PKG_NAME:=syslog-ng
PKG_VERSION:=3.9.1
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/balabit/syslog-ng/releases/download/$(PKG_NAME)-$(PKG_VERSION)/
-PKG_MD5SUM:=1b48da9ef620cf06e55e481b5abb677a
PKG_HASH:=5678856a550ae790618fabde9d1447f932ce7a9080d55dca8fc5df1202c70a17
PKG_INSTALL:=1
endef
define Package/syslog-ng/conffiles
- /etc/syslog-ng.conf
+/etc/syslog-ng.conf
+/etc/syslog-ng.d/
endef
define Build/Configure
install-moduleLTLIBRARIES DESTDIR="$(1)"
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/syslog-ng.init $(1)/etc/init.d/syslog-ng
- $(INSTALL_DIR) $(1)/etc
$(INSTALL_DATA) ./files/syslog-ng.conf $(1)/etc
+ $(INSTALL_DIR) $(1)/etc/syslog-ng.d/
$(call libtool_remove_files,$(1))
endef
+++ /dev/null
-# place to put customization of logging
-
destination(messages);
};
-@include "/etc/custom-logs.conf"
+# put any customization files in this directory
+@include "/etc/syslog-ng.d/"
# Copyright (C) 2006-2016 OpenWrt.org
START=20
+PROG=/usr/sbin/syslog-ng
+PROG2=/usr/sbin/syslog-ng-ctl
SERVICE_USE_PID=1
+SERVICE_PID_FILE=/var/run/syslog-ng.pid
+
+config_file=/etc/syslog-ng.conf
start() {
- [ -f /etc/syslog-ng.conf ] || return 1
- service_start /usr/sbin/syslog-ng
+ [ -f $config_file ] || return 1
+
+ if ! $PROG -s 2>/dev/null ; then
+ echo "Couldn't parse $(basename $config_file)" >&2
+ exit 1
+ fi
+
+ service_start $PROG --process-mode background \
+ -p $SERVICE_PID_FILE
}
stop() {
- service_stop /usr/sbin/syslog-ng
+ service_stop $PROG
}
reload() {
- service_reload /usr/sbin/syslog-ng
+ $PROG2 reload
}
include $(TOPDIR)/rules.mk
PKG_NAME:=php
-PKG_VERSION:=7.1.6
-PKG_RELEASE:=2
+PKG_VERSION:=7.1.7
+PKG_RELEASE:=1
PKG_MAINTAINER:=Michael Heimpold <mhei@heimpold.de>
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://www.php.net/distributions/
-PKG_MD5SUM:=eafc7a79cc8cc62c9292c96f9c9ccf90
-PKG_HASH:=01584dc521ab7ec84b502b61952f573652fe6aa00c18d6d844fb9209f14b245b
+PKG_HASH:=0d42089729be7b2bb0308cbe189c2782f9cb4b07078c8a235495be5874fff729
PKG_FIXUP:=libtool autoreconf
PKG_BUILD_PARALLEL:=1
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
-PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
+PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>, Alexandru Ardelean <ardeleanalex@gmail.com>
+
+HOST_PYTHON_PACKAGE_BUILD_DEPENDS:="cffi==$(PKG_VERSION)"
+HOST_PYTHON3_PACKAGE_BUILD_DEPENDS:="cffi==$(PKG_VERSION)"
include $(INCLUDE_DIR)/package.mk
$(call include_mk, python-package.mk)
include $(TOPDIR)/rules.mk
-PKG_NAME:=cryptography
-PKG_VERSION:=1.5.1
-PKG_RELEASE:=2
+PKG_NAME:=python-cryptography
+PKG_VERSION:=1.9
+PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://pypi.python.org/packages/21/e1/37fc14f9d77924e84ba0dcb88eb8352db914583af229287c6c965d66ba0d
-PKG_MD5SUM:=66a3e01f5f436d2413ef47b7e6bb7729
-
-PKG_BUILD_DEPENDS:=python-cffi/host
+PKG_SOURCE:=cryptography-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://pypi.python.org/packages/2a/0c/31bd69469e90035381f0197b48bf71032991d9f07a7e444c311b4a23a3df
+PKG_HASH:=5518337022718029e367d982642f3e3523541e098ad671672a90b82474c84882
PKG_LICENSE:=Apache-2.0 BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE.APACHE LICENSE.BSD
-PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
+PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>, Alexandru Ardelean <ardeleanalex@gmail.com>
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(BUILD_VARIANT)-cryptography-$(PKG_VERSION)
include $(INCLUDE_DIR)/package.mk
$(call include_mk, python-package.mk)
+$(call include_mk, python3-package.mk)
+
+PKG_UNPACK:=$(HOST_TAR) -C $(PKG_BUILD_DIR) --strip-components=1 -xzf $(DL_DIR)/$(PKG_SOURCE)
+
+define Package/python-cryptography/Default
+ SECTION:=lang
+ CATEGORY:=Languages
+ SUBMENU:=Python
+ URL:=https://github.com/pyca/cryptography
+ DEPENDS:=+libopenssl
+endef
define Package/python-cryptography
- SECTION:=lang
- CATEGORY:=Languages
- SUBMENU:=Python
- TITLE:=python-cryptography
- URL:=https://github.com/pyca/cryptography
- DEPENDS:=+libopenssl +python +python-cffi +python-enum34 +python-idna +python-ipaddress +python-pyasn1 +python-six +python-setuptools
+$(call Package/python-cryptography/Default)
+ TITLE:=python-cryptography
+ DEPENDS+= \
+ +PACKAGE_python-cryptography:python \
+ +PACKAGE_python-cryptography:python-cffi \
+ +PACKAGE_python-cryptography:python-enum34 \
+ +PACKAGE_python-cryptography:python-idna \
+ +PACKAGE_python-cryptography:python-ipaddress \
+ +PACKAGE_python-cryptography:python-pyasn1 \
+ +PACKAGE_python-cryptography:python-six
+ VARIANT:=python
+endef
+
+define Package/python3-cryptography
+$(call Package/python-cryptography/Default)
+ TITLE:=python3-cryptography
+ DEPENDS+= \
+ +PACKAGE_python3-cryptography:python3 \
+ +PACKAGE_python3-cryptography:python3-cffi \
+ +PACKAGE_python3-cryptography:python3-idna \
+ +PACKAGE_python3-cryptography:python3-pyasn1 \
+ +PACKAGE_python3-cryptography:python3-six
+ VARIANT:=python3
endef
define Package/python-cryptography/description
standard library". It supports Python 2.6-2.7, Python 3.3+, and PyPy 2.6+.
endef
+define Package/python3-cryptography/description
+$(call Package/python-cryptography/description)
+.
+(Variant for Python3)
+endef
+
define PyPackage/python-cryptography/filespec
+|$(PYTHON_PKG_DIR)
-|$(PYTHON_PKG_DIR)/cryptography/hazmat/backends/commoncrypto
-|$(PYTHON_PKG_DIR)/cryptography/hazmat/bindings/commoncrypto
endef
-define Build/Compile
- $(call Build/Compile/PyMod,,install --prefix="/usr" --root="$(PKG_INSTALL_DIR)")
+define Py3Package/python3-cryptography/filespec
++|$(PYTHON3_PKG_DIR)
+-|$(PYTHON3_PKG_DIR)/cryptography/hazmat/backends/commoncrypto
+-|$(PYTHON3_PKG_DIR)/cryptography/hazmat/bindings/commoncrypto
endef
$(eval $(call PyPackage,python-cryptography))
$(eval $(call BuildPackage,python-cryptography))
+$(eval $(call Py3Package,python3-cryptography))
+$(eval $(call BuildPackage,python3-cryptography))
include $(TOPDIR)/rules.mk
-PKG_NAME:=idna
-PKG_VERSION:=2.1
+PKG_NAME:=python-idna
+PKG_VERSION:=2.5
PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://pypi.python.org/packages/source/i/idna
-PKG_MD5SUM:=f6473caa9c5e0cc1ad3fd5d04c3c114b
-
-PKG_BUILD_DEPENDS:=python python-setuptools
+PKG_SOURCE:=idna-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://pypi.python.org/packages/d8/82/28a51052215014efc07feac7330ed758702fc0581347098a81699b5281cb
+PKG_HASH:=3cb5ce08046c4e3a560fc02f138d0ac63e00f8ce5901a56b32ec8b7994082aab
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE.rst
-PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
+PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>, Alexandru Ardelean <ardeleanalex@gmail.com>
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(BUILD_VARIANT)-idna-$(PKG_VERSION)
include $(INCLUDE_DIR)/package.mk
$(call include_mk, python-package.mk)
+$(call include_mk, python3-package.mk)
+
+PKG_UNPACK:=$(HOST_TAR) -C $(PKG_BUILD_DIR) --strip-components=1 -xzf $(DL_DIR)/$(PKG_SOURCE)
+
+define Package/python-idna/Default
+ SECTION:=lang
+ CATEGORY:=Languages
+ SUBMENU:=Python
+ URL:=https://github.com/kjd/idna
+endef
define Package/python-idna
- SECTION:=lang
- CATEGORY:=Languages
- SUBMENU:=Python
- TITLE:=python-idna
- URL:=https://github.com/kjd/idna
- DEPENDS:=+python-light
+$(call Package/python-idna/Default)
+ TITLE:=python-idna
+ DEPENDS:=+PACKAGE_python-idna:python-light
+ VARIANT:=python
+endef
+
+define Package/python3-idna
+$(call Package/python-idna/Default)
+ TITLE:=python3-idna
+ DEPENDS:=+PACKAGE_python3-idna:python3-light
+ VARIANT:=python3
endef
define Package/python-idna/description
from the earlier standard from 2003.
endef
-define Build/Compile
- $(call Build/Compile/PyMod,,install --prefix=/usr --root=$(PKG_INSTALL_DIR))
+define Package/python3-idna/description
+$(call define Package/python-idna/description)
+.
+(Variant for Python3)
endef
$(eval $(call PyPackage,python-idna))
$(eval $(call BuildPackage,python-idna))
+$(eval $(call Py3Package,python3-idna))
+$(eval $(call BuildPackage,python3-idna))
include $(TOPDIR)/rules.mk
-PKG_NAME:=pyasn1
-PKG_VERSION:=0.1.9
+PKG_NAME:=python-pyasn1
+PKG_VERSION:=0.2.3
PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://pypi.python.org/packages/source/p/pyasn1
-PKG_MD5SUM:=f00a02a631d4016818659d1cc38d229a
-
-PKG_BUILD_DEPENDS:=python python-setuptools
+PKG_SOURCE:=pyasn1-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://pypi.python.org/packages/69/17/eec927b7604d2663fef82204578a0056e11e0fc08d485fdb3b6199d9b590
+PKG_HASH:=738c4ebd88a718e700ee35c8d129acce2286542daa80a82823a7073644f706ad
PKG_LICENSE:=BSD-2-Clause
PKG_LICENSE_FILES:=LICENSE.txt
-PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
+PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>, Alexandru Ardelean <ardeleanalex@gmail.com>
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(BUILD_VARIANT)-pyasn1-$(PKG_VERSION)
include $(INCLUDE_DIR)/package.mk
$(call include_mk, python-package.mk)
+$(call include_mk, python3-package.mk)
+
+PKG_UNPACK:=$(HOST_TAR) -C $(PKG_BUILD_DIR) --strip-components=1 -xzf $(DL_DIR)/$(PKG_SOURCE)
+
+define Package/python-pyasn1/Default
+ SECTION:=lang
+ CATEGORY:=Languages
+ SUBMENU:=Python
+ URL:=http://pyasn1.sourceforge.net/
+endef
define Package/python-pyasn1
- SECTION:=lang
- CATEGORY:=Languages
- SUBMENU:=Python
- TITLE:=python-pyasn1
- URL:=http://pyasn1.sourceforge.net/
- DEPENDS:=+python-light
+$(call Package/python-pyasn1/Default)
+ TITLE:=python-pyasn1
+ DEPENDS:=+PACKAGE_python-pyasn1:python-light
+ VARIANT:=python
+endef
+
+define Package/python3-pyasn1
+$(call Package/python-pyasn1/Default)
+ TITLE:=python3-pyasn1
+ DEPENDS:=+PACKAGE_python3-pyasn1:python3-light
+ VARIANT:=python3
endef
define Package/python-pyasn1/description
based on ASN.1 specification.
endef
-define Build/Compile
- $(call Build/Compile/PyMod,,install --prefix=/usr --root=$(PKG_INSTALL_DIR))
+define Package/python3-pyasn1/description
+$(call Package/python-pyasn1/description)
+.
+(Variant for Python3)
endef
$(eval $(call PyPackage,python-pyasn1))
$(eval $(call BuildPackage,python-pyasn1))
+$(eval $(call Py3Package,python3-pyasn1))
+$(eval $(call BuildPackage,python3-pyasn1))
PKG_NAME:=python-six
PKG_VERSION:=1.10.0
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE:=six-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://pypi.python.org/packages/source/s/six
-PKG_MD5SUM:=34eed507548117b2ab523ab14b2f8b55
+PKG_HASH:=105f8d68616f8248e24bf0e9372ef04d3cc10104f1980f54d57b2ce73a5ad56a
HOST_BUILD_DEPENDS:=python/host
-PKG_BUILD_DEPENDS:=python
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(BUILD_VARIANT)-six-$(PKG_VERSION)
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
-PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
+PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>, Alexandru Ardelean <ardeleanalex@gmail.com>
include $(INCLUDE_DIR)/host-build.mk
include $(INCLUDE_DIR)/package.mk
$(call include_mk, python-package.mk)
+$(call include_mk, python3-package.mk)
PKG_UNPACK:=$(HOST_TAR) -C $(PKG_BUILD_DIR) --strip-components=1 -xzf $(DL_DIR)/$(PKG_SOURCE)
HOST_UNPACK:=$(HOST_TAR) -C $(HOST_BUILD_DIR) --strip-components=1 -xzf $(DL_DIR)/$(PKG_SOURCE)
+define Package/python-six/Default
+ SECTION:=lang
+ CATEGORY:=Languages
+ SUBMENU:=Python
+ URL:=https://pypi.python.org/pypi/six
+endef
+
define Package/python-six
- SECTION:=lang
- CATEGORY:=Languages
- SUBMENU:=Python
- TITLE:=python-six
- URL:=https://pypi.python.org/pypi/six
- DEPENDS:=+python-light
+$(call Package/python-six/Default)
+ TITLE:=python-six
+ DEPENDS:=+PACKAGE_python-six:python-light
+ VARIANT:=python
+endef
+
+define Package/python3-six
+$(call Package/python-six/Default)
+ TITLE:=python3-six
+ DEPENDS:=+PACKAGE_python3-six:python3-light
+ VARIANT:=python3
endef
define Package/python-six/description
documentation for more information on what is provided.
endef
-define Build/Compile
- $(call Build/Compile/PyMod,,install --prefix=/usr --root=$(PKG_INSTALL_DIR))
+define Package/python3-six/description
+$(call Package/python-six/description)
+.
+(Variant for Python3)
endef
define Host/Compile
$(eval $(call PyPackage,python-six))
$(eval $(call BuildPackage,python-six))
+$(eval $(call Py3Package,python3-six))
+$(eval $(call BuildPackage,python3-six))
PKG_NAME:=ipsec-tools
PKG_VERSION:=0.8.2
-PKG_RELEASE:=6
+PKG_RELEASE:=7
PKG_MAINTAINER:=Noah Meyerhans <frodo@morgul.net>, \
Vitaly Protsko <villy@sft.ru>
PKG_LICENSE := BSD-3-Clause
--- /dev/null
+Description: Fix remotely exploitable DoS. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10396
+Source: vendor; https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51682
+Bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867986
+
+Index: ipsec-tools-0.8.2/src/racoon/isakmp_frag.c
+===================================================================
+--- ipsec-tools-0.8.2.orig/src/racoon/isakmp_frag.c
++++ ipsec-tools-0.8.2/src/racoon/isakmp_frag.c
+@@ -1,4 +1,4 @@
+-/* $NetBSD: isakmp_frag.c,v 1.5 2009/04/22 11:24:20 tteras Exp $ */
++/* $NetBSD: isakmp_frag.c,v 1.5.36.1 2017/04/21 16:50:42 bouyer Exp $ */
+
+ /* Id: isakmp_frag.c,v 1.4 2004/11/13 17:31:36 manubsd Exp */
+
+@@ -173,6 +173,43 @@ vendorid_frag_cap(gen)
+ return ntohl(hp[MD5_DIGEST_LENGTH / sizeof(*hp)]);
+ }
+
++static int
++isakmp_frag_insert(struct ph1handle *iph1, struct isakmp_frag_item *item)
++{
++ struct isakmp_frag_item *pitem = NULL;
++ struct isakmp_frag_item *citem = iph1->frag_chain;
++
++ /* no frag yet, just insert at beginning of list */
++ if (iph1->frag_chain == NULL) {
++ iph1->frag_chain = item;
++ return 0;
++ }
++
++ do {
++ /* duplicate fragment number, abort (CVE-2016-10396) */
++ if (citem->frag_num == item->frag_num)
++ return -1;
++
++ /* need to insert before current item */
++ if (citem->frag_num > item->frag_num) {
++ if (pitem != NULL)
++ pitem->frag_next = item;
++ else
++ /* insert at the beginning of the list */
++ iph1->frag_chain = item;
++ item->frag_next = citem;
++ return 0;
++ }
++
++ pitem = citem;
++ citem = citem->frag_next;
++ } while (citem != NULL);
++
++ /* we reached the end of the list, insert */
++ pitem->frag_next = item;
++ return 0;
++}
++
+ int
+ isakmp_frag_extract(iph1, msg)
+ struct ph1handle *iph1;
+@@ -224,39 +261,43 @@ isakmp_frag_extract(iph1, msg)
+ item->frag_next = NULL;
+ item->frag_packet = buf;
+
+- /* Look for the last frag while inserting the new item in the chain */
+- if (item->frag_last)
+- last_frag = item->frag_num;
++ /* Check for the last frag before inserting the new item in the chain */
++ if (item->frag_last) {
++ /* if we have the last fragment, indices must match */
++ if (iph1->frag_last_index != 0 &&
++ item->frag_last != iph1->frag_last_index) {
++ plog(LLV_ERROR, LOCATION, NULL,
++ "Repeated last fragment index mismatch\n");
++ racoon_free(item);
++ vfree(buf);
++ return -1;
++ }
+
+- if (iph1->frag_chain == NULL) {
+- iph1->frag_chain = item;
+- } else {
+- struct isakmp_frag_item *current;
++ last_frag = iph1->frag_last_index = item->frag_num;
++ }
+
+- current = iph1->frag_chain;
+- while (current->frag_next) {
+- if (current->frag_last)
+- last_frag = item->frag_num;
+- current = current->frag_next;
+- }
+- current->frag_next = item;
++ /* insert fragment into chain */
++ if (isakmp_frag_insert(iph1, item) == -1) {
++ plog(LLV_ERROR, LOCATION, NULL,
++ "Repeated fragment index mismatch\n");
++ racoon_free(item);
++ vfree(buf);
++ return -1;
+ }
+
+- /* If we saw the last frag, check if the chain is complete */
++ /* If we saw the last frag, check if the chain is complete
++ * we have a sorted list now, so just walk through */
+ if (last_frag != 0) {
++ item = iph1->frag_chain;
+ for (i = 1; i <= last_frag; i++) {
+- item = iph1->frag_chain;
+- do {
+- if (item->frag_num == i)
+- break;
+- item = item->frag_next;
+- } while (item != NULL);
+-
++ if (item->frag_num != i)
++ break;
++ item = item->frag_next;
+ if (item == NULL) /* Not found */
+ break;
+ }
+
+- if (item != NULL) /* It is complete */
++ if (i > last_frag) /* It is complete */
+ return 1;
+ }
+
+@@ -291,15 +332,9 @@ isakmp_frag_reassembly(iph1)
+ }
+ data = buf->v;
+
++ item = iph1->frag_chain;
+ for (i = 1; i <= frag_count; i++) {
+- item = iph1->frag_chain;
+- do {
+- if (item->frag_num == i)
+- break;
+- item = item->frag_next;
+- } while (item != NULL);
+-
+- if (item == NULL) {
++ if (item->frag_num != i) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "Missing fragment #%d\n", i);
+ vfree(buf);
+@@ -308,6 +343,7 @@ isakmp_frag_reassembly(iph1)
+ }
+ memcpy(data, item->frag_packet->v, item->frag_packet->l);
+ data += item->frag_packet->l;
++ item = item->frag_next;
+ }
+
+ out:
+Index: ipsec-tools-0.8.2/src/racoon/isakmp_inf.c
+===================================================================
+--- ipsec-tools-0.8.2.orig/src/racoon/isakmp_inf.c
++++ ipsec-tools-0.8.2/src/racoon/isakmp_inf.c
+@@ -720,6 +720,7 @@ isakmp_info_send_nx(isakmp, remote, loca
+ #endif
+ #ifdef ENABLE_FRAG
+ iph1->frag = 0;
++ iph1->frag_last_index = 0;
+ iph1->frag_chain = NULL;
+ #endif
+
+Index: ipsec-tools-0.8.2/src/racoon/isakmp.c
+===================================================================
+--- ipsec-tools-0.8.2.orig/src/racoon/isakmp.c
++++ ipsec-tools-0.8.2/src/racoon/isakmp.c
+@@ -1071,6 +1071,7 @@ isakmp_ph1begin_i(rmconf, remote, local)
+ iph1->frag = 1;
+ else
+ iph1->frag = 0;
++ iph1->frag_last_index = 0;
+ iph1->frag_chain = NULL;
+ #endif
+ iph1->approval = NULL;
+@@ -1175,6 +1176,7 @@ isakmp_ph1begin_r(msg, remote, local, et
+ #endif
+ #ifdef ENABLE_FRAG
+ iph1->frag = 0;
++ iph1->frag_last_index = 0;
+ iph1->frag_chain = NULL;
+ #endif
+ iph1->approval = NULL;
+Index: ipsec-tools-0.8.2/src/racoon/handler.h
+===================================================================
+--- ipsec-tools-0.8.2.orig/src/racoon/handler.h
++++ ipsec-tools-0.8.2/src/racoon/handler.h
+@@ -1,4 +1,4 @@
+-/* $NetBSD: handler.h,v 1.25 2010/11/17 10:40:41 tteras Exp $ */
++/* $NetBSD: handler.h,v 1.26 2017/01/24 19:23:56 christos Exp $ */
+
+ /* Id: handler.h,v 1.19 2006/02/25 08:25:12 manubsd Exp */
+
+@@ -141,6 +141,7 @@ struct ph1handle {
+ #endif
+ #ifdef ENABLE_FRAG
+ int frag; /* IKE phase 1 fragmentation */
++ int frag_last_index;
+ struct isakmp_frag_item *frag_chain; /* Received fragments */
+ #endif
+
--- /dev/null
+# Configuring NTPD with UCI
+
+## Precedent
+Sysntpd is the lightweight implementation of the NTP protocol under
+Busybox. It supports many (but not all) of the same parameters.
+
+It is configured as a `config timeserver ntp` section in `/etc/config/system`,
+below.
+
+## Configuration
+
+A sample configuration looks like:
+
+**/etc/config/system**:
+
+```
+config timeserver ntp
+ option enabled 1
+ option enable_server 1
+ list server tick.udel.edu
+ list server tock.udel.edu
+ list interface eth0
+ list interface eth1
+ list interface eth2
+```
+
+If you want to temporarily disable the service without deleting all of the
+configuration state, this is done by clearing the `enabled` parameter. If
+this parameter is `1` (the default), the service is enabled.
+
+The service can run as a stand-alone client (`enable_server 0`, the default)
+or it can also operate as a server in turn to local clients, by setting this
+parameter to `1`.
+
+The parameter(s) `server` enumerate a list of servers to be used for
+reference NTP servers by the local daemon. At least one is required,
+and two or more are recommended (unless you have an extremely available
+local server). They should be picked to be geographically divergent,
+and preferrably reachable via different network carriers to protect
+against network partitions, etc. They should also be high-quality
+time providers (i.e. having stable, accurate clock sources).
+
+The `interface` parameter enumerates the list of interfaces on which
+the server is reachable (see `enable_server 1` above), and may be a
+subset of all of the interfaces present on the system. For security
+reasons, you may elect to only offer the service on internal networks.
+If omitted, it defaults to _all_ interfaces.
+
+## Differences with `sysntpd`
+
+Busybox `sysntpd` supports configuring servers based on DHCP
+provisioning (option 6, per the [DHCP and BOOTP
+Parameter](https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml)
+list from IANA). This functionality is enabled (in Busybox) with the
+`use_dhcp` boolean parameter (default `1`), and the `dhcp_interface`
+list parameter, which enumerates the interfaces whose provisioning
+is to be utilized.
+
+### Considerations for DHCP-provisioned NTP servers
+
+Most terrestrial and satellite ISPs have access to very high-quality
+clock sources (these are required to maintain synchronization on T3,
+OC3, etc trunks or earth terminals) but seldom offer access to those
+time sources via NTP in turn to their clients, mostly from a misplaced
+fear that their time source might come under attack (a slave closely
+tied to the master could also provide extremely high-quality time
+without the risk of network desynchronization should it come under
+sophisticated attack).
+
+As a result, the NTP servers that your ISP may point you at are
+often of unknown/unverified quality, and you use them at your own
+risk.
+
+Early millenial versions of Windows (2000, XP, etc) used NTP only
+to _initially set_ the clock to approximately 100ms accuracy (and
+not maintain sychronization), so the bar wasn't set very high.
+Since then, requirements for higher-qualty timekeeping have
+arisen (e.g. multi-master SQL database replication), but most ISPs
+have not kept up with the needs of their users.
+
+Current releases of Windows use Domain Controllers for time
+acquisition via the [NT5DS protocol](https://blogs.msdn.microsoft.com/w32time/2007/07/07/what-is-windows-time-service/)
+when domain joined.
+
+Because of the unreliable quality of NTP servers DHCP-provisioned by
+ISPs, support for this functionality was deemed unnecessary.
PROG=/sbin/ntpd
HOTPLUG_HELPER=/usr/sbin/ntpd.hotplug-helper
+config_file=/var/run/ntpd.conf
+
+trunc() {
+ echo -n "" > $config_file
+}
+
+emit() {
+ echo -e "$@" >> $config_file
+}
+
+validate_ntp_section() {
+ uci_validate_section system timeserver "${1}" \
+ 'server:list(host)' 'enabled:bool:1' 'enable_server:bool:0' \
+ 'interface:list(string)'
+}
+
start_service() {
+ local server enabled enable_server interface intf
+
+ validate_ntp_section ntp || {
+ echo "validation failed"
+ return 1
+ }
+
+ [ "$enabled" = 0 ] && return
+
+ [ -z "$server" -a "$enable_server" = 0 ] && return
+
+ # not sure that the interfaces enumerated should be validated,
+ # since some of them might be dynamic interfaces (like IPsec
+ # tunnels) which aren't known by ubus.
+
+ trunc
+ emit "driftfile /var/lib/ntp/ntp.drift\n"
+
+ if [ "$enable_server" != 0 ]; then
+ emit "restrict default limited kod nomodify notrap nopeer"
+ emit "restrict -6 default limited kod nomodify notrap nopeer"
+ else
+ emit "restrict -4 default noserve"
+ emit "restrict -6 default noserve"
+ fi
+ emit "restrict source noquery"
+
+ emit "\n# No limits for local monitoring"
+ emit "restrict 127.0.0.1"
+ emit "restrict -6 ::1\n"
+
+ if [ -n "$interface" ]; then
+ local loopback=$(ubus call network.interface dump | jsonfilter -e "@.interface[@.interface='loopback']['device']")
+
+ local saw_lo=
+ for intf in $interface; do
+ emit "interface listen $intf"
+ [ "$intf" = "$loopback" ] && saw_lo=1
+ done
+ [ -z "$saw_lo" ] && emit "interface listen $loopback"
+ emit ""
+ fi
+
+ emit "server $server iburst"
+
mkdir -p /var/lib/ntp
chown -R ntp:ntp /var/lib/ntp
procd_open_instance
- procd_set_param command $PROG -g -u ntp:ntp -p /var/run/ntpd.pid -n
+ procd_set_param command $PROG -g -u ntp:ntp -p /var/run/ntpd.pid -n \
+ -c $config_file
procd_close_instance
procd_open_instance
#
-# Copyright (C) 2006-2016 OpenWrt.org
+# Copyright (C) 2006-2017 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
PKG_NAME:=privoxy
PKG_VERSION:=3.0.26
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=privoxy-$(PKG_VERSION)-stable-src.tar.gz
PKG_SOURCE_URL:=@SF/ijbswa
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=LICENSE
-PKG_MAINTAINER:=Christian Schoenebeck <christian.schoenebeck@gmail.com>
+PKG_MAINTAINER:=
PKG_CONFIG_DEPENDS:= \
CONFIG_IPV6 \
Run as : $(USERID)
Version: $(PKG_VERSION)-$(PKG_RELEASE)
Home : $(URL)
- $(PKG_MAINTAINER)
source "$(SOURCE)/Config.in"
endef
#
PKG_NAME:=shadowsocks-libev
PKG_VERSION:=3.0.7
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev/releases/download/v$(PKG_VERSION)
EOF
endef
+define Build/Prepare
+ $(call Build/Prepare/Default)
+ $(FIND) $(PKG_BUILD_DIR) \
+ -name '*.o' \
+ -o -name '*.lo' \
+ -o -name '.deps' \
+ -o -name '.libs' \
+ | $(XARGS) rm -rvf
+endef
+
CONFIGURE_ARGS += \
--disable-documentation \
--disable-silent-rules \
PKG_VERSION:=4.22-9634
PKG_VERREL:=beta
PKG_VERDATE:=2016.11.27
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=softether-src-v$(PKG_VERSION)-$(PKG_VERREL).tar.gz
PKG_SOURCE_URL:=http://www.softether-download.com/files/softether/v$(PKG_VERSION)-$(PKG_VERREL)-$(PKG_VERDATE)-tree/Source_Code/
-f src/makefiles/linux_$(if $(CONFIG_ARCH_64BIT),64,32)bit.mak
# Map nonstandard CCFLAGS variable to standard TARGET_CFLAGS
-MAKE_VARS += \
- CCFLAGS="$(TARGET_CFLAGS)"
+MAKE_FLAGS += \
+ CC="$(TARGET_CC) $(TARGET_CFLAGS) $(TARGET_CPPFLAGS) $(TARGET_LDFLAGS)"
define Build/Configure
# Fetch prebuilt hamcore.se2 from staging dir
--without-png \
--without-sndfile \
--with-lame \
- --with-id3tag
+ --with-id3tag \
+ --disable-openmp
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(INSTALL_BIN) ./files/attendedsysupgrade.acl $(1)/usr/share/rpcd/acl.d/attendedsysupgrade.json
$(INSTALL_DIR) $(1)/usr/libexec/rpcd/
- $(INSTALL_BIN) ./files/attendedsysupgrade $(1)/usr/libexec/rpcd/attendedsysupgrade
+ $(INSTALL_BIN) ./files/attendedsysupgrade.rpcd $(1)/usr/libexec/rpcd/attendedsysupgrade
$(INSTALL_DIR) $(1)/etc/uci-defaults/
$(INSTALL_BIN) ./files/attendedsysupgrade.defaults $(1)/etc/uci-defaults/attendedsysupgrade