_NAME:=lxc
-PKG_VERSION:=5.0.3
+PKG_VERSION:=6.0.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://linuxcontainers.org/downloads/lxc/
-PKG_HASH:=2693a4c654dcfdafb3aa95c262051d8122afa1b6f5cef1920221ebbdee934d07
+PKG_HASH:=1930aa10d892db8531d1353d15f7ebf5913e74a19e134423e4d074c07f2d6e8b
PKG_MAINTAINER:=Marko Ratkaj <markoratkaj@gmail.com>
PKG_LICENSE:=LGPL-2.1-or-later BSD-2-Clause GPL-2.0
SECTION:=libs
CATEGORY:=Libraries
TITLE:=LXC userspace library
- DEPENDS+= +libcap +libpthread +LXC_SECCOMP:libseccomp +libopenssl
+ DEPENDS+= +libcap +libpthread +LXC_SECCOMP:libseccomp +libopenssl +libdbus
endef
define Package/lxc-init
--- a/src/lxc/cmd/lxc-checkconfig.in
+++ b/src/lxc/cmd/lxc-checkconfig.in
-@@ -4,6 +4,17 @@
+@@ -7,6 +7,16 @@ export LANGUAGE=en
# Allow environment variables to override config
- : ${CONFIG:=/proc/config.gz}
- : ${MODNAME:=configs}
+ : "${CONFIG:=/proc/config.gz}"
+ : "${MODNAME:=configs}"
+: ${ZGREP:=zgrep}
+: ${GUNZIP:=gunzip}
+
+if [ -z $(command -v $ZGREP) ] && ! [ -z $(command -v $GUNZIP) ] && [ -x $(command -v $GUNZIP) ] && [ -f $CONFIG ] && [ "$CONFIG" == "/proc/config.gz" ] ; then
++ CONFIG_NEW="/tmp/config-$(uname -r)"
++ $GUNZIP -c $CONFIG > $CONFIG_NEW
++ CONFIG=$CONFIG_NEW
+
-+ CONFIG_NEW="/tmp/config-$(uname -r)"
-+ $GUNZIP -c $CONFIG > $CONFIG_NEW
-+ CONFIG=$CONFIG_NEW
-+
-+ GREP=grep
++ GREP=grep
+fi
- CAT="cat"
+ GREP="grep"
--- a/templates/lxc-download.in
+++ b/templates/lxc-download.in
-@@ -384,20 +384,7 @@ fi
- # Unpack the rootfs
- echo "Unpacking the rootfs"
+@@ -380,26 +380,10 @@ if tar --version | grep -sq "bsdtar"; th
+ IS_BSD_TAR="true"
+ fi
-EXCLUDES=""
-excludelist=$(relevant_file excludes)
-if [ -f "${excludelist}" ]; then
- while read -r line; do
+- if [ ${IS_BSD_TAR} = "true" ]; then
+- line="^${line}"
+- fi
- EXCLUDES="${EXCLUDES} --exclude=${line}"
- done < "${excludelist}"
-fi
-# is to use a function wrapper, but the latter can't be used here as the args
-# are dynamic. We thus need to ignore the warning brought by shellcheck.
-# shellcheck disable=SC2086
--tar --anchored ${EXCLUDES} --numeric-owner -xpJf "${LXC_CACHE_PATH}/rootfs.tar.xz" -C "${LXC_ROOTFS}"
-+tar --numeric-owner -xpJf "${LXC_CACHE_PATH}/rootfs.tar.xz" -C "${LXC_ROOTFS}"
+ if [ "${IS_BSD_TAR}" = "true" ]; then
+- tar ${EXCLUDES} --numeric-owner -xpJf "${LXC_CACHE_PATH}/rootfs.tar.xz" -C "${LXC_ROOTFS}"
++ tar --numeric-owner -xpJf "${LXC_CACHE_PATH}/rootfs.tar.xz" -C "${LXC_ROOTFS}"
+ else
+- tar --anchored ${EXCLUDES} --numeric-owner --xattrs-include='*' -xpJf "${LXC_CACHE_PATH}/rootfs.tar.xz" -C "${LXC_ROOTFS}"
++ tar --numeric-owner --xattrs-include='*' -xpJf "${LXC_CACHE_PATH}/rootfs.tar.xz" -C "${LXC_ROOTFS}"
+ fi
mkdir -p "${LXC_ROOTFS}/dev/pts/"
-
PKG_NAME:=mariadb
PKG_VERSION:=10.9.8
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL := https://archive.mariadb.org/$(PKG_NAME)-$(PKG_VERSION)/source
--- /dev/null
+From 4375245d5d9f01cabb6e3fd6c637535e724eae38 Mon Sep 17 00:00:00 2001
+From: Daniel Black <daniel@mariadb.org>
+Date: Wed, 22 May 2024 17:43:17 +1000
+Subject: [PATCH] MDEV-34206 compile failure: fmt use incompatible with
+ libfmt-10.2.[2]+
+
+Upstream libfmt commit https://github.com/fmtlib/fmt/commit/d70729215fba1d54862e407b626abf86ddf409bf
+now requires the format function to be const.
+
+Adjust the function prototype so it is const and can compile.
+---
+ sql/item_strfunc.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/sql/item_strfunc.cc
++++ b/sql/item_strfunc.cc
+@@ -1367,7 +1367,7 @@ bool Item_func_sformat::fix_length_and_d
+ namespace fmt {
+ template <> struct formatter<String>: formatter<string_view> {
+ template <typename FormatContext>
+- auto format(String c, FormatContext& ctx) -> decltype(ctx.out()) {
++ auto format(String c, FormatContext& ctx) const -> decltype(ctx.out()) {
+ string_view name = { c.ptr(), c.length() };
+ return formatter<string_view>::format(name, ctx);
+ };
include $(TOPDIR)/rules.mk
PKG_NAME:=mc
-PKG_VERSION:=4.8.31
+PKG_VERSION:=4.8.32
PKG_RELEASE:=1
PKG_MAINTAINER:=
PKG_LICENSE:=GPL-3.0-or-later
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://ftp.midnight-commander.org/
-PKG_HASH:=24191cf8667675b8e31fc4a9d18a0a65bdc0598c2c5c4ea092494cd13ab4ab1a
+PKG_HASH:=4ddc83d1ede9af2363b3eab987f54b87cf6619324110ce2d3a0e70944d1359fe
PKG_BUILD_PARALLEL:=1
PKG_FIXUP:=autoreconf gettext-version
PKG_BUILD_DEPENDS:=MC_VFS:libtirpc
PKG_NAME:=mg
PKG_VERSION:=7.3
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/ibara/mg/tar.gz/$(PKG_NAME)-$(PKG_VERSION)?
--- /dev/null
+--- a/main.c
++++ b/main.c
+@@ -18,6 +18,7 @@
+ #include <unistd.h>
+ #if defined(__linux__) || defined(__CYGWIN__)
+ #include <pty.h>
++#include <utmp.h>
+ #elif defined(__OpenBSD__) || defined(__NetBSD__) || defined(__APPLE__)
+ #include <util.h>
+ #else
PKG_NAME:=moreutils
PKG_VERSION:=0.69
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://git.kitenet.net/index.cgi/moreutils.git/snapshot
CATEGORY:=Utilities
TITLE:=additional Unix utilities
URL:=https://joeyh.name/code/moreutils/
- DEPENDS:=+perl +perlbase-file +perlbase-getopt +perlbase-io +perlbase-ipc +perlbase-posix
+ DEPENDS:=+perl +perlbase-file +perlbase-getopt +perlbase-io +perlbase-ipc +perlbase-posix +perlbase-time
endef
define Package/moreutils/description
include $(TOPDIR)/rules.mk
PKG_NAME:=mstflint
-PKG_VERSION:=4.28.0
+PKG_VERSION:=4.29.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-1.tar.gz
PKG_SOURCE_URL:=https://github.com/Mellanox/$(PKG_NAME)/releases/download/v$(PKG_VERSION)-1
-PKG_SOURCE_DATE:=2024-05-06
-PKG_HASH:=cef08373ff7002a4f75c123d03990ea6b9e79b9d8493ca067b625eddd287b62d
+PKG_SOURCE_DATE:=2024-08-13
+PKG_HASH:=1bd048146f1fe0493d4770b244b02e32981b49caed068fd96a22700103220654
PKG_MAINTAINER:=Til Kaiser <mail@tk154.de>
PKG_LICENSE:=GPL-2.0-only
TITLE:=Mellanox Firmware Burning and Diagnostics Tools
URL:=https://github.com/Mellanox/mstflint
DEPENDS:=@!(mips||mips64||mipsel) \
- +libcurl +liblzma +libopenssl \
+ +libcurl +libexpat +liblzma +libopenssl \
+libsqlite3 +libstdcpp +libxml2 +zlib
endef
CONFIGURE_ARGS += \
--enable-fw-mgr \
- --disable-inband
+ --disable-inband \
+ --enable-adb-generic-tools
TARGET_CFLAGS += \
-D_GNU_SOURCE \
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mstconfig $(1)/usr/bin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mstcongestion $(1)/usr/bin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mstflint $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mstfwctrl $(1)/usr/bin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mstfwmanager $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mstlink $(1)/usr/bin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mstmcra $(1)/usr/bin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mstmread $(1)/usr/bin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mstmtserver $(1)/usr/bin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mstmwrite $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mstreg $(1)/usr/bin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mstregdump $(1)/usr/bin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mstvpd $(1)/usr/bin/
include $(TOPDIR)/rules.mk
PKG_NAME:=mt-st
-PKG_VERSION:=1.1
-PKG_RELEASE:=2
+PKG_VERSION:=1.7
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=ftp://ftp.ibiblio.org/pub/Linux/system/backup/
-PKG_HASH:=945cb4f3d9957dabe768f5941a9148b746396836c797b25f020c84319ba8170d
+PKG_SOURCE_URL:=https://github.com/iustin/mt-st/releases/download/v$(PKG_VERSION)
+PKG_HASH:=6d675488d89dad4fc76043afa379e7c967f3dd4d4306848e8cf69a20e582988d
PKG_MAINTAINER:=Giuseppe Magnotta <giuseppe.magnotta@gmail.com>
-PKG_LICENSE:=GPL-2.0
+PKG_LICENSE:=GPL-2.0-or-later
+PKG_LICENSE_FILES:=COPYING
include $(INCLUDE_DIR)/package.mk
SECTION:=utils
CATEGORY:=Utilities
TITLE:=Magnetic tape control tools for Linux SCSI tapes
- URL:=http://ftp.ibiblio.org/pub/Linux/system/backup/
+ URL:=https://github.com/iustin/mt-st
endef
define Package/mt-st/description
+++ /dev/null
---- a/mt.c
-+++ b/mt.c
-@@ -20,6 +20,7 @@
- #include <fcntl.h>
- #include <sys/types.h>
- #include <sys/ioctl.h>
-+#include <sys/sysmacros.h>
- #include <sys/stat.h>
- #include <sys/utsname.h>
-
---- a/stinit.c
-+++ b/stinit.c
-@@ -16,6 +16,7 @@
- #include <errno.h>
- #include <fcntl.h>
- #include <dirent.h>
-+#include <limits.h>
- #include <sys/stat.h>
- #include <sys/ioctl.h>
- #include <sys/sysmacros.h>
include $(TOPDIR)/rules.mk
PKG_NAME:=nano
-PKG_VERSION:=8.0
+PKG_VERSION:=8.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@GNU/nano
-PKG_HASH:=c17f43fc0e37336b33ee50a209c701d5beb808adc2d9f089ca831b40539c9ac4
+PKG_HASH:=d5ad07dd862facae03051c54c6535e54c7ed7407318783fcad1ad2d7076fffeb
PKG_LICENSE:=GPL-3.0-or-later
PKG_LICENSE_FILES:=COPYING
+++ /dev/null
-From e9c7dfa99221935ffa38b5b9dbf294933e0aa7c0 Mon Sep 17 00:00:00 2001
-From: Benno Schulenberg <bensberg@telfort.nl>
-Date: Fri, 3 May 2024 12:12:09 +0200
-Subject: minibar: do not falsely report that a new, empty file is in Mac
- format
-
-The 'openfile->fmt' element gets initialized to 'UNSPECIFIED',
-so the code has to take that possibility into account.
-
-This fixes https://savannah.gnu.org/bugs/?65676.
-
-Bug existed since version 8.0, commit fe4f74f6.
----
- src/winio.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/src/winio.c
-+++ b/src/winio.c
-@@ -2213,7 +2213,7 @@ void minibar(void)
- size_t count = openfile->filebot->lineno - (openfile->filebot->data[0] == '\0');
-
- number_of_lines = nmalloc(49);
-- if (openfile->fmt == NIX_FILE)
-+ if (openfile->fmt == NIX_FILE || openfile->fmt == UNSPECIFIED)
- sprintf(number_of_lines, P_(" (%zu line)", " (%zu lines)", count), count);
- else
- sprintf(number_of_lines, P_(" (%zu line, %s)", " (%zu lines, %s)", count),
include $(TOPDIR)/rules.mk
PKG_NAME:=nerdctl
-PKG_VERSION:=1.6.2
+PKG_VERSION:=1.7.7
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/containerd/nerdctl/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=fb7660f7e598e4c502d4f0c26cf985290fc7bdc80cce1f7402020afdf83ef988
+PKG_HASH:=bcddf2ee3ad2bc84adc5e207f97157998fe973912c7d1dd9540bd4bb4a07698d
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_BUILD_FLAGS:=no-mips16
GO_PKG:=github.com/containerd/nerdctl
+GO_PKG_LDFLAGS_X:=$(GO_PKG)/pkg/version.Version=v$(PKG_VERSION)
include $(INCLUDE_DIR)/package.mk
include ../../lang/golang/golang-package.mk
include $(TOPDIR)/rules.mk
PKG_NAME:=ntfs-3g
-PKG_VERSION:=2022.5.17
+PKG_VERSION:=2022.10.3
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)_ntfsprogs-$(PKG_VERSION).tgz
PKG_SOURCE_URL:=https://www.tuxera.com/opensource/
-PKG_HASH:=0489fbb6972581e1b417ab578d543f6ae522e7fa648c3c9b49c789510fd5eb93
+PKG_HASH:=f20e36ee68074b845e3629e6bced4706ad053804cbaf062fbae60738f854170c
PKG_MAINTAINER:=Ted Hess <thess@kitschensync.net>
PKG_LICENSE:=GPL-2.0-only LGPL-2.1-or-later
include $(TOPDIR)/rules.mk
PKG_NAME:=nvme-cli
-PKG_VERSION:=2.5
-PKG_RELEASE:=2
+PKG_VERSION:=2.9.1
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/linux-nvme/nvme-cli/archive/refs/tags/v$(PKG_VERSION)
-PKG_HASH:=e84bdba276aadcddda8cf5d412e934cc5673af15132ea02180deb5d06af73146
+PKG_HASH:=4b61684a1d23de1d9d0abd3f273799c60256c0e2a2e68a790d7945183fe33874
PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=LICENSE
--- /dev/null
+From 650070ad5d4a97fc87f9018743e3b566deba36c8 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Tue, 21 May 2024 14:09:32 -0700
+Subject: [PATCH] plugins/ssstc: Replace __uint16_t with uint16_t
+
+uint16_t is ISO defined and comes from stdint.h, makes it
+portable across glibc and musl on linux.
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ plugins/ssstc/ssstc-nvme.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/plugins/ssstc/ssstc-nvme.c
++++ b/plugins/ssstc/ssstc-nvme.c
+@@ -64,9 +64,9 @@ void show_ssstc_add_smart_log_jsn(struct
+ unsigned int nsid, const char *devname)
+ {
+ struct json_object *root, *entry_stats, *dev_stats, *multi;
+- __uint16_t wear_level_min = 0;
+- __uint16_t wear_level_max = 0;
+- __uint16_t wear_level_avg = 0;
++ uint16_t wear_level_min = 0;
++ uint16_t wear_level_max = 0;
++ uint16_t wear_level_avg = 0;
+ uint64_t raw_val = 0;
+
+ root = json_create_object();
PKG_NAME:=openocd
PKG_SOURCE_VERSION:=v0.12.0
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://git.code.sf.net/p/openocd/code
--- /dev/null
+From 1de35c0b76ea138895370f65849831c3c7d397ff Mon Sep 17 00:00:00 2001
+From: Antonio Borneo <borneo.antonio@gmail.com>
+Date: Sun, 24 Mar 2024 15:53:33 +0100
+Subject: [PATCH] jtag: linuxgpiod: adapt for libgpiod v2 API
+
+Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
+Signed-off-by: Michael Heimpold <mhei@heimpold.de>
+---
+ configure.ac | 15 +-
+ src/jtag/drivers/linuxgpiod.c | 487 ++++++++++++++++++++++++++++------
+ 2 files changed, 419 insertions(+), 83 deletions(-)
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -659,7 +659,20 @@ PKG_CHECK_MODULES([LIBFTDI], [libftdi1],
+ PKG_CHECK_MODULES([LIBFTDI], [libftdi], [use_libftdi=yes], [use_libftdi=no])
+ ])
+
+-PKG_CHECK_MODULES([LIBGPIOD], [libgpiod], [use_libgpiod=yes], [use_libgpiod=no])
++PKG_CHECK_MODULES([LIBGPIOD], [libgpiod >= 2.0] , [
++ use_libgpiod=yes
++ AC_DEFINE([HAVE_LIBGPIOD_V1], [0], [define if libgpiod is version v1.x])
++], [
++ PKG_CHECK_MODULES([LIBGPIOD], [libgpiod], [
++ use_libgpiod=yes
++ AC_DEFINE([HAVE_LIBGPIOD_V1], [1], [define if libgpiod is version v1.x])
++
++ PKG_CHECK_EXISTS([libgpiod >= 1.5],
++ [AC_DEFINE([HAVE_LIBGPIOD1_FLAGS_BIAS], [1], [define if libgpiod v1 has line request flags bias])])
++ ], [
++ use_libgpiod=no
++ ])
++])
+
+ PKG_CHECK_MODULES([LIBJAYLINK], [libjaylink >= 0.2],
+ [use_libjaylink=yes], [use_libjaylink=no])
+--- a/src/jtag/drivers/linuxgpiod.c
++++ b/src/jtag/drivers/linuxgpiod.c
+@@ -19,8 +19,267 @@
+ #include <transport/transport.h>
+ #include "bitbang.h"
+
++/*
++ * In case of libgpiod v1, use as much as possible API from v2 plus
++ * the dummy wrappers below.
++ */
++#if HAVE_LIBGPIOD_V1
++
++#define GPIOD_LINE_DIRECTION_INPUT GPIOD_LINE_REQUEST_DIRECTION_INPUT
++#define GPIOD_LINE_DIRECTION_OUTPUT GPIOD_LINE_REQUEST_DIRECTION_OUTPUT
++
++#define GPIOD_LINE_VALUE_INACTIVE 0
++#define GPIOD_LINE_VALUE_ACTIVE 1
++
++#define GPIOD_LINE_DRIVE_PUSH_PULL 0
++#define GPIOD_LINE_DRIVE_OPEN_DRAIN GPIOD_LINE_REQUEST_FLAG_OPEN_DRAIN
++#define GPIOD_LINE_DRIVE_OPEN_SOURCE GPIOD_LINE_REQUEST_FLAG_OPEN_SOURCE
++
++#define GPIOD_LINE_BIAS_DISABLED GPIOD_LINE_REQUEST_FLAG_BIAS_DISABLE
++#define GPIOD_LINE_BIAS_PULL_UP GPIOD_LINE_REQUEST_FLAG_BIAS_PULL_UP
++#define GPIOD_LINE_BIAS_PULL_DOWN GPIOD_LINE_REQUEST_FLAG_BIAS_PULL_DOWN
++
++struct gpiod_line_settings {
++ int direction;
++ int value;
++ int drive;
++ int bias;
++ int active_low;
++};
++
++static struct gpiod_line_settings *gpiod_line_settings_new(void)
++{
++ struct gpiod_line_settings *rv;
++
++ rv = calloc(sizeof(struct gpiod_line_settings), 1);
++ if (!rv)
++ return NULL;
++
++ return rv;
++}
++
++static void gpiod_line_settings_free(struct gpiod_line_settings *settings)
++{
++ free(settings);
++}
++
++static int gpiod_line_settings_set_direction(struct gpiod_line_settings *settings,
++ int direction)
++{
++ settings->direction = direction;
++
++ return 0;
++}
++
++static int gpiod_line_settings_set_output_value(struct gpiod_line_settings *settings,
++ int value)
++{
++ settings->value = value;
++
++ return 0;
++}
++
++static int gpiod_line_settings_set_drive(struct gpiod_line_settings *settings, int drive)
++{
++ settings->drive = drive;
++
++ return 0;
++}
++
++static void gpiod_line_settings_set_active_low(struct gpiod_line_settings *settings,
++ bool active_low)
++{
++ if (active_low)
++ settings->active_low = GPIOD_LINE_REQUEST_FLAG_ACTIVE_LOW;
++}
++
++#ifdef HAVE_LIBGPIOD1_FLAGS_BIAS
++
++static int gpiod_line_settings_set_bias(struct gpiod_line_settings *settings, int bias)
++{
++ settings->bias = bias;
++
++ return 0;
++}
++
++#else /* HAVE_LIBGPIOD1_FLAGS_BIAS */
++
++static int gpiod_line_settings_set_bias(struct gpiod_line_settings *settings, int bias)
++{
++ if (bias == GPIOD_LINE_BIAS_DISABLED)
++ return 0;
++
++ LOG_WARNING("linuxgpiod: ignoring request for pull-%s: not supported by libgpiod v%s",
++ (bias == GPIOD_LINE_BIAS_PULL_UP) ? "up" : "down",
++ gpiod_version_string());
++
++ return 0;
++}
++
++#endif /* HAVE_LIBGPIOD1_FLAGS_BIAS */
++
++struct gpiod_line_config {
++ unsigned int gpio_num;
++ struct gpiod_line_settings *line_settings;
++};
++
++static struct gpiod_line_config *gpiod_line_config_new(void)
++{
++ struct gpiod_line_config *rv;
++
++ rv = calloc(sizeof(struct gpiod_line_config), 1);
++ if (!rv)
++ return NULL;
++
++ return rv;
++}
++
++static void gpiod_line_config_free(struct gpiod_line_config *config)
++{
++ free(config);
++}
++
++static int gpiod_line_config_add_line_settings(struct gpiod_line_config *config,
++ const unsigned int *offsets, size_t num_offsets, struct gpiod_line_settings *settings)
++{
++ assert(num_offsets == 1);
++
++ config->gpio_num = *offsets;
++ config->line_settings = settings;
++
++ return 0;
++}
++
++struct gpiod_request_config {
++ const char *consumer;
++};
++
++static struct gpiod_request_config *gpiod_request_config_new(void)
++{
++ struct gpiod_request_config *rv;
++
++ rv = calloc(sizeof(struct gpiod_request_config), 1);
++ if (!rv)
++ return NULL;
++
++ return rv;
++}
++
++static void gpiod_request_config_free(struct gpiod_request_config *config)
++{
++ free(config);
++}
++
++static void gpiod_request_config_set_consumer(struct gpiod_request_config *config,
++ const char *consumer)
++{
++ config->consumer = consumer;
++}
++
++struct gpiod_line_request {
++ struct gpiod_line *gpio_line;
++ struct gpiod_chip *chip;
++ struct gpiod_request_config *req_cfg;
++ struct gpiod_line_config *line_cfg;
++};
++
++static struct gpiod_line_request *gpiod_chip_request_lines(struct gpiod_chip *chip,
++ struct gpiod_request_config *req_cfg, struct gpiod_line_config *line_cfg)
++{
++ struct gpiod_line_request *line_req;
++ int rv, flags = 0;
++
++ assert(req_cfg);
++
++ line_req = calloc(sizeof(struct gpiod_line_request), 1);
++ if (!line_req)
++ return NULL;
++
++ line_req->gpio_line = gpiod_chip_get_line(chip, line_cfg->gpio_num);
++ if (!line_req->gpio_line) {
++ free(line_req);
++ return NULL;
++ }
++
++ /* remember stuff in case we need to reconfigure later */
++ line_req->chip = chip;
++ line_req->req_cfg = req_cfg;
++ line_req->line_cfg = line_cfg;
++
++ flags |= line_cfg->line_settings->drive;
++ flags |= line_cfg->line_settings->bias;
++ flags |= line_cfg->line_settings->active_low;
++
++ struct gpiod_line_request_config config = {
++ .consumer = line_req->req_cfg->consumer,
++ .request_type = line_cfg->line_settings->direction,
++ .flags = flags,
++ };
++
++ rv = gpiod_line_request(line_req->gpio_line, &config, line_cfg->line_settings->value);
++ if (rv < 0) {
++ gpiod_line_release(line_req->gpio_line);
++ free(line_req);
++ return NULL;
++ }
++
++ return line_req;
++}
++
++static int gpiod_line_request_get_value(struct gpiod_line_request *request,
++ __attribute__((unused)) unsigned int offset)
++{
++ return gpiod_line_get_value(request->gpio_line);
++}
++
++static int gpiod_line_request_set_value(struct gpiod_line_request *request,
++ __attribute__((unused)) unsigned int offset, int value)
++{
++ return gpiod_line_set_value(request->gpio_line, value);
++}
++
++static void gpiod_line_request_release(struct gpiod_line_request *request)
++{
++ gpiod_line_release(request->gpio_line);
++ free(request);
++}
++
++static int gpiod_line_request_reconfigure_lines(struct gpiod_line_request *request,
++ struct gpiod_line_config *line_cfg)
++{
++ int rv, flags = 0;
++
++ /* in libgpiod v1 we have to release the line and re-aquire it */
++ gpiod_line_release(request->gpio_line);
++ request->gpio_line = gpiod_chip_get_line(request->chip, request->line_cfg->gpio_num);
++ if (!request->gpio_line)
++ return -1;
++
++ flags |= line_cfg->line_settings->drive;
++ flags |= line_cfg->line_settings->bias;
++ flags |= line_cfg->line_settings->active_low;
++
++ struct gpiod_line_request_config config = {
++ .consumer = request->req_cfg->consumer,
++ .request_type = line_cfg->line_settings->direction,
++ .flags = flags,
++ };
++
++ rv = gpiod_line_request(request->gpio_line, &config, line_cfg->line_settings->value);
++ if (rv < 0)
++ return -1;
++
++ /* remember updated line_cfg */
++ request->line_cfg = line_cfg;
++ return 0;
++}
++
++#endif /* HAVE_LIBGPIOD_V1 */
++
+ static struct gpiod_chip *gpiod_chip[ADAPTER_GPIO_IDX_NUM] = {};
+-static struct gpiod_line *gpiod_line[ADAPTER_GPIO_IDX_NUM] = {};
++static struct gpiod_line_settings *gpiod_line_settings[ADAPTER_GPIO_IDX_NUM] = {};
++static struct gpiod_line_config *gpiod_line_config[ADAPTER_GPIO_IDX_NUM] = {};
++static struct gpiod_line_request *gpiod_line_req[ADAPTER_GPIO_IDX_NUM] = {};
+
+ static int last_swclk;
+ static int last_swdio;
+@@ -29,6 +288,20 @@ static bool swdio_input;
+
+ static const struct adapter_gpio_config *adapter_gpio_config;
+
++/* Helper to get/set a single line */
++static int linuxgpiod_line_get_value(enum adapter_gpio_config_index idx)
++{
++ return gpiod_line_request_get_value(gpiod_line_req[idx],
++ adapter_gpio_config[idx].gpio_num);
++}
++
++static int linuxgpiod_line_set_value(enum adapter_gpio_config_index idx, int value)
++{
++ return gpiod_line_request_set_value(gpiod_line_req[idx],
++ adapter_gpio_config[idx].gpio_num,
++ value);
++}
++
+ /*
+ * Helper function to determine if gpio config is valid
+ *
+@@ -48,7 +321,7 @@ static bb_value_t linuxgpiod_read(void)
+ {
+ int retval;
+
+- retval = gpiod_line_get_value(gpiod_line[ADAPTER_GPIO_IDX_TDO]);
++ retval = linuxgpiod_line_get_value(ADAPTER_GPIO_IDX_TDO);
+ if (retval < 0) {
+ LOG_WARNING("reading tdo failed");
+ return 0;
+@@ -81,20 +354,20 @@ static int linuxgpiod_write(int tck, int
+ }
+
+ if (tdi != last_tdi) {
+- retval = gpiod_line_set_value(gpiod_line[ADAPTER_GPIO_IDX_TDI], tdi);
++ retval = linuxgpiod_line_set_value(ADAPTER_GPIO_IDX_TDI, tdi);
+ if (retval < 0)
+ LOG_WARNING("writing tdi failed");
+ }
+
+ if (tms != last_tms) {
+- retval = gpiod_line_set_value(gpiod_line[ADAPTER_GPIO_IDX_TMS], tms);
++ retval = linuxgpiod_line_set_value(ADAPTER_GPIO_IDX_TMS, tms);
+ if (retval < 0)
+ LOG_WARNING("writing tms failed");
+ }
+
+ /* write clk last */
+ if (tck != last_tck) {
+- retval = gpiod_line_set_value(gpiod_line[ADAPTER_GPIO_IDX_TCK], tck);
++ retval = linuxgpiod_line_set_value(ADAPTER_GPIO_IDX_TCK, tck);
+ if (retval < 0)
+ LOG_WARNING("writing tck failed");
+ }
+@@ -110,7 +383,7 @@ static int linuxgpiod_swdio_read(void)
+ {
+ int retval;
+
+- retval = gpiod_line_get_value(gpiod_line[ADAPTER_GPIO_IDX_SWDIO]);
++ retval = linuxgpiod_line_get_value(ADAPTER_GPIO_IDX_SWDIO);
+ if (retval < 0) {
+ LOG_WARNING("Fail read swdio");
+ return 0;
+@@ -123,30 +396,54 @@ static void linuxgpiod_swdio_drive(bool
+ {
+ int retval;
+
+- /*
+- * FIXME: change direction requires release and re-require the line
+- * https://stackoverflow.com/questions/58735140/
+- * this would change in future libgpiod
+- */
+- gpiod_line_release(gpiod_line[ADAPTER_GPIO_IDX_SWDIO]);
+-
+ if (is_output) {
+- if (gpiod_line[ADAPTER_GPIO_IDX_SWDIO_DIR]) {
+- retval = gpiod_line_set_value(gpiod_line[ADAPTER_GPIO_IDX_SWDIO_DIR], 1);
++ if (gpiod_line_req[ADAPTER_GPIO_IDX_SWDIO_DIR]) {
++ retval = linuxgpiod_line_set_value(ADAPTER_GPIO_IDX_SWDIO_DIR, 1);
+ if (retval < 0)
+- LOG_WARNING("Fail set swdio_dir");
++ LOG_WARNING("Failed to set swdio_dir=1");
+ }
+- retval = gpiod_line_request_output(gpiod_line[ADAPTER_GPIO_IDX_SWDIO], "OpenOCD", 1);
++
++ retval = gpiod_line_settings_set_direction(gpiod_line_settings[ADAPTER_GPIO_IDX_SWDIO],
++ GPIOD_LINE_DIRECTION_OUTPUT);
+ if (retval < 0)
+- LOG_WARNING("Fail request_output line swdio");
++ LOG_WARNING("Failed to set new direction of swdio");
++
++ retval = gpiod_line_settings_set_output_value(gpiod_line_settings[ADAPTER_GPIO_IDX_SWDIO],
++ GPIOD_LINE_VALUE_ACTIVE);
++ if (retval < 0)
++ LOG_WARNING("Failed to set output value of swdio");
++
++ retval = gpiod_line_config_add_line_settings(gpiod_line_config[ADAPTER_GPIO_IDX_SWDIO],
++ (unsigned int *)&adapter_gpio_config[ADAPTER_GPIO_IDX_SWDIO].gpio_num, 1,
++ gpiod_line_settings[ADAPTER_GPIO_IDX_SWDIO]);
++ if (retval < 0)
++ LOG_WARNING("Failed to apply output configuration to swdio");
++
++ retval = gpiod_line_request_reconfigure_lines(gpiod_line_req[ADAPTER_GPIO_IDX_SWDIO],
++ gpiod_line_config[ADAPTER_GPIO_IDX_SWDIO]);
++ if (retval < 0)
++ LOG_WARNING("Failed to switch swdio to output");
+ } else {
+- retval = gpiod_line_request_input(gpiod_line[ADAPTER_GPIO_IDX_SWDIO], "OpenOCD");
++ retval = gpiod_line_settings_set_direction(gpiod_line_settings[ADAPTER_GPIO_IDX_SWDIO],
++ GPIOD_LINE_DIRECTION_INPUT);
++ if (retval < 0)
++ LOG_WARNING("Failed to switch swdio to output");
++
++ retval = gpiod_line_config_add_line_settings(gpiod_line_config[ADAPTER_GPIO_IDX_SWDIO],
++ (unsigned int *)&adapter_gpio_config[ADAPTER_GPIO_IDX_SWDIO].gpio_num, 1,
++ gpiod_line_settings[ADAPTER_GPIO_IDX_SWDIO]);
+ if (retval < 0)
+- LOG_WARNING("Fail request_input line swdio");
+- if (gpiod_line[ADAPTER_GPIO_IDX_SWDIO_DIR]) {
+- retval = gpiod_line_set_value(gpiod_line[ADAPTER_GPIO_IDX_SWDIO_DIR], 0);
++ LOG_WARNING("Failed to apply input configuration to swdio");
++
++ retval = gpiod_line_request_reconfigure_lines(gpiod_line_req[ADAPTER_GPIO_IDX_SWDIO],
++ gpiod_line_config[ADAPTER_GPIO_IDX_SWDIO]);
++ if (retval < 0)
++ LOG_WARNING("Failed to switch swdio to input");
++
++ if (gpiod_line_req[ADAPTER_GPIO_IDX_SWDIO_DIR]) {
++ retval = linuxgpiod_line_set_value(ADAPTER_GPIO_IDX_SWDIO_DIR, 0);
+ if (retval < 0)
+- LOG_WARNING("Fail set swdio_dir");
++ LOG_WARNING("Failed to set swdio_dir=0");
+ }
+ }
+
+@@ -159,16 +456,16 @@ static int linuxgpiod_swd_write(int swcl
+ int retval;
+
+ if (!swdio_input) {
+- if (!last_stored || (swdio != last_swdio)) {
+- retval = gpiod_line_set_value(gpiod_line[ADAPTER_GPIO_IDX_SWDIO], swdio);
++ if (!last_stored || swdio != last_swdio) {
++ retval = linuxgpiod_line_set_value(ADAPTER_GPIO_IDX_SWDIO, swdio);
+ if (retval < 0)
+ LOG_WARNING("Fail set swdio");
+ }
+ }
+
+ /* write swclk last */
+- if (!last_stored || (swclk != last_swclk)) {
+- retval = gpiod_line_set_value(gpiod_line[ADAPTER_GPIO_IDX_SWCLK], swclk);
++ if (!last_stored || swclk != last_swclk) {
++ retval = linuxgpiod_line_set_value(ADAPTER_GPIO_IDX_SWCLK, swclk);
+ if (retval < 0)
+ LOG_WARNING("Fail set swclk");
+ }
+@@ -187,7 +484,7 @@ static int linuxgpiod_blink(int on)
+ if (!is_gpio_config_valid(ADAPTER_GPIO_IDX_LED))
+ return ERROR_OK;
+
+- retval = gpiod_line_set_value(gpiod_line[ADAPTER_GPIO_IDX_LED], on);
++ retval = linuxgpiod_line_set_value(ADAPTER_GPIO_IDX_LED, on);
+ if (retval < 0)
+ LOG_WARNING("Fail set led");
+ return retval;
+@@ -214,17 +511,17 @@ static int linuxgpiod_reset(int trst, in
+ LOG_DEBUG("linuxgpiod_reset");
+
+ /*
+- * active low behaviour handled by "adaptor gpio" command and
++ * active low behavior handled by "adaptor gpio" command and
+ * GPIOD_LINE_REQUEST_FLAG_ACTIVE_LOW flag when requesting the line.
+ */
+- if (gpiod_line[ADAPTER_GPIO_IDX_SRST]) {
+- retval1 = gpiod_line_set_value(gpiod_line[ADAPTER_GPIO_IDX_SRST], srst);
++ if (gpiod_line_req[ADAPTER_GPIO_IDX_SRST]) {
++ retval1 = linuxgpiod_line_set_value(ADAPTER_GPIO_IDX_SRST, srst);
+ if (retval1 < 0)
+ LOG_WARNING("set srst value failed");
+ }
+
+- if (gpiod_line[ADAPTER_GPIO_IDX_TRST]) {
+- retval2 = gpiod_line_set_value(gpiod_line[ADAPTER_GPIO_IDX_TRST], trst);
++ if (gpiod_line_req[ADAPTER_GPIO_IDX_TRST]) {
++ retval2 = linuxgpiod_line_set_value(ADAPTER_GPIO_IDX_TRST, trst);
+ if (retval2 < 0)
+ LOG_WARNING("set trst value failed");
+ }
+@@ -256,9 +553,17 @@ static bool linuxgpiod_swd_mode_possible
+
+ static inline void helper_release(enum adapter_gpio_config_index idx)
+ {
+- if (gpiod_line[idx]) {
+- gpiod_line_release(gpiod_line[idx]);
+- gpiod_line[idx] = NULL;
++ if (gpiod_line_req[idx]) {
++ gpiod_line_request_release(gpiod_line_req[idx]);
++ gpiod_line_req[idx] = NULL;
++ }
++ if (gpiod_line_config[idx]) {
++ gpiod_line_config_free(gpiod_line_config[idx]);
++ gpiod_line_config[idx] = NULL;
++ }
++ if (gpiod_line_settings[idx]) {
++ gpiod_line_settings_free(gpiod_line_settings[idx]);
++ gpiod_line_settings[idx] = NULL;
+ }
+ if (gpiod_chip[idx]) {
+ gpiod_chip_close(gpiod_chip[idx]);
+@@ -277,84 +582,102 @@ static int linuxgpiod_quit(void)
+
+ static int helper_get_line(enum adapter_gpio_config_index idx)
+ {
++ struct gpiod_request_config *req_cfg = NULL;
++ char chip_path[24];
++ int rv = 0;
++
+ if (!is_gpio_config_valid(idx))
+ return ERROR_OK;
+
+- int dir = GPIOD_LINE_REQUEST_DIRECTION_INPUT, flags = 0, val = 0, retval;
+-
+- gpiod_chip[idx] = gpiod_chip_open_by_number(adapter_gpio_config[idx].chip_num);
++ snprintf(chip_path, sizeof(chip_path), "/dev/gpiochip%u", adapter_gpio_config[idx].chip_num);
++ gpiod_chip[idx] = gpiod_chip_open(chip_path);
+ if (!gpiod_chip[idx]) {
+ LOG_ERROR("Cannot open LinuxGPIOD chip %d for %s", adapter_gpio_config[idx].chip_num,
+ adapter_gpio_get_name(idx));
+ return ERROR_JTAG_INIT_FAILED;
+ }
+
+- gpiod_line[idx] = gpiod_chip_get_line(gpiod_chip[idx], adapter_gpio_config[idx].gpio_num);
+- if (!gpiod_line[idx]) {
+- LOG_ERROR("Error get line %s", adapter_gpio_get_name(idx));
++ gpiod_line_settings[idx] = gpiod_line_settings_new();
++ gpiod_line_config[idx] = gpiod_line_config_new();
++ req_cfg = gpiod_request_config_new();
++
++ if (!gpiod_line_settings[idx] || !gpiod_line_config[idx] || !req_cfg) {
++ LOG_ERROR("Cannot configure LinuxGPIOD line for %s", adapter_gpio_get_name(idx));
++ gpiod_request_config_free(req_cfg);
+ return ERROR_JTAG_INIT_FAILED;
+ }
+
++ gpiod_request_config_set_consumer(req_cfg, "OpenOCD");
++
+ switch (adapter_gpio_config[idx].init_state) {
+ case ADAPTER_GPIO_INIT_STATE_INPUT:
+- dir = GPIOD_LINE_REQUEST_DIRECTION_INPUT;
++ rv = gpiod_line_settings_set_direction(gpiod_line_settings[idx], GPIOD_LINE_DIRECTION_INPUT);
+ break;
+ case ADAPTER_GPIO_INIT_STATE_INACTIVE:
+- dir = GPIOD_LINE_REQUEST_DIRECTION_OUTPUT;
+- val = 0;
++ rv = gpiod_line_settings_set_direction(gpiod_line_settings[idx], GPIOD_LINE_DIRECTION_OUTPUT);
++ rv |= gpiod_line_settings_set_output_value(gpiod_line_settings[idx], GPIOD_LINE_VALUE_INACTIVE);
+ break;
+ case ADAPTER_GPIO_INIT_STATE_ACTIVE:
+- dir = GPIOD_LINE_REQUEST_DIRECTION_OUTPUT;
+- val = 1;
++ rv = gpiod_line_settings_set_direction(gpiod_line_settings[idx], GPIOD_LINE_DIRECTION_OUTPUT);
++ rv |= gpiod_line_settings_set_output_value(gpiod_line_settings[idx], GPIOD_LINE_VALUE_ACTIVE);
+ break;
+ }
++ if (rv < 0) {
++ LOG_ERROR("Error while configuring LinuxGPIOD line init state for %s", adapter_gpio_get_name(idx));
++ gpiod_request_config_free(req_cfg);
++ return ERROR_JTAG_INIT_FAILED;
++ }
+
+ switch (adapter_gpio_config[idx].drive) {
+ case ADAPTER_GPIO_DRIVE_MODE_PUSH_PULL:
++ rv = gpiod_line_settings_set_drive(gpiod_line_settings[idx], GPIOD_LINE_DRIVE_PUSH_PULL);
+ break;
+ case ADAPTER_GPIO_DRIVE_MODE_OPEN_DRAIN:
+- flags |= GPIOD_LINE_REQUEST_FLAG_OPEN_DRAIN;
++ rv = gpiod_line_settings_set_drive(gpiod_line_settings[idx], GPIOD_LINE_DRIVE_OPEN_DRAIN);
+ break;
+ case ADAPTER_GPIO_DRIVE_MODE_OPEN_SOURCE:
+- flags |= GPIOD_LINE_REQUEST_FLAG_OPEN_SOURCE;
++ rv = gpiod_line_settings_set_drive(gpiod_line_settings[idx], GPIOD_LINE_DRIVE_OPEN_SOURCE);
+ break;
+ }
++ if (rv < 0) {
++ LOG_ERROR("Error while configuring LinuxGPIOD line driving for %s", adapter_gpio_get_name(idx));
++ gpiod_request_config_free(req_cfg);
++ return ERROR_JTAG_INIT_FAILED;
++ }
+
+ switch (adapter_gpio_config[idx].pull) {
+ case ADAPTER_GPIO_PULL_NONE:
+-#ifdef GPIOD_LINE_REQUEST_FLAG_BIAS_DISABLE
+- flags |= GPIOD_LINE_REQUEST_FLAG_BIAS_DISABLE;
+-#endif
++ rv = gpiod_line_settings_set_bias(gpiod_line_settings[idx], GPIOD_LINE_BIAS_DISABLED);
+ break;
+ case ADAPTER_GPIO_PULL_UP:
+-#ifdef GPIOD_LINE_REQUEST_FLAG_BIAS_PULL_UP
+- flags |= GPIOD_LINE_REQUEST_FLAG_BIAS_PULL_UP;
+-#else
+- LOG_WARNING("linuxgpiod: ignoring request for pull-up on %s: not supported by gpiod v%s",
+- adapter_gpio_get_name(idx), gpiod_version_string());
+-#endif
++ rv = gpiod_line_settings_set_bias(gpiod_line_settings[idx], GPIOD_LINE_BIAS_PULL_UP);
+ break;
+ case ADAPTER_GPIO_PULL_DOWN:
+-#ifdef GPIOD_LINE_REQUEST_FLAG_BIAS_PULL_DOWN
+- flags |= GPIOD_LINE_REQUEST_FLAG_BIAS_PULL_DOWN;
+-#else
+- LOG_WARNING("linuxgpiod: ignoring request for pull-down on %s: not supported by gpiod v%s",
+- adapter_gpio_get_name(idx), gpiod_version_string());
+-#endif
++ rv = gpiod_line_settings_set_bias(gpiod_line_settings[idx], GPIOD_LINE_BIAS_PULL_DOWN);
+ break;
+ }
++ if (rv < 0) {
++ LOG_ERROR("Error while configuring LinuxGPIOD line biasing for %s", adapter_gpio_get_name(idx));
++ gpiod_request_config_free(req_cfg);
++ return ERROR_JTAG_INIT_FAILED;
++ }
+
+- if (adapter_gpio_config[idx].active_low)
+- flags |= GPIOD_LINE_REQUEST_FLAG_ACTIVE_LOW;
++ gpiod_line_settings_set_active_low(gpiod_line_settings[idx], adapter_gpio_config[idx].active_low);
+
+- struct gpiod_line_request_config config = {
+- .consumer = "OpenOCD",
+- .request_type = dir,
+- .flags = flags,
+- };
++ rv = gpiod_line_config_add_line_settings(gpiod_line_config[idx],
++ (unsigned int *)&adapter_gpio_config[idx].gpio_num, 1,
++ gpiod_line_settings[idx]);
++ if (rv < 0) {
++ LOG_ERROR("Error configuring gpio line %s", adapter_gpio_get_name(idx));
++ gpiod_request_config_free(req_cfg);
++ return ERROR_JTAG_INIT_FAILED;
++ }
+
+- retval = gpiod_line_request(gpiod_line[idx], &config, val);
+- if (retval < 0) {
++ gpiod_line_req[idx] = gpiod_chip_request_lines(gpiod_chip[idx], req_cfg, gpiod_line_config[idx]);
++
++ gpiod_request_config_free(req_cfg);
++
++ if (!gpiod_line_req[idx]) {
+ LOG_ERROR("Error requesting gpio line %s", adapter_gpio_get_name(idx));
+ return ERROR_JTAG_INIT_FAILED;
+ }
+@@ -380,12 +703,12 @@ static int linuxgpiod_init(void)
+ goto out_error;
+ }
+
+- if (helper_get_line(ADAPTER_GPIO_IDX_TDO) != ERROR_OK ||
+- helper_get_line(ADAPTER_GPIO_IDX_TDI) != ERROR_OK ||
+- helper_get_line(ADAPTER_GPIO_IDX_TCK) != ERROR_OK ||
+- helper_get_line(ADAPTER_GPIO_IDX_TMS) != ERROR_OK ||
+- helper_get_line(ADAPTER_GPIO_IDX_TRST) != ERROR_OK)
+- goto out_error;
++ if (helper_get_line(ADAPTER_GPIO_IDX_TDO) != ERROR_OK
++ || helper_get_line(ADAPTER_GPIO_IDX_TDI) != ERROR_OK
++ || helper_get_line(ADAPTER_GPIO_IDX_TCK) != ERROR_OK
++ || helper_get_line(ADAPTER_GPIO_IDX_TMS) != ERROR_OK
++ || helper_get_line(ADAPTER_GPIO_IDX_TRST) != ERROR_OK)
++ goto out_error;
+ }
+
+ if (transport_is_swd()) {
+@@ -415,9 +738,9 @@ static int linuxgpiod_init(void)
+ goto out_error;
+ }
+
+- if (helper_get_line(ADAPTER_GPIO_IDX_SRST) != ERROR_OK ||
+- helper_get_line(ADAPTER_GPIO_IDX_LED) != ERROR_OK)
+- goto out_error;
++ if (helper_get_line(ADAPTER_GPIO_IDX_SRST) != ERROR_OK
++ || helper_get_line(ADAPTER_GPIO_IDX_LED) != ERROR_OK)
++ goto out_error;
+
+ return ERROR_OK;
+
include $(TOPDIR)/rules.mk
PKG_NAME:=opensc
-PKG_VERSION:=0.24.0
+PKG_VERSION:=0.25.1
PKG_RELEASE:=1
-PKG_HASH:=24d03c69287291da32a30c4c38a304ad827f56cb85d83619e1f5403ab6480ef8
+PKG_HASH:=23cbaae8bd7c8eb589b68c0a961dfb0d02007bea3165a3fc5efe2621d549b37b
PKG_LICENSE:=LGPL-2.1-or-later
PKG_LICENSE_FILES:=COPYING
cardos-tool \
cryptoflex-tool \
dnie-tool \
+ dtrust-tool \
egk-tool \
eidenv \
gids-tool \
iasecc-tool \
netkey-tool \
openpgp-tool \
- opensc-tool \
+ opensc-asn1 \
opensc-explorer:+libncurses:+libreadline \
+ opensc-tool \
piv-tool \
pkcs11-register \
pkcs11-tool \
epass2003 \
flex \
gids \
- gpk \
ias_adele_admin1 \
ias_adele_admin2 \
ias_adele_common \
iasecc_generic_oberthur \
iasecc_generic_pki \
iasecc \
- incrypto34 \
isoApplet \
muscle \
myeid \
rutoken \
sc-hsm \
setcos \
- starcos \
- westcos
+ starcos
$(foreach file,$(TOOLS),$(eval $(call ToolGen,$(file))))
$(foreach file,$(PROFILES),$(eval $(call ProfileGen,$(file))))
--- /dev/null
+--- a/src/libopensc/pkcs15-din-66291.c
++++ b/src/libopensc/pkcs15-din-66291.c
+@@ -23,12 +23,12 @@
+ #include <config.h>
+ #endif
+
++#include <stdlib.h>
++#include <string.h>
+ #include "internal.h"
+ #include "common/compat_strlcpy.h"
+ #include "log.h"
+ #include "pkcs15.h"
+-#include <stdlib.h>
+-#include <string.h>
+
+ static const unsigned char aid_CIA[] = {0xE8, 0x28, 0xBD, 0x08, 0x0F,
+ 0xA0, 0x00, 0x00, 0x01, 0x67, 0x45, 0x53, 0x49, 0x47, 0x4E};
+--- a/src/libopensc/pkcs15-starcos-esign.c
++++ b/src/libopensc/pkcs15-starcos-esign.c
+@@ -23,14 +23,14 @@
+ #include <config.h>
+ #endif
+
++#include <stdlib.h>
++#include <string.h>
+ #include "common/compat_strlcpy.h"
+ #include "internal.h"
+ #include "log.h"
+ #include "pkcs15.h"
+ #include "cards.h"
+
+-#include <stdlib.h>
+-#include <string.h>
+
+ /* compile time option: define ENABLE_ESIGN_ISSUER_CONTAINERS to enable containers holding the issuer certificates */
+
PKG_NAME:=openzwave
PKG_VERSION:=1.6.1149
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://old.openzwave.com/downloads
--- /dev/null
+--- a/cpp/src/command_classes/AssociationCommandConfiguration.cpp
++++ b/cpp/src/command_classes/AssociationCommandConfiguration.cpp
+@@ -183,7 +183,7 @@ namespace OpenZWave
+ if (Node* node = GetNodeUnsafe())
+ {
+ Group* group = node->GetGroup(groupIdx);
+- if ( NULL == group)
++ if (group)
+ {
+ if (firstReports)
+ {
--- /dev/null
+#
+# SPDX-License-Identifier: GPL-2.0-only
+# Copyright (C) 2024 Eric Fahlgren <ericfahlgren@gmail.com>
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=owut
+PKG_SOURCE_DATE:=2024-09-07
+PKG_RELEASE:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_VERSION:=6564aa2aa6b3550c4abde73507ed590aa6184dd4
+PKG_SOURCE_URL:=https://github.com/efahl/owut.git
+PKG_MIRROR_HASH:=16b6f0e19dd8d852e12d01d1286feec97a842513c3b4e2348e1c24b4b7a322df
+
+PKG_MAINTAINER:=Eric Fahlgren <ericfahlgren@gmail.com>
+PKG_LICENSE:=GPL-2.0-only
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/owut
+ SECTION:=utils
+ CATEGORY:=Utilities
+ TITLE:=owut - an OpenWrt Upgrade Tool
+ URL:=http://github.com/efahl/owut
+ DEPENDS:=+attendedsysupgrade-common \
+ +rpcd-mod-file \
+ +ucode +ucode-mod-fs +ucode-mod-ubus \
+ +ucode-mod-uci +ucode-mod-uclient +ucode-mod-uloop
+ PKGARCH:=all
+endef
+
+define Package/owut/description
+ The OpenWrt Upgrade Tool (owut) is a command line program that
+ checks for new packages, package build breakages, generates
+ sysupgrade images containing installed packages and installs
+ images. It is written in ucode for easy end-user customization.
+
+ Documentation is available at
+ https://openwrt.org/docs/guide-user/installation/sysupgrade.owut
+endef
+
+define Build/Configure
+endef
+
+define Build/Compile
+endef
+
+define Package/owut/conffiles
+/etc/owut.d/
+endef
+
+define Package/owut/install
+ $(INSTALL_DIR) $(1)/etc/uci-defaults
+ $(INSTALL_CONF) $(PKG_BUILD_DIR)/files/owut.defaults $(1)/etc/uci-defaults/attendedsysupgrade-owut
+
+ $(INSTALL_DIR) $(1)/etc/owut.d
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/files/pre-install.sh $(1)/etc/owut.d/pre-install.sh
+
+ $(INSTALL_DIR) $(1)/usr/share/ucode/utils
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/files/argparse.uc $(1)/usr/share/ucode/utils
+
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/files/owut $(1)/usr/bin
+
+ sed -i -e "s/%%VERSION%%/$(PKG_VERSION)-r$(PKG_RELEASE)/" $(1)/usr/bin/owut
+endef
+
+$(eval $(call BuildPackage,owut))
PKG_NAME:=pciutils
PKG_VERSION:=3.12.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@KERNEL/software/utils/pciutils
--- /dev/null
+--- a/lib/sysfs.c
++++ b/lib/sysfs.c
+@@ -20,6 +20,7 @@
+ #include <dirent.h>
+ #include <fcntl.h>
+ #include <sys/types.h>
++#include <libgen.h>
+
+ #include "internal.h"
+
include $(TOPDIR)/rules.mk
PKG_NAME:=pcsc-lite
-PKG_VERSION:=2.0.1
-PKG_RELEASE:=1
+PKG_VERSION:=2.2.3
+PKG_RELEASE:=3
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://pcsclite.apdu.fr/files/
-PKG_HASH:=5edcaf5d4544403bdab6ee2b5d6c02c6f97ea64eebf0825b8d0fa61ba417dada
+PKG_HASH:=cab1e62755713f62ce1b567954dbb0e9a7e668ffbc3bbad3ce85c53f8f4e00a4
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=COPYING
PKG_CPE_ID:=cpe:/a:muscle:pcsc-lite
-PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/meson.mk
define Package/pcsc-lite/Default
TITLE:=Access a smart card using SCard API (PC/SC)
TARGET_CFLAGS += $(FPIC)
TARGET_LDFLAGS += -lpthread
-CONFIGURE_ARGS += \
- --disable-libudev \
- --disable-libsystemd \
- --enable-libusb \
- --disable-polkit \
- --enable-static \
- --enable-ipcdir=/var/run/pcscd \
- --enable-usbdropdir=/usr/lib/pcsc/drivers
+MESON_ARGS += \
+ -Dlibudev=false \
+ -Dlibsystemd=false \
+ -Dlibusb=true \
+ -Dpolkit=false \
+ -Dipcdir='/var/run/pcscd' \
+ -Dusbdropdir='/usr/lib/pcsc/drivers'
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include/PCSC
$(CP) $(PKG_INSTALL_DIR)/usr/include/PCSC/* $(1)/usr/include/PCSC/
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libpcsclite.{a,so*} $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libpcsclite_real.{a,so*} $(1)/usr/lib/
$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libpcsclite.pc $(1)/usr/lib/pkgconfig/
endef
define Package/libpcsclite/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libpcsclite.so.* $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libpcsclite_real.so.* $(1)/usr/lib/
endef
define Package/pcscd/conffiles
--- /dev/null
+From 2c82451650e0fe781cee6728c3ceef4cb3161562 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Sat, 29 Jun 2024 17:05:33 -0700
+Subject: [PATCH] pcsc-lite: fix formats under musl
+
+pthread_t is a pointer on musl libc.
+
+../src/debuglog.c: In function 'log_line':
+../src/debuglog.c:279:40: error: format '%lu' expects argument of type 'long unsigned int', but argument 5 has type 'pthread_t' {aka 'struct __pthread *'} [-Werror=format=]
+ 279 | printf("%s%.8d%s [" THREAD_FORMAT "] %s%s%s, %s%s%s\n",
+ | ^~~~~~~~~~~~
+ 280 | time_pfx, delta, time_sfx, thread_id,
+ | ~~~~~~~~~
+ | |
+ | pthread_t {aka struct __pthread *}
+../src/debuglog.c:268:26: note: format string is defined here
+ 268 | #define THREAD_FORMAT "%lu"
+ | ~~^
+ | |
+ | long unsigned int
+../src/debuglog.c:285:40: error: format '%lu' expects argument of type 'long unsigned int', but argument 5 has type 'pthread_t' {aka 'struct __pthread *'} [-Werror=format=]
+ 285 | printf("%s%.8d%s [" THREAD_FORMAT "] %s%s%s\n",
+ | ^~~~~~~~~~~~
+ 286 | time_pfx, delta, time_sfx, thread_id,
+ | ~~~~~~~~~
+ | |
+ | pthread_t {aka struct __pthread *}
+../src/debuglog.c:268:26: note: format string is defined here
+ 268 | #define THREAD_FORMAT "%lu"
+ | ~~^
+ | |
+ | long unsigned int
+cc1: some warnings being treated as errors
+ninja: build stopped: subcommand failed.
+
+Signed-off-by: Rosen Penev <rosenp@gmail.com>
+---
+ src/debuglog.c | 6 +++---
+ src/spy/libpcscspy.c | 4 ++--
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+--- a/src/debuglog.c
++++ b/src/debuglog.c
+@@ -262,10 +262,10 @@ static void log_line(const int priority,
+ break;
+ }
+
+-#ifdef __APPLE__
+-#define THREAD_FORMAT "%p"
+-#else
++#ifdef __GLIBC__
+ #define THREAD_FORMAT "%lu"
++#else
++#define THREAD_FORMAT "%p"
+ #endif
+ if (rv_text)
+ {
+--- a/src/spy/libpcscspy.c
++++ b/src/spy/libpcscspy.c
+@@ -121,7 +121,7 @@ static void spy_line_direct(char *line)
+ if (Log_fd < 0)
+ return;
+
+- snprintf(threadid, sizeof threadid, "%lX@", pthread_self());
++ snprintf(threadid, sizeof threadid, "%lX@", (unsigned long)pthread_self());
+ pthread_mutex_lock(&Log_fd_mutex);
+ r = write(Log_fd, threadid, strlen(threadid));
+ r = write(Log_fd, line, strlen(line));
+@@ -150,7 +150,7 @@ static void spy_line(const char *fmt, ..
+ printf("libpcsc-spy: Buffer is too small!\n");
+ return;
+ }
+- snprintf(threadid, sizeof threadid, "%lX@", pthread_self());
++ snprintf(threadid, sizeof threadid, "%lX@", (unsigned long)pthread_self());
+ pthread_mutex_lock(&Log_fd_mutex);
+ r = write(Log_fd, threadid, strlen(threadid));
+ r = write(Log_fd, line, size);
include $(TOPDIR)/rules.mk
PKG_NAME:=pcsc-tools
-PKG_VERSION:=1.7.0
+PKG_VERSION:=1.7.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_SOURCE_URL:=http://ludovic.rousseau.free.fr/softwares/pcsc-tools
-PKG_HASH:=3466e60f975573168e9880505c7b44a4d51eb507a8a7dda9e68b672071c20da6
+PKG_SOURCE_URL:=https://pcsc-tools.apdu.fr
+PKG_HASH:=0d024b589e15d79eac8506cd67df7b53cf91e9e6a493c8319f33cd29b5f36426
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
PKG_LICENSE:=GPL-2.0-or-later
include $(TOPDIR)/rules.mk
PKG_NAME:=powertop
-PKG_VERSION:=2.14
-PKG_RELEASE:=2
+PKG_VERSION:=2.15
+PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
PKG_SOURCE_URL:=https://github.com/fenrus75/powertop
-PKG_MIRROR_HASH:=52366fb27a67a2a877de449fbbad61f4347f7428cdc976b84b5702b527d440a4
+PKG_MIRROR_HASH:=cdff63ce2678c69239608e6944e342408abcf4de76134477c362d16b3a366b93
PKG_MAINTAINER:=Lucian Cristain <lucian.cristian@gmail.com>
PKG_LICENSE:=GPL-2.0-only
+++ /dev/null
-From 9ef1559a1582f23d599c149601c3a8e06809296c Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex@linutronix.de>
-Date: Mon, 25 Oct 2021 17:47:23 +0200
-Subject: [PATCH] src: fix compatibility with ncurses 6.3
-
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
----
- src/devices/devfreq.cpp | 2 +-
- src/display.cpp | 2 +-
- src/lib.cpp | 2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-
---- a/src/devices/devfreq.cpp
-+++ b/src/devices/devfreq.cpp
-@@ -297,7 +297,7 @@ void display_devfreq_devices(void)
- df->fill_freq_utilization(j, buf);
- strcat(fline, buf);
- strcat(fline, "\n");
-- wprintw(win, fline);
-+ wprintw(win, "%s", fline);
- }
- wprintw(win, "\n");
- }
---- a/src/display.cpp
-+++ b/src/display.cpp
-@@ -125,7 +125,7 @@ void show_tab(unsigned int tab)
-
- c = bottom_lines[tab_names[tab]].c_str();
- if (c && strlen(c) > 0)
-- mvwprintw(bottom_line, 0,0, c);
-+ mvwprintw(bottom_line, 0,0, "%s", c);
- else
- mvwprintw(bottom_line, 0, 0,
- "<ESC> %s | <TAB> / <Shift + TAB> %s | ", _("Exit"),
---- a/src/lib.cpp
-+++ b/src/lib.cpp
-@@ -583,7 +583,7 @@ void ui_notify_user_ncurses(const char *
- * buffer */
- vsnprintf(notify, UI_NOTIFY_BUFF_SZ - 1, frmt, list);
- va_end(list);
-- mvprintw(1, 0, notify);
-+ mvprintw(1, 0, "%s", notify);
- attroff(COLOR_PAIR(1));
- }
-
include $(TOPDIR)/rules.mk
PKG_NAME:=prometheus-node-exporter-lua
-PKG_VERSION:=2023.07.13
-PKG_RELEASE:=1
+PKG_VERSION:=2024.06.16
+PKG_RELEASE:=2
PKG_MAINTAINER:=Etienne CHAMPETIER <champetier.etienne@gmail.com>
PKG_LICENSE:=Apache-2.0
define Package/prometheus-node-exporter-lua
$(call Package/prometheus-node-exporter-lua/Default)
- DEPENDS:=+luasocket +lua +uhttpd +uhttpd-mod-lua
+ DEPENDS:=+luasocket +lua +uhttpd +uhttpd-mod-lua +libubus-lua
endef
define Package/prometheus-node-exporter-lua/install
define Package/prometheus-node-exporter-lua-dawn
$(call Package/prometheus-node-exporter-lua/Default)
TITLE+= (dawn collector)
- DEPENDS:=prometheus-node-exporter-lua +libiwinfo-lua +libubus-lua
+ DEPENDS:=prometheus-node-exporter-lua +libiwinfo-lua
endef
define Package/prometheus-node-exporter-lua-dawn/install
define Package/prometheus-node-exporter-lua-hostapd_stations
$(call Package/prometheus-node-exporter-lua/Default)
TITLE+= (hostapd_stations collector) - Requires a full hostapd / wpad build
- DEPENDS:=prometheus-node-exporter-lua +hostapd-utils +lua-bit32 +libubus-lua
+ DEPENDS:=prometheus-node-exporter-lua +hostapd-utils +lua-bit32
endef
define Package/prometheus-node-exporter-lua-hostapd_stations/install
define Package/prometheus-node-exporter-lua-hostapd_ubus_stations
$(call Package/prometheus-node-exporter-lua/Default)
TITLE+= (hostapd_ubus_stations collector)
- DEPENDS:=prometheus-node-exporter-lua +luabitop +libubus-lua
+ DEPENDS:=prometheus-node-exporter-lua +luabitop
endef
define Package/prometheus-node-exporter-lua-hostapd_ubus_stations/install
define Package/prometheus-node-exporter-lua-openwrt
$(call Package/prometheus-node-exporter-lua/Default)
TITLE+= (openwrt collector)
- DEPENDS:=prometheus-node-exporter-lua +libubus-lua
+ DEPENDS:=prometheus-node-exporter-lua
endef
define Package/prometheus-node-exporter-lua-openwrt/install
define Package/prometheus-node-exporter-lua-wifi
$(call Package/prometheus-node-exporter-lua/Default)
TITLE+= (wifi collector)
- DEPENDS:=prometheus-node-exporter-lua +libiwinfo-lua +libubus-lua
+ DEPENDS:=prometheus-node-exporter-lua +libiwinfo-lua
endef
define Package/prometheus-node-exporter-lua-wifi/install
define Package/prometheus-node-exporter-lua-wifi_stations
$(call Package/prometheus-node-exporter-lua/Default)
TITLE+= (wifi_stations collector)
- DEPENDS:=prometheus-node-exporter-lua +libiwinfo-lua +libubus-lua
+ DEPENDS:=prometheus-node-exporter-lua +libiwinfo-lua
endef
define Package/prometheus-node-exporter-lua-wifi_stations/install
define Package/prometheus-node-exporter-lua-snmp6
$(call Package/prometheus-node-exporter-lua/Default)
TITLE+= (snmp6 collector)
- DEPENDS:=prometheus-node-exporter-lua +libubus-lua
+ DEPENDS:=prometheus-node-exporter-lua
endef
define Package/prometheus-node-exporter-lua-snmp6/install
define Package/prometheus-node-exporter-lua-realtek-poe
$(call Package/prometheus-node-exporter-lua/Default)
TITLE+= (realtek-poe collector)
- DEPENDS:=prometheus-node-exporter-lua +libubus-lua +realtek-poe
+ DEPENDS:=prometheus-node-exporter-lua +realtek-poe
endef
define Package/prometheus-node-exporter-lua-realtek-poe/install
$(INSTALL_BIN) ./files/usr/lib/lua/prometheus-collectors/realtek-poe.lua $(1)/usr/lib/lua/prometheus-collectors/
endef
+define Package/prometheus-node-exporter-lua-mwan3
+ $(call Package/prometheus-node-exporter-lua/Default)
+ TITLE+= (mwan3 collector)
+ DEPENDS:=prometheus-node-exporter-lua +mwan3
+endef
+
+define Package/prometheus-node-exporter-lua-mwan3/install
+ $(INSTALL_DIR) $(1)/usr/lib/lua/prometheus-collectors
+ $(INSTALL_BIN) ./files/usr/lib/lua/prometheus-collectors/mwan3.lua $(1)/usr/lib/lua/prometheus-collectors/
+endef
+
$(eval $(call BuildPackage,prometheus-node-exporter-lua))
$(eval $(call BuildPackage,prometheus-node-exporter-lua-bmx7))
$(eval $(call BuildPackage,prometheus-node-exporter-lua-dawn))
$(eval $(call BuildPackage,prometheus-node-exporter-lua-wifi_stations))
$(eval $(call BuildPackage,prometheus-node-exporter-lua-snmp6))
$(eval $(call BuildPackage,prometheus-node-exporter-lua-realtek-poe))
+$(eval $(call BuildPackage,prometheus-node-exporter-lua-mwan3))
for _, dev_table in pairs(status) do
for _, intf in ipairs(dev_table['interfaces']) do
- local cfg = intf['config']
-
- if is_ubus_interface(ubus_interfaces, cfg['ifname']) then
+ if is_ubus_interface(ubus_interfaces, intf['ifname']) then
-- Migrate this to ubus interface once it exposes all interesting labels
- local handle = io.popen("hostapd_cli -i " .. cfg['ifname'] .." status")
+ local handle = io.popen("hostapd_cli -i " .. intf['ifname'] .." status")
local hostapd_status = handle:read("*a")
handle:close()
hostapd["channel"] = value
-- hostapd gives us all bss on the relevant phy, find the one we're interested in
elseif string.match(name, "bss%[%d%]") then
- if value == cfg['ifname'] then
+ if value == intf['ifname'] then
bss_idx = tonumber(string.match(name, "bss%[(%d)%]"))
end
elseif bss_idx >= 0 then
end
local labels = {
- vif = cfg['ifname'],
+ vif = intf['ifname'],
ssid = hostapd['ssid'],
bssid = hostapd['bssid'],
- encryption = cfg['encryption'], -- In a mixed scenario it would be good to know if A or B was used
+ encryption = intf['config']['encryption'], -- In a mixed scenario it would be good to know if A or B was used
frequency = hostapd['freq'],
channel = hostapd['channel'],
}
--- /dev/null
+local ubus = require "ubus"
+
+local function scrape()
+ local u = ubus.connect()
+ local status = u:call("mwan3", "status", {})
+ if status == nil then
+ error("Could not get mwan3 status")
+ end
+
+ local mwan3_age = metric("mwan3_interface_age", "counter")
+ local mwan3_online = metric("mwan3_interface_online", "counter")
+ local mwan3_offline = metric("mwan3_interface_offline", "counter")
+ local mwan3_uptime = metric("mwan3_interface_uptime", "counter")
+ local mwan3_score = metric("mwan3_interface_score", "gauge")
+ local mwan3_lost = metric("mwan3_interface_lost", "counter")
+ local mwan3_turn = metric("mwan3_interface_turn", "counter")
+ local mwan3_status = metric("mwan3_interface_status", "gauge")
+ local mwan3_enabled = metric("mwan3_interface_enabled", "gauge")
+ local mwan3_running = metric("mwan3_interface_running", "gauge")
+ local mwan3_up = metric("mwan3_interface_up", "gauge")
+
+ local possible_status = {"offline", "online", "disconnecting", "connecting", "disabled", "notracking", "unknown"}
+
+ for iface, iface_details in pairs(status.interfaces) do
+ mwan3_age({interface = iface}, iface_details.age)
+ mwan3_online({interface = iface}, iface_details.online)
+ mwan3_offline({interface = iface}, iface_details.offline)
+ mwan3_uptime({interface = iface}, iface_details.uptime)
+ mwan3_score({interface = iface}, iface_details.score)
+ mwan3_lost({interface = iface}, iface_details.lost)
+ mwan3_turn({interface = iface}, iface_details.turn)
+ for _, s in ipairs(possible_status) do
+ local is_active_status = iface_details.status == s and 1 or 0
+ mwan3_status({interface = iface, status = s}, is_active_status)
+ end
+ mwan3_enabled({interface = iface}, iface_details.enabled and 1 or 0)
+ mwan3_running({interface = iface}, iface_details.running and 1 or 0)
+ mwan3_up({interface = iface}, iface_details.up and 1 or 0)
+ end
+
+end
+
+return { scrape = scrape }
local function scrape()
-- documetation about nf_conntrack:
-- https://www.frozentux.net/iptables-tutorial/chunkyhtml/x1309.html
- nat_metric = metric("node_nat_traffic", "gauge" )
+
+ -- two dimesional table to sum bytes for the pair (src/dest)
+ local nat = {}
+ -- default constructor to init unknow pairs
+ setmetatable(nat, {
+ __index = function (t, addr)
+ t[addr] = {}
+ setmetatable(t[addr], {
+ __index = function () return 0 end
+ })
+ return t[addr]
+ end
+ })
+
for e in io.lines("/proc/net/nf_conntrack") do
-- output(string.format("%s\n",e ))
local fields = space_split(e)
-- local src, dest, bytes = string.match(natstat[i], "src=([^ ]+) dst=([^ ]+) .- bytes=([^ ]+)");
-- local src, dest, bytes = string.match(natstat[i], "src=([^ ]+) dst=([^ ]+) sport=[^ ]+ dport=[^ ]+ packets=[^ ]+ bytes=([^ ]+)")
- local labels = { src = src, dest = dest }
-- output(string.format("src=|%s| dest=|%s| bytes=|%s|", src, dest, bytes ))
- nat_metric(labels, bytes )
+ nat[src][dest] = nat[src][dest] + bytes
+ end
+
+ nat_metric = metric("node_nat_traffic", "gauge" )
+ for src, values in next, nat do
+ for dest, bytes in next, values do
+ local labels = { src = src, dest = dest }
+ nat_metric(labels, bytes )
+ end
end
end
end
end
-local function file_gauge(name, device, file)
- local value = load(device, file)
- if value ~= nil then
- metric("node_network_" .. name, "gauge", {device = device}, tonumber(value))
- end
-end
-
-local function file_counter(name, device, file)
- local value = load(device, file)
- if value ~= nil then
- metric("node_network_" .. name, "counter", {device = device}, tonumber(value))
- end
-end
-
-local function get_metric(device)
+local function get_metric(device, metric_node_network)
local address = load(device, "address")
local broadcast = load(device, "broadcast")
local duplex = load(device, "duplex")
local operstate = load(device, "operstate")
local ifalias = load(device, "ifalias")
- metric("node_network_info", "gauge", {device = device, address = address, broadcast = broadcast, duplex = duplex, operstate = operstate, ifalias = ifalias}, 1)
- file_gauge("address_assign_type", device, "addr_assign_type")
- file_gauge("carrier", device, "carrier")
- file_counter("carrier_changes_total", device, "carrier_changes")
- file_counter("carrier_up_changes_total", device, "carrier_up_count")
- file_counter("carrier_down_changes_total", device, "carrier_down_count")
- file_gauge("device_id", device, "dev_id")
- file_gauge("dormant", device, "dormant")
- file_gauge("flags", device, "flags")
- file_gauge("iface_id", device, "ifindex")
- file_gauge("iface_link", device, "iflink")
- file_gauge("iface_link_mode", device, "link_mode")
- file_gauge("mtu_bytes", device, "mtu")
- file_gauge("name_assign_type", device, "name_assign_type")
- file_gauge("net_dev_group", device, "netdev_group")
- file_gauge("transmit_queue_length", device, "tx_queue_len")
- file_gauge("protocol_type", device, "type")
+ metric_node_network.info({device = device, address = address, broadcast = broadcast, duplex = duplex, operstate = operstate, ifalias = ifalias}, 1)
local speed = load(device, "speed")
if speed ~= nil and tonumber(speed) >= 0 then
- metric("node_network_speed_bytes", "gauge", {device = device}, tonumber(speed)*1000*1000/8)
+ metric_node_network.speed_bytes({device = device}, tonumber(speed)*1000*1000/8)
+ end
+ local file_to_metric = {
+ addr_assign_type = "address_assign_type",
+ carrier = "carrier",
+ carrier_changes = "carrier_changes_total",
+ carrier_up_count = "carrier_up_changes_total",
+ carrier_down_count = "carrier_down_changes_total",
+ dev_id = "device_id",
+ dormant = "dormant",
+ flags = "flags",
+ ifindex = "iface_id",
+ iflink = "iface_link",
+ link_mode = "iface_link_mode",
+ mtu = "mtu_bytes",
+ name_assign_type = "name_assign_type",
+ netdev_group = "net_dev_group",
+ tx_queue_len = "transmit_queue_length",
+ type = "protocol_type",
+ }
+ for file, metric in pairs(file_to_metric) do
+ local value = load(device, file)
+ if value ~= nil then
+ metric_node_network[metric]({device = device}, tonumber(value))
+ end
end
end
local function scrape()
+ local metric_node_network = {
+ info = metric("node_network_info", "gauge"),
+ address_assign_type = metric("node_network_address_assign_type", "gauge"),
+ carrier = metric("node_network_carrier", "gauge"),
+ carrier_changes_total = metric("node_network_carrier_changes_total", "counter"),
+ carrier_up_changes_total = metric("node_network_carrier_up_changes_total", "counter"),
+ carrier_down_changes_total = metric("node_network_carrier_down_changes_total", "counter"),
+ device_id = metric("node_network_device_id", "gauge"),
+ dormant = metric("node_network_dormant", "gauge"),
+ flags = metric("node_network_flags", "gauge"),
+ iface_id = metric("node_network_iface_id", "gauge"),
+ iface_link = metric("node_network_iface_link", "gauge"),
+ iface_link_mode = metric("node_network_iface_link_mode", "gauge"),
+ mtu_bytes = metric("node_network_mtu_bytes", "gauge"),
+ name_assign_type = metric("node_network_name_assign_type", "gauge"),
+ net_dev_group = metric("node_network_net_dev_group", "gauge"),
+ transmit_queue_length = metric("node_network_transmit_queue_length", "gauge"),
+ protocol_type = metric("node_network_protocol_type", "gauge"),
+ speed_bytes = metric("node_network_speed_bytes", "gauge"),
+ }
for _, devicename in ipairs(get_devices()) do
- get_metric(devicename)
+ get_metric(devicename, metric_node_network)
end
end
local fs = require "nixio.fs"
local function scrape()
+ local mtime_metric = metric("node_textfile_mtime_seconds", "gauge")
+
for metrics in fs.glob("/var/prometheus/*.prom") do
output(get_contents(metrics), '\n')
+ local stat = fs.stat(metrics)
+ if stat then
+ mtime_metric({ file = metrics }, stat.mtime)
+ end
end
end
include $(TOPDIR)/rules.mk
PKG_NAME:=qemu
-PKG_VERSION:=9.0.0
+PKG_VERSION:=9.0.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_HASH:=32708ac66c30d8c892633ea968c771c1c76d597d70ddead21a0d22ccf386da69
+PKG_HASH:=a8c3f596aece96da3b00cafb74baafa0d14515eafb8ed1ee3f7f5c2d0ebf02b6
PKG_SOURCE_URL:=https://download.qemu.org/
PKG_LICENSE:=GPL-2.0-only
PKG_LICENSE_FILES:=LICENSE tcg/LICENSE
--- a/configure
+++ b/configure
-@@ -758,6 +758,8 @@ for opt do
+@@ -760,6 +760,8 @@ for opt do
;;
--gdb=*) gdb_bin="$optarg"
;;
+++ /dev/null
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=qfirehose
-PKG_VERSION:=1.4.9
-PKG_RELEASE:=1
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://codeload.github.com/nippynetworks/qfirehose/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=b7c04f9356823c6ee0f4ca152e8fd2015f34b95490cea68461a060993befadef
-
-PKG_MAINTAINER:=Oskari Rauta <oskari.rauta@gmail.com>
-PKG_LICENSE:=
-PKG_LICENSE_FILES:=NOTICE
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/qfirehose
- SECTION:=utils
- CATEGORY:=Utilities
- TITLE:=Quectel Firehose Recovery application
- URL:=https://github.com/nippynetworks/qfirehose
-endef
-
-define Package/qfirehose/description
- Utility that is able to flash firmwares on Quectel's modems.
- Usage: qfirehose -f FW_PATH
-
- Warning.
-
- - Use of software is completely on your own risk.
- Flashing wrong firmware or failed flash can brick your modem permanently.
- Avoid flashing, if device works without issues and updated firmware does not contain new necessary changes.
- Do not flash, if you are not willing to take this risk or do not know what you are doing.
-
- - After succesful flashing, you should use terminal to issue factory reset for modem settings with AT&F command.
-
- - mPCIe users (mostly): If modem has completely disappeared after succesful flashing, reason might be that some firmware updates
- set default mode to USB3 which is unsupported by some mPCIe slots, in this case, you should connect it to USB
- port using mPCIe -> USB adapter, even most of cheap chinese modules can reveal device. After this you should issue
- a command to use USB2, which may vary between models, but on most Quectel modems is: AT+QUSBCFG="SS",0
- Changing value on end of AT command 0 to 1, selects USB3 instead. Refer to documents of your modem.
-endef
-
-define Build/Configure
- $(RM) $(PKG_BUILD_DIR)/QFirehose
-endef
-
-MAKE_ARGS += linux
-
-define Package/qfirehose/install
- $(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/QFirehose $(1)/usr/bin/qfirehose
-endef
-
-$(eval $(call BuildPackage,qfirehose))
include $(TOPDIR)/rules.mk
PKG_NAME:=realtek-poe
-PKG_RELEASE:=2
+PKG_RELEASE:=1
PKG_LICENSE:=GPL-2.0
PKG_MAINTAINER:=Martin Kennedy <hurricos@gmail.com>
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/Hurricos/realtek-poe.git
-PKG_SOURCE_VERSION:=39c93d39dd10da77b4fe48bc1d6bdd3c5978f866
-PKG_MIRROR_HASH:=eb10a6d204bd79ab5a2925f05a68a1a66e0b5402de5d304265858b87d3f7b027
+PKG_SOURCE_VERSION:=ea32075ae41874043eeed14156755a4c0f114582
+PKG_MIRROR_HASH:=5883af61645216eaf90e86a372df055ef352c4445d4f5010da629d98771da0ec
CMAKE_SOURCE_SUBDIR:=src
include $(INCLUDE_DIR)/package.mk
include $(TOPDIR)/rules.mk
PKG_NAME:=ripgrep
-PKG_VERSION:=14.1.0
+PKG_VERSION:=14.1.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/BurntSushi/ripgrep/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=33c6169596a6bbfdc81415910008f26e0809422fda2d849562637996553b2ab6
+PKG_HASH:=4dad02a2f9c8c3c8d89434e47337aa654cb0e2aa50e806589132f186bf5c2b66
PKG_MAINTAINER:=Luca Barbato <lu_zero@luminem.org>
PKG_LICENSE:=MIT Unlicense
--- /dev/null
+From 3c70b9a4900aab74c7643007e2b8127f9d016ed7 Mon Sep 17 00:00:00 2001
+From: Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
+Date: Thu, 12 Sep 2024 17:08:36 +0300
+Subject: [PATCH] switch to tikv-jemallocator
+
+---
+ Cargo.toml | 4 ++--
+ crates/core/main.rs | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+--- a/Cargo.toml
++++ b/Cargo.toml
+@@ -59,8 +59,8 @@ serde_json = "1.0.23"
+ termcolor = "1.1.0"
+ textwrap = { version = "0.16.0", default-features = false }
+
+-[target.'cfg(all(target_env = "musl", target_pointer_width = "64"))'.dependencies.jemallocator]
+-version = "0.5.0"
++[target.'cfg(all(target_env = "musl", target_pointer_width = "64"))'.dependencies.tikv-jemallocator]
++version = "0.6.0"
+
+ [dev-dependencies]
+ serde = "1.0.77"
+--- a/crates/core/main.rs
++++ b/crates/core/main.rs
+@@ -37,7 +37,7 @@ mod search;
+ // i686.
+ #[cfg(all(target_env = "musl", target_pointer_width = "64"))]
+ #[global_allocator]
+-static ALLOC: jemallocator::Jemalloc = jemallocator::Jemalloc;
++static ALLOC: tikv_jemallocator::Jemalloc = tikv_jemallocator::Jemalloc;
+
+ /// Then, as it was, then again it will be.
+ fn main() -> ExitCode {
include $(TOPDIR)/rules.mk
PKG_NAME:=runc
-PKG_VERSION:=1.1.12
+PKG_VERSION:=1.1.13
PKG_RELEASE:=1
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/opencontainers/runc/tar.gz/v${PKG_VERSION}?
-PKG_HASH:=be31b07d6a54a8f234016501c300ad04b6c428c56588e7eca8c3b663308db208
+PKG_HASH:=789d5749a08ef1fbe5d1999b67883206a68a4e58e6ca0151c411d678f3480b25
PKG_MAINTAINER:=Gerard Ryan <G.M0N3Y.2503@gmail.com>
include $(TOPDIR)/rules.mk
PKG_NAME:=sane-backends
-PKG_VERSION:=1.0.32
-PKG_RELEASE:=3
+PKG_VERSION:=1.3.1
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://gitlab.com/sane-project/backends/uploads/104f09c07d35519cc8e72e604f11643f
-PKG_HASH:=3a28c237c0a72767086202379f6dc92dbb63ec08dfbab22312cba80e238bb114
+PKG_SOURCE_URL:=https://gitlab.com/sane-project/backends/uploads/83bdbb6c9a115184c2d48f1fdc6847db/
+PKG_HASH:=aa82f76f409b88f8ea9793d4771fce01254d9b6549ec84d6295b8f59a3879a0c
PKG_MAINTAINER:=Luiz Angelo Daros de Luca <luizluca@gmail.com>
PKG_LICENSE:=GPL-2.0 GPL-2.0-or-later
PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
+PKG_FIXUP:=autoreconf
include $(INCLUDE_DIR)/package.mk
$(eval $(call SaneBackend,kvs40xx,Panasonic KV-S40xxC USB/SCSI ADF scanners,+libpthread +libusb-1.0))
$(eval $(call SaneBackend,leo,LEO Technologies scanners))
$(eval $(call SaneBackend,lexmark,Lexmark X1100/X1200 Series scanners,+libusb-1.0))
+$(eval $(call SaneBackend,lexmark_x2600,Lexmark X26xx Series series scanners,+libusb-1.0))
$(eval $(call SaneBackend,ma1509,Mustek BearPaw 1200F USB scanner,+libusb-1.0))
$(eval $(call SaneBackend,magicolor,KONICA MINOLTA magicolor scanners,+libusb-1.0))
$(eval $(call SaneBackend,matsushita,Panasonic KV-SS high speed scanners))
--- a/Makefile.in
+++ b/Makefile.in
-@@ -451,7 +451,7 @@ target_alias = @target_alias@
+@@ -450,7 +450,7 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
include $(TOPDIR)/rules.mk
PKG_NAME:=sexpect
-PKG_VERSION:=2.3.11
-PKG_RELEASE:=3
+PKG_VERSION:=2.3.14
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/clarkwang/sexpect/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=0ffdba912760383a60783bf010edc184b96d6dd454dc24922fcf7190de969e55
+PKG_HASH:=f6801c8b979d56eec54aedd7ede06e2342f382cee291beea88b52869186c557c
PKG_MAINTAINER:=Clark Wang <dearvoid@gmail.com>
PKG_LICENSE:=GPL-3.0-only
include $(TOPDIR)/rules.mk
PKG_NAME:=stress-ng
-PKG_VERSION:=0.17.07
+PKG_VERSION:=0.18.01
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/ColinIanKing/stress-ng/tar.gz/refs/tags/V$(PKG_VERSION)?
-PKG_HASH:=b0bc1495adce6c7a1f82d53f363682b243d6d7e93a06be7f94c9559c0a311a6f
+PKG_HASH:=30465ee60a32d9018d0de8a78cfeaa576e869b6e6db87e3628d0704dbe61b561
PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
PKG_LICENSE:=GPL-2.0-only
include $(TOPDIR)/rules.mk
PKG_NAME:=sumo
-PKG_VERSION:=1.12.0
+PKG_VERSION:=1.16.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-src-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/sumo
-PKG_HASH:=163dd6f7ed718e2a30630be3d2ac2ddfc4abce24750ed7f4efce879a3ae9447e
+PKG_HASH:=33694b554a8c661ec407d04cc7c6534c473ccb2fbe7bf2ea97e1faddc70654fa
PKG_MAINTAINER:=Álvaro Fernández Rojas <noltari@gmail.com>
PKG_LICENSE:=GPL-3.0-or-later
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
-@@ -270,7 +270,6 @@ if (SUMO_LIBRARIES AND WIN32)
+@@ -303,7 +303,6 @@ if (SUMO_LIBRARIES AND WIN32)
file(GLOB TEXTTEST_EXECUTABLE "${SUMO_LIBRARIES}/TextTest-*/texttest.exe")
else ()
# for Linux and Mac only
--- /dev/null
+--- a/src/utils/router/IntermodalEdge.h
++++ b/src/utils/router/IntermodalEdge.h
+@@ -232,7 +232,7 @@ public:
+
+ // only used by AStar
+ inline double getMinimumTravelTime(const IntermodalTrip<E, N, V>* const trip) const {
+- return myLength / trip->getMaxSpeed();
++ return trip ? myLength / trip->getMaxSpeed() : myLength;
+ }
+
+ /// @brief only used by mono-modal routing
include $(TOPDIR)/rules.mk
PKG_NAME:=swig
-PKG_VERSION:=4.2.0
+PKG_VERSION:=4.2.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/$(PKG_NAME)
-PKG_HASH:=261ca2d7589e260762817b912c075831572b72ff2717942f75b3e51244829c97
+PKG_HASH:=fa045354e2d048b2cddc69579e4256245d4676894858fcf0bab2290ecf59b7d8
PKG_MAINTAINER:=John Crispin <blogic@openwrt.org>, Hirokazu MORIKAWA <morikw2@gmail.com>
PKG_LICENSE:=GPL-3.0-or-later
SECTION:=libs
CATEGORY:=Libraries
TITLE:=swig binding generator
- URL:=http://swig.org/
+ URL:=https://swig.org/
BUILDONLY:=1
endef
include $(TOPDIR)/rules.mk
PKG_NAME:=tesseract
-PKG_VERSION:=5.3.4
+PKG_VERSION:=5.4.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/tesseract-ocr/tesseract/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=141afc12b34a14bb691a939b4b122db0d51bd38feda7f41696822bacea7710c7
+PKG_HASH:=c4bc2a81c12a472f445b7c2fb4705a08bd643ef467f51ec84f0e148bd368051b
PKG_MAINTAINER:=Valentin Kivachuk <vk18496@gmail.com>
PKG_LICENSE:=Apache-2.0
include $(TOPDIR)/rules.mk
PKG_NAME:=tree
-PKG_VERSION:=2.1.1
+PKG_VERSION:=2.1.3
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/Old-Man-Programmer/$(PKG_NAME)/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=1b70253994dca48a59d6ed99390132f4d55c486bf0658468f8520e7e63666a06
+PKG_HASH:=3ffe2c8bb21194b088ad1e723f0cf340dd434453c5ff9af6a38e0d47e0c2723b
PKG_MAINTAINER:=Banglang Huang <banglang.huang@foxmail.com>
include $(TOPDIR)/rules.mk
PKG_NAME:=uhubctl
-PKG_VERSION:=2.5.0
+PKG_VERSION:=2.6.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/mvp/uhubctl/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=d4452252f7862f7a45dd9c62f2ea7cd3a57ab5f5ab0e54a857d4c695699bbba3
+PKG_HASH:=56ca15ddf96d39ab0bf8ee12d3daca13cea45af01bcd5a9732ffcc01664fdfa2
PKG_LICENSE:=GPL-2.0-only
PKG_LICENSE_FILES:=COPYING LICENSE
include $(TOPDIR)/rules.mk
PKG_NAME:=unrar
-PKG_VERSION:=7.0.7
+PKG_VERSION:=7.0.9
PKG_RELEASE:=1
PKG_SOURCE:=unrarsrc-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.rarlab.com/rar
-PKG_HASH:=da95829c7e66fe461c06eb4bea8145e58d88d76909432d0875cd1ff86669f728
+PKG_HASH:=505c13f9e4c54c01546f2e29b2fcc2d7fabc856a060b81e5cdfe6012a9198326
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)-$(BUILD_VARIANT)/unrar
include $(TOPDIR)/rules.mk
PKG_NAME:=whois
-PKG_VERSION:=5.5.22
+PKG_VERSION:=5.5.23
PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/main/w/whois
-PKG_HASH:=03f12c27ae85870d7bcd95b14f3fb8b174532b2f2a59d8380c42ae436d0630d7
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_VERSION:=v$(PKG_VERSION)
+PKG_SOURCE_URL:=https://github.com/rfc1036/whois
+PKG_MIRROR_HASH:=114893f8dd18fb9a4912deba2afaf09bce593b04a72c73381ec2303d71ff708d
PKG_BUILD_DEPENDS:=perl/host
include $(TOPDIR)/rules.mk
PKG_NAME:=xfsprogs
-PKG_VERSION:=6.2.0
+PKG_VERSION:=6.10.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@KERNEL/linux/utils/fs/xfs/xfsprogs
-PKG_HASH:=d67dcba5a28e0904b60886b6e5f752bc7c9c3a5c7096153855b5adca9db86c51
+PKG_HASH:=6cb839be1a9535f8352441b3f6eea521ead5c5c7c913e8106cdfac96aa117041
PKG_MAINTAINER:=
PKG_LICENSE:=GPL-2.0-only
PKG_LICENSE_FILES:=LICENSES/GPL-2.0
PKG_CPE_ID:=cpe:/a:sgi:xfsprogs
-PKG_BUILD_DEPENDS:=inih
+PKG_BUILD_DEPENDS:=inih attr
PKG_BUILD_FLAGS:=no-mips16
PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
SECTION:=utils
CATEGORY:=Utilities
SUBMENU:=Filesystem
- DEPENDS:=+liburcu +libuuid +libpthread
- URL:=https://xfs.org/
+ DEPENDS:=+liburcu +libuuid +libpthread +libblkid
+ URL:=https://xfs.wiki.kernel.org/
endef
define Package/xfs-admin
endef
CONFIGURE_ARGS += \
+ --enable-lto \
--disable-gettext \
- --disable-blkid \
- --disable-readline \
- --disable-editline \
- --disable-termcap \
--disable-lib64 \
--disable-librt \
- --disable-ubisan \
- --disable-addrsan \
- --disable-threadsan \
--disable-scrub \
--disable-libicu
+CONFIGURE_VARS += \
+ DEBUG=-DNDEBUG \
+ OPTIMIZER="$(TARGET_OPTIMIZATION)"
+
TARGET_CFLAGS += -DHAVE_MAP_SYNC $(if $(CONFIG_USE_MUSL),-D_LARGEFILE64_SOURCE)
TARGET_LDFLAGS += $(if $(CONFIG_USE_GLIBC),-lrt)
define Package/xfs-mkfs/install
$(INSTALL_DIR) $(1)/usr/sbin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/sbin/mkfs.xfs $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/mkfs.xfs $(1)/usr/sbin
endef
define Package/xfs-fsck/install
$(INSTALL_DIR) $(1)/usr/sbin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/sbin/xfs_repair $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/xfs_repair $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/xfs_db $(1)/usr/sbin
endef
+++ /dev/null
---- a/libxfs/libxfs_priv.h
-+++ b/libxfs/libxfs_priv.h
-@@ -89,9 +89,6 @@ struct iomap;
- /* for all the support code that uses progname in error messages */
- extern char *progname;
-
--#undef ASSERT
--#define ASSERT(ex) assert(ex)
--
- /*
- * We have no need for the "linux" dev_t in userspace, so these
- * are no-ops, and an xfs_dev_t is stored in VFS_I(ip)->i_rdev
include $(TOPDIR)/rules.mk
PKG_NAME:=xz
-PKG_VERSION:=5.4.6
-PKG_RELEASE:=1
+PKG_VERSION:=5.6.2
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=@SF/lzmautils
-PKG_HASH:=913851b274e8e1d31781ec949f1c23e8dbcf0ecf6e73a2436dc21769dd3e6f49
+PKG_HASH:=e12aa03cbd200597bd4ce11d97be2d09a6e6d39a9311ce72c91ac7deacde3171
PKG_MAINTAINER:=
PKG_LICENSE:=Public-Domain LGPL-2.1-or-later GPL-2.0-or-later GPL-3.0-or-later
--- a/src/liblzma/liblzma.pc.in
+++ b/src/liblzma/liblzma.pc.in
-@@ -7,8 +7,8 @@
+@@ -3,8 +3,8 @@
prefix=@prefix@
exec_prefix=@exec_prefix@
--- /dev/null
+# Fix shared library building in XZ Utils 5.2.13, 5.4.7, and 5.6.2
+#
+# The releases were made with a development version of GNU Libtool
+# (2.5.0+1+g38c166c8). The benefit is that there tend to be fixes that
+# aren't in a stable release yet. At the same time there is a higher
+# risk of new bugs. Unfortunately there was a bug that breaks building
+# of shared libraries on some systems like mips64.
+#
+# This patch was made by taking the upstream commit to m4/libtool.m4
+# and then running "autoconf" to update the generated "configure".
+# This patch only modifies "configure" so that the changed timestamps
+# won't cause the build system to regenerate more files, which would
+# only work if one has all Autotools packages installed.
+#
+# https://git.savannah.gnu.org/cgit/libtool.git/commit/?id=9a4a02615c9e7cbcfd690ed31874822a7d6aaea2
+# https://lore.kernel.org/distributions/3299713.44csPzL39Z@pinacolada/
+
+--- a/configure
++++ b/configure
+@@ -9475,7 +9475,7 @@ do
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+- ac_cv_prog_FILECMD=":"
++ ac_cv_prog_FILECMD="file"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+@@ -9483,6 +9483,7 @@ done
+ done
+ IFS=$as_save_IFS
+
++ test -z "$ac_cv_prog_FILECMD" && ac_cv_prog_FILECMD=":"
+ fi ;;
+ esac
+ fi
include $(TOPDIR)/rules.mk
PKG_NAME:=yq
-PKG_VERSION:=4.43.1
+PKG_VERSION:=4.44.3
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/mikefarah/yq/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=e5581d28bae2bcdf70501dfd251233c592eb3e39a210956ee74965b784435d63
+PKG_HASH:=ea950f5622480fc0ff3708c52589426a737cd4ec887a52922a74efa1be8f2fbf
PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
PKG_LICENSE:=MIT
include $(TOPDIR)/rules.mk
PKG_NAME:=zoneinfo
-PKG_VERSION:=2024a
+PKG_VERSION:=2024b
PKG_RELEASE:=1
#As i couldn't find real license used "Public Domain"
PKG_SOURCE:=tzdata$(PKG_VERSION).tar.gz
PKG_SOURCE_CODE:=tzcode$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.iana.org/time-zones/repository/releases
-PKG_HASH:=0d0434459acbd2059a7a8da1f3304a84a86591f6ed69c6248fffa502b6edffe3
+PKG_HASH:=70e754db126a8d0db3d16d6b4cb5f7ec1e04d5f261255e4558a67fe92d39e550
include $(INCLUDE_DIR)/package.mk
define Download/tzcode
FILE=$(PKG_SOURCE_CODE)
URL=$(PKG_SOURCE_URL)
- HASH:=80072894adff5a458f1d143e16e4ca1d8b2a122c9c5399da482cb68cba6a1ff8
+ HASH:=5e438fc449624906af16a18ff4573739f0cda9862e5ec28d3bcb19cbaed0f672
endef
$(eval $(call Download,tzcode))
PKG_NAME:=zsh
PKG_VERSION:=5.9
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@SF/zsh
--- /dev/null
+From 4c89849c98172c951a9def3690e8647dae76308f Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Fri, 8 Dec 2023 21:58:07 +0100
+Subject: [PATCH] 52383: Avoid incompatible pointer types in terminfo global
+ variable checks
+
+---
+ configure.ac | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -1766,27 +1766,27 @@ if test x$zsh_cv_path_term_header != xno
+ fi
+
+ AC_MSG_CHECKING(if boolcodes is available)
+- AC_LINK_IFELSE([AC_LANG_PROGRAM([[$term_includes]], [[char **test = boolcodes; puts(*test);]])],[AC_DEFINE(HAVE_BOOLCODES) boolcodes=yes],[boolcodes=no])
++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[$term_includes]], [[char **test = (char **)boolcodes; puts(*test);]])],[AC_DEFINE(HAVE_BOOLCODES) boolcodes=yes],[boolcodes=no])
+ AC_MSG_RESULT($boolcodes)
+
+ AC_MSG_CHECKING(if numcodes is available)
+- AC_LINK_IFELSE([AC_LANG_PROGRAM([[$term_includes]], [[char **test = numcodes; puts(*test);]])],[AC_DEFINE(HAVE_NUMCODES) numcodes=yes],[numcodes=no])
++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[$term_includes]], [[char **test = (char **)numcodes; puts(*test);]])],[AC_DEFINE(HAVE_NUMCODES) numcodes=yes],[numcodes=no])
+ AC_MSG_RESULT($numcodes)
+
+ AC_MSG_CHECKING(if strcodes is available)
+- AC_LINK_IFELSE([AC_LANG_PROGRAM([[$term_includes]], [[char **test = strcodes; puts(*test);]])],[AC_DEFINE(HAVE_STRCODES) strcodes=yes],[strcodes=no])
++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[$term_includes]], [[char **test = (char **)strcodes; puts(*test);]])],[AC_DEFINE(HAVE_STRCODES) strcodes=yes],[strcodes=no])
+ AC_MSG_RESULT($strcodes)
+
+ AC_MSG_CHECKING(if boolnames is available)
+- AC_LINK_IFELSE([AC_LANG_PROGRAM([[$term_includes]], [[char **test = boolnames; puts(*test);]])],[AC_DEFINE(HAVE_BOOLNAMES) boolnames=yes],[boolnames=no])
++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[$term_includes]], [[char **test = (char **)boolnames; puts(*test);]])],[AC_DEFINE(HAVE_BOOLNAMES) boolnames=yes],[boolnames=no])
+ AC_MSG_RESULT($boolnames)
+
+ AC_MSG_CHECKING(if numnames is available)
+- AC_LINK_IFELSE([AC_LANG_PROGRAM([[$term_includes]], [[char **test = numnames; puts(*test);]])],[AC_DEFINE(HAVE_NUMNAMES) numnames=yes],[numnames=no])
++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[$term_includes]], [[char **test = (char **)numnames; puts(*test);]])],[AC_DEFINE(HAVE_NUMNAMES) numnames=yes],[numnames=no])
+ AC_MSG_RESULT($numnames)
+
+ AC_MSG_CHECKING(if strnames is available)
+- AC_LINK_IFELSE([AC_LANG_PROGRAM([[$term_includes]], [[char **test = strnames; puts(*test);]])],[AC_DEFINE(HAVE_STRNAMES) strnames=yes],[strnames=no])
++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[$term_includes]], [[char **test = (char **)strnames; puts(*test);]])],[AC_DEFINE(HAVE_STRNAMES) strnames=yes],[strnames=no])
+ AC_MSG_RESULT($strnames)
+
+ dnl There are apparently defective terminal library headers on some
--- /dev/null
+--- a/Src/Modules/pcre.c
++++ b/Src/Modules/pcre.c
+@@ -152,7 +152,7 @@ zpcre_get_substrings(pcre2_code *pat, ch
+ int nelem = captured_count - 1;
+ /* Set to the offsets of the complete match */
+ if (want_offset_pair) {
+- sprintf(offset_all, "%ld %ld", ovec[0], ovec[1]);
++ sprintf(offset_all, "%zd %zd", ovec[0], ovec[1]);
+ setsparam("ZPCRE_OP", ztrdup(offset_all));
+ }
+ /*
include $(TOPDIR)/rules.mk
PKG_NAME:=zstd
-PKG_VERSION:=1.5.5
+PKG_VERSION:=1.5.6
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/facebook/zstd/releases/download/v$(PKG_VERSION)
-PKG_HASH:=9c4396cc829cfae319a6e2615202e82aad41372073482fce286fac78646d3ee4
+PKG_HASH:=8c29e06cf42aacc1eafc4077ae2ec6c6fcb96a626157e0593d5e82a34fd403c1
-PKG_MAINTAINER:=
+PKG_MAINTAINER:=Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=COPYING