From 499d01f14feba8eec0cfbb971708b7539ffb222d Mon Sep 17 00:00:00 2001 From: George Sapkin Date: Thu, 14 Aug 2025 22:08:00 +0300 Subject: [PATCH 001/239] yt-dlp: bump to 2025.08.11 Changelog: https://github.com/yt-dlp/yt-dlp/releases/tag/2025.08.11 Signed-off-by: George Sapkin (cherry picked from commit 9318a5fefbec3cae39d328b02dc6a5ca1e1d3b7b) --- multimedia/yt-dlp/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/multimedia/yt-dlp/Makefile b/multimedia/yt-dlp/Makefile index e5eeb6b5c86957..ca050b09f5849e 100644 --- a/multimedia/yt-dlp/Makefile +++ b/multimedia/yt-dlp/Makefile @@ -1,11 +1,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=yt-dlp -PKG_VERSION:=2025.7.21 +PKG_VERSION:=2025.8.11 PKG_RELEASE:=1 PYPI_NAME:=yt-dlp -PKG_HASH:=46fbb53eab1afbe184c45b4c17e9a6eba614be680e4c09de58b782629d0d7f43 +PKG_HASH:=dc7c120a367fe55e0f711613dc80ea29d3a4e0ed8d66104cebfbe3d36e81fdfc PYPI_SOURCE_NAME:=yt_dlp PKG_MAINTAINER:=George Sapkin From 13b041489b3a39138dcf3662ef41c285db565a07 Mon Sep 17 00:00:00 2001 From: Stan Grishin Date: Mon, 18 Aug 2025 16:34:28 +0000 Subject: [PATCH 002/239] pbr: 1.1.8-36 bugfixes - drop load_environment_flag and always load environment on start, making restart command great again - store/restore existing jshn namespace when using json() - remove unneeded sleepCount in is_wan_up() - move updated README inside files/ Signed-off-by: Stan Grishin (cherry picked from commit 51686912e0f3552bacd8ef7cf980f270c2fa3ec4) --- net/pbr/Makefile | 2 +- net/pbr/README.md | 18 ------------------ net/pbr/files/README.md | 19 +++++++++++++++++-- net/pbr/files/etc/init.d/pbr | 9 +++++---- 4 files changed, 23 insertions(+), 25 deletions(-) delete mode 100644 net/pbr/README.md diff --git a/net/pbr/Makefile b/net/pbr/Makefile index 05cc1e6ddf6720..1cea31c7289f42 100644 --- a/net/pbr/Makefile +++ b/net/pbr/Makefile @@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=pbr PKG_VERSION:=1.1.8 -PKG_RELEASE:=34 +PKG_RELEASE:=36 PKG_LICENSE:=AGPL-3.0-or-later PKG_MAINTAINER:=Stan Grishin diff --git a/net/pbr/README.md b/net/pbr/README.md deleted file mode 100644 index 3a65c6b2257cbd..00000000000000 --- a/net/pbr/README.md +++ /dev/null @@ -1,18 +0,0 @@ -# Policy-Based Routing (pbr) - -[![OpenWrt](https://img.shields.io/badge/OpenWrt-Compatible-blueviolet)](https://openwrt.org) -[![Web UI](https://img.shields.io/badge/Web_UI-Available-blue)](https://docs.openwrt.melmac.ca/pbr/) -[![License](https://img.shields.io/badge/License-GPL--3.0-lightgrey)](https://github.com/stangri/pbr/blob/master/LICENSE) - -Flexible policy-based routing (PBR) framework for OpenWrt. -Allows routing specific traffic (by IP, MAC, port, protocol, or domain) through a specific WAN, VPN, or tunnel. - -## Features - -- Route by IP, MAC, port, or domain name -- Works with WAN, VPNs (WireGuard, OpenVPN), or tunnels -- Lightweight shell-based implementation -- Optional Web UI integration via LuCI - -**Full documentation:** -[https://docs.openwrt.melmac.ca/pbr/](https://docs.openwrt.melmac.ca/pbr/) diff --git a/net/pbr/files/README.md b/net/pbr/files/README.md index 494a97c138f663..3a65c6b2257cbd 100644 --- a/net/pbr/files/README.md +++ b/net/pbr/files/README.md @@ -1,3 +1,18 @@ -# README +# Policy-Based Routing (pbr) -README is available at [https://docs.openwrt.melmac.net/pbr/](https://docs.openwrt.melmac.net/pbr/). +[![OpenWrt](https://img.shields.io/badge/OpenWrt-Compatible-blueviolet)](https://openwrt.org) +[![Web UI](https://img.shields.io/badge/Web_UI-Available-blue)](https://docs.openwrt.melmac.ca/pbr/) +[![License](https://img.shields.io/badge/License-GPL--3.0-lightgrey)](https://github.com/stangri/pbr/blob/master/LICENSE) + +Flexible policy-based routing (PBR) framework for OpenWrt. +Allows routing specific traffic (by IP, MAC, port, protocol, or domain) through a specific WAN, VPN, or tunnel. + +## Features + +- Route by IP, MAC, port, or domain name +- Works with WAN, VPNs (WireGuard, OpenVPN), or tunnels +- Lightweight shell-based implementation +- Optional Web UI integration via LuCI + +**Full documentation:** +[https://docs.openwrt.melmac.ca/pbr/](https://docs.openwrt.melmac.ca/pbr/) diff --git a/net/pbr/files/etc/init.d/pbr b/net/pbr/files/etc/init.d/pbr index 043ccfb83ede79..1f698ec4b2f304 100755 --- a/net/pbr/files/etc/init.d/pbr +++ b/net/pbr/files/etc/init.d/pbr @@ -101,7 +101,6 @@ nft_set_policy= nft_set_timeout= # run-time -load_environment_flag= aghConfigFile='/etc/AdGuardHome/AdGuardHome.yaml' gatewaySummary= wanIface4= @@ -569,7 +568,6 @@ load_environment() { return "$_ret" } local param="$1" validation_result="$2" - [ -z "$load_environment_flag" ] || return 0 case "$param" in on_boot|on_start) json init @@ -607,7 +605,6 @@ load_environment() { load_network "$param" ;; esac - load_environment_flag=1 } # shellcheck disable=SC2317 @@ -648,7 +645,7 @@ load_network() { } is_wan_up() { - local sleepCount='1' param="$1" + local param="$1" if [ -z "$(uci_get network "$procd_wan_interface")" ]; then json add error 'errorNoWanInterface' "$procd_wan_interface" json add error 'errorNoWanInterfaceHint' @@ -864,8 +861,10 @@ cleanup_sets() { json() { local status message stats i local action="$1" param="$2" value="$3"; shift 3; local info="$*"; + local _current_namespace="$_JSON_PREFIX" [ "$param" = 'error' ] && param='errors' [ "$param" = 'warning' ] && param='warnings' + json_set_namespace "${packageName}_" { json_load_file "$runningStatusFile" || json_init; } >/dev/null 2>&1 case "$action" in 'get') @@ -882,6 +881,7 @@ json() { fi printf "%b" "$i" json_select .. + json_set_namespace "$_current_namespace" return ;; 'add') @@ -903,6 +903,7 @@ json() { mkdir -p "${runningStatusFile%/*}" json_dump > "$runningStatusFile" sync + json_set_namespace "$_current_namespace" } resolver() { From 3ac4d7b69a6a6c994904b2822358fe6db83f253f Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Wed, 20 Aug 2025 17:28:22 +0800 Subject: [PATCH 003/239] rust: introduce `RUST_{HOST,PKG}_LOCKED` flag Introduce `RUST_{HOST,PKG}_LOCKED` flag (enabled by default) to respect upstream lockfile. This can be disabled by setting it to 0 if you want to have up-to-date dependencies. This change also adds new `CARGO_{HOST,PKG}_ARGS` variable to pass extra build arguments to cargo. Signed-off-by: Tianling Shen (cherry picked from commit 1000e99185ec9faaa846aeef43ca3cf72f199d5d) --- lang/rust/rust-host-build.mk | 17 +++++++++++++++++ lang/rust/rust-package.mk | 18 ++++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/lang/rust/rust-host-build.mk b/lang/rust/rust-host-build.mk index e5629293760b57..35f8fbe0ddba63 100644 --- a/lang/rust/rust-host-build.mk +++ b/lang/rust/rust-host-build.mk @@ -9,17 +9,33 @@ # Space or comma separated list of features to activate # # e.g. RUST_HOST_FEATURES:=enable-foo,with-bar +# +# +# RUST_HOST_LOCKED - Assert that `Cargo.lock` will remain unchanged +# (Enabled by default) +# +# Disable it if you want to have up-to-date dependencies +# +# e.g. RUST_HOST_LOCKED:=0 ifeq ($(origin RUST_INCLUDE_DIR),undefined) RUST_INCLUDE_DIR:=$(dir $(lastword $(MAKEFILE_LIST))) endif include $(RUST_INCLUDE_DIR)/rust-values.mk +RUST_HOST_LOCKED ?= 1 + CARGO_HOST_VARS= \ $(CARGO_HOST_CONFIG_VARS) \ CC=$(HOSTCC_NOCACHE) \ MAKEFLAGS="$(HOST_JOBS)" +CARGO_HOST_ARGS= + +ifeq ($(strip $(RUST_HOST_LOCKED)),1) + CARGO_HOST_ARGS+= --locked +endif + # $(1) path to the package (optional) # $(2) additional arguments to cargo (optional) define Host/Compile/Cargo @@ -30,6 +46,7 @@ define Host/Compile/Cargo --root $(HOST_INSTALL_DIR) \ --path "$(HOST_BUILD_DIR)/$(if $(strip $(1)),$(strip $(1)))" \ $(if $(filter --jobserver%,$(HOST_JOBS)),,-j1) \ + $(CARGO_HOST_ARGS) \ $(2) endef diff --git a/lang/rust/rust-package.mk b/lang/rust/rust-package.mk index 24341d7063f20c..18370bc35bafd2 100644 --- a/lang/rust/rust-package.mk +++ b/lang/rust/rust-package.mk @@ -9,17 +9,34 @@ # Space or comma separated list of features to activate # # e.g. RUST_PKG_FEATURES:=enable-foo,with-bar +# +# +# RUST_PKG_LOCKED - Assert that `Cargo.lock` will remain unchanged +# (Enabled by default) +# +# Disable it if you want to have up-to-date dependencies +# +# e.g. RUST_PKG_LOCKED:=0 + ifeq ($(origin RUST_INCLUDE_DIR),undefined) RUST_INCLUDE_DIR:=$(dir $(lastword $(MAKEFILE_LIST))) endif include $(RUST_INCLUDE_DIR)/rust-values.mk +RUST_PKG_LOCKED ?= 1 + CARGO_PKG_VARS= \ $(CARGO_PKG_CONFIG_VARS) \ CC=$(HOSTCC_NOCACHE) \ MAKEFLAGS="$(PKG_JOBS)" +CARGO_PKG_ARGS= + +ifeq ($(strip $(RUST_PKG_LOCKED)),1) + CARGO_PKG_ARGS+= --locked +endif + # $(1) path to the package (optional) # $(2) additional arguments to cargo (optional) define Build/Compile/Cargo @@ -30,6 +47,7 @@ define Build/Compile/Cargo --root $(PKG_INSTALL_DIR) \ --path "$(PKG_BUILD_DIR)/$(if $(strip $(1)),$(strip $(1)))" \ $(if $(filter --jobserver%,$(PKG_JOBS)),,-j1) \ + $(CARGO_PKG_ARGS) \ $(2) endef From c21161cc5be298dac7c42b74012b361a64387f52 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Wed, 20 Aug 2025 17:44:57 +0800 Subject: [PATCH 004/239] rust: read build path from `{HOST_}MAKE_PATH` Allow set build path by `{HOST_}MAKE_PATH`. Signed-off-by: Tianling Shen (cherry picked from commit 84cb850b7f967c2ed7ec4fdb55e8655a245f16dd) --- lang/rust/rust-host-build.mk | 2 +- lang/rust/rust-package.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/rust/rust-host-build.mk b/lang/rust/rust-host-build.mk index 35f8fbe0ddba63..457faf417874fc 100644 --- a/lang/rust/rust-host-build.mk +++ b/lang/rust/rust-host-build.mk @@ -44,7 +44,7 @@ define Host/Compile/Cargo --profile $(CARGO_HOST_PROFILE) \ $(if $(RUST_HOST_FEATURES),--features "$(RUST_HOST_FEATURES)") \ --root $(HOST_INSTALL_DIR) \ - --path "$(HOST_BUILD_DIR)/$(if $(strip $(1)),$(strip $(1)))" \ + --path "$(HOST_BUILD_DIR)/$(if $(strip $(1)),$(strip $(1)),$(strip $(HOST_MAKE_PATH)))" \ $(if $(filter --jobserver%,$(HOST_JOBS)),,-j1) \ $(CARGO_HOST_ARGS) \ $(2) diff --git a/lang/rust/rust-package.mk b/lang/rust/rust-package.mk index 18370bc35bafd2..57a8ccf4b77bd5 100644 --- a/lang/rust/rust-package.mk +++ b/lang/rust/rust-package.mk @@ -45,7 +45,7 @@ define Build/Compile/Cargo --profile $(CARGO_PKG_PROFILE) \ $(if $(strip $(RUST_PKG_FEATURES)),--features "$(strip $(RUST_PKG_FEATURES))") \ --root $(PKG_INSTALL_DIR) \ - --path "$(PKG_BUILD_DIR)/$(if $(strip $(1)),$(strip $(1)))" \ + --path "$(PKG_BUILD_DIR)/$(if $(strip $(1)),$(strip $(1)),$(strip $(MAKE_PATH)))" \ $(if $(filter --jobserver%,$(PKG_JOBS)),,-j1) \ $(CARGO_PKG_ARGS) \ $(2) From 98f3ce412f86504a3b827213ff0b09aa2819f623 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Wed, 20 Aug 2025 18:04:36 +0800 Subject: [PATCH 005/239] dufs: remove `--locked` flag It's enabled by default now. Signed-off-by: Tianling Shen (cherry picked from commit ee49f00287655b3512785c0b286cfaa185452dee) --- net/dufs/Makefile | 4 ---- 1 file changed, 4 deletions(-) diff --git a/net/dufs/Makefile b/net/dufs/Makefile index 476efc0aeff0d4..11384e9a1e668d 100644 --- a/net/dufs/Makefile +++ b/net/dufs/Makefile @@ -40,10 +40,6 @@ define Package/dufs/conffiles /etc/config/dufs endef -define Build/Compile - $(call Build/Compile/Cargo,,--locked) -endef - define Package/dufs/install $(INSTALL_DIR) $(1)/usr/bin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/bin/dufs $(1)/usr/bin/ From 3c8d6669a750cf84b3ebc48126267880cd2bd8fc Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Fri, 22 Aug 2025 17:10:57 +0800 Subject: [PATCH 006/239] Revert "gping: lock cargo dependencies" It's enabled by default now. Make use of MAKE_PATH while at it. This reverts commit 0118fb489659088565f948994d7c81d9f41a20a1. Signed-off-by: Tianling Shen --- net/gping/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/gping/Makefile b/net/gping/Makefile index 4990490a4293db..8170dd45c4e586 100644 --- a/net/gping/Makefile +++ b/net/gping/Makefile @@ -37,7 +37,7 @@ define Package/gping/description also plot the execution time of arbitrary commands. endef -Build/Compile = $(call Build/Compile/Cargo,gping,--locked) +MAKE_PATH:=gping $(eval $(call RustBinPackage,gping)) $(eval $(call BuildPackage,gping)) From 091d10162adbe48d9e3b5bf273db698032578c18 Mon Sep 17 00:00:00 2001 From: Wei-Ting Yang Date: Thu, 14 Aug 2025 16:23:53 +0800 Subject: [PATCH 007/239] python-urllib3: update to 2.0.7 Fix CVE-2023-45803 and CVE-2023-43804. Full changelogs: - https://github.com/urllib3/urllib3/releases/tag/v2.0.5 - https://github.com/urllib3/urllib3/releases/tag/2.0.6 - https://github.com/urllib3/urllib3/releases/tag/2.0.7 Signed-off-by: Wei-Ting Yang (cherry picked from commit 23646be59e7a3c15e60b1d210d975b647cd46dd9) --- lang/python/python-urllib3/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lang/python/python-urllib3/Makefile b/lang/python/python-urllib3/Makefile index a2739c47bade1d..8513fb6876839a 100644 --- a/lang/python/python-urllib3/Makefile +++ b/lang/python/python-urllib3/Makefile @@ -8,8 +8,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-urllib3 -PKG_VERSION:=2.0.4 -PKG_RELEASE:=2 +PKG_VERSION:=2.0.7 +PKG_RELEASE:=1 PKG_MAINTAINER:=Josef Schlehofer PKG_LICENSE:=MIT @@ -17,7 +17,7 @@ PKG_LICENSE_FILES:=LICENSE.txt PKG_CPE_ID:=cpe:/a:python:urllib3 PYPI_NAME:=urllib3 -PKG_HASH:=8d22f86aae8ef5e410d4f539fde9ce6b2113a001bb4d189e0aed70642d602b11 +PKG_HASH:=c97dfde1f7bd43a71c8d2a58e369e9b2bf692d1334ea9f9cae55add7d0dd0f84 PKG_BUILD_DEPENDS:=python-hatchling/host HOST_BUILD_DEPENDS:=python-hatchling/host From e7c2f839b32280be075df82f0b5c3641a76816cd Mon Sep 17 00:00:00 2001 From: Eric Fahlgren Date: Fri, 15 Aug 2025 18:31:27 -0700 Subject: [PATCH 008/239] owut: update to 2025.08.15 Bug fixes: efahl/owut@c6e75716d1a3 init: fix typo in file name efahl/owut@7f97ab67c2f5 examples: improve docs for writing pre-install scripts Enhancements: efahl/owut@93f2b06b8882 owut: utilize upstream limits instead of hardcoded values efahl/owut@7a45c412fc96 owut: improve usability of 'dump' option efahl/owut@35720e369ac0 owut: improve age reporting Signed-off-by: Eric Fahlgren (cherry picked from commit c79bed5fd542550024931fb809c2699937eca19f) --- utils/owut/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/utils/owut/Makefile b/utils/owut/Makefile index 432845115319c7..b96fd622b0d4e6 100644 --- a/utils/owut/Makefile +++ b/utils/owut/Makefile @@ -6,13 +6,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=owut -PKG_SOURCE_DATE:=2025-07-11 +PKG_SOURCE_DATE:=2025-08-15 PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git -PKG_SOURCE_VERSION:=0d00192dbe0d7fcc50a67ddab62a593dbfd91295 +PKG_SOURCE_VERSION:=93f2b06b8882e7543d836bac97976d190ac8b22d PKG_SOURCE_URL:=https://github.com/efahl/owut.git -PKG_MIRROR_HASH:=3cbcdd9366312c3f543c42b37eba30041560a3cbb76d0ef52c568a6417150e8a +PKG_MIRROR_HASH:=91cf14ae1ff48d32ceecac1db6e90fb7fe69c61acf2f19bb8fc9c1dbc8a0f701 PKG_MAINTAINER:=Eric Fahlgren PKG_LICENSE:=GPL-2.0-only From 89d3808d1bd196bac8637313f64adf12cec2b871 Mon Sep 17 00:00:00 2001 From: Hannu Nyman Date: Sat, 23 Aug 2025 10:05:23 +0300 Subject: [PATCH 009/239] nano: Update to 8.6 Update nano editor to version 8.6 Signed-off-by: Hannu Nyman (cherry picked from commit 61f29f743529bfca26fbc81eb7f927bf7f3b6712) --- utils/nano/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/nano/Makefile b/utils/nano/Makefile index ec001548ca27cc..77f8a2204815e8 100644 --- a/utils/nano/Makefile +++ b/utils/nano/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nano -PKG_VERSION:=8.5 +PKG_VERSION:=8.6 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@GNU/nano -PKG_HASH:=000b011d339c141af9646d43288f54325ff5c6e8d39d6e482b787bbc6654c26a +PKG_HASH:=f7abfbf0eed5f573ab51bd77a458f32d82f9859c55e9689f819d96fe1437a619 PKG_LICENSE:=GPL-3.0-or-later PKG_LICENSE_FILES:=COPYING From 6356527dd50cd86d8ad16af0ac552603b7b84957 Mon Sep 17 00:00:00 2001 From: Gregory Gullin Date: Thu, 21 Aug 2025 15:40:38 +0300 Subject: [PATCH 010/239] sing-box: update to 1.12.3 changelog: https://github.com/SagerNet/sing-box/releases/tag/v1.12.3 Signed-off-by: Gregory Gullin (cherry picked from commit 002e0559a5f3339fd5232a6e63cc00ce6886b3ab) --- net/sing-box/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/sing-box/Makefile b/net/sing-box/Makefile index 8e8b9979e4b187..d37d5cf19c7af4 100644 --- a/net/sing-box/Makefile +++ b/net/sing-box/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=sing-box -PKG_VERSION:=1.12.0 +PKG_VERSION:=1.12.3 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/SagerNet/sing-box/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=1093254161d2dac2175a589eb0b43415b89b3e0c10bb2a09ac230f320d974c82 +PKG_HASH:=3dce8ee383655908451f7f193714f0c8f90b8fd4baecb8e7e3948d263d766359 PKG_LICENSE:=GPL-3.0-or-later PKG_LICENSE_FILES:=LICENSE From c68f78fcc11a3ca9041ed9e46fb7fc63efbda565 Mon Sep 17 00:00:00 2001 From: Nate Robinson Date: Wed, 2 Jul 2025 10:53:03 -0400 Subject: [PATCH 011/239] lf: add new package https://github.com/gokcehan/lf Signed-off-by: Nate Robinson (cherry picked from commit 7e362a6e3581a0f0c6b12bc8f1f9e26d2ff7f78e) --- utils/lf/Makefile | 45 +++++++++++++++++++++++++++++++++++++++++++++ utils/lf/test.sh | 3 +++ 2 files changed, 48 insertions(+) create mode 100644 utils/lf/Makefile create mode 100644 utils/lf/test.sh diff --git a/utils/lf/Makefile b/utils/lf/Makefile new file mode 100644 index 00000000000000..1515644453f1ea --- /dev/null +++ b/utils/lf/Makefile @@ -0,0 +1,45 @@ +# SPDX-License-Identifier: MIT +# +# Copyright (C) 2025 Nate Robinson + +include $(TOPDIR)/rules.mk + +PKG_NAME:=lf +PKG_VERSION:=35 +PKG_RELEASE:=1 + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://github.com/gokcehan/lf.git +PKG_SOURCE_VERSION:=r$(PKG_VERSION) +PKG_MIRROR_HASH:=428e3e07dfae49dc1da079b77793b1e09e08afd3d7355f887ca7d2706b9d9be9 + +PKG_MAINTAINER:=Nate Robinson +PKG_LICENSE:=MIT +PKG_LICENSE_FILES:=LICENSE + +PKG_BUILD_DEPENDS:=golang/host +PKG_BUILD_PARALLEL:=1 +PKG_BUILD_FLAGS:=no-mips16 + +GO_PKG:=github.com/gokcehan/lf +GO_PKG_LDFLAGS_X:=main.gVersion=$(PKG_VERSION) + +include $(INCLUDE_DIR)/package.mk +include ../../lang/golang/golang-package.mk + +define Package/lf + SUBMENU:=Filesystem + SECTION:=utils + CATEGORY:=Utilities + TITLE:=Terminal file manager + URL:=https://github.com/gokcehan/lf + DEPENDS:=$(GO_ARCH_DEPENDS) +endef + +define Package/lf/description + lf (as in "list files") is a terminal file manager written in Go + with a heavy inspiration from the ranger file manager. +endef + +$(eval $(call GoBinPackage,lf)) +$(eval $(call BuildPackage,lf)) diff --git a/utils/lf/test.sh b/utils/lf/test.sh new file mode 100644 index 00000000000000..a07b6a9f0fcb34 --- /dev/null +++ b/utils/lf/test.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +lf --version | grep "$PKG_VERSION" From cf712aa7d7814aa792a19b9ed6237bd764f42ef6 Mon Sep 17 00:00:00 2001 From: Nate Robinson Date: Fri, 18 Jul 2025 00:42:08 -0400 Subject: [PATCH 012/239] lf: update to r36 https://github.com/gokcehan/lf/releases/tag/r36 Signed-off-by: Nate Robinson (cherry picked from commit 0715dff919ffba355d35c9f911c9c31111ae9c70) --- utils/lf/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/lf/Makefile b/utils/lf/Makefile index 1515644453f1ea..29aaec51aadf87 100644 --- a/utils/lf/Makefile +++ b/utils/lf/Makefile @@ -5,13 +5,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lf -PKG_VERSION:=35 +PKG_VERSION:=36 PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/gokcehan/lf.git PKG_SOURCE_VERSION:=r$(PKG_VERSION) -PKG_MIRROR_HASH:=428e3e07dfae49dc1da079b77793b1e09e08afd3d7355f887ca7d2706b9d9be9 +PKG_MIRROR_HASH:=0c3b63797316b4fab7eb44789cb5fe0da115f172e163b6656051ed5c0e7ccd76 PKG_MAINTAINER:=Nate Robinson PKG_LICENSE:=MIT From f7727e05d34be0a4ab672508b2feb3f98a9088d5 Mon Sep 17 00:00:00 2001 From: Jan-Niklas Burfeind Date: Thu, 21 Aug 2025 21:34:42 +0200 Subject: [PATCH 013/239] uradvd: Update to 2025-08-16 Provide four new options: --valid-lifetime --preferred-lifetime --max-router-adv-interval --min-router-adv-interval Signed-off-by: Jan-Niklas Burfeind (cherry picked from commit b2f14a5e8dc963a77d9292af7332af08973a9ba8) --- net/uradvd/Makefile | 8 ++++---- net/uradvd/files/uradvd.config | 6 +++++- net/uradvd/files/uradvd.init | 22 +++++++++++++++++++++- 3 files changed, 30 insertions(+), 6 deletions(-) diff --git a/net/uradvd/Makefile b/net/uradvd/Makefile index 696cd112ea50c7..fd63aaf3e5a36a 100644 --- a/net/uradvd/Makefile +++ b/net/uradvd/Makefile @@ -1,13 +1,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=uradvd -PKG_RELEASE:=2 +PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=https://github.com/freifunk-gluon/uradvd.git -PKG_SOURCE_DATE:=2021-09-14 -PKG_SOURCE_VERSION:=9b0da60e27c67305d251b10163e388191d566d7a -PKG_MIRROR_HASH:=84221d0044dd1e622b26ace7cb316be613d3c863293379d551d2c5c280124ddb +PKG_SOURCE_DATE:=2025-08-16 +PKG_SOURCE_VERSION:=b37524dfb0292c425fd61f5bffb3101fb1979264 +PKG_MIRROR_HASH:=1f681e2baf6f9b825668aeed9c075f532db509d7d1848e76f3e8101acf2bd476 PKG_MAINTAINER:=Moritz Warning PKG_LICENSE:=BSD-2-Clause diff --git a/net/uradvd/files/uradvd.config b/net/uradvd/files/uradvd.config index aa5486de30072f..924b7490745ef0 100644 --- a/net/uradvd/files/uradvd.config +++ b/net/uradvd/files/uradvd.config @@ -5,7 +5,11 @@ config interface # alternative: option device 'lan' option ifname 'br-lan' # lifetime of the default route (in seconds) - option default_lifetime '0' + # option default_lifetime '0' + # option valid_lifetime '86400' + # option preferred_lifetime '14400' + # option max_router_adv_interval '600' + # option min_router_adv_interval '200' list prefix_on_link '300::/64' list prefix_off_link '200::/64' list dns '2001:4860:4860::8888' diff --git a/net/uradvd/files/uradvd.init b/net/uradvd/files/uradvd.init index a80b6ed1d5feae..81a6b1e5927e21 100755 --- a/net/uradvd/files/uradvd.init +++ b/net/uradvd/files/uradvd.init @@ -17,7 +17,7 @@ append_dns() { } start_instance() { - local cfg="$1" enabled device ifname default_lifetime + local cfg="$1" enabled device ifname default_lifetime valid_lifetime preferred_lifetime max_router_adv_interval min_router_adv_interval ARGS="" @@ -25,6 +25,10 @@ start_instance() { config_get device $cfg 'device' config_get ifname $cfg 'ifname' config_get default_lifetime $cfg 'default_lifetime' + config_get valid_lifetime $cfg 'valid_lifetime' + config_get preferred_lifetime $cfg 'preferred_lifetime' + config_get max_router_adv_interval $cfg 'max_router_adv_interval' + config_get min_router_adv_interval $cfg 'min_router_adv_interval' if [ "$enabled" != "1" ]; then exit 0 @@ -53,6 +57,22 @@ start_instance() { ARGS="$ARGS --default-lifetime $default_lifetime" fi + if [ -n "$valid_lifetime" ]; then + ARGS="$ARGS --valid-lifetime $valid_lifetime" + fi + + if [ -n "$preferred_lifetime" ]; then + ARGS="$ARGS --preferred-lifetime $preferred_lifetime" + fi + + if [ -n "$max_router_adv_interval" ]; then + ARGS="$ARGS --max-router-adv-interval $max_router_adv_interval" + fi + + if [ -n "$min_router_adv_interval" ]; then + ARGS="$ARGS --min-router-adv-interval $min_router_adv_interval" + fi + ARGS="$ARGS -i $ifname" From 6c57d3cfbb32b0aa046d284709baf965aaceb201 Mon Sep 17 00:00:00 2001 From: Jan-Niklas Burfeind Date: Sat, 23 Aug 2025 17:46:18 +0200 Subject: [PATCH 014/239] uradvd: provide warning upon disabled configuration which grants clarity and better traceability. Signed-off-by: Jan-Niklas Burfeind (cherry picked from commit e7a46671756d190309f7b6d03a129373d847306e) --- net/uradvd/files/uradvd.init | 1 + 1 file changed, 1 insertion(+) diff --git a/net/uradvd/files/uradvd.init b/net/uradvd/files/uradvd.init index 81a6b1e5927e21..379c45930fdb1c 100755 --- a/net/uradvd/files/uradvd.init +++ b/net/uradvd/files/uradvd.init @@ -31,6 +31,7 @@ start_instance() { config_get min_router_adv_interval $cfg 'min_router_adv_interval' if [ "$enabled" != "1" ]; then + echo "Disabled in /etc/config/uradvd" >&2 exit 0 fi From bb70450a573d01e069e0f8679c380f96e4466567 Mon Sep 17 00:00:00 2001 From: CupIvan Date: Sun, 24 Aug 2025 16:39:11 +0300 Subject: [PATCH 015/239] yggdrasil: update to 0.5.12 Signed-off-by: Ivan Chashkin --- net/yggdrasil/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/yggdrasil/Makefile b/net/yggdrasil/Makefile index 408c55b749a786..f4b937c7cad6ed 100644 --- a/net/yggdrasil/Makefile +++ b/net/yggdrasil/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=yggdrasil -PKG_VERSION:=0.5.9 +PKG_VERSION:=0.5.12 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/yggdrasil-network/yggdrasil-go/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=ed7e310292234dd871aa0f02e5e131b876a675ebad43a1785e986b0eaa8069dc +PKG_HASH:=6504a1e4095e091e7d6f1baa36602e3258a62c5025671b61eccbf8be532c7a0b PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-go-$(PKG_VERSION) PKG_MAINTAINER:=William Fleurant From d84d73c16d935d69134ca89deb2e9b772e2f6e70 Mon Sep 17 00:00:00 2001 From: Hannu Nyman Date: Wed, 27 Aug 2025 22:29:33 +0300 Subject: [PATCH 016/239] sing-box: Revert "sing-box: update to 1.12.3" This reverts commit 6356527dd50cd86d8ad16af0ac552603b7b84957. sing-box 1.12.3 is apparently buggy and crashes. Reference to #27346 and #27339 Let's revert the upgrade. Signed-off-by: Hannu Nyman --- net/sing-box/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/sing-box/Makefile b/net/sing-box/Makefile index d37d5cf19c7af4..8e8b9979e4b187 100644 --- a/net/sing-box/Makefile +++ b/net/sing-box/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=sing-box -PKG_VERSION:=1.12.3 +PKG_VERSION:=1.12.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/SagerNet/sing-box/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=3dce8ee383655908451f7f193714f0c8f90b8fd4baecb8e7e3948d263d766359 +PKG_HASH:=1093254161d2dac2175a589eb0b43415b89b3e0c10bb2a09ac230f320d974c82 PKG_LICENSE:=GPL-3.0-or-later PKG_LICENSE_FILES:=LICENSE From f4a0ee01e0371ff1d8e28c333ac10d6af4a0cc45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thibaut=20VAR=C3=88NE?= Date: Fri, 13 Jun 2025 14:44:46 +0200 Subject: [PATCH 017/239] libradcli: fix build options MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The provided Config.in was never sourced from the Makefile, making it impossible to toggle TLS support. This commit adds the necessary Makefile glue to fix this. Also default to TLS disabled, as was the de-facto case since Config.in was never sourced (and thus the default 'y' never enabled). Signed-off-by: Thibaut VARÈNE (cherry picked from commit 5ffca82f54e7bb611c04ddcc60ee3f81f36cf77e) --- libs/libradcli/Config.in | 1 - libs/libradcli/Makefile | 6 ++++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/libs/libradcli/Config.in b/libs/libradcli/Config.in index 35c3a223b41c26..b43ff20e66cd29 100644 --- a/libs/libradcli/Config.in +++ b/libs/libradcli/Config.in @@ -5,6 +5,5 @@ menu "Configuration" config RADCLI_TLS bool "enable TLS support" - default y endmenu diff --git a/libs/libradcli/Makefile b/libs/libradcli/Makefile index f3a7dc0e942386..6a6b303456dfea 100644 --- a/libs/libradcli/Makefile +++ b/libs/libradcli/Makefile @@ -19,6 +19,8 @@ PKG_BUILD_DIR:=$(BUILD_DIR)/radcli-$(PKG_VERSION) PKG_INSTALL:=1 PKG_BUILD_PARALLEL:=1 +PKG_CONFIG_DEPENDS := CONFIG_RADCLI_TLS + include $(INCLUDE_DIR)/package.mk define Package/libradcli @@ -37,6 +39,10 @@ define Package/libradcli/decription compatible with it. endef +define Package/libradcli/config + source "$(SOURCE)/Config.in" +endef + CONFIGURE_ARGS+= \ --enable-legacy-compat From ca56e5c2d452192007bdf2abbfcb85af344b35b9 Mon Sep 17 00:00:00 2001 From: Stan Grishin Date: Tue, 26 Aug 2025 03:46:56 +0000 Subject: [PATCH 018/239] adblock-fast: update to 1.1.4-r12 README: * update header Init-script: * set an earlier start to get triggers to work * better str_contains * improve readability of json() by getting rid of cascading case statements * add new errors/status messages to get_text() * prepare get_text() for localization by switching to inline printf * adjust shellcheck disable comments where needed * parse unbound config for DNS hijack ports * test if the archived cache exists on boot and proceed to use it if it does * add trigger waiting status so that luci app can display correct status * do not run adb_config_update on boot, speeding up trigger setup Signed-off-by: Stan Grishin (cherry picked from commit ea6111a4a041694258d36eda1b3abd9847bb09c8) --- net/adblock-fast/Makefile | 2 +- net/adblock-fast/files/README.md | 21 +- .../files/etc/init.d/adblock-fast | 252 +++++++++--------- 3 files changed, 142 insertions(+), 133 deletions(-) diff --git a/net/adblock-fast/Makefile b/net/adblock-fast/Makefile index 39ac1119280a1a..e8ee16b8f4e4fe 100644 --- a/net/adblock-fast/Makefile +++ b/net/adblock-fast/Makefile @@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=adblock-fast PKG_VERSION:=1.1.4 -PKG_RELEASE:=5 +PKG_RELEASE:=12 PKG_MAINTAINER:=Stan Grishin PKG_LICENSE:=AGPL-3.0-or-later diff --git a/net/adblock-fast/files/README.md b/net/adblock-fast/files/README.md index 827255ab2af75e..df26694143cfe6 100644 --- a/net/adblock-fast/files/README.md +++ b/net/adblock-fast/files/README.md @@ -1,3 +1,20 @@ -# README +# adblock-fast -README has been moved to [https://docs.openwrt.melmac.net/adblock-fast/](https://docs.openwrt.melmac.net/adblock-fast/). +[![OpenWrt](https://img.shields.io/badge/OpenWrt-Compatible-blueviolet)](https://openwrt.org) +[![Web UI](https://img.shields.io/badge/Web_UI-Available-blue)](https://docs.openwrt.melmac.ca/adblock-fast/) +[![Lightweight](https://img.shields.io/badge/Size-Lightweight-brightgreen)](https://openwrt.org/packages/pkgdata/adblock-fast) +[![License](https://img.shields.io/badge/License-AGPL--3.0--or--later-lightgrey)](https://github.com/stangri/adblock-fast/blob/master/LICENSE) + +A fast, lightweight DNS-based ad-blocker for OpenWrt that works with dnsmasq, smartdns, or unbound. +It runs once to process and install blocklists, then exits — keeping memory usage low. + +## Features + +- Minimal runtime memory use +- Parallel blocklist download and processing +- Persistent cache support +- Optional Web UI for custom block/allow lists +- Reverts if DNS resolution fails after restart + +📚 **Full documentation:** +[https://docs.openwrt.melmac.ca/adblock-fast/](https://docs.openwrt.melmac.ca/adblock-fast/) diff --git a/net/adblock-fast/files/etc/init.d/adblock-fast b/net/adblock-fast/files/etc/init.d/adblock-fast index 93045857638aad..6a3ddc50299072 100755 --- a/net/adblock-fast/files/etc/init.d/adblock-fast +++ b/net/adblock-fast/files/etc/init.d/adblock-fast @@ -3,7 +3,7 @@ # shellcheck disable=SC2015,SC3023,SC3043 # shellcheck disable=SC2034 -START=94 +START=50 # shellcheck disable=SC2034 USE_PROCD=1 LC_ALL=C @@ -26,7 +26,7 @@ fi readonly packageName='adblock-fast' readonly PKG_VERSION='dev-test' -readonly packageCompat='7' +readonly packageCompat='8' readonly serviceName="$packageName $PKG_VERSION" readonly packageMemoryThreshold='33554432' readonly packageConfigFile="/etc/config/${packageName}" @@ -432,7 +432,8 @@ print_json_string() { json_init; json_add_string "$1" "$2"; json_dump; json_clea sanitize_domain() { printf '%s' "$1" | sed -E 's#^[a-z]+://##; s#/.*$##; s/:.*$//'; } sanitize_dir() { [ -d "$(readlink -fn "$1")" ] && readlink -fn "$1"; } smartdns_restart() { /etc/init.d/smartdns restart >/dev/null 2>&1; } -str_contains() { test "$1" != "$(str_replace "$1" "$2" '')"; } +# shellcheck disable=SC3060 +str_contains() { [ "${1//$2}" != "$1" ]; } str_contains_word() { echo "$1" | grep -qw "$2"; } str_first_word() { echo "${1%% *}"; } # shellcheck disable=SC2018,SC2019 @@ -455,69 +456,54 @@ json() { [ "$param" = 'warning' ] && param='warnings' { json_load_file "$runningStatusFile" || json_init; } >/dev/null 2>&1 { json_select 'data' || { json_add_object 'data'; json_close_object; json_select 'data'; }; } >/dev/null 2>&1 - case "$action" in - 'get') - case "$param" in - 'errors'|'warnings') - json_select "$param" >/dev/null 2>&1 || return - if [ -z "$value" ]; then - json_get_keys i - else - json_select "$value" >/dev/null 2>&1 - case "${info:-code}" in - 'code'|'info') json_get_var 'i' "$info" >/dev/null 2>&1;; - esac - fi - printf "%b" "$i" - return - ;; - 'status'|'message'|'stats'|*) - json_get_var 'i' "$param" >/dev/null 2>&1 - printf "%b" "$i" - return - ;; - esac + case "${action}:${param}" in + 'get:errors'|'get:warnings') + json_select "$param" >/dev/null 2>&1 || return + if [ -z "$value" ]; then + json_get_keys i + else + json_select "$value" >/dev/null 2>&1 + case "${info:-code}" in + 'code'|'info') json_get_var 'i' "$info" >/dev/null 2>&1;; + esac + fi + printf "%b" "$i" + return + ;; + get:*) + json_get_var 'i' "$param" >/dev/null 2>&1 + printf "%b" "$i" + return + ;; + 'add:errors'|'add:warnings') + { json_select "$param" || json_add_array "$param"; } >/dev/null 2>&1 + json_add_object "" + json_add_string 'code' "$value" + json_add_string 'info' "$info" + json_close_object + json_select .. ;; - 'add') - case "$param" in - 'errors'|'warnings') - { json_select "$param" || json_add_array "$param"; } >/dev/null 2>&1 - json_add_object "" - json_add_string 'code' "$value" - json_add_string 'info' "$info" - json_close_object - json_select .. - ;; - *) - json_add_string "$param" "$value" - ;; - esac + add:*) + json_add_string "$param" "$value" ;; - 'del') - case "$param" in - 'all') - json_add_string status '' - json_add_string message '' - json_add_string stats '' - json_add_array errors - json_close_array - json_add_array warnings - json_close_array - ;; - 'errors'|'warnings') - json_add_array "$param" - json_close_array - ;; - *) - json_add_string "$param" '';; - esac + 'del:all') + json_add_string status '' + json_add_string message '' + json_add_string stats '' + json_add_array errors + json_close_array + json_add_array warnings + json_close_array ;; - set) - case "$param" in - 'status'|'message'|'stats') - json_add_string "$param" "$value" - ;; - esac + 'del:errors'|'del:warnings') + json_add_array "$param" + json_close_array + ;; + del:*) + json_add_string "$param" '' + ;; + 'set:status'|'set:message'|'set:stats') + json_add_string "$param" "$value" ;; esac json_add_string 'version' "$PKG_VERSION" @@ -597,73 +583,72 @@ uci_changes() { } get_text() { - local r - case "$1" in - errorConfigValidationFail) r="The $packageName config validation failed";; - errorServiceDisabled) r="The $packageName is currently disabled";; + local r="$1"; shift; + case "$r" in + errorConfigValidationFail) printf "The %s config validation failed" "$packageName";; + errorServiceDisabled) printf "The %s is currently disabled" "$packageName";; errorNoDnsmasqIpset) - r="The dnsmasq ipset support is enabled in $packageName, but dnsmasq is either not installed or installed dnsmasq does not support ipset";; + printf "The dnsmasq ipset support is enabled in %s, but dnsmasq is either not installed or installed dnsmasq does not support ipset" "$packageName";; errorNoIpset) - r="The dnsmasq ipset support is enabled in $packageName, but ipset is either not installed or installed ipset does not support 'hash:net' type";; + printf "The dnsmasq ipset support is enabled in %s, but ipset is either not installed or installed ipset does not support 'hash:net' type" "$packageName";; errorNoDnsmasqNftset) - r="The dnsmasq nft set support is enabled in $packageName, but dnsmasq is either not installed or installed dnsmasq does not support nft set";; - errorNoNft) r="The dnsmasq nft sets support is enabled in $packageName, but nft is not installed";; - errorNoWanGateway) r="The ${serviceName} failed to discover WAN gateway";; - errorOutputDirCreate) r="Failed to create directory for %s file";; - errorOutputFileCreate) r="Failed to create %s file";; - errorFailDNSReload) r="Failed to restart/reload DNS resolver";; - errorSharedMemory) r="Failed to access shared memory";; - errorSorting) r="Failed to sort data file";; - errorOptimization) r="Failed to optimize data file";; - errorAllowListProcessing) r="Failed to process allow-list";; - errorDataFileFormatting) r="Failed to format data file";; - errorCopyingDataFile) r="Failed to copy data file to '%s'";; - errorMovingDataFile) r="Failed to move data file to '%s'";; - errorCreatingCompressedCache) r="Failed to create compressed cache";; - errorRemovingTempFiles) r="Failed to remove temporary files";; - errorRestoreCompressedCache) r="Failed to unpack compressed cache";; - errorRestoreCache) r="Failed to move '$outputCache' to '$outputFile'";; - errorOhSnap) r="Failed to create block-list or restart DNS resolver";; - errorStopping) r="Failed to stop $serviceName";; - errorDNSReload) r="Failed to reload/restart DNS resolver";; - errorDownloadingConfigUpdate) r="Failed to download Config Update file";; - errorDownloadingList) r="Failed to download %s";; - errorParsingConfigUpdate) r="Failed to parse Config Update file";; - errorParsingList) r="Failed to parse";; - errorNoSSLSupport) r="No HTTPS/SSL support on device";; - errorCreatingDirectory) r="Failed to create output/cache/gzip file directory";; - errorDetectingFileType) r="Failed to detect format";; - errorNothingToDo) r="No blocked list URLs nor blocked-domains enabled";; - errorTooLittleRam) r="Free ram (%s) is not enough to process all enabled block-lists";; - errorCreatingBackupFile) r="Failed to create backup file %s";; - errorDeletingDataFile) r="Failed to delete data file %s";; - errorRestoringBackupFile) r="Failed to restore backup file %s";; - errorNoOutputFile) r="Failed to create final block-list %s";; - errorNoHeartbeat) r="Heartbeat domain is not accessible after resolver restart";; - - statusNoInstall) r="The $serviceName is not installed or not found";; - statusStopped) r="Stopped";; - statusStarting) r="Starting";; - statusRestarting) r="Restarting";; - statusForceReloading) r="Force Reloading";; - statusDownloading) r="Downloading";; - statusProcessing) r="Processing";; - statusFail) r="Failed to start";; - statusSuccess) r="Success";; + printf "The dnsmasq nft set support is enabled in %s, but dnsmasq is either not installed or installed dnsmasq does not support nft set" "$packageName";; + errorNoNft) printf "The dnsmasq nft sets support is enabled in %s, but nft is not installed" "$packageName";; + errorNoWanGateway) printf "The %s failed to discover WAN gateway" "$serviceName";; + errorOutputDirCreate) printf "Failed to create directory for %s file" "$@";; + errorOutputFileCreate) printf "Failed to create %s file" "$@";; + errorFailDNSReload) printf "Failed to restart/reload DNS resolver";; + errorSharedMemory) printf "Failed to access shared memory";; + errorSorting) printf "Failed to sort data file";; + errorOptimization) printf "Failed to optimize data file";; + errorAllowListProcessing) printf "Failed to process allow-list";; + errorDataFileFormatting) printf "Failed to format data file";; + errorCopyingDataFile) printf "Failed to copy data file to '%s'" "$@";; + errorMovingDataFile) printf "Failed to move data file to '%s'" "$@";; + errorCreatingCompressedCache) printf "Failed to create compressed cache";; + errorRemovingTempFiles) printf "Failed to remove temporary files";; + errorRestoreCompressedCache) printf "Failed to unpack compressed cache";; + errorRestoreCache) printf "Failed to move '%s' to '%s'" "$outputCache" "$outputFile";; + errorOhSnap) printf "Failed to create block-list or restart DNS resolver";; + errorStopping) printf "Failed to stop %s" "$serviceName";; + errorDNSReload) printf "Failed to reload/restart DNS resolver";; + errorDownloadingConfigUpdate) printf "Failed to download Config Update file";; + errorDownloadingList) printf "Failed to download %s" "$@";; + errorParsingConfigUpdate) printf "Failed to parse Config Update file";; + errorParsingList) printf "Failed to parse";; + errorNoSSLSupport) printf "No HTTPS/SSL support on device";; + errorCreatingDirectory) printf "Failed to create output/cache/gzip file directory";; + errorDetectingFileType) printf "Failed to detect format";; + errorNothingToDo) printf "No blocked list URLs nor blocked-domains enabled";; + errorTooLittleRam) printf "Free ram (%s) is not enough to process all enabled block-lists" "$@";; + errorCreatingBackupFile) printf "Failed to create backup file %s" "$@";; + errorDeletingDataFile) printf "Failed to delete data file %s" "$@";; + errorRestoringBackupFile) printf "Failed to restore backup file %s" "$@";; + errorNoOutputFile) printf "Failed to create final block-list %s" "$@";; + errorNoHeartbeat) printf "Heartbeat domain is not accessible after resolver restart";; + + statusNoInstall) printf "The %s is not installed or not found" "$serviceName";; + statusStopped) printf "Stopped";; + statusStarting) printf "Starting";; + statusRestarting) printf "Restarting";; + statusForceReloading) printf "Force Reloading";; + statusDownloading) printf "Downloading";; + statusProcessing) printf "Processing";; + statusFail) printf "Failed to start";; + statusSuccess) printf "Success";; + statusTriggerBootWait) printf "Waiting for trigger (on_boot)";; + statusTriggerStartWait) printf "Waiting for trigger (on_start)";; warningExternalDnsmasqConfig) - r="Use of external dnsmasq config file detected, please set 'dns' option to 'dnsmasq.conf'";; - warningMissingRecommendedPackages) r="Some recommended packages are missing";; - warningInvalidCompressedCacheDir) r="Invalid compressed cache directory '%s'";; - warningFreeRamCheckFail) r="Can't detect free RAM";; - warningSanityCheckTLD) r="Sanity check discovered TLDs in %s";; - warningSanityCheckLeadingDot) r="Sanity check discovered leading dots in %s";; - - *) r="Unknown text '$1'";; + printf "Use of external dnsmasq config file detected, please set 'dns' option to 'dnsmasq.conf'";; + warningMissingRecommendedPackages) printf "Some recommended packages are missing";; + warningInvalidCompressedCacheDir) printf "Invalid compressed cache directory '%s'" "$@";; + warningFreeRamCheckFail) printf "Can't detect free RAM";; + warningSanityCheckTLD) printf "Sanity check discovered TLDs in %s" "$@";; + warningSanityCheckLeadingDot) printf "Sanity check discovered leading dots in %s" "$@";; + + *) printf "Unknown error/warning '%s'" "$@";; esac - shift -# shellcheck disable=SC2059 - printf "$r" "$@" } load_network() { @@ -1033,7 +1018,7 @@ resolver() { ;; esac } -# shellcheck disable=SC2317 +# shellcheck disable=SC2317,SC2329 _unbound_instance_append_force_dns_port() { [ -s "/etc/config/unbound" ] || return 0 [ -n "$(uci_get 'unbound' "$cfg")" ] || return 1 @@ -1260,6 +1245,8 @@ resolver() { chown root:root "$outputFile" "$outputConfig" >/dev/null 2>/dev/null ;; unbound.*) + config_load 'unbound' + config_foreach _unbound_instance_append_force_dns_port 'unbound' chmod 660 "$outputFile" chown root:unbound "$outputFile" >/dev/null 2>/dev/null ;; @@ -1489,7 +1476,7 @@ download_dnsmasq_file() { } download_lists() { -# shellcheck disable=SC2317 +# shellcheck disable=SC2317,SC2329 _ram_check() { _config_calculate_sizes() { local cfg="$1" @@ -2036,7 +2023,7 @@ adb_check_leading_dot() { } adb_check_lists() { -# shellcheck disable=SC2317 +# shellcheck disable=SC2317,SC2329 _check_list() { local cfg="$1" local en size url name R_TMP string c @@ -2098,7 +2085,7 @@ adb_check_lists() { } adb_config_update() { -# shellcheck disable=SC2317 +# shellcheck disable=SC2317,SC2329 _cleanup_missing_urls() { local cfg="$1" url size config_get url "$cfg" url @@ -2152,7 +2139,7 @@ adb_show_blocklist() { } adb_sizes() { -# shellcheck disable=SC2317 +# shellcheck disable=SC2329 _config_add_url_size() { local cfg="$1" url name size config_get url "$cfg" url @@ -2179,6 +2166,9 @@ adb_start() { local action status error message stats p iface k local param="$1" validation_result="$3" + dns_set_output_values "$dns" + adb_file test_gzip && unset adbf_boot_flag && param='on_start' + [ -n "$adbf_boot_flag" ] && return 0 load_environment "$validation_result" "$param" || return 1 @@ -2543,6 +2533,7 @@ service_triggers() { output 1 'Setting trigger (on_boot) ' output 2 '[TRIG] Setting trigger (on_boot) ' procd_add_raw_trigger "interface.*.up" 5000 "/etc/init.d/${packageName}" start && output_okn || output_failn + json set status 'statusTriggerBootWait' else procd_open_validate load_validate_config @@ -2563,11 +2554,12 @@ service_triggers() { procd_add_interface_trigger "interface.*" "$i" "/etc/init.d/${packageName}" start && output_okn || output_failn done procd_add_config_trigger "config.change" "$packageName" "/etc/init.d/${packageName}" reload + [ -z "$(json get status)" ] && json set status 'statusTriggerStartWait' fi } sizes() { load_validate_config 'config' adb_sizes "''"; } start_service() { - load_validate_config 'config' adb_config_update "'$*'" + [ -n "$adbf_boot_flag" ] || load_validate_config 'config' adb_config_update "'$*'" load_validate_config 'config' adb_start "'$*'" } status_service() { adb_status "$@"; } From db7e5480779046d47846b718e025182c8f5a7384 Mon Sep 17 00:00:00 2001 From: George Sapkin Date: Tue, 26 Aug 2025 20:30:43 +0300 Subject: [PATCH 019/239] yt-dlp: bump to 2025.08.22 Changelog: https://github.com/yt-dlp/yt-dlp/releases/tag/2025.08.22 Signed-off-by: George Sapkin (cherry picked from commit e604458151433192273c0202185b33e97ce96b01) --- multimedia/yt-dlp/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/multimedia/yt-dlp/Makefile b/multimedia/yt-dlp/Makefile index ca050b09f5849e..553f9b092fd21d 100644 --- a/multimedia/yt-dlp/Makefile +++ b/multimedia/yt-dlp/Makefile @@ -1,11 +1,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=yt-dlp -PKG_VERSION:=2025.8.11 +PKG_VERSION:=2025.8.22 PKG_RELEASE:=1 PYPI_NAME:=yt-dlp -PKG_HASH:=dc7c120a367fe55e0f711613dc80ea29d3a4e0ed8d66104cebfbe3d36e81fdfc +PKG_HASH:=d1846bbb7edbcd2a0d4a2d76c7a2124868de9ea3b3959a8cb8219e3f7cb5c335 PYPI_SOURCE_NAME:=yt_dlp PKG_MAINTAINER:=George Sapkin From e62d5f7ad0339e75e5480d0af161257cd8b6d8ac Mon Sep 17 00:00:00 2001 From: Eric Fahlgren Date: Wed, 3 Sep 2025 10:00:45 -0700 Subject: [PATCH 020/239] owut: update to 2025.09.03 Bug fixes: efahl/owut@5743eea3bcda owut: suppress all but json output when using dump efahl/owut@efe39e2e3897 owut: handle sigint (ctrl-c) properly Enhancements: efahl/owut@49e9bce7b8c3 owut: provide download progress for slow connections Signed-off-by: Eric Fahlgren (cherry picked from commit 96ab3378d0d9ff90a5c9a5c676ada64501a8c501) --- utils/owut/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/utils/owut/Makefile b/utils/owut/Makefile index b96fd622b0d4e6..38161cedbc5414 100644 --- a/utils/owut/Makefile +++ b/utils/owut/Makefile @@ -6,13 +6,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=owut -PKG_SOURCE_DATE:=2025-08-15 +PKG_SOURCE_DATE:=2025-09-03 PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git -PKG_SOURCE_VERSION:=93f2b06b8882e7543d836bac97976d190ac8b22d +PKG_SOURCE_VERSION:=49e9bce7b8c3550f4ffead5c650884ef4f13fcfa PKG_SOURCE_URL:=https://github.com/efahl/owut.git -PKG_MIRROR_HASH:=91cf14ae1ff48d32ceecac1db6e90fb7fe69c61acf2f19bb8fc9c1dbc8a0f701 +PKG_MIRROR_HASH:=3c799115352da8660a648e1c0a5a350accacf7dfa961641653beadffda78e6e1 PKG_MAINTAINER:=Eric Fahlgren PKG_LICENSE:=GPL-2.0-only From c07c3f06a900d6650d9c6a74fecbaaa12e19a43c Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Sun, 31 Aug 2025 14:43:02 +0800 Subject: [PATCH 021/239] libtorrent-rasterbar: update boost dependencies libtorrent only links to boost headers since boost 1.69. Remove boost-system from the dependencies and add boost as build dependency. Signed-off-by: Tianling Shen (cherry picked from commit 7be94fac3708ba2ae15abcb2a92435a57b05dd37) --- libs/libtorrent-rasterbar/Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libs/libtorrent-rasterbar/Makefile b/libs/libtorrent-rasterbar/Makefile index 93ea1cab4173a4..01682e54a94054 100644 --- a/libs/libtorrent-rasterbar/Makefile +++ b/libs/libtorrent-rasterbar/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libtorrent-rasterbar PKG_VERSION:=2.0.11 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/arvidn/libtorrent/releases/download/v$(PKG_VERSION)/ @@ -12,6 +12,7 @@ PKG_MAINTAINER:=David Yang PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=COPYING +PKG_BUILD_DEPENDS:=boost PKG_CONFIG_DEPENDS:=CONFIG_PACKAGE_python3-libtorrent CMAKE_INSTALL:=1 @@ -31,7 +32,7 @@ define Package/libtorrent-rasterbar $(call Package/libtorrent-rasterbar/Default) SECTION:=libs CATEGORY:=Libraries - DEPENDS:=+boost-system +libopenssl +libatomic +libstdcpp + DEPENDS:=+libopenssl +libatomic +libstdcpp endef define Package/python3-libtorrent From f70b4a4c6b01a51848456d7ec04d469dbafc2860 Mon Sep 17 00:00:00 2001 From: "Anton P." Date: Sat, 30 Aug 2025 18:36:40 +0300 Subject: [PATCH 022/239] sing-box: Update to 1.12.4 changelog: https://github.com/SagerNet/sing-box/releases/tag/v1.12.4 Signed-off-by: Anton P. (cherry picked from commit 28ac7b8dc14bb46efd8f8ed8d7e4ca516674808c) --- net/sing-box/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/sing-box/Makefile b/net/sing-box/Makefile index 8e8b9979e4b187..7a3da84e6ff686 100644 --- a/net/sing-box/Makefile +++ b/net/sing-box/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=sing-box -PKG_VERSION:=1.12.0 +PKG_VERSION:=1.12.4 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/SagerNet/sing-box/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=1093254161d2dac2175a589eb0b43415b89b3e0c10bb2a09ac230f320d974c82 +PKG_HASH:=9a14ffa04fee1a1091ca1995a45f3e3feee460bddff0a72da2febc05a05b2660 PKG_LICENSE:=GPL-3.0-or-later PKG_LICENSE_FILES:=LICENSE From 4f1cade7b0b725af7c4d0ca8c353da2bd9e19c78 Mon Sep 17 00:00:00 2001 From: Van Waholtz Date: Mon, 1 Sep 2025 01:22:20 +0800 Subject: [PATCH 023/239] sing-box: add variant tiny The tiny version disables tailscale by default for small package size. OpenWrt also has the tailscale package as an alternative. We prefer to keep the base version has the same build tags with the upstream releases for compatibility. Signed-off-by: Van Waholtz (cherry picked from commit 16ada8307b0170bb4343ae7e163bd3dc9aa98b49) --- net/sing-box/Makefile | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/net/sing-box/Makefile b/net/sing-box/Makefile index 7a3da84e6ff686..b56feaa93293d7 100644 --- a/net/sing-box/Makefile +++ b/net/sing-box/Makefile @@ -31,6 +31,8 @@ define Package/sing-box URL:=https://sing-box.sagernet.org DEPENDS:=$(GO_ARCH_DEPENDS) +ca-bundle +kmod-inet-diag +kmod-tun USERID:=sing-box=5566:sing-box=5566 + VARIANT:=full + DEFAULT_VARIANT:=1 endef define Package/sing-box/description @@ -38,6 +40,16 @@ define Package/sing-box/description ShadowTLS, Tor, trojan, VLess, VMess, WireGuard and so on. endef +define Package/sing-box-tiny + $(Package/sing-box) + TITLE+=(tiny) + PROVIDES:=sing-box + VARIANT:=tiny + CONFLICTS:=sing-box +endef + +Package/sing-box-tiny/description:=$(Package/sing-box/description) + define Package/sing-box/config menu "Select build options" depends on PACKAGE_sing-box @@ -96,6 +108,12 @@ PKG_CONFIG_DEPENDS:= \ CONFIG_SINGBOX_WITH_V2RAY_API \ CONFIG_SINGBOX_WITH_WIREGUARD +ifeq ($(BUILD_VARIANT),tiny) +ifeq ($(CONFIG_SMALL_FLASH),) +GO_PKG_TAGS:=with_gvisor +endif +GO_PKG_TAGS:=$(GO_PKG_TAGS),with_quic,with_utls,with_clash_api +else GO_PKG_TAGS:=$(subst $(space),$(comma),$(strip \ $(if $(CONFIG_SINGBOX_WITH_ACME),with_acme) \ $(if $(CONFIG_SINGBOX_WITH_CLASH_API),with_clash_api) \ @@ -109,12 +127,15 @@ GO_PKG_TAGS:=$(subst $(space),$(comma),$(strip \ $(if $(CONFIG_SINGBOX_WITH_V2RAY_API),with_v2ray_api) \ $(if $(CONFIG_SINGBOX_WITH_WIREGUARD),with_wireguard) \ )) +endif define Package/sing-box/conffiles /etc/config/sing-box /etc/sing-box/ endef +Package/sing-box-tiny/conffiles=$(Package/sing-box/conffiles) + define Package/sing-box/install $(INSTALL_DIR) $(1)/usr/bin/ $(INSTALL_BIN) $(GO_PKG_BUILD_BIN_DIR)/sing-box $(1)/usr/bin/sing-box @@ -128,4 +149,7 @@ define Package/sing-box/install $(INSTALL_BIN) ./files/sing-box.init $(1)/etc/init.d/sing-box endef +Package/sing-box-tiny/install=$(Package/sing-box/install) + $(eval $(call BuildPackage,sing-box)) +$(eval $(call BuildPackage,sing-box-tiny)) From 27d9a579a36955240820e3ec0d3baf312108e45a Mon Sep 17 00:00:00 2001 From: Hannu Nyman Date: Wed, 3 Sep 2025 19:36:19 +0300 Subject: [PATCH 024/239] sing-box: Properly set only the full variant as default Adjust the variant definition so that DEFAULT_VARIANT is only applied to the full variant. Set the title of the full variant to 'full' for menuconfig. Signed-off-by: Hannu Nyman (cherry picked from commit 2e2cc335a6968bad3b4ade69ca53831d91aa9c6f) --- net/sing-box/Makefile | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/net/sing-box/Makefile b/net/sing-box/Makefile index b56feaa93293d7..8ca587adefe53b 100644 --- a/net/sing-box/Makefile +++ b/net/sing-box/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=sing-box PKG_VERSION:=1.12.4 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/SagerNet/sing-box/tar.gz/v$(PKG_VERSION)? @@ -24,13 +24,18 @@ GO_PKG_LDFLAGS_X:=$(GO_PKG)/constant.Version=$(PKG_VERSION) include $(INCLUDE_DIR)/package.mk include ../../lang/golang/golang-package.mk -define Package/sing-box +define Package/sing-box-default TITLE:=The universal proxy platform SECTION:=net CATEGORY:=Network URL:=https://sing-box.sagernet.org DEPENDS:=$(GO_ARCH_DEPENDS) +ca-bundle +kmod-inet-diag +kmod-tun USERID:=sing-box=5566:sing-box=5566 +endef + +define Package/sing-box + $(Package/sing-box-default) + TITLE+= (full) VARIANT:=full DEFAULT_VARIANT:=1 endef @@ -41,8 +46,8 @@ define Package/sing-box/description endef define Package/sing-box-tiny - $(Package/sing-box) - TITLE+=(tiny) + $(Package/sing-box-default) + TITLE+= (tiny) PROVIDES:=sing-box VARIANT:=tiny CONFLICTS:=sing-box From 83723287eaf6179ee77302dbc28e448b14a4a385 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Mon, 25 Aug 2025 15:35:35 +0800 Subject: [PATCH 025/239] v2ray-geodata: Update to latest version Update all geodata. Signed-off-by: Tianling Shen (cherry picked from commit 802e874d744e4575ccc40c1c15ead3327d7d715b) --- net/v2ray-geodata/Makefile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/net/v2ray-geodata/Makefile b/net/v2ray-geodata/Makefile index b89421b2e64619..0031e98d68efa9 100644 --- a/net/v2ray-geodata/Makefile +++ b/net/v2ray-geodata/Makefile @@ -12,31 +12,31 @@ PKG_MAINTAINER:=Tianling Shen include $(INCLUDE_DIR)/package.mk -GEOIP_VER:=202506050146 +GEOIP_VER:=202508140022 GEOIP_FILE:=geoip.dat.$(GEOIP_VER) define Download/geoip URL:=https://github.com/v2fly/geoip/releases/download/$(GEOIP_VER)/ URL_FILE:=geoip.dat FILE:=$(GEOIP_FILE) - HASH:=58bf8f086473cad7df77f032815eb8d96bbd4a1aaef84c4f7da18cf1a3bb947a + HASH:=54761d8691a5756fdb08d2cd4d0a9c889dbaab786e1cf758592e09fb00377f53 endef -GEOSITE_VER:=20250627153051 +GEOSITE_VER:=20250821174337 GEOSITE_FILE:=dlc.dat.$(GEOSITE_VER) define Download/geosite URL:=https://github.com/v2fly/domain-list-community/releases/download/$(GEOSITE_VER)/ URL_FILE:=dlc.dat FILE:=$(GEOSITE_FILE) - HASH:=01dae2a9c31b5c74ba7e54d8d51e0060688ed22da493eaf09f6eeeec89db395e + HASH:=751dc96e9becf21e4fb49817c6f8d5fbd62f178868e3421bf40328185caed166 endef -GEOSITE_IRAN_VER:=202506300044 +GEOSITE_IRAN_VER:=202508250041 GEOSITE_IRAN_FILE:=iran.dat.$(GEOSITE_IRAN_VER) define Download/geosite-ir URL:=https://github.com/bootmortis/iran-hosted-domains/releases/download/$(GEOSITE_IRAN_VER)/ URL_FILE:=iran.dat FILE:=$(GEOSITE_IRAN_FILE) - HASH:=9dc1d277be21851fbb7e4e7376f8b9cfe2d47b6ade9cf4459de35596e20782b6 + HASH:=20ee5b1bf5a10aea00aeb5b7e435ccf13cd578ef9ce55236fc7c0fdfd3f5b1f6 endef define Package/v2ray-geodata/template From b6c1abbf20407fe8887298bec1444a7f49966311 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Sun, 7 Sep 2025 20:07:00 +0800 Subject: [PATCH 026/239] v2ray-geodata: Update to latest version Update all geodata. Signed-off-by: Tianling Shen (cherry picked from commit 9690cb87d1e8ef455984dd657410942489c57b8d) --- net/v2ray-geodata/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/v2ray-geodata/Makefile b/net/v2ray-geodata/Makefile index 0031e98d68efa9..bf229dd90a5838 100644 --- a/net/v2ray-geodata/Makefile +++ b/net/v2ray-geodata/Makefile @@ -12,22 +12,22 @@ PKG_MAINTAINER:=Tianling Shen include $(INCLUDE_DIR)/package.mk -GEOIP_VER:=202508140022 +GEOIP_VER:=202509050142 GEOIP_FILE:=geoip.dat.$(GEOIP_VER) define Download/geoip URL:=https://github.com/v2fly/geoip/releases/download/$(GEOIP_VER)/ URL_FILE:=geoip.dat FILE:=$(GEOIP_FILE) - HASH:=54761d8691a5756fdb08d2cd4d0a9c889dbaab786e1cf758592e09fb00377f53 + HASH:=a01e09150b456cb2f3819d29d6e6c34572420aaee3ff9ef23977c4e9596c20ec endef -GEOSITE_VER:=20250821174337 +GEOSITE_VER:=20250906011216 GEOSITE_FILE:=dlc.dat.$(GEOSITE_VER) define Download/geosite URL:=https://github.com/v2fly/domain-list-community/releases/download/$(GEOSITE_VER)/ URL_FILE:=dlc.dat FILE:=$(GEOSITE_FILE) - HASH:=751dc96e9becf21e4fb49817c6f8d5fbd62f178868e3421bf40328185caed166 + HASH:=186158b6c2f67ac59e184ed997ebebcef31938be9874eb8a7d5e3854187f4e8d endef GEOSITE_IRAN_VER:=202508250041 From 2cc9f530d7e9d63172c491cf707a6ae0b48d17f5 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Mon, 25 Aug 2025 15:32:48 +0800 Subject: [PATCH 027/239] openlist: Update to 4.1.1 Release note: https://github.com/OpenListTeam/OpenList/releases/tag/v4.1.1 Signed-off-by: Tianling Shen (cherry picked from commit 713b37dd200c0c1e0899907535a5b3ca62c86d6d) --- net/openlist/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/openlist/Makefile b/net/openlist/Makefile index 49ee8cc5eb4e75..654b85aee2e2ef 100644 --- a/net/openlist/Makefile +++ b/net/openlist/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openlist -PKG_VERSION:=4.1.0 +PKG_VERSION:=4.1.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/OpenListTeam/OpenList/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=cdaf91413fe07b3d8155f644237a839dac09f084e812b25c76effca7dfc1d3f2 +PKG_HASH:=19233fbe67d848e1212b8c23e8af145b1c23533a2c09fd66c141d2de05b9b15c PKG_BUILD_DIR:=$(BUILD_DIR)/OpenList-$(PKG_VERSION) PKG_LICENSE:=AGPL-3.0-only @@ -51,13 +51,13 @@ define Package/openlist/conffiles /etc/config/openlist endef -WEB_VERSION:=4.1.0 +WEB_VERSION:=4.1.1 WEB_FILE:=$(PKG_NAME)-frontend-dist-v$(WEB_VERSION).tar.gz define Download/openlist-web URL:=https://github.com/OpenListTeam/OpenList-Frontend/releases/download/v$(WEB_VERSION)/ URL_FILE:=$(WEB_FILE) FILE:=$(WEB_FILE) - HASH:=ddaeb76aad74a858358de9a1e0d1aff93651605859813b0891b9f4f431d1a87f + HASH:=4f114ef60c95c9fa5ffc808485fd322305460891476b3248188dc75e0b7a6a6a endef define Build/Prepare From 31d77155c2179b2470a0d1c2f01f7edc24082610 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Sun, 7 Sep 2025 20:09:10 +0800 Subject: [PATCH 028/239] openlist: Update to 4.1.2 Release note: https://github.com/OpenListTeam/OpenList/releases/tag/v4.1.2 Signed-off-by: Tianling Shen (cherry picked from commit 23475cb50ee281f1a753fd6b7c636475daf73b0c) --- net/openlist/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/openlist/Makefile b/net/openlist/Makefile index 654b85aee2e2ef..09e192006f8f4b 100644 --- a/net/openlist/Makefile +++ b/net/openlist/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openlist -PKG_VERSION:=4.1.1 +PKG_VERSION:=4.1.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/OpenListTeam/OpenList/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=19233fbe67d848e1212b8c23e8af145b1c23533a2c09fd66c141d2de05b9b15c +PKG_HASH:=4de94e32f4b05d86654f97cd1551b8cfbbed6b2c38b2ac400fde3e7622013614 PKG_BUILD_DIR:=$(BUILD_DIR)/OpenList-$(PKG_VERSION) PKG_LICENSE:=AGPL-3.0-only @@ -51,13 +51,13 @@ define Package/openlist/conffiles /etc/config/openlist endef -WEB_VERSION:=4.1.1 +WEB_VERSION:=4.1.2 WEB_FILE:=$(PKG_NAME)-frontend-dist-v$(WEB_VERSION).tar.gz define Download/openlist-web URL:=https://github.com/OpenListTeam/OpenList-Frontend/releases/download/v$(WEB_VERSION)/ URL_FILE:=$(WEB_FILE) FILE:=$(WEB_FILE) - HASH:=4f114ef60c95c9fa5ffc808485fd322305460891476b3248188dc75e0b7a6a6a + HASH:=aa9a5ad478debf98a2744cfd0d494be1bd9e6d55ce57ca71093d5c35052c5f4b endef define Build/Prepare From 28e854d941462545f033fb0be20d5205fe366e0e Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Fri, 22 Aug 2025 19:37:27 +0800 Subject: [PATCH 029/239] dufs: Update to 0.44.0 Release note: https://github.com/sigoden/dufs/releases/tag/v0.44.0 Signed-off-by: Tianling Shen (cherry picked from commit 0cb83250b3ec25b9fae92b2cf0fa272dc22cf93a) --- net/dufs/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/dufs/Makefile b/net/dufs/Makefile index 11384e9a1e668d..1d3066de953e7b 100644 --- a/net/dufs/Makefile +++ b/net/dufs/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dufs -PKG_VERSION:=0.43.0 -PKG_RELEASE:=3 +PKG_VERSION:=0.44.0 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/sigoden/dufs/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=4ba3b90486336efc4e592bcf15f14d4e3b6ac7b3b1bf8770815b8c43975d8b01 +PKG_HASH:=940fe767946699bdecb9be24700f9abe5a08e913ff7edf1a5388c8a540ff1e0f PKG_MAINTAINER:=Tianling Shen PKG_LICENSE:=Apache-2.0 MIT From 79665b283ce496561a95e4d26f78cdf386fc2ece Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Sun, 24 Aug 2025 23:14:02 +0800 Subject: [PATCH 030/239] dufs: backport upstream fixes Including one security fix. Signed-off-by: Tianling Shen (cherry picked from commit bc2d10333b54ab71b7163538bb1bcc69df034053) --- net/dufs/Makefile | 2 +- ...ir-urls-inherit-noscript-params-614-.patch | 37 ++++++ .../002-fix-perms-on-dufs-A-a-ro-619-.patch | 110 ++++++++++++++++++ ...not-work-for-readonly-annoymous-620-.patch | 96 +++++++++++++++ 4 files changed, 244 insertions(+), 1 deletion(-) create mode 100644 net/dufs/patches/001-feat-make-dir-urls-inherit-noscript-params-614-.patch create mode 100644 net/dufs/patches/002-fix-perms-on-dufs-A-a-ro-619-.patch create mode 100644 net/dufs/patches/003-fix-login-btn-does-not-work-for-readonly-annoymous-620-.patch diff --git a/net/dufs/Makefile b/net/dufs/Makefile index 1d3066de953e7b..2abf392b55c501 100644 --- a/net/dufs/Makefile +++ b/net/dufs/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dufs PKG_VERSION:=0.44.0 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/sigoden/dufs/tar.gz/v$(PKG_VERSION)? diff --git a/net/dufs/patches/001-feat-make-dir-urls-inherit-noscript-params-614-.patch b/net/dufs/patches/001-feat-make-dir-urls-inherit-noscript-params-614-.patch new file mode 100644 index 00000000000000..acbf91d01c4200 --- /dev/null +++ b/net/dufs/patches/001-feat-make-dir-urls-inherit-noscript-params-614-.patch @@ -0,0 +1,37 @@ +From b2f244a4cfeb492b38ad9b92692e230e04540ea0 Mon Sep 17 00:00:00 2001 +From: sigoden +Date: Sat, 16 Aug 2025 07:36:19 +0800 +Subject: [PATCH] feat: make dir urls inherit `?noscript` params (#614) + +--- + src/noscript.rs | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +--- a/src/noscript.rs ++++ b/src/noscript.rs +@@ -55,17 +55,20 @@ pub fn generate_noscript_html(data: &Ind + + fn render_parent() -> String { + let value = "../"; +- format!("{value}") ++ format!("{value}") + } + + fn render_path_item(path: &PathItem) -> String { +- let href = encode_uri(&path.name); +- let suffix = if path.path_type.is_dir() { "/" } else { "" }; +- let name = escape_str_pcdata(&path.name); ++ let mut href = encode_uri(&path.name); ++ let mut name = escape_str_pcdata(&path.name).to_string(); ++ if path.path_type.is_dir() { ++ href.push_str("/?noscript"); ++ name.push('/'); ++ }; + let mtime = format_mtime(path.mtime).unwrap_or_default(); + let size = format_size(path.size, path.path_type); + +- format!("{name}{suffix}{mtime}{size}") ++ format!("{name}{mtime}{size}") + } + + fn format_mtime(mtime: u64) -> Option { diff --git a/net/dufs/patches/002-fix-perms-on-dufs-A-a-ro-619-.patch b/net/dufs/patches/002-fix-perms-on-dufs-A-a-ro-619-.patch new file mode 100644 index 00000000000000..46d6d482c9c559 --- /dev/null +++ b/net/dufs/patches/002-fix-perms-on-dufs-A-a-ro-619-.patch @@ -0,0 +1,110 @@ +From f8a7873582567a85095ca9d2124b185cd3eb2ffd Mon Sep 17 00:00:00 2001 +From: sigoden +Date: Tue, 19 Aug 2025 07:51:52 +0800 +Subject: [PATCH] fix: perms on `dufs -A -a @/:ro` (#619) + +--- + src/auth.rs | 9 ++++++--- + src/server.rs | 4 ++-- + tests/auth.rs | 18 ++++++++++++++++++ + 3 files changed, 26 insertions(+), 5 deletions(-) + +--- a/src/auth.rs ++++ b/src/auth.rs +@@ -30,6 +30,7 @@ lazy_static! { + + #[derive(Debug, Clone, PartialEq)] + pub struct AccessControl { ++ empty: bool, + use_hashed_password: bool, + users: IndexMap, + anonymous: Option, +@@ -38,6 +39,7 @@ pub struct AccessControl { + impl Default for AccessControl { + fn default() -> Self { + AccessControl { ++ empty: true, + use_hashed_password: false, + users: IndexMap::new(), + anonymous: Some(AccessPaths::new(AccessPerm::ReadWrite)), +@@ -48,7 +50,7 @@ impl Default for AccessControl { + impl AccessControl { + pub fn new(raw_rules: &[&str]) -> Result { + if raw_rules.is_empty() { +- return Ok(Default::default()); ++ return Ok(Self::default()); + } + let new_raw_rules = split_rules(raw_rules); + let mut use_hashed_password = false; +@@ -93,13 +95,14 @@ impl AccessControl { + } + + Ok(Self { ++ empty: false, + use_hashed_password, + users, + anonymous, + }) + } + +- pub fn exist(&self) -> bool { ++ pub fn has_users(&self) -> bool { + !self.users.is_empty() + } + +@@ -111,7 +114,7 @@ impl AccessControl { + token: Option<&String>, + guard_options: bool, + ) -> (Option, Option) { +- if self.users.is_empty() { ++ if self.empty { + return (None, Some(AccessPaths::new(AccessPerm::ReadWrite))); + } + +--- a/src/server.rs ++++ b/src/server.rs +@@ -962,7 +962,7 @@ impl Server { + uri_prefix: self.args.uri_prefix.clone(), + allow_upload: self.args.allow_upload, + allow_delete: self.args.allow_delete, +- auth: self.args.auth.exist(), ++ auth: self.args.auth.has_users(), + user, + editable, + }; +@@ -1226,7 +1226,7 @@ impl Server { + allow_search: self.args.allow_search, + allow_archive: self.args.allow_archive, + dir_exists: exist, +- auth: self.args.auth.exist(), ++ auth: self.args.auth.has_users(), + user, + paths, + }; +--- a/tests/auth.rs ++++ b/tests/auth.rs +@@ -126,6 +126,24 @@ fn auth_skip_if_no_auth_user(server: Tes + } + + #[rstest] ++fn auth_no_skip_if_anonymous( ++ #[with(&["--auth", "@/:ro"])] server: TestServer, ++) -> Result<(), Error> { ++ let url = format!("{}index.html", server.url()); ++ let resp = fetch!(b"GET", &url) ++ .basic_auth("user", Some("pass")) ++ .send()?; ++ assert_eq!(resp.status(), 401); ++ let resp = fetch!(b"GET", &url).send()?; ++ assert_eq!(resp.status(), 200); ++ let resp = fetch!(b"DELETE", &url) ++ .basic_auth("user", Some("pass")) ++ .send()?; ++ assert_eq!(resp.status(), 401); ++ Ok(()) ++} ++ ++#[rstest] + fn auth_check( + #[with(&["--auth", "user:pass@/:rw", "--auth", "user2:pass2@/", "-A"])] server: TestServer, + ) -> Result<(), Error> { diff --git a/net/dufs/patches/003-fix-login-btn-does-not-work-for-readonly-annoymous-620-.patch b/net/dufs/patches/003-fix-login-btn-does-not-work-for-readonly-annoymous-620-.patch new file mode 100644 index 00000000000000..02d4b9ae216bc4 --- /dev/null +++ b/net/dufs/patches/003-fix-login-btn-does-not-work-for-readonly-annoymous-620-.patch @@ -0,0 +1,96 @@ +From 4016715187db5bd84c7d15ea6abcd99fd4a0a667 Mon Sep 17 00:00:00 2001 +From: sigoden +Date: Tue, 19 Aug 2025 08:58:59 +0800 +Subject: [PATCH] fix: login btn does not work for readonly annoymous (#620) + +--- + assets/index.js | 7 ++++--- + src/server.rs | 13 ++++++++++++- + tests/auth.rs | 16 ++++++++++++++-- + 3 files changed, 30 insertions(+), 6 deletions(-) + +--- a/assets/index.js ++++ b/assets/index.js +@@ -534,7 +534,7 @@ async function setupAuth() { + $loginBtn.classList.remove("hidden"); + $loginBtn.addEventListener("click", async () => { + try { +- await checkAuth(); ++ await checkAuth("login"); + } catch { } + location.reload(); + }); +@@ -782,9 +782,10 @@ async function saveChange() { + } + } + +-async function checkAuth() { ++async function checkAuth(variant) { + if (!DATA.auth) return; +- const res = await fetch(baseUrl(), { ++ const qs = variant ? `?${variant}` : ""; ++ const res = await fetch(baseUrl() + qs, { + method: "CHECKAUTH", + }); + await assertResOK(res); +--- a/src/server.rs ++++ b/src/server.rs +@@ -211,7 +211,18 @@ impl Server { + } + + if method.as_str() == "CHECKAUTH" { +- *res.body_mut() = body_full(user.clone().unwrap_or_default()); ++ match user.clone() { ++ Some(user) => { ++ *res.body_mut() = body_full(user); ++ } ++ None => { ++ if has_query_flag(&query_params, "login") || !access_paths.perm().readwrite() { ++ self.auth_reject(&mut res)? ++ } else { ++ *res.body_mut() = body_full(""); ++ } ++ } ++ } + return Ok(res); + } else if method.as_str() == "LOGOUT" { + self.auth_reject(&mut res)?; +--- a/tests/auth.rs ++++ b/tests/auth.rs +@@ -147,7 +147,7 @@ fn auth_no_skip_if_anonymous( + fn auth_check( + #[with(&["--auth", "user:pass@/:rw", "--auth", "user2:pass2@/", "-A"])] server: TestServer, + ) -> Result<(), Error> { +- let url = format!("{}index.html", server.url()); ++ let url = format!("{}", server.url()); + let resp = fetch!(b"CHECKAUTH", &url).send()?; + assert_eq!(resp.status(), 401); + let resp = send_with_digest_auth(fetch!(b"CHECKAUTH", &url), "user", "pass")?; +@@ -161,7 +161,7 @@ fn auth_check( + fn auth_check2( + #[with(&["--auth", "user:pass@/:rw|user2:pass2@/", "-A"])] server: TestServer, + ) -> Result<(), Error> { +- let url = format!("{}index.html", server.url()); ++ let url = format!("{}", server.url()); + let resp = fetch!(b"CHECKAUTH", &url).send()?; + assert_eq!(resp.status(), 401); + let resp = send_with_digest_auth(fetch!(b"CHECKAUTH", &url), "user", "pass")?; +@@ -171,6 +171,18 @@ fn auth_check2( + Ok(()) + } + ++#[rstest] ++fn auth_check3( ++ #[with(&["--auth", "user:pass@/:rw", "--auth", "@/dir1:rw", "-A"])] server: TestServer, ++) -> Result<(), Error> { ++ let url = format!("{}dir1/", server.url()); ++ let resp = fetch!(b"CHECKAUTH", &url).send()?; ++ assert_eq!(resp.status(), 200); ++ let resp = fetch!(b"CHECKAUTH", format!("{url}?login")).send()?; ++ assert_eq!(resp.status(), 401); ++ Ok(()) ++} ++ + #[rstest] + fn auth_logout( + #[with(&["--auth", "user:pass@/:rw", "-A"])] server: TestServer, From 1411e1ca13c82863e99b26eb90db1348ceb3c5a2 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Tue, 9 Sep 2025 21:14:51 +0800 Subject: [PATCH 031/239] dufs: Update to 0.45.0 Removed upstreamed patches. Release note: https://github.com/sigoden/dufs/releases/tag/v0.45.0 Signed-off-by: Tianling Shen (cherry picked from commit f7df64100dbff95a6bc715d3f5d2bb27d8644d3b) --- net/dufs/Makefile | 6 +- ...ir-urls-inherit-noscript-params-614-.patch | 37 ------ .../002-fix-perms-on-dufs-A-a-ro-619-.patch | 110 ------------------ ...not-work-for-readonly-annoymous-620-.patch | 96 --------------- 4 files changed, 3 insertions(+), 246 deletions(-) delete mode 100644 net/dufs/patches/001-feat-make-dir-urls-inherit-noscript-params-614-.patch delete mode 100644 net/dufs/patches/002-fix-perms-on-dufs-A-a-ro-619-.patch delete mode 100644 net/dufs/patches/003-fix-login-btn-does-not-work-for-readonly-annoymous-620-.patch diff --git a/net/dufs/Makefile b/net/dufs/Makefile index 2abf392b55c501..cfe0666626c55c 100644 --- a/net/dufs/Makefile +++ b/net/dufs/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dufs -PKG_VERSION:=0.44.0 -PKG_RELEASE:=2 +PKG_VERSION:=0.45.0 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/sigoden/dufs/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=940fe767946699bdecb9be24700f9abe5a08e913ff7edf1a5388c8a540ff1e0f +PKG_HASH:=62aa2cadd77e1bd9d96c77cbd832a53ffc364301c549001bf8fd9d023cbd8ab1 PKG_MAINTAINER:=Tianling Shen PKG_LICENSE:=Apache-2.0 MIT diff --git a/net/dufs/patches/001-feat-make-dir-urls-inherit-noscript-params-614-.patch b/net/dufs/patches/001-feat-make-dir-urls-inherit-noscript-params-614-.patch deleted file mode 100644 index acbf91d01c4200..00000000000000 --- a/net/dufs/patches/001-feat-make-dir-urls-inherit-noscript-params-614-.patch +++ /dev/null @@ -1,37 +0,0 @@ -From b2f244a4cfeb492b38ad9b92692e230e04540ea0 Mon Sep 17 00:00:00 2001 -From: sigoden -Date: Sat, 16 Aug 2025 07:36:19 +0800 -Subject: [PATCH] feat: make dir urls inherit `?noscript` params (#614) - ---- - src/noscript.rs | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - ---- a/src/noscript.rs -+++ b/src/noscript.rs -@@ -55,17 +55,20 @@ pub fn generate_noscript_html(data: &Ind - - fn render_parent() -> String { - let value = "../"; -- format!("{value}") -+ format!("{value}") - } - - fn render_path_item(path: &PathItem) -> String { -- let href = encode_uri(&path.name); -- let suffix = if path.path_type.is_dir() { "/" } else { "" }; -- let name = escape_str_pcdata(&path.name); -+ let mut href = encode_uri(&path.name); -+ let mut name = escape_str_pcdata(&path.name).to_string(); -+ if path.path_type.is_dir() { -+ href.push_str("/?noscript"); -+ name.push('/'); -+ }; - let mtime = format_mtime(path.mtime).unwrap_or_default(); - let size = format_size(path.size, path.path_type); - -- format!("{name}{suffix}{mtime}{size}") -+ format!("{name}{mtime}{size}") - } - - fn format_mtime(mtime: u64) -> Option { diff --git a/net/dufs/patches/002-fix-perms-on-dufs-A-a-ro-619-.patch b/net/dufs/patches/002-fix-perms-on-dufs-A-a-ro-619-.patch deleted file mode 100644 index 46d6d482c9c559..00000000000000 --- a/net/dufs/patches/002-fix-perms-on-dufs-A-a-ro-619-.patch +++ /dev/null @@ -1,110 +0,0 @@ -From f8a7873582567a85095ca9d2124b185cd3eb2ffd Mon Sep 17 00:00:00 2001 -From: sigoden -Date: Tue, 19 Aug 2025 07:51:52 +0800 -Subject: [PATCH] fix: perms on `dufs -A -a @/:ro` (#619) - ---- - src/auth.rs | 9 ++++++--- - src/server.rs | 4 ++-- - tests/auth.rs | 18 ++++++++++++++++++ - 3 files changed, 26 insertions(+), 5 deletions(-) - ---- a/src/auth.rs -+++ b/src/auth.rs -@@ -30,6 +30,7 @@ lazy_static! { - - #[derive(Debug, Clone, PartialEq)] - pub struct AccessControl { -+ empty: bool, - use_hashed_password: bool, - users: IndexMap, - anonymous: Option, -@@ -38,6 +39,7 @@ pub struct AccessControl { - impl Default for AccessControl { - fn default() -> Self { - AccessControl { -+ empty: true, - use_hashed_password: false, - users: IndexMap::new(), - anonymous: Some(AccessPaths::new(AccessPerm::ReadWrite)), -@@ -48,7 +50,7 @@ impl Default for AccessControl { - impl AccessControl { - pub fn new(raw_rules: &[&str]) -> Result { - if raw_rules.is_empty() { -- return Ok(Default::default()); -+ return Ok(Self::default()); - } - let new_raw_rules = split_rules(raw_rules); - let mut use_hashed_password = false; -@@ -93,13 +95,14 @@ impl AccessControl { - } - - Ok(Self { -+ empty: false, - use_hashed_password, - users, - anonymous, - }) - } - -- pub fn exist(&self) -> bool { -+ pub fn has_users(&self) -> bool { - !self.users.is_empty() - } - -@@ -111,7 +114,7 @@ impl AccessControl { - token: Option<&String>, - guard_options: bool, - ) -> (Option, Option) { -- if self.users.is_empty() { -+ if self.empty { - return (None, Some(AccessPaths::new(AccessPerm::ReadWrite))); - } - ---- a/src/server.rs -+++ b/src/server.rs -@@ -962,7 +962,7 @@ impl Server { - uri_prefix: self.args.uri_prefix.clone(), - allow_upload: self.args.allow_upload, - allow_delete: self.args.allow_delete, -- auth: self.args.auth.exist(), -+ auth: self.args.auth.has_users(), - user, - editable, - }; -@@ -1226,7 +1226,7 @@ impl Server { - allow_search: self.args.allow_search, - allow_archive: self.args.allow_archive, - dir_exists: exist, -- auth: self.args.auth.exist(), -+ auth: self.args.auth.has_users(), - user, - paths, - }; ---- a/tests/auth.rs -+++ b/tests/auth.rs -@@ -126,6 +126,24 @@ fn auth_skip_if_no_auth_user(server: Tes - } - - #[rstest] -+fn auth_no_skip_if_anonymous( -+ #[with(&["--auth", "@/:ro"])] server: TestServer, -+) -> Result<(), Error> { -+ let url = format!("{}index.html", server.url()); -+ let resp = fetch!(b"GET", &url) -+ .basic_auth("user", Some("pass")) -+ .send()?; -+ assert_eq!(resp.status(), 401); -+ let resp = fetch!(b"GET", &url).send()?; -+ assert_eq!(resp.status(), 200); -+ let resp = fetch!(b"DELETE", &url) -+ .basic_auth("user", Some("pass")) -+ .send()?; -+ assert_eq!(resp.status(), 401); -+ Ok(()) -+} -+ -+#[rstest] - fn auth_check( - #[with(&["--auth", "user:pass@/:rw", "--auth", "user2:pass2@/", "-A"])] server: TestServer, - ) -> Result<(), Error> { diff --git a/net/dufs/patches/003-fix-login-btn-does-not-work-for-readonly-annoymous-620-.patch b/net/dufs/patches/003-fix-login-btn-does-not-work-for-readonly-annoymous-620-.patch deleted file mode 100644 index 02d4b9ae216bc4..00000000000000 --- a/net/dufs/patches/003-fix-login-btn-does-not-work-for-readonly-annoymous-620-.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 4016715187db5bd84c7d15ea6abcd99fd4a0a667 Mon Sep 17 00:00:00 2001 -From: sigoden -Date: Tue, 19 Aug 2025 08:58:59 +0800 -Subject: [PATCH] fix: login btn does not work for readonly annoymous (#620) - ---- - assets/index.js | 7 ++++--- - src/server.rs | 13 ++++++++++++- - tests/auth.rs | 16 ++++++++++++++-- - 3 files changed, 30 insertions(+), 6 deletions(-) - ---- a/assets/index.js -+++ b/assets/index.js -@@ -534,7 +534,7 @@ async function setupAuth() { - $loginBtn.classList.remove("hidden"); - $loginBtn.addEventListener("click", async () => { - try { -- await checkAuth(); -+ await checkAuth("login"); - } catch { } - location.reload(); - }); -@@ -782,9 +782,10 @@ async function saveChange() { - } - } - --async function checkAuth() { -+async function checkAuth(variant) { - if (!DATA.auth) return; -- const res = await fetch(baseUrl(), { -+ const qs = variant ? `?${variant}` : ""; -+ const res = await fetch(baseUrl() + qs, { - method: "CHECKAUTH", - }); - await assertResOK(res); ---- a/src/server.rs -+++ b/src/server.rs -@@ -211,7 +211,18 @@ impl Server { - } - - if method.as_str() == "CHECKAUTH" { -- *res.body_mut() = body_full(user.clone().unwrap_or_default()); -+ match user.clone() { -+ Some(user) => { -+ *res.body_mut() = body_full(user); -+ } -+ None => { -+ if has_query_flag(&query_params, "login") || !access_paths.perm().readwrite() { -+ self.auth_reject(&mut res)? -+ } else { -+ *res.body_mut() = body_full(""); -+ } -+ } -+ } - return Ok(res); - } else if method.as_str() == "LOGOUT" { - self.auth_reject(&mut res)?; ---- a/tests/auth.rs -+++ b/tests/auth.rs -@@ -147,7 +147,7 @@ fn auth_no_skip_if_anonymous( - fn auth_check( - #[with(&["--auth", "user:pass@/:rw", "--auth", "user2:pass2@/", "-A"])] server: TestServer, - ) -> Result<(), Error> { -- let url = format!("{}index.html", server.url()); -+ let url = format!("{}", server.url()); - let resp = fetch!(b"CHECKAUTH", &url).send()?; - assert_eq!(resp.status(), 401); - let resp = send_with_digest_auth(fetch!(b"CHECKAUTH", &url), "user", "pass")?; -@@ -161,7 +161,7 @@ fn auth_check( - fn auth_check2( - #[with(&["--auth", "user:pass@/:rw|user2:pass2@/", "-A"])] server: TestServer, - ) -> Result<(), Error> { -- let url = format!("{}index.html", server.url()); -+ let url = format!("{}", server.url()); - let resp = fetch!(b"CHECKAUTH", &url).send()?; - assert_eq!(resp.status(), 401); - let resp = send_with_digest_auth(fetch!(b"CHECKAUTH", &url), "user", "pass")?; -@@ -171,6 +171,18 @@ fn auth_check2( - Ok(()) - } - -+#[rstest] -+fn auth_check3( -+ #[with(&["--auth", "user:pass@/:rw", "--auth", "@/dir1:rw", "-A"])] server: TestServer, -+) -> Result<(), Error> { -+ let url = format!("{}dir1/", server.url()); -+ let resp = fetch!(b"CHECKAUTH", &url).send()?; -+ assert_eq!(resp.status(), 200); -+ let resp = fetch!(b"CHECKAUTH", format!("{url}?login")).send()?; -+ assert_eq!(resp.status(), 401); -+ Ok(()) -+} -+ - #[rstest] - fn auth_logout( - #[with(&["--auth", "user:pass@/:rw", "-A"])] server: TestServer, From 2f6357377de5acaf0d5ae25c0383aaa503a4ec2c Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Thu, 14 Aug 2025 13:59:52 +0200 Subject: [PATCH 032/239] python3: update to version 3.11.13 Release notes: https://docs.python.org/release/3.11.13/whatsnew/changelog.html#python-3-11-13 Fixes CVEs: CVE 2024-12718 CVE 2025-4138 CVE 2025-4330 CVE 2025-4517 Patch refreshed Signed-off-by: Josef Schlehofer (cherry picked from commit 3686cbe4177972f564380f9e691cd4530a9b88b9) --- lang/python/python3-version.mk | 2 +- lang/python/python3/Makefile | 2 +- .../python3/patches/027-fix-host-build-libressl.patch | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lang/python/python3-version.mk b/lang/python/python3-version.mk index 7bd437ef22094c..4cc337ada23df7 100644 --- a/lang/python/python3-version.mk +++ b/lang/python/python3-version.mk @@ -8,7 +8,7 @@ # Note: keep in sync with setuptools & pip PYTHON3_VERSION_MAJOR:=3 PYTHON3_VERSION_MINOR:=11 -PYTHON3_VERSION_MICRO:=10 +PYTHON3_VERSION_MICRO:=13 PYTHON3_VERSION:=$(PYTHON3_VERSION_MAJOR).$(PYTHON3_VERSION_MINOR) diff --git a/lang/python/python3/Makefile b/lang/python/python3/Makefile index 00904645115d3e..1ce67494a152e9 100644 --- a/lang/python/python3/Makefile +++ b/lang/python/python3/Makefile @@ -16,7 +16,7 @@ PKG_VERSION:=$(PYTHON3_VERSION).$(PYTHON3_VERSION_MICRO) PKG_SOURCE:=Python-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://www.python.org/ftp/python/$(PKG_VERSION) -PKG_HASH:=07a4356e912900e61a15cb0949a06c4a05012e213ecd6b4e84d0f67aabbee372 +PKG_HASH:=8fb5f9fbc7609fa822cb31549884575db7fd9657cbffb89510b5d7975963a83a PKG_MAINTAINER:=Jeffery To PKG_LICENSE:=Python-2.0.1 0BSD diff --git a/lang/python/python3/patches/027-fix-host-build-libressl.patch b/lang/python/python3/patches/027-fix-host-build-libressl.patch index 19f5016e06c23f..f45179d3b5f17e 100644 --- a/lang/python/python3/patches/027-fix-host-build-libressl.patch +++ b/lang/python/python3/patches/027-fix-host-build-libressl.patch @@ -1,6 +1,6 @@ --- a/Modules/_ssl.c +++ b/Modules/_ssl.c -@@ -4541,7 +4541,7 @@ set_sni_callback(PySSLContext *self, PyO +@@ -4551,7 +4551,7 @@ set_sni_callback(PySSLContext *self, PyO return 0; } @@ -9,7 +9,7 @@ static X509_OBJECT *x509_object_dup(const X509_OBJECT *obj) { int ok; -@@ -4614,7 +4614,11 @@ _ssl__SSLContext_cert_store_stats_impl(P +@@ -4624,7 +4624,11 @@ _ssl__SSLContext_cert_store_stats_impl(P int x509 = 0, crl = 0, ca = 0, i; store = SSL_CTX_get_cert_store(self->ctx); @@ -21,7 +21,7 @@ if (objs == NULL) { PyErr_SetString(PyExc_MemoryError, "failed to query cert store"); return NULL; -@@ -4669,7 +4673,11 @@ _ssl__SSLContext_get_ca_certs_impl(PySSL +@@ -4679,7 +4683,11 @@ _ssl__SSLContext_get_ca_certs_impl(PySSL } store = SSL_CTX_get_cert_store(self->ctx); From 4df349df1413a7bac09092aedf62eedd9c836888 Mon Sep 17 00:00:00 2001 From: Carl-Daniel Hailfinger Date: Wed, 3 Sep 2025 09:55:02 +0200 Subject: [PATCH 033/239] realtek-poe: increase version to 1.3 * Add support for RTL8238B Signed-off-by: Carl-Daniel Hailfinger (cherry picked from commit a80cc41f202b1ce48cd017560eb413f995313b2d) --- utils/realtek-poe/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/realtek-poe/Makefile b/utils/realtek-poe/Makefile index 64017245b93e7b..4005909edbb6cf 100644 --- a/utils/realtek-poe/Makefile +++ b/utils/realtek-poe/Makefile @@ -3,14 +3,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=realtek-poe -PKG_VERSION:=1.2 +PKG_VERSION:=1.3 PKG_RELEASE:=1 PKG_LICENSE:=GPL-2.0-or-later PKG_MAINTAINER:=Martin Kennedy PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/Hurricos/realtek-poe/archive/refs/tags/v$(PKG_VERSION) -PKG_HASH:=ebe58d2e0f630889d79fb84155936bc43253242857dabfb80d9da71edf92d1e0 +PKG_HASH:=b006ebf74dc552f82ef6e7b01a10bf2c5b8e46b5c1b833f0512946e76da1b9ca CMAKE_SOURCE_SUBDIR:=src include $(INCLUDE_DIR)/package.mk From 99318bd1b8225ec0368934ba0cbdd982c8b49267 Mon Sep 17 00:00:00 2001 From: Wesley Gimenes Date: Tue, 3 Jun 2025 23:36:52 -0300 Subject: [PATCH 034/239] gihub: fix PR template broken URL changes the relative URL in the PR template to an absolute URL to resolve a "Not Found" error. Signed-off-by: Wesley Gimenes (cherry picked from commit ae6fd69de587bb450ce868416be03fbc782c9e4e) --- .github/pull_request_template.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 8d1d04426acba6..237d0d5f9ca9c7 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -18,7 +18,7 @@ ## ✅ Formalities -- [ ] I have reviewed the [CONTRIBUTING.md](../CONTRIBUTING.md) file for detailed contributing guidelines. +- [ ] I have reviewed the [CONTRIBUTING.md](https://github.com/openwrt/packages/blob/master/CONTRIBUTING.md) file for detailed contributing guidelines. ### If your PR contains a patch: From c0e97f89be771e7cc673731e2244ea30a4c4f1f5 Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Sat, 9 Nov 2024 23:21:50 +0000 Subject: [PATCH 035/239] ruby: include JSON modules in host build Ruby JSON modules are used to build WebKitGTK. Include them in the host build. Signed-off-by: Daniel Golle (cherry picked from commit c667ae2efb4ad66d80f2bbc1348eda53a7e2049d) --- lang/ruby/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lang/ruby/Makefile b/lang/ruby/Makefile index 56c4e801020fb5..fd6dba4f62ced3 100644 --- a/lang/ruby/Makefile +++ b/lang/ruby/Makefile @@ -49,7 +49,7 @@ HOST_CONFIGURE_ARGS += \ --disable-yjit \ --without-gmp \ --with-static-linked-ext \ - --with-out-ext=-test-/*,bigdecimal,cgi/escape,continuation,coverage,etc,fcntl,fiddle,io/console,json,json/generator,json/parser,mathn/complex,mathn/rational,nkf,objspace,pty,racc/cparse,rbconfig/sizeof,readline,rubyvm,syslog,win32,win32ole,win32/resolv + --with-out-ext=-test-/*,bigdecimal,cgi/escape,continuation,coverage,etc,fcntl,fiddle,io/console,mathn/complex,mathn/rational,nkf,objspace,pty,racc/cparse,rbconfig/sizeof,readline,rubyvm,syslog,win32,win32ole,win32/resolv HOST_BUILD_DEPENDS:=yaml/host From b5fffec0566b8e1a9bec06b9955fe272a328b937 Mon Sep 17 00:00:00 2001 From: Luiz Angelo Daros de Luca Date: Sun, 1 Dec 2024 15:44:07 -0300 Subject: [PATCH 036/239] ruby: update to 3.3.6 Ruby 3.3.6 is a routine update that includes minor bug fixes. It also stops warning missing default gem dependencies that will be bundled gems in Ruby 3.5. Link: https://github.com/ruby/ruby/releases/tag/v3_3_6 Signed-off-by: Luiz Angelo Daros de Luca (cherry picked from commit 2b999558db0711124f7b5cf4afa201557352f694) --- lang/ruby/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/ruby/Makefile b/lang/ruby/Makefile index fd6dba4f62ced3..823d6ec0c79c28 100644 --- a/lang/ruby/Makefile +++ b/lang/ruby/Makefile @@ -11,7 +11,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ruby -PKG_VERSION:=3.3.5 +PKG_VERSION:=3.3.6 PKG_RELEASE:=1 # First two numbes @@ -19,7 +19,7 @@ PKG_ABI_VERSION:=$(subst $(space),.,$(wordlist 1, 2, $(subst .,$(space),$(PKG_VE PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://cache.ruby-lang.org/pub/ruby/$(PKG_ABI_VERSION)/ -PKG_HASH:=3781a3504222c2f26cb4b9eb9c1a12dbf4944d366ce24a9ff8cf99ecbce75196 +PKG_HASH:=8dc48fffaf270f86f1019053f28e51e4da4cce32a36760a0603a9aee67d7fd8d PKG_MAINTAINER:=Luiz Angelo Daros de Luca PKG_LICENSE:=BSD-2-Clause PKG_LICENSE_FILES:=COPYING From 014c5ffa1130eb39f21a48b70d06f86329941788 Mon Sep 17 00:00:00 2001 From: Luiz Angelo Daros de Luca Date: Sun, 31 Aug 2025 18:46:36 -0300 Subject: [PATCH 037/239] ruby: update to 3.3.9 3.3.9 release includes the following security fix of default gems: - CVE-2025-24294: Possible Denial of Service in resolv gem And the following fixes for build issues: - GCC 15.1 - Visual Studio 2022 Version 17.14 3.3.7 and 3.3.8 are routine update that includes minor bug fixes. Signed-off-by: Luiz Angelo Daros de Luca (cherry picked from commit 59880e81a62446b44106d8d3455583e2d414c2c4) --- lang/ruby/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/ruby/Makefile b/lang/ruby/Makefile index 823d6ec0c79c28..50db8ecdc6d3a3 100644 --- a/lang/ruby/Makefile +++ b/lang/ruby/Makefile @@ -11,7 +11,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ruby -PKG_VERSION:=3.3.6 +PKG_VERSION:=3.3.9 PKG_RELEASE:=1 # First two numbes @@ -19,7 +19,7 @@ PKG_ABI_VERSION:=$(subst $(space),.,$(wordlist 1, 2, $(subst .,$(space),$(PKG_VE PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://cache.ruby-lang.org/pub/ruby/$(PKG_ABI_VERSION)/ -PKG_HASH:=8dc48fffaf270f86f1019053f28e51e4da4cce32a36760a0603a9aee67d7fd8d +PKG_HASH:=d1991690a4e17233ec6b3c7844c1e1245c0adce3e00d713551d0458467b727b1 PKG_MAINTAINER:=Luiz Angelo Daros de Luca PKG_LICENSE:=BSD-2-Clause PKG_LICENSE_FILES:=COPYING From 0feef689004acd0fcf368b58c621af4e0d2c25a9 Mon Sep 17 00:00:00 2001 From: Sebastian Hamann Date: Tue, 19 Aug 2025 13:53:33 +0200 Subject: [PATCH 038/239] nut: switch to https:// download URL Signed-off-by: Sebastian Hamann (cherry picked from commit f5371ab4347ea1104a0e3c4075fb071947075216) --- net/nut/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/nut/Makefile b/net/nut/Makefile index 7181832b2da5b1..5c72c922a9d976 100644 --- a/net/nut/Makefile +++ b/net/nut/Makefile @@ -12,7 +12,7 @@ PKG_VERSION:=2.8.1 PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=http://www.networkupstools.org/source/2.8/ +PKG_SOURCE_URL:=https://www.networkupstools.org/source/2.8/ PKG_HASH:=7da48ee23b1f0d8d72560bb0af84f5c5ae4dbe35452b84cb49840132e47f099c PKG_LICENSE:=GPL-2.0-or-later GPL-3.0-or-later GPL-1.0-or-later Artistic-1.0-Perl PKG_LICENSE_FILES:=LICENSE-GPL2 LICENSE-GPL3 COPYING From 923a24b601b0438769f2314c851362b7ae0c0274 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Wed, 30 Apr 2025 16:21:04 -0700 Subject: [PATCH 039/239] ffmpeg: fix compilation with GCC14 Upstream backport. Signed-off-by: Rosen Penev (cherry picked from commit ac258c05ecadc79de47e51e1df5ecdde75f0abea) --- multimedia/ffmpeg/Makefile | 2 +- multimedia/ffmpeg/patches/020-gcc14.patch | 91 +++++++++++++++++++++++ 2 files changed, 92 insertions(+), 1 deletion(-) create mode 100644 multimedia/ffmpeg/patches/020-gcc14.patch diff --git a/multimedia/ffmpeg/Makefile b/multimedia/ffmpeg/Makefile index 12897c404fa867..cd392801529281 100644 --- a/multimedia/ffmpeg/Makefile +++ b/multimedia/ffmpeg/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ffmpeg PKG_VERSION:=6.1.2 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://ffmpeg.org/releases/ diff --git a/multimedia/ffmpeg/patches/020-gcc14.patch b/multimedia/ffmpeg/patches/020-gcc14.patch new file mode 100644 index 00000000000000..1c4316fc57fb7c --- /dev/null +++ b/multimedia/ffmpeg/patches/020-gcc14.patch @@ -0,0 +1,91 @@ +From 2f24f10d9cf34ddce274496c4daa73f732d370c1 Mon Sep 17 00:00:00 2001 +From: Sam James +Date: Wed, 20 Dec 2023 12:32:43 +0000 +Subject: [PATCH] libavcodec: fix -Wint-conversion in vulkan +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +FIx warnings (soon to be errors in GCC 14, already so in Clang 15): +``` +src/libavcodec/vulkan_av1.c: In function ‘vk_av1_create_params’: +src/libavcodec/vulkan_av1.c:183:43: error: initialization of ‘long long unsigned int’ from ‘void *’ makes integer from pointer without a cast [-Wint-conversion] + 183 | .videoSessionParametersTemplate = NULL, + | ^~~~ +src/libavcodec/vulkan_av1.c:183:43: note: (near initialization for ‘(anonymous).videoSessionParametersTemplate’) +``` + +Use Vulkan's VK_NULL_HANDLE instead of bare NULL. + +Fix Trac ticket #10724. + +Was reported downstream in Gentoo at https://bugs.gentoo.org/919067. + +Signed-off-by: Sam James +--- + libavcodec/vulkan_av1.c | 2 +- + libavcodec/vulkan_decode.c | 6 +++--- + libavcodec/vulkan_h264.c | 2 +- + libavcodec/vulkan_hevc.c | 2 +- + libavcodec/vulkan_video.c | 2 +- + 5 files changed, 7 insertions(+), 7 deletions(-) + +--- a/libavcodec/vulkan_av1.c ++++ b/libavcodec/vulkan_av1.c +@@ -180,7 +180,7 @@ static int vk_av1_create_params(AVCodecC + .sType = VK_STRUCTURE_TYPE_VIDEO_SESSION_PARAMETERS_CREATE_INFO_KHR, + .pNext = &av1_params, + .videoSession = ctx->common.session, +- .videoSessionParametersTemplate = NULL, ++ .videoSessionParametersTemplate = VK_NULL_HANDLE, + }; + + err = ff_vk_decode_create_params(buf, avctx, ctx, &session_params_create); +--- a/libavcodec/vulkan_decode.c ++++ b/libavcodec/vulkan_decode.c +@@ -188,9 +188,9 @@ int ff_vk_decode_prepare_frame(FFVulkanD + return 0; + + vkpic->dpb_frame = NULL; +- vkpic->img_view_ref = NULL; +- vkpic->img_view_out = NULL; +- vkpic->img_view_dest = NULL; ++ vkpic->img_view_ref = VK_NULL_HANDLE; ++ vkpic->img_view_out = VK_NULL_HANDLE; ++ vkpic->img_view_dest = VK_NULL_HANDLE; + + vkpic->destroy_image_view = vk->DestroyImageView; + vkpic->wait_semaphores = vk->WaitSemaphores; +--- a/libavcodec/vulkan_h264.c ++++ b/libavcodec/vulkan_h264.c +@@ -315,7 +315,7 @@ static int vk_h264_create_params(AVCodec + .sType = VK_STRUCTURE_TYPE_VIDEO_SESSION_PARAMETERS_CREATE_INFO_KHR, + .pNext = &h264_params, + .videoSession = ctx->common.session, +- .videoSessionParametersTemplate = NULL, ++ .videoSessionParametersTemplate = VK_NULL_HANDLE, + }; + + /* SPS list */ +--- a/libavcodec/vulkan_hevc.c ++++ b/libavcodec/vulkan_hevc.c +@@ -653,7 +653,7 @@ static int vk_hevc_create_params(AVCodec + .sType = VK_STRUCTURE_TYPE_VIDEO_SESSION_PARAMETERS_CREATE_INFO_KHR, + .pNext = &h265_params, + .videoSession = ctx->common.session, +- .videoSessionParametersTemplate = NULL, ++ .videoSessionParametersTemplate = VK_NULL_HANDLE, + }; + + HEVCHeaderSet *hdr; +--- a/libavcodec/vulkan_video.c ++++ b/libavcodec/vulkan_video.c +@@ -287,7 +287,7 @@ av_cold void ff_vk_video_common_uninit(F + if (common->session) { + vk->DestroyVideoSessionKHR(s->hwctx->act_dev, common->session, + s->hwctx->alloc); +- common->session = NULL; ++ common->session = VK_NULL_HANDLE; + } + + if (common->nb_mem && common->mem) From 64ccc5e74820477be65a1b6cb49608aba6fcfae1 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Fri, 2 May 2025 16:04:46 -0700 Subject: [PATCH 040/239] ffmpeg: add libatomic dependency Some platforms lack builtin atomics and use libatomic. Add it. Backport various patches to fix some warnings. Signed-off-by: Rosen Penev (cherry picked from commit e64ca4a0dc53fb6496fbb4c7842d60303bd1d012) --- multimedia/ffmpeg/Makefile | 4 +- ...codec-fix-Wint-conversion-in-vulkan.patch} | 0 ...ard-fd_dup-by-FD_PROTOCOL-or-PIPE_PR.patch | 31 ++++++++++ ...fix-the-print-format-of-VkDeviceSize.patch | 24 ++++++++ ...e-declarations-and-definitions-match.patch | 58 +++++++++++++++++++ multimedia/ffmpeg/patches/050-glibc.patch | 11 ---- ...060-avutil-tx-fix-GCC-memset-warning.patch | 23 ++++++++ ...-rawdec-guard-by-CONFIG_DATA_DEMUXER.patch | 30 ++++++++++ ...ay-dvd-Use-correct-pointer-types-on-.patch | 43 ++++++++++++++ ...ff-Suppress-unused-variable-warnings.patch | 30 ++++++++++ ...tore-autodetection-of-v4l2-and-fbdev.patch | 29 ++++++++++ ...figure-improve-check-for-POSIX-ioctl.patch | 41 +++++++++++++ ...nelsplit-fix-mixed-declaration-and-c.patch | 30 ++++++++++ 13 files changed, 341 insertions(+), 13 deletions(-) rename multimedia/ffmpeg/patches/{020-gcc14.patch => 020-libavcodec-fix-Wint-conversion-in-vulkan.patch} (100%) create mode 100644 multimedia/ffmpeg/patches/030-avformat-file-guard-fd_dup-by-FD_PROTOCOL-or-PIPE_PR.patch create mode 100644 multimedia/ffmpeg/patches/040-vulkan_decode-fix-the-print-format-of-VkDeviceSize.patch create mode 100644 multimedia/ffmpeg/patches/050-avcodec-dct-Make-declarations-and-definitions-match.patch delete mode 100644 multimedia/ffmpeg/patches/050-glibc.patch create mode 100644 multimedia/ffmpeg/patches/060-avutil-tx-fix-GCC-memset-warning.patch create mode 100644 multimedia/ffmpeg/patches/070-avformat-rawdec-guard-by-CONFIG_DATA_DEMUXER.patch create mode 100644 multimedia/ffmpeg/patches/080-avcodec-pcm-bluray-dvd-Use-correct-pointer-types-on-.patch create mode 100644 multimedia/ffmpeg/patches/090-avcodec-tiff-Suppress-unused-variable-warnings.patch create mode 100644 multimedia/ffmpeg/patches/100-configure-restore-autodetection-of-v4l2-and-fbdev.patch create mode 100644 multimedia/ffmpeg/patches/110-configure-improve-check-for-POSIX-ioctl.patch create mode 100644 multimedia/ffmpeg/patches/120-avfilter-af_channelsplit-fix-mixed-declaration-and-c.patch diff --git a/multimedia/ffmpeg/Makefile b/multimedia/ffmpeg/Makefile index cd392801529281..411975f8aaa944 100644 --- a/multimedia/ffmpeg/Makefile +++ b/multimedia/ffmpeg/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ffmpeg PKG_VERSION:=6.1.2 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://ffmpeg.org/releases/ @@ -231,7 +231,7 @@ include $(INCLUDE_DIR)/package.mk define Package/ffmpeg/Default TITLE:=FFmpeg URL:=https://ffmpeg.org/ - DEPENDS+= +libpthread + DEPENDS+= +libatomic endef define Package/ffmpeg/Default/description diff --git a/multimedia/ffmpeg/patches/020-gcc14.patch b/multimedia/ffmpeg/patches/020-libavcodec-fix-Wint-conversion-in-vulkan.patch similarity index 100% rename from multimedia/ffmpeg/patches/020-gcc14.patch rename to multimedia/ffmpeg/patches/020-libavcodec-fix-Wint-conversion-in-vulkan.patch diff --git a/multimedia/ffmpeg/patches/030-avformat-file-guard-fd_dup-by-FD_PROTOCOL-or-PIPE_PR.patch b/multimedia/ffmpeg/patches/030-avformat-file-guard-fd_dup-by-FD_PROTOCOL-or-PIPE_PR.patch new file mode 100644 index 00000000000000..00487f5c22a532 --- /dev/null +++ b/multimedia/ffmpeg/patches/030-avformat-file-guard-fd_dup-by-FD_PROTOCOL-or-PIPE_PR.patch @@ -0,0 +1,31 @@ +From cb9c98da16e8412046835ebc0d167a4e09909df0 Mon Sep 17 00:00:00 2001 +From: Zhao Zhili +Date: Sun, 30 Jun 2024 18:33:19 +0800 +Subject: [PATCH] avformat/file: guard fd_dup by FD_PROTOCOL or PIPE_PROTOCOL + +fd_dup is unused when fd and pipe have been disabled. This also +fix build error with wasi since 'dup' isn't available. + +Signed-off-by: Zhao Zhili +--- + libavformat/file.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/libavformat/file.c ++++ b/libavformat/file.c +@@ -192,6 +192,7 @@ static int file_check(URLContext *h, int + return ret; + } + ++#if CONFIG_FD_PROTOCOL || CONFIG_PIPE_PROTOCOL + static int fd_dup(URLContext *h, int oldfd) + { + int newfd; +@@ -214,6 +215,7 @@ static int fd_dup(URLContext *h, int old + #endif + return newfd; + } ++#endif + + static int file_close(URLContext *h) + { diff --git a/multimedia/ffmpeg/patches/040-vulkan_decode-fix-the-print-format-of-VkDeviceSize.patch b/multimedia/ffmpeg/patches/040-vulkan_decode-fix-the-print-format-of-VkDeviceSize.patch new file mode 100644 index 00000000000000..aa7c9917289c9a --- /dev/null +++ b/multimedia/ffmpeg/patches/040-vulkan_decode-fix-the-print-format-of-VkDeviceSize.patch @@ -0,0 +1,24 @@ +From c961ac4b0ca27d451c430553793b3fff88fc78e5 Mon Sep 17 00:00:00 2001 +From: Jun Zhao +Date: Sun, 12 Nov 2023 18:25:29 +0800 +Subject: [PATCH] vulkan_decode: fix the print format of VkDeviceSize + +VkDeviceSize represents device memory size and offset +values as uint64_t in Spec. + +Signed-off-by: Jun Zhao +--- + libavcodec/vulkan_video.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/libavcodec/vulkan_video.c ++++ b/libavcodec/vulkan_video.c +@@ -384,7 +384,7 @@ av_cold int ff_vk_video_common_init(void + .memorySize = mem[i].memoryRequirements.size, + }; + +- av_log(log, AV_LOG_VERBOSE, "Allocating %"SIZE_SPECIFIER" bytes in bind index %i for video session\n", ++ av_log(log, AV_LOG_VERBOSE, "Allocating %"PRIu64" bytes in bind index %i for video session\n", + bind_mem[i].memorySize, bind_mem[i].memoryBindIndex); + } + diff --git a/multimedia/ffmpeg/patches/050-avcodec-dct-Make-declarations-and-definitions-match.patch b/multimedia/ffmpeg/patches/050-avcodec-dct-Make-declarations-and-definitions-match.patch new file mode 100644 index 00000000000000..8b0506794962d3 --- /dev/null +++ b/multimedia/ffmpeg/patches/050-avcodec-dct-Make-declarations-and-definitions-match.patch @@ -0,0 +1,58 @@ +From 2204efc2a656ae60d77a4d01c6cf8e7d6baaf030 Mon Sep 17 00:00:00 2001 +From: Andreas Rheinhardt +Date: Sun, 30 Mar 2025 12:49:07 +0200 +Subject: [PATCH] avcodec/dct: Make declarations and definitions match + +GCC considers declarations using a parameter of pointer +type (or equivalently a parameter using an array of unspecified +dimensions) to be inconsistent with a declaration using +a known-length array type and emits a -Warray-parameter warning +for several ff_j_rev_dct* functions for this. + +This patch makes the declarations match the actual definitions +to suppress these (IMO nonsensical) warnings. + +Signed-off-by: Andreas Rheinhardt +--- + libavcodec/dct.h | 12 ++++++------ + libavcodec/jrevdct.c | 4 ++-- + 2 files changed, 8 insertions(+), 8 deletions(-) + +--- a/libavcodec/dct.h ++++ b/libavcodec/dct.h +@@ -27,11 +27,11 @@ + #include + #include + +-void ff_j_rev_dct(int16_t *data); +-void ff_j_rev_dct4(int16_t *data); +-void ff_j_rev_dct2(int16_t *data); +-void ff_j_rev_dct1(int16_t *data); +-void ff_jref_idct_put(uint8_t *dest, ptrdiff_t line_size, int16_t *block); +-void ff_jref_idct_add(uint8_t *dest, ptrdiff_t line_size, int16_t *block); ++void ff_j_rev_dct(int16_t data[64]); ++void ff_j_rev_dct4(int16_t data[64]); ++void ff_j_rev_dct2(int16_t data[64]); ++void ff_j_rev_dct1(int16_t data[64]); ++void ff_jref_idct_put(uint8_t *dest, ptrdiff_t line_size, int16_t block[64]); ++void ff_jref_idct_add(uint8_t *dest, ptrdiff_t line_size, int16_t block[64]); + + #endif /* AVCODEC_DCT_H */ +--- a/libavcodec/jrevdct.c ++++ b/libavcodec/jrevdct.c +@@ -1159,13 +1159,13 @@ void ff_j_rev_dct1(DCTBLOCK data){ + #undef FIX + #undef CONST_BITS + +-void ff_jref_idct_put(uint8_t *dest, ptrdiff_t line_size, int16_t *block) ++void ff_jref_idct_put(uint8_t *dest, ptrdiff_t line_size, int16_t block[64]) + { + ff_j_rev_dct(block); + ff_put_pixels_clamped_c(block, dest, line_size); + } + +-void ff_jref_idct_add(uint8_t *dest, ptrdiff_t line_size, int16_t *block) ++void ff_jref_idct_add(uint8_t *dest, ptrdiff_t line_size, int16_t block[64]) + { + ff_j_rev_dct(block); + ff_add_pixels_clamped_c(block, dest, line_size); diff --git a/multimedia/ffmpeg/patches/050-glibc.patch b/multimedia/ffmpeg/patches/050-glibc.patch deleted file mode 100644 index 25eba2aea0b0ca..00000000000000 --- a/multimedia/ffmpeg/patches/050-glibc.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/libavcodec/wmv2dsp.c -+++ b/libavcodec/wmv2dsp.c -@@ -264,7 +264,7 @@ av_cold void ff_wmv2dsp_init(WMV2DSPCont - c->put_mspel_pixels_tab[6] = put_mspel8_mc22_c; - c->put_mspel_pixels_tab[7] = put_mspel8_mc32_c; - --#if ARCH_MIPS -+#if ARCH_MIPS64 - ff_wmv2dsp_init_mips(c); - #endif - } diff --git a/multimedia/ffmpeg/patches/060-avutil-tx-fix-GCC-memset-warning.patch b/multimedia/ffmpeg/patches/060-avutil-tx-fix-GCC-memset-warning.patch new file mode 100644 index 00000000000000..1206138eea1280 --- /dev/null +++ b/multimedia/ffmpeg/patches/060-avutil-tx-fix-GCC-memset-warning.patch @@ -0,0 +1,23 @@ +From 9a670636c0ee7c24b70591d315524e61c709ea5a Mon Sep 17 00:00:00 2001 +From: Rosen Penev +Date: Fri, 2 May 2025 15:15:25 -0700 +Subject: [PATCH] avutil/tx: fix GCC memset warning + +The warning is that the whole array is not being cleared. + +Signed-off-by: Rosen Penev +--- + libavutil/tx.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/libavutil/tx.c ++++ b/libavutil/tx.c +@@ -283,7 +283,7 @@ static void reset_ctx(AVTXContext *s, in + * ff_tx_init_subtx() call is made. */ + s->nb_sub = 0; + s->opaque = NULL; +- memset(s->fn, 0, sizeof(*s->fn)); ++ memset(s->fn, 0, sizeof(s->fn)); + } + + void ff_tx_clear_ctx(AVTXContext *s) diff --git a/multimedia/ffmpeg/patches/070-avformat-rawdec-guard-by-CONFIG_DATA_DEMUXER.patch b/multimedia/ffmpeg/patches/070-avformat-rawdec-guard-by-CONFIG_DATA_DEMUXER.patch new file mode 100644 index 00000000000000..c8fb97b8628ddb --- /dev/null +++ b/multimedia/ffmpeg/patches/070-avformat-rawdec-guard-by-CONFIG_DATA_DEMUXER.patch @@ -0,0 +1,30 @@ +From 22baff53be0f830a1607af2b60e50605eb732ec4 Mon Sep 17 00:00:00 2001 +From: Rosen Penev +Date: Fri, 2 May 2025 15:21:13 -0700 +Subject: [PATCH] avformat/rawdec: guard by CONFIG_DATA_DEMUXER + +Otherwise raw_data_read_header becomes an unused static function. + +Signed-off-by: Rosen Penev +--- + libavformat/rawdec.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/libavformat/rawdec.c ++++ b/libavformat/rawdec.c +@@ -102,6 +102,7 @@ int ff_raw_subtitle_read_header(AVFormat + return 0; + } + ++#if CONFIG_DATA_DEMUXER + static int raw_data_read_header(AVFormatContext *s) + { + AVStream *st = avformat_new_stream(s, NULL); +@@ -112,6 +113,7 @@ static int raw_data_read_header(AVFormat + st->start_time = 0; + return 0; + } ++#endif + + /* Note: Do not forget to add new entries to the Makefile as well. */ + diff --git a/multimedia/ffmpeg/patches/080-avcodec-pcm-bluray-dvd-Use-correct-pointer-types-on-.patch b/multimedia/ffmpeg/patches/080-avcodec-pcm-bluray-dvd-Use-correct-pointer-types-on-.patch new file mode 100644 index 00000000000000..29abd88817ff80 --- /dev/null +++ b/multimedia/ffmpeg/patches/080-avcodec-pcm-bluray-dvd-Use-correct-pointer-types-on-.patch @@ -0,0 +1,43 @@ +From 347a70f101be28f8d78e8fd62ffc3a78324f49e9 Mon Sep 17 00:00:00 2001 +From: Andreas Rheinhardt +Date: Thu, 28 Mar 2024 05:35:36 +0100 +Subject: [PATCH] avcodec/pcm-bluray/dvd: Use correct pointer types on BE + +Signed-off-by: Andreas Rheinhardt +--- + libavcodec/pcm-bluray.c | 5 +++-- + libavcodec/pcm-dvd.c | 2 +- + 2 files changed, 4 insertions(+), 3 deletions(-) + +--- a/libavcodec/pcm-bluray.c ++++ b/libavcodec/pcm-bluray.c +@@ -167,7 +167,7 @@ static int pcm_bluray_decode_frame(AVCod + samples *= num_source_channels; + if (AV_SAMPLE_FMT_S16 == avctx->sample_fmt) { + #if HAVE_BIGENDIAN +- bytestream2_get_buffer(&gb, dst16, buf_size); ++ bytestream2_get_buffer(&gb, (uint8_t*)dst16, buf_size); + #else + do { + *dst16++ = bytestream2_get_be16u(&gb); +@@ -187,7 +187,8 @@ static int pcm_bluray_decode_frame(AVCod + if (AV_SAMPLE_FMT_S16 == avctx->sample_fmt) { + do { + #if HAVE_BIGENDIAN +- bytestream2_get_buffer(&gb, dst16, avctx->ch_layout.nb_channels * 2); ++ bytestream2_get_buffer(&gb, (uint8_t*)dst16, ++ avctx->ch_layout.nb_channels * 2); + dst16 += avctx->ch_layout.nb_channels; + #else + channel = avctx->ch_layout.nb_channels; +--- a/libavcodec/pcm-dvd.c ++++ b/libavcodec/pcm-dvd.c +@@ -157,7 +157,7 @@ static void *pcm_dvd_decode_samples(AVCo + switch (avctx->bits_per_coded_sample) { + case 16: { + #if HAVE_BIGENDIAN +- bytestream2_get_buffer(&gb, dst16, blocks * s->block_size); ++ bytestream2_get_buffer(&gb, (uint8_t*)dst16, blocks * s->block_size); + dst16 += blocks * s->block_size / 2; + #else + int samples = blocks * avctx->ch_layout.nb_channels; diff --git a/multimedia/ffmpeg/patches/090-avcodec-tiff-Suppress-unused-variable-warnings.patch b/multimedia/ffmpeg/patches/090-avcodec-tiff-Suppress-unused-variable-warnings.patch new file mode 100644 index 00000000000000..65bed650890022 --- /dev/null +++ b/multimedia/ffmpeg/patches/090-avcodec-tiff-Suppress-unused-variable-warnings.patch @@ -0,0 +1,30 @@ +From bb3c50b46d50b8bf4f45d7ae8f24607aaf23acea Mon Sep 17 00:00:00 2001 +From: Andreas Rheinhardt +Date: Sun, 2 Jun 2024 06:11:46 +0200 +Subject: [PATCH] avcodec/tiff: Suppress unused variable warnings + +Signed-off-by: Andreas Rheinhardt +--- + libavcodec/tiff.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/libavcodec/tiff.c ++++ b/libavcodec/tiff.c +@@ -427,7 +427,7 @@ static void av_always_inline horizontal_ + uint8_t shift = is_dng ? 0 : 16 - bpp; + GetBitContext gb; + +- int ret = init_get_bits8(&gb, src, width); ++ av_unused int ret = init_get_bits8(&gb, src, width); + av_assert1(ret >= 0); + for (int i = 0; i < s->width; i++) { + dst16[i] = get_bits(&gb, bpp) << shift; +@@ -462,7 +462,7 @@ static void unpack_gray(TiffContext *s, + GetBitContext gb; + uint16_t *dst = (uint16_t *)(p->data[0] + lnum * p->linesize[0]); + +- int ret = init_get_bits8(&gb, src, width); ++ av_unused int ret = init_get_bits8(&gb, src, width); + av_assert1(ret >= 0); + + for (int i = 0; i < s->width; i++) { diff --git a/multimedia/ffmpeg/patches/100-configure-restore-autodetection-of-v4l2-and-fbdev.patch b/multimedia/ffmpeg/patches/100-configure-restore-autodetection-of-v4l2-and-fbdev.patch new file mode 100644 index 00000000000000..337d28fc700ebb --- /dev/null +++ b/multimedia/ffmpeg/patches/100-configure-restore-autodetection-of-v4l2-and-fbdev.patch @@ -0,0 +1,29 @@ +From 7405f1ad5351cc24b91a0227aeeaf24ff9d12278 Mon Sep 17 00:00:00 2001 +From: Ramiro Polla +Date: Wed, 3 Jul 2024 00:30:08 +0200 +Subject: [PATCH] configure: restore autodetection of v4l2 and fbdev + +The detection logic for v4l2 and fbdev was accidentally modified to +depend on v4l2-m2m in 43b3412. +--- + configure | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/configure ++++ b/configure +@@ -6985,11 +6985,12 @@ pod2man --help > /dev/null 2>&1 && e + rsync --help 2> /dev/null | grep -q 'contimeout' && enable rsync_contimeout || disable rsync_contimeout + xmllint --version > /dev/null 2>&1 && enable xmllint || disable xmllint + ++check_headers linux/fb.h ++check_headers linux/videodev2.h ++test_code cc linux/videodev2.h "struct v4l2_frmsizeenum vfse; vfse.discrete.width = 0;" && enable_sanitized struct_v4l2_frmivalenum_discrete ++ + # check V4L2 codecs available in the API + if enabled v4l2_m2m; then +- check_headers linux/fb.h +- check_headers linux/videodev2.h +- test_code cc linux/videodev2.h "struct v4l2_frmsizeenum vfse; vfse.discrete.width = 0;" && enable_sanitized struct_v4l2_frmivalenum_discrete + check_cc v4l2_m2m linux/videodev2.h "int i = V4L2_CAP_VIDEO_M2M_MPLANE | V4L2_CAP_VIDEO_M2M | V4L2_BUF_FLAG_LAST;" + check_cc vc1_v4l2_m2m linux/videodev2.h "int i = V4L2_PIX_FMT_VC1_ANNEX_G;" + check_cc mpeg1_v4l2_m2m linux/videodev2.h "int i = V4L2_PIX_FMT_MPEG1;" diff --git a/multimedia/ffmpeg/patches/110-configure-improve-check-for-POSIX-ioctl.patch b/multimedia/ffmpeg/patches/110-configure-improve-check-for-POSIX-ioctl.patch new file mode 100644 index 00000000000000..5b7bd03a62c52d --- /dev/null +++ b/multimedia/ffmpeg/patches/110-configure-improve-check-for-POSIX-ioctl.patch @@ -0,0 +1,41 @@ +From 00b64fca55a3a009c9d0e391c85f4fd3291e5d12 Mon Sep 17 00:00:00 2001 +From: Ramiro Polla +Date: Thu, 29 Aug 2024 15:40:00 +0200 +Subject: [PATCH] configure: improve check for POSIX ioctl + +Instead of relying on system #ifdefs which may or may not be correct, +detect the POSIX ioctl signature at configure time. +--- + configure | 2 ++ + libavdevice/v4l2.c | 2 +- + 2 files changed, 3 insertions(+), 1 deletion(-) + +--- a/configure ++++ b/configure +@@ -2450,6 +2450,7 @@ HAVE_LIST=" + opencl_vaapi_intel_media + perl + pod2man ++ posix_ioctl + texi2html + xmllint + zlib_gzip +@@ -6988,6 +6989,7 @@ xmllint --version > /dev/null 2>&1 && e + check_headers linux/fb.h + check_headers linux/videodev2.h + test_code cc linux/videodev2.h "struct v4l2_frmsizeenum vfse; vfse.discrete.width = 0;" && enable_sanitized struct_v4l2_frmivalenum_discrete ++test_code cc sys/ioctl.h "int ioctl(int, int, ...)" && enable posix_ioctl + + # check V4L2 codecs available in the API + if enabled v4l2_m2m; then +--- a/libavdevice/v4l2.c ++++ b/libavdevice/v4l2.c +@@ -107,7 +107,7 @@ struct video_data { + int (*open_f)(const char *file, int oflag, ...); + int (*close_f)(int fd); + int (*dup_f)(int fd); +-#if defined(__sun) || defined(__BIONIC__) || defined(__musl__) /* POSIX-like */ ++#if HAVE_POSIX_IOCTL + int (*ioctl_f)(int fd, int request, ...); + #else + int (*ioctl_f)(int fd, unsigned long int request, ...); diff --git a/multimedia/ffmpeg/patches/120-avfilter-af_channelsplit-fix-mixed-declaration-and-c.patch b/multimedia/ffmpeg/patches/120-avfilter-af_channelsplit-fix-mixed-declaration-and-c.patch new file mode 100644 index 00000000000000..9b37926e586ccb --- /dev/null +++ b/multimedia/ffmpeg/patches/120-avfilter-af_channelsplit-fix-mixed-declaration-and-c.patch @@ -0,0 +1,30 @@ +From 613c85a8f5b296c2b79fc0abfd98fccf962bb334 Mon Sep 17 00:00:00 2001 +From: Marvin Scholz +Date: Fri, 12 Jul 2024 17:47:14 +0200 +Subject: [PATCH] avfilter/af_channelsplit: fix mixed declaration and code + +Fix a "mixing declarations and code is incompatible with standards +before C99" warning. +--- + libavfilter/af_channelsplit.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/libavfilter/af_channelsplit.c ++++ b/libavfilter/af_channelsplit.c +@@ -156,6 +156,7 @@ static int query_formats(AVFilterContext + + static int filter_frame(AVFilterLink *outlink, AVFrame *buf) + { ++ AVFrame *buf_out; + AVFilterContext *ctx = outlink->src; + ChannelSplitContext *s = ctx->priv; + const int i = FF_OUTLINK_IDX(outlink); +@@ -164,7 +165,7 @@ static int filter_frame(AVFilterLink *ou + + av_assert1(channel >= 0); + +- AVFrame *buf_out = av_frame_clone(buf); ++ buf_out = av_frame_clone(buf); + if (!buf_out) + return AVERROR(ENOMEM); + From df3f6d0459871dbfb0d9fcaa00631fd17eafc2d6 Mon Sep 17 00:00:00 2001 From: Aleksey Vasilenko Date: Sat, 23 Aug 2025 01:59:21 +0300 Subject: [PATCH 041/239] ffmpeg: update to 6.1.3 - Remove 2 upstreamed patches Signed-off-by: Aleksey Vasilenko (cherry picked from commit 114f412408922f39e11b9f1365003f6a9ca563ec) --- multimedia/ffmpeg/Makefile | 6 +-- ...tore-autodetection-of-v4l2-and-fbdev.patch | 29 ------------- ...figure-improve-check-for-POSIX-ioctl.patch | 41 ------------------- 3 files changed, 3 insertions(+), 73 deletions(-) delete mode 100644 multimedia/ffmpeg/patches/100-configure-restore-autodetection-of-v4l2-and-fbdev.patch delete mode 100644 multimedia/ffmpeg/patches/110-configure-improve-check-for-POSIX-ioctl.patch diff --git a/multimedia/ffmpeg/Makefile b/multimedia/ffmpeg/Makefile index 411975f8aaa944..ca6e057fbe2d21 100644 --- a/multimedia/ffmpeg/Makefile +++ b/multimedia/ffmpeg/Makefile @@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ffmpeg -PKG_VERSION:=6.1.2 -PKG_RELEASE:=3 +PKG_VERSION:=6.1.3 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://ffmpeg.org/releases/ -PKG_HASH:=3b624649725ecdc565c903ca6643d41f33bd49239922e45c9b1442c63dca4e38 +PKG_HASH:=bc5f1e4a4d283a6492354684ee1124129c52293bcfc6a9169193539fbece3487 PKG_MAINTAINER:=Ted Hess , \ Ian Leonard diff --git a/multimedia/ffmpeg/patches/100-configure-restore-autodetection-of-v4l2-and-fbdev.patch b/multimedia/ffmpeg/patches/100-configure-restore-autodetection-of-v4l2-and-fbdev.patch deleted file mode 100644 index 337d28fc700ebb..00000000000000 --- a/multimedia/ffmpeg/patches/100-configure-restore-autodetection-of-v4l2-and-fbdev.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 7405f1ad5351cc24b91a0227aeeaf24ff9d12278 Mon Sep 17 00:00:00 2001 -From: Ramiro Polla -Date: Wed, 3 Jul 2024 00:30:08 +0200 -Subject: [PATCH] configure: restore autodetection of v4l2 and fbdev - -The detection logic for v4l2 and fbdev was accidentally modified to -depend on v4l2-m2m in 43b3412. ---- - configure | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - ---- a/configure -+++ b/configure -@@ -6985,11 +6985,12 @@ pod2man --help > /dev/null 2>&1 && e - rsync --help 2> /dev/null | grep -q 'contimeout' && enable rsync_contimeout || disable rsync_contimeout - xmllint --version > /dev/null 2>&1 && enable xmllint || disable xmllint - -+check_headers linux/fb.h -+check_headers linux/videodev2.h -+test_code cc linux/videodev2.h "struct v4l2_frmsizeenum vfse; vfse.discrete.width = 0;" && enable_sanitized struct_v4l2_frmivalenum_discrete -+ - # check V4L2 codecs available in the API - if enabled v4l2_m2m; then -- check_headers linux/fb.h -- check_headers linux/videodev2.h -- test_code cc linux/videodev2.h "struct v4l2_frmsizeenum vfse; vfse.discrete.width = 0;" && enable_sanitized struct_v4l2_frmivalenum_discrete - check_cc v4l2_m2m linux/videodev2.h "int i = V4L2_CAP_VIDEO_M2M_MPLANE | V4L2_CAP_VIDEO_M2M | V4L2_BUF_FLAG_LAST;" - check_cc vc1_v4l2_m2m linux/videodev2.h "int i = V4L2_PIX_FMT_VC1_ANNEX_G;" - check_cc mpeg1_v4l2_m2m linux/videodev2.h "int i = V4L2_PIX_FMT_MPEG1;" diff --git a/multimedia/ffmpeg/patches/110-configure-improve-check-for-POSIX-ioctl.patch b/multimedia/ffmpeg/patches/110-configure-improve-check-for-POSIX-ioctl.patch deleted file mode 100644 index 5b7bd03a62c52d..00000000000000 --- a/multimedia/ffmpeg/patches/110-configure-improve-check-for-POSIX-ioctl.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 00b64fca55a3a009c9d0e391c85f4fd3291e5d12 Mon Sep 17 00:00:00 2001 -From: Ramiro Polla -Date: Thu, 29 Aug 2024 15:40:00 +0200 -Subject: [PATCH] configure: improve check for POSIX ioctl - -Instead of relying on system #ifdefs which may or may not be correct, -detect the POSIX ioctl signature at configure time. ---- - configure | 2 ++ - libavdevice/v4l2.c | 2 +- - 2 files changed, 3 insertions(+), 1 deletion(-) - ---- a/configure -+++ b/configure -@@ -2450,6 +2450,7 @@ HAVE_LIST=" - opencl_vaapi_intel_media - perl - pod2man -+ posix_ioctl - texi2html - xmllint - zlib_gzip -@@ -6988,6 +6989,7 @@ xmllint --version > /dev/null 2>&1 && e - check_headers linux/fb.h - check_headers linux/videodev2.h - test_code cc linux/videodev2.h "struct v4l2_frmsizeenum vfse; vfse.discrete.width = 0;" && enable_sanitized struct_v4l2_frmivalenum_discrete -+test_code cc sys/ioctl.h "int ioctl(int, int, ...)" && enable posix_ioctl - - # check V4L2 codecs available in the API - if enabled v4l2_m2m; then ---- a/libavdevice/v4l2.c -+++ b/libavdevice/v4l2.c -@@ -107,7 +107,7 @@ struct video_data { - int (*open_f)(const char *file, int oflag, ...); - int (*close_f)(int fd); - int (*dup_f)(int fd); --#if defined(__sun) || defined(__BIONIC__) || defined(__musl__) /* POSIX-like */ -+#if HAVE_POSIX_IOCTL - int (*ioctl_f)(int fd, int request, ...); - #else - int (*ioctl_f)(int fd, unsigned long int request, ...); From 23ea85eb9d45b04ea892a7386b91e66c6399c883 Mon Sep 17 00:00:00 2001 From: Aleksey Vasilenko Date: Sat, 23 Aug 2025 00:16:47 +0300 Subject: [PATCH 042/239] subversion: update to 1.14.5 update to 1.14.5 Signed-off-by: Aleksey Vasilenko (cherry picked from commit 9443e91b6e817ec0eb53bb08d3bec13df2fee06b) --- net/subversion/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/subversion/Makefile b/net/subversion/Makefile index 944a32eba337ae..33f5f5aa6f175e 100644 --- a/net/subversion/Makefile +++ b/net/subversion/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=subversion -PKG_VERSION:=1.14.3 +PKG_VERSION:=1.14.5 PKG_RELEASE:=1 PKG_SOURCE_URL:=@APACHE/subversion PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 -PKG_HASH:=949efd451a09435f7e8573574c71c7b71b194d844890fa49cd61d2262ea1a440 +PKG_HASH:=e78a29e7766b8b7b354497d08f71a55641abc53675ce1875584781aae35644a1 PKG_MAINTAINER:=Aleksey Vasilenko PKG_LICENSE:=Apache-2.0 From 00c126a07b03f3a395851d568326a756ef2f4406 Mon Sep 17 00:00:00 2001 From: John Audia Date: Fri, 20 Dec 2024 11:22:54 -0500 Subject: [PATCH 043/239] lxc: update to 6.0.3 No patches needed to be rebased/simple version bump. Build system: x86/64 Build-tested: x86/64 Run-tested: x86/64 Signed-off-by: John Audia (cherry picked from commit f8587b9ec49a77ea4f2663853e257fe61e2d052e) --- utils/lxc/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/lxc/Makefile b/utils/lxc/Makefile index 0cda02d48d3ac9..c59038d3b29ee0 100644 --- a/utils/lxc/Makefile +++ b/utils/lxc/Makefile @@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lxc -PKG_VERSION:=6.0.2 +PKG_VERSION:=6.0.3 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://linuxcontainers.org/downloads/lxc/ -PKG_HASH:=1930aa10d892db8531d1353d15f7ebf5913e74a19e134423e4d074c07f2d6e8b +PKG_HASH:=adac0837d2abfd2903916eaf56f60756f131327311f4f25ad917f6a71f73f98c PKG_MAINTAINER:=Marko Ratkaj PKG_LICENSE:=LGPL-2.1-or-later BSD-2-Clause GPL-2.0 From d833f474727077e4d619ce56aab1d07f1342e6d4 Mon Sep 17 00:00:00 2001 From: John Audia Date: Thu, 9 Jan 2025 21:48:25 -0500 Subject: [PATCH 044/239] lxc: remove check for options we do not package We do not package lxc-net or lxcfs so remove the lines within lxc-checkconfig that looks forCONFIG_IP_NF_TARGET_MASQUERADE and CONFIG_IP6_NF_TARGET_MASQUERADE which, as far as I know, is the only part of lxc that needs them. Also remove the check for FUSE since we do not pakcage lxcfs. Without this commit, users will see these two as missing. Signed-off-by: John Audia (cherry picked from commit 57434a290d1f29112e130620531286845476d63c) --- ...eckconfig-remove-options-for-lxc-net.patch | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 utils/lxc/patches/019-lxc-checkconfig-remove-options-for-lxc-net.patch diff --git a/utils/lxc/patches/019-lxc-checkconfig-remove-options-for-lxc-net.patch b/utils/lxc/patches/019-lxc-checkconfig-remove-options-for-lxc-net.patch new file mode 100644 index 00000000000000..4423b4e451b84c --- /dev/null +++ b/utils/lxc/patches/019-lxc-checkconfig-remove-options-for-lxc-net.patch @@ -0,0 +1,19 @@ +--- a/src/lxc/cmd/lxc-checkconfig.in ++++ b/src/lxc/cmd/lxc-checkconfig.in +@@ -250,16 +250,10 @@ if { [ "${KVER_MAJOR}" -gt 3 ] && [ "${K + printf "CONFIG_NF_NAT_IPV6: " && is_enabled CONFIG_NF_NAT_IPV6 && is_probed nf_nat_ipv6 + fi + echo +-printf "CONFIG_IP_NF_TARGET_MASQUERADE: " && is_enabled CONFIG_IP_NF_TARGET_MASQUERADE && is_probed nf_nat_masquerade_ipv4 +-echo +-printf "CONFIG_IP6_NF_TARGET_MASQUERADE: " && is_enabled CONFIG_IP6_NF_TARGET_MASQUERADE && is_probed nf_nat_masquerade_ipv6 +-echo + printf "CONFIG_NETFILTER_XT_TARGET_CHECKSUM: " && is_enabled CONFIG_NETFILTER_XT_TARGET_CHECKSUM && is_probed xt_CHECKSUM + echo + printf "CONFIG_NETFILTER_XT_MATCH_COMMENT: " && is_enabled CONFIG_NETFILTER_XT_MATCH_COMMENT && is_probed xt_comment + echo +-printf "FUSE (for use with lxcfs): " && is_enabled CONFIG_FUSE_FS && is_probed fuse +-echo + + echo " + --- Checkpoint/Restore ---" From 356f36a5d26b3f9c7288369cfe57bc61b6763a9d Mon Sep 17 00:00:00 2001 From: John Audia Date: Thu, 9 Jan 2025 17:35:33 -0500 Subject: [PATCH 045/239] lxc: add missing deps Several deps are missing based the output of lxc-checkconfig shown below before this commit is applied. CONFIG_IP_NF_TARGET_MASQUERADE and CONFIG_IP6_NF_TARGET_MASQUERADE are only needed for lxc-net which we do not package. % lxc-checkconfig | grep missing Cgroup device: missing CONFIG_IP_NF_TARGET_MASQUERADE: missing CONFIG_IP6_NF_TARGET_MASQUERADE: missing CONFIG_NETFILTER_XT_TARGET_CHECKSUM: missing FUSE (for use with lxcfs): missing checkpoint restore: missing CONFIG_UNIX_DIAG: missing CONFIG_INET_DIAG: missing CONFIG_PACKET_DIAG: missing CONFIG_NETLINK_DIAG: missing Additionally, two new patches have been added which remove checks for options that OpenWrt currently does not package and can serve are false positives for missing items from our kernel config, namely: lxc-net and lxc-checkpoint After applying this commit, below is the output showing that the kernel config[1] should pass all tests for functionality: % CONFIG=config ./lxc-checkconfig LXC version 6.0.3 --- Namespaces --- Namespaces: enabled Utsname namespace: enabled Ipc namespace: enabled Pid namespace: enabled User namespace: enabled Network namespace: enabled Namespace limits: cgroup: 383849 ipc: 383849 mnt: 383849 net: 383849 pid: 383849 time: 383849 user: 383849 uts: 383849 --- Control groups --- Cgroups: enabled Cgroup namespace: enabled Cgroup v1 mount points: Cgroup v2 mount points: - /sys/fs/cgroup Cgroup device: enabled Cgroup sched: enabled Cgroup cpu account: enabled Cgroup memory controller: enabled Cgroup cpuset: enabled --- Misc --- Veth pair device: enabled, loaded Macvlan: enabled, not loaded Vlan: enabled, not loaded Bridges: enabled, loaded Advanced netfilter: enabled, loaded CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loaded CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, loaded --- Checkpoint/Restore --- checkpoint restore: missing CONFIG_FHANDLE: enabled CONFIG_EVENTFD: enabled CONFIG_EPOLL: enabled CONFIG_UNIX_DIAG: enabled CONFIG_INET_DIAG: enabled CONFIG_PACKET_DIAG: enabled CONFIG_NETLINK_DIAG: enabled File capabilities: enabled 1. Generated on 23-Feb-2025 running bcm27xx/bcm2712 on r28869+1 Signed-off-by: John Audia (cherry picked from commit ba7e4dccec3508c72bae7939d649b17aa9d4faaf) --- utils/lxc/Config.in | 6 ++++++ utils/lxc/Makefile | 2 +- ...lxc-checkconfig-remove-options-for-lxc-net.patch} | 0 ...eckconfig-remove-options-for-lxc-checkpoint.patch | 12 ++++++++++++ 4 files changed, 19 insertions(+), 1 deletion(-) rename utils/lxc/patches/{019-lxc-checkconfig-remove-options-for-lxc-net.patch => 010-lxc-checkconfig-remove-options-for-lxc-net.patch} (100%) create mode 100644 utils/lxc/patches/015-lxc-checkconfig-remove-options-for-lxc-checkpoint.patch diff --git a/utils/lxc/Config.in b/utils/lxc/Config.in index 53d7ba5fd733cd..3b5a78ed7a01d0 100644 --- a/utils/lxc/Config.in +++ b/utils/lxc/Config.in @@ -8,6 +8,7 @@ config LXC_KERNEL_OPTIONS select KERNEL_NAMESPACES select KERNEL_DEVPTS_MULTIPLE_INSTANCES select KERNEL_POSIX_MQUEUE + select KERNEL_CGROUP_DEVICE select KERNEL_CGROUP_SCHED select KERNEL_FAIR_GROUP_SCHED select KERNEL_RT_GROUP_SCHED @@ -16,6 +17,7 @@ config LXC_KERNEL_OPTIONS select KERNEL_MEMCG_KMEM select KERNEL_CPUSETS select PACKAGE_kmod-ikconfig + select PACKAGE_kmod-unix-diag help Select needed kernel options for LXC related utilities. Options include cgroups, namespaces and other miscellaneous options. These @@ -50,6 +52,10 @@ config LXC_NETWORKING default n select PACKAGE_kmod-veth select PACKAGE_kmod-macvlan + select PACKAGE_kmod-inet-diag + select PACKAGE_kmod-ipt-checksum + select PACKAGE_kmod-netlink-diag + select PACKAGE_kmod-packet-diag help Enable "veth pair device" and "macvlan" diff --git a/utils/lxc/Makefile b/utils/lxc/Makefile index c59038d3b29ee0..f343e7885e7cd0 100644 --- a/utils/lxc/Makefile +++ b/utils/lxc/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lxc PKG_VERSION:=6.0.3 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://linuxcontainers.org/downloads/lxc/ diff --git a/utils/lxc/patches/019-lxc-checkconfig-remove-options-for-lxc-net.patch b/utils/lxc/patches/010-lxc-checkconfig-remove-options-for-lxc-net.patch similarity index 100% rename from utils/lxc/patches/019-lxc-checkconfig-remove-options-for-lxc-net.patch rename to utils/lxc/patches/010-lxc-checkconfig-remove-options-for-lxc-net.patch diff --git a/utils/lxc/patches/015-lxc-checkconfig-remove-options-for-lxc-checkpoint.patch b/utils/lxc/patches/015-lxc-checkconfig-remove-options-for-lxc-checkpoint.patch new file mode 100644 index 00000000000000..c69cdaf4bb31f8 --- /dev/null +++ b/utils/lxc/patches/015-lxc-checkconfig-remove-options-for-lxc-checkpoint.patch @@ -0,0 +1,12 @@ +--- a/src/lxc/cmd/lxc-checkconfig.in ++++ b/src/lxc/cmd/lxc-checkconfig.in +@@ -256,9 +256,6 @@ printf "CONFIG_NETFILTER_XT_MATCH_COMMEN + echo + + echo " +---- Checkpoint/Restore ---" +-printf "checkpoint restore: " && is_enabled CONFIG_CHECKPOINT_RESTORE +-echo + printf "CONFIG_FHANDLE: " && is_enabled CONFIG_FHANDLE + echo + printf "CONFIG_EVENTFD: " && is_enabled CONFIG_EVENTFD From f4f7100fb8640d175a3d3c0ecbab547595f2a280 Mon Sep 17 00:00:00 2001 From: John Audia Date: Fri, 12 Jul 2024 13:57:10 -0400 Subject: [PATCH 046/239] lxc: add gnu-tar as a depends to fix lxc-create Add gnu-tar as a dependency for lxc-create which is needed to properly extract the root file system tarball. Without it, symlink target of /bin/tar is busybox and it lacks proper support to extract with xattrs. The default gnu-tar is actually built without this support as well, but it is able to extract the rootfs tarballs with a warning not an error which is not the case with busybox which ends in an error. Signed-off-by: John Audia Build system: x86/64 Build-tested: x86/64/AMD Cezanne Run-tested: x86/64/AMD Cezanne (cherry picked from commit b74dc8a119edd75454e03caa121ccb305fd29c3c) --- utils/lxc/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/lxc/Makefile b/utils/lxc/Makefile index f343e7885e7cd0..90ff7f4b963d08 100644 --- a/utils/lxc/Makefile +++ b/utils/lxc/Makefile @@ -50,7 +50,7 @@ LXC_SCRIPTS += \ DEPENDS_APPLETS = +libpthread +libcap +liblxc -DEPENDS_create = +lxc-configs +lxc-hooks +lxc-templates +flock +getopt +DEPENDS_create = +lxc-configs +lxc-hooks +lxc-templates +flock +getopt +tar define Package/lxc/Default SECTION:=utils From 98e504403d8ae89c94a4a99ae094a9d1de8a695a Mon Sep 17 00:00:00 2001 From: John Audia Date: Tue, 16 Jul 2024 15:23:36 -0400 Subject: [PATCH 047/239] lxc: fix decompression of rootfs tarballs Modified 025-remove-unsupported-option.patch to both remove the bsdtar command as it ends in errors, see below, and to circumvent an error when extracting to overlayfs[1]. Error when extracting rootfs tarball with bsdtar: tar --absolute-names --numeric-owner '--xattrs-include=*' -xpJf /var/cache/lxc//download/archlinux/current/amd64//default/rootfs.tar.xz -C /mnt/data/lxc/test/rootfs ./usr/bin/newgidmap: Cannot restore extended attributes on this system: Illegal byte sequence lxc-create: test: ../src/lxc/lxccontainer.c: create_run_template: 1589 Failed to create container from template lxc-create: test: ../src/lxc/tools/lxc_create.c: lxc_create_main: 318 Failed to create container test 1. https://github.com/openwrt/openwrt/issues/15888 Signed-off-by: John Audia Build system: x86/64 Build-tested: x86/64/AMD Cezanne Run-tested: x86/64/AMD Cezanne Signed-off-by: John Audia (cherry picked from commit 96c96fe04115de8d46639aaeeb63b94ed5dcb325) --- utils/lxc/Makefile | 2 +- .../025-remove-unsupported-option.patch | 21 ++++++++++++------- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/utils/lxc/Makefile b/utils/lxc/Makefile index 90ff7f4b963d08..e1fc688d4a3f92 100644 --- a/utils/lxc/Makefile +++ b/utils/lxc/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lxc PKG_VERSION:=6.0.3 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://linuxcontainers.org/downloads/lxc/ diff --git a/utils/lxc/patches/025-remove-unsupported-option.patch b/utils/lxc/patches/025-remove-unsupported-option.patch index 7e7f4bffd8d908..70eb12bbe60fc3 100644 --- a/utils/lxc/patches/025-remove-unsupported-option.patch +++ b/utils/lxc/patches/025-remove-unsupported-option.patch @@ -1,9 +1,14 @@ --- a/templates/lxc-download.in +++ b/templates/lxc-download.in -@@ -380,26 +380,10 @@ if tar --version | grep -sq "bsdtar"; th - IS_BSD_TAR="true" - fi +@@ -375,32 +375,7 @@ fi + # Unpack the rootfs + echo "Unpacking the rootfs" +-IS_BSD_TAR="false" +-if tar --version | grep -sq "bsdtar"; then +- IS_BSD_TAR="true" +-fi +- -EXCLUDES="" -excludelist=$(relevant_file excludes) -if [ -f "${excludelist}" ]; then @@ -20,12 +25,12 @@ -# is to use a function wrapper, but the latter can't be used here as the args -# are dynamic. We thus need to ignore the warning brought by shellcheck. -# shellcheck disable=SC2086 - if [ "${IS_BSD_TAR}" = "true" ]; then +-if [ "${IS_BSD_TAR}" = "true" ]; then - tar ${EXCLUDES} --numeric-owner -xpJf "${LXC_CACHE_PATH}/rootfs.tar.xz" -C "${LXC_ROOTFS}" -+ tar --numeric-owner -xpJf "${LXC_CACHE_PATH}/rootfs.tar.xz" -C "${LXC_ROOTFS}" - else +-else - tar --anchored ${EXCLUDES} --numeric-owner --xattrs-include='*' -xpJf "${LXC_CACHE_PATH}/rootfs.tar.xz" -C "${LXC_ROOTFS}" -+ tar --numeric-owner --xattrs-include='*' -xpJf "${LXC_CACHE_PATH}/rootfs.tar.xz" -C "${LXC_ROOTFS}" - fi +-fi ++tar --absolute-names --numeric-owner --xattrs-include='*' -xpJf "${LXC_CACHE_PATH}/rootfs.tar.xz" -C "${LXC_ROOTFS}" mkdir -p "${LXC_ROOTFS}/dev/pts/" + From 82448b1e339be73016520cc73a80f57418098805 Mon Sep 17 00:00:00 2001 From: John Audia Date: Sun, 9 Mar 2025 14:34:35 -0400 Subject: [PATCH 048/239] lxc: lxc-checkconfig fix typo Fix a typo introduced in https://github.com/openwrt/packages/pull/25719/commits/fd686a32209f74cd12ca434bc3245ef0f7589c46 which partially broke lxc-checkconfig Build system: x86/64 Build-tested: bcm27xx/bcm2712 Run-tested: bcm27xx/bcm2712 Signed-off-by: John Audia (cherry picked from commit f32083fa27dddca5257af3549e070aab1c9c276e) --- utils/lxc/Makefile | 2 +- utils/lxc/patches/020-lxc-checkconfig.patch | 11 +++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/utils/lxc/Makefile b/utils/lxc/Makefile index e1fc688d4a3f92..b661c76bdaacb1 100644 --- a/utils/lxc/Makefile +++ b/utils/lxc/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lxc PKG_VERSION:=6.0.3 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://linuxcontainers.org/downloads/lxc/ diff --git a/utils/lxc/patches/020-lxc-checkconfig.patch b/utils/lxc/patches/020-lxc-checkconfig.patch index 328ee9f3f08dbf..b463faa9d54c26 100644 --- a/utils/lxc/patches/020-lxc-checkconfig.patch +++ b/utils/lxc/patches/020-lxc-checkconfig.patch @@ -1,6 +1,6 @@ --- a/src/lxc/cmd/lxc-checkconfig.in +++ b/src/lxc/cmd/lxc-checkconfig.in -@@ -7,6 +7,16 @@ export LANGUAGE=en +@@ -7,6 +7,15 @@ export LANGUAGE=en # Allow environment variables to override config : "${CONFIG:=/proc/config.gz}" : "${MODNAME:=configs}" @@ -11,9 +11,16 @@ + CONFIG_NEW="/tmp/config-$(uname -r)" + $GUNZIP -c $CONFIG > $CONFIG_NEW + CONFIG=$CONFIG_NEW -+ + GREP=grep +fi GREP="grep" +@@ -255,7 +264,6 @@ echo + printf "CONFIG_NETFILTER_XT_MATCH_COMMENT: " && is_enabled CONFIG_NETFILTER_XT_MATCH_COMMENT && is_probed xt_comment + echo + +-echo " + printf "CONFIG_FHANDLE: " && is_enabled CONFIG_FHANDLE + echo + printf "CONFIG_EVENTFD: " && is_enabled CONFIG_EVENTFD From 7dacd6b6066413f67bc81d00e34452db4235a3b7 Mon Sep 17 00:00:00 2001 From: John Audia Date: Fri, 14 Mar 2025 17:54:47 -0400 Subject: [PATCH 049/239] lxc: add two files to default backup list Users running unprivileged containers will need to create /etc/subgid and /etc/subuid and want to have them preserved across updates. This commit adds them to the default backup set. Signed-off-by: John Audia Co-authored-by: Tianling Shen (cherry picked from commit 6fe80f5586bb8471d6e493a4e298e4b0da90a9bd) --- utils/lxc/Makefile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/utils/lxc/Makefile b/utils/lxc/Makefile index b661c76bdaacb1..c389e1601dd986 100644 --- a/utils/lxc/Makefile +++ b/utils/lxc/Makefile @@ -103,6 +103,11 @@ define Package/lxc-unprivileged/install $(INSTALL_DATA) ./files/lxc-unprivileged.defaults $(1)/etc/uci-defaults/lxc-unprivileged endef +define Package/lxc-unprivileged/conffiles +/etc/subgid +/etc/subuid +endef + define Package/lxc/config source "$(SOURCE)/Config.in" endef From 9b738cc3f7bb1e6420f6824ca4322079a21444ed Mon Sep 17 00:00:00 2001 From: John Audia Date: Fri, 11 Apr 2025 10:25:58 -0400 Subject: [PATCH 050/239] lxc: update to 6.0.4 Added upstream patch to fix starting containers with complex hooks. No existing patches needed to be rebased/simple version bump to 6.0.4. Build system: x86/64 Build-tested: x86/64 Run-tested: x86/64 Signed-off-by: John Audia (cherry picked from commit 343f1151f9aa88a4798202a7d538c27ebcc00ac0) --- utils/lxc/Makefile | 6 ++-- ...re-introduce-first-SET_DUMPABLE-call.patch | 29 +++++++++++++++++++ 2 files changed, 32 insertions(+), 3 deletions(-) create mode 100644 utils/lxc/patches/030-start-re-introduce-first-SET_DUMPABLE-call.patch diff --git a/utils/lxc/Makefile b/utils/lxc/Makefile index c389e1601dd986..afc0fb3cc378b3 100644 --- a/utils/lxc/Makefile +++ b/utils/lxc/Makefile @@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lxc -PKG_VERSION:=6.0.3 -PKG_RELEASE:=4 +PKG_VERSION:=6.0.4 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://linuxcontainers.org/downloads/lxc/ -PKG_HASH:=adac0837d2abfd2903916eaf56f60756f131327311f4f25ad917f6a71f73f98c +PKG_HASH:=872d26ce8512b9f993d194816e336bf9f3ad8326f22dc24ef0f01f85599fa8b9 PKG_MAINTAINER:=Marko Ratkaj PKG_LICENSE:=LGPL-2.1-or-later BSD-2-Clause GPL-2.0 diff --git a/utils/lxc/patches/030-start-re-introduce-first-SET_DUMPABLE-call.patch b/utils/lxc/patches/030-start-re-introduce-first-SET_DUMPABLE-call.patch new file mode 100644 index 00000000000000..ad304c5935d15a --- /dev/null +++ b/utils/lxc/patches/030-start-re-introduce-first-SET_DUMPABLE-call.patch @@ -0,0 +1,29 @@ +From 2663712e8fa8f37e0bb873185e2d4526dc644764 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?St=C3=A9phane=20Graber?= +Date: Sat, 5 Apr 2025 01:11:18 -0400 +Subject: [PATCH] start: Re-introduce first SET_DUMPABLE call +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Without it, we're running into issues with complex hooks like nvidia. + +Signed-off-by: Stéphane Graber +--- + src/lxc/start.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/src/lxc/start.c ++++ b/src/lxc/start.c +@@ -1125,6 +1125,11 @@ static int do_start(void *data) + if (!lxc_switch_uid_gid(nsuid, nsgid)) + goto out_warn_father; + ++ ret = prctl(PR_SET_DUMPABLE, prctl_arg(1), prctl_arg(0), ++ prctl_arg(0), prctl_arg(0)); ++ if (ret < 0) ++ goto out_warn_father; ++ + /* set{g,u}id() clears deathsignal */ + ret = lxc_set_death_signal(SIGKILL, handler->monitor_pid, status_fd); + if (ret < 0) { From bf4c309d199aab8783e680dfade74b74cebc4db8 Mon Sep 17 00:00:00 2001 From: John Audia Date: Sun, 17 Aug 2025 18:51:05 -0400 Subject: [PATCH 051/239] lxc: update to 6.0.5 6.0.5 is a bug fix release, see: https://discuss.linuxcontainers.org/t/lxc-6-0-5-lts-has-been-released/24438 Full changelog: https://github.com/lxc/lxc/compare/v6.0.4...v6.0.5 Build system: x86/64 Build-tested: x86/64-glibc Run-tested: x86/64-glibc (Intel N150 based box) Signed-off-by: John Audia (cherry picked from commit ab1f60b74d5614ed4a38627aaf467127ae96afd7) --- utils/lxc/Makefile | 4 ++-- .../030-start-re-introduce-first-SET_DUMPABLE-call.patch | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/utils/lxc/Makefile b/utils/lxc/Makefile index afc0fb3cc378b3..7bd93b28f153f7 100644 --- a/utils/lxc/Makefile +++ b/utils/lxc/Makefile @@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lxc -PKG_VERSION:=6.0.4 +PKG_VERSION:=6.0.5 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://linuxcontainers.org/downloads/lxc/ -PKG_HASH:=872d26ce8512b9f993d194816e336bf9f3ad8326f22dc24ef0f01f85599fa8b9 +PKG_HASH:=2e540c60b9dd49e7ee1a4efa5e9c743b05df911b81b375ed5043d9dd7ee0b48a PKG_MAINTAINER:=Marko Ratkaj PKG_LICENSE:=LGPL-2.1-or-later BSD-2-Clause GPL-2.0 diff --git a/utils/lxc/patches/030-start-re-introduce-first-SET_DUMPABLE-call.patch b/utils/lxc/patches/030-start-re-introduce-first-SET_DUMPABLE-call.patch index ad304c5935d15a..00844717ecb6c6 100644 --- a/utils/lxc/patches/030-start-re-introduce-first-SET_DUMPABLE-call.patch +++ b/utils/lxc/patches/030-start-re-introduce-first-SET_DUMPABLE-call.patch @@ -15,8 +15,8 @@ Signed-off-by: Stéphane Graber --- a/src/lxc/start.c +++ b/src/lxc/start.c -@@ -1125,6 +1125,11 @@ static int do_start(void *data) - if (!lxc_switch_uid_gid(nsuid, nsgid)) +@@ -1130,6 +1130,11 @@ static int do_start(void *data) + if (ret < 0) goto out_warn_father; + ret = prctl(PR_SET_DUMPABLE, prctl_arg(1), prctl_arg(0), From 55dd83fb3aef4c7cd5e6115609e5aace6eaf850a Mon Sep 17 00:00:00 2001 From: Alexandru Ardelean Date: Thu, 7 Aug 2025 12:05:16 +0300 Subject: [PATCH 052/239] sudo: bump to version 1.9.17p2 This change bumps sudo to version 1.9.17p2 Signed-off-by: Alexandru Ardelean (cherry picked from commit 1e391d05205275c4f6304cf3c2595bf301726605) --- admin/sudo/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/admin/sudo/Makefile b/admin/sudo/Makefile index 0891f341795684..2370ee465f2265 100644 --- a/admin/sudo/Makefile +++ b/admin/sudo/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=sudo -PKG_REALVERSION:=1.9.17p1 +PKG_REALVERSION:=1.9.17p2 PKG_VERSION:=$(subst p,_p,$(PKG_REALVERSION)) PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_REALVERSION).tar.gz PKG_SOURCE_URL:=https://www.sudo.ws/dist -PKG_HASH:=ff607ea717072197738a78f778692cd6df9a7e3e404565f51de063ca27455d32 +PKG_HASH:=4a38a1ab3adb1199257edc2a7c4a2bd714665eb605b04368843b06dada2cfcfb PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_REALVERSION) PKG_MAINTAINER:=Alexandru Ardelean From 420f953f464d94c68e3e98bb0612e6ab93dce49d Mon Sep 17 00:00:00 2001 From: Richard Muzik Date: Mon, 21 Jul 2025 09:47:37 +0200 Subject: [PATCH 053/239] git: update to 2.50.1 - Refresh and rebase patches Signed-off-by: Richard Muzik (cherry picked from commit a162c5dddc148f0ffe49add1afe1b59bcaf6d66d) --- net/git/Makefile | 4 ++-- net/git/patches/200-imapsend_without_curl.patch | 2 +- net/git/patches/300-openssl-deprecated.patch | 2 +- net/git/patches/310-fix-uname-detection-for-crosscompiling | 4 +--- 4 files changed, 5 insertions(+), 7 deletions(-) diff --git a/net/git/Makefile b/net/git/Makefile index 48d653749b48bf..c62deea736c61d 100644 --- a/net/git/Makefile +++ b/net/git/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=git -PKG_VERSION:=2.46.4 +PKG_VERSION:=2.50.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@KERNEL/software/scm/git/ -PKG_HASH:=0d5c029edfea24abb4cbda385eff2b66ae946dd74849a350e4420f1eefa71aad +PKG_HASH:=7e3e6c36decbd8f1eedd14d42db6674be03671c2204864befa2a41756c5c8fc4 PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=COPYING diff --git a/net/git/patches/200-imapsend_without_curl.patch b/net/git/patches/200-imapsend_without_curl.patch index 061a44341fbf63..a0c02a24b93cd9 100644 --- a/net/git/patches/200-imapsend_without_curl.patch +++ b/net/git/patches/200-imapsend_without_curl.patch @@ -1,6 +1,6 @@ --- a/Makefile +++ b/Makefile -@@ -1636,7 +1636,7 @@ else +@@ -1685,7 +1685,7 @@ else endif curl_check := $(shell (echo 072200; $(CURL_CONFIG) --vernum | sed -e '/^70[BC]/s/^/0/') 2>/dev/null | sort -r | sed -ne 2p) ifeq "$(curl_check)" "072200" diff --git a/net/git/patches/300-openssl-deprecated.patch b/net/git/patches/300-openssl-deprecated.patch index 16b5543a0d8b50..67916d764e0e4b 100644 --- a/net/git/patches/300-openssl-deprecated.patch +++ b/net/git/patches/300-openssl-deprecated.patch @@ -14,7 +14,7 @@ Signed-off-by: Rosen Penev --- a/imap-send.c +++ b/imap-send.c -@@ -259,8 +259,10 @@ static int ssl_socket_connect(struct ima +@@ -263,8 +263,10 @@ static int ssl_socket_connect(struct ima int ret; X509 *cert; diff --git a/net/git/patches/310-fix-uname-detection-for-crosscompiling b/net/git/patches/310-fix-uname-detection-for-crosscompiling index 4b884d2984d843..85f464c425a041 100644 --- a/net/git/patches/310-fix-uname-detection-for-crosscompiling +++ b/net/git/patches/310-fix-uname-detection-for-crosscompiling @@ -22,7 +22,7 @@ Signed-off-by: Mauro Condarelli --- a/config.mak.uname +++ b/config.mak.uname -@@ -4,12 +4,12 @@ +@@ -4,11 +4,11 @@ # Microsoft's Safe Exception Handling in libraries (such as zlib). # Typically required for VS2013+/32-bit compilation on Vista+ versions. @@ -30,13 +30,11 @@ Signed-off-by: Mauro Condarelli -uname_M := $(shell sh -c 'uname -m 2>/dev/null || echo not') -uname_O := $(shell sh -c 'uname -o 2>/dev/null || echo not') -uname_R := $(shell sh -c 'uname -r 2>/dev/null || echo not') --uname_P := $(shell sh -c 'uname -p 2>/dev/null || echo not') -uname_V := $(shell sh -c 'uname -v 2>/dev/null || echo not') +uname_S ?= $(shell sh -c 'uname -s 2>/dev/null || echo not') +uname_M ?= $(shell sh -c 'uname -m 2>/dev/null || echo not') +uname_O ?= $(shell sh -c 'uname -o 2>/dev/null || echo not') +uname_R ?= $(shell sh -c 'uname -r 2>/dev/null || echo not') -+uname_P ?= $(shell sh -c 'uname -p 2>/dev/null || echo not') +uname_V ?= $(shell sh -c 'uname -v 2>/dev/null || echo not') ifneq ($(findstring MINGW,$(uname_S)),) From 7e010914b39fe36a49c9c431ecfdf0269e700543 Mon Sep 17 00:00:00 2001 From: Richard Muzik Date: Fri, 18 Jul 2025 13:30:08 +0200 Subject: [PATCH 054/239] python-twisted: Update to 25.5.0 This update fixes CVE-2024-41810 and CVE-2024-41671 [1]. For the full changelog see NEWS [2]. Additionally changed the way the test files are omitted from patch file to filespec in the Makefile. [1] https://github.com/twisted/twisted/blob/twisted-25.5.0/NEWS.rst#twisted-2470-2024-08-08 [2] https://github.com/twisted/twisted/blob/twisted-25.5.0/NEWS.rst Signed-off-by: Richard Muzik (cherry picked from commit e09ffebce1b12fe883071e845ec1d618a15e00f3) --- lang/python/python-twisted/Makefile | 5 +++-- .../python-twisted/patches/001-omit-tkconch.patch | 2 +- .../python/python-twisted/patches/002-omit-tests.patch | 10 ---------- 3 files changed, 4 insertions(+), 13 deletions(-) delete mode 100644 lang/python/python-twisted/patches/002-omit-tests.patch diff --git a/lang/python/python-twisted/Makefile b/lang/python/python-twisted/Makefile index 79f2f2a237af8a..a9aee66dc57cc7 100644 --- a/lang/python/python-twisted/Makefile +++ b/lang/python/python-twisted/Makefile @@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-twisted -PKG_VERSION:=23.10.0 +PKG_VERSION:=25.5.0 PKG_RELEASE:=1 PYPI_NAME:=Twisted PYPI_SOURCE_NAME:=twisted -PKG_HASH:=987847a0790a2c597197613686e2784fd54167df3a55d0fb17c8412305d76ce5 +PKG_HASH:=1deb272358cb6be1e3e8fc6f9c8b36f78eb0fa7c2233d2dbe11ec6fee04ea316 PKG_BUILD_DEPENDS:=libtirpc @@ -61,6 +61,7 @@ endef define Py3Package/python3-twisted/filespec +|$(PYTHON3_PKG_DIR) -|$(PYTHON3_PKG_DIR)/twisted/conch/scripts/tkconch.py +-|$(PYTHON3_PKG_DIR)/twisted/test endef define Py3Package/python3-twisted/install diff --git a/lang/python/python-twisted/patches/001-omit-tkconch.patch b/lang/python/python-twisted/patches/001-omit-tkconch.patch index d9ad0d59e2178b..454a8bc61220ea 100644 --- a/lang/python/python-twisted/patches/001-omit-tkconch.patch +++ b/lang/python/python-twisted/patches/001-omit-tkconch.patch @@ -1,6 +1,6 @@ --- a/pyproject.toml +++ b/pyproject.toml -@@ -138,7 +138,6 @@ ckeygen = "twisted.conch.scripts.ckeygen +@@ -148,7 +148,6 @@ ckeygen = "twisted.conch.scripts.ckeygen conch = "twisted.conch.scripts.conch:run" mailmail = "twisted.mail.scripts.mailmail:run" pyhtmlizer = "twisted.scripts.htmlizer:run" diff --git a/lang/python/python-twisted/patches/002-omit-tests.patch b/lang/python/python-twisted/patches/002-omit-tests.patch deleted file mode 100644 index ddf8f9e306c1aa..00000000000000 --- a/lang/python/python-twisted/patches/002-omit-tests.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- a/pyproject.toml -+++ b/pyproject.toml -@@ -182,6 +182,7 @@ exclude = [ - "*.pxi", - "*.pyx", - "build.bat", -+ "test", - ] - - [tool.hatch.build.targets.sdist] From c221d6a8a39afe46862b3745ee15e11bfbd6eb07 Mon Sep 17 00:00:00 2001 From: Wesley Gimenes Date: Tue, 5 Aug 2025 14:14:55 -0300 Subject: [PATCH 055/239] CONTRIBUTING.md: accept only real names in the SoB Follow the rule from the Submission Guidelines: https://openwrt.org/submitting-patches#submission_guidelines And the shared formal check: https://github.com/openwrt/actions-shared-workflows/blob/ba03db3b5ae747ed9f38df6c96eb4a37a9f7f7c5/.github/workflows/formal.yml#L37-L43 And this commit 07c12180097283a7a53d14d173d7a7e6a1c43be8 Signed-off-by: Wesley Gimenes (cherry picked from commit 0934d86240f7d365ab973d92f4ba3612d2db872a) --- CONTRIBUTING.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4c0d0d4b08b65e..5afb3a3da4f304 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -74,8 +74,8 @@ guidelines: Add libzot dependency"). - Include Signed-off-by tag in the commit comments. See: [Sign your work](https://openwrt.org/submitting-patches#sign_your_work) -- Author and sign-off must match and be a real name or known identity and - a real email address. GitHub private email addresses will not be accepted. +- Author and sign-off must match and be a real name and real email address. + GitHub private email addresses will not be accepted. - Follow all [Submission Guidelines](https://openwrt.org/submitting-patches#submission_guidelines) requirements, including maximum characters per line. From e63cfba6fb59ac0e1c49f0572492a752154b9a6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Thu, 31 Jul 2025 08:55:46 +0200 Subject: [PATCH 056/239] knot-resolver: update DNSSEC root trust anchors MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is long overdue. Honestly I dislike that packaging is hardcoding it this way. It's error-prone, as we can see. Knot Resolver source does contain the up to date anchors, and it also (optionally) installs them. Still, I'm not up to larger changes in OpenWrt packaging right now. Signed-off-by: Vladimír Čunát (cherry picked from commit 47f8b88f43c614b7f683dcdf941e47d4c1e45b98) --- net/knot-resolver/files/root.keys | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/knot-resolver/files/root.keys b/net/knot-resolver/files/root.keys index 6ee35a4989025d..3009e81f27d498 100644 --- a/net/knot-resolver/files/root.keys +++ b/net/knot-resolver/files/root.keys @@ -1 +1,2 @@ -. IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d +. IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D +. IN DS 38696 8 2 683D2D0ACB8C9B712A1948B27F741219298D0A450D612C483AF444A4C0FB2B16 From bbc286bc3ff8708aaba3a8fda0c62f5a61f4aebc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Thu, 31 Jul 2025 08:53:26 +0200 Subject: [PATCH 057/239] knot-resolver: update to version 5.7.6 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Knot Resolver 5.7.6 (2025-07-17) ================================ Security -------- - DoS: fix a rare segfault in `resolve` function (!1720) Someone controlling the DNS traffic might be able to trigger this crash intentionally and too often. - DoS: drop a wrong assertion/crash (!1721) Someone controlling the DNS traffic will most likely be able to trigger this crash intentionally and too often. Knot Resolver 5.7.5 (2025-04-24) ================================ Security -------- - DoS: fix unconfirmed crashes with the line below (!1683) [system] requirement "h && h->end > h->begin" failed in queue_pop_impl Improvements ------------ - tests: disable problematic config.http test (#925, !1678) - validator: accept a confusing NODATA proof with insecure delegation (!1678) Bugfixes -------- - daemon/http: DoH stream got stuck after returning an error code (!1652) - stats: request latency was very incorrect in some cases (!1678) Signed-off-by: Vladimír Čunát (cherry picked from commit 4f22b4dcebe7d660a198bfa218a205ec5ecd2e0d) --- net/knot-resolver/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/knot-resolver/Makefile b/net/knot-resolver/Makefile index fe1e508e6f9eb6..0e77ec31a130bd 100644 --- a/net/knot-resolver/Makefile +++ b/net/knot-resolver/Makefile @@ -10,12 +10,12 @@ PKG_RELRO_FULL:=0 include $(TOPDIR)/rules.mk PKG_NAME:=knot-resolver -PKG_VERSION:=5.7.4 +PKG_VERSION:=5.7.6 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://secure.nic.cz/files/knot-resolver -PKG_HASH:=6b6da6ecf06828041afad44dfa227781f0ae34ad183a667008509355d18bd9c8 +PKG_HASH:=500ccd3a560300e547b8dc5aaff322f7c8e2e7d6f0d7ef5f36e59cb60504d674 PKG_MAINTAINER:=Jan Pavlinec PKG_LICENSE:=GPL-3.0-later From 1ad8b179e7fc74036dcd0b2f13cf0d27de2693ec Mon Sep 17 00:00:00 2001 From: Robert Marko Date: Wed, 5 Mar 2025 14:03:40 +0100 Subject: [PATCH 058/239] nginx: actually download the specified git commit hash Currently, we are using Download recipes to download the various modules, however we are using then with PROTO:=git but SOURCE_VERSION is not set, only VERSION variable so thus the dl_github_archive.py scripts gets called with --version="" instead of being actually passed the desired commit hash and thus actually the git head is fetched. This explains why currently buildbots are failling with nginx-mod-njs/104-endianness_fix.patch failling to apply since buildbots are using prepackaged tarballs which are different than what we get when manually building. So, lets set SOURCE_VERSION to make sure we actually fetch the desired git commit hash. Signed-off-by: Robert Marko (cherry picked from commit ea29db6daafae611b85e4df22378d02556fcedeb) Signed-off-by: Roman Azarenko --- net/nginx/Makefile | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/net/nginx/Makefile b/net/nginx/Makefile index a96dd0b70a9349..efc3c0fef3d7f2 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nginx PKG_VERSION:=1.26.1 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://nginx.org/download/ @@ -213,7 +213,7 @@ endef define Download/nginx-mod-geoip2 SOURCE_DATE:=2020-01-22 - VERSION:=1cabd8a1f68ea3998f94e9f3504431970f848fbf + SOURCE_VERSION:=1cabd8a1f68ea3998f94e9f3504431970f848fbf URL:=https://github.com/leev/ngx_http_geoip2_module.git MIRROR_HASH:=f3d2a1af5c34812b5a34453457ba6a4d8093c92085aa7f76c46a1c4185c9735c PROTO:=git @@ -248,7 +248,7 @@ endef define Download/nginx-mod-headers-more SOURCE_DATE:=2022-07-17 - VERSION:=bea1be3bbf6af28f6aa8cf0c01c07ee1637e2bd0 + SOURCE_VERSION:=bea1be3bbf6af28f6aa8cf0c01c07ee1637e2bd0 URL:=https://github.com/openresty/headers-more-nginx-module.git MIRROR_HASH:=569abadc137b5b52bdcc33b00aa21f6d266cb84fb891795da2c4e101c4898abe PROTO:=git @@ -256,7 +256,7 @@ endef define Download/nginx-mod-brotli SOURCE_DATE:=2020-04-23 - VERSION:=25f86f0bac1101b6512135eac5f93c49c63609e3 + SOURCE_VERSION:=25f86f0bac1101b6512135eac5f93c49c63609e3 URL:=https://github.com/google/ngx_brotli.git MIRROR_HASH:=680c56be79e7327cb8df271646119333d2f6965a3472bc7043721625fa4488f5 PROTO:=git @@ -264,7 +264,7 @@ endef define Download/nginx-mod-rtmp SOURCE_DATE:=2018-12-07 - VERSION:=f0ea62342a4eca504b311cd5df910d026c3ea4cf + SOURCE_VERSION:=f0ea62342a4eca504b311cd5df910d026c3ea4cf URL:=https://github.com/ut0mt8/nginx-rtmp-module.git MIRROR_HASH:=9c98d886ae4ea3708bb0bca55f8df803418a407e0ffc6df56341bd76ad39cba8 PROTO:=git @@ -272,7 +272,7 @@ endef define Download/nginx-mod-ts SOURCE_DATE:=2017-12-04 - VERSION:=ef2f874d95cc75747eb625a292524a702aefb0fd + SOURCE_VERSION:=ef2f874d95cc75747eb625a292524a702aefb0fd URL:=https://github.com/arut/nginx-ts-module.git MIRROR_HASH:=3f144d4615a4aaa1215435cd06ae4054ea12206d5b38306321420f7acc62aca8 PROTO:=git @@ -280,7 +280,7 @@ endef define Download/nginx-mod-naxsi SOURCE_DATE:=2022-09-14 - VERSION:=d714f1636ea49a9a9f4f06dba14aee003e970834 + SOURCE_VERSION:=d714f1636ea49a9a9f4f06dba14aee003e970834 URL:=https://github.com/nbs-system/naxsi.git MIRROR_HASH:=b0cef5fbf842f283eb5f0686ddd1afcd07d83abd7027c8cfb3e84a2223a34797 PROTO:=git @@ -288,7 +288,7 @@ endef define Download/nginx-mod-lua SOURCE_DATE:=2023-08-19 - VERSION:=c89469e920713d17d703a5f3736c9335edac22bf + SOURCE_VERSION:=c89469e920713d17d703a5f3736c9335edac22bf URL:=https://github.com/openresty/lua-nginx-module.git MIRROR_HASH:=c3bdf1b23f0a63991b5dcbd1f8ee150e6f893b43278e8600e4e0bb42a6572db4 PROTO:=git @@ -296,7 +296,7 @@ endef define Download/nginx-mod-lua-resty-core SOURCE_DATE:=2023-09-09 - VERSION:=2e2b2adaa61719972fe4275fa4c3585daa0dcd84 + SOURCE_VERSION:=2e2b2adaa61719972fe4275fa4c3585daa0dcd84 URL:=https://github.com/openresty/lua-resty-core.git MIRROR_HASH:=c5f3df92fd72eac5b54497c039aca0f0d9ea1d87223f1e3a54365ba565991874 PROTO:=git @@ -304,7 +304,7 @@ endef define Download/nginx-mod-lua-resty-lrucache SOURCE_DATE:=2023-08-06 - VERSION:=52f5d00403c8b7aa8a4d4f3779681976b10a18c1 + SOURCE_VERSION:=52f5d00403c8b7aa8a4d4f3779681976b10a18c1 URL:=https://github.com/openresty/lua-resty-lrucache.git MIRROR_HASH:=0833e0114948af4edb216c5c34b3f1919f534b298f4fa29739544f7c9bb8a08d PROTO:=git @@ -312,7 +312,7 @@ endef define Download/nginx-mod-dav-ext SOURCE_DATE:=2018-12-17 - VERSION:=f5e30888a256136d9c550bf1ada77d6ea78a48af + SOURCE_VERSION:=f5e30888a256136d9c550bf1ada77d6ea78a48af URL:=https://github.com/arut/nginx-dav-ext-module.git MIRROR_HASH:=c574e60ffab5f6e5d8bea18aab0799c19cd9a84f3d819b787e9af4f0e7867b52 PROTO:=git @@ -320,7 +320,7 @@ endef define Download/nginx-mod-ubus SOURCE_DATE:=2020-09-06 - VERSION:=b2d7260dcb428b2fb65540edb28d7538602b4a26 + SOURCE_VERSION:=b2d7260dcb428b2fb65540edb28d7538602b4a26 URL:=https://github.com/Ansuel/nginx-ubus-module.git MIRROR_HASH:=515bb9d355ad80916f594046a45c190a68fb6554d6795a54ca15cab8bdd12fda PROTO:=git @@ -328,9 +328,9 @@ endef define Download/nginx-mod-njs SOURCE_DATE:=2024-10-03 - VERSION:=c5a29a7af8894ee1ec44ebda71ef0ea1f2a31af6 + SOURCE_VERSION:=c5a29a7af8894ee1ec44ebda71ef0ea1f2a31af6 URL:=https://github.com/nginx/njs.git - MIRROR_HASH:=69bc424d4bfd8b7a0a70feeb4787ff8b503ac893fb730f07f3244e35fde876e4 + MIRROR_HASH:=6c94ec6b1c119e0c7a85ec395a4987a8a61739e1f9256ce6d92a16804c5d4637 PROTO:=git endef @@ -338,7 +338,7 @@ define Module/Download define Download/nginx-mod-$(1) += SUBDIR:=nginx-mod-$(1) - FILE:=nginx-mod-$(1)-$$$$(subst -,.,$$$$(SOURCE_DATE))~$$$$(call version_abbrev,$$$$(VERSION)).tar.zst + FILE:=nginx-mod-$(1)-$$$$(subst -,.,$$$$(SOURCE_DATE))~$$$$(call version_abbrev,$$$$(SOURCE_VERSION)).tar.zst endef endef $(foreach m,$(PKG_MOD_EXTRA),$(eval $(call Module/Download,$(m)))) From db80134266566f6c7f3e0b3433c97bfda8e655e6 Mon Sep 17 00:00:00 2001 From: Roman Azarenko Date: Wed, 13 Aug 2025 13:28:33 +0200 Subject: [PATCH 059/239] nginx: update CPE ID Looking at the official CPE dictionary [1], `cpe:/a:nginx:nginx` was only used until 1.21.4 inclusively. Later it was renamed to `cpe:/a:f5:nginx`, and it showed up in a few more non-contiguous versions numbers after 1.21.4. In all nginx security advisories [2] starting from year 2024, the CPE ID used is `cpe:/a:f5:nginx_open_source`. This includes versions 1.25.0 and newer. Update the CPE ID to the newest known value of `cpe:/a:f5:nginx_open_source` used in nginx's own security advirosies/CVEs. [1]: https://nvd.nist.gov/products/cpe [2]: https://nginx.org/en/security_advisories.html Signed-off-by: Roman Azarenko (cherry picked from commit 973a26fc6308816de542b5a55a590868b8014fdb) --- net/nginx/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/nginx/Makefile b/net/nginx/Makefile index efc3c0fef3d7f2..e93acd1b65ad20 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -18,7 +18,7 @@ PKG_HASH:=f9187468ff2eb159260bfd53867c25ff8e334726237acf227b9e870e53d3e36b PKG_MAINTAINER:=Thomas Heil \ Christian Marangi PKG_LICENSE:=2-clause BSD-like license -PKG_CPE_ID:=cpe:/a:nginx:nginx +PKG_CPE_ID:=cpe:/a:f5:nginx_open_source PKG_FIXUP:=autoreconf PKG_BUILD_PARALLEL:=1 From a94519e64993424adeefdadb2322e9af8ac3004b Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Fri, 5 Sep 2025 22:03:15 +0800 Subject: [PATCH 060/239] rust: add loongarch64 and powerpc to supported targets Also removed i686 as OpenWrt replaces it with i386 in $(ARCH). Signed-off-by: Tianling Shen (cherry picked from commit a5c3fd1fee7185265f0bb1b1b969f4b5afbf94c9) --- lang/rust/rust-values.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lang/rust/rust-values.mk b/lang/rust/rust-values.mk index 035a4e07735e16..e1dbbbccaee374 100644 --- a/lang/rust/rust-values.mk +++ b/lang/rust/rust-values.mk @@ -69,7 +69,7 @@ ifeq ($(ARCH),aarch64) endif # Support only a subset for now. -RUST_ARCH_DEPENDS:=@(aarch64||arm||i386||i686||mips||mipsel||mips64||mips64el||mipsel||powerpc64||riscv64||x86_64) +RUST_ARCH_DEPENDS:=@(aarch64||arm||i386||loongarch64||mips||mips64||mips64el||mipsel||powerpc||powerpc64||riscv64||x86_64) ifneq ($(CONFIG_RUST_SCCACHE),) RUST_SCCACHE_DIR:=$(if $(call qstrip,$(CONFIG_RUST_SCCACHE_DIR)),$(call qstrip,$(CONFIG_RUST_SCCACHE_DIR)),$(TOPDIR)/.sccache) From 5613127a8cff53a451983eb06d6c9250548decab Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Tue, 5 Nov 2024 03:18:16 +0000 Subject: [PATCH 061/239] shared-mime-info: fix post-install behaviour Move post-install script to /etc/uci-defaults so it always runs on the target and doesn't require the host to provide 'update-mime-database'. Signed-off-by: Daniel Golle (cherry picked from commit 0b2bd76ed16ce0ec752c950ae26a438ba4eb93d5) --- utils/shared-mime-info/Makefile | 23 ++++++++++++++----- .../files/shared-mime-info.defaults | 3 +++ 2 files changed, 20 insertions(+), 6 deletions(-) create mode 100644 utils/shared-mime-info/files/shared-mime-info.defaults diff --git a/utils/shared-mime-info/Makefile b/utils/shared-mime-info/Makefile index 5e25608de55259..6be0a75c8fbf33 100644 --- a/utils/shared-mime-info/Makefile +++ b/utils/shared-mime-info/Makefile @@ -36,6 +36,19 @@ define Package/shared-mime-info/description The shared-mime-info package contains a database of MIME types and their file extensions. endef +MESON_ARG += \ + -Dbuild-tests=false \ + -Dupdate-mimedb=false \ + -Dbuild-tools=true \ + -Dbuild-translations=false + +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/lib/pkgconfig + $(CP) \ + $(PKG_INSTALL_DIR)/usr/share/pkgconfig/shared-mime-info.pc \ + $(1)/usr/lib/pkgconfig/ +endef + define Package/shared-mime-info/install $(INSTALL_DIR) $(1)/usr/bin/ $(CP) \ @@ -45,12 +58,10 @@ define Package/shared-mime-info/install $(CP) \ $(PKG_INSTALL_DIR)/usr/share/* \ $(1)/usr/share/ -endef - -define Package/shared-mime-info/postinst -#!/bin/sh - -update-mime-database /usr/share/mime/ + $(INSTALL_DIR) $(1)/etc/uci-defaults + $(INSTALL_DATA) \ + ./files/shared-mime-info.defaults \ + $(1)/etc/uci-defaults/90-shared-mime-info endef $(eval $(call BuildPackage,shared-mime-info)) diff --git a/utils/shared-mime-info/files/shared-mime-info.defaults b/utils/shared-mime-info/files/shared-mime-info.defaults new file mode 100644 index 00000000000000..0a46727522267e --- /dev/null +++ b/utils/shared-mime-info/files/shared-mime-info.defaults @@ -0,0 +1,3 @@ +#!/bin/sh + +update-mime-database /usr/share/mime/ From 055f363620348a14ee7a1f71aed3934c76b1ec43 Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Mon, 11 Nov 2024 19:36:35 +0000 Subject: [PATCH 062/239] glib-networking: add package Add GIO modules for TLS support as well as defining proxies via well-known environment variables. Signed-off-by: Daniel Golle (cherry picked from commit 223d7e2995bb77c41890fb3edbacecec5c5ae1d3) --- libs/glib-networking/Makefile | 87 +++++++++++++++++++ .../patches/100-no-tests.patch | 8 ++ 2 files changed, 95 insertions(+) create mode 100644 libs/glib-networking/Makefile create mode 100644 libs/glib-networking/patches/100-no-tests.patch diff --git a/libs/glib-networking/Makefile b/libs/glib-networking/Makefile new file mode 100644 index 00000000000000..9c2342e28d0293 --- /dev/null +++ b/libs/glib-networking/Makefile @@ -0,0 +1,87 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=glib-networking +PKG_VERSION:=2.80.0 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz +PKG_SOURCE_URL:=@GNOME/$(PKG_NAME)/$(basename $(PKG_VERSION)) +PKG_HASH:=d8f4f1aab213179ae3351617b59dab5de6bcc9e785021eee178998ebd4bb3acf + +PKG_MAINTAINER:=Daniel Golle +PKG_LICENSE:=LGPL-2.1-or-later +PKG_LICENSE_FILES:=COPYING +PKG_CPE_ID:=cpe:/a:gnome:glib-networking + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/meson.mk + +MESON_ARGS += \ + -Dgnutls=enabled \ + -Dopenssl=enabled \ + -Denvironment_proxy=enabled \ + -Dlibproxy=disabled \ + -Dgnome_proxy=disabled \ + -Dinstalled_tests=false \ + -Ddebug_logs=false + +define Package/libgio-gnutls + SECTION:=libs + CATEGORY:=Libraries + DEPENDS:=+glib2 +libgnutls + TITLE:=GLib2 GIO GNUTLS module + URL:=http://www.gnome.org/ +endef + +define Package/libgio-gnutls/description + GNUTLS backend for GLib2 GIO. +endef + +define Package/libgio-openssl + SECTION:=libs + CATEGORY:=Libraries + DEPENDS:=+glib2 +libopenssl + TITLE:=GLib2 GIO OpenSSL module + URL:=http://www.gnome.org/ +endef + +define Package/libgio-openssl/description + OpenSSL backend for GLib2 GIO. +endef + +define Package/libgio-environmentproxy + SECTION:=libs + CATEGORY:=Libraries + DEPENDS:=+glib2 + TITLE:=GLib2 GIO environmentproxy module + URL:=http://www.gnome.org/ +endef + +define Package/libgio-environmentproxy/description + Proxy environment variables module GLib2 GIO. +endef + +define Package/libgio-gnutls/install + $(INSTALL_DIR) $(1)/usr/lib/gio/modules + $(INSTALL_DATA) \ + $(PKG_INSTALL_DIR)/usr/lib/gio/modules/libgiognutls.so \ + $(1)/usr/lib/gio/modules +endef + +define Package/libgio-openssl/install + $(INSTALL_DIR) $(1)/usr/lib/gio/modules + $(INSTALL_DATA) \ + $(PKG_INSTALL_DIR)/usr/lib/gio/modules/libgioopenssl.so \ + $(1)/usr/lib/gio/modules +endef + +define Package/libgio-environmentproxy/install + $(INSTALL_DIR) $(1)/usr/lib/gio/modules + $(INSTALL_DATA) \ + $(PKG_INSTALL_DIR)/usr/lib/gio/modules/libgioenvironmentproxy.so \ + $(1)/usr/lib/gio/modules +endef + +$(eval $(call BuildPackage,libgio-gnutls)) +$(eval $(call BuildPackage,libgio-openssl)) +$(eval $(call BuildPackage,libgio-environmentproxy)) diff --git a/libs/glib-networking/patches/100-no-tests.patch b/libs/glib-networking/patches/100-no-tests.patch new file mode 100644 index 00000000000000..aaab3b08e284bc --- /dev/null +++ b/libs/glib-networking/patches/100-no-tests.patch @@ -0,0 +1,8 @@ +--- a/proxy/meson.build ++++ b/proxy/meson.build +@@ -9,5 +9,3 @@ endif + if get_option('environment_proxy').enabled() + subdir('environment') + endif +- +-subdir('tests') From 8f71395fcd5d5d9c33859c7b0e4be34f73abf109 Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Sat, 26 Apr 2025 04:29:59 +0100 Subject: [PATCH 063/239] glib-networking: update to version 2.80.1 2.80.1 - January 8, 2025 ======================== - OpenSSL: fix crash in complete_handshake (!251, Dario Saccavino) - OpenSSL: fix invalid free in openssl_get_binding_tls_server_end_point() (!255) - TLS test should handle G_IO_ERROR_WOULD_BLOCK (!253, Richard Purdie and Alexander Kanavin) - Updated translations Signed-off-by: Daniel Golle (cherry picked from commit b49f4cc0a3bcc9afe04d91abe80fa25ca48037a7) --- libs/glib-networking/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libs/glib-networking/Makefile b/libs/glib-networking/Makefile index 9c2342e28d0293..962349d2a21048 100644 --- a/libs/glib-networking/Makefile +++ b/libs/glib-networking/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=glib-networking -PKG_VERSION:=2.80.0 +PKG_VERSION:=2.80.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@GNOME/$(PKG_NAME)/$(basename $(PKG_VERSION)) -PKG_HASH:=d8f4f1aab213179ae3351617b59dab5de6bcc9e785021eee178998ebd4bb3acf +PKG_HASH:=b80e2874157cd55071f1b6710fa0b911d5ac5de106a9ee2a4c9c7bee61782f8e PKG_MAINTAINER:=Daniel Golle PKG_LICENSE:=LGPL-2.1-or-later From 3a68aa2aeb487d8b7a5a48f33e82c547b1b3904e Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Thu, 7 Nov 2024 20:20:50 +0000 Subject: [PATCH 064/239] fluidsynth: add package Package Fluidsynth wavetable MIDI synth. Signed-off-by: Daniel Golle (cherry picked from commit b734716f1573cea4037e0ebda4af23b54f659095) --- sound/fluidsynth/Makefile | 76 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 sound/fluidsynth/Makefile diff --git a/sound/fluidsynth/Makefile b/sound/fluidsynth/Makefile new file mode 100644 index 00000000000000..a24cc1be921e89 --- /dev/null +++ b/sound/fluidsynth/Makefile @@ -0,0 +1,76 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=fluidsynth +PKG_VERSION:=2.4.0 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://codeload.github.com/FluidSynth/fluidsynth/tar.gz/v$(PKG_VERSION)? +PKG_HASH:=fd4d216a3030abc56a339985ab0506328660cd77b2d71dd98c240c58c03d8f7f + +PKG_MAINTAINER:=Daniel Golle +PKG_LICENSE:=LGPL-2.1 +PKG_LICENSE_FILES:=LICENSE + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/cmake.mk + +CMAKE_INSTALL:=1 + +CMAKE_OPTIONS += \ + -Denable-coverage=off \ + -Denable-floats=off \ + -Denable-fpe-check=off \ + -Denable-portaudio=off \ + -Denable-profiling=off \ + -Denable-trap-on-fpe=off \ + -Denable-ubsan=off \ + -Denable-alsa=on \ + -Denable-aufile=off \ + -DBUILD_SHARED_LIBS=on \ + -Denable-dbus=off \ + -Denable-ipv6=off \ + -Denable-jack=off \ + -Denable-ladspa=off \ + -Denable-libinstpatch=off \ + -Denable-libsndfile=on \ + -Denable-midishare=off \ + -Denable-opensles=off \ + -Denable-oboe=off \ + -Denable-network=off \ + -Denable-oss=off \ + -Denable-dsound=off \ + -Denable-wasapi=off \ + -Denable-waveout=off \ + -Denable-winmidi=off \ + -Denable-sdl2=off \ + -Denable-pulseaudio=off \ + -Denable-pipewire=off \ + -Denable-readline=off \ + -Denable-threads=off \ + -Denable-openmp=off \ + -Denable-systemd=off \ + -Denable-coreaudio=off \ + -Denable-coremidi=off \ + -Denable-framework=off \ + -Denable-dart=off \ + -Denable-kai=off + +define Package/libfluidsynth + SECTION:=sound + CATEGORY:=Sound + TITLE:=A SoundFont Synthesizer + URL:=https://www.fluidsynth.org + DEPENDS:=+alsa-lib +glib2 +libsndfile +libstdcpp +endef + +define Package/libfluidsynth/description +FluidSynth is a cross-platform, real-time software synthesizer based on the Soundfont 2 specification. +endef + +define Package/libfluidsynth/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/*.so* $(1)/usr/lib/ +endef + +$(eval $(call BuildPackage,libfluidsynth)) From 8587135676a76ef178e47e9b5e9c48093f295a3b Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Sat, 26 Apr 2025 05:07:26 +0100 Subject: [PATCH 065/239] fluidsynth: update to version 2.4.5 fluidsynth 2.4.5 Prebuilt Windows Binaries were missing SDL3.dll (FluidSynth/fluidsynth#1510) Fix SDL3 intercepting signals, causing CTRL+C to not quit fluidsynth (FluidSynth/fluidsynth#1509) Fix a few flaws in the AWE32 NRPN implementation (FluidSynth/fluidsynth#1452, FluidSynth/fluidsynth#1473) A regression introduced in 2.4.4 broke drum preset selection for XG MIDIs (FluidSynth/fluidsynth#1508) Fix for OpenMP thread affinity crashes on Android devices (FluidSynth/fluidsynth#1521, thanks to @looechao) Fix fluidsynth's systemd user daemon being unable to create lock file on some distros (FluidSynth/fluidsynth#1527, thanks to @andrew-sayers) Fix fluidsynth ignoring initialFilterFc generator limits (FluidSynth/fluidsynth#1502) A regression introduced in 2.3.6 prevented SF2 NRPN messages from being processed correctly (FluidSynth/fluidsynth#1536) fluidsynth 2.4.4 Support for SDL3 has been added, support for SDL2 has been deprecated (FluidSynth/fluidsynth#1485, FluidSynth/fluidsynth#1478, thanks to @andyvand) Soundfonts that are not respecting the 46 zero-sample padding-space previously sounded incorrect when synth.dynamic-sample-loading was active (FluidSynth/fluidsynth#1484) Allow drum channels to profit from Soundfont Bank Offsets by no longer ignoring MSB Bank changes (FluidSynth/fluidsynth#1475) Revise the preset fallback logic for drum channels (FluidSynth/fluidsynth#1486) A regression introduced in 2.4.1 may have caused interrupted real-time playback when voices were using the lowpass filter (FluidSynth/fluidsynth#1481) Improve multi-user experience when running fluidsynth as systemd service (FluidSynth/fluidsynth#1491, thanks to @andrew-sayers) Fix ordering and dependencies of fluidsynth's systemd service (FluidSynth/fluidsynth#1500, thanks to @fabiangreffrath) Revise fluidsynth's man page (FluidSynth/fluidsynth#1499, thanks to @fabiangreffrath) fluidsynth 2.4.3 It was discovered, that exclusive class note terminations were too slow (FluidSynth/fluidsynth#1467, thanks to @mrbumpy409) Fix a regression introduced in 2.4.0 that allowed the amplitude of a voice playing in delay phase to rise infinitely (FluidSynth/fluidsynth#1451) MSGS drum-style note-cut has been converted to an opt-in setting synth.note-cut (FluidSynth/fluidsynth#1466) Support for SDL2 has been disabled by default* (FluidSynth/fluidsynth#1472) Fix a regression introduced in 2.4.1 that could have caused infinite audio gain output for some MIDI files under certain configurations (FluidSynth/fluidsynth#1464) Silence a warning issued by Systemd v254+ (FluidSynth/fluidsynth#1474, thanks to @andrew-sayers) fluidsynth 2.4.2 Fix audible clicks when turning off voices while using a high filter resonance (FluidSynth/fluidsynth#1427) Fix a build failure with MSYS2 and MinGW when processing VersionResource.rc (FluidSynth/fluidsynth#1448, thanks to @pedrolcl) Fix a crash on startup when there are no MIDI devices available on Windows (FluidSynth/fluidsynth#1446, thanks to @pedrolcl) Restore discovery of libsndfile (FluidSynth/fluidsynth#1445) Fix a race condition when loading SF3 files containing multiple uncompressed samples (FluidSynth/fluidsynth#1457) fluidsynth 2.4.1 Enable libsndfile to use filename with non-ASCII characters on Windows (FluidSynth/fluidsynth#1416, thanks to @pedrolcl and @stardusteyes) Fix a few commandline encoding related issues on Windows (FluidSynth/fluidsynth#1388, FluidSynth/fluidsynth#1421, thanks to @pedrolcl) Fix build errors on Windows (FluidSynth/fluidsynth#1419, FluidSynth/fluidsynth#1422, thanks to @carlo-bramini) Fix clicks and pops caused when changing parameters of the lowpass filter (FluidSynth/fluidsynth#1415, FluidSynth/fluidsynth#1417, FluidSynth/fluidsynth#1424) Minor adjustment to AWE32 NRPN behavior (FluidSynth/fluidsynth#1430) Signed-off-by: Daniel Golle (cherry picked from commit dd8780e253934ad57afde016679c1f7e498e2be0) --- sound/fluidsynth/Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sound/fluidsynth/Makefile b/sound/fluidsynth/Makefile index a24cc1be921e89..25779f4bc52b1d 100644 --- a/sound/fluidsynth/Makefile +++ b/sound/fluidsynth/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fluidsynth -PKG_VERSION:=2.4.0 +PKG_VERSION:=2.4.5 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/FluidSynth/fluidsynth/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=fd4d216a3030abc56a339985ab0506328660cd77b2d71dd98c240c58c03d8f7f +PKG_HASH:=2d2a5ca35bbb3f3fd241ef388a0cb3ae5755ebbb78121c7869f02b021d694810 PKG_MAINTAINER:=Daniel Golle PKG_LICENSE:=LGPL-2.1 @@ -44,6 +44,7 @@ CMAKE_OPTIONS += \ -Denable-waveout=off \ -Denable-winmidi=off \ -Denable-sdl2=off \ + -Denable-sdl3=off \ -Denable-pulseaudio=off \ -Denable-pipewire=off \ -Denable-readline=off \ From e1c314797b44db7fc3a3373b2d54cce1607eddba Mon Sep 17 00:00:00 2001 From: Lukas Voegl Date: Fri, 27 Jun 2025 12:36:57 +0200 Subject: [PATCH 066/239] treewide: include `nls.mk` when depending on glib2 When compiling glib2 with NLS, it automatically sets linker flags to `-lglib-2.0 -lintl` in pkg-config (.pc) files. Signed-off-by: Lukas Voegl (cherry picked from commit 7ee547b4402b85ff3ede78cdcd997484fc620fa4) --- libs/glib-networking/Makefile | 1 + sound/fluidsynth/Makefile | 1 + utils/swanmon/Makefile | 1 + 3 files changed, 3 insertions(+) diff --git a/libs/glib-networking/Makefile b/libs/glib-networking/Makefile index 962349d2a21048..e0bf48ea99f927 100644 --- a/libs/glib-networking/Makefile +++ b/libs/glib-networking/Makefile @@ -15,6 +15,7 @@ PKG_CPE_ID:=cpe:/a:gnome:glib-networking include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/meson.mk +include $(INCLUDE_DIR)/nls.mk MESON_ARGS += \ -Dgnutls=enabled \ diff --git a/sound/fluidsynth/Makefile b/sound/fluidsynth/Makefile index 25779f4bc52b1d..f8bad01f2ebbc7 100644 --- a/sound/fluidsynth/Makefile +++ b/sound/fluidsynth/Makefile @@ -14,6 +14,7 @@ PKG_LICENSE_FILES:=LICENSE include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/cmake.mk +include $(INCLUDE_DIR)/nls.mk CMAKE_INSTALL:=1 diff --git a/utils/swanmon/Makefile b/utils/swanmon/Makefile index 6dd96757345d71..c523ae634e0a48 100644 --- a/utils/swanmon/Makefile +++ b/utils/swanmon/Makefile @@ -24,6 +24,7 @@ PKG_BUILD_PARALLEL:=1 include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/cmake.mk +include $(INCLUDE_DIR)/nls.mk define Package/swanmon SECTION:=utils From 3abbc29a9c93fcda09512655f2db4efc43371925 Mon Sep 17 00:00:00 2001 From: Dan Srebnick Date: Thu, 3 Apr 2025 16:15:33 -0400 Subject: [PATCH 067/239] ampr-ripd: Initial package release This project can be used with the OpenWrt SDK to generate a package for ampr-ripd. It is intended for use only by licensed amateur radio operators. ampr-ripd is a modified RIPv2 listener that provides route information for ARDC IPIP Mesh tunnels. Signed-off-by: Dan Srebnick (cherry picked from commit 19249742cda92b6895ba236ca6fb3acac5abeacc) --- net/ampr-ripd/Makefile | 102 ++++++++++++++++++++++++ net/ampr-ripd/files/99-ampr-ripd | 112 +++++++++++++++++++++++++++ net/ampr-ripd/files/ampr-ripd-config | 4 + net/ampr-ripd/files/ampr-ripd-init | 87 +++++++++++++++++++++ 4 files changed, 305 insertions(+) create mode 100644 net/ampr-ripd/Makefile create mode 100644 net/ampr-ripd/files/99-ampr-ripd create mode 100644 net/ampr-ripd/files/ampr-ripd-config create mode 100755 net/ampr-ripd/files/ampr-ripd-init diff --git a/net/ampr-ripd/Makefile b/net/ampr-ripd/Makefile new file mode 100644 index 00000000000000..511fef29f536a5 --- /dev/null +++ b/net/ampr-ripd/Makefile @@ -0,0 +1,102 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=ampr-ripd +PKG_VERSION:=2.4.2 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tgz +PKG_SOURCE_URL:=https://yo2loj.ro/hamprojects +PKG_HASH:=e4635bd0f88c1f2b0777e948a00d0470aa97254ec4b0b8fd75c79d109995a350 + +PKG_MAINTAINER:=Dan Srebnick +PKG_LICENSE:=GPL-2.0-only +PKG_LICENSE_FILES:=COPYING + +include $(INCLUDE_DIR)/package.mk + +define Package/ampr-ripd + SECTION:=net + CATEGORY:=Network + SUBMENU:=Routing and Redirection + DEPENDS:=+kmod-ipip +ip + TITLE:=Routing daemon for the AMPR network + URL:=https://www.yo2loj.ro/hamprojects +endef + +define Package/ampr-ripd/description + Routing daemon written in C similar to Hessu's rip44d including optional resending of RIPv2 broadcasts for router injection. +endef + +CONFIGURE_VARS+= \ + CC="$(TOOLCHAIN_DIR)/bin/$(TARGET_CC)" + COPT="$(TARGET_COPT)" + +define Package/ampr-ripd/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/ampr-ripd $(1)/usr/sbin + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/ampr-ripd-init $(1)/etc/init.d/ampr-ripd + $(INSTALL_DIR) $(1)/etc/uci-defaults + $(INSTALL_DATA) ./files/99-ampr-ripd $(1)/etc/uci-defaults/99-ampr-ripd + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) ./files/ampr-ripd-config $(1)/etc/config/ampr-ripd +endef + +define Package/ampr-ripd/postrm +#!/bin/sh +[ "$${PKG_UPGRADE}" = 1 ] && exit 0 +[ -z "$${IPKG_INSTROOT}" ] || exit 0 + +echo "Removing firewall rules..." +for i in $$(seq 99 -1 0); do + if [ $$(uci -q get firewall.@rule[$$i]) ]; then + name=$$(uci get firewall.@rule[$$i].name) + if [ "$$name" = "Net 44 ICMP Echo Request" ] \ + || [ "$$name" = "Net 44 Router ICMP" ] \ + || [ "$$name" = "ipip" ]; then + uci del firewall.@rule[$$i] + fi + fi +done +uci commit firewall + +echo "Removing network rules..." +for i in $$(seq 99 -1 0); do + if [ $$(uci -q get network.@rule[$$i]) ]; then + lookup=$$(uci get network.@rule[$$i].lookup) + if [ "$$lookup" = "44" ]; then + uci del network.@rule[$$i] + fi + fi +done +uci commit network + +echo "Removing firewall zone forwarding rules..." +for i in $$(seq 99 -1 0); do + if [ $$(uci -q get firewall.@forwarding[$$i]) ]; then + name=$$(uci get firewall.@forwarding[$$i].src) + if [ "$$name" = "amprlan" ] || [ "$$name" = "amprwan" ]; then + uci del firewall.@forwarding[$$i] + fi + fi +done + +echo "Removing firewall zones..." +for i in $$(seq 99 -1 0); do + if [ $$(uci -q get firewall.@zone[$$i]) ]; then + name=$$(uci get firewall.@zone[$$i].name) + if [ "$$name" = "amprlan" ] || [ "$$name" = "amprwan" ]; then + uci del firewall.@zone[$$i] + fi + fi +done +uci commit firewall + +echo "Removing network interfaces..." +uci del network.amprwan +uci del network.amprlan +uci commit network + +endef + +$(eval $(call BuildPackage,ampr-ripd)) diff --git a/net/ampr-ripd/files/99-ampr-ripd b/net/ampr-ripd/files/99-ampr-ripd new file mode 100644 index 00000000000000..fcccb77c4bec00 --- /dev/null +++ b/net/ampr-ripd/files/99-ampr-ripd @@ -0,0 +1,112 @@ +############################################################################## +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# Copyright (C) 2025 Dan Srebnick (K2IE) +# +############################################################################## + +# Check to see if network.amprlan.ipaddr and network.amprwan.ipaddr exist. +# If so, no need to apply defaults. + +if [ -z "$(uci -q get network.amprlan.ipaddr)" ] && \ + [ -z "$(uci -q get network.amprwan.ipaddr)" ]; then + +echo Installing default routing rules... +r=$(uci add network rule) +uci -q batch << EOI +set network.$r.dest='44.0.0.0/9' +set network.$r.lookup='44' +set network.$r.priority='44' +EOI +r=$(uci add network rule) +uci -q batch << EOI +set network.$r.dest='44.128.0.0/10' +set network.$r.lookup='44' +set network.$r.priority='44' +EOI +r=$(uci add network rule) +uci -q batch << EOI +set network.$r.src='44.127.254.0/24' +set network.$r.lookup='44' +set network.$r.priority='45' +EOI + +echo Installing default network interfaces... +uci -q batch << EOI +set network.amprlan=interface +set network.amprlan.proto='static' +set network.amprlan.device='br-lan' +set network.amprlan.force_link='0' +set network.amprlan.ipaddr='44.127.254.254' +set network.amprlan.netmask='255.255.255.0' +set network.amprlan.defaultroute='0' +set network.amprlan.ip4table='44' +set network.amprlan.delegate='0' +set network.amprwan=interface +set network.amprwan.device='tunl0' +set network.amprwan.proto='static' +set network.amprwan.ipaddr='44.127.254.254' +set network.amprwan.netmask='255.255.255.0' +commit network +EOI + +echo Installing default firewall zones... +z=$(uci add firewall zone) +uci -q batch << EOI +set firewall.$z.name='amprlan' +set firewall.$z.network='amprlan' +EOI +z=$(uci add firewall zone) +uci -q batch << EOI +set firewall.$z.name='amprwan' +set firewall.$z.network='amprwan' +set firewall.$z.input='REJECT' +EOI +z=$(uci add firewall forwarding) +uci -q batch << EOI +set firewall.$z.src='amprlan' +set firewall.$z.dest='amprwan' +commit firewall +EOI + +echo Installing default firewall rules... +f=$(uci add firewall rule) +uci -q batch << EOI +set firewall.$f.name='ipip' +set firewall.$f.proto='ipencap' +set firewall.$f.src='wan' +set firewall.$f.target='ACCEPT' +set firewall.$f.family='ipv4' +set firewall.$f.icmp_type='echo-request' +EOI +f=$(uci add firewall rule) +uci -q batch << EOI +set firewall.$f.name='Net 44 ICMP Echo Request' +set firewall.$f.proto='icmp' +set firewall.$f.src='amprwan' +set firewall.$f.dest='amprlan' +set firewall.$f.target='ACCEPT' +set firewall.$f.family='ipv4' +set firewall.$f.icmp_type='echo-request' +EOI +f=$(uci add firewall rule) +uci -q batch << EOI +set firewall.$f.name='Net 44 Router ICMP' +set firewall.$f.proto='icmp' +set firewall.$f.src='amprwan' +set firewall.$f.target='ACCEPT' +set firewall.$f.family='ipv4' +set firewall.$f.icmp_type='echo-request' +commit firewall +EOI + +fi +exit diff --git a/net/ampr-ripd/files/ampr-ripd-config b/net/ampr-ripd/files/ampr-ripd-config new file mode 100644 index 00000000000000..a7d7d5185688a7 --- /dev/null +++ b/net/ampr-ripd/files/ampr-ripd-config @@ -0,0 +1,4 @@ + +config ampr-ripd 'network' + option tunnet 44.127.254.0/255.255.255.0 + diff --git a/net/ampr-ripd/files/ampr-ripd-init b/net/ampr-ripd/files/ampr-ripd-init new file mode 100755 index 00000000000000..6f1a8f426e4865 --- /dev/null +++ b/net/ampr-ripd/files/ampr-ripd-init @@ -0,0 +1,87 @@ +#!/bin/sh /etc/rc.common + +START=95 +STOP=10 + +EXTRA_COMMANDS="configure" +EXTRA_HELP=" configure Configure service parameters" + +start() { + default_addr="44.127.254.254" + if [ "$(uci get network.amprlan.ipaddr)" = "$default_addr" ] || \ + [ "$(uci get network.amprwan.ipaddr)" = "$default_addr" ]; then + + cat <<-EOF + ampr-ripd is not fully configured. + You must run /etc/init.d/ampr-ripd configure. + EOF + + exit 1 + fi + if [ ! -d /var/lib/ampr-ripd ]; then + mkdir -p /var/lib/ampr-ripd + fi + ip tunnel change ttl 64 mode ipip tunl0 + ip link set dev tunl0 up + ifconfig tunl0 mtu 1480 + tunnet=$(uci -q get ampr-ripd.network.tunnet) + /usr/sbin/ampr-ripd -s -r -t 44 -i tunl0 -a "$tunnet" +} + +stop() { + ifconfig tunl0 down + killall ampr-ripd +} + +configure() { + if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ]; then + cat <<-EOF + + Usage: /etc/init.d/ampr-ripd configure [amprhost] [amprmask] [amprnet] + + amprhost is the 44 net address assigned to your OpenWrt host + amprmask is the full netmask of your AMPR assigned network + amprnet is the network number of your AMPR assigned network + + Eg. /etc/init.d/ampr-ripd configure 44.127.254.1 255.255.255.0 44.127.254.0 + EOF + exit 1 + fi + amprhost=$1 + amprmask=$2 + amprnet=$3 + + cat <<-EOF + Configuring ampr-ripd with values: + + amprhost=$amprhost + amprmask=$amprmask + amprnet=$amprnet + EOF + + tunnet=$amprnet/$amprmask + uci set ampr-ripd.network.tunnet="$tunnet" + uci commit ampr-ripd + uci set network.amprlan.ipaddr="$amprhost" + uci set network.amprlan.netmask="$amprmask" + uci set network.amprwan.ipaddr="$amprhost" + uci set network.amprwan.netmask="$amprmask" + for i in $(seq 0 -1 -99); do + if [ ! -z $(uci -q get network.@rule[$i].src) ] && \ + [ "$(uci get network.@rule[$i].lookup)" = "44" ] && \ + [ "$(uci get network.@rule[$i].priority)" = "45" ]; then + uci set network.@rule[$i].src="$tunnet" + break + fi + done + uci commit network + + cat <<-EOF + + Now, do the following: + /etc/init.d/ampr-ripd restart + /etc/init.d/network restart + EOF + + exit 0 +} From d1aea2b0fce8e8a4452618a07a890b9dd306bb7c Mon Sep 17 00:00:00 2001 From: Dan Srebnick Date: Mon, 1 Sep 2025 11:45:15 -0400 Subject: [PATCH 068/239] ampr-ripd: script improvements and add QA script Added test.sh Predetermine count used by for loops in Makefile postrm Implemented extra_command in initscript Resolved shellcheck issues Bump release Signed-off-by: Dan Srebnick (cherry picked from commit 551ef4a7c1abe3be192d7eba9f7a193e54e92dd0) --- net/ampr-ripd/Makefile | 54 ++++++++++++++---------------- net/ampr-ripd/files/ampr-ripd-init | 12 +++---- net/ampr-ripd/test.sh | 3 ++ 3 files changed, 33 insertions(+), 36 deletions(-) create mode 100644 net/ampr-ripd/test.sh diff --git a/net/ampr-ripd/Makefile b/net/ampr-ripd/Makefile index 511fef29f536a5..27dce8a14566b0 100644 --- a/net/ampr-ripd/Makefile +++ b/net/ampr-ripd/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ampr-ripd PKG_VERSION:=2.4.2 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tgz PKG_SOURCE_URL:=https://yo2loj.ro/hamprojects @@ -24,7 +24,8 @@ define Package/ampr-ripd endef define Package/ampr-ripd/description - Routing daemon written in C similar to Hessu's rip44d including optional resending of RIPv2 broadcasts for router injection. + Routing daemon written in C similar to Hessu's rip44d including + optional resending of RIPv2 broadcasts for router injection. endef CONFIGURE_VARS+= \ @@ -48,46 +49,43 @@ define Package/ampr-ripd/postrm [ -z "$${IPKG_INSTROOT}" ] || exit 0 echo "Removing firewall rules..." -for i in $$(seq 99 -1 0); do - if [ $$(uci -q get firewall.@rule[$$i]) ]; then - name=$$(uci get firewall.@rule[$$i].name) - if [ "$$name" = "Net 44 ICMP Echo Request" ] \ - || [ "$$name" = "Net 44 Router ICMP" ] \ - || [ "$$name" = "ipip" ]; then - uci del firewall.@rule[$$i] - fi +count=$$(( $$(uci show firewall | grep -c "=rule") - 1 )) +for i in $$(seq "$$count" -1 0); do + name=$$(uci get firewall.@rule["$$i"].name) + if [ "$$name" = "Net 44 ICMP Echo Request" ] \ + || [ "$$name" = "Net 44 Router ICMP" ] \ + || [ "$$name" = "ipip" ]; then + uci del firewall.@rule["$$i"] fi done uci commit firewall echo "Removing network rules..." -for i in $$(seq 99 -1 0); do - if [ $$(uci -q get network.@rule[$$i]) ]; then - lookup=$$(uci get network.@rule[$$i].lookup) - if [ "$$lookup" = "44" ]; then - uci del network.@rule[$$i] - fi +count=$$(( $$(uci show network | grep -c "=rule") - 1 )) +for i in $$(seq "$$count" -1 0); do + lookup=$$(uci get network.@rule["$$i"].lookup) + if [ "$$lookup" = "44" ]; then + uci del network.@rule["$$i"] fi done uci commit network echo "Removing firewall zone forwarding rules..." -for i in $$(seq 99 -1 0); do - if [ $$(uci -q get firewall.@forwarding[$$i]) ]; then - name=$$(uci get firewall.@forwarding[$$i].src) - if [ "$$name" = "amprlan" ] || [ "$$name" = "amprwan" ]; then - uci del firewall.@forwarding[$$i] - fi +count=$$(( $$(uci show firewall | grep -c "=forwarding") -1 )) +for i in $$(seq "$$count" -1 0); do + name=$$(uci get firewall.@forwarding["$$i"].src) + if [ "$$name" = "amprlan" ] || [ "$$name" = "amprwan" ]; then + uci del firewall.@forwarding["$$i"] fi done +uci commit firewall echo "Removing firewall zones..." -for i in $$(seq 99 -1 0); do - if [ $$(uci -q get firewall.@zone[$$i]) ]; then - name=$$(uci get firewall.@zone[$$i].name) - if [ "$$name" = "amprlan" ] || [ "$$name" = "amprwan" ]; then - uci del firewall.@zone[$$i] - fi +count=$$(( $$(uci show firewall | grep -c "=zone") -1 )) +for i in $$(seq "$$count" -1 0); do + name=$$(uci get firewall.@zone["$$i"].name) + if [ "$$name" = "amprlan" ] || [ "$$name" = "amprwan" ]; then + uci del firewall.@zone["$$i"] fi done uci commit firewall diff --git a/net/ampr-ripd/files/ampr-ripd-init b/net/ampr-ripd/files/ampr-ripd-init index 6f1a8f426e4865..e1df78aca0244f 100755 --- a/net/ampr-ripd/files/ampr-ripd-init +++ b/net/ampr-ripd/files/ampr-ripd-init @@ -3,8 +3,7 @@ START=95 STOP=10 -EXTRA_COMMANDS="configure" -EXTRA_HELP=" configure Configure service parameters" +extra_command "configure" "Configure service parameters" start() { default_addr="44.127.254.254" @@ -66,12 +65,9 @@ configure() { uci set network.amprlan.netmask="$amprmask" uci set network.amprwan.ipaddr="$amprhost" uci set network.amprwan.netmask="$amprmask" - for i in $(seq 0 -1 -99); do - if [ ! -z $(uci -q get network.@rule[$i].src) ] && \ - [ "$(uci get network.@rule[$i].lookup)" = "44" ] && \ - [ "$(uci get network.@rule[$i].priority)" = "45" ]; then - uci set network.@rule[$i].src="$tunnet" - break + for i in $(uci show network | awk -F= "/@rule/ && /lookup='44'/ {split(\$1, conf, /[.=]/); print conf[2]}"); do + if [ "$(uci -q get "network.$i.priority")" = "45" ]; then + uci set "network.$i.src=$tunnet" fi done uci commit network diff --git a/net/ampr-ripd/test.sh b/net/ampr-ripd/test.sh new file mode 100644 index 00000000000000..c8a730ae27bfc8 --- /dev/null +++ b/net/ampr-ripd/test.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +"$1" -h 2>&1 | grep "$PKG_VERSION" From 017695353509b745ee2954c5eff52e7ec9434e12 Mon Sep 17 00:00:00 2001 From: John Audia Date: Tue, 12 Aug 2025 03:52:32 -0400 Subject: [PATCH 069/239] snort3: update to 3.9.3.0 Changelog: https://github.com/snort3/snort3/releases/tag/3.9.3.0 Build system: x86/64 Build-tested: x86/64-glibc Run-tested: x86/64-glibc (Intel N150 based box) Signed-off-by: John Audia (cherry picked from commit f8ace6e398a161ef661c51483b0ecdea19201d4a) --- net/snort3/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/snort3/Makefile b/net/snort3/Makefile index 701928feff78d0..c02a0445702831 100644 --- a/net/snort3/Makefile +++ b/net/snort3/Makefile @@ -6,13 +6,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=snort3 -PKG_VERSION:=3.9.1.0 -PKG_RELEASE:=2 +PKG_VERSION:=3.9.3.0 +PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_VERSION:=$(PKG_VERSION) PKG_SOURCE_URL:=https://github.com/snort3/snort3 -PKG_MIRROR_HASH:=982a56085c727ea0ea4717e92e0f6f339534520e80d0307cecf7d5eeda3811a5 +PKG_MIRROR_HASH:=aa70ac94fbae9e3080422360513b1f05f7ada14ba29d9c453f50afb8a96627f6 PKG_MAINTAINER:=W. Michael Petullo , John Audia PKG_LICENSE:=GPL-2.0-only From c1b9770adb47d2856f922c6c10d0f4c6b922cc10 Mon Sep 17 00:00:00 2001 From: John Audia Date: Fri, 18 Jul 2025 09:46:45 -0400 Subject: [PATCH 070/239] snort3: fix logic in gpertools-runtime depends The logic in e57cc9898a362d81e8dec5dd779293e6ff3d4710 was flawed causing gperftools-runtime to fail to get detected when building resulting in: ... ninja: Entering directory `/scratch/union/build_dir/target-x86_64_glibc/snort3-3.9.1.0' ninja: error: '/scratch/union/staging_dir/target-x86_64_glibc/usr/lib/libtcmalloc.so', needed by 'src/snort', missing and no known rule to make it make[2]: *** [Makefile:161: /scratch/union/build_dir/target-x86_64_glibc/snort3-3.9.1.0/.built] Error 1 It was missed due testing in build root that already had gperftools-runtime built only discovered when building from a clean build root. This commit fixes this flaw. Test: cat < .config CONFIG_TARGET_x86=y CONFIG_TARGET_x86_64=y CONFIG_TARGET_x86_64_DEVICE_generic=y CONFIG_PACKAGE_snort3=y EOF make defconfig grep gperftools-run .config CONFIG_PACKAGE_gperftools-runtime=y cat < .config CONFIG_TARGET_qoriq=y CONFIG_TARGET_qoriq_generic=y CONFIG_TARGET_qoriq_generic_DEVICE_watchguard_firebox-m300=y CONFIG_PACKAGE_snort3=y EOF make defconfig grep gperftools-run .config Signed-off-by: John Audia (cherry picked from commit 257e2fc38aa694604e7be9e70e58082037133434) --- net/snort3/Makefile | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/net/snort3/Makefile b/net/snort3/Makefile index c02a0445702831..7a2d4332fe1083 100644 --- a/net/snort3/Makefile +++ b/net/snort3/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=snort3 PKG_VERSION:=3.9.3.0 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_PROTO:=git PKG_SOURCE_VERSION:=$(PKG_VERSION) @@ -22,16 +22,23 @@ PKG_CPE_ID:=cpe:/a:snort:snort include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/cmake.mk +ifeq ($(filter $(ARCH),mips mips64 mipsel powerpc),) + EXTRA_DEPENDS += +gperftools-runtime +endif +ifeq ($(filter $(ARCH),x86_64),$(ARCH)) + EXTRA_DEPENDS += +hyperscan-runtime + CMAKE_OPTIONS += -DHS_INCLUDE_DIRS=$(STAGING_DIR)/usr/include/hs +endif + +SNORT3DEPS:=+libstdcpp +libdaq3 +libdnet +libopenssl +libpcap +libpcre2 \ + +libpthread +libuuid +zlib +libhwloc +libtirpc @HAS_LUAJIT_ARCH +luajit +libatomic \ + +kmod-nft-queue +liblzma +ucode +ucode-mod-fs +ucode-mod-uci $(EXTRA_DEPENDS) + define Package/snort3 SUBMENU:=Firewall SECTION:=net CATEGORY:=Network - DEPENDS:= \ - +@!(TARGET_powerpc||TARGET_mips||TARGET_mips64||TARGET_mipsel):gperftools-runtime \ - +(TARGET_x86||TARGET_x86_64):hyperscan-runtime \ - +libstdcpp +libdaq3 +libdnet +libopenssl +libpcap +libpcre2 \ - +libpthread +libuuid +zlib +libhwloc +libtirpc @HAS_LUAJIT_ARCH +luajit +libatomic \ - +kmod-nft-queue +liblzma +ucode +ucode-mod-fs +ucode-mod-uci + DEPENDS:=$(SNORT3DEPS) TITLE:=Lightweight Network Intrusion Detection System URL:=http://www.snort.org/ MENU:=1 @@ -45,11 +52,6 @@ define Package/snort3/description attacks. endef -# Hyperscan only builds for x86 -ifdef CONFIG_TARGET_x86_64 - CMAKE_OPTIONS += -DHS_INCLUDE_DIRS=$(STAGING_DIR)/usr/include/hs -endif - CMAKE_OPTIONS += \ -DUSE_TIRPC:BOOL=YES \ -DENABLE_STATIC_DAQ:BOOL=NO \ From 76abdbe651e6d22fe42ce609497603852f18d24e Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Sun, 17 Aug 2025 03:45:36 -0400 Subject: [PATCH 071/239] lighttpd: update to lighttpd 1.4.81 release hash https://www.lighttpd.net/2025/8/17/1.4.81/ Signed-off-by: Glenn Strauss (cherry picked from commit 62dbf8c87f1648696b7ee53acc8c15fcc84776ff) --- net/lighttpd/Makefile | 4 ++-- net/lighttpd/patches/020-meson-mod_webdav_min.patch | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/net/lighttpd/Makefile b/net/lighttpd/Makefile index 180dc04cbcfc9e..3e01733fb05242 100644 --- a/net/lighttpd/Makefile +++ b/net/lighttpd/Makefile @@ -8,14 +8,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lighttpd -PKG_VERSION:=1.4.79 +PKG_VERSION:=1.4.81 PKG_RELEASE:=1 # release candidate ~rcX testing; remove for release #PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://download.lighttpd.net/lighttpd/releases-1.4.x -PKG_HASH:=3b29a625b3ad88702d1fea4f5f42bb7d87488f2e4efc977d7f185329ca6084bd +PKG_HASH:=d7d42c3fd2fd94b63c915aa7d18f4da3cac5937ddba33e909f81cf50842a5840 PKG_MAINTAINER:=Glenn Strauss PKG_LICENSE:=BSD-3-Clause diff --git a/net/lighttpd/patches/020-meson-mod_webdav_min.patch b/net/lighttpd/patches/020-meson-mod_webdav_min.patch index fc7b155382c552..e4ec9653864207 100644 --- a/net/lighttpd/patches/020-meson-mod_webdav_min.patch +++ b/net/lighttpd/patches/020-meson-mod_webdav_min.patch @@ -9,7 +9,7 @@ Subject: [PATCH] [meson] mod_webdav_min w/o deps: xml2 sqlite3 uuid --- a/src/meson.build +++ b/src/meson.build -@@ -887,6 +887,16 @@ if (host_machine.system() == 'darwin') +@@ -908,6 +908,16 @@ if (host_machine.system() == 'darwin') plugin_suffix = 'so' # use "so" instead of "dylib" endif From 43b2aff8fa04ee63c7571bedf6e13f9971287205 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Fri, 12 Sep 2025 18:05:57 -0400 Subject: [PATCH 072/239] lighttpd: update to lighttpd 1.4.82 release hash Ref: https://www.lighttpd.net/2025/9/12/1.4.82/ Signed-off-by: Glenn Strauss (cherry picked from commit c8e1b9af9985384fe356a3af29019ac204438393) --- net/lighttpd/Makefile | 4 +-- .../patches/020-meson-mod_webdav_min.patch | 2 +- ...-TLS-defaults-to-MinProtocol-TLSv1.3.patch | 36 +++++++++---------- 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/net/lighttpd/Makefile b/net/lighttpd/Makefile index 3e01733fb05242..f8acbaaab43d60 100644 --- a/net/lighttpd/Makefile +++ b/net/lighttpd/Makefile @@ -8,14 +8,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lighttpd -PKG_VERSION:=1.4.81 +PKG_VERSION:=1.4.82 PKG_RELEASE:=1 # release candidate ~rcX testing; remove for release #PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://download.lighttpd.net/lighttpd/releases-1.4.x -PKG_HASH:=d7d42c3fd2fd94b63c915aa7d18f4da3cac5937ddba33e909f81cf50842a5840 +PKG_HASH:=abfe74391f9cbd66ab154ea07e64f194dbe7e906ef4ed47eb3b0f3b46246c962 PKG_MAINTAINER:=Glenn Strauss PKG_LICENSE:=BSD-3-Clause diff --git a/net/lighttpd/patches/020-meson-mod_webdav_min.patch b/net/lighttpd/patches/020-meson-mod_webdav_min.patch index e4ec9653864207..8a371e4b40c130 100644 --- a/net/lighttpd/patches/020-meson-mod_webdav_min.patch +++ b/net/lighttpd/patches/020-meson-mod_webdav_min.patch @@ -9,7 +9,7 @@ Subject: [PATCH] [meson] mod_webdav_min w/o deps: xml2 sqlite3 uuid --- a/src/meson.build +++ b/src/meson.build -@@ -908,6 +908,16 @@ if (host_machine.system() == 'darwin') +@@ -926,6 +926,16 @@ if (host_machine.system() == 'darwin') plugin_suffix = 'so' # use "so" instead of "dylib" endif diff --git a/net/lighttpd/patches/030-Revert-TLS-modify-TLS-defaults-to-MinProtocol-TLSv1.3.patch b/net/lighttpd/patches/030-Revert-TLS-modify-TLS-defaults-to-MinProtocol-TLSv1.3.patch index 1b42070b5a70bd..e54e12ecce7f4c 100644 --- a/net/lighttpd/patches/030-Revert-TLS-modify-TLS-defaults-to-MinProtocol-TLSv1.3.patch +++ b/net/lighttpd/patches/030-Revert-TLS-modify-TLS-defaults-to-MinProtocol-TLSv1.3.patch @@ -18,7 +18,7 @@ Signed-off-by: Glenn Strauss --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c -@@ -2181,7 +2181,7 @@ network_init_ssl (server *srv, plugin_co +@@ -2184,7 +2184,7 @@ network_init_ssl (server *srv, plugin_co * GnuTLS by concatenating into a single priority string */ buffer *b = srv->tmp_buf; @@ -27,7 +27,7 @@ Signed-off-by: Glenn Strauss buffer_copy_string_len(b, s->priority_base, strlen(s->priority_base)); if (!buffer_is_blank(&s->priority_str)) { buffer_append_char(b, ':'); -@@ -3935,13 +3935,8 @@ mod_gnutls_ssl_conf_curves(server *srv, +@@ -3943,13 +3943,8 @@ mod_gnutls_ssl_conf_curves(server *srv, static int mod_gnutls_ssl_conf_proto_val (server *srv, const buffer *b, int max) { @@ -43,7 +43,7 @@ Signed-off-by: Glenn Strauss else if (buffer_eq_icase_slen(b, CONST_STR_LEN("None"))) /*"disable" limit*/ return max ? GNUTLS_TLS1_3 : GNUTLS_TLS1_0; else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.0"))) -@@ -3963,11 +3958,7 @@ mod_gnutls_ssl_conf_proto_val (server *s +@@ -3971,11 +3966,7 @@ mod_gnutls_ssl_conf_proto_val (server *s "GnuTLS: ssl.openssl.ssl-conf-cmd %s %s invalid; ignored", max ? "MaxProtocol" : "MinProtocol", b->ptr); } @@ -56,7 +56,7 @@ Signed-off-by: Glenn Strauss } -@@ -3997,11 +3988,9 @@ mod_gnutls_ssl_conf_proto (server *srv, +@@ -4005,11 +3996,9 @@ mod_gnutls_ssl_conf_proto (server *srv, if (x < GNUTLS_TLS1_2) break; buffer_append_string_len(b, CONST_STR_LEN("+VERS-TLS1.2:")); __attribute_fallthrough__ @@ -70,7 +70,7 @@ Signed-off-by: Glenn Strauss } --- a/src/mod_mbedtls.c +++ b/src/mod_mbedtls.c -@@ -4737,8 +4737,6 @@ mod_mbedtls_ssl_conf_dhparameters(server +@@ -4858,8 +4858,6 @@ mod_mbedtls_ssl_conf_dhparameters(server static void mod_mbedtls_ssl_conf_proto (server *srv, plugin_config_socket *s, const buffer *b, int max) { @@ -79,7 +79,7 @@ Signed-off-by: Glenn Strauss int v = MBEDTLS_SSL_MINOR_VERSION_3; /* default: TLS v1.2 */ if (NULL == b) /* default: min TLSv1.2, max TLSv1.3 */ #ifdef MBEDTLS_SSL_MINOR_VERSION_4 -@@ -4811,20 +4809,9 @@ mod_mbedtls_ssl_conf_proto (server *srv, +@@ -4932,20 +4930,9 @@ mod_mbedtls_ssl_conf_proto (server *srv, static void mod_mbedtls_ssl_conf_proto (server *srv, plugin_config_socket *s, const buffer *b, int max) { @@ -100,7 +100,7 @@ Signed-off-by: Glenn Strauss else if (buffer_eq_icase_slen(b, CONST_STR_LEN("None"))) /*"disable" limit*/ v = max ? MBEDTLS_SSL_VERSION_TLS1_3 : MBEDTLS_SSL_VERSION_TLS1_2; else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.2"))) -@@ -4846,9 +4833,6 @@ mod_mbedtls_ssl_conf_proto (server *srv, +@@ -4967,9 +4954,6 @@ mod_mbedtls_ssl_conf_proto (server *srv, return; } } @@ -112,7 +112,7 @@ Signed-off-by: Glenn Strauss ? mbedtls_ssl_conf_max_tls_version(s->ssl_ctx, v) --- a/src/mod_nss.c +++ b/src/mod_nss.c -@@ -2785,9 +2785,7 @@ http_cgi_ssl_env (request_st * const r, +@@ -2784,9 +2784,7 @@ http_cgi_ssl_env (request_st * const r, size_t n; const char *s = NULL; switch (inf.protocolVersion) { @@ -122,7 +122,7 @@ Signed-off-by: Glenn Strauss case SSL_LIBRARY_VERSION_TLS_1_2: s="TLSv1.2";n=sizeof("TLSv1.2")-1;break; case SSL_LIBRARY_VERSION_TLS_1_1: s="TLSv1.1";n=sizeof("TLSv1.1")-1;break; case SSL_LIBRARY_VERSION_TLS_1_0: s="TLSv1.0";n=sizeof("TLSv1.0")-1;break; -@@ -3120,13 +3118,9 @@ mod_nss_ssl_conf_curves(server *srv, plu +@@ -3119,13 +3117,9 @@ mod_nss_ssl_conf_curves(server *srv, plu static PRUint16 mod_nss_ssl_conf_proto_val (server *srv, const buffer *b, int max) { @@ -138,7 +138,7 @@ Signed-off-by: Glenn Strauss else if (buffer_eq_icase_slen(b, CONST_STR_LEN("None"))) /*"disable" limit*/ return max ? SSL_LIBRARY_VERSION_TLS_1_3 : SSL_LIBRARY_VERSION_TLS_1_0; else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.0"))) -@@ -3148,11 +3142,7 @@ mod_nss_ssl_conf_proto_val (server *srv, +@@ -3147,11 +3141,7 @@ mod_nss_ssl_conf_proto_val (server *srv, "NSS: ssl.openssl.ssl-conf-cmd %s %s invalid; ignored", max ? "MaxProtocol" : "MinProtocol", b->ptr); } @@ -153,7 +153,7 @@ Signed-off-by: Glenn Strauss --- a/src/mod_openssl.c +++ b/src/mod_openssl.c -@@ -3583,11 +3583,7 @@ network_init_ssl (server *srv, plugin_co +@@ -3648,11 +3648,7 @@ network_init_ssl (server *srv, plugin_co #if OPENSSL_VERSION_NUMBER >= 0x10100000L \ || defined(BORINGSSL_API_VERSION) \ || defined(LIBRESSL_VERSION_NUMBER) @@ -165,7 +165,7 @@ Signed-off-by: Glenn Strauss return -1; #endif -@@ -5207,9 +5203,9 @@ int mod_openssl_plugin_init (plugin *p) +@@ -5259,9 +5255,9 @@ int mod_openssl_plugin_init (plugin *p) static int mod_openssl_ssl_conf_proto_val (server *srv, const buffer *b, int max) { @@ -177,7 +177,7 @@ Signed-off-by: Glenn Strauss #else return TLS1_2_VERSION; #endif -@@ -5244,7 +5240,7 @@ mod_openssl_ssl_conf_proto_val (server * +@@ -5296,7 +5292,7 @@ mod_openssl_ssl_conf_proto_val (server * max ? "MaxProtocol" : "MinProtocol", b->ptr); } #ifdef TLS1_3_VERSION @@ -188,7 +188,7 @@ Signed-off-by: Glenn Strauss #endif --- a/src/mod_wolfssl.c +++ b/src/mod_wolfssl.c -@@ -1247,14 +1247,12 @@ ssl_info_callback (const SSL *ssl, int w +@@ -1293,14 +1293,12 @@ ssl_info_callback (const SSL *ssl, int w /* SSL_version() is valid after initial handshake completed */ SSL *ssl_nonconst; *(const SSL **)&ssl_nonconst = ssl; @@ -203,7 +203,7 @@ Signed-off-by: Glenn Strauss } } -@@ -2537,15 +2535,9 @@ network_init_ssl (server *srv, plugin_co +@@ -2572,15 +2570,9 @@ network_init_ssl (server *srv, plugin_co #endif #endif @@ -219,7 +219,7 @@ Signed-off-by: Glenn Strauss if (s->ssl_conf_cmd && s->ssl_conf_cmd->used) { if (0 != mod_openssl_ssl_conf_cmd(srv, s)) return -1; -@@ -3953,12 +3945,8 @@ int mod_wolfssl_plugin_init (plugin *p) +@@ -3970,12 +3962,8 @@ int mod_wolfssl_plugin_init (plugin *p) static int mod_openssl_ssl_conf_proto_val (server *srv, const buffer *b, int max) { @@ -234,7 +234,7 @@ Signed-off-by: Glenn Strauss else if (buffer_eq_icase_slen(b, CONST_STR_LEN("None"))) /*"disable" limit*/ return max ? WOLFSSL_TLSV1_3 : WOLFSSL_TLSV1; else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.0"))) -@@ -3980,11 +3968,7 @@ mod_openssl_ssl_conf_proto_val (server * +@@ -3997,11 +3985,7 @@ mod_openssl_ssl_conf_proto_val (server * "SSL: ssl.openssl.ssl-conf-cmd %s %s invalid; ignored", max ? "MaxProtocol" : "MinProtocol", b->ptr); } @@ -247,7 +247,7 @@ Signed-off-by: Glenn Strauss } -@@ -4127,9 +4111,7 @@ mod_openssl_ssl_conf_cmd (server *srv, p +@@ -4144,9 +4128,7 @@ mod_openssl_ssl_conf_cmd (server *srv, p case WOLFSSL_TLSV1_2: wolfSSL_CTX_set_options(s->ssl_ctx, WOLFSSL_OP_NO_TLSv1_3); __attribute_fallthrough__ From 245cf57b0680290a9fe7448264c114c82e1da316 Mon Sep 17 00:00:00 2001 From: Gregory Gullin Date: Sat, 16 Aug 2025 15:05:14 +0300 Subject: [PATCH 073/239] nnn: update to version 5.1 Release notes: https://github.com/jarun/nnn/compare/v4.9...v5.1 Signed-off-by: Gregory Gullin (cherry picked from commit ebb0d87450c9bbf1008990ddc2c68d3cfdae5f5a) --- utils/nnn/Makefile | 4 ++-- utils/nnn/patches/musl-fts.patch | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/utils/nnn/Makefile b/utils/nnn/Makefile index 887ecd7006017c..5c0c35b3f41aea 100644 --- a/utils/nnn/Makefile +++ b/utils/nnn/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nnn -PKG_VERSION:=4.9 +PKG_VERSION:=5.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/jarun/nnn/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=9e25465a856d3ba626d6163046669c0d4010d520f2fb848b0d611e1ec6af1b22 +PKG_HASH:=9faaff1e3f5a2fd3ed570a83f6fb3baf0bfc6ebd6a9abac16203d057ac3fffe3 PKG_MAINTAINER:=Josef Schlehofer PKG_LICENSE:=BSD-2-Clause diff --git a/utils/nnn/patches/musl-fts.patch b/utils/nnn/patches/musl-fts.patch index 1a8179eb10a3e5..f2e62125c7661c 100644 --- a/utils/nnn/patches/musl-fts.patch +++ b/utils/nnn/patches/musl-fts.patch @@ -1,6 +1,6 @@ --- a/Makefile +++ b/Makefile -@@ -152,7 +152,7 @@ CFLAGS += -std=c11 -Wall -Wextra -Wshado +@@ -165,7 +165,7 @@ CFLAGS += -std=c11 -Wall -Wextra -Wshado CFLAGS += $(CFLAGS_OPTIMIZATION) CFLAGS += $(CFLAGS_CURSES) From 370d4d07b7dac6fba731ce7435422cba70d8ac54 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Mon, 25 Aug 2025 15:31:33 +0800 Subject: [PATCH 074/239] v2raya: Update to 2.2.7 Release note: https://github.com/v2rayA/v2rayA/releases/tag/v2.2.7 Signed-off-by: Tianling Shen (cherry picked from commit 5d2c9239760c8d55001b839504f7564303e631d7) --- net/v2raya/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/v2raya/Makefile b/net/v2raya/Makefile index ff30e1fb292f25..0ce796f79e46da 100644 --- a/net/v2raya/Makefile +++ b/net/v2raya/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=v2rayA -PKG_VERSION:=2.2.6.7 +PKG_VERSION:=2.2.7 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/v2rayA/v2rayA/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=1cfc53a2e45a14db260c1e4bfec2d70cf79167fc2529d05835943ce77dac2c39 +PKG_HASH:=d37cb7e0ef045976ef50e298b11a78cdcdfe07d13c506b3b2f2ee40dd87bfbad PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)/service PKG_LICENSE:=AGPL-3.0-only @@ -59,7 +59,7 @@ define Download/v2raya-web URL:=https://github.com/v2rayA/v2rayA/releases/download/v$(PKG_VERSION)/ URL_FILE:=web.tar.gz FILE:=$(WEB_FILE) - HASH:=d871f119812979a20da3f57a792d7842dad4c4b528c8ec9e4a9aea29b8508147 + HASH:=cbb046f627616ba5e45c04ee9d18ab0f28c3f1340bc272cff1215c76fd025c8b endef define Build/Prepare From 5f82019f1eaaaf807ac6ca55af961af96d668345 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Sun, 7 Sep 2025 20:07:22 +0800 Subject: [PATCH 075/239] v2raya: Update to 2.2.7.1 Release note: https://github.com/v2rayA/v2rayA/releases/tag/v2.2.7.1 Signed-off-by: Tianling Shen (cherry picked from commit 3eb22bc1f8a13e341b05c454ed96ad254d6072b5) --- net/v2raya/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/v2raya/Makefile b/net/v2raya/Makefile index 0ce796f79e46da..d0e7f77b85558d 100644 --- a/net/v2raya/Makefile +++ b/net/v2raya/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=v2rayA -PKG_VERSION:=2.2.7 +PKG_VERSION:=2.2.7.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/v2rayA/v2rayA/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=d37cb7e0ef045976ef50e298b11a78cdcdfe07d13c506b3b2f2ee40dd87bfbad +PKG_HASH:=8996ce3ac42f4998a433ab4f8968c7da656baae40b34c154705ecba4274f012d PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)/service PKG_LICENSE:=AGPL-3.0-only @@ -59,7 +59,7 @@ define Download/v2raya-web URL:=https://github.com/v2rayA/v2rayA/releases/download/v$(PKG_VERSION)/ URL_FILE:=web.tar.gz FILE:=$(WEB_FILE) - HASH:=cbb046f627616ba5e45c04ee9d18ab0f28c3f1340bc272cff1215c76fd025c8b + HASH:=26eaea7b367b36b844c98c0b537fb05482595329ac5fe0ea2293f77bc9d1aac9 endef define Build/Prepare From 8ed1e22308ad80ab9cb9f9d0fba519589fd45dda Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Sat, 6 Sep 2025 16:35:40 +0800 Subject: [PATCH 076/239] arp-whisper: do not lock deps The version specified in Cargo.lock is too old to build. Trim whitespaces while at it. Signed-off-by: Tianling Shen (cherry picked from commit 6f6ad3fe1c96db67a267c65f1e5521919e778899) --- utils/arp-whisper/Makefile | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/utils/arp-whisper/Makefile b/utils/arp-whisper/Makefile index 207ed5f1b50527..17963539d70031 100644 --- a/utils/arp-whisper/Makefile +++ b/utils/arp-whisper/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=arp-whisper PKG_VERSION:=0.1.2 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/FacundoAcevedo/arp-whisper/tar.gz/v$(PKG_VERSION)? @@ -19,6 +19,8 @@ PKG_LICENSE_FILES:=LICENCE PKG_BUILD_DEPENDS:=rust/host PKG_BUILD_PARALLEL:=1 +RUST_PKG_LOCKED:=0 + include $(INCLUDE_DIR)/package.mk include ../../lang/rust/rust-package.mk @@ -26,13 +28,13 @@ define Package/arp-whisper SECTION:=utils CATEGORY:=Utilities TITLE:=ARP responses based on MAC-IP pairs - DEPENDS:=$(RUST_ARCH_DEPENDS) + DEPENDS:=$(RUST_ARCH_DEPENDS) URL:=https://github.com/FacundoAcevedo/arp-whisper endef define Package/arp-whisper/description arp-whisper listens to ARP requests on a network interface and responds - to them based on a list of IP-MAC address mappings defined in a + to them based on a list of IP-MAC address mappings defined in a configuration file. endef From fb6aee4b94da30e59c27ab2ea78fbf8ab813d8a7 Mon Sep 17 00:00:00 2001 From: Nate Robinson Date: Thu, 28 Aug 2025 23:15:02 -0400 Subject: [PATCH 077/239] lf: update to r37 https://github.com/gokcehan/lf/releases/tag/r37 Signed-off-by: Nate Robinson (cherry picked from commit 87054232019314c7858da0f2ff46070afa545d93) --- utils/lf/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/lf/Makefile b/utils/lf/Makefile index 29aaec51aadf87..2b5f752b5a2e16 100644 --- a/utils/lf/Makefile +++ b/utils/lf/Makefile @@ -5,13 +5,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lf -PKG_VERSION:=36 +PKG_VERSION:=37 PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/gokcehan/lf.git PKG_SOURCE_VERSION:=r$(PKG_VERSION) -PKG_MIRROR_HASH:=0c3b63797316b4fab7eb44789cb5fe0da115f172e163b6656051ed5c0e7ccd76 +PKG_MIRROR_HASH:=b38a5857eeccd38bb6cfa69a665f92814aadc4865c6db05529efe969eebf9785 PKG_MAINTAINER:=Nate Robinson PKG_LICENSE:=MIT From dd6e009bde518e312c604f8dc6471e27c4404c97 Mon Sep 17 00:00:00 2001 From: Michael Heimpold Date: Mon, 8 Sep 2025 07:37:26 +0200 Subject: [PATCH 078/239] php8: update to 8.3.25 Upstream changelog: https://www.php.net/ChangeLog-8.php#8.3.25 Signed-off-by: Michael Heimpold --- lang/php8/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/php8/Makefile b/lang/php8/Makefile index 6c2144e5d5f383..a2a4cde3545a4b 100644 --- a/lang/php8/Makefile +++ b/lang/php8/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=php -PKG_VERSION:=8.3.24 +PKG_VERSION:=8.3.25 PKG_RELEASE:=1 PKG_MAINTAINER:=Michael Heimpold @@ -16,7 +16,7 @@ PKG_CPE_ID:=cpe:/a:php:php PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://www.php.net/distributions/ -PKG_HASH:=388ee5fd111097e97bae439bff46aec4ea27f816d3f0c2cb5490a41410d44251 +PKG_HASH:=187b61bb795015adacf53f8c55b44414a63777ec19a776b75fb88614506c0d37 PKG_BUILD_PARALLEL:=1 PKG_BUILD_FLAGS:=no-mips16 From 31532024d02c7af5d342d9984643968b54b84e38 Mon Sep 17 00:00:00 2001 From: Stan Grishin Date: Tue, 16 Sep 2025 00:32:49 +0000 Subject: [PATCH 079/239] adblock-fast: bugfix: dl command * only test gzip existence and reset action/param on boot Signed-off-by: Stan Grishin (cherry picked from commit de3deab1a6c3bb7126df41758585f67c22f17230) --- net/adblock-fast/Makefile | 2 +- net/adblock-fast/files/etc/init.d/adblock-fast | 12 +++++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/net/adblock-fast/Makefile b/net/adblock-fast/Makefile index e8ee16b8f4e4fe..2236aac4b5e4d7 100644 --- a/net/adblock-fast/Makefile +++ b/net/adblock-fast/Makefile @@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=adblock-fast PKG_VERSION:=1.1.4 -PKG_RELEASE:=12 +PKG_RELEASE:=14 PKG_MAINTAINER:=Stan Grishin PKG_LICENSE:=AGPL-3.0-or-later diff --git a/net/adblock-fast/files/etc/init.d/adblock-fast b/net/adblock-fast/files/etc/init.d/adblock-fast index 6a3ddc50299072..179579bf830a0a 100755 --- a/net/adblock-fast/files/etc/init.d/adblock-fast +++ b/net/adblock-fast/files/etc/init.d/adblock-fast @@ -2167,9 +2167,15 @@ adb_start() { local param="$1" validation_result="$3" dns_set_output_values "$dns" - adb_file test_gzip && unset adbf_boot_flag && param='on_start' - - [ -n "$adbf_boot_flag" ] && return 0 + if [ "$action" = 'on_boot' ] || [ -n "$adbf_boot_flag" ]; then + if adb_file test_gzip; then + unset adbf_boot_flag + action='on_start' + param='on_start' + else + return 0 + fi + fi load_environment "$validation_result" "$param" || return 1 status="$(json get status)" From eda931370e66649bc66881689264316785f72690 Mon Sep 17 00:00:00 2001 From: George Sapkin Date: Wed, 30 Jul 2025 16:54:03 +0300 Subject: [PATCH 080/239] syncthing: fix discovery and relay extra args Update configuration option examples. Fixes: #26952 Signed-off-by: George Sapkin (cherry picked from commit 47644ba468fd03f805bf1afa97df589e1f4160b5) --- utils/syncthing/Makefile | 2 +- utils/syncthing/files/stdiscosrv.conf | 11 +++++------ utils/syncthing/files/stdiscosrv.init | 5 ++--- utils/syncthing/files/strelaysrv.conf | 15 ++++++++------- utils/syncthing/files/strelaysrv.init | 9 ++++----- 5 files changed, 20 insertions(+), 22 deletions(-) diff --git a/utils/syncthing/Makefile b/utils/syncthing/Makefile index 6188efe75339ac..a71704cb939e46 100644 --- a/utils/syncthing/Makefile +++ b/utils/syncthing/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=syncthing PKG_VERSION:=1.30.0 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=syncthing-source-v$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/syncthing/syncthing/releases/download/v$(PKG_VERSION) diff --git a/utils/syncthing/files/stdiscosrv.conf b/utils/syncthing/files/stdiscosrv.conf index e51ddef6629ec6..3e0401451388b3 100644 --- a/utils/syncthing/files/stdiscosrv.conf +++ b/utils/syncthing/files/stdiscosrv.conf @@ -4,15 +4,14 @@ config stdiscosrv 'stdiscosrv' option listen ':8443' option db_dir '/etc/stdiscosrv/discovery.db' - # # Find the documents from: https://docs.syncthing.net/users/stdiscosrv.html + # Find the documents from: https://docs.syncthing.net/users/stdiscosrv.html # option cert '/etc/stdiscosrv/cert.pem' # option key '/etc/stdiscosrv/key.pem' + # option db_flush_interval '5m' # option metrics_listen '' - # option replicate '' - # option replication_listen ':19200' - # # CLI options with no value should be defined as booleans and theirs - # # names should be prefixed with '_'. + # CLI options with no value should be defined as booleans and theirs names + # should be prefixed with '_'. + # option _compression '0' # option _debug '0' # option _http '1' - diff --git a/utils/syncthing/files/stdiscosrv.init b/utils/syncthing/files/stdiscosrv.init index 566fb12eb57996..7ad243a202f395 100644 --- a/utils/syncthing/files/stdiscosrv.init +++ b/utils/syncthing/files/stdiscosrv.init @@ -21,7 +21,7 @@ config_cb() { [ "$value" = "0" ] || extra_args="$extra_args -${option//_/-}" ;; *) - extra_args="$extra_args -${option//_/-}=$value" + extra_args="$extra_args --${option//_/-}='$value'" ;; esac } @@ -33,8 +33,7 @@ config_cb() { } } -service_triggers() -{ +service_triggers() { procd_add_reload_trigger "stdiscosrv" } diff --git a/utils/syncthing/files/strelaysrv.conf b/utils/syncthing/files/strelaysrv.conf index 56ac299ff58bc1..b69fb824ff638e 100644 --- a/utils/syncthing/files/strelaysrv.conf +++ b/utils/syncthing/files/strelaysrv.conf @@ -4,13 +4,13 @@ config strelaysrv 'strelaysrv' option keys '/etc/strelaysrv' option listen ':22067' - # # Find the documents from: https://docs.syncthing.net/users/strelaysrv.html + # Find the documents from: https://docs.syncthing.net/users/strelaysrv.html # option ext_address '' # option global_rate '' # option message_timeout '1m0s' - # option nat_lease 60 - # option nat_renewal 30 - # option nat_timeout 10 + # option nat_lease '60' + # option nat_renewal '30' + # option nat_timeout '10' # option network_timeout '2m0s' # option per_session_rate '' # option ping_interval '1m0s' @@ -18,9 +18,10 @@ config strelaysrv 'strelaysrv' # option protocol 'tcp' # option provided_by '' # option status_srv ':22070' + # option token '' - # # CLI options with no value should be defined as booleans and theirs - # # names should be prefixed with '_'. + # CLI options with no value should be defined as booleans and theirs names + # should be prefixed with '_'. # option _debug '0' # option _nat '0' - + # option _pprof '0' diff --git a/utils/syncthing/files/strelaysrv.init b/utils/syncthing/files/strelaysrv.init index ced126b10ab7ce..f7fe4b95308652 100644 --- a/utils/syncthing/files/strelaysrv.init +++ b/utils/syncthing/files/strelaysrv.init @@ -18,10 +18,10 @@ config_cb() { eval $option=$value ;; _*) - [ "$value" = "0" ] || extra_args="$extra_args -${option//_/-}" + [ "$value" = "0" ] || extra_args="$extra_args ${option//_/-}" ;; *) - extra_args="$extra_args -${option//_/-}=$value" + extra_args="$extra_args -${option//_/-}='$value'" ;; esac } @@ -29,12 +29,11 @@ config_cb() { list_cb() { local name="$1" local value="$2" - [ "$name" = "_" ] && extra_args="$extra_args --${value//_/-}" || return 0 + [ "$name" = "_" ] && extra_args="$extra_args -${value//_/-}" || return 0 } } -service_triggers() -{ +service_triggers() { procd_add_reload_trigger "strelaysrv" } From 73a2afc9e43a200dd9c91d3ca0756185e5965309 Mon Sep 17 00:00:00 2001 From: George Sapkin Date: Wed, 6 Aug 2025 22:41:53 +0300 Subject: [PATCH 081/239] syncthing: improve discovery argument parsing Fixes: 47644ba46 ("syncthing: fix discovery and relay extra args") Signed-off-by: George Sapkin (cherry picked from commit 6ccb3b6174d319666bcdd1319b2be4fa7cbd9b30) --- utils/syncthing/files/stdiscosrv.conf | 14 ++++--- utils/syncthing/files/stdiscosrv.init | 56 +++++++++++++-------------- 2 files changed, 34 insertions(+), 36 deletions(-) diff --git a/utils/syncthing/files/stdiscosrv.conf b/utils/syncthing/files/stdiscosrv.conf index 3e0401451388b3..5606c5f2521938 100644 --- a/utils/syncthing/files/stdiscosrv.conf +++ b/utils/syncthing/files/stdiscosrv.conf @@ -7,11 +7,13 @@ config stdiscosrv 'stdiscosrv' # Find the documents from: https://docs.syncthing.net/users/stdiscosrv.html # option cert '/etc/stdiscosrv/cert.pem' # option key '/etc/stdiscosrv/key.pem' - # option db_flush_interval '5m' + # option db_flush_interval '5m' # option metrics_listen '' - # CLI options with no value should be defined as booleans and theirs names - # should be prefixed with '_'. - # option _compression '0' - # option _debug '0' - # option _http '1' + # Running as 'root' is possible, but not recommended + # option user 'syncthing' + + # CLI options with no value should be defined as booleans + # option compression '0' + # option debug '0' + # option http '1' diff --git a/utils/syncthing/files/stdiscosrv.init b/utils/syncthing/files/stdiscosrv.init index 7ad243a202f395..bc1da536a51877 100644 --- a/utils/syncthing/files/stdiscosrv.init +++ b/utils/syncthing/files/stdiscosrv.init @@ -13,43 +13,36 @@ config_cb() { option_cb() { local option="$1" local value="$2" - case $option in - enabled|listen|cert|db_dir|key) - eval $option=$value - ;; - _*) - [ "$value" = "0" ] || extra_args="$extra_args -${option//_/-}" - ;; - *) - extra_args="$extra_args --${option//_/-}='$value'" - ;; - esac - } - - list_cb() { - local name="$1" - local value="$2" - [ "$name" = "_" ] && extra_args="$extra_args --${value//_/-}" || return 0 + # Remove the leading underscore from the option name for backward + # compatibility + option="${option#_}" + eval $option="$value" } } service_triggers() { - procd_add_reload_trigger "stdiscosrv" + procd_add_reload_trigger 'stdiscosrv' } start_service() { - local extra_args - # Options with default value different with the syncthing should be defined explicitly here + local conf_dir='/etc/stdiscosrv' + + # Options with default value different with the syncthing should be defined + # explicitly here local enabled=0 - local listen=":8443" - local conf_dir="/etc/stdiscosrv" + local compression=0 local cert="$conf_dir/cert.pem" - local key="$conf_dir/key.pem" local db_dir="$conf_dir/discovery.db" + local db_flush_interval='' + local debug=0 + local http=0 + local key="$conf_dir/key.pem" + local listen=':8443' + local metrics_listen='' local nice=0 - local user="syncthing" + local user='syncthing' - config_load "stdiscosrv" + config_load 'stdiscosrv' [ "$enabled" -gt 0 ] || return 0 @@ -58,19 +51,22 @@ start_service() { [ -d "$db_dir" ] || mkdir -p "$db_dir" [ -d "$conf_dir" ] && chown -R "$user":"$group" "$conf_dir" - config_get nice stdiscosrv nice "0" - procd_open_instance procd_set_param command "$PROG" - procd_append_param command --listen="$listen" - procd_append_param command --db-dir="$db_dir" procd_append_param command --cert="$cert" + [ "$compression" -eq 0 ] || procd_append_param command --compression + procd_append_param command --db-dir="$db_dir" + [ -z "$db_flush_interval" ] || procd_append_param command --db-flush-interval="$db_flush_interval" + [ "$debug" -eq 0 ] || procd_append_param command --debug + [ "$http" -eq 0 ] || procd_append_param command --http procd_append_param command --key="$key" - [ -z "$extra_args" ] || procd_append_param command "$extra_args" + procd_append_param command --listen="$listen" + [ -z "$metrics_listen" ] || procd_append_param command --metrics-listen="$metrics_listen" procd_set_param nice "$nice" procd_set_param term_timeout 15 procd_set_param user "$user" + procd_set_param group "$group" procd_set_param respawn procd_set_param stdout 1 procd_set_param stderr 1 From c66c74faca78d1032c4f9ca23656d83dccee7fac Mon Sep 17 00:00:00 2001 From: George Sapkin Date: Wed, 6 Aug 2025 23:11:34 +0300 Subject: [PATCH 082/239] syncthing: improve relay argument parsing Fixes: 47644ba46 ("syncthing: fix discovery and relay extra args") Signed-off-by: George Sapkin (cherry picked from commit d75075ce8e329d59f74b4475f6635fc1536911a4) --- utils/syncthing/Makefile | 2 +- utils/syncthing/files/strelaysrv.conf | 12 +++-- utils/syncthing/files/strelaysrv.init | 75 +++++++++++++++++---------- 3 files changed, 56 insertions(+), 33 deletions(-) diff --git a/utils/syncthing/Makefile b/utils/syncthing/Makefile index a71704cb939e46..08703e0fc7bf64 100644 --- a/utils/syncthing/Makefile +++ b/utils/syncthing/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=syncthing PKG_VERSION:=1.30.0 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=syncthing-source-v$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/syncthing/syncthing/releases/download/v$(PKG_VERSION) diff --git a/utils/syncthing/files/strelaysrv.conf b/utils/syncthing/files/strelaysrv.conf index b69fb824ff638e..7c33a30ec4442e 100644 --- a/utils/syncthing/files/strelaysrv.conf +++ b/utils/syncthing/files/strelaysrv.conf @@ -20,8 +20,10 @@ config strelaysrv 'strelaysrv' # option status_srv ':22070' # option token '' - # CLI options with no value should be defined as booleans and theirs names - # should be prefixed with '_'. - # option _debug '0' - # option _nat '0' - # option _pprof '0' + # Running as 'root' is possible, but not recommended + # option user 'syncthing' + + # CLI options with no value should be defined as booleans + # option debug '0' + # option nat '0' + # option pprof '0' diff --git a/utils/syncthing/files/strelaysrv.init b/utils/syncthing/files/strelaysrv.init index f7fe4b95308652..bdd472ba40ec3c 100644 --- a/utils/syncthing/files/strelaysrv.init +++ b/utils/syncthing/files/strelaysrv.init @@ -13,39 +13,44 @@ config_cb() { option_cb() { local option="$1" local value="$2" - case $option in - enabled|keys|pools|status_srv) - eval $option=$value - ;; - _*) - [ "$value" = "0" ] || extra_args="$extra_args ${option//_/-}" - ;; - *) - extra_args="$extra_args -${option//_/-}='$value'" - ;; - esac - } - - list_cb() { - local name="$1" - local value="$2" - [ "$name" = "_" ] && extra_args="$extra_args -${value//_/-}" || return 0 + # Remove the leading underscore from the option name for backward + # compatibility + option="${option#_}" + eval $option="$value" } } service_triggers() { - procd_add_reload_trigger "strelaysrv" + procd_add_reload_trigger 'strelaysrv' } start_service() { - local pools status_srv extra_args - # Options with default value different with the syncthing should be defined explicitly here + # Options with default value different with the syncthing should be defined + # explicitly here local enabled=0 - local keys="/etc/strelaysrv" + local debug=0 + local ext_address='' + local global_rate='' + local keys='/etc/strelaysrv' + local listen=':22067' + local message_timeout='' + local nat=0 + local nat_lease='' + local nat_renewal='' + local nat_timeout='' + local network_timeout='' local nice=0 - local user="syncthing" - - config_load "strelaysrv" + local per_session_rate='' + local ping_interval='' + local pools='' + local pprof=0 + local protocol='' + local provided_by='' + local status_srv='' + local token='' + local user='syncthing' + + config_load 'strelaysrv' [ "$enabled" -gt 0 ] || return 0 @@ -58,16 +63,32 @@ start_service() { procd_open_instance procd_set_param command "$PROG" + [ "$debug" -eq 0 ] || procd_append_param command -debug + [ -z "$ext_address" ] || procd_append_param command -ext-address="$ext_address" + [ -z "$global_rate" ] || procd_append_param command -global-rate="$global_rate" procd_append_param command -keys="$keys" - - # pools and status-srv are set to empty value by default + [ -z "$listen" ] || procd_append_param command -listen="$listen" + [ -z "$message_timeout" ] || procd_append_param command -message-timeout="$message_timeout" + [ "$nat" -eq 0 ] || procd_append_param command -nat + [ -z "$nat_lease" ] || procd_append_param command -nat-lease="$nat_lease" + [ -z "$nat_renewal" ] || procd_append_param command -nat-renewal="$nat_renewal" + [ -z "$nat_timeout" ] || procd_append_param command -nat-timeout="$nat_timeout" + [ -z "$network_timeout" ] || procd_append_param command -network-timeout="$network_timeout" + [ -z "$per_session_rate" ] || procd_append_param command -per-session-rate="$per_session_rate" + [ -z "$ping_interval" ] || procd_append_param command -ping-interval="$ping_interval" + # pools is set to an empty value by default procd_append_param command -pools="$pools" + [ "$pprof" -eq 0 ] || procd_append_param command -pprof + [ -z "$protocol" ] || procd_append_param command -protocol="$protocol" + [ -z "$provided_by" ] || procd_append_param command -provided-by="$provided_by" + # status-srv is set to an empty value by default procd_append_param command -status-srv="$status_srv" - [ -z "$extra_args" ] || procd_append_param command $extra_args + [ -z "$token" ] || procd_append_param command -token="$token" procd_set_param nice "$nice" procd_set_param term_timeout 15 procd_set_param user "$user" + procd_set_param group "$group" procd_set_param respawn procd_set_param stdout 1 procd_set_param stderr 1 From b910bc1231c2ce3ff206935df1c4790e37c765f2 Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Tue, 16 Sep 2025 18:29:45 +0200 Subject: [PATCH 083/239] travelmate: release 2.1.4 - fixed telekom login script (#27072) - fixed the connection tracking/f_net function, to stabilize (vpn) connections (#27235) - removed needless log message Signed-off-by: Dirk Brenken (cherry picked from commit ac175d902e19b6492667573fae7551eb1a67d039) --- net/travelmate/Makefile | 6 +++--- net/travelmate/files/telekom.login | 8 ++++---- net/travelmate/files/travelmate.sh | 5 ++--- net/travelmate/files/travelmate.vpn | 6 ++---- 4 files changed, 11 insertions(+), 14 deletions(-) diff --git a/net/travelmate/Makefile b/net/travelmate/Makefile index dfaf419ef34eda..f7925caa63e547 100644 --- a/net/travelmate/Makefile +++ b/net/travelmate/Makefile @@ -1,13 +1,13 @@ # -# Copyright (c) 2016-2024 Dirk Brenken (dev@brenken.org) +# Copyright (c) 2016-2025 Dirk Brenken (dev@brenken.org) # This is free software, licensed under the GNU General Public License v3. # include $(TOPDIR)/rules.mk PKG_NAME:=travelmate -PKG_VERSION:=2.1.3 -PKG_RELEASE:=3 +PKG_VERSION:=2.1.4 +PKG_RELEASE:=1 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/travelmate/files/telekom.login b/net/travelmate/files/telekom.login index 2cef0e82e7ff63..8c37b3b3676318 100755 --- a/net/travelmate/files/telekom.login +++ b/net/travelmate/files/telekom.login @@ -1,10 +1,10 @@ #!/bin/sh # captive portal auto-login script for telekom hotspots (DE) -# Copyright (c) 2021-2022 Dirk Brenken (dev@brenken.org) +# Copyright (c) 2021-2025 Dirk Brenken (dev@brenken.org) # This is free software, licensed under the GNU General Public License v3. # set (s)hellcheck exceptions -# shellcheck disable=1091,3040,3043,3057 +# shellcheck disable=all . "/lib/functions.sh" @@ -36,7 +36,7 @@ export PATH="/usr/sbin:/usr/bin:/sbin:/bin" username="$(urlencode "${1}")" password="$(urlencode "${2}")" -trm_domain="telekom.portal.fon.com" +trm_domain="hotspot.t-mobile.net" trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0")" trm_captiveurl="$(uci_get travelmate global trm_captiveurl "http://detectportal.firefox.com")" trm_maxwait="$(uci_get travelmate global trm_maxwait "30")" @@ -50,6 +50,6 @@ redirect_url="$(printf "%s" "${raw_html}" | awk 'match(tolower($0),/.* # final login request # -raw_html="$("${trm_fetch}" --user-agent "${trm_useragent}" --referer "https://${trm_domain}" --connect-timeout $((trm_maxwait / 6)) --header "content-type: application/x-www-form-urlencoded" --location --silent --show-error --data "UserName=${username}&Password=${password}&FNAME=0&button=Login&OriginatingServer=http%3A%2F%2F${trm_captiveurl}" "${redirect_url}")" +raw_html="$("${trm_fetch}" --user-agent "${trm_useragent}" --referer "https://${trm_domain}/wlan/rest/freeLogin" --connect-timeout $((trm_maxwait / 6)) --header "content-type: application/x-www-form-urlencoded" --location --silent --show-error --data "UserName=${username}&Password=${password}&FNAME=0&button=Login&OriginatingServer=http%3A%2F%2F${trm_captiveurl}" "${redirect_url}")" login_url="$(printf "%s" "${raw_html}" | awk 'match(tolower($0),/.*<\/logoffurl>/){printf "%s",substr($0,RSTART+11,RLENGTH-23)}' 2>/dev/null)" [ -n "${login_url}" ] && exit 0 || exit 255 diff --git a/net/travelmate/files/travelmate.sh b/net/travelmate/files/travelmate.sh index 442918d6b8d7e6..db9c35e62dd963 100755 --- a/net/travelmate/files/travelmate.sh +++ b/net/travelmate/files/travelmate.sh @@ -1,6 +1,6 @@ #!/bin/sh # travelmate, a wlan connection manager for travel router -# Copyright (c) 2016-2024 Dirk Brenken (dev@brenken.org) +# Copyright (c) 2016-2025 Dirk Brenken (dev@brenken.org) # This is free software, licensed under the GNU General Public License v3. # set (s)hellcheck exceptions @@ -624,7 +624,7 @@ f_addsta() { f_net() { local err_msg raw json_raw html_raw html_cp js_cp json_ec json_rc json_cp json_ed result="net nok" - raw="$("${trm_fetchcmd}" --user-agent "${trm_useragent}" --referer "http://www.example.com" --header "Cache-Control: no-cache, no-store, must-revalidate, max-age=0" --write-out "%{json}" --silent --max-time $((trm_maxwait / 6)) "${trm_captiveurl}")" + raw="$("${trm_fetchcmd}" --user-agent "${trm_useragent}" --referer "http://www.example.com" --header "Cache-Control: no-cache, no-store, must-revalidate, max-age=0" --write-out "%{json}" --silent --retry 5 --max-time $((trm_maxwait / 6)) "${trm_captiveurl}")" json_raw="${raw#*\{}" html_raw="${raw%%\{*}" if [ -n "${json_raw}" ]; then @@ -916,7 +916,6 @@ f_main() { for radio in ${trm_radiolist}; do if ! printf "%s" "${trm_stalist}" | "${trm_grepcmd}" -q "\\-${radio}"; then if [ "${trm_autoadd}" = "0" ]; then - f_log "info" "no enabled station on radio '${radio}'" continue fi fi diff --git a/net/travelmate/files/travelmate.vpn b/net/travelmate/files/travelmate.vpn index 77c94634cde83e..053e159217c35a 100755 --- a/net/travelmate/files/travelmate.vpn +++ b/net/travelmate/files/travelmate.vpn @@ -1,13 +1,11 @@ #!/bin/sh # vpn handler called by travelmate -# Copyright (c) 2020-2023 Dirk Brenken (dev@brenken.org) +# Copyright (c) 2020-2025 Dirk Brenken (dev@brenken.org) # This is free software, licensed under the GNU General Public License v3. # set (s)hellcheck exceptions # shellcheck disable=all -# Please note: you have to setup the package 'wireguard' or 'openvpn' before using this script - . "/lib/functions.sh" export LC_ALL=C @@ -30,7 +28,7 @@ trm_vpnfile="/var/state/travelmate.vpn" f_net() { local json_rc - json_rc="$(${trm_fetch} --user-agent "${trm_useragent}" --referer "http://www.example.com" --header "Cache-Control: no-cache, no-store, must-revalidate, max-age=0" --write-out "%{response_code}" --silent --output /dev/null --max-time $((trm_maxwait / 6)) "${trm_captiveurl}")" + json_rc="$(${trm_fetch} --user-agent "${trm_useragent}" --referer "http://www.example.com" --header "Cache-Control: no-cache, no-store, must-revalidate, max-age=0" --write-out "%{response_code}" --silent --retry 5 --output /dev/null --max-time $((trm_maxwait / 6)) "${trm_captiveurl}")" if [ "${json_rc}" = "200" ] || [ "${json_rc}" = "204" ]; then json_rc="net ok" fi From 98d7b31c8eab53b4e78530a2857add05e1e0b610 Mon Sep 17 00:00:00 2001 From: Aleksey Vasilenko Date: Sat, 23 Aug 2025 01:11:33 +0300 Subject: [PATCH 084/239] rust: update to 1.89.0 - switch source archive to tar.xz to save space and bandwidth - refresh a patch Signed-off-by: Aleksey Vasilenko (cherry picked from commit 10862df850ae012b34ec9c57a9005b1f7e1e2aca) --- lang/rust/Makefile | 6 +++--- lang/rust/patches/0001-Update-xz2-and-use-it-static.patch | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lang/rust/Makefile b/lang/rust/Makefile index 290a2fb78b2507..cea288f214b3f0 100644 --- a/lang/rust/Makefile +++ b/lang/rust/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=rust -PKG_VERSION:=1.87.0 +PKG_VERSION:=1.89.0 PKG_RELEASE:=1 -PKG_SOURCE:=rustc-$(PKG_VERSION)-src.tar.gz +PKG_SOURCE:=rustc-$(PKG_VERSION)-src.tar.xz PKG_SOURCE_URL:=https://static.rust-lang.org/dist/ -PKG_HASH:=149bb9fd29be592da4e87900fc68f0629a37bf6850b46339dd44434c04fd8e76 +PKG_HASH:=0b9d55610d8270e06c44f459d1e2b7918a5e673809c592abed9b9c600e33d95a HOST_BUILD_DIR:=$(BUILD_DIR)/host/rustc-$(PKG_VERSION)-src PKG_MAINTAINER:=Luca Barbato diff --git a/lang/rust/patches/0001-Update-xz2-and-use-it-static.patch b/lang/rust/patches/0001-Update-xz2-and-use-it-static.patch index c9bc0fdddc1b9d..295f7bc5219d1f 100644 --- a/lang/rust/patches/0001-Update-xz2-and-use-it-static.patch +++ b/lang/rust/patches/0001-Update-xz2-and-use-it-static.patch @@ -9,7 +9,7 @@ Subject: [PATCH] Update xz2 and use it static --- a/src/bootstrap/Cargo.toml +++ b/src/bootstrap/Cargo.toml -@@ -60,7 +60,7 @@ tar = "0.4" +@@ -55,7 +55,7 @@ tar = "0.4" termcolor = "1.4" toml = "0.5" walkdir = "2.4" @@ -17,4 +17,4 @@ Subject: [PATCH] Update xz2 and use it static +xz2 = { version = "0.1", features = ["static"] } # Dependencies needed by the build-metrics feature - sysinfo = { version = "0.30", default-features = false, optional = true } + sysinfo = { version = "0.35.0", default-features = false, optional = true, features = ["system"] } From f24b2a69349d24e1c9fd4b3894951f82e42811d7 Mon Sep 17 00:00:00 2001 From: Ray Wang Date: Thu, 18 Sep 2025 08:41:00 +0800 Subject: [PATCH 085/239] hev-socks5-server: update to 2.10.0 Upstream changelog: https://github.com/heiher/hev-socks5-server/releases/tag/2.10.0 Signed-off-by: Ray Wang (cherry picked from commit 2391212aa4802c734c89d343ce2f0ab09dbb4508) --- net/hev-socks5-server/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/hev-socks5-server/Makefile b/net/hev-socks5-server/Makefile index 511d53b55f14e4..94ee35d7d5cc5a 100644 --- a/net/hev-socks5-server/Makefile +++ b/net/hev-socks5-server/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=hev-socks5-server -PKG_VERSION:=2.9.0 +PKG_VERSION:=2.10.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://github.com/heiher/hev-socks5-server/releases/download/$(PKG_VERSION) -PKG_HASH:=21cd97afd3ec6d52e580fa92c1cc8c4cf8f58669da8182c3a072ba434d717dce +PKG_HASH:=94d1335b6d02e641d1794281f94f5e9e256b71d96bff5e92cf1d76d466a6a545 PKG_MAINTAINER:=Ray Wang PKG_LICENSE:=MIT From d490217d823d59905503c570ecce2e4761ec4d0d Mon Sep 17 00:00:00 2001 From: Wei-Ting Yang Date: Fri, 15 Aug 2025 11:11:42 +0800 Subject: [PATCH 086/239] python-certifi: assign PKG_CPE_ID https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:certifi:certifi Signed-off-by: Wei-Ting Yang (cherry picked from commit dc6724fca5b5741e842cc71656c7af21fe2f2cba) --- lang/python/python-certifi/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/lang/python/python-certifi/Makefile b/lang/python/python-certifi/Makefile index 4d5b02d039ebc5..589e70881e68d4 100644 --- a/lang/python/python-certifi/Makefile +++ b/lang/python/python-certifi/Makefile @@ -12,6 +12,7 @@ PKG_RELEASE:=2 PKG_MAINTAINER:=Eneas U de Queiroz PKG_LICENSE:=MPL-2.0 PKG_LICENSE_FILES:=LICENSE +PKG_CPE_ID:=cpe:/a:certifi:certifi PYPI_NAME:=certifi PKG_HASH:=0569859f95fc761b18b45ef421b1290a0f65f147e92a1e5eb3e635f9a5e4e66f From 44cff71992c291ae11b7b37606c70db62dc0674e Mon Sep 17 00:00:00 2001 From: Wei-Ting Yang Date: Fri, 15 Aug 2025 10:58:25 +0800 Subject: [PATCH 087/239] python-certifi: update to 2025.8.3 Fix CVE-2024-39689. Signed-off-by: Wei-Ting Yang (cherry picked from commit 6d9d0d2bf8c3d62069fc2431dcd803cafd294ffe) --- lang/python/python-certifi/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lang/python/python-certifi/Makefile b/lang/python/python-certifi/Makefile index 589e70881e68d4..87bff4c25aed95 100644 --- a/lang/python/python-certifi/Makefile +++ b/lang/python/python-certifi/Makefile @@ -6,8 +6,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-certifi -PKG_VERSION:=2024.2.2 -PKG_RELEASE:=2 +PKG_VERSION:=2025.8.3 +PKG_RELEASE:=1 PKG_MAINTAINER:=Eneas U de Queiroz PKG_LICENSE:=MPL-2.0 @@ -15,7 +15,7 @@ PKG_LICENSE_FILES:=LICENSE PKG_CPE_ID:=cpe:/a:certifi:certifi PYPI_NAME:=certifi -PKG_HASH:=0569859f95fc761b18b45ef421b1290a0f65f147e92a1e5eb3e635f9a5e4e66f +PKG_HASH:=e564105f78ded564e3ae7c923924435e1daa7463faeab5bb932bc53ffae63407 HOST_BUILD_DEPENDS:=python3/host python-build/host python-installer/host python-wheel/host From 0e7a7d037c6acf66a265bddbb8adba3b97bc0e35 Mon Sep 17 00:00:00 2001 From: Niklas Thorild Date: Sun, 21 Sep 2025 16:02:24 +0200 Subject: [PATCH 088/239] dnscrypt-proxy2: update to version 2.1.14 - update dnscrypt-proxy2 to version 2.1.14 - add GO_PKG_INSTALL_EXTRA:= dnscrypt-proxy/static/ to fix build error Contributed-by: @ScoutJamboree Signed-off-by: Niklas Thorild --- net/dnscrypt-proxy2/Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/dnscrypt-proxy2/Makefile b/net/dnscrypt-proxy2/Makefile index 2c0286ed0c2527..5c7ed64d1ae5b9 100644 --- a/net/dnscrypt-proxy2/Makefile +++ b/net/dnscrypt-proxy2/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnscrypt-proxy2 -PKG_VERSION:=2.1.5 +PKG_VERSION:=2.1.14 PKG_RELEASE:=1 PKG_SOURCE:=dnscrypt-proxy-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/DNSCrypt/dnscrypt-proxy/tar.gz/$(PKG_VERSION)? -PKG_HASH:=044c4db9a3c7bdcf886ff8f83c4b137d2fd37a65477a92bfe86bf69587ea7355 +PKG_HASH:=495c4f494d40068e5e3ddcb8748d91b90e99f2516060e3b59520b9f3d6148a9e PKG_BUILD_DIR:=$(BUILD_DIR)/dnscrypt-proxy-$(PKG_VERSION) PKG_MAINTAINER:=Josef Schlehofer @@ -31,6 +31,7 @@ include ../../lang/golang/golang-package.mk GO_MOD_ARGS:= GO_PKG_BUILD_VARS+= GO111MODULE=off +GO_PKG_INSTALL_EXTRA:= dnscrypt-proxy/static/ define Package/dnscrypt-proxy2 SECTION:=net From 942c243661505b3a7bc13d3bfcf1a0fbe4fd3afa Mon Sep 17 00:00:00 2001 From: George Sapkin Date: Wed, 17 Sep 2025 14:49:13 +0300 Subject: [PATCH 089/239] yt-dlp: bump to 2025.09.05 Changelog: https://github.com/yt-dlp/yt-dlp/releases/tag/2025.08.27 Changelog: https://github.com/yt-dlp/yt-dlp/releases/tag/2025.09.05 Signed-off-by: George Sapkin --- multimedia/yt-dlp/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/multimedia/yt-dlp/Makefile b/multimedia/yt-dlp/Makefile index 553f9b092fd21d..64b276e63b00a5 100644 --- a/multimedia/yt-dlp/Makefile +++ b/multimedia/yt-dlp/Makefile @@ -1,11 +1,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=yt-dlp -PKG_VERSION:=2025.8.22 +PKG_VERSION:=2025.9.5 PKG_RELEASE:=1 PYPI_NAME:=yt-dlp -PKG_HASH:=d1846bbb7edbcd2a0d4a2d76c7a2124868de9ea3b3959a8cb8219e3f7cb5c335 +PKG_HASH:=9ce080f80b2258e872fe8a75f4707ea2c644e697477186e20b9a04d9a9ea37cf PYPI_SOURCE_NAME:=yt_dlp PKG_MAINTAINER:=George Sapkin From 793ae0e879885be1208049b645428c2f07b35739 Mon Sep 17 00:00:00 2001 From: Aleksey Vasilenko Date: Sat, 23 Aug 2025 01:29:58 +0300 Subject: [PATCH 090/239] bottom: update to 0.11.1 update to 0.11.1 Signed-off-by: Aleksey Vasilenko (cherry picked from commit 072b5c6f48a43b695537c42a6817bb0fa5d0e788) --- admin/bottom/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/admin/bottom/Makefile b/admin/bottom/Makefile index 6bd7d92e50cdb7..eed1fbb09125a8 100644 --- a/admin/bottom/Makefile +++ b/admin/bottom/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=bottom -PKG_VERSION:=0.9.7 +PKG_VERSION:=0.11.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/ClementTsang/bottom/tar.gz/$(PKG_VERSION)? -PKG_HASH:=29c3f75323ae0245576ea23268bb0956757352bf3b16d05f511357655b9cc71e +PKG_HASH:=0095ea9edb386ad7c49d845176314097713661d22ec42314e3be46426bc769ee PKG_MAINTAINER:=Luca Barbato PKG_LICENSE:=MIT From db82803f6eba43cb51d1d7ee6bae4304dcac1926 Mon Sep 17 00:00:00 2001 From: John Audia Date: Wed, 6 Aug 2025 04:44:53 -0400 Subject: [PATCH 091/239] gperftools: bump to version 2.17 Changelog: https://github.com/gperftools/gperftools/releases/tag/gperftools-2.17 Add patch to fix build of some ARM toolchains Build system: x86/64 Build-tested: x86/64-glibc Run-tested: x86/64-glibc Signed-off-by: John Audia (cherry picked from commit 0a0f2e884c120dfe146697280127cefcd23cd680) --- libs/gperftools/Makefile | 4 +-- ...c-inl.h-fix-build-for-some-ARM-toolc.patch | 35 +++++++++++++++++++ 2 files changed, 37 insertions(+), 2 deletions(-) create mode 100644 libs/gperftools/patches/100-stacktrace_libgcc-inl.h-fix-build-for-some-ARM-toolc.patch diff --git a/libs/gperftools/Makefile b/libs/gperftools/Makefile index 92e7e613256c71..c3bc2eac738ff8 100644 --- a/libs/gperftools/Makefile +++ b/libs/gperftools/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=gperftools -PKG_VERSION:=2.16 +PKG_VERSION:=2.17 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/gperftools/gperftools/tar.gz/$(PKG_NAME)-$(PKG_VERSION)? -PKG_HASH:=737be182b4e42f5c7f595da2a7aa59ce0489a73d336d0d16847f2aa52d5221b4 +PKG_HASH:=1ccb7ef8ebd1033906e6247a89992b26986401cc1777c07cc63773463a996072 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_NAME)-$(PKG_VERSION) PKG_MAINTAINER:=John Audia diff --git a/libs/gperftools/patches/100-stacktrace_libgcc-inl.h-fix-build-for-some-ARM-toolc.patch b/libs/gperftools/patches/100-stacktrace_libgcc-inl.h-fix-build-for-some-ARM-toolc.patch new file mode 100644 index 00000000000000..7ae9499c85444c --- /dev/null +++ b/libs/gperftools/patches/100-stacktrace_libgcc-inl.h-fix-build-for-some-ARM-toolc.patch @@ -0,0 +1,35 @@ +From 2d277134c4b5c56d1c2912330aa44160af52aadf Mon Sep 17 00:00:00 2001 +From: graysky +Date: Thu, 7 Aug 2025 02:35:01 -0400 +Subject: [PATCH] stacktrace_libgcc-inl.h: fix build for some ARM toolchains + +On OpenWrt when bulding for arm_cortex-a15_neon-vpfv4 or +arm_cortex-a9_vfpv3-d16, the build errors out due to an undefined symbol +_URC_NORMAL_STOP. This usually happens when the required header +(typically ) is not included, or the toolchain's unwind +implementation does not provide this definition. + +Error: +src/stacktrace_libgcc-inl.h: In function '_Unwind_Reason_Code libgcc_backtrace_helper(_Unwind_Context*, void*)': +src/stacktrace_libgcc-inl.h:69:12: error: '_URC_NORMAL_STOP' was not declared in this scope + 69 | return _URC_NORMAL_STOP; + | + +A work-around is to use URC_END_OF_STACK. + +Signed-off-by: graysky +--- + src/stacktrace_libgcc-inl.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/src/stacktrace_libgcc-inl.h ++++ b/src/stacktrace_libgcc-inl.h +@@ -66,7 +66,7 @@ static _Unwind_Reason_Code libgcc_backtr + } + + if (data->pos >= data->limit) { +- return _URC_NORMAL_STOP; ++ return _URC_END_OF_STACK; + } + + void *ip = reinterpret_cast(_Unwind_GetIP(ctx));; From 700b15230677404d6d5051f027bfb069d71bbe14 Mon Sep 17 00:00:00 2001 From: John Audia Date: Tue, 2 Sep 2025 06:58:47 -0400 Subject: [PATCH 092/239] gperftools: update to 2.17.2 Bump to latest release and removed upstreamed patch. Resulting libs give a fully functional snort3 which was built against this new version. Build system: x86/64 Build-tested: x86/64-glibc Run-tested: x86/64-glibc (Intel N150 based box) Signed-off-by: John Audia (cherry picked from commit 465eddb46db3e735c74c5cbedc12e74d87c0f663) --- libs/gperftools/Makefile | 4 +-- ...c-inl.h-fix-build-for-some-ARM-toolc.patch | 35 ------------------- 2 files changed, 2 insertions(+), 37 deletions(-) delete mode 100644 libs/gperftools/patches/100-stacktrace_libgcc-inl.h-fix-build-for-some-ARM-toolc.patch diff --git a/libs/gperftools/Makefile b/libs/gperftools/Makefile index c3bc2eac738ff8..1274aa5bdc12f1 100644 --- a/libs/gperftools/Makefile +++ b/libs/gperftools/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=gperftools -PKG_VERSION:=2.17 +PKG_VERSION:=2.17.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/gperftools/gperftools/tar.gz/$(PKG_NAME)-$(PKG_VERSION)? -PKG_HASH:=1ccb7ef8ebd1033906e6247a89992b26986401cc1777c07cc63773463a996072 +PKG_HASH:=885dbbf1f25a922de0cdc78b0703c3ab93c43850e1d2f7c889e41be7c824c53d PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_NAME)-$(PKG_VERSION) PKG_MAINTAINER:=John Audia diff --git a/libs/gperftools/patches/100-stacktrace_libgcc-inl.h-fix-build-for-some-ARM-toolc.patch b/libs/gperftools/patches/100-stacktrace_libgcc-inl.h-fix-build-for-some-ARM-toolc.patch deleted file mode 100644 index 7ae9499c85444c..00000000000000 --- a/libs/gperftools/patches/100-stacktrace_libgcc-inl.h-fix-build-for-some-ARM-toolc.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 2d277134c4b5c56d1c2912330aa44160af52aadf Mon Sep 17 00:00:00 2001 -From: graysky -Date: Thu, 7 Aug 2025 02:35:01 -0400 -Subject: [PATCH] stacktrace_libgcc-inl.h: fix build for some ARM toolchains - -On OpenWrt when bulding for arm_cortex-a15_neon-vpfv4 or -arm_cortex-a9_vfpv3-d16, the build errors out due to an undefined symbol -_URC_NORMAL_STOP. This usually happens when the required header -(typically ) is not included, or the toolchain's unwind -implementation does not provide this definition. - -Error: -src/stacktrace_libgcc-inl.h: In function '_Unwind_Reason_Code libgcc_backtrace_helper(_Unwind_Context*, void*)': -src/stacktrace_libgcc-inl.h:69:12: error: '_URC_NORMAL_STOP' was not declared in this scope - 69 | return _URC_NORMAL_STOP; - | - -A work-around is to use URC_END_OF_STACK. - -Signed-off-by: graysky ---- - src/stacktrace_libgcc-inl.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/src/stacktrace_libgcc-inl.h -+++ b/src/stacktrace_libgcc-inl.h -@@ -66,7 +66,7 @@ static _Unwind_Reason_Code libgcc_backtr - } - - if (data->pos >= data->limit) { -- return _URC_NORMAL_STOP; -+ return _URC_END_OF_STACK; - } - - void *ip = reinterpret_cast(_Unwind_GetIP(ctx));; From bbcfa5f6442a1fe806b2b5eb21607fafde055119 Mon Sep 17 00:00:00 2001 From: Ariel Xiong Date: Sun, 25 May 2025 22:18:26 +0800 Subject: [PATCH 093/239] bash: bump to 5.2.37 fix autoconf test for broken strtold fix for parsing compound assignment while expanding alias fix compilation on systems that provide select or pselect but not both fix for reading partial invalid multibyte characters fix issue where comparing quoted and unquoted words to be completed results in readline not displaying possible matches Signed-off-by: Ariel Xiong (cherry picked from commit ca2b5ea51f8cf7354df28a566eec77dc548da670) --- utils/bash/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/bash/Makefile b/utils/bash/Makefile index b55e02c8ce6610..9d992dc2b6a84d 100644 --- a/utils/bash/Makefile +++ b/utils/bash/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=bash -PKG_VERSION:=5.2.32 +PKG_VERSION:=5.2.37 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=@GNU/bash -PKG_HASH:=d3ef80d2b67d8cbbe4d3265c63a72c46f9b278ead6e0e06d61801b58f23f50b5 +PKG_HASH:=9599b22ecd1d5787ad7d3b7bf0c59f312b3396d1e281175dd1f8a4014da621ff PKG_MAINTAINER:=Marcel Denia PKG_LICENSE:=GPL-3.0-or-later From 3a911f6ce5bcd909032af288d5acd50568c66d2f Mon Sep 17 00:00:00 2001 From: Ariel Xiong Date: Sun, 25 May 2025 22:19:54 +0800 Subject: [PATCH 094/239] bash: add CFLAGS_FOR_BUILD="-std=gnu17" flag Fix #26469 add CFLAGS_FOR_BUILD="-std=gnu17" flag Signed-off-by: Ariel Xiong (cherry picked from commit dab90ec210a772251266607c750d07117a000846) --- utils/bash/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/utils/bash/Makefile b/utils/bash/Makefile index 9d992dc2b6a84d..61aca94a446004 100644 --- a/utils/bash/Makefile +++ b/utils/bash/Makefile @@ -68,6 +68,7 @@ CONFIGURE_VARS += \ bash_cv_job_control_missing=present \ bash_cv_dev_fd=whacky \ bash_cv_sys_named_pipes=present \ + CFLAGS_FOR_BUILD="-std=gnu17" \ # The following are some other tests that cannot run when cross-compiling CONFIGURE_VARS += \ From ac5b94a25865da0e6594123f48a621f231abfe8a Mon Sep 17 00:00:00 2001 From: hingbong lo Date: Thu, 19 Jun 2025 02:32:03 +0000 Subject: [PATCH 095/239] bash: fix build failed with GCC 15 #26784 by applying this patch, build successfully Signed-off-by: hingbong lo (cherry picked from commit 9672ccaf5bcbd5460aeb6ef0f344fbc5e5f3e86c) --- utils/bash/Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/utils/bash/Makefile b/utils/bash/Makefile index 61aca94a446004..6afe72cc26b704 100644 --- a/utils/bash/Makefile +++ b/utils/bash/Makefile @@ -84,6 +84,8 @@ CONFIGURE_ARGS+= \ --enable-job-control \ --enable-readline +TARGET_CFLAGS += -std=gnu17 + define Package/bash/postinst #!/bin/sh grep -q bash "$${IPKG_INSTROOT}/etc/shells" || { @@ -100,3 +102,4 @@ define Package/bash/install endef $(eval $(call BuildPackage,bash)) + From b0c81b768d74cc3b5990eca1cead7e6a1b827065 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Thu, 5 Jun 2025 21:37:53 +0800 Subject: [PATCH 096/239] golang: Fix host build compatibility with GCC 15 Fixes https://github.com/openwrt/packages/issues/26446. Signed-off-by: Jeffery To (cherry picked from commit f7d2ebfe3784ab793c1db0d7bb6bbf98b7dbc064) --- lang/golang/golang/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lang/golang/golang/Makefile b/lang/golang/golang/Makefile index d71cc7c82c8593..fc12f03e51489b 100644 --- a/lang/golang/golang/Makefile +++ b/lang/golang/golang/Makefile @@ -12,7 +12,7 @@ GO_VERSION_PATCH:=12 PKG_NAME:=golang PKG_VERSION:=$(GO_VERSION_MAJOR_MINOR)$(if $(GO_VERSION_PATCH),.$(GO_VERSION_PATCH)) -PKG_RELEASE:=1 +PKG_RELEASE:=2 GO_SOURCE_URLS:=https://dl.google.com/go/ \ https://mirrors.ustc.edu.cn/golang/ \ @@ -267,6 +267,7 @@ endef define Host/Compile $(call GoCompiler/Bootstrap/Make, \ $(HOST_GO_VARS) \ + CC="$(HOSTCC_NOCACHE) -std=gnu17" \ ) $(call GoCompiler/Bootstrap-1.17/Make, \ From 0bad40323638d49725bfe1a35d392adb65c60107 Mon Sep 17 00:00:00 2001 From: Ted Hess Date: Sat, 2 Nov 2024 11:31:05 -0400 Subject: [PATCH 097/239] Unbound: fix file lock race in odhcpd.sh Signed-off-by: Ted Hess (cherry picked from commit 4d8c6d18690fe264890dfef013853dba49036c12) --- net/unbound/Makefile | 2 +- net/unbound/files/odhcpd.sh | 18 +++--------------- 2 files changed, 4 insertions(+), 16 deletions(-) diff --git a/net/unbound/Makefile b/net/unbound/Makefile index 810858dee6c82f..e3d128a522c0b0 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound PKG_VERSION:=1.21.0 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://nlnetlabs.nl/downloads/unbound diff --git a/net/unbound/files/odhcpd.sh b/net/unbound/files/odhcpd.sh index b8af615a51fba3..9a428563b6bfa4 100644 --- a/net/unbound/files/odhcpd.sh +++ b/net/unbound/files/odhcpd.sh @@ -78,7 +78,6 @@ odhcpd_zonedata() { fi fi - case $longconf in freshstart) awk -v conffile=$UB_DHCP_CONF -v pipefile=$dns_ls_new \ @@ -129,22 +128,11 @@ odhcpd_zonedata() { ############################################################################## -UB_ODHPCD_LOCK=/tmp/unbound_odhcpd.lock +UB_ODHCPD_LOCK=/var/lock/unbound_odhcpd.lock -if [ ! -f $UB_ODHPCD_LOCK ] ; then - # imperfect but it should avoid collisions - touch $UB_ODHPCD_LOCK +exec 1000>$UB_ODHCPD_LOCK +if flock -x -n 1000 ; then odhcpd_zonedata - rm -f $UB_ODHPCD_LOCK - -else - UB_ODHCPD_LOCK_AGE=$(( $( date +%s ) - $( date -r $UB_ODHPCD_LOCK +%s ) )) - - if [ $UB_ODHCPD_LOCK_AGE -gt 100 ] ; then - # unlock because something likely broke but do not write this time through - rm -f $UB_ODHPCD_LOCK - fi fi ############################################################################## - From 3bdb385732f2af9f681fb357b09d3b2cc8975c8d Mon Sep 17 00:00:00 2001 From: Jan Klos Date: Sun, 10 Nov 2024 21:24:52 +0200 Subject: [PATCH 098/239] unbound: update to 1.22.0 Signed-off-by: Jan Klos [Solve PKG_RELEASE conflict] (cherry picked from commit 6b989e0ad520e0a71bc18d9e84a0b7b4e4e54c07) --- net/unbound/Makefile | 6 +++--- net/unbound/patches/010-configure-uname.patch | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/net/unbound/Makefile b/net/unbound/Makefile index e3d128a522c0b0..f88c44f3ad16a0 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound -PKG_VERSION:=1.21.0 -PKG_RELEASE:=2 +PKG_VERSION:=1.22.0 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://nlnetlabs.nl/downloads/unbound -PKG_HASH:=e7dca7d6b0f81bdfa6fa64ebf1053b5a999a5ae9278a87ef182425067ea14521 +PKG_HASH:=c5dd1bdef5d5685b2cedb749158dd152c52d44f65529a34ac15cd88d4b1b3d43 PKG_MAINTAINER:=Eric Luehrsen PKG_LICENSE:=BSD-3-Clause diff --git a/net/unbound/patches/010-configure-uname.patch b/net/unbound/patches/010-configure-uname.patch index 609475cddbccd6..65b9449c066170 100644 --- a/net/unbound/patches/010-configure-uname.patch +++ b/net/unbound/patches/010-configure-uname.patch @@ -3,7 +3,7 @@ Fix cross compile errors by inserting an environment variable for the target. Use "uname" on host only if "UNAME" variable is empty. --- a/configure.ac +++ b/configure.ac -@@ -895,7 +895,7 @@ if test x_$ub_test_python != x_no; then +@@ -897,7 +897,7 @@ if test x_$ub_test_python != x_no; then fi fi From 86bbce8ecd464a19a1327b78501912908807f4d6 Mon Sep 17 00:00:00 2001 From: hingbong lo Date: Thu, 13 Feb 2025 01:30:46 +0000 Subject: [PATCH 099/239] Unbound: Fixed: local-data except IPv6 GA addresses with odhcpd issue #25954 Signed-off-by: hingbong lo (cherry picked from commit da4d3e9ab1732fd5f7b68695447ad8cc92cfb4af) --- net/unbound/Makefile | 2 +- net/unbound/files/README.md | 1 + net/unbound/files/odhcpd.awk | 84 +++++++++++++++++++++++++++-------- net/unbound/files/odhcpd.sh | 14 +++--- net/unbound/files/unbound.uci | 1 + 5 files changed, 78 insertions(+), 24 deletions(-) diff --git a/net/unbound/Makefile b/net/unbound/Makefile index f88c44f3ad16a0..0b14eddaa9bc11 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound PKG_VERSION:=1.22.0 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://nlnetlabs.nl/downloads/unbound diff --git a/net/unbound/files/README.md b/net/unbound/files/README.md index 825a0710940544..d35935c558d8d4 100644 --- a/net/unbound/files/README.md +++ b/net/unbound/files/README.md @@ -208,6 +208,7 @@ One instance is supported currently. | dns64_prefix | 64:ff9b::/96 | subnet | DNS64 RFC6052 IPv4 in IPv6 well known prefix. | dns64-prefix: | | dhcp_link | none | program | Link to a DHCP server with supported scripts. See HOW TO above. | local-zone: local-data: forward-zone: | | dhcp4_slaac6 | 0 | boolean | Infer SLAAC IE64 IPv6 addresses from DHCPv4 MAC in DHCP link scripts. | - | +| exclude_ipv6_ga | 0 | boolean | If exclude IPv6 global addresses from local data. | local-data: | | domain | lan | domain | This will suffix DHCP host records and be the default search domain. | local-zone: | | domain_insecure | (empty) | domain | **List** domains that you wish to skip DNSSEC. It is one way around NTP chicken and egg. Your DHCP domains are automatically included. | domain-insecure: | | domain_type | static | state | This allows you to lock down or allow forwarding of the local zone.
`static`: no forwarding like dnsmasq default
`refuse`: answer overtly with REFUSED
`deny`: covertly drop all queries
`transparent`: may continue forwarding or recusion | local-zone: | diff --git a/net/unbound/files/odhcpd.awk b/net/unbound/files/odhcpd.awk index 7aea8e7c174799..5214500f789b5e 100644 --- a/net/unbound/files/odhcpd.awk +++ b/net/unbound/files/odhcpd.awk @@ -24,6 +24,7 @@ # "bslaac" = boolean, use DHCPv4 MAC to find GA and ULA IPV6 SLAAC # "bisolt" = boolean, format ... so you can isolate # "bconf" = boolean, write conf file with pipe records +# "exclude_ipv6_ga" = boolean, exclude IPv6 GA addresses from local-data # ############################################################################## @@ -38,16 +39,14 @@ sub( /.*\//, "", cdr2 ) ; gsub( /_/, "-", hst ) ; - if ( hst !~ /^[[:alnum:]]([-[:alnum:]]*[[:alnum:]])?$/ ) { # that is not a valid host name (RFC1123) # above replaced common error of "_" in host name with "-" hst = "-" ; } - if ( bisolt == 1 ) { - # TODO: this might be better with a substituion option, + # TODO: this might be better with a substitution option, # or per DHCP pool do-not-DNS option, but its getting busy here. fqdn = net gsub( /\./, "-", fqdn ) ; @@ -58,56 +57,52 @@ fqdn = tolower( hst "." domain ) ; } - if ((cls == "ipv4") && (hst != "-") && (cdr == 32) && (NF == 9)) { # IPV4 ; only for provided hostnames and full /32 assignments # NF=9 ; odhcpd errata in field format without host name ptr = adr ; qpr = "" ; split( ptr, ptrarr, "." ) ; slaac = slaac_eui64( id ) ; - if ( bconf == 1 ) { x = ( "local-data: \"" fqdn ". 300 IN A " adr "\"" ) ; y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ; print ( x "\n" y "\n" ) > conffile ; } - # always create the pipe file for( i=1; i<=4; i++ ) { qpr = ( ptrarr[i] "." qpr) ; } x = ( fqdn ". 300 IN A " adr ) ; y = ( qpr "in-addr.arpa. 300 IN PTR " fqdn ) ; print ( x "\n" y ) > pipefile ; - if (( bslaac == 1 ) && ( slaac != 0 )) { # UCI option to discover IPV6 routed SLAAC addresses # NOT TODO - ping probe take too long when added in awk-rule loop cmd = ( "ip -6 --oneline route show dev " net ) ; - while ( ( cmd | getline adr ) > 0 ) { if (( substr( adr, 1, 5 ) <= "fdff:" ) \ && ( index( adr, "::/" ) != 0 ) \ && ( index( adr, "anycast" ) == 0 ) \ && ( index( adr, "via" ) == 0 )) { - # GA or ULA routed addresses only (not LL or MC) + if ( exclude_ipv6_ga == 1 && ipv6_in_range(adr) ) { + printf "Excluding GA IPv6 address: %s for %s\n", \ + adr, fqdn | "logger -t unbound-odhcpd" + continue + } sub( /\/.*/, "", adr ) ; adr = ( adr slaac ) ; - if ( split( adr, tmp0, ":" ) > 8 ) { sub( "::", ":", adr ) ; } - if ( bconf == 1 ) { x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr "\"" ) ; y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ; print ( x "\n" y "\n" ) > conffile ; } - # always create the pipe file qpr = ipv6_ptr( adr ) ; x = ( fqdn ". 300 IN AAAA " adr ) ; @@ -116,41 +111,50 @@ } } - close( cmd ) ; } } else if ((cls != "ipv4") && (hst != "-") && (9 <= NF) && (NF <= 10)) { if (cdr == 128) { + if ( exclude_ipv6_ga == 1 && ipv6_in_range(adr) ) { + printf "Excluding GA IPv6 address: %s for %s\n", \ + adr, fqdn | "logger -t unbound-odhcpd" + } + else { if ( bconf == 1 ) { x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr "\"" ) ; y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ; print ( x "\n" y "\n" ) > conffile ; } - # only for provided hostnames and full /128 assignments qpr = ipv6_ptr( adr ) ; x = ( fqdn ". 300 IN AAAA " adr ) ; y = ( qpr ". 300 IN PTR " fqdn ) ; print ( x "\n" y ) > pipefile ; } + } if (cdr2 == 128) { + if ( exclude_ipv6_ga == 1 && ipv6_in_range(adr2) ) { + printf "Excluding GA IPv6 address: %s for %s\n", \ + adr2, fqdn | "logger -t unbound-odhcpd" + } + else { if ( bconf == 1 ) { x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr2 "\"" ) ; y = ( "local-data-ptr: \"" adr2 " 300 " fqdn "\"" ) ; print ( x "\n" y "\n" ) > conffile ; } - # odhcp puts GA and ULA on the same line (position 9 and 10) qpr2 = ipv6_ptr( adr2 ) ; x = ( fqdn ". 300 IN AAAA " adr2 ) ; y = ( qpr2 ". 300 IN PTR " fqdn ) ; print ( x "\n" y ) > pipefile ; } + } } else { @@ -164,7 +168,6 @@ function ipv6_ptr( ipv6, arpa, ary, end, m, n, new6, sz, start ) { # IPV6 colon flexibility is a challenge when creating [ptr].ip6.arpa. sz = split( ipv6, ary, ":" ) ; end = 9 - sz ; - for( m=1; m<=sz; m++ ) { if( length(ary[m]) == 0 ) { for( n=1; n<=end; n++ ) { ary[m] = ( ary[m] "0000" ) ; } @@ -175,7 +178,6 @@ function ipv6_ptr( ipv6, arpa, ary, end, m, n, new6, sz, start ) { } } - new6 = ary[1] ; for( m = 2; m <= sz; m++ ) { new6 = ( new6 ary[m] ) ; } start = length( new6 ) ; @@ -203,9 +205,55 @@ function slaac_eui64( mac, ary, glbit, eui64 ) { eui64 = 0 ; } - return eui64 ; } ############################################################################## +function normalize_ipv6(ip, parts, normalized) { + # Remove any prefix length + sub(/\/.*/, "", ip); + + # Handle compressed notation (::) + if (index(ip, "::") > 0) { + split(ip, parts, "::"); + # Count colons to determine how many zero groups to insert + gsub(/:/, ":", parts[1]); + if (parts[2] != "") gsub(/:/, ":", parts[2]); + missing = 8 - (split(parts[1], tmp1, ":") + split(parts[2], tmp2, ":")); + + # Build normalized address + normalized = parts[1]; + for (i = 0; i < missing; i++) normalized = normalized ":0"; + if (parts[2] != "") normalized = normalized ":" parts[2]; + } else { + normalized = ip; + } + + # Fill each group with leading zeros + split(normalized, parts, ":"); + normalized = ""; + for (i = 1; i <= length(parts); i++) { + if (parts[i] == "") parts[i] = "0"; + while (length(parts[i]) < 4) { + parts[i] = "0" parts[i]; + } + if (i > 1) normalized = normalized ":"; + normalized = normalized parts[i]; + } + + return normalized; +} + +function ipv6_in_range(ip) { + # Normalize the address first + ip = normalize_ipv6(ip); + + # Check if it's in 2000::/3 range + # This covers 2000:: to 3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff + first_group = substr(ip, 1, 4); + first_digit = substr(first_group, 1, 1); + + return (first_digit == "2" || first_digit == "3"); +} + diff --git a/net/unbound/files/odhcpd.sh b/net/unbound/files/odhcpd.sh index 9a428563b6bfa4..bcdd0722d79fba 100644 --- a/net/unbound/files/odhcpd.sh +++ b/net/unbound/files/odhcpd.sh @@ -38,7 +38,12 @@ odhcpd_zonedata() { local dhcp4_slaac6=$( uci_get unbound.@unbound[0].dhcp4_slaac6 ) local dhcp_domain=$( uci_get unbound.@unbound[0].domain ) local dhcp_origin=$( uci_get dhcp.@odhcpd[0].leasefile ) + local exclude_ipv6_ga=$( uci_get unbound.@unbound[0].exclude_ipv6_ga ) + if [ "$exclude_ipv6_ga" != "0" ] && [ "$exclude_ipv6_ga" != "1" ]; then + logger -t unbound -s "invalid exclude_ipv6_ga value, using default (0)" + exclude_ipv6_ga=0 + fi if [ -f "$UB_TOTAL_CONF" ] && [ -f "$dhcp_origin" ] \ && [ "$dhcp_link" = "odhcpd" ] && [ -n "$dhcp_domain" ] ; then @@ -49,7 +54,6 @@ odhcpd_zonedata() { local dns_ls_old=$UB_VARDIR/dhcp_dns.old local dhcp_ls_new=$UB_VARDIR/dhcp_lease.new - if [ ! -f $UB_DHCP_CONF ] || [ ! -f $dns_ls_old ] ; then # no old files laying around touch $dns_ls_old @@ -61,7 +65,6 @@ odhcpd_zonedata() { dateconf=$(( $( date +%s ) - $( date -r $UB_DHCP_CONF +%s ) )) dateoldf=$(( $( date +%s ) - $( date -r $dns_ls_old +%s ) )) - if [ $dateconf -gt 300 ] ; then touch $dns_ls_old sort $dhcp_origin > $dhcp_ls_new @@ -82,7 +85,7 @@ odhcpd_zonedata() { freshstart) awk -v conffile=$UB_DHCP_CONF -v pipefile=$dns_ls_new \ -v domain=$dhcp_domain -v bslaac=$dhcp4_slaac6 \ - -v bisolt=0 -v bconf=1 \ + -v bisolt=0 -v bconf=1 -v exclude_ipv6_ga=$exclude_ipv6_ga \ -f /usr/lib/unbound/odhcpd.awk $dhcp_ls_new cp $dns_ls_new $dns_ls_add @@ -94,7 +97,7 @@ odhcpd_zonedata() { longtime) awk -v conffile=$UB_DHCP_CONF -v pipefile=$dns_ls_new \ -v domain=$dhcp_domain -v bslaac=$dhcp4_slaac6 \ - -v bisolt=0 -v bconf=1 \ + -v bisolt=0 -v bconf=1 -v exclude_ipv6_ga=$exclude_ipv6_ga \ -f /usr/lib/unbound/odhcpd.awk $dhcp_ls_new awk '{ print $1 }' $dns_ls_old | sort | uniq > $dns_ls_del @@ -110,7 +113,7 @@ odhcpd_zonedata() { # unbound-control can be slow so high DHCP rates cannot run a full list awk -v conffile=$UB_DHCP_CONF -v pipefile=$dns_ls_new \ -v domain=$dhcp_domain -v bslaac=$dhcp4_slaac6 \ - -v bisolt=0 -v bconf=0 \ + -v bisolt=0 -v bconf=0 -v exclude_ipv6_ga=$exclude_ipv6_ga \ -f /usr/lib/unbound/odhcpd.awk $dhcp_ls_new sort $dns_ls_new $dns_ls_old $dns_ls_old | uniq -u > $dns_ls_add @@ -136,3 +139,4 @@ if flock -x -n 1000 ; then fi ############################################################################## + diff --git a/net/unbound/files/unbound.uci b/net/unbound/files/unbound.uci index d921e3cd0ed7c6..7a1eaf91141c5b 100644 --- a/net/unbound/files/unbound.uci +++ b/net/unbound/files/unbound.uci @@ -4,6 +4,7 @@ config unbound 'ub_main' option add_wan_fqdn '0' option dhcp_link 'none' option dhcp4_slaac6 '0' + option exclude_ipv6_ga '0' option dns64 '0' option dns64_prefix '64:ff9b::/96' option domain 'lan' From cd4ded7aa4dc79274ea472801ecea96e2096d985 Mon Sep 17 00:00:00 2001 From: Eric Luehrsen Date: Thu, 1 May 2025 23:39:37 -0400 Subject: [PATCH 100/239] unbound: update to 1.23.0 Signed-off-by: Eric Luehrsen (cherry picked from commit a0df926a01e98ad778d5db15f27e942425269306) --- net/unbound/Makefile | 6 +++--- net/unbound/patches/010-configure-uname.patch | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/net/unbound/Makefile b/net/unbound/Makefile index 0b14eddaa9bc11..a40abf508dbcc0 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound -PKG_VERSION:=1.22.0 -PKG_RELEASE:=2 +PKG_VERSION:=1.23.0 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://nlnetlabs.nl/downloads/unbound -PKG_HASH:=c5dd1bdef5d5685b2cedb749158dd152c52d44f65529a34ac15cd88d4b1b3d43 +PKG_HASH:=959bd5f3875316d7b3f67ee237a56de5565f5b35fc9b5fc3cea6cfe735a03bb8 PKG_MAINTAINER:=Eric Luehrsen PKG_LICENSE:=BSD-3-Clause diff --git a/net/unbound/patches/010-configure-uname.patch b/net/unbound/patches/010-configure-uname.patch index 65b9449c066170..866cf7fa4f8752 100644 --- a/net/unbound/patches/010-configure-uname.patch +++ b/net/unbound/patches/010-configure-uname.patch @@ -3,7 +3,7 @@ Fix cross compile errors by inserting an environment variable for the target. Use "uname" on host only if "UNAME" variable is empty. --- a/configure.ac +++ b/configure.ac -@@ -897,7 +897,7 @@ if test x_$ub_test_python != x_no; then +@@ -900,7 +900,7 @@ if test x_$ub_test_python != x_no; then fi fi From bd96a7bbcecdc16f7f1842cabefa10c8370cc34a Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Sun, 1 Jun 2025 08:01:34 +0200 Subject: [PATCH 101/239] unbound: bring back the service to the startup menu * trivial fix for #25963 to workaround the current "10 line parsing limit" Signed-off-by: Dirk Brenken (cherry picked from commit 732a8405efd9c89609cb1849f1e6ed9c00c07a87) --- net/unbound/Makefile | 2 +- net/unbound/files/unbound.init | 8 -------- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/net/unbound/Makefile b/net/unbound/Makefile index a40abf508dbcc0..5de7dde0c4fc65 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound PKG_VERSION:=1.23.0 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://nlnetlabs.nl/downloads/unbound diff --git a/net/unbound/files/unbound.init b/net/unbound/files/unbound.init index 8231e6931524b7..319062c1067d59 100755 --- a/net/unbound/files/unbound.init +++ b/net/unbound/files/unbound.init @@ -1,15 +1,7 @@ #!/bin/sh /etc/rc.common -############################################################################## -# # Copyright (C) 2016 Michael Hanselmann, Eric Luehrsen -# -############################################################################## -# # This init script is just the entry point for Unbound UCI. # -############################################################################## - -# while useful (sh)ellcheck is pedantic and noisy # shellcheck disable=1091,2002,2004,2034,2039,2086,2094,2140,2154,2155 START=19 From d5b7b5b2f41e1fdcf5c9d7dde76a53130ccfe418 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20H=C3=A1k?= Date: Mon, 4 Aug 2025 15:28:11 +0200 Subject: [PATCH 102/239] knot: update to version 3.4.8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Release notes: https://www.knot-dns.cz/2025-07-29-version-348.html Signed-off-by: Jan Hák (cherry picked from commit 08e4df89b0c244b000ca0fcfd03655bf2d17f8fe) --- net/knot/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/knot/Makefile b/net/knot/Makefile index 6c8f0bf939f47a..95c749f8453cf6 100644 --- a/net/knot/Makefile +++ b/net/knot/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=knot -PKG_VERSION:=3.4.7 +PKG_VERSION:=3.4.8 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://secure.nic.cz/files/knot-dns/ -PKG_HASH:=dd346ca6f3afabcdc5e9ba09dd667b010590bb66a42f4541021fb9d6f073dacc +PKG_HASH:=6730a73dbfc12d79d8000ffe22d36d068b7467e74bee1eb122ac4935ecea49f9 PKG_MAINTAINER:=Daniel Salzman PKG_LICENSE:=GPL-3.0 LGPL-2.0 0BSD BSD-3-Clause OLDAP-2.8 From 5912f55113871d3cee5c1f49d60d0db92048104d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20H=C3=A1k?= Date: Mon, 22 Sep 2025 15:21:21 +0200 Subject: [PATCH 103/239] knot: update to version 3.5.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Release notes: https://www.knot-dns.cz/2025-09-18-version-350.html Patch from commit https://gitlab.nic.cz/knot/knot-dns/-/commit/1297a6cc0fef21f35cfa517b5b55d94cd9cea41d Signed-off-by: Jan Hák (cherry picked from commit bddd5e9cb639bcad72518efd956955ac6d8ea352) --- net/knot/Makefile | 6 +++--- net/knot/patches/01_zscanner_tests.patch | 5 +++-- net/knot/patches/03_common_stats.patch | 22 ++++++++++++++++++++++ 3 files changed, 28 insertions(+), 5 deletions(-) create mode 100644 net/knot/patches/03_common_stats.patch diff --git a/net/knot/Makefile b/net/knot/Makefile index 95c749f8453cf6..46786572042d38 100644 --- a/net/knot/Makefile +++ b/net/knot/Makefile @@ -8,15 +8,15 @@ include $(TOPDIR)/rules.mk PKG_NAME:=knot -PKG_VERSION:=3.4.8 +PKG_VERSION:=3.5.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://secure.nic.cz/files/knot-dns/ -PKG_HASH:=6730a73dbfc12d79d8000ffe22d36d068b7467e74bee1eb122ac4935ecea49f9 +PKG_HASH:=d52538bf7364c280999dec58c2a02a405dd922ef5794da1473ca7c3cf7f01277 PKG_MAINTAINER:=Daniel Salzman -PKG_LICENSE:=GPL-3.0 LGPL-2.0 0BSD BSD-3-Clause OLDAP-2.8 +PKG_LICENSE:=GPL-2.0-or-later LGPL-2.0-or-later MIT ISC BSD-3-Clause PKG_CPE_ID:=cpe:/a:knot-dns:knot_dns PKG_FIXUP:=autoreconf diff --git a/net/knot/patches/01_zscanner_tests.patch b/net/knot/patches/01_zscanner_tests.patch index 7b834941cb5cea..23958807de5d97 100644 --- a/net/knot/patches/01_zscanner_tests.patch +++ b/net/knot/patches/01_zscanner_tests.patch @@ -1,7 +1,8 @@ --- a/tests/libzscanner/test_zscanner.in +++ b/tests/libzscanner/test_zscanner.in -@@ -1,15 +1,14 @@ - #!/bin/sh +@@ -3,16 +3,15 @@ + # SPDX-License-Identifier: GPL-2.0-or-later + # For more information, see -SOURCE=@top_srcdir@/tests/libzscanner -BUILD=@top_builddir@/tests/libzscanner diff --git a/net/knot/patches/03_common_stats.patch b/net/knot/patches/03_common_stats.patch new file mode 100644 index 00000000000000..6d965a5fb88d80 --- /dev/null +++ b/net/knot/patches/03_common_stats.patch @@ -0,0 +1,22 @@ +From 4f02c29b67790ff05f23fc6593e145be7c223c70 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jan=20H=C3=A1k?= +Date: Tue, 23 Sep 2025 12:52:25 +0200 +Subject: [PATCH] fix: failing build of knot/common/stats.c on PowerPC and MIPS + +--- + src/knot/common/stats.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/src/knot/common/stats.c ++++ b/src/knot/common/stats.c +@@ -127,8 +127,8 @@ int stats_server(stats_dump_ctr_f fcn, s + } + + DUMP_VAL(params, "zone-count", knot_zonedb_size(ctx->server->zone_db)); +- DUMP_VAL(params, "tcp-io-timeout", ctx->server->stats.tcp_io_timeout); +- DUMP_VAL(params, "tcp-idle-timeout", ctx->server->stats.tcp_idle_timeout); ++ DUMP_VAL(params, "tcp-io-timeout", ATOMIC_GET(ctx->server->stats.tcp_io_timeout)); ++ DUMP_VAL(params, "tcp-idle-timeout", ATOMIC_GET(ctx->server->stats.tcp_idle_timeout)); + + return KNOT_EOK; + } From 9da18e3229faf99c39cfa4bf835c795e4fd7c964 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Thu, 25 Sep 2025 23:46:44 +0200 Subject: [PATCH 104/239] syslog-ng: add runtime test It adds a runtime test to verify that the compiled binary in CI/CD runs without segfault and prints the version. Signed-off-by: Josef Schlehofer (cherry picked from commit 971a2164f598cb6976846ac9f932283cd636e387) --- admin/syslog-ng/test.sh | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 admin/syslog-ng/test.sh diff --git a/admin/syslog-ng/test.sh b/admin/syslog-ng/test.sh new file mode 100644 index 00000000000000..190967ce96f7d4 --- /dev/null +++ b/admin/syslog-ng/test.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +syslog-ng --version | grep "$2" From 0632797c8981ec918ead6f575a2d500ad71cdba6 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Mon, 16 Jun 2025 11:49:34 +0200 Subject: [PATCH 105/239] syslog-ng: update to version 4.10.0 Release notes: https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.10.0 Makefile changes ---------------- 1. Disable experimental feature: stackdump due to issues, which were reported to upstream 2. Disabled example modules to avoid adding libstdc++.so.6 dependency Fixes: Package syslog-ng is missing dependencies for the following libraries: libstdc++.so.6 Other changes ------------- In syslog-ng 4.8.0, there was added possibility to use value "current" as version in the config file, so use it, which confirm to use the latest version instead of bumping the version in the file manually. Signed-off-by: Josef Schlehofer (cherry picked from commit b1cfb71f7bdf475c72f8a9f3be38b381108b0ac1) --- admin/syslog-ng/Makefile | 8 +++++--- admin/syslog-ng/files/syslog-ng.conf | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/admin/syslog-ng/Makefile b/admin/syslog-ng/Makefile index c9e0384f900798..36de97a598167f 100644 --- a/admin/syslog-ng/Makefile +++ b/admin/syslog-ng/Makefile @@ -1,8 +1,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=syslog-ng -PKG_VERSION:=4.7.1 -PKG_RELEASE:=2 +PKG_VERSION:=4.10.0 +PKG_RELEASE:=1 PKG_MAINTAINER:=Josef Schlehofer PKG_LICENSE:=LGPL-2.1-or-later GPL-2.0-or-later @@ -11,7 +11,7 @@ PKG_CPE_ID:=cpe:/a:oneidentity:syslog-ng PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/syslog-ng/syslog-ng/releases/download/$(PKG_NAME)-$(PKG_VERSION)/ -PKG_HASH:=5477189a2d12325aa4faebfcf59f5bdd9084234732f0c3ec16dd253847dacf1c +PKG_HASH:=219fbdb1685b6fa61674712f21c7b46e5e09b2533518c57689eaa827f57b1609 PKG_BUILD_PARALLEL:=1 PKG_INSTALL:=1 @@ -92,11 +92,13 @@ CONFIGURE_ARGS += \ --disable-linux-caps \ --with-jsonc=system \ --enable-cpp=no \ + --disable-example-modules \ --enable-json=yes \ $(if $(CONFIG_LIBCURL_ZLIB),--enable-http=yes,--enable-http=no) \ --disable-smtp \ --disable-mqtt \ --disable-redis \ + --disable-stackdump \ --disable-dependency-tracking \ --disable-python \ --disable-geoip2 \ diff --git a/admin/syslog-ng/files/syslog-ng.conf b/admin/syslog-ng/files/syslog-ng.conf index dafef7b7e465a2..e99f9c068e170f 100644 --- a/admin/syslog-ng/files/syslog-ng.conf +++ b/admin/syslog-ng/files/syslog-ng.conf @@ -1,7 +1,7 @@ # Collect all local logs into a single file /var/log/messages. # See https://www.syslog-ng.com/technical-documents/list/syslog-ng-open-source-edition -@version: 4.7 +@version: current @include "scl.conf" options { From 29a122d807035cadfa6bc5564ade6b1d25b0acb2 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Sun, 15 Jun 2025 08:37:32 +0200 Subject: [PATCH 106/239] treewide: drop anything related to uClibc uClibc-ng was removed in 2020 from OpenWrt main repo [1]. These things are leftovers. [1] https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=63fb175203bbf3b336804587c2f5b3a2d8132ec1 Signed-off-by: Josef Schlehofer (cherry picked from commit 3aab1ef31378219eb369147b2cc99b8c1be47dc1) --- libs/postgresql/Makefile | 9 --------- net/haproxy/Makefile | 11 +++-------- net/linknx/Makefile | 2 +- net/netifyd/Makefile | 2 +- net/torsocks/Makefile | 7 ------- 5 files changed, 5 insertions(+), 26 deletions(-) diff --git a/libs/postgresql/Makefile b/libs/postgresql/Makefile index 1262bab43a61b4..cde997bdf896f8 100644 --- a/libs/postgresql/Makefile +++ b/libs/postgresql/Makefile @@ -121,15 +121,6 @@ PGSQL_CONFIG_VARS:= \ ac_cv_file__dev_urandom="/dev/urandom" \ ZIC=zic -ifeq ($(CONFIG_USE_UCLIBC),y) -# PostgreSQL does not build against uClibc with locales -# enabled, due to an uClibc bug, see -# http://lists.uclibc.org/pipermail/uclibc/2014-April/048326.html -# so overwrite automatic detection and disable locale support -PGSQL_CONFIG_VARS+= \ - pgac_cv_type_locale_t=no -endif - TARGET_CONFIGURE_OPTS+=$(PGSQL_CONFIG_VARS) HOST_CONFIGURE_ARGS += \ diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile index c2a4ea9f48998a..4176b6c1cc50d7 100644 --- a/net/haproxy/Makefile +++ b/net/haproxy/Makefile @@ -68,16 +68,11 @@ define Package/haproxy-nossl/description This package is built without SSL support. endef -TARGET=linux-glibc +TARGET=linux-musl ENABLE_LUA:=y -ifeq ($(CONFIG_USE_UCLIBC),y) - ADDON+=USE_BACKTRACE= - ADDON+=USE_LIBCRYPT= -endif - -ifeq ($(CONFIG_USE_MUSL),y) - TARGET=linux-musl +ifeq ($(CONFIG_USE_GLIBC),y) + TARGET=linux-glibc endif ifeq ($(BUILD_VARIANT),ssl) diff --git a/net/linknx/Makefile b/net/linknx/Makefile index 8ad017c590ff1d..bb0ef94ffb747e 100644 --- a/net/linknx/Makefile +++ b/net/linknx/Makefile @@ -19,7 +19,7 @@ PKG_MAINTAINER:=Othmar Truniger PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=LICENSE -PKG_BUILD_DEPENDS:=USE_UCLIBC:argp-standalone USE_MUSL:argp-standalone +PKG_BUILD_DEPENDS:=USE_MUSL:argp-standalone PKG_FIXUP:=autoreconf include $(INCLUDE_DIR)/package.mk diff --git a/net/netifyd/Makefile b/net/netifyd/Makefile index a09cae3d462a3d..a0ffd2261fb921 100644 --- a/net/netifyd/Makefile +++ b/net/netifyd/Makefile @@ -32,7 +32,7 @@ define Package/netifyd CATEGORY:=Network TITLE:=Netify Agent URL:=http://www.netify.ai/ - DEPENDS:=+ca-bundle +libatomic +libcurl +libmnl +libnetfilter-conntrack +libpcap +zlib +libpthread @!USE_UCLIBC + DEPENDS:=+ca-bundle +libatomic +libcurl +libmnl +libnetfilter-conntrack +libpcap +zlib +libpthread # Explicitly depend on libstdcpp rather than $(CXX_DEPENDS). At the moment # std::unordered_map is only available via libstdcpp which is required for # performance reasons. diff --git a/net/torsocks/Makefile b/net/torsocks/Makefile index b0bcbedb142183..cd49d44fe9f470 100644 --- a/net/torsocks/Makefile +++ b/net/torsocks/Makefile @@ -39,13 +39,6 @@ define Package/torsocks/description It ensures that DNS requests are handled safely and explicitly rejects any traffic other than TCP from the application you're using. endef -define Build/Configure - $(call Build/Configure/Default) -ifeq ($(CONFIG_USE_UCLIBC),y) - find $(PKG_BUILD_DIR) -name 'Makefile' -exec sed -i 's|--param ssp-buffer-size=1 -fstack-protector-all||' \{\} \+ -endif -endef - define Package/conffiles /etc/tor/torsocks.conf endef From bf326757d99d8bc21faf31d80c22d3feef1ab244 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20H=C3=A1k?= Date: Thu, 25 Sep 2025 14:09:21 +0200 Subject: [PATCH 107/239] knot: disable redis as it was enabled since 3.5.0 by default MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit By disabling redis, it is not possible to use redis database as zone storage Signed-off-by: Jan Hák (cherry picked from commit cbbd2b5b3bd6df7e550b114cf1c9f8e0f5bc8616) --- net/knot/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/net/knot/Makefile b/net/knot/Makefile index 46786572042d38..a7e51f6920a3ac 100644 --- a/net/knot/Makefile +++ b/net/knot/Makefile @@ -157,6 +157,7 @@ CONFIGURE_ARGS += \ --enable-dbus=libdbus \ --enable-quic \ --disable-fastparser \ + --disable-redis \ --without-libidn \ --with-libnghttp2=no \ --with-rundir=/var/run/knot \ From 301b96818b09aa857e1291d5caa4eb812704fc53 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20H=C3=A1k?= Date: Thu, 25 Sep 2025 14:09:21 +0200 Subject: [PATCH 108/239] knot: backport patch to fix linking with libhiredis MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It was discovered that even while using ``--enable-redis=no`` and ``--disable-redis`` that it was still linking with libhiredis. This avoids to picking up libhiredis as dependency: ``` Package knot is missing dependencies for the following libraries: libhiredis.so.1.1.0 ``` Fixes: cbbd2b5b3bd6df7e550b114cf1c9f8e0f5bc8616 ("knot: disable redis as it was enabled since 3.5.0 by default") Signed-off-by: Jan Hák (cherry picked from commit 598504d89592cf588d7051dd941a47379104a936) --- ...onfigure_fix_linking_with_libhiredis.patch | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 net/knot/patches/04_configure_fix_linking_with_libhiredis.patch diff --git a/net/knot/patches/04_configure_fix_linking_with_libhiredis.patch b/net/knot/patches/04_configure_fix_linking_with_libhiredis.patch new file mode 100644 index 00000000000000..8c11efa49ae5a8 --- /dev/null +++ b/net/knot/patches/04_configure_fix_linking_with_libhiredis.patch @@ -0,0 +1,25 @@ +From e1e8a763086efd91b3b167ec238c10d46c6e6a31 Mon Sep 17 00:00:00 2001 +From: Daniel Salzman +Date: Fri, 26 Sep 2025 14:46:20 +0200 +Subject: [PATCH] configure: fix linking with libhiredis if --disable-redis + +--- + configure.ac | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +--- a/configure.ac ++++ b/configure.ac +@@ -264,11 +264,9 @@ AC_ARG_ENABLE([redis], + AS_HELP_STRING([--enable-redis=auto|yes|no], [enable Redis support [default=auto]]), + [], [enable_redis=auto]) + +-PKG_CHECK_MODULES([hiredis], [hiredis], [have_hiredis=yes], [have_hiredis=no]) +- + AS_CASE([$enable_redis], +- [auto], [AS_IF([test "$have_hiredis" = "yes"], [enable_redis=yes], [enable_redis=no])], +- [yes], [AS_IF([test "$have_hiredis" = "yes"], [enable_redis=yes], [AC_MSG_ERROR([libhiredis not available])])], ++ [auto], [PKG_CHECK_MODULES([hiredis], [hiredis], [enable_redis=yes], [enable_redis=no])], ++ [yes], [PKG_CHECK_MODULES([hiredis], [hiredis], [enable_redis=yes], [AC_MSG_ERROR([libhiredis not available])])], + [no], [], + [*], [AC_MSG_ERROR([Invalid value of --enable-redis.])] + ) From 5c7aa7fa08a2e0b33f266790a8e6529e18791847 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maximilian=20Tr=C3=BCpschuch?= Date: Tue, 22 Apr 2025 22:04:46 +0200 Subject: [PATCH 109/239] jq: provide regex support in additional package jq-full MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I modified the makefile, so that it will build two packages: jq and jq-full. The former will remain unchanged and the latter will have a dependency to the oniguruma library, so jq-full will have regex functions enabled. Signed-off-by: Maximilian Trüpschuch (cherry picked from commit 711a19c4b23f3517ece5296d323c8f0220a0ff4e) --- utils/jq/Makefile | 40 ++++++++++++++++++++++++++++++++++------ 1 file changed, 34 insertions(+), 6 deletions(-) diff --git a/utils/jq/Makefile b/utils/jq/Makefile index 4b724639166b32..0baa4588d80e90 100644 --- a/utils/jq/Makefile +++ b/utils/jq/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=jq PKG_VERSION:=1.7.1 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/jqlang/jq/releases/download/$(PKG_NAME)-$(PKG_VERSION) @@ -27,22 +27,50 @@ include $(INCLUDE_DIR)/package.mk CONFIGURE_ARGS+= \ --disable-docs \ --disable-valgrind \ - --without-oniguruma -define Package/jq +define Package/jq/Default SECTION:=utils CATEGORY:=Utilities - TITLE:=Lightweight and flexible command-line JSON processor. + TITLE:=Lightweight and flexible command-line JSON processor URL:=https://jqlang.github.io/jq/ + PROVIDES:=jq +endef + +define Package/jq + $(Package/jq/Default) + TITLE+= without regex support. + VARIANT:=noregex + DEFAULT_VARIANT:=1 endef define Package/jq/description - Lightweight and flexible command-line JSON processor. + Lightweight and flexible command-line JSON processor. + This package was compiled without ONIGURUMA regex libary. match/test/sub and related functions are not available. +endef + +define Package/jq-full + $(Package/jq/Default) + TITLE+= with regex support. + VARIANT:=regex + DEPENDS+=+oniguruma +endef + +define Package/jq-full/description + Lightweight and flexible command-line JSON processor. + This package was compiled with ONIGURUMA regex libary and has full regex support. endef -define Package/jq/install +ifeq ($(BUILD_VARIANT),noregex) + CONFIGURE_ARGS += --without-oniguruma +endif + +define Package/jq/install/Default $(INSTALL_DIR) $(1)/usr/bin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/* $(1)/usr/bin/ endef +Package/jq/install = $(Package/jq/install/Default) +Package/jq-full/install = $(Package/jq/install/Default) + $(eval $(call BuildPackage,jq)) +$(eval $(call BuildPackage,jq-full)) From b51e3eb499eaf62ed930768c76da34f2ea85ccc9 Mon Sep 17 00:00:00 2001 From: John Audia Date: Sun, 1 Jun 2025 09:05:19 -0400 Subject: [PATCH 110/239] jq: bump to v1.8.0 In addition to shipping the latest upstream version, package shared objects. It is worth noting that this release is required when building with GCC 15.1. Signed-off-by: John Audia (cherry picked from commit 0f281ad57be8ea3247e4b02c6471c01cf891c07c) --- utils/jq/Makefile | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/utils/jq/Makefile b/utils/jq/Makefile index 0baa4588d80e90..be7f68816ec8f5 100644 --- a/utils/jq/Makefile +++ b/utils/jq/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=jq -PKG_VERSION:=1.7.1 -PKG_RELEASE:=2 +PKG_VERSION:=1.8.0 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/jqlang/jq/releases/download/$(PKG_NAME)-$(PKG_VERSION) -PKG_HASH:=478c9ca129fd2e3443fe27314b455e211e0d8c60bc8ff7df703873deeee580c2 +PKG_HASH:=91811577f91d9a6195ff50c2bffec9b72c8429dc05ec3ea022fd95c06d2b319c PKG_MAINTAINER:=Marko Ratkaj PKG_LICENSE:=MIT @@ -66,7 +66,9 @@ endif define Package/jq/install/Default $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_DIR) $(1)/usr/lib $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/* $(1)/usr/bin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/libjq.so* $(1)/usr/lib endef Package/jq/install = $(Package/jq/install/Default) From 748f2b825ff26f56255e39186c59c85ae4e091d8 Mon Sep 17 00:00:00 2001 From: John Audia Date: Wed, 2 Jul 2025 16:29:20 -0400 Subject: [PATCH 111/239] jq: bump to v1.8.1 Simple bump to new release Build system: x86/64 Build-tested: x86/64 Run-tested: x86/64 Signed-off-by: John Audia (cherry picked from commit 383fba198e4359344ba2d0a6efcd750ba6f486e1) --- utils/jq/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/jq/Makefile b/utils/jq/Makefile index be7f68816ec8f5..5ac4a30dc51f8c 100644 --- a/utils/jq/Makefile +++ b/utils/jq/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=jq -PKG_VERSION:=1.8.0 +PKG_VERSION:=1.8.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/jqlang/jq/releases/download/$(PKG_NAME)-$(PKG_VERSION) -PKG_HASH:=91811577f91d9a6195ff50c2bffec9b72c8429dc05ec3ea022fd95c06d2b319c +PKG_HASH:=2be64e7129cecb11d5906290eba10af694fb9e3e7f9fc208a311dc33ca837eb0 PKG_MAINTAINER:=Marko Ratkaj PKG_LICENSE:=MIT From 4fd7305440f02890a9c4c218c70c068013264c94 Mon Sep 17 00:00:00 2001 From: Antonio Pastor Date: Mon, 15 Sep 2025 18:38:09 -0400 Subject: [PATCH 112/239] netatalk: update to 4.3.2 Netatalk 4.3.x adds the option to use sqlite as a CNID DB. This is now a config option for the full package. (mysql is also an option but this has not been included here yet). As CNID DB backends are now managed by the netatalk meta-daemon the init script has been updated to use it instead of starting afpd & dbd manually. Cleaned up tab/space issues here and there. Signed-off-by: Antonio Pastor (cherry picked from commit 2a8fdf37dc6c53929c831e0f24917fb9fd48a959) --- net/netatalk/Config.in | 62 ++++++++++++------- net/netatalk/Makefile | 37 ++++++++--- net/netatalk/files/afpd.init | 12 +--- .../patches/010-iconv-build-fix.patch | 43 ------------- 4 files changed, 68 insertions(+), 86 deletions(-) delete mode 100644 net/netatalk/patches/010-iconv-build-fix.patch diff --git a/net/netatalk/Config.in b/net/netatalk/Config.in index c889c4b2484fc9..8d2a0e545abf72 100644 --- a/net/netatalk/Config.in +++ b/net/netatalk/Config.in @@ -1,35 +1,49 @@ if PACKAGE_netatalk-full - config PACKAGE_NETATALK_APPLETALK - bool "Enable AppleTalk support." - default y + config PACKAGE_NETATALK_APPLETALK + bool "Enable AppleTalk support." + default y - config PACKAGE_NETATALK_ZEROCONF - bool "Enable Zeroconf support." - default y + config PACKAGE_NETATALK_ZEROCONF + bool "Enable Zeroconf support." + default y - config PACKAGE_NETATALK_ACLS - bool "Enable ACL support." - default y + config PACKAGE_NETATALK_ACLS + bool "Enable ACL support." + default y - config PACKAGE_NETATALK_PAM - bool "Enable PAM support." - default y + config PACKAGE_NETATALK_PAM + bool "Enable PAM support." + default y - config PACKAGE_NETATALK_LDAP - bool "Enable LDAP support." - default y + config PACKAGE_NETATALK_LDAP + bool "Enable LDAP support." + default y - config PACKAGE_NETATALK_ICONV - bool "Use libiconv features." - default y + config PACKAGE_NETATALK_ICONV + bool "Use libiconv features." + default y - config PACKAGE_NETATALK_KERBEROS - bool "Enable kerberos support." - default y + config PACKAGE_NETATALK_KERBEROS + bool "Enable kerberos support." + default y - config PACKAGE_NETATALK_LIBWRAP - bool "Enable TCP wrappers." - default y + config PACKAGE_NETATALK_LIBWRAP + bool "Enable TCP wrappers." + default y + + choice + prompt "CNID backends" + default PACKAGE_NETATALK_BOTHBACK + + config PACKAGE_NETATALK_DBDBACK + bool "dbd" + + config PACKAGE_NETATALK_SQLITEBACK + bool "sqlite" + + config PACKAGE_NETATALK_BOTHBACK + bool "dbd,sqlite" + endchoice endif diff --git a/net/netatalk/Makefile b/net/netatalk/Makefile index e87f8c8e8139c9..304f2204e24bdc 100644 --- a/net/netatalk/Makefile +++ b/net/netatalk/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=netatalk -PKG_VERSION:=4.2.2 +PKG_VERSION:=4.3.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@SF/netatalk -PKG_HASH:=8f772804ce4322a4e8fb159528209450927e9df067daa5cc02ab59b35f4b450c +PKG_HASH:=2977b4fd113182f0cc183337ba23d5701fb2be4e0dfcec7ee575b4d73a738d3a PKG_MAINTAINER:=Antonio Pastor PKG_LICENSE:=GPL-2.0-or-later @@ -59,7 +59,9 @@ define Package/netatalk-full +PACKAGE_NETATALK_LDAP:libopenldap \ +PACKAGE_NETATALK_ICONV:libiconv-full \ +PACKAGE_NETATALK_KERBEROS:krb5-libs \ - +PACKAGE_NETATALK_LIBWRAP:libwrap + +PACKAGE_NETATALK_LIBWRAP:libwrap \ + +PACKAGE_NETATALK_SQLITEBACK:libsqlite3 \ + +PACKAGE_NETATALK_BOTHBACK:libsqlite3 MENU:=1 endef @@ -87,13 +89,10 @@ define Package/netatalk-full/description endef define Package/netatalk-full/config - source "$(SOURCE)/Config.in" + source "$(SOURCE)/Config.in" endef MESON_ARGS += \ - -Dwith-cnid-default-backend=dbd \ - -Dwith-cnid-dbd-backend=true \ - -Dwith-cnid-mysql-backend=false \ -Dwith-bdb-path="$(STAGING_DIR)/usr/" \ -Dwith-unicode-data-path="$(STAGING_DIR_HOST)/share/gnulib/tests/uniname/" \ -Dwith-libgcrypt-path="$(STAGING_DIR)/usr/" \ @@ -111,6 +110,8 @@ MESON_ARGS += \ ifeq ($(BUILD_VARIANT),small) MESON_ARGS += \ + -Dwith-cnid-default-backend=dbd \ + -Dwith-cnid-backends=dbd \ -Dwith-appletalk=false \ -Dwith-zeroconf=false \ -Dwith-acls=false \ @@ -125,6 +126,8 @@ endif ifeq ($(BUILD_VARIANT),appletalk) MESON_ARGS += \ + -Dwith-cnid-default-backend=dbd \ + -Dwith-cnid-backends=dbd \ -Dwith-appletalk=true \ -Dwith-zeroconf=false \ -Dwith-acls=false \ @@ -150,6 +153,21 @@ MESON_ARGS += \ -Dwith-krbV-uam=$(if $(CONFIG_PACKAGE_NETATALK_KERBEROS),true,false) \ -Dwith-tcp-wrappers=$(if $(CONFIG_PACKAGE_NETATALK_LIBWRAP),true,false) \ +ifdef CONFIG_PACKAGE_NETATALK_DBDBACK +MESON_ARGS += \ + -Dwith-cnid-default-backend=dbd \ + -Dwith-cnid-backends=dbd +endif +ifdef CONFIG_PACKAGE_NETATALK_SQLITEBACK +MESON_ARGS += \ + -Dwith-cnid-default-backend=sqlite \ + -Dwith-cnid-backends=sqlite +endif +ifdef CONFIG_PACKAGE_NETATALK_BOTHBACK +MESON_ARGS += \ + -Dwith-cnid-default-backend=dbd \ + -Dwith-cnid-backends=dbd,sqlite +endif endif define Package/netatalk/conffiles @@ -169,6 +187,7 @@ define Package/netatalk-small/install $(INSTALL_DIR) $(1)/etc/config $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/* $(1)/usr/bin/ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libatalk.so* $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libbstring.so* $(1)/usr/lib/ $(CP) $(PKG_INSTALL_DIR)/usr/lib/netatalk/*.so $(1)/usr/lib/netatalk/ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/* $(1)/usr/sbin/ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/afp.conf $(1)/etc/ @@ -178,7 +197,7 @@ define Package/netatalk-small/install endef define Package/netatalk/install - $(call Package/netatalk-small/install,$(1)) + $(call Package/netatalk-small/install,$(1)) $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/atalkd.conf $(1)/etc/ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/macipgw.conf $(1)/etc/ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/papd.conf $(1)/etc/ @@ -195,7 +214,7 @@ define Package/netatalk/install endef define Package/netatalk-full/install - $(call Package/netatalk-small/install,$(1)) + $(call Package/netatalk-small/install,$(1)) $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/atalkd.conf $(1)/etc/,) $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/macipgw.conf $(1)/etc/,) $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/papd.conf $(1)/etc/,) diff --git a/net/netatalk/files/afpd.init b/net/netatalk/files/afpd.init index 193856c892e267..33658945391405 100644 --- a/net/netatalk/files/afpd.init +++ b/net/netatalk/files/afpd.init @@ -4,8 +4,7 @@ START=85 STOP=10 USE_PROCD=1 -PROG_afpd='/usr/sbin/afpd' -PROG_cnid='/usr/sbin/cnid_metad' +PROG_netatalk='/usr/sbin/netatalk' # Default config file location config_file='/etc/afp.conf' @@ -185,16 +184,9 @@ start_service() { generate_config - # afpd procd_open_instance - procd_set_param command $PROG_afpd -d -F $config_file + procd_set_param command $PROG_netatalk -d -F $config_file procd_set_param file $config_file procd_set_param respawn procd_close_instance - - # cnid - procd_open_instance - procd_set_param command $PROG_cnid -d -F $config_file - procd_set_param respawn - procd_close_instance } diff --git a/net/netatalk/patches/010-iconv-build-fix.patch b/net/netatalk/patches/010-iconv-build-fix.patch deleted file mode 100644 index bf56f2bcc4f67e..00000000000000 --- a/net/netatalk/patches/010-iconv-build-fix.patch +++ /dev/null @@ -1,43 +0,0 @@ ---- a/bin/misc/meson.build -+++ b/bin/misc/meson.build -@@ -1,10 +1,13 @@ -+iconv_deps = [] -+ - if have_iconv -+ iconv_deps += iconv - executable( - 'netacnv', - ['netacnv.c'], - include_directories: root_includes, - link_with: libatalk, -- dependencies: [iconv], -+ dependencies: [iconv_deps], - install: false, - ) - endif -@@ -14,6 +17,7 @@ executable( - ['logger_test.c'], - include_directories: root_includes, - link_with: libatalk, -+ dependencies: [iconv_deps], - install: false, - ) - -@@ -22,7 +26,7 @@ executable( - ['fce.c'], - include_directories: root_includes, - link_with: libatalk, -- dependencies: [iniparser], -+ dependencies: [iniparser,iconv_deps], - install: true, - ) - -@@ -38,7 +42,7 @@ if have_ldap - ['uuidtest.c'], - include_directories: root_includes, - link_with: libatalk, -- dependencies: [afpldaptest_deps], -+ dependencies: [afpldaptest_deps,iconv_deps], - c_args: confdir, - install: true, - build_rpath: rpath_libdir, From 7fa3bd1be1ba610541c4a18a4f860ee964065db4 Mon Sep 17 00:00:00 2001 From: Stan Grishin Date: Tue, 23 Sep 2025 22:40:30 +0000 Subject: [PATCH 113/239] adblock-fast: update to 1.2.0 Makefile: * update version/release Init Script: * boot up reliability improvements: - change START from 50 to 20 to ensure procd_add_raw_trigger works on boot - better logic of checking/using the cache/compressed cache on boot * new dnsmasq handling/integration logic: - new logic for checking dnsmasq functionality (similar to dnsmasq init script) - instead of copying/duplicating adblock-fast files per specified dnsmasq instance, create one file and add softlinks to it for specified dnsmasq instances and make sure it's in the instance's addnmounts - update dnsmasqConfFile, dnsmasqIpsetFile and dnsmasqNftsetFile to point to the same filename as the logic for integrating with dnsmasq is the same for those options - get the confdir for specified dnsmasq instances via ubus info/config file since the config_get is broken between releases by https://github.com/openwrt/openwrt/pull/14975 - update clean-up procedures for other dns backend settings to properly clean up when switching away from dnsmasq.conf, dnsmasq.ipset, dnsmasq.nftset where the new logic is used - remove obsolete outputDnsmasqFileList variable and logic of building and using it - only create compressed cache in service_started after successful resolver restart with the block-file * new package config / environment loading logic - switch away from using `load_validate_config` to start functions to loading package config "manually" - unset boolean variables which are non-true on package config load - switch checking values of such variables from `-eq 0` to empty/non-empty * debugging improvements: - rename debug option to debug_init_script and proc_debug to debug_performance - output performance debug info to log only when debug_performance is set * miscellaneous changes: - move best dl tool detection into its own function for reuse in adb_config_update - change uci_changes function to return 0/1 instead of the text of changes - improve mktemp calls reliability by creating the file and not using `-u` anymore - add remove_cache/remove_gzip calls to adb_file function - better readability of the start_serice logic determining the action - change flock value from 207 to 209 to avoid collisions with pbr - temporarily switch namespaces when using jshn functions to avoid collisions with PROCD - move from using spaces to tabs in indentation in code - prevent Command Not Found message on uninstall - remove unneeded IPKG_INSTROOT check in the init script - update all sourcing instructions to include IPKG_INSTROOT in the path Uci-defaults script: * transition old debug and proc_debug options to debug_init_script/debug_performance Signed-off-by: Stan Grishin (cherry picked from commit 3c3d9d2b868d38ae4a0eea6589183d7a5b23b315) --- net/adblock-fast/Makefile | 4 +- .../files/etc/init.d/adblock-fast | 1636 ++++++++--------- .../files/etc/uci-defaults/90-adblock-fast | 16 +- 3 files changed, 827 insertions(+), 829 deletions(-) diff --git a/net/adblock-fast/Makefile b/net/adblock-fast/Makefile index 2236aac4b5e4d7..2b0cf7abc68bfc 100644 --- a/net/adblock-fast/Makefile +++ b/net/adblock-fast/Makefile @@ -4,8 +4,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=adblock-fast -PKG_VERSION:=1.1.4 -PKG_RELEASE:=14 +PKG_VERSION:=1.2.0 +PKG_RELEASE:=10 PKG_MAINTAINER:=Stan Grishin PKG_LICENSE:=AGPL-3.0-or-later diff --git a/net/adblock-fast/files/etc/init.d/adblock-fast b/net/adblock-fast/files/etc/init.d/adblock-fast index 179579bf830a0a..021608519bc18f 100755 --- a/net/adblock-fast/files/etc/init.d/adblock-fast +++ b/net/adblock-fast/files/etc/init.d/adblock-fast @@ -3,13 +3,11 @@ # shellcheck disable=SC2015,SC3023,SC3043 # shellcheck disable=SC2034 -START=50 +START=20 # shellcheck disable=SC2034 USE_PROCD=1 LC_ALL=C -[ -n "${IPKG_INSTROOT}" ] && return 0 - if type extra_command 1>/dev/null 2>&1; then extra_command 'allow' 'Allows domain in current block-list and config' extra_command 'check' 'Checks if specified domain is found in current block-list' @@ -36,17 +34,17 @@ readonly dnsmasqAddnhostsGzip="${packageName}.dnsmasq.addnhosts.gz" readonly dnsmasqAddnhostsFilter='s|^|127.0.0.1 |;s|$||' readonly dnsmasqAddnhostsFilterIPv6='s|^|:: |;s|$||' readonly dnsmasqAddnhostsOutputFilter='s|^127.0.0.1 ||;s|^:: ||;' -readonly dnsmasqConfFile="${packageName}" +readonly dnsmasqConfFile="/var/run/${packageName}/${packageName}.dnsmasq" readonly dnsmasqConfCache="/var/run/${packageName}/dnsmasq.conf.cache" readonly dnsmasqConfGzip="${packageName}.dnsmasq.conf.gz" readonly dnsmasqConfFilter='s|^|local=/|;s|$|/|' readonly dnsmasqConfOutputFilter='s|local=/||;s|/$||;' -readonly dnsmasqIpsetFile="${packageName}.ipset" +readonly dnsmasqIpsetFile="/var/run/${packageName}/${packageName}.dnsmasq" readonly dnsmasqIpsetCache="/var/run/${packageName}/dnsmasq.ipset.cache" readonly dnsmasqIpsetGzip="${packageName}.dnsmasq.ipset.gz" readonly dnsmasqIpsetFilter='s|^|ipset=/|;s|$|/adb|' readonly dnsmasqIpsetOutputFilter='s|ipset=/||;s|/adb$||;' -readonly dnsmasqNftsetFile="${packageName}.nftset" +readonly dnsmasqNftsetFile="/var/run/${packageName}/${packageName}.dnsmasq" readonly dnsmasqNftsetCache="/var/run/${packageName}/dnsmasq.nftset.cache" readonly dnsmasqNftsetGzip="${packageName}.dnsmasq.nftset.gz" readonly dnsmasqNftsetFilter='s|^|nftset=/|;s|$|/4#inet#fw4#adb4|' @@ -115,48 +113,95 @@ readonly canaryDomainsiCloud='mask.icloud.com mask-h2.icloud.com' readonly triggersReload='parallel_downloads debug download_timeout allowed_domain blocked_domain allowed_url blocked_url dns config_update_enabled config_update_url dnsmasq_config_file_url curl_additional_param curl_max_file_size curl_retry' readonly triggersRestart='compressed_cache compressed_cache_dir force_dns led force_dns_port' +# Silence "Command failed: Not found" for redundant procd service delete calls +__UBUS_BIN="$(command -v ubus || echo /bin/ubus)" +ubus() { + if [ "$1" = "call" ] && [ "$2" = "service" ] && [ "$3" = "delete" ]; then + "$__UBUS_BIN" "$@" >/dev/null 2>&1 || true + else + "$__UBUS_BIN" "$@" + fi +} + dl_command= dl_flag= isSSLSupported= +loadEnvironmentFlag= +loadPackageConfigFlag= outputAllowFilter= outputBlockedCountFilter= outputFilter= outputFilterIPv6= outputFile= -outputDnsmasqFileList= outputGzip= outputCache= outputOutputFilter= +triggerStatus= awk='awk' -load_environment_flag= allowed_url= blocked_url= fw4_restart_flag= adbf_boot_flag= +dnsmasq_features= +dnsmasq_ubus= + +# package config variables +allow_non_ascii= +canary_domains_icloud= +canary_domains_mozilla= +compressed_cache= +config_update_enabled= +debug_init_script= +debug_performance= +enabled= +force_dns= +ipv6_enabled= +parallel_downloads= +procd_trigger_wan6= +sanity_check= +update_config_sizes= +allowed_domain= +blocked_domain= +compressed_cache_dir= +config_update_url= +curl_additional_param= +curl_max_file_size= +curl_retry= +dns= +dnsmasq_config_file_url= +dnsmasq_instance= +download_timeout= +force_dns_interface= +force_dns_port= +heartbeat_domain= +heartbeat_sleep_timeout= +led= +pause_timeout= +procd_boot_wan_timeout= +smartdns_instance= +verbosity= # shellcheck disable=SC1091 -. /lib/functions.sh +. "${IPKG_INSTROOT}/lib/functions.sh" # shellcheck disable=SC1091 -. /lib/functions/network.sh +. "${IPKG_INSTROOT}/lib/functions/network.sh" # shellcheck disable=SC1091 -. /usr/share/libubox/jshn.sh +. "${IPKG_INSTROOT}/usr/share/libubox/jshn.sh" append_newline() { is_newline_ending "$1" || echo '' >> "$1"; } check_ipset() { { command -v ipset && /usr/sbin/ipset help hash:net; } >/dev/null 2>&1; } check_nft() { command -v nft >/dev/null 2>&1; } check_dnsmasq() { command -v dnsmasq >/dev/null 2>&1; } -check_dnsmasq_ipset() { - local o; - check_dnsmasq || return 1 - o="$(dnsmasq -v 2>/dev/null)" - check_ipset && ! echo "$o" | grep -q 'no-ipset' && echo "$o" | grep -q 'ipset' -} -check_dnsmasq_nftset() { - local o; - check_dnsmasq || return 1 - o="$(dnsmasq -v 2>/dev/null)" - check_nft && ! echo "$o" | grep -q 'no-nftset' && echo "$o" | grep -q 'nftset' +check_dnsmasq_feature () { + [ -z "$dnsmasq_features" ] && dnsmasq_features="$(dnsmasq --version | grep -m1 'Compile time options:' | cut -d: -f2) " + case "$1" in + idn) [ "${dnsmasq_features#* IDN }" != "$dnsmasq_features" ];; + ipset) [ "${dnsmasq_features#* ipset }" != "$dnsmasq_features" ];; + nftset) [ "${dnsmasq_features#* nftset }" != "$dnsmasq_features" ];; + esac } +check_dnsmasq_ipset() { check_ipset && check_dnsmasq_feature 'ipset'; } +check_dnsmasq_nftset() { check_nft && check_dnsmasq_feature 'nftset'; } check_smartdns() { command -v smartdns >/dev/null 2>&1; } check_smartdns_ipset() { check_smartdns && check_ipset; } check_smartdns_nftset() { check_smartdns && check_nft; } @@ -192,7 +237,6 @@ adb_config_cache() { get) case "$var" in trigger_fw4) - ret='false' if [ -s "$runningConfigFile" ]; then local UCI_CONFIG_DIR="${runningConfigFile%/*}" is_fw4_restart_needed && ret='true' @@ -280,7 +324,7 @@ dns_set_output_values() { outputCache="$dnsmasqAddnhostsCache" outputGzip="${compressed_cache_dir}/${dnsmasqAddnhostsGzip}" outputOutputFilter="$dnsmasqAddnhostsOutputFilter" - if [ "$ipv6_enabled" -ne '0' ]; then + if [ -n "$ipv6_enabled" ]; then outputFilterIPv6="$dnsmasqAddnhostsFilterIPv6" fi ;; @@ -299,7 +343,7 @@ dns_set_output_values() { outputOutputFilter="$dnsmasqIpsetOutputFilter" ;; dnsmasq.nftset) - if [ "$ipv6_enabled" -ne '0' ]; then + if [ -n "$ipv6_enabled" ]; then outputFilter="$dnsmasqNftsetFilterIPv6" else outputFilter="$dnsmasqNftsetFilter" @@ -357,7 +401,7 @@ dnsmasq_kill() { killall -q -s KILL dnsmasq; } dnsmasq_restart() { /etc/init.d/dnsmasq restart >/dev/null 2>&1; } is_enabled() { uci_get "$1" 'config' 'enabled' '0'; } is_fw4_restart_needed() { - [ "$fw4_restart_flag" = 'true' ] && return 0 + [ -n "$fw4_restart_flag" ] && return 0 local dns force_dns dns="$(uci_get "$packageName" 'config' 'dns' 'dnsmasq.servers')" force_dns="$(uci_get "$packageName" 'config' 'force_dns' '1')" @@ -408,7 +452,7 @@ get_mem_total() { led_on(){ if [ -n "${1}" ] && [ -e "${1}/trigger" ]; then echo 'default-on' > "${1}/trigger" 2>&1; fi; } led_off(){ if [ -n "${1}" ] && [ -e "${1}/trigger" ]; then echo 'none' > "${1}/trigger" 2>&1; fi; } logger() { /usr/bin/logger -t "$packageName" "$@"; } -logger_debug() { /usr/bin/logger -t "$packageName [$$]" "$@"; } +logger_debug() { [ -n "$debug_performance" ] && /usr/bin/logger -t "$packageName [$$]" "$@"; } nft() { "$nft" "$@" >/dev/null 2>&1; } output_dot() { output 1 "$_DOT_"; output 2 "$__DOT__"; } output_ok() { output 1 "$_OK_"; output 2 "$__OK__\n"; } @@ -449,9 +493,11 @@ unbound_restart() { /etc/init.d/unbound restart >/dev/null 2>&1; } json() { { - flock -x 207 + flock -x 209 local status message stats i local action="$1" param="$2" value="$3"; shift 3; local info="$*"; + local _current_namespace="$_JSON_PREFIX" + json_set_namespace "${packageName//-/_}_" [ "$param" = 'error' ] && param='errors' [ "$param" = 'warning' ] && param='warnings' { json_load_file "$runningStatusFile" || json_init; } >/dev/null 2>&1 @@ -468,11 +514,13 @@ json() { esac fi printf "%b" "$i" + json_set_namespace "$_current_namespace" return ;; get:*) json_get_var 'i' "$param" >/dev/null 2>&1 printf "%b" "$i" + json_set_namespace "$_current_namespace" return ;; 'add:errors'|'add:warnings') @@ -512,7 +560,8 @@ json() { mkdir -p "${runningStatusFile%/*}" json_dump > "$runningStatusFile" sync - } 207>"$runningStatusFileLock" + json_set_namespace "$_current_namespace" + } 209>"$runningStatusFileLock" } get_local_filesize() { @@ -530,18 +579,18 @@ get_local_filesize() { get_url_filesize() { local url="$1" size size_command timeout_sec=2 [ -n "$url" ] || return 0 - if is_present 'curl'; then - # shellcheck disable=SC1017 - size_command='curl --silent --insecure --fail --head --request GET' - size="$($size_command --connect-timeout $timeout_sec "$url" | awk -F": " '{IGNORECASE=1}/content-length/ {gsub(/\r/, ""); print $2}' )" - fi - - # Check if size is empty and fallback to uclient-fetch if necessary - if [ -z "$size" ] && is_present 'uclient-fetch' ; then - # shellcheck disable=SC1017 - size_command='uclient-fetch --spider' - size="$($size_command --timeout $timeout_sec "$url" -O /dev/null 2>&1 | sed -n '/^Download/ s/.*(\([0-9]*\) bytes).*/\1/p')" - fi + if is_present 'curl'; then + # shellcheck disable=SC1017 + size_command='curl --silent --insecure --fail --head --request GET' + size="$($size_command --connect-timeout $timeout_sec "$url" | awk -F": " '{IGNORECASE=1}/content-length/ {gsub(/\r/, ""); print $2}' )" + fi + + # Check if size is empty and fallback to uclient-fetch if necessary + if [ -z "$size" ] && is_present 'uclient-fetch' ; then + # shellcheck disable=SC1017 + size_command='uclient-fetch --spider' + size="$($size_command --timeout $timeout_sec "$url" -O /dev/null 2>&1 | sed -n '/^Download/ s/.*(\([0-9]*\) bytes).*/\1/p')" + fi # shellcheck disable=SC3037 echo -en "$size" } @@ -577,9 +626,8 @@ uci_changes() { local PACKAGE="$1" local CONFIG="$2" local OPTION="$3" - if [ -s "${UCI_CONFIG_DIR:-/etc/config/}${PACKAGE}" ]; then - /sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} changes "$PACKAGE${CONFIG:+.$CONFIG}${OPTION:+.$OPTION}" - fi + [ -s "${UCI_CONFIG_DIR:-/etc/config/}${PACKAGE}" ] && \ + [ -n "$(/sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} changes "$PACKAGE${CONFIG:+.$CONFIG}${OPTION:+.$OPTION}")" ] } get_text() { @@ -715,20 +763,110 @@ detect_file_type() { fi } -load_environment() { - local i j - local validation_result="$1" param="$2" +load_package_config() { + config_load "$packageName" + config_get_bool allow_non_ascii 'config' 'allow_non_ascii' '0' + config_get_bool canary_domains_icloud 'config' 'canary_domains_icloud' '0' + config_get_bool canary_domains_mozilla 'config' 'canary_domains_mozilla' '0' + config_get_bool compressed_cache 'config' 'compressed_cache' '0' + config_get_bool config_update_enabled 'config' 'config_update_enabled' '0' + config_get_bool debug_init_script 'config' 'debug_init_script' '0' + config_get_bool debug_performance 'config' 'debug_performance' '0' + config_get_bool enabled 'config' 'enabled' '0' + config_get_bool force_dns 'config' 'force_dns' '1' + config_get_bool ipv6_enabled 'config' 'ipv6_enabled' '0' + config_get_bool parallel_downloads 'config' 'parallel_downloads' '1' + config_get_bool procd_trigger_wan6 'config' 'procd_trigger_wan6' '0' + config_get_bool sanity_check 'config' 'sanity_check' '1' + config_get_bool update_config_sizes 'config' 'update_config_sizes' '1' + config_get allowed_domain 'config' 'allowed_domain' + config_get blocked_domain 'config' 'blocked_domain' + config_get compressed_cache_dir 'config' 'compressed_cache_dir' '/etc' + config_get config_update_url 'config' 'config_update_url' 'https://cdn.jsdelivr.net/gh/openwrt/packages/net/adblock-fast/files/adblock-fast.config.update' + config_get curl_additional_param 'config' 'curl_additional_param' + config_get curl_max_file_size 'config' 'curl_max_file_size' + config_get curl_retry 'config' 'curl_retry' '3' + config_get dns 'config' 'dns' 'dnsmasq.servers' + config_get dnsmasq_config_file_url 'config' 'dnsmasq_config_file_url' + config_get dnsmasq_instance 'config' 'dnsmasq_instance' '*' + config_get download_timeout 'config' 'download_timeout' '20' + config_get force_dns_interface 'config' 'force_dns_interface' 'lan' + config_get force_dns_port 'config' 'force_dns_port' '53 853' + config_get heartbeat_domain 'config' 'heartbeat_domain' 'heartbeat.melmac.ca' + config_get heartbeat_sleep_timeout 'config' 'heartbeat_sleep_timeout' '10' + config_get led 'config' 'led' 'led' + config_get pause_timeout 'config' 'pause_timeout' '20' + config_get procd_boot_wan_timeout 'config' 'procd_boot_wan_timeout' '60' + config_get smartdns_instance 'config' 'smartdns_instance' '*' + config_get verbosity 'config' 'verbosity' '2' + + [ "$allow_non_ascii" = '1' ] || unset allow_non_ascii + [ "$canary_domains_icloud" = '1' ] || unset canary_domains_icloud + [ "$canary_domains_mozilla" = '1' ] || unset canary_domains_mozilla + [ "$compressed_cache" = '1' ] || unset compressed_cache + [ "$config_update_enabled" = '1' ] || unset config_update_enabled + [ "$debug_init_script" = '1' ] || unset debug_init_script + [ "$debug_performance" = '1' ] || unset debug_performance + [ "$enabled" = '1' ] || unset enabled + [ "$ipv6_enabled" = '1' ] || unset ipv6_enabled + [ "$procd_trigger_wan6" = '1' ] || unset procd_trigger_wan6 + + dns_set_output_values "$dns" + [ "$heartbeat_domain" = '-' ] && unset heartbeat_domain || heartbeat_domain="$(sanitize_domain "$heartbeat_domain")" + if [ "$(sanitize_dir "$compressed_cache_dir")" = '/' ]; then + compressed_cache_dir='' + elif [ -n "$(sanitize_dir "$compressed_cache_dir")" ]; then + compressed_cache_dir="$(sanitize_dir "$compressed_cache_dir")" + else + compressed_cache_dir="/etc" + fi - [ -z "$load_environment_flag" ] || return 0 + unset loadEnvironmentFlag + loadPackageConfigFlag='true' +} - if [ "$validation_result" != '0' ]; then - json add error 'errorConfigValidationFail' - output_error "$(get_text 'errorConfigValidationFail')" - output "Please check if the '$packageConfigFile' contains correct values for config options.\n" - return 1 +load_dl_command() { + # Prefer curl because it supports the file:// scheme. + if is_present 'curl'; then + dl_command='curl -f --silent --insecure' + dl_command="${dl_command}${curl_additional_param:+ $curl_additional_param}" + dl_command="${dl_command}${curl_max_file_size:+ --max-filesize $curl_max_file_size}" + dl_command="${dl_command}${curl_retry:+ --retry $curl_retry}" + dl_command="${dl_command}${download_timeout:+ --connect-timeout $download_timeout}" + dl_flag='-o' + elif is_present '/usr/libexec/wget-ssl'; then + dl_command='/usr/libexec/wget-ssl --no-check-certificate -q' + dl_command="${dl_command}${download_timeout:+ --timeout $download_timeout}" + dl_flag="-O" + size_command='/usr/libexec/wget-ssl --no-check-certificate -q -O /dev/null --server-response' + size_command="${size_command}${download_timeout:+ --timeout $download_timeout}" + elif is_present wget && wget --version 2>/dev/null | grep -q "+https"; then + dl_command="wget --no-check-certificate -q" + dl_command="${dl_command}${download_timeout:+ --timeout $download_timeout}" + dl_flag="-O" + size_command='wget --no-check-certificate -q -O /dev/null --server-response' + size_command="${size_command}${download_timeout:+ --timeout $download_timeout}" + else + dl_command="uclient-fetch --no-check-certificate -q" + dl_command="${dl_command}${download_timeout:+ --timeout $download_timeout}" + dl_flag="-O" + fi + if curl --version 2>/dev/null | grep -q "Protocols: .*https.*" \ + || wget --version 2>/dev/null | grep -q "+ssl"; then + isSSLSupported='true' + else + unset isSSLSupported fi +} + +load_environment() { + local i j + local param="$1" validation_result="$2" - if [ "$enabled" -eq 0 ]; then + [ -z "$loadEnvironmentFlag" ] || return 0 + [ -n "$loadPackageConfigFlag" ] || load_package_config + + if [ -z "$enabled" ]; then json add error 'errorServiceDisabled' output_error "$(get_text 'errorServiceDisabled')" output "Run the following commands before starting service again:\n" @@ -736,47 +874,50 @@ load_environment() { return 1 fi - if [ "$debug" -ne '0' ]; then + if [ -n "$validation_result" ] && [ "$validation_result" != '0' ]; then + output 1 "$_FAIL_\n" + json add error 'errorConfigValidationFail' + output_error "$(get_text 'errorConfigValidationFail')" + output "Please check if the '$packageConfigFile' contains correct values for config options.\n" + return 1 + fi + + if [ -n "$debug_init_script" ]; then exec 1>>"/tmp/$packageName.log" exec 2>&1 set -x fi -# TODO: check for resolver and error out on start - [ "$heartbeat_domain" = '-' ] && unset heartbeat_domain - heartbeat_domain="$(sanitize_domain "$heartbeat_domain")" - [ "$sanity_check" = '1' ] || unset sanity_check - [ "$update_config_sizes" = '1' ] || unset update_config_sizes - - if [ -n "$dnsmasq_config_file_url" ]; then - case "$dns" in - dnsmasq.conf) :;; - *) - if [ "$param" != 'quiet' ]; then - json add warning 'warningExternalDnsmasqConfig' - output_warning "$(get_text 'warningExternalDnsmasqConfig')" - fi - ;; - esac - fi - + # Check for resolver presence and error out on start case "$dns" in dnsmasq.*) - if dnsmasq -v 2>/dev/null | grep -q 'no-IDN' || ! dnsmasq -v 2>/dev/null | grep -q -w 'IDN'; then - allow_non_ascii='0' + if ! check_dnsmasq; then + [ "$param" != 'quiet' ] && { json add error 'errorDNSReload'; output_error "Resolver 'dnsmasq' not found"; } + return 1 + fi + if check_dnsmasq_feature 'idn'; then + allow_non_ascii='' fi ;; smartdns.*) - allow_non_ascii='0' + if ! check_smartdns; then + [ "$param" != 'quiet' ] && { json add error 'errorDNSReload'; output_error "Resolver 'smartdns' not found"; } + return 1 + fi + allow_non_ascii='' ;; unbound.*) - allow_non_ascii='1' + if ! check_unbound; then + [ "$param" != 'quiet' ] && { json add error 'errorDNSReload'; output_error "Resolver 'unbound' not found"; } + return 1 + fi + allow_non_ascii='true' ;; esac case "$dns" in dnsmasq.ipset) - if dnsmasq -v 2>/dev/null | grep -q 'no-ipset' || ! dnsmasq -v 2>/dev/null | grep -q -w 'ipset'; then + if check_dnsmasq_feature 'ipset'; then if [ "$param" != 'quiet' ]; then json add error 'errorNoDnsmasqIpset' output_error "$(get_text 'errorNoDnsmasqIpset')" @@ -792,7 +933,7 @@ load_environment() { fi ;; dnsmasq.nftset) - if dnsmasq -v 2>/dev/null | grep -q 'no-nftset' || ! dnsmasq -v 2>/dev/null | grep -q -w 'nftset'; then + if check_dnsmasq_feature 'nftset'; then if [ "$param" != 'quiet' ]; then json add error 'errorNoDnsmasqNftset' output_error "$(get_text 'errorNoDnsmasqNftset')" @@ -827,18 +968,19 @@ load_environment() { ;; esac - if [ "$(sanitize_dir "$compressed_cache_dir")" = '/' ]; then - compressed_cache_dir='' - elif [ -n "$(sanitize_dir "$compressed_cache_dir")" ]; then - compressed_cache_dir="$(sanitize_dir "$compressed_cache_dir")" - else - json add warning 'warningInvalidCompressedCacheDir' "$compressed_cache_dir" - output_warning "$(get_text 'warningInvalidCompressedCacheDir' "$compressed_cache_dir")" - compressed_cache_dir="/etc" + if [ -n "$dnsmasq_config_file_url" ]; then + unset update_config_sizes + case "$dns" in + dnsmasq.conf) :;; + *) + dns='dnsmasq.conf' + if [ "$param" != 'quiet' ]; then + json add warning 'warningExternalDnsmasqConfig' + fi + ;; + esac fi - dns_set_output_values "$dns" - [ "$dns" = 'dnsmasq.addnhosts' ] || rm -f "$dnsmasqAddnhostsFile" "$dnsmasqAddnhostsCache" "${compressed_cache_dir}/${dnsmasqAddnhostsGzip}" [ "$dns" = 'dnsmasq.conf' ] || rm -f "$dnsmasqConfCache" "${compressed_cache_dir}/${dnsmasqConfGzip}" [ "$dns" = 'dnsmasq.ipset' ] || rm -f "$dnsmasqIpsetCache" "${compressed_cache_dir}/${dnsmasqIpsetGzip}" @@ -872,41 +1014,13 @@ load_environment() { output "opkg update; opkg --force-overwrite install $s;" fi fi - # Prefer curl because it supports the file:// scheme. - if is_present 'curl'; then - dl_command='curl --silent --insecure' - dl_command="${dl_command}${curl_additional_param:+ $curl_additional_param}" - dl_command="${dl_command}${curl_max_file_size:+ --max-filesize $curl_max_file_size}" - dl_command="${dl_command}${curl_retry:+ --retry $curl_retry}" - dl_command="${dl_command}${download_timeout:+ --connect-timeout $download_timeout}" - dl_flag='-o' - elif is_present '/usr/libexec/wget-ssl'; then - dl_command='/usr/libexec/wget-ssl --no-check-certificate -q' - dl_command="${dl_command}${download_timeout:+ --timeout $download_timeout}" - dl_flag="-O" - size_command='/usr/libexec/wget-ssl --no-check-certificate -q -O /dev/null --server-response' - size_command="${size_command}${download_timeout:+ --timeout $download_timeout}" - elif is_present wget && wget --version 2>/dev/null | grep -q "+https"; then - dl_command="wget --no-check-certificate -q" - dl_command="${dl_command}${download_timeout:+ --timeout $download_timeout}" - dl_flag="-O" - size_command='wget --no-check-certificate -q -O /dev/null --server-response' - size_command="${size_command}${download_timeout:+ --timeout $download_timeout}" - else - dl_command="uclient-fetch --no-check-certificate -q" - dl_command="${dl_command}${download_timeout:+ --timeout $download_timeout}" - dl_flag="-O" - fi + + load_dl_command + led="${led:+/sys/class/leds/$led}" - if curl --version 2>/dev/null | grep -q "Protocols: .*https.*" \ - || wget --version 2>/dev/null | grep -q "+ssl"; then - isSSLSupported=1 - else - unset isSSLSupported - fi config_load "$packageName" config_foreach append_url 'file_url' allowed_url blocked_url - load_environment_flag=1 + loadEnvironmentFlag='true' adb_file 'test_cache' && return 0 adb_file 'test_gzip' && return 0 if [ "$param" = 'on_boot' ]; then @@ -918,38 +1032,61 @@ load_environment() { } resolver() { + _dnsmasq_instance_get_confdir() { + local cfg_file + [ -z "$dnsmasq_ubus" ] && dnsmasq_ubus="$(ubus call service list '{"name":"dnsmasq"}')" + cfg_file="$(echo "$dnsmasq_ubus" | jsonfilter -e "@.dnsmasq.instances.${1}.command" \ + | awk '{gsub(/\\\//,"/");gsub(/[][",]/,"");for(i=1;i<=NF;i++)if($i=="-C"){print $(i+1);exit}}')" + awk -F= '/^conf-dir=/{print $2; exit}' "$cfg_file" + } _dnsmasq_instance_config() { - local cfg="$1" param="$2" confdir confdirFile + local cfg="$1" param="$2" confdir [ -s "/etc/config/dhcp" ] || return 0 [ -n "$(uci_get dhcp "$cfg")" ] || return 1 case "$param" in dnsmasq.addnhosts) + # clean up other dnsmasq configs + confdir="$(_dnsmasq_instance_get_confdir "$cfg")" + [ -n "$confdir" ] && rm -f "${confdir}/${packageName}" + uci_remove_list 'dhcp' "$cfg" 'addnmount' "$dnsmasqConfFile" if [ "$(uci_get 'dhcp' "$cfg" 'serversfile')" = "$dnsmasqServersFile" ]; then uci_remove 'dhcp' "$cfg" 'serversfile' fi + # add dnsmasq addnhosts config uci_add_list_if_new 'dhcp' "$cfg" 'addnhosts' "$dnsmasqAddnhostsFile" ;; cleanup|unbound.adb_list) -# shellcheck disable=SC2016 - if grep -q 'config_get dnsmasqconfdir "$cfg" confdir "/tmp/dnsmasq${cfg:+.$cfg}.d"' '/etc/init.d/dnsmasq'; then - config_get confdir "$cfg" 'confdir' "/tmp/dnsmasq${cfg:+.$cfg}.d" - else - config_get confdir "$cfg" 'confdir' '/tmp/dnsmasq.d' - fi - rm -f "${confdir}/${dnsmasqConfFile}" "${confdir}/${dnsmasqIpsetFile}" "${confdir}/${dnsmasqNftsetFile}" + # clean up all dnsmasq configs + confdir="$(_dnsmasq_instance_get_confdir "$cfg")" + [ -n "$confdir" ] && rm -f "${confdir}/${packageName}" uci_remove_list 'dhcp' "$cfg" 'addnhosts' "$dnsmasqAddnhostsFile" + uci_remove_list 'dhcp' "$cfg" 'addnmount' "$dnsmasqConfFile" if [ "$(uci_get 'dhcp' "$cfg" 'serversfile')" = "$dnsmasqServersFile" ]; then uci_remove 'dhcp' "$cfg" 'serversfile' fi ;; dnsmasq.conf|dnsmasq.ipset|dnsmasq.nftset) + # clean up other dnsmasq configs uci_remove_list 'dhcp' "$cfg" 'addnhosts' "$dnsmasqAddnhostsFile" if [ "$(uci_get 'dhcp' "$cfg" 'serversfile')" = "$dnsmasqServersFile" ]; then uci_remove 'dhcp' "$cfg" 'serversfile' fi + # add dnsmasq conf addnmount to point to adblock-fast file + uci_add_list_if_new 'dhcp' "$cfg" 'addnmount' "$dnsmasqConfFile" + # add softlink to adblock-fast file + confdir="$(_dnsmasq_instance_get_confdir "$cfg")" + [ -n "$confdir" ] || return 1 + ln -sf "$dnsmasqConfFile" "${confdir}/${packageName}" + chmod 660 "${confdir}/${packageName}" + chown -h root:dnsmasq "${confdir}/${packageName}" >/dev/null 2>/dev/null ;; dnsmasq.servers) + # clean up other dnsmasq configs uci_remove_list 'dhcp' "$cfg" 'addnhosts' "$dnsmasqAddnhostsFile" + confdir="$(_dnsmasq_instance_get_confdir "$cfg")" + [ -n "$confdir" ] && rm -f "${confdir}/${packageName}" + uci_remove_list 'dhcp' "$cfg" 'addnmount' "$dnsmasqConfFile" + # add dnsmasq servers config if [ "$(uci_get 'dhcp' "$cfg" 'serversfile')" != "$dnsmasqServersFile" ]; then uci_set 'dhcp' "$cfg" 'serversfile' "$dnsmasqServersFile" fi @@ -964,25 +1101,6 @@ resolver() { config_get instance_port "$cfg" 'port' '53' str_contains_word "$force_dns_port" "$instance_port" || force_dns_port="${force_dns_port:+$force_dns_port }${instance_port}" } -# shellcheck disable=SC2016,SC2317 - _dnsmasq_instance_init() { - local cfg="$1" param="$2" confdir confdirFile - [ -s "/etc/config/dhcp" ] || return 0 - [ -n "$(uci_get 'dhcp' "$cfg")" ] || return 1 - case "$param" in - dnsmasq.conf|dnsmasq.ipset|dnsmasq.nftset) - if grep -q 'config_get dnsmasqconfdir "$cfg" confdir "/tmp/dnsmasq${cfg:+.$cfg}.d"' '/etc/init.d/dnsmasq'; then - config_get confdir "$cfg" 'confdir' "/tmp/dnsmasq${cfg:+.$cfg}.d" - else - config_get confdir "$cfg" 'confdir' '/tmp/dnsmasq.d' - fi - confdirFile="${confdir}/${outputFile}" - if ! str_contains "$outputDnsmasqFileList" "$confdirFile"; then - outputDnsmasqFileList="${outputDnsmasqFileList:+$outputDnsmasqFileList }${confdirFile}" - fi - ;; - esac - } _smartdns_instance_append_force_dns_port() { [ -s "/etc/config/smartdns" ] || return 0 [ -n "$(uci_get 'smartdns' "$cfg")" ] || return 1 @@ -1011,7 +1129,7 @@ resolver() { ;; smartdns.nftset) local nftset="#4:inet#fw4#adb4" - [ "$ipv6_enabled" -ne '0' ] && nftset="${nftset},#6:inet#fw4#adb6" + [ -n "$ipv6_enabled" ] && nftset="${nftset},#6:inet#fw4#adb6" { echo "domain-set -name adblock-fast -file $outputFile"; \ echo "domain-rules /domain-set:adblock-fast/ -nftset $nftset"; } > "$outputConfig" uci_add_list_if_new 'smartdns' "$cfg" 'conf_files' "$outputConfig" @@ -1043,29 +1161,16 @@ resolver() { if [ -s "/etc/config/dhcp" ]; then config_load 'dhcp' config_foreach _dnsmasq_instance_config 'dnsmasq' 'cleanup' - [ -n "$(uci_changes 'dhcp')" ] && uci_commit 'dhcp' + uci_changes 'dhcp' && uci_commit 'dhcp' fi if [ -s "/etc/config/smartdns" ]; then config_load 'smartdns' config_foreach _smartdns_instance_config 'smartdns' 'cleanup' - [ -n "$(uci_changes 'smartdns')" ] && uci_commit 'smartdns' + uci_changes 'smartdns' && uci_commit 'smartdns' fi ;; on_load) - case "$dns" in - dnsmasq.conf|dnsmasq.ipset|dnsmasq.nftset) - [ -z "$outputDnsmasqFileList" ] || return 0 - config_load 'dhcp' - if [ "$dnsmasq_instance" = "*" ]; then - config_foreach _dnsmasq_instance_init 'dnsmasq' "$dns" - elif [ -n "$dnsmasq_instance" ]; then - for i in $dnsmasq_instance; do - _dnsmasq_instance_init "@dnsmasq[$i]" "$dns" || _dnsmasq_instance_init "$i" "$dns" - done - fi - outputFile="$(str_first_word "$outputDnsmasqFileList")" - ;; - esac + : ;; on_stop|quiet|quiet_restart) eval "${resolver_name}_restart" @@ -1212,14 +1317,8 @@ resolver() { _dnsmasq_instance_append_force_dns_port "@dnsmasq[$i]" || _dnsmasq_instance_append_force_dns_port "$i" done fi - [ -n "$(uci_changes dhcp)" ] && uci_commit 'dhcp' - if [ -n "$outputDnsmasqFileList" ]; then - local i - for i in $outputDnsmasqFileList; do - chmod 660 "$i" - chown root:dnsmasq "$i" >/dev/null 2>/dev/null - done - elif adb_file 'test'; then + uci_changes 'dhcp' && uci_commit 'dhcp' + if adb_file 'test'; then chmod 660 "$outputFile" chown root:dnsmasq "$outputFile" >/dev/null 2>/dev/null else @@ -1240,7 +1339,7 @@ resolver() { _smartdns_instance_append_force_dns_port "@smartdns[$i]" || _smartdns_instance_append_force_dns_port "$i" done fi - [ -n "$(uci_changes smartdns)" ] && uci_commit 'smartdns' + uci_changes 'smartdns' && uci_commit 'smartdns' chmod 660 "$outputFile" "$outputConfig" chown root:root "$outputFile" "$outputConfig" >/dev/null 2>/dev/null ;; @@ -1260,44 +1359,12 @@ adb_file() { local R_TMP case "$1" in create|backup) - if [ -n "$outputDnsmasqFileList" ]; then - local i __firstFile - for i in $outputDnsmasqFileList; do - if [ -z "$__firstFile" ]; then - __firstFile="$i" - if ! mv "$i" "$outputCache"; then - json add error 'errorCreatingBackupFile' "$outputCache" - fi - else - if ! rm -f "$i"; then - json add error 'errorDeletingDataFile' "$i" - fi - fi - done - else - [ -s "$outputFile" ] && { mv -f "$outputFile" "$outputCache"; } >/dev/null 2>/dev/null - return $? - fi + [ -s "$outputFile" ] && { mv -f "$outputFile" "$outputCache"; } >/dev/null 2>/dev/null + return $? ;; restore|use) - if [ -n "$outputDnsmasqFileList" ]; then - local i __firstFile - for i in $outputDnsmasqFileList; do - if [ -z "$__firstFile" ]; then - __firstFile="$i" - if ! mv "$outputCache" "$i"; then - json add error 'errorRestoringBackupFile' "$i" - fi - else - if ! cp "$__firstFile" "$i"; then - json add error 'errorRestoringBackupFile' "$i" - fi - fi - done - else - [ -s "$outputCache" ] && mv "$outputCache" "$outputFile" >/dev/null 2>/dev/null - return $? - fi + [ -s "$outputCache" ] && mv "$outputCache" "$outputFile" >/dev/null 2>/dev/null + return $? ;; test|test_file) [ -s "$outputFile" ] @@ -1313,7 +1380,7 @@ adb_file() { ;; create_gzip) rm -f "$outputGzip" >/dev/null 2>/dev/null - R_TMP="$(mktemp -u -q -t "${packageName}_tmp.XXXXXXXX")" + R_TMP="$(mktemp -q -t "${packageName}_tmp.XXXXXXXX")" if gzip < "$outputFile" > "$R_TMP"; then if mv "$R_TMP" "$outputGzip"; then rm -f "$R_TMP" @@ -1330,6 +1397,12 @@ adb_file() { [ -s "$outputGzip" ] && gzip -dc < "$outputGzip" > "$outputCache" return $? ;; + remove_cache) + rm -f "$outputCache" >/dev/null 2>/dev/null + ;; + remove_gzip) + rm -f "$outputGzip" >/dev/null 2>/dev/null + ;; esac } @@ -1385,9 +1458,7 @@ process_file_url() { json add error 'errorNoSSLSupport' "${name:-$url}" return 0 fi - while [ -z "$R_TMP" ] || [ -e "$R_TMP" ]; do - R_TMP="$(mktemp -u -q -t "${packageName}_tmp.XXXXXXXX")" - done + R_TMP="$(mktemp -q -t "${packageName}_tmp.XXXXXXXX")" if [ -z "$url" ] || ! $dl_command "$url" "$dl_flag" "$R_TMP" 2>/dev/null || \ [ ! -s "$R_TMP" ]; then output 1 "$_FAIL_" @@ -1453,25 +1524,12 @@ download_dnsmasq_file() { output 1 'Downloading dnsmasq file ' process_file_url '' "$dnsmasq_config_file_url" 'file' output_dns 'Moving dnsmasq file ' - local i __firstFile - for i in $outputDnsmasqFileList; do - if [ -z "$__firstFile" ]; then - __firstFile="$i" - if mv "$B_TMP" "$i"; then - output_ok - else - output_fail - json add error 'errorMovingDataFile' "$i" - fi + if mv "$B_TMP" "$outputFile"; then + output_ok else - if cp "$__firstFile" "$i"; then - output_ok - else - output_fail - json add error 'errorCopyingDataFile' "$i" - fi + output_fail + json add error 'errorMovingDataFile' "$i" fi - done output 1 '\n' } @@ -1527,16 +1585,16 @@ download_lists() { config_load "$packageName" config_foreach load_validate_file_url_section 'file_url' process_file_url_wrapper wait - if [ -n "$(uci_changes "$packageName")" ]; then + if uci_changes "$packageName"; then output 2 "[PROC] Saving updated file sizes " if [ -n "$update_config_sizes" ] && uci_commit "$packageName"; then output_ok; else output_fail; fi fi output 1 '\n' - if [ "$canary_domains_icloud" -ne '0' ]; then + if [ -n "$canary_domains_icloud" ]; then canaryDomains="${canaryDomains:+$canaryDomains }${canaryDomainsiCloud}" fi - if [ "$canary_domains_mozilla" -ne '0' ]; then + if [ -n "$canary_domains_mozilla" ]; then canaryDomains="${canaryDomains:+$canaryDomains }${canaryDomainsMozilla}" fi @@ -1556,7 +1614,7 @@ download_lists() { sed -i '/^[[:space:]]*$/d' "$B_TMP" [ ! -s "$B_TMP" ] && return 1 - if [ "$allow_non_ascii" -gt 0 ]; then + if [ -n "$allow_non_ascii" ]; then if sort -u "$B_TMP" > "$A_TMP"; then output_ok else @@ -1573,7 +1631,7 @@ download_lists() { fi end_time=$(date +%s) elapsed=$(( end_time - start_time )) - logger_debug "[PROC-DEBUG] ${step_title} took ${elapsed}s" + logger_debug "[PERF-DEBUG] ${step_title} took ${elapsed}s" case "$dns" in 'dnsmasq.conf' | 'dnsmasq.ipset' | 'dnsmasq.nftset' | 'dnsmasq.servers' | \ @@ -1623,7 +1681,7 @@ download_lists() { fi end_time=$(date +%s) elapsed=$(( end_time - start_time )) - logger_debug "[PROC-DEBUG] ${step_title} took ${elapsed}s" + logger_debug "[PERF-DEBUG] ${step_title} took ${elapsed}s" ;; *) mv "$A_TMP" "$B_TMP" @@ -1657,7 +1715,7 @@ download_lists() { fi end_time=$(date +%s) elapsed=$(( end_time - start_time )) - logger_debug "[PROC-DEBUG] ${step_title} took ${elapsed}s" + logger_debug "[PERF-DEBUG] ${step_title} took ${elapsed}s" fi start_time=$(date +%s) @@ -1686,7 +1744,7 @@ download_lists() { fi end_time=$(date +%s) elapsed=$(( end_time - start_time )) - logger_debug "[PROC-DEBUG] ${step_title} took ${elapsed}s" + logger_debug "[PERF-DEBUG] ${step_title} took ${elapsed}s" if [ -n "$outputAllowFilter" ] && [ -n "$allowed_domain" ]; then rm -f "$SED_TMP"; touch "$SED_TMP"; @@ -1710,7 +1768,7 @@ download_lists() { fi end_time=$(date +%s) elapsed=$(( end_time - start_time )) - logger_debug "[PROC-DEBUG] ${step_title} took ${elapsed}s" + logger_debug "[PERF-DEBUG] ${step_title} took ${elapsed}s" else mv "$A_TMP" "$B_TMP" fi @@ -1721,27 +1779,6 @@ download_lists() { json set message "$(get_text 'statusProcessing'): ${step_title}" case "$dns" in - dnsmasq.conf|dnsmasq.ipset|dnsmasq.nftset) - local i __firstFile - for i in $outputDnsmasqFileList; do - if [ -z "$__firstFile" ]; then - __firstFile="$i" - if mv "$B_TMP" "$i"; then - output_ok - else - output_fail - json add error 'errorMovingDataFile' "$i" - fi - else - if cp "$__firstFile" "$i"; then - output_ok - else - output_fail - json add error 'errorCopyingDataFile' "$i" - fi - fi - done - ;; unbound.adb_list) if mv "$B_TMP" "$outputFile"; then output_ok @@ -1760,28 +1797,10 @@ download_lists() { fi ;; esac - if [ "$compressed_cache" -gt 0 ]; then - start_time=$(date +%s) - step_title="Creating ${dns} compressed cache" - output 2 "[PROC] ${step_title} " - json set message "$(get_text 'statusProcessing'): ${step_title}" - if adb_file 'create_gzip'; then - output_ok - else - output_fail - json add error 'errorCreatingCompressedCache' - fi - else - rm -f "$outputGzip" - fi - end_time=$(date +%s) - elapsed=$(( end_time - start_time )) - logger_debug "[PROC-DEBUG] ${step_title} took ${elapsed}s" output 2 '[PROC] Removing temporary files ' json set message "$(get_text 'statusProcessing'): removing temporary files" - rm -f "/tmp/${packageName}_tmp."* "$ALLOWED_TMP" "$A_TMP" "$B_TMP" "$SED_TMP" "$outputCache" || j=1 - if [ $j -eq 0 ]; then + if rm -f "/tmp/${packageName}_tmp."* "$ALLOWED_TMP" "$A_TMP" "$B_TMP" "$SED_TMP" "$outputCache"; then output_ok else output_fail @@ -1790,329 +1809,32 @@ download_lists() { output 1 '\n' } -adb_allow() { - local c hf string="$1" - local validation_result="$3" - load_environment "$validation_result" 'quiet' || return 1 - if ! adb_file 'test'; then - output "No block-list ('$outputFile') found.\n" - return 0 - elif [ -z "$string" ]; then - output "Usage: /etc/init.d/${packageName} allow 'domain' ...\n" - return 0 - elif [ -n "$dnsmasq_config_file_url" ]; then - output "Allowing individual domains is not possible when using external dnsmasq config file.\n" - return 0 +adb_config_update() { +# shellcheck disable=SC2317,SC2329 + _cleanup_missing_urls() { + local cfg="$1" url size + config_get url "$cfg" url + if [ -z "$url" ]; then + uci_delete "$packageName" "$cfg" + fi + } + local R_TMP label + local param="${1:-quiet}" + load_package_config + load_dl_command + label="${config_update_url##*//}" + label="${label%%/*}"; + [ -n "$config_update_enabled" ] || return 0 + + if [ "$param" != 'download' ]; then + adb_file 'test' && return 0 + adb_file 'test_cache' && return 0 + adb_file 'test_gzip' && return 0 fi - case "$dns" in - dnsmasq.*) - output 1 'Allowing domains and restarting dnsmasq ' - output 2 '[PROC] Allowing domains \n' - for c in $string; do - output 2 " $c " - hf="$(echo "$c" | sed 's/\./\\./g')" - local f - for f in ${outputDnsmasqFileList:-$outputFile}; do - if sed -i "\:\(/\|\.\)${hf}/:d" "$f"; then - output_ok - else - output_fail - fi - done - if [ -n "$outputAllowFilter" ]; then - if echo "$c" | sed -E "$outputAllowFilter" >> "$outputFile"; then - output_ok - else - output_fail - fi - fi - if uci_add_list_if_new "${packageName}" 'config' 'allowed_domain' "$c"; then - output_ok - else - output_fail - fi - done - if [ "$compressed_cache" -gt 0 ]; then - output 2 '[PROC] Creating compressed cache ' - if adb_file 'create_gzip'; then - output_ok - else - output_fail - fi - fi - output 2 '[PROC] Committing changes to config ' - if uci_commit "$packageName"; then - allowed_domain="$(uci_get "$packageName" 'config' 'allowed_domain')" - adb_config_cache 'create' - json set stats "$serviceName is blocking $(count_blocked_domains) domains (with ${dns})" - output_ok - if [ "$dns" = 'dnsmasq.ipset' ]; then - output 2 '[PROC] Flushing adb ipset ' - if ipset -q -! flush adb; then output_ok; else output_fail; fi - fi - if [ "$dns" = 'dnsmasq.nftset' ]; then - output 2 '[PROC] Flushing adb nft sets ' - nft flush set inet fw4 adb6 - if nft flush set inet fw4 adb4; then output_ok; else output_fail; fi - fi - output_dns 'Restarting dnsmasq ' - if dnsmasq_restart; then output_ok; else output_fail; fi - else - output_fail - fi - output 1 '\n' - ;; - smartdns.*) - output 1 'Allowing domains and restarting smartdns ' - output 2 '[PROC] Allowing domains \n' - for c in $string; do - output 2 " $c " - hf="$(echo "$c" | sed 's/\./\\./g')" - if sed -i "\:\(\"\|\.\)${hf}\":d" "$outputFile" && \ - uci_add_list_if_new "$packageName" 'config' 'allowed_domain' "$string"; then - output_ok - else - output_fail - fi - done - if [ "$compressed_cache" -gt 0 ]; then - output 2 '[PROC] Creating compressed cache ' - if adb_file 'create_gzip'; then - output_ok - else - output_fail - fi - fi - output 2 '[PROC] Committing changes to config ' - if uci_commit "$packageName"; then - allowed_domain="$(uci_get "$packageName" 'config' 'allowed_domain')" - adb_config_cache 'create' - json set stats "$serviceName is blocking $(count_blocked_domains) domains (with ${dns})" - output_ok; - output_dns 'Restarting SmartDNS ' - if smartdns_restart; then output_ok; else output_fail; fi - else - output_fail - fi - output 1 '\n' - ;; - unbound.*) - output 1 'Allowing domains and restarting Unbound ' - output 2 '[PROC] Allowing domains \n' - for c in $string; do - output 2 " $c " - hf="$(echo "$c" | sed 's/\./\\./g')" - if sed -i "\:\(\"\|\.\)${hf}\":d" "$outputFile" && \ - uci_add_list_if_new "$packageName" 'config' 'allowed_domain' "$string"; then - output_ok - else - output_fail - fi - done - if [ "$compressed_cache" -gt 0 ]; then - output 2 '[PROC] Creating compressed cache ' - if adb_file 'create_gzip'; then - output_ok - else - output_failn - fi - fi - output 2 '[PROC] Committing changes to config ' - if uci_commit "$packageName"; then - allowed_domain="$(uci_get "$packageName" 'config' 'allowed_domain')" - adb_config_cache 'create' - json set stats "$serviceName is blocking $(count_blocked_domains) domains (with ${dns})" - output_ok; - output_dns 'Restarting Unbound ' - if unbound_restart; then output_ok; else output_fail; fi - else - output_fail - fi - output 1 '\n' - ;; - esac -} - -adb_check() { - local c param="$1" - local validation_result="$3" - load_environment "$validation_result" 'quiet' || return 1 - if ! adb_file 'test'; then - output "No block-list ('$outputFile') found.\n" - return 0 - elif [ -z "$param" ]; then - output "Usage: /etc/init.d/${packageName} check 'domain' ...\n" - return 0 - fi - for string in ${param}; do - c="$(grep -c -E "$string" "$outputFile")" - if [ "$c" -gt 0 ]; then - if [ "$c" -eq 1 ]; then - output 1 "Found 1 match for '$string' in '$outputFile'.\n" - output 2 "[PROC] Found 1 match for '$string' in '$outputFile'.\n" - else - output 1 "Found $c matches for '$string' in '$outputFile'.\n" - output 2 "[PROC] Found $c matches for '$string' in '$outputFile'.\n" - fi - if [ "$c" -le 20 ]; then - grep "$string" "$outputFile" | sed "$outputOutputFilter" - fi - else - output 1 "The '$string' is not found in current block-list ('$outputFile').\n" - output 2 "[PROC] The '$string' is not found in current block-list ('$outputFile').\n" - fi - done -} - -adb_check_tld() { - local c param="$1" - local validation_result="$3" - load_environment "$validation_result" 'quiet' || return 1 - if ! adb_file 'test'; then - output "No block-list ('$outputFile') found.\n" - return 0 - fi - c="$(grep -cvE '\.|server:' "$outputFile")" - if [ "$c" -gt 0 ]; then - if [ "$c" -eq 1 ]; then - output 1 "Found 1 match for TLD in '$outputFile'.\n" - output 2 "[PROC] Found 1 match for TLD in '$outputFile'.\n" - else - output 1 "Found $c matches for TLDs in '$outputFile'.\n" - output 2 "[PROC] Found $c matches for TLDs in '$outputFile'.\n" - fi - if [ "$c" -le 20 ]; then - grep -vE '\.|server:' "$outputFile" | sed "$outputOutputFilter" - fi - else - output 1 "No TLD was found in current block-list ('$outputFile').\n" - output 2 "[PROC] No TLD was found in current block-list ('$outputFile').\n" - fi -} - -adb_check_leading_dot() { - local c param="$1" - local validation_result="$3" - local string - load_environment "$validation_result" 'quiet' || return 1 - if ! adb_file 'test'; then - output "No block-list ('$outputFile') found.\n" - return 0 - fi - case "$dns" in - dnsmasq.*) string='/\.';; - smartdns.*) string='^\.';; - unbound.*) string='"\.';; - esac - c="$(grep -c "$string" "$outputFile")" - if [ "$c" -gt 0 ]; then - if [ "$c" -eq 1 ]; then - output 1 "Found 1 match for leading-dot domain in '$outputFile'.\n" - output 2 "[PROC] Found 1 match for leading-dot domain in '$outputFile'.\n" - else - output 1 "Found $c matches for leading-dot domains in '$outputFile'.\n" - output 2 "[PROC] Found $c matches for leading-dot domains in '$outputFile'.\n" - fi - if [ "$c" -le 20 ]; then - grep "$string" "$outputFile" | sed "$outputOutputFilter" - fi - else - output 1 "No leading-dot domain was found in current block-list ('$outputFile').\n" - output 2 "[PROC] No leading-dot domain was found in current block-list ('$outputFile').\n" - fi -} - -adb_check_lists() { -# shellcheck disable=SC2317,SC2329 - _check_list() { - local cfg="$1" - local en size url name R_TMP string c - config_get_bool en "$cfg" enabled '1' - config_get action "$cfg" action 'block' - config_get url "$cfg" url - config_get name "$cfg" name - name="${name:-$url}" - - [ "$en" = '0' ] && return 0 - [ "$action" != 'block' ] && return 0 - - output 1 "Checking ${name}: " - output 2 "[ DL ] $name " - - if is_https_url "$url" && [ -z "$isSSLSupported" ]; then - output_failn - return 1 - fi - while [ -z "$R_TMP" ] || [ -e "$R_TMP" ]; do - R_TMP="$(mktemp -u -q -t "${packageName}_tmp.XXXXXXXX")" - done - if [ -z "$url" ] || ! $dl_command "$url" "$dl_flag" "$R_TMP" 2>/dev/null || \ - [ ! -s "$R_TMP" ]; then - output_failn - return 1 - else - output 2 "$__OK__\n" - fi - append_newline "$R_TMP" - for string in ${param}; do - c="$(grep -c -E "$string" "$R_TMP")" - if [ "$c" -gt 0 ]; then - if [ "$c" -eq 1 ]; then - output 1 "found 1 match for '$string'.\n" - output 2 "[PROC] Found 1 match for '$string' in '$url'.\n" - else - output 1 "found $c matches for '$string'.\n" - output 2 "[PROC] Found $c matches for '$string' in '$url'.\n" - fi - grep "$string" "$R_TMP" - else - output 1 "'$string' not found.\n" - output 2 "[PROC] The '$string' is not found in '$url'.\n" - fi - done - rm -f "$R_TMP" - } - local param="$1" - local validation_result="$3" - load_environment "$validation_result" 'quiet' || return 1 - if [ -z "$param" ]; then - output "Usage: /etc/init.d/${packageName} check_lists 'domain' ...\n" - return 0 - fi - config_load "$packageName" - config_foreach _check_list 'file_url' - return 0 -} - -adb_config_update() { -# shellcheck disable=SC2317,SC2329 - _cleanup_missing_urls() { - local cfg="$1" url size - config_get url "$cfg" url - if [ -z "$url" ]; then - uci_delete "$packageName" "$cfg" - fi - } - local R_TMP label - local param validation_result="$3" - case "$1" in - on_boot) param="$1";; - *) param='quiet';; - esac - load_environment "$validation_result" "$param" || return 1 - label="${config_update_url##*//}" - label="${label%%/*}"; - [ "$config_update_enabled" -ne '0' ] || return 0 - if [ "$param" != 'download' ]; then - adb_file 'test_cache' && return 0 - adb_file 'test_gzip' && return 0 - fi output 1 'Updating config ' output 2 "[ DL ] Config Update: $label " - while [ -z "$R_TMP" ] || [ -e "$R_TMP" ]; do - R_TMP="$(mktemp -u -q -t "${packageName}_tmp.XXXXXXXX")" - done + R_TMP="$(mktemp -q -t "${packageName}_tmp.XXXXXXXX")" if ! $dl_command "$config_update_url" "$dl_flag" "$R_TMP" 2>/dev/null || [ ! -s "$R_TMP" ]; then append_newline "$R_TMP" output_failn @@ -2128,70 +1850,35 @@ adb_config_update() { rm -f "$R_TMP" config_load "$packageName" config_foreach _cleanup_missing_urls 'file_url' - [ -n "$(uci_changes "$packageName")" ] && uci_commit "$packageName" + uci_changes "$packageName" && uci_commit "$packageName" return 0 } -adb_show_blocklist() { - local validation_result="$3" - load_environment "$validation_result" 'quiet' || return 1 - sed "$outputOutputFilter" "$outputFile" -} - -adb_sizes() { -# shellcheck disable=SC2329 - _config_add_url_size() { - local cfg="$1" url name size - config_get url "$cfg" url - config_get name "$cfg" name - size="$(get_url_filesize "$url")" - output "${name:-$url}${size:+: $size} " - if [ -n "$size" ]; then - uci_set "$packageName" "$cfg" 'size' "$size" - output_okn - else - output_failn - fi - } - local i - local validation_result="$3" - load_environment "$validation_result" 'quiet' || return 1 - config_load "$packageName" - config_foreach _config_add_url_size 'file_url' - [ -n "$(uci_changes "$packageName")" ] && [ -n "$update_config_sizes" ] && uci_commit "$packageName" -} - # shellcheck disable=SC2120 -adb_start() { - local action status error message stats p iface k - local param="$1" validation_result="$3" +start_service() { + local status error param="${1:-on_start}" + local action p iface k + status="$(json get status)" + error="$(json get error)" + json del all - dns_set_output_values "$dns" - if [ "$action" = 'on_boot' ] || [ -n "$adbf_boot_flag" ]; then - if adb_file test_gzip; then - unset adbf_boot_flag - action='on_start' - param='on_start' - else - return 0 - fi - fi - load_environment "$validation_result" "$param" || return 1 + case "$param" in + on_boot) + if adb_file 'test_gzip' || adb_file 'test_cache'; then + unset adbf_boot_flag + else + return 0 + fi + ;; + esac + + adb_config_update "$param" + load_environment "$param" "$(load_validate_config)" || return 1 - status="$(json get status)" - error="$(json get error)" - message="$(json get message)" - stats="$(json get stats)" action="$(adb_config_cache get trigger_service)" fw4_restart_flag="$(adb_config_cache get trigger_fw4)" - if [ "$action" = 'on_boot' ] || [ "$param" = 'on_boot' ] || [ "$param" = 'on_pause' ]; then - if adb_file 'test_gzip' || adb_file 'test_cache'; then - action='restore' - else - action='download' - fi - elif [ "$action" = 'download' ] || [ "$param" = 'download' ] || [ -n "$error" ]; then + if [ -n "$error" ]; then action='download' elif ! adb_file 'test'; then if adb_file 'test_gzip' || adb_file 'test_cache'; then @@ -2199,15 +1886,29 @@ adb_start() { else action='download' fi - elif [ "$action" = 'restart' ] || [ "$param" = 'restart' ]; then - action='restart' - elif adb_file 'test' && [ "$status" = "statusSuccess" ] && [ -z "$error" ]; then - : - else - action='download' + elif [ "$status" = "statusSuccess" ]; then + action='skip' fi - json del all + case "${action}:${param}" in + on_boot:*|*:on_boot|*:on_pause) + if adb_file 'test_gzip' || adb_file 'test_cache'; then + action='restore' + else + action='download' + fi + ;; + download:*|*:download) + action='download';; + restart:*) + action='restart';; + restore:*) + action='restore';; + skip:*) + action='skip';; + *:*) + action='download';; + esac if [ "$action" = 'restore' ]; then output 1 "Starting $serviceName...\n" @@ -2326,7 +2027,7 @@ adb_start() { done json_close_array json_add_array firewall - if [ "$force_dns" -ne '0' ]; then + if [ -n "$force_dns" ]; then # shellcheck disable=SC3060 for p in ${force_dns_port/,/ }; do if netstat -tuln | grep LISTEN | grep ":${p}" >/dev/null 2>&1; then @@ -2392,7 +2093,7 @@ adb_start() { json_add_string target 'REJECT' json_close_object done - if [ "$ipv6_enabled" -ne '0' ]; then + if [ -n "$ipv6_enabled" ]; then json_add_object '' json_add_string type 'ipset' json_add_string name 'adb6' @@ -2412,109 +2113,423 @@ adb_start() { fi ;; esac - json_close_array - procd_close_data - procd_close_instance - return 0 + json_close_array + procd_close_data + procd_close_instance + return 0 +} + +status_service() { + local param="$1" + local c status message error warning stats text + local code info + load_package_config + status="$(json get status)" + message="$(json get message)" + error="$(json get error)" + warning="$(json get warning)" + stats="$(json get stats)" + if [ "$status" = "statusSuccess" ]; then + output 1 "* $stats\n" + output 2 "[STAT] $stats\n" + else + [ -n "$status" ] && status="$(get_text "$status")" + status="${status}${status:+${message:+: $message}}" + [ -n "$status" ] && output "$serviceName $status!\n" + fi + [ "$param" != 'quiet' ] || return 0 + if [ -n "$error" ]; then + for c in $error; do + code="$(json get error "$c" 'code')" + info="$(json get error "$c" 'info')" + output_error "$(get_text "$code" "$info")" + done + fi + if [ -n "$warning" ]; then + for c in $warning; do + code="$(json get warning "$c" 'code')" + info="$(json get warning "$c" 'info')" + output_warning "$(get_text "$code" "$info")" + done + fi +} + +# shellcheck disable=SC2120 +stop_service() { + load_package_config + if adb_file 'test'; then + output 1 "Stopping $serviceName... " + output 2 "[STOP] Stopping $serviceName... " + adb_file 'create' + if resolver 'on_stop'; then + ipset -q -! flush adb > /dev/null 2>&1 + ipset -q -! destroy adb > /dev/null 2>&1 + nft delete set inet fw4 adb4 > /dev/null 2>&1 + nft delete set inet fw4 adb6 > /dev/null 2>&1 + led_off "$led" + output_okn + json set status 'statusStopped' + json del message + else + output_failn; + json set status 'statusFail' + json add error 'errorStopping' + output_error "$(get_text 'errorStopping')" + fi + fi + return 0 +} + +boot() { +# ubus -t 30 wait_for network.interface 2>/dev/null + adbf_boot_flag=1 + rc_procd start_service 'on_boot' && service_started 'on_boot' +} +reload_service() { rc_procd start_service 'reload'; } +restart_service() { rc_procd start_service 'restart'; } +service_stopped() { is_fw4_restart_needed && procd_set_config_changed firewall; } +service_triggers() { + local wan wan6 i + if [ -n "$adbf_boot_flag" ]; then + output 1 'Setting trigger (on_boot) ' + output 2 '[TRIG] Setting trigger (on_boot) ' + procd_add_raw_trigger "interface.*.up" 5000 "/etc/init.d/${packageName}" start && output_okn || output_failn + triggerStatus='statusTriggerBootWait' + else + procd_open_validate + load_validate_file_url_section + procd_close_validate + network_flush_cache + network_find_wan wan + wan="${wan:-wan}" + if [ -n "$procd_trigger_wan6" ]; then + network_find_wan6 wan6 + wan6="${wan6:-wan6}" + fi + output 1 "Setting trigger${wan6:+s} for $wan ${wan6:+$wan6 }" + output 2 "[TRIG] Setting trigger${wan6:+s} for $wan ${wan6:+$wan6 }" + for i in $wan $wan6; do + procd_add_interface_trigger "interface.*" "$i" "/etc/init.d/${packageName}" start && output_ok || output_fail + done + output 1 '\n' + procd_add_config_trigger "config.change" "$packageName" "/etc/init.d/${packageName}" reload + triggerStatus='statusTriggerStartWait' + fi +} + +service_started() { + local start_time end_time elapsed step_title + if [ -n "$compressed_cache" ] && ! adb_file 'test_gzip'; then + start_time=$(date +%s) + step_title="Creating ${dns} compressed cache" + output 1 "${step_title} " + output 2 "[PROC] ${step_title} " + json set message "$(get_text 'statusProcessing'): ${step_title}" + if adb_file 'create_gzip'; then + output_okn + else + output_failn + json add error 'errorCreatingCompressedCache' + fi + end_time=$(date +%s) + elapsed=$(( end_time - start_time )) + logger_debug "[PERF-DEBUG] ${step_title} took ${elapsed}s" + else + adb_file 'remove_gzip' + fi + is_fw4_restart_needed && procd_set_config_changed firewall + [ -z "$(json get status)" ] && json set status "$triggerStatus" +} + +allow() { + local c hf string="$1" + load_package_config + if ! adb_file 'test'; then + output "No block-list ('$outputFile') found.\n" + return 0 + elif [ -z "$string" ]; then + output "Usage: /etc/init.d/${packageName} allow 'domain' ...\n" + return 0 + elif [ -n "$dnsmasq_config_file_url" ]; then + output "Allowing individual domains is not possible when using external dnsmasq config file.\n" + return 0 + fi + case "$dns" in + dnsmasq.*) + output 1 'Allowing domains and restarting dnsmasq ' + output 2 '[PROC] Allowing domains \n' + for c in $string; do + output 2 " $c " + hf="$(echo "$c" | sed 's/\./\\./g')" + if sed -i "\:\(/\|\.\)${hf}/:d" "$outputFile"; then + output_ok + else + output_fail + fi + if [ -n "$outputAllowFilter" ]; then + if echo "$c" | sed -E "$outputAllowFilter" >> "$outputFile"; then + output_ok + else + output_fail + fi + fi + if uci_add_list_if_new "${packageName}" 'config' 'allowed_domain' "$c"; then + output_ok + else + output_fail + fi + done + if [ -n "$compressed_cache" ]; then + output 2 '[PROC] Creating compressed cache ' + if adb_file 'create_gzip'; then + output_ok + else + output_fail + fi + fi + output 2 '[PROC] Committing changes to config ' + if uci_commit "$packageName"; then + allowed_domain="$(uci_get "$packageName" 'config' 'allowed_domain')" + adb_config_cache 'create' + json set stats "$serviceName is blocking $(count_blocked_domains) domains (with ${dns})" + output_ok + if [ "$dns" = 'dnsmasq.ipset' ]; then + output 2 '[PROC] Flushing adb ipset ' + if ipset -q -! flush adb; then output_ok; else output_fail; fi + fi + if [ "$dns" = 'dnsmasq.nftset' ]; then + output 2 '[PROC] Flushing adb nft sets ' + nft flush set inet fw4 adb6 + if nft flush set inet fw4 adb4; then output_ok; else output_fail; fi + fi + output_dns 'Restarting dnsmasq ' + if dnsmasq_restart; then output_ok; else output_fail; fi + else + output_fail + fi + output 1 '\n' + ;; + smartdns.*) + output 1 'Allowing domains and restarting smartdns ' + output 2 '[PROC] Allowing domains \n' + for c in $string; do + output 2 " $c " + hf="$(echo "$c" | sed 's/\./\\./g')" + if sed -i "\:\(\"\|\.\)${hf}\":d" "$outputFile" && \ + uci_add_list_if_new "$packageName" 'config' 'allowed_domain' "$string"; then + output_ok + else + output_fail + fi + done + if [ -n "$compressed_cache" ]; then + output 2 '[PROC] Creating compressed cache ' + if adb_file 'create_gzip'; then + output_ok + else + output_fail + fi + fi + output 2 '[PROC] Committing changes to config ' + if uci_commit "$packageName"; then + allowed_domain="$(uci_get "$packageName" 'config' 'allowed_domain')" + adb_config_cache 'create' + json set stats "$serviceName is blocking $(count_blocked_domains) domains (with ${dns})" + output_ok; + output_dns 'Restarting SmartDNS ' + if smartdns_restart; then output_ok; else output_fail; fi + else + output_fail + fi + output 1 '\n' + ;; + unbound.*) + output 1 'Allowing domains and restarting Unbound ' + output 2 '[PROC] Allowing domains \n' + for c in $string; do + output 2 " $c " + hf="$(echo "$c" | sed 's/\./\\./g')" + if sed -i "\:\(\"\|\.\)${hf}\":d" "$outputFile" && \ + uci_add_list_if_new "$packageName" 'config' 'allowed_domain' "$string"; then + output_ok + else + output_fail + fi + done + if [ -n "$compressed_cache" ]; then + output 2 '[PROC] Creating compressed cache ' + if adb_file 'create_gzip'; then + output_ok + else + output_failn + fi + fi + output 2 '[PROC] Committing changes to config ' + if uci_commit "$packageName"; then + allowed_domain="$(uci_get "$packageName" 'config' 'allowed_domain')" + adb_config_cache 'create' + json set stats "$serviceName is blocking $(count_blocked_domains) domains (with ${dns})" + output_ok; + output_dns 'Restarting Unbound ' + if unbound_restart; then output_ok; else output_fail; fi + else + output_fail + fi + output 1 '\n' + ;; + esac } -adb_status() { - local param="$1" - local c status message error warning stats text - local code info - status="$(json get status)" - message="$(json get message)" - error="$(json get error)" - warning="$(json get warning)" - stats="$(json get stats)" - if [ "$status" = "statusSuccess" ]; then - output 1 "* $stats\n" - output 2 "[STAT] $stats\n" - else - [ -n "$status" ] && status="$(get_text "$status")" - status="${status}${status:+${message:+: $message}}" - [ -n "$status" ] && output "$serviceName $status!\n" - fi - [ "$param" != 'quiet' ] || return 0 - if [ -n "$error" ]; then - for c in $error; do - code="$(json get error "$c" 'code')" - info="$(json get error "$c" 'info')" - output_error "$(get_text "$code" "$info")" - done - fi - if [ -n "$warning" ]; then - for c in $warning; do - code="$(json get warning "$c" 'code')" - info="$(json get warning "$c" 'info')" - output_warning "$(get_text "$code" "$info")" - done +check() { + local c param="$1" + load_package_config + if ! adb_file 'test'; then + output "No block-list ('$outputFile') found.\n" + return 0 + elif [ -z "$param" ]; then + output "Usage: /etc/init.d/${packageName} check 'domain' ...\n" + return 0 fi + for string in ${param}; do + c="$(grep -c -E "$string" "$outputFile")" + if [ "$c" -gt 0 ]; then + if [ "$c" -eq 1 ]; then + output 1 "Found 1 match for '$string' in '$outputFile'.\n" + output 2 "[PROC] Found 1 match for '$string' in '$outputFile'.\n" + else + output 1 "Found $c matches for '$string' in '$outputFile'.\n" + output 2 "[PROC] Found $c matches for '$string' in '$outputFile'.\n" + fi + if [ "$c" -le 20 ]; then + grep "$string" "$outputFile" | sed "$outputOutputFilter" + fi + else + output 1 "The '$string' is not found in current block-list ('$outputFile').\n" + output 2 "[PROC] The '$string' is not found in current block-list ('$outputFile').\n" + fi + done } -# shellcheck disable=SC2120 -adb_stop() { - local validation_result="$3" - load_environment "$validation_result" 'quiet' || return 0 - if adb_file 'test'; then - output 1 "Stopping $serviceName... " - output 2 "[STOP] Stopping $serviceName... " - adb_file 'create' - if resolver 'on_stop'; then - ipset -q -! flush adb > /dev/null 2>&1 - ipset -q -! destroy adb > /dev/null 2>&1 - nft delete set inet fw4 adb4 > /dev/null 2>&1 - nft delete set inet fw4 adb6 > /dev/null 2>&1 - led_off "$led" - output_okn - json set status 'statusStopped' - json del message - else - output_failn; - json set status 'statusFail' - json add error 'errorStopping' - output_error "$(get_text 'errorStopping')" +check_tld() { + local c param="$1" + load_package_config + if ! adb_file 'test'; then + output "No block-list ('$outputFile') found.\n" + return 0 + fi + c="$(grep -cvE '\.|server:' "$outputFile")" + if [ "$c" -gt 0 ]; then + if [ "$c" -eq 1 ]; then + output 1 "Found 1 match for TLD in '$outputFile'.\n" + output 2 "[PROC] Found 1 match for TLD in '$outputFile'.\n" + else + output 1 "Found $c matches for TLDs in '$outputFile'.\n" + output 2 "[PROC] Found $c matches for TLDs in '$outputFile'.\n" + fi + if [ "$c" -le 20 ]; then + grep -vE '\.|server:' "$outputFile" | sed "$outputOutputFilter" fi + else + output 1 "No TLD was found in current block-list ('$outputFile').\n" + output 2 "[PROC] No TLD was found in current block-list ('$outputFile').\n" fi - return 0 } -adb_pause() { - local timeout="${1:-$pause_timeout}" - local validation_result="$3" - adb_stop 'on_pause' '' "$validation_result" - output 1 "Sleeping for $timeout seconds... " - output 2 "[PROC] Sleeping for $timeout seconds... " - if is_integer "$timeout" && sleep "$timeout"; then - output_okn +check_leading_dot() { + local c param="$1" + local string + load_package_config + if ! adb_file 'test'; then + output "No block-list ('$outputFile') found.\n" + return 0 + fi + case "$dns" in + dnsmasq.*) string='/\.';; + smartdns.*) string='^\.';; + unbound.*) string='"\.';; + esac + c="$(grep -c "$string" "$outputFile")" + if [ "$c" -gt 0 ]; then + if [ "$c" -eq 1 ]; then + output 1 "Found 1 match for leading-dot domain in '$outputFile'.\n" + output 2 "[PROC] Found 1 match for leading-dot domain in '$outputFile'.\n" + else + output 1 "Found $c matches for leading-dot domains in '$outputFile'.\n" + output 2 "[PROC] Found $c matches for leading-dot domains in '$outputFile'.\n" + fi + if [ "$c" -le 20 ]; then + grep "$string" "$outputFile" | sed "$outputOutputFilter" + fi else - output_failn + output 1 "No leading-dot domain was found in current block-list ('$outputFile').\n" + output 2 "[PROC] No leading-dot domain was found in current block-list ('$outputFile').\n" fi - adb_start 'on_pause' '' "$validation_result" } -allow() { load_validate_config 'config' adb_allow "'$*'"; } -boot() { -# ubus -t 30 wait_for network.interface 2>/dev/null - adbf_boot_flag=1 - rc_procd start_service 'on_boot' && service_started 'on_boot' +check_lists() { +# shellcheck disable=SC2317,SC2329 + _check_list() { + local cfg="$1" + local en size url name R_TMP string c + config_get_bool en "$cfg" enabled '1' + config_get action "$cfg" action 'block' + config_get url "$cfg" url + config_get name "$cfg" name + name="${name:-$url}" + + [ "$en" = '0' ] && return 0 + [ "$action" != 'block' ] && return 0 + + output 1 "Checking ${name}: " + output 2 "[ DL ] $name " + + if is_https_url "$url" && [ -z "$isSSLSupported" ]; then + output_failn + return 1 + fi + R_TMP="$(mktemp -q -t "${packageName}_tmp.XXXXXXXX")" + if [ -z "$url" ] || ! $dl_command "$url" "$dl_flag" "$R_TMP" 2>/dev/null || \ + [ ! -s "$R_TMP" ]; then + output_failn + return 1 + else + output 2 "$__OK__\n" + fi + append_newline "$R_TMP" + for string in ${param}; do + c="$(grep -c -E "$string" "$R_TMP")" + if [ "$c" -gt 0 ]; then + if [ "$c" -eq 1 ]; then + output 1 "found 1 match for '$string'.\n" + output 2 "[PROC] Found 1 match for '$string' in '$url'.\n" + else + output 1 "found $c matches for '$string'.\n" + output 2 "[PROC] Found $c matches for '$string' in '$url'.\n" + fi + grep "$string" "$R_TMP" + else + output 1 "'$string' not found.\n" + output 2 "[PROC] The '$string' is not found in '$url'.\n" + fi + done + rm -f "$R_TMP" + } + local param="$1" + load_package_config + load_dl_command + if [ -z "$param" ]; then + output "Usage: /etc/init.d/${packageName} check_lists 'domain' ...\n" + return 0 + fi + config_load "$packageName" + config_foreach _check_list 'file_url' + return 0 } -check() { load_validate_config 'config' adb_check "'$*'"; } -check_tld() { load_validate_config 'config' adb_check_tld "'$*'"; } -check_leading_dot() { load_validate_config 'config' adb_check_leading_dot "'$*'"; } -check_lists() { load_validate_config 'config' adb_check_lists "'$*'"; } + dl() { rc_procd start_service 'download'; } + killcache() { - local compressed_cache_dir - config_load "$packageName" - config_get compressed_cache_dir 'config' 'compressed_cache_dir' '/etc' - if [ "$(sanitize_dir "$compressed_cache_dir")" = '/' ]; then - compressed_cache_dir='' - elif [ -n "$(sanitize_dir "$compressed_cache_dir")" ]; then - compressed_cache_dir="$(sanitize_dir "$compressed_cache_dir")" - else - compressed_cache_dir="/etc" - fi + load_package_config rm -f "$dnsmasqAddnhostsCache" "${compressed_cache_dir}/${dnsmasqAddnhostsGzip}" rm -f "$dnsmasqConfCache" "${compressed_cache_dir}/${dnsmasqConfGzip}" rm -f "$dnsmasqIpsetCache" "${compressed_cache_dir}/${dnsmasqIpsetGzip}" @@ -2527,50 +2542,49 @@ killcache() { resolver 'cleanup' return 0 } -show_blocklist() { load_validate_config 'config' adb_show_blocklist "'$*'"; } -reload_service() { rc_procd start_service 'restart'; } -restart_service() { rc_procd start_service 'restart'; } -service_started() { is_fw4_restart_needed && procd_set_config_changed firewall; } -service_stopped() { is_fw4_restart_needed && procd_set_config_changed firewall; } -service_triggers() { - local wan wan6 i - local procd_trigger_wan6 - if [ -n "$adbf_boot_flag" ]; then - output 1 'Setting trigger (on_boot) ' - output 2 '[TRIG] Setting trigger (on_boot) ' - procd_add_raw_trigger "interface.*.up" 5000 "/etc/init.d/${packageName}" start && output_okn || output_failn - json set status 'statusTriggerBootWait' + +pause() { + load_package_config + local timeout="${1:-$pause_timeout}" + stop_service 'on_pause' + output 1 "Sleeping for $timeout seconds... " + output 2 "[PROC] Sleeping for $timeout seconds... " + if is_integer "$timeout" && sleep "$timeout"; then + output_okn else - procd_open_validate - load_validate_config - load_validate_file_url_section - procd_close_validate - config_load "$packageName" - config_get_bool procd_trigger_wan6 'config' 'procd_trigger_wan6' '0' - network_flush_cache - network_find_wan wan - wan="${wan:-wan}" - if [ "$procd_trigger_wan6" -ne '0' ]; then - network_find_wan6 wan6 - wan6="${wan6:-wan6}" - fi - output 1 "Setting trigger${wan6:+s} for $wan ${wan6:+$wan6 }" - output 2 "[TRIG] Setting trigger${wan6:+s} for $wan ${wan6:+$wan6 }" - for i in $wan $wan6; do - procd_add_interface_trigger "interface.*" "$i" "/etc/init.d/${packageName}" start && output_okn || output_failn - done - procd_add_config_trigger "config.change" "$packageName" "/etc/init.d/${packageName}" reload - [ -z "$(json get status)" ] && json set status 'statusTriggerStartWait' + output_failn fi + start_service 'on_pause' +} + +show_blocklist() { + load_package_config + sed "$outputOutputFilter" "$outputFile" } -sizes() { load_validate_config 'config' adb_sizes "''"; } -start_service() { - [ -n "$adbf_boot_flag" ] || load_validate_config 'config' adb_config_update "'$*'" - load_validate_config 'config' adb_start "'$*'" + +sizes() { +# shellcheck disable=SC2329 + _config_add_url_size() { + local cfg="$1" url name size + config_get url "$cfg" url + config_get name "$cfg" name + size="$(get_url_filesize "$url")" + output "${name:-$url}${size:+: $size} " + if [ -n "$size" ]; then + uci_set "$packageName" "$cfg" 'size' "$size" + output_okn + else + output_failn + fi + } + local i + load_package_config + load_dl_command + config_load "$packageName" + config_foreach _config_add_url_size 'file_url' + [ -n "$update_config_sizes" ] && uci_changes "$packageName" && uci_commit "$packageName" } -status_service() { adb_status "$@"; } -stop_service() { load_validate_config 'config' adb_stop "'$*'"; } -pause() { load_validate_config 'config' adb_pause "'$*'"; } + version() { echo "$PKG_VERSION"; } # shellcheck disable=SC2120 @@ -2580,50 +2594,19 @@ load_validate_file_url_section() { 'action:or("allow", "block"):block' \ 'size:or(uinteger, "")' \ 'name:string' \ - 'url:string' + 'url:string' \ + ; } load_validate_config() { - local enabled - local force_dns - local force_dns_interface - local force_dns_port - local parallel_downloads - local debug - local compressed_cache - local compressed_cache_dir - local ipv6_enabled - local allow_non_ascii - local canary_domains_icloud - local canary_domains_mozilla - local config_update_enabled - local config_update_url - local download_timeout - local pause_timeout - local curl_additional_param - local curl_max_file_size - local curl_retry - local verbosity - local procd_trigger_wan6 - local procd_boot_wan_timeout - local procd_lan_interface_name - local led - local dns - local dnsmasq_instance - local smartdns_instance - local heartbeat_domain - local heartbeat_sleep_timeout - local update_config_sizes - local allowed_domain - local blocked_domain - local dnsmasq_config_file_url uci_load_validate "$packageName" "$packageName" "$1" "${2}${3:+ $3}" \ 'enabled:bool:0' \ 'force_dns:bool:1' \ 'force_dns_interface:list(network):lan' \ 'force_dns_port:list(integer):53,853' \ 'parallel_downloads:bool:1' \ - 'debug:bool:0' \ + 'debug_init_script:bool:0' \ + 'debug_performance:bool:0' \ 'compressed_cache:bool:0' \ 'compressed_cache_dir:directory:/etc' \ 'ipv6_enabled:bool:0' \ @@ -2650,5 +2633,6 @@ load_validate_config() { 'update_config_sizes:bool:1' \ 'allowed_domain:list(string)' \ 'blocked_domain:list(string)' \ - 'dnsmasq_config_file_url:string' + 'dnsmasq_config_file_url:string' \ + ; } diff --git a/net/adblock-fast/files/etc/uci-defaults/90-adblock-fast b/net/adblock-fast/files/etc/uci-defaults/90-adblock-fast index 3cf0db1984f906..fcbd7fbdd63feb 100644 --- a/net/adblock-fast/files/etc/uci-defaults/90-adblock-fast +++ b/net/adblock-fast/files/etc/uci-defaults/90-adblock-fast @@ -2,6 +2,7 @@ # Copyright 2023 MOSSDeF, Stan Grishin (stangri@melmac.ca) # shellcheck disable=SC2015,SC3043,SC3060 + readonly adbFunctionsFile='/etc/init.d/adblock-fast' if [ -s "$adbFunctionsFile" ]; then # shellcheck source=../../etc/init.d/adblock-fast @@ -154,7 +155,20 @@ add_name() { if [ -s "/etc/config/${packageName}-opkg" ] && ! grep -q 'option name' "/etc/config/${packageName}"; then config_load "$packageName" config_foreach add_name 'file_url' - [ -n "$(uci_changes "$packageName")" ] && uci_commit "$packageName" fi +# migrate to 1.2.0 +oldval="$(uci_get "$packageName" config debug)" +if [ -n "$oldval" ]; then + uci_set "$packageName" config debug_init_script "$oldval" + uci_remove "$packageName" config debug +fi +oldval="$(uci_get "$packageName" config proc_debug)" +if [ -n "$oldval" ]; then + uci_set "$packageName" config debug_performance "$oldval" + uci_remove "$packageName" config proc_debug +fi + +uci_changes "$packageName" && uci_commit "$packageName" + exit 0 From 47898a8efa4e242e8eac23e92ae99aee338955ca Mon Sep 17 00:00:00 2001 From: Ray Wang Date: Sat, 23 Aug 2025 11:33:16 +0800 Subject: [PATCH 114/239] natmap: update to 20250924 Upstream changelog: https://github.com/heiher/natmap/releases/tag/20250924 Signed-off-by: Ray Wang (cherry picked from commit c16fdd7e2b51ef41372368d83a98e62e40b2d2da) --- net/natmap/Makefile | 4 ++-- net/natmap/files/natmap.config | 4 ++++ net/natmap/files/natmap.init | 17 +++++++++++++---- 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/net/natmap/Makefile b/net/natmap/Makefile index d389a58763008b..aca43d3d0ab060 100644 --- a/net/natmap/Makefile +++ b/net/natmap/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=natmap -PKG_VERSION:=20250721 +PKG_VERSION:=20250924 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://github.com/heiher/natmap/releases/download/$(PKG_VERSION) -PKG_HASH:=25d3288c1654191b7884d6c83b8f669ce788fbab95ebe26d84b65c63ceaa3094 +PKG_HASH:=a86caa74266b62707bdcb9eef34910571061c206a5cd2d1eff694eae25ab5aaf PKG_MAINTAINER:=Richard Yu , Ray Wang PKG_LICENSE:=MIT diff --git a/net/natmap/files/natmap.config b/net/natmap/files/natmap.config index c003fc59de8841..a8d9f6d705e360 100644 --- a/net/natmap/files/natmap.config +++ b/net/natmap/files/natmap.config @@ -4,11 +4,15 @@ config natmap option udp_mode '1' option interface '' option interval '' + option stun_cycle '' option stun_server 'stunserver.stunprotocol.org' option http_server 'example.com' + option fwmark '' option port '8080' option forward_target '' option forward_port '' + option forward_timeout '' + option forward_congestion '' option notify_script '' option log_stdout '1' option log_stderr '1' diff --git a/net/natmap/files/natmap.init b/net/natmap/files/natmap.init index d0851ab6841b6c..f43707f85cfffb 100644 --- a/net/natmap/files/natmap.init +++ b/net/natmap/files/natmap.init @@ -21,12 +21,17 @@ validate_section_natmap() { 'family:string' \ 'udp_mode:bool:0' \ 'interface:string' \ - 'interval:uinteger' \ - 'stun_server:host' \ - 'http_server:host' \ + 'interval:and(uinteger, min(1))' \ + 'stun_cycle:uinteger' \ + 'stun_server:string' \ + 'http_server:string' \ + 'fwmark:string' \ 'port:or(port,portrange)' \ + 'port_random:bool:0' \ 'forward_target:host' \ 'forward_port:port' \ + 'forward_timeout:and(uinteger, min(1))' \ + 'forward_congestion:string' \ 'notify_script:file' \ 'log_stdout:bool:1' \ 'log_stderr:bool:1' @@ -43,9 +48,11 @@ natmap_instance() { procd_open_instance "$1" procd_set_param command "$PROG" \ ${interval:+-k "$interval"} \ + ${stun_cycle:+-c "$stun_cycle"} \ ${stun_server:+-s "$stun_server"} \ ${http_server:+-h "$http_server"} \ - ${port:+-b "$port"} \ + ${fwmark:+-f "$fwmark"} \ + ${port:+-b "$([ "$port_random" = 1 ] && echo ${port/-/\~} || echo $port)"} \ [ "${family}" = ipv4 ] && procd_append_param command -4 [ "${family}" = ipv6 ] && procd_append_param command -6 @@ -60,6 +67,8 @@ natmap_instance() { } [ -n "${forward_target}" ] && procd_append_param command -t "$forward_target" -p "$forward_port" + [ -n "${forward_timeout}" ] && procd_append_param command -T "$forward_timeout" + [ -n "${forward_congestion}" ] && procd_append_param command -C "$forward_congestion" [ -n "${notify_script}" ] && procd_set_param env "NOTIFY_SCRIPT=${notify_script}" procd_append_param command -e /usr/lib/natmap/update.sh From 777d483db7e7da5cdfd06620029ac6daac247eb0 Mon Sep 17 00:00:00 2001 From: Eric Fahlgren Date: Sat, 27 Sep 2025 15:37:54 -0700 Subject: [PATCH 115/239] owut: update to 2025.09.27 Bug fixes: efahl/owut@f049043ed721 owut: use installed SSL certs instead of default Signed-off-by: Eric Fahlgren (cherry picked from commit 29e614fa861f7228d420d81021d7e9522d7fc680) --- utils/owut/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/utils/owut/Makefile b/utils/owut/Makefile index 38161cedbc5414..621ddac81ec56d 100644 --- a/utils/owut/Makefile +++ b/utils/owut/Makefile @@ -6,13 +6,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=owut -PKG_SOURCE_DATE:=2025-09-03 +PKG_SOURCE_DATE:=2025-09-27 PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git -PKG_SOURCE_VERSION:=49e9bce7b8c3550f4ffead5c650884ef4f13fcfa +PKG_SOURCE_VERSION:=f049043ed7219e7736e6e9d1e6cf4cc6b444945f PKG_SOURCE_URL:=https://github.com/efahl/owut.git -PKG_MIRROR_HASH:=3c799115352da8660a648e1c0a5a350accacf7dfa961641653beadffda78e6e1 +PKG_MIRROR_HASH:=1b96ee209d15db7d2c58a1a626b9c94f64dec68595eb50ac6be9958014957333 PKG_MAINTAINER:=Eric Fahlgren PKG_LICENSE:=GPL-2.0-only From 8d1dc048eda606c998683092e90e3ad6544d3326 Mon Sep 17 00:00:00 2001 From: Rui Salvaterra Date: Fri, 7 Jun 2024 12:47:17 +0100 Subject: [PATCH 116/239] tor: update to 0.4.8.16 stable Minor release, see the changelog [1] for what's new. [1] https://gitlab.torproject.org/tpo/core/tor/-/blob/tor-0.4.8.16/ChangeLog Signed-off-by: Rui Salvaterra (cherry picked from commit 60908b5b9b58dcfdde9bf4d6c76adf7cdf07bf40) --- net/tor/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/tor/Makefile b/net/tor/Makefile index 3952707ef0e436..39534a08cb4fb1 100644 --- a/net/tor/Makefile +++ b/net/tor/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tor -PKG_VERSION:=0.4.8.12 +PKG_VERSION:=0.4.8.16 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://dist.torproject.org/ \ https://archive.torproject.org/tor-package-archive -PKG_HASH:=ca7cc735d98e3747b58f2f3cc14f804dd789fa0fb333a84dcb6bd70adbb8c874 +PKG_HASH:=6540dd377a120fb8e7d27530aa3b7ff72a0fa5b4f670fe1d64c987c1cfd390cb PKG_MAINTAINER:=Hauke Mehrtens \ Peter Wagner PKG_LICENSE:=BSD-3-Clause From c1712bbb8219b8a1b90bf9bf65f174f99b41888a Mon Sep 17 00:00:00 2001 From: Sergey Ponomarev Date: Sun, 8 Jun 2025 13:37:26 +0300 Subject: [PATCH 117/239] tor: add /etc/torrc.d/ to conffiles The /etc/tor/torrc may contain the line: %include /etc/torrc.d/*.conf So users may put their own config files there. We should preserve the files during an upgrade. Signed-off-by: Sergey Ponomarev [Added PKG_RELEASE bump] (cherry picked from commit 83737ed9ea188b6191d849e216af2d2d44548ecf) --- net/tor/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/tor/Makefile b/net/tor/Makefile index 39534a08cb4fb1..927c00d4eadd7f 100644 --- a/net/tor/Makefile +++ b/net/tor/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tor PKG_VERSION:=0.4.8.16 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://dist.torproject.org/ \ @@ -114,6 +114,7 @@ endef define Package/tor/conffiles /etc/tor/torrc +/etc/tor/torrc.d/* /var/lib/tor/fingerprint /var/lib/tor/keys/* /etc/config/tor From 76c033817c136352fc35d52679940226c1a2516a Mon Sep 17 00:00:00 2001 From: Rui Salvaterra Date: Sun, 6 Jul 2025 11:25:03 +0100 Subject: [PATCH 118/239] tor: update to 0.4.8.17 stable Minor release, see the changelog [1] for what's new. [1] https://gitlab.torproject.org/tpo/core/tor/-/blob/tor-0.4.8.17/ChangeLog Signed-off-by: Rui Salvaterra (cherry picked from commit f2c93e0e25af7488918bc522bd3c53e346a46a4d) --- net/tor/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/tor/Makefile b/net/tor/Makefile index 927c00d4eadd7f..2bfd3025943ef0 100644 --- a/net/tor/Makefile +++ b/net/tor/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tor -PKG_VERSION:=0.4.8.16 -PKG_RELEASE:=2 +PKG_VERSION:=0.4.8.17 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://dist.torproject.org/ \ https://archive.torproject.org/tor-package-archive -PKG_HASH:=6540dd377a120fb8e7d27530aa3b7ff72a0fa5b4f670fe1d64c987c1cfd390cb +PKG_HASH:=79b4725e1d4b887b9e68fd09b0d2243777d5ce3cd471e538583bcf6f9d8cdb56 PKG_MAINTAINER:=Hauke Mehrtens \ Peter Wagner PKG_LICENSE:=BSD-3-Clause From c8077ec8b36b6e1a3641083aa2f5ece73e433323 Mon Sep 17 00:00:00 2001 From: Eric Luehrsen Date: Mon, 29 Sep 2025 00:04:12 -0400 Subject: [PATCH 119/239] unbound: update to 1.24.0 latest upstream 09182024 Signed-off-by: Eric Luehrsen (cherry picked from commit 7b6300227383d08301bb7407d53834a202e13d69) --- net/unbound/Makefile | 6 +++--- net/unbound/patches/010-configure-uname.patch | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/net/unbound/Makefile b/net/unbound/Makefile index 5de7dde0c4fc65..08f87265c15c36 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound -PKG_VERSION:=1.23.0 -PKG_RELEASE:=2 +PKG_VERSION:=1.24.0 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://nlnetlabs.nl/downloads/unbound -PKG_HASH:=959bd5f3875316d7b3f67ee237a56de5565f5b35fc9b5fc3cea6cfe735a03bb8 +PKG_HASH:=147b22983cc7008aa21007e251b3845bfcf899ffd2d3b269253ebf2e27465086 PKG_MAINTAINER:=Eric Luehrsen PKG_LICENSE:=BSD-3-Clause diff --git a/net/unbound/patches/010-configure-uname.patch b/net/unbound/patches/010-configure-uname.patch index 866cf7fa4f8752..62231726fda0f9 100644 --- a/net/unbound/patches/010-configure-uname.patch +++ b/net/unbound/patches/010-configure-uname.patch @@ -3,7 +3,7 @@ Fix cross compile errors by inserting an environment variable for the target. Use "uname" on host only if "UNAME" variable is empty. --- a/configure.ac +++ b/configure.ac -@@ -900,7 +900,7 @@ if test x_$ub_test_python != x_no; then +@@ -902,7 +902,7 @@ if test x_$ub_test_python != x_no; then fi fi From a578285a413c3bd9626e7e82729470cdbd4d263b Mon Sep 17 00:00:00 2001 From: Andrey Zotikov Date: Thu, 24 Jul 2025 01:58:31 +0300 Subject: [PATCH 120/239] fail2ban: bump to 1.1.0 fail2ban changes: - nftables support (iptables dependency removed) - python3 support (old package patches removed) - Upstream patches backports: - filter.d/dropbear.conf: failregex extended to match different format of "Exit before auth" message - cherry-pick from debian: debian default banactions are nftables, systemd backend for sshd - Removed unresponsive/unreachable maintainer. Fixes: https://github.com/openwrt/packages/issues/23015 ("fail2ban: very old version") Signed-off-by: Andrey Zotikov (cherry picked from commit 2a202b2091336cd04d58d797021e278ba9d3f5ae) --- net/fail2ban/Makefile | 13 +- .../patches/010-dropbear-regex-fix.patch | 44 ++++++ .../patches/010-python3.10_compat.patch | 54 ------- net/fail2ban/patches/020-fix-2to3.patch | 62 -------- net/fail2ban/patches/020-nftables.patch | 41 +++++ ...art-of-expression-python-3.11-compat.patch | 44 ------ ...d-by-RE-engine-in-the-python-version.patch | 36 ----- net/fail2ban/patches/CVE-2021-32749.patch | 143 ------------------ 8 files changed, 90 insertions(+), 347 deletions(-) create mode 100644 net/fail2ban/patches/010-dropbear-regex-fix.patch delete mode 100644 net/fail2ban/patches/010-python3.10_compat.patch delete mode 100644 net/fail2ban/patches/020-fix-2to3.patch create mode 100644 net/fail2ban/patches/020-nftables.patch delete mode 100644 net/fail2ban/patches/101-move-global-groups-to-start-of-expression-python-3.11-compat.patch delete mode 100644 net/fail2ban/patches/102-wrap-global-flags-to-local-flags-if-supported-by-RE-engine-in-the-python-version.patch delete mode 100644 net/fail2ban/patches/CVE-2021-32749.patch diff --git a/net/fail2ban/Makefile b/net/fail2ban/Makefile index a4b25f2a217a60..a963af1f621cc3 100644 --- a/net/fail2ban/Makefile +++ b/net/fail2ban/Makefile @@ -6,14 +6,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fail2ban -PKG_VERSION:=0.11.2 -PKG_RELEASE:=9 +PKG_VERSION:=1.1.0 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/fail2ban/fail2ban/tar.gz/$(PKG_VERSION)? -PKG_HASH:=383108e5f8644cefb288537950923b7520f642e7e114efb843f6e7ea9268b1e0 +PKG_HASH:=474fcc25afdaf929c74329d1e4d24420caabeea1ef2e041a267ce19269570bae -PKG_MAINTAINER:=Gerald Kerma +PKG_MAINTAINER:= PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=COPYING PKG_CPE_ID:=cpe:/a:fail2ban:fail2ban @@ -21,15 +21,13 @@ PKG_CPE_ID:=cpe:/a:fail2ban:fail2ban include $(INCLUDE_DIR)/package.mk include ../../lang/python/python3-package.mk -HOST_BUILD_DEPENDS:=2to3/host - define Package/fail2ban SECTION:=net CATEGORY:=Network TITLE:=ban hosts that cause multiple authentication errors URL:=https://www.fail2ban.org/ DEPENDS:= \ - +iptables \ + +nftables \ +python3-light \ +python3-ctypes \ +python3-distutils \ @@ -50,7 +48,6 @@ define Package/fail2ban/conffiles endef define Build/Compile - cd $(PKG_BUILD_DIR) && ./fail2ban-2to3 $(call Py3Build/Compile) endef diff --git a/net/fail2ban/patches/010-dropbear-regex-fix.patch b/net/fail2ban/patches/010-dropbear-regex-fix.patch new file mode 100644 index 00000000000000..351cf97f2d7783 --- /dev/null +++ b/net/fail2ban/patches/010-dropbear-regex-fix.patch @@ -0,0 +1,44 @@ +From f29a49e39c66e43de6cf1d2a9085c00cca5eca99 Mon Sep 17 00:00:00 2001 +From: sebres +Date: Fri, 27 Dec 2024 16:43:33 +0100 +Subject: [PATCH] `filter.d/dropbear.conf`: failregex extended to match + different format of "Exit before auth" message; closes gh-3791 + +Upstream-Status: Backport [https://github.com/fail2ban/fail2ban/commit/a796cc9b91656721fee0d1904911101c678452ad] + +Signed-off-by: Andrey Zotikov +--- + config/filter.d/dropbear.conf | 7 ++++--- + fail2ban/tests/files/logs/dropbear | 8 ++++++++ + 2 files changed, 12 insertions(+), 3 deletions(-) + +--- a/config/filter.d/dropbear.conf ++++ b/config/filter.d/dropbear.conf +@@ -25,9 +25,10 @@ _daemon = dropbear + + prefregex = ^%(__prefix_line)s(?:[Ll]ogin|[Bb]ad|[Ee]xit).+$ + +-failregex = ^[Ll]ogin attempt for nonexistent user ('.*' )?from :\d+$ +- ^[Bb]ad (PAM )?password attempt for .+ from (:\d+)?$ +- ^[Ee]xit before auth \(user '.+', \d+ fails\): Max auth tries reached - user '.+' from :\d+\s*$ ++failregex = ^[Ll]ogin attempt for nonexistent user (?:'.*' )?from :\d+$ ++ ^[Bb]ad (?:PAM )?password attempt for '.+' from (?::\d+)?$ ++ ^[Ee]xit before auth from \:\d+\>?: (?:\([^\)]*\): )?Max auth tries reached - user '.+'\s*$ ++ ^[Ee]xit before auth \(user '.+', \d+ fails\): Max auth tries reached - user '.+' from :\d+\s*$ + + ignoreregex = + +--- a/fail2ban/tests/files/logs/dropbear ++++ b/fail2ban/tests/files/logs/dropbear +@@ -13,3 +13,11 @@ Jul 27 01:04:12 fail2ban-test dropbear[1 + Jul 27 01:04:22 fail2ban-test dropbear[1335]: Exit before auth (user 'root', 10 fails): Max auth tries reached - user 'root' from 1.2.3.4:60588 + # failJSON: { "time": "2005-07-27T01:18:59", "match": true , "host": "1.2.3.4" } + Jul 27 01:18:59 fail2ban-test dropbear[1477]: Login attempt for nonexistent user from 1.2.3.4:60794 ++ ++# failJSON: { "time": "2005-07-10T23:53:52", "match": true , "host": "1.2.3.4", "desc": "extra pid/timestamp may be logged into journal, gh-3597" } ++Jul 10 23:53:52 fail2ban-test dropbear[825]: [825] Jul 10 23:53:52 Bad password attempt for 'root' from 1.2.3.4:52289 ++ ++# failJSON: { "time": "2005-07-10T23:57:29", "match": true , "host": "192.0.2.3", "desc": "different message format, gh-3791" } ++Jul 10 23:57:29 fail2ban-test dropbear[825]: [825] Jul 10 23:57:29 Exit before auth from <192.0.2.3:52289>: (user 'root', 10 fails): Max auth tries reached - user 'root' ++# failJSON: { "time": "2005-07-10T23:59:24", "match": true , "host": "192.0.2.3", "desc": "different message format, gh-3791" } ++Jul 10 23:59:24 fail2ban-test dropbear[826]: [826] Jul 10 23:59:24 Exit before auth from <192.0.2.3:52325>: Max auth tries reached - user 'is invalid' diff --git a/net/fail2ban/patches/010-python3.10_compat.patch b/net/fail2ban/patches/010-python3.10_compat.patch deleted file mode 100644 index 24aec98f88d90f..00000000000000 --- a/net/fail2ban/patches/010-python3.10_compat.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 2b6bb2c1bed8f7009631e8f8c306fa3160324a49 Mon Sep 17 00:00:00 2001 -From: "Sergey G. Brester" -Date: Mon, 8 Feb 2021 17:19:24 +0100 -Subject: [PATCH 2/4] follow bpo-37324: - :ref:`collections-abstract-base-classes` moved to the :mod:`collections.abc` - module - -(since 3.10-alpha.5 `MutableMapping` is missing in collections module) ---- - fail2ban/server/action.py | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - ---- a/fail2ban/server/action.py -+++ b/fail2ban/server/action.py -@@ -30,7 +30,10 @@ import tempfile - import threading - import time - from abc import ABCMeta --from collections import MutableMapping -+try: -+ from collections.abc import MutableMapping -+except ImportError: -+ from collections import MutableMapping - - from .failregex import mapTag2Opt - from .ipdns import DNSUtils ---- a/fail2ban/server/actions.py -+++ b/fail2ban/server/actions.py -@@ -28,7 +28,10 @@ import logging - import os - import sys - import time --from collections import Mapping -+try: -+ from collections.abc import Mapping -+except ImportError: -+ from collections import Mapping - try: - from collections import OrderedDict - except ImportError: ---- a/fail2ban/server/jails.py -+++ b/fail2ban/server/jails.py -@@ -22,7 +22,10 @@ __copyright__ = "Copyright (c) 2004 Cyri - __license__ = "GPL" - - from threading import Lock --from collections import Mapping -+try: -+ from collections.abc import Mapping -+except ImportError: -+ from collections import Mapping - - from ..exceptions import DuplicateJailException, UnknownJailException - from .jail import Jail diff --git a/net/fail2ban/patches/020-fix-2to3.patch b/net/fail2ban/patches/020-fix-2to3.patch deleted file mode 100644 index 203e2c78019bd3..00000000000000 --- a/net/fail2ban/patches/020-fix-2to3.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 196c55e93103d1e56d1336f27a5f2591b4e54fef Mon Sep 17 00:00:00 2001 -From: sebres -Date: Sun, 19 Sep 2021 18:49:18 +0200 -Subject: [PATCH] fix gh-3098: build fails with error in fail2ban setup - command: use_2to3 is invalid (setuptools 58+) - ---- - setup.py | 16 +--------------- - 1 file changed, 1 insertion(+), 15 deletions(-) - ---- a/setup.py -+++ b/setup.py -@@ -56,7 +56,7 @@ import warnings - from glob import glob - - from fail2ban.setup import updatePyExec -- -+from fail2ban.version import version - - source_dir = os.path.realpath(os.path.dirname( - # __file__ seems to be overwritten sometimes on some python versions (e.g. bug of 2.6 by running under cProfile, etc.): -@@ -120,22 +120,12 @@ class install_scripts_f2b(install_script - # Wrapper to specify fail2ban own options: - class install_command_f2b(install): - user_options = install.user_options + [ -- ('disable-2to3', None, 'Specify to deactivate 2to3, e.g. if the install runs from fail2ban test-cases.'), - ('without-tests', None, 'without tests files installation'), - ] - def initialize_options(self): -- self.disable_2to3 = None - self.without_tests = not with_tests - install.initialize_options(self) - def finalize_options(self): -- global _2to3 -- ## in the test cases 2to3 should be already done (fail2ban-2to3): -- if self.disable_2to3: -- _2to3 = False -- if _2to3: -- cmdclass = self.distribution.cmdclass -- cmdclass['build_py'] = build_py_2to3 -- cmdclass['build_scripts'] = build_scripts_2to3 - if self.without_tests: - self.distribution.scripts.remove('bin/fail2ban-testcases') - -@@ -186,7 +176,6 @@ commands.''' - if setuptools: - setup_extra = { - 'test_suite': "fail2ban.tests.utils.gatherTests", -- 'use_2to3': True, - } - else: - setup_extra = {} -@@ -210,9 +199,6 @@ if platform_system in ('linux', 'solaris - ('/usr/share/doc/fail2ban', doc_files) - ) - --# Get version number, avoiding importing fail2ban. --# This is due to tests not functioning for python3 as 2to3 takes place later --exec(open(join("fail2ban", "version.py")).read()) - - setup( - name = "fail2ban", diff --git a/net/fail2ban/patches/020-nftables.patch b/net/fail2ban/patches/020-nftables.patch new file mode 100644 index 00000000000000..bc2f2e43877f03 --- /dev/null +++ b/net/fail2ban/patches/020-nftables.patch @@ -0,0 +1,41 @@ +From d56cda8f2a8dc3f69943545255d6934a73d0b1aa Mon Sep 17 00:00:00 2001 +From: sebres +Date: Fri, 26 Apr 2024 00:25:19 +0200 +Subject: [PATCH] cherry-pick from debian: debian default banactions are + nftables, systemd backend for sshd closes gh-3292 + +Upstream-Status: Backport [https://github.com/fail2ban/fail2ban/commit/d0d07285234871bad3dc0c359d0ec03365b6dddc] + +Signed-off-by: Andrey Zotikov +--- + config/jail.conf | 4 ++-- + config/paths-debian.conf | 5 +++++ + 2 files changed, 7 insertions(+), 2 deletions(-) + +--- a/config/jail.conf ++++ b/config/jail.conf +@@ -205,8 +205,8 @@ fail2ban_agent = Fail2Ban/%(fail2ban_ver + # iptables-multiport, shorewall, etc) It is used to define + # action_* variables. Can be overridden globally or per + # section within jail.local file +-banaction = iptables-multiport +-banaction_allports = iptables-allports ++#banaction = iptables-multiport ++#banaction_allports = iptables-allports + + # The simplest action to take: ban only + action_ = %(banaction)s[port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] +--- a/config/paths-debian.conf ++++ b/config/paths-debian.conf +@@ -9,6 +9,11 @@ after = paths-overrides.local + + [DEFAULT] + ++banaction = nftables ++banaction_allports = nftables[type=allports] ++ ++sshd_backend = systemd ++ + syslog_mail = /var/log/mail.log + + # control the `mail.warn` setting, see `/etc/rsyslog.d/50-default.conf` (if commented `mail.*` wins). diff --git a/net/fail2ban/patches/101-move-global-groups-to-start-of-expression-python-3.11-compat.patch b/net/fail2ban/patches/101-move-global-groups-to-start-of-expression-python-3.11-compat.patch deleted file mode 100644 index bd50c17bbac1e9..00000000000000 --- a/net/fail2ban/patches/101-move-global-groups-to-start-of-expression-python-3.11-compat.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 7e2ab36d86998575853150c0a57de5e22518cf66 Mon Sep 17 00:00:00 2001 -From: sebres -Date: Tue, 21 Jun 2022 16:55:57 +0200 -Subject: [PATCH] move global groups to start of expression (python 3.11 - compat) - -[remove change to regex not in 0.11.2] -Signed-off-by: Jeffery To ---- - fail2ban/client/fail2banregex.py | 2 +- - fail2ban/server/datetemplate.py | 8 ++++++++ - 2 files changed, 9 insertions(+), 1 deletion(-) - ---- a/fail2ban/server/datetemplate.py -+++ b/fail2ban/server/datetemplate.py -@@ -35,6 +35,7 @@ logSys = getLogger(__name__) - # check already grouped contains "(", but ignores char "\(" and conditional "(?(id)...)": - RE_GROUPED = re.compile(r'(? -Date: Tue, 21 Jun 2022 16:56:57 +0200 -Subject: [PATCH] wrap global flags like ((?i)xxx) or (?:(?i)xxx) to local - flags (?i:xxx) if supported by RE-engine in the python version - ---- - fail2ban/server/failregex.py | 10 ++++++++++ - 1 file changed, 10 insertions(+) - ---- a/fail2ban/server/failregex.py -+++ b/fail2ban/server/failregex.py -@@ -91,6 +91,13 @@ R_MAP = { - "port": "fport", - } - -+# map global flags like ((?i)xxx) or (?:(?i)xxx) to local flags (?i:xxx) if supported by RE-engine in this python version: -+try: -+ re.search("^re(?i:val)$", "reVAL") -+ R_GLOB2LOCFLAGS = ( re.compile(r"(? -Date: Mon, 21 Jun 2021 17:12:53 +0200 -Subject: [PATCH] fixed possible RCE vulnerability, unset escape variable - (default tilde) stops consider "~" char after new-line as composing escape - sequence - ---- - config/action.d/complain.conf | 2 +- - config/action.d/dshield.conf | 2 +- - config/action.d/mail-buffered.conf | 8 ++++---- - config/action.d/mail-whois-lines.conf | 2 +- - config/action.d/mail-whois.conf | 6 +++--- - config/action.d/mail.conf | 6 +++--- - 6 files changed, 13 insertions(+), 13 deletions(-) - ---- a/config/action.d/complain.conf -+++ b/config/action.d/complain.conf -@@ -102,7 +102,7 @@ logpath = /dev/null - # Notes.: Your system mail command. Is passed 2 args: subject and recipient - # Values: CMD - # --mailcmd = mail -s -+mailcmd = mail -E 'set escape' -s - - # Option: mailargs - # Notes.: Additional arguments to mail command. e.g. for standard Unix mail: ---- a/config/action.d/dshield.conf -+++ b/config/action.d/dshield.conf -@@ -179,7 +179,7 @@ tcpflags = - # Notes.: Your system mail command. Is passed 2 args: subject and recipient - # Values: CMD - # --mailcmd = mail -s -+mailcmd = mail -E 'set escape' -s - - # Option: mailargs - # Notes.: Additional arguments to mail command. e.g. for standard Unix mail: ---- a/config/action.d/mail-buffered.conf -+++ b/config/action.d/mail-buffered.conf -@@ -17,7 +17,7 @@ actionstart = printf %%b "Hi,\n - The jail has been started successfully.\n - Output will be buffered until lines are available.\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : started on " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : started on " - - # Option: actionstop - # Notes.: command executed at the stop of jail (or at the end of Fail2Ban) -@@ -28,13 +28,13 @@ actionstop = if [ -f ]; then - These hosts have been banned by Fail2Ban.\n - `cat ` - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : Summary from " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : Summary from " - rm - fi - printf %%b "Hi,\n - The jail has been stopped.\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : stopped on " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : stopped on " - - # Option: actioncheck - # Notes.: command executed once before each actionban command -@@ -55,7 +55,7 @@ actionban = printf %%b "`date`: (` - \nRegards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : Summary" -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : Summary" - rm - fi - ---- a/config/action.d/mail-whois-lines.conf -+++ b/config/action.d/mail-whois-lines.conf -@@ -72,7 +72,7 @@ actionunban = - # Notes.: Your system mail command. Is passed 2 args: subject and recipient - # Values: CMD - # --mailcmd = mail -s -+mailcmd = mail -E 'set escape' -s - - # Default name of the chain - # ---- a/config/action.d/mail-whois.conf -+++ b/config/action.d/mail-whois.conf -@@ -20,7 +20,7 @@ norestored = 1 - actionstart = printf %%b "Hi,\n - The jail has been started successfully.\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : started on " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : started on " - - # Option: actionstop - # Notes.: command executed at the stop of jail (or at the end of Fail2Ban) -@@ -29,7 +29,7 @@ actionstart = printf %%b "Hi,\n - actionstop = printf %%b "Hi,\n - The jail has been stopped.\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : stopped on " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : stopped on " - - # Option: actioncheck - # Notes.: command executed once before each actionban command -@@ -49,7 +49,7 @@ actionban = printf %%b "Hi,\n - Here is more information about :\n - `%(_whois_command)s`\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : banned from " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : banned from " - - # Option: actionunban - # Notes.: command executed when unbanning an IP. Take care that the ---- a/config/action.d/mail.conf -+++ b/config/action.d/mail.conf -@@ -16,7 +16,7 @@ norestored = 1 - actionstart = printf %%b "Hi,\n - The jail has been started successfully.\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : started on " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : started on " - - # Option: actionstop - # Notes.: command executed at the stop of jail (or at the end of Fail2Ban) -@@ -25,7 +25,7 @@ actionstart = printf %%b "Hi,\n - actionstop = printf %%b "Hi,\n - The jail has been stopped.\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : stopped on " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : stopped on " - - # Option: actioncheck - # Notes.: command executed once before each actionban command -@@ -43,7 +43,7 @@ actionban = printf %%b "Hi,\n - The IP has just been banned by Fail2Ban after - attempts against .\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : banned from " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : banned from " - - # Option: actionunban - # Notes.: command executed when unbanning an IP. Take care that the From 9f5d22e99c6b39494ec6b505f461f6e3a0673fbb Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Fri, 26 Sep 2025 20:32:43 +0200 Subject: [PATCH 121/239] gperftools: enable it for mips* It should be working for mips*, so enable it and let's see. :-) In the past, there were some issues related to mips, when the package was added, but these days, it appears that these issues are gone. More details about those issues could be found in the GitHub pull request when gperftools was added. Reference is in the Fixes tag. Fixes: c1b4e80825d6855d66899dc32490b0ce9537aff5 ("gperftools: add new package") Signed-off-by: Josef Schlehofer (cherry picked from commit 4dc36ae9fd1e36054541eb94bf25d6767eff7f03) --- libs/gperftools/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libs/gperftools/Makefile b/libs/gperftools/Makefile index 1274aa5bdc12f1..d08f544db55bcc 100644 --- a/libs/gperftools/Makefile +++ b/libs/gperftools/Makefile @@ -26,7 +26,7 @@ define Package/gperftools-headers SECTION:=libs TITLE:=Gperftools Headers URL:=https://github.com/gperftools/gperftools - DEPENDS:= @!(mips||mips64||mipsel||powerpc) + DEPENDS:= @!(powerpc) endef define Package/gperftools-runtime @@ -34,7 +34,7 @@ define Package/gperftools-runtime CATEGORY:=Libraries TITLE:=Gperftools Runtime URL:=https://github.com/gperftools/gperftools - DEPENDS:= +libunwind +libstdcpp @!(mips||mips64||mipsel||powerpc) + DEPENDS:= +libunwind +libstdcpp @!(powerpc) endef define Package/gperftools-headers/description From bf9b96456d00e1e33169695aa5152a2ff9b7b927 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Fri, 26 Sep 2025 20:21:36 +0200 Subject: [PATCH 122/239] gperftools: make libunwind dependency conditional Make libunwind support optional depending on package availability. Previously, gperftools unconditionally enabled libunwind as mandatory dependency, which led to build failures on architectures where libunwind is not provided. Signed-off-by: Josef Schlehofer (cherry picked from commit 69bf2443d9a87b663cef3dd19804c665e8acf4a4) --- libs/gperftools/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libs/gperftools/Makefile b/libs/gperftools/Makefile index d08f544db55bcc..5279e5318fbcae 100644 --- a/libs/gperftools/Makefile +++ b/libs/gperftools/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=gperftools PKG_VERSION:=2.17.2 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/gperftools/gperftools/tar.gz/$(PKG_NAME)-$(PKG_VERSION)? @@ -34,7 +34,7 @@ define Package/gperftools-runtime CATEGORY:=Libraries TITLE:=Gperftools Runtime URL:=https://github.com/gperftools/gperftools - DEPENDS:= +libunwind +libstdcpp @!(powerpc) + DEPENDS:=+PACKAGE_libunwind:libunwind +libstdcpp @!(powerpc) endef define Package/gperftools-headers/description @@ -49,7 +49,7 @@ endef CONFIGURE_ARGS += \ --enable-frame-pointers \ - --enable-libunwind \ + $(if $(CONFIG_PACKAGE_libunwind),--enable-libunwind,--disable-libunwind) \ --disable-deprecated-pprof define Build/InstallDev From 4164c25a6be640bafa2c21ab64ec7381657e1b62 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Wed, 1 Oct 2025 01:04:50 +0200 Subject: [PATCH 123/239] mariadb: update to version 11.4.8 Release notes: https://mariadb.com/docs/release-notes/community-server/mariadb-11-4-series/mariadb-11.4.8-release-notes Refreshed patch Signed-off-by: Josef Schlehofer (cherry picked from commit 9d141eb9d5c0af93ccd5592543b2cad005742d00) --- utils/mariadb/Makefile | 4 ++-- utils/mariadb/patches/210-no-altivec.patch | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/utils/mariadb/Makefile b/utils/mariadb/Makefile index b20bbf55087286..83d9e59c89b81f 100644 --- a/utils/mariadb/Makefile +++ b/utils/mariadb/Makefile @@ -9,13 +9,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=mariadb -PKG_VERSION:=11.4.7 +PKG_VERSION:=11.4.8 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL := https://archive.mariadb.org/$(PKG_NAME)-$(PKG_VERSION)/source -PKG_HASH:=bf20687ca12fa7efda8df89cab1f2a661288cea41acf8f53189b69d5294347d0 +PKG_HASH:=52fa4dca2c5f80afc1667d523a27c06176d98532298a6b0c31ed73505f49e15c PKG_MAINTAINER:=Michal Hrusecky PKG_LICENSE:=GPL-2.0-only PKG_LICENSE_FILES:=COPYING THIRDPARTY diff --git a/utils/mariadb/patches/210-no-altivec.patch b/utils/mariadb/patches/210-no-altivec.patch index 3fdc8bd5fe56b5..992069af8946fa 100644 --- a/utils/mariadb/patches/210-no-altivec.patch +++ b/utils/mariadb/patches/210-no-altivec.patch @@ -1,6 +1,6 @@ --- a/mysys/CMakeLists.txt +++ b/mysys/CMakeLists.txt -@@ -142,7 +142,7 @@ ENDIF() +@@ -155,7 +155,7 @@ ENDIF() IF(CMAKE_SYSTEM_PROCESSOR MATCHES "ppc64|powerpc64" OR CMAKE_SYSTEM_NAME MATCHES AIX) SET(MYSYS_SOURCES ${MYSYS_SOURCES} crc32/crc32_ppc64.c crc32/crc32c_ppc.c) SET_SOURCE_FILES_PROPERTIES(crc32/crc32_ppc64.c crc32/crc32c_ppc.c PROPERTIES From d470781c9fa749333a165f02dcc5c800ac5df4fc Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Wed, 1 Oct 2025 00:22:08 +0200 Subject: [PATCH 124/239] msmtp: update to version 1.8.31 Release notes: https://marlam.de/msmtp/news/ Signed-off-by: Josef Schlehofer (cherry picked from commit c488e1297f240a9ff1c8e22dcc49822027a229ee) --- mail/msmtp/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mail/msmtp/Makefile b/mail/msmtp/Makefile index f418d7b912250e..bd069fbad46717 100644 --- a/mail/msmtp/Makefile +++ b/mail/msmtp/Makefile @@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=msmtp -PKG_VERSION:=1.8.26 +PKG_VERSION:=1.8.31 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://marlam.de/msmtp/releases -PKG_HASH:=6cfc488344cef189267e60aea481f00d4c7e2a59b53c6c659c520a4d121f66d8 +PKG_HASH:=c262b11762d8582a3c6d6ca8d8b2cca2b1605497324ca27cc57fdc145a27119f PKG_MAINTAINER:= PKG_LICENSE:=GPL-3.0-or-later From d30b8d15ee7fe93bb063c9c9c02161f7bdbbe5ff Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Tue, 30 Sep 2025 08:45:04 +0200 Subject: [PATCH 125/239] umurmur: update to version 0.3.1 Makefile changes ---------------- 1. The location of uMurmur binary was changed to /sbin in release 0.3.1. See release notes [1] 2. I need to specify location of the library file instead of the directory. Fixes: CMake Warning at src/CMakeLists.txt:44 (target_link_libraries): Target "umurmurd" requests linking to directory "/build/staging_dir/target-powerpc_8548_musl/usr/lib". Targets may link only to libraries. CMake is dropping the item. CMake Warning at src/CMakeLists.txt:44 (target_link_libraries): Target "umurmurd" requests linking to directory "/build/staging_dir/target-powerpc_8548_musl/usr/lib". Targets may link only to libraries. CMake is dropping the item. Because of these two warnings, the build fails with undefined references to protobuf-c symbols (e.g. protobuf_c_message_get_packed_size). Patches ------- Removed all of them, because they are included in the upstream source code. [1] https://github.com/umurmur/umurmur/releases/tag/v0.3.1 Signed-off-by: Josef Schlehofer (cherry picked from commit c4a23ca99662e67c8b6f5b8bad76d93fc2381ea0) --- net/umurmur/Makefile | 16 +- .../patches/010-umurmur-0.2.20-openssl3.patch | 11 -- .../100-Add-support-for-mbedtls-3.x.patch | 177 ------------------ 3 files changed, 8 insertions(+), 196 deletions(-) delete mode 100644 net/umurmur/patches/010-umurmur-0.2.20-openssl3.patch delete mode 100644 net/umurmur/patches/100-Add-support-for-mbedtls-3.x.patch diff --git a/net/umurmur/Makefile b/net/umurmur/Makefile index 30ed236548ae5e..ff25fe10b660cf 100644 --- a/net/umurmur/Makefile +++ b/net/umurmur/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=umurmur -PKG_VERSION:=0.2.20 -PKG_RELEASE:=2 +PKG_VERSION:=0.3.1 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=https://codeload.github.com/umurmur/umurmur/tar.gz/$(PKG_VERSION)? -PKG_HASH:=b7b2978c3197aef0a6531f1cf0ee1aebb32a55ad8bda43064ce3a944edbcac83 +PKG_SOURCE_URL:=https://codeload.github.com/umurmur/umurmur/tar.gz/v$(PKG_VERSION)? +PKG_HASH:=8327dd0b2c5bd187a38d098295e896a6b85d698c9268205bcb27f6244f760a73 PKG_MAINTAINER:=Martin Johansson PKG_LICENSE:=BSD-3-Clause @@ -65,8 +65,8 @@ endef Package/umurmur-mbedtls/conffiles = $(Package/umurmur-openssl/conffiles) define Package/umurmur-openssl/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/umurmurd $(1)/usr/bin/ + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/umurmurd $(1)/usr/sbin/ $(INSTALL_DIR) $(1)/etc $(INSTALL_CONF) $(PKG_BUILD_DIR)/openwrt/files/umurmur.conf $(1)/etc/ $(INSTALL_DIR) $(1)/etc/init.d @@ -78,10 +78,10 @@ Package/umurmur-mbedtls/install = $(Package/umurmur-openssl/install) CMAKE_OPTIONS += \ -DLIBCONFIG_INCLUDE_DIR="$(STAGING_DIR)/usr/include" \ - -DLIBCONFIG_LIBRARIES="$(STAGING_DIR)/usr/lib" \ + -DLIBCONFIG_LIBRARIES="$(STAGING_DIR)/usr/lib/libconfig.so" \ -DLIBCONFIG_LIB_DIR="$(STAGING_DIR)/usr/lib" \ -DPROTOBUFC_INCLUDE_DIR="$(STAGING_DIR)/usr/include" \ - -DPROTOBUFC_LIBRARIES="$(STAGING_DIR)/usr/lib" \ + -DPROTOBUFC_LIBRARIES="$(STAGING_DIR)/usr/lib/libprotobuf-c.so" \ -DPROTOBUFC_LIB_DIR="$(STAGING_DIR)/usr/lib" ifeq ($(BUILD_VARIANT),openssl) diff --git a/net/umurmur/patches/010-umurmur-0.2.20-openssl3.patch b/net/umurmur/patches/010-umurmur-0.2.20-openssl3.patch deleted file mode 100644 index c82541aba6e08a..00000000000000 --- a/net/umurmur/patches/010-umurmur-0.2.20-openssl3.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/src/ssli_openssl.c -+++ b/src/ssli_openssl.c -@@ -142,8 +142,6 @@ static EVP_PKEY *SSL_generate_cert_and_k - - Log_info("Generating new server certificate."); - -- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); -- - x509 = X509_new(); - if (!x509) - goto err_out; diff --git a/net/umurmur/patches/100-Add-support-for-mbedtls-3.x.patch b/net/umurmur/patches/100-Add-support-for-mbedtls-3.x.patch deleted file mode 100644 index 45bca4c1c60832..00000000000000 --- a/net/umurmur/patches/100-Add-support-for-mbedtls-3.x.patch +++ /dev/null @@ -1,177 +0,0 @@ -From fa75e4ca000fc41af0eefd60ac06223c573e0ae4 Mon Sep 17 00:00:00 2001 -From: Glenn Strauss -Date: Thu, 24 Oct 2024 10:07:10 -0400 -Subject: [PATCH] Add support for mbedtls-3.x - -Signed-off-by: Glenn Strauss ---- - src/crypt.h | 1 - - src/ssl.h | 4 +++ - src/ssli_mbedtls.c | 65 +++++++++++++++++++++++++++++++++++++++++++--- - 3 files changed, 66 insertions(+), 4 deletions(-) - ---- a/src/crypt.h -+++ b/src/crypt.h -@@ -36,7 +36,6 @@ - - #if defined(USE_MBEDTLS) - --#include - #include - - #define CRYPT_AES_KEY mbedtls_aes_context ---- a/src/ssl.h -+++ b/src/ssl.h -@@ -53,6 +53,10 @@ - #include - #endif - -+#if (MBEDTLS_VERSION_MAJOR >= 3) -+#undef USE_MBEDTLS_HAVEGE -+#endif -+ - #if defined(USE_MBEDTLS_HAVEGE) - #include - #define HAVEGE_RAND (mbedtls_havege_random) ---- a/src/ssli_mbedtls.c -+++ b/src/ssli_mbedtls.c -@@ -37,10 +37,16 @@ - #include - #include - --#include - #include --#include -+#if defined(MBEDTLS_USE_PSA_CRYPTO) -+#include -+#else -+#include -+#include -+#endif -+#if MBEDTLS_VERSION_MAJOR < 3 - #include -+#endif - #include - #include - -@@ -64,13 +70,32 @@ const int ciphers[] = - 0 - }; - -+#if MBEDTLS_VERSION_NUMBER >= 0x03000000 -+#if !defined(MBEDTLS_USE_PSA_CRYPTO) -+#ifdef MBEDTLS_ENTROPY_C -+static mbedtls_entropy_context entropy; -+#ifdef MBEDTLS_CTR_DRBG_C -+static mbedtls_ctr_drbg_context ctr_drbg; -+#endif -+#endif -+#endif -+#endif -+ - static mbedtls_x509_crt certificate; - static inline int x509parse_keyfile(mbedtls_pk_context *pk, const char *path, const char *pwd) - { - int ret; - - mbedtls_pk_init(pk); -+#if MBEDTLS_VERSION_NUMBER >= 0x03000000 -+#if defined(MBEDTLS_USE_PSA_CRYPTO) -+ ret = mbedtls_pk_parse_keyfile(pk, path, pwd, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE); -+#else -+ ret = mbedtls_pk_parse_keyfile(pk, path, pwd, mbedtls_ctr_drbg_random, &ctr_drbg); -+#endif -+#else - ret = mbedtls_pk_parse_keyfile(pk, path, pwd); -+#endif - if (ret == 0 && !mbedtls_pk_can_do(pk, MBEDTLS_PK_ECDSA) && !mbedtls_pk_can_do(pk, MBEDTLS_PK_RSA)) - { - ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; -@@ -127,6 +152,13 @@ static void initKey() - #ifndef USE_MBEDTLS_HAVEGE - int urandom_bytes(void *ctx, unsigned char *dest, size_t len) - { -+#if (MBEDTLS_VERSION_MAJOR >= 3) -+#if defined(MBEDTLS_USE_PSA_CRYPTO) -+ mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, dest, len); -+#else -+ mbedtls_ctr_drbg_random(&ctr_drbg, dest, len); -+#endif -+#else - int cur; - - while (len) { -@@ -135,6 +167,7 @@ int urandom_bytes(void *ctx, unsigned ch - continue; - len -= cur; - } -+#endif - return 0; - } - #endif -@@ -160,10 +193,20 @@ void SSLi_init(void) - #ifdef USE_MBEDTLS_HAVEGE - mbedtls_havege_init(&hs); - #else -+#if MBEDTLS_VERSION_NUMBER >= 0x03000000 -+#if defined(MBEDTLS_USE_PSA_CRYPTO) -+ psa_crypto_init(); -+#else -+ mbedtls_ctr_drbg_init(&ctr_drbg); -+ mbedtls_entropy_init(&entropy); -+ mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0); -+#endif -+#else - urandom_fd = open("/dev/urandom", O_RDONLY); - if (urandom_fd < 0) - Log_fatal("Cannot open /dev/urandom"); - #endif -+#endif - - /* Initialize config */ - conf = Memory_safeCalloc(1, sizeof(mbedtls_ssl_config)); -@@ -187,7 +230,11 @@ void SSLi_init(void) - #endif - mbedtls_ssl_conf_dbg(conf, pssl_debug, NULL); - -+#if MBEDTLS_VERSION_NUMBER >= 0x03000000 -+ mbedtls_ssl_conf_min_version(conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3); -+#else - mbedtls_ssl_conf_min_version(conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1); -+#endif - - mbedtls_ssl_conf_ciphersuites(conf, (const int*)&ciphers); - -@@ -209,8 +256,15 @@ void SSLi_deinit(void) - #ifdef USE_MBEDTLS_HAVEGE - mbedtls_havege_free(&hs); - #else -+#if MBEDTLS_VERSION_NUMBER >= 0x03000000 -+#if !defined(MBEDTLS_USE_PSA_CRYPTO) -+ mbedtls_ctr_drbg_free(&ctr_drbg); -+ mbedtls_entropy_free(&entropy); -+#endif -+#else - close(urandom_fd); - #endif -+#endif - } - - bool_t SSLi_getSHA1Hash(SSL_handle_t *ssl, uint8_t *hash) -@@ -223,8 +277,15 @@ bool_t SSLi_getSHA1Hash(SSL_handle_t *ss - } - #if MBEDTLS_VERSION_NUMBER < 0x02070000L - mbedtls_sha1(cert->raw.p, cert->raw.len, hash); --#else -+#elif MBEDTLS_VERSION_NUMBER < 0x03000000L - mbedtls_sha1_ret(cert->raw.p, cert->raw.len, hash); -+#elif !defined(MBEDTLS_USE_PSA_CRYPTO) -+ mbedtls_sha1(cert->raw.p, cert->raw.len, hash); -+#else -+ size_t hash_length; -+ mbedtls_psa_hash_compute( -+ PSA_ALG_SHA_1, cert->raw.p, cert->raw.len, hash, -+ 20 /* client_t member uint8_t hash[20] */, &hash_length); - #endif - return true; - } From db71795485bbb89ff9b0f844fac21230c32e316a Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Tue, 30 Sep 2025 17:12:26 +0200 Subject: [PATCH 126/239] syslog-ng: update to version 4.10.1 Release notes: https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.10.1 Signed-off-by: Josef Schlehofer (cherry picked from commit 2ba11a2da59cc2f3cad64f261681500f0b703ea9) --- admin/syslog-ng/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/admin/syslog-ng/Makefile b/admin/syslog-ng/Makefile index 36de97a598167f..885954d9020641 100644 --- a/admin/syslog-ng/Makefile +++ b/admin/syslog-ng/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=syslog-ng -PKG_VERSION:=4.10.0 +PKG_VERSION:=4.10.1 PKG_RELEASE:=1 PKG_MAINTAINER:=Josef Schlehofer @@ -11,7 +11,7 @@ PKG_CPE_ID:=cpe:/a:oneidentity:syslog-ng PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/syslog-ng/syslog-ng/releases/download/$(PKG_NAME)-$(PKG_VERSION)/ -PKG_HASH:=219fbdb1685b6fa61674712f21c7b46e5e09b2533518c57689eaa827f57b1609 +PKG_HASH:=dea90cf1dc4b8674ff191e0032f9dabc24b291abfd7f110fd092ae5f21cde5d7 PKG_BUILD_PARALLEL:=1 PKG_INSTALL:=1 From 41823138b4899c98cbee1808480323732c0a0553 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Wed, 1 Oct 2025 10:19:53 +0200 Subject: [PATCH 127/239] apache: update to version 2.4.65 Fixes CVEs: - CVE-2025-54090 - CVE-2025-53020 - CVE-2025-49812 - CVE-2025-49630 - CVE-2025-23048 - CVE-2024-47252 - CVE-2024-43394 - CVE-2024-43204 - CVE-2024-42516 More details can be found in https://downloads.apache.org/httpd/CHANGES_2.4 Signed-off-by: Josef Schlehofer (cherry picked from commit 28adfd3d1e3550f1dd0c9a978f41748cd70cab5b) --- net/apache/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/apache/Makefile b/net/apache/Makefile index f471f9f7bb1404..11031352eb89cc 100644 --- a/net/apache/Makefile +++ b/net/apache/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=apache -PKG_VERSION:=2.4.62 +PKG_VERSION:=2.4.65 PKG_RELEASE:=1 PKG_SOURCE_NAME:=httpd PKG_SOURCE:=$(PKG_SOURCE_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=@APACHE/httpd/ -PKG_HASH:=674188e7bf44ced82da8db522da946849e22080d73d16c93f7f4df89e25729ec +PKG_HASH:=58b8be97d9940ec17f7656c0c6b9f41b618aac468b894b534148e3296c53b8b3 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_SOURCE_NAME)-$(PKG_VERSION) From 9d839fe5a78d5ebae29e162617d1de64cbf580ae Mon Sep 17 00:00:00 2001 From: Michael Heimpold Date: Sat, 27 Sep 2025 12:26:03 +0200 Subject: [PATCH 128/239] php8: update to 8.3.26 Upstream changelog: https://www.php.net/ChangeLog-8.php#8.3.26 Signed-off-by: Michael Heimpold --- lang/php8/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/php8/Makefile b/lang/php8/Makefile index a2a4cde3545a4b..66495ba8e683fe 100644 --- a/lang/php8/Makefile +++ b/lang/php8/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=php -PKG_VERSION:=8.3.25 +PKG_VERSION:=8.3.26 PKG_RELEASE:=1 PKG_MAINTAINER:=Michael Heimpold @@ -16,7 +16,7 @@ PKG_CPE_ID:=cpe:/a:php:php PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://www.php.net/distributions/ -PKG_HASH:=187b61bb795015adacf53f8c55b44414a63777ec19a776b75fb88614506c0d37 +PKG_HASH:=2f522eefa02c400c94610d07f25c4fd4c771f95e4a1f55102332ccb40663cbd2 PKG_BUILD_PARALLEL:=1 PKG_BUILD_FLAGS:=no-mips16 From 3f75acf66a42a52522b9b1d5c49e89eda5dfda37 Mon Sep 17 00:00:00 2001 From: Florian Maurer Date: Mon, 15 Sep 2025 21:22:49 +0200 Subject: [PATCH 129/239] tunneldigger: add broker_selection option to expose load balancing capabilities Using the broker_selection param makes it possible to decide by use (default), always use the first available broker to connect or select a random broker See also: https://github.com/wlanslovenija/tunneldigger/blob/51a5e46ad143c92d2867835a563146ec4fbc6211/client/l2tp_client.c#L1331-L1333 Signed-off-by: Florian Maurer (cherry picked from commit 296c15c1f222b0c29de27f6f393c550275c79878) --- net/tunneldigger/Makefile | 2 +- net/tunneldigger/files/config.default | 1 + net/tunneldigger/files/tunneldigger.init | 15 +++++++++++++++ 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/net/tunneldigger/Makefile b/net/tunneldigger/Makefile index b391b4f3a9ccb3..10c774cba6e907 100644 --- a/net/tunneldigger/Makefile +++ b/net/tunneldigger/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tunneldigger -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_URL:=https://github.com/wlanslovenija/tunneldigger.git PKG_SOURCE_PROTO:=git diff --git a/net/tunneldigger/files/config.default b/net/tunneldigger/files/config.default index 571621a42e4bc0..0a01bc2a0cc862 100644 --- a/net/tunneldigger/files/config.default +++ b/net/tunneldigger/files/config.default @@ -5,4 +5,5 @@ config broker option uuid 'abcd' option interface 'l2tp0' option limit_bw_down '1024' + option broker_selection 'usage' option enabled '0' diff --git a/net/tunneldigger/files/tunneldigger.init b/net/tunneldigger/files/tunneldigger.init index bacaace8168ecd..810d96be7a7fba 100644 --- a/net/tunneldigger/files/tunneldigger.init +++ b/net/tunneldigger/files/tunneldigger.init @@ -22,6 +22,7 @@ parse_broker() { config_get hook_script "$section" hook_script config_get bind_interface "$section" bind_interface config_get group "$section" group + config_get broker_selection "$section" broker_selection [ $enabled -eq 0 ] && return @@ -38,6 +39,20 @@ parse_broker() { network_get_device _bind_interface "${bind_interface}" || _bind_interface="${bind_interface}" append broker_opts "-I ${_bind_interface}" } + [ ! -z "${broker_selection}" ] && { + # Set broker selection. + case "${broker_selection}" in + usage) + append broker_opts "-a" + ;; + first) + append broker_opts "-g" + ;; + random) + append broker_opts "-r" + ;; + esac + } if [ -z "$uuid" ]; then missing uuid From 28ff64bed9a629892cc622391a167ff7646ea775 Mon Sep 17 00:00:00 2001 From: Austin Lane Date: Thu, 5 Dec 2024 01:50:48 -0500 Subject: [PATCH 130/239] python-pyelftools: add package / hostbuild Signed-off-by: Austin Lane (cherry picked from commit dc79b54b571da4247b3289f9239b96435f660835) --- lang/python/python-pyelftools/Makefile | 46 ++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 lang/python/python-pyelftools/Makefile diff --git a/lang/python/python-pyelftools/Makefile b/lang/python/python-pyelftools/Makefile new file mode 100644 index 00000000000000..928f92689d8603 --- /dev/null +++ b/lang/python/python-pyelftools/Makefile @@ -0,0 +1,46 @@ +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=python-pyelftools +PKG_VERSION:=0.31 +PKG_RELEASE:=1 + +PYPI_NAME:=pyelftools +PKG_HASH:=c774416b10310156879443b81187d182d8d9ee499660380e645918b50bc88f99 + +PKG_MAINTAINER:=Austin Lane +PKG_LICENSE:=Unlicense +PKG_LICENSE_FILES:=LICENSE + +HOST_BUILD_DEPENDS:= \ + python3/host \ + python-build/host \ + python-installer/host \ + python-wheel/host + +include ../pypi.mk +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/host-build.mk +include ../python3-package.mk +include ../python3-host-build.mk + +define Package/python3-pyelftools + SECTION:=lang + CATEGORY:=Languages + SUBMENU:=Python + TITLE:=Library for analyzing ELF files and DWARF debugging information + URL:=https://pypi.org/project/pyelftools + DEPENDS:=+python3-light +python3-logging +endef + +define Package/python3-pyelftools/description +Library for analyzing ELF files and DWARF debugging information +endef + +$(eval $(call Py3Package,python3-pyelftools)) +$(eval $(call BuildPackage,python3-pyelftools)) +$(eval $(call BuildPackage,python3-pyelftools-src)) +$(eval $(call HostBuild)) From 0af825465ede2fb8639c62c2f74691575c0333c3 Mon Sep 17 00:00:00 2001 From: Austin Lane Date: Sun, 17 Aug 2025 18:27:02 -0400 Subject: [PATCH 131/239] python-pyelftools: Update to v0.32 - Update pyelftools to version 0.32 (minor) Signed-off-by: Austin Lane (cherry picked from commit f2d141912f28638bfaa26ebb33634700a847ec4b) --- lang/python/python-pyelftools/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/python/python-pyelftools/Makefile b/lang/python/python-pyelftools/Makefile index 928f92689d8603..f9aa0dcd4f43a7 100644 --- a/lang/python/python-pyelftools/Makefile +++ b/lang/python/python-pyelftools/Makefile @@ -5,11 +5,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-pyelftools -PKG_VERSION:=0.31 +PKG_VERSION:=0.32 PKG_RELEASE:=1 PYPI_NAME:=pyelftools -PKG_HASH:=c774416b10310156879443b81187d182d8d9ee499660380e645918b50bc88f99 +PKG_HASH:=6de90ee7b8263e740c8715a925382d4099b354f29ac48ea40d840cf7aa14ace5 PKG_MAINTAINER:=Austin Lane PKG_LICENSE:=Unlicense From 4e52a8f26eb067e9f5340b92bdc30e8e7a7aa624 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sat, 11 Jan 2025 18:59:24 +0100 Subject: [PATCH 132/239] openvpn: enable DCO by default Enable the DCO option by default in the openvpn package to allow for better performance and have a use case for kmod-ovpn-dco-v2 :-) Signed-off-by: Dennis Camera (cherry picked from commit 11e17a3ed625c34501568669303e3f447fe4f693) Signed-off-by: Sander van Deijck --- net/openvpn/Config-mbedtls.in | 2 +- net/openvpn/Config-openssl.in | 2 +- net/openvpn/Config-wolfssl.in | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/net/openvpn/Config-mbedtls.in b/net/openvpn/Config-mbedtls.in index edcfbdf9d707ac..14b1959c425888 100644 --- a/net/openvpn/Config-mbedtls.in +++ b/net/openvpn/Config-mbedtls.in @@ -35,7 +35,7 @@ config OPENVPN_mbedtls_ENABLE_IPROUTE2 config OPENVPN_mbedtls_ENABLE_DCO depends on !OPENVPN_mbedtls_ENABLE_IPROUTE2 bool "Enable support for data channel offload" - default n if OPENVPN_mbedtls_ENABLE_IPROUTE2 + default y if !OPENVPN_mbedtls_ENABLE_IPROUTE2 help enable data channel offload support using the ovpn-dco-v2 kernel module diff --git a/net/openvpn/Config-openssl.in b/net/openvpn/Config-openssl.in index c09b45e10d32fa..9ff20302062653 100644 --- a/net/openvpn/Config-openssl.in +++ b/net/openvpn/Config-openssl.in @@ -39,7 +39,7 @@ config OPENVPN_openssl_ENABLE_IPROUTE2 config OPENVPN_openssl_ENABLE_DCO depends on !OPENVPN_openssl_ENABLE_IPROUTE2 bool "Enable support for data channel offload" - default n if OPENVPN_openssl_ENABLE_IPROUTE2 + default y if !OPENVPN_openssl_ENABLE_IPROUTE2 help enable data channel offload support using the ovpn-dco-v2 kernel module diff --git a/net/openvpn/Config-wolfssl.in b/net/openvpn/Config-wolfssl.in index 66bb67caeed2dd..e3c70a51178d0c 100644 --- a/net/openvpn/Config-wolfssl.in +++ b/net/openvpn/Config-wolfssl.in @@ -44,7 +44,7 @@ config OPENVPN_wolfssl_ENABLE_IPROUTE2 config OPENVPN_wolfssl_ENABLE_DCO depends on !OPENVPN_wolfssl_ENABLE_IPROUTE2 bool "Enable support for data channel offload" - default n if OPENVPN_openssl_ENABLE_IPROUTE2 + default y if !OPENVPN_wolfssl_ENABLE_IPROUTE2 select WOLFSSL_HAS_OPENVPN help enable data channel offload support From 00623806bc54fb36a3c43d5682175ccaffae772f Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sat, 11 Jan 2025 18:59:42 +0100 Subject: [PATCH 133/239] openvpn: remove kmod-ovpn-dco-v2 dependency OpenVPN does work without the kernel module, it just won't be able to use DCO. To make life easier for OpenVPN users on very space-constrained devices make it an optional dependency. Signed-off-by: Dennis Camera (cherry picked from commit 01fafd69ef276cd3ae80e9a633391d5f7a8d7dfe) Signed-off-by: Sander van Deijck --- net/openvpn/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/openvpn/Makefile b/net/openvpn/Makefile index f1301d89a37d22..37df44d8acb725 100644 --- a/net/openvpn/Makefile +++ b/net/openvpn/Makefile @@ -37,7 +37,7 @@ define Package/openvpn/Default SUBMENU:=VPN MENU:=1 DEPENDS:=+kmod-tun +libcap-ng +OPENVPN_$(1)_ENABLE_LZO:liblzo +OPENVPN_$(1)_ENABLE_LZ4:liblz4 +OPENVPN_$(1)_ENABLE_IPROUTE2:ip \ - +OPENVPN_$(1)_ENABLE_DCO:libnl-genl +OPENVPN_$(1)_ENABLE_DCO:kmod-ovpn-dco-v2 $(3) + +OPENVPN_$(1)_ENABLE_DCO:libnl-genl $(3) VARIANT:=$(1) PROVIDES:=openvpn openvpn-crypto endef From b446c2e9e50cbb8c90c34e2f4599e45e35304e97 Mon Sep 17 00:00:00 2001 From: Wesley Gimenes Date: Mon, 29 Sep 2025 04:36:11 -0300 Subject: [PATCH 134/239] openvpn: bump `PKG_RELEASE` Although recent updates were made, the `PKG_RELEASE` bump was missed. Signed-off-by: Wesley Gimenes (cherry picked from commit 7c88f998e5e70712fef50d9ae511b776871cc492) Signed-off-by: Sander van Deijck --- net/openvpn/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/openvpn/Makefile b/net/openvpn/Makefile index 37df44d8acb725..8202c2de3d0b09 100644 --- a/net/openvpn/Makefile +++ b/net/openvpn/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openvpn PKG_VERSION:=2.6.14 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_URL:=\ https://build.openvpn.net/downloads/releases/ \ From 0382e4fb43eeb122a9410d54eb32d1f4027f2f19 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Sat, 20 Sep 2025 16:22:59 +0800 Subject: [PATCH 135/239] microsocks: run as unprivileged user Run the daemon as unprivileged user for better security. Trim whitespaces while at it. Signed-off-by: Tianling Shen (cherry picked from commit 182db0ac04364f685acc1e57284bf624b474edfd) --- net/microsocks/Makefile | 3 ++- net/microsocks/files/microsocks.init | 15 +++++++++------ 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/net/microsocks/Makefile b/net/microsocks/Makefile index 6de5b4bc764241..f52fe0c76a4d25 100644 --- a/net/microsocks/Makefile +++ b/net/microsocks/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=microsocks PKG_VERSION:=1.0.5 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/rofl0r/microsocks/tar.gz/v$(PKG_VERSION)? @@ -21,6 +21,7 @@ define Package/microsocks SUBMENU:=Web Servers/Proxies CATEGORY:=Network TITLE:=SOCKS5 TCP/IP only proxy + USERID:=microsocks:microsocks endef define Package/microsocks/description diff --git a/net/microsocks/files/microsocks.init b/net/microsocks/files/microsocks.init index 74dc03ff5f7eb7..4df898ceca33df 100755 --- a/net/microsocks/files/microsocks.init +++ b/net/microsocks/files/microsocks.init @@ -7,12 +7,12 @@ CONF="microsocks" start_service() { config_load "$CONF" - + local _enabled config_get_bool _enabled "config" "enabled" "0" [ "$_enabled" -eq "1" ] || return 1 - - local _port + + local _port local _listenip local _bindaddr local _user @@ -27,7 +27,7 @@ start_service() { config_get _password "config" "password" config_get_bool _auth_once "config" "auth_once" 0 config_get_bool _quiet "config" "quiet" 0 - + procd_open_instance "$CONF" procd_set_param command /usr/bin/microsocks [ -z "$_port" ] || procd_append_param command -p "${_port}" @@ -37,12 +37,15 @@ start_service() { [ -z "$_password" ] || procd_append_param command -P "${_password}" [ "$_auth_once" -eq "0" ] || procd_append_param command -1 [ "$_quiet" -eq "0" ] || procd_append_param command -q - + + procd_set_param user microsocks + procd_set_param group microsocks + procd_set_param respawn procd_set_param stderr 1 # TODO: Make it dependable on some verbose/debug config setting? # procd_set_param stdout 1 - + procd_close_instance } From d8fd46fdef8d17647b11d43365587ff19f53efbf Mon Sep 17 00:00:00 2001 From: John Audia Date: Sat, 6 Sep 2025 07:42:29 -0400 Subject: [PATCH 136/239] snort3: update to 3.9.5.0 Changelog: https://github.com/snort3/snort3/releases/tag/3.9.5.0 Build system: x86/64 Build-tested: x86/64-glibc Run-tested: x86/64-glibc Signed-off-by: John Audia (cherry picked from commit a75e0a6db93b143d00df82581216d5901d13fc0e) --- net/snort3/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/snort3/Makefile b/net/snort3/Makefile index 7a2d4332fe1083..0473cc73f39440 100644 --- a/net/snort3/Makefile +++ b/net/snort3/Makefile @@ -6,13 +6,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=snort3 -PKG_VERSION:=3.9.3.0 -PKG_RELEASE:=2 +PKG_VERSION:=3.9.5.0 +PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_VERSION:=$(PKG_VERSION) PKG_SOURCE_URL:=https://github.com/snort3/snort3 -PKG_MIRROR_HASH:=aa70ac94fbae9e3080422360513b1f05f7ada14ba29d9c453f50afb8a96627f6 +PKG_MIRROR_HASH:=e1f6b012d845bde9e47a5a7110ca9ccf8df47cc62dce20e3f20b9b275138727a PKG_MAINTAINER:=W. Michael Petullo , John Audia PKG_LICENSE:=GPL-2.0-only From 6a1ef4be710111315b0c3931259907fcf55d09b5 Mon Sep 17 00:00:00 2001 From: John Audia Date: Sun, 7 Sep 2025 06:57:17 -0400 Subject: [PATCH 137/239] snort3: switch from git proto to tarballs Use upstream tarballs for source rather than using git. If we ever need to build from git we can cherry pick and make a patch. This gives a cleaner Makefile and faster build. Signed-off-by: John Audia (cherry picked from commit 8914929466f3fdab06c68a83aa416007e11388f1) --- net/snort3/Makefile | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/net/snort3/Makefile b/net/snort3/Makefile index 0473cc73f39440..106c60290324a9 100644 --- a/net/snort3/Makefile +++ b/net/snort3/Makefile @@ -7,12 +7,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=snort3 PKG_VERSION:=3.9.5.0 -PKG_RELEASE:=1 +PKG_RELEASE:=2 -PKG_SOURCE_PROTO:=git -PKG_SOURCE_VERSION:=$(PKG_VERSION) -PKG_SOURCE_URL:=https://github.com/snort3/snort3 -PKG_MIRROR_HASH:=e1f6b012d845bde9e47a5a7110ca9ccf8df47cc62dce20e3f20b9b275138727a +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://codeload.github.com/snort3/snort3/tar.gz/$(PKG_VERSION)? +PKG_HASH:=e2e36a8db2c4c26a6ff58ea58839339260319eba25d0eb901ddb7210f4fa4b4c PKG_MAINTAINER:=W. Michael Petullo , John Audia PKG_LICENSE:=GPL-2.0-only From 25238f1571dbd4aa0460fa8cb9b54e62885d9161 Mon Sep 17 00:00:00 2001 From: John Audia Date: Sun, 7 Sep 2025 07:05:52 -0400 Subject: [PATCH 138/239] snort3: clean-up Makefile Simplification of Makefile: remove line splits to increase readability. Signed-off-by: John Audia (cherry picked from commit 87d0da8aa27146a6548936c12b417ca455d6e3ae) --- net/snort3/Makefile | 58 ++++++++++----------------------------------- 1 file changed, 12 insertions(+), 46 deletions(-) diff --git a/net/snort3/Makefile b/net/snort3/Makefile index 106c60290324a9..be286b61d4f79b 100644 --- a/net/snort3/Makefile +++ b/net/snort3/Makefile @@ -78,67 +78,33 @@ endef define Package/snort3/install $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) \ - $(PKG_INSTALL_DIR)/usr/bin/snort \ - $(1)/usr/bin/ - - $(INSTALL_BIN) \ - $(PKG_INSTALL_DIR)/usr/bin/snort2lua \ - $(1)/usr/bin/ - - $(INSTALL_BIN) \ - $(PKG_INSTALL_DIR)/usr/bin/u2{boat,spewfoo} \ - $(1)/usr/bin/ - - $(INSTALL_BIN) \ - ./files/snort-{mgr,rules} \ - $(1)/usr/bin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/snort $(1)/usr/bin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/snort2lua $(1)/usr/bin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/u2{boat,spewfoo} $(1)/usr/bin/ + $(INSTALL_BIN) ./files/snort-{mgr,rules} $(1)/usr/bin/ $(INSTALL_DIR) $(1)/usr/lib/snort - $(CP) \ - $(PKG_INSTALL_DIR)/usr/lib/snort/daq/daq_hext.so \ - $(1)/usr/lib/snort/ - - $(CP) \ - $(PKG_INSTALL_DIR)/usr/lib/snort/daq/daq_file.so \ - $(1)/usr/lib/snort/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/snort/daq/daq_{hext,file}.so $(1)/usr/lib/snort/ $(INSTALL_DIR) $(1)/usr/share/lua - $(CP) \ - $(PKG_INSTALL_DIR)/usr/include/snort/lua/snort_plugin.lua \ - $(1)/usr/share/lua/ + $(CP) $(PKG_INSTALL_DIR)/usr/include/snort/lua/snort_plugin.lua $(1)/usr/share/lua/ $(INSTALL_DIR) $(1)/usr/share/snort - $(INSTALL_CONF) \ - ./files/main.uc \ - $(1)/usr/share/snort/ + $(INSTALL_CONF) ./files/main.uc $(1)/usr/share/snort/ $(INSTALL_DIR) $(1)/usr/share/snort/templates - $(INSTALL_CONF) \ - ./files/nftables.uc \ - $(1)/usr/share/snort/templates/ - $(INSTALL_CONF) \ - ./files/snort.uc \ - $(1)/usr/share/snort/templates/ + $(INSTALL_CONF) ./files/{nftables,snort}.uc $(1)/usr/share/snort/templates/ $(INSTALL_DIR) $(1)/etc/snort/{rules,lists,builtin_rules,so_rules} - $(INSTALL_CONF) \ - $(PKG_INSTALL_DIR)/usr/etc/snort/*.lua \ - $(1)/etc/snort - $(INSTALL_CONF) \ - $(PKG_INSTALL_DIR)/usr/etc/snort/file_magic.rules \ - $(1)/etc/snort + $(INSTALL_CONF) $(PKG_INSTALL_DIR)/usr/etc/snort/*.lua $(1)/etc/snort + $(INSTALL_CONF) $(PKG_INSTALL_DIR)/usr/etc/snort/file_magic.rules $(1)/etc/snort $(INSTALL_DIR) $(1)/etc/init.d - $(INSTALL_BIN) \ - ./files/snort.init \ - $(1)/etc/init.d/snort + $(INSTALL_BIN) ./files/snort.init $(1)/etc/init.d/snort $(INSTALL_DIR) $(1)/etc/config - $(INSTALL_CONF) \ - ./files/snort.config \ - $(1)/etc/config/snort + $(INSTALL_CONF) ./files/snort.config $(1)/etc/config/snort sed \ -i \ From ed702ba592b8d4f852da321b6f1c9548ef53f1e1 Mon Sep 17 00:00:00 2001 From: Michal Hrusecky Date: Thu, 2 Oct 2025 09:08:42 +0200 Subject: [PATCH 139/239] mariadb: add unconditional dependency on libaio MariaDB now depends on libaio even when uring is enabled. Signed-off-by: Michal Hrusecky (cherry picked from commit d50b5e583c96bf0e925fc85a2413e3ac924c5eb2) --- utils/mariadb/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/utils/mariadb/Makefile b/utils/mariadb/Makefile index 83d9e59c89b81f..d25c21c8b04281 100644 --- a/utils/mariadb/Makefile +++ b/utils/mariadb/Makefile @@ -1,6 +1,6 @@ # # Copyright (C) 2018 Sebastian Kemper -# Copyright (C) 2021 Michal Hrusecky +# Copyright (C) 2025 Michal Hrusecky # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=mariadb PKG_VERSION:=11.4.8 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL := https://archive.mariadb.org/$(PKG_NAME)-$(PKG_VERSION)/source @@ -264,8 +264,8 @@ define Package/mariadb-server-base $(call Package/mariadb/Default) DEPENDS:= \ $(MARIADB_COMMON_DEPENDS) \ - +!KERNEL_IO_URING:libaio \ +KERNEL_IO_URING:liburing \ + +libaio \ +liblzma \ +libpcre2 \ +resolveip \ From 0723d0f62e1c99d903825a3fed8f6720b838f278 Mon Sep 17 00:00:00 2001 From: John Audia Date: Tue, 12 Aug 2025 03:49:11 -0400 Subject: [PATCH 140/239] libdaq3: update to 3.0.21 Update to latest version. Changelog: https://github.com/snort3/libdaq/releases/tag/v3.0.21 Signed-off-by: John Audia (cherry picked from commit 64b8872cf4f506960ee733e30079feb22d11fd38) --- libs/libdaq3/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libs/libdaq3/Makefile b/libs/libdaq3/Makefile index efaf9041e32b86..db2e507e1b0086 100644 --- a/libs/libdaq3/Makefile +++ b/libs/libdaq3/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libdaq3 -PKG_VERSION:=3.0.20 +PKG_VERSION:=3.0.21 PKG_RELEASE:=1 PKG_MAINTAINER:=W. Michael Petullo @@ -18,7 +18,7 @@ PKG_LICENSE_FILES:=COPYING LICENSE PKG_SOURCE:=libdaq-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/snort3/libdaq/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=42730cb427695d4049deaa667623036b3915eaa651bcb91493ca450f06bb36b3 +PKG_HASH:=60ad9405c1c6b75955e0784511b173570a601491ccdb6399da53ca811c446a96 PKG_BUILD_DIR:=$(BUILD_DIR)/libdaq-$(PKG_VERSION) PKG_FIXUP:=autoreconf From eb39acf951be2b8c055e1c526cecb0a4b7c0bd8b Mon Sep 17 00:00:00 2001 From: Stan Grishin Date: Sat, 4 Oct 2025 03:46:51 +0000 Subject: [PATCH 141/239] adblock-fast: update to 1.2.0-r20 Config file: * add debug_init_script and debug_performance options * remove led (default should be empty) option * remove procd_boot_delay (obsolete) option Init Script: * reinstate IPKG_INSTROOT check * change capitalization in status messages * unset default value for led option on load_package_config * bugfix: unset bool options which are later checked for non-empty * bugfix: create compressed cache only if block-file exists * adjust errors output/storing errors for later display in multuple cases * produce information about cache/compressed cache files in service status output when service is stopped * attempt to create compressed cache in service_started only if block- file exists * bugfix: run service_started from the dl command (to create compressed cache file) * rename StripToDomains variables for readability * improve open port detection Uci-Defaults: * improve readability of debug options migration Signed-off-by: Stan Grishin (cherry picked from commit ff2a55441d1ce54c0a726359475f0e0dfaa374e6) --- net/adblock-fast/Makefile | 2 +- .../files/etc/config/adblock-fast | 5 +- .../files/etc/init.d/adblock-fast | 163 ++++++++++-------- .../files/etc/uci-defaults/90-adblock-fast | 12 +- 4 files changed, 104 insertions(+), 78 deletions(-) diff --git a/net/adblock-fast/Makefile b/net/adblock-fast/Makefile index 2b0cf7abc68bfc..9935a1680a3cd3 100644 --- a/net/adblock-fast/Makefile +++ b/net/adblock-fast/Makefile @@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=adblock-fast PKG_VERSION:=1.2.0 -PKG_RELEASE:=10 +PKG_RELEASE:=20 PKG_MAINTAINER:=Stan Grishin PKG_LICENSE:=AGPL-3.0-or-later diff --git a/net/adblock-fast/files/etc/config/adblock-fast b/net/adblock-fast/files/etc/config/adblock-fast index 7327525997c395..431d7bd11660bb 100644 --- a/net/adblock-fast/files/etc/config/adblock-fast +++ b/net/adblock-fast/files/etc/config/adblock-fast @@ -11,7 +11,8 @@ config adblock-fast 'config' option curl_additional_param '' option curl_max_file_size '30000000' option curl_retry '3' - option debug '0' + option debug_init_script '0' + option debug_performance '0' option dns 'dnsmasq.servers' list dnsmasq_instance '*' # option dnsmasq_config_file_url 'https://small.oisd.nl/dnsmasq2' @@ -27,11 +28,9 @@ config adblock-fast 'config' # list force_dns_port '4434' # list force_dns_port '5443' # list force_dns_port '8443' - option led 'none' option parallel_downloads '1' option pause_timeout '20' option procd_trigger_wan6 '0' - option procd_boot_delay '0' option procd_boot_wan_timeout '60' option verbosity '2' option heartbeat_domain 'heartbeat.melmac.ca' diff --git a/net/adblock-fast/files/etc/init.d/adblock-fast b/net/adblock-fast/files/etc/init.d/adblock-fast index 021608519bc18f..4cca7b665cf73b 100755 --- a/net/adblock-fast/files/etc/init.d/adblock-fast +++ b/net/adblock-fast/files/etc/init.d/adblock-fast @@ -8,6 +8,8 @@ START=20 USE_PROCD=1 LC_ALL=C +[ -n "${IPKG_INSTROOT}" ] && return 0 + if type extra_command 1>/dev/null 2>&1; then extra_command 'allow' 'Allows domain in current block-list and config' extra_command 'check' 'Checks if specified domain is found in current block-list' @@ -28,58 +30,59 @@ readonly packageCompat='8' readonly serviceName="$packageName $PKG_VERSION" readonly packageMemoryThreshold='33554432' readonly packageConfigFile="/etc/config/${packageName}" +readonly dnsmasqUnifiedFile="/var/run/${packageName}/${packageName}.dnsmasq" readonly dnsmasqAddnhostsFile="/var/run/${packageName}/dnsmasq.addnhosts" readonly dnsmasqAddnhostsCache="/var/run/${packageName}/dnsmasq.addnhosts.cache" readonly dnsmasqAddnhostsGzip="${packageName}.dnsmasq.addnhosts.gz" readonly dnsmasqAddnhostsFilter='s|^|127.0.0.1 |;s|$||' readonly dnsmasqAddnhostsFilterIPv6='s|^|:: |;s|$||' -readonly dnsmasqAddnhostsOutputFilter='s|^127.0.0.1 ||;s|^:: ||;' -readonly dnsmasqConfFile="/var/run/${packageName}/${packageName}.dnsmasq" +readonly dnsmasqAddnhostsStripToDomainsFilter='s|^127.0.0.1 ||;s|^:: ||;' +readonly dnsmasqConfFile="$dnsmasqUnifiedFile" readonly dnsmasqConfCache="/var/run/${packageName}/dnsmasq.conf.cache" readonly dnsmasqConfGzip="${packageName}.dnsmasq.conf.gz" readonly dnsmasqConfFilter='s|^|local=/|;s|$|/|' -readonly dnsmasqConfOutputFilter='s|local=/||;s|/$||;' -readonly dnsmasqIpsetFile="/var/run/${packageName}/${packageName}.dnsmasq" +readonly dnsmasqConfStripToDomainsFilter='s|local=/||;s|/$||;' +readonly dnsmasqIpsetFile="$dnsmasqUnifiedFile" readonly dnsmasqIpsetCache="/var/run/${packageName}/dnsmasq.ipset.cache" readonly dnsmasqIpsetGzip="${packageName}.dnsmasq.ipset.gz" readonly dnsmasqIpsetFilter='s|^|ipset=/|;s|$|/adb|' -readonly dnsmasqIpsetOutputFilter='s|ipset=/||;s|/adb$||;' -readonly dnsmasqNftsetFile="/var/run/${packageName}/${packageName}.dnsmasq" +readonly dnsmasqIpsetStripToDomainsFilter='s|ipset=/||;s|/adb$||;' +readonly dnsmasqNftsetFile="$dnsmasqUnifiedFile" readonly dnsmasqNftsetCache="/var/run/${packageName}/dnsmasq.nftset.cache" readonly dnsmasqNftsetGzip="${packageName}.dnsmasq.nftset.gz" readonly dnsmasqNftsetFilter='s|^|nftset=/|;s|$|/4#inet#fw4#adb4|' readonly dnsmasqNftsetFilterIPv6='s|^|nftset=/|;s|$|/4#inet#fw4#adb4,6#inet#fw4#adb6|' -readonly dnsmasqNftsetOutputFilter='s|nftset=/||;s|/4#inet#adb#adb4||;' +readonly dnsmasqNftsetStripToDomainsFilter='s|nftset=/||;s|/4#.*$||;' readonly dnsmasqServersFile="/var/run/${packageName}/dnsmasq.servers" readonly dnsmasqServersCache="/var/run/${packageName}/dnsmasq.servers.cache" readonly dnsmasqServersGzip="${packageName}.dnsmasq.servers.gz" readonly dnsmasqServersFilter='s|^|server=/|;s|$|/|' readonly dnsmasqServersAllowFilter='s|(.*)|server=/\1/#|' readonly dnsmasqServersBlockedCountFilter='\|/#|d' -readonly dnsmasqServersOutputFilter='s|server=/||;s|/$||;' +readonly dnsmasqServersStripToDomainsFilter='s|server=/||;s|/.*$||;' readonly smartdnsDomainSetFile="/var/run/${packageName}/smartdns.domainset" readonly smartdnsDomainSetCache="/var/run/${packageName}/smartdns.domainset.cache" readonly smartdnsDomainSetConfig="/var/run/${packageName}/smartdns.domainset.conf" readonly smartdnsDomainSetGzip="${packageName}.smartdns.domainset.gz" readonly smartdnsDomainSetFilter='' -readonly smartdnsDomainSetOutputFilter='' +readonly smartdnsDomainSetStripToDomainsFilter='' readonly smartdnsIpsetFile="/var/run/${packageName}/smartdns.ipset" readonly smartdnsIpsetCache="/var/run/${packageName}/smartdns.ipset.cache" readonly smartdnsIpsetConfig="/var/run/${packageName}/smartdns.ipset.conf" readonly smartdnsIpsetGzip="${packageName}.smartdns.ipset.gz" readonly smartdnsIpsetFilter='' -readonly smartdnsIpsetOutputFilter='' +readonly smartdnsIpsetStripToDomainsFilter='' readonly smartdnsNftsetFile="/var/run/${packageName}/smartdns.nftset" readonly smartdnsNftsetCache="/var/run/${packageName}/smartdns.nftset.cache" readonly smartdnsNftsetConfig="/var/run/${packageName}/smartdns.nftset.conf" readonly smartdnsNftsetGzip="${packageName}.smartdns.nftset.gz" readonly smartdnsNftsetFilter='' -readonly smartdnsNftsetOutputFilter='' +readonly smartdnsNftsetStripToDomainsFilter='' readonly unboundFile="/var/lib/unbound/adb_list.${packageName}" readonly unboundCache="/var/run/${packageName}/unbound.cache" readonly unboundGzip="${packageName}.unbound.gz" readonly unboundFilter='s|^|local-zone: "|;s|$|." always_nxdomain|' -readonly unboundOutputFilter='s|^local-zone: "||;s|." always_nxdomain$||;' +readonly unboundStripToDomainsFilter='s|^local-zone: "||;s|." always_nxdomain$||;' readonly ALLOWED_TMP="/var/${packageName}.allowed.tmp" readonly A_TMP="/var/${packageName}.a.tmp" readonly B_TMP="/var/${packageName}.b.tmp" @@ -135,7 +138,7 @@ outputFilterIPv6= outputFile= outputGzip= outputCache= -outputOutputFilter= +stripToDomainsFilter= triggerStatus= awk='awk' allowed_url= @@ -323,7 +326,7 @@ dns_set_output_values() { outputFile="$dnsmasqAddnhostsFile" outputCache="$dnsmasqAddnhostsCache" outputGzip="${compressed_cache_dir}/${dnsmasqAddnhostsGzip}" - outputOutputFilter="$dnsmasqAddnhostsOutputFilter" + stripToDomainsFilter="$dnsmasqAddnhostsStripToDomainsFilter" if [ -n "$ipv6_enabled" ]; then outputFilterIPv6="$dnsmasqAddnhostsFilterIPv6" fi @@ -333,14 +336,14 @@ dns_set_output_values() { outputFile="$dnsmasqConfFile" outputCache="$dnsmasqConfCache" outputGzip="${compressed_cache_dir}/${dnsmasqConfGzip}" - outputOutputFilter="$dnsmasqConfOutputFilter" + stripToDomainsFilter="$dnsmasqConfStripToDomainsFilter" ;; dnsmasq.ipset) outputFilter="$dnsmasqIpsetFilter" outputFile="$dnsmasqIpsetFile" outputCache="$dnsmasqIpsetCache" outputGzip="${compressed_cache_dir}/${dnsmasqIpsetGzip}" - outputOutputFilter="$dnsmasqIpsetOutputFilter" + stripToDomainsFilter="$dnsmasqIpsetStripToDomainsFilter" ;; dnsmasq.nftset) if [ -n "$ipv6_enabled" ]; then @@ -351,14 +354,14 @@ dns_set_output_values() { outputFile="$dnsmasqNftsetFile" outputCache="$dnsmasqNftsetCache" outputGzip="${compressed_cache_dir}/${dnsmasqNftsetGzip}" - outputOutputFilter="$dnsmasqNftsetOutputFilter" + stripToDomainsFilter="$dnsmasqNftsetStripToDomainsFilter" ;; dnsmasq.servers) outputFilter="$dnsmasqServersFilter" outputFile="$dnsmasqServersFile" outputCache="$dnsmasqServersCache" outputGzip="${compressed_cache_dir}/${dnsmasqServersGzip}" - outputOutputFilter="$dnsmasqServersOutputFilter" + stripToDomainsFilter="$dnsmasqServersStripToDomainsFilter" outputAllowFilter="$dnsmasqServersAllowFilter" outputBlockedCountFilter="$dnsmasqServersBlockedCountFilter" ;; @@ -368,7 +371,7 @@ dns_set_output_values() { outputCache="$smartdnsDomainSetCache" outputGzip="${compressed_cache_dir}/${smartdnsDomainSetGzip}" outputConfig="$smartdnsDomainSetConfig" - outputOutputFilter="$smartdnsDomainSetOutputFilter" + stripToDomainsFilter="$smartdnsDomainSetStripToDomainsFilter" ;; smartdns.ipset) outputFilter="$smartdnsIpsetFilter" @@ -376,7 +379,7 @@ dns_set_output_values() { outputCache="$smartdnsIpsetCache" outputGzip="${compressed_cache_dir}/${smartdnsIpsetGzip}" outputConfig="$smartdnsIpsetConfig" - outputOutputFilter="$smartdnsIpsetOutputFilter" + stripToDomainsFilter="$smartdnsIpsetStripToDomainsFilter" ;; smartdns.nftset) outputFilter="$smartdnsNftsetFilter" @@ -384,14 +387,14 @@ dns_set_output_values() { outputCache="$smartdnsNftsetCache" outputGzip="${compressed_cache_dir}/${smartdnsNftsetGzip}" outputConfig="$smartdnsNftsetConfig" - outputOutputFilter="$smartdnsNftsetOutputFilter" + stripToDomainsFilter="$smartdnsNftsetStripToDomainsFilter" ;; unbound.adb_list) outputFilter="$unboundFilter" outputFile="$unboundFile" outputCache="$unboundCache" outputGzip="${compressed_cache_dir}/${unboundGzip}" - outputOutputFilter="$unboundOutputFilter" + stripToDomainsFilter="$unboundStripToDomainsFilter" ;; esac resolver 'on_load' @@ -419,12 +422,26 @@ is_fw4_restart_needed() { return 1 fi } -is_integer() { case "$1" in ''|*[!0-9]*) return 1;; esac; } +is_integer() { case "$1" in ''|*[!0-9]*) return 1;; esac; [ "$1" -ge 1 ] && [ "$1" -le 65535 ] || return 1; return 0; } is_greater() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"; } is_greater_or_equal() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" = "$2"; } # shellcheck disable=SC3057 is_https_url() { [ "${1:0:8}" = "https://" ]; } is_newline_ending() { [ "$(tail -c1 "$1" | wc -l)" -ne '0' ]; } +is_port_listening() { + local hex + is_integer "$1" || return 1 + hex="$(printf '%04X' "$1")" + # TCP: state 0A == LISTEN + if awk -v h="$hex" 'NR>1{split($2,a,":"); if (toupper(a[2])==h && $4=="0A") {found=1}} END{exit found?0:1}' /proc/net/tcp /proc/net/tcp6 2>/dev/null; then + return 0 + fi + # UDP: presence indicates a bound socket + if awk -v h="$hex" 'NR>1{split($2,a,":"); if (toupper(a[2])==h) {found=1}} END{exit found?0:1}' /proc/net/udp /proc/net/udp6 2>/dev/null; then + return 0 + fi + return 1 +} is_present() { command -v "$1" >/dev/null 2>&1; } is_running() { local i j @@ -486,8 +503,8 @@ str_to_lower() { echo "$1" | tr 'A-Z' 'a-z'; } str_to_upper() { echo "$1" | tr 'a-z' 'A-Z'; } # shellcheck disable=SC3060 str_replace() { echo "${1//$2/$3}"; } -ubus_get_data() { ubus call service list "{ 'name': '$packageName' }" | jsonfilter -e "@['${packageName}'].instances.main.data.${1}"; } -ubus_get_ports() { ubus call service list "{ 'name': '$packageName' }" | jsonfilter -e "@['${packageName}'].instances.main.data.firewall.*.dest_port"; } +ubus_get_data() { ubus call service list "{\"name\":\"$packageName\"}" | jsonfilter -e "@['${packageName}'].instances.main.data.${1}"; } +ubus_get_ports() { ubus call service list "{\"name\":\"$packageName\"}" | jsonfilter -e "@['${packageName}'].instances.main.data.firewall.*.dest_port"; } uci_get_protocol() { uci_get 'network' "$1" 'proto'; } unbound_restart() { /etc/init.d/unbound restart >/dev/null 2>&1; } @@ -676,16 +693,16 @@ get_text() { errorNoHeartbeat) printf "Heartbeat domain is not accessible after resolver restart";; statusNoInstall) printf "The %s is not installed or not found" "$serviceName";; - statusStopped) printf "Stopped";; - statusStarting) printf "Starting";; - statusRestarting) printf "Restarting";; - statusForceReloading) printf "Force Reloading";; - statusDownloading) printf "Downloading";; - statusProcessing) printf "Processing";; - statusFail) printf "Failed to start";; - statusSuccess) printf "Success";; - statusTriggerBootWait) printf "Waiting for trigger (on_boot)";; - statusTriggerStartWait) printf "Waiting for trigger (on_start)";; + statusStopped) printf "stopped";; + statusStarting) printf "starting";; + statusRestarting) printf "restarting";; + statusForceReloading) printf "force-reloading";; + statusDownloading) printf "downloading";; + statusProcessing) printf "processing";; + statusFail) printf "failed to start";; + statusSuccess) printf "success";; + statusTriggerBootWait) printf "waiting for trigger (on_boot)";; + statusTriggerStartWait) printf "waiting for trigger (on_start)";; warningExternalDnsmasqConfig) printf "Use of external dnsmasq config file detected, please set 'dns' option to 'dnsmasq.conf'";; @@ -742,7 +759,8 @@ load_network() { sleep 1 done json add error 'errorNoWanGateway' - output_error "$(get_text 'errorNoWanGateway')"; return 1; + output_error "$(get_text 'errorNoWanGateway')" + return 1 } detect_file_type() { @@ -794,7 +812,7 @@ load_package_config() { config_get force_dns_port 'config' 'force_dns_port' '53 853' config_get heartbeat_domain 'config' 'heartbeat_domain' 'heartbeat.melmac.ca' config_get heartbeat_sleep_timeout 'config' 'heartbeat_sleep_timeout' '10' - config_get led 'config' 'led' 'led' + config_get led 'config' 'led' config_get pause_timeout 'config' 'pause_timeout' '20' config_get procd_boot_wan_timeout 'config' 'procd_boot_wan_timeout' '60' config_get smartdns_instance 'config' 'smartdns_instance' '*' @@ -808,8 +826,12 @@ load_package_config() { [ "$debug_init_script" = '1' ] || unset debug_init_script [ "$debug_performance" = '1' ] || unset debug_performance [ "$enabled" = '1' ] || unset enabled + [ "$force_dns" = '1' ] || unset force_dns [ "$ipv6_enabled" = '1' ] || unset ipv6_enabled + [ "$parallel_downloads" = '1' ] || unset parallel_downloads [ "$procd_trigger_wan6" = '1' ] || unset procd_trigger_wan6 + [ "$sanity_check" = '1' ] || unset sanity_check + [ "$update_config_sizes" = '1' ] || unset update_config_sizes dns_set_output_values "$dns" [ "$heartbeat_domain" = '-' ] && unset heartbeat_domain || heartbeat_domain="$(sanitize_domain "$heartbeat_domain")" @@ -917,33 +939,33 @@ load_environment() { case "$dns" in dnsmasq.ipset) - if check_dnsmasq_feature 'ipset'; then + if ! check_dnsmasq_feature 'ipset'; then if [ "$param" != 'quiet' ]; then json add error 'errorNoDnsmasqIpset' - output_error "$(get_text 'errorNoDnsmasqIpset')" +# output_error "$(get_text 'errorNoDnsmasqIpset')" fi dns='dnsmasq.servers' fi if ! ipset help hash:net; then if [ "$param" != 'quiet' ]; then json add error 'errorNoIpset' - output_error "$(get_text 'errorNoIpset')" +# output_error "$(get_text 'errorNoIpset')" fi dns='dnsmasq.servers' fi ;; dnsmasq.nftset) - if check_dnsmasq_feature 'nftset'; then + if ! check_dnsmasq_feature 'nftset'; then if [ "$param" != 'quiet' ]; then json add error 'errorNoDnsmasqNftset' - output_error "$(get_text 'errorNoDnsmasqNftset')" +# output_error "$(get_text 'errorNoDnsmasqNftset')" fi dns='dnsmasq.servers' fi if [ -z "$nft" ]; then if [ "$param" != 'quiet' ]; then json add error 'errorNoNft' - output_error "$(get_text 'errorNoNft')" +# output_error "$(get_text 'errorNoNft')" fi dns='dnsmasq.servers' fi @@ -952,7 +974,7 @@ load_environment() { if ! ipset help hash:net; then if [ "$param" != 'quiet' ]; then json add error 'errorNoIpset' - output_error "$(get_text 'errorNoIpset')" +# output_error "$(get_text 'errorNoIpset')" fi dns='smartdns.domainset' fi @@ -961,7 +983,7 @@ load_environment() { if [ -z "$nft" ]; then if [ "$param" != 'quiet' ]; then json add error 'errorNoNft' - output_error "$(get_text 'errorNoNft')" +# output_error "$(get_text 'errorNoNft')" fi dns='smartdns.domainset' fi @@ -996,7 +1018,6 @@ load_environment() { if ! mkdir -p "${i%/*}"; then if [ "$param" != 'quiet' ]; then json add error 'errorOutputDirCreate' "$i" - output_error "$(get_text 'errorOutputDirCreate' "$i")" fi fi done @@ -1102,16 +1123,16 @@ resolver() { str_contains_word "$force_dns_port" "$instance_port" || force_dns_port="${force_dns_port:+$force_dns_port }${instance_port}" } _smartdns_instance_append_force_dns_port() { + local cfg="$1" instance_port [ -s "/etc/config/smartdns" ] || return 0 [ -n "$(uci_get 'smartdns' "$cfg")" ] || return 1 - local cfg="$1" instance_port config_get instance_port "$cfg" 'port' '53' str_contains_word "$force_dns_port" "$instance_port" || force_dns_port="${force_dns_port:+$force_dns_port }${instance_port}" } _smartdns_instance_config() { + local cfg="$1" param="$2" [ -s "/etc/config/smartdns" ] || return 0 [ -n "$(uci_get 'smartdns' "$cfg")" ] || return 1 - local cfg="$1" param="$2" case "$param" in cleanup) uci_remove_list 'smartdns' "$cfg" 'conf_files' "$outputConfig" @@ -1180,7 +1201,6 @@ resolver() { if ! adb_file 'test'; then json set status 'statusFail' json add error 'errorOutputFileCreate' "$outputFile" - output_error "$(get_text 'errorOutputFileCreate' "$outputFile")" return 1 fi output 1 "Cycling $resolver_name " @@ -1223,7 +1243,6 @@ resolver() { output_fail json set status 'statusFail' json add error 'errorDNSReload' - output_error "$(get_text 'errorDNSReload')" return 1 fi ;; @@ -1282,7 +1301,6 @@ resolver() { output_fail json set status 'statusFail' json add error 'errorNoHeartbeat' - output_error "$(get_text 'errorNoHeartbeat')" return 1 ;; revert) @@ -1299,7 +1317,6 @@ resolver() { output_fail json set status 'statusFail' json add error 'errorDNSReload' - output_error "$(get_text 'errorDNSReload')" return 1 fi ;; @@ -1324,7 +1341,6 @@ resolver() { else json set status 'statusFail' json add error 'errorNoOutputFile' "$outputFile" - output_error "$(get_text 'errorNoOutputFile' "$outputFile")" return 1 fi ;; @@ -1379,6 +1395,7 @@ adb_file() { return $? ;; create_gzip) + [ -s "$outputFile" ] || return 1 rm -f "$outputGzip" >/dev/null 2>/dev/null R_TMP="$(mktemp -q -t "${packageName}_tmp.XXXXXXXX")" if gzip < "$outputFile" > "$R_TMP"; then @@ -1409,10 +1426,8 @@ adb_file() { process_file_url_wrapper() { if [ "$2" != '0' ]; then json add error 'errorConfigValidationFail' - output_error "$(get_text 'errorConfigValidationFail')" - output "Please check if the '$packageConfigFile' contains correct values for config options." fi - if [ "$parallel_downloads" -gt 0 ]; then + if [ -n "$parallel_downloads" ]; then process_file_url "$1" & else process_file_url "$1" @@ -1430,6 +1445,7 @@ process_file_url() { ;; esac } +# url and action are set by load_validate_file_url_section or passed as 2nd and 3rd parameter local cfg="$1" new_size local label type D_TMP R_TMP filter if [ -z "$cfg" ] || [ -n "${2}${3}" ]; then @@ -1557,7 +1573,6 @@ download_lists() { config_foreach _config_calculate_sizes 'file_url' if [ $((free_mem)) -lt $((total_sizes * 2)) ]; then json add error 'errorTooLittleRam' "$free_mem" - output_error "$(get_text 'errorTooLittleRam' "$free_mem")" return 1 else return 0 @@ -1922,7 +1937,6 @@ start_service() { output_okn else output_failn - json add error 'errorRestoreCompressedCache' output_error "$(get_text 'errorRestoreCompressedCache')" action='download' fi @@ -1938,7 +1952,6 @@ start_service() { resolver 'on_start' else output_failn - json add error 'errorRestoreCache' output_error "$(get_text 'errorRestoreCache')" action='download' fi @@ -1949,7 +1962,6 @@ start_service() { if [ -z "$blocked_url" ] && [ -z "$blocked_domain" ]; then json set status 'statusFail' json add error 'errorNothingToDo' - output_error "$(get_text 'errorNothingToDo')" else if ! adb_file 'test' || adb_file 'test_cache' || adb_file 'test_gzip'; then output 1 "Force-reloading $serviceName...\n" @@ -2030,7 +2042,7 @@ start_service() { if [ -n "$force_dns" ]; then # shellcheck disable=SC3060 for p in ${force_dns_port/,/ }; do - if netstat -tuln | grep LISTEN | grep ":${p}" >/dev/null 2>&1; then + if is_port_listening "$p"; then for iface in $force_dns_interface; do json_add_object '' json_add_string type 'redirect' @@ -2135,7 +2147,22 @@ status_service() { else [ -n "$status" ] && status="$(get_text "$status")" status="${status}${status:+${message:+: $message}}" - [ -n "$status" ] && output "$serviceName $status!\n" + case "$(adb_file 'test_cache'; echo $?:$(adb_file 'test_gzip'; echo $?))" in + "0:0") + message="cache file and compressed cache file found" + ;; + "0:1") + message="cache file found" + ;; + "1:0") + message="compressed cache file found" + ;; + *) + unset message + ;; + esac + status="${status}${status:+${message:+ ($message)}}" + [ -n "$status" ] && output "$serviceName $status.\n" fi [ "$param" != 'quiet' ] || return 0 if [ -n "$error" ]; then @@ -2219,7 +2246,7 @@ service_triggers() { service_started() { local start_time end_time elapsed step_title - if [ -n "$compressed_cache" ] && ! adb_file 'test_gzip'; then + if [ -n "$compressed_cache" ] && ! adb_file 'test_gzip' && adb_file 'test'; then start_time=$(date +%s) step_title="Creating ${dns} compressed cache" output 1 "${step_title} " @@ -2401,7 +2428,7 @@ check() { output 2 "[PROC] Found $c matches for '$string' in '$outputFile'.\n" fi if [ "$c" -le 20 ]; then - grep "$string" "$outputFile" | sed "$outputOutputFilter" + grep "$string" "$outputFile" | sed "$stripToDomainsFilter" fi else output 1 "The '$string' is not found in current block-list ('$outputFile').\n" @@ -2427,7 +2454,7 @@ check_tld() { output 2 "[PROC] Found $c matches for TLDs in '$outputFile'.\n" fi if [ "$c" -le 20 ]; then - grep -vE '\.|server:' "$outputFile" | sed "$outputOutputFilter" + grep -vE '\.|server:' "$outputFile" | sed "$stripToDomainsFilter" fi else output 1 "No TLD was found in current block-list ('$outputFile').\n" @@ -2458,7 +2485,7 @@ check_leading_dot() { output 2 "[PROC] Found $c matches for leading-dot domains in '$outputFile'.\n" fi if [ "$c" -le 20 ]; then - grep "$string" "$outputFile" | sed "$outputOutputFilter" + grep "$string" "$outputFile" | sed "$stripToDomainsFilter" fi else output 1 "No leading-dot domain was found in current block-list ('$outputFile').\n" @@ -2526,7 +2553,7 @@ check_lists() { return 0 } -dl() { rc_procd start_service 'download'; } +dl() { rc_procd start_service 'download' && service_started 'download'; } killcache() { load_package_config @@ -2559,7 +2586,7 @@ pause() { show_blocklist() { load_package_config - sed "$outputOutputFilter" "$outputFile" + sed "$stripToDomainsFilter" "$outputFile" } sizes() { diff --git a/net/adblock-fast/files/etc/uci-defaults/90-adblock-fast b/net/adblock-fast/files/etc/uci-defaults/90-adblock-fast index fcbd7fbdd63feb..1b9e19e9dd3141 100644 --- a/net/adblock-fast/files/etc/uci-defaults/90-adblock-fast +++ b/net/adblock-fast/files/etc/uci-defaults/90-adblock-fast @@ -158,15 +158,15 @@ if [ -s "/etc/config/${packageName}-opkg" ] && ! grep -q 'option name' "/etc/con fi # migrate to 1.2.0 -oldval="$(uci_get "$packageName" config debug)" +oldval="$(uci_get "$packageName" 'config' 'debug')" if [ -n "$oldval" ]; then - uci_set "$packageName" config debug_init_script "$oldval" - uci_remove "$packageName" config debug + uci_set "$packageName" 'config' 'debug_init_script' "$oldval" + uci_remove "$packageName" 'config' 'debug' fi -oldval="$(uci_get "$packageName" config proc_debug)" +oldval="$(uci_get "$packageName" 'config' 'proc_debug')" if [ -n "$oldval" ]; then - uci_set "$packageName" config debug_performance "$oldval" - uci_remove "$packageName" config proc_debug + uci_set "$packageName" 'config' 'debug_performance' "$oldval" + uci_remove "$packageName" 'config' 'proc_debug' fi uci_changes "$packageName" && uci_commit "$packageName" From 7a30a574b3fb3f394898732fc5ab69ffda8a2ee7 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Wed, 24 Sep 2025 10:03:13 +0200 Subject: [PATCH 142/239] snort3: refactor architecture-specific dependencies and CMake options 1. Enabled hyperscan/vectorscan together with adding dependency only for x86_64 and aarch64. 2. Disabled tmalloc (from gperftools package) for powerpc and mips. By doing this refactor, snort3 is going to be available for more OpenWrt devices (as it was in the past) as currently it was compiled only for x86_x64 and aarch64 by mistake. Fixes: 257e2fc38aa694604e7be9e70e58082037133434 ("snort3: fix logic in gpertools-runtime depends") Signed-off-by: Josef Schlehofer (cherry picked from commit 126364e105fbcfde0617f58c39048c7d56c17a06) [For OpenWrt 24.10: There is hyperscan instead of vectorscan] --- net/snort3/Makefile | 40 ++++++++++++++++++++++++---------------- 1 file changed, 24 insertions(+), 16 deletions(-) diff --git a/net/snort3/Makefile b/net/snort3/Makefile index be286b61d4f79b..3ee380efbcf217 100644 --- a/net/snort3/Makefile +++ b/net/snort3/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=snort3 PKG_VERSION:=3.9.5.0 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/snort3/snort3/tar.gz/$(PKG_VERSION)? @@ -21,23 +21,15 @@ PKG_CPE_ID:=cpe:/a:snort:snort include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/cmake.mk -ifeq ($(filter $(ARCH),mips mips64 mipsel powerpc),) - EXTRA_DEPENDS += +gperftools-runtime -endif -ifeq ($(filter $(ARCH),x86_64),$(ARCH)) - EXTRA_DEPENDS += +hyperscan-runtime - CMAKE_OPTIONS += -DHS_INCLUDE_DIRS=$(STAGING_DIR)/usr/include/hs -endif - -SNORT3DEPS:=+libstdcpp +libdaq3 +libdnet +libopenssl +libpcap +libpcre2 \ - +libpthread +libuuid +zlib +libhwloc +libtirpc @HAS_LUAJIT_ARCH +luajit +libatomic \ - +kmod-nft-queue +liblzma +ucode +ucode-mod-fs +ucode-mod-uci $(EXTRA_DEPENDS) - define Package/snort3 SUBMENU:=Firewall SECTION:=net CATEGORY:=Network - DEPENDS:=$(SNORT3DEPS) + DEPENDS:=+libstdcpp +libdaq3 +libdnet +libopenssl +libpcap +libpcre2 \ + +libpthread +libuuid +zlib +libhwloc +libtirpc @HAS_LUAJIT_ARCH +luajit +libatomic \ + +kmod-nft-queue +liblzma +ucode +ucode-mod-fs +ucode-mod-uci \ + +PACKAGE_gperftools-runtime:gperftools-runtime \ + +PACKAGE_hyperscan-runtime:hyperscan-runtime TITLE:=Lightweight Network Intrusion Detection System URL:=http://www.snort.org/ MENU:=1 @@ -64,10 +56,26 @@ CMAKE_OPTIONS += \ -DMAKE_PDF_DOC:BOOL=NO \ -DMAKE_TEXT_DOC:BOOL=NO \ -DHAVE_LIBUNWIND=OFF \ - -DENABLE_TCMALLOC=ON \ - -DTCMALLOC_LIBRARIES=$(STAGING_DIR)/usr/lib/libtcmalloc.so \ -DHAVE_LZMA=ON +ifneq ($(findstring powerpc,$(CONFIG_ARCH))$(findstring mips,$(CONFIG_ARCH)),) + CMAKE_OPTIONS += \ + -DENABLE_TCMALLOC=OFF +else + CMAKE_OPTIONS += \ + -DENABLE_TCMALLOC=ON \ + -DTCMALLOC_LIBRARIES=$(STAGING_DIR)/usr/lib/libtcmalloc.so +endif + +ifneq ($(findstring x86_64,$(CONFIG_ARCH))$(findstring aarch64,$(CONFIG_ARCH)),) + CMAKE_OPTIONS += \ + -DENABLE_HYPERSCAN=ON \ + -DHS_INCLUDE_DIRS=$(STAGING_DIR)/usr/include/hs +else + CMAKE_OPTIONS += \ + -DENABLE_HYPERSCAN=OFF +endif + TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include/daq3 -I$(STAGING_DIR)/usr/include/tirpc TARGET_LDFLAGS += -L$(STAGING_DIR)/usr/lib/daq3 -ltirpc From 436c73d4599dab8353fc8adb9a8a0aa07873d517 Mon Sep 17 00:00:00 2001 From: Stan Grishin Date: Tue, 7 Oct 2025 16:38:50 +0000 Subject: [PATCH 143/239] https-dns-proxy: update to 2025.10.07-r1 Makefile: * update to latest upstream: https://github.com/aarond10/https_dns_proxy/commit/7b27ecd5598d03bbe79651cc80efca886d433cd9 * update version, release * drop CONFIGURE_ARGS as the build is curl-independent * update the link to the documentation README: * add small README with the link to documentation Config: * rename procd_fw_src_interfaces to force_dns_src_interface to better reflect meaning * add heartbeat_domain, heartbeat_sleep_timeout, heartbeat_wait_timeout options * add default user, group and listen_addr options to the main config * drop the user, group and listen_addr options from the instance configs Init-script: * start much earlier so that on boot, the procd_add_raw_trigger works on all systems * create a ubus() helper function so that service delete does not produce "Command not found" * new options handling where the global config options can be used for instance options * some renaming of global/instance variables due to abovementioned redesign * new open port detection, no longer relying on netstat * new uci_changes() logic where it returns 0 or 1 instead of text * new append_parm logic for not adding default value options to CLI * new boolean options handling logic * move config loading to load_package_config() function * new logic for calling procd_set_config_changed firewall based solely on "$force_dns" * source network.sh based on "${IPKG_INSTROOT}" path * rename procd_fw_src_interfaces to force_dns_src_interface to better reflect meaning * rename use_http1 to force_http1 * rename use_ipv6_resolvers_only to force_ipv6_resolvers Uci-defaults: * migrate to new option names Signed-off-by: Stan Grishin (cherry picked from commit e1cf4ac52e609da463eeec123fdb0afa0888ff4e) Signed-off-by: Stan Grishin --- net/https-dns-proxy/Makefile | 15 +- net/https-dns-proxy/files/README.md | 23 +- .../files/etc/config/https-dns-proxy | 14 +- .../files/etc/init.d/https-dns-proxy | 247 ++++++++++++------ .../50-https-dns-proxy-migrate-options.sh | 9 +- .../010-cmakelists-remove-cflags.patch | 15 -- 6 files changed, 202 insertions(+), 121 deletions(-) delete mode 100644 net/https-dns-proxy/patches/010-cmakelists-remove-cflags.patch diff --git a/net/https-dns-proxy/Makefile b/net/https-dns-proxy/Makefile index 58eb91bfdd2407..d9cb1d310219c7 100644 --- a/net/https-dns-proxy/Makefile +++ b/net/https-dns-proxy/Makefile @@ -1,13 +1,14 @@ +# SPDX-License-Identifier: MIT include $(TOPDIR)/rules.mk PKG_NAME:=https-dns-proxy -PKG_VERSION:=2025.05.11 +PKG_VERSION:=2025.10.07 PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/aarond10/https_dns_proxy/ -PKG_SOURCE_VERSION:=a34e20d6e24df603427d91bac8f58c2d3a8aa0a6 -PKG_MIRROR_HASH:=43a2dc631f925dbf43efaf53da925e1e8eb61f30cc02020ff3a5024b27e2dd91 +PKG_MIRROR_HASH:=2d0e5f031c8de7f42fa7f2e79d5638f9e4899c056d710fc3638a03112b383be5 +PKG_SOURCE_VERSION:=7b27ecd5598d03bbe79651cc80efca886d433cd9 PKG_MAINTAINER:=Stan Grishin PKG_LICENSE:=MIT @@ -20,12 +21,6 @@ TARGET_CFLAGS += $(FPIC) TARGET_LDFLAGS += -Wl,--gc-sections CMAKE_OPTIONS += -DCLANG_TIDY_EXE= -DSW_VERSION=$(PKG_VERSION)-r$(PKG_RELEASE) -CONFIGURE_ARGS += \ - $(if $(CONFIG_LIBCURL_OPENSSL),--with-openssl="$(STAGING_DIR)/usr",--without-openssl) \ - $(if $(CONFIG_LIBCURL_NGHTTP2),--with-nghttp2="$(STAGING_DIR)/usr",--without-nghttp2) \ - $(if $(CONFIG_LIBCURL_NGHTTP3),--with-nghttp3="$(STAGING_DIR)/usr",--without-nghttp3) \ - $(if $(CONFIG_LIBCURL_NGTCP2),--with-ngtcp2="$(STAGING_DIR)/usr",--without-ngtcp2) \ - define Package/https-dns-proxy SECTION:=net CATEGORY:=Network @@ -40,7 +35,7 @@ endef define Package/https-dns-proxy/description Light-weight DNS-over-HTTPS, non-caching translation proxy for the RFC 8484 DoH standard. It receives regular, unencrypted (UDP) DNS requests and resolves them via DoH resolver. -Please see https://docs.openwrt.melmac.net/https-dns-proxy/ for more information. +Please see https://docs.openwrt.melmac.ca/https-dns-proxy/ for more information. endef define Package/https-dns-proxy/conffiles diff --git a/net/https-dns-proxy/files/README.md b/net/https-dns-proxy/files/README.md index 7ebf479e6feae5..3d4e7b9c28a184 100644 --- a/net/https-dns-proxy/files/README.md +++ b/net/https-dns-proxy/files/README.md @@ -1,3 +1,22 @@ -# README +# https-dns-proxy -README has been moved to [https://docs.openwrt.melmac.net/https-dns-proxy/](https://docs.openwrt.melmac.net/https-dns-proxy/). +[![OpenWrt](https://img.shields.io/badge/OpenWrt-Compatible-blueviolet)](https://openwrt.org) +[![Web UI](https://img.shields.io/badge/Web_UI-Available-blue)](https://docs.openwrt.melmac.ca/https-dns-proxy/) +[![Resolvers](https://img.shields.io/badge/Resolvers-40%2B%20Built--in-brightgreen)](https://docs.openwrt.melmac.ca/https-dns-proxy/) +[![Minimal Footprint](https://img.shields.io/badge/Size-~40KB-green)](https://github.com/stangri/https-dns-proxy) +[![License](https://img.shields.io/badge/License-MIT-lightgrey)](https://github.com/stangri/https-dns-proxy/blob/master/LICENSE) + +A lightweight, RFC8484-compliant DNS-over-HTTPS (DoH) proxy service for OpenWrt. +Includes optional integration with `dnsmasq`, automatic fallback, and canary domain support. + +## Features + +- Small footprint (~40KB installed) +- Seamless dnsmasq integration and fallback +- Optional LuCI Web UI with 40+ built-in resolvers + +**Full documentation:** + +[https://docs.openwrt.melmac.ca/https-dns-proxy/](https://docs.openwrt.melmac.ca/https-dns-proxy/) + +Based on [@aarond10](https://github.com/aarond10)'s excellent [https_dns_proxy](https://github.com/aarond10/https_dns_proxy) diff --git a/net/https-dns-proxy/files/etc/config/https-dns-proxy b/net/https-dns-proxy/files/etc/config/https-dns-proxy index 08660e8714f3cf..1ccec50f2c6661 100644 --- a/net/https-dns-proxy/files/etc/config/https-dns-proxy +++ b/net/https-dns-proxy/files/etc/config/https-dns-proxy @@ -13,21 +13,21 @@ config main 'config' # list force_dns_port '4434' # list force_dns_port '5443' # list force_dns_port '8443' - list procd_fw_src_interfaces 'lan' + list force_dns_src_interface 'lan' option procd_trigger_wan6 '0' + option heartbeat_domain 'heartbeat.melmac.ca' + option heartbeat_sleep_timeout '10' + option heartbeat_wait_timeout '10' + option user 'nobody' + option group 'nogroup' + option listen_addr '127.0.0.1' config https-dns-proxy option bootstrap_dns '1.1.1.1,1.0.0.1' option resolver_url 'https://cloudflare-dns.com/dns-query' - option listen_addr '127.0.0.1' option listen_port '5053' - option user 'nobody' - option group 'nogroup' config https-dns-proxy option bootstrap_dns '8.8.8.8,8.8.4.4' option resolver_url 'https://dns.google/dns-query' - option listen_addr '127.0.0.1' option listen_port '5054' - option user 'nobody' - option group 'nogroup' diff --git a/net/https-dns-proxy/files/etc/init.d/https-dns-proxy b/net/https-dns-proxy/files/etc/init.d/https-dns-proxy index a061ad09c47b78..1ff7c65895f167 100755 --- a/net/https-dns-proxy/files/etc/init.d/https-dns-proxy +++ b/net/https-dns-proxy/files/etc/init.d/https-dns-proxy @@ -3,13 +3,13 @@ # shellcheck disable=SC1091,SC3043,SC3060 # shellcheck disable=SC2034 -START=90 +START=20 # shellcheck disable=SC2034 STOP=15 # shellcheck disable=SC2034 USE_PROCD=1 -[ -n "${IPKG_INSTROOT}" ] && return 0 +[ -n "${IPKG_INSTROOT}" ] && exit 0 if type extra_command 1>/dev/null 2>&1; then extra_command 'version' 'Show version information' @@ -30,14 +30,74 @@ readonly DEFAULT_BOOTSTRAP="${BOOTSTRAP_CF},${BOOTSTRAP_GOOGLE}" readonly canaryDomainsMozilla='use-application-dns.net' readonly canaryDomainsiCloud='mask.icloud.com mask-h2.icloud.com' +# Silence "Command failed: Not found" for redundant procd service delete calls +__UBUS_BIN="$(command -v ubus || echo /bin/ubus)" +ubus() { + if [ "$1" = "call" ] && [ "$2" = "service" ] && [ "$3" = "delete" ]; then + "$__UBUS_BIN" "$@" >/dev/null 2>&1 || true + else + "$__UBUS_BIN" "$@" + fi +} + hdp_boot_flag= -dnsmasq_restart() { [ -x /etc/init.d/dnsmasq ] || return 1; /etc/init.d/dnsmasq restart >/dev/null 2>&1; } +# package global config variables +canary_domains_icloud= +canary_domains_mozilla= +dnsmasq_config_update= +force_dns= +force_dns_port= +force_dns_src_interface= +procd_trigger_wan6= +global_listen_addr= +global_tcp_client_limit= +global_polling_interval= +global_proxy_server= +global_force_http1= +global_force_http3= +global_force_ipv6= +global_max_idle_time= +global_conn_loss_time= +global_ca_certs_file= +global_user= +global_group= +global_verbosity= +global_logfile= +global_statistic_interval= +global_log_limit= + +dnsmasq_restart() { /etc/init.d/dnsmasq restart >/dev/null 2>&1; } +is_alnum() { case "$1" in (*[![:alnum:]_\ @]*|"") return 1;; esac; } is_fw4_restart_needed() { [ "$(uci_get "$packageName" 'config' 'force_dns' '1')" = '1' ]; } is_mac_address() { expr "$1" : '[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]$' >/dev/null; } +is_integer() { case "$1" in ''|*[!0-9]*) return 1;; esac; [ "$1" -ge 1 ] && [ "$1" -le 65535 ] || return 1; return 0; } is_ipv4() { expr "$1" : '[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$' >/dev/null; } is_ipv6() { ! is_mac_address "$1" && str_contains "$1" ":"; } -is_resolver_working() { resolveip -t 3 one.one.one.one >/dev/null 2>&1; } +is_port_listening() { + local hex + is_integer "$1" || return 1 + hex="$(printf '%04X' "$1")" + # TCP: state 0A == LISTEN + if awk -v h="$hex" 'NR>1{split($2,a,":"); if (toupper(a[2])==h && $4=="0A") {found=1}} END{exit found?0:1}' /proc/net/tcp /proc/net/tcp6 2>/dev/null; then + return 0 + fi + # UDP: presence indicates a bound socket + if awk -v h="$hex" 'NR>1{split($2,a,":"); if (toupper(a[2])==h) {found=1}} END{exit found?0:1}' /proc/net/udp /proc/net/udp6 2>/dev/null; then + return 0 + fi + return 1 +} +is_resolver_working() { + local heartbeat_domain heartbeat_sleep_timeout heartbeat_wait_timeout + config_load "$packageName" + config_get heartbeat_domain 'config' 'heartbeat_domain' 'heartbeat.melmac.ca' + config_get heartbeat_sleep_timeout 'config' 'heartbeat_sleep_timeout' '10' + config_get heartbeat_wait_timeout 'config' 'heartbeat_wait_timeout' '30' + [ "$heartbeat_domain" = '-' ] && return 0 + is_integer "$heartbeat_sleep_timeout" && sleep "$heartbeat_sleep_timeout" + resolveip -t "$heartbeat_wait_timeout" "$heartbeat_domain" >/dev/null 2>&1 +} output() { [ -z "$verbosity" ] && verbosity="$(uci_get "$packageName" 'config' 'verbosity' '1')" [ "$#" -ne '1' ] && { @@ -54,7 +114,7 @@ output_ok() { output "$_OK_"; } output_okn() { output "${_OK_}\\n"; } output_fail() { output "$_FAIL_"; } output_failn() { output "${_FAIL_}\\n"; } -str_contains() { [ -n "$1" ] &&[ -n "$2" ] && [ "${1//$2}" != "$1" ]; } +str_contains() { [ "${1//$2}" != "$1" ]; } str_contains_word() { echo "$1" | grep -qw "$2"; } uci_add_list_if_new() { local PACKAGE="$1" @@ -72,7 +132,8 @@ uci_changes() { local PACKAGE="$1" local CONFIG="$2" local OPTION="$3" - /sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} changes "$PACKAGE${CONFIG:+.$CONFIG}${OPTION:+.$OPTION}" + [ -s "${UCI_CONFIG_DIR:-/etc/config/}${PACKAGE}" ] && \ + [ -n "$(/sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} changes "$PACKAGE${CONFIG:+.$CONFIG}${OPTION:+.$OPTION}")" ] } version() { echo "$PKG_VERSION"; } @@ -93,12 +154,13 @@ append_parm() { local option="$2" local switch="$3" local default="$4" + local skip_value="$5" local _loctmp config_get _loctmp "$section" "$option" "$default" - [ -n "$_loctmp" ] && xappend "$switch $_loctmp" + [ -n "$_loctmp" ] && [ "$_loctmp" != "$skip_value" ] && xappend "$switch $_loctmp" } -append_counter() { +append_cnt() { local section="$1" local option="$2" local switch="$3" @@ -111,7 +173,7 @@ append_counter() { done } -append_bootstrap() { +append_boot() { local section="$1" local option="$2" local switch="$3" @@ -122,48 +184,84 @@ append_bootstrap() { [ -z "$_loctmp" ] && return 0 IFS=" ," for i in $_loctmp; do - if { [ "$ipv6_resolvers_only" -eq 0 ] && is_ipv4 "$i"; } || \ - { [ "$ipv6_resolvers_only" -ne 0 ] && is_ipv6 "$i"; }; then + if { [ -z "$force_ipv6" ] && is_ipv4 "$i"; } || \ + { [ -n "$force_ipv6" ] && is_ipv6 "$i"; }; then [ -z "$_newtmp" ] && _newtmp="$i" || _newtmp="${_newtmp},${i}" fi done IFS="$_old_ifs" [ -n "$_newtmp" ] && xappend "$switch $_newtmp" - [ "$ipv6_resolvers_only" -eq 0 ] && xappend '-4' + [ -z "$force_ipv6" ] && xappend '-4' } boot() { - ubus -t 30 wait_for network.interface 2>/dev/null rc_procd start_service 'on_boot' && service_started 'on_boot' - if ! is_resolver_working; then - hdp_boot_flag=1 - rc_procd stop_service 'on_failed_health_check' && service_stopped 'on_failed_health_check' - fi +} + +load_package_config() { + local param="$1" + config_load "$packageName" + config_load "$packageName" + config_get_bool canary_domains_icloud 'config' 'canary_domains_icloud' '1' + config_get_bool canary_domains_mozilla 'config' 'canary_domains_mozilla' '1' + config_get_bool force_dns 'config' 'force_dns' '1' + config_get_bool procd_trigger_wan6 'config' 'procd_trigger_wan6' '0' + config_get_bool global_force_http1 'config' 'force_http1' '0' + config_get_bool global_force_http3 'config' 'force_http3' '0' + config_get_bool global_force_ipv6 'config' 'global_force_ipv6_resolvers' '0' + config_get dnsmasq_config_update 'config' 'dnsmasq_config_update' '*' + config_get force_dns_port 'config' 'force_dns_port' '53 853' + config_get force_dns_src_interface 'config' 'force_dns_src_interface' 'lan' + config_get global_listen_addr 'config' 'listen_addr' '127.0.0.1' + config_get global_tcp_client_limit 'config' 'tcp_client_limit' '20' + config_get global_polling_interval 'config' 'polling_interval' '120' + config_get global_proxy_server 'config' 'proxy_server' + config_get global_max_idle_time 'config' 'max_idle_time' '118' + config_get global_conn_loss_time 'config' 'conn_loss_time' '15' + config_get global_ca_certs_file 'config' 'ca_certs_file' + config_get global_user 'config' 'user' 'nobody' + config_get global_group 'config' 'group' 'nogroup' + config_get global_verbosity 'config' 'verbosity' '0' + config_get global_logfile 'config' 'logfile' + config_get global_statistic_interval 'config' 'statistic_interval' '0' + config_get global_log_limit 'config' 'log_limit' '0' + [ "$canary_domains_icloud" = '1' ] && canaryDomains="${canaryDomains:+$canaryDomains }${canaryDomainsiCloud}" + [ "$canary_domains_mozilla" = '1' ] && canaryDomains="${canaryDomains:+$canaryDomains }${canaryDomainsMozilla}" + [ "$force_dns" = '1' ] || unset force_dns + [ "$procd_trigger_wan6" = '1' ] || unset procd_trigger_wan6 } start_instance() { local cfg="$1" param="$2" local PROG_param - local listen_addr listen_port ipv6_resolvers_only p url iface + local listen_addr listen_port force_ipv6 p url iface + + config_get url "$cfg" 'resolver_url' + config_get listen_addr "$cfg" 'listen_addr' "$global_listen_addr" + config_get listen_port "$cfg" 'listen_port' "$port" + config_get_bool force_ipv6 "$cfg" 'force_ipv6_resolvers' "$global_force_ipv6" + [ "$force_ipv6" = '1' ] || unset force_ipv6 - config_get url "$cfg" 'resolver_url' - config_get_bool ipv6_resolvers_only "$cfg" 'use_ipv6_resolvers_only' '0' - append_parm "$cfg" 'resolver_url' '-r' - append_parm "$cfg" 'listen_addr' '-a' '127.0.0.1' - append_parm "$cfg" 'listen_port' '-p' "$port" - append_parm "$cfg" 'dscp_codepoint' '-c' - append_bootstrap "$cfg" 'bootstrap_dns' '-b' "$DEFAULT_BOOTSTRAP" - append_parm "$cfg" 'user' '-u' 'nobody' - append_parm "$cfg" 'group' '-g' 'nogroup' - append_parm "$cfg" 'ca_certs_file' '-C' - append_parm "$cfg" 'polling_interval' '-i' - append_parm "$cfg" 'proxy_server' '-t' - append_parm "$cfg" 'logfile' '-l' - append_bool "$cfg" 'use_http1' '-x' - append_counter "$cfg" 'verbosity' '-v' '0' + append_parm "$cfg" 'resolver_url' '-r' + append_parm "$cfg" 'listen_addr' '-a' "$global_listen_addr" '127.0.0.1' + append_parm "$cfg" 'listen_port' '-p' "$port" + append_boot "$cfg" 'bootstrap_dns' '-b' "$DEFAULT_BOOTSTRAP" + append_parm "$cfg" 'dscp_codepoint' '-c' + append_parm "$cfg" 'tcp_client_limit' '-T' "$global_tcp_client_limit" '20' + append_parm "$cfg" 'polling_interval' '-i' "$global_polling_interval" '120' + append_parm "$cfg" 'proxy_server' '-t' "$global_proxy_server" + append_bool "$cfg" 'force_http1' '-x' "$global_force_http1" + append_bool "$cfg" 'force_http3' '-q' "$global_force_http3" + append_parm "$cfg" 'max_idle_time' '-m' "$global_max_idle_time" '118' + append_parm "$cfg" 'conn_loss_time' '-L' "$global_conn_loss_time" '15' + append_parm "$cfg" 'ca_certs_file' '-C' "$global_ca_certs_file" + append_parm "$cfg" 'user' '-u' "$global_user" + append_parm "$cfg" 'group' '-g' "$global_group" + append_parm "$cfg" 'logfile' '-l' "$global_logfile" + append_parm "$cfg" 'statistic_interval' '-s' "$global_statistic_interval" '0' + append_parm "$cfg" 'log_limit' '-F' "$global_log_limit" '0' + append_cnt "$cfg" 'verbosity' '-v' "$global_verbosity" - config_get listen_addr "$cfg" 'listen_addr' '127.0.0.1' - config_get listen_port "$cfg" 'listen_port' "$port" if [ "$dnsmasq_config_update" = '*' ]; then config_load 'dhcp' config_foreach dnsmasq_doh_server 'dnsmasq' 'add' "${listen_addr}" "${listen_port}" @@ -185,13 +283,13 @@ start_instance() { procd_set_param respawn procd_open_data json_add_object mdns - procd_add_mdns_service "$packageName" 'udp' "$port" "DNS over HTTPS proxy" + procd_add_mdns_service "$packageName" 'udp' "$listen_port" "DNS over HTTPS proxy" json_close_object - if [ "$force_dns" -ne '0' ]; then + if [ -n "$force_dns" ]; then json_add_array firewall - for iface in ${procd_fw_src_interfaces/,/ }; do - for p in ${force_dns_port/,/ }; do - if netstat -tuln | grep 'LISTEN' | grep ":${p}" >/dev/null 2>&1 || [ "$p" = '53' ]; then + for iface in ${force_dns_src_interface//,/ }; do + for p in ${force_dns_port//,/ }; do + if is_port_listening "$p"; then json_add_object '' json_add_string type 'redirect' json_add_string target 'DNAT' @@ -215,7 +313,7 @@ start_instance() { done done json_close_array - force_dns='0' + unset force_dns fi procd_close_data procd_close_instance @@ -231,30 +329,19 @@ start_instance() { start_service() { local param="$1" - local canaryDomains canary_domains_icloud canary_domains_mozilla - local dnsmasq_config_update force_dns force_dns_port - local procd_fw_src_interfaces + local canaryDomains + local force_dns="$force_dns" local port=5053 + [ "$param" = 'on_boot' ] && hdp_boot_flag='true' && return 0 + output "Starting $serviceName instances ${param:+$param }" - config_load "$packageName" - config_get_bool canary_domains_icloud 'config' 'canary_domains_icloud' '1' - config_get_bool canary_domains_mozilla 'config' 'canary_domains_mozilla' '1' - config_get_bool force_dns 'config' 'force_dns' '1' - config_get dnsmasq_config_update 'config' 'dnsmasq_config_update' '*' - config_get force_dns_port 'config' 'force_dns_port' '53 853' - config_get procd_fw_src_interfaces 'config' 'procd_fw_src_interfaces' 'lan' - if [ "$canary_domains_icloud" -ne 0 ]; then - canaryDomains="${canaryDomains:+$canaryDomains }${canaryDomainsiCloud}" - fi - if [ "$canary_domains_mozilla" -ne 0 ]; then - canaryDomains="${canaryDomains:+$canaryDomains }${canaryDomainsMozilla}" - fi + load_package_config "$param" dhcp_backup 'create' config_load "$packageName" config_foreach start_instance "$packageName" "$param" output "\\n" - if [ -n "$(uci_changes dhcp)" ]; then + if uci_changes 'dhcp'; then output "Updating dnsmasq config " if uci_commit 'dhcp'; then output_okn @@ -273,63 +360,53 @@ start_service() { fi ;; esac +# if ! is_resolver_working; then +# rc_procd stop_service 'on_failed_health_check' && service_stopped 'on_failed_health_check' +# fi } stop_service() { local param="$1" - local canaryDomains canary_domains_icloud canary_domains_mozilla - local dnsmasq_config_update - local s=0 + local canaryDomains + local _error= output "Stopping $serviceName ${param:+$param }" - config_load "$packageName" - config_get dnsmasq_config_update 'config' 'dnsmasq_config_update' '*' - config_get_bool canary_domains_icloud 'config' 'canary_domains_icloud' '1' - config_get_bool canary_domains_mozilla 'config' 'canary_domains_mozilla' '1' - if [ "$canary_domains_icloud" -ne 0 ]; then - canaryDomains="${canaryDomains:+$canaryDomains }${canaryDomainsiCloud}" - fi - if [ "$canary_domains_mozilla" -ne 0 ]; then - canaryDomains="${canaryDomains:+$canaryDomains }${canaryDomainsMozilla}" - fi + load_package_config "$param" dhcp_backup 'restore' - if [ -n "$(uci_changes dhcp)" ]; then + if uci_changes 'dhcp'; then uci_commit 'dhcp' - dnsmasq_restart || s=1 + dnsmasq_restart || _error=1 fi # shellcheck disable=SC2015 - [ "$s" = '0' ] && output_okn || output_failn + [ -z "$_error" ] && output_okn || output_failn } # shellcheck disable=SC2015 service_triggers() { local wan wan6 i - local procd_trigger_wan6 if [ -n "$hdp_boot_flag" ]; then output "Setting trigger (on_boot) " - procd_add_raw_trigger "interface.*.up" 5000 "/etc/init.d/${packageName}" restart 'on_interface_up' && output_okn || output_failn + procd_add_raw_trigger "interface.*.up" 5000 "/etc/init.d/${packageName}" reload 'on_interface_up' && output_okn || output_failn else - config_load "$packageName" - config_get_bool procd_trigger_wan6 'config' 'procd_trigger_wan6' '0' - . /lib/functions/network.sh + . "${IPKG_INSTROOT}/lib/functions/network.sh" network_flush_cache network_find_wan wan wan="${wan:-wan}" - if [ "$procd_trigger_wan6" -ne 0 ]; then + if [ -n "$procd_trigger_wan6" ]; then network_find_wan6 wan6 wan6="${wan6:-wan6}" fi output "Setting trigger${wan6:+s} for $wan ${wan6:+$wan6 }" for i in $wan $wan6; do - procd_add_interface_trigger "interface.*" "$i" "/etc/init.d/${packageName}" restart 'on_interface_trigger' && output_ok || output_fail + procd_add_interface_trigger "interface.*" "$i" "/etc/init.d/${packageName}" reload 'on_interface_trigger' && output_ok || output_fail done output '\n' procd_add_config_trigger "config.change" "$packageName" "/etc/init.d/${packageName}" reload 'on_config_change' fi } -service_started() { is_fw4_restart_needed && procd_set_config_changed firewall; } -service_stopped() { is_fw4_restart_needed && procd_set_config_changed firewall; } -restart() { procd_send_signal "$packageName"; rc_procd start_service "$*"; } +service_started() { [ -n "$force_dns" ] && procd_set_config_changed firewall; } +service_stopped() { [ -n "$force_dns" ] && procd_set_config_changed firewall; } +restart() { reload "$@"; } dnsmasq_instance_append_force_dns_port() { local cfg="$1" instance_port @@ -342,7 +419,7 @@ dnsmasq_doh_server() { local cfg="$1" param="$2" address="${3:-127.0.0.1}" port="$4" i case "$param" in add) - if [ "$force_dns" -ne 0 ]; then + if [ -n "$force_dns" ]; then for i in $canaryDomains; do uci_add_list_if_new 'dhcp' "$cfg" 'server' "/${i}/" done diff --git a/net/https-dns-proxy/files/etc/uci-defaults/50-https-dns-proxy-migrate-options.sh b/net/https-dns-proxy/files/etc/uci-defaults/50-https-dns-proxy-migrate-options.sh index 8321ea99b7afd8..6716bd7105afa1 100644 --- a/net/https-dns-proxy/files/etc/uci-defaults/50-https-dns-proxy-migrate-options.sh +++ b/net/https-dns-proxy/files/etc/uci-defaults/50-https-dns-proxy-migrate-options.sh @@ -1,3 +1,8 @@ #!/bin/sh - sed -i "s|update_dnsmasq_config|dnsmasq_config_update|" "/etc/config/https-dns-proxy" - sed -i "s|wan6_trigger|procd_trigger_wan6|" "/etc/config/https-dns-proxy" + + +sed -i "s|update_dnsmasq_config|dnsmasq_config_update|" "/etc/config/https-dns-proxy" +sed -i "s|wan6_trigger|procd_trigger_wan6|" "/etc/config/https-dns-proxy" +sed -i "s|procd_fw_src_interfaces|force_dns_src_interface|" "/etc/config/https-dns-proxy" +sed -i "s|use_http1|force_http1|" "/etc/config/https-dns-proxy" +sed -i "s|use_ipv6_resolvers_only|force_ipv6_resolvers|" "/etc/config/https-dns-proxy" diff --git a/net/https-dns-proxy/patches/010-cmakelists-remove-cflags.patch b/net/https-dns-proxy/patches/010-cmakelists-remove-cflags.patch deleted file mode 100644 index 6af8d7ce965321..00000000000000 --- a/net/https-dns-proxy/patches/010-cmakelists-remove-cflags.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -25,9 +25,9 @@ if (NOT CMAKE_INSTALL_BINDIR) - set(CMAKE_INSTALL_BINDIR bin) - endif() - --set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra --pedantic -Wno-strict-aliasing -Wno-variadic-macros") --set(CMAKE_C_FLAGS_DEBUG "-gdwarf-4 -DDEBUG") --set(CMAKE_C_FLAGS_RELEASE "-O2") -+#set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra --pedantic -Wno-strict-aliasing -Wno-variadic-macros") -+#set(CMAKE_C_FLAGS_DEBUG "-gdwarf-4 -DDEBUG") -+#set(CMAKE_C_FLAGS_RELEASE "-O2") - - if ((CMAKE_C_COMPILER_ID MATCHES GNU AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 9) OR - (CMAKE_C_COMPILER_ID MATCHES Clang AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 10)) From 5f8bd04c143315aa971fd764e37e24caa5ebada5 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Wed, 8 Oct 2025 21:47:02 +0200 Subject: [PATCH 144/239] snort3: enable/disable options based on package availability This simplifies checks enabling/disabling features, if packages are present instead of having checks for specific architectures. TCMALLOC_LIBRARIES is removed as it's auto-detected, unlike vectorscan which requires explicit HS_INCLUDE_DIRS. Fixes: 126364e105fbcfde0617f58c39048c7d56c17a06 ("snort3: refactor architecture-specific dependencies and CMake options") Signed-off-by: Josef Schlehofer (cherry picked from commit 02f78bc30acceab54c97165c09dbdab4297539bd) --- net/snort3/Makefile | 25 +++++-------------------- 1 file changed, 5 insertions(+), 20 deletions(-) diff --git a/net/snort3/Makefile b/net/snort3/Makefile index 3ee380efbcf217..f221bf6cb8504b 100644 --- a/net/snort3/Makefile +++ b/net/snort3/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=snort3 PKG_VERSION:=3.9.5.0 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/snort3/snort3/tar.gz/$(PKG_VERSION)? @@ -56,25 +56,10 @@ CMAKE_OPTIONS += \ -DMAKE_PDF_DOC:BOOL=NO \ -DMAKE_TEXT_DOC:BOOL=NO \ -DHAVE_LIBUNWIND=OFF \ - -DHAVE_LZMA=ON - -ifneq ($(findstring powerpc,$(CONFIG_ARCH))$(findstring mips,$(CONFIG_ARCH)),) - CMAKE_OPTIONS += \ - -DENABLE_TCMALLOC=OFF -else - CMAKE_OPTIONS += \ - -DENABLE_TCMALLOC=ON \ - -DTCMALLOC_LIBRARIES=$(STAGING_DIR)/usr/lib/libtcmalloc.so -endif - -ifneq ($(findstring x86_64,$(CONFIG_ARCH))$(findstring aarch64,$(CONFIG_ARCH)),) - CMAKE_OPTIONS += \ - -DENABLE_HYPERSCAN=ON \ - -DHS_INCLUDE_DIRS=$(STAGING_DIR)/usr/include/hs -else - CMAKE_OPTIONS += \ - -DENABLE_HYPERSCAN=OFF -endif + -DHAVE_LZMA=ON \ + -DENABLE_TCMALLOC=$(if $(CONFIG_PACKAGE_gperftools-runtime),ON,OFF) \ + -DENABLE_HYPERSCAN=$(if $(CONFIG_PACKAGE_vectorscan-runtime),ON,OFF) \ + $(if $(CONFIG_PACKAGE_vectorscan-runtime),-DHS_INCLUDE_DIRS=$(STAGING_DIR)/usr/include/hs) TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include/daq3 -I$(STAGING_DIR)/usr/include/tirpc TARGET_LDFLAGS += -L$(STAGING_DIR)/usr/lib/daq3 -ltirpc From 83080971826dc59423bd97d737619edde7e5eefd Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Thu, 9 Oct 2025 08:54:51 +0200 Subject: [PATCH 145/239] gperftools: include headers in the staging_dir This fixes version detection issues when other packages (like snort3) try to find the tcmalloc library using CMake's find_package(). Without the headers in the staging directory, CMake cannot read the version information from tcmalloc.h, resulting in empty version strings. Fixes: Found TCMalloc: /builder/staging_dir/target-x86_64_musl/usr/lib/libtcmalloc.so (found version "") Signed-off-by: Josef Schlehofer (cherry picked from commit e52a809371cbb055b1cc831f4e5aac152d1fb2b9) --- libs/gperftools/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libs/gperftools/Makefile b/libs/gperftools/Makefile index 5279e5318fbcae..db2a8a20841b84 100644 --- a/libs/gperftools/Makefile +++ b/libs/gperftools/Makefile @@ -55,6 +55,8 @@ CONFIGURE_ARGS += \ define Build/InstallDev $(INSTALL_DIR) $(1)/usr/lib $(CP) $(PKG_INSTALL_DIR)/usr/lib/libtcmalloc.so* $(1)/usr/lib/ + $(INSTALL_DIR) $(1)/usr/include/gperftools + $(CP) $(PKG_INSTALL_DIR)/usr/include/gperftools/*.h $(1)/usr/include/gperftools/ endef define Package/gperftools-headers/install From 4542296dbbe620369c4257a0b4819e1161a2840b Mon Sep 17 00:00:00 2001 From: John Audia Date: Sun, 5 Oct 2025 07:34:07 -0400 Subject: [PATCH 146/239] snort3: depend on libtirpc only for musl builds The libtirpc package is only needed when building with musl, as glibc includes the required RPC functionality. This change makes libtirpc a conditional dependency and adjusts the build flags accordingly. Building with x86_64-glibc: ... Feature options: DAQ Modules: Dynamic libatomic: User-specified Hyperscan: ON ICONV: ON Libunwind: OFF LZMA: ON RPC DB: Built-in SafeC: OFF TCMalloc: ON JEMalloc: OFF UUID: ON NUMA: OFF LibML: OFF ... Building with aarch64_cortex-a76_musl: ... Feature options: DAQ Modules: Dynamic libatomic: User-specified Hyperscan: ON ICONV: ON Libunwind: OFF LZMA: ON RPC DB: TIRPC SafeC: OFF TCMalloc: ON JEMalloc: OFF UUID: ON NUMA: OFF LibML: OFF ... Build system: x86/64 Build-tested: x86/64-glibc, bcm27flogic/xiaomi_redmi-router-ax6000-ubootmod (for musl) Run-tested: x86/64-glibc Signed-off-by: John Audia (cherry picked from commit e4bdefe1c298b0dc3508d788a9a42eb2346f819e) --- net/snort3/Makefile | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/net/snort3/Makefile b/net/snort3/Makefile index f221bf6cb8504b..2590818bdda5cc 100644 --- a/net/snort3/Makefile +++ b/net/snort3/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=snort3 PKG_VERSION:=3.9.5.0 -PKG_RELEASE:=4 +PKG_RELEASE:=5 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/snort3/snort3/tar.gz/$(PKG_VERSION)? @@ -26,7 +26,7 @@ define Package/snort3 SECTION:=net CATEGORY:=Network DEPENDS:=+libstdcpp +libdaq3 +libdnet +libopenssl +libpcap +libpcre2 \ - +libpthread +libuuid +zlib +libhwloc +libtirpc @HAS_LUAJIT_ARCH +luajit +libatomic \ + +libpthread +libuuid +zlib +libhwloc +USE_MUSL:libtirpc @HAS_LUAJIT_ARCH +luajit +libatomic \ +kmod-nft-queue +liblzma +ucode +ucode-mod-fs +ucode-mod-uci \ +PACKAGE_gperftools-runtime:gperftools-runtime \ +PACKAGE_hyperscan-runtime:hyperscan-runtime @@ -44,7 +44,7 @@ define Package/snort3/description endef CMAKE_OPTIONS += \ - -DUSE_TIRPC:BOOL=YES \ + -DUSE_TIRPC=$(if $(CONFIG_USE_MUSL),ON,OFF) \ -DENABLE_STATIC_DAQ:BOOL=NO \ -DDAQ_INCLUDE_DIR=$(STAGING_DIR)/usr/include/daq3 \ -DDAQ_LIBRARIES_DIR_HINT:PATH=$(STAGING_DIR)/usr/lib/daq3 \ @@ -61,8 +61,7 @@ CMAKE_OPTIONS += \ -DENABLE_HYPERSCAN=$(if $(CONFIG_PACKAGE_vectorscan-runtime),ON,OFF) \ $(if $(CONFIG_PACKAGE_vectorscan-runtime),-DHS_INCLUDE_DIRS=$(STAGING_DIR)/usr/include/hs) -TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include/daq3 -I$(STAGING_DIR)/usr/include/tirpc -TARGET_LDFLAGS += -L$(STAGING_DIR)/usr/lib/daq3 -ltirpc +TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include/daq3 define Package/snort3/conffiles /etc/config/snort From 0178450e479e65f4a79864978abfa7eaddc59ad8 Mon Sep 17 00:00:00 2001 From: Antonio Pastor Date: Wed, 8 Oct 2025 21:21:33 -0400 Subject: [PATCH 147/239] netatalk: fix config/uci files handling in all variants Config/uci files were not being included in -full variant. Config files were also being lost in firmware upgrades for all variants. Both issues fixed, including correct file permissions for config files. Signed-off-by: Antonio Pastor (cherry picked from commit 0d939af403b2e3b37f29c1e70850cc1ba4fe56dc) --- net/netatalk/Makefile | 57 ++++++++++++++++++++++++++----------------- 1 file changed, 35 insertions(+), 22 deletions(-) diff --git a/net/netatalk/Makefile b/net/netatalk/Makefile index 304f2204e24bdc..e0c1cd057c9841 100644 --- a/net/netatalk/Makefile +++ b/net/netatalk/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=netatalk PKG_VERSION:=4.3.2 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@SF/netatalk @@ -170,14 +170,27 @@ MESON_ARGS += \ endif endif +define Package/netatalk-small/conffiles +/etc/afp.conf +/etc/extmap.conf +/etc/netatalk/ +/etc/config/afpd +endef + define Package/netatalk/conffiles /etc/afp.conf /etc/extmap.conf /etc/netatalk/ -/etc/atalkd.conf -/etc/macipgw.conf +/etc/config/afpd +/etc/config/atalkd +/etc/config/a2boot +/etc/config/macipgw +/etc/config/papd +/etc/config/timelord endef +Package/netatalk-full/conffiles = $(Package/netatalk/conffiles) + define Package/netatalk-small/install $(INSTALL_DIR) $(1)/usr/bin $(INSTALL_DIR) $(1)/usr/lib @@ -193,7 +206,7 @@ define Package/netatalk-small/install $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/afp.conf $(1)/etc/ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/extmap.conf $(1)/etc/ $(INSTALL_BIN) ./files/afpd.init $(1)/etc/init.d/afpd - $(INSTALL_DATA) ./files/afpd.conf $(1)/etc/config/afpd + $(INSTALL_CONF) ./files/afpd.conf $(1)/etc/config/afpd endef define Package/netatalk/install @@ -206,28 +219,28 @@ define Package/netatalk/install $(INSTALL_BIN) ./files/timelord.init $(1)/etc/init.d/timelord $(INSTALL_BIN) ./files/a2boot.init $(1)/etc/init.d/a2boot $(INSTALL_BIN) ./files/papd.init $(1)/etc/init.d/papd - $(INSTALL_DATA) ./files/atalkd.conf $(1)/etc/config/atalkd - $(INSTALL_DATA) ./files/macipgw.conf $(1)/etc/config/macipgw - $(INSTALL_DATA) ./files/timelord.conf $(1)/etc/config/timelord - $(INSTALL_DATA) ./files/a2boot.conf $(1)/etc/config/a2boot - $(INSTALL_DATA) ./files/papd.conf $(1)/etc/config/papd + $(INSTALL_CONF) ./files/atalkd.conf $(1)/etc/config/atalkd + $(INSTALL_CONF) ./files/macipgw.conf $(1)/etc/config/macipgw + $(INSTALL_CONF) ./files/timelord.conf $(1)/etc/config/timelord + $(INSTALL_CONF) ./files/a2boot.conf $(1)/etc/config/a2boot + $(INSTALL_CONF) ./files/papd.conf $(1)/etc/config/papd endef define Package/netatalk-full/install $(call Package/netatalk-small/install,$(1)) - $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/atalkd.conf $(1)/etc/,) - $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/macipgw.conf $(1)/etc/,) - $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/papd.conf $(1)/etc/,) - $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_BIN) ./files/atalkd.init $(1)/etc/init.d/atalkd,) - $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_BIN) ./files/macipgw.init $(1)/etc/init.d/macipgw,) - $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_BIN) ./files/timelord.init $(1)/etc/init.d/timelord,) - $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_BIN) ./files/a2boot.init $(1)/etc/init.d/a2boot,) - $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_BIN) ./files/papd.init $(1)/etc/init.d/papd,) - $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_DATA) ./files/atalkd.conf $(1)/etc/config/atalkd,) - $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_DATA) ./files/macipgw.conf $(1)/etc/config/macipgw,) - $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_DATA) ./files/timelord.conf $(1)/etc/config/timelord,) - $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_DATA) ./files/a2boot.conf $(1)/etc/config/a2boot,) - $(if $(PACKAGE_NETATALK_APPLETALK),$(INSTALL_DATA) ./files/papd.conf $(1)/etc/config/papd,) + $(if $(CONFIG_PACKAGE_NETATALK_APPLETALK),$(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/atalkd.conf $(1)/etc/,) + $(if $(CONFIG_PACKAGE_NETATALK_APPLETALK),$(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/macipgw.conf $(1)/etc/,) + $(if $(CONFIG_PACKAGE_NETATALK_APPLETALK),$(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/papd.conf $(1)/etc/,) + $(if $(CONFIG_PACKAGE_NETATALK_APPLETALK),$(INSTALL_BIN) ./files/atalkd.init $(1)/etc/init.d/atalkd,) + $(if $(CONFIG_PACKAGE_NETATALK_APPLETALK),$(INSTALL_BIN) ./files/macipgw.init $(1)/etc/init.d/macipgw,) + $(if $(CONFIG_PACKAGE_NETATALK_APPLETALK),$(INSTALL_BIN) ./files/timelord.init $(1)/etc/init.d/timelord,) + $(if $(CONFIG_PACKAGE_NETATALK_APPLETALK),$(INSTALL_BIN) ./files/a2boot.init $(1)/etc/init.d/a2boot,) + $(if $(CONFIG_PACKAGE_NETATALK_APPLETALK),$(INSTALL_BIN) ./files/papd.init $(1)/etc/init.d/papd,) + $(if $(CONFIG_PACKAGE_NETATALK_APPLETALK),$(INSTALL_CONF) ./files/atalkd.conf $(1)/etc/config/atalkd,) + $(if $(CONFIG_PACKAGE_NETATALK_APPLETALK),$(INSTALL_CONF) ./files/macipgw.conf $(1)/etc/config/macipgw,) + $(if $(CONFIG_PACKAGE_NETATALK_APPLETALK),$(INSTALL_CONF) ./files/timelord.conf $(1)/etc/config/timelord,) + $(if $(CONFIG_PACKAGE_NETATALK_APPLETALK),$(INSTALL_CONF) ./files/a2boot.conf $(1)/etc/config/a2boot,) + $(if $(CONFIG_PACKAGE_NETATALK_APPLETALK),$(INSTALL_CONF) ./files/papd.conf $(1)/etc/config/papd,) endef $(eval $(call BuildPackage,netatalk-small)) From 4a1fbf06e06bc9b25ff9eb1397970a053f9fd5d6 Mon Sep 17 00:00:00 2001 From: Stan Grishin Date: Tue, 7 Oct 2025 22:31:41 +0000 Subject: [PATCH 148/239] pbr: update to 1.2.0-r2 Makefile: * stop shipping/dealing with the firewall hotplug (obsolete) * install a third user-script (dnsprefetch) by @betonmischer Config: * remove obsolete options * include the new user script Init-script: * start much earlier so that on boot, the procd_add_raw_trigger works on all systems * create a ubus() helper function so that service delete does not produce "Command not found" * rename options to better reflect their function: * procd_lan_device to lan_device * procd_wan_interface to uplink_interface * procd_wan6_interface to uplink_interface6 * procd_wan6_metric to uplink_interface6_metric * wan_ip_rules_priority to uplink_ip_rules_priority * wan_mark to uplink_mark * visually separate run-time variables from variables loaded from config options * use ${IPKG_INSTROOT} when sourcing files * fix typo in str_to_dnsmasq_nftset() * use pidof to kill dnsmasq in dnsmasq_kill() * add helper function uci_add_list_if_new() * add helper function uci_changes() * add helper function ubus() so that service delete does not produce "Command not found" * implement the dnsmasq features check similar to dnsmasq init script * add get_url() function similar to luci package * add/modify error and warning messages * change how mktemp is used for more reliable file creation * unset non-true boolean package config options on load for easier checks later * improve handling of nft/nft set options * fewer calls to resolver() and resolver() optimization to speed up the service * use softlinks instead of duplicating dnsmasq nftset files into each instance * prevent duplication of dnsmasq nftset elements * option to target a specific dest dns port in DNS policies * bugfix: more reliable interface reloads * display README links to errors/warnings sections if any errors/warnings discovered Uci-defaults: * transition from old options to new ones Signed-off-by: Stan Grishin (cherry picked from commit f0f8dc0fced0c02e83d6e0a2ceb5754266abe3f0) Signed-off-by: Stan Grishin --- net/pbr/Makefile | 8 +- net/pbr/files/etc/config/pbr | 6 +- net/pbr/files/etc/init.d/pbr | 785 +++++++++--------- net/pbr/files/etc/uci-defaults/90-pbr | 42 +- net/pbr/files/etc/uci-defaults/99-pbr-version | 16 + .../files/usr/share/pbr/pbr.user.dnsprefetch | 87 ++ 6 files changed, 520 insertions(+), 424 deletions(-) create mode 100644 net/pbr/files/etc/uci-defaults/99-pbr-version create mode 100644 net/pbr/files/usr/share/pbr/pbr.user.dnsprefetch diff --git a/net/pbr/Makefile b/net/pbr/Makefile index 1cea31c7289f42..f66d797357997b 100644 --- a/net/pbr/Makefile +++ b/net/pbr/Makefile @@ -4,8 +4,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=pbr -PKG_VERSION:=1.1.8 -PKG_RELEASE:=36 +PKG_VERSION:=1.2.0 +PKG_RELEASE:=2 PKG_LICENSE:=AGPL-3.0-or-later PKG_MAINTAINER:=Stan Grishin @@ -75,7 +75,7 @@ define Package/pbr/default/install $(INSTALL_CONF) ./files/etc/config/pbr $(1)/etc/config/pbr $(INSTALL_DIR) $(1)/usr/share/pbr $(INSTALL_DATA) ./files/usr/share/pbr/.keep $(1)/usr/share/pbr/.keep - $(INSTALL_DATA) ./files/usr/share/pbr/firewall.include $(1)/usr/share/pbr/firewall.include + $(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.dnsprefetch $(1)/usr/share/pbr/pbr.user.dnsprefetch $(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.aws $(1)/usr/share/pbr/pbr.user.aws $(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.netflix $(1)/usr/share/pbr/pbr.user.netflix $(INSTALL_DIR) $(1)/usr/share/nftables.d @@ -113,7 +113,6 @@ define Package/pbr/prerm #!/bin/sh # check if we are on real system if [ -z "$${IPKG_INSTROOT}" ]; then - uci -q delete firewall.pbr || true echo -n "Stopping pbr service... " /etc/init.d/pbr stop quiet >/dev/null 2>&1 && echo "OK" || echo "FAIL" echo -n "Removing rc.d symlink for pbr... " @@ -148,7 +147,6 @@ define Package/pbr-netifd/prerm #!/bin/sh # check if we are on real system if [ -z "$${IPKG_INSTROOT}" ]; then - uci -q delete firewall.pbr || true echo -n "Stopping pbr-netifd service... " /etc/init.d/pbr stop quiet >/dev/null 2>&1 && echo "OK" || echo "FAIL" echo -n "Removing rc.d symlink for pbr... " diff --git a/net/pbr/files/etc/config/pbr b/net/pbr/files/etc/config/pbr index 8bf686f063555b..de875c5ddcacb8 100644 --- a/net/pbr/files/etc/config/pbr +++ b/net/pbr/files/etc/config/pbr @@ -1,5 +1,4 @@ config pbr 'config' - option debug_dnsmasq '0' option enabled '0' option verbosity '2' option strict_enforcement '1' @@ -7,7 +6,6 @@ config pbr 'config' list resolver_instance '*' option ipv6_enabled '0' list ignored_interface 'vpnserver' - option boot_timeout '30' option rule_create_option 'add' option procd_boot_trigger_delay '5000' option procd_reload_delay '1' @@ -26,6 +24,10 @@ config pbr 'config' list webui_supported_protocol 'tcp udp' list webui_supported_protocol 'icmp' +config include + option path '/usr/share/pbr/pbr.user.dnsprefetch' + option enabled '0' + config include option path '/usr/share/pbr/pbr.user.aws' option enabled '0' diff --git a/net/pbr/files/etc/init.d/pbr b/net/pbr/files/etc/init.d/pbr index 1f698ec4b2f304..b87ef5dd45cf7a 100755 --- a/net/pbr/files/etc/init.d/pbr +++ b/net/pbr/files/etc/init.d/pbr @@ -6,12 +6,10 @@ # sysctl net.ipv4.conf.all.rp_filter=1 # shellcheck disable=SC2034 -START=94 +START=20 # shellcheck disable=SC2034 USE_PROCD=1 -[ -n "${IPKG_INSTROOT}" ] && return 0 - if type extra_command >/dev/null 2>&1; then extra_command 'status' "Generates output required to troubleshoot routing issues Use '-d' option for more detailed output @@ -34,14 +32,13 @@ fi readonly packageName='pbr' readonly PKG_VERSION='dev-test' -readonly packageCompat='14' +readonly packageCompat='17' readonly serviceName="$packageName $PKG_VERSION" readonly packageConfigFile="/etc/config/${packageName}" readonly packageDebugFile="/var/run/${packageName}.debug" readonly packageLockFile="/var/run/${packageName}.lock" -readonly dnsmasqFileDefault="/var/run/${packageName}.dnsmasq" +readonly packageDnsmasqFile="/var/run/${packageName}.dnsmasq" readonly runningStatusFile="/dev/shm/${packageName}.status.json" -readonly runningStatusFileLock="/var/lock/${packageName}.lock" readonly _OK_='\033[0;32m\xe2\x9c\x93\033[0m' readonly __OK__='\033[0;32m[\xe2\x9c\x93]\033[0m' readonly _OKB_='\033[1;34m\xe2\x9c\x93\033[0m' @@ -69,8 +66,17 @@ readonly torConfigFile='/etc/tor/torrc' readonly xrayIfacePrefix='xray_' readonly rtTablesFile='/etc/iproute2/rt_tables' +# Silence "Command failed: Not found" for redundant procd service delete calls +__UBUS_BIN="$(command -v ubus || echo /bin/ubus)" +ubus() { + if [ "$1" = "call" ] && [ "$2" = "service" ] && [ "$3" = "delete" ]; then + "$__UBUS_BIN" "$@" >/dev/null 2>&1 || true + else + "$__UBUS_BIN" "$@" + fi +} + # package config options -debug_dnsmasq= enabled= fw_mask= icmp_interface= @@ -80,17 +86,17 @@ nft_user_set_policy= nft_user_set_counter= procd_boot_trigger_delay= procd_reload_delay= -procd_lan_device= -procd_wan_interface= -procd_wan6_interface= -procd_wan6_metric='128' +lan_device= +uplink_interface= +uplink_interface6= +uplink_interface6_metric='128' resolver_set= resolver_instance= strict_enforcement= supported_interface= verbosity= -wan_ip_rules_priority= -wan_mark= +uplink_ip_rules_priority= +uplink_mark= nft_rule_counter= nft_set_auto_merge= nft_set_counter= @@ -105,7 +111,6 @@ aghConfigFile='/etc/AdGuardHome/AdGuardHome.yaml' gatewaySummary= wanIface4= wanIface6= -dnsmasqFileList= ifaceMark= ifaceTableID= ifacePriority= @@ -114,37 +119,41 @@ ifacesSupported= firewallWanZone= wanGW4= wanGW6= -pbr_boot_flag= +pbrBootFlag= serviceStartTrigger= processDnsPolicyError= processPolicyError= processPolicyWarning= -resolver_set_supported= -policy_routing_nft_prev_param4= -policy_routing_nft_prev_param6= -nft_rule_params= -nft_set_params= +resolverSetSupported= +pbrNftPrevParam4= +pbrNftPrevParam6= +nftRuleParams= +nftSetParams= torDnsPort= torTrafficPort= +dnsmasq_features= +dnsmasq_ubus= +loadEnvironmentFlag= +loadPackageConfigFlag= # shellcheck disable=SC1091 -. /lib/functions.sh +. "${IPKG_INSTROOT}/lib/functions.sh" # shellcheck disable=SC1091 -. /lib/functions/network.sh +. "${IPKG_INSTROOT}/lib/functions/network.sh" # shellcheck disable=SC1091 -. /usr/share/libubox/jshn.sh +. "${IPKG_INSTROOT}/usr/share/libubox/jshn.sh" debug() { local i j; for i in "$@"; do eval "j=\$$i"; logger "${packageName:+-t $packageName}" "${i}: ${j} "; done; } -str_contains() { [ -n "$1" ] && [ -n "$2" ] && [ "${1//$2}" != "$1" ]; } -str_contains_word() { echo "$1" | grep -q -w "$2"; } -str_extras_to_underscore() { echo "$1" | tr '[\. ~`!@#$%^&*()\+/,<>?//;:]' '_'; } +str_contains() { [ "${1//$2}" != "$1" ]; } +str_contains_word() { echo "$1" | grep -qw "$2"; } +str_extras_to_underscore() { echo "$1" | sed -E 's/[\. ~`!@#$%^&*()+=,<>?;:\/\\-]/_/g; s/_+/_/g'; } str_extras_to_space() { echo "$1" | tr ',;{}' ' '; } str_first_value_interface() { local i; for i in $1; do is_supported_interface "$i" && { echo "$i"; break; }; done; } str_first_value_ipv4() { local i; for i in $1; do is_ipv4 "$i" && { echo "$i"; break; }; done; } str_first_value_ipv6() { local i; for i in $1; do is_ipv6 "$i" && { echo "$i"; break; }; done; } str_first_word() { echo "${1%% *}"; } str_replace() { echo "${1//$2/$3}"; } -str_to_dnsmsaq_nftset() { echo "$1" | tr ' ' '/'; } +str_to_dnsmasq_nftset() { echo "$1" | tr ' ' '/'; } str_to_lower() { echo "$1" | tr 'A-Z' 'a-z'; } str_to_upper() { echo "$1" | tr 'a-z' 'A-Z'; } # shellcheck disable=SC3060 @@ -177,8 +186,8 @@ quiet_mode() { pbr_find_iface() { local iface i param="$2" case "$param" in - wan6) iface="$procd_wan6_interface";; - wan|*) iface="$procd_wan_interface";; + wan6) iface="$uplink_interface6";; + wan|*) iface="$uplink_interface";; esac eval "$1"='${iface}' } @@ -193,7 +202,7 @@ pbr_get_gateway4() { } pbr_get_gateway6() { local iface="$2" dev="$3" gw - [ "$iface" = "$procd_wan_interface" ] && iface="$procd_wan6_interface" + [ "$iface" = "$uplink_interface" ] && iface="$uplink_interface6" network_get_gateway6 gw "$iface" true if [ -z "$gw" ] || [ "$gw" = '::/0' ] || [ "$gw" = '::0/0' ] || [ "$gw" = '::' ]; then gw="$(ip -6 a list dev "$dev" 2>/dev/null | grep inet6 | grep 'scope global' | awk '{print $2}')" @@ -224,6 +233,7 @@ inline_set() { is_bad_user_file_nft_call() { grep -q '"\$nft" list' "$1" || grep '"\$nft" -f' "$1"; } # shellcheck disable=SC2317 is_config_enabled() { +# shellcheck disable=SC2329 _check_config() { local en; config_get_bool en "$1" 'enabled' '1'; [ "$en" -gt '0' ] && _cfg_enabled=0; } local cfg="$1" _cfg_enabled=1 [ -n "$1" ] || return 1 @@ -238,7 +248,7 @@ uci_get_device() { eval "$1=$__tmp" } uci_get_protocol() { uci_get 'network' "$1" 'proto'; } -is_default_dev() { [ "$1" = "$(ip -4 r | grep -m1 'dev' | grep -Eso 'dev [^ ]*' | awk '{print $2}')" ]; } +is_default_dev() { [ "$1" = "$(ip -4 route show default | awk '{for(i=1;i<=NF;i++) if($i=="dev"){print $(i+1);exit}}')" ]; } is_disabled_interface() { [ "$(uci_get 'network' "$1" 'disabled')" = '1' ]; } is_host() { echo "$1" | grep -qE '^[a-zA-Z0-9][a-zA-Z0-9_-]{0,61}[a-zA-Z0-9]$|^[a-zA-Z0-9]$'; } is_hostname() { echo "$1" | grep -qE '^([a-zA-Z0-9]([a-zA-Z0-9_-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$'; } @@ -257,7 +267,7 @@ is_ipv6_local_scope() { is_ipv6_local_link "$1" || is_ipv6_local_unique "$1"; } is_ipv6_local_link() { [ "${1:0:4}" = 'fe80' ]; } is_ipv6_local_unique() { [ "${1:0:2}" = 'fc' ] || [ "${1:0:2}" = 'fd' ]; } is_list() { str_contains "$1" ',' || str_contains "$1" ' '; } -is_lan() { local d; network_get_device d "$1"; str_contains "$procd_lan_device" "$d"; } +is_lan() { local d; network_get_device d "$1"; str_contains "$lan_device" "$d"; } is_l2tp() { local p; network_get_protocol p "$1"; [ "${p:0:4}" = "l2tp" ]; } is_mac_address() { echo "$1" | grep -qE '^([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2})$'; } is_mac_address_bad_notation() { echo "$1" | grep -qE '^([0-9A-Fa-f]{2}-){5}([0-9A-Fa-f]{2})$'; } @@ -287,11 +297,11 @@ is_url_ftp() { [ "$1" != "${1#ftp://}" ]; } is_url_http() { [ "$1" != "${1#http://}" ]; } is_url_https() { [ "$1" != "${1#https://}" ]; } is_wan() { [ "$1" = "$wanIface4" ] || { [ "${1##wan}" != "$1" ] && [ "${1##wan6}" = "$1" ]; } || [ "${1%%wan}" != "$1" ]; } -is_wan6() { [ -n "$wanIface6" ] && [ "$1" = "$wanIface6" ] || [ "${1/#wan6}" != "$1" ] || [ "${1/%wan6}" != "$1" ]; } +is_wan6() { [ -n "$wanIface6" ] && [ "$1" = "$wanIface6" ] || [ "${1##wan6}" != "$1" ] || [ "${1%%wan6}" != "$1" ]; } is_wg() { local p lp; network_get_protocol p "$1"; uci_get_listen_port lp "$1"; [ -z "$lp" ] && [ "${p:0:9}" = "wireguard" ]; } is_wg_server() { local p lp; network_get_protocol p "$1"; uci_get_listen_port lp "$1"; [ -n "$lp" ] && [ "${p:0:9}" = "wireguard" ]; } is_xray() { [ -n "$(get_xray_traffic_port "$1")" ]; } -dnsmasq_kill() { killall -q -s HUP dnsmasq; } +dnsmasq_kill() { pidof dnsmasq >/dev/null && kill -HUP $(pidof dnsmasq); } dnsmasq_restart() { output 3 'Restarting dnsmasq '; if /etc/init.d/dnsmasq restart >/dev/null 2>&1; then output_okn; else output_failn; fi; } # shellcheck disable=SC2155 get_ss_traffic_ports() { local i="$(jsonfilter -i "$ssConfigFile" -q -e "@.inbounds[*].port")"; echo "${i:-443}"; } @@ -313,12 +323,31 @@ ipv4_leases_to_nftset(){ [ -s '/tmp/dhcp.leases' ] && awk -v arg="$1" 'BEGIN{fs= ipv6_leases_to_nftset(){ [ -s '/tmp/hosts/odhcpd' ] && awk -v arg="$1" 'BEGIN{fs=""};$0~arg{printf fs$1;fs=","}' /tmp/hosts/odhcpd;} # shellcheck disable=SC3037 ports_to_nftset() { echo -en "$1"; } -get_mark_nft_chains() { [ -x "$nft" ] && "$nft" list table inet "$nftTable" 2>/dev/null | grep chain | grep "${nftPrefix}_mark_" | awk '{ print $2 }'; } -get_nft_sets() { [ -x "$nft" ] && "$nft" list table inet "$nftTable" 2>/dev/null | grep 'set' | grep "${nftPrefix}_" | awk '{ print $2 }'; } +get_mark_nft_chains() { "$nft" list table inet "$nftTable" 2>/dev/null | grep chain | grep "${nftPrefix}_mark_" | awk '{ print $2 }'; } +get_nft_sets() { "$nft" list table inet "$nftTable" 2>/dev/null | grep 'set' | grep "${nftPrefix}_" | awk '{ print $2 }'; } __ubus_get() { ubus call service list "{ 'name': '$packageName' }" | jsonfilter -e "$1"; } ubus_get_status() { __ubus_get "@.${packageName}.instances.main.data.status.${1}"; } ubus_get_interface() { __ubus_get "@.${packageName}.instances.main.data.gateways[@.name='${1}']${2:+.$2}"; } ubus_get_gateways() { __ubus_get "@.${packageName}.instances.main.data.gateways"; } +uci_add_list_if_new() { + local PACKAGE="$1" + local CONFIG="$2" + local OPTION="$3" + local VALUE="$4" + local i + [ -n "$PACKAGE" ] && [ -n "$CONFIG" ] && [ -n "$OPTION" ] && [ -n "$VALUE" ] || return 1 + for i in $(uci_get "$PACKAGE" "$CONFIG" "$OPTION"); do + [ "$i" = "$VALUE" ] && return 0 + done + uci_add_list "$PACKAGE" "$CONFIG" "$OPTION" "$VALUE" +} +uci_changes() { + local PACKAGE="$1" + local CONFIG="$2" + local OPTION="$3" + [ -s "${UCI_CONFIG_DIR:-/etc/config/}${PACKAGE}" ] && \ + [ -n "$(/sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} changes "$PACKAGE${CONFIG:+.$CONFIG}${OPTION:+.$OPTION}")" ] +} uci_get_listen_port() { local __tmp __tmp="$(uci_get 'network' "$2" 'listen_port')" @@ -335,17 +364,8 @@ check_agh() { [ -x "$agh" ] && { [ -s "$aghConfigFile" ] || [ -s "${agh%/*}/AdGu check_dnsmasq() { command -v dnsmasq >/dev/null 2>&1; } check_unbound() { command -v unbound >/dev/null 2>&1; } check_dnsmasq_nftset() { - local o; - check_nft || return 1 - check_dnsmasq || return 1 - o="$(dnsmasq -v 2>/dev/null)" - [ -n "$debug_dnsmasq" ] && { - echo " $(date) dnsmasq output dump:"; -# shellcheck disable=SC3003 - echo "${o%$'\n'$'\n'This*}"; - echo '-------------------------'; - } >> "$packageDebugFile" - ! echo "$o" | grep -q 'no-nftset' && echo "$o" | grep -q 'nftset' + [ -z "$dnsmasq_features" ] && dnsmasq_features="$(dnsmasq --version | grep -m1 'Compile time options:' | cut -d: -f2) " + [ "${dnsmasq_features#* nftset }" != "$dnsmasq_features" ] } print_json_bool() { json_init; json_add_boolean "$1" "$2"; json_dump; json_cleanup; } print_json_string() { json_init; json_add_string "$1" "$2"; json_dump; json_cleanup; } @@ -356,63 +376,71 @@ try() { fi } +get_url() { + printf "https://docs.openwrt.melmac.ca/%s/%s/%s" "$packageName" "${PKG_VERSION%%-*}" "$1" +} + get_text() { local r="$1"; shift; case "$r" in - errorConfigValidation) printf "Config (%s) validation failure" "$$packageConfigFile";; + errorConfigValidation) printf "Config (%s) validation failure" "$packageConfigFile";; errorNoNft) printf "Resolver set support (%s) requires nftables, but nft binary cannot be found" "$resolver_set";; errorResolverNotSupported) printf "Resolver set (%s) is not supported on this system" "$resolver_set";; errorServiceDisabled) printf "The %s service is currently disabled" "$packageName";; errorNoWanGateway) printf "The %s service failed to discover WAN gateway" "$serviceName";; - errorNoWanInterface) printf "The %s interface not found, you need to set the 'pbr.config.procd_wan_interface' option" "$@";; - errorNoWanInterfaceHint) printf "Refer to %s" 'https://docs.openwrt.melmac.ca/pbr/#procd_wan_interface';; - errorNftsetNameTooLong) printf "The nft set name '%s' is longer than allowed 255 characters" "$@";; - errorUnexpectedExit) printf "Unexpected exit or service termination: '%s'" "$@";; - errorPolicyNoSrcDest) printf "Policy '%s' has no source/destination parameters" "$@";; - errorPolicyNoInterface) printf "Policy '%s' has no assigned interface" "$@";; - errorPolicyNoDns) printf "Policy '%s' has no assigned DNS" "$@";; - errorPolicyProcessNoInterfaceDns) printf "Interface '%s' has no assigned DNS" "$@";; - errorPolicyUnknownInterface) printf "Policy '%s' has an unknown interface" "$@";; - errorPolicyProcessCMD) printf "'%s'" "$@";; - errorFailedSetup) printf "Failed to set up '%s'" "$@";; - errorFailedReload) printf "Failed to reload '%s'" "$@";; - errorUserFileNotFound) printf "Custom user file '%s' not found or empty" "$@";; - errorUserFileSyntax) printf "Syntax error in custom user file '%s'" "$@";; - errorUserFileRunning) printf "Error running custom user file '%s'" "$@";; - errorUserFileNoCurl) printf "Use of 'curl' is detected in custom user file '%s', but 'curl' isn't installed" "$@";; + errorNoUplinkInterface) printf "The %s interface not found, you need to set the 'pbr.config.uplink_interface' option" "$1";; + errorNoUplinkInterfaceHint) printf "Refer to %s" "$1";; + errorNftsetNameTooLong) printf "The nft set name '%s' is longer than allowed 255 characters" "$1";; + errorUnexpectedExit) printf "Unexpected exit or service termination: '%s'" "$1";; + errorPolicyNoSrcDest) printf "Policy '%s' has no source/destination parameters" "$1";; + errorPolicyNoInterface) printf "Policy '%s' has no assigned interface" "$1";; + errorPolicyNoDns) printf "Policy '%s' has no assigned DNS" "$1";; + errorPolicyProcessNoInterfaceDns) printf "Interface '%s' has no assigned DNS" "$1";; + errorPolicyUnknownInterface) printf "Policy '%s' has an unknown interface" "$1";; + errorPolicyProcessCMD) printf "'%s'" "$1";; + errorFailedSetup) printf "Failed to set up '%s'" "$1";; + errorFailedReload) printf "Failed to reload '%s'" "$1";; + errorUserFileNotFound) printf "Custom user file '%s' not found or empty" "$1";; + errorUserFileSyntax) printf "Syntax error in custom user file '%s'" "$1";; + errorUserFileRunning) printf "Error running custom user file '%s'" "$1";; + errorUserFileNoCurl) printf "Use of 'curl' is detected in custom user file '%s', but 'curl' isn't installed" "$1";; errorNoGateways) printf "Failed to set up any gateway";; - errorResolver) printf "Resolver '%s'" "$@";; - errorPolicyProcessNoIpv6) printf "Skipping IPv6 policy '%s' as IPv6 support is disabled" "$@";; - errorPolicyProcessUnknownFwmark) printf "Unknown packet mark for interface '%s'" "$@";; - errorPolicyProcessMismatchFamily) printf "Mismatched IP family between in policy '%s'" "$@";; - errorPolicyProcessUnknownProtocol) printf "Unknown protocol in policy '%s'" "$@";; - errorPolicyProcessInsertionFailed) printf "Insertion failed for both IPv4 and IPv6 for policy '%s'" "$@";; - errorPolicyProcessInsertionFailedIpv4) printf "Insertion failed for IPv4 for policy '%s'" "$@";; - errorPolicyProcessUnknownEntry) printf "Unknown entry in policy '%s'" "$@";; + errorResolver) printf "Resolver '%s'" "$1";; + errorPolicyProcessNoIpv6) printf "Skipping IPv6 policy '%s' as IPv6 support is disabled" "$1";; + errorPolicyProcessUnknownFwmark) printf "Unknown packet mark for interface '%s'" "$1";; + errorPolicyProcessMismatchFamily) printf "Mismatched IP family between in policy '%s'" "$1";; + errorPolicyProcessUnknownProtocol) printf "Unknown protocol in policy '%s'" "$1";; + errorPolicyProcessInsertionFailed) printf "Insertion failed for both IPv4 and IPv6 for policy '%s'" "$1";; + errorPolicyProcessInsertionFailedIpv4) printf "Insertion failed for IPv4 for policy '%s'" "$1";; + errorPolicyProcessUnknownEntry) printf "Unknown entry in policy '%s'" "$1";; errorInterfaceRoutingEmptyValues) printf "Received empty tid/mark or interface name when setting up routing";; - errorFailedToResolve) printf "Failed to resolve '%s'" "$@";; - errorTryFailed) printf "Command failed: %s" "$@";; - errorNftFileInstall) printf "Failed to install fw4 nft file '%s'" "$@";; - errorDownloadUrlNoHttps) printf "Failed to download '%s', HTTPS is not supported" "$@";; - errorDownloadUrl) printf "Failed to download '%s'" "$@";; - errorNoDownloadWithSecureReload) printf "Policy '%s' refers to URL which can't be downloaded in 'secure_reload' mode" "$@";; + errorFailedToResolve) printf "Failed to resolve '%s'" "$1";; + errorTryFailed) printf "Command failed: %s" "$1";; + errorNftFileInstall) printf "Failed to install fw4 nft file '%s'" "$1";; + errorDownloadUrlNoHttps) printf "Failed to download '%s', HTTPS is not supported" "$1";; + errorDownloadUrl) printf "Failed to download '%s'" "$1";; + errorNoDownloadWithSecureReload) printf "Policy '%s' refers to URL which can't be downloaded in 'secure_reload' mode" "$1";; errorFileSchemaRequiresCurl) printf "The file:// schema requires curl, but it's not detected on this system";; - errorIncompatibleUserFile) printf "Incompatible custom user file detected '%s'" "$@";; - errorDefaultFw4TableMissing) printf "Default fw4 table '%s' is missing" "$@";; - errorDefaultFw4ChainMissing) printf "Default fw4 chain '%s' is missing" "$@";; - errorRequiredBinaryMissing) printf "Required binary '%s' is missing" "$@";; - errorInterfaceRoutingUnknownDevType) printf "Unknown IPv6 Link type for device '%s'" "$@";; + errorIncompatibleUserFile) printf "Incompatible custom user file detected '%s'" "$1";; + errorDefaultFw4TableMissing) printf "Default fw4 table '%s' is missing" "$1";; + errorDefaultFw4ChainMissing) printf "Default fw4 chain '%s' is missing" "$1";; + errorRequiredBinaryMissing) printf "Required binary '%s' is missing" "$1";; + errorInterfaceRoutingUnknownDevType) printf "Unknown IPv6 Link type for device '%s'" "$1";; errorUplinkDown) printf "Uplink/WAN interface is still down, increase value of 'procd_boot_trigger_delay' option";; - warningInvalidOVPNConfig) printf "Invalid OpenVPN config for '%s' interface" "$@";; + errorMktempFileCreate) printf "Failed to create temporary file with mktemp mask: '%s'" "$1";; + errorSummary) printf "Errors encountered, please check %s" "$1";; + warningInvalidOVPNConfig) printf "Invalid OpenVPN config for '%s' interface" "$1";; warningResolverNotSupported) printf "Resolver set (%s) is not supported on this system" "$resolver_set";; - warningPolicyProcessCMD) printf "'%s'" "$@";; - warningTorUnsetParams) printf "Please unset 'src_addr', 'src_port' and 'dest_port' for policy '%s'" "$@";; - warningTorUnsetProto) printf "Please unset 'proto' or set 'proto' to 'all' for policy '%s'" "$@";; - warningTorUnsetChainNft) printf "Please unset 'chain' or set 'chain' to 'prerouting' for policy '%s'" "$@";; - warningOutdatedWebUIApp) printf "The WebUI application is outdated (version %s), please update it" "$@";; - warningDnsmasqInstanceNoConfdir) printf "Dnsmasq instance '%s' targeted in settings, but it doesn't have its own confdir" "$@";; - warningDhcpLanForce) printf "Please set 'dhcp.%s.force=1' to speed up service start-up" "$@";; - *) printf "Unknown error/warning '%s'" "$@";; + warningPolicyProcessCMD) printf "'%s'" "$1";; + warningTorUnsetParams) printf "Please unset 'src_addr', 'src_port' and 'dest_port' for policy '%s'" "$1";; + warningTorUnsetProto) printf "Please unset 'proto' or set 'proto' to 'all' for policy '%s'" "$1";; + warningTorUnsetChainNft) printf "Please unset 'chain' or set 'chain' to 'prerouting' for policy '%s'" "$1";; + warningOutdatedWebUIApp) printf "The WebUI application is outdated (version %s), please update it" "$1";; + warningDnsmasqInstanceNoConfdir) printf "Dnsmasq instance '%s' targeted in settings, but it doesn't have its own confdir" "$1";; + warningDhcpLanForce) printf "Please set 'dhcp.%s.force=1' to speed up service start-up" "$1";; + warningSummary) printf "Warnings encountered, please check %s" "$(get_url '#WarningMessagesDetails')";; + warningIncompatibleDHCPOption6) printf "Incompatible DHCP Option 6 for interface %s" "$1";; + *) printf "Unknown error/warning '%s'" "$1";; esac } @@ -439,9 +467,11 @@ process_url() { else unset dl_https_supported fi - while [ -z "$dl_temp_file" ] || [ -e "$dl_temp_file" ]; do - dl_temp_file="$(mktemp -u -q -t "${packageName}_tmp.XXXXXXXX")" - done + dl_temp_file="$(mktemp -q -t "${packageName}_tmp.XXXXXXXX")" + if [ -z "$dl_temp_file" ] || [ ! -e "$dl_temp_file" ]; then + json add error 'errorMktempFileCreate' "${packageName}_tmp.XXXXXXXX" + return 1 + fi if is_url_file "$url" && ! is_present 'curl'; then json add error 'errorFileSchemaRequiresCurl' "$url" elif is_url_https "$url" && [ -z "$dl_https_supported" ]; then @@ -456,70 +486,67 @@ process_url() { load_package_config() { local param="$1" - local user_file_check_result i config_load "$packageName" - config_get_bool debug_dnsmasq 'config' 'debug_dnsmasq' '0' - config_get_bool enabled 'config' 'enabled' '0' - config_get fw_mask 'config' 'fw_mask' 'ff0000' + config_get_bool enabled 'config' 'enabled' '0' + config_get fw_mask 'config' 'fw_mask' '00ff0000' config_get icmp_interface 'config' 'icmp_interface' config_get ignored_interface 'config' 'ignored_interface' - config_get_bool ipv6_enabled 'config' 'ipv6_enabled' '0' - config_get_bool nft_rule_counter 'config' 'nft_rule_counter' '0' - config_get_bool nft_set_auto_merge 'config' 'nft_set_auto_merge' '1' - config_get_bool nft_set_counter 'config' 'nft_set_counter' '0' - config_get_bool nft_set_flags_interval 'config' 'nft_set_flags_interval' '1' - config_get_bool nft_set_flags_timeout 'config' 'nft_set_flags_timeout' '0' + config_get_bool ipv6_enabled 'config' 'ipv6_enabled' '0' + config_get_bool nft_rule_counter 'config' 'nft_rule_counter' '0' + config_get_bool nft_set_auto_merge 'config' 'nft_set_auto_merge' '1' + config_get_bool nft_set_counter 'config' 'nft_set_counter' '0' + config_get_bool nft_set_flags_interval 'config' 'nft_set_flags_interval' '1' + config_get_bool nft_set_flags_timeout 'config' 'nft_set_flags_timeout' '0' + config_get_bool nft_user_set_counter 'config' 'nft_user_set_counter' '0' config_get nft_set_gc_interval 'config' 'nft_set_gc_interval' - config_get nft_set_policy 'config' 'nft_set_policy' 'performance' + config_get nft_set_policy 'config' 'nft_set_policy' 'performance' config_get nft_set_timeout 'config' 'nft_set_timeout' config_get resolver_set 'config' 'resolver_set' - config_get resolver_instance 'config' 'resolver_instance' '*' - config_get_bool strict_enforcement 'config' 'strict_enforcement' '1' + config_get resolver_instance 'config' 'resolver_instance' '*' + config_get_bool strict_enforcement 'config' 'strict_enforcement' '1' config_get supported_interface 'config' 'supported_interface' - config_get verbosity 'config' 'verbosity' '2' + config_get verbosity 'config' 'verbosity' '2' config_get procd_boot_trigger_delay 'config' 'procd_boot_trigger_delay' '5000' - config_get procd_lan_device 'config' 'procd_lan_device' 'br-lan' - config_get procd_reload_delay 'config' 'procd_reload_delay' '0' - config_get procd_wan_interface 'config' 'procd_wan_interface' 'wan' - config_get procd_wan6_interface 'config' 'procd_wan6_interface' 'wan6' - config_get wan_ip_rules_priority 'config' 'wan_ip_rules_priority' '30000' - config_get wan_mark 'config' 'wan_mark' '010000' + config_get lan_device 'config' 'lan_device' 'br-lan' + config_get procd_reload_delay 'config' 'procd_reload_delay' '0' + config_get uplink_interface 'config' 'uplink_interface' 'wan' + config_get uplink_interface6 'config' 'uplink_interface6' 'wan6' + config_get uplink_ip_rules_priority 'config' 'uplink_ip_rules_priority' '30000' + config_get uplink_mark 'config' 'uplink_mark' '00010000' fw_mask="0x${fw_mask}" - wan_mark="0x${wan_mark}" - if [ -x "$agh" ] && [ ! -s "$aghConfigFile" ]; then - [ -s "${agh%/*}/AdGuardHome.yaml" ] && aghConfigFile="${agh%/*}/AdGuardHome.yaml" - fi - [ -n "$ipv6_enabled" ] && [ "$ipv6_enabled" -eq '0' ] && unset ipv6_enabled - [ -n "$nft_user_set_counter" ] && [ "$nft_user_set_counter" -eq '0' ] && unset nft_user_set_counter + uplink_mark="0x${uplink_mark}" + + [ "$resolver_set" = 'none' ] && unset resolver_set + [ "$enabled" = '1' ] || unset enabled + [ "$ipv6_enabled" = '1' ] || unset ipv6_enabled + [ "$strict_enforcement" = '1' ] || unset strict_enforcement + fw_maskXor="$(printf '%#x' "$((fw_mask ^ 0xffffffff))")" fw_maskXor="${fw_maskXor:-0xff00ffff}" is_integer "$procd_boot_trigger_delay" || procd_boot_trigger_delay='5000' [ "$procd_boot_trigger_delay" -lt '1000' ] && procd_boot_trigger_delay='1000' - [ "$debug_dnsmasq" != '1' ] && unset debug_dnsmasq - [ "$nft_rule_counter" != '1' ] && unset nft_rule_counter - [ "$nft_set_auto_merge" != '1' ] && unset nft_set_auto_merge - [ "$nft_set_counter" != '1' ] && unset nft_set_counter - [ "$nft_set_flags_interval" != '1' ] && unset nft_set_flags_interval - [ "$nft_set_flags_timeout" != '1' ] && unset nft_set_flags_timeout - [ -z "${nft_set_flags_timeout}${nft_set_timeout}" ] && unset nft_set_gc_interval local nft_set_flags - if [ -n "${nft_set_flags_interval}${nft_set_flags_timeout}" ]; then - [ -n "$nft_set_flags_interval" ] && nft_set_flags='flags interval' - if [ -n "$nft_set_flags_timeout" ]; then - if [ -n "$nft_set_flags" ]; then - nft_set_flags="${nft_set_flags}, timeout" - else - nft_set_flags='flags timeout' - fi - fi - fi + case "${nft_set_flags_interval}:${nft_set_flags_timeout}" in + 1:1) nft_set_flags="flags interval, timeout${nft_set_timeout:+; timeout $nft_set_timeout}";; + 1:0) nft_set_flags='flags interval';; + 0:1) nft_set_flags="flags timeout${nft_set_timeout:+; timeout $nft_set_timeout}";; + 0:0) nft_set_flags='';; + esac + + [ "$nft_user_set_counter" = '1' ] || unset nft_user_set_counter + [ "$nft_rule_counter" = '1' ] || unset nft_rule_counter + [ "$nft_set_auto_merge" = '1' ] || unset nft_set_auto_merge + [ "$nft_set_counter" = '1' ] || unset nft_set_counter + [ "$nft_set_flags_interval" = '1' ] || unset nft_set_flags_interval + [ "$nft_set_flags_timeout" = '1' ] || unset nft_set_flags_timeout + [ -n "${nft_set_flags_timeout}${nft_set_timeout}" ] || unset nft_set_gc_interval - nft_rule_params="${nft_rule_counter:+counter}" + nftRuleParams="${nft_rule_counter:+counter}" - nft_set_params=" \ + nftSetParams=" \ ${nft_set_auto_merge:+ auto-merge;} \ ${nft_set_counter:+ counter;} \ ${nft_set_flags:+ $nft_set_flags;} \ @@ -527,21 +554,42 @@ load_package_config() { ${nft_set_policy:+ policy "$nft_set_policy";} \ ${nft_set_timeout:+ timeout "$nft_set_timeout";} \ " + + if [ -x "$agh" ] && [ ! -s "$aghConfigFile" ]; then + [ -s "${agh%/*}/AdGuardHome.yaml" ] && aghConfigFile="${agh%/*}/AdGuardHome.yaml" + fi + unset loadEnvironmentFlag + loadPackageConfigFlag='true' } # shellcheck disable=SC2317 load_environment() { _system_health_check() { - _check_dhcp_force() { +# shellcheck disable=SC2329 + _check_lan_compatibility() { is_lan "$1" || return 0 - if [ "$(uci_get dhcp "$1" force 0)" = '0' ]; then + local force ipaddr dhcp_option i + config_get force "$1" force + config_get ipaddr "$1" ipaddr + if [ "$force" = '0' ]; then json add warning 'warningDhcpLanForce' "$1" fi + [ -n "$resolver_set" ] || return 0 + for i in $(uci_get 'dhcp' "$1" 'dhcp_option'); do + local option="${i%%,*}" value="${i#*,}" + if [ "$option" = '6' ] && [ "$value" != "${ipaddr%%/*}" ]; then + json add warning 'warningIncompatibleDHCPOption6' "${1}: ${value}" + fi + done } local i _ret=0 + if ! check_nft; then + json add error 'errorNoNft' + _ret='1' + fi if [ "$(uci_get 'firewall' 'defaults' 'auto_includes')" = '0' ]; then uci_remove 'firewall' 'defaults' 'auto_includes' - uci_commit firewall + uci_commit 'firewall' fi if [ "$(readlink /sbin/ip)" != "$ip_full" ]; then json add error 'errorRequiredBinaryMissing' 'ip-full' @@ -564,16 +612,16 @@ load_environment() { fi done config_load 'network' - config_foreach _check_dhcp_force 'interface' + config_foreach _check_lan_compatibility 'interface' return "$_ret" } local param="$1" validation_result="$2" + [ -z "$loadEnvironmentFlag" ] || return 0 + [ -n "$loadPackageConfigFlag" ] || load_package_config "$param" case "$param" in on_boot|on_start) - json init output 1 "Loading environment ($param) " - load_package_config "$param" - if [ "$enabled" -eq '0' ]; then + if [ -z "$enabled" ]; then output 1 "$_FAIL_\n" json add error 'errorServiceDisabled' output_error "$(get_text 'errorServiceDisabled')" @@ -589,27 +637,28 @@ load_environment() { return 1 fi _system_health_check || { output 1 "$_FAIL_\n"; return 1; } - resolver 'check_support' && resolver 'configure_instances' + resolver 'check_support' load_network "$param" output 1 "$_OK_\n" ;; - on_stop) - json init - output 1 "Loading environment ($param) " - load_package_config "$param" + on_triggers) load_network "$param" - output 1 "$_OK_\n" ;; - on_triggers|*) - load_package_config "$param" + on_interface_reload|on_reload|on_stop|*) + output 1 "Loading environment ($param) " load_network "$param" + resolver 'check_support' + output 1 "$_OK_\n" ;; esac + loadEnvironmentFlag='true' } # shellcheck disable=SC2317 load_network() { +# shellcheck disable=SC2329 _build_ifaces_supported() { is_supported_interface "$1" && ! str_contains "$ifacesSupported" "$1" && ifacesSupported="${ifacesSupported}${1} "; } +# shellcheck disable=SC2329 _find_firewall_wan_zone() { [ "$(uci_get 'firewall' "$1" 'name')" = "wan" ] && firewallWanZone="$1"; } local i param="$1" local dev4 dev6 @@ -622,12 +671,12 @@ load_network() { config_load 'network' config_foreach _build_ifaces_supported 'interface' fi - wanIface4="$procd_wan_interface" + wanIface4="$uplink_interface" network_get_device dev4 "$wanIface4" [ -z "$dev4" ] && network_get_physdev dev4 "$wanIface4" [ -z "$wanGW4" ] && pbr_get_gateway4 wanGW4 "$wanIface4" "$dev4" if [ -n "$ipv6_enabled" ]; then - wanIface6="$procd_wan6_interface" + wanIface6="$uplink_interface6" network_get_device dev6 "$wanIface6" [ -z "$dev6" ] && network_get_physdev dev6 "$wanIface6" [ -z "$wanGW6" ] && pbr_get_gateway6 wanGW6 "$wanIface6" "$dev6" @@ -646,9 +695,9 @@ load_network() { is_wan_up() { local param="$1" - if [ -z "$(uci_get network "$procd_wan_interface")" ]; then - json add error 'errorNoWanInterface' "$procd_wan_interface" - json add error 'errorNoWanInterfaceHint' + if [ -z "$(uci_get network "$uplink_interface")" ]; then + json add error 'errorNoUplinkInterface' "$uplink_interface" + json add error 'errorNoUplinkInterfaceHint' "$(get_url '#uplink_interface')" return 1 fi network_flush_cache @@ -661,10 +710,10 @@ is_wan_up() { fi } -nft_call() { [ -x "$nft" ] && "$nft" "$@" >/dev/null 2>&1; } +nft_call() { "$nft" "$@" >/dev/null 2>&1; } nft_file() { local i - [ -x "$nft" ] || return 1 + case "$1" in add|add_command) shift @@ -699,7 +748,7 @@ nft_file() { ;; esac } -nft() { [ -x "$nft" ] && [ -n "$*" ] && nft_file 'add_command' "$@"; } +nft() { [ -n "$*" ] && nft_file 'add_command' "$@"; } nft4() { nft "$@"; } nft6() { [ -n "$ipv6_enabled" ] || return 0; nft "$@"; } nftset() { @@ -709,8 +758,6 @@ nftset() { nftset4="${nftPrefix}${iface:+_$iface}_4${target:+_$target}${type:+_$type}${uid:+_$uid}" nftset6="${nftPrefix}${iface:+_$iface}_6${target:+_$target}${type:+_$type}${uid:+_$uid}" - [ -x "$nft" ] || return 1 - if [ "${#nftset4}" -gt '255' ]; then json add error 'errorNftsetNameTooLong' "$nftset4" return 1 @@ -742,46 +789,46 @@ nftset() { ;; add_dnsmasq_element) [ -n "$ipv6_enabled" ] || unset nftset6 - # shellcheck disable=SC2086 - echo "nftset=/${param}/4#inet#${nftTable}#${nftset4}${nftset6:+,6#inet#${nftTable}#$nftset6} # $comment" | tee -a $dnsmasqFileList >/dev/null 2>&1 && ipv4_error=0 + grep -qxF "nftset=/${param}/4#inet#${nftTable}#${nftset4}${nftset6:+,6#inet#${nftTable}#$nftset6} # $comment" "$packageDnsmasqFile" && return 0 + echo "nftset=/${param}/4#inet#${nftTable}#${nftset4}${nftset6:+,6#inet#${nftTable}#$nftset6} # $comment" >> "$packageDnsmasqFile" && ipv4_error=0 ;; create) case "$type" in ip|net) - nft4 add set inet "$nftTable" "$nftset4" "{ type ipv4_addr; $nft_set_params comment \"$comment\";}" && ipv4_error=0 - nft6 add set inet "$nftTable" "$nftset6" "{ type ipv6_addr; $nft_set_params comment \"$comment\";}" && ipv6_error=0 + nft4 add set inet "$nftTable" "$nftset4" "{ type ipv4_addr; $nftSetParams comment \"$comment\";}" && ipv4_error=0 + nft6 add set inet "$nftTable" "$nftset6" "{ type ipv6_addr; $nftSetParams comment \"$comment\";}" && ipv6_error=0 ;; mac) - nft4 add set inet "$nftTable" "$nftset4" "{ type ether_addr; $nft_set_params comment \"$comment\";}" && ipv4_error=0 - nft6 add set inet "$nftTable" "$nftset6" "{ type ether_addr; $nft_set_params comment \"$comment\";}" && ipv6_error=0 + nft4 add set inet "$nftTable" "$nftset4" "{ type ether_addr; $nftSetParams comment \"$comment\";}" && ipv4_error=0 + nft6 add set inet "$nftTable" "$nftset6" "{ type ether_addr; $nftSetParams comment \"$comment\";}" && ipv6_error=0 ;; esac ;; create_dnsmasq_set) - nft4 add set inet "$nftTable" "$nftset4" "{ type ipv4_addr; $nft_set_params comment \"$comment\";}" && ipv4_error=0 - nft6 add set inet "$nftTable" "$nftset6" "{ type ipv6_addr; $nft_set_params comment \"$comment\";}" && ipv6_error=0 + nft4 add set inet "$nftTable" "$nftset4" "{ type ipv4_addr; $nftSetParams comment \"$comment\";}" && ipv4_error=0 + nft6 add set inet "$nftTable" "$nftset6" "{ type ipv6_addr; $nftSetParams comment \"$comment\";}" && ipv6_error=0 ;; create_user_set) case "$type" in ip|net) - nft4 add set inet "$nftTable" "$nftset4" "{ type ipv4_addr; $nft_set_params comment \"$comment\";}" && ipv4_error=0 - nft6 add set inet "$nftTable" "$nftset6" "{ type ipv6_addr; $nft_set_params comment \"$comment\";}" && ipv6_error=0 + nft4 add set inet "$nftTable" "$nftset4" "{ type ipv4_addr; $nftSetParams comment \"$comment\";}" && ipv4_error=0 + nft6 add set inet "$nftTable" "$nftset6" "{ type ipv6_addr; $nftSetParams comment \"$comment\";}" && ipv6_error=0 case "$target" in dst) - nft4 add rule inet "$nftTable" "${nftPrefix}_prerouting" "${nftIPv4Flag}" daddr "@${nftset4}" "${nft_rule_params}" goto "${nftPrefix}_mark_${mark}" && ipv4_error=0 - nft6 add rule inet "$nftTable" "${nftPrefix}_prerouting" "${nftIPv6Flag}" daddr "@${nftset6}" "${nft_rule_params}" goto "${nftPrefix}_mark_${mark}" && ipv6_error=0 + nft4 add rule inet "$nftTable" "${nftPrefix}_prerouting" "${nftIPv4Flag}" daddr "@${nftset4}" "${nftRuleParams}" goto "${nftPrefix}_mark_${mark}" && ipv4_error=0 + nft6 add rule inet "$nftTable" "${nftPrefix}_prerouting" "${nftIPv6Flag}" daddr "@${nftset6}" "${nftRuleParams}" goto "${nftPrefix}_mark_${mark}" && ipv6_error=0 ;; src) - nft4 add rule inet "$nftTable" "${nftPrefix}_prerouting" "${nftIPv4Flag}" saddr "@${nftset4}" "${nft_rule_params}" goto "${nftPrefix}_mark_${mark}" && ipv4_error=0 - nft6 add rule inet "$nftTable" "${nftPrefix}_prerouting" "${nftIPv6Flag}" saddr "@${nftset6}" "${nft_rule_params}" goto "${nftPrefix}_mark_${mark}" && ipv6_error=0 + nft4 add rule inet "$nftTable" "${nftPrefix}_prerouting" "${nftIPv4Flag}" saddr "@${nftset4}" "${nftRuleParams}" goto "${nftPrefix}_mark_${mark}" && ipv4_error=0 + nft6 add rule inet "$nftTable" "${nftPrefix}_prerouting" "${nftIPv6Flag}" saddr "@${nftset6}" "${nftRuleParams}" goto "${nftPrefix}_mark_${mark}" && ipv6_error=0 ;; esac ;; mac) - nft4 add set inet "$nftTable" "$nftset4" "{ type ether_addr; $nft_set_params comment \"$comment\"; }" && ipv4_error=0 - nft6 add set inet "$nftTable" "$nftset6" "{ type ether_addr; $nft_set_params comment \"$comment\"; }" && ipv6_error=0 - nft4 add rule inet "$nftTable" "${nftPrefix}_prerouting" ether saddr "@${nftset4}" "${nft_rule_params}" goto "${nftPrefix}_mark_${mark}" && ipv4_error=0 - nft6 add rule inet "$nftTable" "${nftPrefix}_prerouting" ether saddr "@${nftset6}" "${nft_rule_params}" goto "${nftPrefix}_mark_${mark}" && ipv6_error=0 + nft4 add set inet "$nftTable" "$nftset4" "{ type ether_addr; $nftSetParams comment \"$comment\"; }" && ipv4_error=0 + nft6 add set inet "$nftTable" "$nftset6" "{ type ether_addr; $nftSetParams comment \"$comment\"; }" && ipv6_error=0 + nft4 add rule inet "$nftTable" "${nftPrefix}_prerouting" ether saddr "@${nftset4}" "${nftRuleParams}" goto "${nftPrefix}_mark_${mark}" && ipv4_error=0 + nft6 add rule inet "$nftTable" "${nftPrefix}_prerouting" ether saddr "@${nftset6}" "${nftRuleParams}" goto "${nftPrefix}_mark_${mark}" && ipv6_error=0 ;; esac ;; @@ -862,9 +909,9 @@ json() { local status message stats i local action="$1" param="$2" value="$3"; shift 3; local info="$*"; local _current_namespace="$_JSON_PREFIX" + json_set_namespace "${packageName//-/_}_" [ "$param" = 'error' ] && param='errors' [ "$param" = 'warning' ] && param='warnings' - json_set_namespace "${packageName}_" { json_load_file "$runningStatusFile" || json_init; } >/dev/null 2>&1 case "$action" in 'get') @@ -893,6 +940,7 @@ json() { json_select .. ;; 'init') + mkdir -p "${runningStatusFile%/*}" json_init json_add_array 'errors' json_close_array @@ -900,39 +948,44 @@ json() { json_close_array ;; esac - mkdir -p "${runningStatusFile%/*}" json_dump > "$runningStatusFile" sync json_set_namespace "$_current_namespace" } resolver() { - _resolver_dnsmasq_confdir() { - local cfg="$1" - local confdir confdirFile -# shellcheck disable=SC2016 - if grep -q 'config_get dnsmasqconfdir "$cfg" confdir "/tmp/dnsmasq${cfg:+.$cfg}.d"' '/etc/init.d/dnsmasq'; then - config_get confdir "$cfg" 'confdir' "/tmp/dnsmasq${cfg:+.$cfg}.d" - else - config_get confdir "$cfg" 'confdir' '/tmp/dnsmasq.d' - fi - confdirFile="${confdir}/${packageName}" - if ! str_contains "$dnsmasqFileList" "$confdirFile"; then - dnsmasqFileList="${dnsmasqFileList:+$dnsmasqFileList }${confdirFile}" - fi + _dnsmasq_instance_get_confdir() { + local cfg_file + [ -z "$dnsmasq_ubus" ] && dnsmasq_ubus="$(ubus call service list '{"name":"dnsmasq"}')" + cfg_file="$(echo "$dnsmasq_ubus" | jsonfilter -e "@.dnsmasq.instances.${1}.command" \ + | awk '{gsub(/\\\//,"/");gsub(/[][",]/,"");for(i=1;i<=NF;i++)if($i=="-C"){print $(i+1);exit}}')" + awk -F= '/^conf-dir=/{print $2; exit}' "$cfg_file" + } + _dnsmasq_instance_config() { + local cfg="$1" param="$2" confdir + case "$param" in + cleanup) + # clean up all dnsmasq configs + confdir="$(_dnsmasq_instance_get_confdir "$cfg")" + [ -n "$confdir" ] && rm -f "${confdir}/${packageName}" + uci_remove_list 'dhcp' "$cfg" 'addnmount' "$packageDnsmasqFile" + ;; + setup) + # add dnsmasq conf addnmounts to point to pbr file + uci_add_list_if_new 'dhcp' "$cfg" 'addnmount' "$packageDnsmasqFile" + # add softlink to pbr file + confdir="$(_dnsmasq_instance_get_confdir "$cfg")" + [ -n "$confdir" ] || return 1 + ln -sf "$packageDnsmasqFile" "${confdir}/${packageName}" + chmod 660 "${confdir}/${packageName}" + chown -h root:dnsmasq "${confdir}/${packageName}" >/dev/null 2>/dev/null + ;; + esac } local agh_version local param="$1" iface="$2" target="$3" type="$4" uid="$5" name="$6" value="$7" shift - if [ "$param" = 'cleanup_all' ]; then - local dfl - for dfl in $dnsmasqFileList; do - rm -f "$dfl" - done - return 0 - fi - case "$resolver_set" in ''|none) case "$param" in @@ -941,8 +994,6 @@ resolver() { check_support) return 0;; cleanup) return 0;; configure) return 0;; - init) return 0;; - init_end) return 0;; kill) return 0;; reload) return 0;; restart) return 0;; @@ -953,23 +1004,19 @@ resolver() { dnsmasq.nftset) case "$param" in add_resolver_element) - [ -n "$resolver_set_supported" ] || return 1 + [ -n "$resolverSetSupported" ] || return 1 local d for d in $value; do nftset 'add_dnsmasq_element' "$iface" "$target" "$type" "$uid" "$name" "$d" done ;; create_resolver_set) - [ -n "$resolver_set_supported" ] || return 1 + [ -n "$resolverSetSupported" ] || return 1 nftset 'create_dnsmasq_set' "$iface" "$target" "$type" "$uid" "$name" "$value" ;; check_support) - if [ ! -x "$nft" ]; then - json add error 'errorNoNft' - return 1 - fi if check_dnsmasq_nftset; then - resolver_set_supported='true' + resolverSetSupported='true' return 0 else json add warning 'warningResolverNotSupported' @@ -977,46 +1024,30 @@ resolver() { fi ;; cleanup) - if [ -n "$resolver_set_supported" ]; then - local dfl - for dfl in $dnsmasqFileList; do - rm -f "$dfl" - done - fi + [ -n "$resolverSetSupported" ] || return 1 + rm -f "$packageDnsmasqFile" + config_load 'dhcp' + config_foreach _dnsmasq_instance_config 'dnsmasq' 'cleanup' ;; configure) - if [ -n "$resolver_set_supported" ]; then - local dfl - for dfl in $dnsmasqFileList; do - [ "${dfl%/*}" = '/var/run' ] && continue - mkdir -p "${dfl%/*}" - chmod -R 660 "${dfl%/*}" - chown -R root:dnsmasq "${dfl%/*}" - touch "$dfl" - chmod 660 "$dfl" - chown root:dnsmasq "$dfl" - done - fi - ;; - configure_instances) + [ -n "$resolverSetSupported" ] || return 1 + rm -f "$packageDnsmasqFile" + touch "$packageDnsmasqFile" config_load 'dhcp' if [ "$resolver_instance" = "*" ]; then - config_foreach _resolver_dnsmasq_confdir 'dnsmasq' + config_foreach _dnsmasq_instance_config 'dnsmasq' 'setup' else + config_foreach _dnsmasq_instance_config 'dnsmasq' 'cleanup' for i in $resolver_instance; do - _resolver_dnsmasq_confdir "@dnsmasq[$i]" \ - || _resolver_dnsmasq_confdir "$i" + _dnsmasq_instance_config "@dnsmasq[$i]" \ + || _dnsmasq_instance_config "$i" done fi - str_contains "$dnsmasqFileList" "$dnsmasqFileDefault" || \ - dnsmasqFileList="${dnsmasqFileList:+$dnsmasqFileList }${dnsmasqFileDefault}" ;; - init) :;; - init_end) :;; kill) - [ -n "$resolver_set_supported" ] && killall -q -s HUP dnsmasq;; + [ -n "$resolverSetSupported" ] && killall -q -s HUP dnsmasq;; reload) - [ -z "$resolver_set_supported" ] && return 1 + [ -z "$resolverSetSupported" ] && return 1 output 3 'Reloading dnsmasq ' if /etc/init.d/dnsmasq reload >/dev/null 2>&1; then output_okn @@ -1027,7 +1058,7 @@ resolver() { fi ;; restart) - [ -z "$resolver_set_supported" ] && return 1 + [ -z "$resolverSetSupported" ] && return 1 output 3 'Restarting dnsmasq ' if /etc/init.d/dnsmasq restart >/dev/null 2>&1; then output_okn @@ -1038,15 +1069,16 @@ resolver() { fi ;; compare_hash) - [ -z "$resolver_set_supported" ] && return 1 + [ -z "$resolverSetSupported" ] && return 1 + uci_changes 'dhcp' && uci_commit 'dhcp' local resolverNewHash - if [ -s "$dnsmasqFileDefault" ]; then - resolverNewHash="$(md5sum "$dnsmasqFileDefault" | awk '{ print $1; }')" + if [ -s "$packageDnsmasqFile" ]; then + resolverNewHash="$(md5sum "$packageDnsmasqFile" | awk '{ print $1; }')" fi [ "$resolverNewHash" != "$resolverStoredHash" ] ;; store_hash) - [ -s "$dnsmasqFileDefault" ] && resolverStoredHash="$(md5sum "$dnsmasqFileDefault" | awk '{ print $1; }')";; + [ -s "$packageDnsmasqFile" ] && resolverStoredHash="$(md5sum "$packageDnsmasqFile" | awk '{ print $1; }')";; esac ;; unbound.nftset) @@ -1056,8 +1088,6 @@ resolver() { check_support) :;; cleanup) :;; configure) :;; - init) :;; - init_end) :;; kill) :;; reload) :;; restart) :;; @@ -1074,7 +1104,7 @@ dns_policy_routing() { local param4 param6 local negation value dest4 dest6 first_value local inline_set_ipv4_empty_flag inline_set_ipv6_empty_flag - local name="$1" src_addr="$2" dest_dns="$3" uid="$4" + local name="$1" src_addr="$2" dest_dns="$3" uid="$4" dest_dns_port="$5" local chain='dstnat' iface='dns' if [ -z "${dest_dns_ipv4}${dest_dns_ipv6}" ]; then @@ -1092,7 +1122,7 @@ dns_policy_routing() { if { is_ipv4 "$(str_first_word "$src_addr")" && [ -z "$dest_dns_ipv4" ]; } || \ { is_ipv6 "$(str_first_word "$src_addr")" && [ -z "$dest_dns_ipv6" ]; }; then processPolicyError='true' - json add error 'errorPolicyProcessMismatchFamily' "${name}: '$src_addr' '$dest_dns'" + json add error 'errorPolicyProcessMismatchFamily' "${name}: '$src_addr' '$dest_dns':'$dest_dns_port'" return 1 fi @@ -1100,8 +1130,8 @@ dns_policy_routing() { unset param4 unset param6 - dest4="dport 53 dnat ip to ${dest_dns_ipv4}:53" - dest6="dport 53 dnat ip6 to ${dest_dns_ipv6}:53" + dest4="dport 53 dnat ip to ${dest_dns_ipv4}:${dest_dns_port}" + dest6="dport 53 dnat ip6 to ${dest_dns_ipv6}:${dest_dns_port}" if [ -n "$src_addr" ]; then if [ "${src_addr:0:1}" = "!" ]; then @@ -1140,21 +1170,21 @@ dns_policy_routing() { fi fi - param4="$nftInsertOption rule inet ${nftTable} ${nftPrefix}_${chain} ${param4} ${nft_rule_params} meta nfproto ipv4 ${proto_i} ${dest4} comment \"$name\"" - param6="$nftInsertOption rule inet ${nftTable} ${nftPrefix}_${chain} ${param6} ${nft_rule_params} meta nfproto ipv6 ${proto_i} ${dest6} comment \"$name\"" + param4="$nftInsertOption rule inet ${nftTable} ${nftPrefix}_${chain} ${param4} ${nftRuleParams} meta nfproto ipv4 ${proto_i} ${dest4} comment \"$name\"" + param6="$nftInsertOption rule inet ${nftTable} ${nftPrefix}_${chain} ${param6} ${nftRuleParams} meta nfproto ipv6 ${proto_i} ${dest6} comment \"$name\"" local ipv4_error='0' ipv6_error='0' - if [ "$policy_routing_nft_prev_param4" != "$param4" ] && \ + if [ "$pbrNftPrevParam4" != "$param4" ] && \ [ -n "$first_value" ] && ! is_ipv6 "$first_value" && \ [ -z "$inline_set_ipv4_empty_flag" ] && [ -n "$dest_dns_ipv4" ]; then nft4 "$param4" || ipv4_error='1' - policy_routing_nft_prev_param4="$param4" + pbrNftPrevParam4="$param4" fi - if [ "$policy_routing_nft_prev_param6" != "$param6" ] && [ "$param4" != "$param6" ] && \ + if [ "$pbrNftPrevParam6" != "$param6" ] && [ "$param4" != "$param6" ] && \ [ -n "$first_value" ] && ! is_ipv4 "$first_value" && \ [ -z "$inline_set_ipv6_empty_flag" ] && [ -n "$dest_dns_ipv6" ]; then nft6 "$param6" || ipv6_error='1' - policy_routing_nft_prev_param6="$param6" + pbrNftPrevParam6="$param6" fi if [ -n "$ipv6_enabled" ] && [ "$ipv4_error" -eq '1' ] && [ "$ipv6_error" -eq '1' ]; then @@ -1343,8 +1373,8 @@ policy_routing() { local ipv4_error='0' ipv6_error='0' local dest_i dest4 dest6 chain='dstnat' - param4="$nftInsertOption rule inet $nftTable ${nftPrefix}_${chain} ${nft_rule_params} meta nfproto ipv4 $param4" - param6="$nftInsertOption rule inet $nftTable ${nftPrefix}_${chain} ${nft_rule_params} meta nfproto ipv6 $param6" + param4="$nftInsertOption rule inet $nftTable ${nftPrefix}_${chain} ${nftRuleParams} meta nfproto ipv4 $param4" + param6="$nftInsertOption rule inet $nftTable ${nftPrefix}_${chain} ${nftRuleParams} meta nfproto ipv6 $param6" dest_udp_53="udp dport 53 redirect to :${torDnsPort} comment \"Tor-DNS-UDP\"" dest_tcp_80="tcp dport 80 redirect to :${torTrafficPort} comment \"Tor-HTTP-TCP\"" dest_udp_80="udp dport 80 redirect to :${torTrafficPort} comment \"Tor-HTTP-UDP\"" @@ -1370,22 +1400,22 @@ policy_routing() { fi done else - param4="$nftInsertOption rule inet $nftTable ${nftPrefix}_${chain} ${param4} ${nft_rule_params} ${dest4} comment \"$name\"" - param6="$nftInsertOption rule inet $nftTable ${nftPrefix}_${chain} ${param6} ${nft_rule_params} ${dest6} comment \"$name\"" + param4="$nftInsertOption rule inet $nftTable ${nftPrefix}_${chain} ${param4} ${nftRuleParams} ${dest4} comment \"$name\"" + param6="$nftInsertOption rule inet $nftTable ${nftPrefix}_${chain} ${param6} ${nftRuleParams} ${dest6} comment \"$name\"" local ipv4_error='0' ipv6_error='0' - if [ "$policy_routing_nft_prev_param4" != "$param4" ] && \ + if [ "$pbrNftPrevParam4" != "$param4" ] && \ [ -z "$src_inline_set_ipv4_empty_flag" ] && [ -z "$dest_inline_set_ipv4_empty_flag" ] && \ [ "$filter_group_src_addr" != 'ipv6' ] && [ "$filter_group_src_addr" != 'ipv6_negative' ] && \ [ "$filter_group_dest_addr" != 'ipv6' ] && [ "$filter_group_dest_addr" != 'ipv6_negative' ]; then nft4 "$param4" || ipv4_error='1' - policy_routing_nft_prev_param4="$param4" + pbrNftPrevParam4="$param4" fi - if [ "$policy_routing_nft_prev_param6" != "$param6" ] && [ "$param4" != "$param6" ] && \ + if [ "$pbrNftPrevParam6" != "$param6" ] && [ "$param4" != "$param6" ] && \ [ -z "$src_inline_set_ipv6_empty_flag" ] && [ -z "$dest_inline_set_ipv6_empty_flag" ] && \ [ "$filter_group_src_addr" != 'ipv4' ] && [ "$filter_group_src_addr" != 'ipv4_negative' ] && \ [ "$filter_group_dest_addr" != 'ipv4' ] && [ "$filter_group_dest_addr" != 'ipv4_negative' ]; then nft6 "$param6" || ipv6_error='1' - policy_routing_nft_prev_param6="$param6" + pbrNftPrevParam6="$param6" fi if [ -n "$ipv6_enabled" ] && [ "$ipv4_error" -eq '1' ] && [ "$ipv6_error" -eq '1' ]; then processPolicyError='true' @@ -1407,7 +1437,7 @@ policy_routing() { dns_policy_process() { local i j uid="$1" - [ "$enabled" -gt '0' ] || return 0 + [ "$enabled" = '1' ] || return 0 src_addr="$(str_extras_to_space "$src_addr")" dest_dns="$(str_extras_to_space "$dest_dns")" @@ -1430,7 +1460,7 @@ dns_policy_process() { fi unset processDnsPolicyError - output 2 "Routing '$name' DNS to $dest_dns " + output 2 "Routing '$name' DNS to $dest_dns:$dest_dns_port " if [ -z "$src_addr" ]; then json add error 'errorPolicyNoSrcDest' "$name" output_fail; return 1; @@ -1452,7 +1482,7 @@ dns_policy_process() { if str_contains "$filter_group_src_addr" 'ipv6' && [ -z "$dest_dns_ipv6" ] ; then continue fi - dns_policy_routing "$name" "$filtered_value_src_addr" "$dest_dns" "$uid" + dns_policy_routing "$name" "$filtered_value_src_addr" "$dest_dns" "$uid" "$dest_dns_port" fi done @@ -1466,7 +1496,7 @@ dns_policy_process() { policy_process() { local i j uid="$1" - [ "$enabled" -gt '0' ] || return 0 + [ "$enabled" = '1' ] || return 0 src_addr="$(str_extras_to_space "$src_addr")" src_port="$(str_extras_to_space "$src_port")" @@ -1572,7 +1602,7 @@ interface_routing() { ip -4 rule del table "$tid" prio "$priority" >/dev/null 2>&1 try ip -4 rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv4_error=1 try nft add chain inet "$nftTable" "${nftPrefix}_mark_${mark}" || ipv4_error=1 - try nft add rule inet "$nftTable" "${nftPrefix}_mark_${mark} ${nft_rule_params} mark set mark and ${fw_maskXor} xor ${mark}" || ipv4_error=1 + try nft add rule inet "$nftTable" "${nftPrefix}_mark_${mark} ${nftRuleParams} mark set mark and ${fw_maskXor} xor ${mark}" || ipv4_error=1 try nft add rule inet "$nftTable" "${nftPrefix}_mark_${mark} return" || ipv4_error=1 if [ -n "$ipv6_enabled" ]; then ipv6_error=0 @@ -1587,7 +1617,7 @@ interface_routing() { fi ip -4 rule flush table "$tid" >/dev/null 2>&1 ip -4 route flush table "$tid" >/dev/null 2>&1 - if [ -n "$gw4" ] || [ "$strict_enforcement" -ne '0' ]; then + if [ -n "$gw4" ] || [ -n "$strict_enforcement" ]; then ipv4_error=0 if [ -z "$gw4" ]; then try ip -4 route add unreachable default table "$tid" || ipv4_error=1 @@ -1609,29 +1639,30 @@ EOF try ip -4 rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv4_error=1 fi try nft add chain inet "$nftTable" "${nftPrefix}_mark_${mark}" || ipv4_error=1 - try nft add rule inet "$nftTable" "${nftPrefix}_mark_${mark} ${nft_rule_params} mark set mark and ${fw_maskXor} xor ${mark}" || ipv4_error=1 + try nft add rule inet "$nftTable" "${nftPrefix}_mark_${mark} ${nftRuleParams} mark set mark and ${fw_maskXor} xor ${mark}" || ipv4_error=1 try nft add rule inet "$nftTable" "${nftPrefix}_mark_${mark} return" || ipv4_error=1 if [ -n "$ipv6_enabled" ]; then ipv6_error=0 ip -6 rule flush table "$tid" >/dev/null 2>&1 ip -6 route flush table "$tid" >/dev/null 2>&1 - if { [ -n "$gw6" ] && [ "$gw6" != "::/0" ]; } || [ "$strict_enforcement" -ne '0' ]; then + if { [ -n "$gw6" ] && [ "$gw6" != "::/0" ]; } || [ -n "$strict_enforcement" ]; then if [ -z "$gw6" ] || [ "$gw6" = "::/0" ]; then try ip -6 route add unreachable default table "$tid" || ipv6_error=1 elif ip -6 route list table main | grep -q " dev $dev6 "; then if ip -6 address show dev "$dev6" | grep -q "BROADCAST"; then - try ip -6 route add default via "$gw6" dev "$dev6" table "$tid" metric "$procd_wan6_metric" || ipv6_error=1 + try ip -6 route add default via "$gw6" dev "$dev6" table "$tid" metric "$uplink_interface6_metric" || ipv6_error=1 elif ip -6 address show dev "$dev6" | grep -q "POINTOPOINT"; then - try ip -6 route add default dev "$dev6" table "$tid" metric "$procd_wan6_metric" || ipv6_error=1 + try ip -6 route add default dev "$dev6" table "$tid" metric "$uplink_interface6_metric" || ipv6_error=1 else json add error 'errorInterfaceRoutingUnknownDevType' "$dev6" fi # if ! ip -6 route add default via "$gw6" dev "$dev6" table "$tid" >/dev/null 2>&1; then -# try ip -6 route add default dev "$dev6" table "$tid" metric "$procd_wan6_metric" || ipv6_error=1 +# try ip -6 route add default dev "$dev6" table "$tid" metric "$uplink_interface6_metric" || ipv6_error=1 # fi while read -r i; do i="$(echo "$i" | sed 's/ linkdown$//')" i="$(echo "$i" | sed 's/ onlink$//')" + i="$(echo "$i" | sed -E 's/ proto kernel//; s/ expires -?[0-9]+sec//')" # shellcheck disable=SC2086 try ip -6 route add $i table "$tid" || ipv6_error=1 done << EOF @@ -1648,15 +1679,15 @@ EOF if [ "$ipv4_error" -eq '0' ] || [ "$ipv6_error" -eq '0' ]; then dscp="$(uci_get "$packageName" 'config' "${iface}_dscp")" if [ "${dscp:-0}" -ge '1' ] && [ "${dscp:-0}" -le '63' ]; then - try nft add rule inet "$nftTable" "${nftPrefix}_prerouting ${nftIPv4Flag} dscp ${dscp} ${nft_rule_params} goto ${nftPrefix}_mark_${mark}" || s=1 + try nft add rule inet "$nftTable" "${nftPrefix}_prerouting ${nftIPv4Flag} dscp ${dscp} ${nftRuleParams} goto ${nftPrefix}_mark_${mark}" || s=1 if [ -n "$ipv6_enabled" ]; then - try nft add rule inet "$nftTable" "${nftPrefix}_prerouting ${nftIPv6Flag} dscp ${dscp} ${nft_rule_params} goto ${nftPrefix}_mark_${mark}" || s=1 + try nft add rule inet "$nftTable" "${nftPrefix}_prerouting ${nftIPv6Flag} dscp ${dscp} ${nftRuleParams} goto ${nftPrefix}_mark_${mark}" || s=1 fi fi if [ "$iface" = "$icmp_interface" ]; then - try nft add rule inet "$nftTable" "${nftPrefix}_output ${nftIPv4Flag} protocol icmp ${nft_rule_params} goto ${nftPrefix}_mark_${mark}" || s=1 + try nft add rule inet "$nftTable" "${nftPrefix}_output ${nftIPv4Flag} protocol icmp ${nftRuleParams} goto ${nftPrefix}_mark_${mark}" || s=1 if [ -n "$ipv6_enabled" ]; then - try nft add rule inet "$nftTable" "${nftPrefix}_output ${nftIPv6Flag} protocol icmp ${nft_rule_params} goto ${nftPrefix}_mark_${mark}" || s=1 + try nft add rule inet "$nftTable" "${nftPrefix}_output ${nftIPv6Flag} protocol icmp ${nftRuleParams} goto ${nftPrefix}_mark_${mark}" || s=1 fi fi else @@ -1688,32 +1719,30 @@ EOF [ -n "$ipv6_enabled" ] && ip -6 rule del table "$tid" prio "$priority" >/dev/null 2>&1 is_netifd_table_interface "$iface" && return 0; ipv4_error=0 - if ! is_netifd_table_interface "$iface"; then - ip -4 rule flush table "$tid" >/dev/null 2>&1 - ip -4 route flush table "$tid" >/dev/null 2>&1 - if [ -n "$ipv6_enabled" ]; then - ip -6 rule flush table "$tid" >/dev/null 2>&1 - ip -6 route flush table "$tid" >/dev/null 2>&1 - fi + ip -4 rule flush table "$tid" >/dev/null 2>&1 + ip -4 route flush table "$tid" >/dev/null 2>&1 + if [ -n "$ipv6_enabled" ]; then + ip -6 rule flush table "$tid" >/dev/null 2>&1 + ip -6 route flush table "$tid" >/dev/null 2>&1 fi - if [ -n "$gw4" ] || [ "$strict_enforcement" -ne '0' ]; then + if [ -n "$gw4" ] || [ -n "$strict_enforcement" ]; then if [ -z "$gw4" ]; then try ip -4 route add unreachable default table "$tid" || ipv4_error=1 else try ip -4 route add default via "$gw4" dev "$dev" table "$tid" || ipv4_error=1 fi - try ip rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv4_error=1 + try ip -4 rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv4_error=1 fi if [ -n "$ipv6_enabled" ]; then ipv6_error=0 - if { [ -n "$gw6" ] && [ "$gw6" != "::/0" ]; } || [ "$strict_enforcement" -ne '0' ]; then + if { [ -n "$gw6" ] && [ "$gw6" != "::/0" ]; } || [ -n "$strict_enforcement" ]; then if [ -z "$gw6" ] || [ "$gw6" = "::/0" ]; then try ip -6 route add unreachable default table "$tid" || ipv6_error=1 elif ip -6 route list table main | grep -q " dev $dev6 "; then if ip -6 address show dev "$dev6" | grep -q "BROADCAST"; then - try ip -6 route add default via "$gw6" dev "$dev6" table "$tid" metric "$procd_wan6_metric" || ipv6_error=1 + try ip -6 route add default via "$gw6" dev "$dev6" table "$tid" metric "$uplink_interface6_metric" || ipv6_error=1 elif ip -6 address show dev "$dev6" | grep -q "POINTOPOINT"; then - try ip -6 route add default dev "$dev6" table "$tid" metric "$procd_wan6_metric" || ipv6_error=1 + try ip -6 route add default dev "$dev6" table "$tid" metric "$uplink_interface6_metric" || ipv6_error=1 else json add error 'errorInterfaceRoutingUnknownDevType' "$dev6" fi @@ -1766,8 +1795,8 @@ process_interface() { if [ "$iface" = 'all' ] && [ "$action" = 'prepare' ]; then config_load 'network' - ifaceMark="$(printf '0x%06x' "$wan_mark")" - ifacePriority="$wan_ip_rules_priority" + ifaceMark="$(printf '0x%06x' "$uplink_mark")" + ifacePriority="$uplink_ip_rules_priority" unset ifaceTableID return 0 fi @@ -1829,8 +1858,8 @@ process_interface() { fi [ -z "$dev6" ] && dev6="$dev" - [ -z "$ifaceMark" ] && ifaceMark="$(printf '0x%06x' "$wan_mark")" - [ -z "$ifacePriority" ] && ifacePriority="$wan_ip_rules_priority" + [ -z "$ifaceMark" ] && ifaceMark="$(printf '0x%06x' "$uplink_mark")" + [ -z "$ifacePriority" ] && ifacePriority="$uplink_ip_rules_priority" case "$action" in pre_init) @@ -1838,7 +1867,7 @@ process_interface() { eval "pre_init_mark_${iface//-/_}"='$ifaceMark' eval "pre_init_priority_${iface//-/_}"='$ifacePriority' eval "pre_init_tid_${iface//-/_}"='$ifaceTableID' - ifaceMark="$(printf '0x%06x' $((ifaceMark + wan_mark)))" + ifaceMark="$(printf '0x%06x' $((ifaceMark + uplink_mark)))" ifacePriority="$((ifacePriority - 1))" ifaceTableID="$((ifaceTableID + 1))" return 0 @@ -1944,19 +1973,19 @@ process_interface() { output_fail fi else + json_add_gateway 'skip_interface' "$ifaceTableID" "$ifaceMark" "$iface" "$gw4" "$dev" "$gw6" "$dev6" "$ifacePriority" "$dispStatus" gatewaySummary="${gatewaySummary}${displayText}${dispStatus:+ $dispStatus}\n" fi ;; esac -# ifaceTableID="$((ifaceTableID + 1))" - ifaceMark="$(printf '0x%06x' $((ifaceMark + wan_mark)))" + ifaceMark="$(printf '0x%06x' $((ifaceMark + uplink_mark)))" ifacePriority="$((ifacePriority - 2))" return $s } user_file_process() { local shellBin="${SHELL:-/bin/ash}" - [ "$enabled" -gt '0' ] || return 0 + [ "$enabled" = '1' ] || return 0 if [ ! -s "$path" ]; then json add error 'errorUserFileNotFound' "$path" output_fail @@ -1989,8 +2018,6 @@ user_file_process() { boot() { nft_file 'delete' -# ubus -t 30 wait_for network.interface 2>/dev/null - pbr_boot_flag=1 rc_procd start_service 'on_boot' && service_started 'on_boot' } @@ -2017,15 +2044,14 @@ on_interface_reload() { } start_service() { - local resolverStoredHash resolverNewHash i param="$1" reloadedIface k + local param="$1" + local resolverStoredHash resolverNewHash reloadedIface + local i k -# [ -n "$pbr_boot_flag" ] && return 0 -# [ "$param" = 'on_boot' ] && return 0 + load_package_config "$param" + [ "$param" = 'on_boot' ] && pbrBootFlag=1 && return 0 + json init load_environment "${param:-on_start}" "$(load_validate_config)" || return 1 - if [ -n "$pbr_boot_flag" ] || [ "$param" = 'on_boot' ]; then - [ -n "$wanGW" ] || return 0 - unset pbr_boot_flag - fi output "Processing environment (${param:-on_start}) " is_wan_up "$param" || { output_error "$(get_text 'errorUplinkDown')"; return 1; } @@ -2085,7 +2111,7 @@ start_service() { case $serviceStartTrigger in on_interface_reload) - output_okn + output_okn output 1 "Reloading Interface: $reloadedIface " json_add_array 'gateways' process_interface 'all' 'prepare' @@ -2095,15 +2121,13 @@ start_service() { ;; on_reload|on_start|*) resolver 'store_hash' - resolver 'cleanup_all' resolver 'configure' - resolver 'init' cleanup_main_chains cleanup_sets cleanup_marking_chains cleanup_rt_tables nft_file 'create' - output_okn + output_okn output 1 'Processing interfaces ' json_add_array 'gateways' process_interface 'all' 'prepare' @@ -2141,17 +2165,13 @@ start_service() { output 1 '\n' fi nft_file 'install' - resolver 'init_end' resolver 'compare_hash' && resolver 'restart' ;; esac - if [ -z "$gatewaySummary" ]; then - json add error 'errorNoGateways' - fi json_add_int 'packageCompat' "$packageCompat" json_add_object 'status' - [ -n "$gatewaySummary" ] && json_add_string 'gateways' "$gatewaySummary" + [ -n "$gatewaySummary" ] && json_add_string 'gateways' "$gatewaySummary" || json add error 'errorNoGateways' json_close_object json_add_array 'errors' for k in $(json get errors); do @@ -2169,42 +2189,41 @@ start_service() { json_close_object done json_close_array - if [ "$strict_enforcement" -ne '0' ] && str_contains "$gatewaySummary" '0.0.0.0'; then + if [ -n "$strict_enforcement" ] && str_contains "$gatewaySummary" '0.0.0.0'; then json_add_string 'mode' 'strict' fi procd_close_data procd_close_instance } +service_running() { procd_set_config_changed firewall; } service_started() { - [ -n "$pbr_boot_flag" ] && return 0 + [ -n "$pbrBootFlag" ] && return 0 local error warning c if nft_file 'exists'; then procd_set_config_changed firewall - if nft_file 'exists'; then - [ -n "$gatewaySummary" ] && output "$serviceName (fw4 nft file mode) started with gateways:\n${gatewaySummary}" - else - output "$serviceName FAILED TO START in fw4 nft file mode!!!" - output "Check the output of nft -c -f $nftTempFile" - fi + [ -n "$gatewaySummary" ] && output "$serviceName (fw4 nft file mode) started with gateways:\n${gatewaySummary}" else - [ -n "$gatewaySummary" ] && output "$serviceName (nft mode) started with gateways:\n${gatewaySummary}" + output "$serviceName FAILED TO START in fw4 nft file mode!!!" + output "Check the output of nft -c -f $nftTempFile" fi - error="$(json get error)" warning="$(json get warning)" - if [ -n "$error" ]; then - for c in $error; do - code="$(json get error "$c" 'code')" - info="$(json get error "$c" 'info')" - output_error "$(get_text "$code" "$info")" - done - fi if [ -n "$warning" ]; then for c in $warning; do code="$(json get warning "$c" 'code')" info="$(json get warning "$c" 'info')" output_warning "$(get_text "$code" "$info")" done + output_warning "$(get_text 'warningSummary' "$(get_url '#WarningMessagesDetails')")" + fi + error="$(json get error)" + if [ -n "$error" ]; then + for c in $error; do + code="$(json get error "$c" 'code')" + info="$(json get error "$c" 'info')" + output_error "$(get_text "$code" "$info")" + done + output_error "$(get_text 'errorSummary' "$(get_url '#ErrorMessagesDetails')")" fi touch "$packageLockFile" if [ -n "$error" ]; then @@ -2215,24 +2234,21 @@ service_started() { return 0 fi } +service_stopped() { procd_set_config_changed firewall; } # shellcheck disable=SC2015 service_triggers() { local n - load_environment 'on_triggers' -# shellcheck disable=SC2034 - PROCD_RELOAD_DELAY=$(( procd_reload_delay * 1000 )) - procd_open_validate - load_validate_config - load_validate_policy - load_validate_include - procd_close_validate - if [ -n "$pbr_boot_flag" ] && is_integer "$procd_boot_trigger_delay"; then + if [ -n "$pbrBootFlag" ]; then output "Setting trigger (on_boot) " - procd_open_trigger - procd_add_raw_trigger "interface.*.up" "$procd_boot_trigger_delay" "/etc/init.d/${packageName}" start && output_okn || output_failn - procd_close_trigger + procd_add_raw_trigger "interface.*.up" "$procd_boot_trigger_delay" "/etc/init.d/${packageName}" start && output_okn || output_failn else + PROCD_RELOAD_DELAY=$(( procd_reload_delay * 1000 )) + procd_open_validate + load_validate_config + load_validate_policy + load_validate_include + procd_close_validate procd_open_trigger procd_add_config_trigger "config.change" 'openvpn' "/etc/init.d/${packageName}" reload 'on_openvpn_change' procd_add_config_trigger "config.change" "${packageName}" "/etc/init.d/${packageName}" reload @@ -2241,17 +2257,18 @@ service_triggers() { output 2 "Setting interface trigger for $n " procd_add_interface_trigger "interface.*" "$n" "/etc/init.d/${packageName}" on_interface_reload "$n" && output_ok || output_fail done - output '\n' + output 1 '\n' procd_close_trigger - fi - if [ "$serviceStartTrigger" = 'on_start' ]; then - output 3 "$serviceName monitoring interfaces: ${ifacesSupported}\n" + if [ "$serviceStartTrigger" = 'on_start' ]; then + output 3 "$serviceName monitoring interfaces: ${ifacesSupported}\n" + fi fi } # shellcheck disable=SC2015 stop_service() { local i nft_file_mode + json init ! is_service_running && [ "$(get_rt_tables_next_id)" = "$(get_rt_tables_non_pbr_next_id)" ] && return 0 [ "$1" = 'quiet' ] && quiet_mode 'on' load_environment 'on_stop' @@ -2274,9 +2291,9 @@ stop_service() { unset ifaceMark unset ifaceTableID resolver 'store_hash' - resolver 'cleanup_all' + resolver 'cleanup' resolver 'compare_hash' && resolver 'restart' - if [ "$enabled" -ne '0' ]; then + if [ -n "$enabled" ]; then if [ -n "$nft_file_mode" ]; then output "$serviceName (fw4 nft file mode) stopped "; output_okn; else @@ -2291,6 +2308,7 @@ version() { echo "$PKG_VERSION"; } # shellcheck disable=SC2317 setup_netifd() { local param="$1" +# shellcheck disable=SC2329 _pbr_iface_setup() { local iface="${1}" param="$2" tid if is_supported_interface "${iface}"; then @@ -2308,8 +2326,8 @@ setup_netifd() { } _pbr_default_route_setup() { local iface iface6 param="$1" - iface="$(uci_get 'pbr' 'config' 'procd_wan_interface')" - iface6="$(uci_get 'pbr' 'config' 'procd_wan6_interface')" + iface="$(uci_get 'pbr' 'config' 'uplink_interface')" + iface6="$(uci_get 'pbr' 'config' 'uplink_interface6')" [ -z "$iface" ] && { network_flush_cache; network_find_wan iface; } [ -z "$iface6" ] && { network_flush_cache; network_find_wan6 iface6; } output "Setting up ${packageName} default route for ${iface:-wan} ${param:+($param) }" @@ -2340,7 +2358,7 @@ setup_netifd() { } status_service() { - local i dev dev6 wan_tid + local i dev dev6 wanTID json_load "$(ubus call system board)"; json_select release; json_get_var dist distribution; json_get_var vers version if [ -n "$wanIface4" ]; then @@ -2355,7 +2373,7 @@ status_service() { while [ "${1:0:1}" = "-" ]; do param="${1//-/}"; eval "set_$param=1"; shift; done [ -e "/var/${packageName}-support" ] && rm -f "/var/${packageName}-support" # shellcheck disable=SC2154 - status="$serviceName running on $dist $vers." + status="$serviceName installed on $dist $vers." [ -n "$wanIface4" ] && status="$status WAN (IPv4): ${wanIface4}/${dev}/${wanGW4:-0.0.0.0}." [ -n "$wanIface6" ] && status="$status WAN (IPv6): ${wanIface6}/${dev6}/${wanGW6:-::/0}." @@ -2384,30 +2402,30 @@ status_service() { for i in $(get_nft_sets); do "$nft" -a list table inet "$nftTable" | sed -n "/set ${i} {/,/\t}/p" done - if [ -s "$dnsmasqFileDefault" ]; then + if [ -s "$packageDnsmasqFile" ]; then echo "$_SEPARATOR_" - echo "dnsmasq sets" - cat "$dnsmasqFileDefault" + echo "dnsmasq nft sets in $packageDnsmasqFile" + cat "$packageDnsmasqFile" fi # echo "$_SEPARATOR_" # ip rule list | grep "${packageName}_" echo "$_SEPARATOR_" echo "$packageName tables & routing" tableCount="$(grep -c "${packageName}_" "$rtTablesFile")" || tableCount=0 - wan_tid=$(($(get_rt_tables_next_id)-tableCount)) + wanTID=$(($(get_rt_tables_next_id)-tableCount)) i=0; while [ "$i" -lt "$tableCount" ]; do local status_table - status_table="$(grep $((wan_tid + i)) "$rtTablesFile")" + status_table="$(grep $((wanTID + i)) "$rtTablesFile")" echo "IPv4 table $status_table route:" - ip -4 route show table "$((wan_tid + i))" | grep default + ip -4 route show table "$((wanTID + i))" | grep default echo "IPv4 table $status_table rule(s):" - ip -4 rule list table "$((wan_tid + i))" + ip -4 rule list table "$((wanTID + i))" if [ "$(uci_get "$packageName" config ipv6_enabled)" = "1" ]; then echo "$_SEPARATOR_" echo "IPv6 table $status_table route:" - ip -6 route show table "$((wan_tid + i))" | grep default + ip -6 route show table "$((wanTID + i))" | grep default echo "IPv6 table $status_table rule(s):" - ip -6 rule list table "$((wan_tid + i))" + ip -6 rule list table "$((wanTID + i))" fi echo "$_SEPARATOR_" i=$((i + 1)) @@ -2417,24 +2435,23 @@ status_service() { # shellcheck disable=SC2120 load_validate_config() { uci_load_validate "$packageName" "$packageName" "$1" "${2}${3:+ $3}" \ - 'debug_dnsmasq:bool:0' \ 'enabled:bool:0' \ 'strict_enforcement:bool:1' \ 'ipv6_enabled:bool:0' \ 'resolver_set:or("", "none", "dnsmasq.nftset")' \ 'resolver_instance:list(or(integer, string)):*' \ 'verbosity:range(0,2):2' \ - 'wan_mark:regex("[A-Fa-f0-9]{8}"):010000' \ - 'fw_mask:regex("[A-Fa-f0-9]{8}"):ff0000' \ + 'uplink_mark:regex("[A-Fa-f0-9]{8}"):00010000' \ + 'uplink_ip_rules_priority:uinteger:30000' \ + 'fw_mask:regex("[A-Fa-f0-9]{8}"):00ff0000' \ 'icmp_interface:or("", tor, uci("network", "@interface"))' \ 'ignored_interface:list(or(tor, uci("network", "@interface")))' \ 'supported_interface:list(or(ignore, tor, regex("xray_.*"), uci("network", "@interface")))' \ 'procd_boot_trigger_delay:range(1000,10000):5000' \ - 'procd_lan_device:list(or(network)):br-lan' \ + 'lan_device:list(or(network)):br-lan' \ 'procd_reload_delay:uinteger:0' \ - 'procd_wan_interface:network:wan' \ - 'procd_wan6_interface:network:wan6' \ - 'wan_ip_rules_priority:uinteger:30000' \ + 'uplink_interface:network:wan' \ + 'uplink_interface6:network:wan6' \ 'webui_supported_protocol:list(string)' \ 'nft_rule_counter:bool:0'\ 'nft_set_auto_merge:bool:1'\ @@ -2443,7 +2460,8 @@ load_validate_config() { 'nft_set_flags_timeout:bool:0'\ 'nft_set_gc_interval:or("", string)'\ 'nft_set_policy:or("", memory, performance):performance'\ - 'nft_set_timeout:or("", string)' + 'nft_set_timeout:or("", string)' \ + ; } # shellcheck disable=SC2120 @@ -2452,11 +2470,14 @@ load_validate_dns_policy() { local enabled local src_addr local dest_dns + local dest_dns_port uci_load_validate "$packageName" 'policy' "$1" "${2}${3:+ $3}" \ 'name:string:Untitled' \ 'enabled:bool:1' \ 'src_addr:list(neg(or(host,network,macaddr,string)))' \ - 'dest_dns:list(or(host,network,string))' + 'dest_dns:list(or(host,network,string))' \ + 'dest_dns_port:port:53' \ + ; } # shellcheck disable=SC2120 @@ -2479,7 +2500,8 @@ load_validate_policy() { 'src_addr:list(neg(or(host,network,macaddr,string)))' \ 'src_port:list(neg(or(portrange,string)))' \ 'dest_addr:list(neg(or(host,network,string)))' \ - 'dest_port:list(neg(or(portrange,string)))' + 'dest_port:list(neg(or(portrange,string)))' \ + ; } # shellcheck disable=SC2120 @@ -2488,5 +2510,6 @@ load_validate_include() { local enabled= uci_load_validate "$packageName" 'include' "$1" "${2}${3:+ $3}" \ 'path:file' \ - 'enabled:bool:0' + 'enabled:bool:0' \ + ; } diff --git a/net/pbr/files/etc/uci-defaults/90-pbr b/net/pbr/files/etc/uci-defaults/90-pbr index ccad4cdfacb946..ccdf663df17b03 100644 --- a/net/pbr/files/etc/uci-defaults/90-pbr +++ b/net/pbr/files/etc/uci-defaults/90-pbr @@ -9,28 +9,6 @@ else printf "%b: pbr init.d file (%s) not found! \n" '\033[0;31mERROR\033[0m' "$pbrFunctionsFile" fi -# Transition from vpn-policy-routing -if [ -s '/etc/config/vpn-policy-routing' ] && [ ! -s '/etc/config/pbr-opkg' ] \ - && [ "$(uci_get pbr config enabled)" = '0' ]; then - if [ -x '/etc/init.d/vpn-policy-routing' ]; then - output "Stopping and disabling vpn-policy-routing." - if /etc/init.d/vpn-policy-routing stop \ - && /etc/init.d/vpn-policy-routing disable; then - output_okn - else - output_failn - fi - fi - output "Migrating vpn-policy-routing config file." - if mv '/etc/config/pbr' '/etc/config/pbr-opkg' \ - && sed 's/vpn-policy-routing/pbr/g' /etc/config/vpn-policy-routing > /etc/config/pbr \ - && uci_set vpn-policy-routing config enabled 0 && uci_commit vpn-policy-routing; then - output_okn - else - output_failn - fi -fi - # Transition from older versions of pbr sed -i "s/resolver_ipset/resolver_set/g" /etc/config/pbr sed -i "s/iptables_rule_option/rule_create_option/g" /etc/config/pbr @@ -43,22 +21,14 @@ sed -i "s/option fw_mask '0x\(.*\)'/option fw_mask '\1'/g" /etc/config/pbr sed -i "s/option wan_mark '0x\(.*\)'/option wan_mark '\1'/g" /etc/config/pbr sed -i "s|option path '/etc/pbr/|option path '/usr/share/pbr/|g" /etc/config/pbr sed -i "/procd_lan_interface/d" /etc/config/pbr - -# add firewall include file to fw4 config -# shellcheck source=../../usr/share/pbr/firewall.include -if [ -s '/usr/share/pbr/firewall.include' ]; then -uci -q batch <<-EOT - delete firewall.pbr - set firewall.pbr='include' - set firewall.pbr.fw4_compatible='1' - set firewall.pbr.type='script' - set firewall.pbr.path='/usr/share/pbr/firewall.include' - commit firewall -EOT -fi +sed -i "s|procd_lan_device|lan_device|g" /etc/config/pbr +sed -i "s|procd_wan_interface|uplink_interface|g" /etc/config/pbr +sed -i "s|procd_wan6_interface|uplink_interface6|g" /etc/config/pbr +sed -i "s|wan_ip_rules_priority|uplink_ip_rules_priority|g" /etc/config/pbr +sed -i "s|wan_mark|uplink_mark|g" /etc/config/pbr # Transition from pre-1.1.7 versions -# shellcheck disable=SC2317 +# shellcheck disable=SC2317,SC2329 _remove_wg_server_client() { local path config_get path "$1" 'path' diff --git a/net/pbr/files/etc/uci-defaults/99-pbr-version b/net/pbr/files/etc/uci-defaults/99-pbr-version new file mode 100644 index 00000000000000..50cebfc4b5ceb3 --- /dev/null +++ b/net/pbr/files/etc/uci-defaults/99-pbr-version @@ -0,0 +1,16 @@ +#!/bin/sh +# shellcheck disable=SC2015,SC3037,SC3043 + +readonly pbrFunctionsFile='/etc/init.d/pbr' +if [ -s "$pbrFunctionsFile" ]; then +# shellcheck source=../../etc/init.d/pbr + . "$pbrFunctionsFile" +else + printf "%b: pbr init.d file (%s) not found! \n" '\033[0;31mERROR\033[0m' "$pbrFunctionsFile" +fi + +uci_set "$packageName" 'config' 'config_compat' "$packageCompat" +uci_set "$packageName" 'config' 'config_version' "$PKG_VERSION" +uci_commit "$packageName" + +exit 0 diff --git a/net/pbr/files/usr/share/pbr/pbr.user.dnsprefetch b/net/pbr/files/usr/share/pbr/pbr.user.dnsprefetch new file mode 100644 index 00000000000000..1b46c23acc8122 --- /dev/null +++ b/net/pbr/files/usr/share/pbr/pbr.user.dnsprefetch @@ -0,0 +1,87 @@ +#!/bin/sh +# When using pbr with dnsmasq's nft set support, a domain-based policy will not take effect until +# the remote domain name has been resolved by dnsmasq. Resolve all domain names in pbr policies in advance. + +( + timeout_nft='10' + timeout_dnsmasq='20' + pipe_ubus="/tmp/pipe.ubus.$$" + pipe_nslookup="/tmp/pipe.nslookup.$$" + log_abort='domain names in policies not resolved' + + # shellcheck disable=SC2154 + output() + { + msg="$*" + msg=$(printf '%b' "$msg" | sed 's/\x1b\[[0-9;]*m//g') + logger -t "$packageName [$$]" "$(printf '%b' "$msg")" + } + + nft_ready() + { + while ! /usr/sbin/nft list sets 'inet' | grep -q "pbr"; do + [ "$timeout_nft" -eq '0' ] && { + output "Pbr's nft sets not found, $log_abort $__FAIL__" + return 1 + } + sleep '1' && timeout_nft=$((timeout_nft - 1)) + done + } + + run_nslookup() + { + output=$(nslookup "$1" 127.0.0.1) && { echo '0' > "$pipe_nslookup"; return; } + reason=$(printf '%s' "$output" | grep -Eo -m 1 'NXDOMAIN|SERVFAIL|timed out') && \ + output "$_WARNING_ Lookup failed for $domain ($reason)" + echo '1' > "$pipe_nslookup" + } + + # shellcheck disable=SC2162 + nslookup_tracker() + { + while read ec; do + entries=$((entries + 1)) + [ "$ec" -eq '1' ] && errors=$((errors + 1)) + done < "$pipe_nslookup" + + output "Finished resolving $entries domain names in policies (${errors:-0} failed) $__OK__" + } + + [ -n "$resolverSetSupported" ] || { + output "Resolver set support disabled, $log_abort $__FAIL__" + exit + } + mkfifo "$pipe_ubus" + mkfifo "$pipe_nslookup" + ubus listen -m 'ubus.object.add' > "$pipe_ubus" & ubus_listen_pid=$! + + # shellcheck disable=SC3045 + while read -t "$timeout_dnsmasq" -r event; do + echo "$event" | grep -q "dnsmasq.dns" || continue + dnsmasq_restarted='1' + # shellcheck disable=SC2154 + [ -f "$packageDnsmasqFile" ] || { + output "File $packageDnsmasqFile not found, $log_abort $__FAIL__" + break + } + nft_ready || break + nslookup_tracker & exec 3>"$pipe_nslookup" + + ( + output "Resolving domain names in policies..." + while IFS='/' read -r _ domain _; do + [ -n "$domain" ] && run_nslookup "$domain" & + entries=$((entries + 1)) + done < "$packageDnsmasqFile" + wait + ) + + exec 3>&- + break + done < "$pipe_ubus" + + [ -n "$dnsmasq_restarted" ] || output "Dnsmasq hasn't restarted, $log_abort $__FAIL__" + kill "$ubus_listen_pid" + rm "$pipe_ubus" + rm "$pipe_nslookup" +) & From 63203845bd1ba90c46f82c295cec9c93da725ea1 Mon Sep 17 00:00:00 2001 From: Stan Grishin Date: Fri, 10 Oct 2025 23:30:41 +0000 Subject: [PATCH 149/239] https-dns-proxy: bugfix: remove IPKG_INSTROOT check Signed-off-by: Stan Grishin (cherry picked from commit 8301996f679075660faa30e5ae1ef46fd67220cd) Signed-off-by: Stan Grishin --- net/https-dns-proxy/files/etc/init.d/https-dns-proxy | 2 -- 1 file changed, 2 deletions(-) diff --git a/net/https-dns-proxy/files/etc/init.d/https-dns-proxy b/net/https-dns-proxy/files/etc/init.d/https-dns-proxy index 1ff7c65895f167..42c9c991d7a401 100755 --- a/net/https-dns-proxy/files/etc/init.d/https-dns-proxy +++ b/net/https-dns-proxy/files/etc/init.d/https-dns-proxy @@ -9,8 +9,6 @@ STOP=15 # shellcheck disable=SC2034 USE_PROCD=1 -[ -n "${IPKG_INSTROOT}" ] && exit 0 - if type extra_command 1>/dev/null 2>&1; then extra_command 'version' 'Show version information' else From 88be1c248cd8a7bdcbf65d87da0c1ff422e8e407 Mon Sep 17 00:00:00 2001 From: Stan Grishin Date: Fri, 10 Oct 2025 23:27:06 +0000 Subject: [PATCH 150/239] adblock-fast: bugfixes * bugfix: remove IPKG_INSTROOT check * bugfix: do not attempt to download config update if package is disabled Signed-off-by: Stan Grishin (cherry picked from commit a7f831b84698474ec0c84863e223126b6ba72dae) Signed-off-by: Stan Grishin --- net/adblock-fast/Makefile | 2 +- net/adblock-fast/files/etc/init.d/adblock-fast | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/net/adblock-fast/Makefile b/net/adblock-fast/Makefile index 9935a1680a3cd3..73f95485835429 100644 --- a/net/adblock-fast/Makefile +++ b/net/adblock-fast/Makefile @@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=adblock-fast PKG_VERSION:=1.2.0 -PKG_RELEASE:=20 +PKG_RELEASE:=22 PKG_MAINTAINER:=Stan Grishin PKG_LICENSE:=AGPL-3.0-or-later diff --git a/net/adblock-fast/files/etc/init.d/adblock-fast b/net/adblock-fast/files/etc/init.d/adblock-fast index 4cca7b665cf73b..40e69bc27b1a25 100755 --- a/net/adblock-fast/files/etc/init.d/adblock-fast +++ b/net/adblock-fast/files/etc/init.d/adblock-fast @@ -8,8 +8,6 @@ START=20 USE_PROCD=1 LC_ALL=C -[ -n "${IPKG_INSTROOT}" ] && return 0 - if type extra_command 1>/dev/null 2>&1; then extra_command 'allow' 'Allows domain in current block-list and config' extra_command 'check' 'Checks if specified domain is found in current block-list' @@ -1839,6 +1837,7 @@ adb_config_update() { load_dl_command label="${config_update_url##*//}" label="${label%%/*}"; + [ -n "$enabled" ] || return 0 [ -n "$config_update_enabled" ] || return 0 if [ "$param" != 'download' ]; then From 98bdc9d8b6a2dbcc0187c928c09323a265a4278e Mon Sep 17 00:00:00 2001 From: Michal Hrusecky Date: Wed, 8 Oct 2025 12:27:44 +0200 Subject: [PATCH 151/239] samba4: update to version 4.18.11 For details see upstream release notes: https://www.samba.org/samba/history/samba-4.18.9.html https://www.samba.org/samba/history/samba-4.18.10.html https://www.samba.org/samba/history/samba-4.18.11.html Signed-off-by: Michal Hrusecky --- net/samba4/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/samba4/Makefile b/net/samba4/Makefile index 4afa8746372cf5..eb7d3d807c76fa 100644 --- a/net/samba4/Makefile +++ b/net/samba4/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=samba -PKG_VERSION:=4.18.8 +PKG_VERSION:=4.18.11 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz @@ -13,7 +13,7 @@ PKG_SOURCE_URL:= \ http://www.nic.funet.fi/index/samba/pub/samba/stable/ \ http://samba.mirror.bit.nl/samba/ftp/stable/ \ https://download.samba.org/pub/samba/stable/ -PKG_HASH:=4fb87bceaeb01d832a59046c197a044b7e8e8000581548b5d577a6cda03344d1 +PKG_HASH:=9e52a7fe1c62aba9a648a725fcf51996ebb4b08e7410afa7a229c1b9f50c9c54 PKG_BUILD_FLAGS:=gc-sections From aa6d5044cb1cffdab8c572cafbfd109adc6b91ba Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Wed, 15 Oct 2025 02:35:51 +0800 Subject: [PATCH 152/239] v2ray-geodata: Update to latest version Update all geodata. Signed-off-by: Tianling Shen (cherry picked from commit 2ebf07e4d29ea3a13c95f94e406b69c281d799a2) --- net/v2ray-geodata/Makefile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/net/v2ray-geodata/Makefile b/net/v2ray-geodata/Makefile index bf229dd90a5838..c83e484f678f9d 100644 --- a/net/v2ray-geodata/Makefile +++ b/net/v2ray-geodata/Makefile @@ -12,31 +12,31 @@ PKG_MAINTAINER:=Tianling Shen include $(INCLUDE_DIR)/package.mk -GEOIP_VER:=202509050142 +GEOIP_VER:=202510050144 GEOIP_FILE:=geoip.dat.$(GEOIP_VER) define Download/geoip URL:=https://github.com/v2fly/geoip/releases/download/$(GEOIP_VER)/ URL_FILE:=geoip.dat FILE:=$(GEOIP_FILE) - HASH:=a01e09150b456cb2f3819d29d6e6c34572420aaee3ff9ef23977c4e9596c20ec + HASH:=c23ac8343e9796f8cc8b670c3aeb6df6d03d4e8914437a409961477f6b226098 endef -GEOSITE_VER:=20250906011216 +GEOSITE_VER:=20250916122507 GEOSITE_FILE:=dlc.dat.$(GEOSITE_VER) define Download/geosite URL:=https://github.com/v2fly/domain-list-community/releases/download/$(GEOSITE_VER)/ URL_FILE:=dlc.dat FILE:=$(GEOSITE_FILE) - HASH:=186158b6c2f67ac59e184ed997ebebcef31938be9874eb8a7d5e3854187f4e8d + HASH:=1a7dad0ceaaf1f6d12fef585576789699bd1c6ea014c887c04b94cb9609350e9 endef -GEOSITE_IRAN_VER:=202508250041 +GEOSITE_IRAN_VER:=202510130040 GEOSITE_IRAN_FILE:=iran.dat.$(GEOSITE_IRAN_VER) define Download/geosite-ir URL:=https://github.com/bootmortis/iran-hosted-domains/releases/download/$(GEOSITE_IRAN_VER)/ URL_FILE:=iran.dat FILE:=$(GEOSITE_IRAN_FILE) - HASH:=20ee5b1bf5a10aea00aeb5b7e435ccf13cd578ef9ce55236fc7c0fdfd3f5b1f6 + HASH:=ddbdbfcc33e8eb6f235f7542cd71d291a9002387b8b858286e913d35e2d9aa02 endef define Package/v2ray-geodata/template From 7fd607eccc59c5b4ff234f0fe1760b09af7c934e Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Wed, 15 Oct 2025 13:16:42 +0800 Subject: [PATCH 153/239] v2rayA: Update to 2.2.7.3 Release note: - https://github.com/v2rayA/v2rayA/releases/tag/v2.2.7.2 - https://github.com/v2rayA/v2rayA/releases/tag/v2.2.7.3 Signed-off-by: Tianling Shen (cherry picked from commit 5dbb37873634a478dd0c9ab1772e6c1a85c5b196) --- net/v2raya/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/v2raya/Makefile b/net/v2raya/Makefile index d0e7f77b85558d..d767b36c7313aa 100644 --- a/net/v2raya/Makefile +++ b/net/v2raya/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=v2rayA -PKG_VERSION:=2.2.7.1 +PKG_VERSION:=2.2.7.3 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/v2rayA/v2rayA/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=8996ce3ac42f4998a433ab4f8968c7da656baae40b34c154705ecba4274f012d +PKG_HASH:=4b36275dff287d8cf03ee8fa5331d731593f35020459a8ea0ff925e8496a52cf PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)/service PKG_LICENSE:=AGPL-3.0-only @@ -59,7 +59,7 @@ define Download/v2raya-web URL:=https://github.com/v2rayA/v2rayA/releases/download/v$(PKG_VERSION)/ URL_FILE:=web.tar.gz FILE:=$(WEB_FILE) - HASH:=26eaea7b367b36b844c98c0b537fb05482595329ac5fe0ea2293f77bc9d1aac9 + HASH:=99e789fa7cbfe9f6bc49afa8365556dff6d6c664e6136b045dd7f43322d0de7f endef define Build/Prepare From 2f51ea9e911df7620a9dc64be97f22951b582cae Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Mon, 22 Sep 2025 17:16:21 +0800 Subject: [PATCH 154/239] openlist: Update to 4.1.3 Release note: https://github.com/OpenListTeam/OpenList/releases/tag/v4.1.3 Signed-off-by: Tianling Shen (cherry picked from commit 07ca6a83aaa9942e731b8c8c41f4fc5d627e71b7) --- net/openlist/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/openlist/Makefile b/net/openlist/Makefile index 09e192006f8f4b..bca6974c85ac22 100644 --- a/net/openlist/Makefile +++ b/net/openlist/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openlist -PKG_VERSION:=4.1.2 +PKG_VERSION:=4.1.3 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/OpenListTeam/OpenList/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=4de94e32f4b05d86654f97cd1551b8cfbbed6b2c38b2ac400fde3e7622013614 +PKG_HASH:=8330dc7d3b19a2dd622d7a1f50679e1ebb3f3e6404c426621b721ec614dc0fd5 PKG_BUILD_DIR:=$(BUILD_DIR)/OpenList-$(PKG_VERSION) PKG_LICENSE:=AGPL-3.0-only @@ -51,13 +51,13 @@ define Package/openlist/conffiles /etc/config/openlist endef -WEB_VERSION:=4.1.2 +WEB_VERSION:=4.1.3 WEB_FILE:=$(PKG_NAME)-frontend-dist-v$(WEB_VERSION).tar.gz define Download/openlist-web URL:=https://github.com/OpenListTeam/OpenList-Frontend/releases/download/v$(WEB_VERSION)/ URL_FILE:=$(WEB_FILE) FILE:=$(WEB_FILE) - HASH:=aa9a5ad478debf98a2744cfd0d494be1bd9e6d55ce57ca71093d5c35052c5f4b + HASH:=b9225d2f67bd0267e5a29fc6d61689d26c29f463fc4b4b3bc7db116194918e89 endef define Build/Prepare From 120259e87f8d09256012920b7c6030d47eb94a25 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Wed, 15 Oct 2025 13:17:00 +0800 Subject: [PATCH 155/239] openlist: Update to 4.1.4 Release note: https://github.com/OpenListTeam/OpenList/releases/tag/v4.1.4 Signed-off-by: Tianling Shen (cherry picked from commit adbfae95f8f5dc945d32bf97d5f4ed7626368b3f) --- net/openlist/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/openlist/Makefile b/net/openlist/Makefile index bca6974c85ac22..96551bad977b3a 100644 --- a/net/openlist/Makefile +++ b/net/openlist/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openlist -PKG_VERSION:=4.1.3 +PKG_VERSION:=4.1.4 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/OpenListTeam/OpenList/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=8330dc7d3b19a2dd622d7a1f50679e1ebb3f3e6404c426621b721ec614dc0fd5 +PKG_HASH:=63726bbedc1ad8995cfad0ae7451cb503a504a3af3579710c4430c12286e01c3 PKG_BUILD_DIR:=$(BUILD_DIR)/OpenList-$(PKG_VERSION) PKG_LICENSE:=AGPL-3.0-only @@ -51,13 +51,13 @@ define Package/openlist/conffiles /etc/config/openlist endef -WEB_VERSION:=4.1.3 +WEB_VERSION:=4.1.4 WEB_FILE:=$(PKG_NAME)-frontend-dist-v$(WEB_VERSION).tar.gz define Download/openlist-web URL:=https://github.com/OpenListTeam/OpenList-Frontend/releases/download/v$(WEB_VERSION)/ URL_FILE:=$(WEB_FILE) FILE:=$(WEB_FILE) - HASH:=b9225d2f67bd0267e5a29fc6d61689d26c29f463fc4b4b3bc7db116194918e89 + HASH:=8ba2dcb8070a7a13e628f7cf6cb1bbce330f483992dc64e3680f741270a59db3 endef define Build/Prepare From f07a573a684da9ad4ceeb95a3ead5a0a28907759 Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Tue, 14 Oct 2025 22:12:33 +0200 Subject: [PATCH 156/239] travelmate: release 2.2.0 - drop iwinfo, use iw/ip instead - support passive wlan scanning (active scanning is still the default) - drop qrencode, use the LuCI internal qrcode js library instead - more vpn fixes - various LuCI changes/enhancements - fix #27599 - disable proactive scanning in the default config Signed-off-by: Dirk Brenken (cherry picked from commit a46dd4cf3c71514cc1ea3d45b5b3dc9d2c31560e) --- net/travelmate/Makefile | 6 +- net/travelmate/files/README.md | 7 +- net/travelmate/files/travelmate.conf | 2 +- net/travelmate/files/travelmate.init | 71 +++++------ net/travelmate/files/travelmate.sh | 174 ++++++++++++++++----------- net/travelmate/files/travelmate.vpn | 26 ++-- 6 files changed, 159 insertions(+), 127 deletions(-) diff --git a/net/travelmate/Makefile b/net/travelmate/Makefile index f7925caa63e547..3457d068a56e95 100644 --- a/net/travelmate/Makefile +++ b/net/travelmate/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=travelmate -PKG_VERSION:=2.1.4 +PKG_VERSION:=2.2.0 PKG_RELEASE:=1 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken @@ -17,12 +17,12 @@ define Package/travelmate SECTION:=net CATEGORY:=Network TITLE:=A wlan connection manager for travel router - DEPENDS:=+iwinfo +jshn +jsonfilter +curl +ca-bundle +rpcd +rpcd-mod-rpcsys + DEPENDS:=+iw +ip +jshn +jsonfilter +curl +ca-bundle +rpcd +rpcd-mod-rpcsys PKGARCH:=all endef define Package/travelmate/description -A wlan connection manager for travel routers. +A wlan connection manager for travel router. Please see https://github.com/openwrt/packages/blob/master/net/travelmate/files/README.md for further information. endef diff --git a/net/travelmate/files/README.md b/net/travelmate/files/README.md index a279f4e1891c9e..99c40168141c2b 100644 --- a/net/travelmate/files/README.md +++ b/net/travelmate/files/README.md @@ -61,11 +61,11 @@ automatically (re)connnects to configured APs/hotspots as they become available. * [OpenWrt](https://openwrt.org), tested/compatible with current stable 23.x and latest OpenWrt snapshot * The `luci-app-travelmate` ensures these packages are present: * 'dnsmasq' as dns backend - * 'iwinfo' for wlan scanning + * 'iw' for wlan scanning * 'curl' for connection checking and all kinds of captive portal magic, e.g. cp detection and auto-logins * a 'wpad' variant to support various WPA encrypted networks - (WEP-based uplinks are no longer supported!)* optional: 'qrencode' for AP QR code support + (WEP-based uplinks are no longer supported!) * optional: 'wireguard' or 'openvpn' for vpn client connections * optional: 'msmtp' to send out Travelmate related status messages via email @@ -101,6 +101,7 @@ automatically (re)connnects to configured APs/hotspots as they become available. | trm_debug | 0, disabled | set to 1 to get the full debug output (logread -e "trm-") | | trm_iface | -, not set | uplink- and procd trigger network interface, configured by the 'Interface Wizard' | | trm_radio | -, not set | restrict travelmate to a single radio or change the overall scanning order ('radio1 radio0') | +| trm_scanmode | -, active | send active probe requests or passively listen for beacon frames with 'passive' | | trm_captive | 1, enabled | check the internet availability and handle captive portal redirections | | trm_netcheck | 0, disabled | treat missing internet availability as an error | | trm_proactive | 1, enabled | proactively scan and switch to a higher prioritized uplink, despite of an already existing connection | @@ -120,10 +121,10 @@ automatically (re)connnects to configured APs/hotspots as they become available. | trm_mailsender | no-reply@travelmate | e-mail sender address for travelmate notifications | | trm_mailtopic | travelmate connection to '' | topic for travelmate notification E-Mails | | trm_mailprofile | trm_notify | profile used by 'msmtp' for travelmate notification E-Mails | +| trm_vpn | 0, disabled | VPN connections will be managed by travelmate | | trm_stdvpnservice | -, not set | standard vpn service which will be automatically added to new STA profiles | | trm_stdvpniface | -, not set | standard vpn interface which will be automatically added to new STA profiles | - * per uplink exist an additional 'uplink' section in the travelmate config, with the following options: | Option | Default | Description/Valid Values | diff --git a/net/travelmate/files/travelmate.conf b/net/travelmate/files/travelmate.conf index 6e72ca381d7604..171122f0693328 100644 --- a/net/travelmate/files/travelmate.conf +++ b/net/travelmate/files/travelmate.conf @@ -2,7 +2,7 @@ config travelmate 'global' option trm_enabled '0' option trm_captive '1' - option trm_proactive '1' + option trm_proactive '0' option trm_netcheck '0' option trm_autoadd '0' option trm_mail '0' diff --git a/net/travelmate/files/travelmate.init b/net/travelmate/files/travelmate.init index 37b301950a7459..2348ddd92718fe 100755 --- a/net/travelmate/files/travelmate.init +++ b/net/travelmate/files/travelmate.init @@ -1,5 +1,5 @@ #!/bin/sh /etc/rc.common -# Copyright (c) 2016-2024 Dirk Brenken (dev@brenken.org) +# Copyright (c) 2016-2025 Dirk Brenken (dev@brenken.org) # This is free software, licensed under the GNU General Public License v3. # set (s)hellcheck exceptions @@ -9,7 +9,6 @@ START=25 USE_PROCD=1 extra_command "scan" "[|] Scan for available nearby uplinks" -extra_command "assoc" "[|] Get MAC adresses of associated wlan stations" extra_command "setup" "[] [] [] Setup the travelmate uplink interface, by default 'trm_wwan' with firewall zone 'wan' and metric '100'" trm_init="/etc/init.d/travelmate" @@ -34,7 +33,7 @@ start_service() { procd_set_param pidfile "${trm_pidfile}" procd_set_param nice "$(uci_get travelmate global trm_nice "0")" procd_set_param stdout 0 - procd_set_param stderr 0 + procd_set_param stderr 1 procd_close_instance fi } @@ -77,25 +76,39 @@ status_service() { } scan() { - local result radio="${1}" + local scan_dev scan_mode radio_num radio_phy radio="${1}" : > "${trm_scanfile}" - if [ -z "${radio}" ]; then - radio="$(ubus -S call network.wireless status 2>/dev/null | jsonfilter -q -l1 -e '@[@.up=true].interfaces[0].ifname')" + scan_dev="$(ubus -S call network.wireless status 2>/dev/null | jsonfilter -ql1 -e "@.${radio}.interfaces[0].ifname")" + if [ -z "${scan_dev}" ]; then + radio_num="${radio//[a-z]/}" + radio_phy="phy#${radio_num}" + scan_dev="$(iw dev 2>/dev/null | awk -v iw_phy="${radio_phy}" '{if($0==iw_phy){inside=1;next}if(inside&&/^phy#/){exit}if(inside&&$1=="Interface"){print $2;exit}}')" + if [ -z "${scan_dev}" ]; then + if iw phy "phy${radio_num}" interface add "trmscan${radio_num}" type managed >/dev/null 2>&1; then + if ip link set "trmscan${radio_num}" up >/dev/null 2>&1; then + scan_dev="trmscan${radio_num}" + fi + fi + fi fi - result="$(iwinfo "${radio}" scan 2>/dev/null | - awk 'BEGIN{FS="[[:space:]]"}/Address:/{var1=$NF}/ESSID:/{var2=""; - for(i=12;i<=NF;i++)if(var2==""){var2=$i}else{var2=var2" "$i}}/Channel:/{var3=$NF}/Quality:/{split($NF,var0,"/")}/Encryption:/{var4=""; - for(j=12;j<=NF;j++)if(var4==""){var4=$j}else{var4=var4" "$j};printf " %-11i%-10s%-35s%-20s%s\n",(var0[1]*100/var0[2]),var3,var2,var1,var4}' | - sort -rn)" - printf "::: %s\n:::\n" "Available nearby uplinks on '${radio}'" - if [ -n "${result}" ]; then - printf "%s\n" "${result}" > "${trm_scanfile}" - printf "%-15s%-10s%-35s%-20s%s\n" " Strength" "Channel" "ESSID" "BSSID" "Encryption" - printf "%s\n" " --------------------------------------------------------------------------------------" - printf "%s\n" "${result}" - else - printf "%s\n" "::: Empty resultset" + if [ -n "${scan_dev}" ]; then + scan_mode="$(uci_get travelmate global trm_scanmode "active")" + [ "${scan_mode}" != "passive" ] && scan_mode="" + printf "%b\n" "$(iw "${scan_dev}" scan ${scan_mode} 2>/dev/null | + awk '/^BSS /{if(bssid!=""){if(ssid=="")ssid="unknown";printf "%3s %3s %17s %s %s %10s %30s %s\n",signal,channel,bssid,rsn,wpa,cipher,auth,ssid};signal="";channel="";rsn="-";wpa="-";cipher="-";auth="-";bssid=toupper(substr($2,1,17))} + /signal:/{signal=2*($2 + 100)} + /SSID:/{$1="";sub(/^ /,"",$0);ssid=$0} + /freq:/{channel=int($2);if(channel>=2400&&channel<=2500)channel=int((channel-2407)/5);else if(channel>=4900&&channel<=5900)channel=int((channel-5000)/5);else if(channel>=5925&&channel<=7125)channel=int(((channel-5950)/5)+1)} + /WPA:/{wpa="+"} + /RSN:/{rsn="+"} + /Group cipher:/{cipher=$4} + /Authentication suites:/{auth="";for(i=4;i<=NF;i++){auth=auth (i==4?"":",")$i}} + END{if(bssid!=""){if(ssid=="")ssid="unknown";printf "%3s %3s %17s %s %s %10s %30s %s\n",signal,channel,bssid,rsn,wpa,cipher,auth,ssid}}' | sort -rn)" > "${trm_scanfile}" + fi + if [ -n "${radio_phy}" ] && [ -n "${radio_num}" ]; then + ip link set "trmscan${radio_num}" down >/dev/null 2>&1 + iw dev "trmscan${radio_num}" del >/dev/null 2>&1 fi } @@ -108,7 +121,7 @@ setup() { metric="${metric//[^0-9]/}" if [ -n "${iface}" ] && [ "${iface}" = "${input}" ]; then - printf "%s\n" "The uplink interface '${input}' has been already configured" + return 1 elif [ -n "${input}" ]; then if [ -n "${iface}" ]; then uci -q batch <<-EOC @@ -163,24 +176,6 @@ setup() { fi } -assoc() { - local result radio="${1}" - - if [ -z "${radio}" ]; then - radio="$(ubus -S call network.wireless status 2>/dev/null | jsonfilter -q -l1 -e '@[@.*.*.config.mode="ap"].interfaces[0].ifname')" - fi - result="$(iwinfo "${radio}" assoc 2>/dev/null | awk '/^[A-Z0-9:]+/{printf " %s\n",$1}')" - printf "%s\n" "::: Associated wlan stations on '${radio}'" - printf "%s\n" ":::" - if [ -n "${result}" ]; then - printf "%s\n" " MAC addresses" - printf "%s\n" " -----------------" - printf "%s\n" "${result}" - else - printf "%s\n" "::: Empty resultset" - fi -} - service_triggers() { local iface delay diff --git a/net/travelmate/files/travelmate.sh b/net/travelmate/files/travelmate.sh index db9c35e62dd963..11e52f0783f1cf 100755 --- a/net/travelmate/files/travelmate.sh +++ b/net/travelmate/files/travelmate.sh @@ -13,7 +13,7 @@ trm_enabled="0" trm_debug="0" trm_iface="" trm_captive="1" -trm_proactive="1" +trm_proactive="0" trm_vpn="0" trm_netcheck="0" trm_autoadd="0" @@ -27,8 +27,8 @@ trm_maxwait="30" trm_maxautoadd="5" trm_timeout="60" trm_radio="" +trm_scanmode="active" trm_connection="" -trm_wpaflags="" trm_ovpninfolist="" trm_vpnifacelist="" trm_vpninfolist="" @@ -36,7 +36,7 @@ trm_stdvpnservice="" trm_stdvpniface="" trm_rtfile="/tmp/trm_runtime.json" trm_captiveurl="http://detectportal.firefox.com" -trm_useragent="Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/118.0" +trm_useragent="Mozilla/5.0 (X11; Linux x86_64; rv:144.0) Gecko/20100101 Firefox/144.0" trm_ntpfile="/var/state/travelmate.ntp" trm_vpnfile="/var/state/travelmate.vpn" trm_mailfile="/var/state/travelmate.mail" @@ -68,8 +68,6 @@ f_cmd() { # load travelmate environment # f_env() { - local check wpa_checks result - if [ "${trm_action}" = "stop" ]; then return fi @@ -116,20 +114,6 @@ f_env() { /etc/init.d/travelmate stop fi - if [ -z "${trm_wpaflags}" ]; then - wpa_checks="sae owe eap suiteb192" - for check in ${wpa_checks}; do - if [ -x "${trm_wpacmd}" ]; then - if "${trm_wpacmd}" -v"${check}" >/dev/null 2>&1; then - result="$(f_trim "${result} ${check}: $(f_char 1)")" - else - result="$(f_trim "${result} ${check}: $(f_char 0)")" - fi - fi - done - trm_wpaflags="$(printf "%s" "${result}" | "${trm_awkcmd}" '{printf "%s %s, %s %s, %s %s, %s %s",$1,$2,$3,$4,$5,$6,$7,$8}')" - fi - config_load wireless config_foreach f_setdev "wifi-device" if [ -n "$(uci -q changes "wireless")" ]; then @@ -148,7 +132,7 @@ f_env() { config_load network config_foreach f_getvpn "interface" fi - f_log "debug" "f_env ::: auto_sta: ${trm_opensta:-"-"}, wpa_flags: ${trm_wpaflags}, sys_ver: ${trm_sysver}" + f_log "debug" "f_env ::: auto_sta: ${trm_opensta:-"-"}, sys_ver: ${trm_sysver}" } # trim helper function @@ -209,7 +193,7 @@ f_wifi() { # vpn helper function # f_vpn() { - local rc result info iface vpn vpn_service vpn_iface vpn_instance vpn_status vpn_action="${1}" + local rc info iface vpn vpn_service vpn_iface vpn_instance vpn_status vpn_action="${1}" if [ "${trm_vpn}" = "1" ] && [ -n "${trm_vpninfolist}" ]; then vpn="$(f_getval "vpn")" @@ -232,23 +216,24 @@ f_vpn() { fi done rm -f "${trm_vpnfile}" + sleep 1 elif [ "${vpn}" = "1" ] && [ -n "${vpn_iface}" ] && [ "${vpn_action}" = "enable_keep" ]; then for info in ${trm_vpninfolist}; do iface="${info%%&&*}" + [ "${iface}" = "${info}" ] && vpn_instance="" || vpn_instance="${info##*&&}" vpn_status="$(ifstatus "${iface}" | "${trm_jsoncmd}" -ql1 -e '@.up')" if [ "${vpn_status}" = "true" ] && [ "${iface}" != "${vpn_iface}" ]; then /sbin/ifdown "${iface}" f_log "info" "take down vpn interface '${iface}' (switch)" - rc="1" - fi - [ "${iface}" = "${info}" ] && vpn_instance="" || vpn_instance="${info##*&&}" - if [ -x "/etc/init.d/openvpn" ] && [ -n "${vpn_instance}" ] && /etc/init.d/openvpn running "${vpn_instance}"; then - /etc/init.d/openvpn stop "${vpn_instance}" - f_log "info" "take down openvpn instance '${vpn_instance}' (switch)" + if [ -x "/etc/init.d/openvpn" ] && [ -n "${vpn_instance}" ] && /etc/init.d/openvpn running "${vpn_instance}"; then + /etc/init.d/openvpn stop "${vpn_instance}" + f_log "info" "take down openvpn instance '${vpn_instance}' (switch)" + fi rc="1" fi if [ "${rc}" = "1" ]; then rm -f "${trm_vpnfile}" + sleep 1 break fi done @@ -265,7 +250,6 @@ f_vpn() { break fi done - f_log "debug" "f_vpn ::: vpn: ${vpn:-"0"}, action: ${vpn_action}, service: ${vpn_service}, iface: ${vpn_iface}, instance: ${vpn_instance}" "${trm_vpnpgm}" "${vpn:-"0"}" "${vpn_action}" "${vpn_service}" "${vpn_iface}" "${vpn_instance}" >/dev/null 2>&1 rc="${?}" fi @@ -273,7 +257,7 @@ f_vpn() { [ -n "${rc}" ] && f_jsnup fi fi - f_log "debug" "f_vpn ::: vpn: ${trm_vpn:-"-"}, enabled: ${vpn:-"-"}, action: ${vpn_action}, vpn_service: ${vpn_service:-"-"}, vpn_iface: ${vpn_iface:-"-"}, vpn_instance: ${vpn_instance:-"-"}, vpn_infolist: ${trm_vpninfolist:-"-"}, result: ${result}, rc: ${rc:-"-"}" + f_log "debug" "f_vpn ::: vpn: ${trm_vpn:-"-"}, enabled: ${vpn:-"-"}, action: ${vpn_action}, vpn_service: ${vpn_service:-"-"}, vpn_iface: ${vpn_iface:-"-"}, vpn_instance: ${vpn_instance:-"-"}, vpn_infolist: ${trm_vpninfolist:-"-"}, connection: ${trm_connection%%/*}, rc: ${rc:-"-"}" } # mac helper function @@ -294,13 +278,13 @@ f_mac() { else uci_remove "wireless" "${section}" "macaddr" 2>/dev/null ifname="$("${trm_ubuscmd}" -S call network.wireless status 2>/dev/null | "${trm_jsoncmd}" -ql1 -e '@.*.interfaces[@.config.mode="sta"].ifname')" - result="$("${trm_iwinfocmd}" "${ifname}" info 2>/dev/null | "${trm_awkcmd}" '/Access Point:/{printf "%s",$3}')" + result="$("${trm_iwcmd}" dev "${ifname}" info 2>/dev/null | "${trm_awkcmd}" '/addr /{printf "%s",toupper($2)}')" fi elif [ "${action}" = "get" ]; then result="$(uci_get "wireless" "${section}" "macaddr")" if [ -z "${result}" ]; then ifname="$("${trm_ubuscmd}" -S call network.wireless status 2>/dev/null | "${trm_jsoncmd}" -ql1 -e '@.*.interfaces[@.config.mode="sta"].ifname')" - result="$("${trm_iwinfocmd}" "${ifname}" info 2>/dev/null | "${trm_awkcmd}" '/Access Point:/{printf "%s",$3}')" + result="$("${trm_iwcmd}" dev "${ifname}" info 2>/dev/null | "${trm_awkcmd}" '/addr /{printf "%s",toupper($2)}')" fi fi printf "%s" "${result}" @@ -485,25 +469,31 @@ f_getval() { f_setdev() { local disabled radio="${1}" - disabled="$(uci_get "wireless" "${radio}" "disabled")" - if [ "${disabled}" = "1" ]; then - uci_set wireless "${radio}" "disabled" "0" - fi - if [ -n "${trm_radio}" ] && [ -z "${trm_radiolist}" ]; then - trm_radiolist="${trm_radio}" - elif [ -z "${trm_radio}" ] && ! printf "%s" "${trm_radiolist}" | "${trm_grepcmd}" -q "${radio}"; then - trm_radiolist="$(f_trim "${trm_radiolist} ${radio}")" + if { [ -z "${trm_radio}" ] && ! printf "%s" "${trm_radiolist}" | "${trm_grepcmd}" -q "${radio}"; } || + { [ -n "${trm_radio}" ] && printf "%s" "${trm_radio}" | "${trm_grepcmd}" -q "${radio}"; }; then + if [ -n "${trm_radio}" ] && [ "${trm_radio}" = "radio1 radio0" ]; then + trm_radiolist="$(f_trim "${radio} ${trm_radiolist}")" + else + trm_radiolist="$(f_trim "${trm_radiolist} ${radio}")" + fi + disabled="$(uci_get "wireless" "${radio}" "disabled")" + if [ "${disabled}" = "1" ]; then + uci_set wireless "${radio}" "disabled" "0" + fi fi - f_log "debug" "f_setdev ::: radio: ${radio:-"-"}, radio_list(cnf/cur): ${trm_radio:-"-"}/${trm_radiolist:-"-"}, disabled: ${disabled:-"-"}" + f_log "debug" "f_setdev ::: radio: ${radio:-"-"}, radio_conf: ${trm_radio:-"-"}, radio_list: ${trm_radiolist:-"-"}, disabled: ${disabled:-"-"}" } # set 'wifi-iface' sections # f_setif() { - local mode radio essid bssid enabled disabled con_start con_end con_start_expiry con_end_expiry section="${1}" proactive="${2}" + local mode radio essid bssid enabled disabled d1 d2 d3 con_start con_end con_start_expiry con_end_expiry section="${1}" proactive="${2}" - mode="$(uci_get "wireless" "${section}" "mode")" radio="$(uci_get "wireless" "${section}" "device")" + if ! printf "%s" "${trm_radiolist}" | "${trm_grepcmd}" -q "${radio}"; then + return + fi + mode="$(uci_get "wireless" "${section}" "mode")" essid="$(uci_get "wireless" "${section}" "ssid")" bssid="$(uci_get "wireless" "${section}" "bssid")" disabled="$(uci_get "wireless" "${section}" "disabled")" @@ -607,8 +597,8 @@ f_addsta() { EOC fi trm_opensta="$((trm_opensta + 1))" - uci_commit "travelmate" - uci_commit "wireless" + [ -n "$(uci -q changes "travelmate")" ] && uci_commit "travelmate" + [ -n "$(uci -q changes "wireless")" ] && uci_commit "wireless" f_wifi if [ ! -f "${trm_refreshfile}" ]; then printf "%s" "ui_reload" >"${trm_refreshfile}" @@ -624,7 +614,7 @@ f_addsta() { f_net() { local err_msg raw json_raw html_raw html_cp js_cp json_ec json_rc json_cp json_ed result="net nok" - raw="$("${trm_fetchcmd}" --user-agent "${trm_useragent}" --referer "http://www.example.com" --header "Cache-Control: no-cache, no-store, must-revalidate, max-age=0" --write-out "%{json}" --silent --retry 5 --max-time $((trm_maxwait / 6)) "${trm_captiveurl}")" + raw="$("${trm_fetchcmd}" --user-agent "${trm_useragent}" --referer "http://www.example.com" --header "Cache-Control: no-cache, no-store, must-revalidate, max-age=0" --write-out "%{json}" --silent --retry $((trm_maxwait / 6)) --max-time $((trm_maxwait / 6)) "${trm_captiveurl}")" json_raw="${raw#*\{}" html_raw="${raw%%\{*}" if [ -n "${json_raw}" ]; then @@ -686,6 +676,10 @@ f_check() { if [ "${mode}" = "sta" ]; then "${trm_ubuscmd}" -S call network.interface."${trm_iface}" down >/dev/null 2>&1 "${trm_ubuscmd}" -S call network.interface."${trm_iface}" up >/dev/null 2>&1 + if ! "${trm_ubuscmd}" -t "$((trm_maxwait / 6))" wait_for network.interface."${trm_iface}" >/dev/null 2>&1; then + f_log "info" "travelmate interface '${trm_iface}' does not appear on ubus on ifup event" + fi + sleep 1 fi while [ "${wait_time}" -le "${trm_maxwait}" ]; do @@ -699,23 +693,23 @@ f_check() { f_jsnup fi if [ "${status}" = "false" ]; then - sleep "$((trm_maxwait / 5))" + sleep "$((trm_maxwait / 6))" fi break elif [ "${mode}" = "rev" ]; then - unset trm_connection + trm_connection="" trm_ifstatus="${status}" break else ifname="$(printf "%s" "${dev_status}" | "${trm_jsoncmd}" -ql1 -e '@.*.interfaces[@.config.mode="sta"].ifname')" if [ -n "${ifname}" ] && [ "${enabled}" = "1" ]; then - trm_ifquality="$("${trm_iwinfocmd}" "${ifname}" info 2>/dev/null | "${trm_awkcmd}" -F '[ ]' '/Link Quality: [0-9]+\/[0-9]+/{split($NF,var0,"/");printf "%i\n",(var0[1]*100/var0[2])}')" + trm_ifquality="$("${trm_iwcmd}" dev "${ifname}" link 2>/dev/null | "${trm_awkcmd}" '/signal: /{printf "%s",2*($2+100)}')" if [ -z "${trm_ifquality}" ]; then trm_ifstatus="$("${trm_ubuscmd}" -S call network.interface dump 2>/dev/null | "${trm_jsoncmd}" -ql1 -e "@.interface[@.device=\"${ifname}\"].up")" if { [ -n "${trm_connection}" ] && [ "${trm_ifstatus}" = "false" ]; } || [ "${wait_time}" -eq "${trm_maxwait}" ]; then f_log "info" "no signal from uplink" f_vpn "disable" - unset trm_connection + trm_connection="" trm_ifstatus="${status}" f_ctrack "end" f_jsnup @@ -732,7 +726,7 @@ f_check() { if [ -x "/etc/init.d/dnsmasq" ] && [ -f "/etc/config/dhcp" ] && [ -n "${cp_domain}" ] && ! uci_get "dhcp" "@dnsmasq[0]" "rebind_domain" | "${trm_grepcmd}" -q "${cp_domain}"; then uci_add_list "dhcp" "@dnsmasq[0]" "rebind_domain" "${cp_domain}" - uci_commit "dhcp" + [ -n "$(uci -q changes "dhcp")" ] && uci_commit "dhcp" /etc/init.d/dnsmasq reload f_log "info" "captive portal domain '${cp_domain}' added to to dhcp rebind whitelist" else @@ -771,20 +765,20 @@ f_check() { elif [ -n "${trm_connection}" ] && { [ "${trm_netcheck}" = "1" ] || [ "${mode}" = "initial" ]; }; then f_log "info" "uplink is out of range (${trm_ifquality}/${trm_minquality})" f_vpn "disable" - unset trm_connection + trm_connection="" trm_ifstatus="${status}" f_ctrack "end" f_jsnup break elif [ "${mode}" = "initial" ] || [ "${mode}" = "sta" ]; then - unset trm_connection + trm_connection="" trm_ifstatus="${status}" f_jsnup break fi elif [ -n "${trm_connection}" ]; then f_vpn "disable" - unset trm_connection + trm_connection="" trm_ifstatus="${status}" f_jsnup break @@ -829,10 +823,10 @@ f_jsnup() { vpn_done="1" fi elif [ "${status}" = "error" ]; then - unset trm_connection + trm_connection="" status="program error" else - unset trm_connection + trm_connection="" status="running (not connected)" fi if [ -z "${last_date}" ]; then @@ -849,8 +843,7 @@ f_jsnup() { json_add_string "station_id" "${sta_radio:-"-"}/${sta_essid:-"-"}/${sta_bssid:-"-"}" json_add_string "station_mac" "${sta_mac:-"-"}" json_add_string "station_interfaces" "${sta_iface:-"-"}, ${vpn_iface:-"-"}" - json_add_string "wpa_flags" "${trm_wpaflags:-"-"}" - json_add_string "run_flags" "captive: $(f_char ${trm_captive}), proactive: $(f_char ${trm_proactive}), netcheck: $(f_char ${trm_netcheck}), autoadd: $(f_char ${trm_autoadd}), randomize: $(f_char ${trm_randomize})" + json_add_string "run_flags" "scan: ${trm_scanmode}, captive: $(f_char ${trm_captive}), proactive: $(f_char ${trm_proactive}), netcheck: $(f_char ${trm_netcheck}), autoadd: $(f_char ${trm_autoadd}), randomize: $(f_char ${trm_randomize})" json_add_string "ext_hooks" "ntp: $(f_char ${ntp_done}), vpn: $(f_char ${vpn_done}), mail: $(f_char ${mail_done})" json_add_string "last_run" "${last_date}" json_add_string "system" "${trm_sysver}" @@ -888,11 +881,18 @@ f_log() { # main function for connection handling # f_main() { - local radio cnt retrycnt scan_dev scan_list scan_essid scan_bssid scan_open scan_quality station_id section - local sta sta_essid sta_bssid sta_radio sta_mac open_sta open_essid config_radio config_essid config_bssid + local radio radio_num radio_phy cnt retrycnt scan_dev scan_mode scan_list scan_essid scan_bssid scan_rsn scan_wpa scan_open scan_quality + local station_id section sta sta_essid sta_bssid sta_radio sta_mac open_sta open_essid config_radio config_essid config_bssid f_check "initial" "false" - f_log "debug" "f_main-1 ::: status: ${trm_ifstatus}, proactive: ${trm_proactive}" + if [ "${trm_proactive}" = "0" ]; then + if [ "${trm_connection%%/*}" = "net ok" ]; then + f_vpn "enable_keep" + else + f_vpn "disable" + fi + fi + f_log "debug" "f_main-1 ::: status: ${trm_ifstatus}, connection: ${trm_connection%%/*}, proactive: ${trm_proactive}" if [ "${trm_ifstatus}" != "true" ] || [ "${trm_proactive}" = "1" ]; then config_load wireless config_foreach f_setif wifi-iface "${trm_proactive}" @@ -906,7 +906,7 @@ f_main() { f_check "dev" "true" f_log "debug" "f_main-2 ::: config_radio: ${config_radio}, config_essid: \"${config_essid}\", config_bssid: ${config_bssid:-"-"}" else - uci_commit "wireless" + [ -n "$(uci -q changes "wireless")" ] && uci_commit "wireless" f_check "dev" "false" fi f_log "debug" "f_main-3 ::: radio_list: ${trm_radiolist:-"-"}, sta_list: ${trm_stalist:-"-"}" @@ -945,11 +945,37 @@ f_main() { fi if [ -z "${scan_list}" ]; then scan_dev="$("${trm_ubuscmd}" -S call network.wireless status 2>/dev/null | "${trm_jsoncmd}" -ql1 -e "@.${radio}.interfaces[0].ifname")" - scan_list="$("${trm_iwinfocmd}" "${scan_dev:-${radio}}" scan 2>/dev/null | - "${trm_awkcmd}" 'BEGIN{FS="[[:space:]]"}/Address:/{var1=$NF}/ESSID:/{var2="";for(i=12;i<=NF;i++)if(var2==""){var2=$i}else{var2=var2" "$i}} - /Quality:/{split($NF,var0,"/")}/Encryption:/{if($NF=="none"){var3="+"}else{var3="-"}; - printf "%i %s %s %s\n",(var0[1]*100/var0[2]),var3,var1,var2}' | "${trm_sortcmd}" -rn)" - f_log "debug" "f_main-6 ::: radio: ${radio}, scan_device: ${scan_dev}, scan_cnt: $(printf "%s" "${scan_list}" | "${trm_grepcmd}" -c "^")" + if [ -z "${scan_dev}" ]; then + radio_num="${radio//[a-z]/}" + radio_phy="phy#${radio_num}" + scan_dev="$("${trm_iwcmd}" dev 2>/dev/null | "${trm_awkcmd}" -v iw_phy="${radio_phy}" '{if($0==iw_phy){inside=1;next}if(inside&&/^phy#/){exit}if(inside&&$1=="Interface"){print $2;exit}}')" + if [ -z "${scan_dev}" ]; then + if "${trm_iwcmd}" phy "phy${radio_num}" interface add "trmscan${radio_num}" type managed >/dev/null 2>&1; then + if "${trm_ipcmd}" link set "trmscan${radio_num}" up >/dev/null 2>&1; then + scan_dev="trmscan${radio_num}" + fi + fi + fi + fi + if [ -n "${scan_dev}" ]; then + [ "${trm_scanmode}" != "passive" ] && scan_mode="" + scan_list="$(printf "%b" "$("${trm_iwcmd}" "${scan_dev}" scan ${scan_mode} 2>/dev/null | + "${trm_awkcmd}" '/^BSS /{if(bssid!=""){if(ssid=="")ssid="unknown";printf "%s %s %s %s %s\n",signal,rsn,wpa,bssid,ssid};bssid=toupper(substr($2,1,17));ssid="";signal="";rsn="+";wpa="+"} + /signal:/{signal=2*($2 + 100)} + /SSID:/{$1="";sub(/^ /,"",$0);ssid="\""$0"\""} + /WPA:/{wpa="-"} + /RSN:/{rsn="-"} + END{if(bssid!=""){if(ssid=="")ssid="unknown";printf "%s %s %s %s %s\n",signal,rsn,wpa,bssid,ssid}}' | "${trm_sortcmd}" -rn)")" + f_log "debug" "f_main-6 ::: radio: ${radio}, scan_device: ${scan_dev}, scan_mode: ${trm_scanmode:-"active"}, scan_cnt: $(printf "%s" "${scan_list}" | "${trm_grepcmd}" -c "^")" + fi + if [ -n "${radio_phy}" ] && [ -n "${radio_num}" ]; then + "${trm_ipcmd}" link set "trmscan${radio_num}" down >/dev/null 2>&1 + "${trm_iwcmd}" dev "trmscan${radio_num}" del >/dev/null 2>&1 + fi + if [ -z "${scan_dev}" ]; then + f_log "info" "no scan device on '${radio}'" + continue 2 + fi if [ -z "${scan_list}" ]; then f_log "info" "no scan results on '${radio}'" continue 2 @@ -958,7 +984,12 @@ f_main() { # scan loop # - while read -r scan_quality scan_open scan_bssid scan_essid; do + while read -r scan_quality scan_rsn scan_wpa scan_bssid scan_essid; do + if [ "${scan_rsn}" = "-" ] && [ "${scan_wpa}" = "-" ]; then + scan_open="+" + else + scan_open="-" + fi if [ -n "${scan_quality}" ] && [ -n "${scan_open}" ] && [ -n "${scan_bssid}" ] && [ -n "${scan_essid}" ]; then f_log "debug" "f_main-7 ::: radio(sta/scan): ${sta_radio}/${radio}, essid(sta/scan): \"${sta_essid}\"/${scan_essid}, bssid(sta/scan): ${sta_bssid}/${scan_bssid}, quality(min/scan): ${trm_minquality}/${scan_quality}, open: ${scan_open}" if [ "${scan_quality}" -lt "${trm_minquality}" ]; then @@ -981,7 +1012,7 @@ f_main() { if [ -n "${config_radio}" ]; then f_vpn "disable" uci_set "wireless" "${trm_activesta}" "disabled" "1" - uci_commit "wireless" + [ -n "$(uci -q changes "wireless")" ] && uci_commit "wireless" f_check "rev" "false" f_ctrack "end" f_log "info" "uplink connection terminated '${config_radio}/${config_essid}/${config_bssid:-"-"}'" @@ -998,7 +1029,7 @@ f_main() { f_check "sta" "false" "${sta_radio}" "${sta_essid}" "${sta_bssid}" if [ "${trm_ifstatus}" = "true" ]; then rm -f "${trm_mailfile}" - uci_commit "wireless" + [ -n "$(uci -q changes "wireless")" ] && uci_commit "wireless" f_ctrack "start" f_log "info" "connected to uplink '${sta_radio}/${sta_essid}/${sta_bssid:-"-"}' with mac '${sta_mac:-"-"}' (${retrycnt}/${trm_maxretry})" f_vpn "enable" @@ -1049,7 +1080,8 @@ trm_ubuscmd="$(f_cmd ubus)" trm_loggercmd="$(f_cmd logger)" trm_wificmd="$(f_cmd wifi)" trm_fetchcmd="$(f_cmd curl)" -trm_iwinfocmd="$(f_cmd iwinfo)" +trm_ipcmd="$(f_cmd ip)" +trm_iwcmd="$(f_cmd iw)" trm_wpacmd="$(f_cmd wpa_supplicant)" # get travelmate version @@ -1076,7 +1108,7 @@ while true; do f_log "info" "travelmate instance started ::: action: ${trm_action}, pid: ${$}" f_env f_main - unset trm_action + trm_action="" fi while true; do sleep "${trm_timeout}" 0 diff --git a/net/travelmate/files/travelmate.vpn b/net/travelmate/files/travelmate.vpn index 053e159217c35a..fe213b1d1ac611 100755 --- a/net/travelmate/files/travelmate.vpn +++ b/net/travelmate/files/travelmate.vpn @@ -18,7 +18,7 @@ vpn_iface="${4}" vpn_instance="${5}" trm_maxwait="$(uci_get travelmate global trm_maxwait "30")" trm_captiveurl="$(uci_get travelmate global trm_captiveurl "http://detectportal.firefox.com")" -trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/118.0")" +trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (X11; Linux x86_64; rv:144.0) Gecko/20100101 Firefox/144.0")" trm_ubuscmd="$(command -v ubus)" trm_jsoncmd="$(command -v jsonfilter)" trm_logger="$(command -v logger)" @@ -28,7 +28,7 @@ trm_vpnfile="/var/state/travelmate.vpn" f_net() { local json_rc - json_rc="$(${trm_fetch} --user-agent "${trm_useragent}" --referer "http://www.example.com" --header "Cache-Control: no-cache, no-store, must-revalidate, max-age=0" --write-out "%{response_code}" --silent --retry 5 --output /dev/null --max-time $((trm_maxwait / 6)) "${trm_captiveurl}")" + json_rc="$(${trm_fetch} --user-agent "${trm_useragent}" --referer "http://www.example.com" --header "Cache-Control: no-cache, no-store, must-revalidate, max-age=0" --write-out "%{response_code}" --silent --retry $((trm_maxwait / 6)) --output /dev/null --max-time $((trm_maxwait / 6)) "${trm_captiveurl}")" if [ "${json_rc}" = "200" ] || [ "${json_rc}" = "204" ]; then json_rc="net ok" fi @@ -39,21 +39,25 @@ if [ "${vpn}" = "1" ] && [ "${vpn_action%_*}" = "enable" ]; then if [ "${vpn_action}" = "enable_keep" ]; then vpn_status="$("${trm_ubuscmd}" -S call network.interface."${vpn_iface}" status 2>/dev/null | "${trm_jsoncmd}" -ql1 -e '@.up')" fi + "${trm_logger}" -p "info" -t "trm-vpn [${$}]" "start vpn processing (vpn: ${vpn:-"-"}, action: ${vpn_action:-"-"}, interface: ${vpn_iface:-"-"}, instance: ${vpn_instance:-"-"}, status: ${vpn_status:-"-"})" if [ "${vpn_action}" = "enable" ] || [ "${vpn_status}" != "true" ]; then if [ "${vpn_status}" != "true" ]; then /sbin/ifdown "${vpn_iface}" "${trm_ubuscmd}" -S call network.interface."${vpn_iface}" remove >/dev/null 2>&1 + if [ "${vpn_service}" = "openvpn" ] && [ -n "${vpn_instance}" ] && [ -x "/etc/init.d/openvpn" ]; then + if /etc/init.d/openvpn running "${vpn_instance}"; then + /etc/init.d/openvpn stop "${vpn_instance}" + fi + /etc/init.d/openvpn start "${vpn_instance}" + fi fi - if [ "${vpn_service}" = "openvpn" ] && [ -n "${vpn_instance}" ] && [ -x "/etc/init.d/openvpn" ] && /etc/init.d/openvpn running "${vpn_instance}"; then - /etc/init.d/openvpn stop "${vpn_instance}" - sleep 1 - fi - if [ "${vpn_service}" = "openvpn" ] && [ -n "${vpn_instance}" ] && [ -x "/etc/init.d/openvpn" ] && ! /etc/init.d/openvpn running "${vpn_instance}"; then - /etc/init.d/openvpn start "${vpn_instance}" - fi + sleep 1 /sbin/ifup "${vpn_iface}" + if ! "${trm_ubuscmd}" -t "$((trm_maxwait / 6))" wait_for network.interface."${vpn_iface}" >/dev/null 2>&1; then + "${trm_logger}" -p "info" -t "trm-vpn [${$}]" "travelmate vpn interface '${vpn_iface}' does not appear on ubus on ifup event" + fi cnt=0 - while true; do + while :; do vpn_status="$("${trm_ubuscmd}" -S call network.interface."${vpn_iface}" status 2>/dev/null | "${trm_jsoncmd}" -ql1 -e '@.up')" if [ "${vpn_status}" = "true" ]; then net_status="$(f_net)" @@ -73,8 +77,8 @@ if [ "${vpn}" = "1" ] && [ "${vpn_action%_*}" = "enable" ]; then "${trm_logger}" -p "info" -t "trm-vpn [${$}]" "${vpn_service} client connection can't be established '${vpn_iface}/${vpn_instance:-"-", rc: ${net_status:-"-"}}'" 2>/dev/null return 1 fi - sleep 1 cnt="$((cnt + 1))" + sleep 1 done fi elif { [ "${vpn}" != "1" ] && [ "${vpn_action%_*}" = "enable" ]; } || [ "${vpn_action}" = "disable" ]; then From 613f7d217ef4c013b5fdb70bef877f9209b7049b Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Sat, 18 Oct 2025 22:00:49 +0200 Subject: [PATCH 157/239] travelmate: release 2.2.1 - add a new lan/wan subnet check, to to show conflicts with router LAN network - clean up bogus debug log outputs - minor code clean ups - readme update Signed-off-by: Dirk Brenken (cherry picked from commit a38196f1516fd9d1b5a072bf799dab8b3f5fa2af) --- net/travelmate/Makefile | 2 +- net/travelmate/files/README.md | 54 +++++++++++++----------------- net/travelmate/files/travelmate.sh | 40 ++++++++++++++++------ 3 files changed, 54 insertions(+), 42 deletions(-) diff --git a/net/travelmate/Makefile b/net/travelmate/Makefile index 3457d068a56e95..536976f52df288 100644 --- a/net/travelmate/Makefile +++ b/net/travelmate/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=travelmate -PKG_VERSION:=2.2.0 +PKG_VERSION:=2.2.1 PKG_RELEASE:=1 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/travelmate/files/README.md b/net/travelmate/files/README.md index 99c40168141c2b..558e174aca2567 100644 --- a/net/travelmate/files/README.md +++ b/net/travelmate/files/README.md @@ -24,29 +24,20 @@ automatically (re)connnects to configured APs/hotspots as they become available. ## Main Benefits and Features -* Easy setup from LuCI web interface - with **Interface Wizard** and **Wireless Station manager** -* Display a QR code to - transfer the wireless credentials to your mobile devices +* Easy setup from LuCI web interface with **Interface Wizard** and **Wireless Station manager** +* Display a QR code to transfer the wireless credentials to your mobile devices * Fast uplink connections * Supports routers with multiple radios in any order -* Supports all kinds of uplinks, including hidden and enterprise uplinks. - (WEP-based uplinks are no longer supported) -* Continuously checks the existing uplink quality, - e.g. for conditional uplink (dis)connections +* Supports all kinds of uplinks, including hidden and enterprise uplinks (WEP-based uplinks are no longer supported). +* Continuously checks the existing uplink quality, e.g. for conditional uplink (dis)connections * Automatically add open uplinks to your wireless config, e.g. hotel captive portals -* Captive portal detection with a - 'heartbeat' function to keep the uplink connection up and running -* Captive portal hook for auto-login configured via uci/LuCI. - Use an external script for - captive portal auto-logins (see example below) -* VPN hook supports 'wireguard' or 'openvpn' client - setups to handle VPN (re)connections automatically -* Email hook via 'msmtp' sends notification e-mails - after every successful uplink connect -* Proactively scan and switch to a higher priority uplink, - replacing an existing connection +* Captive portal detection with a 'heartbeat' function to keep the uplink connection up and running +* Captive portal hook for auto-login configured via uci/LuCI. Use an external script for captive portal auto-logins (see example below) +* VPN hook supports 'wireguard' or 'openvpn' client setups to handle VPN (re)connections automatically +* Email hook via 'msmtp' sends notification e-mails after every successful uplink connect +* Proactively scan and switch to a higher priority uplink, replacing an existing connection * Connection tracking logs start and end date of an uplink connection +* Check router subnet vs. uplink subnet, to show conflicts with router LAN network * Automatically disable the uplink after n minutes, e.g. for timed connections * Automatically (re)enable the uplink after n minutes, e.g. after failed login attempts * (Optional) Generate a random unicast MAC address for each uplink connection @@ -100,11 +91,12 @@ automatically (re)connnects to configured APs/hotspots as they become available. | trm_enabled | 0, disabled | set to 1 to enable the travelmate service (this will be done by the Interface Wizard as well!) | | trm_debug | 0, disabled | set to 1 to get the full debug output (logread -e "trm-") | | trm_iface | -, not set | uplink- and procd trigger network interface, configured by the 'Interface Wizard' | +| trm_laniface | -, lan | logical LAN network interface, default is 'lan' | | trm_radio | -, not set | restrict travelmate to a single radio or change the overall scanning order ('radio1 radio0') | | trm_scanmode | -, active | send active probe requests or passively listen for beacon frames with 'passive' | | trm_captive | 1, enabled | check the internet availability and handle captive portal redirections | | trm_netcheck | 0, disabled | treat missing internet availability as an error | -| trm_proactive | 1, enabled | proactively scan and switch to a higher prioritized uplink, despite of an already existing connection | +| trm_proactive | 0, disabled | proactively scan and switch to a higher prioritized uplink, despite of an already existing connection | | trm_autoadd | 0, disabled | automatically add open uplinks like hotel captive portals to your wireless config | | trm_randomize | 0, disabled | generate a random unicast MAC address for each uplink connection | | trm_triggerdelay | 2 | additional trigger delay in seconds before travelmate processing begins | @@ -113,7 +105,7 @@ automatically (re)connnects to configured APs/hotspots as they become available. | trm_maxwait | 30 | how long should travelmate wait for a successful wlan uplink connection | | trm_timeout | 60 | overall retry timeout in seconds | | trm_maxautoadd | 5 | limit the max. number of automatically added open uplinks. To disable this limitation set it to '0' | -| trm_captiveurl | http://detectportal.firefox.com | pre-configured provider URLs that will be used for connectivity- and captive portal checks | +| trm_captiveurl | http://detectportal.firefox.com | custom/pre-configured provider URLs that will be used for connectivity- and captive portal checks | | trm_useragent | Mozilla/5.0 ... | pre-configured user agents that will be used for connectivity- and captive portal checks | | trm_nice | 0, normal priority | change the priority of the travelmate background processing | | trm_mail | 0, disabled | sends notification e-mails after every succesful uplink connect | @@ -210,16 +202,16 @@ Hopefully more scripts for different captive portals will be provided by the com 

 root@2go:~# /etc/init.d/travelmate status
 ::: travelmate runtime information
-  + travelmate_status  : connected (net ok/51)
-  + travelmate_version : 2.1.1
-  + station_id         : radio0/403 Forbidden/00:0C:46:24:50:00
-  + station_mac        : 94:83:C4:24:0E:4F
-  + station_interfaces : trm_wwan, wg0
-  + wpa_flags          : sae: ✔, owe: ✔, eap: ✔, suiteb192: ✔
-  + run_flags          : captive: ✔, proactive: ✔, netcheck: ✘, autoadd: ✘, randomize: ✔
-  + ext_hooks          : ntp: ✔, vpn: ✔, mail: ✘
-  + last_run           : 2023.10.21-14:29:14
-  + system             : GL.iNet GL-A1300, OpenWrt SNAPSHOT r24187-bb8fd41f9a
+  + travelmate_status  : connected (net ok/96)
+  + travelmate_version : 2.2.1-r1
+  + station_id         : radio0/GlutenfreiVerbunden/-
+  + station_mac        : 1E:24:62:C3:2E:4B
+  + station_interfaces : trm_wwan, -
+  + station_subnet     : 10.168.20.0 (lan: 10.168.1.0)
+  + run_flags          : scan: passive, captive: ✔, proactive: ✔, netcheck: ✘, autoadd: ✘, randomize: ✔
+  + ext_hooks          : ntp: ✔, vpn: ✘, mail: ✘
+  + last_run           : 2025.10.18-21:03:41
+  + system             : Cudy TR3000 v1, mediatek/filogic, OpenWrt SNAPSHOT r31445-2a44808374
To debug travelmate runtime problems, please always enable the 'trm\_debug' flag, restart Travelmate and check the system log afterwards (_logread -e "trm-"_) diff --git a/net/travelmate/files/travelmate.sh b/net/travelmate/files/travelmate.sh index 11e52f0783f1cf..a852f0e2206737 100755 --- a/net/travelmate/files/travelmate.sh +++ b/net/travelmate/files/travelmate.sh @@ -12,6 +12,7 @@ export PATH="/usr/sbin:/usr/bin:/sbin:/bin" trm_enabled="0" trm_debug="0" trm_iface="" +trm_laniface="" trm_captive="1" trm_proactive="0" trm_vpn="0" @@ -132,7 +133,7 @@ f_env() { config_load network config_foreach f_getvpn "interface" fi - f_log "debug" "f_env ::: auto_sta: ${trm_opensta:-"-"}, sys_ver: ${trm_sysver}" + f_log "debug" "f_env ::: fetch: ${trm_fetchcmd}, sys_ver: ${trm_sysver}" } # trim helper function @@ -165,7 +166,7 @@ f_wifi() { "${trm_wificmd}" reload for radio in ${trm_radiolist}; do - while true; do + while :; do if [ "${timeout}" -ge "${trm_maxwait}" ]; then break 2 fi @@ -346,7 +347,7 @@ f_ctrack() { fi fi fi - f_log "debug" "f_ctrack ::: action: ${action:-"-"}, uplink_config: ${trm_uplinkcfg:-"-"}" + f_log "debug" "f_ctrack ::: uplink_config: ${trm_uplinkcfg:-"-"}, action: ${action:-"-"}" } # get openvpn information @@ -449,7 +450,7 @@ f_getcfg() { fi cnt="$((cnt + 1))" done - f_log "debug" "f_getcfg ::: status: ${status}, section: ${section}, uplink_config: ${trm_uplinkcfg:-"-"}" + f_log "debug" "f_getcfg ::: uplink_config: ${trm_uplinkcfg:-"-"}" } # get travelmate option value in 'uplink' sections @@ -461,7 +462,7 @@ f_getval() { result="$(uci_get "travelmate" "${trm_uplinkcfg}" "${t_option}")" printf "%s" "${result}" fi - f_log "debug" "f_getval ::: option: ${t_option:-"-"}, result: ${result:-"-"}, uplink_config: ${trm_uplinkcfg:-"-"}" + f_log "debug" "f_getval ::: uplink_config: ${trm_uplinkcfg:-"-"}, option: ${t_option:-"-"}, result: ${result:-"-"}" } # set 'wifi-device' sections @@ -539,7 +540,24 @@ f_setif() { trm_stalist="$(f_trim "${trm_stalist} ${section}-${radio}")" fi fi - f_log "debug" "f_setif ::: enabled: ${enabled}, section: ${section}, active_sta: ${trm_activesta:-"-"}, uplink_config: ${trm_uplinkcfg:-"-"}" + f_log "debug" "f_setif ::: uplink_config: ${trm_uplinkcfg:-"-"}, section: ${section}, enabled: ${enabled}, active_sta: ${trm_activesta:-"-"}" +} + +# check router/uplink subnet +# +f_subnet() { + local lan lan_net wan wan_net + + network_flush_cache + network_get_subnet wan "${trm_iface:-"trm_wwan"}" + [ -n "${wan}" ] && wan_net="$("${trm_ipcalccmd}" "${wan}" | "${trm_awkcmd}" 'BEGIN{FS="="}/NETWORK/{printf "%s",$2}')" + network_get_subnet lan "${trm_laniface:-"lan"}" + [ -n "${lan}" ] && lan_net="$("${trm_ipcalccmd}" "${lan}" | "${trm_awkcmd}" 'BEGIN{FS="="}/NETWORK/{printf "%s",$2}')" + if [ -n "${lan_net}" ] && [ -n "${wan_net}" ] && [ "${lan_net}" = "${wan_net}" ]; then + f_log "info" "uplink network '${wan_net}' conflicts with router LAN network, please adjust your network settings" + fi + printf "%s" "${wan_net:-"-"} (lan: ${lan_net:-"-"})" + f_log "debug" "f_subnet ::: lan_net: ${lan_net:-"-"}, wan_net: ${wan_net:-"-"}" } # add open uplinks @@ -648,7 +666,7 @@ f_net() { fi fi printf "%s" "${result}" - f_log "debug" "f_net ::: fetch: ${trm_fetchcmd}, timeout: $((trm_maxwait / 6)), cp (json/html/js): ${json_cp:-"-"}/${html_cp:-"-"}/${js_cp:-"-"}, result: ${result}, error (rc/msg): ${json_ec}/${err_msg:-"-"}, url: ${trm_captiveurl}" + f_log "debug" "f_net ::: timeout: $((trm_maxwait / 6)), cp (json/html/js): ${json_cp:-"-"}/${html_cp:-"-"}/${js_cp:-"-"}, result: ${result}, error (rc/msg): ${json_ec}/${err_msg:-"-"}, url: ${trm_captiveurl}" } # check interface status @@ -721,7 +739,7 @@ f_check() { if [ "${trm_ifstatus}" = "true" ]; then result="$(f_net)" if [ "${trm_captive}" = "1" ]; then - while true; do + while :; do cp_domain="$(printf "%s" "${result}" | "${trm_awkcmd}" -F '['\''| ]' '/^net cp/{printf "%s",$4}')" if [ -x "/etc/init.d/dnsmasq" ] && [ -f "/etc/config/dhcp" ] && [ -n "${cp_domain}" ] && ! uci_get "dhcp" "@dnsmasq[0]" "rebind_domain" | "${trm_grepcmd}" -q "${cp_domain}"; then @@ -843,6 +861,7 @@ f_jsnup() { json_add_string "station_id" "${sta_radio:-"-"}/${sta_essid:-"-"}/${sta_bssid:-"-"}" json_add_string "station_mac" "${sta_mac:-"-"}" json_add_string "station_interfaces" "${sta_iface:-"-"}, ${vpn_iface:-"-"}" + json_add_string "station_subnet" "$(f_subnet)" json_add_string "run_flags" "scan: ${trm_scanmode}, captive: $(f_char ${trm_captive}), proactive: $(f_char ${trm_proactive}), netcheck: $(f_char ${trm_netcheck}), autoadd: $(f_char ${trm_autoadd}), randomize: $(f_char ${trm_randomize})" json_add_string "ext_hooks" "ntp: $(f_char ${ntp_done}), vpn: $(f_char ${vpn_done}), mail: $(f_char ${mail_done})" json_add_string "last_run" "${last_date}" @@ -1083,6 +1102,7 @@ trm_fetchcmd="$(f_cmd curl)" trm_ipcmd="$(f_cmd ip)" trm_iwcmd="$(f_cmd iw)" trm_wpacmd="$(f_cmd wpa_supplicant)" +trm_ipcalccmd="$(f_cmd ipcalc.sh)" # get travelmate version # @@ -1096,7 +1116,7 @@ fi # control travelmate actions # -while true; do +while :; do if [ "${trm_action}" = "stop" ]; then if [ -s "${trm_pidfile}" ]; then f_log "info" "travelmate instance stopped ::: action: ${trm_action}, pid: $(cat ${trm_pidfile} 2>/dev/null)" @@ -1110,7 +1130,7 @@ while true; do f_main trm_action="" fi - while true; do + while :; do sleep "${trm_timeout}" 0 rc="${?}" if [ "${rc}" != "0" ]; then From ea6950a07dd3197120b65f59d6f77f94b6013b9e Mon Sep 17 00:00:00 2001 From: Ralph Siemsen Date: Fri, 17 Oct 2025 16:09:21 -0400 Subject: [PATCH 158/239] znc: do not watch znc.conf for changes ZNC can modify its own config file (znc.conf) during runtime, for example using controlpanel or webadmin modules. Manually editing the znc.conf file while znc is running is strongly discouraged. Thus prodc should not watch this file, it would just lead to znc being restarted unnecessarily. As it happens, no restarts were done, because the watched path was specified incorrectly. It used ZNC_CONFIG instead of ZNC_CONFIG_DIR, and so it watched /tmp/etc/znc/configs/znc.conf/configs/znc.conf which does not exist. Remove the watch of znc.conf as it is not needed. Signed-off-by: Ralph Siemsen (cherry picked from commit 00feb12444c846f1655a3c550c9f751ae552b24b) Signed-off-by: Jonas Gorski --- net/znc/Makefile | 2 +- net/znc/files/znc.init | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/net/znc/Makefile b/net/znc/Makefile index 5a8ca89b176dbc..f3c44671a28e91 100644 --- a/net/znc/Makefile +++ b/net/znc/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=znc PKG_VERSION:=1.10.1 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://znc.in/releases \ diff --git a/net/znc/files/znc.init b/net/znc/files/znc.init index 9355cbb72458e7..10b376da6fde64 100644 --- a/net/znc/files/znc.init +++ b/net/znc/files/znc.init @@ -205,7 +205,6 @@ start_service() { procd_open_instance procd_set_param file /etc/config/znc - [ "$EXTERNAL_CONFIG" -eq 1 ] && procd_set_param file "${ZNC_CONFIG}/configs/znc.conf" procd_set_param command /usr/bin/znc procd_append_param command -f -d$ZNC_CONFIG_PATH procd_set_param user ${RUNAS_USER} From 60606d6f6121160a7d4df421fc44be0cdd214bc7 Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Sun, 19 Oct 2025 20:20:02 +0200 Subject: [PATCH 159/239] travelmate: update 2.2.1-2 - fix a logical glitch in opensta-handling - add a list option 'trm_ssidfilter' to maintain a list of SSID patterns for filtering/skipping specific open uplinks, e.g. 'Chromecast*' (fix #26406) Signed-off-by: Dirk Brenken (cherry picked from commit 65b935cb5861c5a725c480fdd374f2e2d59ef848) --- net/travelmate/Makefile | 2 +- net/travelmate/files/README.md | 2 ++ net/travelmate/files/travelmate.sh | 23 +++++++++++++++++------ 3 files changed, 20 insertions(+), 7 deletions(-) diff --git a/net/travelmate/Makefile b/net/travelmate/Makefile index 536976f52df288..90958e8da8b691 100644 --- a/net/travelmate/Makefile +++ b/net/travelmate/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=travelmate PKG_VERSION:=2.2.1 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/travelmate/files/README.md b/net/travelmate/files/README.md index 558e174aca2567..8c024cc3894c16 100644 --- a/net/travelmate/files/README.md +++ b/net/travelmate/files/README.md @@ -98,6 +98,7 @@ automatically (re)connnects to configured APs/hotspots as they become available. | trm_netcheck | 0, disabled | treat missing internet availability as an error | | trm_proactive | 0, disabled | proactively scan and switch to a higher prioritized uplink, despite of an already existing connection | | trm_autoadd | 0, disabled | automatically add open uplinks like hotel captive portals to your wireless config | +| trm_ssidfilter | -, not set | list of SSID patterns for filtering/skipping specific open uplinks, e.g. 'Chromecast*' | | trm_randomize | 0, disabled | generate a random unicast MAC address for each uplink connection | | trm_triggerdelay | 2 | additional trigger delay in seconds before travelmate processing begins | | trm_maxretry | 3 | retry limit to connect to an uplink | @@ -117,6 +118,7 @@ automatically (re)connnects to configured APs/hotspots as they become available. | trm_stdvpnservice | -, not set | standard vpn service which will be automatically added to new STA profiles | | trm_stdvpniface | -, not set | standard vpn interface which will be automatically added to new STA profiles | + * per uplink exist an additional 'uplink' section in the travelmate config, with the following options: | Option | Default | Description/Valid Values | diff --git a/net/travelmate/files/travelmate.sh b/net/travelmate/files/travelmate.sh index a852f0e2206737..6299cce209c210 100755 --- a/net/travelmate/files/travelmate.sh +++ b/net/travelmate/files/travelmate.sh @@ -30,6 +30,7 @@ trm_timeout="60" trm_radio="" trm_scanmode="active" trm_connection="" +trm_ssidfilter="" trm_ovpninfolist="" trm_vpnifacelist="" trm_vpninfolist="" @@ -73,7 +74,7 @@ f_env() { return fi - unset trm_stalist trm_radiolist trm_uplinklist trm_vpnifacelist trm_uplinkcfg trm_activesta trm_opensta + unset trm_stalist trm_radiolist trm_uplinklist trm_vpnifacelist trm_uplinkcfg trm_activesta trm_opensta trm_ssidfilter trm_sysver="$("${trm_ubuscmd}" -S call system board 2>/dev/null | "${trm_jsoncmd}" -ql1 -e '@.model' -e '@.release.target' -e '@.release.distribution' -e '@.release.version' -e '@.release.revision' | "${trm_awkcmd}" 'BEGIN{RS="";FS="\n"}{printf "%s, %s, %s %s %s %s",$1,$2,$3,$4,$5,$6}')" @@ -90,6 +91,8 @@ f_env() { local option="${1}" value="${2//\"/\\\"}" if [ "${option}" = "trm_vpnifacelist" ] && ! printf "%s" "${trm_vpnifacelist}" | "${trm_grepcmd}" -q "${value}"; then eval "trm_vpnifacelist=\"$(printf "%s" "${trm_vpnifacelist}") ${value}\"" + elif [ "${option}" = "trm_ssidfilter" ] && ! printf "%s" "${trm_ssidfilter}" | "${trm_grepcmd}" -q "${value}"; then + eval "trm_ssidfilter=\"$(printf "%s" "${trm_ssidfilter}") ${value}\"" fi } elif [ "${name}" = "uplink" ]; then @@ -188,7 +191,7 @@ f_wifi() { sleep "$((trm_maxwait / 6))" timeout="$((timeout + (trm_maxwait / 6)))" fi - f_log "debug" "f_wifi ::: radio_list: ${trm_radiolist}, radio: ${radio}, timeout: ${timeout}" + f_log "debug" "f_wifi ::: radio_list: ${trm_radiolist}, ssid_filter: ${trm_ssidfilter:-""}, radio: ${radio}, timeout: ${timeout}" } # vpn helper function @@ -563,8 +566,16 @@ f_subnet() { # add open uplinks # f_addsta() { - local wifi_cfg trm_cfg new_uplink="1" offset="1" radio="${1}" essid="${2}" + local pattern wifi_cfg trm_cfg new_uplink="1" offset="1" radio="${1}" essid="${2}" + for pattern in ${trm_ssidfilter}; do + case "${essid}" in + ${pattern}) + f_log "info" "skipping blacklisted open uplink '${radio}/${essid}'" + return 0 + ;; + esac + done if [ "${trm_maxautoadd}" = "0" ] || [ "${trm_opensta:-0}" -lt "${trm_maxautoadd}" ]; then config_cb() { local type="${1}" name="${2}" @@ -979,11 +990,11 @@ f_main() { if [ -n "${scan_dev}" ]; then [ "${trm_scanmode}" != "passive" ] && scan_mode="" scan_list="$(printf "%b" "$("${trm_iwcmd}" "${scan_dev}" scan ${scan_mode} 2>/dev/null | - "${trm_awkcmd}" '/^BSS /{if(bssid!=""){if(ssid=="")ssid="unknown";printf "%s %s %s %s %s\n",signal,rsn,wpa,bssid,ssid};bssid=toupper(substr($2,1,17));ssid="";signal="";rsn="+";wpa="+"} + "${trm_awkcmd}" '/^BSS /{if(bssid!=""){if(ssid=="")ssid="unknown";printf "%s %s %s %s %s\n",signal,rsn,wpa,bssid,ssid};bssid=toupper(substr($2,1,17));ssid="";signal="";rsn="-";wpa="-"} /signal:/{signal=2*($2 + 100)} /SSID:/{$1="";sub(/^ /,"",$0);ssid="\""$0"\""} - /WPA:/{wpa="-"} - /RSN:/{rsn="-"} + /WPA:/{wpa="+"} + /RSN:/{rsn="+"} END{if(bssid!=""){if(ssid=="")ssid="unknown";printf "%s %s %s %s %s\n",signal,rsn,wpa,bssid,ssid}}' | "${trm_sortcmd}" -rn)")" f_log "debug" "f_main-6 ::: radio: ${radio}, scan_device: ${scan_dev}, scan_mode: ${trm_scanmode:-"active"}, scan_cnt: $(printf "%s" "${scan_list}" | "${trm_grepcmd}" -c "^")" fi From 129e357fb811b94712277358402f09d2fe1e8c58 Mon Sep 17 00:00:00 2001 From: Andrea Pesaresi Date: Mon, 20 Oct 2025 18:29:20 +0300 Subject: [PATCH 160/239] ksmbd-tools: adjust smb2 max read/write/trans and cache Now for all devices with every size of RAM it is set to: `smb2 max read = 64K` `smb2 max write = 64K` `smb2 max trans = 64K` Instead of fixed value to 64K is better to check RAM size and adjust to: 32 ~ 64MB RAM, set the value to 64K 64 ~ 128MB, set it to 128KB 128 ~ 256MB, set it to 1MB More than 256MB leave default size to 4MB With 64MB and 128MB is better also to disable the read/write cache `cache read buffers = no` `cache write buffers = no` Signed-off-by: Andrea Pesaresi (cherry picked from commit 0ca4794564eb7294832636cf46ade680372edebf) --- net/ksmbd-tools/Makefile | 2 +- net/ksmbd-tools/files/ksmbd.conf.template | 5 ----- net/ksmbd-tools/files/ksmbd.init | 24 +++++++++++++++++++++++ 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/net/ksmbd-tools/Makefile b/net/ksmbd-tools/Makefile index a08fe368cbce84..9150acf93d4d27 100644 --- a/net/ksmbd-tools/Makefile +++ b/net/ksmbd-tools/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ksmbd-tools PKG_VERSION:=3.5.3 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/cifsd-team/ksmbd-tools/releases/download/$(PKG_VERSION) diff --git a/net/ksmbd-tools/files/ksmbd.conf.template b/net/ksmbd-tools/files/ksmbd.conf.template index 4cb7be3c07fc0d..2da98b16e2b6b1 100644 --- a/net/ksmbd-tools/files/ksmbd.conf.template +++ b/net/ksmbd-tools/files/ksmbd.conf.template @@ -7,8 +7,3 @@ ipc timeout = 20 deadtime = 15 map to guest = Bad User - smb2 max read = 64K - smb2 max write = 64K - smb2 max trans = 64K - cache read buffers = no - cache trans buffers = no diff --git a/net/ksmbd-tools/files/ksmbd.init b/net/ksmbd-tools/files/ksmbd.init index a14183d58573d8..1a43d995373674 100644 --- a/net/ksmbd-tools/files/ksmbd.init +++ b/net/ksmbd-tools/files/ksmbd.init @@ -12,6 +12,28 @@ config_get_sane() set -- "$(echo "$1" | tr -d '<>[]{};%?=#\n')" } +config_get_ram() +{ + ramsize=$(grep MemTotal /proc/meminfo | awk '{print $2}') + if [ "$ramsize" -lt 65537 ];then + printf "\tsmb2 max read = 64K\n" + printf "\tsmb2 max write = 64K\n" + printf "\tsmb2 max trans = 64K\n" + printf "\tcache read buffers = no\n" + printf "\tcache trans buffers = no\n" + elif [ "$ramsize" -lt 134073 ];then + printf "\tsmb2 max read = 128K\n" + printf "\tsmb2 max write = 128K\n" + printf "\tsmb2 max trans = 128K\n" + printf "\tcache read buffers = no\n" + printf "\tcache trans buffers = no\n" + elif [ "$ramsize" -lt 262146 ];then + printf "\tsmb2 max read = 1M\n" + printf "\tsmb2 max write = 1M\n" + printf "\tsmb2 max trans = 1M\n" + fi +} + smb_header() { config_get_sane SMBD_IFACE "$1" interface "lan" @@ -41,6 +63,8 @@ smb_header() /etc/ksmbd/ksmbd.conf.template > /var/etc/ksmbd/ksmbd.conf { + config_get_ram + printf "\n######### Dynamic written config options #########\n" if [ "$ALLOW_LEGACY_PROTOCOLS" -eq 1 ]; then From 614450c850ef33303adb60331fca9a7a4eb6b45c Mon Sep 17 00:00:00 2001 From: Andrea Pesaresi Date: Mon, 20 Oct 2025 18:29:32 +0300 Subject: [PATCH 161/239] ksmbd-tools: bump to 3.5.4 The major changes are: - Add max ip connections parameter. (ready for future upstream fix) at the moment is reverted by: https://github.com/openwrt/openwrt/commit/18bdeda0113d28170a20e550f45641450089a070 - unlock follow symlinks parameter to support symlink. - send bind_interfaces_only parameter to ksmbd. Signed-off-by: Andrea Pesaresi (cherry picked from commit 47f1bfa717eb28c038cabc6155ffa3a03b8b9c5c) --- net/ksmbd-tools/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/ksmbd-tools/Makefile b/net/ksmbd-tools/Makefile index 9150acf93d4d27..83ebc004b05e66 100644 --- a/net/ksmbd-tools/Makefile +++ b/net/ksmbd-tools/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ksmbd-tools -PKG_VERSION:=3.5.3 -PKG_RELEASE:=2 +PKG_VERSION:=3.5.4 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/cifsd-team/ksmbd-tools/releases/download/$(PKG_VERSION) -PKG_HASH:=e8d55cc53825170d7e5213d48a92b8251dc0d1351601283f6d0995cfd789b4d0 +PKG_HASH:=948a367c76d68614e7dc291b536d383654c66bb44739b217dfdbc29496a53af9 PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=COPYING From f1470815f41fe199bfdafe9a91ad115bc2e91203 Mon Sep 17 00:00:00 2001 From: Andrea Pesaresi Date: Mon, 20 Oct 2025 18:29:44 +0300 Subject: [PATCH 162/239] ksmbd-tools: update to 3.5.5 Major change is: - set server signing to auto by default. In recent versions of Windows 11, server signing is required. However, server signing is disabled by default in ksmbd server. So It is recommended to set server signing = auto as default, so that it is used whenever it is required. Signed-off-by: Andrea Pesaresi (cherry picked from commit a7d51c511cfc4fcfcecbd95b9b5dd02fe8c9439d) --- net/ksmbd-tools/Makefile | 4 ++-- net/ksmbd-tools/files/ksmbd.conf.template | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/net/ksmbd-tools/Makefile b/net/ksmbd-tools/Makefile index 83ebc004b05e66..2efa2ba7fae848 100644 --- a/net/ksmbd-tools/Makefile +++ b/net/ksmbd-tools/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ksmbd-tools -PKG_VERSION:=3.5.4 +PKG_VERSION:=3.5.5 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/cifsd-team/ksmbd-tools/releases/download/$(PKG_VERSION) -PKG_HASH:=948a367c76d68614e7dc291b536d383654c66bb44739b217dfdbc29496a53af9 +PKG_HASH:=72310cf88723d44cb8144a4fa6aa2c60acf84bdc8bb6384547d6a48bc015af9a PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=COPYING diff --git a/net/ksmbd-tools/files/ksmbd.conf.template b/net/ksmbd-tools/files/ksmbd.conf.template index 2da98b16e2b6b1..6bcdbfe144fee5 100644 --- a/net/ksmbd-tools/files/ksmbd.conf.template +++ b/net/ksmbd-tools/files/ksmbd.conf.template @@ -7,3 +7,4 @@ ipc timeout = 20 deadtime = 15 map to guest = Bad User + server signing = auto From fb35b87809c1c24d0c675aa263470f24538682c7 Mon Sep 17 00:00:00 2001 From: Wei-Ting Yang Date: Fri, 5 Sep 2025 10:59:45 +0800 Subject: [PATCH 163/239] python-packaging: update to 25.0 Changelogs can be found in https://github.com/pypa/packaging/releases. Signed-off-by: Wei-Ting Yang (cherry picked from commit 7289cb01199ab254ad1bc8f1526e242380ee4db7) --- lang/python/python-packaging/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/python/python-packaging/Makefile b/lang/python/python-packaging/Makefile index 1bec008bea4dcb..2c1e440b5dca41 100644 --- a/lang/python/python-packaging/Makefile +++ b/lang/python/python-packaging/Makefile @@ -7,11 +7,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-packaging -PKG_VERSION:=23.2 +PKG_VERSION:=25.0 PKG_RELEASE:=1 PYPI_NAME:=packaging -PKG_HASH:=048fb0e9405036518eaaf48a55953c750c11e1a1b68e0dd1a9d62ed0c092cfc5 +PKG_HASH:=d443872c98d677bf60f6a1f2f8c1cb748e8fe762d2bf9d3148b5599295b0fc4f PKG_MAINTAINER:=Jan Pavlinec , Jeffery To PKG_LICENSE:=Apache-2.0 BSD-2-Clause From e160ba18d5d2022d1a08cf39055f68bc712241f5 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Wed, 1 Oct 2025 00:57:57 +0200 Subject: [PATCH 164/239] python-hatchling: update to version 1.27.0 Release notes: https://github.com/pypa/hatch/releases/tag/hatchling-v1.27.0 Signed-off-by: Josef Schlehofer (cherry picked from commit 4d521dfbeb99cd3800791eabc71248422ca6de06) --- lang/python/python-hatchling/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/python/python-hatchling/Makefile b/lang/python/python-hatchling/Makefile index b44b7774bff30b..a9842ebc0ea855 100644 --- a/lang/python/python-hatchling/Makefile +++ b/lang/python/python-hatchling/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-hatchling -PKG_VERSION:=1.18.0 +PKG_VERSION:=1.27.0 PKG_RELEASE:=1 PYPI_NAME:=hatchling -PKG_HASH:=50e99c3110ce0afc3f7bdbadff1c71c17758e476731c27607940cfa6686489ca +PKG_HASH:=971c296d9819abb3811112fc52c7a9751c8d381898f36533bb16f9791e941fd6 PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE.txt From 62819b7e569791fe8727003548627104cbb4d859 Mon Sep 17 00:00:00 2001 From: Wei-Ting Yang Date: Sat, 23 Aug 2025 18:49:18 +0800 Subject: [PATCH 165/239] python-urllib3: update to 2.5.0 Changelogs can be found in https://github.com/urllib3/urllib3/releases. Signed-off-by: Wei-Ting Yang (cherry picked from commit c6ba0ce29205b14a9b1052555340f0081463885a) --- lang/python/python-urllib3/Makefile | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/lang/python/python-urllib3/Makefile b/lang/python/python-urllib3/Makefile index 8513fb6876839a..7c95cc5f125ab5 100644 --- a/lang/python/python-urllib3/Makefile +++ b/lang/python/python-urllib3/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-urllib3 -PKG_VERSION:=2.0.7 +PKG_VERSION:=2.5.0 PKG_RELEASE:=1 PKG_MAINTAINER:=Josef Schlehofer @@ -17,10 +17,16 @@ PKG_LICENSE_FILES:=LICENSE.txt PKG_CPE_ID:=cpe:/a:python:urllib3 PYPI_NAME:=urllib3 -PKG_HASH:=c97dfde1f7bd43a71c8d2a58e369e9b2bf692d1334ea9f9cae55add7d0dd0f84 - -PKG_BUILD_DEPENDS:=python-hatchling/host -HOST_BUILD_DEPENDS:=python-hatchling/host +PKG_HASH:=3fc47733c7e419d4bc3f6b3dc2b4f890bb743906a30d56ba4a5bfa4bbff92760 + +PKG_BUILD_DEPENDS:= \ + python-hatch-vcs/host \ + python-hatchling/host \ + python-setuptools-scm/host +HOST_BUILD_DEPENDS:= \ + python-hatch-vcs/host \ + python-hatchling/host \ + python-setuptools-scm/host include ../pypi.mk include $(INCLUDE_DIR)/package.mk From c1a3e22aaff36c12d89b58b7d9e4e83582901fc8 Mon Sep 17 00:00:00 2001 From: Alexandru Ardelean Date: Fri, 23 Aug 2024 16:15:42 +0300 Subject: [PATCH 166/239] python-lxml: bump to version 5.3.0 Signed-off-by: Alexandru Ardelean (cherry picked from commit 9060de91b04b6d903e4438edfb95e26655c7605e) --- lang/python/python-lxml/Makefile | 4 ++-- .../patches/001-downgrade-cython-requirement.patch | 9 +++++++++ lang/python/python-lxml/test.sh | 2 -- 3 files changed, 11 insertions(+), 4 deletions(-) create mode 100644 lang/python/python-lxml/patches/001-downgrade-cython-requirement.patch diff --git a/lang/python/python-lxml/Makefile b/lang/python/python-lxml/Makefile index d517cd8401511a..4253d92367bfd6 100644 --- a/lang/python/python-lxml/Makefile +++ b/lang/python/python-lxml/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-lxml -PKG_VERSION:=5.2.2 +PKG_VERSION:=5.3.0 PKG_RELEASE:=1 PYPI_NAME:=lxml -PKG_HASH:=bb2dc4898180bea79863d5487e5f9c7c34297414bad54bcd0f0852aee9cfdb87 +PKG_HASH:=4e109ca30d1edec1ac60cdbe341905dc3b8f55b16855e03a54aaf59e51ec8c6f PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSES.txt diff --git a/lang/python/python-lxml/patches/001-downgrade-cython-requirement.patch b/lang/python/python-lxml/patches/001-downgrade-cython-requirement.patch new file mode 100644 index 00000000000000..f73f46c737b625 --- /dev/null +++ b/lang/python/python-lxml/patches/001-downgrade-cython-requirement.patch @@ -0,0 +1,9 @@ +--- a/pyproject.toml ++++ b/pyproject.toml +@@ -1,5 +1,5 @@ + [build-system] +-requires = ["Cython>=3.0.11", "setuptools", "wheel"] ++requires = ["Cython>=3.0.10", "setuptools", "wheel"] + + [tool.cibuildwheel] + build-verbosity = 2 diff --git a/lang/python/python-lxml/test.sh b/lang/python/python-lxml/test.sh index 6ea15a0e8e4d32..e175d9239cd64c 100644 --- a/lang/python/python-lxml/test.sh +++ b/lang/python/python-lxml/test.sh @@ -1,7 +1,5 @@ #!/bin/sh -[ "$1" = "python3-lxml" ] || exit 0 - EXP_VER="$2" python3 - << EOF From 0f4782d14432078bd66589dc5c34cb43978d206d Mon Sep 17 00:00:00 2001 From: Alexandru Ardelean Date: Sun, 11 May 2025 07:40:14 +0300 Subject: [PATCH 167/239] python-lxml: bump to version 5.4.0 Signed-off-by: Alexandru Ardelean (cherry picked from commit eeacf8474b4ce4d174b6f0fe135345f36f4d0d00) --- lang/python/python-lxml/Makefile | 4 ++-- .../patches/001-downgrade-cython-requirement.patch | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lang/python/python-lxml/Makefile b/lang/python/python-lxml/Makefile index 4253d92367bfd6..e72924cc875e56 100644 --- a/lang/python/python-lxml/Makefile +++ b/lang/python/python-lxml/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-lxml -PKG_VERSION:=5.3.0 +PKG_VERSION:=5.4.0 PKG_RELEASE:=1 PYPI_NAME:=lxml -PKG_HASH:=4e109ca30d1edec1ac60cdbe341905dc3b8f55b16855e03a54aaf59e51ec8c6f +PKG_HASH:=d12832e1dbea4be280b22fd0ea7c9b87f0d8fc51ba06e92dc62d52f804f78ebd PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSES.txt diff --git a/lang/python/python-lxml/patches/001-downgrade-cython-requirement.patch b/lang/python/python-lxml/patches/001-downgrade-cython-requirement.patch index f73f46c737b625..22429e7fc16bb9 100644 --- a/lang/python/python-lxml/patches/001-downgrade-cython-requirement.patch +++ b/lang/python/python-lxml/patches/001-downgrade-cython-requirement.patch @@ -2,8 +2,8 @@ +++ b/pyproject.toml @@ -1,5 +1,5 @@ [build-system] --requires = ["Cython>=3.0.11", "setuptools", "wheel"] +-requires = ["Cython>=3.0.11, < 3.1.0", "setuptools", "wheel"] +requires = ["Cython>=3.0.10", "setuptools", "wheel"] [tool.cibuildwheel] - build-verbosity = 2 + build-verbosity = 1 From 9f66360e54a489350ebbc178f634911dc4d30866 Mon Sep 17 00:00:00 2001 From: Finn Landweber Date: Wed, 20 Nov 2024 14:39:59 +0100 Subject: [PATCH 168/239] python-setuptools-scm: update to 8.1.0 Signed-off-by: Finn Landweber (cherry picked from commit c6989438c342550d6988b45b53f49199792f3314) --- lang/python/python-setuptools-scm/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lang/python/python-setuptools-scm/Makefile b/lang/python/python-setuptools-scm/Makefile index 5e197a57f9af6e..305c297d16a7d7 100644 --- a/lang/python/python-setuptools-scm/Makefile +++ b/lang/python/python-setuptools-scm/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-setuptools-scm -PKG_VERSION:=7.1.0 -PKG_RELEASE:=2 +PKG_VERSION:=8.1.0 +PKG_RELEASE:=1 PYPI_NAME:=setuptools-scm PYPI_SOURCE_NAME:=setuptools_scm -PKG_HASH:=6c508345a771aad7d56ebff0e70628bf2b0ec7573762be9960214730de278f27 +PKG_HASH:=42dea1b65771cba93b7a515d65a65d8246e560768a66b9106a592c8e7f26c8a7 PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE From 1991fde201138c5e4560c42899c986479f6aba01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0tetiar?= Date: Wed, 21 May 2025 18:48:30 +0000 Subject: [PATCH 169/239] lvm2: install: fix "Argument list too long" error when copying symlinks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It was reported that in some build environments the install step fails with following: find /home/.../buildsystem/build_dir/target-aarch64-unknown-linux-gnu_musl/lvm2-normal/LVM2.2.03.22/ipkg-install/usr/sbin/ -type l -exec cp -fpR -a {} /home/.../buildsystem/build_dir/target-aarch64-unknown-linux-gnu_musl/lvm2-normal/LVM2.2.03.22/.pkgdir/lvm2/sbin/ \; make[6]: /bin/sh: Argument list too long This is likely happening once the number of symlinks exceeds the shell's maximum argument limit. So lets fix it by switching to more reliable xargs based solution: print0/xargs -0 to handle filenames with special characters xargs -r to skip execution if no files are found cp -t to specify the target directory once instead of for each file Fixes: #26552 Signed-off-by: Petr Štetiar (cherry picked from commit 073b460cb199d096e71f48279efe4e7b4fd64e57) --- utils/lvm2/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/lvm2/Makefile b/utils/lvm2/Makefile index e9ed9336742ff8..1f63343f65cfca 100644 --- a/utils/lvm2/Makefile +++ b/utils/lvm2/Makefile @@ -148,7 +148,7 @@ define Package/lvm2/install $(INSTALL_BIN) ./files/lvm2.init $(1)/etc/init.d/lvm2 $(INSTALL_DIR) $(1)/etc/hotplug.d/block $(INSTALL_DATA) ./files/lvm2.hotplug $(1)/etc/hotplug.d/block/20-lvm2 - $(FIND) $(PKG_INSTALL_DIR)/usr/sbin/ -type l -exec $(CP) -a {} $(1)/sbin/ \; + $(FIND) $(PKG_INSTALL_DIR)/usr/sbin/ -type l -print0 | xargs -0 -r $(CP) -a -t $(1)/sbin/ endef Package/lvm2-selinux/install = $(Package/lvm2/install) From 644ab8c708321d1d3b2317d572507707b72537bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20H=C3=A1k?= Date: Thu, 16 Oct 2025 15:23:29 +0200 Subject: [PATCH 170/239] knot: update to version 3.5.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Release notes: https://www.knot-dns.cz/2025-10-16-version-351.html Delete patches already merged into master branch Signed-off-by: Jan Hák (cherry picked from commit 9fe9b952f7a3ca2a1143fe69e3283d573480be39) --- net/knot/Makefile | 4 +-- net/knot/patches/03_common_stats.patch | 22 ---------------- ...onfigure_fix_linking_with_libhiredis.patch | 25 ------------------- 3 files changed, 2 insertions(+), 49 deletions(-) delete mode 100644 net/knot/patches/03_common_stats.patch delete mode 100644 net/knot/patches/04_configure_fix_linking_with_libhiredis.patch diff --git a/net/knot/Makefile b/net/knot/Makefile index a7e51f6920a3ac..b564d997541a96 100644 --- a/net/knot/Makefile +++ b/net/knot/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=knot -PKG_VERSION:=3.5.0 +PKG_VERSION:=3.5.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://secure.nic.cz/files/knot-dns/ -PKG_HASH:=d52538bf7364c280999dec58c2a02a405dd922ef5794da1473ca7c3cf7f01277 +PKG_HASH:=a614d5226ceed4b4cdd4a3badbb0297ea0f987f65948e4eb828119a3b5ac0a4b PKG_MAINTAINER:=Daniel Salzman PKG_LICENSE:=GPL-2.0-or-later LGPL-2.0-or-later MIT ISC BSD-3-Clause diff --git a/net/knot/patches/03_common_stats.patch b/net/knot/patches/03_common_stats.patch deleted file mode 100644 index 6d965a5fb88d80..00000000000000 --- a/net/knot/patches/03_common_stats.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 4f02c29b67790ff05f23fc6593e145be7c223c70 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jan=20H=C3=A1k?= -Date: Tue, 23 Sep 2025 12:52:25 +0200 -Subject: [PATCH] fix: failing build of knot/common/stats.c on PowerPC and MIPS - ---- - src/knot/common/stats.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/src/knot/common/stats.c -+++ b/src/knot/common/stats.c -@@ -127,8 +127,8 @@ int stats_server(stats_dump_ctr_f fcn, s - } - - DUMP_VAL(params, "zone-count", knot_zonedb_size(ctx->server->zone_db)); -- DUMP_VAL(params, "tcp-io-timeout", ctx->server->stats.tcp_io_timeout); -- DUMP_VAL(params, "tcp-idle-timeout", ctx->server->stats.tcp_idle_timeout); -+ DUMP_VAL(params, "tcp-io-timeout", ATOMIC_GET(ctx->server->stats.tcp_io_timeout)); -+ DUMP_VAL(params, "tcp-idle-timeout", ATOMIC_GET(ctx->server->stats.tcp_idle_timeout)); - - return KNOT_EOK; - } diff --git a/net/knot/patches/04_configure_fix_linking_with_libhiredis.patch b/net/knot/patches/04_configure_fix_linking_with_libhiredis.patch deleted file mode 100644 index 8c11efa49ae5a8..00000000000000 --- a/net/knot/patches/04_configure_fix_linking_with_libhiredis.patch +++ /dev/null @@ -1,25 +0,0 @@ -From e1e8a763086efd91b3b167ec238c10d46c6e6a31 Mon Sep 17 00:00:00 2001 -From: Daniel Salzman -Date: Fri, 26 Sep 2025 14:46:20 +0200 -Subject: [PATCH] configure: fix linking with libhiredis if --disable-redis - ---- - configure.ac | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - ---- a/configure.ac -+++ b/configure.ac -@@ -264,11 +264,9 @@ AC_ARG_ENABLE([redis], - AS_HELP_STRING([--enable-redis=auto|yes|no], [enable Redis support [default=auto]]), - [], [enable_redis=auto]) - --PKG_CHECK_MODULES([hiredis], [hiredis], [have_hiredis=yes], [have_hiredis=no]) -- - AS_CASE([$enable_redis], -- [auto], [AS_IF([test "$have_hiredis" = "yes"], [enable_redis=yes], [enable_redis=no])], -- [yes], [AS_IF([test "$have_hiredis" = "yes"], [enable_redis=yes], [AC_MSG_ERROR([libhiredis not available])])], -+ [auto], [PKG_CHECK_MODULES([hiredis], [hiredis], [enable_redis=yes], [enable_redis=no])], -+ [yes], [PKG_CHECK_MODULES([hiredis], [hiredis], [enable_redis=yes], [AC_MSG_ERROR([libhiredis not available])])], - [no], [], - [*], [AC_MSG_ERROR([Invalid value of --enable-redis.])] - ) From 28c2351f8f00c08b7d29ff5e2c5807450b53410e Mon Sep 17 00:00:00 2001 From: Robert Marko Date: Tue, 21 Oct 2025 14:25:38 +0200 Subject: [PATCH 171/239] mhz: update to latest version Update mhz to latest version to include new calibration features. Signed-off-by: Robert Marko (cherry picked from commit 7ef10e0364e41a94599c0423f3c3062e067082c5) --- utils/mhz/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/utils/mhz/Makefile b/utils/mhz/Makefile index 7ebf26c47f1298..5b9e08602206c8 100644 --- a/utils/mhz/Makefile +++ b/utils/mhz/Makefile @@ -1,13 +1,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=mhz -PKG_RELEASE:=2 +PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=https://github.com/wtarreau/mhz.git -PKG_SOURCE_DATE:=2023-06-17 -PKG_SOURCE_VERSION:=11aac2399780a1f7ea9f007b14af0464797d5cf1 -PKG_MIRROR_HASH:=3accbc6ff26b029d257686e1a7c7f9a40ef5d914a031d31f4d46a807edbad7c3 +PKG_SOURCE_DATE:=2025-07-26 +PKG_SOURCE_VERSION:=512f63021f6f0cec8e5e13be744dba0b4704cfae +PKG_MIRROR_HASH:=1827af2ed7a3c6f4499f6aacafcb668c3efcb1274135dfa50fe5ffa3eca4e140 PKG_MAINTAINER:=Robert Marko PKG_LICENSE:=MIT From 1326c21ec15dea12d834db9d7b2d975f34f6c3ec Mon Sep 17 00:00:00 2001 From: George Sapkin Date: Fri, 3 Oct 2025 02:07:39 +0300 Subject: [PATCH 172/239] python-trove-classifiers: bump to 2025.9.11.17 Adds classifier for Python 3.15. More details can be found in their tags: https://github.com/pypa/trove-classifiers/releases Signed-off-by: George Sapkin (cherry picked from commit d856cb45e35377c5de9ca0f30283528a6565fef1) --- lang/python/python-trove-classifiers/Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lang/python/python-trove-classifiers/Makefile b/lang/python/python-trove-classifiers/Makefile index fd802604717adb..8a5633c146a8ab 100644 --- a/lang/python/python-trove-classifiers/Makefile +++ b/lang/python/python-trove-classifiers/Makefile @@ -8,11 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-trove-classifiers -PKG_VERSION:=2023.11.29 +PKG_VERSION:=2025.9.11.17 PKG_RELEASE:=1 PYPI_NAME:=trove-classifiers -PKG_HASH:=ff8f7fd82c7932113b46e7ef6742c70091cc63640c8c65db00d91f2e940b9514 +PYPI_SOURCE_NAME:=trove_classifiers +PKG_HASH:=931ca9841a5e9c9408bc2ae67b50d28acf85bef56219b56860876dd1f2d024dd PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE From 91b94c2cb9498833fbaa985f7847329b879dabf8 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Wed, 1 Oct 2025 00:53:08 +0200 Subject: [PATCH 173/239] tor: update to version 0.4.8.18 Release notes: https://gitlab.torproject.org/tpo/core/tor/-/blob/tor-0.4.8.18/ChangeLog Signed-off-by: Josef Schlehofer (cherry picked from commit 9bfc5a2a74d08cab7b9f3e3cf12783939bfa1291) --- net/tor/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/tor/Makefile b/net/tor/Makefile index 2bfd3025943ef0..b4a0fc8c457c39 100644 --- a/net/tor/Makefile +++ b/net/tor/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tor -PKG_VERSION:=0.4.8.17 +PKG_VERSION:=0.4.8.18 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://dist.torproject.org/ \ https://archive.torproject.org/tor-package-archive -PKG_HASH:=79b4725e1d4b887b9e68fd09b0d2243777d5ce3cd471e538583bcf6f9d8cdb56 +PKG_HASH:=4aea6c109d4eff4ea2bafb905a7e6b0a965d14fe856214b02fcd9046b4d93af8 PKG_MAINTAINER:=Hauke Mehrtens \ Peter Wagner PKG_LICENSE:=BSD-3-Clause From 34a99de9c21686358badcf080c1ccd0f99cf4f8a Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Wed, 1 Oct 2025 00:33:08 +0200 Subject: [PATCH 174/239] gzip: update to version 1.14 Add TARGET_CFLAGS += -std=gnu17 to fix following error discovered by CI/CD: 2025-09-30T23:53:47.3168066Z In file included from gzip.c:66: 2025-09-30T23:53:47.3189341Z gzip.c:131:34: error: expected declaration specifiers or '...' before numeric constant 2025-09-30T23:53:47.3190258Z 131 | # define BUFFER_ALIGNED alignas (4096) 2025-09-30T23:53:47.3190760Z | ^~~~ 2025-09-30T23:53:47.3191259Z gzip.h:108:39: note: in definition of macro 'DECLARE' 2025-09-30T23:53:47.3191864Z 108 | # define DECLARE(type, array, size) type array[size] 2025-09-30T23:53:47.3192411Z | ^~~~ 2025-09-30T23:53:47.3192942Z gzip.c:135:13: note: in expansion of macro 'BUFFER_ALIGNED' 2025-09-30T23:53:47.3193587Z 135 | DECLARE(uch BUFFER_ALIGNED, inbuf, INBUFSIZ +INBUF_EXTRA); 2025-09-30T23:53:47.3194137Z | ^~~~~~~~~~~~~~ 2025-09-30T23:53:47.3194752Z gzip.c:131:34: error: expected declaration specifiers or '...' before numeric constant 2025-09-30T23:53:47.3195442Z 131 | # define BUFFER_ALIGNED alignas (4096) 2025-09-30T23:53:47.3195880Z | ^~~~ 2025-09-30T23:53:47.3196330Z gzip.h:108:39: note: in definition of macro 'DECLARE' 2025-09-30T23:53:47.3197297Z 108 | # define DECLARE(type, array, size) type array[size] 2025-09-30T23:53:47.3197829Z | ^~~~ 2025-09-30T23:53:47.3198342Z gzip.c:136:13: note: in expansion of macro 'BUFFER_ALIGNED' 2025-09-30T23:53:47.3199113Z 136 | DECLARE(uch BUFFER_ALIGNED, outbuf, OUTBUFSIZ+OUTBUF_EXTRA); 2025-09-30T23:53:47.3199957Z | ^~~~~~~~~~~~~~ 2025-09-30T23:53:47.3200589Z gzip.c:131:34: error: expected declaration specifiers or '...' before numeric constant 2025-09-30T23:53:47.3201250Z 131 | # define BUFFER_ALIGNED alignas (4096) 2025-09-30T23:53:47.3201688Z | ^~~~ 2025-09-30T23:53:47.3202128Z gzip.h:108:39: note: in definition of macro 'DECLARE' 2025-09-30T23:53:47.3202665Z 108 | # define DECLARE(type, array, size) type array[size] 2025-09-30T23:53:47.3203150Z | ^~~~ 2025-09-30T23:53:47.3203642Z gzip.c:138:13: note: in expansion of macro 'BUFFER_ALIGNED' 2025-09-30T23:53:47.3204203Z 138 | DECLARE(uch BUFFER_ALIGNED, window, 2L*WSIZE); 2025-09-30T23:53:47.3204684Z | ^~~~~~~~~~~~~~ - Release announcement: https://lists.gnu.org/archive/html/info-gnu/2025-04/msg00007.html Signed-off-by: Josef Schlehofer (cherry picked from commit 3bf64e39b281b9736fbbd6acf52c18e6d595f50c) --- utils/gzip/Makefile | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/utils/gzip/Makefile b/utils/gzip/Makefile index 64189a8bc353ce..c4c50465c88a90 100644 --- a/utils/gzip/Makefile +++ b/utils/gzip/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=gzip -PKG_VERSION:=1.13 +PKG_VERSION:=1.14 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@GNU/gzip -PKG_HASH:=7454eb6935db17c6655576c2e1b0fabefd38b4d0936e0f87f48cd062ce91a057 +PKG_HASH:=01a7b881bd220bfdf615f97b8718f80bdfd3f6add385b993dcf6efd14e8c0ac6 PKG_LICENSE:=GPL-3.0-or-later PKG_CPE_ID:=cpe:/a:gnu:gzip @@ -40,6 +40,9 @@ define Package/gzip/description replacement for compress. endef + +TARGET_CFLAGS += -std=gnu17 + CONFIGURE_VARS += \ gl_cv_func_getopt_gnu=yes \ ac_cv_search_clock_gettime=no From d04de4200e3fbdf5e53bfc04528fa882b40b294a Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Wed, 1 Oct 2025 00:07:27 +0200 Subject: [PATCH 175/239] yt-dlp: update to version 2025.9.26 Release notes: https://github.com/yt-dlp/yt-dlp/releases/tag/2025.09.23 https://github.com/yt-dlp/yt-dlp/releases/tag/2025.09.26 Signed-off-by: Josef Schlehofer (cherry picked from commit c7253f97a3ff8fdc5a0877fd790dd4314e83f659) --- multimedia/yt-dlp/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/multimedia/yt-dlp/Makefile b/multimedia/yt-dlp/Makefile index 64b276e63b00a5..5760affa34df28 100644 --- a/multimedia/yt-dlp/Makefile +++ b/multimedia/yt-dlp/Makefile @@ -1,11 +1,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=yt-dlp -PKG_VERSION:=2025.9.5 +PKG_VERSION:=2025.9.26 PKG_RELEASE:=1 PYPI_NAME:=yt-dlp -PKG_HASH:=9ce080f80b2258e872fe8a75f4707ea2c644e697477186e20b9a04d9a9ea37cf +PKG_HASH:=c148ae8233ac4ce6c5fbf6f70fcc390f13a00f59da3776d373cf88c5370bda86 PYPI_SOURCE_NAME:=yt_dlp PKG_MAINTAINER:=George Sapkin From 58eb9bbf1d04a503a5ef658f9a6b68831a99791c Mon Sep 17 00:00:00 2001 From: "W. Michael Petullo" Date: Sat, 31 May 2025 07:44:02 -0500 Subject: [PATCH 176/239] python-networkx: update to 3.5 Upstream list of changes is available at https://github.com/networkx/networkx/releases/tag/networkx-3.5. Signed-off-by: W. Michael Petullo (cherry picked from commit ac839af473ad5030b8cbb5ac624b97a93105dd00) --- lang/python/python-networkx/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/python/python-networkx/Makefile b/lang/python/python-networkx/Makefile index 1f67591e443b67..50f8c945b76a93 100644 --- a/lang/python/python-networkx/Makefile +++ b/lang/python/python-networkx/Makefile @@ -6,11 +6,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-networkx -PKG_VERSION:=3.3 +PKG_VERSION:=3.5 PKG_RELEASE:=1 PYPI_NAME:=networkx -PKG_HASH:=0c127d8b2f4865f59ae9cb8aafcd60b5c70f3241ebd66f7defad7c4ab90126c9 +PKG_HASH:=d4c6f9cf81f52d69230866796b82afbccdec3db7ae4fbd1b65ea750feed50037 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE.txt From ef893976e746ba568a454214fe8e5fbbe3c3e5ed Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Mon, 3 Mar 2025 12:18:13 +0100 Subject: [PATCH 177/239] python3-host.mk: disable pip --no-binary on macOS For some reason, pip builds a broken Cython, which segfaults on attempting to install wheel. Work around this by allowing to use precompiled wheels. Signed-off-by: Felix Fietkau (cherry picked from commit d798ccce9afb38b12443b6e7a4b7373fc4ef5f17) --- lang/python/python3-host.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lang/python/python3-host.mk b/lang/python/python3-host.mk index ae34ba7277bfbb..64d4e373e86877 100644 --- a/lang/python/python3-host.mk +++ b/lang/python/python3-host.mk @@ -109,7 +109,7 @@ define HostPython3/PipInstall $(HOST_PYTHON3_PIP_VARS) \ $(HOST_PYTHON3_PIP) \ install \ - --no-binary :all: \ + $(if $(findstring Darwin,$(HOST_OS)),,--no-binary :all:) \ --progress-bar off \ --require-hashes \ $(1) \ From b021aba0b4dedefafc08a793986ebeed16f86702 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Fri, 3 Oct 2025 11:34:46 +0200 Subject: [PATCH 178/239] multi-arch-test-build: run it only after the Formality check succeeds Most of the time, when people contribute to the repository for the first time (or after a longer break), the multi-arch-test-build passes, but the formality check fails and requires the contributor to make some changes. This creates unnecessary load on the CI/CD, since the multi-arch-test-build runs again even though it already passed, while other PRs are waiting for a runner. Hopefully, this change will help decrease the waiting time. Proposed changes: - Run the formality check first, and only trigger the package tests afterwards. This can be done using needs: https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idneeds - Merge formal.yml into multi-arch-test-build.yml so that needs can be used. Signed-off-by: Josef Schlehofer (cherry picked from commit 4474f539bb737d5c333ea58c4b9176857fd77e14) --- .github/workflows/formal.yml | 12 ------------ .github/workflows/multi-arch-test-build.yml | 7 ++++++- 2 files changed, 6 insertions(+), 13 deletions(-) delete mode 100644 .github/workflows/formal.yml diff --git a/.github/workflows/formal.yml b/.github/workflows/formal.yml deleted file mode 100644 index 081129d6f0e21b..00000000000000 --- a/.github/workflows/formal.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: Test Formalities - -on: - pull_request: - -permissions: - contents: read - -jobs: - build: - name: Test Formalities - uses: openwrt/actions-shared-workflows/.github/workflows/formal.yml@main diff --git a/.github/workflows/multi-arch-test-build.yml b/.github/workflows/multi-arch-test-build.yml index e5ac78c01ae972..2a78a114e6d9fa 100644 --- a/.github/workflows/multi-arch-test-build.yml +++ b/.github/workflows/multi-arch-test-build.yml @@ -1,9 +1,14 @@ -name: Feeds Package Test Build +name: Test and Build on: pull_request: jobs: + formalities: + name: Test Formalities + uses: openwrt/actions-shared-workflows/.github/workflows/formal.yml@main + build: name: Feeds Package Test Build + needs: formalities uses: openwrt/actions-shared-workflows/.github/workflows/multi-arch-test-build.yml@main From 83bde05206c04c7d8ecd279ca037992a96bb2aaa Mon Sep 17 00:00:00 2001 From: Robert Marko Date: Sun, 18 May 2025 13:44:33 +0200 Subject: [PATCH 179/239] strongswan: mark UCI plugin as broken UCI plugin in strongswan has been broken for years, and now its causing strongswan to fail compilation. So, instead of the whole strongswan package to be failing and missing from feeds simply make UCI plug depend on @BROKEN. Signed-off-by: Robert Marko (cherry picked from commit a8c89a0c77b71c1699c57b7c6d70b034a271d678) --- net/strongswan/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile index 672f1a809a9100..3e33a7a8219c45 100644 --- a/net/strongswan/Makefile +++ b/net/strongswan/Makefile @@ -736,7 +736,7 @@ $(eval $(call BuildPlugin,sqlite,SQLite database interface,+strongswan-mod-sql + $(eval $(call BuildPlugin,sshkey,SSH key decoding,)) $(eval $(call BuildPlugin,stroke,Stroke,+strongswan-charon +strongswan-ipsec)) $(eval $(call BuildPlugin,test-vectors,crypto test vectors,)) -$(eval $(call BuildPlugin,uci,UCI config interface,+PACKAGE_strongswan-mod-uci:libuci)) +$(eval $(call BuildPlugin,uci,UCI config interface,+PACKAGE_strongswan-mod-uci:libuci @BROKEN)) $(eval $(call BuildPlugin,unity,Cisco Unity extension,)) $(eval $(call BuildPlugin,updown,updown firewall,+iptables +IPV6:ip6tables +iptables-mod-ipsec +kmod-ipt-ipsec)) $(eval $(call BuildPlugin,vici,Versatile IKE Configuration Interface,)) From 961d703b8b2cc6ce10658160c02b7e2043b7acde Mon Sep 17 00:00:00 2001 From: Joel Low Date: Sat, 8 Feb 2025 16:23:01 +0800 Subject: [PATCH 180/239] strongswan: preserve changed configuration files After reinstalling the packages with the preserved configuration files after a sysupgrade, the reinstalled package config files overwrite what is on disk rather than being placed as conf-opkg. Defining these config files will preserve them appropriately. Signed-off-by: Joel Low (cherry picked from commit 03088536db1a494d285fc092a52511e9ae217e90) --- net/strongswan/Makefile | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile index 3e33a7a8219c45..b746c64925c7bf 100644 --- a/net/strongswan/Makefile +++ b/net/strongswan/Makefile @@ -462,6 +462,10 @@ define BuildPlugin $(call Plugin/$(1)/install,$$(1)) endef + define Package/strongswan-mod-$(1)/conffiles +/etc/strongswan.d/charon/$(1).conf +endef + $$(eval $$(call BuildPackage,strongswan-mod-$(1))) endef @@ -525,6 +529,11 @@ define Package/strongswan-charon/install $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libcharon.so.* $(1)/usr/lib/ipsec/ endef +define Package/strongswan-charon/conffiles +/etc/strongswan.d/charon.conf +/etc/strongswan.d/charon-logging.conf +endef + define Package/strongswan-charon-cmd/install $(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/charon-cmd $(1)/usr/sbin/ From 80e392b49cf4f88a36b5c020ac79c0af16149dac Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Tue, 21 Oct 2025 22:42:41 +0200 Subject: [PATCH 181/239] syslog-ng: update to version 4.10.2 Release notes: https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.10.2 Signed-off-by: Josef Schlehofer (cherry picked from commit b5d9b7cf9d33ce3284c4d618e365ae8c34d82c68) --- admin/syslog-ng/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/admin/syslog-ng/Makefile b/admin/syslog-ng/Makefile index 885954d9020641..9cbfaf7e3df89d 100644 --- a/admin/syslog-ng/Makefile +++ b/admin/syslog-ng/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=syslog-ng -PKG_VERSION:=4.10.1 +PKG_VERSION:=4.10.2 PKG_RELEASE:=1 PKG_MAINTAINER:=Josef Schlehofer @@ -11,7 +11,7 @@ PKG_CPE_ID:=cpe:/a:oneidentity:syslog-ng PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/syslog-ng/syslog-ng/releases/download/$(PKG_NAME)-$(PKG_VERSION)/ -PKG_HASH:=dea90cf1dc4b8674ff191e0032f9dabc24b291abfd7f110fd092ae5f21cde5d7 +PKG_HASH:=841503de6c2486e66fd08f0c62ac2568fc8ed1021297f855e8acd58ad7caff76 PKG_BUILD_PARALLEL:=1 PKG_INSTALL:=1 From 5cf245f6ad6f5849bdc0fc2c73866ecd475ff4e4 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Wed, 22 Oct 2025 02:20:02 +0200 Subject: [PATCH 182/239] python-hatch-requirements-txt: bump to 0.4.1 Release notes: https://github.com/repo-helper/hatch-requirements-txt/releases/tag/v0.4.1 Signed-off-by: Josef Schlehofer (cherry picked from commit f182a567aa8eccda99d2309e4cb302bb898d4ecd) --- lang/python/python-hatch-requirements-txt/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/python/python-hatch-requirements-txt/Makefile b/lang/python/python-hatch-requirements-txt/Makefile index ae6cd13b9dd4bc..dbd51c3a47bf96 100644 --- a/lang/python/python-hatch-requirements-txt/Makefile +++ b/lang/python/python-hatch-requirements-txt/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-hatch-requirements-txt -PKG_VERSION:=0.4.0 +PKG_VERSION:=0.4.1 PKG_RELEASE:=1 PYPI_NAME:=hatch-requirements-txt PYPI_SOURCE_NAME:=hatch_requirements_txt -PKG_HASH:=800509946e85d9e56d73242fab223ec36db50372e870a04e2dd1fd9bad98455d +PKG_HASH:=2c686e5758fd05bb55fa7d0c198fdd481f8d3aaa3c693260f5c0d74ce3547d20 PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE From 081ed7ed232de1f780e3722aa3feedefdce63168 Mon Sep 17 00:00:00 2001 From: Nate Robinson Date: Sat, 20 Sep 2025 13:45:04 -0400 Subject: [PATCH 183/239] lf: update to r38 https://github.com/gokcehan/lf/releases/tag/r38 Signed-off-by: Nate Robinson (cherry picked from commit 1fd9f95a37c19c44e98e98bda17b0e31b3076d91) Signed-off-by: Gregory Gullin --- utils/lf/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/lf/Makefile b/utils/lf/Makefile index 2b5f752b5a2e16..fc57a16f23dab0 100644 --- a/utils/lf/Makefile +++ b/utils/lf/Makefile @@ -5,13 +5,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lf -PKG_VERSION:=37 +PKG_VERSION:=38 PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/gokcehan/lf.git PKG_SOURCE_VERSION:=r$(PKG_VERSION) -PKG_MIRROR_HASH:=b38a5857eeccd38bb6cfa69a665f92814aadc4865c6db05529efe969eebf9785 +PKG_MIRROR_HASH:=ff99f81df2b30e37f6e34952ba1b004e3f8b641954e35bf87a359a88a6926faf PKG_MAINTAINER:=Nate Robinson PKG_LICENSE:=MIT From d73732c1367541a070ff173f7051da76287d7905 Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Wed, 22 Oct 2025 20:59:16 +0200 Subject: [PATCH 184/239] travelmate: update 2.2.1-3 - fix minor log issues - restore old, efficient log viewer (in LuCI) Signed-off-by: Dirk Brenken (cherry picked from commit cf40213423d3fe043bf873f745fd3e99c6ed5ee0) --- net/travelmate/Makefile | 2 +- net/travelmate/files/travelmate.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/net/travelmate/Makefile b/net/travelmate/Makefile index 90958e8da8b691..3aea45ac0a17b6 100644 --- a/net/travelmate/Makefile +++ b/net/travelmate/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=travelmate PKG_VERSION:=2.2.1 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/travelmate/files/travelmate.sh b/net/travelmate/files/travelmate.sh index 6299cce209c210..8c52c135424940 100755 --- a/net/travelmate/files/travelmate.sh +++ b/net/travelmate/files/travelmate.sh @@ -191,7 +191,7 @@ f_wifi() { sleep "$((trm_maxwait / 6))" timeout="$((timeout + (trm_maxwait / 6)))" fi - f_log "debug" "f_wifi ::: radio_list: ${trm_radiolist}, ssid_filter: ${trm_ssidfilter:-""}, radio: ${radio}, timeout: ${timeout}" + f_log "debug" "f_wifi ::: radio_list: ${trm_radiolist}, ssid_filter: ${trm_ssidfilter:-"-"}, radio: ${radio}, timeout: ${timeout}" } # vpn helper function @@ -571,7 +571,7 @@ f_addsta() { for pattern in ${trm_ssidfilter}; do case "${essid}" in ${pattern}) - f_log "info" "skipping blacklisted open uplink '${radio}/${essid}'" + f_log "info" "open uplink filtered out '${radio}/${essid}/${pattern}'" return 0 ;; esac From 801e26c8c4e7ac05d178d8365b0062d969cfd4ff Mon Sep 17 00:00:00 2001 From: Noah Meyerhans Date: Wed, 22 Oct 2025 16:29:11 -0400 Subject: [PATCH 185/239] bind: bump to 9.20.15 Fixes the following security issues: - CVE-2025-8677: DNSSEC validation fails if matching but invalid DNSKEY is found. - CVE-2025-40778 Address various spoofing attacks. - CVE-2025-40780 Cache-poisoning due to weak pseudo-random number generator. The complete list of changes from version 9.20.11 is available in the upstream changelog at https://ftp.isc.org/isc/bind9/9.20.15/doc/arm/html/changelog.html Signed-off-by: Noah Meyerhans (cherry picked from commit 59465b95b847c2925993b2472d08af6f7571d770) --- net/bind/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/bind/Makefile b/net/bind/Makefile index 148c1d7e1d8db4..e24f7f42521c98 100644 --- a/net/bind/Makefile +++ b/net/bind/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=bind -PKG_VERSION:=9.20.11 +PKG_VERSION:=9.20.15 PKG_RELEASE:=1 USERID:=bind=57:bind=57 @@ -22,7 +22,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:= \ https://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) \ https://ftp.isc.org/isc/bind9/$(PKG_VERSION) -PKG_HASH:=4da2d532e668bc21e883f6e6d9d3d81794d9ec60b181530385649a56f46ee17a +PKG_HASH:=d62b38fae48ba83fca6181112d0c71018d8b0f2ce285dc79dc6a0367722ccabb PKG_FIXUP:=autoreconf PKG_REMOVE_FILES:=aclocal.m4 libtool.m4 From d42abaeb221c852a2aa271d3fd68b3f41c251fb5 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Tue, 21 Oct 2025 13:41:40 +0800 Subject: [PATCH 186/239] openlist: Update to 4.1.5 Release note: https://github.com/OpenListTeam/OpenList/releases/tag/v4.1.5 Signed-off-by: Tianling Shen (cherry picked from commit d93d55d28abefc3edf05f83c6a21b4fd51c722a4) --- net/openlist/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/openlist/Makefile b/net/openlist/Makefile index 96551bad977b3a..62c782a06f397d 100644 --- a/net/openlist/Makefile +++ b/net/openlist/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openlist -PKG_VERSION:=4.1.4 +PKG_VERSION:=4.1.5 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/OpenListTeam/OpenList/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=63726bbedc1ad8995cfad0ae7451cb503a504a3af3579710c4430c12286e01c3 +PKG_HASH:=5ddf3f0b7616248862a8b908cffad9437d19053092bc45e8299ad7c95a3626d2 PKG_BUILD_DIR:=$(BUILD_DIR)/OpenList-$(PKG_VERSION) PKG_LICENSE:=AGPL-3.0-only @@ -51,13 +51,13 @@ define Package/openlist/conffiles /etc/config/openlist endef -WEB_VERSION:=4.1.4 +WEB_VERSION:=4.1.5 WEB_FILE:=$(PKG_NAME)-frontend-dist-v$(WEB_VERSION).tar.gz define Download/openlist-web URL:=https://github.com/OpenListTeam/OpenList-Frontend/releases/download/v$(WEB_VERSION)/ URL_FILE:=$(WEB_FILE) FILE:=$(WEB_FILE) - HASH:=8ba2dcb8070a7a13e628f7cf6cb1bbce330f483992dc64e3680f741270a59db3 + HASH:=3445cf8752d09f7a6ed9360ac9cc6bd57718f1f30a37d1754215e5125de15535 endef define Build/Prepare From 393d45de3a1bc267da84467d6db0ba1e0665633d Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Tue, 21 Oct 2025 13:49:06 +0800 Subject: [PATCH 187/239] dos2unix: Update to 7.5.3 2025-10-14: Version 7.5.3 * Fix: Exit with non-zero code if the conversion is aborted due to a binary file. * Fix: Exit with zero code when an unicode conversion error occurs in quiet mode. * Updated Brazilian Portuguese, Catalan, Chinese (traditional), Dutch, Friulian, Georgian, and Serbian translations. Signed-off-by: Tianling Shen (cherry picked from commit 49dbbf0dc98fbb7f5c35bd4110ac6cd1aea600fe) --- utils/dos2unix/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/dos2unix/Makefile b/utils/dos2unix/Makefile index 4a5e25872c916f..900eb4174ca62c 100644 --- a/utils/dos2unix/Makefile +++ b/utils/dos2unix/Makefile @@ -5,13 +5,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dos2unix -PKG_VERSION:=7.5.2 +PKG_VERSION:=7.5.3 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://waterlan.home.xs4all.nl/dos2unix/ \ @SF/dos2unix -PKG_HASH:=264742446608442eb48f96c20af6da303cb3a92b364e72cb7e24f88239c4bf3a +PKG_HASH:=28a4b0d9f9179da4e44c567b9c01f818b070a20827115fffd96f760dcfa0f3b2 PKG_MAINTAINER:=Tianling Shen PKG_LICENSE:=BSD-2-Clause From 0213954957cc7a518d9decece97d7c01bc79cbde Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Tue, 5 Aug 2025 17:12:05 +0800 Subject: [PATCH 188/239] cloudreve: Update to 4.4.0 Signed-off-by: Tianling Shen (cherry picked from commit 77783f9706241f8c85b5e956183e8b155c45b419) --- net/cloudreve/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/cloudreve/Makefile b/net/cloudreve/Makefile index 2189b7376fad95..eaa0b7d454411b 100644 --- a/net/cloudreve/Makefile +++ b/net/cloudreve/Makefile @@ -5,13 +5,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=cloudreve -PKG_VERSION:=4.3.0 +PKG_VERSION:=4.4.0 PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/cloudreve/Cloudreve.git PKG_SOURCE_VERSION:=$(PKG_VERSION) -PKG_MIRROR_HASH:=53e27f3a112cdbb5315b044ce62708792e18fca3e44bcd4f793d6b0403bf14ce +PKG_MIRROR_HASH:=417d38194b2bd3e51d1ee415a85af4b4bf8b2b5cb66688f4bbf9c7b5d6470e99 PKG_LICENSE:=GPL-3.0-only PKG_LICENSE_FILES:=LICENSE From 98ff7a12628d4b9530cc896fc45657ce2ed9059e Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Thu, 7 Aug 2025 22:29:10 +0800 Subject: [PATCH 189/239] cloudreve: Update to 4.4.1 Release note: https://github.com/cloudreve/cloudreve/releases/tag/4.4.1 Signed-off-by: Tianling Shen (cherry picked from commit 1dc51297e5cdccfddab24cbfa6239cb16fb03515) --- net/cloudreve/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/cloudreve/Makefile b/net/cloudreve/Makefile index eaa0b7d454411b..994b16af6e3070 100644 --- a/net/cloudreve/Makefile +++ b/net/cloudreve/Makefile @@ -5,13 +5,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=cloudreve -PKG_VERSION:=4.4.0 +PKG_VERSION:=4.4.1 PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/cloudreve/Cloudreve.git PKG_SOURCE_VERSION:=$(PKG_VERSION) -PKG_MIRROR_HASH:=417d38194b2bd3e51d1ee415a85af4b4bf8b2b5cb66688f4bbf9c7b5d6470e99 +PKG_MIRROR_HASH:=2210093daf1cedfff4b72ac54cc0ba5ea3d3e656d23bd50d7006dcd75a44988e PKG_LICENSE:=GPL-3.0-only PKG_LICENSE_FILES:=LICENSE From be6c2e14bfcdbf619c1777717fea42c62e598bff Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Fri, 22 Aug 2025 17:22:33 +0800 Subject: [PATCH 190/239] cloudreve: Update to 4.6.0 Changelogs: - https://github.com/cloudreve/cloudreve/releases/tag/4.5.0 - https://github.com/cloudreve/cloudreve/releases/tag/4.6.0 Signed-off-by: Tianling Shen (cherry picked from commit 11b0340c5cd5b2af75ad09fb8d031ca07c5be795) --- net/cloudreve/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/cloudreve/Makefile b/net/cloudreve/Makefile index 994b16af6e3070..6f59a3a94ce5c0 100644 --- a/net/cloudreve/Makefile +++ b/net/cloudreve/Makefile @@ -5,13 +5,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=cloudreve -PKG_VERSION:=4.4.1 +PKG_VERSION:=4.6.0 PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/cloudreve/Cloudreve.git PKG_SOURCE_VERSION:=$(PKG_VERSION) -PKG_MIRROR_HASH:=2210093daf1cedfff4b72ac54cc0ba5ea3d3e656d23bd50d7006dcd75a44988e +PKG_MIRROR_HASH:=5144090786e244a2fd50afae640accf3336e9eca6ab55dd23a601341e2d0c0ae PKG_LICENSE:=GPL-3.0-only PKG_LICENSE_FILES:=LICENSE From 1bc126120d8e3b5597d71c24c4b76868545dc85b Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Tue, 16 Sep 2025 21:54:11 +0800 Subject: [PATCH 191/239] cloudreve: Update to 4.8.0 Release note: - https://github.com/cloudreve/cloudreve/releases/tag/4.7.0 - https://github.com/cloudreve/cloudreve/releases/tag/4.8.0 Signed-off-by: Tianling Shen (cherry picked from commit 5bd131c39d1903db27f3c0eaf5ac45c36aa53cd1) --- net/cloudreve/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/cloudreve/Makefile b/net/cloudreve/Makefile index 6f59a3a94ce5c0..3078a95d36b438 100644 --- a/net/cloudreve/Makefile +++ b/net/cloudreve/Makefile @@ -5,13 +5,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=cloudreve -PKG_VERSION:=4.6.0 +PKG_VERSION:=4.8.0 PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/cloudreve/Cloudreve.git PKG_SOURCE_VERSION:=$(PKG_VERSION) -PKG_MIRROR_HASH:=5144090786e244a2fd50afae640accf3336e9eca6ab55dd23a601341e2d0c0ae +PKG_MIRROR_HASH:=49f7b95d3ccfde72cc176ab008a50a158602e4fdd5a235acccad355bb2bacbce PKG_LICENSE:=GPL-3.0-only PKG_LICENSE_FILES:=LICENSE From d8568263a5b57b85b5e6d1b5bf2ecbb27571d393 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Tue, 21 Oct 2025 13:52:54 +0800 Subject: [PATCH 192/239] cloudreve: Update to 4.9.2 > Breaking change: > If you are using AlibabaCloud OSS storage policy, please go to the > admin dashboard after upgrading, edit each OSS storage policy, > fill in the correct Region in Basic info and save it, otherwise > the storage policy will not continue to work. Changelog: - https://github.com/cloudreve/cloudreve/releases/tag/4.9.0 - https://github.com/cloudreve/cloudreve/releases/tag/4.9.1 - https://github.com/cloudreve/cloudreve/releases/tag/4.9.2 Signed-off-by: Tianling Shen (cherry picked from commit 480d1493232229219c08d7598c4f54f72ff916f4) --- net/cloudreve/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/cloudreve/Makefile b/net/cloudreve/Makefile index 3078a95d36b438..d23e3ce1334443 100644 --- a/net/cloudreve/Makefile +++ b/net/cloudreve/Makefile @@ -5,13 +5,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=cloudreve -PKG_VERSION:=4.8.0 +PKG_VERSION:=4.9.2 PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/cloudreve/Cloudreve.git PKG_SOURCE_VERSION:=$(PKG_VERSION) -PKG_MIRROR_HASH:=49f7b95d3ccfde72cc176ab008a50a158602e4fdd5a235acccad355bb2bacbce +PKG_MIRROR_HASH:=d88edc8af20a5cce662689a297123d1b4d504b0ca0499942068bdbb3c9ec8ea7 PKG_LICENSE:=GPL-3.0-only PKG_LICENSE_FILES:=LICENSE From fd188f0ae012325cbb86b27ca210355be87758a8 Mon Sep 17 00:00:00 2001 From: Fabian Lipken Date: Tue, 13 May 2025 10:22:02 +0200 Subject: [PATCH 193/239] fx: update to 36.0.1 Signed-off-by: Fabian Lipken (cherry picked from commit d8a233f90a4006e4cc130a8e70b715e7781ac54a) Signed-off-by: Gregory Gullin --- utils/fx/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/fx/Makefile b/utils/fx/Makefile index fd5af83839096f..a05d330abb923b 100644 --- a/utils/fx/Makefile +++ b/utils/fx/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fx -PKG_VERSION:=35.0.0 +PKG_VERSION:=36.0.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/antonmedv/fx/tar.gz/$(PKG_VERSION)? -PKG_HASH:=5ab642bb91ad9c1948de1add2d62acec22d82398e420957c191c1549999eb351 +PKG_HASH:=fc32fcf5c7f813d4adb43dbb77dda449cb1451a4d115e3f612aa1f31da76cb2e PKG_MAINTAINER:=Fabian Lipken PKG_LICENSE:=MIT From db7801ec39305752a58871cac642f2eb3e42145d Mon Sep 17 00:00:00 2001 From: Fabian Lipken Date: Fri, 16 May 2025 18:10:39 +0200 Subject: [PATCH 194/239] fx: update to 36.0.2 Signed-off-by: Fabian Lipken (cherry picked from commit 4632f4553fde07c84e62808fecb474c6aae23e65) Signed-off-by: Gregory Gullin --- utils/fx/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/fx/Makefile b/utils/fx/Makefile index a05d330abb923b..4d2eb4fc6e879c 100644 --- a/utils/fx/Makefile +++ b/utils/fx/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fx -PKG_VERSION:=36.0.1 +PKG_VERSION:=36.0.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/antonmedv/fx/tar.gz/$(PKG_VERSION)? -PKG_HASH:=fc32fcf5c7f813d4adb43dbb77dda449cb1451a4d115e3f612aa1f31da76cb2e +PKG_HASH:=371578c7393f4ac0a404d1b481c6bd61caae7da4ba11fe7df7b05fe5e4c3c9da PKG_MAINTAINER:=Fabian Lipken PKG_LICENSE:=MIT From 81d40c53bfc2e37770d239d8dcf1e3b76741014b Mon Sep 17 00:00:00 2001 From: Fabian Lipken Date: Mon, 26 May 2025 07:36:43 +0200 Subject: [PATCH 195/239] fx: update to 36.0.3 This commit updates fx to version 36.0.3 For more details, please refer to release details: https://github.com/antonmedv/fx/releases/tag/36.0.3 Signed-off-by: Fabian Lipken (cherry picked from commit 8fff19135e8800852e6d5b78be1bfff350f1cb61) Signed-off-by: Gregory Gullin --- utils/fx/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/fx/Makefile b/utils/fx/Makefile index 4d2eb4fc6e879c..c6fe3727f7a298 100644 --- a/utils/fx/Makefile +++ b/utils/fx/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fx -PKG_VERSION:=36.0.2 +PKG_VERSION:=36.0.3 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/antonmedv/fx/tar.gz/$(PKG_VERSION)? -PKG_HASH:=371578c7393f4ac0a404d1b481c6bd61caae7da4ba11fe7df7b05fe5e4c3c9da +PKG_HASH:=1159bc6b556d39843f7e786b06ad8918e4d1a6e64f21539598d3a72dbbc9b1c7 PKG_MAINTAINER:=Fabian Lipken PKG_LICENSE:=MIT From 271029f6728cd0b35af2850683cb5c3efa777ec2 Mon Sep 17 00:00:00 2001 From: Fabian Lipken Date: Mon, 11 Aug 2025 09:47:18 +0200 Subject: [PATCH 196/239] fx: update to 39.0.1 update fx from version 36.0.3 to 39.0.1 Signed-off-by: Fabian Lipken (cherry picked from commit 08a431f446dc34a9b83bfbec1149742587651f48) Signed-off-by: Gregory Gullin --- utils/fx/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/fx/Makefile b/utils/fx/Makefile index c6fe3727f7a298..041bb36576a834 100644 --- a/utils/fx/Makefile +++ b/utils/fx/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fx -PKG_VERSION:=36.0.3 +PKG_VERSION:=39.0.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/antonmedv/fx/tar.gz/$(PKG_VERSION)? -PKG_HASH:=1159bc6b556d39843f7e786b06ad8918e4d1a6e64f21539598d3a72dbbc9b1c7 +PKG_HASH:=0ddbef45762a3a2b4b13afb03093139121422b6f73aecbf2b6655598bd98575f PKG_MAINTAINER:=Fabian Lipken PKG_LICENSE:=MIT From 8dda4c85f9603461c95ac21d9ca267ab7cbb405d Mon Sep 17 00:00:00 2001 From: Eric Fahlgren Date: Fri, 24 Oct 2025 14:54:24 -0700 Subject: [PATCH 197/239] owut: update to 2025.10.24 Bug fixes: efahl/owut@07453922aa2f owut: create uclient singleton to minimize memory usage efahl/owut@f0735878918c owut: fix bug in version number parsing Signed-off-by: Eric Fahlgren (cherry picked from commit 904ad4a24c2b02b9496a6ec737a5ffb1a5eee798) --- utils/owut/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/utils/owut/Makefile b/utils/owut/Makefile index 621ddac81ec56d..259a347bd1bc4b 100644 --- a/utils/owut/Makefile +++ b/utils/owut/Makefile @@ -6,13 +6,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=owut -PKG_SOURCE_DATE:=2025-09-27 +PKG_SOURCE_DATE:=2025-10-24 PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git -PKG_SOURCE_VERSION:=f049043ed7219e7736e6e9d1e6cf4cc6b444945f +PKG_SOURCE_VERSION:=07453922aa2ff0d73a9e789d702827a2d08a203f PKG_SOURCE_URL:=https://github.com/efahl/owut.git -PKG_MIRROR_HASH:=1b96ee209d15db7d2c58a1a626b9c94f64dec68595eb50ac6be9958014957333 +PKG_MIRROR_HASH:=49412860a6ca86eb5485641cdf4b25d64c462e10d99b2c4fdcf0a2214fd1578a PKG_MAINTAINER:=Eric Fahlgren PKG_LICENSE:=GPL-2.0-only From abf944ce4e28373c6ce18814acda0d5c37e63e8d Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Wed, 22 Oct 2025 02:02:40 +0200 Subject: [PATCH 198/239] python-flit-core: update to version 3.12.0 Release notes: https://github.com/pypa/flit/blob/5714d1f78fb9b344c997cb866c44bb9506b8ca41/doc/history.rst#version-312 Signed-off-by: Josef Schlehofer (cherry picked from commit caed169831609ec97d405ce74e1e567f43fe2177) --- lang/python/python-flit-core/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/python/python-flit-core/Makefile b/lang/python/python-flit-core/Makefile index 66b246cae8db8c..748518cd47779d 100644 --- a/lang/python/python-flit-core/Makefile +++ b/lang/python/python-flit-core/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-flit-core -PKG_VERSION:=3.9.0 +PKG_VERSION:=3.12.0 PKG_RELEASE:=1 PYPI_NAME:=flit-core PYPI_SOURCE_NAME:=flit_core -PKG_HASH:=72ad266176c4a3fcfab5f2930d76896059851240570ce9a98733b658cb786eba +PKG_HASH:=18f63100d6f94385c6ed57a72073443e1a71a4acb4339491615d0f16d6ff01b2 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE From 9110dd9e2a2895c23b03b7a50a3bb6bd6b141060 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Wed, 22 Oct 2025 02:05:19 +0200 Subject: [PATCH 199/239] python-build: update to version 1.3.0 Release notes: https://github.com/pypa/build/releases/tag/1.3.0 Signed-off-by: Josef Schlehofer (cherry picked from commit 4ba2c1487c49f8315806f69e0a53d894880f1bbb) --- lang/python/python-build/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/python/python-build/Makefile b/lang/python/python-build/Makefile index 3b2ab65cb291f0..2540291d5fb8f5 100644 --- a/lang/python/python-build/Makefile +++ b/lang/python/python-build/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-build -PKG_VERSION:=1.0.3 +PKG_VERSION:=1.3.0 PKG_RELEASE:=1 PYPI_NAME:=build -PKG_HASH:=538aab1b64f9828977f84bc63ae570b060a8ed1be419e7870b8b4fc5e6ea553b +PKG_HASH:=698edd0ea270bde950f53aed21f3a0135672206f3911e0176261a31e0e07b397 PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE From 74c7b55236e7c1b914cfed4b98b20a4920db5833 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Thu, 2 Oct 2025 09:54:42 +0200 Subject: [PATCH 200/239] ivykis: add new package Libivykis, an asynchronous I/O readiness notification library. This library is required by syslog-ng and potentially other packages that need event-driven I/O handling. Signed-off-by: Josef Schlehofer (cherry picked from commit c92d1206905f0b781fed78f94673c52822cf1fce) --- libs/ivykis/Makefile | 57 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 libs/ivykis/Makefile diff --git a/libs/ivykis/Makefile b/libs/ivykis/Makefile new file mode 100644 index 00000000000000..e92be92c63cfb0 --- /dev/null +++ b/libs/ivykis/Makefile @@ -0,0 +1,57 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=ivykis +PKG_VERSION:=0.43.2 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=@SF/libivykis +PKG_HASH:=93e3e9b237695437cd63d4aa48a8d9dfd8b39bc28a192a5770d113c4fe9099ef + +PKG_MAINTAINER:=Josef Schlehofer +PKG_LICENSE:=LGPL-2.1-or-later +PKG_LICENSE_FILES:=COPYING + +PKG_FIXUP:=autoreconf +PKG_INSTALL:=1 +PKG_BUILD_PARALLEL:=1 + +PKG_CONFIG_DEPENDS:=CONFIG_KERNEL_IO_URING + +include $(INCLUDE_DIR)/package.mk + +define Package/ivykis + SECTION:=libs + CATEGORY:=Libraries + TITLE:=Async I/O library + URL:=https://libivykis.sourceforge.net/ + DEPENDS:=+KERNEL_IO_URING:liburing + ABI_VERSION:=0 +endef + +define Package/ivykis/description + libivykis is a library for asynchronous I/O readiness notification. +endef + +CONFIGURE_ARGS += \ + --enable-shared \ + --enable-static \ + --with-pic \ + --enable-io-uring=$(if $(CONFIG_KERNEL_IO_URING),yes,no) + +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/include + $(CP) $(PKG_INSTALL_DIR)/usr/include/iv*.h $(1)/usr/include/ + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libivykis.a $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libivykis.so* $(1)/usr/lib/ + $(INSTALL_DIR) $(1)/usr/lib/pkgconfig + $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/ivykis.pc $(1)/usr/lib/pkgconfig/ +endef + +define Package/ivykis/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libivykis.so.$(ABI_VERSION)* $(1)/usr/lib/ +endef + +$(eval $(call BuildPackage,ivykis)) From 607aa2a4b310d8848dd7cc924242872ecd6556f6 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Tue, 28 Oct 2025 11:42:28 +0100 Subject: [PATCH 201/239] syslog-ng: add dependency for ivykis Replace embedded ivykis with a separate package to improve dependency management and enable library reuse. The ivykis library now properly supports io_uring when CONFIG_KERNEL_IO_URING is enabled. Signed-off-by: Josef Schlehofer (cherry picked from commit 8fcf45d05aea3de53163bd25099a4ea08f060c5f) --- admin/syslog-ng/Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/admin/syslog-ng/Makefile b/admin/syslog-ng/Makefile index 9cbfaf7e3df89d..fcc11f9b87c155 100644 --- a/admin/syslog-ng/Makefile +++ b/admin/syslog-ng/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=syslog-ng PKG_VERSION:=4.10.2 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_MAINTAINER:=Josef Schlehofer PKG_LICENSE:=LGPL-2.1-or-later GPL-2.0-or-later @@ -34,7 +34,7 @@ define Package/syslog-ng CATEGORY:=Administration TITLE:=A powerful syslog daemon URL:=https://www.syslog-ng.com/products/open-source-log-management/ - DEPENDS:=+libpcre2 +glib2 +libopenssl +libpthread +librt +libdbi +libjson-c +libcurl +libuuid +SYSLOGNG_LOGROTATE:logrotate +LIBCURL_ZLIB:zlib + DEPENDS:=+libpcre2 +glib2 +libopenssl +libpthread +librt +libdbi +libjson-c +libcurl +libuuid +ivykis +SYSLOGNG_LOGROTATE:logrotate +LIBCURL_ZLIB:zlib ALTERNATIVES:=300:/sbin/logread:/usr/libexec/logread.sh endef @@ -91,6 +91,7 @@ CONFIGURE_ARGS += \ --disable-sql \ --disable-linux-caps \ --with-jsonc=system \ + --with-ivykis=system \ --enable-cpp=no \ --disable-example-modules \ --enable-json=yes \ From ecb4600c6702acf265e1afa5ec19f83f791491d7 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Wed, 29 Oct 2025 07:48:02 +0100 Subject: [PATCH 202/239] umurmur: move config file to its default location This was changed in version 0.3.1 [1] Fixes initial start of umurmur: ``` root@turris:~# umurmurd Error in config file /etc/umurmur/umurmur.conf line 0: file I/O error ``` And also while running help of umurmurd, the defailt location is /etc/umurmur/umurmur.conf ``` Usage: umurmurd [-d] [-r] [-h] [-p ] [-t] [-c ] [-a ] [-b ] -c - Specify configuration file (default /etc/umurmur/umurmur.conf) ``` [1] https://github.com/umurmur/umurmur/commit/4f3ed41357bb6fcb7afddd5343b59cfef54d65a4 Fixes: c4a23ca99662e67c8b6f5b8bad76d93fc2381ea0 ("umurmur: update to version 0.3.1") Signed-off-by: Josef Schlehofer (cherry picked from commit 3d6be64ea309bd2a6f961f11ae5e36aa4343db10) --- net/umurmur/Makefile | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/net/umurmur/Makefile b/net/umurmur/Makefile index ff25fe10b660cf..85c64ac823fb7d 100644 --- a/net/umurmur/Makefile +++ b/net/umurmur/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=umurmur PKG_VERSION:=0.3.1 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/umurmur/umurmur/tar.gz/v$(PKG_VERSION)? @@ -59,7 +59,7 @@ define Package/umurmur-mbedtls/description endef define Package/umurmur-openssl/conffiles -/etc/umurmur.conf +/etc/umurmur/umurmur.conf endef Package/umurmur-mbedtls/conffiles = $(Package/umurmur-openssl/conffiles) @@ -67,11 +67,10 @@ Package/umurmur-mbedtls/conffiles = $(Package/umurmur-openssl/conffiles) define Package/umurmur-openssl/install $(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/umurmurd $(1)/usr/sbin/ - $(INSTALL_DIR) $(1)/etc - $(INSTALL_CONF) $(PKG_BUILD_DIR)/openwrt/files/umurmur.conf $(1)/etc/ + $(INSTALL_DIR) $(1)/etc/umurmur/ + $(INSTALL_CONF) $(PKG_BUILD_DIR)/openwrt/files/umurmur.conf $(1)/etc/umurmur/ $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_BIN) $(PKG_BUILD_DIR)/openwrt/files/umurmur.init $(1)/etc/init.d/umurmur - $(INSTALL_DIR) $(1)/etc/umurmur endef Package/umurmur-mbedtls/install = $(Package/umurmur-openssl/install) From 5b9624dc6e79613c6b944a3bdd56d4dd4d01c8ba Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Thu, 30 Oct 2025 10:04:23 +0100 Subject: [PATCH 203/239] umurmur: Use example config and add own init script Files such as config file and init script related to OpenWrt were removed in upstream [1]. Config file was same as umurmur.conf.example, thus use it and init script, we need to ship our own. Add a simple one. [1] https://github.com/umurmur/umurmur/commit/209edb5c887e5a5d3ab2c95ab4a8aeb8c1e6e8f3 Signed-off-by: Josef Schlehofer (cherry picked from commit b03e655bf02ec0eaf6a2bdbe5b1829d5e0b3710b) --- net/umurmur/Makefile | 4 ++-- net/umurmur/files/umurmur.init | 26 ++++++++++++++++++++++++++ 2 files changed, 28 insertions(+), 2 deletions(-) create mode 100644 net/umurmur/files/umurmur.init diff --git a/net/umurmur/Makefile b/net/umurmur/Makefile index 85c64ac823fb7d..ec6ef28e611ce5 100644 --- a/net/umurmur/Makefile +++ b/net/umurmur/Makefile @@ -68,9 +68,9 @@ define Package/umurmur-openssl/install $(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/umurmurd $(1)/usr/sbin/ $(INSTALL_DIR) $(1)/etc/umurmur/ - $(INSTALL_CONF) $(PKG_BUILD_DIR)/openwrt/files/umurmur.conf $(1)/etc/umurmur/ + $(INSTALL_CONF) $(PKG_BUILD_DIR)/umurmur.conf.example $(1)/etc/umurmur/umurmur.conf $(INSTALL_DIR) $(1)/etc/init.d - $(INSTALL_BIN) $(PKG_BUILD_DIR)/openwrt/files/umurmur.init $(1)/etc/init.d/umurmur + $(INSTALL_BIN) ./files/umurmur.init $(1)/etc/init.d/umurmur endef Package/umurmur-mbedtls/install = $(Package/umurmur-openssl/install) diff --git a/net/umurmur/files/umurmur.init b/net/umurmur/files/umurmur.init new file mode 100644 index 00000000000000..f3911c5ea00081 --- /dev/null +++ b/net/umurmur/files/umurmur.init @@ -0,0 +1,26 @@ +#!/bin/sh /etc/rc.common + +START=90 +STOP=10 + +USE_PROCD=1 + +PROG=/usr/sbin/umurmurd +CONF=/etc/umurmur/umurmur.conf + +start_service() { + procd_open_instance + procd_set_param command $PROG -d -c $CONF + procd_set_param respawn + procd_set_param stdout 1 + procd_set_param stderr 1 + procd_close_instance +} + +service_triggers() { + procd_add_reload_trigger umurmur +} + +reload_service() { + procd_send_signal umurmur +} From 5ea20ec4f052d127ef8d41a14bf9bf584b409894 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Tue, 21 Oct 2025 23:30:19 +0200 Subject: [PATCH 204/239] python3: update to version 3.11.4 In this release, there is updated setuptools, so update it as well. Fixes CVEs: - CVE-2025-47273 - CVE-2024-6345 Release notes: https://pythoninsider.blogspot.com/2025/10/python-31212-31114-31019-and-3924-are.html Patch: - 0001-Adjust-library-header-paths-for-cross-compilation.patch comes from buildroot [1], but they removed it as they switched to Python 3.12, however Python 3.11 still supports distutils, but it is marked as deprecated [2] and it will be gone in 3.12. So, don't rebase it this time as this patch does not apply anymore due to this commit [3] and sooner switch to more up-to-date Python3 version. [1] https://redirect.github.com/buildroot/buildroot/commit/b37e4a5f56182c5b8e4ffce433eb652174a19da6 [2] https://peps.python.org/pep-0632/ [3] https://redirect.github.com/pypa/setuptools/commit/88eb8cc66f8762e37ec78913c07ccf3e3dba05e1 Signed-off-by: Josef Schlehofer (cherry picked from commit ef509da52bd470a12e259b735fa5b1c052f49bc9) --- lang/python/python3-version.mk | 6 +-- lang/python/python3/Makefile | 2 +- .../python3/patches-host-setuptools/.gitkeep | 0 ...y-header-paths-for-cross-compilation.patch | 38 ------------------- 4 files changed, 4 insertions(+), 42 deletions(-) delete mode 100644 lang/python/python3/patches-host-setuptools/.gitkeep delete mode 100644 lang/python/python3/patches-host-setuptools/0001-Adjust-library-header-paths-for-cross-compilation.patch diff --git a/lang/python/python3-version.mk b/lang/python/python3-version.mk index 4cc337ada23df7..7f7eddc39abedd 100644 --- a/lang/python/python3-version.mk +++ b/lang/python/python3-version.mk @@ -8,12 +8,12 @@ # Note: keep in sync with setuptools & pip PYTHON3_VERSION_MAJOR:=3 PYTHON3_VERSION_MINOR:=11 -PYTHON3_VERSION_MICRO:=13 +PYTHON3_VERSION_MICRO:=14 PYTHON3_VERSION:=$(PYTHON3_VERSION_MAJOR).$(PYTHON3_VERSION_MINOR) -PYTHON3_SETUPTOOLS_PKG_RELEASE:=2 +PYTHON3_SETUPTOOLS_PKG_RELEASE:=1 PYTHON3_PIP_PKG_RELEASE:=1 -PYTHON3_SETUPTOOLS_VERSION:=65.5.0 +PYTHON3_SETUPTOOLS_VERSION:=79.0.1 PYTHON3_PIP_VERSION:=24.0 diff --git a/lang/python/python3/Makefile b/lang/python/python3/Makefile index 1ce67494a152e9..76d3eba39dda8c 100644 --- a/lang/python/python3/Makefile +++ b/lang/python/python3/Makefile @@ -16,7 +16,7 @@ PKG_VERSION:=$(PYTHON3_VERSION).$(PYTHON3_VERSION_MICRO) PKG_SOURCE:=Python-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://www.python.org/ftp/python/$(PKG_VERSION) -PKG_HASH:=8fb5f9fbc7609fa822cb31549884575db7fd9657cbffb89510b5d7975963a83a +PKG_HASH:=8d3ed8ec5c88c1c95f5e558612a725450d2452813ddad5e58fdb1a53b1209b78 PKG_MAINTAINER:=Jeffery To PKG_LICENSE:=Python-2.0.1 0BSD diff --git a/lang/python/python3/patches-host-setuptools/.gitkeep b/lang/python/python3/patches-host-setuptools/.gitkeep deleted file mode 100644 index e69de29bb2d1d6..00000000000000 diff --git a/lang/python/python3/patches-host-setuptools/0001-Adjust-library-header-paths-for-cross-compilation.patch b/lang/python/python3/patches-host-setuptools/0001-Adjust-library-header-paths-for-cross-compilation.patch deleted file mode 100644 index 06dbb4318cc1da..00000000000000 --- a/lang/python/python3/patches-host-setuptools/0001-Adjust-library-header-paths-for-cross-compilation.patch +++ /dev/null @@ -1,38 +0,0 @@ -From e359a7a3c4f9e70360a068bef19c95938fdacede Mon Sep 17 00:00:00 2001 -From: Thomas Petazzoni -Date: Wed, 23 Dec 2015 11:33:14 +0100 -Subject: [PATCH] Adjust library/header paths for cross-compilation - -When cross-compiling third-party extensions, the get_python_inc() or -get_python_lib() can be called, to return the path to headers or -libraries. However, they use the sys.prefix of the host Python, which -returns incorrect paths when cross-compiling (paths pointing to host -headers and libraries). - -In order to fix this, we introduce the _python_sysroot, _python_prefix -and _python_exec_prefix variables, that allow to override these -values, and get correct header/library paths when cross-compiling -third-party Python modules. - -Signed-off-by: Thomas Petazzoni -[adapt for setuptools, rename environment variable, use fixed lib path] -Signed-off-by: Jeffery To ---- - Lib/distutils/command/build_ext.py | 5 ++++- - Lib/sysconfig.py | 15 +++++++++++---- - 2 files changed, 15 insertions(+), 5 deletions(-) - ---- a/setuptools/_distutils/command/build_ext.py -+++ b/setuptools/_distutils/command/build_ext.py -@@ -238,7 +238,10 @@ class build_ext(Command): - if sysconfig.get_config_var('Py_ENABLE_SHARED'): - if not sysconfig.python_build: - # building third party extensions -- self.library_dirs.append(sysconfig.get_config_var('LIBDIR')) -+ libdir = sysconfig.get_config_var('LIBDIR') -+ if 'STAGING_DIR' in os.environ: -+ libdir = os.environ.get('STAGING_DIR') + '/usr/lib' -+ self.library_dirs.append(libdir) - else: - # building python standard extensions - self.library_dirs.append('.') From 7877590b8266f58ae8eb43014051d2e60ff96e9e Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Tue, 21 Oct 2025 23:42:45 +0200 Subject: [PATCH 205/239] python-uci: drop patches due to newer setuptools These patches were required with older setuptools version, but in Python 3.11.4 is bundled setuptools updated, thus we can remove these patches. Signed-off-by: Josef Schlehofer (cherry picked from commit f4395c5d3128e5982b5cf192c0e841a3cda28221) --- lang/python/python-uci/Makefile | 2 +- ...py-removed-and-testing-updates-in-CI.patch | 75 ------------------- ....toml-remove-it-in-favor-of-setup.py.patch | 63 ---------------- 3 files changed, 1 insertion(+), 139 deletions(-) delete mode 100644 lang/python/python-uci/patches/0001-Revert-CI-setup.py-removed-and-testing-updates-in-CI.patch delete mode 100644 lang/python/python-uci/patches/0001-pyproject.toml-remove-it-in-favor-of-setup.py.patch diff --git a/lang/python/python-uci/Makefile b/lang/python/python-uci/Makefile index 44762810558799..0a539e32377f51 100644 --- a/lang/python/python-uci/Makefile +++ b/lang/python/python-uci/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-uci PKG_VERSION:=0.10.3 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PYPI_NAME:=pyuci PKG_HASH:=3b0f72ea81ed7a7999b2eb73f57a93019c0d359efaa9efb44fdf377fa09c1da6 diff --git a/lang/python/python-uci/patches/0001-Revert-CI-setup.py-removed-and-testing-updates-in-CI.patch b/lang/python/python-uci/patches/0001-Revert-CI-setup.py-removed-and-testing-updates-in-CI.patch deleted file mode 100644 index de7ff24a86a8e3..00000000000000 --- a/lang/python/python-uci/patches/0001-Revert-CI-setup.py-removed-and-testing-updates-in-CI.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 24dd211a0a99e95e79f5a6b2054e60dae878410d Mon Sep 17 00:00:00 2001 -From: Josef Schlehofer -Date: Tue, 15 Jul 2025 10:18:19 +0200 -Subject: [PATCH] Revert "CI: setup.py removed and testing updates in CI" - -This commit adds setup.py back to be compatible with OpenWrt. -OpenWrt ships Python 3.11 and that version is using bundled -setuptools and pip. These versions for py-uci are kinda outdated, -because in the latest release Stepan is using ext-modules -via pyproject.toml, which is experimental [1] and thus this -is not present in Python 3.11. - -Newer Python versions such as 3.12 and 3.13 are not shipping -bunled setuptools anymore. This needs to be reworked to -be working with OpenWrt build system. - -How it is implemented right now, Python packages -can be compiled with pyproject.toml with OpenWrt. See this PR [2], -but as said earlier newest features from setuptools are missing. - -[1] https://setuptools.pypa.io/en/stable/history.html#v74-1-0 -[2] https://github.com/openwrt/packages/pull/20801 - -This reverts commit 8a1e5c3218f16f46a25379dc2e9651fa74a7d349. ---- - setup.py | 43 +++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 43 insertions(+) - create mode 100644 setup.py - ---- /dev/null -+++ b/setup.py -@@ -0,0 +1,43 @@ -+import os -+from setuptools import setup -+from setuptools.extension import Extension -+ -+ext_compile_args = None -+ext_link_args = None -+ -+if 'COVERAGE' in os.environ: -+ ext_compile_args = ["-fprofile-arcs", "-ftest-coverage"] -+ ext_link_args = ["-fprofile-arcs"] -+ -+ -+with open("README.md", "r") as fh: -+ long_description = fh.read() -+ -+ -+setup( -+ name='pyuci', -+ version='0.10.3', -+ author='CZ.NIC z.s.p.o', -+ author_email='karel.koci@nic.cz', -+ description='Python UCI bindings', -+ long_description=long_description, -+ long_description_content_type="text/markdown", -+ url="https://gitlab.nic.cz/turris/pyuci", -+ license="MIT", -+ -+ packages=['euci'], -+ ext_modules=[ -+ Extension("uci", ["ucimodule.c", "pyuci.c", "pyhelper.c"], -+ libraries=["uci"], language="c", -+ extra_compile_args=ext_compile_args, -+ extra_link_args=ext_link_args) -+ ], -+ -+ classifiers=[ -+ "Development Status :: 5 - Production/Stable", -+ "License :: OSI Approved :: MIT License", -+ "Operating System :: POSIX :: Linux", -+ "Programming Language :: Python :: 3", -+ ], -+ python_requires='>=3.7', -+) diff --git a/lang/python/python-uci/patches/0001-pyproject.toml-remove-it-in-favor-of-setup.py.patch b/lang/python/python-uci/patches/0001-pyproject.toml-remove-it-in-favor-of-setup.py.patch deleted file mode 100644 index 4fee997f0fa3cd..00000000000000 --- a/lang/python/python-uci/patches/0001-pyproject.toml-remove-it-in-favor-of-setup.py.patch +++ /dev/null @@ -1,63 +0,0 @@ -From a480a4223639766f4f0625434a28204b014fd882 Mon Sep 17 00:00:00 2001 -From: Josef Schlehofer -Date: Tue, 15 Jul 2025 10:31:08 +0200 -Subject: [PATCH] pyproject.toml: remove it in favor of setup.py - -This patch is I would say kinda hacky. OpenWrt -can compile Python packages with pyproject.toml, -but this pyproject.toml requires the latest -setuptools, which is shipped separately these days. - -But Python 3.11, which is used in OpenWrt -is using bundled setuptools together with pip -and the version of setuptools does not support -ext-modules [1]. - -[1] https://github.com/pypa/setuptools/pull/4568 - -Signed-off-by: Josef Schlehofer ---- - pyproject.toml | 37 ------------------------------------- - 1 file changed, 37 deletions(-) - delete mode 100644 pyproject.toml - ---- a/pyproject.toml -+++ /dev/null -@@ -1,37 +0,0 @@ --[build-system] --requires = ["setuptools", "wheel"] --build-backend = "setuptools.build_meta" -- --[project] --name = "pyuci" --dynamic = [] --description = "Python UCI bindings" --readme = "README.md" --license = {file = "LICENSE"} --version = "0.10.3" --requires-python = ">=3.7" --authors = [ -- { name = "CZ.NIC z.s.p.o", email = "karel.koci@nic.cz" }, --] --classifiers = [ -- "Development Status :: 5 - Production/Stable", -- "License :: OSI Approved :: MIT License", -- "Operating System :: POSIX :: Linux", -- "Programming Language :: Python :: 3", --] -- --[project.urls] --Homepage = "https://gitlab.nic.cz/turris/pyuci" -- --[tool.setuptools] --packages = ["euci"] -- --[[tool.setuptools.ext-modules]] --name = "uci" --sources = ["ucimodule.c", "pyuci.c", "pyhelper.c"] --language = "c" --libraries = ["uci"] -- --# Uncomment to enable coverage measurement --#extra-compile-args = ["-fprofile-arcs", "-ftest-coverage"] --#extra-link-args = ["-fprofile-arcs"] From 7113624afbe8827a0fbcb62015cd88218a112fc4 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Wed, 22 Oct 2025 00:40:38 +0200 Subject: [PATCH 206/239] python-markupsafe: update to version 3.0.3 Release notes: https://github.com/pallets/markupsafe/releases/tag/3.0.3 Signed-off-by: Josef Schlehofer (cherry picked from commit 69539619b62333760c6bcc52d5fb7a3d30e8286b) --- lang/python/python-markupsafe/Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lang/python/python-markupsafe/Makefile b/lang/python/python-markupsafe/Makefile index 63e5309d56abcb..0b7c41a5677980 100644 --- a/lang/python/python-markupsafe/Makefile +++ b/lang/python/python-markupsafe/Makefile @@ -5,11 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-markupsafe -PKG_VERSION:=2.1.3 +PKG_VERSION:=3.0.3 PKG_RELEASE:=1 PYPI_NAME:=MarkupSafe -PKG_HASH:=af598ed32d6ae86f1b747b82783958b1a4ab8f617b06fe68795c7f026abbdcad +PYPI_SOURCE_NAME:=markupsafe +PKG_HASH:=722695808f4b6457b320fdc131280796bdceb04ab50fe1795cd540799ebe1698 PKG_MAINTAINER:=Jeffery To PKG_LICENSE:=BSD-3-Clause From f2f149b5697aabbd7086f8517418e96971881929 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Wed, 22 Oct 2025 02:48:47 +0200 Subject: [PATCH 207/239] bigclown-gateway: update to version 1.17.0 Release notes: https://github.com/hardwario/bch-gateway/releases/tag/v1.17.0 Signed-off-by: Josef Schlehofer (cherry picked from commit 15121d222b4c059cf9deb827b31916b431fc1b2a) --- utils/bigclown/bigclown-gateway/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/utils/bigclown/bigclown-gateway/Makefile b/utils/bigclown/bigclown-gateway/Makefile index 6adc7c414277ab..a8ff654814172a 100644 --- a/utils/bigclown/bigclown-gateway/Makefile +++ b/utils/bigclown/bigclown-gateway/Makefile @@ -5,11 +5,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=bigclown-gateway -PKG_VERSION:=1.16.2 -PKG_RELEASE:=3 +PKG_VERSION:=1.17.0 +PKG_RELEASE:=1 PYPI_NAME:=bcg -PKG_HASH:=ce7f27f372551c0beb3f8929af2d779417d9dcd0feaa2fa2dc49e87b1416c536 +PKG_HASH:=38a423952160e8cd468157af4a1fecec9f9c903de3309da277164ac14a421c58 PKG_MAINTAINER:=Josef Schlehofer   PKG_LICENSE:=MIT From 4da621cb237857e28d7d3e84c54a57a79ce9fbb5 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Wed, 22 Oct 2025 02:49:54 +0200 Subject: [PATCH 208/239] bigclown-gateway: backport pending patch to fix JSON dumps Pull request: https://redirect.github.com/hardwario/bch-gateway/pull/20 Signed-off-by: Josef Schlehofer (cherry picked from commit 5a9763deab78ced957fd8db9ec45d0ddcf217890) --- .../0002-fix-support-for-decimals.patch | 65 +++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 utils/bigclown/bigclown-gateway/0002-fix-support-for-decimals.patch diff --git a/utils/bigclown/bigclown-gateway/0002-fix-support-for-decimals.patch b/utils/bigclown/bigclown-gateway/0002-fix-support-for-decimals.patch new file mode 100644 index 00000000000000..1736cc99575d62 --- /dev/null +++ b/utils/bigclown/bigclown-gateway/0002-fix-support-for-decimals.patch @@ -0,0 +1,65 @@ +From df50e792cbc0c6e03fde2397e9802c81bca1c89b Mon Sep 17 00:00:00 2001 +From: Martin Pecka +Date: Wed, 22 Oct 2025 02:15:04 +0200 +Subject: [PATCH] Fix support for Decimals + +--- + bcg/gateway.py | 21 ++++++++++++++++++--- + 1 file changed, 18 insertions(+), 3 deletions(-) + +--- a/bcg/gateway.py ++++ b/bcg/gateway.py +@@ -11,11 +11,26 @@ import yaml + import serial + import paho.mqtt.client + import appdirs ++from collections.abc import Mapping, Iterable + + if platform.system() == 'Linux': + import fcntl + + ++# https://stackoverflow.com/a/60243503/1076564 ++class DecimalJSONEncoder(json.JSONEncoder): ++ """Add support for encoding Decimal""" ++ def encode(self, obj): ++ if isinstance(obj, Mapping): ++ return '{' + ', '.join(f'{self.encode(k)}: {self.encode(v)}' for (k, v) in obj.items()) + '}' ++ if isinstance(obj, Iterable) and (not isinstance(obj, str)): ++ return '[' + ', '.join(map(self.encode, obj)) + ']' ++ if isinstance(obj, decimal.Decimal): ++ # using normalize() gets rid of trailing 0s, using ':f' prevents scientific notation ++ return f'{obj.normalize():f}' ++ return super().encode(obj) ++ ++ + class Gateway: + + def __init__(self, config): +@@ -218,7 +233,7 @@ class Gateway: + node_id = self._node_rename_name.get(node_name, None) + if node_id: + topic = node_id + topic[i:] +- line = json.dumps([topic, payload], use_decimal=True) + '\n' ++ line = json.dumps([topic, payload], cls=DecimalJSONEncoder) + '\n' + line = line.encode('utf-8') + logging.debug("write %s", line) + self.ser.write(line) +@@ -226,7 +241,7 @@ class Gateway: + def publish(self, topic, payload): + if isinstance(topic, list): + topic = '/'.join(topic) +- self.mqttc.publish(self._config['base_topic_prefix'] + topic, json.dumps(payload, use_decimal=True), qos=1) ++ self.mqttc.publish(self._config['base_topic_prefix'] + topic, json.dumps(payload, cls=DecimalJSONEncoder), qos=1) + + def log_message(self, line): + logging.debug('log_message %s', line) +@@ -324,7 +339,7 @@ class Gateway: + if node_name: + subtopic = node_name + '/' + topic + +- self.mqttc.publish(self._config['base_topic_prefix'] + "node/" + subtopic, json.dumps(payload, use_decimal=True), qos=self._msg_qos, retain=self._msg_retain) ++ self.mqttc.publish(self._config['base_topic_prefix'] + "node/" + subtopic, json.dumps(payload, cls=DecimalJSONEncoder), qos=self._msg_qos, retain=self._msg_retain) + + except Exception: + raise From c8941adc2fd0766da9518b8bbfe3ecbd4f8a4755 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Wed, 22 Oct 2025 00:05:35 +0200 Subject: [PATCH 209/239] python-cython: update to version 3.1.5 Fixes: Traceback (most recent call last): File "", line 198, in _run_module_as_main File "", line 88, in _run_code File "/turris/build/staging_dir/hostpkg/lib/python3.11/site-packages/installer/__main__.py", line 98, in _main(sys.argv[1:], "python -m installer") File "/turris/build/staging_dir/hostpkg/lib/python3.11/site-packages/installer/__main__.py", line 86, in _main with WheelFile.open(args.wheel) as source: File "/turris/build/staging_dir/hostpkg/lib/python3.11/contextlib.py", line 137, in __enter__ return next(self.gen) ^^^^^^^^^^^^^^ File "/turris/build/staging_dir/hostpkg/lib/python3.11/site-packages/installer/sources.py", line 162, in open with zipfile.ZipFile(path) as f: ^^^^^^^^^^^^^^^^^^^^^ File "/turris/build/staging_dir/hostpkg/lib/python3.11/zipfile.py", line 1311, in __init__ self.fp = io.open(file, filemode) ^^^^^^^^^^^^^^^^^^^^^^^ FileNotFoundError: [Errno 2] No such file or directory: '/turris/build/build_dir/hostpkg/pypi/Cython-3.0.10//openwrt-build/Cython-3.0.10-*.whl' Signed-off-by: Josef Schlehofer (cherry picked from commit 7f233be4ce527b3f7436a51c14b164e2f64e72f5) --- lang/python/python-cython/Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lang/python/python-cython/Makefile b/lang/python/python-cython/Makefile index 76b22f0adac17e..76f91a852438c0 100644 --- a/lang/python/python-cython/Makefile +++ b/lang/python/python-cython/Makefile @@ -8,11 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-cython -PKG_VERSION:=3.0.10 +PKG_VERSION:=3.1.5 PKG_RELEASE:=1 PYPI_NAME:=Cython -PKG_HASH:=dcc96739331fb854dcf503f94607576cfe8488066c61ca50dfd55836f132de99 +PYPI_SOURCE_NAME:=cython +PKG_HASH:=7e73c7e6da755a8dffb9e0e5c4398e364e37671778624188444f1ff0d9458112 PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE.txt From 1c13afebe7117fbd6a1097c440c923ad6a31bf49 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Wed, 22 Oct 2025 01:50:30 +0200 Subject: [PATCH 210/239] python-calver: update to version 2025.10.20 Fixes: SetuptoolsDeprecationWarning: License classifiers are deprecated. !! ******************************************************************************** Please consider removing the following classifiers in favor of a SPDX license expression: License :: OSI Approved :: Apache Software License See https://packaging.python.org/en/latest/guides/writing-pyproject-toml/#license for details. ******************************************************************************** !! self._finalize_license_expression() Release notes: https://github.com/di/calver/releases/tag/2025.10.20 Signed-off-by: Josef Schlehofer (cherry picked from commit 7f64f6c0cf8f341ceff3f761905183185a36bd5f) --- lang/python/python-calver/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/python/python-calver/Makefile b/lang/python/python-calver/Makefile index cd46859c538281..4f519b2c139564 100644 --- a/lang/python/python-calver/Makefile +++ b/lang/python/python-calver/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-calver -PKG_VERSION:=2022.6.26 +PKG_VERSION:=2025.10.20 PKG_RELEASE:=1 PYPI_NAME:=calver -PKG_HASH:=e05493a3b17517ef1748fbe610da11f10485faa7c416b9d33fd4a52d74894f8b +PKG_HASH:=c98b376c2424642224d456b2f70c51402343e008c63d204634665e1a2a2835f5 PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE From 5c58c629c8203f772d4285479f692d4b739b1c88 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Fri, 31 Oct 2025 13:01:26 +0100 Subject: [PATCH 211/239] strongswan: add build dependency for python and explicitly use python3 Before: checking for python... /myworkingdir/build/staging_dir/host/bin/python checking for python version... xcode-select: Failed to locate 'python', requesting installation of command line developer tools. checking for python platform... xcode-select: Failed to locate 'python', requesting installation of command line developer tools. checking for GNU default python prefix... ${prefix} checking for GNU default python exec_prefix... ${exec_prefix} checking for python script directory (pythondir)... xcode-select: Failed to locate 'python', requesting installation of command line developer tools. checking for python extension module directory (pyexecdir)... xcode-select: Failed to locate 'python', requesting installation of command line developer tools. After: checking for python version... 3.11 checking for python platform... darwin checking for GNU default python prefix... ${prefix} checking for GNU default python exec_prefix... ${exec_prefix} checking for python script directory (pythondir)... ${PYTHON_PREFIX}/lib/python3.11/site-packages checking for python extension module directory (pyexecdir)... ${PYTHON_EXEC_PREFIX}/lib/python3.11/site-packages Signed-off-by: Josef Schlehofer (cherry picked from commit dcb010bb430567590406ae41d04914b7f3707fb1) --- net/strongswan/Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile index b746c64925c7bf..2a232f13b64934 100644 --- a/net/strongswan/Makefile +++ b/net/strongswan/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=strongswan PKG_VERSION:=5.9.14 -PKG_RELEASE:=7 +PKG_RELEASE:=8 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/ @@ -111,6 +111,7 @@ PKG_CONFIG_DEPENDS:= \ PKG_FIXUP:=autoreconf PKG_INSTALL:=1 PKG_BUILD_PARALLEL:=1 +PKG_BUILD_DEPENDS:=python3/host include $(INCLUDE_DIR)/package.mk # strongswan-mod-mysql needs iconv @@ -477,6 +478,7 @@ CONFIGURE_ARGS+= \ --enable-mgf1 \ --enable-mediation \ --with-systemdsystemunitdir=no \ + PYTHON="python3" \ $(if $(CONFIG_PACKAGE_strongswan-charon-cmd),--enable-cmd,--disable-cmd) \ $(if $(CONFIG_PACKAGE_strongswan-pki),--enable-pki,--disable-pki) \ --with-random-device=/dev/random \ From 45bfa5f87f0b2a721fbaa60ac3b18273face0108 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Wed, 22 Oct 2025 00:24:03 +0200 Subject: [PATCH 212/239] python-wheel: update to 0.45.1 Release notes: https://github.com/pypa/wheel/releases/tag/0.45.1 Signed-off-by: Josef Schlehofer (cherry picked from commit 182156cfadfcc422511e210b66bab99bc1545dea) --- lang/python/python-wheel/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/python/python-wheel/Makefile b/lang/python/python-wheel/Makefile index 28f549b559201c..336d8a2134c6bb 100644 --- a/lang/python/python-wheel/Makefile +++ b/lang/python/python-wheel/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-wheel -PKG_VERSION:=0.42.0 +PKG_VERSION:=0.45.1 PKG_RELEASE:=1 PYPI_NAME:=wheel -PKG_HASH:=c45be39f7882c9d34243236f2d63cbd58039e360f85d0913425fbd7ceea617a8 +PKG_HASH:=661e1abd9198507b1409a20c02106d9670b2576e916d58f520316666abca6729 PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE.txt From 1b990e991a567808c9e0f1cf8f4872d1def451e7 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Tue, 21 Oct 2025 23:46:28 +0200 Subject: [PATCH 213/239] python-setuptools: update to version 80.9.0 Release notes: https://setuptools.pypa.io/en/stable/history.html#v80-9-0 Signed-off-by: Josef Schlehofer (cherry picked from commit 9bf59d5f67f50fa1e823cf1e9d3b34b9deefb618) --- lang/python/python-setuptools/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/python/python-setuptools/Makefile b/lang/python/python-setuptools/Makefile index b2ebfa1c642a96..b4a00633d3b50a 100644 --- a/lang/python/python-setuptools/Makefile +++ b/lang/python/python-setuptools/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-setuptools -PKG_VERSION:=69.0.2 +PKG_VERSION:=80.9.0 PKG_RELEASE:=1 PYPI_NAME:=setuptools -PKG_HASH:=735896e78a4742605974de002ac60562d286fa8051a7e2299445e8e8fbb01aa6 +PKG_HASH:=f36b47402ecde768dbfafc46e8e4207b4360c654f1f3bb84475f0a28628fb19c PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE From f8c3a1fd94a642a9f57d269aecd1e2a2dcc6956a Mon Sep 17 00:00:00 2001 From: Michael Heimpold Date: Sat, 25 Oct 2025 13:45:22 +0200 Subject: [PATCH 214/239] php8: update to 8.3.27 Upstream changelog: https://www.php.net/ChangeLog-8.php#8.3.27 Signed-off-by: Michael Heimpold --- lang/php8/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/php8/Makefile b/lang/php8/Makefile index 66495ba8e683fe..1905bfb8fadaa8 100644 --- a/lang/php8/Makefile +++ b/lang/php8/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=php -PKG_VERSION:=8.3.26 +PKG_VERSION:=8.3.27 PKG_RELEASE:=1 PKG_MAINTAINER:=Michael Heimpold @@ -16,7 +16,7 @@ PKG_CPE_ID:=cpe:/a:php:php PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://www.php.net/distributions/ -PKG_HASH:=2f522eefa02c400c94610d07f25c4fd4c771f95e4a1f55102332ccb40663cbd2 +PKG_HASH:=c15a09a9d199437144ecfef7d712ec4ca5c6820cf34acc24cc8489dd0cee41ba PKG_BUILD_PARALLEL:=1 PKG_BUILD_FLAGS:=no-mips16 From ae100b2150434a6e66324c3fe99cc9c4da4d73aa Mon Sep 17 00:00:00 2001 From: Gagan Deep Date: Tue, 4 Nov 2025 15:42:26 +0000 Subject: [PATCH 215/239] openwisp-monitoring: upgrade to 0.3.0 Upgraded openwisp-monitoring package to 0.3.0 Signed-off-by: Gagan Deep (cherry picked from commit 74e6bcc011199e9c7f26ca0e28a29db9ed13bac5) --- admin/openwisp-monitoring/Config.in | 1 + admin/openwisp-monitoring/Makefile | 8 +++++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/admin/openwisp-monitoring/Config.in b/admin/openwisp-monitoring/Config.in index 5b5bf37f251f3d..00233adcf7ae7a 100644 --- a/admin/openwisp-monitoring/Config.in +++ b/admin/openwisp-monitoring/Config.in @@ -1,4 +1,5 @@ menu "netjson-monitoring Configuration" + depends on PACKAGE_netjson-monitoring config NETJSON_MONITORING_IWINFO bool "Enable rpcd-mod-iwinfo" diff --git a/admin/openwisp-monitoring/Makefile b/admin/openwisp-monitoring/Makefile index 64aea233693ba5..1af4db7a5a5658 100644 --- a/admin/openwisp-monitoring/Makefile +++ b/admin/openwisp-monitoring/Makefile @@ -5,15 +5,17 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openwisp-monitoring -PKG_VERSION:=0.2.0 -PKG_RELEASE:=2 +PKG_VERSION:=0.3.0 +PKG_RELEASE:=1 PKG_MAINTAINER:=Federico Capoano PKG_LICENSE:=GPL-3.0-or-later PKG_LICENSE_FILES:=LICENSE +PKG_CONFIG_DEPENDS:=CONFIG_NETJSON_MONITORING_IWINFO + PKG_SOURCE_URL:=https://github.com/openwisp/openwrt-openwisp-monitoring.git -PKG_MIRROR_HASH:=6baad2b319cdc072a83547593b447e2c93c42fcdda386f5993c22b88ad991cdd +PKG_MIRROR_HASH:=a7778b0de1b560abf5bf5b8e6e45313fe58309a66438f3c9e043adc8f0248c04 PKG_SOURCE_PROTO:=git PKG_SOURCE_VERSION:=$(PKG_VERSION) PKGARCH:=all From 89871b5dbf4cfab056925d407e0e23ae4c571aaa Mon Sep 17 00:00:00 2001 From: Gagan Deep Date: Tue, 4 Nov 2025 12:36:24 +0000 Subject: [PATCH 216/239] openwisp-config: upgrade to 1.2.0 Upgrades openwisp-config package to 1.2.0 Signed-off-by: Gagan Deep (cherry picked from commit 61a81ccc7eeb17f9caff619e6e3e884705dcd9ea) --- admin/openwisp-config/Makefile | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/admin/openwisp-config/Makefile b/admin/openwisp-config/Makefile index aadd5fe616367c..c1aa78aba0445a 100644 --- a/admin/openwisp-config/Makefile +++ b/admin/openwisp-config/Makefile @@ -5,14 +5,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openwisp-config -PKG_VERSION:=1.1.0 -PKG_RELEASE:=2 +PKG_VERSION:=1.2.0 +PKG_RELEASE:=1 PKG_MAINTAINER:=Federico Capoano PKG_LICENSE:=GPL-3.0-or-later PKG_SOURCE_URL:=https://github.com/openwisp/openwisp-config.git -PKG_MIRROR_HASH:=c78dc17353c642a6f998531f18e20f0651f946d665506a000308e77c02324a79 +PKG_MIRROR_HASH:=30258c3ef4895fbf6e4fed8caee9d0dfbf05aebebd52604d75febac1a11d78bd PKG_SOURCE_PROTO:=git PKG_SOURCE_VERSION:=$(PKG_VERSION) @@ -47,7 +47,8 @@ define Package/openwisp-config/install $(1)/etc/init.d \ $(1)/etc/config \ $(1)/usr/lib/openwisp-config \ - $(1)/usr/lib/lua/openwisp + $(1)/usr/lib/lua/openwisp \ + $(1)/etc/hotplug.d/iface $(INSTALL_BIN) \ $(PKG_BUILD_DIR)/openwisp-config/files/openwisp.agent \ @@ -60,6 +61,9 @@ define Package/openwisp-config/install $(INSTALL_CONF) $(PKG_BUILD_DIR)/openwisp-config/files/openwisp.config \ $(1)/etc/config/openwisp + $(INSTALL_BIN) $(PKG_BUILD_DIR)/openwisp-config/files/openwisp.hotplug \ + $(1)/etc/hotplug.d/iface/90-openwisp-config + $(INSTALL_BIN) \ $(PKG_BUILD_DIR)/openwisp-config/files/sbin/openwisp-reload-config \ $(1)/usr/sbin/openwisp-reload-config From 56ebb23ceffd7aae6fdda9beb9a4c04db2c50ba7 Mon Sep 17 00:00:00 2001 From: "Anton P." Date: Sat, 1 Nov 2025 23:15:27 +0300 Subject: [PATCH 217/239] sing-box: update to 1.12.12 changelog: https://github.com/SagerNet/sing-box/releases/tag/v1.12.12 Signed-off-by: Anton P. (cherry picked from commit 3b802d28fefe197cfa6569d7d28acc11e05822e9) --- net/sing-box/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/sing-box/Makefile b/net/sing-box/Makefile index 8ca587adefe53b..e11aeb99620594 100644 --- a/net/sing-box/Makefile +++ b/net/sing-box/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=sing-box -PKG_VERSION:=1.12.4 -PKG_RELEASE:=2 +PKG_VERSION:=1.12.12 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/SagerNet/sing-box/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=9a14ffa04fee1a1091ca1995a45f3e3feee460bddff0a72da2febc05a05b2660 +PKG_HASH:=f08add81eab7e4d6091195179bb39fa3f64dbb0326feaa022994566b702d1245 PKG_LICENSE:=GPL-3.0-or-later PKG_LICENSE_FILES:=LICENSE From bb17d880b759f9e30f70ec790f174b49902110c5 Mon Sep 17 00:00:00 2001 From: Peter van Dijk Date: Mon, 18 Aug 2025 12:30:55 +0200 Subject: [PATCH 218/239] pdns-recursor: security update to 5.1.8 includes fix for CVE-2025-30192 (from 5.1.6) includes fixes for CVE-2025-59023 and CVE-2025-59024 (from 5.1.8) Signed-off-by: Peter van Dijk --- net/pdns-recursor/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/pdns-recursor/Makefile b/net/pdns-recursor/Makefile index e1a274e5fc00ab..b41e6f0a063a08 100644 --- a/net/pdns-recursor/Makefile +++ b/net/pdns-recursor/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=pdns-recursor -PKG_VERSION:=5.1.2 +PKG_VERSION:=5.1.8 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://downloads.powerdns.com/releases/ -PKG_HASH:=b3a37ebb20285ab9acbbb0e1370e623bb398ed3087f0e678f23ffa3b0063983d +PKG_HASH:=9d2cc864d815010c39902c7f6a4c838c5d7f3a767c9897a44dc6afa3a815a40e PKG_MAINTAINER:=Peter van Dijk , Remi Gacogne PKG_LICENSE:=GPL-2.0-only From fab57696d8039c1f77f0b20d2228e8ada64ba64e Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Thu, 6 Nov 2025 23:43:17 +0100 Subject: [PATCH 219/239] travelmate: update 2.2.1-4 - fix a possible race condition in the scan function - limit the max. signal strength to 100 - cosmetics Signed-off-by: Dirk Brenken (cherry picked from commit b8486bd711b930f5ff38751eef165030be5d19c7) --- net/travelmate/Makefile | 2 +- net/travelmate/files/travelmate.init | 12 +++++++----- net/travelmate/files/travelmate.sh | 4 ++-- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/net/travelmate/Makefile b/net/travelmate/Makefile index 3aea45ac0a17b6..0474bc874a89e9 100644 --- a/net/travelmate/Makefile +++ b/net/travelmate/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=travelmate PKG_VERSION:=2.2.1 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/travelmate/files/travelmate.init b/net/travelmate/files/travelmate.init index 2348ddd92718fe..f356566aac481d 100755 --- a/net/travelmate/files/travelmate.init +++ b/net/travelmate/files/travelmate.init @@ -76,9 +76,8 @@ status_service() { } scan() { - local scan_dev scan_mode radio_num radio_phy radio="${1}" + local result scan_dev scan_mode radio_num radio_phy radio="${1}" - : > "${trm_scanfile}" scan_dev="$(ubus -S call network.wireless status 2>/dev/null | jsonfilter -ql1 -e "@.${radio}.interfaces[0].ifname")" if [ -z "${scan_dev}" ]; then radio_num="${radio//[a-z]/}" @@ -95,16 +94,19 @@ scan() { if [ -n "${scan_dev}" ]; then scan_mode="$(uci_get travelmate global trm_scanmode "active")" [ "${scan_mode}" != "passive" ] && scan_mode="" - printf "%b\n" "$(iw "${scan_dev}" scan ${scan_mode} 2>/dev/null | + result="$(iw dev "${scan_dev}" scan ${scan_mode} 2>/dev/null | awk '/^BSS /{if(bssid!=""){if(ssid=="")ssid="unknown";printf "%3s %3s %17s %s %s %10s %30s %s\n",signal,channel,bssid,rsn,wpa,cipher,auth,ssid};signal="";channel="";rsn="-";wpa="-";cipher="-";auth="-";bssid=toupper(substr($2,1,17))} - /signal:/{signal=2*($2 + 100)} + /signal:/{signal=(2*($2+100)>100 ? 100 : 2*($2+100))} /SSID:/{$1="";sub(/^ /,"",$0);ssid=$0} /freq:/{channel=int($2);if(channel>=2400&&channel<=2500)channel=int((channel-2407)/5);else if(channel>=4900&&channel<=5900)channel=int((channel-5000)/5);else if(channel>=5925&&channel<=7125)channel=int(((channel-5950)/5)+1)} /WPA:/{wpa="+"} /RSN:/{rsn="+"} /Group cipher:/{cipher=$4} /Authentication suites:/{auth="";for(i=4;i<=NF;i++){auth=auth (i==4?"":",")$i}} - END{if(bssid!=""){if(ssid=="")ssid="unknown";printf "%3s %3s %17s %s %s %10s %30s %s\n",signal,channel,bssid,rsn,wpa,cipher,auth,ssid}}' | sort -rn)" > "${trm_scanfile}" + END{if(bssid!=""){if(ssid=="")ssid="unknown";printf "%3s %3s %17s %s %s %10s %30s %s\n",signal,channel,bssid,rsn,wpa,cipher,auth,ssid}}' | sort -rn)" + printf "%b\n" "${result}" > "${trm_scanfile}" + else + : > "${trm_scanfile}" fi if [ -n "${radio_phy}" ] && [ -n "${radio_num}" ]; then ip link set "trmscan${radio_num}" down >/dev/null 2>&1 diff --git a/net/travelmate/files/travelmate.sh b/net/travelmate/files/travelmate.sh index 8c52c135424940..0b6b614157b04f 100755 --- a/net/travelmate/files/travelmate.sh +++ b/net/travelmate/files/travelmate.sh @@ -989,9 +989,9 @@ f_main() { fi if [ -n "${scan_dev}" ]; then [ "${trm_scanmode}" != "passive" ] && scan_mode="" - scan_list="$(printf "%b" "$("${trm_iwcmd}" "${scan_dev}" scan ${scan_mode} 2>/dev/null | + scan_list="$(printf "%b" "$("${trm_iwcmd}" dev "${scan_dev}" scan ${scan_mode} 2>/dev/null | "${trm_awkcmd}" '/^BSS /{if(bssid!=""){if(ssid=="")ssid="unknown";printf "%s %s %s %s %s\n",signal,rsn,wpa,bssid,ssid};bssid=toupper(substr($2,1,17));ssid="";signal="";rsn="-";wpa="-"} - /signal:/{signal=2*($2 + 100)} + /signal:/{signal=(2*($2+100)>100 ? 100 : 2*($2+100))} /SSID:/{$1="";sub(/^ /,"",$0);ssid="\""$0"\""} /WPA:/{wpa="+"} /RSN:/{rsn="+"} From f1248cf640df6a000aeb76f786cf45c0edc6cfda Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Mon, 22 Sep 2025 17:17:09 +0800 Subject: [PATCH 220/239] btop: Update to 1.4.5 Release note: https://github.com/aristocratos/btop/releases/tag/v1.4.5 Signed-off-by: Tianling Shen (cherry picked from commit 728dc6dd3a5e5a0efab96a2faf4daa2361a5d791) --- admin/btop/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/admin/btop/Makefile b/admin/btop/Makefile index a8f138b70838d6..3f7026e9c84c47 100644 --- a/admin/btop/Makefile +++ b/admin/btop/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=btop -PKG_VERSION:=1.4.4 +PKG_VERSION:=1.4.5 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL=https://codeload.github.com/aristocratos/btop/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=98d464041015c888c7b48de14ece5ebc6e410bc00ca7bb7c5a8010fe781f1dd8 +PKG_HASH:=0ffe03d3e26a3e9bbfd5375adf34934137757994f297d6b699a46edd43c3fc02 PKG_MAINTAINER:=Tianling Shen PKG_LICENSE:=Apache-2.0 From 414afefa14cab79660dbe4ddb213fe4cd06145d1 Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Fri, 7 Nov 2025 17:29:02 +0100 Subject: [PATCH 221/239] travelmate: update 2.2.1-5 - fix a cornercase issue in the scanning function with hidden uplinks Signed-off-by: Dirk Brenken (cherry picked from commit f9c132b3c53f81cbfecae8a245fca5d415495e5a) --- net/travelmate/Makefile | 2 +- net/travelmate/files/travelmate.init | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/net/travelmate/Makefile b/net/travelmate/Makefile index 0474bc874a89e9..9357d97f5bc882 100644 --- a/net/travelmate/Makefile +++ b/net/travelmate/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=travelmate PKG_VERSION:=2.2.1 -PKG_RELEASE:=4 +PKG_RELEASE:=5 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/travelmate/files/travelmate.init b/net/travelmate/files/travelmate.init index f356566aac481d..a5bf899de1b11f 100755 --- a/net/travelmate/files/travelmate.init +++ b/net/travelmate/files/travelmate.init @@ -95,7 +95,7 @@ scan() { scan_mode="$(uci_get travelmate global trm_scanmode "active")" [ "${scan_mode}" != "passive" ] && scan_mode="" result="$(iw dev "${scan_dev}" scan ${scan_mode} 2>/dev/null | - awk '/^BSS /{if(bssid!=""){if(ssid=="")ssid="unknown";printf "%3s %3s %17s %s %s %10s %30s %s\n",signal,channel,bssid,rsn,wpa,cipher,auth,ssid};signal="";channel="";rsn="-";wpa="-";cipher="-";auth="-";bssid=toupper(substr($2,1,17))} + awk '/^BSS /{if(bssid!=""){printf "%3s %3s %17s %s %s %10s %30s %s\n",signal,channel,bssid,rsn,wpa,cipher,auth,ssid};signal="";channel="";rsn="-";wpa="-";cipher="-";auth="-";ssid="";bssid=toupper(substr($2,1,17))} /signal:/{signal=(2*($2+100)>100 ? 100 : 2*($2+100))} /SSID:/{$1="";sub(/^ /,"",$0);ssid=$0} /freq:/{channel=int($2);if(channel>=2400&&channel<=2500)channel=int((channel-2407)/5);else if(channel>=4900&&channel<=5900)channel=int((channel-5000)/5);else if(channel>=5925&&channel<=7125)channel=int(((channel-5950)/5)+1)} @@ -103,7 +103,7 @@ scan() { /RSN:/{rsn="+"} /Group cipher:/{cipher=$4} /Authentication suites:/{auth="";for(i=4;i<=NF;i++){auth=auth (i==4?"":",")$i}} - END{if(bssid!=""){if(ssid=="")ssid="unknown";printf "%3s %3s %17s %s %s %10s %30s %s\n",signal,channel,bssid,rsn,wpa,cipher,auth,ssid}}' | sort -rn)" + END{if(bssid!=""){printf "%3s %3s %17s %s %s %10s %30s %s\n",signal,channel,bssid,rsn,wpa,cipher,auth,ssid}}' | sort -rn)" printf "%b\n" "${result}" > "${trm_scanfile}" else : > "${trm_scanfile}" From a2b8a064c65ac61392928908e7b820a3e5fb9288 Mon Sep 17 00:00:00 2001 From: George Sapkin Date: Thu, 6 Nov 2025 01:13:18 +0200 Subject: [PATCH 222/239] sqlite3: bump to 3.51.0 Changelog: https://sqlite.org/releaselog/3_51_0.html Signed-off-by: George Sapkin (cherry picked from commit 9a62f4f67b611e375e6ef34e37826af9a3a35ff3) --- libs/sqlite3/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libs/sqlite3/Makefile b/libs/sqlite3/Makefile index 1856c810987ecf..5597afb5058a24 100644 --- a/libs/sqlite3/Makefile +++ b/libs/sqlite3/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=sqlite -PKG_VERSION:=3500400 +PKG_VERSION:=3510000 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-autoconf-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://www.sqlite.org/2025/ -PKG_HASH:=a3db587a1b92ee5ddac2f66b3edb41b26f9c867275782d46c3a088977d6a5b18 +PKG_HASH:=42e26dfdd96aa2e6b1b1be5c88b0887f9959093f650d693cb02eb9c36d146ca5 PKG_CPE_ID:=cpe:/a:sqlite:sqlite PKG_LICENSE:=PUBLICDOMAIN From 84f89d13d83ce74dad2ea956f01e008f685893dc Mon Sep 17 00:00:00 2001 From: Ray Wang Date: Wed, 5 Nov 2025 21:10:15 +0800 Subject: [PATCH 223/239] hev-socks5-tunnel: update to 2.14.0 Upstream changelog: https://github.com/heiher/hev-socks5-tunnel/releases/tag/2.14.0 Signed-off-by: Ray Wang (cherry picked from commit 4f84f78b4dd05f5163ba89fc12a671c08cbb20a3) --- net/hev-socks5-tunnel/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/hev-socks5-tunnel/Makefile b/net/hev-socks5-tunnel/Makefile index 46df64b9f5f376..9781c286376808 100644 --- a/net/hev-socks5-tunnel/Makefile +++ b/net/hev-socks5-tunnel/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=hev-socks5-tunnel -PKG_VERSION:=2.13.0 +PKG_VERSION:=2.14.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://github.com/heiher/hev-socks5-tunnel/releases/download/$(PKG_VERSION) -PKG_HASH:=419bc625b72299dcc0aeedfc762acfc42fbdf61dcc11f7146bfb83d87a67b002 +PKG_HASH:=f0c5909b188272a6cee2b3c92e13cf16d927ba29a20bd1d750a2ff3419cda381 PKG_MAINTAINER:=Ray Wang PKG_LICENSE:=MIT From eac8996956f03b68d12092da83f2a57e44064401 Mon Sep 17 00:00:00 2001 From: Ray Wang Date: Wed, 5 Nov 2025 21:08:33 +0800 Subject: [PATCH 224/239] hev-socks5-tproxy: update to 2.10.0 Upstream changelog: https://github.com/heiher/hev-socks5-tproxy/releases/tag/2.10.0 Signed-off-by: Ray Wang (cherry picked from commit a3acb2f4c3e8b41dd878b90f112c167d89386893) --- net/hev-socks5-tproxy/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/hev-socks5-tproxy/Makefile b/net/hev-socks5-tproxy/Makefile index 76971af33ecc9f..c370ac3045cd8f 100644 --- a/net/hev-socks5-tproxy/Makefile +++ b/net/hev-socks5-tproxy/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=hev-socks5-tproxy -PKG_VERSION:=2.9.0 +PKG_VERSION:=2.10.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://github.com/heiher/hev-socks5-tproxy/releases/download/$(PKG_VERSION) -PKG_HASH:=2a1c76bfb986e34ab8ba54be9a6c8faf4fa4854b7ee45b0f8e4d108c4c9d4cb2 +PKG_HASH:=4f495a7393afe4b4d36f86e94faddf992def010ff67c02e8ce09693a3a1bd20d PKG_MAINTAINER:=Ray Wang PKG_LICENSE:=MIT From 6e96733db59db8fdd1de884194ce9139da0d04bc Mon Sep 17 00:00:00 2001 From: Ray Wang Date: Wed, 5 Nov 2025 21:06:26 +0800 Subject: [PATCH 225/239] hev-socks5-server: update to 2.11.0 Upstream changelog: https://github.com/heiher/hev-socks5-server/releases/tag/2.11.0 Signed-off-by: Ray Wang (cherry picked from commit ea11a81f6b6e0a755398fe6c68a377a4def838af) --- net/hev-socks5-server/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/hev-socks5-server/Makefile b/net/hev-socks5-server/Makefile index 94ee35d7d5cc5a..7ffb01e30f4001 100644 --- a/net/hev-socks5-server/Makefile +++ b/net/hev-socks5-server/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=hev-socks5-server -PKG_VERSION:=2.10.0 +PKG_VERSION:=2.11.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://github.com/heiher/hev-socks5-server/releases/download/$(PKG_VERSION) -PKG_HASH:=94d1335b6d02e641d1794281f94f5e9e256b71d96bff5e92cf1d76d466a6a545 +PKG_HASH:=fc340c50b93eed52c1985c6d78add4e5b697a020684b03aa32dcd7d38a40dfa7 PKG_MAINTAINER:=Ray Wang PKG_LICENSE:=MIT From 1f50c3f9a657bbe0032a52078aac7e55bdf4e537 Mon Sep 17 00:00:00 2001 From: George Sapkin Date: Sat, 8 Nov 2025 15:59:34 +0200 Subject: [PATCH 226/239] check-autorelease-deprecation: drop workflow Drop the workflow since the setting has been deprecated over three years ago. Link: https://github.com/openwrt/packages/pull/27799#issuecomment-3506689211 Signed-off-by: George Sapkin (cherry picked from commit f08c7993bd08965f17eded2da8581191cb144bad) --- .../check-autorelease-deprecation.yml | 91 ------------------- 1 file changed, 91 deletions(-) delete mode 100644 .github/workflows/check-autorelease-deprecation.yml diff --git a/.github/workflows/check-autorelease-deprecation.yml b/.github/workflows/check-autorelease-deprecation.yml deleted file mode 100644 index c01c97d7ee11cb..00000000000000 --- a/.github/workflows/check-autorelease-deprecation.yml +++ /dev/null @@ -1,91 +0,0 @@ -name: Check autorelease deprecation - -on: - pull_request_target: - types: [opened, synchronize, converted_to_draft, ready_for_review, edited] - -jobs: - build: - name: Check autorelease deprecation - runs-on: ubuntu-latest - strategy: - fail-fast: false - - permissions: - pull-requests: write - - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.head.sha }} - fetch-depth: 0 - - - name: Determine branch name - run: | - BRANCH="${GITHUB_BASE_REF#refs/heads/}" - echo "Building for $BRANCH" - echo "BRANCH=$BRANCH" >> $GITHUB_ENV - - - name: Determine changed packages - run: | - RET=0 - - # only detect packages with changes - PKG_ROOTS=$(find . -name Makefile | \ - grep -v ".*/src/Makefile" | \ - sed -e 's@./\(.*\)/Makefile@\1/@') - CHANGES=$(git diff --diff-filter=d --name-only origin/$BRANCH...) - - for ROOT in $PKG_ROOTS; do - for CHANGE in $CHANGES; do - if [[ "$CHANGE" == "$ROOT"* ]]; then - if grep -q '$(AUTORELEASE)' "$ROOT/Makefile"; then - CONTAINS_AUTORELEASE+="$ROOT" - fi - break - fi - done - done - - if [ -n "$CONTAINS_AUTORELEASE" ]; then - RET=1 - cat > "$GITHUB_WORKSPACE/pr_comment.md" << EOF - Please do no longer set *PKG_RELEASE* to *AUTORELEASE* as the - feature is deprecated. Please use an integer instead. Below is a - list of affected packages including correct *PKG_RELEASE*: - - EOF - fi - - for ROOT in $CONTAINS_AUTORELEASE; do - echo -n " - ${ROOT}Makefile: PKG_RELEASE:=" >> "$GITHUB_WORKSPACE/pr_comment.md" - last_bump="$(git log --pretty=format:'%h %s' "$ROOT" | - grep --max-count=1 -e ': [uU]pdate to ' -e ': [bB]ump to ' | - cut -f 1 -d ' ')" - - if [ -n "$last_bump" ]; then - echo -n $(($(git rev-list --count "$last_bump..HEAD" "$ROOT") + 2)) >> "$GITHUB_WORKSPACE/pr_comment.md" - else - echo -n $(($(git rev-list --count HEAD "$ROOT") + 2)) >> "$GITHUB_WORKSPACE/pr_comment.md" - fi - echo >> "$GITHUB_WORKSPACE/pr_comment.md" - done - - exit $RET - - - name: Find Comment - uses: peter-evans/find-comment@v2 - if: ${{ failure() }} - id: fc - with: - issue-number: ${{ github.event.pull_request.number }} - comment-author: 'github-actions[bot]' - - - name: Create or update comment - uses: peter-evans/create-or-update-comment@v2 - if: ${{ failure() }} - with: - comment-id: ${{ steps.fc.outputs.comment-id }} - issue-number: ${{ github.event.pull_request.number }} - body-file: 'pr_comment.md' - edit-mode: replace From 48f1c95d9f15353248184316ea9878ec945b2756 Mon Sep 17 00:00:00 2001 From: Russell Senior Date: Sun, 9 Nov 2025 12:09:11 +0200 Subject: [PATCH 227/239] patch: update to v2.8 Delete patches already upstream. Signed-off-by: Russell Senior (cherry picked from commit f17c283cdad0a9d33dfc8caa8994fb36e66fbf52) --- devel/patch/Makefile | 6 +- devel/patch/patches/010-CVE-2018-6951.patch | 24 --- .../patch/patches/020-CVE-2018-1000156.patch | 189 ------------------ devel/patch/patches/030-CVE-2018-6952.patch | 25 --- devel/patch/patches/050-CVE-2019-13636.patch | 101 ---------- .../060-CVE-2018-20969-CVE-2019-13638.patch | 33 --- 6 files changed, 3 insertions(+), 375 deletions(-) delete mode 100644 devel/patch/patches/010-CVE-2018-6951.patch delete mode 100644 devel/patch/patches/020-CVE-2018-1000156.patch delete mode 100644 devel/patch/patches/030-CVE-2018-6952.patch delete mode 100644 devel/patch/patches/050-CVE-2019-13636.patch delete mode 100644 devel/patch/patches/060-CVE-2018-20969-CVE-2019-13638.patch diff --git a/devel/patch/Makefile b/devel/patch/Makefile index c842675034fe65..70e7483fcc63c7 100644 --- a/devel/patch/Makefile +++ b/devel/patch/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=patch -PKG_VERSION:=2.7.6 -PKG_RELEASE:=7 +PKG_VERSION:=2.8 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@GNU/patch -PKG_HASH:=ac610bda97abe0d9f6b7c963255a11dcb196c25e337c61f94e4778d632f1d8fd +PKG_HASH:=f87cee69eec2b4fcbf60a396b030ad6aa3415f192aa5f7ee84cad5e11f7f5ae3 PKG_LICENSE:=GPL-3.0-or-later PKG_LICENSE_FILES:=COPYING diff --git a/devel/patch/patches/010-CVE-2018-6951.patch b/devel/patch/patches/010-CVE-2018-6951.patch deleted file mode 100644 index eb8d51365c7617..00000000000000 --- a/devel/patch/patches/010-CVE-2018-6951.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 9bf998b5fcbcde1dea0e472dc1538abb97e9012e Mon Sep 17 00:00:00 2001 -From: Andreas Gruenbacher -Date: Mon, 12 Feb 2018 16:48:24 +0100 -Subject: [PATCH] Fix segfault with mangled rename patch - -http://savannah.gnu.org/bugs/?53132 -* src/pch.c (intuit_diff_type): Ensure that two filenames are specified -for renames and copies (fix the existing check). ---- - src/pch.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - ---- a/src/pch.c -+++ b/src/pch.c -@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode - if ((pch_rename () || pch_copy ()) - && ! inname - && ! ((i == OLD || i == NEW) && -- p_name[! reverse] && -+ p_name[reverse] && p_name[! reverse] && -+ name_is_valid (p_name[reverse]) && - name_is_valid (p_name[! reverse]))) - { - say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy"); diff --git a/devel/patch/patches/020-CVE-2018-1000156.patch b/devel/patch/patches/020-CVE-2018-1000156.patch deleted file mode 100644 index e3c9f231983ff5..00000000000000 --- a/devel/patch/patches/020-CVE-2018-1000156.patch +++ /dev/null @@ -1,189 +0,0 @@ -From b56779aed483f0036a32a65e62ab7b5e461b07cc Mon Sep 17 00:00:00 2001 -From: Andreas Gruenbacher -Date: Fri, 6 Apr 2018 12:14:49 +0200 -Subject: [PATCH] Fix arbitrary command execution in ed-style patches - (CVE-2018-1000156) - -* src/pch.c (do_ed_script): Write ed script to a temporary file instead -of piping it to ed: this will cause ed to abort on invalid commands -instead of rejecting them and carrying on. -* tests/ed-style: New test case. -* tests/Makefile.am (TESTS): Add test case. (OPENWRT REMOVED) ---- - src/pch.c | 89 +++++++++++++++++++++++++++++++++++------------ - tests/Makefile.am | 1 + (OPENWRT REMOVED) - tests/ed-style | 41 ++++++++++++++++++++++ - 3 files changed, 108 insertions(+), 23 deletions(-) - create mode 100644 tests/ed-style - ---- a/src/pch.c -+++ b/src/pch.c -@@ -33,6 +33,7 @@ - # include - #endif - #include -+#include - - #define INITHUNKMAX 125 /* initial dynamic allocation size */ - -@@ -2389,22 +2390,28 @@ do_ed_script (char const *inname, char c - static char const editor_program[] = EDITOR_PROGRAM; - - file_offset beginning_of_this_line; -- FILE *pipefp = 0; - size_t chars_read; -+ FILE *tmpfp = 0; -+ char const *tmpname; -+ int tmpfd; -+ pid_t pid; -+ -+ if (! dry_run && ! skip_rest_of_patch) -+ { -+ /* Write ed script to a temporary file. This causes ed to abort on -+ invalid commands such as when line numbers or ranges exceed the -+ number of available lines. When ed reads from a pipe, it rejects -+ invalid commands and treats the next line as a new command, which -+ can lead to arbitrary command execution. */ -+ -+ tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0); -+ if (tmpfd == -1) -+ pfatal ("Can't create temporary file %s", quotearg (tmpname)); -+ tmpfp = fdopen (tmpfd, "w+b"); -+ if (! tmpfp) -+ pfatal ("Can't open stream for file %s", quotearg (tmpname)); -+ } - -- if (! dry_run && ! skip_rest_of_patch) { -- int exclusive = *outname_needs_removal ? 0 : O_EXCL; -- assert (! inerrno); -- *outname_needs_removal = true; -- copy_file (inname, outname, 0, exclusive, instat.st_mode, true); -- sprintf (buf, "%s %s%s", editor_program, -- verbosity == VERBOSE ? "" : "- ", -- outname); -- fflush (stdout); -- pipefp = popen(buf, binary_transput ? "wb" : "w"); -- if (!pipefp) -- pfatal ("Can't open pipe to %s", quotearg (buf)); -- } - for (;;) { - char ed_command_letter; - beginning_of_this_line = file_tell (pfp); -@@ -2415,14 +2422,14 @@ do_ed_script (char const *inname, char c - } - ed_command_letter = get_ed_command_letter (buf); - if (ed_command_letter) { -- if (pipefp) -- if (! fwrite (buf, sizeof *buf, chars_read, pipefp)) -+ if (tmpfp) -+ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp)) - write_fatal (); - if (ed_command_letter != 'd' && ed_command_letter != 's') { - p_pass_comments_through = true; - while ((chars_read = get_line ()) != 0) { -- if (pipefp) -- if (! fwrite (buf, sizeof *buf, chars_read, pipefp)) -+ if (tmpfp) -+ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp)) - write_fatal (); - if (chars_read == 2 && strEQ (buf, ".\n")) - break; -@@ -2435,13 +2442,49 @@ do_ed_script (char const *inname, char c - break; - } - } -- if (!pipefp) -+ if (!tmpfp) - return; -- if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, pipefp) == 0 -- || fflush (pipefp) != 0) -+ if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0 -+ || fflush (tmpfp) != 0) - write_fatal (); -- if (pclose (pipefp) != 0) -- fatal ("%s FAILED", editor_program); -+ -+ if (lseek (tmpfd, 0, SEEK_SET) == -1) -+ pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname)); -+ -+ if (! dry_run && ! skip_rest_of_patch) { -+ int exclusive = *outname_needs_removal ? 0 : O_EXCL; -+ *outname_needs_removal = true; -+ if (inerrno != ENOENT) -+ { -+ *outname_needs_removal = true; -+ copy_file (inname, outname, 0, exclusive, instat.st_mode, true); -+ } -+ sprintf (buf, "%s %s%s", editor_program, -+ verbosity == VERBOSE ? "" : "- ", -+ outname); -+ fflush (stdout); -+ -+ pid = fork(); -+ if (pid == -1) -+ pfatal ("Can't fork"); -+ else if (pid == 0) -+ { -+ dup2 (tmpfd, 0); -+ execl ("/bin/sh", "sh", "-c", buf, (char *) 0); -+ _exit (2); -+ } -+ else -+ { -+ int wstatus; -+ if (waitpid (pid, &wstatus, 0) == -1 -+ || ! WIFEXITED (wstatus) -+ || WEXITSTATUS (wstatus) != 0) -+ fatal ("%s FAILED", editor_program); -+ } -+ } -+ -+ fclose (tmpfp); -+ safe_unlink (tmpname); - - if (ofp) - { ---- /dev/null -+++ b/tests/ed-style -@@ -0,0 +1,41 @@ -+# Copyright (C) 2018 Free Software Foundation, Inc. -+# -+# Copying and distribution of this file, with or without modification, -+# in any medium, are permitted without royalty provided the copyright -+# notice and this notice are preserved. -+ -+. $srcdir/test-lib.sh -+ -+require cat -+use_local_patch -+use_tmpdir -+ -+# ============================================================== -+ -+cat > ed1.diff < ed2.diff < /dev/null || echo "Status: $?"' < -Date: Fri, 17 Aug 2018 13:35:40 +0200 -Subject: [PATCH] Fix swapping fake lines in pch_swap - -* src/pch.c (pch_swap): Fix swapping p_bfake and p_efake when there is a -blank line in the middle of a context-diff hunk: that empty line stays -in the middle of the hunk and isn't swapped. - -Fixes: https://savannah.gnu.org/bugs/index.php?53133 ---- - src/pch.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/src/pch.c -+++ b/src/pch.c -@@ -2115,7 +2115,7 @@ pch_swap (void) - } - if (p_efake >= 0) { /* fix non-freeable ptr range */ - if (p_efake <= i) -- n = p_end - i + 1; -+ n = p_end - p_ptrn_lines; - else - n = -i; - p_efake += n; diff --git a/devel/patch/patches/050-CVE-2019-13636.patch b/devel/patch/patches/050-CVE-2019-13636.patch deleted file mode 100644 index d819838bba44f7..00000000000000 --- a/devel/patch/patches/050-CVE-2019-13636.patch +++ /dev/null @@ -1,101 +0,0 @@ -From dce4683cbbe107a95f1f0d45fabc304acfb5d71a Mon Sep 17 00:00:00 2001 -From: Andreas Gruenbacher -Date: Mon, 15 Jul 2019 16:21:48 +0200 -Subject: Don't follow symlinks unless --follow-symlinks is given - -* src/inp.c (plan_a, plan_b), src/util.c (copy_to_fd, copy_file, -append_to_file): Unless the --follow-symlinks option is given, open files with -the O_NOFOLLOW flag to avoid following symlinks. So far, we were only doing -that consistently for input files. -* src/util.c (create_backup): When creating empty backup files, (re)create them -with O_CREAT | O_EXCL to avoid following symlinks in that case as well. ---- - src/inp.c | 12 ++++++++++-- - src/util.c | 14 +++++++++++--- - 2 files changed, 21 insertions(+), 5 deletions(-) - ---- a/src/inp.c -+++ b/src/inp.c -@@ -238,8 +238,13 @@ plan_a (char const *filename) - { - if (S_ISREG (instat.st_mode)) - { -- int ifd = safe_open (filename, O_RDONLY|binary_transput, 0); -+ int flags = O_RDONLY | binary_transput; - size_t buffered = 0, n; -+ int ifd; -+ -+ if (! follow_symlinks) -+ flags |= O_NOFOLLOW; -+ ifd = safe_open (filename, flags, 0); - if (ifd < 0) - pfatal ("can't open file %s", quotearg (filename)); - -@@ -340,6 +345,7 @@ plan_a (char const *filename) - static void - plan_b (char const *filename) - { -+ int flags = O_RDONLY | binary_transput; - int ifd; - FILE *ifp; - int c; -@@ -353,7 +359,9 @@ plan_b (char const *filename) - - if (instat.st_size == 0) - filename = NULL_DEVICE; -- if ((ifd = safe_open (filename, O_RDONLY | binary_transput, 0)) < 0 -+ if (! follow_symlinks) -+ flags |= O_NOFOLLOW; -+ if ((ifd = safe_open (filename, flags, 0)) < 0 - || ! (ifp = fdopen (ifd, binary_transput ? "rb" : "r"))) - pfatal ("Can't open file %s", quotearg (filename)); - if (TMPINNAME_needs_removal) ---- a/src/util.c -+++ b/src/util.c -@@ -388,7 +388,7 @@ create_backup (char const *to, const str - - try_makedirs_errno = ENOENT; - safe_unlink (bakname); -- while ((fd = safe_open (bakname, O_CREAT | O_WRONLY | O_TRUNC, 0666)) < 0) -+ while ((fd = safe_open (bakname, O_CREAT | O_EXCL | O_WRONLY | O_TRUNC, 0666)) < 0) - { - if (errno != try_makedirs_errno) - pfatal ("Can't create file %s", quotearg (bakname)); -@@ -579,10 +579,13 @@ create_file (char const *file, int open_ - static void - copy_to_fd (const char *from, int tofd) - { -+ int from_flags = O_RDONLY | O_BINARY; - int fromfd; - ssize_t i; - -- if ((fromfd = safe_open (from, O_RDONLY | O_BINARY, 0)) < 0) -+ if (! follow_symlinks) -+ from_flags |= O_NOFOLLOW; -+ if ((fromfd = safe_open (from, from_flags, 0)) < 0) - pfatal ("Can't reopen file %s", quotearg (from)); - while ((i = read (fromfd, buf, bufsize)) != 0) - { -@@ -625,6 +628,8 @@ copy_file (char const *from, char const - else - { - assert (S_ISREG (mode)); -+ if (! follow_symlinks) -+ to_flags |= O_NOFOLLOW; - tofd = create_file (to, O_WRONLY | O_BINARY | to_flags, mode, - to_dir_known_to_exist); - copy_to_fd (from, tofd); -@@ -640,9 +645,12 @@ copy_file (char const *from, char const - void - append_to_file (char const *from, char const *to) - { -+ int to_flags = O_WRONLY | O_APPEND | O_BINARY; - int tofd; - -- if ((tofd = safe_open (to, O_WRONLY | O_BINARY | O_APPEND, 0)) < 0) -+ if (! follow_symlinks) -+ to_flags |= O_NOFOLLOW; -+ if ((tofd = safe_open (to, to_flags, 0)) < 0) - pfatal ("Can't reopen file %s", quotearg (to)); - copy_to_fd (from, tofd); - if (close (tofd) != 0) diff --git a/devel/patch/patches/060-CVE-2018-20969-CVE-2019-13638.patch b/devel/patch/patches/060-CVE-2018-20969-CVE-2019-13638.patch deleted file mode 100644 index 590cf186e7c67e..00000000000000 --- a/devel/patch/patches/060-CVE-2018-20969-CVE-2019-13638.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001 -From: Andreas Gruenbacher -Date: Fri, 6 Apr 2018 19:36:15 +0200 -Subject: Invoke ed directly instead of using the shell - -* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell -command to avoid quoting vulnerabilities. ---- - src/pch.c | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - ---- a/src/pch.c -+++ b/src/pch.c -@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char c - *outname_needs_removal = true; - copy_file (inname, outname, 0, exclusive, instat.st_mode, true); - } -- sprintf (buf, "%s %s%s", editor_program, -- verbosity == VERBOSE ? "" : "- ", -- outname); - fflush (stdout); - - pid = fork(); -@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char c - else if (pid == 0) - { - dup2 (tmpfd, 0); -- execl ("/bin/sh", "sh", "-c", buf, (char *) 0); -+ assert (outname[0] != '!' && outname[0] != '-'); -+ execlp (editor_program, editor_program, "-", outname, (char *) NULL); - _exit (2); - } - else From b087edcd724486c2c830d1236a1bc96b1ed6c055 Mon Sep 17 00:00:00 2001 From: Hannu Nyman Date: Sun, 9 Nov 2025 12:15:32 +0200 Subject: [PATCH 228/239] nano: set nano as default EDITOR for nano-plus/full Set nano as the default EDITOR via /etc/profile.d for those apps that respect the variable. Only for nano-plus and nano-full variants. Suggested-by: Anthony Sepa Signed-off-by: Hannu Nyman (cherry picked from commit d4f6c9c322e491dbf881774ac8e33487872dd00c) --- utils/nano/Makefile | 8 ++++++-- utils/nano/files/nano-default-editor.sh | 2 ++ 2 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 utils/nano/files/nano-default-editor.sh diff --git a/utils/nano/Makefile b/utils/nano/Makefile index 77f8a2204815e8..79500e5b15daa7 100644 --- a/utils/nano/Makefile +++ b/utils/nano/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nano PKG_VERSION:=8.6 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@GNU/nano @@ -65,6 +65,7 @@ endef define Package/nano-plus/description nano-plus - Additional features enabled, larger size than default nano. (multibuffer, Unicode/UTF-8, help, justify, nanorc, some key bindings) + Nano set as the default EDITOR in the shell profile. $(call Package/nano/description) endef @@ -73,6 +74,7 @@ define Package/nano-full/description nano-full - all features, including syntax highlighting (also uci), multibuffer, Unicode/UTF-8, nanorc, some key bindings. (libmagic-based file type detection is disabled) + Nano set as the default EDITOR in the shell profile. Example /etc/nanorc is included. nanorc documentation at https://www.nano-editor.org/dist/latest/nanorc.5.html @@ -133,10 +135,12 @@ endef define Package/nano-plus/install $(call Package/nano/install,$1) + $(INSTALL_DIR) $(1)/etc/profile.d + $(INSTALL_DATA) ./files/nano-default-editor.sh $(1)/etc/profile.d endef define Package/nano-full/install - $(call Package/nano/install,$1) + $(call Package/nano-plus/install,$1) $(INSTALL_DIR) $(1)/etc $(1)/usr/share/nano $(INSTALL_DATA) ./files/nanorc $(1)/etc/nanorc $(INSTALL_DATA) ./files/uci.nanorc $(1)/usr/share/nano diff --git a/utils/nano/files/nano-default-editor.sh b/utils/nano/files/nano-default-editor.sh new file mode 100644 index 00000000000000..3a23154e5d9866 --- /dev/null +++ b/utils/nano/files/nano-default-editor.sh @@ -0,0 +1,2 @@ +export EDITOR=/usr/bin/nano + From 17114bb3265a8aab85623d22640adf5827e92ec5 Mon Sep 17 00:00:00 2001 From: John Audia Date: Sun, 9 Nov 2025 12:16:57 +0200 Subject: [PATCH 229/239] tree: bump to 2.2.1 Changelog: https://github.com/Old-Man-Programmer/tree/blob/master/CHANGES Signed-off-by: John Audia (cherry picked from commit b939b3e79392835b1c20865e61add02e8d9f2054) --- utils/tree/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/tree/Makefile b/utils/tree/Makefile index 1d3994ab19cbd6..6d60e6659f1af0 100644 --- a/utils/tree/Makefile +++ b/utils/tree/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tree -PKG_VERSION:=2.1.3 +PKG_VERSION:=2.2.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/Old-Man-Programmer/$(PKG_NAME)/tar.gz/$(PKG_VERSION)? -PKG_HASH:=3ffe2c8bb21194b088ad1e723f0cf340dd434453c5ff9af6a38e0d47e0c2723b +PKG_HASH:=5caddcbca805131ff590b126d3218019882e4ca10bc9eb490bba51c05b9b3b75 PKG_MAINTAINER:=Banglang Huang From 8abcf5b207b40e341ffc5b4899af7cc571a5cf06 Mon Sep 17 00:00:00 2001 From: Wesley Gimenes Date: Tue, 22 Jul 2025 09:17:43 -0300 Subject: [PATCH 230/239] netbird: update to 0.51.2 changelog: https://github.com/netbirdio/netbird/releases/tag/v0.51.2 Signed-off-by: Wesley Gimenes (cherry picked from commit eb3165b80c70176b078a4b9f1c396851f25e54fe) --- net/netbird/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netbird/Makefile b/net/netbird/Makefile index 1976cd59b63e1a..3e7a2e522a3c46 100644 --- a/net/netbird/Makefile +++ b/net/netbird/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=netbird -PKG_VERSION:=0.50.2 +PKG_VERSION:=0.51.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/netbirdio/netbird/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=d3f0838dfa279ed8af9443294770308be8d2a9e070478dbba23ca42e20da403b +PKG_HASH:=98d6dba5c6b63c2742471ef8a09628e46bf0b2545f99a327537a60b27391c73e PKG_MAINTAINER:=Wesley Gimenes PKG_LICENSE:=BSD-3-Clause From 7f9af2c24f39366bf1286e66af609e30532123e6 Mon Sep 17 00:00:00 2001 From: Wesley Gimenes Date: Tue, 5 Aug 2025 10:10:21 -0300 Subject: [PATCH 231/239] netbird: update to 0.52.2 changelog: https://github.com/netbirdio/netbird/releases/tag/v0.52.2 `netbird` now supports profiles [1]. The configuration file has been moved from `/etc/netbird/config.json` to `/var/lib/netbird/`. The migration is handled by `netbird` itself. However, in OpenWrt, the `/var` directory is a symbolic link to `/tmp`, which is a temporary directory. This can result in configuration loss after rebooting or flashing a new image. This issue will be fixed in the next release, 0.53.0. **I reported this behavior upstream [2].** [1]: https://docs.netbird.io/how-to/profiles [2]: https://github.com/netbirdio/netbird/issues/4322 Signed-off-by: Wesley Gimenes (cherry picked from commit f06a83c461810296615433a4ad31743d68c162a1) --- net/netbird/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netbird/Makefile b/net/netbird/Makefile index 3e7a2e522a3c46..53947ca5663a84 100644 --- a/net/netbird/Makefile +++ b/net/netbird/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=netbird -PKG_VERSION:=0.51.2 +PKG_VERSION:=0.52.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/netbirdio/netbird/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=98d6dba5c6b63c2742471ef8a09628e46bf0b2545f99a327537a60b27391c73e +PKG_HASH:=0c798932bed1b1c2dbe1de692efad7f60c875caee2da9fa797de5b4740b8a0e5 PKG_MAINTAINER:=Wesley Gimenes PKG_LICENSE:=BSD-3-Clause From 391931477d6c5afbadb98008844b50d5ff7d5520 Mon Sep 17 00:00:00 2001 From: Wesley Gimenes Date: Wed, 6 Aug 2025 16:51:56 -0300 Subject: [PATCH 232/239] netbird: update to 0.53.0 with config fix changelog: https://github.com/netbirdio/netbird/releases/tag/v0.53.0 Update init file to include `NB_CONFIG="/etc/netbird/config.json"` variable, ensuring configuration compatibility as before (fixes issue introduced by profiles feature in 0.52.2). Existing configurations remain compatible. Note: license for some components (`management`, `relay`, `signal`) changed to **AGPLv3**. These components aren't packaged for OpenWrt, so there's no immediate effect, but record the change for future reference. Signed-off-by: Wesley Gimenes (cherry picked from commit 7c3e0c1e5b804989b8e4d4310fec240cd43c9776) --- net/netbird/Makefile | 4 ++-- net/netbird/files/netbird.init | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/net/netbird/Makefile b/net/netbird/Makefile index 53947ca5663a84..fe21b4d04a4bc1 100644 --- a/net/netbird/Makefile +++ b/net/netbird/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=netbird -PKG_VERSION:=0.52.2 +PKG_VERSION:=0.53.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/netbirdio/netbird/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=0c798932bed1b1c2dbe1de692efad7f60c875caee2da9fa797de5b4740b8a0e5 +PKG_HASH:=47dde2b5b8fcb488bd6aa9aab769efb45ca4c1cc21253d44f7a68b44e7aeda8a PKG_MAINTAINER:=Wesley Gimenes PKG_LICENSE:=BSD-3-Clause diff --git a/net/netbird/files/netbird.init b/net/netbird/files/netbird.init index 87427c4061c204..00e23fe05e1973 100755 --- a/net/netbird/files/netbird.init +++ b/net/netbird/files/netbird.init @@ -16,6 +16,7 @@ start_service() { procd_open_instance procd_set_param command /usr/bin/netbird + procd_set_param env NB_CONFIG="/etc/netbird/config.json" procd_append_param command service run procd_set_param pidfile /var/run/netbird.pid procd_close_instance From ec5eaa46e9713c1af037e4724bd1e953e51487a6 Mon Sep 17 00:00:00 2001 From: Wesley Gimenes Date: Sun, 10 Aug 2025 22:19:57 -0300 Subject: [PATCH 233/239] netbird: update to 0.55.1 changelog: https://github.com/netbirdio/netbird/releases/tag/v0.55.1 Signed-off-by: Wesley Gimenes (cherry picked from commit 0bb7df85b855e35c8388122afc962054117d1c70) --- net/netbird/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netbird/Makefile b/net/netbird/Makefile index fe21b4d04a4bc1..4714f7de3f1955 100644 --- a/net/netbird/Makefile +++ b/net/netbird/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=netbird -PKG_VERSION:=0.53.0 +PKG_VERSION:=0.55.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/netbirdio/netbird/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=47dde2b5b8fcb488bd6aa9aab769efb45ca4c1cc21253d44f7a68b44e7aeda8a +PKG_HASH:=b9465a2b6b7600ec7f22a706b2f2891fdb19a07ffcbfd82cd0e33176d3c69b75 PKG_MAINTAINER:=Wesley Gimenes PKG_LICENSE:=BSD-3-Clause From 6da91701c31658f317c4c155cfeaa999d212b451 Mon Sep 17 00:00:00 2001 From: Wesley Gimenes Date: Mon, 15 Sep 2025 21:48:12 -0300 Subject: [PATCH 234/239] netbird: update to 0.57.1 changelog: https://github.com/netbirdio/netbird/releases/tag/v0.57.1 Signed-off-by: Wesley Gimenes (cherry picked from commit 60ee4858160e945a5505de511c34144b4f3a8b87) --- net/netbird/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netbird/Makefile b/net/netbird/Makefile index 4714f7de3f1955..1e26228f771ee5 100644 --- a/net/netbird/Makefile +++ b/net/netbird/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=netbird -PKG_VERSION:=0.55.1 +PKG_VERSION:=0.57.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/netbirdio/netbird/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=b9465a2b6b7600ec7f22a706b2f2891fdb19a07ffcbfd82cd0e33176d3c69b75 +PKG_HASH:=9ae0ce9b4367be44a4107aba7cd0d9d362e7636f880960c2d5e2c72b437afb1b PKG_MAINTAINER:=Wesley Gimenes PKG_LICENSE:=BSD-3-Clause From c124a7b3e6eaa100f34e537499dd80fe4064c87e Mon Sep 17 00:00:00 2001 From: Wesley Gimenes Date: Fri, 26 Sep 2025 13:29:25 -0300 Subject: [PATCH 235/239] netbird: update to 0.58.2 changelog: https://github.com/netbirdio/netbird/releases/tag/v0.58.2 Signed-off-by: Wesley Gimenes (cherry picked from commit 48b26e44634d821efd63aee1b46f422dbf6d1463) --- net/netbird/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netbird/Makefile b/net/netbird/Makefile index 1e26228f771ee5..8d4b5b7a9f4976 100644 --- a/net/netbird/Makefile +++ b/net/netbird/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=netbird -PKG_VERSION:=0.57.1 +PKG_VERSION:=0.58.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/netbirdio/netbird/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=9ae0ce9b4367be44a4107aba7cd0d9d362e7636f880960c2d5e2c72b437afb1b +PKG_HASH:=bd423e49d1bf27fc4ad0de68deacbfb48c7d964982744e102d1cd3766d09e024 PKG_MAINTAINER:=Wesley Gimenes PKG_LICENSE:=BSD-3-Clause From 07ffd2963d9a9727b393ee98f084601754d27f3e Mon Sep 17 00:00:00 2001 From: Wesley Gimenes Date: Wed, 5 Nov 2025 16:36:58 -0300 Subject: [PATCH 236/239] netbird: update to 0.59.12 changelog: https://github.com/netbirdio/netbird/releases/tag/v0.59.12 Signed-off-by: Wesley Gimenes (cherry picked from commit 5dccbddf10a3cbf51318f82d2fded5d48db88050) --- net/netbird/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netbird/Makefile b/net/netbird/Makefile index 8d4b5b7a9f4976..ce4af51ad946ff 100644 --- a/net/netbird/Makefile +++ b/net/netbird/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=netbird -PKG_VERSION:=0.58.2 +PKG_VERSION:=0.59.12 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/netbirdio/netbird/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=bd423e49d1bf27fc4ad0de68deacbfb48c7d964982744e102d1cd3766d09e024 +PKG_HASH:=2f0bdd45996f46f2e2c1dbf5a6712bba38a06cbfb7e4c00f814b0ffe149d7c6d PKG_MAINTAINER:=Wesley Gimenes PKG_LICENSE:=BSD-3-Clause From 89c5d7ac7765df6123b6e311e600a96472eb8abc Mon Sep 17 00:00:00 2001 From: Hannu Nyman Date: Thu, 13 Nov 2025 18:01:20 +0200 Subject: [PATCH 237/239] nano: update to version 8.7 Update to version 8.7 Signed-off-by: Hannu Nyman (cherry picked from commit d543522dbe7a470c80e431395011605d68f05ac0) --- utils/nano/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/utils/nano/Makefile b/utils/nano/Makefile index 79500e5b15daa7..47cbd5054be0c6 100644 --- a/utils/nano/Makefile +++ b/utils/nano/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nano -PKG_VERSION:=8.6 -PKG_RELEASE:=2 +PKG_VERSION:=8.7 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@GNU/nano -PKG_HASH:=f7abfbf0eed5f573ab51bd77a458f32d82f9859c55e9689f819d96fe1437a619 +PKG_HASH:=afd287aa672c48b8e1a93fdb6c6588453d527510d966822b687f2835f0d986e9 PKG_LICENSE:=GPL-3.0-or-later PKG_LICENSE_FILES:=COPYING From e61d672e7684fa1e0450a2f7516c69e30fd9b737 Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Fri, 14 Nov 2025 22:00:14 +0100 Subject: [PATCH 238/239] travelmate: update 2.2.1-6 - rework the iw device detection in the scan function - remove any limits from the radio selection - control the reverse radio processing order with a separate option 'trm_revradio' - tweak a few (debug) log statements - LuCI updates (separate commit) - readme update Signed-off-by: Dirk Brenken (cherry picked from commit 1a1c0d07a9e70d781eb75ca7f99f4f64430ad26c) --- net/travelmate/Makefile | 2 +- net/travelmate/files/README.md | 3 +- net/travelmate/files/travelmate.init | 53 +++++++++++------------- net/travelmate/files/travelmate.sh | 60 +++++++++++++--------------- 4 files changed, 54 insertions(+), 64 deletions(-) diff --git a/net/travelmate/Makefile b/net/travelmate/Makefile index 9357d97f5bc882..5fe39b42ef29a8 100644 --- a/net/travelmate/Makefile +++ b/net/travelmate/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=travelmate PKG_VERSION:=2.2.1 -PKG_RELEASE:=5 +PKG_RELEASE:=6 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/travelmate/files/README.md b/net/travelmate/files/README.md index 8c024cc3894c16..b6f36ed830d185 100644 --- a/net/travelmate/files/README.md +++ b/net/travelmate/files/README.md @@ -92,7 +92,8 @@ automatically (re)connnects to configured APs/hotspots as they become available. | trm_debug | 0, disabled | set to 1 to get the full debug output (logread -e "trm-") | | trm_iface | -, not set | uplink- and procd trigger network interface, configured by the 'Interface Wizard' | | trm_laniface | -, lan | logical LAN network interface, default is 'lan' | -| trm_radio | -, not set | restrict travelmate to a single radio or change the overall scanning order ('radio1 radio0') | +| trm_radio | -, not set | restrict travelmate to certain radio(s) | +| trm_revradio | 0, disabled | change the radio processing order, e.g. 'radio1 radio0' | | trm_scanmode | -, active | send active probe requests or passively listen for beacon frames with 'passive' | | trm_captive | 1, enabled | check the internet availability and handle captive portal redirections | | trm_netcheck | 0, disabled | treat missing internet availability as an error | diff --git a/net/travelmate/files/travelmate.init b/net/travelmate/files/travelmate.init index a5bf899de1b11f..d245dcb48a1f4e 100755 --- a/net/travelmate/files/travelmate.init +++ b/net/travelmate/files/travelmate.init @@ -76,39 +76,32 @@ status_service() { } scan() { - local result scan_dev scan_mode radio_num radio_phy radio="${1}" + local result scan_dev scan_mode radio_num radio_phy radio="${1:-"radio0"}" - scan_dev="$(ubus -S call network.wireless status 2>/dev/null | jsonfilter -ql1 -e "@.${radio}.interfaces[0].ifname")" + radio_num="${radio//[a-z]/}" + radio_phy="phy${radio_num}" + scan_mode="$(uci_get travelmate global trm_scanmode "active")" + [ "${scan_mode}" != "passive" ] && scan_mode="" + + scan_dev="$(iw dev | awk -v phy="${radio_phy}" '/Interface/{iface=$2} /type/{if(($2=="AP"||$2=="managed")&&iface ~ "^"phy"-"){printf"%s",iface;exit}}')" if [ -z "${scan_dev}" ]; then - radio_num="${radio//[a-z]/}" - radio_phy="phy#${radio_num}" - scan_dev="$(iw dev 2>/dev/null | awk -v iw_phy="${radio_phy}" '{if($0==iw_phy){inside=1;next}if(inside&&/^phy#/){exit}if(inside&&$1=="Interface"){print $2;exit}}')" - if [ -z "${scan_dev}" ]; then - if iw phy "phy${radio_num}" interface add "trmscan${radio_num}" type managed >/dev/null 2>&1; then - if ip link set "trmscan${radio_num}" up >/dev/null 2>&1; then - scan_dev="trmscan${radio_num}" - fi - fi - fi - fi - if [ -n "${scan_dev}" ]; then - scan_mode="$(uci_get travelmate global trm_scanmode "active")" - [ "${scan_mode}" != "passive" ] && scan_mode="" - result="$(iw dev "${scan_dev}" scan ${scan_mode} 2>/dev/null | - awk '/^BSS /{if(bssid!=""){printf "%3s %3s %17s %s %s %10s %30s %s\n",signal,channel,bssid,rsn,wpa,cipher,auth,ssid};signal="";channel="";rsn="-";wpa="-";cipher="-";auth="-";ssid="";bssid=toupper(substr($2,1,17))} - /signal:/{signal=(2*($2+100)>100 ? 100 : 2*($2+100))} - /SSID:/{$1="";sub(/^ /,"",$0);ssid=$0} - /freq:/{channel=int($2);if(channel>=2400&&channel<=2500)channel=int((channel-2407)/5);else if(channel>=4900&&channel<=5900)channel=int((channel-5000)/5);else if(channel>=5925&&channel<=7125)channel=int(((channel-5950)/5)+1)} - /WPA:/{wpa="+"} - /RSN:/{rsn="+"} - /Group cipher:/{cipher=$4} - /Authentication suites:/{auth="";for(i=4;i<=NF;i++){auth=auth (i==4?"":",")$i}} - END{if(bssid!=""){printf "%3s %3s %17s %s %s %10s %30s %s\n",signal,channel,bssid,rsn,wpa,cipher,auth,ssid}}' | sort -rn)" - printf "%b\n" "${result}" > "${trm_scanfile}" - else - : > "${trm_scanfile}" + iw phy "${radio_phy}" interface add "trmscan${radio_num}" type managed >/dev/null 2>&1 + ip link set "trmscan${radio_num}" up >/dev/null 2>&1 + scan_dev="trmscan${radio_num}" fi - if [ -n "${radio_phy}" ] && [ -n "${radio_num}" ]; then + result="$(iw dev "${scan_dev}" scan ${scan_mode} 2>/dev/null | + awk '/^BSS /{if(bssid!=""){printf "%3s %3s %17s %s %s %10s %30s %s\n",signal,channel,bssid,rsn,wpa,cipher,auth,ssid};signal="";channel="";rsn="-";wpa="-";cipher="-";auth="-";ssid="";bssid=toupper(substr($2,1,17))} + /signal:/{signal=(2*($2+100)>100 ? 100 : 2*($2+100))} + /SSID:/{$1="";sub(/^ /,"",$0);ssid=$0} + /freq:/{channel=int($2);if(channel>=2400&&channel<=2500)channel=int((channel-2407)/5);else if(channel>=4900&&channel<=5900)channel=int((channel-5000)/5);else if(channel>=5925&&channel<=7125)channel=int(((channel-5950)/5)+1)} + /WPA:/{wpa="+"} + /RSN:/{rsn="+"} + /Group cipher:/{cipher=$4} + /Authentication suites:/{auth="";for(i=4;i<=NF;i++){auth=auth (i==4?"":",")$i}} + END{if(bssid!=""){printf "%3s %3s %17s %s %s %10s %30s %s\n",signal,channel,bssid,rsn,wpa,cipher,auth,ssid}}' | sort -rn)" + [ -n "${result}" ] && printf "%b\n" "${result}" > "${trm_scanfile}" || : > "${trm_scanfile}" + + if [ "${scan_dev}" = "trmscan${radio_num}" ]; then ip link set "trmscan${radio_num}" down >/dev/null 2>&1 iw dev "trmscan${radio_num}" del >/dev/null 2>&1 fi diff --git a/net/travelmate/files/travelmate.sh b/net/travelmate/files/travelmate.sh index 0b6b614157b04f..70504b31d29df3 100755 --- a/net/travelmate/files/travelmate.sh +++ b/net/travelmate/files/travelmate.sh @@ -28,6 +28,7 @@ trm_maxwait="30" trm_maxautoadd="5" trm_timeout="60" trm_radio="" +trm_revradio="0" trm_scanmode="active" trm_connection="" trm_ssidfilter="" @@ -475,7 +476,7 @@ f_setdev() { if { [ -z "${trm_radio}" ] && ! printf "%s" "${trm_radiolist}" | "${trm_grepcmd}" -q "${radio}"; } || { [ -n "${trm_radio}" ] && printf "%s" "${trm_radio}" | "${trm_grepcmd}" -q "${radio}"; }; then - if [ -n "${trm_radio}" ] && [ "${trm_radio}" = "radio1 radio0" ]; then + if [ "${trm_revradio}" = "1" ]; then trm_radiolist="$(f_trim "${radio} ${trm_radiolist}")" else trm_radiolist="$(f_trim "${trm_radiolist} ${radio}")" @@ -485,7 +486,7 @@ f_setdev() { uci_set wireless "${radio}" "disabled" "0" fi fi - f_log "debug" "f_setdev ::: radio: ${radio:-"-"}, radio_conf: ${trm_radio:-"-"}, radio_list: ${trm_radiolist:-"-"}, disabled: ${disabled:-"-"}" + f_log "debug" "f_setdev ::: device: ${radio:-"-"}, radio: ${trm_radio:-"-"}, radio_list: ${trm_radiolist:-"-"}, disabled: ${disabled:-"-"}" } # set 'wifi-iface' sections @@ -732,11 +733,15 @@ f_check() { else ifname="$(printf "%s" "${dev_status}" | "${trm_jsoncmd}" -ql1 -e '@.*.interfaces[@.config.mode="sta"].ifname')" if [ -n "${ifname}" ] && [ "${enabled}" = "1" ]; then - trm_ifquality="$("${trm_iwcmd}" dev "${ifname}" link 2>/dev/null | "${trm_awkcmd}" '/signal: /{printf "%s",2*($2+100)}')" + trm_ifquality="$("${trm_iwcmd}" dev "${ifname}" link 2>/dev/null | "${trm_awkcmd}" '/signal:/ {val=2*($2+100); printf "%s", (val>100 ? 100 : val)}')" if [ -z "${trm_ifquality}" ]; then trm_ifstatus="$("${trm_ubuscmd}" -S call network.interface dump 2>/dev/null | "${trm_jsoncmd}" -ql1 -e "@.interface[@.device=\"${ifname}\"].up")" if { [ -n "${trm_connection}" ] && [ "${trm_ifstatus}" = "false" ]; } || [ "${wait_time}" -eq "${trm_maxwait}" ]; then - f_log "info" "no signal from uplink" + if [ -n "${trm_connection}" ] && [ "${trm_ifstatus}" = "false" ]; then + f_log "info" "no signal from uplink" + else + f_log "info" "uplink connection could not be established after ${trm_maxwait} seconds" + fi f_vpn "disable" trm_connection="" trm_ifstatus="${status}" @@ -824,7 +829,7 @@ f_check() { break fi done - f_log "debug" "f_check ::: mode: ${mode}, name: ${ifname:-"-"}, status: ${trm_ifstatus}, enabled: ${enabled}, connection: ${trm_connection:-"-"}, wait: ${wait_time}, max_wait: ${trm_maxwait}, min_quality: ${trm_minquality}, captive: ${trm_captive}, netcheck: ${trm_netcheck}" + f_log "debug" "f_check ::: mode: ${mode}, name: ${ifname:-"-"}, status: ${trm_ifstatus}, enabled: ${enabled}, connection: ${trm_connection:-"-"}, wait: ${wait_time}, max_wait: ${trm_maxwait}, min_quality/quality: ${trm_minquality}/${trm_ifquality:-"-"}, captive: ${trm_captive}, netcheck: ${trm_netcheck}" } # update runtime information @@ -974,38 +979,29 @@ f_main() { f_log "debug" "f_main-5 ::: sta_radio: ${sta_radio}, sta_essid: \"${sta_essid}\", sta_bssid: ${sta_bssid:-"-"}" fi if [ -z "${scan_list}" ]; then - scan_dev="$("${trm_ubuscmd}" -S call network.wireless status 2>/dev/null | "${trm_jsoncmd}" -ql1 -e "@.${radio}.interfaces[0].ifname")" + radio_num="${radio//[a-z]/}" + radio_phy="phy${radio_num}" + [ "${trm_scanmode}" != "passive" ] && scan_mode="" + + scan_dev="$("${trm_iwcmd}" dev | "${trm_awkcmd}" -v phy="${radio_phy}" '/Interface/{iface=$2} /type/{if(($2=="AP"||$2=="managed")&&iface ~ "^"phy"-"){printf"%s",iface;exit}}')" if [ -z "${scan_dev}" ]; then - radio_num="${radio//[a-z]/}" - radio_phy="phy#${radio_num}" - scan_dev="$("${trm_iwcmd}" dev 2>/dev/null | "${trm_awkcmd}" -v iw_phy="${radio_phy}" '{if($0==iw_phy){inside=1;next}if(inside&&/^phy#/){exit}if(inside&&$1=="Interface"){print $2;exit}}')" - if [ -z "${scan_dev}" ]; then - if "${trm_iwcmd}" phy "phy${radio_num}" interface add "trmscan${radio_num}" type managed >/dev/null 2>&1; then - if "${trm_ipcmd}" link set "trmscan${radio_num}" up >/dev/null 2>&1; then - scan_dev="trmscan${radio_num}" - fi - fi - fi + "${trm_iwcmd}" phy "${radio_phy}" interface add "trmscan${radio_num}" type managed >/dev/null 2>&1 + "${trm_ipcmd}" link set "trmscan${radio_num}" up >/dev/null 2>&1 + scan_dev="trmscan${radio_num}" fi - if [ -n "${scan_dev}" ]; then - [ "${trm_scanmode}" != "passive" ] && scan_mode="" - scan_list="$(printf "%b" "$("${trm_iwcmd}" dev "${scan_dev}" scan ${scan_mode} 2>/dev/null | - "${trm_awkcmd}" '/^BSS /{if(bssid!=""){if(ssid=="")ssid="unknown";printf "%s %s %s %s %s\n",signal,rsn,wpa,bssid,ssid};bssid=toupper(substr($2,1,17));ssid="";signal="";rsn="-";wpa="-"} - /signal:/{signal=(2*($2+100)>100 ? 100 : 2*($2+100))} - /SSID:/{$1="";sub(/^ /,"",$0);ssid="\""$0"\""} - /WPA:/{wpa="+"} - /RSN:/{rsn="+"} - END{if(bssid!=""){if(ssid=="")ssid="unknown";printf "%s %s %s %s %s\n",signal,rsn,wpa,bssid,ssid}}' | "${trm_sortcmd}" -rn)")" - f_log "debug" "f_main-6 ::: radio: ${radio}, scan_device: ${scan_dev}, scan_mode: ${trm_scanmode:-"active"}, scan_cnt: $(printf "%s" "${scan_list}" | "${trm_grepcmd}" -c "^")" - fi - if [ -n "${radio_phy}" ] && [ -n "${radio_num}" ]; then + scan_list="$(printf "%b" "$("${trm_iwcmd}" dev "${scan_dev}" scan ${scan_mode} 2>/dev/null | + "${trm_awkcmd}" '/^BSS /{if(bssid!=""){if(ssid=="")ssid="unknown";printf "%s %s %s %s %s\n",signal,rsn,wpa,bssid,ssid};bssid=toupper(substr($2,1,17));ssid="";signal="";rsn="-";wpa="-"} + /signal:/{signal=(2*($2+100)>100 ? 100 : 2*($2+100))} + /SSID:/{$1="";sub(/^ /,"",$0);ssid="\""$0"\""} + /WPA:/{wpa="+"} + /RSN:/{rsn="+"} + END{if(bssid!=""){if(ssid=="")ssid="unknown";printf "%s %s %s %s %s\n",signal,rsn,wpa,bssid,ssid}}' | "${trm_sortcmd}" -rn)")" + f_log "debug" "f_main-6 ::: radio: ${radio}, scan_device: ${scan_dev}, scan_mode: ${trm_scanmode:-"active"}, scan_cnt: $(printf "%s" "${scan_list}" | "${trm_grepcmd}" -c "^")" + + if [ "${scan_dev}" = "trmscan${radio_num}" ]; then "${trm_ipcmd}" link set "trmscan${radio_num}" down >/dev/null 2>&1 "${trm_iwcmd}" dev "trmscan${radio_num}" del >/dev/null 2>&1 fi - if [ -z "${scan_dev}" ]; then - f_log "info" "no scan device on '${radio}'" - continue 2 - fi if [ -z "${scan_list}" ]; then f_log "info" "no scan results on '${radio}'" continue 2 From ea7cdeb0b6d1bc66a407681f191094993c18c8a7 Mon Sep 17 00:00:00 2001 From: Eric Fahlgren Date: Sun, 16 Nov 2025 20:15:55 -0800 Subject: [PATCH 239/239] owut: update to 2025.11.16 Enhancements: efahl/owut@af42b8afe35c owut: minor improvement on logging API efahl/owut@223d6e64b719 owut: add 'clean slate' option to reset to default packages efahl/owut@3a35acb7a09a owut: typos and wording fixes efahl/owut@eba5101ba780 owut: report counts of failed package builds efahl/owut@365eed1f26c2 owut: use library glob Signed-off-by: Eric Fahlgren (cherry picked from commit 1545e6510f2e43a58a8e347e34ea6862466efa0b) --- utils/owut/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/utils/owut/Makefile b/utils/owut/Makefile index 259a347bd1bc4b..fef3e826e09783 100644 --- a/utils/owut/Makefile +++ b/utils/owut/Makefile @@ -6,13 +6,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=owut -PKG_SOURCE_DATE:=2025-10-24 +PKG_SOURCE_DATE:=2025-11-16 PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git -PKG_SOURCE_VERSION:=07453922aa2ff0d73a9e789d702827a2d08a203f +PKG_SOURCE_VERSION:=af42b8afe35c09b2b6b72d3948ad724f66287f2c PKG_SOURCE_URL:=https://github.com/efahl/owut.git -PKG_MIRROR_HASH:=49412860a6ca86eb5485641cdf4b25d64c462e10d99b2c4fdcf0a2214fd1578a +PKG_MIRROR_HASH:=18aa5e38ccdc7bddfafcd80d716b55f5a93fdbd21615a1576053b1172756a3b3 PKG_MAINTAINER:=Eric Fahlgren PKG_LICENSE:=GPL-2.0-only