diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 8d1d04426acba6..237d0d5f9ca9c7 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -18,7 +18,7 @@ ## ✅ Formalities -- [ ] I have reviewed the [CONTRIBUTING.md](../CONTRIBUTING.md) file for detailed contributing guidelines. +- [ ] I have reviewed the [CONTRIBUTING.md](https://github.com/openwrt/packages/blob/master/CONTRIBUTING.md) file for detailed contributing guidelines. ### If your PR contains a patch: diff --git a/.github/workflows/check-autorelease-deprecation.yml b/.github/workflows/check-autorelease-deprecation.yml deleted file mode 100644 index c01c97d7ee11cb..00000000000000 --- a/.github/workflows/check-autorelease-deprecation.yml +++ /dev/null @@ -1,91 +0,0 @@ -name: Check autorelease deprecation - -on: - pull_request_target: - types: [opened, synchronize, converted_to_draft, ready_for_review, edited] - -jobs: - build: - name: Check autorelease deprecation - runs-on: ubuntu-latest - strategy: - fail-fast: false - - permissions: - pull-requests: write - - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.head.sha }} - fetch-depth: 0 - - - name: Determine branch name - run: | - BRANCH="${GITHUB_BASE_REF#refs/heads/}" - echo "Building for $BRANCH" - echo "BRANCH=$BRANCH" >> $GITHUB_ENV - - - name: Determine changed packages - run: | - RET=0 - - # only detect packages with changes - PKG_ROOTS=$(find . -name Makefile | \ - grep -v ".*/src/Makefile" | \ - sed -e 's@./\(.*\)/Makefile@\1/@') - CHANGES=$(git diff --diff-filter=d --name-only origin/$BRANCH...) - - for ROOT in $PKG_ROOTS; do - for CHANGE in $CHANGES; do - if [[ "$CHANGE" == "$ROOT"* ]]; then - if grep -q '$(AUTORELEASE)' "$ROOT/Makefile"; then - CONTAINS_AUTORELEASE+="$ROOT" - fi - break - fi - done - done - - if [ -n "$CONTAINS_AUTORELEASE" ]; then - RET=1 - cat > "$GITHUB_WORKSPACE/pr_comment.md" << EOF - Please do no longer set *PKG_RELEASE* to *AUTORELEASE* as the - feature is deprecated. Please use an integer instead. Below is a - list of affected packages including correct *PKG_RELEASE*: - - EOF - fi - - for ROOT in $CONTAINS_AUTORELEASE; do - echo -n " - ${ROOT}Makefile: PKG_RELEASE:=" >> "$GITHUB_WORKSPACE/pr_comment.md" - last_bump="$(git log --pretty=format:'%h %s' "$ROOT" | - grep --max-count=1 -e ': [uU]pdate to ' -e ': [bB]ump to ' | - cut -f 1 -d ' ')" - - if [ -n "$last_bump" ]; then - echo -n $(($(git rev-list --count "$last_bump..HEAD" "$ROOT") + 2)) >> "$GITHUB_WORKSPACE/pr_comment.md" - else - echo -n $(($(git rev-list --count HEAD "$ROOT") + 2)) >> "$GITHUB_WORKSPACE/pr_comment.md" - fi - echo >> "$GITHUB_WORKSPACE/pr_comment.md" - done - - exit $RET - - - name: Find Comment - uses: peter-evans/find-comment@v2 - if: ${{ failure() }} - id: fc - with: - issue-number: ${{ github.event.pull_request.number }} - comment-author: 'github-actions[bot]' - - - name: Create or update comment - uses: peter-evans/create-or-update-comment@v2 - if: ${{ failure() }} - with: - comment-id: ${{ steps.fc.outputs.comment-id }} - issue-number: ${{ github.event.pull_request.number }} - body-file: 'pr_comment.md' - edit-mode: replace diff --git a/.github/workflows/formal.yml b/.github/workflows/formal.yml deleted file mode 100644 index 081129d6f0e21b..00000000000000 --- a/.github/workflows/formal.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: Test Formalities - -on: - pull_request: - -permissions: - contents: read - -jobs: - build: - name: Test Formalities - uses: openwrt/actions-shared-workflows/.github/workflows/formal.yml@main diff --git a/.github/workflows/multi-arch-test-build.yml b/.github/workflows/multi-arch-test-build.yml index e5ac78c01ae972..2a78a114e6d9fa 100644 --- a/.github/workflows/multi-arch-test-build.yml +++ b/.github/workflows/multi-arch-test-build.yml @@ -1,9 +1,14 @@ -name: Feeds Package Test Build +name: Test and Build on: pull_request: jobs: + formalities: + name: Test Formalities + uses: openwrt/actions-shared-workflows/.github/workflows/formal.yml@main + build: name: Feeds Package Test Build + needs: formalities uses: openwrt/actions-shared-workflows/.github/workflows/multi-arch-test-build.yml@main diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4c0d0d4b08b65e..5afb3a3da4f304 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -74,8 +74,8 @@ guidelines: Add libzot dependency"). - Include Signed-off-by tag in the commit comments. See: [Sign your work](https://openwrt.org/submitting-patches#sign_your_work) -- Author and sign-off must match and be a real name or known identity and - a real email address. GitHub private email addresses will not be accepted. +- Author and sign-off must match and be a real name and real email address. + GitHub private email addresses will not be accepted. - Follow all [Submission Guidelines](https://openwrt.org/submitting-patches#submission_guidelines) requirements, including maximum characters per line. diff --git a/admin/bottom/Makefile b/admin/bottom/Makefile index 6bd7d92e50cdb7..eed1fbb09125a8 100644 --- a/admin/bottom/Makefile +++ b/admin/bottom/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=bottom -PKG_VERSION:=0.9.7 +PKG_VERSION:=0.11.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/ClementTsang/bottom/tar.gz/$(PKG_VERSION)? -PKG_HASH:=29c3f75323ae0245576ea23268bb0956757352bf3b16d05f511357655b9cc71e +PKG_HASH:=0095ea9edb386ad7c49d845176314097713661d22ec42314e3be46426bc769ee PKG_MAINTAINER:=Luca Barbato PKG_LICENSE:=MIT diff --git a/admin/btop/Makefile b/admin/btop/Makefile index a8f138b70838d6..3f7026e9c84c47 100644 --- a/admin/btop/Makefile +++ b/admin/btop/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=btop -PKG_VERSION:=1.4.4 +PKG_VERSION:=1.4.5 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL=https://codeload.github.com/aristocratos/btop/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=98d464041015c888c7b48de14ece5ebc6e410bc00ca7bb7c5a8010fe781f1dd8 +PKG_HASH:=0ffe03d3e26a3e9bbfd5375adf34934137757994f297d6b699a46edd43c3fc02 PKG_MAINTAINER:=Tianling Shen PKG_LICENSE:=Apache-2.0 diff --git a/admin/openwisp-config/Makefile b/admin/openwisp-config/Makefile index aadd5fe616367c..c1aa78aba0445a 100644 --- a/admin/openwisp-config/Makefile +++ b/admin/openwisp-config/Makefile @@ -5,14 +5,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openwisp-config -PKG_VERSION:=1.1.0 -PKG_RELEASE:=2 +PKG_VERSION:=1.2.0 +PKG_RELEASE:=1 PKG_MAINTAINER:=Federico Capoano PKG_LICENSE:=GPL-3.0-or-later PKG_SOURCE_URL:=https://github.com/openwisp/openwisp-config.git -PKG_MIRROR_HASH:=c78dc17353c642a6f998531f18e20f0651f946d665506a000308e77c02324a79 +PKG_MIRROR_HASH:=30258c3ef4895fbf6e4fed8caee9d0dfbf05aebebd52604d75febac1a11d78bd PKG_SOURCE_PROTO:=git PKG_SOURCE_VERSION:=$(PKG_VERSION) @@ -47,7 +47,8 @@ define Package/openwisp-config/install $(1)/etc/init.d \ $(1)/etc/config \ $(1)/usr/lib/openwisp-config \ - $(1)/usr/lib/lua/openwisp + $(1)/usr/lib/lua/openwisp \ + $(1)/etc/hotplug.d/iface $(INSTALL_BIN) \ $(PKG_BUILD_DIR)/openwisp-config/files/openwisp.agent \ @@ -60,6 +61,9 @@ define Package/openwisp-config/install $(INSTALL_CONF) $(PKG_BUILD_DIR)/openwisp-config/files/openwisp.config \ $(1)/etc/config/openwisp + $(INSTALL_BIN) $(PKG_BUILD_DIR)/openwisp-config/files/openwisp.hotplug \ + $(1)/etc/hotplug.d/iface/90-openwisp-config + $(INSTALL_BIN) \ $(PKG_BUILD_DIR)/openwisp-config/files/sbin/openwisp-reload-config \ $(1)/usr/sbin/openwisp-reload-config diff --git a/admin/openwisp-monitoring/Config.in b/admin/openwisp-monitoring/Config.in index 5b5bf37f251f3d..00233adcf7ae7a 100644 --- a/admin/openwisp-monitoring/Config.in +++ b/admin/openwisp-monitoring/Config.in @@ -1,4 +1,5 @@ menu "netjson-monitoring Configuration" + depends on PACKAGE_netjson-monitoring config NETJSON_MONITORING_IWINFO bool "Enable rpcd-mod-iwinfo" diff --git a/admin/openwisp-monitoring/Makefile b/admin/openwisp-monitoring/Makefile index 64aea233693ba5..1af4db7a5a5658 100644 --- a/admin/openwisp-monitoring/Makefile +++ b/admin/openwisp-monitoring/Makefile @@ -5,15 +5,17 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openwisp-monitoring -PKG_VERSION:=0.2.0 -PKG_RELEASE:=2 +PKG_VERSION:=0.3.0 +PKG_RELEASE:=1 PKG_MAINTAINER:=Federico Capoano PKG_LICENSE:=GPL-3.0-or-later PKG_LICENSE_FILES:=LICENSE +PKG_CONFIG_DEPENDS:=CONFIG_NETJSON_MONITORING_IWINFO + PKG_SOURCE_URL:=https://github.com/openwisp/openwrt-openwisp-monitoring.git -PKG_MIRROR_HASH:=6baad2b319cdc072a83547593b447e2c93c42fcdda386f5993c22b88ad991cdd +PKG_MIRROR_HASH:=a7778b0de1b560abf5bf5b8e6e45313fe58309a66438f3c9e043adc8f0248c04 PKG_SOURCE_PROTO:=git PKG_SOURCE_VERSION:=$(PKG_VERSION) PKGARCH:=all diff --git a/admin/sudo/Makefile b/admin/sudo/Makefile index 0891f341795684..2370ee465f2265 100644 --- a/admin/sudo/Makefile +++ b/admin/sudo/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=sudo -PKG_REALVERSION:=1.9.17p1 +PKG_REALVERSION:=1.9.17p2 PKG_VERSION:=$(subst p,_p,$(PKG_REALVERSION)) PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_REALVERSION).tar.gz PKG_SOURCE_URL:=https://www.sudo.ws/dist -PKG_HASH:=ff607ea717072197738a78f778692cd6df9a7e3e404565f51de063ca27455d32 +PKG_HASH:=4a38a1ab3adb1199257edc2a7c4a2bd714665eb605b04368843b06dada2cfcfb PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_REALVERSION) PKG_MAINTAINER:=Alexandru Ardelean diff --git a/admin/syslog-ng/Makefile b/admin/syslog-ng/Makefile index c9e0384f900798..fcc11f9b87c155 100644 --- a/admin/syslog-ng/Makefile +++ b/admin/syslog-ng/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=syslog-ng -PKG_VERSION:=4.7.1 +PKG_VERSION:=4.10.2 PKG_RELEASE:=2 PKG_MAINTAINER:=Josef Schlehofer @@ -11,7 +11,7 @@ PKG_CPE_ID:=cpe:/a:oneidentity:syslog-ng PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/syslog-ng/syslog-ng/releases/download/$(PKG_NAME)-$(PKG_VERSION)/ -PKG_HASH:=5477189a2d12325aa4faebfcf59f5bdd9084234732f0c3ec16dd253847dacf1c +PKG_HASH:=841503de6c2486e66fd08f0c62ac2568fc8ed1021297f855e8acd58ad7caff76 PKG_BUILD_PARALLEL:=1 PKG_INSTALL:=1 @@ -34,7 +34,7 @@ define Package/syslog-ng CATEGORY:=Administration TITLE:=A powerful syslog daemon URL:=https://www.syslog-ng.com/products/open-source-log-management/ - DEPENDS:=+libpcre2 +glib2 +libopenssl +libpthread +librt +libdbi +libjson-c +libcurl +libuuid +SYSLOGNG_LOGROTATE:logrotate +LIBCURL_ZLIB:zlib + DEPENDS:=+libpcre2 +glib2 +libopenssl +libpthread +librt +libdbi +libjson-c +libcurl +libuuid +ivykis +SYSLOGNG_LOGROTATE:logrotate +LIBCURL_ZLIB:zlib ALTERNATIVES:=300:/sbin/logread:/usr/libexec/logread.sh endef @@ -91,12 +91,15 @@ CONFIGURE_ARGS += \ --disable-sql \ --disable-linux-caps \ --with-jsonc=system \ + --with-ivykis=system \ --enable-cpp=no \ + --disable-example-modules \ --enable-json=yes \ $(if $(CONFIG_LIBCURL_ZLIB),--enable-http=yes,--enable-http=no) \ --disable-smtp \ --disable-mqtt \ --disable-redis \ + --disable-stackdump \ --disable-dependency-tracking \ --disable-python \ --disable-geoip2 \ diff --git a/admin/syslog-ng/files/syslog-ng.conf b/admin/syslog-ng/files/syslog-ng.conf index dafef7b7e465a2..e99f9c068e170f 100644 --- a/admin/syslog-ng/files/syslog-ng.conf +++ b/admin/syslog-ng/files/syslog-ng.conf @@ -1,7 +1,7 @@ # Collect all local logs into a single file /var/log/messages. # See https://www.syslog-ng.com/technical-documents/list/syslog-ng-open-source-edition -@version: 4.7 +@version: current @include "scl.conf" options { diff --git a/admin/syslog-ng/test.sh b/admin/syslog-ng/test.sh new file mode 100644 index 00000000000000..190967ce96f7d4 --- /dev/null +++ b/admin/syslog-ng/test.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +syslog-ng --version | grep "$2" diff --git a/devel/patch/Makefile b/devel/patch/Makefile index c842675034fe65..70e7483fcc63c7 100644 --- a/devel/patch/Makefile +++ b/devel/patch/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=patch -PKG_VERSION:=2.7.6 -PKG_RELEASE:=7 +PKG_VERSION:=2.8 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@GNU/patch -PKG_HASH:=ac610bda97abe0d9f6b7c963255a11dcb196c25e337c61f94e4778d632f1d8fd +PKG_HASH:=f87cee69eec2b4fcbf60a396b030ad6aa3415f192aa5f7ee84cad5e11f7f5ae3 PKG_LICENSE:=GPL-3.0-or-later PKG_LICENSE_FILES:=COPYING diff --git a/devel/patch/patches/010-CVE-2018-6951.patch b/devel/patch/patches/010-CVE-2018-6951.patch deleted file mode 100644 index eb8d51365c7617..00000000000000 --- a/devel/patch/patches/010-CVE-2018-6951.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 9bf998b5fcbcde1dea0e472dc1538abb97e9012e Mon Sep 17 00:00:00 2001 -From: Andreas Gruenbacher -Date: Mon, 12 Feb 2018 16:48:24 +0100 -Subject: [PATCH] Fix segfault with mangled rename patch - -http://savannah.gnu.org/bugs/?53132 -* src/pch.c (intuit_diff_type): Ensure that two filenames are specified -for renames and copies (fix the existing check). ---- - src/pch.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - ---- a/src/pch.c -+++ b/src/pch.c -@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode - if ((pch_rename () || pch_copy ()) - && ! inname - && ! ((i == OLD || i == NEW) && -- p_name[! reverse] && -+ p_name[reverse] && p_name[! reverse] && -+ name_is_valid (p_name[reverse]) && - name_is_valid (p_name[! reverse]))) - { - say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy"); diff --git a/devel/patch/patches/020-CVE-2018-1000156.patch b/devel/patch/patches/020-CVE-2018-1000156.patch deleted file mode 100644 index e3c9f231983ff5..00000000000000 --- a/devel/patch/patches/020-CVE-2018-1000156.patch +++ /dev/null @@ -1,189 +0,0 @@ -From b56779aed483f0036a32a65e62ab7b5e461b07cc Mon Sep 17 00:00:00 2001 -From: Andreas Gruenbacher -Date: Fri, 6 Apr 2018 12:14:49 +0200 -Subject: [PATCH] Fix arbitrary command execution in ed-style patches - (CVE-2018-1000156) - -* src/pch.c (do_ed_script): Write ed script to a temporary file instead -of piping it to ed: this will cause ed to abort on invalid commands -instead of rejecting them and carrying on. -* tests/ed-style: New test case. -* tests/Makefile.am (TESTS): Add test case. (OPENWRT REMOVED) ---- - src/pch.c | 89 +++++++++++++++++++++++++++++++++++------------ - tests/Makefile.am | 1 + (OPENWRT REMOVED) - tests/ed-style | 41 ++++++++++++++++++++++ - 3 files changed, 108 insertions(+), 23 deletions(-) - create mode 100644 tests/ed-style - ---- a/src/pch.c -+++ b/src/pch.c -@@ -33,6 +33,7 @@ - # include - #endif - #include -+#include - - #define INITHUNKMAX 125 /* initial dynamic allocation size */ - -@@ -2389,22 +2390,28 @@ do_ed_script (char const *inname, char c - static char const editor_program[] = EDITOR_PROGRAM; - - file_offset beginning_of_this_line; -- FILE *pipefp = 0; - size_t chars_read; -+ FILE *tmpfp = 0; -+ char const *tmpname; -+ int tmpfd; -+ pid_t pid; -+ -+ if (! dry_run && ! skip_rest_of_patch) -+ { -+ /* Write ed script to a temporary file. This causes ed to abort on -+ invalid commands such as when line numbers or ranges exceed the -+ number of available lines. When ed reads from a pipe, it rejects -+ invalid commands and treats the next line as a new command, which -+ can lead to arbitrary command execution. */ -+ -+ tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0); -+ if (tmpfd == -1) -+ pfatal ("Can't create temporary file %s", quotearg (tmpname)); -+ tmpfp = fdopen (tmpfd, "w+b"); -+ if (! tmpfp) -+ pfatal ("Can't open stream for file %s", quotearg (tmpname)); -+ } - -- if (! dry_run && ! skip_rest_of_patch) { -- int exclusive = *outname_needs_removal ? 0 : O_EXCL; -- assert (! inerrno); -- *outname_needs_removal = true; -- copy_file (inname, outname, 0, exclusive, instat.st_mode, true); -- sprintf (buf, "%s %s%s", editor_program, -- verbosity == VERBOSE ? "" : "- ", -- outname); -- fflush (stdout); -- pipefp = popen(buf, binary_transput ? "wb" : "w"); -- if (!pipefp) -- pfatal ("Can't open pipe to %s", quotearg (buf)); -- } - for (;;) { - char ed_command_letter; - beginning_of_this_line = file_tell (pfp); -@@ -2415,14 +2422,14 @@ do_ed_script (char const *inname, char c - } - ed_command_letter = get_ed_command_letter (buf); - if (ed_command_letter) { -- if (pipefp) -- if (! fwrite (buf, sizeof *buf, chars_read, pipefp)) -+ if (tmpfp) -+ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp)) - write_fatal (); - if (ed_command_letter != 'd' && ed_command_letter != 's') { - p_pass_comments_through = true; - while ((chars_read = get_line ()) != 0) { -- if (pipefp) -- if (! fwrite (buf, sizeof *buf, chars_read, pipefp)) -+ if (tmpfp) -+ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp)) - write_fatal (); - if (chars_read == 2 && strEQ (buf, ".\n")) - break; -@@ -2435,13 +2442,49 @@ do_ed_script (char const *inname, char c - break; - } - } -- if (!pipefp) -+ if (!tmpfp) - return; -- if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, pipefp) == 0 -- || fflush (pipefp) != 0) -+ if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0 -+ || fflush (tmpfp) != 0) - write_fatal (); -- if (pclose (pipefp) != 0) -- fatal ("%s FAILED", editor_program); -+ -+ if (lseek (tmpfd, 0, SEEK_SET) == -1) -+ pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname)); -+ -+ if (! dry_run && ! skip_rest_of_patch) { -+ int exclusive = *outname_needs_removal ? 0 : O_EXCL; -+ *outname_needs_removal = true; -+ if (inerrno != ENOENT) -+ { -+ *outname_needs_removal = true; -+ copy_file (inname, outname, 0, exclusive, instat.st_mode, true); -+ } -+ sprintf (buf, "%s %s%s", editor_program, -+ verbosity == VERBOSE ? "" : "- ", -+ outname); -+ fflush (stdout); -+ -+ pid = fork(); -+ if (pid == -1) -+ pfatal ("Can't fork"); -+ else if (pid == 0) -+ { -+ dup2 (tmpfd, 0); -+ execl ("/bin/sh", "sh", "-c", buf, (char *) 0); -+ _exit (2); -+ } -+ else -+ { -+ int wstatus; -+ if (waitpid (pid, &wstatus, 0) == -1 -+ || ! WIFEXITED (wstatus) -+ || WEXITSTATUS (wstatus) != 0) -+ fatal ("%s FAILED", editor_program); -+ } -+ } -+ -+ fclose (tmpfp); -+ safe_unlink (tmpname); - - if (ofp) - { ---- /dev/null -+++ b/tests/ed-style -@@ -0,0 +1,41 @@ -+# Copyright (C) 2018 Free Software Foundation, Inc. -+# -+# Copying and distribution of this file, with or without modification, -+# in any medium, are permitted without royalty provided the copyright -+# notice and this notice are preserved. -+ -+. $srcdir/test-lib.sh -+ -+require cat -+use_local_patch -+use_tmpdir -+ -+# ============================================================== -+ -+cat > ed1.diff < ed2.diff < /dev/null || echo "Status: $?"' < -Date: Fri, 17 Aug 2018 13:35:40 +0200 -Subject: [PATCH] Fix swapping fake lines in pch_swap - -* src/pch.c (pch_swap): Fix swapping p_bfake and p_efake when there is a -blank line in the middle of a context-diff hunk: that empty line stays -in the middle of the hunk and isn't swapped. - -Fixes: https://savannah.gnu.org/bugs/index.php?53133 ---- - src/pch.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/src/pch.c -+++ b/src/pch.c -@@ -2115,7 +2115,7 @@ pch_swap (void) - } - if (p_efake >= 0) { /* fix non-freeable ptr range */ - if (p_efake <= i) -- n = p_end - i + 1; -+ n = p_end - p_ptrn_lines; - else - n = -i; - p_efake += n; diff --git a/devel/patch/patches/050-CVE-2019-13636.patch b/devel/patch/patches/050-CVE-2019-13636.patch deleted file mode 100644 index d819838bba44f7..00000000000000 --- a/devel/patch/patches/050-CVE-2019-13636.patch +++ /dev/null @@ -1,101 +0,0 @@ -From dce4683cbbe107a95f1f0d45fabc304acfb5d71a Mon Sep 17 00:00:00 2001 -From: Andreas Gruenbacher -Date: Mon, 15 Jul 2019 16:21:48 +0200 -Subject: Don't follow symlinks unless --follow-symlinks is given - -* src/inp.c (plan_a, plan_b), src/util.c (copy_to_fd, copy_file, -append_to_file): Unless the --follow-symlinks option is given, open files with -the O_NOFOLLOW flag to avoid following symlinks. So far, we were only doing -that consistently for input files. -* src/util.c (create_backup): When creating empty backup files, (re)create them -with O_CREAT | O_EXCL to avoid following symlinks in that case as well. ---- - src/inp.c | 12 ++++++++++-- - src/util.c | 14 +++++++++++--- - 2 files changed, 21 insertions(+), 5 deletions(-) - ---- a/src/inp.c -+++ b/src/inp.c -@@ -238,8 +238,13 @@ plan_a (char const *filename) - { - if (S_ISREG (instat.st_mode)) - { -- int ifd = safe_open (filename, O_RDONLY|binary_transput, 0); -+ int flags = O_RDONLY | binary_transput; - size_t buffered = 0, n; -+ int ifd; -+ -+ if (! follow_symlinks) -+ flags |= O_NOFOLLOW; -+ ifd = safe_open (filename, flags, 0); - if (ifd < 0) - pfatal ("can't open file %s", quotearg (filename)); - -@@ -340,6 +345,7 @@ plan_a (char const *filename) - static void - plan_b (char const *filename) - { -+ int flags = O_RDONLY | binary_transput; - int ifd; - FILE *ifp; - int c; -@@ -353,7 +359,9 @@ plan_b (char const *filename) - - if (instat.st_size == 0) - filename = NULL_DEVICE; -- if ((ifd = safe_open (filename, O_RDONLY | binary_transput, 0)) < 0 -+ if (! follow_symlinks) -+ flags |= O_NOFOLLOW; -+ if ((ifd = safe_open (filename, flags, 0)) < 0 - || ! (ifp = fdopen (ifd, binary_transput ? "rb" : "r"))) - pfatal ("Can't open file %s", quotearg (filename)); - if (TMPINNAME_needs_removal) ---- a/src/util.c -+++ b/src/util.c -@@ -388,7 +388,7 @@ create_backup (char const *to, const str - - try_makedirs_errno = ENOENT; - safe_unlink (bakname); -- while ((fd = safe_open (bakname, O_CREAT | O_WRONLY | O_TRUNC, 0666)) < 0) -+ while ((fd = safe_open (bakname, O_CREAT | O_EXCL | O_WRONLY | O_TRUNC, 0666)) < 0) - { - if (errno != try_makedirs_errno) - pfatal ("Can't create file %s", quotearg (bakname)); -@@ -579,10 +579,13 @@ create_file (char const *file, int open_ - static void - copy_to_fd (const char *from, int tofd) - { -+ int from_flags = O_RDONLY | O_BINARY; - int fromfd; - ssize_t i; - -- if ((fromfd = safe_open (from, O_RDONLY | O_BINARY, 0)) < 0) -+ if (! follow_symlinks) -+ from_flags |= O_NOFOLLOW; -+ if ((fromfd = safe_open (from, from_flags, 0)) < 0) - pfatal ("Can't reopen file %s", quotearg (from)); - while ((i = read (fromfd, buf, bufsize)) != 0) - { -@@ -625,6 +628,8 @@ copy_file (char const *from, char const - else - { - assert (S_ISREG (mode)); -+ if (! follow_symlinks) -+ to_flags |= O_NOFOLLOW; - tofd = create_file (to, O_WRONLY | O_BINARY | to_flags, mode, - to_dir_known_to_exist); - copy_to_fd (from, tofd); -@@ -640,9 +645,12 @@ copy_file (char const *from, char const - void - append_to_file (char const *from, char const *to) - { -+ int to_flags = O_WRONLY | O_APPEND | O_BINARY; - int tofd; - -- if ((tofd = safe_open (to, O_WRONLY | O_BINARY | O_APPEND, 0)) < 0) -+ if (! follow_symlinks) -+ to_flags |= O_NOFOLLOW; -+ if ((tofd = safe_open (to, to_flags, 0)) < 0) - pfatal ("Can't reopen file %s", quotearg (to)); - copy_to_fd (from, tofd); - if (close (tofd) != 0) diff --git a/devel/patch/patches/060-CVE-2018-20969-CVE-2019-13638.patch b/devel/patch/patches/060-CVE-2018-20969-CVE-2019-13638.patch deleted file mode 100644 index 590cf186e7c67e..00000000000000 --- a/devel/patch/patches/060-CVE-2018-20969-CVE-2019-13638.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001 -From: Andreas Gruenbacher -Date: Fri, 6 Apr 2018 19:36:15 +0200 -Subject: Invoke ed directly instead of using the shell - -* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell -command to avoid quoting vulnerabilities. ---- - src/pch.c | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - ---- a/src/pch.c -+++ b/src/pch.c -@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char c - *outname_needs_removal = true; - copy_file (inname, outname, 0, exclusive, instat.st_mode, true); - } -- sprintf (buf, "%s %s%s", editor_program, -- verbosity == VERBOSE ? "" : "- ", -- outname); - fflush (stdout); - - pid = fork(); -@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char c - else if (pid == 0) - { - dup2 (tmpfd, 0); -- execl ("/bin/sh", "sh", "-c", buf, (char *) 0); -+ assert (outname[0] != '!' && outname[0] != '-'); -+ execlp (editor_program, editor_program, "-", outname, (char *) NULL); - _exit (2); - } - else diff --git a/lang/golang/golang/Makefile b/lang/golang/golang/Makefile index d71cc7c82c8593..fc12f03e51489b 100644 --- a/lang/golang/golang/Makefile +++ b/lang/golang/golang/Makefile @@ -12,7 +12,7 @@ GO_VERSION_PATCH:=12 PKG_NAME:=golang PKG_VERSION:=$(GO_VERSION_MAJOR_MINOR)$(if $(GO_VERSION_PATCH),.$(GO_VERSION_PATCH)) -PKG_RELEASE:=1 +PKG_RELEASE:=2 GO_SOURCE_URLS:=https://dl.google.com/go/ \ https://mirrors.ustc.edu.cn/golang/ \ @@ -267,6 +267,7 @@ endef define Host/Compile $(call GoCompiler/Bootstrap/Make, \ $(HOST_GO_VARS) \ + CC="$(HOSTCC_NOCACHE) -std=gnu17" \ ) $(call GoCompiler/Bootstrap-1.17/Make, \ diff --git a/lang/php8/Makefile b/lang/php8/Makefile index 6c2144e5d5f383..1905bfb8fadaa8 100644 --- a/lang/php8/Makefile +++ b/lang/php8/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=php -PKG_VERSION:=8.3.24 +PKG_VERSION:=8.3.27 PKG_RELEASE:=1 PKG_MAINTAINER:=Michael Heimpold @@ -16,7 +16,7 @@ PKG_CPE_ID:=cpe:/a:php:php PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://www.php.net/distributions/ -PKG_HASH:=388ee5fd111097e97bae439bff46aec4ea27f816d3f0c2cb5490a41410d44251 +PKG_HASH:=c15a09a9d199437144ecfef7d712ec4ca5c6820cf34acc24cc8489dd0cee41ba PKG_BUILD_PARALLEL:=1 PKG_BUILD_FLAGS:=no-mips16 diff --git a/lang/python/python-build/Makefile b/lang/python/python-build/Makefile index 3b2ab65cb291f0..2540291d5fb8f5 100644 --- a/lang/python/python-build/Makefile +++ b/lang/python/python-build/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-build -PKG_VERSION:=1.0.3 +PKG_VERSION:=1.3.0 PKG_RELEASE:=1 PYPI_NAME:=build -PKG_HASH:=538aab1b64f9828977f84bc63ae570b060a8ed1be419e7870b8b4fc5e6ea553b +PKG_HASH:=698edd0ea270bde950f53aed21f3a0135672206f3911e0176261a31e0e07b397 PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE diff --git a/lang/python/python-calver/Makefile b/lang/python/python-calver/Makefile index cd46859c538281..4f519b2c139564 100644 --- a/lang/python/python-calver/Makefile +++ b/lang/python/python-calver/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-calver -PKG_VERSION:=2022.6.26 +PKG_VERSION:=2025.10.20 PKG_RELEASE:=1 PYPI_NAME:=calver -PKG_HASH:=e05493a3b17517ef1748fbe610da11f10485faa7c416b9d33fd4a52d74894f8b +PKG_HASH:=c98b376c2424642224d456b2f70c51402343e008c63d204634665e1a2a2835f5 PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE diff --git a/lang/python/python-certifi/Makefile b/lang/python/python-certifi/Makefile index 4d5b02d039ebc5..87bff4c25aed95 100644 --- a/lang/python/python-certifi/Makefile +++ b/lang/python/python-certifi/Makefile @@ -6,15 +6,16 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-certifi -PKG_VERSION:=2024.2.2 -PKG_RELEASE:=2 +PKG_VERSION:=2025.8.3 +PKG_RELEASE:=1 PKG_MAINTAINER:=Eneas U de Queiroz PKG_LICENSE:=MPL-2.0 PKG_LICENSE_FILES:=LICENSE +PKG_CPE_ID:=cpe:/a:certifi:certifi PYPI_NAME:=certifi -PKG_HASH:=0569859f95fc761b18b45ef421b1290a0f65f147e92a1e5eb3e635f9a5e4e66f +PKG_HASH:=e564105f78ded564e3ae7c923924435e1daa7463faeab5bb932bc53ffae63407 HOST_BUILD_DEPENDS:=python3/host python-build/host python-installer/host python-wheel/host diff --git a/lang/python/python-cython/Makefile b/lang/python/python-cython/Makefile index 76b22f0adac17e..76f91a852438c0 100644 --- a/lang/python/python-cython/Makefile +++ b/lang/python/python-cython/Makefile @@ -8,11 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-cython -PKG_VERSION:=3.0.10 +PKG_VERSION:=3.1.5 PKG_RELEASE:=1 PYPI_NAME:=Cython -PKG_HASH:=dcc96739331fb854dcf503f94607576cfe8488066c61ca50dfd55836f132de99 +PYPI_SOURCE_NAME:=cython +PKG_HASH:=7e73c7e6da755a8dffb9e0e5c4398e364e37671778624188444f1ff0d9458112 PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE.txt diff --git a/lang/python/python-flit-core/Makefile b/lang/python/python-flit-core/Makefile index 66b246cae8db8c..748518cd47779d 100644 --- a/lang/python/python-flit-core/Makefile +++ b/lang/python/python-flit-core/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-flit-core -PKG_VERSION:=3.9.0 +PKG_VERSION:=3.12.0 PKG_RELEASE:=1 PYPI_NAME:=flit-core PYPI_SOURCE_NAME:=flit_core -PKG_HASH:=72ad266176c4a3fcfab5f2930d76896059851240570ce9a98733b658cb786eba +PKG_HASH:=18f63100d6f94385c6ed57a72073443e1a71a4acb4339491615d0f16d6ff01b2 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE diff --git a/lang/python/python-hatch-requirements-txt/Makefile b/lang/python/python-hatch-requirements-txt/Makefile index ae6cd13b9dd4bc..dbd51c3a47bf96 100644 --- a/lang/python/python-hatch-requirements-txt/Makefile +++ b/lang/python/python-hatch-requirements-txt/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-hatch-requirements-txt -PKG_VERSION:=0.4.0 +PKG_VERSION:=0.4.1 PKG_RELEASE:=1 PYPI_NAME:=hatch-requirements-txt PYPI_SOURCE_NAME:=hatch_requirements_txt -PKG_HASH:=800509946e85d9e56d73242fab223ec36db50372e870a04e2dd1fd9bad98455d +PKG_HASH:=2c686e5758fd05bb55fa7d0c198fdd481f8d3aaa3c693260f5c0d74ce3547d20 PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE diff --git a/lang/python/python-hatchling/Makefile b/lang/python/python-hatchling/Makefile index b44b7774bff30b..a9842ebc0ea855 100644 --- a/lang/python/python-hatchling/Makefile +++ b/lang/python/python-hatchling/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-hatchling -PKG_VERSION:=1.18.0 +PKG_VERSION:=1.27.0 PKG_RELEASE:=1 PYPI_NAME:=hatchling -PKG_HASH:=50e99c3110ce0afc3f7bdbadff1c71c17758e476731c27607940cfa6686489ca +PKG_HASH:=971c296d9819abb3811112fc52c7a9751c8d381898f36533bb16f9791e941fd6 PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE.txt diff --git a/lang/python/python-lxml/Makefile b/lang/python/python-lxml/Makefile index d517cd8401511a..e72924cc875e56 100644 --- a/lang/python/python-lxml/Makefile +++ b/lang/python/python-lxml/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-lxml -PKG_VERSION:=5.2.2 +PKG_VERSION:=5.4.0 PKG_RELEASE:=1 PYPI_NAME:=lxml -PKG_HASH:=bb2dc4898180bea79863d5487e5f9c7c34297414bad54bcd0f0852aee9cfdb87 +PKG_HASH:=d12832e1dbea4be280b22fd0ea7c9b87f0d8fc51ba06e92dc62d52f804f78ebd PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSES.txt diff --git a/lang/python/python-lxml/patches/001-downgrade-cython-requirement.patch b/lang/python/python-lxml/patches/001-downgrade-cython-requirement.patch new file mode 100644 index 00000000000000..22429e7fc16bb9 --- /dev/null +++ b/lang/python/python-lxml/patches/001-downgrade-cython-requirement.patch @@ -0,0 +1,9 @@ +--- a/pyproject.toml ++++ b/pyproject.toml +@@ -1,5 +1,5 @@ + [build-system] +-requires = ["Cython>=3.0.11, < 3.1.0", "setuptools", "wheel"] ++requires = ["Cython>=3.0.10", "setuptools", "wheel"] + + [tool.cibuildwheel] + build-verbosity = 1 diff --git a/lang/python/python-lxml/test.sh b/lang/python/python-lxml/test.sh index 6ea15a0e8e4d32..e175d9239cd64c 100644 --- a/lang/python/python-lxml/test.sh +++ b/lang/python/python-lxml/test.sh @@ -1,7 +1,5 @@ #!/bin/sh -[ "$1" = "python3-lxml" ] || exit 0 - EXP_VER="$2" python3 - << EOF diff --git a/lang/python/python-markupsafe/Makefile b/lang/python/python-markupsafe/Makefile index 63e5309d56abcb..0b7c41a5677980 100644 --- a/lang/python/python-markupsafe/Makefile +++ b/lang/python/python-markupsafe/Makefile @@ -5,11 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-markupsafe -PKG_VERSION:=2.1.3 +PKG_VERSION:=3.0.3 PKG_RELEASE:=1 PYPI_NAME:=MarkupSafe -PKG_HASH:=af598ed32d6ae86f1b747b82783958b1a4ab8f617b06fe68795c7f026abbdcad +PYPI_SOURCE_NAME:=markupsafe +PKG_HASH:=722695808f4b6457b320fdc131280796bdceb04ab50fe1795cd540799ebe1698 PKG_MAINTAINER:=Jeffery To PKG_LICENSE:=BSD-3-Clause diff --git a/lang/python/python-networkx/Makefile b/lang/python/python-networkx/Makefile index 1f67591e443b67..50f8c945b76a93 100644 --- a/lang/python/python-networkx/Makefile +++ b/lang/python/python-networkx/Makefile @@ -6,11 +6,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-networkx -PKG_VERSION:=3.3 +PKG_VERSION:=3.5 PKG_RELEASE:=1 PYPI_NAME:=networkx -PKG_HASH:=0c127d8b2f4865f59ae9cb8aafcd60b5c70f3241ebd66f7defad7c4ab90126c9 +PKG_HASH:=d4c6f9cf81f52d69230866796b82afbccdec3db7ae4fbd1b65ea750feed50037 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE.txt diff --git a/lang/python/python-packaging/Makefile b/lang/python/python-packaging/Makefile index 1bec008bea4dcb..2c1e440b5dca41 100644 --- a/lang/python/python-packaging/Makefile +++ b/lang/python/python-packaging/Makefile @@ -7,11 +7,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-packaging -PKG_VERSION:=23.2 +PKG_VERSION:=25.0 PKG_RELEASE:=1 PYPI_NAME:=packaging -PKG_HASH:=048fb0e9405036518eaaf48a55953c750c11e1a1b68e0dd1a9d62ed0c092cfc5 +PKG_HASH:=d443872c98d677bf60f6a1f2f8c1cb748e8fe762d2bf9d3148b5599295b0fc4f PKG_MAINTAINER:=Jan Pavlinec , Jeffery To PKG_LICENSE:=Apache-2.0 BSD-2-Clause diff --git a/lang/python/python-pyelftools/Makefile b/lang/python/python-pyelftools/Makefile new file mode 100644 index 00000000000000..f9aa0dcd4f43a7 --- /dev/null +++ b/lang/python/python-pyelftools/Makefile @@ -0,0 +1,46 @@ +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=python-pyelftools +PKG_VERSION:=0.32 +PKG_RELEASE:=1 + +PYPI_NAME:=pyelftools +PKG_HASH:=6de90ee7b8263e740c8715a925382d4099b354f29ac48ea40d840cf7aa14ace5 + +PKG_MAINTAINER:=Austin Lane +PKG_LICENSE:=Unlicense +PKG_LICENSE_FILES:=LICENSE + +HOST_BUILD_DEPENDS:= \ + python3/host \ + python-build/host \ + python-installer/host \ + python-wheel/host + +include ../pypi.mk +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/host-build.mk +include ../python3-package.mk +include ../python3-host-build.mk + +define Package/python3-pyelftools + SECTION:=lang + CATEGORY:=Languages + SUBMENU:=Python + TITLE:=Library for analyzing ELF files and DWARF debugging information + URL:=https://pypi.org/project/pyelftools + DEPENDS:=+python3-light +python3-logging +endef + +define Package/python3-pyelftools/description +Library for analyzing ELF files and DWARF debugging information +endef + +$(eval $(call Py3Package,python3-pyelftools)) +$(eval $(call BuildPackage,python3-pyelftools)) +$(eval $(call BuildPackage,python3-pyelftools-src)) +$(eval $(call HostBuild)) diff --git a/lang/python/python-setuptools-scm/Makefile b/lang/python/python-setuptools-scm/Makefile index 5e197a57f9af6e..305c297d16a7d7 100644 --- a/lang/python/python-setuptools-scm/Makefile +++ b/lang/python/python-setuptools-scm/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-setuptools-scm -PKG_VERSION:=7.1.0 -PKG_RELEASE:=2 +PKG_VERSION:=8.1.0 +PKG_RELEASE:=1 PYPI_NAME:=setuptools-scm PYPI_SOURCE_NAME:=setuptools_scm -PKG_HASH:=6c508345a771aad7d56ebff0e70628bf2b0ec7573762be9960214730de278f27 +PKG_HASH:=42dea1b65771cba93b7a515d65a65d8246e560768a66b9106a592c8e7f26c8a7 PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE diff --git a/lang/python/python-setuptools/Makefile b/lang/python/python-setuptools/Makefile index b2ebfa1c642a96..b4a00633d3b50a 100644 --- a/lang/python/python-setuptools/Makefile +++ b/lang/python/python-setuptools/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-setuptools -PKG_VERSION:=69.0.2 +PKG_VERSION:=80.9.0 PKG_RELEASE:=1 PYPI_NAME:=setuptools -PKG_HASH:=735896e78a4742605974de002ac60562d286fa8051a7e2299445e8e8fbb01aa6 +PKG_HASH:=f36b47402ecde768dbfafc46e8e4207b4360c654f1f3bb84475f0a28628fb19c PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE diff --git a/lang/python/python-trove-classifiers/Makefile b/lang/python/python-trove-classifiers/Makefile index fd802604717adb..8a5633c146a8ab 100644 --- a/lang/python/python-trove-classifiers/Makefile +++ b/lang/python/python-trove-classifiers/Makefile @@ -8,11 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-trove-classifiers -PKG_VERSION:=2023.11.29 +PKG_VERSION:=2025.9.11.17 PKG_RELEASE:=1 PYPI_NAME:=trove-classifiers -PKG_HASH:=ff8f7fd82c7932113b46e7ef6742c70091cc63640c8c65db00d91f2e940b9514 +PYPI_SOURCE_NAME:=trove_classifiers +PKG_HASH:=931ca9841a5e9c9408bc2ae67b50d28acf85bef56219b56860876dd1f2d024dd PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE diff --git a/lang/python/python-twisted/Makefile b/lang/python/python-twisted/Makefile index 79f2f2a237af8a..a9aee66dc57cc7 100644 --- a/lang/python/python-twisted/Makefile +++ b/lang/python/python-twisted/Makefile @@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-twisted -PKG_VERSION:=23.10.0 +PKG_VERSION:=25.5.0 PKG_RELEASE:=1 PYPI_NAME:=Twisted PYPI_SOURCE_NAME:=twisted -PKG_HASH:=987847a0790a2c597197613686e2784fd54167df3a55d0fb17c8412305d76ce5 +PKG_HASH:=1deb272358cb6be1e3e8fc6f9c8b36f78eb0fa7c2233d2dbe11ec6fee04ea316 PKG_BUILD_DEPENDS:=libtirpc @@ -61,6 +61,7 @@ endef define Py3Package/python3-twisted/filespec +|$(PYTHON3_PKG_DIR) -|$(PYTHON3_PKG_DIR)/twisted/conch/scripts/tkconch.py +-|$(PYTHON3_PKG_DIR)/twisted/test endef define Py3Package/python3-twisted/install diff --git a/lang/python/python-twisted/patches/001-omit-tkconch.patch b/lang/python/python-twisted/patches/001-omit-tkconch.patch index d9ad0d59e2178b..454a8bc61220ea 100644 --- a/lang/python/python-twisted/patches/001-omit-tkconch.patch +++ b/lang/python/python-twisted/patches/001-omit-tkconch.patch @@ -1,6 +1,6 @@ --- a/pyproject.toml +++ b/pyproject.toml -@@ -138,7 +138,6 @@ ckeygen = "twisted.conch.scripts.ckeygen +@@ -148,7 +148,6 @@ ckeygen = "twisted.conch.scripts.ckeygen conch = "twisted.conch.scripts.conch:run" mailmail = "twisted.mail.scripts.mailmail:run" pyhtmlizer = "twisted.scripts.htmlizer:run" diff --git a/lang/python/python-twisted/patches/002-omit-tests.patch b/lang/python/python-twisted/patches/002-omit-tests.patch deleted file mode 100644 index ddf8f9e306c1aa..00000000000000 --- a/lang/python/python-twisted/patches/002-omit-tests.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- a/pyproject.toml -+++ b/pyproject.toml -@@ -182,6 +182,7 @@ exclude = [ - "*.pxi", - "*.pyx", - "build.bat", -+ "test", - ] - - [tool.hatch.build.targets.sdist] diff --git a/lang/python/python-uci/Makefile b/lang/python/python-uci/Makefile index 44762810558799..0a539e32377f51 100644 --- a/lang/python/python-uci/Makefile +++ b/lang/python/python-uci/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-uci PKG_VERSION:=0.10.3 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PYPI_NAME:=pyuci PKG_HASH:=3b0f72ea81ed7a7999b2eb73f57a93019c0d359efaa9efb44fdf377fa09c1da6 diff --git a/lang/python/python-uci/patches/0001-Revert-CI-setup.py-removed-and-testing-updates-in-CI.patch b/lang/python/python-uci/patches/0001-Revert-CI-setup.py-removed-and-testing-updates-in-CI.patch deleted file mode 100644 index de7ff24a86a8e3..00000000000000 --- a/lang/python/python-uci/patches/0001-Revert-CI-setup.py-removed-and-testing-updates-in-CI.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 24dd211a0a99e95e79f5a6b2054e60dae878410d Mon Sep 17 00:00:00 2001 -From: Josef Schlehofer -Date: Tue, 15 Jul 2025 10:18:19 +0200 -Subject: [PATCH] Revert "CI: setup.py removed and testing updates in CI" - -This commit adds setup.py back to be compatible with OpenWrt. -OpenWrt ships Python 3.11 and that version is using bundled -setuptools and pip. These versions for py-uci are kinda outdated, -because in the latest release Stepan is using ext-modules -via pyproject.toml, which is experimental [1] and thus this -is not present in Python 3.11. - -Newer Python versions such as 3.12 and 3.13 are not shipping -bunled setuptools anymore. This needs to be reworked to -be working with OpenWrt build system. - -How it is implemented right now, Python packages -can be compiled with pyproject.toml with OpenWrt. See this PR [2], -but as said earlier newest features from setuptools are missing. - -[1] https://setuptools.pypa.io/en/stable/history.html#v74-1-0 -[2] https://github.com/openwrt/packages/pull/20801 - -This reverts commit 8a1e5c3218f16f46a25379dc2e9651fa74a7d349. ---- - setup.py | 43 +++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 43 insertions(+) - create mode 100644 setup.py - ---- /dev/null -+++ b/setup.py -@@ -0,0 +1,43 @@ -+import os -+from setuptools import setup -+from setuptools.extension import Extension -+ -+ext_compile_args = None -+ext_link_args = None -+ -+if 'COVERAGE' in os.environ: -+ ext_compile_args = ["-fprofile-arcs", "-ftest-coverage"] -+ ext_link_args = ["-fprofile-arcs"] -+ -+ -+with open("README.md", "r") as fh: -+ long_description = fh.read() -+ -+ -+setup( -+ name='pyuci', -+ version='0.10.3', -+ author='CZ.NIC z.s.p.o', -+ author_email='karel.koci@nic.cz', -+ description='Python UCI bindings', -+ long_description=long_description, -+ long_description_content_type="text/markdown", -+ url="https://gitlab.nic.cz/turris/pyuci", -+ license="MIT", -+ -+ packages=['euci'], -+ ext_modules=[ -+ Extension("uci", ["ucimodule.c", "pyuci.c", "pyhelper.c"], -+ libraries=["uci"], language="c", -+ extra_compile_args=ext_compile_args, -+ extra_link_args=ext_link_args) -+ ], -+ -+ classifiers=[ -+ "Development Status :: 5 - Production/Stable", -+ "License :: OSI Approved :: MIT License", -+ "Operating System :: POSIX :: Linux", -+ "Programming Language :: Python :: 3", -+ ], -+ python_requires='>=3.7', -+) diff --git a/lang/python/python-uci/patches/0001-pyproject.toml-remove-it-in-favor-of-setup.py.patch b/lang/python/python-uci/patches/0001-pyproject.toml-remove-it-in-favor-of-setup.py.patch deleted file mode 100644 index 4fee997f0fa3cd..00000000000000 --- a/lang/python/python-uci/patches/0001-pyproject.toml-remove-it-in-favor-of-setup.py.patch +++ /dev/null @@ -1,63 +0,0 @@ -From a480a4223639766f4f0625434a28204b014fd882 Mon Sep 17 00:00:00 2001 -From: Josef Schlehofer -Date: Tue, 15 Jul 2025 10:31:08 +0200 -Subject: [PATCH] pyproject.toml: remove it in favor of setup.py - -This patch is I would say kinda hacky. OpenWrt -can compile Python packages with pyproject.toml, -but this pyproject.toml requires the latest -setuptools, which is shipped separately these days. - -But Python 3.11, which is used in OpenWrt -is using bundled setuptools together with pip -and the version of setuptools does not support -ext-modules [1]. - -[1] https://github.com/pypa/setuptools/pull/4568 - -Signed-off-by: Josef Schlehofer ---- - pyproject.toml | 37 ------------------------------------- - 1 file changed, 37 deletions(-) - delete mode 100644 pyproject.toml - ---- a/pyproject.toml -+++ /dev/null -@@ -1,37 +0,0 @@ --[build-system] --requires = ["setuptools", "wheel"] --build-backend = "setuptools.build_meta" -- --[project] --name = "pyuci" --dynamic = [] --description = "Python UCI bindings" --readme = "README.md" --license = {file = "LICENSE"} --version = "0.10.3" --requires-python = ">=3.7" --authors = [ -- { name = "CZ.NIC z.s.p.o", email = "karel.koci@nic.cz" }, --] --classifiers = [ -- "Development Status :: 5 - Production/Stable", -- "License :: OSI Approved :: MIT License", -- "Operating System :: POSIX :: Linux", -- "Programming Language :: Python :: 3", --] -- --[project.urls] --Homepage = "https://gitlab.nic.cz/turris/pyuci" -- --[tool.setuptools] --packages = ["euci"] -- --[[tool.setuptools.ext-modules]] --name = "uci" --sources = ["ucimodule.c", "pyuci.c", "pyhelper.c"] --language = "c" --libraries = ["uci"] -- --# Uncomment to enable coverage measurement --#extra-compile-args = ["-fprofile-arcs", "-ftest-coverage"] --#extra-link-args = ["-fprofile-arcs"] diff --git a/lang/python/python-urllib3/Makefile b/lang/python/python-urllib3/Makefile index a2739c47bade1d..7c95cc5f125ab5 100644 --- a/lang/python/python-urllib3/Makefile +++ b/lang/python/python-urllib3/Makefile @@ -8,8 +8,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-urllib3 -PKG_VERSION:=2.0.4 -PKG_RELEASE:=2 +PKG_VERSION:=2.5.0 +PKG_RELEASE:=1 PKG_MAINTAINER:=Josef Schlehofer PKG_LICENSE:=MIT @@ -17,10 +17,16 @@ PKG_LICENSE_FILES:=LICENSE.txt PKG_CPE_ID:=cpe:/a:python:urllib3 PYPI_NAME:=urllib3 -PKG_HASH:=8d22f86aae8ef5e410d4f539fde9ce6b2113a001bb4d189e0aed70642d602b11 - -PKG_BUILD_DEPENDS:=python-hatchling/host -HOST_BUILD_DEPENDS:=python-hatchling/host +PKG_HASH:=3fc47733c7e419d4bc3f6b3dc2b4f890bb743906a30d56ba4a5bfa4bbff92760 + +PKG_BUILD_DEPENDS:= \ + python-hatch-vcs/host \ + python-hatchling/host \ + python-setuptools-scm/host +HOST_BUILD_DEPENDS:= \ + python-hatch-vcs/host \ + python-hatchling/host \ + python-setuptools-scm/host include ../pypi.mk include $(INCLUDE_DIR)/package.mk diff --git a/lang/python/python-wheel/Makefile b/lang/python/python-wheel/Makefile index 28f549b559201c..336d8a2134c6bb 100644 --- a/lang/python/python-wheel/Makefile +++ b/lang/python/python-wheel/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-wheel -PKG_VERSION:=0.42.0 +PKG_VERSION:=0.45.1 PKG_RELEASE:=1 PYPI_NAME:=wheel -PKG_HASH:=c45be39f7882c9d34243236f2d63cbd58039e360f85d0913425fbd7ceea617a8 +PKG_HASH:=661e1abd9198507b1409a20c02106d9670b2576e916d58f520316666abca6729 PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE.txt diff --git a/lang/python/python3-host.mk b/lang/python/python3-host.mk index ae34ba7277bfbb..64d4e373e86877 100644 --- a/lang/python/python3-host.mk +++ b/lang/python/python3-host.mk @@ -109,7 +109,7 @@ define HostPython3/PipInstall $(HOST_PYTHON3_PIP_VARS) \ $(HOST_PYTHON3_PIP) \ install \ - --no-binary :all: \ + $(if $(findstring Darwin,$(HOST_OS)),,--no-binary :all:) \ --progress-bar off \ --require-hashes \ $(1) \ diff --git a/lang/python/python3-version.mk b/lang/python/python3-version.mk index 7bd437ef22094c..7f7eddc39abedd 100644 --- a/lang/python/python3-version.mk +++ b/lang/python/python3-version.mk @@ -8,12 +8,12 @@ # Note: keep in sync with setuptools & pip PYTHON3_VERSION_MAJOR:=3 PYTHON3_VERSION_MINOR:=11 -PYTHON3_VERSION_MICRO:=10 +PYTHON3_VERSION_MICRO:=14 PYTHON3_VERSION:=$(PYTHON3_VERSION_MAJOR).$(PYTHON3_VERSION_MINOR) -PYTHON3_SETUPTOOLS_PKG_RELEASE:=2 +PYTHON3_SETUPTOOLS_PKG_RELEASE:=1 PYTHON3_PIP_PKG_RELEASE:=1 -PYTHON3_SETUPTOOLS_VERSION:=65.5.0 +PYTHON3_SETUPTOOLS_VERSION:=79.0.1 PYTHON3_PIP_VERSION:=24.0 diff --git a/lang/python/python3/Makefile b/lang/python/python3/Makefile index 00904645115d3e..76d3eba39dda8c 100644 --- a/lang/python/python3/Makefile +++ b/lang/python/python3/Makefile @@ -16,7 +16,7 @@ PKG_VERSION:=$(PYTHON3_VERSION).$(PYTHON3_VERSION_MICRO) PKG_SOURCE:=Python-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://www.python.org/ftp/python/$(PKG_VERSION) -PKG_HASH:=07a4356e912900e61a15cb0949a06c4a05012e213ecd6b4e84d0f67aabbee372 +PKG_HASH:=8d3ed8ec5c88c1c95f5e558612a725450d2452813ddad5e58fdb1a53b1209b78 PKG_MAINTAINER:=Jeffery To PKG_LICENSE:=Python-2.0.1 0BSD diff --git a/lang/python/python3/patches-host-setuptools/.gitkeep b/lang/python/python3/patches-host-setuptools/.gitkeep deleted file mode 100644 index e69de29bb2d1d6..00000000000000 diff --git a/lang/python/python3/patches-host-setuptools/0001-Adjust-library-header-paths-for-cross-compilation.patch b/lang/python/python3/patches-host-setuptools/0001-Adjust-library-header-paths-for-cross-compilation.patch deleted file mode 100644 index 06dbb4318cc1da..00000000000000 --- a/lang/python/python3/patches-host-setuptools/0001-Adjust-library-header-paths-for-cross-compilation.patch +++ /dev/null @@ -1,38 +0,0 @@ -From e359a7a3c4f9e70360a068bef19c95938fdacede Mon Sep 17 00:00:00 2001 -From: Thomas Petazzoni -Date: Wed, 23 Dec 2015 11:33:14 +0100 -Subject: [PATCH] Adjust library/header paths for cross-compilation - -When cross-compiling third-party extensions, the get_python_inc() or -get_python_lib() can be called, to return the path to headers or -libraries. However, they use the sys.prefix of the host Python, which -returns incorrect paths when cross-compiling (paths pointing to host -headers and libraries). - -In order to fix this, we introduce the _python_sysroot, _python_prefix -and _python_exec_prefix variables, that allow to override these -values, and get correct header/library paths when cross-compiling -third-party Python modules. - -Signed-off-by: Thomas Petazzoni -[adapt for setuptools, rename environment variable, use fixed lib path] -Signed-off-by: Jeffery To ---- - Lib/distutils/command/build_ext.py | 5 ++++- - Lib/sysconfig.py | 15 +++++++++++---- - 2 files changed, 15 insertions(+), 5 deletions(-) - ---- a/setuptools/_distutils/command/build_ext.py -+++ b/setuptools/_distutils/command/build_ext.py -@@ -238,7 +238,10 @@ class build_ext(Command): - if sysconfig.get_config_var('Py_ENABLE_SHARED'): - if not sysconfig.python_build: - # building third party extensions -- self.library_dirs.append(sysconfig.get_config_var('LIBDIR')) -+ libdir = sysconfig.get_config_var('LIBDIR') -+ if 'STAGING_DIR' in os.environ: -+ libdir = os.environ.get('STAGING_DIR') + '/usr/lib' -+ self.library_dirs.append(libdir) - else: - # building python standard extensions - self.library_dirs.append('.') diff --git a/lang/python/python3/patches/027-fix-host-build-libressl.patch b/lang/python/python3/patches/027-fix-host-build-libressl.patch index 19f5016e06c23f..f45179d3b5f17e 100644 --- a/lang/python/python3/patches/027-fix-host-build-libressl.patch +++ b/lang/python/python3/patches/027-fix-host-build-libressl.patch @@ -1,6 +1,6 @@ --- a/Modules/_ssl.c +++ b/Modules/_ssl.c -@@ -4541,7 +4541,7 @@ set_sni_callback(PySSLContext *self, PyO +@@ -4551,7 +4551,7 @@ set_sni_callback(PySSLContext *self, PyO return 0; } @@ -9,7 +9,7 @@ static X509_OBJECT *x509_object_dup(const X509_OBJECT *obj) { int ok; -@@ -4614,7 +4614,11 @@ _ssl__SSLContext_cert_store_stats_impl(P +@@ -4624,7 +4624,11 @@ _ssl__SSLContext_cert_store_stats_impl(P int x509 = 0, crl = 0, ca = 0, i; store = SSL_CTX_get_cert_store(self->ctx); @@ -21,7 +21,7 @@ if (objs == NULL) { PyErr_SetString(PyExc_MemoryError, "failed to query cert store"); return NULL; -@@ -4669,7 +4673,11 @@ _ssl__SSLContext_get_ca_certs_impl(PySSL +@@ -4679,7 +4683,11 @@ _ssl__SSLContext_get_ca_certs_impl(PySSL } store = SSL_CTX_get_cert_store(self->ctx); diff --git a/lang/ruby/Makefile b/lang/ruby/Makefile index 56c4e801020fb5..50db8ecdc6d3a3 100644 --- a/lang/ruby/Makefile +++ b/lang/ruby/Makefile @@ -11,7 +11,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ruby -PKG_VERSION:=3.3.5 +PKG_VERSION:=3.3.9 PKG_RELEASE:=1 # First two numbes @@ -19,7 +19,7 @@ PKG_ABI_VERSION:=$(subst $(space),.,$(wordlist 1, 2, $(subst .,$(space),$(PKG_VE PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://cache.ruby-lang.org/pub/ruby/$(PKG_ABI_VERSION)/ -PKG_HASH:=3781a3504222c2f26cb4b9eb9c1a12dbf4944d366ce24a9ff8cf99ecbce75196 +PKG_HASH:=d1991690a4e17233ec6b3c7844c1e1245c0adce3e00d713551d0458467b727b1 PKG_MAINTAINER:=Luiz Angelo Daros de Luca PKG_LICENSE:=BSD-2-Clause PKG_LICENSE_FILES:=COPYING @@ -49,7 +49,7 @@ HOST_CONFIGURE_ARGS += \ --disable-yjit \ --without-gmp \ --with-static-linked-ext \ - --with-out-ext=-test-/*,bigdecimal,cgi/escape,continuation,coverage,etc,fcntl,fiddle,io/console,json,json/generator,json/parser,mathn/complex,mathn/rational,nkf,objspace,pty,racc/cparse,rbconfig/sizeof,readline,rubyvm,syslog,win32,win32ole,win32/resolv + --with-out-ext=-test-/*,bigdecimal,cgi/escape,continuation,coverage,etc,fcntl,fiddle,io/console,mathn/complex,mathn/rational,nkf,objspace,pty,racc/cparse,rbconfig/sizeof,readline,rubyvm,syslog,win32,win32ole,win32/resolv HOST_BUILD_DEPENDS:=yaml/host diff --git a/lang/rust/Makefile b/lang/rust/Makefile index 290a2fb78b2507..cea288f214b3f0 100644 --- a/lang/rust/Makefile +++ b/lang/rust/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=rust -PKG_VERSION:=1.87.0 +PKG_VERSION:=1.89.0 PKG_RELEASE:=1 -PKG_SOURCE:=rustc-$(PKG_VERSION)-src.tar.gz +PKG_SOURCE:=rustc-$(PKG_VERSION)-src.tar.xz PKG_SOURCE_URL:=https://static.rust-lang.org/dist/ -PKG_HASH:=149bb9fd29be592da4e87900fc68f0629a37bf6850b46339dd44434c04fd8e76 +PKG_HASH:=0b9d55610d8270e06c44f459d1e2b7918a5e673809c592abed9b9c600e33d95a HOST_BUILD_DIR:=$(BUILD_DIR)/host/rustc-$(PKG_VERSION)-src PKG_MAINTAINER:=Luca Barbato diff --git a/lang/rust/patches/0001-Update-xz2-and-use-it-static.patch b/lang/rust/patches/0001-Update-xz2-and-use-it-static.patch index c9bc0fdddc1b9d..295f7bc5219d1f 100644 --- a/lang/rust/patches/0001-Update-xz2-and-use-it-static.patch +++ b/lang/rust/patches/0001-Update-xz2-and-use-it-static.patch @@ -9,7 +9,7 @@ Subject: [PATCH] Update xz2 and use it static --- a/src/bootstrap/Cargo.toml +++ b/src/bootstrap/Cargo.toml -@@ -60,7 +60,7 @@ tar = "0.4" +@@ -55,7 +55,7 @@ tar = "0.4" termcolor = "1.4" toml = "0.5" walkdir = "2.4" @@ -17,4 +17,4 @@ Subject: [PATCH] Update xz2 and use it static +xz2 = { version = "0.1", features = ["static"] } # Dependencies needed by the build-metrics feature - sysinfo = { version = "0.30", default-features = false, optional = true } + sysinfo = { version = "0.35.0", default-features = false, optional = true, features = ["system"] } diff --git a/lang/rust/rust-host-build.mk b/lang/rust/rust-host-build.mk index e5629293760b57..457faf417874fc 100644 --- a/lang/rust/rust-host-build.mk +++ b/lang/rust/rust-host-build.mk @@ -9,17 +9,33 @@ # Space or comma separated list of features to activate # # e.g. RUST_HOST_FEATURES:=enable-foo,with-bar +# +# +# RUST_HOST_LOCKED - Assert that `Cargo.lock` will remain unchanged +# (Enabled by default) +# +# Disable it if you want to have up-to-date dependencies +# +# e.g. RUST_HOST_LOCKED:=0 ifeq ($(origin RUST_INCLUDE_DIR),undefined) RUST_INCLUDE_DIR:=$(dir $(lastword $(MAKEFILE_LIST))) endif include $(RUST_INCLUDE_DIR)/rust-values.mk +RUST_HOST_LOCKED ?= 1 + CARGO_HOST_VARS= \ $(CARGO_HOST_CONFIG_VARS) \ CC=$(HOSTCC_NOCACHE) \ MAKEFLAGS="$(HOST_JOBS)" +CARGO_HOST_ARGS= + +ifeq ($(strip $(RUST_HOST_LOCKED)),1) + CARGO_HOST_ARGS+= --locked +endif + # $(1) path to the package (optional) # $(2) additional arguments to cargo (optional) define Host/Compile/Cargo @@ -28,8 +44,9 @@ define Host/Compile/Cargo --profile $(CARGO_HOST_PROFILE) \ $(if $(RUST_HOST_FEATURES),--features "$(RUST_HOST_FEATURES)") \ --root $(HOST_INSTALL_DIR) \ - --path "$(HOST_BUILD_DIR)/$(if $(strip $(1)),$(strip $(1)))" \ + --path "$(HOST_BUILD_DIR)/$(if $(strip $(1)),$(strip $(1)),$(strip $(HOST_MAKE_PATH)))" \ $(if $(filter --jobserver%,$(HOST_JOBS)),,-j1) \ + $(CARGO_HOST_ARGS) \ $(2) endef diff --git a/lang/rust/rust-package.mk b/lang/rust/rust-package.mk index 24341d7063f20c..57a8ccf4b77bd5 100644 --- a/lang/rust/rust-package.mk +++ b/lang/rust/rust-package.mk @@ -9,17 +9,34 @@ # Space or comma separated list of features to activate # # e.g. RUST_PKG_FEATURES:=enable-foo,with-bar +# +# +# RUST_PKG_LOCKED - Assert that `Cargo.lock` will remain unchanged +# (Enabled by default) +# +# Disable it if you want to have up-to-date dependencies +# +# e.g. RUST_PKG_LOCKED:=0 + ifeq ($(origin RUST_INCLUDE_DIR),undefined) RUST_INCLUDE_DIR:=$(dir $(lastword $(MAKEFILE_LIST))) endif include $(RUST_INCLUDE_DIR)/rust-values.mk +RUST_PKG_LOCKED ?= 1 + CARGO_PKG_VARS= \ $(CARGO_PKG_CONFIG_VARS) \ CC=$(HOSTCC_NOCACHE) \ MAKEFLAGS="$(PKG_JOBS)" +CARGO_PKG_ARGS= + +ifeq ($(strip $(RUST_PKG_LOCKED)),1) + CARGO_PKG_ARGS+= --locked +endif + # $(1) path to the package (optional) # $(2) additional arguments to cargo (optional) define Build/Compile/Cargo @@ -28,8 +45,9 @@ define Build/Compile/Cargo --profile $(CARGO_PKG_PROFILE) \ $(if $(strip $(RUST_PKG_FEATURES)),--features "$(strip $(RUST_PKG_FEATURES))") \ --root $(PKG_INSTALL_DIR) \ - --path "$(PKG_BUILD_DIR)/$(if $(strip $(1)),$(strip $(1)))" \ + --path "$(PKG_BUILD_DIR)/$(if $(strip $(1)),$(strip $(1)),$(strip $(MAKE_PATH)))" \ $(if $(filter --jobserver%,$(PKG_JOBS)),,-j1) \ + $(CARGO_PKG_ARGS) \ $(2) endef diff --git a/lang/rust/rust-values.mk b/lang/rust/rust-values.mk index 035a4e07735e16..e1dbbbccaee374 100644 --- a/lang/rust/rust-values.mk +++ b/lang/rust/rust-values.mk @@ -69,7 +69,7 @@ ifeq ($(ARCH),aarch64) endif # Support only a subset for now. -RUST_ARCH_DEPENDS:=@(aarch64||arm||i386||i686||mips||mipsel||mips64||mips64el||mipsel||powerpc64||riscv64||x86_64) +RUST_ARCH_DEPENDS:=@(aarch64||arm||i386||loongarch64||mips||mips64||mips64el||mipsel||powerpc||powerpc64||riscv64||x86_64) ifneq ($(CONFIG_RUST_SCCACHE),) RUST_SCCACHE_DIR:=$(if $(call qstrip,$(CONFIG_RUST_SCCACHE_DIR)),$(call qstrip,$(CONFIG_RUST_SCCACHE_DIR)),$(TOPDIR)/.sccache) diff --git a/libs/glib-networking/Makefile b/libs/glib-networking/Makefile new file mode 100644 index 00000000000000..e0bf48ea99f927 --- /dev/null +++ b/libs/glib-networking/Makefile @@ -0,0 +1,88 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=glib-networking +PKG_VERSION:=2.80.1 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz +PKG_SOURCE_URL:=@GNOME/$(PKG_NAME)/$(basename $(PKG_VERSION)) +PKG_HASH:=b80e2874157cd55071f1b6710fa0b911d5ac5de106a9ee2a4c9c7bee61782f8e + +PKG_MAINTAINER:=Daniel Golle +PKG_LICENSE:=LGPL-2.1-or-later +PKG_LICENSE_FILES:=COPYING +PKG_CPE_ID:=cpe:/a:gnome:glib-networking + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/meson.mk +include $(INCLUDE_DIR)/nls.mk + +MESON_ARGS += \ + -Dgnutls=enabled \ + -Dopenssl=enabled \ + -Denvironment_proxy=enabled \ + -Dlibproxy=disabled \ + -Dgnome_proxy=disabled \ + -Dinstalled_tests=false \ + -Ddebug_logs=false + +define Package/libgio-gnutls + SECTION:=libs + CATEGORY:=Libraries + DEPENDS:=+glib2 +libgnutls + TITLE:=GLib2 GIO GNUTLS module + URL:=http://www.gnome.org/ +endef + +define Package/libgio-gnutls/description + GNUTLS backend for GLib2 GIO. +endef + +define Package/libgio-openssl + SECTION:=libs + CATEGORY:=Libraries + DEPENDS:=+glib2 +libopenssl + TITLE:=GLib2 GIO OpenSSL module + URL:=http://www.gnome.org/ +endef + +define Package/libgio-openssl/description + OpenSSL backend for GLib2 GIO. +endef + +define Package/libgio-environmentproxy + SECTION:=libs + CATEGORY:=Libraries + DEPENDS:=+glib2 + TITLE:=GLib2 GIO environmentproxy module + URL:=http://www.gnome.org/ +endef + +define Package/libgio-environmentproxy/description + Proxy environment variables module GLib2 GIO. +endef + +define Package/libgio-gnutls/install + $(INSTALL_DIR) $(1)/usr/lib/gio/modules + $(INSTALL_DATA) \ + $(PKG_INSTALL_DIR)/usr/lib/gio/modules/libgiognutls.so \ + $(1)/usr/lib/gio/modules +endef + +define Package/libgio-openssl/install + $(INSTALL_DIR) $(1)/usr/lib/gio/modules + $(INSTALL_DATA) \ + $(PKG_INSTALL_DIR)/usr/lib/gio/modules/libgioopenssl.so \ + $(1)/usr/lib/gio/modules +endef + +define Package/libgio-environmentproxy/install + $(INSTALL_DIR) $(1)/usr/lib/gio/modules + $(INSTALL_DATA) \ + $(PKG_INSTALL_DIR)/usr/lib/gio/modules/libgioenvironmentproxy.so \ + $(1)/usr/lib/gio/modules +endef + +$(eval $(call BuildPackage,libgio-gnutls)) +$(eval $(call BuildPackage,libgio-openssl)) +$(eval $(call BuildPackage,libgio-environmentproxy)) diff --git a/libs/glib-networking/patches/100-no-tests.patch b/libs/glib-networking/patches/100-no-tests.patch new file mode 100644 index 00000000000000..aaab3b08e284bc --- /dev/null +++ b/libs/glib-networking/patches/100-no-tests.patch @@ -0,0 +1,8 @@ +--- a/proxy/meson.build ++++ b/proxy/meson.build +@@ -9,5 +9,3 @@ endif + if get_option('environment_proxy').enabled() + subdir('environment') + endif +- +-subdir('tests') diff --git a/libs/gperftools/Makefile b/libs/gperftools/Makefile index 92e7e613256c71..db2a8a20841b84 100644 --- a/libs/gperftools/Makefile +++ b/libs/gperftools/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=gperftools -PKG_VERSION:=2.16 -PKG_RELEASE:=1 +PKG_VERSION:=2.17.2 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/gperftools/gperftools/tar.gz/$(PKG_NAME)-$(PKG_VERSION)? -PKG_HASH:=737be182b4e42f5c7f595da2a7aa59ce0489a73d336d0d16847f2aa52d5221b4 +PKG_HASH:=885dbbf1f25a922de0cdc78b0703c3ab93c43850e1d2f7c889e41be7c824c53d PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_NAME)-$(PKG_VERSION) PKG_MAINTAINER:=John Audia @@ -26,7 +26,7 @@ define Package/gperftools-headers SECTION:=libs TITLE:=Gperftools Headers URL:=https://github.com/gperftools/gperftools - DEPENDS:= @!(mips||mips64||mipsel||powerpc) + DEPENDS:= @!(powerpc) endef define Package/gperftools-runtime @@ -34,7 +34,7 @@ define Package/gperftools-runtime CATEGORY:=Libraries TITLE:=Gperftools Runtime URL:=https://github.com/gperftools/gperftools - DEPENDS:= +libunwind +libstdcpp @!(mips||mips64||mipsel||powerpc) + DEPENDS:=+PACKAGE_libunwind:libunwind +libstdcpp @!(powerpc) endef define Package/gperftools-headers/description @@ -49,12 +49,14 @@ endef CONFIGURE_ARGS += \ --enable-frame-pointers \ - --enable-libunwind \ + $(if $(CONFIG_PACKAGE_libunwind),--enable-libunwind,--disable-libunwind) \ --disable-deprecated-pprof define Build/InstallDev $(INSTALL_DIR) $(1)/usr/lib $(CP) $(PKG_INSTALL_DIR)/usr/lib/libtcmalloc.so* $(1)/usr/lib/ + $(INSTALL_DIR) $(1)/usr/include/gperftools + $(CP) $(PKG_INSTALL_DIR)/usr/include/gperftools/*.h $(1)/usr/include/gperftools/ endef define Package/gperftools-headers/install diff --git a/libs/ivykis/Makefile b/libs/ivykis/Makefile new file mode 100644 index 00000000000000..e92be92c63cfb0 --- /dev/null +++ b/libs/ivykis/Makefile @@ -0,0 +1,57 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=ivykis +PKG_VERSION:=0.43.2 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=@SF/libivykis +PKG_HASH:=93e3e9b237695437cd63d4aa48a8d9dfd8b39bc28a192a5770d113c4fe9099ef + +PKG_MAINTAINER:=Josef Schlehofer +PKG_LICENSE:=LGPL-2.1-or-later +PKG_LICENSE_FILES:=COPYING + +PKG_FIXUP:=autoreconf +PKG_INSTALL:=1 +PKG_BUILD_PARALLEL:=1 + +PKG_CONFIG_DEPENDS:=CONFIG_KERNEL_IO_URING + +include $(INCLUDE_DIR)/package.mk + +define Package/ivykis + SECTION:=libs + CATEGORY:=Libraries + TITLE:=Async I/O library + URL:=https://libivykis.sourceforge.net/ + DEPENDS:=+KERNEL_IO_URING:liburing + ABI_VERSION:=0 +endef + +define Package/ivykis/description + libivykis is a library for asynchronous I/O readiness notification. +endef + +CONFIGURE_ARGS += \ + --enable-shared \ + --enable-static \ + --with-pic \ + --enable-io-uring=$(if $(CONFIG_KERNEL_IO_URING),yes,no) + +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/include + $(CP) $(PKG_INSTALL_DIR)/usr/include/iv*.h $(1)/usr/include/ + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libivykis.a $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libivykis.so* $(1)/usr/lib/ + $(INSTALL_DIR) $(1)/usr/lib/pkgconfig + $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/ivykis.pc $(1)/usr/lib/pkgconfig/ +endef + +define Package/ivykis/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libivykis.so.$(ABI_VERSION)* $(1)/usr/lib/ +endef + +$(eval $(call BuildPackage,ivykis)) diff --git a/libs/libdaq3/Makefile b/libs/libdaq3/Makefile index efaf9041e32b86..db2e507e1b0086 100644 --- a/libs/libdaq3/Makefile +++ b/libs/libdaq3/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libdaq3 -PKG_VERSION:=3.0.20 +PKG_VERSION:=3.0.21 PKG_RELEASE:=1 PKG_MAINTAINER:=W. Michael Petullo @@ -18,7 +18,7 @@ PKG_LICENSE_FILES:=COPYING LICENSE PKG_SOURCE:=libdaq-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/snort3/libdaq/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=42730cb427695d4049deaa667623036b3915eaa651bcb91493ca450f06bb36b3 +PKG_HASH:=60ad9405c1c6b75955e0784511b173570a601491ccdb6399da53ca811c446a96 PKG_BUILD_DIR:=$(BUILD_DIR)/libdaq-$(PKG_VERSION) PKG_FIXUP:=autoreconf diff --git a/libs/libradcli/Config.in b/libs/libradcli/Config.in index 35c3a223b41c26..b43ff20e66cd29 100644 --- a/libs/libradcli/Config.in +++ b/libs/libradcli/Config.in @@ -5,6 +5,5 @@ menu "Configuration" config RADCLI_TLS bool "enable TLS support" - default y endmenu diff --git a/libs/libradcli/Makefile b/libs/libradcli/Makefile index f3a7dc0e942386..6a6b303456dfea 100644 --- a/libs/libradcli/Makefile +++ b/libs/libradcli/Makefile @@ -19,6 +19,8 @@ PKG_BUILD_DIR:=$(BUILD_DIR)/radcli-$(PKG_VERSION) PKG_INSTALL:=1 PKG_BUILD_PARALLEL:=1 +PKG_CONFIG_DEPENDS := CONFIG_RADCLI_TLS + include $(INCLUDE_DIR)/package.mk define Package/libradcli @@ -37,6 +39,10 @@ define Package/libradcli/decription compatible with it. endef +define Package/libradcli/config + source "$(SOURCE)/Config.in" +endef + CONFIGURE_ARGS+= \ --enable-legacy-compat diff --git a/libs/libtorrent-rasterbar/Makefile b/libs/libtorrent-rasterbar/Makefile index 93ea1cab4173a4..01682e54a94054 100644 --- a/libs/libtorrent-rasterbar/Makefile +++ b/libs/libtorrent-rasterbar/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libtorrent-rasterbar PKG_VERSION:=2.0.11 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/arvidn/libtorrent/releases/download/v$(PKG_VERSION)/ @@ -12,6 +12,7 @@ PKG_MAINTAINER:=David Yang PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=COPYING +PKG_BUILD_DEPENDS:=boost PKG_CONFIG_DEPENDS:=CONFIG_PACKAGE_python3-libtorrent CMAKE_INSTALL:=1 @@ -31,7 +32,7 @@ define Package/libtorrent-rasterbar $(call Package/libtorrent-rasterbar/Default) SECTION:=libs CATEGORY:=Libraries - DEPENDS:=+boost-system +libopenssl +libatomic +libstdcpp + DEPENDS:=+libopenssl +libatomic +libstdcpp endef define Package/python3-libtorrent diff --git a/libs/postgresql/Makefile b/libs/postgresql/Makefile index 1262bab43a61b4..cde997bdf896f8 100644 --- a/libs/postgresql/Makefile +++ b/libs/postgresql/Makefile @@ -121,15 +121,6 @@ PGSQL_CONFIG_VARS:= \ ac_cv_file__dev_urandom="/dev/urandom" \ ZIC=zic -ifeq ($(CONFIG_USE_UCLIBC),y) -# PostgreSQL does not build against uClibc with locales -# enabled, due to an uClibc bug, see -# http://lists.uclibc.org/pipermail/uclibc/2014-April/048326.html -# so overwrite automatic detection and disable locale support -PGSQL_CONFIG_VARS+= \ - pgac_cv_type_locale_t=no -endif - TARGET_CONFIGURE_OPTS+=$(PGSQL_CONFIG_VARS) HOST_CONFIGURE_ARGS += \ diff --git a/libs/sqlite3/Makefile b/libs/sqlite3/Makefile index 1856c810987ecf..5597afb5058a24 100644 --- a/libs/sqlite3/Makefile +++ b/libs/sqlite3/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=sqlite -PKG_VERSION:=3500400 +PKG_VERSION:=3510000 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-autoconf-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://www.sqlite.org/2025/ -PKG_HASH:=a3db587a1b92ee5ddac2f66b3edb41b26f9c867275782d46c3a088977d6a5b18 +PKG_HASH:=42e26dfdd96aa2e6b1b1be5c88b0887f9959093f650d693cb02eb9c36d146ca5 PKG_CPE_ID:=cpe:/a:sqlite:sqlite PKG_LICENSE:=PUBLICDOMAIN diff --git a/mail/msmtp/Makefile b/mail/msmtp/Makefile index f418d7b912250e..bd069fbad46717 100644 --- a/mail/msmtp/Makefile +++ b/mail/msmtp/Makefile @@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=msmtp -PKG_VERSION:=1.8.26 +PKG_VERSION:=1.8.31 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://marlam.de/msmtp/releases -PKG_HASH:=6cfc488344cef189267e60aea481f00d4c7e2a59b53c6c659c520a4d121f66d8 +PKG_HASH:=c262b11762d8582a3c6d6ca8d8b2cca2b1605497324ca27cc57fdc145a27119f PKG_MAINTAINER:= PKG_LICENSE:=GPL-3.0-or-later diff --git a/multimedia/ffmpeg/Makefile b/multimedia/ffmpeg/Makefile index 12897c404fa867..ca6e057fbe2d21 100644 --- a/multimedia/ffmpeg/Makefile +++ b/multimedia/ffmpeg/Makefile @@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ffmpeg -PKG_VERSION:=6.1.2 +PKG_VERSION:=6.1.3 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://ffmpeg.org/releases/ -PKG_HASH:=3b624649725ecdc565c903ca6643d41f33bd49239922e45c9b1442c63dca4e38 +PKG_HASH:=bc5f1e4a4d283a6492354684ee1124129c52293bcfc6a9169193539fbece3487 PKG_MAINTAINER:=Ted Hess , \ Ian Leonard @@ -231,7 +231,7 @@ include $(INCLUDE_DIR)/package.mk define Package/ffmpeg/Default TITLE:=FFmpeg URL:=https://ffmpeg.org/ - DEPENDS+= +libpthread + DEPENDS+= +libatomic endef define Package/ffmpeg/Default/description diff --git a/multimedia/ffmpeg/patches/020-libavcodec-fix-Wint-conversion-in-vulkan.patch b/multimedia/ffmpeg/patches/020-libavcodec-fix-Wint-conversion-in-vulkan.patch new file mode 100644 index 00000000000000..1c4316fc57fb7c --- /dev/null +++ b/multimedia/ffmpeg/patches/020-libavcodec-fix-Wint-conversion-in-vulkan.patch @@ -0,0 +1,91 @@ +From 2f24f10d9cf34ddce274496c4daa73f732d370c1 Mon Sep 17 00:00:00 2001 +From: Sam James +Date: Wed, 20 Dec 2023 12:32:43 +0000 +Subject: [PATCH] libavcodec: fix -Wint-conversion in vulkan +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +FIx warnings (soon to be errors in GCC 14, already so in Clang 15): +``` +src/libavcodec/vulkan_av1.c: In function ‘vk_av1_create_params’: +src/libavcodec/vulkan_av1.c:183:43: error: initialization of ‘long long unsigned int’ from ‘void *’ makes integer from pointer without a cast [-Wint-conversion] + 183 | .videoSessionParametersTemplate = NULL, + | ^~~~ +src/libavcodec/vulkan_av1.c:183:43: note: (near initialization for ‘(anonymous).videoSessionParametersTemplate’) +``` + +Use Vulkan's VK_NULL_HANDLE instead of bare NULL. + +Fix Trac ticket #10724. + +Was reported downstream in Gentoo at https://bugs.gentoo.org/919067. + +Signed-off-by: Sam James +--- + libavcodec/vulkan_av1.c | 2 +- + libavcodec/vulkan_decode.c | 6 +++--- + libavcodec/vulkan_h264.c | 2 +- + libavcodec/vulkan_hevc.c | 2 +- + libavcodec/vulkan_video.c | 2 +- + 5 files changed, 7 insertions(+), 7 deletions(-) + +--- a/libavcodec/vulkan_av1.c ++++ b/libavcodec/vulkan_av1.c +@@ -180,7 +180,7 @@ static int vk_av1_create_params(AVCodecC + .sType = VK_STRUCTURE_TYPE_VIDEO_SESSION_PARAMETERS_CREATE_INFO_KHR, + .pNext = &av1_params, + .videoSession = ctx->common.session, +- .videoSessionParametersTemplate = NULL, ++ .videoSessionParametersTemplate = VK_NULL_HANDLE, + }; + + err = ff_vk_decode_create_params(buf, avctx, ctx, &session_params_create); +--- a/libavcodec/vulkan_decode.c ++++ b/libavcodec/vulkan_decode.c +@@ -188,9 +188,9 @@ int ff_vk_decode_prepare_frame(FFVulkanD + return 0; + + vkpic->dpb_frame = NULL; +- vkpic->img_view_ref = NULL; +- vkpic->img_view_out = NULL; +- vkpic->img_view_dest = NULL; ++ vkpic->img_view_ref = VK_NULL_HANDLE; ++ vkpic->img_view_out = VK_NULL_HANDLE; ++ vkpic->img_view_dest = VK_NULL_HANDLE; + + vkpic->destroy_image_view = vk->DestroyImageView; + vkpic->wait_semaphores = vk->WaitSemaphores; +--- a/libavcodec/vulkan_h264.c ++++ b/libavcodec/vulkan_h264.c +@@ -315,7 +315,7 @@ static int vk_h264_create_params(AVCodec + .sType = VK_STRUCTURE_TYPE_VIDEO_SESSION_PARAMETERS_CREATE_INFO_KHR, + .pNext = &h264_params, + .videoSession = ctx->common.session, +- .videoSessionParametersTemplate = NULL, ++ .videoSessionParametersTemplate = VK_NULL_HANDLE, + }; + + /* SPS list */ +--- a/libavcodec/vulkan_hevc.c ++++ b/libavcodec/vulkan_hevc.c +@@ -653,7 +653,7 @@ static int vk_hevc_create_params(AVCodec + .sType = VK_STRUCTURE_TYPE_VIDEO_SESSION_PARAMETERS_CREATE_INFO_KHR, + .pNext = &h265_params, + .videoSession = ctx->common.session, +- .videoSessionParametersTemplate = NULL, ++ .videoSessionParametersTemplate = VK_NULL_HANDLE, + }; + + HEVCHeaderSet *hdr; +--- a/libavcodec/vulkan_video.c ++++ b/libavcodec/vulkan_video.c +@@ -287,7 +287,7 @@ av_cold void ff_vk_video_common_uninit(F + if (common->session) { + vk->DestroyVideoSessionKHR(s->hwctx->act_dev, common->session, + s->hwctx->alloc); +- common->session = NULL; ++ common->session = VK_NULL_HANDLE; + } + + if (common->nb_mem && common->mem) diff --git a/multimedia/ffmpeg/patches/030-avformat-file-guard-fd_dup-by-FD_PROTOCOL-or-PIPE_PR.patch b/multimedia/ffmpeg/patches/030-avformat-file-guard-fd_dup-by-FD_PROTOCOL-or-PIPE_PR.patch new file mode 100644 index 00000000000000..00487f5c22a532 --- /dev/null +++ b/multimedia/ffmpeg/patches/030-avformat-file-guard-fd_dup-by-FD_PROTOCOL-or-PIPE_PR.patch @@ -0,0 +1,31 @@ +From cb9c98da16e8412046835ebc0d167a4e09909df0 Mon Sep 17 00:00:00 2001 +From: Zhao Zhili +Date: Sun, 30 Jun 2024 18:33:19 +0800 +Subject: [PATCH] avformat/file: guard fd_dup by FD_PROTOCOL or PIPE_PROTOCOL + +fd_dup is unused when fd and pipe have been disabled. This also +fix build error with wasi since 'dup' isn't available. + +Signed-off-by: Zhao Zhili +--- + libavformat/file.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/libavformat/file.c ++++ b/libavformat/file.c +@@ -192,6 +192,7 @@ static int file_check(URLContext *h, int + return ret; + } + ++#if CONFIG_FD_PROTOCOL || CONFIG_PIPE_PROTOCOL + static int fd_dup(URLContext *h, int oldfd) + { + int newfd; +@@ -214,6 +215,7 @@ static int fd_dup(URLContext *h, int old + #endif + return newfd; + } ++#endif + + static int file_close(URLContext *h) + { diff --git a/multimedia/ffmpeg/patches/040-vulkan_decode-fix-the-print-format-of-VkDeviceSize.patch b/multimedia/ffmpeg/patches/040-vulkan_decode-fix-the-print-format-of-VkDeviceSize.patch new file mode 100644 index 00000000000000..aa7c9917289c9a --- /dev/null +++ b/multimedia/ffmpeg/patches/040-vulkan_decode-fix-the-print-format-of-VkDeviceSize.patch @@ -0,0 +1,24 @@ +From c961ac4b0ca27d451c430553793b3fff88fc78e5 Mon Sep 17 00:00:00 2001 +From: Jun Zhao +Date: Sun, 12 Nov 2023 18:25:29 +0800 +Subject: [PATCH] vulkan_decode: fix the print format of VkDeviceSize + +VkDeviceSize represents device memory size and offset +values as uint64_t in Spec. + +Signed-off-by: Jun Zhao +--- + libavcodec/vulkan_video.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/libavcodec/vulkan_video.c ++++ b/libavcodec/vulkan_video.c +@@ -384,7 +384,7 @@ av_cold int ff_vk_video_common_init(void + .memorySize = mem[i].memoryRequirements.size, + }; + +- av_log(log, AV_LOG_VERBOSE, "Allocating %"SIZE_SPECIFIER" bytes in bind index %i for video session\n", ++ av_log(log, AV_LOG_VERBOSE, "Allocating %"PRIu64" bytes in bind index %i for video session\n", + bind_mem[i].memorySize, bind_mem[i].memoryBindIndex); + } + diff --git a/multimedia/ffmpeg/patches/050-avcodec-dct-Make-declarations-and-definitions-match.patch b/multimedia/ffmpeg/patches/050-avcodec-dct-Make-declarations-and-definitions-match.patch new file mode 100644 index 00000000000000..8b0506794962d3 --- /dev/null +++ b/multimedia/ffmpeg/patches/050-avcodec-dct-Make-declarations-and-definitions-match.patch @@ -0,0 +1,58 @@ +From 2204efc2a656ae60d77a4d01c6cf8e7d6baaf030 Mon Sep 17 00:00:00 2001 +From: Andreas Rheinhardt +Date: Sun, 30 Mar 2025 12:49:07 +0200 +Subject: [PATCH] avcodec/dct: Make declarations and definitions match + +GCC considers declarations using a parameter of pointer +type (or equivalently a parameter using an array of unspecified +dimensions) to be inconsistent with a declaration using +a known-length array type and emits a -Warray-parameter warning +for several ff_j_rev_dct* functions for this. + +This patch makes the declarations match the actual definitions +to suppress these (IMO nonsensical) warnings. + +Signed-off-by: Andreas Rheinhardt +--- + libavcodec/dct.h | 12 ++++++------ + libavcodec/jrevdct.c | 4 ++-- + 2 files changed, 8 insertions(+), 8 deletions(-) + +--- a/libavcodec/dct.h ++++ b/libavcodec/dct.h +@@ -27,11 +27,11 @@ + #include + #include + +-void ff_j_rev_dct(int16_t *data); +-void ff_j_rev_dct4(int16_t *data); +-void ff_j_rev_dct2(int16_t *data); +-void ff_j_rev_dct1(int16_t *data); +-void ff_jref_idct_put(uint8_t *dest, ptrdiff_t line_size, int16_t *block); +-void ff_jref_idct_add(uint8_t *dest, ptrdiff_t line_size, int16_t *block); ++void ff_j_rev_dct(int16_t data[64]); ++void ff_j_rev_dct4(int16_t data[64]); ++void ff_j_rev_dct2(int16_t data[64]); ++void ff_j_rev_dct1(int16_t data[64]); ++void ff_jref_idct_put(uint8_t *dest, ptrdiff_t line_size, int16_t block[64]); ++void ff_jref_idct_add(uint8_t *dest, ptrdiff_t line_size, int16_t block[64]); + + #endif /* AVCODEC_DCT_H */ +--- a/libavcodec/jrevdct.c ++++ b/libavcodec/jrevdct.c +@@ -1159,13 +1159,13 @@ void ff_j_rev_dct1(DCTBLOCK data){ + #undef FIX + #undef CONST_BITS + +-void ff_jref_idct_put(uint8_t *dest, ptrdiff_t line_size, int16_t *block) ++void ff_jref_idct_put(uint8_t *dest, ptrdiff_t line_size, int16_t block[64]) + { + ff_j_rev_dct(block); + ff_put_pixels_clamped_c(block, dest, line_size); + } + +-void ff_jref_idct_add(uint8_t *dest, ptrdiff_t line_size, int16_t *block) ++void ff_jref_idct_add(uint8_t *dest, ptrdiff_t line_size, int16_t block[64]) + { + ff_j_rev_dct(block); + ff_add_pixels_clamped_c(block, dest, line_size); diff --git a/multimedia/ffmpeg/patches/050-glibc.patch b/multimedia/ffmpeg/patches/050-glibc.patch deleted file mode 100644 index 25eba2aea0b0ca..00000000000000 --- a/multimedia/ffmpeg/patches/050-glibc.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/libavcodec/wmv2dsp.c -+++ b/libavcodec/wmv2dsp.c -@@ -264,7 +264,7 @@ av_cold void ff_wmv2dsp_init(WMV2DSPCont - c->put_mspel_pixels_tab[6] = put_mspel8_mc22_c; - c->put_mspel_pixels_tab[7] = put_mspel8_mc32_c; - --#if ARCH_MIPS -+#if ARCH_MIPS64 - ff_wmv2dsp_init_mips(c); - #endif - } diff --git a/multimedia/ffmpeg/patches/060-avutil-tx-fix-GCC-memset-warning.patch b/multimedia/ffmpeg/patches/060-avutil-tx-fix-GCC-memset-warning.patch new file mode 100644 index 00000000000000..1206138eea1280 --- /dev/null +++ b/multimedia/ffmpeg/patches/060-avutil-tx-fix-GCC-memset-warning.patch @@ -0,0 +1,23 @@ +From 9a670636c0ee7c24b70591d315524e61c709ea5a Mon Sep 17 00:00:00 2001 +From: Rosen Penev +Date: Fri, 2 May 2025 15:15:25 -0700 +Subject: [PATCH] avutil/tx: fix GCC memset warning + +The warning is that the whole array is not being cleared. + +Signed-off-by: Rosen Penev +--- + libavutil/tx.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/libavutil/tx.c ++++ b/libavutil/tx.c +@@ -283,7 +283,7 @@ static void reset_ctx(AVTXContext *s, in + * ff_tx_init_subtx() call is made. */ + s->nb_sub = 0; + s->opaque = NULL; +- memset(s->fn, 0, sizeof(*s->fn)); ++ memset(s->fn, 0, sizeof(s->fn)); + } + + void ff_tx_clear_ctx(AVTXContext *s) diff --git a/multimedia/ffmpeg/patches/070-avformat-rawdec-guard-by-CONFIG_DATA_DEMUXER.patch b/multimedia/ffmpeg/patches/070-avformat-rawdec-guard-by-CONFIG_DATA_DEMUXER.patch new file mode 100644 index 00000000000000..c8fb97b8628ddb --- /dev/null +++ b/multimedia/ffmpeg/patches/070-avformat-rawdec-guard-by-CONFIG_DATA_DEMUXER.patch @@ -0,0 +1,30 @@ +From 22baff53be0f830a1607af2b60e50605eb732ec4 Mon Sep 17 00:00:00 2001 +From: Rosen Penev +Date: Fri, 2 May 2025 15:21:13 -0700 +Subject: [PATCH] avformat/rawdec: guard by CONFIG_DATA_DEMUXER + +Otherwise raw_data_read_header becomes an unused static function. + +Signed-off-by: Rosen Penev +--- + libavformat/rawdec.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/libavformat/rawdec.c ++++ b/libavformat/rawdec.c +@@ -102,6 +102,7 @@ int ff_raw_subtitle_read_header(AVFormat + return 0; + } + ++#if CONFIG_DATA_DEMUXER + static int raw_data_read_header(AVFormatContext *s) + { + AVStream *st = avformat_new_stream(s, NULL); +@@ -112,6 +113,7 @@ static int raw_data_read_header(AVFormat + st->start_time = 0; + return 0; + } ++#endif + + /* Note: Do not forget to add new entries to the Makefile as well. */ + diff --git a/multimedia/ffmpeg/patches/080-avcodec-pcm-bluray-dvd-Use-correct-pointer-types-on-.patch b/multimedia/ffmpeg/patches/080-avcodec-pcm-bluray-dvd-Use-correct-pointer-types-on-.patch new file mode 100644 index 00000000000000..29abd88817ff80 --- /dev/null +++ b/multimedia/ffmpeg/patches/080-avcodec-pcm-bluray-dvd-Use-correct-pointer-types-on-.patch @@ -0,0 +1,43 @@ +From 347a70f101be28f8d78e8fd62ffc3a78324f49e9 Mon Sep 17 00:00:00 2001 +From: Andreas Rheinhardt +Date: Thu, 28 Mar 2024 05:35:36 +0100 +Subject: [PATCH] avcodec/pcm-bluray/dvd: Use correct pointer types on BE + +Signed-off-by: Andreas Rheinhardt +--- + libavcodec/pcm-bluray.c | 5 +++-- + libavcodec/pcm-dvd.c | 2 +- + 2 files changed, 4 insertions(+), 3 deletions(-) + +--- a/libavcodec/pcm-bluray.c ++++ b/libavcodec/pcm-bluray.c +@@ -167,7 +167,7 @@ static int pcm_bluray_decode_frame(AVCod + samples *= num_source_channels; + if (AV_SAMPLE_FMT_S16 == avctx->sample_fmt) { + #if HAVE_BIGENDIAN +- bytestream2_get_buffer(&gb, dst16, buf_size); ++ bytestream2_get_buffer(&gb, (uint8_t*)dst16, buf_size); + #else + do { + *dst16++ = bytestream2_get_be16u(&gb); +@@ -187,7 +187,8 @@ static int pcm_bluray_decode_frame(AVCod + if (AV_SAMPLE_FMT_S16 == avctx->sample_fmt) { + do { + #if HAVE_BIGENDIAN +- bytestream2_get_buffer(&gb, dst16, avctx->ch_layout.nb_channels * 2); ++ bytestream2_get_buffer(&gb, (uint8_t*)dst16, ++ avctx->ch_layout.nb_channels * 2); + dst16 += avctx->ch_layout.nb_channels; + #else + channel = avctx->ch_layout.nb_channels; +--- a/libavcodec/pcm-dvd.c ++++ b/libavcodec/pcm-dvd.c +@@ -157,7 +157,7 @@ static void *pcm_dvd_decode_samples(AVCo + switch (avctx->bits_per_coded_sample) { + case 16: { + #if HAVE_BIGENDIAN +- bytestream2_get_buffer(&gb, dst16, blocks * s->block_size); ++ bytestream2_get_buffer(&gb, (uint8_t*)dst16, blocks * s->block_size); + dst16 += blocks * s->block_size / 2; + #else + int samples = blocks * avctx->ch_layout.nb_channels; diff --git a/multimedia/ffmpeg/patches/090-avcodec-tiff-Suppress-unused-variable-warnings.patch b/multimedia/ffmpeg/patches/090-avcodec-tiff-Suppress-unused-variable-warnings.patch new file mode 100644 index 00000000000000..65bed650890022 --- /dev/null +++ b/multimedia/ffmpeg/patches/090-avcodec-tiff-Suppress-unused-variable-warnings.patch @@ -0,0 +1,30 @@ +From bb3c50b46d50b8bf4f45d7ae8f24607aaf23acea Mon Sep 17 00:00:00 2001 +From: Andreas Rheinhardt +Date: Sun, 2 Jun 2024 06:11:46 +0200 +Subject: [PATCH] avcodec/tiff: Suppress unused variable warnings + +Signed-off-by: Andreas Rheinhardt +--- + libavcodec/tiff.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/libavcodec/tiff.c ++++ b/libavcodec/tiff.c +@@ -427,7 +427,7 @@ static void av_always_inline horizontal_ + uint8_t shift = is_dng ? 0 : 16 - bpp; + GetBitContext gb; + +- int ret = init_get_bits8(&gb, src, width); ++ av_unused int ret = init_get_bits8(&gb, src, width); + av_assert1(ret >= 0); + for (int i = 0; i < s->width; i++) { + dst16[i] = get_bits(&gb, bpp) << shift; +@@ -462,7 +462,7 @@ static void unpack_gray(TiffContext *s, + GetBitContext gb; + uint16_t *dst = (uint16_t *)(p->data[0] + lnum * p->linesize[0]); + +- int ret = init_get_bits8(&gb, src, width); ++ av_unused int ret = init_get_bits8(&gb, src, width); + av_assert1(ret >= 0); + + for (int i = 0; i < s->width; i++) { diff --git a/multimedia/ffmpeg/patches/120-avfilter-af_channelsplit-fix-mixed-declaration-and-c.patch b/multimedia/ffmpeg/patches/120-avfilter-af_channelsplit-fix-mixed-declaration-and-c.patch new file mode 100644 index 00000000000000..9b37926e586ccb --- /dev/null +++ b/multimedia/ffmpeg/patches/120-avfilter-af_channelsplit-fix-mixed-declaration-and-c.patch @@ -0,0 +1,30 @@ +From 613c85a8f5b296c2b79fc0abfd98fccf962bb334 Mon Sep 17 00:00:00 2001 +From: Marvin Scholz +Date: Fri, 12 Jul 2024 17:47:14 +0200 +Subject: [PATCH] avfilter/af_channelsplit: fix mixed declaration and code + +Fix a "mixing declarations and code is incompatible with standards +before C99" warning. +--- + libavfilter/af_channelsplit.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/libavfilter/af_channelsplit.c ++++ b/libavfilter/af_channelsplit.c +@@ -156,6 +156,7 @@ static int query_formats(AVFilterContext + + static int filter_frame(AVFilterLink *outlink, AVFrame *buf) + { ++ AVFrame *buf_out; + AVFilterContext *ctx = outlink->src; + ChannelSplitContext *s = ctx->priv; + const int i = FF_OUTLINK_IDX(outlink); +@@ -164,7 +165,7 @@ static int filter_frame(AVFilterLink *ou + + av_assert1(channel >= 0); + +- AVFrame *buf_out = av_frame_clone(buf); ++ buf_out = av_frame_clone(buf); + if (!buf_out) + return AVERROR(ENOMEM); + diff --git a/multimedia/yt-dlp/Makefile b/multimedia/yt-dlp/Makefile index e5eeb6b5c86957..5760affa34df28 100644 --- a/multimedia/yt-dlp/Makefile +++ b/multimedia/yt-dlp/Makefile @@ -1,11 +1,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=yt-dlp -PKG_VERSION:=2025.7.21 +PKG_VERSION:=2025.9.26 PKG_RELEASE:=1 PYPI_NAME:=yt-dlp -PKG_HASH:=46fbb53eab1afbe184c45b4c17e9a6eba614be680e4c09de58b782629d0d7f43 +PKG_HASH:=c148ae8233ac4ce6c5fbf6f70fcc390f13a00f59da3776d373cf88c5370bda86 PYPI_SOURCE_NAME:=yt_dlp PKG_MAINTAINER:=George Sapkin diff --git a/net/adblock-fast/Makefile b/net/adblock-fast/Makefile index 39ac1119280a1a..73f95485835429 100644 --- a/net/adblock-fast/Makefile +++ b/net/adblock-fast/Makefile @@ -4,8 +4,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=adblock-fast -PKG_VERSION:=1.1.4 -PKG_RELEASE:=5 +PKG_VERSION:=1.2.0 +PKG_RELEASE:=22 PKG_MAINTAINER:=Stan Grishin PKG_LICENSE:=AGPL-3.0-or-later diff --git a/net/adblock-fast/files/README.md b/net/adblock-fast/files/README.md index 827255ab2af75e..df26694143cfe6 100644 --- a/net/adblock-fast/files/README.md +++ b/net/adblock-fast/files/README.md @@ -1,3 +1,20 @@ -# README +# adblock-fast -README has been moved to [https://docs.openwrt.melmac.net/adblock-fast/](https://docs.openwrt.melmac.net/adblock-fast/). +[![OpenWrt](https://img.shields.io/badge/OpenWrt-Compatible-blueviolet)](https://openwrt.org) +[![Web UI](https://img.shields.io/badge/Web_UI-Available-blue)](https://docs.openwrt.melmac.ca/adblock-fast/) +[![Lightweight](https://img.shields.io/badge/Size-Lightweight-brightgreen)](https://openwrt.org/packages/pkgdata/adblock-fast) +[![License](https://img.shields.io/badge/License-AGPL--3.0--or--later-lightgrey)](https://github.com/stangri/adblock-fast/blob/master/LICENSE) + +A fast, lightweight DNS-based ad-blocker for OpenWrt that works with dnsmasq, smartdns, or unbound. +It runs once to process and install blocklists, then exits — keeping memory usage low. + +## Features + +- Minimal runtime memory use +- Parallel blocklist download and processing +- Persistent cache support +- Optional Web UI for custom block/allow lists +- Reverts if DNS resolution fails after restart + +📚 **Full documentation:** +[https://docs.openwrt.melmac.ca/adblock-fast/](https://docs.openwrt.melmac.ca/adblock-fast/) diff --git a/net/adblock-fast/files/etc/config/adblock-fast b/net/adblock-fast/files/etc/config/adblock-fast index 7327525997c395..431d7bd11660bb 100644 --- a/net/adblock-fast/files/etc/config/adblock-fast +++ b/net/adblock-fast/files/etc/config/adblock-fast @@ -11,7 +11,8 @@ config adblock-fast 'config' option curl_additional_param '' option curl_max_file_size '30000000' option curl_retry '3' - option debug '0' + option debug_init_script '0' + option debug_performance '0' option dns 'dnsmasq.servers' list dnsmasq_instance '*' # option dnsmasq_config_file_url 'https://small.oisd.nl/dnsmasq2' @@ -27,11 +28,9 @@ config adblock-fast 'config' # list force_dns_port '4434' # list force_dns_port '5443' # list force_dns_port '8443' - option led 'none' option parallel_downloads '1' option pause_timeout '20' option procd_trigger_wan6 '0' - option procd_boot_delay '0' option procd_boot_wan_timeout '60' option verbosity '2' option heartbeat_domain 'heartbeat.melmac.ca' diff --git a/net/adblock-fast/files/etc/init.d/adblock-fast b/net/adblock-fast/files/etc/init.d/adblock-fast index 93045857638aad..40e69bc27b1a25 100755 --- a/net/adblock-fast/files/etc/init.d/adblock-fast +++ b/net/adblock-fast/files/etc/init.d/adblock-fast @@ -3,13 +3,11 @@ # shellcheck disable=SC2015,SC3023,SC3043 # shellcheck disable=SC2034 -START=94 +START=20 # shellcheck disable=SC2034 USE_PROCD=1 LC_ALL=C -[ -n "${IPKG_INSTROOT}" ] && return 0 - if type extra_command 1>/dev/null 2>&1; then extra_command 'allow' 'Allows domain in current block-list and config' extra_command 'check' 'Checks if specified domain is found in current block-list' @@ -26,62 +24,63 @@ fi readonly packageName='adblock-fast' readonly PKG_VERSION='dev-test' -readonly packageCompat='7' +readonly packageCompat='8' readonly serviceName="$packageName $PKG_VERSION" readonly packageMemoryThreshold='33554432' readonly packageConfigFile="/etc/config/${packageName}" +readonly dnsmasqUnifiedFile="/var/run/${packageName}/${packageName}.dnsmasq" readonly dnsmasqAddnhostsFile="/var/run/${packageName}/dnsmasq.addnhosts" readonly dnsmasqAddnhostsCache="/var/run/${packageName}/dnsmasq.addnhosts.cache" readonly dnsmasqAddnhostsGzip="${packageName}.dnsmasq.addnhosts.gz" readonly dnsmasqAddnhostsFilter='s|^|127.0.0.1 |;s|$||' readonly dnsmasqAddnhostsFilterIPv6='s|^|:: |;s|$||' -readonly dnsmasqAddnhostsOutputFilter='s|^127.0.0.1 ||;s|^:: ||;' -readonly dnsmasqConfFile="${packageName}" +readonly dnsmasqAddnhostsStripToDomainsFilter='s|^127.0.0.1 ||;s|^:: ||;' +readonly dnsmasqConfFile="$dnsmasqUnifiedFile" readonly dnsmasqConfCache="/var/run/${packageName}/dnsmasq.conf.cache" readonly dnsmasqConfGzip="${packageName}.dnsmasq.conf.gz" readonly dnsmasqConfFilter='s|^|local=/|;s|$|/|' -readonly dnsmasqConfOutputFilter='s|local=/||;s|/$||;' -readonly dnsmasqIpsetFile="${packageName}.ipset" +readonly dnsmasqConfStripToDomainsFilter='s|local=/||;s|/$||;' +readonly dnsmasqIpsetFile="$dnsmasqUnifiedFile" readonly dnsmasqIpsetCache="/var/run/${packageName}/dnsmasq.ipset.cache" readonly dnsmasqIpsetGzip="${packageName}.dnsmasq.ipset.gz" readonly dnsmasqIpsetFilter='s|^|ipset=/|;s|$|/adb|' -readonly dnsmasqIpsetOutputFilter='s|ipset=/||;s|/adb$||;' -readonly dnsmasqNftsetFile="${packageName}.nftset" +readonly dnsmasqIpsetStripToDomainsFilter='s|ipset=/||;s|/adb$||;' +readonly dnsmasqNftsetFile="$dnsmasqUnifiedFile" readonly dnsmasqNftsetCache="/var/run/${packageName}/dnsmasq.nftset.cache" readonly dnsmasqNftsetGzip="${packageName}.dnsmasq.nftset.gz" readonly dnsmasqNftsetFilter='s|^|nftset=/|;s|$|/4#inet#fw4#adb4|' readonly dnsmasqNftsetFilterIPv6='s|^|nftset=/|;s|$|/4#inet#fw4#adb4,6#inet#fw4#adb6|' -readonly dnsmasqNftsetOutputFilter='s|nftset=/||;s|/4#inet#adb#adb4||;' +readonly dnsmasqNftsetStripToDomainsFilter='s|nftset=/||;s|/4#.*$||;' readonly dnsmasqServersFile="/var/run/${packageName}/dnsmasq.servers" readonly dnsmasqServersCache="/var/run/${packageName}/dnsmasq.servers.cache" readonly dnsmasqServersGzip="${packageName}.dnsmasq.servers.gz" readonly dnsmasqServersFilter='s|^|server=/|;s|$|/|' readonly dnsmasqServersAllowFilter='s|(.*)|server=/\1/#|' readonly dnsmasqServersBlockedCountFilter='\|/#|d' -readonly dnsmasqServersOutputFilter='s|server=/||;s|/$||;' +readonly dnsmasqServersStripToDomainsFilter='s|server=/||;s|/.*$||;' readonly smartdnsDomainSetFile="/var/run/${packageName}/smartdns.domainset" readonly smartdnsDomainSetCache="/var/run/${packageName}/smartdns.domainset.cache" readonly smartdnsDomainSetConfig="/var/run/${packageName}/smartdns.domainset.conf" readonly smartdnsDomainSetGzip="${packageName}.smartdns.domainset.gz" readonly smartdnsDomainSetFilter='' -readonly smartdnsDomainSetOutputFilter='' +readonly smartdnsDomainSetStripToDomainsFilter='' readonly smartdnsIpsetFile="/var/run/${packageName}/smartdns.ipset" readonly smartdnsIpsetCache="/var/run/${packageName}/smartdns.ipset.cache" readonly smartdnsIpsetConfig="/var/run/${packageName}/smartdns.ipset.conf" readonly smartdnsIpsetGzip="${packageName}.smartdns.ipset.gz" readonly smartdnsIpsetFilter='' -readonly smartdnsIpsetOutputFilter='' +readonly smartdnsIpsetStripToDomainsFilter='' readonly smartdnsNftsetFile="/var/run/${packageName}/smartdns.nftset" readonly smartdnsNftsetCache="/var/run/${packageName}/smartdns.nftset.cache" readonly smartdnsNftsetConfig="/var/run/${packageName}/smartdns.nftset.conf" readonly smartdnsNftsetGzip="${packageName}.smartdns.nftset.gz" readonly smartdnsNftsetFilter='' -readonly smartdnsNftsetOutputFilter='' +readonly smartdnsNftsetStripToDomainsFilter='' readonly unboundFile="/var/lib/unbound/adb_list.${packageName}" readonly unboundCache="/var/run/${packageName}/unbound.cache" readonly unboundGzip="${packageName}.unbound.gz" readonly unboundFilter='s|^|local-zone: "|;s|$|." always_nxdomain|' -readonly unboundOutputFilter='s|^local-zone: "||;s|." always_nxdomain$||;' +readonly unboundStripToDomainsFilter='s|^local-zone: "||;s|." always_nxdomain$||;' readonly ALLOWED_TMP="/var/${packageName}.allowed.tmp" readonly A_TMP="/var/${packageName}.a.tmp" readonly B_TMP="/var/${packageName}.b.tmp" @@ -115,48 +114,95 @@ readonly canaryDomainsiCloud='mask.icloud.com mask-h2.icloud.com' readonly triggersReload='parallel_downloads debug download_timeout allowed_domain blocked_domain allowed_url blocked_url dns config_update_enabled config_update_url dnsmasq_config_file_url curl_additional_param curl_max_file_size curl_retry' readonly triggersRestart='compressed_cache compressed_cache_dir force_dns led force_dns_port' +# Silence "Command failed: Not found" for redundant procd service delete calls +__UBUS_BIN="$(command -v ubus || echo /bin/ubus)" +ubus() { + if [ "$1" = "call" ] && [ "$2" = "service" ] && [ "$3" = "delete" ]; then + "$__UBUS_BIN" "$@" >/dev/null 2>&1 || true + else + "$__UBUS_BIN" "$@" + fi +} + dl_command= dl_flag= isSSLSupported= +loadEnvironmentFlag= +loadPackageConfigFlag= outputAllowFilter= outputBlockedCountFilter= outputFilter= outputFilterIPv6= outputFile= -outputDnsmasqFileList= outputGzip= outputCache= -outputOutputFilter= +stripToDomainsFilter= +triggerStatus= awk='awk' -load_environment_flag= allowed_url= blocked_url= fw4_restart_flag= adbf_boot_flag= +dnsmasq_features= +dnsmasq_ubus= + +# package config variables +allow_non_ascii= +canary_domains_icloud= +canary_domains_mozilla= +compressed_cache= +config_update_enabled= +debug_init_script= +debug_performance= +enabled= +force_dns= +ipv6_enabled= +parallel_downloads= +procd_trigger_wan6= +sanity_check= +update_config_sizes= +allowed_domain= +blocked_domain= +compressed_cache_dir= +config_update_url= +curl_additional_param= +curl_max_file_size= +curl_retry= +dns= +dnsmasq_config_file_url= +dnsmasq_instance= +download_timeout= +force_dns_interface= +force_dns_port= +heartbeat_domain= +heartbeat_sleep_timeout= +led= +pause_timeout= +procd_boot_wan_timeout= +smartdns_instance= +verbosity= # shellcheck disable=SC1091 -. /lib/functions.sh +. "${IPKG_INSTROOT}/lib/functions.sh" # shellcheck disable=SC1091 -. /lib/functions/network.sh +. "${IPKG_INSTROOT}/lib/functions/network.sh" # shellcheck disable=SC1091 -. /usr/share/libubox/jshn.sh +. "${IPKG_INSTROOT}/usr/share/libubox/jshn.sh" append_newline() { is_newline_ending "$1" || echo '' >> "$1"; } check_ipset() { { command -v ipset && /usr/sbin/ipset help hash:net; } >/dev/null 2>&1; } check_nft() { command -v nft >/dev/null 2>&1; } check_dnsmasq() { command -v dnsmasq >/dev/null 2>&1; } -check_dnsmasq_ipset() { - local o; - check_dnsmasq || return 1 - o="$(dnsmasq -v 2>/dev/null)" - check_ipset && ! echo "$o" | grep -q 'no-ipset' && echo "$o" | grep -q 'ipset' -} -check_dnsmasq_nftset() { - local o; - check_dnsmasq || return 1 - o="$(dnsmasq -v 2>/dev/null)" - check_nft && ! echo "$o" | grep -q 'no-nftset' && echo "$o" | grep -q 'nftset' +check_dnsmasq_feature () { + [ -z "$dnsmasq_features" ] && dnsmasq_features="$(dnsmasq --version | grep -m1 'Compile time options:' | cut -d: -f2) " + case "$1" in + idn) [ "${dnsmasq_features#* IDN }" != "$dnsmasq_features" ];; + ipset) [ "${dnsmasq_features#* ipset }" != "$dnsmasq_features" ];; + nftset) [ "${dnsmasq_features#* nftset }" != "$dnsmasq_features" ];; + esac } +check_dnsmasq_ipset() { check_ipset && check_dnsmasq_feature 'ipset'; } +check_dnsmasq_nftset() { check_nft && check_dnsmasq_feature 'nftset'; } check_smartdns() { command -v smartdns >/dev/null 2>&1; } check_smartdns_ipset() { check_smartdns && check_ipset; } check_smartdns_nftset() { check_smartdns && check_nft; } @@ -192,7 +238,6 @@ adb_config_cache() { get) case "$var" in trigger_fw4) - ret='false' if [ -s "$runningConfigFile" ]; then local UCI_CONFIG_DIR="${runningConfigFile%/*}" is_fw4_restart_needed && ret='true' @@ -279,8 +324,8 @@ dns_set_output_values() { outputFile="$dnsmasqAddnhostsFile" outputCache="$dnsmasqAddnhostsCache" outputGzip="${compressed_cache_dir}/${dnsmasqAddnhostsGzip}" - outputOutputFilter="$dnsmasqAddnhostsOutputFilter" - if [ "$ipv6_enabled" -ne '0' ]; then + stripToDomainsFilter="$dnsmasqAddnhostsStripToDomainsFilter" + if [ -n "$ipv6_enabled" ]; then outputFilterIPv6="$dnsmasqAddnhostsFilterIPv6" fi ;; @@ -289,17 +334,17 @@ dns_set_output_values() { outputFile="$dnsmasqConfFile" outputCache="$dnsmasqConfCache" outputGzip="${compressed_cache_dir}/${dnsmasqConfGzip}" - outputOutputFilter="$dnsmasqConfOutputFilter" + stripToDomainsFilter="$dnsmasqConfStripToDomainsFilter" ;; dnsmasq.ipset) outputFilter="$dnsmasqIpsetFilter" outputFile="$dnsmasqIpsetFile" outputCache="$dnsmasqIpsetCache" outputGzip="${compressed_cache_dir}/${dnsmasqIpsetGzip}" - outputOutputFilter="$dnsmasqIpsetOutputFilter" + stripToDomainsFilter="$dnsmasqIpsetStripToDomainsFilter" ;; dnsmasq.nftset) - if [ "$ipv6_enabled" -ne '0' ]; then + if [ -n "$ipv6_enabled" ]; then outputFilter="$dnsmasqNftsetFilterIPv6" else outputFilter="$dnsmasqNftsetFilter" @@ -307,14 +352,14 @@ dns_set_output_values() { outputFile="$dnsmasqNftsetFile" outputCache="$dnsmasqNftsetCache" outputGzip="${compressed_cache_dir}/${dnsmasqNftsetGzip}" - outputOutputFilter="$dnsmasqNftsetOutputFilter" + stripToDomainsFilter="$dnsmasqNftsetStripToDomainsFilter" ;; dnsmasq.servers) outputFilter="$dnsmasqServersFilter" outputFile="$dnsmasqServersFile" outputCache="$dnsmasqServersCache" outputGzip="${compressed_cache_dir}/${dnsmasqServersGzip}" - outputOutputFilter="$dnsmasqServersOutputFilter" + stripToDomainsFilter="$dnsmasqServersStripToDomainsFilter" outputAllowFilter="$dnsmasqServersAllowFilter" outputBlockedCountFilter="$dnsmasqServersBlockedCountFilter" ;; @@ -324,7 +369,7 @@ dns_set_output_values() { outputCache="$smartdnsDomainSetCache" outputGzip="${compressed_cache_dir}/${smartdnsDomainSetGzip}" outputConfig="$smartdnsDomainSetConfig" - outputOutputFilter="$smartdnsDomainSetOutputFilter" + stripToDomainsFilter="$smartdnsDomainSetStripToDomainsFilter" ;; smartdns.ipset) outputFilter="$smartdnsIpsetFilter" @@ -332,7 +377,7 @@ dns_set_output_values() { outputCache="$smartdnsIpsetCache" outputGzip="${compressed_cache_dir}/${smartdnsIpsetGzip}" outputConfig="$smartdnsIpsetConfig" - outputOutputFilter="$smartdnsIpsetOutputFilter" + stripToDomainsFilter="$smartdnsIpsetStripToDomainsFilter" ;; smartdns.nftset) outputFilter="$smartdnsNftsetFilter" @@ -340,14 +385,14 @@ dns_set_output_values() { outputCache="$smartdnsNftsetCache" outputGzip="${compressed_cache_dir}/${smartdnsNftsetGzip}" outputConfig="$smartdnsNftsetConfig" - outputOutputFilter="$smartdnsNftsetOutputFilter" + stripToDomainsFilter="$smartdnsNftsetStripToDomainsFilter" ;; unbound.adb_list) outputFilter="$unboundFilter" outputFile="$unboundFile" outputCache="$unboundCache" outputGzip="${compressed_cache_dir}/${unboundGzip}" - outputOutputFilter="$unboundOutputFilter" + stripToDomainsFilter="$unboundStripToDomainsFilter" ;; esac resolver 'on_load' @@ -357,7 +402,7 @@ dnsmasq_kill() { killall -q -s KILL dnsmasq; } dnsmasq_restart() { /etc/init.d/dnsmasq restart >/dev/null 2>&1; } is_enabled() { uci_get "$1" 'config' 'enabled' '0'; } is_fw4_restart_needed() { - [ "$fw4_restart_flag" = 'true' ] && return 0 + [ -n "$fw4_restart_flag" ] && return 0 local dns force_dns dns="$(uci_get "$packageName" 'config' 'dns' 'dnsmasq.servers')" force_dns="$(uci_get "$packageName" 'config' 'force_dns' '1')" @@ -375,12 +420,26 @@ is_fw4_restart_needed() { return 1 fi } -is_integer() { case "$1" in ''|*[!0-9]*) return 1;; esac; } +is_integer() { case "$1" in ''|*[!0-9]*) return 1;; esac; [ "$1" -ge 1 ] && [ "$1" -le 65535 ] || return 1; return 0; } is_greater() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"; } is_greater_or_equal() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" = "$2"; } # shellcheck disable=SC3057 is_https_url() { [ "${1:0:8}" = "https://" ]; } is_newline_ending() { [ "$(tail -c1 "$1" | wc -l)" -ne '0' ]; } +is_port_listening() { + local hex + is_integer "$1" || return 1 + hex="$(printf '%04X' "$1")" + # TCP: state 0A == LISTEN + if awk -v h="$hex" 'NR>1{split($2,a,":"); if (toupper(a[2])==h && $4=="0A") {found=1}} END{exit found?0:1}' /proc/net/tcp /proc/net/tcp6 2>/dev/null; then + return 0 + fi + # UDP: presence indicates a bound socket + if awk -v h="$hex" 'NR>1{split($2,a,":"); if (toupper(a[2])==h) {found=1}} END{exit found?0:1}' /proc/net/udp /proc/net/udp6 2>/dev/null; then + return 0 + fi + return 1 +} is_present() { command -v "$1" >/dev/null 2>&1; } is_running() { local i j @@ -408,7 +467,7 @@ get_mem_total() { led_on(){ if [ -n "${1}" ] && [ -e "${1}/trigger" ]; then echo 'default-on' > "${1}/trigger" 2>&1; fi; } led_off(){ if [ -n "${1}" ] && [ -e "${1}/trigger" ]; then echo 'none' > "${1}/trigger" 2>&1; fi; } logger() { /usr/bin/logger -t "$packageName" "$@"; } -logger_debug() { /usr/bin/logger -t "$packageName [$$]" "$@"; } +logger_debug() { [ -n "$debug_performance" ] && /usr/bin/logger -t "$packageName [$$]" "$@"; } nft() { "$nft" "$@" >/dev/null 2>&1; } output_dot() { output 1 "$_DOT_"; output 2 "$__DOT__"; } output_ok() { output 1 "$_OK_"; output 2 "$__OK__\n"; } @@ -432,7 +491,8 @@ print_json_string() { json_init; json_add_string "$1" "$2"; json_dump; json_clea sanitize_domain() { printf '%s' "$1" | sed -E 's#^[a-z]+://##; s#/.*$##; s/:.*$//'; } sanitize_dir() { [ -d "$(readlink -fn "$1")" ] && readlink -fn "$1"; } smartdns_restart() { /etc/init.d/smartdns restart >/dev/null 2>&1; } -str_contains() { test "$1" != "$(str_replace "$1" "$2" '')"; } +# shellcheck disable=SC3060 +str_contains() { [ "${1//$2}" != "$1" ]; } str_contains_word() { echo "$1" | grep -qw "$2"; } str_first_word() { echo "${1%% *}"; } # shellcheck disable=SC2018,SC2019 @@ -441,83 +501,72 @@ str_to_lower() { echo "$1" | tr 'A-Z' 'a-z'; } str_to_upper() { echo "$1" | tr 'a-z' 'A-Z'; } # shellcheck disable=SC3060 str_replace() { echo "${1//$2/$3}"; } -ubus_get_data() { ubus call service list "{ 'name': '$packageName' }" | jsonfilter -e "@['${packageName}'].instances.main.data.${1}"; } -ubus_get_ports() { ubus call service list "{ 'name': '$packageName' }" | jsonfilter -e "@['${packageName}'].instances.main.data.firewall.*.dest_port"; } +ubus_get_data() { ubus call service list "{\"name\":\"$packageName\"}" | jsonfilter -e "@['${packageName}'].instances.main.data.${1}"; } +ubus_get_ports() { ubus call service list "{\"name\":\"$packageName\"}" | jsonfilter -e "@['${packageName}'].instances.main.data.firewall.*.dest_port"; } uci_get_protocol() { uci_get 'network' "$1" 'proto'; } unbound_restart() { /etc/init.d/unbound restart >/dev/null 2>&1; } json() { { - flock -x 207 + flock -x 209 local status message stats i local action="$1" param="$2" value="$3"; shift 3; local info="$*"; + local _current_namespace="$_JSON_PREFIX" + json_set_namespace "${packageName//-/_}_" [ "$param" = 'error' ] && param='errors' [ "$param" = 'warning' ] && param='warnings' { json_load_file "$runningStatusFile" || json_init; } >/dev/null 2>&1 { json_select 'data' || { json_add_object 'data'; json_close_object; json_select 'data'; }; } >/dev/null 2>&1 - case "$action" in - 'get') - case "$param" in - 'errors'|'warnings') - json_select "$param" >/dev/null 2>&1 || return - if [ -z "$value" ]; then - json_get_keys i - else - json_select "$value" >/dev/null 2>&1 - case "${info:-code}" in - 'code'|'info') json_get_var 'i' "$info" >/dev/null 2>&1;; - esac - fi - printf "%b" "$i" - return - ;; - 'status'|'message'|'stats'|*) - json_get_var 'i' "$param" >/dev/null 2>&1 - printf "%b" "$i" - return - ;; - esac + case "${action}:${param}" in + 'get:errors'|'get:warnings') + json_select "$param" >/dev/null 2>&1 || return + if [ -z "$value" ]; then + json_get_keys i + else + json_select "$value" >/dev/null 2>&1 + case "${info:-code}" in + 'code'|'info') json_get_var 'i' "$info" >/dev/null 2>&1;; + esac + fi + printf "%b" "$i" + json_set_namespace "$_current_namespace" + return + ;; + get:*) + json_get_var 'i' "$param" >/dev/null 2>&1 + printf "%b" "$i" + json_set_namespace "$_current_namespace" + return + ;; + 'add:errors'|'add:warnings') + { json_select "$param" || json_add_array "$param"; } >/dev/null 2>&1 + json_add_object "" + json_add_string 'code' "$value" + json_add_string 'info' "$info" + json_close_object + json_select .. + ;; + add:*) + json_add_string "$param" "$value" ;; - 'add') - case "$param" in - 'errors'|'warnings') - { json_select "$param" || json_add_array "$param"; } >/dev/null 2>&1 - json_add_object "" - json_add_string 'code' "$value" - json_add_string 'info' "$info" - json_close_object - json_select .. - ;; - *) - json_add_string "$param" "$value" - ;; - esac + 'del:all') + json_add_string status '' + json_add_string message '' + json_add_string stats '' + json_add_array errors + json_close_array + json_add_array warnings + json_close_array ;; - 'del') - case "$param" in - 'all') - json_add_string status '' - json_add_string message '' - json_add_string stats '' - json_add_array errors - json_close_array - json_add_array warnings - json_close_array - ;; - 'errors'|'warnings') - json_add_array "$param" - json_close_array - ;; - *) - json_add_string "$param" '';; - esac + 'del:errors'|'del:warnings') + json_add_array "$param" + json_close_array ;; - set) - case "$param" in - 'status'|'message'|'stats') - json_add_string "$param" "$value" - ;; - esac + del:*) + json_add_string "$param" '' + ;; + 'set:status'|'set:message'|'set:stats') + json_add_string "$param" "$value" ;; esac json_add_string 'version' "$PKG_VERSION" @@ -526,7 +575,8 @@ json() { mkdir -p "${runningStatusFile%/*}" json_dump > "$runningStatusFile" sync - } 207>"$runningStatusFileLock" + json_set_namespace "$_current_namespace" + } 209>"$runningStatusFileLock" } get_local_filesize() { @@ -544,18 +594,18 @@ get_local_filesize() { get_url_filesize() { local url="$1" size size_command timeout_sec=2 [ -n "$url" ] || return 0 - if is_present 'curl'; then - # shellcheck disable=SC1017 - size_command='curl --silent --insecure --fail --head --request GET' - size="$($size_command --connect-timeout $timeout_sec "$url" | awk -F": " '{IGNORECASE=1}/content-length/ {gsub(/\r/, ""); print $2}' )" - fi - - # Check if size is empty and fallback to uclient-fetch if necessary - if [ -z "$size" ] && is_present 'uclient-fetch' ; then - # shellcheck disable=SC1017 - size_command='uclient-fetch --spider' - size="$($size_command --timeout $timeout_sec "$url" -O /dev/null 2>&1 | sed -n '/^Download/ s/.*(\([0-9]*\) bytes).*/\1/p')" - fi + if is_present 'curl'; then + # shellcheck disable=SC1017 + size_command='curl --silent --insecure --fail --head --request GET' + size="$($size_command --connect-timeout $timeout_sec "$url" | awk -F": " '{IGNORECASE=1}/content-length/ {gsub(/\r/, ""); print $2}' )" + fi + + # Check if size is empty and fallback to uclient-fetch if necessary + if [ -z "$size" ] && is_present 'uclient-fetch' ; then + # shellcheck disable=SC1017 + size_command='uclient-fetch --spider' + size="$($size_command --timeout $timeout_sec "$url" -O /dev/null 2>&1 | sed -n '/^Download/ s/.*(\([0-9]*\) bytes).*/\1/p')" + fi # shellcheck disable=SC3037 echo -en "$size" } @@ -591,79 +641,77 @@ uci_changes() { local PACKAGE="$1" local CONFIG="$2" local OPTION="$3" - if [ -s "${UCI_CONFIG_DIR:-/etc/config/}${PACKAGE}" ]; then - /sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} changes "$PACKAGE${CONFIG:+.$CONFIG}${OPTION:+.$OPTION}" - fi + [ -s "${UCI_CONFIG_DIR:-/etc/config/}${PACKAGE}" ] && \ + [ -n "$(/sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} changes "$PACKAGE${CONFIG:+.$CONFIG}${OPTION:+.$OPTION}")" ] } get_text() { - local r - case "$1" in - errorConfigValidationFail) r="The $packageName config validation failed";; - errorServiceDisabled) r="The $packageName is currently disabled";; + local r="$1"; shift; + case "$r" in + errorConfigValidationFail) printf "The %s config validation failed" "$packageName";; + errorServiceDisabled) printf "The %s is currently disabled" "$packageName";; errorNoDnsmasqIpset) - r="The dnsmasq ipset support is enabled in $packageName, but dnsmasq is either not installed or installed dnsmasq does not support ipset";; + printf "The dnsmasq ipset support is enabled in %s, but dnsmasq is either not installed or installed dnsmasq does not support ipset" "$packageName";; errorNoIpset) - r="The dnsmasq ipset support is enabled in $packageName, but ipset is either not installed or installed ipset does not support 'hash:net' type";; + printf "The dnsmasq ipset support is enabled in %s, but ipset is either not installed or installed ipset does not support 'hash:net' type" "$packageName";; errorNoDnsmasqNftset) - r="The dnsmasq nft set support is enabled in $packageName, but dnsmasq is either not installed or installed dnsmasq does not support nft set";; - errorNoNft) r="The dnsmasq nft sets support is enabled in $packageName, but nft is not installed";; - errorNoWanGateway) r="The ${serviceName} failed to discover WAN gateway";; - errorOutputDirCreate) r="Failed to create directory for %s file";; - errorOutputFileCreate) r="Failed to create %s file";; - errorFailDNSReload) r="Failed to restart/reload DNS resolver";; - errorSharedMemory) r="Failed to access shared memory";; - errorSorting) r="Failed to sort data file";; - errorOptimization) r="Failed to optimize data file";; - errorAllowListProcessing) r="Failed to process allow-list";; - errorDataFileFormatting) r="Failed to format data file";; - errorCopyingDataFile) r="Failed to copy data file to '%s'";; - errorMovingDataFile) r="Failed to move data file to '%s'";; - errorCreatingCompressedCache) r="Failed to create compressed cache";; - errorRemovingTempFiles) r="Failed to remove temporary files";; - errorRestoreCompressedCache) r="Failed to unpack compressed cache";; - errorRestoreCache) r="Failed to move '$outputCache' to '$outputFile'";; - errorOhSnap) r="Failed to create block-list or restart DNS resolver";; - errorStopping) r="Failed to stop $serviceName";; - errorDNSReload) r="Failed to reload/restart DNS resolver";; - errorDownloadingConfigUpdate) r="Failed to download Config Update file";; - errorDownloadingList) r="Failed to download %s";; - errorParsingConfigUpdate) r="Failed to parse Config Update file";; - errorParsingList) r="Failed to parse";; - errorNoSSLSupport) r="No HTTPS/SSL support on device";; - errorCreatingDirectory) r="Failed to create output/cache/gzip file directory";; - errorDetectingFileType) r="Failed to detect format";; - errorNothingToDo) r="No blocked list URLs nor blocked-domains enabled";; - errorTooLittleRam) r="Free ram (%s) is not enough to process all enabled block-lists";; - errorCreatingBackupFile) r="Failed to create backup file %s";; - errorDeletingDataFile) r="Failed to delete data file %s";; - errorRestoringBackupFile) r="Failed to restore backup file %s";; - errorNoOutputFile) r="Failed to create final block-list %s";; - errorNoHeartbeat) r="Heartbeat domain is not accessible after resolver restart";; - - statusNoInstall) r="The $serviceName is not installed or not found";; - statusStopped) r="Stopped";; - statusStarting) r="Starting";; - statusRestarting) r="Restarting";; - statusForceReloading) r="Force Reloading";; - statusDownloading) r="Downloading";; - statusProcessing) r="Processing";; - statusFail) r="Failed to start";; - statusSuccess) r="Success";; + printf "The dnsmasq nft set support is enabled in %s, but dnsmasq is either not installed or installed dnsmasq does not support nft set" "$packageName";; + errorNoNft) printf "The dnsmasq nft sets support is enabled in %s, but nft is not installed" "$packageName";; + errorNoWanGateway) printf "The %s failed to discover WAN gateway" "$serviceName";; + errorOutputDirCreate) printf "Failed to create directory for %s file" "$@";; + errorOutputFileCreate) printf "Failed to create %s file" "$@";; + errorFailDNSReload) printf "Failed to restart/reload DNS resolver";; + errorSharedMemory) printf "Failed to access shared memory";; + errorSorting) printf "Failed to sort data file";; + errorOptimization) printf "Failed to optimize data file";; + errorAllowListProcessing) printf "Failed to process allow-list";; + errorDataFileFormatting) printf "Failed to format data file";; + errorCopyingDataFile) printf "Failed to copy data file to '%s'" "$@";; + errorMovingDataFile) printf "Failed to move data file to '%s'" "$@";; + errorCreatingCompressedCache) printf "Failed to create compressed cache";; + errorRemovingTempFiles) printf "Failed to remove temporary files";; + errorRestoreCompressedCache) printf "Failed to unpack compressed cache";; + errorRestoreCache) printf "Failed to move '%s' to '%s'" "$outputCache" "$outputFile";; + errorOhSnap) printf "Failed to create block-list or restart DNS resolver";; + errorStopping) printf "Failed to stop %s" "$serviceName";; + errorDNSReload) printf "Failed to reload/restart DNS resolver";; + errorDownloadingConfigUpdate) printf "Failed to download Config Update file";; + errorDownloadingList) printf "Failed to download %s" "$@";; + errorParsingConfigUpdate) printf "Failed to parse Config Update file";; + errorParsingList) printf "Failed to parse";; + errorNoSSLSupport) printf "No HTTPS/SSL support on device";; + errorCreatingDirectory) printf "Failed to create output/cache/gzip file directory";; + errorDetectingFileType) printf "Failed to detect format";; + errorNothingToDo) printf "No blocked list URLs nor blocked-domains enabled";; + errorTooLittleRam) printf "Free ram (%s) is not enough to process all enabled block-lists" "$@";; + errorCreatingBackupFile) printf "Failed to create backup file %s" "$@";; + errorDeletingDataFile) printf "Failed to delete data file %s" "$@";; + errorRestoringBackupFile) printf "Failed to restore backup file %s" "$@";; + errorNoOutputFile) printf "Failed to create final block-list %s" "$@";; + errorNoHeartbeat) printf "Heartbeat domain is not accessible after resolver restart";; + + statusNoInstall) printf "The %s is not installed or not found" "$serviceName";; + statusStopped) printf "stopped";; + statusStarting) printf "starting";; + statusRestarting) printf "restarting";; + statusForceReloading) printf "force-reloading";; + statusDownloading) printf "downloading";; + statusProcessing) printf "processing";; + statusFail) printf "failed to start";; + statusSuccess) printf "success";; + statusTriggerBootWait) printf "waiting for trigger (on_boot)";; + statusTriggerStartWait) printf "waiting for trigger (on_start)";; warningExternalDnsmasqConfig) - r="Use of external dnsmasq config file detected, please set 'dns' option to 'dnsmasq.conf'";; - warningMissingRecommendedPackages) r="Some recommended packages are missing";; - warningInvalidCompressedCacheDir) r="Invalid compressed cache directory '%s'";; - warningFreeRamCheckFail) r="Can't detect free RAM";; - warningSanityCheckTLD) r="Sanity check discovered TLDs in %s";; - warningSanityCheckLeadingDot) r="Sanity check discovered leading dots in %s";; - - *) r="Unknown text '$1'";; + printf "Use of external dnsmasq config file detected, please set 'dns' option to 'dnsmasq.conf'";; + warningMissingRecommendedPackages) printf "Some recommended packages are missing";; + warningInvalidCompressedCacheDir) printf "Invalid compressed cache directory '%s'" "$@";; + warningFreeRamCheckFail) printf "Can't detect free RAM";; + warningSanityCheckTLD) printf "Sanity check discovered TLDs in %s" "$@";; + warningSanityCheckLeadingDot) printf "Sanity check discovered leading dots in %s" "$@";; + + *) printf "Unknown error/warning '%s'" "$@";; esac - shift -# shellcheck disable=SC2059 - printf "$r" "$@" } load_network() { @@ -709,7 +757,8 @@ load_network() { sleep 1 done json add error 'errorNoWanGateway' - output_error "$(get_text 'errorNoWanGateway')"; return 1; + output_error "$(get_text 'errorNoWanGateway')" + return 1 } detect_file_type() { @@ -730,20 +779,114 @@ detect_file_type() { fi } -load_environment() { - local i j - local validation_result="$1" param="$2" +load_package_config() { + config_load "$packageName" + config_get_bool allow_non_ascii 'config' 'allow_non_ascii' '0' + config_get_bool canary_domains_icloud 'config' 'canary_domains_icloud' '0' + config_get_bool canary_domains_mozilla 'config' 'canary_domains_mozilla' '0' + config_get_bool compressed_cache 'config' 'compressed_cache' '0' + config_get_bool config_update_enabled 'config' 'config_update_enabled' '0' + config_get_bool debug_init_script 'config' 'debug_init_script' '0' + config_get_bool debug_performance 'config' 'debug_performance' '0' + config_get_bool enabled 'config' 'enabled' '0' + config_get_bool force_dns 'config' 'force_dns' '1' + config_get_bool ipv6_enabled 'config' 'ipv6_enabled' '0' + config_get_bool parallel_downloads 'config' 'parallel_downloads' '1' + config_get_bool procd_trigger_wan6 'config' 'procd_trigger_wan6' '0' + config_get_bool sanity_check 'config' 'sanity_check' '1' + config_get_bool update_config_sizes 'config' 'update_config_sizes' '1' + config_get allowed_domain 'config' 'allowed_domain' + config_get blocked_domain 'config' 'blocked_domain' + config_get compressed_cache_dir 'config' 'compressed_cache_dir' '/etc' + config_get config_update_url 'config' 'config_update_url' 'https://cdn.jsdelivr.net/gh/openwrt/packages/net/adblock-fast/files/adblock-fast.config.update' + config_get curl_additional_param 'config' 'curl_additional_param' + config_get curl_max_file_size 'config' 'curl_max_file_size' + config_get curl_retry 'config' 'curl_retry' '3' + config_get dns 'config' 'dns' 'dnsmasq.servers' + config_get dnsmasq_config_file_url 'config' 'dnsmasq_config_file_url' + config_get dnsmasq_instance 'config' 'dnsmasq_instance' '*' + config_get download_timeout 'config' 'download_timeout' '20' + config_get force_dns_interface 'config' 'force_dns_interface' 'lan' + config_get force_dns_port 'config' 'force_dns_port' '53 853' + config_get heartbeat_domain 'config' 'heartbeat_domain' 'heartbeat.melmac.ca' + config_get heartbeat_sleep_timeout 'config' 'heartbeat_sleep_timeout' '10' + config_get led 'config' 'led' + config_get pause_timeout 'config' 'pause_timeout' '20' + config_get procd_boot_wan_timeout 'config' 'procd_boot_wan_timeout' '60' + config_get smartdns_instance 'config' 'smartdns_instance' '*' + config_get verbosity 'config' 'verbosity' '2' + + [ "$allow_non_ascii" = '1' ] || unset allow_non_ascii + [ "$canary_domains_icloud" = '1' ] || unset canary_domains_icloud + [ "$canary_domains_mozilla" = '1' ] || unset canary_domains_mozilla + [ "$compressed_cache" = '1' ] || unset compressed_cache + [ "$config_update_enabled" = '1' ] || unset config_update_enabled + [ "$debug_init_script" = '1' ] || unset debug_init_script + [ "$debug_performance" = '1' ] || unset debug_performance + [ "$enabled" = '1' ] || unset enabled + [ "$force_dns" = '1' ] || unset force_dns + [ "$ipv6_enabled" = '1' ] || unset ipv6_enabled + [ "$parallel_downloads" = '1' ] || unset parallel_downloads + [ "$procd_trigger_wan6" = '1' ] || unset procd_trigger_wan6 + [ "$sanity_check" = '1' ] || unset sanity_check + [ "$update_config_sizes" = '1' ] || unset update_config_sizes - [ -z "$load_environment_flag" ] || return 0 + dns_set_output_values "$dns" + [ "$heartbeat_domain" = '-' ] && unset heartbeat_domain || heartbeat_domain="$(sanitize_domain "$heartbeat_domain")" + if [ "$(sanitize_dir "$compressed_cache_dir")" = '/' ]; then + compressed_cache_dir='' + elif [ -n "$(sanitize_dir "$compressed_cache_dir")" ]; then + compressed_cache_dir="$(sanitize_dir "$compressed_cache_dir")" + else + compressed_cache_dir="/etc" + fi - if [ "$validation_result" != '0' ]; then - json add error 'errorConfigValidationFail' - output_error "$(get_text 'errorConfigValidationFail')" - output "Please check if the '$packageConfigFile' contains correct values for config options.\n" - return 1 + unset loadEnvironmentFlag + loadPackageConfigFlag='true' +} + +load_dl_command() { + # Prefer curl because it supports the file:// scheme. + if is_present 'curl'; then + dl_command='curl -f --silent --insecure' + dl_command="${dl_command}${curl_additional_param:+ $curl_additional_param}" + dl_command="${dl_command}${curl_max_file_size:+ --max-filesize $curl_max_file_size}" + dl_command="${dl_command}${curl_retry:+ --retry $curl_retry}" + dl_command="${dl_command}${download_timeout:+ --connect-timeout $download_timeout}" + dl_flag='-o' + elif is_present '/usr/libexec/wget-ssl'; then + dl_command='/usr/libexec/wget-ssl --no-check-certificate -q' + dl_command="${dl_command}${download_timeout:+ --timeout $download_timeout}" + dl_flag="-O" + size_command='/usr/libexec/wget-ssl --no-check-certificate -q -O /dev/null --server-response' + size_command="${size_command}${download_timeout:+ --timeout $download_timeout}" + elif is_present wget && wget --version 2>/dev/null | grep -q "+https"; then + dl_command="wget --no-check-certificate -q" + dl_command="${dl_command}${download_timeout:+ --timeout $download_timeout}" + dl_flag="-O" + size_command='wget --no-check-certificate -q -O /dev/null --server-response' + size_command="${size_command}${download_timeout:+ --timeout $download_timeout}" + else + dl_command="uclient-fetch --no-check-certificate -q" + dl_command="${dl_command}${download_timeout:+ --timeout $download_timeout}" + dl_flag="-O" + fi + if curl --version 2>/dev/null | grep -q "Protocols: .*https.*" \ + || wget --version 2>/dev/null | grep -q "+ssl"; then + isSSLSupported='true' + else + unset isSSLSupported fi +} + +load_environment() { + local i j + local param="$1" validation_result="$2" - if [ "$enabled" -eq 0 ]; then + [ -z "$loadEnvironmentFlag" ] || return 0 + [ -n "$loadPackageConfigFlag" ] || load_package_config + + if [ -z "$enabled" ]; then json add error 'errorServiceDisabled' output_error "$(get_text 'errorServiceDisabled')" output "Run the following commands before starting service again:\n" @@ -751,73 +894,76 @@ load_environment() { return 1 fi - if [ "$debug" -ne '0' ]; then + if [ -n "$validation_result" ] && [ "$validation_result" != '0' ]; then + output 1 "$_FAIL_\n" + json add error 'errorConfigValidationFail' + output_error "$(get_text 'errorConfigValidationFail')" + output "Please check if the '$packageConfigFile' contains correct values for config options.\n" + return 1 + fi + + if [ -n "$debug_init_script" ]; then exec 1>>"/tmp/$packageName.log" exec 2>&1 set -x fi -# TODO: check for resolver and error out on start - [ "$heartbeat_domain" = '-' ] && unset heartbeat_domain - heartbeat_domain="$(sanitize_domain "$heartbeat_domain")" - [ "$sanity_check" = '1' ] || unset sanity_check - [ "$update_config_sizes" = '1' ] || unset update_config_sizes - - if [ -n "$dnsmasq_config_file_url" ]; then - case "$dns" in - dnsmasq.conf) :;; - *) - if [ "$param" != 'quiet' ]; then - json add warning 'warningExternalDnsmasqConfig' - output_warning "$(get_text 'warningExternalDnsmasqConfig')" - fi - ;; - esac - fi - + # Check for resolver presence and error out on start case "$dns" in dnsmasq.*) - if dnsmasq -v 2>/dev/null | grep -q 'no-IDN' || ! dnsmasq -v 2>/dev/null | grep -q -w 'IDN'; then - allow_non_ascii='0' + if ! check_dnsmasq; then + [ "$param" != 'quiet' ] && { json add error 'errorDNSReload'; output_error "Resolver 'dnsmasq' not found"; } + return 1 + fi + if check_dnsmasq_feature 'idn'; then + allow_non_ascii='' fi ;; smartdns.*) - allow_non_ascii='0' + if ! check_smartdns; then + [ "$param" != 'quiet' ] && { json add error 'errorDNSReload'; output_error "Resolver 'smartdns' not found"; } + return 1 + fi + allow_non_ascii='' ;; unbound.*) - allow_non_ascii='1' + if ! check_unbound; then + [ "$param" != 'quiet' ] && { json add error 'errorDNSReload'; output_error "Resolver 'unbound' not found"; } + return 1 + fi + allow_non_ascii='true' ;; esac case "$dns" in dnsmasq.ipset) - if dnsmasq -v 2>/dev/null | grep -q 'no-ipset' || ! dnsmasq -v 2>/dev/null | grep -q -w 'ipset'; then + if ! check_dnsmasq_feature 'ipset'; then if [ "$param" != 'quiet' ]; then json add error 'errorNoDnsmasqIpset' - output_error "$(get_text 'errorNoDnsmasqIpset')" +# output_error "$(get_text 'errorNoDnsmasqIpset')" fi dns='dnsmasq.servers' fi if ! ipset help hash:net; then if [ "$param" != 'quiet' ]; then json add error 'errorNoIpset' - output_error "$(get_text 'errorNoIpset')" +# output_error "$(get_text 'errorNoIpset')" fi dns='dnsmasq.servers' fi ;; dnsmasq.nftset) - if dnsmasq -v 2>/dev/null | grep -q 'no-nftset' || ! dnsmasq -v 2>/dev/null | grep -q -w 'nftset'; then + if ! check_dnsmasq_feature 'nftset'; then if [ "$param" != 'quiet' ]; then json add error 'errorNoDnsmasqNftset' - output_error "$(get_text 'errorNoDnsmasqNftset')" +# output_error "$(get_text 'errorNoDnsmasqNftset')" fi dns='dnsmasq.servers' fi if [ -z "$nft" ]; then if [ "$param" != 'quiet' ]; then json add error 'errorNoNft' - output_error "$(get_text 'errorNoNft')" +# output_error "$(get_text 'errorNoNft')" fi dns='dnsmasq.servers' fi @@ -826,7 +972,7 @@ load_environment() { if ! ipset help hash:net; then if [ "$param" != 'quiet' ]; then json add error 'errorNoIpset' - output_error "$(get_text 'errorNoIpset')" +# output_error "$(get_text 'errorNoIpset')" fi dns='smartdns.domainset' fi @@ -835,25 +981,26 @@ load_environment() { if [ -z "$nft" ]; then if [ "$param" != 'quiet' ]; then json add error 'errorNoNft' - output_error "$(get_text 'errorNoNft')" +# output_error "$(get_text 'errorNoNft')" fi dns='smartdns.domainset' fi ;; esac - if [ "$(sanitize_dir "$compressed_cache_dir")" = '/' ]; then - compressed_cache_dir='' - elif [ -n "$(sanitize_dir "$compressed_cache_dir")" ]; then - compressed_cache_dir="$(sanitize_dir "$compressed_cache_dir")" - else - json add warning 'warningInvalidCompressedCacheDir' "$compressed_cache_dir" - output_warning "$(get_text 'warningInvalidCompressedCacheDir' "$compressed_cache_dir")" - compressed_cache_dir="/etc" + if [ -n "$dnsmasq_config_file_url" ]; then + unset update_config_sizes + case "$dns" in + dnsmasq.conf) :;; + *) + dns='dnsmasq.conf' + if [ "$param" != 'quiet' ]; then + json add warning 'warningExternalDnsmasqConfig' + fi + ;; + esac fi - dns_set_output_values "$dns" - [ "$dns" = 'dnsmasq.addnhosts' ] || rm -f "$dnsmasqAddnhostsFile" "$dnsmasqAddnhostsCache" "${compressed_cache_dir}/${dnsmasqAddnhostsGzip}" [ "$dns" = 'dnsmasq.conf' ] || rm -f "$dnsmasqConfCache" "${compressed_cache_dir}/${dnsmasqConfGzip}" [ "$dns" = 'dnsmasq.ipset' ] || rm -f "$dnsmasqIpsetCache" "${compressed_cache_dir}/${dnsmasqIpsetGzip}" @@ -869,7 +1016,6 @@ load_environment() { if ! mkdir -p "${i%/*}"; then if [ "$param" != 'quiet' ]; then json add error 'errorOutputDirCreate' "$i" - output_error "$(get_text 'errorOutputDirCreate' "$i")" fi fi done @@ -887,41 +1033,13 @@ load_environment() { output "opkg update; opkg --force-overwrite install $s;" fi fi - # Prefer curl because it supports the file:// scheme. - if is_present 'curl'; then - dl_command='curl --silent --insecure' - dl_command="${dl_command}${curl_additional_param:+ $curl_additional_param}" - dl_command="${dl_command}${curl_max_file_size:+ --max-filesize $curl_max_file_size}" - dl_command="${dl_command}${curl_retry:+ --retry $curl_retry}" - dl_command="${dl_command}${download_timeout:+ --connect-timeout $download_timeout}" - dl_flag='-o' - elif is_present '/usr/libexec/wget-ssl'; then - dl_command='/usr/libexec/wget-ssl --no-check-certificate -q' - dl_command="${dl_command}${download_timeout:+ --timeout $download_timeout}" - dl_flag="-O" - size_command='/usr/libexec/wget-ssl --no-check-certificate -q -O /dev/null --server-response' - size_command="${size_command}${download_timeout:+ --timeout $download_timeout}" - elif is_present wget && wget --version 2>/dev/null | grep -q "+https"; then - dl_command="wget --no-check-certificate -q" - dl_command="${dl_command}${download_timeout:+ --timeout $download_timeout}" - dl_flag="-O" - size_command='wget --no-check-certificate -q -O /dev/null --server-response' - size_command="${size_command}${download_timeout:+ --timeout $download_timeout}" - else - dl_command="uclient-fetch --no-check-certificate -q" - dl_command="${dl_command}${download_timeout:+ --timeout $download_timeout}" - dl_flag="-O" - fi + + load_dl_command + led="${led:+/sys/class/leds/$led}" - if curl --version 2>/dev/null | grep -q "Protocols: .*https.*" \ - || wget --version 2>/dev/null | grep -q "+ssl"; then - isSSLSupported=1 - else - unset isSSLSupported - fi config_load "$packageName" config_foreach append_url 'file_url' allowed_url blocked_url - load_environment_flag=1 + loadEnvironmentFlag='true' adb_file 'test_cache' && return 0 adb_file 'test_gzip' && return 0 if [ "$param" = 'on_boot' ]; then @@ -933,38 +1051,61 @@ load_environment() { } resolver() { + _dnsmasq_instance_get_confdir() { + local cfg_file + [ -z "$dnsmasq_ubus" ] && dnsmasq_ubus="$(ubus call service list '{"name":"dnsmasq"}')" + cfg_file="$(echo "$dnsmasq_ubus" | jsonfilter -e "@.dnsmasq.instances.${1}.command" \ + | awk '{gsub(/\\\//,"/");gsub(/[][",]/,"");for(i=1;i<=NF;i++)if($i=="-C"){print $(i+1);exit}}')" + awk -F= '/^conf-dir=/{print $2; exit}' "$cfg_file" + } _dnsmasq_instance_config() { - local cfg="$1" param="$2" confdir confdirFile + local cfg="$1" param="$2" confdir [ -s "/etc/config/dhcp" ] || return 0 [ -n "$(uci_get dhcp "$cfg")" ] || return 1 case "$param" in dnsmasq.addnhosts) + # clean up other dnsmasq configs + confdir="$(_dnsmasq_instance_get_confdir "$cfg")" + [ -n "$confdir" ] && rm -f "${confdir}/${packageName}" + uci_remove_list 'dhcp' "$cfg" 'addnmount' "$dnsmasqConfFile" if [ "$(uci_get 'dhcp' "$cfg" 'serversfile')" = "$dnsmasqServersFile" ]; then uci_remove 'dhcp' "$cfg" 'serversfile' fi + # add dnsmasq addnhosts config uci_add_list_if_new 'dhcp' "$cfg" 'addnhosts' "$dnsmasqAddnhostsFile" ;; cleanup|unbound.adb_list) -# shellcheck disable=SC2016 - if grep -q 'config_get dnsmasqconfdir "$cfg" confdir "/tmp/dnsmasq${cfg:+.$cfg}.d"' '/etc/init.d/dnsmasq'; then - config_get confdir "$cfg" 'confdir' "/tmp/dnsmasq${cfg:+.$cfg}.d" - else - config_get confdir "$cfg" 'confdir' '/tmp/dnsmasq.d' - fi - rm -f "${confdir}/${dnsmasqConfFile}" "${confdir}/${dnsmasqIpsetFile}" "${confdir}/${dnsmasqNftsetFile}" + # clean up all dnsmasq configs + confdir="$(_dnsmasq_instance_get_confdir "$cfg")" + [ -n "$confdir" ] && rm -f "${confdir}/${packageName}" uci_remove_list 'dhcp' "$cfg" 'addnhosts' "$dnsmasqAddnhostsFile" + uci_remove_list 'dhcp' "$cfg" 'addnmount' "$dnsmasqConfFile" if [ "$(uci_get 'dhcp' "$cfg" 'serversfile')" = "$dnsmasqServersFile" ]; then uci_remove 'dhcp' "$cfg" 'serversfile' fi ;; dnsmasq.conf|dnsmasq.ipset|dnsmasq.nftset) + # clean up other dnsmasq configs uci_remove_list 'dhcp' "$cfg" 'addnhosts' "$dnsmasqAddnhostsFile" if [ "$(uci_get 'dhcp' "$cfg" 'serversfile')" = "$dnsmasqServersFile" ]; then uci_remove 'dhcp' "$cfg" 'serversfile' fi + # add dnsmasq conf addnmount to point to adblock-fast file + uci_add_list_if_new 'dhcp' "$cfg" 'addnmount' "$dnsmasqConfFile" + # add softlink to adblock-fast file + confdir="$(_dnsmasq_instance_get_confdir "$cfg")" + [ -n "$confdir" ] || return 1 + ln -sf "$dnsmasqConfFile" "${confdir}/${packageName}" + chmod 660 "${confdir}/${packageName}" + chown -h root:dnsmasq "${confdir}/${packageName}" >/dev/null 2>/dev/null ;; dnsmasq.servers) + # clean up other dnsmasq configs uci_remove_list 'dhcp' "$cfg" 'addnhosts' "$dnsmasqAddnhostsFile" + confdir="$(_dnsmasq_instance_get_confdir "$cfg")" + [ -n "$confdir" ] && rm -f "${confdir}/${packageName}" + uci_remove_list 'dhcp' "$cfg" 'addnmount' "$dnsmasqConfFile" + # add dnsmasq servers config if [ "$(uci_get 'dhcp' "$cfg" 'serversfile')" != "$dnsmasqServersFile" ]; then uci_set 'dhcp' "$cfg" 'serversfile' "$dnsmasqServersFile" fi @@ -979,36 +1120,17 @@ resolver() { config_get instance_port "$cfg" 'port' '53' str_contains_word "$force_dns_port" "$instance_port" || force_dns_port="${force_dns_port:+$force_dns_port }${instance_port}" } -# shellcheck disable=SC2016,SC2317 - _dnsmasq_instance_init() { - local cfg="$1" param="$2" confdir confdirFile - [ -s "/etc/config/dhcp" ] || return 0 - [ -n "$(uci_get 'dhcp' "$cfg")" ] || return 1 - case "$param" in - dnsmasq.conf|dnsmasq.ipset|dnsmasq.nftset) - if grep -q 'config_get dnsmasqconfdir "$cfg" confdir "/tmp/dnsmasq${cfg:+.$cfg}.d"' '/etc/init.d/dnsmasq'; then - config_get confdir "$cfg" 'confdir' "/tmp/dnsmasq${cfg:+.$cfg}.d" - else - config_get confdir "$cfg" 'confdir' '/tmp/dnsmasq.d' - fi - confdirFile="${confdir}/${outputFile}" - if ! str_contains "$outputDnsmasqFileList" "$confdirFile"; then - outputDnsmasqFileList="${outputDnsmasqFileList:+$outputDnsmasqFileList }${confdirFile}" - fi - ;; - esac - } _smartdns_instance_append_force_dns_port() { + local cfg="$1" instance_port [ -s "/etc/config/smartdns" ] || return 0 [ -n "$(uci_get 'smartdns' "$cfg")" ] || return 1 - local cfg="$1" instance_port config_get instance_port "$cfg" 'port' '53' str_contains_word "$force_dns_port" "$instance_port" || force_dns_port="${force_dns_port:+$force_dns_port }${instance_port}" } _smartdns_instance_config() { + local cfg="$1" param="$2" [ -s "/etc/config/smartdns" ] || return 0 [ -n "$(uci_get 'smartdns' "$cfg")" ] || return 1 - local cfg="$1" param="$2" case "$param" in cleanup) uci_remove_list 'smartdns' "$cfg" 'conf_files' "$outputConfig" @@ -1026,14 +1148,14 @@ resolver() { ;; smartdns.nftset) local nftset="#4:inet#fw4#adb4" - [ "$ipv6_enabled" -ne '0' ] && nftset="${nftset},#6:inet#fw4#adb6" + [ -n "$ipv6_enabled" ] && nftset="${nftset},#6:inet#fw4#adb6" { echo "domain-set -name adblock-fast -file $outputFile"; \ echo "domain-rules /domain-set:adblock-fast/ -nftset $nftset"; } > "$outputConfig" uci_add_list_if_new 'smartdns' "$cfg" 'conf_files' "$outputConfig" ;; esac } -# shellcheck disable=SC2317 +# shellcheck disable=SC2317,SC2329 _unbound_instance_append_force_dns_port() { [ -s "/etc/config/unbound" ] || return 0 [ -n "$(uci_get 'unbound' "$cfg")" ] || return 1 @@ -1058,29 +1180,16 @@ resolver() { if [ -s "/etc/config/dhcp" ]; then config_load 'dhcp' config_foreach _dnsmasq_instance_config 'dnsmasq' 'cleanup' - [ -n "$(uci_changes 'dhcp')" ] && uci_commit 'dhcp' + uci_changes 'dhcp' && uci_commit 'dhcp' fi if [ -s "/etc/config/smartdns" ]; then config_load 'smartdns' config_foreach _smartdns_instance_config 'smartdns' 'cleanup' - [ -n "$(uci_changes 'smartdns')" ] && uci_commit 'smartdns' + uci_changes 'smartdns' && uci_commit 'smartdns' fi ;; on_load) - case "$dns" in - dnsmasq.conf|dnsmasq.ipset|dnsmasq.nftset) - [ -z "$outputDnsmasqFileList" ] || return 0 - config_load 'dhcp' - if [ "$dnsmasq_instance" = "*" ]; then - config_foreach _dnsmasq_instance_init 'dnsmasq' "$dns" - elif [ -n "$dnsmasq_instance" ]; then - for i in $dnsmasq_instance; do - _dnsmasq_instance_init "@dnsmasq[$i]" "$dns" || _dnsmasq_instance_init "$i" "$dns" - done - fi - outputFile="$(str_first_word "$outputDnsmasqFileList")" - ;; - esac + : ;; on_stop|quiet|quiet_restart) eval "${resolver_name}_restart" @@ -1090,7 +1199,6 @@ resolver() { if ! adb_file 'test'; then json set status 'statusFail' json add error 'errorOutputFileCreate' "$outputFile" - output_error "$(get_text 'errorOutputFileCreate' "$outputFile")" return 1 fi output 1 "Cycling $resolver_name " @@ -1133,7 +1241,6 @@ resolver() { output_fail json set status 'statusFail' json add error 'errorDNSReload' - output_error "$(get_text 'errorDNSReload')" return 1 fi ;; @@ -1192,7 +1299,6 @@ resolver() { output_fail json set status 'statusFail' json add error 'errorNoHeartbeat' - output_error "$(get_text 'errorNoHeartbeat')" return 1 ;; revert) @@ -1209,7 +1315,6 @@ resolver() { output_fail json set status 'statusFail' json add error 'errorDNSReload' - output_error "$(get_text 'errorDNSReload')" return 1 fi ;; @@ -1227,20 +1332,13 @@ resolver() { _dnsmasq_instance_append_force_dns_port "@dnsmasq[$i]" || _dnsmasq_instance_append_force_dns_port "$i" done fi - [ -n "$(uci_changes dhcp)" ] && uci_commit 'dhcp' - if [ -n "$outputDnsmasqFileList" ]; then - local i - for i in $outputDnsmasqFileList; do - chmod 660 "$i" - chown root:dnsmasq "$i" >/dev/null 2>/dev/null - done - elif adb_file 'test'; then + uci_changes 'dhcp' && uci_commit 'dhcp' + if adb_file 'test'; then chmod 660 "$outputFile" chown root:dnsmasq "$outputFile" >/dev/null 2>/dev/null else json set status 'statusFail' json add error 'errorNoOutputFile' "$outputFile" - output_error "$(get_text 'errorNoOutputFile' "$outputFile")" return 1 fi ;; @@ -1255,11 +1353,13 @@ resolver() { _smartdns_instance_append_force_dns_port "@smartdns[$i]" || _smartdns_instance_append_force_dns_port "$i" done fi - [ -n "$(uci_changes smartdns)" ] && uci_commit 'smartdns' + uci_changes 'smartdns' && uci_commit 'smartdns' chmod 660 "$outputFile" "$outputConfig" chown root:root "$outputFile" "$outputConfig" >/dev/null 2>/dev/null ;; unbound.*) + config_load 'unbound' + config_foreach _unbound_instance_append_force_dns_port 'unbound' chmod 660 "$outputFile" chown root:unbound "$outputFile" >/dev/null 2>/dev/null ;; @@ -1273,44 +1373,12 @@ adb_file() { local R_TMP case "$1" in create|backup) - if [ -n "$outputDnsmasqFileList" ]; then - local i __firstFile - for i in $outputDnsmasqFileList; do - if [ -z "$__firstFile" ]; then - __firstFile="$i" - if ! mv "$i" "$outputCache"; then - json add error 'errorCreatingBackupFile' "$outputCache" - fi - else - if ! rm -f "$i"; then - json add error 'errorDeletingDataFile' "$i" - fi - fi - done - else - [ -s "$outputFile" ] && { mv -f "$outputFile" "$outputCache"; } >/dev/null 2>/dev/null - return $? - fi + [ -s "$outputFile" ] && { mv -f "$outputFile" "$outputCache"; } >/dev/null 2>/dev/null + return $? ;; restore|use) - if [ -n "$outputDnsmasqFileList" ]; then - local i __firstFile - for i in $outputDnsmasqFileList; do - if [ -z "$__firstFile" ]; then - __firstFile="$i" - if ! mv "$outputCache" "$i"; then - json add error 'errorRestoringBackupFile' "$i" - fi - else - if ! cp "$__firstFile" "$i"; then - json add error 'errorRestoringBackupFile' "$i" - fi - fi - done - else - [ -s "$outputCache" ] && mv "$outputCache" "$outputFile" >/dev/null 2>/dev/null - return $? - fi + [ -s "$outputCache" ] && mv "$outputCache" "$outputFile" >/dev/null 2>/dev/null + return $? ;; test|test_file) [ -s "$outputFile" ] @@ -1325,8 +1393,9 @@ adb_file() { return $? ;; create_gzip) + [ -s "$outputFile" ] || return 1 rm -f "$outputGzip" >/dev/null 2>/dev/null - R_TMP="$(mktemp -u -q -t "${packageName}_tmp.XXXXXXXX")" + R_TMP="$(mktemp -q -t "${packageName}_tmp.XXXXXXXX")" if gzip < "$outputFile" > "$R_TMP"; then if mv "$R_TMP" "$outputGzip"; then rm -f "$R_TMP" @@ -1343,16 +1412,20 @@ adb_file() { [ -s "$outputGzip" ] && gzip -dc < "$outputGzip" > "$outputCache" return $? ;; + remove_cache) + rm -f "$outputCache" >/dev/null 2>/dev/null + ;; + remove_gzip) + rm -f "$outputGzip" >/dev/null 2>/dev/null + ;; esac } process_file_url_wrapper() { if [ "$2" != '0' ]; then json add error 'errorConfigValidationFail' - output_error "$(get_text 'errorConfigValidationFail')" - output "Please check if the '$packageConfigFile' contains correct values for config options." fi - if [ "$parallel_downloads" -gt 0 ]; then + if [ -n "$parallel_downloads" ]; then process_file_url "$1" & else process_file_url "$1" @@ -1370,6 +1443,7 @@ process_file_url() { ;; esac } +# url and action are set by load_validate_file_url_section or passed as 2nd and 3rd parameter local cfg="$1" new_size local label type D_TMP R_TMP filter if [ -z "$cfg" ] || [ -n "${2}${3}" ]; then @@ -1398,9 +1472,7 @@ process_file_url() { json add error 'errorNoSSLSupport' "${name:-$url}" return 0 fi - while [ -z "$R_TMP" ] || [ -e "$R_TMP" ]; do - R_TMP="$(mktemp -u -q -t "${packageName}_tmp.XXXXXXXX")" - done + R_TMP="$(mktemp -q -t "${packageName}_tmp.XXXXXXXX")" if [ -z "$url" ] || ! $dl_command "$url" "$dl_flag" "$R_TMP" 2>/dev/null || \ [ ! -s "$R_TMP" ]; then output 1 "$_FAIL_" @@ -1466,30 +1538,17 @@ download_dnsmasq_file() { output 1 'Downloading dnsmasq file ' process_file_url '' "$dnsmasq_config_file_url" 'file' output_dns 'Moving dnsmasq file ' - local i __firstFile - for i in $outputDnsmasqFileList; do - if [ -z "$__firstFile" ]; then - __firstFile="$i" - if mv "$B_TMP" "$i"; then - output_ok - else - output_fail - json add error 'errorMovingDataFile' "$i" - fi + if mv "$B_TMP" "$outputFile"; then + output_ok else - if cp "$__firstFile" "$i"; then - output_ok - else - output_fail - json add error 'errorCopyingDataFile' "$i" - fi + output_fail + json add error 'errorMovingDataFile' "$i" fi - done output 1 '\n' } download_lists() { -# shellcheck disable=SC2317 +# shellcheck disable=SC2317,SC2329 _ram_check() { _config_calculate_sizes() { local cfg="$1" @@ -1512,7 +1571,6 @@ download_lists() { config_foreach _config_calculate_sizes 'file_url' if [ $((free_mem)) -lt $((total_sizes * 2)) ]; then json add error 'errorTooLittleRam' "$free_mem" - output_error "$(get_text 'errorTooLittleRam' "$free_mem")" return 1 else return 0 @@ -1540,16 +1598,16 @@ download_lists() { config_load "$packageName" config_foreach load_validate_file_url_section 'file_url' process_file_url_wrapper wait - if [ -n "$(uci_changes "$packageName")" ]; then + if uci_changes "$packageName"; then output 2 "[PROC] Saving updated file sizes " if [ -n "$update_config_sizes" ] && uci_commit "$packageName"; then output_ok; else output_fail; fi fi output 1 '\n' - if [ "$canary_domains_icloud" -ne '0' ]; then + if [ -n "$canary_domains_icloud" ]; then canaryDomains="${canaryDomains:+$canaryDomains }${canaryDomainsiCloud}" fi - if [ "$canary_domains_mozilla" -ne '0' ]; then + if [ -n "$canary_domains_mozilla" ]; then canaryDomains="${canaryDomains:+$canaryDomains }${canaryDomainsMozilla}" fi @@ -1569,7 +1627,7 @@ download_lists() { sed -i '/^[[:space:]]*$/d' "$B_TMP" [ ! -s "$B_TMP" ] && return 1 - if [ "$allow_non_ascii" -gt 0 ]; then + if [ -n "$allow_non_ascii" ]; then if sort -u "$B_TMP" > "$A_TMP"; then output_ok else @@ -1586,7 +1644,7 @@ download_lists() { fi end_time=$(date +%s) elapsed=$(( end_time - start_time )) - logger_debug "[PROC-DEBUG] ${step_title} took ${elapsed}s" + logger_debug "[PERF-DEBUG] ${step_title} took ${elapsed}s" case "$dns" in 'dnsmasq.conf' | 'dnsmasq.ipset' | 'dnsmasq.nftset' | 'dnsmasq.servers' | \ @@ -1636,7 +1694,7 @@ download_lists() { fi end_time=$(date +%s) elapsed=$(( end_time - start_time )) - logger_debug "[PROC-DEBUG] ${step_title} took ${elapsed}s" + logger_debug "[PERF-DEBUG] ${step_title} took ${elapsed}s" ;; *) mv "$A_TMP" "$B_TMP" @@ -1670,7 +1728,7 @@ download_lists() { fi end_time=$(date +%s) elapsed=$(( end_time - start_time )) - logger_debug "[PROC-DEBUG] ${step_title} took ${elapsed}s" + logger_debug "[PERF-DEBUG] ${step_title} took ${elapsed}s" fi start_time=$(date +%s) @@ -1699,7 +1757,7 @@ download_lists() { fi end_time=$(date +%s) elapsed=$(( end_time - start_time )) - logger_debug "[PROC-DEBUG] ${step_title} took ${elapsed}s" + logger_debug "[PERF-DEBUG] ${step_title} took ${elapsed}s" if [ -n "$outputAllowFilter" ] && [ -n "$allowed_domain" ]; then rm -f "$SED_TMP"; touch "$SED_TMP"; @@ -1723,7 +1781,7 @@ download_lists() { fi end_time=$(date +%s) elapsed=$(( end_time - start_time )) - logger_debug "[PROC-DEBUG] ${step_title} took ${elapsed}s" + logger_debug "[PERF-DEBUG] ${step_title} took ${elapsed}s" else mv "$A_TMP" "$B_TMP" fi @@ -1734,27 +1792,6 @@ download_lists() { json set message "$(get_text 'statusProcessing'): ${step_title}" case "$dns" in - dnsmasq.conf|dnsmasq.ipset|dnsmasq.nftset) - local i __firstFile - for i in $outputDnsmasqFileList; do - if [ -z "$__firstFile" ]; then - __firstFile="$i" - if mv "$B_TMP" "$i"; then - output_ok - else - output_fail - json add error 'errorMovingDataFile' "$i" - fi - else - if cp "$__firstFile" "$i"; then - output_ok - else - output_fail - json add error 'errorCopyingDataFile' "$i" - fi - fi - done - ;; unbound.adb_list) if mv "$B_TMP" "$outputFile"; then output_ok @@ -1773,28 +1810,10 @@ download_lists() { fi ;; esac - if [ "$compressed_cache" -gt 0 ]; then - start_time=$(date +%s) - step_title="Creating ${dns} compressed cache" - output 2 "[PROC] ${step_title} " - json set message "$(get_text 'statusProcessing'): ${step_title}" - if adb_file 'create_gzip'; then - output_ok - else - output_fail - json add error 'errorCreatingCompressedCache' - fi - else - rm -f "$outputGzip" - fi - end_time=$(date +%s) - elapsed=$(( end_time - start_time )) - logger_debug "[PROC-DEBUG] ${step_title} took ${elapsed}s" output 2 '[PROC] Removing temporary files ' json set message "$(get_text 'statusProcessing'): removing temporary files" - rm -f "/tmp/${packageName}_tmp."* "$ALLOWED_TMP" "$A_TMP" "$B_TMP" "$SED_TMP" "$outputCache" || j=1 - if [ $j -eq 0 ]; then + if rm -f "/tmp/${packageName}_tmp."* "$ALLOWED_TMP" "$A_TMP" "$B_TMP" "$SED_TMP" "$outputCache"; then output_ok else output_fail @@ -1803,302 +1822,8 @@ download_lists() { output 1 '\n' } -adb_allow() { - local c hf string="$1" - local validation_result="$3" - load_environment "$validation_result" 'quiet' || return 1 - if ! adb_file 'test'; then - output "No block-list ('$outputFile') found.\n" - return 0 - elif [ -z "$string" ]; then - output "Usage: /etc/init.d/${packageName} allow 'domain' ...\n" - return 0 - elif [ -n "$dnsmasq_config_file_url" ]; then - output "Allowing individual domains is not possible when using external dnsmasq config file.\n" - return 0 - fi - case "$dns" in - dnsmasq.*) - output 1 'Allowing domains and restarting dnsmasq ' - output 2 '[PROC] Allowing domains \n' - for c in $string; do - output 2 " $c " - hf="$(echo "$c" | sed 's/\./\\./g')" - local f - for f in ${outputDnsmasqFileList:-$outputFile}; do - if sed -i "\:\(/\|\.\)${hf}/:d" "$f"; then - output_ok - else - output_fail - fi - done - if [ -n "$outputAllowFilter" ]; then - if echo "$c" | sed -E "$outputAllowFilter" >> "$outputFile"; then - output_ok - else - output_fail - fi - fi - if uci_add_list_if_new "${packageName}" 'config' 'allowed_domain' "$c"; then - output_ok - else - output_fail - fi - done - if [ "$compressed_cache" -gt 0 ]; then - output 2 '[PROC] Creating compressed cache ' - if adb_file 'create_gzip'; then - output_ok - else - output_fail - fi - fi - output 2 '[PROC] Committing changes to config ' - if uci_commit "$packageName"; then - allowed_domain="$(uci_get "$packageName" 'config' 'allowed_domain')" - adb_config_cache 'create' - json set stats "$serviceName is blocking $(count_blocked_domains) domains (with ${dns})" - output_ok - if [ "$dns" = 'dnsmasq.ipset' ]; then - output 2 '[PROC] Flushing adb ipset ' - if ipset -q -! flush adb; then output_ok; else output_fail; fi - fi - if [ "$dns" = 'dnsmasq.nftset' ]; then - output 2 '[PROC] Flushing adb nft sets ' - nft flush set inet fw4 adb6 - if nft flush set inet fw4 adb4; then output_ok; else output_fail; fi - fi - output_dns 'Restarting dnsmasq ' - if dnsmasq_restart; then output_ok; else output_fail; fi - else - output_fail - fi - output 1 '\n' - ;; - smartdns.*) - output 1 'Allowing domains and restarting smartdns ' - output 2 '[PROC] Allowing domains \n' - for c in $string; do - output 2 " $c " - hf="$(echo "$c" | sed 's/\./\\./g')" - if sed -i "\:\(\"\|\.\)${hf}\":d" "$outputFile" && \ - uci_add_list_if_new "$packageName" 'config' 'allowed_domain' "$string"; then - output_ok - else - output_fail - fi - done - if [ "$compressed_cache" -gt 0 ]; then - output 2 '[PROC] Creating compressed cache ' - if adb_file 'create_gzip'; then - output_ok - else - output_fail - fi - fi - output 2 '[PROC] Committing changes to config ' - if uci_commit "$packageName"; then - allowed_domain="$(uci_get "$packageName" 'config' 'allowed_domain')" - adb_config_cache 'create' - json set stats "$serviceName is blocking $(count_blocked_domains) domains (with ${dns})" - output_ok; - output_dns 'Restarting SmartDNS ' - if smartdns_restart; then output_ok; else output_fail; fi - else - output_fail - fi - output 1 '\n' - ;; - unbound.*) - output 1 'Allowing domains and restarting Unbound ' - output 2 '[PROC] Allowing domains \n' - for c in $string; do - output 2 " $c " - hf="$(echo "$c" | sed 's/\./\\./g')" - if sed -i "\:\(\"\|\.\)${hf}\":d" "$outputFile" && \ - uci_add_list_if_new "$packageName" 'config' 'allowed_domain' "$string"; then - output_ok - else - output_fail - fi - done - if [ "$compressed_cache" -gt 0 ]; then - output 2 '[PROC] Creating compressed cache ' - if adb_file 'create_gzip'; then - output_ok - else - output_failn - fi - fi - output 2 '[PROC] Committing changes to config ' - if uci_commit "$packageName"; then - allowed_domain="$(uci_get "$packageName" 'config' 'allowed_domain')" - adb_config_cache 'create' - json set stats "$serviceName is blocking $(count_blocked_domains) domains (with ${dns})" - output_ok; - output_dns 'Restarting Unbound ' - if unbound_restart; then output_ok; else output_fail; fi - else - output_fail - fi - output 1 '\n' - ;; - esac -} - -adb_check() { - local c param="$1" - local validation_result="$3" - load_environment "$validation_result" 'quiet' || return 1 - if ! adb_file 'test'; then - output "No block-list ('$outputFile') found.\n" - return 0 - elif [ -z "$param" ]; then - output "Usage: /etc/init.d/${packageName} check 'domain' ...\n" - return 0 - fi - for string in ${param}; do - c="$(grep -c -E "$string" "$outputFile")" - if [ "$c" -gt 0 ]; then - if [ "$c" -eq 1 ]; then - output 1 "Found 1 match for '$string' in '$outputFile'.\n" - output 2 "[PROC] Found 1 match for '$string' in '$outputFile'.\n" - else - output 1 "Found $c matches for '$string' in '$outputFile'.\n" - output 2 "[PROC] Found $c matches for '$string' in '$outputFile'.\n" - fi - if [ "$c" -le 20 ]; then - grep "$string" "$outputFile" | sed "$outputOutputFilter" - fi - else - output 1 "The '$string' is not found in current block-list ('$outputFile').\n" - output 2 "[PROC] The '$string' is not found in current block-list ('$outputFile').\n" - fi - done -} - -adb_check_tld() { - local c param="$1" - local validation_result="$3" - load_environment "$validation_result" 'quiet' || return 1 - if ! adb_file 'test'; then - output "No block-list ('$outputFile') found.\n" - return 0 - fi - c="$(grep -cvE '\.|server:' "$outputFile")" - if [ "$c" -gt 0 ]; then - if [ "$c" -eq 1 ]; then - output 1 "Found 1 match for TLD in '$outputFile'.\n" - output 2 "[PROC] Found 1 match for TLD in '$outputFile'.\n" - else - output 1 "Found $c matches for TLDs in '$outputFile'.\n" - output 2 "[PROC] Found $c matches for TLDs in '$outputFile'.\n" - fi - if [ "$c" -le 20 ]; then - grep -vE '\.|server:' "$outputFile" | sed "$outputOutputFilter" - fi - else - output 1 "No TLD was found in current block-list ('$outputFile').\n" - output 2 "[PROC] No TLD was found in current block-list ('$outputFile').\n" - fi -} - -adb_check_leading_dot() { - local c param="$1" - local validation_result="$3" - local string - load_environment "$validation_result" 'quiet' || return 1 - if ! adb_file 'test'; then - output "No block-list ('$outputFile') found.\n" - return 0 - fi - case "$dns" in - dnsmasq.*) string='/\.';; - smartdns.*) string='^\.';; - unbound.*) string='"\.';; - esac - c="$(grep -c "$string" "$outputFile")" - if [ "$c" -gt 0 ]; then - if [ "$c" -eq 1 ]; then - output 1 "Found 1 match for leading-dot domain in '$outputFile'.\n" - output 2 "[PROC] Found 1 match for leading-dot domain in '$outputFile'.\n" - else - output 1 "Found $c matches for leading-dot domains in '$outputFile'.\n" - output 2 "[PROC] Found $c matches for leading-dot domains in '$outputFile'.\n" - fi - if [ "$c" -le 20 ]; then - grep "$string" "$outputFile" | sed "$outputOutputFilter" - fi - else - output 1 "No leading-dot domain was found in current block-list ('$outputFile').\n" - output 2 "[PROC] No leading-dot domain was found in current block-list ('$outputFile').\n" - fi -} - -adb_check_lists() { -# shellcheck disable=SC2317 - _check_list() { - local cfg="$1" - local en size url name R_TMP string c - config_get_bool en "$cfg" enabled '1' - config_get action "$cfg" action 'block' - config_get url "$cfg" url - config_get name "$cfg" name - name="${name:-$url}" - - [ "$en" = '0' ] && return 0 - [ "$action" != 'block' ] && return 0 - - output 1 "Checking ${name}: " - output 2 "[ DL ] $name " - - if is_https_url "$url" && [ -z "$isSSLSupported" ]; then - output_failn - return 1 - fi - while [ -z "$R_TMP" ] || [ -e "$R_TMP" ]; do - R_TMP="$(mktemp -u -q -t "${packageName}_tmp.XXXXXXXX")" - done - if [ -z "$url" ] || ! $dl_command "$url" "$dl_flag" "$R_TMP" 2>/dev/null || \ - [ ! -s "$R_TMP" ]; then - output_failn - return 1 - else - output 2 "$__OK__\n" - fi - append_newline "$R_TMP" - for string in ${param}; do - c="$(grep -c -E "$string" "$R_TMP")" - if [ "$c" -gt 0 ]; then - if [ "$c" -eq 1 ]; then - output 1 "found 1 match for '$string'.\n" - output 2 "[PROC] Found 1 match for '$string' in '$url'.\n" - else - output 1 "found $c matches for '$string'.\n" - output 2 "[PROC] Found $c matches for '$string' in '$url'.\n" - fi - grep "$string" "$R_TMP" - else - output 1 "'$string' not found.\n" - output 2 "[PROC] The '$string' is not found in '$url'.\n" - fi - done - rm -f "$R_TMP" - } - local param="$1" - local validation_result="$3" - load_environment "$validation_result" 'quiet' || return 1 - if [ -z "$param" ]; then - output "Usage: /etc/init.d/${packageName} check_lists 'domain' ...\n" - return 0 - fi - config_load "$packageName" - config_foreach _check_list 'file_url' - return 0 -} - adb_config_update() { -# shellcheck disable=SC2317 +# shellcheck disable=SC2317,SC2329 _cleanup_missing_urls() { local cfg="$1" url size config_get url "$cfg" url @@ -2107,25 +1832,23 @@ adb_config_update() { fi } local R_TMP label - local param validation_result="$3" - case "$1" in - on_boot) param="$1";; - *) param='quiet';; - esac - load_environment "$validation_result" "$param" || return 1 + local param="${1:-quiet}" + load_package_config + load_dl_command label="${config_update_url##*//}" label="${label%%/*}"; - [ "$config_update_enabled" -ne '0' ] || return 0 + [ -n "$enabled" ] || return 0 + [ -n "$config_update_enabled" ] || return 0 if [ "$param" != 'download' ]; then + adb_file 'test' && return 0 adb_file 'test_cache' && return 0 adb_file 'test_gzip' && return 0 fi + output 1 'Updating config ' output 2 "[ DL ] Config Update: $label " - while [ -z "$R_TMP" ] || [ -e "$R_TMP" ]; do - R_TMP="$(mktemp -u -q -t "${packageName}_tmp.XXXXXXXX")" - done + R_TMP="$(mktemp -q -t "${packageName}_tmp.XXXXXXXX")" if ! $dl_command "$config_update_url" "$dl_flag" "$R_TMP" 2>/dev/null || [ ! -s "$R_TMP" ]; then append_newline "$R_TMP" output_failn @@ -2141,61 +1864,35 @@ adb_config_update() { rm -f "$R_TMP" config_load "$packageName" config_foreach _cleanup_missing_urls 'file_url' - [ -n "$(uci_changes "$packageName")" ] && uci_commit "$packageName" + uci_changes "$packageName" && uci_commit "$packageName" return 0 } -adb_show_blocklist() { - local validation_result="$3" - load_environment "$validation_result" 'quiet' || return 1 - sed "$outputOutputFilter" "$outputFile" -} - -adb_sizes() { -# shellcheck disable=SC2317 - _config_add_url_size() { - local cfg="$1" url name size - config_get url "$cfg" url - config_get name "$cfg" name - size="$(get_url_filesize "$url")" - output "${name:-$url}${size:+: $size} " - if [ -n "$size" ]; then - uci_set "$packageName" "$cfg" 'size' "$size" - output_okn - else - output_failn - fi - } - local i - local validation_result="$3" - load_environment "$validation_result" 'quiet' || return 1 - config_load "$packageName" - config_foreach _config_add_url_size 'file_url' - [ -n "$(uci_changes "$packageName")" ] && [ -n "$update_config_sizes" ] && uci_commit "$packageName" -} - # shellcheck disable=SC2120 -adb_start() { - local action status error message stats p iface k - local param="$1" validation_result="$3" - - [ -n "$adbf_boot_flag" ] && return 0 - load_environment "$validation_result" "$param" || return 1 - +start_service() { + local status error param="${1:-on_start}" + local action p iface k status="$(json get status)" error="$(json get error)" - message="$(json get message)" - stats="$(json get stats)" + json del all + + case "$param" in + on_boot) + if adb_file 'test_gzip' || adb_file 'test_cache'; then + unset adbf_boot_flag + else + return 0 + fi + ;; + esac + + adb_config_update "$param" + load_environment "$param" "$(load_validate_config)" || return 1 + action="$(adb_config_cache get trigger_service)" fw4_restart_flag="$(adb_config_cache get trigger_fw4)" - if [ "$action" = 'on_boot' ] || [ "$param" = 'on_boot' ] || [ "$param" = 'on_pause' ]; then - if adb_file 'test_gzip' || adb_file 'test_cache'; then - action='restore' - else - action='download' - fi - elif [ "$action" = 'download' ] || [ "$param" = 'download' ] || [ -n "$error" ]; then + if [ -n "$error" ]; then action='download' elif ! adb_file 'test'; then if adb_file 'test_gzip' || adb_file 'test_cache'; then @@ -2203,15 +1900,29 @@ adb_start() { else action='download' fi - elif [ "$action" = 'restart' ] || [ "$param" = 'restart' ]; then - action='restart' - elif adb_file 'test' && [ "$status" = "statusSuccess" ] && [ -z "$error" ]; then - : - else - action='download' + elif [ "$status" = "statusSuccess" ]; then + action='skip' fi - json del all + case "${action}:${param}" in + on_boot:*|*:on_boot|*:on_pause) + if adb_file 'test_gzip' || adb_file 'test_cache'; then + action='restore' + else + action='download' + fi + ;; + download:*|*:download) + action='download';; + restart:*) + action='restart';; + restore:*) + action='restore';; + skip:*) + action='skip';; + *:*) + action='download';; + esac if [ "$action" = 'restore' ]; then output 1 "Starting $serviceName...\n" @@ -2225,7 +1936,6 @@ adb_start() { output_okn else output_failn - json add error 'errorRestoreCompressedCache' output_error "$(get_text 'errorRestoreCompressedCache')" action='download' fi @@ -2241,7 +1951,6 @@ adb_start() { resolver 'on_start' else output_failn - json add error 'errorRestoreCache' output_error "$(get_text 'errorRestoreCache')" action='download' fi @@ -2252,7 +1961,6 @@ adb_start() { if [ -z "$blocked_url" ] && [ -z "$blocked_domain" ]; then json set status 'statusFail' json add error 'errorNothingToDo' - output_error "$(get_text 'errorNothingToDo')" else if ! adb_file 'test' || adb_file 'test_cache' || adb_file 'test_gzip'; then output 1 "Force-reloading $serviceName...\n" @@ -2330,10 +2038,10 @@ adb_start() { done json_close_array json_add_array firewall - if [ "$force_dns" -ne '0' ]; then + if [ -n "$force_dns" ]; then # shellcheck disable=SC3060 for p in ${force_dns_port/,/ }; do - if netstat -tuln | grep LISTEN | grep ":${p}" >/dev/null 2>&1; then + if is_port_listening "$p"; then for iface in $force_dns_interface; do json_add_object '' json_add_string type 'redirect' @@ -2396,7 +2104,7 @@ adb_start() { json_add_string target 'REJECT' json_close_object done - if [ "$ipv6_enabled" -ne '0' ]; then + if [ -n "$ipv6_enabled" ]; then json_add_object '' json_add_string type 'ipset' json_add_string name 'adb6' @@ -2422,10 +2130,11 @@ adb_start() { return 0 } -adb_status() { +status_service() { local param="$1" local c status message error warning stats text local code info + load_package_config status="$(json get status)" message="$(json get message)" error="$(json get error)" @@ -2437,7 +2146,22 @@ adb_status() { else [ -n "$status" ] && status="$(get_text "$status")" status="${status}${status:+${message:+: $message}}" - [ -n "$status" ] && output "$serviceName $status!\n" + case "$(adb_file 'test_cache'; echo $?:$(adb_file 'test_gzip'; echo $?))" in + "0:0") + message="cache file and compressed cache file found" + ;; + "0:1") + message="cache file found" + ;; + "1:0") + message="compressed cache file found" + ;; + *) + unset message + ;; + esac + status="${status}${status:+${message:+ ($message)}}" + [ -n "$status" ] && output "$serviceName $status.\n" fi [ "$param" != 'quiet' ] || return 0 if [ -n "$error" ]; then @@ -2457,9 +2181,8 @@ adb_status() { } # shellcheck disable=SC2120 -adb_stop() { - local validation_result="$3" - load_environment "$validation_result" 'quiet' || return 0 +stop_service() { + load_package_config if adb_file 'test'; then output 1 "Stopping $serviceName... " output 2 "[STOP] Stopping $serviceName... " @@ -2483,96 +2206,411 @@ adb_stop() { return 0 } -adb_pause() { - local timeout="${1:-$pause_timeout}" - local validation_result="$3" - adb_stop 'on_pause' '' "$validation_result" - output 1 "Sleeping for $timeout seconds... " - output 2 "[PROC] Sleeping for $timeout seconds... " - if is_integer "$timeout" && sleep "$timeout"; then - output_okn - else - output_failn - fi - adb_start 'on_pause' '' "$validation_result" -} - -allow() { load_validate_config 'config' adb_allow "'$*'"; } boot() { # ubus -t 30 wait_for network.interface 2>/dev/null adbf_boot_flag=1 rc_procd start_service 'on_boot' && service_started 'on_boot' } -check() { load_validate_config 'config' adb_check "'$*'"; } -check_tld() { load_validate_config 'config' adb_check_tld "'$*'"; } -check_leading_dot() { load_validate_config 'config' adb_check_leading_dot "'$*'"; } -check_lists() { load_validate_config 'config' adb_check_lists "'$*'"; } -dl() { rc_procd start_service 'download'; } -killcache() { - local compressed_cache_dir - config_load "$packageName" - config_get compressed_cache_dir 'config' 'compressed_cache_dir' '/etc' - if [ "$(sanitize_dir "$compressed_cache_dir")" = '/' ]; then - compressed_cache_dir='' - elif [ -n "$(sanitize_dir "$compressed_cache_dir")" ]; then - compressed_cache_dir="$(sanitize_dir "$compressed_cache_dir")" - else - compressed_cache_dir="/etc" - fi - rm -f "$dnsmasqAddnhostsCache" "${compressed_cache_dir}/${dnsmasqAddnhostsGzip}" - rm -f "$dnsmasqConfCache" "${compressed_cache_dir}/${dnsmasqConfGzip}" - rm -f "$dnsmasqIpsetCache" "${compressed_cache_dir}/${dnsmasqIpsetGzip}" - rm -f "$dnsmasqNftsetCache" "${compressed_cache_dir}/${dnsmasqNftsetGzip}" - rm -f "$dnsmasqServersCache" "${compressed_cache_dir}/${dnsmasqServersGzip}" - rm -f "$smartdnsDomainSetCache" "${compressed_cache_dir}/${smartdnsDomainSetGzip}" - rm -f "$smartdnsIpsetCache" "${compressed_cache_dir}/${smartdnsIpsetGzip}" - rm -f "$smartdnsNftsetCache" "${compressed_cache_dir}/${smartdnsNftsetGzip}" - rm -f "$unboundCache" "${compressed_cache_dir}/${unboundGzip}" - resolver 'cleanup' - return 0 -} -show_blocklist() { load_validate_config 'config' adb_show_blocklist "'$*'"; } -reload_service() { rc_procd start_service 'restart'; } +reload_service() { rc_procd start_service 'reload'; } restart_service() { rc_procd start_service 'restart'; } -service_started() { is_fw4_restart_needed && procd_set_config_changed firewall; } service_stopped() { is_fw4_restart_needed && procd_set_config_changed firewall; } service_triggers() { local wan wan6 i - local procd_trigger_wan6 if [ -n "$adbf_boot_flag" ]; then output 1 'Setting trigger (on_boot) ' output 2 '[TRIG] Setting trigger (on_boot) ' procd_add_raw_trigger "interface.*.up" 5000 "/etc/init.d/${packageName}" start && output_okn || output_failn + triggerStatus='statusTriggerBootWait' else procd_open_validate - load_validate_config load_validate_file_url_section procd_close_validate - config_load "$packageName" - config_get_bool procd_trigger_wan6 'config' 'procd_trigger_wan6' '0' network_flush_cache network_find_wan wan wan="${wan:-wan}" - if [ "$procd_trigger_wan6" -ne '0' ]; then + if [ -n "$procd_trigger_wan6" ]; then network_find_wan6 wan6 wan6="${wan6:-wan6}" fi output 1 "Setting trigger${wan6:+s} for $wan ${wan6:+$wan6 }" output 2 "[TRIG] Setting trigger${wan6:+s} for $wan ${wan6:+$wan6 }" for i in $wan $wan6; do - procd_add_interface_trigger "interface.*" "$i" "/etc/init.d/${packageName}" start && output_okn || output_failn + procd_add_interface_trigger "interface.*" "$i" "/etc/init.d/${packageName}" start && output_ok || output_fail done + output 1 '\n' procd_add_config_trigger "config.change" "$packageName" "/etc/init.d/${packageName}" reload + triggerStatus='statusTriggerStartWait' fi } -sizes() { load_validate_config 'config' adb_sizes "''"; } -start_service() { - load_validate_config 'config' adb_config_update "'$*'" - load_validate_config 'config' adb_start "'$*'" + +service_started() { + local start_time end_time elapsed step_title + if [ -n "$compressed_cache" ] && ! adb_file 'test_gzip' && adb_file 'test'; then + start_time=$(date +%s) + step_title="Creating ${dns} compressed cache" + output 1 "${step_title} " + output 2 "[PROC] ${step_title} " + json set message "$(get_text 'statusProcessing'): ${step_title}" + if adb_file 'create_gzip'; then + output_okn + else + output_failn + json add error 'errorCreatingCompressedCache' + fi + end_time=$(date +%s) + elapsed=$(( end_time - start_time )) + logger_debug "[PERF-DEBUG] ${step_title} took ${elapsed}s" + else + adb_file 'remove_gzip' + fi + is_fw4_restart_needed && procd_set_config_changed firewall + [ -z "$(json get status)" ] && json set status "$triggerStatus" } -status_service() { adb_status "$@"; } -stop_service() { load_validate_config 'config' adb_stop "'$*'"; } -pause() { load_validate_config 'config' adb_pause "'$*'"; } + +allow() { + local c hf string="$1" + load_package_config + if ! adb_file 'test'; then + output "No block-list ('$outputFile') found.\n" + return 0 + elif [ -z "$string" ]; then + output "Usage: /etc/init.d/${packageName} allow 'domain' ...\n" + return 0 + elif [ -n "$dnsmasq_config_file_url" ]; then + output "Allowing individual domains is not possible when using external dnsmasq config file.\n" + return 0 + fi + case "$dns" in + dnsmasq.*) + output 1 'Allowing domains and restarting dnsmasq ' + output 2 '[PROC] Allowing domains \n' + for c in $string; do + output 2 " $c " + hf="$(echo "$c" | sed 's/\./\\./g')" + if sed -i "\:\(/\|\.\)${hf}/:d" "$outputFile"; then + output_ok + else + output_fail + fi + if [ -n "$outputAllowFilter" ]; then + if echo "$c" | sed -E "$outputAllowFilter" >> "$outputFile"; then + output_ok + else + output_fail + fi + fi + if uci_add_list_if_new "${packageName}" 'config' 'allowed_domain' "$c"; then + output_ok + else + output_fail + fi + done + if [ -n "$compressed_cache" ]; then + output 2 '[PROC] Creating compressed cache ' + if adb_file 'create_gzip'; then + output_ok + else + output_fail + fi + fi + output 2 '[PROC] Committing changes to config ' + if uci_commit "$packageName"; then + allowed_domain="$(uci_get "$packageName" 'config' 'allowed_domain')" + adb_config_cache 'create' + json set stats "$serviceName is blocking $(count_blocked_domains) domains (with ${dns})" + output_ok + if [ "$dns" = 'dnsmasq.ipset' ]; then + output 2 '[PROC] Flushing adb ipset ' + if ipset -q -! flush adb; then output_ok; else output_fail; fi + fi + if [ "$dns" = 'dnsmasq.nftset' ]; then + output 2 '[PROC] Flushing adb nft sets ' + nft flush set inet fw4 adb6 + if nft flush set inet fw4 adb4; then output_ok; else output_fail; fi + fi + output_dns 'Restarting dnsmasq ' + if dnsmasq_restart; then output_ok; else output_fail; fi + else + output_fail + fi + output 1 '\n' + ;; + smartdns.*) + output 1 'Allowing domains and restarting smartdns ' + output 2 '[PROC] Allowing domains \n' + for c in $string; do + output 2 " $c " + hf="$(echo "$c" | sed 's/\./\\./g')" + if sed -i "\:\(\"\|\.\)${hf}\":d" "$outputFile" && \ + uci_add_list_if_new "$packageName" 'config' 'allowed_domain' "$string"; then + output_ok + else + output_fail + fi + done + if [ -n "$compressed_cache" ]; then + output 2 '[PROC] Creating compressed cache ' + if adb_file 'create_gzip'; then + output_ok + else + output_fail + fi + fi + output 2 '[PROC] Committing changes to config ' + if uci_commit "$packageName"; then + allowed_domain="$(uci_get "$packageName" 'config' 'allowed_domain')" + adb_config_cache 'create' + json set stats "$serviceName is blocking $(count_blocked_domains) domains (with ${dns})" + output_ok; + output_dns 'Restarting SmartDNS ' + if smartdns_restart; then output_ok; else output_fail; fi + else + output_fail + fi + output 1 '\n' + ;; + unbound.*) + output 1 'Allowing domains and restarting Unbound ' + output 2 '[PROC] Allowing domains \n' + for c in $string; do + output 2 " $c " + hf="$(echo "$c" | sed 's/\./\\./g')" + if sed -i "\:\(\"\|\.\)${hf}\":d" "$outputFile" && \ + uci_add_list_if_new "$packageName" 'config' 'allowed_domain' "$string"; then + output_ok + else + output_fail + fi + done + if [ -n "$compressed_cache" ]; then + output 2 '[PROC] Creating compressed cache ' + if adb_file 'create_gzip'; then + output_ok + else + output_failn + fi + fi + output 2 '[PROC] Committing changes to config ' + if uci_commit "$packageName"; then + allowed_domain="$(uci_get "$packageName" 'config' 'allowed_domain')" + adb_config_cache 'create' + json set stats "$serviceName is blocking $(count_blocked_domains) domains (with ${dns})" + output_ok; + output_dns 'Restarting Unbound ' + if unbound_restart; then output_ok; else output_fail; fi + else + output_fail + fi + output 1 '\n' + ;; + esac +} + +check() { + local c param="$1" + load_package_config + if ! adb_file 'test'; then + output "No block-list ('$outputFile') found.\n" + return 0 + elif [ -z "$param" ]; then + output "Usage: /etc/init.d/${packageName} check 'domain' ...\n" + return 0 + fi + for string in ${param}; do + c="$(grep -c -E "$string" "$outputFile")" + if [ "$c" -gt 0 ]; then + if [ "$c" -eq 1 ]; then + output 1 "Found 1 match for '$string' in '$outputFile'.\n" + output 2 "[PROC] Found 1 match for '$string' in '$outputFile'.\n" + else + output 1 "Found $c matches for '$string' in '$outputFile'.\n" + output 2 "[PROC] Found $c matches for '$string' in '$outputFile'.\n" + fi + if [ "$c" -le 20 ]; then + grep "$string" "$outputFile" | sed "$stripToDomainsFilter" + fi + else + output 1 "The '$string' is not found in current block-list ('$outputFile').\n" + output 2 "[PROC] The '$string' is not found in current block-list ('$outputFile').\n" + fi + done +} + +check_tld() { + local c param="$1" + load_package_config + if ! adb_file 'test'; then + output "No block-list ('$outputFile') found.\n" + return 0 + fi + c="$(grep -cvE '\.|server:' "$outputFile")" + if [ "$c" -gt 0 ]; then + if [ "$c" -eq 1 ]; then + output 1 "Found 1 match for TLD in '$outputFile'.\n" + output 2 "[PROC] Found 1 match for TLD in '$outputFile'.\n" + else + output 1 "Found $c matches for TLDs in '$outputFile'.\n" + output 2 "[PROC] Found $c matches for TLDs in '$outputFile'.\n" + fi + if [ "$c" -le 20 ]; then + grep -vE '\.|server:' "$outputFile" | sed "$stripToDomainsFilter" + fi + else + output 1 "No TLD was found in current block-list ('$outputFile').\n" + output 2 "[PROC] No TLD was found in current block-list ('$outputFile').\n" + fi +} + +check_leading_dot() { + local c param="$1" + local string + load_package_config + if ! adb_file 'test'; then + output "No block-list ('$outputFile') found.\n" + return 0 + fi + case "$dns" in + dnsmasq.*) string='/\.';; + smartdns.*) string='^\.';; + unbound.*) string='"\.';; + esac + c="$(grep -c "$string" "$outputFile")" + if [ "$c" -gt 0 ]; then + if [ "$c" -eq 1 ]; then + output 1 "Found 1 match for leading-dot domain in '$outputFile'.\n" + output 2 "[PROC] Found 1 match for leading-dot domain in '$outputFile'.\n" + else + output 1 "Found $c matches for leading-dot domains in '$outputFile'.\n" + output 2 "[PROC] Found $c matches for leading-dot domains in '$outputFile'.\n" + fi + if [ "$c" -le 20 ]; then + grep "$string" "$outputFile" | sed "$stripToDomainsFilter" + fi + else + output 1 "No leading-dot domain was found in current block-list ('$outputFile').\n" + output 2 "[PROC] No leading-dot domain was found in current block-list ('$outputFile').\n" + fi +} + +check_lists() { +# shellcheck disable=SC2317,SC2329 + _check_list() { + local cfg="$1" + local en size url name R_TMP string c + config_get_bool en "$cfg" enabled '1' + config_get action "$cfg" action 'block' + config_get url "$cfg" url + config_get name "$cfg" name + name="${name:-$url}" + + [ "$en" = '0' ] && return 0 + [ "$action" != 'block' ] && return 0 + + output 1 "Checking ${name}: " + output 2 "[ DL ] $name " + + if is_https_url "$url" && [ -z "$isSSLSupported" ]; then + output_failn + return 1 + fi + R_TMP="$(mktemp -q -t "${packageName}_tmp.XXXXXXXX")" + if [ -z "$url" ] || ! $dl_command "$url" "$dl_flag" "$R_TMP" 2>/dev/null || \ + [ ! -s "$R_TMP" ]; then + output_failn + return 1 + else + output 2 "$__OK__\n" + fi + append_newline "$R_TMP" + for string in ${param}; do + c="$(grep -c -E "$string" "$R_TMP")" + if [ "$c" -gt 0 ]; then + if [ "$c" -eq 1 ]; then + output 1 "found 1 match for '$string'.\n" + output 2 "[PROC] Found 1 match for '$string' in '$url'.\n" + else + output 1 "found $c matches for '$string'.\n" + output 2 "[PROC] Found $c matches for '$string' in '$url'.\n" + fi + grep "$string" "$R_TMP" + else + output 1 "'$string' not found.\n" + output 2 "[PROC] The '$string' is not found in '$url'.\n" + fi + done + rm -f "$R_TMP" + } + local param="$1" + load_package_config + load_dl_command + if [ -z "$param" ]; then + output "Usage: /etc/init.d/${packageName} check_lists 'domain' ...\n" + return 0 + fi + config_load "$packageName" + config_foreach _check_list 'file_url' + return 0 +} + +dl() { rc_procd start_service 'download' && service_started 'download'; } + +killcache() { + load_package_config + rm -f "$dnsmasqAddnhostsCache" "${compressed_cache_dir}/${dnsmasqAddnhostsGzip}" + rm -f "$dnsmasqConfCache" "${compressed_cache_dir}/${dnsmasqConfGzip}" + rm -f "$dnsmasqIpsetCache" "${compressed_cache_dir}/${dnsmasqIpsetGzip}" + rm -f "$dnsmasqNftsetCache" "${compressed_cache_dir}/${dnsmasqNftsetGzip}" + rm -f "$dnsmasqServersCache" "${compressed_cache_dir}/${dnsmasqServersGzip}" + rm -f "$smartdnsDomainSetCache" "${compressed_cache_dir}/${smartdnsDomainSetGzip}" + rm -f "$smartdnsIpsetCache" "${compressed_cache_dir}/${smartdnsIpsetGzip}" + rm -f "$smartdnsNftsetCache" "${compressed_cache_dir}/${smartdnsNftsetGzip}" + rm -f "$unboundCache" "${compressed_cache_dir}/${unboundGzip}" + resolver 'cleanup' + return 0 +} + +pause() { + load_package_config + local timeout="${1:-$pause_timeout}" + stop_service 'on_pause' + output 1 "Sleeping for $timeout seconds... " + output 2 "[PROC] Sleeping for $timeout seconds... " + if is_integer "$timeout" && sleep "$timeout"; then + output_okn + else + output_failn + fi + start_service 'on_pause' +} + +show_blocklist() { + load_package_config + sed "$stripToDomainsFilter" "$outputFile" +} + +sizes() { +# shellcheck disable=SC2329 + _config_add_url_size() { + local cfg="$1" url name size + config_get url "$cfg" url + config_get name "$cfg" name + size="$(get_url_filesize "$url")" + output "${name:-$url}${size:+: $size} " + if [ -n "$size" ]; then + uci_set "$packageName" "$cfg" 'size' "$size" + output_okn + else + output_failn + fi + } + local i + load_package_config + load_dl_command + config_load "$packageName" + config_foreach _config_add_url_size 'file_url' + [ -n "$update_config_sizes" ] && uci_changes "$packageName" && uci_commit "$packageName" +} + version() { echo "$PKG_VERSION"; } # shellcheck disable=SC2120 @@ -2582,50 +2620,19 @@ load_validate_file_url_section() { 'action:or("allow", "block"):block' \ 'size:or(uinteger, "")' \ 'name:string' \ - 'url:string' + 'url:string' \ + ; } load_validate_config() { - local enabled - local force_dns - local force_dns_interface - local force_dns_port - local parallel_downloads - local debug - local compressed_cache - local compressed_cache_dir - local ipv6_enabled - local allow_non_ascii - local canary_domains_icloud - local canary_domains_mozilla - local config_update_enabled - local config_update_url - local download_timeout - local pause_timeout - local curl_additional_param - local curl_max_file_size - local curl_retry - local verbosity - local procd_trigger_wan6 - local procd_boot_wan_timeout - local procd_lan_interface_name - local led - local dns - local dnsmasq_instance - local smartdns_instance - local heartbeat_domain - local heartbeat_sleep_timeout - local update_config_sizes - local allowed_domain - local blocked_domain - local dnsmasq_config_file_url uci_load_validate "$packageName" "$packageName" "$1" "${2}${3:+ $3}" \ 'enabled:bool:0' \ 'force_dns:bool:1' \ 'force_dns_interface:list(network):lan' \ 'force_dns_port:list(integer):53,853' \ 'parallel_downloads:bool:1' \ - 'debug:bool:0' \ + 'debug_init_script:bool:0' \ + 'debug_performance:bool:0' \ 'compressed_cache:bool:0' \ 'compressed_cache_dir:directory:/etc' \ 'ipv6_enabled:bool:0' \ @@ -2652,5 +2659,6 @@ load_validate_config() { 'update_config_sizes:bool:1' \ 'allowed_domain:list(string)' \ 'blocked_domain:list(string)' \ - 'dnsmasq_config_file_url:string' + 'dnsmasq_config_file_url:string' \ + ; } diff --git a/net/adblock-fast/files/etc/uci-defaults/90-adblock-fast b/net/adblock-fast/files/etc/uci-defaults/90-adblock-fast index 3cf0db1984f906..1b9e19e9dd3141 100644 --- a/net/adblock-fast/files/etc/uci-defaults/90-adblock-fast +++ b/net/adblock-fast/files/etc/uci-defaults/90-adblock-fast @@ -2,6 +2,7 @@ # Copyright 2023 MOSSDeF, Stan Grishin (stangri@melmac.ca) # shellcheck disable=SC2015,SC3043,SC3060 + readonly adbFunctionsFile='/etc/init.d/adblock-fast' if [ -s "$adbFunctionsFile" ]; then # shellcheck source=../../etc/init.d/adblock-fast @@ -154,7 +155,20 @@ add_name() { if [ -s "/etc/config/${packageName}-opkg" ] && ! grep -q 'option name' "/etc/config/${packageName}"; then config_load "$packageName" config_foreach add_name 'file_url' - [ -n "$(uci_changes "$packageName")" ] && uci_commit "$packageName" fi +# migrate to 1.2.0 +oldval="$(uci_get "$packageName" 'config' 'debug')" +if [ -n "$oldval" ]; then + uci_set "$packageName" 'config' 'debug_init_script' "$oldval" + uci_remove "$packageName" 'config' 'debug' +fi +oldval="$(uci_get "$packageName" 'config' 'proc_debug')" +if [ -n "$oldval" ]; then + uci_set "$packageName" 'config' 'debug_performance' "$oldval" + uci_remove "$packageName" 'config' 'proc_debug' +fi + +uci_changes "$packageName" && uci_commit "$packageName" + exit 0 diff --git a/net/ampr-ripd/Makefile b/net/ampr-ripd/Makefile new file mode 100644 index 00000000000000..27dce8a14566b0 --- /dev/null +++ b/net/ampr-ripd/Makefile @@ -0,0 +1,100 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=ampr-ripd +PKG_VERSION:=2.4.2 +PKG_RELEASE:=2 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tgz +PKG_SOURCE_URL:=https://yo2loj.ro/hamprojects +PKG_HASH:=e4635bd0f88c1f2b0777e948a00d0470aa97254ec4b0b8fd75c79d109995a350 + +PKG_MAINTAINER:=Dan Srebnick +PKG_LICENSE:=GPL-2.0-only +PKG_LICENSE_FILES:=COPYING + +include $(INCLUDE_DIR)/package.mk + +define Package/ampr-ripd + SECTION:=net + CATEGORY:=Network + SUBMENU:=Routing and Redirection + DEPENDS:=+kmod-ipip +ip + TITLE:=Routing daemon for the AMPR network + URL:=https://www.yo2loj.ro/hamprojects +endef + +define Package/ampr-ripd/description + Routing daemon written in C similar to Hessu's rip44d including + optional resending of RIPv2 broadcasts for router injection. +endef + +CONFIGURE_VARS+= \ + CC="$(TOOLCHAIN_DIR)/bin/$(TARGET_CC)" + COPT="$(TARGET_COPT)" + +define Package/ampr-ripd/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/ampr-ripd $(1)/usr/sbin + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/ampr-ripd-init $(1)/etc/init.d/ampr-ripd + $(INSTALL_DIR) $(1)/etc/uci-defaults + $(INSTALL_DATA) ./files/99-ampr-ripd $(1)/etc/uci-defaults/99-ampr-ripd + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) ./files/ampr-ripd-config $(1)/etc/config/ampr-ripd +endef + +define Package/ampr-ripd/postrm +#!/bin/sh +[ "$${PKG_UPGRADE}" = 1 ] && exit 0 +[ -z "$${IPKG_INSTROOT}" ] || exit 0 + +echo "Removing firewall rules..." +count=$$(( $$(uci show firewall | grep -c "=rule") - 1 )) +for i in $$(seq "$$count" -1 0); do + name=$$(uci get firewall.@rule["$$i"].name) + if [ "$$name" = "Net 44 ICMP Echo Request" ] \ + || [ "$$name" = "Net 44 Router ICMP" ] \ + || [ "$$name" = "ipip" ]; then + uci del firewall.@rule["$$i"] + fi +done +uci commit firewall + +echo "Removing network rules..." +count=$$(( $$(uci show network | grep -c "=rule") - 1 )) +for i in $$(seq "$$count" -1 0); do + lookup=$$(uci get network.@rule["$$i"].lookup) + if [ "$$lookup" = "44" ]; then + uci del network.@rule["$$i"] + fi +done +uci commit network + +echo "Removing firewall zone forwarding rules..." +count=$$(( $$(uci show firewall | grep -c "=forwarding") -1 )) +for i in $$(seq "$$count" -1 0); do + name=$$(uci get firewall.@forwarding["$$i"].src) + if [ "$$name" = "amprlan" ] || [ "$$name" = "amprwan" ]; then + uci del firewall.@forwarding["$$i"] + fi +done +uci commit firewall + +echo "Removing firewall zones..." +count=$$(( $$(uci show firewall | grep -c "=zone") -1 )) +for i in $$(seq "$$count" -1 0); do + name=$$(uci get firewall.@zone["$$i"].name) + if [ "$$name" = "amprlan" ] || [ "$$name" = "amprwan" ]; then + uci del firewall.@zone["$$i"] + fi +done +uci commit firewall + +echo "Removing network interfaces..." +uci del network.amprwan +uci del network.amprlan +uci commit network + +endef + +$(eval $(call BuildPackage,ampr-ripd)) diff --git a/net/ampr-ripd/files/99-ampr-ripd b/net/ampr-ripd/files/99-ampr-ripd new file mode 100644 index 00000000000000..fcccb77c4bec00 --- /dev/null +++ b/net/ampr-ripd/files/99-ampr-ripd @@ -0,0 +1,112 @@ +############################################################################## +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# Copyright (C) 2025 Dan Srebnick (K2IE) +# +############################################################################## + +# Check to see if network.amprlan.ipaddr and network.amprwan.ipaddr exist. +# If so, no need to apply defaults. + +if [ -z "$(uci -q get network.amprlan.ipaddr)" ] && \ + [ -z "$(uci -q get network.amprwan.ipaddr)" ]; then + +echo Installing default routing rules... +r=$(uci add network rule) +uci -q batch << EOI +set network.$r.dest='44.0.0.0/9' +set network.$r.lookup='44' +set network.$r.priority='44' +EOI +r=$(uci add network rule) +uci -q batch << EOI +set network.$r.dest='44.128.0.0/10' +set network.$r.lookup='44' +set network.$r.priority='44' +EOI +r=$(uci add network rule) +uci -q batch << EOI +set network.$r.src='44.127.254.0/24' +set network.$r.lookup='44' +set network.$r.priority='45' +EOI + +echo Installing default network interfaces... +uci -q batch << EOI +set network.amprlan=interface +set network.amprlan.proto='static' +set network.amprlan.device='br-lan' +set network.amprlan.force_link='0' +set network.amprlan.ipaddr='44.127.254.254' +set network.amprlan.netmask='255.255.255.0' +set network.amprlan.defaultroute='0' +set network.amprlan.ip4table='44' +set network.amprlan.delegate='0' +set network.amprwan=interface +set network.amprwan.device='tunl0' +set network.amprwan.proto='static' +set network.amprwan.ipaddr='44.127.254.254' +set network.amprwan.netmask='255.255.255.0' +commit network +EOI + +echo Installing default firewall zones... +z=$(uci add firewall zone) +uci -q batch << EOI +set firewall.$z.name='amprlan' +set firewall.$z.network='amprlan' +EOI +z=$(uci add firewall zone) +uci -q batch << EOI +set firewall.$z.name='amprwan' +set firewall.$z.network='amprwan' +set firewall.$z.input='REJECT' +EOI +z=$(uci add firewall forwarding) +uci -q batch << EOI +set firewall.$z.src='amprlan' +set firewall.$z.dest='amprwan' +commit firewall +EOI + +echo Installing default firewall rules... +f=$(uci add firewall rule) +uci -q batch << EOI +set firewall.$f.name='ipip' +set firewall.$f.proto='ipencap' +set firewall.$f.src='wan' +set firewall.$f.target='ACCEPT' +set firewall.$f.family='ipv4' +set firewall.$f.icmp_type='echo-request' +EOI +f=$(uci add firewall rule) +uci -q batch << EOI +set firewall.$f.name='Net 44 ICMP Echo Request' +set firewall.$f.proto='icmp' +set firewall.$f.src='amprwan' +set firewall.$f.dest='amprlan' +set firewall.$f.target='ACCEPT' +set firewall.$f.family='ipv4' +set firewall.$f.icmp_type='echo-request' +EOI +f=$(uci add firewall rule) +uci -q batch << EOI +set firewall.$f.name='Net 44 Router ICMP' +set firewall.$f.proto='icmp' +set firewall.$f.src='amprwan' +set firewall.$f.target='ACCEPT' +set firewall.$f.family='ipv4' +set firewall.$f.icmp_type='echo-request' +commit firewall +EOI + +fi +exit diff --git a/net/ampr-ripd/files/ampr-ripd-config b/net/ampr-ripd/files/ampr-ripd-config new file mode 100644 index 00000000000000..a7d7d5185688a7 --- /dev/null +++ b/net/ampr-ripd/files/ampr-ripd-config @@ -0,0 +1,4 @@ + +config ampr-ripd 'network' + option tunnet 44.127.254.0/255.255.255.0 + diff --git a/net/ampr-ripd/files/ampr-ripd-init b/net/ampr-ripd/files/ampr-ripd-init new file mode 100755 index 00000000000000..e1df78aca0244f --- /dev/null +++ b/net/ampr-ripd/files/ampr-ripd-init @@ -0,0 +1,83 @@ +#!/bin/sh /etc/rc.common + +START=95 +STOP=10 + +extra_command "configure" "Configure service parameters" + +start() { + default_addr="44.127.254.254" + if [ "$(uci get network.amprlan.ipaddr)" = "$default_addr" ] || \ + [ "$(uci get network.amprwan.ipaddr)" = "$default_addr" ]; then + + cat <<-EOF + ampr-ripd is not fully configured. + You must run /etc/init.d/ampr-ripd configure. + EOF + + exit 1 + fi + if [ ! -d /var/lib/ampr-ripd ]; then + mkdir -p /var/lib/ampr-ripd + fi + ip tunnel change ttl 64 mode ipip tunl0 + ip link set dev tunl0 up + ifconfig tunl0 mtu 1480 + tunnet=$(uci -q get ampr-ripd.network.tunnet) + /usr/sbin/ampr-ripd -s -r -t 44 -i tunl0 -a "$tunnet" +} + +stop() { + ifconfig tunl0 down + killall ampr-ripd +} + +configure() { + if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ]; then + cat <<-EOF + + Usage: /etc/init.d/ampr-ripd configure [amprhost] [amprmask] [amprnet] + + amprhost is the 44 net address assigned to your OpenWrt host + amprmask is the full netmask of your AMPR assigned network + amprnet is the network number of your AMPR assigned network + + Eg. /etc/init.d/ampr-ripd configure 44.127.254.1 255.255.255.0 44.127.254.0 + EOF + exit 1 + fi + amprhost=$1 + amprmask=$2 + amprnet=$3 + + cat <<-EOF + Configuring ampr-ripd with values: + + amprhost=$amprhost + amprmask=$amprmask + amprnet=$amprnet + EOF + + tunnet=$amprnet/$amprmask + uci set ampr-ripd.network.tunnet="$tunnet" + uci commit ampr-ripd + uci set network.amprlan.ipaddr="$amprhost" + uci set network.amprlan.netmask="$amprmask" + uci set network.amprwan.ipaddr="$amprhost" + uci set network.amprwan.netmask="$amprmask" + for i in $(uci show network | awk -F= "/@rule/ && /lookup='44'/ {split(\$1, conf, /[.=]/); print conf[2]}"); do + if [ "$(uci -q get "network.$i.priority")" = "45" ]; then + uci set "network.$i.src=$tunnet" + fi + done + uci commit network + + cat <<-EOF + + Now, do the following: + /etc/init.d/ampr-ripd restart + /etc/init.d/network restart + EOF + + exit 0 +} diff --git a/net/ampr-ripd/test.sh b/net/ampr-ripd/test.sh new file mode 100644 index 00000000000000..c8a730ae27bfc8 --- /dev/null +++ b/net/ampr-ripd/test.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +"$1" -h 2>&1 | grep "$PKG_VERSION" diff --git a/net/apache/Makefile b/net/apache/Makefile index f471f9f7bb1404..11031352eb89cc 100644 --- a/net/apache/Makefile +++ b/net/apache/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=apache -PKG_VERSION:=2.4.62 +PKG_VERSION:=2.4.65 PKG_RELEASE:=1 PKG_SOURCE_NAME:=httpd PKG_SOURCE:=$(PKG_SOURCE_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=@APACHE/httpd/ -PKG_HASH:=674188e7bf44ced82da8db522da946849e22080d73d16c93f7f4df89e25729ec +PKG_HASH:=58b8be97d9940ec17f7656c0c6b9f41b618aac468b894b534148e3296c53b8b3 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_SOURCE_NAME)-$(PKG_VERSION) diff --git a/net/bind/Makefile b/net/bind/Makefile index 148c1d7e1d8db4..e24f7f42521c98 100644 --- a/net/bind/Makefile +++ b/net/bind/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=bind -PKG_VERSION:=9.20.11 +PKG_VERSION:=9.20.15 PKG_RELEASE:=1 USERID:=bind=57:bind=57 @@ -22,7 +22,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:= \ https://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) \ https://ftp.isc.org/isc/bind9/$(PKG_VERSION) -PKG_HASH:=4da2d532e668bc21e883f6e6d9d3d81794d9ec60b181530385649a56f46ee17a +PKG_HASH:=d62b38fae48ba83fca6181112d0c71018d8b0f2ce285dc79dc6a0367722ccabb PKG_FIXUP:=autoreconf PKG_REMOVE_FILES:=aclocal.m4 libtool.m4 diff --git a/net/cloudreve/Makefile b/net/cloudreve/Makefile index 2189b7376fad95..d23e3ce1334443 100644 --- a/net/cloudreve/Makefile +++ b/net/cloudreve/Makefile @@ -5,13 +5,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=cloudreve -PKG_VERSION:=4.3.0 +PKG_VERSION:=4.9.2 PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/cloudreve/Cloudreve.git PKG_SOURCE_VERSION:=$(PKG_VERSION) -PKG_MIRROR_HASH:=53e27f3a112cdbb5315b044ce62708792e18fca3e44bcd4f793d6b0403bf14ce +PKG_MIRROR_HASH:=d88edc8af20a5cce662689a297123d1b4d504b0ca0499942068bdbb3c9ec8ea7 PKG_LICENSE:=GPL-3.0-only PKG_LICENSE_FILES:=LICENSE diff --git a/net/dnscrypt-proxy2/Makefile b/net/dnscrypt-proxy2/Makefile index 2c0286ed0c2527..5c7ed64d1ae5b9 100644 --- a/net/dnscrypt-proxy2/Makefile +++ b/net/dnscrypt-proxy2/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnscrypt-proxy2 -PKG_VERSION:=2.1.5 +PKG_VERSION:=2.1.14 PKG_RELEASE:=1 PKG_SOURCE:=dnscrypt-proxy-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/DNSCrypt/dnscrypt-proxy/tar.gz/$(PKG_VERSION)? -PKG_HASH:=044c4db9a3c7bdcf886ff8f83c4b137d2fd37a65477a92bfe86bf69587ea7355 +PKG_HASH:=495c4f494d40068e5e3ddcb8748d91b90e99f2516060e3b59520b9f3d6148a9e PKG_BUILD_DIR:=$(BUILD_DIR)/dnscrypt-proxy-$(PKG_VERSION) PKG_MAINTAINER:=Josef Schlehofer @@ -31,6 +31,7 @@ include ../../lang/golang/golang-package.mk GO_MOD_ARGS:= GO_PKG_BUILD_VARS+= GO111MODULE=off +GO_PKG_INSTALL_EXTRA:= dnscrypt-proxy/static/ define Package/dnscrypt-proxy2 SECTION:=net diff --git a/net/dufs/Makefile b/net/dufs/Makefile index 476efc0aeff0d4..cfe0666626c55c 100644 --- a/net/dufs/Makefile +++ b/net/dufs/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dufs -PKG_VERSION:=0.43.0 -PKG_RELEASE:=3 +PKG_VERSION:=0.45.0 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/sigoden/dufs/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=4ba3b90486336efc4e592bcf15f14d4e3b6ac7b3b1bf8770815b8c43975d8b01 +PKG_HASH:=62aa2cadd77e1bd9d96c77cbd832a53ffc364301c549001bf8fd9d023cbd8ab1 PKG_MAINTAINER:=Tianling Shen PKG_LICENSE:=Apache-2.0 MIT @@ -40,10 +40,6 @@ define Package/dufs/conffiles /etc/config/dufs endef -define Build/Compile - $(call Build/Compile/Cargo,,--locked) -endef - define Package/dufs/install $(INSTALL_DIR) $(1)/usr/bin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/bin/dufs $(1)/usr/bin/ diff --git a/net/fail2ban/Makefile b/net/fail2ban/Makefile index a4b25f2a217a60..a963af1f621cc3 100644 --- a/net/fail2ban/Makefile +++ b/net/fail2ban/Makefile @@ -6,14 +6,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fail2ban -PKG_VERSION:=0.11.2 -PKG_RELEASE:=9 +PKG_VERSION:=1.1.0 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/fail2ban/fail2ban/tar.gz/$(PKG_VERSION)? -PKG_HASH:=383108e5f8644cefb288537950923b7520f642e7e114efb843f6e7ea9268b1e0 +PKG_HASH:=474fcc25afdaf929c74329d1e4d24420caabeea1ef2e041a267ce19269570bae -PKG_MAINTAINER:=Gerald Kerma +PKG_MAINTAINER:= PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=COPYING PKG_CPE_ID:=cpe:/a:fail2ban:fail2ban @@ -21,15 +21,13 @@ PKG_CPE_ID:=cpe:/a:fail2ban:fail2ban include $(INCLUDE_DIR)/package.mk include ../../lang/python/python3-package.mk -HOST_BUILD_DEPENDS:=2to3/host - define Package/fail2ban SECTION:=net CATEGORY:=Network TITLE:=ban hosts that cause multiple authentication errors URL:=https://www.fail2ban.org/ DEPENDS:= \ - +iptables \ + +nftables \ +python3-light \ +python3-ctypes \ +python3-distutils \ @@ -50,7 +48,6 @@ define Package/fail2ban/conffiles endef define Build/Compile - cd $(PKG_BUILD_DIR) && ./fail2ban-2to3 $(call Py3Build/Compile) endef diff --git a/net/fail2ban/patches/010-dropbear-regex-fix.patch b/net/fail2ban/patches/010-dropbear-regex-fix.patch new file mode 100644 index 00000000000000..351cf97f2d7783 --- /dev/null +++ b/net/fail2ban/patches/010-dropbear-regex-fix.patch @@ -0,0 +1,44 @@ +From f29a49e39c66e43de6cf1d2a9085c00cca5eca99 Mon Sep 17 00:00:00 2001 +From: sebres +Date: Fri, 27 Dec 2024 16:43:33 +0100 +Subject: [PATCH] `filter.d/dropbear.conf`: failregex extended to match + different format of "Exit before auth" message; closes gh-3791 + +Upstream-Status: Backport [https://github.com/fail2ban/fail2ban/commit/a796cc9b91656721fee0d1904911101c678452ad] + +Signed-off-by: Andrey Zotikov +--- + config/filter.d/dropbear.conf | 7 ++++--- + fail2ban/tests/files/logs/dropbear | 8 ++++++++ + 2 files changed, 12 insertions(+), 3 deletions(-) + +--- a/config/filter.d/dropbear.conf ++++ b/config/filter.d/dropbear.conf +@@ -25,9 +25,10 @@ _daemon = dropbear + + prefregex = ^%(__prefix_line)s(?:[Ll]ogin|[Bb]ad|[Ee]xit).+$ + +-failregex = ^[Ll]ogin attempt for nonexistent user ('.*' )?from :\d+$ +- ^[Bb]ad (PAM )?password attempt for .+ from (:\d+)?$ +- ^[Ee]xit before auth \(user '.+', \d+ fails\): Max auth tries reached - user '.+' from :\d+\s*$ ++failregex = ^[Ll]ogin attempt for nonexistent user (?:'.*' )?from :\d+$ ++ ^[Bb]ad (?:PAM )?password attempt for '.+' from (?::\d+)?$ ++ ^[Ee]xit before auth from \:\d+\>?: (?:\([^\)]*\): )?Max auth tries reached - user '.+'\s*$ ++ ^[Ee]xit before auth \(user '.+', \d+ fails\): Max auth tries reached - user '.+' from :\d+\s*$ + + ignoreregex = + +--- a/fail2ban/tests/files/logs/dropbear ++++ b/fail2ban/tests/files/logs/dropbear +@@ -13,3 +13,11 @@ Jul 27 01:04:12 fail2ban-test dropbear[1 + Jul 27 01:04:22 fail2ban-test dropbear[1335]: Exit before auth (user 'root', 10 fails): Max auth tries reached - user 'root' from 1.2.3.4:60588 + # failJSON: { "time": "2005-07-27T01:18:59", "match": true , "host": "1.2.3.4" } + Jul 27 01:18:59 fail2ban-test dropbear[1477]: Login attempt for nonexistent user from 1.2.3.4:60794 ++ ++# failJSON: { "time": "2005-07-10T23:53:52", "match": true , "host": "1.2.3.4", "desc": "extra pid/timestamp may be logged into journal, gh-3597" } ++Jul 10 23:53:52 fail2ban-test dropbear[825]: [825] Jul 10 23:53:52 Bad password attempt for 'root' from 1.2.3.4:52289 ++ ++# failJSON: { "time": "2005-07-10T23:57:29", "match": true , "host": "192.0.2.3", "desc": "different message format, gh-3791" } ++Jul 10 23:57:29 fail2ban-test dropbear[825]: [825] Jul 10 23:57:29 Exit before auth from <192.0.2.3:52289>: (user 'root', 10 fails): Max auth tries reached - user 'root' ++# failJSON: { "time": "2005-07-10T23:59:24", "match": true , "host": "192.0.2.3", "desc": "different message format, gh-3791" } ++Jul 10 23:59:24 fail2ban-test dropbear[826]: [826] Jul 10 23:59:24 Exit before auth from <192.0.2.3:52325>: Max auth tries reached - user 'is invalid' diff --git a/net/fail2ban/patches/010-python3.10_compat.patch b/net/fail2ban/patches/010-python3.10_compat.patch deleted file mode 100644 index 24aec98f88d90f..00000000000000 --- a/net/fail2ban/patches/010-python3.10_compat.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 2b6bb2c1bed8f7009631e8f8c306fa3160324a49 Mon Sep 17 00:00:00 2001 -From: "Sergey G. Brester" -Date: Mon, 8 Feb 2021 17:19:24 +0100 -Subject: [PATCH 2/4] follow bpo-37324: - :ref:`collections-abstract-base-classes` moved to the :mod:`collections.abc` - module - -(since 3.10-alpha.5 `MutableMapping` is missing in collections module) ---- - fail2ban/server/action.py | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - ---- a/fail2ban/server/action.py -+++ b/fail2ban/server/action.py -@@ -30,7 +30,10 @@ import tempfile - import threading - import time - from abc import ABCMeta --from collections import MutableMapping -+try: -+ from collections.abc import MutableMapping -+except ImportError: -+ from collections import MutableMapping - - from .failregex import mapTag2Opt - from .ipdns import DNSUtils ---- a/fail2ban/server/actions.py -+++ b/fail2ban/server/actions.py -@@ -28,7 +28,10 @@ import logging - import os - import sys - import time --from collections import Mapping -+try: -+ from collections.abc import Mapping -+except ImportError: -+ from collections import Mapping - try: - from collections import OrderedDict - except ImportError: ---- a/fail2ban/server/jails.py -+++ b/fail2ban/server/jails.py -@@ -22,7 +22,10 @@ __copyright__ = "Copyright (c) 2004 Cyri - __license__ = "GPL" - - from threading import Lock --from collections import Mapping -+try: -+ from collections.abc import Mapping -+except ImportError: -+ from collections import Mapping - - from ..exceptions import DuplicateJailException, UnknownJailException - from .jail import Jail diff --git a/net/fail2ban/patches/020-fix-2to3.patch b/net/fail2ban/patches/020-fix-2to3.patch deleted file mode 100644 index 203e2c78019bd3..00000000000000 --- a/net/fail2ban/patches/020-fix-2to3.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 196c55e93103d1e56d1336f27a5f2591b4e54fef Mon Sep 17 00:00:00 2001 -From: sebres -Date: Sun, 19 Sep 2021 18:49:18 +0200 -Subject: [PATCH] fix gh-3098: build fails with error in fail2ban setup - command: use_2to3 is invalid (setuptools 58+) - ---- - setup.py | 16 +--------------- - 1 file changed, 1 insertion(+), 15 deletions(-) - ---- a/setup.py -+++ b/setup.py -@@ -56,7 +56,7 @@ import warnings - from glob import glob - - from fail2ban.setup import updatePyExec -- -+from fail2ban.version import version - - source_dir = os.path.realpath(os.path.dirname( - # __file__ seems to be overwritten sometimes on some python versions (e.g. bug of 2.6 by running under cProfile, etc.): -@@ -120,22 +120,12 @@ class install_scripts_f2b(install_script - # Wrapper to specify fail2ban own options: - class install_command_f2b(install): - user_options = install.user_options + [ -- ('disable-2to3', None, 'Specify to deactivate 2to3, e.g. if the install runs from fail2ban test-cases.'), - ('without-tests', None, 'without tests files installation'), - ] - def initialize_options(self): -- self.disable_2to3 = None - self.without_tests = not with_tests - install.initialize_options(self) - def finalize_options(self): -- global _2to3 -- ## in the test cases 2to3 should be already done (fail2ban-2to3): -- if self.disable_2to3: -- _2to3 = False -- if _2to3: -- cmdclass = self.distribution.cmdclass -- cmdclass['build_py'] = build_py_2to3 -- cmdclass['build_scripts'] = build_scripts_2to3 - if self.without_tests: - self.distribution.scripts.remove('bin/fail2ban-testcases') - -@@ -186,7 +176,6 @@ commands.''' - if setuptools: - setup_extra = { - 'test_suite': "fail2ban.tests.utils.gatherTests", -- 'use_2to3': True, - } - else: - setup_extra = {} -@@ -210,9 +199,6 @@ if platform_system in ('linux', 'solaris - ('/usr/share/doc/fail2ban', doc_files) - ) - --# Get version number, avoiding importing fail2ban. --# This is due to tests not functioning for python3 as 2to3 takes place later --exec(open(join("fail2ban", "version.py")).read()) - - setup( - name = "fail2ban", diff --git a/net/fail2ban/patches/020-nftables.patch b/net/fail2ban/patches/020-nftables.patch new file mode 100644 index 00000000000000..bc2f2e43877f03 --- /dev/null +++ b/net/fail2ban/patches/020-nftables.patch @@ -0,0 +1,41 @@ +From d56cda8f2a8dc3f69943545255d6934a73d0b1aa Mon Sep 17 00:00:00 2001 +From: sebres +Date: Fri, 26 Apr 2024 00:25:19 +0200 +Subject: [PATCH] cherry-pick from debian: debian default banactions are + nftables, systemd backend for sshd closes gh-3292 + +Upstream-Status: Backport [https://github.com/fail2ban/fail2ban/commit/d0d07285234871bad3dc0c359d0ec03365b6dddc] + +Signed-off-by: Andrey Zotikov +--- + config/jail.conf | 4 ++-- + config/paths-debian.conf | 5 +++++ + 2 files changed, 7 insertions(+), 2 deletions(-) + +--- a/config/jail.conf ++++ b/config/jail.conf +@@ -205,8 +205,8 @@ fail2ban_agent = Fail2Ban/%(fail2ban_ver + # iptables-multiport, shorewall, etc) It is used to define + # action_* variables. Can be overridden globally or per + # section within jail.local file +-banaction = iptables-multiport +-banaction_allports = iptables-allports ++#banaction = iptables-multiport ++#banaction_allports = iptables-allports + + # The simplest action to take: ban only + action_ = %(banaction)s[port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] +--- a/config/paths-debian.conf ++++ b/config/paths-debian.conf +@@ -9,6 +9,11 @@ after = paths-overrides.local + + [DEFAULT] + ++banaction = nftables ++banaction_allports = nftables[type=allports] ++ ++sshd_backend = systemd ++ + syslog_mail = /var/log/mail.log + + # control the `mail.warn` setting, see `/etc/rsyslog.d/50-default.conf` (if commented `mail.*` wins). diff --git a/net/fail2ban/patches/101-move-global-groups-to-start-of-expression-python-3.11-compat.patch b/net/fail2ban/patches/101-move-global-groups-to-start-of-expression-python-3.11-compat.patch deleted file mode 100644 index bd50c17bbac1e9..00000000000000 --- a/net/fail2ban/patches/101-move-global-groups-to-start-of-expression-python-3.11-compat.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 7e2ab36d86998575853150c0a57de5e22518cf66 Mon Sep 17 00:00:00 2001 -From: sebres -Date: Tue, 21 Jun 2022 16:55:57 +0200 -Subject: [PATCH] move global groups to start of expression (python 3.11 - compat) - -[remove change to regex not in 0.11.2] -Signed-off-by: Jeffery To ---- - fail2ban/client/fail2banregex.py | 2 +- - fail2ban/server/datetemplate.py | 8 ++++++++ - 2 files changed, 9 insertions(+), 1 deletion(-) - ---- a/fail2ban/server/datetemplate.py -+++ b/fail2ban/server/datetemplate.py -@@ -35,6 +35,7 @@ logSys = getLogger(__name__) - # check already grouped contains "(", but ignores char "\(" and conditional "(?(id)...)": - RE_GROUPED = re.compile(r'(? -Date: Tue, 21 Jun 2022 16:56:57 +0200 -Subject: [PATCH] wrap global flags like ((?i)xxx) or (?:(?i)xxx) to local - flags (?i:xxx) if supported by RE-engine in the python version - ---- - fail2ban/server/failregex.py | 10 ++++++++++ - 1 file changed, 10 insertions(+) - ---- a/fail2ban/server/failregex.py -+++ b/fail2ban/server/failregex.py -@@ -91,6 +91,13 @@ R_MAP = { - "port": "fport", - } - -+# map global flags like ((?i)xxx) or (?:(?i)xxx) to local flags (?i:xxx) if supported by RE-engine in this python version: -+try: -+ re.search("^re(?i:val)$", "reVAL") -+ R_GLOB2LOCFLAGS = ( re.compile(r"(? -Date: Mon, 21 Jun 2021 17:12:53 +0200 -Subject: [PATCH] fixed possible RCE vulnerability, unset escape variable - (default tilde) stops consider "~" char after new-line as composing escape - sequence - ---- - config/action.d/complain.conf | 2 +- - config/action.d/dshield.conf | 2 +- - config/action.d/mail-buffered.conf | 8 ++++---- - config/action.d/mail-whois-lines.conf | 2 +- - config/action.d/mail-whois.conf | 6 +++--- - config/action.d/mail.conf | 6 +++--- - 6 files changed, 13 insertions(+), 13 deletions(-) - ---- a/config/action.d/complain.conf -+++ b/config/action.d/complain.conf -@@ -102,7 +102,7 @@ logpath = /dev/null - # Notes.: Your system mail command. Is passed 2 args: subject and recipient - # Values: CMD - # --mailcmd = mail -s -+mailcmd = mail -E 'set escape' -s - - # Option: mailargs - # Notes.: Additional arguments to mail command. e.g. for standard Unix mail: ---- a/config/action.d/dshield.conf -+++ b/config/action.d/dshield.conf -@@ -179,7 +179,7 @@ tcpflags = - # Notes.: Your system mail command. Is passed 2 args: subject and recipient - # Values: CMD - # --mailcmd = mail -s -+mailcmd = mail -E 'set escape' -s - - # Option: mailargs - # Notes.: Additional arguments to mail command. e.g. for standard Unix mail: ---- a/config/action.d/mail-buffered.conf -+++ b/config/action.d/mail-buffered.conf -@@ -17,7 +17,7 @@ actionstart = printf %%b "Hi,\n - The jail has been started successfully.\n - Output will be buffered until lines are available.\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : started on " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : started on " - - # Option: actionstop - # Notes.: command executed at the stop of jail (or at the end of Fail2Ban) -@@ -28,13 +28,13 @@ actionstop = if [ -f ]; then - These hosts have been banned by Fail2Ban.\n - `cat ` - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : Summary from " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : Summary from " - rm - fi - printf %%b "Hi,\n - The jail has been stopped.\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : stopped on " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : stopped on " - - # Option: actioncheck - # Notes.: command executed once before each actionban command -@@ -55,7 +55,7 @@ actionban = printf %%b "`date`: (` - \nRegards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : Summary" -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : Summary" - rm - fi - ---- a/config/action.d/mail-whois-lines.conf -+++ b/config/action.d/mail-whois-lines.conf -@@ -72,7 +72,7 @@ actionunban = - # Notes.: Your system mail command. Is passed 2 args: subject and recipient - # Values: CMD - # --mailcmd = mail -s -+mailcmd = mail -E 'set escape' -s - - # Default name of the chain - # ---- a/config/action.d/mail-whois.conf -+++ b/config/action.d/mail-whois.conf -@@ -20,7 +20,7 @@ norestored = 1 - actionstart = printf %%b "Hi,\n - The jail has been started successfully.\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : started on " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : started on " - - # Option: actionstop - # Notes.: command executed at the stop of jail (or at the end of Fail2Ban) -@@ -29,7 +29,7 @@ actionstart = printf %%b "Hi,\n - actionstop = printf %%b "Hi,\n - The jail has been stopped.\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : stopped on " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : stopped on " - - # Option: actioncheck - # Notes.: command executed once before each actionban command -@@ -49,7 +49,7 @@ actionban = printf %%b "Hi,\n - Here is more information about :\n - `%(_whois_command)s`\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : banned from " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : banned from " - - # Option: actionunban - # Notes.: command executed when unbanning an IP. Take care that the ---- a/config/action.d/mail.conf -+++ b/config/action.d/mail.conf -@@ -16,7 +16,7 @@ norestored = 1 - actionstart = printf %%b "Hi,\n - The jail has been started successfully.\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : started on " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : started on " - - # Option: actionstop - # Notes.: command executed at the stop of jail (or at the end of Fail2Ban) -@@ -25,7 +25,7 @@ actionstart = printf %%b "Hi,\n - actionstop = printf %%b "Hi,\n - The jail has been stopped.\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : stopped on " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : stopped on " - - # Option: actioncheck - # Notes.: command executed once before each actionban command -@@ -43,7 +43,7 @@ actionban = printf %%b "Hi,\n - The IP has just been banned by Fail2Ban after - attempts against .\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : banned from " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : banned from " - - # Option: actionunban - # Notes.: command executed when unbanning an IP. Take care that the diff --git a/net/git/Makefile b/net/git/Makefile index 48d653749b48bf..c62deea736c61d 100644 --- a/net/git/Makefile +++ b/net/git/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=git -PKG_VERSION:=2.46.4 +PKG_VERSION:=2.50.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@KERNEL/software/scm/git/ -PKG_HASH:=0d5c029edfea24abb4cbda385eff2b66ae946dd74849a350e4420f1eefa71aad +PKG_HASH:=7e3e6c36decbd8f1eedd14d42db6674be03671c2204864befa2a41756c5c8fc4 PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=COPYING diff --git a/net/git/patches/200-imapsend_without_curl.patch b/net/git/patches/200-imapsend_without_curl.patch index 061a44341fbf63..a0c02a24b93cd9 100644 --- a/net/git/patches/200-imapsend_without_curl.patch +++ b/net/git/patches/200-imapsend_without_curl.patch @@ -1,6 +1,6 @@ --- a/Makefile +++ b/Makefile -@@ -1636,7 +1636,7 @@ else +@@ -1685,7 +1685,7 @@ else endif curl_check := $(shell (echo 072200; $(CURL_CONFIG) --vernum | sed -e '/^70[BC]/s/^/0/') 2>/dev/null | sort -r | sed -ne 2p) ifeq "$(curl_check)" "072200" diff --git a/net/git/patches/300-openssl-deprecated.patch b/net/git/patches/300-openssl-deprecated.patch index 16b5543a0d8b50..67916d764e0e4b 100644 --- a/net/git/patches/300-openssl-deprecated.patch +++ b/net/git/patches/300-openssl-deprecated.patch @@ -14,7 +14,7 @@ Signed-off-by: Rosen Penev --- a/imap-send.c +++ b/imap-send.c -@@ -259,8 +259,10 @@ static int ssl_socket_connect(struct ima +@@ -263,8 +263,10 @@ static int ssl_socket_connect(struct ima int ret; X509 *cert; diff --git a/net/git/patches/310-fix-uname-detection-for-crosscompiling b/net/git/patches/310-fix-uname-detection-for-crosscompiling index 4b884d2984d843..85f464c425a041 100644 --- a/net/git/patches/310-fix-uname-detection-for-crosscompiling +++ b/net/git/patches/310-fix-uname-detection-for-crosscompiling @@ -22,7 +22,7 @@ Signed-off-by: Mauro Condarelli --- a/config.mak.uname +++ b/config.mak.uname -@@ -4,12 +4,12 @@ +@@ -4,11 +4,11 @@ # Microsoft's Safe Exception Handling in libraries (such as zlib). # Typically required for VS2013+/32-bit compilation on Vista+ versions. @@ -30,13 +30,11 @@ Signed-off-by: Mauro Condarelli -uname_M := $(shell sh -c 'uname -m 2>/dev/null || echo not') -uname_O := $(shell sh -c 'uname -o 2>/dev/null || echo not') -uname_R := $(shell sh -c 'uname -r 2>/dev/null || echo not') --uname_P := $(shell sh -c 'uname -p 2>/dev/null || echo not') -uname_V := $(shell sh -c 'uname -v 2>/dev/null || echo not') +uname_S ?= $(shell sh -c 'uname -s 2>/dev/null || echo not') +uname_M ?= $(shell sh -c 'uname -m 2>/dev/null || echo not') +uname_O ?= $(shell sh -c 'uname -o 2>/dev/null || echo not') +uname_R ?= $(shell sh -c 'uname -r 2>/dev/null || echo not') -+uname_P ?= $(shell sh -c 'uname -p 2>/dev/null || echo not') +uname_V ?= $(shell sh -c 'uname -v 2>/dev/null || echo not') ifneq ($(findstring MINGW,$(uname_S)),) diff --git a/net/gping/Makefile b/net/gping/Makefile index 4990490a4293db..8170dd45c4e586 100644 --- a/net/gping/Makefile +++ b/net/gping/Makefile @@ -37,7 +37,7 @@ define Package/gping/description also plot the execution time of arbitrary commands. endef -Build/Compile = $(call Build/Compile/Cargo,gping,--locked) +MAKE_PATH:=gping $(eval $(call RustBinPackage,gping)) $(eval $(call BuildPackage,gping)) diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile index c2a4ea9f48998a..4176b6c1cc50d7 100644 --- a/net/haproxy/Makefile +++ b/net/haproxy/Makefile @@ -68,16 +68,11 @@ define Package/haproxy-nossl/description This package is built without SSL support. endef -TARGET=linux-glibc +TARGET=linux-musl ENABLE_LUA:=y -ifeq ($(CONFIG_USE_UCLIBC),y) - ADDON+=USE_BACKTRACE= - ADDON+=USE_LIBCRYPT= -endif - -ifeq ($(CONFIG_USE_MUSL),y) - TARGET=linux-musl +ifeq ($(CONFIG_USE_GLIBC),y) + TARGET=linux-glibc endif ifeq ($(BUILD_VARIANT),ssl) diff --git a/net/hev-socks5-server/Makefile b/net/hev-socks5-server/Makefile index 511d53b55f14e4..7ffb01e30f4001 100644 --- a/net/hev-socks5-server/Makefile +++ b/net/hev-socks5-server/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=hev-socks5-server -PKG_VERSION:=2.9.0 +PKG_VERSION:=2.11.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://github.com/heiher/hev-socks5-server/releases/download/$(PKG_VERSION) -PKG_HASH:=21cd97afd3ec6d52e580fa92c1cc8c4cf8f58669da8182c3a072ba434d717dce +PKG_HASH:=fc340c50b93eed52c1985c6d78add4e5b697a020684b03aa32dcd7d38a40dfa7 PKG_MAINTAINER:=Ray Wang PKG_LICENSE:=MIT diff --git a/net/hev-socks5-tproxy/Makefile b/net/hev-socks5-tproxy/Makefile index 76971af33ecc9f..c370ac3045cd8f 100644 --- a/net/hev-socks5-tproxy/Makefile +++ b/net/hev-socks5-tproxy/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=hev-socks5-tproxy -PKG_VERSION:=2.9.0 +PKG_VERSION:=2.10.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://github.com/heiher/hev-socks5-tproxy/releases/download/$(PKG_VERSION) -PKG_HASH:=2a1c76bfb986e34ab8ba54be9a6c8faf4fa4854b7ee45b0f8e4d108c4c9d4cb2 +PKG_HASH:=4f495a7393afe4b4d36f86e94faddf992def010ff67c02e8ce09693a3a1bd20d PKG_MAINTAINER:=Ray Wang PKG_LICENSE:=MIT diff --git a/net/hev-socks5-tunnel/Makefile b/net/hev-socks5-tunnel/Makefile index 46df64b9f5f376..9781c286376808 100644 --- a/net/hev-socks5-tunnel/Makefile +++ b/net/hev-socks5-tunnel/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=hev-socks5-tunnel -PKG_VERSION:=2.13.0 +PKG_VERSION:=2.14.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://github.com/heiher/hev-socks5-tunnel/releases/download/$(PKG_VERSION) -PKG_HASH:=419bc625b72299dcc0aeedfc762acfc42fbdf61dcc11f7146bfb83d87a67b002 +PKG_HASH:=f0c5909b188272a6cee2b3c92e13cf16d927ba29a20bd1d750a2ff3419cda381 PKG_MAINTAINER:=Ray Wang PKG_LICENSE:=MIT diff --git a/net/https-dns-proxy/Makefile b/net/https-dns-proxy/Makefile index 58eb91bfdd2407..d9cb1d310219c7 100644 --- a/net/https-dns-proxy/Makefile +++ b/net/https-dns-proxy/Makefile @@ -1,13 +1,14 @@ +# SPDX-License-Identifier: MIT include $(TOPDIR)/rules.mk PKG_NAME:=https-dns-proxy -PKG_VERSION:=2025.05.11 +PKG_VERSION:=2025.10.07 PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/aarond10/https_dns_proxy/ -PKG_SOURCE_VERSION:=a34e20d6e24df603427d91bac8f58c2d3a8aa0a6 -PKG_MIRROR_HASH:=43a2dc631f925dbf43efaf53da925e1e8eb61f30cc02020ff3a5024b27e2dd91 +PKG_MIRROR_HASH:=2d0e5f031c8de7f42fa7f2e79d5638f9e4899c056d710fc3638a03112b383be5 +PKG_SOURCE_VERSION:=7b27ecd5598d03bbe79651cc80efca886d433cd9 PKG_MAINTAINER:=Stan Grishin PKG_LICENSE:=MIT @@ -20,12 +21,6 @@ TARGET_CFLAGS += $(FPIC) TARGET_LDFLAGS += -Wl,--gc-sections CMAKE_OPTIONS += -DCLANG_TIDY_EXE= -DSW_VERSION=$(PKG_VERSION)-r$(PKG_RELEASE) -CONFIGURE_ARGS += \ - $(if $(CONFIG_LIBCURL_OPENSSL),--with-openssl="$(STAGING_DIR)/usr",--without-openssl) \ - $(if $(CONFIG_LIBCURL_NGHTTP2),--with-nghttp2="$(STAGING_DIR)/usr",--without-nghttp2) \ - $(if $(CONFIG_LIBCURL_NGHTTP3),--with-nghttp3="$(STAGING_DIR)/usr",--without-nghttp3) \ - $(if $(CONFIG_LIBCURL_NGTCP2),--with-ngtcp2="$(STAGING_DIR)/usr",--without-ngtcp2) \ - define Package/https-dns-proxy SECTION:=net CATEGORY:=Network @@ -40,7 +35,7 @@ endef define Package/https-dns-proxy/description Light-weight DNS-over-HTTPS, non-caching translation proxy for the RFC 8484 DoH standard. It receives regular, unencrypted (UDP) DNS requests and resolves them via DoH resolver. -Please see https://docs.openwrt.melmac.net/https-dns-proxy/ for more information. +Please see https://docs.openwrt.melmac.ca/https-dns-proxy/ for more information. endef define Package/https-dns-proxy/conffiles diff --git a/net/https-dns-proxy/files/README.md b/net/https-dns-proxy/files/README.md index 7ebf479e6feae5..3d4e7b9c28a184 100644 --- a/net/https-dns-proxy/files/README.md +++ b/net/https-dns-proxy/files/README.md @@ -1,3 +1,22 @@ -# README +# https-dns-proxy -README has been moved to [https://docs.openwrt.melmac.net/https-dns-proxy/](https://docs.openwrt.melmac.net/https-dns-proxy/). +[![OpenWrt](https://img.shields.io/badge/OpenWrt-Compatible-blueviolet)](https://openwrt.org) +[![Web UI](https://img.shields.io/badge/Web_UI-Available-blue)](https://docs.openwrt.melmac.ca/https-dns-proxy/) +[![Resolvers](https://img.shields.io/badge/Resolvers-40%2B%20Built--in-brightgreen)](https://docs.openwrt.melmac.ca/https-dns-proxy/) +[![Minimal Footprint](https://img.shields.io/badge/Size-~40KB-green)](https://github.com/stangri/https-dns-proxy) +[![License](https://img.shields.io/badge/License-MIT-lightgrey)](https://github.com/stangri/https-dns-proxy/blob/master/LICENSE) + +A lightweight, RFC8484-compliant DNS-over-HTTPS (DoH) proxy service for OpenWrt. +Includes optional integration with `dnsmasq`, automatic fallback, and canary domain support. + +## Features + +- Small footprint (~40KB installed) +- Seamless dnsmasq integration and fallback +- Optional LuCI Web UI with 40+ built-in resolvers + +**Full documentation:** + +[https://docs.openwrt.melmac.ca/https-dns-proxy/](https://docs.openwrt.melmac.ca/https-dns-proxy/) + +Based on [@aarond10](https://github.com/aarond10)'s excellent [https_dns_proxy](https://github.com/aarond10/https_dns_proxy) diff --git a/net/https-dns-proxy/files/etc/config/https-dns-proxy b/net/https-dns-proxy/files/etc/config/https-dns-proxy index 08660e8714f3cf..1ccec50f2c6661 100644 --- a/net/https-dns-proxy/files/etc/config/https-dns-proxy +++ b/net/https-dns-proxy/files/etc/config/https-dns-proxy @@ -13,21 +13,21 @@ config main 'config' # list force_dns_port '4434' # list force_dns_port '5443' # list force_dns_port '8443' - list procd_fw_src_interfaces 'lan' + list force_dns_src_interface 'lan' option procd_trigger_wan6 '0' + option heartbeat_domain 'heartbeat.melmac.ca' + option heartbeat_sleep_timeout '10' + option heartbeat_wait_timeout '10' + option user 'nobody' + option group 'nogroup' + option listen_addr '127.0.0.1' config https-dns-proxy option bootstrap_dns '1.1.1.1,1.0.0.1' option resolver_url 'https://cloudflare-dns.com/dns-query' - option listen_addr '127.0.0.1' option listen_port '5053' - option user 'nobody' - option group 'nogroup' config https-dns-proxy option bootstrap_dns '8.8.8.8,8.8.4.4' option resolver_url 'https://dns.google/dns-query' - option listen_addr '127.0.0.1' option listen_port '5054' - option user 'nobody' - option group 'nogroup' diff --git a/net/https-dns-proxy/files/etc/init.d/https-dns-proxy b/net/https-dns-proxy/files/etc/init.d/https-dns-proxy index a061ad09c47b78..42c9c991d7a401 100755 --- a/net/https-dns-proxy/files/etc/init.d/https-dns-proxy +++ b/net/https-dns-proxy/files/etc/init.d/https-dns-proxy @@ -3,14 +3,12 @@ # shellcheck disable=SC1091,SC3043,SC3060 # shellcheck disable=SC2034 -START=90 +START=20 # shellcheck disable=SC2034 STOP=15 # shellcheck disable=SC2034 USE_PROCD=1 -[ -n "${IPKG_INSTROOT}" ] && return 0 - if type extra_command 1>/dev/null 2>&1; then extra_command 'version' 'Show version information' else @@ -30,14 +28,74 @@ readonly DEFAULT_BOOTSTRAP="${BOOTSTRAP_CF},${BOOTSTRAP_GOOGLE}" readonly canaryDomainsMozilla='use-application-dns.net' readonly canaryDomainsiCloud='mask.icloud.com mask-h2.icloud.com' +# Silence "Command failed: Not found" for redundant procd service delete calls +__UBUS_BIN="$(command -v ubus || echo /bin/ubus)" +ubus() { + if [ "$1" = "call" ] && [ "$2" = "service" ] && [ "$3" = "delete" ]; then + "$__UBUS_BIN" "$@" >/dev/null 2>&1 || true + else + "$__UBUS_BIN" "$@" + fi +} + hdp_boot_flag= -dnsmasq_restart() { [ -x /etc/init.d/dnsmasq ] || return 1; /etc/init.d/dnsmasq restart >/dev/null 2>&1; } +# package global config variables +canary_domains_icloud= +canary_domains_mozilla= +dnsmasq_config_update= +force_dns= +force_dns_port= +force_dns_src_interface= +procd_trigger_wan6= +global_listen_addr= +global_tcp_client_limit= +global_polling_interval= +global_proxy_server= +global_force_http1= +global_force_http3= +global_force_ipv6= +global_max_idle_time= +global_conn_loss_time= +global_ca_certs_file= +global_user= +global_group= +global_verbosity= +global_logfile= +global_statistic_interval= +global_log_limit= + +dnsmasq_restart() { /etc/init.d/dnsmasq restart >/dev/null 2>&1; } +is_alnum() { case "$1" in (*[![:alnum:]_\ @]*|"") return 1;; esac; } is_fw4_restart_needed() { [ "$(uci_get "$packageName" 'config' 'force_dns' '1')" = '1' ]; } is_mac_address() { expr "$1" : '[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]$' >/dev/null; } +is_integer() { case "$1" in ''|*[!0-9]*) return 1;; esac; [ "$1" -ge 1 ] && [ "$1" -le 65535 ] || return 1; return 0; } is_ipv4() { expr "$1" : '[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$' >/dev/null; } is_ipv6() { ! is_mac_address "$1" && str_contains "$1" ":"; } -is_resolver_working() { resolveip -t 3 one.one.one.one >/dev/null 2>&1; } +is_port_listening() { + local hex + is_integer "$1" || return 1 + hex="$(printf '%04X' "$1")" + # TCP: state 0A == LISTEN + if awk -v h="$hex" 'NR>1{split($2,a,":"); if (toupper(a[2])==h && $4=="0A") {found=1}} END{exit found?0:1}' /proc/net/tcp /proc/net/tcp6 2>/dev/null; then + return 0 + fi + # UDP: presence indicates a bound socket + if awk -v h="$hex" 'NR>1{split($2,a,":"); if (toupper(a[2])==h) {found=1}} END{exit found?0:1}' /proc/net/udp /proc/net/udp6 2>/dev/null; then + return 0 + fi + return 1 +} +is_resolver_working() { + local heartbeat_domain heartbeat_sleep_timeout heartbeat_wait_timeout + config_load "$packageName" + config_get heartbeat_domain 'config' 'heartbeat_domain' 'heartbeat.melmac.ca' + config_get heartbeat_sleep_timeout 'config' 'heartbeat_sleep_timeout' '10' + config_get heartbeat_wait_timeout 'config' 'heartbeat_wait_timeout' '30' + [ "$heartbeat_domain" = '-' ] && return 0 + is_integer "$heartbeat_sleep_timeout" && sleep "$heartbeat_sleep_timeout" + resolveip -t "$heartbeat_wait_timeout" "$heartbeat_domain" >/dev/null 2>&1 +} output() { [ -z "$verbosity" ] && verbosity="$(uci_get "$packageName" 'config' 'verbosity' '1')" [ "$#" -ne '1' ] && { @@ -54,7 +112,7 @@ output_ok() { output "$_OK_"; } output_okn() { output "${_OK_}\\n"; } output_fail() { output "$_FAIL_"; } output_failn() { output "${_FAIL_}\\n"; } -str_contains() { [ -n "$1" ] &&[ -n "$2" ] && [ "${1//$2}" != "$1" ]; } +str_contains() { [ "${1//$2}" != "$1" ]; } str_contains_word() { echo "$1" | grep -qw "$2"; } uci_add_list_if_new() { local PACKAGE="$1" @@ -72,7 +130,8 @@ uci_changes() { local PACKAGE="$1" local CONFIG="$2" local OPTION="$3" - /sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} changes "$PACKAGE${CONFIG:+.$CONFIG}${OPTION:+.$OPTION}" + [ -s "${UCI_CONFIG_DIR:-/etc/config/}${PACKAGE}" ] && \ + [ -n "$(/sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} changes "$PACKAGE${CONFIG:+.$CONFIG}${OPTION:+.$OPTION}")" ] } version() { echo "$PKG_VERSION"; } @@ -93,12 +152,13 @@ append_parm() { local option="$2" local switch="$3" local default="$4" + local skip_value="$5" local _loctmp config_get _loctmp "$section" "$option" "$default" - [ -n "$_loctmp" ] && xappend "$switch $_loctmp" + [ -n "$_loctmp" ] && [ "$_loctmp" != "$skip_value" ] && xappend "$switch $_loctmp" } -append_counter() { +append_cnt() { local section="$1" local option="$2" local switch="$3" @@ -111,7 +171,7 @@ append_counter() { done } -append_bootstrap() { +append_boot() { local section="$1" local option="$2" local switch="$3" @@ -122,48 +182,84 @@ append_bootstrap() { [ -z "$_loctmp" ] && return 0 IFS=" ," for i in $_loctmp; do - if { [ "$ipv6_resolvers_only" -eq 0 ] && is_ipv4 "$i"; } || \ - { [ "$ipv6_resolvers_only" -ne 0 ] && is_ipv6 "$i"; }; then + if { [ -z "$force_ipv6" ] && is_ipv4 "$i"; } || \ + { [ -n "$force_ipv6" ] && is_ipv6 "$i"; }; then [ -z "$_newtmp" ] && _newtmp="$i" || _newtmp="${_newtmp},${i}" fi done IFS="$_old_ifs" [ -n "$_newtmp" ] && xappend "$switch $_newtmp" - [ "$ipv6_resolvers_only" -eq 0 ] && xappend '-4' + [ -z "$force_ipv6" ] && xappend '-4' } boot() { - ubus -t 30 wait_for network.interface 2>/dev/null rc_procd start_service 'on_boot' && service_started 'on_boot' - if ! is_resolver_working; then - hdp_boot_flag=1 - rc_procd stop_service 'on_failed_health_check' && service_stopped 'on_failed_health_check' - fi +} + +load_package_config() { + local param="$1" + config_load "$packageName" + config_load "$packageName" + config_get_bool canary_domains_icloud 'config' 'canary_domains_icloud' '1' + config_get_bool canary_domains_mozilla 'config' 'canary_domains_mozilla' '1' + config_get_bool force_dns 'config' 'force_dns' '1' + config_get_bool procd_trigger_wan6 'config' 'procd_trigger_wan6' '0' + config_get_bool global_force_http1 'config' 'force_http1' '0' + config_get_bool global_force_http3 'config' 'force_http3' '0' + config_get_bool global_force_ipv6 'config' 'global_force_ipv6_resolvers' '0' + config_get dnsmasq_config_update 'config' 'dnsmasq_config_update' '*' + config_get force_dns_port 'config' 'force_dns_port' '53 853' + config_get force_dns_src_interface 'config' 'force_dns_src_interface' 'lan' + config_get global_listen_addr 'config' 'listen_addr' '127.0.0.1' + config_get global_tcp_client_limit 'config' 'tcp_client_limit' '20' + config_get global_polling_interval 'config' 'polling_interval' '120' + config_get global_proxy_server 'config' 'proxy_server' + config_get global_max_idle_time 'config' 'max_idle_time' '118' + config_get global_conn_loss_time 'config' 'conn_loss_time' '15' + config_get global_ca_certs_file 'config' 'ca_certs_file' + config_get global_user 'config' 'user' 'nobody' + config_get global_group 'config' 'group' 'nogroup' + config_get global_verbosity 'config' 'verbosity' '0' + config_get global_logfile 'config' 'logfile' + config_get global_statistic_interval 'config' 'statistic_interval' '0' + config_get global_log_limit 'config' 'log_limit' '0' + [ "$canary_domains_icloud" = '1' ] && canaryDomains="${canaryDomains:+$canaryDomains }${canaryDomainsiCloud}" + [ "$canary_domains_mozilla" = '1' ] && canaryDomains="${canaryDomains:+$canaryDomains }${canaryDomainsMozilla}" + [ "$force_dns" = '1' ] || unset force_dns + [ "$procd_trigger_wan6" = '1' ] || unset procd_trigger_wan6 } start_instance() { local cfg="$1" param="$2" local PROG_param - local listen_addr listen_port ipv6_resolvers_only p url iface + local listen_addr listen_port force_ipv6 p url iface + + config_get url "$cfg" 'resolver_url' + config_get listen_addr "$cfg" 'listen_addr' "$global_listen_addr" + config_get listen_port "$cfg" 'listen_port' "$port" + config_get_bool force_ipv6 "$cfg" 'force_ipv6_resolvers' "$global_force_ipv6" + [ "$force_ipv6" = '1' ] || unset force_ipv6 - config_get url "$cfg" 'resolver_url' - config_get_bool ipv6_resolvers_only "$cfg" 'use_ipv6_resolvers_only' '0' - append_parm "$cfg" 'resolver_url' '-r' - append_parm "$cfg" 'listen_addr' '-a' '127.0.0.1' - append_parm "$cfg" 'listen_port' '-p' "$port" - append_parm "$cfg" 'dscp_codepoint' '-c' - append_bootstrap "$cfg" 'bootstrap_dns' '-b' "$DEFAULT_BOOTSTRAP" - append_parm "$cfg" 'user' '-u' 'nobody' - append_parm "$cfg" 'group' '-g' 'nogroup' - append_parm "$cfg" 'ca_certs_file' '-C' - append_parm "$cfg" 'polling_interval' '-i' - append_parm "$cfg" 'proxy_server' '-t' - append_parm "$cfg" 'logfile' '-l' - append_bool "$cfg" 'use_http1' '-x' - append_counter "$cfg" 'verbosity' '-v' '0' + append_parm "$cfg" 'resolver_url' '-r' + append_parm "$cfg" 'listen_addr' '-a' "$global_listen_addr" '127.0.0.1' + append_parm "$cfg" 'listen_port' '-p' "$port" + append_boot "$cfg" 'bootstrap_dns' '-b' "$DEFAULT_BOOTSTRAP" + append_parm "$cfg" 'dscp_codepoint' '-c' + append_parm "$cfg" 'tcp_client_limit' '-T' "$global_tcp_client_limit" '20' + append_parm "$cfg" 'polling_interval' '-i' "$global_polling_interval" '120' + append_parm "$cfg" 'proxy_server' '-t' "$global_proxy_server" + append_bool "$cfg" 'force_http1' '-x' "$global_force_http1" + append_bool "$cfg" 'force_http3' '-q' "$global_force_http3" + append_parm "$cfg" 'max_idle_time' '-m' "$global_max_idle_time" '118' + append_parm "$cfg" 'conn_loss_time' '-L' "$global_conn_loss_time" '15' + append_parm "$cfg" 'ca_certs_file' '-C' "$global_ca_certs_file" + append_parm "$cfg" 'user' '-u' "$global_user" + append_parm "$cfg" 'group' '-g' "$global_group" + append_parm "$cfg" 'logfile' '-l' "$global_logfile" + append_parm "$cfg" 'statistic_interval' '-s' "$global_statistic_interval" '0' + append_parm "$cfg" 'log_limit' '-F' "$global_log_limit" '0' + append_cnt "$cfg" 'verbosity' '-v' "$global_verbosity" - config_get listen_addr "$cfg" 'listen_addr' '127.0.0.1' - config_get listen_port "$cfg" 'listen_port' "$port" if [ "$dnsmasq_config_update" = '*' ]; then config_load 'dhcp' config_foreach dnsmasq_doh_server 'dnsmasq' 'add' "${listen_addr}" "${listen_port}" @@ -185,13 +281,13 @@ start_instance() { procd_set_param respawn procd_open_data json_add_object mdns - procd_add_mdns_service "$packageName" 'udp' "$port" "DNS over HTTPS proxy" + procd_add_mdns_service "$packageName" 'udp' "$listen_port" "DNS over HTTPS proxy" json_close_object - if [ "$force_dns" -ne '0' ]; then + if [ -n "$force_dns" ]; then json_add_array firewall - for iface in ${procd_fw_src_interfaces/,/ }; do - for p in ${force_dns_port/,/ }; do - if netstat -tuln | grep 'LISTEN' | grep ":${p}" >/dev/null 2>&1 || [ "$p" = '53' ]; then + for iface in ${force_dns_src_interface//,/ }; do + for p in ${force_dns_port//,/ }; do + if is_port_listening "$p"; then json_add_object '' json_add_string type 'redirect' json_add_string target 'DNAT' @@ -215,7 +311,7 @@ start_instance() { done done json_close_array - force_dns='0' + unset force_dns fi procd_close_data procd_close_instance @@ -231,30 +327,19 @@ start_instance() { start_service() { local param="$1" - local canaryDomains canary_domains_icloud canary_domains_mozilla - local dnsmasq_config_update force_dns force_dns_port - local procd_fw_src_interfaces + local canaryDomains + local force_dns="$force_dns" local port=5053 + [ "$param" = 'on_boot' ] && hdp_boot_flag='true' && return 0 + output "Starting $serviceName instances ${param:+$param }" - config_load "$packageName" - config_get_bool canary_domains_icloud 'config' 'canary_domains_icloud' '1' - config_get_bool canary_domains_mozilla 'config' 'canary_domains_mozilla' '1' - config_get_bool force_dns 'config' 'force_dns' '1' - config_get dnsmasq_config_update 'config' 'dnsmasq_config_update' '*' - config_get force_dns_port 'config' 'force_dns_port' '53 853' - config_get procd_fw_src_interfaces 'config' 'procd_fw_src_interfaces' 'lan' - if [ "$canary_domains_icloud" -ne 0 ]; then - canaryDomains="${canaryDomains:+$canaryDomains }${canaryDomainsiCloud}" - fi - if [ "$canary_domains_mozilla" -ne 0 ]; then - canaryDomains="${canaryDomains:+$canaryDomains }${canaryDomainsMozilla}" - fi + load_package_config "$param" dhcp_backup 'create' config_load "$packageName" config_foreach start_instance "$packageName" "$param" output "\\n" - if [ -n "$(uci_changes dhcp)" ]; then + if uci_changes 'dhcp'; then output "Updating dnsmasq config " if uci_commit 'dhcp'; then output_okn @@ -273,63 +358,53 @@ start_service() { fi ;; esac +# if ! is_resolver_working; then +# rc_procd stop_service 'on_failed_health_check' && service_stopped 'on_failed_health_check' +# fi } stop_service() { local param="$1" - local canaryDomains canary_domains_icloud canary_domains_mozilla - local dnsmasq_config_update - local s=0 + local canaryDomains + local _error= output "Stopping $serviceName ${param:+$param }" - config_load "$packageName" - config_get dnsmasq_config_update 'config' 'dnsmasq_config_update' '*' - config_get_bool canary_domains_icloud 'config' 'canary_domains_icloud' '1' - config_get_bool canary_domains_mozilla 'config' 'canary_domains_mozilla' '1' - if [ "$canary_domains_icloud" -ne 0 ]; then - canaryDomains="${canaryDomains:+$canaryDomains }${canaryDomainsiCloud}" - fi - if [ "$canary_domains_mozilla" -ne 0 ]; then - canaryDomains="${canaryDomains:+$canaryDomains }${canaryDomainsMozilla}" - fi + load_package_config "$param" dhcp_backup 'restore' - if [ -n "$(uci_changes dhcp)" ]; then + if uci_changes 'dhcp'; then uci_commit 'dhcp' - dnsmasq_restart || s=1 + dnsmasq_restart || _error=1 fi # shellcheck disable=SC2015 - [ "$s" = '0' ] && output_okn || output_failn + [ -z "$_error" ] && output_okn || output_failn } # shellcheck disable=SC2015 service_triggers() { local wan wan6 i - local procd_trigger_wan6 if [ -n "$hdp_boot_flag" ]; then output "Setting trigger (on_boot) " - procd_add_raw_trigger "interface.*.up" 5000 "/etc/init.d/${packageName}" restart 'on_interface_up' && output_okn || output_failn + procd_add_raw_trigger "interface.*.up" 5000 "/etc/init.d/${packageName}" reload 'on_interface_up' && output_okn || output_failn else - config_load "$packageName" - config_get_bool procd_trigger_wan6 'config' 'procd_trigger_wan6' '0' - . /lib/functions/network.sh + . "${IPKG_INSTROOT}/lib/functions/network.sh" network_flush_cache network_find_wan wan wan="${wan:-wan}" - if [ "$procd_trigger_wan6" -ne 0 ]; then + if [ -n "$procd_trigger_wan6" ]; then network_find_wan6 wan6 wan6="${wan6:-wan6}" fi output "Setting trigger${wan6:+s} for $wan ${wan6:+$wan6 }" for i in $wan $wan6; do - procd_add_interface_trigger "interface.*" "$i" "/etc/init.d/${packageName}" restart 'on_interface_trigger' && output_ok || output_fail + procd_add_interface_trigger "interface.*" "$i" "/etc/init.d/${packageName}" reload 'on_interface_trigger' && output_ok || output_fail done output '\n' procd_add_config_trigger "config.change" "$packageName" "/etc/init.d/${packageName}" reload 'on_config_change' fi } -service_started() { is_fw4_restart_needed && procd_set_config_changed firewall; } -service_stopped() { is_fw4_restart_needed && procd_set_config_changed firewall; } -restart() { procd_send_signal "$packageName"; rc_procd start_service "$*"; } +service_started() { [ -n "$force_dns" ] && procd_set_config_changed firewall; } +service_stopped() { [ -n "$force_dns" ] && procd_set_config_changed firewall; } +restart() { reload "$@"; } dnsmasq_instance_append_force_dns_port() { local cfg="$1" instance_port @@ -342,7 +417,7 @@ dnsmasq_doh_server() { local cfg="$1" param="$2" address="${3:-127.0.0.1}" port="$4" i case "$param" in add) - if [ "$force_dns" -ne 0 ]; then + if [ -n "$force_dns" ]; then for i in $canaryDomains; do uci_add_list_if_new 'dhcp' "$cfg" 'server' "/${i}/" done diff --git a/net/https-dns-proxy/files/etc/uci-defaults/50-https-dns-proxy-migrate-options.sh b/net/https-dns-proxy/files/etc/uci-defaults/50-https-dns-proxy-migrate-options.sh index 8321ea99b7afd8..6716bd7105afa1 100644 --- a/net/https-dns-proxy/files/etc/uci-defaults/50-https-dns-proxy-migrate-options.sh +++ b/net/https-dns-proxy/files/etc/uci-defaults/50-https-dns-proxy-migrate-options.sh @@ -1,3 +1,8 @@ #!/bin/sh - sed -i "s|update_dnsmasq_config|dnsmasq_config_update|" "/etc/config/https-dns-proxy" - sed -i "s|wan6_trigger|procd_trigger_wan6|" "/etc/config/https-dns-proxy" + + +sed -i "s|update_dnsmasq_config|dnsmasq_config_update|" "/etc/config/https-dns-proxy" +sed -i "s|wan6_trigger|procd_trigger_wan6|" "/etc/config/https-dns-proxy" +sed -i "s|procd_fw_src_interfaces|force_dns_src_interface|" "/etc/config/https-dns-proxy" +sed -i "s|use_http1|force_http1|" "/etc/config/https-dns-proxy" +sed -i "s|use_ipv6_resolvers_only|force_ipv6_resolvers|" "/etc/config/https-dns-proxy" diff --git a/net/https-dns-proxy/patches/010-cmakelists-remove-cflags.patch b/net/https-dns-proxy/patches/010-cmakelists-remove-cflags.patch deleted file mode 100644 index 6af8d7ce965321..00000000000000 --- a/net/https-dns-proxy/patches/010-cmakelists-remove-cflags.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -25,9 +25,9 @@ if (NOT CMAKE_INSTALL_BINDIR) - set(CMAKE_INSTALL_BINDIR bin) - endif() - --set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra --pedantic -Wno-strict-aliasing -Wno-variadic-macros") --set(CMAKE_C_FLAGS_DEBUG "-gdwarf-4 -DDEBUG") --set(CMAKE_C_FLAGS_RELEASE "-O2") -+#set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra --pedantic -Wno-strict-aliasing -Wno-variadic-macros") -+#set(CMAKE_C_FLAGS_DEBUG "-gdwarf-4 -DDEBUG") -+#set(CMAKE_C_FLAGS_RELEASE "-O2") - - if ((CMAKE_C_COMPILER_ID MATCHES GNU AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 9) OR - (CMAKE_C_COMPILER_ID MATCHES Clang AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 10)) diff --git a/net/knot-resolver/Makefile b/net/knot-resolver/Makefile index fe1e508e6f9eb6..0e77ec31a130bd 100644 --- a/net/knot-resolver/Makefile +++ b/net/knot-resolver/Makefile @@ -10,12 +10,12 @@ PKG_RELRO_FULL:=0 include $(TOPDIR)/rules.mk PKG_NAME:=knot-resolver -PKG_VERSION:=5.7.4 +PKG_VERSION:=5.7.6 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://secure.nic.cz/files/knot-resolver -PKG_HASH:=6b6da6ecf06828041afad44dfa227781f0ae34ad183a667008509355d18bd9c8 +PKG_HASH:=500ccd3a560300e547b8dc5aaff322f7c8e2e7d6f0d7ef5f36e59cb60504d674 PKG_MAINTAINER:=Jan Pavlinec PKG_LICENSE:=GPL-3.0-later diff --git a/net/knot-resolver/files/root.keys b/net/knot-resolver/files/root.keys index 6ee35a4989025d..3009e81f27d498 100644 --- a/net/knot-resolver/files/root.keys +++ b/net/knot-resolver/files/root.keys @@ -1 +1,2 @@ -. IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d +. IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D +. IN DS 38696 8 2 683D2D0ACB8C9B712A1948B27F741219298D0A450D612C483AF444A4C0FB2B16 diff --git a/net/knot/Makefile b/net/knot/Makefile index 6c8f0bf939f47a..b564d997541a96 100644 --- a/net/knot/Makefile +++ b/net/knot/Makefile @@ -8,15 +8,15 @@ include $(TOPDIR)/rules.mk PKG_NAME:=knot -PKG_VERSION:=3.4.7 +PKG_VERSION:=3.5.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://secure.nic.cz/files/knot-dns/ -PKG_HASH:=dd346ca6f3afabcdc5e9ba09dd667b010590bb66a42f4541021fb9d6f073dacc +PKG_HASH:=a614d5226ceed4b4cdd4a3badbb0297ea0f987f65948e4eb828119a3b5ac0a4b PKG_MAINTAINER:=Daniel Salzman -PKG_LICENSE:=GPL-3.0 LGPL-2.0 0BSD BSD-3-Clause OLDAP-2.8 +PKG_LICENSE:=GPL-2.0-or-later LGPL-2.0-or-later MIT ISC BSD-3-Clause PKG_CPE_ID:=cpe:/a:knot-dns:knot_dns PKG_FIXUP:=autoreconf @@ -157,6 +157,7 @@ CONFIGURE_ARGS += \ --enable-dbus=libdbus \ --enable-quic \ --disable-fastparser \ + --disable-redis \ --without-libidn \ --with-libnghttp2=no \ --with-rundir=/var/run/knot \ diff --git a/net/knot/patches/01_zscanner_tests.patch b/net/knot/patches/01_zscanner_tests.patch index 7b834941cb5cea..23958807de5d97 100644 --- a/net/knot/patches/01_zscanner_tests.patch +++ b/net/knot/patches/01_zscanner_tests.patch @@ -1,7 +1,8 @@ --- a/tests/libzscanner/test_zscanner.in +++ b/tests/libzscanner/test_zscanner.in -@@ -1,15 +1,14 @@ - #!/bin/sh +@@ -3,16 +3,15 @@ + # SPDX-License-Identifier: GPL-2.0-or-later + # For more information, see -SOURCE=@top_srcdir@/tests/libzscanner -BUILD=@top_builddir@/tests/libzscanner diff --git a/net/ksmbd-tools/Makefile b/net/ksmbd-tools/Makefile index a08fe368cbce84..2efa2ba7fae848 100644 --- a/net/ksmbd-tools/Makefile +++ b/net/ksmbd-tools/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ksmbd-tools -PKG_VERSION:=3.5.3 +PKG_VERSION:=3.5.5 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/cifsd-team/ksmbd-tools/releases/download/$(PKG_VERSION) -PKG_HASH:=e8d55cc53825170d7e5213d48a92b8251dc0d1351601283f6d0995cfd789b4d0 +PKG_HASH:=72310cf88723d44cb8144a4fa6aa2c60acf84bdc8bb6384547d6a48bc015af9a PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=COPYING diff --git a/net/ksmbd-tools/files/ksmbd.conf.template b/net/ksmbd-tools/files/ksmbd.conf.template index 4cb7be3c07fc0d..6bcdbfe144fee5 100644 --- a/net/ksmbd-tools/files/ksmbd.conf.template +++ b/net/ksmbd-tools/files/ksmbd.conf.template @@ -7,8 +7,4 @@ ipc timeout = 20 deadtime = 15 map to guest = Bad User - smb2 max read = 64K - smb2 max write = 64K - smb2 max trans = 64K - cache read buffers = no - cache trans buffers = no + server signing = auto diff --git a/net/ksmbd-tools/files/ksmbd.init b/net/ksmbd-tools/files/ksmbd.init index a14183d58573d8..1a43d995373674 100644 --- a/net/ksmbd-tools/files/ksmbd.init +++ b/net/ksmbd-tools/files/ksmbd.init @@ -12,6 +12,28 @@ config_get_sane() set -- "$(echo "$1" | tr -d '<>[]{};%?=#\n')" } +config_get_ram() +{ + ramsize=$(grep MemTotal /proc/meminfo | awk '{print $2}') + if [ "$ramsize" -lt 65537 ];then + printf "\tsmb2 max read = 64K\n" + printf "\tsmb2 max write = 64K\n" + printf "\tsmb2 max trans = 64K\n" + printf "\tcache read buffers = no\n" + printf "\tcache trans buffers = no\n" + elif [ "$ramsize" -lt 134073 ];then + printf "\tsmb2 max read = 128K\n" + printf "\tsmb2 max write = 128K\n" + printf "\tsmb2 max trans = 128K\n" + printf "\tcache read buffers = no\n" + printf "\tcache trans buffers = no\n" + elif [ "$ramsize" -lt 262146 ];then + printf "\tsmb2 max read = 1M\n" + printf "\tsmb2 max write = 1M\n" + printf "\tsmb2 max trans = 1M\n" + fi +} + smb_header() { config_get_sane SMBD_IFACE "$1" interface "lan" @@ -41,6 +63,8 @@ smb_header() /etc/ksmbd/ksmbd.conf.template > /var/etc/ksmbd/ksmbd.conf { + config_get_ram + printf "\n######### Dynamic written config options #########\n" if [ "$ALLOW_LEGACY_PROTOCOLS" -eq 1 ]; then diff --git a/net/lighttpd/Makefile b/net/lighttpd/Makefile index 180dc04cbcfc9e..f8acbaaab43d60 100644 --- a/net/lighttpd/Makefile +++ b/net/lighttpd/Makefile @@ -8,14 +8,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lighttpd -PKG_VERSION:=1.4.79 +PKG_VERSION:=1.4.82 PKG_RELEASE:=1 # release candidate ~rcX testing; remove for release #PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://download.lighttpd.net/lighttpd/releases-1.4.x -PKG_HASH:=3b29a625b3ad88702d1fea4f5f42bb7d87488f2e4efc977d7f185329ca6084bd +PKG_HASH:=abfe74391f9cbd66ab154ea07e64f194dbe7e906ef4ed47eb3b0f3b46246c962 PKG_MAINTAINER:=Glenn Strauss PKG_LICENSE:=BSD-3-Clause diff --git a/net/lighttpd/patches/020-meson-mod_webdav_min.patch b/net/lighttpd/patches/020-meson-mod_webdav_min.patch index fc7b155382c552..8a371e4b40c130 100644 --- a/net/lighttpd/patches/020-meson-mod_webdav_min.patch +++ b/net/lighttpd/patches/020-meson-mod_webdav_min.patch @@ -9,7 +9,7 @@ Subject: [PATCH] [meson] mod_webdav_min w/o deps: xml2 sqlite3 uuid --- a/src/meson.build +++ b/src/meson.build -@@ -887,6 +887,16 @@ if (host_machine.system() == 'darwin') +@@ -926,6 +926,16 @@ if (host_machine.system() == 'darwin') plugin_suffix = 'so' # use "so" instead of "dylib" endif diff --git a/net/lighttpd/patches/030-Revert-TLS-modify-TLS-defaults-to-MinProtocol-TLSv1.3.patch b/net/lighttpd/patches/030-Revert-TLS-modify-TLS-defaults-to-MinProtocol-TLSv1.3.patch index 1b42070b5a70bd..e54e12ecce7f4c 100644 --- a/net/lighttpd/patches/030-Revert-TLS-modify-TLS-defaults-to-MinProtocol-TLSv1.3.patch +++ b/net/lighttpd/patches/030-Revert-TLS-modify-TLS-defaults-to-MinProtocol-TLSv1.3.patch @@ -18,7 +18,7 @@ Signed-off-by: Glenn Strauss --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c -@@ -2181,7 +2181,7 @@ network_init_ssl (server *srv, plugin_co +@@ -2184,7 +2184,7 @@ network_init_ssl (server *srv, plugin_co * GnuTLS by concatenating into a single priority string */ buffer *b = srv->tmp_buf; @@ -27,7 +27,7 @@ Signed-off-by: Glenn Strauss buffer_copy_string_len(b, s->priority_base, strlen(s->priority_base)); if (!buffer_is_blank(&s->priority_str)) { buffer_append_char(b, ':'); -@@ -3935,13 +3935,8 @@ mod_gnutls_ssl_conf_curves(server *srv, +@@ -3943,13 +3943,8 @@ mod_gnutls_ssl_conf_curves(server *srv, static int mod_gnutls_ssl_conf_proto_val (server *srv, const buffer *b, int max) { @@ -43,7 +43,7 @@ Signed-off-by: Glenn Strauss else if (buffer_eq_icase_slen(b, CONST_STR_LEN("None"))) /*"disable" limit*/ return max ? GNUTLS_TLS1_3 : GNUTLS_TLS1_0; else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.0"))) -@@ -3963,11 +3958,7 @@ mod_gnutls_ssl_conf_proto_val (server *s +@@ -3971,11 +3966,7 @@ mod_gnutls_ssl_conf_proto_val (server *s "GnuTLS: ssl.openssl.ssl-conf-cmd %s %s invalid; ignored", max ? "MaxProtocol" : "MinProtocol", b->ptr); } @@ -56,7 +56,7 @@ Signed-off-by: Glenn Strauss } -@@ -3997,11 +3988,9 @@ mod_gnutls_ssl_conf_proto (server *srv, +@@ -4005,11 +3996,9 @@ mod_gnutls_ssl_conf_proto (server *srv, if (x < GNUTLS_TLS1_2) break; buffer_append_string_len(b, CONST_STR_LEN("+VERS-TLS1.2:")); __attribute_fallthrough__ @@ -70,7 +70,7 @@ Signed-off-by: Glenn Strauss } --- a/src/mod_mbedtls.c +++ b/src/mod_mbedtls.c -@@ -4737,8 +4737,6 @@ mod_mbedtls_ssl_conf_dhparameters(server +@@ -4858,8 +4858,6 @@ mod_mbedtls_ssl_conf_dhparameters(server static void mod_mbedtls_ssl_conf_proto (server *srv, plugin_config_socket *s, const buffer *b, int max) { @@ -79,7 +79,7 @@ Signed-off-by: Glenn Strauss int v = MBEDTLS_SSL_MINOR_VERSION_3; /* default: TLS v1.2 */ if (NULL == b) /* default: min TLSv1.2, max TLSv1.3 */ #ifdef MBEDTLS_SSL_MINOR_VERSION_4 -@@ -4811,20 +4809,9 @@ mod_mbedtls_ssl_conf_proto (server *srv, +@@ -4932,20 +4930,9 @@ mod_mbedtls_ssl_conf_proto (server *srv, static void mod_mbedtls_ssl_conf_proto (server *srv, plugin_config_socket *s, const buffer *b, int max) { @@ -100,7 +100,7 @@ Signed-off-by: Glenn Strauss else if (buffer_eq_icase_slen(b, CONST_STR_LEN("None"))) /*"disable" limit*/ v = max ? MBEDTLS_SSL_VERSION_TLS1_3 : MBEDTLS_SSL_VERSION_TLS1_2; else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.2"))) -@@ -4846,9 +4833,6 @@ mod_mbedtls_ssl_conf_proto (server *srv, +@@ -4967,9 +4954,6 @@ mod_mbedtls_ssl_conf_proto (server *srv, return; } } @@ -112,7 +112,7 @@ Signed-off-by: Glenn Strauss ? mbedtls_ssl_conf_max_tls_version(s->ssl_ctx, v) --- a/src/mod_nss.c +++ b/src/mod_nss.c -@@ -2785,9 +2785,7 @@ http_cgi_ssl_env (request_st * const r, +@@ -2784,9 +2784,7 @@ http_cgi_ssl_env (request_st * const r, size_t n; const char *s = NULL; switch (inf.protocolVersion) { @@ -122,7 +122,7 @@ Signed-off-by: Glenn Strauss case SSL_LIBRARY_VERSION_TLS_1_2: s="TLSv1.2";n=sizeof("TLSv1.2")-1;break; case SSL_LIBRARY_VERSION_TLS_1_1: s="TLSv1.1";n=sizeof("TLSv1.1")-1;break; case SSL_LIBRARY_VERSION_TLS_1_0: s="TLSv1.0";n=sizeof("TLSv1.0")-1;break; -@@ -3120,13 +3118,9 @@ mod_nss_ssl_conf_curves(server *srv, plu +@@ -3119,13 +3117,9 @@ mod_nss_ssl_conf_curves(server *srv, plu static PRUint16 mod_nss_ssl_conf_proto_val (server *srv, const buffer *b, int max) { @@ -138,7 +138,7 @@ Signed-off-by: Glenn Strauss else if (buffer_eq_icase_slen(b, CONST_STR_LEN("None"))) /*"disable" limit*/ return max ? SSL_LIBRARY_VERSION_TLS_1_3 : SSL_LIBRARY_VERSION_TLS_1_0; else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.0"))) -@@ -3148,11 +3142,7 @@ mod_nss_ssl_conf_proto_val (server *srv, +@@ -3147,11 +3141,7 @@ mod_nss_ssl_conf_proto_val (server *srv, "NSS: ssl.openssl.ssl-conf-cmd %s %s invalid; ignored", max ? "MaxProtocol" : "MinProtocol", b->ptr); } @@ -153,7 +153,7 @@ Signed-off-by: Glenn Strauss --- a/src/mod_openssl.c +++ b/src/mod_openssl.c -@@ -3583,11 +3583,7 @@ network_init_ssl (server *srv, plugin_co +@@ -3648,11 +3648,7 @@ network_init_ssl (server *srv, plugin_co #if OPENSSL_VERSION_NUMBER >= 0x10100000L \ || defined(BORINGSSL_API_VERSION) \ || defined(LIBRESSL_VERSION_NUMBER) @@ -165,7 +165,7 @@ Signed-off-by: Glenn Strauss return -1; #endif -@@ -5207,9 +5203,9 @@ int mod_openssl_plugin_init (plugin *p) +@@ -5259,9 +5255,9 @@ int mod_openssl_plugin_init (plugin *p) static int mod_openssl_ssl_conf_proto_val (server *srv, const buffer *b, int max) { @@ -177,7 +177,7 @@ Signed-off-by: Glenn Strauss #else return TLS1_2_VERSION; #endif -@@ -5244,7 +5240,7 @@ mod_openssl_ssl_conf_proto_val (server * +@@ -5296,7 +5292,7 @@ mod_openssl_ssl_conf_proto_val (server * max ? "MaxProtocol" : "MinProtocol", b->ptr); } #ifdef TLS1_3_VERSION @@ -188,7 +188,7 @@ Signed-off-by: Glenn Strauss #endif --- a/src/mod_wolfssl.c +++ b/src/mod_wolfssl.c -@@ -1247,14 +1247,12 @@ ssl_info_callback (const SSL *ssl, int w +@@ -1293,14 +1293,12 @@ ssl_info_callback (const SSL *ssl, int w /* SSL_version() is valid after initial handshake completed */ SSL *ssl_nonconst; *(const SSL **)&ssl_nonconst = ssl; @@ -203,7 +203,7 @@ Signed-off-by: Glenn Strauss } } -@@ -2537,15 +2535,9 @@ network_init_ssl (server *srv, plugin_co +@@ -2572,15 +2570,9 @@ network_init_ssl (server *srv, plugin_co #endif #endif @@ -219,7 +219,7 @@ Signed-off-by: Glenn Strauss if (s->ssl_conf_cmd && s->ssl_conf_cmd->used) { if (0 != mod_openssl_ssl_conf_cmd(srv, s)) return -1; -@@ -3953,12 +3945,8 @@ int mod_wolfssl_plugin_init (plugin *p) +@@ -3970,12 +3962,8 @@ int mod_wolfssl_plugin_init (plugin *p) static int mod_openssl_ssl_conf_proto_val (server *srv, const buffer *b, int max) { @@ -234,7 +234,7 @@ Signed-off-by: Glenn Strauss else if (buffer_eq_icase_slen(b, CONST_STR_LEN("None"))) /*"disable" limit*/ return max ? WOLFSSL_TLSV1_3 : WOLFSSL_TLSV1; else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.0"))) -@@ -3980,11 +3968,7 @@ mod_openssl_ssl_conf_proto_val (server * +@@ -3997,11 +3985,7 @@ mod_openssl_ssl_conf_proto_val (server * "SSL: ssl.openssl.ssl-conf-cmd %s %s invalid; ignored", max ? "MaxProtocol" : "MinProtocol", b->ptr); } @@ -247,7 +247,7 @@ Signed-off-by: Glenn Strauss } -@@ -4127,9 +4111,7 @@ mod_openssl_ssl_conf_cmd (server *srv, p +@@ -4144,9 +4128,7 @@ mod_openssl_ssl_conf_cmd (server *srv, p case WOLFSSL_TLSV1_2: wolfSSL_CTX_set_options(s->ssl_ctx, WOLFSSL_OP_NO_TLSv1_3); __attribute_fallthrough__ diff --git a/net/linknx/Makefile b/net/linknx/Makefile index 8ad017c590ff1d..bb0ef94ffb747e 100644 --- a/net/linknx/Makefile +++ b/net/linknx/Makefile @@ -19,7 +19,7 @@ PKG_MAINTAINER:=Othmar Truniger PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=LICENSE -PKG_BUILD_DEPENDS:=USE_UCLIBC:argp-standalone USE_MUSL:argp-standalone +PKG_BUILD_DEPENDS:=USE_MUSL:argp-standalone PKG_FIXUP:=autoreconf include $(INCLUDE_DIR)/package.mk diff --git a/net/microsocks/Makefile b/net/microsocks/Makefile index 6de5b4bc764241..f52fe0c76a4d25 100644 --- a/net/microsocks/Makefile +++ b/net/microsocks/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=microsocks PKG_VERSION:=1.0.5 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/rofl0r/microsocks/tar.gz/v$(PKG_VERSION)? @@ -21,6 +21,7 @@ define Package/microsocks SUBMENU:=Web Servers/Proxies CATEGORY:=Network TITLE:=SOCKS5 TCP/IP only proxy + USERID:=microsocks:microsocks endef define Package/microsocks/description diff --git a/net/microsocks/files/microsocks.init b/net/microsocks/files/microsocks.init index 74dc03ff5f7eb7..4df898ceca33df 100755 --- a/net/microsocks/files/microsocks.init +++ b/net/microsocks/files/microsocks.init @@ -7,12 +7,12 @@ CONF="microsocks" start_service() { config_load "$CONF" - + local _enabled config_get_bool _enabled "config" "enabled" "0" [ "$_enabled" -eq "1" ] || return 1 - - local _port + + local _port local _listenip local _bindaddr local _user @@ -27,7 +27,7 @@ start_service() { config_get _password "config" "password" config_get_bool _auth_once "config" "auth_once" 0 config_get_bool _quiet "config" "quiet" 0 - + procd_open_instance "$CONF" procd_set_param command /usr/bin/microsocks [ -z "$_port" ] || procd_append_param command -p "${_port}" @@ -37,12 +37,15 @@ start_service() { [ -z "$_password" ] || procd_append_param command -P "${_password}" [ "$_auth_once" -eq "0" ] || procd_append_param command -1 [ "$_quiet" -eq "0" ] || procd_append_param command -q - + + procd_set_param user microsocks + procd_set_param group microsocks + procd_set_param respawn procd_set_param stderr 1 # TODO: Make it dependable on some verbose/debug config setting? # procd_set_param stdout 1 - + procd_close_instance } diff --git a/net/natmap/Makefile b/net/natmap/Makefile index d389a58763008b..aca43d3d0ab060 100644 --- a/net/natmap/Makefile +++ b/net/natmap/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=natmap -PKG_VERSION:=20250721 +PKG_VERSION:=20250924 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://github.com/heiher/natmap/releases/download/$(PKG_VERSION) -PKG_HASH:=25d3288c1654191b7884d6c83b8f669ce788fbab95ebe26d84b65c63ceaa3094 +PKG_HASH:=a86caa74266b62707bdcb9eef34910571061c206a5cd2d1eff694eae25ab5aaf PKG_MAINTAINER:=Richard Yu , Ray Wang PKG_LICENSE:=MIT diff --git a/net/natmap/files/natmap.config b/net/natmap/files/natmap.config index c003fc59de8841..a8d9f6d705e360 100644 --- a/net/natmap/files/natmap.config +++ b/net/natmap/files/natmap.config @@ -4,11 +4,15 @@ config natmap option udp_mode '1' option interface '' option interval '' + option stun_cycle '' option stun_server 'stunserver.stunprotocol.org' option http_server 'example.com' + option fwmark '' option port '8080' option forward_target '' option forward_port '' + option forward_timeout '' + option forward_congestion '' option notify_script '' option log_stdout '1' option log_stderr '1' diff --git a/net/natmap/files/natmap.init b/net/natmap/files/natmap.init index d0851ab6841b6c..f43707f85cfffb 100644 --- a/net/natmap/files/natmap.init +++ b/net/natmap/files/natmap.init @@ -21,12 +21,17 @@ validate_section_natmap() { 'family:string' \ 'udp_mode:bool:0' \ 'interface:string' \ - 'interval:uinteger' \ - 'stun_server:host' \ - 'http_server:host' \ + 'interval:and(uinteger, min(1))' \ + 'stun_cycle:uinteger' \ + 'stun_server:string' \ + 'http_server:string' \ + 'fwmark:string' \ 'port:or(port,portrange)' \ + 'port_random:bool:0' \ 'forward_target:host' \ 'forward_port:port' \ + 'forward_timeout:and(uinteger, min(1))' \ + 'forward_congestion:string' \ 'notify_script:file' \ 'log_stdout:bool:1' \ 'log_stderr:bool:1' @@ -43,9 +48,11 @@ natmap_instance() { procd_open_instance "$1" procd_set_param command "$PROG" \ ${interval:+-k "$interval"} \ + ${stun_cycle:+-c "$stun_cycle"} \ ${stun_server:+-s "$stun_server"} \ ${http_server:+-h "$http_server"} \ - ${port:+-b "$port"} \ + ${fwmark:+-f "$fwmark"} \ + ${port:+-b "$([ "$port_random" = 1 ] && echo ${port/-/\~} || echo $port)"} \ [ "${family}" = ipv4 ] && procd_append_param command -4 [ "${family}" = ipv6 ] && procd_append_param command -6 @@ -60,6 +67,8 @@ natmap_instance() { } [ -n "${forward_target}" ] && procd_append_param command -t "$forward_target" -p "$forward_port" + [ -n "${forward_timeout}" ] && procd_append_param command -T "$forward_timeout" + [ -n "${forward_congestion}" ] && procd_append_param command -C "$forward_congestion" [ -n "${notify_script}" ] && procd_set_param env "NOTIFY_SCRIPT=${notify_script}" procd_append_param command -e /usr/lib/natmap/update.sh diff --git a/net/netatalk/Config.in b/net/netatalk/Config.in index c889c4b2484fc9..8d2a0e545abf72 100644 --- a/net/netatalk/Config.in +++ b/net/netatalk/Config.in @@ -1,35 +1,49 @@ if PACKAGE_netatalk-full - config PACKAGE_NETATALK_APPLETALK - bool "Enable AppleTalk support." - default y + config PACKAGE_NETATALK_APPLETALK + bool "Enable AppleTalk support." + default y - config PACKAGE_NETATALK_ZEROCONF - bool "Enable Zeroconf support." - default y + config PACKAGE_NETATALK_ZEROCONF + bool "Enable Zeroconf support." + default y - config PACKAGE_NETATALK_ACLS - bool "Enable ACL support." - default y + config PACKAGE_NETATALK_ACLS + bool "Enable ACL support." + default y - config PACKAGE_NETATALK_PAM - bool "Enable PAM support." - default y + config PACKAGE_NETATALK_PAM + bool "Enable PAM support." + default y - config PACKAGE_NETATALK_LDAP - bool "Enable LDAP support." - default y + config PACKAGE_NETATALK_LDAP + bool "Enable LDAP support." + default y - config PACKAGE_NETATALK_ICONV - bool "Use libiconv features." - default y + config PACKAGE_NETATALK_ICONV + bool "Use libiconv features." + default y - config PACKAGE_NETATALK_KERBEROS - bool "Enable kerberos support." - default y + config PACKAGE_NETATALK_KERBEROS + bool "Enable kerberos support." + default y - config PACKAGE_NETATALK_LIBWRAP - bool "Enable TCP wrappers." - default y + config PACKAGE_NETATALK_LIBWRAP + bool "Enable TCP wrappers." + default y + + choice + prompt "CNID backends" + default PACKAGE_NETATALK_BOTHBACK + + config PACKAGE_NETATALK_DBDBACK + bool "dbd" + + config PACKAGE_NETATALK_SQLITEBACK + bool "sqlite" + + config PACKAGE_NETATALK_BOTHBACK + bool "dbd,sqlite" + endchoice endif diff --git a/net/netatalk/Makefile b/net/netatalk/Makefile index e87f8c8e8139c9..e0c1cd057c9841 100644 --- a/net/netatalk/Makefile +++ b/net/netatalk/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=netatalk -PKG_VERSION:=4.2.2 -PKG_RELEASE:=1 +PKG_VERSION:=4.3.2 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@SF/netatalk -PKG_HASH:=8f772804ce4322a4e8fb159528209450927e9df067daa5cc02ab59b35f4b450c +PKG_HASH:=2977b4fd113182f0cc183337ba23d5701fb2be4e0dfcec7ee575b4d73a738d3a PKG_MAINTAINER:=Antonio Pastor PKG_LICENSE:=GPL-2.0-or-later @@ -59,7 +59,9 @@ define Package/netatalk-full +PACKAGE_NETATALK_LDAP:libopenldap \ +PACKAGE_NETATALK_ICONV:libiconv-full \ +PACKAGE_NETATALK_KERBEROS:krb5-libs \ - +PACKAGE_NETATALK_LIBWRAP:libwrap + +PACKAGE_NETATALK_LIBWRAP:libwrap \ + +PACKAGE_NETATALK_SQLITEBACK:libsqlite3 \ + +PACKAGE_NETATALK_BOTHBACK:libsqlite3 MENU:=1 endef @@ -87,13 +89,10 @@ define Package/netatalk-full/description endef define Package/netatalk-full/config - source "$(SOURCE)/Config.in" + source "$(SOURCE)/Config.in" endef MESON_ARGS += \ - -Dwith-cnid-default-backend=dbd \ - -Dwith-cnid-dbd-backend=true \ - -Dwith-cnid-mysql-backend=false \ -Dwith-bdb-path="$(STAGING_DIR)/usr/" \ -Dwith-unicode-data-path="$(STAGING_DIR_HOST)/share/gnulib/tests/uniname/" \ -Dwith-libgcrypt-path="$(STAGING_DIR)/usr/" \ @@ -111,6 +110,8 @@ MESON_ARGS += \ ifeq ($(BUILD_VARIANT),small) MESON_ARGS += \ + -Dwith-cnid-default-backend=dbd \ + -Dwith-cnid-backends=dbd \ -Dwith-appletalk=false \ -Dwith-zeroconf=false \ -Dwith-acls=false \ @@ -125,6 +126,8 @@ endif ifeq ($(BUILD_VARIANT),appletalk) MESON_ARGS += \ + -Dwith-cnid-default-backend=dbd \ + -Dwith-cnid-backends=dbd \ -Dwith-appletalk=true \ -Dwith-zeroconf=false \ -Dwith-acls=false \ @@ -150,16 +153,44 @@ MESON_ARGS += \ -Dwith-krbV-uam=$(if $(CONFIG_PACKAGE_NETATALK_KERBEROS),true,false) \ -Dwith-tcp-wrappers=$(if $(CONFIG_PACKAGE_NETATALK_LIBWRAP),true,false) \ +ifdef CONFIG_PACKAGE_NETATALK_DBDBACK +MESON_ARGS += \ + -Dwith-cnid-default-backend=dbd \ + -Dwith-cnid-backends=dbd endif +ifdef CONFIG_PACKAGE_NETATALK_SQLITEBACK +MESON_ARGS += \ + -Dwith-cnid-default-backend=sqlite \ + -Dwith-cnid-backends=sqlite +endif +ifdef CONFIG_PACKAGE_NETATALK_BOTHBACK +MESON_ARGS += \ + -Dwith-cnid-default-backend=dbd \ + -Dwith-cnid-backends=dbd,sqlite +endif +endif + +define Package/netatalk-small/conffiles +/etc/afp.conf +/etc/extmap.conf +/etc/netatalk/ +/etc/config/afpd +endef define Package/netatalk/conffiles /etc/afp.conf /etc/extmap.conf /etc/netatalk/ -/etc/atalkd.conf -/etc/macipgw.conf +/etc/config/afpd +/etc/config/atalkd +/etc/config/a2boot +/etc/config/macipgw +/etc/config/papd +/etc/config/timelord endef +Package/netatalk-full/conffiles = $(Package/netatalk/conffiles) + define Package/netatalk-small/install $(INSTALL_DIR) $(1)/usr/bin $(INSTALL_DIR) $(1)/usr/lib @@ -169,16 +200,17 @@ define Package/netatalk-small/install $(INSTALL_DIR) $(1)/etc/config $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/* $(1)/usr/bin/ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libatalk.so* $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libbstring.so* $(1)/usr/lib/ $(CP) $(PKG_INSTALL_DIR)/usr/lib/netatalk/*.so $(1)/usr/lib/netatalk/ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/* $(1)/usr/sbin/ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/afp.conf $(1)/etc/ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/extmap.conf $(1)/etc/ $(INSTALL_BIN) ./files/afpd.init $(1)/etc/init.d/afpd - $(INSTALL_DATA) ./files/afpd.conf $(1)/etc/config/afpd + $(INSTALL_CONF) ./files/afpd.conf $(1)/etc/config/afpd endef define Package/netatalk/install - $(call Package/netatalk-small/install,$(1)) + $(call Package/netatalk-small/install,$(1)) $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/atalkd.conf $(1)/etc/ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/macipgw.conf $(1)/etc/ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/papd.conf $(1)/etc/ @@ -187,28 +219,28 @@ define Package/netatalk/install $(INSTALL_BIN) ./files/timelord.init $(1)/etc/init.d/timelord $(INSTALL_BIN) ./files/a2boot.init $(1)/etc/init.d/a2boot $(INSTALL_BIN) ./files/papd.init $(1)/etc/init.d/papd - $(INSTALL_DATA) ./files/atalkd.conf $(1)/etc/config/atalkd - $(INSTALL_DATA) ./files/macipgw.conf $(1)/etc/config/macipgw - $(INSTALL_DATA) ./files/timelord.conf $(1)/etc/config/timelord - $(INSTALL_DATA) ./files/a2boot.conf $(1)/etc/config/a2boot - $(INSTALL_DATA) ./files/papd.conf $(1)/etc/config/papd + $(INSTALL_CONF) ./files/atalkd.conf $(1)/etc/config/atalkd + $(INSTALL_CONF) ./files/macipgw.conf $(1)/etc/config/macipgw + $(INSTALL_CONF) ./files/timelord.conf $(1)/etc/config/timelord + $(INSTALL_CONF) ./files/a2boot.conf $(1)/etc/config/a2boot + $(INSTALL_CONF) ./files/papd.conf $(1)/etc/config/papd endef define Package/netatalk-full/install - $(call Package/netatalk-small/install,$(1)) - $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/atalkd.conf $(1)/etc/,) - $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/macipgw.conf $(1)/etc/,) - $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/papd.conf $(1)/etc/,) - $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_BIN) ./files/atalkd.init $(1)/etc/init.d/atalkd,) - $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_BIN) ./files/macipgw.init $(1)/etc/init.d/macipgw,) - $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_BIN) ./files/timelord.init $(1)/etc/init.d/timelord,) - $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_BIN) ./files/a2boot.init $(1)/etc/init.d/a2boot,) - $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_BIN) ./files/papd.init $(1)/etc/init.d/papd,) - $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_DATA) ./files/atalkd.conf $(1)/etc/config/atalkd,) - $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_DATA) ./files/macipgw.conf $(1)/etc/config/macipgw,) - $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_DATA) ./files/timelord.conf $(1)/etc/config/timelord,) - $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_DATA) ./files/a2boot.conf $(1)/etc/config/a2boot,) - $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_DATA) ./files/papd.conf $(1)/etc/config/papd,) + $(call Package/netatalk-small/install,$(1)) + $(if $(CONFIG_PACKAGE_NETATALK_APPLETALK),$(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/atalkd.conf $(1)/etc/,) + $(if $(CONFIG_PACKAGE_NETATALK_APPLETALK),$(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/macipgw.conf $(1)/etc/,) + $(if $(CONFIG_PACKAGE_NETATALK_APPLETALK),$(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/papd.conf $(1)/etc/,) + $(if $(CONFIG_PACKAGE_NETATALK_APPLETALK),$(INSTALL_BIN) ./files/atalkd.init $(1)/etc/init.d/atalkd,) + $(if $(CONFIG_PACKAGE_NETATALK_APPLETALK),$(INSTALL_BIN) ./files/macipgw.init $(1)/etc/init.d/macipgw,) + $(if $(CONFIG_PACKAGE_NETATALK_APPLETALK),$(INSTALL_BIN) ./files/timelord.init $(1)/etc/init.d/timelord,) + $(if $(CONFIG_PACKAGE_NETATALK_APPLETALK),$(INSTALL_BIN) ./files/a2boot.init $(1)/etc/init.d/a2boot,) + $(if $(CONFIG_PACKAGE_NETATALK_APPLETALK),$(INSTALL_BIN) ./files/papd.init $(1)/etc/init.d/papd,) + $(if $(CONFIG_PACKAGE_NETATALK_APPLETALK),$(INSTALL_CONF) ./files/atalkd.conf $(1)/etc/config/atalkd,) + $(if $(CONFIG_PACKAGE_NETATALK_APPLETALK),$(INSTALL_CONF) ./files/macipgw.conf $(1)/etc/config/macipgw,) + $(if $(CONFIG_PACKAGE_NETATALK_APPLETALK),$(INSTALL_CONF) ./files/timelord.conf $(1)/etc/config/timelord,) + $(if $(CONFIG_PACKAGE_NETATALK_APPLETALK),$(INSTALL_CONF) ./files/a2boot.conf $(1)/etc/config/a2boot,) + $(if $(CONFIG_PACKAGE_NETATALK_APPLETALK),$(INSTALL_CONF) ./files/papd.conf $(1)/etc/config/papd,) endef $(eval $(call BuildPackage,netatalk-small)) diff --git a/net/netatalk/files/afpd.init b/net/netatalk/files/afpd.init index 193856c892e267..33658945391405 100644 --- a/net/netatalk/files/afpd.init +++ b/net/netatalk/files/afpd.init @@ -4,8 +4,7 @@ START=85 STOP=10 USE_PROCD=1 -PROG_afpd='/usr/sbin/afpd' -PROG_cnid='/usr/sbin/cnid_metad' +PROG_netatalk='/usr/sbin/netatalk' # Default config file location config_file='/etc/afp.conf' @@ -185,16 +184,9 @@ start_service() { generate_config - # afpd procd_open_instance - procd_set_param command $PROG_afpd -d -F $config_file + procd_set_param command $PROG_netatalk -d -F $config_file procd_set_param file $config_file procd_set_param respawn procd_close_instance - - # cnid - procd_open_instance - procd_set_param command $PROG_cnid -d -F $config_file - procd_set_param respawn - procd_close_instance } diff --git a/net/netatalk/patches/010-iconv-build-fix.patch b/net/netatalk/patches/010-iconv-build-fix.patch deleted file mode 100644 index bf56f2bcc4f67e..00000000000000 --- a/net/netatalk/patches/010-iconv-build-fix.patch +++ /dev/null @@ -1,43 +0,0 @@ ---- a/bin/misc/meson.build -+++ b/bin/misc/meson.build -@@ -1,10 +1,13 @@ -+iconv_deps = [] -+ - if have_iconv -+ iconv_deps += iconv - executable( - 'netacnv', - ['netacnv.c'], - include_directories: root_includes, - link_with: libatalk, -- dependencies: [iconv], -+ dependencies: [iconv_deps], - install: false, - ) - endif -@@ -14,6 +17,7 @@ executable( - ['logger_test.c'], - include_directories: root_includes, - link_with: libatalk, -+ dependencies: [iconv_deps], - install: false, - ) - -@@ -22,7 +26,7 @@ executable( - ['fce.c'], - include_directories: root_includes, - link_with: libatalk, -- dependencies: [iniparser], -+ dependencies: [iniparser,iconv_deps], - install: true, - ) - -@@ -38,7 +42,7 @@ if have_ldap - ['uuidtest.c'], - include_directories: root_includes, - link_with: libatalk, -- dependencies: [afpldaptest_deps], -+ dependencies: [afpldaptest_deps,iconv_deps], - c_args: confdir, - install: true, - build_rpath: rpath_libdir, diff --git a/net/netbird/Makefile b/net/netbird/Makefile index 1976cd59b63e1a..ce4af51ad946ff 100644 --- a/net/netbird/Makefile +++ b/net/netbird/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=netbird -PKG_VERSION:=0.50.2 +PKG_VERSION:=0.59.12 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/netbirdio/netbird/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=d3f0838dfa279ed8af9443294770308be8d2a9e070478dbba23ca42e20da403b +PKG_HASH:=2f0bdd45996f46f2e2c1dbf5a6712bba38a06cbfb7e4c00f814b0ffe149d7c6d PKG_MAINTAINER:=Wesley Gimenes PKG_LICENSE:=BSD-3-Clause diff --git a/net/netbird/files/netbird.init b/net/netbird/files/netbird.init index 87427c4061c204..00e23fe05e1973 100755 --- a/net/netbird/files/netbird.init +++ b/net/netbird/files/netbird.init @@ -16,6 +16,7 @@ start_service() { procd_open_instance procd_set_param command /usr/bin/netbird + procd_set_param env NB_CONFIG="/etc/netbird/config.json" procd_append_param command service run procd_set_param pidfile /var/run/netbird.pid procd_close_instance diff --git a/net/netifyd/Makefile b/net/netifyd/Makefile index a09cae3d462a3d..a0ffd2261fb921 100644 --- a/net/netifyd/Makefile +++ b/net/netifyd/Makefile @@ -32,7 +32,7 @@ define Package/netifyd CATEGORY:=Network TITLE:=Netify Agent URL:=http://www.netify.ai/ - DEPENDS:=+ca-bundle +libatomic +libcurl +libmnl +libnetfilter-conntrack +libpcap +zlib +libpthread @!USE_UCLIBC + DEPENDS:=+ca-bundle +libatomic +libcurl +libmnl +libnetfilter-conntrack +libpcap +zlib +libpthread # Explicitly depend on libstdcpp rather than $(CXX_DEPENDS). At the moment # std::unordered_map is only available via libstdcpp which is required for # performance reasons. diff --git a/net/nginx/Makefile b/net/nginx/Makefile index a96dd0b70a9349..e93acd1b65ad20 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nginx PKG_VERSION:=1.26.1 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://nginx.org/download/ @@ -18,7 +18,7 @@ PKG_HASH:=f9187468ff2eb159260bfd53867c25ff8e334726237acf227b9e870e53d3e36b PKG_MAINTAINER:=Thomas Heil \ Christian Marangi PKG_LICENSE:=2-clause BSD-like license -PKG_CPE_ID:=cpe:/a:nginx:nginx +PKG_CPE_ID:=cpe:/a:f5:nginx_open_source PKG_FIXUP:=autoreconf PKG_BUILD_PARALLEL:=1 @@ -213,7 +213,7 @@ endef define Download/nginx-mod-geoip2 SOURCE_DATE:=2020-01-22 - VERSION:=1cabd8a1f68ea3998f94e9f3504431970f848fbf + SOURCE_VERSION:=1cabd8a1f68ea3998f94e9f3504431970f848fbf URL:=https://github.com/leev/ngx_http_geoip2_module.git MIRROR_HASH:=f3d2a1af5c34812b5a34453457ba6a4d8093c92085aa7f76c46a1c4185c9735c PROTO:=git @@ -248,7 +248,7 @@ endef define Download/nginx-mod-headers-more SOURCE_DATE:=2022-07-17 - VERSION:=bea1be3bbf6af28f6aa8cf0c01c07ee1637e2bd0 + SOURCE_VERSION:=bea1be3bbf6af28f6aa8cf0c01c07ee1637e2bd0 URL:=https://github.com/openresty/headers-more-nginx-module.git MIRROR_HASH:=569abadc137b5b52bdcc33b00aa21f6d266cb84fb891795da2c4e101c4898abe PROTO:=git @@ -256,7 +256,7 @@ endef define Download/nginx-mod-brotli SOURCE_DATE:=2020-04-23 - VERSION:=25f86f0bac1101b6512135eac5f93c49c63609e3 + SOURCE_VERSION:=25f86f0bac1101b6512135eac5f93c49c63609e3 URL:=https://github.com/google/ngx_brotli.git MIRROR_HASH:=680c56be79e7327cb8df271646119333d2f6965a3472bc7043721625fa4488f5 PROTO:=git @@ -264,7 +264,7 @@ endef define Download/nginx-mod-rtmp SOURCE_DATE:=2018-12-07 - VERSION:=f0ea62342a4eca504b311cd5df910d026c3ea4cf + SOURCE_VERSION:=f0ea62342a4eca504b311cd5df910d026c3ea4cf URL:=https://github.com/ut0mt8/nginx-rtmp-module.git MIRROR_HASH:=9c98d886ae4ea3708bb0bca55f8df803418a407e0ffc6df56341bd76ad39cba8 PROTO:=git @@ -272,7 +272,7 @@ endef define Download/nginx-mod-ts SOURCE_DATE:=2017-12-04 - VERSION:=ef2f874d95cc75747eb625a292524a702aefb0fd + SOURCE_VERSION:=ef2f874d95cc75747eb625a292524a702aefb0fd URL:=https://github.com/arut/nginx-ts-module.git MIRROR_HASH:=3f144d4615a4aaa1215435cd06ae4054ea12206d5b38306321420f7acc62aca8 PROTO:=git @@ -280,7 +280,7 @@ endef define Download/nginx-mod-naxsi SOURCE_DATE:=2022-09-14 - VERSION:=d714f1636ea49a9a9f4f06dba14aee003e970834 + SOURCE_VERSION:=d714f1636ea49a9a9f4f06dba14aee003e970834 URL:=https://github.com/nbs-system/naxsi.git MIRROR_HASH:=b0cef5fbf842f283eb5f0686ddd1afcd07d83abd7027c8cfb3e84a2223a34797 PROTO:=git @@ -288,7 +288,7 @@ endef define Download/nginx-mod-lua SOURCE_DATE:=2023-08-19 - VERSION:=c89469e920713d17d703a5f3736c9335edac22bf + SOURCE_VERSION:=c89469e920713d17d703a5f3736c9335edac22bf URL:=https://github.com/openresty/lua-nginx-module.git MIRROR_HASH:=c3bdf1b23f0a63991b5dcbd1f8ee150e6f893b43278e8600e4e0bb42a6572db4 PROTO:=git @@ -296,7 +296,7 @@ endef define Download/nginx-mod-lua-resty-core SOURCE_DATE:=2023-09-09 - VERSION:=2e2b2adaa61719972fe4275fa4c3585daa0dcd84 + SOURCE_VERSION:=2e2b2adaa61719972fe4275fa4c3585daa0dcd84 URL:=https://github.com/openresty/lua-resty-core.git MIRROR_HASH:=c5f3df92fd72eac5b54497c039aca0f0d9ea1d87223f1e3a54365ba565991874 PROTO:=git @@ -304,7 +304,7 @@ endef define Download/nginx-mod-lua-resty-lrucache SOURCE_DATE:=2023-08-06 - VERSION:=52f5d00403c8b7aa8a4d4f3779681976b10a18c1 + SOURCE_VERSION:=52f5d00403c8b7aa8a4d4f3779681976b10a18c1 URL:=https://github.com/openresty/lua-resty-lrucache.git MIRROR_HASH:=0833e0114948af4edb216c5c34b3f1919f534b298f4fa29739544f7c9bb8a08d PROTO:=git @@ -312,7 +312,7 @@ endef define Download/nginx-mod-dav-ext SOURCE_DATE:=2018-12-17 - VERSION:=f5e30888a256136d9c550bf1ada77d6ea78a48af + SOURCE_VERSION:=f5e30888a256136d9c550bf1ada77d6ea78a48af URL:=https://github.com/arut/nginx-dav-ext-module.git MIRROR_HASH:=c574e60ffab5f6e5d8bea18aab0799c19cd9a84f3d819b787e9af4f0e7867b52 PROTO:=git @@ -320,7 +320,7 @@ endef define Download/nginx-mod-ubus SOURCE_DATE:=2020-09-06 - VERSION:=b2d7260dcb428b2fb65540edb28d7538602b4a26 + SOURCE_VERSION:=b2d7260dcb428b2fb65540edb28d7538602b4a26 URL:=https://github.com/Ansuel/nginx-ubus-module.git MIRROR_HASH:=515bb9d355ad80916f594046a45c190a68fb6554d6795a54ca15cab8bdd12fda PROTO:=git @@ -328,9 +328,9 @@ endef define Download/nginx-mod-njs SOURCE_DATE:=2024-10-03 - VERSION:=c5a29a7af8894ee1ec44ebda71ef0ea1f2a31af6 + SOURCE_VERSION:=c5a29a7af8894ee1ec44ebda71ef0ea1f2a31af6 URL:=https://github.com/nginx/njs.git - MIRROR_HASH:=69bc424d4bfd8b7a0a70feeb4787ff8b503ac893fb730f07f3244e35fde876e4 + MIRROR_HASH:=6c94ec6b1c119e0c7a85ec395a4987a8a61739e1f9256ce6d92a16804c5d4637 PROTO:=git endef @@ -338,7 +338,7 @@ define Module/Download define Download/nginx-mod-$(1) += SUBDIR:=nginx-mod-$(1) - FILE:=nginx-mod-$(1)-$$$$(subst -,.,$$$$(SOURCE_DATE))~$$$$(call version_abbrev,$$$$(VERSION)).tar.zst + FILE:=nginx-mod-$(1)-$$$$(subst -,.,$$$$(SOURCE_DATE))~$$$$(call version_abbrev,$$$$(SOURCE_VERSION)).tar.zst endef endef $(foreach m,$(PKG_MOD_EXTRA),$(eval $(call Module/Download,$(m)))) diff --git a/net/nut/Makefile b/net/nut/Makefile index 7181832b2da5b1..5c72c922a9d976 100644 --- a/net/nut/Makefile +++ b/net/nut/Makefile @@ -12,7 +12,7 @@ PKG_VERSION:=2.8.1 PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=http://www.networkupstools.org/source/2.8/ +PKG_SOURCE_URL:=https://www.networkupstools.org/source/2.8/ PKG_HASH:=7da48ee23b1f0d8d72560bb0af84f5c5ae4dbe35452b84cb49840132e47f099c PKG_LICENSE:=GPL-2.0-or-later GPL-3.0-or-later GPL-1.0-or-later Artistic-1.0-Perl PKG_LICENSE_FILES:=LICENSE-GPL2 LICENSE-GPL3 COPYING diff --git a/net/openlist/Makefile b/net/openlist/Makefile index 49ee8cc5eb4e75..62c782a06f397d 100644 --- a/net/openlist/Makefile +++ b/net/openlist/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openlist -PKG_VERSION:=4.1.0 +PKG_VERSION:=4.1.5 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/OpenListTeam/OpenList/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=cdaf91413fe07b3d8155f644237a839dac09f084e812b25c76effca7dfc1d3f2 +PKG_HASH:=5ddf3f0b7616248862a8b908cffad9437d19053092bc45e8299ad7c95a3626d2 PKG_BUILD_DIR:=$(BUILD_DIR)/OpenList-$(PKG_VERSION) PKG_LICENSE:=AGPL-3.0-only @@ -51,13 +51,13 @@ define Package/openlist/conffiles /etc/config/openlist endef -WEB_VERSION:=4.1.0 +WEB_VERSION:=4.1.5 WEB_FILE:=$(PKG_NAME)-frontend-dist-v$(WEB_VERSION).tar.gz define Download/openlist-web URL:=https://github.com/OpenListTeam/OpenList-Frontend/releases/download/v$(WEB_VERSION)/ URL_FILE:=$(WEB_FILE) FILE:=$(WEB_FILE) - HASH:=ddaeb76aad74a858358de9a1e0d1aff93651605859813b0891b9f4f431d1a87f + HASH:=3445cf8752d09f7a6ed9360ac9cc6bd57718f1f30a37d1754215e5125de15535 endef define Build/Prepare diff --git a/net/openvpn/Config-mbedtls.in b/net/openvpn/Config-mbedtls.in index edcfbdf9d707ac..14b1959c425888 100644 --- a/net/openvpn/Config-mbedtls.in +++ b/net/openvpn/Config-mbedtls.in @@ -35,7 +35,7 @@ config OPENVPN_mbedtls_ENABLE_IPROUTE2 config OPENVPN_mbedtls_ENABLE_DCO depends on !OPENVPN_mbedtls_ENABLE_IPROUTE2 bool "Enable support for data channel offload" - default n if OPENVPN_mbedtls_ENABLE_IPROUTE2 + default y if !OPENVPN_mbedtls_ENABLE_IPROUTE2 help enable data channel offload support using the ovpn-dco-v2 kernel module diff --git a/net/openvpn/Config-openssl.in b/net/openvpn/Config-openssl.in index c09b45e10d32fa..9ff20302062653 100644 --- a/net/openvpn/Config-openssl.in +++ b/net/openvpn/Config-openssl.in @@ -39,7 +39,7 @@ config OPENVPN_openssl_ENABLE_IPROUTE2 config OPENVPN_openssl_ENABLE_DCO depends on !OPENVPN_openssl_ENABLE_IPROUTE2 bool "Enable support for data channel offload" - default n if OPENVPN_openssl_ENABLE_IPROUTE2 + default y if !OPENVPN_openssl_ENABLE_IPROUTE2 help enable data channel offload support using the ovpn-dco-v2 kernel module diff --git a/net/openvpn/Config-wolfssl.in b/net/openvpn/Config-wolfssl.in index 66bb67caeed2dd..e3c70a51178d0c 100644 --- a/net/openvpn/Config-wolfssl.in +++ b/net/openvpn/Config-wolfssl.in @@ -44,7 +44,7 @@ config OPENVPN_wolfssl_ENABLE_IPROUTE2 config OPENVPN_wolfssl_ENABLE_DCO depends on !OPENVPN_wolfssl_ENABLE_IPROUTE2 bool "Enable support for data channel offload" - default n if OPENVPN_openssl_ENABLE_IPROUTE2 + default y if !OPENVPN_wolfssl_ENABLE_IPROUTE2 select WOLFSSL_HAS_OPENVPN help enable data channel offload support diff --git a/net/openvpn/Makefile b/net/openvpn/Makefile index f1301d89a37d22..8202c2de3d0b09 100644 --- a/net/openvpn/Makefile +++ b/net/openvpn/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openvpn PKG_VERSION:=2.6.14 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_URL:=\ https://build.openvpn.net/downloads/releases/ \ @@ -37,7 +37,7 @@ define Package/openvpn/Default SUBMENU:=VPN MENU:=1 DEPENDS:=+kmod-tun +libcap-ng +OPENVPN_$(1)_ENABLE_LZO:liblzo +OPENVPN_$(1)_ENABLE_LZ4:liblz4 +OPENVPN_$(1)_ENABLE_IPROUTE2:ip \ - +OPENVPN_$(1)_ENABLE_DCO:libnl-genl +OPENVPN_$(1)_ENABLE_DCO:kmod-ovpn-dco-v2 $(3) + +OPENVPN_$(1)_ENABLE_DCO:libnl-genl $(3) VARIANT:=$(1) PROVIDES:=openvpn openvpn-crypto endef diff --git a/net/pbr/Makefile b/net/pbr/Makefile index 05cc1e6ddf6720..f66d797357997b 100644 --- a/net/pbr/Makefile +++ b/net/pbr/Makefile @@ -4,8 +4,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=pbr -PKG_VERSION:=1.1.8 -PKG_RELEASE:=34 +PKG_VERSION:=1.2.0 +PKG_RELEASE:=2 PKG_LICENSE:=AGPL-3.0-or-later PKG_MAINTAINER:=Stan Grishin @@ -75,7 +75,7 @@ define Package/pbr/default/install $(INSTALL_CONF) ./files/etc/config/pbr $(1)/etc/config/pbr $(INSTALL_DIR) $(1)/usr/share/pbr $(INSTALL_DATA) ./files/usr/share/pbr/.keep $(1)/usr/share/pbr/.keep - $(INSTALL_DATA) ./files/usr/share/pbr/firewall.include $(1)/usr/share/pbr/firewall.include + $(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.dnsprefetch $(1)/usr/share/pbr/pbr.user.dnsprefetch $(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.aws $(1)/usr/share/pbr/pbr.user.aws $(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.netflix $(1)/usr/share/pbr/pbr.user.netflix $(INSTALL_DIR) $(1)/usr/share/nftables.d @@ -113,7 +113,6 @@ define Package/pbr/prerm #!/bin/sh # check if we are on real system if [ -z "$${IPKG_INSTROOT}" ]; then - uci -q delete firewall.pbr || true echo -n "Stopping pbr service... " /etc/init.d/pbr stop quiet >/dev/null 2>&1 && echo "OK" || echo "FAIL" echo -n "Removing rc.d symlink for pbr... " @@ -148,7 +147,6 @@ define Package/pbr-netifd/prerm #!/bin/sh # check if we are on real system if [ -z "$${IPKG_INSTROOT}" ]; then - uci -q delete firewall.pbr || true echo -n "Stopping pbr-netifd service... " /etc/init.d/pbr stop quiet >/dev/null 2>&1 && echo "OK" || echo "FAIL" echo -n "Removing rc.d symlink for pbr... " diff --git a/net/pbr/README.md b/net/pbr/README.md deleted file mode 100644 index 3a65c6b2257cbd..00000000000000 --- a/net/pbr/README.md +++ /dev/null @@ -1,18 +0,0 @@ -# Policy-Based Routing (pbr) - -[![OpenWrt](https://img.shields.io/badge/OpenWrt-Compatible-blueviolet)](https://openwrt.org) -[![Web UI](https://img.shields.io/badge/Web_UI-Available-blue)](https://docs.openwrt.melmac.ca/pbr/) -[![License](https://img.shields.io/badge/License-GPL--3.0-lightgrey)](https://github.com/stangri/pbr/blob/master/LICENSE) - -Flexible policy-based routing (PBR) framework for OpenWrt. -Allows routing specific traffic (by IP, MAC, port, protocol, or domain) through a specific WAN, VPN, or tunnel. - -## Features - -- Route by IP, MAC, port, or domain name -- Works with WAN, VPNs (WireGuard, OpenVPN), or tunnels -- Lightweight shell-based implementation -- Optional Web UI integration via LuCI - -**Full documentation:** -[https://docs.openwrt.melmac.ca/pbr/](https://docs.openwrt.melmac.ca/pbr/) diff --git a/net/pbr/files/README.md b/net/pbr/files/README.md index 494a97c138f663..3a65c6b2257cbd 100644 --- a/net/pbr/files/README.md +++ b/net/pbr/files/README.md @@ -1,3 +1,18 @@ -# README +# Policy-Based Routing (pbr) -README is available at [https://docs.openwrt.melmac.net/pbr/](https://docs.openwrt.melmac.net/pbr/). +[![OpenWrt](https://img.shields.io/badge/OpenWrt-Compatible-blueviolet)](https://openwrt.org) +[![Web UI](https://img.shields.io/badge/Web_UI-Available-blue)](https://docs.openwrt.melmac.ca/pbr/) +[![License](https://img.shields.io/badge/License-GPL--3.0-lightgrey)](https://github.com/stangri/pbr/blob/master/LICENSE) + +Flexible policy-based routing (PBR) framework for OpenWrt. +Allows routing specific traffic (by IP, MAC, port, protocol, or domain) through a specific WAN, VPN, or tunnel. + +## Features + +- Route by IP, MAC, port, or domain name +- Works with WAN, VPNs (WireGuard, OpenVPN), or tunnels +- Lightweight shell-based implementation +- Optional Web UI integration via LuCI + +**Full documentation:** +[https://docs.openwrt.melmac.ca/pbr/](https://docs.openwrt.melmac.ca/pbr/) diff --git a/net/pbr/files/etc/config/pbr b/net/pbr/files/etc/config/pbr index 8bf686f063555b..de875c5ddcacb8 100644 --- a/net/pbr/files/etc/config/pbr +++ b/net/pbr/files/etc/config/pbr @@ -1,5 +1,4 @@ config pbr 'config' - option debug_dnsmasq '0' option enabled '0' option verbosity '2' option strict_enforcement '1' @@ -7,7 +6,6 @@ config pbr 'config' list resolver_instance '*' option ipv6_enabled '0' list ignored_interface 'vpnserver' - option boot_timeout '30' option rule_create_option 'add' option procd_boot_trigger_delay '5000' option procd_reload_delay '1' @@ -26,6 +24,10 @@ config pbr 'config' list webui_supported_protocol 'tcp udp' list webui_supported_protocol 'icmp' +config include + option path '/usr/share/pbr/pbr.user.dnsprefetch' + option enabled '0' + config include option path '/usr/share/pbr/pbr.user.aws' option enabled '0' diff --git a/net/pbr/files/etc/init.d/pbr b/net/pbr/files/etc/init.d/pbr index 043ccfb83ede79..b87ef5dd45cf7a 100755 --- a/net/pbr/files/etc/init.d/pbr +++ b/net/pbr/files/etc/init.d/pbr @@ -6,12 +6,10 @@ # sysctl net.ipv4.conf.all.rp_filter=1 # shellcheck disable=SC2034 -START=94 +START=20 # shellcheck disable=SC2034 USE_PROCD=1 -[ -n "${IPKG_INSTROOT}" ] && return 0 - if type extra_command >/dev/null 2>&1; then extra_command 'status' "Generates output required to troubleshoot routing issues Use '-d' option for more detailed output @@ -34,14 +32,13 @@ fi readonly packageName='pbr' readonly PKG_VERSION='dev-test' -readonly packageCompat='14' +readonly packageCompat='17' readonly serviceName="$packageName $PKG_VERSION" readonly packageConfigFile="/etc/config/${packageName}" readonly packageDebugFile="/var/run/${packageName}.debug" readonly packageLockFile="/var/run/${packageName}.lock" -readonly dnsmasqFileDefault="/var/run/${packageName}.dnsmasq" +readonly packageDnsmasqFile="/var/run/${packageName}.dnsmasq" readonly runningStatusFile="/dev/shm/${packageName}.status.json" -readonly runningStatusFileLock="/var/lock/${packageName}.lock" readonly _OK_='\033[0;32m\xe2\x9c\x93\033[0m' readonly __OK__='\033[0;32m[\xe2\x9c\x93]\033[0m' readonly _OKB_='\033[1;34m\xe2\x9c\x93\033[0m' @@ -69,8 +66,17 @@ readonly torConfigFile='/etc/tor/torrc' readonly xrayIfacePrefix='xray_' readonly rtTablesFile='/etc/iproute2/rt_tables' +# Silence "Command failed: Not found" for redundant procd service delete calls +__UBUS_BIN="$(command -v ubus || echo /bin/ubus)" +ubus() { + if [ "$1" = "call" ] && [ "$2" = "service" ] && [ "$3" = "delete" ]; then + "$__UBUS_BIN" "$@" >/dev/null 2>&1 || true + else + "$__UBUS_BIN" "$@" + fi +} + # package config options -debug_dnsmasq= enabled= fw_mask= icmp_interface= @@ -80,17 +86,17 @@ nft_user_set_policy= nft_user_set_counter= procd_boot_trigger_delay= procd_reload_delay= -procd_lan_device= -procd_wan_interface= -procd_wan6_interface= -procd_wan6_metric='128' +lan_device= +uplink_interface= +uplink_interface6= +uplink_interface6_metric='128' resolver_set= resolver_instance= strict_enforcement= supported_interface= verbosity= -wan_ip_rules_priority= -wan_mark= +uplink_ip_rules_priority= +uplink_mark= nft_rule_counter= nft_set_auto_merge= nft_set_counter= @@ -101,12 +107,10 @@ nft_set_policy= nft_set_timeout= # run-time -load_environment_flag= aghConfigFile='/etc/AdGuardHome/AdGuardHome.yaml' gatewaySummary= wanIface4= wanIface6= -dnsmasqFileList= ifaceMark= ifaceTableID= ifacePriority= @@ -115,37 +119,41 @@ ifacesSupported= firewallWanZone= wanGW4= wanGW6= -pbr_boot_flag= +pbrBootFlag= serviceStartTrigger= processDnsPolicyError= processPolicyError= processPolicyWarning= -resolver_set_supported= -policy_routing_nft_prev_param4= -policy_routing_nft_prev_param6= -nft_rule_params= -nft_set_params= +resolverSetSupported= +pbrNftPrevParam4= +pbrNftPrevParam6= +nftRuleParams= +nftSetParams= torDnsPort= torTrafficPort= +dnsmasq_features= +dnsmasq_ubus= +loadEnvironmentFlag= +loadPackageConfigFlag= # shellcheck disable=SC1091 -. /lib/functions.sh +. "${IPKG_INSTROOT}/lib/functions.sh" # shellcheck disable=SC1091 -. /lib/functions/network.sh +. "${IPKG_INSTROOT}/lib/functions/network.sh" # shellcheck disable=SC1091 -. /usr/share/libubox/jshn.sh +. "${IPKG_INSTROOT}/usr/share/libubox/jshn.sh" debug() { local i j; for i in "$@"; do eval "j=\$$i"; logger "${packageName:+-t $packageName}" "${i}: ${j} "; done; } -str_contains() { [ -n "$1" ] && [ -n "$2" ] && [ "${1//$2}" != "$1" ]; } -str_contains_word() { echo "$1" | grep -q -w "$2"; } -str_extras_to_underscore() { echo "$1" | tr '[\. ~`!@#$%^&*()\+/,<>?//;:]' '_'; } +str_contains() { [ "${1//$2}" != "$1" ]; } +str_contains_word() { echo "$1" | grep -qw "$2"; } +str_extras_to_underscore() { echo "$1" | sed -E 's/[\. ~`!@#$%^&*()+=,<>?;:\/\\-]/_/g; s/_+/_/g'; } str_extras_to_space() { echo "$1" | tr ',;{}' ' '; } str_first_value_interface() { local i; for i in $1; do is_supported_interface "$i" && { echo "$i"; break; }; done; } str_first_value_ipv4() { local i; for i in $1; do is_ipv4 "$i" && { echo "$i"; break; }; done; } str_first_value_ipv6() { local i; for i in $1; do is_ipv6 "$i" && { echo "$i"; break; }; done; } str_first_word() { echo "${1%% *}"; } str_replace() { echo "${1//$2/$3}"; } -str_to_dnsmsaq_nftset() { echo "$1" | tr ' ' '/'; } +str_to_dnsmasq_nftset() { echo "$1" | tr ' ' '/'; } str_to_lower() { echo "$1" | tr 'A-Z' 'a-z'; } str_to_upper() { echo "$1" | tr 'a-z' 'A-Z'; } # shellcheck disable=SC3060 @@ -178,8 +186,8 @@ quiet_mode() { pbr_find_iface() { local iface i param="$2" case "$param" in - wan6) iface="$procd_wan6_interface";; - wan|*) iface="$procd_wan_interface";; + wan6) iface="$uplink_interface6";; + wan|*) iface="$uplink_interface";; esac eval "$1"='${iface}' } @@ -194,7 +202,7 @@ pbr_get_gateway4() { } pbr_get_gateway6() { local iface="$2" dev="$3" gw - [ "$iface" = "$procd_wan_interface" ] && iface="$procd_wan6_interface" + [ "$iface" = "$uplink_interface" ] && iface="$uplink_interface6" network_get_gateway6 gw "$iface" true if [ -z "$gw" ] || [ "$gw" = '::/0' ] || [ "$gw" = '::0/0' ] || [ "$gw" = '::' ]; then gw="$(ip -6 a list dev "$dev" 2>/dev/null | grep inet6 | grep 'scope global' | awk '{print $2}')" @@ -225,6 +233,7 @@ inline_set() { is_bad_user_file_nft_call() { grep -q '"\$nft" list' "$1" || grep '"\$nft" -f' "$1"; } # shellcheck disable=SC2317 is_config_enabled() { +# shellcheck disable=SC2329 _check_config() { local en; config_get_bool en "$1" 'enabled' '1'; [ "$en" -gt '0' ] && _cfg_enabled=0; } local cfg="$1" _cfg_enabled=1 [ -n "$1" ] || return 1 @@ -239,7 +248,7 @@ uci_get_device() { eval "$1=$__tmp" } uci_get_protocol() { uci_get 'network' "$1" 'proto'; } -is_default_dev() { [ "$1" = "$(ip -4 r | grep -m1 'dev' | grep -Eso 'dev [^ ]*' | awk '{print $2}')" ]; } +is_default_dev() { [ "$1" = "$(ip -4 route show default | awk '{for(i=1;i<=NF;i++) if($i=="dev"){print $(i+1);exit}}')" ]; } is_disabled_interface() { [ "$(uci_get 'network' "$1" 'disabled')" = '1' ]; } is_host() { echo "$1" | grep -qE '^[a-zA-Z0-9][a-zA-Z0-9_-]{0,61}[a-zA-Z0-9]$|^[a-zA-Z0-9]$'; } is_hostname() { echo "$1" | grep -qE '^([a-zA-Z0-9]([a-zA-Z0-9_-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$'; } @@ -258,7 +267,7 @@ is_ipv6_local_scope() { is_ipv6_local_link "$1" || is_ipv6_local_unique "$1"; } is_ipv6_local_link() { [ "${1:0:4}" = 'fe80' ]; } is_ipv6_local_unique() { [ "${1:0:2}" = 'fc' ] || [ "${1:0:2}" = 'fd' ]; } is_list() { str_contains "$1" ',' || str_contains "$1" ' '; } -is_lan() { local d; network_get_device d "$1"; str_contains "$procd_lan_device" "$d"; } +is_lan() { local d; network_get_device d "$1"; str_contains "$lan_device" "$d"; } is_l2tp() { local p; network_get_protocol p "$1"; [ "${p:0:4}" = "l2tp" ]; } is_mac_address() { echo "$1" | grep -qE '^([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2})$'; } is_mac_address_bad_notation() { echo "$1" | grep -qE '^([0-9A-Fa-f]{2}-){5}([0-9A-Fa-f]{2})$'; } @@ -288,11 +297,11 @@ is_url_ftp() { [ "$1" != "${1#ftp://}" ]; } is_url_http() { [ "$1" != "${1#http://}" ]; } is_url_https() { [ "$1" != "${1#https://}" ]; } is_wan() { [ "$1" = "$wanIface4" ] || { [ "${1##wan}" != "$1" ] && [ "${1##wan6}" = "$1" ]; } || [ "${1%%wan}" != "$1" ]; } -is_wan6() { [ -n "$wanIface6" ] && [ "$1" = "$wanIface6" ] || [ "${1/#wan6}" != "$1" ] || [ "${1/%wan6}" != "$1" ]; } +is_wan6() { [ -n "$wanIface6" ] && [ "$1" = "$wanIface6" ] || [ "${1##wan6}" != "$1" ] || [ "${1%%wan6}" != "$1" ]; } is_wg() { local p lp; network_get_protocol p "$1"; uci_get_listen_port lp "$1"; [ -z "$lp" ] && [ "${p:0:9}" = "wireguard" ]; } is_wg_server() { local p lp; network_get_protocol p "$1"; uci_get_listen_port lp "$1"; [ -n "$lp" ] && [ "${p:0:9}" = "wireguard" ]; } is_xray() { [ -n "$(get_xray_traffic_port "$1")" ]; } -dnsmasq_kill() { killall -q -s HUP dnsmasq; } +dnsmasq_kill() { pidof dnsmasq >/dev/null && kill -HUP $(pidof dnsmasq); } dnsmasq_restart() { output 3 'Restarting dnsmasq '; if /etc/init.d/dnsmasq restart >/dev/null 2>&1; then output_okn; else output_failn; fi; } # shellcheck disable=SC2155 get_ss_traffic_ports() { local i="$(jsonfilter -i "$ssConfigFile" -q -e "@.inbounds[*].port")"; echo "${i:-443}"; } @@ -314,12 +323,31 @@ ipv4_leases_to_nftset(){ [ -s '/tmp/dhcp.leases' ] && awk -v arg="$1" 'BEGIN{fs= ipv6_leases_to_nftset(){ [ -s '/tmp/hosts/odhcpd' ] && awk -v arg="$1" 'BEGIN{fs=""};$0~arg{printf fs$1;fs=","}' /tmp/hosts/odhcpd;} # shellcheck disable=SC3037 ports_to_nftset() { echo -en "$1"; } -get_mark_nft_chains() { [ -x "$nft" ] && "$nft" list table inet "$nftTable" 2>/dev/null | grep chain | grep "${nftPrefix}_mark_" | awk '{ print $2 }'; } -get_nft_sets() { [ -x "$nft" ] && "$nft" list table inet "$nftTable" 2>/dev/null | grep 'set' | grep "${nftPrefix}_" | awk '{ print $2 }'; } +get_mark_nft_chains() { "$nft" list table inet "$nftTable" 2>/dev/null | grep chain | grep "${nftPrefix}_mark_" | awk '{ print $2 }'; } +get_nft_sets() { "$nft" list table inet "$nftTable" 2>/dev/null | grep 'set' | grep "${nftPrefix}_" | awk '{ print $2 }'; } __ubus_get() { ubus call service list "{ 'name': '$packageName' }" | jsonfilter -e "$1"; } ubus_get_status() { __ubus_get "@.${packageName}.instances.main.data.status.${1}"; } ubus_get_interface() { __ubus_get "@.${packageName}.instances.main.data.gateways[@.name='${1}']${2:+.$2}"; } ubus_get_gateways() { __ubus_get "@.${packageName}.instances.main.data.gateways"; } +uci_add_list_if_new() { + local PACKAGE="$1" + local CONFIG="$2" + local OPTION="$3" + local VALUE="$4" + local i + [ -n "$PACKAGE" ] && [ -n "$CONFIG" ] && [ -n "$OPTION" ] && [ -n "$VALUE" ] || return 1 + for i in $(uci_get "$PACKAGE" "$CONFIG" "$OPTION"); do + [ "$i" = "$VALUE" ] && return 0 + done + uci_add_list "$PACKAGE" "$CONFIG" "$OPTION" "$VALUE" +} +uci_changes() { + local PACKAGE="$1" + local CONFIG="$2" + local OPTION="$3" + [ -s "${UCI_CONFIG_DIR:-/etc/config/}${PACKAGE}" ] && \ + [ -n "$(/sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} changes "$PACKAGE${CONFIG:+.$CONFIG}${OPTION:+.$OPTION}")" ] +} uci_get_listen_port() { local __tmp __tmp="$(uci_get 'network' "$2" 'listen_port')" @@ -336,17 +364,8 @@ check_agh() { [ -x "$agh" ] && { [ -s "$aghConfigFile" ] || [ -s "${agh%/*}/AdGu check_dnsmasq() { command -v dnsmasq >/dev/null 2>&1; } check_unbound() { command -v unbound >/dev/null 2>&1; } check_dnsmasq_nftset() { - local o; - check_nft || return 1 - check_dnsmasq || return 1 - o="$(dnsmasq -v 2>/dev/null)" - [ -n "$debug_dnsmasq" ] && { - echo " $(date) dnsmasq output dump:"; -# shellcheck disable=SC3003 - echo "${o%$'\n'$'\n'This*}"; - echo '-------------------------'; - } >> "$packageDebugFile" - ! echo "$o" | grep -q 'no-nftset' && echo "$o" | grep -q 'nftset' + [ -z "$dnsmasq_features" ] && dnsmasq_features="$(dnsmasq --version | grep -m1 'Compile time options:' | cut -d: -f2) " + [ "${dnsmasq_features#* nftset }" != "$dnsmasq_features" ] } print_json_bool() { json_init; json_add_boolean "$1" "$2"; json_dump; json_cleanup; } print_json_string() { json_init; json_add_string "$1" "$2"; json_dump; json_cleanup; } @@ -357,63 +376,71 @@ try() { fi } +get_url() { + printf "https://docs.openwrt.melmac.ca/%s/%s/%s" "$packageName" "${PKG_VERSION%%-*}" "$1" +} + get_text() { local r="$1"; shift; case "$r" in - errorConfigValidation) printf "Config (%s) validation failure" "$$packageConfigFile";; + errorConfigValidation) printf "Config (%s) validation failure" "$packageConfigFile";; errorNoNft) printf "Resolver set support (%s) requires nftables, but nft binary cannot be found" "$resolver_set";; errorResolverNotSupported) printf "Resolver set (%s) is not supported on this system" "$resolver_set";; errorServiceDisabled) printf "The %s service is currently disabled" "$packageName";; errorNoWanGateway) printf "The %s service failed to discover WAN gateway" "$serviceName";; - errorNoWanInterface) printf "The %s interface not found, you need to set the 'pbr.config.procd_wan_interface' option" "$@";; - errorNoWanInterfaceHint) printf "Refer to %s" 'https://docs.openwrt.melmac.ca/pbr/#procd_wan_interface';; - errorNftsetNameTooLong) printf "The nft set name '%s' is longer than allowed 255 characters" "$@";; - errorUnexpectedExit) printf "Unexpected exit or service termination: '%s'" "$@";; - errorPolicyNoSrcDest) printf "Policy '%s' has no source/destination parameters" "$@";; - errorPolicyNoInterface) printf "Policy '%s' has no assigned interface" "$@";; - errorPolicyNoDns) printf "Policy '%s' has no assigned DNS" "$@";; - errorPolicyProcessNoInterfaceDns) printf "Interface '%s' has no assigned DNS" "$@";; - errorPolicyUnknownInterface) printf "Policy '%s' has an unknown interface" "$@";; - errorPolicyProcessCMD) printf "'%s'" "$@";; - errorFailedSetup) printf "Failed to set up '%s'" "$@";; - errorFailedReload) printf "Failed to reload '%s'" "$@";; - errorUserFileNotFound) printf "Custom user file '%s' not found or empty" "$@";; - errorUserFileSyntax) printf "Syntax error in custom user file '%s'" "$@";; - errorUserFileRunning) printf "Error running custom user file '%s'" "$@";; - errorUserFileNoCurl) printf "Use of 'curl' is detected in custom user file '%s', but 'curl' isn't installed" "$@";; + errorNoUplinkInterface) printf "The %s interface not found, you need to set the 'pbr.config.uplink_interface' option" "$1";; + errorNoUplinkInterfaceHint) printf "Refer to %s" "$1";; + errorNftsetNameTooLong) printf "The nft set name '%s' is longer than allowed 255 characters" "$1";; + errorUnexpectedExit) printf "Unexpected exit or service termination: '%s'" "$1";; + errorPolicyNoSrcDest) printf "Policy '%s' has no source/destination parameters" "$1";; + errorPolicyNoInterface) printf "Policy '%s' has no assigned interface" "$1";; + errorPolicyNoDns) printf "Policy '%s' has no assigned DNS" "$1";; + errorPolicyProcessNoInterfaceDns) printf "Interface '%s' has no assigned DNS" "$1";; + errorPolicyUnknownInterface) printf "Policy '%s' has an unknown interface" "$1";; + errorPolicyProcessCMD) printf "'%s'" "$1";; + errorFailedSetup) printf "Failed to set up '%s'" "$1";; + errorFailedReload) printf "Failed to reload '%s'" "$1";; + errorUserFileNotFound) printf "Custom user file '%s' not found or empty" "$1";; + errorUserFileSyntax) printf "Syntax error in custom user file '%s'" "$1";; + errorUserFileRunning) printf "Error running custom user file '%s'" "$1";; + errorUserFileNoCurl) printf "Use of 'curl' is detected in custom user file '%s', but 'curl' isn't installed" "$1";; errorNoGateways) printf "Failed to set up any gateway";; - errorResolver) printf "Resolver '%s'" "$@";; - errorPolicyProcessNoIpv6) printf "Skipping IPv6 policy '%s' as IPv6 support is disabled" "$@";; - errorPolicyProcessUnknownFwmark) printf "Unknown packet mark for interface '%s'" "$@";; - errorPolicyProcessMismatchFamily) printf "Mismatched IP family between in policy '%s'" "$@";; - errorPolicyProcessUnknownProtocol) printf "Unknown protocol in policy '%s'" "$@";; - errorPolicyProcessInsertionFailed) printf "Insertion failed for both IPv4 and IPv6 for policy '%s'" "$@";; - errorPolicyProcessInsertionFailedIpv4) printf "Insertion failed for IPv4 for policy '%s'" "$@";; - errorPolicyProcessUnknownEntry) printf "Unknown entry in policy '%s'" "$@";; + errorResolver) printf "Resolver '%s'" "$1";; + errorPolicyProcessNoIpv6) printf "Skipping IPv6 policy '%s' as IPv6 support is disabled" "$1";; + errorPolicyProcessUnknownFwmark) printf "Unknown packet mark for interface '%s'" "$1";; + errorPolicyProcessMismatchFamily) printf "Mismatched IP family between in policy '%s'" "$1";; + errorPolicyProcessUnknownProtocol) printf "Unknown protocol in policy '%s'" "$1";; + errorPolicyProcessInsertionFailed) printf "Insertion failed for both IPv4 and IPv6 for policy '%s'" "$1";; + errorPolicyProcessInsertionFailedIpv4) printf "Insertion failed for IPv4 for policy '%s'" "$1";; + errorPolicyProcessUnknownEntry) printf "Unknown entry in policy '%s'" "$1";; errorInterfaceRoutingEmptyValues) printf "Received empty tid/mark or interface name when setting up routing";; - errorFailedToResolve) printf "Failed to resolve '%s'" "$@";; - errorTryFailed) printf "Command failed: %s" "$@";; - errorNftFileInstall) printf "Failed to install fw4 nft file '%s'" "$@";; - errorDownloadUrlNoHttps) printf "Failed to download '%s', HTTPS is not supported" "$@";; - errorDownloadUrl) printf "Failed to download '%s'" "$@";; - errorNoDownloadWithSecureReload) printf "Policy '%s' refers to URL which can't be downloaded in 'secure_reload' mode" "$@";; + errorFailedToResolve) printf "Failed to resolve '%s'" "$1";; + errorTryFailed) printf "Command failed: %s" "$1";; + errorNftFileInstall) printf "Failed to install fw4 nft file '%s'" "$1";; + errorDownloadUrlNoHttps) printf "Failed to download '%s', HTTPS is not supported" "$1";; + errorDownloadUrl) printf "Failed to download '%s'" "$1";; + errorNoDownloadWithSecureReload) printf "Policy '%s' refers to URL which can't be downloaded in 'secure_reload' mode" "$1";; errorFileSchemaRequiresCurl) printf "The file:// schema requires curl, but it's not detected on this system";; - errorIncompatibleUserFile) printf "Incompatible custom user file detected '%s'" "$@";; - errorDefaultFw4TableMissing) printf "Default fw4 table '%s' is missing" "$@";; - errorDefaultFw4ChainMissing) printf "Default fw4 chain '%s' is missing" "$@";; - errorRequiredBinaryMissing) printf "Required binary '%s' is missing" "$@";; - errorInterfaceRoutingUnknownDevType) printf "Unknown IPv6 Link type for device '%s'" "$@";; + errorIncompatibleUserFile) printf "Incompatible custom user file detected '%s'" "$1";; + errorDefaultFw4TableMissing) printf "Default fw4 table '%s' is missing" "$1";; + errorDefaultFw4ChainMissing) printf "Default fw4 chain '%s' is missing" "$1";; + errorRequiredBinaryMissing) printf "Required binary '%s' is missing" "$1";; + errorInterfaceRoutingUnknownDevType) printf "Unknown IPv6 Link type for device '%s'" "$1";; errorUplinkDown) printf "Uplink/WAN interface is still down, increase value of 'procd_boot_trigger_delay' option";; - warningInvalidOVPNConfig) printf "Invalid OpenVPN config for '%s' interface" "$@";; + errorMktempFileCreate) printf "Failed to create temporary file with mktemp mask: '%s'" "$1";; + errorSummary) printf "Errors encountered, please check %s" "$1";; + warningInvalidOVPNConfig) printf "Invalid OpenVPN config for '%s' interface" "$1";; warningResolverNotSupported) printf "Resolver set (%s) is not supported on this system" "$resolver_set";; - warningPolicyProcessCMD) printf "'%s'" "$@";; - warningTorUnsetParams) printf "Please unset 'src_addr', 'src_port' and 'dest_port' for policy '%s'" "$@";; - warningTorUnsetProto) printf "Please unset 'proto' or set 'proto' to 'all' for policy '%s'" "$@";; - warningTorUnsetChainNft) printf "Please unset 'chain' or set 'chain' to 'prerouting' for policy '%s'" "$@";; - warningOutdatedWebUIApp) printf "The WebUI application is outdated (version %s), please update it" "$@";; - warningDnsmasqInstanceNoConfdir) printf "Dnsmasq instance '%s' targeted in settings, but it doesn't have its own confdir" "$@";; - warningDhcpLanForce) printf "Please set 'dhcp.%s.force=1' to speed up service start-up" "$@";; - *) printf "Unknown error/warning '%s'" "$@";; + warningPolicyProcessCMD) printf "'%s'" "$1";; + warningTorUnsetParams) printf "Please unset 'src_addr', 'src_port' and 'dest_port' for policy '%s'" "$1";; + warningTorUnsetProto) printf "Please unset 'proto' or set 'proto' to 'all' for policy '%s'" "$1";; + warningTorUnsetChainNft) printf "Please unset 'chain' or set 'chain' to 'prerouting' for policy '%s'" "$1";; + warningOutdatedWebUIApp) printf "The WebUI application is outdated (version %s), please update it" "$1";; + warningDnsmasqInstanceNoConfdir) printf "Dnsmasq instance '%s' targeted in settings, but it doesn't have its own confdir" "$1";; + warningDhcpLanForce) printf "Please set 'dhcp.%s.force=1' to speed up service start-up" "$1";; + warningSummary) printf "Warnings encountered, please check %s" "$(get_url '#WarningMessagesDetails')";; + warningIncompatibleDHCPOption6) printf "Incompatible DHCP Option 6 for interface %s" "$1";; + *) printf "Unknown error/warning '%s'" "$1";; esac } @@ -440,9 +467,11 @@ process_url() { else unset dl_https_supported fi - while [ -z "$dl_temp_file" ] || [ -e "$dl_temp_file" ]; do - dl_temp_file="$(mktemp -u -q -t "${packageName}_tmp.XXXXXXXX")" - done + dl_temp_file="$(mktemp -q -t "${packageName}_tmp.XXXXXXXX")" + if [ -z "$dl_temp_file" ] || [ ! -e "$dl_temp_file" ]; then + json add error 'errorMktempFileCreate' "${packageName}_tmp.XXXXXXXX" + return 1 + fi if is_url_file "$url" && ! is_present 'curl'; then json add error 'errorFileSchemaRequiresCurl' "$url" elif is_url_https "$url" && [ -z "$dl_https_supported" ]; then @@ -457,70 +486,67 @@ process_url() { load_package_config() { local param="$1" - local user_file_check_result i config_load "$packageName" - config_get_bool debug_dnsmasq 'config' 'debug_dnsmasq' '0' - config_get_bool enabled 'config' 'enabled' '0' - config_get fw_mask 'config' 'fw_mask' 'ff0000' + config_get_bool enabled 'config' 'enabled' '0' + config_get fw_mask 'config' 'fw_mask' '00ff0000' config_get icmp_interface 'config' 'icmp_interface' config_get ignored_interface 'config' 'ignored_interface' - config_get_bool ipv6_enabled 'config' 'ipv6_enabled' '0' - config_get_bool nft_rule_counter 'config' 'nft_rule_counter' '0' - config_get_bool nft_set_auto_merge 'config' 'nft_set_auto_merge' '1' - config_get_bool nft_set_counter 'config' 'nft_set_counter' '0' - config_get_bool nft_set_flags_interval 'config' 'nft_set_flags_interval' '1' - config_get_bool nft_set_flags_timeout 'config' 'nft_set_flags_timeout' '0' + config_get_bool ipv6_enabled 'config' 'ipv6_enabled' '0' + config_get_bool nft_rule_counter 'config' 'nft_rule_counter' '0' + config_get_bool nft_set_auto_merge 'config' 'nft_set_auto_merge' '1' + config_get_bool nft_set_counter 'config' 'nft_set_counter' '0' + config_get_bool nft_set_flags_interval 'config' 'nft_set_flags_interval' '1' + config_get_bool nft_set_flags_timeout 'config' 'nft_set_flags_timeout' '0' + config_get_bool nft_user_set_counter 'config' 'nft_user_set_counter' '0' config_get nft_set_gc_interval 'config' 'nft_set_gc_interval' - config_get nft_set_policy 'config' 'nft_set_policy' 'performance' + config_get nft_set_policy 'config' 'nft_set_policy' 'performance' config_get nft_set_timeout 'config' 'nft_set_timeout' config_get resolver_set 'config' 'resolver_set' - config_get resolver_instance 'config' 'resolver_instance' '*' - config_get_bool strict_enforcement 'config' 'strict_enforcement' '1' + config_get resolver_instance 'config' 'resolver_instance' '*' + config_get_bool strict_enforcement 'config' 'strict_enforcement' '1' config_get supported_interface 'config' 'supported_interface' - config_get verbosity 'config' 'verbosity' '2' + config_get verbosity 'config' 'verbosity' '2' config_get procd_boot_trigger_delay 'config' 'procd_boot_trigger_delay' '5000' - config_get procd_lan_device 'config' 'procd_lan_device' 'br-lan' - config_get procd_reload_delay 'config' 'procd_reload_delay' '0' - config_get procd_wan_interface 'config' 'procd_wan_interface' 'wan' - config_get procd_wan6_interface 'config' 'procd_wan6_interface' 'wan6' - config_get wan_ip_rules_priority 'config' 'wan_ip_rules_priority' '30000' - config_get wan_mark 'config' 'wan_mark' '010000' + config_get lan_device 'config' 'lan_device' 'br-lan' + config_get procd_reload_delay 'config' 'procd_reload_delay' '0' + config_get uplink_interface 'config' 'uplink_interface' 'wan' + config_get uplink_interface6 'config' 'uplink_interface6' 'wan6' + config_get uplink_ip_rules_priority 'config' 'uplink_ip_rules_priority' '30000' + config_get uplink_mark 'config' 'uplink_mark' '00010000' fw_mask="0x${fw_mask}" - wan_mark="0x${wan_mark}" - if [ -x "$agh" ] && [ ! -s "$aghConfigFile" ]; then - [ -s "${agh%/*}/AdGuardHome.yaml" ] && aghConfigFile="${agh%/*}/AdGuardHome.yaml" - fi - [ -n "$ipv6_enabled" ] && [ "$ipv6_enabled" -eq '0' ] && unset ipv6_enabled - [ -n "$nft_user_set_counter" ] && [ "$nft_user_set_counter" -eq '0' ] && unset nft_user_set_counter + uplink_mark="0x${uplink_mark}" + + [ "$resolver_set" = 'none' ] && unset resolver_set + [ "$enabled" = '1' ] || unset enabled + [ "$ipv6_enabled" = '1' ] || unset ipv6_enabled + [ "$strict_enforcement" = '1' ] || unset strict_enforcement + fw_maskXor="$(printf '%#x' "$((fw_mask ^ 0xffffffff))")" fw_maskXor="${fw_maskXor:-0xff00ffff}" is_integer "$procd_boot_trigger_delay" || procd_boot_trigger_delay='5000' [ "$procd_boot_trigger_delay" -lt '1000' ] && procd_boot_trigger_delay='1000' - [ "$debug_dnsmasq" != '1' ] && unset debug_dnsmasq - [ "$nft_rule_counter" != '1' ] && unset nft_rule_counter - [ "$nft_set_auto_merge" != '1' ] && unset nft_set_auto_merge - [ "$nft_set_counter" != '1' ] && unset nft_set_counter - [ "$nft_set_flags_interval" != '1' ] && unset nft_set_flags_interval - [ "$nft_set_flags_timeout" != '1' ] && unset nft_set_flags_timeout - [ -z "${nft_set_flags_timeout}${nft_set_timeout}" ] && unset nft_set_gc_interval local nft_set_flags - if [ -n "${nft_set_flags_interval}${nft_set_flags_timeout}" ]; then - [ -n "$nft_set_flags_interval" ] && nft_set_flags='flags interval' - if [ -n "$nft_set_flags_timeout" ]; then - if [ -n "$nft_set_flags" ]; then - nft_set_flags="${nft_set_flags}, timeout" - else - nft_set_flags='flags timeout' - fi - fi - fi + case "${nft_set_flags_interval}:${nft_set_flags_timeout}" in + 1:1) nft_set_flags="flags interval, timeout${nft_set_timeout:+; timeout $nft_set_timeout}";; + 1:0) nft_set_flags='flags interval';; + 0:1) nft_set_flags="flags timeout${nft_set_timeout:+; timeout $nft_set_timeout}";; + 0:0) nft_set_flags='';; + esac + + [ "$nft_user_set_counter" = '1' ] || unset nft_user_set_counter + [ "$nft_rule_counter" = '1' ] || unset nft_rule_counter + [ "$nft_set_auto_merge" = '1' ] || unset nft_set_auto_merge + [ "$nft_set_counter" = '1' ] || unset nft_set_counter + [ "$nft_set_flags_interval" = '1' ] || unset nft_set_flags_interval + [ "$nft_set_flags_timeout" = '1' ] || unset nft_set_flags_timeout + [ -n "${nft_set_flags_timeout}${nft_set_timeout}" ] || unset nft_set_gc_interval - nft_rule_params="${nft_rule_counter:+counter}" + nftRuleParams="${nft_rule_counter:+counter}" - nft_set_params=" \ + nftSetParams=" \ ${nft_set_auto_merge:+ auto-merge;} \ ${nft_set_counter:+ counter;} \ ${nft_set_flags:+ $nft_set_flags;} \ @@ -528,21 +554,42 @@ load_package_config() { ${nft_set_policy:+ policy "$nft_set_policy";} \ ${nft_set_timeout:+ timeout "$nft_set_timeout";} \ " + + if [ -x "$agh" ] && [ ! -s "$aghConfigFile" ]; then + [ -s "${agh%/*}/AdGuardHome.yaml" ] && aghConfigFile="${agh%/*}/AdGuardHome.yaml" + fi + unset loadEnvironmentFlag + loadPackageConfigFlag='true' } # shellcheck disable=SC2317 load_environment() { _system_health_check() { - _check_dhcp_force() { +# shellcheck disable=SC2329 + _check_lan_compatibility() { is_lan "$1" || return 0 - if [ "$(uci_get dhcp "$1" force 0)" = '0' ]; then + local force ipaddr dhcp_option i + config_get force "$1" force + config_get ipaddr "$1" ipaddr + if [ "$force" = '0' ]; then json add warning 'warningDhcpLanForce' "$1" fi + [ -n "$resolver_set" ] || return 0 + for i in $(uci_get 'dhcp' "$1" 'dhcp_option'); do + local option="${i%%,*}" value="${i#*,}" + if [ "$option" = '6' ] && [ "$value" != "${ipaddr%%/*}" ]; then + json add warning 'warningIncompatibleDHCPOption6' "${1}: ${value}" + fi + done } local i _ret=0 + if ! check_nft; then + json add error 'errorNoNft' + _ret='1' + fi if [ "$(uci_get 'firewall' 'defaults' 'auto_includes')" = '0' ]; then uci_remove 'firewall' 'defaults' 'auto_includes' - uci_commit firewall + uci_commit 'firewall' fi if [ "$(readlink /sbin/ip)" != "$ip_full" ]; then json add error 'errorRequiredBinaryMissing' 'ip-full' @@ -565,17 +612,16 @@ load_environment() { fi done config_load 'network' - config_foreach _check_dhcp_force 'interface' + config_foreach _check_lan_compatibility 'interface' return "$_ret" } local param="$1" validation_result="$2" - [ -z "$load_environment_flag" ] || return 0 + [ -z "$loadEnvironmentFlag" ] || return 0 + [ -n "$loadPackageConfigFlag" ] || load_package_config "$param" case "$param" in on_boot|on_start) - json init output 1 "Loading environment ($param) " - load_package_config "$param" - if [ "$enabled" -eq '0' ]; then + if [ -z "$enabled" ]; then output 1 "$_FAIL_\n" json add error 'errorServiceDisabled' output_error "$(get_text 'errorServiceDisabled')" @@ -591,28 +637,28 @@ load_environment() { return 1 fi _system_health_check || { output 1 "$_FAIL_\n"; return 1; } - resolver 'check_support' && resolver 'configure_instances' + resolver 'check_support' load_network "$param" output 1 "$_OK_\n" ;; - on_stop) - json init - output 1 "Loading environment ($param) " - load_package_config "$param" + on_triggers) load_network "$param" - output 1 "$_OK_\n" ;; - on_triggers|*) - load_package_config "$param" + on_interface_reload|on_reload|on_stop|*) + output 1 "Loading environment ($param) " load_network "$param" + resolver 'check_support' + output 1 "$_OK_\n" ;; esac - load_environment_flag=1 + loadEnvironmentFlag='true' } # shellcheck disable=SC2317 load_network() { +# shellcheck disable=SC2329 _build_ifaces_supported() { is_supported_interface "$1" && ! str_contains "$ifacesSupported" "$1" && ifacesSupported="${ifacesSupported}${1} "; } +# shellcheck disable=SC2329 _find_firewall_wan_zone() { [ "$(uci_get 'firewall' "$1" 'name')" = "wan" ] && firewallWanZone="$1"; } local i param="$1" local dev4 dev6 @@ -625,12 +671,12 @@ load_network() { config_load 'network' config_foreach _build_ifaces_supported 'interface' fi - wanIface4="$procd_wan_interface" + wanIface4="$uplink_interface" network_get_device dev4 "$wanIface4" [ -z "$dev4" ] && network_get_physdev dev4 "$wanIface4" [ -z "$wanGW4" ] && pbr_get_gateway4 wanGW4 "$wanIface4" "$dev4" if [ -n "$ipv6_enabled" ]; then - wanIface6="$procd_wan6_interface" + wanIface6="$uplink_interface6" network_get_device dev6 "$wanIface6" [ -z "$dev6" ] && network_get_physdev dev6 "$wanIface6" [ -z "$wanGW6" ] && pbr_get_gateway6 wanGW6 "$wanIface6" "$dev6" @@ -648,10 +694,10 @@ load_network() { } is_wan_up() { - local sleepCount='1' param="$1" - if [ -z "$(uci_get network "$procd_wan_interface")" ]; then - json add error 'errorNoWanInterface' "$procd_wan_interface" - json add error 'errorNoWanInterfaceHint' + local param="$1" + if [ -z "$(uci_get network "$uplink_interface")" ]; then + json add error 'errorNoUplinkInterface' "$uplink_interface" + json add error 'errorNoUplinkInterfaceHint' "$(get_url '#uplink_interface')" return 1 fi network_flush_cache @@ -664,10 +710,10 @@ is_wan_up() { fi } -nft_call() { [ -x "$nft" ] && "$nft" "$@" >/dev/null 2>&1; } +nft_call() { "$nft" "$@" >/dev/null 2>&1; } nft_file() { local i - [ -x "$nft" ] || return 1 + case "$1" in add|add_command) shift @@ -702,7 +748,7 @@ nft_file() { ;; esac } -nft() { [ -x "$nft" ] && [ -n "$*" ] && nft_file 'add_command' "$@"; } +nft() { [ -n "$*" ] && nft_file 'add_command' "$@"; } nft4() { nft "$@"; } nft6() { [ -n "$ipv6_enabled" ] || return 0; nft "$@"; } nftset() { @@ -712,8 +758,6 @@ nftset() { nftset4="${nftPrefix}${iface:+_$iface}_4${target:+_$target}${type:+_$type}${uid:+_$uid}" nftset6="${nftPrefix}${iface:+_$iface}_6${target:+_$target}${type:+_$type}${uid:+_$uid}" - [ -x "$nft" ] || return 1 - if [ "${#nftset4}" -gt '255' ]; then json add error 'errorNftsetNameTooLong' "$nftset4" return 1 @@ -745,46 +789,46 @@ nftset() { ;; add_dnsmasq_element) [ -n "$ipv6_enabled" ] || unset nftset6 - # shellcheck disable=SC2086 - echo "nftset=/${param}/4#inet#${nftTable}#${nftset4}${nftset6:+,6#inet#${nftTable}#$nftset6} # $comment" | tee -a $dnsmasqFileList >/dev/null 2>&1 && ipv4_error=0 + grep -qxF "nftset=/${param}/4#inet#${nftTable}#${nftset4}${nftset6:+,6#inet#${nftTable}#$nftset6} # $comment" "$packageDnsmasqFile" && return 0 + echo "nftset=/${param}/4#inet#${nftTable}#${nftset4}${nftset6:+,6#inet#${nftTable}#$nftset6} # $comment" >> "$packageDnsmasqFile" && ipv4_error=0 ;; create) case "$type" in ip|net) - nft4 add set inet "$nftTable" "$nftset4" "{ type ipv4_addr; $nft_set_params comment \"$comment\";}" && ipv4_error=0 - nft6 add set inet "$nftTable" "$nftset6" "{ type ipv6_addr; $nft_set_params comment \"$comment\";}" && ipv6_error=0 + nft4 add set inet "$nftTable" "$nftset4" "{ type ipv4_addr; $nftSetParams comment \"$comment\";}" && ipv4_error=0 + nft6 add set inet "$nftTable" "$nftset6" "{ type ipv6_addr; $nftSetParams comment \"$comment\";}" && ipv6_error=0 ;; mac) - nft4 add set inet "$nftTable" "$nftset4" "{ type ether_addr; $nft_set_params comment \"$comment\";}" && ipv4_error=0 - nft6 add set inet "$nftTable" "$nftset6" "{ type ether_addr; $nft_set_params comment \"$comment\";}" && ipv6_error=0 + nft4 add set inet "$nftTable" "$nftset4" "{ type ether_addr; $nftSetParams comment \"$comment\";}" && ipv4_error=0 + nft6 add set inet "$nftTable" "$nftset6" "{ type ether_addr; $nftSetParams comment \"$comment\";}" && ipv6_error=0 ;; esac ;; create_dnsmasq_set) - nft4 add set inet "$nftTable" "$nftset4" "{ type ipv4_addr; $nft_set_params comment \"$comment\";}" && ipv4_error=0 - nft6 add set inet "$nftTable" "$nftset6" "{ type ipv6_addr; $nft_set_params comment \"$comment\";}" && ipv6_error=0 + nft4 add set inet "$nftTable" "$nftset4" "{ type ipv4_addr; $nftSetParams comment \"$comment\";}" && ipv4_error=0 + nft6 add set inet "$nftTable" "$nftset6" "{ type ipv6_addr; $nftSetParams comment \"$comment\";}" && ipv6_error=0 ;; create_user_set) case "$type" in ip|net) - nft4 add set inet "$nftTable" "$nftset4" "{ type ipv4_addr; $nft_set_params comment \"$comment\";}" && ipv4_error=0 - nft6 add set inet "$nftTable" "$nftset6" "{ type ipv6_addr; $nft_set_params comment \"$comment\";}" && ipv6_error=0 + nft4 add set inet "$nftTable" "$nftset4" "{ type ipv4_addr; $nftSetParams comment \"$comment\";}" && ipv4_error=0 + nft6 add set inet "$nftTable" "$nftset6" "{ type ipv6_addr; $nftSetParams comment \"$comment\";}" && ipv6_error=0 case "$target" in dst) - nft4 add rule inet "$nftTable" "${nftPrefix}_prerouting" "${nftIPv4Flag}" daddr "@${nftset4}" "${nft_rule_params}" goto "${nftPrefix}_mark_${mark}" && ipv4_error=0 - nft6 add rule inet "$nftTable" "${nftPrefix}_prerouting" "${nftIPv6Flag}" daddr "@${nftset6}" "${nft_rule_params}" goto "${nftPrefix}_mark_${mark}" && ipv6_error=0 + nft4 add rule inet "$nftTable" "${nftPrefix}_prerouting" "${nftIPv4Flag}" daddr "@${nftset4}" "${nftRuleParams}" goto "${nftPrefix}_mark_${mark}" && ipv4_error=0 + nft6 add rule inet "$nftTable" "${nftPrefix}_prerouting" "${nftIPv6Flag}" daddr "@${nftset6}" "${nftRuleParams}" goto "${nftPrefix}_mark_${mark}" && ipv6_error=0 ;; src) - nft4 add rule inet "$nftTable" "${nftPrefix}_prerouting" "${nftIPv4Flag}" saddr "@${nftset4}" "${nft_rule_params}" goto "${nftPrefix}_mark_${mark}" && ipv4_error=0 - nft6 add rule inet "$nftTable" "${nftPrefix}_prerouting" "${nftIPv6Flag}" saddr "@${nftset6}" "${nft_rule_params}" goto "${nftPrefix}_mark_${mark}" && ipv6_error=0 + nft4 add rule inet "$nftTable" "${nftPrefix}_prerouting" "${nftIPv4Flag}" saddr "@${nftset4}" "${nftRuleParams}" goto "${nftPrefix}_mark_${mark}" && ipv4_error=0 + nft6 add rule inet "$nftTable" "${nftPrefix}_prerouting" "${nftIPv6Flag}" saddr "@${nftset6}" "${nftRuleParams}" goto "${nftPrefix}_mark_${mark}" && ipv6_error=0 ;; esac ;; mac) - nft4 add set inet "$nftTable" "$nftset4" "{ type ether_addr; $nft_set_params comment \"$comment\"; }" && ipv4_error=0 - nft6 add set inet "$nftTable" "$nftset6" "{ type ether_addr; $nft_set_params comment \"$comment\"; }" && ipv6_error=0 - nft4 add rule inet "$nftTable" "${nftPrefix}_prerouting" ether saddr "@${nftset4}" "${nft_rule_params}" goto "${nftPrefix}_mark_${mark}" && ipv4_error=0 - nft6 add rule inet "$nftTable" "${nftPrefix}_prerouting" ether saddr "@${nftset6}" "${nft_rule_params}" goto "${nftPrefix}_mark_${mark}" && ipv6_error=0 + nft4 add set inet "$nftTable" "$nftset4" "{ type ether_addr; $nftSetParams comment \"$comment\"; }" && ipv4_error=0 + nft6 add set inet "$nftTable" "$nftset6" "{ type ether_addr; $nftSetParams comment \"$comment\"; }" && ipv6_error=0 + nft4 add rule inet "$nftTable" "${nftPrefix}_prerouting" ether saddr "@${nftset4}" "${nftRuleParams}" goto "${nftPrefix}_mark_${mark}" && ipv4_error=0 + nft6 add rule inet "$nftTable" "${nftPrefix}_prerouting" ether saddr "@${nftset6}" "${nftRuleParams}" goto "${nftPrefix}_mark_${mark}" && ipv6_error=0 ;; esac ;; @@ -864,6 +908,8 @@ cleanup_sets() { json() { local status message stats i local action="$1" param="$2" value="$3"; shift 3; local info="$*"; + local _current_namespace="$_JSON_PREFIX" + json_set_namespace "${packageName//-/_}_" [ "$param" = 'error' ] && param='errors' [ "$param" = 'warning' ] && param='warnings' { json_load_file "$runningStatusFile" || json_init; } >/dev/null 2>&1 @@ -882,6 +928,7 @@ json() { fi printf "%b" "$i" json_select .. + json_set_namespace "$_current_namespace" return ;; 'add') @@ -893,6 +940,7 @@ json() { json_select .. ;; 'init') + mkdir -p "${runningStatusFile%/*}" json_init json_add_array 'errors' json_close_array @@ -900,38 +948,44 @@ json() { json_close_array ;; esac - mkdir -p "${runningStatusFile%/*}" json_dump > "$runningStatusFile" sync + json_set_namespace "$_current_namespace" } resolver() { - _resolver_dnsmasq_confdir() { - local cfg="$1" - local confdir confdirFile -# shellcheck disable=SC2016 - if grep -q 'config_get dnsmasqconfdir "$cfg" confdir "/tmp/dnsmasq${cfg:+.$cfg}.d"' '/etc/init.d/dnsmasq'; then - config_get confdir "$cfg" 'confdir' "/tmp/dnsmasq${cfg:+.$cfg}.d" - else - config_get confdir "$cfg" 'confdir' '/tmp/dnsmasq.d' - fi - confdirFile="${confdir}/${packageName}" - if ! str_contains "$dnsmasqFileList" "$confdirFile"; then - dnsmasqFileList="${dnsmasqFileList:+$dnsmasqFileList }${confdirFile}" - fi + _dnsmasq_instance_get_confdir() { + local cfg_file + [ -z "$dnsmasq_ubus" ] && dnsmasq_ubus="$(ubus call service list '{"name":"dnsmasq"}')" + cfg_file="$(echo "$dnsmasq_ubus" | jsonfilter -e "@.dnsmasq.instances.${1}.command" \ + | awk '{gsub(/\\\//,"/");gsub(/[][",]/,"");for(i=1;i<=NF;i++)if($i=="-C"){print $(i+1);exit}}')" + awk -F= '/^conf-dir=/{print $2; exit}' "$cfg_file" + } + _dnsmasq_instance_config() { + local cfg="$1" param="$2" confdir + case "$param" in + cleanup) + # clean up all dnsmasq configs + confdir="$(_dnsmasq_instance_get_confdir "$cfg")" + [ -n "$confdir" ] && rm -f "${confdir}/${packageName}" + uci_remove_list 'dhcp' "$cfg" 'addnmount' "$packageDnsmasqFile" + ;; + setup) + # add dnsmasq conf addnmounts to point to pbr file + uci_add_list_if_new 'dhcp' "$cfg" 'addnmount' "$packageDnsmasqFile" + # add softlink to pbr file + confdir="$(_dnsmasq_instance_get_confdir "$cfg")" + [ -n "$confdir" ] || return 1 + ln -sf "$packageDnsmasqFile" "${confdir}/${packageName}" + chmod 660 "${confdir}/${packageName}" + chown -h root:dnsmasq "${confdir}/${packageName}" >/dev/null 2>/dev/null + ;; + esac } local agh_version local param="$1" iface="$2" target="$3" type="$4" uid="$5" name="$6" value="$7" shift - if [ "$param" = 'cleanup_all' ]; then - local dfl - for dfl in $dnsmasqFileList; do - rm -f "$dfl" - done - return 0 - fi - case "$resolver_set" in ''|none) case "$param" in @@ -940,8 +994,6 @@ resolver() { check_support) return 0;; cleanup) return 0;; configure) return 0;; - init) return 0;; - init_end) return 0;; kill) return 0;; reload) return 0;; restart) return 0;; @@ -952,23 +1004,19 @@ resolver() { dnsmasq.nftset) case "$param" in add_resolver_element) - [ -n "$resolver_set_supported" ] || return 1 + [ -n "$resolverSetSupported" ] || return 1 local d for d in $value; do nftset 'add_dnsmasq_element' "$iface" "$target" "$type" "$uid" "$name" "$d" done ;; create_resolver_set) - [ -n "$resolver_set_supported" ] || return 1 + [ -n "$resolverSetSupported" ] || return 1 nftset 'create_dnsmasq_set' "$iface" "$target" "$type" "$uid" "$name" "$value" ;; check_support) - if [ ! -x "$nft" ]; then - json add error 'errorNoNft' - return 1 - fi if check_dnsmasq_nftset; then - resolver_set_supported='true' + resolverSetSupported='true' return 0 else json add warning 'warningResolverNotSupported' @@ -976,46 +1024,30 @@ resolver() { fi ;; cleanup) - if [ -n "$resolver_set_supported" ]; then - local dfl - for dfl in $dnsmasqFileList; do - rm -f "$dfl" - done - fi + [ -n "$resolverSetSupported" ] || return 1 + rm -f "$packageDnsmasqFile" + config_load 'dhcp' + config_foreach _dnsmasq_instance_config 'dnsmasq' 'cleanup' ;; configure) - if [ -n "$resolver_set_supported" ]; then - local dfl - for dfl in $dnsmasqFileList; do - [ "${dfl%/*}" = '/var/run' ] && continue - mkdir -p "${dfl%/*}" - chmod -R 660 "${dfl%/*}" - chown -R root:dnsmasq "${dfl%/*}" - touch "$dfl" - chmod 660 "$dfl" - chown root:dnsmasq "$dfl" - done - fi - ;; - configure_instances) + [ -n "$resolverSetSupported" ] || return 1 + rm -f "$packageDnsmasqFile" + touch "$packageDnsmasqFile" config_load 'dhcp' if [ "$resolver_instance" = "*" ]; then - config_foreach _resolver_dnsmasq_confdir 'dnsmasq' + config_foreach _dnsmasq_instance_config 'dnsmasq' 'setup' else + config_foreach _dnsmasq_instance_config 'dnsmasq' 'cleanup' for i in $resolver_instance; do - _resolver_dnsmasq_confdir "@dnsmasq[$i]" \ - || _resolver_dnsmasq_confdir "$i" + _dnsmasq_instance_config "@dnsmasq[$i]" \ + || _dnsmasq_instance_config "$i" done fi - str_contains "$dnsmasqFileList" "$dnsmasqFileDefault" || \ - dnsmasqFileList="${dnsmasqFileList:+$dnsmasqFileList }${dnsmasqFileDefault}" ;; - init) :;; - init_end) :;; kill) - [ -n "$resolver_set_supported" ] && killall -q -s HUP dnsmasq;; + [ -n "$resolverSetSupported" ] && killall -q -s HUP dnsmasq;; reload) - [ -z "$resolver_set_supported" ] && return 1 + [ -z "$resolverSetSupported" ] && return 1 output 3 'Reloading dnsmasq ' if /etc/init.d/dnsmasq reload >/dev/null 2>&1; then output_okn @@ -1026,7 +1058,7 @@ resolver() { fi ;; restart) - [ -z "$resolver_set_supported" ] && return 1 + [ -z "$resolverSetSupported" ] && return 1 output 3 'Restarting dnsmasq ' if /etc/init.d/dnsmasq restart >/dev/null 2>&1; then output_okn @@ -1037,15 +1069,16 @@ resolver() { fi ;; compare_hash) - [ -z "$resolver_set_supported" ] && return 1 + [ -z "$resolverSetSupported" ] && return 1 + uci_changes 'dhcp' && uci_commit 'dhcp' local resolverNewHash - if [ -s "$dnsmasqFileDefault" ]; then - resolverNewHash="$(md5sum "$dnsmasqFileDefault" | awk '{ print $1; }')" + if [ -s "$packageDnsmasqFile" ]; then + resolverNewHash="$(md5sum "$packageDnsmasqFile" | awk '{ print $1; }')" fi [ "$resolverNewHash" != "$resolverStoredHash" ] ;; store_hash) - [ -s "$dnsmasqFileDefault" ] && resolverStoredHash="$(md5sum "$dnsmasqFileDefault" | awk '{ print $1; }')";; + [ -s "$packageDnsmasqFile" ] && resolverStoredHash="$(md5sum "$packageDnsmasqFile" | awk '{ print $1; }')";; esac ;; unbound.nftset) @@ -1055,8 +1088,6 @@ resolver() { check_support) :;; cleanup) :;; configure) :;; - init) :;; - init_end) :;; kill) :;; reload) :;; restart) :;; @@ -1073,7 +1104,7 @@ dns_policy_routing() { local param4 param6 local negation value dest4 dest6 first_value local inline_set_ipv4_empty_flag inline_set_ipv6_empty_flag - local name="$1" src_addr="$2" dest_dns="$3" uid="$4" + local name="$1" src_addr="$2" dest_dns="$3" uid="$4" dest_dns_port="$5" local chain='dstnat' iface='dns' if [ -z "${dest_dns_ipv4}${dest_dns_ipv6}" ]; then @@ -1091,7 +1122,7 @@ dns_policy_routing() { if { is_ipv4 "$(str_first_word "$src_addr")" && [ -z "$dest_dns_ipv4" ]; } || \ { is_ipv6 "$(str_first_word "$src_addr")" && [ -z "$dest_dns_ipv6" ]; }; then processPolicyError='true' - json add error 'errorPolicyProcessMismatchFamily' "${name}: '$src_addr' '$dest_dns'" + json add error 'errorPolicyProcessMismatchFamily' "${name}: '$src_addr' '$dest_dns':'$dest_dns_port'" return 1 fi @@ -1099,8 +1130,8 @@ dns_policy_routing() { unset param4 unset param6 - dest4="dport 53 dnat ip to ${dest_dns_ipv4}:53" - dest6="dport 53 dnat ip6 to ${dest_dns_ipv6}:53" + dest4="dport 53 dnat ip to ${dest_dns_ipv4}:${dest_dns_port}" + dest6="dport 53 dnat ip6 to ${dest_dns_ipv6}:${dest_dns_port}" if [ -n "$src_addr" ]; then if [ "${src_addr:0:1}" = "!" ]; then @@ -1139,21 +1170,21 @@ dns_policy_routing() { fi fi - param4="$nftInsertOption rule inet ${nftTable} ${nftPrefix}_${chain} ${param4} ${nft_rule_params} meta nfproto ipv4 ${proto_i} ${dest4} comment \"$name\"" - param6="$nftInsertOption rule inet ${nftTable} ${nftPrefix}_${chain} ${param6} ${nft_rule_params} meta nfproto ipv6 ${proto_i} ${dest6} comment \"$name\"" + param4="$nftInsertOption rule inet ${nftTable} ${nftPrefix}_${chain} ${param4} ${nftRuleParams} meta nfproto ipv4 ${proto_i} ${dest4} comment \"$name\"" + param6="$nftInsertOption rule inet ${nftTable} ${nftPrefix}_${chain} ${param6} ${nftRuleParams} meta nfproto ipv6 ${proto_i} ${dest6} comment \"$name\"" local ipv4_error='0' ipv6_error='0' - if [ "$policy_routing_nft_prev_param4" != "$param4" ] && \ + if [ "$pbrNftPrevParam4" != "$param4" ] && \ [ -n "$first_value" ] && ! is_ipv6 "$first_value" && \ [ -z "$inline_set_ipv4_empty_flag" ] && [ -n "$dest_dns_ipv4" ]; then nft4 "$param4" || ipv4_error='1' - policy_routing_nft_prev_param4="$param4" + pbrNftPrevParam4="$param4" fi - if [ "$policy_routing_nft_prev_param6" != "$param6" ] && [ "$param4" != "$param6" ] && \ + if [ "$pbrNftPrevParam6" != "$param6" ] && [ "$param4" != "$param6" ] && \ [ -n "$first_value" ] && ! is_ipv4 "$first_value" && \ [ -z "$inline_set_ipv6_empty_flag" ] && [ -n "$dest_dns_ipv6" ]; then nft6 "$param6" || ipv6_error='1' - policy_routing_nft_prev_param6="$param6" + pbrNftPrevParam6="$param6" fi if [ -n "$ipv6_enabled" ] && [ "$ipv4_error" -eq '1' ] && [ "$ipv6_error" -eq '1' ]; then @@ -1342,8 +1373,8 @@ policy_routing() { local ipv4_error='0' ipv6_error='0' local dest_i dest4 dest6 chain='dstnat' - param4="$nftInsertOption rule inet $nftTable ${nftPrefix}_${chain} ${nft_rule_params} meta nfproto ipv4 $param4" - param6="$nftInsertOption rule inet $nftTable ${nftPrefix}_${chain} ${nft_rule_params} meta nfproto ipv6 $param6" + param4="$nftInsertOption rule inet $nftTable ${nftPrefix}_${chain} ${nftRuleParams} meta nfproto ipv4 $param4" + param6="$nftInsertOption rule inet $nftTable ${nftPrefix}_${chain} ${nftRuleParams} meta nfproto ipv6 $param6" dest_udp_53="udp dport 53 redirect to :${torDnsPort} comment \"Tor-DNS-UDP\"" dest_tcp_80="tcp dport 80 redirect to :${torTrafficPort} comment \"Tor-HTTP-TCP\"" dest_udp_80="udp dport 80 redirect to :${torTrafficPort} comment \"Tor-HTTP-UDP\"" @@ -1369,22 +1400,22 @@ policy_routing() { fi done else - param4="$nftInsertOption rule inet $nftTable ${nftPrefix}_${chain} ${param4} ${nft_rule_params} ${dest4} comment \"$name\"" - param6="$nftInsertOption rule inet $nftTable ${nftPrefix}_${chain} ${param6} ${nft_rule_params} ${dest6} comment \"$name\"" + param4="$nftInsertOption rule inet $nftTable ${nftPrefix}_${chain} ${param4} ${nftRuleParams} ${dest4} comment \"$name\"" + param6="$nftInsertOption rule inet $nftTable ${nftPrefix}_${chain} ${param6} ${nftRuleParams} ${dest6} comment \"$name\"" local ipv4_error='0' ipv6_error='0' - if [ "$policy_routing_nft_prev_param4" != "$param4" ] && \ + if [ "$pbrNftPrevParam4" != "$param4" ] && \ [ -z "$src_inline_set_ipv4_empty_flag" ] && [ -z "$dest_inline_set_ipv4_empty_flag" ] && \ [ "$filter_group_src_addr" != 'ipv6' ] && [ "$filter_group_src_addr" != 'ipv6_negative' ] && \ [ "$filter_group_dest_addr" != 'ipv6' ] && [ "$filter_group_dest_addr" != 'ipv6_negative' ]; then nft4 "$param4" || ipv4_error='1' - policy_routing_nft_prev_param4="$param4" + pbrNftPrevParam4="$param4" fi - if [ "$policy_routing_nft_prev_param6" != "$param6" ] && [ "$param4" != "$param6" ] && \ + if [ "$pbrNftPrevParam6" != "$param6" ] && [ "$param4" != "$param6" ] && \ [ -z "$src_inline_set_ipv6_empty_flag" ] && [ -z "$dest_inline_set_ipv6_empty_flag" ] && \ [ "$filter_group_src_addr" != 'ipv4' ] && [ "$filter_group_src_addr" != 'ipv4_negative' ] && \ [ "$filter_group_dest_addr" != 'ipv4' ] && [ "$filter_group_dest_addr" != 'ipv4_negative' ]; then nft6 "$param6" || ipv6_error='1' - policy_routing_nft_prev_param6="$param6" + pbrNftPrevParam6="$param6" fi if [ -n "$ipv6_enabled" ] && [ "$ipv4_error" -eq '1' ] && [ "$ipv6_error" -eq '1' ]; then processPolicyError='true' @@ -1406,7 +1437,7 @@ policy_routing() { dns_policy_process() { local i j uid="$1" - [ "$enabled" -gt '0' ] || return 0 + [ "$enabled" = '1' ] || return 0 src_addr="$(str_extras_to_space "$src_addr")" dest_dns="$(str_extras_to_space "$dest_dns")" @@ -1429,7 +1460,7 @@ dns_policy_process() { fi unset processDnsPolicyError - output 2 "Routing '$name' DNS to $dest_dns " + output 2 "Routing '$name' DNS to $dest_dns:$dest_dns_port " if [ -z "$src_addr" ]; then json add error 'errorPolicyNoSrcDest' "$name" output_fail; return 1; @@ -1451,7 +1482,7 @@ dns_policy_process() { if str_contains "$filter_group_src_addr" 'ipv6' && [ -z "$dest_dns_ipv6" ] ; then continue fi - dns_policy_routing "$name" "$filtered_value_src_addr" "$dest_dns" "$uid" + dns_policy_routing "$name" "$filtered_value_src_addr" "$dest_dns" "$uid" "$dest_dns_port" fi done @@ -1465,7 +1496,7 @@ dns_policy_process() { policy_process() { local i j uid="$1" - [ "$enabled" -gt '0' ] || return 0 + [ "$enabled" = '1' ] || return 0 src_addr="$(str_extras_to_space "$src_addr")" src_port="$(str_extras_to_space "$src_port")" @@ -1571,7 +1602,7 @@ interface_routing() { ip -4 rule del table "$tid" prio "$priority" >/dev/null 2>&1 try ip -4 rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv4_error=1 try nft add chain inet "$nftTable" "${nftPrefix}_mark_${mark}" || ipv4_error=1 - try nft add rule inet "$nftTable" "${nftPrefix}_mark_${mark} ${nft_rule_params} mark set mark and ${fw_maskXor} xor ${mark}" || ipv4_error=1 + try nft add rule inet "$nftTable" "${nftPrefix}_mark_${mark} ${nftRuleParams} mark set mark and ${fw_maskXor} xor ${mark}" || ipv4_error=1 try nft add rule inet "$nftTable" "${nftPrefix}_mark_${mark} return" || ipv4_error=1 if [ -n "$ipv6_enabled" ]; then ipv6_error=0 @@ -1586,7 +1617,7 @@ interface_routing() { fi ip -4 rule flush table "$tid" >/dev/null 2>&1 ip -4 route flush table "$tid" >/dev/null 2>&1 - if [ -n "$gw4" ] || [ "$strict_enforcement" -ne '0' ]; then + if [ -n "$gw4" ] || [ -n "$strict_enforcement" ]; then ipv4_error=0 if [ -z "$gw4" ]; then try ip -4 route add unreachable default table "$tid" || ipv4_error=1 @@ -1608,29 +1639,30 @@ EOF try ip -4 rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv4_error=1 fi try nft add chain inet "$nftTable" "${nftPrefix}_mark_${mark}" || ipv4_error=1 - try nft add rule inet "$nftTable" "${nftPrefix}_mark_${mark} ${nft_rule_params} mark set mark and ${fw_maskXor} xor ${mark}" || ipv4_error=1 + try nft add rule inet "$nftTable" "${nftPrefix}_mark_${mark} ${nftRuleParams} mark set mark and ${fw_maskXor} xor ${mark}" || ipv4_error=1 try nft add rule inet "$nftTable" "${nftPrefix}_mark_${mark} return" || ipv4_error=1 if [ -n "$ipv6_enabled" ]; then ipv6_error=0 ip -6 rule flush table "$tid" >/dev/null 2>&1 ip -6 route flush table "$tid" >/dev/null 2>&1 - if { [ -n "$gw6" ] && [ "$gw6" != "::/0" ]; } || [ "$strict_enforcement" -ne '0' ]; then + if { [ -n "$gw6" ] && [ "$gw6" != "::/0" ]; } || [ -n "$strict_enforcement" ]; then if [ -z "$gw6" ] || [ "$gw6" = "::/0" ]; then try ip -6 route add unreachable default table "$tid" || ipv6_error=1 elif ip -6 route list table main | grep -q " dev $dev6 "; then if ip -6 address show dev "$dev6" | grep -q "BROADCAST"; then - try ip -6 route add default via "$gw6" dev "$dev6" table "$tid" metric "$procd_wan6_metric" || ipv6_error=1 + try ip -6 route add default via "$gw6" dev "$dev6" table "$tid" metric "$uplink_interface6_metric" || ipv6_error=1 elif ip -6 address show dev "$dev6" | grep -q "POINTOPOINT"; then - try ip -6 route add default dev "$dev6" table "$tid" metric "$procd_wan6_metric" || ipv6_error=1 + try ip -6 route add default dev "$dev6" table "$tid" metric "$uplink_interface6_metric" || ipv6_error=1 else json add error 'errorInterfaceRoutingUnknownDevType' "$dev6" fi # if ! ip -6 route add default via "$gw6" dev "$dev6" table "$tid" >/dev/null 2>&1; then -# try ip -6 route add default dev "$dev6" table "$tid" metric "$procd_wan6_metric" || ipv6_error=1 +# try ip -6 route add default dev "$dev6" table "$tid" metric "$uplink_interface6_metric" || ipv6_error=1 # fi while read -r i; do i="$(echo "$i" | sed 's/ linkdown$//')" i="$(echo "$i" | sed 's/ onlink$//')" + i="$(echo "$i" | sed -E 's/ proto kernel//; s/ expires -?[0-9]+sec//')" # shellcheck disable=SC2086 try ip -6 route add $i table "$tid" || ipv6_error=1 done << EOF @@ -1647,15 +1679,15 @@ EOF if [ "$ipv4_error" -eq '0' ] || [ "$ipv6_error" -eq '0' ]; then dscp="$(uci_get "$packageName" 'config' "${iface}_dscp")" if [ "${dscp:-0}" -ge '1' ] && [ "${dscp:-0}" -le '63' ]; then - try nft add rule inet "$nftTable" "${nftPrefix}_prerouting ${nftIPv4Flag} dscp ${dscp} ${nft_rule_params} goto ${nftPrefix}_mark_${mark}" || s=1 + try nft add rule inet "$nftTable" "${nftPrefix}_prerouting ${nftIPv4Flag} dscp ${dscp} ${nftRuleParams} goto ${nftPrefix}_mark_${mark}" || s=1 if [ -n "$ipv6_enabled" ]; then - try nft add rule inet "$nftTable" "${nftPrefix}_prerouting ${nftIPv6Flag} dscp ${dscp} ${nft_rule_params} goto ${nftPrefix}_mark_${mark}" || s=1 + try nft add rule inet "$nftTable" "${nftPrefix}_prerouting ${nftIPv6Flag} dscp ${dscp} ${nftRuleParams} goto ${nftPrefix}_mark_${mark}" || s=1 fi fi if [ "$iface" = "$icmp_interface" ]; then - try nft add rule inet "$nftTable" "${nftPrefix}_output ${nftIPv4Flag} protocol icmp ${nft_rule_params} goto ${nftPrefix}_mark_${mark}" || s=1 + try nft add rule inet "$nftTable" "${nftPrefix}_output ${nftIPv4Flag} protocol icmp ${nftRuleParams} goto ${nftPrefix}_mark_${mark}" || s=1 if [ -n "$ipv6_enabled" ]; then - try nft add rule inet "$nftTable" "${nftPrefix}_output ${nftIPv6Flag} protocol icmp ${nft_rule_params} goto ${nftPrefix}_mark_${mark}" || s=1 + try nft add rule inet "$nftTable" "${nftPrefix}_output ${nftIPv6Flag} protocol icmp ${nftRuleParams} goto ${nftPrefix}_mark_${mark}" || s=1 fi fi else @@ -1687,32 +1719,30 @@ EOF [ -n "$ipv6_enabled" ] && ip -6 rule del table "$tid" prio "$priority" >/dev/null 2>&1 is_netifd_table_interface "$iface" && return 0; ipv4_error=0 - if ! is_netifd_table_interface "$iface"; then - ip -4 rule flush table "$tid" >/dev/null 2>&1 - ip -4 route flush table "$tid" >/dev/null 2>&1 - if [ -n "$ipv6_enabled" ]; then - ip -6 rule flush table "$tid" >/dev/null 2>&1 - ip -6 route flush table "$tid" >/dev/null 2>&1 - fi + ip -4 rule flush table "$tid" >/dev/null 2>&1 + ip -4 route flush table "$tid" >/dev/null 2>&1 + if [ -n "$ipv6_enabled" ]; then + ip -6 rule flush table "$tid" >/dev/null 2>&1 + ip -6 route flush table "$tid" >/dev/null 2>&1 fi - if [ -n "$gw4" ] || [ "$strict_enforcement" -ne '0' ]; then + if [ -n "$gw4" ] || [ -n "$strict_enforcement" ]; then if [ -z "$gw4" ]; then try ip -4 route add unreachable default table "$tid" || ipv4_error=1 else try ip -4 route add default via "$gw4" dev "$dev" table "$tid" || ipv4_error=1 fi - try ip rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv4_error=1 + try ip -4 rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv4_error=1 fi if [ -n "$ipv6_enabled" ]; then ipv6_error=0 - if { [ -n "$gw6" ] && [ "$gw6" != "::/0" ]; } || [ "$strict_enforcement" -ne '0' ]; then + if { [ -n "$gw6" ] && [ "$gw6" != "::/0" ]; } || [ -n "$strict_enforcement" ]; then if [ -z "$gw6" ] || [ "$gw6" = "::/0" ]; then try ip -6 route add unreachable default table "$tid" || ipv6_error=1 elif ip -6 route list table main | grep -q " dev $dev6 "; then if ip -6 address show dev "$dev6" | grep -q "BROADCAST"; then - try ip -6 route add default via "$gw6" dev "$dev6" table "$tid" metric "$procd_wan6_metric" || ipv6_error=1 + try ip -6 route add default via "$gw6" dev "$dev6" table "$tid" metric "$uplink_interface6_metric" || ipv6_error=1 elif ip -6 address show dev "$dev6" | grep -q "POINTOPOINT"; then - try ip -6 route add default dev "$dev6" table "$tid" metric "$procd_wan6_metric" || ipv6_error=1 + try ip -6 route add default dev "$dev6" table "$tid" metric "$uplink_interface6_metric" || ipv6_error=1 else json add error 'errorInterfaceRoutingUnknownDevType' "$dev6" fi @@ -1765,8 +1795,8 @@ process_interface() { if [ "$iface" = 'all' ] && [ "$action" = 'prepare' ]; then config_load 'network' - ifaceMark="$(printf '0x%06x' "$wan_mark")" - ifacePriority="$wan_ip_rules_priority" + ifaceMark="$(printf '0x%06x' "$uplink_mark")" + ifacePriority="$uplink_ip_rules_priority" unset ifaceTableID return 0 fi @@ -1828,8 +1858,8 @@ process_interface() { fi [ -z "$dev6" ] && dev6="$dev" - [ -z "$ifaceMark" ] && ifaceMark="$(printf '0x%06x' "$wan_mark")" - [ -z "$ifacePriority" ] && ifacePriority="$wan_ip_rules_priority" + [ -z "$ifaceMark" ] && ifaceMark="$(printf '0x%06x' "$uplink_mark")" + [ -z "$ifacePriority" ] && ifacePriority="$uplink_ip_rules_priority" case "$action" in pre_init) @@ -1837,7 +1867,7 @@ process_interface() { eval "pre_init_mark_${iface//-/_}"='$ifaceMark' eval "pre_init_priority_${iface//-/_}"='$ifacePriority' eval "pre_init_tid_${iface//-/_}"='$ifaceTableID' - ifaceMark="$(printf '0x%06x' $((ifaceMark + wan_mark)))" + ifaceMark="$(printf '0x%06x' $((ifaceMark + uplink_mark)))" ifacePriority="$((ifacePriority - 1))" ifaceTableID="$((ifaceTableID + 1))" return 0 @@ -1943,19 +1973,19 @@ process_interface() { output_fail fi else + json_add_gateway 'skip_interface' "$ifaceTableID" "$ifaceMark" "$iface" "$gw4" "$dev" "$gw6" "$dev6" "$ifacePriority" "$dispStatus" gatewaySummary="${gatewaySummary}${displayText}${dispStatus:+ $dispStatus}\n" fi ;; esac -# ifaceTableID="$((ifaceTableID + 1))" - ifaceMark="$(printf '0x%06x' $((ifaceMark + wan_mark)))" + ifaceMark="$(printf '0x%06x' $((ifaceMark + uplink_mark)))" ifacePriority="$((ifacePriority - 2))" return $s } user_file_process() { local shellBin="${SHELL:-/bin/ash}" - [ "$enabled" -gt '0' ] || return 0 + [ "$enabled" = '1' ] || return 0 if [ ! -s "$path" ]; then json add error 'errorUserFileNotFound' "$path" output_fail @@ -1988,8 +2018,6 @@ user_file_process() { boot() { nft_file 'delete' -# ubus -t 30 wait_for network.interface 2>/dev/null - pbr_boot_flag=1 rc_procd start_service 'on_boot' && service_started 'on_boot' } @@ -2016,15 +2044,14 @@ on_interface_reload() { } start_service() { - local resolverStoredHash resolverNewHash i param="$1" reloadedIface k + local param="$1" + local resolverStoredHash resolverNewHash reloadedIface + local i k -# [ -n "$pbr_boot_flag" ] && return 0 -# [ "$param" = 'on_boot' ] && return 0 + load_package_config "$param" + [ "$param" = 'on_boot' ] && pbrBootFlag=1 && return 0 + json init load_environment "${param:-on_start}" "$(load_validate_config)" || return 1 - if [ -n "$pbr_boot_flag" ] || [ "$param" = 'on_boot' ]; then - [ -n "$wanGW" ] || return 0 - unset pbr_boot_flag - fi output "Processing environment (${param:-on_start}) " is_wan_up "$param" || { output_error "$(get_text 'errorUplinkDown')"; return 1; } @@ -2084,7 +2111,7 @@ start_service() { case $serviceStartTrigger in on_interface_reload) - output_okn + output_okn output 1 "Reloading Interface: $reloadedIface " json_add_array 'gateways' process_interface 'all' 'prepare' @@ -2094,15 +2121,13 @@ start_service() { ;; on_reload|on_start|*) resolver 'store_hash' - resolver 'cleanup_all' resolver 'configure' - resolver 'init' cleanup_main_chains cleanup_sets cleanup_marking_chains cleanup_rt_tables nft_file 'create' - output_okn + output_okn output 1 'Processing interfaces ' json_add_array 'gateways' process_interface 'all' 'prepare' @@ -2140,17 +2165,13 @@ start_service() { output 1 '\n' fi nft_file 'install' - resolver 'init_end' resolver 'compare_hash' && resolver 'restart' ;; esac - if [ -z "$gatewaySummary" ]; then - json add error 'errorNoGateways' - fi json_add_int 'packageCompat' "$packageCompat" json_add_object 'status' - [ -n "$gatewaySummary" ] && json_add_string 'gateways' "$gatewaySummary" + [ -n "$gatewaySummary" ] && json_add_string 'gateways' "$gatewaySummary" || json add error 'errorNoGateways' json_close_object json_add_array 'errors' for k in $(json get errors); do @@ -2168,42 +2189,41 @@ start_service() { json_close_object done json_close_array - if [ "$strict_enforcement" -ne '0' ] && str_contains "$gatewaySummary" '0.0.0.0'; then + if [ -n "$strict_enforcement" ] && str_contains "$gatewaySummary" '0.0.0.0'; then json_add_string 'mode' 'strict' fi procd_close_data procd_close_instance } +service_running() { procd_set_config_changed firewall; } service_started() { - [ -n "$pbr_boot_flag" ] && return 0 + [ -n "$pbrBootFlag" ] && return 0 local error warning c if nft_file 'exists'; then procd_set_config_changed firewall - if nft_file 'exists'; then - [ -n "$gatewaySummary" ] && output "$serviceName (fw4 nft file mode) started with gateways:\n${gatewaySummary}" - else - output "$serviceName FAILED TO START in fw4 nft file mode!!!" - output "Check the output of nft -c -f $nftTempFile" - fi + [ -n "$gatewaySummary" ] && output "$serviceName (fw4 nft file mode) started with gateways:\n${gatewaySummary}" else - [ -n "$gatewaySummary" ] && output "$serviceName (nft mode) started with gateways:\n${gatewaySummary}" + output "$serviceName FAILED TO START in fw4 nft file mode!!!" + output "Check the output of nft -c -f $nftTempFile" fi - error="$(json get error)" warning="$(json get warning)" - if [ -n "$error" ]; then - for c in $error; do - code="$(json get error "$c" 'code')" - info="$(json get error "$c" 'info')" - output_error "$(get_text "$code" "$info")" - done - fi if [ -n "$warning" ]; then for c in $warning; do code="$(json get warning "$c" 'code')" info="$(json get warning "$c" 'info')" output_warning "$(get_text "$code" "$info")" done + output_warning "$(get_text 'warningSummary' "$(get_url '#WarningMessagesDetails')")" + fi + error="$(json get error)" + if [ -n "$error" ]; then + for c in $error; do + code="$(json get error "$c" 'code')" + info="$(json get error "$c" 'info')" + output_error "$(get_text "$code" "$info")" + done + output_error "$(get_text 'errorSummary' "$(get_url '#ErrorMessagesDetails')")" fi touch "$packageLockFile" if [ -n "$error" ]; then @@ -2214,24 +2234,21 @@ service_started() { return 0 fi } +service_stopped() { procd_set_config_changed firewall; } # shellcheck disable=SC2015 service_triggers() { local n - load_environment 'on_triggers' -# shellcheck disable=SC2034 - PROCD_RELOAD_DELAY=$(( procd_reload_delay * 1000 )) - procd_open_validate - load_validate_config - load_validate_policy - load_validate_include - procd_close_validate - if [ -n "$pbr_boot_flag" ] && is_integer "$procd_boot_trigger_delay"; then + if [ -n "$pbrBootFlag" ]; then output "Setting trigger (on_boot) " - procd_open_trigger - procd_add_raw_trigger "interface.*.up" "$procd_boot_trigger_delay" "/etc/init.d/${packageName}" start && output_okn || output_failn - procd_close_trigger + procd_add_raw_trigger "interface.*.up" "$procd_boot_trigger_delay" "/etc/init.d/${packageName}" start && output_okn || output_failn else + PROCD_RELOAD_DELAY=$(( procd_reload_delay * 1000 )) + procd_open_validate + load_validate_config + load_validate_policy + load_validate_include + procd_close_validate procd_open_trigger procd_add_config_trigger "config.change" 'openvpn' "/etc/init.d/${packageName}" reload 'on_openvpn_change' procd_add_config_trigger "config.change" "${packageName}" "/etc/init.d/${packageName}" reload @@ -2240,17 +2257,18 @@ service_triggers() { output 2 "Setting interface trigger for $n " procd_add_interface_trigger "interface.*" "$n" "/etc/init.d/${packageName}" on_interface_reload "$n" && output_ok || output_fail done - output '\n' + output 1 '\n' procd_close_trigger - fi - if [ "$serviceStartTrigger" = 'on_start' ]; then - output 3 "$serviceName monitoring interfaces: ${ifacesSupported}\n" + if [ "$serviceStartTrigger" = 'on_start' ]; then + output 3 "$serviceName monitoring interfaces: ${ifacesSupported}\n" + fi fi } # shellcheck disable=SC2015 stop_service() { local i nft_file_mode + json init ! is_service_running && [ "$(get_rt_tables_next_id)" = "$(get_rt_tables_non_pbr_next_id)" ] && return 0 [ "$1" = 'quiet' ] && quiet_mode 'on' load_environment 'on_stop' @@ -2273,9 +2291,9 @@ stop_service() { unset ifaceMark unset ifaceTableID resolver 'store_hash' - resolver 'cleanup_all' + resolver 'cleanup' resolver 'compare_hash' && resolver 'restart' - if [ "$enabled" -ne '0' ]; then + if [ -n "$enabled" ]; then if [ -n "$nft_file_mode" ]; then output "$serviceName (fw4 nft file mode) stopped "; output_okn; else @@ -2290,6 +2308,7 @@ version() { echo "$PKG_VERSION"; } # shellcheck disable=SC2317 setup_netifd() { local param="$1" +# shellcheck disable=SC2329 _pbr_iface_setup() { local iface="${1}" param="$2" tid if is_supported_interface "${iface}"; then @@ -2307,8 +2326,8 @@ setup_netifd() { } _pbr_default_route_setup() { local iface iface6 param="$1" - iface="$(uci_get 'pbr' 'config' 'procd_wan_interface')" - iface6="$(uci_get 'pbr' 'config' 'procd_wan6_interface')" + iface="$(uci_get 'pbr' 'config' 'uplink_interface')" + iface6="$(uci_get 'pbr' 'config' 'uplink_interface6')" [ -z "$iface" ] && { network_flush_cache; network_find_wan iface; } [ -z "$iface6" ] && { network_flush_cache; network_find_wan6 iface6; } output "Setting up ${packageName} default route for ${iface:-wan} ${param:+($param) }" @@ -2339,7 +2358,7 @@ setup_netifd() { } status_service() { - local i dev dev6 wan_tid + local i dev dev6 wanTID json_load "$(ubus call system board)"; json_select release; json_get_var dist distribution; json_get_var vers version if [ -n "$wanIface4" ]; then @@ -2354,7 +2373,7 @@ status_service() { while [ "${1:0:1}" = "-" ]; do param="${1//-/}"; eval "set_$param=1"; shift; done [ -e "/var/${packageName}-support" ] && rm -f "/var/${packageName}-support" # shellcheck disable=SC2154 - status="$serviceName running on $dist $vers." + status="$serviceName installed on $dist $vers." [ -n "$wanIface4" ] && status="$status WAN (IPv4): ${wanIface4}/${dev}/${wanGW4:-0.0.0.0}." [ -n "$wanIface6" ] && status="$status WAN (IPv6): ${wanIface6}/${dev6}/${wanGW6:-::/0}." @@ -2383,30 +2402,30 @@ status_service() { for i in $(get_nft_sets); do "$nft" -a list table inet "$nftTable" | sed -n "/set ${i} {/,/\t}/p" done - if [ -s "$dnsmasqFileDefault" ]; then + if [ -s "$packageDnsmasqFile" ]; then echo "$_SEPARATOR_" - echo "dnsmasq sets" - cat "$dnsmasqFileDefault" + echo "dnsmasq nft sets in $packageDnsmasqFile" + cat "$packageDnsmasqFile" fi # echo "$_SEPARATOR_" # ip rule list | grep "${packageName}_" echo "$_SEPARATOR_" echo "$packageName tables & routing" tableCount="$(grep -c "${packageName}_" "$rtTablesFile")" || tableCount=0 - wan_tid=$(($(get_rt_tables_next_id)-tableCount)) + wanTID=$(($(get_rt_tables_next_id)-tableCount)) i=0; while [ "$i" -lt "$tableCount" ]; do local status_table - status_table="$(grep $((wan_tid + i)) "$rtTablesFile")" + status_table="$(grep $((wanTID + i)) "$rtTablesFile")" echo "IPv4 table $status_table route:" - ip -4 route show table "$((wan_tid + i))" | grep default + ip -4 route show table "$((wanTID + i))" | grep default echo "IPv4 table $status_table rule(s):" - ip -4 rule list table "$((wan_tid + i))" + ip -4 rule list table "$((wanTID + i))" if [ "$(uci_get "$packageName" config ipv6_enabled)" = "1" ]; then echo "$_SEPARATOR_" echo "IPv6 table $status_table route:" - ip -6 route show table "$((wan_tid + i))" | grep default + ip -6 route show table "$((wanTID + i))" | grep default echo "IPv6 table $status_table rule(s):" - ip -6 rule list table "$((wan_tid + i))" + ip -6 rule list table "$((wanTID + i))" fi echo "$_SEPARATOR_" i=$((i + 1)) @@ -2416,24 +2435,23 @@ status_service() { # shellcheck disable=SC2120 load_validate_config() { uci_load_validate "$packageName" "$packageName" "$1" "${2}${3:+ $3}" \ - 'debug_dnsmasq:bool:0' \ 'enabled:bool:0' \ 'strict_enforcement:bool:1' \ 'ipv6_enabled:bool:0' \ 'resolver_set:or("", "none", "dnsmasq.nftset")' \ 'resolver_instance:list(or(integer, string)):*' \ 'verbosity:range(0,2):2' \ - 'wan_mark:regex("[A-Fa-f0-9]{8}"):010000' \ - 'fw_mask:regex("[A-Fa-f0-9]{8}"):ff0000' \ + 'uplink_mark:regex("[A-Fa-f0-9]{8}"):00010000' \ + 'uplink_ip_rules_priority:uinteger:30000' \ + 'fw_mask:regex("[A-Fa-f0-9]{8}"):00ff0000' \ 'icmp_interface:or("", tor, uci("network", "@interface"))' \ 'ignored_interface:list(or(tor, uci("network", "@interface")))' \ 'supported_interface:list(or(ignore, tor, regex("xray_.*"), uci("network", "@interface")))' \ 'procd_boot_trigger_delay:range(1000,10000):5000' \ - 'procd_lan_device:list(or(network)):br-lan' \ + 'lan_device:list(or(network)):br-lan' \ 'procd_reload_delay:uinteger:0' \ - 'procd_wan_interface:network:wan' \ - 'procd_wan6_interface:network:wan6' \ - 'wan_ip_rules_priority:uinteger:30000' \ + 'uplink_interface:network:wan' \ + 'uplink_interface6:network:wan6' \ 'webui_supported_protocol:list(string)' \ 'nft_rule_counter:bool:0'\ 'nft_set_auto_merge:bool:1'\ @@ -2442,7 +2460,8 @@ load_validate_config() { 'nft_set_flags_timeout:bool:0'\ 'nft_set_gc_interval:or("", string)'\ 'nft_set_policy:or("", memory, performance):performance'\ - 'nft_set_timeout:or("", string)' + 'nft_set_timeout:or("", string)' \ + ; } # shellcheck disable=SC2120 @@ -2451,11 +2470,14 @@ load_validate_dns_policy() { local enabled local src_addr local dest_dns + local dest_dns_port uci_load_validate "$packageName" 'policy' "$1" "${2}${3:+ $3}" \ 'name:string:Untitled' \ 'enabled:bool:1' \ 'src_addr:list(neg(or(host,network,macaddr,string)))' \ - 'dest_dns:list(or(host,network,string))' + 'dest_dns:list(or(host,network,string))' \ + 'dest_dns_port:port:53' \ + ; } # shellcheck disable=SC2120 @@ -2478,7 +2500,8 @@ load_validate_policy() { 'src_addr:list(neg(or(host,network,macaddr,string)))' \ 'src_port:list(neg(or(portrange,string)))' \ 'dest_addr:list(neg(or(host,network,string)))' \ - 'dest_port:list(neg(or(portrange,string)))' + 'dest_port:list(neg(or(portrange,string)))' \ + ; } # shellcheck disable=SC2120 @@ -2487,5 +2510,6 @@ load_validate_include() { local enabled= uci_load_validate "$packageName" 'include' "$1" "${2}${3:+ $3}" \ 'path:file' \ - 'enabled:bool:0' + 'enabled:bool:0' \ + ; } diff --git a/net/pbr/files/etc/uci-defaults/90-pbr b/net/pbr/files/etc/uci-defaults/90-pbr index ccad4cdfacb946..ccdf663df17b03 100644 --- a/net/pbr/files/etc/uci-defaults/90-pbr +++ b/net/pbr/files/etc/uci-defaults/90-pbr @@ -9,28 +9,6 @@ else printf "%b: pbr init.d file (%s) not found! \n" '\033[0;31mERROR\033[0m' "$pbrFunctionsFile" fi -# Transition from vpn-policy-routing -if [ -s '/etc/config/vpn-policy-routing' ] && [ ! -s '/etc/config/pbr-opkg' ] \ - && [ "$(uci_get pbr config enabled)" = '0' ]; then - if [ -x '/etc/init.d/vpn-policy-routing' ]; then - output "Stopping and disabling vpn-policy-routing." - if /etc/init.d/vpn-policy-routing stop \ - && /etc/init.d/vpn-policy-routing disable; then - output_okn - else - output_failn - fi - fi - output "Migrating vpn-policy-routing config file." - if mv '/etc/config/pbr' '/etc/config/pbr-opkg' \ - && sed 's/vpn-policy-routing/pbr/g' /etc/config/vpn-policy-routing > /etc/config/pbr \ - && uci_set vpn-policy-routing config enabled 0 && uci_commit vpn-policy-routing; then - output_okn - else - output_failn - fi -fi - # Transition from older versions of pbr sed -i "s/resolver_ipset/resolver_set/g" /etc/config/pbr sed -i "s/iptables_rule_option/rule_create_option/g" /etc/config/pbr @@ -43,22 +21,14 @@ sed -i "s/option fw_mask '0x\(.*\)'/option fw_mask '\1'/g" /etc/config/pbr sed -i "s/option wan_mark '0x\(.*\)'/option wan_mark '\1'/g" /etc/config/pbr sed -i "s|option path '/etc/pbr/|option path '/usr/share/pbr/|g" /etc/config/pbr sed -i "/procd_lan_interface/d" /etc/config/pbr - -# add firewall include file to fw4 config -# shellcheck source=../../usr/share/pbr/firewall.include -if [ -s '/usr/share/pbr/firewall.include' ]; then -uci -q batch <<-EOT - delete firewall.pbr - set firewall.pbr='include' - set firewall.pbr.fw4_compatible='1' - set firewall.pbr.type='script' - set firewall.pbr.path='/usr/share/pbr/firewall.include' - commit firewall -EOT -fi +sed -i "s|procd_lan_device|lan_device|g" /etc/config/pbr +sed -i "s|procd_wan_interface|uplink_interface|g" /etc/config/pbr +sed -i "s|procd_wan6_interface|uplink_interface6|g" /etc/config/pbr +sed -i "s|wan_ip_rules_priority|uplink_ip_rules_priority|g" /etc/config/pbr +sed -i "s|wan_mark|uplink_mark|g" /etc/config/pbr # Transition from pre-1.1.7 versions -# shellcheck disable=SC2317 +# shellcheck disable=SC2317,SC2329 _remove_wg_server_client() { local path config_get path "$1" 'path' diff --git a/net/pbr/files/etc/uci-defaults/99-pbr-version b/net/pbr/files/etc/uci-defaults/99-pbr-version new file mode 100644 index 00000000000000..50cebfc4b5ceb3 --- /dev/null +++ b/net/pbr/files/etc/uci-defaults/99-pbr-version @@ -0,0 +1,16 @@ +#!/bin/sh +# shellcheck disable=SC2015,SC3037,SC3043 + +readonly pbrFunctionsFile='/etc/init.d/pbr' +if [ -s "$pbrFunctionsFile" ]; then +# shellcheck source=../../etc/init.d/pbr + . "$pbrFunctionsFile" +else + printf "%b: pbr init.d file (%s) not found! \n" '\033[0;31mERROR\033[0m' "$pbrFunctionsFile" +fi + +uci_set "$packageName" 'config' 'config_compat' "$packageCompat" +uci_set "$packageName" 'config' 'config_version' "$PKG_VERSION" +uci_commit "$packageName" + +exit 0 diff --git a/net/pbr/files/usr/share/pbr/pbr.user.dnsprefetch b/net/pbr/files/usr/share/pbr/pbr.user.dnsprefetch new file mode 100644 index 00000000000000..1b46c23acc8122 --- /dev/null +++ b/net/pbr/files/usr/share/pbr/pbr.user.dnsprefetch @@ -0,0 +1,87 @@ +#!/bin/sh +# When using pbr with dnsmasq's nft set support, a domain-based policy will not take effect until +# the remote domain name has been resolved by dnsmasq. Resolve all domain names in pbr policies in advance. + +( + timeout_nft='10' + timeout_dnsmasq='20' + pipe_ubus="/tmp/pipe.ubus.$$" + pipe_nslookup="/tmp/pipe.nslookup.$$" + log_abort='domain names in policies not resolved' + + # shellcheck disable=SC2154 + output() + { + msg="$*" + msg=$(printf '%b' "$msg" | sed 's/\x1b\[[0-9;]*m//g') + logger -t "$packageName [$$]" "$(printf '%b' "$msg")" + } + + nft_ready() + { + while ! /usr/sbin/nft list sets 'inet' | grep -q "pbr"; do + [ "$timeout_nft" -eq '0' ] && { + output "Pbr's nft sets not found, $log_abort $__FAIL__" + return 1 + } + sleep '1' && timeout_nft=$((timeout_nft - 1)) + done + } + + run_nslookup() + { + output=$(nslookup "$1" 127.0.0.1) && { echo '0' > "$pipe_nslookup"; return; } + reason=$(printf '%s' "$output" | grep -Eo -m 1 'NXDOMAIN|SERVFAIL|timed out') && \ + output "$_WARNING_ Lookup failed for $domain ($reason)" + echo '1' > "$pipe_nslookup" + } + + # shellcheck disable=SC2162 + nslookup_tracker() + { + while read ec; do + entries=$((entries + 1)) + [ "$ec" -eq '1' ] && errors=$((errors + 1)) + done < "$pipe_nslookup" + + output "Finished resolving $entries domain names in policies (${errors:-0} failed) $__OK__" + } + + [ -n "$resolverSetSupported" ] || { + output "Resolver set support disabled, $log_abort $__FAIL__" + exit + } + mkfifo "$pipe_ubus" + mkfifo "$pipe_nslookup" + ubus listen -m 'ubus.object.add' > "$pipe_ubus" & ubus_listen_pid=$! + + # shellcheck disable=SC3045 + while read -t "$timeout_dnsmasq" -r event; do + echo "$event" | grep -q "dnsmasq.dns" || continue + dnsmasq_restarted='1' + # shellcheck disable=SC2154 + [ -f "$packageDnsmasqFile" ] || { + output "File $packageDnsmasqFile not found, $log_abort $__FAIL__" + break + } + nft_ready || break + nslookup_tracker & exec 3>"$pipe_nslookup" + + ( + output "Resolving domain names in policies..." + while IFS='/' read -r _ domain _; do + [ -n "$domain" ] && run_nslookup "$domain" & + entries=$((entries + 1)) + done < "$packageDnsmasqFile" + wait + ) + + exec 3>&- + break + done < "$pipe_ubus" + + [ -n "$dnsmasq_restarted" ] || output "Dnsmasq hasn't restarted, $log_abort $__FAIL__" + kill "$ubus_listen_pid" + rm "$pipe_ubus" + rm "$pipe_nslookup" +) & diff --git a/net/pdns-recursor/Makefile b/net/pdns-recursor/Makefile index e1a274e5fc00ab..b41e6f0a063a08 100644 --- a/net/pdns-recursor/Makefile +++ b/net/pdns-recursor/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=pdns-recursor -PKG_VERSION:=5.1.2 +PKG_VERSION:=5.1.8 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://downloads.powerdns.com/releases/ -PKG_HASH:=b3a37ebb20285ab9acbbb0e1370e623bb398ed3087f0e678f23ffa3b0063983d +PKG_HASH:=9d2cc864d815010c39902c7f6a4c838c5d7f3a767c9897a44dc6afa3a815a40e PKG_MAINTAINER:=Peter van Dijk , Remi Gacogne PKG_LICENSE:=GPL-2.0-only diff --git a/net/samba4/Makefile b/net/samba4/Makefile index 4afa8746372cf5..eb7d3d807c76fa 100644 --- a/net/samba4/Makefile +++ b/net/samba4/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=samba -PKG_VERSION:=4.18.8 +PKG_VERSION:=4.18.11 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz @@ -13,7 +13,7 @@ PKG_SOURCE_URL:= \ http://www.nic.funet.fi/index/samba/pub/samba/stable/ \ http://samba.mirror.bit.nl/samba/ftp/stable/ \ https://download.samba.org/pub/samba/stable/ -PKG_HASH:=4fb87bceaeb01d832a59046c197a044b7e8e8000581548b5d577a6cda03344d1 +PKG_HASH:=9e52a7fe1c62aba9a648a725fcf51996ebb4b08e7410afa7a229c1b9f50c9c54 PKG_BUILD_FLAGS:=gc-sections diff --git a/net/sing-box/Makefile b/net/sing-box/Makefile index 8e8b9979e4b187..e11aeb99620594 100644 --- a/net/sing-box/Makefile +++ b/net/sing-box/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=sing-box -PKG_VERSION:=1.12.0 +PKG_VERSION:=1.12.12 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/SagerNet/sing-box/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=1093254161d2dac2175a589eb0b43415b89b3e0c10bb2a09ac230f320d974c82 +PKG_HASH:=f08add81eab7e4d6091195179bb39fa3f64dbb0326feaa022994566b702d1245 PKG_LICENSE:=GPL-3.0-or-later PKG_LICENSE_FILES:=LICENSE @@ -24,7 +24,7 @@ GO_PKG_LDFLAGS_X:=$(GO_PKG)/constant.Version=$(PKG_VERSION) include $(INCLUDE_DIR)/package.mk include ../../lang/golang/golang-package.mk -define Package/sing-box +define Package/sing-box-default TITLE:=The universal proxy platform SECTION:=net CATEGORY:=Network @@ -33,11 +33,28 @@ define Package/sing-box USERID:=sing-box=5566:sing-box=5566 endef +define Package/sing-box + $(Package/sing-box-default) + TITLE+= (full) + VARIANT:=full + DEFAULT_VARIANT:=1 +endef + define Package/sing-box/description Sing-box is a universal proxy platform which supports hysteria, SOCKS, Shadowsocks, ShadowTLS, Tor, trojan, VLess, VMess, WireGuard and so on. endef +define Package/sing-box-tiny + $(Package/sing-box-default) + TITLE+= (tiny) + PROVIDES:=sing-box + VARIANT:=tiny + CONFLICTS:=sing-box +endef + +Package/sing-box-tiny/description:=$(Package/sing-box/description) + define Package/sing-box/config menu "Select build options" depends on PACKAGE_sing-box @@ -96,6 +113,12 @@ PKG_CONFIG_DEPENDS:= \ CONFIG_SINGBOX_WITH_V2RAY_API \ CONFIG_SINGBOX_WITH_WIREGUARD +ifeq ($(BUILD_VARIANT),tiny) +ifeq ($(CONFIG_SMALL_FLASH),) +GO_PKG_TAGS:=with_gvisor +endif +GO_PKG_TAGS:=$(GO_PKG_TAGS),with_quic,with_utls,with_clash_api +else GO_PKG_TAGS:=$(subst $(space),$(comma),$(strip \ $(if $(CONFIG_SINGBOX_WITH_ACME),with_acme) \ $(if $(CONFIG_SINGBOX_WITH_CLASH_API),with_clash_api) \ @@ -109,12 +132,15 @@ GO_PKG_TAGS:=$(subst $(space),$(comma),$(strip \ $(if $(CONFIG_SINGBOX_WITH_V2RAY_API),with_v2ray_api) \ $(if $(CONFIG_SINGBOX_WITH_WIREGUARD),with_wireguard) \ )) +endif define Package/sing-box/conffiles /etc/config/sing-box /etc/sing-box/ endef +Package/sing-box-tiny/conffiles=$(Package/sing-box/conffiles) + define Package/sing-box/install $(INSTALL_DIR) $(1)/usr/bin/ $(INSTALL_BIN) $(GO_PKG_BUILD_BIN_DIR)/sing-box $(1)/usr/bin/sing-box @@ -128,4 +154,7 @@ define Package/sing-box/install $(INSTALL_BIN) ./files/sing-box.init $(1)/etc/init.d/sing-box endef +Package/sing-box-tiny/install=$(Package/sing-box/install) + $(eval $(call BuildPackage,sing-box)) +$(eval $(call BuildPackage,sing-box-tiny)) diff --git a/net/snort3/Makefile b/net/snort3/Makefile index 701928feff78d0..2590818bdda5cc 100644 --- a/net/snort3/Makefile +++ b/net/snort3/Makefile @@ -6,13 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=snort3 -PKG_VERSION:=3.9.1.0 -PKG_RELEASE:=2 +PKG_VERSION:=3.9.5.0 +PKG_RELEASE:=5 -PKG_SOURCE_PROTO:=git -PKG_SOURCE_VERSION:=$(PKG_VERSION) -PKG_SOURCE_URL:=https://github.com/snort3/snort3 -PKG_MIRROR_HASH:=982a56085c727ea0ea4717e92e0f6f339534520e80d0307cecf7d5eeda3811a5 +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://codeload.github.com/snort3/snort3/tar.gz/$(PKG_VERSION)? +PKG_HASH:=e2e36a8db2c4c26a6ff58ea58839339260319eba25d0eb901ddb7210f4fa4b4c PKG_MAINTAINER:=W. Michael Petullo , John Audia PKG_LICENSE:=GPL-2.0-only @@ -26,12 +25,11 @@ define Package/snort3 SUBMENU:=Firewall SECTION:=net CATEGORY:=Network - DEPENDS:= \ - +@!(TARGET_powerpc||TARGET_mips||TARGET_mips64||TARGET_mipsel):gperftools-runtime \ - +(TARGET_x86||TARGET_x86_64):hyperscan-runtime \ - +libstdcpp +libdaq3 +libdnet +libopenssl +libpcap +libpcre2 \ - +libpthread +libuuid +zlib +libhwloc +libtirpc @HAS_LUAJIT_ARCH +luajit +libatomic \ - +kmod-nft-queue +liblzma +ucode +ucode-mod-fs +ucode-mod-uci + DEPENDS:=+libstdcpp +libdaq3 +libdnet +libopenssl +libpcap +libpcre2 \ + +libpthread +libuuid +zlib +libhwloc +USE_MUSL:libtirpc @HAS_LUAJIT_ARCH +luajit +libatomic \ + +kmod-nft-queue +liblzma +ucode +ucode-mod-fs +ucode-mod-uci \ + +PACKAGE_gperftools-runtime:gperftools-runtime \ + +PACKAGE_hyperscan-runtime:hyperscan-runtime TITLE:=Lightweight Network Intrusion Detection System URL:=http://www.snort.org/ MENU:=1 @@ -45,13 +43,8 @@ define Package/snort3/description attacks. endef -# Hyperscan only builds for x86 -ifdef CONFIG_TARGET_x86_64 - CMAKE_OPTIONS += -DHS_INCLUDE_DIRS=$(STAGING_DIR)/usr/include/hs -endif - CMAKE_OPTIONS += \ - -DUSE_TIRPC:BOOL=YES \ + -DUSE_TIRPC=$(if $(CONFIG_USE_MUSL),ON,OFF) \ -DENABLE_STATIC_DAQ:BOOL=NO \ -DDAQ_INCLUDE_DIR=$(STAGING_DIR)/usr/include/daq3 \ -DDAQ_LIBRARIES_DIR_HINT:PATH=$(STAGING_DIR)/usr/lib/daq3 \ @@ -63,12 +56,12 @@ CMAKE_OPTIONS += \ -DMAKE_PDF_DOC:BOOL=NO \ -DMAKE_TEXT_DOC:BOOL=NO \ -DHAVE_LIBUNWIND=OFF \ - -DENABLE_TCMALLOC=ON \ - -DTCMALLOC_LIBRARIES=$(STAGING_DIR)/usr/lib/libtcmalloc.so \ - -DHAVE_LZMA=ON + -DHAVE_LZMA=ON \ + -DENABLE_TCMALLOC=$(if $(CONFIG_PACKAGE_gperftools-runtime),ON,OFF) \ + -DENABLE_HYPERSCAN=$(if $(CONFIG_PACKAGE_vectorscan-runtime),ON,OFF) \ + $(if $(CONFIG_PACKAGE_vectorscan-runtime),-DHS_INCLUDE_DIRS=$(STAGING_DIR)/usr/include/hs) -TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include/daq3 -I$(STAGING_DIR)/usr/include/tirpc -TARGET_LDFLAGS += -L$(STAGING_DIR)/usr/lib/daq3 -ltirpc +TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include/daq3 define Package/snort3/conffiles /etc/config/snort @@ -77,67 +70,33 @@ endef define Package/snort3/install $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) \ - $(PKG_INSTALL_DIR)/usr/bin/snort \ - $(1)/usr/bin/ - - $(INSTALL_BIN) \ - $(PKG_INSTALL_DIR)/usr/bin/snort2lua \ - $(1)/usr/bin/ - - $(INSTALL_BIN) \ - $(PKG_INSTALL_DIR)/usr/bin/u2{boat,spewfoo} \ - $(1)/usr/bin/ - - $(INSTALL_BIN) \ - ./files/snort-{mgr,rules} \ - $(1)/usr/bin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/snort $(1)/usr/bin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/snort2lua $(1)/usr/bin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/u2{boat,spewfoo} $(1)/usr/bin/ + $(INSTALL_BIN) ./files/snort-{mgr,rules} $(1)/usr/bin/ $(INSTALL_DIR) $(1)/usr/lib/snort - $(CP) \ - $(PKG_INSTALL_DIR)/usr/lib/snort/daq/daq_hext.so \ - $(1)/usr/lib/snort/ - - $(CP) \ - $(PKG_INSTALL_DIR)/usr/lib/snort/daq/daq_file.so \ - $(1)/usr/lib/snort/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/snort/daq/daq_{hext,file}.so $(1)/usr/lib/snort/ $(INSTALL_DIR) $(1)/usr/share/lua - $(CP) \ - $(PKG_INSTALL_DIR)/usr/include/snort/lua/snort_plugin.lua \ - $(1)/usr/share/lua/ + $(CP) $(PKG_INSTALL_DIR)/usr/include/snort/lua/snort_plugin.lua $(1)/usr/share/lua/ $(INSTALL_DIR) $(1)/usr/share/snort - $(INSTALL_CONF) \ - ./files/main.uc \ - $(1)/usr/share/snort/ + $(INSTALL_CONF) ./files/main.uc $(1)/usr/share/snort/ $(INSTALL_DIR) $(1)/usr/share/snort/templates - $(INSTALL_CONF) \ - ./files/nftables.uc \ - $(1)/usr/share/snort/templates/ - $(INSTALL_CONF) \ - ./files/snort.uc \ - $(1)/usr/share/snort/templates/ + $(INSTALL_CONF) ./files/{nftables,snort}.uc $(1)/usr/share/snort/templates/ $(INSTALL_DIR) $(1)/etc/snort/{rules,lists,builtin_rules,so_rules} - $(INSTALL_CONF) \ - $(PKG_INSTALL_DIR)/usr/etc/snort/*.lua \ - $(1)/etc/snort - $(INSTALL_CONF) \ - $(PKG_INSTALL_DIR)/usr/etc/snort/file_magic.rules \ - $(1)/etc/snort + $(INSTALL_CONF) $(PKG_INSTALL_DIR)/usr/etc/snort/*.lua $(1)/etc/snort + $(INSTALL_CONF) $(PKG_INSTALL_DIR)/usr/etc/snort/file_magic.rules $(1)/etc/snort $(INSTALL_DIR) $(1)/etc/init.d - $(INSTALL_BIN) \ - ./files/snort.init \ - $(1)/etc/init.d/snort + $(INSTALL_BIN) ./files/snort.init $(1)/etc/init.d/snort $(INSTALL_DIR) $(1)/etc/config - $(INSTALL_CONF) \ - ./files/snort.config \ - $(1)/etc/config/snort + $(INSTALL_CONF) ./files/snort.config $(1)/etc/config/snort sed \ -i \ diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile index 672f1a809a9100..2a232f13b64934 100644 --- a/net/strongswan/Makefile +++ b/net/strongswan/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=strongswan PKG_VERSION:=5.9.14 -PKG_RELEASE:=7 +PKG_RELEASE:=8 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/ @@ -111,6 +111,7 @@ PKG_CONFIG_DEPENDS:= \ PKG_FIXUP:=autoreconf PKG_INSTALL:=1 PKG_BUILD_PARALLEL:=1 +PKG_BUILD_DEPENDS:=python3/host include $(INCLUDE_DIR)/package.mk # strongswan-mod-mysql needs iconv @@ -462,6 +463,10 @@ define BuildPlugin $(call Plugin/$(1)/install,$$(1)) endef + define Package/strongswan-mod-$(1)/conffiles +/etc/strongswan.d/charon/$(1).conf +endef + $$(eval $$(call BuildPackage,strongswan-mod-$(1))) endef @@ -473,6 +478,7 @@ CONFIGURE_ARGS+= \ --enable-mgf1 \ --enable-mediation \ --with-systemdsystemunitdir=no \ + PYTHON="python3" \ $(if $(CONFIG_PACKAGE_strongswan-charon-cmd),--enable-cmd,--disable-cmd) \ $(if $(CONFIG_PACKAGE_strongswan-pki),--enable-pki,--disable-pki) \ --with-random-device=/dev/random \ @@ -525,6 +531,11 @@ define Package/strongswan-charon/install $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libcharon.so.* $(1)/usr/lib/ipsec/ endef +define Package/strongswan-charon/conffiles +/etc/strongswan.d/charon.conf +/etc/strongswan.d/charon-logging.conf +endef + define Package/strongswan-charon-cmd/install $(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/charon-cmd $(1)/usr/sbin/ @@ -736,7 +747,7 @@ $(eval $(call BuildPlugin,sqlite,SQLite database interface,+strongswan-mod-sql + $(eval $(call BuildPlugin,sshkey,SSH key decoding,)) $(eval $(call BuildPlugin,stroke,Stroke,+strongswan-charon +strongswan-ipsec)) $(eval $(call BuildPlugin,test-vectors,crypto test vectors,)) -$(eval $(call BuildPlugin,uci,UCI config interface,+PACKAGE_strongswan-mod-uci:libuci)) +$(eval $(call BuildPlugin,uci,UCI config interface,+PACKAGE_strongswan-mod-uci:libuci @BROKEN)) $(eval $(call BuildPlugin,unity,Cisco Unity extension,)) $(eval $(call BuildPlugin,updown,updown firewall,+iptables +IPV6:ip6tables +iptables-mod-ipsec +kmod-ipt-ipsec)) $(eval $(call BuildPlugin,vici,Versatile IKE Configuration Interface,)) diff --git a/net/subversion/Makefile b/net/subversion/Makefile index 944a32eba337ae..33f5f5aa6f175e 100644 --- a/net/subversion/Makefile +++ b/net/subversion/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=subversion -PKG_VERSION:=1.14.3 +PKG_VERSION:=1.14.5 PKG_RELEASE:=1 PKG_SOURCE_URL:=@APACHE/subversion PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 -PKG_HASH:=949efd451a09435f7e8573574c71c7b71b194d844890fa49cd61d2262ea1a440 +PKG_HASH:=e78a29e7766b8b7b354497d08f71a55641abc53675ce1875584781aae35644a1 PKG_MAINTAINER:=Aleksey Vasilenko PKG_LICENSE:=Apache-2.0 diff --git a/net/tor/Makefile b/net/tor/Makefile index 3952707ef0e436..b4a0fc8c457c39 100644 --- a/net/tor/Makefile +++ b/net/tor/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tor -PKG_VERSION:=0.4.8.12 +PKG_VERSION:=0.4.8.18 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://dist.torproject.org/ \ https://archive.torproject.org/tor-package-archive -PKG_HASH:=ca7cc735d98e3747b58f2f3cc14f804dd789fa0fb333a84dcb6bd70adbb8c874 +PKG_HASH:=4aea6c109d4eff4ea2bafb905a7e6b0a965d14fe856214b02fcd9046b4d93af8 PKG_MAINTAINER:=Hauke Mehrtens \ Peter Wagner PKG_LICENSE:=BSD-3-Clause @@ -114,6 +114,7 @@ endef define Package/tor/conffiles /etc/tor/torrc +/etc/tor/torrc.d/* /var/lib/tor/fingerprint /var/lib/tor/keys/* /etc/config/tor diff --git a/net/torsocks/Makefile b/net/torsocks/Makefile index b0bcbedb142183..cd49d44fe9f470 100644 --- a/net/torsocks/Makefile +++ b/net/torsocks/Makefile @@ -39,13 +39,6 @@ define Package/torsocks/description It ensures that DNS requests are handled safely and explicitly rejects any traffic other than TCP from the application you're using. endef -define Build/Configure - $(call Build/Configure/Default) -ifeq ($(CONFIG_USE_UCLIBC),y) - find $(PKG_BUILD_DIR) -name 'Makefile' -exec sed -i 's|--param ssp-buffer-size=1 -fstack-protector-all||' \{\} \+ -endif -endef - define Package/conffiles /etc/tor/torsocks.conf endef diff --git a/net/travelmate/Makefile b/net/travelmate/Makefile index dfaf419ef34eda..5fe39b42ef29a8 100644 --- a/net/travelmate/Makefile +++ b/net/travelmate/Makefile @@ -1,13 +1,13 @@ # -# Copyright (c) 2016-2024 Dirk Brenken (dev@brenken.org) +# Copyright (c) 2016-2025 Dirk Brenken (dev@brenken.org) # This is free software, licensed under the GNU General Public License v3. # include $(TOPDIR)/rules.mk PKG_NAME:=travelmate -PKG_VERSION:=2.1.3 -PKG_RELEASE:=3 +PKG_VERSION:=2.2.1 +PKG_RELEASE:=6 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken @@ -17,12 +17,12 @@ define Package/travelmate SECTION:=net CATEGORY:=Network TITLE:=A wlan connection manager for travel router - DEPENDS:=+iwinfo +jshn +jsonfilter +curl +ca-bundle +rpcd +rpcd-mod-rpcsys + DEPENDS:=+iw +ip +jshn +jsonfilter +curl +ca-bundle +rpcd +rpcd-mod-rpcsys PKGARCH:=all endef define Package/travelmate/description -A wlan connection manager for travel routers. +A wlan connection manager for travel router. Please see https://github.com/openwrt/packages/blob/master/net/travelmate/files/README.md for further information. endef diff --git a/net/travelmate/files/README.md b/net/travelmate/files/README.md index a279f4e1891c9e..b6f36ed830d185 100644 --- a/net/travelmate/files/README.md +++ b/net/travelmate/files/README.md @@ -24,29 +24,20 @@ automatically (re)connnects to configured APs/hotspots as they become available. ## Main Benefits and Features -* Easy setup from LuCI web interface - with **Interface Wizard** and **Wireless Station manager** -* Display a QR code to - transfer the wireless credentials to your mobile devices +* Easy setup from LuCI web interface with **Interface Wizard** and **Wireless Station manager** +* Display a QR code to transfer the wireless credentials to your mobile devices * Fast uplink connections * Supports routers with multiple radios in any order -* Supports all kinds of uplinks, including hidden and enterprise uplinks. - (WEP-based uplinks are no longer supported) -* Continuously checks the existing uplink quality, - e.g. for conditional uplink (dis)connections +* Supports all kinds of uplinks, including hidden and enterprise uplinks (WEP-based uplinks are no longer supported). +* Continuously checks the existing uplink quality, e.g. for conditional uplink (dis)connections * Automatically add open uplinks to your wireless config, e.g. hotel captive portals -* Captive portal detection with a - 'heartbeat' function to keep the uplink connection up and running -* Captive portal hook for auto-login configured via uci/LuCI. - Use an external script for - captive portal auto-logins (see example below) -* VPN hook supports 'wireguard' or 'openvpn' client - setups to handle VPN (re)connections automatically -* Email hook via 'msmtp' sends notification e-mails - after every successful uplink connect -* Proactively scan and switch to a higher priority uplink, - replacing an existing connection +* Captive portal detection with a 'heartbeat' function to keep the uplink connection up and running +* Captive portal hook for auto-login configured via uci/LuCI. Use an external script for captive portal auto-logins (see example below) +* VPN hook supports 'wireguard' or 'openvpn' client setups to handle VPN (re)connections automatically +* Email hook via 'msmtp' sends notification e-mails after every successful uplink connect +* Proactively scan and switch to a higher priority uplink, replacing an existing connection * Connection tracking logs start and end date of an uplink connection +* Check router subnet vs. uplink subnet, to show conflicts with router LAN network * Automatically disable the uplink after n minutes, e.g. for timed connections * Automatically (re)enable the uplink after n minutes, e.g. after failed login attempts * (Optional) Generate a random unicast MAC address for each uplink connection @@ -61,11 +52,11 @@ automatically (re)connnects to configured APs/hotspots as they become available. * [OpenWrt](https://openwrt.org), tested/compatible with current stable 23.x and latest OpenWrt snapshot * The `luci-app-travelmate` ensures these packages are present: * 'dnsmasq' as dns backend - * 'iwinfo' for wlan scanning + * 'iw' for wlan scanning * 'curl' for connection checking and all kinds of captive portal magic, e.g. cp detection and auto-logins * a 'wpad' variant to support various WPA encrypted networks - (WEP-based uplinks are no longer supported!)* optional: 'qrencode' for AP QR code support + (WEP-based uplinks are no longer supported!) * optional: 'wireguard' or 'openvpn' for vpn client connections * optional: 'msmtp' to send out Travelmate related status messages via email @@ -100,11 +91,15 @@ automatically (re)connnects to configured APs/hotspots as they become available. | trm_enabled | 0, disabled | set to 1 to enable the travelmate service (this will be done by the Interface Wizard as well!) | | trm_debug | 0, disabled | set to 1 to get the full debug output (logread -e "trm-") | | trm_iface | -, not set | uplink- and procd trigger network interface, configured by the 'Interface Wizard' | -| trm_radio | -, not set | restrict travelmate to a single radio or change the overall scanning order ('radio1 radio0') | +| trm_laniface | -, lan | logical LAN network interface, default is 'lan' | +| trm_radio | -, not set | restrict travelmate to certain radio(s) | +| trm_revradio | 0, disabled | change the radio processing order, e.g. 'radio1 radio0' | +| trm_scanmode | -, active | send active probe requests or passively listen for beacon frames with 'passive' | | trm_captive | 1, enabled | check the internet availability and handle captive portal redirections | | trm_netcheck | 0, disabled | treat missing internet availability as an error | -| trm_proactive | 1, enabled | proactively scan and switch to a higher prioritized uplink, despite of an already existing connection | +| trm_proactive | 0, disabled | proactively scan and switch to a higher prioritized uplink, despite of an already existing connection | | trm_autoadd | 0, disabled | automatically add open uplinks like hotel captive portals to your wireless config | +| trm_ssidfilter | -, not set | list of SSID patterns for filtering/skipping specific open uplinks, e.g. 'Chromecast*' | | trm_randomize | 0, disabled | generate a random unicast MAC address for each uplink connection | | trm_triggerdelay | 2 | additional trigger delay in seconds before travelmate processing begins | | trm_maxretry | 3 | retry limit to connect to an uplink | @@ -112,7 +107,7 @@ automatically (re)connnects to configured APs/hotspots as they become available. | trm_maxwait | 30 | how long should travelmate wait for a successful wlan uplink connection | | trm_timeout | 60 | overall retry timeout in seconds | | trm_maxautoadd | 5 | limit the max. number of automatically added open uplinks. To disable this limitation set it to '0' | -| trm_captiveurl | http://detectportal.firefox.com | pre-configured provider URLs that will be used for connectivity- and captive portal checks | +| trm_captiveurl | http://detectportal.firefox.com | custom/pre-configured provider URLs that will be used for connectivity- and captive portal checks | | trm_useragent | Mozilla/5.0 ... | pre-configured user agents that will be used for connectivity- and captive portal checks | | trm_nice | 0, normal priority | change the priority of the travelmate background processing | | trm_mail | 0, disabled | sends notification e-mails after every succesful uplink connect | @@ -120,6 +115,7 @@ automatically (re)connnects to configured APs/hotspots as they become available. | trm_mailsender | no-reply@travelmate | e-mail sender address for travelmate notifications | | trm_mailtopic | travelmate connection to '' | topic for travelmate notification E-Mails | | trm_mailprofile | trm_notify | profile used by 'msmtp' for travelmate notification E-Mails | +| trm_vpn | 0, disabled | VPN connections will be managed by travelmate | | trm_stdvpnservice | -, not set | standard vpn service which will be automatically added to new STA profiles | | trm_stdvpniface | -, not set | standard vpn interface which will be automatically added to new STA profiles | @@ -209,16 +205,16 @@ Hopefully more scripts for different captive portals will be provided by the com 

 root@2go:~# /etc/init.d/travelmate status
 ::: travelmate runtime information
-  + travelmate_status  : connected (net ok/51)
-  + travelmate_version : 2.1.1
-  + station_id         : radio0/403 Forbidden/00:0C:46:24:50:00
-  + station_mac        : 94:83:C4:24:0E:4F
-  + station_interfaces : trm_wwan, wg0
-  + wpa_flags          : sae: ✔, owe: ✔, eap: ✔, suiteb192: ✔
-  + run_flags          : captive: ✔, proactive: ✔, netcheck: ✘, autoadd: ✘, randomize: ✔
-  + ext_hooks          : ntp: ✔, vpn: ✔, mail: ✘
-  + last_run           : 2023.10.21-14:29:14
-  + system             : GL.iNet GL-A1300, OpenWrt SNAPSHOT r24187-bb8fd41f9a
+  + travelmate_status  : connected (net ok/96)
+  + travelmate_version : 2.2.1-r1
+  + station_id         : radio0/GlutenfreiVerbunden/-
+  + station_mac        : 1E:24:62:C3:2E:4B
+  + station_interfaces : trm_wwan, -
+  + station_subnet     : 10.168.20.0 (lan: 10.168.1.0)
+  + run_flags          : scan: passive, captive: ✔, proactive: ✔, netcheck: ✘, autoadd: ✘, randomize: ✔
+  + ext_hooks          : ntp: ✔, vpn: ✘, mail: ✘
+  + last_run           : 2025.10.18-21:03:41
+  + system             : Cudy TR3000 v1, mediatek/filogic, OpenWrt SNAPSHOT r31445-2a44808374
To debug travelmate runtime problems, please always enable the 'trm\_debug' flag, restart Travelmate and check the system log afterwards (_logread -e "trm-"_) diff --git a/net/travelmate/files/telekom.login b/net/travelmate/files/telekom.login index 2cef0e82e7ff63..8c37b3b3676318 100755 --- a/net/travelmate/files/telekom.login +++ b/net/travelmate/files/telekom.login @@ -1,10 +1,10 @@ #!/bin/sh # captive portal auto-login script for telekom hotspots (DE) -# Copyright (c) 2021-2022 Dirk Brenken (dev@brenken.org) +# Copyright (c) 2021-2025 Dirk Brenken (dev@brenken.org) # This is free software, licensed under the GNU General Public License v3. # set (s)hellcheck exceptions -# shellcheck disable=1091,3040,3043,3057 +# shellcheck disable=all . "/lib/functions.sh" @@ -36,7 +36,7 @@ export PATH="/usr/sbin:/usr/bin:/sbin:/bin" username="$(urlencode "${1}")" password="$(urlencode "${2}")" -trm_domain="telekom.portal.fon.com" +trm_domain="hotspot.t-mobile.net" trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0")" trm_captiveurl="$(uci_get travelmate global trm_captiveurl "http://detectportal.firefox.com")" trm_maxwait="$(uci_get travelmate global trm_maxwait "30")" @@ -50,6 +50,6 @@ redirect_url="$(printf "%s" "${raw_html}" | awk 'match(tolower($0),/.* # final login request # -raw_html="$("${trm_fetch}" --user-agent "${trm_useragent}" --referer "https://${trm_domain}" --connect-timeout $((trm_maxwait / 6)) --header "content-type: application/x-www-form-urlencoded" --location --silent --show-error --data "UserName=${username}&Password=${password}&FNAME=0&button=Login&OriginatingServer=http%3A%2F%2F${trm_captiveurl}" "${redirect_url}")" +raw_html="$("${trm_fetch}" --user-agent "${trm_useragent}" --referer "https://${trm_domain}/wlan/rest/freeLogin" --connect-timeout $((trm_maxwait / 6)) --header "content-type: application/x-www-form-urlencoded" --location --silent --show-error --data "UserName=${username}&Password=${password}&FNAME=0&button=Login&OriginatingServer=http%3A%2F%2F${trm_captiveurl}" "${redirect_url}")" login_url="$(printf "%s" "${raw_html}" | awk 'match(tolower($0),/.*<\/logoffurl>/){printf "%s",substr($0,RSTART+11,RLENGTH-23)}' 2>/dev/null)" [ -n "${login_url}" ] && exit 0 || exit 255 diff --git a/net/travelmate/files/travelmate.conf b/net/travelmate/files/travelmate.conf index 6e72ca381d7604..171122f0693328 100644 --- a/net/travelmate/files/travelmate.conf +++ b/net/travelmate/files/travelmate.conf @@ -2,7 +2,7 @@ config travelmate 'global' option trm_enabled '0' option trm_captive '1' - option trm_proactive '1' + option trm_proactive '0' option trm_netcheck '0' option trm_autoadd '0' option trm_mail '0' diff --git a/net/travelmate/files/travelmate.init b/net/travelmate/files/travelmate.init index 37b301950a7459..d245dcb48a1f4e 100755 --- a/net/travelmate/files/travelmate.init +++ b/net/travelmate/files/travelmate.init @@ -1,5 +1,5 @@ #!/bin/sh /etc/rc.common -# Copyright (c) 2016-2024 Dirk Brenken (dev@brenken.org) +# Copyright (c) 2016-2025 Dirk Brenken (dev@brenken.org) # This is free software, licensed under the GNU General Public License v3. # set (s)hellcheck exceptions @@ -9,7 +9,6 @@ START=25 USE_PROCD=1 extra_command "scan" "[|] Scan for available nearby uplinks" -extra_command "assoc" "[|] Get MAC adresses of associated wlan stations" extra_command "setup" "[] [] [] Setup the travelmate uplink interface, by default 'trm_wwan' with firewall zone 'wan' and metric '100'" trm_init="/etc/init.d/travelmate" @@ -34,7 +33,7 @@ start_service() { procd_set_param pidfile "${trm_pidfile}" procd_set_param nice "$(uci_get travelmate global trm_nice "0")" procd_set_param stdout 0 - procd_set_param stderr 0 + procd_set_param stderr 1 procd_close_instance fi } @@ -77,25 +76,34 @@ status_service() { } scan() { - local result radio="${1}" - - : > "${trm_scanfile}" - if [ -z "${radio}" ]; then - radio="$(ubus -S call network.wireless status 2>/dev/null | jsonfilter -q -l1 -e '@[@.up=true].interfaces[0].ifname')" + local result scan_dev scan_mode radio_num radio_phy radio="${1:-"radio0"}" + + radio_num="${radio//[a-z]/}" + radio_phy="phy${radio_num}" + scan_mode="$(uci_get travelmate global trm_scanmode "active")" + [ "${scan_mode}" != "passive" ] && scan_mode="" + + scan_dev="$(iw dev | awk -v phy="${radio_phy}" '/Interface/{iface=$2} /type/{if(($2=="AP"||$2=="managed")&&iface ~ "^"phy"-"){printf"%s",iface;exit}}')" + if [ -z "${scan_dev}" ]; then + iw phy "${radio_phy}" interface add "trmscan${radio_num}" type managed >/dev/null 2>&1 + ip link set "trmscan${radio_num}" up >/dev/null 2>&1 + scan_dev="trmscan${radio_num}" fi - result="$(iwinfo "${radio}" scan 2>/dev/null | - awk 'BEGIN{FS="[[:space:]]"}/Address:/{var1=$NF}/ESSID:/{var2=""; - for(i=12;i<=NF;i++)if(var2==""){var2=$i}else{var2=var2" "$i}}/Channel:/{var3=$NF}/Quality:/{split($NF,var0,"/")}/Encryption:/{var4=""; - for(j=12;j<=NF;j++)if(var4==""){var4=$j}else{var4=var4" "$j};printf " %-11i%-10s%-35s%-20s%s\n",(var0[1]*100/var0[2]),var3,var2,var1,var4}' | - sort -rn)" - printf "::: %s\n:::\n" "Available nearby uplinks on '${radio}'" - if [ -n "${result}" ]; then - printf "%s\n" "${result}" > "${trm_scanfile}" - printf "%-15s%-10s%-35s%-20s%s\n" " Strength" "Channel" "ESSID" "BSSID" "Encryption" - printf "%s\n" " --------------------------------------------------------------------------------------" - printf "%s\n" "${result}" - else - printf "%s\n" "::: Empty resultset" + result="$(iw dev "${scan_dev}" scan ${scan_mode} 2>/dev/null | + awk '/^BSS /{if(bssid!=""){printf "%3s %3s %17s %s %s %10s %30s %s\n",signal,channel,bssid,rsn,wpa,cipher,auth,ssid};signal="";channel="";rsn="-";wpa="-";cipher="-";auth="-";ssid="";bssid=toupper(substr($2,1,17))} + /signal:/{signal=(2*($2+100)>100 ? 100 : 2*($2+100))} + /SSID:/{$1="";sub(/^ /,"",$0);ssid=$0} + /freq:/{channel=int($2);if(channel>=2400&&channel<=2500)channel=int((channel-2407)/5);else if(channel>=4900&&channel<=5900)channel=int((channel-5000)/5);else if(channel>=5925&&channel<=7125)channel=int(((channel-5950)/5)+1)} + /WPA:/{wpa="+"} + /RSN:/{rsn="+"} + /Group cipher:/{cipher=$4} + /Authentication suites:/{auth="";for(i=4;i<=NF;i++){auth=auth (i==4?"":",")$i}} + END{if(bssid!=""){printf "%3s %3s %17s %s %s %10s %30s %s\n",signal,channel,bssid,rsn,wpa,cipher,auth,ssid}}' | sort -rn)" + [ -n "${result}" ] && printf "%b\n" "${result}" > "${trm_scanfile}" || : > "${trm_scanfile}" + + if [ "${scan_dev}" = "trmscan${radio_num}" ]; then + ip link set "trmscan${radio_num}" down >/dev/null 2>&1 + iw dev "trmscan${radio_num}" del >/dev/null 2>&1 fi } @@ -108,7 +116,7 @@ setup() { metric="${metric//[^0-9]/}" if [ -n "${iface}" ] && [ "${iface}" = "${input}" ]; then - printf "%s\n" "The uplink interface '${input}' has been already configured" + return 1 elif [ -n "${input}" ]; then if [ -n "${iface}" ]; then uci -q batch <<-EOC @@ -163,24 +171,6 @@ setup() { fi } -assoc() { - local result radio="${1}" - - if [ -z "${radio}" ]; then - radio="$(ubus -S call network.wireless status 2>/dev/null | jsonfilter -q -l1 -e '@[@.*.*.config.mode="ap"].interfaces[0].ifname')" - fi - result="$(iwinfo "${radio}" assoc 2>/dev/null | awk '/^[A-Z0-9:]+/{printf " %s\n",$1}')" - printf "%s\n" "::: Associated wlan stations on '${radio}'" - printf "%s\n" ":::" - if [ -n "${result}" ]; then - printf "%s\n" " MAC addresses" - printf "%s\n" " -----------------" - printf "%s\n" "${result}" - else - printf "%s\n" "::: Empty resultset" - fi -} - service_triggers() { local iface delay diff --git a/net/travelmate/files/travelmate.sh b/net/travelmate/files/travelmate.sh index 442918d6b8d7e6..70504b31d29df3 100755 --- a/net/travelmate/files/travelmate.sh +++ b/net/travelmate/files/travelmate.sh @@ -1,6 +1,6 @@ #!/bin/sh # travelmate, a wlan connection manager for travel router -# Copyright (c) 2016-2024 Dirk Brenken (dev@brenken.org) +# Copyright (c) 2016-2025 Dirk Brenken (dev@brenken.org) # This is free software, licensed under the GNU General Public License v3. # set (s)hellcheck exceptions @@ -12,8 +12,9 @@ export PATH="/usr/sbin:/usr/bin:/sbin:/bin" trm_enabled="0" trm_debug="0" trm_iface="" +trm_laniface="" trm_captive="1" -trm_proactive="1" +trm_proactive="0" trm_vpn="0" trm_netcheck="0" trm_autoadd="0" @@ -27,8 +28,10 @@ trm_maxwait="30" trm_maxautoadd="5" trm_timeout="60" trm_radio="" +trm_revradio="0" +trm_scanmode="active" trm_connection="" -trm_wpaflags="" +trm_ssidfilter="" trm_ovpninfolist="" trm_vpnifacelist="" trm_vpninfolist="" @@ -36,7 +39,7 @@ trm_stdvpnservice="" trm_stdvpniface="" trm_rtfile="/tmp/trm_runtime.json" trm_captiveurl="http://detectportal.firefox.com" -trm_useragent="Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/118.0" +trm_useragent="Mozilla/5.0 (X11; Linux x86_64; rv:144.0) Gecko/20100101 Firefox/144.0" trm_ntpfile="/var/state/travelmate.ntp" trm_vpnfile="/var/state/travelmate.vpn" trm_mailfile="/var/state/travelmate.mail" @@ -68,13 +71,11 @@ f_cmd() { # load travelmate environment # f_env() { - local check wpa_checks result - if [ "${trm_action}" = "stop" ]; then return fi - unset trm_stalist trm_radiolist trm_uplinklist trm_vpnifacelist trm_uplinkcfg trm_activesta trm_opensta + unset trm_stalist trm_radiolist trm_uplinklist trm_vpnifacelist trm_uplinkcfg trm_activesta trm_opensta trm_ssidfilter trm_sysver="$("${trm_ubuscmd}" -S call system board 2>/dev/null | "${trm_jsoncmd}" -ql1 -e '@.model' -e '@.release.target' -e '@.release.distribution' -e '@.release.version' -e '@.release.revision' | "${trm_awkcmd}" 'BEGIN{RS="";FS="\n"}{printf "%s, %s, %s %s %s %s",$1,$2,$3,$4,$5,$6}')" @@ -91,6 +92,8 @@ f_env() { local option="${1}" value="${2//\"/\\\"}" if [ "${option}" = "trm_vpnifacelist" ] && ! printf "%s" "${trm_vpnifacelist}" | "${trm_grepcmd}" -q "${value}"; then eval "trm_vpnifacelist=\"$(printf "%s" "${trm_vpnifacelist}") ${value}\"" + elif [ "${option}" = "trm_ssidfilter" ] && ! printf "%s" "${trm_ssidfilter}" | "${trm_grepcmd}" -q "${value}"; then + eval "trm_ssidfilter=\"$(printf "%s" "${trm_ssidfilter}") ${value}\"" fi } elif [ "${name}" = "uplink" ]; then @@ -116,20 +119,6 @@ f_env() { /etc/init.d/travelmate stop fi - if [ -z "${trm_wpaflags}" ]; then - wpa_checks="sae owe eap suiteb192" - for check in ${wpa_checks}; do - if [ -x "${trm_wpacmd}" ]; then - if "${trm_wpacmd}" -v"${check}" >/dev/null 2>&1; then - result="$(f_trim "${result} ${check}: $(f_char 1)")" - else - result="$(f_trim "${result} ${check}: $(f_char 0)")" - fi - fi - done - trm_wpaflags="$(printf "%s" "${result}" | "${trm_awkcmd}" '{printf "%s %s, %s %s, %s %s, %s %s",$1,$2,$3,$4,$5,$6,$7,$8}')" - fi - config_load wireless config_foreach f_setdev "wifi-device" if [ -n "$(uci -q changes "wireless")" ]; then @@ -148,7 +137,7 @@ f_env() { config_load network config_foreach f_getvpn "interface" fi - f_log "debug" "f_env ::: auto_sta: ${trm_opensta:-"-"}, wpa_flags: ${trm_wpaflags}, sys_ver: ${trm_sysver}" + f_log "debug" "f_env ::: fetch: ${trm_fetchcmd}, sys_ver: ${trm_sysver}" } # trim helper function @@ -181,7 +170,7 @@ f_wifi() { "${trm_wificmd}" reload for radio in ${trm_radiolist}; do - while true; do + while :; do if [ "${timeout}" -ge "${trm_maxwait}" ]; then break 2 fi @@ -203,13 +192,13 @@ f_wifi() { sleep "$((trm_maxwait / 6))" timeout="$((timeout + (trm_maxwait / 6)))" fi - f_log "debug" "f_wifi ::: radio_list: ${trm_radiolist}, radio: ${radio}, timeout: ${timeout}" + f_log "debug" "f_wifi ::: radio_list: ${trm_radiolist}, ssid_filter: ${trm_ssidfilter:-"-"}, radio: ${radio}, timeout: ${timeout}" } # vpn helper function # f_vpn() { - local rc result info iface vpn vpn_service vpn_iface vpn_instance vpn_status vpn_action="${1}" + local rc info iface vpn vpn_service vpn_iface vpn_instance vpn_status vpn_action="${1}" if [ "${trm_vpn}" = "1" ] && [ -n "${trm_vpninfolist}" ]; then vpn="$(f_getval "vpn")" @@ -232,23 +221,24 @@ f_vpn() { fi done rm -f "${trm_vpnfile}" + sleep 1 elif [ "${vpn}" = "1" ] && [ -n "${vpn_iface}" ] && [ "${vpn_action}" = "enable_keep" ]; then for info in ${trm_vpninfolist}; do iface="${info%%&&*}" + [ "${iface}" = "${info}" ] && vpn_instance="" || vpn_instance="${info##*&&}" vpn_status="$(ifstatus "${iface}" | "${trm_jsoncmd}" -ql1 -e '@.up')" if [ "${vpn_status}" = "true" ] && [ "${iface}" != "${vpn_iface}" ]; then /sbin/ifdown "${iface}" f_log "info" "take down vpn interface '${iface}' (switch)" - rc="1" - fi - [ "${iface}" = "${info}" ] && vpn_instance="" || vpn_instance="${info##*&&}" - if [ -x "/etc/init.d/openvpn" ] && [ -n "${vpn_instance}" ] && /etc/init.d/openvpn running "${vpn_instance}"; then - /etc/init.d/openvpn stop "${vpn_instance}" - f_log "info" "take down openvpn instance '${vpn_instance}' (switch)" + if [ -x "/etc/init.d/openvpn" ] && [ -n "${vpn_instance}" ] && /etc/init.d/openvpn running "${vpn_instance}"; then + /etc/init.d/openvpn stop "${vpn_instance}" + f_log "info" "take down openvpn instance '${vpn_instance}' (switch)" + fi rc="1" fi if [ "${rc}" = "1" ]; then rm -f "${trm_vpnfile}" + sleep 1 break fi done @@ -265,7 +255,6 @@ f_vpn() { break fi done - f_log "debug" "f_vpn ::: vpn: ${vpn:-"0"}, action: ${vpn_action}, service: ${vpn_service}, iface: ${vpn_iface}, instance: ${vpn_instance}" "${trm_vpnpgm}" "${vpn:-"0"}" "${vpn_action}" "${vpn_service}" "${vpn_iface}" "${vpn_instance}" >/dev/null 2>&1 rc="${?}" fi @@ -273,7 +262,7 @@ f_vpn() { [ -n "${rc}" ] && f_jsnup fi fi - f_log "debug" "f_vpn ::: vpn: ${trm_vpn:-"-"}, enabled: ${vpn:-"-"}, action: ${vpn_action}, vpn_service: ${vpn_service:-"-"}, vpn_iface: ${vpn_iface:-"-"}, vpn_instance: ${vpn_instance:-"-"}, vpn_infolist: ${trm_vpninfolist:-"-"}, result: ${result}, rc: ${rc:-"-"}" + f_log "debug" "f_vpn ::: vpn: ${trm_vpn:-"-"}, enabled: ${vpn:-"-"}, action: ${vpn_action}, vpn_service: ${vpn_service:-"-"}, vpn_iface: ${vpn_iface:-"-"}, vpn_instance: ${vpn_instance:-"-"}, vpn_infolist: ${trm_vpninfolist:-"-"}, connection: ${trm_connection%%/*}, rc: ${rc:-"-"}" } # mac helper function @@ -294,13 +283,13 @@ f_mac() { else uci_remove "wireless" "${section}" "macaddr" 2>/dev/null ifname="$("${trm_ubuscmd}" -S call network.wireless status 2>/dev/null | "${trm_jsoncmd}" -ql1 -e '@.*.interfaces[@.config.mode="sta"].ifname')" - result="$("${trm_iwinfocmd}" "${ifname}" info 2>/dev/null | "${trm_awkcmd}" '/Access Point:/{printf "%s",$3}')" + result="$("${trm_iwcmd}" dev "${ifname}" info 2>/dev/null | "${trm_awkcmd}" '/addr /{printf "%s",toupper($2)}')" fi elif [ "${action}" = "get" ]; then result="$(uci_get "wireless" "${section}" "macaddr")" if [ -z "${result}" ]; then ifname="$("${trm_ubuscmd}" -S call network.wireless status 2>/dev/null | "${trm_jsoncmd}" -ql1 -e '@.*.interfaces[@.config.mode="sta"].ifname')" - result="$("${trm_iwinfocmd}" "${ifname}" info 2>/dev/null | "${trm_awkcmd}" '/Access Point:/{printf "%s",$3}')" + result="$("${trm_iwcmd}" dev "${ifname}" info 2>/dev/null | "${trm_awkcmd}" '/addr /{printf "%s",toupper($2)}')" fi fi printf "%s" "${result}" @@ -362,7 +351,7 @@ f_ctrack() { fi fi fi - f_log "debug" "f_ctrack ::: action: ${action:-"-"}, uplink_config: ${trm_uplinkcfg:-"-"}" + f_log "debug" "f_ctrack ::: uplink_config: ${trm_uplinkcfg:-"-"}, action: ${action:-"-"}" } # get openvpn information @@ -465,7 +454,7 @@ f_getcfg() { fi cnt="$((cnt + 1))" done - f_log "debug" "f_getcfg ::: status: ${status}, section: ${section}, uplink_config: ${trm_uplinkcfg:-"-"}" + f_log "debug" "f_getcfg ::: uplink_config: ${trm_uplinkcfg:-"-"}" } # get travelmate option value in 'uplink' sections @@ -477,7 +466,7 @@ f_getval() { result="$(uci_get "travelmate" "${trm_uplinkcfg}" "${t_option}")" printf "%s" "${result}" fi - f_log "debug" "f_getval ::: option: ${t_option:-"-"}, result: ${result:-"-"}, uplink_config: ${trm_uplinkcfg:-"-"}" + f_log "debug" "f_getval ::: uplink_config: ${trm_uplinkcfg:-"-"}, option: ${t_option:-"-"}, result: ${result:-"-"}" } # set 'wifi-device' sections @@ -485,25 +474,31 @@ f_getval() { f_setdev() { local disabled radio="${1}" - disabled="$(uci_get "wireless" "${radio}" "disabled")" - if [ "${disabled}" = "1" ]; then - uci_set wireless "${radio}" "disabled" "0" - fi - if [ -n "${trm_radio}" ] && [ -z "${trm_radiolist}" ]; then - trm_radiolist="${trm_radio}" - elif [ -z "${trm_radio}" ] && ! printf "%s" "${trm_radiolist}" | "${trm_grepcmd}" -q "${radio}"; then - trm_radiolist="$(f_trim "${trm_radiolist} ${radio}")" + if { [ -z "${trm_radio}" ] && ! printf "%s" "${trm_radiolist}" | "${trm_grepcmd}" -q "${radio}"; } || + { [ -n "${trm_radio}" ] && printf "%s" "${trm_radio}" | "${trm_grepcmd}" -q "${radio}"; }; then + if [ "${trm_revradio}" = "1" ]; then + trm_radiolist="$(f_trim "${radio} ${trm_radiolist}")" + else + trm_radiolist="$(f_trim "${trm_radiolist} ${radio}")" + fi + disabled="$(uci_get "wireless" "${radio}" "disabled")" + if [ "${disabled}" = "1" ]; then + uci_set wireless "${radio}" "disabled" "0" + fi fi - f_log "debug" "f_setdev ::: radio: ${radio:-"-"}, radio_list(cnf/cur): ${trm_radio:-"-"}/${trm_radiolist:-"-"}, disabled: ${disabled:-"-"}" + f_log "debug" "f_setdev ::: device: ${radio:-"-"}, radio: ${trm_radio:-"-"}, radio_list: ${trm_radiolist:-"-"}, disabled: ${disabled:-"-"}" } # set 'wifi-iface' sections # f_setif() { - local mode radio essid bssid enabled disabled con_start con_end con_start_expiry con_end_expiry section="${1}" proactive="${2}" + local mode radio essid bssid enabled disabled d1 d2 d3 con_start con_end con_start_expiry con_end_expiry section="${1}" proactive="${2}" - mode="$(uci_get "wireless" "${section}" "mode")" radio="$(uci_get "wireless" "${section}" "device")" + if ! printf "%s" "${trm_radiolist}" | "${trm_grepcmd}" -q "${radio}"; then + return + fi + mode="$(uci_get "wireless" "${section}" "mode")" essid="$(uci_get "wireless" "${section}" "ssid")" bssid="$(uci_get "wireless" "${section}" "bssid")" disabled="$(uci_get "wireless" "${section}" "disabled")" @@ -549,14 +544,39 @@ f_setif() { trm_stalist="$(f_trim "${trm_stalist} ${section}-${radio}")" fi fi - f_log "debug" "f_setif ::: enabled: ${enabled}, section: ${section}, active_sta: ${trm_activesta:-"-"}, uplink_config: ${trm_uplinkcfg:-"-"}" + f_log "debug" "f_setif ::: uplink_config: ${trm_uplinkcfg:-"-"}, section: ${section}, enabled: ${enabled}, active_sta: ${trm_activesta:-"-"}" +} + +# check router/uplink subnet +# +f_subnet() { + local lan lan_net wan wan_net + + network_flush_cache + network_get_subnet wan "${trm_iface:-"trm_wwan"}" + [ -n "${wan}" ] && wan_net="$("${trm_ipcalccmd}" "${wan}" | "${trm_awkcmd}" 'BEGIN{FS="="}/NETWORK/{printf "%s",$2}')" + network_get_subnet lan "${trm_laniface:-"lan"}" + [ -n "${lan}" ] && lan_net="$("${trm_ipcalccmd}" "${lan}" | "${trm_awkcmd}" 'BEGIN{FS="="}/NETWORK/{printf "%s",$2}')" + if [ -n "${lan_net}" ] && [ -n "${wan_net}" ] && [ "${lan_net}" = "${wan_net}" ]; then + f_log "info" "uplink network '${wan_net}' conflicts with router LAN network, please adjust your network settings" + fi + printf "%s" "${wan_net:-"-"} (lan: ${lan_net:-"-"})" + f_log "debug" "f_subnet ::: lan_net: ${lan_net:-"-"}, wan_net: ${wan_net:-"-"}" } # add open uplinks # f_addsta() { - local wifi_cfg trm_cfg new_uplink="1" offset="1" radio="${1}" essid="${2}" + local pattern wifi_cfg trm_cfg new_uplink="1" offset="1" radio="${1}" essid="${2}" + for pattern in ${trm_ssidfilter}; do + case "${essid}" in + ${pattern}) + f_log "info" "open uplink filtered out '${radio}/${essid}/${pattern}'" + return 0 + ;; + esac + done if [ "${trm_maxautoadd}" = "0" ] || [ "${trm_opensta:-0}" -lt "${trm_maxautoadd}" ]; then config_cb() { local type="${1}" name="${2}" @@ -607,8 +627,8 @@ f_addsta() { EOC fi trm_opensta="$((trm_opensta + 1))" - uci_commit "travelmate" - uci_commit "wireless" + [ -n "$(uci -q changes "travelmate")" ] && uci_commit "travelmate" + [ -n "$(uci -q changes "wireless")" ] && uci_commit "wireless" f_wifi if [ ! -f "${trm_refreshfile}" ]; then printf "%s" "ui_reload" >"${trm_refreshfile}" @@ -624,7 +644,7 @@ f_addsta() { f_net() { local err_msg raw json_raw html_raw html_cp js_cp json_ec json_rc json_cp json_ed result="net nok" - raw="$("${trm_fetchcmd}" --user-agent "${trm_useragent}" --referer "http://www.example.com" --header "Cache-Control: no-cache, no-store, must-revalidate, max-age=0" --write-out "%{json}" --silent --max-time $((trm_maxwait / 6)) "${trm_captiveurl}")" + raw="$("${trm_fetchcmd}" --user-agent "${trm_useragent}" --referer "http://www.example.com" --header "Cache-Control: no-cache, no-store, must-revalidate, max-age=0" --write-out "%{json}" --silent --retry $((trm_maxwait / 6)) --max-time $((trm_maxwait / 6)) "${trm_captiveurl}")" json_raw="${raw#*\{}" html_raw="${raw%%\{*}" if [ -n "${json_raw}" ]; then @@ -658,7 +678,7 @@ f_net() { fi fi printf "%s" "${result}" - f_log "debug" "f_net ::: fetch: ${trm_fetchcmd}, timeout: $((trm_maxwait / 6)), cp (json/html/js): ${json_cp:-"-"}/${html_cp:-"-"}/${js_cp:-"-"}, result: ${result}, error (rc/msg): ${json_ec}/${err_msg:-"-"}, url: ${trm_captiveurl}" + f_log "debug" "f_net ::: timeout: $((trm_maxwait / 6)), cp (json/html/js): ${json_cp:-"-"}/${html_cp:-"-"}/${js_cp:-"-"}, result: ${result}, error (rc/msg): ${json_ec}/${err_msg:-"-"}, url: ${trm_captiveurl}" } # check interface status @@ -686,6 +706,10 @@ f_check() { if [ "${mode}" = "sta" ]; then "${trm_ubuscmd}" -S call network.interface."${trm_iface}" down >/dev/null 2>&1 "${trm_ubuscmd}" -S call network.interface."${trm_iface}" up >/dev/null 2>&1 + if ! "${trm_ubuscmd}" -t "$((trm_maxwait / 6))" wait_for network.interface."${trm_iface}" >/dev/null 2>&1; then + f_log "info" "travelmate interface '${trm_iface}' does not appear on ubus on ifup event" + fi + sleep 1 fi while [ "${wait_time}" -le "${trm_maxwait}" ]; do @@ -699,23 +723,27 @@ f_check() { f_jsnup fi if [ "${status}" = "false" ]; then - sleep "$((trm_maxwait / 5))" + sleep "$((trm_maxwait / 6))" fi break elif [ "${mode}" = "rev" ]; then - unset trm_connection + trm_connection="" trm_ifstatus="${status}" break else ifname="$(printf "%s" "${dev_status}" | "${trm_jsoncmd}" -ql1 -e '@.*.interfaces[@.config.mode="sta"].ifname')" if [ -n "${ifname}" ] && [ "${enabled}" = "1" ]; then - trm_ifquality="$("${trm_iwinfocmd}" "${ifname}" info 2>/dev/null | "${trm_awkcmd}" -F '[ ]' '/Link Quality: [0-9]+\/[0-9]+/{split($NF,var0,"/");printf "%i\n",(var0[1]*100/var0[2])}')" + trm_ifquality="$("${trm_iwcmd}" dev "${ifname}" link 2>/dev/null | "${trm_awkcmd}" '/signal:/ {val=2*($2+100); printf "%s", (val>100 ? 100 : val)}')" if [ -z "${trm_ifquality}" ]; then trm_ifstatus="$("${trm_ubuscmd}" -S call network.interface dump 2>/dev/null | "${trm_jsoncmd}" -ql1 -e "@.interface[@.device=\"${ifname}\"].up")" if { [ -n "${trm_connection}" ] && [ "${trm_ifstatus}" = "false" ]; } || [ "${wait_time}" -eq "${trm_maxwait}" ]; then - f_log "info" "no signal from uplink" + if [ -n "${trm_connection}" ] && [ "${trm_ifstatus}" = "false" ]; then + f_log "info" "no signal from uplink" + else + f_log "info" "uplink connection could not be established after ${trm_maxwait} seconds" + fi f_vpn "disable" - unset trm_connection + trm_connection="" trm_ifstatus="${status}" f_ctrack "end" f_jsnup @@ -727,12 +755,12 @@ f_check() { if [ "${trm_ifstatus}" = "true" ]; then result="$(f_net)" if [ "${trm_captive}" = "1" ]; then - while true; do + while :; do cp_domain="$(printf "%s" "${result}" | "${trm_awkcmd}" -F '['\''| ]' '/^net cp/{printf "%s",$4}')" if [ -x "/etc/init.d/dnsmasq" ] && [ -f "/etc/config/dhcp" ] && [ -n "${cp_domain}" ] && ! uci_get "dhcp" "@dnsmasq[0]" "rebind_domain" | "${trm_grepcmd}" -q "${cp_domain}"; then uci_add_list "dhcp" "@dnsmasq[0]" "rebind_domain" "${cp_domain}" - uci_commit "dhcp" + [ -n "$(uci -q changes "dhcp")" ] && uci_commit "dhcp" /etc/init.d/dnsmasq reload f_log "info" "captive portal domain '${cp_domain}' added to to dhcp rebind whitelist" else @@ -771,20 +799,20 @@ f_check() { elif [ -n "${trm_connection}" ] && { [ "${trm_netcheck}" = "1" ] || [ "${mode}" = "initial" ]; }; then f_log "info" "uplink is out of range (${trm_ifquality}/${trm_minquality})" f_vpn "disable" - unset trm_connection + trm_connection="" trm_ifstatus="${status}" f_ctrack "end" f_jsnup break elif [ "${mode}" = "initial" ] || [ "${mode}" = "sta" ]; then - unset trm_connection + trm_connection="" trm_ifstatus="${status}" f_jsnup break fi elif [ -n "${trm_connection}" ]; then f_vpn "disable" - unset trm_connection + trm_connection="" trm_ifstatus="${status}" f_jsnup break @@ -801,7 +829,7 @@ f_check() { break fi done - f_log "debug" "f_check ::: mode: ${mode}, name: ${ifname:-"-"}, status: ${trm_ifstatus}, enabled: ${enabled}, connection: ${trm_connection:-"-"}, wait: ${wait_time}, max_wait: ${trm_maxwait}, min_quality: ${trm_minquality}, captive: ${trm_captive}, netcheck: ${trm_netcheck}" + f_log "debug" "f_check ::: mode: ${mode}, name: ${ifname:-"-"}, status: ${trm_ifstatus}, enabled: ${enabled}, connection: ${trm_connection:-"-"}, wait: ${wait_time}, max_wait: ${trm_maxwait}, min_quality/quality: ${trm_minquality}/${trm_ifquality:-"-"}, captive: ${trm_captive}, netcheck: ${trm_netcheck}" } # update runtime information @@ -829,10 +857,10 @@ f_jsnup() { vpn_done="1" fi elif [ "${status}" = "error" ]; then - unset trm_connection + trm_connection="" status="program error" else - unset trm_connection + trm_connection="" status="running (not connected)" fi if [ -z "${last_date}" ]; then @@ -849,8 +877,8 @@ f_jsnup() { json_add_string "station_id" "${sta_radio:-"-"}/${sta_essid:-"-"}/${sta_bssid:-"-"}" json_add_string "station_mac" "${sta_mac:-"-"}" json_add_string "station_interfaces" "${sta_iface:-"-"}, ${vpn_iface:-"-"}" - json_add_string "wpa_flags" "${trm_wpaflags:-"-"}" - json_add_string "run_flags" "captive: $(f_char ${trm_captive}), proactive: $(f_char ${trm_proactive}), netcheck: $(f_char ${trm_netcheck}), autoadd: $(f_char ${trm_autoadd}), randomize: $(f_char ${trm_randomize})" + json_add_string "station_subnet" "$(f_subnet)" + json_add_string "run_flags" "scan: ${trm_scanmode}, captive: $(f_char ${trm_captive}), proactive: $(f_char ${trm_proactive}), netcheck: $(f_char ${trm_netcheck}), autoadd: $(f_char ${trm_autoadd}), randomize: $(f_char ${trm_randomize})" json_add_string "ext_hooks" "ntp: $(f_char ${ntp_done}), vpn: $(f_char ${vpn_done}), mail: $(f_char ${mail_done})" json_add_string "last_run" "${last_date}" json_add_string "system" "${trm_sysver}" @@ -888,11 +916,18 @@ f_log() { # main function for connection handling # f_main() { - local radio cnt retrycnt scan_dev scan_list scan_essid scan_bssid scan_open scan_quality station_id section - local sta sta_essid sta_bssid sta_radio sta_mac open_sta open_essid config_radio config_essid config_bssid + local radio radio_num radio_phy cnt retrycnt scan_dev scan_mode scan_list scan_essid scan_bssid scan_rsn scan_wpa scan_open scan_quality + local station_id section sta sta_essid sta_bssid sta_radio sta_mac open_sta open_essid config_radio config_essid config_bssid f_check "initial" "false" - f_log "debug" "f_main-1 ::: status: ${trm_ifstatus}, proactive: ${trm_proactive}" + if [ "${trm_proactive}" = "0" ]; then + if [ "${trm_connection%%/*}" = "net ok" ]; then + f_vpn "enable_keep" + else + f_vpn "disable" + fi + fi + f_log "debug" "f_main-1 ::: status: ${trm_ifstatus}, connection: ${trm_connection%%/*}, proactive: ${trm_proactive}" if [ "${trm_ifstatus}" != "true" ] || [ "${trm_proactive}" = "1" ]; then config_load wireless config_foreach f_setif wifi-iface "${trm_proactive}" @@ -906,7 +941,7 @@ f_main() { f_check "dev" "true" f_log "debug" "f_main-2 ::: config_radio: ${config_radio}, config_essid: \"${config_essid}\", config_bssid: ${config_bssid:-"-"}" else - uci_commit "wireless" + [ -n "$(uci -q changes "wireless")" ] && uci_commit "wireless" f_check "dev" "false" fi f_log "debug" "f_main-3 ::: radio_list: ${trm_radiolist:-"-"}, sta_list: ${trm_stalist:-"-"}" @@ -916,7 +951,6 @@ f_main() { for radio in ${trm_radiolist}; do if ! printf "%s" "${trm_stalist}" | "${trm_grepcmd}" -q "\\-${radio}"; then if [ "${trm_autoadd}" = "0" ]; then - f_log "info" "no enabled station on radio '${radio}'" continue fi fi @@ -945,12 +979,29 @@ f_main() { f_log "debug" "f_main-5 ::: sta_radio: ${sta_radio}, sta_essid: \"${sta_essid}\", sta_bssid: ${sta_bssid:-"-"}" fi if [ -z "${scan_list}" ]; then - scan_dev="$("${trm_ubuscmd}" -S call network.wireless status 2>/dev/null | "${trm_jsoncmd}" -ql1 -e "@.${radio}.interfaces[0].ifname")" - scan_list="$("${trm_iwinfocmd}" "${scan_dev:-${radio}}" scan 2>/dev/null | - "${trm_awkcmd}" 'BEGIN{FS="[[:space:]]"}/Address:/{var1=$NF}/ESSID:/{var2="";for(i=12;i<=NF;i++)if(var2==""){var2=$i}else{var2=var2" "$i}} - /Quality:/{split($NF,var0,"/")}/Encryption:/{if($NF=="none"){var3="+"}else{var3="-"}; - printf "%i %s %s %s\n",(var0[1]*100/var0[2]),var3,var1,var2}' | "${trm_sortcmd}" -rn)" - f_log "debug" "f_main-6 ::: radio: ${radio}, scan_device: ${scan_dev}, scan_cnt: $(printf "%s" "${scan_list}" | "${trm_grepcmd}" -c "^")" + radio_num="${radio//[a-z]/}" + radio_phy="phy${radio_num}" + [ "${trm_scanmode}" != "passive" ] && scan_mode="" + + scan_dev="$("${trm_iwcmd}" dev | "${trm_awkcmd}" -v phy="${radio_phy}" '/Interface/{iface=$2} /type/{if(($2=="AP"||$2=="managed")&&iface ~ "^"phy"-"){printf"%s",iface;exit}}')" + if [ -z "${scan_dev}" ]; then + "${trm_iwcmd}" phy "${radio_phy}" interface add "trmscan${radio_num}" type managed >/dev/null 2>&1 + "${trm_ipcmd}" link set "trmscan${radio_num}" up >/dev/null 2>&1 + scan_dev="trmscan${radio_num}" + fi + scan_list="$(printf "%b" "$("${trm_iwcmd}" dev "${scan_dev}" scan ${scan_mode} 2>/dev/null | + "${trm_awkcmd}" '/^BSS /{if(bssid!=""){if(ssid=="")ssid="unknown";printf "%s %s %s %s %s\n",signal,rsn,wpa,bssid,ssid};bssid=toupper(substr($2,1,17));ssid="";signal="";rsn="-";wpa="-"} + /signal:/{signal=(2*($2+100)>100 ? 100 : 2*($2+100))} + /SSID:/{$1="";sub(/^ /,"",$0);ssid="\""$0"\""} + /WPA:/{wpa="+"} + /RSN:/{rsn="+"} + END{if(bssid!=""){if(ssid=="")ssid="unknown";printf "%s %s %s %s %s\n",signal,rsn,wpa,bssid,ssid}}' | "${trm_sortcmd}" -rn)")" + f_log "debug" "f_main-6 ::: radio: ${radio}, scan_device: ${scan_dev}, scan_mode: ${trm_scanmode:-"active"}, scan_cnt: $(printf "%s" "${scan_list}" | "${trm_grepcmd}" -c "^")" + + if [ "${scan_dev}" = "trmscan${radio_num}" ]; then + "${trm_ipcmd}" link set "trmscan${radio_num}" down >/dev/null 2>&1 + "${trm_iwcmd}" dev "trmscan${radio_num}" del >/dev/null 2>&1 + fi if [ -z "${scan_list}" ]; then f_log "info" "no scan results on '${radio}'" continue 2 @@ -959,7 +1010,12 @@ f_main() { # scan loop # - while read -r scan_quality scan_open scan_bssid scan_essid; do + while read -r scan_quality scan_rsn scan_wpa scan_bssid scan_essid; do + if [ "${scan_rsn}" = "-" ] && [ "${scan_wpa}" = "-" ]; then + scan_open="+" + else + scan_open="-" + fi if [ -n "${scan_quality}" ] && [ -n "${scan_open}" ] && [ -n "${scan_bssid}" ] && [ -n "${scan_essid}" ]; then f_log "debug" "f_main-7 ::: radio(sta/scan): ${sta_radio}/${radio}, essid(sta/scan): \"${sta_essid}\"/${scan_essid}, bssid(sta/scan): ${sta_bssid}/${scan_bssid}, quality(min/scan): ${trm_minquality}/${scan_quality}, open: ${scan_open}" if [ "${scan_quality}" -lt "${trm_minquality}" ]; then @@ -982,7 +1038,7 @@ f_main() { if [ -n "${config_radio}" ]; then f_vpn "disable" uci_set "wireless" "${trm_activesta}" "disabled" "1" - uci_commit "wireless" + [ -n "$(uci -q changes "wireless")" ] && uci_commit "wireless" f_check "rev" "false" f_ctrack "end" f_log "info" "uplink connection terminated '${config_radio}/${config_essid}/${config_bssid:-"-"}'" @@ -999,7 +1055,7 @@ f_main() { f_check "sta" "false" "${sta_radio}" "${sta_essid}" "${sta_bssid}" if [ "${trm_ifstatus}" = "true" ]; then rm -f "${trm_mailfile}" - uci_commit "wireless" + [ -n "$(uci -q changes "wireless")" ] && uci_commit "wireless" f_ctrack "start" f_log "info" "connected to uplink '${sta_radio}/${sta_essid}/${sta_bssid:-"-"}' with mac '${sta_mac:-"-"}' (${retrycnt}/${trm_maxretry})" f_vpn "enable" @@ -1050,8 +1106,10 @@ trm_ubuscmd="$(f_cmd ubus)" trm_loggercmd="$(f_cmd logger)" trm_wificmd="$(f_cmd wifi)" trm_fetchcmd="$(f_cmd curl)" -trm_iwinfocmd="$(f_cmd iwinfo)" +trm_ipcmd="$(f_cmd ip)" +trm_iwcmd="$(f_cmd iw)" trm_wpacmd="$(f_cmd wpa_supplicant)" +trm_ipcalccmd="$(f_cmd ipcalc.sh)" # get travelmate version # @@ -1065,7 +1123,7 @@ fi # control travelmate actions # -while true; do +while :; do if [ "${trm_action}" = "stop" ]; then if [ -s "${trm_pidfile}" ]; then f_log "info" "travelmate instance stopped ::: action: ${trm_action}, pid: $(cat ${trm_pidfile} 2>/dev/null)" @@ -1077,9 +1135,9 @@ while true; do f_log "info" "travelmate instance started ::: action: ${trm_action}, pid: ${$}" f_env f_main - unset trm_action + trm_action="" fi - while true; do + while :; do sleep "${trm_timeout}" 0 rc="${?}" if [ "${rc}" != "0" ]; then diff --git a/net/travelmate/files/travelmate.vpn b/net/travelmate/files/travelmate.vpn index 77c94634cde83e..fe213b1d1ac611 100755 --- a/net/travelmate/files/travelmate.vpn +++ b/net/travelmate/files/travelmate.vpn @@ -1,13 +1,11 @@ #!/bin/sh # vpn handler called by travelmate -# Copyright (c) 2020-2023 Dirk Brenken (dev@brenken.org) +# Copyright (c) 2020-2025 Dirk Brenken (dev@brenken.org) # This is free software, licensed under the GNU General Public License v3. # set (s)hellcheck exceptions # shellcheck disable=all -# Please note: you have to setup the package 'wireguard' or 'openvpn' before using this script - . "/lib/functions.sh" export LC_ALL=C @@ -20,7 +18,7 @@ vpn_iface="${4}" vpn_instance="${5}" trm_maxwait="$(uci_get travelmate global trm_maxwait "30")" trm_captiveurl="$(uci_get travelmate global trm_captiveurl "http://detectportal.firefox.com")" -trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/118.0")" +trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (X11; Linux x86_64; rv:144.0) Gecko/20100101 Firefox/144.0")" trm_ubuscmd="$(command -v ubus)" trm_jsoncmd="$(command -v jsonfilter)" trm_logger="$(command -v logger)" @@ -30,7 +28,7 @@ trm_vpnfile="/var/state/travelmate.vpn" f_net() { local json_rc - json_rc="$(${trm_fetch} --user-agent "${trm_useragent}" --referer "http://www.example.com" --header "Cache-Control: no-cache, no-store, must-revalidate, max-age=0" --write-out "%{response_code}" --silent --output /dev/null --max-time $((trm_maxwait / 6)) "${trm_captiveurl}")" + json_rc="$(${trm_fetch} --user-agent "${trm_useragent}" --referer "http://www.example.com" --header "Cache-Control: no-cache, no-store, must-revalidate, max-age=0" --write-out "%{response_code}" --silent --retry $((trm_maxwait / 6)) --output /dev/null --max-time $((trm_maxwait / 6)) "${trm_captiveurl}")" if [ "${json_rc}" = "200" ] || [ "${json_rc}" = "204" ]; then json_rc="net ok" fi @@ -41,21 +39,25 @@ if [ "${vpn}" = "1" ] && [ "${vpn_action%_*}" = "enable" ]; then if [ "${vpn_action}" = "enable_keep" ]; then vpn_status="$("${trm_ubuscmd}" -S call network.interface."${vpn_iface}" status 2>/dev/null | "${trm_jsoncmd}" -ql1 -e '@.up')" fi + "${trm_logger}" -p "info" -t "trm-vpn [${$}]" "start vpn processing (vpn: ${vpn:-"-"}, action: ${vpn_action:-"-"}, interface: ${vpn_iface:-"-"}, instance: ${vpn_instance:-"-"}, status: ${vpn_status:-"-"})" if [ "${vpn_action}" = "enable" ] || [ "${vpn_status}" != "true" ]; then if [ "${vpn_status}" != "true" ]; then /sbin/ifdown "${vpn_iface}" "${trm_ubuscmd}" -S call network.interface."${vpn_iface}" remove >/dev/null 2>&1 + if [ "${vpn_service}" = "openvpn" ] && [ -n "${vpn_instance}" ] && [ -x "/etc/init.d/openvpn" ]; then + if /etc/init.d/openvpn running "${vpn_instance}"; then + /etc/init.d/openvpn stop "${vpn_instance}" + fi + /etc/init.d/openvpn start "${vpn_instance}" + fi fi - if [ "${vpn_service}" = "openvpn" ] && [ -n "${vpn_instance}" ] && [ -x "/etc/init.d/openvpn" ] && /etc/init.d/openvpn running "${vpn_instance}"; then - /etc/init.d/openvpn stop "${vpn_instance}" - sleep 1 - fi - if [ "${vpn_service}" = "openvpn" ] && [ -n "${vpn_instance}" ] && [ -x "/etc/init.d/openvpn" ] && ! /etc/init.d/openvpn running "${vpn_instance}"; then - /etc/init.d/openvpn start "${vpn_instance}" - fi + sleep 1 /sbin/ifup "${vpn_iface}" + if ! "${trm_ubuscmd}" -t "$((trm_maxwait / 6))" wait_for network.interface."${vpn_iface}" >/dev/null 2>&1; then + "${trm_logger}" -p "info" -t "trm-vpn [${$}]" "travelmate vpn interface '${vpn_iface}' does not appear on ubus on ifup event" + fi cnt=0 - while true; do + while :; do vpn_status="$("${trm_ubuscmd}" -S call network.interface."${vpn_iface}" status 2>/dev/null | "${trm_jsoncmd}" -ql1 -e '@.up')" if [ "${vpn_status}" = "true" ]; then net_status="$(f_net)" @@ -75,8 +77,8 @@ if [ "${vpn}" = "1" ] && [ "${vpn_action%_*}" = "enable" ]; then "${trm_logger}" -p "info" -t "trm-vpn [${$}]" "${vpn_service} client connection can't be established '${vpn_iface}/${vpn_instance:-"-", rc: ${net_status:-"-"}}'" 2>/dev/null return 1 fi - sleep 1 cnt="$((cnt + 1))" + sleep 1 done fi elif { [ "${vpn}" != "1" ] && [ "${vpn_action%_*}" = "enable" ]; } || [ "${vpn_action}" = "disable" ]; then diff --git a/net/tunneldigger/Makefile b/net/tunneldigger/Makefile index b391b4f3a9ccb3..10c774cba6e907 100644 --- a/net/tunneldigger/Makefile +++ b/net/tunneldigger/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tunneldigger -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_URL:=https://github.com/wlanslovenija/tunneldigger.git PKG_SOURCE_PROTO:=git diff --git a/net/tunneldigger/files/config.default b/net/tunneldigger/files/config.default index 571621a42e4bc0..0a01bc2a0cc862 100644 --- a/net/tunneldigger/files/config.default +++ b/net/tunneldigger/files/config.default @@ -5,4 +5,5 @@ config broker option uuid 'abcd' option interface 'l2tp0' option limit_bw_down '1024' + option broker_selection 'usage' option enabled '0' diff --git a/net/tunneldigger/files/tunneldigger.init b/net/tunneldigger/files/tunneldigger.init index bacaace8168ecd..810d96be7a7fba 100644 --- a/net/tunneldigger/files/tunneldigger.init +++ b/net/tunneldigger/files/tunneldigger.init @@ -22,6 +22,7 @@ parse_broker() { config_get hook_script "$section" hook_script config_get bind_interface "$section" bind_interface config_get group "$section" group + config_get broker_selection "$section" broker_selection [ $enabled -eq 0 ] && return @@ -38,6 +39,20 @@ parse_broker() { network_get_device _bind_interface "${bind_interface}" || _bind_interface="${bind_interface}" append broker_opts "-I ${_bind_interface}" } + [ ! -z "${broker_selection}" ] && { + # Set broker selection. + case "${broker_selection}" in + usage) + append broker_opts "-a" + ;; + first) + append broker_opts "-g" + ;; + random) + append broker_opts "-r" + ;; + esac + } if [ -z "$uuid" ]; then missing uuid diff --git a/net/umurmur/Makefile b/net/umurmur/Makefile index 30ed236548ae5e..ec6ef28e611ce5 100644 --- a/net/umurmur/Makefile +++ b/net/umurmur/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=umurmur -PKG_VERSION:=0.2.20 +PKG_VERSION:=0.3.1 PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=https://codeload.github.com/umurmur/umurmur/tar.gz/$(PKG_VERSION)? -PKG_HASH:=b7b2978c3197aef0a6531f1cf0ee1aebb32a55ad8bda43064ce3a944edbcac83 +PKG_SOURCE_URL:=https://codeload.github.com/umurmur/umurmur/tar.gz/v$(PKG_VERSION)? +PKG_HASH:=8327dd0b2c5bd187a38d098295e896a6b85d698c9268205bcb27f6244f760a73 PKG_MAINTAINER:=Martin Johansson PKG_LICENSE:=BSD-3-Clause @@ -59,29 +59,28 @@ define Package/umurmur-mbedtls/description endef define Package/umurmur-openssl/conffiles -/etc/umurmur.conf +/etc/umurmur/umurmur.conf endef Package/umurmur-mbedtls/conffiles = $(Package/umurmur-openssl/conffiles) define Package/umurmur-openssl/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/umurmurd $(1)/usr/bin/ - $(INSTALL_DIR) $(1)/etc - $(INSTALL_CONF) $(PKG_BUILD_DIR)/openwrt/files/umurmur.conf $(1)/etc/ + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/umurmurd $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/etc/umurmur/ + $(INSTALL_CONF) $(PKG_BUILD_DIR)/umurmur.conf.example $(1)/etc/umurmur/umurmur.conf $(INSTALL_DIR) $(1)/etc/init.d - $(INSTALL_BIN) $(PKG_BUILD_DIR)/openwrt/files/umurmur.init $(1)/etc/init.d/umurmur - $(INSTALL_DIR) $(1)/etc/umurmur + $(INSTALL_BIN) ./files/umurmur.init $(1)/etc/init.d/umurmur endef Package/umurmur-mbedtls/install = $(Package/umurmur-openssl/install) CMAKE_OPTIONS += \ -DLIBCONFIG_INCLUDE_DIR="$(STAGING_DIR)/usr/include" \ - -DLIBCONFIG_LIBRARIES="$(STAGING_DIR)/usr/lib" \ + -DLIBCONFIG_LIBRARIES="$(STAGING_DIR)/usr/lib/libconfig.so" \ -DLIBCONFIG_LIB_DIR="$(STAGING_DIR)/usr/lib" \ -DPROTOBUFC_INCLUDE_DIR="$(STAGING_DIR)/usr/include" \ - -DPROTOBUFC_LIBRARIES="$(STAGING_DIR)/usr/lib" \ + -DPROTOBUFC_LIBRARIES="$(STAGING_DIR)/usr/lib/libprotobuf-c.so" \ -DPROTOBUFC_LIB_DIR="$(STAGING_DIR)/usr/lib" ifeq ($(BUILD_VARIANT),openssl) diff --git a/net/umurmur/files/umurmur.init b/net/umurmur/files/umurmur.init new file mode 100644 index 00000000000000..f3911c5ea00081 --- /dev/null +++ b/net/umurmur/files/umurmur.init @@ -0,0 +1,26 @@ +#!/bin/sh /etc/rc.common + +START=90 +STOP=10 + +USE_PROCD=1 + +PROG=/usr/sbin/umurmurd +CONF=/etc/umurmur/umurmur.conf + +start_service() { + procd_open_instance + procd_set_param command $PROG -d -c $CONF + procd_set_param respawn + procd_set_param stdout 1 + procd_set_param stderr 1 + procd_close_instance +} + +service_triggers() { + procd_add_reload_trigger umurmur +} + +reload_service() { + procd_send_signal umurmur +} diff --git a/net/umurmur/patches/010-umurmur-0.2.20-openssl3.patch b/net/umurmur/patches/010-umurmur-0.2.20-openssl3.patch deleted file mode 100644 index c82541aba6e08a..00000000000000 --- a/net/umurmur/patches/010-umurmur-0.2.20-openssl3.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/src/ssli_openssl.c -+++ b/src/ssli_openssl.c -@@ -142,8 +142,6 @@ static EVP_PKEY *SSL_generate_cert_and_k - - Log_info("Generating new server certificate."); - -- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); -- - x509 = X509_new(); - if (!x509) - goto err_out; diff --git a/net/umurmur/patches/100-Add-support-for-mbedtls-3.x.patch b/net/umurmur/patches/100-Add-support-for-mbedtls-3.x.patch deleted file mode 100644 index 45bca4c1c60832..00000000000000 --- a/net/umurmur/patches/100-Add-support-for-mbedtls-3.x.patch +++ /dev/null @@ -1,177 +0,0 @@ -From fa75e4ca000fc41af0eefd60ac06223c573e0ae4 Mon Sep 17 00:00:00 2001 -From: Glenn Strauss -Date: Thu, 24 Oct 2024 10:07:10 -0400 -Subject: [PATCH] Add support for mbedtls-3.x - -Signed-off-by: Glenn Strauss ---- - src/crypt.h | 1 - - src/ssl.h | 4 +++ - src/ssli_mbedtls.c | 65 +++++++++++++++++++++++++++++++++++++++++++--- - 3 files changed, 66 insertions(+), 4 deletions(-) - ---- a/src/crypt.h -+++ b/src/crypt.h -@@ -36,7 +36,6 @@ - - #if defined(USE_MBEDTLS) - --#include - #include - - #define CRYPT_AES_KEY mbedtls_aes_context ---- a/src/ssl.h -+++ b/src/ssl.h -@@ -53,6 +53,10 @@ - #include - #endif - -+#if (MBEDTLS_VERSION_MAJOR >= 3) -+#undef USE_MBEDTLS_HAVEGE -+#endif -+ - #if defined(USE_MBEDTLS_HAVEGE) - #include - #define HAVEGE_RAND (mbedtls_havege_random) ---- a/src/ssli_mbedtls.c -+++ b/src/ssli_mbedtls.c -@@ -37,10 +37,16 @@ - #include - #include - --#include - #include --#include -+#if defined(MBEDTLS_USE_PSA_CRYPTO) -+#include -+#else -+#include -+#include -+#endif -+#if MBEDTLS_VERSION_MAJOR < 3 - #include -+#endif - #include - #include - -@@ -64,13 +70,32 @@ const int ciphers[] = - 0 - }; - -+#if MBEDTLS_VERSION_NUMBER >= 0x03000000 -+#if !defined(MBEDTLS_USE_PSA_CRYPTO) -+#ifdef MBEDTLS_ENTROPY_C -+static mbedtls_entropy_context entropy; -+#ifdef MBEDTLS_CTR_DRBG_C -+static mbedtls_ctr_drbg_context ctr_drbg; -+#endif -+#endif -+#endif -+#endif -+ - static mbedtls_x509_crt certificate; - static inline int x509parse_keyfile(mbedtls_pk_context *pk, const char *path, const char *pwd) - { - int ret; - - mbedtls_pk_init(pk); -+#if MBEDTLS_VERSION_NUMBER >= 0x03000000 -+#if defined(MBEDTLS_USE_PSA_CRYPTO) -+ ret = mbedtls_pk_parse_keyfile(pk, path, pwd, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE); -+#else -+ ret = mbedtls_pk_parse_keyfile(pk, path, pwd, mbedtls_ctr_drbg_random, &ctr_drbg); -+#endif -+#else - ret = mbedtls_pk_parse_keyfile(pk, path, pwd); -+#endif - if (ret == 0 && !mbedtls_pk_can_do(pk, MBEDTLS_PK_ECDSA) && !mbedtls_pk_can_do(pk, MBEDTLS_PK_RSA)) - { - ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; -@@ -127,6 +152,13 @@ static void initKey() - #ifndef USE_MBEDTLS_HAVEGE - int urandom_bytes(void *ctx, unsigned char *dest, size_t len) - { -+#if (MBEDTLS_VERSION_MAJOR >= 3) -+#if defined(MBEDTLS_USE_PSA_CRYPTO) -+ mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, dest, len); -+#else -+ mbedtls_ctr_drbg_random(&ctr_drbg, dest, len); -+#endif -+#else - int cur; - - while (len) { -@@ -135,6 +167,7 @@ int urandom_bytes(void *ctx, unsigned ch - continue; - len -= cur; - } -+#endif - return 0; - } - #endif -@@ -160,10 +193,20 @@ void SSLi_init(void) - #ifdef USE_MBEDTLS_HAVEGE - mbedtls_havege_init(&hs); - #else -+#if MBEDTLS_VERSION_NUMBER >= 0x03000000 -+#if defined(MBEDTLS_USE_PSA_CRYPTO) -+ psa_crypto_init(); -+#else -+ mbedtls_ctr_drbg_init(&ctr_drbg); -+ mbedtls_entropy_init(&entropy); -+ mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0); -+#endif -+#else - urandom_fd = open("/dev/urandom", O_RDONLY); - if (urandom_fd < 0) - Log_fatal("Cannot open /dev/urandom"); - #endif -+#endif - - /* Initialize config */ - conf = Memory_safeCalloc(1, sizeof(mbedtls_ssl_config)); -@@ -187,7 +230,11 @@ void SSLi_init(void) - #endif - mbedtls_ssl_conf_dbg(conf, pssl_debug, NULL); - -+#if MBEDTLS_VERSION_NUMBER >= 0x03000000 -+ mbedtls_ssl_conf_min_version(conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3); -+#else - mbedtls_ssl_conf_min_version(conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1); -+#endif - - mbedtls_ssl_conf_ciphersuites(conf, (const int*)&ciphers); - -@@ -209,8 +256,15 @@ void SSLi_deinit(void) - #ifdef USE_MBEDTLS_HAVEGE - mbedtls_havege_free(&hs); - #else -+#if MBEDTLS_VERSION_NUMBER >= 0x03000000 -+#if !defined(MBEDTLS_USE_PSA_CRYPTO) -+ mbedtls_ctr_drbg_free(&ctr_drbg); -+ mbedtls_entropy_free(&entropy); -+#endif -+#else - close(urandom_fd); - #endif -+#endif - } - - bool_t SSLi_getSHA1Hash(SSL_handle_t *ssl, uint8_t *hash) -@@ -223,8 +277,15 @@ bool_t SSLi_getSHA1Hash(SSL_handle_t *ss - } - #if MBEDTLS_VERSION_NUMBER < 0x02070000L - mbedtls_sha1(cert->raw.p, cert->raw.len, hash); --#else -+#elif MBEDTLS_VERSION_NUMBER < 0x03000000L - mbedtls_sha1_ret(cert->raw.p, cert->raw.len, hash); -+#elif !defined(MBEDTLS_USE_PSA_CRYPTO) -+ mbedtls_sha1(cert->raw.p, cert->raw.len, hash); -+#else -+ size_t hash_length; -+ mbedtls_psa_hash_compute( -+ PSA_ALG_SHA_1, cert->raw.p, cert->raw.len, hash, -+ 20 /* client_t member uint8_t hash[20] */, &hash_length); - #endif - return true; - } diff --git a/net/unbound/Makefile b/net/unbound/Makefile index 810858dee6c82f..08f87265c15c36 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound -PKG_VERSION:=1.21.0 +PKG_VERSION:=1.24.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://nlnetlabs.nl/downloads/unbound -PKG_HASH:=e7dca7d6b0f81bdfa6fa64ebf1053b5a999a5ae9278a87ef182425067ea14521 +PKG_HASH:=147b22983cc7008aa21007e251b3845bfcf899ffd2d3b269253ebf2e27465086 PKG_MAINTAINER:=Eric Luehrsen PKG_LICENSE:=BSD-3-Clause diff --git a/net/unbound/files/README.md b/net/unbound/files/README.md index 825a0710940544..d35935c558d8d4 100644 --- a/net/unbound/files/README.md +++ b/net/unbound/files/README.md @@ -208,6 +208,7 @@ One instance is supported currently. | dns64_prefix | 64:ff9b::/96 | subnet | DNS64 RFC6052 IPv4 in IPv6 well known prefix. | dns64-prefix: | | dhcp_link | none | program | Link to a DHCP server with supported scripts. See HOW TO above. | local-zone: local-data: forward-zone: | | dhcp4_slaac6 | 0 | boolean | Infer SLAAC IE64 IPv6 addresses from DHCPv4 MAC in DHCP link scripts. | - | +| exclude_ipv6_ga | 0 | boolean | If exclude IPv6 global addresses from local data. | local-data: | | domain | lan | domain | This will suffix DHCP host records and be the default search domain. | local-zone: | | domain_insecure | (empty) | domain | **List** domains that you wish to skip DNSSEC. It is one way around NTP chicken and egg. Your DHCP domains are automatically included. | domain-insecure: | | domain_type | static | state | This allows you to lock down or allow forwarding of the local zone.
`static`: no forwarding like dnsmasq default
`refuse`: answer overtly with REFUSED
`deny`: covertly drop all queries
`transparent`: may continue forwarding or recusion | local-zone: | diff --git a/net/unbound/files/odhcpd.awk b/net/unbound/files/odhcpd.awk index 7aea8e7c174799..5214500f789b5e 100644 --- a/net/unbound/files/odhcpd.awk +++ b/net/unbound/files/odhcpd.awk @@ -24,6 +24,7 @@ # "bslaac" = boolean, use DHCPv4 MAC to find GA and ULA IPV6 SLAAC # "bisolt" = boolean, format ... so you can isolate # "bconf" = boolean, write conf file with pipe records +# "exclude_ipv6_ga" = boolean, exclude IPv6 GA addresses from local-data # ############################################################################## @@ -38,16 +39,14 @@ sub( /.*\//, "", cdr2 ) ; gsub( /_/, "-", hst ) ; - if ( hst !~ /^[[:alnum:]]([-[:alnum:]]*[[:alnum:]])?$/ ) { # that is not a valid host name (RFC1123) # above replaced common error of "_" in host name with "-" hst = "-" ; } - if ( bisolt == 1 ) { - # TODO: this might be better with a substituion option, + # TODO: this might be better with a substitution option, # or per DHCP pool do-not-DNS option, but its getting busy here. fqdn = net gsub( /\./, "-", fqdn ) ; @@ -58,56 +57,52 @@ fqdn = tolower( hst "." domain ) ; } - if ((cls == "ipv4") && (hst != "-") && (cdr == 32) && (NF == 9)) { # IPV4 ; only for provided hostnames and full /32 assignments # NF=9 ; odhcpd errata in field format without host name ptr = adr ; qpr = "" ; split( ptr, ptrarr, "." ) ; slaac = slaac_eui64( id ) ; - if ( bconf == 1 ) { x = ( "local-data: \"" fqdn ". 300 IN A " adr "\"" ) ; y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ; print ( x "\n" y "\n" ) > conffile ; } - # always create the pipe file for( i=1; i<=4; i++ ) { qpr = ( ptrarr[i] "." qpr) ; } x = ( fqdn ". 300 IN A " adr ) ; y = ( qpr "in-addr.arpa. 300 IN PTR " fqdn ) ; print ( x "\n" y ) > pipefile ; - if (( bslaac == 1 ) && ( slaac != 0 )) { # UCI option to discover IPV6 routed SLAAC addresses # NOT TODO - ping probe take too long when added in awk-rule loop cmd = ( "ip -6 --oneline route show dev " net ) ; - while ( ( cmd | getline adr ) > 0 ) { if (( substr( adr, 1, 5 ) <= "fdff:" ) \ && ( index( adr, "::/" ) != 0 ) \ && ( index( adr, "anycast" ) == 0 ) \ && ( index( adr, "via" ) == 0 )) { - # GA or ULA routed addresses only (not LL or MC) + if ( exclude_ipv6_ga == 1 && ipv6_in_range(adr) ) { + printf "Excluding GA IPv6 address: %s for %s\n", \ + adr, fqdn | "logger -t unbound-odhcpd" + continue + } sub( /\/.*/, "", adr ) ; adr = ( adr slaac ) ; - if ( split( adr, tmp0, ":" ) > 8 ) { sub( "::", ":", adr ) ; } - if ( bconf == 1 ) { x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr "\"" ) ; y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ; print ( x "\n" y "\n" ) > conffile ; } - # always create the pipe file qpr = ipv6_ptr( adr ) ; x = ( fqdn ". 300 IN AAAA " adr ) ; @@ -116,41 +111,50 @@ } } - close( cmd ) ; } } else if ((cls != "ipv4") && (hst != "-") && (9 <= NF) && (NF <= 10)) { if (cdr == 128) { + if ( exclude_ipv6_ga == 1 && ipv6_in_range(adr) ) { + printf "Excluding GA IPv6 address: %s for %s\n", \ + adr, fqdn | "logger -t unbound-odhcpd" + } + else { if ( bconf == 1 ) { x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr "\"" ) ; y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ; print ( x "\n" y "\n" ) > conffile ; } - # only for provided hostnames and full /128 assignments qpr = ipv6_ptr( adr ) ; x = ( fqdn ". 300 IN AAAA " adr ) ; y = ( qpr ". 300 IN PTR " fqdn ) ; print ( x "\n" y ) > pipefile ; } + } if (cdr2 == 128) { + if ( exclude_ipv6_ga == 1 && ipv6_in_range(adr2) ) { + printf "Excluding GA IPv6 address: %s for %s\n", \ + adr2, fqdn | "logger -t unbound-odhcpd" + } + else { if ( bconf == 1 ) { x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr2 "\"" ) ; y = ( "local-data-ptr: \"" adr2 " 300 " fqdn "\"" ) ; print ( x "\n" y "\n" ) > conffile ; } - # odhcp puts GA and ULA on the same line (position 9 and 10) qpr2 = ipv6_ptr( adr2 ) ; x = ( fqdn ". 300 IN AAAA " adr2 ) ; y = ( qpr2 ". 300 IN PTR " fqdn ) ; print ( x "\n" y ) > pipefile ; } + } } else { @@ -164,7 +168,6 @@ function ipv6_ptr( ipv6, arpa, ary, end, m, n, new6, sz, start ) { # IPV6 colon flexibility is a challenge when creating [ptr].ip6.arpa. sz = split( ipv6, ary, ":" ) ; end = 9 - sz ; - for( m=1; m<=sz; m++ ) { if( length(ary[m]) == 0 ) { for( n=1; n<=end; n++ ) { ary[m] = ( ary[m] "0000" ) ; } @@ -175,7 +178,6 @@ function ipv6_ptr( ipv6, arpa, ary, end, m, n, new6, sz, start ) { } } - new6 = ary[1] ; for( m = 2; m <= sz; m++ ) { new6 = ( new6 ary[m] ) ; } start = length( new6 ) ; @@ -203,9 +205,55 @@ function slaac_eui64( mac, ary, glbit, eui64 ) { eui64 = 0 ; } - return eui64 ; } ############################################################################## +function normalize_ipv6(ip, parts, normalized) { + # Remove any prefix length + sub(/\/.*/, "", ip); + + # Handle compressed notation (::) + if (index(ip, "::") > 0) { + split(ip, parts, "::"); + # Count colons to determine how many zero groups to insert + gsub(/:/, ":", parts[1]); + if (parts[2] != "") gsub(/:/, ":", parts[2]); + missing = 8 - (split(parts[1], tmp1, ":") + split(parts[2], tmp2, ":")); + + # Build normalized address + normalized = parts[1]; + for (i = 0; i < missing; i++) normalized = normalized ":0"; + if (parts[2] != "") normalized = normalized ":" parts[2]; + } else { + normalized = ip; + } + + # Fill each group with leading zeros + split(normalized, parts, ":"); + normalized = ""; + for (i = 1; i <= length(parts); i++) { + if (parts[i] == "") parts[i] = "0"; + while (length(parts[i]) < 4) { + parts[i] = "0" parts[i]; + } + if (i > 1) normalized = normalized ":"; + normalized = normalized parts[i]; + } + + return normalized; +} + +function ipv6_in_range(ip) { + # Normalize the address first + ip = normalize_ipv6(ip); + + # Check if it's in 2000::/3 range + # This covers 2000:: to 3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff + first_group = substr(ip, 1, 4); + first_digit = substr(first_group, 1, 1); + + return (first_digit == "2" || first_digit == "3"); +} + diff --git a/net/unbound/files/odhcpd.sh b/net/unbound/files/odhcpd.sh index b8af615a51fba3..bcdd0722d79fba 100644 --- a/net/unbound/files/odhcpd.sh +++ b/net/unbound/files/odhcpd.sh @@ -38,7 +38,12 @@ odhcpd_zonedata() { local dhcp4_slaac6=$( uci_get unbound.@unbound[0].dhcp4_slaac6 ) local dhcp_domain=$( uci_get unbound.@unbound[0].domain ) local dhcp_origin=$( uci_get dhcp.@odhcpd[0].leasefile ) + local exclude_ipv6_ga=$( uci_get unbound.@unbound[0].exclude_ipv6_ga ) + if [ "$exclude_ipv6_ga" != "0" ] && [ "$exclude_ipv6_ga" != "1" ]; then + logger -t unbound -s "invalid exclude_ipv6_ga value, using default (0)" + exclude_ipv6_ga=0 + fi if [ -f "$UB_TOTAL_CONF" ] && [ -f "$dhcp_origin" ] \ && [ "$dhcp_link" = "odhcpd" ] && [ -n "$dhcp_domain" ] ; then @@ -49,7 +54,6 @@ odhcpd_zonedata() { local dns_ls_old=$UB_VARDIR/dhcp_dns.old local dhcp_ls_new=$UB_VARDIR/dhcp_lease.new - if [ ! -f $UB_DHCP_CONF ] || [ ! -f $dns_ls_old ] ; then # no old files laying around touch $dns_ls_old @@ -61,7 +65,6 @@ odhcpd_zonedata() { dateconf=$(( $( date +%s ) - $( date -r $UB_DHCP_CONF +%s ) )) dateoldf=$(( $( date +%s ) - $( date -r $dns_ls_old +%s ) )) - if [ $dateconf -gt 300 ] ; then touch $dns_ls_old sort $dhcp_origin > $dhcp_ls_new @@ -78,12 +81,11 @@ odhcpd_zonedata() { fi fi - case $longconf in freshstart) awk -v conffile=$UB_DHCP_CONF -v pipefile=$dns_ls_new \ -v domain=$dhcp_domain -v bslaac=$dhcp4_slaac6 \ - -v bisolt=0 -v bconf=1 \ + -v bisolt=0 -v bconf=1 -v exclude_ipv6_ga=$exclude_ipv6_ga \ -f /usr/lib/unbound/odhcpd.awk $dhcp_ls_new cp $dns_ls_new $dns_ls_add @@ -95,7 +97,7 @@ odhcpd_zonedata() { longtime) awk -v conffile=$UB_DHCP_CONF -v pipefile=$dns_ls_new \ -v domain=$dhcp_domain -v bslaac=$dhcp4_slaac6 \ - -v bisolt=0 -v bconf=1 \ + -v bisolt=0 -v bconf=1 -v exclude_ipv6_ga=$exclude_ipv6_ga \ -f /usr/lib/unbound/odhcpd.awk $dhcp_ls_new awk '{ print $1 }' $dns_ls_old | sort | uniq > $dns_ls_del @@ -111,7 +113,7 @@ odhcpd_zonedata() { # unbound-control can be slow so high DHCP rates cannot run a full list awk -v conffile=$UB_DHCP_CONF -v pipefile=$dns_ls_new \ -v domain=$dhcp_domain -v bslaac=$dhcp4_slaac6 \ - -v bisolt=0 -v bconf=0 \ + -v bisolt=0 -v bconf=0 -v exclude_ipv6_ga=$exclude_ipv6_ga \ -f /usr/lib/unbound/odhcpd.awk $dhcp_ls_new sort $dns_ls_new $dns_ls_old $dns_ls_old | uniq -u > $dns_ls_add @@ -129,21 +131,11 @@ odhcpd_zonedata() { ############################################################################## -UB_ODHPCD_LOCK=/tmp/unbound_odhcpd.lock +UB_ODHCPD_LOCK=/var/lock/unbound_odhcpd.lock -if [ ! -f $UB_ODHPCD_LOCK ] ; then - # imperfect but it should avoid collisions - touch $UB_ODHPCD_LOCK +exec 1000>$UB_ODHCPD_LOCK +if flock -x -n 1000 ; then odhcpd_zonedata - rm -f $UB_ODHPCD_LOCK - -else - UB_ODHCPD_LOCK_AGE=$(( $( date +%s ) - $( date -r $UB_ODHPCD_LOCK +%s ) )) - - if [ $UB_ODHCPD_LOCK_AGE -gt 100 ] ; then - # unlock because something likely broke but do not write this time through - rm -f $UB_ODHPCD_LOCK - fi fi ############################################################################## diff --git a/net/unbound/files/unbound.init b/net/unbound/files/unbound.init index 8231e6931524b7..319062c1067d59 100755 --- a/net/unbound/files/unbound.init +++ b/net/unbound/files/unbound.init @@ -1,15 +1,7 @@ #!/bin/sh /etc/rc.common -############################################################################## -# # Copyright (C) 2016 Michael Hanselmann, Eric Luehrsen -# -############################################################################## -# # This init script is just the entry point for Unbound UCI. # -############################################################################## - -# while useful (sh)ellcheck is pedantic and noisy # shellcheck disable=1091,2002,2004,2034,2039,2086,2094,2140,2154,2155 START=19 diff --git a/net/unbound/files/unbound.uci b/net/unbound/files/unbound.uci index d921e3cd0ed7c6..7a1eaf91141c5b 100644 --- a/net/unbound/files/unbound.uci +++ b/net/unbound/files/unbound.uci @@ -4,6 +4,7 @@ config unbound 'ub_main' option add_wan_fqdn '0' option dhcp_link 'none' option dhcp4_slaac6 '0' + option exclude_ipv6_ga '0' option dns64 '0' option dns64_prefix '64:ff9b::/96' option domain 'lan' diff --git a/net/unbound/patches/010-configure-uname.patch b/net/unbound/patches/010-configure-uname.patch index 609475cddbccd6..62231726fda0f9 100644 --- a/net/unbound/patches/010-configure-uname.patch +++ b/net/unbound/patches/010-configure-uname.patch @@ -3,7 +3,7 @@ Fix cross compile errors by inserting an environment variable for the target. Use "uname" on host only if "UNAME" variable is empty. --- a/configure.ac +++ b/configure.ac -@@ -895,7 +895,7 @@ if test x_$ub_test_python != x_no; then +@@ -902,7 +902,7 @@ if test x_$ub_test_python != x_no; then fi fi diff --git a/net/uradvd/Makefile b/net/uradvd/Makefile index 696cd112ea50c7..fd63aaf3e5a36a 100644 --- a/net/uradvd/Makefile +++ b/net/uradvd/Makefile @@ -1,13 +1,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=uradvd -PKG_RELEASE:=2 +PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=https://github.com/freifunk-gluon/uradvd.git -PKG_SOURCE_DATE:=2021-09-14 -PKG_SOURCE_VERSION:=9b0da60e27c67305d251b10163e388191d566d7a -PKG_MIRROR_HASH:=84221d0044dd1e622b26ace7cb316be613d3c863293379d551d2c5c280124ddb +PKG_SOURCE_DATE:=2025-08-16 +PKG_SOURCE_VERSION:=b37524dfb0292c425fd61f5bffb3101fb1979264 +PKG_MIRROR_HASH:=1f681e2baf6f9b825668aeed9c075f532db509d7d1848e76f3e8101acf2bd476 PKG_MAINTAINER:=Moritz Warning PKG_LICENSE:=BSD-2-Clause diff --git a/net/uradvd/files/uradvd.config b/net/uradvd/files/uradvd.config index aa5486de30072f..924b7490745ef0 100644 --- a/net/uradvd/files/uradvd.config +++ b/net/uradvd/files/uradvd.config @@ -5,7 +5,11 @@ config interface # alternative: option device 'lan' option ifname 'br-lan' # lifetime of the default route (in seconds) - option default_lifetime '0' + # option default_lifetime '0' + # option valid_lifetime '86400' + # option preferred_lifetime '14400' + # option max_router_adv_interval '600' + # option min_router_adv_interval '200' list prefix_on_link '300::/64' list prefix_off_link '200::/64' list dns '2001:4860:4860::8888' diff --git a/net/uradvd/files/uradvd.init b/net/uradvd/files/uradvd.init index a80b6ed1d5feae..379c45930fdb1c 100755 --- a/net/uradvd/files/uradvd.init +++ b/net/uradvd/files/uradvd.init @@ -17,7 +17,7 @@ append_dns() { } start_instance() { - local cfg="$1" enabled device ifname default_lifetime + local cfg="$1" enabled device ifname default_lifetime valid_lifetime preferred_lifetime max_router_adv_interval min_router_adv_interval ARGS="" @@ -25,8 +25,13 @@ start_instance() { config_get device $cfg 'device' config_get ifname $cfg 'ifname' config_get default_lifetime $cfg 'default_lifetime' + config_get valid_lifetime $cfg 'valid_lifetime' + config_get preferred_lifetime $cfg 'preferred_lifetime' + config_get max_router_adv_interval $cfg 'max_router_adv_interval' + config_get min_router_adv_interval $cfg 'min_router_adv_interval' if [ "$enabled" != "1" ]; then + echo "Disabled in /etc/config/uradvd" >&2 exit 0 fi @@ -53,6 +58,22 @@ start_instance() { ARGS="$ARGS --default-lifetime $default_lifetime" fi + if [ -n "$valid_lifetime" ]; then + ARGS="$ARGS --valid-lifetime $valid_lifetime" + fi + + if [ -n "$preferred_lifetime" ]; then + ARGS="$ARGS --preferred-lifetime $preferred_lifetime" + fi + + if [ -n "$max_router_adv_interval" ]; then + ARGS="$ARGS --max-router-adv-interval $max_router_adv_interval" + fi + + if [ -n "$min_router_adv_interval" ]; then + ARGS="$ARGS --min-router-adv-interval $min_router_adv_interval" + fi + ARGS="$ARGS -i $ifname" diff --git a/net/v2ray-geodata/Makefile b/net/v2ray-geodata/Makefile index b89421b2e64619..c83e484f678f9d 100644 --- a/net/v2ray-geodata/Makefile +++ b/net/v2ray-geodata/Makefile @@ -12,31 +12,31 @@ PKG_MAINTAINER:=Tianling Shen include $(INCLUDE_DIR)/package.mk -GEOIP_VER:=202506050146 +GEOIP_VER:=202510050144 GEOIP_FILE:=geoip.dat.$(GEOIP_VER) define Download/geoip URL:=https://github.com/v2fly/geoip/releases/download/$(GEOIP_VER)/ URL_FILE:=geoip.dat FILE:=$(GEOIP_FILE) - HASH:=58bf8f086473cad7df77f032815eb8d96bbd4a1aaef84c4f7da18cf1a3bb947a + HASH:=c23ac8343e9796f8cc8b670c3aeb6df6d03d4e8914437a409961477f6b226098 endef -GEOSITE_VER:=20250627153051 +GEOSITE_VER:=20250916122507 GEOSITE_FILE:=dlc.dat.$(GEOSITE_VER) define Download/geosite URL:=https://github.com/v2fly/domain-list-community/releases/download/$(GEOSITE_VER)/ URL_FILE:=dlc.dat FILE:=$(GEOSITE_FILE) - HASH:=01dae2a9c31b5c74ba7e54d8d51e0060688ed22da493eaf09f6eeeec89db395e + HASH:=1a7dad0ceaaf1f6d12fef585576789699bd1c6ea014c887c04b94cb9609350e9 endef -GEOSITE_IRAN_VER:=202506300044 +GEOSITE_IRAN_VER:=202510130040 GEOSITE_IRAN_FILE:=iran.dat.$(GEOSITE_IRAN_VER) define Download/geosite-ir URL:=https://github.com/bootmortis/iran-hosted-domains/releases/download/$(GEOSITE_IRAN_VER)/ URL_FILE:=iran.dat FILE:=$(GEOSITE_IRAN_FILE) - HASH:=9dc1d277be21851fbb7e4e7376f8b9cfe2d47b6ade9cf4459de35596e20782b6 + HASH:=ddbdbfcc33e8eb6f235f7542cd71d291a9002387b8b858286e913d35e2d9aa02 endef define Package/v2ray-geodata/template diff --git a/net/v2raya/Makefile b/net/v2raya/Makefile index ff30e1fb292f25..d767b36c7313aa 100644 --- a/net/v2raya/Makefile +++ b/net/v2raya/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=v2rayA -PKG_VERSION:=2.2.6.7 +PKG_VERSION:=2.2.7.3 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/v2rayA/v2rayA/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=1cfc53a2e45a14db260c1e4bfec2d70cf79167fc2529d05835943ce77dac2c39 +PKG_HASH:=4b36275dff287d8cf03ee8fa5331d731593f35020459a8ea0ff925e8496a52cf PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)/service PKG_LICENSE:=AGPL-3.0-only @@ -59,7 +59,7 @@ define Download/v2raya-web URL:=https://github.com/v2rayA/v2rayA/releases/download/v$(PKG_VERSION)/ URL_FILE:=web.tar.gz FILE:=$(WEB_FILE) - HASH:=d871f119812979a20da3f57a792d7842dad4c4b528c8ec9e4a9aea29b8508147 + HASH:=99e789fa7cbfe9f6bc49afa8365556dff6d6c664e6136b045dd7f43322d0de7f endef define Build/Prepare diff --git a/net/yggdrasil/Makefile b/net/yggdrasil/Makefile index 408c55b749a786..f4b937c7cad6ed 100644 --- a/net/yggdrasil/Makefile +++ b/net/yggdrasil/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=yggdrasil -PKG_VERSION:=0.5.9 +PKG_VERSION:=0.5.12 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/yggdrasil-network/yggdrasil-go/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=ed7e310292234dd871aa0f02e5e131b876a675ebad43a1785e986b0eaa8069dc +PKG_HASH:=6504a1e4095e091e7d6f1baa36602e3258a62c5025671b61eccbf8be532c7a0b PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-go-$(PKG_VERSION) PKG_MAINTAINER:=William Fleurant diff --git a/net/znc/Makefile b/net/znc/Makefile index 5a8ca89b176dbc..f3c44671a28e91 100644 --- a/net/znc/Makefile +++ b/net/znc/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=znc PKG_VERSION:=1.10.1 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://znc.in/releases \ diff --git a/net/znc/files/znc.init b/net/znc/files/znc.init index 9355cbb72458e7..10b376da6fde64 100644 --- a/net/znc/files/znc.init +++ b/net/znc/files/znc.init @@ -205,7 +205,6 @@ start_service() { procd_open_instance procd_set_param file /etc/config/znc - [ "$EXTERNAL_CONFIG" -eq 1 ] && procd_set_param file "${ZNC_CONFIG}/configs/znc.conf" procd_set_param command /usr/bin/znc procd_append_param command -f -d$ZNC_CONFIG_PATH procd_set_param user ${RUNAS_USER} diff --git a/sound/fluidsynth/Makefile b/sound/fluidsynth/Makefile new file mode 100644 index 00000000000000..f8bad01f2ebbc7 --- /dev/null +++ b/sound/fluidsynth/Makefile @@ -0,0 +1,78 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=fluidsynth +PKG_VERSION:=2.4.5 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://codeload.github.com/FluidSynth/fluidsynth/tar.gz/v$(PKG_VERSION)? +PKG_HASH:=2d2a5ca35bbb3f3fd241ef388a0cb3ae5755ebbb78121c7869f02b021d694810 + +PKG_MAINTAINER:=Daniel Golle +PKG_LICENSE:=LGPL-2.1 +PKG_LICENSE_FILES:=LICENSE + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/cmake.mk +include $(INCLUDE_DIR)/nls.mk + +CMAKE_INSTALL:=1 + +CMAKE_OPTIONS += \ + -Denable-coverage=off \ + -Denable-floats=off \ + -Denable-fpe-check=off \ + -Denable-portaudio=off \ + -Denable-profiling=off \ + -Denable-trap-on-fpe=off \ + -Denable-ubsan=off \ + -Denable-alsa=on \ + -Denable-aufile=off \ + -DBUILD_SHARED_LIBS=on \ + -Denable-dbus=off \ + -Denable-ipv6=off \ + -Denable-jack=off \ + -Denable-ladspa=off \ + -Denable-libinstpatch=off \ + -Denable-libsndfile=on \ + -Denable-midishare=off \ + -Denable-opensles=off \ + -Denable-oboe=off \ + -Denable-network=off \ + -Denable-oss=off \ + -Denable-dsound=off \ + -Denable-wasapi=off \ + -Denable-waveout=off \ + -Denable-winmidi=off \ + -Denable-sdl2=off \ + -Denable-sdl3=off \ + -Denable-pulseaudio=off \ + -Denable-pipewire=off \ + -Denable-readline=off \ + -Denable-threads=off \ + -Denable-openmp=off \ + -Denable-systemd=off \ + -Denable-coreaudio=off \ + -Denable-coremidi=off \ + -Denable-framework=off \ + -Denable-dart=off \ + -Denable-kai=off + +define Package/libfluidsynth + SECTION:=sound + CATEGORY:=Sound + TITLE:=A SoundFont Synthesizer + URL:=https://www.fluidsynth.org + DEPENDS:=+alsa-lib +glib2 +libsndfile +libstdcpp +endef + +define Package/libfluidsynth/description +FluidSynth is a cross-platform, real-time software synthesizer based on the Soundfont 2 specification. +endef + +define Package/libfluidsynth/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/*.so* $(1)/usr/lib/ +endef + +$(eval $(call BuildPackage,libfluidsynth)) diff --git a/utils/arp-whisper/Makefile b/utils/arp-whisper/Makefile index 207ed5f1b50527..17963539d70031 100644 --- a/utils/arp-whisper/Makefile +++ b/utils/arp-whisper/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=arp-whisper PKG_VERSION:=0.1.2 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/FacundoAcevedo/arp-whisper/tar.gz/v$(PKG_VERSION)? @@ -19,6 +19,8 @@ PKG_LICENSE_FILES:=LICENCE PKG_BUILD_DEPENDS:=rust/host PKG_BUILD_PARALLEL:=1 +RUST_PKG_LOCKED:=0 + include $(INCLUDE_DIR)/package.mk include ../../lang/rust/rust-package.mk @@ -26,13 +28,13 @@ define Package/arp-whisper SECTION:=utils CATEGORY:=Utilities TITLE:=ARP responses based on MAC-IP pairs - DEPENDS:=$(RUST_ARCH_DEPENDS) + DEPENDS:=$(RUST_ARCH_DEPENDS) URL:=https://github.com/FacundoAcevedo/arp-whisper endef define Package/arp-whisper/description arp-whisper listens to ARP requests on a network interface and responds - to them based on a list of IP-MAC address mappings defined in a + to them based on a list of IP-MAC address mappings defined in a configuration file. endef diff --git a/utils/bash/Makefile b/utils/bash/Makefile index b55e02c8ce6610..6afe72cc26b704 100644 --- a/utils/bash/Makefile +++ b/utils/bash/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=bash -PKG_VERSION:=5.2.32 +PKG_VERSION:=5.2.37 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=@GNU/bash -PKG_HASH:=d3ef80d2b67d8cbbe4d3265c63a72c46f9b278ead6e0e06d61801b58f23f50b5 +PKG_HASH:=9599b22ecd1d5787ad7d3b7bf0c59f312b3396d1e281175dd1f8a4014da621ff PKG_MAINTAINER:=Marcel Denia PKG_LICENSE:=GPL-3.0-or-later @@ -68,6 +68,7 @@ CONFIGURE_VARS += \ bash_cv_job_control_missing=present \ bash_cv_dev_fd=whacky \ bash_cv_sys_named_pipes=present \ + CFLAGS_FOR_BUILD="-std=gnu17" \ # The following are some other tests that cannot run when cross-compiling CONFIGURE_VARS += \ @@ -83,6 +84,8 @@ CONFIGURE_ARGS+= \ --enable-job-control \ --enable-readline +TARGET_CFLAGS += -std=gnu17 + define Package/bash/postinst #!/bin/sh grep -q bash "$${IPKG_INSTROOT}/etc/shells" || { @@ -99,3 +102,4 @@ define Package/bash/install endef $(eval $(call BuildPackage,bash)) + diff --git a/utils/bigclown/bigclown-gateway/0002-fix-support-for-decimals.patch b/utils/bigclown/bigclown-gateway/0002-fix-support-for-decimals.patch new file mode 100644 index 00000000000000..1736cc99575d62 --- /dev/null +++ b/utils/bigclown/bigclown-gateway/0002-fix-support-for-decimals.patch @@ -0,0 +1,65 @@ +From df50e792cbc0c6e03fde2397e9802c81bca1c89b Mon Sep 17 00:00:00 2001 +From: Martin Pecka +Date: Wed, 22 Oct 2025 02:15:04 +0200 +Subject: [PATCH] Fix support for Decimals + +--- + bcg/gateway.py | 21 ++++++++++++++++++--- + 1 file changed, 18 insertions(+), 3 deletions(-) + +--- a/bcg/gateway.py ++++ b/bcg/gateway.py +@@ -11,11 +11,26 @@ import yaml + import serial + import paho.mqtt.client + import appdirs ++from collections.abc import Mapping, Iterable + + if platform.system() == 'Linux': + import fcntl + + ++# https://stackoverflow.com/a/60243503/1076564 ++class DecimalJSONEncoder(json.JSONEncoder): ++ """Add support for encoding Decimal""" ++ def encode(self, obj): ++ if isinstance(obj, Mapping): ++ return '{' + ', '.join(f'{self.encode(k)}: {self.encode(v)}' for (k, v) in obj.items()) + '}' ++ if isinstance(obj, Iterable) and (not isinstance(obj, str)): ++ return '[' + ', '.join(map(self.encode, obj)) + ']' ++ if isinstance(obj, decimal.Decimal): ++ # using normalize() gets rid of trailing 0s, using ':f' prevents scientific notation ++ return f'{obj.normalize():f}' ++ return super().encode(obj) ++ ++ + class Gateway: + + def __init__(self, config): +@@ -218,7 +233,7 @@ class Gateway: + node_id = self._node_rename_name.get(node_name, None) + if node_id: + topic = node_id + topic[i:] +- line = json.dumps([topic, payload], use_decimal=True) + '\n' ++ line = json.dumps([topic, payload], cls=DecimalJSONEncoder) + '\n' + line = line.encode('utf-8') + logging.debug("write %s", line) + self.ser.write(line) +@@ -226,7 +241,7 @@ class Gateway: + def publish(self, topic, payload): + if isinstance(topic, list): + topic = '/'.join(topic) +- self.mqttc.publish(self._config['base_topic_prefix'] + topic, json.dumps(payload, use_decimal=True), qos=1) ++ self.mqttc.publish(self._config['base_topic_prefix'] + topic, json.dumps(payload, cls=DecimalJSONEncoder), qos=1) + + def log_message(self, line): + logging.debug('log_message %s', line) +@@ -324,7 +339,7 @@ class Gateway: + if node_name: + subtopic = node_name + '/' + topic + +- self.mqttc.publish(self._config['base_topic_prefix'] + "node/" + subtopic, json.dumps(payload, use_decimal=True), qos=self._msg_qos, retain=self._msg_retain) ++ self.mqttc.publish(self._config['base_topic_prefix'] + "node/" + subtopic, json.dumps(payload, cls=DecimalJSONEncoder), qos=self._msg_qos, retain=self._msg_retain) + + except Exception: + raise diff --git a/utils/bigclown/bigclown-gateway/Makefile b/utils/bigclown/bigclown-gateway/Makefile index 6adc7c414277ab..a8ff654814172a 100644 --- a/utils/bigclown/bigclown-gateway/Makefile +++ b/utils/bigclown/bigclown-gateway/Makefile @@ -5,11 +5,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=bigclown-gateway -PKG_VERSION:=1.16.2 -PKG_RELEASE:=3 +PKG_VERSION:=1.17.0 +PKG_RELEASE:=1 PYPI_NAME:=bcg -PKG_HASH:=ce7f27f372551c0beb3f8929af2d779417d9dcd0feaa2fa2dc49e87b1416c536 +PKG_HASH:=38a423952160e8cd468157af4a1fecec9f9c903de3309da277164ac14a421c58 PKG_MAINTAINER:=Josef Schlehofer   PKG_LICENSE:=MIT diff --git a/utils/dos2unix/Makefile b/utils/dos2unix/Makefile index 4a5e25872c916f..900eb4174ca62c 100644 --- a/utils/dos2unix/Makefile +++ b/utils/dos2unix/Makefile @@ -5,13 +5,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dos2unix -PKG_VERSION:=7.5.2 +PKG_VERSION:=7.5.3 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://waterlan.home.xs4all.nl/dos2unix/ \ @SF/dos2unix -PKG_HASH:=264742446608442eb48f96c20af6da303cb3a92b364e72cb7e24f88239c4bf3a +PKG_HASH:=28a4b0d9f9179da4e44c567b9c01f818b070a20827115fffd96f760dcfa0f3b2 PKG_MAINTAINER:=Tianling Shen PKG_LICENSE:=BSD-2-Clause diff --git a/utils/fx/Makefile b/utils/fx/Makefile index fd5af83839096f..041bb36576a834 100644 --- a/utils/fx/Makefile +++ b/utils/fx/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fx -PKG_VERSION:=35.0.0 +PKG_VERSION:=39.0.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/antonmedv/fx/tar.gz/$(PKG_VERSION)? -PKG_HASH:=5ab642bb91ad9c1948de1add2d62acec22d82398e420957c191c1549999eb351 +PKG_HASH:=0ddbef45762a3a2b4b13afb03093139121422b6f73aecbf2b6655598bd98575f PKG_MAINTAINER:=Fabian Lipken PKG_LICENSE:=MIT diff --git a/utils/gzip/Makefile b/utils/gzip/Makefile index 64189a8bc353ce..c4c50465c88a90 100644 --- a/utils/gzip/Makefile +++ b/utils/gzip/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=gzip -PKG_VERSION:=1.13 +PKG_VERSION:=1.14 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@GNU/gzip -PKG_HASH:=7454eb6935db17c6655576c2e1b0fabefd38b4d0936e0f87f48cd062ce91a057 +PKG_HASH:=01a7b881bd220bfdf615f97b8718f80bdfd3f6add385b993dcf6efd14e8c0ac6 PKG_LICENSE:=GPL-3.0-or-later PKG_CPE_ID:=cpe:/a:gnu:gzip @@ -40,6 +40,9 @@ define Package/gzip/description replacement for compress. endef + +TARGET_CFLAGS += -std=gnu17 + CONFIGURE_VARS += \ gl_cv_func_getopt_gnu=yes \ ac_cv_search_clock_gettime=no diff --git a/utils/jq/Makefile b/utils/jq/Makefile index 4b724639166b32..5ac4a30dc51f8c 100644 --- a/utils/jq/Makefile +++ b/utils/jq/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=jq -PKG_VERSION:=1.7.1 +PKG_VERSION:=1.8.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/jqlang/jq/releases/download/$(PKG_NAME)-$(PKG_VERSION) -PKG_HASH:=478c9ca129fd2e3443fe27314b455e211e0d8c60bc8ff7df703873deeee580c2 +PKG_HASH:=2be64e7129cecb11d5906290eba10af694fb9e3e7f9fc208a311dc33ca837eb0 PKG_MAINTAINER:=Marko Ratkaj PKG_LICENSE:=MIT @@ -27,22 +27,52 @@ include $(INCLUDE_DIR)/package.mk CONFIGURE_ARGS+= \ --disable-docs \ --disable-valgrind \ - --without-oniguruma -define Package/jq +define Package/jq/Default SECTION:=utils CATEGORY:=Utilities - TITLE:=Lightweight and flexible command-line JSON processor. + TITLE:=Lightweight and flexible command-line JSON processor URL:=https://jqlang.github.io/jq/ + PROVIDES:=jq +endef + +define Package/jq + $(Package/jq/Default) + TITLE+= without regex support. + VARIANT:=noregex + DEFAULT_VARIANT:=1 endef define Package/jq/description - Lightweight and flexible command-line JSON processor. + Lightweight and flexible command-line JSON processor. + This package was compiled without ONIGURUMA regex libary. match/test/sub and related functions are not available. +endef + +define Package/jq-full + $(Package/jq/Default) + TITLE+= with regex support. + VARIANT:=regex + DEPENDS+=+oniguruma +endef + +define Package/jq-full/description + Lightweight and flexible command-line JSON processor. + This package was compiled with ONIGURUMA regex libary and has full regex support. endef -define Package/jq/install +ifeq ($(BUILD_VARIANT),noregex) + CONFIGURE_ARGS += --without-oniguruma +endif + +define Package/jq/install/Default $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_DIR) $(1)/usr/lib $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/* $(1)/usr/bin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/libjq.so* $(1)/usr/lib endef +Package/jq/install = $(Package/jq/install/Default) +Package/jq-full/install = $(Package/jq/install/Default) + $(eval $(call BuildPackage,jq)) +$(eval $(call BuildPackage,jq-full)) diff --git a/utils/lf/Makefile b/utils/lf/Makefile new file mode 100644 index 00000000000000..fc57a16f23dab0 --- /dev/null +++ b/utils/lf/Makefile @@ -0,0 +1,45 @@ +# SPDX-License-Identifier: MIT +# +# Copyright (C) 2025 Nate Robinson + +include $(TOPDIR)/rules.mk + +PKG_NAME:=lf +PKG_VERSION:=38 +PKG_RELEASE:=1 + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://github.com/gokcehan/lf.git +PKG_SOURCE_VERSION:=r$(PKG_VERSION) +PKG_MIRROR_HASH:=ff99f81df2b30e37f6e34952ba1b004e3f8b641954e35bf87a359a88a6926faf + +PKG_MAINTAINER:=Nate Robinson +PKG_LICENSE:=MIT +PKG_LICENSE_FILES:=LICENSE + +PKG_BUILD_DEPENDS:=golang/host +PKG_BUILD_PARALLEL:=1 +PKG_BUILD_FLAGS:=no-mips16 + +GO_PKG:=github.com/gokcehan/lf +GO_PKG_LDFLAGS_X:=main.gVersion=$(PKG_VERSION) + +include $(INCLUDE_DIR)/package.mk +include ../../lang/golang/golang-package.mk + +define Package/lf + SUBMENU:=Filesystem + SECTION:=utils + CATEGORY:=Utilities + TITLE:=Terminal file manager + URL:=https://github.com/gokcehan/lf + DEPENDS:=$(GO_ARCH_DEPENDS) +endef + +define Package/lf/description + lf (as in "list files") is a terminal file manager written in Go + with a heavy inspiration from the ranger file manager. +endef + +$(eval $(call GoBinPackage,lf)) +$(eval $(call BuildPackage,lf)) diff --git a/utils/lf/test.sh b/utils/lf/test.sh new file mode 100644 index 00000000000000..a07b6a9f0fcb34 --- /dev/null +++ b/utils/lf/test.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +lf --version | grep "$PKG_VERSION" diff --git a/utils/lvm2/Makefile b/utils/lvm2/Makefile index e9ed9336742ff8..1f63343f65cfca 100644 --- a/utils/lvm2/Makefile +++ b/utils/lvm2/Makefile @@ -148,7 +148,7 @@ define Package/lvm2/install $(INSTALL_BIN) ./files/lvm2.init $(1)/etc/init.d/lvm2 $(INSTALL_DIR) $(1)/etc/hotplug.d/block $(INSTALL_DATA) ./files/lvm2.hotplug $(1)/etc/hotplug.d/block/20-lvm2 - $(FIND) $(PKG_INSTALL_DIR)/usr/sbin/ -type l -exec $(CP) -a {} $(1)/sbin/ \; + $(FIND) $(PKG_INSTALL_DIR)/usr/sbin/ -type l -print0 | xargs -0 -r $(CP) -a -t $(1)/sbin/ endef Package/lvm2-selinux/install = $(Package/lvm2/install) diff --git a/utils/lxc/Config.in b/utils/lxc/Config.in index 53d7ba5fd733cd..3b5a78ed7a01d0 100644 --- a/utils/lxc/Config.in +++ b/utils/lxc/Config.in @@ -8,6 +8,7 @@ config LXC_KERNEL_OPTIONS select KERNEL_NAMESPACES select KERNEL_DEVPTS_MULTIPLE_INSTANCES select KERNEL_POSIX_MQUEUE + select KERNEL_CGROUP_DEVICE select KERNEL_CGROUP_SCHED select KERNEL_FAIR_GROUP_SCHED select KERNEL_RT_GROUP_SCHED @@ -16,6 +17,7 @@ config LXC_KERNEL_OPTIONS select KERNEL_MEMCG_KMEM select KERNEL_CPUSETS select PACKAGE_kmod-ikconfig + select PACKAGE_kmod-unix-diag help Select needed kernel options for LXC related utilities. Options include cgroups, namespaces and other miscellaneous options. These @@ -50,6 +52,10 @@ config LXC_NETWORKING default n select PACKAGE_kmod-veth select PACKAGE_kmod-macvlan + select PACKAGE_kmod-inet-diag + select PACKAGE_kmod-ipt-checksum + select PACKAGE_kmod-netlink-diag + select PACKAGE_kmod-packet-diag help Enable "veth pair device" and "macvlan" diff --git a/utils/lxc/Makefile b/utils/lxc/Makefile index 0cda02d48d3ac9..7bd93b28f153f7 100644 --- a/utils/lxc/Makefile +++ b/utils/lxc/Makefile @@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lxc -PKG_VERSION:=6.0.2 +PKG_VERSION:=6.0.5 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://linuxcontainers.org/downloads/lxc/ -PKG_HASH:=1930aa10d892db8531d1353d15f7ebf5913e74a19e134423e4d074c07f2d6e8b +PKG_HASH:=2e540c60b9dd49e7ee1a4efa5e9c743b05df911b81b375ed5043d9dd7ee0b48a PKG_MAINTAINER:=Marko Ratkaj PKG_LICENSE:=LGPL-2.1-or-later BSD-2-Clause GPL-2.0 @@ -50,7 +50,7 @@ LXC_SCRIPTS += \ DEPENDS_APPLETS = +libpthread +libcap +liblxc -DEPENDS_create = +lxc-configs +lxc-hooks +lxc-templates +flock +getopt +DEPENDS_create = +lxc-configs +lxc-hooks +lxc-templates +flock +getopt +tar define Package/lxc/Default SECTION:=utils @@ -103,6 +103,11 @@ define Package/lxc-unprivileged/install $(INSTALL_DATA) ./files/lxc-unprivileged.defaults $(1)/etc/uci-defaults/lxc-unprivileged endef +define Package/lxc-unprivileged/conffiles +/etc/subgid +/etc/subuid +endef + define Package/lxc/config source "$(SOURCE)/Config.in" endef diff --git a/utils/lxc/patches/010-lxc-checkconfig-remove-options-for-lxc-net.patch b/utils/lxc/patches/010-lxc-checkconfig-remove-options-for-lxc-net.patch new file mode 100644 index 00000000000000..4423b4e451b84c --- /dev/null +++ b/utils/lxc/patches/010-lxc-checkconfig-remove-options-for-lxc-net.patch @@ -0,0 +1,19 @@ +--- a/src/lxc/cmd/lxc-checkconfig.in ++++ b/src/lxc/cmd/lxc-checkconfig.in +@@ -250,16 +250,10 @@ if { [ "${KVER_MAJOR}" -gt 3 ] && [ "${K + printf "CONFIG_NF_NAT_IPV6: " && is_enabled CONFIG_NF_NAT_IPV6 && is_probed nf_nat_ipv6 + fi + echo +-printf "CONFIG_IP_NF_TARGET_MASQUERADE: " && is_enabled CONFIG_IP_NF_TARGET_MASQUERADE && is_probed nf_nat_masquerade_ipv4 +-echo +-printf "CONFIG_IP6_NF_TARGET_MASQUERADE: " && is_enabled CONFIG_IP6_NF_TARGET_MASQUERADE && is_probed nf_nat_masquerade_ipv6 +-echo + printf "CONFIG_NETFILTER_XT_TARGET_CHECKSUM: " && is_enabled CONFIG_NETFILTER_XT_TARGET_CHECKSUM && is_probed xt_CHECKSUM + echo + printf "CONFIG_NETFILTER_XT_MATCH_COMMENT: " && is_enabled CONFIG_NETFILTER_XT_MATCH_COMMENT && is_probed xt_comment + echo +-printf "FUSE (for use with lxcfs): " && is_enabled CONFIG_FUSE_FS && is_probed fuse +-echo + + echo " + --- Checkpoint/Restore ---" diff --git a/utils/lxc/patches/015-lxc-checkconfig-remove-options-for-lxc-checkpoint.patch b/utils/lxc/patches/015-lxc-checkconfig-remove-options-for-lxc-checkpoint.patch new file mode 100644 index 00000000000000..c69cdaf4bb31f8 --- /dev/null +++ b/utils/lxc/patches/015-lxc-checkconfig-remove-options-for-lxc-checkpoint.patch @@ -0,0 +1,12 @@ +--- a/src/lxc/cmd/lxc-checkconfig.in ++++ b/src/lxc/cmd/lxc-checkconfig.in +@@ -256,9 +256,6 @@ printf "CONFIG_NETFILTER_XT_MATCH_COMMEN + echo + + echo " +---- Checkpoint/Restore ---" +-printf "checkpoint restore: " && is_enabled CONFIG_CHECKPOINT_RESTORE +-echo + printf "CONFIG_FHANDLE: " && is_enabled CONFIG_FHANDLE + echo + printf "CONFIG_EVENTFD: " && is_enabled CONFIG_EVENTFD diff --git a/utils/lxc/patches/020-lxc-checkconfig.patch b/utils/lxc/patches/020-lxc-checkconfig.patch index 328ee9f3f08dbf..b463faa9d54c26 100644 --- a/utils/lxc/patches/020-lxc-checkconfig.patch +++ b/utils/lxc/patches/020-lxc-checkconfig.patch @@ -1,6 +1,6 @@ --- a/src/lxc/cmd/lxc-checkconfig.in +++ b/src/lxc/cmd/lxc-checkconfig.in -@@ -7,6 +7,16 @@ export LANGUAGE=en +@@ -7,6 +7,15 @@ export LANGUAGE=en # Allow environment variables to override config : "${CONFIG:=/proc/config.gz}" : "${MODNAME:=configs}" @@ -11,9 +11,16 @@ + CONFIG_NEW="/tmp/config-$(uname -r)" + $GUNZIP -c $CONFIG > $CONFIG_NEW + CONFIG=$CONFIG_NEW -+ + GREP=grep +fi GREP="grep" +@@ -255,7 +264,6 @@ echo + printf "CONFIG_NETFILTER_XT_MATCH_COMMENT: " && is_enabled CONFIG_NETFILTER_XT_MATCH_COMMENT && is_probed xt_comment + echo + +-echo " + printf "CONFIG_FHANDLE: " && is_enabled CONFIG_FHANDLE + echo + printf "CONFIG_EVENTFD: " && is_enabled CONFIG_EVENTFD diff --git a/utils/lxc/patches/025-remove-unsupported-option.patch b/utils/lxc/patches/025-remove-unsupported-option.patch index 7e7f4bffd8d908..70eb12bbe60fc3 100644 --- a/utils/lxc/patches/025-remove-unsupported-option.patch +++ b/utils/lxc/patches/025-remove-unsupported-option.patch @@ -1,9 +1,14 @@ --- a/templates/lxc-download.in +++ b/templates/lxc-download.in -@@ -380,26 +380,10 @@ if tar --version | grep -sq "bsdtar"; th - IS_BSD_TAR="true" - fi +@@ -375,32 +375,7 @@ fi + # Unpack the rootfs + echo "Unpacking the rootfs" +-IS_BSD_TAR="false" +-if tar --version | grep -sq "bsdtar"; then +- IS_BSD_TAR="true" +-fi +- -EXCLUDES="" -excludelist=$(relevant_file excludes) -if [ -f "${excludelist}" ]; then @@ -20,12 +25,12 @@ -# is to use a function wrapper, but the latter can't be used here as the args -# are dynamic. We thus need to ignore the warning brought by shellcheck. -# shellcheck disable=SC2086 - if [ "${IS_BSD_TAR}" = "true" ]; then +-if [ "${IS_BSD_TAR}" = "true" ]; then - tar ${EXCLUDES} --numeric-owner -xpJf "${LXC_CACHE_PATH}/rootfs.tar.xz" -C "${LXC_ROOTFS}" -+ tar --numeric-owner -xpJf "${LXC_CACHE_PATH}/rootfs.tar.xz" -C "${LXC_ROOTFS}" - else +-else - tar --anchored ${EXCLUDES} --numeric-owner --xattrs-include='*' -xpJf "${LXC_CACHE_PATH}/rootfs.tar.xz" -C "${LXC_ROOTFS}" -+ tar --numeric-owner --xattrs-include='*' -xpJf "${LXC_CACHE_PATH}/rootfs.tar.xz" -C "${LXC_ROOTFS}" - fi +-fi ++tar --absolute-names --numeric-owner --xattrs-include='*' -xpJf "${LXC_CACHE_PATH}/rootfs.tar.xz" -C "${LXC_ROOTFS}" mkdir -p "${LXC_ROOTFS}/dev/pts/" + diff --git a/utils/lxc/patches/030-start-re-introduce-first-SET_DUMPABLE-call.patch b/utils/lxc/patches/030-start-re-introduce-first-SET_DUMPABLE-call.patch new file mode 100644 index 00000000000000..00844717ecb6c6 --- /dev/null +++ b/utils/lxc/patches/030-start-re-introduce-first-SET_DUMPABLE-call.patch @@ -0,0 +1,29 @@ +From 2663712e8fa8f37e0bb873185e2d4526dc644764 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?St=C3=A9phane=20Graber?= +Date: Sat, 5 Apr 2025 01:11:18 -0400 +Subject: [PATCH] start: Re-introduce first SET_DUMPABLE call +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Without it, we're running into issues with complex hooks like nvidia. + +Signed-off-by: Stéphane Graber +--- + src/lxc/start.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/src/lxc/start.c ++++ b/src/lxc/start.c +@@ -1130,6 +1130,11 @@ static int do_start(void *data) + if (ret < 0) + goto out_warn_father; + ++ ret = prctl(PR_SET_DUMPABLE, prctl_arg(1), prctl_arg(0), ++ prctl_arg(0), prctl_arg(0)); ++ if (ret < 0) ++ goto out_warn_father; ++ + /* set{g,u}id() clears deathsignal */ + ret = lxc_set_death_signal(SIGKILL, handler->monitor_pid, status_fd); + if (ret < 0) { diff --git a/utils/mariadb/Makefile b/utils/mariadb/Makefile index b20bbf55087286..d25c21c8b04281 100644 --- a/utils/mariadb/Makefile +++ b/utils/mariadb/Makefile @@ -1,6 +1,6 @@ # # Copyright (C) 2018 Sebastian Kemper -# Copyright (C) 2021 Michal Hrusecky +# Copyright (C) 2025 Michal Hrusecky # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -9,13 +9,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=mariadb -PKG_VERSION:=11.4.7 -PKG_RELEASE:=1 +PKG_VERSION:=11.4.8 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL := https://archive.mariadb.org/$(PKG_NAME)-$(PKG_VERSION)/source -PKG_HASH:=bf20687ca12fa7efda8df89cab1f2a661288cea41acf8f53189b69d5294347d0 +PKG_HASH:=52fa4dca2c5f80afc1667d523a27c06176d98532298a6b0c31ed73505f49e15c PKG_MAINTAINER:=Michal Hrusecky PKG_LICENSE:=GPL-2.0-only PKG_LICENSE_FILES:=COPYING THIRDPARTY @@ -264,8 +264,8 @@ define Package/mariadb-server-base $(call Package/mariadb/Default) DEPENDS:= \ $(MARIADB_COMMON_DEPENDS) \ - +!KERNEL_IO_URING:libaio \ +KERNEL_IO_URING:liburing \ + +libaio \ +liblzma \ +libpcre2 \ +resolveip \ diff --git a/utils/mariadb/patches/210-no-altivec.patch b/utils/mariadb/patches/210-no-altivec.patch index 3fdc8bd5fe56b5..992069af8946fa 100644 --- a/utils/mariadb/patches/210-no-altivec.patch +++ b/utils/mariadb/patches/210-no-altivec.patch @@ -1,6 +1,6 @@ --- a/mysys/CMakeLists.txt +++ b/mysys/CMakeLists.txt -@@ -142,7 +142,7 @@ ENDIF() +@@ -155,7 +155,7 @@ ENDIF() IF(CMAKE_SYSTEM_PROCESSOR MATCHES "ppc64|powerpc64" OR CMAKE_SYSTEM_NAME MATCHES AIX) SET(MYSYS_SOURCES ${MYSYS_SOURCES} crc32/crc32_ppc64.c crc32/crc32c_ppc.c) SET_SOURCE_FILES_PROPERTIES(crc32/crc32_ppc64.c crc32/crc32c_ppc.c PROPERTIES diff --git a/utils/mhz/Makefile b/utils/mhz/Makefile index 7ebf26c47f1298..5b9e08602206c8 100644 --- a/utils/mhz/Makefile +++ b/utils/mhz/Makefile @@ -1,13 +1,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=mhz -PKG_RELEASE:=2 +PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=https://github.com/wtarreau/mhz.git -PKG_SOURCE_DATE:=2023-06-17 -PKG_SOURCE_VERSION:=11aac2399780a1f7ea9f007b14af0464797d5cf1 -PKG_MIRROR_HASH:=3accbc6ff26b029d257686e1a7c7f9a40ef5d914a031d31f4d46a807edbad7c3 +PKG_SOURCE_DATE:=2025-07-26 +PKG_SOURCE_VERSION:=512f63021f6f0cec8e5e13be744dba0b4704cfae +PKG_MIRROR_HASH:=1827af2ed7a3c6f4499f6aacafcb668c3efcb1274135dfa50fe5ffa3eca4e140 PKG_MAINTAINER:=Robert Marko PKG_LICENSE:=MIT diff --git a/utils/nano/Makefile b/utils/nano/Makefile index ec001548ca27cc..47cbd5054be0c6 100644 --- a/utils/nano/Makefile +++ b/utils/nano/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nano -PKG_VERSION:=8.5 +PKG_VERSION:=8.7 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@GNU/nano -PKG_HASH:=000b011d339c141af9646d43288f54325ff5c6e8d39d6e482b787bbc6654c26a +PKG_HASH:=afd287aa672c48b8e1a93fdb6c6588453d527510d966822b687f2835f0d986e9 PKG_LICENSE:=GPL-3.0-or-later PKG_LICENSE_FILES:=COPYING @@ -65,6 +65,7 @@ endef define Package/nano-plus/description nano-plus - Additional features enabled, larger size than default nano. (multibuffer, Unicode/UTF-8, help, justify, nanorc, some key bindings) + Nano set as the default EDITOR in the shell profile. $(call Package/nano/description) endef @@ -73,6 +74,7 @@ define Package/nano-full/description nano-full - all features, including syntax highlighting (also uci), multibuffer, Unicode/UTF-8, nanorc, some key bindings. (libmagic-based file type detection is disabled) + Nano set as the default EDITOR in the shell profile. Example /etc/nanorc is included. nanorc documentation at https://www.nano-editor.org/dist/latest/nanorc.5.html @@ -133,10 +135,12 @@ endef define Package/nano-plus/install $(call Package/nano/install,$1) + $(INSTALL_DIR) $(1)/etc/profile.d + $(INSTALL_DATA) ./files/nano-default-editor.sh $(1)/etc/profile.d endef define Package/nano-full/install - $(call Package/nano/install,$1) + $(call Package/nano-plus/install,$1) $(INSTALL_DIR) $(1)/etc $(1)/usr/share/nano $(INSTALL_DATA) ./files/nanorc $(1)/etc/nanorc $(INSTALL_DATA) ./files/uci.nanorc $(1)/usr/share/nano diff --git a/utils/nano/files/nano-default-editor.sh b/utils/nano/files/nano-default-editor.sh new file mode 100644 index 00000000000000..3a23154e5d9866 --- /dev/null +++ b/utils/nano/files/nano-default-editor.sh @@ -0,0 +1,2 @@ +export EDITOR=/usr/bin/nano + diff --git a/utils/nnn/Makefile b/utils/nnn/Makefile index 887ecd7006017c..5c0c35b3f41aea 100644 --- a/utils/nnn/Makefile +++ b/utils/nnn/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nnn -PKG_VERSION:=4.9 +PKG_VERSION:=5.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/jarun/nnn/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=9e25465a856d3ba626d6163046669c0d4010d520f2fb848b0d611e1ec6af1b22 +PKG_HASH:=9faaff1e3f5a2fd3ed570a83f6fb3baf0bfc6ebd6a9abac16203d057ac3fffe3 PKG_MAINTAINER:=Josef Schlehofer PKG_LICENSE:=BSD-2-Clause diff --git a/utils/nnn/patches/musl-fts.patch b/utils/nnn/patches/musl-fts.patch index 1a8179eb10a3e5..f2e62125c7661c 100644 --- a/utils/nnn/patches/musl-fts.patch +++ b/utils/nnn/patches/musl-fts.patch @@ -1,6 +1,6 @@ --- a/Makefile +++ b/Makefile -@@ -152,7 +152,7 @@ CFLAGS += -std=c11 -Wall -Wextra -Wshado +@@ -165,7 +165,7 @@ CFLAGS += -std=c11 -Wall -Wextra -Wshado CFLAGS += $(CFLAGS_OPTIMIZATION) CFLAGS += $(CFLAGS_CURSES) diff --git a/utils/owut/Makefile b/utils/owut/Makefile index 432845115319c7..fef3e826e09783 100644 --- a/utils/owut/Makefile +++ b/utils/owut/Makefile @@ -6,13 +6,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=owut -PKG_SOURCE_DATE:=2025-07-11 +PKG_SOURCE_DATE:=2025-11-16 PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git -PKG_SOURCE_VERSION:=0d00192dbe0d7fcc50a67ddab62a593dbfd91295 +PKG_SOURCE_VERSION:=af42b8afe35c09b2b6b72d3948ad724f66287f2c PKG_SOURCE_URL:=https://github.com/efahl/owut.git -PKG_MIRROR_HASH:=3cbcdd9366312c3f543c42b37eba30041560a3cbb76d0ef52c568a6417150e8a +PKG_MIRROR_HASH:=18aa5e38ccdc7bddfafcd80d716b55f5a93fdbd21615a1576053b1172756a3b3 PKG_MAINTAINER:=Eric Fahlgren PKG_LICENSE:=GPL-2.0-only diff --git a/utils/realtek-poe/Makefile b/utils/realtek-poe/Makefile index 64017245b93e7b..4005909edbb6cf 100644 --- a/utils/realtek-poe/Makefile +++ b/utils/realtek-poe/Makefile @@ -3,14 +3,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=realtek-poe -PKG_VERSION:=1.2 +PKG_VERSION:=1.3 PKG_RELEASE:=1 PKG_LICENSE:=GPL-2.0-or-later PKG_MAINTAINER:=Martin Kennedy PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/Hurricos/realtek-poe/archive/refs/tags/v$(PKG_VERSION) -PKG_HASH:=ebe58d2e0f630889d79fb84155936bc43253242857dabfb80d9da71edf92d1e0 +PKG_HASH:=b006ebf74dc552f82ef6e7b01a10bf2c5b8e46b5c1b833f0512946e76da1b9ca CMAKE_SOURCE_SUBDIR:=src include $(INCLUDE_DIR)/package.mk diff --git a/utils/shared-mime-info/Makefile b/utils/shared-mime-info/Makefile index 5e25608de55259..6be0a75c8fbf33 100644 --- a/utils/shared-mime-info/Makefile +++ b/utils/shared-mime-info/Makefile @@ -36,6 +36,19 @@ define Package/shared-mime-info/description The shared-mime-info package contains a database of MIME types and their file extensions. endef +MESON_ARG += \ + -Dbuild-tests=false \ + -Dupdate-mimedb=false \ + -Dbuild-tools=true \ + -Dbuild-translations=false + +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/lib/pkgconfig + $(CP) \ + $(PKG_INSTALL_DIR)/usr/share/pkgconfig/shared-mime-info.pc \ + $(1)/usr/lib/pkgconfig/ +endef + define Package/shared-mime-info/install $(INSTALL_DIR) $(1)/usr/bin/ $(CP) \ @@ -45,12 +58,10 @@ define Package/shared-mime-info/install $(CP) \ $(PKG_INSTALL_DIR)/usr/share/* \ $(1)/usr/share/ -endef - -define Package/shared-mime-info/postinst -#!/bin/sh - -update-mime-database /usr/share/mime/ + $(INSTALL_DIR) $(1)/etc/uci-defaults + $(INSTALL_DATA) \ + ./files/shared-mime-info.defaults \ + $(1)/etc/uci-defaults/90-shared-mime-info endef $(eval $(call BuildPackage,shared-mime-info)) diff --git a/utils/shared-mime-info/files/shared-mime-info.defaults b/utils/shared-mime-info/files/shared-mime-info.defaults new file mode 100644 index 00000000000000..0a46727522267e --- /dev/null +++ b/utils/shared-mime-info/files/shared-mime-info.defaults @@ -0,0 +1,3 @@ +#!/bin/sh + +update-mime-database /usr/share/mime/ diff --git a/utils/swanmon/Makefile b/utils/swanmon/Makefile index 6dd96757345d71..c523ae634e0a48 100644 --- a/utils/swanmon/Makefile +++ b/utils/swanmon/Makefile @@ -24,6 +24,7 @@ PKG_BUILD_PARALLEL:=1 include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/cmake.mk +include $(INCLUDE_DIR)/nls.mk define Package/swanmon SECTION:=utils diff --git a/utils/syncthing/Makefile b/utils/syncthing/Makefile index 6188efe75339ac..08703e0fc7bf64 100644 --- a/utils/syncthing/Makefile +++ b/utils/syncthing/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=syncthing PKG_VERSION:=1.30.0 -PKG_RELEASE:=1 +PKG_RELEASE:=3 PKG_SOURCE:=syncthing-source-v$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/syncthing/syncthing/releases/download/v$(PKG_VERSION) diff --git a/utils/syncthing/files/stdiscosrv.conf b/utils/syncthing/files/stdiscosrv.conf index e51ddef6629ec6..5606c5f2521938 100644 --- a/utils/syncthing/files/stdiscosrv.conf +++ b/utils/syncthing/files/stdiscosrv.conf @@ -4,15 +4,16 @@ config stdiscosrv 'stdiscosrv' option listen ':8443' option db_dir '/etc/stdiscosrv/discovery.db' - # # Find the documents from: https://docs.syncthing.net/users/stdiscosrv.html + # Find the documents from: https://docs.syncthing.net/users/stdiscosrv.html # option cert '/etc/stdiscosrv/cert.pem' # option key '/etc/stdiscosrv/key.pem' + # option db_flush_interval '5m' # option metrics_listen '' - # option replicate '' - # option replication_listen ':19200' - # # CLI options with no value should be defined as booleans and theirs - # # names should be prefixed with '_'. - # option _debug '0' - # option _http '1' + # Running as 'root' is possible, but not recommended + # option user 'syncthing' + # CLI options with no value should be defined as booleans + # option compression '0' + # option debug '0' + # option http '1' diff --git a/utils/syncthing/files/stdiscosrv.init b/utils/syncthing/files/stdiscosrv.init index 566fb12eb57996..bc1da536a51877 100644 --- a/utils/syncthing/files/stdiscosrv.init +++ b/utils/syncthing/files/stdiscosrv.init @@ -13,44 +13,36 @@ config_cb() { option_cb() { local option="$1" local value="$2" - case $option in - enabled|listen|cert|db_dir|key) - eval $option=$value - ;; - _*) - [ "$value" = "0" ] || extra_args="$extra_args -${option//_/-}" - ;; - *) - extra_args="$extra_args -${option//_/-}=$value" - ;; - esac - } - - list_cb() { - local name="$1" - local value="$2" - [ "$name" = "_" ] && extra_args="$extra_args --${value//_/-}" || return 0 + # Remove the leading underscore from the option name for backward + # compatibility + option="${option#_}" + eval $option="$value" } } -service_triggers() -{ - procd_add_reload_trigger "stdiscosrv" +service_triggers() { + procd_add_reload_trigger 'stdiscosrv' } start_service() { - local extra_args - # Options with default value different with the syncthing should be defined explicitly here + local conf_dir='/etc/stdiscosrv' + + # Options with default value different with the syncthing should be defined + # explicitly here local enabled=0 - local listen=":8443" - local conf_dir="/etc/stdiscosrv" + local compression=0 local cert="$conf_dir/cert.pem" - local key="$conf_dir/key.pem" local db_dir="$conf_dir/discovery.db" + local db_flush_interval='' + local debug=0 + local http=0 + local key="$conf_dir/key.pem" + local listen=':8443' + local metrics_listen='' local nice=0 - local user="syncthing" + local user='syncthing' - config_load "stdiscosrv" + config_load 'stdiscosrv' [ "$enabled" -gt 0 ] || return 0 @@ -59,19 +51,22 @@ start_service() { [ -d "$db_dir" ] || mkdir -p "$db_dir" [ -d "$conf_dir" ] && chown -R "$user":"$group" "$conf_dir" - config_get nice stdiscosrv nice "0" - procd_open_instance procd_set_param command "$PROG" - procd_append_param command --listen="$listen" - procd_append_param command --db-dir="$db_dir" procd_append_param command --cert="$cert" + [ "$compression" -eq 0 ] || procd_append_param command --compression + procd_append_param command --db-dir="$db_dir" + [ -z "$db_flush_interval" ] || procd_append_param command --db-flush-interval="$db_flush_interval" + [ "$debug" -eq 0 ] || procd_append_param command --debug + [ "$http" -eq 0 ] || procd_append_param command --http procd_append_param command --key="$key" - [ -z "$extra_args" ] || procd_append_param command "$extra_args" + procd_append_param command --listen="$listen" + [ -z "$metrics_listen" ] || procd_append_param command --metrics-listen="$metrics_listen" procd_set_param nice "$nice" procd_set_param term_timeout 15 procd_set_param user "$user" + procd_set_param group "$group" procd_set_param respawn procd_set_param stdout 1 procd_set_param stderr 1 diff --git a/utils/syncthing/files/strelaysrv.conf b/utils/syncthing/files/strelaysrv.conf index 56ac299ff58bc1..7c33a30ec4442e 100644 --- a/utils/syncthing/files/strelaysrv.conf +++ b/utils/syncthing/files/strelaysrv.conf @@ -4,13 +4,13 @@ config strelaysrv 'strelaysrv' option keys '/etc/strelaysrv' option listen ':22067' - # # Find the documents from: https://docs.syncthing.net/users/strelaysrv.html + # Find the documents from: https://docs.syncthing.net/users/strelaysrv.html # option ext_address '' # option global_rate '' # option message_timeout '1m0s' - # option nat_lease 60 - # option nat_renewal 30 - # option nat_timeout 10 + # option nat_lease '60' + # option nat_renewal '30' + # option nat_timeout '10' # option network_timeout '2m0s' # option per_session_rate '' # option ping_interval '1m0s' @@ -18,9 +18,12 @@ config strelaysrv 'strelaysrv' # option protocol 'tcp' # option provided_by '' # option status_srv ':22070' + # option token '' - # # CLI options with no value should be defined as booleans and theirs - # # names should be prefixed with '_'. - # option _debug '0' - # option _nat '0' + # Running as 'root' is possible, but not recommended + # option user 'syncthing' + # CLI options with no value should be defined as booleans + # option debug '0' + # option nat '0' + # option pprof '0' diff --git a/utils/syncthing/files/strelaysrv.init b/utils/syncthing/files/strelaysrv.init index ced126b10ab7ce..bdd472ba40ec3c 100644 --- a/utils/syncthing/files/strelaysrv.init +++ b/utils/syncthing/files/strelaysrv.init @@ -13,40 +13,44 @@ config_cb() { option_cb() { local option="$1" local value="$2" - case $option in - enabled|keys|pools|status_srv) - eval $option=$value - ;; - _*) - [ "$value" = "0" ] || extra_args="$extra_args -${option//_/-}" - ;; - *) - extra_args="$extra_args -${option//_/-}=$value" - ;; - esac - } - - list_cb() { - local name="$1" - local value="$2" - [ "$name" = "_" ] && extra_args="$extra_args --${value//_/-}" || return 0 + # Remove the leading underscore from the option name for backward + # compatibility + option="${option#_}" + eval $option="$value" } } -service_triggers() -{ - procd_add_reload_trigger "strelaysrv" +service_triggers() { + procd_add_reload_trigger 'strelaysrv' } start_service() { - local pools status_srv extra_args - # Options with default value different with the syncthing should be defined explicitly here + # Options with default value different with the syncthing should be defined + # explicitly here local enabled=0 - local keys="/etc/strelaysrv" + local debug=0 + local ext_address='' + local global_rate='' + local keys='/etc/strelaysrv' + local listen=':22067' + local message_timeout='' + local nat=0 + local nat_lease='' + local nat_renewal='' + local nat_timeout='' + local network_timeout='' local nice=0 - local user="syncthing" - - config_load "strelaysrv" + local per_session_rate='' + local ping_interval='' + local pools='' + local pprof=0 + local protocol='' + local provided_by='' + local status_srv='' + local token='' + local user='syncthing' + + config_load 'strelaysrv' [ "$enabled" -gt 0 ] || return 0 @@ -59,16 +63,32 @@ start_service() { procd_open_instance procd_set_param command "$PROG" + [ "$debug" -eq 0 ] || procd_append_param command -debug + [ -z "$ext_address" ] || procd_append_param command -ext-address="$ext_address" + [ -z "$global_rate" ] || procd_append_param command -global-rate="$global_rate" procd_append_param command -keys="$keys" - - # pools and status-srv are set to empty value by default + [ -z "$listen" ] || procd_append_param command -listen="$listen" + [ -z "$message_timeout" ] || procd_append_param command -message-timeout="$message_timeout" + [ "$nat" -eq 0 ] || procd_append_param command -nat + [ -z "$nat_lease" ] || procd_append_param command -nat-lease="$nat_lease" + [ -z "$nat_renewal" ] || procd_append_param command -nat-renewal="$nat_renewal" + [ -z "$nat_timeout" ] || procd_append_param command -nat-timeout="$nat_timeout" + [ -z "$network_timeout" ] || procd_append_param command -network-timeout="$network_timeout" + [ -z "$per_session_rate" ] || procd_append_param command -per-session-rate="$per_session_rate" + [ -z "$ping_interval" ] || procd_append_param command -ping-interval="$ping_interval" + # pools is set to an empty value by default procd_append_param command -pools="$pools" + [ "$pprof" -eq 0 ] || procd_append_param command -pprof + [ -z "$protocol" ] || procd_append_param command -protocol="$protocol" + [ -z "$provided_by" ] || procd_append_param command -provided-by="$provided_by" + # status-srv is set to an empty value by default procd_append_param command -status-srv="$status_srv" - [ -z "$extra_args" ] || procd_append_param command $extra_args + [ -z "$token" ] || procd_append_param command -token="$token" procd_set_param nice "$nice" procd_set_param term_timeout 15 procd_set_param user "$user" + procd_set_param group "$group" procd_set_param respawn procd_set_param stdout 1 procd_set_param stderr 1 diff --git a/utils/tree/Makefile b/utils/tree/Makefile index 1d3994ab19cbd6..6d60e6659f1af0 100644 --- a/utils/tree/Makefile +++ b/utils/tree/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tree -PKG_VERSION:=2.1.3 +PKG_VERSION:=2.2.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/Old-Man-Programmer/$(PKG_NAME)/tar.gz/$(PKG_VERSION)? -PKG_HASH:=3ffe2c8bb21194b088ad1e723f0cf340dd434453c5ff9af6a38e0d47e0c2723b +PKG_HASH:=5caddcbca805131ff590b126d3218019882e4ca10bc9eb490bba51c05b9b3b75 PKG_MAINTAINER:=Banglang Huang