include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=debian-archive-keyring
-PKG_VERSION:=2019.1
-PKG_RELEASE:=2
+PKG_VERSION:=2021.1.1
+PKG_RELEASE:=$(AUTORELEASE)
-PKG_SOURCE:=debian-archive-keyring_2019.1_all.deb
+PKG_SOURCE:=debian-archive-keyring_2021.1.1_all.deb
PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/main/d/debian-archive-keyring/
-PKG_HASH:=9cefd8917f3d97a999c136aa87f04a3024408b5bc1de470de7d6dfa5e4bd4361
+PKG_HASH:=56beca470dcd9b6d7e6c3c9e9d702101e01e9467e62810a8c357bd7b9c26251d
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
include $(TOPDIR)/rules.mk
PKG_NAME:=gitlab-runner
-PKG_VERSION:=13.10.0
+PKG_VERSION:=13.11.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://gitlab.com/gitlab-org/gitlab-runner/-/archive/v$(PKG_VERSION)
-PKG_HASH:=f179d6c51867c2a7dcda4a537d152214b25734f78dcfb7bb05fe07b67c1a9b17
+PKG_HASH:=7bc15d89f7b0551c4dd236d3ef846cf7840175fa1638fa58d0ccd12f3c04a56b
PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec@nic.cz>
PKG_LICENSE:=MIT
PKG_SOURCE:=generate-ipv6-address-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.irif.fr/~jch/software/files/
PKG_HASH:=e1356d245d5f891fa39b796a8a2deefdaa89f08130dc97a378738ca5ed9a20fa
-PKG_INSTALL:=1
PKG_MAINTAINER:=Nick Hainke <vincent@systemli.org>
PKG_LICENSE:=MIT
address (an Ethernet hardware address) or a randomly drawn host number.
endef
-MAKE_FLAGS += \
- PREFIX="$(PKG_INSTALL_DIR)/usr"
+define Build/Compile
+ $(TARGET_CC) $(TARGET_CFLAGS) $(TARGET_LDFLAGS) $(PKG_BUILD_DIR)/generate-ipv6-address.c -o $(PKG_BUILD_DIR)/generate-ipv6-address
+endef
define Package/generate-ipv6-address/install
$(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/generate-ipv6-address $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/generate-ipv6-address $(1)/usr/bin/
endef
$(eval $(call BuildPackage,generate-ipv6-address))
include $(TOPDIR)/rules.mk
PKG_NAME:=ksmbd
-PKG_VERSION:=3.3.8
+PKG_VERSION:=3.3.9
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/cifsd-team/cifsd/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=8c0d1beaa549053a476287972105f3cad53e9841983c54c2490f52a88e1a4828
+PKG_HASH:=c196d1773b9f89221133780fd189b550acbc56ac93c2e79260a70eab9853b3e1
PKG_MAINTAINER:=Andy Walsh <andy.walsh44+github@gmail.com>
PKG_LICENSE:=GPL-2.0-or-later
PKG_NAME:=node
PKG_VERSION:=v14.16.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://nodejs.org/dist/$(PKG_VERSION)
--- /dev/null
+--- a/tools/icu/icu-generic.gyp
++++ b/tools/icu/icu-generic.gyp
+@@ -181,6 +181,7 @@
+ '<(icu_path)/source/i18n/uspoof_wsconf.h',
+ ]}],
+ ],
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(icu_path)/source/i18n',
+ ],
+@@ -189,6 +190,7 @@
+ ],
+ 'dependencies': [ 'icuucx', 'icu_implementation', 'icu_uconfig', 'icu_uconfig_target' ],
+ 'direct_dependent_settings': {
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(icu_path)/source/i18n',
+ ],
+@@ -275,6 +277,7 @@
+ # full data - no trim needed
+ 'sources': [ '<(SHARED_INTERMEDIATE_DIR)/icudt<(icu_ver_major)_dat.<(icu_asm_ext)' ],
+ 'dependencies': [ 'genccode#host', 'icupkg#host', 'icu_implementation#host', 'icu_uconfig' ],
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(icu_path)/source/common',
+ ],
+@@ -359,6 +362,7 @@
+ # This file contains the small ICU data
+ 'sources': [ '<(SHARED_INTERMEDIATE_DIR)/icusmdt<(icu_ver_major)_dat.<(icu_asm_ext)' ],
+ # for umachine.h
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(icu_path)/source/common',
+ ],
+@@ -375,6 +379,7 @@
+ 'sources': [
+ '<@(icu_src_stubdata)'
+ ],
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(icu_path)/source/common',
+ ],
+@@ -443,6 +448,7 @@
+ '_XOPEN_SOURCE_EXTENDED=0',
+ ]}],
+ ],
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(icu_path)/source/common',
+ ],
+@@ -452,6 +458,7 @@
+ 'cflags_c': ['-std=c99'],
+ 'export_dependent_settings': [ 'icu_uconfig', 'icu_uconfig_target' ],
+ 'direct_dependent_settings': {
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(icu_path)/source/common',
+ ],
+@@ -482,6 +489,7 @@
+ '<(icu_path)/source/tools/toolutil/dbgutil.cpp',
+ '<(icu_path)/source/tools/toolutil/dbgutil.h',
+ ],
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(icu_path)/source/common',
+ '<(icu_path)/source/i18n',
+@@ -501,6 +509,7 @@
+ }]
+ ],
+ 'direct_dependent_settings': {
++ 'include_dirs!': [ '<!@(echo "$STAGING_DIR"/usr/include)' ],
+ 'include_dirs': [
+ '<(icu_path)/source/common',
+ '<(icu_path)/source/i18n',
include $(TOPDIR)/rules.mk
PKG_NAME:=perl-mail-spamassassin
-PKG_RELEASE:=4
-PKG_VERSION:=3.4.4
-PKG_HASH:=8ea27a165b81e3ce8c84ae85c3ecba1f2edfa04ef4a86f07fe28ab612fc8ff60
+PKG_RELEASE:=$(AUTORELEASE)
+PKG_VERSION:=3.4.6
+PKG_HASH:=500c7e2a7cdf3aa4dd822d97aaff2ab22235a60cf17a68ab817861d215a4e568
PKG_SOURCE_NAME:=Mail-SpamAssassin
PKG_SOURCE_URL:=@APACHE/spamassassin/source
include $(TOPDIR)/rules.mk
PKG_NAME:=perl-net-dns
-PKG_VERSION:=1.29
-PKG_RELEASE:=1
+PKG_VERSION:=1.30
+PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE_NAME:=Net-DNS
PKG_SOURCE:=$(PKG_SOURCE_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.net-dns.org/download
-PKG_HASH:=852d6ee87e8f0d014223026581cbb56924ba8cddd3ceb29c6191dbb6122d43c5
+PKG_HASH:=055e70b67255615724d91ec41788f75af317561c519971f6e6e384273b30a5da
PKG_BUILD_DIR:=$(BUILD_DIR)/perl/$(PKG_SOURCE_NAME)-$(PKG_VERSION)
HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/perl/$(PKG_SOURCE_NAME)-$(PKG_VERSION)
include $(TOPDIR)/rules.mk
PKG_NAME:=php
-PKG_VERSION:=8.0.3
+PKG_VERSION:=8.0.5
PKG_RELEASE:=1
PKG_MAINTAINER:=Michael Heimpold <mhei@heimpold.de>
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://www.php.net/distributions/
-PKG_HASH:=c9816aa9745a9695672951eaff3a35ca5eddcb9cacf87a4f04b9fb1169010251
+PKG_HASH:=5dd358b35ecd5890a4f09fb68035a72fe6b45d3ead6999ea95981a107fd1f2ab
PKG_BUILD_PARALLEL:=1
PKG_USE_MIPS16:=0
+ AC_CHECK_FUNC(mmap,[dnl
+ AC_DEFINE(HAVE_SHM_MMAP_ANON, 1, [Define if you have mmap(MAP_ANON) SHM support])
+ have_shm_mmap_anon=yes],[have_shm_mmap_anon=no])])
- AC_MSG_RESULT([$have_shm_mmap_anon=yes])
+ AC_MSG_RESULT([$have_shm_mmap_anon])
PHP_CHECK_FUNC_LIB(shm_open, rt, root)
@@ -294,8 +300,11 @@ int main() {
include $(TOPDIR)/rules.mk
PKG_NAME:=Jinja2
-PKG_VERSION:=2.11.2
-PKG_RELEASE:=1
+PKG_VERSION:=2.11.3
+PKG_RELEASE:=$(AUTORELEASE)
PYPI_NAME:=$(PKG_NAME)
-PKG_HASH:=89aab215427ef59c34ad58735269eb58b1a5808103067f7bb9d5836c651b3bb0
+PKG_HASH:=a6d58433de0ae800347cab1fa3043cebbabe8baa9d29e668f1c768cb87a333c6
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
PKG_LICENSE:=BSD-3-Clause
include $(TOPDIR)/rules.mk
PKG_NAME:=python-dotenv
-PKG_VERSION:=0.17.0
+PKG_VERSION:=0.17.1
PKG_RELEASE:=1
PYPI_NAME:=python-dotenv
-PKG_HASH:=471b782da0af10da1a80341e8438fca5fadeba2881c54360d5fd8d03d03a4f4a
+PKG_HASH:=b1ae5e9643d5ed987fc57cc2583021e38db531946518130777734f9589b3141f
PKG_MAINTAINER:=Javier Marcet <javier@marcet.info>
PKG_LICENSE:=BSD-3-Clause
include $(TOPDIR)/rules.mk
PKG_NAME:=python-engineio
-PKG_VERSION:=4.0.1
+PKG_VERSION:=4.1.0
PKG_RELEASE:=1
PYPI_NAME:=python-engineio
-PKG_HASH:=bb575c1a3512b4b5d4706f3071d5cc36e592459e99a47d9a4b7faabeba941377
+PKG_HASH:=21e1bcc62f5573a4bb1c805e69915c5a4c5aa953005dde6c2f707c24554c1020
PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec@nic.cz>
PKG_LICENSE:=MIT
include $(TOPDIR)/rules.mk
PKG_NAME:=python-gnupg
-PKG_VERSION:=0.4.6
-PKG_RELEASE:=1
+PKG_VERSION:=0.4.7
+PKG_RELEASE:=$(AUTORELEASE)
PYPI_NAME:=$(PKG_NAME)
-PKG_HASH:=3aa0884b3bd414652c2385b9df39e7b87272c2eca1b8fcc3089bc9e58652019a
+PKG_HASH:=2061f56b1942c29b92727bf9aecbd3cea3893acc9cccbdc7eb4604285efe4ac7
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE.txt
include $(TOPDIR)/rules.mk
PKG_NAME:=python-socketio
-PKG_VERSION:=5.1.0
+PKG_VERSION:=5.2.1
PKG_RELEASE:=1
PYPI_NAME:=python-socketio
-PKG_HASH:=338cc29abb6f3ca14c88f1f8d05ed27c690df4648f62062b299f92625bbf7093
+PKG_HASH:=356a8a480fa316295b439d63a5f35a7a59fe65cee1ae35dee28e87d00e5aead6
PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec@nic.cz>
PKG_LICENSE:=MIT
include $(TOPDIR)/rules.mk
PKG_NAME:=python-typing-extensions
-PKG_VERSION:=3.7.4.3
+PKG_VERSION:=3.10.0.0
PKG_RELEASE:=1
PYPI_NAME:=typing-extensions
PYPI_SOURCE_NAME:=typing_extensions
-PKG_HASH:=99d4073b617d30288f569d3f13d2bd7548c3a7e4c8de87db09a9d29bb3a4a60c
+PKG_HASH:=50b6f157849174217d0656f99dc82fe932884fb250826c18350e159ec6cdf342
PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec@nic.cz>
PKG_LICENSE:=PSF-2.0
include ../python3-version.mk
PKG_NAME:=python3
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_VERSION:=$(PYTHON3_VERSION).$(PYTHON3_VERSION_MICRO)
PKG_SOURCE:=Python-$(PKG_VERSION).tar.xz
the development of higher quality, more maintainable code.
endef
+define Package/libpython3
+$(call Package/python3/Default)
+ TITLE:=Python $(PYTHON3_VERSION) core library
+ DEPENDS:=+libpthread +zlib
+ ABI_VERSION:=$(PYTHON3_VERSION)
+endef
+
+define Package/libpython3/description
+ This package contains only core Python library.
+endef
+
define Package/python3-base
$(call Package/python3/Default)
TITLE:=Python $(PYTHON3_VERSION) interpreter
- DEPENDS:=+libpthread +zlib
+ DEPENDS:=+libpthread +zlib +libpython3
endef
define Package/python3-base/description
$(subst $(space),$(newline),$(foreach lib_file,$(PYTHON3_LIB_FILES_DEL),-|$(lib_file)))
endef
-define Py3Package/python3-base/install
+define Package/libpython3/install
# Adding the lib-dynload folder (even just empty) suppresses 2 warnings when starting Python
$(INSTALL_DIR) $(1)/usr/lib/python$(PYTHON3_VERSION)/lib-dynload/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libpython$(PYTHON3_VERSION).so* $(1)/usr/lib/
+endef
+
+define Py3Package/python3-base/install
$(INSTALL_DIR) $(1)/usr/bin
$(LN) python$(PYTHON3_VERSION) $(1)/usr/bin/python3
$(LN) python$(PYTHON3_VERSION) $(1)/usr/bin/python
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libpython$(PYTHON3_VERSION).so* $(1)/usr/lib/
# This depends on being called before filespec is processed
$(SED) 's|$(TARGET_AR)|ar|g;s|$(TARGET_CROSS)readelf|readelf|g;s|$(TARGET_CC)|gcc|g;s|$(TARGET_CXX)|g++|g' \
$(PKG_INSTALL_DIR)/usr/lib/python$(PYTHON3_VERSION)/_sysconfigdata.py
$(eval $(call BuildPackage,$(package)-src)) \
)
+$(eval $(call BuildPackage,libpython3))
+
$(eval $(call Py3Package,python3-base))
$(eval $(call Py3Package,python3-light))
$(eval $(call Py3Package,python3))
include $(TOPDIR)/rules.mk
PKG_NAME:=boost
-PKG_VERSION:=1.75.0
-PKG_SOURCE_VERSION:=1_75_0
-PKG_RELEASE:=3
+PKG_VERSION:=1.76.0
+PKG_SOURCE_VERSION:=1_76_0
+PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE:=$(PKG_NAME)_$(PKG_SOURCE_VERSION).tar.bz2
PKG_SOURCE_URL:=@SF/$(PKG_NAME)/$(PKG_NAME)/$(PKG_VERSION) https://dl.bintray.com/boostorg/release/$(PKG_VERSION)/source/
-PKG_HASH:=953db31e016db7bb207f11432bef7df100516eeb746843fa0486a222e3fd49cb
+PKG_HASH:=f0397ba6e982c4450f27bf32a2a83292aba035b827a5623a14636ea583318c41
PKG_MAINTAINER:=Carlos M. Ferreira <carlosmf.pt@gmail.com>
PKG_LICENSE:=BSL-1.0
endef
define Package/boost/description
-This package provides the Boost v1.75.0 libraries.
+This package provides the Boost v1.76.0 libraries.
Boost is a set of free, peer-reviewed, portable C++ source libraries.
This package provides the following run-time libraries:
- wave
There are many more header-only libraries supported by Boost.
-See more at http://www.boost.org/doc/libs/1_75_0/
+See more at http://www.boost.org/doc/libs/1_76_0/
endef
PKG_BUILD_DEPENDS:=boost/host
--- /dev/null
+--- a/boost/fiber/detail/cpu_relax.hpp
++++ b/boost/fiber/detail/cpu_relax.hpp
+@@ -47,7 +47,7 @@ namespace detail {
+ # else
+ # define cpu_relax() asm volatile ("nop" ::: "memory");
+ # endif
+-#elif BOOST_ARCH_MIPS && (__mips_isa_rev > 1) && !defined(_MIPS_ARCH_OCTEONP)
++#elif BOOST_ARCH_MIPS && (((__mips_isa_rev > 1) && defined(__mips32)) || ((__mips_isa_rev > 2) && defined(__mips64)))
+ # define cpu_relax() asm volatile ("pause" ::: "memory");
+ #elif BOOST_ARCH_PPC
+ // http://code.metager.de/source/xref/gnu/glibc/sysdeps/powerpc/sys/platform/ppc.h
+++ /dev/null
---- a/libs/context/src/asm/jump_mips64_n64_elf_gas.S
-+++ b/libs/context/src/asm/jump_mips64_n64_elf_gas.S
-@@ -67,7 +67,7 @@ jump_fcontext:
- sd $ra, 144($sp) # save RA
- sd $ra, 152($sp) # save RA as PC
-
--
-+#if defined(__mips_hard_float)
- s.d $f24, 0($sp) # save F24
- s.d $f25, 8($sp) # save F25
- s.d $f26, 16($sp) # save F26
-@@ -76,6 +76,7 @@ jump_fcontext:
- s.d $f29, 40($sp) # save F29
- s.d $f30, 48($sp) # save F30
- s.d $f31, 56($sp) # save F31
-+#endif
-
- # store SP (pointing to old context-data) in v0 as return
- move $v0, $sp
-@@ -83,6 +84,7 @@ jump_fcontext:
- # get SP (pointing to new context-data) from a0 param
- move $sp, $a0
-
-+#if defined(__mips_hard_float)
- l.d $f24, 0($sp) # restore F24
- l.d $f25, 8($sp) # restore F25
- l.d $f26, 16($sp) # restore F26
-@@ -91,6 +93,7 @@ jump_fcontext:
- l.d $f29, 40($sp) # restore F29
- l.d $f30, 48($sp) # restore F30
- l.d $f31, 56($sp) # restore F31
-+#endif
-
- ld $s0, 64($sp) # restore S0
- ld $s1, 72($sp) # restore S1
---- a/libs/context/src/asm/ontop_mips64_n64_elf_gas.S
-+++ b/libs/context/src/asm/ontop_mips64_n64_elf_gas.S
-@@ -67,7 +67,7 @@ ontop_fcontext:
- sd $ra, 144($sp) # save RA
- sd $ra, 152($sp) # save RA as PC
-
--
-+#if defined(__mips_hard_float)
- s.d $f24, 0($sp) # save F24
- s.d $f25, 8($sp) # save F25
- s.d $f26, 16($sp) # save F26
-@@ -76,6 +76,7 @@ ontop_fcontext:
- s.d $f29, 40($sp) # save F29
- s.d $f30, 48($sp) # save F30
- s.d $f31, 56($sp) # save F31
-+#endif
-
- # store SP (pointing to context-data) in t0
- move $t0, $sp
-@@ -83,6 +84,7 @@ ontop_fcontext:
- # restore SP (pointing to context-data) from a0
- move $sp, $a0
-
-+#if defined(__mips_hard_float)
- l.d $f24, 0($sp) # restore F24
- l.d $f25, 8($sp) # restore F25
- l.d $f26, 16($sp) # restore F26
-@@ -91,6 +93,7 @@ ontop_fcontext:
- l.d $f29, 40($sp) # restore F29
- l.d $f30, 48($sp) # restore F30
- l.d $f31, 56($sp) # restore F31
-+#endif
-
- ld $s0, 64($sp) # restore S0
- ld $s1, 72($sp) # restore S1
+++ /dev/null
---- a/boost/fiber/detail/cpu_relax.hpp
-+++ b/boost/fiber/detail/cpu_relax.hpp
-@@ -47,7 +47,7 @@ namespace detail {
- # else
- # define cpu_relax() asm volatile ("nop" ::: "memory");
- # endif
--#elif BOOST_ARCH_MIPS && (__mips_isa_rev > 1)
-+#elif BOOST_ARCH_MIPS && (((__mips_isa_rev > 1) && defined(__mips32)) || ((__mips_isa_rev > 2) && defined(__mips64)))
- # define cpu_relax() asm volatile ("pause" ::: "memory");
- #elif BOOST_ARCH_PPC
- // http://code.metager.de/source/xref/gnu/glibc/sysdeps/powerpc/sys/platform/ppc.h
--- /dev/null
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=gnu-efi
+PKG_VERSION:=3.0.9
+PKG_RELEASE:=$(AUTORELEASE)
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/vathpela/gnu-efi.git
+PKG_SOURCE_DATE:=2021-04-11
+PKG_SOURCE_VERSION:=3e4d5c79905afcd815b0beb3dcfe2dfae5b3e6dd
+PKG_MIRROR_HASH:=7660d2259c1d5208bcabee5a0ffb6dc61f41363a79ba9158f3dd413a8af8e238
+PKG_BUILD_PARALLEL:=1
+
+PKG_MAINTAINER:=Oskari Rauta <oskari.rauta@gmail.com>
+PKG_LICENSE_FILES:=README.efilib
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/gnu-efi
+ SECTION:=libs
+ CATEGORY:=Libraries
+ TITLE:=GNU's EFI library
+ URL:=https://github.com/vathpela/gnu-efi
+ HIDDEN:=1
+ DEPENDS:=@TARGET_x86_64
+endef
+
+define Package/gnu-efi/description
+ GNU's EFI library
+endef
+
+define Build/Install
+ $(MAKE_VARS) \
+ $(MAKE) -C $(PKG_BUILD_DIR)/$(MAKE_PATH) \
+ $(MAKE_INSTALL_FLAGS) \
+ INSTALLROOT=$(PKG_INSTALL_DIR) \
+ install
+endef
+
+define Package/gnu-efi/install
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/local/lib/** $(1)/usr/lib/
+endef
+
+define Build/InstallDev
+ $(INSTALL_DIR) $(1)/usr/lib $(1)/usr/include/efi
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/local/lib/** $(1)/usr/lib/
+ cp -aR $(PKG_INSTALL_DIR)/usr/local/include/efi/** $(1)/usr/include/efi/
+endef
+
+$(eval $(call BuildPackage,gnu-efi))
PKG_NAME:=h2o
PKG_VERSION:=2.2.6
-PKG_RELEASE:=7
+PKG_RELEASE:=9
PKG_SOURCE_URL:=https://codeload.github.com/h2o/h2o/tar.gz/v${PKG_VERSION}?
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
include $(INCLUDE_DIR)/package.mk
include ../../devel/ninja/ninja-cmake.mk
-PKG_BUILD_DEPENDS:=ruby/host libwslay
+PKG_BUILD_DEPENDS:=libwslay
CMAKE_OPTIONS += \
-DBUILD_SHARED_LIBS=ON \
CATEGORY:=Libraries
TITLE:=H2O Library compiled with its own event loop
URL:=https://h2o.examp1e.net/
- DEPENDS:=+libopenssl +zlib +libyaml +ruby
+ DEPENDS:=+libopenssl +zlib +libyaml
endef
define Package/libh2o
CATEGORY:=Libraries
TITLE:=H2O Library compiled with libuv
URL:=https://h2o.examp1e.net/
- DEPENDS:=+libuv +libopenssl +zlib +libyaml +ruby
+ DEPENDS:=+libuv +libopenssl +zlib +libyaml
endef
define Build/InstallDev
define Package/libh2o-evloop/install
$(INSTALL_DIR) $(1)/usr/lib
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/libh2o-evloop.so* $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libh2o-evloop.so* $(1)/usr/lib/
endef
define Package/libh2o/install
$(INSTALL_DIR) $(1)/usr/lib
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/libh2o.so* $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libh2o.so* $(1)/usr/lib/
endef
$(eval $(call BuildPackage,libh2o-evloop))
MAJOR_VERSION:=68
MINOR_VERSION:=2
PKG_VERSION:=$(MAJOR_VERSION).$(MINOR_VERSION)
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(MAJOR_VERSION)_$(MINOR_VERSION)-src.tgz
PKG_SOURCE_URL:=https://github.com/unicode-org/icu/releases/download/release-$(MAJOR_VERSION)-$(MINOR_VERSION)
TITLE:=International Components for Unicode
URL:=http://icu-project.org
DEPENDS:=+libstdcpp +libpthread
+ ABI_VERSION:=$(MAJOR_VERSION)
endef
define Package/icu/description
TITLE:=Full ICU Data
URL:=http://icu-project.org
DEPENDS:=+icu
+ ABI_VERSION:=$(MAJOR_VERSION)
endef
define Package/icu-full-data/description
include $(TOPDIR)/rules.mk
PKG_NAME:=libassuan
-PKG_VERSION:=2.5.4
-PKG_RELEASE:=1
+PKG_VERSION:=2.5.5
+PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://gnupg.org/ftp/gcrypt/$(PKG_NAME)
-PKG_HASH:=c080ee96b3bd519edd696cfcebdecf19a3952189178db9887be713ccbcb5fbf0
+PKG_HASH:=8e8c2fcc982f9ca67dcbb1d95e2dc746b1739a4668bc20b3a3c5be632edb34e4
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
PKG_LICENSE:=GPL-3.0-or-later
include $(TOPDIR)/rules.mk
PKG_NAME:=libedit
-PKG_VERSION:=20210216-3.1
+PKG_VERSION:=20210419-3.1
PKG_RELEASE:=1
PKG_MAINTAINER:=Daniel Salzman <daniel.salzman@nic.cz>
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://thrysoee.dk/editline/
-PKG_HASH:=2283f741d2aab935c8c52c04b57bf952d02c2c02e651172f8ac811f77b1fc77a
+PKG_HASH:=571ebe44b74860823e24a08cf04086ff104fd7dfa1020abf26c52543134f5602
PKG_INSTALL:=1
include $(TOPDIR)/rules.mk
PKG_NAME:=libextractor
-PKG_VERSION:=1.10
-PKG_RELEASE:=3
+PKG_VERSION:=1.11
+PKG_RELEASE:=$(AUTORELEASE)
# ToDo:
# - package missing optional dependencies: libexiv2, gsf, librpm, smf, tidy
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@GNU/$(PKG_NAME)
-PKG_HASH:=9eed11b5ddc7c929ba112c50de8cfaa379f1d99a0c8e064101775837cf432357
+PKG_HASH:=16f633ab8746a38547c4a1da3f4591192b0825ad83c4336f0575b85843d8bd8f
PKG_LICENSE:=GPL-3.0-or-later
PKG_LICENSE_FILES:=COPYING
include $(TOPDIR)/rules.mk
PKG_NAME:=libinput
-PKG_VERSION:=1.16.4
-PKG_RELEASE:=1
+PKG_VERSION:=1.17.1
+PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://www.freedesktop.org/software/libinput
-PKG_HASH:=65923a06d5a8970e4a999c4668797b9b689614b62b1d44432ab1c87b65e39e29
+PKG_HASH:=e51c50f3ce253961bed452d9f93102cc26128406975ab88ff9ec9e6c3b875137
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
PKG_LICENSE:=MIT
include $(TOPDIR)/rules.mk
PKG_NAME:=libksba
-PKG_VERSION:=1.5.0
-PKG_RELEASE:=1
+PKG_VERSION:=1.5.1
+PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://gnupg.org/ftp/gcrypt/$(PKG_NAME)
-PKG_HASH:=ae4af129216b2d7fdea0b5bf2a788cd458a79c983bb09a43f4d525cc87aba0ba
+PKG_HASH:=b0f4c65e4e447d9a2349f6b8c0e77a28be9531e4548ba02c545d1f46dc7bf921
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
PKG_LICENSE:=LGPL-3.0-or-later GPL-2.0-or-later
include $(TOPDIR)/rules.mk
PKG_NAME:=libmaxminddb
-PKG_VERSION:=1.5.2
-PKG_RELEASE=2
+PKG_VERSION:=1.6.0
+PKG_RELEASE=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/maxmind/libmaxminddb/releases/download/$(PKG_VERSION)/
-PKG_HASH:=5237076d250a5f7c297e331c35a433eeaaf0dc205e070e4db353c9ba10f340a2
+PKG_HASH:=7620ac187c591ce21bcd7bf352376a3c56a933e684558a1f6bef4bd4f3f98267
PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec@nic.cz>
PKG_LICENSE:=Apache-2.0
PKG_NAME:=libmraa
PKG_VERSION:=2.2.0
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/eclipse/mraa/tar.gz/v$(PKG_VERSION)?
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=COPYING
-PKG_BUILD_DEPENDS:=swig/host node/host PACKAGE_node:node
+PKG_BUILD_DEPENDS:=swig/host
CMAKE_INSTALL:=1
PKG_USE_MIPS16:=0
PYTHON3_PKG_BUILD:=0
CMAKE_OPTIONS += \
-DENABLEEXAMPLES=0 \
- -DBUILDSWIGNODE=$(if $(CONFIG_PACKAGE_libmraa-node),ON,OFF) \
+ -DBUILDSWIGNODE=OFF \
-DFIRMATA=ON
define Package/libmraa/Default
This package contains the C/C++ libraries.
endef
-define Package/libmraa-node
- $(call Package/libmraa/Default)
- TITLE:=Eclipse MRAA lowlevel IO Node.js library
- DEPENDS:=+libmraa @PACKAGE_node
-endef
-
-define Package/libmraa-node/description
-$(call Package/libmraa/Default/description)
-
-This package contains the Node.js libraries.
-endef
-
define Package/libmraa-python3
$(call Package/libmraa/Default)
TITLE:=Eclipse MRAA lowlevel IO Python3 library
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mraa-* $(1)/usr/bin/
endef
-define Package/libmraa-node/install
- $(INSTALL_DIR) $(1)/usr/lib/node/mraa
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/node_modules/mraa/* $(1)/usr/lib/node/mraa/
-endef
-
define Package/libmraa-python3/install
$(INSTALL_DIR) $(1)/usr/lib/python$(PYTHON3_VERSION)/site-packages
$(CP) $(PKG_INSTALL_DIR)/usr/lib/python$(PYTHON3_VERSION)/site-packages/* \
endef
$(eval $(call BuildPackage,libmraa))
-$(eval $(call BuildPackage,libmraa-node))
$(eval $(call BuildPackage,libmraa-python3))
PKG_NAME:=libupm
PKG_VERSION:=2.0.0
-PKG_RELEASE:=4
+PKG_RELEASE:=5
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/intel-iot-devkit/upm/tar.gz/v$(PKG_VERSION)?
# (require libtinyb) 2jciebu01_ble 2jciebu01_usb
CMAKE_OPTIONS += \
- -DBUILDSWIGNODE=$(if $(CONFIG_PACKAGE_libmraa-node),ON,OFF) \
+ -DBUILDSWIGNODE=OFF \
-DPYTHON2LIBS_FOUND=FALSE \
-DPYTHON2INTERP_FOUND=FALSE \
TITLE:=Intel IoT sensor library - Full
DEPENDS+=+libjpeg +libmodbus +openzwave
DEPENDS+= $(foreach module, $(UPM_MODULES), +libupm-$(module))
- DEPENDS+= $(foreach module, $(UPM_MODULES), +libupm-$(module)-node)
DEPENDS+= $(foreach module, $(UPM_MODULES), +libupm-$(module)-python3)
endef
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libupm*-$(2).so* $(1)/usr/lib/ ;
endef
-define Package/libupm/install/Default-node
- $(INSTALL_DIR) $(1)/usr/lib/node/
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/node_modules/jsupm_$(2) $(1)/usr/lib/node/ ;
-endef
-
define Package/libupm/install/Default-python3
$(INSTALL_DIR) $(1)/usr/lib/python$(PYTHON3_VERSION)/site-packages/upm
$(CP) $(CMAKE_BINARY_DIR)/$(if $(filter interfaces, $(2)),,src/)$(2)/python$(PYTHON3_VERSION)/pyupm_$(2).py \
define Package/libupm/install
$(foreach module, $(UPM_MODULES), \
$(call Package/libupm/install/Default,$(1),$(module)) \
- $(call Package/libupm/install/Default-node,$(1),$(module)) \
$(call Package/libupm/install/Default-python3,$(1),$(module)))
endef
This package contains $(1) sensor C/C++ library
endef
-define Package/libupm-$(1)-node
- $(call Package/libupm/Default)
- $(call UpmPackage/depends,$(1))
- TITLE:=$(1) Node.js library
- DEPENDS+=+libupm-$(1) +libmraa-node
-endef
-
-define Package/libupm-$(1)-node/description
-$(call Package/libupm/Default/description)
-
-This package contains $(1) sensor Node.js library
-endef
-
define Package/libupm-$(1)-python3
$(call Package/libupm/Default)
$(call UpmPackage/depends,$(1))
define Package/libupm-$(1)/install
$(call Package/libupm/install/Default,$$(1),$(1))
endef
-define Package/libupm-$(1)-node/install
- $(call Package/libupm/install/Default-node,$$(1),$(1))
-endef
define Package/libupm-$(1)-python3/install
$(call Package/libupm/install/Default-python3,$$(1),$(1))
endef
$(foreach module, $(UPM_MODULES), \
$(eval $(call UpmPackage,$(module))) \
$(eval $(call BuildPackage,libupm-$(module))) \
- $(eval $(call BuildPackage,libupm-$(module)-node)) \
$(eval $(call BuildPackage,libupm-$(module)-python3)))
include $(TOPDIR)/rules.mk
PKG_NAME:=redis
-PKG_VERSION:=6.2.1
+PKG_VERSION:=6.2.2
PKG_RELEASE:=1
PKG_SOURCE_URL:=http://download.redis.io/releases/
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=cd222505012cce20b25682fca931ec93bd21ae92cb4abfe742cf7b76aa907520
+PKG_HASH:=7a260bb74860f1b88c3d5942bf8ba60ca59f121c6dce42d3017bed6add0b9535
PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec@nic.cz>
PKG_LICENSE:=BSD-3-Clause
PKG_SOURCE_URL:=https://github.com/sartura/uci2.git
PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=89056741c0c4048dafa822fef228c555fc41deff
-PKG_MIRROR_HASH:=e376e8aec6054405a2e9616a1dc51b86d68d6cfac87d84e8a98ea1714883dfaf
+PKG_SOURCE_VERSION:=24b7471a0aead99115c189f04236f5fe52492579
+PKG_MIRROR_HASH:=ea8f4627163ce40f62393a87a0155869f034bb78c9f7fb644f18461cbdaf5333
PKG_MAINTAINER:=Jakov Petrina <jakov.petrina@sartura.hr>
PKG_LICENSE:=BSD-3-Clause
PKG_NAME:=mutt
PKG_VERSION:=1.14.7
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_URL:=https://bitbucket.org/mutt/mutt/downloads/ \
http://ftp.mutt.org/pub/mutt/
--oldincludedir=$(PKG_BUILD_DIR)/. \
--enable-pop \
--enable-imap \
+ --with-mailpath=/var/mail \
--with-ssl \
--without-idn \
--disable-doc
include $(TOPDIR)/rules.mk
PKG_NAME:=adblock
-PKG_VERSION:=4.1.1
+PKG_VERSION:=4.1.2
PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
## Examples
**Change the DNS backend to 'unbound':**
-No further configuration is needed, adblock deposits the final blocklist 'adb_list.overall' in '/var/lib/unbound' by default.
+No further configuration is needed, adblock deposits the final blocklist 'adb_list.overall' in '/var/lib/unbound' by default.
+To preserve the DNS cache after adblock processing please install the additional package 'unbound-control'.
-**Change the DNS backend to 'named' (bind):**
-Adblock deposits the final blocklist 'adb_list.overall' in '/var/lib/bind'.
+**Change the DNS backend to 'bind':**
+Adblock deposits the final blocklist 'adb_list.overall' in '/var/lib/bind' by default.
+To preserve the DNS cache after adblock processing please install the additional package 'bind-rdnc'.
To use the blocklist please modify '/etc/bind/named.conf':
<pre><code>
in the 'options' namespace add:
export LC_ALL=C
export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
set -o pipefail
-adb_ver="4.1.1"
+adb_ver="4.1.2"
adb_enabled=0
adb_debug=0
adb_forcedns=0
fi
}
+# status helper function
+#
+f_char()
+{
+ local result input="${1}"
+
+ if [ "${input}" = "1" ]
+ then
+ result="✔"
+ else
+ result="✘"
+ fi
+ printf "%s" "${result}"
+}
+
# load dns backend config
#
f_dns()
then
case "${adb_dns}" in
"dnsmasq")
+ adb_dnscachecmd="-"
adb_dnsinotify="${adb_dnsinotify:-"0"}"
adb_dnsinstance="${adb_dnsinstance:-"0"}"
adb_dnsuser="${adb_dnsuser:-"dnsmasq"}"
adb_dnsstop="${adb_dnsstop:-"address=/#/"}"
;;
"unbound")
+ adb_dnscachecmd="$(command -v unbound-control || printf "%s" "-")"
adb_dnsinotify="${adb_dnsinotify:-"0"}"
adb_dnsinstance="${adb_dnsinstance:-"0"}"
adb_dnsuser="${adb_dnsuser:-"unbound"}"
adb_dnsstop="${adb_dnsstop:-"local-zone: \".\" static"}"
;;
"named")
+ adb_dnscachecmd="$(command -v rndc || printf "%s" "-")"
adb_dnsinotify="${adb_dnsinotify:-"0"}"
adb_dnsinstance="${adb_dnsinstance:-"0"}"
adb_dnsuser="${adb_dnsuser:-"bind"}"
adb_dnsstop="${adb_dnsstop:-"* CNAME ."}"
;;
"kresd")
+ adb_dnscachecmd="-"
adb_dnsinotify="${adb_dnsinotify:-"0"}"
adb_dnsinstance="${adb_dnsinstance:-"0"}"
adb_dnsuser="${adb_dnsuser:-"root"}"
adb_dnsstop="${adb_dnsstop:-"* CNAME ."}"
;;
"raw")
+ adb_dnscachecmd="-"
adb_dnsinotify="${adb_dnsinotify:-"0"}"
adb_dnsinstance="${adb_dnsinstance:-"0"}"
adb_dnsuser="${adb_dnsuser:-"root"}"
then
out_rc=0
else
- "/etc/init.d/${adb_dns}" restart >/dev/null 2>&1
- restart_rc="${?}"
+ if [ "${in_rc}" = "0" ] && [ "${adb_dnsflush}" = "0" ]
+ then
+ case "${adb_dns}" in
+ "unbound")
+ if [ -x "${adb_dnscachecmd}" ] && [ -d "${adb_tmpdir}" ] && [ -f "${adb_dnsdir}/unbound.conf" ]
+ then
+ "${adb_dnscachecmd}" -c "${adb_dnsdir}/unbound.conf" dump_cache > "${adb_tmpdir}/adb_cache.dump" 2>/dev/null
+ fi
+ "/etc/init.d/${adb_dns}" restart >/dev/null 2>&1
+ restart_rc="${?}"
+ ;;
+ "named")
+ if [ -x "${adb_dnscachecmd}" ] && [ -f "/etc/bind/rndc.conf" ]
+ then
+ "${adb_dnscachecmd}" -c "/etc/bind/rndc.conf" reload >/dev/null 2>&1
+ restart_rc="${?}"
+ fi
+ if [ -z "${restart_rc}" ] || { [ -n "${restart_rc}" ] && [ "${restart_rc}" != "0" ]; }
+ then
+ "/etc/init.d/${adb_dns}" restart >/dev/null 2>&1
+ restart_rc="${?}"
+ fi
+ ;;
+ *)
+ "/etc/init.d/${adb_dns}" restart >/dev/null 2>&1
+ restart_rc="${?}"
+ ;;
+ esac
+ fi
+ if [ -z "${restart_rc}" ]
+ then
+ "/etc/init.d/${adb_dns}" restart >/dev/null 2>&1
+ restart_rc="${?}"
+ fi
fi
if [ "${restart_rc}" = "0" ]
then
cnt=$((cnt+1))
sleep 1
done
+ if [ "${out_rc}" = "0" ] && [ "${adb_dns}" = "unbound" ]
+ then
+ if [ -x "${adb_dnscachecmd}" ] && [ -d "${adb_tmpdir}" ] && [ -s "${adb_tmpdir}/adb_cache.dump" ]
+ then
+ "${adb_dnscachecmd}" -c "${adb_dnsdir}/unbound.conf" load_cache < "${adb_tmpdir}/adb_cache.dump" >/dev/null 2>&1
+ restart_rc="${?}"
+ fi
+ fi
fi
- f_log "debug" "f_dnsup ::: lookup_util: ${adb_lookupcmd:-"-"}, lookup_domain: ${adb_lookupdomain:-"-"}, restart_rc: ${restart_rc:-"-"}, dns_timeout: ${adb_dnstimeout}, dns_cnt: ${cnt}, in_rc: ${in_rc}, out_rc: ${out_rc}"
+ f_log "debug" "f_dnsup ::: dns: ${adb_dns}, cache_cmd: ${adb_dnscachecmd:-"-"}, lookup_cmd: ${adb_lookupcmd:-"-"}, lookup_domain: ${adb_lookupdomain:-"-"}, restart_rc: ${restart_rc:-"-"}, dns_flush: ${adb_dnsflush}, dns_inotify: ${adb_dnsinotify}, dns_timeout: ${adb_dnstimeout}, dns_cnt: ${cnt}, in_rc: ${in_rc}, out_rc: ${out_rc}"
return "${out_rc}"
}
json_load_file "${adb_rtfile}" >/dev/null 2>&1
if [ "${?}" = "0" ]
then
- if [ -z "${adb_fetchutil}" ] || [ -z "${adb_awk}" ]
- then
- json_get_var utils "utilities"
- else
- utils="${adb_fetchutil}, ${adb_awk}"
- fi
+ utils="download: $(readlink -fn "${adb_fetchutil}"), sort: $(readlink -fn "${adb_sort}"), awk: $(readlink -fn "${adb_awk}")"
if [ -z "${adb_cnt}" ]
then
json_get_var adb_cnt "blocked_domains"
json_close_object
done
json_close_array
- json_add_string "dns_backend" "${adb_dns:-"-"}, ${adb_dnsdir:-"-"}"
+ json_add_string "dns_backend" "${adb_dns:-"-"} (${adb_dnscachecmd##*/}), ${adb_dnsdir:-"-"}"
json_add_string "run_utils" "${utils:-"-"}"
json_add_string "run_ifaces" "trigger: ${adb_trigger:-"-"}, report: ${adb_repiface:-"-"}"
json_add_string "run_directories" "base: ${adb_tmpbase}, backup: ${adb_backupdir}, report: ${adb_reportdir}, jail: ${adb_jaildir}"
- json_add_string "run_flags" "backup: ${adb_backup}, flush: ${adb_dnsflush}, force: ${adb_forcedns}, search: ${adb_safesearch}, report: ${adb_report}, mail: ${adb_mail}, jail: ${adb_jail}"
+ json_add_string "run_flags" "backup: $(f_char ${adb_backup}), flush: $(f_char ${adb_dnsflush}), force: $(f_char ${adb_forcedns}), search: $(f_char ${adb_safesearch}), report: $(f_char ${adb_report}), mail: $(f_char ${adb_mail}), jail: $(f_char ${adb_jail})"
json_add_string "last_run" "${runtime:-"-"}"
json_add_string "system" "${adb_sysver}"
json_dump > "${adb_rtfile}"
f_log "err" "system libraries not found"
fi
-# awk selection
+# version information
#
-adb_awk="$(command -v gawk)"
-if [ -z "${adb_awk}" ]
+if [ "${adb_action}" = "version" ]
then
- adb_awk="$(command -v awk)"
- if [ -z "${adb_awk}" ]
- then
- f_log "err" "awk not found"
- fi
+ printf "%s\n" "${adb_ver}"
+ exit 0
fi
-# sort selection
+# awk check
#
-adb_sort="$(command -v /usr/libexec/sort-coreutils)"
-if [ -z "${adb_sort}" ]
+adb_awk="$(command -v gawk)"
+if [ ! -x "${adb_awk}" ]
then
- adb_sort="$(command -v sort)"
- if [ -z "$("${adb_sort}" --help 2>/dev/null | grep -Fo -m1 "coreutils")" ]
+ adb_awk="$(command -v awk)"
+ if [ ! -x "${adb_awk}" ]
then
- f_log "err" "coreutils sort not found"
+ f_log "err" "awk not found or not executable"
fi
fi
-# version information
+# sort check
#
-if [ "${adb_action}" = "version" ]
+adb_sort="$(command -v sort)"
+if [ ! -x "${adb_sort}" ] || [ "$("${adb_sort}" --version 2>/dev/null | grep -c "coreutils")" = "0" ]
then
- printf "%s\n" "${adb_ver}"
- exit 0
+ f_log "err" "coreutils sort not found or not executable"
fi
# handle different adblock actions
"descurl": "https://github.com/notracking/hosts-blocklists"
},
"oisd_basic": {
- "url": "https://dbl.oisd.nl/basic",
+ "url": "https://dbl.oisd.nl/basic/",
"rule": "/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}",
"size": "L",
"focus": "general",
"rule": "/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}",
"size": "S",
"focus": "general",
- "descurl": "https://pgl.yoyo.org"
+ "descurl": "https://pgl.yoyo.org/as"
}
}
include $(TOPDIR)/rules.mk
PKG_NAME:=adguardhome
-PKG_VERSION:=0.105.2
+PKG_VERSION:=0.106.1
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
PKG_SOURCE_URL:=https://github.com/AdguardTeam/AdGuardHome
-PKG_MIRROR_HASH:=c2ca02ef4d91250772567994e4a59962dc4ec559f44771cefba2b0663668fba1
+PKG_MIRROR_HASH:=631ed8d671827e78dffaec94d21a69ec9dcda80ef843057592167b8be6edd780
PKG_LICENSE:=GPL-3.0-only
PKG_LICENSE_FILES:=LICENSE.txt
GO_PKG:=github.com/AdguardTeam/AdGuardHome
GO_PKG_BUILD_PKG:=github.com/AdguardTeam/AdGuardHome
+AGH_BUILD_TIME:=$(shell date -d @$(SOURCE_DATE_EPOCH) +%FT%TZ%z)
AGH_VERSION_PKG:=github.com/AdguardTeam/AdGuardHome/internal/version
GO_PKG_LDFLAGS_X:=$(AGH_VERSION_PKG).channel=release \
$(AGH_VERSION_PKG).version=$(PKG_SOURCE_VERSION) \
+ $(AGH_VERSION_PKG).buildtime=$(AGH_BUILD_TIME) \
$(AGH_VERSION_PKG).goarm=$(GO_ARM) \
$(AGH_VERSION_PKG).gomips=$(GO_MIPS)
#!/bin/sh /etc/rc.common
PROG=/usr/bin/AdGuardHome
+WORK_DIR=/tmp/adguardhome
+
USE_PROCD=1
# starts after network starts
STOP=89
start_service() {
+ [ -d "$WORK_DIR" ] || mkdir -m 0755 -p "$WORK_DIR"
+
procd_open_instance
- procd_set_param command "$PROG" -c /etc/adguardhome.yaml -w /tmp/adguardhome --no-check-update
+ procd_set_param command "$PROG" -c /etc/adguardhome.yaml -w "$WORK_DIR" --no-check-update
procd_set_param stdout 1
procd_set_param stderr 1
procd_close_instance
PKG_NAME:=atlas-sw-probe
PKG_VERSION:=5020
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/RIPE-NCC/ripe-atlas-software-probe.git
CATEGORY:=Network
TITLE:=RIPE Atlas software probe
URL:=https://atlas.ripe.net/about/probes/
- DEPENDS:=+atlas-probe
+ DEPENDS:=+atlas-probe +PACKAGE_dropbear:dropbearconvert
endef
define Package/atlas-sw-probe/description
endef
define Package/atlas-sw-probe/conffiles
+/etc/atlas/
/etc/config/atlas
/usr/libexec/atlas-probe-scripts/state/config.txt
endef
# Fix permision
chmod 755 $(1)/$(SCRIPTS_DIR)/bin
+ # Add registration instruction
+ $(INSTALL_DIR) $(1)/etc/atlas/
+ $(CP) ./files/atlas.readme $(1)/etc/atlas/
+
# Create softlinks for writable dirs
$(LN) $(TMP_BASE_DIR)/crons $(1)/$(SCRIPTS_DIR)/crons
$(LN) $(TMP_BASE_DIR)/data $(1)/$(SCRIPTS_DIR)/data
option log_stderr '1'
option log_stdout '0'
option rxtxrpt '1'
+ option username ''
USE_PROCD=1
START=30
-EXTRA_COMMANDS="get_key probeid log create_backup load_backup"
+EXTRA_COMMANDS="get_key probeid log create_backup load_backup create_key"
EXTRA_HELP=" get_key print probe public key (used for probe registration)
probeid print probe id
log print probe status log
create_backup backup ssh key to tar.gz
load_backup 'backup.tar.gz' load backup ssh key from tar.gz
+ create_key create probe priv/pub key
"
SCRIPTS_DIR="/usr/libexec/atlas-probe-scripts"
fi
}
+create_key() {
+ local username
+ local probe_key=/etc/atlas/probe_key
+ local probe_pub_key=/etc/atlas/probe_key.pub
+
+ config_load atlas
+
+ config_get username "common" username
+
+ if [ -f "$PRIV_KEY_FILE" ]; then
+ if [ ! -f $probe_key ]; then
+ print_msg "Missing probe_key in /etc/atlas"
+ print_msg "The key will be lost on sysupgrade. Cosider moving the keys in /etc/atlas and create a link in the $SCRIPTS_DIR/etc/ dir."
+ fi
+
+ print_msg "probe_key already present. Exiting..."
+ exit 1
+ fi
+
+ if [ -z "$username" ]; then
+ print_msg "Username not set in atlas config file. Enter your ripe-atlas username."
+ exit 1
+ fi
+
+ if [ -n "$(which ssh-keygen)" ]; then
+ ssh-keygen -t rsa -b 2048 -f $probe_key -N ""
+ sed -i "s/ \S*$/ "$username"/" $probe_pub_key
+ elif [ -n "$(which dropbearkey)" ] && [ -n "$(which dropbearconvert)" ]; then
+ local public_key
+
+ public_key="$(dropbearkey -t rsa -f /etc/atlas/probe_key_dropbear -s 2048 | sed -n 2p)"
+ public_key="$(echo "$public_key" | sed "s/ \S*$/ "$username"/")"
+ echo $public_key > $probe_pub_key
+ dropbearconvert dropbear openssh /etc/atlas/probe_key_dropbear $probe_key
+ rm /etc/atlas/probe_key_dropbear
+ else
+ print_msg "Can't find a way to generate key."
+ exit 1
+ fi
+
+ #Link priv/pub key
+ [ -f $PRIV_KEY_FILE ] || ln -s $probe_key $PRIV_KEY_FILE
+ [ -f $PRIV_KEY_FILE ] || ln -s $probe_pub_key $PUB_KEY_FILE
+
+ #Fix permission
+ chown atlas $probe_key $probe_pub_key
+ chgrp atlas $probe_key $probe_pub_key
+ chmod 644 $probe_key $probe_pub_key
+
+ print_msg "Key generated successfully. Use the get_key command to show the public key and get instruction on how to register your probe."
+}
+
log() {
if [ -f "$LOG_FILE" ];then
tail "$LOG_FILE"
local rxtxrpt
local test_setting
+ if [ ! -f $PRIV_KEY_FILE ]; then
+ print_msg "Missing probe_key. To init the key follow instruction in /etc/atlas/atlas.readme"
+ print_msg "Assuming atlas-sw-probe not init. Exiting..."
+ exit 1
+ fi
+
create_tmp_dirs
config_load atlas
--- /dev/null
+# Atlas probe setup instruction\r
+\r
+The atlas probe software requires a rsa 2048-4096 key for registration.\r
+\r
+Follow these steps to register your probe on the ripe-atlas systems.\r
+1. Insert your username in the atlas config file (/etc/config/atlas)\r
+2. Use the command '/etc/init.d/atlas create_key' to create a priv/pub key.\r
+3. The priv/pub key will be stored on the directory /etc/atlas/\r
+4. Use the command '/etc/init.d/atlas get_key' to get the public key used for probe registration.\r
+ Make sure to copy the entire key and that the last value is the correct username\r
+5. Follow the instruction from the past command or go to 'https://atlas.ripe.net/apply/swprobe/'\r
+ and register your probe.\r
include $(TOPDIR)/rules.mk
PKG_NAME:=banip
-PKG_VERSION:=0.7.6
-PKG_RELEASE:=2
+PKG_VERSION:=0.7.8
+PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
* auto-add unsuccessful LuCI, nginx or ssh login attempts via 'dropbear'/'sshd' to local blacklist
* auto-add the uplink subnet to local whitelist
* black- and whitelist also accept domain names as input to allow IP filtering based on these names
+* supports a 'whitelist only' mode, this option allows to restrict Internet access from/to a small number of secure websites/IPs
* provides a small background log monitor to ban unsuccessful login attempts in real-time
* per source configuration of SRC (incoming) and DST (outgoing)
* integrated IPSet-Lookup
| ban_logdst_enabled | option | 0 | enable the dst-related logchain |
| ban_autoblacklist | option | 1 | add suspicious IPs automatically to the local blacklist |
| ban_autowhitelist | option | 1 | add wan IPs/subnets automatically to the local whitelist |
+| ban_whitelistonly | option | 0 | allow to restrict Internet access from/to a small number of secure websites/IPs |
| ban_maxqueue | option | 4 | size of the download queue to handle downloads and processing in parallel |
| ban_reportdir | option | /tmp/banIP-Report | directory where banIP stores the report files |
| ban_backupdir | option | /tmp/banIP-Backup | directory where banIP stores the compressed backup files |
~# /etc/init.d/banip status
::: banIP runtime information
+ status : enabled
- + version : 0.7.5
- + ipset_info : 27 IPSets with 280704 IPs/Prefixes
- + active_sources : blacklist, country, darklist, debl, doh, drop, dshield, feodo, firehol1, greensnow, iblockspy, nix
- spam, sslbl, talos, threat, tor, uceprotect1, voip, whitelist, yoyo
- + active_devs : eth3
- + active_ifaces : wan, wan6
- + active_logterms : dropbear, luci
- + active_subnets : xxx.xxx.x.xxx/24, xxxx:xxxx:xxxx:0:xxxx:xxxx:xxxx:xxxx/64
- + run_infos : settype: src+dst, backup_dir: /mnt/data/banIP/backup, report_dir: /mnt/data/banIP/report
- + run_flags : protocols (4/6): ✔/✔, log (src/dst): ✔/✘, monitor: ✔, mail: ✔
- + last_run : refresh, 0m 15s, 4019/3743/3784, 15.03.2021 09:28:01
- + system : PC Engines apu4, OpenWrt SNAPSHOT r16186-bf4aa0c6a2
+ + version : 0.7.7
+ + ipset_info : 2 IPSets with 30 IPs/Prefixes
+ + active_sources : whitelist
+ + active_devs : wlan0
+ + active_ifaces : trm_wwan, trm_wwan6
+ + active_logterms : dropbear, sshd, luci, nginx
+ + active_subnets : xxx.xxx.xxx.xxx/24, xxxx:xxxx:xxxx:xx::xxx/128
+ + run_infos : settype: src+dst, backup_dir: /tmp/banIP-Backup, report_dir: /tmp/banIP-Report
+ + run_flags : protocols (4/6): ✔/✔, log (src/dst): ✔/✘, monitor: ✔, mail: ✘, whitelist only: ✔
+ + last_run : restart, 0m 3s, 122/30/14, 21.04.2021 20:14:36
+ + system : TP-Link RE650 v1, OpenWrt SNAPSHOT r16574-f7e00d81bc
</code></pre>
**black-/whitelist handling:**
Unsuccessful LuCI logins, suspicious nginx request or ssh login attempts via 'dropbear'/'sshd' could be tracked and automatically added to the local blacklist (see the 'ban_autoblacklist' option). Furthermore the uplink subnet could be automatically added to local whitelist (see 'ban_autowhitelist' option). The list behaviour could be further tweaked with different timeout and counter options (see the config options section above).
Last but not least, both lists also accept domain names as input to allow IP filtering based on these names. The corresponding IPs (IPv4 & IPv6) will be resolved in a detached background process and added to the IPsets. The detached name lookup takes place only during 'restart' or 'reload' action, 'start' and 'refresh' actions are using an auto-generated backup instead.
+**whitelist-only mode:**
+banIP supports a "whitelist only" mode. This option allows to restrict the internet access from/to a small number of secure websites/IPs, and block access from/to the rest of the internet. All IPs and Domains which are _not_ listed in the whitelist are blocked. Please note: suspend/resume does not work in this mode.
+
**generate an IPSet report:**
<pre><code>
~# /etc/init.d/banip report
export LC_ALL=C
export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
set -o pipefail
-ban_ver="0.7.6"
+ban_ver="0.7.8"
ban_enabled="0"
ban_mail_enabled="0"
ban_proto4_enabled="0"
ban_autodetect="1"
ban_autoblacklist="1"
ban_autowhitelist="1"
+ban_whitelistonly="0"
ban_logterms=""
ban_loglimit="100"
ban_ssh_logcount="3"
ban_wan_forwardchains_6=""
ban_action="${1:-"start"}"
ban_pidfile="/var/run/banip.pid"
+ban_bgpidfile="/var/run/banip_bg.pid"
ban_tmpbase="/tmp"
ban_rtfile="${ban_tmpbase}/ban_runtime.json"
ban_srcfile="${ban_tmpbase}/ban_sources.json"
fi
ban_localsources="${ban_localsources:-"maclist whitelist blacklist"}"
ban_logterms="${ban_logterms:-"dropbear sshd luci nginx"}"
- f_log "debug" "f_conf ::: ifaces: ${ban_ifaces:-"-"}, chain: ${ban_chain}, set_type: ${ban_global_settype}, log_chains (src/dst): ${ban_logchain_src}/${ban_logchain_dst}, targets (src/dst): ${ban_target_src}/${ban_target_dst}"
+ f_log "debug" "f_conf ::: ifaces: ${ban_ifaces:-"-"}, chain: ${ban_chain}, set_type: ${ban_global_settype}, log_chains (src/dst): ${ban_logchain_src}/${ban_logchain_dst}, targets (src/dst): ${ban_target_src}/${ban_target_dst}, whitelist_only: ${ban_whitelistonly}"
f_log "debug" "f_conf ::: lan_inputs (4/6): ${ban_lan_inputchains_4}/${ban_lan_inputchains_6}, lan_forwards (4/6): ${ban_lan_forwardchains_4}/${ban_lan_forwardchains_6}, wan_inputs (4/6): ${ban_wan_inputchains_4}/${ban_wan_inputchains_6}, wan_forwards (4/6): ${ban_wan_forwardchains_4}/${ban_wan_forwardchains_6}"
f_log "debug" "f_conf ::: local_sources: ${ban_localsources:-"-"}, extra_sources: ${ban_extrasources:-"-"}, log_terms: ${ban_logterms:-"-"}, log_prefixes (src/dst): ${ban_logprefix_src}/${ban_logprefix_dst}, log_options (src/dst): ${ban_logopts_src}/${ban_logopts_dst}"
}
f_iptrule "-D" "${ban_chain}" "-o ${dev} -m set --match-set ${src_name} src -j RETURN"
elif [ "${src_name%_*}" = "whitelist" ]
then
+ f_iptrule "-D" "${ban_chain}" "-i ${dev} -m set ! --match-set ${src_name} src -j ${ban_logtarget_src}"
+ f_iptrule "-D" "${ban_chain}" "-o ${dev} -m set ! --match-set ${src_name} dst -j ${ban_logtarget_dst}"
+ f_iptrule "-D" "${ban_chain}" "-i ${dev} -m set ! --match-set ${src_name} src -j ${ban_logchain_src}"
+ f_iptrule "-D" "${ban_chain}" "-o ${dev} -m set ! --match-set ${src_name} dst -j ${ban_logchain_dst}"
f_iptrule "-D" "${ban_chain}" "-i ${dev} -m set --match-set ${src_name} src -j RETURN"
f_iptrule "-D" "${ban_chain}" "-o ${dev} -m set --match-set ${src_name} dst -j RETURN"
else
elif [ "${src_name%_*}" = "whitelist" ]
then
pos="$(( $("${ipt_cmd}" "${timeout}" -vnL "${ban_chain}" --line-numbers | grep -cF "RETURN")+1))"
- f_iptrule "-I" "${ban_chain}" "-i ${dev} -m set --match-set ${src_name} src -j RETURN" "${pos}"
+ if [ "${ban_whitelistonly}" = "1" ]
+ then
+ f_iptrule "-I" "${ban_chain}" "-i ${dev} -m set ! --match-set ${src_name} src -j ${ban_target_src}" "${pos}"
+ else
+ f_iptrule "-I" "${ban_chain}" "-i ${dev} -m set --match-set ${src_name} src -j RETURN" "${pos}"
+ fi
else
f_iptrule "${action:-"-A"}" "${ban_chain}" "-i ${dev} -m set --match-set ${src_name} src -j ${ban_target_src}"
fi
if [ "${src_name%_*}" = "whitelist" ]
then
pos="$(( $("${ipt_cmd}" "${timeout}" -vnL "${ban_chain}" --line-numbers | grep -cF "RETURN")+1))"
- f_iptrule "-I" "${ban_chain}" "-o ${dev} -m set --match-set ${src_name} dst -j RETURN" "${pos}"
+ if [ "${ban_whitelistonly}" = "1" ]
+ then
+ f_iptrule "-I" "${ban_chain}" "-o ${dev} -m set ! --match-set ${src_name} dst -j ${ban_target_dst}" "${pos}"
+ else
+ f_iptrule "-I" "${ban_chain}" "-o ${dev} -m set --match-set ${src_name} dst -j RETURN" "${pos}"
+ fi
elif [ "${src_name}" != "maclist" ]
then
f_iptrule "${action:-"-A"}" "${ban_chain}" "-o ${dev} -m set --match-set ${src_name} dst -j ${ban_target_dst}"
fi
}
+# kill all relevant background processes
+#
+f_pidx()
+{
+ local pids ppid="${1}"
+
+ pids="$(pgrep -P "${ppid}" 2>/dev/null | awk '{ORS=" ";print $0}')"
+ kill -HUP "${ppid}" "${pids}" 2>/dev/null
+ > "${ban_bgpidfile}"
+}
+
# start log service to trace failed ssh/luci logins
#
f_bgsrv()
{
local bg_pid action="${1}"
- bg_pid="$(pgrep -f "^/bin/sh ${ban_logservice}|${ban_logread_cmd}|^grep -qE Exit before auth|^grep -qE error: maximum|^grep -qE luci: failed|^grep -qE nginx" | awk '{ORS=" "; print $1}')"
- if [ "${action}" = "start" ] && [ -x "${ban_logservice}" ] && [ "${ban_monitor_enabled}" = "1" ]
+ bg_pid="$(cat "${ban_bgpidfile}" 2>/dev/null)"
+ if [ "${action}" = "start" ] && [ -x "${ban_logservice}" ] && [ "${ban_monitor_enabled}" = "1" ] && [ "${ban_whitelistonly}" = "0" ]
then
if [ -n "${bg_pid}" ]
then
- kill -HUP "${bg_pid}" 2>/dev/null
+ f_pidx "${bg_pid}"
fi
if [ -n "$(printf "%s\n" "${ban_logterms}" | grep -F "dropbear")" ]
then
then
ban_search="${ban_search}nginx\[[0-9]+\]:.*\[error\].*open().*client: [[:alnum:].:]+|"
fi
- ( "${ban_logservice}" "${ban_ver}" "${ban_search%?}" & )
- elif [ "${action}" = "stop" ] && [ -n "${bg_pid}" ]
+ (
+ "${ban_logservice}" "${ban_ver}" "${ban_search%?}" &
+ printf "%s" "${!}" > "${ban_bgpidfile}"
+ )
+ elif { [ "${action}" = "stop" ] || [ "${ban_monitor_enabled}" = "0" ]; } && [ -n "${bg_pid}" ]
then
- kill -HUP "${bg_pid}" 2>/dev/null
+ f_pidx "${bg_pid}"
fi
- f_log "debug" "f_bgsrv ::: action: ${action:-"-"}, bg_pid: ${bg_pid:-"-"}, monitor_enabled: ${ban_monitor_enabled:-"-"}, log_service: ${ban_logservice:-"-"}"
+ f_log "debug" "f_bgsrv ::: action: ${action:-"-"}, bg_pid (old/new): ${bg_pid}/$(cat "${ban_bgpidfile}" 2>/dev/null), monitor_enabled: ${ban_monitor_enabled:-"-"}, log_service: ${ban_logservice:-"-"}"
}
# download controller
fi
if [ "${ban_proto4_enabled}" = "1" ]
then
- if [ "${src_name}" = "blacklist" ] && [ -s "${ban_blacklist}" ]
+ if [ "${src_name}" = "blacklist" ] && [ -s "${ban_blacklist}" ] && [ "${ban_whitelistonly}" = "0" ]
then
(
src_rule_4="/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add ${src_name}_4 \"\$1}"
fi
if [ "${ban_proto6_enabled}" = "1" ]
then
- if [ "${src_name}" = "blacklist" ] && [ -s "${ban_blacklist}" ]
+ if [ "${src_name}" = "blacklist" ] && [ -s "${ban_blacklist}" ] && [ "${ban_whitelistonly}" = "0" ]
then
(
src_rule_6="/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print \"add ${src_name}_6 \"\$1}"
# loop over all external sources
#
- for src_name in ${ban_sources}
- do
- # get source data from JSON file
- #
- json_select "${src_name}" >/dev/null 2>&1
- if [ "${?}" != "0" ]
- then
- continue
- fi
- json_objects="url_4 rule_4 url_6 rule_6 comp"
- for object in ${json_objects}
+ if [ "${ban_whitelistonly}" = "0" ]
+ then
+ for src_name in ${ban_sources}
do
- eval json_get_var src_${object} "\${object}" >/dev/null 2>&1
- done
- json_select ..
+ # get source data from JSON file
+ #
+ json_select "${src_name}" >/dev/null 2>&1
+ if [ "${?}" != "0" ]
+ then
+ continue
+ fi
+ json_objects="url_4 rule_4 url_6 rule_6 comp"
+ for object in ${json_objects}
+ do
+ eval json_get_var src_${object} "\${object}" >/dev/null 2>&1
+ done
+ json_select ..
- # handle external IPv4 source downloads in a subshell
- #
- if [ "${ban_proto4_enabled}" = "1" ] && [ -n "${src_url_4}" ] && [ -n "${src_rule_4}" ]
- then
- (
- f_down "${src_name}" "4" "inet" "${src_url_4}" "${src_rule_4}" "${src_comp}"
- )&
- fi
+ # handle external IPv4 source downloads in a subshell
+ #
+ if [ "${ban_proto4_enabled}" = "1" ] && [ -n "${src_url_4}" ] && [ -n "${src_rule_4}" ]
+ then
+ (
+ f_down "${src_name}" "4" "inet" "${src_url_4}" "${src_rule_4}" "${src_comp}"
+ )&
+ fi
- # handle external IPv6 source downloads in a subshell
- #
- if [ "${ban_proto6_enabled}" = "1" ] && [ -n "${src_url_6}" ] && [ -n "${src_rule_6}" ]
- then
- (
- f_down "${src_name}" "6" "inet6" "${src_url_6}" "${src_rule_6}" "${src_comp}"
- )&
- fi
+ # handle external IPv6 source downloads in a subshell
+ #
+ if [ "${ban_proto6_enabled}" = "1" ] && [ -n "${src_url_6}" ] && [ -n "${src_rule_6}" ]
+ then
+ (
+ f_down "${src_name}" "6" "inet6" "${src_url_6}" "${src_rule_6}" "${src_comp}"
+ )&
+ fi
- # control/limit download queues
- #
- hold=$((cnt%ban_maxqueue))
- if [ "${hold}" = "0" ]
- then
- wait
- fi
- cnt=$((cnt+1))
- done
- wait
+ # control/limit download queues
+ #
+ hold=$((cnt%ban_maxqueue))
+ if [ "${hold}" = "0" ]
+ then
+ wait
+ fi
+ cnt=$((cnt+1))
+ done
+ wait
+ fi
# error out
#
json_select ".."
done
content="$(cat "${report_txt}" 2>/dev/null)"
+ rm -f "${report_txt}"
fi
# report output
done
json_close_array
json_add_string "run_infos" "settype: ${ban_global_settype}, backup_dir: ${ban_backupdir}, report_dir: ${ban_reportdir}"
- json_add_string "run_flags" "protocols (4/6): $(f_char ${ban_proto4_enabled})/$(f_char ${ban_proto6_enabled}), log (src/dst): $(f_char ${ban_logsrc_enabled})/$(f_char ${ban_logdst_enabled}), monitor: $(f_char ${ban_monitor_enabled}), mail: $(f_char ${ban_mail_enabled})"
+ json_add_string "run_flags" "protocols (4/6): $(f_char ${ban_proto4_enabled})/$(f_char ${ban_proto6_enabled}), log (src/dst): $(f_char ${ban_logsrc_enabled})/$(f_char ${ban_logdst_enabled}), monitor: $(f_char ${ban_monitor_enabled}), mail: $(f_char ${ban_mail_enabled}), whitelist only: $(f_char ${ban_whitelistonly})"
json_add_string "last_run" "${runtime:-"-"}"
json_add_string "system" "${ban_sysver}"
json_dump > "${ban_rtfile}"
f_main
;;
"suspend")
- if [ "${ban_status}" = "enabled" ]
+ if [ "${ban_status}" = "enabled" ] && [ "${ban_whitelistonly}" = "0" ]
then
f_bgsrv "stop"
f_jsnup "running"
f_rmtmp
;;
"resume")
- if [ "${ban_status}" = "paused" ]
+ if [ "${ban_status}" = "paused" ] && [ "${ban_whitelistonly}" = "0" ]
then
f_env
f_main
include $(TOPDIR)/rules.mk
PKG_NAME:=bind
-PKG_VERSION:=9.17.11
+PKG_VERSION:=9.17.12
PKG_RELEASE:=$(AUTORELEASE)
USERID:=bind=57:bind=57
PKG_SOURCE_URL:= \
https://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) \
https://ftp.isc.org/isc/bind9/$(PKG_VERSION)
-PKG_HASH:=00de7bad9291121f3b93e70a6959b540b002f742774823c358c7a416c2e2ed4b
+PKG_HASH:=e77951eaa4aaa92b30e6f3ff6c915081a21c8cc70000e7f25a7a285eed0acbe7
PKG_FIXUP:=autoreconf
PKG_REMOVE_FILES:=aclocal.m4 libtool.m4
+++ /dev/null
-From a9f883cbc28b865d312918368772627cf9610a2f Mon Sep 17 00:00:00 2001
-From: Mark Andrews <marka@isc.org>
-Date: Tue, 16 Mar 2021 21:58:55 +0000
-Subject: [PATCH] Stop using deprecated calls in lib/isc/tls.c
-
-from Rosen Penev @neheb
----
- lib/isc/tls.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
---- a/lib/isc/tls.c
-+++ b/lib/isc/tls.c
-@@ -12,10 +12,12 @@
- #include <inttypes.h>
- #include <nghttp2/nghttp2.h>
-
-+#include <openssl/bn.h>
- #include <openssl/conf.h>
- #include <openssl/err.h>
- #include <openssl/opensslv.h>
- #include <openssl/rand.h>
-+#include <openssl/rsa.h>
-
- #include <isc/atomic.h>
- #include <isc/log.h>
-@@ -274,11 +276,19 @@ isc_tlsctx_createserver(const char *keyf
- rsa = NULL;
- ASN1_INTEGER_set(X509_get_serialNumber(cert), 1);
-
-+#if OPENSSL_VERSION_NUMBER < 0x10101000L
- X509_gmtime_adj(X509_get_notBefore(cert), 0);
-+#else
-+ X509_gmtime_adj(X509_getm_notBefore(cert), 0);
-+#endif
- /*
- * We set the vailidy for 10 years.
- */
-+#if OPENSSL_VERSION_NUMBER < 0x10101000L
- X509_gmtime_adj(X509_get_notAfter(cert), 3650 * 24 * 3600);
-+#else
-+ X509_gmtime_adj(X509_getm_notAfter(cert), 3650 * 24 * 3600);
-+#endif
-
- X509_set_pubkey(cert, pkey);
-
PKG_NAME:=conntrack-tools
PKG_VERSION:=1.4.6
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://www.netfilter.org/projects/conntrack-tools/files
--- /dev/null
+--- a/src/build.c
++++ b/src/build.c
+@@ -66,7 +66,14 @@ ct_build_u32(const struct nf_conntrack *
+ }
+
+ static inline void
+-ct_build_u128(const struct nf_conntrack *ct, int a, struct nethdr *n, int b)
++ct_build_be32(const struct nf_conntrack *ct, int a, struct nethdr *n, int b)
++{
++ uint32_t data = nfct_get_attr_u32(ct, a);
++ addattr(n, b, &data, sizeof(uint32_t));
++}
++
++static inline void
++ct_build_be128(const struct nf_conntrack *ct, int a, struct nethdr *n, int b)
+ {
+ const char *data = nfct_get_attr(ct, a);
+ addattr(n, b, data, sizeof(uint32_t) * 4);
+@@ -279,18 +286,18 @@ void ct2msg(const struct nf_conntrack *c
+ switch (nfct_get_attr_u8(ct, ATTR_ORIG_L3PROTO)) {
+ case AF_INET:
+ if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT))
+- ct_build_u32(ct, ATTR_REPL_IPV4_DST, n, NTA_SNAT_IPV4);
++ ct_build_be32(ct, ATTR_REPL_IPV4_DST, n, NTA_SNAT_IPV4);
+ if (nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT))
+- ct_build_u32(ct, ATTR_REPL_IPV4_SRC, n, NTA_DNAT_IPV4);
++ ct_build_be32(ct, ATTR_REPL_IPV4_SRC, n, NTA_DNAT_IPV4);
+ break;
+ case AF_INET6:
+ if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT)) {
+- ct_build_u128(ct, ATTR_REPL_IPV6_DST, n,
+- NTA_SNAT_IPV6);
++ ct_build_be128(ct, ATTR_REPL_IPV6_DST, n,
++ NTA_SNAT_IPV6);
+ }
+ if (nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT)) {
+- ct_build_u128(ct, ATTR_REPL_IPV6_SRC, n,
+- NTA_DNAT_IPV6);
++ ct_build_be128(ct, ATTR_REPL_IPV6_SRC, n,
++ NTA_DNAT_IPV6);
+ }
+ break;
+ default:
+--- a/src/parse.c
++++ b/src/parse.c
+@@ -29,7 +29,8 @@
+ static void ct_parse_u8(struct nf_conntrack *ct, int attr, void *data);
+ static void ct_parse_u16(struct nf_conntrack *ct, int attr, void *data);
+ static void ct_parse_u32(struct nf_conntrack *ct, int attr, void *data);
+-static void ct_parse_u128(struct nf_conntrack *ct, int attr, void *data);
++static void ct_parse_be32(struct nf_conntrack *ct, int attr, void *data);
++static void ct_parse_be128(struct nf_conntrack *ct, int attr, void *data);
+ static void ct_parse_str(struct nf_conntrack *ct,
+ const struct netattr *, void *data);
+ static void ct_parse_group(struct nf_conntrack *ct, int attr, void *data);
+@@ -108,12 +109,12 @@ static struct ct_parser h[NTA_MAX] = {
+ .size = NTA_SIZE(sizeof(struct nfct_attr_grp_port)),
+ },
+ [NTA_SNAT_IPV4] = {
+- .parse = ct_parse_u32,
++ .parse = ct_parse_be32,
+ .attr = ATTR_SNAT_IPV4,
+ .size = NTA_SIZE(sizeof(uint32_t)),
+ },
+ [NTA_DNAT_IPV4] = {
+- .parse = ct_parse_u32,
++ .parse = ct_parse_be32,
+ .attr = ATTR_DNAT_IPV4,
+ .size = NTA_SIZE(sizeof(uint32_t)),
+ },
+@@ -192,12 +193,12 @@ static struct ct_parser h[NTA_MAX] = {
+ .max_size = NTA_SIZE(NTA_LABELS_MAX_SIZE),
+ },
+ [NTA_SNAT_IPV6] = {
+- .parse = ct_parse_u128,
++ .parse = ct_parse_be128,
+ .attr = ATTR_SNAT_IPV6,
+ .size = NTA_SIZE(sizeof(uint32_t) * 4),
+ },
+ [NTA_DNAT_IPV6] = {
+- .parse = ct_parse_u128,
++ .parse = ct_parse_be128,
+ .attr = ATTR_DNAT_IPV6,
+ .size = NTA_SIZE(sizeof(uint32_t) * 4),
+ },
+@@ -229,7 +230,14 @@ ct_parse_u32(struct nf_conntrack *ct, in
+ }
+
+ static void
+-ct_parse_u128(struct nf_conntrack *ct, int attr, void *data)
++ct_parse_be32(struct nf_conntrack *ct, int attr, void *data)
++{
++ uint32_t *value = (uint32_t *) data;
++ nfct_set_attr_u32(ct, h[attr].attr, *value);
++}
++
++static void
++ct_parse_be128(struct nf_conntrack *ct, int attr, void *data)
+ {
+ nfct_set_attr(ct, h[attr].attr, data);
+ }
PKG_NAME:=fwknop
PKG_VERSION:=2.6.10
-PKG_RELEASE:=6
+PKG_RELEASE:=7
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://www.cipherdyne.org/fwknop/download
fi
}
-get_bool()
-{
- local _tmp="${1}"
- case "${_tmp}" in
- 1|on|true|yes|enabled) _tmp=1;;
- 0|off|false|no|disabled) _tmp=0;;
- *) _tmp="${2}";;
- esac
- echo -n "${_tmp}"
-}
-
generate_configuration()
{
[ -f /tmp/access.conf.tmp ] && rm /tmp/access.conf.tmp
PKG_NAME:=gnunet-fuse
-PKG_VERSION:=0.13.0
-PKG_RELEASE:=1
+PKG_VERSION:=0.14.0
+PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@GNU/gnunet
-PKG_HASH:=3c176dcf0bd1950edd00aebf207c4f0d1d2e8a5cb5099dbf193398aa5c6f3421
+PKG_HASH:=4e7d470e2a119e13e4fa8ca9d2b7db58a90bf415dde099499f9e189b4319d774
PKG_LICENSE:=GPL-3.0
PKG_LICENSE_FILES:=COPYING
PKG_NAME:=gnunet
-PKG_VERSION:=0.13.3
-PKG_RELEASE:=4
+PKG_VERSION:=0.14.1
+PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@GNU/gnunet
-PKG_HASH:=318e06c4134d1a8ce3b4385d82b11316eaaeb9a4dbc5d4b646453dfc53199296
+PKG_HASH:=4a3205c570c30756f1a8b1ad0f1a63d078a92f0fac8e543471d54f4552da18c2
PKG_LICENSE:=AGPL-3.0
PKG_LICENSE_FILES:=COPYING
core datacache dht dns fragmentation friends hello \
identity natauto natnew nse nt peerinfo peerstore regexblock regex revocation \
scalarproduct set seti setu statistics transport transportapplication \
- transportcommunicator transportcore transportmonitor util; do \
+ transportcore transportmonitor util; do \
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libgnunet$$$$lib.so* $(1)/usr/lib/ ; \
done )
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/gnunet/libexec/gnunet-$$$$lex $(1)/usr/lib/gnunet/libexec ; \
done )
- ( for conf in arm ats cadet communicator-unix core datacache dht identity \
+ ( for conf in arm ats cadet core datacache dht identity \
nat nat-auto nse peerinfo peerstore regex revocation \
scalarproduct set seti setu statistics topology transport util; do \
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/gnunet/config.d/$$$$conf.conf $(1)/usr/share/gnunet/config.d ; \
LIBEXEC_datastore:=service-datastore
CONF_datastore:=datastore
+BIN_messenger:=messenger
+LIB_messenger:=messenger
+LIBEXEC_messenger:=service-messenger
+CONF_messenger:=messenger
DEPENDS_reclaim:=+gnunet-gns +gnunet-sqlite +libpbc +libgabe +jansson
BIN_reclaim:=reclaim
PLUGIN_reclaim:=block_consensus gnsrecord_reclaim reclaim_credential_jwt reclaim_attribute_basic
DEPENDS_rest:=+gnunet-gns +gnunet-reclaim +libmicrohttpd-ssl +jansson
-LIB_rest:=rest json
+LIB_rest:=rest json gnsrecordjson
PLUGIN_rest:=rest_config rest_copying rest_gns rest_identity rest_namestore rest_peerinfo rest_openid_connect rest_reclaim
LIBEXEC_rest:=rest-server
CONF_rest:=rest
PLUGIN_gns-pgsql:=namecache_postgres namestore_postgres
CONFLICTS_gns-pgsql:=gnunet-gns-sqlite gnunet-gns-flat
-
DEPENDS_sqlite:=+libsqlite3
LIB_sqlite:=sq
$(eval $(call PostInstFixSUIDPerms,gnunet-vpn))
$(eval $(call BuildPackage,gnunet))
-$(eval $(call BuildComponent,abd,credential service components,))
+#$(eval $(call BuildComponent,abd,credential service components,))
$(eval $(call BuildComponent,auction,auction components,))
$(eval $(call BuildComponent,conversation,conversation component,))
$(eval $(call BuildComponent,curl,cURL wrapper component,))
$(eval $(call BuildComponent,gns,name resolution components,y))
$(eval $(call BuildComponent,gns-proxy,gns-proxy component,))
$(eval $(call BuildComponent,hostlist,HTTP bootstrap hostlist client and server,y))
+$(eval $(call BuildComponent,messenger,group chat messenger,))
$(eval $(call BuildComponent,reclaim,reclaim identity-provider subsystem,))
$(eval $(call BuildComponent,rest,REST interface,))
$(eval $(call BuildComponent,rps,RPS routing component,y))
include $(TOPDIR)/rules.mk
PKG_NAME:=haproxy
-PKG_VERSION:=2.2.13
+PKG_VERSION:=2.2.14
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.haproxy.org/download/2.2/src
-PKG_HASH:=9e3e51441c70bedfb494fc9d4b4d3389a71be9a3c915ba3d6f7e8fd9a57ce160
+PKG_HASH:=6a9b702f04b07786f3e5878de8172a727acfdfdbc1cefe1c7a438df372f2fb61
PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>, \
Christian Lachner <gladiac@gmail.com>
#!/bin/sh
CLONEURL=https://git.haproxy.org/git/haproxy-2.2.git
-BASE_TAG=v2.2.13
+BASE_TAG=v2.2.14
TMP_REPODIR=tmprepo
PATCHESDIR=patches
PKG_NAME:=isc-dhcp
UPSTREAM_NAME:=dhcp
PKG_VERSION:=4.4.1
-PKG_RELEASE:=17
+PKG_RELEASE:=18
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE
echo $(( number * multiplier ))
}
+trim()
+{
+ local arg="$1"
+
+ echo "$arg" | sed -e 's/^ *//' -e 's/ *$//'
+}
+
# duplicated from dnsmasq init script
hex_to_hostid() {
local var="$1"
for tuple in $tuples; do
local network prefix router save octets compacted
+ tuple="$(trim "$tuple")"
+
save="${tuple% *}"
- router="${tuple#${save} }"
+ router="$(trim "${tuple#${save} }")"
+
+ network="$(trim "${save%/[0-9]*}")"
- network="${save%/[0-9]*}"
- prefix="${save##${network}}"
- prefix="${prefix:1}"
+ prefix="$(trim "${save##${network}/}")"
octets=$((($prefix + 7) / 8))
compacted="$(echo "$network" | cut -d. -f1-$octets)"
include $(TOPDIR)/rules.mk
PKG_NAME:=knxd
-PKG_VERSION:=0.14.50
+PKG_VERSION:=0.14.51
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/knxd/knxd/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=c9189dc0b05b208b06be311d2792ce11092aee8d51d04083568ae49bd10b7cd8
+PKG_HASH:=c8378bc6f671a5ab75edb51b23e839ee1adcdd00b372314ca9d2bdcd37fb70fb
PKG_MAINTAINER:=Othmar Truniger <github@truniger.ch>
PKG_LICENSE:=GPL-2.0-or-later
--- a/tools/version.sh
+++ b/tools/version.sh
-@@ -1,5 +1,3 @@
- #!/bin/sh
+@@ -7,6 +7,4 @@ if test -s debian/changelog ; then
+ exit
+ fi
-test -d .git || exit
-# git describe --tags
-git log --format=format:%D | perl -ne 'next unless s#.*tag: ##; s#,.*##; next if m#/#; print; exit;'
-+echo -n "0.14.50"
++echo -n "0.14.51"
include $(TOPDIR)/rules.mk
PKG_NAME:=ksmbd-tools
-PKG_VERSION:=3.3.8
+PKG_VERSION:=3.3.9
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/cifsd-team/ksmbd-tools/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=fb8cef085c740c72700ccee324fb1510774602c43ed1d32a5453c05f5d117188
+PKG_HASH:=7c2c86130912d780df69f26d797d4bd88cf31876a86fdad17032ab684bfe7d8a
PKG_MAINTAINER:=Andy Walsh <andy.walsh44+github@gmail.com>
PKG_LICENSE:=GPL-2.0-or-later
PKG_NAME:=lighttpd
PKG_VERSION:=1.4.59
-PKG_RELEASE:=1
+PKG_RELEASE:=2
# release candidate ~rcX testing; remove for release
#PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-1.4.59
### Features
#https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails
-server.feature-flags += ("server.h2proto" => "enable")
-server.feature-flags += ("server.h2c" => "enable")
server.feature-flags += ("server.graceful-shutdown-timeout" => 5)
#server.feature-flags += ("server.graceful-restart-bg" => "enable")
--- /dev/null
+From 1ca25d4e2cfeb83c844ad52b9c94eac218c71379 Mon Sep 17 00:00:00 2001
+From: Glenn Strauss <gstrauss@gluelogic.com>
+Date: Thu, 4 Feb 2021 00:22:12 -0500
+Subject: [PATCH] [core] 101 upgrade fails if Content-Length incl (fixes #3063)
+
+(thx daimh)
+
+commit 903024d7 in lighttpd 1.4.57 fixed issue #3046 but in the process
+broke HTTP/1.1 101 Switching Protocols which included Content-Length: 0
+in the response headers. Content-Length response header is permitted
+by the RFCs, but not necessary with HTTP status 101 Switching Protocols.
+
+x-ref:
+ "websocket proxy fails if 101 Switching Protocols from backend includes Content-Length"
+ https://redmine.lighttpd.net/issues/3063
+
+Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
+---
+ src/http-header-glue.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/src/http-header-glue.c
++++ b/src/http-header-glue.c
+@@ -961,6 +961,7 @@ void http_response_upgrade_read_body_unk
+ (FDEVENT_STREAM_RESPONSE_BUFMIN | FDEVENT_STREAM_RESPONSE);
+ r->conf.stream_request_body |= FDEVENT_STREAM_REQUEST_POLLIN;
+ r->reqbody_length = -2;
++ r->resp_body_scratchpad = -1;
+ r->keep_alive = 0;
+ }
+
--- /dev/null
+From 4a600dabd5e2799bf0c3048859ee4f00808b7d89 Mon Sep 17 00:00:00 2001
+From: Glenn Strauss <gstrauss@gluelogic.com>
+Date: Sat, 6 Feb 2021 08:29:41 -0500
+Subject: [PATCH] [mod_auth] close HTTP/2 connection after bad pass
+
+mitigation slows down brute force password attacks
+
+x-ref:
+ "Possible feature: authentication brute force hardening"
+ https://redmine.lighttpd.net/boards/3/topics/8885
+
+Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
+---
+ src/connections.c | 22 +++++++++++++++++++++-
+ src/mod_accesslog.c | 2 +-
+ src/mod_auth.c | 6 +++---
+ src/reqpool.c | 1 +
+ src/request.h | 2 +-
+ src/response.c | 4 ++--
+ 6 files changed, 29 insertions(+), 8 deletions(-)
+
+--- a/src/connections.c
++++ b/src/connections.c
+@@ -228,7 +228,7 @@ static void connection_handle_response_e
+ }
+ }
+
+- if (r->keep_alive) {
++ if (r->keep_alive > 0) {
+ request_reset(r);
+ config_reset_config(r);
+ con->is_readable = 1; /* potentially trigger optimistic read */
+@@ -1265,6 +1265,19 @@ connection_set_fdevent_interest (request
+ }
+
+
++__attribute_cold__
++static void
++connection_request_end_h2 (request_st * const h2r, connection * const con)
++{
++ if (h2r->keep_alive >= 0) {
++ h2r->keep_alive = -1;
++ h2_send_goaway(con, H2_E_NO_ERROR);
++ }
++ else /*(abort connection upon second request to close h2 connection)*/
++ h2_send_goaway(con, H2_E_ENHANCE_YOUR_CALM);
++}
++
++
+ static void
+ connection_state_machine_h2 (request_st * const h2r, connection * const con)
+ {
+@@ -1359,8 +1372,15 @@ connection_state_machine_h2 (request_st
+ && !chunkqueue_is_empty(con->read_queue))
+ resched |= 1;
+ h2_send_end_stream(r, con);
++ const int alive = r->keep_alive;
+ h2_retire_stream(r, con);/*r invalidated;removed from h2c->r[]*/
+ --i;/* adjust loop i; h2c->rused was modified to retire r */
++ /*(special-case: allow *stream* to set r->keep_alive = -1 to
++ * trigger goaway on h2 connection, e.g. after mod_auth failure
++ * in attempt to mitigate brute force attacks by forcing a
++ * reconnect and (somewhat) slowing down retries)*/
++ if (alive < 0)
++ connection_request_end_h2(h2r, con);
+ }
+ }
+ }
+--- a/src/mod_accesslog.c
++++ b/src/mod_accesslog.c
+@@ -1108,7 +1108,7 @@ static int log_access_record (const requ
+ break;
+ case FORMAT_CONNECTION_STATUS:
+ if (r->state == CON_STATE_RESPONSE_END) {
+- if (0 == r->keep_alive) {
++ if (r->keep_alive <= 0) {
+ buffer_append_string_len(b, CONST_STR_LEN("-"));
+ } else {
+ buffer_append_string_len(b, CONST_STR_LEN("+"));
+--- a/src/mod_auth.c
++++ b/src/mod_auth.c
+@@ -828,7 +828,7 @@ static handler_t mod_auth_check_basic(re
+ log_error(r->conf.errh, __FILE__, __LINE__,
+ "password doesn't match for %s username: %s IP: %s",
+ r->uri.path.ptr, username->ptr, r->con->dst_addr_buf->ptr);
+- r->keep_alive = 0; /*(disable keep-alive if bad password)*/
++ r->keep_alive = -1; /*(disable keep-alive if bad password)*/
+ rc = HANDLER_UNSET;
+ break;
+ }
+@@ -1461,7 +1461,7 @@ static handler_t mod_auth_check_digest(r
+ return HANDLER_FINISHED;
+ case HANDLER_ERROR:
+ default:
+- r->keep_alive = 0; /*(disable keep-alive if unknown user)*/
++ r->keep_alive = -1; /*(disable keep-alive if unknown user)*/
+ buffer_free(b);
+ return mod_auth_send_401_unauthorized_digest(r, require, 0);
+ }
+@@ -1482,7 +1482,7 @@ static handler_t mod_auth_check_digest(r
+ log_error(r->conf.errh, __FILE__, __LINE__,
+ "digest: auth failed for %s: wrong password, IP: %s",
+ username, r->con->dst_addr_buf->ptr);
+- r->keep_alive = 0; /*(disable keep-alive if bad password)*/
++ r->keep_alive = -1; /*(disable keep-alive if bad password)*/
+
+ buffer_free(b);
+ return mod_auth_send_401_unauthorized_digest(r, require, 0);
+--- a/src/reqpool.c
++++ b/src/reqpool.c
+@@ -58,6 +58,7 @@ request_reset (request_st * const r)
+ http_response_reset(r);
+
+ r->loops_per_request = 0;
++ r->keep_alive = 0;
+
+ r->h2state = 0; /* H2_STATE_IDLE */
+ r->h2id = 0;
+--- a/src/request.h
++++ b/src/request.h
+@@ -175,7 +175,7 @@ struct request_st {
+ char resp_header_repeated;
+
+ char loops_per_request; /* catch endless loops in a single request */
+- char keep_alive; /* only request.c can enable it, all other just disable */
++ int8_t keep_alive; /* only request.c can enable it, all other just disable */
+ char async_callback;
+
+ buffer *tmp_buf; /* shared; same as srv->tmp_buf */
+--- a/src/response.c
++++ b/src/response.c
+@@ -103,9 +103,9 @@ http_response_write_header (request_st *
+ if (light_btst(r->resp_htags, HTTP_HEADER_UPGRADE)
+ && r->http_version == HTTP_VERSION_1_1) {
+ http_header_response_set(r, HTTP_HEADER_CONNECTION, CONST_STR_LEN("Connection"), CONST_STR_LEN("upgrade"));
+- } else if (0 == r->keep_alive) {
++ } else if (r->keep_alive <= 0) {
+ http_header_response_set(r, HTTP_HEADER_CONNECTION, CONST_STR_LEN("Connection"), CONST_STR_LEN("close"));
+- } else if (r->http_version == HTTP_VERSION_1_0) {/*(&& r->keep_alive != 0)*/
++ } else if (r->http_version == HTTP_VERSION_1_0) {/*(&& r->keep_alive > 0)*/
+ http_header_response_set(r, HTTP_HEADER_CONNECTION, CONST_STR_LEN("Connection"), CONST_STR_LEN("keep-alive"));
+ }
+
--- /dev/null
+From aa81834bc3ff47aa5cc66b6763678d3cf47a3d54 Mon Sep 17 00:00:00 2001
+From: Glenn Strauss <gstrauss@gluelogic.com>
+Date: Fri, 12 Mar 2021 20:03:38 -0500
+Subject: [PATCH] [mod_openssl] skip cert chain build if self-issued
+
+If cert is self-issued, then do not attempt to build certificate chain.
+
+(Attempting to build certificate chain when chain is not provided, but
+ ssl.ca-file is specified, is provided as backward compatible behavior
+ from lighttpd versions prior to lighttpd 1.4.56)
+
+Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
+---
+ src/mod_openssl.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/src/mod_openssl.c
++++ b/src/mod_openssl.c
+@@ -103,6 +103,7 @@ typedef struct {
+ time_t ssl_stapling_loadts;
+ time_t ssl_stapling_nextts;
+ char must_staple;
++ char self_issued;
+ } plugin_cert;
+
+ typedef struct {
+@@ -1081,7 +1082,7 @@ mod_openssl_cert_cb (SSL *ssl, void *arg
+ #if !defined(BORINGSSL_API_VERSION) \
+ && !defined(LIBRESSL_VERSION_NUMBER)
+ /* (missing SSL_set1_chain_cert_store() and SSL_build_cert_chain()) */
+- else if (hctx->conf.ssl_ca_file) {
++ else if (hctx->conf.ssl_ca_file && !pc->self_issued) {
+ /* preserve legacy behavior whereby openssl will reuse CAs trusted for
+ * certificate verification (set by SSL_CTX_load_verify_locations() in
+ * SSL_CTX) in order to build certificate chain for server certificate
+@@ -1671,6 +1672,9 @@ network_openssl_load_pemfile (server *sr
+ #else
+ pc->must_staple = 0;
+ #endif
++ pc->self_issued =
++ (0 == X509_NAME_cmp(X509_get_subject_name(ssl_pemfile_x509),
++ X509_get_issuer_name(ssl_pemfile_x509)));
+
+ if (!buffer_string_is_empty(pc->ssl_stapling_file)) {
+ #ifndef OPENSSL_NO_OCSP
--- /dev/null
+From c41ebea4bb220c8fe252f472eec836c691734690 Mon Sep 17 00:00:00 2001
+From: Glenn Strauss <gstrauss@gluelogic.com>
+Date: Fri, 2 Apr 2021 01:01:02 -0400
+Subject: [PATCH] [build] fix zstd option in meson (fixes #3076)
+
+(thx KimonHoffmann)
+
+x-ref:
+ "Fix zstd dependency handling in meson build"
+ https://redmine.lighttpd.net/issues/3076
+
+Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
+---
+ src/meson.build | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/meson.build
++++ b/src/meson.build
+@@ -685,7 +685,7 @@ endif
+
+ libzstd = []
+ if get_option('with_zstd')
+- libz = dependency('zstd', required: false)
++ libzstd = dependency('zstd', required: false)
+ if libzstd.found()
+ libzstd = [ libzstd ]
+ else
--- /dev/null
+From 3392e8fb11de35778cad1fb112e6eb5916aa7de0 Mon Sep 17 00:00:00 2001
+From: Glenn Strauss <gstrauss@gluelogic.com>
+Date: Tue, 20 Apr 2021 22:04:56 -0400
+Subject: [PATCH] [core] update ls-hpack
+
+LiteSpeed ls-hpack v2.3.0
+
+Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
+---
+ src/ls-hpack/README.md | 2 +-
+ src/ls-hpack/lshpack.c | 4 +++-
+ src/ls-hpack/lshpack.h | 6 +++---
+ 3 files changed, 7 insertions(+), 5 deletions(-)
+
+--- a/src/ls-hpack/lshpack.c
++++ b/src/ls-hpack/lshpack.c
+@@ -1,7 +1,7 @@
+ /*
+ MIT License
+
+-Copyright (c) 2018 LiteSpeed Technologies Inc
++Copyright (c) 2018 - 2021 LiteSpeed Technologies Inc
+
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+@@ -1549,6 +1549,8 @@ lshpack_dec_push_entry (struct lshpack_d
+ #endif
+ memcpy(DTE_NAME(entry), lsxpack_header_get_name(xhdr), name_len);
+ memcpy(DTE_VALUE(entry), lsxpack_header_get_value(xhdr), val_len);
++
++ hdec_remove_overflow_entries(dec);
+ return 0;
+ }
+
+--- a/src/ls-hpack/lshpack.h
++++ b/src/ls-hpack/lshpack.h
+@@ -1,7 +1,7 @@
+ /*
+ MIT License
+
+-Copyright (c) 2018 - 2020 LiteSpeed Technologies Inc
++Copyright (c) 2018 - 2021 LiteSpeed Technologies Inc
+
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+@@ -34,8 +34,8 @@ extern "C" {
+ #include "lsxpack_header.h"
+
+ #define LSHPACK_MAJOR_VERSION 2
+-#define LSHPACK_MINOR_VERSION 2
+-#define LSHPACK_PATCH_VERSION 1
++#define LSHPACK_MINOR_VERSION 3
++#define LSHPACK_PATCH_VERSION 0
+
+ #define lshpack_strlen_t lsxpack_strlen_t
+ #define LSHPACK_MAX_STRLEN LSXPACK_MAX_STRLEN
--- /dev/null
+From 81d18a8e359685c169cfd30e6a1574b98aedbaeb Mon Sep 17 00:00:00 2001
+From: Glenn Strauss <gstrauss@gluelogic.com>
+Date: Thu, 22 Apr 2021 01:11:47 -0400
+Subject: [PATCH] [core] discard some HTTP/2 DATA after response (fixes #3078)
+
+(thx oldium)
+
+improve handling of HTTP/2 DATA frames received
+a short time after sending response
+
+x-ref:
+ "POST request DATA part for non-existing URI closes HTTP/2 connection prematurely"
+ https://redmine.lighttpd.net/issues/3078
+
+Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
+---
+ src/h2.c | 64 ++++++++++++++++++++++++++++++++++++++++++--------------
+ src/h2.h | 1 +
+ 2 files changed, 49 insertions(+), 16 deletions(-)
+
+--- a/src/h2.c
++++ b/src/h2.c
+@@ -272,10 +272,23 @@ h2_send_rst_stream_id (uint32_t h2id, co
+
+ __attribute_cold__
+ static void
+-h2_send_rst_stream (request_st * const r, connection * const con, const request_h2error_t e)
++h2_send_rst_stream_state (request_st * const r, h2con * const h2c)
+ {
++ if (r->h2state != H2_STATE_HALF_CLOSED_REMOTE
++ && r->h2state != H2_STATE_CLOSED) {
++ /* set timestamp for comparison; not tracking individual stream ids */
++ h2c->half_closed_ts = log_epoch_secs;
++ }
+ r->state = CON_STATE_ERROR;
+ r->h2state = H2_STATE_CLOSED;
++}
++
++
++__attribute_cold__
++static void
++h2_send_rst_stream (request_st * const r, connection * const con, const request_h2error_t e)
++{
++ h2_send_rst_stream_state(r, con->h2);/*(sets r->h2state = H2_STATE_CLOSED)*/
+ h2_send_rst_stream_id(r->h2id, con, e);
+ }
+
+@@ -289,13 +302,10 @@ h2_send_goaway_rst_stream (connection *
+ for (uint32_t i = 0, rused = h2c->rused; i < rused; ++i) {
+ request_st * const r = h2c->r[i];
+ if (r->h2state == H2_STATE_CLOSED) continue;
++ h2_send_rst_stream_state(r, h2c);/*(sets r->h2state = H2_STATE_CLOSED)*/
+ /*(XXX: might consider always sending RST_STREAM)*/
+- if (!sent_goaway) {
+- r->state = CON_STATE_ERROR;
+- r->h2state = H2_STATE_CLOSED;
+- }
+- else /*(also sets r->h2state = H2_STATE_CLOSED)*/
+- h2_send_rst_stream(r, con, H2_E_PROTOCOL_ERROR);
++ if (sent_goaway)
++ h2_send_rst_stream_id(r->h2id, con, H2_E_PROTOCOL_ERROR);
+ }
+ }
+
+@@ -780,14 +790,27 @@ h2_recv_data (connection * const con, co
+ }
+ chunkqueue * const cq = con->read_queue;
+ if (NULL == r) {
+- /* XXX: TODO: might need to keep a list of recently retired streams
+- * for a few seconds so that if we send RST_STREAM, then we ignore
+- * further DATA and do not send connection error, though recv windows
+- * still must be updated. */
+- if (h2c->h2_cid < id || (!h2c->sent_goaway && 0 != alen))
+- h2_send_goaway_e(con, H2_E_PROTOCOL_ERROR);
++ /* simplistic heuristic to discard additional DATA from recently-closed
++ * streams (or half-closed (local)), where recently-closed here is
++ * within 2-3 seconds of any (other) stream being half-closed (local)
++ * or reset before that (other) stream received END_STREAM from peer.
++ * (e.g. clients might fire off POST request followed by DATA,
++ * and a response might be sent before processing DATA frames)
++ * (id <= h2c->h2_cid) already checked above, else H2_E_PROTOCOL_ERROR
++ * If the above conditions do not hold, then send GOAWAY to attempt to
++ * reduce the chance of becoming an infinite data sink for misbehaving
++ * clients, though remaining streams are still handled before the
++ * connection is closed. */
+ chunkqueue_mark_written(cq, 9+len);
+- return 0;
++ if (h2c->half_closed_ts + 2 >= log_epoch_secs) {
++ h2_send_window_update(con, 0, len); /*(h2r->h2_rwin)*/
++ return 1;
++ }
++ else {
++ if (!h2c->sent_goaway && 0 != alen)
++ h2_send_goaway_e(con, H2_E_NO_ERROR);
++ return 0;
++ }
+ }
+
+ if (r->h2state == H2_STATE_CLOSED
+@@ -808,7 +831,7 @@ h2_recv_data (connection * const con, co
+ }
+ }
+ /*(allow h2r->h2_rwin to dip below 0 so that entire frame is processed)*/
+- /*(undeflow will not occur (with reasonable SETTINGS_MAX_FRAME_SIZE used)
++ /*(underflow will not occur (with reasonable SETTINGS_MAX_FRAME_SIZE used)
+ * since windows updated elsewhere and data is streamed to temp files if
+ * not FDEVENT_STREAM_REQUEST_BUFMIN)*/
+ /*r->h2_rwin -= (int32_t)len;*/
+@@ -2347,16 +2370,25 @@ h2_send_end_stream_data (request_st * co
+ } };
+
+ dataframe.u[2] = htonl(r->h2id);
+- r->h2state = H2_STATE_CLOSED;
+ /*(ignore window updates when sending 0-length DATA frame with END_STREAM)*/
+ chunkqueue_append_mem(con->write_queue, /*(+3 to skip over align pad)*/
+ (const char *)dataframe.c+3, sizeof(dataframe)-3);
++
++ if (r->h2state != H2_STATE_HALF_CLOSED_REMOTE) {
++ /* set timestamp for comparison; not tracking individual stream ids */
++ h2con * const h2c = con->h2;
++ h2c->half_closed_ts = log_epoch_secs;
++ /* indicate to peer that no more DATA should be sent from peer */
++ h2_send_rst_stream_id(r->h2id, con, H2_E_NO_ERROR);
++ }
++ r->h2state = H2_STATE_CLOSED;
+ }
+
+
+ void
+ h2_send_end_stream (request_st * const r, connection * const con)
+ {
++ if (r->h2state == H2_STATE_CLOSED) return;
+ if (r->state != CON_STATE_ERROR && r->resp_body_finished) {
+ /* CON_STATE_RESPONSE_END */
+ if (r->gw_dechunk && r->gw_dechunk->done
+--- a/src/h2.h
++++ b/src/h2.h
+@@ -92,6 +92,7 @@ struct h2con {
+ uint32_t s_max_header_list_size; /* SETTINGS_MAX_HEADER_LIST_SIZE */
+ struct lshpack_dec decoder;
+ struct lshpack_enc encoder;
++ time_t half_closed_ts;
+ };
+
+ void h2_send_goaway (connection *con, request_h2error_t e);
echo "bind_address localhost" >> $TCONF
fi
- config_get port "$1" port 1883
- echo "port $port" >> $TCONF
+ append_if "$1" port
append_if "$1" acl_file
append_optional_bool "$1" allow_anonymous
append_optional_bool "$1" allow_duplicate_messages
append_optional_bool "$1" log_timestamp
config_get log_types "$1" log_types
for log_type in $log_types; do
- echo "log_dest $log_type" >> $TCONF
+ echo "log_type $log_type" >> $TCONF
done
append_if "$1" max_inflight_bytes
append_if "$1" max_inflight_messages
include $(TOPDIR)/rules.mk
PKG_NAME:=mwan3
-PKG_VERSION:=2.10.8
+PKG_VERSION:=2.10.9
PKG_RELEASE:=1
PKG_MAINTAINER:=Florian Eckert <fe@dev.tdt.de>, \
Aaron Goodman <aaronjg@alumni.stanford.edu>
mwan3_set_iface_hotplug_state $INTERFACE "$status"
if [ "$MWAN3_STARTUP" != "init" ]; then
mwan3_create_iface_route $INTERFACE $DEVICE
- mwan3_set_general_rules
+ mwan3_set_general_rules
[ "$status" = "online" ] && mwan3_set_policies_iptables
fi
[ "$ACTION" = ifup ] && procd_running mwan3 "track_$INTERFACE" && procd_send_signal mwan3 "track_$INTERFACE" USR2
interface=$1
config_get_bool enabled $interface 'enabled' '0'
[ $enabled -eq 0 ] && return
+ [ -z "$(config_get $interface track_ip)" ] && return
procd_open_instance "track_${1}"
procd_set_param command /usr/sbin/mwan3track $interface
local age=0
local online=0
local offline=0
- local up="0"
- local enabled time_p time_n time_u time_d status track_status
+ local enabled time_p time_n time_u time_d status track_status up uptime
if [ "${iface}" != "${iface_select}" ] && [ "${iface_select}" != "" ]; then
return
online=$(get_online_time "$iface")
offline=$(get_offline_time "$iface")
- local uptime="0"
-
config_get enabled "$iface" enabled 0
- network_get_uptime uptime "$iface"
- network_is_up "$iface" && up="1"
- if [ -f "$MWAN3TRACK_STATUS_DIR/${iface}/STATUS" ]; then
- status="$(cat "$MWAN3TRACK_STATUS_DIR/${iface}/STATUS")"
+ if [ -d "${MWAN3_STATUS_DIR}" ]; then
+ network_get_uptime uptime "$iface"
+ network_is_up "$iface" && up="1"
+ if [ -f "$MWAN3TRACK_STATUS_DIR/${iface}/STATUS" ]; then
+ status="$(cat "$MWAN3TRACK_STATUS_DIR/${iface}/STATUS")"
+ else
+ status="notracking"
+ fi
else
+ uptime=0
+ up=0
status="unknown"
fi
include $(TOPDIR)/rules.mk
PKG_NAME:=net-tools
-PKG_SOURCE_DATE:=2018-11-03
-PKG_SOURCE_VERSION:=0eebece8c964e3cfa8a018f42b2e7e751a7009a0
+PKG_VERSION:=2.10
PKG_RELEASE:=1
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://git.code.sf.net/p/net-tools/code
-PKG_MIRROR_HASH:=9d978b9f8ccae4af623a299155c62d9b3d31213182c785f925bf8704d48a04c9
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_SOURCE_URL:=https://sourceforge.net/projects/net-tools/files/
+PKG_HASH:=b262435a5241e89bfa51c3cabd5133753952f7a7b7b93f32e08cb9d96f580d69
PKG_MAINTAINER:=Stijn Segers <borromini.reg@protonmail.com>
PKG_LICENSE:=GPL-2.0-or-later
include $(TOPDIR)/rules.mk
PKG_NAME:=nextdns
-PKG_VERSION:=1.12.5
+PKG_VERSION:=1.32.1
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
PKG_SOURCE_URL:=https://github.com/nextdns/nextdns.git
-PKG_MIRROR_HASH:=5fd274c7b26e1d9c8fbb20802cd186fa40c35e832fddc8ea8960139f82c21743
+PKG_MIRROR_HASH:=dc8f4f4f8b252f797a3321051dd8a3b7d34031ad09ea221736e99a37e672d324
PKG_MAINTAINER:=Olivier Poitrey <rs@nextdns.io>
PKG_LICENSE:=MIT
include $(TOPDIR)/rules.mk
PKG_NAME:=openssh
-PKG_VERSION:=8.5p1
+PKG_VERSION:=8.6p1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
https://ftp.spline.de/pub/OpenBSD/OpenSSH/portable/
-PKG_HASH:=f52f3f41d429aa9918e38cf200af225ccdd8e66f052da572870c89737646ec25
+PKG_HASH:=c3e6e4da1621762c850d03b47eed1e48dff4cc9608ddeb547202a234df8ed7ae
PKG_LICENSE:=BSD ISC
PKG_LICENSE_FILES:=LICENCE
include $(TOPDIR)/rules.mk
PKG_NAME:=opentracker
-PKG_VERSION:=20180526
-PKG_RELEASE:=1
+PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://erdgeist.org/gitweb/opentracker
-PKG_SOURCE_VERSION:=6411f1567f64248b0d145493c2e61004d2822623
-PKG_MIRROR_HASH:=064ffaa69b188f4db5626d5ec57249d921c32dd244dd00bb49b31ad841e35018
+PKG_SOURCE_DATE:=2021-04-25
+PKG_SOURCE_VERSION:=0178c27662bd70640ee17f4659f1f6c482d465be
+PKG_MIRROR_HASH:=2fefe5704a66fba2bd6e33d88e9c66b800e0b45038d97cd82ff84f0ac94473b1
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
PKG_LICENSE:=Beerware
BINDIR?=$(PREFIX)/bin
-@@ -66,7 +66,7 @@ CFLAGS_debug = $(CFLAGS) $(OPTS_debug) $
+@@ -71,7 +71,7 @@ CFLAGS_debug = $(CFLAGS) $(OPTS_debug) $
$(BINARY): $(OBJECTS) $(HEADERS)
$(CC) -o $@ $(OBJECTS) $(LDFLAGS)
PKG_NAME:=openvpn
-PKG_VERSION:=2.5.1
-PKG_RELEASE:=3
+PKG_VERSION:=2.5.2
+PKG_RELEASE:=1
PKG_SOURCE_URL:=\
https://build.openvpn.net/downloads/releases/ \
https://swupdate.openvpn.net/community/releases/
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_HASH:=40930489c837c05f6153f38e1ebaec244431ef1a034e4846ff732d71d59ff194
+PKG_HASH:=b12743836901f365efaf82ab2493967e1b21c21eb43ce9a8da1002a17c9c1dc8
PKG_MAINTAINER:=Magnus Kroken <mkroken@gmail.com>
--- a/src/openvpn/ssl_mbedtls.c
+++ b/src/openvpn/ssl_mbedtls.c
-@@ -1520,7 +1520,7 @@ const char *
+@@ -1535,7 +1535,7 @@ const char *
get_ssl_library_version(void)
{
static char mbedtls_version[30];
--- /dev/null
+From e4bd17c86e01aaf6f809d9ea355419c86c4defdc Mon Sep 17 00:00:00 2001
+From: Max Fillinger <maximilian.fillinger@foxcrypto.com>
+Date: Mon, 12 Apr 2021 19:46:17 +0200
+Subject: [PATCH] Fix build with mbedtls w/o SSL renegotiation support
+
+In mbedtls, support for SSL renegotiation can be disabled at
+compile-time. However, OpenVPN cannot be built with such a library
+because it calls mbedtls_ssl_conf_renegotiation() to disable this
+feature at runtime. This function doesn't exist when mbedtls was built
+without support for SSL renegotiation.
+
+This commit fixes the build by ifdef'ing out the function call when
+mbedtls was built without support for SSL renegotiation.
+
+Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
+Acked-by: Antonio Quartulli <antonio@openvpn.net>
+Message-Id: <E1lW0eX-00012w-9n@sfs-ml-1.v29.lw.sourceforge.com>
+URL: https://www.mail-archive.com/search?l=mid&q=E1lW0eX-00012w-9n@sfs-ml-1.v29.lw.sourceforge.com
+Signed-off-by: Gert Doering <gert@greenie.muc.de>
+---
+ src/openvpn/ssl_mbedtls.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+--- a/src/openvpn/ssl_mbedtls.c
++++ b/src/openvpn/ssl_mbedtls.c
+@@ -1098,10 +1098,13 @@ key_state_ssl_init(struct key_state_ssl
+ {
+ mbedtls_ssl_conf_curves(ks_ssl->ssl_config, ssl_ctx->groups);
+ }
+- /* Disable TLS renegotiations. OpenVPN's renegotiation creates new SSL
+- * session and does not depend on this feature. And TLS renegotiations have
+- * been problematic in the past */
++
++ /* Disable TLS renegotiations if the mbedtls library supports that feature.
++ * OpenVPN's renegotiation creates new SSL sessions and does not depend on
++ * this feature and TLS renegotiations have been problematic in the past. */
++#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ mbedtls_ssl_conf_renegotiation(ks_ssl->ssl_config, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
++#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+ /* Disable record splitting (for now). OpenVPN assumes records are sent
+ * unfragmented, and changing that will require thorough review and
--- /dev/null
+#!/bin/sh
+
+case "$1" in
+ "openvpn-mbedtls")
+ openvpn --version | grep "$2.*SSL (mbed TLS)"
+ ;;
+ "openvpn-openssl")
+ openvpn --version | grep "$2.*SSL (OpenSSL)"
+ ;;
+esac
include $(TOPDIR)/rules.mk
PKG_NAME:=samba
-PKG_VERSION:=4.13.4
+PKG_VERSION:=4.13.8
PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
http://www.nic.funet.fi/index/samba/pub/samba/stable/ \
http://samba.mirror.bit.nl/samba/ftp/stable/ \
https://download.samba.org/pub/samba/stable/
-PKG_HASH:=a1b34c63f7100cc8626902d80f335c7cb0b45d4707dd3c4b010f7a28ed615c78
+PKG_HASH:=3347c0c62cc5b1df1fc92d802282e809c354bfb4941a33c91a7fda3795efbf7f
PKG_MAINTAINER:=Andy Walsh <andy.walsh44+github@gmail.com>
PKG_LICENSE:=GPL-3.0-only
fi
fi
- # always enable io_uring if we can
- if [ "$DISABLE_ASYNC_IO" -ne 1 ] && [ -e /usr/lib/samba/vfs/io_uring.so ] && grep "io_uring_setup" /proc/kallsyms >>2 ; then
- logger -p daemon.info -t 'samba4-server' "io_uring support found in kernel, enabling VFS io_uring."
+ # always enable io_uring if we can ("should" fail silently via samba module load if no kernel support)
+ if [ "$DISABLE_ASYNC_IO" -ne 1 ] && [ -e /usr/lib/samba/vfs/io_uring.so ] ; then
+ logger -p daemon.info -t 'samba4-server' "io_uring module found, enabling VFS io_uring. (also needs Kernel 5.4+ Support)"
# make sure its last in list
if [ -n "$vfs_objects" ]; then
vfs_objects="$vfs_objects io_uring"
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=samplicator
+PKG_VERSION:=1.3.6
+PKG_RELEASE:=$(AUTORELEASE)
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://github.com/sleinen/samplicator/releases/download/v$(PKG_VERSION)
+PKG_HASH:=3c4358b4b0992a77251f2b9e2221d4ae945781160732c73504eb126e69d72d40
+
+PKG_MAINTAINER:=Nick Hainke <vincent@systemli.org>
+PKG_LICENSE:=GPL-2.0-only
+PKG_LICENSE_FILES:=COPYING
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/samplicator
+ SECTION:=net
+ CATEGORY:=Network
+ TITLE:=UDP Samplicator
+ URL:=https://github.com/sleinen/samplicator
+endef
+
+define Package/samplicator/description
+ Send copies of (UDP) datagrams to multiple receivers,
+ with optional sampling and spoofing.
+endef
+
+define Package/samplicator/conffiles
+/etc/samplicator.conf
+endef
+
+define Package/samplicator/install
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/samplicate $(1)/usr/sbin/
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/samplicator.init $(1)/etc/init.d/samplicator
+ $(INSTALL_DIR) $(1)/etc
+ $(INSTALL_DATA) ./files/samplicator.conf $(1)/etc/
+endef
+
+$(eval $(call BuildPackage,samplicator))
--- /dev/null
+# Samplicator Config File
+#
+# Format:
+# a.b.c.d[/e.f.g.h]: destination
+# a.b.c.d is the sender's IP address
+# e.f.g.h is a mask to apply to the sender (default 255.255.255.255)
+#
+# Destination Format:
+# <addr>[/<port>[/<interval>[,ttl]]]
+# <addr> IP address of the receiver
+# <port> port UDP number of the receiver (default 2000)
+# <freq> number of received datagrams between successive
+# copied datagrams for this receiver.
+# <ttl> The TTL (IPv4) or hop-limit (IPv6) for
+# outgoing datagrams.
+#
+# Example:
+# 10.0.0.1/255.255.255.0: 10.0.0.42/1025
--- /dev/null
+#!/bin/sh /etc/rc.common
+
+USE_PROCD=1
+START=70
+
+SAMPLICATOR_BIN="/usr/sbin/samplicate"
+SAMPLICATOR_CONF="/etc/samplicator.conf"
+
+start_service() {
+ mkdir -p /var/run
+ procd_open_instance
+ procd_set_param command $SAMPLICATOR_BIN -c $SAMPLICATOR_CONF
+ procd_set_param file "$SAMPLICATOR_CONF"
+ procd_set_param stdout 1
+ procd_set_param stderr 1
+ procd_set_param respawn
+ procd_close_instance
+}
config SQUID_enable-ssl-crtd
bool "Enable dynamic SSL certificate generation "
depends on !SQUID_use-gnutls
- default n
+ default y
config SQUID_auth-basic
bool "Enable the Basic authentication scheme"
include $(TOPDIR)/rules.mk
PKG_NAME:=stunnel
-PKG_VERSION:=5.58
+PKG_VERSION:=5.59
PKG_RELEASE:=1
PKG_LICENSE:=GPL-2.0-or-later
https://www.usenix.org.uk/mirrors/stunnel/archive/$(word 1, $(subst .,$(space),$(PKG_VERSION))).x/
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=d4c14cc096577edca3f6a2a59c2f51869e35350b3988018ddf808c88e5973b79
+PKG_HASH:=137776df6be8f1701f1cd590b7779932e123479fb91e5192171c16798815ce9f
PKG_FIXUP:=autoreconf
PKG_FIXUP:=patch-libtool
--- /dev/null
+#
+# Copyright (C) 2021 CZ.NIC, z. s. p. o. (https://www.nic.cz/)
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=tailscale
+PKG_VERSION:=1.6.0
+PKG_RELEASE:=1
+
+PKG_SOURCE:=tailscale-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/tailscale/tailscale/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=4591c6f6d3d1f9d5aecaa63dd580c389067edeb7287cd587b108ea6a0aa811e7
+
+PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec@nic.cz>
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/tailscale-$(PKG_VERSION)
+PKG_BUILD_DEPENDS:=golang/host
+PKG_BUILD_PARALLEL:=1
+PKG_USE_MIPS16:=0
+
+GO_PKG:=\
+ tailscale.com/cmd/tailscale \
+ tailscale.com/cmd/tailscaled
+
+include $(INCLUDE_DIR)/package.mk
+include ../../lang/golang/golang-package.mk
+
+define Package/tailscale/Default
+ SECTION:=net
+ CATEGORY:=Network
+ SUBMENU:=VPN
+ TITLE:=Zero config VPN
+ URL:=https://tailscale.com
+ DEPENDS:=$(GO_ARCH_DEPENDS)
+endef
+
+define Package/tailscaled
+ $(call Package/tailscale/Default)
+ TITLE+= (daemon)
+ DEPENDS+= +ca-bundle +kmod-tun
+endef
+
+define Package/tailscale
+ $(call Package/tailscale/Default)
+ TITLE+= (utility)
+ DEPENDS+= +tailscaled
+endef
+
+define Package/tailscale/description
+ It creates a secure network between your servers, computers,
+ and cloud instances. Even when separated by firewalls or subnets.
+endef
+
+Package/tailscaled/description:=$(Package/tailscale/description)
+
+define Package/tailscale/install
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(GO_PKG_BUILD_BIN_DIR)/tailscale $(1)/usr/sbin
+endef
+
+define Package/tailscaled/install
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(GO_PKG_BUILD_BIN_DIR)/tailscaled $(1)/usr/sbin
+ $(INSTALL_DIR) $(1)/etc/init.d/
+ $(INSTALL_BIN) ./files//tailscale.init $(1)/etc/init.d/tailscale
+ $(INSTALL_DIR) $(1)/etc/config/
+ $(INSTALL_DATA) ./files//tailscale.conf $(1)/etc/config/tailscale
+endef
+
+$(eval $(call BuildPackage,tailscale))
+$(eval $(call BuildPackage,tailscaled))
--- /dev/null
+config settings 'settings'
+ option log_stderr '1'
+ option log_stdout '1'
+ option port '41641'
+ option state_file '/etc/tailscale/tailscaled.state'
--- /dev/null
+#!/bin/sh /etc/rc.common
+
+# Copyright 2020 Google LLC.
+# Copyright (C) 2021 CZ.NIC z.s.p.o. (https://www.nic.cz/)
+# SPDX-License-Identifier: Apache-2.0
+
+USE_PROCD=1
+START=80
+
+start_service() {
+ local state_file
+ local port
+ local std_err std_out
+
+ config_load tailscale
+ config_get_bool std_out "settings" log_stdout 1
+ config_get_bool std_err "settings" log_stderr 1
+ config_get port "settings" port 41641
+ config_get state_file "settings" state_file /etc/tailscale/tailscaled.state
+
+ /usr/sbin/tailscaled --cleanup
+
+ procd_open_instance
+ procd_set_param command /usr/sbin/tailscaled
+
+ # Set the port to listen on for incoming VPN packets.
+ # Remote nodes will automatically be informed about the new port number,
+ # but you might want to configure this in order to set external firewall
+ # settings.
+ procd_append_param command --port "$port"
+ procd_append_param command --state "$state_file"
+
+ procd_set_param respawn
+ procd_set_param stdout "$std_out"
+ procd_set_param stderr "$std_err"
+
+ procd_close_instance
+}
+
+stop_service() {
+ /usr/sbin/tailscaled --cleanup
+}
include $(TOPDIR)/rules.mk
PKG_NAME:=tcpreplay
-PKG_VERSION:=4.3.3
-PKG_RELEASE:=3
+PKG_VERSION:=4.3.4
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/appneta/tcpreplay/releases/download/v$(PKG_VERSION)
-PKG_HASH:=5e960e2a4432f583adbd11fa0855d17b73d9e0f2d6453b749f27aacaee53bab5
+PKG_HASH:=42c055106e55852c29d94bb6e1b9e001a0723349f2985eb893a47d384c85002b
PKG_LICENSE:=GPL-3.0
PKG_LICENSE_FILES:=docs/LICENSE
export NO_TIMESTAMP=1
UHTTPD_LISTEN_HTTP=
-STATE_DIR='/etc/acme'
+PRODUCTION_STATE_DIR='/etc/acme'
STAGING_STATE_DIR='/etc/acme/staging'
ACCOUNT_EMAIL=
local staging=
local HOOK=
+ # reload uci values, as the value of use_staging may have changed
+ config_load acme
config_get_bool enabled "$section" enabled 0
config_get_bool use_staging "$section" use_staging
config_get_bool update_uhttpd "$section" update_uhttpd
elif [ "$APP" = "acme" ]; then
[ "$DEBUG" -eq "1" ] && acme_args="$acme_args --debug"
fi
- [ "$use_staging" -eq "1" ] && STATE_DIR="$STAGING_STATE_DIR" && staging="--staging"
+ if [ "$use_staging" -eq "1" ]; then
+ STATE_DIR="$STAGING_STATE_DIR";
+ staging="--staging";
+ else
+ STATE_DIR="$PRODUCTION_STATE_DIR";
+ staging="";
+ fi
set -- $domains
main_domain=$1
local section="$1"
local use_staging
local retries
+ local use_auto_staging
local infinite_retries
config_get_bool use_staging "$section" use_staging
+ config_get_bool use_auto_staging "$section" use_auto_staging
+ config_get_bool enabled "$section" enabled
config_get retries "$section" retries
[ -z "$retries" ] && retries=1
+ [ -z "$use_auto_staging" ] && use_auto_staging=0
[ "$retries" -eq "0" ] && infinite_retries=1
+ [ "$enabled" -eq "1" ] || return 0
while true; do
issue_cert "$1"; ret=$?
# An error occurred while retrieving the certificate.
retries="$((retries-1))"
+ if [ "$use_auto_staging" -eq "1" ] && [ "$use_staging" -eq "0" ]; then
+ log "Production certificate could not be obtained. Switching to staging server."
+ use_staging=1
+ uci set "acme.$1.use_staging=1"
+ uci commit acme
+ fi
+
if [ -z "$infinite_retries" ] && [ "$retries" -lt "1" ]; then
log "An error occurred while retrieving the certificate. Retries exceeded."
return "$ret"
sleep "$sleeptime"
continue
else
- return "$ret";
+ if [ "$use_auto_staging" -eq "1" ]; then
+ if [ "$use_staging" -eq "0" ]; then
+ log "Production certificate obtained. Exiting."
+ else
+ log "Staging certificate obtained. Continuing with production server."
+ use_staging=0
+ uci set "acme.$1.use_staging=0"
+ uci commit acme
+ continue
+ fi
+ fi
+
+ return "$ret"
fi
done
}
{
local section="$1"
- STATE_DIR=$(config_get "$section" state_dir)
- STAGING_STATE_DIR=$STATE_DIR/staging
+ PRODUCTION_STATE_DIR=$(config_get "$section" state_dir)
+ STAGING_STATE_DIR=$PRODUCTION_STATE_DIR/staging
ACCOUNT_EMAIL=$(config_get "$section" account_email)
DEBUG=$(config_get "$section" debug)
}
config_load acme
config_foreach load_vars acme
-if [ -z "$STATE_DIR" ] || [ -z "$ACCOUNT_EMAIL" ]; then
+if [ -z "$PRODUCTION_STATE_DIR" ] || [ -z "$ACCOUNT_EMAIL" ]; then
err "state_dir and account_email must be set"
exit 1
fi
-[ -d "$STATE_DIR" ] || mkdir -p "$STATE_DIR"
+[ -d "$PRODUCTION_STATE_DIR" ] || mkdir -p "$PRODUCTION_STATE_DIR"
[ -d "$STAGING_STATE_DIR" ] || mkdir -p "$STAGING_STATE_DIR"
trap err_out HUP TERM
fi
;;
- htpps-dns-proxy)
+ htpps-dns-proxy | https-dns-proxy)
if [ -x /usr/sbin/https-dns-proxy ] \
&& [ -x /etc/init.d/https-dns-proxy ] ; then
if /etc/init.d/https-dns-proxy ; then
define Package/xray-core
$(call Package/xray/template)
DEPENDS:=$(GO_ARCH_DEPENDS) +ca-bundle
- PROVIDES:=v2ray-core
endef
define Package/xray-example
endef
define Package/xray/description
- Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.
+ Xray, Penetrates Everything. It helps you to build your own computer network.
It secures your network connections and thus protects your privacy.
endef
$(call GoPackage/Package/Install/Bin,$(PKG_INSTALL_DIR))
$(INSTALL_DIR) $(1)/usr/bin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/main $(1)/usr/bin/xray
- $(LN) xray $(1)/usr/bin/v2ray
$(INSTALL_DIR) $(1)/etc/xray/
- $(INSTALL_CONF) $(CURDIR)/files/config.json.example $(1)/etc/xray/
+ $(INSTALL_DATA) $(CURDIR)/files/config.json.example $(1)/etc/xray/
$(INSTALL_DIR) $(1)/etc/config/
$(INSTALL_CONF) $(CURDIR)/files/xray.conf $(1)/etc/config/xray
define Package/xray-example/install
$(INSTALL_DIR) $(1)/etc/xray/
- $(INSTALL_CONF) $(CURDIR)/files/vpoint_socks_vmess.json $(1)/etc/xray/
- $(INSTALL_CONF) $(CURDIR)/files/vpoint_vmess_freedom.json $(1)/etc/xray/
+ $(INSTALL_DATA) $(CURDIR)/files/vpoint_socks_vmess.json $(1)/etc/xray/
+ $(INSTALL_DATA) $(CURDIR)/files/vpoint_vmess_freedom.json $(1)/etc/xray/
endef
define Package/xray-geodata/install
// Config file of Xray. This file follows standard JSON format, with comments support.
// Uncomment entries below to satisfy your needs. Also read our manual for more detail at
-// https://www.v2fly.org/en_US/config/overview.html and https://xray.sh/en/config/
+// https://xtls.github.io/en/config/
{
"log": {
// By default, Xray writes access log to stdout.
include $(TOPDIR)/rules.mk
PKG_NAME:=zerotier
-PKG_VERSION:=1.6.4
+PKG_VERSION:=1.6.5
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/zerotier/ZeroTierOne/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=0f45a4050cdfea1018634c88b6c302cbbfcc3f7f93cb94bed840a15e3ffa55ba
+PKG_HASH:=a437ec9e8a4987ed48c0e5af3895a057dcc0307ab38af90dd7729a131097f222
PKG_BUILD_DIR:=$(BUILD_DIR)/ZeroTierOne-$(PKG_VERSION)
PKG_MAINTAINER:=Moritz Warning <moritzwarning@web.de>
--- a/make-linux.mk
+++ b/make-linux.mk
-@@ -73,11 +73,11 @@ ifeq ($(ZT_DEBUG),1)
+@@ -69,11 +69,11 @@ ifeq ($(ZT_DEBUG),1)
# C25519 in particular is almost UNUSABLE in -O0 even on a 3ghz box!
node/Salsa20.o node/SHA512.o node/C25519.o node/Poly1305.o: CXXFLAGS=-Wall -O2 -g -pthread $(INCLUDES) $(DEFS)
else
--- a/make-linux.mk
+++ b/make-linux.mk
-@@ -276,7 +276,7 @@ ifeq ($(ZT_CONTROLLER),1)
+@@ -272,7 +272,7 @@ ifeq ($(ZT_CONTROLLER),1)
endif
# ARM32 hell -- use conservative CFLAGS
--- a/make-linux.mk
+++ b/make-linux.mk
-@@ -77,7 +77,7 @@ else
+@@ -73,7 +73,7 @@ else
override CFLAGS+=-Wall -Wno-deprecated -pthread $(INCLUDES) -DNDEBUG $(DEFS)
CXXFLAGS?=-O3 -fstack-protector
override CXXFLAGS+=-Wall -Wno-deprecated -std=c++11 -pthread $(INCLUDES) -DNDEBUG $(DEFS)
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# SPDX-License-Identifier: GPL-2.0
include $(TOPDIR)/rules.mk
PKG_NAME:=attendedsysupgrade-common
-PKG_VERSION:=0.2
-PKG_RELEASE:=1
+PKG_VERSION:=$(COMMITCOUNT)
PKG_LICENSE:=GPL-2.0
include $(INCLUDE_DIR)/package.mk
SECTION:=utils
CATEGORY:=Base system
TITLE:=Common files neede by attendedsysupgrade packages
- MAINTAINER:=Paul Spooren <paul@spooren.de>
+ MAINTAINER:=Paul Spooren <mail@aparcar.org>
DEPENDS:=+rpcd +rpcd-mod-rpcsys
PKGARCH:=all
endef
UCI options:
- attendedsysupgrade.server.url
- URL of compatible upgrade server [1]
+ * attendedsysupgrade.server.url
+ URL of compatible upgrade server [1]
- attendedsysupgrade.client.upgrade_packages
- Client should request image also if no new release but new packages upgrade are available.
+ * attendedsysupgrade.client.upgrade_packages
+ Client should request image also if no new release but new packages
+ upgrade are available.
- attendedsysupgrade.client.advanced_mode
- Offer advanced options like editing packages before request and show additional information.
+ * attendedsysupgrade.client.advanced_mode
+ Offer advanced options like editing packages before request and show
+ additional information.
- attendedsysupgrade.client.auto_search
- Tells the client to automattically search for upgrades
- This can be done when opening luci or login in to console - depends on client.
+ * attendedsysupgrade.client.auto_search
+ Tells the client to automattically search for upgrades
- [1]: https://github.com/aparcar/gsoc17-attended-sysupgrade
+ [1]: https://github.com/aparcar/asu
endef
define Build/Compile
$(INSTALL_BIN) ./files/attendedsysupgrade.defaults $(1)/etc/uci-defaults/attendedsysupgrade
$(INSTALL_DIR) $(1)/etc/opkg/keys/
- $(INSTALL_BIN) ./files/c06d891233ba699 $(1)/etc/opkg/keys/c06d891233ba699
+ $(INSTALL_BIN) ./files/86241a707a30cb7f $(1)/etc/opkg/keys/86241a707a30cb7f
endef
$(eval $(call BuildPackage,attendedsysupgrade-common))
--- /dev/null
+untrusted comment: ASU CA pubkey
+RWSGJBpwejDLf4OApA5SOavh0GBlBFY9FhqxnivUQHpi0/t0QRI98LPW
+++ /dev/null
-untrusted comment: public key c06d891233ba699
-RWQMBtiRIzummeTc81jtKdJ3XwnaZGtHLRwjls0ovGsKoTnTmS7fj4Na
-cmake_minimum_required(VERSION 2.6)
+cmake_minimum_required(VERSION 2.6...3.12)
PROJECT(auc C)
ADD_DEFINITIONS(-Os -ggdb -Wall --std=gnu99 -Wmissing-declarations)
#define AUC_VERSION "unknown"
#endif
+#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
#include <dlfcn.h>
return 0;
}
+/*
+ * libdpkg - Debian packaging suite library routines
+ * vercmp.c - comparison of version numbers
+ *
+ * Copyright (C) 1995 Ian Jackson <iwj10@cus.cam.ac.uk>
+ */
+
+/* assume ascii; warning: evaluates x multiple times! */
+#define order(x) ((x) == '~' ? -1 \
+ : isdigit((x)) ? 0 \
+ : !(x) ? 0 \
+ : isalpha((x)) ? (x) \
+ : (x) + 256)
+
+static int verrevcmp(const char *val, const char *ref)
+{
+ if (!val)
+ val = "";
+ if (!ref)
+ ref = "";
+
+ while (*val || *ref) {
+ int first_diff = 0;
+
+ while ((*val && !isdigit(*val)) || (*ref && !isdigit(*ref))) {
+ int vc = order(*val), rc = order(*ref);
+ if (vc != rc)
+ return vc - rc;
+ val++;
+ ref++;
+ }
+
+ while (*val == '0')
+ val++;
+ while (*ref == '0')
+ ref++;
+ while (isdigit(*val) && isdigit(*ref)) {
+ if (!first_diff)
+ first_diff = *val - *ref;
+ val++;
+ ref++;
+ }
+ if (isdigit(*val))
+ return 1;
+ if (isdigit(*ref))
+ return -1;
+ if (first_diff)
+ return first_diff;
+ }
+ return 0;
+}
+
/**
* UBUS response callbacks
continue;
}
- cmpres = strcmp(blobmsg_get_string(cur), pkg->version);
+ cmpres = verrevcmp(blobmsg_get_string(cur), pkg->version);
if (cmpres < 0)
*status |= PKG_UPGRADE;
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=cni-plugins-nft
+PKG_VERSION:=1.0.5
+PKG_RELEASE:=$(AUTORELEASE)
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://github.com/greenpau/cni-plugins/archive/v$(PKG_VERSION)
+PKG_HASH:=c8cbdfe43c144cf0df834555698312e8fd3daf6f2c5ac35e7959b90b91b154ad
+
+PKG_MAINTAINER:=Oskari Rauta <oskari.rauta@gmail.com>
+PKG_LICENSE:=Apache-2.0
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_BUILD_DEPENDS:=golang/host
+PKG_BUILD_PARALLEL:=1
+PKG_USE_MIPS16:=0
+
+GO_PKG:=github.com/greenpau/cni-plugins/
+GO_PKG_BUILD_PKG:=github.com/greenpau/cni-plugins/cmd/cni-nftables-portmap \
+ github.com/greenpau/cni-plugins/cmd/cni-nftables-firewall
+
+include $(INCLUDE_DIR)/package.mk
+include ../../lang/golang/golang-package.mk
+
+PKG_UNPACK:=$(HOST_TAR) -C "$(PKG_BUILD_DIR)" --strip-components=1 -xzf "$(DL_DIR)/$(PKG_SOURCE)"
+
+define Package/cni-plugins-nft
+ SECTION:=utils
+ CATEGORY:=Utilities
+ TITLE:=CNI Plugins compatible with nftables
+ URL:=https://github.com/greenpau/cni-plugins/
+ DEPENDS:=$(GO_ARCH_DEPENDS) +nftables
+endef
+
+define Package/cni-plugins-nft/description
+ CNI Plugins maintained by the CNI team do not support nftables, except when used with systemd.
+ These plugins do.
+ - cni-nftables-portmap
+ - cni-nftables-firewall
+endef
+
+define Package/cni-plugins-nft/install
+ $(call GoPackage/Package/Install/Bin,$(PKG_INSTALL_DIR))
+ $(INSTALL_DIR) $(1)/usr/lib/cni
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/* $(1)/usr/lib/cni
+endef
+
+$(eval $(call GoBinPackage,cni-plugins-nft))
+$(eval $(call BuildPackage,cni-plugins-nft))
include $(TOPDIR)/rules.mk
PKG_NAME:=containerd
-PKG_VERSION:=1.4.3
-PKG_RELEASE:=4
+PKG_VERSION:=1.4.4
+PKG_RELEASE:=1
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/containerd/containerd/tar.gz/v${PKG_VERSION}?
-PKG_HASH:=bc6d9452c700af0ebc09c0da8ddba55be4c03ac8928e72ca92d98905800c8018
-PKG_SOURCE_VERSION:=269548fa27e0089a8b8278fc4fc781d7f65a939b
+PKG_HASH:=ac62c64664bf62fd44df0891c896eecdb6d93def3438271d7892dca75bc069d1
+PKG_SOURCE_VERSION:=05f951a3781f4f2c1911b05e61c160e9c30eaa8e
PKG_MAINTAINER:=Gerard Ryan <G.M0N3Y.2503@gmail.com>
include $(TOPDIR)/rules.mk
PKG_NAME:=coremark
-PKG_SOURCE_DATE:=2020-12-17
-PKG_SOURCE_VERSION:=5e0f662ce709f1af8d272bd8d3960034603d3850
+PKG_SOURCE_DATE:=2021-03-12
+PKG_SOURCE_VERSION:=1541482bf3e6ef7f5c69f5be76b14537b60833d0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_DATE).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/eembc/coremark/tar.gz/$(PKG_SOURCE_VERSION)?
-PKG_HASH:=fb0a2ee2113322eb976fa521d0ac033a997e0097185c2c2325d84ca94a7f5a6d
+PKG_HASH:=ad32cb10ba491f5c897f1022e97bca691cc88fdbb02ded48a0766c10344abc4f
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_SOURCE_VERSION)
PKG_MAINTAINER:=Lim Guo Wei <limguowei@gmail.com>
Embedded Microprocessor Benchmark
endef
-DIR_ARCH:=linux$(if $(CONFIG_ARCH_64BIT),64)
-
define Package/coremark/config
config COREMARK_OPTIMIZE_O3
bool "Use all optimizations (-O3)"
endif
define Build/Compile
- $(SED) 's|EXE = .exe|EXE =|' $(PKG_BUILD_DIR)/$(DIR_ARCH)/core_portme.mak
+ $(SED) 's|EXE = .exe|EXE =|' $(PKG_BUILD_DIR)/posix/core_portme.mak
mkdir $(PKG_BUILD_DIR)/$(ARCH)
- $(CP) -r $(PKG_BUILD_DIR)/$(DIR_ARCH)/* $(PKG_BUILD_DIR)/$(ARCH)
+ $(CP) -r $(PKG_BUILD_DIR)/linux/* $(PKG_BUILD_DIR)/$(ARCH)
$(MAKE) -C $(PKG_BUILD_DIR) PORT_DIR=$(ARCH) $(MAKE_FLAGS) \
PORT_CFLAGS="$(TARGET_CFLAGS)" XCFLAGS="$(EXTRA_CFLAGS)" compile
endef
endef
CMAKE_OPTIONS += \
+ -DDBUS_SYSTEM_SOCKET=/var/run/dbus/system_bus_socket \
+ -DDBUS_SESSION_SOCKET_DIR=/tmp \
+ -DDBUS_SYSTEM_PID_FILE=/var/run/dbus.pid \
-DDBUS_BUILD_TESTS=OFF \
-DDBUS_LINUX=ON \
-DDBUS_DISABLE_ASSERT=ON \
-DDBUS_ENABLE_VERBOSE_MODE=OFF \
-DDBUS_DISABLE_CHECKS=ON \
-DDBUS_BUILD_X11=OFF \
+ -DDBUS_ENABLE_DOXYGEN_DOCS=OFF \
+ -DENABLE_QT_HELP=OFF
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
--- /dev/null
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -510,11 +510,11 @@ if(WIN32)
+ else(WIN32)
+ set(DBUS_SESSION_BUS_LISTEN_ADDRESS "unix:tmpdir=${DBUS_SESSION_SOCKET_DIR}" CACHE STRING "session bus default listening address")
+ set(DBUS_SESSION_BUS_CONNECT_ADDRESS "autolaunch:" CACHE STRING "session bus fallback address for clients")
+- set(sysconfdir "")
++ set(sysconfdir "/usr/share")
+ set(configdir ${sysconfdir}/dbus-1 )
+ set(DBUS_SYSTEM_CONFIG_FILE ${configdir}/system.conf)
+ set(DBUS_SESSION_CONFIG_FILE ${configdir}/session.conf)
+- set(DBUS_USER "messagebus")
++ set(DBUS_USER "root")
+ set(DBUS_TEST_USER "nobody")
+ # For best security, assume that all non-Windows platforms can do
+ # credentials-passing.
include $(TOPDIR)/rules.mk
PKG_NAME:=docker
-PKG_VERSION:=20.10.5
+PKG_VERSION:=20.10.6
PKG_RELEASE:=1
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_GIT_URL:=github.com/docker/cli
PKG_GIT_REF:=v$(PKG_VERSION)
PKG_SOURCE_URL:=https://codeload.$(PKG_GIT_URL)/tar.gz/$(PKG_GIT_REF)?
-PKG_HASH:=4ba845f8c7e2e0a2ca1ec6589847159ca8d0d37b609f0e6f78def7a893b9b342
-PKG_GIT_SHORT_COMMIT:=55c4c88 # SHA1 used within the docker executables
+PKG_HASH:=eda53b96ab83a59502df2e5e00ab7ee867243259407ef454be55e695303c1113
+PKG_GIT_SHORT_COMMIT:=370c289 # SHA1 used within the docker executables
PKG_MAINTAINER:=Gerard Ryan <G.M0N3Y.2503@gmail.com>
include $(TOPDIR)/rules.mk
PKG_NAME:=dockerd
-PKG_VERSION:=20.10.5
+PKG_VERSION:=20.10.6
PKG_RELEASE:=1
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_GIT_URL:=github.com/moby/moby
PKG_GIT_REF:=v$(PKG_VERSION)
PKG_SOURCE_URL:=https://codeload.$(PKG_GIT_URL)/tar.gz/$(PKG_GIT_REF)?
-PKG_HASH:=bcf651d75e5c80421e8cd3b0d47f3425e01047cf67aef0eda83b68776905a583
-PKG_GIT_SHORT_COMMIT:=363e9a8 # SHA1 used within the docker executables
+PKG_HASH:=fd7f5571b1f64f26b5ca520a3e1fefb33c190f3732b931051c23a76bdba5000e
+PKG_GIT_SHORT_COMMIT:=8728dd2 # SHA1 used within the docker executables
PKG_MAINTAINER:=Gerard Ryan <G.M0N3Y.2503@gmail.com>
include $(TOPDIR)/rules.mk
PKG_NAME:=exfatprogs
-PKG_VERSION:=1.1.0
+PKG_VERSION:=1.1.1
PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/$(PKG_NAME)/$(PKG_NAME)/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=88c12a2f9cbe4f12129f3b7fa2cd42f24dbed3f579e61bac2ca699ca79fad4e0
+PKG_HASH:=7984d93731066841a93fb3b7397083bffb5a52c5e44165b5caf449954ee984ae
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
PKG_LICENSE:=GPL-2.0-only
--- /dev/null
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=gummiboot
+PKG_VERSION:=45
+PKG_RELEASE:=$(AUTORELEASE)
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/rzr/gummiboot.git
+PKG_SOURCE_DATE:=2021-04-11
+PKG_SOURCE_VERSION:=eb3daf2ca4cb1657cf1f780957485d690a552bf6
+PKG_MIRROR_HASH:=4c57791693b57bbe36e85b49d70310728b8008c4c545006a71c5a5f71b8df501
+
+PKG_LICENSE:=LGPL-2.1-or-later
+PKG_LICENSE_FILES:=LICENSE
+PKG_BUILD_DEPENDS:=gnu-efi
+PKG_BUILD_PARALLEL:=1
+PKG_FIXUP:=autoreconf
+PKG_INSTALL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/gummiboot
+ SECTION:=boot
+ CATEGORY:=Boot Loaders
+ TITLE:=Simple UEFI boot manager
+ DEPENDS:=@TARGET_X86_64 +libblkid
+ URL:=https://github.com/rzr/gummiboot
+endef
+
+define Package/gummiboot/description
+ gummiboot Simple UEFI boot manager
+
+ gummiboot executes EFI images. The default entry is selected by a configured
+ pattern (glob) or an on-screen menu.
+endef
+
+CONFIGURE_ARGS += \
+ --with-efi-libdir=$(STAGING_DIR)/usr/lib \
+ --with-efi-ldsdir=$(STAGING_DIR)/usr/lib \
+ --with-efi-includedir=$(STAGING_DIR)/usr/include
+
+define Build/Compile
+ +$(MAKE_VARS) EFI_CFLAGS="-I$(TOOLCHAIN_DIR)/include $(TARGET_CFLAGS)" \
+ $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/$(MAKE_PATH) \
+ $(MAKE_FLAGS) \
+ $(1);
+endef
+
+define Build/Install
+ $(MAKE_VARS) EFI_CFLAGS="-I$(TOOLCHAIN_DIR)/include $(TARGET_CFLAGS)" \
+ $(MAKE) -C $(PKG_BUILD_DIR)/$(MAKE_PATH) \
+ $(MAKE_INSTALL_FLAGS) install
+endef
+
+define Package/gummiboot/install
+ $(INSTALL_DIR) $(1)/usr/sbin $(1)/usr/lib/gummiboot
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/gummiboot/gummibootx64.efi $(1)/usr/lib/gummiboot/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/gummiboot $(1)/usr/sbin/
+endef
+
+$(eval $(call BuildPackage,gummiboot))
--- /dev/null
+--- a/src/setup/setup.c
++++ b/src/setup/setup.c
+@@ -37,6 +37,7 @@
+ #include <ftw.h>
+ #include <stdbool.h>
+ #include <blkid.h>
++#include <sys/sysmacros.h>
+
+ #include "efivars.h"
+
--- /dev/null
+--- a/src/setup/setup.c
++++ b/src/setup/setup.c
+@@ -83,6 +83,9 @@ static int verify_esp(const char *p, uin
+ blkid_probe b = NULL;
+ int r;
+ const char *v;
++ char buf[1024];
++
++ memset(buf, 0, sizeof(buf));
+
+ if (statfs(p, &sfs) < 0) {
+ fprintf(stderr, "Failed to check file system type of %s: %m\n", p);
+@@ -122,24 +125,38 @@ static int verify_esp(const char *p, uin
+ return -ENODEV;
+ }
+
+- r = asprintf(&t, "/dev/block/%u:%u", major(st.st_dev), minor(st.st_dev));
++ r = asprintf(&t, "/sys/dev/block/%u:%u", major(st.st_dev), minor(st.st_dev));
+ if (r < 0) {
+ fprintf(stderr, "Out of memory.\n");
+ return -ENOMEM;
+ }
+
++ r = readlink(t, buf, sizeof(buf) - 1);
++ if (r < 0) {
++ fprintf(stderr, "Failed to identify device node for block device %u:%u\n", major(st.st_dev), minor(st.st_dev));
++ return -ENOMEM;
++ }
++
++ r = asprintf(&t, "/dev/%s", basename(buf));
++ if (r < 0) {
++ fprintf(stderr, "Out of memory.\n");
++ return -ENOMEM;
++ }
++
+ errno = 0;
+ b = blkid_new_probe_from_filename(t);
+- free(t);
+ if (!b) {
+ if (errno != 0) {
+- fprintf(stderr, "Failed to open file system %s: %m\n", p);
++ fprintf(stderr, "Failed to open file system %s on %s: %m\n", p, t);
++ free(t);
+ return -errno;
+ }
+
++ free(t);
+ fprintf(stderr, "Out of memory.\n");
+ return -ENOMEM;
+ }
++ free(t);
+
+ blkid_probe_enable_superblocks(b, 1);
+ blkid_probe_set_superblocks_flags(b, BLKID_SUBLKS_TYPE);
include $(TOPDIR)/rules.mk
PKG_NAME:=hwdata
-PKG_VERSION:=0.345
+PKG_VERSION:=0.347
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/vcrhonek/hwdata/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=fafcc97421ba766e08a2714ccc3eebb0daabc99e67d53c2d682721dd01ccf7a7
+PKG_HASH:=1574e39b5ebd0763beb1fe986cd1a2d17ec81ba0a2f1a61cf27d9b3c62a5a8fa
PKG_MAINTAINER:=
PKG_LICENSE:=GPL-2.0-or-later XFree86-1.0
include $(TOPDIR)/rules.mk
PKG_NAME:=libnetwork
-PKG_RELEASE:=2
+PKG_RELEASE:=1
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://$(GO_PKG)
-PKG_SOURCE_VERSION:=fa125a3512ee0f6187721c88582bf8c4378bd4d7
-PKG_SOURCE_DATE:=2020-12-15
-PKG_MIRROR_HASH:=f6fcc6c900c1d542dfede0f53691108f12b63ff20ecf870eebc0aa2df1848b24
+PKG_SOURCE_VERSION:=b3507428be5b458cb0e2b4086b13531fb0706e46
+PKG_SOURCE_DATE:=2021-01-26
+PKG_MIRROR_HASH:=421d1b7cd95d0d0ec2801ebb0b360416cd2382e1ef9e70f4ca5cb63fb6a4ee8c
PKG_MAINTAINER:=Gerard Ryan <G.M0N3Y.2503@gmail.com>
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=mtools
+PKG_VERSION:=4.0.26
+PKG_RELEASE:=$(AUTORELEASE)
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE_URL:=@GNU/mtools
+PKG_HASH:=539f1c8b476a16e198d8bcb10a5799e22e69de49d854f7dbd85b64c2a45dea1a
+
+PKG_BUILD_PARALLEL:=1
+PKG_INSTALL:=1
+
+PKG_MAINTAINER:=Oskari Rauta <oskari.rauta@gmail.com>
+PKG_LICENSE:=GPL-3.0-only
+PKG_LICENSE_FILES:=COPYING
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/mtools
+ SECTION:=utils
+ CATEGORY:=Utilities
+ SUBMENU:=Disc
+ TITLE:=Collection of utilities to access MS-DOS disks
+ URL:=https://www.gnu.org/software/mtools
+ DEPENDS:=+libbsd
+endef
+
+define Package/mtools/description
+ Mtools is a collection of utilities to access MS-DOS disks from GNU and Unix without mounting them.
+endef
+
+define Package/mtools/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/amuFormat.sh $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mcheck $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mcomp $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mkmanifest $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mtools $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mxtar $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/tgz $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/uz $(1)/usr/bin/
+ $(LN) uz $(1)/usr/bin/lz
+ $(LN) mtools $(1)/usr/bin/mattrib
+ $(LN) mtools $(1)/usr/bin/mbadblock
+ $(LN) mtools $(1)/usr/bin/mcat
+ $(LN) mtools $(1)/usr/bin/mcd
+ $(LN) mtools $(1)/usr/bin/mclasserase
+ $(LN) mtools $(1)/usr/bin/mcopy
+ $(LN) mtools $(1)/usr/bin/mdel
+ $(LN) mtools $(1)/usr/bin/mdeltree
+ $(LN) mtools $(1)/usr/bin/mdir
+ $(LN) mtools $(1)/usr/bin/mdu
+ $(LN) mtools $(1)/usr/bin/mformat
+ $(LN) mtools $(1)/usr/bin/minfo
+ $(LN) mtools $(1)/usr/bin/mlabel
+ $(LN) mtools $(1)/usr/bin/mmd
+ $(LN) mtools $(1)/usr/bin/mmount
+ $(LN) mtools $(1)/usr/bin/mmove
+ $(LN) mtools $(1)/usr/bin/mpartition
+ $(LN) mtools $(1)/usr/bin/mrd
+ $(LN) mtools $(1)/usr/bin/mren
+ $(LN) mtools $(1)/usr/bin/mshortname
+ $(LN) mtools $(1)/usr/bin/mshowfat
+ $(LN) mtools $(1)/usr/bin/mtoolstest
+ $(LN) mtools $(1)/usr/bin/mtype
+ $(LN) mtools $(1)/usr/bin/mzip
+endef
+
+$(eval $(call BuildPackage,mtools))
include $(TOPDIR)/rules.mk
PKG_NAME:=nano
-PKG_VERSION:=5.6.1
+PKG_VERSION:=5.7
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@GNU/nano
-PKG_HASH:=760d7059e0881ca0ee7e2a33b09d999ec456ff7204df86bee58eb6f523ee8b09
+PKG_HASH:=d4b181cc2ec11def3711b4649e34f2be7a668e70ab506860514031d069cccafa
PKG_LICENSE:=GPL-3.0-or-later
PKG_LICENSE_FILES:=COPYING
include $(TOPDIR)/rules.mk
PKG_NAME:=podman
-PKG_VERSION:=3.0.1
+PKG_VERSION:=3.1.1
PKG_RELEASE:=$(AUTORELEASE)
-PKG_HASH:=259e682d6e90595573fe8880e0252cc8b08c813e19408b911c43383a6edd6852
+PKG_HASH:=4e6fb106c6363566b6edc4ac6caee0bdf6b788e01255c3b3bfcb64f4b6842229
PKG_SOURCE_URL:=https://github.com/containers/podman/archive/v$(PKG_VERSION)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_USE_MIPS16:=0
GO_PKG:=github.com/containers/podman/
-GO_PKG_BUILD_PKG:=github.com/containers/podman/v2/cmd/podman/
+GO_PKG_BUILD_PKG:=github.com/containers/podman/v3/cmd/podman/
include $(INCLUDE_DIR)/package.mk
include ../../lang/golang/golang-package.mk
Package/podman-selinux/conffiles = $(Package/podman/conffiles)
ifeq ($(BUILD_VARIANT),selinux)
- GO_PKG_TAGS=seccomp,exclude_graphdriver_devicemapper,selinux
+ GO_PKG_TAGS=seccomp,exclude_graphdriver_devicemapper,selinux,apparmor
else
- GO_PKG_TAGS=seccomp,exclude_graphdriver_devicemapper
+ GO_PKG_TAGS=seccomp,exclude_graphdriver_devicemapper,apparmor
endif
define Build/Prepare
#!/bin/sh /etc/rc.common
START=99
+STOP=10
USE_PROCD=1
NAME=podman
PROG=/usr/bin/podman
procd_append_param command $command
procd_close_instance
}
+
+shutdown() {
+ ${PROG} pod stop -a
+ ${PROG} container stop -a
+}
include $(TOPDIR)/rules.mk
PKG_NAME:=stress-ng
-PKG_VERSION:=0.12.06
+PKG_VERSION:=0.12.07
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://kernel.ubuntu.com/~cking/tarballs/stress-ng
-PKG_HASH:=75eb340266b1bbae944d8f9281af978bd5bc2c8085df97a098d5500d6f177296
+PKG_HASH:=cf73e3a4c7d95afa46aa27fb9283a8a988f3971de4ce6ffe9f651ca341731ead
PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
PKG_LICENSE:=GPL-2.0-only
--- a/stress-fp-error.c
+++ b/stress-fp-error.c
-@@ -117,42 +117,43 @@ static int stress_fp_error(const stress_
+@@ -119,42 +119,43 @@ static int stress_fp_error(const stress_
do {
volatile double d1, d2;
/*
* Use volatiles to force compiler to generate code
* to perform run time computation of 1.0 / M_PI
-@@ -173,14 +174,15 @@ static int stress_fp_error(const stress_
+@@ -175,14 +176,15 @@ static int stress_fp_error(const stress_
stress_fp_check(args, "DBL_MAX + DBL_MAX / 2.0",
DBL_MAX + DBL_MAX / 2.0, INFINITY,
false, true, 0, FE_OVERFLOW | FE_INEXACT);
include $(TOPDIR)/rules.mk
PKG_NAME:=tmux
-PKG_VERSION:=3.1c
-PKG_RELEASE:=1
+PKG_VERSION:=3.2
+PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/tmux/tmux/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=b9617dd4d1c541ebc21b6b5760d58102fc039a593786aab273b5dd95dd514bea
+PKG_HASH:=290a2f25a2f26c649f7ec7f2880586b8d3f43e24d7cb42c691f430941edb4fcf
PKG_MAINTAINER:=Maxim Storchak <m.storchak@gmail.com>
PKG_LICENSE:=ISC
CATEGORY:=Utilities
SUBMENU:=Terminal
TITLE:=Terminal multiplexer
- DEPENDS:=+libncurses +libevent2 +libpthread +librt
+ DEPENDS:=+libncurses +libevent2-core +libpthread +librt
URL:=http://tmux.github.io/
endef
--- /dev/null
+commit bb6242675ad0c7447daef148fffced882e5b4a61
+Author: Nicholas Marriott <nicholas.marriott@gmail.com>
+Date: Thu Apr 15 06:45:19 2021 +0100
+
+ Add crosscompiling fallbacks, from Hasso Tepper.
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -163,6 +163,7 @@ AC_RUN_IFELSE([AC_LANG_PROGRAM(
+ [return (reallocarray(NULL, 1, 1) == NULL);]
+ )],
+ AC_MSG_RESULT(yes),
++ [AC_LIBOBJ(reallocarray) AC_MSG_RESULT([no])],
+ [AC_LIBOBJ(reallocarray) AC_MSG_RESULT([no])]
+ )
+ AC_MSG_CHECKING([for working recallocarray])
+@@ -171,6 +172,7 @@ AC_RUN_IFELSE([AC_LANG_PROGRAM(
+ [return (recallocarray(NULL, 1, 1, 1) == NULL);]
+ )],
+ AC_MSG_RESULT(yes),
++ [AC_LIBOBJ(recallocarray) AC_MSG_RESULT([no])],
+ [AC_LIBOBJ(recallocarray) AC_MSG_RESULT([no])]
+ )
+
. /lib/functions.sh
. /lib/upgrade/common.sh
+. /usr/share/libubox/jshn.sh
OWRT_VOLUMES=owrt-volumes
+
+get_partition_by_name_gpt() {
+ local dev="$1"
+ local part parts node name
+ json_load "$(sfdisk -J "/dev/$dev" 2>/dev/null)"
+ json_select "partitiontable" || return
+ json_select "partitions" || return
+ json_get_keys parts
+ for part in $parts; do
+ json_select "$part"
+ json_get_vars node name
+ if [ "$2" = "$name" ]; then
+ echo "$node"
+ break
+ fi
+ json_select ..
+ done
+}
+
part_fixup() {
echo "write" | sfdisk --force -q -w never $1
}
autopart_init() {
local diskdev
local lvmpart
- local diskserial
+ local diskserial diskhash
export_bootdevice && export_partdevice diskdev 0
[ "$diskdev" ] || return
- [ -e "/sys/class/block/$diskdev/device/serial" ] && diskserial=$(cat /sys/class/block/$diskdev/device/serial)
-
+ [ -e "/sys/class/block/$diskdev/device/serial" ] && diskserial="$(cat /sys/class/block/$diskdev/device/serial)"
+ [ -e "/sys/class/block/$diskdev/device/cid" ] && diskserial="$diskserial$(cat /sys/class/block/$diskdev/device/cid)"
+ [ "$diskserial" ] || diskserial="$(cat /proc/sys/kernel/random/uuid)"
+ diskhash="$(echo $diskserial | sha256sum | cut -d' ' -f1)"
part_fixup /dev/$diskdev
create_lvm_part /dev/$diskdev || return
- lvmpart=$(get_partition_by_name $diskdev $OWRT_VOLUMES)
+ lvmpart=$(get_partition_by_name_gpt $diskdev $OWRT_VOLUMES)
[ "$lvmpart" ] || return
- lvm_init /dev/$lvmpart "${OWRT_VOLUMES}${diskserial:+-${diskserial:2}}"
+ lvm_init $lvmpart "${OWRT_VOLUMES}-${diskhash:0:16}"
}
autopart_init
[ "$lv_full_name" ] || return 22
lvm_cmd lvchange -a y "$lv_full_name" || return 1
if [ $lv_size -gt $(( 100 * 1024 * 1024 )) ]; then
- mkfs.f2fs -f -l "$1" "$lv_path" || return 1
+ mkfs.f2fs -f -l "$1" "$lv_path"
+ ret=$?
+ [ $ret != 0 ] && [ $ret != 134 ] && return 1
else
mke2fs -F -L "$1" "$lv_path" || return 1
fi
local reports rep lv lvs lv_name lv_size lv_mode volname
volname=${1:-.*}
json_init
- json_load "$(lvs -o lv_name,lv_size -S "lv_name=~^[rw][ow]_$volname\$ && vg_name=$vg_name")"
+ json_load "$(lvs -o lv_name,lv_size -S "lv_name=~^[rw][owp]_$volname\$ && vg_name=$vg_name")"
json_select report
json_get_keys reports
for rep in $reports; do
local voldev=$(getdev "$@")
local evdata
[ "$voldev" ] || return 2
- local volnum=${voldev#${ubidev}_}
if vol_is_mode $voldev rw ; then
evdata="{\"name\": \"$1\", \"action\": \"down\", \"device\": \"/dev/$voldev\"}"
- elif vol_is_mode $voldev ro ; then
+ elif vol_is_mode $voldev ro && [ -e "/dev/ubiblock${voldev:3}" ]; then
evdata="{\"name\": \"$1\", \"action\": \"down\", \"device\": \"/dev/ubiblock${voldev:3}\"}"
fi
+ local volnum=${voldev#${ubidev}_}
ubirmvol /dev/$ubidev -n $volnum || return $?
- ubus send block.volume "$evdata"
+ [ "$evdata" ] && ubus send block.volume "$evdata"
}
activatevol() {
# uvol prototype
# future development roadmap (aka. to-do):
# * re-implement in C (use libubox, execve lvm/ubi*)
+# * hash to validate volume while writing
# * add atomic batch processing for use by container/package manager
if [ -z "$1" ]; then cat <<EOF
PKG_NAME:=vim
PKG_VERSION:=8.2
-PKG_RELEASE:=3
+PKG_RELEASE:=4
VIMVER:=82
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/vim_normal $(1)/usr/bin/vim
$(INSTALL_DIR) $(1)/usr/share/vim
+ $(LN) vim $(1)/usr/bin/vimdiff
$(INSTALL_CONF) ./files/vimrc.full $(1)/usr/share/vim/vimrc
endef
include $(TOPDIR)/rules.mk
PKG_NAME:=yq
-PKG_VERSION:=4.7.0
+PKG_VERSION:=4.7.1
PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/mikefarah/yq/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=d4984f8f8ac5151797c8cf9c6ab8b705958802721c4405ef8a99206dcd00dcb5
+PKG_HASH:=19a7c43aaac678065f436ddfdf8b0a75dd3883984f4b9548cabdf53eb09932f9
PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
PKG_LICENSE:=MIT