PKG_NAME:=atop
PKG_RELEASE:=1
-PKG_VERSION:=2.3.0
+PKG_VERSION:=2.4.0
PKG_LICENSE:=GPL-2.0
PKG_SOURCE_URL:=https://www.atoptool.nl/download/
-PKG_HASH:=73e4725de0bafac8c63b032e8479e2305e3962afbe977ec1abd45f9e104eb264
+PKG_HASH:=be1c010a77086b7d98376fce96514afcd73c3f20a8d1fe01520899ff69a73d69
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_MAINTAINER:=Toni Uhlig <matzeton@googlemail.com>
include $(TOPDIR)/rules.mk
PKG_NAME:=zabbix
-PKG_VERSION:=4.0.2
+PKG_VERSION:=4.0.3
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=1cef52e89dc8d20343d8b9c3881490bf86e98102de2229a3b852009f1659780c
+PKG_HASH:=6b3d3b23c72a7af1958dc0938a566be03f0424cb44df5b2a9f487428f32d0463
PKG_SOURCE_URL:=@SF/zabbix
PKG_LICENSE:=GPL-2.0
PKG_NAME:=erlang
PKG_VERSION:=21.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=otp_src_$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:= http://www.erlang.org/download/
--- /dev/null
+--- a/lib/crypto/c_src/crypto.c
++++ b/lib/crypto/c_src/crypto.c
+@@ -41,6 +41,7 @@
+ #include <openssl/des.h>
+ #endif /* #ifndef OPENSSL_NO_DES */
+ /* #include <openssl/idea.h> This is not supported on the openssl OTP requires */
++#include <openssl/dh.h>
+ #include <openssl/dsa.h>
+ #include <openssl/rsa.h>
+ #include <openssl/aes.h>
+@@ -197,8 +198,10 @@
+ /* If OPENSSL_NO_EC is set, there will be an error in ec.h included from engine.h
+ So if EC is disabled, you can't use Engine either....
+ */
++#if !defined(OPENSSL_NO_ENGINE)
+ # define HAS_ENGINE_SUPPORT
+ #endif
++#endif
+
+
+ #if defined(HAS_ENGINE_SUPPORT)
+@@ -1186,7 +1189,11 @@ static int initialize(ErlNifEnv* env, ERL_NIF_TERM load_info)
+ #ifdef OPENSSL_THREADS
+ if (nlocks > 0) {
+ CRYPTO_set_locking_callback(ccb->locking_function);
++#if OPENSSL_VERSION_NUMBER < 0x10000000
+ CRYPTO_set_id_callback(ccb->id_function);
++#else
++ CRYPTO_THREADID_set_callback(ccb->id_function);
++#endif
+ CRYPTO_set_dynlock_create_callback(ccb->dyn_create_function);
+ CRYPTO_set_dynlock_lock_callback(ccb->dyn_lock_function);
+ CRYPTO_set_dynlock_destroy_callback(ccb->dyn_destroy_function);
+--- a/lib/crypto/c_src/crypto_callback.c
++++ b/lib/crypto/c_src/crypto_callback.c
+@@ -115,10 +115,17 @@ static void locking_function(int mode, int n, const char *file, int line)
+ locking(mode, lock_vec[n]);
+ }
+
++#if OPENSSL_VERSION_NUMBER < 0x10000000
+ static unsigned long id_function(void)
+ {
+ return (unsigned long) enif_thread_self();
+ }
++#else
++static void id_function(CRYPTO_THREADID *id)
++{
++ CRYPTO_THREADID_set_numeric(id, (unsigned long) enif_thread_self());
++}
++#endif
+
+ /* Dynamic locking, not used by current openssl version (0.9.8)
+ */
+--- a/lib/crypto/c_src/crypto_callback.h
++++ b/lib/crypto/c_src/crypto_callback.h
+@@ -36,7 +36,11 @@ struct crypto_callbacks
+ /* openssl callbacks */
+ #ifdef OPENSSL_THREADS
+ void (*locking_function)(int mode, int n, const char *file, int line);
++ #if OPENSSL_VERSION_NUMBER < 0x10000000
+ unsigned long (*id_function)(void);
++ #else
++ void (*id_function)(CRYPTO_THREADID *id);
++ #endif
+ struct CRYPTO_dynlock_value* (*dyn_create_function)(const char *file,
+ int line);
+ void (*dyn_lock_function)(int mode, struct CRYPTO_dynlock_value* ptr,
+--- a/lib/crypto/c_src/otp_test_engine.c
++++ b/lib/crypto/c_src/otp_test_engine.c
+@@ -42,8 +42,10 @@
+ && !defined(OPENSSL_NO_EC) \
+ && !defined(OPENSSL_NO_ECDH) \
+ && !defined(OPENSSL_NO_ECDSA)
++#if !defined(OPENSSL_NO_ENGINE)
+ # define HAVE_EC
+ #endif
++#endif
+
+ #if defined(HAVE_EC)
+ /* If OPENSSL_NO_EC is set, there will be an error in ec.h included from engine.h
--- /dev/null
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=bcrypt
+PKG_VERSION:=3.1.5
+PKG_RELEASE:=1
+
+PKG_SOURCE:=bcrypt-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:= https://files.pythonhosted.org/packages/source/b/$(PKG_NAME)
+PKG_HASH:=136243dc44e5bab9b61206bd46fff3018bd80980b1a1dfbab64a22ff5745957f
+
+PKG_LICENSE:=Apache-2.0
+PKG_LICENSE_FILES:=LICENSE
+PKG_MAINTAINER:=Daniel Dickinson <cshored@thecshore.com>
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(BUILD_VARIANT)-bcrypt-$(PKG_VERSION)
+
+include $(INCLUDE_DIR)/package.mk
+
+include ../python-package.mk
+include ../python3-package.mk
+
+PKG_UNPACK:=$(HOST_TAR) -C $(PKG_BUILD_DIR) --strip-components=1 -xzf $(DL_DIR)/$(PKG_SOURCE)
+
+define Package/bcrypt/Default
+ SECTION:=lang
+ CATEGORY:=Languages
+ SUBMENU:=Python
+ URL:=https://github.com/pyca/bcrypt/
+endef
+
+define Package/python-bcrypt
+$(call Package/bcrypt/Default)
+ TITLE:=BCrypt
+ DEPENDS+=+PACKAGE_python-bcrypt:python +PACKAGE_python-bcrypt:python-cffi \
+ +PACKAGE_python-bcrypt:python-six
+ VARIANT:=python
+endef
+
+define Package/python3-bcrypt
+$(call Package/bcrypt/Default)
+ TITLE:=BCrypt
+ DEPENDS+=+PACKAGE_python3-bcrypt:python3 +PACKAGE_python3-bcrypt:python3-cffi \
+ +PACKAGE_python3-bcrypt:python3-six
+ VARIANT:=python3
+endef
+
+define Package/python-bcrypt/description
+Good password hashing for your software and your servers
+endef
+
+define Package/python3-bcrypt/description
+$(call Package/python-bcrypt/description)
+.
+(Variant for Python3)
+endef
+
+$(eval $(call PyPackage,python-bcrypt))
+$(eval $(call Py3Package,python3-bcrypt))
+
+$(eval $(call BuildPackage,python-bcrypt))
+$(eval $(call BuildPackage,python-bcrypt-src))
+$(eval $(call BuildPackage,python3-bcrypt))
+$(eval $(call BuildPackage,python3-bcrypt-src))
#
-# Copyright (C) 2015-2018 OpenWrt.org
+# Copyright (C) 2015-2019 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
define Package/python-idna
$(call Package/python-idna/Default)
TITLE:=python-idna
- DEPENDS:=+PACKAGE_python-idna:python-light
+ DEPENDS:=+PACKAGE_python-idna:python-light +PACKAGE_python-idna:python-codecs
VARIANT:=python
endef
define Package/python3-idna
$(call Package/python-idna/Default)
TITLE:=python3-idna
- DEPENDS:=+PACKAGE_python3-idna:python3-light
+ DEPENDS:=+PACKAGE_python3-idna:python3-light +PACKAGE_python3-idna:python3-codecs
VARIANT:=python3
endef
PYTHON_VERSION_MICRO:=$(PYTHON3_VERSION_MICRO)
PKG_NAME:=python3
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_VERSION:=$(PYTHON_VERSION).$(PYTHON_VERSION_MICRO)
PKG_SOURCE:=Python-$(PKG_VERSION).tar.xz
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include/ $(1)/usr/lib/
$(INSTALL_DIR) $(1)/usr/lib/python$(PYTHON_VERSION)/
+ $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
$(CP) \
$(PKG_INSTALL_DIR)/usr/include/python$(PYTHON_VERSION) \
$(1)/usr/include/
$(HOST_PYTHON3_LIB_DIR) \
$(PKG_INSTALL_DIR)/usr/lib/libpython$(PYTHON_VERSION).so* \
$(1)/usr/lib/
+ $(CP) \
+ $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/python3.pc \
+ $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/python-$(PYTHON3_VERSION).pc \
+ $(1)/usr/lib/pkgconfig
$(CP) \
$(PKG_INSTALL_DIR)/usr/lib/python$(PYTHON_VERSION)/config-$(PYTHON_VERSION) \
$(1)/usr/lib/python$(PYTHON_VERSION)/
include $(TOPDIR)/rules.mk
PKG_NAME:=pytz
-PKG_VERSION:=2018.7
-PKG_RELEASE:=2
+PKG_VERSION:=2018.9
+PKG_RELEASE:=1
PKG_LICENSE:=MIT
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://files.pythonhosted.org/packages/source/p/pytz
-PKG_HASH:=31cb35c89bd7d333cd32c5f278fca91b523b0834369e757f4c5641ea252236ca
+PKG_HASH:=d5f05e487007e29e03409f9398d074e158d920d36eb82eaf66fb1136b0c5374c
PKG_BUILD_DEPENDS:=python/host
HOST_BUILD_DEPENDS:=python/host
include $(TOPDIR)/rules.mk
PKG_NAME:=alsa-lib
-PKG_VERSION:=1.1.7
+PKG_VERSION:=1.1.8
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=ftp://ftp.alsa-project.org/pub/lib/ \
http://distfiles.gentoo.org/distfiles/
-PKG_HASH:=9d6000b882a3b2df56300521225d69717be6741b71269e488bb20a20783bdc09
+PKG_HASH:=3cdc3a93a6427a26d8efab4ada2152e64dd89140d981f6ffa003e85be707aedf
PKG_MAINTAINER:=Ted Hess <thess@kitschensync.net>, \
Peter Wagner <tripolar@gmx.at>
endef
$(eval $(call Download,antlr))
+EXTRA_CFLAGS += -Wno-error=implicit-fallthrough
CONFIGURE_ARGS += \
--with-gmp="$(STAGING_DIR)/usr" \
--without-x \
include $(TOPDIR)/rules.mk
PKG_NAME:=getdns
-PKG_VERSION:=1.4.2
-PKG_RELEASE:=2
+PKG_VERSION:=1.5.0
+PKG_RELEASE:=1
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://getdnsapi.net/dist/
-PKG_HASH:=1685b82dfe297cffc4bae08a773cdc88a3edf9a4e5a1ea27d8764bb5affc0e80
+PKG_HASH:=577182c3ace919ee70cee5629505581a10dc530bd53fe5c241603ea91c84fa84
PKG_FIXUP:=autoreconf
PKG_CONFIG_DEPENDS:= \
CONFIG_GETDNS_ENABLE_STUB_ONLY \
- CONFIG_GETDNS_ENABLE_IDN_LIBIDN2
-
+ CONFIG_GETDNS_ENABLE_IDN_LIBIDN2
+
include $(INCLUDE_DIR)/package.mk
define Package/getdns/Default
endef
define Package/getdns/description
- This package contains the getdns library (libgetdns).
+ This package contains the getdns library (libgetdns).
This package also contains the "getdns_query" command line wrapper for getdns exposing the features of this implementation (both in the official API and the additional API functions).
endef
--with-ssl="$(STAGING_DIR)/usr" \
# This will make 'configure' think that our libbsd.so is missing the
-# functions inet_pton, inet_ntop, strlcpy and use the builtin. This
+# functions inet_pton, inet_ntop, strlcpy and use the builtin. This
# removes the libbsd dependency
CONFIGURE_VARS += LIBBSD_LIBS=-lc
$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/getdns*.pc $(1)/usr/lib/pkgconfig/
endef
-
-
+
+
define Package/getdns/install
$(INSTALL_DIR) $(1)/usr/lib
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libgetdns.so.* $(1)/usr/lib/
- $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/getdns_query $(1)/usr/sbin/getdns_query
endef
+++ /dev/null
-From 05bce5263735b77f91078a930ec55b9cf181d999 Mon Sep 17 00:00:00 2001
-From: Willem Toorop <willem@nlnetlabs.nl>
-Date: Sun, 13 May 2018 11:59:14 +0200
-Subject: [PATCH] Bugfix #399: Reinclude <linux/sysctl.h> in getentropy_linux.c
-
----
- src/compat/getentropy_linux.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/compat/getentropy_linux.c b/src/compat/getentropy_linux.c
-index 744783c..abb28f4 100644
---- a/src/compat/getentropy_linux.c
-+++ b/src/compat/getentropy_linux.c
-@@ -62,6 +62,7 @@
-
- #include <linux/types.h>
- #include <linux/random.h>
-+#include <linux/sysctl.h>
- #ifdef HAVE_GETAUXVAL
- #include <sys/auxv.h>
- #endif
---
-2.14.1
-
-
include $(TOPDIR)/rules.mk
PKG_NAME:=keyutils
-PKG_VERSION:=1.5.10
+PKG_VERSION:=1.6
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_SOURCE_URL:=http://people.redhat.com/dhowells/keyutils/
-PKG_HASH:=115c3deae7f181778fd0e0ffaa2dad1bf1fe2f5677cf2e0e348cdb7a1c93afb6
-
-PKG_FIXUP:=libtool
+PKG_SOURCE_URL:=https://people.redhat.com/dhowells/keyutils/
+PKG_HASH:=d3aef20cec0005c0fa6b4be40079885567473185b1a57b629b030e67942c7115
include $(INCLUDE_DIR)/package.mk
SECTION:=libs
CATEGORY:=Libraries
TITLE:=Key utilities library
- URL:=http://people.redhat.com/dhowells/keyutils/
+ URL:=https://people.redhat.com/dhowells/keyutils/
+endef
+
+define Package/keyctl
+ SECTION:=utils
+ CATEGORY:=Utilities
+ SUBMENU:=Encryption
+ TITLE:=keyctl
+ DEPENDS:=+libkeyutils
endef
define Package/keyutils/description
- Key utilities library
+ Key utilities
endef
define Build/Install
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libkeyutils.so* $(1)/usr/lib/
endef
+define Package/keyctl/install
+ $(INSTALL_DIR) $(1)/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/bin/keyctl $(1)/bin
+endef
+
$(eval $(call BuildPackage,libkeyutils))
+$(eval $(call BuildPackage,keyctl))
+++ /dev/null
-Author: Marcus Meissner <meissner@suse.de>
-Description: Added 2 cifs helpers to request-key.conf (for CIFS DFS support)
-
-diff -Naurp keyutils.orig/request-key.conf keyutils/request-key.conf
---- keyutils.orig/request-key.conf 2011-08-22 11:46:30.332025250 +0200
-+++ keyutils/request-key.conf 2011-08-22 11:49:40.096967441 +0200
-@@ -38,4 +38,6 @@ create user debug:* expired
- create user debug:* revoked /bin/keyctl reject %k 30 %c %S
- create user debug:loop:* * |/bin/cat
- create user debug:* * /usr/share/keyutils/request-key-debug.sh %k %d %c %S
-+create cifs.spnego * * /usr/sbin/cifs.upcall -c %k
-+create dns_resolver * * /usr/sbin/cifs.upcall %k
- negate * * * /bin/keyctl negate %k 30 %S
+++ /dev/null
-Author: Nobuhiro Iwamatsu <iwamatsu@debian.org>
-Description: Avoid setting Intel Architecture specific CFLAGS (Closes: #638925).
-
-diff -Naurp keyutils.orig/Makefile keyutils/Makefile
---- keyutils.orig/Makefile 2011-08-22 11:51:20.521464216 +0200
-+++ keyutils/Makefile 2011-08-24 19:17:09.855361713 +0200
-@@ -56,12 +56,10 @@ BUILDFOR := $(shell file /usr/bin/make |
- LNS := ln -sf
-
- ifeq ($(BUILDFOR),32-bit)
--CFLAGS += -m32
- LIBDIR := /lib
- USRLIBDIR := /usr/lib
- else
- ifeq ($(BUILDFOR),64-bit)
--CFLAGS += -m64
- LIBDIR := /lib64
- USRLIBDIR := /usr/lib64
- endif
PKG_NAME:=libarchive
PKG_VERSION:=3.3.3
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.libarchive.org/downloads
PKG_HASH:=ba7eb1781c9fbbae178c4c6bad1c6eb08edab9a1496c64833d1715d022b30e2e
+
PKG_MAINTAINER:=Johannes Morgenroth <morgenroth@ibr.cs.tu-bs.de>
PKG_LICENSE:=BSD-2-Clause
+PKG_LICENSE_FILES:=COPYING
+PKG_CPE_ID:=cpe:/a:libarchive:libarchive
+PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
PKG_FIXUP:=autoreconf
endef
CONFIGURE_ARGS += \
- --disable-bsdcpio \
--enable-bsdtar=shared \
+ --disable-bsdcpio \
+ --disable-rpath \
--disable-acl \
--disable-xattr \
+ --without-cng \
+ --without-iconv \
+ --without-lz4 \
+ --without-lzo2 \
--without-nettle \
--without-xml2 \
- --without-lz4 \
- --without-cng \
+ --without-zstd
ifeq ($(BUILD_VARIANT),noopenssl)
CONFIGURE_ARGS += --without-openssl
--- /dev/null
+From 9c84b7426660c09c18cc349f6d70b5f8168b5680 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Tue, 4 Dec 2018 16:33:42 +1100
+Subject: [PATCH] warc: consume data once read
+
+The warc decoder only used read ahead, it wouldn't actually consume
+data that had previously been printed. This means that if you specify
+an invalid content length, it will just reprint the same data over
+and over and over again until it hits the desired length.
+
+This means that a WARC resource with e.g.
+Content-Length: 666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666665
+but only a few hundred bytes of data, causes a quasi-infinite loop.
+
+Consume data in subsequent calls to _warc_read.
+
+Found with an AFL + afl-rb + qsym setup.
+---
+ libarchive/archive_read_support_format_warc.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_warc.c b/libarchive/archive_read_support_format_warc.c
+index e8753853f..e8fc8428b 100644
+--- a/libarchive/archive_read_support_format_warc.c
++++ b/libarchive/archive_read_support_format_warc.c
+@@ -386,6 +386,11 @@ _warc_read(struct archive_read *a, const void **buf, size_t *bsz, int64_t *off)
+ return (ARCHIVE_EOF);
+ }
+
++ if (w->unconsumed) {
++ __archive_read_consume(a, w->unconsumed);
++ w->unconsumed = 0U;
++ }
++
+ rab = __archive_read_ahead(a, 1U, &nrd);
+ if (nrd < 0) {
+ *bsz = 0U;
--- /dev/null
+From 15bf44fd2c1ad0e3fd87048b3fcc90c4dcff1175 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Tue, 4 Dec 2018 14:29:42 +1100
+Subject: [PATCH] Skip 0-length ACL fields
+
+Currently, it is possible to create an archive that crashes bsdtar
+with a malformed ACL:
+
+Program received signal SIGSEGV, Segmentation fault.
+archive_acl_from_text_l (acl=<optimised out>, text=0x7e2e92 "", want_type=<optimised out>, sc=<optimised out>) at libarchive/archive_acl.c:1726
+1726 switch (*s) {
+(gdb) p n
+$1 = 1
+(gdb) p field[n]
+$2 = {start = 0x0, end = 0x0}
+
+Stop this by checking that the length is not zero before beginning
+the switch statement.
+
+I am pretty sure this is the bug mentioned in the qsym paper [1],
+and I was able to replicate it with a qsym + AFL + afl-rb setup.
+
+[1] https://www.usenix.org/conference/usenixsecurity18/presentation/yun
+---
+ libarchive/archive_acl.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/libarchive/archive_acl.c b/libarchive/archive_acl.c
+index 512beee1f..7beeee86e 100644
+--- a/libarchive/archive_acl.c
++++ b/libarchive/archive_acl.c
+@@ -1723,6 +1723,11 @@ archive_acl_from_text_l(struct archive_acl *acl, const char *text,
+ st = field[n].start + 1;
+ len = field[n].end - field[n].start;
+
++ if (len == 0) {
++ ret = ARCHIVE_WARN;
++ continue;
++ }
++
+ switch (*s) {
+ case 'u':
+ if (len == 1 || (len == 4
--- /dev/null
+From bfcfe6f04ed20db2504db8a254d1f40a1d84eb28 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Tue, 4 Dec 2018 00:55:22 +1100
+Subject: [PATCH] rar: file split across multi-part archives must match
+
+Fuzzing uncovered some UAF and memory overrun bugs where a file in a
+single file archive reported that it was split across multiple
+volumes. This was caused by ppmd7 operations calling
+rar_br_fillup. This would invoke rar_read_ahead, which would in some
+situations invoke archive_read_format_rar_read_header. That would
+check the new file name against the old file name, and if they didn't
+match up it would free the ppmd7 buffer and allocate a new
+one. However, because the ppmd7 decoder wasn't actually done with the
+buffer, it would continue to used the freed buffer. Both reads and
+writes to the freed region can be observed.
+
+This is quite tricky to solve: once the buffer has been freed it is
+too late, as the ppmd7 decoder functions almost universally assume
+success - there's no way for ppmd_read to signal error, nor are there
+good ways for functions like Range_Normalise to propagate them. So we
+can't detect after the fact that we're in an invalid state - e.g. by
+checking rar->cursor, we have to prevent ourselves from ever ending up
+there. So, when we are in the dangerous part or rar_read_ahead that
+assumes a valid split, we set a flag force read_header to either go
+down the path for split files or bail. This means that the ppmd7
+decoder keeps a valid buffer and just runs out of data.
+
+Found with a combination of AFL, afl-rb and qsym.
+---
+ libarchive/archive_read_support_format_rar.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
+index 6f419c270..a8cc5c94d 100644
+--- a/libarchive/archive_read_support_format_rar.c
++++ b/libarchive/archive_read_support_format_rar.c
+@@ -258,6 +258,7 @@ struct rar
+ struct data_block_offsets *dbo;
+ unsigned int cursor;
+ unsigned int nodes;
++ char filename_must_match;
+
+ /* LZSS members */
+ struct huffman_code maincode;
+@@ -1560,6 +1561,12 @@ read_header(struct archive_read *a, struct archive_entry *entry,
+ }
+ return ret;
+ }
++ else if (rar->filename_must_match)
++ {
++ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
++ "Mismatch of file parts split across multi-volume archive");
++ return (ARCHIVE_FATAL);
++ }
+
+ rar->filename_save = (char*)realloc(rar->filename_save,
+ filename_size + 1);
+@@ -2933,12 +2940,14 @@ rar_read_ahead(struct archive_read *a, size_t min, ssize_t *avail)
+ else if (*avail == 0 && rar->main_flags & MHD_VOLUME &&
+ rar->file_flags & FHD_SPLIT_AFTER)
+ {
++ rar->filename_must_match = 1;
+ ret = archive_read_format_rar_read_header(a, a->entry);
+ if (ret == (ARCHIVE_EOF))
+ {
+ rar->has_endarc_header = 1;
+ ret = archive_read_format_rar_read_header(a, a->entry);
+ }
++ rar->filename_must_match = 0;
+ if (ret != (ARCHIVE_OK))
+ return NULL;
+ return rar_read_ahead(a, min, avail);
--- /dev/null
+From 021efa522ad729ff0f5806c4ce53e4a6cc1daa31 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Tue, 20 Nov 2018 17:56:29 +1100
+Subject: [PATCH] Avoid a double-free when a window size of 0 is specified
+
+new_size can be 0 with a malicious or corrupted RAR archive.
+
+realloc(area, 0) is equivalent to free(area), so the region would
+be free()d here and the free()d again in the cleanup function.
+
+Found with a setup running AFL, afl-rb, and qsym.
+---
+ libarchive/archive_read_support_format_rar.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
+index 234522229..6f419c270 100644
+--- a/libarchive/archive_read_support_format_rar.c
++++ b/libarchive/archive_read_support_format_rar.c
+@@ -2300,6 +2300,11 @@ parse_codes(struct archive_read *a)
+ new_size = DICTIONARY_MAX_SIZE;
+ else
+ new_size = rar_fls((unsigned int)rar->unp_size) << 1;
++ if (new_size == 0) {
++ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
++ "Zero window size is invalid.");
++ return (ARCHIVE_FATAL);
++ }
+ new_window = realloc(rar->lzss.window, new_size);
+ if (new_window == NULL) {
+ archive_set_error(&a->archive, ENOMEM,
include $(TOPDIR)/rules.mk
PKG_NAME:=libgpg-error
-PKG_VERSION:=1.33
+PKG_VERSION:=1.34
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_SOURCE_URL:=https://www.gnupg.org/ftp/gcrypt/libgpg-error/
-PKG_HASH:=5d38826656e746c936e7742d9cde072b50baa3c4c49daa168a56813612bf03ff
+PKG_SOURCE_URL:=https://ftp.bit.nl/mirror/gnupg/ \
+ https://ftp.nluug.nl/security/gnupg/ \
+ http://ring.ksc.gr.jp/archives/net/gnupg/libgpg-error/ \
+ https://www.gnupg.org/ftp/gcrypt/libgpg-error/
+PKG_HASH:=0680799dee71b86b2f435efb825391eb040ce2704b057f6bd3dcc47fbc398c81
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
PKG_LICENSE:=LGPL-2.1+
SECTION:=libs
CATEGORY:=Libraries
TITLE:=GnuPG error handling helper library
- URL:=http://www.gnupg.org/related_software/libgpg-error/
+ URL:=https://www.gnupg.org/related_software/libgpg-error/
endef
define Package/libgpg-error/description
future.
endef
-TARGET_CFLAGS += $(FPIC)
-
CONFIGURE_ARGS += \
--enable-shared \
--enable-static \
- --disable-rpath
+ --disable-doc \
+ --disable-languages \
+ --disable-rpath \
+ --disable-tests
define Build/InstallDev
$(INSTALL_DIR) $(2)/bin $(1)/usr/bin
+ x86_64-openwrt-linux-gnu|i?86-openwrt-linux-gnu)
+ host=$(echo $host | sed 's/openwrt/pc/g')
+ ;;
-+ arm-openwrt-linux-gnu)
++ arm-openwrt-linux-gnu|armeb-openwrt-linux-gnu)
+ host=arm-unknown-linux-gnueabi
+ ;;
+ *)
PKG_NAME:=libmad
PKG_VERSION:=0.15.1b
-PKG_RELEASE:=4
+PKG_RELEASE:=5
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/mad \
PKG_LICENSE:=GPLv2
PKG_LICENSE_FILES:=COPYING
+PKG_CPE_ID:=cpe:/a:underbit:mad_libmad
PKG_FIXUP:=autoreconf
--- /dev/null
+From: Kurt Roeckx <kurt@roeckx.be>
+Date: Sun, 28 Jan 2018 19:26:36 +0100
+Subject: Check the size before reading with mad_bit_read
+
+There are various cases where it attemps to read past the end of the buffer
+using mad_bit_read(). Most functions didn't even know the size of the buffer
+they were reading from.
+
+Index: libmad-0.15.1b/bit.c
+===================================================================
+--- libmad-0.15.1b.orig/bit.c
++++ libmad-0.15.1b/bit.c
+@@ -138,6 +138,9 @@ unsigned long mad_bit_read(struct mad_bi
+ {
+ register unsigned long value;
+
++ if (len == 0)
++ return 0;
++
+ if (bitptr->left == CHAR_BIT)
+ bitptr->cache = *bitptr->byte;
+
+Index: libmad-0.15.1b/frame.c
+===================================================================
+--- libmad-0.15.1b.orig/frame.c
++++ libmad-0.15.1b/frame.c
+@@ -120,11 +120,18 @@ static
+ int decode_header(struct mad_header *header, struct mad_stream *stream)
+ {
+ unsigned int index;
++ struct mad_bitptr bufend_ptr;
+
+ header->flags = 0;
+ header->private_bits = 0;
+
++ mad_bit_init(&bufend_ptr, stream->bufend);
++
+ /* header() */
++ if (mad_bit_length(&stream->ptr, &bufend_ptr) < 32) {
++ stream->error = MAD_ERROR_BUFLEN;
++ return -1;
++ }
+
+ /* syncword */
+ mad_bit_skip(&stream->ptr, 11);
+@@ -225,8 +232,13 @@ int decode_header(struct mad_header *hea
+ /* error_check() */
+
+ /* crc_check */
+- if (header->flags & MAD_FLAG_PROTECTION)
++ if (header->flags & MAD_FLAG_PROTECTION) {
++ if (mad_bit_length(&stream->ptr, &bufend_ptr) < 16) {
++ stream->error = MAD_ERROR_BUFLEN;
++ return -1;
++ }
+ header->crc_target = mad_bit_read(&stream->ptr, 16);
++ }
+
+ return 0;
+ }
+@@ -338,7 +350,7 @@ int mad_header_decode(struct mad_header
+ stream->error = MAD_ERROR_BUFLEN;
+ goto fail;
+ }
+- else if (!(ptr[0] == 0xff && (ptr[1] & 0xe0) == 0xe0)) {
++ else if ((end - ptr >= 2) && !(ptr[0] == 0xff && (ptr[1] & 0xe0) == 0xe0)) {
+ /* mark point where frame sync word was expected */
+ stream->this_frame = ptr;
+ stream->next_frame = ptr + 1;
+@@ -361,6 +373,8 @@ int mad_header_decode(struct mad_header
+ ptr = mad_bit_nextbyte(&stream->ptr);
+ }
+
++ stream->error = MAD_ERROR_NONE;
++
+ /* begin processing */
+ stream->this_frame = ptr;
+ stream->next_frame = ptr + 1; /* possibly bogus sync word */
+@@ -413,7 +427,7 @@ int mad_header_decode(struct mad_header
+ /* check that a valid frame header follows this frame */
+
+ ptr = stream->next_frame;
+- if (!(ptr[0] == 0xff && (ptr[1] & 0xe0) == 0xe0)) {
++ if ((end - ptr >= 2) && !(ptr[0] == 0xff && (ptr[1] & 0xe0) == 0xe0)) {
+ ptr = stream->next_frame = stream->this_frame + 1;
+ goto sync;
+ }
+Index: libmad-0.15.1b/layer12.c
+===================================================================
+--- libmad-0.15.1b.orig/layer12.c
++++ libmad-0.15.1b/layer12.c
+@@ -72,10 +72,18 @@ mad_fixed_t const linear_table[14] = {
+ * DESCRIPTION: decode one requantized Layer I sample from a bitstream
+ */
+ static
+-mad_fixed_t I_sample(struct mad_bitptr *ptr, unsigned int nb)
++mad_fixed_t I_sample(struct mad_bitptr *ptr, unsigned int nb, struct mad_stream *stream)
+ {
+ mad_fixed_t sample;
++ struct mad_bitptr frameend_ptr;
+
++ mad_bit_init(&frameend_ptr, stream->next_frame);
++
++ if (mad_bit_length(ptr, &frameend_ptr) < nb) {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return 0;
++ }
+ sample = mad_bit_read(ptr, nb);
+
+ /* invert most significant bit, extend sign, then scale to fixed format */
+@@ -106,6 +114,10 @@ int mad_layer_I(struct mad_stream *strea
+ struct mad_header *header = &frame->header;
+ unsigned int nch, bound, ch, s, sb, nb;
+ unsigned char allocation[2][32], scalefactor[2][32];
++ struct mad_bitptr bufend_ptr, frameend_ptr;
++
++ mad_bit_init(&bufend_ptr, stream->bufend);
++ mad_bit_init(&frameend_ptr, stream->next_frame);
+
+ nch = MAD_NCHANNELS(header);
+
+@@ -118,6 +130,11 @@ int mad_layer_I(struct mad_stream *strea
+ /* check CRC word */
+
+ if (header->flags & MAD_FLAG_PROTECTION) {
++ if (mad_bit_length(&stream->ptr, &bufend_ptr)
++ < 4 * (bound * nch + (32 - bound))) {
++ stream->error = MAD_ERROR_BADCRC;
++ return -1;
++ }
+ header->crc_check =
+ mad_bit_crc(stream->ptr, 4 * (bound * nch + (32 - bound)),
+ header->crc_check);
+@@ -133,6 +150,11 @@ int mad_layer_I(struct mad_stream *strea
+
+ for (sb = 0; sb < bound; ++sb) {
+ for (ch = 0; ch < nch; ++ch) {
++ if (mad_bit_length(&stream->ptr, &frameend_ptr) < 4) {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return -1;
++ }
+ nb = mad_bit_read(&stream->ptr, 4);
+
+ if (nb == 15) {
+@@ -145,6 +167,11 @@ int mad_layer_I(struct mad_stream *strea
+ }
+
+ for (sb = bound; sb < 32; ++sb) {
++ if (mad_bit_length(&stream->ptr, &frameend_ptr) < 4) {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return -1;
++ }
+ nb = mad_bit_read(&stream->ptr, 4);
+
+ if (nb == 15) {
+@@ -161,6 +188,11 @@ int mad_layer_I(struct mad_stream *strea
+ for (sb = 0; sb < 32; ++sb) {
+ for (ch = 0; ch < nch; ++ch) {
+ if (allocation[ch][sb]) {
++ if (mad_bit_length(&stream->ptr, &frameend_ptr) < 6) {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return -1;
++ }
+ scalefactor[ch][sb] = mad_bit_read(&stream->ptr, 6);
+
+ # if defined(OPT_STRICT)
+@@ -185,8 +217,10 @@ int mad_layer_I(struct mad_stream *strea
+ for (ch = 0; ch < nch; ++ch) {
+ nb = allocation[ch][sb];
+ frame->sbsample[ch][s][sb] = nb ?
+- mad_f_mul(I_sample(&stream->ptr, nb),
++ mad_f_mul(I_sample(&stream->ptr, nb, stream),
+ sf_table[scalefactor[ch][sb]]) : 0;
++ if (stream->error != 0)
++ return -1;
+ }
+ }
+
+@@ -194,7 +228,14 @@ int mad_layer_I(struct mad_stream *strea
+ if ((nb = allocation[0][sb])) {
+ mad_fixed_t sample;
+
+- sample = I_sample(&stream->ptr, nb);
++ if (mad_bit_length(&stream->ptr, &frameend_ptr) < nb) {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return -1;
++ }
++ sample = I_sample(&stream->ptr, nb, stream);
++ if (stream->error != 0)
++ return -1;
+
+ for (ch = 0; ch < nch; ++ch) {
+ frame->sbsample[ch][s][sb] =
+@@ -280,13 +321,21 @@ struct quantclass {
+ static
+ void II_samples(struct mad_bitptr *ptr,
+ struct quantclass const *quantclass,
+- mad_fixed_t output[3])
++ mad_fixed_t output[3], struct mad_stream *stream)
+ {
+ unsigned int nb, s, sample[3];
++ struct mad_bitptr frameend_ptr;
++
++ mad_bit_init(&frameend_ptr, stream->next_frame);
+
+ if ((nb = quantclass->group)) {
+ unsigned int c, nlevels;
+
++ if (mad_bit_length(ptr, &frameend_ptr) < quantclass->bits) {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return;
++ }
+ /* degrouping */
+ c = mad_bit_read(ptr, quantclass->bits);
+ nlevels = quantclass->nlevels;
+@@ -299,8 +348,14 @@ void II_samples(struct mad_bitptr *ptr,
+ else {
+ nb = quantclass->bits;
+
+- for (s = 0; s < 3; ++s)
++ for (s = 0; s < 3; ++s) {
++ if (mad_bit_length(ptr, &frameend_ptr) < nb) {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return;
++ }
+ sample[s] = mad_bit_read(ptr, nb);
++ }
+ }
+
+ for (s = 0; s < 3; ++s) {
+@@ -336,6 +391,9 @@ int mad_layer_II(struct mad_stream *stre
+ unsigned char const *offsets;
+ unsigned char allocation[2][32], scfsi[2][32], scalefactor[2][32][3];
+ mad_fixed_t samples[3];
++ struct mad_bitptr frameend_ptr;
++
++ mad_bit_init(&frameend_ptr, stream->next_frame);
+
+ nch = MAD_NCHANNELS(header);
+
+@@ -402,13 +460,24 @@ int mad_layer_II(struct mad_stream *stre
+ for (sb = 0; sb < bound; ++sb) {
+ nbal = bitalloc_table[offsets[sb]].nbal;
+
+- for (ch = 0; ch < nch; ++ch)
++ for (ch = 0; ch < nch; ++ch) {
++ if (mad_bit_length(&stream->ptr, &frameend_ptr) < nbal) {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return -1;
++ }
+ allocation[ch][sb] = mad_bit_read(&stream->ptr, nbal);
++ }
+ }
+
+ for (sb = bound; sb < sblimit; ++sb) {
+ nbal = bitalloc_table[offsets[sb]].nbal;
+
++ if (mad_bit_length(&stream->ptr, &frameend_ptr) < nbal) {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return -1;
++ }
+ allocation[0][sb] =
+ allocation[1][sb] = mad_bit_read(&stream->ptr, nbal);
+ }
+@@ -417,8 +486,14 @@ int mad_layer_II(struct mad_stream *stre
+
+ for (sb = 0; sb < sblimit; ++sb) {
+ for (ch = 0; ch < nch; ++ch) {
+- if (allocation[ch][sb])
++ if (allocation[ch][sb]) {
++ if (mad_bit_length(&stream->ptr, &frameend_ptr) < 2) {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return -1;
++ }
+ scfsi[ch][sb] = mad_bit_read(&stream->ptr, 2);
++ }
+ }
+ }
+
+@@ -441,6 +516,11 @@ int mad_layer_II(struct mad_stream *stre
+ for (sb = 0; sb < sblimit; ++sb) {
+ for (ch = 0; ch < nch; ++ch) {
+ if (allocation[ch][sb]) {
++ if (mad_bit_length(&stream->ptr, &frameend_ptr) < 6) {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return -1;
++ }
+ scalefactor[ch][sb][0] = mad_bit_read(&stream->ptr, 6);
+
+ switch (scfsi[ch][sb]) {
+@@ -451,11 +531,21 @@ int mad_layer_II(struct mad_stream *stre
+ break;
+
+ case 0:
++ if (mad_bit_length(&stream->ptr, &frameend_ptr) < 6) {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return -1;
++ }
+ scalefactor[ch][sb][1] = mad_bit_read(&stream->ptr, 6);
+ /* fall through */
+
+ case 1:
+ case 3:
++ if (mad_bit_length(&stream->ptr, &frameend_ptr) < 6) {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return -1;
++ }
+ scalefactor[ch][sb][2] = mad_bit_read(&stream->ptr, 6);
+ }
+
+@@ -487,7 +577,9 @@ int mad_layer_II(struct mad_stream *stre
+ if ((index = allocation[ch][sb])) {
+ index = offset_table[bitalloc_table[offsets[sb]].offset][index - 1];
+
+- II_samples(&stream->ptr, &qc_table[index], samples);
++ II_samples(&stream->ptr, &qc_table[index], samples, stream);
++ if (stream->error != 0)
++ return -1;
+
+ for (s = 0; s < 3; ++s) {
+ frame->sbsample[ch][3 * gr + s][sb] =
+@@ -505,7 +597,9 @@ int mad_layer_II(struct mad_stream *stre
+ if ((index = allocation[0][sb])) {
+ index = offset_table[bitalloc_table[offsets[sb]].offset][index - 1];
+
+- II_samples(&stream->ptr, &qc_table[index], samples);
++ II_samples(&stream->ptr, &qc_table[index], samples, stream);
++ if (stream->error != 0)
++ return -1;
+
+ for (ch = 0; ch < nch; ++ch) {
+ for (s = 0; s < 3; ++s) {
+Index: libmad-0.15.1b/layer3.c
+===================================================================
+--- libmad-0.15.1b.orig/layer3.c
++++ libmad-0.15.1b/layer3.c
+@@ -598,7 +598,8 @@ enum mad_error III_sideinfo(struct mad_b
+ static
+ unsigned int III_scalefactors_lsf(struct mad_bitptr *ptr,
+ struct channel *channel,
+- struct channel *gr1ch, int mode_extension)
++ struct channel *gr1ch, int mode_extension,
++ unsigned int bits_left, unsigned int *part2_length)
+ {
+ struct mad_bitptr start;
+ unsigned int scalefac_compress, index, slen[4], part, n, i;
+@@ -644,8 +645,12 @@ unsigned int III_scalefactors_lsf(struct
+
+ n = 0;
+ for (part = 0; part < 4; ++part) {
+- for (i = 0; i < nsfb[part]; ++i)
++ for (i = 0; i < nsfb[part]; ++i) {
++ if (bits_left < slen[part])
++ return MAD_ERROR_BADSCFSI;
+ channel->scalefac[n++] = mad_bit_read(ptr, slen[part]);
++ bits_left -= slen[part];
++ }
+ }
+
+ while (n < 39)
+@@ -690,7 +695,10 @@ unsigned int III_scalefactors_lsf(struct
+ max = (1 << slen[part]) - 1;
+
+ for (i = 0; i < nsfb[part]; ++i) {
++ if (bits_left < slen[part])
++ return MAD_ERROR_BADSCFSI;
+ is_pos = mad_bit_read(ptr, slen[part]);
++ bits_left -= slen[part];
+
+ channel->scalefac[n] = is_pos;
+ gr1ch->scalefac[n++] = (is_pos == max);
+@@ -703,7 +711,8 @@ unsigned int III_scalefactors_lsf(struct
+ }
+ }
+
+- return mad_bit_length(&start, ptr);
++ *part2_length = mad_bit_length(&start, ptr);
++ return MAD_ERROR_NONE;
+ }
+
+ /*
+@@ -712,7 +721,8 @@ unsigned int III_scalefactors_lsf(struct
+ */
+ static
+ unsigned int III_scalefactors(struct mad_bitptr *ptr, struct channel *channel,
+- struct channel const *gr0ch, unsigned int scfsi)
++ struct channel const *gr0ch, unsigned int scfsi,
++ unsigned int bits_left, unsigned int *part2_length)
+ {
+ struct mad_bitptr start;
+ unsigned int slen1, slen2, sfbi;
+@@ -728,12 +738,20 @@ unsigned int III_scalefactors(struct mad
+ sfbi = 0;
+
+ nsfb = (channel->flags & mixed_block_flag) ? 8 + 3 * 3 : 6 * 3;
+- while (nsfb--)
++ while (nsfb--) {
++ if (bits_left < slen1)
++ return MAD_ERROR_BADSCFSI;
+ channel->scalefac[sfbi++] = mad_bit_read(ptr, slen1);
++ bits_left -= slen1;
++ }
+
+ nsfb = 6 * 3;
+- while (nsfb--)
++ while (nsfb--) {
++ if (bits_left < slen2)
++ return MAD_ERROR_BADSCFSI;
+ channel->scalefac[sfbi++] = mad_bit_read(ptr, slen2);
++ bits_left -= slen2;
++ }
+
+ nsfb = 1 * 3;
+ while (nsfb--)
+@@ -745,8 +763,12 @@ unsigned int III_scalefactors(struct mad
+ channel->scalefac[sfbi] = gr0ch->scalefac[sfbi];
+ }
+ else {
+- for (sfbi = 0; sfbi < 6; ++sfbi)
++ for (sfbi = 0; sfbi < 6; ++sfbi) {
++ if (bits_left < slen1)
++ return MAD_ERROR_BADSCFSI;
+ channel->scalefac[sfbi] = mad_bit_read(ptr, slen1);
++ bits_left -= slen1;
++ }
+ }
+
+ if (scfsi & 0x4) {
+@@ -754,8 +776,12 @@ unsigned int III_scalefactors(struct mad
+ channel->scalefac[sfbi] = gr0ch->scalefac[sfbi];
+ }
+ else {
+- for (sfbi = 6; sfbi < 11; ++sfbi)
++ for (sfbi = 6; sfbi < 11; ++sfbi) {
++ if (bits_left < slen1)
++ return MAD_ERROR_BADSCFSI;
+ channel->scalefac[sfbi] = mad_bit_read(ptr, slen1);
++ bits_left -= slen1;
++ }
+ }
+
+ if (scfsi & 0x2) {
+@@ -763,8 +789,12 @@ unsigned int III_scalefactors(struct mad
+ channel->scalefac[sfbi] = gr0ch->scalefac[sfbi];
+ }
+ else {
+- for (sfbi = 11; sfbi < 16; ++sfbi)
++ for (sfbi = 11; sfbi < 16; ++sfbi) {
++ if (bits_left < slen2)
++ return MAD_ERROR_BADSCFSI;
+ channel->scalefac[sfbi] = mad_bit_read(ptr, slen2);
++ bits_left -= slen2;
++ }
+ }
+
+ if (scfsi & 0x1) {
+@@ -772,14 +802,19 @@ unsigned int III_scalefactors(struct mad
+ channel->scalefac[sfbi] = gr0ch->scalefac[sfbi];
+ }
+ else {
+- for (sfbi = 16; sfbi < 21; ++sfbi)
++ for (sfbi = 16; sfbi < 21; ++sfbi) {
++ if (bits_left < slen2)
++ return MAD_ERROR_BADSCFSI;
+ channel->scalefac[sfbi] = mad_bit_read(ptr, slen2);
++ bits_left -= slen2;
++ }
+ }
+
+ channel->scalefac[21] = 0;
+ }
+
+- return mad_bit_length(&start, ptr);
++ *part2_length = mad_bit_length(&start, ptr);
++ return MAD_ERROR_NONE;
+ }
+
+ /*
+@@ -933,19 +968,17 @@ static
+ enum mad_error III_huffdecode(struct mad_bitptr *ptr, mad_fixed_t xr[576],
+ struct channel *channel,
+ unsigned char const *sfbwidth,
+- unsigned int part2_length)
++ signed int part3_length)
+ {
+ signed int exponents[39], exp;
+ signed int const *expptr;
+ struct mad_bitptr peek;
+- signed int bits_left, cachesz;
++ signed int bits_left, cachesz, fakebits;
+ register mad_fixed_t *xrptr;
+ mad_fixed_t const *sfbound;
+ register unsigned long bitcache;
+
+- bits_left = (signed) channel->part2_3_length - (signed) part2_length;
+- if (bits_left < 0)
+- return MAD_ERROR_BADPART3LEN;
++ bits_left = part3_length;
+
+ III_exponents(channel, sfbwidth, exponents);
+
+@@ -956,8 +989,12 @@ enum mad_error III_huffdecode(struct mad
+ cachesz = mad_bit_bitsleft(&peek);
+ cachesz += ((32 - 1 - 24) + (24 - cachesz)) & ~7;
+
++ if (bits_left < cachesz) {
++ cachesz = bits_left;
++ }
+ bitcache = mad_bit_read(&peek, cachesz);
+ bits_left -= cachesz;
++ fakebits = 0;
+
+ xrptr = &xr[0];
+
+@@ -986,7 +1023,7 @@ enum mad_error III_huffdecode(struct mad
+
+ big_values = channel->big_values;
+
+- while (big_values-- && cachesz + bits_left > 0) {
++ while (big_values-- && cachesz + bits_left - fakebits > 0) {
+ union huffpair const *pair;
+ unsigned int clumpsz, value;
+ register mad_fixed_t requantized;
+@@ -1023,10 +1060,19 @@ enum mad_error III_huffdecode(struct mad
+ unsigned int bits;
+
+ bits = ((32 - 1 - 21) + (21 - cachesz)) & ~7;
++ if (bits_left < bits) {
++ bits = bits_left;
++ }
+ bitcache = (bitcache << bits) | mad_bit_read(&peek, bits);
+ cachesz += bits;
+ bits_left -= bits;
+ }
++ if (cachesz < 21) {
++ unsigned int bits = 21 - cachesz;
++ bitcache <<= bits;
++ cachesz += bits;
++ fakebits += bits;
++ }
+
+ /* hcod (0..19) */
+
+@@ -1041,6 +1087,8 @@ enum mad_error III_huffdecode(struct mad
+ }
+
+ cachesz -= pair->value.hlen;
++ if (cachesz < fakebits)
++ return MAD_ERROR_BADHUFFDATA;
+
+ if (linbits) {
+ /* x (0..14) */
+@@ -1054,10 +1102,15 @@ enum mad_error III_huffdecode(struct mad
+
+ case 15:
+ if (cachesz < linbits + 2) {
+- bitcache = (bitcache << 16) | mad_bit_read(&peek, 16);
+- cachesz += 16;
+- bits_left -= 16;
++ unsigned int bits = 16;
++ if (bits_left < 16)
++ bits = bits_left;
++ bitcache = (bitcache << bits) | mad_bit_read(&peek, bits);
++ cachesz += bits;
++ bits_left -= bits;
+ }
++ if (cachesz - fakebits < linbits)
++ return MAD_ERROR_BADHUFFDATA;
+
+ value += MASK(bitcache, cachesz, linbits);
+ cachesz -= linbits;
+@@ -1074,6 +1127,8 @@ enum mad_error III_huffdecode(struct mad
+ }
+
+ x_final:
++ if (cachesz - fakebits < 1)
++ return MAD_ERROR_BADHUFFDATA;
+ xrptr[0] = MASK1BIT(bitcache, cachesz--) ?
+ -requantized : requantized;
+ }
+@@ -1089,10 +1144,15 @@ enum mad_error III_huffdecode(struct mad
+
+ case 15:
+ if (cachesz < linbits + 1) {
+- bitcache = (bitcache << 16) | mad_bit_read(&peek, 16);
+- cachesz += 16;
+- bits_left -= 16;
++ unsigned int bits = 16;
++ if (bits_left < 16)
++ bits = bits_left;
++ bitcache = (bitcache << bits) | mad_bit_read(&peek, bits);
++ cachesz += bits;
++ bits_left -= bits;
+ }
++ if (cachesz - fakebits < linbits)
++ return MAD_ERROR_BADHUFFDATA;
+
+ value += MASK(bitcache, cachesz, linbits);
+ cachesz -= linbits;
+@@ -1109,6 +1169,8 @@ enum mad_error III_huffdecode(struct mad
+ }
+
+ y_final:
++ if (cachesz - fakebits < 1)
++ return MAD_ERROR_BADHUFFDATA;
+ xrptr[1] = MASK1BIT(bitcache, cachesz--) ?
+ -requantized : requantized;
+ }
+@@ -1128,6 +1190,8 @@ enum mad_error III_huffdecode(struct mad
+ requantized = reqcache[value] = III_requantize(value, exp);
+ }
+
++ if (cachesz - fakebits < 1)
++ return MAD_ERROR_BADHUFFDATA;
+ xrptr[0] = MASK1BIT(bitcache, cachesz--) ?
+ -requantized : requantized;
+ }
+@@ -1146,6 +1210,8 @@ enum mad_error III_huffdecode(struct mad
+ requantized = reqcache[value] = III_requantize(value, exp);
+ }
+
++ if (cachesz - fakebits < 1)
++ return MAD_ERROR_BADHUFFDATA;
+ xrptr[1] = MASK1BIT(bitcache, cachesz--) ?
+ -requantized : requantized;
+ }
+@@ -1155,9 +1221,6 @@ enum mad_error III_huffdecode(struct mad
+ }
+ }
+
+- if (cachesz + bits_left < 0)
+- return MAD_ERROR_BADHUFFDATA; /* big_values overrun */
+-
+ /* count1 */
+ {
+ union huffquad const *table;
+@@ -1167,15 +1230,24 @@ enum mad_error III_huffdecode(struct mad
+
+ requantized = III_requantize(1, exp);
+
+- while (cachesz + bits_left > 0 && xrptr <= &xr[572]) {
++ while (cachesz + bits_left - fakebits > 0 && xrptr <= &xr[572]) {
+ union huffquad const *quad;
+
+ /* hcod (1..6) */
+
+ if (cachesz < 10) {
+- bitcache = (bitcache << 16) | mad_bit_read(&peek, 16);
+- cachesz += 16;
+- bits_left -= 16;
++ unsigned int bits = 16;
++ if (bits_left < 16)
++ bits = bits_left;
++ bitcache = (bitcache << bits) | mad_bit_read(&peek, bits);
++ cachesz += bits;
++ bits_left -= bits;
++ }
++ if (cachesz < 10) {
++ unsigned int bits = 10 - cachesz;
++ bitcache <<= bits;
++ cachesz += bits;
++ fakebits += bits;
+ }
+
+ quad = &table[MASK(bitcache, cachesz, 4)];
+@@ -1188,6 +1260,11 @@ enum mad_error III_huffdecode(struct mad
+ MASK(bitcache, cachesz, quad->ptr.bits)];
+ }
+
++ if (cachesz - fakebits < quad->value.hlen + quad->value.v
++ + quad->value.w + quad->value.x + quad->value.y)
++ /* We don't have enough bits to read one more entry, consider them
++ * stuffing bits. */
++ break;
+ cachesz -= quad->value.hlen;
+
+ if (xrptr == sfbound) {
+@@ -1236,22 +1313,8 @@ enum mad_error III_huffdecode(struct mad
+
+ xrptr += 2;
+ }
+-
+- if (cachesz + bits_left < 0) {
+-# if 0 && defined(DEBUG)
+- fprintf(stderr, "huffman count1 overrun (%d bits)\n",
+- -(cachesz + bits_left));
+-# endif
+-
+- /* technically the bitstream is misformatted, but apparently
+- some encoders are just a bit sloppy with stuffing bits */
+-
+- xrptr -= 4;
+- }
+ }
+
+- assert(-bits_left <= MAD_BUFFER_GUARD * CHAR_BIT);
+-
+ # if 0 && defined(DEBUG)
+ if (bits_left < 0)
+ fprintf(stderr, "read %d bits too many\n", -bits_left);
+@@ -2348,10 +2411,11 @@ void III_freqinver(mad_fixed_t sample[18
+ */
+ static
+ enum mad_error III_decode(struct mad_bitptr *ptr, struct mad_frame *frame,
+- struct sideinfo *si, unsigned int nch)
++ struct sideinfo *si, unsigned int nch, unsigned int md_len)
+ {
+ struct mad_header *header = &frame->header;
+ unsigned int sfreqi, ngr, gr;
++ int bits_left = md_len * CHAR_BIT;
+
+ {
+ unsigned int sfreq;
+@@ -2383,6 +2447,7 @@ enum mad_error III_decode(struct mad_bit
+ for (ch = 0; ch < nch; ++ch) {
+ struct channel *channel = &granule->ch[ch];
+ unsigned int part2_length;
++ unsigned int part3_length;
+
+ sfbwidth[ch] = sfbwidth_table[sfreqi].l;
+ if (channel->block_type == 2) {
+@@ -2391,18 +2456,30 @@ enum mad_error III_decode(struct mad_bit
+ }
+
+ if (header->flags & MAD_FLAG_LSF_EXT) {
+- part2_length = III_scalefactors_lsf(ptr, channel,
++ error = III_scalefactors_lsf(ptr, channel,
+ ch == 0 ? 0 : &si->gr[1].ch[1],
+- header->mode_extension);
++ header->mode_extension, bits_left, &part2_length);
+ }
+ else {
+- part2_length = III_scalefactors(ptr, channel, &si->gr[0].ch[ch],
+- gr == 0 ? 0 : si->scfsi[ch]);
++ error = III_scalefactors(ptr, channel, &si->gr[0].ch[ch],
++ gr == 0 ? 0 : si->scfsi[ch], bits_left, &part2_length);
+ }
++ if (error)
++ return error;
++
++ bits_left -= part2_length;
+
+- error = III_huffdecode(ptr, xr[ch], channel, sfbwidth[ch], part2_length);
++ if (part2_length > channel->part2_3_length)
++ return MAD_ERROR_BADPART3LEN;
++
++ part3_length = channel->part2_3_length - part2_length;
++ if (part3_length > bits_left)
++ return MAD_ERROR_BADPART3LEN;
++
++ error = III_huffdecode(ptr, xr[ch], channel, sfbwidth[ch], part3_length);
+ if (error)
+ return error;
++ bits_left -= part3_length;
+ }
+
+ /* joint stereo processing */
+@@ -2519,11 +2596,13 @@ int mad_layer_III(struct mad_stream *str
+ unsigned int nch, priv_bitlen, next_md_begin = 0;
+ unsigned int si_len, data_bitlen, md_len;
+ unsigned int frame_space, frame_used, frame_free;
+- struct mad_bitptr ptr;
++ struct mad_bitptr ptr, bufend_ptr;
+ struct sideinfo si;
+ enum mad_error error;
+ int result = 0;
+
++ mad_bit_init(&bufend_ptr, stream->bufend);
++
+ /* allocate Layer III dynamic structures */
+
+ if (stream->main_data == 0) {
+@@ -2587,14 +2666,15 @@ int mad_layer_III(struct mad_stream *str
+ unsigned long header;
+
+ mad_bit_init(&peek, stream->next_frame);
++ if (mad_bit_length(&peek, &bufend_ptr) >= 57) {
++ header = mad_bit_read(&peek, 32);
++ if ((header & 0xffe60000L) /* syncword | layer */ == 0xffe20000L) {
++ if (!(header & 0x00010000L)) /* protection_bit */
++ mad_bit_skip(&peek, 16); /* crc_check */
+
+- header = mad_bit_read(&peek, 32);
+- if ((header & 0xffe60000L) /* syncword | layer */ == 0xffe20000L) {
+- if (!(header & 0x00010000L)) /* protection_bit */
+- mad_bit_skip(&peek, 16); /* crc_check */
+-
+- next_md_begin =
+- mad_bit_read(&peek, (header & 0x00080000L) /* ID */ ? 9 : 8);
++ next_md_begin =
++ mad_bit_read(&peek, (header & 0x00080000L) /* ID */ ? 9 : 8);
++ }
+ }
+
+ mad_bit_finish(&peek);
+@@ -2653,7 +2733,7 @@ int mad_layer_III(struct mad_stream *str
+ /* decode main_data */
+
+ if (result == 0) {
+- error = III_decode(&ptr, frame, &si, nch);
++ error = III_decode(&ptr, frame, &si, nch, md_len);
+ if (error) {
+ stream->error = error;
+ result = -1;
--- /dev/null
+From: Kurt Roeckx <kurt@roeckx.be>
+Date: Sun, 28 Jan 2018 15:44:08 +0100
+Subject: Check the size of the main data
+
+The main data to decode a frame can come from the current frame and part of the
+previous frame, the so called bit reservoir. si.main_data_begin is the part of
+the previous frame we need for this frame. frame_space is the amount of main
+data that can be in this frame, and next_md_begin is the part of this frame that
+is going to be used for the next frame.
+
+The maximum amount of data from a previous frame that the format allows is 511
+bytes. The maximum frame size for the defined bitrates is at MPEG 2.5 layer 2
+at 320 kbit/s and 8 kHz sample rate which gives 72 * (320000 / 8000) + 1 = 2881.
+So those defines are not large enough:
+ # define MAD_BUFFER_GUARD 8
+ # define MAD_BUFFER_MDLEN (511 + 2048 + MAD_BUFFER_GUARD)
+
+There is also support for a "free" bitrate which allows you to create any frame
+size, which can be larger than the buffer.
+
+Changing the defines is not an option since it's part of the ABI, so we check
+that the main data fits in the bufer.
+
+The previous frame data is stored in *stream->main_data and contains
+stream->md_len bytes. If stream->md_len is larger than the data we
+need from the previous frame (si.main_data_begin) it still wouldn't fit
+in the buffer, so just keep the data that we need.
+
+Index: libmad-0.15.1b/layer3.c
+===================================================================
+--- libmad-0.15.1b.orig/layer3.c
++++ libmad-0.15.1b/layer3.c
+@@ -2608,6 +2608,11 @@ int mad_layer_III(struct mad_stream *str
+ next_md_begin = 0;
+
+ md_len = si.main_data_begin + frame_space - next_md_begin;
++ if (md_len + MAD_BUFFER_GUARD > MAD_BUFFER_MDLEN) {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return -1;
++ }
+
+ frame_used = 0;
+
+@@ -2625,8 +2630,11 @@ int mad_layer_III(struct mad_stream *str
+ }
+ }
+ else {
+- mad_bit_init(&ptr,
+- *stream->main_data + stream->md_len - si.main_data_begin);
++ memmove(stream->main_data,
++ *stream->main_data + stream->md_len - si.main_data_begin,
++ si.main_data_begin);
++ stream->md_len = si.main_data_begin;
++ mad_bit_init(&ptr, *stream->main_data);
+
+ if (md_len > si.main_data_begin) {
+ assert(stream->md_len + md_len -
include $(TOPDIR)/rules.mk
PKG_NAME:=libxslt
-PKG_VERSION:=1.1.32
-PKG_RELEASE:=2
+PKG_VERSION:=1.1.33
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:= \
http://xmlsoft.org/sources/ \
ftp://fr.rpmfind.net/pub/libxml/
-PKG_HASH:=526ecd0abaf4a7789041622c3950c0e7f2c4c8835471515fd77eec684a355460
+PKG_HASH:=8e36605144409df979cab43d835002f63988f3dc94d5d3537c12796db90e38c8
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=COPYING
include $(TOPDIR)/rules.mk
PKG_NAME:=libyang
-PKG_VERSION:=0.16-r2
+PKG_VERSION:=0.16-r3
PKG_RELEASE:=2
PKG_LICENSE:=GPL-2.0+
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/CESNET/libyang/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=cf354481788f224c58ebe4785a08f992ef00af503529c8d516fdc4d0592996e0
+PKG_HASH:=4745460dedc4ba17d8bcfc39ad9ba0d1b91bbe82b55b9417a090390909ba8ca5
CMAKE_INSTALL:=1
--- /dev/null
+Index: libyang-0.16-r3/CMakeLists.txt
+===================================================================
+--- libyang-0.16-r3.orig/CMakeLists.txt
++++ libyang-0.16-r3/CMakeLists.txt
+@@ -351,8 +351,8 @@ else()
+ add_subdirectory(src/extensions)
+ endif(ENABLE_STATIC)
+
+-# YANG user types plugins ("user_ipv4" is just an example, not installed by default)
+-set(USER_TYPE_LIST "user_date_and_time")
++# YANG user types plugins
++set(USER_TYPE_LIST "user_yang_types" "user_inet_types")
+ if(ENABLE_STATIC)
+ set(USER_TYPE_LIST_SIZE " 0 ")
+ foreach(USER_TYPE ${USER_TYPE_LIST})
+Index: libyang-0.16-r3/src/parser.c
+===================================================================
+--- libyang-0.16-r3.orig/src/parser.c
++++ libyang-0.16-r3/src/parser.c
+@@ -1936,7 +1936,7 @@ lyp_parse_value(struct lys_type *type, c
+
+ /* search user types in case this value is supposed to be stored in a custom way */
+ if (store && type->der && type->der->module) {
+- c = lytype_store(type->der->module, type->der->name, *value_, val);
++ c = lytype_store(type->der->module, type->der->name, value_, val);
+ if (c == -1) {
+ goto error;
+ } else if (!c) {
+Index: libyang-0.16-r3/src/parser.h
+===================================================================
+--- libyang-0.16-r3.orig/src/parser.h
++++ libyang-0.16-r3/src/parser.h
+@@ -258,11 +258,11 @@ struct lyext_plugin *ext_get_plugin(cons
+ *
+ * @param[in] mod Module of the type.
+ * @param[in] type_name Type (typedef) name.
+- * @param[in] value_str Value to store as a string.
++ * @param[in,out] value_str Stored string value, can be overwritten by the user store callback.
+ * @param[in,out] value Filled value to be overwritten by the user store callback.
+ * @return 0 on successful storing, 1 if the type is not a user type, -1 on error.
+ */
+-int lytype_store(const struct lys_module *mod, const char *type_name, const char *value_str, lyd_val *value);
++int lytype_store(const struct lys_module *mod, const char *type_name, const char **value_str, lyd_val *value);
+
+ /**
+ * @brief Free a user type stored value.
+Index: libyang-0.16-r3/src/plugins.c
+===================================================================
+--- libyang-0.16-r3.orig/src/plugins.c
++++ libyang-0.16-r3/src/plugins.c
+@@ -574,7 +574,7 @@ lytype_find(const char *module, const ch
+ }
+
+ int
+-lytype_store(const struct lys_module *mod, const char *type_name, const char *value_str, lyd_val *value)
++lytype_store(const struct lys_module *mod, const char *type_name, const char **value_str, lyd_val *value)
+ {
+ struct lytype_plugin_list *p;
+ char *err_msg = NULL;
+@@ -583,9 +583,9 @@ lytype_store(const struct lys_module *mo
+
+ p = lytype_find(mod->name, mod->rev_size ? mod->rev[0].date : NULL, type_name);
+ if (p) {
+- if (p->store_clb(type_name, value_str, value, &err_msg)) {
++ if (p->store_clb(mod->ctx, type_name, value_str, value, &err_msg)) {
+ if (!err_msg) {
+- if (asprintf(&err_msg, "Failed to store value \"%s\" of user type \"%s\".", value_str, type_name) == -1) {
++ if (asprintf(&err_msg, "Failed to store value \"%s\" of user type \"%s\".", *value_str, type_name) == -1) {
+ LOGMEM(mod->ctx);
+ return -1;
+ }
+Index: libyang-0.16-r3/src/tree_data.c
+===================================================================
+--- libyang-0.16-r3.orig/src/tree_data.c
++++ libyang-0.16-r3/src/tree_data.c
+@@ -5476,7 +5476,7 @@ _lyd_dup_node(const struct lyd_node *nod
+ }
+
+ if (sleaf->type.der && sleaf->type.der->module) {
+- r = lytype_store(sleaf->type.der->module, sleaf->type.der->name, new_leaf->value_str, &new_leaf->value);
++ r = lytype_store(sleaf->type.der->module, sleaf->type.der->name, &new_leaf->value_str, &new_leaf->value);
+ if (r == -1) {
+ goto error;
+ } else if (!r) {
+Index: libyang-0.16-r3/src/user_types.h
+===================================================================
+--- libyang-0.16-r3.orig/src/user_types.h
++++ libyang-0.16-r3/src/user_types.h
+@@ -33,13 +33,15 @@ extern "C" {
+ * This callback should overwrite the value stored in \p value using some custom encoding. Be careful,
+ * if the type is #LY_TYPE_BITS, the bits must be freed before overwritting the union value.
+ *
++ * @param[in] ctx libyang ctx to enable correct manipulation with values that are in the dictionary.
+ * @param[in] type_name Name of the type being stored.
+- * @param[in] value_str String value to be stored.
++ * @param[in,out] value_str String value to be stored.
+ * @param[in,out] value Value union for the value to be stored in (already is but in the standard way).
+ * @param[out] err_msg Can be filled on error. If not, a generic error message will be printed.
+ * @return 0 on success, non-zero if an error occured and the value could not be stored for any reason.
+ */
+-typedef int (*lytype_store_clb)(const char *type_name, const char *value_str, lyd_val *value, char **err_msg);
++typedef int (*lytype_store_clb)(struct ly_ctx *ctx, const char *type_name, const char **value_str, lyd_val *value,
++ char **err_msg);
+
+ struct lytype_plugin_list {
+ const char *module; /**< Name of the module where the type is defined. */
+Index: libyang-0.16-r3/src/user_types/user_inet_types.c
+===================================================================
+--- /dev/null
++++ libyang-0.16-r3/src/user_types/user_inet_types.c
+@@ -0,0 +1,235 @@
++/**
++ * @file user_inet_types.c
++ * @author Michal Vasko <mvasko@cesnet.cz>
++ * @brief ietf-inet-types typedef conversion to canonical format
++ *
++ * Copyright (c) 2018 CESNET, z.s.p.o.
++ *
++ * This source code is licensed under BSD 3-Clause License (the "License").
++ * You may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ * https://opensource.org/licenses/BSD-3-Clause
++ */
++
++#define _GNU_SOURCE
++
++#include <stdlib.h>
++#include <string.h>
++#include <errno.h>
++#include <arpa/inet.h>
++
++#include "../user_types.h"
++
++#ifdef __GNUC__
++# define UNUSED(x) UNUSED_ ## x __attribute__((__unused__))
++#else
++# define UNUSED(x) UNUSED_ ## x
++#endif
++
++static char *
++convert_ipv6_addr(const char *ipv6_addr, char **err_msg)
++{
++ char buf[sizeof(struct in6_addr)], *str;
++
++ str = malloc(INET6_ADDRSTRLEN);
++ if (!str) {
++ *err_msg = NULL;
++ return NULL;
++ }
++
++ if (!inet_pton(AF_INET6, ipv6_addr, buf)) {
++ asprintf(err_msg, "Failed to convert IPv6 address \"%s\".", ipv6_addr);
++ free(str);
++ return NULL;
++ }
++
++ if (!inet_ntop(AF_INET6, buf, str, INET6_ADDRSTRLEN)) {
++ asprintf(err_msg, "Failed to convert IPv6 address (%s).", strerror(errno));
++ free(str);
++ return NULL;
++ }
++
++ return str;
++}
++
++static int
++ip_store_clb(struct ly_ctx *ctx, const char *UNUSED(type_name), const char **value_str, lyd_val *value, char **err_msg)
++{
++ char *ptr, *ipv6_addr, *result, *tmp;
++
++ if (!strchr(*value_str, ':')) {
++ /* not an IPv6 address */
++ return 0;
++ }
++
++ if ((ptr = strchr(*value_str, '%'))) {
++ /* there is a zone index */
++ ipv6_addr = strndup(*value_str, ptr - *value_str);
++ } else {
++ ipv6_addr = (char *)*value_str;
++ }
++
++ /* convert to canonical format */
++ result = convert_ipv6_addr(ipv6_addr, err_msg);
++ if (ptr) {
++ free(ipv6_addr);
++ }
++
++ /* failure */
++ if (!result) {
++ return 1;
++ }
++
++ if (strncmp(*value_str, result, strlen(result))) {
++ /* some conversion took place, update the value */
++ if (ptr) {
++ tmp = result;
++ if (asprintf(&result, "%s%s", tmp, ptr) == -1) {
++ free(tmp);
++ *err_msg = NULL;
++ return 1;
++ }
++ free(tmp);
++ }
++
++ lydict_remove(ctx, *value_str);
++ *value_str = lydict_insert_zc(ctx, result);
++ value->string = *value_str;
++ } else {
++ free(result);
++ }
++
++ return 0;
++}
++
++static int
++ipv4_prefix_store_clb(struct ly_ctx *ctx, const char *UNUSED(type_name), const char **value_str, lyd_val *value, char **err_msg)
++{
++ char *pref_str, *ptr, *result;
++ int result_len, i, j, num;
++ unsigned long int pref;
++
++ pref_str = strchr(*value_str, '/');
++ if (!pref_str) {
++ asprintf(err_msg, "Invalid IPv4 prefix \"%s\".", *value_str);
++ return 1;
++ }
++
++ pref = strtoul(pref_str + 1, &ptr, 10);
++ if (ptr[0]) {
++ asprintf(err_msg, "Invalid IPv4 prefix \"%s\".", *value_str);
++ return 1;
++ }
++
++ result = malloc(INET_ADDRSTRLEN + 3);
++ if (!result) {
++ *err_msg = NULL;
++ return 1;
++ }
++
++ /* generate ip prefix mask */
++ result_len = 0;
++ for (i = 0; i < 4; ++i) {
++ num = 0;
++ for (j = 0; (j < 8) && pref; ++j) {
++ num += (1 << j);
++ --pref;
++ }
++
++ result_len += sprintf(result + result_len, "%s%d", i ? "." : "", num);
++ }
++
++ /* add the prefix */
++ result_len += sprintf(result + result_len, "%s", pref_str);
++
++ if (strcmp(result, *value_str)) {
++ /* some conversion took place, update the value */
++ lydict_remove(ctx, *value_str);
++ *value_str = lydict_insert_zc(ctx, result);
++ value->string = *value_str;
++ } else {
++ free(result);
++ }
++
++ return 0;
++}
++
++static int
++ipv6_prefix_store_clb(struct ly_ctx *ctx, const char *UNUSED(type_name), const char **value_str, lyd_val *value, char **err_msg)
++{
++ char *pref_str, *ptr, *result;
++ int result_len, i, j, num;
++ unsigned long int pref;
++
++ pref_str = strchr(*value_str, '/');
++ if (!pref_str) {
++ asprintf(err_msg, "Invalid IPv6 prefix \"%s\".", *value_str);
++ return 1;
++ }
++
++ pref = strtoul(pref_str + 1, &ptr, 10);
++ if (ptr[0]) {
++ asprintf(err_msg, "Invalid IPv6 prefix \"%s\".", *value_str);
++ return 1;
++ }
++
++ result = malloc(INET6_ADDRSTRLEN + 4);
++ if (!result) {
++ *err_msg = NULL;
++ return 1;
++ }
++
++ /* generate ipv6 prefix mask */
++ result_len = 0;
++ for (i = 0; i < 8; ++i) {
++ num = 0;
++ for (j = 0; (j < 16) && pref; ++j) {
++ num += (1 << j);
++ --pref;
++ }
++
++ result_len += sprintf(result + result_len, "%s%x", i ? ":" : "", num);
++
++ if (!pref && (i < 6)) {
++ /* shorten ending zeros */
++ result_len += sprintf(result + result_len, "::");
++ break;
++ }
++ }
++
++ /* add the prefix */
++ result_len += sprintf(result + result_len, "%s", pref_str);
++
++ if (strcmp(result, *value_str)) {
++ /* some conversion took place, update the value */
++ lydict_remove(ctx, *value_str);
++ *value_str = lydict_insert_zc(ctx, result);
++ value->string = *value_str;
++ } else {
++ free(result);
++ }
++
++ return 0;
++}
++
++static int
++ip_prefix_store_clb(struct ly_ctx *ctx, const char *type_name, const char **value_str, lyd_val *value, char **err_msg)
++{
++ if (strchr(*value_str, ':')) {
++ return ipv6_prefix_store_clb(ctx, type_name, value_str, value, err_msg);
++ }
++ return ipv4_prefix_store_clb(ctx, type_name, value_str, value, err_msg);
++}
++
++/* Name of this array must match the file name! */
++struct lytype_plugin_list user_inet_types[] = {
++ {"ietf-inet-types", "2013-07-15", "ip-address", ip_store_clb, NULL},
++ {"ietf-inet-types", "2013-07-15", "ipv6-address", ip_store_clb, NULL},
++ {"ietf-inet-types", "2013-07-15", "ip-address-no-zone", ip_store_clb, NULL},
++ {"ietf-inet-types", "2013-07-15", "ipv6-address-no-zone", ip_store_clb, NULL},
++ {"ietf-inet-types", "2013-07-15", "ip-prefix", ip_prefix_store_clb, NULL},
++ {"ietf-inet-types", "2013-07-15", "ipv4-prefix", ipv4_prefix_store_clb, NULL},
++ {"ietf-inet-types", "2013-07-15", "ipv6-prefix", ipv6_prefix_store_clb, NULL},
++ {NULL, NULL, NULL, NULL, NULL} /* terminating item */
++};
+Index: libyang-0.16-r3/src/user_types/user_ipv4.c
+===================================================================
+--- libyang-0.16-r3.orig/src/user_types/user_ipv4.c
++++ /dev/null
+@@ -1,42 +0,0 @@
+-/**
+- * @file user_ipv4.c
+- * @author Michal Vasko <mvasko@cesnet.cz>
+- * @brief Example implementation of an ipv4-address as a user type
+- *
+- * Copyright (c) 2018 CESNET, z.s.p.o.
+- *
+- * This source code is licensed under BSD 3-Clause License (the "License").
+- * You may not use this file except in compliance with the License.
+- * You may obtain a copy of the License at
+- *
+- * https://opensource.org/licenses/BSD-3-Clause
+- */
+-
+-#include <stdlib.h>
+-#include <string.h>
+-#include <arpa/inet.h>
+-#include <sys/socket.h>
+-
+-#include "../user_types.h"
+-
+-static int
+-ipv4_store_clb(const char *type_name, const char *value_str, lyd_val *value, char **err_msg)
+-{
+- value->ptr = malloc(sizeof(struct in_addr));
+- if (!value->ptr) {
+- return 1;
+- }
+-
+- if (inet_pton(AF_INET, value_str, value->ptr) != 1) {
+- free(value->ptr);
+- return 1;
+- }
+- return 0;
+-}
+-
+-/* Name of this array must match the file name! */
+-struct lytype_plugin_list user_ipv4[] = {
+- {"ietf-inet-types", "2013-07-15", "ipv4-address", ipv4_store_clb, free},
+- {"ietf-inet-types", "2013-07-15", "ipv4-address-no-zone", ipv4_store_clb, free},
+- {NULL, NULL, NULL, NULL, NULL} /* terminating item */
+-};
+Index: libyang-0.16-r3/src/user_types/user_yang_types.c
+===================================================================
+--- /dev/null
++++ libyang-0.16-r3/src/user_types/user_yang_types.c
+@@ -0,0 +1,303 @@
++/**
++ * @file user_yang_types.c
++ * @author Michal Vasko <mvasko@cesnet.cz>
++ * @brief ietf-yang-types typedef validation and conversion to canonical format
++ *
++ * Copyright (c) 2018 CESNET, z.s.p.o.
++ *
++ * This source code is licensed under BSD 3-Clause License (the "License").
++ * You may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ * https://opensource.org/licenses/BSD-3-Clause
++ */
++#define _GNU_SOURCE
++
++#include <stdlib.h>
++#include <string.h>
++#include <stdint.h>
++#include <errno.h>
++#include <time.h>
++#include <ctype.h>
++
++#include "../user_types.h"
++
++#ifdef __GNUC__
++# define UNUSED(x) UNUSED_ ## x __attribute__((__unused__))
++#else
++# define UNUSED(x) UNUSED_ ## x
++#endif
++
++static const char *gmt_offsets[] = {
++ "+00:00",
++ "+00:20",
++ "+00:30",
++ "+01:00",
++ "+01:24",
++ "+01:30",
++ "+02:00",
++ "+02:30",
++ "+03:00",
++ "+03:30",
++ "+04:00",
++ "+04:30",
++ "+04:51",
++ "+05:00",
++ "+05:30",
++ "+05:40",
++ "+05:45",
++ "+06:00",
++ "+06:30",
++ "+07:00",
++ "+07:20",
++ "+07:30",
++ "+08:00",
++ "+08:30",
++ "+08:45",
++ "+09:00",
++ "+09:30",
++ "+09:45",
++ "+10:00",
++ "+10:30",
++ "+11:00",
++ "+11:30",
++ "+12:00",
++ "+12:45",
++ "+13:00",
++ "+13:45",
++ "+14:00",
++ "-00:00",
++ "-00:44",
++ "-01:00",
++ "-02:00",
++ "-02:30",
++ "-03:00",
++ "-03:30",
++ "-04:00",
++ "-04:30",
++ "-05:00",
++ "-06:00",
++ "-07:00",
++ "-08:00",
++ "-08:30",
++ "-09:00",
++ "-09:30",
++ "-10:00",
++ "-10:30",
++ "-11:00",
++ "-12:00",
++};
++
++static int
++date_and_time_store_clb(struct ly_ctx *UNUSED(ctx), const char *UNUSED(type_name), const char **value_str,
++ lyd_val *UNUSED(value), char **err_msg)
++{
++ struct tm tm, tm2;
++ uint32_t i, j, k;
++ const char *val_str = *value_str;
++ int ret;
++
++ /* \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d+)?(Z|[\+\-]\d{2}:\d{2})
++ * 2018-03-21T09:11:05(.55785...)(Z|+02:00) */
++ memset(&tm, 0, sizeof tm);
++ i = 0;
++
++ /* year */
++ tm.tm_year = atoi(val_str + i);
++ /* if there was some invalid number, it will either be discovered in the loop below or by mktime() */
++ tm.tm_year -= 1900;
++ for (j = i + 4; i < j; ++i) {
++ if (!isdigit(val_str[i])) {
++ ret = asprintf(err_msg, "Invalid character '%c'[%d] in date-and-time value \"%s\", a digit expected.", val_str[i], i, val_str);
++ goto error;
++ }
++ }
++ if (val_str[i] != '-') {
++ ret = asprintf(err_msg, "Invalid character '%c'[%d] in date-and-time value \"%s\", '-' expected.", val_str[i], i, val_str);
++ goto error;
++ }
++ ++i;
++
++ /* month */
++ tm.tm_mon = atoi(val_str + i);
++ tm.tm_mon -= 1;
++ for (j = i + 2; i < j; ++i) {
++ if (!isdigit(val_str[i])) {
++ ret = asprintf(err_msg, "Invalid character '%c'[%d] in date-and-time value \"%s\", a digit expected.", val_str[i], i, val_str);
++ goto error;
++ }
++ }
++ if (val_str[i] != '-') {
++ ret = asprintf(err_msg, "Invalid character '%c'[%d] in date-and-time value \"%s\", '-' expected.", val_str[i], i, val_str);
++ goto error;
++ }
++ ++i;
++
++ /* day */
++ tm.tm_mday = atoi(val_str + i);
++ for (j = i + 2; i < j; ++i) {
++ if (!isdigit(val_str[i])) {
++ ret = asprintf(err_msg, "Invalid character '%c'[%d] in date-and-time value \"%s\", a digit expected.", val_str[i], i, val_str);
++ goto error;
++ }
++ }
++ if (val_str[i] != 'T') {
++ ret = asprintf(err_msg, "Invalid character '%c'[%d] in date-and-time value \"%s\", 'T' expected.", val_str[i], i, val_str);
++ goto error;
++ }
++ ++i;
++
++ /* hours */
++ tm.tm_hour = atoi(val_str + i);
++ for (j = i + 2; i < j; ++i) {
++ if (!isdigit(val_str[i])) {
++ ret = asprintf(err_msg, "Invalid character '%c'[%d] in date-and-time value \"%s\", a digit expected.", val_str[i], i, val_str);
++ goto error;
++ }
++ }
++ if (val_str[i] != ':') {
++ ret = asprintf(err_msg, "Invalid character '%c'[%d] in date-and-time value \"%s\", ':' expected.", val_str[i], i, val_str);
++ goto error;
++ }
++ ++i;
++
++ /* minutes */
++ tm.tm_min = atoi(val_str + i);
++ for (j = i + 2; i < j; ++i) {
++ if (!isdigit(val_str[i])) {
++ ret = asprintf(err_msg, "Invalid character '%c'[%d] in date-and-time value \"%s\", a digit expected.", val_str[i], i, val_str);
++ goto error;
++ }
++ }
++ if (val_str[i] != ':') {
++ ret = asprintf(err_msg, "Invalid character '%c'[%d] in date-and-time value \"%s\", ':' expected.", val_str[i], i, val_str);
++ goto error;
++ }
++ ++i;
++
++ /* seconds */
++ tm.tm_sec = atoi(val_str + i);
++ for (j = i + 2; i < j; ++i) {
++ if (!isdigit(val_str[i])) {
++ ret = asprintf(err_msg, "Invalid character '%c'[%d] in date-and-time value \"%s\", a digit expected.", val_str[i], i, val_str);
++ goto error;
++ }
++ }
++ if ((val_str[i] != '.') && (val_str[i] != 'Z') && (val_str[i] != '+') && (val_str[i] != '-')) {
++ ret = asprintf(err_msg, "Invalid character '%c'[%d] in date-and-time value \"%s\", '.', 'Z', '+', or '-' expected.",
++ val_str[i], i, val_str);
++ goto error;
++ }
++
++ /* validate using mktime() */
++ tm2 = tm;
++ if (mktime(&tm) == -1) {
++ ret = asprintf(err_msg, "Checking date-and-time value \"%s\" failed (%s).", val_str, strerror(errno));
++ goto error;
++ }
++ /* we now have correctly filled the remaining values, use them */
++ memcpy(((char *)&tm2) + (6 * sizeof(int)), ((char *)&tm) + (6 * sizeof(int)), sizeof(struct tm) - (6 * sizeof(int)));
++ /* back it up again */
++ tm = tm2;
++ /* let mktime() correct date & time with having the other values correct now */
++ if (mktime(&tm) == -1) {
++ ret = asprintf(err_msg, "Checking date-and-time value \"%s\" failed (%s).", val_str, strerror(errno));
++ goto error;
++ }
++ /* detect changes in the filled values */
++ if (memcmp(&tm, &tm2, 6 * sizeof(int))) {
++ ret = asprintf(err_msg, "Checking date-and-time value \"%s\" failed, canonical date and time is \"%04d-%02d-%02dT%02d:%02d:%02d\".",
++ val_str, tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday, tm.tm_hour, tm.tm_min, tm.tm_sec);
++ goto error;
++ }
++
++ /* tenth of a second */
++ if (val_str[i] == '.') {
++ ++i;
++ if (!isdigit(val_str[i])) {
++ ret = asprintf(err_msg, "Invalid character '%c'[%d] in date-and-time value \"%s\", a digit expected.", val_str[i], i, val_str);
++ goto error;
++ }
++ do {
++ ++i;
++ } while (isdigit(val_str[i]));
++ }
++
++ switch (val_str[i]) {
++ case 'Z':
++ /* done */
++ break;
++ case '+':
++ case '-':
++ /* timezone shift */
++ k = sizeof gmt_offsets / sizeof *gmt_offsets;
++ for (j = 0; j < k ; ++j) {
++ if (!strncmp(val_str + i, gmt_offsets[j], 6)) {
++ break;
++ }
++ }
++ if (j == k) {
++ ret = asprintf(err_msg, "Invalid timezone \"%.6s\" in date-and-time value \"%s\".", val_str + i, val_str);
++ goto error;
++ }
++ i += 5;
++ break;
++ default:
++ ret = asprintf(err_msg, "Invalid character '%c'[%d] in date-and-time value \"%s\", 'Z', '+', or '-' expected.", val_str[i], i, val_str);
++ goto error;
++ }
++
++ /* no other characters expected */
++ ++i;
++ if (val_str[i]) {
++ ret = asprintf(err_msg, "Invalid character '%c'[%d] in date-and-time value \"%s\", no characters expected.", val_str[i], i, val_str);
++ goto error;
++ }
++
++ /* validation succeeded and we do not want to change how it is stored */
++ return 0;
++
++error:
++ if (ret == -1) {
++ err_msg = NULL;
++ }
++ return 1;
++}
++
++static int
++hex_string_store_clb(struct ly_ctx *ctx, const char *UNUSED(type_name), const char **value_str, lyd_val *value, char **err_msg)
++{
++ char *str;
++ uint32_t i, len;
++
++ str = strdup(*value_str);
++ if (!str) {
++ /* we can hardly allocate an error message */
++ *err_msg = NULL;
++ return 1;
++ }
++
++ len = strlen(str);
++ for (i = 0; i < len; ++i) {
++ if ((str[i] >= 'A') && (str[i] <= 'Z')) {
++ /* make it lowercase (canonical format) */
++ str[i] += 32;
++ }
++ }
++
++ /* update the value correctly */
++ lydict_remove(ctx, *value_str);
++ *value_str = lydict_insert_zc(ctx, str);
++ value->string = *value_str;
++ return 0;
++}
++
++/* Name of this array must match the file name! */
++struct lytype_plugin_list user_yang_types[] = {
++ {"ietf-yang-types", "2013-07-15", "date-and-time", date_and_time_store_clb, NULL},
++ {"ietf-yang-types", "2013-07-15", "phys-address", hex_string_store_clb, NULL},
++ {"ietf-yang-types", "2013-07-15", "mac-address", hex_string_store_clb, NULL},
++ {"ietf-yang-types", "2013-07-15", "hex-string", hex_string_store_clb, NULL},
++ {"ietf-yang-types", "2013-07-15", "uuid", hex_string_store_clb, NULL},
++ {NULL, NULL, NULL, NULL, NULL} /* terminating item */
++};
+Index: libyang-0.16-r3/tests/CMakeLists.txt
+===================================================================
+--- libyang-0.16-r3.orig/tests/CMakeLists.txt
++++ libyang-0.16-r3/tests/CMakeLists.txt
+@@ -7,7 +7,7 @@ set(CMAKE_MACOSX_RPATH TRUE)
+ get_filename_component(TESTS_DIR "${CMAKE_SOURCE_DIR}/tests" REALPATH)
+
+ set(api_tests test_libyang test_tree_schema test_xml test_dict test_tree_data test_tree_data_dup test_tree_data_merge test_xpath test_xpath_1.1 test_diff)
+-set(data_tests test_data_initialization test_leafref_remove test_instid_remove test_keys test_autodel test_when test_when_1.1 test_must_1.1 test_defaults test_emptycont test_unique test_mandatory test_json test_parse_print test_values test_metadata test_yangtypes_xpath test_yang_data test_unknown_element)
++set(data_tests test_data_initialization test_leafref_remove test_instid_remove test_keys test_autodel test_when test_when_1.1 test_must_1.1 test_defaults test_emptycont test_unique test_mandatory test_json test_parse_print test_values test_metadata test_yangtypes_xpath test_yang_data test_unknown_element test_user_types)
+ set(schema_yin_tests test_print_transform)
+ set(schema_tests test_ietf test_augment test_deviation test_refine test_typedef test_import test_include test_feature test_conformance test_leaflist test_status test_printer test_invalid)
+ if(CMAKE_BUILD_TYPE MATCHES debug)
+Index: libyang-0.16-r3/tests/api/test_libyang.c
+===================================================================
+--- libyang-0.16-r3.orig/tests/api/test_libyang.c
++++ libyang-0.16-r3/tests/api/test_libyang.c
+@@ -1245,7 +1245,13 @@ test_ly_get_loaded_plugins(void **state)
+ }
+ assert_non_null(plugins[i]);
+ for (i = 0; plugins[i]; ++i) {
+- if (!strcmp(plugins[i], "user_date_and_time")) {
++ if (!strcmp(plugins[i], "user_yang_types")) {
++ break;
++ }
++ }
++ assert_non_null(plugins[i]);
++ for (i = 0; plugins[i]; ++i) {
++ if (!strcmp(plugins[i], "user_inet_types")) {
+ break;
+ }
+ }
+Index: libyang-0.16-r3/tests/data/files/user-types.yang
+===================================================================
+--- /dev/null
++++ libyang-0.16-r3/tests/data/files/user-types.yang
+@@ -0,0 +1,61 @@
++module user-types {
++ namespace "urn:user-types";
++ prefix ut;
++
++ import ietf-yang-types {
++ prefix yang;
++ }
++
++ import ietf-inet-types {
++ prefix inet;
++ }
++
++
++ leaf yang1 {
++ type yang:date-and-time;
++ }
++
++ leaf yang2 {
++ type yang:phys-address;
++ }
++
++ leaf yang3 {
++ type yang:mac-address;
++ }
++
++ leaf yang4 {
++ type yang:hex-string;
++ }
++
++ leaf yang5 {
++ type yang:uuid;
++ }
++
++ leaf inet1 {
++ type inet:ip-address;
++ }
++
++ leaf inet2 {
++ type inet:ipv6-address;
++ }
++
++ leaf inet3 {
++ type inet:ip-address-no-zone;
++ }
++
++ leaf inet4 {
++ type inet:ipv6-address-no-zone;
++ }
++
++ leaf inet5 {
++ type inet:ip-prefix;
++ }
++
++ leaf inet6 {
++ type inet:ipv4-prefix;
++ }
++
++ leaf inet7 {
++ type inet:ipv6-prefix;
++ }
++}
+Index: libyang-0.16-r3/tests/data/test_user_types.c
+===================================================================
+--- /dev/null
++++ libyang-0.16-r3/tests/data/test_user_types.c
+@@ -0,0 +1,226 @@
++/**
++ * @file test_user_types.c
++ * @author Michal Vasko <mvasko@cesnet.cz>
++ * @brief Cmocka tests for libyang internal user types.
++ *
++ * Copyright (c) 2018 CESNET, z.s.p.o.
++ *
++ * This source code is licensed under BSD 3-Clause License (the "License").
++ * You may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ * https://opensource.org/licenses/BSD-3-Clause
++ */
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <setjmp.h>
++#include <stdarg.h>
++#include <cmocka.h>
++
++#include "tests/config.h"
++#include "libyang.h"
++
++struct state {
++ struct ly_ctx *ctx;
++ const struct lys_module *mod;
++ struct lyd_node *dt;
++};
++
++static int
++setup_f(void **state)
++{
++ struct state *st;
++
++ (*state) = st = calloc(1, sizeof *st);
++ if (!st) {
++ fprintf(stderr, "Memory allocation error");
++ return -1;
++ }
++
++ /* libyang context */
++ st->ctx = ly_ctx_new(TESTS_DIR"/data/files", 0);
++ if (!st->ctx) {
++ fprintf(stderr, "Failed to create context.\n");
++ goto error;
++ }
++
++ st->mod = ly_ctx_load_module(st->ctx, "user-types", NULL);
++ if (!st->mod) {
++ fprintf(stderr, "Failed to load schema.\n");
++ goto error;
++ }
++
++ return 0;
++
++error:
++ ly_ctx_destroy(st->ctx, NULL);
++ free(st);
++ (*state) = NULL;
++
++ return -1;
++}
++
++static int
++teardown_f(void **state)
++{
++ struct state *st = (*state);
++
++ lyd_free_withsiblings(st->dt);
++ ly_ctx_destroy(st->ctx, NULL);
++ free(st);
++ (*state) = NULL;
++
++ return 0;
++}
++
++static void
++test_yang_types(void **state)
++{
++ struct state *st = (struct state *)*state;
++
++ /* date-and-time */
++ st->dt = lyd_new_leaf(NULL, st->mod, "yang1", "2005-05-25T23:15:15.88888Z");
++ assert_non_null(st->dt);
++ lyd_free_withsiblings(st->dt);
++
++ st->dt = lyd_new_leaf(NULL, st->mod, "yang1", "2005-05-31T23:15:15-08:00");
++ assert_non_null(st->dt);
++ lyd_free_withsiblings(st->dt);
++
++ st->dt = lyd_new_leaf(NULL, st->mod, "yang1", "2005-05-31T23:15:15.-08:00");
++ assert_null(st->dt);
++
++ st->dt = lyd_new_leaf(NULL, st->mod, "yang1", "2005-02-29T23:15:15-08:00");
++ assert_null(st->dt);
++
++ /* phys-address */
++ st->dt = lyd_new_leaf(NULL, st->mod, "yang2", "aa:bb:cc:dd");
++ assert_non_null(st->dt);
++ assert_string_equal(((struct lyd_node_leaf_list *)st->dt)->value_str, "aa:bb:cc:dd");
++ lyd_free_withsiblings(st->dt);
++
++ st->dt = lyd_new_leaf(NULL, st->mod, "yang2", "AA:BB:1D:2F:CA:52");
++ assert_non_null(st->dt);
++ assert_string_equal(((struct lyd_node_leaf_list *)st->dt)->value_str, "aa:bb:1d:2f:ca:52");
++ lyd_free_withsiblings(st->dt);
++
++ /* mac-address */
++ st->dt = lyd_new_leaf(NULL, st->mod, "yang3", "12:34:56:78:9A:BC");
++ assert_non_null(st->dt);
++ assert_string_equal(((struct lyd_node_leaf_list *)st->dt)->value_str, "12:34:56:78:9a:bc");
++ lyd_free_withsiblings(st->dt);
++
++ /* hex-string */
++ st->dt = lyd_new_leaf(NULL, st->mod, "yang4", "AB:CD:eF:fE:dc:Ba:Ab");
++ assert_non_null(st->dt);
++ assert_string_equal(((struct lyd_node_leaf_list *)st->dt)->value_str, "ab:cd:ef:fe:dc:ba:ab");
++ lyd_free_withsiblings(st->dt);
++
++ /* uuid */
++ st->dt = lyd_new_leaf(NULL, st->mod, "yang5", "12AbCDef-3456-58cd-9ABC-8796cdACdfEE");
++ assert_non_null(st->dt);
++ assert_string_equal(((struct lyd_node_leaf_list *)st->dt)->value_str, "12abcdef-3456-58cd-9abc-8796cdacdfee");
++}
++
++static void
++test_inet_types(void **state)
++{
++ struct state *st = (struct state *)*state;
++
++ /* ip-address */
++ st->dt = lyd_new_leaf(NULL, st->mod, "inet1", "192.168.0.1");
++ assert_non_null(st->dt);
++ assert_string_equal(((struct lyd_node_leaf_list *)st->dt)->value_str, "192.168.0.1");
++ lyd_free_withsiblings(st->dt);
++
++ st->dt = lyd_new_leaf(NULL, st->mod, "inet1", "192.168.0.1%12");
++ assert_non_null(st->dt);
++ assert_string_equal(((struct lyd_node_leaf_list *)st->dt)->value_str, "192.168.0.1%12");
++ lyd_free_withsiblings(st->dt);
++
++ st->dt = lyd_new_leaf(NULL, st->mod, "inet1", "2008:15:0:0:0:0:feAC:1");
++ assert_non_null(st->dt);
++ assert_string_equal(((struct lyd_node_leaf_list *)st->dt)->value_str, "2008:15::feac:1");
++ lyd_free_withsiblings(st->dt);
++
++ /* ipv6-address */
++ st->dt = lyd_new_leaf(NULL, st->mod, "inet2", "FAAC:21:011:Da85::87:daaF%1");
++ assert_non_null(st->dt);
++ assert_string_equal(((struct lyd_node_leaf_list *)st->dt)->value_str, "faac:21:11:da85::87:daaf%1");
++ lyd_free_withsiblings(st->dt);
++
++ /* ip-address-no-zone */
++ st->dt = lyd_new_leaf(NULL, st->mod, "inet3", "127.0.0.1");
++ assert_non_null(st->dt);
++ assert_string_equal(((struct lyd_node_leaf_list *)st->dt)->value_str, "127.0.0.1");
++ lyd_free_withsiblings(st->dt);
++
++ st->dt = lyd_new_leaf(NULL, st->mod, "inet3", "0:00:000:0000:000:00:0:1");
++ assert_non_null(st->dt);
++ assert_string_equal(((struct lyd_node_leaf_list *)st->dt)->value_str, "::1");
++ lyd_free_withsiblings(st->dt);
++
++ /* ipv6-address-no-zone */
++ st->dt = lyd_new_leaf(NULL, st->mod, "inet4", "A:B:c:D:e:f:1:0");
++ assert_non_null(st->dt);
++ assert_string_equal(((struct lyd_node_leaf_list *)st->dt)->value_str, "a:b:c:d:e:f:1:0");
++ lyd_free_withsiblings(st->dt);
++
++ /* ip-prefix */
++ st->dt = lyd_new_leaf(NULL, st->mod, "inet5", "12.1.58.4/1");
++ assert_non_null(st->dt);
++ assert_string_equal(((struct lyd_node_leaf_list *)st->dt)->value_str, "1.0.0.0/1");
++ lyd_free_withsiblings(st->dt);
++
++ st->dt = lyd_new_leaf(NULL, st->mod, "inet5", "12.1.58.4/24");
++ assert_non_null(st->dt);
++ assert_string_equal(((struct lyd_node_leaf_list *)st->dt)->value_str, "255.255.255.0/24");
++ lyd_free_withsiblings(st->dt);
++
++ st->dt = lyd_new_leaf(NULL, st->mod, "inet5", "2000:A:B:C:D:E:f:a/16");
++ assert_non_null(st->dt);
++ assert_string_equal(((struct lyd_node_leaf_list *)st->dt)->value_str, "ffff::/16");
++ lyd_free_withsiblings(st->dt);
++
++ /* ipv4-prefix */
++ st->dt = lyd_new_leaf(NULL, st->mod, "inet6", "0.1.58.4/32");
++ assert_non_null(st->dt);
++ assert_string_equal(((struct lyd_node_leaf_list *)st->dt)->value_str, "255.255.255.255/32");
++ lyd_free_withsiblings(st->dt);
++
++ st->dt = lyd_new_leaf(NULL, st->mod, "inet6", "12.1.58.4/8");
++ assert_non_null(st->dt);
++ assert_string_equal(((struct lyd_node_leaf_list *)st->dt)->value_str, "255.0.0.0/8");
++ lyd_free_withsiblings(st->dt);
++
++ /* ipv6-prefix */
++ st->dt = lyd_new_leaf(NULL, st->mod, "inet7", "::C:D:E:f:a/112");
++ assert_non_null(st->dt);
++ assert_string_equal(((struct lyd_node_leaf_list *)st->dt)->value_str, "ffff:ffff:ffff:ffff:ffff:ffff:ffff:0/112");
++ lyd_free_withsiblings(st->dt);
++
++ st->dt = lyd_new_leaf(NULL, st->mod, "inet7", "::C:D:E:f:a/110");
++ assert_non_null(st->dt);
++ assert_string_equal(((struct lyd_node_leaf_list *)st->dt)->value_str, "ffff:ffff:ffff:ffff:ffff:ffff:3fff:0/110");
++ lyd_free_withsiblings(st->dt);
++
++ st->dt = lyd_new_leaf(NULL, st->mod, "inet7", "::C:D:E:f:a/96");
++ assert_non_null(st->dt);
++ assert_string_equal(((struct lyd_node_leaf_list *)st->dt)->value_str, "ffff:ffff:ffff:ffff:ffff:ffff::/96");
++ lyd_free_withsiblings(st->dt);
++
++ st->dt = lyd_new_leaf(NULL, st->mod, "inet7", "::C:D:E:f:a/55");
++ assert_non_null(st->dt);
++ assert_string_equal(((struct lyd_node_leaf_list *)st->dt)->value_str, "ffff:ffff:ffff:7f::/55");
++}
++
++int main(void)
++{
++ const struct CMUnitTest tests[] = {
++ cmocka_unit_test_setup_teardown(test_yang_types, setup_f, teardown_f),
++ cmocka_unit_test_setup_teardown(test_inet_types, setup_f, teardown_f),
++ };
++
++ return cmocka_run_group_tests(tests, NULL, NULL);
++}
include $(TOPDIR)/rules.mk
PKG_NAME:=msmtp
-PKG_VERSION:=1.8.1
+PKG_VERSION:=1.8.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://marlam.de/msmtp/releases
-PKG_HASH:=f0a2a7ed23a3ba5ca88640a9bc433507a79fdfc916b14a989d36679b7fdca4da
+PKG_HASH:=d1185c1969ed00d0e2c57dbcd5eb09a9f82156042b21309d558f761978a58793
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
PKG_MAINTAINER:=Rosen Penev <rosenp@gmail.com>
include $(TOPDIR)/rules.mk
PKG_NAME:=youtube-dl
-PKG_VERSION:=2019.01.02
+PKG_VERSION:=2019.01.24
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/rg3/youtube-dl/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=db79ec9ffdadec820bd422e236c81f7e39d6e57f3adfcd372f8a9ea92fd918f0
+PKG_HASH:=b4916ffc33d6dcac8e8be1656a65b8706cb7f824b7c734fe04588c78f7d09e04
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
PKG_LICENSE:=Unlicense
PKG_LICENSE_FILES:=LICENSE
-PKG_MAINTAINER:=Adrian Panella <ianchi74@outlook.com>
+PKG_MAINTAINER:=Adrian Panella <ianchi74@outlook.com>, Josef Schlehofer <pepe.schlehofer@gmail.com>
PKG_BUILD_DEPENDS:=python/host zip/host
include $(TOPDIR)/rules.mk
PKG_NAME:=adblock
-PKG_VERSION:=3.6.2
+PKG_VERSION:=3.6.4
PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0+
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
EXTRA_HELP=" suspend Suspend adblock processing
resume Resume adblock processing
query <DOMAIN> Query active blocklists for specific domains
- report Print dns query statistics
+ report <SEARCH> Print dns query statistics with an optional search parameter
status Print runtime information"
adb_init="/etc/init.d/adblock"
report()
{
[ -s "${adb_pidfile}" ] && return 1
- rc_procd "${adb_script}" report "${1}"
+ rc_procd "${adb_script}" report "${1:-"+"}" "${2:-"50"}" "${3:-"false"}" "${4:-"true"}"
}
status()
#
LC_ALL=C
PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-adb_ver="3.6.2"
+adb_ver="3.6.4"
adb_sysver="unknown"
adb_enabled=0
adb_debug=0
#
f_envload()
{
- local dns_up sys_call sys_desc sys_model sys_ver cnt=0
+ local dns_up sys_call sys_desc sys_model cnt=0
# get system information
#
then
sys_desc="$(printf '%s' "${sys_call}" | jsonfilter -e '@.release.description')"
sys_model="$(printf '%s' "${sys_call}" | jsonfilter -e '@.model')"
- sys_ver="$(cat /etc/turris-version 2>/dev/null)"
- if [ -n "${sys_ver}" ]
- then
- sys_desc="${sys_desc}/${sys_ver}"
- fi
adb_sysver="${sys_model}, ${sys_desc}"
fi
esac
while [ "${domain}" != "${tld}" ]
do
- search="${domain//./\.}"
- result="$(awk -F '/|\"| ' "/^($search|${prefix}+${search}.*${suffix}$)/{i++;{printf(\" + %s\n\",\$${field})};if(i>9){printf(\" + %s\n\",\"[...]\");exit}}" "${adb_dnsdir}/${adb_dnsfile}")"
+ search="${domain//./\\.}"
+ search="${search//[+*~%\$&\"\']/}"
+ result="$(awk -F '/|\"| ' "/^(${search}|${prefix}+${search}.*${suffix}$)/{i++;{printf(\" + %s\n\",\$${field})};if(i>9){printf(\" + %s\n\",\"[...]\");exit}}" "${adb_dnsdir}/${adb_dnsfile}")"
printf '%s\n%s\n%s\n' ":::" "::: results for domain '${domain}'" ":::"
printf '%s\n' "${result:-" - no match"}"
domain="${tld}"
if [ ${adb_backup} -eq 1 ] && [ -d "${adb_backupdir}" ]
then
- search="${1//./\.}"
+ search="${1//./\\.}"
+ search="${search//[+*~%\$&\"\']/}"
printf '%s\n%s\n%s\n' ":::" "::: results for domain '${1}' in backups" ":::"
for file in ${adb_backupdir}/${adb_dnsprefix}.*.gz
do
#
f_report()
{
- local bg_pid total blocked percent rep_clients rep_domains rep_blocked rep_latest index hold ports cnt=0 print="${1:-"true"}"
+ local bg_pid total blocked percent rep_clients rep_domains rep_blocked index hold ports cnt=0 search="${1}" count="${2}" filter="${3}" print="${4}"
- if [ ! -x "${adb_reputil}" ]
+ if [ ${adb_report} -eq 1 ] && [ ! -x "${adb_reputil}" ]
then
- f_log "info" "Please install the package 'tcpdump-mini' manually to use the adblock reporting feature!"
- return 0
+ f_log "info" "Please install the package 'tcpdump-mini' to use the adblock reporting feature!"
+ elif [ ${adb_report} -eq 0 ] && [ "${adb_action}" = "report" ]
+ then
+ f_log "info" "Please enable the extra option 'adb_report' to use the adblock reporting feature!"
fi
- bg_pid="$(pgrep -f "^${adb_reputil}.*adb_report\.pcap$" | awk '{ORS=" "; print $1}')"
- if [ ${adb_report} -eq 0 ] || ([ -n "${bg_pid}" ] && ([ "${adb_action}" = "stop" ] || [ "${adb_action}" = "restart" ]))
+ if [ -x "${adb_reputil}" ]
then
- if [ -n "${bg_pid}" ]
+ bg_pid="$(pgrep -f "^${adb_reputil}.*adb_report\.pcap$" | awk '{ORS=" "; print $1}')"
+ if [ ${adb_report} -eq 0 ] || ([ -n "${bg_pid}" ] && ([ "${adb_action}" = "stop" ] || [ "${adb_action}" = "restart" ]))
then
- kill -HUP ${bg_pid}
- while $(kill -0 ${bg_pid} 2>/dev/null)
- do
- sleep 1
- done
- unset bg_pid
- fi
- fi
- if [ -z "${bg_pid}" ] && [ "${adb_action}" != "report" ] && [ "${adb_action}" != "stop" ]
- then
- for port in ${adb_replisten}
- do
- if [ -z "${ports}" ]
+ if [ -n "${bg_pid}" ]
then
- ports="port ${port}"
- else
- ports="${ports} or port ${port}"
+ kill -HUP ${bg_pid}
+ while $(kill -0 ${bg_pid} 2>/dev/null)
+ do
+ sleep 1
+ done
+ unset bg_pid
fi
- done
- ("${adb_reputil}" -nn -s0 -l -i ${adb_repiface} ${ports} -C${adb_repchunksize} -W${adb_repchunkcnt} -w "${adb_repdir}/adb_report.pcap" >/dev/null 2>&1 &)
+ fi
fi
- if [ "${adb_action}" = "report" ]
- then
- > "${adb_repdir}/adb_report.raw"
- for file in "${adb_repdir}"/adb_report.pcap*
- do
- (
- "${adb_reputil}" -nn -tttt -r $file 2>/dev/null | \
- awk -v cnt=${cnt} '!/\.lan\. /&&/ A[\? ]+|NXDomain/{a=$1;b=substr($2,0,8);c=$4;sub(/\.[0-9]+$/,"",c); \
- d=cnt $7;e=$(NF-1);sub(/[0-9]\/[0-9]\/[0-9]/,"NX",e);sub(/\.$/,"",e);sub(/([0-9]{1,3}\.){3}[0-9]{1,3}/,"OK",e);printf("%s\t%s\t%s\t%s\t%s\n", a,b,c,d,e)}' >> "${adb_repdir}/adb_report.raw"
- )&
- hold=$(( cnt % adb_maxqueue ))
- if [ ${hold} -eq 0 ]
- then
- wait
- fi
- cnt=$(( cnt + 1 ))
- done
- wait
- if [ -s "${adb_repdir}/adb_report.raw" ]
+ if [ -x "${adb_reputil}" ] && [ ${adb_report} -eq 1 ]
+ then
+ if [ -z "${bg_pid}" ] && [ "${adb_action}" != "report" ] && [ "${adb_action}" != "stop" ]
then
- awk '{printf("%s\t%s\t%s\t%s\t%s\t%s\n", $4,$5,$1,$2,$3,$4)}' "${adb_repdir}/adb_report.raw" | \
- sort -ur | uniq -uf2 | awk '{currA=($6+0);currB=$6;currC=substr($6,length($6),1); \
- if(reqA==currB){reqA=0;printf("%s\t%s\n",d,$2)}else if(currC=="+"){reqA=currA;d=$3"\t"$4"\t"$5"\t"$2}}' | sort -ur > "${adb_repdir}/adb_report"
+ for port in ${adb_replisten}
+ do
+ if [ -z "${ports}" ]
+ then
+ ports="port ${port}"
+ else
+ ports="${ports} or port ${port}"
+ fi
+ done
+ ("${adb_reputil}" -nn -s0 -l -i ${adb_repiface} ${ports} -C${adb_repchunksize} -W${adb_repchunkcnt} -w "${adb_repdir}/adb_report.pcap" >/dev/null 2>&1 &)
+ bg_pid="$(pgrep -f "^${adb_reputil}.*adb_report\.pcap$" | awk '{ORS=" "; print $1}')"
fi
- if [ -s "${adb_repdir}/adb_report" ]
+ if [ "${adb_action}" = "report" ] && [ "${filter}" = "false" ]
then
- total="$(wc -l < ${adb_repdir}/adb_report)"
- blocked="$(awk '{if($5=="NX")print $4}' ${adb_repdir}/adb_report | wc -l)"
- percent="$(awk -v t=${total} -v b=${blocked} 'BEGIN{printf("%.2f %s\n",b/t*100, "%")}')"
- rep_clients="$(awk '{print $3}' ${adb_repdir}/adb_report | sort | uniq -c | sort -r | awk '{ORS=" ";if(NR<=10) printf("%s_%s ",$1,$2)}')"
- rep_domains="$(awk '{if($5!="NX")print $4}' ${adb_repdir}/adb_report | sort | uniq -c | sort -r | awk '{ORS=" ";if(NR<=10)printf("%s_%s ",$1,$2)}')"
- rep_blocked="$(awk '{if($5=="NX")print $4}' ${adb_repdir}/adb_report | sort | uniq -c | sort -r | awk '{ORS=" ";if(NR<=10)printf("%s_%s ",$1,$2)}')"
- rep_latest="$(awk 'BEGIN{printf(" + %-15s%-15s%-45s%-50s%s\n","Date","Time","Client","Domain","Answer")}FNR<=50{printf(" + %-15s%-15s%-45s%-50s%s\n",$1,$2,$3,$4,$5)}' ${adb_repdir}/adb_report)"
-
- > "${adb_repdir}/adb_report.json"
- json_load_file "${adb_repdir}/adb_report.json" >/dev/null 2>&1
- json_init
- json_add_object "data"
- json_add_string "start_date" "$(awk 'END{printf("%s",$1)}' ${adb_repdir}/adb_report)"
- json_add_string "start_time" "$(awk 'END{printf("%s",$2)}' ${adb_repdir}/adb_report)"
- json_add_string "end_date" "$(awk 'NR==1{printf("%s",$1)}' ${adb_repdir}/adb_report)"
- json_add_string "end_time" "$(awk 'NR==1{printf("%s",$2)}' ${adb_repdir}/adb_report)"
- json_add_string "total" "${total}"
- json_add_string "blocked" "${blocked}"
- json_add_string "percent" "${percent}"
- json_close_array
- json_add_array "top_clients"
- for client in ${rep_clients}
+ > "${adb_repdir}/adb_report.raw"
+ for file in "${adb_repdir}"/adb_report.pcap*
do
- json_add_object
- json_add_string "count" "${client%_*}"
- json_add_string "address" "${client#*_}"
- json_close_object
- done
- json_close_array
- json_add_array "top_domains"
- for domain in ${rep_domains}
- do
- json_add_object
- json_add_string "count" "${domain%_*}"
- json_add_string "address" "${domain#*_}"
- json_close_object
+ (
+ "${adb_reputil}" -tttt -r $file 2>/dev/null | \
+ awk -v cnt=${cnt} '!/\.lan\. /&&/ A[\? ]+|NXDomain/{a=$1;b=substr($2,0,8);c=$4;sub(/\.[0-9]+$/,"",c); \
+ d=cnt $7;e=$(NF-1);sub(/[0-9]\/[0-9]\/[0-9]/,"NX",e);sub(/\.$/,"",e);sub(/([0-9]{1,3}\.){3}[0-9]{1,3}/,"OK",e);printf("%s\t%s\t%s\t%s\t%s\n", a,b,c,d,e)}' >> "${adb_repdir}/adb_report.raw"
+ )&
+ hold=$(( cnt % adb_maxqueue ))
+ if [ ${hold} -eq 0 ]
+ then
+ wait
+ fi
+ cnt=$(( cnt + 1 ))
done
- json_close_array
- json_add_array "top_blocked"
- for block in ${rep_blocked}
- do
- json_add_object
- json_add_string "count" "${block%_*}"
- json_add_string "address" "${block#*_}"
+ wait
+
+ if [ -s "${adb_repdir}/adb_report.raw" ]
+ then
+ awk '{printf("%s\t%s\t%s\t%s\t%s\t%s\n", $4,$5,$1,$2,$3,$4)}' "${adb_repdir}/adb_report.raw" | \
+ sort -ur | uniq -uf2 | awk '{currA=($6+0);currB=$6;currC=substr($6,length($6),1); \
+ if(reqA==currB){reqA=0;printf("%s\t%s\n",d,$2)}else if(currC=="+"){reqA=currA;d=$3"\t"$4"\t"$5"\t"$2}}' | sort -ur > "${adb_repdir}/adb_report"
+ fi
+
+ if [ -s "${adb_repdir}/adb_report" ]
+ then
+ total="$(wc -l < ${adb_repdir}/adb_report)"
+ blocked="$(awk '{if($5=="NX")print $4}' ${adb_repdir}/adb_report | wc -l)"
+ percent="$(awk -v t=${total} -v b=${blocked} 'BEGIN{printf("%.2f %s\n",b/t*100, "%")}')"
+ rep_clients="$(awk '{print $3}' ${adb_repdir}/adb_report | sort | uniq -c | sort -r | awk '{ORS=" ";if(NR<=10) printf("%s_%s ",$1,$2)}')"
+ rep_domains="$(awk '{if($5!="NX")print $4}' ${adb_repdir}/adb_report | sort | uniq -c | sort -r | awk '{ORS=" ";if(NR<=10)printf("%s_%s ",$1,$2)}')"
+ rep_blocked="$(awk '{if($5=="NX")print $4}' ${adb_repdir}/adb_report | sort | uniq -c | sort -r | awk '{ORS=" ";if(NR<=10)printf("%s_%s ",$1,$2)}')"
+
+ > "${adb_repdir}/adb_report.json"
+ json_load_file "${adb_repdir}/adb_report.json" >/dev/null 2>&1
+ json_init
+ json_add_object "data"
+ json_add_string "start_date" "$(awk 'END{printf("%s",$1)}' ${adb_repdir}/adb_report)"
+ json_add_string "start_time" "$(awk 'END{printf("%s",$2)}' ${adb_repdir}/adb_report)"
+ json_add_string "end_date" "$(awk 'NR==1{printf("%s",$1)}' ${adb_repdir}/adb_report)"
+ json_add_string "end_time" "$(awk 'NR==1{printf("%s",$2)}' ${adb_repdir}/adb_report)"
+ json_add_string "total" "${total}"
+ json_add_string "blocked" "${blocked}"
+ json_add_string "percent" "${percent}"
+ json_close_array
+ json_add_array "top_clients"
+ for client in ${rep_clients}
+ do
+ json_add_object
+ json_add_string "count" "${client%_*}"
+ json_add_string "address" "${client#*_}"
+ json_close_object
+ done
+ json_close_array
+ json_add_array "top_domains"
+ for domain in ${rep_domains}
+ do
+ json_add_object
+ json_add_string "count" "${domain%_*}"
+ json_add_string "address" "${domain#*_}"
+ json_close_object
+ done
+ json_close_array
+ json_add_array "top_blocked"
+ for block in ${rep_blocked}
+ do
+ json_add_object
+ json_add_string "count" "${block%_*}"
+ json_add_string "address" "${block#*_}"
+ json_close_object
+ done
json_close_object
- done
- json_close_object
- json_dump > "${adb_repdir}/adb_report.json"
+ json_dump > "${adb_repdir}/adb_report.json"
+ fi
+ rm -f "${adb_repdir}/adb_report.raw"
+ fi
+
+ if [ -s "${adb_repdir}/adb_report" ]
+ then
+ search="${search//./\\.}"
+ search="${search//[+*~%\$&\"\' ]/}"
+ > "${adb_repdir}/adb_report.final"
+ awk "BEGIN{i=0}/(${search})/{i++;if(i<=${count}){printf \"%s\t%s\t%s\t%s\t%s\n\",\$1,\$2,\$3,\$4,\$5}}" "${adb_repdir}/adb_report" > "${adb_repdir}/adb_report.final"
+ if [ ! -s "${adb_repdir}/adb_report.final" ]
+ then
+ printf "%s\t%s\t%s\t%s\t%s\n" "-" "-" "-" "-" "-" > "${adb_repdir}/adb_report.final"
+ fi
fi
- rm -f "${adb_repdir}/adb_report.raw"
if [ "${print}" = "true" ]
then
index=$((index + 1))
done
fi
- printf "%s\n%s\n%s\n" ":::" "::: Latest DNS Queries" ":::"
- printf "%s\n" "${rep_latest}"
+ if [ -s "${adb_repdir}/adb_report.final" ]
+ then
+ printf "%s\n%s\n%s\n" ":::" "::: Latest DNS Queries" ":::"
+ printf "%-15s%-15s%-45s%-50s%s\n" "Date" "Time" "Client" "Domain" "Answer"
+ awk '{printf "%-15s%-15s%-45s%-50s%s\n",$1,$2,$3,$4,$5}' "${adb_repdir}/adb_report.final"
+ fi
else
printf "%s\n%s\n%s\n" ":::" "::: no reporting data available yet" ":::"
fi
fi
fi
- f_log "debug" "f_report ::: action: ${adb_action}, report: ${adb_report}, print: ${print}, reputil: ${adb_reputil}, repdir: ${adb_repdir}, repiface: ${adb_repiface}, replisten: ${adb_replisten}, repchunksize: ${adb_repchunksize}, repchunkcnt: ${adb_repchunkcnt}, bg_pid: ${bg_pid}"
+ f_log "debug" "f_report ::: action: ${adb_action}, report: ${adb_report}, search: ${1}, count: ${2}, filter: ${3}, print: ${4}, reputil: ${adb_reputil}, repdir: ${adb_repdir}, repiface: ${adb_repiface}, replisten: ${adb_replisten}, repchunksize: ${adb_repchunksize}, repchunkcnt: ${adb_repchunkcnt}, bg_pid: ${bg_pid}"
}
# source required system libraries
f_envload
case "${adb_action}" in
stop)
- f_report false
+ f_report "+" "50" "false" "false"
f_rmdns
;;
restart)
- f_report false
+ f_report "+" "50" "false" "false"
f_rmdns
f_envcheck
f_main
f_switch resume
;;
report)
- f_report "${2}"
+ f_report "${2}" "${3}" "${4}" "${5}"
;;
query)
f_query "${2}"
;;
start|reload)
- f_report false
+ f_report "+" "50" "false" "false"
f_envcheck
f_main
;;
include $(TOPDIR)/rules.mk
PKG_NAME:=aircrack-ng
-PKG_VERSION:=1.4
+PKG_VERSION:=1.5.2
PKG_RELEASE:=1
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/aircrack-ng/aircrack-ng/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=425122525e9c7dd8834d75b6716516f2b673342b7e04fa247ec277a8c8433b47
+PKG_HASH:=7e03f9828495a3a1a781ad79e41805971bf7347c092df852820232bca866a19b
PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
define Package/aircrack-ng
SECTION:=net
CATEGORY:=Network
- DEPENDS:=+AIRCRACK_NG_HWLOC:libhwloc +libpcap +libpcre +libpthread
+ DEPENDS:=+AIRCRACK_NG_HWLOC:libhwloc +libpcap +libpcre +libpthread +libstdcpp
DEPENDS += +AIRCRACK_NG_OPENSSL:libopenssl
DEPENDS += +AIRCRACK_NG_GCRYPT:libgcrypt
DEPENDS += +AIRCRACK_NG_SQLITE3:libsqlite3
endif
TARGET_LDFLAGS+= \
- -static-libstdc++ \
-Wl,--gc-sections
define Package/aircrack-ng/install
PKG_NAME:=aria2
PKG_VERSION:=1.34.0
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/aria2/aria2/releases/download/release-$(PKG_VERSION)/
#endif // ENABLE_NLS
#ifdef HAVE_OPENSSL
-+#if !OPENSSL_101_API
++#if OPENSSL_101_API
// for SSL initialization
SSL_load_error_strings();
SSL_library_init();
// Need this to "decrypt" p12 files.
OpenSSL_add_all_algorithms();
-+#endif // !OPENSSL_101_API
++#endif // OPENSSL_101_API
#endif // HAVE_OPENSSL
#ifdef HAVE_LIBGCRYPT
if (!gcry_check_version("1.2.4")) {
--- /dev/null
+#
+# Copyright (C) 2009-2011 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=conntrack-tools
+PKG_RELEASE:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://git.netfilter.org/conntrack-tools
+PKG_SOURCE_DATE:=2018-05-01
+PKG_SOURCE_VERSION:=88610abee7e58f4da7ec6f198e00ff70a92c870f
+PKG_MIRROR_HASH:=cccc5e25e3cb159385b170f63f9b7fd2186f68d32239718080f605c060ea1cb8
+
+PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
+PKG_LICENSE:=GPL-2.0
+PKG_CPE_ID:=cpe:/a:conntrack-tools_project:conntrack-tools
+
+PKG_FIXUP:=autoreconf
+PKG_INSTALL:=1
+
+PKG_BUILD_DEPENDS:=libtirpc
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/conntrack-tools/default
+ SECTION:=net
+ CATEGORY:=Network
+ DEPENDS:=+libnetfilter-conntrack +libnetfilter-cttimeout +libnetfilter-cthelper +libnetfilter-queue
+ SUBMENU:=Firewall
+ URL:=http://conntrack-tools.netfilter.org/
+endef
+
+define Package/conntrack
+$(call Package/conntrack-tools/default)
+ TITLE:=Connection tracking tool
+endef
+
+define Package/conntrack/description
+ Conntrack is a userspace command line program targeted at system
+ administrators. It enables them to view and manage the in-kernel
+ connection tracking state table.
+endef
+
+CONFIGURE_ARGS += \
+ --with-libtirpc
+
+define Package/conntrack/install
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/conntrack $(1)/usr/sbin/
+endef
+
+define Package/conntrackd
+$(call Package/conntrack-tools/default)
+ TITLE:=Connection tracking daemon
+endef
+
+define Package/conntrackd/conffiles
+/etc/conntrackd/
+endef
+
+define Package/conntrackd/description
+ Conntrackd can replicate the status of the connections that are
+ currently being processed by your stateful firewall based on Linux.
+ Conntrackd can also run as statistics daemon.
+endef
+
+define Package/conntrackd/install
+ $(INSTALL_DIR) \
+ $(1)/etc/conntrackd \
+ $(1)/etc/init.d \
+ $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/conntrackd $(1)/usr/sbin/
+ $(INSTALL_BIN) ./files/conntrackd.init $(1)/etc/init.d/conntrackd
+endef
+
+$(eval $(call BuildPackage,conntrack))
+$(eval $(call BuildPackage,conntrackd))
--- /dev/null
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2015 OpenWrt.org
+
+START=21
+STOP=89
+
+USE_PROCD=1
+PROG="/usr/sbin/conntrackd"
+
+start_service() {
+ [ -e /etc/conntrackd/conntrackd.conf ] || return
+ procd_open_instance
+
+ procd_set_param command $PROG -C /etc/conntrackd/conntrackd.conf
+ procd_set_param respawn
+
+ procd_close_instance
+}
--- /dev/null
+--- a/configure.ac
++++ b/configure.ac
+@@ -50,6 +50,25 @@
+ AS_HELP_STRING([--enable-systemd], [Build systemd support]),
+ [enable_systemd="$enableval"], [enable_systemd="no"])
+
++AC_ARG_WITH([libtirpc],
++ AS_HELP_STRING([--with-libtirpc], [Use libtirpc as RPC implementation (instead of sunrpc)]),
++ [], [ with_libtirpc=no ])
++
++AS_IF([test "x$with_libtirpc" != xno],
++ [PKG_CHECK_MODULES([TIRPC],
++ [libtirpc],
++ [RPC_CFLAGS=$TIRPC_CFLAGS; RPC_LIBS=$TIRPC_LIBS;],
++ [AC_MSG_ERROR([libtirpc requested, but library not found.])]
++ )],
++ [AC_CHECK_HEADER(rpc/rpc.h,
++ [RPC_CFLAGS=""; RPC_LIBS="";],
++ [AC_MSG_ERROR([sunrpc requested, but headers are not present.])]
++ )]
++)
++
++AC_SUBST(RPC_CFLAGS)
++AC_SUBST(RPC_LIBS)
++
+ PKG_CHECK_MODULES([LIBNFNETLINK], [libnfnetlink >= 1.0.1])
+ PKG_CHECK_MODULES([LIBMNL], [libmnl >= 1.0.3])
+ PKG_CHECK_MODULES([LIBNETFILTER_CONNTRACK], [libnetfilter_conntrack >= 1.0.7])
+--- a/src/helpers/Makefile.am
++++ b/src/helpers/Makefile.am
+@@ -30,8 +30,8 @@
+ ct_helper_mdns_la_CFLAGS = $(HELPER_CFLAGS)
+
+ ct_helper_rpc_la_SOURCES = rpc.c
+-ct_helper_rpc_la_LDFLAGS = $(HELPER_LDFLAGS)
+-ct_helper_rpc_la_CFLAGS = $(HELPER_CFLAGS)
++ct_helper_rpc_la_LDFLAGS = $(HELPER_LDFLAGS) $(RPC_LIBS)
++ct_helper_rpc_la_CFLAGS = $(HELPER_CFLAGS) $(RPC_CFLAGS)
+
+ ct_helper_tftp_la_SOURCES = tftp.c
+ ct_helper_tftp_la_LDFLAGS = $(HELPER_LDFLAGS)
PKG_MAINTAINER:=Mislav Novakovic <mislav.novakovic@sartura.hr>
PKG_NAME:=go-ethereum
-PKG_VERSION:=1.8.20
+PKG_VERSION:=1.8.21
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/ethereum/go-ethereum/tar.gz/v${PKG_VERSION}?
-PKG_HASH:=7299f72a1d35a2653075a2070babf78f98f6eb3f41da43293304737ac0156658
+PKG_HASH:=736028b4babd44d67a70a4a7883a06e97263449805c8c067b7dfd77e9fa94299
PKG_BUILD_DEPENDS:=golang/host
PKG_BUILD_PARALLEL:=1
include $(TOPDIR)/rules.mk
PKG_NAME:=gitolite
-PKG_VERSION:=3.6.10
+PKG_VERSION:=3.6.11
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=0ae3bea637b25cff13826e5ecd181c7b74a6eff377cf4c2243d85c2b0a290d3f
+PKG_HASH:=2166a61b14de19e605b14f4a13a070fbfd5ecd247b6fd725108f111198a2c121
PKG_SOURCE_URL:=https://codeload.github.com/sitaramc/gitolite/tar.gz/v$(PKG_VERSION)?
include $(INCLUDE_DIR)/package.mk
include $(TOPDIR)/rules.mk
PKG_NAME:=keepalived
-PKG_VERSION:=2.0.7
-PKG_RELEASE:=3
+PKG_VERSION:=2.0.10
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.keepalived.org/software
-PKG_HASH:=bce45d6d5cf3620bfd88472ec839a75b5a14a54fda12d09e890670244873b8ab
+PKG_HASH:=40e0e55afed9ca313d621a9c5878579696fafb5504dab521aadaf20ba6e7f597
+PKG_CPE_ID:=cpe:/a:keepalived:keepalived
PKG_LICENSE:=GPL-2.0+
PKG_LICENSE_FILES:=COPYING
PKG_MAINTAINER:=Ben Kelly <ben@benjii.net> \
--disable-libnl \
--enable-sha1 \
--disable-snmp \
- --with-kernel-dir="$(LINUX_DIR)/$(LINUX_UAPI_DIR)"
+ --with-kernel-dir="$(LINUX_DIR)/$(LINUX_UAPI_DIR)" \
+ --with-init=SYSV
MAKE_FLAGS += \
STRIP="/bin/true" \
+++ /dev/null
-From 6c7a281473083f7ac47b426b2127a8c8e76caca5 Mon Sep 17 00:00:00 2001
-From: Quentin Armitage <quentin@armitage.org.uk>
-Date: Sat, 25 Aug 2018 11:36:11 +0100
-Subject: [PATCH] Include stdbool.h in process.c
-
-Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
----
- keepalived/core/process.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/keepalived/core/process.c b/keepalived/core/process.c
-index f11c32a3..22bcf254 100644
---- a/keepalived/core/process.c
-+++ b/keepalived/core/process.c
-@@ -30,6 +30,7 @@
- #ifdef _HAVE_SCHED_RT_
- #include <sched.h>
- #endif
-+#include <stdbool.h>
-
- #include "process.h"
- #include "logger.h"
---
-2.11.0
-
#
-# Copyright (C) 2014-2018 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+# Copyright (C) 2014-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=knot
-PKG_VERSION:=2.7.4
+PKG_VERSION:=2.7.6
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://secure.nic.cz/files/knot-dns/
-PKG_HASH:=acebe2fbcd8f67b0cb8969376114855316fe831df08321b795147502a5e9fd74
+PKG_HASH:=a1cb1877f04f7c2549c977c2658cfafd07c7e0e924f8e8aa8d4ae4b707f697a2
PKG_MAINTAINER:=Daniel Salzman <daniel.salzman@nic.cz>
PKG_LICENSE:=GPL-3.0 LGPL-2.0 0BSD BSD-3-Clause OLDAP-2.8
include $(TOPDIR)/rules.mk
PKG_NAME:=knxd
-PKG_VERSION:=0.14.25
+PKG_VERSION:=0.14.29
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://codeload.github.com/knxd/knxd/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=c9b7d97328da1682bcae1330163e56e1ea2fba0b85de769feb6f5b7aff925a83
+PKG_SOURCE_URL:=https://codeload.github.com/knxd/knxd/tar.gz/$(PKG_VERSION)?
+PKG_HASH:=4513328dd5ecfc17955e6884e938d652dbd33b82797893ae9ad768a247a0f63e
PKG_MAINTAINER:=Othmar Truniger <github@truniger.ch>
include $(TOPDIR)/rules.mk
PKG_NAME:=kplex
-PKG_VERSION:=1.3.4
+PKG_VERSION:=1.4
PKG_RELEASE=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tgz
PKG_SOURCE_URL:=http://www.stripydog.com/download
-PKG_HASH:=b507d85d5f1def40303326459268a6262d37ea5f13fb73b37b72854e53594dcc
+PKG_HASH:=8c2f1ccba4a22cb3b683b73b9dab6ce317e7d858764f1c2c695970f94c726fc1
PKG_LICENSE:=GPL-3.0+
PKG_LICENSE_FILES:=COPYING
PKG_NAME:=mtr
PKG_VERSION:=0.92
-PKG_RELEASE:=4
+PKG_RELEASE:=5
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.bitwizard.nl/mtr/files
include $(INCLUDE_DIR)/package.mk
+# Creation of .tarball-version is an attempt to make it explicit to configure
+# script the program version. See discussions at link [1] for more details
+#
+# [1] mtr: add autoreconf, https://github.com/openwrt/packages/pull/6962#issuecomment-419156300
+#
+define Build/Prepare
+ $(call Build/Prepare/Default)
+ echo "$(PKG_VERSION)" >$(PKG_BUILD_DIR)/.tarball-version
+endef
+
define Package/mtr
SECTION:=net
CATEGORY:=Network
include $(TOPDIR)/rules.mk
PKG_NAME:=mwan3
-PKG_VERSION:=2.7.8
+PKG_VERSION:=2.7.10
PKG_RELEASE:=1
PKG_MAINTAINER:=Florian Eckert <fe@dev.tdt.de>
PKG_LICENSE:=GPLv2
config_get_bool enabled globals 'enabled' '0'
[ ${enabled} -gt 0 ] || exit 0
-mwan3_lock
+mwan3_lock "$ACTION" "$INTERFACE"
mwan3_init
mwan3_set_connected_iptables
mwan3_set_custom_ipset
-mwan3_unlock
+mwan3_unlock "$ACTION" "$INTERFACE"
config_get enabled $INTERFACE enabled 0
config_get initial_state $INTERFACE initial_state "online"
running=1
fi
-mwan3_lock
+mwan3_lock "$ACTION" "$INTERFACE"
$LOG notice "Execute "$ACTION" event on interface $INTERFACE (${DEVICE:-unknown})"
case "$ACTION" in
$LOG notice "Starting tracker on interface $INTERFACE (${DEVICE:-unknown})"
mwan3_set_iface_hotplug_state $INTERFACE "online"
mwan3_track $INTERFACE $DEVICE "online" "$src_ip"
- mwan3_set_policies_iptables
- mwan3_set_user_rules
- mwan3_flush_conntrack $INTERFACE $DEVICE "ifup"
else
$LOG notice "Starting tracker on interface $INTERFACE (${DEVICE:-unknown})"
mwan3_set_iface_hotplug_state $INTERFACE "offline"
- mwan3_track $INTERFACE $DEVICE "unknown" "$src_ip"
+ mwan3_track $INTERFACE $DEVICE "offline" "$src_ip"
fi
+ mwan3_set_policies_iptables
+ mwan3_set_user_rules
+ mwan3_flush_conntrack $INTERFACE $DEVICE "ifup"
;;
ifdown)
mwan3_set_iface_hotplug_state $INTERFACE "offline"
;;
esac
-mwan3_unlock
+mwan3_unlock "$ACTION" "$INTERFACE"
exit 0
[ ${enabled} -gt 0 ] || exit 0
if [ "$ACTION" == "ifup" ]; then
- mwan3_lock
+ mwan3_lock "$ACTION" "mwan3rtmon"
mwan3_rtmon
- mwan3_unlock
+ mwan3_unlock "$ACTION" "mwan3rtmon"
fi
exit 0
mwan3_lock() {
lock /var/run/mwan3.lock
+# $LOG debug "$1 $2 (lock)"
}
mwan3_unlock() {
+# $LOG debug "$1 $2 (unlock)"
lock -u /var/run/mwan3.lock
}
mwan3_set_user_iptables_rule()
{
- local ipset family proto policy src_ip src_port sticky dest_ip dest_port use_policy timeout rule policy IPT
+ local ipset family proto policy src_ip src_port sticky dest_ip
+ local dest_port use_policy timeout rule policy IPT
+ local global_logging rule_logging loglevel
rule="$1"
config_get use_policy $1 use_policy
config_get family $1 family any
+ config_get rule_logging $1 logging 0
+ config_get global_logging globals logging 0
+ config_get loglevel globals loglevel notice
+
if [ "$1" != $(echo "$1" | cut -c1-15) ]; then
$LOG warn "Rule $1 exceeds max of 15 chars. Not setting rule" && return 0
fi
for IPT in "$IPT4" "$IPT6"; do
case $proto in
tcp|udp)
+ [ "$global_logging" = "1" ] && [ "$rule_logging" = "1" ] && {
+ $IPT -A mwan3_rules \
+ -p $proto \
+ -s $src_ip \
+ -d $dest_ip $ipset \
+ -m multiport --sports $src_port \
+ -m multiport --dports $dest_port \
+ -m mark --mark 0/$MMX_MASK \
+ -m comment --comment "$1" \
+ -j LOG --log-level "$loglevel" --log-prefix "MWAN3($1)" &> /dev/null
+ }
$IPT -A mwan3_rules \
-p $proto \
-s $src_ip \
-j $policy &> /dev/null
;;
*)
+ [ "$global_logging" = "1" ] && [ "$rule_logging" = "1" ] && {
+ $IPT -A mwan3_rules \
+ -p $proto \
+ -s $src_ip \
+ -d $dest_ip $ipset \
+ -m mark --mark 0/$MMX_MASK \
+ -m comment --comment "$1" \
+ -j LOG --log-level "$loglevel" --log-prefix "MWAN3($1)" &> /dev/null
+ }
$IPT -A mwan3_rules \
-p $proto \
-s $src_ip \
case $proto in
tcp|udp)
+ [ "$global_logging" = "1" ] && [ "$rule_logging" = "1" ] && {
+ $IPT -A mwan3_rules \
+ -p $proto \
+ -s $src_ip \
+ -d $dest_ip $ipset \
+ -m multiport --sports $src_port \
+ -m multiport --dports $dest_port \
+ -m mark --mark 0/$MMX_MASK \
+ -m comment --comment "$1" \
+ -j LOG --log-level "$loglevel" --log-prefix "MWAN3($1)" &> /dev/null
+ }
$IPT4 -A mwan3_rules \
-p $proto \
-s $src_ip \
-j $policy &> /dev/null
;;
*)
+ [ "$global_logging" = "1" ] && [ "$rule_logging" = "1" ] && {
+ $IPT4 -A mwan3_rules \
+ -p $proto \
+ -s $src_ip \
+ -d $dest_ip $ipset \
+ -m mark --mark 0/$MMX_MASK \
+ -m comment --comment "$1" \
+ -j LOG --log-level "$loglevel" --log-prefix "MWAN3($1)" &> /dev/null
+ }
$IPT4 -A mwan3_rules \
-p $proto \
-s $src_ip \
case $proto in
tcp|udp)
+ [ "$global_logging" = "1" ] && [ "$rule_logging" = "1" ] && {
+ $IPT6 -A mwan3_rules \
+ -p $proto \
+ -s $src_ip \
+ -d $dest_ip $ipset \
+ -m multiport --sports $src_port \
+ -m multiport --dports $dest_port \
+ -m mark --mark 0/$MMX_MASK \
+ -m comment --comment "$1" \
+ -j LOG --log-level "$loglevel" --log-prefix "MWAN3($1)" &> /dev/null
+ }
$IPT6 -A mwan3_rules \
-p $proto \
-s $src_ip \
-j $policy &> /dev/null
;;
*)
+ [ "$global_logging" = "1" ] && [ "$rule_logging" = "1" ] && {
+ $IPT6 -A mwan3_rules \
+ -p $proto \
+ -s $src_ip \
+ -d $dest_ip $ipset \
+ -m mark --mark 0/$MMX_MASK \
+ -m comment --comment "$1" \
+ -j LOG --log-level "$loglevel" --log-prefix "MWAN3($1)" &> /dev/null
+ }
$IPT6 -A mwan3_rules \
-p $proto \
-s $src_ip \
mwan3_get_iface_hotplug_state() {
local iface=$1
- cat $MWAN3_STATUS_DIR/iface_state/$iface 2>/dev/null || echo "unknown"
+ cat $MWAN3_STATUS_DIR/iface_state/$iface 2>/dev/null || echo "offline"
}
mwan3_report_iface_status()
fi
if [ -z "$id" -o -z "$device" ]; then
- result="unknown"
+ result="offline"
elif [ -n "$($IP rule | awk '$1 == "'$(($id+1000)):'"')" ] && \
[ -n "$($IP rule | awk '$1 == "'$(($id+2000)):'"')" ] && \
[ -n "$($IPT -S mwan3_iface_in_$1 2> /dev/null)" ] && \
{
local ipset route rule table IP IPT pid
+ mwan3_lock "command" "mwan3"
+
for pid in $(pgrep -f "mwan3rtmon"); do
kill -TERM "$pid" > /dev/null 2>&1
sleep 1
$IPS -q destroy $ipset
done
+ mwan3_unlock "command" "mwan3"
+
mwan3_lock_clean
rm -rf $MWAN3_STATUS_DIR $MWAN3TRACK_STATUS_DIR
config_get rtmon_interval globals rtmon_interval '5'
sleep 3
- while mwan3_rtmon_ipv4 || mwan3_rtmon_ipv6; do
+ while true; do
+ mwan3_lock "service" "mwan3rtmon"
+ [ mwan3_remon_ipv4 = "1" ] || \
+ [ mwan3_rtmon_ipv6 = "1" ] && break
+ mwan3_unlock "service" "mwan3rtmon"
[ "$rtmon_interval" = "0" ] && break
- sleep $rtmon_interval
+ sleep "$rtmon_interval" &
+ wait
done
+ mwan3_unlock "service" "mwan3rtmon"
}
main "$@"
local loss=0
local latency=0
- if [ "$STATUS" = "unknown" ]; then
- echo "unknown" > /var/run/mwan3track/$1/STATUS
+ if [ "$STATUS" = "offline" ]; then
+ echo "offline" > /var/run/mwan3track/$1/STATUS
echo "0" > /var/run/mwan3track/$1/UPTIME
echo "$(get_uptime)" > /var/run/mwan3track/$1/DOWNTIME
score=0
--- /dev/null
+#
+# Copyright (C) 2016-2019 eGloo, Incorporated
+#
+# This is free software, licensed under the GNU General Public License v2.
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=netifyd
+PKG_RELEASE:=1
+PKG_MAINTAINER:=Darryl Sokoloski <darryl@egloo.ca>
+PKG_LICENSE:=GPL-3.0+
+
+PKG_BUILD_PARALLEL:=1
+PKG_FIXUP:=autoreconf
+PKG_INSTALL:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://gitlab.com/netify.ai/public/netify-agent.git
+PKG_SOURCE_DATE:=2019-01-03
+PKG_SOURCE_VERSION:=v2.87
+#PKG_SOURCE_VERSION:=e846598bbe26eb6d631f1eda922c7141245f48e3
+PKG_MIRROR_HASH:=05af5b4e48ccfccf60cfb3c0b08c8bb3987d8957f17723520da4488798a7b68d
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/netifyd
+ SECTION:=net
+ CATEGORY:=Network
+ TITLE:=Netify Agent
+ URL:=http://www.netify.ai/
+ DEPENDS:=+libcurl +libmnl +libnetfilter-conntrack +libjson-c +libpcap +zlib +libpthread
+ # Explicitly depend on libstdcpp rather than $(CXX_DEPENDS). At the moment
+ # std::unordered_map is only available via libstdcpp which is required for
+ # performance reasons.
+ DEPENDS+=+libstdcpp
+endef
+
+define Package/netifyd/description
+The Netify Agent is a deep-packet inspection server which detects network
+protocols and applications. These detections can be saved locally, served over
+a UNIX or TCP socket, and/or "pushed" (via HTTP POSTs) to a remote third-party
+server. Flow metadata, network statistics, and detection classifications are
+JSON encoded for easy consumption by third-party applications.
+endef
+
+define Package/netifyd/conffiles
+/etc/netifyd.conf
+endef
+
+TARGET_CFLAGS+=-ffunction-sections -fdata-sections
+TARGET_CXXFLAGS+=-ffunction-sections -fdata-sections
+TARGET_LDFLAGS+=-Wl,--gc-sections
+
+CONFIGURE_ARGS+= \
+ --sharedstatedir=/var/run \
+ --enable-lean-and-mean \
+ --disable-ncurses \
+ --disable-libtcmalloc \
+ --without-systemdsystemunitdir \
+ --without-tmpfilesdir
+
+# Disable configuration file-watch support (deprecated feature).
+# Not to be confused with kernel/system-level inotify support.
+CONFIGURE_ARGS+= \
+ --disable-inotify
+
+ifneq ($(CONFIG_LIBCURL_ZLIB),y)
+CONFIGURE_ARGS+= \
+ --without-libcurl-zlib
+endif
+
+define Build/Configure
+ (cd $(PKG_BUILD_DIR); ./autogen.sh)
+ $(call Build/Configure/Default,$(CONFIGURE_ARGS))
+endef
+
+define Build/InstallDev
+ $(INSTALL_DIR) $(1)/usr/include/netifyd
+ $(CP) $(PKG_INSTALL_DIR)/usr/include/netifyd/*.h $(1)/usr/include/netifyd
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnetifyd.{a,so*} $(1)/usr/lib/
+ $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libnetifyd.pc $(1)/usr/lib/pkgconfig/
+endef
+
+define Package/netifyd/install
+ $(INSTALL_DIR) $(1)/etc
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/deploy/netifyd.conf $(1)/etc
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/netifyd.init $(1)/etc/init.d/netifyd
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/netifyd $(1)/usr/sbin
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnetifyd.so.* $(1)/usr/lib/
+ $(INSTALL_DIR) $(1)/etc/netify.d
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/deploy/netify-sink.conf $(1)/etc/netify.d/netify-sink.conf
+ $(INSTALL_DIR) $(1)/usr/share/netifyd
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/deploy/functions.sh $(1)/usr/share/netifyd
+endef
+
+$(eval $(call BuildPackage,netifyd))
--- /dev/null
+Netify Agent
+============
+Copyright ©2015-2018 eGloo Incorporated ([www.egloo.ca](https://www.egloo.ca))
+
+Deep-Packet Inspection Server
+-----------------------------
+
+The [Netify Agent](https://www.netify.ai/) is a deep-packet inspection server. The Agent is built on top of [nDPI](http://www.ntop.org/products/deep-packet-inspection/ndpi/) (formerly OpenDPI) to detect network protocols and applications. These detections can be saved locally, served over a UNIX or TCP socket, and/or "pushed" (via HTTP POSTs) to a remote third-party server. Flow metadata, network statistics, and detection classifications are stored using JSON encoding.
+
+Optionally, the Netify Agent can be coupled with a [Netify Cloud](https://www.netify.ai/) subscription for further cloud processing, historical storage, machine-learning analysis, event notifications, device detection/identification, along with the option (on supported platforms) to take an active role in policing/bandwidth-shaping specific network protocols and applications.
+
+Runtime Requirements
+--------------------
+
+Ensure that the nfnetlink and nf_conntrack_netlink kernel modules are loaded.
+
+Build Requirements
+------------------
+
+Netify requires the following third-party packages:
+- libcurl
+- libjson-c
+- libmnl
+- libnetfilter-conntrack
+- libpcap
+- zlib
+
+Optional:
+- libtcmalloc (gperftools)
+
+Download Source
+---------------
+
+When cloning the source tree, ensure you use `--recursive` to include all
+sub-modules.
+
+Download Packages
+-----------------
+
+Currently you can download binary packages for the following OS distributions:
+- [ClearOS](https://www.clearos.com/products/purchase/clearos-marketplace-apps#cloud)
+- [CentOS](http://software.opensuse.org/download.html?project=home%3Aegloo&package=netifyd)
+- [Debian](http://software.opensuse.org/download.html?project=home%3Aegloo&package=netifyd)
+- [Fedora](http://software.opensuse.org/download.html?project=home%3Aegloo&package=netifyd)
+- [Ubuntu](http://software.opensuse.org/download.html?project=home%3Aegloo&package=netifyd)
+
+Configuring/Building From Source
+--------------------------------
+
+Read the appropriate documentation in the doc directory, prefixed with: BUILD-*
+
+Generally the process is:
+```
+# ./autogen.sh
+# ./configure
+# make
+```
+
+License
+-------
+```
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+```
+
--- /dev/null
+#!/bin/sh /etc/rc.common
+#
+# Copyright (C) 2016-2019 eGloo, Incorporated
+#
+# This is free software, licensed under the GNU General Public License v2.
+
+START=50
+STOP=50
+
+USE_PROCD=1
+PROG=/usr/sbin/netifyd
+NETIFYD_AUTODETECT=yes
+
+start_service() {
+ mkdir -p /etc/netify.d
+ mkdir -p /var/run/netifyd
+
+ source /usr/share/netifyd/functions.sh
+ NETIFYD_OPTS=$(auto_detect_options)
+
+ load_modules
+
+ procd_open_instance
+ procd_set_param command $PROG -R $NETIFYD_OPTS
+ procd_set_param file /etc/netifyd.conf
+ procd_set_param respawn
+ procd_close_instance
+}
PKG_NAME:=nut
PKG_VERSION:=2.7.4
-PKG_RELEASE:=14
+PKG_RELEASE:=15
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.networkupstools.org/source/2.7/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/share/nut/cmdvartab $(1)/usr/share/nut/
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/nut_server $(1)/etc/config/nut_server
- ln -sf /var/etc/nut/upsd.users $(1)/etc/nut/upsd.users
- ln -sf /var/etc/nut/upsd.conf $(1)/etc/nut/upsd.conf
+ ln -sf ../../var/etc/nut/upsd.users $(1)/etc/nut/upsd.users
+ ln -sf ../../var/etc/nut/upsd.conf $(1)/etc/nut/upsd.conf
# Driver common portion
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/upsdrvctl $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/share/nut/driver.list $(1)/usr/share/nut/
- ln -sf /var/etc/nut/ups.conf $(1)/etc/nut/ups.conf
+ ln -sf ../../var/etc/nut/ups.conf $(1)/etc/nut/ups.conf
# Mangle libhid.usermap into a format (hotplug shell script) useful for OpenWrt
$(INSTALL_DIR) $(1)/etc/hotplug.d/usb
$(INSTALL_DIR) $(1)/etc/hotplug.d/tty
# new version of nut we will need to provide descriptions for any new
# drivers.
define Package/nut-driver-$(2)/description
-
+
endef
define Package/nut-driver-$(2)/install
- $(INSTALL_DIR) $$(1)/lib/nut
+ $(INSTALL_DIR) $$(1)/lib/nut
$(CP) $$(PKG_INSTALL_DIR)/lib/nut/$(2) $$(1)/lib/nut/
$(if $(filter $(2),clone),$(CP) $$(PKG_INSTALL_DIR)/lib/nut/$(2)-outlet $$(1)/lib/nut/)
endef
#!/bin/sh
-. /lib/functions.sh
-
nut_driver_config() {
local cfg="$1"
local nomatch="$2"
config_get vendorid "$cfg" vendorid
config_get productid "$cfg" productid
- [ "$ACTION" = "add" ] &&[ -n "$DEVNAME" ] && {
+ [ "$ACTION" = "add" ] && [ -n "$DEVNAME" ] && {
chmod 0660 /dev/"$DEVNAME"
- chown ${runas:-root}:$(id -gn "${runas:-root}") /dev/"$DEVNAME"
+ chown "${runas:-root}":"$(id -gn "${runas:-root}")" /dev/"$DEVNAME"
}
if [ "$nomatch" = "1" ]; then
[ "$ACTION" = "add" ] && {
/etc/init.d/nut-server start "$cfg"
}
- [ "$ACTION" = "remove" ] && {
- /etc/init.d/nut-server stop "$cfg"
- }
elif [ "$(printf "%04x" 0x"$pvendid")" = "$vendorid" ] && \
[ "$(printf "%04x" 0x"$pprodid")" = "$productid" ]; then
[ "$ACTION" = "add" ] && {
/etc/init.d/nut-server start "$cfg"
- /etc/init.d/nut-server reload upsd
}
[ "$ACTION" = "remove" ] && {
/etc/init.d/nut-server stop "$cfg"
}
perform_libhid_action() {
+ . /lib/functions.sh
+
local vendorid productid runas
local pvendid pprodid found
config_load nut_server
config_foreach nut_driver_config driver 0
[ "$found" != "1" ] && config_foreach nut_driver_config driver 1
+ /etc/init.d/nut-server start upsd
}
[ -n "$PRODUCT" ] && case "$PRODUCT" in
"")
- [ ! -f /var/run/nut/disable-hotplug ] && \
+ [ -f /var/run/nut/disable-hotplug ] || \
/etc/init.d/nut-server enabled && perform_libhid_action
;;
esac
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
-START=60
+START=87
+STOP=23
USE_PROCD=1
DEFAULT=/etc/default/nut
config_get_bool enable "$cfg" enable 0
- [ $enable -eq 1 ] && {
+ if [ "$enable" -eq 1 ]; then
ln -sf /etc/nut/upsset.conf.enable "$UPSCGI_S"
- } || {
+ else
ln -sf /etc/nut/upsset.conf.disable "$UPSCGI_S"
- }
+ fi
}
nut_upscgi_add() {
#!/bin/sh /etc/rc.common
-START=51
+START=82
+STOP=28
USE_PROCD=1
UPSMON_C=/var/etc/nut/upsmon.conf
config_get RUNAS "$cfg" runas "nutmon"
[ -n "$RUNAS" ] && echo "RUN_AS_USER $RUNAS" >> "$UPSMON_C"
- runas=$RUNAS
+ runas="$RUNAS"
config_get val "$cfg" minsupplies 1
echo "MINSUPPLIES $val" >> "$UPSMON_C"
val=""
config_list_foreach "$cfg" defaultnotify notifylist
default="$optval"
- echo "NOTIFYFLAG ONLINE $(setnotify "$cfg" onlinenotify)" >> "$UPSMON_C"
- echo "NOTIFYFLAG ONBATT $(setnotify "$cfg" onbattnotify)" >> "$UPSMON_C"
- echo "NOTIFYFLAG LOWBATT $(setnotify "$cfg" lowbatnotify)" >> "$UPSMON_C"
- echo "NOTIFYFLAG FSD $(setnotify "$cfg" fsdnotify)" >> "$UPSMON_C"
- echo "NOTIFYFLAG COMMOK $(setnotify "$cfg" commoknotify)" >> "$UPSMON_C"
- echo "NOTIFYFLAG COMMBAD $(setnotify "$cfg" commbadnotify)" >> "$UPSMON_C"
- echo "NOTIFYFLAG SHUTDOWN $(setnotify "$cfg" shutdownnotify)" >> "$UPSMON_C"
- echo "NOTIFYFLAG REPLBATT $(setnotify "$cfg" repolbattnotify)" >> "$UPSMON_C"
- echo "NOTIFYFLAG NOCOMM $(setnotify "$cfg" nocommnotify)" >> "$UPSMON_C"
- echo "NOTIFYFLAG NOPARENT $(setnotify "$cfg" noparentnotify)" >> "$UPSMON_C"
+ {
+ echo "NOTIFYFLAG ONLINE $(setnotify "$cfg" onlinenotify)" ; \
+ echo "NOTIFYFLAG ONBATT $(setnotify "$cfg" onbattnotify)" ; \
+ echo "NOTIFYFLAG LOWBATT $(setnotify "$cfg" lowbatnotify)" ; \
+ echo "NOTIFYFLAG FSD $(setnotify "$cfg" fsdnotify)" ; \
+ echo "NOTIFYFLAG COMMOK $(setnotify "$cfg" commoknotify)" ; \
+ echo "NOTIFYFLAG COMMBAD $(setnotify "$cfg" commbadnotify)" ; \
+ echo "NOTIFYFLAG SHUTDOWN $(setnotify "$cfg" shutdownnotify)" ; \
+ echo "NOTIFYFLAG REPLBATT $(setnotify "$cfg" repolbattnotify)" ; \
+ echo "NOTIFYFLAG NOCOMM $(setnotify "$cfg" nocommnotify)" ; \
+ echo "NOTIFYFLAG NOPARENT $(setnotify "$cfg" noparentnotify)" ; \
+ } >> "$UPSMON_C"
config_get val "$cfg" rbwarntime 43200
echo "RBWARNTIME $val" >> "$UPSMON_C"
}
build_config() {
- local runas
+ local runas=nutmon
mkdir -m 0750 -p "$(dirname "$UPSMON_C")"
config_load nut_monitor
config_foreach nut_upsmon_add master master
config_foreach nut_upsmon_add slave slave
- [ ! -s "$(cat /var/etc/nut/nut.conf)" ] && {
+ [ ! -s /var/etc/nut/nut.conf ] && {
echo "MODE=netclient" >>/var/etc/nut/nut.conf
chmod 640 /var/etc/nut/nut.conf
- chgrp $(id -gn ${runas:-root}) /var/etc/nut/nut.conf
+ chgrp "$(id -gn "${runas:-nutmon}")" /var/etc/nut/nut.conf
}
[ -s "$UPSMON_C" ] && chmod 640 "$UPSMON_C"
- [ -s "$UPSMON_C" ] && chgrp $(id -gn ${runas:-root}) "$UPSMON_C"
+ [ -s "$UPSMON_C" ] && chgrp "$(id -gn "${runas:-nutmon}")" "$UPSMON_C"
}
interface_triggers() {
config_get triggerlist "upsmon" triggerlist
- . /lib/functions/network.sh
+ . "${IPKG_INSTROOT}"/lib/functions/network.sh
if [ -n "$triggerlist" ]; then
for trigger in $triggerlist; do
if [ "$action" = "add_trigger" ]; then
- procd_add_interface_trigger "interface.*" "$trigger" /etc/init.d/nut-monitor reload
+ procd_add_interface_trigger "interface.*" "$trigger" /etc/init.d/nut-monitor restart
else
network_is_up "$trigger" && return 0
fi
done
else
if [ "$action" = "add_trigger" ]; then
- procd_add_raw_trigger "interface.*.up" 2000 /etc/init.d/nut-monitor reload
+ procd_add_raw_trigger "interface.*.up" 2000 /etc/init.d/nut-monitor restart
else
ubus call network.device status | grep -q '"up": true' && return 0
fi
local havemon havems
build_config
- [ "$havemon" != 1 ] && return
- [ "$havems" != 1 ] && return
- interface_triggers "check_interface_up" || return
+ [ "$havemon" != 1 ] && return 1
+ [ "$havems" != 1 ] && return 1
+ interface_triggers "check_interface_up" || return 0
procd_open_instance "upsmon"
- procd_set_param respawn
- procd_set_param stderr 0
- procd_set_param stdout 1
+ procd_set_param respawn 10 20 6
+ procd_set_param stderr 1
+ procd_set_param stdout 0
procd_set_param command /usr/sbin/upsmon -D
procd_close_instance
+
+ return 0
+}
+
+restart() {
+ trap '' TERM
+ stop "$@"
+ sleep 2
+ trap - TERM
+ start "$@"
}
reload_service() {
build_config
/usr/sbin/upsmon -c reload
else
- stop
- sleep 2
- start_service
+ restart
fi
}
service_triggers() {
- confg_load nut_monitor
+ config_load nut_monitor
interface_triggers "add_trigger"
procd_add_reload_trigger "nut_monitor"
}
#!/bin/sh
-/usr/sbin/sendmail root <<EOF
+{
+exec /usr/sbin/sendmail root <<EOF
From: root
To: root
Subject: UPS $NOTIFYTYPE Notification
$1
.
EOF
+} &
#!/bin/sh
-. /lib/functions.sh
+. "${IPKG_INSTROOT}"/lib/functions.sh
REMOVEDEFAULTNOTIFY=0
SKIPADDSYSLOG=0
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
-START=50
+START=70
+STOP=30
USERS_C=/var/etc/nut/upsd.users
UPSD_C=/var/etc/nut/upsd.conf
}
upsd_statepath() {
- local cfg="$1"
local statepath
- config_get statepath "$cfg" statepath "/var/run/nut"
+ config_get statepath upsd statepath /var/run/nut
STATEPATH="$statepath"
}
upsd_runas() {
- local cfg="$1"
local runas
- [ -n "$RUNAS" ] && return
+ [ -n "$RUNAS" ] && return 0
- config_get runas "$cfg" runas "nut"
+ config_get runas upsd runas nut
RUNAS="$runas"
}
# Note runas support requires you make sure USB device file is readable by
# the runas user
- config_get runas "$cfg" runas "nut"
+ config_get runas "$cfg" runas nut
RUNAS="$runas"
- config_get statepath "$cfg" statepath "/var/run/nut"
+ config_get statepath "$cfg" statepath /var/run/nut
STATEPATH="$statepath"
config_get maxage "$cfg" maxage
}
build_server_config() {
- mkdir -m 0755 -p "$(dirname "$UPSD_C")"
+ mkdir -p "$(dirname "$UPSD_C")"
+ chmod 0640 "$UPS_C"
rm -f "$USERS_C"
rm -f "$UPSD_C"
rm -f /var/etc/nut/nut.conf
chmod 0644 /var/etc/nut/nut.conf
[ -d "${STATEPATH}" ] || {
- mkdir -m 0750 -p "${STATEPATH}"
+ mkdir -p "${STATEPATH}"
+ chmod 0750 "${STATEPATH}"
}
if [ -n "$RUNAS" ]; then
- chown $RUNAS:$(id -gn $RUNAS) "${STATEPATH}"
- chgrp $(id -gn $RUNAS) "$USERS_C"
- chgrp $(id -gn $RUNAS) "$UPSD_C"
+ chown "$RUNAS":"$(id -gn "$RUNAS")" "${STATEPATH}"
+ chgrp "$(id -gn "$RUNAS")" "$USERS_C"
+ chgrp "$(id -gn "$RUNAS")" "$UPSD_C"
fi
haveserver=1
}
local overvar="$1"
local defover="$2"
local overtype="$(echo "$overvar" | tr '.' '_')"
+ local overval
config_get overval "${defover}_${overtype}" value
[ -n "$overval" ] && echo "${defover}.${overvar} = $overval" >>"$UPS_C"
other() {
local othervar="$1"
local othervarflag="$2"
+ local otherval
if [ "$othervarflag" = "otherflag" ]; then
config_get_bool otherval "${othervarflag}_${othervar}" value
get_write_driver_config "$cfg" retrydelay
get_write_driver_config "$cfg" pollinterval
get_write_driver_config "$cfg" synchronous
- config_get runas "$cfg" user "nut"
+ config_get runas "$cfg" user nut
RUNAS="$runas"
- upsd_runas
- echo "" >>$UPS_C
+ echo "" >>"$UPS_C"
}
build_config() {
local STATEPATH=/var/run/nut
- mkdir -m 0755 -p "$(dirname "$UPS_C")"
+ mkdir -p "$(dirname "$UPS_C")"
rm -f "$UPS_C"
echo "# Config file automatically generated from UCI config" > "$UPS_C"
chmod 0640 "$UPS_C"
config_load nut_server
- config_foreach upsd_statepath upsd
+ upsd_runas
config_foreach build_global_driver_config driver_global
config_foreach build_driver_config driver
- [ -n "$RUNAS" ] && chgrp $(id -gn $RUNAS) "$UPS_C"
-
+ upsd_statepath
build_server_config
+ [ -n "$RUNAS" ] && chgrp "$(id -gn "$RUNAS")" "$UPS_C"
}
start_driver_instance() {
[ "$havedriver" != 1 ] && return
# If wanting a specific instance, only start it
- [ "$requested" != "$cfg" ] && [ x"$requested" != x ] && return 0
+ if [ "$requested" != "$cfg" ] && [ "$request" != "" ]; then
+ return 0
+ fi
- mkdir -m 0755 -p "$(dirname "$UPS_C")"
+ mkdir -p "$(dirname "$UPS_C")"
+ chmod 0755 "$UPS_C"
- [ ! -s "$UPS_C" ] && build_config
+ upsd_statepath
+ build_config
# Avoid hotplug inadvertenly restarting driver during
# forced shutdown
[ -f /var/run/killpower ] && return 0
- [ -d /var/run/nut ] && [ -f /var/run/nut/disable-hotplug ] && return 0
-
-
- config_foreach upsd_statepath upsd
+ if [ -d /var/run/nut ] && [ -f /var/run/nut/disable-hotplug ]; then
+ return 0
+ fi
if [ -n "$RUNAS" ]; then
- chown $RUNAS:$(id -gn $RUNAS) "${STATEPATH}"
+ chown "$RUNAS":"$(id -gn "$RUNAS")" "${STATEPATH}"
+ chgrp "$(id -gn "$RUNAS")" "$UPS_C"
fi
config_get driver "$cfg" driver "usbhid-ups"
procd_set_param respawn
procd_set_param stderr 0
procd_set_param stdout 1
- procd_set_param command /lib/nut/${driver} -D -a "$cfg" ${RUNAS:+-u $RUNAS}
+ procd_set_param command /lib/nut/"${driver}" -D -a "$cfg" ${RUNAS:+-u "$RUNAS"}
procd_close_instance
}
local action="$1"
local triggerlist trigger
- config_get triggerlist "upsd" triggerlist
+ config_get triggerlist upsd triggerlist
. /lib/functions/network.sh
}
start_server_instance() {
- local RUNAS=nut
- build_config
+ local cfg="$1"
[ "$haveserver" != 1 ] && return
interface_triggers "check_interface_up" || return
-
- procd_open_instance "upsd"
+ procd_open_instance "$cfg"
procd_set_param respawn
procd_set_param stderr 0
procd_set_param stdout 1
- procd_set_param command /usr/sbin/upsd -D ${RUNAS:+-u $RUNAS}
+ procd_set_param command /usr/sbin/upsd -D ${RUNAS:+-u "$RUNAS"}
procd_close_instance
}
start_service() {
- local havedriver haveserver
local STATEPATH=/var/run/nut
# Avoid hotplug inadvertenly restarting driver during
# forced shutdown
[ -f /var/run/killpower ] && return 0
- [ -f /var/run/nut/disable-hotplug ] && return 0
config_load nut_server
-
build_config
- config_foreach start_driver_instance driver "$@"
- start_server_instance "upsd"
+ case $@ in
+ "")
+ config_foreach start_driver_instance driver "$@"
+ start_server_instance upsd
+ ;;
+ *upsd*)
+ start_server_instance upsd
+ ;;
+ *)
+ config_foreach start_driver_instance driver "$@"
+ ;;
+ esac
}
reload_service() {
- stop
+ stop_service "$@"
sleep 2
- local havedriver haveserver
- start
+ start_service "$@"
}
service_triggers() {
nut_serial() {
local cfg="$cfg"
- config_get runas upsd runas "nut"
+ local runas enable_usb_serial port
config_get_bool enable_usb_serial "$cfg" enable_usb_serial 0
+ config_get port "$cfg" port
+ config_get runas "$cfg" runas "nut"
+
+ [ -z "$runas" ] && config_get runas upsd runas "nut"
+
+ [ "$enable_usb_serial" -eq 1 ] && {
+ # If port is specified only change tty's matching port
+ if [ -n "$port" ] && [ "$port" != /dev/"$DEVNAME" ]; then
+ return 0
+ fi
+ [ -n "$runas" ] && chgrp "$(id -gn "${runas}")" /dev/"$DEVNAME"
+ chmod g+rw /dev/"$DEVNAME"
+ }
}
-[ "$ACTION" = "add" ] && [ -n "$DEVNAME" ] && [ -z "${DEVNAME%ttyUSB*}" ] && {
+nut_on_hotplug_add() {
+ . "${IPKG_INSTROOT}"/lib/functions.sh
+
config load nut_server
config_foreach nut_serial driver
+}
- [ -z "$RUNAS" ] && {
- RUNAS="$runas"
- }
-
- [ "$enable_usb_serial" -eq 1 ] && {
- chown "${RUNAS:-nut}" /dev/$DEVNAME
- chmod g+rw /dev/$DEVNAME
- }
+[ "$ACTION" = "add" ] && [ -n "$DEVNAME" ] && {
+ # On add of a serial port with name ttyUSB*
+ [ -z "${DEVNAME%ttyUSB*}" ] && nut_on_hutplug_add
+ # On add of a serial port with name ttyAMA*
+ [ -z "${DEVNAME%ttyAMA*}" ] && nut_on_hutplug_add
}
#config driver 'upsname'
# option driver usbhid-ups
# option port auto
+# option enable_usb_serial 0
#config user
# option username upsuser
# See /LICENSE for more information.
#
-. /lib/functions.sh
-
-mount -o remount,ro /overlay /overlay
-mount -o remount,ro / /
-
stop_instance() {
/etc/init.d/nut-server stop "$1"
}
shutdown_instance() {
local cfg="$1"
config_get driver "$cfg" driver "usbhid-ups"
+
# Only FSD if killpower was indicated
if [ -f /var/run/killpower ]; then
- /lib/nut/${driver} -a "$cfg" -k
+ /lib/nut/"${driver}" -a "$cfg" -k
fi
}
-if [ -f /var/run/killpower ]; then
- if [ -f /etc/config/nut_server ]; then
- config_load nut_server
+do_fsd() {
+ if [ -f /var/run/killpower ]; then
+ # Only make FS readonly if we are doing an FSD
+ mount -o remount,ro /overlay /overlay
+ mount -o remount,ro / /
+
+ . ${IPKG_INSTOOT}/lib/functions.sh
- # Can't FSD unless drivers are stopped
- config_foreach stop_instance driver
- # Driver will wait 'offdelay' before shutting down
- config_foreach shutdown_instance driver
- # So this can happen
- poweroff
- # And just in case
- sleep 120
- # Uh-oh failed to poweroff UPS
- reboot -f
+ if [ -f /etc/config/nut_server ]; then
+ config_load nut_server
+
+ # Can't FSD unless drivers are stopped
+ config_foreach stop_instance driver
+ # Driver will wait 'offdelay' before shutting down
+ config_foreach shutdown_instance driver
+ # So this can happen
+ rm -f /var/run/killpower
+ poweroff
+ # And just in case
+ sleep 120
+ # Uh-oh failed to poweroff UPS
+ reboot -f
+ else
+ poweroff
+ fi
else
poweroff
fi
-else
- poweroff
-fi
+}
PKG_NAME:=openssh
PKG_VERSION:=7.9p1
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
--- /dev/null
+From 6010c0303a422a9c5fa8860c061bf7105eb7f8b2 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Fri, 16 Nov 2018 03:03:10 +0000
+Subject: [PATCH] upstream: disallow empty incoming filename or ones that refer
+ to the
+
+current directory; based on report/patch from Harry Sintonen
+
+OpenBSD-Commit-ID: f27651b30eaee2df49540ab68d030865c04f6de9
+---
+ scp.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/scp.c b/scp.c
+index 60682c687..4f3fdcd3d 100644
+--- a/scp.c
++++ b/scp.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: scp.c,v 1.197 2018/06/01 04:31:48 dtucker Exp $ */
++/* $OpenBSD: scp.c,v 1.198 2018/11/16 03:03:10 djm Exp $ */
+ /*
+ * scp - secure remote copy. This is basically patched BSD rcp which
+ * uses ssh to do the data transfer (instead of using rcmd).
+@@ -1106,7 +1106,8 @@ sink(int argc, char **argv)
+ SCREWUP("size out of range");
+ size = (off_t)ull;
+
+- if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
++ if (*cp == '\0' || strchr(cp, '/') != NULL ||
++ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
+ run_err("error: unexpected filename: %s", cp);
+ exit(1);
+ }
include $(TOPDIR)/rules.mk
PKG_NAME:=safe-search
-PKG_VERSION:=1.0.0
-PKG_RELEASE:=2
+PKG_VERSION:=1.0.1
+PKG_RELEASE:=1
PKG_LICENSE:=MIT
PKG_MAINTAINER:=Gregory L. Dietsche <Gregory.Dietsche@cuw.edu>
This package prevents adult content from appearing in search results by
configuring dnsmasq to force all devices on your network to use Google and
-Bing's Safe Search IP addresses. This is designed to be approperiate for most
+Bing's Safe Search IP addresses. This is designed to be appropriate for most
businesses and families. The default filtering rules do not interfere with
normal web browsing.
-Currently supported:
-- Google Safe Search - enabled by default
- - https://support.google.com/websearch/answer/186669
-- Bing Safe Search - enabled by default
- - https://help.bing.microsoft.com/#apex/18/en-US/10003/0
-- youtube Safe Search
- - https://support.google.com/a/answer/6214622
- - https://support.google.com/a/answer/6212415
- - https://www.youtube.com/check_content_restrictions
- - Not enabled by default because it is designed for children.
- - Enable by editing /etc/config/safe-search and then run safe-search-update
+Enabled and disable Safe Search by editing /etc/config/safe-search . To make
+your changes active, run safe-search-update.
+
+Currently Supported:
+- Enabled By Default
+ - www.bing.com Safe Search
+ - https://help.bing.microsoft.com/#apex/18/en-US/10003/0
+ - DuckDuckGo.com Safe Search
+ - https://duck.co/help/features/safe-search
+ - www.Google.com Safe Search
+ - https://support.google.com/websearch/answer/186669
+- Not Enabled By Default:
+ - youtube Safe Search
+ - https://support.google.com/a/answer/6214622
+ - https://support.google.com/a/answer/6212415
+ - https://www.youtube.com/check_content_restrictions
+ - Not enabled because it is designed for children, and may annoy adults...
--- /dev/null
+#
+# Copyright (c) 2019 Gregory L. Dietsche <Gregory.Dietsche@cuw.edu>
+# This is free software, licensed under the MIT License
+#
+
+#
+# IMPORTANT: if this file is not working, make sure that dnsmasq is able to READ it!
+#
+
+#50.16.250.179 safe.duckduckgo.com
+#54.208.102.2 safe.duckduckgo.com
+#52.204.96.252 safe.duckduckgo.com
+
+50.16.250.179 duckduckgo.com
+54.208.102.2 duckduckgo.com
+52.204.96.252 duckduckgo.com
config safe-search 'bing'
option enabled 1
+config safe-search 'duckduckgo'
+ option enabled 1
+
config safe-search 'google'
option enabled 1
#
PKG_NAME:=shadowsocks-libev
PKG_VERSION:=3.2.3
-PKG_RELEASE:=1
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev/releases/download/v$(PKG_VERSION)
ss_redir_servers="$(echo "$ss_redir_servers" | tr ' ' '\n' | sort -u)"
[ "$dst_forward_recentrst" = 0 ] || args="$args --dst-forward-recentrst"
- "$bin" \
+ ss_rules_call
+ ss_rules_call -6
+}
+
+ss_rules_call() {
+ "$bin" "$@" \
-s "$ss_redir_servers" \
-l "$local_port_tcp" \
-L "$local_port_udp" \
--ifnames "$ifnames" \
--ipt-extra "$ipt_args" \
$args \
- || "$bin" -f
+ || "$bin" "$@" -f
}
start_service() {
'disabled:bool:0' \
'redir_tcp:uci("shadowsocks-libev", "@ss_redir")' \
'redir_udp:uci("shadowsocks-libev", "@ss_redir")' \
- 'src_ips_bypass:or(ip4addr,cidr4)' \
- 'src_ips_forward:or(ip4addr,cidr4)' \
- 'src_ips_checkdst:or(ip4addr,cidr4)' \
+ 'src_ips_bypass:or(ipaddr,cidr)' \
+ 'src_ips_forward:or(ipaddr,cidr)' \
+ 'src_ips_checkdst:or(ipaddr,cidr)' \
'dst_ips_bypass_file:file' \
- 'dst_ips_bypass:or(ip4addr,cidr4)' \
+ 'dst_ips_bypass:or(ipaddr,cidr)' \
'dst_ips_forward_file:file' \
- 'dst_ips_forward:or(ip4addr,cidr4)' \
+ 'dst_ips_forward:or(ipaddr,cidr)' \
'src_default:or("bypass", "forward", "checkdst"):checkdst' \
'dst_default:or("bypass", "forward"):bypass' \
'local_default:or("bypass", "forward", "checkdst"):bypass' \
# See /LICENSE for more information.
#
+__errmsg() {
+ echo "ss-rules: $*" >&2
+}
+
+if [ "$1" = "-6" ]; then
+ if ! ip6tables -t nat -L -n >/dev/null; then
+ __errmsg "Skipping ipv6. Please install ip6tables-mod-nat"
+ exit 1
+ fi
+ o_use_ipv6=1; shift
+fi
+
ss_rules_usage() {
cat >&2 <<EOF
Usage: ss-rules [options]
+ -6 Operate on address family IPv6
+ When present, must be the first argument
-h, --help Show this help message then exit
-f, --flush Flush rules, ipset then exit
-l <port> Local port number of ss-redir with TCP mode
EOF
}
-o_dst_bypass_="
+o_dst_bypass4_="
0.0.0.0/8
10.0.0.0/8
100.64.0.0/10
240.0.0.0/4
255.255.255.255
"
+o_dst_bypass6_="
+ ::1/128
+ ::/128
+ ::ffff:0:0/96
+ 64:ff9b:1::/48
+ 100::/64
+ 2001:2::/48
+ 2001:db8::/32
+ fe80::/10
+ 2001::/23
+ fc00::/7
+"
o_src_default=bypass
o_dst_default=bypass
o_local_default=bypass
-__errmsg() {
- echo "ss-rules: $*" >&2
-}
+alias grep_af="sed -ne '/:/!p'"
+o_dst_bypass_="$o_dst_bypass4_"
+if [ -n "$o_use_ipv6" ]; then
+ alias grep_af="sed -ne /:/p"
+ alias iptables=ip6tables
+ alias iptables-save=ip6tables-save
+ alias iptables-restore=ip6tables-restore
+ alias ip="ip -6"
+ o_af=6
+ o_dst_bypass_="$o_dst_bypass6_"
+fi
ss_rules_parse_args() {
while [ "$#" -gt 0 ]; do
return 1
fi
if [ -n "$o_dst_forward_recentrst" ] && ! iptables -m recent -h >/dev/null; then
- __errmsg "Please install iptables-mod-conntrack-extra with opkg"
+ __errmsg "Please install iptables-mod-conntrack-extra"
return 1
fi
- o_remote_servers="$(for s in $o_remote_servers; do resolveip -4 "$s"; done)"
+ o_remote_servers="$(for s in $o_remote_servers; do resolveip "$s" | grep_af; done)"
}
ss_rules_flush() {
iptables-save --counters | grep -v ss_rules_ | iptables-restore --counters
while ip rule del fwmark 1 lookup 100 2>/dev/null; do true; done
ip route flush table 100
- for setname in $(ipset -n list | grep "ss_rules_"); do
+ for setname in $(ipset -n list | grep "ss_rules${o_af}_"); do
ipset destroy "$setname" 2>/dev/null || true
done
}
ss_rules_ipset_init() {
ipset --exist restore <<-EOF
- create ss_rules_src_bypass hash:net hashsize 64
- create ss_rules_src_forward hash:net hashsize 64
- create ss_rules_src_checkdst hash:net hashsize 64
- create ss_rules_dst_bypass hash:net hashsize 64
- create ss_rules_dst_bypass_ hash:net hashsize 64
- create ss_rules_dst_forward hash:net hashsize 64
- create ss_rules_dst_forward_recentrst_ hash:ip hashsize 64 timeout 3600
- $(ss_rules_ipset_mkadd ss_rules_dst_bypass_ "$o_dst_bypass_ $o_remote_servers")
- $(ss_rules_ipset_mkadd ss_rules_src_bypass "$o_src_bypass")
- $(ss_rules_ipset_mkadd ss_rules_src_forward "$o_src_forward")
- $(ss_rules_ipset_mkadd ss_rules_src_checkdst "$o_src_checkdst")
- $(ss_rules_ipset_mkadd ss_rules_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null)")
- $(ss_rules_ipset_mkadd ss_rules_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null)")
+ create ss_rules${o_af}_src_bypass hash:net family inet$o_af hashsize 64
+ create ss_rules${o_af}_src_forward hash:net family inet$o_af hashsize 64
+ create ss_rules${o_af}_src_checkdst hash:net family inet$o_af hashsize 64
+ create ss_rules${o_af}_dst_bypass hash:net family inet$o_af hashsize 64
+ create ss_rules${o_af}_dst_bypass_ hash:net family inet$o_af hashsize 64
+ create ss_rules${o_af}_dst_forward hash:net family inet$o_af hashsize 64
+ create ss_rules${o_af}_dst_forward_rrst_ hash:ip family inet$o_af hashsize 8 timeout 3600
+ $(ss_rules_ipset_mkadd ss_rules${o_af}_dst_bypass_ "$o_dst_bypass_ $o_remote_servers")
+ $(ss_rules_ipset_mkadd ss_rules${o_af}_src_bypass "$o_src_bypass")
+ $(ss_rules_ipset_mkadd ss_rules${o_af}_src_forward "$o_src_forward")
+ $(ss_rules_ipset_mkadd ss_rules${o_af}_src_checkdst "$o_src_checkdst")
+ $(ss_rules_ipset_mkadd ss_rules${o_af}_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null)")
+ $(ss_rules_ipset_mkadd ss_rules${o_af}_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null)")
EOF
}
for i in $*; do
echo "add $setname $i"
- done
+ done | grep_af
}
ss_rules_iptchains_init() {
*nat
:ss_rules_local_out -
-I OUTPUT 1 -p tcp -j ss_rules_local_out
- -A ss_rules_local_out -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
+ -A ss_rules_local_out -m set --match-set ss_rules${o_af}_dst_bypass_ dst -j RETURN
-A ss_rules_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
COMMIT
EOF
COMMIT
"
recentrst_addset_rules="
- -A ss_rules_dst -m recent --name ss_rules_recentrst --rcheck --rdest --seconds 3 --hitcount 3 -j SET --add-set ss_rules_dst_forward_recentrst_ dst --exist
- -A ss_rules_dst -m set --match-set ss_rules_dst_forward_recentrst_ dst -j ss_rules_forward
+ -A ss_rules_dst -m recent --name ss_rules_recentrst --rcheck --rdest --seconds 3 --hitcount 3 -j SET --add-set ss_rules${o_af}_dst_forward_rrst_ dst --exist
+ -A ss_rules_dst -m set --match-set ss_rules${o_af}_dst_forward_rrst_ dst -j ss_rules_forward
"
fi
;;
:ss_rules_dst -
:ss_rules_forward -
$(ss_rules_iptchains_mkprerules "$proto")
- -A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
+ -A ss_rules_pre_src -m set --match-set ss_rules${o_af}_dst_bypass_ dst -j RETURN
-A ss_rules_pre_src -p $proto $o_ipt_extra -j ss_rules_src
- -A ss_rules_src -m set --match-set ss_rules_src_bypass src -j RETURN
- -A ss_rules_src -m set --match-set ss_rules_src_forward src -j ss_rules_forward
- -A ss_rules_src -m set --match-set ss_rules_src_checkdst src -j ss_rules_dst
+ -A ss_rules_src -m set --match-set ss_rules${o_af}_src_bypass src -j RETURN
+ -A ss_rules_src -m set --match-set ss_rules${o_af}_src_forward src -j ss_rules_forward
+ -A ss_rules_src -m set --match-set ss_rules${o_af}_src_checkdst src -j ss_rules_dst
-A ss_rules_src -j $src_default_target -m comment --comment "src_default: $o_src_default"
- -A ss_rules_dst -m set --match-set ss_rules_dst_bypass dst -j RETURN
- -A ss_rules_dst -m set --match-set ss_rules_dst_forward dst -j ss_rules_forward
+ -A ss_rules_dst -m set --match-set ss_rules${o_af}_dst_bypass dst -j RETURN
+ -A ss_rules_dst -m set --match-set ss_rules${o_af}_dst_forward dst -j ss_rules_forward
$recentrst_addset_rules
-A ss_rules_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default"
$forward_rules
include $(TOPDIR)/rules.mk
PKG_NAME:=sqm-scripts
-PKG_SOURCE_VERSION:=d0ac824ec0c5d0fc3593ce90d83a007da505856e
-PKG_VERSION:=1.2.4
+PKG_SOURCE_VERSION:=4d6ec3349026dac798b5dd84dbffa0bc8331ff04
+PKG_VERSION:=1.3.0
PKG_RELEASE:=1
PKG_LICENSE:=GPLv2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_RELEASE).tar.xz
-PKG_MIRROR_HASH:=2882aeae9f8b7827655bae8b0ecae60c405795a2a51aec8d3f2ae5fccecd76b9
+PKG_MIRROR_HASH:=ae61179fb60a44e5b657f4d6cdce861b91fc20c224465d2b2ddf2d12d1833edf
PKG_SOURCE_URL:=https://github.com/tohojo/sqm-scripts.git
PKG_SOURCE_PROTO:=git
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_RELEASE)
PKG_NAME:=squid
PKG_VERSION:=4.4
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_LICENSE:=GPL-2.0
PKG_MAINTAINER:=Marko Ratkaj <marko.ratkaj@sartura.hr>
--- /dev/null
+--- a/src/ssl/support.cc
++++ b/src/ssl/support.cc
+@@ -485,7 +485,7 @@ Ssl::Initialize(void)
+
+ SQUID_OPENSSL_init_ssl();
+
+-#if HAVE_OPENSSL_ENGINE_H
++#ifndef OPENSSL_NO_ENGINE
+ if (::Config.SSL.ssl_engine) {
+ ENGINE_load_builtin_engines();
+ ENGINE *e;
include $(TOPDIR)/rules.mk
PKG_NAME:=stubby
-PKG_VERSION:=0.2.3
-PKG_RELEASE:=3
+PKG_VERSION:=0.2.4
+PKG_RELEASE:=1
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=COPYING
PKG_SOURCE_PROTO:=git
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/getdnsapi/$(PKG_NAME)
-PKG_SOURCE_VERSION:=8fb853ac8d6148fd9b53fdcbc107ecd375071ec5
-PKG_MIRROR_HASH:=db736f4a728970d2441009ac19716d6129700eab3f441a5db3a0c26d41bf162c
+PKG_SOURCE_VERSION:=58200cadec6371f95e31a7f3735225c5a46ecf75
+PKG_MIRROR_HASH:=28c46f4464cb41cf59264d10da63dc25ece9a1d00b4dfb05a9276594658e5eb9
PKG_FIXUP:=autoreconf
particular, if DNSSEC is turned on, stubby will store its automatically
retrieved trust anchor data here. The default value is `'/var/lib/stubby'`.
+#### `option trust_anchors_backoff_time`
+
+When Zero configuration DNSSEC failed, because of network unavailability or
+failure to write to the appdata directory, stubby will backoff trying to refetch
+the DNSSEC trust-anchor for a specified amount of time expressed in milliseconds
+(which defaults to two and a half seconds).
+
#### `option dnssec_trust_anchors`
This option sets the location of the file containing the trust anchor data used
# option timeout '5000'
# option dnssec_return_status '0'
option appdata_dir '/var/lib/stubby'
+ # option trust_anchors_backoff_time 2500
# option dnssec_trust_anchors '/var/lib/stubby/getdns-root.key'
option edns_client_subnet_private '1'
option idle_timeout '10000'
USE_PROCD=1
-START=50
+START=30
STOP=51
-PROG="/usr/sbin/stubby"
-
stubby="/usr/sbin/stubby"
stubby_init="/etc/init.d/stubby"
stubby_config_dir="/var/etc/stubby"
local edns_client_subnet_private
local idle_timeout
local appdata_dir
+ local trust_anchors_backoff_time
local tls_connection_retries
local tls_backoff_time
local timeout
local listen_addresses_section=0
local dns_transport_list_section=0
local upstream_recursive_servers_section=0
- local stubby_args
local command_line_arguments
local log_level
config_get appdata_dir "global" appdata_dir "/var/lib/stubby"
echo "appdata_dir: \"$appdata_dir\"" >> "$config_file"
+ config_get trust_anchors_backoff_time "global" trust_anchors_backoff_time "2500"
+ echo "trust_anchors_backoff_time: $trust_anchors_backoff_time" >> "$config_file"
+
config_get tls_connection_retries "global" tls_connection_retries ""
if [ -n "$tls_connection_retries" ]; then
echo "tls_connection_retries: $tls_connection_retries" >> "$config_file"
local config=$1
local address
local tls_auth_name
- local spki
local tls_pubkey_pinset_section=0
if [ "$upstream_recursive_servers_section" = 0 ]; then
config_get log_level "global" log_level ""
- if [ $("${stubby_init}" enabled; printf "%u" ${?}) -eq 0 ]; then
- if [ -n "${stubby_boot}" ]; then
- local trigger="$(uci_get stubby global trigger)"
- if [ "${trigger}" != "timed" ]; then
+ if [ "$("$stubby_init" enabled; printf "%u" $?)" -eq 0 ]; then
+ if [ -n "$stubby_boot" ]; then
+ local trigger
+ trigger="$(uci_get stubby global trigger)"
+ if [ "$trigger" != "timed" ]; then
return 0
fi
fi
if [ -n "$command_line_arguments" ]; then
procd_append_param command "$command_line_arguments"
fi
- procd_set_param respawn ${respawn_threshold:-3600} ${respawn_timeout:-5} ${respawn_retry:-5}
+ procd_set_param respawn
procd_set_param file "$stubby_config"
procd_set_param stdout 1
procd_set_param stderr 1
service_triggers()
{
- local trigger="$(uci_get stubby global trigger)"
- local delay="$(uci_get stubby global triggerdelay "2")"
+ local trigger
+ local delay
+
+ trigger="$(uci_get stubby global trigger)"
+ delay="$(uci_get stubby global triggerdelay "2")"
- if [ "${trigger}" != "none" ] && [ "${trigger}" != "timed" ]; then
+ if [ "$trigger" != "none" ] && [ "$trigger" != "timed" ]; then
PROCD_RELOAD_DELAY=$((${delay:-2} * 1000))
- procd_add_interface_trigger "interface.*.up" "${trigger}" "${stubby_init}" start
+ procd_add_interface_trigger "interface.*.up" "$trigger" "$stubby_init" start
fi
procd_add_reload_trigger "stubby"
}
PKG_LICENSE:=GPL-2.0+
PKG_MAINTAINER:=Florian Eckert <fe@dev.tdt.de>
PKG_LICENSE_FILES:=COPYING COPYRIGHT.GPL
+PKG_CPE_ID:=cpe:/a:stunnel:stunnel
PKG_SOURCE_URL:= \
http://ftp.nluug.nl/pub/networking/stunnel/ \
include $(TOPDIR)/rules.mk
PKG_NAME:=tor
-PKG_VERSION:=0.3.4.10
+PKG_VERSION:=0.3.5.7
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://dist.torproject.org/ \
https://archive.torproject.org/tor-package-archive
-PKG_HASH:=adeccb2bd49dbe5164185d702b973e2760009866c11975d9b2b74dae4d0c258a
+PKG_HASH:=1b0887fc21ac535befea7243c5d5f1e31394d7458d64b30807a3e98cca0d839e
PKG_MAINTAINER:=Hauke Mehrtens <hauke@hauke-m.de> \
Peter Wagner <tripolar@gmx.at>
PKG_LICENSE_FILES:=LICENSE
## The port on which Tor will listen for local connections from Tor
## controller applications, as documented in control-spec.txt.
-@@ -233,3 +233,4 @@
+@@ -238,3 +238,4 @@
#%include /etc/torrc.d/
#%include /etc/torrc.custom
include $(TOPDIR)/rules.mk
PKG_NAME:=travelmate
-PKG_VERSION:=1.3.2
+PKG_VERSION:=1.3.4
PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0+
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
#
LC_ALL=C
PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-trm_ver="1.3.2"
+trm_ver="1.3.4"
trm_sysver="unknown"
trm_enabled=0
trm_debug=0
local disabled="$(uci_get wireless "${config}" disabled)"
local eaptype="$(uci_get wireless "${config}" eap_type)"
- if [ -z "${trm_radio}" ] && [ -z "$(printf "%s" "${trm_radiolist}" | grep -Fo " ${radio}")" ]
+ if [ -z "${trm_radio}" ] && [ -z "$(printf "%s" "${trm_radiolist}" | grep -Fo "${radio}")" ]
then
trm_radiolist="$(f_trim "${trm_radiolist} ${radio}")"
elif [ -n "${trm_radio}" ] && [ -z "${trm_radiolist}" ]
then
trm_ifstatus="false"
else
- ubus call network reload
+ if [ "${status}" = "false" ]
+ then
+ ubus call network reload
+ fi
fi
while [ ${wait} -le ${trm_maxwait} ]
do
for radio in ${trm_radiolist}
do
result="$(printf "%s" "${dev_status}" | jsonfilter -l1 -e "@.${radio}.up")"
- if [ "${result}" = "true" ] && [ -z "$(printf "%s" "${trm_devlist}" | grep -Fo " ${radio}")" ]
+ if [ "${result}" = "true" ] && [ -z "$(printf "%s" "${trm_devlist}" | grep -Fo "${radio}")" ]
then
trm_devlist="$(f_trim "${trm_devlist} ${radio}")"
fi
f_main()
{
local IFS cnt dev config scan scan_list scan_essid scan_bssid scan_quality faulty_list
- local sta sta_essid sta_bssid sta_radio sta_iface active_essid active_bssid active_radio active_prio
+ local sta sta_essid sta_bssid sta_radio sta_iface active_essid active_bssid active_radio
f_check "initial"
+ f_log "debug" "f_main ::: status: ${trm_ifstatus}, proactive: ${trm_proactive}"
if [ "${trm_ifstatus}" != "true" ] || [ ${trm_proactive} -eq 1 ]
then
config_load wireless
f_log "debug" "f_main ::: iwinfo: ${trm_iwinfo:-"-"}, dev_list: ${trm_devlist:-"-"}, sta_list: ${trm_stalist:0:800}, faulty_list: ${faulty_list:-"-"}"
for dev in ${trm_devlist}
do
- f_log "debug" "f_main ::: dev: ${dev}"
+ f_log "debug" "f_main ::: device: ${dev}"
if [ -z "$(printf "%s" "${trm_stalist}" | grep -o "\-${dev}")" ]
then
f_log "debug" "f_main ::: no station on '${dev}' - continue"
f_log "debug" "f_main ::: faulty station '${sta_radio}/${sta_essid}/${sta_bssid:-"-"}' - continue"
continue
fi
- if ([ "${dev}" = "${active_radio}" ] && [ "${sta_essid}" = "${active_essid}" ] && [ "${sta_bssid:-"-"}" = "${active_bssid}" ]) || \
- ([ "${dev}" != "${active_radio}" ] && [ "${active_prio}" = "true" ])
+ if [ "${dev}" = "${active_radio}" ] && [ "${sta_essid}" = "${active_essid}" ] && [ "${sta_bssid:-"-"}" = "${active_bssid}" ]
then
- active_prio="true"
f_log "debug" "f_main ::: active station prioritized '${active_radio}/${active_essid}/${active_bssid:-"-"}' - break"
- break
+ break 3
fi
if [ -z "${scan_list}" ]
then
- scan_list="$(f_trim "$(${trm_iwinfo} "${dev}" scan 2>/dev/null | \
+ scan_list="$(f_trim "$("${trm_iwinfo}" "${dev}" scan 2>/dev/null | \
awk 'BEGIN{FS="[/ ]"}/Address:/{var1=$NF}/ESSID:/{var2="";for(i=12;i<=NF;i++) \
if(var2==""){var2=$i}else{var2=var2" "$i}}/Quality:/{printf "%i,%s,%s\n",(100/$NF*$(NF-1)),var1,var2}' | \
sort -rn | awk '{ORS=",";print $0}')")"
f_log "debug" "f_main ::: scan_list: ${scan_list:0:800}"
+ if [ -z "${scan_list}" ]
+ then
+ f_log "debug" "f_main ::: no scan results on '${dev}' - continue"
+ continue 3
+ fi
fi
IFS=","
for scan in ${scan_list}
PKG_NAME:=vpnc
PKG_REV:=550
PKG_VERSION:=0.5.3.r$(PKG_REV)
-PKG_RELEASE:=7
+PKG_RELEASE:=8
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://svn.unix-ag.uni-kl.de/vpnc/trunk/
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE_VERSION:=$(PKG_REV)
PKG_SOURCE_PROTO:=svn
-PKG_MIRROR_HASH:=f95e2ac4e7e55c06553e0fed016a908b0f2695cee988bc70c9994c03e2f588c4
PKG_MAINTAINER:=Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
PKG_LICENSE:=VARIOUS
#include "config.h"
#include "sysdep.h"
#include "crypto.h"
+@@ -35,10 +36,12 @@ crypto_ctx *crypto_ctx_new(crypto_error **error)
+ return NULL;
+ }
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ OpenSSL_add_all_ciphers();
+ OpenSSL_add_all_digests();
+ OpenSSL_add_all_algorithms();
+ ERR_load_crypto_strings();
++#endif
+
+ memset(ctx, 0, sizeof(crypto_ctx));
+ ctx->stack = sk_X509_new_null();
PKG_NAME:=wget
PKG_VERSION:=1.20.1
-PKG_RELEASE:=1
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@GNU/$(PKG_NAME)
DEPENDS+= +libopenssl +librt
TITLE+= (with SSL support)
VARIANT:=ssl
+ ALTERNATIVES:=300:/usr/bin/wget:/usr/bin/wget-ssl
endef
define Package/wget/description
$(call Package/wget/Default)
TITLE+= (without SSL support)
VARIANT:=nossl
+ ALTERNATIVES:=300:/usr/bin/wget:/usr/bin/wget-nossl
endef
define Package/wget-nossl/description
define Package/wget/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/wget $(1)/usr/bin/wget-ssl
- ln -sf wget-ssl $(1)/usr/bin/wget
endef
define Package/wget-nossl/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/wget $(1)/usr/bin/wget-nossl
- ln -sf wget-nossl $(1)/usr/bin/wget
endef
$(eval $(call BuildPackage,wget))
include $(TOPDIR)/rules.mk
PKG_NAME:=bash
-PKG_VERSION:=4.4.18
-PKG_RELEASE:=2
+PKG_VERSION:=5.0
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@GNU/bash
-PKG_HASH:=604d9eec5e4ed5fd2180ee44dd756ddca92e0b6aa4217bbab2b6227380317f23
+PKG_HASH:=b4a80f2ac66170b2913efbfb9f2594f1f76c7b1afd11f799e22035d63077fb4d
PKG_LICENSE:=GPL-3.0+
PKG_LICENSE_FILES:=COPYING
# bash_cv_sys_named_pipes: Required for process substituion
CONFIGURE_VARS += \
ac_cv_rl_prefix="$(STAGING_DIR)/usr" \
- ac_cv_rl_version="7.0" \
+ ac_cv_rl_version="8.0" \
bash_cv_getcwd_malloc=yes \
bash_cv_job_control_missing=present \
bash_cv_dev_fd=whacky \
--without-bash-malloc \
--bindir=/bin \
--disable-rpath \
+ --enable-direxpand-default \
+ --enable-job-control \
+ --enable-readline
define Package/bash/postinst
#!/bin/sh
$(LN) bash $(1)/bin/rbash
endef
-
$(eval $(call BuildPackage,bash))
Patch was taken from https://git.alpinelinux.org/cgit/aports/tree/main/bash/fix-jobs.patch
See also "Bash 4.4.12-r2 jobs hangs on arm (alpine 3.7)", https://bugs.alpinelinux.org/issues/8447
-diff --git a/jobs.c b/jobs.c
-index cef3c79..bf99266 100644
--- a/jobs.c
+++ b/jobs.c
-@@ -4166,10 +4166,8 @@ initialize_job_control (force)
+@@ -4326,10 +4326,8 @@ just_bail:
if (js.c_childmax < 0)
js.c_childmax = DEFAULT_CHILD_MAX;
return job_control;
}
-@@ -4547,10 +4545,8 @@ mark_dead_jobs_as_notified (force)
+@@ -4707,10 +4705,8 @@ mark_dead_jobs_as_notified (force)
if (js.c_childmax < 0)
js.c_childmax = DEFAULT_CHILD_MAX;
--- a/Makefile.in
+++ b/Makefile.in
-@@ -741,10 +741,8 @@ reconfig: force
+@@ -791,10 +791,8 @@ loadables:
# $(MAKE) -f $(srcdir)/Makefile $(MFLAGS) srcdir=$(srcdir)
doc documentation: force
PKG_NAME:=bonnie++
PKG_VERSION:=1.97.3
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tgz
-PKG_SOURCE_URL:=http://www.coker.com.au/bonnie++/
+PKG_SOURCE_URL:=https://www.coker.com.au/bonnie++/
PKG_HASH:=e27b386ae0dc054fa7b530aab6bdead7aea6337a864d1f982bc9ebacb320746e
+
+PKG_MAINTAINER:=Florian Fainelli <florian@openwrt.org>
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=copyright.txt
-PKG_MAINTAINER:=Florian Fainelli <florian@openwrt.org>
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_BUILD_PARALLEL:=1
+PKG_FIXUP:=autoreconf
+include $(INCLUDE_DIR)/uclibc++.mk
include $(INCLUDE_DIR)/package.mk
define Package/bonniexx
SECTION:=utils
CATEGORY:=Utilities
- DEPENDS:=+libstdcpp +libpthread
+ DEPENDS:=$(CXX_DEPENDS) +libpthread
TITLE:=Bonnie++ - hard drive bottleneck testing program.
- URL:=http://www.coker.com.au/bonnie++/
+ URL:=https://www.coker.com.au/bonnie++/
endef
define Package/bonniexx/description
tests of hard drive and file system performance.
endef
+ifeq ($(CONFIG_USE_UCLIBCXX),y)
+TARGET_LDFLAGS +=-nodefaultlibs
+endif
+
+TARGET_CXXFLAGS +=-fno-rtti
+
define Build/Compile
$(MAKE) -C $(PKG_BUILD_DIR) \
TARGET_CXX="$(TARGET_CXX)" \
--- /dev/null
+--- a/configure.in
++++ b/configure.in
+@@ -31,7 +31,6 @@ fi
+
+ dnl Checks for programs.
+ AC_LANG_CPLUSPLUS
+-AC_PROG_CC
+ AC_PROG_CXX
+ AC_PROG_CXXCPP
+ AC_PROG_INSTALL
+@@ -60,13 +59,13 @@ if [[ -n "$snprintf" ]]; then
+ snprintf="#define NO_SNPRINTF"
+ fi
+
+-AC_CHECK_HEADERS(algorithm algo.h algo)
++AC_CHECK_HEADERS(algorithm)
+
+ AC_SUBST(linux_pthread)
+ AC_TRY_COMPILE([#define _GNU_SOURCE
+ #include <pthread.h>
+ ] , [pthread_mutexattr_t attr;
+- pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE_NP);]
++ pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE);]
+ , linux_pthread="yes")
+ if [[ -n "$linux_pthread" ]]; then
+ linux_pthread="#define LINUX_PTHREAD"
+@@ -83,7 +82,7 @@ void * thread_func(void * param) { return NULL; }
+ , thread_ldflags="-pthread")
+
+ AC_SUBST(large_file)
+-AC_TRY_RUN([#ifndef _LARGEFILE64_SOURCE
++AC_TRY_COMPILE([#ifndef _LARGEFILE64_SOURCE
+ #define _LARGEFILE64_SOURCE
+ #endif
+ #include <stdio.h>
#
-# Copyright (C) 2009-2014 OpenWrt.org
-#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=btrfs-progs
-PKG_VERSION:=4.19.1
+PKG_VERSION:=4.20
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@KERNEL/linux/kernel/people/kdave/btrfs-progs
-PKG_HASH:=04d82af5cf479d139299a8f13ec0921f9578ca444e81ec0202f01a20d2bcefb8
+PKG_HASH:=96a4209ea9b3ea8dacbca04a467babf3422b7aee9532d923957c6af28e5f7d3d
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-v$(PKG_VERSION)
PKG_MAINTAINER:=Rosen Penev <rosenp@gmail.com>
include $(TOPDIR)/rules.mk
PKG_NAME:=lm-sensors
-PKG_VERSION:=3.3.5
-PKG_RELEASE:=4
-
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://github.com/groeck/lm-sensors.git
-PKG_SOURCE_VERSION:=f8cdcc35bff0785aecf49d9a8484a71ce3ebee4f
-PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_MIRROR_HASH:=892e9e2eed78e27fb7a08e8ce78b1164a3d101ba79a9e04f1c1273940d48cf17
+PKG_VERSION:=3.5.0
+PKG_RELEASE:=2
+
+PKG_VERSION_SUBST=$(subst .,-,$(PKG_VERSION))
+PKG_SOURCE_URL:=https://codeload.github.com/lm-sensors/lm-sensors/tar.gz/V$(PKG_VERSION_SUBST)?
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_HASH:=f671c1d63a4cd8581b3a4a775fd7864a740b15ad046fe92038bcff5c5134d7e0
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION_SUBST)
+
PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
PKG_LICENSE:=GPL-2.0+ LGPL-2.1+
define Package/lm-sensors/Default
DEPENDS:=+sysfsutils
- URL:=http://www.lm-sensors.org/
+ URL:=https://hwmon.wiki.kernel.org/lm_sensors
endef
define Package/lm-sensors
SECTION:=libs
CATEGORY:=Libraries
TITLE:=libsensors
+ ABI_VERSION:=5
endef
define Package/lm-sensors/description
+++ /dev/null
---- a/prog/dump/isadump.c
-+++ b/prog/dump/isadump.c
-@@ -38,7 +38,7 @@
-
-
- /* To keep glibc2 happy */
--#if defined(__GLIBC__) && __GLIBC__ == 2 && __GLIBC_MINOR__ >= 0
-+#if !defined(__UCLIBC__)
- #include <sys/io.h>
- #else
- #include <asm/io.h>
---- a/prog/dump/isaset.c
-+++ b/prog/dump/isaset.c
-@@ -34,7 +34,7 @@
-
-
- /* To keep glibc2 happy */
--#if defined(__GLIBC__) && __GLIBC__ == 2 && __GLIBC_MINOR__ >= 0
-+#if !defined(__UCLIBC__)
- #include <sys/io.h>
- #else
- #include <asm/io.h>
---- a/prog/dump/superio.c
-+++ b/prog/dump/superio.c
-@@ -21,7 +21,7 @@
-
- #include <stdlib.h>
-
--#if defined(__GLIBC__) && __GLIBC__ == 2 && __GLIBC_MINOR__ >= 0
-+#if !defined(__UCLIBC__)
- #include <sys/io.h>
- #else
- #include <asm/io.h>
---- a/prog/dump/util.c
-+++ b/prog/dump/util.c
-@@ -12,7 +12,7 @@
- #include "util.h"
-
- /* To keep glibc2 happy */
--#if defined(__GLIBC__) && __GLIBC__ == 2 && __GLIBC_MINOR__ >= 0
-+#if !defined(__UCLIBC__)
- #include <sys/io.h>
- #else
- #include <asm/io.h>
include $(TOPDIR)/rules.mk
PKG_NAME:=prometheus
-PKG_VERSION:=2.6.0
+PKG_VERSION:=2.6.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/prometheus/prometheus/tar.gz/v${PKG_VERSION}?
-PKG_HASH:=e0d3e77e45466fd055726268354a02834968a3275791be6cbd17513ec7860c1d
+PKG_HASH:=3ece7541e090e6c11c0c35a0856b99005094aded0152e1e3e71ea2390ac8069f
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
-PKG_MAINTAINER:=Paul Spooren <spooren@informatik.uni-leipzig.de>
+PKG_MAINTAINER:=Paul Spooren <mail@aparcar.org>
PKG_BUILD_DEPENDS:=golang/host
PKG_BUILD_PARALLEL:=1
PKG_NAME:=rtl-ais
PKG_VERSION:=0.3
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/dgiardini/rtl-ais/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=01e2b675226ec403c409cec8b55999008f5c7aa9e82d6c0ba085ef13b200ceb1
+PKG_MAINTAINER:=Nuno Goncalves <nunojpg@gmail.com>
PKG_LICENSE:=GPL-2.0+
PKG_LICENSE_FILES:=COPYING
-PKG_MAINTAINER:=Nuno Goncalves <nunojpg@gmail.com>
-
include $(INCLUDE_DIR)/package.mk
define Package/rtl-ais
/etc/config/rtl_ais
endef
+TARGET_CFLAGS += -std=gnu89
+
define Package/rtl-ais/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/rtl_ais $(1)/usr/bin/
include $(INCLUDE_DIR)/uclibc++.mk
PKG_NAME:=smartmontools
-PKG_VERSION:=6.6
+PKG_VERSION:=7.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/smartmontools
-PKG_HASH:=51f43d0fb064fccaf823bbe68cf0d317d0895ff895aa353b3339a3b316a53054
+PKG_HASH:=e5e1ac2786bc87fdbd6f92d0ee751b799fbb3e1a09c0a6a379f9eb64b3e8f61c
+
PKG_MAINTAINER:=Maxim Storchak <m.storchak@gmail.com>
PKG_LICENSE:=GPL-2.0+
PKG_LICENSE_FILES:=COPYING
-PKG_FIXUP:=autoreconf
+PKG_BUILD_PARALLEL:=1
+PKG_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
endef
ifeq ($(CONFIG_USE_UCLIBCXX),y)
- UCXXCFLAGS:=-fno-builtin -fno-rtti -nostdinc++
- UCXXCPPFLAGS:=-I$(STAGING_DIR)/usr/include/uClibc++
- UCXXLIBS:=-nodefaultlibs -lc -luClibc++
+TARGET_LDFLAGS +=-nodefaultlibs
+else
+CONFIGURE_VARS += with_cxx11_regex=yes
endif
+TARGET_LDFLAGS += -flto
+
+TARGET_CXXFLAGS +=-fno-rtti -flto
+MAKE_FLAGS +=BUILD_INFO='"(localbuild)"'
+CONFIGURE_ARGS += \
+ --disable-fast-lebe \
+ --without-gnupg \
+ --without-libcap-ng \
+ --without-libsystemd
+
+#lower file size vs. CONFIGURE_ARGS
CONFIGURE_VARS += \
- CXXFLAGS="$$$$CXXFLAGS $(UCXXCFLAGS)" \
- CPPFLAGS="$$$$CPPFLAGS $(UCXXCPPFLAGS) -I$(LINUX_DIR)/include" \
- LDFLAGS="$$$$LDFLAGS" \
- LIBS="$(UCXXLIBS) -lm $(LIBGCC_S) -lc" \
-
-define Build/Compile
- $(MAKE) -C $(PKG_BUILD_DIR) \
- BUILD_INFO='"(localbuild)"' \
- LD="$(TARGET_CXX)"
-endef
+ with_smartdplugindir=no \
+ with_systemdenvfile=no \
+ with_systemdsystemunitdir=no \
+ with_update_smart_drivedb=no
define Package/smartmontools/install
$(INSTALL_DIR) $(1)/usr/sbin
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/smartctl $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/smartctl $(1)/usr/sbin/
+ $(INSTALL_DIR) $(1)/usr/share
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/smartmontools/drivedb.h $(1)/usr/share/smartmontools
endef
define Package/smartd/install
$(INSTALL_DIR) $(1)/usr/sbin
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/smartd $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/smartd $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/etc
$(INSTALL_DATA) ./files/smartd.conf $(1)/etc/
$(INSTALL_DIR) $(1)/etc/init.d
+++ /dev/null
-commit 2473c5e01ea14fae96c157d8bce3a3ec1da124f3
-Author: Maxim Storchak <m.storchak@gmail.com>
-Date: Sat Dec 9 15:21:51 2017 +0200
-
- Replace canonicalize_file_name with realpath equivalent
-
-diff --git a/os_linux.cpp b/os_linux.cpp
-index 134d5bc..0575a13 100644
---- a/os_linux.cpp
-+++ b/os_linux.cpp
-@@ -3176,7 +3176,7 @@ static bool is_hpsa(const char * name)
- {
- char path[128];
- snprintf(path, sizeof(path), "/sys/block/%s/device", name);
-- char * syshostpath = canonicalize_file_name(path);
-+ char * syshostpath = realpath(path, NULL);
- if (!syshostpath)
- return false;
-
PKG_NAME:=unzip
PKG_REV:=60
PKG_VERSION:=6.0
-PKG_RELEASE:=6
+PKG_RELEASE:=8
PKG_SOURCE:=$(PKG_NAME)$(PKG_REV).tar.gz
PKG_SOURCE_URL:=@SF/infozip
PKG_LICENSE:=BSD-4-Clause
PKG_LICENSE_FILES:=LICENSE
+PKG_CPE_ID:=cpe:/a:info-zip:unzip
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)/unzip$(PKG_REV)
PKG_CHECK_FORMAT_SECURITY:=0
--- /dev/null
+--- a/fileio.c
++++ b/fileio.c
+@@ -1,5 +1,5 @@
+ /*
+- Copyright (c) 1990-2009 Info-ZIP. All rights reserved.
++ Copyright (c) 1990-2017 Info-ZIP. All rights reserved.
+
+ See the accompanying file LICENSE, version 2009-Jan-02 or later
+ (the contents of which are also included in unzip.h) for terms of use.
+@@ -1582,6 +1582,8 @@
+ int r = IZ_PW_ENTERED;
+ char *m;
+ char *prompt;
++ char *ep;
++ char *zp;
+
+ #ifndef REENTRANT
+ /* tell picky compilers to shut up about "unused variable" warnings */
+@@ -1590,9 +1592,12 @@
+
+ if (*rcnt == 0) { /* First call for current entry */
+ *rcnt = 2;
+- if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
+- sprintf(prompt, LoadFarString(PasswPrompt),
+- FnFilter1(zfn), FnFilter2(efn));
++ zp = FnFilter1( zfn);
++ ep = FnFilter2( efn);
++ prompt = (char *)malloc( /* Slightly too long (2* "%s"). */
++ sizeof( PasswPrompt)+ strlen( zp)+ strlen( ep));
++ if (prompt != (char *)NULL) {
++ sprintf(prompt, LoadFarString(PasswPrompt), zp, ep);
+ m = prompt;
+ } else
+ m = (char *)LoadFarString(PasswPrompt2);